Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Put the new sysctl on the config as needed.
Add powerd normal mode flag (-n)
Insert tracker ids for the default LAN rules
Added support for UEFI booting to Network Booting configuration. modified: conf.default/config.xml modified: etc/inc/services.inc modified: usr/local/www/services_dhcp.php
Remove deprecated sysctls. vfs.forcesync needs to be seen if the patch needs to be put in place again!
Add hybrid and disabled outbound NAT, fixes #2416:
- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced keep working the same way- Hybrid mode applies manual rules first, automatic after- Disabled do no create any outbound NAT rules...
We do not use nor include newsyslog, so remove the cron job.
Set action = pass for configured mac addresses on CP passtrumac
Disable kill_states by default on upgrade, it fixes #3183
Disable state killing on gateway failure by default for new configs.Clarify the text describing the option while here.
Fixes #2979
. Change max value for traffic and packets graphs to 20GigE. Bump config version to 9.6. Write a config upgrade function to tune current rrd files to the new max value
After some discussions it is better to make this a tunable and allow its value change from administrator.
Fix IPv6 Prefix ID default value
. Always initialize it to 0 when it's undefined. Remove unecessary initializations and checks. Bump config version to 9.5. Write an upgrade config function to initialize old configs properly
Upgrade code & config default version
Update config default with powerd battery mode
Adjust RRD captive portal graphs for CP zones
- Create RRD configs per zone- Add tabs to see graphs per zone- Migrate existing rrd files to default cpZone- While I'm here, call unset() for $rrdcreate and $rrdupdatesh
Resolves #2655
Make sure default config complies with latest version
Update the default config.xml to 9.2 so it does not trigger config.xml upgrade during install of a new system
Add IPv6 privacy settings tunables. Keep the default FreeBSD value for them, that is disabled. This implements feature request #2587
Do not prefer anymore oldsa and recommend it as a better choice
Add bogons update frequency selection
Add the new tunable in the GUI for custommization and its default value
Added mode selection options for PowerD.
Set the IPaddrv6 field for the lan to track6 so it autoconfigures from the WAN.I forgot to remove the link local address it had in it on the original commit.
Fix botched config.xml merge error. Remove duplicate ipaddrv6 tag.
Remove this track6 line as it causes an xml error
Changeout the told dhcp-pd config for the new track6 style autoconfiguration of the lan interface.
Update the default config.xml to 8.3 so it does not trigger config.xml upgrade during install of a new system
removed the timeformate change and putting it in the dhcpd and dhcpdv6 which will be generated by interface code. New XML tags will be <dhcpleaseinlocaltime/> and <dhcpv6leaseinlocaltime/>
Added Time format change XML tag for both DHCP and DHCPv6 if you want to use local time instead of UTC for leases.
Fix default SMTP monitor parameters so they will properly check to see if an SMTP banner is received.
load balance monitor type send/expect must have a '' when using more then one argument.
Add DHCP6 to the default configuration
Fix conf.default version
Add the ipv6 allow tag to the default config.Add a default allow rule for the LAN with IPv6Add a dhcp-pd sla-id of 0 for the WAN.Add a dhcp-pd length of 0 for the WAN
Merge remote branch 'upstream/master'
Conflicts: usr/local/www/status_rrd_graph_img.php
Remove rndtest sysctl since the kernel module is not anymore part of our kernels. Leftover noticed by: Jim
Add the IPv6 tag to the version so that BSD perimeter can seen these installs from a mile away
Add the default value for the new tunable debug.pfftpproxy to 0. It allows to disable the pfftpproxy. Also add it to the default config.xml though no upgrade code should be needed since people can create this from the gui and hopefully do not need to know about this anyway.
Update config.xml to a more recent version, include a cron job for URL table aliases updates.
Add sysctl for maximum socket buffer sizing. Set to 42621444. This is needed for some heavily loaded servers running unbound, squid, etc
Remove bce item it is loader.conf only per jimp
Add missing </item>
oops, typo
Increase vfs.read_max to 32. See http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html .. This can help dramatically if using Squid or any other packae that does a lot of hard disk reads.
Convert fullname field on users to descr, so it gains CDATA protection.
desc to descr in Load Balancer config, so they gain CDATA protection and standardize field names. Ticket #320.
