Fix logic to find available next number for limiters and queues. It fixes #3998
Add an extra protection to avoid having an empty group created
Oops wrong choice the checkbox is only for javascript
Remove redundant code and check for dpd_enable checkbox to be set
Only create missing ssh keys, do not overwrite existing ones. It fixes #4003
Use route command directly rather than trying to make a route search on php thorugh netstat. It Fixes #4000
Revert "Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955"
This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.
remove this log, it's never logged anything useful that I've seen, and unnecessarily spams the secondary's system log on every config sync.
hn(4) is ALTQ-capable, mark as such.
Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955
Actually require group name!
Do not do operations for empty group members
Do not do this during boot
Use leftcert for more options on IPsec authentication
Ticket #3967 also sync other vip types that can be synched.
Fixes #3967, properly resolve interface
Set proxy env vars on interactive shell and also on crontab to make all scripts be able to use it. Ticket #3789
Revert "Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured"
This reverts commit 664adf3845cf1df89769bb0ed5fc113048e0912e.
touch up text
Change copyright statement to reflect reality
Strengthen check
Compare the right things here.
Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Retire flowtable_configure as a useless code since its not in kernel
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Tighten checks here to avoid overriding the default gw with garbage
Make some more useful checks here
Be sure the same gateway is not processed for v4 and v6
Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361
Ticket 3967, revert upgrade code. Existing 2.2 installs might be impacted
Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent
Ticket #3967. Allow to have carp as parent of ipaliases - continued
Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.
Make ipsec_starter log go to ipsec.log rather than system one
Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981
fix text, PPPoE Server, not VPN
add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.
set install_routes=no for charon to avoid the issues noted in ticket
Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990
Make sure target has scope when it's a link-local. Fixes #3969
Merge pull request #1330 from phil-davis/patch-1
Make sure srcip has scope when it's link-local. Should fix #3969
Simplify post_upgrade_command logic and obsolete /usr/local/sbin/cvs_sync.sh instead of removing it on post_upgrade_command
Fix to SMART disk matching
preg_match returns 0 when the string does not match the regex.0 does not "===" FALSESo this check is not always working.preg_match returns 1 when the string matches the regex.IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.
Pass friendlyifname to handle_argument_group, not realifname. Fixes #3984. clean up some text while here.
isset($_GET) seems to always evaluate to true, use something more specific. Fixes use of rc.linkup when run from CLI. Others likely fix similar circumstances, though maybe not ones that are used anywhere.
don't duplicate $message in CP log entries
When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939
Fix updating of hosts file on host override updates by bringing back the same behavior from previous releases.
use tabs rather than spaces, as most of this already did.
remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years.
fix invalid ipsec.conf
Use a better method of finding disks for SMART.Old code was inaccurate and also listed entries that were symlinks to other disks
Restore 3 values back on NAT-T settings Just Enable now its Auto as per strongswan default. and off disabled mobike. Ticket #3979
fix comment
Fixup dhcpd interface enabled check
Fix console set interface IP address
Problem as per forum https://forum.pfsense.org/index.php?topic=83651.0The problem comes whenever services_dhcpd_configure is called - the global $config gets reset from the actual current config, and any pending changes in the current process are lost....
Fix indent
Indent here as well
Set interface address from consol tidy output
While trying to see why this is not working for me (forum https://forum.pfsense.org/index.php?topic=83651.0 ) I have fixed some little things:1) Get the new-lines right so the output of the restarting looks neat...
Properly configure NAT Tranversal setting.
Remove debugging code
Properly test if FCGI is calling or are being triggered from shell. Normally Fixes #3361
Fixes #3938. Do more error checking.
Fixes #3941. When optimizations of the loops were made this brought the problems of overriding default gateway by dynamic interfaces. Try to stick to the first found for now!
clarify logs generated by newwanip(v6) when restarting packages, it's not only IP changes that end up here (by design).
Fix two more instances of rrd.tgz renaming.
Kill states associated with the old WAN IP when WAN IP has changed. Retainhidden config option to wipe all states on IP change, as there seemed tobe circumstances where the 'pfctl -k $oldip' didn't suffice for others(much of history in redmine ticket, some on forum and elsewhere). ticket
Allow accept_unencrypted_mainmode_messages to be enabled if needed
only kill all states if the IP changed. ticket #1629
Hide burst for limiters, since it doesn't do anything. more details inticket #3933
fix up text
FreeBSD fails to set advskew back to 0 after you set it to any othervalue. That's a separate issue that needs fixing upstream, but in the meantime, we can work around it by removing all CARP VIPs in the same way wedo when "Temporarily Disable CARP" is chosen before adding them all back....
Add option to kill all states on IP change, currently a hidden option for more testing. ticket #1629
Remove redundancy as pointed out by phil-davis
Merge pull request #1297 from phil-davis/patch-23
Decode recently created cert and key. It fixes #3964. While here, fix logical condition to create a new cert if crt or key is not present
domain and search should not both be defined in resolv.conf per FreeBSD man page and handbook (only the latter is actually used). Change this to just not use domain, and set the search to the system's domain where not using the function that generates the search list for dynamic WANs.
Enable unity plugin as per request from https://forum.pfsense.org/index.php?topic=79737.msg452808#msg452808
Support converting an IP range to an array of addresses
so that it can be used for expanding ranges in host alias input.
Merge pull request #1313 from phil-davis/patch-9
remove the command number shown in the shell prompt, it's a pointlesswaste of screen space
Prevent Internal Server Error if range is backwards
Fixes redmine #3950 - ip_range_to_subnet_array can easily swap the input parameters if the caller has passed/entered them the wrong way around. That is both friendly to the caller and ensures that a hostile caller can't blow up the routine....
hostnames can end with a . (and actually always do, it's just usually implied), so allow that here. Fixes wrong input validation in parts of nsupdate GUI, among other things.
Merge pull request #1306 from phil-davis/patch-3
Let user decide if he wants to proceed to the upgrade when sha256 fails to download. Fixes #3576
Underscores are valid characters in domains. Fixes #3219
Ticket #3932 For more than 100 entries create pipes in line with the rules file to speedup the process
Add command line script to generate and activate a new GUI certificate.
Fix descriptions and cn on generated GUI cert to be consistent.
Reintroduce the vfs.forcesync systl
Merge pull request #1309 from phil-davis/patch-5
Tame the poodle. Disable SSLv3.
Fix #3935 Properly allow WAN without LAN
Was broken by https://github.com/pfsense/pfsense/commit/bd0b5d2dc7a279d3473a65a11d67efb5e39392be
rename interfaces_carp_setup to interfaces_sync_setup and call it during bootup since it does not only relate to carp interfaces.
Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured
Fixes #3213. Allow up to 2900 limiters. This was set to 30 since limiters are to be controlled by mask and not created manually!
Make proper check here