BSD Commit Log Search

reporting: health: ditch footer and add banner margin

reporting: health: use tabs to split settings

ref: https://forum.opnsense.org/index.php?topic=52233.0

unbound: empty string as array offset instead of null

php 8.5 issue

captive portal: adjust accounting interval to Acct-Interim-Interval

This changes the default interval to 600, which is the recommended
value according to RFC 2869.

Firewall: Migration Assistant: Show migration assistant if at least one Outbound NAT rule exists, remove conditional hiding based on NAT mode

(cherry picked from commit 1aceb823dabc64cfc7098dd48b48f4c0a2e3fd9a)

Firewall: Migration Assistant: Show migration assistant if at least one Outbound NAT rule exists, remove conditional hiding based on NAT mode

captive portal: adjust ARP logic to ISO format per https://github.com/opnsense/core/commit/4b86d4e638b7968158a4691e511e174ca927ed13

ValueError: time data '2026-06-29T12:34:19Z' does not match format '%Y-%m-%d %H:%M:%S'
(cherry picked from commit 1f1612aa1024c343711a6ad8c20ca39e08e6645e)

captive portal: adjust ARP logic to ISO format per https://github.com/opnsense/core/commit/4b86d4e638b7968158a4691e511e174ca927ed13

ValueError: time data '2026-06-29T12:34:19Z' does not match format '%Y-%m-%d %H:%M:%S'

firewall: skip alias on rules GUI reload

Also align the alias load path in the controller with
how !skip_alias serializes the sequence after rules
reload inside filter_configure_sync().

(cherry picked from commit a3091013d724f19e5fc2767a12de811da606e935)
(cherry picked from commit 5c1d8575a7d87dd717963506b510d144e6fcd63a)

firewall: change update failure to error

firewall: nat: enable virtualDOM here as well

(cherry picked from commit d61ff02165535f90e7444940c7f1844e43cdf899)

firewall: nat: enable virtualDOM here as well

mvc: use camelCase for carp_status action related to #10428

(cherry picked from commit 68d9da1a0be85a9e673ee10c46052749b61753c6)

src: sweep

(cherry picked from commit aca61bd87e6f18599957cacdb9800f44603466dc)

mvc: whitespace

(cherry picked from commit d92ad28bc103be00a14bcdaa14f169ceef6d3c83)

bootgrid: minor optimizations

(cherry picked from commit 3ca0e7b5708dbb5e8dcab5f92664e7ef36db1d72)

Firewall: NAT: Destination NAT: Add validations for No RDR, prevent target and local-port being set (#10447)

(cherry picked from commit 7914d185d4fbc0faa06572ba205391654df7b589)

firewall: move applyAction() up for smaller diff

Firewall: Rules: Improve interface filter logic to include floating rules with multiple interfaces when they overlap with at least one interface in the interface filter request (#10449)

* Firewall: Rules: Improve interface filter logic to include floating rules with multiple interfaces when they overlap with at least one interface in the interface filter request.

* Improve inverted interface condition, make it symmetric to positive interface match in final else condition

(cherry picked from commit a1d16690c2c34c0a131e70e0ffeee0771f672b0e)

Firewall: Migration Assistant: Show rule counts that can be exported, hide tab if no rules exist (#10395)

(cherry picked from commit f4c040a0c134d73264ebfe932fe6a80e6f3768cf)

mvc: give throwReadOnly() a sibling named throwNotFullAdmin() which validates if a user has full access rights and can be treated as "provides safe input".

Although there aren't a lot of cases where user input can't be validated strictly enough, there are still one or two edge cases which offer some sort of "advanced" input which we currently wouldn't accept and are thus hard to change for historic reasons. The most prominent one is Monit, which allows local commands being executed.

throwNotFullAdmin simply raises an exception and bails before persisting changes to the configuration, which can be set on a per action or controller (internalSaveRequiresAdmin).

(cherry picked from commit 578e025111161ffd03fd3fd0ccdac203be546505)

mvc: also do not translate empty labels in grids #10369

(cherry picked from commit 9d65dd6a8c2b14c19c914b90d3c8826e3d9bc962)

src: implicitly marking parameter $chown as nullable is deprecated

(cherry picked from commit 8441b9ea76352d6d75203d61feee03110ef5bdea)

mvc: FileObject: fix exception bug (#10442)

(cherry picked from commit 5c040197dfc4e4baa507de5c8bf714fe30ae68a6)

mvc: guard BaseField::setNodes() against a list given for a scalar leaf (#10434)

(cherry picked from commit cde5f912b376be2962a9350613e225d579ef734e)
(cherry picked from commit 48d01e753973457942dbca408e04531b9917b5d3)
(cherry picked from commit a0a8e739570145b96b1adf73f8235ec479417f75)

mvc: BaseField: more of the same

mvc: BaseField: unify exception messages for previous

mvc: DescriptionField: disable special and newline characters

This is only cosmetic and since the description is only used as a
label and not a note block this is fine (and could be overwridden
by the model if needed).

(cherry picked from commit d3c654f848284bcf8b510ea22df3e6ac90063387)

firewall: unify group names

The defaults in GroupField are still a bit weird as we are showing them
even though their mandatory path is from *_interfaces() plugin registration.

If we need the value 10 we should make it the implicit default and also
add the default to the group interface registration (or not at all).

GroupField could read them correctly from config.xml...

PR: https://www.reddit.com/r/opnsense/comments/1ucvh2y/is_there_a_way_to_change_the_openvpn_group/

(cherry picked from commit 553f7dfe68e4b9d679f9c01691738f64cdcf458e)
(cherry picked from commit 6a19c92af85468a910e4ce685bf5c9d52021ee4e)

firewall: allow WAN as "associated interface" for NPTv6 #10413

(cherry picked from commit aa27c069589dbbc9f2f26e7f6150069949f63bc2)