pfSense

- correct behaviour of dhcpd.conf creation
- enable root-path

DHCP remove duplicate option domain-name ind dhcpd.conf

DHCP: domainname / HEAD > RELENG_1

Add TFTP and LDAP server options to dhcpd

Users that have specific page access can now login

-move upnp_action to services.inc
-make sure to clear rules when stopping miniupnpd
-fix status_upnp and status_services pages so they use upnp_action and not the rcfile

remove previous commit, moving function to index.php to support package installation

add tab for widgets function

Add rrd graph settings page.
Bump config out of line with 1.2
Add rrd config upgrade code.

Keep longer archives, allow for a 4 year span

Axe unused archives, correct average times.

Commit missed checkin, supress debug message

Unbreak IPSEC, correct pathnames

CAPS kills. Literally. Do not set the description to upper case LAN when we are looking for lower case.

Kill off old pftpx processes correctly

Improve the load balancing pool edit screen.

Submitted-by: Chris Daniel

Use $lanif for lan anti-lockout rule

Escape $lan correctly

Do not use $iface as source or destination as it may be a member of a bridge without an ip address and pfctl will complain.

Since we are matching traffic on incoming interface, do not link wan or lan to bridgeX

Only pass anti-lockout traffic on $lan

Fix loading and reloading config for IPSEC.
MFC: Possible candidate, works for seth. Needs test.

Supress debug logging

Cleanup IPSEC rules. We where blocking port = 500 UDP on CARP interfaces, for one.

Be more verbose on logging so that we can correctly deterimine protocol, etc.

Ticket #1348

$config needs to be global

unbreak policy routing rules network access to LAN IP

Ticket #1320

Correctly move upnp to base since LiveCD cannot write files to /usr/local/etc or /usr/local/etc/rc.d/

Ticket #1342

Kill trailing space

Remove openvpn csc file when option is disabled.

Ticket #1339

Add ASN1DN identities support to IPSEC.

Subbmitted-by: Nic Bernstein <nic_AT_onlight.com>

Do not antispoof on wan when it is bridged.

Ticket #1352

Move CARP and PFSYNC allow traffic before USER_RULES section. If a person has a restrictive ruleset then it is possible to disallow traffic.

Add Type-Of-Service-passthru for server and client

remove part of solution of problem solved elsewhere

Make OpenVPN usable in status_service.php

Default to nat-reflection inactivity of 2000 which is roughtly 33 minutes.

Correct location of use_rrd_gateway.

Make sure we are writable for /etc/crontab

Unbreak captive portal images.

correct code formatting

Add OpenVPN CSC-DHCP Options (override per Client), add TLS-Authentication, add connection-limit for server

Restore previous PPTP changes.

With the tweaks that have occured today fastcgi can now run again on 64 megabyte machines.

• fix: background on login screen

Close STDIN ($fp) handle before returning back to shell. Major doh's.

use killall

• Flush SPD's on reload
• Kilall -HUP racoon if its already running since racoonctl is brokie brokie

• Remove path from racoon grep
• Remove [r] from racoon and simply grep for racoon

Correct ps location

Instead of skipping DHCP server on LAN in a bridged environment, simply log an error letting the operator know that DHCP Server is enabled on LAN in a bridging environment.

Do not check for disabled nat reflection before installing tftp helper.

NITPICK, line up tabs.

Fix minor variable mismatches.

Backport tftp proxy helper

Use keep state instead of modulate state

Initialize variable to false.

Really only allow adavanced tunables when some kind of state tracking is enabled.

Only allow adavanced tunables when some kind of state tracking is enabled.

Pass gre in any direction.

Update static routes on filter reload

Ticket #1330

Unbreak local queries that where broken in Ticket #1190 until we hear back from author of the patch.

Remove trailing space / cr

Correct descriptions.

Upgrade configuration correctly.

Upgrade configuration correctly.

Upgrade to config.xml sysctl's. Bump configuration version to 3.1.

Add system tunables area which allows the user to fine control sysctl's.

• Add functions required for dashboard
• Killing trailing space

Don't check carp settings, check if vip addresses exist.

usleep(1000); between down and delete. this appears to fix the carp issues.

Do not destroy carp interface which can lead to a panic. This has been tested and works just fine after deleting and adding new carp interfaces.

Commit forgotten vpn_ipsec_force_reload()

Use pfSync SYNCPEER directive if defined.

Ticket #1317

Scrub the absolute minimum amount for PPPoE

when pppoe aliases on pppoe server are made they make aliases for ng0 to whatever. but ng1 should be the start for pppoe-server ng0 should be reserved for pppoe client this problem could effect pptp server as well.

Ticket #1308

Correct style sheet class.

Do not flush SPA and SPD before starting. It upsets racoon.

$config needs to be a global item

Honor sticky-address setting from system->advanced for outgoing load balancing items if it is enabled.

Patch from Martin to fix http://forum.pfsense.org/index.php/topic,4773.0.html

Rework stop and start logic. If we are already alive, reload instead of stop and start.
Tested by Seth.

Update XML_RPC to 1.5.1
This fixes sync issues on configs > 500KB

Port load balancer sticky address option

Sometimes people have local domains which they do not want forwarded to upstream servers. This is accomodated by using server options without the server IP address. To make things clearer local is a synonym for server. For example the option local=/localnet/ ensures that any domain name query which ends in .localnet will be answered if possible from /etc/hosts or DHCP, but never sent to an upstream server....

Add NTP server field to dhcp config.
From: Alexander Schaber

Add is_wan_interface_up($interface)
Can be optional interface as well.

Add openvpn server tos and dhcp server options.

Submitted-by: Martin Fuchs

Trigger on right opt interface

Widget base. Note: changes to widgets are not saved yet.

get_interface_gateway() does not understand pppoe

Return the virtual interface for PPPoE

Do not create nat on rules for opt interfaces with a gateway.

further changes to 1.3 for pppoe server and pptp server. added to gui add radius acct and auth ports add acct update in seconds option for external radius servers add backup radius server changes

rearranges xml for better use moved radius specific features inside tags added options for additional server above 2 miner bug fixes

Ticket #1306

Add hidden command to disable authoritative mode (dhcp server).

To utilize do something like this in php pfSense shell:

$config['dhcpd']['optx']['disableauthoritative'] = true;
write_config();

• Do not allow duplicate entries by default in add_text_to_file()
• Add option which allows duplicates

Submitted-by: Uranellus via IRC

Import smtp.inc which allows sending e-mails from PHP. This will be used later down the road for the automatic logging/emailing system. This will also allow pfSense developers to begin e-mail equipping portions of the system as well.

Install frickin pptp proxy rules correctly.

Do not allow - in aliases. This breaks port aliases.
tables are fine with the - and the _. Ports only work with _.

• Do not close a buffer that has failed
• Automatically retry failed connection