config.xml: use idps-only renater federation
add UnivNautes in version
config.xml: add idp group & firmwareurl
idp: syncdata when federations are updated
config.xml: prepare idp by default (disable but ready)
local idp (beta)
rc.bootup: start idp
idp: management interface
univnautes: custom templates&static (#5570)
Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1
Do not apply bw limits if the setting is not enabled in CP. Though still respect radius attributes for now with this setting. Resolves #4127
Ticket #4053, manually merge improvements on rrd restore handling.
Ticket #4053, manually merge improvements on rrd backup handling.
Actually an interface is detstroyed here no need for this merge!
Revert "Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0"
This reverts commit e5e16cfc962bcc98a06b89574309bc2ef0ed3542.
Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0
Remove debugging code that can lead us to XSS injection, also pass variables through htmlspecialchars() to sanitize
Pass path parameter through htmlpecialchars()
Define a local boolean var for showact to avoid security issues, also pass order parameter trough htmlspecialchars()
Fix logic to find available next number for limiters and queues. It fixes #3998
Add an extra protection to avoid having an empty group created
Do not display the disabled tunnels since they are not needed in the widget. Ticket #3955
Commit the other part of the fix for Ticket #3955
Oops wrong choice the checkbox is only for javascript
Remove redundant code and check for dpd_enable checkbox to be set
Fixup some redirected URLs.
Fixup some URLs that changed.
Standardize quotes in help.php
Don't allow interface descriptions that are strictly numbers as thatgenerates an invalid ruleset. Ticket #4005
fix variable typo
fix text
Make sure empty group or user are not created when editing
Only create missing ssh keys, do not overwrite existing ones. It fixes #4003
Use route command directly rather than trying to make a route search on php thorugh netstat. It Fixes #4000
Oops do the right thing here by passing proper argument rather than breaking the ipsec status page. Ticket #3955
Revert "Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955"
This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.
remove this log, it's never logged anything useful that I've seen, and unnecessarily spams the secondary's system log on every config sync.
hn(4) is ALTQ-capable, mark as such.
Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955
Actually require group name!
Do not do operations for empty group members
Do not do this during boot
Use leftcert for more options on IPsec authentication
Ticket #3967 also sync other vip types that can be synched.
Fixes #3967, properly resolve interface
Set proxy env vars on interactive shell and also on crontab to make all scripts be able to use it. Ticket #3789
Revert "Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured"
This reverts commit 664adf3845cf1df89769bb0ed5fc113048e0912e.
touch up text
Change copyright statement to reflect reality
modify copyright statement to reflect reality
Fix syntax error in CARP status page. Ticket #3967
Restore the CARP parent display in firewall_virtual_ip.php. Ticket #3967
Set this to /8 instead since that's how it's done in stock FreeBSD 10.1. Ticket #3941
Setting an interface's IP to 0.0.0.0 with mask 0.0.0.0 overwrites thedefault route with that interface's link route. Later in dhclient, thatgets deleted and leaves the system with no default route. Using a /32 maskhere works in every scenario I can find, and stops the default route...
Strengthen check
Compare the right things here.
Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Retire flowtable_configure as a useless code since its not in kernel
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Put the new sysctl on the config as needed.
Tighten checks here to avoid overriding the default gw with garbage
Make some more useful checks here
Be sure the same gateway is not processed for v4 and v6
Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361
Ticket 3967, revert upgrade code. Existing 2.2 installs might be impacted
Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent
Ticket #3967. Allow to have carp as parent of ipaliases - continued
Ticket #3967. Allow to have carp as parent of ipaliases
Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.
Make ipsec_starter log go to ipsec.log rather than system one
Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981
show interface name, not identifier
fix text, PPPoE Server, not VPN
add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.
remove unnecessary is_array check, thanks Renato
Don't allow P2 local+remote network combinations that overlap withinterface+remote-gateway of the P1. Fixes #3812
set install_routes=no for charon to avoid the issues noted in ticket
Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990
Make sure target has scope when it's a link-local. Fixes #3969
Check if array is set
Merge pull request #1330 from phil-davis/patch-1
Make sure srcip has scope when it's link-local. Should fix #3969
Remove extra ; and space
Process obsolete files in shell script instead of php
Simplify post_upgrade_command logic and obsolete /usr/local/sbin/cvs_sync.sh instead of removing it on post_upgrade_command
Fix to SMART disk matching
preg_match returns 0 when the string does not match the regex.0 does not "===" FALSESo this check is not always working.preg_match returns 1 when the string matches the regex.IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.
fix captive portal status page display
fix up text
Pass friendlyifname to handle_argument_group, not realifname. Fixes #3984. clean up some text while here.
isset($_GET) seems to always evaluate to true, use something more specific. Fixes use of rc.linkup when run from CLI. Others likely fix similar circumstances, though maybe not ones that are used anywhere.
Disable delete_old_states in dhclient-script. rc.newwanip handles this correctly in 2.2, and this killed states in multiple circumstances where that isn't necessary nor desirable.
don't duplicate $message in CP log entries
When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939
Merge pull request #1319 from phil-davis/patch-1
Merge pull request #1323 from derelict-pf/master
Merge pull request #1326 from phil-davis/patch-5
Fix obviously broken test in rc.initial.setlanip
IMO might as well back-port any obviously wrong code to 2.1 branch, just in case anybody on 2.1.n cares for it or there is a need for another 2.1.n release.
Merge pull request #1320 from phil-davis/patch-2
use a bit stronger of defaults in OpenVPN wizard
Fix WINS description. It's not 1999, and it wasn't a good description for back then either. If you're running WINS at this point on your AD DCs...get rid of the Win 9x boxes, or realize you don't actually need or want WINS on anything Windows 2000 and newer.
Fix updating of hosts file on host override updates by bringing back the same behavior from previous releases.
skip disabled phase 1 entries in status output
fix NAT-T status. The 'nat' in the status array just tells how the connection is configured, not what it's actually using. Port seems to be the best way to determine what it's using. Fix up some other text while here
use tabs rather than spaces, as most of this already did.
strongswan only has two options for NAT-T, force or auto.
setting nmbclusters to 0 just results in an error, remove unnecessary line
remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years.
fix invalid ipsec.conf
clean up text
Use a better method of finding disks for SMART.Old code was inaccurate and also listed entries that were symlinks to other disks
Restore 3 values back on NAT-T settings Just Enable now its Auto as per strongswan default. and off disabled mobike. Ticket #3979
Rename the options to actually make sense with strongswan
Remove Force options since it has not meaning for now.
fix comment
Catch some more sensitive info when sanitizing.
Merge pull request #1329 from phil-davis/patch-3
Fixup dhcpd interface enabled check
Fix console set interface IP address
Problem as per forum https://forum.pfsense.org/index.php?topic=83651.0The problem comes whenever services_dhcpd_configure is called - the global $config gets reset from the actual current config, and any pending changes in the current process are lost....
Merge pull request #1328 from wagonza/master
Fix indent
Revert "Indent better"
This reverts commit a431bfc9e698c753d9a54218af9076184deb6251.
