pfSense

Fix an edge error in getting the carp interfaces reported by Effone.

Do not prepend empty lines to the first member this might trigger errors on code that relies on space to be a separator.

Correct the function name so that it upgrades properly

Make sure to upgrade deprecated themes to pfsense_ng.
The switch() should make it easy to add other deprecated themes here.

Do not install reflection rules for port forwards when the destination is invalid.

Revert changes to reflection for port forwards until finished and approved.

Merge http://gitweb.pfsense.org/pfsense/efonne-new_nat_reflection into master

The global reference declaration is needed.

Preserve previous behaviour of having all alarms on for all gateways. Not sure this should be/is the right behaviour though.

Move the settings of down/latency/loss to per gateway. This allows more fine grained control on gateways.

Do not put ip address on teh name since pfctl does not like an ip as part of macro name.

Correct delay matching on outgoing load balancer code.

Ticket #408. Provide code to upgrade static routes.

Make list the same. Remove whitespace at the end so it does not get interpreted as special tag.

Fix link_ip_to_carp_interface. This unbreak at least Carp on CP and other consumers of it.

Add scpecific scripts for when ovpn goes up and down so we get neccessary values for used in varius areas of pfSense. TODO is find out how to get DNS info form openvpn.

Check if interface exists before issuing a command when disabling captiveportal.

Use a global array to prevent errors on rulesets which have invalid gateways. If such are found do not use the gateway at all. Probably the rule should be skipped too?.

Move auto generated rule for static routes on same subnet. Use sloppy states to speed things up and use flags any in tcp case so sloppy state does not choke.

Catch up with latest apinger changes to make easier to extract the status of gateways.

Add a few comments. This should be ready for testing/feedback. Ticket #108

Add missing ;

Set proposal check and passive as needed for this scenario also. Ticket #108

Ensure initial_contact is 'on' in this case to behave as 1.2.3 did. Ticket #108

Set generate_policy to "on" to behave as 1.2.3 does in this case. Ticket #108

Only specify peer ID if we are not dealing with a mobile PSK-only tunnel. Ticket #108.

Do not specify subnet in sainfo if we are dealing with a mobile PSK-only tunnel. Ticket #108

Write out IPsec PSKs for mobile clients. Part of ticket #108.

Bring back IPsec PSK Tab/Edit. Part of ticket #108. Still needs backend code to use the resulting keys.

Enable even xmlwriter module.

Ticket #320. Use xmlreader and xmlwriter to read/write xml since it encodes decodes itself special chars.

Add client-to-client to OpenVPN server config if the option is checked. Resolves #572.

Correct file_notice usage.

Fix upgrade code for port forwards with "Interface address" set on external address. Ticket #561

Fix the empty array check, a empty load balancer tag has a value of 1, not 0.

Do not trip with configuration upgrades on a empty load balancer tag.

Fix the regular expression used in filter_generate_address for OPT subnet so that it only matches the case intended. Ticket #571

Revert last commit .. This might not work on Nano

Use mount -a instead of -uw Ticket #444

Ticket #511. Do not penailize other packages if rules of one package are erroneous during package rule generation.

Implement tcp flags and sloppy state on the GUI.

The gui defaults to https in 2.0 correct it to make sure it is not stopped by CP on the CP interface[s].

Add backend code for NAT reflection on 1:1 NAT mappings.

Removed some redundant/obsolete code that is superceded by the new NAT reflection code.

Add the NAT that goes with the reflection redirects.

Added reflection redirect rule and rearranged some related code that goes with it.

Remove "pfSense nat bouncing" entries from the service ports list.

Remove the old reflection implementation and prepare for the new one.

Put all of these lines in the block under this condition and remove the irrelevant comment.

Fix displaying the Enable/Disable checkbox. Previously after a save button click it will show the old saved value.

Fix displaying the Enable/Disable checkbox. Previously after a save button click it will show the old saved value.

Add a gitsync option for reverting to the commit used when building the image.

Ticket #491. Fix upgrade code. Since dyndns is considered and array item it failed with previous code. Use index of 0 since 1.2.x does not have multiple entries.

When 'No RDR' is set, skip some code that does not apply.

