Added Languages
Added linking ntopng.log from /var/db... to standard location
Translations updated
Merge branch '22.7.11' of afrigit2:opnsense-core into 22.7.11
Updated translations and engine
Set ntop to log to file
Replaced captive portal images with DynFi
Fixed DNS lookup
Fixed nprobe/ntopng logs
Clamd logs format fixed
Fixed C-CICAP log format handler
Removed Redis warning from ntopng
Unbound UI updated
Updated unbound UI
Styling fixups
Updated WireGuard GUI
Unbound RPZ: informing user about zone files being downloaded
Fix location of DynFi
Updated Ntopng, added https support
Language fix
Updated translation files
c-icap: fix logo
Remove opnsense logo from squid
Fix pager perms
Fixed VPN->IPSec navigation
Fix acl perms.
Removed obsolete lines from code
Squid updates
Fixed C-ICAP logs
Fixed freshclam log
Fixed clamd log
RPZ charts fixed
Monit UI fixed
CARP status is back
Sign out button is back
Bump year
Bump version to 22.7.11
Small tool script update
22.7.11
Little cleanup
Added FreeRADIUS GUI
More fixups
Fixed logs handling in UI
system: repair regex for FreeBSD 13 #6234
Merge branch '22.7.10' of afrigit2:opnsense-core into 22.7.10
Brought back rewriting the config via the defaults
Fix miss merge
pkg: happy new year!
FieldTypes/IntegerField - fix IntegerField minimum value (#5838)
Firewall: Diagnostics: Sessions - minor cleanip, state id doesn't exist on pftop
shaper - minor coverity fixes:
configd - minor coverity fixes:
Firewall: Rules: Floating - show automated "port 0" rule as port "0". closes https://github.com/opnsense/core/issues/6215
unbound / dnsbl_module.py: safeguard retrieval of blocklist shortcode
Diagnostics: Packet Capture: Fix description
Few minor fixes
Fixed syslog
fix missmerge
Added Wireguard GUI
Removed unused "firmware > plugins" UI
Fix syntax
Removed false clamav warnings
RPZ fixed
Unbound fixed
DFM connection agent fixed
Some fixups
C-ICAP plugin updated
Smart plugin updated
ClamAV plugin updated
Zerotier plugin updated
Redis plugin updated
Resolved conflicts
Fixes
Fix
Merge branch '22.7.8' of afrigit2:opnsense-core into 22.7.8
Unbound / dnsbl_module.py - fix logic issue (missing query_reply property leading to an AttributeError) ref https://forum.opnsense.org/index.php?topic=31555.0
VPN: IPsec: Advanced Settings - default log should be set to "basic", should fix weird behaviour and missing logs after save
System: Access / Effective Privileges - always show endpoints and make sure we can search them as well. (different solution for https://github.com/opnsense/docs/pull/438)
unbound: sync up dnsbl_module (#6199)
fix miss merge
prepare_tgz: bump tar version
Prepared plist file
unbound: prep dnsbl_module for 23.1 (#6198)
VPN: IPsec: Tunnel Settings - allow search all phase2 entries via an api call.
MVC/Firewall/Util - import functionality of find_smallest_cidr() into MVC so IPsec VTI code can use it as well.
Services: Unbound DNS: Overrides - remove "delete selected" button, not applicable for master/detail grid
change working dir before check (#6197)
filter - reuse hostid on filter reload events, which makes pfsync node output easier to read (less frequent changes).
Resolved conflict
opnsense-core 22.7.8
Firewall: Diagnostics: States - re-add labels removed by https://github.com/opnsense/core/commit/63eeaffe21f7
Firewall: Diagnostics: States - Performance improvements and better address parsing in search.
Filter / Diagnostics - performance improvement when fetching rule labels.
System / Auth / Radius - add group (class) sync and user creation for RADIUS, closes https://github.com/opnsense/core/issues/6111
System / Auth - move policy (user, group membership enforcement) to authentication base class to make this re-usable.
VPN: OpenVPN: Servers - remove unused "pool_enable" attribute, originally introduced as unused setting in https://github.com/pfsense/pfsense/commit/d799787e49e0a535acbc881b8e8944b860e25e47
src: replace a number of log_error() calls with log_msg() equivalent
unbound: typo (#6168)
tokenize2: unicode content (#6166)
syslog/lockout handler - better trap ssh messages and improve lockout behaviour.
unbound: always use python first
unbound: change working directory before check. closes https://github.com/opnsense/core/issues/6171
Services: Web Proxy: Administration - fix broken " Google GSuite restricted"
interfaces: use get_interface_list() to identify hardware
MVC - HostnameField and ZoneRootAllowed, make sure we allow @.my.sub.domain as valid input. closes https://github.com/opnsense/core/issues/6155
interfaces: fix ACL for interface pages #6151
typo (#6153)
unbound: rework DNSBL implementation to python module (#6083)
MVC / default template - move javascript and css imports to base controller so derivatives are able to extend the list easily (and still use our standard default.volt)
system: style on copyright header
Firewall: Aliases - add category selection, colors and tooltips to help organise larger firewall setups
health: clean up scripts/systemheath location #5877
src: fix a few minor coverty reports
core - change default sorting to case-insensitive.
README: add coverty badge
Firewall: Log Files: Live View - lookup hostnames may result in http 431 ( Request Header Fields Too Large ). Split requests in cycles of 50, closes https://github.com/opnsense/core/issues/6139
system: change system log default to "Notice" #6115
System: Diagnostics - add Statistics treeview containing vmstat memory characteristics.
System / Auth - enforce config reload to fetch group membership in case authenticate() made changes.
firewall: remove ancient VIP expansion from NAT rules
ipsec: remove ancient side effect host route removal
dashboard: separate interface type icon from name column
plugins: squelch PHP warning
plugins: drop empty run result
firewall: allow external dynamic address in NPT #5284
interfaces: fix variable use in interface_proxyarp_configure()
interfaces: migrate main clearing of interface data to ifctl
system: switch log_msg() implementation to final state
system: make activity page less inconsistent between opening and refreshing
unbound: set -e is too dangerous here
system: closelog() -> syslog() trashes our main openlog()
Firewall/Rules - simplify firewall_rule_lookup.php by reusing filter_core_rules_user(), add reference and rule sequence to filter_core_rules_user().
filter - refactor filter_configure_sync() to wrap user rule registration in a separate function called filter_core_rules_user()
system: remove log message from backup page
system: remove log message from logging settings
system: 'ssh' probably empty, issue with PHP 8
system: remove useless logging line from picture widget
Interfaces - migrate existing ppp settings on save, closes https://github.com/opnsense/core/issues/6121
system: wait for configd try no. 2; closes #6123
Interfaces: Diagnostics: Packet Capture - html encode raw data. closes https://github.com/opnsense/core/issues/6125
interfaces: delete the correct lock #6102
sytem: optional field, squelch error
openvpn: ifctl requires interface to operate
system: show booting banner on dashboard; closes #6108
rc: remove _var_mfs remants #5917
Services: Unbound DNS - remove 127/8 from private-address block when rebind protection is enabled as advised by unbound (https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#term-private-address-IP-address-or-subnet) and make the default items configurable via the advanced page. closes https://github.com/opnsense/core/issues/5871
firmware: in retrospect always fetch the signature file
firmware: use effective ABI in changelog fetch
src: tangential style updates
plugins: $verbose argument in plugins_run() is spurious
License: sort better
Change system domain name suggestions (#5898)
firmware: ignore automatic business plugin and license hint
Firewall: Shaper - Allow the use of "dynamic" interface types, like enc0 and ipsecXXX.
Unbound: Clarify “Verify CN” option field (#5897)
ipsec: missing return in controller
Firewall: Diagnostics: Aliases - Minor sorting bug in aliases list, natural sorting not being applied. closes https://github.com/opnsense/core/issues/6090
rc: _var_script support to be removed in favour of _setup
intrusion detection: missing OPNsense categories; closes #6100
system: getOID() moved to somewhere else "apparently"
openvpn: ifctl does pfctl internally
system: write a boot log using the embedded configuration messages
system: wait 1 second for configd socket to become available; closes #6012
dnsmasq: DNSSEC: Remove expired root trust anchor
system: avoid error on installer user creation
MVC - prevent UserExceptions to end up in the crash reporter. closes https://github.com/opnsense/core/issues/6098
Scripts: improve license parsing for odd names
Firewall: Log Files: Live View - possible race condition when changing limit, make sure the fetch before the change isn't populated into the grid.
openvpn: use ifctl in link up/down scripts
console: store UUID for VLAN device #6086
unbound: move the removal of pluggable files above the configuration check
MVC / form validation handling - when multiple messages are returned, wrap each message in a div. closes https://github.com/opnsense/core/issues/6073
Interfaces/Diagnostics/Packet Capture MVC/API rewrite
Firewall: Aliases - support Maxmind's unclassified EU (region, country unknown) as country selector EU
list.arp additional parameter
unbound: error while opening DoT page
mvc: translate base field error
firmware: remove faulty changelog to force a clean refetch
Interfaces: Other Types: VLAN - show attached interface on device, for https://github.com/opnsense/core/pull/6074
firewall: off-by-one in regex for target port range parse
unbound: unbound/advanced MVC conversion
Interfaces/Other Types/VLAN - constraint user input further for https://github.com/opnsense/core/issues/6038 to avoid future naming collisions. missed a spot in previous commit.
Firewall/Rules - extend legacy configuration with uuid's to align with mvc code.
Interfaces/Other Types/VLAN - user configurable device names
ipsec: ACL fix for sessions users #6067
Firewall/NAT/Port Forward - simplify logic for delete and toggle and make sure to toggle firewall rule as well. closes https://github.com/opnsense/core/issues/5548
system: contain abysmal CRL code in crlmanager page
System/Trust/Revocation - Fix inconsistent is_crl_internal() implementation and make sure we always generate a crl when saved
MVC - ApiControllerBase.php / fix typo in searchRecordsetBase()
interfaces: small cleanup on get_real_interface()
interfaces: port 6RD/6to4 to ifctl use #5900
system: move get_nameservers() to ifctl use
Firewall/Log Files/Live View - various performance and usablility improvements. for https://github.com/opnsense/core/issues/6042
Reporting / Traffic: Upgrade chart.js to v3.9.1 and improve UX (#6000)
support setting type value via api call (#6054)
MVC / dropdown field presentation. remove "clear all", "copy" and "paste" options when only a single entry is allowed.
Core/Firmware - display license validity when applicable
Interfaces / Diagnostics / ARP Table - Optionally use reverse DNS resolution for ARP table hostnames
system: wrap $g handling into a singleton
OpenSSL: follow RFC on basicConstraints too (#6018)
OpenSSL: add keyUsage extension in CA config (#6017)
unbound: stop testing staged changes
unbound: maintain a consistent dnsbl cache state
Firewall: NAT: Port Forward - php8 error when using any-{port} or {port}-any in destinations. fix local-port calculation
system: remove stray installer account since ba2da34854a
system: structurally improve boot sequence #6052
firmware: add license info if found and scrap global $g use
system: remove rc.resolv_conf_generate
system: replace "dns reload" call with portable alternative
system: add replacement hook for rc.resolv_conf_generate
Firewall/Rules - support tos/dscp matching. closes https://github.com/opnsense/core/issues/6045
VPN: IPsec: Tunnel Settings - Phase 1: Allow to set rightca in mobile ipsec P1 with EAP-TLS (https://github.com/opnsense/core/pull/5906)
system: move get_searchdomains() to ifctl use and allow FQDN
firewall: get lockout interface from get_primary_interface_from_list()
Firewall / Aliases - add os-firewall alias paths in getAliasSource() to prevent removal when being used. closes https://github.com/opnsense/plugins/issues/3140
parse pftop internal data conversion
interfaces: migrate wireless creation to legacy_interface_listget()
firewall: extend pool options support (https://github.com/opnsense/core/issues/5934)
Dashboard / widgets / OpenVPN - link event before scripts stripping (#6023)
Services / Proxy - update pattern to zst for the Arch packages (#6014)
System/Trust/Revocation - remove unnecessary crl_update() calls in crl export and openvpn as the contents in the text field should be populated in earlier calls (e.g. cert_revoke(), cert_unrevoke()). closes https://github.com/opnsense/core/issues/6005
System / Trust / Revocation - only use withPadding() for RSA based public keys. regression in https://github.com/opnsense/core/commit/9606957ef84370f6a537b35de4fab9906d7f5620
unbound: reduce blocklist read timeout (#6030)
VPN/IPsec - Fix bug when tunnel isolation is disabled (#6033)
Firewall:Util - php 8 fix (#6040)
Lobby: Dashboard - RSS widget, catch Error to prevent dashboard breakage. for https://github.com/opnsense/core/issues/6043
IXR_Library.php - minor cleanups, partly borrowed from https://github.com/kissifrot/php-ixr. closes https://github.com/opnsense/core/issues/5911
unbound: account for hostname during PTR creation, regression in 547c8b1
certs: misleading message (#6004)
interfaces: add support for requesting DNS info via stateless DHCPv6 (#5937)
system: rework console port assignment regarding wireless handling
System: Trust: Revocation - Consider dates after 2050 as lifetime in GeneralizedTime format (rfc5280#section-4.1.2.5) to prevent generating invalid certificates. Our current default of 9999 days will calculate to a date in 2050, we could either choose to cap on 20491231 here or set to lifetime, the latter seems to be more logical when the number of days is higher than a couple of years.
System: Trust: Revocation - phpseclib3 UnsupportedAlgorithmException() issue.
system: for consistency add -c argument (the default) to pluginctl invokes
interfaces: sprinkle "up" earlier for #5946
Interfaces Overview, merge DHCPv4 / DHCPv6 buttons
interfaces: status page warnings; closes #5974
webgui: cipher suites and TLS1.3 validation issues, partial fix for https://github.com/opnsense/core/pull/5993
GUI: match cipher suites and commands (#5993)
dnsmasq: restart durng newwanip event
interfaces: fix warning in PHP 8
interfaces: configure all hardware devices; closes #5985
phpseclib: also include version 3 in certmanager for CSR parsing
system: give autoloader a chance to try and load it
OpenVPN / CRL - trap validateSignature() exceptions to syslog
interfaces: fix two LAGG warnings
ipsec: fixed widget link (#5994)
interfaces: cleanup, style and dhcp6link addition
interfaces: also indent for get_interface_list()
interfaces: move get_interface_list()
system: another warning
interfaces: ifctl cleanup from master
rrd - fix php notice 'Warning: Undefined array key "description" in /usr/local/etc/inc/rrd.inc on line 132'
interfaces: address PHP warnings in wireless status page
system: use simpler wireless detection logic in interface widget
system: service widget warnings
interfaces: simplify return handling
interface: only parse actual options, not nd6 options #5985
interfaces: improve legacy_interface_listget()
interfaces: more wireless consistency from master
firewall: one more PHP warning
firewall: remove dead pptpd server code
interfces: not visible in menu #5987
captive portal: lighttpd deprecation of legacy SSL
system: natsort() is better for opt9, opt10 reorder issue
CRL: add support for phpseclib3 (#5986)
jquery.bootgird.js - type cast issue, pull in https://github.com/opnsense/jquery-bootgrid/commit/7b8da26bb89f7697e49b1b714f5eb87f4627637f
interfaces: web GUI locale sorts files differently #5862
PHP 8.1 style - setcookies() doesn't like null as an option value.
unbound: restrict creation of PTR records for both the system domain and host overrides (#5925)
Unbound: add AAAA-only mode #5944
dhcpd6: allow rapid-commit message exchange
interfaces: DHCP does not signal RELEASE #5956
system: run monitor reload inside system_routing_configure() #5956
CRL: decode stored crl data before display (#5965)
interfaces: deal with problematic handling #5939
Services: Intrusion Detection: Administration - rules, fix enable button and present active detail overwrite if present (for status and action)
unbound: prevent dns rebinding check and DNSSEC validation on explicit forwarded domains
Web GUI: fix IPv6 link-local HTTP_REFERER check
interfaces: improve banner address return
system: extend nameservers script for debugging purposes
interfaces: fix warning
interfaces: only remove known primary addresses in interface_bring_down() #5953
dhcp: for better config structure
firewall: stick-address only in effect with pool option and multiple routers
firewall: reach into ifctl territory by implementing :slaac fallback
Unbound - dhcp watcher : when the same fqdn is being reinjected on a different address, it would be removed previously. This commit aims to keep a consistent state when fqdn's move from one host to the other.
firmware: pkgs was still unknown
interfaces: PPP is an exception, only created after interface configuration
system: lighttpd 1.4.66 config removal
interfaces: update link-local matching pattern
filter - cleanup some php8 warnings
firewall: fix permission of script
system: "passwordarea" support for backup values
dhcp: improve UI for disabling of DNS advertisments; closes #5923
dhcp: extend search list pull from DHCPv6 and refactor #5919
interfaces: wrong variable in scope addition
Interfaces / Wireless - fix regression in https://github.com/opnsense/core/commit/3ef64ab8ea09d2f0aea801578e985499b8e0d772
LDAP - PHP 8 issue when ldap_get_entries() returns false, for https://github.com/opnsense/core/issues/5949
system: cleanup
dhcp: two warnings
dhcp: cleanups
dhcp: pushed wrong servers to zone definition #5942
rc: use new _setup script feature #5917
interfaces: extend utility of ifctl
rc: 750 for root fixup; closes #5475
firmware: revoke 22.1 fingerprint
system: sync with master
interfaces: cleanup from master
system: introduce get_primary_interface_from_list()
rc: move log message #5933
Firewall: Aliases - add BGP ASN type. https://github.com/opnsense/core/issues/5913
System Status: replace old notices system with a global one (#5875)
authgui.inc -- remove old cruft, nohttpreferercheck is handled in check_security_http_referer_enforcement() which already bails via session_auth()
interfaces: GIF/GRE IPv6 remote defaults to 128
interfaces: bring routes back after reconfiguring IPv6 connectivity
trust: use proper CRL id-ce-cRLReasons extension keyword 'unspecified'
interfaces: get_interface_mac() not returning cached MAC result
system: do not reload unbound/dnsmasq "hosts" by default
interfaces: stop DHCP from calling rc.newwanip when no changes are being done
dhcp: fix undefined key warning
core/radvd - do not advertise DNS domain when DNS advertisments are disabled
dhcp: fix undefined key warnings
unbound: fix two undefined key warnings
unbound: argument unused
firewall: undefined key warning
unbound: do not start DHCP watcher immediately after daemonizing unbound (#5920)
pkg: fix plist
interfaces: rename nameserver.sh to ifctl.sh
Lobby / Dashboard / Monit widget - properly cleanse user input
src: style sweep
interfaces: hide missing mac info
config events, fix side affect of https://github.com/opnsense/core/commit/3b7453ca2bb2bdbc63a101a43b1ac9cc84c33ff2.
