lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 09:04:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
12,823 Commits 1 Branch 0 Tags
Commit Graph

974 Commits

Author SHA1 Message Date
kulikov-a
f6c0fa88d1
download_blacklists.py: match whole entry (#4915) 
-match the entire string to prevent url entries
-add to skip stat if not match
 2021-04-11 20:15:39 +02:00
Franco Fichtner
35217ba0d1 firmware: if upstream package is missing complain; closes #4906 
This points to a configuration error that should be resolved one
way or another.
 2021-04-09 14:18:26 +02:00
Franco Fichtner
7d7aaa633d firmware: separate error for "forbidden" #4906 2021-04-09 14:06:27 +02:00
Franco Fichtner
2fe4de6819 firmwre: make this clearer 
Ideally, opnsense-update -M should replace this except
that -M is used to gain mirror access from other scripts
as well.  Need to think about it.
 2021-04-07 12:07:32 +02:00
Ad Schellevis
565688cb4a unbound / blacklists: cleanse domain input. change regex in https://github.com/opnsense/core/issues/4898 per suggestion @kulikov-a 2021-04-06 11:22:08 +02:00
Ad Schellevis
31a0c40e3f unbound / blacklists: cleanse domain input. closes https://github.com/opnsense/core/issues/4898 
o while here, add missing import as well
 2021-04-02 19:23:10 +02:00
Franco Fichtner
65ae6246e7 firmware: same here 2021-04-01 11:39:33 +02:00
Petr Kejval
5d908c7736
Fix missing ')' (#4884) 
dns blacklist : Fix missing ')' at the end of log line:
 2021-03-31 08:41:05 +02:00
Ad Schellevis
384018c522 System / Routes / Configuration - for dynamic gateways retour inet|inet6. closes https://github.com/opnsense/core/issues/4880 2021-03-30 17:04:34 +02:00
Erik Inge Bolsø
2ec2b3d8f7
firmware/health.sh: refine missing/invalid signature message (#4840) 2021-03-18 14:19:53 +01:00
Ad Schellevis
2cc77203b5 System/Diagnostics/Activity: "C" missing on a single core cpu, add default for https://github.com/opnsense/core/pull/4835 (take 2) 2021-03-17 18:47:13 +01:00
Ad Schellevis
907b587442 System/Diagnostics/Activity: "C" missing on a single core cpu, add default for https://github.com/opnsense/core/pull/4835 2021-03-17 18:42:16 +01:00
Ad Schellevis
aa6c44e767 minor fix for https://github.com/opnsense/core/pull/4763, mutable default argument (https://docs.python-guide.org/writing/gotchas/#mutable-default-arguments) 2021-03-14 12:46:27 +01:00
Ad Schellevis
21d6a5b386 Netflow aggregator: skip invalid record, another one for https://github.com/opnsense/core/issues/4796 2021-03-14 12:44:44 +01:00
Ad Schellevis
a8a7174c49 Netflow aggregator: skip invalid record, closes https://github.com/opnsense/core/issues/4796 2021-03-14 12:44:44 +01:00
Ad Schellevis
5a66dec5e1 Services / Intrusion detection: add new Abuse.ch feed ThreatFox to detect indicators of compromise 2021-03-14 12:44:43 +01:00
Robin Schneider
fcb6eaa9de Use HTTPS everywhere (mechanical edit using util from https-everywhere) (#4534) 2021-03-14 12:44:43 +01:00
Franco Fichtner
70059dc6b5 firmware: small issue with lost init of pipe #4500 2021-03-14 12:44:43 +01:00
Ad Schellevis
0d94d0aefb System / Routes / Status: remove entries directly connected to an interface, rework last commit for https://github.com/opnsense/core/issues/4721 2021-03-14 12:44:43 +01:00
Ad Schellevis
5126fe1658 System / Routes / Status: remove entries directly connected to an interface for https://github.com/opnsense/core/issues/4721 2021-03-14 12:44:43 +01:00
Ad Schellevis
05f6abb4a0 Firewall / Shaper: the current number of allowed source / destination addresses is limited to a couple of addresses. in order to match larger lists one need to use tables in order for ipfw to process them. 
This commit replaces all rule source / destinations where more than one address is being targetted with a tablename like __rule__{uuid}__[source,destination] a support tool after load flushes the selected addresses into the table (which is automatically created by the ruleset). closes https://github.com/opnsense/core/issues/4756
 2021-03-14 12:44:43 +01:00
Ad Schellevis
aa0d4fdf20 interfaces: newwanip, clear states when address changes. for https://github.com/opnsense/core/pull/4726 2021-03-14 12:44:43 +01:00
Gareth Owen
43b207ed5c Use lists when building RR records 
Update according to code review request
 2021-02-28 12:15:00 -05:00
Gareth Owen
a3d5cbcc7a unbound: Fix PTR records for DHCP endpoints 
* Add PTR records for DHCP endpoints in the correct format
* Delete PTR records when A records are deleted
* Use bulk add/remove requests to unbound-control to improve performance

