There is no longer any need to restrict protocols for IPv4+IPv6 rules, the appropriate ruleset is generated and problem scenarios that would otherwise break here are prevented by other input validation.
remove dead code, clean up excess white space a bit.
Fixes #4504 use correct key index
Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent traffic sent to lan ip to go to the ipsec tunnel
Fixes #4259 Use proper variable to do calculations
Add SCTP to protocol list for filtering.
Merge manually pull request #1593
Fix encoding issues in Configuration History list.
Fix a few misc encoding issues in load balancer code.
Fixed minor spelling error
RRD Graph Custom Tab display friendly description
The other tabs of Status:RRD Graphs put the friendly description of each interface into the drop-down list for selection.This change makes the Custom tab do that also.
Status DHCP Leases handle expire never
Note: We can let the code pass "never" (or any other unexpected stuff)to adjust_gmt()adjust_gmt() should anyway handle the case when strtotime() cannotunderstand the input string and thus returns false. In that case we...
Use is_numericint() instead of empty() to check if value has been entered because empty() does not allow 0, which is a valid value.
Make sure 'DHCPv6 Prefix Delegation size' is provided if 'Send IPv6 prefix hint' flag is checked to avoid generating invalid dhcp6c configuration file.
Handle release number in installer
This code just looked wrong. It was considering 10.1-RELEASE-p6 to be release number "1" and comparing it to "9".These changes to do what it seems to intend. This will make that UFS+J stuff appear, if that is of any consequence.
Add option for wireless standard "auto", to omit "mode" entirely from ifconfig. This shouldn't be necessary, but specifying mode has proven to trigger driver problems that don't exist if it's left unspecified (such as FreeBSD PR 198680). Chosing "auto" fixes ath(4) BSS mode issues otherwise preventing it from connecting.
change the location of jquery-ui images in each theme's css file
Cleanup code path when adding a new user
1) Only attempt to delete the oldusername if it actually was non-empty - at the moment errors are logged in the system log when adding a new user, because the code was trying to delete the user name "".2) Call local_user_set() first to create (change, whatever) the user record. This makes the user record exist for a new user. Then call local_user_set_groups() to sort out what groups the user should be in or not in. The existing code would fail to add a new user to the specified group/s because local_user_set_groups() was called too early, before the user actually existed....
Do not allow VLAN tag zero
At the moment you can make a VLAN with tag 0. The input validation does not catch it because when $_POST['tag'] = "0" that evaluates to false by PHP.Always make the checks on 'tag' value whenever the 'tag' key is set at all. If the (required) 'tag' key is not set, then that is already checked for by do_input_validation().
txpower was disabled for good reason it would appear, it triggers syntax errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516
Apply WME input validation to all modes, not just hostap. Ticket #4516
Default to 11ng if an option hasn't been configured. Previously we let the browser pick the first in the list (the first the card reported as available), which ended up being 802.11b. Ticket #4516
Default to WPA2, AES for new wireless interface configs. Ticket #4516
Auto-size the interface box on the bridge edit page.
touch up interfaces.php text
Require WPA PSK where WPA-PSK is enabled. Clean up some other text. Ticket #4516
clean up input errors text
Fix up text, remove "only for Atheros" since the option is only shown if a compatible card exists.
"Auto" channel with hostap doesn't work correctly at the moment, force choosing a specific channel with hostap mode for now.
add more wireless validation. Ticket #4516
Add more validation for wireless config settings. Ticket #4516
Add more input validation for wireless parameters. Ticket #4516
Touch up wifi text
clean up unique IDs text a bit.
Proper fix #4443, do not unset carp entry when content differ, also set correct real interface and use subnet to check IP protocol
Save vip interface and subnet to use to delete old vips from secondary nodes. Fixes #4446
Revert "Use a consistent variable name here. related to Ticket #4446"
This reverts commit 0e7954b8a333d7ca92f56c86c74e2d9d7457b546.
add granular control of state timeouts. Ticket #4509
Remove BEAST protection option since default cipher is now good and works with hifn cards
Fix password box cursor position
Similar tohttps://github.com/pfsense/pfsense/commit/dedc40f7ded5f88aee4720aa8a3a57667b975254The password field shows the little lock icon, but the text input areastarts over the top of the icon and as I type in the field the password...
Pencil symbols
These are places in the GUI where the cursor sits not in the far leftside of the input box and there is odd-looking white space to the leftof the cursor. Normally there would be a little input graphic in thewhite space to the left of the cursor (a pencil, a computer screen, a...
update description after adaptive start/end default change.
Use a consistent variable name here. related to Ticket #4446
Don't enable interfaces_use by default. Add checkbox to enable on Advancedtab, in case there are scenarios where it's desirable. Ticket #4341
Conflicts: etc/inc/vpn.inc
Fixes #4427 Correct traffic shaper wizard to properly save and use Voip provided settings
Fixes #4446 Correct ipalias removal on top of carp during configuration sync.
Allow reassignment from PPP types to DHCP. From testing, it appears to work OK, this input validation appears to be outdated.If there is some edge case that this catches, perhaps it needs to be a more specific test.
Add missing 'break' statement that broke switching from a PPP type to 'none'.
DNS Forwarder Host Override Edit make the pencil symbols appear
In most places in the GUI a little pencil symbol appears before text input fields. For example it already appears for the Host, Domain and Description fields in this very form when you "Enter additional names for this host."...
Fix password box in diag_authentication
In 2.2 when I go to Diagnostics->Authentication the password field shows the little lock icon, but the text input area starts over the top of the icon and as I type in the field the password "dots" go over the lock icon....
