| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| | |
(cherry picked from commit a075265e0a076419813622e0d69556915b6f40f2)
|
| | |
| |
| |
| |
| |
| |
| | |
* Move the help message to be on the group as a whole not just the IP input field
* Clarify the IP field (label states "IP address and explains tunelling, but whgat address should be entered and should it be IPv4, IPv6 or either? This isn't made clear.
* Group title uses the term "tunneling" and this is probably the most commonly understandable term, so keep it consistent and don;'t switch to "encapsulation" halfway through. (We use the term "encapsulation" in the help text already so it's there for purists)
(cherry picked from commit 5e391e58439fa189518370fa8d16ffd2e8a1002d)
|
| | |
| |
| |
| |
| | |
It came into use in https://github.com/pfsense/pfsense/commit/45eebe10a93fa1e2399c6cdf133ad88dc21ee6e7 but genhtmltitle() has changed since then and no longer uses $heading
(cherry picked from commit f93e9098abc0d490a4f9fca2eef69396eb5bb099)
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
(cherry picked from commit 88de4ab06c8a330a3cedf474b3e218a941f6db66)
|
| | |
| |
| |
| |
| |
| |
| | |
These work opposite to the way mere mortals expect.
Read: https://github.com/eggert/tz/blob/master/etcetera
Based on @phil-davis' patch from https://github.com/pfsense/pfsense/pull/3354
|
| | |
| |
| |
| |
| | |
We could also add some text like this to encourage users to choose the "Continent/City" time zones.
(cherry picked from commit 0436b9a5197ac8c4646a006c0e351ecf66059193)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If an alternate monitor IP has been entered and saved, then the user
checks "Disable Gateway Monitoring" and saves, the alternate monitor IP
is retained in the config - that is handy for when unchecking "Disable
Gateway Monitoring" later on.
But the Gateways widget and Status Gateways do not correctly understand
this combination. The gateway status shows as "Online" when it is
intended to show "Online (unmonitored)".
This PR corrects this.
(cherry picked from commit 0c5d4e8d3e4dc81a9c7eb883a40296493e9faa2b)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
*Current behaviour*
At the moment, get_pkg_info() is used to get all information on packages. The parameter _$local_only_ is set to request info directly from the local copy of the repo catalog (using -U) without requesting the remote repo catalog or updating the local copy from the remote repo catalog. If the calling code wants only installed pkgs, it filters the returned list of pkgs looking for _$pkg['installed'] == true_.
There's a couple of problems with this method as it stands, due to the behaviour of pkg search -U.
1. When the remote catalog is requested and the request failed, the local copy is also deleted. If this happens, then pkg search returns an error even with -U, so even if all we wanted was to know from get_pkg_info() was the names of locally installed packages, it can't be used for this (even though this info doesn't need access to a remote repo catalog)
2. This behaviour, and the use of get_pkg_info() as the main method to get a list of installed pfSense packages and their data, means that any time we don't have a network connection or for any reason get_pkg_info() fails to access the repo catalog remotely, we become blocked from *any* inquiry, lookup, listing, or action on *all* optional packages, even if our desired action wouldn't need remote access to complete. We remain unable to do these things until remote repo access is obtained again and a catalog copy can be re-acquired.
3. This also means that nothing to do with getting installed package information or removal can occur offline either.
*Change made*
It's likely that when code explicitly requests $local_only, it isn't expecting or requiring the local copy to be up to date. So I've modified the code as follows:
1. New optional parameter $installed_only to explicitly request installed pkg info only (faster if we know that no remote request will be needed)
2. If $local_only is set and pkg search failed, retry falling back to pkg info to at least provide info on matching installed packages. This is probably more helpful than returning an error, as the assumption with $local_only is not "latest data in repo" so no harm done, and it allows pkg code to at least operate on local pkgs at all times, if not other pkgs in the repo.
(cherry picked from commit e47af756de79d4e8b0356cf22f72f62f09e9ad7d)
|
| | | |
|
| | |
| |
| |
| | |
is created accordingly
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- trim sat in use
- gps ok for GPGLL
- lat & lon direction for GPGGA & GPGLL
- sat in use text position fixed
(cherry picked from commit fdb0479758339e083f7745d738c9999d86af150f)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
or rebooting
Make captiveportal_radius_stop_all() log the disconnections in the system log and fix it so that it works with the zone id parameter and sends complete RADIUS accounting packets.
