pfSense

Use array_splice() to unset items that should not be sync'd (nosync) Resolves #38

Make altq driver list up to date with 7.2

Add vge interface to AltQ capable list

Sync run_plugins() with head

Unbreak parse_config plugins and fix autoconfigbackup

Disable sshlockout. It's locking out after one failed login now that it's reading the logs correctly. It also isn't configurable, doesn't have a status page. Since 1.2.3 is close, let's ditch this from RELENG_1_2 and fix it properly for 2.0.

Merge branch 'RELENG_1_2' of http://gitweb.pfsense.org/pfsense/mainline into RELENG_1_2

Fix typo

When a UDP reflection line was added for inetd, it was added as stream

Cleanup NanoBSD firmware upgrade

Make sure config.inc is sourced

Allow logging everything to syslog (allows syslog of snort, amongst other things)

Allow tcpdump by default on enc. There is no measurable performance impact, and it's annoying to flip the sysctls to allow when needed.

add "Disable reply-to" box. Work around for bug #14

Tell syslogd to not compress information to the following line is repeated N times. This unbreaks sshlockout_pf.

Don't log an error unless there really is one.

Fix rdr on PPPoE and PPTP servers

Revert the flowtable addition that should have never been accidently commited. Skip pfsync0 similar to how we do in master/HEAD

Load glxsb by default, unless disabled. Add option to disable to System -> Advanced.

Fix variable name so that the prefer old SA knob actually does what one expects it to do.

needs to be a global now

Do not allow muting of serial + full install

Do not allow muting of a serial console. The kernel gets very cranky and dishes cannot control tty errors

Switch over the dns list from arguments to dnswatch to a file which holds them which dnswatch will use

Allow auto firmware upgrade to work on NanoBSD

Allow auto firmware upgrade to work on NanoBSD

For now set the number of flows to the same as allowable states.

Do not add hostname to watch in the refresh ipsec policy section, there may be other tunnels using the same
endpoint which need refreshing as well.
This is also done in the part where the racoon configuration is written so it's safe to skip it here.

Silence the logging in the dnscache code and the ipsec route add code into a debug check...

Make the dnswatch list array unique before processing

Increase the PHP running memory limit to 128MB from 32MB, on 1.5MB large
config XML files we run out of memory.

This routine was not meant to foreach() even though it is inside a foreach(). It's slightly confusing but the foreach obtains the correct namespace and then processes. Add the needed break; statemenet because on subequent foreach() loops, the carp password will be WRONG/BLANK.

MFC fix from Ermal

Fixes #26

Do not call mute_kernel_msgs() it causes havoc.

Match 4.X polling behavior. See thread "Polling and kern.polling.idle_poll"

Remove trailing /

Add missing /

Correct the name its parse_config

Correct the name its parse_config

If the key is 0 then return, it is not a valid key.

Surpress sem_ errors

Teach config about nanobsd

Check to see if dir exists before blindly mounting rw

Add missing conf_mount_ro();

No need to call conf_mount_rw() when generating config.cache, it is on /tmp

Patch from Aarno Aukia for cvstrac ticket #1932

remove watchdog

Disable watchdogd until we can find a workaround. When IPSEC is thumping (or any other network intensive opeartion) for long period of times can trigger the watchdog. Really watchdogd needs to check to see if network packets are flowing because if network packets are flowing the box is up from our standpoint.

patch from jim-p to fix remote VPN logging now that we have apinger

Adding base_package feature to restore menu items for base packages after configuration
restore.

Handle packages on embedded the same. Ssshhhh, don't tell anyone.

Fix ruleset for > 100 OpenVPN connections

clean up the old unused bridge code while here.

Exclude ppp from interface mismatch check

Remove RRD options from the apinger configuration.
They do not make any sense to generate since they are not used anywhere in 1.2

Eventhough you can set the racoon admin socket to a different path in the configuration it will be ignored by ipsec-tools 0.8+
Align all the sockets into the new path /var/db/racoon so that we can find it.
Remove the old killall -HUP racoon as this prevents the newer racoon from properly loading it's initial configuration. This might actually also have been a possible problem on the old ipsec-tools...

Oops, make that /bin/mkdir

Exclude plip from get_interface_list

Merge branch 'RELENG_1_2' of http://gitweb.pfsense.org/pfsense/mainline into RELENG_1_2

fix static route deletion

Add NAT-T ports.

Submitted-by: JimP@

Set hostname then call hostid

Ensure /var/db/racoon exists

Oh dear, looks like I had the values for loss and latency reversed.
That is not very useful.

Make the apinger rrd files end up in /tmp so they are not seen by the
web ui.

Adding --all-servers flag for DNSMasq which can help when a DNS server is unreachable and in some cases speedup queries since it will ask each known dns server all at once and use the first response that it finds.

Change the warning threshold for the apinger delay warning from 100 to 200 ms.

Backport apinger from 2.0 to 1.2
This removes the gateway support from the slbd load balancer. It will now create a apinger configuration instead.
Change syslog configuration so apinger logs to the slbd.log
Correct status page so that it shows the gateway status....

Hide errors.

Hide errors on sem_get() too

Surpress semaphore errors

use real if name for get MTU function

merge Ermal's CP locking changes

Merge branch 'RELENG_1_2' of git@rcs.pfsense.org:pfsense/mainline into RELENG_1_2

Kill rrdtool before killing updaterrd, possibly prevent multiple updaterrd from running.

Move firmware update text format to globals.inc

add missing \n's caught by jim-p

point to correct path for nsupdate

colons are valid in usernames, such as for no-ip subaccounts.

add msk(4)m

remove debug logging

Add /var/run directory in dhcpd chroot

Fix "disable checksum offloading", and some other bugs with certain combinations of options while here.

Clean up polling fix a bit.

Fix polling, update supported interfaces list.

Allow disabling of auto-added VPN rules

Set ipfw's state limit the same as pf's

Trigger drop down menus on 83 chars

Block all IPv6 traffic by default, since IPv6 isn't supported, there isn't any way to add such rules in the GUI, and nearly all users won't want IPv6 to traverse their firewall at this point. Add "Allow IPv6" checkbox to disable this behavior.

Since they're listed by name, order alphabetically.

Honor monitor type for server load balancing

Use 80 chars

Woops, use 80 chars not 70

Switch to a dropdown menu when there are more than 80 characters combined
in the display_top_tabs() function.

Add Broadcom BCM5708 bce driver to the list
Add Intel 82598 10 Gigabit ixgbe driver to the list

Improve the matching of carp ints to IPs.
Previously this stristr substring match would return incorrect/unexpected results. 10.0.0.1 would also match 10.0.0.16, 10.0.0.135. Adding a space to the IP to check will only match the specific IP given, since it is followed by spaces in the ifconfig output.

When optimization is "conservative", also increase UDP timeouts. Helps prevent disconnects and drops with some VoIP services.

Change log message. This doesn't necessarily mean the IP has changed, so it was misleading.

Log actual interface rather than CARP interface

Add hideplatform item which is useful for rebranding

Ensure dpddelay is a value, not that its simply set leading to racoon.conf errors:

my /var/etc/racoon.conf file has: "dpd_delay ;"

Reported in ##pfSense on FreeNODE by Overrand

Revert "Sync from HEAD to avoid complete meltdowns when downgrading from 2.0"

This reverts commit 1987293b2cf80d15677860f9c5d6ff52b9ff03db.