Filter log - ensure IPv6 works too
Fix #3469
Before downloading file to process urltable, there is a random waittime between 5 and 60 seconds. Because of this, the difference betweenfile mtime and current time can be less than $freq * 86400 and it'll beskipped. Add 90 seconds (60 of max random wait + 30 just to be sure) to...
Fix #3468, wording fix
Merge pull request #945 from phildd/master
Enhance interface gateway data entry descriptions
Merge pull request #939 from phil-davis/master
Dodgy-looking stuff in graph calculations
Merge pull request #659 from mss/extended-query-example-work
Improve LDAP DN examples
Merge pull request #943 from stilez/patch-1
AJAX-ify DNS lookups in standard firewall/filter
The msgbox is no longer needed since there will be a validation process per se
The standard firewall log has lookup ability but these open in a new tab/window, they don't show in the log, other places the same IP appears in the log aren't visibly resolved, - basically its begging for AJAX-ing....
Only add dhcpv6 client allow rules if ipv6allow is set
Take single and double quotes into consideration
Fix issue with CSR generation. Ticket #2820
Move 'allow dhcpv6 client' rules above block bogonsv6 ones, it should fix #3395
Fixes #3460. Ask for validation when real operation will be done and ask for the operation with POST to get protection from CRSF.
Remove code that is commented
I noticed that the graphs in this post - https://forum.pfsense.org/index.php/topic,72794.0.html - had numbers for in-block and out-block that had similar numbers to in-pass and out-pass. That seemed hard to believe. Found these calculations that look wrong.
Merge pull request #927 from nagyrobi/patch-1
Update priv.defs.inc - add new NTP pages
Update priv.defs.inc
Fixes #3461. Remove any special char that can lead to shell/XSS compromises from submitted input.
Revert "Replaced gethostbyname() with gethostbynamel() to get a list of all IPs associated with the dns name and add them to the allowed list"
This change is not needed, filterdns will handle it.
This reverts commit d460371416d4e2cfef976d5a7616f63f6faa203f.
Do not do any operations on system libraries. Nowdays pbis are used and those do not break things by definition
Merge pull request #891 from PiBa-NL/captive_disable
captive portal, don't generate rules for a disabled portal
Merge pull request #890 from N0YB/Gateway_Monitor
Gateway Monitor Advanced Settings
Merge pull request #904 from dv-user1/master
Replaced gethostbyname() with gethostbynamel() to get a list of all IPs ...
Revert "Pass the family to the get_real_interface function to retrieve the correct real interface. Might help Ticket #3357"
This reverts commit cb431dbf47c53b72119bd8feca0217e1c25d998b.
Really need the interface where v6 is running toa dd the gateway/route rather than the one used for the configuration. This Fixes #3357
Do not call rc.newwanip when pppoe gets a v6 ip.
Pass the family to the get_real_interface function to retrieve the correct real interface. Might help Ticket #3357
Put a timeout of 30 seconds to aid with Ticket #3412
Move this global declaration to the proper file rather than backend code
Help ticket #3449:
Improve data validation to avoid save a host/subnet or a IPv4 withinvalid mask. The reported error is on javascript and only happen onIE8,but this fix will prevent the same issue happening in the future ona different browser.
Use correct parameter (bootfile-url) to configure netboot on DHCPdv6, it fixes #3421
Fix typo on variable name and really add custom options for dhcpdv6
Normally when an ip is set the interface comes up on BSD stacks. Though push this commit which Fixes #3281
Whitespace fix
Use htmlspecialchars(), a better solution for #2952
Grab exec result just to be careful
Put a kludge for now which Fixes #3280. It should be improved later on to have proper handling and overloading of configuration functions
Consider setting of noconcurrent login for passthrough expiry of users. Fixes #3340
Some tweaking to handle when switching off dhcpv6.
Merge 10 -> 10.1 and 10.1 -> 10.2 function upgrade since the recent changes done on 2.1.1 for Ticket #3441
Use descr as the field name for voucher description so it gets CDATA protection. Fixes #3441
Use the 11th column for the radius context rather than overriding the interim interval field with it. Fixes #3447
Merge pull request #917 from phil-davis/master
Enhanced validation of general DNS servers and gateways
Improve processing of DNS server changes
What a pain this was. The user can blank out a DNS server from a position in the middle of the list. e.g. they had all 4 entries previously filled, and then they blank out DNS server #3. The way the DNS servers are stored in the config, they are just the defined ones in an "un-indexed" array. So actually entries 1, 2 and 4 on the screen become 1st, 2nd and 3rd in the config. The selected gateways for 1, 2 and 4 then have to end up in positions 1, 2 and 3 to match the stored DNS servers....
