Fix codel not being applied on non-priq queue types
Fixed typo in CoDel wiki link
Make sure no extra spaces end up in the parsed IP, it can lead to issues in other places (Easy Rule, etc)
Add patch from Ermal to fix ifconfig error on gif in certain cases.
Fix CP stats generation for concurrent users. Fixes #3225
Alix 2D6 crashes upgrade process withou out of diskspace
Updating the the RRD graphs causes two copies of each RRD's XML file to be stored in /tmp.
On Nanobsd, the default /tmp size is 40mb. It doesn't require very many RRD XML dumps before this is exhausted.
Switch to rw mode before file operations on RFC2136 cache. Fixes #3201
s/BSDP/ESF/
This broke correct detection of primary/secondary -- the person in that thread may have had some other config issue, but this broke working/valid configurations. Revert "Correct check to match the right vip based on configured ip. Reported-by: http://forum.pfsense.org/index.php/topic,66234.0.html"...
Fix didn't help -- backing this out and the change that made it necessary. Revert "Correctly check the secondary/primary parameter setting on dhcp failover configuration"
This reverts commit 24670866827b4e2d7a4a05baaf6d09ee377ce7cb.
Fix update URL so the -RELEASE version looks at the stable updates URL by default rather than the snapshots server.
Update an existing cron entry for pppoe periodic resets
The array variable name was incorrect in the test, so the existing cron entry was not being matched. Fixes #3192
Leave a trace that rtsold did fire the dhcp6c client so troubleshooting is easier
Do not include disabled OpenVPN in vpn_networks and negate_networks
Correctly check the secondary/primary parameter setting on dhcp failover configuration
Correct typo that prevents dhcp rules from properly being generated.
Fix errant display of "0 table deleted" during filter reload on console.
Remove failover peer IP settings from DHCPv6, DHCPv6 doesn't support failover the way that DHPv4 did. Fixes #3184
Disable kill_states by default on upgrade, it fixes #3183
Allow for easier override on $g values if needed.
Correct check to match the right vip based on configured ip. Reported-by: http://forum.pfsense.org/index.php/topic,66234.0.html
Ticket #3181 do the state flushing only on down gateway detection rather than any time.
Revert "Revert back the behaviour to cleanup all states for 2.1 Fixes #3181 and related to Ticket #1629. This commit is only for 2.1 since on master development will continue for better alternatives"
A bit too excessive need to get right.
This reverts commit c59dd719e0a6d9ee8deecaa7bff0d6ee8c76e4ca.
Actually the / here is not needed.
Make the operation of saving old rule nearby the writing operation to be logical to spot
Sprinkle some unsets to reduce footprint and correct some whitespaces
filter_generate_port error log function name
Absolutely minor adjustment to make the error log message refer to the new function name.
Revert back the behaviour to cleanup all states for 2.1 Fixes #3181 and related to Ticket #1629. This commit is only for 2.1 since on master development will continue for better alternatives
Fixes #3173 if any port information exists on the rule than put it on the NEGATE rule generated.
Remove SPD when disable phase2, it fixes #2719
Merge pull request #796 from phil-davis/master
Traffic Shaper GUI text typos
Merge pull request #790 from shahidsheikh/RELENG_2_1
#3174 Added handling of gateway groups in openvpn_restart
Merge pull request #794 from phil-davis/RELENG_2_1
Backport get_memory changes to 2.1
Bring back static routes to fix issues reported on Ticext #3179
Fix #3004:
. Create a function to replace strings on deep associative arrays. Use the recent created function array_replace_values_recursive to fix VIP interface names instead of touch config.xml directly
Make sure RRD data is restored from backup before upgrading data and a new backup is done after. It should fix #2159
Merge pull request #792 from razzfazz/RELENG_2_1
add option to send prefix hint for requesting desired prefix length for ...
Merge pull request #791 from jean-m-cyr/RELENG_2_1
Dummynet does not require burst size specification
Use new names for get_memory parameters
Use hw.physmem when calculating pfsense_default_state_size
hw.physmem is the actual amount of memory that FreeBSD/pfSense can get its hands on, so use this for the calculation.Backport to 2.1
touch up text, s/nat/NAT/
add option to send prefix hint for requesting desired prefix length for delegation
This change adds an option on the interfaces page for sending a prefix hint for the selected delegation size. If enabled, a "prefix" field requesting :: with the appropriate prefix length (64 - dhcp6-ia-pd-len) is added to the "id-assoc pd" entry in the dhcp6c config file. This hint is required for requesting prefixes shorter than /64 from Comcast.
Dummynet traffic shaper does not require burst size specification andassumes 0 if not specified. Allow user to leave burst field blank, ifnot blank the must be numeric
#3174 Handling of gateway groups in openvpn_restart()
If the underlying vip of a gateway group that an openvpn client is bound to is in backup mode then the client should not start.
Use updated get_memory var names
Backport to 2.1
Fix #3172, return_gateway_groups_array() was returning the last vip since it was using wrong variable name on iteration
Improve var names in get_memory
Backport from master
Support the names used by the status page as well as those used internally by service entries.
