Another fix even for XHTML compliance and proper selection
Fix some obvious problems in the code
Merge pull request #930 from nagyrobi/patch-4
Update services_ntpd.php
Merge pull request #928 from nagyrobi/patch-2
Update rrd.inc
Merge pull request #947 from stilez/patch-2
Filter log - ensure IPv6 AJAX resolve works too
Using str_replace(array('.', ':') as asked
Merge pull request #946 from phil-davis/master
Remove old webguiport code
Filter log - ensure IPv6 works too
webguiport is managed in system_advanced_admin.php these days, not here in system.php. This validation is never executed, so might a well clean up old unused code.
Fix #3469
Before downloading file to process urltable, there is a random waittime between 5 and 60 seconds. Because of this, the difference betweenfile mtime and current time can be less than $freq * 86400 and it'll beskipped. Add 90 seconds (60 of max random wait + 30 just to be sure) to...
Fix #3468, wording fix
Merge pull request #945 from phildd/master
Enhance interface gateway data entry descriptions
Merge pull request #944 from N0YB/RELENG_2_1
XHTML Compliance
CARP Status
Merge pull request #939 from phil-davis/master
Dodgy-looking stuff in graph calculations
Merge pull request #659 from mss/extended-query-example-work
Improve LDAP DN examples
Merge pull request #903 from phildd/RELENG_2_1
Releng 2 1 Enhance interface gateway data entry descriptions
Merge pull request #943 from stilez/patch-1
AJAX-ify DNS lookups in standard firewall/filter
The msgbox is no longer needed since there will be a validation process per se
Take single and double quotes into consideration
Merge pull request #942 from N0YB/RELENG_2_1
The standard firewall log has lookup ability but these open in a new tab/window, they don't show in the log, other places the same IP appears in the log aren't visibly resolved, - basically its begging for AJAX-ing....
Settings Logs Status
NTP Logs Status
Open VPN Logs Status
Load Balancer Logs Status
VPN Logs Status
PPP Logs Status
Portal Auth Logs Status
DHCP Logs Status
Only add dhcpv6 client allow rules if ipv6allow is set
Merge pull request #941 from N0YB/RELENG_2_1
Queues Status
Merge pull request #940 from N0YB/RELENG_2_1
Package Logs Status
Sprinkle ob_flush to avoid some warnings on 2.1
Fix issue with CSR generation. Ticket #2820
Move 'allow dhcpv6 client' rules above block bogonsv6 ones, it should fix #3395
Update status_ntpd.php
fixed tail path
Update ntp_status.widget.php
Fixes #3460. Ask for validation when real operation will be done and ask for the operation with POST to get protection from CRSF.
Remove code that is commented
I noticed that the graphs in this post - https://forum.pfsense.org/index.php/topic,72794.0.html - had numbers for in-block and out-block that had similar numbers to in-pass and out-pass. That seemed hard to believe. Found these calculations that look wrong.
corrected path
Update system.inc
Corrections made as requested
Updated errorneous paths. Sorry.
Create ntp_status.widget.php
Dedicated widget which has a javascript clock showing the server time accurately, and based on NTP's running state displays information about sync source, GPS state etc. It refreshes contents every minute, without reloading the entire page.
Create ntp_status.inc
NTP widget helper
Update status_rrd_graph_settings.php
Add NTP graph to settings
Update status_rrd_graph_img.php
Add NTP graph drawing
Update status_rrd_graph.php
Add NTP graphing
A bit more informative NTP status page...
Create services_ntpd_pps.php
Separate page for other PPS sources config
Merge pull request #927 from nagyrobi/patch-1
Update priv.defs.inc - add new NTP pages
Create services_ntpd_gps.php
Separate page to set GPS receiver pps sync
Extended options for NTPd
Add new NTPd functions
Add NTP graphing to RRD
Update priv.defs.inc
Fixes #3461. Remove any special char that can lead to shell/XSS compromises from submitted input.
Revert "Replaced gethostbyname() with gethostbynamel() to get a list of all IPs associated with the dns name and add them to the allowed list"
This change is not needed, filterdns will handle it.
This reverts commit d460371416d4e2cfef976d5a7616f63f6faa203f.
Check if the package is installed before deleting opteration is started
Ticket #3461. Protect output to browser by using htmlspecialchars.
Do not do any operations on system libraries. Nowdays pbis are used and those do not break things by definition
captive portal, don't generate rules for disabled portal
Merge pull request #891 from PiBa-NL/captive_disable
captive portal, don't generate rules for a disabled portal
Merge pull request #890 from N0YB/Gateway_Monitor
Gateway Monitor Advanced Settings
Merge pull request #904 from dv-user1/master
Replaced gethostbyname() with gethostbynamel() to get a list of all IPs ...
Revert "Pass the family to the get_real_interface function to retrieve the correct real interface. Might help Ticket #3357"
This reverts commit 7c77641060bc5662f75519556af5e4566078dfc6.
Really need the interface where v6 is running toa dd the gateway/route rather than the one used for the configuration. This Fixes #3357
This reverts commit cb431dbf47c53b72119bd8feca0217e1c25d998b.
Do not call rc.newwanip when pppoe gets a v6 ip.
Pass the family to the get_real_interface function to retrieve the correct real interface. Might help Ticket #3357
Merge pull request #926 from N0YB/RELENG_2_1
Open VPN Status
Merge pull request #925 from N0YB/RELENG_2_1
NTP Status
Merge pull request #924 from N0YB/RELENG_2_1
XHMTL Compliance
Load Balancer Status
Move this global declaration to the proper file rather than backend code
Put a timeout of 30 seconds to aid with Ticket #3412
Merge pull request #923 from N0YB/RELENG_2_1
IPsec Status TabsMostly element closings and minimizations (nowrap), empty table row.
Help ticket #3449:
Improve data validation to avoid save a host/subnet or a IPv4 withinvalid mask. The reported error is on javascript and only happen onIE8,but this fix will prevent the same issue happening in the future ona different browser.
Merge pull request #922 from N0YB/RELENG_2_1
RRD Graphs UpdateUse CDATA section instead of clunky decode hex value for ampersand in script.
Use correct parameter (bootfile-url) to configure netboot on DHCPdv6, it fixes #3421
Fix typo on variable name and really add custom options for dhcpdv6
Normally when an ip is set the interface comes up on BSD stacks. Though push this commit which Fixes #3281
Whitespace fix
Use htmlspecialchars(), a better solution for #2952
Grab exec result just to be careful
Put a kludge for now which Fixes #3280. It should be improved later on to have proper handling and overloading of configuration functions
Merge pull request #921 from phil-davis/RELENG_2_1
Enhanced validation of general DNS servers and gateways
Consider setting of noconcurrent login for passthrough expiry of users. Fixes #3340
Some tweaking to handle when switching off dhcpv6.
Merge 10 -> 10.1 and 10.1 -> 10.2 function upgrade since the recent changes done on 2.1.1 for Ticket #3441
Provide upgrade code after changes done for Ticket #3441
Use descr as the field name for voucher description so it gets CDATA protection. Fixes #3441
Use the 11th column for the radius context rather than overriding the interim interval field with it. Fixes #3447
Merge pull request #917 from phil-davis/master
Merge pull request #920 from N0YB/RELENG_2_1
Filter Reload StatusMark script as CDATA section to avoid expansion of the begin tag entity (<).
