Merge pull request #161 from jaredhendrickson13/v131

v1.3.1 Fixes & Features

Author: jaredhendrickson13

README.md

@@ -1030,6 +1030,9 @@ URL: https://{{$hostname}}/api/v1/firewall/alias
 | descr | string | Description of new alias (optional) |
 | address | string or array | Array of values to add to alias. A single value may be specified as string. |
 | detail | string or array | Array of descriptions for alias values. Descriptions must match the order the that they are specified in the `address` array. Single descriptions may be specified as string |
+| apply | boolean | Specify whether or not you would like this alias to be applied immediately, or simply written to the configuration to be applied later. Typically, if you are creating multiple aliases at once it is best to set this to false and apply the changes afterwards using the `/api/v1/firewall/apply` endpoint. Otherwise, If you are only creating a single alias, you may set this true to apply it immediately. Defaults to true. (optional)
+
+_Note: currently this defaults to always reload the firewall filter after in order to remain backwards compatible with previous releases, this will be changed to not reload the filter by default in a future release._ |
 
 
 
@@ -1069,6 +1072,9 @@ URL: https://{{$hostname}}/api/v1/firewall/alias
 | Key | Type | Description |
 | --- | ------|-------------|
 | id | string | Name or ID of alias to delete. This alias cannot be in use elsewhere in configuration |
+| apply | boolean | Specify whether or not you would like this alias to be applied immediately, or simply written to the configuration to be applied later. Typically, if you are creating multiple aliases at once it is best to set this to false and apply the changes afterwards using the `/api/v1/firewall/apply` endpoint. Otherwise, If you are only creating a single alias, you may set this true to apply it immediately. Defaults to true. (optional)
+
+_Note: currently this defaults to always reload the firewall filter after in order to remain backwards compatible with previous releases, this will be changed to not reload the filter by default in a future release._ |
 
 
 
@@ -1126,6 +1132,9 @@ URL: https://{{$hostname}}/api/v1/firewall/alias
 | descr | string | Change alias description (optional) |
 | address | string or array | Overwrite existing alias addresses with new addresses. Multiple values may be passed in as array, singular values may be passed in as string (optional) |
 | detail | string or array | Overwrite existing alias address details with new details. Multiple values may be passed in as array, singular values may be passed in as string. Detail values must match index of alias addresses (optional) |
+| apply | boolean | Specify whether or not you would like this alias to be applied immediately, or simply written to the configuration to be applied later. Typically, if you are creating multiple aliases at once it is best to set this to false and apply the changes afterwards using the `/api/v1/firewall/apply` endpoint. Otherwise, If you are only creating a single alias, you may set this true to apply it immediately. Defaults to true. (optional)
+
+_Note: currently this defaults to always reload the firewall filter after in order to remain backwards compatible with previous releases, this will be changed to not reload the filter by default in a future release._ |
 
 
 
@@ -1172,6 +1181,10 @@ URL: https://{{$hostname}}/api/v1/firewall/alias/entry
 | name | string | Name of alias to add new address values |
 | address | string or array | Array of values to add to alias. A single value may be specified as string. |
 | detail | string or array | Array of descriptions for alias values. Descriptions must match the order the that they are specified in the `address` array. Single descriptions may be specified as string. If you pass In less `detail` values than `address` values, a default auto-created detail will be applied to the remaining values. (optional) |
+| detail | string or array | Array of descriptions for alias values. Descriptions must match the order the that they are specified in the `address` array. Single descriptions may be specified as string. If you pass In less `detail` values than `address` values, a default auto-created detail will be applied to the remaining values. (optional) |
+| apply | boolean | Specify whether or not you would like this alias to be applied immediately, or simply written to the configuration to be applied later. Typically, if you are creating multiple aliases at once it is best to set this to false and apply the changes afterwards using the `/api/v1/firewall/apply` endpoint. Otherwise, If you are only creating a single alias, you may set this true to apply it immediately. Defaults to true. (optional)
+
+_Note: currently this defaults to always reload the firewall filter after in order to remain backwards compatible with previous releases, this will be changed to not reload the filter by default in a future release._ |
 
 
 
@@ -1210,6 +1223,9 @@ URL: https://{{$hostname}}/api/v1/firewall/alias/entry
 | --- | ------|-------------|
 | name | string | Name of alias to delete address values from |
 | address | string | Array of values to delete from alias. A single value may be specified as string. |
+| apply | boolean | Specify whether or not you would like this alias to be applied immediately, or simply written to the configuration to be applied later. Typically, if you are creating multiple aliases at once it is best to set this to false and apply the changes afterwards using the `/api/v1/firewall/apply` endpoint. Otherwise, If you are only creating a single alias, you may set this true to apply it immediately. Defaults to true. (optional)
+
+_Note: currently this defaults to always reload the firewall filter after in order to remain backwards compatible with previous releases, this will be changed to not reload the filter by default in a future release._ |
 
 
 
