Remove extra data after space and fix pf rule syntax. It should fix #3688
Always set httponly attribute on cookies
Add comment I forgot on last commit
Re-generate session ID on a successful login to avoid session fixation
Do not expire already disabled users, it fixes #3644
Revert "Revert "Fix #3700 and other syntax issues:""
This reverts commit 4cc2ae78d3027c349969437f08a88b1fb88c9de8.
Revert "Fix #3700 and other syntax issues:"
This reverts commit e912bfae186b6b657daf52607f9d027f46be0478.
Fix #3700 and other syntax issues:
- Remove G parameter from pfctl since it doesn't exist anymore Initialize $old_router- Fix sh syntax on variable assign, it couldn't have space before =- Simplify logic- Avoid flush states twice, if it was done on IP change, don't do it...
Escape argument on call to is_process_running too, also remove some unecessary mwexec() calls
Add some protection to parameters that come through _GET
Escape this before running.
Bump version to 2.1.4
Fix #3691, use curl instead of fetch to download update files
allow ipaliases to be configured on lo0
remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
client-config-dir is also useful when using OpenVPN's internal DHCP while bridging.
Convert protocol ssl:// to https:// when creating http headers
Properly handle this rename, and squelch errors if it fails.
Delete all ip aliases when interface is disabled, it should fix #3650
fix variable typo. ticket #3669
/etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the info instead.
Remove units from burst as it is always specified in bytes. (Per ipfw(8)).Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate.
Merge the forgotten Ticket #3062 patch for CP pipeno leaking issue which leads to the 'Maximum login reached' on CP
Obsolete old clog binary from /usr/sbin
Bump version to 2.1.3-RELEASE
Take care of interfaces that have no ip but might be part of the bridge as done for openvpn to avoid loops
Signal a reload if anything got updated
Merge the patch suggested in Ticket #3629. It also Fixes #3629. The question is why this is using config lock? Also where is filter configure called here?
Move clog from /usr to /usr/local
Conflicts: etc/inc/filter_log.inc etc/inc/system.inc etc/rc usr/local/www/guiconfig.inc
Correct the ridirection URL to unbreak ones passed through Radius attributes and repsect user choices. Reported-by: Antoine Guillemot
Merge pull request #1105 from florian-asche/RELENG_2_1
Update services.inc
fix
Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
Merge pull request #1119 from phil-davis/patch-4
fix typo
Cut paste bug fix in Remote Syslog DHCP events
This version for 2.1 branch.apinger is repeated here from the code above, but it should be dhcp.Forum https://forum.pfsense.org/index.php?topic=73734.0Selecting to remote syslog "Gateway Monitor events" would also switch on "DHCP service events" unintentionally.
Merge pull request #1078 from phil-davis/patch-4
Fix typo
fixing typo for GIF tunnels to work over IPv6
the call of get_interface_gatewayv6() in the creation of a GIF tunnel over IPv6 leads to a "Fatal error: Call to undefined function get_interface_gatewayv6() in /etc/inc/interfaces.inc on line 934". changeing the function call to get_interface_gateway_v6() fixed it for me on my local system.
Get real interface when dhcrelay uses default GW
If the DHCP Relay server is not on any local subnet, and not on any subnet that has an internal static route, but is somewhere that no specific route is known, then this code finds the default gateway and uses that in the DHCP relay "-i" parameter. The current code gets just the interface name (like "wan", "opt1"). But DHCP Relay command needs to be fed the actual device name "vr0", "vr1" etc....
Also add similar checks on rc.newwanipv6 as in the v4 version
Forgot to remove the problematic part from previous OpenVPN loop fix commit
Take care of the loops reported for OpenVPN in tap mode. Also fixes the problems of tap disappearing from bridge if its a member.
No pre release this time
Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale/invalid and there is still a running instance.
Bump to 2.1.2-PRERELEASE since 2.1.1 was released
Correct typo on function name that has slipped unnoticed. Reported-by: https://forum.pfsense.org/index.php?topic=74688.0
Remove TRIM_set and TRIM_unset support. This method isn't very elegant and isn't necessary in the long run. It's better handled in the installer stage and not after the fact.
