OPNSense/core 3dc5f71src/opnsense/scripts/filter/lib alias.py

Filter, alias. calculate uniqueid() using all of its contents +minor cleanup (this alias 
is always in _known_aliases). closes https://github.com/opnsense/core/issues/3432

OPNSense/core e784027src/opnsense/scripts/filter update_tables.py

filter, aliases. add alias cleanup. previously a delete of an alias would result in the 
old one still being there. closes https://github.com/opnsense/core/issues/3431

Since all aliases are written to /usr/local/etc/filter_tables.conf, it should be safe to 
drop all for which a file in aliastables exists but no entry is available in 
filter_tables.conf anymore.
For debug purposes we log the entries which we delete, although this probably wouldn't be 
absolutely necessary, it might help to debug potential issues.

OPNSense/core 97f1d7esrc/etc/inc/plugins.inc.d core.inc

backup, disable cron when not enabled. closes https://github.com/opnsense/core/issues/3430

(cherry picked from commit 2e896d47b3dd66b3ef0a019102d04b2f1635822c)

OPNSense/core 2e896d4src/etc/inc/plugins.inc.d core.inc

backup, disable cron when not enabled. closes https://github.com/opnsense/core/issues/3430

OPNSense/core c75f636. plist, src/etc/inc/plugins.inc.d ipsec.inc

IPsec, switch to PAM, closes https://github.com/opnsense/core/issues/3265

OPNSense/core b80b5fasrc/opnsense/mvc/app/library/OPNsense/Auth AuthenticationFactory.php IService.php, src/opnsense/mvc/app/library/OPNsense/Auth/Services IPsec.php System.php

system: sync PAM-based authentication rework

OPNSense/core cf6609fsrc/opnsense/mvc/app/library/OPNsense/Base UIModelGrid.php, src/opnsense/mvc/app/models/OPNsense/Firewall Alias.php

src: style and whitespace sweep

(cherry picked from commit a0f234f76169bd0e904c5eb45e5757d03684316c)

OPNSense/core 395342esrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api AliasController.php, src/opnsense/mvc/app/models/OPNsense/Firewall Alias.php

Alias, add export+import option, closes https://github.com/opnsense/core/issues/3171

(cherry picked from commit f2948e6af4707717859d131b9d2f19d5106cd944)

OPNSense/core bbbf919src/opnsense/mvc/app/controllers/OPNsense/Base ApiMutableModelControllerBase.php, src/opnsense/mvc/app/library/OPNsense/Base UIModelGrid.php

MVC, add filter closure to searchBase(), for https://github.com/opnsense/plugins/pull/1274

(cherry picked from commit 8ae69d5f06ae1db9936dbceae8b32f8ea4733da4)
(cherry picked from commit 39a95d3c39f77cdf5ff93a59229dcb62e130248b)

OPNSense/core ed9ade8src/opnsense/scripts/OPNsense/CaptivePortal/lib db.py

Captive portal, in case someone execs listClients before service start, make sure the 
directory exists. for https://github.com/opnsense/core/issues/3425

(cherry picked from commit a193e1e39711477da6bd52c20f9c96116841a4e7)

OPNSense/core f89552bsrc/opnsense/scripts/OPNsense/CaptivePortal/htdocs_default/css bootstrap.min.css, src/opnsense/scripts/OPNsense/CaptivePortal/htdocs_default/js bootstrap.min.js

captive portal: update to bootstrap 3.4.1

OPNSense/core db4833e. plist, src/etc/inc interfaces.inc

interfaces: ppp-related changes from master

(cherry picked from commit cfc95122f2d248e61d03d8f1dbae3cbd40260196)
(cherry picked from commit 75c3100ba7fca08e874dfea7b40831781bdf7f74)
(cherry picked from commit be9a1c94ab0a96d7c3a1f94eedaa4c88c5275639)

OPNSense/core 66335ffsrc/etc/inc filter.inc, src/www system_general.php

system: remove feature that was never implemented

OPNSense/core de0c990src/www vpn_ipsec_mobile.php

ipsec: restyle mobile settings a little

(cherry picked from commit 9cb95f7c86b925b3095b12f598f2769e25cbd269)

OPNSense/core a0c9e20src/etc rc.filter_synchronize, src/etc/inc/xmlrpc legacy.inc

system: support for syncing alias+vhid to the slave

OPNSense/core 8befa52src/etc/inc filter.inc, src/www guiconfig.inc system_usermanager.php

HAsync, prevent sloppy apply behaviour in various places due to configuring the backup 
device and point the user to our status page.

