Allow special chars to be used on IPSec mobile login banner. Fixes #3247
Set default value to radius_protocol during upgrade, it should fix #3226
Fix 'Packet loss rate' and 'Bucket Size' range checking
Needs parens
Add upgrade code to change the DHCP next-server value to nextserver since it was renamed sometime in 2.1 but upgrade code didn't follow. Also shuffle the upgrade code blocks a bit since we need these on 2.1.x and nobody should be on 2.2 yet, so the impact should be minimal to renumber the one bit specific to 2.2.
Perform a much more accurate comparison between two certificates to determine if they are identical when checking their revocation status. Fixes #3237
Remove newsyslog cron job on upgrade, if present.
Remove this check, the value can be 0 here if the target is the first item in the array.
use (self) instead of any for web lockout
use (self) rather than any as the destination for the lockout rules
Fix codel not being applied on non-priq queue types
Fixed typo in CoDel wiki link
Update to include GratisDNS dynDNS service
Make sure no extra spaces end up in the parsed IP, it can lead to issues in other places (Easy Rule, etc)
Add patch from Ermal to fix ifconfig error on gif in certain cases.
Fix CP stats generation for concurrent users. Fixes #3225
Merge pull request #795 from razzfazz/ia-pd-hint
add option to send prefix hint for requesting desired prefix length for delegation (for master branch)
Switch to rw mode before file operations on RFC2136 cache. Fixes #3201
Merge pull request #803 from PiBa-NL/outboundnat_disable_checkbox
outboundnat, disable rule checkbox
outboundnat, disable checkbox
Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180
Alix 2D6 crashes upgrade process withou out of diskspace
Updating the the RRD graphs causes two copies of each RRD's XML file to be stored in /tmp.
On Nanobsd, the default /tmp size is 40mb. It doesn't require very many RRD XML dumps before this is exhausted.
Set action = pass for configured mac addresses on CP passtrumac
Remove unecessary blockedmacs db and read it directly from config
Remove call-time pass by reference from traffic shaper files, it should fix #2565
Do not add a ipfw rule to block mac since auth can take care of block or redirect it
Make sure db doesn't exist when start to configure macs
When block a MAC address, add it to a DB to make it possible to redirect it to a URL
Add action to auto created passtru mac rule
Remove unused variable $macdb
Make captiveportal_passthrumac_delete_entry() return rules instead of execute them as other similar functions do
Add actions (block or pass) to Captive Portal passtrumac
s/BSDP/ESF/
Simplify the update URL definition in globals.inc and add some comments to it.
Update an existing cron entry for pppoe periodic resets
The array variable name was incorrect in the test, so the existing cron entry was not being matched. Fixes #3192
Leave a trace that rtsold did fire the dhcp6c client so troubleshooting is easier
Correctly check the secondary/primary parameter setting on dhcp failover configuration
Correct typo that prevents dhcp rules from properly being generated.
Do not include disabled OpenVPN in vpn_networks and negate_networks
Fix errant display of "0 table deleted" during filter reload on console.
Remove failover peer IP settings from DHCPv6, DHCPv6 doesn't support failover the way that DHPv4 did. Fixes #3184
Disable kill_states by default on upgrade, it fixes #3183
Allow for easier override on $g values if needed.
Correct check to match the right vip based on configured ip. Reported-by: http://forum.pfsense.org/index.php/topic,66234.0.html
Ticket #3181 do the state flushing only on down gateway detection rather than any time.
Actually the / here is not needed.
Introduce two new functions to be used on locking.
- try_lock: used for trying to get an EXCLUSIVE lock for a specified timeout by default of 5- unlock_force: which just releases any locks held on a specified lock
Use this new functions on rc.openvpn to avoid spurious stale locks around.
Make the operation of saving old rule nearby the writing operation to be logical to spot
Sprinkle some unsets to reduce footprint and correct some whitespaces
filter_generate_port error log function name
Absolutely minor adjustment to make the error log message refer to the new function name.
Fixes #3173 if any port information exists on the rule than put it on the NEGATE rule generated.
