Activity
From 08/29/2006 to 09/27/2006
09/27/2006
- 11:09 PM Revision a0e4bd9f: We cannot tail the initial clog file in return_clog because we are not guaranteed to have that amount of "matching" lines. Instead, build up a grepline that contains all of the grep and grep -v statement. This now allows the tail to chop off the last X lines correctly.
- 11:02 PM Revision 0fcfdd3d: We cannot tail the initial clog file in dump_clog because we are not guaranteed to have that amount of "matching" lines. Instead, build up a grepline that contains all of the grep and grep -v statement. This now allows the tail to chop off the last X lines correctly.
- 10:28 PM Revision 13c24013: Woops, looks like there is a ! in the comparison, and I have it backwards.
- 05:37 PM Revision bf541de9: Be kind, rewind. Restart the package after a reinstallation.
- 05:36 PM Revision 960e61ae: Be kind, rewind. Restart the package after a reinstallation.
- 04:25 PM Revision 58725a51: Version bump
- 03:43 PM Revision 19a14ce7: Invalidate the cache before reloading the filter. On bootup the interface list is being cached and we need to detect tun0 coming up for OpenVPN.
- 04:26 AM Revision 1b0e4b4c: Do not leave trailing spaces before or after the text we are adding or removing.
- 04:17 AM Revision fa3c05aa: Do not leave trailing spaces before or after the text we are adding or removing.
- 03:41 AM Revision f4fc97cd: Only write out $fd_log items if a handle exists
09/26/2006
- 10:49 PM Revision ad6eae25: Allow loading of text from outside scripts such as snort.
- 07:22 PM Revision 9996eff6: Detect if stored item in config.xml is an array. If it's an array simply pass array along, if its not then attempt to explode the array.
- 07:15 PM Revision 3c616886: Fix interfaces selection widget. Now selections are restored.
- 06:44 PM Revision 7ed60b4e: Version bump
- 06:42 PM Revision 36eab901: Invalidate the cache before reloading filter.
- OpenVPN will bring up a tunX interface and we need to be able to see it to add the correct filter rules.
09/25/2006
- 11:38 PM Revision cb589a49: Set implicit_flush = true as well. Now downloading and slow tasks actually update the progress bar, etc in real time.
- 11:35 PM Revision 79c05ed9: output_buffering needs to be set to 0
- 06:56 PM Revision d017ef26: Output buffering needs to be off.
- 04:20 AM Revision 864210cb: Output buffer so that progress bar, etc works
- 04:18 AM Revision 43db85f8: Output buffer so that progress bar, etc works
- 12:51 AM Revision fc23fbfe: Cleanup file
- 12:45 AM Revision 31ef2e70: Automatically expire snort2c table every 60 minutes. This can also be used by other system components for temporary blocking.
- 12:41 AM Revision e99e9804: * Move snort2c to top of rules section
- * Block snort2c hosts
- 12:34 AM Revision f3af8b4a: Shhh... Be vewy qwiet. We are adding snort2c table.
09/24/2006
- 11:38 PM Revision 759cfd0c: Version bump
- 11:31 PM Revision e9be1e7f: Move FTP helper pass rules after USER defined rules so that the operator can tweak FTP items.
- Patch submitted by: Chris Dionissopoulos <chdio@debug.gr> (pfSense commiter)
- 11:17 PM Revision d690d2c9: MFC 14473
- Make sure we test for databases without interface information. e.g. spamd. Fixes report made in forum.
09/22/2006
- 11:31 PM Revision 265ccfc3: Ensure space after vpns list
- 11:22 PM Revision c52719a8: Do not destroy previous items, whiping out the listen directive.
- 09:49 PM Revision 70a6aeb0: do not unlink sh commands.txt, simply unlink commands.txt
- Pointy-hat-to: ME
- 08:27 PM Revision 76252260: * Fix MFC error where nat rules are blown out
- * Fix optional interface + carp
- 07:48 PM Revision 3f6fd1f3: Correct filenames in (C) header
- 07:45 PM Revision fb2a6c76: Correctly associate carp interfaces with optional interfaces as well. This should hopefully fix CARP failover on optional interfaces
- 06:41 PM Revision 2f0a7613: MFC openvpn fixes by Fernando
- 06:29 PM Revision c4b76267: Introduce rc.filter_configure and rc.filter_configure_sync.
