dns_split was a comma separated list and moved to use space as separator, provide upgrade code to make sure old configs are converted. Since there was a config upgrade version 11.7 only on master, I pushed it to 11.8 and used dns_split one as 11.7 to be able to backport it to RELENG_2_2. Ticket #4418
Add missing comma. Fixes #4485
Tweak the carp demotion factors slightly to avoid CARP transitions that are most likely unnecessary.
Code Style Guide etc inc f to g
Merge pull request #1455 from xbipin/patch-2
upgrade config
upgrade config code so old entries not lost during upgrade
Set update_url and update_manifest automatically based on version being or not a RELEASE
Heh bump the config version
Fix #4090:
- Unbound advanced options may contain double quotes and it breaks thesyntax when a backup is restored because newlines are trimmed. Save itin base64 format is a safe way to prevent it- Bump config version to 11.5- Provide upgrade code to encode current config or the one that came...
Add config upgrade code to make sure iketype is set, bump config version to 11.4. It fixes #4163
Add config upgrade code to validate changes made on c2fe67eb and d269747b. It fixes #4134
Bump latest_config version that I forgot on previous commit. Spotted by Jim Pingle
Ticket #4009 Force serial console whenever the installer told us so.
Add a parameter on platform_booting to help detect if it's on GUI on console and use it in appropriate places, it fixes #4049
Optimize
Rather than set the g['booting'] on globals provide a function to test for that doing the right checks
Remove the booting signal if not needed to fix some issues reported on the GUI
The net.inet6.ip6.rfc6204w3 needs to be 1 for dhcpv6 to work correctly. Fixes #3361
Put the booting signal in globals.inc since it makes all the other scripts detect we are booting. Otherwise separate php instances will not detect that. rc.bootup clears this flag so all should work correctly
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Reintroduce the vfs.forcesync systl
Remove the minimum NIC warning, this dates back to when minimum 2 NICs were supported and it made sense to throw this message at people. It's obvious a network appliance requires at least one NIC.
Update the URL for snapshots update
Provide upgrade config code to migrate unbound settings from 2.1 package to 2.2 base. Bump config version to 11.1. It fixes #3880
Fixes #3666. Set the sysctl net.inet.icmp.reply_from_interface to 1 to use the incoming interface to send the icmp reply from. It uses another part of patch to pf to undo NAT if it was already performed before
Use a uniqid() to track phase2 entries to avoid confustion and various mistakes when modifying and editing them.
Fix dscp values and provide a config upgrade to fix values stored in config.xml. This is a proper fix for #3688
Change the option for webconfig login autocomplete from opt-in to opt-out, also bump config version and write a function to keep the current status on upgrades
Fix i386 default URL for snapshots
Fixup update URL
send crash reports via HTTPS
standardize on https on www.pfsense.org
standardize on https://www.pfsense.org, point to packages.pfsense.org
set package URL to https://packages.pfsense.org
update link for 2.2
Add https to update URLs and replace RELENG_8_3 by RELENG_10_0
Add chroot for Unbound
Oops correct php syntax
Move to zerocopy_enbale for bpf to optimize bpf logging which uses bpf interface. This should increase the general performance since pflog is always enabled.
Update copyright_years to be calculated on the fly.
Happy New Year 2014!
Optimal: Just updating the copyright years;
I wish to all of you all of health, happiness and good luck of earth to be in your hands for the new year! Other will come up later :)
And make pfsense better then before, more flexible for management/viewing from web (3rd party) using samba,ftp,whois,hw temp..etc....
Upgrade all firewall rules to include a tracker field. Add a tracker field even for nat for later usage while here.
Set latest config version
Remove deprecated sysctls. vfs.forcesync needs to be seen if the patch needs to be put in place again!
Since zoneid need to be less then 4096 provide some upgrade code to handle that from existing configs
Many fixes on privileges, ticket #3216:
- Rename some privileges: page-diag-system-activity => page-diagnostics-system-activity page-interfacess-groups => page-interfaces-groups page-interfacess-lagg => page-interfaces-lagg page-interfacess-qinq => page-interfaces-qinq...
Add hybrid and disabled outbound NAT, fixes #2416:
- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced keep working the same way- Hybrid mode applies manual rules first, automatic after- Disabled do no create any outbound NAT rules...
Change OpenVPN Compression settings to cover the full range of allowed settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).