Delete old route for remote gateway when its IP changes. It fixes #3155
Fixup check for existing easyrule block rule to account for the ipproto and when the ipproto is blank.
Add scope to target when it is a link-local, it helps ticket #3150
Attempt to recognize pfsync entries from pf logs.
Fix selection of IPv6 target IP for IPv6 Outbound NAT rules.
This makes it possible (without source hacking) to do many:1 NAT of IPv6.
Some will rejoice. Some will curse.
This should really only be done in limited, specific circumstances. Don't develop the IPv4 NAT mentality with IPv6.
Ooops fix this to add only th einterface
Add scope identifier to target when its link-local
Add also a special case so the correct ip is returned for the case when WAN is v4 PPP type and v6 is DHCP but with option fetch v6 info from v4.
When using DHCPv6 and only requesting a prefix the communication on the WAN interface will be over link-local so return the link-local address of the interface in this case rather than nothing.
Optimize a bit to try and convrt back to friendly interface only when needed
Resolves #2627. When WANv4 is PPP and v6 is DHCP but the option get v6 info from v4 is ticked the real interface is different. For WANv4 is pppXX and for v6 is the real underlying interface. Take this into consideration during interface_bring_down to properly cleanup things
Correctly remove IPv6 addresses from the interface rather than just erroring out. The same trick that works for IPv4 of not specifying address does not work with v6
Even if called with wrong parameters try to do something rather than return here.
Reduce diff with master
Handle link local addresses with embedded interface scope on is_ipaddrv6 and also on dnsmasq which is not yet there for these addresses
Unbreak limitrules and probably pfblocker errors. Spotted-by: Jim
When renaming or deleting a virtual server, clean up the old relayd anchor name. Otherwise the rules are still there and valid, and will cause problems as they will override the new VS settings. Also clear out the anchors when stopping relayd or starting fresh that way no old settings could conflict.
Cleanup some code that is not needed anymore
Use pfSense module functions for finding interface v6 addresses. The addresses will be not in friendly format as returned by getnameinfo
Remove prior CSC entry when cleaning up. Fixes #3143
Declare globals as global before defining them in openvpn.inc
Add a parameter, off by default, to expand all alias items, including hostnames
Force apinger to write the status file before getting gateway status
Ticket #3139 try to detect if the popen is closed from an error
Fix interface selections on UPnP to show the customized descriptions entered by the user. While here, add an external interface selection knob. Fixes #3141
Fix #1047
Remove duplicate polling set
Show apinger as a service when active, and display its status on gateway-related pages.
Don't print this message for a mobile IPsec setup. It's normal for it to not have an endpoint, and not worth spamming the log about.
Try to do the loading operations as close as possible to avoid any issues coming from it
Correct bandwidth assignment so the configuration is not reverted courtesy of ipfw(4) swapped arguments. Reported-by: http://forum.pfsense.org/index.php/topic,65069.0.html
Reload apinger now that we can rather than restarting. Related to Ticket #3119
fix text - s/occured/occurred/
the state type is required/valid for all specifications of protocol, notjust the ones formerly listed. For instance, sloppy is valid (and widelyused on 2.0.x and some older 2.1x) with "any" protocol.
Resolves #3121. Fix the command so it does perform correctly
Reorder reverse lookup overrides so user-specified ones are effective 2.1
If the user specifies a domain override for 10.in-addr.arpa and also specifies "Do not forward private reverse lookups" then the user-specified entry is not effective. But the code was supposed to allow users to specify individual reverse lookup domain overrides that took precedence....
Fix up filter_pflog_start - optimize some code, and fix $retval so that it will be restarted correctly after killing it.
Show the name of the unresolvable alias name as well as the rule description to avoid ambiguity.
use correct domain names when registering static DHCP entries in DNS
When registering static DHCP entries in DNS, we first try to use the domain name configured for the static entry (if any), then the domain name configured in the DHCP server settings for the corresponding interface (if any), and as a last resort the system domain name....
Fix #3113, fix multiple english spell errors s/seperet/separat/
Optimization has nothing to do with limits
Fix #3106, parse 'not' rules right on destination for port forward + reflection proxy rules
Allow advanced options state-related parameters to be used for TCP, UDP and ICMP
Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
Update rrd.inc
Fix this errorphp: rc.bootup: The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/system-mbuf.rrd N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 4 data source readings (got 5) from N:U:U:U:U:U'
Implement an option to allow using the IPv4 connectivity interface for sending the dhcpv6 information. Usually useful for ppp[oe] type links and some ISP
3652 days worth is a too much. Scale it back to more reasonable 1.25 x maximum used data (2284 days).
Handle IPv6 in ip_in_interface_alias_subnet()
Minimize inclusion of bogonsv6
If "Allow IPv6" is on, but actually there is no enabled interface with "Block bogon networks" enabled, then we also do not need to include the bogonsv6 table into pf.This allows some more flexibility for users to leave "Allow IPv6" checked, but still not use up memory for bogonsv6.
Disable the BEAST protection by default because the GUI will break if you use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.
Don't blow up the config if someone enters int'l chars in an LDAP attribute/DN field. Ticket #2227
Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted.