config.xml: use idps-only renater federation
add UnivNautes in version
config.xml: add idp group & firmwareurl
idp: syncdata when federations are updated
config.xml: prepare idp by default (disable but ready)
local idp (beta)
rc.bootup: start idp
idp: management interface
univnautes: custom templates&static (#5570)
Merge branch 'RELENG_2_1' into UNIVNAUTES_2_1
Do not apply bw limits if the setting is not enabled in CP. Though still respect radius attributes for now with this setting. Resolves #4127
Ticket #4053, manually merge improvements on rrd restore handling.
Ticket #4053, manually merge improvements on rrd backup handling.
Actually an interface is detstroyed here no need for this merge!
Revert "Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0"
This reverts commit e5e16cfc962bcc98a06b89574309bc2ef0ed3542.
Merge e3cffd6cefc - Properly remove IPv6 carp vips as reported from https://forum.pfsense.org/index.php?topic=84392.0
Remove debugging code that can lead us to XSS injection, also pass variables through htmlspecialchars() to sanitize
Pass path parameter through htmlpecialchars()
Define a local boolean var for showact to avoid security issues, also pass order parameter trough htmlspecialchars()
Fix logic to find available next number for limiters and queues. It fixes #3998
Add an extra protection to avoid having an empty group created
Do not display the disabled tunnels since they are not needed in the widget. Ticket #3955
Commit the other part of the fix for Ticket #3955
Oops wrong choice the checkbox is only for javascript
Remove redundant code and check for dpd_enable checkbox to be set
Fixup some redirected URLs.
Fixup some URLs that changed.
Standardize quotes in help.php
Don't allow interface descriptions that are strictly numbers as thatgenerates an invalid ruleset. Ticket #4005
fix variable typo
fix text
Make sure empty group or user are not created when editing
Only create missing ssh keys, do not overwrite existing ones. It fixes #4003
Use route command directly rather than trying to make a route search on php thorugh netstat. It Fixes #4000
Oops do the right thing here by passing proper argument rather than breaking the ipsec status page. Ticket #3955
Revert "Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955"
This reverts commit 694d368d818508a40bdef4f1a3f64b414b11c442.
remove this log, it's never logged anything useful that I've seen, and unnecessarily spams the secondary's system log on every config sync.
hn(4) is ALTQ-capable, mark as such.
Make phase1_status function wok whnever there is a smp dump. This should unbreak Ticket #3955
Actually require group name!
Do not do operations for empty group members
Do not do this during boot
Use leftcert for more options on IPsec authentication
Ticket #3967 also sync other vip types that can be synched.
Fixes #3967, properly resolve interface
Set proxy env vars on interactive shell and also on crontab to make all scripts be able to use it. Ticket #3789
Revert "Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured"
This reverts commit 664adf3845cf1df89769bb0ed5fc113048e0912e.
touch up text
Change copyright statement to reflect reality
modify copyright statement to reflect reality
Fix syntax error in CARP status page. Ticket #3967
Restore the CARP parent display in firewall_virtual_ip.php. Ticket #3967
Set this to /8 instead since that's how it's done in stock FreeBSD 10.1. Ticket #3941
Setting an interface's IP to 0.0.0.0 with mask 0.0.0.0 overwrites thedefault route with that interface's link route. Later in dhclient, thatgets deleted and leaves the system with no default route. Using a /32 maskhere works in every scenario I can find, and stops the default route...
Strengthen check
Compare the right things here.
Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Retire flowtable_configure as a useless code since its not in kernel
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Put the new sysctl on the config as needed.
Tighten checks here to avoid overriding the default gw with garbage
Make some more useful checks here
Be sure the same gateway is not processed for v4 and v6
Lets put a logging to see what is bing passed to the rtsold script on calling. Helps with Ticket #3361
Ticket 3967, revert upgrade code. Existing 2.2 installs might be impacted
Fixes #3967, configure ip alias on top of carp by joining them to the same vhid as its parent
Ticket #3967. Allow to have carp as parent of ipaliases - continued
Ticket #3967. Allow to have carp as parent of ipaliases
Fixes #3995. Do not set rightsourceip on site-to-site VPNs but only on mobile users ones otherwise nothing works.
