BSD Commit Log Search

net/frr: Use physical interface helper in bfdd.conf (Fix #5317)

freeradius: add configurable LDAP group membership mode (#5430)

Adds `group_membership_mode` to the LDAP settings (model, form, template):

- `attribute` (default): `membership_attribute = 'memberOf'` — existing
  behaviour, compatible with POSIX groups and flat LDAP structures.
- `filter`: `membership_filter` with LDAP_MATCHING_RULE_IN_CHAIN OID
  (1.2.840.113556.1.4.1941) — resolves nested group membership against
  Active Directory and Samba 4 AD DC in a single LDAP query.

The `memberOf` attribute reflects only direct memberships, breaking
`Ldap-Group ==` checks (e.g. VLAN assignment) when groups are nested.
The OID-based filter traverses the full membership chain server-side.

Default is `attribute`; existing configurations are unaffected.

Tested with Samba 4.24 AD DC and FreeRADIUS 3.2 (os-freeradius plugin).

net/frr: Better force a migration for manual_config to ensure its always there

net/frr: Hide daemon specific menu entries when manual_config is enabled

net/frr: Simplify hiding logic in general.volt, make sweep

net/cloudflared: add edge IP version setting, move advanced options behind toggle (#5512)

* net/cloudflared: add edge IP version setting, move advanced options

Add edge_ip_version dropdown (Auto/IPv4/IPv6) passed via
TUNNEL_EDGE_IP_VERSION env var.

Move protocol, post-quantum, and QUIC PMTU discovery fields behind
the advanced toggle, leaving Enable and Tunnel Token on the main screen.

Co-Authored-By: Claude Sonnet 4.6 <noreply at anthropic.com>

* net/cloudflared: bump model version, refactor rc.conf.d env assembly

Bump Cloudflared.xml model version to 1.0.1.

Refactor rc.conf.d to build cloudflared_env via a Jinja2 namespace,
replacing the inline conditional string with per-variable set blocks
that are easier to read and extend.

    [19 lines not shown]

not needed here

net/frr: Reflect the individual daemon enabled sections into the general model

net/vnstat: git merge fail, restore actions

net/vnstat: fix dashboard ACL linter and other things

make sweep

net/frr: Make manual config banner text better

net/vnstat: dashboard widget (#5336)

Co-authored-by: Ad Schellevis <AdSchellevis at users.noreply.github.com>

net/frr: Some options are in the rc file, some in zebra. Distinguish whats still possible to be changed in general options by hiding zebra relevant options

net/frr: Typo in previous

net/frr: Typo in previous

net/frr: Manual configuration override, WIP

dns/bind: add SVCB record type to BIND record model (#5508)

Adds SVCB to the Record model OptionValues so RFC 9460/9461 SVCB records
(e.g. _dns DDR records for encrypted-DNS discovery) can be created via the
plugin GUI/API. BIND 9.18+ supports SVCB natively; the plugin validation
rejected the type before it reached named. One-line change, complements the
HTTPS record type (#5425).

dns/bind: add HTTPS record type to BIND record model (#5425)

net/frr: sync with master

net/frr: bump

net/frr: Fix typo in ospf6d.conf prefix-list (ip -> ipv6)

vnstat expose MonthRotate in UI (#5484)

Update maltrail.conf (#5463)

security/maltrail: add FAIL2BAN_ALLOWLIST to server config template to allow localhost access to fail2ban endpoint

udpbroadcastrelay: remove stray semicolon in $internalModelClass (#5507)

plugins: remove curl_close() no-op for PHP 8.5

net/isc-dhcp: shorten the service descriptions

www/nginx: stop using $_SERVER to access argc/argv

net/frr: sync with master

net/frr: bump for hotfix