Unbound - add support for "deny_non_local" and "refuse_non_local" ACLs (Feature #6914)(cherry picked from commit 6a827f6959fc34972e532516a6a414e1cdf87714)
dhcp6c no release
Script changes to allow no-release option of dhcp6c. These changes to beused in conjunction with pfSense/FreeBSD-ports/net/dhcp6c recent changefrom PR #231
(cherry picked from commit 505635302a3d555eb6f82cb552c99c7ecb813f46)
Add missing include(cherry picked from commit 12094fd551055c40b3d0da8d27a5fcaabed0ae54)
Restart unbound after clearing logs (Bug #6915)(cherry picked from commit ef72cd5c2d36ff300de8de5971c05e19d1c9443c)
validateipaddr enhance flexibility for translation
By using sprintf() we can allow for some language where the label text does not fit at the start of the sentence.(cherry picked from commit bb9747b2443902d12c894dfa390089b184d244d6)
validateipaddr code format(cherry picked from commit aa2b8133b3cdb90791b577a90361842cd97bb16b)
Fix comment
If nothing is enabled that requires xinetd, do not run xinetd. Fixes #6308
Correct the descriptions and behavior of the Adaptive Start and Adaptive End settings.
openvpn, startup locking sequence to prevent issues around pid file / process managementfixes: https://redmine.pfsense.org/issues/6940
(cherry picked from commit ce983754d54578d24aec46aa81fec95199c67d80)
dhcpv6_pd_str_help add default case
When the interface concerned does not yet have its details known (e.g. Track Interface values from upstream have not come yet) then we might as well at least give the caller some reasonable text.e.g. I was adding V6 Static Mappings on an interface that has "Track Interface" and no IPv6 delegation yet. The error message that tries to tell me the type of input I need to put or the static IP offset had no example at all....
Add PC Engines APU2 to the list of serial-only platforms
The vidconsole needs to be explicitly disabled for PC Engines APU2,otherwise the comconsole is garbled and mostly unusable during theboot block and boot loader.
(cherry picked from commit 089c18f38443e41d5ad5345cd28c43581496cd2c)
Add specific platform detection for PC Engines APU2
Based detection on $product rather than $hw_model, because $hw_modelreturns the name of the AMD SoC, which might be used on other boards.
(cherry picked from commit ffda0181a4c0989085a201e1a9b6bb0b1d691889)
Encode the auth server list before passing it on the CLI, to avoid issues with special characters that break when interpreted as URL parameters during OpenVPN auth. Fixes #7002
Ensure that mobile IPsec client addresses are added to vpn_networks. Fixes #7005
Comment typos in itemid.inc(cherry picked from commit 632a238f1fb7f0c80e76058563a95bbf6785df53)
Ticket #6472: Add toggle_id
Introduce toggle_id() used to enable/disable associated firewall rules
Simplify logic
Fix comments
$array doesn't need to be a reference here
Update simplepie (RSS Parsing library) to 1.4.3
Fix #6996 using existing variable
Fix #6857
During boot local_sync_acocunts() should be able to access LDAP serveron a non-local network or also resolve LDAP server hostname. To make itpossible move calls to create static routes and start dnsmasq/unboundto run earlier
Specify IP to set for zoneedit
(cherry picked from commit 176d24e1206586cc67888bcbd3a4d947f043a187)
Feature #3151 Disable gateway monitoring actions
without disabling gateway monitoring.
This allows the user to continue to monitor the gateway with dpinger, sothey can see how it is performing, but for the system not to take anyreal action if the latency/loss exceeds the given limits....
Fix bandwidth limitation in mac passthrough auth
(cherry picked from commit aa1c6774927fd6e1b11a9315900035c0e084fd82)
move back to r53.class for license continuity
(cherry picked from commit 16b163661b1d1a5bcc9a24ce023f7a06c5fb420e)
note inspiration/sanity check from r53.class code
(cherry picked from commit 260228142573deeb8ef5eaee34c761ca783f8cd3)
fix testing headers for bad data
(cherry picked from commit 8d8405baf12806a7f09ef8562cfb24f9083809d3)
noted testing for Route53
(cherry picked from commit c46412956fb629a2f7dc94ca2a553444046a39c3)
Fixed status success message typo and cleaned up
(cherry picked from commit 166f4a4c67e61334791b43a21845603c1295ab2c)
fix auth header and minor XML tag issue
(cherry picked from commit 616a24828992d37ea67e810dbf9fd84ec80562e7)
initial commit of code -- having a signing error
(cherry picked from commit cc5adcaa679686e54e4035fa5bc283b1cac085a2)
php fatal error logging
(cherry picked from commit ae3463540ea0a3cc94c18ad9c7b829b2645e8910)
Captive portal: add option to include idle time in total session time
Add an option to choose whether the time spent idle by a user disconnected for exceeding the idle timeout must be included in the total session time sent to the RADIUS server or not.
