Reference the correct variable here, it was broken before and could never have worked.
Remove the filter configure call as this could otherwise lead to a recursive filter configure.
Bail here so we don't make invalid rules for IPsec if this is empty.
Added a setting for configuring the firewall log to either:-Not load descriptions-Show descriptions in a column-Show descriptions on a second row (after a click on 'show descriptions')
'fixed' a few html validation issues..
Changed firewall log to show the applied rule description directly on screen, also layout optimization for "Show raw filter logs".
Don't add ldapcfg to racoon.conf since we're not using racoon's built-in LDAP support now. Moving to external script-based auth, see ticket #1112
No need for these other lines on nanobsd, and it can interfere with booting on some devices.
Add another test here for Nano+VGA to preserve the console selection.
Fix up tcpdump for pflog stop/start a little, consolodate code, and restart tcpdump for pflog when saving log settings.
Simplify schedules code and some styly nits
Month matching for scheduler rules
Fix some obvious things in the firewall scheduled rules code. If a user has some rules with a month specified and some without, then this will make a difference. Might fix bug #2614?
Correct filter tdr install_cron function
Don't put this rule in if $carp_int is empty, it makes an invalid rule. Fixes #2605
Restructure these IP/subnet tests so they don't break transport mode.
Fix bug reported in http://forum.pfsense.org/index.php/topic,53000.0.html
Tidy console package install progress percentage
This makes the file download percentage progress come out at the end of the line. New values are updated by using backspaces to rub out the previous value.
Fix ntp config syntax for the version we're using
Try harder to determine hostname when sending e-mail.
This file won't exist at bootup yet, drop it from the sanity test.
Teach ntpd how to get its time from a local GPS on serial.
Correct carp rules and a weird nat rule on carp so they actually generate what they are meant for
Fix secondary auth source to reference the zone like everything else in this section does, which is where the gui stores the value.
Put propper curlies since this is themeaning of this test so its readble
Remove extra curly to allow checking braces closure easily in vi[m]
More shortcuts
Remove comments which may begin with a ';' so URL Table entries like SpamHaus' drop list can be used
Refine the formatting of the service status icon a bit depending on its context.
Add some safety belts.
Add/use some more similarly styled icons here, for a more consistent look.
Fixup openvpn shortcut bar status/control
Give status icon a title/tooltip
Print service title in tooltip for shortcut bar
Start revamp of shortcuts, central file to hold links, also service status/control, added to dns forwarder as example.
Fixup output formatting
Consolodate a bunch of duplicate service status code
Add forgotten "ipv6 remote network", clean up a couple bits, make sure local network box is hidden for shared key servers.
Catch another error here
Make sure we don't have any extra whitespace here.
Change rcfileprefix to a constant
Minor text typo in DynDNS log message
I noticed the "Inital" typo in my syslog, so thought I might as well scan through the DynDNS messages and fix it up.
Minor fix to percentage output on pkg install
A variable not changed in a cut-paste.When on console, update_progress_bar should also only be called for 1-9 then every 10% progress, to reduce serial output volume.
Activate more Hash, DH, and PFS options that are available in racoon now. Note that SHA256-512 are RFC4868 compliant in FreeBSD, may break with other incompatible stacks.
Tidy package cleanup output
Add a "done." and newline after "Cleaning up..." Then when output is going to the serial console the next line will start cleanly and %age figures will not write over the top of "Clean".
Tidy up percentage logging to console
When on the console, the code only intended to update the percentage downloaded every 10%. Due to string-and-int type differences, the test was not working, all percentages were being logged. This is fixed.Also, add a newline after 100% - then whatever outputs next gets a clean start on a new line of output....
Ensure this gets a set default value or things can break
Correct variable name. Fixes #2571
Silence tar command to not garble console
To not clobber the console add \r when outputing status information on console
Correct mod_evasive setting per CP to confirm to what the CP page description says. Resolves #2270
Refine test
Do some cleanup of code for zones
Correct generation of lighty config for CP now that zone is passed as parameter
Merge pull request #196 from mtharp/dhcpv6-relay
Get DHCPv6 relay working (#1663)
Try to keep existing files rather than unlinking/replacing when restoring the package libraries during a package removal. Needs some testing, but for NanoBSD it fixes #1049
Unlock on return
There is no need to remove the @ from function names. Also properly unlock in case of exception. Size is constant and we know it no need for extra call to shmop. Put some more error checking just in case
Don't conf_mount_rw every time packages are listed
Every time System:Packages is selected, the code does a conf_mount_rw, checks for existence of some dirs, then does conf_mount_ro. This makes navigating the package install GUI slow on nanobsd, and it is not needed....
