BSD Commit Log Search

rc: use newer min_auto_ashift variable

WARNING: sysctl vfs.zfs.min_auto_ashift is deprecated. Use vfs.zfs.vdev.min_auto_ashift instead.

mvc: Fix idassoc.php converting already decimal stored prefix_id via hexdec(), add unit test for idassoc.php (#10389)


---------

Co-authored-by: Franco Fichtner <franco at opnsense.org>

plist-fix

Firewall: NAT: Destination NAT: Display effective port when local-port is omitted (#10237)

pkg: of course, of course

firmware: add 26.7 fingerprint

git: less ignore for our pkg files

This has been a problem for a decade.  Time to make this easier.

firmware: allow "local" business mirror subscription

While here remove the allow_custom softcoding which was always
enabled anyday.

Update src/opnsense/mvc/app/library/OPNsense/Interface/Idassoc.php

Co-authored-by: Franco Fichtner <franco at opnsense.org>

Update src/opnsense/mvc/app/library/OPNsense/Interface/Idassoc.php

Co-authored-by: Franco Fichtner <franco at opnsense.org>

mvc: Fix idassoc.php converting already decimal stored prefix_id via hexdec(), adjust unit test

mvc: style sweep

mvc: Add test for idassoc.php

firmware: allow local business mirror

Firewall: Add migration assistant banner to legacy rules page (#10388)

Firewall: Rules: group rules by default and fix "select all" logic (#10372)

This commit adds top-level groups that are always shown and visible, such as automatically generated, floating, group & interface rules. This first-level tree is not subject to local storage persistence, but state is kept to make sure these trees don't collapse if there are data changes in the grid to improve overall UX. The "category view" (previously "Tree view") is moved to a tree nested under the top-level groups. This tree is subject to local storage persistence.

Whether a top-level tree expands by default is determined by the interface type selection. If a user selects "floating rules", the floating rules section will expand, if instead a user selects an interface, the interface rules section will expand, while all other groups are collapsed.

This commit also fixes the case of the "select all" header checkbox, which was removed in the initial implementation as it wasn't functional. If a user now presses it, all selectable rules are selected, but only if they are visible under an expanded tree.

Firewall: Add migration assistant banner to legacy rules page

Interfaces: Assignments - change model name for clarity

MVC:ui - [WIP] refactor base_dialog and parseFormNode to simplify the template for https://github.com/opnsense/core/issues/9955

Interfaces: Assignments - rename "Interface" to "Device", but keep "if" as key to align with data underneath. for https://github.com/opnsense/core/pull/10366

Interfaces: Assignments - fix empty descriptions, which should show as upper case id, for https://github.com/opnsense/core/pull/10366

Firewall: NAT: Source NAT: Add migration for Outbound NAT into Source NAT page (#10373)

Firewall: add Source NAT mode bridge and outbound NAT migration

Reflect legacy `nat.outbound.mode` into the Firewall MVC model as volatile
`general.snat_mode` and expose it in the new Source NAT view. Persist the value
back into the legacy configuration through `serializeToConfig()` using a scoped
general-section setter to avoid unrelated model validation.

Adjust the Source NAT grid output based on the selected mode. Automatic and
hybrid modes include synthetic automatic rule rows for display purposes, while
advanced mode only shows manual rules and disabled mode hides the grid.

Extend the migration assistant with an outbound NAT migration tab and add a
configd exporter for legacy `nat.outbound.rule` entries. Exported rows
use empty UUIDs so imports create fresh MVC rule identifiers.

Add missing Source NAT parity fields for `tag` and `nosync`, include them in
generated rows, and export them from legacy outbound NAT rules.

    [22 lines not shown]

interfaces: another cleanup

LICENSE: sync

mvc: style sweep

Interfaces: Assignments - refactor to MVC closes https://github.com/opnsense/core/issues/9945 (#10366)

In order to migrate the interface assignments, we need to think of a way to use the differently named xml nodes for interfaces (wan, lan, ..) into something that closely resembles a standard model implementation.
Since we can't match these nodes in our statically defined model xmls, the main idea is to flush all via an in-memory model with a separate load [construct] and save hook [serializeToConfig].

The next challenge is to "stash" updates and wait for "apply" in certain cases, for this we add a temporary database holding the changes  which are synced after the actual system change has happend (pending_action, pending_if). When succesfully applied, the apply function cleans up the final stage of the configuration to make everything consistent again.

This database is a simple single json encoded file named /tmp/.interfaces.todo

Interfaces: Assignments - refactor to MVC closes https://github.com/opnsense/core/issues/9945

In order to migrate the interface assignments, we need to think of a way to use the differently named xml nodes for interfaces (wan, lan, ..) into something that closely resembles a standard model implementation.
Since we can't match these nodes in our statically defined model xmls, the main idea is to flush all via an in-memory model with a separate load [construct] and save hook [serializeToConfig].

The next challenge is to "stash" updates and wait for "apply" in certain cases, for this we add a temporary database holding the changes  which are synced after the actual system change has happend (pending_action, pending_if). When succesfully applied, the apply function cleans up the final stage of the configuration to make everything consistent again.

This database is a simple single json encoded file named /tmp/.interfaces.todo

Validate setGeneralAction as well

The nat.outbound.rule flush seems to work just fine, remove this comment

Add a scoped setGeneralAction() that only saves the general section of the model