Don't blow up the config if someone enters int'l chars in an LDAP attribute/DN field. Ticket #2227
Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted.
Call interface_ipalias_cleanup() after $interface is initialized, and get current IP after it
Add an RRD graph for MBUFs under system. Tweaks welcome.
Don't generate reflection rules if reflection is disabled for that rule.
Do not break ppp type interfaces on v6
For ppp interfaces the real interface is not present anymore in the xml config section of the interface. Due to this do some more work on extracting the real interface when ipv4 is pppoe/ppp/... and ipv6 configuration files will use the wrong interface to request information from provider. Reported-by: http://forum.pfsense.org/index.php/topic,64483.0.html
Enable filtering on ipfw sysctl not dependent on ipfw module otherwise issue reported here http://forum.pfsense.org/index.php/topic,64412.0.html happens
Ignore errors/warnings from these calls
support mitigating BEAST attack
According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30
"...by setting
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
you can mitigate BEAST attacks."
Merge pull request #712 from phil-davis/master
Correctly decide if dhcrelay (v4) is enabled
Correctly decide if dhcrelay is enabled
Merge pull request #711 from phil-davis/master
Teach services code about start stop restart of dhcrelay6
Teach service start stop restart about dhcrelay6
Consistent dhcrelay6 pid file location
Merge pull request #710 from phil-davis/master
Start DHCrelay6 on boot
Fix #3091, fix bad var assignment
services_dhcrelay6_configure developerspew debug text fix
Move variable declaration to the top, declare it global before defining. Fixes #3090
Remove irrelevant comment.
Fix copy/pasto introduced in previous commit.
Don't automatically add hidden rules to pass all IPv6 traffic to/from delegated prefixes. Default IPv6 from LAN -> any rule covers outbound properly as-is, and WAN rules shouldn't pass in that permissively. Also the prefix length calculation was off and the LAN rule(s) would be too permissive anyhow.
Implement proper releasing of pipes allocated based on CPzone. Keep track of which zone a pipe is and release those pipes during disabling/deleting of zone. Ticket #3062, Pull request #698
Use empty to cover all needed cases as suggested on #3062. Suggested from pull request #698
Merge pull request #703 from razzfazz/dyndns_custom_v6
Add support for HE.net AAAA record updates. Fixes #1825.
Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
Implement URL Table aliases for ports instead of IP addresses
Add support for custom IPv6 DDNS.
Change separator as per JimP's request.
Merge branch 'master' into dyndns_custom_v6
Clean up HE.net AAAA backend support.
Add backend support for HE.net AAAA record updates.
Defines a new DynDNS provider 'he-net-v6' for updating AAAA entries ondns.he.net.
Fix typo in filter.inc. Fixes #3028.
Due to the typo, FilterIfList never got a 'track6-interface' entry,which in turn prevented the DHCP6-related pass rules from beinggenerated for the LAN interface.
Typo in configuration option
Should be 'leases', not 'mappings'.
DHCP also update Dynamic DNS for static leases
Previously, Dynamic DNS is only updated for clients that get addresses from the DHCP address pool. Static mappings are ignored.
Adding this line updates Dynamic DNS for both static-mapped and dynamic DHCP clients.
Actually do this upon entering to get proper ip
Fixes #2495. On trigering of rc.newwanip remove all ipaliases from the interface since they will be readded later on. This will also make sure to have the correct address order
When a CARP VIP transitions to master, we need to bump servers also, otherwise a transition from disabled or init may not properly (re)attach to the IP address.
Correct DHCPv6 rules test to also include a check for DHCPv6 relay. Fixes #3074
Use download_file() and check ssl certificates
Remove useless code
Create a function to download a file using curl
Resolves #2910. Make apinger write its status file just after starting so that thing work as expected
Add a new alias type, URLs containing Ports
Add group_ports()
Remove duplicated line that makes dhcp6c not run correctly
Omit IP warning if HTTP_REFERER check is disabled.
Do not reconfigure dhcp v6 on v4 ip address event. Only handle 6rd and 6to4 while the former is questionable if needed
Copy/pasto does well up to some point
On every ip change renew the hosts file
Enforce the checking of booting up for linkup events
modified radius function to release the pineno
modified radius function to release the pinene if the client is not authenticated properly, and modified function captiveportal_get_next_dn_ruleno to initially takes the value 2000 for the first pipeno.
