Correct typo on variable name
Make sure RRD data is restored from backup before upgrading data and a new backup is done after. It should fix #2159
Resolves #3177. Do a filter reconfigure if the dynds ipsec hosts are present and being reloaded.
Merge pull request #792 from razzfazz/RELENG_2_1
add option to send prefix hint for requesting desired prefix length for ...
Merge pull request #791 from jean-m-cyr/RELENG_2_1
Dummynet does not require burst size specification
touch up text, s/nat/NAT/
add option to send prefix hint for requesting desired prefix length for delegation
This change adds an option on the interfaces page for sending a prefix hint for the selected delegation size. If enabled, a "prefix" field requesting :: with the appropriate prefix length (64 - dhcp6-ia-pd-len) is added to the "id-assoc pd" entry in the dhcp6c config file. This hint is required for requesting prefixes shorter than /64 from Comcast.
Dummynet traffic shaper does not require burst size specification andassumes 0 if not specified. Allow user to leave burst field blank, ifnot blank the must be numeric
Fix #3172, return_gateway_groups_array() was returning the last vip since it was using wrong variable name on iteration
s/require/require_once/g for filter.inc to avoid redeclaration errors in some rare cases.
Support the names used by the status page as well as those used internally by service entries.
Delete old route for remote gateway when its IP changes. It fixes #3155
Fixup check for existing easyrule block rule to account for the ipproto and when the ipproto is blank.
Add scope to target when it is a link-local, it helps ticket #3150
Attempt to recognize pfsync entries from pf logs.
Fix selection of IPv6 target IP for IPv6 Outbound NAT rules.
This makes it possible (without source hacking) to do many:1 NAT of IPv6.
Some will rejoice. Some will curse.
This should really only be done in limited, specific circumstances. Don't develop the IPv4 NAT mentality with IPv6.
Ooops fix this to add only th einterface
Obsolete base ntpd since we are using the one from ports
Add scope identifier to target when its link-local
Add also a special case so the correct ip is returned for the case when WAN is v4 PPP type and v6 is DHCP but with option fetch v6 info from v4.
When using DHCPv6 and only requesting a prefix the communication on the WAN interface will be over link-local so return the link-local address of the interface in this case rather than nothing.
Optimize a bit to try and convrt back to friendly interface only when needed
Resolves #2627. When WANv4 is PPP and v6 is DHCP but the option get v6 info from v4 is ticked the real interface is different. For WANv4 is pppXX and for v6 is the real underlying interface. Take this into consideration during interface_bring_down to properly cleanup things
Correctly remove IPv6 addresses from the interface rather than just erroring out. The same trick that works for IPv4 of not specifying address does not work with v6
Even if called with wrong parameters try to do something rather than return here.
Reduce diff with master
Handle link local addresses with embedded interface scope on is_ipaddrv6 and also on dnsmasq which is not yet there for these addresses
Unbreak limitrules and probably pfblocker errors. Spotted-by: Jim
When renaming or deleting a virtual server, clean up the old relayd anchor name. Otherwise the rules are still there and valid, and will cause problems as they will override the new VS settings. Also clear out the anchors when stopping relayd or starting fresh that way no old settings could conflict.
Synchronize dhcpv6 as well if dhcp sync setting is on. Reported-by: http://forum.pfsense.org/index.php/topic,65487.0.html
Cleanup some code that is not needed anymore
Use pfSense module functions for finding interface v6 addresses. The addresses will be not in friendly format as returned by getnameinfo
Remove prior CSC entry when cleaning up. Fixes #3143
Declare globals as global before defining them in openvpn.inc
Add a parameter, off by default, to expand all alias items, including hostnames
Force apinger to write the status file before getting gateway status
Ticket #3139 try to detect if the popen is closed from an error
Fix interface selections on UPnP to show the customized descriptions entered by the user. While here, add an external interface selection knob. Fixes #3141
Fix #1047
Remove duplicate polling set
Show apinger as a service when active, and display its status on gateway-related pages.
Don't print this message for a mobile IPsec setup. It's normal for it to not have an endpoint, and not worth spamming the log about.
Try to do the loading operations as close as possible to avoid any issues coming from it
Correct bandwidth assignment so the configuration is not reverted courtesy of ipfw(4) swapped arguments. Reported-by: http://forum.pfsense.org/index.php/topic,65069.0.html
Reload apinger now that we can rather than restarting. Related to Ticket #3119
fix text - s/occured/occurred/
the state type is required/valid for all specifications of protocol, notjust the ones formerly listed. For instance, sloppy is valid (and widelyused on 2.0.x and some older 2.1x) with "any" protocol.
Resolves #3121. Fix the command so it does perform correctly
Manually revert the patch to cleanup aliases since now its propely handled in the ip assignements. Ticket #2495
Reorder reverse lookup overrides so user-specified ones are effective 2.1
If the user specifies a domain override for 10.in-addr.arpa and also specifies "Do not forward private reverse lookups" then the user-specified entry is not effective. But the code was supposed to allow users to specify individual reverse lookup domain overrides that took precedence....