Make access to shared memory atomic
Use lock and unlock to make sure that all incrementing and decrementing of the reference count in the shared memory section is atomic. This ensures that there are not unusual timing conditions that could see 2 callers trying to update the reference count at the same time, which could result in the count never returning to zero. If that happened, then the filesystems would never be restored to read-only. (this is really just relevant to nanobsd) (note that shmop_* calls in php do not do any locking themselves - callers must coordinate their own access to the shared memory section)...
Construct the arguments to dhcrelay -6 correctly
Implements ticket #1663
Fix negative test
Pad data when adding to refcount reference, to avoid some oddities with how php handles such data. http://forum.pfsense.org/index.php/topic,51188.msg278141.html#msg278141
Supress the error message if the ldap bind doesnt happen
99./8 is not private IP space
Add the new 100.64/10 nat 444 CGN/LSN shared transition space netblock here. Also add it as a private network in the private network block
Merge pull request #192 from phil-davis/master
Validate advanced gateway monitoring settings
Allow dom_title width parameter to be null
This prevents warning messages if called without the width parameter - reported in forum http://forum.pfsense.org/index.php/topic,51822.0.htmlThe code already handles width being NULL or blank, it just needs to be explicitly defaulted when the parameter is not passed at all.
Put apinger default values into a function
The default advanced apinger parameter values are now returned by function return_apinger_defaults. So they can easily be obtained by any code that cares.
Expand cipher list and remove a cipher that Safari on iOS does not like after recent lighttpd changes. Fixes #2553
Make sure that we process the logic statement correctly, otherwise we might accidentally end up missing dual stacked or tunneled interface gateways
Merge pull request #175 from marcelloc/master
pkg_edit - add show_disable_value option to select_source xml option
include check to avoid function_exist errors
Be more verbose during upgrade to see why nanobsd isn't carrying over the setting as expected.
Fix for this crash report, received after resetting a test system to factory defaults and setting up initila stuff:i3868.3-RELEASE-p3FreeBSD 8.3-RELEASE-p3 #0: Sat Jul 7 21:34:19 EDT 2012 root@FreeBSD_8.3_pfSense_2.1.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386...
Move locale files from /usr/share to /usr/local/share
Add an option to System > Advanced, misc tab to enable loading thermal modules (amdtemp, coretemp)
Fixup serial console settings that get applied to nanobsd. Fixes #2484
Fix system_routing_configure() function so it does not try to add static routes ipv6 subnets to ipv4 gateways or ipv4 subnets to ipv6 gateways while using aliases that includes both ipv4 and ipv6 subnets.
Fix Captive Portal SSL
Merge pull request #167 from ccesario/master
Change field name from lowloss to losslow fixes ticket #2537
Change field name from lowloss to losslowrelated in http://redmine.pfsense.org/issues/2537
Merge pull request #165 from r-duran/master
Fix get_staticroutes() function to handle IPv6 subnets properly
Make sure one_pass i selected when CP is active
Remove ca reference
Implement certificate chain in Captive Portal
Use Certificate Manager in Captive Portal settings
Do not directly print out a message when checking the interfaces, instead saving the list to use later. Display this list before the interface mismatch message. Fixes #2468 and fixes #2531
Merge pull request #158 from ccesario/master
Change ereg_replace to preg_replace() and ereg() to preg_match() functions
Fix LDAP over IPv6 (works fine, just needed slight adjustment to URI)
Reconfigure OpenVPN on gateway change
Change ereg_replace to preg_replace() function
Change ereg_replace() to preg_replace() function
Change ereg() to preg_match() function
OpenVPN servers can start on carp vips, just not clients.
Comment out adding static routes for gateway monitor IPs because we now bind to the correct Interface with apinger.
If we only have a IPv6 interface we'll use that, otherwise a IPv4 address always has preference. Revisit this for OpenVPN 2.3