lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 17:14:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,130 Commits 1 Branch 0 Tags
Commit Graph

15130 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan de Wit
82306ba6ce Unbound: remove hosts logic 2023-03-07 09:38:52 +01:00
Stephan de Wit
1266443673 Unbound: missed a bit 2023-03-07 09:26:51 +01:00
Stephan de Wit
5f5be7cd70 Unbound: adhere to restart logic during hosts configure 2023-03-07 09:17:56 +01:00
Franco Fichtner
092265c7b5 system: for clarity 2023-03-06 21:00:22 +01:00
Stephan de Wit
ee34fbb6fa Util: rename to isSubnetStrict for clarity 2023-03-06 16:22:35 +01:00
Franco Fichtner
1fbb96a98c system: move default gateway switching to system_routing_configure() 2023-03-06 15:04:42 +01:00
Stephan de Wit
9fd5d7c05f Unbound: add missing blocklist 
Seems it's defined in https://github.com/opnsense/core/blob/master/src/opnsense/service/templates/OPNsense/Unbound/core/blocklists.conf#L26 but not present in the model.
 2023-03-06 11:05:55 +01:00
Ad Schellevis
24806500c5 VPN: IPsec: Tunnel Settings - according to https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf the "Dynamic gateway" (rightallowany) option should be translated to 0.0.0.0/0,::/0 . closes https://github.com/opnsense/core/issues/6396 2023-03-04 19:23:38 +01:00
Stephan de Wit
df1fbfbb05 MVC / NetworkField: add strict option (disallow host bits in CIDR notation) 2023-03-03 16:07:18 +01:00
Franco Fichtner
dcfa1cb0c0 system: prevent alias reload like we do in rc.syshook monitor reload 
It makes it usable later from that end if we want to.
 2023-03-03 10:33:31 +01:00
Franco Fichtner
7086fda2ea system: prevent pushing a default route to an unconfigured interface; closes #6366 2023-03-03 09:50:23 +01:00
Stephan de Wit
2a81e78c41 system: typo 2023-03-03 09:39:10 +01:00
Franco Fichtner
b53995761a system: introduce system_switch_route() #6366 
Shield the logic from seeping over into firewall code and moves
system_default_route() into system code.

Small overhead here calling up information again but we want to
verify the interface address beforehand and perhaps finally move
the default gateway switching to the right spot that is perhaps
system_routing_configure()?
 2023-03-03 09:12:52 +01:00
Franco Fichtner
29c30165ac system: improve logging flow around system_routing_configure() 2023-03-03 08:31:21 +01:00
Franco Fichtner
55c8c3e2bd dnsmasq: do not validate backend redux (now with changes) 2023-03-02 16:50:59 +01:00
Franco Fichtner
226c133c8f system: use flock while starting lighttpd #6351 2023-03-02 14:22:37 +01:00
Franco Fichtner
33b979fc47 system: stop touching this after boot, no reason to 
rc.subr.d/var does that already
 2023-03-02 14:22:37 +01:00
Ad Schellevis
06cbfb5c60 Firewall/Aliases - prevent networks from being send to DNS resolver in update_tables.py 2023-03-02 13:42:24 +01:00
Franco Fichtner
b95573727d dhcp: typo 2023-03-02 10:25:43 +01:00
Franco Fichtner
682e5401cc ipsec: fix a warning in PHP 8 
Default case handles "lan", "wan", etc. so "none" seems like the
more probable option.
 2023-03-02 10:09:10 +01:00
Franco Fichtner
653745db59 system: $family awareness for routing monitor hook 2023-03-02 10:03:18 +01:00
Franco Fichtner
7eed356540 dnsmasq: typo in previous 2023-03-02 09:54:23 +01:00
Franco Fichtner
7d1543a88d dhcp: radvd restart drives me crazy, try SIGHUP 
While here restucture the kill/start sequence a little and let
the service log prints catch the real work being done so we
know which function is currently executing (waiting for process
kill for example).

I'm sure @maurice-w will rejoyce.
 2023-03-02 09:50:36 +01:00
Franco Fichtner
23bb6c2226 dnsmasq: more validation and fixes 2023-03-02 09:20:33 +01:00
Franco Fichtner
1dd4215682 dnsmasq: tweak the settings additions 
cache size and ttl support zero value, which was ignored by the input.

