function name hms -> dhms
to match edit to util.inc(cherry picked from commit c57e936a6596550619f7261e85b633ca5016cbf2)
Simplify convert_seconds_to_hms() and show days for large numbers of hours
1) Function can be simplified and all "if" statements removed, using intdiv (or casting result as int for PHP < 7) and % for calcs and sprintf for padding.2) Input validity check before trying to convert format...
Add "delete entry" for ARP table
Useful function in some circumstances - seems no reason not to have it.
Uses IP rather than hostname since not all ARP entries have hostnames.
Probably should also have "delete all" but not done that.(cherry picked from commit 6ea0d41e3c094a0977e7f0d022ec74276280b8ff)
Fix NTP PPS. It had 'None' option available on 2.2.x.
(cherry picked from commit ceabd66d57f7199602d3a23cb8a60080bcfa67ea)
Fix "Unable to remove NTP GPS from configuration"
https://forum.pfsense.org/index.php?topic=112771.msg627573(cherry picked from commit 55de528cbb177b4a1f40554ad1a567198bbeebb3)
redundant check - is_numericint() tests for >= 0(cherry picked from commit f208e9690e2ec4089cf3d3fe5f5f03fed5a36e6f)
Use global backup count instead of hardcoded value and remove redundant function(cherry picked from commit 01b5410ae8391998ba560d40f447c7f556472c5b)
fix logic and replace hard coded value by global
backups should be a numeric int.text hint for number of backups can now refer to the global value for this platform (and explains how to get that default, by leaving blank)(cherry picked from commit 16b17c15f9fc29e9480431b5bc7bebe2bd4b6230)
set default_config_backup_count based on platform
At the same time the platform is being detected for PHP/GUI purposes, set the default number of backups. Also handle the case where (for any reason) detection fails, which it shouldn't, so the variables are still created...
Give settings section a more helpful/standard title to match other GUI settings tabs(cherry picked from commit ca55edc39342865816feef390616be8b770c889b)
Self correcting - poor english(cherry picked from commit b56769c30a23af9f575ee4a5f056558ef8322f95)
Accuracy
Large keys are not "slower to use" in many cases, since they are only used to validate or set up a session. An ongoing session usually transfers to a symmetric algorithm once established, and the user won't notice the short extra delay in session startup....
missed a comment I added and shouldn't have - removed(cherry picked from commit 7c684f3b95f641134496bc1210cfb2d814468767)
Update OpenVPN Wizard to include missing key sizes
...and add some useful info to guide the user.(cherry picked from commit 49810252681df9bd553e2221c885ceffaa2c4c7f)
Add missing recommended key lengths to OpenVPN options
Add key lengths to the OpenVPN options, for asymmetric keys of size 3072 (for current use), 7680, 15360 (for long term resistance), 8192 and 16384 (common binary exponents).
These are both supported by OpenVPN anyhow, and for certain uses are currently recommended (eg long term resistance to replay/decryption). See keylength.com for citations....
Added option to System > General Setup > webConfigurator to change the title of the Help menu in the navbar to either the system hostname or fqdn.
(cherry picked from commit 1d12996755ee6fb9b9e163d292bdba160a926e64)
Make QinQ interfaces work again
(cherry picked from commit 1322ee22354f1a6e184819fb7009a2996b63de97)
Allow IGMP Proxy logging verbosity to be selected via system log settings (PR 2901)
(cherry picked from commit 2bd0585e30e5ec8fc3b79ca3f579bf9a7c1bcbc8)
adding privileges and separating DNS Resolver overrides from general settings
(cherry picked from commit fc76a1e390c8ce9579df31457c74d1d0e572b78d)
Force 4096 RSA keys
Add option `-b 4096` to force the keys to 4096-bit.
This parameter is ignored for Ed25519 keys.
