lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 17:14:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,486 Commits 1 Branch 0 Tags
Commit Graph

68 Commits

Author SHA1 Message Date
Franco Fichtner
20835a92b1 system: disable clog by default 2021-02-08 09:41:40 +01:00
Franco Fichtner
d8711af025 system: set hw.uart.console appropriately 
PR: https://github.com/opnsense/tools/issues/209
 2021-01-26 10:13:51 +01:00
Ad Schellevis
de291e6266 backup / history: keep backup count default in a single spot, as discussed with @fichtner 2020-10-02 18:46:08 +02:00
Franco Fichtner
0b379917ae system: bump config backup default 
This should be replaced with something more clever so for now
use this to keep an eye on the change until a strategy is clear.

We could remove the default and store unlimited backups although
that might hit a directory file limit sooner or later.
 2020-09-24 23:51:35 +02:00
Ad Schellevis
f80081f110 filter: Gateway Monitoring/Kill states, make sure our factory defaults match input and only trigger a state reset using the existing filter_configure_sync() parameter. 
o remove <kill_states/> from our default config, since it was evaluated as empty (feature enabled), we might as well remove the option to reach the same effect.
o system_advanced_firewall.php isset() vs !empty(), we use !empty() in our support code, make sure the ui page does the same
o remove hook from filter_configure_sync(), so state resets only happen on request.
o monitor/10-dpinger request conditional state reset

ref https://forum.opnsense.org/index.php?topic=18068.msg82231#msg82231
 2020-07-11 20:09:31 +02:00
Ad Schellevis
e2f6272957 IPS-netmap related fixes, closes https://github.com/opnsense/core/issues/4171 
o config: set disablevlanhwfilter by default, previous versions had issues with this, with FreeBSD 12.x it looks stable and is required for proper operation
o interface: move disablevlanhwfilter support to configure_interface_hardware(), in order for netmap to function properly all hardware support should be disabled (previous code location wasn't the right one)
o interface: exit configure_interface_hardware() when the caller is a vlan, there's no need to call legacy_interface_details() in that case (performance fix)
o tunables: set our default for hw.ixl.enable_head_writeback to 0, also hardware support and thus not compatible with netmap.
 2020-06-16 11:05:41 +02:00
Franco Fichtner
8933e787f5 system: set value on the fly, remove nonexistent tunable 2020-04-29 10:03:31 +02:00
Franco Fichtner
4a4d72afd8 system: bootstrap a default value and always apply #3806 
So that users are not seeing issues because they haven't done a
config reset yet.  It also allows us to bump the default again
if needed.
 2019-11-14 09:24:23 +01:00
Ad Schellevis
8917f1c06f sysctl: maxdgram --> 8192. closes https://github.com/opnsense/core/issues/3806 2019-11-14 08:57:05 +01:00
Franco Fichtner
bdfefacbc3 system: partial removal on previous #3770 2019-10-17 09:36:34 +02:00
Franco Fichtner
1a5da5c0a6 system: correct sysctl description; closes #3770 2019-10-17 09:35:26 +02:00
Ad Schellevis
6101ba8940 sysct, remove duplicates. closes https://github.com/opnsense/core/issues/3410 2019-04-15 09:32:33 +02:00
Ad Schellevis
b424a2f9b3 defaults, more hardened defaults, prevent icmp redirects being send. 2019-02-13 09:57:40 +01:00
Frank Wall
571dbd5552 system: expose defaults for security-related sysctls 2018-11-19 06:58:49 +01:00
Franco Fichtner
383d39bd10 system: follow b -> y change in previous commit 2018-09-28 18:34:00 +02:00
Ad Schellevis
4ba0fa679d default config, switch "VLAN Hardware Filtering" to use card's default 2018-08-03 15:29:58 +02:00
Franco Fichtner
00c7507be0 system: remove dead link from tunable description; close #2325 2018-04-03 22:58:45 +02:00
Franco Fichtner
e1b303497e system: PTI/IBRS tunables; closes #2264 2018-03-17 15:00:41 +01:00
Franco Fichtner
d823cc7193 firewall: switch back to old NAT auto-outbound behaviour 
Use the first address only, ignoring all VIPs.

Discussed with: @adschellevis

PR: https://forum.opnsense.org/index.php?topic=7438.0
 2018-03-12 14:36:11 +01:00
Franco Fichtner
912dd0dda1 firewall: use sticky outbound NAT by default 
PR: https://forum.opnsense.org/index.php?topic=7323.0
 2018-02-28 08:12:32 +01:00
Franco Fichtner
49a2bc6584 system: a bit more magic to keep things from breaking; closes #2154 2018-02-05 06:50:17 +00:00
Franco Fichtner
5a9f6c4cfb system: remove the user-shell-access privilege #2154 
Eventually, the two remaining user privileges should be killed
as well in favour of similar approaches.  The ACL should be for
page access, not more, not less.
 2018-02-04 19:27:21 +00:00
Franco Fichtner
4cdfe13bc4 openssh: prevent SFTP login for non-admins... 
unless explicity configured.  We set "admins" in the default
config with also adds "wheel" underneath, but some systems may
not use "admins" so that doesn't work then.