Add a knob to let the user select which console (video or serial) is preferred in cases where there are multiple consoles present. Also provide a way to force this preference.
Add a mechanism by which the serial port can be forced on always regardless of the config setting. (useful for nano+vga setups)
Fix #2952, escape necessary chars to avoid xss injection
Respect g['tmp_path']
Add https to update URLs and replace RELENG_8_3 by RELENG_10_0
Abort installation when pbi_add fails
Merge pull request #913 from Aeyoun/string-max-connections-per-host-per-second
Change string to "Maximum new connections per host / per second(s)"
Clarifying the setting's meaning.
As suggested by forum member "Senser" onhttps://forum.pfsense.org/index.php/topic,65472.msg356024.html#msg356024
Obsolete old ipsec tools files
Be specific on the authentication method to use since xauth-eap will be active as well
Correct script path
Remove references to racoon and correct some handling of ipsec configuration
Remove copy paste leftover
If specified add authentication script configuration to strongswan.conf
Remove not used anymore parameters
Teach script to read authentication servers from environment
Fix symlink calls adding full link name, it fixes issue reported at https://forum.pfsense.org/index.php/topic,72405.0.html
Properly set the configuration here based on https://forum.pfsense.org/index.php/topic,68531.0.html
Catch a validation issue reported on the mailing list thread: IPv6 address data validation from: Brian Candler. It prevents putting a subnet in the address field since it then breaks the whole filter generation process
Make improvement to the check
Merge pull request #912 from phil-davis/master
Check for tmp captiveportal dir before making it
In forum: https://forum.pfsense.org/index.php/topic,72483.0.htmlWarning: mkdir(): File exists in /etc/inc/system.inc on line 878Not sure if you would rather call safe_mkdir here?
Declare $config global so we can test the pkg_nochecksig option
Fixup pkg_nochecksig option
Merge pull request #911 from candlerb/candlerb/3416
Fix for #3416
Correct javascript error which prevents PPP/PPPoE per-link settings frombeing displayed (bandwidth, MTU, MRU, MRRU).
Merge pull request #906 from phil-davis/master
Return and filter appropriately when all or remote is selected on Traffic Graph
Make Local the default filter for Traffic Graph
to preserve the previous standard behavior that shows "Local" when Traffic Graph starts.
to preserve the old behavior, that it shows "Local" traffic when first started.
Return all when all or remote is selected on Traffic Graph
Replaced gethostbyname() with gethostbynamel() to get a list of all IPs associated with the dns name and add them to the allowed list
Add specific permission for easyrule.
Remove this sort. It's unnecessary and causes problems when editing and saving privileges, it can reorder users and cause edits to the wrong account.
s/http/https/ for doc.pfsense.org
Add support for signed PBI, help ticket #3365:
- Add an option to allow user to accept unsigned packages- The only missing part is public key, that needs to be added to/var/db/pbi/keys/pfSense.ssl
Merge pull request #902 from phil-davis/master
Standardise LAN net display
On the main firewall rules multi-rule display it shows "LAN net" "WAN net" etc. But on the edit screen it shows "LAN subnet" "WAN subnet" etc. Make the edit screen have the same text as the main screen - this has ben a source of enough little questions/queries on the forum.
Fix test, allows restoring last backup in the list. Fixes #3438
Remove PBI scripts since it'll be installed dynamically by tools
First swing at converting from racoon to StrongSWAN.It allows to use existing configurations on xml to generate StrongSWAN configurations.So its only IKEv1
escapeshellarg() is not required here
Teach php-fpm about our required environment path
Revert "Set PATH before call pbi related binaries"
This was pushed by mistake
This reverts commit 4c9bda43f5bcfd5ba9812c84199bbe4f1f158960.
Silent recently added symlink() calls
Fix some wrong escapeshellarg() calls
Simplify logic calling grep less times, as done on mail_reports.inc on 2c6efc9
Use unlink_if_exists or @unlink to avoid PHP errors when file doesn't exist
Merge pull request #900 from Klaws--/patch-1
Added previously missing DSCP VA (requires kernel patch patch submitted ...
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir