Split automatic to nat hosts fill into a function to be able to call it from other place, ticket #2416
Remove unused variables and fix automatic nat to alias-address
Merge pull request #854 from icyfork/provides_empty_STDIN_to_pw_command
local_sync_accounts: provides empty STDIN to pw userdel command
Add hybrid and disabled outbound NAT, fixes #2416:
- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced keep working the same way- Hybrid mode applies manual rules first, automatic after- Disabled do no create any outbound NAT rules...
The /usr/sbin/pw command may wait for user input. For example,if there is a manual crontab settings for :foobar account, thenwhen this account is requested to be deleted, the command willask if user wants to delete crontab settings for the account....
Merge pull request #850 from phil-davis/master
Handle comma-separated list of remote networks when making vpn_networks table
Add an option to set no-sync on rules to keep states from being synced via pfsync. Fix #2501
Rework the usage of the shell i/o during stop_packages(), fixes the "Syntax error: bad fd number" for the remaining people who still saw it on shutdown
If remote_networks for an OpenVPN instance is a list of more than 1 network then none of the networks gets added to the vpn_networks table. The code simply did not address this new comma-separated list feature. Now it does, and the vpn_networks table contains all the remote networks listed....
Unset this variable used in the loop to avoid having wrong information
Do not forget the trace in the pf.conf that something went wrong during rules generation to be able to at least detect what is going on
Give clients the IPV6 address of the DNS server
For IPV6 WAN tracking interfaces, dhcpdv6 does not provide an IPV6address for the DNS server... fix that.
Revert "Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294"
This reverts commit b1e5a286bb47d7e4a5b3d589cc27b557b3b13c41.
Prevent a Fall Back Pool from being selected when the DNS protocol is in use. If one is present in the config, ignore it. Fixes #3300
Teach system_timezone_configure() to deal with symlinks to avoid having timezone misconfigured. This fixes #3293
Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294
Unset value should be '' and not 'none'
Change OpenVPN Compression settings to cover the full range of allowed settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).
Add an Authentication Digest Algorithm drop-down to OpenVPN server/client (SHA1 is the default since that is OpenVPN's default)
Revert "Define dynamic gateway for GRE interfaces and do not user to define IP address to the interface. Fixes #3280"
Another solution will be implemented
This reverts commit 6721d6d0443bd7e697bd6ca33f470c801608df7e.
Define dynamic gateway for GRE interfaces and do not user to define IP address to the interface. Fixes #3280
Make return_gateways_array() return all disabled gateways when $disabled is true, it should fix #3291
Fix an attempt to read unset variable $rtent
Add source address selection to syslog settings, so it can work more effectively over a VPN. Fixes #355
Fix #3235
. diag_nanobsd.php: . Since conf_mount_ro() is always being called, always call conf_mount_rw to keep refcount correct . Do not show refcount_read() return when it's -1. config.lib.inc . Increment and decrement refcount even if nanobsd_force_rw is set....
Make sure pf rule labels never have more than 63 chars. It should fix #3208
Prepend ipsec_ here as well for better protection
Use the pid of the process for the tmp file also prepend ovpn_ here to make it clear
Correct even here the routes from cisco-avpair processing
Use the pid of the process for the tmp file
Fix cisco-avpair processing, and route processing from avpair replies.
Add missing privileges to the list, it fixes #3279
Fix typo and whitespace
Fix #3259. Save 'packet loss rate' and 'bucket size' for limiter queues
Prevent a possible division by zero. it fixes #3212
Make sure vlan interface exist when it's being configured, it fixes #3270
Fix #3268 - avoid pf table names conflict:
. Create a list of reserved table names for the hardcoded ones. Use this list to validate aliases and load balance pool names. Check if alias names don't conflict with LB pool names and vice-versa
Merge pull request #817 from stephanel/master
Added OVH DynHOST in dynamic DNS services
Add Captive Portal Zones privileges definition. Fix #3216
Allow special chars to be used on IPSec mobile login banner. Fixes #3247
Set default value to radius_protocol during upgrade, it should fix #3226
Fix 'Packet loss rate' and 'Bucket Size' range checking
Needs parens
Add upgrade code to change the DHCP next-server value to nextserver since it was renamed sometime in 2.1 but upgrade code didn't follow. Also shuffle the upgrade code blocks a bit since we need these on 2.1.x and nobody should be on 2.2 yet, so the impact should be minimal to renumber the one bit specific to 2.2.
