pgrep parameters are out of order and it also needs -a to find sshd. While I'm here, simplify sh syntax and prevent noise to be printed if pid file doesn't exist
delete the dhcpd.pid file before starting dhcpd. Fixes bug where on rare occasions a stale PID file could prevent dhcpd from starting until it's manually deleted.
use pgrep here instead, previous way could wrongly show SSH as enabled where it isn't.
Bump version to 2.1.5
Added filter.so to list of extensions loaded for filter_var() support.
Move dhcp6c log to dhcpd.log, it fixes #3799
Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'
Avoid generating an invalid racoon config if the user specified a mobile pool that is too small.
Avoid a "Cannot use string offset as an array" error if the packages section of the config is missing.
Per the dhcpd.conf man page and other documentation from ISC, mclt must not be defined on the secondary.
Escape the individual dnsmasq advanced/custom options
no () around qlength here
qlimit must be included here
use HTTPS for dyndns providers that support it
Fix #3725:
- Fix match_filter_field() and also simplify logic- Fix $filterfieldsarray initialization- Avoid to have double spaces on filterfieldsarray['act']- Fix filter on Firewall Logs
Merge pull request #1244 from phil-davis/patch-11
Fix a regression introduced on 8d6c5f6621 that broke CARP+IP alias
Handle no dhcpd settings when upgrading
This minor fix was in master but not 2.1 branch. I noticed the warning message when doing a fresh install/test of 2.1.4-release. It prevents the warning message:Warning: Invalid argument supplied for foreach() in /etc/inc/upgrade_config.inc on line 3153...
Only include a scheduled rule if it is strictly before the end time
The exact moment of the end time is the end of the schedule. We do not want to include a rule when filter_configure_sync wakes up at 00:15:00 etc and is on a not-slow system that processes this code during the interval 00:15:00 to 00:15:01. This should help intermittent issues with schedules not finishing at the appropriate 15-minute boundary. Might help or fix #3558
Remove extra data after space and fix pf rule syntax. It should fix #3688
Always set httponly attribute on cookies
Add comment I forgot on last commit
Re-generate session ID on a successful login to avoid session fixation
Do not expire already disabled users, it fixes #3644
Revert "Revert "Fix #3700 and other syntax issues:""
This reverts commit 4cc2ae78d3027c349969437f08a88b1fb88c9de8.
Revert "Fix #3700 and other syntax issues:"
This reverts commit e912bfae186b6b657daf52607f9d027f46be0478.
Fix #3700 and other syntax issues:
- Remove G parameter from pfctl since it doesn't exist anymore Initialize $old_router- Fix sh syntax on variable assign, it couldn't have space before =- Simplify logic- Avoid flush states twice, if it was done on IP change, don't do it...
Escape argument on call to is_process_running too, also remove some unecessary mwexec() calls
Add some protection to parameters that come through _GET
Escape this before running.
Bump version to 2.1.4
Fix #3691, use curl instead of fetch to download update files
allow ipaliases to be configured on lo0
remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
client-config-dir is also useful when using OpenVPN's internal DHCP while bridging.
Convert protocol ssl:// to https:// when creating http headers
Properly handle this rename, and squelch errors if it fails.
Delete all ip aliases when interface is disabled, it should fix #3650
fix variable typo. ticket #3669
/etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the info instead.
Remove units from burst as it is always specified in bytes. (Per ipfw(8)).Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate.
Merge the forgotten Ticket #3062 patch for CP pipeno leaking issue which leads to the 'Maximum login reached' on CP
Obsolete old clog binary from /usr/sbin
Bump version to 2.1.3-RELEASE
Take care of interfaces that have no ip but might be part of the bridge as done for openvpn to avoid loops
Signal a reload if anything got updated
Merge the patch suggested in Ticket #3629. It also Fixes #3629. The question is why this is using config lock? Also where is filter configure called here?
