pfSense

Activate the firewall rules for DHCPDv6.
Add pass in to port 546, pass out to 547

adjust the firewall rules to allow for proper ICMP6 allow so that normal pmtu works

Remove duplicate advbase in ifconfig command

Merge remote branch 'upstream/master'

Conflicts:
etc/inc/system.inc

Show the TCP protocol for ipv6 filter rules

Move the ICMP rules further to the top in order for normal neighbour contact via icmp6 to work

Do not block fec0::/10 as this includes fe80:: local link addresses which breaks everything else

reference the IPv6 bogons table as well

Add the IPv6 fc00::/7 and fEc0::/10 to the Private block on WAN

Setup packet spoofing rules for inet and inet6
Adjust the default Deny All rules for inet and inet6, rename labels

Adjust firewall rule to reflect inet or inet6

Adjust the loopback firewall rules for inet and inet6 and give them unique labels

Silence warnings.

Fix case for disabling RRD graphing for spamd package.

Transform PORTAL_REDIRURL variable

Fix url. Do not include mod_accesslog twice

remove single quotes

Brute force dnswatch kill if needed

Launch dnswatch correctly.

Allowed hostname is now working. Make bw up and down checks a bit more strict using intval() and comparing >0. Fix bw and upload checks allowing either to be set.

Allowed hostname is now working. Make bw up and down checks a bit more strict using intval() and comparing >0. Fix bw and upload checks allowing either to be set.

Make allowedhostname an array.

Adding preliminary version of allowed hostnames. Allowed hostnames function similar to allowed IP addresses and permit the captive portal to pass traffic out. An example usage of this is to allow access to a hotel web page freely and then require authentcation hotlinking from this point.

Fix formatting. Die, VIM, DIE!

Reformat file. VIM needs to die a flaming death.

Comment out this code since it currently segfaults and get_real_interface could cause major slowdown here for some configurations.

Remove extra call to get_real_interface.

Use the first element of the array instead of the array itself for the comparison.

Revert "I think this is supposed to be get_real_interface too, not get_parent." - This function should not call get_real_interface here to avoid slowdown from recursion.

This reverts commit 54ac5d9080c2ea6669af07aa49a5ce660f2ede76.

Make get_parent_interface return an array to handle MLPPP and make it find vlan parents too.

Also, update interface_netgraph_needed to handle MLPPP on vlans.

Add NULL check to wireless functions.

The old interface_translate_type_to_real function used previously would return OPTX
if it was passed "OPTX" and OPTX existed but was unassigned, whereas get_real_interface returns NULL, so now we
check for NULL.

I think this is supposed to be get_real_interface too, not get_parent.

Revert if I mis-understood.

Change name of function "interface_translate_type_to_real" to match what it's doing (or should be doing.)

Next commits will change functionality of this function because before now
it's identical to "get_real_interface" function (because of bug mentioned below.)...

Resolves #1216. Do not create nat entries on ovpn interfaces.

Actually send a notice even if no default queue could not be found. This might be serious in some cases.

Do not put the queue config on the rules if there is no default queue, just log it. This prevents errors in rules loading which is worse than having no shaper.

Log the errors we know for not allowing a queue to be added.

Add the npt tag which is used by the IPv6 tree to the 2.0 mainline tree.
This prevents a config blowup when a ipv6 config loads on 2.0.

it's 2011

We don't want to detach netgraph nodes from interfaces that are used by
any PPPoE/PPTP/L2TP configurations.

Fix dhcp server group

Use a better method to determine the FTP URL for FreeBSD based on the version being used. The old method worked with 8.1-RELEASE-p2 but failed with just 8.1-RELEASE.

Add filter code for adding the binat rules required for Network Prefix Translation

Unbreak static routes
Add initial NPt Network Prefix Translation pages

Add drop-down to select OpenVPN hardware crypto (finds usable devices from "openssl engine" list) for clients and servers.

Add the empty check otherwise all static routes are skipped. Reported-by: Seth

Add a checkbox for duplicate-cn on OpenVPN servers.

