* Security: Q-Feeds Connect - add new options as available in integrated blocklists, closes https://github.com/opnsense/plugins/issues/5197
This adds allowlists (regex patterns), source_nets Q-Feeds applies on, address to return and optional NXDOMAIN responses.
Please note this version is only compatible with current community versions, business edition installs will have to wait for 26.4.
* Security: Q-Feeds Connect - update version and changelog
Fix critical syntax error in opnsense-fw active response script that prevents IPs from being added to the __wazuh_agent_drop alias.
## Problem
The script contains invalid Python syntax - a variable assignment inside a dictionary literal:
```python
"parameters":{
unique_key = "%s-%s" % (...) # Invalid Python syntax
"keys": [unique_key]
}
```
This causes the script to fail with a SyntaxError on all 'add' commands, meaning attacking IPs are never blocked.
## Changes
- Move unique_key assignment outside dictionary literal (fixes SyntaxError)
- Fix typo: 'even' -> 'event' in error message
- Add debug logging for easier troubleshooting
## Testing
- Verified syntax with `python3 -m py_compile`
- Tested active response add/delete operations on OPNsense 26.1
* security/acme-client: Add option for global token to TransIP
The TransIP dns api and the acme.sh api for TransIP support the possibility to create a global access token.
With a global access token, the api call to TransIP can be amde from every ip adress.
There is a new button in the client configuration for TransIP, and this will be added to the account configuration file, which is used by acme.sh
As a note the default value for "syslog_programs" was scrapped
because it was not used. Consider flipping Required=Y and putting
it back to whom it may concern.
Changed a validation message to not end with question. Although
I do not oppose to this the current rule is "dot" for end of sentence
only and the question appears to be better suited for the help text
where it can be accessed beforehand by the user.
- Add repeated_offenders field to active response settings
- Remove 'without context' from ossec.conf include loop to allow
variable access in config fragments
- Fix opnsense-fw.conf template bug: wazuh_command -> active_response
- Bump model version to 1.0.3
When multiple IPs trigger the same rule simultaneously, they were
sharing the same check_keys value (only rule ID), causing the manager
to abort all but the first execution.
Changed the key to include both rule_id and srcip to make it unique
per source IP, allowing multiple simultaneous blocks while still
preventing duplicate blocks of the same IP.
Fixes#4738
* Add ports to Events page
* fixes race condition updating the blocklist
* Native integration with DNSCrypt-proxy
Added Q-Feeds domains to the DNSBL list of DNSCrypt-Proxy. Changed since the initial way, this is more native. Q-Feeds domains txt files only created if DNSCrypt-proxy is installed and if the list (qf) is selected.