Filter Reload Status
Improve processing of DNS server changes
What a pain this was. The user can blank out a DNS server from a position in the middle of the list. e.g. they had all 4 entries previously filled, and then they blank out DNS server #3. The way the DNS servers are stored in the config, they are just the defined ones in an "un-indexed" array. So actually entries 1, 2 and 4 on the screen become 1st, 2nd and 3rd in the config. The selected gateways for 1, 2 and 4 then have to end up in positions 1, 2 and 3 to match the stored DNS servers....
Merge pull request #919 from N0YB/RELENG_2_1
System Logs Wireless Tab
System Logs Routing Tab
Merge pull request #918 from N0YB/RELENG_2_1
Status DHCPv6 Leases
Add a knob to let the user select which console (video or serial) is preferred in cases where there are multiple consoles present. Also provide a way to force this preference.
Add a mechanism by which the serial port can be forced on always regardless of the config setting. (useful for nano+vga setups)
Abort installation when pbi_add fails
Fix #2952, escape necessary chars to avoid xss injection
Respect g['tmp_path']
Use https to get updates, it helps #2952
Add https to update URLs and replace RELENG_8_3 by RELENG_10_0
Merge pull request #916 from N0YB/RELENG_2_1
Status DHCP Leases
Merge pull request #915 from N0YB/RELENG_2_1
Create an empty row in tbody if there are no log entries displayed.
Create an empty row in tbody when there are no firewall log entries displayed.
Merge pull request #913 from Aeyoun/string-max-connections-per-host-per-second
Change string to "Maximum new connections per host / per second(s)"
Clarifying the setting's meaning.
As suggested by forum member "Senser" onhttps://forum.pfsense.org/index.php/topic,65472.msg356024.html#msg356024
Obsolete old ipsec tools files
Be specific on the authentication method to use since xauth-eap will be active as well
Correct script path
Remove references to racoon and correct some handling of ipsec configuration
Remove copy paste leftover
If specified add authentication script configuration to strongswan.conf
Remove not used anymore parameters
Teach script to read authentication servers from environment
Fix symlink calls adding full link name, it fixes issue reported at https://forum.pfsense.org/index.php/topic,72405.0.html
Properly set the configuration here based on https://forum.pfsense.org/index.php/topic,68531.0.html
Catch a validation issue reported on the mailing list thread: IPv6 address data validation from: Brian Candler. It prevents putting a subnet in the address field since it then breaks the whole filter generation process
Make improvement to the check
When adding ip aliases on top of carp not in the subnet of the carp configured address but an ip alias of the real interface do not error out but accept this as a valid configuration.
Merge pull request #912 from phil-davis/master
Check for tmp captiveportal dir before making it
In forum: https://forum.pfsense.org/index.php/topic,72483.0.htmlWarning: mkdir(): File exists in /etc/inc/system.inc on line 878Not sure if you would rather call safe_mkdir here?
Declare $config global so we can test the pkg_nochecksig option
Fixup pkg_nochecksig option
Merge pull request #911 from candlerb/candlerb/3416
Fix for #3416
Correct javascript error which prevents PPP/PPPoE per-link settings frombeing displayed (bandwidth, MTU, MRU, MRRU).
Merge pull request #910 from phil-davis/RELENG_2_1
Releng 2 1 Standardize LAN net display
Standardise LAN net display
for 2.1.1
Merge pull request #909 from phil-davis/RELENG_2_1
Releng 2 1 Return all stats when all or remote is selected on Traffic Graph
Reorder Traffic Graph filter options so Local is default
Return all stats when all or remote is selected on Traffic Graph
and make the default query return "Local" traffic.
Merge pull request #906 from phil-davis/master
Return and filter appropriately when all or remote is selected on Traffic Graph
Merge pull request #908 from N0YB/XHTML_Compliance_RRD_Graphs
XHTML Compliance - RRD Graphs
Close input tag
openvpn, allow for entering client user credentials in the WebGUI
Make Local the default filter for Traffic Graph
to preserve the previous standard behavior that shows "Local" when Traffic Graph starts.
to preserve the old behavior, that it shows "Local" traffic when first started.
Return all when all or remote is selected on Traffic Graph
Merge pull request #905 from N0YB/XHTML_Compliance_RRD_Graphs
Replaced gethostbyname() with gethostbynamel() to get a list of all IPs associated with the dns name and add them to the allowed list
Add specific permission for easyrule.
Remove this sort. It's unnecessary and causes problems when editing and saving privileges, it can reorder users and cause edits to the wrong account.
s/http/https/ for doc.pfsense.org
Add support for signed PBI, help ticket #3365:
- Add an option to allow user to accept unsigned packages- The only missing part is public key, that needs to be added to/var/db/pbi/keys/pfSense.ssl
Merge pull request #902 from phil-davis/master
On the main firewall rules multi-rule display it shows "LAN net" "WAN net" etc. But on the edit screen it shows "LAN subnet" "WAN subnet" etc. Make the edit screen have the same text as the main screen - this has ben a source of enough little questions/queries on the forum.
Fix test, allows restoring last backup in the list. Fixes #3438
Remove PBI scripts since it'll be installed dynamically by tools
First swing at converting from racoon to StrongSWAN.It allows to use existing configurations on xml to generate StrongSWAN configurations.So its only IKEv1
escapeshellarg() is not required here
Teach php-fpm about our required environment path
Revert "Set PATH before call pbi related binaries"
This was pushed by mistake
This reverts commit 4c9bda43f5bcfd5ba9812c84199bbe4f1f158960.
Silent recently added symlink() calls
Fix some wrong escapeshellarg() calls
Conflicts: etc/inc/filter_log.inc etc/inc/pkg-utils.inc
Simplify logic calling grep less times, as done on mail_reports.inc on 2c6efc9
Use unlink_if_exists or @unlink to avoid PHP errors when file doesn't exist
Conflicts: usr/local/www/firewall_aliases_edit.php
Merge pull request #901 from Klaws--/patch-2
Added previously missing DSCP VA (requires kernel patch patch submitted ...
Merge pull request #900 from Klaws--/patch-1
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Conflicts: usr/local/www/diag_logs_vpn.php usr/local/www/firewall_aliases_edit.php usr/local/www/guiconfig.inc
Conflicts: etc/inc/filter_log.inc etc/inc/interfaces.inc etc/inc/pfsense-utils.inc etc/inc/pkg-utils.inc
Fix an obvious typo on var name
Use php function to get hostname instead of exec()
Add path for sysctl, also use -n param instead of awk
Simplify logic
Add {} between variables inside quotes
Set PATH before call pbi related binaries
Added previously missing DSCP VA (requires kernel patch patch submitted by me)
Using "limited" for ntp in this way denies client access. Issue #3384
Merge pull request #897 from N0YB/RELENG_2_1
XHTML Compliance - Status: System logs: Firewall
Add link to Unbound under the menu item name of 'DNS Resolver'
Merge pull request #899 from N0YB/patch-12
Update shortcuts.inc
XHTML ComplianceShortcuts edit link - r/&id/&id
Couple style vertical-align corrections
Sync pbi_create with pcbsd, add required functions.sh
Remove arch from fall back url since it's a single dir now
Dig is no longer available, drill is now the tool
Make sure unbound starts
Some grammer fixes spotted by Phil Davis
Make sure ACLs are saved correctly
Reference right service reconfig function
Add new xml array
More html formatting
Formatting
Table summary fix
Rename ACL file
Add additional functionality for stats and preconfigure variables
Add EDNS support for to resolv.conf
Add GUI components for Unbound
Start and configure Unbound on boot
Add Unbound service configuration
Add chroot for Unbound
Add Unbound code
Add Unbound to the services list
Add Unbound to the system password and group files
Include these check boxes.
