UnivNautes

federation's metadata raw content can be added

Closes #5568

domain and search should not both be defined in resolv.conf per FreeBSD man page and handbook (only the latter is actually used). Change this to just not use domain, and set the search to the system's domain where not using the function that generates the search list for dynamic WANs.

Enable unity plugin as per request from https://forum.pfsense.org/index.php?topic=79737.msg452808#msg452808

Warn if attempting to import IPv6 range

There is currently no code to convert an IPv6 range to a set of corresponding IPv6 subnets, so warn the user if they attempt that from the alias bulk import GUI.

Support converting an IP range to an array of addresses

so that it can be used for expanding ranges in host alias input.

Expand range or subnet for host alias

When entering a host alias, if the user put an IP range (like 192.168.0.10-192.168.0.20) or a subnet (like 192.168.1.200/29) then expand it into a list of individual IP addresses. Check that it will not make too many rows to exceed the existing 5000 row limit on the GUI....

Merge pull request #1312 from phil-davis/patch-8

Merge pull request #1313 from phil-davis/patch-9

Add support for mac addresses blacklist

Closes #5572

Add support for mac addresses blacklist

Closes #5571

Add support for nameIDs blacklist

Closes #5571

Interface: add a page to configure blacklists

www: factorise saml tabs in a function

Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1

Merge pull request #1312 from phil-davis/patch-8

Prevent Internal Server Error if range is backwards

Teach the certificate generation code how to make a self-signed certificate, and
change the GUI cert generation code to use it. Also, move the GUI cert
generation code to its own function so we can add a GUI option to regenerate it
later. Also use some more sane defaults for the contents of the default self-...

Encode values before displaying them back to the user in notification settings

Encode values before displaying them back to the user in notification settings.

remove the command number shown in the shell prompt, it's a pointless
waste of screen space

Prevent Internal Server Error if range is backwards

Fixes redmine #3950 - ip_range_to_subnet_array can easily swap the input parameters if the caller has passed/entered them the wrong way around. That is both friendly to the caller and ensures that a hostile caller can't blow up the routine....

Prevent Internal Server Error if range is backwards

Fixes redmine #3950 - ip_range_to_subnet_array can easily swap the input parameters if the caller has passed/entered them the wrong way around. That is both friendly to the caller and ensures that a hostile caller can't blow up the routine....

+ is a valid character in some dynamic DNS providers' usernames. Fixes #3912

hostnames can end with a . (and actually always do, it's just usually implied), so allow that here. Fixes wrong input validation in parts of nsupdate GUI, among other things.

Merge pull request #1306 from phil-davis/patch-3

Let user decide if he wants to proceed to the upgrade when sha256 fails to download. Fixes #3576

h-node should be 8

h-node should be 8

Underscores are valid characters in domains. Fixes #3219

Ticket #3932 For more than 100 entries create pipes in line with the rules file to speedup the process

Merge pull request #1310 from phil-davis/patch-6

Merge pull request #1311 from phil-davis/patch-7

Fix the log widget to lookup hosts by DNS using a link rather than AJAX. Quick fix for now. Ticket #3829

Fix the log widget to lookup hosts by DNS using a link rather than AJAX. Quick fix for now. Ticket #3829

Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1

Add command line script to generate and activate a new GUI certificate.

Fix descriptions and cn on generated GUI cert to be consistent.

Reintroduce the vfs.forcesync systl

Merge pull request #1309 from phil-davis/patch-5

Tame the poodle. Disable SSLv3.

Tame the poodle. Disable SSLv3.

Manage dhcpleaseinlocaltime consistently

dhcpleaseinlocaltime is actually a global setting, but the setting is stored per-DHCP-enabled-interface.
The display code in status_dhcp_leases already sorts this out - if any interface has the setting enabled then the displayed lease times are adjusted to local time....

Provide an edit button for static mapped entries

As suggested in forum https://forum.pfsense.org/index.php?topic=82883.msg0#new
Instead of a non-functioning red plus icon, show an edit icon for static mapped entries, and take the user to services_dhcp_edit page if it is clicked. IMHO this makes it much easier to correct things that are noticed when viewing the Status, DHCP Leases display.

Whitespace in status_dhcp_leases.php

Fix #3935 Properly allow WAN without LAN

Was broken by https://github.com/pfsense/pfsense/commit/bd0b5d2dc7a279d3473a65a11d67efb5e39392be

rename interfaces_carp_setup to interfaces_sync_setup and call it during bootup since it does not only relate to carp interfaces.