Remove SPD when disable phase2, it fixes #2719
Merge pull request #796 from phil-davis/master
Traffic Shaper GUI text typos
Merge pull request #793 from shahidsheikh/master
Fix #3174 Handling of gateway groups in openvpn_restart()
Bring back static routes to fix issues reported on Ticext #3179
Fix #3004:
. Create a function to replace strings on deep associative arrays. Use the recent created function array_replace_values_recursive to fix VIP interface names instead of touch config.xml directly
Make sure RRD data is restored from backup before upgrading data and a new backup is done after. It should fix #2159
and note the Queue Limit is a number of packets (not packets per second)
add option to send prefix hint for requesting desired prefix length for delegation
This change adds an option on the interfaces page for sending a prefix hint for the selected delegation size. If enabled, a "prefix" field requesting :: with the appropriate prefix length (64 - dhcp6-ia-pd-len) is added to the "id-assoc pd" entry in the dhcp6c config file. This hint is required for requesting prefixes shorter than /64 from Comcast.
touch up text, s/nat/NAT/
Fix #3174 Handling of gateway groups in openvpn_restart()If the underlying vip of a gateway group that an openvpn client is boundto is in backup mode then the client should not start.
shaper burst may be blank, but if not then must be numeric
Fix #3172, return_gateway_groups_array() was returning the last vip since it was using wrong variable name on iteration
Dummynet does not require burst size specification
Dummynet traffic shaper does not require burst size specification andassumes 0 if not specified. Allow user to leave burst field blank/
Provide get_uptime_sec in a common include file
so it is available to anything that cares.
Use new names for get_memory parameters
Use hw.physmem when calculating pfsense_default_state_size
hw.physmem is the actual amount of memory that FreeBSD/pfSense can get its hands on, so use this for the calculation.
Use updated get_memory var names
The value of minimum_ram_warning is designed to be compared to hw.physmem - so do that. Usse the appropriate physmem or realmem value in each place.
Improve var names in get_memory
realmem is the amount of actual (real) memory installed - the size of the RAM card - e.g. 256MBphysmem is the amount of memory available to FreeBSD after BIOS, video... has stolen some of realmem.The variable names currently used are not very helpful for code readability. This standardises them. No functional change here.
Support the names used by the status page as well as those used internally by service entries.
Delete old route for remote gateway when its IP changes. It fixes #3155
Fixup check for existing easyrule block rule to account for the ipproto and when the ipproto is blank.
Add scope to target when it is a link-local, it helps ticket #3150
Attempt to recognize pfsync entries from pf logs.
Fix selection of IPv6 target IP for IPv6 Outbound NAT rules.
This makes it possible (without source hacking) to do many:1 NAT of IPv6.
Some will rejoice. Some will curse.
This should really only be done in limited, specific circumstances. Don't develop the IPv4 NAT mentality with IPv6.
Use ntpdate from ports also and obsolete base one
Ooops fix this to add only th einterface
Add scope identifier to target when its link-local
Add also a special case so the correct ip is returned for the case when WAN is v4 PPP type and v6 is DHCP but with option fetch v6 info from v4.
When using DHCPv6 and only requesting a prefix the communication on the WAN interface will be over link-local so return the link-local address of the interface in this case rather than nothing.
Optimize a bit to try and convrt back to friendly interface only when needed
Resolves #2627. When WANv4 is PPP and v6 is DHCP but the option get v6 info from v4 is ticked the real interface is different. For WANv4 is pppXX and for v6 is the real underlying interface. Take this into consideration during interface_bring_down to properly cleanup things
Correctly remove IPv6 addresses from the interface rather than just erroring out. The same trick that works for IPv4 of not specifying address does not work with v6
Even if called with wrong parameters try to do something rather than return here.
Add the check even here when dealing with ipv6 addreses
Handle link local addresses with embedded interface scope on is_ipaddrv6 and also on dnsmasq which is not yet there for these addresses
Unbreak limitrules and probably pfblocker errors. Spotted-by: Jim
When renaming or deleting a virtual server, clean up the old relayd anchor name. Otherwise the rules are still there and valid, and will cause problems as they will override the new VS settings. Also clear out the anchors when stopping relayd or starting fresh that way no old settings could conflict.
Cleanup some code that is not needed anymore
Use pfSense module functions for finding interface v6 addresses. The addresses will be not in friendly format as returned by getnameinfo
Remove prior CSC entry when cleaning up. Fixes #3143
Declare globals as global before defining them in openvpn.inc
Force apinger to write the status file before getting gateway status
Ticket #3139 try to detect if the popen is closed from an error
Fix interface selections on UPnP to show the customized descriptions entered by the user. While here, add an external interface selection knob. Fixes #3141
Conflicts:
etc/inc/pkg-utils.inc
Fix #1047
Remove duplicate polling set
Show apinger as a service when active, and display its status on gateway-related pages.