Make sure defaults values are actually used. Fixes #3974
Merge pull request #1327 from wagonza/pfSense-master
Indent here as well
Indent better
Be consistent with the other pages
Add braces
Merge pull request #1324 from phil-davis/patch-3
Set interface address from consol tidy output
While trying to see why this is not working for me (forum https://forum.pfsense.org/index.php?topic=83651.0 ) I have fixed some little things:1) Get the new-lines right so the output of the restarting looks neat...
Correct dispaly of checkboxes for ipsec
Properly configure NAT Tranversal setting.
Remove debugging code
Properly test if FCGI is calling or are being triggered from shell. Normally Fixes #3361
Fixes #3938. Do more error checking.
Fixes #3941. When optimizations of the loops were made this brought the problems of overriding default gateway by dynamic interfaces. Try to stick to the first found for now!
clarify logs generated by newwanip(v6) when restarting packages, it's not only IP changes that end up here (by design).
s/a/an/ and speling.
s/then/than/
Fix two more instances of rrd.tgz renaming.
Fix getext to gettext typo
More gettext typos
fix typoed gettext
Kill states associated with the old WAN IP when WAN IP has changed. Retainhidden config option to wipe all states on IP change, as there seemed tobe circumstances where the 'pfctl -k $oldip' didn't suffice for others(much of history in redmine ticket, some on forum and elsewhere). ticket
Allow accept_unencrypted_mainmode_messages to be enabled if needed
only kill all states if the IP changed. ticket #1629
config.xml: better examples for blacklists
css: red messages !
blacklisted people cannot see homepage
update-geoinfos: use shutil.move (cross-device mv) (#5831)
Hide burst for limiters, since it doesn't do anything. more details inticket #3933
fix next_url cookie, don't store "None" (#5819)
redirect after login: organize options page
config.xml: add example of local federation
config.xml: add default blacklists (empty, commented examples) (#5820)
Fix a typo on array index, related to ticket #3963
fix default blacklists (#5820)
fix utf8 for local metadata (pfsense use iso8859-1)
update-metadatas.py: fix local metadata system
pluralize: whitelistS and blacklistS
FreeBSD fails to set advskew back to 0 after you set it to any othervalue. That's a separate issue that needs fixing upstream, but in the meantime, we can work around it by removing all CARP VIPs in the same way wedo when "Temporarily Disable CARP" is chosen before adding them all back....
Remove redundancy as pointed out by phil-davis
Decode recently created cert and key. It fixes #3964. While here, fix logical condition to create a new cert if crt or key is not present
Add option to kill all states on IP change, currently a hidden option for more testing. ticket #1629
Merge pull request #1317 from phil-davis/patch-1
Merge pull request #1297 from phil-davis/patch-23
useless code removed
redirecting user after login: to a specific url or to one requested by him
Closes #5574
Back to use listr instead of vncellt since it has small fonts and mitigate changes of go outside the sidget. It should fix #3937
Simplify logic
Remove unecessary variables
Whitespace and indent
fix ping_hosts.sh to not ping IPsec if CARP is in backup
tiles url can be specified in SP params
Closes #5579
consolidate local metadata system (#5568)
federation's metadata raw content can be added
Closes #5568
domain and search should not both be defined in resolv.conf per FreeBSD man page and handbook (only the latter is actually used). Change this to just not use domain, and set the search to the system's domain where not using the function that generates the search list for dynamic WANs.
Enable unity plugin as per request from https://forum.pfsense.org/index.php?topic=79737.msg452808#msg452808
Warn if attempting to import IPv6 range
There is currently no code to convert an IPv6 range to a set of corresponding IPv6 subnets, so warn the user if they attempt that from the alias bulk import GUI.
Support converting an IP range to an array of addresses
so that it can be used for expanding ranges in host alias input.
Expand range or subnet for host alias
When entering a host alias, if the user put an IP range (like 192.168.0.10-192.168.0.20) or a subnet (like 192.168.1.200/29) then expand it into a list of individual IP addresses. Check that it will not make too many rows to exceed the existing 5000 row limit on the GUI....
Merge pull request #1312 from phil-davis/patch-8
Merge pull request #1313 from phil-davis/patch-9
Add support for mac addresses blacklist
Closes #5572
Closes #5571
Add support for nameIDs blacklist
Interface: add a page to configure blacklists
www: factorise saml tabs in a function
Prevent Internal Server Error if range is backwards
Teach the certificate generation code how to make a self-signed certificate, andchange the GUI cert generation code to use it. Also, move the GUI certgeneration code to its own function so we can add a GUI option to regenerate itlater. Also use some more sane defaults for the contents of the default self-...
Encode values before displaying them back to the user in notification settings
Encode values before displaying them back to the user in notification settings.
remove the command number shown in the shell prompt, it's a pointlesswaste of screen space
Fixes redmine #3950 - ip_range_to_subnet_array can easily swap the input parameters if the caller has passed/entered them the wrong way around. That is both friendly to the caller and ensures that a hostile caller can't blow up the routine....
+ is a valid character in some dynamic DNS providers' usernames. Fixes #3912
hostnames can end with a . (and actually always do, it's just usually implied), so allow that here. Fixes wrong input validation in parts of nsupdate GUI, among other things.
Merge pull request #1306 from phil-davis/patch-3
Let user decide if he wants to proceed to the upgrade when sha256 fails to download. Fixes #3576
h-node should be 8
Underscores are valid characters in domains. Fixes #3219
Ticket #3932 For more than 100 entries create pipes in line with the rules file to speedup the process
Merge pull request #1310 from phil-davis/patch-6
Merge pull request #1311 from phil-davis/patch-7
Fix the log widget to lookup hosts by DNS using a link rather than AJAX. Quick fix for now. Ticket #3829
Add command line script to generate and activate a new GUI certificate.
Fix descriptions and cn on generated GUI cert to be consistent.
Reintroduce the vfs.forcesync systl
Merge pull request #1309 from phil-davis/patch-5
Tame the poodle. Disable SSLv3.
Manage dhcpleaseinlocaltime consistently
dhcpleaseinlocaltime is actually a global setting, but the setting is stored per-DHCP-enabled-interface.The display code in status_dhcp_leases already sorts this out - if any interface has the setting enabled then the displayed lease times are adjusted to local time....
Provide an edit button for static mapped entries
As suggested in forum https://forum.pfsense.org/index.php?topic=82883.msg0#newInstead of a non-functioning red plus icon, show an edit icon for static mapped entries, and take the user to services_dhcp_edit page if it is clicked. IMHO this makes it much easier to correct things that are noticed when viewing the Status, DHCP Leases display.
Whitespace in status_dhcp_leases.php
Fix #3935 Properly allow WAN without LAN
Was broken by https://github.com/pfsense/pfsense/commit/bd0b5d2dc7a279d3473a65a11d67efb5e39392be
rename interfaces_carp_setup to interfaces_sync_setup and call it during bootup since it does not only relate to carp interfaces.
Fixes #3727 Do not unset ondemand for ppp type interfaces since it is controlled here only for pppoe/l2tp
Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured
Fixes #3213. Allow up to 2900 limiters. This was set to 30 since limiters are to be controlled by mask and not created manually!
