Allow the selection of "any" interface in floating rules. Implements #12392
SNMP service restart improvements. Fixes #12611
IGMP Proxy service improvements. Fixes #12609
Always restart gateway monitoring and services on interface UP/START event. Fixes #11570
Clear aliases,filter,shaper and natconf flags on filter_configure(). Fixes #12678
DNS Resolver restart improvements. Fixes #12612
Remove unused add_hostname_to_watch() from ipsec_setup_gwifs(). Issue #12645
Fix full path to executable files. Issue #11941
Keep command line history WebGUI option. Implements #12675
Optimize openvpn_resync_all(). Fixes #12628
Delete static default route if default gateway is NONE. Fixes #12536 #11692
CARP status check for RADVD with link-local address. Fixes #12582
Remove link-local scope from IPv6 addresses in filter_nat_rules_generate_if(). Fixes #11984
GleSYS DDNS return code check fix. Issue #12672
Add IPv6 scope to DHCP6 link-local routes. Fixes #11764
Skip out-of-range entries on DHCP6 service start. Fixes #12527
Generate unbound ACLs for OpenVPN CSO. Fixes #12636
Initialize $cmp with an empty array. Fixes #12749
Static IPv6 route delete fix. Issue #12728
Update Static Route and OpenVPN alias name when the alias is renamed. Fixes #12727
Only request copyright file is ews.netgate.com is resolvable. Issue #12141
Use http_build_query() for Google Domains DDNS post data. Fixes #12754
Eliminate duplicate shell commands from history file. Feature #12741
Convert OpenVPN Tunnel Network to correct format on save. Issue #11416
Display interface interrupts. Fixes #12735
Add OpenVPN CSO to Automatic Outbound NAT. Fixes #12792
Correct NTP service status logic. Fixes #12775
Add UPnP NAT anchors before NAT rules. Fixes #7727
One-time NTP sync from static servers NG 7447
Sanity check the clock at boot. Issue NG 7447
Delete temporary ACB files. Fixes #12745
Default repo selector to stable repo after upgrade to Plus
Detect correct setting for custom repo and call pkg_switch_repo to be sure
Revert clearing custom repo on boot
Revert "Move custom repo removal code to a better location in rc.reboot"
This reverts commit e696b0868a495af4f19505b8261f25d6604adc8d
Move custom repo removal code to a better location in rc.reboot
openvpn.tls-verify.php exec() output fix. Issue #11829
ldap_get_groups() return value fix. Issue #12699
Delete all custom files if the custom repo specification is incomplete
Improve OpenVPN Data Cipher handling. Fixes #12677
Update master to 2.7.0
Revert "Update master to 2.7.0"
This reverts commit ac7ec30f39a3069d3192a73b78e5977fc834482e.
netgate-ca.pem is now in the base image at /usr/local/share/${product_name}/ssl/netgate-ca.pem
Update the git protocol.
For more details see: https://github.blog/2021-09-01-improving-git-protocol-security-github/
Use /conf/restore_config_data trigger file to restore extra data on install. Feature #12518
Improve solo weighted GW in Failover. Issue #12660
If there is only one gateway to add in a macro definition, there isno point in repeating the string based on the gateway weight.
This is a potential contributing cause to issue #12660
Disable DNS Resolver recursion if the selected outgoing interfaces are not available. Fixes #12460
Originally-By: Viktor Gurov
Revert "Use OpenVPN async client-connect, clear stale rules, add option to limit connections per user. Implements #12407 and #12332 and #12267"
This reverts commit 7aaa20d95a345c4688e8786c755c7d0433451688.
Update the Copyright year of the files owned by Rubicon/Netgate.
