upstream/opnsense-core
1
0
Fork 0
mirror of https://github.com/opnsense/core.git synced 2026-02-03 20:39:42 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
19572 commits 42 branches 402 tags 127 MiB
Commit graph

19572 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ad Schellevis
34d7d77426 Firewall: Rules [new] - on import, validate uuid (either empty or valid), closes https://github.com/opnsense/core/issues/9661 2026-01-28 21:22:47 +01:00
Ad Schellevis
f8560f063f mvc: support throwing exceptions in importRecordSet(.., $data_callback, ..) for importCsv() to add validation on the input data. 
requirement for: https://github.com/opnsense/core/issues/9661
 2026-01-28 21:14:02 +01:00
Ad Schellevis
12aab2a9e0 filter / style - remove excess comma leading to parse errors in our api documentation parser (collect_api_endpoints.py) 2026-01-28 20:40:24 +01:00
Stephan de Wit
f7fac5a6f4 interfaces: host discovery: make sure the full dump includes NDP output if hostwatch is disabled 2026-01-28 10:25:32 +01:00
Franco Fichtner
44dbcd103b interfaces: default missing here causing migration to flip the value #9569 
Disables IPv6 on images which isn't what we want.
 2026-01-28 09:27:04 +01:00
Ad Schellevis
83f9492087 Services: Kea DHCP: Kea DHCPv6 - add validation "Pool overlaps with an existing one." and fix pd_pools being in the wrong loop. for https://github.com/opnsense/core/issues/9343 2026-01-27 21:12:39 +01:00
Ad Schellevis
fcab636a4c Services: Kea DHCP: Kea DHCPv6 - add validation "Invalid Pool boundaries, offered address is not the first address in the prefix." for https://github.com/opnsense/core/issues/9343 2026-01-27 20:18:20 +01:00
Ad Schellevis
b6a59bb7e5 Services: Kea DHCP: Kea DHCPv6 - add validation "Delegated length must be longer than or equal to prefix length", for https://github.com/opnsense/core/issues/9343" 2026-01-27 20:05:34 +01:00
Franco Fichtner
f456d15d76 backend: buh-bye mwexec() and mwexec_bg() 2026-01-27 19:39:45 +01:00
Franco Fichtner
fce3f7973a system: Persian into development mode 2026-01-27 19:18:36 +01:00
Franco Fichtner
660fa8210b console: fix overwrite of 'dhcp' configuration 
Although this is correct from a pure config.xml.sample perspective
it clearly purges further configuration from the file which we better
avoid.
 2026-01-27 17:31:59 +01:00
Franco Fichtner
b2a376cece interfaces: fix previous 2026-01-27 13:03:39 +01:00
Franco Fichtner
a35dce38e8 firmware: revoke 25.7 fingerprint 2026-01-27 12:57:28 +01:00
Stephan de Wit
c030ca6507 interfaces: automatic discovery: use descriptive interface names if available 2026-01-27 12:01:59 +01:00
Franco Fichtner
163162a8ac firmware: remove upgrade hint 2026-01-27 11:44:08 +01:00
Franco Fichtner
6d3ca746d1 radvd: get rid of tabs now that the file content is stable 
Always bugged me for multiple reasons.  Other files got the same
treatment over the years.  For 26.1.x to avoid noise.
 2026-01-27 11:37:55 +01:00
Stephan de Wit
ca9d7a550a dnsmasq: typo 2026-01-27 11:28:57 +01:00
Monviech
ee962f01db
Services: Kea DHCP: Kea DHCPv6 / Reservations: Lease6 view must distinguish between duid and hwaddr (#9651) 
Since with just a boolean "is_reserved" key we don't know why it was reserved, the search button cannot distinguish between duid and hwaddr. So we need to add some sort of metadata, in this case "is_reserved" which can contain this information. Now the DHCPv6 Reservation page can distinguish between the two choices of reservation origin, and change the lease lookup button to either search for a duid or hwaddr.
 2026-01-27 11:27:48 +01:00
Franco Fichtner
b5bcb5f524 firmware: remove training wheels 2026-01-27 11:14:25 +01:00
Franco Fichtner
9d7f916a00 firmware: prep for final release (last dev build for 25.7) 2026-01-27 11:13:28 +01:00
Franco Fichtner
ef49026664 make: make this easier (and safer) for users 2026-01-27 11:10:16 +01:00
Franco Fichtner
635dd1b833 console: make dhcpd(v6) disable more prominent and enable RA #9155 2026-01-27 11:03:53 +01:00
Franco Fichtner
b30630d709 console: assignment for 1) #9155 2026-01-27 10:47:56 +01:00
Franco Fichtner
261ad14e39 console: adapt console option 2) for #9155 2026-01-27 10:27:28 +01:00
Stephan de Wit
5b2f225d38 interfaces: automatic discovery: include first/last_seen, sort on last_seen by default 2026-01-27 09:56:23 +01:00
Franco Fichtner
af5dba11ca system: old glue code does old glue code things 2026-01-27 08:10:23 +01:00
Franco Fichtner
d11320bb42 openssh: obvious fail ;) 2026-01-27 08:05:33 +01:00
Franco Fichtner
b787479933 system: provide override banner and inline hint for /etc/resolv.conf(.local) 2026-01-27 07:56:54 +01:00
Franco Fichtner
47be95b7ff openssh: touchup due to tangent changes in automatically generated banners 2026-01-27 07:51:15 +01:00
Franco Fichtner
8493f8d656 firewall: rule association edits part 2 2026-01-26 15:29:12 +01:00
Franco Fichtner
9a80c6ddb2 interfaces: if no track/idassoc is used still emit a PD request 
Appanrently it has always caused dhcp6c process to loop which
we can fix later.