Fix up filter_pflog_start - optimize some code, and fix $retval so that it will be restarted correctly after killing it.
Show the name of the unresolvable alias name as well as the rule description to avoid ambiguity.
use correct domain names when registering static DHCP entries in DNS
When registering static DHCP entries in DNS, we first try to use the domain name configured for the static entry (if any), then the domain name configured in the DHCP server settings for the corresponding interface (if any), and as a last resort the system domain name....
Bumpitty bump bump
Fix #3113, fix multiple english spell errors s/seperet/separat/
Optimization has nothing to do with limits
Fix #3106, parse 'not' rules right on destination for port forward + reflection proxy rules
Allow advanced options state-related parameters to be used for TCP, UDP and ICMP
Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
Update rrd.inc
Fix this errorphp: rc.bootup: The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/system-mbuf.rrd N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 4 data source readings (got 5) from N:U:U:U:U:U'
Implement an option to allow using the IPv4 connectivity interface for sending the dhcpv6 information. Usually useful for ppp[oe] type links and some ISP
Add missing backup of gettytab
3652 days worth is a too much. Scale it back to more reasonable 1.25 x maximum used data (2284 days).
Handle IPv6 in ip_in_interface_alias_subnet()
Minimize inclusion of bogonsv6
If "Allow IPv6" is on, but actually there is no enabled interface with "Block bogon networks" enabled, then we also do not need to include the bogonsv6 table into pf.This allows some more flexibility for users to leave "Allow IPv6" checked, but still not use up memory for bogonsv6.
Disable the BEAST protection by default because the GUI will break if you use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.
Sync p0f database for OS detection w/current file from FreeBSD
Don't blow up the config if someone enters int'l chars in an LDAP attribute/DN field. Ticket #2227
Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted.
Call interface_ipalias_cleanup() after $interface is initialized, and get current IP after it
Add an RRD graph for MBUFs under system. Tweaks welcome.
Don't generate reflection rules if reflection is disabled for that rule.
Do not break ppp type interfaces on v6
For ppp interfaces the real interface is not present anymore in the xml config section of the interface. Due to this do some more work on extracting the real interface when ipv4 is pppoe/ppp/... and ipv6 configuration files will use the wrong interface to request information from provider. Reported-by: http://forum.pfsense.org/index.php/topic,64483.0.html
Enable filtering on ipfw sysctl not dependent on ipfw module otherwise issue reported here http://forum.pfsense.org/index.php/topic,64412.0.html happens
Ignore errors/warnings from these calls
Merge pull request #683 from dhatz/RELENG_2_1
support mitigating BEAST attack, see http://forum.pfsense.org/index.php/topic,63001.0.html
services_dhcrelay6_configure developerspew debug text fix
Start DHCrelay6 on boot
Correctly decide if dhcrelay is enabled
Teach service start stop restart about dhcrelay6
Consistent dhcrelay6 pid file location
Fix #3091, fix bad var assignment
Move variable declaration to the top, declare it global before defining. Fixes #3090
Remove irrelevant comment.
Fix copy/pasto introduced in previous commit.
Add support for custom IPv6 DDNS.
Change separator as per JimP's request.
Clean up HE.net AAAA backend support.
Add backend support for HE.net AAAA record updates.
Defines a new DynDNS provider 'he-net-v6' for updating AAAA entries ondns.he.net.
Don't automatically add hidden rules to pass all IPv6 traffic to/from delegated prefixes. Default IPv6 from LAN -> any rule covers outbound properly as-is, and WAN rules shouldn't pass in that permissively. Also the prefix length calculation was off and the LAN rule(s) would be too permissive anyhow.
Implement proper releasing of pipes allocated based on CPzone. Keep track of which zone a pipe is and release those pipes during disabling/deleting of zone. Ticket #3062, Pull request #698
Use empty to cover all needed cases as suggested on #3062. Suggested from pull request #698
Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
Fix typo in filter.inc. Fixes #3028.
Due to the typo, FilterIfList never got a 'track6-interface' entry,which in turn prevented the DHCP6-related pass rules from beinggenerated for the LAN interface.
Update services.inc
Turn on AdvManagedFlag and AdvOtherConfigFlag for both 'managed' and 'assist' ramodes.
Actually do this upon entering to get proper ip
Fixes #2495. On trigering of rc.newwanip remove all ipaliases from the interface since they will be readded later on. This will also make sure to have the correct address order
When a CARP VIP transitions to master, we need to bump servers also, otherwise a transition from disabled or init may not properly (re)attach to the IP address.
Correct DHCPv6 rules test to also include a check for DHCPv6 relay. Fixes #3074
Remove useless code