pfSense

Fix updating renamed aliases with multiple entries

Previous behavior only checked single-entry aliases. This change allows
calling update_alias_names_upon_change() with a spearator to loop
through the alias and update all entries.

Sync config revision

Fix double rc.newwanipv6 execution on if_pppoe

When using if_pppoe and DHCPv6 over the PPP link, both the devd handler script
and dhcp6c execute /etc/rc.newwanipv6 as a result of an address assignment,
which is not fatal but does cause some extra delay as the filter is reloaded and...

Double-escape HTML characters for use in HTML attribute. Fix #15415

pppoe-handler: Mute spurious invalid address warnings

Move the address checking out of the main body of the script into switch cases
that actually use the address

(cherry picked from commit 51ce224e061a26728bb42d11d238a11bbd989850)

Fix serialization/deserialization of ppp hostuniq and provider attributes

When these two properties were added, the form handling set their config values
to boolean true if empty, leading to empty tags in the config.xml which would be
serialized to the config.cache as empty strings. As a result, later fetches of a...

if_pppoe: Resolve endless loop on dhcp6c

When using if_pppoe, the use of ppp-ipv6 to up the pppoe interface on ADDR_ADD
causes a loop of calling interface_dhcp6_configure(), which
restarts dhcp6c, which acquires a lease and assigns an address, which emits an...

Check input validation before prompting to apply settings. Fix #16162

Correct the DNS info change detection. Fix #16170

The variable $dns_changed was introduced along with the RENEW reason and
is intended to only take affect with RENEW. This is done to keep the
original behavior for reasons other than RENEW.

Add collectd to the list of packages to build

Fix IPsec settings filter policy link

Fix config check for if_pppoe

'system/use_mpd5_for_pppoe' is not a valid config path.

Remove the pppoe reset cron job when the interface is disabled or with if_pppoe

Hide unsupported options with if_pppoe. Fix #16155

Check for Kea custom configuration before retrying without it

Errors without custom configuration can also trigger the notice. In such
case, retrying is redundant and the notice text is misleading.

ddns: use the correct AF for the service type. Fix #16156

Use IPv6 system preference for all configured interface types in get_request_source_address()

Correct DHCP6 client log

This function is called regardleass of the "without RA" option. Followup
to dd3d48af87c892a070210f0064e589157868e7c2.

Supress info logs for rc.newwanipv6 RENEW

Only log when there's something to do during RENEW. This avoids spamming
the system log now that rc.newwanipv6 is called on RENEW. While here, also
check that a reason was given before logging it (ppp scripts omit it).

Allow deleting login message. Fix #16145

Ensure $rrdtool is set when restoring rrddata. Fixes #16141

Traffic shaper: fix traffic shaper and wizard

Fix exclude path when archiving RAM disk logs

"--exclude" uses a relative path.

Improve process_url()

• Fetch plain files only if they've been updated remotely
• Add check for empty file
• Don't falsely log "Could not extract" message

Fix syslog config for if_pppoe. Fixes #16127

- if_pppoe section set a filter but did not reset it after, which
prevented subsequent directives from having other content.
- if_pppoe section did not have a blank line after, which broke
itself and the next directive if any directives came after.

Limit port forward overlap checks to the same IP address family. Fix #16130

Check for expected file extension before extracting the file. Fix #16129

This regressed with 5a7a1a84dd8703f866257e70818bfce0ac6db9d3.

Update Status > Captive Portal with correct config path. Fix #16126

While there, show the zone description as well.

dyndns: add some error handling

Omit matched rule from associated rules in firewall logs

Followup to 738d2703ec4f483ea2d5038d4d6faa2f26a921b2.

Stop building Zabbix 5.x ports as they will be EoL in May

https://www.zabbix.com/life_cycle_and_release_policy

Bump to 2.9.0-DEVELOPMENT

Validation and output encoding of WOL interface. Fixes #16116

Validation and output encoding of IPsec P1 interface. Fixes #16115

Improve validation of Firewall Schedules. Fixes #16114

Improve firewall log action information display

Split the rules found into "Matched Rule" and "Associated Rules". The
matched rule shows the closest match of the rule which triggered the log.
The associated rules show all rules with the same tracking ID.