Make proper check here
Teach the certificate generation code how to make a self-signed certificate, and change the GUI cert generation code to use it. Also, move the GUI cert generation code to its own function so we can add a GUI option to regenerate it later.Also use some more sane defaults for the contents of the default self-signed certificate's fields so it will be more unique and less likely to trigger problems in browser certificate storage handling.
update comment to reflect breakage caused here and reference associated redmine ticket, not high priority, can be fixed later
block IPv4 link-local. Per RFC 3927, hosts "MUST NOT send the packet toany router for forwarding", and "any network device receiving such apacket MUST NOT forward it". FreeBSD won't route it (route-to can override insome circumstances), so it can't be in use as a real network anywhere with...
Fix PSK for non-ascii also here, ticket #3917
Fix initial console menu layout, it fixes #3884
Improve IPsec status page for mobile. It fixes #3917
Add missing gettext call
Add missing gettext calls
Fix indent and spaces
Does not accept non-ascii characters on IPsec PSK. It fiixes #3931
Close this form early since there is another form below
snmp: update SNMP ucd to work with univnautes 2.1
Closes #5566
univnautes.js: move idp link outside the button for Fx
Closes #5678
update input_error description after changes for ticket #3491
Properly set MTU for lagg interface, it fixes #3922
Make sentence more accurate as pointed out by phil-davis
GIF interfaces MTU must be something between 1280 and 8192, make the correct check. It fixes #3927
Merge pull request #1308 from phil-davis/patch-4
fix up text on sys_adv_misc
fix text and descriptions in GRE edit page
s/removing/omitting/g for gateway monitor log entires. "Removing" is not necessarily correct, there are many circumstances where this runs where it wasn't there to begin with, and is potentially misleading.
Fix pf syntax s/divert/divert-to/. It should fix #3921
Ticket #3860 Correctly display SMTP SSL TLS boxes
After using the "Test" button, $_POST['smtpssl'] and $_POST['smtptls'] was 'on' or null - this got blindly copied back into $pconfig[] and resulted in the state of the SSL/TLS/STARTTLS checkboxes not being redisplayed....
Fix an error introduced in bd0b5d2dc7 that makes system believe interfaces always mismatch
Remove the minimum NIC warning, this dates back to when minimum 2 NICs were supported and it made sense to throw this message at people. It's obvious a network appliance requires at least one NIC.
Update the URL for snapshots update
Be more strict when checking if olsrd is enabled, otherwise when package is deinstalled and configuration is kept dhcpd will consider it's always as enabled
Support up to 4 DNS Servers in DHCP
Add an option to restart php-fpm from console
Fixes #3909 Properly report and detect carp_status
Remove function that is not implemented properly. Nothing seems to use it.
Merge pull request #1303 from PiBa-NL/carp_without_matching_subnet
Merge pull request #1304 from sselph/powerd_normal_mode
Merge pull request #1305 from phil-davis/patch-2
Fix not rules for OPTn network case
Reported in forum https://forum.pfsense.org/index.php?topic=82319.0The "if (is_subnet($src)) ... filter_address_add_vips_subnets" code needs to go outside all of the if that checks for opt interfaces (not just in the else part). That makes filter_address_add_vips_subnets get called in all cases, including when optn network is specified. (line 2264, 2265)...
Add powerd normal mode flag (-n)
Make proper check if IP address is configured on another interfaces and ignore current one. It fixes #3807
get back to our standard RFC-defined capitalization of IPsec
CARP, allow carp ip to be outside interface and alias subnets (FreeBSD10 feature)
Merge pull request #1300 from jean-m-cyr/master
Merge pull request #1298 from PiBa-NL/vips_sort
firewall_virtual_ip make the table sortable remove double tfoot, but use 2 tr inside.
Remove stray 'i'.Reported-by: https://forum.pfsense.org/index.php?topic=82393.0
Fix up NTP status page formatting
Number of columns is not the same for all table rows
firewall_virtual_ip make the table sortable
Spelling
Merge pull request #1295 from phil-davis/patch-21
Clarify bracketing
to minimize risk of a problem when adding code here in the future.
Allow extended alias inputs #3890
Currently if you enter a space-separated list of subnets in the IP address box when entering an alias, the code reports that the data is invalid. But it does actually expand the list of subnets into multiple rows, and enters the various subnet CIDRs into the CIDR column for the user. The user can press Save a second time and the data is now valid so the code saves it happily. This is rather odd, as reported in redmine #3890....
Merge pull request #1294 from phil-davis/patch-19
Merge pull request #1293 from phil-davis/patch-20
firewall_aliases_edit UI text changes
If type URL Table then the heading "Description" on the 3rd column gets suppressed (I am not really sure why that is, since the description data entry box still appears - I guess someone intended that the data entry box itself also be suppressed, since URL Table takes just a single line entry, the overall description of the alias should be enough - no need for a per-line description.)...
Minor fixes to firewall_aliases_edit
for 2.1 branch
Merge pull request #1292 from phil-davis/patch-18
Remove useless check for alias description matching an interface description
While looking at other checks in the code I noticed this check. It was not effective anyway, because the first line inside "if ($_POST)" below doesunset($input_errors);which undoes this check anyway....
Be more strict on removing groups checking group id and group name, it avoids issues like happened to users on ticket #3856. While I'm here, replace GET by POST
Be more strict on user removal checking array id and also username to avoid removing wrong users when browser back button is used. It should fix #3856
Merge pull request #1290 from jean-m-cyr/master
Remove also old unbound startup script
Support IPV6 in unbound.conf
IPv6 addresses are not included in unbound config and access list
Merge pull request #1289 from jean-m-cyr/master
outgoing ip incorrectly set in unbound.conf
DNS resolver outgoing IP interface IP address is incorrectly set to thelast inbound interface IP address... fix it.
Remove unbound files, menu and service during config upgrade, otherwise things can go really bad with functions redeclared un base and package unbound.inc and config corrupted when upgrading from 2.1.x with unbound installed to 2.2. PBI and package section are both removed later during package upgrade
Merge pull request #1288 from brunostein/fix_button_close_info_box
Fix close button in the info box
Merge pull request #1287 from jean-m-cyr/master
Provide a toggle for apinger debug messages to be logged to syslog. To help with roubleshooting issues
NTP Service GPS page always reverts to 'Custom' GPS type
Remember and correctly display GPS type setting
Add a note clarifying the usage of OpenVPN's Auth Digest setting.
Make sure unbound user and group is also created during upgrade config
Provide upgrade config code to migrate unbound settings from 2.1 package to 2.2 base. Bump config version to 11.1. It fixes #3880
Merge pull request #1286 from jean-m-cyr/master
NTP server configuration does not highlight selected interfaces
Missing explode of selected interface list prevent logic from working.
Add a more obvious note about the use of WAN interface on group rules.
