Commit graph

5439 commits

Author SHA1 Message Date
Franco Fichtner
1bfb448cf2 net/isc-dhcp: move ip_in_interface_alias_subnet() here
Only called by this plugin.  So we can ditch it from core.
2026-02-18 09:07:49 +01:00
Ad Schellevis
de4c98eee2
Security: Q-Feeds Connect - add new options as available in integrated blocklists (#5226)
* Security: Q-Feeds Connect - add new options as available in integrated blocklists, closes https://github.com/opnsense/plugins/issues/5197

This adds allowlists (regex patterns), source_nets Q-Feeds applies on, address to return and optional NXDOMAIN responses.

Please note this version is only compatible with current community versions, business edition installs will have to wait for 26.4.

* Security: Q-Feeds Connect - update version and changelog
2026-02-16 16:58:17 +01:00
Nuadh123
449323e6a5
os-nextcloud-backup Skip non-files when enumerating local entries to backup (#5192) 2026-02-11 19:21:09 +01:00
Nuadh123
b9b1140910
os-nextcloud-backup Add support for having backing up to a subdirectory instead of the root backupdir (#5191) 2026-02-11 19:18:58 +01:00
Franco Fichtner
8701588fad dns/dnscrypt-proxy: wrap up revision 2026-02-11 14:31:07 +01:00
Andrei Hodorog
fb59f87e99
dns/dnscrypt-proxy: fix bootstrap_resolvers with multiple comma-separated servers (#5163)
When multiple bootstrap resolvers are configured in the "Fallback Resolver"
field (e.g., "1.1.1.1:53,9.9.9.9:53"), the generated config incorrectly
places the comma inside a single string:

  bootstrap_resolvers = ['1.1.1.1:53,9.9.9.9:53']

This causes dnscrypt-proxy to fail with:

  [FATAL] Bootstrap resolver [...]: Host does not parse as IP '1.1.1.1:53,9.9.9.9:53'

The fix applies the same split/join pattern already used for listen_addresses,
server_names, disabled_server_names, and relaylist in the same template:

  bootstrap_resolvers = ['1.1.1.1:53','9.9.9.9:53']

This bug was introduced in commit 1eec51a65 which renamed fallback_resolver
to bootstrap_resolvers but did not update the template syntax from a single
string to a TOML array format.
2026-02-10 16:31:42 +01:00
Franco Fichtner
85f1bb94bf www/web-proxy-sso: model style 2026-02-10 11:32:21 +01:00
Frank Wall
7c710d4be9
Merge pull request #5207 from fraenki/haproxy_500b
net/haproxy: fix syntax of set-var-fmt
2026-02-10 10:39:23 +01:00
Frank Wall
6c779f0690 net/haproxy: fix syntax of set-var-fmt 2026-02-09 23:26:26 +01:00
Frank Wall
96ed5342d4
Merge pull request #5206 from fraenki/haproxy_500a
net/haproxy: another addition for release 5.0
2026-02-09 21:35:27 +01:00
Frank Wall
3aa7c39481 net/haproxy: support new map file type "sub" 2026-02-09 17:04:33 +01:00
Q-Feeds
f64be105b0
Fix: Strip whitespace from API token to prevent 401 authentication errors (#5203) 2026-02-09 10:52:52 +01:00
Franco Fichtner
59d158e93a LICENSE: sync 2026-02-09 07:52:45 +01:00
Franco Fichtner
92fb6dcb2d security/q-feeds-connector: wrap up this revision 2026-02-09 07:51:37 +01:00
Franco Fichtner
acbaa92aad net/haproxy: style sweep and LICENSE sync 2026-02-09 07:42:21 +01:00
Frank Wall
9431d5a5eb
Merge pull request #5201 from fraenki/haproxy_500
net/haproxy: additions for release 5.0
2026-02-08 23:00:07 +01:00
Frank Wall
3c2dd310fe net/haproxy: support more advanced sample fetches and converters 2026-02-08 22:58:19 +01:00
Frank Wall
b9dcae8a9c net/haproxy: support mapfiles in hdr/path ACLs
Previously a path or header had to be specified. But with the
extended mapfile support, these are no longer required values.
A mapfile may be used instead.
2026-02-08 00:08:08 +01:00
Frank Wall
646f886f3b
Merge pull request #5101 from fraenki/haproxy_470
net/haproxy: release 5.0
2026-02-06 23:20:27 +01:00
Franco Fichtner
630cd208ea LICENSE: fix a typo and sync 2026-02-06 10:57:50 +01:00
Maurice Walker
fe9abad52b
net/tayga: update website in pkg-descr (new maintainer @apalrd) (#5193) 2026-02-06 06:44:18 +01:00
Ad Schellevis
8cafe71201 security/q-feeds-connector: track if qfeeds lists are loaded when deselected and reload unbounds blocklist in that case (via qfeedsctl.py), for https://github.com/opnsense/plugins/issues/5190 2026-02-05 21:19:22 +01:00
Frank Wall
95a30c536d net/haproxy: fix potential model migration error 2026-02-05 15:45:46 +01:00
Frank Wall
c6496afabc net/haproxy: add support for legacy GPC/GPT/SC ACLs
This is necessary, because according to the documentation,
the modern syntax cannot be mixed with legacy syntax in
several cases:

