UnivNautes

Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size

Put the new sysctl on the config as needed.

Add powerd normal mode flag (-n)

Insert tracker ids for the default LAN rules

Added support for UEFI booting to Network Booting configuration.
modified: conf.default/config.xml
modified: etc/inc/services.inc
modified: usr/local/www/services_dhcp.php

Remove deprecated sysctls. vfs.forcesync needs to be seen if the patch needs to be put in place again!

Add hybrid and disabled outbound NAT, fixes #2416:

- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced
keep working the same way
- Hybrid mode applies manual rules first, automatic after
- Disabled do no create any outbound NAT rules...

We do not use nor include newsyslog, so remove the cron job.

Set action = pass for configured mac addresses on CP passtrumac

Disable kill_states by default on upgrade, it fixes #3183

Disable state killing on gateway failure by default for new configs.
Clarify the text describing the option while here.

Fixes #2979

. Change max value for traffic and packets graphs to 20GigE
. Bump config version to 9.6
. Write a config upgrade function to tune current rrd files to the new
max value

After some discussions it is better to make this a tunable and allow its value change from administrator.

Fix IPv6 Prefix ID default value

. Always initialize it to 0 when it's undefined
. Remove unecessary initializations and checks
. Bump config version to 9.5
. Write an upgrade config function to initialize old configs properly

Upgrade code & config default version

Update config default with powerd battery mode

Adjust RRD captive portal graphs for CP zones

- Create RRD configs per zone
- Add tabs to see graphs per zone
- Migrate existing rrd files to default cpZone
- While I'm here, call unset() for $rrdcreate and $rrdupdatesh

Resolves #2655

Make sure default config complies with latest version

Update the default config.xml to 9.2 so it does not trigger config.xml upgrade during install of a new system

Add IPv6 privacy settings tunables. Keep the default FreeBSD value for them, that is disabled. This implements feature request #2587

Do not prefer anymore oldsa and recommend it as a better choice

Add bogons update frequency selection

Add the new tunable in the GUI for custommization and its default value

Added mode selection options for PowerD.

Set the IPaddrv6 field for the lan to track6 so it autoconfigures from the WAN.
I forgot to remove the link local address it had in it on the original commit.

Fix botched config.xml merge error. Remove duplicate ipaddrv6 tag.

Remove this track6 line as it causes an xml error

Changeout the told dhcp-pd config for the new track6 style autoconfiguration of the lan interface.

Update the default config.xml to 8.3 so it does not trigger config.xml upgrade during install of a new system

removed the timeformate change and putting it in the dhcpd and dhcpdv6 which will be generated by interface code. New XML tags will be <dhcpleaseinlocaltime/> and <dhcpv6leaseinlocaltime/>

Added Time format change XML tag for both DHCP and DHCPv6 if you want to use local time instead of UTC for leases.

Fix default SMTP monitor parameters so they will properly check to see if an SMTP banner is received.

load balance monitor type send/expect must have a '' when using more then one argument.

Add DHCP6 to the default configuration

Fix conf.default version

Add the ipv6 allow tag to the default config.
Add a default allow rule for the LAN with IPv6
Add a dhcp-pd sla-id of 0 for the WAN.
Add a dhcp-pd length of 0 for the WAN

Merge remote branch 'upstream/master'

Conflicts:
usr/local/www/status_rrd_graph_img.php

Remove rndtest sysctl since the kernel module is not anymore part of our kernels. Leftover noticed by: Jim

Add the IPv6 tag to the version so that BSD perimeter can seen these installs from a mile away

Add the default value for the new tunable debug.pfftpproxy to 0. It allows to disable the pfftpproxy. Also add it to the default config.xml though no upgrade code should be needed since people can create this from the gui and hopefully do not need to know about this anyway.

Update config.xml to a more recent version, include a cron job for URL table aliases updates.

Add sysctl for maximum socket buffer sizing. Set to 42621444. This is needed for some heavily loaded servers running unbound, squid, etc

Remove bce item it is loader.conf only per jimp

Add missing </item>

oops, typo

Increase vfs.read_max to 32. See http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html .. This can help dramatically if using Squid or any other packae that does a lot of hard disk reads.