Make ipsec_starter log go to ipsec.log rather than system one
Reload also the configuration not only the secrets before trying to apply existing configuration. Ticket #3981
show interface name, not identifier
fix text, PPPoE Server, not VPN
add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.
remove unnecessary is_array check, thanks Renato
Don't allow P2 local+remote network combinations that overlap withinterface+remote-gateway of the P1. Fixes #3812
set install_routes=no for charon to avoid the issues noted in ticket
Pass zone id to pfSense_ipfw_getTablestats(), should fix #3990
Make sure target has scope when it's a link-local. Fixes #3969
Check if array is set
Merge pull request #1330 from phil-davis/patch-1
Make sure srcip has scope when it's link-local. Should fix #3969
Remove extra ; and space
Process obsolete files in shell script instead of php
Simplify post_upgrade_command logic and obsolete /usr/local/sbin/cvs_sync.sh instead of removing it on post_upgrade_command
Fix to SMART disk matching
preg_match returns 0 when the string does not match the regex.0 does not "===" FALSESo this check is not always working.preg_match returns 1 when the string matches the regex.IMO it is better to check for !== 1 - then anything that is not success (0 or false or...) will be unset.
fix captive portal status page display
fix up text
Pass friendlyifname to handle_argument_group, not realifname. Fixes #3984. clean up some text while here.
isset($_GET) seems to always evaluate to true, use something more specific. Fixes use of rc.linkup when run from CLI. Others likely fix similar circumstances, though maybe not ones that are used anywhere.
Disable delete_old_states in dhclient-script. rc.newwanip handles this correctly in 2.2, and this killed states in multiple circumstances where that isn't necessary nor desirable.
don't duplicate $message in CP log entries
When an alias contain hosts, add IPs and networks to filterdns too, otherwise you end up with a pre-defined and non-persistent table. Fixes #3939
Merge pull request #1319 from phil-davis/patch-1
Merge pull request #1323 from derelict-pf/master
Merge pull request #1326 from phil-davis/patch-5
Fix obviously broken test in rc.initial.setlanip
IMO might as well back-port any obviously wrong code to 2.1 branch, just in case anybody on 2.1.n cares for it or there is a need for another 2.1.n release.
Merge pull request #1320 from phil-davis/patch-2
use a bit stronger of defaults in OpenVPN wizard
Fix WINS description. It's not 1999, and it wasn't a good description for back then either. If you're running WINS at this point on your AD DCs...get rid of the Win 9x boxes, or realize you don't actually need or want WINS on anything Windows 2000 and newer.
Fix updating of hosts file on host override updates by bringing back the same behavior from previous releases.
skip disabled phase 1 entries in status output
fix NAT-T status. The 'nat' in the status array just tells how the connection is configured, not what it's actually using. Port seems to be the best way to determine what it's using. Fix up some other text while here
use tabs rather than spaces, as most of this already did.
strongswan only has two options for NAT-T, force or auto.
setting nmbclusters to 0 just results in an error, remove unnecessary line
remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years.
fix invalid ipsec.conf
clean up text
Use a better method of finding disks for SMART.Old code was inaccurate and also listed entries that were symlinks to other disks
Restore 3 values back on NAT-T settings Just Enable now its Auto as per strongswan default. and off disabled mobike. Ticket #3979
Rename the options to actually make sense with strongswan
Remove Force options since it has not meaning for now.
fix comment
Catch some more sensitive info when sanitizing.
Merge pull request #1329 from phil-davis/patch-3
Fixup dhcpd interface enabled check
Fix console set interface IP address
Problem as per forum https://forum.pfsense.org/index.php?topic=83651.0The problem comes whenever services_dhcpd_configure is called - the global $config gets reset from the actual current config, and any pending changes in the current process are lost....