Create port forward rules for PPPoE Servers interface. Fixes #12452
Fix SSH keys permissions on restore. Fixes #12637
Do not update Dynamic DNS if the public IP address cannot be determined. Fixes #12617
Ignore DynDNS requestif for non-custom providers. Fixes #12631
Use installer_copied_config as an extra data restore trigger. Issue #12518
Merge pull request #4550 from znerol-forks/fix/master/radvd-search-list
Merge pull request #4546 from olehfb/namedotcom_dyndns
Initialize searchliststring variable in every loop iteration
Add tag 1 to Captive Portal passthrough MAC table. Fixes #12615
Do not update DNS RFC2136 if the public IP address cannot be determined. Fixes #12617
Pushover notifications fix. Issue #12614
Use Trusted Store CAs for Dynamic DNS. Fixes #12589
Bounce dipinger when bringing down interface that has a gateway
One.com DDNS update. Issue #12352
(cherry picked from commit 9a84d3b0b5e4709a5bde99d3edf4f8e89524b602)
2.6.0 is now BETA
Init tracker ID before filter reload. Fixes #12588
syslog: fix ridentifier retrieval when looking up by rule number
pf rules no longer include the ridentifier immediately after the rulenumber but instead list it as a separate keyword like this:
@4(0) block drop in log inet all label "Default deny rule IPv4" ridentifier 1000105583...
Send Telegram/Pushover/Slack notifications on CARP MASTER event. Fixes #12584
Use notify_all_remote() in /etc/rc.notify_message. Fixes #12585
syslog: fix ridentifier retrieval
@4(0) block drop in log inet all label "Default deny rule IPv4" ridentifier 1000105583
...
Rename 'tracker' to 'ridentifier'
FreeBSD has included our 'tracker' functionality, but calls it'ridentifier' instead. Change the rule generating code to cope withthat.
IPsec IKEv2 Retransmission options. Implements #12184
Revert "Certmanager mvc"
This reverts commit 033c3ae82d20ca5760ed483cf8d0c947764b2371
Certmanager mvc
Restore RRD and extra data on bsdinstall config.xml restore. Implements #12518
IPsec on backup CARP group validation. Fixes #12566
Add dynamic DNS service provider Name.com, closes #12567
SNMP IPv6 support. Implements #12325
Input validation to prevent removing a gateway if it is still in use by DNS servers. Fixes #8390
Backup and Restore SSH Host Key(s). Feature #11118
Static routes handling update. Fixes #11599 #11895 #7547
Update enableallowallwan to only include shaper.inc once.
Allow to select 3 (8s) NTP min poll value. Implements #9439
DNS check improvements for fw check and ACB. Fixes #12141
Use OpenVPN async client-connect, clear stale rules, add option to limit connections per user. Implements #12407 and #12332 and #12267
Port Forward checks for special interfaces and reflection type. Fixes #12452
NTP Peer mode. Implements #11496
Fix reservation on CE installs with a pool called 'zroot'.
pfSense-rc: Fix ZFS reservation
e804230c08 introduced an error when USE_ZFS is not set:
Starting syslog...done.[: : bad numberStarting CRON... done.
Fix it by only checking if variable is not empty
Add a ZFS reservation of 10%
Automatic outbound NAT for Reflection IPv6 support. Fixes #12500
Add Chelsio T6 CXGBE (cc) to ALTq capable list. Fixes #12499
Do not detach ng_ether from physical interfaces
There's no measurable performance impact1 of leaving an unused ng_ethernode attached to ethernet interfaces, so don't waste time trying toensure we only attach to interfaces where we expect to use netgraph....
IPsec SPD status updates. Implements #12397
Elliptic Curve 25519, 448 bit -> Elliptic Curve 448, 448 bit PH2 rename. Fixes #12350
Delete stale OpenVPN RADIUS ACL generated rules. Fixes #12481
DNS check optimization for NDP diag page. Fixes #11512
Fix OpenVPN status page halt function when client_id=0. Issue #12416
IPsec PC/SC daemon status / services page fix. Issue #12468
Remove stale captiveportal_online_users file on boot. Fixes #12455