[pull] master from opnsense:master #1336
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22b7b55 to
c2d07ae
Compare
864f8d3 to
ef1d155
Compare
272532c to
43a1743
Compare
89d5c6b to
f5ae0c8
Compare
709906d to
bc2ca23
Compare
3d71277 to
20a8006
Compare
129fb8a to
af3d45c
Compare
When an excessive number of events is fired, unbound may keep reconfiguring and keeps mounting and unmounting the requirements for our python plugin. In order to prevent this, we should consider keeping the mounts in place on restarts when we are going to remount them anyway. This likely won't solve all issues in the world, but may solve some of them. Ideally unbound shouldn't restart on interface changes, but that either requires unbound-control using the reload command (which is experimental) or preventing the configuration to include dynamic parts.
…h local links only when generating these rules, for #8724 The intention of "force gateway" is to stick global address communication to the proper return path, but when there's no global address available, the generated rules may match traffic from other interfaces using the same link-local address. Ideally, for ipv6, the "from" selector should match all addresses excluding link-local, but that would probably require a larger change (I couldn't find a simple alternative in pf.conf's manual) or installing additional non-quick rules matching the link-local space. When there is a GUA, we have seen no issues with the current rule, which looks like: pass out route-to ( pppoeX xxx:xxx:xxx::x) from {(pppoeX)} to {!(pppoeX:network)} keep state allow-opts label "" # let out anything from firewall host itself (force gw)
…#8701 Add invokeFirewallReload() hook in ApiMutableServiceControllerBase similar to the interface registration one and start using it in dnsmasq.
…s. (#8713) * dnsmasq: Allow either empty IP or empty hostname for dhcp-host entries. * Simplify previous * Update src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf Co-authored-by: Ad Schellevis <AdSchellevis@users.noreply.github.com> * Update src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php Co-authored-by: Ad Schellevis <AdSchellevis@users.noreply.github.com> * Update src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php Co-authored-by: Ad Schellevis <AdSchellevis@users.noreply.github.com> * dnsmasq: Use array_filter to remove empty strings, use else statement for host overrides * dnsmasq: Safeguard loop when host.ip is not defined, otherwise the order of operations will fail here with 'collections.OrderedDict object' has no attribute 'ip' --------- Co-authored-by: Ad Schellevis <AdSchellevis@users.noreply.github.com>
…ocal (#8730) Couple it with the dhcp-range domain dataset to ensure a unique dataset for all local domains. This enables users to set domains as local in classic host overrides, if they want dnsmasq to handle this domain exclusively. This should give flexibility for almost all DNS forwarding scenarios, even if DHCP is not used at all.
…ce might miss a trailing slash
Allow the webui to run as wwwonly and move related (temp) files to their own directories so we limit the choice of mangling rights. When trying to transition back from wwwonly to root, require a file (/var/run/www_non_root) to be removed via the console as an extra barrier. When captive portal is used, the api dispatcher is forced to use wwwonly in all situations as the number of endpoints used is small and easy to validate (no legacy impact)
…auses side affect mentioned in #8731
…in auto calculated defaults (#8743)
* dnsmasq: Fix wildcard host handling * dnsmasq: Also handle the pure wildcard host + IP address combination with no domain specified. * Update src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.php Co-authored-by: Ad Schellevis <AdSchellevis@users.noreply.github.com> * dnsmasq: Allow host wildcard in fieldtype --------- Co-authored-by: Ad Schellevis <AdSchellevis@users.noreply.github.com>
- Adds a command button to the leases view that refers to the hosts tab. - Opens add dialog and insert hostname, ip address, mac address, client id via url hash. - Differentiates between IPv4 and IPv6 reservations - Tracks which lease is already registered by comparing it to the host data in the model, keeping track of ipv4 and ipv6 leases via client_id and hwaddr - add button and search button depending is_reserved - search button to find the lease that triggered the is_reserved status for transparency - refers directly to the host page, to force the button and lease status to change, as when users go back into the leases view the page will be reloaded
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.1)
Can you help keep this open source service alive? 💖 Please spo 8000 nsor : )