Merge pull request #1328 from wagonza/master
Fix indent
Revert "Indent better"
This reverts commit a431bfc9e698c753d9a54218af9076184deb6251.
Make sure defaults values are actually used. Fixes #3974
Merge pull request #1327 from wagonza/pfSense-master
Indent here as well
Indent better
Be consistent with the other pages
Add braces
Merge pull request #1324 from phil-davis/patch-3
Set interface address from consol tidy output
While trying to see why this is not working for me (forum https://forum.pfsense.org/index.php?topic=83651.0 ) I have fixed some little things:1) Get the new-lines right so the output of the restarting looks neat...
Correct dispaly of checkboxes for ipsec
Properly configure NAT Tranversal setting.
Remove debugging code
Properly test if FCGI is calling or are being triggered from shell. Normally Fixes #3361
Fixes #3938. Do more error checking.
Fixes #3941. When optimizations of the loops were made this brought the problems of overriding default gateway by dynamic interfaces. Try to stick to the first found for now!
clarify logs generated by newwanip(v6) when restarting packages, it's not only IP changes that end up here (by design).
s/a/an/ and speling.
s/then/than/
Fix two more instances of rrd.tgz renaming.
Fix getext to gettext typo
More gettext typos
fix typoed gettext
Kill states associated with the old WAN IP when WAN IP has changed. Retainhidden config option to wipe all states on IP change, as there seemed tobe circumstances where the 'pfctl -k $oldip' didn't suffice for others(much of history in redmine ticket, some on forum and elsewhere). ticket
Allow accept_unencrypted_mainmode_messages to be enabled if needed
only kill all states if the IP changed. ticket #1629
config.xml: better examples for blacklists
css: red messages !
blacklisted people cannot see homepage
update-geoinfos: use shutil.move (cross-device mv) (#5831)
Hide burst for limiters, since it doesn't do anything. more details inticket #3933
fix next_url cookie, don't store "None" (#5819)
redirect after login: organize options page
config.xml: add example of local federation
config.xml: add default blacklists (empty, commented examples) (#5820)
Fix a typo on array index, related to ticket #3963
fix default blacklists (#5820)
fix utf8 for local metadata (pfsense use iso8859-1)
update-metadatas.py: fix local metadata system
pluralize: whitelistS and blacklistS
FreeBSD fails to set advskew back to 0 after you set it to any othervalue. That's a separate issue that needs fixing upstream, but in the meantime, we can work around it by removing all CARP VIPs in the same way wedo when "Temporarily Disable CARP" is chosen before adding them all back....
Remove redundancy as pointed out by phil-davis
Decode recently created cert and key. It fixes #3964. While here, fix logical condition to create a new cert if crt or key is not present
Add option to kill all states on IP change, currently a hidden option for more testing. ticket #1629
Merge pull request #1317 from phil-davis/patch-1
Merge pull request #1297 from phil-davis/patch-23
useless code removed
redirecting user after login: to a specific url or to one requested by him
Closes #5574
Back to use listr instead of vncellt since it has small fonts and mitigate changes of go outside the sidget. It should fix #3937
Simplify logic
Remove unecessary variables
Whitespace and indent
fix ping_hosts.sh to not ping IPsec if CARP is in backup
tiles url can be specified in SP params
Closes #5579
consolidate local metadata system (#5568)
federation's metadata raw content can be added
Closes #5568
domain and search should not both be defined in resolv.conf per FreeBSD man page and handbook (only the latter is actually used). Change this to just not use domain, and set the search to the system's domain where not using the function that generates the search list for dynamic WANs.
Enable unity plugin as per request from https://forum.pfsense.org/index.php?topic=79737.msg452808#msg452808
Warn if attempting to import IPv6 range
There is currently no code to convert an IPv6 range to a set of corresponding IPv6 subnets, so warn the user if they attempt that from the alias bulk import GUI.