Convert fullname field on users to descr, so it gains CDATA protection.

desc to descr in Load Balancer config, so they gain CDATA protection and standardize field names. Ticket #320.

Change the description field on sysctl tunables to be 'descr' and not 'desc' so they will gain CDATA protection. Ticket #320

Upgrade code for pppoe.

Disable TSO and LRO in the default config.

Remove these from the default config. They moved into other sections and do not need to exist by default.

Fix variable name for consistency.

Remove associated rule-id from default config they confuse rule edit page.

Remove bandwidth tags from default config they are not used.

Don't use "local" as a domain. It breaks DNS resolution for hosts running mDNS.

The "local" search domain signifies to local hosts that are running
mDNS (bonjour or avahi) that mDNS is to be used to look up local hosts
instead of doing a normal DNS query to the server listed in...

Fix whitespace.

Enable WAN and LAN in the default configuration.

Make lan/wan behave as all other interfaces.

ping_hosts.sh is no more in /etc. Remove some unneeded lines.

Ticket #136.

Fix associated nat rules.
Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together.
The API to use for this is in itemid.inc.

All the issues should be solved now.

Add patch from lietu (Janne Enberg). Ticket #136

1) Multiple NAT rules can be assigned the same filter rule
-> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment

2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes)...

Add lookup table for sysctl tunable (sysctl.inc). Make config.xml values default to value 'default' Ticket #71

Minor formatting change

Set default protocol to HTTPS. Somehow this commit did not make it last time

Make the default HTTPS. Ticket #63

Default to only system information and interfaces widgets. This reduces load time on RSPRO from 9+ seconds to 2.5

Add default load balancing monitor types for ICMP, TCP, HTTP, HTTPS and SMTP from BillM

Revert "add crontab entries for snort auto block and snort update"

This reverts commit b0d639a5e7880ee55c671cbabdb01cd0f1ae1b38.

add crontab entries for snort auto block and snort update

Added support for automatically managing firewall rules with NAT rules.

Turn off flowtables by default

Enable flow table support by default for new installations

Add enable/disable option for flow table support... Remove configuration option.

Make pfSense_ng the new default theme

Nuke snort2c

Requested-by: rob iscool

Add L2 L3 Cache lookup by default.

- Import infrastructure for caching flows as a means of accelerating L3 and L2 lookups
   as well as providing stateful load balancing when used with RADIX_MPATH.
 - Currently compiled in to i386 and amd64 but disabled by default, it can be enabled at...

default to vr0/vr1 rather than sis, since the defaults should be for ALIX, not WRAP.

Remove reset_slbd.sh from cron.

Catch up with the latest additions.

Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel now.(yay!)

Modify IPsec code to allow for transport mode. All existing configurations are
marked as tunnel for backwards compatibility. There are problems with the spd
read code which Will likely choke on transport entries. We can fix this later.

Modify captive portal to use centralized user management. The user manager has
been modified to include an account expiration option to support this service.

Correct the configuration file IPsec certificate upgrade process.

Use nice -n20 for common launched items

Update config.xml to 5.5 to prevent RRD database updates from triggering.
add rrd tag to default enabled

change default to enable block bogons

Add TCP TSO = 0 sysctl

Change default icmplim to 750.

Revise default allow all to any rule text. Remove > and attempt to cleanup
text to make it more friendly to a new user.

Remove the page locking privileges after discussion with Scott on IRC. The
feature was confusing and offered little utility that I could see. If we
really need to provide serialized access to sections of the webui, IMO it
should be a global lock option and enabled or disabled manually and not a...

Modify all the default configuration files to ensure the versions match.
While in globals.inc, remove the easyrsa path and do some whitespace
cleanup.

Set net.inet.icmp.icmplim to 500. Apparently the low setting of 200
wrecked Seths firewall on upgrade due to overwhelming amounts of icmp
packets.

Move WAN interface to appear first now that the interface code
programatically enumerates the interfaces. Not sure if we need
upgrade code to move the interface order.

Disable extended TCP debugging.

Epose if_bridge(4) sysctl members.

Rewrite the pfsense privilege system with the following goals in mind ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance...

• Switch XML tag from </pages> to <pages/>
• Sync the all group which appears to be missing

latest config.xml version is 4.9

Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.

I also took this opportunity to do some housekeeping. A lot of funtions...