Use global backup count instead of hardcoded value and remove redundant function(cherry picked from commit 01b5410ae8391998ba560d40f447c7f556472c5b)
fix logic and replace hard coded value by global
backups should be a numeric int.text hint for number of backups can now refer to the global value for this platform (and explains how to get that default, by leaving blank)(cherry picked from commit 16b17c15f9fc29e9480431b5bc7bebe2bd4b6230)
set default_config_backup_count based on platform
At the same time the platform is being detected for PHP/GUI purposes, set the default number of backups. Also handle the case where (for any reason) detection fails, which it shouldn't, so the variables are still created...
Give settings section a more helpful/standard title to match other GUI settings tabs(cherry picked from commit ca55edc39342865816feef390616be8b770c889b)
Self correcting - poor english(cherry picked from commit b56769c30a23af9f575ee4a5f056558ef8322f95)
Accuracy
Large keys are not "slower to use" in many cases, since they are only used to validate or set up a session. An ongoing session usually transfers to a symmetric algorithm once established, and the user won't notice the short extra delay in session startup....
missed a comment I added and shouldn't have - removed(cherry picked from commit 7c684f3b95f641134496bc1210cfb2d814468767)
Update OpenVPN Wizard to include missing key sizes
...and add some useful info to guide the user.(cherry picked from commit 49810252681df9bd553e2221c885ceffaa2c4c7f)
Add missing recommended key lengths to OpenVPN options
Add key lengths to the OpenVPN options, for asymmetric keys of size 3072 (for current use), 7680, 15360 (for long term resistance), 8192 and 16384 (common binary exponents).
These are both supported by OpenVPN anyhow, and for certain uses are currently recommended (eg long term resistance to replay/decryption). See keylength.com for citations....
Added option to System > General Setup > webConfigurator to change the title of the Help menu in the navbar to either the system hostname or fqdn.
(cherry picked from commit 1d12996755ee6fb9b9e163d292bdba160a926e64)
Make QinQ interfaces work again
(cherry picked from commit 1322ee22354f1a6e184819fb7009a2996b63de97)
Allow IGMP Proxy logging verbosity to be selected via system log settings (PR 2901)
(cherry picked from commit 2bd0585e30e5ec8fc3b79ca3f579bf9a7c1bcbc8)
adding privileges and separating DNS Resolver overrides from general settings
(cherry picked from commit fc76a1e390c8ce9579df31457c74d1d0e572b78d)
Force 4096 RSA keys
Add option `-b 4096` to force the keys to 4096-bit.
This parameter is ignored for Ed25519 keys.
(cherry picked from commit 971257cbdf687c79943237b6c2f5e37c596318af)
Harden sshd_config
The changes are better explained in the following article:
https://stribika.github.io/2015/01/04/secure-secure-shell.html(cherry picked from commit dca77360ffe868327d82c20834eceb1079d5823b)
Fixed #6504 by making table sortable
(cherry picked from commit 55f67b5abd9b809807e328477779d97120908273)
jQuery datepicker added to interfaces.php and interfaces_ppps_edit.php for setting custom expirey date
(cherry picked from commit d85d82b7686d5899948e6ec4b1587e74937820cf)
Fixed #6516 by replacing HTML5 datepicker with jQuery widget
(cherry picked from commit 53c38ff16c1eb8743e69d506f69167c88cf34910)
fix rowhelper select_source empty combo
while using $config['installedpackage']{['...'] as source
Only call interfaces_vips_configure once if it's needed, rather than doing the same thing over and over for every VIP on an interface. Ticket #6515
update d3.js
update nvd3 files
Fix style
require_once auth.inc in vpn.inc since it uses functions from there, though normal use of the system won't require that, those who run certain things manually/custom may require it
Fixed #6514 by requiring string starts with letter ot underscore
(cherry picked from commit f0a053846d6cde2724c47b5553e1395cfd21445c)
Only omit aggressive line from ipsec.conf where IKEv2. Ticket #6513
Fixed #6498 by providing new address type argument to Form_IpAddress(). In this case it is specified as "V6".