Fix typo on variable name, it fixes #3414
Really fix #3376
Thanks to Grischa Zengel for spotting the semi-colon at the end of the "if" line that was the real cause. Please also back merge this to 2.1 branch.
Merge pull request #896 from phil-davis/master
Really fix #3376 Alias Edit does not display correctly
An attribute value specification must be an attribute value literal unless SHORTTAG YES is specifiedQuote (or escape) the quotes so they show up in the HTML.Use style where attribute not supported.Relocate tfoot to supported location and add tbody....
Merge pull request #895 from N0YB/RELENG_2_1
Also make the dialog_output query string option XHTML compliant.
Merge pull request #894 from N0YB/RELENG_2_1
Make select option XHTML compliant for "Number of lines to display".
http://validator.w3.org/check"SELECTED" is not a member of a group specified for any attribute<option value="7" SELECTED >7</option>
The name and VI delimiter can be omitted from an attribute specification only if SHORTTAG YES is specified...
Merge pull request #893 from N0YB/RELENG_2_1
The service status icon is not always in a table.
Missing a couple table element end tags.
The service status icon (get_service_status_icon) is not always in a table.
So the caller should apply table td element, rather than the function.
Document type does not allow element "td" here <td class="listr" align="center">The element named above was found in a context where it is not allowed.
Recommended changes made to calculated value input behavior.Restrict interval to integer of 1 or greater.
Obsolete openssl from ports files and also base nsupdate
Fix nsupdate path
Exposes 3 additional apinger configuration options in the gateway monitor advanced section which can either be set manually, calculated based on interval, or use the hard coded defaults. 1) Avg Delay Samples 2) Avg Loss Samples...
Merge pull request #888 from PiBa-NL/pkg-utils-append-log
pkg-utils do not clear first part of installation log.
Fix openssl path
Do not list the same CARP ip as an option for Interface
Replace regex by explode as suggested by Ermal
Fix typo on variable name
Revert "Fix #3350. Do not destroy an interface when it's being disabled"
Ermal reported issues when changes are made on VLAN parent interfacewith this patch. He did other changes and interface_configure() will nowbe able to re-create VLAN interface
This reverts commit f70a140fe18cb80012e53f82c268788fbcae5436.
This reverts commit 5bc623536d8bb3b93e68a1b1535c9de582721a09.
Correct this i thought i already did. Thanks-to: Phil Davis for spotting
Do not need to go in the internet world to start a package
Fix FreeBSD version detection for 10.x
Obsolete old ntp binaries
Bump version
Merge pull request #887 from brunostein/tracker_firewall_rule
added input hidden with tracker value
ports ntp moved to sbin, follow
Merge pull request #886 from dotike/master
locale path name clarification
include gettext locales in line encoding list
portable object (.po) and portable object translation (.pot) files
Signed-off-by: Isaac (.ike) Levy <ike@blackskyresearch.net>
Cleanup- most languages simply need the ascii abreviation.
Ful country code and encoding was necessary for pt_BR.ISO8859-1, (Brazilian Portuguese), and since it was the first translation, I followed the same format.
updates to license.php
Use "disable monitor" in NTP config to mitigate CVE-2013-5211.
Merge pull request #884 from dotike/master
Phase 1 ja_JA.UTF8 Translation
Should to go master, not RELENG_2_1. Revert "Merge pull request #882 from derelict-pf/cp-nohttpsforwards"
This reverts commit f8d1587b6e2cd8441fa16733a02af25257fc7708, reversingchanges made to 51922cb793b83bf7d22fdaa47205fd59b4d70e87.
Merge pull request #882 from derelict-pf/cp-nohttpsforwards
Add checkbox and logic to disable forwarding HTTPS/SSL (Port 443)
removing my fork README
bug address
Machine Translation (Phase 1) Complete.
Next steps:- generate the .mo files and try loading it up- Japanese Native Speaker(s) sanity pass through (roughly 20% complete already)- Review by pfSense authors/community
Machine generation used Google Translate API, translate.google.com, and Mort Yao's goog le-translate-cli
Wrapped some parsing around the following utility by Mort Yao, https://github.com/soimort/google-translate-cli
first full machine run
workspot: great, but this process requires tedious re-running the program.
Next step: wrap the translation step in a timeout, and print some simple hook in the output so you can find it for the machine translation copy/paste dance
workspot: cleanup and continued translation
X-Generator: vim(1), awk(1), sed(1) - for real.
workspot: trying to speed up machine translation
workspot: pass through to correct minor syntax
Signed-off-by: Isaac (.ike) Levy <ike@blackskyresearch.net>Signed-off-by: Kiyo Takami <foof@blackskyresearch.net>
workspot: mechincal first pass
workspot: continuing with machine translation, several heavily repeated phrases scrutinized
workspot: plowing ahead with machine translation
workspot: continuing machine translation first pass
workspot: carp and interface bits, continued first pass machine translation
workspot: firewall, interfaces, still plowing through machine translation
workspot: RADIUS and Captive Portal messages, machine translations
encoding change, and wrapping up LDAP sections rough pass
continued cumulative machine translations
Temporary README for GitHub fork
workspot: country names
jp syntax change
workspot, continuing to run through with rough human-augmented machine translation
workspot- plowing through with rough human-augmented machine translation
start by copying pt_BR locale
Merge pull request #880 from phil-davis/master
Check for vertical bars in alias detail descriptions
Check for vertical bar at start or end of description
The descriptions of each entry in an alias are stored in config.xml as a list delimited by "||". So you cannot have "||" in the actual description (or the description effectively splits into the next entry). Also you cannot start or end the description with "|" or it will be very confusing having the config with "|||" in it....
Add 'limited' to ntpd restrict list to workaround CVE-2013-5211. It fixes #3384
Update reserved_keywords checks to match firewall_aliases_edit
firewall_aliases_import should have the same checks for reserved names as firewall_aliases_editThis code should really be in a function in a common include file, but which one is the appropriate one?...
Merge pull request #879 from phil-davis/master
This might also say "icmpv6" here and lead to a bad rule.
Add an option to force a gateway to be down, it fixes #2847
Merge pull request #871 from phildd/master
Dynamic DNS: List GWGs in Interface to send update from
Merge pull request #878 from phil-davis/master
Bulk Import: fix copy-paste var name error
Merge pull request #877 from phil-davis/master
Allow individual line descriptions on alias bulk import
This enhancement allows the user to make a text file of IP addresses, IP subnets and/or IP ranges, like they have always been able to do, but with this they can put a description after each IP number and that description text will be saved in the alias. All existing functionality without specifying a description is unchanged, so it is backward-compatible....
Merge pull request #875 from dotike/spellcheck
minor spelling correction for pfSense master branch
Oops correct php syntax
Do not allocate the same pipe to everyone rather give each person its own!
Use empty here for testing even if the setting is unset
Move to zerocopy_enbale for bpf to optimize bpf logging which uses bpf interface. This should increase the general performance since pflog is always enabled.
Merge pull request #873 from tuyan/patch/copyright_years
Update product_copyright_years end to be calculated on the fly.
Update copyright_years to be calculated on the fly.
DyndDNS edit: unset vars when no longer used
fix syntax
Fix filter regex
Merge pull request #870 from blagynchy/patch-1
Happy New Year 2014!