System / High Availability - fix for https://forum.opnsense.org/index.php?topic=29521.0, IXR_Library using incorrect constructor format for php 8
interfaces: more issues with PHP 8 and uptime display #5910
firewall: reduce impact of link-local inject to FilterRule on matching interface; closes #5907
php: remove error_reporting(E_ALL) calls
system: last bit of branding
interfaces: cosmetics for lagg listing
unbound: another undefined var
pkg: prepping for final release
Revert "reporting: legacy log no longer exists"
unbound: fix two undefined variable warnings
interfaces: fix two warnings
interfaces: add iwlwiwi to wireless devices
system: move dpinger notification to right spot
Firewall: add general firewall log for alias and filter syslog messages (#5894)
make: remove WANTS/WANT magic
dhcp: rewrite prefix merge for #5847
dhcp: note about staticarp behaviour
Firewall: Diagnostics: Sessions - ignore age/expire when not provided / empty
ipsec: fix two warnings
dhcp: upgrade the prefix watcher to production level #5876
dhcp: use a simple periodic update for now; closes #5876
system: remove last bits of clog (circular logging) support, closes https://github.com/opnsense/core/issues/5892
system: remove debug mode, disable display errors on runtime for development mode #5889
mvc: clear stray new cache file
mvc: typing issue with phpunit9
src: fix php deprecated warnings
pkg: want phpunit version 9
system: two dashboard warnings fixed
system: Net_IPv6::compress() should not compress "::" to ""
system: fix spelling in key name
firewall: fix "statistics" spelling in function and file name
mvc: fix spelling in test name
interfaces: adjust free-form input value
Spelling (#5885)
System: Routes: Configuration - disable flag not removing static route. closes https://github.com/opnsense/core/issues/5887
unbound: ignore CalledProcessError and make a note about it
dnsmasq: add dnsmasq watcher; closes #5119
dhcp: remove print_content_box() use and make it all consistent
interfaces: remove inconsistencies regarding ping utility
interafces: ping diagnostics tool must explicitly set IP version
ui: handle 500 a bit better #5879
interfaces: consolidate for upcoming spelling updates
reporting: legacy log no longer exists
Services / IDPS - remove dead link to mcaffee (http://vil.nai.com/vil/dispVirus.asp?virus_k=), see https://github.com/opnsense/core/pull/5885
firmware: fix button class
firmware: provide upgrade log "audit" for #5855
MVC - BaseModel : return id serializeToConfig() persisted changes to config object so we can safely ignore configuration changes when not needed. closes https://github.com/opnsense/core/issues/5881
firmware: fix "scrubbing" spelling
system: fix "enforcement" spelling
boot: apply default firewall policy before interface configuration, preventing possible accessibility of local services during the boot process.
Disable IPv6 inside 4in6 and 4in4 gif tunnels
interfaces: add missing scope to GIF host route; closes #5884
system: move script to proper location
system: fix RADIUS config validation for port requirement
MVC / BaseField - two regressions in https://github.com/opnsense/core/commit/fc8890851a87d3041b820d801e6a386b88ee244b
firmware: limit changelog check to non-devel
interfaces: check if int before passing to convert_seconds_to_hms(); closes #5870
interfaces: same bug as previous
interfaces: Fix unable to bring up multiple loopback
MVC / ApiControllerBase - searchRecordsetBase when rowCount is set to -1, the items per page equals the record set size. ref https://forum.opnsense.org/index.php?topic=29330.0
VPN: IPsec: Status Overview - hide phase 2 by default (only show when an active phase 1 is selected)
system: render interfaces in convert_config() #5768
VPN: IPsec: Status Overview - minor style/layout changes
config: disable periodic backups by default, slows down shutdown and boot a lot for no apparent reason. closes https://github.com/opnsense/core/issues/5790
system: improve exit_on_bootup()
VPN: IPsec: Status Overview - refactor to MVC master/detail form.
IPsec - minor cleanups
importer: zfs barfs on stdout when zfs pool uses unsupported features
interfaces: fix "Allow service binding" for multiple aliases per interface
dhcp: for consistency
system: Italian to release again
system: make sure the repercussion of using "0" is very clear
pkg: prep for 22.7.r1
VPN / IPsec - automatic rule link mismatch
fix plist
VPN: IPsec: Security Association Database - refactor to MVC and extend functionality.
firmware: remove stale pyc files
ipsec: style sweep
VPN / IPsec - fix cleanup regression in https://github.com/opnsense/core/issues/4460
VPN: IPsec: Security Policy Database - refactor to MVC and extend functionality.
MVC / ApiControllerBase - bugfix search and sort issues for searchRecordsetBase()
MVC / ApiControllerBase - RowCount should return the number of returned items in searchRecordsetBase.
system: phalcon 5 is now the default
firmware: prep for 22.7.r1 with 22.1.10
firmware: make it easier to test for others
VPN: IPsec: Status Overview - cleanup, remove vici library in favour of port package
System / Log - hard limit results to 9999 entries for grid output. closes https://github.com/opnsense/core/pull/5842
VPN: OpenVPN: Client Specific Overrides - Align help text to logic underneath. for https://github.com/opnsense/core/issues/5852
firmware: add python version to crash report header
system: move add_user script out of shell scripts
system: fix firmware command shortcut
interfaces: copy+paste issues
system: go extra mile on console port reassignment
MVC: SimpleActionButton, add catch undefined TypeError (#5848)
MVC - Exclude migrations for memory models. closes https://github.com/opnsense/core/issues/5843
MVC - IntegerFieldType: fix IntegerValidator returning false for negative numbers (#5837)
configd - except configparser read (#5836)
Update OpenDNS ipv6 servers (#5846)
firmware: prep for incoming
firmware: add new key for 22.7
firmware: missing echo in previous
firmware: make sure to use the right approach #5537
firmare: first make sure we can grab an update version for #5537
system: fix typo
interfaces: simplify as others like gif and gre do #4622
dhcp: remove ifconfig invoke #4622
system: get rid of manual ifconfig invoke #4622
system: make set_single_sysctl() snappier et al; closes #5467
system: exclusive lock on /var/run/booting #5841
system: make this more generic to fit previous #5841
system: we seem to be restarting syslog later #5841
interfaces: stop last internal use of /var/run/booting #5637
interfaces: simplify the staticarp code and make the problem worse #5637
firewall: append missing link-local to inet6 :network selector #5528
MVC - bootgrid - regression from 79f5d8f (#5840)
interfaces: fix truncation of IPv6 addresses and consistency for PTR
Interfaces: Diagnostics: DNS Lookup - replace with MVC version.
openvpn: hardcode the RFC 7919 DH parameter #4722
MVC - add support for non persistent (in memory) models. (2)
MVC - add support for non persistent (in memory) models.
MVC / bootgrid - merge option objects in stead of replacing them. closes https://github.com/opnsense/core/pull/5833
Firewall: Aliases - internal aliases can't be disabled. closes https://github.com/opnsense/core/pull/5834
add filter (#5305)
dhcp: remove ddnsupdate static mapping switch
dhcp: inlcude ddns-hostname and other cleanups; closes #4452
interfaces: small updates on previous
Wireless: Add WPA Enterprise Configuration for Infrastructure Mode (#4566)
pkg: simplify
Firewall Log Widget Header Tweak (#5462)
ipsec: cleanup for previous
VPN / IPsec / Tunnel Settings: Add IPv4+6 protocol for mobile phase1 entries (#5436)
MVC - model: throw when no mount found (#5830)
ui: bootgrid, correct required api for command-info #5478 (#5829)
interfaces: inconsistencies in wireless handling #5825
dpinger: prefer primary IPv6 to fix #5824
interfaces: style sweep
ui: boostrap-select ignored header height
interfaces: typo in previous #5637
interfaces: for specific device edit pages avoid reloading device again #5637
interfaces: upon reload request also generate the $realhwif; closes #5819
interfaces: fix most common undefined access messages
system: fix syntax error
system: reduce $pwread scope to stop PHP from being silly
dhcp: fix weirdness in prefix crawler
system: link-local check using empty() to avoid warning
system: possible undefined read
interfaces: remove /var/run/booting side effect #5637
firewall: allow NPT logging; closes #5228
ui: remove IE workarounds; closes #5351
firmware: disable crash reporter submission on non-production deployment
system: handle "production" mode without introducing a new type
system: if no temperature sysctls are exposed do nothing
dhcp: small cleanup for previous
dhcp: stop obsessing over bridges
plugins: protect opportunistic explode()
certs: rename constants for revocation reasons
Revert "Pass current IP address to static lease creation. (#5318)"
system: allow to adjust default of 50% RAM usage for MFS options; closes #5727
system: post 22.7 we will be able to tighten /root permission #5475
system: narrow /var MFS down to /var/log and cap to 50% of physical memory #5727
captive portal: oops
captive portal: nitpicking on validation message
MVC - model: leave a note in BaseModel about performance. There is still something to gain, but likely not without adding more complexity.
interfaces: appease PHP 8.0
php80 / AutoNumberField: set minimum value to 1
php80: make sure recovery adheres to production settings as well
php80: disable display_startup_errors except when debugging
php80: transition for simplepie
php80: phalcon workaround and remove final keyword from private function
PHP80: Add deployment options
php80: remove $errcontext parameter from APIErrorHandler
php80: separator after array is nog longer supported
Captive Portal: specify validation message for aesthetic reasons
make: omit pkg-create -f default in case it changes later
OpenVPN / [Server:CSO] : Add domain search option
plist
Firewall: Rules: LAN - Move Inspect action into it's own async api action to prevent long page loads on large setups.
Firewall: Aliases - minor regression, rowToggle button missing
Interfaces: Other Types: VLAN - add unique constraint for tag+if, closes https://github.com/opnsense/core/issues/5806
Firewall / Aliases: fix alias removal, closes https://github.com/opnsense/core/issues/5807
Firewall / Rules, Livelog : performance improvements
Lobby / Dashboard / Carp status - reset $status_i18n when not found, even though this shouldn't happen, a broken config might show faulty status codes
VPN/IPsec - remember phase 1 setting for next action. closes https://github.com/opnsense/core/issues/5803
interfaces: move lo0 interface registration to loopback
Firewall: Aliases - performance improvement for large numbers of (port type) aliases.
firmware: update repository silently on remote list if needed
VPN/OpenVPN - small regression in https://github.com/opnsense/core/commit/657265a410389394cddccf2cda8138fc82513af7 , when no tunnels are actually reconfigured, a filter reload event will be fired for each interface... which will take ages on large setups.
Unbound: disabling the first DNS override entry invalides config. closes https://github.com/opnsense/core/issues/5798
Fix for Unbound Stats: zero_ttl is no longer a valid statistic (#5793)
Firewall / Aliases - exclude internal aliases on import.
Fix grammar. Missing period. (#5791)
Firewall / Alias - when reading current alias content using pfctl, make sure to ignore empty lines. closes https://github.com/opnsense/core/issues/5788
firewall: remove file_notice() in filter HA sync
system: style sweep
PHP80: CRL support (#5675)
dpinger: no use to check twice
openvpn: move device handling to plugins facility #5411
interface: next piece of the puzzle is the post-load hardcoding #5411
ipsec: enc device is also ipsec
ipsec: inline device configuration #5411
firmware: move previous to v= since it special handling for it already exists
Bypass cache with timestamp in upgradestatus call (#5771)
firmware: lowercase search in plugins/packages
pluginctl: newline shifted elsewhere already
pluginctl: fix copy+paste issue
interfaces: convert loopback for #5411
interfaces: fix two typos here in loopback code
Services: Intrusion Detection: Log File - ACL mismatch, closes https://github.com/opnsense/core/issues/5781
interfaces: add per-device worker to get rid of batch vxlan_prepare #5411
Fireewall : Aliases - bug fix for https://github.com/opnsense/core/commit/49e21188a80005acf9829574252f986cb02be6d2 missed an alias name
Unbound: do not compare identity when checking exit code
system: dpinger support for IPv6 aliases #5777
system: support 1500000 baudrate selection for ARM
gateway monitoring - prevent dpinger event from getting into a "reload filter" loop. while here, also make sure we only pass skip_alias as parameter as gateway has no functional meaning. (and reloading aliases shouldn't be neccesary when a gateway drops).
Firewall: Aliases - performance improvement for large numbers of port type aliases.
system: adjust gateway validation to "new" reality #5766
Interfaces: Assignments - add technical interface ID as these are critical when synchronising content (either hasync or OPNcentral)
mvc: clean up previous
Phalcon compat layer: add Url validator
ipsec: squelch spurious errors on stderr for ipsec status
Unit tests: remove Monit tests as these cannot be performed in a vacuum (#5762)
Unbound blocklists / OPNsense UI: strengthen error handling (#5761)
unbound: make blocklist additions/removals dynamic to prevent a restart (#5747)
system: whitespace issue
make: pkg 1.17 has a "unified suffix"
VPN / IPsec - mobile property (boolean) duplication in phase 2, closes https://github.com/opnsense/core/issues/5598
Config::save : call microtime(true) once (#5740)
dhcp: fix plist and add .php suffix for clarity
Config: prevent config crashes when an attribute already exists, while here also make sure we report the error as it will now silently fail. SimpleXMLElement's addAttribute() is only valida when the it doesn't already exist.
Services / Unbound - change grid label when no results are returned (https://github.com/opnsense/core/issues/5752). Should make master/detail more explicit without complicating the world.
system: only restore missign or zero size ACL files #5746
MVC - API usage : destinct between 401 (Unauthorized) and 403 (Forbidden) when authorisation (or authentication) fails. closes https://github.com/opnsense/core/issues/5749
Services: Unbound DNS: Overrides - Restore duplicate domain behaviour to how it was before refactoring to MVC. Sort overrides per domain, suppress "forward-zone:" sections when the previous entry is the same. closes https://github.com/opnsense/core/issues/5748
Services: DHCPv4 : leases - Move delete action to separate script in configd and offer the ability there to cleanse leases file for duplicate static leases. Since remove a single address or a list of (mac) addresses are two sides of the same coin it seems to make sense to add a script responsible for dhcpdv4 lease cleanup.
interfaces: plug vxlan into device population mechanism #5411
mvc: style sweep
interfaces: include VIPS for primary IPv4 detection #5742
interfaces: not sure why interface_ppps_configure()... #5637
interfaces: remove two /var/run/booting uses #5637
interfaces: revert futile parts of b34ba9a61f655 #5630
firewall: make rule parsing more consistent as x:any and any:y are valid options, accepting literal "any" seems to make sense. closes https://github.com/opnsense/plugins/issues/2957
Services / Unbound DNS / Blocklist - add custom "Destination Address" as advanced option, closes https://github.com/opnsense/core/pull/5736
MVC: fix two regressions and deprecate __items
importer: missing loop exit
importer: add verbose mode
importer: support cd9660 type for #5733
VPN: IPsec: Tunnel Settings - mark unsortable columns.
MVC - ApiControllerBase : safeguard multi_sort in searchRecordsetBase() when non-existing column is passed
Reporting: NetFlow - fix validation, closes https://github.com/opnsense/core/issues/5729
system: tunables without hierarchy are just "environment" variables; closes #5719
firewall: add missing range validation to alias host type #5723
mvc: style sweep et al
Phalcon5 migration: provide compatibility layer between v4 and v5 (#5711)
Firewall / Aliases - change log level on geoip download to notice (it's message, not an error)
Firewall: Diagnostics: Aliases - simplify sort and add natural sorting. closes https://github.com/opnsense/core/pull/5716
MVC - Phalcon 5 migration and options to lose dependency of phalcon validation classes.
MVC - Phalcon 5 migration and options to lose dependency of phalcon validation classes. part duex
Update blocklists.conf (#5710)
Firewall / Aliases - add markUnchanged() in BaseField type so we can avoid validation on virtual fields (issue introduced in https://github.com/opnsense/core/pull/5668)
firmware: list locked packages in health audit
VPN / OpenVPN / Client Export - change filetype to test/ovpn, closes https://github.com/opnsense/core/issues/5687
dpinger: allow up to three arguments passed
firmware: force all should indicate base/kernel reinstall; closes #5701
Services / Unbound - overrides: fix handling of wildcard aliases (#5707)
Services / Captive portal - add extendedPreAuthData checkbox to support returning the client mac address when /api/captiveportal/access/status// is called for authentication. closes https://github.com/opnsense/core/issues/5684
Firewall: Diagnostics: Sessions - fix ACL for used api's. closes https://github.com/opnsense/core/issues/5692
Service / Unbound - ACL mismatch for overrides closes https://github.com/opnsense/core/issues/5704
Unbound: sort on host/domain name for overrides
firmware: use isolated directory for database update check
unbound: overrides: mvc: case sort order
Unbound overrides: fix validation message style issue (#5700)
Unbound / Domain overrides: accept _msdcs since legacy supported it. Closes #5697
plugins: old plugins with missing functions may produce fatal errors
firewall: change "product" to "automatic" and sort both lists a bit
firmware: cross-version check not using correct information
interfaces: fix typo
system: remove nop
Services / Unbound - missing $uuid in setBase() for setHostAliasAction(). closes https://github.com/opnsense/core/issues/5691
Services / Unbound - add missing alias descriptions (including migration). while here also make the migration a bit more resilient for hostname validation issues. closes https://github.com/opnsense/core/issues/5695
MVC / Core - when throwing Validation\Exception, make sure to add the current field contents when we can find it. This improves model migration log output and helps debugging issues. related to https://github.com/opnsense/core/issues/5693
Services / Unbound + core MVC - extend ModelRelationField to show combined descriptions using vsprintf() and implement hostname.domain in new unbound alias popup. closes https://github.com/opnsense/core/issues/5694
Services / Unbound - fix domain override ip validation as it may contain a port number using the following format x.x.x.x@53 cc @swhite2
System -> HA-> Settings : Typo fix (#5689)
dhcp: allow custom configuration from directories; closes #5313
dhcp: support ipxe; closes #5385
firewall: make sure people realise default deny also means state violation
dhcp: reload action for cron; closes #5410
system: use protect -i here for future-proof setup
system: protect syslog daemon from OOM kill
src: fix typo and sync LICENSE
Services / Captiveportal - prevent cleansing password field, closes https://github.com/opnsense/core/issues/5678
interfaces: comment on previous, add TODO
pkg: add glue to change phalcon version
firmware: fix this check like the other one
system: protect -n test with quotes, shell style while at it
Reporting -> Health -> System -> CPU Temp - add temperature sources to rrd collection. closes https://github.com/opnsense/core/issues/5601
unbound: fix permissions
interfaces: VLAN UX to consider
interfaces: exclude existing VLANs and load from model instead
make: compare hash as well on "upgrade"
interfaces: tweak wording and mark nonexistent as "no carrier"
Bootgrid - omit total entries for log grids.