(cherry picked from commit 971257cbdf687c79943237b6c2f5e37c596318af)
Harden sshd_config
The changes are better explained in the following article:
https://stribika.github.io/2015/01/04/secure-secure-shell.html(cherry picked from commit dca77360ffe868327d82c20834eceb1079d5823b)
Fixed #6504 by making table sortable
(cherry picked from commit 55f67b5abd9b809807e328477779d97120908273)
jQuery datepicker added to interfaces.php and interfaces_ppps_edit.php for setting custom expirey date
(cherry picked from commit d85d82b7686d5899948e6ec4b1587e74937820cf)
Fixed #6516 by replacing HTML5 datepicker with jQuery widget
(cherry picked from commit 53c38ff16c1eb8743e69d506f69167c88cf34910)
Merge pull request #3015 from marcelloc/patch-4
Only call interfaces_vips_configure once if it's needed, rather than doing the same thing over and over for every VIP on an interface. Ticket #6515
Fix style
require_once auth.inc in vpn.inc since it uses functions from there, though normal use of the system won't require that, those who run certain things manually/custom may require it
Fixed #6514 by requiring string starts with letter ot underscore
(cherry picked from commit f0a053846d6cde2724c47b5553e1395cfd21445c)
fix rowhelper select_source empty combo
while using $config['installedpackage']{['...'] as source
Only omit aggressive line from ipsec.conf where IKEv2. Ticket #6513
Create openssl.cnf symlink during boot
(cherry picked from commit 5051739d72d31f8bd250148dfa65213723275310)
Fixed #6498 by providing new address type argument to Form_IpAddress(). In this case it is specified as "V6".
Set kern.corefile, fixes #6510
Fix typo
Fix redundant phrasing.
Teach rc script to copy custom_logos over default one
Fix #6468 Do not allow edit of day and times
in rows of time ranges for a schedule.The code was always intended that the user uses the calendar pad and start hour/minute stop hour/minute drop-down fields to enter days and time range. If an existing day-time-range is wrong, then the workflow is to delete the row and then enter the correct day-time-range using the calendar pad and start hour/minute stop hour/minute drop-down fields....
Use escapeshellarg on shell calls in auth.inc. Ticket #6475
Validate submitted groups when editing a user. Ticket #6475
Add input validation to system_groupmanager.php to prevent invalid members from being submitted. Ticket #6475
Fix #6463 Dest net alias matching on page load
Do not set destination field to use customarrayNote: dstbeginport_cust does not exist on this page, so I got removed it here also to avoid future confusion.
Fix #6460 Interface mismatch apply changes button
Rework pkg_mgr_install.php:
- Stop using id parameter for additional packages, keep using it only for firmware upgrades- Created to control variables $completed and $confirmed to check all the stages and make it easy to understand what is happening- Stop using $pkgid and use $pkgname instead...
Implement pkg_valid_name()
Fix variable name s/POST/_POST/ and also parameter name s/complete/completed/
Fix indent
Improve readability
Simplify mode parameter validation
Remove redundant check since pkgcancel is never set
Validate mode parameter and use sanitized variable on other places
Set keepalive_timeout 0 where captive portal in use, and update otherwise to nginx's current default of 75. Ticket #6421
Fix save and reset buttons on status_lb_pool.php. Ticket #6254
Fix #6440 RADIUS issued IPs
This is a checkbox - the state in the config is stored as set or not set.This should fix the reported issue. I don;t have a system right now to test, but the bug seems obvious.
Allow - and _ in sysctl values. Ticket #6438
Don't override type so changing it is possible. Ticket #6439
Allow - in TFTP Server field. Ticket #6433
Link to correct schedule from firewall_rules.php. Ticket #6428
Use 0 here if specified. Ticket #6413
Fix this missed one.
(cherry picked from commit f42ef69ab518237260a2e129cbdf391549c003ad)
Firewall / Aliases / Edit - New URL Table Alias Type
Make the code cleaner and easier to follow by using the same alias type designations as config.