- 05:51 PM Revision 45d7fb39: Use /etc/rc.filter_figure instead of 2 command touch /tmp/filter_dirty which does the absolute same thing but prevents openvpn from being tricked due to quoting.
- 04:20 PM Revision 3582e210: Inctroduce another snapshot before RC3
- 04:01 PM Revision 4b31e652: nve will support altq in just a moment.
- Reminded-numerous-times-by: Christos Dionissopoulos <chdio@debug.gr>
- 02:39 PM Revision 920cafaf: Move helper function to correct area
- 03:06 AM Revision e7933a2b: -HEAD wasn't working. Unify both tree's.
- 02:53 AM Revision e88adead: --ipchange silently didnt allow openvpn to run
- 02:47 AM Revision c1fdf93b: --up only needs one argument
09/21/2006
- 09:16 PM Revision 763ce2e6: RC3 time. Party on, excellent.
- 08:45 PM Revision 18ea86eb: MFC 14433
- Move miniupnpd anchor to the end of the NAT rules so they have precedence.
- 08:23 PM Revision e8ad9d31: Do not allow openvpn and ipsec entries to run together.
- 07:34 PM Revision ed3ccdc7: Set net.link.tap.user_open to 1 by default.
- 03:16 AM Revision d42d2184: 512K is enough for 1000 rows. Back out previous commit.
- 03:08 AM Revision 66f8efe7: Version bump
- 02:29 AM Revision 4fa1ffbb: Increase filter log space to 784K so that it can accept 999 entries
- 02:20 AM Revision 3deb0883: Default to TCP
- 02:11 AM Revision d87e27e0: When a failover ipsec ip address is defined, use it as the ip address endpoint for ipsec.
- 01:41 AM Revision 51fb86f5: * Remove unused variable $do_not_display
- * Do not add entry if we cannot deterimine the protocol
- 01:07 AM Revision f469e606: Treat sack type traffic as TCP
- 12:57 AM Revision b1ad443d: Include Id and copyright headers. Not sure how this slipped past.
- 12:22 AM Revision df477d2b: The interface le absolutely supports ALTQ. Make it so.
09/20/2006
- 11:02 PM Revision 0526354f: When running with verbose mode, tcpdump deocdes sip traffic. Bad boy.
- 05:49 PM Revision 24012690: Ensure filter reloads after openvpn state changes
09/19/2006
09/18/2006
- 08:53 PM Revision 6d17a9b9: Version bump
- 04:41 PM Revision 27b684ca: Note that the shaper is not compatible with bridging in the opening warning
- 01:29 PM Revision 48ce54d0: Disable firmware check, we are not using it in RELENG_1
09/17/2006
- 08:01 PM Revision 6a14ed37: Version bump from outter space
- 04:45 PM Revision 0a33f73e: Dont allow items to run together
- Ticket #1105
- 06:47 AM Revision 45e38645: Add (y/n) hint
- 06:45 AM Revision 2c05cc10: Explain to the user that the developer bootstrap process populates /usr/src, etc.
09/16/2006
- 09:45 PM Revision c195be3f: We log to a ram disk, so change text to read to a local ram disk instead of local disk
- 08:43 PM Revision 75abff95: Don't try to filter records that have strange date / time stamps.
09/15/2006
- 06:10 PM Revision 012472a4: * Only run the commands.txt file if it exists.
- * Unlink afterwards
09/14/2006
- 08:14 PM Revision a78b7955: Execute after commands via sh &
- 04:45 PM Revision 0a6d4110: Version bump
09/13/2006
09/12/2006
- 09:13 PM Revision 5963133d: Woops, only change the first occurance of 19999
- 09:00 PM Revision 2ef857b2: Start at 19000 since we are ++'ing at the end of the loop.
- 08:37 PM Revision 8d896506: Version bump from outter space!
- 08:05 PM Revision fe4d7d52: Match on the beginning of the string so that the 110 network is included
- Submitted-by: XAI via IRC
- 07:06 PM Revision 0a5f89fa: We ++ the starting port at the end of the for loop. Do not ++ it at the beginning leading to power of 2 redirect entries.