Obsolete recently removed jquery files
Apply previous progressbar customizations for jquery-ui 1.11.1
Update jquery-ui components to 1.11.1, it fixes #3879"
Add missing <form> and require filter.inc for filter_configure()
Do the proper action if Apply button is pressed even on the preshared keys page
Recent versions of miniupnpd does not accept IPv4 address anymore, use interface name always. It fixes #3874
Allow hostname to start with '@.' for namecheap. It fixes #3568
Check if there are leases to show, it fixes warning when $mobile['pool'] is empty or not array
logout view: disconnect from cp
Correct evaluation for "Acct-Interim-Interval" from RADIUS
Setting "Acct-Interim-Interval :=600" in FreeRadius2 evaluates to 'random' values with PfSense 2.1.Possibly a bug related to:https://forum.pfsense.org/index.php?topic=60079.0https://forum.pfsense.org/index.php?topic=60262.0
Merge pull request Bug #1285: Metadata namespace definition from dariomas/patch-1
add cp_disconnect command (php)
auth.py: fix import django settings
homepage.html: dont use <button>
update-whitelists: dont use ipfw_context
add manage configxml
Do not call write_config() when click on Apply Changes because it was already done and it causes dhcpd to restart one more time on secondary nodes. It fixes #3797
fix syntax
Do now call write_config() when click on Apply Changes because it was already done and it causes dhcpd to restart one more time on secondary nodes. It fixes #3797
Update jquery to 1.11.1
www/services_captiveportal_saml_*: use rc.sh actions
rc.sh: add syncwl action
update-whitelists: use table 42
ipfw_context_list.py (just for the record)
config.xml: no whitelist in firewall
captiveportal.inc: (re)add table 42 for whitelist
whitelist in firewall does not work...
services_captiveportal_zones.php: direct links to saml tabs
Revert "captiveportal.inc: add table 42 for whitelist"
This reverts commit 82baf4a83e1031566bff16b51798695246f488aauseless on UnivNautes2014
update-whitelists.sh: to php, with love
rc.sh: paralleliez syncdata
config.xml: whitelists aliases
minicron for update whitelists
update-whitelists.sh (funny, isn't it ?)
Fix typos
Restore id for cancel button to fix js error
Add a basic command line password reset script.
While I'm touching this file, replace GET by POST
manage prepare-whitelists
Deduplicate <form>, fixes #3864
captiveportal: dont redirect 443/tcp
It's time to move to 2.2-BETA
Merge pull request #1284 from phil-davis/patch-17
Merge pull request #1283 from phil-davis/patch-16
Fix #3866 Firewall Log Filtering
on master
on 2.1 branch
Correct speeling as reported by: Phil Davis via github
Merge pull request #1282 from ExolonDX/branch_master_06
Merge pull request #1281 from ExolonDX/branch_master_05
Merge pull request #1280 from ExolonDX/branch_master_04
Merge pull request #1279 from ExolonDX/branch_master_03
Merge pull request #1278 from ExolonDX/branch_master_02
Merge pull request #1277 from ExolonDX/branch_master_01
pfconfigxml: add get_whitelists()
captiveportal.inc: add table 42 for whitelist
use rc.sh with mwexec_bg()
config.xml: stop lan by default (ooops)
rc.sh: start/stop crons
add clearsessions-pf.sh
update settings
clearsessions-pf manage command
add cp_get_sessions script (php)
Tidy up "status_rrd_graph.php" XHTML
"id" attributes cannot start with a numeric character, so change "8hour" to "eighthour" and "4year" to "fouryear".
Tidy up "diag_dns.php" XHTML
Tidy up the "=" sign properly!Remove "=" sign from INPUT tagChange alignment to the "middle" of the TD tagAdd missing closing FONT tag
Tidy up "gateways.widget.php" XHTML
Remove invalid "summary" attribute from TD tag
Tidy up "interfaces.widget.php" XHTML
Remove duplicate closing TR tagDIV tag cannot be enclosed in a B (bold) tagChange class and style
Tidy up "pkg_mgr_install.php" XHTML
While using the widescreen theme, when you update the firmware or add anew package the TEXTAREAs are side-by-side which doesn't look neat.Add BR tag between TEXTAREA
Tidy up "fbegin.inc" XHTML
"id" must be a unique attribute.
Remove almost all calls to history.back() and make Cancel button back to HTTP_REFERER, there are a couple of places I didn't touch on this commit because it requires more work
This really does not need the =
Remove wrongly used type
Ooops restore this
Inverse the sense of the toggles to avoid configuration upgrades
Actually use the new toggles
Provide Advanced Options for controlling rekey and reauth, might be usable with iOS devices
Only for movile users
Provide a first implementation of EAP-TLS authentication with IKEv2. It is a start and might not work on all cases
Make this work properly and not throw out errors.
Replace GET by POST on system_usermanager.php and make necessary adjustments on necessary pages. It fixes #3856
Back to referer instead of hard coded system_usermanager.php since this page is called from other places
Add a function to redirect to a page passing parameters through POST
Add a cancel button for user and group edit page
Fixes #3666. Set the sysctl net.inet.icmp.reply_from_interface to 1 to use the incoming interface to send the icmp reply from. It uses another part of patch to pf to undo NAT if it was already performed before
Add security priviledge for new page
Get rid of the /
Actually do not refer with Name but just pool
Do not let the user mess with SAs from this page. The daemon and primary status page handles tat
Provide a page on IPSec:status t check the leases to mobile clients
Show friendly names
Remove extra char
Correct widget displaying of status for tunnels
Properly display number of mobile users
Fix path to xml and make sure the parser will see the custom tags
Add pages missing from the Status > Traffic Graph privilege that are required for the full page to load
Display all new information on ipsec:status and also fix displaying of some previous statistics
Merge pull request #1260 from DasTestament/master
Merge pull request #1274 from phil-davis/patch-13
Merge pull request #1275 from phil-davis/patch-14
Standardise size of Duplicate Slice button
The Duplicate Slice button currently is displayed in smaller text and in a row of its own, separate from the row above that has the rest of the "Duplicate bootup slice" text and slice selection.This change puts the button in the same row as the slice selection and text, and makes the button text be the same size as the text in other buttons on this page....
Try to make the ipsec widget usable again
Make use of the xml output from stroke leases command
Change is_port() to only validate a single port, we have is_portrange() for specific cases. Make necessary adjustments after check all is_port() calls. It fixes #3857
Delete IP Alias on CARP VIP interface on secondary node when it's deleted on primary. It fixes #3855
Fix operator
Return something meaningful until the widget is made to work correctly
Remove racoon references
Remove all remnants of racoon from log page
Correct status.php for new ipsec
Remove traces of older implementation still present
Put some tuning on number of half open connection possible in one time.
Provide some parallellizm on the IKESA lookups for heavy loaded boxes.
add cp_allow script
auth.py: send cpzone to cp_allow
system.inc/lighttpd: add X-pfsense-cpzone header
saml/post_form.html: force Send button
settings.py: TEMPLATE_DIRS disabled by mistake
Actually roll this back since it was a testing glitch
Also here be more strict on checking to return proper result. (some missed from previous commit)
Also here be more strict on checking to return proper result
Put some more statistics and the user that gets connected now that we can
Merge pull request #1273 from fsSnowboard/master
Make sure dhclient is not running before start it, it fixes console interface setup when interface is using dhcpv4. It should also help #3482
Implement a function to kill dhclient process, sometimes it takes a little time to die, so use a sleep(1) there
find_dhclient_process() returns an int, not string
Be more explicit
Correct log prepending value
Some device names are bigger now (eg vtnet, ixgbe, cxgbe)
Correct generating loglevels for startup through ipsec.conf
Fix minor typo to name and port range
Typo on the name of the FaceTime shape rule, and missing 1 from GoogleTalk port range.
