lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 09:04:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,656 Commits 1 Branch 0 Tags
Commit Graph

13656 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Franco Fichtner
ecaa9cfcaf unboud: another migration fail discarded IP 
Question is when unboudn doesn't start without an IP
why the model does not enforce it.
 2022-02-02 08:46:19 +01:00
Franco Fichtner
b4b350ebca interfaces: improve wording a bit more 2022-02-02 08:11:51 +01:00
Franco Fichtner
3499bbf9a5 src: put back whitespace in otherwise unchanged file 2022-02-02 08:07:19 +01:00
Franco Fichtner
c139e03be7 pkg: allow alpha versioning for development 2022-02-02 07:55:48 +01:00
Franco Fichtner
b6ca1be13a firmware: no need to hint at upgrades anymore 2022-02-01 14:22:58 +01:00
Franco Fichtner
add23ab496 firewall: err what, second part of prevous not staged #5517 2022-02-01 13:09:47 +01:00
Franco Fichtner
973dfb1cfd interfaces: flip VIP bind default and enable CARP; closes #5517 2022-02-01 13:06:35 +01:00
Franco Fichtner
7d52700da2 system: forgot to scrub required => false 2022-02-01 12:42:12 +01:00
Franco Fichtner
41ab7fb9f5 system: several improvements to tunables; closes #5504 
o Merge defaults and requirements.
o Get rid of get_default_sysctl_value().
o Manually set 'type' for e.g. boot enviroment tunables.
o Cache sysctl map once per boot.
o Edit system defaults for easier override.

While sysctls might change when (un)loading kernel modules the
risk of missing something vital is not given.  We could always
flush the cache file in that case later.
 2022-02-01 12:23:00 +01:00
Markus Reiter
2bf4f44c4a
Fix EmergingThreats documentation URL. (#5530) 2022-01-31 14:06:39 +01:00
Ad Schellevis
5278ee5ae3 Firewall: Settings: Advanced - remove ruleset-optimization as this is without function when labels are being used. closes https://github.com/opnsense/core/issues/5529 
We have been using labels for a very long time, but since https://github.com/opnsense/core/issues/3312 back in 2019 we literally tag all rules we create, which renders ruleset-optimization completely useless as "label" is treated as a barrier (5b29254770/sbin/pfctl/pfctl_optimize.c (L112))
 2022-01-31 10:33:15 +01:00
Ad Schellevis
68138c2973 Interfaces: Settings - improve mesage a bit for https://github.com/opnsense/core/issues/5521 2022-01-31 10:31:53 +01:00
Ad Schellevis
f041bb8ceb Interfaces: Settings - add a note about where these settings apply, closes https://github.com/opnsense/core/issues/5521 2022-01-31 09:57:54 +01:00
Franco Fichtner
308b31dfa8 unbound: fix migration issues 
* Domains without names seemed to be possible... just discard those.
* Iterating over empty item produes error.
* AAAA type missing.
 2022-01-31 09:44:50 +01:00
Franco Fichtner
d2b9c6eebd src: style sweep 2022-01-31 08:43:25 +01:00
kulikov-a
f530e4fb4b
Logs: add backward compatibility (#5522) 2022-01-30 14:05:28 +01:00
Ad Schellevis
52d3e7c676 system: routes: configuration - changing interface gateway will be ignored as the delete/add combination adds the new gateway in it's delete action. 
Looks like a very old regression in ab1cadea90 replacing "route change" to the combo we use today.

Eventually we should parse the routing table (https://github.com/opnsense/core/issues/5304) and persist the requested state, but short term it probably makes more sense to fix the "route delete" action, so we can close https://github.com/opnsense/core/issues/5520
 2022-01-28 21:02:23 +01:00
ppascher
130ef3a6e7 Fix typo causing error on IPv6 login 2022-01-28 19:38:17 +01:00
kulikov-a
317b3601d0
Firewall / Aliases - encode rules names (#5507) 
encode firewall rules descriptions to prevent possible XSS
 2022-01-27 19:37:31 +01:00
Ad Schellevis
eac975d7df Firewall: Aliases - exclude external aliass for nesting as these will be empty according to our administration. 2022-01-27 13:53:57 +01:00
Franco Fichtner
d1dbeb3d5e firmware: update upgrade hint 2022-01-27 11:44:15 +01:00
Franco Fichtner
602a5b416d firmware: patch header in consistently 
The information is relatively helpful so we might as well
complete the script use.
 2022-01-26 08:06:06 +01:00
Franco Fichtner
546bfd41ba src: one more whitespace issue in previous 2022-01-26 08:00:00 +01:00
Ad Schellevis
70d113db59 whitespace (^M) 2022-01-25 15:37:09 +01:00
Franco Fichtner
dd5f357f17 firmware: fix import listing for one ZFS pool 2022-01-25 10:28:08 +01:00
Franco Fichtner
84a41ab1e0 pkg: fix plist 2022-01-25 10:26:22 +01:00
Ad Schellevis
b01da7a918
Fr5487 adaptive timeouts (#5502) 
* per-rule adaptive timeouts

allow per-rule adaptive timeouts. 0 is possibe to disable adaptive timeouts

* Firewall / Rules - allow per-rule adaptive timeouts, small cleanups for https://github.com/opnsense/core/pull/5492

