config.xml: use idps-only renater federation
add UnivNautes in version
config.xml: add idp group & firmwareurl
idp: syncdata when federations are updated
config.xml: prepare idp by default (disable but ready)
local idp (beta)
rc.bootup: start idp
idp: management interface
univnautes: custom templates&static (#5570)
Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1
Do not apply bw limits if the setting is not enabled in CP. Though still respect radius attributes for now with this setting. Resolves #4127
Ticket #4053, manually merge improvements on rrd restore handling.
Ticket #4053, manually merge improvements on rrd backup handling.
Actually an interface is detstroyed here no need for this merge!
Revert "Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0"
This reverts commit e5e16cfc962bcc98a06b89574309bc2ef0ed3542.
Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0
Remove debugging code that can lead us to XSS injection, also pass variables through htmlspecialchars() to sanitize
Pass path parameter through htmlpecialchars()
Define a local boolean var for showact to avoid security issues, also pass order parameter trough htmlspecialchars()
Fix logic to find available next number for limiters and queues. It fixes #3998
Add an extra protection to avoid having an empty group created
Do not display the disabled tunnels since they are not needed in the widget. Ticket #3955
Commit the other part of the fix for Ticket #3955
Oops wrong choice the checkbox is only for javascript
Remove redundant code and check for dpd_enable checkbox to be set
Fixup some redirected URLs.
Fixup some URLs that changed.
Standardize quotes in help.php
Don't allow interface descriptions that are strictly numbers as thatgenerates an invalid ruleset. Ticket #4005
fix variable typo
fix text
Make sure empty group or user are not created when editing
Only create missing ssh keys, do not overwrite existing ones. It fixes #4003
Use route command directly rather than trying to make a route search on php thorugh netstat. It Fixes #4000
Oops do the right thing here by passing proper argument rather than breaking the ipsec status page. Ticket #3955
Revert "Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955"
This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.
remove this log, it's never logged anything useful that I've seen, and unnecessarily spams the secondary's system log on every config sync.
hn(4) is ALTQ-capable, mark as such.
Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955
Actually require group name!
Do not do operations for empty group members
Do not do this during boot
Use leftcert for more options on IPsec authentication
Ticket #3967 also sync other vip types that can be synched.
Fixes #3967, properly resolve interface
Set proxy env vars on interactive shell and also on crontab to make all scripts be able to use it. Ticket #3789
Revert "Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured"
This reverts commit 664adf3845cf1df89769bb0ed5fc113048e0912e.
touch up text
Change copyright statement to reflect reality
modify copyright statement to reflect reality
Fix syntax error in CARP status page. Ticket #3967
Restore the CARP parent display in firewall_virtual_ip.php. Ticket #3967
Set this to /8 instead since that's how it's done in stock FreeBSD 10.1. Ticket #3941
Setting an interface's IP to 0.0.0.0 with mask 0.0.0.0 overwrites thedefault route with that interface's link route. Later in dhclient, thatgets deleted and leaves the system with no default route. Using a /32 maskhere works in every scenario I can find, and stops the default route...
Strengthen check
Compare the right things here.
Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Retire flowtable_configure as a useless code since its not in kernel
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Put the new sysctl on the config as needed.
Tighten checks here to avoid overriding the default gw with garbage
Make some more useful checks here
Be sure the same gateway is not processed for v4 and v6
Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361
Ticket 3967, revert upgrade code. Existing 2.2 installs might be impacted
Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent
Ticket #3967. Allow to have carp as parent of ipaliases - continued
Ticket #3967. Allow to have carp as parent of ipaliases
Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.
Make ipsec_starter log go to ipsec.log rather than system one
Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981
show interface name, not identifier
fix text, PPPoE Server, not VPN
add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.
remove unnecessary is_array check, thanks Renato
Don't allow P2 local+remote network combinations that overlap withinterface+remote-gateway of the P1. Fixes #3812
set install_routes=no for charon to avoid the issues noted in ticket
Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990
Make sure target has scope when it's a link-local. Fixes #3969
Check if array is set
Merge pull request #1330 from phil-davis/patch-1
Make sure srcip has scope when it's link-local. Should fix #3969
Remove extra ; and space
Process obsolete files in shell script instead of php
Simplify post_upgrade_command logic and obsolete /usr/local/sbin/cvs_sync.sh instead of removing it on post_upgrade_command
Fix to SMART disk matching
preg_match returns 0 when the string does not match the regex.0 does not "===" FALSESo this check is not always working.preg_match returns 1 when the string matches the regex.IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.
fix captive portal status page display
fix up text
Pass friendlyifname to handle_argument_group, not realifname. Fixes #3984. clean up some text while here.
isset($_GET) seems to always evaluate to true, use something more specific. Fixes use of rc.linkup when run from CLI. Others likely fix similar circumstances, though maybe not ones that are used anywhere.
Disable delete_old_states in dhclient-script. rc.newwanip handles this correctly in 2.2, and this killed states in multiple circumstances where that isn't necessary nor desirable.
don't duplicate $message in CP log entries
When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939
Merge pull request #1319 from phil-davis/patch-1
Merge pull request #1323 from derelict-pf/master
Formats disponibles : Atom