UnivNautes

config.xml: use idps-only renater federation

add UnivNautes in version

config.xml: add idp group & firmwareurl

idp: syncdata when federations are updated

config.xml: prepare idp by default (disable but ready)

local idp (beta)

rc.bootup: start idp

idp: management interface

univnautes: custom templates&static (#5570)

Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1

Do not apply bw limits if the setting is not enabled in CP. Though still respect radius attributes for now with this setting. Resolves #4127

Ticket #4053, manually merge improvements on rrd restore handling.

Ticket #4053, manually merge improvements on rrd backup handling.

Actually an interface is detstroyed here no need for this merge!

Revert "Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0"

This reverts commit e5e16cfc962bcc98a06b89574309bc2ef0ed3542.

Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0

Remove debugging code that can lead us to XSS injection, also pass variables through htmlspecialchars() to sanitize

Pass path parameter through htmlpecialchars()

Define a local boolean var for showact to avoid security issues, also pass order parameter trough htmlspecialchars()

Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1

Fix logic to find available next number for limiters and queues. It fixes #3998

Fix logic to find available next number for limiters and queues. It fixes #3998

Add an extra protection to avoid having an empty group created

Do not display the disabled tunnels since they are not needed in the widget. Ticket #3955

Commit the other part of the fix for Ticket #3955

Oops wrong choice the checkbox is only for javascript

Remove redundant code and check for dpd_enable checkbox to be set

Fixup some redirected URLs.

Fixup some URLs that changed.

Standardize quotes in help.php

Don't allow interface descriptions that are strictly numbers as that
generates an invalid ruleset. Ticket #4005

fix variable typo

fix text

Make sure empty group or user are not created when editing

Only create missing ssh keys, do not overwrite existing ones. It fixes #4003

Use route command directly rather than trying to make a route search on php thorugh netstat. It Fixes #4000

Oops do the right thing here by passing proper argument rather than breaking the ipsec status page. Ticket #3955

Revert "Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955"

This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.

remove this log, it's never logged anything useful that I've seen, and unnecessarily spams the secondary's system log on every config sync.

hn(4) is ALTQ-capable, mark as such.

Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955

Actually require group name!

Do not do operations for empty group members

Do not do this during boot

Use leftcert for more options on IPsec authentication

Ticket #3967 also sync other vip types that can be synched.

Fixes #3967, properly resolve interface

Set proxy env vars on interactive shell and also on crontab to make all scripts be able to use it. Ticket #3789

Revert "Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured"

This reverts commit 664adf3845cf1df89769bb0ed5fc113048e0912e.

touch up text

fix text

Change copyright statement to reflect reality

modify copyright statement to reflect reality

Change copyright statement to reflect reality

Fix syntax error in CARP status page. Ticket #3967

Restore the CARP parent display in firewall_virtual_ip.php. Ticket #3967

Set this to /8 instead since that's how it's done in stock FreeBSD 10.1. Ticket #3941

Setting an interface's IP to 0.0.0.0 with mask 0.0.0.0 overwrites the
default route with that interface's link route. Later in dhclient, that
gets deleted and leaves the system with no default route. Using a /32 mask
here works in every scenario I can find, and stops the default route...

Strengthen check

Compare the right things here.

Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size

Retire flowtable_configure as a useless code since its not in kernel

Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp

Put the new sysctl on the config as needed.

Tighten checks here to avoid overriding the default gw with garbage

Make some more useful checks here

Be sure the same gateway is not processed for v4 and v6

Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361

Ticket 3967, revert upgrade code. Existing 2.2 installs might be impacted

Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent

Ticket #3967. Allow to have carp as parent of ipaliases - continued

Ticket #3967. Allow to have carp as parent of ipaliases

Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.

Make ipsec_starter log go to ipsec.log rather than system one

Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981

fix text

show interface name, not identifier

fix text, PPPoE Server, not VPN

add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.

remove unnecessary is_array check, thanks Renato

Don't allow P2 local+remote network combinations that overlap with
interface+remote-gateway of the P1. Fixes #3812

set install_routes=no for charon to avoid the issues noted in ticket

Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1

Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990

Make sure target has scope when it's a link-local. Fixes #3969

Check if array is set

Merge pull request #1330 from phil-davis/patch-1

Make sure srcip has scope when it's link-local. Should fix #3969

Remove extra ; and space

Process obsolete files in shell script instead of php

Simplify post_upgrade_command logic and obsolete /usr/local/sbin/cvs_sync.sh instead of removing it on post_upgrade_command

Fix to SMART disk matching

preg_match returns 0 when the string does not match the regex.
0 does not "===" FALSE
So this check is not always working.
preg_match returns 1 when the string matches the regex.
IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.

fix captive portal status page display

fix up text

Pass friendlyifname to handle_argument_group, not realifname. Fixes #3984. clean up some text while here.

isset($_GET) seems to always evaluate to true, use something more specific. Fixes use of rc.linkup when run from CLI. Others likely fix similar circumstances, though maybe not ones that are used anywhere.

Disable delete_old_states in dhclient-script. rc.newwanip handles this correctly in 2.2, and this killed states in multiple circumstances where that isn't necessary nor desirable.

don't duplicate $message in CP log entries

When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939

Merge pull request #1319 from phil-davis/patch-1

Merge pull request #1323 from derelict-pf/master