"This fetch applies only to the 'gpc' array data_type (and not
to the legacy 'gpc0' nor 'gpc1' data_types)."
2026-02-05 01:26:21 +01:00
Frank Wall
b27b732ce4 net/haproxy: full support for table names in conditions 2026-02-03 17:46:14 +01:00
Franco Fichtner
d0374346e2 sysutils/gdrive-backup: switch class name for linter 2026-02-03 16:11:01 +01:00
Frank Wall
d90ef9bc1b net/haproxy: add support for GPC/GPT/SC to rules 2026-02-03 16:03:30 +01:00
Franco Fichtner
0fe62ae500 net/freeradius: wrap up version 2026-02-03 15:30:08 +01:00
Franco Fichtner
93c1989036 dns/ddclient: wrap up version 2026-02-03 15:26:38 +01:00
Franco Fichtner
f216f3d458 LICENSE: sync 2026-02-03 15:24:14 +01:00
Maurice Walker
1278de17db
net/tayga: enable forwarding of UDP packets with zero checksum (#5183) 2026-02-03 07:36:37 +01:00
Frank Wall
291b41bf22 net/haproxy: improve mapfile handling 2026-02-02 23:14:38 +01:00
Frank Wall
0558c85bb5 net/haproxy: add support for loading mapfiles in ACLs 2026-02-02 21:51:32 +01:00
Frank Wall
6594d14d9a net/haproxy: fix ssl certificates on maintenance page 2026-02-02 18:25:18 +01:00
Frank Wall
a999d59f57 net/haproxy: finishing touches and bugfixes 2026-02-02 17:38:20 +01:00
Kota Shiratsuka
c2c49fb1a1
FreeRADIUS: add TLS maximum version setting for EAP (#5175) 2026-01-30 19:54:11 +01:00
Franco Fichtner
4773ff712e security/wazuh-agent: bump revision 2026-01-30 15:55:28 +01:00
mbedworth
590bd9211c
security/wazuh-agent: fix syntax error in opnsense-fw active response (#5174)
Fix critical syntax error in opnsense-fw active response script that prevents IPs from being added to the __wazuh_agent_drop alias.

## Problem
The script contains invalid Python syntax - a variable assignment inside a dictionary literal:
```python
"parameters":{
   unique_key = "%s-%s" % (...)  # Invalid Python syntax
   "keys": [unique_key]
}
```

This causes the script to fail with a SyntaxError on all 'add' commands, meaning attacking IPs are never blocked.

## Changes
- Move unique_key assignment outside dictionary literal (fixes SyntaxError)
- Fix typo: 'even' -> 'event' in error message
- Add debug logging for easier troubleshooting

## Testing
- Verified syntax with `python3 -m py_compile`
- Tested active response add/delete operations on OPNsense 26.1
2026-01-30 07:44:12 +01:00
Frank Wall
cb73d5e65a
Merge pull request #5173 from fraenki/acme_413
security/acme-client: release 4.13
2026-01-29 23:27:26 +01:00
Frank Wall
e011819532 security/acme-client: update changelog 2026-01-29 22:32:57 +01:00
Frank Wall
db0b943465 security/acme-client: remove duplicate slashes, refs #5166 2026-01-29 22:31:31 +01:00
Frank Wall
d18e09c78d security/acme-client: release 4.13 2026-01-29 22:31:31 +01:00
Frank Wall
728b97c87e
Merge pull request #5168 from gigamonster256/push-rwxoyqsoyqlp
security/acme-client: allow always renew
2026-01-29 22:30:03 +01:00
Jeroen Kool
be5be59d60
security/acme-client: make it possible to obtain a global access token from TransIP (#5166)
* security/acme-client: Add option for global token to TransIP

The TransIP dns api and the acme.sh api for TransIP support the possibility to create a global access token.
With a global access token, the api call to TransIP can be amde from every ip adress.
There is a new button in the client configuration for TransIP, and this will be added to the account configuration file, which is used by acme.sh
2026-01-29 22:24:03 +01:00
Frank Wall
f3d86bb2d0
Merge pull request #5158 from Benno089/ISSUE-4959
security/acme-client: add support for DNS challenge Spaceship.com
2026-01-29 21:47:07 +01:00
Frank Wall
67977c43a8
Merge pull request #5157 from GutierrezJeremy/deploy-hook-ruckus
security/acme-client: add support for acme.sh deploy hook "Ruckus"
2026-01-29 21:46:32 +01:00
Frank Wall
268d504349
Merge pull request #5154 from apritcha1/master
security/acme-client: add support for ACME profiles
2026-01-29 21:46:03 +01:00
Frank Wall
2738d4af64 net/haproxy: add column "mode" to servers overview, refs #4632 2026-01-28 15:01:31 +01:00
Frank Wall
a4f2a6ba5c net/haproxy: add support for SSL SNI expressions, refs #3756 2026-01-28 14:50:41 +01:00
Frank Wall
c380136258 net/haproxy: add support for GPC/GPT/SC, refs #1123 refs #5109 2026-01-28 14:31:36 +01:00