pfSense

fix missing images for CRLs

When uninstalling a service actually stop it first.

Do not call stop_service since its already called from start_service itself.

Test for null names passed to these functions as a safety precaution.

Actually sync_package before starting it again. Also include restart in the log message since it might be like that.

Ticket #1534. Change rc.start_packages and rc.stop_packages to php scripts so they do a proper job at start/stop packages, rather than assume every package has a .sh script which is not true. It mostly reuses code from rc.packages which is not used anywhere as of now!

Test for null names passed to these functions as a safety precaution.

Ticket #1534. Check if a rc file exists before trying to run it. Also return if we execute a stop command through rc file to be consistent with the start_service function.

Ticket #1534. Serialize all the xmlrpc requests coming to the firewall. Seems such request can stomp into each other and create either corruption of xmlrpc request or other issues.

Make sure all CP form elements are disabled/enabled with the master checkbox.

Don't put an empty PSK into the file, and try to avoid extra whitespace to be safe.

Update default gitsync url to be the github URL. If anyone had done a gitsync before to the standard URL, they'll need to either rm /root/pfsense/ or cd /root/pfsense/pfSenseGITREPO/pfSenseGITREPO; git remote set-url origin git://github.com/bsdperimeter/pfsense.git; and then gitsync again.

Fixup MAC display on this other path too

Print the MAC mfg on another line in a smaller font if it's found. Less obtrusive than completely replacing the MAC.

Use base 1000 on user graphs and display cumulative of Total users logged in over the 'x' period.

Ensure that $timestamp is only ever written out if it contains a value and let file be retained through reboots.

Remove Total users graph this has become redundant and replaced with a cumulative result.

Fix small typo

MAC prefix to vendor resolution at Status->Interfaces, Status->DHCP leases, Diagnostics->ARP table

Merge branch 'axscode-pfs'

Merge branch 'master' into yakatz-ssl

Merge branch 'drcookie-he.net'

Added HE.net (dns.he.net) to the list of available dyndns services.

Resolves #1529. Check if the file exists before opening it.

Resolves #1524. USe the correct field from netstat parsed output.

Fix interface recognition for diag > arp. It was't seeing wireless interfaces properly.

Fix whitespace.

Sync with dhcp leases reading code.

Test for array before using variable as one.

Fix comment

Also skip the rewind binding state or leases show expired. Reported at http://forum.pfsense.org/index.php/topic,36657.0.html

This function takes two parameters, fix PHP error. Reported at http://forum.pfsense.org/index.php/topic,36648.0.html

Revert this change. reload_all() already sends a reload message. Unfortunately there is still something else lurking that causes a delay when loading the wizard step

Use send_event()

Use send_message and issue the reload all operation in the background

Make autocomplete on the login form optional.

Fix IPsec descr trimming for rule labels. Ticket #1426

Skip step #9 for non pfSense branded installations

Test for array/size before foreach

Various CRL fixes, handle empty internal CRLs better.

Reload the wizard and then redirect to a wizard completed step. Prompt the user to donate to the project.

version bump to rc2

Merge branch 'master' of http://gitweb.pfsense.org/pfsense/mterron-clone into review/master

Misc fixes to make the openvpn wizard stop re-creating a CA previously made via the wizard if you re-ran the wizard and chose a CA instead. Fixes #1512

this should be checking for synchronizetoip not pfsyncpeerip

passive should always be on for mobile clients per racoon man page

Reorder instructions and do not reload dns if its not allowed from the dns allow override setting.

Actaully put the route adding under the conditional logic checking. Ticket #1408.

If we are disabling the radius inputs, also disable the secondary radius inputs.

This field should be server2

Use the availble constant on php for this and also the right value that comes with it since PHP never supported u_int. There is a bug open still on PHP about bcmod but some more info is needed.

Reorder where inetd gets started to after where the package rules are generated, so that a package can add a line to inetd.conf using that process.

Misc OpenVPN CRL selection fixes.

If we have deleted the last cert from the CRL, blank out the text.

When deleting a CA, delete its associated CRLs.