Support converting an IP range to an array of addresses
so that it can be used for expanding ranges in host alias input.
Expand range or subnet for host alias
When entering a host alias, if the user put an IP range (like 192.168.0.10-192.168.0.20) or a subnet (like 192.168.1.200/29) then expand it into a list of individual IP addresses. Check that it will not make too many rows to exceed the existing 5000 row limit on the GUI....
Merge pull request #1312 from phil-davis/patch-8
Merge pull request #1313 from phil-davis/patch-9
Add support for mac addresses blacklist
Closes #5572
Closes #5571
Add support for nameIDs blacklist
Interface: add a page to configure blacklists
www: factorise saml tabs in a function
Prevent Internal Server Error if range is backwards
Teach the certificate generation code how to make a self-signed certificate, andchange the GUI cert generation code to use it. Also, move the GUI certgeneration code to its own function so we can add a GUI option to regenerate itlater. Also use some more sane defaults for the contents of the default self-...
Encode values before displaying them back to the user in notification settings
Encode values before displaying them back to the user in notification settings.
remove the command number shown in the shell prompt, it's a pointlesswaste of screen space
Fixes redmine #3950 - ip_range_to_subnet_array can easily swap the input parameters if the caller has passed/entered them the wrong way around. That is both friendly to the caller and ensures that a hostile caller can't blow up the routine....
+ is a valid character in some dynamic DNS providers' usernames. Fixes #3912
hostnames can end with a . (and actually always do, it's just usually implied), so allow that here. Fixes wrong input validation in parts of nsupdate GUI, among other things.
Merge pull request #1306 from phil-davis/patch-3
Let user decide if he wants to proceed to the upgrade when sha256 fails to download. Fixes #3576
h-node should be 8
Underscores are valid characters in domains. Fixes #3219
Ticket #3932 For more than 100 entries create pipes in line with the rules file to speedup the process
Merge pull request #1310 from phil-davis/patch-6
Merge pull request #1311 from phil-davis/patch-7
Fix the log widget to lookup hosts by DNS using a link rather than AJAX. Quick fix for now. Ticket #3829
Add command line script to generate and activate a new GUI certificate.
Fix descriptions and cn on generated GUI cert to be consistent.
Reintroduce the vfs.forcesync systl
Merge pull request #1309 from phil-davis/patch-5
Tame the poodle. Disable SSLv3.
Manage dhcpleaseinlocaltime consistently
dhcpleaseinlocaltime is actually a global setting, but the setting is stored per-DHCP-enabled-interface.The display code in status_dhcp_leases already sorts this out - if any interface has the setting enabled then the displayed lease times are adjusted to local time....
Provide an edit button for static mapped entries
As suggested in forum https://forum.pfsense.org/index.php?topic=82883.msg0#newInstead of a non-functioning red plus icon, show an edit icon for static mapped entries, and take the user to services_dhcp_edit page if it is clicked. IMHO this makes it much easier to correct things that are noticed when viewing the Status, DHCP Leases display.
Whitespace in status_dhcp_leases.php
Fix #3935 Properly allow WAN without LAN
Was broken by https://github.com/pfsense/pfsense/commit/bd0b5d2dc7a279d3473a65a11d67efb5e39392be
rename interfaces_carp_setup to interfaces_sync_setup and call it during bootup since it does not only relate to carp interfaces.
Fixes #3727 Do not unset ondemand for ppp type interfaces since it is controlled here only for pppoe/l2tp
Ticket #3789. Put a start at using the proxyurl/proxyport from system configured settings for bogons. It still does not consider the user/pass configured
Fixes #3213. Allow up to 2900 limiters. This was set to 30 since limiters are to be controlled by mask and not created manually!
