Specify IP to set for zoneedit
(cherry picked from commit 176d24e1206586cc67888bcbd3a4d947f043a187)
Feature #3151 Disable gateway monitoring actions
without disabling gateway monitoring.
This allows the user to continue to monitor the gateway with dpinger, sothey can see how it is performing, but for the system not to take anyreal action if the latency/loss exceeds the given limits....
Fix bandwidth limitation in mac passthrough auth
(cherry picked from commit aa1c6774927fd6e1b11a9315900035c0e084fd82)
move back to r53.class for license continuity
(cherry picked from commit 16b163661b1d1a5bcc9a24ce023f7a06c5fb420e)
note inspiration/sanity check from r53.class code
(cherry picked from commit 260228142573deeb8ef5eaee34c761ca783f8cd3)
fix testing headers for bad data
(cherry picked from commit 8d8405baf12806a7f09ef8562cfb24f9083809d3)
noted testing for Route53
(cherry picked from commit c46412956fb629a2f7dc94ca2a553444046a39c3)
Fixed status success message typo and cleaned up
(cherry picked from commit 166f4a4c67e61334791b43a21845603c1295ab2c)
fix auth header and minor XML tag issue
(cherry picked from commit 616a24828992d37ea67e810dbf9fd84ec80562e7)
initial commit of code -- having a signing error
(cherry picked from commit cc5adcaa679686e54e4035fa5bc283b1cac085a2)
php fatal error logging
(cherry picked from commit ae3463540ea0a3cc94c18ad9c7b829b2645e8910)
Captive portal: add option to include idle time in total session time
Add an option to choose whether the time spent idle by a user disconnected for exceeding the idle timeout must be included in the total session time sent to the RADIUS server or not.
(cherry picked from commit 1878e1c932fa467956ef44d4bd39adb7d4d21243)
Add BIND logging to proper facility (Bug #5524)
Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package.(cherry picked from commit 957ec89e7959e966e87f83055f57936a945a6b00)
Added STARTTLS to LDAP Auth Server Config
(cherry picked from commit d672403c250556ced61d6eec7c51f5518b5f8c6b)
Backport Cloudflare and Gratis plus passwords in base64 DynDNS changes
Note: corresponding change to upgrade_config.inc to come in master tocorrectly implement the upgrade_155_to_156 code, that is master only andwill become upgrade_158_to_159
Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838
Removed TODO comment
(cherry picked from commit a7e3001c740c79da652a9a4d53509e95adaf0c77)
Put DDNS hostname config in the wrong place
It is relevant to the interface, not just the per-static-mapping DDNS config.
(cherry picked from commit f0cce276a6c292ed23bb628c499989107f6b162e)
Implement ddns-hostname option emission for static hosts in services.inc.
(cherry picked from commit 011f550d9b6d5980bd486af3254b387d3019783b)
Add missing L2TP from this gateway handling case. Fixes #6980
Fix reversed accounting style
(cherry picked from commit f3838572c59ea5ebe656851511c75d217afec815)
- added support for duiadns.net ipv4 and ipv6
(cherry picked from commit 19b7263e859243adfcf6588533cb47b4c768765e)
increase webgui usability when the remote ldap server isn't available
(cherry picked from commit b77a63948b4bd54f3d2e6e9d3822588105fb5741)
ipsec mobile clients, don't check mobile leases if mobile client isn't enabled to begin with
(cherry picked from commit 339279415ced4aaaafb96fc14a334a172b8db49f)
add All-Inkl to services.class(cherry picked from commit 360f3a9011d143944fcd8e5e6b69fced2f9baaf7)
add All-Inkl to dyndns.class(cherry picked from commit 575b1dcf0bdb28c431fca420d27bdedf579ec9c4)
Silence kenv calls
Revise update_filter_relaod_status() function to append status messages rather than overwrite the file
Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589"
Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 9dacff7f1b2b89ebebc1e9456d642e0657bb89cc.
Revert "Apply the fix for ticket #6589 also into dhcpdv6 config"
This reverts commit 776692947bda5c867c7f5e60550c3a508760c251.
Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text
Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".
Ticket #5321
(cherry picked from commit 411d4e6e55475cc66b997ca3e47478dbe10b4e1b)
Fix bug where CARP vip status is incorrent in the interface when morethan one CARP vip is configured for an interface.
(cherry picked from commit 5116a8aa60ad87c0a47aafeca422cc323147ea14)
80 character lines ftw :)
Just because it was asked nicely :)(cherry picked from commit 013110a19b90698cd521fc120b06b7cc37b531e5)
standardise old code ("or" -> "||")(cherry picked from commit f9416ab2bdaae5ca41e70db1c846ab3419fd0cee)
Fix #6899
(cherry picked from commit c766ac7dd723f6e36980c48b0dd156b492556616)
ipsec, apply routes also for IP-aliases with carp parents
(cherry picked from commit ee908e93671fddb38f8cca5d3d19a28791934878)
syslogd, create configured logsocket directories
(cherry picked from commit 4406922edb1000ef79f4fccfb484aa1103105ac0)
Fixed #6893Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency
Correct part of #6779Setting input "step" value to "any" alows hte element to accept decimal (float) values, not just integers.