@@ -1481,6 +1497,9 @@ URL: https://{{$hostname}}/api/v1/firewall/nat/outbound
 | Key | Type | Description |
 | --- | ------|-------------|
 | mode | string | Update the outbound NAT mode. Options are `automatic` to automatically generate outbound NAT rules, `hybrid` to support both automatic and manual outbound NAT rules , `advanced` to require all rules to be entered manually, or `disabled` to disable outbound NAT altogether. If updating to `advanced` from `automatic` or `hybrid`, the API will automatically create manual entries for each automatically generated outbound NAT entry. |
+| apply | boolean | Specify whether or not you would like this setting to be applied immediately, or simply written to the configuration to be applied later. Typically, if you are creating multiple firewall related objects at once it is best to set this to false and apply the changes afterwards using the `/api/v1/firewall/apply` endpoint. Otherwise, If you are only updating the outbound NAT settings, you may set this true to apply it immediately. Defaults to true. (optional)
+
+_Note: currently this defaults to always reload the firewall filter after in order to remain backwards compatible with previous releases, this will be changed to not reload the filter by default in a future release._ |
 
 
 

pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc

@@ -3271,6 +3271,12 @@ function get($id, $data=[], $all=false) {
             "return" => $id,
             "message" => "Gateway ID does not exist"
         ],
+        6029 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "Only 1 dynamic gateway per eligible interface is allowed"
+        ],
 
         // 7000-7999 reserved for /diagnostics API calls
         7000 => [

pfSense-pkg-API/files/etc/inc/api/framework/APITools.inc

@@ -900,55 +900,6 @@ function get_ipv6_if_list() {
     return($dyn_v6_ifs);
 }
 
-// Apply a new interface configuration
-function apply_interface_config($if_id, $if_conf) {
-    // Local variables
-    global $config;
-    $vlan_redo = false;
-    // Check that our if configuration is an array
-    if (is_array($if_conf)) {
-        if (isset($config['interfaces'][$if_id]['enable'])) {
-            interface_bring_down($if_id, false, $if_conf);
-            interface_configure($if_id, true);
-            if ($config['interfaces'][$if_id]['ipaddrv6'] == "track6") {
-                // Configure IPv6 track6 type if present
-                $wan_cfg = $config['interfaces'][$if_id];
-                interface_track6_configure($if_id, $wan_cfg, true);
-            }
-        } else {
-            interface_bring_down($if_id, true, $if_conf);
-            // Restart DHCPD if enabled
-            if (isset($config['dhcpd'][$if_id]['enable']) ||
-                isset($config['dhcpdv6'][$if_id]['enable'])) {
-                services_dhcpd_configure();
-            }
-        }
-        // Check if VLANs are configured for this interface, if so, reapply them
-        if (interface_has_clones(get_real_interface($if_id))) {
-            $vlan_redo = true;
-        }
-    }
-    // Check if DHCP needs to be reloaded
-    if ($if_conf['ipaddr'] == "dhcp") {
-        kill_dhclient_process($if_conf['if']);
-    }
-    if ($if_conf['ipaddrv6'] == "dhcp6") {
-        kill_dhcp6client_process($if_conf['if'],true);
-    }
-    // Reapply VLANs if necessary
-    if ($vlan_redo) {
-        interfaces_vlan_configure();
-    }
-    // Restart services that may reference IP
-    services_snmpd_configure();
-    setup_gateways_monitor();
-    filter_configure();
-    enable_rrd_graphing();
-    system_routing_configure();
-    // Return true or false if configuration was successful
-    return true;
-}
-
 function delete_static_route($id) {
     global $config;
     $a_routes = &$config['staticroutes']['route'];

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallAliasCreate.inc

@@ -25,11 +25,18 @@ class APIFirewallAliasCreate extends APIModel {
     }
 
     public function action() {
-        // Add our alias
+        # Add our new alias and reload configuration as requested
         $this->config["aliases"] = !is_array($this->config["aliases"]) ? array("alias" => []) : $this->config["aliases"];
-        $this->config["aliases"]["alias"][] = $this->validated_data;    // Write our configuration change
-        $this->write_config();    // Apply our configuration change
-        send_event("filter reload");    // Ensure our firewall filter is reloaded
+        $this->config["aliases"]["alias"][] = $this->validated_data;
+        $this->write_config();
+        mark_subsystem_dirty("aliases");
+
+        # Only reload the firewall filter if a false value was not passed in
+        # TODO: This condition applies the changes by default to stay backwards compatible with v1.3.0
+        # TODO: this should be refactored in a future release to not apply by default
+        if ($this->initial_data["apply"] !== false) {
+            APIFirewallApplyCreate::apply();
+        }
         return APIResponse\get(0, $this->validated_data);
     }
 

