OPNSense/core e83a209src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt, src/opnsense/www/js opnsense_bootgrid.js

by Stephan de Wit on ⎇
Firewall: Rules: semi-persistence for top-level categories
DeltaFile
+149-99src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+2-1src/opnsense/www/js/opnsense_bootgrid.js
+151-1002 files

OPNSense/core 591830asrc/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt, src/opnsense/www/js opnsense_bootgrid.js

by Stephan de Wit on ⎇
Firewall: Rules: improved tree grouping logic
DeltaFile
+54-28src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+4-2src/opnsense/www/js/opnsense_bootgrid.js
+58-302 files

OPNSense/core c5b84a6src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt

by Stephan de Wit on ⎇
Firewall: Rules: clean up
DeltaFile
+17-23src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+17-231 files

OPNSense/core 1251c97src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt

by Stephan de Wit on ⎇
Firewall: Rules: clean up
DeltaFile
+17-23src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+17-231 files

OPNSense/core aac82a7src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt, src/opnsense/www/js opnsense_bootgrid.js

by Stephan de Wit on ⎇
Firewall: Rules: semi-persistence for top-level categories
DeltaFile
+149-99src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+2-1src/opnsense/www/js/opnsense_bootgrid.js
+151-1002 files

OPNSense/core ce499a9src/opnsense/mvc/app/views/OPNsense/Firewall nat_rule.volt

by Monviech on ⎇
The other NAT pages should also be allowed to unhide their grid
DeltaFile
+7-2src/opnsense/mvc/app/views/OPNsense/Firewall/nat_rule.volt
+7-21 files

OPNSense/core 9969711src/opnsense/mvc/app/controllers/OPNsense/Kea/Api Leases6Controller.php ServiceController.php, src/opnsense/mvc/app/controllers/OPNsense/Monit/Api SettingsController.php

by Franco Fichtner on ⎇
mvc: fix a few stale imports via linter
DeltaFile
+0-4src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/Leases6Controller.php
+0-2src/opnsense/mvc/app/models/OPNsense/Interfaces/FieldTypes/VipNetworkField.php
+0-2src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/GeneralController.php
+0-1src/opnsense/mvc/app/controllers/OPNsense/Monit/Api/SettingsController.php
+0-1src/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ServiceController.php
+0-1src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/ServiceController.php
+0-116 files not shown
+0-1712 files

OPNSense/core 2571f8cScripts class-import.sh

by Franco Fichtner on ⎇
make: improve import linter for edge cases
DeltaFile
+2-1Scripts/class-import.sh
+2-11 files

OPNSense/core 6986e49src/opnsense/mvc/app/views/OPNsense/Firewall nat_rule.volt

by Monviech on ⎇
Hide grid when snat_mode is disabled
DeltaFile
+27-7src/opnsense/mvc/app/views/OPNsense/Firewall/nat_rule.volt
+27-71 files

OPNSense/core 1f08ea9src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.xml

by Franco Fichtner on ⎇
kea: v6 linter pass
DeltaFile
+33-33src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+33-331 files

OPNSense/core 50fa3fdsrc/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml

by Franco Fichtner on ⎇
kea: v4 option values changes for linter
DeltaFile
+27-27src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+27-271 files

OPNSense/core 21d492bsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

by Monviech on ⎇
Just always show automatic rules in the result, we don't need two filter functions here
DeltaFile
+1-7src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+1-71 files

OPNSense/core f7989c0. plist

by Franco Fichtner on ⎇
pkg: fix plist
DeltaFile
+1-0plist
+1-01 files

OPNSense/core a4aa93csrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

by Monviech on ⎇
Change searchRuleAction() output based on selected snat_mode to either include automatic rules/manual rules or not
DeltaFile
+42-19src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+42-191 files

OPNSense/core 34e8023src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

by Monviech on ⎇
Since we have a volatile field we can use it directly here
DeltaFile
+1-2src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+1-21 files

OPNSense/core cab002esrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

by Monviech on ⎇
Not needed anymore now
DeltaFile
+0-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+0-11 files