Include both dyndns and rfc2136 hosts in referer check
Include RFC2136 hosts in DNS rebinding checks.
Add option to RFC2136 to find/use the public IP if the interface IP is private. (Off by default)
Add cached IP support to RFC2136, add GUI button to force update for single host.
Correct variable used to delete symlinks and files delete from CP filemanager. Reported-by: http://forum.pfsense.org/index.php/topic,64016.0/topicseen.html. While here reduce some uneeded extra operations
Repect global conf_path
Merge pull request #686 from Klaws--/master
Added previously missing class selectors cs1-cs7 plus VA (voice-admit), plus the TOS values which still work with DSCP
Definitely requires my patches to the kernel patches to work (dscp.RELENG_*.diff). OTOH, it is currently broken anyway, so wahtever happens, it cannot get more broken. ;-)...
Fix the RRD RRA’s to collect the correct amount of data for the Previous Period view for each resolution.
Applied when RRD's are created.
RRA:AVERAGE:0.5:1:1200 = 20 hours of 1 minute dataRRA:AVERAGE:0.5:5:720 = 2.5 days of 5 minute data...
Add a checkbox that can be used to request only a IPv6 prefix without a IPv6 address. Some ISPs DHCP6 servers will fail the request if both are requested and only a Prefix is allowed.
Conflicts:
usr/local/www/interfaces.php
Merge pull request #671 from wrboyce/master
allow defining dhcp static mappings using dhcp-client-identifier
Merge branch 'Advanced_DHCP_Client_Options' of https://github.com/N0YB/pfsense into N0YB-Advanced_DHCP_Client_Options
Conflicts: usr/local/www/interfaces.php
Handle comma-separated list arg to rc.openvpn
The argument passed to rc.openvpn can be a comma-separated list of gateways - not just 1 gateway. Enhance the code to loop and process each gateway.
Be a lot more verbose in the logs during package reinstallation.
If the script_name is blank, try another method to locate what our filename is so we don't log an empty script name.
DynDns Euro Dns Provider
Add Dyn Dns Euro Dns Provider
Update services.inc
Turn on AdvManagedFlag and AdvOtherConfigFlag for both 'managed' and 'assist' ramodes.
Add option and code to sync Auth servers with XMLRPC.
Add AAAA support to RFC2136 updates. Based on http://forum.pfsense.org/index.php/topic,50164.msg269138.html#msg269138
Fix #2887, based on NAT states that will be killed, also kill firewall states for same source and destination
Correct the comments describing the error with correct values
Use the name of the interface (lan, opt1, etc) rather than a loop-derived number for the DHCP failover peer name. This should be more accurate in cases where DHCP changes for interfaces happen out of order on CARP clusters, or when somehow an interface's configuration exists on one but not the other.
Add an option to force IPsec to reload on failover, which is needed in some cases for IPsec to fail from one interface to another. Ticket #2896
Add a brief description about bandwidth vs bursting.
Add a field to allow rejecting DHCP leases from a specific upstream DHCP server.
A better fix for conditionally including burst.
Burst of 0 is also valid
Only add burst if a burst is defined
No need for this block of code, it will always have flags by this point if they are needed.
Ensure that we only add a state type on pass, and that we only add flags to a TCP reject rule if they were not added previously. Fixes #3050
Fix #3049, set $config as global to it can be read
Allow user to set interval between attempts to resolve hostnames configured on aliases
Include the burst size in the limiter. Submitted-by: http://forum.pfsense.org/index.php/topic,62470.0.html
Add warning comment about missing IPv6 implementation
Add used binary
Remove referenced binary not used anymore
Remove unused code and spurious alert
Use file_put_contents for simplicity and readbility
Use family parameter for v6 to get correct interface
Remove useless variable and also correct some style
Do not do the same tricks here that are done on get_real_interface but just call the function directly
Get interface from inet6 domain
Use trim rather than str_replace. Also no need to sleep anymore since dhcp will configure first the interface
Remove unreferenced binaries. correct some formatting and also to make function clear to track correct the curly placement
Provide full path to route binary