Fix guess_interface_from_ip() to account for differences in netstat output. Fixes #3853
Blah unconditionally set rightsourceip per https://forum.pfsense.org/index.php?topic=80300.0 Until pools can be supported properly.
handle user_login_callback (attributes, call cp_allow..)
add messages in base.html template
Import fix for http://bugs.jquery.com/ticket/9521
As pointed out by Ermal, VIPs should go first in the list since NAT is first match. Ticket #983
igmpproxy param -d doesn't like the space before optarg. Fixes #3852
Ticket #3826 correct point number 2) by showing not connected tunnels in the end of the status page
Fixes #3664, actually make sense of this function to work properly
Improvements on interfaces_assign.php:
- Let user select network port to add instead of pick the first available, it fixes #3846- While I'm here, drop GET and use only POST
Fixes #3823 Properly parse auth tags as variables
Convert this block into a function for later use
Remove unecessary var initialization
Replace mwexec() by unlink_if_exists() and respect global tmp_path
Fix indent and whitespaces
Show properly a setting of any for Identifiers to use in the status page
Adjust states summary for new pfctl -ss output. Fixes #2121
Merge pull request #1271 from fsSnowboard/master
Add more services and reorder
Add following shaping rules:ARMA 3WIIEA OriginGames For Windows LiveCrysis 3DeadSpace 2DeadSpace 3DragonAge2MassEffect3FacetimeGoogle HangoutsTeamSpeak 3VentriloiTunes RadoIMAP/SPOP3/SSMTP/SApple Mobile Sync...
Make sure button 'move to the end' highlight last line
Do not collapse phase2 items every time an action occours
Replace all GET use by POST
univnautes.js: remove console.log
add simple homepage.html
univnautes.css: always use Roboto font
and header is 100% opacity
settings.py: force PickleSerializer for session
urls.py: fix typo
More improvements on IPsec GUI (Ticket #3328):
Mark host as up or down before execute script, then script can use this information.
Submitted by: Jean Debogue <jean@wedebugyou.com>
Remove wrong code left from copy/paste
Use array id to delete phase2, it will simplify changes I'm working on and will commit soon
Change functions from row_toggle.js to work with different field names, keeping the old behaviour as default. This is necessary to have more than one group of fields in the same page
fix menu wrap on non-default themes
pfconfigxml: accept #comments in textarea params
fix menu wrap on pfense_ng and pfsense_ng_fs
config.xml: fix initial geo config
map markers, at least !
update-geoinfos: add idp.name in output
mod_evasive: 64 connections per IP by default
display a map require a lot of connections... :/
rc.sh: launch syncdata (metadata+geo) juste after start
s/id/ID/ for xmlsec1 verification
remove useless file
Improvements on IPsec GUI (Ticket #3328):
Remove uneeded variables
Remove unused variables
Fix indent and whitespace
Fix subnet display for IPsec status. Ticket #3826
id changes every time ipsec tunnel disconnects and reconnect, need to use peerconfig to get correct description. Ticket #3826
www: syncdata when federations are modified
rc.sh: better logging
add get_federations in pfconfigxml.py
add update-metadatas command and script
Revert "config.xml: use edugain metadata provided by renater"
This reverts commit 8bbd18549b2faf8960aff648956566b35053c660.
config.xml: use edugain metadata provided by renater
update-geoinfos.sh = manage geoinfos + lock
update-geoinfos.py: dont print when randomize geos
Merge pull request #1270 from phil-davis/patch-12
Fix traffic graph widget default autoscale
so the radio buttons selection allows only 1 to be selected and the setting is then saved.Forum: https://forum.pfsense.org/index.php?topic=81166.msg
Remove some redundancy and simplify changes made on last commit
Replace GET by POST, it fixes #3833
Fix comment in css
Hide FreeBSD version from sshd banner. It fixes #3840
Do not reconfigure dhcpd twice on secondary after config sync. Fixes #3797
Merge pull request #1258 from yarick123/master
Merge pull request #1261 from CharlieMarshall/improveInter
Remove blank line if only an ipv6 address is in use
Fix match for help pages privileges, it fixes #3777
Merge pull request #1268 from CharlieMarshall/gatewayWidget
improve/tidy up interfaces widget
Do not use regex to check filetype to avoid being wrong since . is a regex metachar. It fixes #3817
fix typo
Merge pull request #1255 from leleobhz/master
Fix indent whitespaces
Fix phase2 removal, p2index points to unique ide and not to array index
Alias name cannot have more than 31 chars, add maxlength here just as an extra check. Ticket #3827
improve look of gateways widget
Fix #3807:
Merge pull request #1267 from CharlieMarshall/fixTrafficGraph
fix display of traffic graph
Remove 'reject' action from filter logs since reject and block are the same on logs, it should fix #3825
Merge pull request #1265 from CharlieMarshall/switch
move if/else to switch for readability
useless import os
get CONFIG_XML path from settings or os.environ
remove obsolete update_geoinfos.py script
update-geoinfos command
reorganize the project (again), all in "sp" app
map: add static tiles
map: proxy in django, lighttpd is crap
add 'base' in INSTALLED_APPS
templates are now in base
use collectstatic
store static and templates in an 'base' application
Take virtual IPs into consideration for automatic outbound NAT rules, it should now fix #983
pgrep parameters are out of order and it also needs -a to find sshd. While I'm here, simplify sh syntax and prevent noise to be printed if pid file doesn't exist
delete the dhcpd.pid file before starting dhcpd. Fixes bug where on rare occasions a stale PID file could prevent dhcpd from starting until it's manually deleted.
use pgrep here instead, previous way could wrongly show SSH as enabled where it isn't.
caref is useless in federation metadata
add update_federations.py script (draft)
add update_geoinfos.py script
sp/settings.py: AUTH params in settings.py
Fix text description for interface mismatch, fixes #3820
Merge branch 'RELENG_2_1' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_1
fix top nav to fit gold in non-default themes
Revert "improve/tidy up interfaces widget"
I pushed it accidentally, will wait a fixed version of the patch
This reverts commit b75192e3bc851e80d6bfd33c12849dbc269039fb.
Merge pull request #1259 from CharlieMarshall/improveInter
Add missing s to solve the issue reported on https://forum.pfsense.org/index.php?topic=80722.new#new
fix #3515
Remove extra noise from rc.shutdown
Simplify a bit ppp-linkup syntax
Fix awk syntax, it fixes #3813
non-css parts of gold menu
Move the fetching of a package's config file and additional files to separate functions, and then have the "xml" package button perform these so that it is not only a redundant copy of the "pkg" reinstall button. This can help ensure a package files are in a known-good state before other actions are performed, in case the deinstall would fail or behave erratically due to other files being missing.
fix spacing in pfsense_ng topnav
fix gold alignment and redirect
Revert "make gold link more visable"
This reverts commit a03943d203441a87ea9c01f383d451dfc921bdd2.
make gold link more visable
Do this check now that hash algos can be empty
Correct the ipsec status pages to show proper information as needed.