Derive help text from the manual page: https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html

Avoid validation during config write to not mask issues with the code.
 2023-03-02 09:04:14 +01:00
Franco Fichtner
888b66664c dnsmasq: make a note here why header/exit combo is not needed 2023-03-02 08:38:57 +01:00
Franco Fichtner
412c0c7b71 system: use system_resolver_configure() everywhere 
Do not delete system_resolvconf_generate/system_hosts_generate yet.
We may just end up renaming them in order to get external callers
to adapt to the new layout.
 2023-03-02 08:35:19 +01:00
Ad Schellevis
4c84f442c8 VPN: IPsec: Connections [new] - add to xmlrpc sync, closes https://github.com/opnsense/core/issues/6369 2023-03-01 18:22:22 +01:00
Franco Fichtner
7e7f8af673 unbound: reduce diff, no change after merge 2023-03-01 15:11:26 +01:00
Stephan de Wit
1f5502f959 Unbound: dnsbl_module: ip_address objects are not JSON serializable, convert to strings 2023-03-01 15:03:30 +01:00
Franco Fichtner
88a8a9754c src: style sweep 2023-03-01 14:51:23 +01:00
Ad Schellevis
bee2f8929f
Firewall / Aliases - Allow to create firewall rules for logged in OpenVPN user groups. (https://github.com/opnsense/core/issues/6312) (#6367) 
o extend model with authgroup type (currently only for OpenVPN)
o add controller action to list user groups
o modify alias form to show group list in a similar way as network groups, simplify some of the code to prevent copying.
o add AuthGroup parser to glue the output of list_group_members.php and ovpn_status.py to a set of addresses per group for our new authgroup alias type to use
o hook 'learn-address' event in openvpn to trigger an alias update

Although theoretically we could pass addresses and common_names from learn-address further in our pipeline, for now we choose to use a common approach which should always offer the correct dataset (also after changing aliases and re-applying them). If for some reason this isn't fast enough, there are always options available to improve the situation, but usually at a cost in terms of complexity.
 2023-03-01 14:47:19 +01:00
Ad Schellevis
0aa9e0bea0 System/Auth - add simple script and configd action to list current group membership (auth list groups). requirement for https://github.com/opnsense/core/issues/6312 
redux (use group ids instead of names), correction on a6a4f2252a055003d18089f193c3cdaa27346bfe as group names maybe changed.
 2023-03-01 14:24:09 +01:00
Franco Fichtner
a300d97fc7 src: style sweep 2023-03-01 12:20:03 +01:00
Ad Schellevis
2586ae1ec3 Add SECURITY.md referring to the appropriate doc sections. closes https://github.com/opnsense/core/issues/6365 2023-03-01 11:19:57 +01:00
Ad Schellevis
652b35e87a VPN: IPsec: Connections - allow @ for [eap]id fields, missed a spot in https://github.com/opnsense/core/issues/6277 2023-03-01 11:09:54 +01:00
Anthony
24cfbac5f7
hostname/nameservers can be regenerated from cron (#6290) 2023-03-01 09:10:04 +01:00
Franco Fichtner
ed6cd638ac system: create system_resolver_configure() to simplify callers 
Replace a few easy spots.  Eventually we want to call both
functions for each spot instead of doing both (in switching order)
or only one of them.  They are both cheap operations since they
don't (re)start DNS processes any longer.
 2023-03-01 08:56:16 +01:00
Stephan de Wit
b4e72bbeff Unbound: Blocklists: slight restructure of inherited code. No functional changes 2023-03-01 08:31:13 +01:00
Franco Fichtner
bd635e086f interfaces: restructure no-IP case in IPv4 as well 2023-03-01 08:12:50 +01:00
Franco Fichtner
ee4e53c7ac interfaces: OpenVPN never calls newipv6 so remove and restructure no-IP case 2023-03-01 08:10:58 +01:00
Ad Schellevis
9975cc9dad VPN/OpenVPN - change configd action from 'openvpn status' to 'openvpn connections' for clarity 2023-02-28 21:34:12 +01:00
Franco Fichtner
d847fb7043 system: possibly defunct after being moved from +POST_INSTALL/rc.restart_webgui 2023-02-28 16:16:30 +01:00
Stephan de Wit
194d50891b Unbound: dnsbl_module: allow host bits during parsing of ip network 
ipaddress.ip_network is strict by default, but model validation allows host bits in a CIDR notation, so turn
strict parsing off.
 2023-02-28 14:27:09 +01:00
Ad Schellevis
331b03a21a Interfaces: Diagnostics: Packet Capture - minor bugfix in extracting interface leading to mangled interfaces in the viewer (vlan0.1.2.3 turning into vlan0) 2023-02-28 13:43:51 +01:00
Stephan de Wit
afcbddc153 Unbound: set cache time as a property and missing config check 2023-02-28 13:21:10 +01:00
Franco Fichtner
3b61b10bb5 system: bring stop/start a little closer together #6351 2023-02-28 09:28:52 +01:00
Franco Fichtner
4e1dc4c783 system: adjust timeout #6351 2023-02-28 09:24:39 +01:00
Franco Fichtner
293bf9e88a system: fix historic oversight in pid vs. name/pidfile reading related to #6351 
If we kill a process and want to wait for it we will have to cache
the PID file and check this one until it's gone.
 2023-02-28 09:24:39 +01:00
Stephan de Wit
501f08c87d Unbound: Blocklists: make sure to disable blocklist by writing an empty file when no data provided and properly merge configurations 2023-02-28 08:51:33 +01:00