Interfaces: Other Types: VLAN - add not yet applied vlan's in model field.
src: whitespace sweep
interfaces: throw error on nonexistent assignment
unbound: clean up references to legacy code, use mvc instead. also minor style fix (#5663)
pkg: phalcon 5 test as well
pkg: dependency glue for PHP 8
unbound forwarding: be even more explicit about DoT usage
interfaces: optional prefix tracking for WAN #5630
Revert "IPSec - VTI, ignore tunnel devices if local or remote endpoint can't be found."
Interfaces: Other Types: VLAN - Exclude POINTOPOINT interface types, closes https://github.com/opnsense/core/issues/5603
Firewall / Aliases - various usability and visibility improvements (#5668)
Backup - pass filename to openssl [en|de]crypt. smaller version of https://github.com/opnsense/core/pull/5661
Added the correct content-type for the dashboard plugins feed. (#5666)
Revert "System: Configuration: Backups - Don't leak backup password to `ps` (#5661)"
System: Configuration: Backups - Don't leak backup password to `ps` (#5661)
unbound: be more explicit about forwarding behaviour and fix typo
interfaces: for symmetry with PPPoE do not reload WAN when address disappears
interfaces: proper logic in adv/custom/basic modes #5332
interfaces: DHCPv6 advanced has a different flag to disable NA #5332
mvc: flipflip years to make more sense of moved functionality
Use random_bytes() from PHP 7.0+ and simplify the voucher generation (#5659)
Security : Use password_verify() (#5660)
dhcp: give a hint on why an interface was ignored in radvd
interfaces: different patch for ifctl use
system: more comments on get_nameservers()
interfaces: add context to assignment label
system: simplify previous a bit
theme / OPNsense - fix Dart deprecation warnings (DEPRECATION WARNING: Using / for division outside of calc() is deprecated and will be removed in Dart Sass 2.0.0.)
get_nameservers(): also return manual dns entries to simplify code elsewhere
interfaces: according to #5646 VIP reassignment enforces "order"
MVC - VPN / IPsec. Move array search method to more generic searchRecordsetBase() in ApiControllerBase, which is modelled similar to how searchBase() is implemented in ApiMutableModelControllerBase.
firmware: exclude revision to match release during hotfixes
make: convenience target to test migrations
MVC & VLan interfaces - properly select the root node for /vlans, // select "any" node within the sructure, which can point to items deeper in the structure than intended.
logging - fix for clear single log target keeps clog file, closes https://github.com/opnsense/core/issues/5644
interfaces: little more style on previous
interfaces: zero prefix "vlan" and "qinq" interface names to prevent collisions on vlans.(https://github.com/opnsense/core/issues/5560)
src: witespace sweep
dhcp: remove dynamic IPv6 host name annotations that don't work in isc-dhcp
unbound: prefer system nameservers if forwarding is enabled and only run unbound-anchor when necessary (#5625)
interfaces: use consistent "vlan" or "qinq" prefix, start a 0 #5560
unbound: old behaviour says this or that
unbound: fix model description validation
firmware: revoke 21.7 fingerprint
src: lint pass
unbound: implement custom forwarders over current dot setup (#5606)
make: create dir before mfc
interfaces: more PPP changes for ifctl ##5565
interfaces: easier to read/compare this way
configd - change error level for "unable to sendback response" messages as these aren't errors, just a reminder the client is too slow to wait for the answer. closes https://github.com/opnsense/core/issues/5639
interfaces: protect filter configure script #5637
reporting: extract /var/run/booting use from RRD #5637
firewall: route-to, reply-to (and dup-to) are mutally exclusive
interfaces: suspicious code is suspicious
interfaces: log the reload hook
interfaces: loopback "lo0" exists for VIPs
Firewall - Aliases : tighten fqdn validation to avoid mistypes as 192.168.01.1 from being accepted as domain name.
interfaces: add manual page for ifctl; closes #5631
system: document configctl in a manual page #5631
interfaces: detach newwanip call as discussed
system: shorten markers, drop "growfs" suffix
newwanipv6 - revert ipv6 from https://github.com/opnsense/core/commit/8c49c7bfdd18b08e411b158e042eebcef03a3f50 as discussed
dhclient-script: prevent the removal of default routes as rc.newwanip is responsible for calculating the correct active default.
rc.newwanip[v6] - only reconfigure an interface if it's either a non static non dhcp[6] variant or the address has changed.
system: another typo during review
firmware: minor issue here
console: return value not returned
interfaces: ifctl now lists available files for -i use
interfaces: add ifctl -r and -p for router and prefix files
system: configctl now a link like ifctl
system: prefer address family earlier on boot
interfaces: ifctl link for nameserver.sh
system: configd_ctl.py should be same as configctl
interfaces: same for lagg here
interfaces: "_" prefix means only call internally
Revert "interfaces: issues with assigned gif/gre tunnels #5540"
interfaces: issues with assigned gif/gre tunnels #5540
pkg: after having dnspython break our initial 21.7.8 builds
interfaces: fix typos and tweak after testing
interfaces: clean up this portion
dhcp: use opnsense-log -n for prefix reads
system: try to hide "latest.log" magic in this utility
DHCPDv6: stream read log and leases files for "dhcpd update prefixes" action, see https://forum.opnsense.org/index.php?topic=27319.msg132541#msg132541
Filter - rules: constrain default carp allow rules to those defined in rfc5798, closes https://github.com/opnsense/core/issues/5613
ipsec: fix mobile switch logic
interfaces: special gif handling for MTU is long gone
Interfaces: Other Types: VLAN - Add stacked VLAN support (IEEE 802.1ad / QinQ) (#5607)
interfaces: annotate device dependency issue #5540
make: softcode the use of branches to ease backporting
firmware: update work in progress for upgrade handling
Services -> Intrusion Detection -> Administration - Alerts: use standard bootgrid header and extend on initial load. Without the header, the row count will be off (which seems to be difficult to fix in bootgrid). see https://forum.opnsense.org/index.php?topic=23847.msg132089#msg132089
Firmware: make the connectivity audit more robust
firmware: emit changelog URL for testing
make: dependency, not target
make: diff for tag if requested
make: also add a push helper
VPN / IPsec - change "My Certificate Authority" to "Remote Certificate Authority" in phase 1 as this points to the right end of the tunnel. discussed in https://github.com/opnsense/core/issues/5241
system: remove comment for code no longer in place
VPN / IPsec - cleanup non existing ca files. closes https://github.com/opnsense/core/issues/5600
interfaces: for naming consistency use v6 suffix for PD hint
interfaces: add proper argument parsing, simplify invokes #5565
firmware: check repository and plugin state in health audit
VPN / IPsec - mobile property passing in phase 2, make sure we can add a mobile phase 2 again, at some point we should remove the phase 2 mobile attribute for being a copy of its parent. for https://github.com/opnsense/core/issues/5598
interfaces: add nameserver script to contain the situation #5565
system: import ZFS pools before mounting ZFS datasets
system: write config.xml sample value like GUI #5565
system: simplify this code #5565
dhcp: splitting hairs on implementation
make: add "log" target
console: improve kernel messaging during port assignment
VPN: OpenVPN: Servers - when using topology mode determination of the gateway isn't reliable. With https://github.com/opnsense/core/commit/0ad3ec432ff0d1ee45d9969424b7e5b19eb903e2 we tried to calculate the next address, which unfortunately is our local address in quite some cases.
MVC - refactor and extend HostnameField and add some options to validate partial hostnames and root zones. also needed for https://github.com/opnsense/plugins/issues/2849
Interfaces: Other Types: VLAN - refactor to MVC framework in preparation for https://github.com/opnsense/core/issues/5560
firewall / logging - exclude localhost stateless traffic(#5595)
Firewall: Aliases - when using port type aliases the "enable" flag was ignored. closes https://github.com/opnsense/core/issues/5594
src: style issue with $((...)) use
interfaces: fix issue with empty description
Interfaces: Other Types: VLAN - refactor to MVC framework detaching configuration using configd while. In preparation for https://github.com/opnsense/core/issues/5560
interfaces - legacy_interfaces_details() add vlan parsing
system: the all group disappeared in 2015 via a66c7889c7f
system: support qat and multiple selection #5559
system: aesni is now a kernel-builtin #5559
make: update parallel-lint to 1.3.2
loggin - limit rowCount (#5589)
firewall: only ever store nobind for ipalias/carp; closes #5585
system: no longer default to hw.uart.console use
Reporting: Traffic - use async resolver to reverse lookup addresses. closes https://github.com/opnsense/core/issues/5536
Firewall / Aliases - minor cleanup, removing unused loop parameter
interfaces: assignments should take OpenVPN into account
interfaces: $devices already filtered #5540
VPN / IPsec - pass protocol when resolving via ipsec_resolve() (#5360)
Firewall : Advanced - Add support for syncookies, minor validation issue allowing empty adaptive values (for https://github.com/opnsense/core/issues/5561)
unbound: background potentially long-running operation
system: simplify scripting a little
Reporting / Insight - fill missing data with zero's (0), for https://github.com/opnsense/core/issues/5579
logging - squidExtLogFormat : typo (#5580)
interfaces: PATH is not complete in dhclient-script
system: rework growfs and allow ZFS grow; closes #5576
system: libraries supports pcre.jit since 21.1.1
system: try to boot without kernel message mute relics
change default severity level
dhcp: add missing copyright
Firewall - Aliases: local file corruption might prevent alias to be loaded. closes https://github.com/opnsense/core/issues/5525
interfaces: nothing requires all vips to be regenerated #5540
sidebar - refresh optimization last fix (#5571)
sidebar - optimization (#5570)
dhcpd: Fix implode() call (#5568)
interfaces: fix faulty up on GRE alias use
interfaces: look up 'blind' alias use in GRE avoiding guess_interface_from_ip()
interfaces: fix comment after discussion
interfaces: not sure how a vlanif can be empty when $id is set
interfaces: always return the array #5540
interfaces: keep boot order but invoke pre and post device hooks always #5540
firewall: style update
Firewall : Advanced - Add support for syncookies, closes https://github.com/opnsense/core/issues/5561
sidebar - 2nd submenu view fix (#5556)
interfaces: improve vlan pattern
interfaces: make notes for #5540
interfaces: small sweep for wireless related to #5540
interfaces: kill creation side effect for bridges #5540
interfaces: clean up lagg configure a bit more
interfaces: kill VLAN creation side effect #5540
interfaces: parentesis fix
interfaces: $realif is no longer used
interfaces: simplify legacy_interface_destroy() use
interfaces: boot now produces errors #5540
interfaces: make the world simpler #5540
interfaces: unused reference
interfaces: kill LAGG creation side effect #5540
interfaces: get_interface_list() must exclude OpenVPN
interfaces: rename $special to avoid ambiguity #5540
unbound: dnsbl same same
unbound: host overrides: use legacy reconfigure and reduce configd calls (#5553)
interfaces: clean up GRE same as GIF #5540
interfaces: remove unused function
Revert "interfaces: configd action for device creation #5540"
interfaces: fix typo #5540
Unbound: overrides: fixup UI and validation due to model change (#5542)
interfaces: make sure to solve the _vip crisis with GIF use #5540
interfaces: configd action for device creation #5540
interfaces: kill the gifif-empty side effect #5540
interfaces: style on MTU changes
interfaces: adjust MTU configuration #5546
Firewall: NAT: Port Forward - synchronise "disabled" flag on linked firewall rule.
interfaces: merge lines, maybe doesn't belong here #5540
interfaces: prevent DHCP from installing nameservers when not allowed
interfaces: get_interface_ip*() can validate alias #5540
interafce: was not expecting so many issues #5540
interfaces: kill array_walk() weirdness #5540
system: avoid array_walk() use loosely related to #5540
system: command drop down size was below screen
Firewall - categories - check state before select (#5538)
system: technically correct but reads strange #5493
system: complete the log message #5493
system: only log on automatic far gateway detect #5493
dhcp: typo
interfaces: shorten list() action where we can
interfaces: forgot these support returning the bits as well
interfaces: mimic IPv4 behaviour, clear up naming
interfaces: remove legacy_get_interface_addresses(); closes #4749
interface: finally rid the code of find_interface_*() magic #4749
dhcp: convert the last two #4749
system: remove use of find_interface_network*() #4749
ipsec: remove find_interface_network*() #4749
firewall: replace find_interface_network*() #4749
interfaces: consistent naming
interfaces: second step -- deduplicate code
interafces: stop reacting to simple stop/detach/down events via rc.linkup
interfaces: stop bothering with -k
interfaces: configure ondemand ppp in background
interfaces: stop mdp5 before starting
dhcp: avoid use of find_interface_network*() #4749
ipsec: avoid use of find_interface_network*() #4749
openvpn: avoid use of find_interface_network() #4749
system: minimal approach to #5493
system: detect far gateway situation for #5493
firewall: default pass all loopback without state tracking; closes #5367
dhcp: quick pass over prefixes.php to support non-clog finally
unboud: another migration fail discarded IP
interfaces: improve wording a bit more
src: put back whitespace in otherwise unchanged file
pkg: allow alpha versioning for development
firmware: no need to hint at upgrades anymore
firewall: err what, second part of prevous not staged #5517
interfaces: flip VIP bind default and enable CARP; closes #5517
system: forgot to scrub required => false
system: several improvements to tunables; closes #5504
Fix EmergingThreats documentation URL. (#5530)
Firewall: Settings: Advanced - remove ruleset-optimization as this is without function when labels are being used. closes https://github.com/opnsense/core/issues/5529
Interfaces: Settings - improve mesage a bit for https://github.com/opnsense/core/issues/5521
Interfaces: Settings - add a note about where these settings apply, closes https://github.com/opnsense/core/issues/5521
unbound: fix migration issues
Logs: add backward compatibility (#5522)
system: routes: configuration - changing interface gateway will be ignored as the delete/add combination adds the new gateway in it's delete action.
Fix typo causing error on IPv6 login
Firewall / Aliases - encode rules names (#5507)
Firewall: Aliases - exclude external aliass for nesting as these will be empty according to our administration.
firmware: update upgrade hint
firmware: patch header in consistently
src: one more whitespace issue in previous
whitespace (^M)
firmware: fix import listing for one ZFS pool
Fr5487 adaptive timeouts (#5502)
unbound: overrides: migrate to mvc model (#5488)
MVC - BaseField: Overload __isset() magic method (#5499)
firmware: to pull off previous we need to support -l
firmware: more changes here in the future
firmware: almost there
interfaces: reduce diff
system: try to take into account 522ba38061a91 here
util/log_error: keep it clear. add a log_msg (#5498)
util/log_error: use severity levels (#5497)
Firewall: Settings: Normalization - support "no scrub" option so specific traffic can easily be excluded from scubbing.
dhcp: fix array access when no alias/carp was found
Services / Captiveportal - prevent session removal crashing out when we there's no IP address registered
firmware: use new feature of opnsense-update
system: spacing
Web application security measuers, explain where to disable rebind if needed (https://github.com/opnsense/core/issues/5481)
interfaces: remove link remnants from GRE
Interfaces: Other Types: GRE - remove non-existing link parameters inherited back in 2014.
Interfaces: Other Types: GIF - align user interface with base system options.
firmware: print these here for diagnostics as well
interfaces: get_interface_list() is a strange one for sure
console: strangely enough the code doesn't work as intended
console: use full list at the end
console: improve input of LAGG
console: spacing still not optimal
console: improve spacing
console: skip LAGG/VLAN on empty interfaces, print full list at end only
console: spice things up further
config: some more pretty print
console: a small audit and LAGG functionality test
firmware: 22.1.r2 is also possible now
firewall: improve previous
Firewall : Shaper - support Gbit in pipe's
Services : Intrusion Detection - make sure migration to 1.0.7 doesn't crash. ref https://github.com/opnsense/core/pull/5482
Firewall: Shaper - add kernel constraint for kernel bandwidth limitation, closes https://github.com/opnsense/core/issues/5224
Interfaces: Other Types: Bridge : improve validations and fix defaults as described by ifconfig(8)
system: usual TAB-dance
system: generic rewrite of ssh advanced opts
Allow to configure SSH setting PubkeyAcceptedAlgorithms via GUI (#5400)
Backend.php: syslog-ng migration (#5383)
dnsmasq: no hosts option; closes #5374
system: separate core and thread count
interfaces: correct comment
Interfaces / VXLAN - move vxlan_prepare prepare up in order to be able to combine it with bridging.