Optimal: Just updating the copyright years;
I wish to all of you all of health, happiness and good luck of earth to be in your hands for the new year! Other will come up later :)
And make pfsense better then before, more flexible for management/viewing from web (3rd party) using samba,ftp,whois,hw temp..etc....
Upgrade all firewall rules to include a tracker field. Add a tracker field even for nat for later usage while here.
Generate a tracker id for the filter rules for now. Maybe for nat rules as well?
Remove scrub as well
List GWGs in Interface to send update from
Remove even negating nat rules
Correct matching for single rule. Somehow the egrep did not work there!
Speed up a bit rule number identification by avoiding going into kernel but using the rules parsing of pf which gives the same effect.
Merge pull request #866 from andrespetralli/master
Enabling advanced RFC 2136 configuration for DHCPd service
Fix display of CIDR/Update Freq in Alias Edit
Fixes #3376. I have no idea what the "^" characters were meant to do, but removing them makes the CIDR/Update Freq value be displayed correctly when editing. Will there be some other side-effect from removing the "^"?
Validate IP address ranges correctly on Alias Bulk Import
The code was there to attempt to validate and implement IP address range lines in Alias Bulk Import e.g.10.20.0.0-10.21.22.0should produce a bunch of smaller ranges with appropriate CIDRs.This fixes the code so IP address ranges actually make it through into the resulting Alias.
Merge pull request #868 from phildd/master
Merge pull request #867 from phil-davis/master
Modernize a bit the sshd sart file
Use the check properly!
Correct the check to what was intended
Remove not needed code
Make sense of interface mtu handling code. No need to do unneeded operations. This fixes slow boot times and proper handling of mtu for vlans though some work or better model is needed for other interface types. Manual merge of 53555bf2f796cd53cf649410fe1827a9a45fc4a7
Make sense of interface mtu handling code. No need to do unneeded operations. This fixes slow boot times and proper handling of mtu for vlans though some work or better model is needed for other interface types.
Add sshd service to list (if enabled)
Delete static route when monitor IP is removed, also save monitor IP even when it's disabled
No reason to set the same value to ipprotocol
Fix a bug introduced in commit 06b8d43c that breaks return_gateways_array() called with $disabled == false
fix typo
Fix wording/spacing
Add support for local (push route) and remote (iroute) network definitions in an OpenVPN client-specific override entry.
Make this box a little narrow so it doesn't force the descriptions to wrap.
Use empty even here
Add a "status" subcommand to the svc php shell script.
Check if there is a value before trying to do any operation
Add a setting to allow the user to specify the clog file size so more (or less) entries may be kept in the raw logs. Retain previous default size values if the user has not specified a preferred size. Files can only be resized when initialized, so provide a "Reset All Logs" button as well to force clear all logs and set them up at the new size.
Correct the php-fpm configuration generation
Fix #3354, savecore -C only expects dumpdev
Add an option for users to be able to adjust how many configuration revisions are kept in the local backup cache.
Show backup file size in config history.
Fix syntax, unbreak dashboard
Fix syntax
Use intval even here
Use intval here to not trust php and also use empty which gives more protections
Sprinkle some more unsets
Remove /var/run/booting early to be consistent with $g['booting']
Revert "Make sure functions called by rc.start_packages can see $g['booting'] when we are booting"
This reverts commit 5eb99ec9fae6b6ff077559b3feab8565701f2635.
Revert "Only unset $g['booting'] when it was set here"
This reverts commit 73abb573feae03b164d3ed4284db4ed4ff26a256.
This reverts commit 8a461f41db7907b310171b6e0fb901b2f5e7e2fe.
This reverts commit 47493bd326cd7141df7df708b69e10479ed800af.
Only unset $g['booting'] when it was set here
Make sure functions called by rc.start_packages can see $g['booting'] when we are booting
When WANTIME is empty, there is nothing to do here
test only does integer comparison, use bc to compare float
Save status even if no script is executed
On first run REVIOUSSTATUS doesn't exist, so it cannot be UP or DOWN, invert the logic to fix this. While I'm here, check if file exists before cat it
While here unset some variables even on vouchers side
Merge manually 4fd85b115e2550969ddeadd43a2bc6dafff21779 3f2ae9d58f5ea3d9de175e8daa9c8902b3f23440 and e049c5e74f009430e22e446f149a552d00846d7a
Remove not relevant comment now. Also make the operation clear to avoid priority issues.
unset these values to not confuse php
Properly initialize this
Switch to a while loop to make things clear and readble. Also properly set zone dedicated rules in the rules/pipes DBs to properly release when a zone is deactivated
Merge pull request #863 from dhiltonp/master
/usr/local/www/system.php: strip excess whitespace from ntp field
This change adds the ability to configure RFC 2136 domain name updatesusing a hmac-md5 keyname/key.
Fix DHCP lease time display, strftime already convert it to local timezone, so we no need to calc offset
Remove 'deny unknown clients' option from DHCPv6 since it's not supported, it fixes #3364
Make sure to give the zone a name during the upgrade, or else it comes through with a blank/null name.
Correct displaying states status and avoid divison by zero due to wrong data collected
Avoid dashboard divide by zero errors
Merge pull request #865 from phildd/master
Add checkbox and logic to disable forwarding HTTPS/SSL (Port 443)connections to the captive portal if HTTPS logins is enabled.
Use return rather than exit to be friendly on CGI
Addapt rc.newwanipv6 to FCGI calling
Call rc.newwanipv6 efficently through FCGI
Do not register the _ENV superglobal since its not required and probably not very useful in a [F]CGI world and its limit is restricted nowdays in pfSense.
Rmoeve register_long_arrays from php.ini and from php code the use of HTTP_*_VARS as its deprecated and luckily low use in pfSense to win memory and compativility
Provide a setting to disable the auto added LAN SPDs in the DB
Make even ipsec script ready for GET arguments but later on it will be used as such
Use closelog to explicitly close open resource.
Move also tls-verify to fcgicli to avoid forking php process. Maybe even this should be done as a plugin to avoid overhead of forking.
Migrate openvpn authentication to use fcgicli rather than forking a php process. Maybe should could consider to write a short library todo this
Use proper function to check for ipaddr and also do not call the module ip set function since its only v4 fro now
Correct removing the ip addresses from an interface!
Correct issues not only with vlans but all other clonable interfaces(related to Ticket #3270. Also correct removing old ip addresses from the interface and handling the right interface on interface renabling.
Use does_interface_exist rather than calling ifconfig directly
Set latest config version
Convert ipaliases over carp to new world order
Reduce the total minutes by the remote minutes used, do not use the value directly. Otherwise the voucher will be cut short or listed invalid when it otherwise should have time left over.
Fix saving of voucher sync settings.
Register a function to unset certain globals after requests finish processing to release memory early
Rely on memory rather than LOWMEM boolean
Use same value consistently for configuration and tolerate a bit more
Use events to start sshd rather than relying on forking
Support if called from fastcgi
Send events to check_reload_status for carp master/backup
Call all php scripts in bootup with fcgicli. For rc.bootup only the part needing input needs to be abstracted
Mute the output of the command since its not really useful
Remove deprecated sysctls. vfs.forcesync needs to be seen if the patch needs to be put in place again!
