Resolves #3177. Do a filter reconfigure if the dynds ipsec hosts are present and being reloaded.
touch up text, s/nat/NAT/
shaper burst may be blank, but if not then must be numeric
Fix #3172, return_gateway_groups_array() was returning the last vip since it was using wrong variable name on iteration
Dummynet does not require burst size specification
Dummynet traffic shaper does not require burst size specification andassumes 0 if not specified. Allow user to leave burst field blank/
Provide get_uptime_sec in a common include file
so it is available to anything that cares.
Use physmem and realmem from get_memory() in the appropriate places
Use new names for get_memory parameters
Use hw.physmem when calculating pfsense_default_state_size
hw.physmem is the actual amount of memory that FreeBSD/pfSense can get its hands on, so use this for the calculation.
Use updated get_memory var names
The value of minimum_ram_warning is designed to be compared to hw.physmem - so do that. Usse the appropriate physmem or realmem value in each place.
Improve var names in get_memory
realmem is the amount of actual (real) memory installed - the size of the RAM card - e.g. 256MBphysmem is the amount of memory available to FreeBSD after BIOS, video... has stolen some of realmem.The variable names currently used are not very helpful for code readability. This standardises them. No functional change here.
s/require/require_once/g for filter.inc to avoid redeclaration errors in some rare cases.
Support the names used by the status page as well as those used internally by service entries.
Delete old route for remote gateway when its IP changes. It fixes #3155
Fixup check for existing easyrule block rule to account for the ipproto and when the ipproto is blank.
Add scope to target when it is a link-local, it helps ticket #3150
Attempt to recognize pfsync entries from pf logs.
Fix selection of IPv6 target IP for IPv6 Outbound NAT rules.
This makes it possible (without source hacking) to do many:1 NAT of IPv6.
Some will rejoice. Some will curse.
This should really only be done in limited, specific circumstances. Don't develop the IPv4 NAT mentality with IPv6.
Obsolete more ntp binaries from base
Use ntpdate from ports also and obsolete base one
Ooops fix this to add only th einterface
Obsolete base ntpd since we are using the one from ports
Add scope identifier to target when its link-local
Add also a special case so the correct ip is returned for the case when WAN is v4 PPP type and v6 is DHCP but with option fetch v6 info from v4.
When using DHCPv6 and only requesting a prefix the communication on the WAN interface will be over link-local so return the link-local address of the interface in this case rather than nothing.
Optimize a bit to try and convrt back to friendly interface only when needed
Resolves #2627. When WANv4 is PPP and v6 is DHCP but the option get v6 info from v4 is ticked the real interface is different. For WANv4 is pppXX and for v6 is the real underlying interface. Take this into consideration during interface_bring_down to properly cleanup things
Correctly remove IPv6 addresses from the interface rather than just erroring out. The same trick that works for IPv4 of not specifying address does not work with v6
Even if called with wrong parameters try to do something rather than return here.
Add the check even here when dealing with ipv6 addreses
Handle link local addresses with embedded interface scope on is_ipaddrv6 and also on dnsmasq which is not yet there for these addresses
Unbreak limitrules and probably pfblocker errors. Spotted-by: Jim
When renaming or deleting a virtual server, clean up the old relayd anchor name. Otherwise the rules are still there and valid, and will cause problems as they will override the new VS settings. Also clear out the anchors when stopping relayd or starting fresh that way no old settings could conflict.
Synchronize dhcpv6 as well if dhcp sync setting is on. Reported-by: http://forum.pfsense.org/index.php/topic,65487.0.html
Cleanup some code that is not needed anymore
Use pfSense module functions for finding interface v6 addresses. The addresses will be not in friendly format as returned by getnameinfo
Remove prior CSC entry when cleaning up. Fixes #3143
Declare globals as global before defining them in openvpn.inc
Force apinger to write the status file before getting gateway status
Ticket #3139 try to detect if the popen is closed from an error
Fix interface selections on UPnP to show the customized descriptions entered by the user. While here, add an external interface selection knob. Fixes #3141
Conflicts:
etc/inc/pkg-utils.inc
Fix #1047
Remove duplicate polling set
Show apinger as a service when active, and display its status on gateway-related pages.
Don't print this message for a mobile IPsec setup. It's normal for it to not have an endpoint, and not worth spamming the log about.
Try to do the loading operations as close as possible to avoid any issues coming from it
Correct bandwidth assignment so the configuration is not reverted courtesy of ipfw(4) swapped arguments. Reported-by: http://forum.pfsense.org/index.php/topic,65069.0.html
Reload apinger now that we can rather than restarting. Related to Ticket #3119
fix text - s/occured/occurred/
the state type is required/valid for all specifications of protocol, notjust the ones formerly listed. For instance, sloppy is valid (and widelyused on 2.0.x and some older 2.1x) with "any" protocol.
