From 32e6a1d6185a3c90a32d8cb21b1acc45b154650f Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Tue, 11 Oct 2022 13:17:46 +0200 Subject: [PATCH 1/6] net/haproxy: add support for req.ssl_hello_type, closes #2311 --- net/haproxy/pkg-descr | 5 +++++ .../controllers/OPNsense/HAProxy/forms/dialogAcl.xml | 11 +++++++++++ .../mvc/app/models/OPNsense/HAProxy/HAProxy.xml | 10 ++++++++++ .../service/templates/OPNsense/HAProxy/haproxy.conf | 2 ++ 4 files changed, 28 insertions(+) diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr index d33a113b1..c6e99b526 100644 --- a/net/haproxy/pkg-descr +++ b/net/haproxy/pkg-descr @@ -6,6 +6,11 @@ very high loads while needing persistence or Layer7 processing. Plugin Changelog ================ +3.12 + +Added: +* add support for req.ssl_hello_type (#2311) + 3.11 Added: diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml index 4643f99a8..895bd6e4b 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml @@ -278,6 +278,17 @@ text + + + header + + + + acl.ssl_hello_type + + dropdown + + header diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml index f6baa5c87..3be9a91e1 100644 --- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml +++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml @@ -1599,6 +1599,7 @@ SSL Client certificate is valid SSL Client certificate verify error result SSL Client certificate issued by CA common-name + SSL Hello Type Source IP matches specified IP Source IP is local Source IP: TCP source port @@ -1764,6 +1765,15 @@ /^.{1,4096}$/u N + + N + x1 + + 0 - no client hello + 1 - client hello + 2 - server hello + + /^.{1,4096}$/u N diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf index ea00d11a8..79fde03a0 100644 --- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf +++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf @@ -284,6 +284,8 @@ {% set acl_enabled = '0' %} # ERROR: missing parameters {% endif %} +{% elif acl_data.expression == 'ssl_hello_type' %} +{% do acl_options.append('req.ssl_hello_type ' ~ acl_data.ssl_hello_type|replace('x', '')) %} {% elif acl_data.expression == 'src' %} {% if acl_data.src|default("") != "" %} {% do acl_options.append('src ' ~ acl_data.src) %} From bae01c9dcb4a15657615bfb783dbed1e7aca90a3 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Tue, 11 Oct 2022 14:37:23 +0200 Subject: [PATCH 2/6] net/haproxy: update changelog --- net/haproxy/pkg-descr | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr index c6e99b526..7d0cde83a 100644 --- a/net/haproxy/pkg-descr +++ b/net/haproxy/pkg-descr @@ -11,6 +11,9 @@ Plugin Changelog Added: * add support for req.ssl_hello_type (#2311) +Fixed: +* fix unix sockets in chrooted environment (#3093) + 3.11 Added: From 13e1dbc40a4559a38a02b3d97a165c5e39a140a6 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Tue, 11 Oct 2022 15:29:17 +0200 Subject: [PATCH 3/6] net/haproxy: fix peers by automatically configuring the local peer, closes #3114 --- net/haproxy/pkg-descr | 1 + .../OPNsense/HAProxy/forms/generalPeers.xml | 8 ++++---- .../service/templates/OPNsense/HAProxy/haproxy.conf | 12 +++++++++--- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr index 7d0cde83a..dea92ff85 100644 --- a/net/haproxy/pkg-descr +++ b/net/haproxy/pkg-descr @@ -13,6 +13,7 @@ Added: Fixed: * fix unix sockets in chrooted environment (#3093) +* fix peers by automatically configuring the local peer (#3114) 3.11 diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalPeers.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalPeers.xml index f1091f4f3..7dba7f9f8 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalPeers.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/generalPeers.xml @@ -10,14 +10,14 @@ - + header haproxy.general.peers.name1 text - + system hostname, then this peer is automatically configured as local peer.]]> haproxy.general.peers.listen1 @@ -32,14 +32,14 @@ - + header haproxy.general.peers.name2 text - + system hostname, then this peer is automatically configured as local peer.]]> haproxy.general.peers.listen2 diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf index 79fde03a0..c6f0ff8dd 100644 --- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf +++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf @@ -1041,6 +1041,10 @@ global {% endif %} {% endif %} {% endif %} +{# # specify local peer #} +{% if peers_enabled is defined %} + localpeer {{ system.hostname|lower }}.