pfSense

make use of the correct file to send notifications

cleanup: code for building arrays for autocompleted fields

max_procs adjustments for small memory systems, attempt 2

Per Jim P's feedback, move max_procs completely out of
system_webgui_start() and move all of the memory/procs decision logic
to system_generate_lighty_config().

Adjust the captive portal max_procs to reflect the low memory...

prep work: function get_alias_list()

I wrote this function primarily to remove a lot of duplicate code
that's there because of a lot of those autocomplete fields.

add autocomplete to load_balancer_pool_edit.php (PEV-394754)

we also enable the json extension here.

Add click jacking support. Ticket #2419

Handle HTTPOnly and Secure flags on cookies

Back out duplicated fix from 107e8acc - Ticket #1917 was already fixed before this was added.

Respect ['upload_path'] for upload_tmp_dir for PHP

Whoops, typo. Fixed now.

Don't pass a shell escaped version of $realifl to pfSense_bridge_add_member(). Fixes bridging

Stop service needs to wait process to be stopped before trying to restart/start it.

Test if this is an array before using it as an array.

Add support for aliases in DNS Forwarder, fixes #2410

missed a spot for #2407

implement #2407: create config option for captive portal listening port

Fix syntax error in bogons update

Move routing (radvd, routed, ospf, bgp) to its own log since these daemons can be really spammy at times.

Move the stop_packages code to a function, and call the function from the shell script, and call the function directly for a reboot. Fixes #2402 and ticket #1564

Better error handling for crypt_data and also better password argument handling

Restore protection for the "destination any" case for port forward NAT Reflection, which was forgotten when shuffling around code before committing. Also add a couple other missing checks.

fix text. ticket #2399

The descr field might not exist, use a uppercase friendly name

Make sure to stop the dhcpleases6 process

routes should not be skipped when IPsec is on WAN, as WAN may not be the default gateway.

Delete any existing /var/db/rrd/*.rrd files before restoring from the XML

Minor corrections to function names in error messages

go back to scrub rather than "scrub in", the latter breaks MSS clamping for egress traffic the way we use it

Revert change to get_interface_list()'s $vfaces list for now. Interfaces in this list that are supposed to be listed on Interfaces: Assign need special logic on that page, which has not been added yet.

Generate the correct corresponding link local from the carp mac.

Allow optionally using the type of NAT reflection implementation used for 1:1 mappings with port forwards as well, in addition to allowing the old type, which is still useful in its own way.

Add message stating which interfaces are missing.

Suggestion from http://forum.pfsense.org/index.php/topic,48366.0.html

Add some missing interface types in is_interface_mismatch() and get_interface_list()'s $vfaces. Fixes #2384

Clean up filter_generate_reflection_nat, remove obsolete checks, and add new checks that are now needed. Ticket #2240

Use filter_get_direct_networks_list instead of dumping a copy of the routing table. Ticket #2240

Modify filter_get_direct_networks_list to optionally return an array instead, which includes subnet, friendly interface, and gateway (if applicable), for ticket #2240

Update the default URL here for our new FreeBSD release.

Add cheap hack to make syslogd forwarding to IPv6 work at bootup. Fixes #2370

Make sure VPN interface gateways are handled separately

Make sure to push elements we don't recognize on the stack too.

Add upgrade code that updates the dynamic gateway names to their new format new $if_$type.
Redmine Ticket #2332. I've tested a simple upgrade with 3 dynamic Wans with varying names and that appears to have succeeded. Needs more testing.

Update pf.os a bit

Add the correct fix to pick up the IPv6 gateway for slaac interfaces

Merge pull request #93 from phil-davis/patch-1

Store PBIs in /root/var/db/pbi so they persist across reboots.

Make sure that SLAAC gateways show up in return_gateways_array();
redmine ticket #1834

Add support for SLAAC on the WAN interface, this is required for Stateless autoconf addressing.
Normally this should only apply to Appliances that do not need to route. We automatically hook in the dhcp6 client to request name servers from DHCP6 in a information only mode. It will not attempt to request a address. For that you should use the plain DHCP6 option with a prefix size of none....

Handle multiple IPv6 DNS servers in rc.newwanipv6, remove chunk of broken code in the DHCPv6 server that added duplicate lines. Redmine ticket #2380

Store PBIs in /root/var/db/pbi so they persist across reboots.
Keep the existing code for old-style PKG packages in case users on 2.1 are doing anything with PKG packages by hand. In theory all proper package installs on pfSense 2.1 (FreeBSD 8.3) should use PBIs.