Add missing opening bracket
Check for console="comconsole* rather than just comconsole in loader.conf, so it doesn't match just having comconsole_speed in loader.conf. Ticket #4464
Expand CARP demotion error, add button to reset demotion status.
Remove multiple spaces from dns_split as a seatbelt, also fix the message since field is expected to be space separated and not comma. Ticket #4418
touch up text
fix up text
Don't save config if input validation fails. Add input validation preventing "Harden DNSSEC Data" from being enabled if DNSSEC support isn't enabled.
Remove the harden-glue option entirely and hard code it to yes. Ticket #4402
Encode and check values for filtering variables in diag_logs_filter.php
Do not render the services_unbound_acls page with an invalid ID.
Stricter validation and encoding for traffic shaper queues.
Jettison unused dragtable code from firewall_rules.php, it was broken and inactive and only causing trouble.
Improve validation and encoding of the zone for Captive Portal Status
Be more strict about the file to restore or delete when working with full backups.
allow enabling Unbound when dnsmasq is enabled, if they're using diffports. Ticket #4332
Make the DHCP network booting options line up
by putting the text and selection boxes into a 2-column table so that it can be rendered with the boxes lined up vertically.
system_groupmanager edit cancel button looks small
It looks smaller and different to the Save button. This makes it the same.
system_usermanager edit cancel button looks small
Make the Power Mode selection boxes line up
Standardise power mode selection boxes
I noticed that this looked a little odd, the boxes for AC and Battery Power Mode are 1 after the other on the same line, then the 3rd box for unknown power mode is on a new line.Maybe make them all on their own line, like this?
Add missing BR tags and fix display with pfsense_ng_fs theme
Fixes #4481Similar issue to commit https://github.com/pfsense/pfsense/commit/5cfd948144741ba0d6981f89b2e40257cb9ef2b1Note: services_dhcpv6_edit.php - these fields are not present so nothing to edit/fix.
Remove "Prefer old SA" option, and ignore it in all existing configurations. Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables.
Fix track6 prefix id range in error message, reported on Pull Request #1517
Check if variables are set before trying to pass them to function substr_count to avoid generating PHP alerts.
Ticket #4418 make sure the dns_split is separated with spaces rather than space or comma to comply with strongswan requirements.
When RADIUS auth is selected, radius protocol and server ip/host are mandatory. Fixes #4384
isset is a better check here
Fixing issues with NTP RRD graph state changes
- only call enable_rrd_graphing() after $config['ntpd']['statsgraph'] is set - fix if condition; empty and isset are each other's opposites
carp, don't show status icon from previous carp ip in case the ip is not present on the interface (test with ifconfig em0 1.2.3.4 delete)
Ticket #4445 do not write config and remove its cache when applying settings its just behaviour from dinosaur era and should have been cleanded long time ago.
diag_arp allow underscore in resolved host names
is_hostname() and is_domain() allow underscore in the names. So it is possible to have underscore in host names, for example in DHCP server static mapped entries I have some things like:10.42.3.4 client-pc-01_LAN...
make computation of start of DHCPv6 range consistent with actual check
When computing the start IP for the 'available range' field,services_dhcpv6.php attempts to increment a colon-formatted v6 address.Since this always fails, so the value that's printed is not actually...
Fix display style typo
I could not see any difference in rendering of the page after fixing this, but it looks it it should be fixed.
OpenVPN server improve handling of authmode
Currently if the user is clicking around while they are setting up an OpenVPN server, they can do stuff like this:a) Select Server Mode - Remote Access (SSL/TLS + User Auth)b) Select something in Backend for authentication...
vpn_openvpn_server.php white space
Mention interface name on DHCP edit GUI
IMHO it can be confusing on the DHCP edit page for static mapped entries to know which interface the entry is being edited/added for. Specially if the user comes from the Status DHCP Leases page, the lease they are editing/adding could be for 1 of many LAN-style interfaces....
Status_dhcp_leases fix edit button for static entries with no IP address
The edit button for static entries always has an index id=0 and thus pressing the edit button goes to (mostly) edit the wrong entry.It was easier and made the code cleaner to get rid of the looping through the staticmap array every time trying to matach IP, MAC address... That data ('if' and 'staticmap_array_index') is easily gathered further up, the first time the staticmap array for each DHCP interface is traversed. I think this should also be more efficient when there are many static mapping entries....
Fix broken links to dhcp6c.conf man page.
manpath FreeBSD+Ports no longer exits and needs to be replaced with FreeBSD+10.1-RELEASE+and+Ports
Success typo
might as well fix it while I notice it
Add GUI control for MOBIKE. Hide it when IKEv1 selected. Enable toggling of NAT-T field display so it's on for IKEv1, off for IKEv2. Do same for reauth while here. Ticket #3979
Update fbegin.inc - Missing '/' in path
Found this issue in conjunction with user Digdug3
force minimum 100000 byte log file size. Some have been confused thinking this is KB, in some cases causing problems. This should help, and there shouldn't be a need for logs smaller than that.
Set srctrack separate from this test or the value won't save unless the sticky box status also changed.
Merge branch 'RELENG_2_2' of git.pfmechanics.com:pfsense/pfsense into RELENG_2_2
get rid of wizards/initial/ images that were never used
Remove dead code and unset vars so next time the code works properly avoiding cache issues.
Random text typos
that I noticed.
Fix typo in class in bridge edit
Fixing this makes nice little pencil icons appear in front of the textentry fields.