(cherry picked from commit 3e4adb7139b4cddbb06a2aba7e0727d1762b35ee)
Incorporated ssl changes
Set kern.corefile, fixes #6510
Fix typo
Fix redundant phrasing.
Teach rc script to copy custom_logos over default one
Remove tab_array from interfaces_groups_edit.php to be consistent with other *_edit files
Correct value for 9600. Ticket #6416
Fix #6468 Do not allow edit of day and times
in rows of time ranges for a schedule.The code was always intended that the user uses the calendar pad and start hour/minute stop hour/minute drop-down fields to enter days and time range. If an existing day-time-range is wrong, then the workflow is to delete the row and then enter the correct day-time-range using the calendar pad and start hour/minute stop hour/minute drop-down fields....
Use escapeshellarg on shell calls in auth.inc. Ticket #6475
Validate submitted groups when editing a user. Ticket #6475
Add input validation to system_groupmanager.php to prevent invalid members from being submitted. Ticket #6475
Fix #6463 Dest net alias matching on page load
Do not set destination field to use customarrayNote: dstbeginport_cust does not exist on this page, so I got removed it here also to avoid future confusion.
Add resetwebgui to developer shell
This might be helpful to people if they have set the theme to somethingthat they are having trouble displaying, reading... or enabled somewidget that is not good or...It allows them to get back to a known-working dashboard state, from...
Fix #6460 Interface mismatch apply changes button
Rework pkg_mgr_install.php:
- Stop using id parameter for additional packages, keep using it only for firmware upgrades- Created to control variables $completed and $confirmed to check all the stages and make it easy to understand what is happening- Stop using $pkgid and use $pkgname instead...
Implement pkg_valid_name()
Fix variable name s/POST/_POST/ and also parameter name s/complete/completed/
Fix indent
Improve readability
Simplify mode parameter validation
Remove redundant check since pkgcancel is never set
Validate mode parameter and use sanitized variable on other places
This needs a newline
Set keepalive_timeout 0 where captive portal in use, and update otherwise to nginx's current default of 75. Ticket #6421
Fix save and reset buttons on status_lb_pool.php. Ticket #6254
Fix #6440 RADIUS issued IPs
This is a checkbox - the state in the config is stored as set or not set.This should fix the reported issue. I don;t have a system right now to test, but the bug seems obvious.
Allow - and _ in sysctl values. Ticket #6438
Don't override type so changing it is possible. Ticket #6439
Allow - in TFTP Server field. Ticket #6433
Comment typos
I can't resist fixing them when I see them.
Mask a few more sensitive bits of data in the status.php config.
Add a check to see if the file exists before running filesize on it, to avoid PHP error.
Link to correct schedule from firewall_rules.php. Ticket #6428
Do not call gettext() for the string used to match the place in file to start rewriting it
Use 0 here if specified. Ticket #6413
Fix this missed one.
(cherry picked from commit f42ef69ab518237260a2e129cbdf391549c003ad)
Firewall / Aliases / Edit - New URL Table Alias Type
Make the code cleaner and easier to follow by using the same alias type designations as config.
(cherry picked from commit ebe833f6a9463b0e4add1d97c360af4a682d1add)
Need to pass alias type to process_alias_urltable() function when creating a new url table alias because it is not yet set/available from config. So the alias_get_type() function can't be successfully used yet....
Fixed #6401
(cherry picked from commit fe68a6a2b28c897cb3a8f8fda452c25f649556f1)
Handle mode correctly with Auto IKE. Ticket #6360
Firewall / Rules / Edit - URL (IP) Alias
Make alias type URL (IP) available for selection in firewall rules.
Lower default LDAP timeout to 5 seconds. Idea from Sandeep1991 in PR 2971. Ticket #6367
Set request_terminate_timeout to the same as max_execution_time in case something executed externally doesn't respond, to avoid hanging up all of php-fpm eventually. Ticket #6318 among other similar potential issues.
Relax Suhosin to allow a 512M memory limit
Set PHP's memory limit to 512M on 64 bit. Ticket #6364
Changed element type from date to text. Date inputs are not yet handled consistently accross different browsers :(
(cherry picked from commit d78dbc34299652c637c77684b7848191c510f9f0)
Miscellaneous Textual Correction - System / Advanced / Networking
Use apostrophe instead of quote.
