Consider the linklocal_fallback value when checking the interface cache
This is needed to make sure that callers to find_interface_ipv6() usingdifferent linklocal_fallback values receive the correct data.
Followup to ec7c1879da64f8a39e4aa8103c351768118af03d...
Add the swap partition created by growfs to the system fstab.
Fixes the missing swap partition with the emmc-serial images.
Ticket: #10888
Allow renaming when duplicating a gateway. Fix #16036
Fix condition check in get_interface_addresses()
Followup to ec7c1879da64f8a39e4aa8103c351768118af03d
kea: Introduce kea-specific UI and config for DHCP-PD
Don't include LL addresses by default in get_interface_addresses()
- Update get_interface_addresses() to make including the IPv6 LL address optional. It defaults to the function's previous behavior.- Update find_interface_ipv6() to pass the $linklocal_fallback preference...
unbound: filter link-local addrs from host_entries.conf. Fixes #16035
Fix regression with IPv6 LL addresses
- Update does_vip_exist() to correctly compare LL VIPs that include the interface in the address (e.g. '%lo0').- Return the previous find_interface_ipv6_ll() behavior of including the the interface in the LL address....
Bump config version
Include Captive Portal zone description in messages
Remove the old Captive Portal configuration 'zone'
Consolidate Captive Portal zone name references from config
This change updates the code which uses the "captiveportal/<zone>/zone" path to instead use "captiveportal/<zone>". The latter path is chosensince most code that references the name uses this path and has the least...
Include all IPv6 address flags in get_interface_addresses()
Select an interface IPv6 address based on priority
pfSense_getall_interface_addresses() is deprecated
Use pfSense_get_ifaddrs() instead which now includes LL addresses.
Modernize this check as using x-prefix is not needed any longer
Config access regression when installing cron jobs with RAM disks
Respect binding to IPv6 when updating AAAA records using RFC2136. Fix #16028
- Move the "local" nsupdate configuration line condition so that it is set when "recordtype" is AAAA.- Don't clobber the "$if" variable with the loop since it's also used later with "get_interface_ipv6($if)"; this fixes the IPv6 status....
Respect address family for RFC2136 when calling dyndnsCheckIP()
The "usepublicip" option is only used for IPv4.
Fix RFC2136 status info
- Use the correct variable name- Remove the duplicate IPv6 file check
ppp-ipv6: Fix indent
Fix ACB syntax error w/o password. Issue #16013
Do not use the lua script on armv7, it is not supported.
Fixes the warnings at boot.
ACB Device Key Changes + General Refresh
- Changed default method of device key generation. Implements #16016- Added mechanism to change the device key. Implements #16015- Added download function for device key(s). Implements #16015- Fixed detection of changes since previous backup to skip redundant...
Bump up Composer dependencies to latest major versionsand fix some fallout
Improve NAT64 input validation
NAT64 rules do not currently support route-to.
Handle potential errors with Net_IPv6::checkIPv6. Fix #16005
Don't process empty filter rules from packages
Packages may insert their own filter rules via a function referenced inthe package xml element "filter_rules_needed". Don't assume that ruleswill be returned and instead skip trying to process empty rules.
Fix typo in function name on log error message
Style fixes
QNAME minimization default has changed. Fix #15925
Only check for limiter name conflicts if the name changed. Fix #15990
While here, rename the variable $queue to $subqueue for clarity.
Fix PHP error in Firewall log settings. Fixes #15988
Remove debug print from issue #15874
Check value when setting config root
$value should always be an array when setting the configuration root.
Typo: Additional error handling for invalid cert config. Fix #15975
Fix toggleNATrule() always returning 'enabled' for a single rule
When toggleNATrule() was modified to accept a list of NAT rules, the defaultcase for a single 'id' in the postdata was broken by building a rule map of {id=> id}, and attempting later to index that map with id 0. If the rule being...
PREF64 support. Implement #15808
Allow up to 4 RDNSS addresses
Additional error handling for invalid cert config. Fix #15975
Don't override the button text color in disabled rows. Fix #15977
Bump up the year in the Copyright notice.
Don't translate the change description. Fix #15911
Revert to the previous behavior of not translating change descriptions.
Skip loading widgets that are not on the dashboard
Part of https://redmine.pfsense.org/issues/15969
Don't try getting interface config without an interface. Fix #15961
Link to release info on the update page. Implement #15953
Use posted config when checking for duplicates. Fix #15598
The duplicate check for remote IPsec P1 entries should be done againstthe posted config instead of the saved config.