{{ system.domain|lower }} +{% endif %} {# # pass-through options #} {% if OPNsense.HAProxy.general.tuning.customOptions|default("") != "" %} # WARNING: pass through options below this line @@ -1892,7 +1896,7 @@ backend {{backend.name}} {# PEERS #} {# ############################### #} -{%- if helpers.exists('OPNsense.HAProxy.general.peers') and OPNsense.HAProxy.general.peers.enabled|default("") == "1" %} +{%- if peers_enabled is defined %} {# # ensure that no value is missing #} {% if OPNsense.HAProxy.general.peers.name1|default("") != '' and OPNsense.HAProxy.general.peers.listen1|default("") != '' and @@ -1901,8 +1905,10 @@ backend {{backend.name}} OPNsense.HAProxy.general.peers.listen2|default("") != '' and OPNsense.HAProxy.general.peers.port2|default("") != '' %} peers {{peers_name}} - peer {{OPNsense.HAProxy.general.peers.name1}} {{OPNsense.HAProxy.general.peers.listen1}}:{{OPNsense.HAProxy.general.peers.port1}} - peer {{OPNsense.HAProxy.general.peers.name2}} {{OPNsense.HAProxy.general.peers.listen2}}:{{OPNsense.HAProxy.general.peers.port2}} + peer {{OPNsense.HAProxy.general.peers.name1|lower}} {{OPNsense.HAProxy.general.peers.listen1}}:{{OPNsense.HAProxy.general.peers.port1}} + peer {{OPNsense.HAProxy.general.peers.name2|lower}} {{OPNsense.HAProxy.general.peers.listen2}}:{{OPNsense.HAProxy.general.peers.port2}} +{% else %} +# ERROR: peers configuration is incomplete {% endif %} {%- endif -%} From 5cd2297802771d8e19636fae930d59e2f013b188 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Tue, 11 Oct 2022 15:43:11 +0200 Subject: [PATCH 4/6] net/haproxy: update documentation URLs --- net/haproxy/pkg-descr | 3 +++ .../OPNsense/HAProxy/forms/dialogAction.xml | 10 +++++----- .../OPNsense/HAProxy/forms/dialogBackend.xml | 10 +++++----- .../OPNsense/HAProxy/forms/dialogFrontend.xml | 6 +++--- .../OPNsense/HAProxy/forms/dialogMapfile.xml | 2 +- .../opnsense/mvc/app/views/OPNsense/HAProxy/index.volt | 10 +++++----- 6 files changed, 22 insertions(+), 19 deletions(-) diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr index dea92ff85..37b084e82 100644 --- a/net/haproxy/pkg-descr +++ b/net/haproxy/pkg-descr @@ -15,6 +15,9 @@ Fixed: * fix unix sockets in chrooted environment (#3093) * fix peers by automatically configuring the local peer (#3114) +Changed: +* update HAProxy documentation URLs + 3.11 Added: diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml index c81064259..f0a663f16 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml @@ -89,7 +89,7 @@ action.http_request_redirect text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> @@ -128,7 +128,7 @@ action.http_request_add_header_content text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> @@ -145,7 +145,7 @@ action.http_request_set_header_content text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> @@ -251,7 +251,7 @@ action.http_response_add_header_content text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> @@ -268,7 +268,7 @@ action.http_response_set_header_content text - HAProxy's documentation for further details and examples.]]> + HAProxy's documentation for further details and examples.]]> diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml index 27a6115e2..cd1aec54e 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml @@ -28,7 +28,7 @@ backend.algorithm dropdown - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> Choose a load balancing algorithm. @@ -42,7 +42,7 @@ backend.proxyProtocol dropdown - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> true @@ -186,7 +186,7 @@ backend.persistence_cookiemode dropdown - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> backend.persistence_cookiename @@ -208,14 +208,14 @@ backend.stickiness_pattern dropdown - HAProxy documentation for a full description.
NOTE: Consider not using this feature in multi-process mode, it can result in random behaviours.
]]> + HAProxy documentation for a full description.
NOTE: Consider not using this feature in multi-process mode, it can result in random behaviours.
]]> Choose a persistence type. backend.stickiness_dataTypes select_multiple - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> backend.stickiness_expire diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml index 6d6a4cda7..a028a16f1 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogFrontend.xml @@ -322,14 +322,14 @@ frontend.stickiness_pattern dropdown - HAProxy documentation for further information.]]> + HAProxy documentation for further information.]]> Choose a stick-table type. frontend.stickiness_dataTypes select_multiple - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> frontend.stickiness_expire @@ -356,7 +356,7 @@ frontend.stickiness_counter_key text - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> true diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml index d988e782e..fc0011cc8 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogMapfile.xml @@ -15,6 +15,6 @@ mapfile.content textbox - HAProxy documentation for a full description.]]> + HAProxy documentation for a full description.]]> diff --git a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt index eda3e7ff1..7510ca1ed 100644 --- a/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt +++ b/net/haproxy/src/opnsense/mvc/app/views/OPNsense/HAProxy/index.volt @@ -698,7 +698,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._('Lastly, enable HAProxy using the %sService%s settings page.') | format('', '') }}