Handle PHP error with PPP interfaces

Explicitly check for numeric ID

$realid may be either an empty string or null.

Followup to 8286c27ca678dbada2d205f606e76fab48885f60.

dyndns: update Gandi LiveDNS. Fix #15258

Co-authored-by Jasper Surmont <jasper@surmont.dev>

Keep IPv4 addresses on IPv6 ppp-linkdown events. Fix #16103

Co-authored-by David King <8408971+strix-technica@users.noreply.github.com>

if_pppoe: add note about required reboot when changing option

Bring in Kea enhancements from Plus

Fix firewall log pass rule icon

Followup to f0e409252eab5fba29ed1b205ac33691453fb739.

make.conf: set default pkg-create compression to tgz

Fix parsing match rules when showing firewall logs.

- Cache pfctl output while there to improve performance.
- Remove unused variable.

Followup to 27db374dbca226f0429b1453802ff70764b3102d.

Only check gateway values when a gateway is set. Fix #16105

Handle null gateways when showing static routes. Fix #16104

Merge pull request #4663 from aaron-sierra/dyndns-luadns

When the PPPoE client backend is changed, show the reboot message.

(cherry picked from commit 615713329278baf93d4712321d3e4a497061a315)

Fix the last commit.

Pointy hat to: loos

(cherry picked from commit 55b33420d65aa7d47d4469a96f315fb271021967)

Fix the ppp uptime with if_pppoe.

Based on a patch from Stevew.

(cherry picked from commit 240965405915259e2d724c8add11fd76dd34db18)

Add the description (interface name) to the if_pppoe interfaces.

(cherry picked from commit 2cd86e498122da4b43feb041f442967efebdcdba)

Change the mpd5/if_pppoe knob back to a global setting.

They cannot cooexist, so makes no sense have it as a per connection setting.

Enforce a few protections and warnings when the user switch from mpd5 with a
MLPP setup to if_pppoe, which do not support MLPPP....

Do not allow the selection of more than one NIC with if_pppoe.

Effectively disable the MLPPP support with if_pppoe.

(cherry picked from commit 00c6e25f2ce6d793680dbe01053ec84c7cba500b)

Handle the differences in the 'Advanced Options' section for if_pppoe.

(cherry picked from commit ee4539ba7331fab0225df1ed03346adc944eb49c)

Change the knob to select mpd5/kernel PPPoE to a per-connection setting.

Replaces the original global setting.

Ticket: #18294
(cherry picked from commit e52a8eda6fa90e613f940553cfe438baafc7e7ea)

Revert "pppoe: Add knob to move it back to mpd5"

This reverts commit 0bf19af7d0b9222ea24899103c64819b0d08160a.

This knob will be per connection and not a global setting.

(cherry picked from commit be004fb3007dbde03492a784be322de71e7ecfda)

pppoe: Apply scrub mss when using if_pppoe

mpd5 has an option called tcpmssfix, on by default, that adjusts MSS
according with the interface MTU. When using if_pppoe, we need to
adjust MSS using pf scrub otherwise connection will be very unstable

(cherry picked from commit d35d0b204dd16122414b61526e424f1e466c4637)

pppoe: Configure syslog

Configure syslog to save all messages starting with prefix "if_pppoe: "
to /var/log/ppp.log

(cherry picked from commit 020a7dfcbb1e87b624b9c76d27c227ca3abf214f)

pppoe: Configure PPPoE interface using if_pppoe

Introduce the new kernel module if_pppoe and start using it by default
to configure PPPoE client interfaces.

(cherry picked from commit 09537b486e731f3061f7e13d33214e6560b3f2f4)

pppoe: Add new pppoe-handler script

Add a new script, pppoe-handler, that will be called by devd when proper
events happen on pppoe interfaces.

