BSD Commit Log Search

firewall: skip alias on rules GUI reload

Also align the alias load path in the controller with
how !skip_alias serializes the sequence after rules
reload inside filter_configure_sync().

(cherry picked from commit a3091013d724f19e5fc2767a12de811da606e935)
(cherry picked from commit 5c1d8575a7d87dd717963506b510d144e6fcd63a)

firewall: change update failure to error

firewall: nat: enable virtualDOM here as well

(cherry picked from commit d61ff02165535f90e7444940c7f1844e43cdf899)

firewall: nat: enable virtualDOM here as well

mvc: use camelCase for carp_status action related to #10428

(cherry picked from commit 68d9da1a0be85a9e673ee10c46052749b61753c6)

src: sweep

(cherry picked from commit aca61bd87e6f18599957cacdb9800f44603466dc)

mvc: whitespace

(cherry picked from commit d92ad28bc103be00a14bcdaa14f169ceef6d3c83)

bootgrid: minor optimizations

(cherry picked from commit 3ca0e7b5708dbb5e8dcab5f92664e7ef36db1d72)

Firewall: NAT: Destination NAT: Add validations for No RDR, prevent target and local-port being set (#10447)

(cherry picked from commit 7914d185d4fbc0faa06572ba205391654df7b589)

firewall: move applyAction() up for smaller diff

Firewall: Rules: Improve interface filter logic to include floating rules with multiple interfaces when they overlap with at least one interface in the interface filter request (#10449)

* Firewall: Rules: Improve interface filter logic to include floating rules with multiple interfaces when they overlap with at least one interface in the interface filter request.

* Improve inverted interface condition, make it symmetric to positive interface match in final else condition

(cherry picked from commit a1d16690c2c34c0a131e70e0ffeee0771f672b0e)

Firewall: Migration Assistant: Show rule counts that can be exported, hide tab if no rules exist (#10395)

(cherry picked from commit f4c040a0c134d73264ebfe932fe6a80e6f3768cf)

mvc: give throwReadOnly() a sibling named throwNotFullAdmin() which validates if a user has full access rights and can be treated as "provides safe input".

Although there aren't a lot of cases where user input can't be validated strictly enough, there are still one or two edge cases which offer some sort of "advanced" input which we currently wouldn't accept and are thus hard to change for historic reasons. The most prominent one is Monit, which allows local commands being executed.

throwNotFullAdmin simply raises an exception and bails before persisting changes to the configuration, which can be set on a per action or controller (internalSaveRequiresAdmin).

(cherry picked from commit 578e025111161ffd03fd3fd0ccdac203be546505)

mvc: also do not translate empty labels in grids #10369

(cherry picked from commit 9d65dd6a8c2b14c19c914b90d3c8826e3d9bc962)

src: implicitly marking parameter $chown as nullable is deprecated

(cherry picked from commit 8441b9ea76352d6d75203d61feee03110ef5bdea)

mvc: FileObject: fix exception bug (#10442)

(cherry picked from commit 5c040197dfc4e4baa507de5c8bf714fe30ae68a6)

mvc: guard BaseField::setNodes() against a list given for a scalar leaf (#10434)

(cherry picked from commit cde5f912b376be2962a9350613e225d579ef734e)
(cherry picked from commit 48d01e753973457942dbca408e04531b9917b5d3)
(cherry picked from commit a0a8e739570145b96b1adf73f8235ec479417f75)

mvc: BaseField: more of the same

mvc: BaseField: unify exception messages for previous

mvc: DescriptionField: disable special and newline characters

This is only cosmetic and since the description is only used as a
label and not a note block this is fine (and could be overwridden
by the model if needed).

(cherry picked from commit d3c654f848284bcf8b510ea22df3e6ac90063387)

firewall: unify group names

The defaults in GroupField are still a bit weird as we are showing them
even though their mandatory path is from *_interfaces() plugin registration.

If we need the value 10 we should make it the implicit default and also
add the default to the group interface registration (or not at all).

GroupField could read them correctly from config.xml...

PR: https://www.reddit.com/r/opnsense/comments/1ucvh2y/is_there_a_way_to_change_the_openvpn_group/

(cherry picked from commit 553f7dfe68e4b9d679f9c01691738f64cdcf458e)
(cherry picked from commit 6a19c92af85468a910e4ce685bf5c9d52021ee4e)

firewall: allow WAN as "associated interface" for NPTv6 #10413

(cherry picked from commit aa27c069589dbbc9f2f26e7f6150069949f63bc2)

openvpn: clean up these option values

Push flags not always mention "push" in label but their
context is clear and keys do not change so simplify.

(cherry picked from commit a9dee3dcff89be9ecd2985ebe590e79ad0bdf01f)

kea: v6 linter pass

(cherry picked from commit 1f08ea963ecab1380d76bcb9d79b4ed53cdd525e)

kea: v4 option values changes for linter

(cherry picked from commit 50fa3fd8e344be3a83706a44d22b70f4fde87586)

firewall: rules: enable virtualDOM

(cherry picked from commit 698b7c15dc5253061de73186834f424da123b713)

system: fix ACL pattern for carp_status action (#10428)

(cherry picked from commit c556979d99d0029292e16e331529f87fc0457355)

Firewall: NAT: Source NAT: skip rendering rules when mode is not advanced (manual) or hybrid (#10472)

(cherry picked from commit aa2a54a5a8a9988b7a63e6ccef18ab01a4777a83)

Firewall: NAT: Source NAT: skip rendering rules when mode is not advanced (manual) or hybrid (#10472)

unbound: change layout to better fit generic styling

Also fix a PHP 8.5 issue while here.