Add upgrade code to change the DHCP next-server value to nextserver since it was renamed sometime in 2.1 but upgrade code didn't follow. Also shuffle the upgrade code blocks a bit since we need these on 2.1.x and nobody should be on 2.2 yet, so the impact should be minimal to renumber the one bit specific to 2.2.
Remove newsyslog cron job on upgrade, if present.
Set action = pass for configured mac addresses on CP passtrumac
s/BSDP/ESF/
Simplify the update URL definition in globals.inc and add some comments to it.
Disable kill_states by default on upgrade, it fixes #3183
Allow for easier override on $g values if needed.
Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
Fixes #2979
. Change max value for traffic and packets graphs to 20GigE. Bump config version to 9.6. Write a config upgrade function to tune current rrd files to the new max value
After some discussions it is better to make this a tunable and allow its value change from administrator.
Fix IPv6 Prefix ID default value
. Always initialize it to 0 when it's undefined. Remove unecessary initializations and checks. Bump config version to 9.5. Write an upgrade config function to initialize old configs properly
Disable udp checksums by default
point 2.1 to gui21
Bump this a bit to allow for faster speed
Reduce a bit the entropy collection sources to not hurt performance. There are plenty of other sources on today systems
Hide 'Perform full backup prior to upgrade' option on nano, also hide restore full backup. Fixes #2844
Remove unused function remove_numbers()
Backout Unbound for now bring back in 2.2. Fixes #2817
Bump latest_config to 9.4 to match recent version bump in the default config.
Adjust RRD captive portal graphs for CP zones
- Create RRD configs per zone- Add tabs to see graphs per zone- Migrate existing rrd files to default cpZone- While I'm here, call unset() for $rrdcreate and $rrdupdatesh
Resolves #2655
Add IPv6 privacy settings tunables. Keep the default FreeBSD value for them, that is disabled. This implements feature request #2587
Fix outbound NAT rules when interface is deleted:
- When delete interface, do not touch outbound NAT rules- Skip outbound NAT rules when interface doesn't exist- Bump latest_config to 9.2- Since rules with no interface were considered as wan, convert old...
Welcoming in 2013
Add the new tunable in the GUI for custommization and its default value
Do not process ip options by default this is 2012
Make limiters have a schedule specified which applie bandwidth limits during that period
Add ECE and CWR TCP flags as defined in RFC 3168
Due to the DHCP pool tag needing to be an array, rename the old LB "pool" variable to something else so it's not interpreted as an array.
Use Certificate Manager in Captive Portal settings
Generalize the Crypto hardware option and add GUI support for AES-NI.
Fixes #2428. Reference limiters in rules by name to avoid issues. Also put upgrade code for existing configs. The same fix is necessary for 2.0.x though not sure how this should be committed there.
Move vip upgrade code to be later, since it was backed out of 2.0.x it no longer needs to be so early, and otherwise there can be some breakage/fallout. Ticket #2445
Update the default URL here for our new FreeBSD release.
Add upgrade code that updates the dynamic gateway names to their new format new $if_$type.Redmine Ticket #2332. I've tested a simple upgrade with 3 dynamic Wans with varying names and that appears to have succeeded. Needs more testing.
Move CARP settings from pkg XML to a real PHP page
https://redmine.pfsense.org/issues/647
it's 2012
Implement is_jumbo_capable in a more performant way. This should help with large number of interfaces
Add Unbound chroot directory path
Add global to hide download tab
Add the multi instance CP to master branch. This allows to define CP with different properties on different interfaces.
Merge remote branch 'upstream/master'
Conflicts: etc/inc/globals.inc etc/inc/upgrade_config.inc
Up config number for username sync upgrade.
Conflicts: conf.default/config.xml etc/inc/filter.inc etc/inc/globals.inc etc/inc/pfsense-utils.inc etc/inc/upgrade_config.inc usr/local/www/interfaces.php
Remove out-dated RRD file as it will cause broken images to appear on RRD graphs page.
Fix PPTP server radius settings upgrade from 1.2.3. Fixes #1292
Conflicts: usr/local/www/status_rrd_graph_img.php
Remove rndtest sysctl since the kernel module is not anymore part of our kernels.
Enable the IPv6 allow toggle, otherwise the other IPv6 rules do not work.
Merge the config upgrade code, there was a mismatch, the one who merged this wrong should get a pointy hat.
Add upgrade code to ensure rule protocols are all lower case.
lower limit to 101 MB