(cherry picked from commit 1878e1c932fa467956ef44d4bd39adb7d4d21243)
Add BIND logging to proper facility (Bug #5524)
Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package.(cherry picked from commit 957ec89e7959e966e87f83055f57936a945a6b00)
Added STARTTLS to LDAP Auth Server Config
(cherry picked from commit d672403c250556ced61d6eec7c51f5518b5f8c6b)
Backport Cloudflare and Gratis plus passwords in base64 DynDNS changes
Note: corresponding change to upgrade_config.inc to come in master tocorrectly implement the upgrade_155_to_156 code, that is master only andwill become upgrade_158_to_159
Create a dummy /etc/printcap when starting bsnmpd so it it will not log errors. Fixes #6838
Removed TODO comment
(cherry picked from commit a7e3001c740c79da652a9a4d53509e95adaf0c77)
Put DDNS hostname config in the wrong place
It is relevant to the interface, not just the per-static-mapping DDNS config.
(cherry picked from commit f0cce276a6c292ed23bb628c499989107f6b162e)
Implement ddns-hostname option emission for static hosts in services.inc.
(cherry picked from commit 011f550d9b6d5980bd486af3254b387d3019783b)
Add missing L2TP from this gateway handling case. Fixes #6980
Fix reversed accounting style
(cherry picked from commit f3838572c59ea5ebe656851511c75d217afec815)
- added support for duiadns.net ipv4 and ipv6
(cherry picked from commit 19b7263e859243adfcf6588533cb47b4c768765e)
Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963
increase webgui usability when the remote ldap server isn't available
(cherry picked from commit b77a63948b4bd54f3d2e6e9d3822588105fb5741)
ipsec mobile clients, don't check mobile leases if mobile client isn't enabled to begin with
(cherry picked from commit 339279415ced4aaaafb96fc14a334a172b8db49f)
add All-Inkl to services.class(cherry picked from commit 360f3a9011d143944fcd8e5e6b69fced2f9baaf7)
add All-Inkl to dyndns.class(cherry picked from commit 575b1dcf0bdb28c431fca420d27bdedf579ec9c4)
Silence kenv calls
Revise update_filter_relaod_status() function to append status messages rather than overwrite the file
Revert "Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589"
Reverted after upgrade dhcpd server to 4.3.5
This reverts commit 9dacff7f1b2b89ebebc1e9456d642e0657bb89cc.
Revert "Apply the fix for ticket #6589 also into dhcpdv6 config"
This reverts commit 776692947bda5c867c7f5e60550c3a508760c251.
Added addrtolower() function to allow IPv6 addresses to be converted to lower case while preserving aliases or other text
Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".
Ticket #5321
(cherry picked from commit 411d4e6e55475cc66b997ca3e47478dbe10b4e1b)
Fix bug where CARP vip status is incorrent in the interface when morethan one CARP vip is configured for an interface.
(cherry picked from commit 5116a8aa60ad87c0a47aafeca422cc323147ea14)
80 character lines ftw :)
Just because it was asked nicely :)(cherry picked from commit 013110a19b90698cd521fc120b06b7cc37b531e5)
standardise old code ("or" -> "||")(cherry picked from commit f9416ab2bdaae5ca41e70db1c846ab3419fd0cee)
Fix #6899
(cherry picked from commit c766ac7dd723f6e36980c48b0dd156b492556616)
ipsec, apply routes also for IP-aliases with carp parents
(cherry picked from commit ee908e93671fddb38f8cca5d3d19a28791934878)
syslogd, create configured logsocket directories
(cherry picked from commit 4406922edb1000ef79f4fccfb484aa1103105ac0)
Fixed #6893Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency
Correct part of #6779Setting input "step" value to "any" alows hte element to accept decimal (float) values, not just integers.
Enable ALTQ for cxl. Fixes #6830
OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781
Import a patch to fix Net_IPv6::compress("::")
Obtained from: https://github.com/phil-davis/Net_IPv6/commit/638b96a253164b65c63825c38e79812b6c5f448dSubmitted by: @phil-davis
dyndns: add header processing in curl
some dyndns implementations rely on the correct HTTP header being set. the information was lost and now fixed.