DNS Rebind Check Case Sensitivity (#5484)
firewall: copy+paste fail
ui: whitespace sweep
firewall: belongs to 21fe4db493594 #5467
Fix CARP PPP hook.
MVC - ModelRelationField, small cleanups and simplifications for https://github.com/opnsense/core/pull/5429
mvc: Add BlankDesc to ModelRelationField (#5429)
Move storing jQuery Bootgrid settings in browser from core to bootgrid (#5443)
IDPS - ET Pro telemetry 5 uses the new name scheme of version 6, which we accidentially didn't take under account when migrating ET-open. make sure we do fetch the new rulesets as being published for 6 (related to https://github.com/opnsense/core/pull/5482)
system: fix warnings that only appear when validation fails
system: allow additional search domain; closes #5102
Refactor web application security measures, closes https://github.com/opnsense/core/issues/5481
network time: remove PID if it is generally unreliable; closes #5214
dhcp: kill "static" mode, move flags to advanced #5185
system: shared forwarding to #5467
dyndns - remove dyndns references as they should manage themselves. closes https://github.com/opnsense/core/issues/5434
system: cache obfuscated version info from syslog-ng binary #5371
system: remove system_arp_wrong_if() in favour of #5467
system: prevent more than one default route by default
Reporting: Traffic - Total IN/OUT reporting same (total) values, closes https://github.com/opnsense/core/issues/5479
Framework - Logging : when the default severity level is different than "Warning" because the application doesn't send anything else out, make sure to push these defaults via the controller. style fix previous
Framework - Logging : when the default severity level is different than "Warning" because the application doesn't send anything else out, make sure to push these defaults via the controller. closes https://github.com/opnsense/core/pull/5472
system: sync recovery contents with FreeBSD 13
system: forgot to switch these as not "gateway" address
system: use correct IPv6 interface
system: remove problematic "validation"
services/ntp - detach limited from kod, correct help text (#5473)
system: annotate problematic code
scripts: tabs vs. spaces
system: add msdosfs and sort array
IDPS : fix typo in https://github.com/opnsense/core/pull/5413
Revert "fix copy-and-paste error in help div"
importer: issue with display when no ZFS is there
ipsec: a long long time ago, I can't still remember...
IPsec: FreeBSD 13 compatibility fixes, closes https://github.com/opnsense/core/issues/5450, https://github.com/opnsense/core/issues/5464
add API call api/diagnostics/interface/get_interface_config (#5448)
LICENSE: sync
system: display system tunables as well
firmware: show "misconfigured" first before defaulting to "orphaned"
mvc: translate screen reader labels where we can
system: default to 1000 for net.inet6.ip6.intr_queue_maxlen
system: add Polish, degrade Italian
src: translation style issues
IPSec - change default ciphers and hash algoritms to more secure variants and add a note about unsecure options. closes https://github.com/opnsense/core/issues/5450
mvc: Add support for text fields, pull in and reformat https://github.com/opnsense/core/pull/5442
Firewall: Log Files: Live View - simplify previous (#5444)
Firewall: Log Files: Live View - fix escape, closes https://github.com/opnsense/core/issues/5432
MVC - initFormAdvancedUI: universal stripes adjustment (#5435)
Firewall/Scrub: Display interface descriptions (#5433)
fix strict-order
fix copy-and-paste error in help div
MVC - handleFormValidation : improve item match (#5428)
Services / Intrusion detection - downloader.py style fixes (#5413)
Firewall/Live View: skip rid for nat (#5424)
captive portal: use -f when deleting files that may not be there
util: add support for terabytes, and petabytes to format_bytes (#5405)
firmware: although unlikely just patch this in then
firmware/status: Update to support terabytes (#5417)
Monit - move logging to own log target. closes https://github.com/opnsense/core/issues/5422
Firewall / Alias - remove global $aliastable reference and use our shared \OPNsense\Firewall\Util::isAlias() instead. closes https://github.com/opnsense/core/issues/5423
pkg: avoid upgrades if already done, use VERSIONBIN
system: add backend handler for log rotation
system: do not mess with mount points in /var for /var MFS
Patch traffic shaper texts (#5420)
Logs: quick severity filter with "Warning" default (#5370)
Firewall / Aliases - log resolve errors (ref https://forum.opnsense.org/index.php?topic=26034)
Firewall: Diagnostics: States - handle IPv6 NAT, closes https://github.com/opnsense/core/pull/5414
firmware: apparently /etc/motd is gone on FreeBSD 13
system: default to both IPv4 and IPv6 redirects to disable
Interfaces / LTE - remove more or less dead cruft the 3gstats collects in some rare cases.
system: do not clobber mount points
system: mostly adjust -z mode to give size and identifier from ZFS pools
system: df -t zfs returns duplicated tmpfs entries; closes #5344
Revert "firmware: work around FreeBSD 13 faulty validation"
system: opnsense-importer -m mode
Services: Intrusion Detection - rule downloads : gently log when connectivity issues appear.
firmware: work around FreeBSD 13 faulty validation
firmware: for quick troubleshooting support -O like opnsense-update
firmware: next beta coming up
VPN / OpenVPN / Connection Status - kill by common name when address doesn't seem to be possible. closes https://github.com/opnsense/core/issues/5038
firmware: be more chill about missing product_check and always return product info #5394
firmware: deleting the file under configd execution and copy...; closes #5396
firmware: just for consistency
change severity (#5395)
firmware: fix launcher invoke from shell menu
firmware: no need for this file anymore starting with 21.7.7
system: copy+paste fail
interfaces: avoid inline creation of GIF/GRE tunnels
interfaces: simplify to avoid $config access
interfaces: also add logging for GIF/GRE inline configuration
interfaces: safe to assume $realif exists, use it consistently
interfaces: log when we try to attempt inline virtual device creation
intefaces: avoid handling "hardware" settings for devices node path
interfaces: drop get_parent_interface(); loosely refs #5338
interfaces: remove previously broken code
interfaces: restrict vlan selection
interfaces: whitespace again
interafces: patch in parent devices for LAGG and bridge
interfaces: split get_parent_interface() into its use cases
interfaces: return $ifname and decouple the search loop
interfaces: configure_interface_hardware() can take previous details
configd - internal profiler fix incorrect enable call (probably a python 3 remnant)
Firewall / Aliases - add "Dynamic IPv6 Host" type. closes https://github.com/opnsense/core/issues/4923
dhcp: rewrite conditionals to adapt to configured reality
MVC - Models : improve error handling for missing fieldtype classes
Services / DHCPv4 - Allow for ARM architectures in DHCP Network Boot options (#5361)
IDPS - update classification.config with https://raw.githubusercontent.com/OISF/suricata/master/etc/classification.config
interfaces: just for fun
interfaces: put a fancy newline
intefaces: simplify this one as well #5367
interfaces: repair getenv() breakage in ea6b5bda52409 the right way #5367
interfaces: align file names #5367
Firewall / Diagnostics / Sessions - typo in direction (#5378)
Firewall / Diagnostics / States - switch dst-src with direction (#5377)
interfaces: fix previous
interfaces: transform to heredoc for easier extension #5367
interfaces: nameserver can use same file format as others #5367
interfaces: searchdomain can use same file format as others #5367
interfaces: move nameserver files to /tmp #5367
interfaces: move searchdomain files to /tmp #5367
interfaces: move "cache" file to /tmp and rename for clarity #5367
interfaces: wait a second, if $ip_file is never read remove it #5367
interfaces: rc.newwanip(v6) changes related to #5367
interfaces: these ip files under /tmp are not being used #5367
interfaces: remove code that appears uncessary
Revert "interfaces: use same approach as ppp-linkup script #5367"
interfaces: use same approach as ppp-linkup script #5367
System: High Availability - optionally disconnect dailup interfaces when going into CARP backup mode. while here reformat the HA section a bit as state sync is only part of the options. closes https://github.com/opnsense/core/issues/3185
src: spacing on html inputs
system: cron template whitespace adjustments
Interfaces - remove validation preventing an interface to be enabled when aliases are already assigned (introduced in https://github.com/pfsense/pfsense/commit/62a4abc92cd31983d4b1c09eb95d28e001d9869d), there doesn't seem to be a valid reason for requiring no aliases
interfaces: on a device node there is no parent to use
Revert "pkg: suricata is now the same as suricata-devel"
interfaces: avoid touching cacheip files and improve state kill #5367
system: escape opportunistic matchig to provide the fallback always
system: on IPv4 monitor fallback use the full lookup
interfaces: deal with PPP device nodes
system: add a tiny manual page for opnsense-log
interfaces: simplify get_parent_interface()
system: improve opnsense-log a little
interfaces: flatten the call stack and unify logging
LICENSE: sync after discussion with author
interfaces: bring back old name from c30477bef708fa02
interfaces: improve newwanip logging a bit
interfaces: old code that "fixed" error is no longer needed
interfaces: straighten out mpd5 handling and check for existence later
interfaces: ignore media settings if interface is not there
interfaces: avoid recursion by giving proper interface name
interfaces: remove obvious expectation mismatch
interfaces: refactor linkup to avoid recursing
interfaces: remove driver-related workaround after over 10 years
Prevent Browser Auto Fill Username/Password (#5311)
Stray End Tag (#5364)
Cron - shell escape parameters using shlex functions
configd - Jinja2 templates, support shlex_split to split parameters in shell format
configd - Jinja2 templates, support shlex_quote filter to escape input if needed
system: just copyright style cleanups and comment correction
firmware: prep for next beta
Logging: Add a symlink for e.g. system.log to system_todaysdate.log for log parsing (https://github.com/opnsense/core/issues/4993)
system: spacing in previous
router advertisements: move static mode out of source address setting
router advertisements: support IP aliases with and without VHID; closes #5185
interfaces: separate the use cases of get_configured_carp_interface_list()
dhcp: use friendly descriptions, unify print of CARP address; closes #5354
system: add opnsense-log helper POC
system: add "latest.log" symlink and make sure new log is created
xmlrpc: support authentication using API keys
Pass current IP address to static lease creation. (#5318)
Captive portal - missing tooltip in session window
firmware: although not used in practice make sure we reset reboot flag correctly
firmware: make sure to emit status_reboot when no reboot takes place #5358
system: small whitespace cleanup
firmware: add status_reboot which is the correct one for the offered status #5358
firmware: a bit more complex to look up right condition #5358
firmware: add new flag for update-based reboot #5358
firmware: properly migrate cron actions
firmware: streamline -s/implied script a bit more
jquery.bootgrid - converters / datetime, ignore empty values from https://github.com/opnsense/jquery-bootgrid/commit/857598b9d0707d805f8c467b760032c4c6fc906b
interfaces: async this part as well using -dq
backend: add -q option and shuffle errros to stderr
openvpn: remove reload on disconnect
interfaces: async calls for newip* actions
system: use more convenient configctl call
system: unify mvc and legacy cron restart
system: reload cron template on legacy cron restart
firmware: check for valid command first and exit if not found
system: use configctl -d for cron-based services
backend: add detach option for long running actions
firmware: allow launcher to operate on a random sleep if requested
firmware: hook up 'latest' script, use it in dashboard widget as well
firmware: add a 'latest' script to derive update info from changelog
firmware: make changelog.txz location permanent
CaptivePortal - connected since misformatted due to datetime already being converted in bootgrid, https://github.com/opnsense/core/blob/2e5d8ecf758167640a1297403c4aa9c743fc3522/src/opnsense/www/js/jquery.bootgrid.js#L1219-L1226
make: populate CORE_MAKE command with proper env on stepping stones
IDPS: handle empty metadata value (#5357)
pkg: suricata is now the same as suricata-devel
firmware: only fetch changelogs if the server file changed
firmware: add a configuration file and fix prompt hint
Firewall / Rules - drop policy based routing validation on interface rules as discussed in https://github.com/opnsense/core/issues/5329#issuecomment-968704455
IDPS: support multiple policy property in metadata, closes https://github.com/opnsense/core/issues/5350
logging / relayd - move syslog target to plugin where it belongs [1], for https://github.com/opnsense/plugins/issues/2643
ipsec: add copyright to new tunnels template
interfaces: add a comment to new block
firmware: also here of course
src: fix a couple of stray whitespace issues
interfaces: style
system: do not embed link twice
firmware: implement cross-ABI reinstall #5144
firmware: change CORE_ALTABI to taret ABI detection for #5144
system: better cleanup of *.pkgsave files
system: deal with legacy.conf remnants #5337
firmware: prep for 22.1.b1
system: rename for #5337
system: remove $restart and $async flags
syslog: remove killbyname('syslogd'); as the service is gone. for https://github.com/opnsense/core/issues/5337
Syslog - remove clog support
ipsec: back out link_interface_to_ipsec() changes that are not required
interface: small cleanup for #5334
Interfaces - shift check and improve logging a bit for https://github.com/opnsense/core/issues/5334
interfaces: comment style and info update
Interfaces - log and exit interface_configure() when device node doesn't exist, for https://github.com/opnsense/core/issues/5334
Interfaces - add description to ifconfig output, closes https://github.com/opnsense/core/issues/5331
VPN / IPSec / Tunnel settings - Change overview page to support pagination lowering load times on large setups, closes https://github.com/opnsense/core/issues/5279
MVC - UIBootgrid, prevent event propagation to avoid click() events being forwarded to the row when rowSelect is used.
VPN / IPSec / Tunnel settings - Change overview page to support pagination lowering load times on large setups (https://github.com/opnsense/core/issues/5279)
Firmware - mirrors, remove unavailable Hostcentral mirror
System/Wizard - omit dhcp config when not available, closes https://github.com/opnsense/core/issues/5316
add live view templates ACL (#5327)
VPN / IPSec / Tunnel settings - new overview page, hook in phase1/2 delete actions. for https://github.com/opnsense/core/issues/5279
Trust / Authorities - get keyid string (#5323)
VPN / IPsec / Advanced settings - add sha256_96 flag, minor cleanups for https://github.com/opnsense/core/pull/5321
VPN / IPsec / Advanced settings - add sha256_96 flag (#5321)
add new line (#5320)
firmware: new alpha with RSS
revise help link for google drive to point to (#5317)
system: remove broken code
IPsec - VTI device [re]creation. could be https://github.com/opnsense/core/issues/5263
interfaces: copy+paste fail in refactor of scoped IPv6 acquire
IDPS: hook et-open to suricata 5 ruleset including migration, brings https://github.com/opnsense/core/commit/41eefdd105012137d9d7db71e70847f9ea8e974f back in
Dashboards / interfaces_list - missing , closes https://github.com/opnsense/core/pull/5302
VPN / IPSec / Tunnel settings - work in progress for https://github.com/opnsense/core/issues/5279
firmware: fix check for base/kernel reboot
system/ntpd - expose iburst option in the UI (#5309)
system: set kern.randompid to autoselect for FreeBSD 13
system: use sysctl info to indicate nonexistent ones
auth tester, fix missing escape in diag_authentication.php
system: assorted improvements
Firewall / Rules allow 'any' as a port range lower bound (#5306)
unbound: make so-reuseport conditional upon RSS status
Squashed commit of the following:
VPN / IPSec / Tunnel settings - phase 1 overview endpoint and grid for https://github.com/opnsense/core/issues/5279
interfaces: VLAN spoofmac taints siblings and parent interface. closes https://github.com/opnsense/core/issues/5297
interfaces: VLAN spoofmac taints siblings and parent interface
Interfaces - parse flags in legacy_interfaces_details() and minor style cleanup, for https://github.com/opnsense/core/issues/5297
Firewall / Rules - fix parser to support "maximum" ranges. Currently it's possible to input values like "80-any", in which case the lower bound is ignored (only "any" sticks). Since it's technically not very problematic to support ranges where "any" means either upper or lower bound, we best make sure the values inserted are at least used. (as soon as it's a range, it can't be an alias anyway due to the colon)
interfaces: stristr() -> strstr()
Make is_linklocal properly detect all LL addresses (#5301)
dhcp: clarify code around is_linklocal() conditional
Interfaces Other Types - Dynamic Options (#5300)
regression in https://github.com/opnsense/core/commit/d6be0bfdb44186bdd14fdc2e621505d757db662c (Firewall / Aliases - add "virtual" properties to model representing the current pf table stats and represent these in the alias grid.)
monit: add polltime to service settings (#5244)
dhcpd: use nobind VIP option for ignoring ra subnets for #5247
system: relax pattern for translation pleasure
dhcp: syntax on previous
dhcp: support AdvRASrcAddress/AdvSourceLLAddress trickery
system: system log widget auto-refresh (#5220)
dhcp: do not advertise link-local VIPs
firmware: new test set
firewall: add .py suffix to Python script
util: fix typo
Syslog / API - fix stat search ignoring first character
ipsec: derive required route interfaces for dynamic changes #5263
Firewall / Diagnostics - more readable firewall statistics (replace diag_pf_info.php), closes https://github.com/opnsense/core/issues/5267
Firewall / Diagnostics, etxract revelant pfctl info for https://github.com/opnsense/core/issues/5267
system activity: show all threads and correct WCPU (#5277)
interfaces: style update in previous
Updated guess_interface_from_ip to more accurately identify the interface using the subnet with the largest mask in the route table. (#5281)
firmware: in case of fs integrity issues try not to break upgrades
interfaces: undo restricting lookups to configured interfaces only
IPSec - VTI, ignore tunnel devices if local or remote endpoint can't be found.
VPN / IPsec / Phase1 = add closeaction parameter, partly taken from https://github.com/opnsense/core/pull/5275 by @pmhausen
jquery.bootgrid.js: convert on append (#5269)
VPN / IPsec / Advanced settings - add charon.max_ikev1_exchanges option, closes https://github.com/opnsense/core/issues/5268
configd - static parameters ignored when no dynamic ones exist. closes https://github.com/opnsense/core/issues/5270
Services / Unbound DNS / Blocklist - add Abuse.ch ThreatFox list. closes https://github.com/opnsense/core/issues/5266
Services / DHCPvX - while looking at https://github.com/opnsense/core/issues/5264, noticed devices that moved across interfaces aren't treated accordingly as the code assumes a mac/duid is unique.