Correct processing and assignment on ikeid variable so it does the right thing
Use proper path to setkey now that ipsec-tools are not used anymore
Correct the functions for returning tunnel status to use strongswan status reports
Allow HASH algorithms to be empty for phase2 in case the encryption one is AES-GCM
Add filter.so to list of extensions loaded for 2.2
Do not allow duplicate subnet entries on left|rightsubnet specification since it will blackhole all traffic to that subnet when connection is setup as route
Do not accept proposal out of that configured even for IKEv2 even though there is no possibility in the GUI to set more than one proposal for Phase1 so far.
Restore behaviour as with racoon to trigger tunnel startup from traffic that needs to go into the tunnel. Even related to Ticket #3806.
Do not show errors from trying to delete a socket or similar
Ensure this is always an array to avoid a PHP error from foreach.
Bump version to 2.1.5
rightsourceip must be used with PSK+Xauth.
This is required for PSK+Xauth. I'll commit that clarification in a bit.Revert "Revert "Fix assignment of tunnel IPs to mobile clients.""
This reverts commit 23ba08fc940b711f3b44551199890dc8e28a63b6.
cherry pic from 'hotfix/3347-Certificate_Authority_SAN_names_not_working':
bugfix #3347: Certificate Authority SAN names not working in 2.1
subjectAltName can be set only via configuration file - created three extra sections in openssl.cnf to use in case of existing subjectAltName....
Added filter.so to list of extensions loaded for filter_var() support.
Revert "Fix assignment of tunnel IPs to mobile clients." This normally is not needed since the attr plugin deals with all this.
This reverts commit 00311d6a841c0f6fc162ea11da06569f10220f5e.
Actually disable this plugin for now. It was not really needed for solving the issues with IKEv1
Do not reset source and destination port range values when it's an associated rule created by nat port forward. It fixes #3778
Move dhcp6c log to dhcpd.log, it fixes #3799
Remove double defined 'localhost' on the list of networks to create outbound NAT rules. It should fix #3800
Do not create automatic outbound NAT rule for disabled openvpn servers and clients
Fix assignment of tunnel IPs to mobile clients.
Fix #3798 - 'IPsec phase 2 pinghost is not used if the source IP should be a virtual IP address'
Avoid generating an invalid racoon config if the user specified a mobile pool that is too small.
Avoid a "Cannot use string offset as an array" error if the packages section of the config is missing.
Require click-through POST confirmation when restoring or deleting a configuation from the backup history page.
Do not execute DNS resolution on GET, only pre-fill Host box so the user can press the button to execute. Turn alias creation links into submit buttons for POST. While here, remove some backticks and simplify a little.
Remove javascript alert DNS resolution action from the firewall log view. It was already removed from 2.2, and it's better not to allow a GET action to perform that action.
Do not execute on GET, only pre-fill Host box so the user can press the button to execute. Turn alias creation links into submit buttons for POST. While here, remove some backticks and simplify a little.
Correct this so the dpdaction is created properly as restart
Shorten the wait at "reload" in startup wizard to 5 seconds from 60. That's more than adequate for current systems, no need to make people sit there for 1 minute. Many likely click out via the logo and miss the last screen entirely.
Do a reload on the cofniguration which is better than update. Also let the keyingtries to 3 rather than forever to avoid problems on recovery.
Change the logic of the vpn config generation to make connectivity more stable especially ipsec. Also for IKEv1 just generate the policies and only on traffic start them.
Move the rekey to yes always to avoid issues.
Per the dhcpd.conf man page and other documentation from ISC, mclt must not be defined on the secondary.
Encode interface/VIP descriptions before displaying them on the NTP daemon settings.
Encode interface/VIP descriptions before displaying them on the GRE and GIF pages also;While here, the GRE page was missing IP aliases from its list of bind IPs, add it in.
Encode the detail field of an alias entry before displaying its contents back to the user.
Escape the individual dnsmasq advanced/custom options
Allow to add ipalias vip to lo0, it should fix #3773
Use GPS type presets only to pre-set values then user can change it. After user changes, save type always as Custom to avoid overwriting values when user attempt to edit. It fixes #3782
More non-functional changes to make code more readable
This if is unecessary since input_errors is unset in the line above
Make sure there are not empty options on dst select to avoid creating empty user or group. This issue was introduced by b4e9a4da
Fix select name
Fix input validation logic on diag_testport.php, escape more shell arguments for good measure
Fix #3790. Fix IPv6 Prefix ID check using interface user choose before save
Do not try to rekey for IKEv1.
Use a uniqid() to track phase2 entries to avoid confustion and various mistakes when modifying and editing them.
Fix for #3785 - 'strongswan config being generated with ike SA lifetime set to value of ipsec SA lifetime'
Remove even the config.cache from /tmp to avoid issues while here
Fix #3781 - 'strongswan dpdtimeout value not generated correctly'
config.xml: timezone default is Europe/Paris
config.xml: fix SP configuration (certificate)
Add message about Gold to setup wizard and menu/link to Gold signup.
Fix #3575, do not allow user to set IPs for GRE interfaces on interface edit page.
Fix redirect after editing permissions
pfconfigxml.py: add fault tolerant
Disable bandwidth checks for PRIQ, it should fix #3537
Fix field name that cannot contain spaces, and use displayname
Fix scheduler field name
Fix field name
config federation: add a codename field
config whitelist: hint
config whitelist: add a codename field
Strict checks for number of WANs and LANs on wizard
Fix number of WAN / LAN interfaces detection for dedicated wizard
Try to guess number of WANs
Try to guess number of WANs and LANs
Fix number of WAN and LAN connections check
Just show right type of interfaces (LAN/WAN) on traffic shapper wizards, it fixes #3535
Remove 'multi lan/single wan' and 'multi wan/single lan' traffic shaper wizards, multi lan/wan can be used to replace any of them
Replace exec() and system() calls by internal functions
config.xml: add default whitelist
saml_federation: a federation can be enabled/disabled
config.xml: add default federations, cert, ca
univnautes/sp: views: homepage is just a templateview
univnautes/sp: update settings.py
univnautes/sp: context processor sets "idps" list
univnautes/sp: update templates & static
saml_sp config: add 'defaultidps' param
Fix for bug 3769
Use SERVER_NAME instead of HTTP_HOST env var, it doesn't have port, then it avoids wizard end point to wrong IPv6 address. It should fix #3550
Fix #983 - Add IP aliases subnets to interface subnet macro on GUI, since I'm here also fix not rules for PPTP clients macro.