Fixes #4597
 2021-02-27 17:06:23 -05:00
kulikov-a
8953d038e5
rulecache.py: make manual rule status boolean (#4758) 2021-02-26 14:02:38 +01:00
Ad Schellevis
2696e42d3a Service / Intrusion Detection / Policies: type error in 'enabled' field (bool vs str), closes https://github.com/opnsense/core/issues/4753 2021-02-25 20:02:59 +01:00
Franco Fichtner
70f856bf2f firmware: emit api version string, second major iteration already #4500 2021-02-25 13:59:35 +01:00
Ad Schellevis
43b50ed086 Netflow: prevent crash when attributes missing, closes https://github.com/opnsense/core/issues/4751 2021-02-25 12:08:46 +01:00
Ad Schellevis
277ffb6ac5 Reporting / Traffic: change api output to combined in/out per row and change user interface to handle new format. closes https://github.com/opnsense/core/issues/4724 2021-02-23 16:21:25 +01:00
Franco Fichtner
6368a2bb6d firmware: that wasn't complete but now it is #4718 2021-02-23 09:10:43 +01:00
Gareth Owen
d344d0a773
Unbound: Fix bad dereference when DHCP lease expires (#4742) 
Move deletion of dhcp cache info when the lease expires to after the
last reference to the cache information.

Fixes #4741
 2021-02-23 08:53:41 +01:00
Franco Fichtner
a4ae9b3918 firmware: use launcher trick for these as well; closes #4718 
So we get a message that the system is doing something else instead
of no message at all.
 2021-02-23 08:49:12 +01:00
Ad Schellevis
13c4f8eab6 Reporting / Traffic: aggregate iftop results for https://github.com/opnsense/core/issues/4724 
This is more or less a proof of concept, we probably best change the api endpoint data as well to push in/out in the same record so we can also ship the details underneath for those interested.
 2021-02-21 13:23:13 +01:00
Gareth Owen
1b530ff38f
Unbound: Handle DHCP client expiring and returning (#4727) 
Cleanup local data cache when a DHCP endpoint expires, so that it is
kept in sync with dynamic changes.  This ensures that if an expired DHCP
endpoint returns and is assigned the same IP address the local cache is
correct and doesn't block the entry being dynamically re-added to Unbound.

Also don't cache the blacklist entries, which aren't needed to manage
the DHCP DNS entries. There can easily be 1M+ blacklist entries, so
ignoring these improves startup speed and reduces memory footprint

Fixes #4714
 2021-02-21 11:42:11 +01:00
Ad Schellevis
dd2231ee54 Interfaces / Diagnostics / arp,ndp table: slow manufacturer lookups, likely after upgrading netaddr to 0.8.0. for https://github.com/opnsense/core/issues/4666 2021-02-20 00:43:04 +01:00
Ad Schellevis
88e463c913 Netflow: prevent crash when interface number is missing. for https://github.com/opnsense/plugins/issues/2241 2021-02-19 23:16:50 +01:00
Franco Fichtner
889e24c965 firwarme: abstract LOCKFILE away 
Now we only deal with LOCKFILE in the firmware scripts folder.
 2021-02-19 13:20:48 +01:00
Franco Fichtner
99944f462e firmware: hide LOCKFILE behind small read script 
One old bit of compat glue can kick the bucket as well.
 2021-02-19 11:52:20 +01:00
Franco Fichtner
38b0e8ff6c firmware: get rid of old naming convention; closes #4718 2021-02-19 11:43:03 +01:00
Franco Fichtner
eb6cbc0164 firmware: single spot for update/upgrade code #4718 2021-02-19 11:29:38 +01:00
Franco Fichtner
dc883ebbba firmware: moving ahead with opnsense-update change for 21.1.2 2021-02-19 11:05:06 +01:00
Ad Schellevis
aa167350b2 System / Routes / Status: missing inet in route delete. closes https://github.com/opnsense/core/issues/4721 2021-02-19 09:44:01 +01:00
Franco Fichtner
8c2ea1f344 firmware: for core that works, for crypto it does not 
Since the fetch blocks some time and is not completely reliable
it doesn't really matter if we have it or not.

While here remove a bit of cruft.
 2021-02-18 10:24:04 +01:00
Franco Fichtner
c05c0411cb firmware: small refactor for neatness 2021-02-18 09:02:52 +01:00
Franco Fichtner
2caeb508fc firmware: flush line for new package 2021-02-17 15:14:32 +01:00
Franco Fichtner
1e4aac005a firmware: use cannonical -p and -t update 
opnsense-update can now handle it correctly and we save another
invoke from here.
 2021-02-17 15:03:23 +01:00
Franco Fichtner
e321ab47a6 firmware: no, not going to fix this mess #4500 2021-02-17 14:02:04 +01:00
Franco Fichtner
8a6642c862 firmware: lock pkg when not upgrading it 
It can be snatched from any mirror if given which is very
bad when FreeBSD repo is enabled.  A simple pkg-install
will pull in pkg and break the system.
 2021-02-17 13:52:10 +01:00
Franco Fichtner
a55afaac12 firmware: add crypto package to health check #4500 2021-02-17 13:33:20 +01:00
Franco Fichtner
31ca550304 firmware: correct timestamp to reflect date(1) output 2021-02-17 09:47:01 +01:00