(cherry picked from commit b214b89e2078e26cee8e778a43b1946ee5ac9943)
(cherry picked from commit 883063c49c499697dba0f8b12a7855da9690d0c5)

OPNSense/core f1955a5. Makefile, src/opnsense/scripts/systemhealth activity.py fetchData.py

system: move health scripts to Python 3.6

OPNSense/core f5cbcb2src/etc/inc/plugins.inc.d ipsec.inc

ipsec: only apply mobile PFS to mobile phase 2; closes #3323

(cherry picked from commit cf721cf4b115c0b9247e9c5139dbdc32b226d05e)

OPNSense/core 25442f6. plist, src/etc/inc/plugins.inc.d ipsec.inc

implemented wildcard includes for ipsec/strongswan

(cherry picked from commit acdf14e63667034cda82dc75fcdcccd4b4367f6d)
(cherry picked from commit a4d157db0bc622c68af6da717c311499d8362691)
(cherry picked from commit dfd48d29349688d25b102b928ccbd509aa516f9a)
(cherry picked from commit 2056e907ffd47cf2646899f37448c8e54f19cc05)

OPNSense/core 1568140src/www status_dhcp_leases.php status_dhcpv6_leases.php

dhcpd/leases, double html escaping. closes https://github.com/opnsense/core/issues/3427

(cherry picked from commit 248156f8ee783b86f7ce5c6d7fdc914361b4af57)

OPNSense/core e182339src/etc/inc system.inc

system: cleanly rewrite CA root files, add our own; closes #1460

(cherry picked from commit 59b913f9e5e5c7c722f5364e91feaac358e63ebf)
(cherry picked from commit 3d46287880bc0ed3960402f50ef809438c79a2ec)
(cherry picked from commit 241716e8a7a9f5bba53c870442505167bdced076)

OPNSense/core 2dc1d24src/etc/inc system.inc

system: remove unused option

(cherry picked from commit 81b43740f2f4f6a028042dd06c955ebdee8dd3a0)

OPNSense/core 248156fsrc/www status_dhcp_leases.php status_dhcpv6_leases.php

dhcpd/leases, double html escaping. closes https://github.com/opnsense/core/issues/3427

OPNSense/core 81b4374src/etc/inc system.inc

system: remove unused option

OPNSense/core 4dd8df5src/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

Routing, gateways for https://github.com/opnsense/core/issues/2279 align automatic 
gateways to legacy behaviour. Since gif/gre interfaces already write _router files, we 
should only add openvpn client gateways to mimic the way it wasbefore. Also skip disabled 
interfaces.

OPNSense/core f6c0e84src/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

system: retain old GW naming convention #2279

OPNSense/core a193e1esrc/opnsense/scripts/OPNsense/CaptivePortal/lib db.py

Captive portal, in case someone execs listClients before service start, make sure the 
directory exists. for https://github.com/opnsense/core/issues/3425

OPNSense/core 9f54891src/etc/inc services.inc, src/etc/inc/plugins.inc.d dpinger.inc core.inc

dpinger: reshuffle some related code

OPNSense/core 494ba0b. plist, src/etc/inc gwlb.inc interfaces.inc

system: move gwlb.inc to dpinger.inc

OPNSense/core fc4a05dsrc/opnsense/mvc/app/library/OPNsense/Auth AuthenticationFactory.php

Auth, extend AuthenticationFactory to support getLastAuthProperties() from last 
authenticate() call. part of https://github.com/opnsense/core/issues/3266

OPNSense/core b50fdd7src/www system_gateway_groups_edit.php

Routing, gateways. missed a spot in https://github.com/opnsense/core/issues/2279, remove 
column header for VIP

OPNSense/core 172f5dfsrc/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

Routing, gateways. Technically we could add tunnel gateways automatically, but since you 
can easily add them manually, we better start without these and only add the ones found in 
the /tmp/XX_router[XX] files. for https://github.com/opnsense/core/issues/2279

OPNSense/core b5adb0csrc/etc/inc gwlb.inc, src/opnsense/scripts/OPNsense/Monit gateway_alert

Routing, gateways. move get_gateway_error() from gwlb.inc to gateway_alert script, since 
only used there now. for https://github.com/opnsense/core/issues/2279

OPNSense/core 5d37a23src/etc/inc gwlb.inc

Routing, gateways. replace contents of return_gateway_groups_array() for 
https://github.com/opnsense/core/issues/2279 complete removacl should be part of 
https://github.com/opnsense/core/issues/3423
DeltaFile
+2-72src/etc/inc/gwlb.inc
+2-721 files