Services / DHCPvX - refactor dhcpd_staticmap() so it takes empty (descriptive) only leases and protocol family into account. closes https://github.com/opnsense/core/issues/5264
firmware: looks nicer this way
firmware: since opnsense-update is silent for scripting make some noise here
firewall - CARP defaults. our default has always been to allow carp unconditional, which currently doesn't seem to make sense changing. However the "block carp from self" rule was translated incorrectly when changing our plugin structure and doesn't seem to be that useful at all (anymore).
System / Trust / Authorities - flush certs when "Store intermediate" changes. closes https://github.com/opnsense/core/issues/5257
System / Trust / Authorities - do not flush intermediate certificates by default into the local trust store. as discussed in https://github.com/opnsense/core/issues/5257
Trust / Authorities - prevent expired certificates from being flushed to disk to avoid non valid paths being trusted. (ref https://github.com/opnsense/core/issues/5257)
interfaces: deprecate *up(v6) files, PPP is only user
src: minor syntax issues here
make: use slight modify for checking all potential files
contrib: add parallel-lint 1.3.1
firmware: forward alpha snapshot
interfaces: exclude "tentative" like "deprecated"
interfaces: support disabling bind to IP aliases; closes #5086
monit: add Link event to alert settings (#5242)
firmware: make uprade testing easier
firmware: shift away from old-style firmware-xxx files
configd_ctl.py: catch broken pipe on event handler (#5235)
Firewall/NAT/Port Forward - fix non sticky filter rule association, closes https://github.com/opnsense/core/issues/5234
Interfaces/Other Types/LAGG : add lagghash option, closes https://github.com/opnsense/core/issues/5208
openvpn: add tlsmode to copy fields #4592
diag_testport.php: set verbose (#5231)
Firewall - refactor getInterfaceGateway() to support extracting a dynamic property instead of the fixed address, refactor route-to behaviour to match reply-to and outbound nat. remove getInterfaceGateways() from firewall plugin as being unused now. closes https://github.com/opnsense/core/issues/5230
interfaces: on "dhcp6prefixonly" include tracking interfaces #5086
interfaces: add all sorts of stuff to interfaces_addresses() #5086
Firewall / Aliases - add "virtual" properties to model representing the current pf table stats and represent these in the alias grid.
Firewall / Aliases - minor bugfix in "filter diag table_size" (https://github.com/opnsense/core/commit/caf4439cf0853f704a17f19f33d5c2824e51743c)
Firewall / Rules - specify overload table on max new connections, closes https://github.com/opnsense/core/issues/5229
unbound: adjust help text since range domain is being used
Unbound+dhcp: fix template, enforce list when querying pools
firewall: add automatic outbound NAT logging option
Firewall / Aliases - extend "filter diag table_size" command to include details as well.
ipsec: add shared function to simplify ipsec code #5201
ipsec: meh
ipsec: add and use find_smallest_cidr6() variant #5201
src: replace __toString() calls with casts; closes #5225
router advertisements: remove AdvRDNSSLifetime / AdvDNSSLLifetime bounds; closes #4893
dhcp: try to guide when subnets are too small; closes #4762
unbound: never used this unbound cache flush spot
system: add xc0 entry video console entry if node exists; closes #4688
mvc: may be better to hide "nothing to do" messages
mvc: vim is doing strange things nowadays wanting tabs over spaces ;(
mvc: retain attributes in single values; closes #4633
ipsec: clear irrelevant upper bits in previous #5201
ipsec: rewrite netmask calculation #5201
util: remove unused get_ll_scope()
ipsec: inline only caller of this function
allow /30 for p2p
interfaces: fix two refactors and remove irrelevant XXX #4749
interfaces: find_interface_ip*() no longer in use #4749
interfaces: replace laster callers of find_interface_ipv6() #4749
interfaces: zap find_interface_ip() in two spots #4749
interfaces: improve naming #4749
interfaces: remove primary addresses on down #4749
interfaces: whitespace for code alignment
interfaces: change get_interface_ip() internals #4749
interfaces: remove find_interface_ipv6_ll() et al. #4749
system: fix "search" use in resolv.conf #5102
firewall: tweak wording in previous
firewall: fixup prio texts and enable relevant sysctl for FreeBSD 13
firewall: improve alias description/preview #5199
openvpn: do not create empty router file
interfaces: sync groups between possible create/destroy operations
interfaces: fix embedded rename in ifconfig scripting
Correct the melody database directory in manpage
firewall: remove unreachable and incorrect code
pkg: fix plist, license and parsing thereof
root: add lualoader brand and logo
Revert "Fix compare interfaces. (#5173)"
system: add product title to auth pages; closes #5196
System / Configuration / Backups - unescaped source field used for passwords. closes https://github.com/opnsense/core/issues/5197
firmware: add fingerprint for 22.1 testing
syslog - missing acl for target setup. ref https://forum.opnsense.org/index.php?topic=24605.msg117984#msg117984
openssh: don't brace, not needed #5182
firmware: masking vulnerability urls in FreeBSD due to UUID use
system: weirdness in port parsing that we don't use; closes #5182
interfaces: move two legacy functions to their only callers
IPsec, regression in https://github.com/opnsense/core/commit/7be00bc067c0ae570b07b77cf16a71fd3afeac13, $right_spec translated to $ph1ent['remote-gateway'] for non-mobile in earlier versions. closes https://github.com/opnsense/core/issues/5187
interfaces: function only used once
interfaces - index carp entries by vhid's in legacy_interfaces_details() to ease referencing items.
interfaces: two and a half cleanups
firmware: a major upgrade logically also expects a reboot.
Firewall / Aliases - don't try to fetch GeopIPAlias.zip from BE mirror when no license key is found
Remove duplicate. (#5178)
IPsec - VTI: regression in https://github.com/opnsense/core/commit/7be00bc067c0ae570b07b77cf16a71fd3afeac13 closes https://github.com/opnsense/core/pull/5179
Firewall / Alias - remove unused variable in volt template
Fix compare interfaces. (#5173)
Firewall / Aliases - less excessive logging for async dns resolve (https://github.com/opnsense/core/commit/76b8ae44908b861e41e886744f6f7cbda2ab91e4)
Firewall / Aliases - improve resolve performance by implementing async dns lookups. ref https://github.com/opnsense/core/issues/5117
OpenVPN validations - forgot to push a file for https://github.com/opnsense/core/commit/1b9e263195c82824f172038c7dd154863dfcdae0
console: bring interfaces up earlier, remove verbse text
make: fix plist check on FreeBSD 13
OpenVPN - simplify cidr validation in openvpn_validate_cidr() and remove trim() to avoid illegal addresses being flushed to disk. closes https://github.com/opnsense/core/issues/5168
Authentication / LDAP (+TOTP), for consistency reasons keep ldap_sync_create_local_users on static system_authservers.php page, we currently don't have an option to manage dependancies in automatic fields. ref https://github.com/opnsense/core/issues/5116
Authentication / LDAP (+TOTP), allow automatic user creation when configured. closes https://github.com/opnsense/core/issues/5116
Interfaces - uniform test if interface is already assigned somewhere using new is_interface_assigned() funciton in utils.inc, implement check in openvpn client/server while here. closes https://github.com/opnsense/core/issues/5163
firmware: simplify repo file flush
firmware: return ALTABI using -x #5144
make: add a product_altabi setting if we want to split abis #5144
make: patch in business version numbers for CORE_NEXT #5144
Allow DNS resolver to skip entry on EmptyLabel (#4560)
Interfaces - console setup. minor cleanups and fixes for https://github.com/opnsense/core/pull/4499
Add LAGG support to console (#4499)
interfaces: correct indent in dhclient configuration
DHCP: Update DNS with hostname only static entries (#4689)
Allow to specify port ranges for outgoing NAT. (#4748)
Translate widget Firewall Log. (#4965)
Traffic: Fix long comment preventing ipfw reload (#5023)
Adding additional memory cache options for squid webproxy (#5160)
interfaces: finally use -M now that we have a compat shim; closes #4850
system: accept a valid POST request please
system: change rss widget feed to forum annoucements
dhcp: another refactor fail
Interfaces / LAGG: improve configurability, closes https://github.com/opnsense/core/issues/5157
Framework: name and depends targets are no longer needed
dhcp: wrong file for IPv6
dhcp: lease removal needs a wrapper too
dhcp: unify lease parsing loosely related to #4985
IPsec: add "automatic" type to trust Strongswan's parser, see discussion in https://github.com/opnsense/core/issues/5155
IPsec: remove quoting remark in previous commit ( https://github.com/opnsense/core/issues/5155 )
IPsec: fix identity quoting for asn1dn and fqdn types. close://github.com/opnsense/core/issues/5155
lobby: typo
rulecache.py: skip empty metadata (#5148)
Aliases progress bar: small suggestions (#5149)
src: another typo
unbond: fix "terrible" typo
shell: when reloading reload all reachable via rc.freebsd too
firmware: now that we use TEE we should define it #5136
firmware: visibility issue on #5136
firmware: also check plugins for up to date core pkg #5136
openvpn: same same but different
OpenVPN - regression in https://github.com/opnsense/core/commit/dc6215633a73027a0cf7002fca6854c5fb7391ff adding "client-config-dir" when server directive isn't set on a /30 tunnel.
Interface / Diagnostics / Netstat - add tree search and improve layout a bit
firewall - make sure net.pf.request_maxcount and table-entries are always aligned, related to https://github.com/opnsense/core/issues/5127 as discussed with @fichtner
firmware: remove spurious grep
firmware: replace php with pkg version compare
firmware: backend now supports reinstall like opnsense-bootstrap -q
firmware: switch to FreeBSD where appropriate
Javavscript: update jQtree to 1.6.1
Dashboard / widgets - use ifinfo counters instead of pfctl in interface traffic widget. closes https://github.com/opnsense/core/issues/5137
unbound: automatically add do-not-query-localhost: no when needed
unbound: automatically add do-not-query-localhost: no on DoT when needed
unbound: reject invalid cache data
mvc: bring back bind_textdomain_codeset() removed in f3e2f8ea3e; closes #5071
unbound - dhcp watcher, support configurable domains per ip range, add required configuration file (configd template)
System / Trust - split between generic server use in cert_get_purpose() and id-kp-serverAuth according to rfc3280, for https://github.com/opnsense/core/issues/5128
firmware: sync plugins in console update; closes #5136
Firewall / Rules - state options only make sense when there's some sort of state. closes https://github.com/opnsense/core/issues/5133
unbound - dhcp watcher, support configurable domains per ip range, for https://github.com/opnsense/core/issues/5118
Revert "Firewall / Aliases - append most likely cause for pfctl error (Invalid argument isn't very explanatory by itself). closes https://github.com/opnsense/core/issues/5127"
Firewall / Aliases - append most likely cause for pfctl error (Invalid argument isn't very explanatory by itself). closes https://github.com/opnsense/core/issues/5127
unbound: support insecure-domain for #5104
openvpn: improve the cipher parsing
openvpn: untie server-ipv6 from server directive
openvpn: remove remnamts of tun-ipv6
ui: rewor the rework of the subnet selector; closes #5129
VPN / OpenVPN / Client Export - return empty list when /api/openvpn/export/accounts/ is called without parameters.
Interfaces / Diagnostics / Packet Capture - fix "PHP Warning: in_array() expects parameter 2 to be array, null given in /usr/local/www/diag_packet_capture.php on line 355"
Update AliasField.php to fix misspelling (#5122)
Interfaces / Diagnostics / Packet Capture - easy (de)select all interfaces button, saves some work when trying to figure out where traffic is leaving.
OpenVPN/Server - genkey format changed, leading to warnings. ref https://github.com/OpenVPN/openvpn/commit/0d80b562e48a243c36dba9f1f66c3da6e3b3eb98
firmware: changes for EoL of 21.1
firmware: final stepping stone
firewall: change "proto" to "protonum" to avoid ambiguity
firewall: update filterlog reader slightly
firewall: parse ridentifier as rid if != '0' #5016
mvc: give a little more context on default error; closes #5061
plugins: widen error scope loosely related to #5061
mvc: catch all errors (including syntax error and class not found)
system: allow cron-based restarts of all [restart] providers; closes #5030
firmware: mask subscription in GUI output
openvpn: check ipv4 tunnel prefix. v2 (#5114)
Firewall / Diagnostics / States, Sessions - fix some minor glitches.
wizard.inc: make working rules (#5112)
pkg: actually demote to warning
pkg: give CORE_ABI hint anyway, remove safety belt
Firewall / Diagnostics - time to kill legacy diag_system_pftop.php and replace it with "Sessions", which offers insights into the top sessions on the firewall related to rules and network segments.
unbound: minimal cleanups, closes #4327
unbound: shrink implementation of previous #4327
unbound: migrate to single model #4327
mvc: allow to unset attribute via setAttributeValue
unbound: add qname-minimisation-strict option #4327
unbound: more refactoring, less pages, blacklist -> blocklist
interfaces: if it looks like SLAAC get rid of it
unbound: integrade DoT grid; closes #5101
usermanager - ldap import, prevent excessive config writes.
usermanager - missing ldap import button (regression in https://github.com/opnsense/core/commit/18ad4dbbd3cb9e87505047e254131a454337e891) cc @fichtner
firmware: add version/date header here as well
system: do not split password into multiple pieces
shell: fix IPv4 /31 assignment
interfaces: deprecate SLAAC addresses on linkdown; closes #4929
unbound: add 'unbound check' target for advanced options #4327
interfaces: tiny cleanup
unbound: allow to retain cache; closes #2750
dhcp: check address family, not track address existence
unbound: remove custom configuration support #4327
unbound: fix /var MFS dilemma for DNSBL after boot; closes #4938
Enable group sync for LDAP servers, that do not return memberOf (#5082)
system: fix deprecated warning
rc: opnsense-beep melody database directory
system: isvalidpid() is not required for a single killbypid()
firewall: use permanent promiscuous mode for pflog0
make: shorten magic variable for common use with plugins
system: remove unused legacy log include
rc: annotate ip_change_kill_states situation
dhcpd: do not merge non-explicit suffix addresses #5078
firewall: remove kill_states et al; closes #5045
rc: bsdinstaller is no more
system: hide far gateway option for IPv6; closes #5066
system: prevent use of client certificates in web GUI; closes #3048
firmware: update message to reflect new GUI behaviour
configd: squelch Pyhton 3.8 warning
xmlrpc-sync: lock config writes during merge.
make: tiptoe around restriction when using dev tools such as "diff"
dhcp: last round of changes; closes #4642
dhcp: merge IPv6 static leases into dynamic ones #4642
firewall: possibility to filter nat/rdr action #5005
pkg: fix version number derivation and missing replacement
pkg: like plugins now try to error on missing replacements
firmware: fix comment on previous
firmware: comment on compexity avoidance in shell menu
firmware: add marker files, maybe message persistently now
Syslog: when using non circular logs, "Disable writing log files to the local disk" seems to be ignored. make sure syslog-ng-local.conf requires both non-circular and enabled logging.
firmware: revoke obsolete business and 20.7 community keys
firmware: add 21.7 fingerprint
Firewall / Diagnostics / States - move actions from diag_resetstate.php into a tab within the states view.
Services / Intrusion detection / Alerts - regression in https://github.com/opnsense/core/commit/644b647cf7b2685a8cd423f8eddc71f22240703f, ignoring filters and number of items to show
read_log.py: set label for obsolete rule in log (#5075)
ui: avoid line breaks from breaking JS
MVC - serialize model to xml: replace model in stead of delete/add, which should keep the diff between versions more stable.