Comment what this variable does

Adding $builder_package_install variable. When set to true ignore library fixups and sync_package() directives.

Merge remote branch 'upstream/master'

Conflicts:
etc/inc/system.inc

Ticket #1210. Also here unset any previous value if none posted.

If no value is posted means we have no value to save in config and should unset any pervious set ones.

Resolves 1209. Correctly calculate the necessary data to return from an 'pfsense' format encrypted file.

This logic was reversed fix it. Reported-by: Seth

Ticket #259 trim the \n from the command output and return only the numeric part of it.

Prevent a IPv6 address from breaking system routing. This is a hack because we don't have the proper ip validation in 2.0 mainline

Do not put a config entry for dhcpd if we cannot determine the subnet address. Reported-by: http://forum.pfsense.org/index.php/topic,32303.0.html

Better way to determine the username for config descrs

Fix variable name reference

Fix references to what was apparently supposed to be $g['booting'] and not $bootup.

Add a description to this write_config() so it's a little more obvious what it's doing in the logs.

No need to set this here, we already set it in config.inc (and it takes precedence)

Add the cron job a different way. There have been a couple reports of losing CAs during the config upgrade and this was the only added function at the time.

Fix broken merge, change variable name to define inet family

Merge remote branch 'upstream/master'

Conflicts:
etc/inc/interfaces.inc
etc/inc/system.inc

Specify the -inet family so that accidental IPv6 addresses here don't break the system routing.

Add the default value for the new tunable debug.pfftpproxy to 0. It allows to disable the pfftpproxy. Also add it to the default config.xml though no upgrade code should be needed since people can create this from the gui and hopefully do not need to know about this anyway.

Really do not deactivate netgraph if the underlying interface is needed by it!

Ticket #1198. Fix code when checking client or server

Remove extra brace

Better test for an empty CA to avoid writing out an empty CA file (some on the forum are seeing this.)

Bail on reinstalling all packages if we can't contact the package repo.

Ticket #621. Sort even csr subject to have the matching go ok during import of externally signed cers.

Only copy 52 chars of a user descr to the pf rule. When added to the "USER_RULE: " prefix (11 chars) we hit the 63 char limit. Fixes #1187

Bump config version, add upgrade code to setup cron job for URL table update script.

Ticket #875. While ldconfig should be called by pkg code itself do it explicitly to have the cache file rebuilt with correct list.

allow 127.0.0.1 and localhost for HTTP_REFERER checks

Stop spewing backup info on bootup

Add back booting check that existed prior to refcount code. We will improve upon this next week.

Ticket #621. sort the contents of array used for generating subject by keys so whenever we do subject comparison we will not have problem just because of the array keys ordering.

Need to use Unlink in tar

Shorten english

Scroll the textarea to bottom on each update

Take into account< 10 too

When installing packages on console (downloading) only show every 10% meaning 10% 20% 30% instead of 1% 2% 3% 4% 5%, etc

Ensure $pkg is defined. Send pkg_delete errors to /tmp/pkg-delete_errors.txt

Fix package dependency check code now that we no longer nuke /var/db/pkg/ before operating on packages

Strip off the space between @depend and the package name. Otherwise it will return a space in front of the pkgname

Do not unlink file, it's handled by behind the scenes pkg-utils.inc code

Shorten repo download message

Do not show already installed messages which fill up the textarea too many times

Also CDATA protect the detail field. Fixes #1168

Don't run mb_convert_encoding on descr field, it's cdata protected in the config now and this just causes some characters to be lost on input. Ticket #1168

Do not nuke /var/db/pkg now that 2.0 has better handling

Reinstall packages on bootup during console. Ticket #1156

Ticket #491. Correct username/password name fields so upgrade works correctly.

Actually use sigkillbypid.

Send a HUP to racoon which is equivalent to the reload-config racoonctl command which seems to not work in 0.7.3 of ipsec-tools.

Forgot to up the array count.

Add kern.ipc.maxsockbuf to upgrade config and remove extra whitespace.