OPNSense/core 0b67bb7src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.php

by Monviech on ⎇
Call set endpoint directly and use serializeToConfig to save the volatile SNAT model field into legacy configuration. Expose a validation endpoint to ensure no invalid values can be serialized
DeltaFile
+2-18src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+19-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+10-2src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/SNatModeField.php
+1-1src/opnsense/mvc/app/views/OPNsense/Firewall/nat_rule.volt
+32-214 files

OPNSense/core 8ff0152src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt, src/opnsense/www/js opnsense_bootgrid.js

by Stephan de Wit on ⎇
Firewall: Rules: improved tree grouping logic
DeltaFile
+54-28src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+4-2src/opnsense/www/js/opnsense_bootgrid.js
+58-302 files

OPNSense/core 74e76cbsrc/opnsense/scripts/firmware hostnames.sh

by Franco Fichtner on ⎇
firmware: retain ordering in update servers

This only pertains to the connectivity audit changes from
26.1.8.  Treat the server from opnsense-update -M as the
primary one by not sorting the result.

PR: https://forum.opnsense.org/index.php?topic=52025.0
DeltaFile
+1-1src/opnsense/scripts/firmware/hostnames.sh
+1-11 files

OPNSense/core 8326693src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api AssignmentController.php, src/opnsense/mvc/app/models/OPNsense/Interfaces Assignment.php

by Ad Schellevis on ⎇
Interfaces: Assignments - work in progress for https://github.com/opnsense/core/issues/9945

In order to migrate the interface assignments, we need to think of a way to use the differently named xml nodes for interfaces (wan, lan, ..) into something that closely resembles a standard model implementation.
Since we can't match these nodes in our statically defined model xmls, the main idea is to flush all via an in-memory model with a separate load [construct] and save hook [serializeToConfig].

The next challenge is to "stash" updates and wait for "apply" in certain cases, for this we add a temporary database holding the changes  which are synced after the actual system change has happend (pending_action, pending_if). When succesfully applied, the apply function cleans up the final stage of the configuration to make everything consistent again.

This database is a simple single json encoded file named /tmp/.interfaces.todo
DeltaFile
+159-0src/opnsense/mvc/app/models/OPNsense/Interfaces/Assignment.php
+121-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/AssignmentController.php
+90-0src/opnsense/scripts/interfaces/list_assign_options.php
+64-0src/opnsense/scripts/interfaces/apply_pending_if_changes.php
+54-0src/opnsense/mvc/app/models/OPNsense/Interfaces/FieldTypes/AssignmentInterfaceField.php
+45-0src/opnsense/mvc/app/views/OPNsense/Interface/assignment.volt
+533-05 files not shown
+639-011 files

OPNSense/core c448bb8src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api AssignmentController.php, src/opnsense/mvc/app/models/OPNsense/Interfaces Assignment.php

by Ad Schellevis on ⎇
Interfaces: Assignments - work in progress for https://github.com/opnsense/core/issues/9945

In order to migrate the interface assignments, we need to think of a way to use the differently named xml nodes for interfaces (wan, lan, ..) into something that closely resembles a standard model implementation.
Since we can't match these nodes in our statically defined model xmls, the main idea is to flush all via an in-memory model with a separate load [construct] and save hook [serializeToConfig].

The next challenge is to "stash" updates and wait for "apply" in certain cases, for this we add some temporary attributes to the configuration which are synced after the actual system change has happend (pending_action, pending_if). When succesfully applied, the apply function cleans up the final stage of the configuration to make everything consistent again.
DeltaFile
+119-0src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/AssignmentController.php
+97-0src/opnsense/mvc/app/models/OPNsense/Interfaces/Assignment.php
+90-0src/opnsense/scripts/interfaces/list_assign_options.php
+57-0src/opnsense/scripts/interfaces/apply_pending_if_changes.php
+54-0src/opnsense/mvc/app/models/OPNsense/Interfaces/FieldTypes/AssignmentInterfaceField.php
+45-0src/opnsense/mvc/app/views/OPNsense/Interface/assignment.volt
+462-05 files not shown
+568-011 files

