OPNSense/core bbfd1f3src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.php Filter.xml

Firewall: Automation: Filter - add adaptive timeouts for https://github.com/opnsense/core/issues/8143
DeltaFile
+37-1src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+14-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+6-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+57-13 files

OPNSense/core e6440cbsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.xml

Firewall: Automation: Filter - add allowopts for https://github.com/opnsense/core/issues/8143
DeltaFile
+7-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+4-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+11-02 files

OPNSense/core 0d9550bsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.php Filter.xml

Firewall: Automation: Filter - add max (states) option  for https://github.com/opnsense/core/issues/8143
DeltaFile
+9-5src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+10-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+3-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+22-53 files

OPNSense/core 207d51dsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.xml

Firewall: Automation: Filter - add max-src-nodes, max-src-states options for https://github.com/opnsense/core/issues/8143
DeltaFile
+14-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+6-1src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+20-12 files

OPNSense/core d07e3c6src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.php Filter.xml

Firewall: Automation: Filter - add  'statetimeout' and validations for https://github.com/opnsense/core/issues/8143

Although this component is mainly used for api access, experiment a bit further with the inpu dialog as well.
DeltaFile
+15-4src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+12-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+4-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+31-43 files

OPNSense/core 3cbea52src/etc/inc XMLRPC_Client.inc, src/etc/rc.subr.d recover

System: High Availability - XMLRPC Client / replace file_get_contents() with curl implementation, closes https://github.com/opnsense/core/issues/7561

While here, also offer optional peer tls verification as this is/was disabled by default.
In most cases verification isn't very relevant when using a direct attached neighbor, but if someone has infrastructure in between, extra safeguards are now possible.

With this inplace, allow_url_fopen can safely be disabled on our end (which was the primary goal here).
DeltaFile
+37-33src/opnsense/scripts/system/ha_xmlrpc_exec.php
+29-24src/etc/inc/XMLRPC_Client.inc
+5-1src/opnsense/mvc/app/models/OPNsense/Core/Hasync.xml
+6-0src/opnsense/mvc/app/controllers/OPNsense/Core/forms/hasyncSettings.xml
+1-1src/opnsense/service/templates/OPNsense/WebGui/php.ini
+1-1src/etc/rc.subr.d/recover
+79-606 files

OPNSense/core 0bd12b5src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.xml

Firewall: Automation: Filter - add some fields for https://github.com/opnsense/core/issues/8143
DeltaFile
+28-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+26-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+54-02 files

OPNSense/core 88893fesrc/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.xml

Firewall: Automation: Filter - add some fields for https://github.com/opnsense/core/issues/8143
DeltaFile
+18-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+18-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+36-02 files

OPNSense/core 27958basrc/opnsense/mvc/app/models/OPNsense/Interfaces/FieldTypes LinkAddressField.php

interfaces: fix value lookup in LinkAddressField #8161
DeltaFile
+8-4src/opnsense/mvc/app/models/OPNsense/Interfaces/FieldTypes/LinkAddressField.php
+8-41 files

OPNSense/core f159efdsrc/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseField.php

mvc: fields should implement getCurrentValue() rather than __toString()
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseField.php
+2-21 files

OPNSense/core a18fd9csrc/opnsense/mvc/app/models/OPNsense/Interfaces/FieldTypes LinkAddressField.php

interfaces: fix value lookup in LinkAddressField #8161
DeltaFile
+6-3src/opnsense/mvc/app/models/OPNsense/Interfaces/FieldTypes/LinkAddressField.php
+6-31 files

OPNSense/core 1e78885src/opnsense/scripts/auth sync_group.php

system: reverse dependencies here too
DeltaFile
+1-1src/opnsense/scripts/auth/sync_group.php
+1-11 files

OPNSense/core f163484src/opnsense/mvc/app/views/OPNsense/Core hasync_status.volt, src/opnsense/scripts/system ha_xmlrpc_exec.php

System: High Availability: Status - warn about version mismatches, closes https://github.com/opnsense/core/issues/8152
DeltaFile
+7-0src/opnsense/mvc/app/views/OPNsense/Core/hasync_status.volt
+5-1src/opnsense/scripts/system/ha_xmlrpc_exec.php
+12-12 files

OPNSense/core adecb9dsrc/opnsense/scripts/auth sync_user.php

auth/sync_user.php - change import order as noted in https://github.com/opnsense/core/pull/8156
DeltaFile
+1-1src/opnsense/scripts/auth/sync_user.php
+1-11 files

OPNSense/core 96a1145. plist, src/opnsense/mvc/app/models/OPNsense/Auth User.xml

System: Access: Users - add "system list shells" and hook to shell field, closes https://github.com/opnsense/core/issues/8155
DeltaFile
+35-0src/opnsense/scripts/system/list_shells.py
+2-6src/opnsense/mvc/app/models/OPNsense/Auth/User.xml
+8-0src/opnsense/service/conf/actions.d/actions_system.conf
+1-0plist
+46-64 files

OPNSense/core e0e7e0bsrc/etc/inc/plugins.inc.d dnsmasq.inc

Update ICANN Trust Anchor to include the new one which will be active in 2026 (#7852)

Signed-off-by: Jagveer Loky (jagveer at cyberstorm.mu)

