Minimise config updates when checking cron jobs
Update /etc/ttys from new partition when upgrading nanobsd, and in this case do not call reload_ttys(). It should fix #4140
Remove unused variable
Correctly call function for retrieving stats from ipfw. Fixes #4131
Fixes #4130 Check for a certain size of file to start showing data on dashboard and avoiding xml parser errors
Fix displaying description for IKEv1 connected tunnels
Make this function readble
Merge pull request #1395 from wagonza/RELENG_2_2
Allow dot at end of FQDN for a host
Redmine #4124 has discussion of this.
Pass src dst IP port through to firewall log
and IP version. So that the receiving code can easily have each pat of the IP addresses and ports, and display them as it wishes.
Prevent resolvconf(8) from stomping all over our newly generatedresolv.conf and subsequent updates.
Add config upgrade code to validate changes made on c2fe67eb and d269747b. It fixes #4134
Correct ipsec status page to make connect button work
Manually merge vpn.inc from master since cherry-picking is very messy to perform.
Correct issue with not reloading CP properly on calling interface configure.
Fix issue reported on https://forum.pfsense.org/index.php?topic=85737.0
Do not apply bw limits if the setting is not enabled in CP. Though still respect radius attributes for now with this setting. Resolves #4127
Correct the leftsubnet specification for transport mode.
Ooops fix this identation on final config
Remove option that has now been merged into infra-host-ttl.
Remove unused function
Enforce some more checking to avoid https://forum.pfsense.org/index.php?topic=85580.0
include $myid in these PSK lines. Ticket #4126
Simplify logic using a proper function as spotted by Ermal
Replace ; by newlines when upgrading custom_options from unbound packages, it's related to ticket #4090
Add openvpn interfaces to group when they are created, it should fix #4110
Check if interface exist before try to add it to group
Bump latest_config version that I forgot on previous commit. Spotted by Jim Pingle
syslogd can't just be HUPed to pick up its new config, as many of thoseare command line arguments. Go back to 2.1x and prior behavior of TERM andrestart. Fixes source IP use with syslog among other config changes.
Add a cron item to expire items from webConfiguratorlockout, also add config upgrade code. This fixes #4122
Check if interface is disabled when configuring DHCP server. It fixes #4119
Give the proper value for the logging level since even 0 is the correct value coming from GUI.
Make logic more visible as suggested by Ermal
Teach interface_vip_bring_down() to deal with IP Alias over CARP
Use newline to separate unbound custom options during config upgrade, it should fix #4104
Where binding Unbound to *:53, set "interface-automatic: yes" so replies are sourced from the correct IP. Ideally this should always work this way, but setting this causes Unbound to bind to *:53, which shouldn't happen where specific interfaces are chosen. Ticket #4111
Split ICMP and ICMPv6 types on Firewall Rules
- Remove redundant declaration of $icmptypes and move it to a commonplace (filter.inc)- Add missing ICMP types for v4- Add ICMPv6 types- Adjust javascripts to show correct options depending of IP Protocol...
Make sure this message is only displayed on console
get_failover_interface() is already called inside get_interface_ip(v6), no need to call it twice. It should fix #4089
Use exit instead of return here, otherwise script's return code is always 0 and user with wrong password is authenticated
Disable RC4 ciphers in lighttpd
dyn.dns.he.net uses a self-signed cert, disable verification for it.
Don't try to launch 3gstats unless it's on a valid device.
Proper CA certificates are in place to validate SSL in these cases where it previously couldn't be, remove disabling of verification.
replace spaces with tabs
After discussion with Ermal, remove this to force consumers to send thingsproperly. I fixed the scenario in Unbound where it was sending IPs tothese functions rather than an interface, so this has no functional diff.
Don't include link-locals as unbound interface candidates
Unbound does not presently support link-local interfaces.
Fix update url since now we have RELENG_2_2
Proper fix was put on f658bacRevert "Can't skip this if booting, ends up breaking config. Ticket #4071"
This reverts commit effb3a3cfe4e57b781f35ba8a145eb627014d8ce.
change the ordering of dhcpd_configure and unbound_configure here, claims on forum it fixes issue I can't seem to replicate.
Merge pull request #1360 from jean-m-cyr/master
Link local interfaces don't have subnet.. don't create access-control statement
Selecting link local interface for unbound causes invalid access-controlstatement in unbound config since link local address doesn't havesubnet.
Can't skip this if booting, ends up breaking config. Ticket #4071
fix IPv6 static routes, is_ipaddrv6 returns true for strings including aCIDR mask, which then ended up broken.
