Remove old dnssec-keygen style files during upgrade
Add RFC 2136 Client key algorithm choice. Implements #8244
Replace Dynamic DNS dnssec-keygen style files with simpler ddns-confgen style file.
Merge pull request #3887 from JoeriCapens/dhcp-ddns-algorithm-choice
Add missing $cpzone declaration. Fixes #8238
Merge pull request #3881 from marjohn56/Increase-FPM-process-availability-in-high-ram-systems
Merge pull request #3792 from PiBa-NL/20170731-status_queues-realtime
Merge pull request #3867 from dennypage/master
Merge pull request #3866 from PiBa-NL/20171104-pkg-reinstallmissingpackage
Revert "Merge pull request #3868 from loonylion/master" Caused issues reported in https://redmine.pfsense.org/issues/8223This reverts commit 74c55258b21ada7a542965c2470fbaa45ce19689, reversingchanges made to 2acb4025ee7fef074a67d1021a5e62a0aff9fd37.
Merge pull request #3890 from JoeriCapens/master
Add a missing return when no NIC is found.
Abort the initial interface setup when no interfaces are found.
Set default key algorithm to hmac-md5
Fix #6319 again by adding missing dns-servers
Pretty up the new smtp notification header.
Fix auth_check.inc so it conforms to the rest of the session management code. While here, make sure it performs a commit to avoid PHP session gc from reaping the session. Fixes occasional timeouts when sitting on pages that only fetch AJAX for prolonged periods. Fixes #8116
Add DHCP Dynamic DNS key algorithm choice. Implements #6621
Remove ix from the ALTQ interface list. See ticket #7378
Merge pull request #6319 from JoeriCapens/master
Fix logging for L2TP and PPPoE server login/logout events. Fixes #8164
See https://redmine.pfsense.org/issues/8164 for the reasoning about why it was done this way.
Fix #6319 by setting ptr-domain and key variables correctly for dhcpdzones()
Merge pull request #3884 from stilez/patch-71
Fix typo
When retrieving a public key for a certificate, private key, or signing request, write the certificate data out to a temp file instead of echoing it through a pipe. Fixes #8153
Revert "Mitigate possible vuln in cert manager"
This reverts commit 1a68f4badd58de8694ac6a4208e11d7265c97df3.
Mitigate possible vuln in cert manager
Add isset, other vars seem to use it
Doesn't seem to have a point though :)
typo
Unbound: Disable IPv6 outgoing queries if IPv6 blocked in firewall, as they can never go anywhere
If IPv6 is disallowed in system->advanced->network, then any IPv6 lookups by Unbound will always be blocked, so there's no point sending them.
The practical purpose is that they also clog up the log and may fractionally slow down the resolver because the resolver then has to deal with IPv6 not replying, fallback lookups, etc....
Merge pull request #3863 from PiBa-NL/20171103-routes-recursive-alias
routing, support use of recursive network aliases in static routes
Merge pull request #3823 from PiBa-NL/20170919-bootupcomplete
Increase FPM process availability in high ram systems
To reduce chance of nginx gateway error when interacting with FPM backend, this patch does the following, starts up extra FOM server processes at startup, allows more to stay running on standby, increases automatic shutdown time from 5 seconds to one hour. On systems with a gig or more of ram
Merge pull request #3868 from loonylion/master
interfaces_fast.inc: removed accidental rolling 'r' from comment removed unused parameters from definition of convert_real_interface_to_friendly_interface_name_fast()
interfaces_assign.php: removed profiling code removed unncessary comments...
Merge branch 'master' into master
Merge pull request #3870 from jtl999/v2.4.2rc-dhcp6fix
Merge pull request #3844 from luckman212/ovpn-gw-patch-2
Merge pull request #3769 from PiBa-NL/20170626-phpfpm-status
Merge pull request #3183 from znerol/feature/master/register-openvpn-cn
Changed license as requested and added a missing apostrophe in a comment.
