Upgrade: remove quick from old match rules
Filter match rules previously continued evaluation regardless of "quick"
being set. Remove "quick" from existing rules on upgrade to retain the
expected behavior of continuing evaluation for match rules.
Don't implicitly build frr10
The package pfSense-pkg-frr now depends on these and hence frr10
no longer needs to be listed here.
This reverts commits:
c093e70310a622156efd18e7dfaf2e0e40b534e8
Omit reserved NAT64 addresses from DNS64 answers. Implement #16534
We create default filter rules to prevent the NAT64 translation for
reserved IPv4 addresses. For example, a request to 64:ff9b::a00:1 will
not be translated to 10.0.0.1. These rules are required for RFC
compliance. Though the translation itself is prevented, DNS64 replies
with the translated reserved address. This results in unnecessary traffic
and potential timeouts for the client. To resolve this, we can use the
respip unbound module to omit these reserved addresses from the answer
to client AAAA queries.
Don't write to the backup file when restoring a config. Fix #16153
The function restore_backup() no longer needs to write to a separate file
before replacing the config file. The atomic write is already handled by
safe_write_file(). This change also avoids potential failures with using
fsync() for a directory on external drive that doesn't support it.
Remove reserved pipes file on reboot
Restores previous behavior. The pipe reservation doesn't matter during
boot since there's no configured dn pipes at that point.
Followup to c42eba1d78cc0b97dcb5abc604c9ab7e6e50d8a9.
Always send domain-name and domain-search options. Fix #16552
If a client doesn't request the "domain-name" or "domain-search" options
then Kea does not include them in the lease. This results in DNS
registration with the fallback domain ".unknown.home.arpa". Update the
Kea configuration to always send these options.
Don't clobber Captive Portal pipe reservations. Fix #16540
Keep pipe reservations on reboot for applicable zones. Previously the
pipe reservation file would always be deleted.
Remove all pipe reservations for allowed IP and hostname entries which
have a single direction. Two pipes are always reserved regardless of the
direction setting.
Avoid re-configuring zones during CARP events for unrelated interfaces.
Make sure allowed MAC, IP, and hostname entries are re-added and reserved
when the HA primary switches from BACKUP to MASTER.
Introduce helper functions for default system packages
Currently empty. Can be used to keep a package when the system is
reset, e.g. from Diagnostics > Factory Defaults.
Test full unbound config when validating new settings
When test_unbound_config() is called, only a partial configuraiton is
tested. It's possible there may be custom options which depend on the
full configuration, e.g. from the Advanced Settings page. Merge the
existing configuraiton with the new settings to ensure a full test.
Move get_user_remote_address() and get_user_remote_authsource() to util.inc
These functions are defined in auth.inc and used in config.lib.inc.
Since auth.inc requires config.lib.inc, move the functions to util.inc
which is used by both.
