Fix an edge error in getting the carp interfaces reported by Effone.
Do not prepend empty lines to the first member this might trigger errors on code that relies on space to be a separator.
Make sure to upgrade deprecated themes to pfsense_ng.The switch() should make it easy to add other deprecated themes here.
When doubleclicking a tunable, bring up the edit screen
Make interface sort order on creation consistent with the order displayed elsewhere, and fix possible missing description on LAN upon creation.
check more closely for match here, to fix multiple items being marked as "selected", leading to the wrong interface being selected.
Do not install reflection rules for port forwards when the destination is invalid.
Add note that reflection timeout only applies for port forwards.
Revert changes to reflection for port forwards until finished and approved.
Merge http://gitweb.pfsense.org/pfsense/efonne-new_nat_reflection into master
Remove remote network from wizard, it is not used for a Remote Access VPN.
Hide "Local Network" field when creating/editing an OpenVPN shared key server, because you can't push routes with shared key.
Fix the same problem with sharing an OpenVPN instance w/existing shared key on the client page this time.
Fix OpenVPN server validation logic. It was failing if you tried to save a shared key server instance with an existing shared key.
Add 0x10 diffserv option. http://forum.pfsense.org/index.php/topic,24954.0.html
The global reference declaration is needed.
Preserve previous behaviour of having all alarms on for all gateways. Not sure this should be/is the right behaviour though.
Move the settings of down/latency/loss to per gateway. This allows more fine grained control on gateways.
Use common function to return gateway array so consinstency is preserved around code.
Do not put ip address on teh name since pfctl does not like an ip as part of macro name.
Correct delay matching on outgoing load balancer code.
Use require_once() to overcome problems with includes.
Ticket #408. Provide code to upgrade static routes.
Make list the same. Remove whitespace at the end so it does not get interpreted as special tag.
Fix link_ip_to_carp_interface. This unbreak at least Carp on CP and other consumers of it.
Add scpecific scripts for when ovpn goes up and down so we get neccessary values for used in varius areas of pfSense. TODO is find out how to get DNS info form openvpn.
Check if interface exists before issuing a command when disabling captiveportal.
Prevent gateway groups of having the same name as a gateway because this is not valid.
Use a global array to prevent errors on rulesets which have invalid gateways. If such are found do not use the gateway at all. Probably the rule should be skipped too?.
Move auto generated rule for static routes on same subnet. Use sloppy states to speed things up and use flags any in tcp case so sloppy state does not choke.
Catch up with latest apinger changes to make easier to extract the status of gateways.
Add a few comments. This should be ready for testing/feedback. Ticket #108
Add missing ;
Set proposal check and passive as needed for this scenario also. Ticket #108
Ensure initial_contact is 'on' in this case to behave as 1.2.3 did. Ticket #108
Set generate_policy to "on" to behave as 1.2.3 does in this case. Ticket #108
Only specify peer ID if we are not dealing with a mobile PSK-only tunnel. Ticket #108.
Do not specify subnet in sainfo if we are dealing with a mobile PSK-only tunnel. Ticket #108
Only enforce peer ID and psk on p1 screen if we are NOT dealing with a pure-psk mobile tunnel (which is the behavior in 1.2.3). Hide irrelevant options. Part of ticket #108.
Reorder Auth. Method and PSK field to a more logical sequence. Part of ticket #108.
Write out IPsec PSKs for mobile clients. Part of ticket #108.
More tab fixes.
A couple small fixes to the tabs/titles on these pages.
Bring back IPsec PSK Tab/Edit. Part of ticket #108. Still needs backend code to use the resulting keys.
Previous commit also fixed traffic graph state changing, so re-enable that as well.
Fix widget settings in general. Initialize widget list before use. Fixes #285.
Enable even xmlwriter module.
Ticket #320. Use xmlreader and xmlwriter to read/write xml since it encodes decodes itself special chars.
Fix config backup download on IE8+HTTPS. Reported-By: Seth on the Dev list
Add client-to-client to OpenVPN server config if the option is checked. Resolves #572.
Allow using the default session timeout.
Correct file_notice usage.
Fix upgrade code for port forwards with "Interface address" set on external address. Ticket #561
Fix the empty array check, a empty load balancer tag has a value of 1, not 0.
Do not trip with configuration upgrades on a empty load balancer tag.
Fix the regular expression used in filter_generate_address for OPT subnet so that it only matches the case intended. Ticket #571
Merge remote branch 'mainline/master' into patches
Resolved conflicts: usr/local/www/system_advanced_firewall.php
Revert last commit .. This might not work on Nano
Use mount -a instead of -uw Ticket #444
Ticket #511. Do not penailize other packages if rules of one package are erroneous during package rule generation.
Ticket #568. Programatically decide if to show an advanced button or the value if non default.
Implement tcp flags and sloppy state on the GUI.
Merge remote branch 'mainline/master'
Introduce gettext() calls on usr/local/www/{pkg_,system_}*.php
The gui defaults to https in 2.0 correct it to make sure it is not stopped by CP on the CP interface[s].
Improve/correct the passthrumac rules when this option is enabled.
Slightly change wording of NAT reflection description.
Add configuration option in System: Advanced: Firewall/NAT for NAT reflection on 1:1 NAT.
Add backend code for NAT reflection on 1:1 NAT mappings.
Removed some redundant/obsolete code that is superceded by the new NAT reflection code.
Add the NAT that goes with the reflection redirects.
Added reflection redirect rule and rearranged some related code that goes with it.
Remove "pfSense nat bouncing" entries from the service ports list.
Remove note about reflection being skipped on large port ranges.
Removed unused NAT reflection timeout setting.
Remove the old reflection implementation and prepare for the new one.
Put all of these lines in the block under this condition and remove the irrelevant comment.
Fix displaying the Enable/Disable checkbox. Previously after a save button click it will show the old saved value.
Merge commit 'mainline/master'
Add a gitsync option for reverting to the commit used when building the image.
Ticket #491. Fix upgrade code. Since dyndns is considered and array item it failed with previous code. Use index of 0 since 1.2.x does not have multiple entries.
When 'No RDR' is set, skip some code that does not apply.
This check is no longer needed here.
Return if not a supported protocol for reflection.
Ticket #535. Correct from where we get the port number.
'pass' is not valid with 'no rdr'
Skip code for generating inetd.conf entries when 'no rdr' is used.
Modify reflection code to avoid having duplicate rule generation code for when the protocol is different.
Reflection can have side effects unexpected to the user with rules using any for destination address, so change any to the interface subnet for reflection rules, which should be closer to the desired behavior in most cases but without the side effect.
Use the same destination address and port in reflection rules as is used in the port forward's main rule.
In reflection rules, fix the end of the port range in port range forwards.
add Logs tab
Move the reflection enabled check out of filter_generate_reflection, so this function can be used elsewhere regardless of the system setting for it (in preparation for reflection support on 1:1 NAT mappings).
Ticket #567. Create an entry on hosts file with the ip address of lan or the first inerface ip without a gateway if lan is not present.
Fix more inconsistent capitalization.
Fix punctuation.
Fix some inconsistent capitalization on labels
Ticket #565. Correct deleting passthru mac entries. revert back to always allow a passthru mac as with allowed ips. Remove the check during login for passthru mac entries they will never make it to the login page.
Ticket #566. Reimplement the allowed ips keeping previous funcitonality and improving by adding a both direction. The problem with previous commit is that it always assumes that allowed ip address would have a pipe configured and entires without one would just get dropped.