This check is no longer needed here.

Return if not a supported protocol for reflection.

Ticket #535. Correct from where we get the port number.

'pass' is not valid with 'no rdr'

Skip code for generating inetd.conf entries when 'no rdr' is used.

Modify reflection code to avoid having duplicate rule generation code for when the protocol is different.

Reflection can have side effects unexpected to the user with rules using any for destination address, so change any to the interface subnet for reflection rules, which should be closer to the desired behavior in most cases but without the side effect.

Use the same destination address and port in reflection rules as is used in the port forward's main rule.

In reflection rules, fix the end of the port range in port range forwards.

Move the reflection enabled check out of filter_generate_reflection, so this function can be used elsewhere regardless of the system setting for it (in preparation for reflection support on 1:1 NAT mappings).

Ticket #567. Create an entry on hosts file with the ip address of lan or the first inerface ip without a gateway if lan is not present.

Ticket #565. Correct deleting passthru mac entries. revert back to always allow a passthru mac as with allowed ips. Remove the check during login for passthru mac entries they will never make it to the login page.

Ticket #566. Reimplement the allowed ips keeping previous funcitonality and improving by adding a both direction. The problem with previous commit is that it always assumes that allowed ip address would have a pipe configured and entires without one would just get dropped.

Various fixes for handling of ports in port forwards.

- Removed unused $srcport variable.
- Moved setting the $protocol variable to after setting the ports, so it can
clear the ports variables when using non-tcp/udp protocols.
- Handle a couple extra possible cases for local port.

Moving reflection's interface listing code to its own function, for use in future NAT reflection improvements.

Fix a check for "any" in port forwards.

Display some extra information about the available wireless channels.

Remove check that prevented bugs from happening. Now all code paths are safe from this.

Remove unused function.

Ticket #506. Correctly save dynamic gateways extra parameters.

Add upgrade code for values of "Interface address" and "any" for the external address of port forwards. Ticket #561

Unbreak this. Seems it needs to be filter for the rules to work.

Make sure package rules are last. As the way they are coded they will null out entire rulesets. More work is needed to make them 2.0 comliant but for now this is enough.

Actually minimum weight is 1.

Allow for each gateway a weight to be choosen if the gateway has to be used in Gateway groups. This will create that many entries in the route-to statement as the weight says.

Use nobind for OVPN client when no local port and/or no local interface is requested. Ticket #282

Generate gateways as macros and then just substitute them during the rules. This allows optimizations and features as repeating the same gateway more than one to be done.

Always generate macros so ruleset does not fail even when the gateway has no members.

Reload gateway groups when changing them.

Improve NAT Port Forwarding

• Now you can disable a rule
• You can define "no rdr" rules
• Source type, address and port, with an option "not" for exceptions
• Destination type, address and port, with an option "not" for exceptions...

Default to and display the last used repository URL in gitsync.

Add gitsync support for merging from other repositories.

Allow gitsync to properly switch branches or repositories. Resolves #523

Resolves #554. Correct path to tftp-proxy.

The console menu does not show if the terminal type is not cons25 - not sure why. Changed to cons25 to allow the menu to work on the serial console when enabling it through the web GUI. Ticket #316

Fix OpenVPN upgrade code for lzo compression. Resolves #280, mentioned also in Ticket #482.

Fix apparent typo in IPsec upgrade code which broke the user_fqdn identity type.

Ticket #507. Do not remove all static routes to readd them back. The change will never delete a rule but define the action to be taken on it, either add or change a present route. Be consinstent on gateways allowed to be selected as destinations for static routes, including dynamic gateways.

Fix typo in comment

Ticket #471. Bring up the removed/unassigned interface correctly if it is parent to other interfaces, as vlans.

Ticket #449. Actually save something to read back.

Ticket #449. Bring back the check if there is really an ip change on interface event. This avoids reloading openvpn and other sevices when actually there is no change.

Ticket #540. Do not require VJ compression with todays link speeds it pessimizes more than helps.

Move these functions to a more central location. Part of ticket #496

Ticket #389. Correctly make the ldap object picker work and handle various errors.

Ticket #378. Correctly handle a timeout of 0 to mean never timeout.