OPNSense/core 0ea621csrc/etc/inc filter.lib.inc, src/www firewall_rules_edit.php

Routing, gateway groups, use new class methods in filter and filter edit page, for 
https://github.com/opnsense/core/issues/2279

OPNSense/core 41b318esrc/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

Routing, gateways. add group functions to new gateway class, for 
https://github.com/opnsense/core/issues/2279

OPNSense/core ea2f217src/opnsense/service/modules template.py

configd, idna encode, orginating from https://github.com/opnsense/core/pull/3107 and other 
commits from the same contributor.
Fix for https://github.com/opnsense/core/pull/3107, although I'm doubting if we should 
keep supporting idna, since fixing these issues often cost us quite some time and demand 
for the feature doesn't appear to be very high.

OPNSense/core c59e126src/www firewall_rules.php

Fitler, firewall_rules.php, descr already escaped. closes 
https://github.com/opnsense/core/issues/3418

(cherry picked from commit 0edd56242939d2cc7900b89abd3554a1831eff68)

OPNSense/core f889970src/www services_dhcp_edit.php

dhcp: added TFTP bootfile-name (fix for #3074, introduced with 8e361f3051aa) (#3420)


(cherry picked from commit e9cb9c08620fd67872533a409bc175d12e74b924)

OPNSense/core 4fc9696src/etc config.xml.sample

sysct, remove duplicates. closes https://github.com/opnsense/core/issues/3410

(cherry picked from commit 6101ba8940f02888fd096f4e8e458624ec5f0ff2)

OPNSense/core 118acc3src/etc/inc gwlb.inc, src/www system_gateway_groups_edit.php

routing, gateways. In gateway groups you could originally select a vip, which isn't used 
in our system. orgininally this came from 
https://github.com/pfsense/pfsense/commit/ab1112da4c1c8dc9c22486d0d69dca9cd1216cd2
Let's remove it while working on https://github.com/opnsense/core/issues/2279

OPNSense/core 1feaa21src/etc/inc gwlb.inc

Routing, gateways - groups. regression in https://github.com/opnsense/core/issues/2279 , 
since "interface" contains the configured value now, we should use "if".

OPNSense/core a2aba45src/www system_gateway_groups_edit.php

Routing, gateway_groups, don't hide gateways on edit, which keeps presentation on new/edit 
equal. Previously you could have a group, containing an item that didn't exist anymore 
(interface removed), in which case you needed to remove the group to be able to edit it. 
related to https://github.com/opnsense/core/issues/2279

OPNSense/core e9cb9c0src/www services_dhcp_edit.php

dhcp: added TFTP bootfile-name (fix for #3074, introduced with 8e361f3051aa) (#3420)

OPNSense/core 497f523src/etc/inc gwlb.inc

Routing, gateways. When gathering gateway status from dpinger, don't consider dpinger 
endpoints down if not yet available. This could lead to some unexpected gateway switches. 
for https://github.com/opnsense/core/issues/2279

We might consider another status for "startup", although since we report loss and delay as 
"~" it should already be obvious that we don't know the status yet.
DeltaFile
+38-32src/etc/inc/gwlb.inc
+38-321 files

OPNSense/core 1a55473src/www firewall_rules_edit.php firewall_rules.php

Filter, add ipv6-icmp type selection, closes https://github.com/opnsense/core/issues/3412

OPNSense/core 6f6486dsrc/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

Routing, gateways. don't consider lo0 as a default gateway candidate. Since it doesn't 
make much sense to send all traffic to localhost, we better exclude it to keep the 
previous behaviour. for https://github.com/opnsense/core/issues/2279

OPNSense/core b4d8a49src/etc/inc filter.inc

Routing, gateways. log gateways that are not being considered, 
https://github.com/opnsense/core/issues/2279

OPNSense/core dd8d344src/opnsense/mvc/app/library/OPNsense/Routing Gateways.php

Routing, gateways. The `/tmp/*_defaultgw` construction has a race condition the way it is 
implemented now. for https://github.com/opnsense/core/issues/2279

It is used by dhcp client to detect if a default route might be overwritten and it 
determines default gateway priority. Since I don't want to refactor the dhclient-script at 
the moment, we best keep the file, but remove the "default" detection.
So system_default_route() sets the file, which dhclient can pickup when a new gateway is 
propagated.

OPNSense/core 6101ba8src/etc config.xml.sample

sysct, remove duplicates. closes https://github.com/opnsense/core/issues/3410