Improve the logging on get_sysctl().
Also take into account the sysctl(8) return code when checking for errors.
This is not yet a fix, but the log output is going to help with the fix.
Ticket: #14648
Fix limiter input validation
- Fix adding new limiter pipes, followup Fix #13158- Handle limiters named "new". Fix #13687- Correctly detect limiter name conflicts. Fix #15914
Ensure consistent results between the DDNS page and widget
Use the same IPv6 DDNS logic in the DDNS widget.
Remove redundant calls in get_request_source_address()
Remove redundant calls in get_dpinger_status()
Don't call running_dpinger_processes() and get_gateways() inget_dpinger_status() since it's already done in the calling function.
Also remove the error log for missing dpinger processes sinceget_dpinger_status() is only called for existing dpinger processes.
Bump default widget intervals
Update UPnP IGD & PCP GUI text. Implements #15864
Avoid printing pkill internal errors. Fix #15912
Also remove the file check from isvalidpid() since pkill can handle it.
Add an option to display text on the login page. Implement #9293
Determine the correct AF when DDNS uses a gateway group
Show rule tracking info. Fix #15936
Sort filter rules after changes. Fix #15935
When rules are added/removed, they should also be re-sorted.
Check subqueues when determining pipe slot limit. Fix #13662
Don't clobber the pipe name. Fix #13158
Config access regession when disabling CP MAC filtering. Fix #15926
Add config upgrade support for new system aliases
Define additional system aliases. Implement #15776
Ensure ACB entry reasons are encoded. Fixes #15927
Allow choosing when to use Check IP service in DDNS. Implement #14067
NAT64 GUI improvements
- Add NAT64 to the firewall rule advanced options indicator.- Automatically add the destination for NAT64 rules.- Dynamically update NAT checkbox text for easier implementation of different NAT types.
Revert "Clarify NAT64 checkbox description"
This reverts commit c257b5eead8804f509203a3e4fb60d8e0f45cb5a.
Clarify NAT64 checkbox description
Improve input validation for NAT64
Clarify message and automatically disable NAT as needed.
Add NAT64 support for firewall rules
Add initial GUI support for NAT64. The NAT64 source can be set to:- Automatic (default): Use the rule's gateway or gateway group (use the system's default if not specified) to determine the source interface. Sets e.g. "from (vmx0)"....
Send picture widget image inline. Fixes #15767
kea: add initial DHCP-PD support. Implements #15652
Mark CA basic constraints as critical. Fixes #15818
Pass correct argument when checking for RO user privilege
Fix #15282Fix #15318Fix #15908
Close PHP session when exiting early. Fixes #15873
Ensure RO user can't trigger log changes. Fixes #15874
Fix Captive Portal PHP error. Fixes #15907
kea: ignore default and max lease time within pool context. Fixes #15332
Add error handling for config xml parsing exceptions. Fix #15860
With this change, exceptions during a config restore will no longerresult in an unbootable instance.
Remove deprecated function use of xml_parser_free()
As of PHP 8.0.0, the function has no effect and is no longer needed.
kea: keep the config.xml tidy when saving settings with empty values
kea: enable static arp support, Feature #15654
dhcp: fix static arp config access
Revert "dhcp: fix static arp config access"
This reverts commit c31cc5d0e1121e973abc0d58b4808f6d90762dba.
remove rogue character
Set picture widget download file ext. Fixes #15767
Handle null widget instance ID. Issue #15844
Fix config access regressions during config upgrades
- 122_to_123: outbound rule saved to wrong path- 130_to_131: operate on same types- 136_to_137: handle potentially empty path- 150_to_151: operate on same types- 169_to_170: save the new wireless interface name
Don't use config result by reference
The $settings variable is not changed within the loop.
Refine widget validation checks. Fixes #15844
Config access regession when restoring from config 19.1. Fix #15895
Update nginx HTTP2 syntax. Fixes #15863
Define PHP request_order. Fixes #15893
Config access regression when saving dnsmasq overrides. Fix #15890
Dashboard widget settings and widgetkey validation. Issue #15844
Validate inputs when killing OpenVPN clients. Fixes #15856
While here, fix the JS 'busy' icon switching for both the widget and status page.
Ignore queue status interface. Fix #15885
Return the previous condition; $altqstats['interface'] is not required.
Don't separate the last array key in config access paths