Fixes #3727 Do not unset ondemand for ppp type interfaces since it is controlled here only for pppoe/l2tp

Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured

Fixes #3213. Allow up to 2900 limiters. This was set to 30 since limiters are to be controlled by mask and not created manually!

Make proper check here

Teach the certificate generation code how to make a self-signed certificate, and change the GUI cert generation code to use it. Also, move the GUI cert generation code to its own function so we can add a GUI option to regenerate it later.
Also use some more sane defaults for the contents of the default self-signed certificate's fields so it will be more unique and less likely to trigger problems in browser certificate storage handling.

update comment to reflect breakage caused here and reference associated redmine ticket, not high priority, can be fixed later

block IPv4 link-local. Per RFC 3927, hosts "MUST NOT send the packet to
any router for forwarding", and "any network device receiving such a
packet MUST NOT forward it". FreeBSD won't route it (route-to can override in
some circumstances), so it can't be in use as a real network anywhere with...

Fix PSK for non-ascii also here, ticket #3917

Fix initial console menu layout, it fixes #3884

Improve IPsec status page for mobile. It fixes #3917

Add missing gettext call

Add missing gettext calls

Fix indent and spaces

Does not accept non-ascii characters on IPsec PSK. It fiixes #3931

Close this form early since there is another form below

snmp: update SNMP ucd to work with univnautes 2.1

Closes #5566

univnautes.js: move idp link outside the button for Fx

Closes #5678

update input_error description after changes for ticket #3491

Properly set MTU for lagg interface, it fixes #3922

Make sentence more accurate as pointed out by phil-davis

GIF interfaces MTU must be something between 1280 and 8192, make the correct check. It fixes #3927

Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1

Merge pull request #1308 from phil-davis/patch-4

fix text

fix up text on sys_adv_misc

fix text and descriptions in GRE edit page

s/removing/omitting/g for gateway monitor log entires. "Removing" is not necessarily correct, there are many circumstances where this runs where it wasn't there to begin with, and is potentially misleading.

Fix pf syntax s/divert/divert-to/. It should fix #3921

Ticket #3860 Correctly display SMTP SSL TLS boxes

After using the "Test" button, $_POST['smtpssl'] and $_POST['smtptls'] was 'on' or null - this got blindly copied back into $pconfig[] and resulted in the state of the SSL/TLS/STARTTLS checkboxes not being redisplayed....

Fix an error introduced in bd0b5d2dc7 that makes system believe interfaces always mismatch

Remove the minimum NIC warning, this dates back to when minimum 2 NICs were supported and it made sense to throw this message at people. It's obvious a network appliance requires at least one NIC.

Update the URL for snapshots update

Be more strict when checking if olsrd is enabled, otherwise when package is deinstalled and configuration is kept dhcpd will consider it's always as enabled

Support up to 4 DNS Servers in DHCP

Support up to 4 DNS Servers in DHCP

Support up to 4 DNS Servers in DHCP

Support up to 4 DNS Servers in DHCP

Support up to 4 DNS Servers in DHCP

Add an option to restart php-fpm from console

Fixes #3909 Properly report and detect carp_status

Remove function that is not implemented properly. Nothing seems to use it.

Merge pull request #1303 from PiBa-NL/carp_without_matching_subnet

Merge pull request #1304 from sselph/powerd_normal_mode

Merge pull request #1305 from phil-davis/patch-2

Fix not rules for OPTn network case

Reported in forum https://forum.pfsense.org/index.php?topic=82319.0
The "if (is_subnet($src)) ... filter_address_add_vips_subnets" code needs to go outside all of the if that checks for opt interfaces (not just in the else part). That makes filter_address_add_vips_subnets get called in all cases, including when optn network is specified. (line 2264, 2265)...

Add powerd normal mode flag (-n)

Make proper check if IP address is configured on another interfaces and ignore current one. It fixes #3807

get back to our standard RFC-defined capitalization of IPsec

CARP, allow carp ip to be outside interface and alias subnets (FreeBSD10 feature)

Merge pull request #1300 from jean-m-cyr/master

Merge pull request #1298 from PiBa-NL/vips_sort

firewall_virtual_ip make the table sortable remove double tfoot, but use 2 tr inside.

Remove stray 'i'.
Reported-by: https://forum.pfsense.org/index.php?topic=82393.0

Fix up NTP status page formatting

Number of columns is not the same for all table rows

firewall_virtual_ip make the table sortable