* per-rule adaptive timeouts
allow per-rule adaptive timeouts. 0 is possibe to disable adaptive timeouts
* Firewall / Rules - allow per-rule adaptive timeouts, small cleanups for https://github.com/opnsense/core/pull/5492
* Firewall / Rules - allow per-rule adaptive timeouts, values may be 0 as well, so "positive" should be "non-negative" for https://github.com/opnsense/core/pull/5492
Co-authored-by: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
* unbound: overrides: migrate to mvc model
* unbound: overrides: generate host_entries via model, revert template generation
* unbound: overrides migration: fix missing include
* unbound: overrides: clean up
Co-authored-by: Stephan de Wit <stephan.de.wit@deciso.com>
* Route caching (link0) was removed in 2014 [1]
* Add "Disable ingressn filtering" while here, although it's not new [2], no need to hide it either.
[1] 0b9f5f8a5f
[2] 3384154590
It's supposed to be handing out physical interfaces only but
callers decided to exclude stuff they didn't want because it
is not physical instead of fixing the function.
Seems to work fine, but the new and old code has some oddities like
obsessing over the "up" flag, but we set all interfaces up before
we start the process. Some style updates and separation of use
while here.
Splitting on /\d/ seems overly toxic when the device is called
e.g. em10_vlan12 so address that in the utility code where it is
carried out. get_interface_list() is probably a function that
should be removed in the mid-term.
o Batch the backend call calling from GUI once and
only if needed from configuration.
o Turn the configuration into a generic loop.
o Move advanced options to the back of the configuration.
o Warning level for both log messages.
As OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm
by default some older SSH clients might not be able to connect to
OPNsense anymore. Therefore, it might be needed to manually modify the
PubkeyAcceptedAlgorithms sshd config option.
Prevent generating of invalid configuration values for dynamic
crypto parameters (KexAlgorithms, Ciphers, MACs, HostKeyAlgorithms and
PubkeyAcceptedAlgorithms).