PR: https://forum.opnsense.org/index.php?topic=6994.15
 2018-01-31 21:19:10 +00:00
Franco Fichtner
b99968fb00 ntp: use all time servers, prefer the first 2018-01-26 11:18:12 +01:00
David Harrigan
ce2b6111c1 Add in net.link.bridge.pfil_local_phys. 
closes #1894

-=david=-
 2018-01-07 11:44:54 +01:00
Franco Fichtner
33e3545709 auth: revert a change for #1929 
There will be time to work on this, but it is not now.
 2017-12-27 08:26:17 +01:00
Franco Fichtner
0ae4af9a7f network time: third server offers IPv6 #1374 2017-12-22 08:31:48 +01:00
Franco Fichtner
97daba95d9 network time: we haz a pool! #1374 
While here, time-update-interval does not exist and update the
xml lint pass to pick up the sample file, too.
 2017-12-21 18:28:24 +01:00
Franco Fichtner
a48167c403 wizard: add unbound to wizard, remove dnssec from default #1962 2017-12-18 21:55:48 +00:00
Franco Fichtner
045598089d unbound: disable dnssec-stripped; closes #1962 2017-11-28 20:38:38 +01:00
Franco Fichtner
fa347e5712 config: set stick multi wan as default #1874 2017-10-19 18:45:43 +00:00
Franco Fichtner
0cdac75bcb config: make shared forwarding the default for 18.1-BETA 2017-10-10 09:48:53 +02:00
Franco Fichtner
32c4930aa2 system: fastforwarding no longer exists 
PR: https://github.com/opnsense/src/issues/27
 2017-10-02 08:14:58 +02:00
Franco Fichtner
4594fa6dc6 config: versioning is no longer needed 2017-08-16 09:05:51 +02:00
Franco Fichtner
ecbd90e2ef system: set local + no fallback as default auth mode 
softcoding local + local fallback seems weird.
 2017-07-28 21:34:53 +02:00
Franco Fichtner
9398670ad2 unbound: use resolver w/ dnssec as default for 17.7 2017-06-07 16:04:47 +02:00
Franco Fichtner
983b11f3e3 interfaces: keep dhcp6 config, seems to have been a typo 2017-05-11 12:24:13 +02:00
Franco Fichtner
50b5de04a1 system: console experiment -- modern settings 2017-02-26 13:24:56 +01:00
Ad Schellevis
4ebccaa233 (config) enable aesni in default config, closes https://github.com/opnsense/core/issues/1259 2016-12-19 19:41:36 +01:00
Franco Fichtner
7f91fe62b1 src: back out previous, we're further securing PAM 2016-12-19 11:08:08 +01:00
Franco Fichtner
3c393d98f3 config: repair installer for 17.1-BETA 
The installer user is injected for install media login, but
we authenticate against our database now instead.  This has
larger consequences that require a persistent installer user,
which is not so easy to disable/defang after installation.

Hopefully this is temporary.
 2016-12-14 07:57:46 +01:00
pioorg
2a025de404 Improved password hashes. 
Replaced crypt($password, '$6$') with password_hash and password_verify in order to produce salted hashes from passwords.
 2016-11-28 18:17:15 +01:00
Franco Fichtner
96ffce7cff system: default all admins to shell access; closes #1144 2016-08-19 08:27:01 +02:00
Ad Schellevis
4e662fe436 (config) switch default for offloading features, closes https://github.com/opnsense/core/issues/1092 2016-08-01 08:55:44 +02:00
Franco Fichtner
155fca31cf config: zap long gone remnants 2016-07-27 22:29:22 +02:00
Franco Fichtner
a1ab56bb2c config: make Etc/UTC the new default time zone 2016-07-21 22:06:09 +02:00
Franco Fichtner
40c8dc03e7 dashboard: new defaults for dashboard (2 cols, system info left) 2016-07-01 18:19:07 +02:00
Franco Fichtner
af4ce2d0ae cron: migrate immutable jobs; #911 2016-04-25 20:28:05 +02:00
Franco Fichtner
9ce4fc1d95 cron: bogons already registered/stripped; #911 2016-04-25 18:57:37 +02:00
Franco Fichtner
fd3ac67c69 cron: start removing the immutable cron jobs in the config; #911 2016-04-25 18:54:45 +02:00