IPsec - explicit type selection, closes https://github.com/opnsense/core/issues/4860
ui: routes diagnostics patched #4608
ui: bootgrid tooltip improvements and missing action button conversions; closes #4608
IPsec - obey general route-to/reply-to settings in automatic rules, closes https://github.com/opnsense/core/issues/4942
Captive portal: refactor bootgrid usage for template so our generic wrapper is used. The custom commands wheren't possible when we originally added the grid here.
ui: bootgrid tooltips v3 #4608
opnsense_bootgrid_plugin.js tabs vs spaces
captive portal: patch bootgrid tooltips where needed #4608
firewall: states icon tooltips #4608
ui: tooltips v2 #4608
ui: bootgrid tooltip translation part 1 #4608
firewall: fix typo
interfaces: back out this change until we have feedback #4929
firewall: move sync entries from core to pf, add live log templates; closes #5062
firewall: tweak menu entry names and category icon
firewall: UX improvements on states page
system: migrate NextCloud backup to plugins
LICENSE: sync after states summary drop
ditch diag_states_summary.php for 21.7, it's hardly used. We can always add an aggregated view in the states view in the future if there's enough demand
network time: cleanups and wording related to #2012
network time: introduce a client mode; closes #2012
system: vim has gotten really weird #4240
system: correctly trim for command line use #4240
Firewall: Diagnostics: States Dump - refactor to MVC.
system: whitespace in previous #4240
system: bump encryption standards; closes #4240
mvc: small update loosely related to #5061
pkg: fix plist and lint
shell: we cannot bootstrap an encrypted file; closes #4861
firewall: style sweep
interfaces: fix lint pass
Firewall - groups : delete related firewall rules when an interface group is removed. closes https://github.com/opnsense/core/issues/5035
Firewall - groups : rename source/destination networks, closes https://github.com/opnsense/core/issues/5056
Firewall - rules : add some missing curly braces in if statements (style) and prevent "allow options" from being set on non pass rules
IDS: "none" doesn't equal "", looks like a typo resulting in ignoring the original eve.json
interfaces: set tunnel flag for IPv4 tunnel plus cleanups #5052
interfaces: remove non-tunnel restriction from address collection
interfaces: flush IPv6 addresses on PPP interfaces #4929
interfaces: groundwork for #4929
interfaces: condense GIF/GRE parent interface restart #4576
pkg: default to 7.4 now
Revert "pkg: default to 7.4 now"
firmware: remove reloadMenu(); closes #4500
system: allow to edit entries with non-conforming names; closes #4643
firmware: add backend glue to support install probing of plugins #5037
firmware: confirmation on plugin removal #5037
interfaces: correctly handle GIF and GRE reconfigure; closes #4576
src: avoid htmlentities() if possible: closes #4012
mvc: rename actions for Phalcon 4 to find them
ui: remove $main_buttons; closes #4216
firewall: remote use of $main_buttons for #4216
Interfaces / Hardware settings - Overwite global settings, closes https://github.com/opnsense/core/issues/5050
captive portal: typo in volt template
firewall: remove $main_buttons use #4216
firewall: reduce diff
interfaces: remove $main_buttons use #4216
system: remove $main_buttons use #4216
firewall: close gap in diff between stable and master
Captiveportal - unable to drop session from the gui (case-sensitivity issue). closes https://github.com/opnsense/core/issues/4908
interfaces: repair move in VIP page #4216
ui: remove $main_button use #4216
ui: primary add buttons for #4216
firwall: cleanup
firewall: disable state killing on gateway failure by default
firewall: typo #4216
firewall/interfaces: changes for #4216
system: ui changes for #4216
ui: fixed width icons #4216
ui: change layout for #4216
Interfaces: Diagnostics: Packet Capture - disable legacy csrf output buffering when downloading file. for https://github.com/opnsense/core/pull/5042
Firewall / Diagnostics / States Dump : extend filter options for future rewrite of states view. (refactor limit, add offset and query on label/rule_id)
src: change (isset && is_array) to (!empty)
interfaces: move OpenVPN device creation up for #5040
rc: make REROUTE unconditional, might affect static setups too
system: raise memory limit to 1G
mvc: fix Phalcon 4 translations
firewall: spacing issue in help text
interfaces: fix typo; closes #5008 #5036
system: add new translation file
src: fix previous as it is already escaped
src: more cleanups on static pages
ipsec: clear unused classes
system: cleanup RSS widget
ui: improve subnet selectors in unound and ipsec
ui: unused "formfld"
interfaces: work harder to match ifconfig output #5008
ui: improve the subnet size selector
fw_log.volt: prevent controls overlap
firewall: fix typo in previous #4988
src: whitespace and style sweep
OpenVPN - Export: return "result" in stead of "status", fixes : Error at /usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php:397 - Undefined index: result (errno=8)
unbound: space works as domainsearchlist separator
Firewall / Diagnostics / States Dump : add verbose fields to states output, first step in refactoring the states dump.
firmware: push automatic flags to firmware for #5025
firmware: allow manual development override on business subscription
ui: change service restart icons to fa-repeat; closes #4972
IDPS: add yaml tag to custom.yaml.sample [2], closes https://github.com/opnsense/core/issues/5018
Firewall / NAT / Portforward - explicit default for Filter rule association , closes https://github.com/opnsense/core/issues/5019
DHCPv6 leases status: Display manufacturer info (#4527)
IDPS: add yaml tag to custom.yaml.sample
dhcp: lock access like menu decides to show entry; closes #4406
dhcp: style update
Diagnostics / DNS Lookup, small improvements (#4729)
Unbound: fix domain overrides for private address reverse lookup zones (#4663)
DHCPv6 leases status: Fix sorting (#4525)
DHCPv4 leases status: Fix sorting (#4524)
openvpn: update help texts in exporter; closes #4890
interfaces: system match only works with compressed IPv6; closes #4932
firewall: change live log group matcher to correctly flip logic #4988
pkg: PHP 7.4 does not have a separate hash module
firewall: let live log use the provided rule label instead of guessing it, closes https://github.com/opnsense/core/issues/5014
Firewall - aliases: move dynamic ipv6 handling (https://github.com/opnsense/core/issues/4923) to a separate branch.
github: extend templates
firmware: show update pending hint in system widget; closes #5013
Merge branch 'jdeluyck-fix-distinguished-name'
Trust - Distinguished name - Organisation validations, cleanup https://github.com/opnsense/core/pull/5010
System / Routes - delete previous route when changed. closes https://github.com/opnsense/core/issues/4621
interfaces: interface_configure() checks for enabled
github: offer link to open/closed tickets for search
webgui: make restart action usable in cron jobs, fixes #4956 (#4998)
dhcp: missing dot
shell: fix restore copy; closes #5011
fix check on dn_organisation
also fix dn_organization
Allow additional characters for 'Distinguished name Organisation"
Firewall - allow manual reply-to configuration
Firewall - live log : small Phalcon 4 regression (ref https://github.com/opnsense/core/issues/4012)
src: style and whitespace sweep
OpenVPN export: offer the ability to export a user without a certificate and increase consistency between export types.
shell: Clarify revert to HTTP for web GUI question (#4992)
webui / javascript - upgrade chart.js and chartjs-plugin-streaming to please dependabot. chart.js 2.9.4 seems to be the prefered version for stable chartjs-plugin-streaming 1.9.0, which does seem to deliver a functional combination. (we had some issues with newer versions earlier)
Firewall / alias - proper wildcard validation for https://github.com/opnsense/core/issues/4952 and make sure to obey ! when being provided.
Firewall/util: isSubnet() accepting invalid input like 0.0.255.0, found while looking at https://github.com/opnsense/core/issues/4952
lighttpd: set HSTS max-age to 1 year (#4976)
Firewall / alias - calculate wildcard netmasks for https://github.com/opnsense/core/issues/4952 in alias backed code.
src: whitespace and lint sweep
filter - automatic outbound nat rules missing IPsec mobile clients. closes https://github.com/opnsense/core/issues/4948
System / Settings / Logging - targets: TLS trasnport, fix previous for https://github.com/opnsense/core/issues/4937
System / Settings / Logging - targets: add TLS transport option
MVC - MenuSystem - order interfaces in groups, for https://github.com/opnsense/core/pull/4960
Edit Alias fix (#4964)
NPTv6: remove redundant binat rule
Firewall / Aliases - Dynamic Ipv6 fw rules handling
Dynamic Ipv6 fw rules handling
Merge branch 'FingerlessGlov3s-patch-1'
Rotate interface statistics widget
dhcpd4: support ignore-client-uids, Fixes opnsense#3673 (#4954)
Revert "IPSec: quote fqdn, keyid when selected, related to https://github.com/opnsense/core/issues/4860"
IPSec: quote fqdn, keyid when selected, related to https://github.com/opnsense/core/issues/4860
IPSec: prepend fqdn when selected, related to https://github.com/opnsense/core/issues/4860
IPsec - typo in auto generated rules. closes https://github.com/opnsense/core/issues/4920
OpenVPN wizard broken, seems like a regression from https://github.com/opnsense/core/commit/71d6d0adeb3d9b046114c12d0d2e2386caee3c36 closes https://github.com/opnsense/core/issues/4943
firmware: exclude /etc/csh.cshrc for #4936
Shell inactivity timeout (for [t]csh). closes https://github.com/opnsense/core/issues/4936
XMLRPC / HA sync - remove services from filter_configure_xmlrpc. closes https://github.com/opnsense/core/issues/4771
MVC: add uuid in ApiMutableModelControllerBase::validateAndSave() when a node is defined and has one. closes https://github.com/opnsense/core/issues/4904
add "keyingtries" to IPsec Phase1 config, closes https://github.com/opnsense/core/issues/4204
add policy based routing support for "dynamic gateway policy" type interfaces. closes https://github.com/opnsense/core/issues/4905
importer: -p was never documented
audit log: rename webgui to audit for https://github.com/opnsense/core/issues/4925
Add audit log target and move related syslog messages (https://github.com/opnsense/core/issues/4925)
installer: remove fluff
webgui: clarify help text for firewall rules traffic direction (#4848)
phalcon 4, missed another Syslog for https://github.com/opnsense/core/issues/4012
missed some small spots in https://github.com/opnsense/core/issues/4012
system: leave an audit comment
src: PHP error in Phalcon port
Phalcon 4 migration (#4921)
installer: ok, one more ;)
ipsec: fix php warning:
installer: avoid padding to make this look fresh
installer: remove old workaround
installer: no longer requires this
system: also pick up root user
rc: another zfs requirement for arm64
rc: attempt to create /tmp if it does not exist
installer: switch installer package
filter: nop bweteen prints
system: CORE_SERIES is more accurate than CORE_ABI
download_blacklists.py: match whole entry (#4915)
fw_log.volt: deffer url parsing (#4913)
firmware: simplify for previous #4906
firmware: if upstream package is missing complain; closes #4906
firmware: separate error for "forbidden" #4906
pkg: add series and nickname to metadata
Merge branch 'kulikov-a-lvtemplates'
Firewall / Log Files / Live - refactor https://github.com/opnsense/core/pull/4902 a bit
system: sort system_sysctl_get() output; closes #4907
rc: reverse list on stop action
firmwre: make this clearer
system: reorder settings to let tunables override all
unbound / blacklists: cleanse domain input. change regex in https://github.com/opnsense/core/issues/4898 per suggestion @kulikov-a
openvpn: remove OpenSSL engine support #4896
dialogTemplate.xml: dialog form
live view templates model
live view templates gui controller
LvtemplatesController.php: live view templates
fw_log.volt: add filter templates
system: remove /dev/crypto GUI support #4896
unbound / blacklists: cleanse domain input. closes https://github.com/opnsense/core/issues/4898
NPTv6 configuration clean-up (#4894)
make: also whitespace issue
system: whitespace on previous
Allow CPU temp display in Farenheit (#4098)
firmware: same here
firmware: small issue with model migration
ui: same on bootgrid for discussion #4216
ui: small change for #4216
ui: POC for #4216
interfaces: return scoped link-local
pkg: verbatim match on business tag
ui: autocomplete is annoying in the quick navigation
Fix missing ')' (#4884)
Authentication - return errors when asked, fix regression in https://github.com/opnsense/core/pull/4784
System / Routes / Configuration - for dynamic gateways retour inet|inet6. closes https://github.com/opnsense/core/issues/4880
Firmware - minor bugfix to map Subscription on page load and add initial migration so BE users stick to their version.
system: adhere to naming conventions
dhcp: on the GUI pages avoid the use of dhcpd_dhcp_configure()
firmware: need to stop backend from going into background mode
firmware: rework previous, status action on POST is sync
firmware: add sync parameter to check action
ipsec: remove spacing
Firewall / improve loopack visibility as suggested in https://github.com/opnsense/core/pull/4868
Merge branch 'kulikov-a-log.widget'
Firewall / Log Files / Live view - refactor https://github.com/opnsense/core/pull/4825 a bit to support a bit wider lexical syntax.
Firewall / Nat - portforward - sticky filter-rule-association settting for none/pass on copied items. closes https://github.com/opnsense/core/issues/4872
pkg: pin development version to suricata 6
make: add rebase target for stable branch
make: when mfc aborts clear it and switch back
Services: WebGui, restart delayed to prevent session discconnect. (https://github.com/opnsense/core/issues/4834)
XML-RPC (HA-Sync) - add missing configuration sections. closes https://github.com/opnsense/core/issues/4834
Service control: while working on https://github.com/opnsense/core/issues/4834 noticed that it's currently not possible to prevent "stop" actions from being displayed when fetrching the service stattus. Although the best option would probably be to enforce services from being specific on how they want to be stopped, currently there seem to be quite some services omitting a "stop" command.
firewall: resolve IPs in kernel for force gw rule
Reporting / Traffic (+dashboard widget): missed a spot in https://github.com/opnsense/core/pull/4857
Reporting / Traffic (+dashboard widget): 24H format alternative (#4857)
Services / DHCPv4: with the removal of a validation for static entries in https://github.com/opnsense/core/pull/4447 forgot to check the dhcp settings page for additional ones. closes https://github.com/opnsense/core/issues/4855
Reporting / Traffic (+dashboard widget): format 24hour timestamps, closes https://github.com/opnsense/core/issues/4852
IPSec: prepend keyid: to enforce type on rightid|leftid, ref https://forum.opnsense.org/index.php?topic=22197
system: USB serial may not work with onifconsole #4849
system: whitespace sweep and plist fix
opnsense_legacy.js: toString before split (#4846)
webgui.inc: fix syntax error (#4845)
webgui: lighttpd include directory for configuration (#4837)
Services / DHCPv4 - static entries: add "none" option to gateway setting. Although I really don't like how "none" is a valid option, it will be more consistent with the overal experience. closes https://github.com/opnsense/core/issues/4843
IPSec: add legacy validation to prevent saving of route-based tunnels with "install policy" set, since it will drop all traffic unintended
firmware/health.sh: refine missing/invalid signature message (#4840)
System/Diagnostics/Activity: "C" missing on a single core cpu, add default for https://github.com/opnsense/core/pull/4835 (take 2)
System/Diagnostics/Activity: "C" missing on a single core cpu, add default for https://github.com/opnsense/core/pull/4835
Generic log handling: ignore garbled data in log lines, closes https://github.com/opnsense/core/issues/4830
fw_log.volt: get filters from url
log.widget.php: add bs.popover and live view link
FF consistency
log.widget.php: allow mutliple select
firewall: whitespace fix
dnsbl: Prefer domain list over host file format (#4767)
Merge branch 'gwjo-dns-ptr'
minor fix for https://github.com/opnsense/core/pull/4763, mutable default argument (https://docs.python-guide.org/writing/gotchas/#mutable-default-arguments)
pfTables: sort before slice (#4699)
MVC / UI: minor cleanups for https://github.com/opnsense/core/pull/4797
don't break IE11
close span
cleanup
double a
Update opnsense_ui.js
opnsense_ui.js: add copy\paste
form_input_tr.volt: add copy\paste
alias.volt: add copy\paste
opnsense_ui.js: add copy
form_input_tr.volt: add copy link
alias.volt: add copy link
OpenVPN: remove checks for NTP servers 3 and 4. (#4811)
default.volt: let it work in IE11 (#4807)
firmware: zap changelog remove description (#4803)
firmware: support IE11 (it ain't over till it's over)
firewall: categories improvements (#4790)
LDAP.php: one more error handler (#4793)
traffic_graphs.widget: start when widgets is visible (#4801)
system: another html_safe here for good measure #4795
system: small tweaks for #4795
Netflow aggregator: skip invalid record, another one for https://github.com/opnsense/core/issues/4796
Netflow aggregator: skip invalid record, closes https://github.com/opnsense/core/issues/4796
Bugfix dashboard widget headers, partly revert and explain https://github.com/opnsense/core/commit/f67e242eaabb6db3ed98195586221bd0b054a0f0. closes https://github.com/opnsense/core/issues/4795
interafces: $realif is required #4792
HA Sync (xmlrpc) copy paste issue in https://github.com/opnsense/core/commit/25959a45a918000c36d092403ac3e3c223c4671a , leading to wrong caption.
Services / Intrusion detection: add new Abuse.ch feed ThreatFox to detect indicators of compromise
Use HTTPS everywhere (mechanical edit using util from https-everywhere) (#4534)
index.php: strip scripts from widgets before move (#4752)
firmware: small issue with lost init of pipe #4500
System / Routes / Status: remove entries directly connected to an interface, rework last commit for https://github.com/opnsense/core/issues/4721
System / Routes / Status: remove entries directly connected to an interface for https://github.com/opnsense/core/issues/4721
Alias.php: typo? (#4786)
Auth/LDAP: minor tweak for https://github.com/opnsense/core/pull/4784, only log message when there is one.
LDAP minor fixes (#4784)
HA Sync: unify sync sections and remove legacy blocks from system_hasync.php
Firewall / Shaper: the current number of allowed source / destination addresses is limited to a couple of addresses. in order to match larger lists one need to use tables in order for ipfw to process them.
firewall_rules.php: Icon color after toggle fix (#4773)
interfaces: newwanip, clear states when address changes. for https://github.com/opnsense/core/pull/4726
IPSec / roadwarriors: do not pin reqid's in case of mobile connections to avoid traffic being forwarded to the wrong end. closes https://github.com/opnsense/core/issues/4757
system: better logic for -h and -D #4231
interfaces: immediately enable SLAAC during IPv6 initiation
interfaces: make this easier to read
MVC: align layouts of select_multiple and dropdown types
HA Sync: extend rc.filter_synchronize with capabilities to reconfigure the backup node (template flush + service reload) for https://github.com/opnsense/core/issues/4604 to offer the ability to schedule a new configd action "system ha_reconfigure_backup":
Merge branch 'kulikov-a-kulikov-copy-paste'
Use lists when building RR records
unbound: Fix PTR records for DHCP endpoints
system_certmanager: take extensions out of a DN (#4761)
rulecache.py: make manual rule status boolean (#4758)
Service / Intrusion Detection / Policies: type error in 'enabled' field (bool vs str), closes https://github.com/opnsense/core/issues/4753
interfaces: also needs #4576
interfaces: experiment for #4576
interfaces: looks like a typo
firmware: emit api version string, second major iteration already #4500
dhcpd: unify loop, improve leases page #4642
Netflow: prevent crash when attributes missing, closes https://github.com/opnsense/core/issues/4751
dhcp: remove interface key #4642
www: fix $$ weirdness loosely related to typo in #4702
interfaces: better primary address detection; closes #4702
Lobby / Dashboard / Traffic Graph: prevent duplicate traffic pollers mangling with the graphs.