Use system ident rather than php-fpm for system logs
Switch to php-fpm for lighty and check_reload_status will use it. Step by step will migrate the other calls
Remove a probably bad copy/paste line
Make scripts able to react when called from FCGI with GET method
Properly detect if an ip is already configured for VIP. Remove useless checks for carp
Add an option to restore default logout/error/portal custom pages on Captive Portal. Fixes #3362
Fix parsing of the rule number in the pf log on FreeBSD 10.x, part of Bug #2122
/usr/local/www/system.php: strip excess whitespace from ntp field before processing
Use current racoon.conf syntax to avoid issues when deprecated one is removed, it fixes #3338
Check that DHCP end IP is >= DHCP start IP
Use correct vars for IPv6 when checking subnet start and end
Merge pull request #862 from phil-davis/master
Fixes for DHCP range validation when entering from console
Fix vpn_pppoe_get_id and stop duplicating pppoeid for multiple servers, it fixes #2286
tidy up html
Fix whitespaces and indent
Fix checking DHCP end IP is in range
Cut-paste bug
Merge pull request #861 from phil-davis/master
added missing quotes
thx rbgarga
Allow setting a default scale type preference for the traffic graphs widget
I originally submitted this at https://redmine.pfsense.org/issues/2994but it seems that is not used for commits now so I am adding it here.It works great on my box, and I can't see these changes causing any...
Merge pull request #860 from iamzam/RELENG_2_1
Allow setting a default scale type preference for the traffic graphs wid...
Nice race on FreeBSD 10 for carp seems you cannot do on the same command line the carp config due to inherent races. Account for this
This needs to have alias added to not remove the interface ip
Correct curlies yet again
Use _vip as identified for CARP vip IPs to allow easier upgrade code. This way only ipaliases on carp need to be upgraded.
Load only the options rather than clearing the whole ruleset. This solves a problematic issue on 2.1
Load only the options and nothing else
Add a knob to prefer IPv4 over IPv6, it fixes #2833
Unbreak etc/sshd, add a missing quote
Check if dhcp start and end addresses are inside interface subnet, helps #3196
Add function is_inrange() that calls is_inrange_v6 or is_inrange_v4 accordingly
When user attempt to set network or broadcast address, ask again for the IP address. Issue #3196
Also account for a widget being null/not defined, and not just closed/open.
Identify vips where needed by @ symbol that will be used
Make more strict checks
Provide proper interface for getting carp status
Remove not true comment
Correct syntax
Create even elyptic curve keys
Handle more carp enahancements for FreeBSD 10. the interface vips will be names $if@$vhid since the interface name is the same as other ips.
Optimize a bit
Prevent network or broadcast address to be set on interface (console, GUI and wizard). It should fix #3196
Use proper interface here
Correct only carp value changes
Add FreeBSD pkgng repo definition
Fix #3350. Do not destroy an interface when it's being disabled
Remove a left testing code
Correct CARP events on devd and the argument processing on called scripts
Fix #3339. Add a way to download CP portal, error and logout html pages
When reset webConfigurator password, if authentication server is not Local Database, ask user to back to it. Fix #3341
Show aliases popup on Outbound NAT list
Declare missing global vars and fix gateway deletion
Fix typos
One more typo on Alternative Names fill, that was setting type field with $value
Fix a (probably) copy/paste issue that is making all Alternative Names disapear when an input error is detected
Remove 0.0.0.0 from automatic outbound nat rules
Remove references to _vip interface and provide proper configuration for carp on FreeBSD 10. Still some places to deal with this and certainly missing upgrade code
Fix 0.0.0.0 mask for automatic outbound NAT
fix 0.0.0.0 subnet for automatic outbound NAT rules, fixes #2416
Stop sorting 1to1 rules and leave user decide the order. Fixes #3327
Allow toggle enable/disable, reorder and multiple delete static routes
Show all gateway entries, even if interface doesn't exist, to avoid adding duplicate items or edit config by hand to remove old entries. While I'm here, allow multiple delete, and toggle enable/disable
Add an option to disable gateway items
Add a new param to return_gateways_array and make it return gateways when interface doesn't exist. Default behavior didn't change. Also check the new gateway parameter (disabled) when filtering
Stop sorting static routed and leave user decide the order
Make it more visible when an item is disabled
Allow an "empty" CRL to be exported, since this is still a valid action.
No need for a second rule forwarding http
Correct generation of lighty configuration with zoneid changing to lower that 4000 value
Start from 2 here as well
Since zoneid need to be less then 4096 provide some upgrade code to handle that from existing configs
Merge pull request #858 from timdufrane/master
Add DHCP without gateway capability
Catch up with mac needed for all operations in the table nowdays.
prefork for relayd is usefull only in DNS mode
Merge pull request #859 from CharlieMarshall/loaderFix
fix up loader.js for theme pfsense_ng_fs - Fixes traffic shaper graphs not loader as reported in the forum
remove unneeded ';'
fix traffic shaper progress bars not displaying
Properly create zones for the CP with the new command arguments and properly invoke ipfw for applying rules and other configuration options.
Remove maximumtables even from the GUI since there is no option
Fix #3331. Set interface subnet as destination when VIP is in the same subnet, otherwise use VIP subnet instead of IP address
FreeBSD 10 pf does not have a limit for table entries
Merge pull request #857 from Wraul/add_city_network_dyndns
Added support for City Network to Dynamic DNS.
Fix an issue that changes wrong gateway entry when items are hidden
Don't flush interface cache on each call of the function when looping through all gateways.
Add hability to insert after, reorder, batch delete and enable/disable to 1:1 NAT rules. It fixes #3327
We do not need 2 variables to do the same thing, simplify it a bit
Improve text on outbound NAT page to reflect last changes, it should fix #2416
Fix a wrong } left on my last commit
Try to detect already automatically created outbound NAT rules and avoid duplicating them. Also automatically create rules when switching from hybrid to manual. Ticket #2416
Add subnet to 0.0.0.0 otherwise it's not added to table, ticket #2416
Use the same code to automatically create outbound NAT rules when mode change to manual, ticket #2416
Add gettext() to recently added strings
Add an option to return outbound NAT automatic to nat hosts with description, ticket #2416
Make sure automatic rules are created even if mode is not set, ticket #2416
Many fixes on privileges, ticket #3216:
- Remove unused privilege page-diagnostics-logs-wireless- Remove duplicated privileges- Fix limiter-info, pf-info and system-pftop that were using wrong name- Add privs for services-igmpproxy-edit- Fix ID for acptiveportal allowedhostnames and editallowedhostnames...
- Rename some privileges: page-diag-system-activity => page-diagnostics-system-activity page-interfacess-groups => page-interfaces-groups page-interfacess-lagg => page-interfaces-lagg page-interfacess-qinq => page-interfaces-qinq...
Merge pull request #855 from ExolonDX/branch_01
Tidy up the "Helper Icons"
City Network is a Swedish web hosting company.They provide a dynamic DNS service for their customers.This service uses the dyndns2 protocol.
Move automatic rules to a separate table, ticket #2416
Provide a more safe way to avoid pw userdel being interactive because of a crontab existance
Revert "local_sync_accounts: provides empty STDIN to pw userdel command"
This reverts commit c6b156bfa537754d079868653ef3561eb1330d8c.
Merge pull request #856 from ExolonDX/branch_02
Tidy up "interface_statistics.widget.php"
Show advanced outbound rules and inform user what are being used and what are being ignored. It should fix #2416
Split automatic to nat hosts fill into a function to be able to call it from other place, ticket #2416
Remove padding surrounding the main table, makes the widget have thesame "look and feel" as the other widgets.
The "Helper Icons" at the top right of some service pages at presentproduces 30+ HTML errors/warnings, this is due to the table cell beingwrapped in a span statement then in a div statement, table cells canonly be part of a table row then within a table statement....