(cherry picked from commit d3706c81f7f77d21635c335d19e6626a4f7b568b)
URL Table (Ports) File Comments
Fix for Bug #6395 that keeps full line comments of the downloaded file but strips them for the pf rules load.
(cherry picked from commit e7e1e514607e7b017e5407326cfd7ddb439963d0)
Fix #6381 ipv6nat_ipaddr(cherry picked from commit f489cfdbd4705578ee290b9df5bafe86efddbca8)
Fix quoting in diag_routes.php, see ticket #6371
Better fix for escaping in ticket #6371
Revert "Status / Services - Status Indicator"
This reverts commit 5260817282c47a208be6daf683db0157544b2d08.
Remove calls which rely in uninitizalized vars
After analyzing implementations in RELENG_2_1 and RELENG_2_2, this code seems to be a left over after code rewrite
Also remove a trailing space from comment
(cherry picked from commit 0120cad84ea4dddd0c1501ecb41f2a082ea1e7d9)
Add freeDNS v6 support
FreeDNS IPv6 support confirmed working using same method as v4 with v6 source address. Simple second service with _useIPv6(cherry picked from commit ac16181a2cfefec293e0562a7bfe8e2f7140e191)
Add menu item for freeDNS v6(cherry picked from commit d102e2d5d3f238fa4f35a1d935366a2e6153804e)
Status / Interfaces - DNS Servers
The DNS servers are not necessarily ISP provided.
(cherry picked from commit 78869d5e82f149ad5bfb1e1d97d958d0bf1d0d54)
Status / Services - Status Indicator
Use font awesome icons instead of text.Universal recognition eliminates need of text translation.
(cherry picked from commit e7161dc3b62b306b57c8d094f93c2ec08c9e0af2)
Removed global variables used on the version 2.2
(cherry picked from commit d4af7f9e4a332278a80ba2a9c56df2064dc579d9)
Add the function gettext
(cherry picked from commit 8d0b16a11c6a2a61fe51507a9b43b3bcad3aab80)
Fix Captive Portal's MACs icons
Standardize pass/block icons with the rest of the system
(cherry picked from commit 96abde901f0c4e81d4cac0acd2361267e6ef1b0c)
Fix closing `tbody` tag in Captive Portal's MACs
(cherry picked from commit 22b50541377ec212d71e0686a0b6a20149b23a7c)
Fixed #6872 Restored missing proxy port setting
Reduce maximum length of string to gettext()
This limit is set at 4096 on PHP 5.6: http://lxr.php.net/xref/PHP_5_6/ext/gettext/gettext.c#139
Bug report on forum: https://forum.pfsense.org/index.php?topic=110088.0
(cherry picked from commit 95f46512d9410b38b23d7778cec0bf8610e448cf)
Fix up diag_smart e-mail handling, and the backend config code was broken/making false assumption about the config file as well. Fixes #6371
Update pfSense.pot
Initialize output var in firewall_shaper_queues
To clear any previous use of the var elsewhere in included files.Forum: https://forum.pfsense.org/index.php?topic=111852.0(cherry picked from commit 49701df38e6c5b70526c2d436fcb4cfbb1310ae4)
Bump version to 2.3.2-DEVELOPMENT
Miscellaneous Textual Corrections - System / Advanced / Firewall & NAT
Section panel header title.
(cherry picked from commit 5414794c12fbcd6455a48f81428e0457a9cf0c95)
Make limiters info box work same as By Interface
The info box displayed on Firewall->Shaper, By Interface come down the bottom with and info icon and can be shown/hidden by the user.The similar info box on Firewall->Shaper, Limiters sits in the main body with no info icon and cannot be shown/hidden, but can be dismissed....
Customize limiter info message
The $dn_default_shaper_msg is what is displayed on the Limiters tab. It needs to talk about "limiter" rather than "queue".This code builds up each message using the same base template sentences, inserting "queue" or "limiter" in the appropriate place....
Miscellaneous Textual Corrections - System / Advanced / Networking
(cherry picked from commit 542d14be063e0a90b9182ee3dac9dc3fdb52d04d)