Concat var before call escapeshellarg
Make dhcpleases use unbound pid when it's configured
Fix shell script syntax, it should fix #3361
sp: first UI parameters in pfsense config
sp/settings.py: some values from config.xml
add whitelists configuration
disable IdP configuration pages
captiveportal/saml: redirect to a SP univnautes
config.xml: auth_method = saml
Merge pull request #1252 from N0YB/XHTML_Compliance_System_Menu
System: Firmware: Settings
Updater Settings Tabsystem_firmware_settings.php
Line 488, Column 43: value of attribute "type" cannot be "input"; must be one of "text", "password", "checkbox", "radio", "submit", "reset", "file", "hidden", "image", "button"...
Detect when protocol changes and invalidate session to get a new cookie with secure flag set according. It fixes #3714
Merge pull request #1247 from DasTestament/master
sp: loaddata after syncdb
secret.key created in /usr/local/univnautes/sp/
rm secret.key, added to .gitignore
rm lighty-univnautes-CaptivePortal-SSL.conf (useless)
sp/rc.sh fixes
add /usr/local/univnautes sp (first draft)
create lighty config for univnautes
Merge pull request #1232 from N0YB/Widget_Gateways
Merge pull request #1235 from N0YB/Mixed_Case_Hostname
Merge pull request #1236 from N0YB/Widget_Services_Status
Merge pull request #1237 from N0YB/XHTML_Compliance_System_Menu
Merge pull request #1234 from agibson2/master
Review all parameters on unbound main GUI, fix boolean params and add missing ones. Also make it work properly with 'apply'
Use the apply trigger for unbound acls to avoid restart unbound every time
Some GUI tweaks on unbound main screen
Improve unbound ACL edit page to use correct classes and jquery.ipv4v6ify.js
Fix acl item removal
Few GUI tweaks on unbound ACL page
Fix multiple issues on unbound advanced options GUI:
- Drop many wrong key assignments to pconfig- Add missing keys to pconfig- Deal fine with boolean parameters- Mark subsystem dirty to require apply button- Drop calls to enable_change()- Remove unecessary js function enable_change()...
Use cron.pid to get pid number and avoid kill minicron processes. It fixes #3757
Allow hostnames in bulk import since they are valid entries in a network type alias.
Merge pull request #1242 from ExolonDX/branch_master_01
Don't use pfsense name in comment
Use $product instead of pfSense when logging the version to syslog
Log pfsense version to syslog after bootup
Fix PHP script closing tag placement.
Fix #3749:
When a full upgrade from 2.1.x to 2.2 is being done, after decompresstarball with 2.2 files, /bin/sh is not able to run a script using syntax'sh scriptname'. Because of that, /tmp/post_upgrade_command and/etc/rc.reboot are not executed ending on an incomplete and broken...
Make sure scripts have necessary attributes and use its shebang line instead of force sh to call it. This will help to prevent or workaround issues similar to #3749 in the future
In some cases, new /bin/sh binary doesn't work properly before reboot during a upgrade, and because of that /etc/rc.reboot is not executed and system doesn't reboot. Source /etc/rc.reboot instead of open a new sh session to avoid it happening again in future versions (ticket #3749)
global_override: federation can be a list in config.xml
idp: none choice for certref
use HTTPS for files.pfsense.org for update_bogons and priv_url in pkg-utils
no () around qlength here
Change Cancel button to call history.back() as done in Firewall Rules, the current method has issues with IE 11, it should fix #3728
qlimit must be included here
Avoid reseting firewall hostname by WAN DHCP. It should fix #3746
Convert almost all /sbin/sysctl calls to php functions
Fix sysctl name
saml => force CP listening on port 443
Add set_single_sysctl(), a wrapper to set_sysctl() to make it simple to set value of a single sysctl
Add get_single_sysctl(), a wrapper to get_sysctl() to make it simple to get value of a single sysctl
CP: add "saml" choice in authentication methods
Remove extra spaces and tabs
Remove extra quote and fix syntax
use HTTPS for dyndns providers that support it
Use a php function rather tan using exec. Suggested-by: garga
use certref/caref instead of refca/refcert
add univnautes section in config.xml
add univnautes in certs.inc
add services_captiveportal_saml pages
Remove all .xml file generated from upgrade since it makes /var full
Add one more seatbelt to prevent tar to attempt to overwrite /dev items
Add missing $g to global, as noted on pull request 1249
Back to cons25 for now since we found some issues with xterm on serial console
un-obsolete gettytab.bak
Also check and verify the package server's SSL certificate if using HTTPS. Issue 484Our current XMLRPC client version doesn't have support on its own to validate this in a way we can use to test in a usable for printing an error message. For now, a cURL query to the XMLRPC URL is used in its place.
More refinements to the unofficial package repository warning ( Issue #484 ) -- Now also shows on Dashboard and installed package list. Cleaned up some code and shuffled things around to avoid unnecessary repetition.
Set proper serial parameters on boot.config and loader.conf for nanobsd without vga
Detect if an unofficial package repository is in use and warn the user. Part of issue #484 (more to go)
Make proper checks to check if we should or not enable serial console
Fix typo on var name
Obsolete ttys_wrap and gettytab.bak
Fix #3647 and other improvements:
- Remove auto_login(), now gettytab is a constant file- Add reload_ttys(), that will send a SIGHUP to init and make it reload /etc/ttys- Change serial speed on /etc/ttys when necessary- Change console and serial auto_login on /etc/ttys when necessary...
Change default console from cons25 to xterm, while I'm here, simplify the check
Stop calling auto_login() here since it's already called inside setup_serial_port()
Stop restoring gettytab.bak since it doesn't exist anymore
Sync etc/ttys with FreeBSD 10-STABLE, change default console for al.Pc and default serial for al.115200
Sync gettytab with FreeBSD 10-STABLE, also reduce customizations, the only difference is al.Pc entry, for Pc with auto login
Remove unused function color()
Delete gettytab.bak and ttys_wrap, they are not needed anymore
globals_override.inc: don't rename pfSense
fixes #3713
Fix #3725:
- Fix match_filter_field() and also simplify logic- Fix $filterfieldsarray initialization- Avoid to have double spaces on filterfieldsarray['act']- Fix filter on Firewall Logs
Merge branch 'UNIVNAUTES_2_1' of ssh://repos.entrouvert.org/univnautes into UNIVNAUTES_2_1
config.xml: default filter rules
config.xml: default cpzone univnautes
config.xml: add default ca and cert
config.xml: dhcpd config
config.xml: hostname is univnautes.entrouvert.lan
config.xml: add aliases
webgui on port 8443 (https)
config.xml: activate snmpd
bsnmp-ucd configuration
/etc/motd: univnautes flavor
new logon.png with univnautes logo
globals_override: product_name=pfSense-UnivNautes
config.xml: lan = 10.42.0.1/16 + dhcpd
add etc/inc/globals_override.inc
add "univnautes" in ascii-art logo
Merge pull request #1244 from phil-davis/patch-11
Add a BETA key for PBI signature check, this will be replaced by the final one before RELEASE. Ticket #3365
Fix dir name
Set default serial speed to 115200 for 2.2, fixes #3715
Fix a regression introduced on 8d6c5f6621 that broke CARP+IP alias
Handle no dhcpd settings when upgrading
This minor fix was in master but not 2.1 branch. I noticed the warning message when doing a fresh install/test of 2.1.4-release. It prevents the warning message:Warning: Invalid argument supplied for foreach() in /etc/inc/upgrade_config.inc on line 3153...
