Validate firewall rule advanced options requirements
Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules.Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html...
Add missing backup of gettytab
Merge pull request #718 from N0YB/Advanced_DHCP_Client_Options
Fix required options syntax typo
Merge pull request #717 from phil-davis/master
When adding Port or URL alias default the alias type
When viewing the Port or URL aliases tab, and pressing "+" (add), make the default alias type match the Port or URL tab from which the user pressed "+".
Merge pull request #716 from phil-davis/master
Fix editing saving dhcp6prefixonly state
Reported in redmine #3097 and forum http://forum.pfsense.org/index.php/topic,64483.msg350255.html#msg350255
3652 days worth is a too much. Scale it back to more reasonable 1.25 x maximum used data (2284 days).
Handle IPv6 in ip_in_interface_alias_subnet()
Merge pull request #714 from phil-davis/master
Minimize inclusion of bogonsv6
Use default RRD colors that are a little more visually distinct. Add some better comments/labels to make it easier for people to help customize and tweak the colors. Suggestions welcome.
Disable the BEAST protection by default because the GUI will break if you use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.
If "Allow IPv6" is on, but actually there is no enabled interface with "Block bogon networks" enabled, then we also do not need to include the bogonsv6 table into pf.This allows some more flexibility for users to leave "Allow IPv6" checked, but still not use up memory for bogonsv6.
Sync p0f database for OS detection w/current file from FreeBSD
This is not a percentage
Remove remaining hardcoded theme names
Don't blow up the config if someone enters int'l chars in an LDAP attribute/DN field. Ticket #2227
Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted.
Some more tweaks to state and mbuf update/output on dashboard widget.
Use some easier to distinguish colors for mbuf graph
Add a meter for states, too
Fixup mbuf stats function
Call interface_ipalias_cleanup() after $interface is initialized, and get current IP after it
Make mbufs update via ajax
Fix ids
Fix an occasional "blank" cpu freq printing that shouldn't happen.
Make mbuf usage a meter, too.
Show totals for memory, swap, and disk usage.
Add an RRD graph for MBUFs under system. Tweaks welcome.
If an account has SSH keys, show them, don't show the checkbox to add keys. Fixes #2729
Don't generate reflection rules if reflection is disabled for that rule.
Do not break ppp type interfaces on v6
For ppp interfaces the real interface is not present anymore in the xml config section of the interface. Due to this do some more work on extracting the real interface when ipv4 is pppoe/ppp/... and ipv6 configuration files will use the wrong interface to request information from provider. Reported-by: http://forum.pfsense.org/index.php/topic,64483.0.html
Enable filtering on ipfw sysctl not dependent on ipfw module otherwise issue reported here http://forum.pfsense.org/index.php/topic,64412.0.html happens
Ignore errors/warnings from these calls
Merge pull request #682 from CharlieMarshall/pfsense_ng_fs
new theme "pfsense_ng_fs" & allow themes to add / delete additional widget columns
support mitigating BEAST attack
According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30
"...by setting
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
you can mitigate BEAST attacks."
Merge pull request #712 from phil-davis/master
Correctly decide if dhcrelay (v4) is enabled
Correctly decide if dhcrelay is enabled
Merge pull request #711 from phil-davis/master
Teach services code about start stop restart of dhcrelay6
Teach service start stop restart about dhcrelay6
Consistent dhcrelay6 pid file location
Merge pull request #710 from phil-davis/master
Start DHCrelay6 on boot
Fix #3091, fix bad var assignment
services_dhcrelay6_configure developerspew debug text fix
Substitute Product name in privileges
Merge pull request #708 from razzfazz/master
properly handle custom-v6 dyndns entries in web interface
Move variable declaration to the top, declare it global before defining. Fixes #3090
Remove irrelevant comment.
Fix copy/pasto introduced in previous commit.
Don't automatically add hidden rules to pass all IPv6 traffic to/from delegated prefixes. Default IPv6 from LAN -> any rule covers outbound properly as-is, and WAN rules shouldn't pass in that permissively. Also the prefix length calculation was off and the LAN rule(s) would be too permissive anyhow.
Implement proper releasing of pipes allocated based on CPzone. Keep track of which zone a pipe is and release those pipes during disabling/deleting of zone. Ticket #3062, Pull request #698
Use empty to cover all needed cases as suggested on #3062. Suggested from pull request #698
Merge pull request #703 from razzfazz/dyndns_custom_v6
Add support for HE.net AAAA record updates. Fixes #1825.
Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
Fix the "use ICMP" function for traceroute.
Fix #3079, add a section for DHCPv6 Server backup
Implement URL Table aliases for ports instead of IP addresses
fix description
touch up text
Merge pull request #704 from razzfazz/rules_proto_41
Add support for protocol 41 in rules. Fixes #3007.
Add support for custom IPv6 DDNS.
Change separator as per JimP's request.
Merge branch 'master' into dyndns_custom_v6
Add front-end support for dyndns AAAA updates
Clean up HE.net AAAA backend support.
Merge pull request #702 from razzfazz/master
Fix typo in filter.inc. Fixes #3028.
Add backend support for HE.net AAAA record updates.
Defines a new DynDNS provider 'he-net-v6' for updating AAAA entries ondns.he.net.
Due to the typo, FilterIfList never got a 'track6-interface' entry,which in turn prevented the DHCP6-related pass rules from beinggenerated for the LAN interface.
Make dashboard update check respect nanobsd-vga, probably fixes #3078
Correct month, quarter (3 months), and 4 year RRD graphs length.
Longest possible month is 31 days, not 32.Longest possible quarter (3 months) is 92 days (30+31+31), not 93 (31+31+31).4 Years is 1461 days (365 x 4 + 1), not 1464 (366 x 4). Except about once every century or so when leap year is skipped 4 years is then 1460 days. But that is not going to happen again for a very long time. Unfortunately pfSense, nor anyone alive today will probably still be alive by then.
Merge pull request #699 from evansus/patch-2
DHCP also update Dynamic DNS for static leases
Typo in configuration option
Should be 'leases', not 'mappings'.
Previously, Dynamic DNS is only updated for clients that get addresses from the DHCP address pool. Static mappings are ignored.
Adding this line updates Dynamic DNS for both static-mapped and dynamic DHCP clients.
Remove unecessary variable
Fix #2962, allow to remove VIP if gateway IP is on the interface's subnet
fix typo
Actually do this upon entering to get proper ip
Fixes #2495. On trigering of rc.newwanip remove all ipaliases from the interface since they will be readded later on. This will also make sure to have the correct address order
Remove unecessary var initialization
When a CARP VIP transitions to master, we need to bump servers also, otherwise a transition from disabled or init may not properly (re)attach to the IP address.
Correct DHCPv6 rules test to also include a check for DHCPv6 relay. Fixes #3074
Fix a small issue when disable a boolean option and save, it shows option as enabled
Fix whitespaces
Remove extra { wrongly added on last commit
Fix set/unset of checkaliasesurlcert
Process zipped aliases list
Use download_file() and check ssl certificates
Remove useless code
Create a function to download a file using curl
Add an option to check certificate for https URL aliases
Resolves #2910. Make apinger write its status file just after starting so that thing work as expected
Add a new alias type, URLs containing Ports
Add group_ports()
Remove duplicated line that makes dhcp6c not run correctly