pfSense

Allow URLs for TFTP Server (Bug #6634)

is_URL() from util.inc is way too limited for this purpose.
(cherry picked from commit 8ff248d6a3f31dba42c4c64b5290928030faad4a)

Typo fix
(cherry picked from commit 4b79a9d443c4e16d6ffa304775aec79938d2988c)

Allow URLs for TFTP Server (Bug #6634)

is_URL() from util.inc is way too limited for this purpose.
(cherry picked from commit 483816313924f87707bca0aa983c73064bd52371)

Fix a redundant HTTP "User-Agent" string.

CURLOPT_USERAGENT expect the value to the user-agent string, not the entire key-value pair.
Before this fix, HTTP header "User-Agent: User-Agent: phpDynDNS/0.7" was sent for DDNS updates.
NGINX configuration at GratisDNS will not accept a user-agent formatted in the above way....

Merge pull request #3066 from phil-davis/notifychannelupdown

Merge pull request #3065 from phil-davis/radius-openvpn

services_dhcp: Ignore BOOTP queries

BOOTP leases do not have a maximum lease time by default, this could
potentially lead to a DHCP address pool exhaustion.

This commit adds an option to ignore BOOTP queries.

Redmine #4351

(cherry picked from commit 6d53301b1f612ff3e0490abbb46b53c50193b80b)

Add a field to CA/Cert pages for OU, which is required by some external CAs and users. Fixes #6672

Display local DHCP lease times in 24-hour clock

It seems odd to me that when the times are displayed in UTC they have
24-hour clock, but when displayed in local time they are formatted with
12-our clock and AM/PM.
24-hour format takes less screen space, and I would have thought that...

Update firewall rules separators when NAT associated rule is deleted.

Bug: https://redmine.pfsense.org/issues/6676
(cherry picked from commit 7475d7b337c0a08dc4d6636f33b0998067f26008)

Save widget settings per user

For users that have "custom settings" enabled, save the "tool" settings
of their widgets on a per-user basis.
User that do not have "custom settings" enabled will continue to use and
save widget settings to/from the system-wide settings....

Some tweaks to improve alignment in table with checkbox

1) If a checkbox does not have a description (even if it is empty), layout will be broken as checkbox won't be aligned correctly

2) UPnP checkbox looks better with description instead of help

This commit fixes the two issues...

Remove defunct link to the devwiki site. Everything is on doc.pfsense.org now.

Fix typo, LT2P->L2TP

Fixed #6669
Read widget config before adding a new one. (Was starting a new array)

(cherry picked from commit 236e6a54e9a93284ca170b68aa1188dfaa195c3d)

Merge pull request #3074 from phil-davis/gwredir

dpinger: fixed check for pidfile length #6505

(cherry picked from commit 4aaf38742563c427b42a813387d84246ff20a2f2)

replace attribute 'name' to 'id' in openvpn status

(cherry picked from commit 5a5a11cd489bbf15e868c1607c74824c128d693f)

Merge pull request #3073 from phil-davis/certs

Merge pull request #3070 from phil-davis/input_errors2Ajax

Merge pull request #3069 from phil-davis/LAGG-MTU

Merge pull request #3068 from phil-davis/subnet_size

Merge pull request #3067 from phil-davis/useallcerts

Merge pull request #3064 from phil-davis/cloudflare

Merge pull request #3063 from phil-davis/dhcpinitbeforera3055_23

Some small improvements to OpenVPN server handling when using CARP VIPs in Gateway Groups. Might help with issue #6607

experiment with tighter styling

Fixes #6601 clean up installed packages html

clean up Installed Packages widget by removing category

Increase filtering tail limit for logging, fixes #6652

Whitespace fixes

Fix redmine #6640 DHCPv6 server time format

The original code here ended up always applying the time zone offset once, and if you had set dhcpv6leaseinlocaltime then it got applied twice, so Sydney at UTC+10:00 would show UTC+20:00 and presumably somewhere at UTC-04:00 would show UTC-08:00...

Remove '-x' flag from dhcpwithoutra launch of dhcp6c

This is the equivalent fix for the RELENG_2_3 branch to pull request #3078

Section title was wrong, discovered by mfine

Backport openvpn_add_dhcpopts already sets redirect-gateway

Ticket 6633
Original commit to master was
https://github.com/pfsense/pfsense/commit/f8038899f250c656b1ef03fe351fb9cfdadeaf0c
Adding this PR for completeness so that this is visible as something
that can be back-ported to RELENG_2_3

Backport Add missing recommended key lengths/digest to Cert system

Original pull request to master was #2944

Backport Remove input_errors2Ajax calls

Original commit to master was

https://github.com/pfsense/pfsense/commit/86d431a89d920f64dda5e7e1821f720daf6e067b

Backport Fix issue with QinQ on LAGG interfaces where MTU doesn't apply to parent

Original pull request to master was #2905

Backport simplify subnet_size()

Original pull request to master was #3007

Backport Use all certificates in the chain when creating the ca-file for server-side OpenVPN configuration

Original pull request to master was #2966

Backport notify by email and in syslog when a channel goes up or down

Original pull request to master was #2847

Backport Radius auth server to detect openVPN

Original pull request to master was #3057

Backport IPv6 support for CloudFlare

Original code for master in pull request #3061

Backport DHCP6 init before RA

Original PR to master was #3055

Move RELENG_2_3 to 2.3.3-DEVELOPMENT and point stable to 2.3.2

Set HTTP_PROXY to empty as recommended at https://httpoxy.org/#fix-now

Allow section header to be omitted by specifying "NOTITLE" as the section title.