Signed-off-by: Jagveer Loky (jagveer at cyberstorm.mu)
DeltaFile
+1-0src/etc/inc/plugins.inc.d/dnsmasq.inc
+1-01 files

OPNSense/core 909e945src/opnsense/mvc/app/models/OPNsense/Auth User.xml

System: Access: Users: add missing dashboard container
DeltaFile
+1-0src/opnsense/mvc/app/models/OPNsense/Auth/User.xml
+1-01 files

OPNSense/core 7f62439. Makefile

make: move to better spot
DeltaFile
+2-2Makefile
+2-21 files

OPNSense/core 9176999. Makefile

make: add "glint" target ;)
DeltaFile
+2-0Makefile
+2-01 files

OPNSense/core 514f87asrc/etc/inc auth.inc, src/opnsense/service/templates/OPNsense/Auth sshd.pam system.pam

System: Access: Users - remove support for local passwords

Since https://github.com/opnsense/core/issues/998 we support our authenticators for all service types, for backward compatibility reasons we kept default unix authentication available, since this is hardly used anymore, after 8 years it's time to deprecate this option.
DeltaFile
+0-17src/www/system_advanced_admin.php
+2-9src/etc/inc/auth.inc
+0-4src/opnsense/service/templates/OPNsense/Auth/sshd.pam
+0-4src/opnsense/service/templates/OPNsense/Auth/system.pam
+2-344 files

OPNSense/core 6e9bcf7src/opnsense/mvc/app/models/OPNsense/Auth Group.xml, src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes UsernameField.php

system: typo, end sentence
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes/UsernameField.php
+1-1src/opnsense/mvc/app/models/OPNsense/Auth/Group.xml
+3-32 files

OPNSense/core 44f5964. plist, src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes UsernameField.php

src: style sweep
DeltaFile
+0-2src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes/UsernameField.php
+1-0plist
+1-22 files

OPNSense/core 7169b29src/etc/inc auth.inc, src/etc/inc/plugins.inc.d core.inc

System: Access: Users - allow long usernames for non local users (without a shell account), for https://github.com/opnsense/core/issues/7904

With the new mvc code inplace, it's also a good idea to loosen the constraints for some accounts. One of the mail advantages is that we can now user email addresses as usernames for most services.
DeltaFile
+87-0src/opnsense/mvc/app/models/OPNsense/Auth/FieldTypes/UsernameField.php
+15-2src/opnsense/scripts/auth/sync_user.php
+8-1src/etc/inc/auth.inc
+3-3src/opnsense/mvc/app/controllers/OPNsense/Auth/Api/UserController.php
+1-3src/opnsense/mvc/app/models/OPNsense/Auth/User.xml
+1-1src/etc/inc/plugins.inc.d/core.inc
+115-106 files

OPNSense/core 4f0fdfasrc/opnsense/www/themes/opnsense-dark/assets/stylesheets main.scss, src/opnsense/www/themes/opnsense-dark/build/css main.css

wizard: revert a373d411f67cb1 now that new logos are in
DeltaFile
+0-8src/opnsense/www/themes/opnsense/assets/stylesheets/main.scss
+0-8src/opnsense/www/themes/opnsense-dark/assets/stylesheets/main.scss
+0-4src/opnsense/www/themes/opnsense/build/css/main.css
+0-4src/opnsense/www/themes/opnsense-dark/build/css/main.css
+1-1src/www/index.php
+1-255 files

OPNSense/core 6a7352e. plist, src/etc rc.expireaccounts

authentication - remove expireaccounts script which has been disfunctional for some time, accounting for expirey is the responsibility of the authenticator.

ref: https://github.com/opnsense/core/blob/252fd04811bb0cb74b69895aed69d1e6944683a6/src/opnsense/mvc/app/library/OPNsense/Auth/Local.php#L161-L162
DeltaFile
+0-54src/etc/rc.expireaccounts
+0-1plist
+0-1src/etc/inc/plugins.inc.d/core.inc
+0-563 files

OPNSense/core 252fd04src/www vpn_ipsec_mobile.php

ipsec: fix mobile clients reload missing system.inc

PRL https://forum.opnsense.org/index.php?topic=44724.0
DeltaFile
+1-0src/www/vpn_ipsec_mobile.php
+1-01 files

OPNSense/core bf0c69dsrc/opnsense/mvc/app/models/OPNsense/Firewall Filter.php

mvc: style sweep
DeltaFile
+4-2src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+4-21 files

OPNSense/core 1058244src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.php Filter.xml

Firewall: Automation: Filter - add interface inverse for https://github.com/opnsense/core/issues/8143
DeltaFile
+9-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+6-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+4-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+19-03 files

OPNSense/core 83587d9src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/library/OPNsense/Firewall FilterRule.php

Firewall: Automation: Filter - reorganize input dialog and add reply-to option, for https://github.com/opnsense/core/issues/8143
DeltaFile
+44-18src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+9-0src/opnsense/mvc/app/views/OPNsense/Firewall/filter.volt
+8-0src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+2-1src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/FilterRuleField.php
+1-1src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
+64-205 files

OPNSense/core 8e310b1src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml, src/opnsense/mvc/app/library/OPNsense/Firewall Rule.php

Firewall: Automation: Filter -  always lowercase 'protocol' to avoid mismatches, partly reverts previous commit.
DeltaFile
+5-1src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
+4-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+9-12 files