BSD Commit Log Search

interfaces: multi-dhcp6c support and custom PD association #7647

This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations.  For NA we simply default to 0 now.

I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.

captive portal: rename virtual IPs to 'roaming'

firewall: live view: combined filters stored as converted strings, adjust parsing (fixes https://github.com/opnsense/core/issues/9741)

shorten this

comment not relevant anymore

clean up ipv6 localhost usage

captive portal: limit hostwatch output and other small changes

firewall: another ether rule leftover

Firewall: NAT: Destination NAT - fix target mapping inconsistency leading to ip and network references not being processed (e.g. "lan ip", "wan network")

(cherry picked from commit 96ceae0debc240789ebc962bc787443fb47c921b)

firewall: adjust for parseReplace() for icmp-type "skip"; closes #9738

Direction was a little tricky.  Would be nice to have tests for this.  ;)

Merge remote-tracking branch 'origin/master' into captive-portal-ipv6

captive portal: WIP for IPv6 support

Services: Unbound DNS: Blocklists / Tester - safeguard config use, when there's none specified, don't crash out.

firewall: adjust for parseReplace() for icmp-type "skip"; closes #9738

Direction was a little tricky.  Would be nice to have tests for this.  ;)

Services: Unbound DNS: Blocklists / Tester - safeguard config use, when there's none specified, don't crash out.

System: Access: Servers - add configurable "memberOf" attribute, simplified version of https://github.com/opnsense/core/pull/9675

closes https://github.com/opnsense/core/issues/9650

Firewall: NAT: Destination NAT - fix target mapping inconsistency leading to ip and network references not being processed (e.g. "lan ip", "wan network")

interfaces: fix wlanmode usage part 2 #9727

(cherry picked from commit 4912a671be1ee8dd261d3dd9ed5720b9ed2f805e)

mvc: style

Firewall: Rules [new]: The SKIP icmp type is not a valid name for pf, most likely a bug. Number would work

tests: don't put errors into log during tests for previous

Firewall: Rules [new]: Implement missing ICMP types (#9731)

Signed-off-by: Bjoern Jakobsen <Bjoern.Jakobsen at lrz.de>

mvc: Shell: rewrite exec_safe() to avoid vsprintf() complications; closes #9703

Only support %s and %% using preg_replace_callback() and throw
3 distinct TypeError cases making sure the resulting command is
the dummy command then.

We're not overly interested in how well escapeshellarg() works,
but we ensure it's being called always.

mvc: Shell: rewrite exec_safe() to avoid vsprintf() complications #9703

Firewall: Rules [new]: Fix group rename in source_net, destination_net and SNAT/DNAT target fields (#9734)

* Firewall: Rules [new]: Fix group rename in source_net, destination_net and SNAT/DNAT target fields

* review comments @fichtner

review comments @fichtner

Firewall: Rules [new]: Fix group rename in source_net, destination_net and SNAT/DNAT target fields

firewall: well known ports added to filter rule selection; closes #9692

firewall: undefined is also "*"

interfaces: multi-dhcp6c support and custom PD association #7647

This splits off rtsold and dhcp6c into separate processes
which frees us from the restrictions of faked iterative IDs
for PD associations.  For NA we simply default to 0 now.

I'm not entirely sure why we settled for a single deamon of
dhcp6c back in the day, but there are certianly downsides to
it and I don't see something that wasn't fixed in the meantime
that makes this not work.