Add an extra protection to avoid having an empty group created
Oops wrong choice the checkbox is only for javascript
Remove redundant code and check for dpd_enable checkbox to be set
Use route command directly rather than trying to make a route search on php thorugh netstat. It Fixes #4000
Revert "Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955"
This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.
hn(4) is ALTQ-capable, mark as such.
Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955
Actually require group name!
Do not do operations for empty group members
Do not do this during boot
Use leftcert for more options on IPsec authentication
Fixes #3967, properly resolve interface
Set proxy env vars on interactive shell and also on crontab to make all scripts be able to use it. Ticket #3789
touch up text
Change copyright statement to reflect reality
Strengthen check
Compare the right things here.
Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Retire flowtable_configure as a useless code since its not in kernel
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Tighten checks here to avoid overriding the default gw with garbage
Make some more useful checks here
Be sure the same gateway is not processed for v4 and v6
Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361
Ticket 3967, revert upgrade code. Existing 2.2 installs might be impacted
Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent
Ticket #3967. Allow to have carp as parent of ipaliases - continued
Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.
Make ipsec_starter log go to ipsec.log rather than system one
Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981
fix text, PPPoE Server, not VPN
add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.
set install_routes=no for charon to avoid the issues noted in ticket
Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990
Make sure target has scope when it's a link-local. Fixes #3969
Merge pull request #1330 from phil-davis/patch-1
Make sure srcip has scope when it's link-local. Should fix #3969
Fix to SMART disk matching
preg_match returns 0 when the string does not match the regex.0 does not "===" FALSESo this check is not always working.preg_match returns 1 when the string matches the regex.IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.
don't duplicate $message in CP log entries
When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939
Fix updating of hosts file on host override updates by bringing back the same behavior from previous releases.
use tabs rather than spaces, as most of this already did.
remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years.
fix invalid ipsec.conf
Use a better method of finding disks for SMART.Old code was inaccurate and also listed entries that were symlinks to other disks
Restore 3 values back on NAT-T settings Just Enable now its Auto as per strongswan default. and off disabled mobike. Ticket #3979
fix comment
Fix indent
Indent here as well
Properly configure NAT Tranversal setting.
Remove debugging code
Fixes #3938. Do more error checking.
Fixes #3941. When optimizations of the loops were made this brought the problems of overriding default gateway by dynamic interfaces. Try to stick to the first found for now!
Fix two more instances of rrd.tgz renaming.
Allow accept_unencrypted_mainmode_messages to be enabled if needed
Hide burst for limiters, since it doesn't do anything. more details inticket #3933
FreeBSD fails to set advskew back to 0 after you set it to any othervalue. That's a separate issue that needs fixing upstream, but in the meantime, we can work around it by removing all CARP VIPs in the same way wedo when "Temporarily Disable CARP" is chosen before adding them all back....
Remove redundancy as pointed out by phil-davis
Merge pull request #1297 from phil-davis/patch-23
Decode recently created cert and key. It fixes #3964. While here, fix logical condition to create a new cert if crt or key is not present
domain and search should not both be defined in resolv.conf per FreeBSD man page and handbook (only the latter is actually used). Change this to just not use domain, and set the search to the system's domain where not using the function that generates the search list for dynamic WANs.
Enable unity plugin as per request from https://forum.pfsense.org/index.php?topic=79737.msg452808#msg452808
Support converting an IP range to an array of addresses
so that it can be used for expanding ranges in host alias input.
Prevent Internal Server Error if range is backwards
Fixes redmine #3950 - ip_range_to_subnet_array can easily swap the input parameters if the caller has passed/entered them the wrong way around. That is both friendly to the caller and ensures that a hostile caller can't blow up the routine....
hostnames can end with a . (and actually always do, it's just usually implied), so allow that here. Fixes wrong input validation in parts of nsupdate GUI, among other things.
Merge pull request #1306 from phil-davis/patch-3
Underscores are valid characters in domains. Fixes #3219
Ticket #3932 For more than 100 entries create pipes in line with the rules file to speedup the process
Fix descriptions and cn on generated GUI cert to be consistent.
Reintroduce the vfs.forcesync systl
Merge pull request #1309 from phil-davis/patch-5
Tame the poodle. Disable SSLv3.
Fix #3935 Properly allow WAN without LAN
Was broken by https://github.com/pfsense/pfsense/commit/bd0b5d2dc7a279d3473a65a11d67efb5e39392be
rename interfaces_carp_setup to interfaces_sync_setup and call it during bootup since it does not only relate to carp interfaces.
Fixes #3213. Allow up to 2900 limiters. This was set to 30 since limiters are to be controlled by mask and not created manually!
Make proper check here
Teach the certificate generation code how to make a self-signed certificate, and change the GUI cert generation code to use it. Also, move the GUI cert generation code to its own function so we can add a GUI option to regenerate it later.Also use some more sane defaults for the contents of the default self-signed certificate's fields so it will be more unique and less likely to trigger problems in browser certificate storage handling.
update comment to reflect breakage caused here and reference associated redmine ticket, not high priority, can be fixed later
block IPv4 link-local. Per RFC 3927, hosts "MUST NOT send the packet toany router for forwarding", and "any network device receiving such apacket MUST NOT forward it". FreeBSD won't route it (route-to can override insome circumstances), so it can't be in use as a real network anywhere with...
Properly set MTU for lagg interface, it fixes #3922
s/removing/omitting/g for gateway monitor log entires. "Removing" is not necessarily correct, there are many circumstances where this runs where it wasn't there to begin with, and is potentially misleading.
Fix pf syntax s/divert/divert-to/. It should fix #3921
Fix an error introduced in bd0b5d2dc7 that makes system believe interfaces always mismatch
Remove the minimum NIC warning, this dates back to when minimum 2 NICs were supported and it made sense to throw this message at people. It's obvious a network appliance requires at least one NIC.
Update the URL for snapshots update
Be more strict when checking if olsrd is enabled, otherwise when package is deinstalled and configuration is kept dhcpd will consider it's always as enabled
Support up to 4 DNS Servers in DHCP
Remove function that is not implemented properly. Nothing seems to use it.
Merge pull request #1303 from PiBa-NL/carp_without_matching_subnet
Merge pull request #1304 from sselph/powerd_normal_mode
Fix not rules for OPTn network case
Reported in forum https://forum.pfsense.org/index.php?topic=82319.0The "if (is_subnet($src)) ... filter_address_add_vips_subnets" code needs to go outside all of the if that checks for opt interfaces (not just in the else part). That makes filter_address_add_vips_subnets get called in all cases, including when optn network is specified. (line 2264, 2265)...
Add powerd normal mode flag (-n)
Make proper check if IP address is configured on another interfaces and ignore current one. It fixes #3807
get back to our standard RFC-defined capitalization of IPsec
CARP, allow carp ip to be outside interface and alias subnets (FreeBSD10 feature)
Merge pull request #1290 from jean-m-cyr/master
Remove also old unbound startup script
Support IPV6 in unbound.conf
IPv6 addresses are not included in unbound config and access list
Merge pull request #1289 from jean-m-cyr/master