Perform a much more accurate comparison between two certificates to determine if they are identical when checking their revocation status. Fixes #3237
Remove newsyslog cron job on upgrade, if present.
Remove this check, the value can be 0 here if the target is the first item in the array.
use (self) instead of any for web lockout
use (self) rather than any as the destination for the lockout rules
Fix codel not being applied on non-priq queue types
Fixed typo in CoDel wiki link
Update to include GratisDNS dynDNS service
Make sure no extra spaces end up in the parsed IP, it can lead to issues in other places (Easy Rule, etc)
Add patch from Ermal to fix ifconfig error on gif in certain cases.
Fix CP stats generation for concurrent users. Fixes #3225
Merge pull request #795 from razzfazz/ia-pd-hint
add option to send prefix hint for requesting desired prefix length for delegation (for master branch)
Switch to rw mode before file operations on RFC2136 cache. Fixes #3201
Merge pull request #803 from PiBa-NL/outboundnat_disable_checkbox
outboundnat, disable rule checkbox
outboundnat, disable checkbox
Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180
Alix 2D6 crashes upgrade process withou out of diskspace
Updating the the RRD graphs causes two copies of each RRD's XML file to be stored in /tmp.
On Nanobsd, the default /tmp size is 40mb. It doesn't require very many RRD XML dumps before this is exhausted.
Set action = pass for configured mac addresses on CP passtrumac
Remove unecessary blockedmacs db and read it directly from config
Remove call-time pass by reference from traffic shaper files, it should fix #2565
Do not add a ipfw rule to block mac since auth can take care of block or redirect it
Make sure db doesn't exist when start to configure macs
When block a MAC address, add it to a DB to make it possible to redirect it to a URL
Add action to auto created passtru mac rule
Remove unused variable $macdb
Make captiveportal_passthrumac_delete_entry() return rules instead of execute them as other similar functions do
Add actions (block or pass) to Captive Portal passtrumac
s/BSDP/ESF/
Simplify the update URL definition in globals.inc and add some comments to it.
Update an existing cron entry for pppoe periodic resets
The array variable name was incorrect in the test, so the existing cron entry was not being matched. Fixes #3192
Leave a trace that rtsold did fire the dhcp6c client so troubleshooting is easier
Correctly check the secondary/primary parameter setting on dhcp failover configuration
Correct typo that prevents dhcp rules from properly being generated.
Do not include disabled OpenVPN in vpn_networks and negate_networks
Fix errant display of "0 table deleted" during filter reload on console.
Remove failover peer IP settings from DHCPv6, DHCPv6 doesn't support failover the way that DHPv4 did. Fixes #3184
Disable kill_states by default on upgrade, it fixes #3183
Allow for easier override on $g values if needed.
Correct check to match the right vip based on configured ip. Reported-by: http://forum.pfsense.org/index.php/topic,66234.0.html
Ticket #3181 do the state flushing only on down gateway detection rather than any time.
Actually the / here is not needed.
Introduce two new functions to be used on locking.
- try_lock: used for trying to get an EXCLUSIVE lock for a specified timeout by default of 5- unlock_force: which just releases any locks held on a specified lock
Use this new functions on rc.openvpn to avoid spurious stale locks around.
Make the operation of saving old rule nearby the writing operation to be logical to spot
Sprinkle some unsets to reduce footprint and correct some whitespaces
filter_generate_port error log function name
Absolutely minor adjustment to make the error log message refer to the new function name.
Fixes #3173 if any port information exists on the rule than put it on the NEGATE rule generated.
Remove SPD when disable phase2, it fixes #2719
Merge pull request #796 from phil-davis/master
Traffic Shaper GUI text typos
Merge pull request #793 from shahidsheikh/master
Fix #3174 Handling of gateway groups in openvpn_restart()
Bring back static routes to fix issues reported on Ticext #3179
Fix #3004:
. Create a function to replace strings on deep associative arrays. Use the recent created function array_replace_values_recursive to fix VIP interface names instead of touch config.xml directly
Make sure RRD data is restored from backup before upgrading data and a new backup is done after. It should fix #2159
and note the Queue Limit is a number of packets (not packets per second)