Ticket #CZH-831780. If gif(4) is part of a bridge and its mtu is smaller than 1500(ethernet standard) do not consider it in finding the smaller mtu because we have a patch to allow gif(4) be member of a bridge with smaller mtu. See https://rcs.pfsense.org/projects/pfsense-tools/repos/mainline/commits/67d3135722db4a3c911761ead5c881ccaef02c65 for details.

Timeout is either a global option and/or a table stanza option. For now made it a global option.
For the future each pool should probably have a configurable timeout.

Correct wrong key for checking if a interface type switched. Ticket #1420

Fixes #1394. Create a function get_itnerface_default_mtu and use it for resetting the mtu of a interface to default when needed. This adds the overhead of fetching the interface mtu and comparing with the default one every interface configuration run.

Disable this log message, as it can be extremely spammy in the logs.

Some more whitespace fixes.

Use correct config variable and fix some whitespaces.

Give time to filterdns to exit gracefully and after that start a new process.

Resolves #1486. When sticky option is selected under advanced->misc honor it even in the relayd.conf setting.

Bring back the optimization on max-packets at pf(4) level now that the issues with daemon have been identified.

Bring back the optimization on max-packets at pf(4) level now that the issues with daemon have been identified.

Now that layer7 daemon issues are resolved bring back this optimization.

Revert "Do not write ont rules anymore max-packets. This apparently was done by me in a previous commit, it helps with Ticket #636."

This reverts commit c8703797e5c24e6619ad14819fc62b3cb8a6ae3d.

Set default colors explicity, the theme can then override them. This prevents missing colors in themes from crashing the graphs.

If the rrd multiplier is negative, use 5% for out instead of 95% for the 95th percentile line.

Add a newline to the igmpproxy config to resolve issues of it not parsing correctly the file. Reported-by: http://forum.pfsense.org/index.php/topic,36279.0.html

Set password on the OS instead of just the gui. Fixes #1485

Remove static routes that are added for dns servers when allow override is allowed when a ppp interface goes down. Code borrowed from dhclient-script.

Ticket #1408. Honor the allow override settings even for ppp devices.

Send route delete message to blackhole.

Ticket #1408. Do not add static routes for automatically learned dns servers from dhcp if Allow override is not selected.

Correct saving of qinq specified members and also correctly destroy parent vlan when deleteing the interfaces. Also take care of attaching to netgraph now that we detach by default.

Remove rndtest sysctl since the kernel module is not anymore part of our kernels. Leftover noticed by: Jim

Remove rndtest sysctl since the kernel module is not anymore part of our kernels.

Bring comment up-to-date

Make sure that openvpn tunnels are not impacted by hitting 'Save' on the Interface->Configuration page when assigned.

Use the needed variable here so hitting 'Save' from Interface->Configuration section does not leave the assigned gif interfaces without tunnel addresses.

Correct code description during assignment

Some configurations might have gre/gif on top of carp. Make sure to handle this configurations and to bring the tunnel correctly up.

fix typo

Comment out debug print

Whitespace cleanup, code cleanup, add choice to filter on ipv4/ipv6 and also accept a subnet to filter on via the host field.

Allow users to select SSL/TLS+User Auth with external authentication sources.

No need to include head.inc twice

Don't just blindly echo to the ntpd.log, it's a clog file and that will break it.

Show OpenVPN instances on Status > Traffic Graphs, with descriptions.

Actually correct check meaning.

Do not an ip of all 1s as a gateways since it cannot be pinged.

Actually call interfaces_carp_setup after the carp interfaces are created so carp traffic can only flow after we have all vips up and running. This prevents premption more early than necessary. Ticket #1432.

Provide a method for rebrands to force a theme. Otherwise upgrading nanobsd from pfSense to a rebrand image without the theme in the config.xml will have a broken GUI since the theme isn't there.

correctly unmount drives where a config doesn't exist

If the bandwidth value is coming from radius scale it up to the requested Kbit/s unit.

missed a bit of my last commit

Set user when removing privileges, otherwise things like the user's shell would not be reset until pressing save, which is inconsistent with that step not being needed when adding privileges.

Merge branch 'master' of http://gitweb.pfsense.org/pfsense/mainline.git

ignore dreamweaver temp files