The use of custom tags is more advanced, so better to organize this further to the right. I have looked at combining topics, but tags don't really belong to either options or ranges as they can be used from most entities. Since we also support the default included interfaces as tags, in most cases people will only need ranges and options anyway.
Although it is practical to know that a client is calling an endpoint unauthenticated, we would like to know which client it is and which endpoint it tries to access to easier detect abuse.
The previous handling "skimmed" the blocklist using regular expressions, but when these lists include wildcards, you need to filter the exact item to exclude it (e.g. *.org.domain in a blocklist will still block a.org.domain in a passlist).
By moving the evaluation to the place where requests are evaluated, we can pass the likely intended domains by their provided regex.
Although there is a performance penalty, it should be limited since we only compile the regex once.
* dnsmasq: Allow domain overrides to be optionally sorted by sequence number to support strict-order.
* dnsmasq: Make sequence required, default to 1 and bump model version, simplify sorting in template.
* dnsmasq: Use interface directly as tag in dhcp options
* dnsmasq: Always add tag to interface since set is automatic when interface receives DHCP Broadcast.
if no shaper (ipfw) rules are present, or these rules are disabled, ipfw will be disabled as well (firewall_enable="NO" and rc.ipfw onestop).
Traffic shaped via pf will not show up in the stats output of dnctl pipe|queue|sched show. Also, there is currently no logic to associate pipes/queues with pf rules.
Add support for auth-gen-token renawal time.
Add support for auth-gen-token-secrets to allow failover between
servers.
Add support for pushing inactive to clients to have them disconnect
after being idle for a set time.
Add support for explicit-exit-notify and for pushing it. This will allow
UDP connection to notify peers that they are going away.
Add support for ifconfig-pool-persist, which will allow smoother roaming
combined with auth-gen-token since client will keep their ip address.
Add support from compress migrate. This option will conditionally use
stub compression for clients announcing they have compression enabled
while leaving it of for all other clients.
Build a formatter for the empty default and hide the
virtual fields from the default dialog by default.
The cloning doesn't make a lot of sense here so remove
it completely.
Delete only if in config.
After a bit of back and forth and issues reported with
bootstrapping it's better to get rid of the old keyword
which unifies the default selection under the empty value.
This inline-assign shouldn't happen anymore (likely a very early version
using the wlan device name implicitly). Maybe for 25.7, needs a tiny code
audit at one point but since the other cruft changes are in 25.1.3 this
makes sense to push.
First these are sane defaults, second they always belonged to NTPd which
we do not configure in the wizard. The settings are now contained
within network time/ntpd and just need a proper migration when the MVC/API
conversion for that component begins.
