Only show copynotice when version changes
Detect XG-1537
Revert "Do not associate IP and MAC on down table. It should help #7813 and #7833"
This reverts commit aa61ecfde0952ed1c3a035ac9489f5a5f9c51425.
Do not associate IP and MAC on down table. It should help #7813 and #7833
Revert "Update translation files"
Bad commit log
This reverts commit ff8d44d194b6a5ada8fcd2aafe8c7ec358a7adae.
Update translation files
Only run swapon and rc.savecore when the SWAPDEVICE is valid.
Fix #7834: Delete IPFW pipes when disable Captive Portal zone
Remove correct file
Ticket #7834: Add missing global declarations
Remove the previous 'no_dad' workaround now that if_stf is fixed.
Partly revert b76e0baebb70775b192507ec18f523141800ce95.
If /boot/loader.conf is not presetn check /boot/loader.conf.local.
Move this file_exists test inside the dpinger status check loop and also suppress PHP errors from stream_socket_client()Both are done to avoid a race where the status file can be missing and the status check fails, resulting in an alert/crash report.
Fix incorrect function name/typo. Ticket #7719
(cherry picked from commit 48c4a0ea0958c0820f6caab2bf5182967114ac58)
Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.
Fix #7719
When Dynamic DNS entry uses a gateway group as interface,return_gateway_groups_array() will be called and it returns realinterface instead of friendly name, as expected. Take both friendly andreal interface name into consideration.
Merge pull request #3763 from PiBa-NL/20170624-apinger-initialize
Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853While here, add the cert serial number and sig digest type to the info block for each cert.
Remove /root/force_growfs after use it
Use the full CA chain when sending an LDAP SSL query. Fixes #7830While here, fix a couple more ldap_start_tls() calls that need a preceding @.
Restore bad username or password message
Don't print a PHP error if LDAP STARTTLS fails.
Bump config revision, fix comment. Ticket #7809
Setup upgrade code for wireless interfaces to the new format needed for 2.4, and switch rc.bootup so the config upgrade happens before a mismatch test, otherwise we can't fix this type of situation. Fixes #7809
Correct typo. Fixes #7802
If the user chose to have DDNS Hostnames forced, respect that in the backend code for static map IPv6 hosts. Fixes #7324
Add French to GUI
Bump to 2.4.1-DEVELOPMENT
Add Polish to GUI, it's over 75% complete
Merge pull request #3795 from PiBa-NL/20170808-hfsc-no-prio
Merge pull request #3799 from marjohn56/Unbound-start-delay
Do not use reference to avoid losing data
Always run additional_config_upgrade() and do it after config is written
Fix indent/space
Check if specific config upgrade code already ran and skip it
Add a function to be called every time convert_config() runs
Refresh cache every 2h when using GUI
Make sure pfSense-upgrade return code is obtained instead of tail's one
Unset workaround used to set cronjob on 2.3.x
Converted thermal sensor widget to use central refresh system
Put the FQDN first in /etc/hosts to make dnsmasq happy when reverse resolving hostnames. Make a special exception for localhost. Fixes #7771
Revise error page to comply with login page style
Fix a couple of 'route: writing to routing socket: Invalid argument' warnings during the boot.
Use the correct variable and only add the route when the hostname is resolved (if the remote address is a hostname).route: writing to routing socket: Invalid argument
Do not run the dpinger when the IPv6 address has the tentative flag even after the timeout.
Disable the DAD on the stf interface. This prevents the dpinger from start.
Update cache when GUI successfully update pkg metadata
Consider only last output line
Some systems - only one that I am aware of, complain that unbound is starting before dchp6 has completed leading to problems, this occurs only on boot.
Further examination did indeed show that the problem is caused by unbound starting before the dhcp6c - RTSOLD - rc.newwanipv6 have completed, making sure that these have all run before unbound is allowed to start corrects the problem....
