Firewall: Rules: Migration assistant - add export option and guidance for migrations to the new mvc system. (#9606)
* Firewall: Rules: Migration assistant - add export option and guidance for migrations to the new mvc system.
Add new "Firewall: Rules: Migration assistant" to help people moving to our new mvc based firewall system by offering a couple of simple steps for exporting the old rules into a csv file and importing them into the new system. When all rules are migrated the user may drop all old ones using the ConfigMaintenance module used in "defaults".
There's one small issue remaining in fbegin.inc as it doesn't render the icon correctly due to VisibleName being escaped currently (which isn't the case in our mvc template).
closes https://github.com/opnsense/core/issues/9579
* Update src/opnsense/service/conf/actions.d/actions_filter.conf
---------
Co-authored-by: Franco Fichtner <franco at opnsense.org>
interfaces: generalise the dhcp6c_script using the new IFNAME variable #7647
The file was conceptually created in d36f0f4f62557 and before was a single
command line script... so add appropriate copyrights from that time onward.
Many thanks to Martin for pinoeering this back in the day!
interfaces: show the prefix shift in the log message
Move the other force message to the respective if which is more or
less what we had before. This is important for making clear what
the impact of #9521 to renewals actually is.
interfaces: missed script path via @cm-rudolph
interfaces: multi-dhcp6c support and custom PD association #7647
This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations. For NA we simply default to 0 now.
I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
Add two debugging files which still need to be steered via the
debug setting.
radvd: remove configuration file if disabled
We do check from rtsold if radvd is running on the current interface
and then reject running dhcp6c because it would pick up a local configuration.
That's problematic when radvd is misconfigured or was previously active:
In the misconfigured case we can emit a log message too much makes this
easier to find. In the previously-active case the config file lingers and
is read falsely. Simply remove it in this case.
Pretty up the rtsold_script log messages a bit more. This may also be a
problem when Dnsmasq is giving out RAs, but this can be done later if the
need arises.
PR: https://forum.opnsense.org/index.php?topic=50175.0
interfaces: generalise the dhcp6c_script using the new IFNAME variable #7647
The file was conceptually created in d36f0f4f62557 and before was a single
command line script... so add appropriate copyrights from that time onward.
Many thanks to Martin for pinoeering this back in the day!
interfaces: show the prefix shift in the log message
Move the other force message to the respective if which is more or
less what we had before. This is important for making clear what
the impact of #9521 to renewals actually is.
interfaces: missed script path via @cm-rudolph
interfaces: multi-dhcp6c support and custom PD association #7647
This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations. For NA we simply default to 0 now.
I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
Add two debugging files which still need to be steered via the
debug setting.
interfaces: generalise the dhcp6c_script using the new IFNAME variable #7647
The file was conceptually created in d36f0f4f62557 and before was a single
command line script... so add appropriate copyrights from that time onward.
Many thanks to Martin for pinoeering this back in the day!
interfaces: show the prefix shift in the log message
Move the other force message to the respective if which is more or
less what we had before. This is important for making clear what
the impact of #9521 to renewals actually is.
interfaces: missed script path via @cm-rudolph
interface: multi-dhcp6c support and custom PD association #7647
This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations. For NA we simply default to 0 now.
I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
Add two debugging files which still need to be steered via the
debug setting.
ipsec: reorder ChaCha20-Poly1305 AEAD proposals
Best keep these down in the list, as the algorithm isn't quite recommended
by the NIST yet, and likely performs worse on FreeBSD when compared to GCM
at this point in time.
interfaces: generalise the dhcp6c_script using the new IFNAME variable ##7647
The file was conceptually created in d36f0f4f62557 and before was a single
command line script... so add appropriate copyrights from that time onward.
Many thanks to Martin for pinoeering this back in the day!
interfaces: show the prefix shift in the log message
Move the other force message to the respective if which is more or
less what we had before. This is important for making clear what
the impact of #9521 to renewals actually is.
interfaces: missed script path via @cm-rudolph
interface: multi-dhcp6c support and custom PD association #7647
This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations. For NA we simply default to 0 now.
I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
Add two debugging files which still need to be steered via the
debug setting.
interfaces: settings: use connected client MAC for auto generated DUID
While not technically on spec, this brings back the old behavior which
has not seen any issues. We do however fall back to using a primary
interface MAC if the client MAC can't be found, which can be the
case if the client is e.g. connected through a tunnel
interfaces: generalise the dhcp6c_script using the new IFNAME variable ##7647
The file was conceptually created in d36f0f4f62557 and before was a single
command line script... so add appropriate copyrights from that time onward.
Many thanks to Martin for pinoeering this back in the day!
interfaces: show the prefix shift in the log message
Move the other force message to the respective if which is more or
less what we had before. This is important for making clear what
the impact of #9521 to renewals actually is.
interfaces: missed script path via @cm-rudolph
interface: multi-dhcp6c support and custom PD association #7647
This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations. For NA we simply default to 0 now.
I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.
Add two debugging files which still need to be steered via the
debug setting.
interfaces: generalise the rtsold_script #7647
The bulk of this started in 732e4b3388b but Martin was involved
here too over the years. To make this work read the daemon
configuration from the respective daemon config file.
