Correct typo in array name. Add select box for operating mode of rtadvd and dhcpv6 combination
Further fixup the fetch Mac address exec() this hopefully works
Attempt to manually generate a ipv6 address
Add a function that will calculate the ipv6 address for a given hardware address
Merge commit from Bill M for ipv6 counters and interface stats
fix filter rules for requested ipv6 icmp types
Comment out static mappings, this needs more research
Fix merge conflict
Ticket #1356 use locking here rather than ps to serialize execution.
Swap if statement, add fields into ipsecpinghosts file
Correct ping hosts functionality for > 1 tunnel. Add v6 functionality
Fix ticket #1126
Change wording
Fix the IPsec ping hosts file generation. This only worked for the lasttunnel
Merge remote branch 'upstream/master'
Keep a table of gateways we added for static routes to prevent us from making multiple entries to the same IP address
Add code to allow custom upgrade code to run after the pfSense upgrade code for the same version switching(Just the custom upgrade functions should have _custom at the end of their name.
Enable the IPv6 allow toggle, otherwise the other IPv6 rules do not work.
Try to make IPv6 feature complete for IPv6 support. Looks like ipsec-tools was built without v6 support, make sure you have a newer build
Make sure we have an ip to kill sessions from.
Do more strict checking if an ppp type interface is assigned before starting the mpd process behind it. Trigered-by: http://forum.pfsense.org/index.php/topic,34377.0.html
Commit the backend function that writes out the racoon.conf
Extend the IPsec configuration with a protocol family for the phase 1
Make sure to note the limitations to gethostbyname, it does not work for Quad A records. Fix resolve_retry in the process, use that.
Remove comment since the service is not started anymore after installation in 2.0
Allow port 547 to the filter rules for DHCP to work
Properly configure lighty with the configured port when attached to the v6 socket. It was previously hardcoded to https
Add IPv6 support to the DNS rebinding attack function
Make sure we do not write stale data during prunning periods.
Add the ability to differentiate between v4 and v6 tunnels. Bill says he can test
Correctly generate the interface.
Define only one loginterface since that is what pf(4) allows. This prevents a memory leak from pfctl(1) which may lead to memory depletion if the utility is run frequently with the pfSense generated ruleset.
Remove extra unmatched conf_mount_ro for a potential race condition preventing writes when generating ssh keys in the background. Ticket #673
Remove quick from the filter rule by request of Erik.
Correct the config path to the upnp array, this prevented the filter rule from being generated
Add the IPv6 tag to the version so that BSD perimeter can seen these installs from a mile away
Correctly use the WAN macro definition for the interface on 2.0. Though i still insist that people should do this themselves rather than relying on some obscure gui option.
Add {} around foreach contents. Fixes occasional duplication of the easyrule block alias.
Add block rule to the top of the firewall rules.
If PPTP is set for redir, actually add the NAT rules to rdr.
Only delete files in /tmp, not directories. Fixes rm errors on shutdown. (Doing rm -rf might cause it to go across filesystem boundaries again, which we're trying to avoid.)
Teach the console update by url about the default auto update url.
Conflicts: usr/local/www/status_rrd_graph_img.php usr/local/www/themes/pfsense_ng/rrdcolors.inc.php
Correct firewall rule, remove flags any
unbreak the broken merge
Automatically add a multicast allow rule for miniupnpd so that the Xbox 360 works.
Possible double RRD process fix.
Merge the config upgrade code, there was a mismatch, the one who merged this wrong should get a pointy hat.
Add localhost to be natted automagically from auto-generated nat rules. This simplifies loadbalancing from the host itself.
Fix javascript errors reported by: http://forum.pfsense.org/index.php/topic,34139.0.html
Conflicts: etc/inc/rrd.inc
Keep the output in a variable before passing it to rrdtool in case we also want to pass it to something else.
Only run pfctl once per interface for stats, rather than four times.
Use foreach here to be sure we do not reference unexisting results.
Do a proper test otherwise a override of the total_minutes var might happen.
Properly do testing of voucher existing or not rather than relying on an obscure feature of php. Also do exclusive locking rather than shared one when writing dbs.
Use racoonctl now that ipsec-0.8 is back to reload the config.
Add cas(4)
When doing conf_mount_ro/rw on NanoBSD, pass sync,noatime to mount to preserve the options we have already set in fstab. Ticket #1279 and Ticket #444
Resolve merge conflict
More fixes to differentiate between v4 and v6 gateways on the same interface.
First stab at generating a link local address for the bridge interface if it's used by DHCP.
Add missing pages to the authentication system.
Be smart and remove the needs package sync toggle since the begining otherwise not behaving packages might mess up the whole thing.
Oops more make code correct.
Oops make code correct.
If the interface triggering rc.newwanip is not assigned just reload packages and the filter and exit.
Correct one more variable in the process
Fix broken gateway logic that mixed up v4 and v6
Check if the protocol is empty, not just if it's set. Fixes #1323
Only change protocol if it's set and not empty.
Add upgrade code to ensure rule protocols are all lower case.
Make this lowercase before checking, or people who ended up with TCP or UDP in their config might end up with rules that have no port specified, leaving them a bit more open than expected.
Not needed anymore.
lower limit to 101 MB
Simplify is_macaddr regex.
Slight regex fix on is_macaddr - the previous regex was letting through a mac without : separators, leading to improper validation and potentially invalid dhcp configs. Seen here http://forum.pfsense.org/index.php/topic,33830.0.html
Attempt to mitigate fork bombs of rc.newipsecdns. Alternatively we should probably bail out with a exit(0);instead.
Always write out the filterdns-ipsec.hosts file, otherwise deleted tunnels will never get removed from thefilterdns-ipsec.hosts
Make it possible to turn off successful login messages, this should quiet the console, system logs
Add a check that should prevent configuration of racoon with duplicate phase 1 IP entries.
Since its only called during bootup there is no need to do conditionals here. Always sync config and start the miniupnpd process.
Pass the -a parameters to pgrep to be certain we search ancestors as well. The side effects might be inoquos from the pfSense context.
Declare $g a global here.
Ensure the pkg staging area exists on nanobsd before trying to use it.
missing $
misc whitespace cleanups
Give this another shot
Fix admins group permission setting when upgrading from 1.2.3.
Correct IPsec carp interface upgrade code, off by one
Use full path to pw