Since several zones can share the same RADIUS server, send an Accounting-Off packet only when rebooting, not when disabling a zone.
(cherry picked from commit 3ece6d5404e0d4a53243d12e6b58793fad66dd5a)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
rc.prunecaptiveportal and captiveportal_disconnect_all()
Convert rc.prunecaptiveportal to lock()/unlock()/try_lock() and use the lock to ensure that there aren't race conditions between it and captiveportal_disconnect_all().
(cherry picked from commit d793617ee9b4c3f66575737df3e8f6cf04e7c782)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
captiveportal_disconnect_all() and captiveportal_prune_old()
Captiveportal_disconnect_all() loops through the active users and disconnects them immediately but doesn't remove them from the user database, only adding them to a list that is processed after the end of the loop.
Since the loop can take several seconds if there are many users connected, captiveportal_prune_old() can be called after some users have been disconnected but before they're removed from the database.
When this happens and the user has an idle timeout set, captiveportal_prune_old() tries to find the last activity time and gets an invalid value because the user has already been removed from the fw table, so it uses the login time as last activity time.
Finally, if the login time is more than one idle timeout in the past, it tries to disconnect again the user and sends a RADIUS Accounting-Stop packet with termination-cause Idle-Timeout and zero Acct-Input-Octets/Acct-Output-Octets that overwrites the correct packet sent by captiveportal_disconnect_all().
To work around it, remove the users from the database before disconnecting them (this fixes only the case where captiveportal_disconnect_all() runs before captiveportal_prune_old()).
(cherry picked from commit 025ec94a3285c129d2e14b00b629e811b83a9330)
|
| | |
| |
| |
| |
| |
| | |
When there is a problem, the messages should be in a "danger" box.
Note: It is a bit difficult to actual get the danger messages to appear in the UI, because the relevant "delete" buttons are not shown in the UI when delete is not valid. But it can be tested by starting to edit a CRL that is in use, then change the "edit=" to "del=" in the URL bar and send it.
(cherry picked from commit 61d1ca3e0ffb0fb6a397edb8ca5d88f039787140)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
These are files that make no use of $savemsg.
May as well remove the print_info_box($savemsg) to avoid future
confusion for maintainers wondering why it is there.
(cherry picked from commit 24a4f2ef15a09740a1c13850f85dc345f08cd653)
|
| | |
| |
| |
| | |
(cherry picked from commit 15dcf1320c08eb9339eda3e6fdf04599c51694b7)
|
| | |
| |
| |
| | |
(cherry picked from commit 6c1e85e544814d336b47fbc782a6aff77ea7301f)
|
| | |
| |
| |
| | |
(cherry picked from commit 3d116b5c8d5c6474821d3a6607f9fa929df2f481)
|
| | |
| |
| |
| |
| | |
Make this consistent with System - General Setup - DNS Server Settings.
(cherry picked from commit 58523c575f9d075f0a8195e0889606955c76b227)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
- Add missing DNS Resolver references
- Nuke PPTP VPN mentions
- Use letter case consistently.
The "Disable DNS Forwarder" option naming is rather unfortunate as well (would be much better with something like "Use local DNS server"), but changing that would require documentation changes.
(cherry picked from commit a56e37ca671873418e82382a8466b8014bf4bc83)
|
| | |
| |
| |
| |
| |
| | |
Seems to fix https://redmine.pfsense.org/issues/7057
But I have not looked underneath the hood - just copied the way other hidden fields are done in that code.
(cherry picked from commit 76895c7f1d77c8e17913a3ddf87636fc4d50058d)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Included a checkbox to enable and disable this feature when CloudeFlare
type is selected.
Included proxied variable in the update script as well.
Defaults to false, as the is the current functionality
Added help text
Updated Last tested date
Hope this helps other people. I use both dynDNS and the Proxy service.
And by default without this feature, the proxy gets disabled. This
is a huge problem, as I have all traffic blocked except for CloudFlare.
And because I have certain other security features enabled, when the Proxy
goes disabled, The Site goes down hard to end users.
With this feature, I can ensure the proxy stays enabled.