Merge pull request #3875 from LedPighp/dyndns_godaddy
Merge pull request #3872 from jackfagner/patch-1
Merge pull request #3820 from phil-davis/status-if-disabled
Merge pull request #3819 from PiBa-NL/20170910-show-interface-openvpn
Merge pull request #3768 from PiBa-NL/20170625-notices-queue
Merge pull request #3747 from PiBa-NL/20170529-dhcprelay-destination-interface-discovery
Merge pull request #3738 from PiBa-NL/20170521-oneonone-nat-fix-empty-ip
Feature #8123: Add GoDaddy as a Dynamic DNS provider
Bug in get_interface_ip
Global variable $config was not available, and IP was always fetched using find_interface_ip
fix for leftover dhcp6c lock file(s) after unclean shutdown
Bump version to 2.4.3-DEVELOPMENT
Ensure that the value passed to ipfw pipes is always an integer, no matter the source. Fixes #8097
Add a separate checkbox for OpenVPN servers to redirect an IPv6 gateway now that OpenVPN has a native flag for it. Implements #8082
While here, since local network boxes are hidden when redirect gateway is enabled, do not use the values in those boxes when crafting the configuration. That way the GUI configuration is consistent with the backend.
refactored interfaces_assign.php to to benefit people with large numbers of VLANs, as requested on the forum at https://forum.pfsense.org/index.php?topic=137391.0. Also contains a minor speedup for interfaces_vlan.php. Modified functions are contained in interfaces_fast.inc. Profiling code is still present but commented out, as is replaced code.
Remove this part, the voucher settings shouldn't be synchronized this way, it's handled via the voucher sync settings on the secondary. Fixes #8079
It was only working before because of this typo, the code shouldn't have been there at all.
When synchronizing vouchers, avoid allowing null values. Also, fix a missing variable global declaration. Part of ticket #8079
Correct voucher config section name. Part of ticket #8079
Use a strict check of array_search() result
Remove empty items from output
Detect when system is running a newer version than the one available on remote repository
Always do rquery when pkg search is not used
Fix #7946: Display installed packages missing on remote repo to let user to delete it
Also kill off sshlockout_pf processes when restarting syslogd. Fixes #7984
Several corrections to service sorting to produce output consistent with user expectations. Fixes #8069
Reorder reading the product name in pfSense-rc so it happens after all filesystems are mounted. Fixes #8065
Provide mechanism to allow for transition to a new package repository server
Check for /bootpool and import the bootpool zfs pool if present. Fixes #8063
Add the XML tags to support the switch entries.
Support shutdown scripts in /usr/local/etc/rc.d. This allows packages to take critical shutdown actions such asUPS power kill in NUT.
status_queues, provide 'realtime' statistics-retrieve 'current' numbers from pfSense
not using qstats provides the following advantages:-no long lag which requires 18 updates to get 90% accurate values on screen-showing queue's in 2 browsers does not show half the value...
pkg, reinstall missing packagechange the reference from install_package(.) as this function does not exist.
When crafting the CA subject for ipsec.conf, handle component values that are arrays. Fixes #7929
When ntp is bound to specific interfaces, disable listening on wildcard. Fixes #8046
Add an option for LDAP servers to use the global root CA list as a peer CA. Fixes #8044
Disable HSTS for captive portals
Add option to disable HSTS for nginx (Bug #6650)
Crudely fixed #7786 by eliminating check of parent bandwidth when children are sepcified in %
Merge pull request #3857 from PiBa-NL/20171022-pf-wait-dont-wedge
Merge pull request #3859 from PiBa-NL/20171031-xmlrpc-encodedspace
Merge pull request #3860 from PiBa-NL/20171031-config-backup-check-exception
pf, retry pfctl -f rule loading when pf is 'busy', don't try and fail to force -d -e as that would also fail at this point in time.
Merge pull request #3858 from nagyrobi/patch-25
config, xmlparse throw exception instead of calling die(), so corruption check will properly handle the unlink action of the corrupted config
Fix handling of wildcard CN/SAN entries in certificates. Fixes #7994
Fixed #8035
(cherry picked from commit 9c4e7fd3e155d08911feb0afc527af21d79ce917)
xmlrpc, fix usage of space and + character that need different encoding
Update the system sysctls to not harvest data from interrupts, point-to-point interfaces and ethernet devices.
The sysctl names changed in FreeBSD 11.
Make is_ipaddrv6() compatible with is_ipaddrv4().
Only the IP address must be accepted, address with netmasks do not qualify.
Ticket #8024
Do not display logo.css as a valid theme
Fix #7984: Make sure sshlockout_pf stops when syslogd stops
Fix typo in function name: insterface_is_qinq -> interface_is_qinq
Fix a typo.
Allow the use of mbuf tags to set the VLAN pcp on output packets.
This is necessary for use with the pf 'set prio'.
Ticket #7973
added a string SESSION_TIMEOUT to be returned when a widget times out
The members of a LAGG cannot be assigned, used in VLANs, QinQ, or PPP.
This commit removes the LAGG members from the list of available interfaces.
Do not allow direct download of .inc files (unparsed PHP source). Fixes #8005
Do not return QinQ interfaces in the physical interface list.