Remove accidental code
Revise login hostname dispaly
Revert "Allow login hostname to be controlled via system.php"
This reverts commit cd6b99147a673b6bd0313fff55cab7eb6879608f.
Allow login hostname to be controlled via system.php
Added hostname to login page.Option control required
(cherry picked from commit 616724395ae00a74fac4cf960ac2261b486e9dae)
Provide conrol on system.php to allow display of hostname on login banner
(cherry picked from commit a22947a4980a9f8beb294d6bad039495164ff1aa)
Update the variable with the round() return otherwise it does not has any effect.
Found while testing Ticket #6272.
(cherry picked from commit 92130da3b5fb55588d351c22042c9ce8ab5883d7)
Make setup_serial_port() write config files safely
This function used to replace /boot.conf, /boot/loader.conf and/etc/ttys on every call. Depending of the moment a power failurehappens, any of these files can be blank and it'll break console setupon next boot....
Change safe_write_file $content parameter to accept an array
Make $force_binary parameter optional, default to false
Prevent /etc/ttys to miss essential lines
We do not create /etc/ttys from scratch but we change it on every boot.If original file is corrupted for some reason we can end up with a filemissing essential lines. Added a check to verify if these lines aremissing and add them back in this case
Add extra validations on is_inrange_v46
Verify if addresses are valid IP address before convert them to makenumeric comparison.
While here, adjust indent.
Inspired by: @phil-davis patch at PR #3189
Merge pull request #3188 from NOYB/GitSync_Min_Diff_Combo
Make unlink_if_exists return true/false
This allows the caller to do a single "atomic" call to unlink_if_exists.If it returns true, then they know that the file existed and that it hasbeen unlinked successfully.This should help avoid race conditions where multiple code paths try...
Restore dhcp6 leases on full install when using MFS /tmp. While here, fix indent
Remove commented code
(cherry picked from commit 0186b761e05d6f707ddc9cf1898d20ffb7ef9405)
Bring up the wifi interface only after setting up all the other arguments. This prevents issues when using VAPs.
(cherry picked from commit 6416317a239e082b7702957263a51b4052ae43b5)
Replace underscore with hyphen in option names
Thanks Jorge
Simplify tcsh prompt and respect default terminal colors
Remove unused arg in get_pkg_info()
The 2nd argument ($info) isn't used in that function, and doesn't seem to be used anywhere else in the codebase.(cherry picked from commit b9b6841fac4393fbbe6f15ca46fe441122b883d1)
Merge pull request #3168 from NOYB/GitSync_Min_Diff_Combo
Use tabs consistently
(cherry picked from commit 553de3973dfdb0539a64510666976d523a21f2f9)
Re-enable executing the wifi mode command first. This fixes channel changing, which broke in d325e90818db2b22fc2562c38493769f217230f2.
(cherry picked from commit 8318da5192905a400076d5539ae86afeae82ee03)
Fixup ntpd IPv6 restrict clauses.
This should eliminate the following errors from the ntpd log file whenusing IPv6 or dual-stack networks:"syntax error, unexpected T_Mask, expecting T_EOC"
(cherry picked from commit daed7646d7e8e5d555676299ce660408b490ef81)
Only configure wireless MAC address if a spoofed MAC address is set
(cherry picked from commit a6c4a66da2ee8b0d4d54480dd690700b8c16bb13)
Improve gwlb.inc notification mechanisms
1) Unlink earlier to reduce the chances of any concurrency issues;2) Translate and improve output of available notification;3) While I'm here, fix whitespace and improve PHP syntax.
(cherry picked from commit 54596b8867ff706acc1a7bf74c2db81851830f5d)
Adjust parsing of OpenVPN ciphers to new output format. Fixes #6849
Create pkg.conf with ABI settings
Latest nginx requires /var/log/nginx/ to exist, so for users with /var in RAM it needs created.
Fix static blackhole routes. Bug was introduced in8be135cd114fbc9294ec9dafed2125d0e553956c (February, 2013).
(cherry picked from commit 580bef1ee3052437487553fcc5dc8428ca665098)
Remove workarounds to sort extensions.ini since ports tree now has a better solution in place to track PHP modules dependencies
Report quantity of files being installed by minimal and diff options.
Also consolidate some unset commands.