Speedup get_system_pkg_version() considering only installed packages
Use cache file to show pfSense version information
Save pkg update return code
Add a protection to prevent ending up with duplicate crontab entry
Sort languages alphabetically (in English)
Add Dutch to GUI, it's over 75% complete
Run rc.update_pkg_metadata in background when repository changes
Make sure pkg metadata is updated at least once daily. It will be used to speedup GUI parts related to pkg update
Revise upgrade script to insert support widget at the top of column 2Add old support widget to obsolete files list
shaper, hfsc cannot use priority, as such don't show the field in the webgui.Also for the other shapers 0 is a valid priorityWhile fairq causes a error loading rules with a priority above 7 so prevent that.
Update config version
Fix upgrade 166 to 167 script
Force the support widget to show when a user upgrades to this version
Remove .empty files from trusted/revoked directories
change login page logo to svg
Fix VLAN Priority set pf syntax. Fixes #7744
Merge pull request #3762 from PiBa-NL/20170624_gatewayalarm_log
Merge pull request #3535 from fernsehkind/Redmine1629
Add pt_BR back to GUI since it's over 75% complete
Merge pull request #3773 from PiBa-NL/20170703-ipsec-sleep-lock
Merge pull request #3761 from marjohn56/master
Merge pull request #3788 from znerol/feature/master/bridge-ipv6-auto-linklocal
Merge pull request #3770 from hamnur/master
dhcp6c Advanced Config prefix interface
Currently, when using dhcp6c advanced configuration the prefix interface is WAN, this is not very useful!
The changes here allow the user to select the interface that the PD will be applied on..
Add Option to use static IPV6 over v4 parent ( PPPoE
A new option when setting a v6 static on the WAN to allow the connection to use the V4 interfaces i.e. PPPoE
Make rules that deal with IP+MAC pairs to be layer2 only
Restore calls to pfSense_ipfw_table_zerocnt(), it's fixed now
Remove unused parameters
Do not associate IP and MAC on down table
Fix syntax
Remove leftover debug
Ressurrect nomacfilter option on CP now IPFW supports combined tables with IP and MAC address
Add support for IPv6 AUTO_LINKLOCAL flag on bridge interfaces
Re-introduce Captive Portal statistics
Prevent iOS auto-capitalization on username field
Use attribute rekey_enable as usual but optionally allow to set margintime if rekeying is not disabled
Change login page links to absolute paths
Use an alternate method to stop unbound and fix #7326
If a client address is in the webConfiguratorlockout table, do not allow them to access the GUI. Print an error and kill their states. Ticket #7693Extra check to be sure that an existing open state cannot bypass lockout controls.
Merge branch 'master' of https://github.com/hamnur/pfsense into HEAD
Hide margintime if rekeying is disabled
Fix typo
Merge pull request #3771 from PiBa-NL/20170701-cron-fix
Merge pull request #3772 from PiBa-NL/20170703-boot-config-check-message
Merge pull request #3782 from PiBa-NL/20170712-nat-configure-skip-no-dest
Restructure how unbound zone data is written to fix processing of "redirect" zone entries. Fixes #7690Also corrects some other misc issues for formatting of zone data.While here, add an option, not exposed in the GUI, for users to get the previous behavior of defining short names for hosts.
nat, portforwards should not make up a new destination information when a configured dhcp interface does not currently have an address.
fixes: https://forum.pfsense.org/index.php?topic=127585.msg733528#msg733528
Fix OpenVPN Auth Digest Algorithm selection so it does not use duplicate/alias names in the list, and fix existing entries on upgrade so they use the actual digest name and not an alias.
Fix CA reference so serial increases properly. Remove variable for feature that didn't work out. Ticket #7527
Stop using pecl-ssh2
Restructure how certificate types and SANs are handled in the cert manager when making a Cert/CSR/Signing, so each section can properly use the controls without duplicating. It is now possible to add SANs and EKUs to certificates when signing using the certificate manager. Fixes #7527 and also Fixes #7677...
Removed MSS clamping exclusions