* Firewall / Rules - allow per-rule adaptive timeouts, values may be 0 as well, so "positive" should be "non-negative" for https://github.com/opnsense/core/pull/5492

Co-authored-by: kulikov-a <36099472+kulikov-a@users.noreply.github.com>
 2022-01-25 08:49:16 +01:00
Stephan de Wit
161d24650b
unbound: overrides: migrate to mvc model (#5488) 
* unbound: overrides: migrate to mvc model
* unbound: overrides: generate host_entries via model, revert template generation
* unbound: overrides migration: fix missing include
* unbound: overrides: clean up

Co-authored-by: Stephan de Wit <stephan.de.wit@deciso.com>
 2022-01-24 20:19:06 +01:00
Stephan de Wit
4ca55d9dc6
MVC - BaseField: Overload __isset() magic method (#5499) 2022-01-24 15:29:06 +01:00
Franco Fichtner
fd778ae210 firmware: to pull off previous we need to support -l 2022-01-24 10:05:22 +01:00
Franco Fichtner
910c1f2a7b firmware: more changes here in the future 2022-01-24 09:49:09 +01:00
Franco Fichtner
a7007e08b0 firmware: almost there 2022-01-24 08:45:08 +01:00
Franco Fichtner
ff7a0a9d1b interfaces: reduce diff 2022-01-24 08:24:57 +01:00
Franco Fichtner
28e4cf9172 system: try to take into account 522ba38061a91 here 2022-01-24 08:13:37 +01:00
kulikov-a
279de63e63
util/log_error: keep it clear. add a log_msg (#5498) 
add log_msg() and keep log_error() as is.
 2022-01-23 19:50:21 +01:00
kulikov-a
9225fc3b40
util/log_error: use severity levels (#5497) 
* extend log_error to support levels
* mark auth messages as notice
 2022-01-23 11:45:16 +01:00
Ad Schellevis
ad2a5758d9 Firewall: Settings: Normalization - support "no scrub" option so specific traffic can easily be excluded from scubbing. 2022-01-22 19:31:11 +01:00
Franco Fichtner
123808d9c3 dhcp: fix array access when no alias/carp was found 
Simplify code while at it.

PR: https://forum.opnsense.org/index.php?topic=26456.0
 2022-01-21 15:32:52 +01:00
Ad Schellevis
cebee292d2 Services / Captiveportal - prevent session removal crashing out when we there's no IP address registered 2022-01-20 18:22:51 +01:00
Franco Fichtner
6560bd9bbc firmware: use new feature of opnsense-update 
Remembers the last packages set upgraded to to avoid too
much spurious upgrade attempts.
 2022-01-20 11:34:17 +01:00
Franco Fichtner
18b352b61e system: spacing 2022-01-20 10:03:13 +01:00
Ad Schellevis
7869c116a7 Web application security measuers, explain where to disable rebind if needed (https://github.com/opnsense/core/issues/5481) 2022-01-20 09:52:27 +01:00
Franco Fichtner
f5964434e6 interfaces: remove link remnants from GRE 
CC: @adschellevis
 2022-01-20 07:46:19 +01:00
Ad Schellevis
15230c70f6 Interfaces: Other Types: GRE - remove non-existing link parameters inherited back in 2014. 
Although "link1" does include some code, 22.1 should be safe to drop this hardly used feature (people can add static routes if needed).
 2022-01-19 14:14:09 +01:00
Ad Schellevis
17052f04e4 Interfaces: Other Types: GIF - align user interface with base system options. 
* Route caching (link0) was removed in 2014 [1]
* Add "Disable ingressn filtering" while here, although it's not new [2], no need to hide it either.

[1] 0b9f5f8a5f
[2] 3384154590
 2022-01-19 13:31:16 +01:00
Franco Fichtner
9181b5136d firmware: print these here for diagnostics as well 2022-01-19 13:23:13 +01:00
Franco Fichtner
74958f2032 interfaces: get_interface_list() is a strange one for sure 
It's supposed to be handing out physical interfaces only but
callers decided to exclude stuff they didn't want because it
is not physical instead of fixing the function.
 2022-01-19 12:40:19 +01:00
Franco Fichtner
a26b45977b console: strangely enough the code doesn't work as intended 2022-01-19 12:18:17 +01:00
Franco Fichtner
5a27e1988b console: use full list at the end 2022-01-19 11:57:23 +01:00
Franco Fichtner
ffe1b675d1 console: improve input of LAGG 2022-01-19 11:52:43 +01:00