OPNSense/core 07ff1efsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

by Monviech on ⎇
The automatic SNAT rules prio_group should be the same as automatic firewall rules at the end of the ruleset
DeltaFile
+4-4src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+4-41 files

OPNSense/core 9f2b696src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

by Monviech on ⎇
Firewall: NAT: Generate automatic SNAT rules for the grid, they are completely synthetic and not coupled to actual backend scripts
DeltaFile
+134-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+134-01 files

OPNSense/core 8e1be40src/opnsense/www/js/widgets Cpu.js DnsmasqLeases.js

by Stephan de Wit on ⎇
ui: put these back
DeltaFile
+2-2src/opnsense/www/js/widgets/Cpu.js
+2-2src/opnsense/www/js/widgets/DnsmasqLeases.js
+1-1src/opnsense/www/js/widgets/Monit.js
+1-1src/opnsense/www/js/widgets/Services.js
+1-1src/opnsense/www/js/widgets/Traffic.js
+7-75 files

OPNSense/core 5de581csrc/opnsense/scripts/firmware config.sh read.sh

by Franco Fichtner on ⎇
firmware: stop buffering in sed

Since cmd_output was made the generic filter for subscriptions
the update log showed signs of excessive buffering.  This brings
it back to where it was and also improves the old read case.
DeltaFile
+1-1src/opnsense/scripts/firmware/config.sh
+1-1src/opnsense/scripts/firmware/read.sh
+2-22 files

OPNSense/core 16ed473src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api SourceNatController.php

by Monviech on ⎇
Condition should be OR for the ACL check
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/SourceNatController.php
+1-11 files

OPNSense/core 0bd0defsrc/opnsense/mvc/app/library/OPNsense/System/Status HostDiscoveryStatus.php, src/opnsense/mvc/app/views/OPNsense/Hostdiscovery settings.volt

by Stephan de Wit via GitHub on ⎇
hostwatch: pin warning banner to enabled flag (#10368)

Closes https://github.com/opnsense/core/issues/10196
DeltaFile
+53-0src/opnsense/mvc/app/library/OPNsense/System/Status/HostDiscoveryStatus.php
+0-13src/opnsense/mvc/app/views/OPNsense/Hostdiscovery/settings.volt
+2-0src/opnsense/scripts/interfaces/list_hosts.py
+55-133 files

OPNSense/core 303f5b4src/opnsense/www/js opnsense_bootgrid.js opnsense_widget_manager.js, src/opnsense/www/js/widgets Wireguard.js DnsmasqLeases.js

by Stephan de Wit on ⎇
ui: style fixes
DeltaFile
+3-3src/opnsense/www/js/widgets/Wireguard.js
+2-2src/opnsense/www/js/widgets/DnsmasqLeases.js
+2-2src/opnsense/www/js/widgets/Cpu.js
+1-1src/opnsense/www/js/widgets/Traffic.js
+1-1src/opnsense/www/js/opnsense_bootgrid.js
+1-1src/opnsense/www/js/opnsense_widget_manager.js
+10-103 files not shown
+13-139 files

OPNSense/core b11d6b3src/www firewall_rules.php

by Ad Schellevis via Franco Fichtner on ⎇
Firewall: Rules: LAN - fix for missing HTML escape

PR: CVE-2026-49131
(cherry picked from commit 37cc231a6844f343723be6ae1a84d73941a1b408)
DeltaFile
+1-1src/www/firewall_rules.php
+1-11 files

OPNSense/core 12b021fsrc/opnsense/www/js/widgets Certificates.js

by Ad Schellevis via Franco Fichtner on ⎇
dashboard / certificates - remove unused data-tooltip that is not properly escaped

PR: CVE-2026-49132
(cherry picked from commit 2e2a782102d4d2973580317545acf307d0a7e423)
DeltaFile
+1-1src/opnsense/www/js/widgets/Certificates.js
+1-11 files