Make proper check here
Teach the certificate generation code how to make a self-signed certificate, and change the GUI cert generation code to use it. Also, move the GUI cert generation code to its own function so we can add a GUI option to regenerate it later.Also use some more sane defaults for the contents of the default self-signed certificate's fields so it will be more unique and less likely to trigger problems in browser certificate storage handling.
update comment to reflect breakage caused here and reference associated redmine ticket, not high priority, can be fixed later
block IPv4 link-local. Per RFC 3927, hosts "MUST NOT send the packet toany router for forwarding", and "any network device receiving such apacket MUST NOT forward it". FreeBSD won't route it (route-to can override insome circumstances), so it can't be in use as a real network anywhere with...
Fix PSK for non-ascii also here, ticket #3917
Fix initial console menu layout, it fixes #3884
Improve IPsec status page for mobile. It fixes #3917
Add missing gettext call
Add missing gettext calls
Fix indent and spaces
Does not accept non-ascii characters on IPsec PSK. It fiixes #3931
Close this form early since there is another form below
snmp: update SNMP ucd to work with univnautes 2.1
Closes #5566
univnautes.js: move idp link outside the button for Fx
Closes #5678
update input_error description after changes for ticket #3491
Properly set MTU for lagg interface, it fixes #3922
Make sentence more accurate as pointed out by phil-davis
GIF interfaces MTU must be something between 1280 and 8192, make the correct check. It fixes #3927
Merge pull request #1308 from phil-davis/patch-4
fix up text on sys_adv_misc
fix text and descriptions in GRE edit page
s/removing/omitting/g for gateway monitor log entires. "Removing" is not necessarily correct, there are many circumstances where this runs where it wasn't there to begin with, and is potentially misleading.
Fix pf syntax s/divert/divert-to/. It should fix #3921
Ticket #3860 Correctly display SMTP SSL TLS boxes
After using the "Test" button, $_POST['smtpssl'] and $_POST['smtptls'] was 'on' or null - this got blindly copied back into $pconfig[] and resulted in the state of the SSL/TLS/STARTTLS checkboxes not being redisplayed....
Fix an error introduced in bd0b5d2dc7 that makes system believe interfaces always mismatch
Remove the minimum NIC warning, this dates back to when minimum 2 NICs were supported and it made sense to throw this message at people. It's obvious a network appliance requires at least one NIC.
Update the URL for snapshots update
Be more strict when checking if olsrd is enabled, otherwise when package is deinstalled and configuration is kept dhcpd will consider it's always as enabled
Support up to 4 DNS Servers in DHCP
Add an option to restart php-fpm from console
Fixes #3909 Properly report and detect carp_status
Remove function that is not implemented properly. Nothing seems to use it.
Merge pull request #1303 from PiBa-NL/carp_without_matching_subnet
Merge pull request #1304 from sselph/powerd_normal_mode
Merge pull request #1305 from phil-davis/patch-2
Fix not rules for OPTn network case
Reported in forum https://forum.pfsense.org/index.php?topic=82319.0The "if (is_subnet($src)) ... filter_address_add_vips_subnets" code needs to go outside all of the if that checks for opt interfaces (not just in the else part). That makes filter_address_add_vips_subnets get called in all cases, including when optn network is specified. (line 2264, 2265)...
Add powerd normal mode flag (-n)
Make proper check if IP address is configured on another interfaces and ignore current one. It fixes #3807
get back to our standard RFC-defined capitalization of IPsec
CARP, allow carp ip to be outside interface and alias subnets (FreeBSD10 feature)
Merge pull request #1300 from jean-m-cyr/master
Merge pull request #1298 from PiBa-NL/vips_sort
firewall_virtual_ip make the table sortable remove double tfoot, but use 2 tr inside.
Remove stray 'i'.Reported-by: https://forum.pfsense.org/index.php?topic=82393.0
Fix up NTP status page formatting
Number of columns is not the same for all table rows
firewall_virtual_ip make the table sortable
Spelling
Merge pull request #1295 from phil-davis/patch-21
Clarify bracketing
to minimize risk of a problem when adding code here in the future.