Correct help text for Range (#4738)
dhcpd: move staticmap preparation to parent #4642
Reporting / Traffic: change api output to combined in/out per row and change user interface to handle new format. closes https://github.com/opnsense/core/issues/4724
User management: performance enhancement for local_sync_accounts() should improve boot time when a lot of users are involved, also improves xmlrpc sync and some other actions calling a sync.
firmware: that wasn't complete but now it is #4718
Services / DHCPv4 / Relay : fix non-existing array
Unbound: Fix bad dereference when DHCP lease expires (#4742)
firmware: use launcher trick for these as well; closes #4718
firmware: changelogs are pulled from check scripts
dnsmasq|unbound: align the code, also fix Dnsmasq #4642
interfaces: drop return introduced in 31282787df
unbound: speed up and safeguards for #4642
system: this looks better although not problematic
Correct the omission of the prefix when a dynamic interface v6 dhcpdv6 address is set as a static entry. The result is that only the suffix /64 gets added to the unbound host entries. This patch should sort that so a full address is created for unbound. use existing call
Correct dhcp6c.conf issue on pppoe link down Moved v6 reconfigure to before v4.
system: adapt lighttpd ssl.privkey approach #4728
Reporting / Traffic: aggregate iftop results for https://github.com/opnsense/core/issues/4724
Unbound: Handle DHCP client expiring and returning (#4727)
Interfaces / Diagnostics / arp,ndp table: slow manufacturer lookups, likely after upgrading netaddr to 0.8.0. for https://github.com/opnsense/core/issues/4666
Netflow: prevent crash when interface number is missing. for https://github.com/opnsense/plugins/issues/2241
firwarme: abstract LOCKFILE away
firmware: hide LOCKFILE behind small read script
firmware: get rid of old naming convention; closes #4718
firmware: single spot for update/upgrade code #4718
firmware: moving ahead with opnsense-update change for 21.1.2
System / Routes / Status: missing inet in route delete. closes https://github.com/opnsense/core/issues/4721
openpn: break in default case
firmware: remove frontend magic and implement validation #4500
Interfaces / Overview: handle disabled interfaces. closes https://github.com/opnsense/core/issues/4719
firmware: settings validation messages to GUI #4500
firmware: for core that works, for crypto it does not
system: visibility for problematic LUA scripts #4717
firmware: small refactor for neatness
VPN / IPsec: calculatation error in https://github.com/opnsense/core/commit/8b62109a612a256c522344e0c978acdb6fefab2c , start at 31,127 to make sure both points can actually reach eachother. for https://github.com/opnsense/core/issues/4700
fw_log.volt: show with 'or' and empty filter (#4716)
openvpn: better translations leaving command line args out of it
Make StartTLS work when retrieving LDAP authentication containers. (#4713)
VPN / IPSec: calculate netmask for provided tunnel addresses when using VTI.
firmware: fix action label
firmware: flush line for new package
firmware: use cannonical -p and -t update
firmware: no, not going to fix this mess #4500
firmware: lock pkg when not upgrading it
firmware: add crypto package to health check #4500
firmware: correct timestamp to reflect date(1) output
firmware: put back this one fa-cog that got greedy-replaced
firmware: important indent fix
firmwware: slight code updates for check #4500
firmware: third and last batch #4500
firmware: second batch in check script #4500
firmware: settle on 4 spaces for indent, first batch, minor removals #4500
firmware: strict install policy using php version_compare() #4500
firmware: pin critical updates to our repo #4500
firmware: simplify frontend #4500
firmware: note in update log about the purpose #4500
firmware: UX and display tweaks
firmware: when config.xml looks like a factory reset register plugins/release #4500
firmware: fix a typo and improve wording #4500
firmware: merge updates and release type result parsing #4500
firmware: remove a bit of side effects from JS #4500
IXR_Library: do not trim xml values, there's no reason for. closes https://github.com/opnsense/core/pull/4707
firmware: UX and JS changes #4500
Usermanager: export api keys reload issue on Safari. closes https://github.com/opnsense/core/issues/4706
firmware: upgrade sets into updatelist #4500
firmware: remove "Messages" , show modal instead
firmware: delay this a bit more, status call takes some time #4500
firmware: add upgrade sets to status if found and required #4500
firmware: switch column for updates view #4500
firmware: firmware-* files private to check.sh #4500
firmware: simplify upgrade procedure #4500
firmware: switch to new update procedure #4500
firmware: remove compat code from plugin register script #4500
IPSec: fix minor validation issue, Phase2 Local/Remote network check does't apply on VTI interfaces.
firmware: vim used to be more clever
firmware: small design improvement and release type shift warning #4500
firmware: go back to fa-spinner fa-pulse in the tab labels #4500
firmware: assorted changes for #4500
Services / Web proxy - possible ownership issue on template directory.
interfaces: these look unused
firmware: for check also figure out release type shift #4500
firmware: bubble this down, more to come #4500
firmware: remove type.install, bring code closer together #4500
firmware: get rid of firmware type name #4500
OpenVPN: Enhance configuration - Compression (#4590)
firmware: correct install time and loop check_package #4500
firmware: product call returns type already #4500
firmware: remove PIPEFILE #4500
firmware: avoid PIPEFILE if not needed #4500
firmware: no more PIPEFILE in security audit #4500
firmware: extent connectivity script, add to shell #4500
firmware: bugs and tweaks #4500
firmware: support repository info for updates #4500
firmware: for now also add a loading indicator to status tab
firmware: improve search UX #4500
firmware: remove cruft, show log during check #4500
firmware: background the update check, funnel it back to GUI #4500
System / Access / Tester : convert line end to
characters, it's not very obvious that an attribute like memberof uses "\n" between entries.
firmware: provide check data to caller for upcoming refactor #4500
firmware: remove debug output
system: retain index after sort; closes #4697
firmware: add search for plugins and packages #4500
Firewall / Aliases - all doesn't return all, but more like all -1.
firmware: report enabled repositories #4500
IDS policies not mnatching categories. since categories isn't a metadata field, our parser seems to miss the field content. In this case it should be safe to assume if a metadata field isn't found we can look in the rule properties if it's there. there likely aren't overlapping properties in this case. closes https://github.com/opnsense/core/issues/4695
firmware: check status instead of using fail #4500
firmware: warn on incomplete repository, change release type priority #4500
Sidebar - fix for too long a-link list (#4684)
firmware: add a functional stub for connectivity audit #4500
firmware: business changelogs from separate mirror #4500
firmware: support business type, production changes to community for clarity #4500
radvd: remove ::/0 route (#4692)
System / Trust / Certificates : fix "PHP Warning: count(): Parameter must be an array or an object t..." closes https://github.com/opnsense/core/issues/4690
IDS: prevent flowbits:noalert from being dropped. closes https://github.com/opnsense/core/issues/4687
make: with strict tag rules it is possible to bail on missing tags
firmware: do not look up N/A changelog #4500
firmware: tweak UX for #4500
pkg: expand this logic to figure out non-devel type numbers
system: disable clog by default
Captive portal - refactor bootgrid usage in sessions, for https://github.com/opnsense/core/issues/4683
pkg: reduce diff against former code
Diagnostics - refactor bootgrid usage . for https://github.com/opnsense/core/issues/4683
pkg: compute CORE_NEXT to do automated tag matching
pkg: exclude 21.7 tags from 20.7
System/Diagnostics/Activity: simlpify logic
System/Diagnostics/Activity: use bootgrid's api to write rows instead of build the table, closes https://github.com/opnsense/core/issues/4681
rc: whitespace in previous
reporting: adjust copyright header style while changes are in flight
rc: let opnsense-version -c check package file existence
firmware: reload menu when ***DONE***
firmware: opnsense-version will do the trick
firmware: UX rework done now #4500
firmware: deal with plugin to config syncs
intrusion detection: style sweep
firmware: update status when we save the settings
firmware: do not show subscription key on firmware status page #4500
firmware: second batch, workable state #4500
Revert "pkg: defer pkg check so that we get a package anyway on `make upgrade'"
firmware: rework normal updates, part 1 of possibly 2 #4500
pkg: defer pkg check so that we get a package anyway on `make upgrade'
IDPS: make sure rule overwrites use unique config sections. closes https://github.com/opnsense/core/issues/4667
firmware: add information page #4500
IDPS: action and status filter where excluded. closes https://github.com/opnsense/core/issues/4665
firmware: reroot is buggy, revert and rename while at it
interfaces: looks nicer on page
IDPS: cleanup up rule based additions prevent collisions with the new policies. closes https://github.com/opnsense/core/issues/4658
firmware: revoke old business key
interfaces: finally fix IPv6 misalignment in get_interfaces_info()
ui: patch up replaceAll; closes #4654
firmware: condense previous
rc: add tiny manual page for opnsense-beep
firmware: more annotations
dashboard: fix firewall log widget; closes #4648
Firewall / categories: fix missing POST arrays, closes https://github.com/opnsense/core/issues/4655
rc: add two more beep variants
rc: refactor, add missing copyright header, rename
Fix sidebar menu collapse (#4657)
Firewall / traffic shaper: change order of delay parameter to prevent parse errors, closes https://github.com/opnsense/core/issues/4650
interfaces: unhide primary IPv6 #4651
firmware: update text and make notes for later #4500
firewall / categories: minor regression, when returning fromt POST type isn't guaranteed.
Auth: minor bug, sending an empty log line after "...authenticated successfully..."
replace traffic graphs widget for chart.js variant including interface selection (under the edit button).
boot: switch logo version for dev track
pkg: reorder for better diff
firmware: remove upgrade prompt
pkg: move default ABI to 21.1, retain 20.7 compat for now
Captive portal, validate if ipaddr exists when writing the template out, could be https://forum.opnsense.org/index.php?topic=21142.msg98852#msg98852. Although there is something misconfigured when ipaddr doesn't exist, I'm also not sure validation will always be perfect in this case.
firmware: fix fetch of changelogs on dvd images
github: add alternatives/workarounds to template
make: mfc target may not exist, it's ok
system: make a note that comconsole_port probably works just as well
system: sort tunables, noticed while fidding with hw.uart.console
Update Unbound Documentation URL (#4641)
system: omit console hint in existing setups
system: set hw.uart.console appropriately
Monit: minor bugfixes and UI changes (#4636)
Fix Icon Toggle for Block & Reject (#4640)
firmware: further prep for 21.1
fix issue #4025: 6rd with single /64 prefix (#4635)
firmware: prep for 21.1
typo as mentioned by @8181 (https://github.com/opnsense/core/issues/4587#issuecomment-766754167)
Filter: Categories: Fixed spelling issues (#4634)
Revert "mvc: do not migrate unversioned empty model data"
Format packet count with toLocaleString (#4600)
src: style and whitespace updates
interfaces: stf interface name comes from config, not system
Diagnostics->pfTables: display zeros, sort columns (#4579)
Firewall / Categories: initial migration. closes https://github.com/opnsense/core/issues/4587
pkg: better fix, /usr/sbin/pkg is used always :/
Reporting / Traffic: cleanup deselected interface rows. from @kulikov-a https://github.com/opnsense/core/pull/4625
pkg: fix previous
pkg: ignore non-bootstrap situation
interfaces: pick proper route for stf tunnels
Services: Unbound DNS: allow /0, closes https://github.com/opnsense/core/issues/4627
interfaces.inc: Improve guess_interface_from_ip() (#4523)
Added toggle function and associated code for enable/disable RDNSS in dhcpv6 Moved Configuration to RADVD interface
API: add some logging when content-type looks suspicious
dpinger: empty() forgives a faulty look-ahead, save two checks this way
API: be less sensitive about Content-Type, to prevent empty payloads when variations like "application/json; charset=utf-8" are used.
interfaces: a bit for #4622
Reporting / Traffic: prevent calling top when no interfaces are selected. taken from https://forum.opnsense.org/index.php?topic=20700.msg97999#msg97999
interfaces: fix typo, visual clutter in overview and add deprecated tag
dpinger: address is an array, expand after check
interfaces: treat deprecated addresses as non-primary
dhcp: deprecate prefixes in radvd, new try on 2.19
Firewall / NAT: support category filters : add color selection and display for https://github.com/opnsense/core/issues/4587
add pick-a-color from https://github.com/lauren/pick-a-color for https://github.com/opnsense/core/issues/4587
Firewall / NAT: support category filters (https://github.com/opnsense/core/issues/4587)
netbios options prettify (#4612)
Network insight: store hostname into it's own field on reverse lookup so we don't loose the original address. Pass the address to the detail view on click. closes https://github.com/opnsense/core/issues/4609
firmware: allow to run audits from firmware upgrade console option #4500
firmware: oops, to bring stderr into pipe move redirect here #4500
console: ignore first backup, same as current
firmware: support console-based audit output
firmware: only reroot on base upgrade #4500
firmware: do not allow plugin install if remote repo version differs #4500
firmware: introduce non-core JSON metadata handling #4500
Firewall: add model for categories. work in progress for https://github.com/opnsense/core/issues/4587
download_blacklists.py: fix broken lines in large files (#4606)
Firewall: add categories to nat/portforward page. for https://github.com/opnsense/core/issues/4587
MVC: base model, change LOG_LOCAL4 to LOG_LOCAL2, LOG_LOCAL4 ends up in portal auth, when using LOG_LOCAL2 it should end up by default in the systemlog.
opnsense_ui.js whitespace
mvc: do not migrate unversioned empty model data
Tokenize2: fix escaping, since the components uses selectors to find values, we need $.escapeSelector() to escape these properly. If this works without issues on our end, we might consider upstreaming later.
system: first backup is same as current, remove from list
dhcp: small code style update in leases page
Hopeful fix for #4423 - Incorrect parsing of DUID in dhcpd6.leases.
MVC model parsing: it seems that https://github.com/opnsense/core/commit/1e092de4956f1c594ee7175a87d9d7a82b5dcc3c was a bit too optimistic, checking for empty(string()) only works when the content was pretty printed. When flushing the current config, data isn't formatted and there's not access spacing involved. The proper fix seems to be to always parse the array and if it didn't find any non empty nodes add a template node. closes https://github.com/opnsense/core/issues/4598
firmware: deal with *.pkgsave, offload post install bits to rc.syshook
captive portal: disable faulty TLS on HTTP since lighttpd 1.4.56
upgrade Tokenize2 to v1.3.3
opendns: whitespace issue
opendns: add standalone mode; closes #3857
system: reconfigure routes on bootup, may help #3414
system: fix tab use in previous
system: update message of the day, mailing lists are going away
unbound: generate all files, make sure we say "apply" on apply: closes #4536
dhcp: use same logic as menu figuring out if dhcpv6 is reachable; closes #4406
firmware: disable autoscroll if client position differs; closes #4545
firmware; show repository in overview; closes #4578
pkg: "development release", not package
MVC: add locking in JsonKeyValueStoreField type.
firmware: allow soon-to-be 21.1-RC1 update
make: too early, fix git checkout emulation
pkg: wrong PHP default since a while
make: more git magic
Firewall ACLs: Add readonly actions to "Aliases" permission (#4588)
system: should be the case via 993c9e545fb5
pftop: fix all state value (#4584)
firmware: print core package name, database checkup first or return
UI: move sidebar stage from session to local storage to persist between tabs, closes https://github.com/opnsense/core/issues/4580
WebGui-Auth: move authentication to unified service implementation. closes https://github.com/opnsense/core/issues/4505
diag_authentication.php : stylesweep
legacy: ditch is_validaliasname() for good. closes https://github.com/opnsense/core/issues/4470
firewall: live log - add "host" and "port" filters. closes https://github.com/opnsense/core/issues/4365
firewall: live log - sort interfaces in log_filters endpoint. closes https://github.com/opnsense/core/pull/4402
firewall: live log - remove dup dst (from https://github.com/opnsense/core/pull/4402)
firewall: live log - pull in "!" filters from https://github.com/opnsense/core/pull/4402
UI: tooltip service widgets, closes https://github.com/opnsense/core/issues/4188
console: makes more sense #4572
console: more questions, more recovery #4572
openssh: honour MAX_LISTEN_SOCKS; closes #4403
make: on a fresh clone ensure the stable branch exists
IDPS: revert content part of 09f74fe1ce7b4805c1bb8354e5d0c5b98955497b until ETPro telemetry ships new content.
firewall_rules.php: cleanup
dhcp: style sweep
filter / automatic IPv6 rules, add RFC4890 as suggested by @shonjir for https://github.com/opnsense/core/issues/4565
filter: category selector missing caption
Correct DHCPv6 Custom Options Unsigned Integer field (#4573)
firmware: pretty sure parsing REMOVED was working in pkg 1.12
captive portal: no longer needed
system: ok, extra mile on previous
system: unify code to extract issuer/subject
system: TLS compatibility in custom cipher option for now
filter/aliases: minor regression in maintaining target alias file (/var/db/aliastables/%s.txt). when it's either changed, expired or simply not there, it should dump the contents before loading it with pfctl
system: pick up recommendations from #4533
system: generate a better self-signed certificate
github: more issue template foo
github: improve bug report template a bit more
src: small style update
license: sync
firmware: add fingerprint for 21.1
system: allow self-signed renew for web GUI; closes #4567
system: adjust lifetime to new recommendation
openvpn: adjust lifetime to new recommendation
github: adjust templates used
firewall: add type 128 to outgoing IPv6 essentials #4565
interfaces: l2tp/pptp cleanup; closes #2707
openvpn: fix typo in wizard redirect
filter: refactor filter_rules_legacy while fixing antispoof issues on bridge interfaces. closes https://github.com/opnsense/core/issues/4564
Nextcloud backup: allow subdir (#4077)
firmware: proper path to pkg-static
firewall rules, type in for for https://github.com/opnsense/core/issues/4493 closes https://github.com/opnsense/core/issues/4562
firmware: emulate -s for core package
Firewall / live log - add manual refresh button. closes https://github.com/opnsense/core/issues/4550
Reporting / traffic: bugfixes and improvements to "top talkers" tab. while here add cumulative numbers, although the numbers will never be very accurate, it's not worse than it was when using rate in the previous version.
Reporting / traffic: add "top talkers" tab which shows the current (and max) bandwith usage per ip address sorted by total (in+out).
QueryFilter.php: allow underscore in filter string (#4548)
DHCPDv4: hostname validation should include domain, missed interface domain. ref https://github.com/opnsense/core/issues/4544
DHCPDv4: hostname validation should include domain. closes https://github.com/opnsense/core/issues/4544
Firewall:aliases - incorrect validation message for network type, addresses and hostnames are not allowed, only networks.
src: more EOD/EOF usage with missing newline
xmlrpc: when debug output is enabled, show number of bytes received.
DNSmasq: use domain override for static hosts, closes https://github.com/opnsense/core/pull/4539
HAsync(xmlrpc) : cleanup rc.filter_synchronize and expose "debug" parameter to output exchanged data.