Enable ALTQ for cxl. Fixes #6830
OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781
Import a patch to fix Net_IPv6::compress("::")
Obtained from: https://github.com/phil-davis/Net_IPv6/commit/638b96a253164b65c63825c38e79812b6c5f448dSubmitted by: @phil-davis
dyndns: add header processing in curl
some dyndns implementations rely on the correct HTTP header being set. the information was lost and now fixed.
Remove accidental code
Revise login hostname dispaly
Revert "Allow login hostname to be controlled via system.php"
This reverts commit cd6b99147a673b6bd0313fff55cab7eb6879608f.
Allow login hostname to be controlled via system.php
Added hostname to login page.Option control required
(cherry picked from commit 616724395ae00a74fac4cf960ac2261b486e9dae)
Provide conrol on system.php to allow display of hostname on login banner
(cherry picked from commit a22947a4980a9f8beb294d6bad039495164ff1aa)
Update the variable with the round() return otherwise it does not has any effect.
Found while testing Ticket #6272.
(cherry picked from commit 92130da3b5fb55588d351c22042c9ce8ab5883d7)
Make setup_serial_port() write config files safely
This function used to replace /boot.conf, /boot/loader.conf and/etc/ttys on every call. Depending of the moment a power failurehappens, any of these files can be blank and it'll break console setupon next boot....
Change safe_write_file $content parameter to accept an array
Make $force_binary parameter optional, default to false
Prevent /etc/ttys to miss essential lines
We do not create /etc/ttys from scratch but we change it on every boot.If original file is corrupted for some reason we can end up with a filemissing essential lines. Added a check to verify if these lines aremissing and add them back in this case
Add extra validations on is_inrange_v46
Verify if addresses are valid IP address before convert them to makenumeric comparison.
While here, adjust indent.
Inspired by: @phil-davis patch at PR #3189
Make unlink_if_exists return true/false
This allows the caller to do a single "atomic" call to unlink_if_exists.If it returns true, then they know that the file existed and that it hasbeen unlinked successfully.This should help avoid race conditions where multiple code paths try...
Restore dhcp6 leases on full install when using MFS /tmp. While here, fix indent
Remove commented code
(cherry picked from commit 0186b761e05d6f707ddc9cf1898d20ffb7ef9405)
Bring up the wifi interface only after setting up all the other arguments. This prevents issues when using VAPs.
(cherry picked from commit 6416317a239e082b7702957263a51b4052ae43b5)
Remove unused arg in get_pkg_info()
The 2nd argument ($info) isn't used in that function, and doesn't seem to be used anywhere else in the codebase.(cherry picked from commit b9b6841fac4393fbbe6f15ca46fe441122b883d1)
Use tabs consistently
(cherry picked from commit 553de3973dfdb0539a64510666976d523a21f2f9)
Re-enable executing the wifi mode command first. This fixes channel changing, which broke in d325e90818db2b22fc2562c38493769f217230f2.
(cherry picked from commit 8318da5192905a400076d5539ae86afeae82ee03)
Fixup ntpd IPv6 restrict clauses.
This should eliminate the following errors from the ntpd log file whenusing IPv6 or dual-stack networks:"syntax error, unexpected T_Mask, expecting T_EOC"
(cherry picked from commit daed7646d7e8e5d555676299ce660408b490ef81)
Only configure wireless MAC address if a spoofed MAC address is set
(cherry picked from commit a6c4a66da2ee8b0d4d54480dd690700b8c16bb13)
Improve gwlb.inc notification mechanisms
1) Unlink earlier to reduce the chances of any concurrency issues;2) Translate and improve output of available notification;3) While I'm here, fix whitespace and improve PHP syntax.
(cherry picked from commit 54596b8867ff706acc1a7bf74c2db81851830f5d)
Adjust parsing of OpenVPN ciphers to new output format. Fixes #6849
Create pkg.conf with ABI settings
Fix static blackhole routes. Bug was introduced in8be135cd114fbc9294ec9dafed2125d0e553956c (February, 2013).
(cherry picked from commit 580bef1ee3052437487553fcc5dc8428ca665098)
Use !empty() instead of isset()
(cherry picked from commit 6a9d1bfc5c90011af10a1704231340a42fa9f51d)
Improve handling of source-hash key
- Store the source-hash key in its own config field.- Validate the provided source-hash key. Check that hex string input is of the form "0x" followed by 32 hexadecimal digits. Any other string not starting with "0x" is hashed using md5 and stored as "0x" followed...
Revised service running/stopped icons
(cherry picked from commit a03162c874c4e52e6cae52c2eefce87118fd90d2)
Fix #6768 IPv6 static mapping on delegated prefixes
For example, WAN receives a /48 delegated from the upstream (ISP...),e.g. "2001:470:abcd::" pfSense then uses this as a starting point tocalculate the addresses on LAN, OPT1, OPT2 etc where they have been...