PR: https://forum.opnsense.org/index.php?topic=50505.0
 2026-01-26 13:14:15 +01:00
Franco Fichtner
6c10a1cbe7 firewall: make previously associated DNAT rules editable 
Also need to go through the edit page but first this as a
reminder.
 2026-01-26 11:36:59 +01:00
Franco Fichtner
3248b4d231 interfaces: avoid forced reloads when PDINFO is not set #9521 
PDINFO, the variable we get from dhcp6c has only reply packet
context and may not be correct when it's renewing a NAINFO for
example.  Ignore the event when not set and add more logging
for the specific case to see if the PPPoE loop is stopped with
that approach.

It may not be stopped since the possibility for a shift of the
PD is still there, but that would mean we're not allowed to
reload a connected PPPoE for specifc reasons we need to find
out.

PR: https://forum.opnsense.org/index.php?topic=50505.0
 2026-01-26 09:30:16 +01:00
Franco Fichtner
c3a24de1b5 interfaces: looks like an oversight in validation 
In the configuration there only exists "track6", but for "idassoc6" we
were looking for that instead which PHP could confuse with a "0" value
when empty.

PR: https://forum.opnsense.org/index.php?topic=50488.0
 2026-01-25 22:02:18 +01:00
Ad Schellevis
6a666e804a Services: Kea DHCP: Kea DHCPv6 - add pool in net validation, for https://github.com/opnsense/core/issues/9343 2026-01-25 19:58:02 +01:00
Franco Fichtner
3c86f5d10e radvd: remove faulty condition introduced in 733f5057d0 
I'm not sure why it was there.  No address means no working radvd.
 2026-01-25 16:29:07 +01:00
Franco Fichtner
e1325c5d4d isc-dhcp: also show menu in idassoc6 mode 
PR: https://forum.opnsense.org/index.php?topic=50474.msg257718#msg257718
 2026-01-25 16:10:41 +01:00
Ad Schellevis
592f9f1334 Services: Kea DHCP - add libdhcp_host_cmds.so to expose (internal) api commands for reservations, closes https://github.com/opnsense/core/issues/9646 2026-01-25 14:19:37 +01:00
Ad Schellevis
b9b9336975 Services: Kea DHCP: Kea DHCPv6 / Rervations - allow hw-address for reservations (in stead of DUID), closes https://github.com/opnsense/core/issues/9282 2026-01-25 11:09:56 +01:00
Ad Schellevis
7bb4008986 Firewall: Aliases - expire geoip aliases when there's either no database installed or its newer than the alias contents populated. closes https://github.com/opnsense/core/issues/9374 
In the long run we should probably refactor the alias class so different types can have their own implementations, but this has a lot more impact than injecting a specific expire() implementation for geoip information at its current spot.

The additional advantage of this change is it will update aliases before their TTL expires when the geoip database is newer than the alias content.
 2026-01-24 18:17:27 +01:00
Franco Fichtner
33e296120f
mvc: add ChangeCase support to ProtocolField for DNAT special case (#9643) 
Use the ChangeCase BaseField extension because it's already being tested
and add more tests and safeguards so that the cache knows which case is
going on (also if 'any' needs to be used).

The 'any' value is a bit tricky here.  Force it to lowercase in all cases
since it wasn't uppercased before either.

Also fix the display of anti-lockout protocol for consistency.
 2026-01-24 16:20:50 +01:00
Franco Fichtner
2b19239c14 rc: hostwatch glitch should be gone in RC2 with latest package 
PR: https://github.com/opnsense/hostwatch/issues/7
 2026-01-24 14:25:06 +01:00
Franco Fichtner
fe145d99ae interfaces: do not handle hostwatch user/group from here 2026-01-23 14:12:18 +01:00
Monviech
a1404a2495 Firewall: Rules: Migration assistant: Fix typos and improve clarity in migration instructions 2026-01-23 13:23:28 +01:00
Monviech
b3fa25ee01
Firewall: Rules [new]: Escape selector in rule_protocol (#9642) 2026-01-23 09:03:24 +01:00
Ad Schellevis
d15195930e Firewall: Rules: Migration assistant - fix category fieldname 2026-01-22 17:06:13 +01:00
Ad Schellevis
94081fd82f Firewall: Rules: Migration assistant - fix disabled rules in export. 2026-01-22 17:03:10 +01:00
Ad Schellevis
63c3fe33f6 Interfaces: Neighbors: Automatic Discovery - add xmlrpc registration, closes https://github.com/opnsense/core/issues/9628 2026-01-22 16:31:07 +01:00
Franco Fichtner
e75192ca46 firewall: style 2026-01-22 11:55:28 +01:00
Stephan de Wit
ba8194dedd filter: replace with !empty isset during legacy rule dump 
This is particularly relevant for fresh installs, where the default
config sets <any/> keys. This makes sure those default rules are
able to be migrated properly.
 2026-01-22 11:31:01 +01:00