Move clog from /usr to /usr/local
Conflicts: etc/inc/filter_log.inc etc/inc/system.inc etc/rc usr/local/www/guiconfig.inc
Correct the ridirection URL to unbreak ones passed through Radius attributes and repsect user choices. Reported-by: Antoine Guillemot
Merge pull request #1105 from florian-asche/RELENG_2_1
Update services.inc
fix
Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
Merge pull request #1119 from phil-davis/patch-4
fix typo
Cut paste bug fix in Remote Syslog DHCP events
This version for 2.1 branch.apinger is repeated here from the code above, but it should be dhcp.Forum https://forum.pfsense.org/index.php?topic=73734.0Selecting to remote syslog "Gateway Monitor events" would also switch on "DHCP service events" unintentionally.
Merge pull request #1078 from phil-davis/patch-4
Fix typo
fixing typo for GIF tunnels to work over IPv6
the call of get_interface_gatewayv6() in the creation of a GIF tunnel over IPv6 leads to a "Fatal error: Call to undefined function get_interface_gatewayv6() in /etc/inc/interfaces.inc on line 934". changeing the function call to get_interface_gateway_v6() fixed it for me on my local system.
Get real interface when dhcrelay uses default GW
If the DHCP Relay server is not on any local subnet, and not on any subnet that has an internal static route, but is somewhere that no specific route is known, then this code finds the default gateway and uses that in the DHCP relay "-i" parameter. The current code gets just the interface name (like "wan", "opt1"). But DHCP Relay command needs to be fed the actual device name "vr0", "vr1" etc....
Also add similar checks on rc.newwanipv6 as in the v4 version
Forgot to remove the problematic part from previous OpenVPN loop fix commit
Take care of the loops reported for OpenVPN in tap mode. Also fixes the problems of tap disappearing from bridge if its a member.
No pre release this time
Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale/invalid and there is still a running instance.
Bump to 2.1.2-PRERELEASE since 2.1.1 was released
Correct typo on function name that has slipped unnoticed. Reported-by: https://forum.pfsense.org/index.php?topic=74688.0
Remove TRIM_set and TRIM_unset support. This method isn't very elegant and isn't necessary in the long run. It's better handled in the installer stage and not after the fact.
Correct check that was broken even before to actually make the ieee8021x enable from proper setting. Reported-by: https://forum.pfsense.org/index.php?topic=74013.0
time for 2.1.1-RELEASE
send crash reports via HTTPS
Fix deletion of ipfw rules and pipes for passthru mac, it fixes #3538
Clarify note on limiter queue weight to state that higher values get a larger share.
Do not garble the error logging message
Avoid placing an empty "interface listen" directive in ntpd.conf
Try to restore last working ruleset rather than staying without configuration at all
Disable default allow incoming rules for 6to4 and 6rd interfaces. This rule unintentionally allows all services on the interface to be reachble and maybe more!
standardize URLs
standardize pfsense.com references to https://www.pfsense.org
s/http/https/ for www.pfsense.org
set package URL to https://packages.pfsense.org
use xmlrpcbaseurl here too, not product_website
we actually use xmlrpcbaseurl here, not product_website
Try a different strategy for fixing #3514 just send a HUP to dhcp6 to get it to reload.
Do not delete linklocal address
Merge pull request #991 from phil-davis/RELENG_2_1
Return GWG IP protocol (version) when no gateway IP - 2.1 version
Fix for now 'IPv6 - LAN looses Prefix after link event'(forums) with a not elegant solution but works. Probably dhcpv6 client should solve this by itself and generate and event for it. For now just bump dhcpv6 client again to have the prefix interface reconfigured.
Fixes typo on variable name
pfSense_interface_deladdress() only knows how to delete an ip address, not a subnet. It should fix #3513
Make the voucher auth through xmlrpc work.
default openssl to 2048
update year, links for 2.1.1
bring up appropriate interface for GRE/GIF. Ticket #3281
s/unlink/unlink_if_exists/
Remove broken 'dynamic6' gateway, we already have ipprotocol to tell us the IP version, leave it more simple using only 'dynamic'. It helps #3484
Fix typo on var name