Change our default resolv-retry back to OpenVPN's default. Changing thisdidn't help the ticket where it was intended to help, which was laterfixed differently. This change in defaults is problematic in a lot ofscenarios, go back to the way things were before. Ticket #3894
Merge pull request #1357 from DasTestament/patch-1
reload Unbound here, fixes some instances of PD-assigned v6 IPs missing from unbound.conf
If get_interface_ip(v6) is passed an IP, return the IP.
Properly set up interface binding for v6 link local IPs. Ticket #4021
except had to comment out the fix for now because of #4062 to avoid config breakage.
Preserve exit code lost from s/exit/return/
Cleanup whitespace.
Remove exit from as much as possible backend code
Comment out copy paste of v4 code. No need to delete arp entries on v6.
also take into account the "all" option in Unbound Network Interfaces whensetting 127.0.0.1 into resolv.conf.
Update filter.inc
Add missing gettext.
p.s: Is it really needed to log? Lots of rules causes lots of spam on ifaces without gw. Such kind of this logging should be controllable by user via option at least.
Unlink temporary xml file to avoid filling up space with junk files
Only set i_dont_care_about_security_and_use_aggressive_mode_psk=yes where there is a P1 with aggressive+PSK enabled. Log a warning when such a configuration is in use.
Correctly delete xml file after restore and conversion to rrd
When doing "Generating RRD graphs" at bootup, the data is restored from /cf/conf/rrd.tgz into xml format files in /var/db/rrd. Those xml files are then convert to rrd files. After that, the xml files should be deleted - but the xml file path was not quite right, so they were not being deleted....
Fix bracketing of if statement in unbound
Stops message:Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/unbound.inc on line 607The problem was introduced when lines 607-608 were added without adding these brackets.IMHO programming standards should include ALWAYS using brackets for "if" and other similar statements. That way this sort of code addition accident does not happen. But I guess there are others who have different opinions.
fix syntax on prefix6 for DHCPv6 PD
Add input validation on vpn_ipsec_settings.php. Fixes #4052.
Skip v6 WANs in Unbound access-control. Ticket #4023
fix v6 access-control in Unbound, Ticket #4023
Ticket #4009 Force serial console whenever the installer told us so.
check if Unbound is enabled in addition to dnsmasq for v6 DNS assignment. Fixes #4051
Fix input validation for DNS resolver when localhost is enabled in resolv.conf and "all" chosen in Network Interfaces. While here, set something other than '' when all is chosen.
Correct some logic and remove temporary files
Make restore one by one to help https://forum.pfsense.org/index.php?topic=84693.0
Correct typo on variable. Should help https://forum.pfsense.org/index.php?topic=84451.0
Add a parameter on platform_booting to help detect if it's on GUI on console and use it in appropriate places, it fixes #4049
Fix sapi name check to detect if it's on console, ticket #4049
Remove the . here they just confuse things as in Ticket #4049. Also check that the script is called from console to trigger the convertion and mounting of floppy.
Remove these booting settings since are useless
Bring back the old way of waiting for 3 times of 10seconds on bootup for a ppp type interface to come up. while here also do bringup of virtual interfaces only when not booting
Use function for determining if its ppp type
Cleanup some code and use function for easier management
Add option to disable auto-added access-control entries for users who want to manually manage ACLs. Ticket #4023
Fixes #4040 for pppoe use static route with -iface option to help when more than one pppoe has the same gateway. Also kill states when reloading apinger to catch up with new route
Make the parsing of setkey -d(SAs) more reliable. Fixes #4043
Correct logic of skipping for gif/gre/bridge on top of _vips. Even though this is not anymore a problem in 10 since the vip is on the physical interface but for now its ok.
Put the safety belts for rrds on its proper location. No need to create /tmp and change permissions on these paths
Fix Unbound host_entries.conf warnings on console during boot
system_hosts_generate() tried to make /var/unbound/host_entries.conf at various times in the boot sequence before the main Unbound start code was called. But these early calls to unbound-related things did not have any check to see if /var/unbound was created yet....
Setup rrd dir before calling create_gateway_quality_rrd
Stops error:ERROR: opening '/var/db/rrd/WAN_DHCP-quality.rrd': No such file or directoryin system log during boot.Forum: https://forum.pfsense.org/index.php?topic=84627.0
Use the undocumented -q options of devd to reduce spamming on logs. pfSense scripts do their logging so not necessary to have devd in there.
Do not run this during bootup
Optimize
Do not run this code during upgrade and if ost is booting up
Actually comment this code out since it causes more troubles than solves for any type
Just indent code to make it more readble.