pfSense

The IPv6 packets are always blocked.

Ticket #6206

Fix a 'divide by zero' bug on shaper wizard when PRIQ is used and no bandwitdth is entered (the correct setting for a PRIQ scheduler).

Fixed #6893
Null configuration settings are now written as <tag></tag> instead of <tag /> for consistency

2.4.0 is now BETA

Fixed 6901

Store Dynamic DNS passwords in Base64 to protect special characters. Fixes #6688

Fixed #6898

So, PHP eats the last '\n' and we need an additional new line...

Fix the generated pf rules.

Fixed #6779
Round calculated bandwidth down to nearest integer

Correct part of #6779
Setting input "step" value to "any" alows hte element to accept decimal (float) values, not just integers.

Do not generate IPv6 rules when IPv6 is disabled.

Ticket #6206

Consider the IPv6 checksum options when dealing with "Disable hardware checksum offload".

Ticket #5321

Merge pull request #3164 from fredronnv/master

• 'master' of https://github.com/fredronnv/pfsense:
  Fix bug where CARP vip status is incorrent in the interface when more than one CARP vip is configured for an interface.

Merge pull request #3176 from stilez/patch-49

• 'patch-49' of https://github.com/stilez/pfsense:
  80 character lines ftw :)
  standardise old code ("or" -> "||")

Merge pull request #3199 from phil-davis/ipv6lower

• 'ipv6lower' of https://github.com/phil-davis/pfsense:
  Remove "use lowercase" hint
  Fix #6864 automatically convert IPv6 input to lowercase

Fix the port assigment on SG-4860 or SG-8860.

Fixed #6895
by setting overflow-x: visible; in CSS

Enable ALTQ for cxl. Fixes #6830

When deleting or disabling a non-dynamic gateway, if that gateway was set as default then remove the corresponding default route to respect the user's decision. Fixes #6659

Fixed #6811

Convert CloudFlare and GratisDNS dynamic DNS over to split hostname and domain name fields, like Namecheap. Otherwise they could both break with subdomains or international TLDs with many parts. Fixes #6778

Fixed #6753
Interface menu entries no longer sorted for consistency with other GUI instances

OpenBSD removed the pf FAQ page for shaping, so link to the proper page on archive.org since they offer no current equivalent and no other suitable replacement page is immediately available. Fixes #6781

Do not attempt to remove interfaces from CP zone, captiveportal_configure_zone() will take care of it

Check if pidfile is valid before try to send signal

Always create a pipe for each allowed MAC or IP

host_ips tables is not supposed to use pipes

80 character lines ftw :)

Just because it was asked nicely :)

Merge pull request #3201 from phil-davis/patch-3

dyndns: add header processing in curl

some dyndns implementations rely on the correct HTTP header being set. the information was lost and now fixed.

Merge pull request #3192 from PiBa-NL/xmlrpc-auth

Merge pull request #3200 from phil-davis/patch-2

Merge pull request #3197 from phil-davis/dhcp6

Merge pull request #3205 from phil-davis/patch-7

Make sure filterdns is disabled when CP zone is disabled

Fix the ipfw rule to use the table cp_ifaces and not the interface cp_ifaces.

Stop using -y on filterdns call

Rework captive portal to run with stock IPFW (round 1)

- Remove use of IPFW context
- Create a rule that will skip to proper rule for each cp zone
- Use new PHP module functions wherever is possible

REmove accidental text

Provide conrol on system.php to allow display of hostname on login banner

Added hostname to login page.
Option control required

Update the variable with the round() return otherwise it does not has any effect.

Found while testing Ticket #6272.

Fix #6872 CP bandwidth 0 is no valid

The front-end validation prevents zero from being entered. "Leave empty" is the way to specify no limit.

Improve IPv4 address validation for services_dhcp

The input pattern that goes with Form_IpAddress by default allows for IPv4 and IPv6 valid characters. The back-end validation here is checking for IPv4 addresses, so it seems reasonable that the front-end input pattern checks might as well be restricted to the IPv4 valid characters. Unneeded setPattern have also been removed....

Fix display advanced after input error for system_gateways_edit

Use case:
1) Edit a gateway that has no advanced settings (i.e. the Advanced section does not need to open on page load) - that works fine.
2) Modify the Gateway IP Address to something invalid like 1:2::z...

Fix is_macaddr().

Hexadecimal numbers without the '0' padding are also valid, e.g:

a:b:c:d:e:f

Remove "use lowercase" hint

As it is no longer relevant, because the code now automatically converts
to lowercase.

Fix #6864 automatically convert IPv6 input to lowercase

1) As the user leaves the field, or presses Save, onChange will fire and
convert the input string to lowercase. This saves the user havng to even
think about it.
2) Provide some extra text that describes the expected format, to avoid...