Code style changes
(cherry picked from commit b2836666a8e7fc021ea750fafc8fc6e8097d52ff)
Allow packages to request syslogd log socket to be created inside chroot by specifying it in /package/logging/logsocket element. Implements #4898.
Example:<package> <logging> <logsocket>/var/appname/var/run/log</logsocket> </logging>...
Fix up/catch up remote syslog areas. Fixes #6780
More pptp bits
Remove some more dangling PPTP bits.
Move copyright from ESF to Netgate
Remove some obsolete code from globals.inc
Fix handling of backup config count. Fixes #6771
Merge pull request #3071 from phil-davis/Check_IP_Services
Force changes in routing to be detected by the system
When dhcp6c without RA is enabled, dhcp6c isn't killed and respawned, this causes the system not being able to pick up the routing changes. In this case, running the configuration script which fires rc.newwanipv6 solves the problem....
DHCP6 Before RA. Additions and ammendments
Replaced posix_kill() in kill_dhcp6client_process() with mwexec("kill -9 $pid"), this is because the posix_kill call was not reliably killing the dhcp6c process, kill -9 works every time.
Changes to the rtsold script creation. The script lines starting dhcp6c should not have be written to the script when dhcpwithoutra is true....
Improve dhcpd and dhcpleases reload
1) Avoid running services_dhcpd_configure() more times than needed.2) Always restart dhcpleases after it's killed during interface recycle.3) It's not necessary to restart dhcpdv4 when doing changes in ipv6 config.
(cherry picked from commit 509e9357df4755a4fe5d1d9b20eda65bafb855e7)
Ensure only one instance of services_dhcpd_configure runs concurrently
This way kill and respawn will behave as they should for the dhcpd processes
(cherry picked from commit c69ea0051c5549a9db0d092e85b92f78ffb4c978)
Prevent accessing undefined offset in IPv6.inc
On perfectly good IPs (eg. 1:2::3:4) this code could cause the following notice:Notice: Undefined offset: 2 in IPv6.inc on line 560
On bad IPs like 1::2::3 it would not result in any notice.
This commit fixes the above problem, while making sure that only valid sequences pass validation.
system_dhcpleases_configure() - Improve pidfile handling
1) Set the pidfile variable in the correct place. pidfile variable is required in both 'if' and 'else' blocks.
2) Ensure pidfile is valid before sending term signal
(cherry picked from commit 4509abc380552554cbdf3f42c6783b47112f245a)
Apply the fix for ticket #6589 also into dhcpdv6 config
(cherry picked from commit 20350989db5d66ffb827beaed5ef5738cd62fc9d)
Indent dhcpd.conf option custom(cherry picked from commit c507161d557817c1f6f0adbef9ffdbad82115ee8)
Fix #6720 DHCP options by pool
It is a little bit tricky having to generate the unique "option custom-if-n-m code ..." lines at first where n = pool index and m = item index in the items of the pool. Then make sure to reference that later, getting the same pool index into the array of pools. The $all_pools array as the "overall" or "base" pool first (at index 0), followed by the user-specified pools at index 1, 2, 3,... - which are actually at indexes 0, 1, 2,... in the ordinary array of pools in the config. So the -1 at line 910 has to happen....
Fix double domain-name-servers for pool
Add a pool and specify something in 1 or more of the DNS servers boxes for the pool.The "option domain-name-servers 1.2.3.4" line appears twice in dhcpd.confThe first bit of code to do it is at lines 787-799. I have deleted this 2nd time that it is done at lines 854-856....
Fix #6724 VLAN interface displayed wrong
in interface assignment script dialog.
The str_replace() calls were not smart enough to just get rid of bare "igb1" when "igb1_vlan123" and such like was also in the list.(cherry picked from commit fd020a2d94077cc9c8ee6bac5b3da11e116c84a2)
Add a selection for OpenVPN to have no compression preference + comp-noadapt, which is necessary in some client edge cases. Fixes #6739
Use "-C /dev/null" when starting dnsmasq to avoid it picking up an incorrect default config which would override our command line parameters. Fixes #6730
Add an option to push "block-outside-dns" to clients of an RA OpenVPN. Fixes #6719
Fix DDNS domain for static map DHCP entries
If you specify DDNS Domain in a DHCP static map entry, it does not make its way through to dhcpd.confThis is because the var name $pdnscfg is wrong from an old copy-paste that first made this code.(cherry picked from commit a5a55231770e548898b6b1c18146cc0c6631c5c6)
Code style and comments
No functional change - just making style consistent
(cherry picked from commit 9d3e8723171c727cf43338bd8e95ab2bb7e6a66c)
Protect package_reinstall_all()
If one restores a config.xml without packages, there will be a warning about invalid argument supplied for foreach(). This commit fixes the problem.
(cherry picked from commit 5eda5816d8a7bd05730c70e44493815079925b48)
Pass along send_smtp_message() return, otherwise message will not be shown when testing SMTP settings