Allow extended alias inputs #3890
Currently if you enter a space-separated list of subnets in the IP address box when entering an alias, the code reports that the data is invalid. But it does actually expand the list of subnets into multiple rows, and enters the various subnet CIDRs into the CIDR column for the user. The user can press Save a second time and the data is now valid so the code saves it happily. This is rather odd, as reported in redmine #3890....
Merge pull request #1294 from phil-davis/patch-19
Merge pull request #1293 from phil-davis/patch-20
firewall_aliases_edit UI text changes
If type URL Table then the heading "Description" on the 3rd column gets suppressed (I am not really sure why that is, since the description data entry box still appears - I guess someone intended that the data entry box itself also be suppressed, since URL Table takes just a single line entry, the overall description of the alias should be enough - no need for a per-line description.)...
Minor fixes to firewall_aliases_edit
for 2.1 branch
Merge pull request #1292 from phil-davis/patch-18
Remove useless check for alias description matching an interface description
While looking at other checks in the code I noticed this check. It was not effective anyway, because the first line inside "if ($_POST)" below doesunset($input_errors);which undoes this check anyway....
Be more strict on removing groups checking group id and group name, it avoids issues like happened to users on ticket #3856. While I'm here, replace GET by POST
Be more strict on user removal checking array id and also username to avoid removing wrong users when browser back button is used. It should fix #3856
Merge pull request #1290 from jean-m-cyr/master
Remove also old unbound startup script
Support IPV6 in unbound.conf
IPv6 addresses are not included in unbound config and access list
Merge pull request #1289 from jean-m-cyr/master
outgoing ip incorrectly set in unbound.conf
DNS resolver outgoing IP interface IP address is incorrectly set to thelast inbound interface IP address... fix it.
Remove unbound files, menu and service during config upgrade, otherwise things can go really bad with functions redeclared un base and package unbound.inc and config corrupted when upgrading from 2.1.x with unbound installed to 2.2. PBI and package section are both removed later during package upgrade
Merge pull request #1288 from brunostein/fix_button_close_info_box
Fix close button in the info box
Merge pull request #1287 from jean-m-cyr/master
Provide a toggle for apinger debug messages to be logged to syslog. To help with roubleshooting issues
NTP Service GPS page always reverts to 'Custom' GPS type
Remember and correctly display GPS type setting
Add a note clarifying the usage of OpenVPN's Auth Digest setting.
Make sure unbound user and group is also created during upgrade config
Provide upgrade config code to migrate unbound settings from 2.1 package to 2.2 base. Bump config version to 11.1. It fixes #3880
Merge pull request #1286 from jean-m-cyr/master
NTP server configuration does not highlight selected interfaces
Missing explode of selected interface list prevent logic from working.
Add a more obvious note about the use of WAN interface on group rules.
Obsolete recently removed jquery files
Apply previous progressbar customizations for jquery-ui 1.11.1
Update jquery-ui components to 1.11.1, it fixes #3879"
Add missing <form> and require filter.inc for filter_configure()
Do the proper action if Apply button is pressed even on the preshared keys page
Recent versions of miniupnpd does not accept IPv4 address anymore, use interface name always. It fixes #3874
Allow hostname to start with '@.' for namecheap. It fixes #3568
Check if there are leases to show, it fixes warning when $mobile['pool'] is empty or not array
logout view: disconnect from cp
Correct evaluation for "Acct-Interim-Interval" from RADIUS
Setting "Acct-Interim-Interval :=600" in FreeRadius2 evaluates to 'random' values with PfSense 2.1.Possibly a bug related to:https://forum.pfsense.org/index.php?topic=60079.0https://forum.pfsense.org/index.php?topic=60262.0
Merge pull request Bug #1285: Metadata namespace definition from dariomas/patch-1
add cp_disconnect command (php)
auth.py: fix import django settings
homepage.html: dont use <button>
update-whitelists: dont use ipfw_context
add manage configxml
Do not call write_config() when click on Apply Changes because it was already done and it causes dhcpd to restart one more time on secondary nodes. It fixes #3797
fix syntax
Do now call write_config() when click on Apply Changes because it was already done and it causes dhcpd to restart one more time on secondary nodes. It fixes #3797
Update jquery to 1.11.1
www/services_captiveportal_saml_*: use rc.sh actions
rc.sh: add syncwl action
update-whitelists: use table 42
ipfw_context_list.py (just for the record)
config.xml: no whitelist in firewall
captiveportal.inc: (re)add table 42 for whitelist
whitelist in firewall does not work...
