Don't clobber rules list
Fix regression with easyrule and speed up rule list generation.
Followup to 2bdfe606826b9f232f47d676948de175445b29b3.
Refactor config rule sorting
Refactor how configuration rules are sorted to allow easier and moregranular control of where the ruels are placed.
- Split user filter rules into separate PFConfig categories.- Create helper functions to get, add, remove, and reoder config rules....
Update PFConfig and rule label constants
- Create a new constant for all categories for ease of use.- Move constants to util.inc which allows their use in files that don't need to include filter.inc.- Shorten PFConfig category IDs to help with the label length limit in...
Prevent tailscale interface from being assignable. Fixes #15909
Don't POST traffic graph widget settings on manual BE Verification. Fixes #15499
Browser icon header revamp. Implements #6727
Sanitize backwardsyncpassword in status output. Fixes #16339
Fix rule labels for user rules in firewall log GUI
Previously the firewall log page checked for "USER_RULE: " in rule labelsto add a user icon to appropriate rules. Now that all rule descriptionsuse the same label prefix (i.e. key), a new way is needed to determine if...
Improve rule labels code
Remove redundant code, add more validation, and update comments.
Followup to 82db67f6a2e09658892f1f68c3c18e5621ff5c9f.
Don't always toggle display of advanced options. Fix #16330
Allow disabling logging of packets blocked due to unmatched IP options. Implement #460345
Ignore link-local IPv6 address from PPPoE DEVD events
Returns the behavior of ignoring LL addresses. The LL fallback is nolonger needed since the IPv6 peer address is now always included.
Followup to a0baea958c7fae9363c757317e9d52874a257b70
Always include the IPv6 peer address if available
Also include the scope with LL addresses for the IPv6 peer address.
Followup to 7948ab35f8becd96ee15cc06f60bf51339e7a44b
Fix negated rules again
Followup to c8e1e75d56a3c01628c535f49f556b6242ee4712
Fix negated rules
Regression from 82db67f6a2e09658892f1f68c3c18e5621ff5c9f
Consider gateway group VIP preference with DDNS. Fix #16326
Refactor rule labels. Implement #16325
- Define labels as key/value pairs.- Add new functions to handle labels defined in config.xml rules.- Support generating unique labels for pf rules from the respective config.xml rules when possible; namely NAT rules cannot have labels....
Also check the pf config file when checking if a filter reload is needed
This serves to keep the pf config file in an expected state in case it wasmodified by some other method.
Followup to d8f4932a4d91794c76a02c2fb0a8209a92fa478b
Remove unneeded core repo since we pkg add them directly
unbound: remove sock-queue-timeout until supported upstream. Fixes #16299
A zero prefix length is invalid and really means /32
pppoe_handler: Remove ipv6 router workaround
With changes to if_pppoe, we not have an associated destination address for thep2p address and the workaround is no longer necessary.
pkg: disable FreeBSD-kmods repo
VIP corrections: Validate IPv4 for proxyarp and respect saved vip type
Also available in: Atom