Reporting/Traffic: safeguard localstorage for https://github.com/opnsense/core/issues/4512
xmlrpc: err, what, send EOL for #4533
Reporting/Traffic: persist interface selection using localStorage. closes https://github.com/opnsense/core/issues/4512
system: lighttpd mod_compress -> mod_deflate migration
system: tell lighttpd >= 1.4.56 to disable TLS on HTTP
MVC:Config make sure isArraySequential() is only true on array input (move previous check). closes https://github.com/opnsense/core/issues/4530
firmware: add version output to audit logs; closes #4375
Revert "pkg: inject markupsafe dependency, hopefully pkg isn't stupid"
pkg: inject markupsafe dependency, hopefully pkg isn't stupid
gateways: dpinger. ignore disabled gateways in monitor services.
Display remote host in IPsec Status Overview (#4234)
gateways: dpinger. choose a better bind candidate for IPv4.
interfaces: non functional (minor) style fix
Merge branch 'marjohn56-Add-port-to-filter-log-widget'
widgets: spacing for https://github.com/opnsense/core/pull/4108
Merge branch 'Add-port-to-filter-log-widget' of https://github.com/marjohn56/core into marjohn56-Add-port-to-filter-log-widget
firmware: -d will for install, but we just want to check
ACL: minor fix for performance improvement in https://github.com/opnsense/core/issues/4508, when groups contain non existing users we should discard the uid found,
Fix DUID - LL description in Settings | Interfaces (#4521)
firmware: fix some issues with missing repository on server
ACL: performance improvement loading user and group rights.
Proxy: lock download to prevent duplicate execution. closes https://github.com/opnsense/plugins/issues/2142
Unbound: dnsbl not reloading after update. for https://github.com/opnsense/core/issues/4518
DHCPv6: Fix sorting of IPv6 static mappings (#4513)
widgets: traffic graph, link issue. closes https://github.com/opnsense/core/issues/4511
Auth: move ldap case insensitive search to ldap connector instead of using it only in the totp variant. for https://github.com/opnsense/core/issues/4451
fix crashreport, when syslog section is unset for some reason, save can trigger warnings like "PHP Warning: Illegal string offset 'disable_clog' in /usr/local/www/diag_logs_settings.php on line 92"
IDPS: minor fixes and improvements for new policy feature (https://github.com/opnsense/core/issues/4445).
Auth: webui session usernames and case sensitivity. for https://github.com/opnsense/core/issues/4451
DHCPv4: Removed the need for a static IP being outside of the pool (#4447)
system: unify CPU labels; stray span tag
Routing-gateways: select current IPv6 field in getInterfaceGateway(), closes https://github.com/opnsense/core/issues/4494
Firewall: minor validation issue (ipv6-icmp inet), closes https://github.com/opnsense/core/issues/4493
NAT in IPsec with multiple Phase2 (#4492)
Merge branch 'cloudfence-opnsense_block_outside_dns'
OpenVPN server: hide "openvpn_add_dhcpopts" fields when not parsed via the backend. while pulling in https://github.com/opnsense/core/pull/4475
DHCP: Add min-secs option for each subnet (#4486)
interfaces: when interface mss is set, split mss calculation into a variant for IPv4 and one for IPV6. fixes incorrect header size for IPv6 (60 instead of 40 bytes). closes https://github.com/opnsense/core/issues/4484
Update services_dhcpv6.php (#4489)
Logging: add "step into" icon on log lines. Since we always read the complete file, we can know the actual row number of a search result.
Web proxy: throw startup error to user to ease support. closes https://github.com/opnsense/core/issues/4483
SysInfo widget: add current CPU load progress-bar
system: fix PHP warning #4474
User management: add button to request a new TOTP seed on system_usermanager_passwordmg.php for https://github.com/opnsense/core/issues/4474
system: whitespaces :D
whitespace
whitespace system_advanced_admin.php
User management: add user OTP seed option in System->Settings->Administration. for https://github.com/opnsense/core/issues/4474
IDPS: bug in policy parser preventing ruleset filter to function. for https://github.com/opnsense/core/issues/4445
IDPS: deprecate filter option on file downloads in favour of new policy option. migrates exsting filters to policies while there. for https://github.com/opnsense/core/issues/4445
Firewall: live-log, allow larger selection. closes https://github.com/opnsense/core/issues/4476
Merge branch 'kulikov-a-patch-4'
ref. issue #4422 - added block-outside-dns
src: fix a couple of copyright header misalignments
IPsec-VTI: allow mixed v4/v6. experiment for https://github.com/opnsense/core/issues/4472
System/gateways: there's no reason to enforce alias names in gateways. closes https://github.com/opnsense/core/issues/4470
Add GSuite and Youtube filtering in proxy (#4425)
Proxy: add missing X-Forwarded-For header option, closes https://github.com/opnsense/core/issues/4467
system/logging: simplify log format parsing
system: syslog-ng again; fix this the hard way
Revert "system: remove syslog-ng @version hint"
Revert "system: break this, FreeBSD on the move already"
Change dpinger syslog message to reflect correct RTT and RTTd unit (#4456)
Auth: support case insensitive username matching on LDAP+TOTP. closes https://github.com/opnsense/core/issues/4451
system: break this, FreeBSD on the move already
IDS: work in progress policy editor for https://github.com/opnsense/core/issues/4445
system: remove syslog-ng @version hint
IDS: bugfix previous for for https://github.com/opnsense/core/issues/4445
IDS - work in progress policy editor for https://github.com/opnsense/core/issues/4445
MVC - core: add VirtualIPField including unit tests for https://github.com/opnsense/plugins/issues/2091
IDPS: work in progress policy editor for https://github.com/opnsense/core/issues/4445
Revert "gateways: far gateway IPv6 for https://github.com/opnsense/core/issues/4436"
gateways: far gateway IPv6 for https://github.com/opnsense/core/issues/4436
firmware: add async reconfigure hook to syslog
openvpn: (ipv4 only) when only ifconfig_local is provided, calculate first network address as gateway address. for https://github.com/opnsense/core/pull/4433
Merge branch 'nowstuseeit-master' into master
proxy: cleanup, simlpify and add model version for https://github.com/opnsense/core/pull/4383
Syslog: make sure to start/stop the correct syslog facility, detach reconfiguration in rc.configure_plugins for https://github.com/opnsense/core/issues/4397
system: second try ;)
pkg: plist fix
add Base64Field type, closes https://github.com/opnsense/core/issues/4398
Revert "system: syslog_ng_pid replaced by syslog_ng_pidfile in FreeBSD ports"
Auth/LDAP: Fix reading displayName attribute (#4418)
Filter: associated nat rules miss state keyword and when they would, the tag wouldn't be processed properly ($rule['type'] --> pass)
unbound: sort targets
firewall_nat_edit.php fix "PHP Warning: in_array() expects parameter 2 to be array, null given in /usr/local/www/firewall_nat_edit.php on line 542" when interface is missing, closes https://github.com/opnsense/core/pull/4407
event "auth user changed", optimize core_user_changed_groups() to only perform local_group_set() when there are changes needed. found while working on https://github.com/opnsense/core/issues/4411
system - usermanager: signal "auth user changed" when a user is modified via the webui. This should be rather harmless (the event was added in https://github.com/opnsense/core/commit/ecfd53ac2f60c6abd259702ed9e183acef967ea3)
ipsec: add description to reconfigure action (#4401)
interfaces / assignments: lexical sort interface keys, closes https://github.com/opnsense/core/issues/4394
backup / history: keep backup count default in a single spot, as discussed with @fichtner
core / mvc: add new config changed event using syshook structure
system: syslog_ng_pid replaced by syslog_ng_pidfile in FreeBSD ports
dhcp: RA MTU only written once
src: sync
Unbound: rebuild unbound blacklist download, fix previous (.conf files are being imported by unbound so we need to use another suffix for our config files)
Unbound: rebuild unbound blacklist download
interfaces: change max mtu value to 65535 in accordance with rfc791 (https://tools.ietf.org/html/rfc791). closes https://github.com/opnsense/core/issues/4359
Unbound / blacklists: remove unmaintained lists and add the other lists from https://github.com/blocklistproject/Lists while here.
Unbound / Blacklist : move "URLs of Blacklists" to advanced
Add toggle for pinger service in proxy settings
system: bump config backup default
System: Trust: Certificates : replace removeAttr usage to deselect option, although it probably still works with the single item selection, we better use the same construct as in system_advanced_admin.php
system: small follow-up for correct preset on page load #4373
System / Settings / Administration: fix defunct "use default" button on Listen Interfaces
system: switch order to unbreak server.bind in IPv6 first case; closes #4372
interfaces: update wireless prefixes, make it more maintainable
Firewall / live log: omit group type interfaces in fast selection. closes https://github.com/opnsense/core/issues/4369
Merge branch 'FromageBlue-master' into master
Fix for opnsense/core #4356 Adding DDNS values of each additional pool to the $ddns_zones array.
rc: support id in pluginctl -s mode
interfaces: list mac addresses, phase out netaddr.eui.ieee.OUI_REGISTRY_PATH. closes https://github.com/opnsense/core/issues/4364
Help text implied the opposite of what the checkbox did. Closes #4354 (#4357)
firewall / live log: allow "or" conditions, closes https://github.com/opnsense/core/issues/4361
Firewall / scrubbing: fix two parsing bugs:
Revert "Improve IPS mode help to avoid blocking network access, issue #4257 (#4271)"
system: syslog-ng 3.29
Improve IPS mode help to avoid blocking network access, issue #4257 (#4271)
Unbound: add "unbound-plus" section to xmlrpc sync, closes https://github.com/opnsense/core/issues/4352
IDPS: re-create rule cache after rule deployment, used update_local_changes() before, but this has the downside of missing the database changes, although create() is slower, it simplifies code to just rebuild after depolym ent. ref https://github.com/opnsense/core/commit/a222eda2c74d3af063af39517cc0f6832ec1110f#commitcomment-42320374
IDS: ignore pkill exit status when performing ids update, if suri is inactive we can safely ignore it. closes https://github.com/opnsense/core/issues/4346
system: missing control widget from log pages
Add "Nat" tab to Firewall->Diagnostics->pfInfo menu (#4330)
system: use different shell gateway name to appease wizard
unbound: restructure reconfigure so that we always flush config
router advertisements: tricky, way to little coffee #4328
router advertisements: whoops ;) #4328
router advertisements: add static interface mode for #4328
Firewall / Aliases - add mac type to top right selection, missed a spot
Firewall / Alias, allow ! on hosts too, closes https://github.com/opnsense/core/issues/4318
dnsmasq: remove advanced configuration; closes #3973
dnsmasq: override directory support #3973
dnsmasq: regenerate resolv.conf on save #4273
dnsmasq: log queries option; closes #4323
rc: fix wrong double quotes
Firewall / Aliases: add support for network exclusions in network alias type. for https://github.com/opnsense/core/issues/4318
Reporting / Traffic: smaller delay to display entries when they appear
rc: directory exists after previous loop
rc: fix typo
rc: fix ssh key permissions on MSDOS import
src: script no longer exists so remove reference
Reporting / Traffic: ditch status_graph.php and replace with new mvc statistics page.
Reporting / Traffic: hook iftop stats script into configd, sort by top usage and add address tag (local, private)
Filter: alias - add aliasname to error message
find_table_references.py unused variable, the IPAddress() call is only there for validation purposes now.
missed a spot
cleanup previous
find_table_references.py: use pfctl for IP check (#4320)
Reporting / Traffic: add iftop stats script
Reporting / Traffic: forgot to add chart.js. version 2.8.0 seems to be best compatible with chartjs-plugin-streaming at the moment, which is why we're not using the latest at the moment.
Reporting / Traffic: proof of concept code for a traffic view replacement using chart.js (part 2)
Reporting / Traffic: proof of concept code for a traffic view replacement using chart.js
firewall: aliases. be more verbose when fetching remote content, change log level to notice as well. for https://github.com/opnsense/core/issues/4309
fimware: revoke 20.1 fingerprint
ui: remove source mapping hint as per lint request
Javascript: upgrade moment.js to 2.27.0
system: popular temperature topic changes
system: simplify CARP hook
unbound: default to SO_REUSEPORT; closes #4303
IDPS: rulecache parse error on invalid metadata, for https://github.com/opnsense/core/issues/4302
system: temperature widget, no indication that this is "wrong"
system: hw.usb.no_pf was removed in FreeBSD 10
firmware: properly report an unsigned repostory
Updated Project Block Lists Links (#4288)
reporting: a bit of style in previous
Add Traffic Filter for Private IPv4 Networks (#4279)
IDPS: allow search for status enabled/disabled.
firewall -> aliases: bogons not loaded on initial load, due to bogons aliases registered again without file reference. for https://github.com/opnsense/core/issues/4277
Lobby: Dashboard - gateway status widget, add gateway status endpoint (api/routes/gateway/status) and refactor widget to use it. closes https://github.com/opnsense/core/issues/4261
web proxy: move error directory template
system: restore damaged bogons files on startup; closes #4277
Proxy: no form-inline on previous for https://github.com/opnsense/core/issues/4278
Proxy: forgot about build magic replacing ".in", fix targets to cope with that, while there add an apply button as well for clarity. closes https://github.com/opnsense/core/issues/4278
Interfaces -> Diagnostics -> Netstat : add listen-queue-sizes in Socket tab
system: remove syslog-ng workaround, all better now
system: add new-password hint for Chrome on login form
system: add REQUESTS_CA_BUNDLE to rc.syshook and rc as well
system: use /etc/ssl/cert.pem consistently
system: fix permission of startup helper
python/env make sure requests library uses system certificate store when being called from cron or configd (set REQUESTS_CA_BUNDLE)
jinja2: add regex_replace, pull in https://github.com/opnsense/core/pull/4225 using lambda
system: adjust wording
syslog-ng: move syshook as per request @fichtner
interfaces: bugs be bugs, time to remove training wheels
system: a bit easier to read
syslog-ng: force restart after boot sequence
Syslog: rename syslog service description and hide legacy mode when not enabled. ref https://github.com/opnsense/core/issues/4263
Firewall:aliases prevent pfctl error messages from being suppressed. closes https://github.com/opnsense/core/issues/4266
syslog: interpretation difference between legacy (clog) and new style logging when send via syslog, clog files are not split into directories (module_mylog.log vs module/mylog_XXXXXX.log)
syslog: cleanup unused legacy function
flowd_aggregator. better replace line endings when sending traceback to syslog.
Firewall / aliases: internally reserved keywords, second case in a week, let's make sure we exclude all yacc doesn't like (https://github.com/opnsense/src/blob/41ba6e29a8d3f862f95f9ab0a1482ef58c4a7cdb/sbin/pfctl/parse.y#L5482)
Proxy: json access log, minor bugfix for https://github.com/opnsense/core/issues/4244
web proxy: help text style
syslog-ng: initial startup issues. try to sleep for 0.5 seconds before using syslogs socket.
Proxy: better explain where access log entries are heading when syslog is selected, slightly related to https://github.com/opnsense/core/issues/4244
authgui.inc: wrong jQuery version. closes https://github.com/opnsense/core/issues/4250
Firewall / aliases. resolve mac addresses at fixed ttl for https://github.com/opnsense/core/issues/4248
Firewall / aliases - allow mac addresses for https://github.com/opnsense/core/issues/4248
Firewall / alias, log is reserved too. closes https://github.com/opnsense/core/issues/4246
mvc: remove unused sample_input_field
IPsec: simplify previous with legacy_interface_create()
IPSec: prevent ipsec vti interface to hit 32768 limit (create numbered, rename and attach afterwards)
Web proxy: add json output, following Elastic Common Schema (ECS) reference. closes https://github.com/opnsense/core/issues/4244
src: lint and stylsrc: lint and stylee
firmware: ignore man page database regeneration
configd: syslog issue, when messages are laarger tahn 4k (traceback) they just seem to vanish in thin air. let's wrap our syslog calls, cut to max 4000 chars and while here prevent multiline output as well since it mangles our ui
Menu: interface groups integrity issue, closes https://github.com/opnsense/core/issues/4243
Firewall/aliases: backend support for arp type entries.
system_authservers.php: fix PHP Warning: in_array() expects parameter 2 to be array, null given in /usr/local/www/system_authservers.php on line 756
syslog ui: filter new style log directories accordingly. when using suricata, there already is a directory called suricata for example with a stats.log in it. we should only try to fetch files which match the pattern:
Revert "mirror (Aivian) not active anymore"
Firewall: live log, add dropdowns for "static" fields. closes https://github.com/opnsense/core/issues/4236
Mirrors: opn.sense.nz seems to be down
mirrors: RageNetwork not available
firmware: switch to 20.7
unbound: "order entries"
pkg: cheer up @adschellevis by auto-selecting suricata
syslog: legacy syslog (clog) expects rfc5424 out when being parsed by syslog-ng
syslog-ng: RFC5424 issue on FreeBSD 12, needs flags(syslog-protocol) on source, ref https://github.com/syslog-ng/syslog-ng/issues/2428
firmware: prep for 20.7
pkg: treat version numbers correctly
Proxy: don't try to force cachemanager access to use icap when enabled, it's highly unlikely the icap server understands these requests.
interfaces: drop unfinished RFC 3118 support
syslog: split process name into seperate column, bugfix export while here as well (when limit equals 0, dump all data)
syslog: disable legacy syslogd when disable_clog is set
fix previous, missed $config import
syslog: don't generate clog files when disable_clog is set.
widgets/ntp, php warnings if no GPS fix and thus lat+lon missing from NMEA msg (#4212)
syslog-ng: lockout-handler, exit when syslog-ng exits. closes https://github.com/opnsense/core/issues/4195
filter: Gateway Monitoring/Kill states, make sure our factory defaults match input and only trigger a state reset using the existing filter_configure_sync() parameter.
firmware: prep for 20.7-RC1
Revert "pkg: align 20.7 build for hassle-free update"
Proxy: small cleanup in previous
Update squid.conf (#4137)
ntpd: NMEA GPS clock messages lat and lon parsing fix #4209 (#4211)
filter: list_states.py, validate if nat destination contains a port. closes https://github.com/opnsense/core/issues/4210
Display dest port number created own case