services_captiveportal_zones.php: direct links to saml tabs
Revert "captiveportal.inc: add table 42 for whitelist"
This reverts commit 82baf4a83e1031566bff16b51798695246f488aauseless on UnivNautes2014
update-whitelists.sh: to php, with love
rc.sh: paralleliez syncdata
config.xml: whitelists aliases
minicron for update whitelists
update-whitelists.sh (funny, isn't it ?)
Fix typos
Restore id for cancel button to fix js error
Add a basic command line password reset script.
While I'm touching this file, replace GET by POST
manage prepare-whitelists
Deduplicate <form>, fixes #3864
captiveportal: dont redirect 443/tcp
It's time to move to 2.2-BETA
Merge pull request #1284 from phil-davis/patch-17
Merge pull request #1283 from phil-davis/patch-16
Fix #3866 Firewall Log Filtering
on master
on 2.1 branch
Correct speeling as reported by: Phil Davis via github
Merge pull request #1282 from ExolonDX/branch_master_06
Merge pull request #1281 from ExolonDX/branch_master_05
Merge pull request #1280 from ExolonDX/branch_master_04
Merge pull request #1279 from ExolonDX/branch_master_03
Merge pull request #1278 from ExolonDX/branch_master_02
Merge pull request #1277 from ExolonDX/branch_master_01
pfconfigxml: add get_whitelists()
captiveportal.inc: add table 42 for whitelist
use rc.sh with mwexec_bg()
config.xml: stop lan by default (ooops)
rc.sh: start/stop crons
add clearsessions-pf.sh
update settings
clearsessions-pf manage command
add cp_get_sessions script (php)
Tidy up "status_rrd_graph.php" XHTML
"id" attributes cannot start with a numeric character, so change "8hour" to "eighthour" and "4year" to "fouryear".
Tidy up "diag_dns.php" XHTML
Tidy up the "=" sign properly!Remove "=" sign from INPUT tagChange alignment to the "middle" of the TD tagAdd missing closing FONT tag
Tidy up "gateways.widget.php" XHTML
Remove invalid "summary" attribute from TD tag
Tidy up "interfaces.widget.php" XHTML
Remove duplicate closing TR tagDIV tag cannot be enclosed in a B (bold) tagChange class and style
Tidy up "pkg_mgr_install.php" XHTML
While using the widescreen theme, when you update the firmware or add anew package the TEXTAREAs are side-by-side which doesn't look neat.Add BR tag between TEXTAREA
Tidy up "fbegin.inc" XHTML
"id" must be a unique attribute.
Remove almost all calls to history.back() and make Cancel button back to HTTP_REFERER, there are a couple of places I didn't touch on this commit because it requires more work
This really does not need the =
Remove wrongly used type
Ooops restore this
Inverse the sense of the toggles to avoid configuration upgrades
Actually use the new toggles
Provide Advanced Options for controlling rekey and reauth, might be usable with iOS devices
Only for movile users
Provide a first implementation of EAP-TLS authentication with IKEv2. It is a start and might not work on all cases
Make this work properly and not throw out errors.
