Fix PHP error on 1:1 NAT w/if macros. Fixes #14845
kea: prevent configuring static reservations with both mac and cid matching
Refine IPsec P1 cert wildcard check. Fixes #14831
Introduce Kea DHCP
Use intval of portal voucher data. Fixes #14325
It was already tested to be numeric but this normalizes the result so itdoesn't have things like leading zeroes or trailing decimal points.
Avoid PHP err with missing P2 data. Fixes #14525
Use access functions to ensure we always have an array when expected inthis block of code.
Correct CE logo w/Compact-Red Theme. Fixes #14807
Doesn't affect Plus logo, only CE.
Fix submitted by James White via Redmine
Fix build time on sysinfo widget. Fixes #14791
While here, add a fallback method and error handling in case the file ismissing or invalid.
Pcap: Validate+Encode count & length. Fixes #14809
Cleanup some unused variables
Fixup some separator config access issues. Fixes #14794
Fix variable name typo. Fixes #14790
status.php: Fix error count. Fixes #14513
Make header before adding note at the bottom, otherwise error count isoff by one.
Correct PPP provider pre-fill. Fixes #14544
Add status output package plugin hook. Implements #14777
Improve error handling in status.php. Implements #14513
PHP updates in interfaces.inc. Implements #14790
Use full path to tail, sort output. Issue #14758
status_carp: use the new `pfctl -sc` command
Try alt. way of validating route GW fam. Fixes #8846
The when passed a gaetway name, the function won't see a gatewayfor a disabled interface as valid. Thus, since we have alreadycached the gateway info, try passing the GW address we havecached instead. This bypasses making the function look up gateways...
Only log radvd level err and higher by default. Fix #12938Previous behavior can be restored under System > Advanced > Networking
Automatically configure the state hash tables size. Implement #14750
Add unbound option sock-queue-timeout to the GUI. Implement #14731
Correct Mobile IPsec P2 PFS. Fixes #14736
Show outbound NAT pool options with subnet VIPs. Fix #14740
Show value of Speed Shift preference. Issue #14047
Adds the ability to display the underlying value of range (slider)controls, and activates this for the Speed Shift epp setting.
Intel Speed Shift support. Implements #14047
GUI controls only appear on hardware that supports Speed Shift.
Show IPsec P1 auth in list. Implements #14726
While here, pluralize "Mobile Client" label on mobile P1 since it'sinconsistent with other usages in the IPsec GUI.
Correctly shift separators when deleting a single rule above a separator. Fix #14691
Remove the original rule when chaning the rule's interface. Fix #14691
Refactor rule separators. Fix #14691
Fixup PPPoE server input validation. Fixes #13909
Correct PHP errors in CSRF Magic. Fixes #14394
Option to require if select before showing fw rules. Implements #13124
Originally submitted in PR 4582 by Chrisc-c-c at GitHub
Type column for Alias list. Implements #13245
While here, clean up some redundant/incorrect variable usage.
Adapted from PR 4592 submitted by luckman212 @ GitHub
Add a setting for PHP memory limit in System -> Advanced. Feature #13377
Add requested state to status_carp requests. Implements #13804
Pick crt mgr start by privs. Implements #14347
Check user privileges to determine where the menu entry for thecertificate manager should point. Users might have access to Certs orCRLs but not the other pages.
services_dhcp.php: fix pool address range validation
Improve dup action tests in group mgr. Fixes #14695
Cast to string before ctype_digit() testing. Fixes #14702
Avoid div by 0 in memory calculation. Issue #14648
Fix gateway widget tooltip 'default' text. Fixes #14542
Error on states with if and ruleid filters. Fixes #14399
Correct hwcrypto alg list in widget. Fixes #14417
Extend support for SCTP in firewall and NAT rules. Implement #14640
CARP status update. Issue #14348
Add description
Support specialnets in outbound NAT source/destination. Implement #3288Also, show an asterisk in place of 'Any' for the source,and avoid generating oNAT rules with invalid aliases.
Improve GUI cert digest help text
Instead of calling out one weak digest, mention the current bestpractice minimum and that others may fail for being too weak.
Also mention specifics about places which consider weak digests invalid.
Certificate digest strength changes
Part of ongoing changes for OpenSSL 3.x
Refactor outbound NAT target config fieldDon't keep a separate target field, and handlesome older configs on upgrade.
Revert "Refactor outbound NAT target config field"
This reverts commit 5557bc594916a5a6ff51ac8ed319a6ad436d3475.