Correct check that was broken even before to actually make the ieee8021x enable from proper setting. Reported-by: https://forum.pfsense.org/index.php?topic=74013.0
time for 2.1.1-RELEASE
send crash reports via HTTPS
Fix deletion of ipfw rules and pipes for passthru mac, it fixes #3538
Clarify note on limiter queue weight to state that higher values get a larger share.
Do not garble the error logging message
Avoid placing an empty "interface listen" directive in ntpd.conf
Try to restore last working ruleset rather than staying without configuration at all
Disable default allow incoming rules for 6to4 and 6rd interfaces. This rule unintentionally allows all services on the interface to be reachble and maybe more!
standardize URLs
standardize pfsense.com references to https://www.pfsense.org
s/http/https/ for www.pfsense.org
set package URL to https://packages.pfsense.org
use xmlrpcbaseurl here too, not product_website
we actually use xmlrpcbaseurl here, not product_website
Try a different strategy for fixing #3514 just send a HUP to dhcp6 to get it to reload.
Do not delete linklocal address
Merge pull request #991 from phil-davis/RELENG_2_1
Return GWG IP protocol (version) when no gateway IP - 2.1 version
Fix for now 'IPv6 - LAN looses Prefix after link event'(forums) with a not elegant solution but works. Probably dhcpv6 client should solve this by itself and generate and event for it. For now just bump dhcpv6 client again to have the prefix interface reconfigured.
Fixes typo on variable name
pfSense_interface_deladdress() only knows how to delete an ip address, not a subnet. It should fix #3513
Make the voucher auth through xmlrpc work.
default openssl to 2048
update year, links for 2.1.1
bring up appropriate interface for GRE/GIF. Ticket #3281
s/unlink/unlink_if_exists/
Remove broken 'dynamic6' gateway, we already have ipprotocol to tell us the IP version, leave it more simple using only 'dynamic'. It helps #3484
Fix typo on var name
Merge pull request #990 from N0YB/RELENG_2_1
XHTML Compliance
sync up ALTQ-capable interfaces list
Firewall - Traffic Shaper
Wrap this in an is_array() test, or else if you have no manually configured DNS servers, saving the DHCP settings produces a PHP error.
Add an option to verify peers_identifier when it's ASN.1 distinguished name. It should fix #2904
Ticket #3484 Correct the case for GRE tunnels as well since they behave the same. GRE seems to need the prefixlen 128 specified all the time so do it explicitly to be on safe side
Fixes #3484. Provide a dynamic gateway for gif v6 tunnels so it can be used on firewall rules etc. The guide for setting up this tunnels on docs need to change to leave the gif interface as none type. People upgrading need to fix this themselves with a not on release notes. This can be fixed if the kernel condition is relaxed to allow setting the prefixlen on the tunnel as ipv4
Ticket #3484 Note that for now prefixlen is useless in ipv6 tunnels. IPv4 accepts them
Return GWG IP protocol (version) when no gateway IP - 2.1 branch
Fix #3483 only use IPv4 DNS servers in DHCP v4 conf
Version for 2.1 branch
Make is_linklocal case-insensitive and fix #3433
Properly detect when there are issues with communicating with syncip and to use the local DB for this. Otherwise detect if the remote says the voucher is not valid say its not valid.
Properly compile the query to insert the values. Pointy-hat: myself. While here respect the redirurl when passed to portal_allow and use proper function to do redirection.
Ticket #2627. Just pass the array over no need to traverse it
Fixes #2627. When an interface goes down try to shut the RAs and dhcpd6 service on that interface
Avoid recursion of convert_real_interface_to_friendly_interface_name with get_parent and on linkup of parent interface properly configure especially useful on ppp type links
Be friendly to memory
Fix problem with the voucher synching that was introduced during conversion to zones
Rather than having issues with not started radvd try to start radvd to discover by itself the prefix on the interface by using the special directive :: on the prefix declaration. Related to many tickets and forum posts