Merge pull request #1238 from DasTestament/master
Add the AESGCM and XCBC on the list of algos availble
Update vpn_openvpn_server.php
Update vpn_openvpn_client.php
Actually use ph1ent ikeid here otherwise will duplicate ids here.
Merge pull request #1241 from Gertjanpfsense/master
Fix dscp values and provide a config upgrade to fix values stored in config.xml. This is a proper fix for #3688
Delete README.md
Update openvpn.inc
Tidy up misc. XHTML
"diag_dns.php" Tidy up "equals sign"
"services_captiveportal.php" Add space to OPTION tagUpdate HTML Boolean operatorClose INPUT and BR tags
"services_captiveportal_hostname.php" Update ALIGN to MIDDLE
"services_captiveportal_vouchers.php"...
Update status_captiveportal.php
Don't ask to select a zone if there is only ONE.
Create README.md
Add local/www to the list of directories that needs to be symlink'd to reduce PBI differences between 2.1 and 2.2
oops, that wasn't supposed to be removed.
Use count($array) where applicable, instead of a $rowIndex increment.
Only include a scheduled rule if it is strictly before the end time
The exact moment of the end time is the end of the schedule. We do not want to include a rule when filter_configure_sync wakes up at 00:15:00 etc and is on a not-slow system that processes this code during the interval 00:15:00 to 00:15:01. This should help intermittent issues with schedules not finishing at the appropriate 15-minute boundary. Might help or fix #3558
Remove extra data after space and fix pf rule syntax. It should fix #3688
bring protocols on NAT edit page more in line with rule edit page
Added verbosity check in case when verbosity_level is absent in config.xml
removed comments
Removed unnecessary "else {";
Merge pull request #1239 from phil-davis/patch-9
Merge pull request #1208 from razzfazz/nat_add_missing_protocols
Merge pull request #1218 from razzfazz/nat_add_missing_protocols_master
Remove also . and / from graph
Fix status_rrd_graph_img.php and also improve it:
- Remove escapeshellarg that broke command line- Only remove dangerous chars to avoid command injection- Replace all `hostname` calls by php_uname('n')- Replace all `date` calls by strftime()- Add $_gb to collect possibly garbage from exec return
Make sure single quotes are encoded and avoid javascript injection
Use CDATA for javascript
Simplify logic, add some protection to user input parameters
Fix whitespaces and indent
We need to allow subdirectories under /usr/local/pkg, here is the proper fix
Replace some backticks by exec ans simplify commands
Remove more backtick abuse
Add -n for 2 remaining sysctl calls, also replace backtick by exec
Add full path for dmesg and replace backtick by exec
Remove more backticks
Set 'Disable webConfigurator login autocomplete' as on by default
Always set httponly attribute on cookies
Change the option for webconfig login autocomplete from opt-in to opt-out, also bump config version and write a function to keep the current status on upgrades
Fix syntax error
Protect servicestatusfilter parameter with htmlspecialchars()
Protect rssfeed parameters with htmlspecialchars()
Add comment I forgot on last commit
Re-generate session ID on a successful login to avoid session fixation
Avoid directory traversal on restorefullbackup
Fix core dump on viewing invalid package log
Remove . and / from pkg name to avoid directory traversal
Remove id=0 from miniupnpd menu and shortcut
Avoid directory traversal when reading package xml files, also check if file exists before try to read it
Make sure variables are escaped, also replace exec calls to run rm by unlink_if_exists()
Remove useless code, variable is set again on next line
Escape parameters passed to shell_exec()
Be more careful with host parameter and make sure it's escaped when call shell functions
Validate starttime and stoptime format
Default values for verb if it is not set when edit
a bit of refactoring
forgot to sync _server.php with _client.php naming style
patchpack1
-Fix #3401 (Added tun option "Disable IPv6" -Added new options: route-nopull, route-noexec, verb;
XHTML Compliance - System Menu
Enforce select option
Create some symlinks inside pbi dir to reduce differences between 2.1 and 2.2 and avoid the need to change a lot of PBI scripts
Make the byte counts on OpenVPN status human readable rather than huge unformatted numbers.
Advanced - Admin Access TabAdvanced - Firewall / NAT TabCert Manager - Certificate Revocation TabUser Manager - Users TabUser Manager - Groups Tab
Remove Status Verbiage. Consumes too much realestate in widget. Status icon without the verbiage is sufficient in widget view.
Hostnames are not case restrictive.
Avoid keeping old files from previous sessions on /tmp/configbak
cf/ dir is removed below, do not need to remove the file here
Fix path for trigger_initial_wizard
Better string check
Merge pull request #1034 from vsquared56/master
Replace Header() calls by lowercase
Merge pull request #1222 from phil-davis/patch-8
Merge pull request #1229 from ExolonDX/branch-master_06
Merge pull request #1228 from ExolonDX/branch_master_05
Remove htmlspecialchars() call for a fixed string.
Bring the code of captiveportal up to speed with its module counterpart requirments
Fix i386 default URL for snapshots
Do not expire already disabled users, it fixes #3644
Fix #3665, show IPSec tunnel description on status page
Fix a typo on variable name
Fix td class
Fix #3702, make sure tunnel inside IP is set when interface changes
remove extra .
Be more precise to match members of a bridge interface, it should fix #3637
Revert "Revert "Fix #3700 and other syntax issues:""
This reverts commit 4cc2ae78d3027c349969437f08a88b1fb88c9de8.
Revert "Fix sh syntax"
This reverts commit cd49f9cd5d21a6592ba690cd315f19266092bee5.
Fix sh syntax
Revert "Fix #3700 and other syntax issues:"
This reverts commit e912bfae186b6b657daf52607f9d027f46be0478.
Fix #3700 and other syntax issues:
- Remove G parameter from pfctl since it doesn't exist anymore Initialize $old_router- Fix sh syntax on variable assign, it couldn't have space before =- Simplify logic- Avoid flush states twice, if it was done on IP change, don't do it...
Do not allow interface group name to be bigger than 15 chars, helps ticket #3208
Populate gateway address field with tilde if there is no address or friendly interface.
This is to match the update data.
Fix gateway widget size change on first update.
Inner table size changes on the first update because the table in update data does not have the same attributes as the widget. i.e. border, cellpadding, cellspacing, style & summary.
Also remove an errant td end tag.
Escape argument on call to is_process_running too, also remove some unecessary mwexec() calls
Add some protection to parameters that come through _GET
Escape this before running.
Tidy up misc. widgets XHTML
captive_portal_status.widget.phpRemove NAME from TABLE tag, not valid in XHTML
carp_status.widget.phpAdd missing closing TD tag
dyn_dns_status.widget.php andinstalled_packages.widgete.phpUpdate TD class to single line
load_balancer_status.widget.php...
Update "pkg_edit.,php"
"custom_php_after_head_command", if the PHP code also containsJavaScript ("squid_auth.xml" for example) then this will cause HTMLerrors, as you are not supposed to have anything between the closingHEAD tag and the opening BODY tag....
Formats disponibles : Atom