Update openvpn.inc
Added verbosity check in case when verbosity_level is absent in config.xml
Removed unnecessary "else {";
patchpack1
-Fix #3401 (Added tun option "Disable IPv6" -Added new options: route-nopull, route-noexec, verb;
Create some symlinks inside pbi dir to reduce differences between 2.1 and 2.2 and avoid the need to change a lot of PBI scripts
Avoid keeping old files from previous sessions on /tmp/configbak
cf/ dir is removed below, do not need to remove the file here
Fix path for trigger_initial_wizard
Merge pull request #1034 from vsquared56/master
Replace Header() calls by lowercase
Merge pull request #1222 from phil-davis/patch-8
Bring the code of captiveportal up to speed with its module counterpart requirments
Fix i386 default URL for snapshots
Do not expire already disabled users, it fixes #3644
Fix #3665, show IPSec tunnel description on status page
Fix #3702, make sure tunnel inside IP is set when interface changes
Fix #3700 and other syntax issues:
- Remove G parameter from pfctl since it doesn't exist anymore Initialize $old_router- Fix sh syntax on variable assign, it couldn't have space before =- Simplify logic- Avoid flush states twice, if it was done on IP change, don't do it...
Add some protection to parameters that come through _GET
Fix #3691, use curl instead of fetch to download update files
Allow the user to select "None" for OpenVPN client certificate, so long as they supply and auth user/pass. Ticket #3633
Silent pbi_info
Reduce possible noise
Handle firewall log filter regex input better bug #3689
If the user inputs an invalid regex in any of the filter fields, then a page full of "warning" messages appear in the GUI, about whatever is invalid.If for some reason the user wants to match a forward slash somewhere, then they have to realize to escape it, doing "\/" instead of just "/". Be nice to this special case, because the user does not necessarily know that "/" is being used as the delimiter in the preg_match call. Turn "/" into "\/" (when the "\" is not already put in by the user)....
allow ipaliases to be configured on lo0
Fix variable name
remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
Bring in proper gmirror support for the GUI and notifications.Made a general gmirror library to perform various gmirror tasks and get information, using some of the former widget logic to start. Updated widget to use this new code.Added a Diag > GEOM Mirrors page that displays information about existing mirrors and perform various management tasks. Current actions include rebuilding a drive, forgetting disconnected mirror drives, insert/remove, deactivate/activate, clearing medatada. It's now possible to use the GUI to rebuild a failed mirror by performing a forget, then insert action to replace a missing/dead drive....
glob() is already called by unlink_if_exists
client-config-dir is also useful when using OpenVPN's internal DHCP while bridging.
Add @ to silent any possible return of posix_kill
Fix typo
Improve /etc/sshd:
. Create ed25519 key for ssh and silent daemon. Remove some exec() calls. We do not need to re-create all keys if /root/.ssh/authorized_keys is empty. Remove some redundancy and declare a single array with all keys
Include the v4 prefix on the v6 netmask to make routing more sane and alos tracking interface configurations work!
Update rrd.inc
fixed NTPd graphs resetting when service restarts or reconfigured (thanks charliem https://forum.pfsense.org/index.php?topic=76620.msg422811#msg422811)
Make sure check_reload_status is stopped so it can be upgraded and no events disturb the upgrade.
Remove the space here which probably is preventing from calling sshd from fcgi
Make logging of pass rules opt-in rather than opt-out
Split the setting of logging pass and block into 2 separate settings. Maybe this can be extended to control even the user rules?
Add ICMP to filter parser, it should fix #3663
Add (self) keyword for specifying "any IP address on this firewall" as a rule choice.
Merge pull request #1149 from phil-davis/patch-7
Merge pull request #1205 from ExolonDX/branch_master_59
Properly handle this rename, and squelch errors if it fails.
Delete all ip aliases when interface is disabled, it should fix #3650
fix variable typo. ticket #3669
Correct variable test here, too. Ticket #3662
Restore 989d361e88d08bd9e71bf7daafcb3b39af65bd3d to preserve a scenario that seems useful as suggested from @fitchner.
Remove commented out code since long time
Remove a line spotted by @fitchner which is not needed at all
Put a line on logs when this situation happens!
Update SCRIPT tags.
Add CDATA sections to SCRIPT tags in various files
Fix test (variable is a checkbox, not an array/string). Fixes #3662
Use correct variable name here.
Make some fixes related to Ticket #3662. Its mostly cleanup.
Spell that correctly
Handle enc0->IPSec convertion. Should help Ticket #3664
Actually make this correct
Use subnet rather than address/netmask to allow multiple clients to behave properly
/etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the info instead.
Move duplicated code into a function; Include local ID on mobile tunnel key line in ipsec.secrets.
Use the right specification for ahnding over the subnet to mobile clients
Do not specify the rightid in mobile tunnels since it makes things not work
Give needed +x flag to make working xauth proper
Oops this was moved accidentally
Correct sense of match and move the code up to since it makes more sense
Actually this should be rightauth2 since they should send the extra infor to be validated
bind HTTP->HTTPS redirect to IPv6 too. Ticket #3437
Use function_exists test
Allow to use PSK+agressive mode since user should have the choice even though it poses security risks
PBIs are crashing without LOGNAME being defined in the environment, define it here until PBI is fixed
This slipped in wrongly
Allow a key to specified for all users as for exmpale when connecting from Apple iOS
Pass the loglevels on the config rather than execing commands to specify these loglevels. This allows somethings to be properly logged as config logs
No need to have the ip let strongswan do it for us! Keeping still filterdns to properly evaluate dns behaviour here
Strongswan does not need the quotes here
Show proper status for ipsec
Remove generate policy option since its not relevant with strongswan
Some adjustments to the code for logging
Use require_once in more places
I got:PHP Fatal error: Cannot redeclare file_notice() (previously declared in /etc/inc/notices.inc:55) in /etc/inc/notices.inc on line 91So there are places that notices.inc gets require() when already required.
Convert protocol ssl:// to https:// when creating http headers
Small cleanup
Partialy revert 0ae4f3f:
It broke xmlrpc_client since https is not a valid php transport.
Work around some quirks in global handling to show filter rule descriptions in their own row/column when configured for that behavior.
Revert "Respect protocol from URL"
This reverts commit 4f5bea8b6e2e6b0d5c1352539268d720826b4760.
Respect protocol from URL
Remove units from burst as it is always specified in bytes. (Per ipfw(8)).Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate.
Use egrep here (and full path)
Consider tracker IDs when looking up filter log entries, if present
Fix http and https port for cpzone
Use global cpzoneid variable
Drop double $$ from variable name
Remove redundant set
Silent kldstat
Sometimes fsck requires a second run, teach rc script to call it more than once when it's necessary
Obsolete old clog binary from /usr/sbin
Merge pull request #1125 from msilvoso/master
Migrate captive portal code to SQLite3 php module
sqlite module is now called sqlite3
Obsolete old php modules