Prevent network or broadcast address to be set on interface (console, GUI and wizard). It should fix #3196
Use proper interface here
Correct only carp value changes
Correct CARP events on devd and the argument processing on called scripts
When reset webConfigurator password, if authentication server is not Local Database, ask user to back to it. Fix #3341
Remove 0.0.0.0 from automatic outbound nat rules
Remove references to _vip interface and provide proper configuration for carp on FreeBSD 10. Still some places to deal with this and certainly missing upgrade code
fix 0.0.0.0 subnet for automatic outbound NAT rules, fixes #2416
Add a new param to return_gateways_array and make it return gateways when interface doesn't exist. Default behavior didn't change. Also check the new gateway parameter (disabled) when filtering
No need for a second rule forwarding http
Correct generation of lighty configuration with zoneid changing to lower that 4000 value
Since zoneid need to be less then 4096 provide some upgrade code to handle that from existing configs
Merge pull request #858 from timdufrane/master
Add DHCP without gateway capability
Catch up with mac needed for all operations in the table nowdays.
Properly create zones for the CP with the new command arguments and properly invoke ipfw for applying rules and other configuration options.
Fix #3331. Set interface subnet as destination when VIP is in the same subnet, otherwise use VIP subnet instead of IP address
FreeBSD 10 pf does not have a limit for table entries
Merge pull request #857 from Wraul/add_city_network_dyndns
Added support for City Network to Dynamic DNS.
Fix an issue that changes wrong gateway entry when items are hidden
Don't flush interface cache on each call of the function when looping through all gateways.
Add gettext() to recently added strings
Add an option to return outbound NAT automatic to nat hosts with description, ticket #2416
Add subnet to 0.0.0.0 otherwise it's not added to table, ticket #2416
Make sure automatic rules are created even if mode is not set, ticket #2416
Many fixes on privileges, ticket #3216:
- Rename some privileges: page-diag-system-activity => page-diagnostics-system-activity page-interfacess-groups => page-interfaces-groups page-interfacess-lagg => page-interfaces-lagg page-interfacess-qinq => page-interfaces-qinq...
Merge pull request #855 from ExolonDX/branch_01
Tidy up the "Helper Icons"
City Network is a Swedish web hosting company.They provide a dynamic DNS service for their customers.This service uses the dyndns2 protocol.
Provide a more safe way to avoid pw userdel being interactive because of a crontab existance
Revert "local_sync_accounts: provides empty STDIN to pw userdel command"
This reverts commit c6b156bfa537754d079868653ef3561eb1330d8c.
Split automatic to nat hosts fill into a function to be able to call it from other place, ticket #2416
The "Helper Icons" at the top right of some service pages at presentproduces 30+ HTML errors/warnings, this is due to the table cell beingwrapped in a span statement then in a div statement, table cells canonly be part of a table row then within a table statement....
Remove unused variables and fix automatic nat to alias-address
Merge pull request #854 from icyfork/provides_empty_STDIN_to_pw_command
local_sync_accounts: provides empty STDIN to pw userdel command
Add hybrid and disabled outbound NAT, fixes #2416:
- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced keep working the same way- Hybrid mode applies manual rules first, automatic after- Disabled do no create any outbound NAT rules...
The /usr/sbin/pw command may wait for user input. For example,if there is a manual crontab settings for :foobar account, thenwhen this account is requested to be deleted, the command willask if user wants to delete crontab settings for the account....
Merge pull request #850 from phil-davis/master
Handle comma-separated list of remote networks when making vpn_networks table
Add an option to set no-sync on rules to keep states from being synced via pfsync. Fix #2501
Rework the usage of the shell i/o during stop_packages(), fixes the "Syntax error: bad fd number" for the remaining people who still saw it on shutdown
This tag could be present, but empty. Skip processing if the interface has no IP address.
If the interface is configured and not enabled, bail. We do not need to change settings for disabled interfaces. Fixes #3313
If remote_networks for an OpenVPN instance is a list of more than 1 network then none of the networks gets added to the vpn_networks table. The code simply did not address this new comma-separated list feature. Now it does, and the vpn_networks table contains all the remote networks listed....
Unset this variable used in the loop to avoid having wrong information
Do not forget the trace in the pf.conf that something went wrong during rules generation to be able to at least detect what is going on
Give clients the IPV6 address of the DNS server
For IPV6 WAN tracking interfaces, dhcpdv6 does not provide an IPV6address for the DNS server... fix that.
Revert "Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294"
This reverts commit b1e5a286bb47d7e4a5b3d589cc27b557b3b13c41.
Prevent a Fall Back Pool from being selected when the DNS protocol is in use. If one is present in the config, ignore it. Fixes #3300
Teach system_timezone_configure() to deal with symlinks to avoid having timezone misconfigured. This fixes #3293
Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294
Unset value should be '' and not 'none'
Change OpenVPN Compression settings to cover the full range of allowed settings on OpenVPN (unset, off, on, adaptive) rather than a simple off/on switch that either doesn't set the value or enables it with adaptive (OpenVPN's default).