Change the description field on sysctl tunables to be 'descr' and not 'desc' so they will gain CDATA protection. Ticket #320
Upgrade code for pppoe.
Disable TSO and LRO in the default config.
Remove these from the default config. They moved into other sections and do not need to exist by default.
Fix variable name for consistency.
Remove associated rule-id from default config they confuse rule edit page.
Remove bandwidth tags from default config they are not used.
Don't use "local" as a domain. It breaks DNS resolution for hosts running mDNS.
The "local" search domain signifies to local hosts that are runningmDNS (bonjour or avahi) that mDNS is to be used to look up local hostsinstead of doing a normal DNS query to the server listed in...
Fix whitespace.
Enable WAN and LAN in the default configuration.
Make lan/wan behave as all other interfaces.
ping_hosts.sh is no more in /etc. Remove some unneeded lines.
Ticket #136.
Fix associated nat rules.Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together.The API to use for this is in itemid.inc.
All the issues should be solved now.
Add patch from lietu (Janne Enberg). Ticket #136
1) Multiple NAT rules can be assigned the same filter rule-> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment
2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes)...
Add lookup table for sysctl tunable (sysctl.inc). Make config.xml values default to value 'default' Ticket #71
Minor formatting change
Set default protocol to HTTPS. Somehow this commit did not make it last time
Make the default HTTPS. Ticket #63
Default to only system information and interfaces widgets. This reduces load time on RSPRO from 9+ seconds to 2.5
Add default load balancing monitor types for ICMP, TCP, HTTP, HTTPS and SMTP from BillM
Revert "add crontab entries for snort auto block and snort update"
This reverts commit b0d639a5e7880ee55c671cbabdb01cd0f1ae1b38.
add crontab entries for snort auto block and snort update
Added support for automatically managing firewall rules with NAT rules.
Turn off flowtables by default
Enable flow table support by default for new installations
Add enable/disable option for flow table support... Remove configuration option.
Make pfSense_ng the new default theme
Nuke snort2c
Requested-by: rob iscool
Add L2 L3 Cache lookup by default.
- Import infrastructure for caching flows as a means of accelerating L3 and L2 lookups as well as providing stateful load balancing when used with RADIX_MPATH. - Currently compiled in to i386 and amd64 but disabled by default, it can be enabled at...
default to vr0/vr1 rather than sis, since the defaults should be for ALIX, not WRAP.
Remove reset_slbd.sh from cron.
Catch up with the latest additions.
Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel now.(yay!)
Modify IPsec code to allow for transport mode. All existing configurations aremarked as tunnel for backwards compatibility. There are problems with the spdread code which Will likely choke on transport entries. We can fix this later.
Modify captive portal to use centralized user management. The user manager hasbeen modified to include an account expiration option to support this service.
Correct the configuration file IPsec certificate upgrade process.
Use nice -n20 for common launched items
Update config.xml to 5.5 to prevent RRD database updates from triggering.add rrd tag to default enabled
change default to enable block bogons
Add TCP TSO = 0 sysctl
Change default icmplim to 750.
Revise default allow all to any rule text. Remove > and attempt to cleanuptext to make it more friendly to a new user.
Remove the page locking privileges after discussion with Scott on IRC. Thefeature was confusing and offered little utility that I could see. If wereally need to provide serialized access to sections of the webui, IMO itshould be a global lock option and enabled or disabled manually and not a...
Modify all the default configuration files to ensure the versions match.While in globals.inc, remove the easyrsa path and do some whitespacecleanup.
Set net.inet.icmp.icmplim to 500. Apparently the low setting of 200wrecked Seths firewall on upgrade due to overwhelming amounts of icmppackets.
Move WAN interface to appear first now that the interface codeprogramatically enumerates the interfaces. Not sure if we needupgrade code to move the interface order.
Disable extended TCP debugging.
Epose if_bridge(4) sysctl members.
Rewrite the pfsense privilege system with the following goals in mind ...
1) Redefine page privileges to not use static urls2) Accurate generation of privilege definitions from source3) Merging the user and group privileges into a single set4) Allow any privilege to be added to users or groups w/ inheritance...
latest config.xml version is 4.9
Rewrite portions of the user manager to ensure data is properly synced tothe system password and group databases. This is to provide better supportfor centralized user management when local account administration ispreferred.
I also took this opportunity to do some housekeeping. A lot of funtions...