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallAliasDelete.inc

@@ -25,12 +25,19 @@ class APIFirewallAliasDelete extends APIModel {
     }
 
     public function action() {
-        $del_conf = $this->config["aliases"]["alias"][$this->id];
+        # Remove this alias from configuration and apply changes as requested
         unset($this->config["aliases"]["alias"][$this->id]);
         $this->config["aliases"]["alias"] = array_values($this->config["aliases"]["alias"]);
         $this->write_config();
-        send_event("filter reload");
-        return APIResponse\get(0, $del_conf);
+        mark_subsystem_dirty("aliases");
+
+        # Only reload the firewall filter if a false value was not passed in
+        # TODO: This condition applies the changes by default to stay backwards compatible with v1.3.0
+        # TODO: this should be refactored in a future release to not apply by default
+        if ($this->initial_data["apply"] !== false) {
+            APIFirewallApplyCreate::apply();
+        }
+        return APIResponse\get(0, $this->validated_data);
     }
 
     private function __validate_id() {
@@ -62,4 +69,4 @@ class APIFirewallAliasDelete extends APIModel {
     public function validate_payload() {
         $this->__validate_id();
     }
-}
+}

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallAliasEntryCreate.inc

@@ -28,7 +28,14 @@ class APIFirewallAliasEntryCreate extends APIModel {
         # Update our alias with the new entries
         $this->config["aliases"]["alias"][$this->id] = $this->validated_data;
         $this->write_config();
-        send_event("filter reload");
+        mark_subsystem_dirty("aliases");
+
+        # Only reload the firewall filter if a false value was not passed in
+        # TODO: This condition applies the changes by default to stay backwards compatible with v1.3.0
+        # TODO: this should be refactored in a future release to not apply by default
+        if ($this->initial_data["apply"] !== false) {
+            APIFirewallApplyCreate::apply();
+        }
 
         return APIResponse\get(0, $this->config["aliases"]["alias"][$this->id]);
     }

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallAliasEntryDelete.inc

@@ -25,9 +25,17 @@ class APIFirewallAliasEntryDelete extends APIModel {
     }
 
     public function action() {
+        # Write our new alias entry
         $this->config["aliases"]["alias"][$this->id] = $this->validated_data;
         $this->write_config();
-        send_event("filter reload");
+        mark_subsystem_dirty("aliases");
+
+        # Only reload the firewall filter if a false value was not passed in
+        # TODO: This condition applies the changes by default to stay backwards compatible with v1.3.0
+        # TODO: this should be refactored in a future release to not apply by default
+        if ($this->initial_data["apply"] !== false) {
+            APIFirewallApplyCreate::apply();
+        }
         return APIResponse\get(0, $this->validated_data);
     }
 
@@ -90,4 +98,4 @@ class APIFirewallAliasEntryDelete extends APIModel {
             return $value;
         }
     }
-}
+}

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallAliasUpdate.inc

@@ -32,7 +32,14 @@ class APIFirewallAliasUpdate extends APIModel {
         $this->config["aliases"]["alias"][$this->id] = $this->validated_data;
         $this->__rename_alias_references__();
         $this->write_config();
-        send_event("filter reload");
+        mark_subsystem_dirty("aliases");
+
+        # Only reload the firewall filter if a false value was not passed in
+        # TODO: This condition applies the changes by default to stay backwards compatible with v1.3.0
+        # TODO: this should be refactored in a future release to not apply by default
+        if ($this->initial_data["apply"] !== false) {
+            APIFirewallApplyCreate::apply();
+        }
         return APIResponse\get(0, $this->config["aliases"]["alias"][$this->id]);
     }
 

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallApplyCreate.inc

@@ -37,9 +37,14 @@ class APIFirewallApplyCreate extends APIModel {
     }
 
     public function action() {
+        $this->apply();
+        return APIResponse\get(0);
+    }
+
+    public static function apply() {
         filter_configure();
+        clear_subsystem_dirty('aliases');
         clear_subsystem_dirty('natconf');
         clear_subsystem_dirty('filter');
-        return APIResponse\get(0);
     }
-}
+}

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallNATOutboundMappingCreate.inc

@@ -41,7 +41,12 @@ class APIFirewallNATOutboundMappingCreate extends APIModel {
         $this->config["nat"]["outbound"]["rule"][$this->id] = $this->validated_data;
         APITools\sort_nat_rules($this->initial_data["top"], $this->id, "outbound");
         $this->write_config();
-        $this->apply();
+        mark_subsystem_dirty('natconf');
+
+        # Only reload the firewall filter if it was requested by the client
+        if ($this->initial_data["apply"] === true) {
+            APIFirewallApplyCreate::apply();
+        }
         return APIResponse\get(0, $this->validated_data);
     }
 
@@ -294,17 +299,4 @@ class APIFirewallNATOutboundMappingCreate extends APIModel {
         $this->config["nat"]["outbound"] = (is_array($this->config["nat"]["outbound"])) ? $this->config["nat"]["outbound"] : [];
         $this->config["nat"]["outbound"]["rule"] = (is_array($this->config["nat"]["outbound"]["rule"])) ? $this->config["nat"]["outbound"]["rule"] : [];
     }
-
-    public function apply() {
-        # Mark the NAT subsystem as changed, clear if applied
-        mark_subsystem_dirty('natconf');
-
-        # Allow clients to apply this rule immediately if they passed in an apply value
-        if ($this->initial_data["apply"] === true) {
-            filter_configure();
-            clear_subsystem_dirty('natconf');
-            clear_subsystem_dirty('filter');
-        }
-    }
-
-}
+}