(cherry picked from commit ebe833f6a9463b0e4add1d97c360af4a682d1add)
Need to pass alias type to process_alias_urltable() function when creating a new url table alias because it is not yet set/available from config. So the alias_get_type() function can't be successfully used yet....
Fixed #6401
(cherry picked from commit fe68a6a2b28c897cb3a8f8fda452c25f649556f1)
Handle mode correctly with Auto IKE. Ticket #6360
Firewall / Rules / Edit - URL (IP) Alias
Make alias type URL (IP) available for selection in firewall rules.
Lower default LDAP timeout to 5 seconds. Idea from Sandeep1991 in PR 2971. Ticket #6367
Set request_terminate_timeout to the same as max_execution_time in case something executed externally doesn't respond, to avoid hanging up all of php-fpm eventually. Ticket #6318 among other similar potential issues.
Relax Suhosin to allow a 512M memory limit
Set PHP's memory limit to 512M on 64 bit. Ticket #6364
Fix #6381 ipv6nat_ipaddr
Fix quoting in diag_routes.php, see ticket #6371
Better fix for escaping in ticket #6371
Fix up diag_smart e-mail handling, and the backend config code was broken/making false assumption about the config file as well. Fixes #6371
Welcome 2.3.1-RELEASE
Miscellaneous Textual Corrections - System / Advanced / Firewall & NAT
Section panel header title.
(cherry picked from commit 5414794c12fbcd6455a48f81428e0457a9cf0c95)
Make limiters info box work same as By Interface
The info box displayed on Firewall->Shaper, By Interface come down the bottom with and info icon and can be shown/hidden by the user.The similar info box on Firewall->Shaper, Limiters sits in the main body with no info icon and cannot be shown/hidden, but can be dismissed....
Customize limiter info message
The $dn_default_shaper_msg is what is displayed on the Limiters tab. It needs to talk about "limiter" rather than "queue".This code builds up each message using the same base template sentences, inserting "queue" or "limiter" in the appropriate place....
Miscellaneous Textual Corrections - System / Advanced / Networking
(cherry picked from commit 542d14be063e0a90b9182ee3dac9dc3fdb52d04d)
Miscellaneous Textual Corrections - System / User Manager / Settings
(cherry picked from commit 850211423b3486353b2419b02211213196d8c36e)
Miscellanous Textual Corrections - Add missing dots, normalize case
(cherry picked from commit cb6c20a997eeb77b3529e157cd512fabb4ff69f0)
Sanitize notice output here as well. Ticket #6154
Correct force updates when chosen. Ticket #6359
Fix script name in error log
Fix misspellings.
Disable ipcomp regardless of config setting to avoid problem. Ticket #6167
Silence mwexec output. Now that the groupdel actually works, it spams the log when group isn't found. Ticket #6352
Make rule_columns_with_alias end params optional
Stops PHP warnings like reported in forum https://forum.pfsense.org/index.php?topic=111768.0
Unbound and dnsmasq can both be enabled so restart both if need be
Fix scope for IPv6 link local gateway IPs. Ticket #6353
Handle link local IPv6 gateways and default gateway switching correctly. Ticket #6258
Miscellaneous Textual Corrections - System Advanced
Miscellaneous Textual Corrections - Services NTP PPS
Don't start unbound in track6 config if system is booting. Add dnsmasq here as well. Based on PR 2943. Ticket #6186
Use -g with groupdel when passing a GID. Ticket #6352
Fixed #6349
Use proper IPsec enable test. Fixes #6351
Add alias display to target host and target port columns
(cherry picked from commit 474e70a2d178de50060c6e5f1114bb5b6963a6b6)
Add a safebelt to makesure $cpzone is always in lowercase. Ticket #6278
Fix #6278
$cpzone is always in lowercase, it's used as the array key used inconfig.xml. Use it in two cases where the $cp['zone'] was being wronglyused:
- To find out zoneid- To replace PORTAL_ACTION url