Fix an obvious mistake.
Reported by: stevewTicket: #8906Pointy-hat to: loos
(cherry picked from commit 0285d8e5c721491c7e8ae8dea0f0fdef95bb5cff)
Always pass the $local variabled to load_loader_conf(), it makes the code easier to read.
(cherry picked from commit 1ef4cbdbb03791f5c3541df44da5a61d00db6e46)
Sync the know variables with factory.
(cherry picked from commit fe7523cbbdee119bf71abb93009f44a9f8e47963)
Filter properly the know variables in loader.conf.
The know variables should be used as prefix not as literals.
(cherry picked from commit 21bacf010021d34012f6869ce1d55268fad7b0ec)
Fix a PHP error when upgrading gateways
(cherry picked from commit bd670efef4c642ebb03b844ef0c38258740a37a1)
Welcome pfSense 2.4.4-RC
Make async_crypto explicit enabled/disabled rather than current isset
Move IPsec VTI interface cleanup list. Fixes #8858
Generate the cleanup list before the P1 loop but after the initialinterface configuration.
Use safe_mkdir() for IPsec dirs. Fixes #8856
Simplifies the process of making IPsec dirs, though it may not correctthe original reported issue since that appears to be a disk problem,it's still better/safer than what was done here before.
Fix #7694: Replace sshlockout_pf by sshguard
Missing line to fix #8850
Allow packages to opt out of a forced start. Fixes #8850
If a package performs its own service start during its sync process,then add <starts_on_sync/> to its service definition in the package XMLfile. Then when rc.start_packages is called, the forced start will not...
Fix Minnowboard Turbot model names. SG-2320 -> MBT-2220, SG-2340 -> MBT-4220
$wancfg is not a reference to $config. Set $random_mac properly on config and break long lines while here
Revert ticket #1337
FreeBSD is not happy with simple set VLAN to use a different MACaddress. Revert it for now and prevent users to change VLAN interfaceMAC address.
Fix some integer assumptions with calculate_ipv6_delegation_length()
Implement #1335:
Let VLANs to have a different MAC address than its parent.
While here also fixes #8138 and do not ignore <spoofmac> for interfaceswithout hwaddr field
Merge pull request #3974 from Augustin-FL/patch-passthrough
Merge pull request #3973 from PiBa-NL/20180821-getarraybyref
Fix syntax and use unlink_if_exists()
Merge pull request #3965 from Hobby-Student/master
Fixed #8823
Add the GUI support to set the VLAN Priority for the DHCP requests.
Ticket #7425
Automatically store username of the MAC created pass-through
Handle HTTP_REFERER better when changing IP addr. Fixes #8822
Fall back to probing active interface addresses rather than config.xml to allow changed addresses that have not yet been applied.
Add a missed case for auth source detection. Fixes #8817
add getarraybyref() utility function for general use (used also to avoid php7 'Cannot create references to/from string offsets' messages)
Certs: Fix CA subject assumptions. Fixes #8801
Several areas made assumptions about the number and order of CA subjectfields that were no longer correct after issue #8381 was corrected.
While here, also remove some outdated references to fields that are no...
on arm and arm64 machines, set kern.shutdown.secure_halt = 1
the arm systems leave enough running after halt to forward packets.this is a bad thing. on arm systems, set this sysctl so that whena halt command is issued, it is severely stopped and no packet...
User login source & proxy fwd addr to user data. Fixes #8813 Fixes #8816
While here, use this info more consistently across log messages andplaces where user info is recorded when making changes.
Revise T&C text area height
Fix syntax
Merge pull request #3972 from Augustin-FL/patch-passthrough
Add interface_is_lagg(), improve interface_is_vlan() and make get_parent_interface() work with laggs.
Added PORTAL_MESSAGE to template, fixed some wording and styling
Readded second authentication type to default captiveportal login
Disconnect and remove previous Pass-Through MAC address when both Disable concurrent logins and passthrough MAC addition are enabled
Merge branch 'master' of gitlab.netgate.com:pfSense/pfSense
Updated captive portal to use a template with customizable image uploads
Co-authored-by: Felix Häberle <felixhaeberle@users.noreply.github.com>
Add default ICMPv6 rule for unspecified src per RFC4861. Fixes #8791
Disable OpenVPN compression for new instances by default. Fixes #8788
Also add warning text that cautions against enabling compression.
While here, also add missing "stub-v2" compression mode.
