Add the PPP automatic interface type. This would show the _PPP gateways.
Allow 802.1p tags to be controlled from firewall rules edit screen
feature #2413 Allow IPv6 interface configuration from the menu
normalize indentation
- also rename $section arg to $section_name in some functions to clarify
- also robustify parsing for <tagname> and bulletproof the handling of certain errors
allow null to be passed as 2nd arg to parse_config_xml*
in which case entire config is returned
fix 'XML error: no Array object found!' errors
log_error if rrdtool restore calls fail
add -f to 'rrdtool restore' call
Teach mwexec and mwexec_bg how to optionally clear signal masks, and use that when launching ntp or ntpdate.
On its own, ntpd does not sync fast enough at bootup, so bring back the ntpdate sync but improve it so it can't get stuck forever.
Clear process signals before exec() or ntpd misbehaves if called from PHP on i386.
Move git package name/URL to the configuration variables section.
As suggested by wagonza, using SAMEORIGIN for X-Frame-Options is sufficient here, and does allow the traffic graphs to work. Fixes #2419
Use FreeBSD's ntpd instead in the backend
Fix ntp name here too
Whoops, don't flip these since I negated the test.
Flip this test around since it's safer to assume the dev mode is tun. Ticket #2432
allow port in virtual servers to be left blank
in which case listening port would be inherited from the pool
allow aliases for the ipaddr field in virtual servers (PEV-394754)
make use of the correct file to send notifications
cleanup: code for building arrays for autocompleted fields
max_procs adjustments for small memory systems, attempt 2
Per Jim P's feedback, move max_procs completely out ofsystem_webgui_start() and move all of the memory/procs decision logicto system_generate_lighty_config().
Adjust the captive portal max_procs to reflect the low memory...
prep work: function get_alias_list()
I wrote this function primarily to remove a lot of duplicate codethat's there because of a lot of those autocomplete fields.
add autocomplete to load_balancer_pool_edit.php (PEV-394754)
we also enable the json extension here.
Add click jacking support. Ticket #2419
Handle HTTPOnly and Secure flags on cookies
Back out duplicated fix from 107e8acc - Ticket #1917 was already fixed before this was added.
Respect ['upload_path'] for upload_tmp_dir for PHP
Whoops, typo. Fixed now.
Don't pass a shell escaped version of $realifl to pfSense_bridge_add_member(). Fixes bridging
Stop service needs to wait process to be stopped before trying to restart/start it.
Test if this is an array before using it as an array.
Add support for aliases in DNS Forwarder, fixes #2410
missed a spot for #2407
implement #2407: create config option for captive portal listening port
Fix syntax error in bogons update
Move routing (radvd, routed, ospf, bgp) to its own log since these daemons can be really spammy at times.
Move the stop_packages code to a function, and call the function from the shell script, and call the function directly for a reboot. Fixes #2402 and ticket #1564
Better error handling for crypt_data and also better password argument handling
Restore protection for the "destination any" case for port forward NAT Reflection, which was forgotten when shuffling around code before committing. Also add a couple other missing checks.
fix text. ticket #2399
The descr field might not exist, use a uppercase friendly name
Make sure to stop the dhcpleases6 process
routes should not be skipped when IPsec is on WAN, as WAN may not be the default gateway.
Delete any existing /var/db/rrd/*.rrd files before restoring from the XML
Minor corrections to function names in error messages
go back to scrub rather than "scrub in", the latter breaks MSS clamping for egress traffic the way we use it
Revert change to get_interface_list()'s $vfaces list for now. Interfaces in this list that are supposed to be listed on Interfaces: Assign need special logic on that page, which has not been added yet.
Generate the correct corresponding link local from the carp mac.
Allow optionally using the type of NAT reflection implementation used for 1:1 mappings with port forwards as well, in addition to allowing the old type, which is still useful in its own way.
Add message stating which interfaces are missing.
Suggestion from http://forum.pfsense.org/index.php/topic,48366.0.html
Add some missing interface types in is_interface_mismatch() and get_interface_list()'s $vfaces. Fixes #2384
Clean up filter_generate_reflection_nat, remove obsolete checks, and add new checks that are now needed. Ticket #2240
Use filter_get_direct_networks_list instead of dumping a copy of the routing table. Ticket #2240
Modify filter_get_direct_networks_list to optionally return an array instead, which includes subnet, friendly interface, and gateway (if applicable), for ticket #2240
Update the default URL here for our new FreeBSD release.
