If the anti-lockout rule is active, show it in the rules list for the LAN interface (or WAN if the interface count is 1, same rules as in filter.inc for putting the rule in the ruleset)
Warn a user when entering the OpenVPN client/server screens that they need a CA/Cert if none exist.
Use addslashes() here to prevent unescaped quotes from causing PHP errors. Fixes advanced/custom options in OpenVPN wizard.
Use a different variable name here to avoid colliding with another of the same name.
Use != here to avoid a potential issue with empty() testing intermediate arrays.
Add a button to the filter reload screen to force a config sync (only shows up if a config sync peer is defined).
Fix saving of off/disabled PPPoE server instances. Fixes #987
Don't show empty user IPsec keys.
Ticket #980. Bring CP widget up to date. Also bind lighty for CP to 127.0.0.1 it should not be accessible otherwise.
Don't use pconfig in a widget, it can cause issues with other widget settings.
CSS changes, fixes misaligned cursor in some password fields. Fixes item 1 in ticket #830
More VPN log fixes, for consistency. Ticket #912
Switch from buttons to tabs, add a mode to view raw mpd logs for each vpn type, and some general cleanup. Fixes #912
Remove these now-obsolete linkup/linkdown scripts.
Fix VPN log page to use the updated log format (again). Ticket #912.
Use a unified vpn-linkup script that detects the type based on interface name.
Show login/logout events for pptp, pppoe server, and l2tp. Could use some work to simplify. Ticket #912.
Add individual linkdown scripts so the service type can be set in the log.
Add service type to vpn log
Sync service status widget code with service status page. Fixes #984
Test for arrays first, should fix #968
Make the change here, too.
Replace \r from custom options otherwise it breaks config.
Fix logging parameters.
Fix pfctl -b parameters to prevent the killing of unintended states.
Fix formatting
Fix this logic.
Ticket #975. Rearrange code a little.
Do not require LDAP search base DN. Requiring this can prevent some valid LDAP configurations from properly authenticating. (See GDD-550841).
Ticket #959: keep local ipalias and proxyarp vip's during a XMLRPC restore
Make the $pgtitle output a link back to the current page for a convenient way of reloading.
Remove unnecessary (and unclosed) form tag.
Do not allow spaces in load balancer name fields, they are invalid in relayd.
Resolves #971. Fix wizard.php to show interface descriptive names. Pointy-hat: gnhb
Balance <p> with </p>
Put </ul> tags inside the same <td> since they cannot span multiple of them.
Clear some forgotten </img> </font> tags.
Display the ICMP type (abbreviated) in the firewall rule list and show the full text when the cursor is over it for ticket #762
Break after the first error.
Prevent the DHCP range from being changed to include static mapping entries. Fixes #964.
Reject DHCP static mappings that are inside of the DHCP range. Fixes #966
Remove WIP note. This should resolve #555.
Indicate in various places if a certificate is revoked.
Indicate if a certificate has been revoked, both in the cert list and the user manager list.
Add ability to select reason codes for revocation. Reformat CRL edit screen a bit. Ticket #555
Refresh OpenVPN CRL files when a CRL has a cert added/removed. Ticket #555
Add support for deleting a cert from a CRL (unrevoke). As of this point basic CRL functionality does work: Revoke a cert and it cannot connect. Remove it from the CRL and it can. (Have to edit/save OpenVPN server instance to update/refresh CRL though). Ticket #555
Change OpenVPN wizard to set input_errors when there is a fatal condition that will require preventing a config save.
Add these error/info box classes to the wizard.css file.
Add a patch to wizard.php to support input_errors from sullrich (with some modifications).
Reject special characters in CA/Cert field names during OpenVPN wizard. Fixes #900
Add more CRL functionality. Needs to wait on a new build for further testing.
Fix some forgotten name->descr changes.
Traffic shaper wizards remove redirection before final step. This seems a forgotten item.