(cherry picked from commit 9ce54773be5e02235e3be7d2b970f61fbb27ba86)

Show "cannot delete alias" message as error

If I try to delete an alias that is in use, the "cannot delete alias" message was being displayed as the "success" color.
(cherry picked from commit 04b571e836077c436d109d982be5a8e710ff8aab)

Allow AES-GCM for P1 where using IKEv2. Ticket #5990

Clarify that HMAC-MD5 key is required. Ticket #6622

Fix "http://pf.sense/UNKNOWN" links in Pkg Manager

I noticed recently that many packages do not have the 'www' field in the database filled, or have it set to UNKNOWN The way the table is built, this causes bad links to be generated pointing to e.g. http://pf.sense/UNKNOWN. This patch fixes it, causing only packages with actual links to get the <a> tag.

fix typo

Fix xml syntax after license update

(cherry picked from commit f7057140af3a98af925f76b6b0bb544dc7bfc418)

Make a function to resync all OpenVPN CSCs and use it when saving an OpenVPN server. Fixes #6139

dse was under contract with BSDP for all the work he did, we own (c)

Review license / copyright on all files (final round)

Set dhcp-cache-threshold to 0 to avoid a bug in dhcpd 4.3.x where it omits client-hostname where the cache threshold is reached. Ticket #6589

Bring back the "set iface route default" used in 2.2.6 and earlier versions, which works around the root problem in Ticket #6495

Fix #6613 Do not show Aply Changes button when Save needed

I got a bit carried away in the fix for #6460 https://github.com/pfsense/pfsense/commit/21c18c3df11547aba172c10f95872dbd8682f7d9
The message here at line 507 should not actually show the Apply Changes button. At this point the user needs to adjust the assigned interfaces and save. Then after saving an Apply Changes button can be used to implement the saved changes.

Review license / copyright on all files (1st round)

Retire deactivated widgets

chmod 0644 php web pages

Retire copyright-master.txt

chmod 0644 php web pages

Retire /usr/local/bin/slowdownpipe.sh

Ignore cp result for cases when files are the same. Ticket #6557

Fix #6050 DHCP - provide Network Booting display/hide advanced button

This one moves the "Network Booting" above the "Additional BOOTP/DHCP Options". That allows "Network Booting" to be a Display/Hide Advanced group of buttons just like TFTP, LDAP etc. (without a special section header) and for "Additional BOOTP/DHCP Options" to come last on the page....

simplify DHCP_Config_Option_Split, no loop needed for returning option array

(cherry picked from commit 264ca54e406eee7c01b01f748aabd4a29e9c4872)

Allow passing comma in string quoted DHCP client options

(cherry picked from commit 332a64d0c8a6486d40c6295351ca3068a77a216a)

style sortable tables

clean up captive poral widget

change order of css files in head element

write_config before openvpn_resync here as well. Ticket #6139

Add upgrade code to clean up the old GRE/GIF flags that are no longer used. Ticket #6586 and Ticket #6587

Align GIF link options with those currently supported by the base OS. Ticket #6587

Remove GRE link flag options from GUI/backend. Keep link1 as it was also used to add an explicit static route, though the GUI previous GUI option name wasn't related to that at all. Updated GUI description to match reality. Ticket #6586

write_config before calling openvpn_resync. Ticket #6319

Fix firewall rules for PPPoE server

1) PPPoE Clients are located within 'Remote Address Range' (sa) and not Server Address (ip), see lines 1194 and 1195. 2) Interfaces for floating rules were not being correctly added due to a bug on interface detection caused by PPPoE differences....

Properly follow style guidelines.

Include ignored DHCP server(s) config option even when advanced DHCP config is enabled

fix typo. noticed-by: phil.davis

set net.isr.dispatch instead since net.inet.ipsec.directdispatch no longer exists. Ticket #4754

Add config option for AdvDefaultLifetime, clean up descriptions on other. Ticket #6533

Add configuration for Min and MaxRtrAdvInterval. Ticket #6533

Fix #6590 NTPd Leapfile Upload

Leave this to 2.4 only for now. Revert "Omit non-qualified hostnames from unbound's local-data. Ticket #6064"

This reverts commit cde0ef17a60cffa4a54f3ab4922b77bc0447d068.

Omit non-qualified hostnames from unbound's local-data. Ticket #6064

Call filter_configure in rc.linkup. Ticket #6297

Verify a valid IPv6 subnet is going to be used before including in radvd's config. Ticket #6581

Missing closing quote

Create /var/run/dmesg.boot symlink for vm-bhyve (Feature #6573)

See https://redmine.pfsense.org/issues/6573

Fix indent and spaces

Remove stray '

Fix #6582 Allow import of ports

This change does:
1) Allow bulk import of a port alias. That happens when the Import
button is pressed from the Ports tab of the firewall_aliases screen.
2) Allow bulk import of an IP alias, automatically determine if the
imported data fits a host or network alias type. That happens when the...

Improve patterns to read dhcpd6.leases to prevent leases containing '}' in ia-na line not showing up. It fixes #6543

Fix #6585 Do not use [] syntax for lookups

IPv6 address plus port is displayed with the format [1:2::3]:80 - the address is in square brackets followed by colon and the port number. This is necessary to disambiguate the port from the address, a good thing. But it messes up the use of the IPv6 address for reverse lookup....

Show "cannot delete alias" message as error

If I try to delete an alias that is in use, the "cannot delete alias" message was being displayed as the "success" color.
(cherry picked from commit 04b571e836077c436d109d982be5a8e710ff8aab)

Do not check platform to decide if enableserial and primaryconsole fields will be hidden, global parameters are the rule to decide it. Fixes #6291

Fix PTR lookups on diag_dns.php. Ticket #6561

Change group labels s/MAC controls/MAC Address/