(cherry picked from commit 79f87326c412ae6291c82b6aa13e5a0fcd3a94af)

pppoe: Destroy PPPoE interface when using if_pppoe

Change interface_bring_down() to destroy pppoe interface instead of
dealing with mpd stuff if system is using if_pppoe.

(cherry picked from commit d6d167222c010516e1a7644622f5d5cc0e04c95f)

pppoe: Add knob to move it back to mpd5

A new PPPoE implementation, using if_pppoe kernel module, is going to be
introduced soon and will be used by default. Add a knob under System ->
Advanced -> Networking to let users to move it back to previous
implementation using mpd5....

dyndns: Add LuaDNS provider. Implement #15089

Support the LuaDNS v1 API (https://www.luadns.com/api.html) for Dynamic
DNS updates. This complements the ACME support for the provider.

Default TTL to 3600 seconds (1 hour), as in the LuaDNS web interface.
...

ACB: uncheck the device key warning by default

miniupnpd: Generate miniupnpd config using more explicit bools

The miniupnp config section has boolean flags that are either true with the value
'on', and are inferred to be false by omission or an empty value. To be more
explicit when generating the miniupnpd config, compare these values to 'on'...

Fix rule label for default IPsec rules. Fix #16095

Fix new log preference checkboxes

Fix regression from 7dc6055725cd400c04ead94560cda876de3f253d

Move IPv4 link-locak firewall logs into a separate log preference. Implement #16092

Fix a type while here as well.

Activate snort2c log preference

Followup to b67a4eae7b9b815480789b08aa0c847f5689dede.

Move snort2c firewall logs into a separate log preference. Implement #16092

Include reason for firewall log actions. Implement #15415, Fix #16093

Show the rule for packets dropped due to IP options

When clicking the Action icon for a firewall rule log, the rule is not
shown when it's a "pass" rule that dropped the packet due to IP options.

Refactor firewall logging preferences

Move the firewall logging preferences to a single string[] variable and
make it a global. No functional changes.

Revise log preferences descriptions

Move log preferences to a separate form section

Add mDNS Bridge packages

Strip manufacturer from MAC field passed to WoL from ARP table. Fixes #15162

Remove references to old CSS classes

Refactor filter_rules_compare()

Improve readability and avoid code duplication.

Add GUI support for NAT64 rules with route-to

https://redmine.pfsense.org/issues/2358

Insert rules at the correct index when adding it at the top. Fix #16076

Fix the mount(8) return value checking.

With the fix the system will not try to remount a successful mounted slice
with another file system type.

Restore the original intention of the code while avoid potential problems.

Spotted by: SteveW - in a test with the kernel debug options enabled.

Fix typo in upgrade_238_to_239()

Add a sequence number to each rule during rule sort. Fix #16076

The 'for' loop first checks if the rule at that iteration exists and
breaks if not. When the rules array contains a gap, the 'for' loop breaks
early and potentially misses additional rules that need to be sorted. Fix...

Sync admin group changes. Fix #15898

The admin group needs to be removed and readded for its settings to sync.

This reverts commit 3e0facb20fa46a13bf7b70d6ddb1970b00485eb2.

Add combined IPv4/6 system aliases

https://redmine.pfsense.org/issues/15776

Bump the default go version to 1.23

Fall back to routing via the interface for dynamic gateway monitoring IPs

It's possible that when setup_gateways_monitor() is called, the gateway
address is not yet available. To avoid routing the monitoring address via
another gateway, fall back to routing via the gateway's interface instead.

Don't set invalid config value for ntpd interfaces. Fix #16063

This regressed after the config access refactor. To keep the same behavior
from before the refactor, simply set the correct values.

Fix clobbered cron configuration on upgrade

Fix typo in Firewall State Policy description

Clarify failover state-killing behavior for gateway groups

Properly quote these variables and use the built-in echo

Remove SED as it is now unused

Simplify clearing the arp table by using functionality built into arp(1)

Properly quote these variables and avoid using test -o

Avoid using test -o and use || instead

Properly quote these variables and clean up some spacing