Remove unused variables and fix automatic nat to alias-address
Merge pull request #854 from icyfork/provides_empty_STDIN_to_pw_command
local_sync_accounts: provides empty STDIN to pw userdel command
Add missing count increment
Add hybrid and disabled outbound NAT, fixes #2416:
- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced keep working the same way- Hybrid mode applies manual rules first, automatic after- Disabled do no create any outbound NAT rules...
The /usr/sbin/pw command may wait for user input. For example,if there is a manual crontab settings for :foobar account, thenwhen this account is requested to be deleted, the command willask if user wants to delete crontab settings for the account....
Fix indent, whitespaces and a close a couple of unbalanced tags
Handle comma-separated list of remote networks when making vpn_networks table
If remote_networks for an OpenVPN instance is a list of more than 1 network then none of the networks gets added to the vpn_networks table. The code simply did not address this new comma-separated list feature. Now it does, and the vpn_networks table contains all the remote networks listed....
Merge pull request #850 from phil-davis/master
Add an option to set no-sync on rules to keep states from being synced via pfsync. Fix #2501
Merge pull request #831 from ExolonDX/branch_06
Tidy up "diag_logs_filter_summary.php" XHTML
Merge pull request #829 from ExolonDX/branch_04
Tidy up "diag_logs_filter.php" XHTML
Rework the usage of the shell i/o during stop_packages(), fixes the "Syntax error: bad fd number" for the remaining people who still saw it on shutdown
This tag could be present, but empty. Skip processing if the interface has no IP address.
If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. Fixes #3313
Fix #3298 and few other fixes:
. Check for fixed array keys (pkg_categories_min_count, pkg_categories_max_display and pkg_default_categories) instead of undeclared variables. Add a new default category "All" . Use proper class on 'Category' columns when it is visible...
Fix indent and whitespaces
Merge pull request #844 from ExolonDX/branch_20
Tidy up "diag_logs_openvpn.php" XHTML
Merge pull request #843 from ExolonDX/branch_19
Tidy up "diag_logs.php" XHTML
Merge pull request #842 from ExolonDX/branch_17
Tidy up "diag_logs_wireless.php" XHTML
Merge pull request #841 from ExolonDX/branch_16
Tidy up "diag_logs_vpn.php" XHTML
Merge pull request #840 from ExolonDX/branch_15
Tidy up "diag_logs_settings.php" XHTML
Merge pull request #839 from ExolonDX/branch_14
Tidy up "diag_logs_routing.php" XHTML
Merge pull request #838 from ExolonDX/branch_13
Tidy up "diag_logs_resolver.php" XHTML
Merge pull request #837 from ExolonDX/branch_12
Tidy up "diag_logs_relayd.php" XHTML
Merge pull request #836 from ExolonDX/branch_11
Tidy up "diag_logs_ppp.php" XHTML
Merge pull request #834 from ExolonDX/branch_09
Tidy up "diag_logs_ntpd.php" XHTML
Merge pull request #833 from ExolonDX/branch_08
Tidy up "diag_logs_ipsec.php" XHTML
Merge pull request #832 from ExolonDX/branch_07
Tidy up "diag_logs_gateways.php" XHTML
Merge pull request #830 from ExolonDX/branch_05
Tidy up "diag_logs_filter_dynamic.php" XHTML
Merge pull request #828 from ExolonDX/branch_03
Tidy up "diag_logs_dhcp.php" XHTML
Merge pull request #827 from ExolonDX/branch_02
Tidy up "diag_logs_auth.php" XHTML
Unset this variable used in the loop to avoid having wrong information
Do not forget the trace in the pf.conf that something went wrong during rules generation to be able to at least detect what is going on
Merge pull request #846 from jean-m-cyr/RELENG_2_1
Give clients the IPV6 address of the DNS server
system_camanager init $input_errors so array_push works
Fixes input validation when creating an internal certificate. Reported in forum http://forum.pfsense.org/index.php/topic,68849.0.html
Merge pull request #848 from phil-davis/master
Merge pull request #845 from jean-m-cyr/master
Merge pull request #849 from Robert-Nelson/RELENG_2_1
Fix #3301
Simplify the code.
No need to worry about the second column, we only need to pad the first one.
Rewrite the display_host_results() function to use spaces instead oftabs. It does a much better job of aligning the fields in each columnand works in all the browsers, particularly chrome which doesn'tsupport the tab character.
It still isn't perfect due to the javascript alert() function's...
Merge pull request #847 from Robert-Nelson/master
Rewrite the display_host_results() function to use spaces instead of tabs
For IPV6 WAN tracking interfaces, dhcpdv6 does not provide an IPV6address for the DNS server... fix that. The IPV6 address should be theLAN interface IPV6 address, which is served by dnsmask, unbound, orbind.
For IPV6 WAN tracking interfaces, dhcpdv6 does not provide an IPV6address for the DNS server... fix that.
Add SUMMARY to table statementsClose BR and INPUT statements
Add SUMMARY to tables
Add SUMMARY to table statementsClose BR and INPUT statementsMove closing FORM statement into table cell statement
Move NOWRAP Boolean operator into CLASS statementsAdd ALT and close IMG statementsAdd SUMMARY to table statementsDeprecate ampersandsClose INPUT statementsAdd closing BODY and closing HTML statements
Add "closehead" PHP variable and close the HEAD statementAdd CDATA to script statementAdd SUMMARY to table statementTidy up HTML Boolean operatorsClose BR and INPUT statementsRemove duplicate closing table cell statement
Add SUMMARY to table statementsClose BR and INPUT statementsMove closing FORM statement into table cell
Add SUMMARY to table statements
Add SUMMARY to table statementsClose BR and INPUT statementsMove closing FORM into table cell
Add SUMMARY to table statementsClose INPUT statement
Remove "px" from width statement, not valid in XHTMLAdd SUMMARY to table statementsAdd ALT and close img statementsAdd CDATA to script statementsAdd secondary TAB row for "filter" and "dynamic" logsAdd closing BODY and HTML statements
Add CDATA to script statementsMove NOWRAP Boolean operator into class statementAdd SUMMARY to table statementsAdd secondary TAB row for "filter" and "summary" logsClose INPUT tags
Add SUMMARY to table statementsAdd secondary row of TABS for "Dynamic" and "Summary" logsClosing BR and INPUT tagsTidy up HTML Boolean operatorsMove NOWRAP Boolean operator into CLASS statementDeprecate Ampersand
Add SUMMARY to table statementsClose BR and INPUT statementsMove close FORM into table cell
Call conf_mount_rw before delete user, a better fix for #3294
Revert "Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294"
This reverts commit fa757d146c85261b7e90d226c1aecd38089d7e20.
This reverts commit b1e5a286bb47d7e4a5b3d589cc27b557b3b13c41.
Prevent a Fall Back Pool from being selected when the DNS protocol is in use. If one is present in the config, ignore it. Fixes #3300
Teach system_timezone_configure() to deal with symlinks to avoid having timezone misconfigured. This fixes #3293
Update zoneinfo to 2013.h
Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294
Unset value should be '' and not 'none'
Change OpenVPN Compression settings to cover the full range of allowed settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).
Add Auth Digest to OpenVPN wizard also.
Add an Authentication Digest Algorithm drop-down to OpenVPN server/client (SHA1 is the default since that is OpenVPN's default)
Revert "Define dynamic gateway for GRE interfaces and do not user to define IP address to the interface. Fixes #3280"
Another solution will be implemented
This reverts commit 6721d6d0443bd7e697bd6ca33f470c801608df7e.