Replace GET by POST on system_usermanager.php and make necessary adjustments on necessary pages. It fixes #3856
Back to referer instead of hard coded system_usermanager.php since this page is called from other places
Add a function to redirect to a page passing parameters through POST
Add a cancel button for user and group edit page
Fixes #3666. Set the sysctl net.inet.icmp.reply_from_interface to 1 to use the incoming interface to send the icmp reply from. It uses another part of patch to pf to undo NAT if it was already performed before
Add security priviledge for new page
Get rid of the /
Actually do not refer with Name but just pool
Do not let the user mess with SAs from this page. The daemon and primary status page handles tat
Provide a page on IPSec:status t check the leases to mobile clients
Show friendly names
Remove extra char
Correct widget displaying of status for tunnels
Properly display number of mobile users
Fix path to xml and make sure the parser will see the custom tags
Add pages missing from the Status > Traffic Graph privilege that are required for the full page to load
Display all new information on ipsec:status and also fix displaying of some previous statistics
Merge pull request #1260 from DasTestament/master
Merge pull request #1274 from phil-davis/patch-13
Merge pull request #1275 from phil-davis/patch-14
Standardise size of Duplicate Slice button
The Duplicate Slice button currently is displayed in smaller text and in a row of its own, separate from the row above that has the rest of the "Duplicate bootup slice" text and slice selection.This change puts the button in the same row as the slice selection and text, and makes the button text be the same size as the text in other buttons on this page....
Try to make the ipsec widget usable again
Make use of the xml output from stroke leases command
Change is_port() to only validate a single port, we have is_portrange() for specific cases. Make necessary adjustments after check all is_port() calls. It fixes #3857
Delete IP Alias on CARP VIP interface on secondary node when it's deleted on primary. It fixes #3855
Fix operator
Return something meaningful until the widget is made to work correctly
Remove racoon references
Remove all remnants of racoon from log page
Correct status.php for new ipsec
Remove traces of older implementation still present
Put some tuning on number of half open connection possible in one time.
Provide some parallellizm on the IKESA lookups for heavy loaded boxes.
add cp_allow script
auth.py: send cpzone to cp_allow
system.inc/lighttpd: add X-pfsense-cpzone header
saml/post_form.html: force Send button
settings.py: TEMPLATE_DIRS disabled by mistake
Actually roll this back since it was a testing glitch
Also here be more strict on checking to return proper result. (some missed from previous commit)
Also here be more strict on checking to return proper result
Put some more statistics and the user that gets connected now that we can
Merge pull request #1273 from fsSnowboard/master
Make sure dhclient is not running before start it, it fixes console interface setup when interface is using dhcpv4. It should also help #3482
Implement a function to kill dhclient process, sometimes it takes a little time to die, so use a sleep(1) there
find_dhclient_process() returns an int, not string
Be more explicit
Correct log prepending value
Some device names are bigger now (eg vtnet, ixgbe, cxgbe)
Correct generating loglevels for startup through ipsec.conf
Fix minor typo to name and port range
Typo on the name of the FaceTime shape rule, and missing 1 from GoogleTalk port range.
Fix guess_interface_from_ip() to account for differences in netstat output. Fixes #3853
Blah unconditionally set rightsourceip per https://forum.pfsense.org/index.php?topic=80300.0 Until pools can be supported properly.
handle user_login_callback (attributes, call cp_allow..)
add messages in base.html template
Import fix for http://bugs.jquery.com/ticket/9521
As pointed out by Ermal, VIPs should go first in the list since NAT is first match. Ticket #983
igmpproxy param -d doesn't like the space before optarg. Fixes #3852
Ticket #3826 correct point number 2) by showing not connected tunnels in the end of the status page
Fixes #3664, actually make sense of this function to work properly
Improvements on interfaces_assign.php:
- Let user select network port to add instead of pick the first available, it fixes #3846- While I'm here, drop GET and use only POST
Fixes #3823 Properly parse auth tags as variables
Convert this block into a function for later use
Remove unecessary var initialization
Replace mwexec() by unlink_if_exists() and respect global tmp_path
Fix indent and whitespaces
Show properly a setting of any for Identifiers to use in the status page
Formats disponibles : Atom