BSD Commit Log Search

unbound: trim option values

This works since https://github.com/opnsense/core/commit/b187227683de93cb705d6290090aaa708354edf1

firewall: this works and I don't get it

src: expand lint and fix a few easy ones

trim this as well

trim this

leftover here

safeguard post as well

Services: Kea DHCPv4: Add DHCP4 compatibility options (#10336)

Refs: https://kea.readthedocs.io/en/stable/arm/dhcp4-srv.html#dhcp4-compatibility"

Co-authored-by: Franco Fichtner <franco at lastsummer.de>
Co-authored-by: Monviech <79600909+Monviech at users.noreply.github.com>

unbound: blocklist improvements (#10149)

* Organizes DNSBLs by provider/category.
* Adds the Social Network blocklist by hegizi.
* The tester now gives you the DNSBL name and category instead of its shortcode.

fix ACL and menu

update plist

Reporting: Settings: convert to MVC

make: add linter pass for the situation b187227683d addresses

mvc: OptionField: allow empty values in options

This falls back to the key which isn't going to be translated
since it's likely a technical term or keyword.

Also translate the $subvalue which appears to have been missed
before.

ui: improve form validation error append (#10333)

Since this iterates over a lot of irrelevant IDs and then mismatches
with the target change this by safeguarding against fields that are
likely not going to work without help_block_<id> and switch target
to a suffix match.

One spot where this matters: under kea v6 subnet add "DNS servers"
entry e.g. "::", click auto collect for check mark, click save. Interface
and subnet validation is red, the DNS server one shown is not.

kea: align newwanip hook with reality

ui: improve form validation error append

Since this iterates over a lot of irrelevant IDs and then mismatches
with the target change this by safeguarding against fields that are
likely not going to work without help_block_<id> and switch target
to a suffix match.

bootgrid: name it what it is

firewall: whitespace

Firewall: Rules - missed a spot in https://github.com/opnsense/core/commit/9b8ee2a92f14092f6971a96c86ca2fe138cd7b89

kea: style sweep

Services: Kea DHCPv6: Dynamic prefix delegation (#10252)

* Add a dynamic_prefix key to the user-context so we know which subnet6 should be enriched in a post apply hook later

* Also add dynamic_prefix to subnet6 dialog

* Add prefix source interface and resolve current prefix via Autoconf::getPrefix

* model bump not needed anymore

* Add validations that disallow users to configure subnet value, pool value and reservations for a dynamic prefix subnet. The subnet must be empty since it is auto configured, the pool is auto configured as ::1000-::2000 and seeded with initial prefix, reservations cannot be created because that would blow up as there is no concept like partial IPv6 addresses in KEA. We always want to bootstrap KEA with an initial working configuration.

* Since the prefix_source is verbatim to a subnet, we only allow its usage once per unique constraint

* Add a mvp for the dynamic pd_pool, the pool is auto generated from the largets possible prefix that does not include the IA_NA generated address pool. Validation ensures the user can only change the delegated prefix length, but not anything about the pool itself. KEA is very strict about validations, auto generation is required here to ensure the model stays sane.

* Make prefix pool validation stricter, if only a /64 prefix exists there is nothing we can do if we offer both IA_NA and IA_PD, at least /63 would be required for one IA_NA and one IA_PD pool.

* Remove config instantiation inside loops

    [89 lines not shown]

Revert "pkg: fix numpy version name"

This reverts commit 06291661ef1290b2b6c7a30cd18c0d4a563a0cf0.

Flippety-flop the ports tree went!

(cherry picked from commit 9dcd63d3e5ee8154ce8389108e6f7308b4b00bde)

Revert "pkg: fix numpy version name"

This reverts commit 06291661ef1290b2b6c7a30cd18c0d4a563a0cf0.

Flippety-flop the ports tree went!

Firewall: Rules [new]: Fix action, ipprotocol and protocol translations (legacy rules) (#10299)

* Firewall: Rules [new]: Fix action, ipprotocol and protocol translations. Fix Automatically generated rules category.

* Ensure translations are passed through all the way to icon formatter in view

* Ensure inet46 always shows as Any or *

* Update src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml

Co-authored-by: Franco Fichtner <franco at opnsense.org>

* Update src/opnsense/scripts/filter/list_non_mvc_rules.php

Co-authored-by: Franco Fichtner <franco at opnsense.org>

---------

Co-authored-by: Franco Fichtner <franco at opnsense.org>

Update src/opnsense/scripts/filter/list_non_mvc_rules.php

Co-authored-by: Franco Fichtner <franco at opnsense.org>

Update src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml

Co-authored-by: Franco Fichtner <franco at opnsense.org>

interfaces: a few "foreach ($config" iterations switched to config_read_array()

Captive Portal: remove redirection on HTTPS, ditch non-functional pass statement as well

In theory, clients only use HTTP to detect the presence of a portal.
If they were to use HTTPS, the 302 redirect would in most cases
not be accessible, as the certificate presented is most likely not
valid, cutting off the communication before any redirect to a login
page can happen.

The portal itself can and should remain accessible on HTTPS, as this
is the URL the redirect is pointing to. This may be attached to a
valid certificate as well, but the key point is that access to
this URL doesn't strictly need redirection for everything on port
443.

This should prevent clients opening bogus connections to the
captive portal, which consumes a lot of TLS traffic on the network
stack, bogging down lighttpd in bigger setups and creating
a lot of established states in pf.


    [2 lines not shown]

ipsec: move swanctl.conf download button to the tab

This aligns with the aliases actions tab.