Refactor outbound NAT target config fieldThere's no need to keep a separate target field,and now it's easier to implement #3288.
igmpproxy: Do not display an error when saving changes. Fixes #14301
Use pf macros for <interface> subnets. Fix #6799This changes the behavior of '<if> subnet' in generated firewall/NATrules. The previous behavior expands '<if> subnet' to a list of subnetsin PHP then generates filter rules with that list. Instead, create a pf...
Don't restrict the outbound NAT target listThe target_type list was changed in abc9d914 to restrict the displayedselection options depending on the interface. Now when the interfaceselection changes, the target type list is not dynamically updated. Hence,...
Change the default match for Port and MAC in the packet capture GUI. Implement #14650
Revert "services_dhcp_relay.php: introduce proper shortcut section for dhcrelay"
This reverts commit 834bb946dd952f1d7a59e131d6b265cc82b7837d.
Revert "services_dhcp.php: cleanup warning notice when DHCP relay is enabled"
This reverts commit 564905382d696ef80b45e7552f4fdc502a7d2053.
Revert "services_dhcp.php: just hide relay-enabled interfaces"
This reverts commit 7a1d5e27022fb7183e8a7b17b5514169cbd7ecc7.
Revert "dhcp: support simultaneous v4 dhcpd and dhcrelay, Implements #14620"
This reverts commit e9577ebfd7852646a66697a3bde41b712687a4ca.
Add Next Hop info to status output
Refactor translation target for outbound NAT
Refactor display of special networks
Allow use of interface groups in firewall rule source/destination fields. Implement #14448
Refactor usage of special networksPre-requisite for easier implementation of interface group in firewall rules.
Use the correct index when saving rule separators. Fix #14619Also fix displaying rule separators with an out of range index.
services_dhcp.php: just hide relay-enabled interfaces
Clarify IPsec Keep Alive description. Fix #12762
dhcp: support simultaneous v4 dhcpd and dhcrelay, Implements #14620
diag_edit.php Improvements. Fixes #7589
Fix Captive Portal view HTML link param. Fixes #14598
The way the code regex matches the parameter it needs the extra bit onthe end so it both matches the regex and gets the target parsed out.Also this makes it consistent with the other links in the section.
Add dynamic DNS support for Porkbun DNS, closes #14402
Signed-off-by: Nita Vesa <nita.vesa@elektrik.link>
services_dhcp_relay.php: introduce proper shortcut section for dhcrelay
services_dhcp.php: cleanup warning notice when DHCP relay is enabled
Don't fetch contents of nonexistent URL aliases. Fix #14574
Correct JS for bulk rule copy convertif. Fixes #14576
ipsec: correct typo in var name when modifying p1s
ipsec: refactor config access
Add page title to system_register.php. Fixes #14462
Improve GIF/GRE interface handling. Fixes #14549
Encode dynamic log if filter. Fixes #14548
Multiple issues with PPP providers. Fixes #14547
Tested with a variety of countries/providers/plans, output looks OK inall cases I've checked.
Add option to invalidate GUI login on IP address change. Implements #14265
firewall_rules.php: default to the first configured interface, Fixes #14345
Correct ambiguous Unbound TTL Host Cache descr text. Fixes #14358
Use the dynamic repos help text instead of the old 'custom' repo.
Fix a merge problem in the last commit to accommodate a small difference with Plus.
Add the dynamic repos support.
Load the repository settings dynamically from Netgate, allowing for moreflexibility and direct support to update for the Plus repositories.
Fix references to 'disable_carp' introduced in 62fb07c816. #2218
The original commit had some lingering references to a function 'disable_carp'that had been abandoned in favor of a single 'enable_carp' function with enablearg. This commit corrects these lingering references.
Fix PHP error from invalid IPsec P1 config. Fixes #14458
Switch to PHP 8.x friendly functions to access multi-level array partssince there is a chance they may be empty or partially defined in theencryption algorithm section.
OpenVPN CSO: Improve form field JS. Fixes #13088
Originally-From: PhilZ-cwm6 @ GitHub
Convert AJAX GET calls to POST
Correct alias bulk import regression. Fixes #14412
While here, ensure that a broken alias configuration does not cause PHPerrors which prevent users from using the GUI or console.
Add VLAN support validation for the Packet Capture interface. Fix #14376
Replace abbreviated links from System menu
Disable CARP until services have started and before shutdown/reboot. Fixes #2218
CARP has historically been enabled as part of interface bringup and sync setupfairly early in rc.bootup. This change intentionally shuts down CARP frominterface bringup all the way until services have been started to ensure that a...
Ensure RSS widget number values are treated as int. Fixes #14365
Remove unnecessary utf8_encode'ing to pfSense_kill_states arguments. Partial #9270
FW rule GW status popup improvements. Fixes #14327