Include the ntp facility also, should fix ntp logging

Strip the ::1 from the 6to4 gateway address

Re-order the system routing configure after the tunneled interfaces are configured.

Prevent a invalid argument on a empty array

Only add the IPv4 gateway in the DHCPv4 config if we have a IPv4 gateway defined on the system at all.
This makes clients trying the IPv4 transport fail a lot faster, and thus more graceful.

Use appropriate syslog priorities.

Fix missing - on route parameter

Some IPv6 fixes for gateway groups

Add static routes for gif tunnel endpoints

Add a static route for the IPv4 relay so that 6to4 or 6rd on a OPT interface works as expected.

Merge pull request #90 from vizvayu/master

Mode selection options for PowerD

Enable verbosity to actually put something in the logs

quiet change: fix indentation of xml2array function

i.e., tabs instead of 4 spaces

Feature #1864 "Start" button for IPsec should be available for IP alias networks

might need more testing.

http://redmine.pfsense.org/issues/1864

Feature #2123 Backup RRD files using the xml dump and restore from RRD tools

http://redmine.pfsense.org/issues/2123

Fix constant. LOG_ERROR should be LOG_ERR

Add brackets to a syslog server if it's an IPv6 IP. (Though FreeBSD's syslogd still won't send to it ... http://www.freebsd.org/cgi/query-pr.cgi?pr=150530&cat=misc )

Update etc/inc/util.inc

fix typo. Ticket #2371

Add modified version of user https://github.com/bcyrill patch that requires a IPv6 literal when used with a port.

Revert "Also validate IPv6 literals."

This reverts commit 21b586aa12ca35ccf54d4ddf66b0305e12e62a4d.

Modify get_configured_ip_aliases_list to optionally return the full vip entry and use this information to get the subnet and not just the IP in filter_get_direct_networks_list.

For consistency, generate a masked out subnet IP from the IP alias instead of using the IP directly.

this is only valid in mpd5 (really?...) Revert "RADIUS accounting updates are needed for PPPoE and L2TP too"

This reverts commit 02b14dcb49da8dc278e87785bb3f811336bf1fd0.

RADIUS accounting updates are needed for PPPoE and L2TP too

Also return IP alias VIP networks in filter_get_direct_networks_list.

Also validate IPv6 literals.

Remove duplicated function

Add alias support to static routes (needs some testing) Ticket #2239

Conflicts:

etc/inc/filter.inc
        etc/inc/util.inc
        usr/local/www/system_routes_edit.php

Added mode selection options for PowerD.

Restore this piece of logic, otherwise the firewall rules break.

Also use the prefix calculation function here.

Prevent duplicate 6rd or 6to4 interfaces, these conflict and both use the stf0 adapter. Only 1 can be active.
Move piece of code into function, we need it more places, tighten rules for proto 41 traffic.
Attempt to micro optimize the select box for large amounts of choices. Chrome likes this approach better.

Move some constants in gitsync closer to the top of the source code and add some new ones of potential interest to those reconfiguring gitsync. Also modify messages to indicate that Git URLs are also allowed.

Correct typo in the filter rule

Add automatic firewall rules that allow traffic destined for a downstream delegated prefix.
The downstream router is the one to decide what to do with it. This can still be overridden by user rules, just like outbound traffic.

Change the command to reflect the new, just added dhcpleases6 binary for triggering route injection.

it needs to point to a existing file otherwise it will not launch.

Add the -h parameter which is required for dhcpleases, might need to be removed later.

fix a syntax error

Add a dhcpleases monitor to the DHCPv6 server which will trigger automatic creation of routes into the routing table so that prefix delegation will just work.
Redmine ticket #2347

Fixed Bug #2348

Replace is_function with function_exists

Make sure that we use the right interface for 6rd

Unbreak rc.filter_synchronize, add )

work around a redeclaration error.

i'm going to start a discussion about making sure all require() calls
become require_once() calls but until then i have to fix this.

Unbreak interface.inc after manual merge

Remove slipped line

use existing filter_expand_alias (well, via a wrapper) instead of
reinventing it

Unbreak openvpn

Make vips vhid be unique per parent interface!

Correct the fieldname we need to look into so we actually configure the tunneled interfaces.