Resolves #3121. Fix the command so it does perform correctly
Manually revert the patch to cleanup aliases since now its propely handled in the ip assignements. Ticket #2495
Add Zone to the messages logged on syslog from CP to easy troubleshooting
Reorder reverse lookup overrides so user-specified ones are effective
If the user specifies a domain override for 10.in-addr.arpa and also specifies "Do not forward private reverse lookups" then the user-specified entry is not effective. But the code was supposed to allow users to specify individual reverse lookup domain overrides that took precedence....
Fix up filter_pflog_start - optimize some code, and fix $retval so that it will be restarted correctly after killing it.
Show the name of the unresolvable alias name as well as the rule description to avoid ambiguity.
use correct domain names when registering static DHCP entries in DNS
When registering static DHCP entries in DNS, we first try to use the domain name configured for the static entry (if any), then the domain name configured in the DHCP server settings for the corresponding interface (if any), and as a last resort the system domain name....
Fix #3113, fix multiple english spell errors s/seperet/separat/
Optimization has nothing to do with limits
Fix #3106, parse 'not' rules right on destination for port forward + reflection proxy rules
Allow advanced options state-related parameters to be used for TCP, UDP and ICMP
Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
Update rrd.inc
Fix this errorphp: rc.bootup: The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/system-mbuf.rrd N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 4 data source readings (got 5) from N:U:U:U:U:U'
Implement an option to allow using the IPv4 connectivity interface for sending the dhcpv6 information. Usually useful for ppp[oe] type links and some ISP
Add missing backup of gettytab
Merge pull request #718 from N0YB/Advanced_DHCP_Client_Options
Fix required options syntax typo
3652 days worth is a too much. Scale it back to more reasonable 1.25 x maximum used data (2284 days).
Handle IPv6 in ip_in_interface_alias_subnet()
Merge pull request #714 from phil-davis/master
Minimize inclusion of bogonsv6
Disable the BEAST protection by default because the GUI will break if you use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.
If "Allow IPv6" is on, but actually there is no enabled interface with "Block bogon networks" enabled, then we also do not need to include the bogonsv6 table into pf.This allows some more flexibility for users to leave "Allow IPv6" checked, but still not use up memory for bogonsv6.
Sync p0f database for OS detection w/current file from FreeBSD
Don't blow up the config if someone enters int'l chars in an LDAP attribute/DN field. Ticket #2227
Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted.
Call interface_ipalias_cleanup() after $interface is initialized, and get current IP after it
Add an RRD graph for MBUFs under system. Tweaks welcome.
Don't generate reflection rules if reflection is disabled for that rule.
Do not break ppp type interfaces on v6
For ppp interfaces the real interface is not present anymore in the xml config section of the interface. Due to this do some more work on extracting the real interface when ipv4 is pppoe/ppp/... and ipv6 configuration files will use the wrong interface to request information from provider. Reported-by: http://forum.pfsense.org/index.php/topic,64483.0.html
Enable filtering on ipfw sysctl not dependent on ipfw module otherwise issue reported here http://forum.pfsense.org/index.php/topic,64412.0.html happens
Ignore errors/warnings from these calls
support mitigating BEAST attack
According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30
"...by setting
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
you can mitigate BEAST attacks."
Merge pull request #712 from phil-davis/master
Correctly decide if dhcrelay (v4) is enabled
Correctly decide if dhcrelay is enabled
Merge pull request #711 from phil-davis/master
Teach services code about start stop restart of dhcrelay6
Teach service start stop restart about dhcrelay6
Consistent dhcrelay6 pid file location
Merge pull request #710 from phil-davis/master
Start DHCrelay6 on boot
Fix #3091, fix bad var assignment
services_dhcrelay6_configure developerspew debug text fix
Move variable declaration to the top, declare it global before defining. Fixes #3090
Remove irrelevant comment.
Fix copy/pasto introduced in previous commit.
Don't automatically add hidden rules to pass all IPv6 traffic to/from delegated prefixes. Default IPv6 from LAN -> any rule covers outbound properly as-is, and WAN rules shouldn't pass in that permissively. Also the prefix length calculation was off and the LAN rule(s) would be too permissive anyhow.
Implement proper releasing of pipes allocated based on CPzone. Keep track of which zone a pipe is and release those pipes during disabling/deleting of zone. Ticket #3062, Pull request #698
Use empty to cover all needed cases as suggested on #3062. Suggested from pull request #698
Merge pull request #703 from razzfazz/dyndns_custom_v6
Add support for HE.net AAAA record updates. Fixes #1825.
Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
Implement URL Table aliases for ports instead of IP addresses