Add cheap hack to make syslogd forwarding to IPv6 work at bootup. Fixes #2370
Make sure VPN interface gateways are handled separately
Make sure to push elements we don't recognize on the stack too.
Add upgrade code that updates the dynamic gateway names to their new format new $if_$type.Redmine Ticket #2332. I've tested a simple upgrade with 3 dynamic Wans with varying names and that appears to have succeeded. Needs more testing.
Update pf.os a bit
Add the correct fix to pick up the IPv6 gateway for slaac interfaces
Merge pull request #93 from phil-davis/patch-1
Store PBIs in /root/var/db/pbi so they persist across reboots.
Make sure that SLAAC gateways show up in return_gateways_array();redmine ticket #1834
Add support for SLAAC on the WAN interface, this is required for Stateless autoconf addressing.Normally this should only apply to Appliances that do not need to route. We automatically hook in the dhcp6 client to request name servers from DHCP6 in a information only mode. It will not attempt to request a address. For that you should use the plain DHCP6 option with a prefix size of none....
Handle multiple IPv6 DNS servers in rc.newwanipv6, remove chunk of broken code in the DHCPv6 server that added duplicate lines. Redmine ticket #2380
Store PBIs in /root/var/db/pbi so they persist across reboots.Keep the existing code for old-style PKG packages in case users on 2.1 are doing anything with PKG packages by hand. In theory all proper package installs on pfSense 2.1 (FreeBSD 8.3) should use PBIs.
Include the ntp facility also, should fix ntp logging
Strip the ::1 from the 6to4 gateway address
Re-order the system routing configure after the tunneled interfaces are configured.
Prevent a invalid argument on a empty array
Only add the IPv4 gateway in the DHCPv4 config if we have a IPv4 gateway defined on the system at all.This makes clients trying the IPv4 transport fail a lot faster, and thus more graceful.
Use appropriate syslog priorities.
Fix missing - on route parameter
Some IPv6 fixes for gateway groups
Add static routes for gif tunnel endpoints
Add a static route for the IPv4 relay so that 6to4 or 6rd on a OPT interface works as expected.
Merge pull request #90 from vizvayu/master
Mode selection options for PowerD
Enable verbosity to actually put something in the logs
quiet change: fix indentation of xml2array function
i.e., tabs instead of 4 spaces
Feature #1864 "Start" button for IPsec should be available for IP alias networks
might need more testing.
http://redmine.pfsense.org/issues/1864
Feature #2123 Backup RRD files using the xml dump and restore from RRD tools
http://redmine.pfsense.org/issues/2123
Fix constant. LOG_ERROR should be LOG_ERR
Add brackets to a syslog server if it's an IPv6 IP. (Though FreeBSD's syslogd still won't send to it ... http://www.freebsd.org/cgi/query-pr.cgi?pr=150530&cat=misc )
Update etc/inc/util.inc
fix typo. Ticket #2371
Add modified version of user https://github.com/bcyrill patch that requires a IPv6 literal when used with a port.
Revert "Also validate IPv6 literals."
This reverts commit 21b586aa12ca35ccf54d4ddf66b0305e12e62a4d.
Modify get_configured_ip_aliases_list to optionally return the full vip entry and use this information to get the subnet and not just the IP in filter_get_direct_networks_list.
For consistency, generate a masked out subnet IP from the IP alias instead of using the IP directly.
this is only valid in mpd5 (really?...) Revert "RADIUS accounting updates are needed for PPPoE and L2TP too"
This reverts commit 02b14dcb49da8dc278e87785bb3f811336bf1fd0.
RADIUS accounting updates are needed for PPPoE and L2TP too
Also return IP alias VIP networks in filter_get_direct_networks_list.
Also validate IPv6 literals.
Remove duplicated function
Add alias support to static routes (needs some testing) Ticket #2239
Conflicts:
etc/inc/filter.inc etc/inc/util.inc usr/local/www/system_routes_edit.php
Added mode selection options for PowerD.
Restore this piece of logic, otherwise the firewall rules break.
Also use the prefix calculation function here.