    • {{ lang._('Please be aware that you need to %smanually%s add the required firewall rules for all configured services.') | format('', '') }}

    -

    {{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('', '', '', '', '', '') }}

    +

    {{ lang._('Further information is available in our %sHAProxy plugin documentation%s and of course in the %sofficial HAProxy documentation%s. Be sure to report bugs and request features on our %sGitHub issue page%s. Code contributions are also very welcome!') | format('', '', '', '', '', '') }}


    @@ -740,7 +740,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._('%sConditions:%s HAProxy is capable of extracting data from requests, responses and other connection data and match it against predefined patterns. Use these powerful patterns to compose a condition that may be used in multiple Rules.') | format('', '') }}
  • {{ lang._('%sRules:%s Perform a large set of actions if one or more %sConditions%s match. These Rules may be used in %sBackend Pools%s as well as %sPublic Services%s.') | format('', '', '', '', '', '', '', '') }}
    • -

    {{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('', '', '', '') }}

    +

    {{ lang._("For more information on HAProxy's %sACL feature%s see the %sofficial documentation%s.") | format('', '', '', '') }}

    {{ lang._('Note that it is possible to directly add options to the HAProxy configuration by using the "option pass-through", a setting that is available for several configuration items. It allows you to implement configurations that are currently not officially supported by this plugin. It is strongly discouraged to rely on this feature. Please report missing features on our GitHub page!') | format('', '') }}


    @@ -755,7 +755,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._('%sGroup:%s A optional list containing one or more users. Groups usually make it easier to manage permissions for a large number of users') | format('', '') }}

    • {{ lang._('Note that users and groups must be selected from the Backend Pool or Public Service configuration in order to be used for authentication. In addition to this users and groups may also be used in Rules/Conditions.') }}

    -

    {{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('', '', '', '') }}

    +

    {{ lang._("For more information on HAProxy's %suser/group management%s see the %sofficial documentation%s.") | format('', '', '', '') }}


    @@ -773,7 +773,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._("%sCache:%s HAProxy's cache which was designed to perform cache on small objects (favicon, css, etc.). This is a minimalist low-maintenance cache which runs in RAM.") | format('', '', '', '') }}
  • {{ lang._("%sPeers:%s Configure a communication channel between two HAProxy instances. This will propagate entries of any data-types in stick-tables between these HAProxy instances over TCP connections in a multi-master fashion. Useful when aiming for a seamless failover in a HA setup.") | format('', '', '', '') }}
    • -

    {{ lang._("For more details visit HAProxy's official documentation regarding the %sStatistics%s, %sCache%s and %sPeers%s features.") | format('', '', '', '', '', '') }}

    +

    {{ lang._("For more details visit HAProxy's official documentation regarding the %sStatistics%s, %sCache%s and %sPeers%s features.") | format('', '', '', '', '', '') }}


    @@ -790,7 +790,7 @@ POSSIBILITY OF SUCH DAMAGE.
  • {{ lang._("%sResolvers:%s This feature allows in-depth configuration of how HAProxy handles name resolution and interacts with name resolvers (DNS). Each resolver configuration can be used in %sBackend Pools%s to apply individual name resolution configurations.") | format('', '', '', '') }}
  • {{ lang._("%sE-Mail Alerts:%s It is possible to send email alerts when the state of servers changes. Each configuration can be used in %sBackend Pools%s to send e-mail alerts to the configured recipient.") | format('', '', '', '') }}
    • -