Generalize the "low res" user agent detection so it isn't Apple-specific. Include Android in the detection, and also provide a mechanism so that the "low res" theme can be set in globals.inc.
Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.
Convert fullname field on users to descr, so it gains CDATA protection.
desc to descr in Load Balancer config, so they gain CDATA protection and standardize field names. Ticket #320.
Change the description field on sysctl tunables to be 'descr' and not 'desc' so they will gain CDATA protection. Ticket #320
Fix the dedicated and multi_all wizards. They had typos in variable names and some remaining unused code which caused problems!
Disable the bandwidth speed selection field also to avoid errors/problems when the catch all is not activated.
Ticket #868. Add Connection: close to the header to be proxy friendly. See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for reference.
Character '#' is invalid in string fields of SNMP service screen. Ticket #956
Do not include 'remoteid' javascript functions for mobile ipsec. Ticket #797
Do not run anymore the cron job for monitoring check_reload_status since it has a monitoring process that does this through kqueue.
Ticket #934. Perform test only for ldap backend. Also tell the user through a message when they click it for other backends.
Resolves #879. Commit patch referenced in ticket to properly parse rate output.
Ticket #950. Correctly handle failures while installing packages which might leave stale information behind. Also do not try to startup services twice. Rename uninstall_package_from_name to uninstall_package because the operation on packages is only done through package names.
Hide ports when protocol does not use ports. Ticket #953
Hide translation section when "Do not NAT" is checked. Fixes #952
Don't clear the source port when changing source address type to any. Also update source when editing a rule with source type any.
Add GUI checkbox to enable strict username/common name matching for SSL/TLS+User Auth mode. Fixes #887
Resolves #947. Blacklist lagg interfaces from the list of possible lagg members.
Correct this note, on at least one card (mxge) it defaults to an MTU of 9000, so we can't always say the default will be 1500.
Fix graph staggering, the old method was causing the graphs to diverge in update intervals over time.
Whitespace fixes
Fixup comments a little.
Correct and cleanup this input validation logic for IPsec Phase 1 PSK/Cert config. In some cases the test was not being evaluated as expected.
Unset the end time if we are graphing for the "current" period. That makes the graphs refresh correctly.
Unfortunately, using variables in this way in strings passed to gettext doesn't work well with translations. Replacing with sprintf for now.
Update this text to match the current default.
Replace hard coded pfSense with product_name
Replace hard coded pfSense with product_name.
Show the product_name as the slice "name" for rebrands. Cosmetic only.
Remove unnecessary variable and fix loop test. Corrects AJAX update of last gateway status table cell (it was never updated before)
Fix AJAX update of gateway status when the status is "Gathering Data".
Replace hardcoded pfSense with product_name.
Simplify this code so it's obvious what we're really testing for.
Should be no functional change here.
Remove unused variable.
Add contributed patch to allow certain IPsec mobile clients to save Xauth passwords. Fixes #933.
Print the theme correctly.
Fix OpenVPN client kill. Reported at http://forum.pfsense.org/index.php/topic,28784.0.html
Mark subsystem as dirty.
Bring l2tp users page back to latest world of 2.0 to avoid errors. Reported-by: http://forum.pfsense.org/index.php/topic,28829.0.html
Fix intended behaviour when the default gateway changes interface.
This breaks the code because the ASSUMPTION is to reload the gateway interface that was a defaultgw previously and not the interface that just became defaultgw. Mostly for dynamic connections like dhcp/ppp*
Pointy-hat: gnhb
Revert "Update code to actually accomplish the intended behavior of NOT reloading the interface"...
Update code to actually accomplish the intended behavior of NOT reloading the interfaceif not necessary when a GW record is saved.
Fix height of plus button, reported at http://forum.pfsense.org/index.php/topic,28764.0.html
Do not allow a gateway to be renamed. Possibly a better solution is to rename the gateway in all pointed places!
Handle the cases to not save data on config better.