Add an Authentication Digest Algorithm drop-down to OpenVPN server/client (SHA1 is the default since that is OpenVPN's default)
Revert "Define dynamic gateway for GRE interfaces and do not user to define IP address to the interface. Fixes #3280"
Another solution will be implemented
This reverts commit 6721d6d0443bd7e697bd6ca33f470c801608df7e.
Define dynamic gateway for GRE interfaces and do not user to define IP address to the interface. Fixes #3280
Make return_gateways_array() return all disabled gateways when $disabled is true, it should fix #3291
Fix an attempt to read unset variable $rtent
Add source address selection to syslog settings, so it can work more effectively over a VPN. Fixes #355
Fix #3235
. diag_nanobsd.php: . Since conf_mount_ro() is always being called, always call conf_mount_rw to keep refcount correct . Do not show refcount_read() return when it's -1. config.lib.inc . Increment and decrement refcount even if nanobsd_force_rw is set....
Make sure pf rule labels never have more than 63 chars. It should fix #3208
Merge pull request #813 from phil-davis/master
Fix logic in detecting if OpenVPN resync needed, fixes #3255
Prepend ipsec_ here as well for better protection
Use the pid of the process for the tmp file also prepend ovpn_ here to make it clear
Correct even here the routes from cisco-avpair processing
Use the pid of the process for the tmp file
Fix cisco-avpair processing, and route processing from avpair replies.
Add missing privileges to the list, it fixes #3279
Fix typo and whitespace
Fix #3259. Save 'packet loss rate' and 'bucket size' for limiter queues
Prevent a possible division by zero. it fixes #3212
Make sure vlan interface exist when it's being configured, it fixes #3270
Fix #3268 - avoid pf table names conflict:
. Create a list of reserved table names for the hardcoded ones. Use this list to validate aliases and load balance pool names. Check if alias names don't conflict with LB pool names and vice-versa
Merge pull request #817 from stephanel/master
Added OVH DynHOST in dynamic DNS services
Add Captive Portal Zones privileges definition. Fix #3216
Allow special chars to be used on IPSec mobile login banner. Fixes #3247
Set default value to radius_protocol during upgrade, it should fix #3226
Fix 'Packet loss rate' and 'Bucket Size' range checking
Remove redundant test for OpenVPN resync_needed
Needs parens
Add upgrade code to change the DHCP next-server value to nextserver since it was renamed sometime in 2.1 but upgrade code didn't follow. Also shuffle the upgrade code blocks a bit since we need these on 2.1.x and nobody should be on 2.2 yet, so the impact should be minimal to renumber the one bit specific to 2.2.
Perform a much more accurate comparison between two certificates to determine if they are identical when checking their revocation status. Fixes #3237
Remove newsyslog cron job on upgrade, if present.
Remove this check, the value can be 0 here if the target is the first item in the array.
use (self) instead of any for web lockout
use (self) rather than any as the destination for the lockout rules
Check for disabled OpenVPN instances in openvpn_resync_if_needed
It is much cleaner if we check first for disabled OpenVPN instances, before diving into all the other checks. Note, the final openvpn_resync() does call other routines that finally check if the instance is disabled, but there are so many checks here for various conditions to be met before calling openvpn_resync that it looks better (safer) to bail out early if the instance is disabled.
Fix logic inn detecting if OpenVPN resync needed
Commit https://github.com/pfsense/pfsense/commit/f33dcc5c79c54af7daf91a81cfdd7f489e8cb67c reversed the logic sequence when testing if $resync_needed - the individual tests were changed from "==" to "!=" and so on, but the conjunction also need to be changed - "or" needs to be "and". I had noticed that VPNs on some gateway groups of mine didn't failover recently, but hadn't gone looking for the problem until now....
Fix codel not being applied on non-priq queue types
Fixed typo in CoDel wiki link
If rc.newwanip is run on an interface that should not have an IP address, do not take any action.
Update to include GratisDNS dynDNS service
Make sure no extra spaces end up in the parsed IP, it can lead to issues in other places (Easy Rule, etc)
OpenSSL does not like country codes longer than two letters, so remove these entries that are not actually country codes.
Add patch from Ermal to fix ifconfig error on gif in certain cases.
Fix CP stats generation for concurrent users. Fixes #3225
Merge pull request #795 from razzfazz/ia-pd-hint
add option to send prefix hint for requesting desired prefix length for delegation (for master branch)
Switch to rw mode before file operations on RFC2136 cache. Fixes #3201
Merge pull request #803 from PiBa-NL/outboundnat_disable_checkbox
outboundnat, disable rule checkbox
outboundnat, disable checkbox