    {{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s. A detailed explanation of the resolvers feature can be found %shere%s.") | format('', '', '', '', '', '' ,'', '' ,'', '' ,'', '','', '') }}

    +

    {{ lang._("For more details visit HAProxy's official documentation regarding the %sError Messages%s, %sLua Script%s and the %sMap Files%s features. More information on HAProxy's CPU Affinity is also available %shere%s, %shere%s and %shere%s. A detailed explanation of the resolvers feature can be found %shere%s.") | format('', '', '', '', '', '' ,'', '' ,'', '' ,'', '','', '') }}


    From c7d77ce9bf54597162016ba45f633d991b45b459 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Fri, 21 Oct 2022 15:50:06 +0200 Subject: [PATCH 5/6] net/haproxy: migrate to NAME_setup use, refs 4e01cb2333acd997b01e6a10a9c447b1ccf520dc NAME_setup is mostly being used during system startup. However, there are still cases where setup.sh is manually called to ensure that certain operations like syntax check are working properly. --- .../OPNsense/HAProxy/Api/ServiceController.php | 2 -- .../opnsense/service/conf/actions.d/actions_haproxy.conf | 8 +------- .../opnsense/service/templates/OPNsense/HAProxy/rc.conf.d | 2 +- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php index 524597aef..0632cef86 100644 --- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php +++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/Api/ServiceController.php @@ -56,8 +56,6 @@ class ServiceController extends ApiMutableServiceControllerBase $backend = new Backend(); // first generate template based on current configuration $backend->configdRun('template reload OPNsense/HAProxy'); - // now export all the required files (or syntax check will fail) - $backend->configdRun("haproxy setup"); // finally run the syntax check $response = $backend->configdRun("haproxy configtest"); return array("result" => $response); diff --git a/net/haproxy/src/opnsense/service/conf/actions.d/actions_haproxy.conf b/net/haproxy/src/opnsense/service/conf/actions.d/actions_haproxy.conf index a9f3c5b25..9ca6d13dd 100644 --- a/net/haproxy/src/opnsense/service/conf/actions.d/actions_haproxy.conf +++ b/net/haproxy/src/opnsense/service/conf/actions.d/actions_haproxy.conf @@ -1,9 +1,3 @@ -[setup] -command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh -parameters: -type:script_output -message:setup haproxy service requirements - [start] command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh deploy; /usr/local/opnsense/scripts/OPNsense/HAProxy/rc-wrapper.sh start parameters: @@ -31,7 +25,7 @@ description:Reload HAProxy service message:reloading haproxy [configtest] -command:/usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy.conf.staging 2>&1 || exit 0 +command:/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh; /usr/local/sbin/haproxy -c -f /usr/local/etc/haproxy.conf.staging 2>&1 || exit 0 parameters: type:script_output message:testing haproxy configuration diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/rc.conf.d b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/rc.conf.d index fdb9bcf37..2e2090670 100644 --- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/rc.conf.d +++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/rc.conf.d @@ -1,6 +1,6 @@ {% if helpers.exists('OPNsense.HAProxy.general.enabled') and OPNsense.HAProxy.general.enabled|default("0") == "1" %} haproxy_enable=YES -#haproxy_setup="/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh" +haproxy_setup="/usr/local/opnsense/scripts/OPNsense/HAProxy/setup.sh" haproxy_pidfile="/var/run/haproxy.pid" haproxy_config="/usr/local/etc/haproxy.conf" {% if helpers.exists('OPNsense.HAProxy.general.storeOcsp') and OPNsense.HAProxy.general.storeOcsp|default("0") == "1" %} From 57e21ae339f4b19b6c0075643dacf02bbcdc07a9 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Fri, 21 Oct 2022 18:00:13 +0200 Subject: [PATCH 6/6] net/haproxy: bump version --- net/haproxy/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 0c4fd723e..084dfc5a4 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -1,6 +1,5 @@ PLUGIN_NAME= haproxy -PLUGIN_VERSION= 3.11 -PLUGIN_REVISION= 1 +PLUGIN_VERSION= 3.12 PLUGIN_COMMENT= Reliable, high performance TCP/HTTP load balancer PLUGIN_DEPENDS= haproxy24 PLUGIN_MAINTAINER= opnsense@moov.de