This reverts commit bb6291e0204ffe2828fe9c9425bdae9c8541fe54.
Define dynamic gateway for GRE interfaces and do not user to define IP address to the interface. Fixes #3280
Make return_gateways_array() return all disabled gateways when $disabled is true, it should fix #3291
Merge pull request #822 from CharlieMarshall/interfacesWidget
cleanup interfaces.widget.php
Fix an attempt to read unset variable $rtent
Use a more accurate error message, fixes #3282
Add source address selection to syslog settings, so it can work more effectively over a VPN. Fixes #355
Fix #3235
. diag_nanobsd.php: . Since conf_mount_ro() is always being called, always call conf_mount_rw to keep refcount correct . Do not show refcount_read() return when it's -1. config.lib.inc . Increment and decrement refcount even if nanobsd_force_rw is set....
Prepend ipsec_ here as well for better protection
Use the pid of the process for the tmp file also prepend ovpn_ here to make it clear
Correct even here the routes from cisco-avpair processing
Use the pid of the process for the tmp file
Make sure pf rule labels never have more than 63 chars. It should fix #3208
Remove redundant test for OpenVPN resync_needed
Check for disabled OpenVPN instances in openvpn_resync_if_needed
It is much cleaner if we check first for disabled OpenVPN instances, before diving into all the other checks. Note, the final openvpn_resync() does call other routines that finally check if the instance is disabled, but there are so many checks here for various conditions to be met before calling openvpn_resync that it looks better (safer) to bail out early if the instance is disabled.
Fix logic inn detecting if OpenVPN resync needed
Commit https://github.com/pfsense/pfsense/commit/f33dcc5c79c54af7daf91a81cfdd7f489e8cb67c reversed the logic sequence when testing if $resync_needed - the individual tests were changed from "==" to "!=" and so on, but the conjunction also need to be changed - "or" needs to be "and". I had noticed that VPNs on some gateway groups of mine didn't failover recently, but hadn't gone looking for the problem until now....
Merge pull request #813 from phil-davis/master
Fix logic in detecting if OpenVPN resync needed, fixes #3255
Fix cisco-avpair processing, and route processing from avpair replies.
Make the RADIUS settings respect the description of the timeout field. If the timeout value is left blank, use 5 seconds, don't print an error.
Make it more explicit that 'update freq.' unit is days
Remove unused variable
Add missing privileges to the list, it fixes #3279
Fix typo and whitespace
Fix priv name
Optimize DHCPv4 lease display online status for static leases. Do not re-parse complete ARP table for each lease, as it can be slow with large ARP tables.
Fix #3283, use jQuery to change attributes based on id
Set id for select elements created dynamicaly created
Limit CIDR choices for IPv4 on GRE interface, fixes #3277
Fix #3259. Save 'packet loss rate' and 'bucket size' for limiter queues
Fix #3273
- When you disable a interface, it destroys vlan interface from system.Do not report error when interface doesn't exist.- While I'm here, use pfSense_interface_destroy() instead of ifconfig
Prevent a possible division by zero. it fixes #3212
Actually there is no reason to set a variable just to use once
Fix #3242 and some code cleanup:
- Only explode '/' and set address_subnet when address is a subnet, it fixes issue reported at #3242- While I'm here, do some cleanup on the way addresses are treated - Remove unecessary variable $tracker, we already have $counter set...
Make sure vlan interface exist when it's being configured, it fixes #3270
Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180
Fix #3268 - avoid pf table names conflict:
. Create a list of reserved table names for the hardcoded ones. Use this list to validate aliases and load balance pool names. Check if alias names don't conflict with LB pool names and vice-versa
Merge pull request #817 from stephanel/master
Added OVH DynHOST in dynamic DNS services
Merge pull request #819 from CharlieMarshall/responsive
make dashboard responsive (theme pfsense_ng_fs)
some tidying up
make dashboard responsive
Add Captive Portal Zones privileges definition. Fix #3216
Allow special chars to be used on IPSec mobile login banner. Fixes #3247
Set default value to radius_protocol during upgrade, it should fix #3226
Fix 'Packet loss rate' and 'Bucket Size' range checking
added favicon to logged in pages
Merge pull request #818 from jdillard/master
Needs parens
Remove newsyslog cron job on upgrade, if present.
Add upgrade code to change the DHCP next-server value to nextserver since it was renamed sometime in 2.1 but upgrade code didn't follow.
Add upgrade code to change the DHCP next-server value to nextserver since it was renamed sometime in 2.1 but upgrade code didn't follow. Also shuffle the upgrade code blocks a bit since we need these on 2.1.x and nobody should be on 2.2 yet, so the impact should be minimal to renumber the one bit specific to 2.2.
Perform a much more accurate comparison between two certificates to determine if they are identical when checking their revocation status. Fixes #3237
We do not use nor include newsyslog, so remove the cron job.
Remove this check, the value can be 0 here if the target is the first item in the array.
Replace pfSense with the rebrand
Now that doc.pfsense.org does https and redirects http to https, we may as well send the help links to the https destinations.
use (self) instead of any for web lockout
use (self) rather than any as the destination for the lockout rules
Fix display of pools in the LB status widget and on the LB Virtual Server status.
Merge pull request #815 from marcelloc/patch-1
fix pkg_edit.php to show interface description instead of interface name
Patch applied manually. Fixes bug #3245 and old interface names
Merge pull request #814 from phildd/master
Traffic graphs widget has old interface names
Fixes bug #3245
Fix codel not being applied on non-priq queue types
Fixed typo in CoDel wiki link
Remove redundant copies of getNasIP(), it should fix #3234
Merge pull request #812 from irconan/master
Minor CoDel fixes, fix #3239 and #3240
If rc.newwanip is run on an interface that should not have an IP address, do not take any action.
Merge pull request #811 from Scavy/patch-1
Patch to include GratisDNS as dynDNS service
Update to include GratisDNS dynDNS service
Merge pull request #810 from ExolonDX/branch_04
Update "status_rrd_graph_settings.php" XHTML
Merge pull request #809 from ExolonDX/branch_02
Update "status_rrd_graph.php" XHTML
Merge pull request #808 from ExolonDX/branch_01
Update "pkg_edit.php" XHTML
require service-utils.inc for find_service_by_openvpn_vpnid()
Add missing td
Remove use of undefined var $conn and fix some td class
Close INPUT tagsUpdate HTML Boolean operatorsUpdate TABLE tag with summary statement
Update SCRIPT statements with CDATAMove the close HEAD statementMove the FORM statement outside the main tableClose INPUT tagUpdate HTML Boolean operatorsAdd closing table cell (TD) and table row (TR) tags so that the rows are...
Update HTML Boolean operator
Merge pull request #806 from ccesario/master
Set network interfaces description as interface name.
Make sure no extra spaces end up in the parsed IP, it can lead to issues in other places (Easy Rule, etc)
Respect default gateway option when adding a gateway from interfaces page. It fixes #3230
OpenSSL does not like country codes longer than two letters, so remove these entries that are not actually country codes.
Allow multiple valid time servers to be entered in the wizard, as they are allowed under System > General
Add patch from Ermal to fix ifconfig error on gif in certain cases.
Include the CP zone in the form parameters if one is defined. Fixes access to concurrent graph on zones other than the first/default.
Fix CP stats generation for concurrent users. Fixes #3225
Prevent assigned vlans from being changed the tag.