Better handle no dhcpv6 leases file

Fix #6828

Until 2.3.x pfSense carried a patch that changed the behavior of 'route
change' command, making it add the route when it fails to change.
On 2.4 this patch was removed and will not be added back. This change
adjust PHP code to deal with route add / change and make it work...

xmlrpc, use authentication through the basic auth header instead of extra user/pass parameters

Make setup_serial_port() write config files safely

This function used to replace /boot.conf, /boot/loader.conf and
/etc/ttys on every call. Depending of the moment a power failure
happens, any of these files can be blank and it'll break console setup
on next boot....

Change safe_write_file $content parameter to accept an array

Make $force_binary parameter optional, default to false

Prevent /etc/ttys to miss essential lines

We do not create /etc/ttys from scratch but we change it on every boot.
If original file is corrupted for some reason we can end up with a file
missing essential lines. Added a check to verify if these lines are
missing and add them back in this case

Fix up help text on outbound NAT.

Clarify source port warning when editing a firewall rule.

In the setup wizard, do not change the DHCP range if it is already set inside the new subnet. Otherwise it will overwrite a range set manually from the DHCP settings or the console when the wizard is run later. Fixes #4820

Merge pull request #3190 from phil-davis/dhcpv6

Add extra validations on is_inrange_v⁴⁶

Verify if addresses are valid IP address before convert them to make
numeric comparison.

While here, adjust indent.

Inspired by: @phil-davis patch at PR #3189

Replace underscore with hyphen in option names

Thanks Jorge

(cherry picked from commit 30786a9d2486d88cb92cbb0ecb10586b39c32c65)

Merge pull request #3186 from phil-davis/unlink_if_exists

Restore accidentally removed block

On dc61252ae the code used to restore dhcp6 leases when platform was
nanobsd was removed, but this code is supposed to run on full install
when it's configured to use MFS /tmp. Restored it, adjusting indent,
and add the correct conditional to run on MFS /tmp...

Merge pull request #3180 from valneacsu/fix_wifi_1st_VAP_params

DHCPV6 only check VIPs in range if range valid

If the user has input invalid values into range from and to, then there
is no point checking any IPv6 VIPs to see if they fall in the range.
None of them would be "in range" because the specified range is not even...

Make unlink_if_exists return true/false

This allows the caller to do a single "atomic" call to unlink_if_exists.
If it returns true, then they know that the file existed and that it has
been unlinked successfully.
This should help avoid race conditions where multiple code paths try...

Remove commented code

Update pot

Deprecate nanobsd platform and remove all conditionals that uses it

Retire rc.nanobsd_switch_boot_slice

Define a single value for 'default_config_backup_count'

Remove unused global var 'hidebackupbeforeupgrade'

Remove all calls to conf_mount_r* functions

Retire restart_httpd.php

Retire cdrom platform support

Remove unused global config item 'update_manifest'

Remove hideplatform global config and all uses of it

Remove unused global item 'nopkg_platform'

Retire refcount functions. They are not used anymore

Retire diag_nanobsd.php

Obsolete conf_mount_ro() and conf_mount_rw()

Now that nanobsd is gone these functions are not necessary anymore.
Keep them around until all calls are cleaned up

Merge pull request #3151 from EdHurtig/eng/6806

Merge pull request #3154 from PiBa-NL/filenoticeBR

Simplify tcsh prompt and respect default terminal colors

Merge pull request #3140 from stilez/patch-39

Merge pull request #3156 from stilez/patch-43

Report quantity of files being installed by minimal and diff options.

Also consolidate some unset commands.

(cherry picked from commit 32912ae833a016784cbb4813c45960cefc2d896b)

Support minimal and diff options combo rather than diff superseding minimal (sync both updated and diff files).

Break verbose option in two for showing files and/or constructed command. (--show_files, --show_command)
Don't save new commit ID if dry run. (--dry-run)...

Merge pull request #3169 from valneacsu/fix_wifi_channel_change

Merge pull request #3171 from phroggster/patch-2

Merge pull request #3177 from brunostein/fix_authmode_translated

Merge pull request #3179 from valneacsu/fix_wifi_settings_overwrite

Improve gwlb.inc notification mechanisms

1) Unlink earlier to reduce the chances of any concurrency issues;
2) Translate and improve output of available notification;
3) While I'm here, fix whitespace and improve PHP syntax.

Adjust parsing of OpenVPN ciphers to new output format. Fixes #6849

Create pkg.conf with ABI settings

Bring up the wifi interface only after setting up all the other arguments. This prevents issues when using VAPs.

Latest nginx requires /var/log/nginx/ to exist, so for users with /var in RAM it needs created.

Move pfSense-upgrade to FreeBSD-ports

Merge pull request #3141 from PiBa-NL/xmlrpc_seturl

XMLRPC, xmlrpc_client, add new scheme parameter in setConnectionData(syncip,port,user,pass,schema), for use by packages that sync to custom locations, set public/private on all functions