Merge pull request #3970 from Grapsus/master
Fix #8785: Add CDATA to auth_prompt field
Fixed #8745 by trimming nulls from bridgeif
Merge pull request #3640 from Augustin-FL/master
Fix custom dyndns issue: username and password was not sent with curl flag AUTH_ANY
Upgrade config : Move captiveportal authentication to use user manager
Obsolete old captiveportal radius files
Update captiveportal RADIUS Accounting
Make captiveportal use user manager as auth source
Merge pull request #3946 from martinisoft/martinisoft/dnsimple_v2_api
Merge pull request #3934 from PiBa-NL/20180406-outboundnat-ipv6-mixedaddresses
Normalize RADIUS accounting
Normalize RADIUS authentication
Add GUI control for IPsec async crypto. Implements #8772
include IPv6 in $tonathosts so nat rules can be expanded properly when IPv6 rules are made
PHP7 related, cast bandwitdh to int to make sure it is a numeric value Fixes #8757
Fix #7604: Rework pkg reinstall on config restore
- Remove old code needed to upgrade fom < 2.3 to 2.3- Simplify logic using a single file /conf/needs_package_sync- Create /etc/rc.package_reinstall_all, a script used to reinstall all packages present in config but not on pkg database...
Do not remove needs_package_sync file when it's not needed
Use packagelock flag for checking
Do not run rc.start_packages when restoring a config backup
Add missing -f to make pfSense-upgrade to remove all packages when restore factory default
Start packages after pfSense-upgrade finished
Improve readability on booting message
Remove code used to upgrade from < 2.3 to 2.3
Do not rely on internet connection when running 2nd/3rd upgrade stages
Add IPv6 version of IPv4 private nets to DNS Rebinding list. Fixes #8750
Fix #8595
Implement MTU override option that allow client to force a bigger MTUvalue than the one negotiated on LCP that is known to work.
Merge pull request #3969 from luckman212/2y-prefix-is-ok
Add config function init_config_arr()
This function initializes a set of nested keys under $config to avoid multiple levels of manual is_array() checks and creations.
Pass it an array of keys to test and create, for example:
init_config_arr(array('virtualip', 'vip'));...
Merge pull request #3967 from PiBa-NL/20180729-alias-with-carp-parent
Removes some legacy code in auth.inc
There was a compat issue between PHP's $2y$ bcrypt hashes andolder versions of FreeBSD. However, this compat issue was fixedlong ago and appeared in FreeBSD 11.0-RELEASEhttps://reviews.freebsd.org/D2742
Fix #8737: Add option to use multilink over single link for PPPoE
Revise page footer text and centralize footer output for consistency
FEC LAGG is deprecated, remove from GUI and change on upgrade. Fixes #8734
outbound-nat, make sure rules generated wont have required missing options that might make the rules fail to load
outbound-nat, make sure rules generated with outbound-nat rules are valid also on interfaces with mixed ipv4/ipv6 address environments
Preliminary footer revisions. Pending link targets
Validation for GUI custom settings. Fixes #8726
Add validation for customizable GUI setting fields and test submittedvalues before allowing them to be stored.Also ensure that dashboardcolumns is an integer before using it in theGUI.
Create cron array if it doesn't exist on upgrade.
(cherry picked from commit aabd093849d61eacdf7bdcb584c812638b3732a0)
Merge pull request #3962 from PiBa-NL/20180708-routing-default-gateway
Fix a potential PHP error from a pf filter reload error.
Make whitespace more obvious in a user/cn mismatch
Skip repo check for base packages
Revert "Parameter must be an array or 'all'"
Fix #8715 respecting get_pkg_info parameter when it doesn't start withpfSense-pkg
This reverts commit 70a7c029fbe61935da7474358e7359bb9dc1bcc3.
interfaces, ipalias fix initializing ipaliases that have a carp parent after interface down / up
Make sure additional packages are provided by official pkg repo
Fix style
Parameter must be an array or 'all'
Merge pull request #3908 from pdemonaco/master
Add a mechanism to blacklist interfaces from filtering. Fixes #8685
Only entry at the moment is ipsec for if_ipsec interfaces which havesome issues interacting with pf currently.
PHP7 syntax fix
VTI input validation. Fixes #8674
Add input validation to prevent switching away from VTI or deleting aVTI P1/P2 which belongs to an assigned interface, since this would breakthe interface assignment and cause an interface mismatch at the nextboot.
Remove unneeded VTIs in IPsec sync. Issue #8674
Still needs input validation to prevent changes that would remove anassigned interface.
Fixed to be accurate when converting from us to ms
Change us to ms for gateway alarm.
Fixes #8477 looking to be more consitent changed to use ms for gateway alarm.Thanks to Luke Hamburg for helping with this and the code idea.Keeping it as 0.xxxms for under 1 millisecond responses.Just to stay ms as much as possible.
Fix PHP error when adding a gateway from interfaces.php. Fixes #8680
routing, when a new pppoe connection is made the gatewaymonitor should be started before decisions about default route can be properly made. also for 'automatic' provide a fallback to the first enabled gateway thats configured, just in case..
Fix PHP7 error due to lack of int casting for gateway weight when making rules.
Fix PHP7 array issue in array_merge_recursive_unique()