Fix #3218, reaload filter rules when activate or deactivate dhcpdv6
Make this name a little more general in case we decide to have multiple similar files.
Alix 2D6 crashes upgrade process withou out of diskspace
Updating the the RRD graphs causes two copies of each RRD's XML file to be stored in /tmp.
On Nanobsd, the default /tmp size is 40mb. It doesn't require very many RRD XML dumps before this is exhausted.
Certificate Manager, for 'Create an internal Certificate' use the correct 'Digest Algorithm'
Merge pull request #795 from razzfazz/ia-pd-hint
add option to send prefix hint for requesting desired prefix length for delegation (for master branch)
Fix ufslabels.sh logic to avoid trying to convert slices which are already using appropriate labels. Fixes #3207
Switch to rw mode before file operations on RFC2136 cache. Fixes #3201
Merge pull request #803 from PiBa-NL/outboundnat_disable_checkbox
outboundnat, disable rule checkbox
outboundnat, disable checkbox
Merge pull request #802 from Xon/patch-1
Alix 2D6 crashes during 2.1 upgrade process with an out of diskspace error
Set action = pass for configured mac addresses on CP passtrumac
Remove unecessary blockedmacs db and read it directly from config
Convert mac address to lowercase when saving to avoid duplicates. It fixes #3195
Do not allow local mac address to be added to passtrumac list in CP. It fixes #3122
Fix php short tag opening and silent php -l
Remove call-time pass by reference from traffic shaper files, it should fix #2565
Remove call-time pass by reference for do_input_validation, helps ticket #2565
Do not add a ipfw rule to block mac since auth can take care of block or redirect it
Redirect blocked macs to desired URL or show an error message
Add a redirect url option to blocked macs
Make sure db doesn't exist when start to configure macs
Delete the old mac when action changes, not the current one
When block a MAC address, add it to a DB to make it possible to redirect it to a URL
Add action to auto created passtru mac rule
Remove unused variable $macdb
Make captiveportal_passthrumac_delete_entry() return rules instead of execute them as other similar functions do
Use same tab name on all pages
Change 'Pass-through MAC' tab name to reflect current reality
Add actions (block or pass) to Captive Portal passtrumac
s/BSDP/ESF/
Make sure to account for IP aliases on lo0 here, or they get duplicated on each CARP sync
Include CA in generated .p12 file. Fixes #2147 the way it was originally intended.
No need to treat PHP errors as a crash on -RELEASE for now.
This broke correct detection of primary/secondary -- the person in that thread may have had some other config issue, but this broke working/valid configurations. Revert "Correct check to match the right vip based on configured ip. Reported-by: http://forum.pfsense.org/index.php/topic,66234.0.html"...
Fix didn't help -- backing this out and the change that made it necessary. Revert "Correctly check the secondary/primary parameter setting on dhcp failover configuration"
This reverts commit 24670866827b4e2d7a4a05baaf6d09ee377ce7cb.
Simplify the update URL definition in globals.inc and add some comments to it.
Fix update URL so the -RELEASE version looks at the stable updates URL by default rather than the snapshots server.
Update an existing cron entry for pppoe periodic resets
The array variable name was incorrect in the test, so the existing cron entry was not being matched. Fixes #3192
Merge pull request #801 from phil-davis/master
Require IPv6.inc header so that if ipv6 functions are called no surprises arise
Leave a trace that rtsold did fire the dhcp6c client so troubleshooting is easier
Do not include disabled OpenVPN in vpn_networks and negate_networks
Correctly check the secondary/primary parameter setting on dhcp failover configuration
Correct typo that prevents dhcp rules from properly being generated.
Merge pull request #800 from phil-davis/master
the time has come - bump to 2.1-RELEASE
Fix errant display of "0 table deleted" during filter reload on console.
Remove unecessary capitalized WARNING from disabled APC message
Test growl whether or not growl is disabled.
Do not sync DHPCv6, it must operate independetly. Ticket #3184
Remove failover peer IP settings from DHCPv6, DHCPv6 doesn't support failover the way that DHPv4 did. Fixes #3184
Disable kill_states by default on upgrade, it fixes #3183
Fix #3127
By default htmlspecialchars does not consider single quotes, what can bea problem when value attribute is set using it. Replace value attributeset to use double quotes on places where it's obviously recieving aresult of htmlspecialchars() call.
Allow for easier override on $g values if needed.
Correct check to match the right vip based on configured ip. Reported-by: http://forum.pfsense.org/index.php/topic,66234.0.html
Ticket #3181 do the state flushing only on down gateway detection rather than any time.
Revert "Revert back the behaviour to cleanup all states for 2.1 Fixes #3181 and related to Ticket #1629. This commit is only for 2.1 since on master development will continue for better alternatives"
A bit too excessive need to get right.
This reverts commit c59dd719e0a6d9ee8deecaa7bff0d6ee8c76e4ca.
Ba-bump-bump.
When the v4 wan is dynamic and v6 is type dhcp and v6 information is retrieved through v4 link than trigger dhcp6c reconfiguration.
Actually the / here is not needed.
Related to Ticket #3045 avoid races in the ntpdate_sync_one script due to killall returning without the process really exiting.
Introduce two new functions to be used on locking.
- try_lock: used for trying to get an EXCLUSIVE lock for a specified timeout by default of 5- unlock_force: which just releases any locks held on a specified lock
Use this new functions on rc.openvpn to avoid spurious stale locks around.
Add safety belts to code in rc.openvpn to avoid php errors to leave stale locks around
Make the operation of saving old rule nearby the writing operation to be logical to spot
Sprinkle some unsets to reduce footprint and correct some whitespaces
filter_generate_port error log function name
Absolutely minor adjustment to make the error log message refer to the new function name.
Merge pull request #797 from phil-davis/master
Revert back the behaviour to cleanup all states for 2.1 Fixes #3181 and related to Ticket #1629. This commit is only for 2.1 since on master development will continue for better alternatives
Fixes #3173 if any port information exists on the rule than put it on the NEGATE rule generated.
Remove SPD when disable phase2, it fixes #2719
Increased needed memory for APC to 512M + code cleanup
- Increased the needed memory for APC to 512M as we often run into memory problems on our 256M box- fixed the RAM calculation to divide by 1024 and not 1000- code cleanup (renaming variables and creating new to avoid magic numbers)
Merge pull request #786 from individual-it/master
Merge pull request #796 from phil-davis/master
Traffic Shaper GUI text typos
Merge pull request #790 from shahidsheikh/RELENG_2_1
#3174 Added handling of gateway groups in openvpn_restart
Merge pull request #793 from shahidsheikh/master
Fix #3174 Handling of gateway groups in openvpn_restart()
Merge pull request #794 from phil-davis/RELENG_2_1
Backport get_memory changes to 2.1
Bring back static routes to fix issues reported on Ticext #3179
Fix #3004:
. Create a function to replace strings on deep associative arrays. Use the recent created function array_replace_values_recursive to fix VIP interface names instead of touch config.xml directly
Disable state killing on gateway failure by default for new configs.Clarify the text describing the option while here.
Correct typo on variable name
Fix issue reported on http://forum.pfsense.org/index.php/topic,66160.0.html
Make sure RRD data is restored from backup before upgrading data and a new backup is done after. It should fix #2159
and note the Queue Limit is a number of packets (not packets per second)
Resolves #3177. Do a filter reconfigure if the dynds ipsec hosts are present and being reloaded.
Formats disponibles : Atom