(cherry picked from commit e10d25b4c3109347a43a729f8c098138272fe1e7)
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
| |
I was only able to reproduce tis issue using Chrome, but it should now be resolved
|
| | |
|
| |
|
|
| |
human interaction
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
icmptype is a comma-separated list in the config. When attempting to save, the array in $_POST['icmptype'] needs to be put into this format in $pconfig in case there are input errors and the user-entered data need to be re-displayed for correction.
(cherry picked from commit 23057964d81019e8ed3adc944c77ca8a1a9c178f)
|
| |
|
|
|
| |
The 'helpmsg' here is already translated with gettext() when the 'helpmsg' array entries are set up, so IMHO there is no need to attempt translation again.
(cherry picked from commit cffe1271c962ac9159c43fd214c735ceb4b5e1b8)
|
| |
|
|
| |
(cherry picked from commit da391430080cb0e1b2054c6f676c9c678164f957)
|
| |
|
|
|
|
|
|
| |
While looking at some privilege stuff, I noticed that various
capitlization looked inconsistent down the list. This makes the list
look more consistent.
(cherry picked from commit 48157a04dde7b3a56776417cdc7b5e457a660733)
|
| |
|
|
| |
#7053
|
| |
|
|
| |
(cherry picked from commit b1cff5815344220340a218938cd7f3df64687203)
|
| |
|
|
|
|
|
| |
@jim-p wanted this split out from PR 3159 as it wasn't related to that PR.
Puts "any" at the logical place people look for it (top of list not 2/3 down it at random) while ensuring that for new rules default is tcp and extra ports etc fields are visible.
(cherry picked from commit e9b3d2c3bfc3e91ac59901ca28d0620f7bb7b50f)
|
| |
|
|
|
| |
Safari doesn't seem to have editing issues (or else they very quickly fixed it). Removed all white spaces and re-entered, hopefully this fixes any incorrect extraneous characters that existed? If not you'll have to let me know where exactly they are.
(cherry picked from commit d4b2ebaeb2fa2dcc635d061891aa858f8c16d407)
|
| |
|
|
| |
(cherry picked from commit 43a0cf73f2c2f951b9a1c5e777551de1b82c25f2)
|
| |
|
|
|
| |
Will pu in separate PR afterwards as requested
(cherry picked from commit 86554b5aecb1d219e2f72c97b14de8b5fef495aa)
|
| |
|
|
|
| |
Code doesn't seem to check that IP protocol is valid (IPv4/6/4+6) or report via $input_errors[] if not. Simple fix. Only spotted recently. Should be fixed whatever else?
(cherry picked from commit 202e23a81613c5810679e9b119ad4cc53977dbea)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
@jim-p commented on the PR that:
> This change is unwarranted. The protocol default should remain TCP, it is set that way on purpose (otherwise people get confused by the lack of port options being visible). It's also not relevant to the other changes being made on this PR.
An alternate fix for jim-p's point. this only affects creating new rules and I take the point. I found this a much better fix (AFAICS). It seems to resolve all issues neatly.
Proposed fix: leave "any" at the top of the list as that's the logical place people almost always look for it if they want it, _but set the default proto to tcp for new rules_ so that ports and other expected items are displayed by default too. After all, the default protocol is only relevant for showing tcp and ports fields, when a new blank rule is created (obvious: if the rule exists it would display the protocol in the existing rule).
@jim-p can you try this as a fix, and see if it would be acceptable for resolving your point?
(cherry picked from commit 8afd8c0409a9ed246a244e7a1dbdcb2ad627434b)
|
| |
|
|
|
| |
Minor CSS and formatting improvement to layout for icmp types in rules table. With this change, if several icmp types are specified in the rule, if they won't fit into 2 lines the GUI automatically switches to a scrollable overflow instead, to preserve the table layout. Also underlining is per icmptype so commas etc aren't underlined which is much easier to read
(cherry picked from commit 675c9e59db5e41bc6cf922a07fa262bfc5656f1c)
|
| |
|
|
|
|
|
| |
https://github.com/pfsense/pfsense/pull/3139#pullrequestreview-156718
I ended up having to remove the select element and re-create it (along with the options) in order to get around what appears to be a bug in Safari.
(cherry picked from commit 9d4da801ebd426db89b515a9d12d3eb389898b62)
|