- 05:31 PM Revision 0363c100: Correctly deterimine the previous ip address when running under pppoe, as well. Log an error if we cannot deterimine the ip address for any reason.
- 05:26 PM Revision bd572fb6: Clear the filter cache before reloading. Now that Bill has worked his caching magic, this hit is almost nill.
- 01:30 AM Revision b1b1bace: Expand special character descrption search and replace for xmlrpc to all description areas that are sync'd via XMLRPC. Note: this only replaces the special characters on the backup nodes
09/11/2006
- 09:45 PM Revision 0ee99516: $starting_localhost_port++ for tcp/udp rules
- 08:21 PM Revision 1916ddad: Install both tcp and udp reflection helper entries
09/10/2006
- 11:21 PM Revision 796b9b3b: * Whitespace cleanup
- * Add missing counter strike ports
* Shift default queues to 1, instead of 3 - 10:38 PM Revision f29908ad: * Cleanup -u whitespace
- * Actually install the correct protocol in the rule
- 08:26 PM Revision 383d15cc: We already check for $g['booting'] at the beginning of the function. Do not do it twice.
- 06:53 PM Revision 2ebd3617: Version bump
- 05:49 PM Revision 3afe16db: Do not install vpn helper entries on Optional interfaces that are disabled
- 05:42 PM Revision 0e9671ef: Do not install vpn helper entries on Optional interfaces that are disabled
- 01:07 AM Revision b7ba117b: Version bump
- 01:00 AM Revision 0e871eb9: Convert interface to friendly name, actually use it.
- 12:51 AM Revision 785e986a: Actually redirect traffic when no vpn's are defined, too.
- Pointy-hat-to: ME
- 12:01 AM Revision e244be50: Backout last commit
09/09/2006
- 11:35 PM Revision 842beb79: Cover the tcp case since Alan swears up and down it is not being invoked correctly.
- See http://forum.pfsense.org/index.php/topic,2043.0.html
- 10:53 PM Revision 279006d9: * Setup pass connections for correct protocols when reflection is in use.
- * Netcat needs a -u switch for udp type connections
Submitted-by: alan walters <alan@aillweecave.ie> - 09:31 PM Revision d748e0b8: Back out last commit
- 09:24 PM Revision 1ddc3074: Fix reflection typo.
09/08/2006
- 09:27 PM Revision a6d1eaf8: Missed commits
- 09:05 PM Revision 50797647: Our compatibility code raelly needs to go into functions.inc so it can get installed before other php files are sourced.
- 08:54 PM Revision 022a0f9a: Correctly write out ttyd0 entry
- 08:45 PM Revision 0efc887f: Actually enable the serial port correctly and present the menu when needed.
09/06/2006
- 10:06 PM Revision 819ccd08: Set export VARMFS_COPYDBPKG=yes during varmfs mounting so that we can see the entire /var/db/pkg/$PACKAGENAME/$CONTENTS structure
- 09:44 PM Revision 2b0a8a19: Version bump
- 08:55 PM Revision 80b638eb: We only need to match connections coming in on the interface
- Noticed-by: BillM
- 08:35 PM Revision e90481ff: Only define $vpns if there are vpns defined.
- 08:31 PM Revision fb47169a: Correctly negate IPSEC FTP Helper connections and OpenVPN FTP Helper connections.
- 06:42 PM Revision 6f57956c: Correctly define remote OpenVPN subnets thanks to Fernando.
- 06:10 PM Revision b5defbd4: * Use tables to negate IPSEC vpns from FTP Helper
- * Add OpenVPN entries to negate from FTP Helper as well
Ticket #1099
NOTE: Not tested as of yet. Will test when I ... - 05:49 PM Revision a4a12dba: Only allow number ints for tcp/udp ports.
- Ticket #1098
- 05:41 PM Revision df593437: Fix case-o
- s/carp/CARP
Ticket #1097 - 05:39 PM Revision c299e0af: Correct spelling mistake
- s/your/you're/
Ticket #1096 - 03:47 AM Revision 189ea1b5: Reflection + FTP don't play well together, mmmkay?
09/05/2006
- 09:54 PM Revision b1c525ee: Unlink config.cache before reloading. It somehow spoils the FTP helper from being loaded.
- 05:01 PM Revision 65fbb388: Fix $VARIABLES$
- 02:35 AM Revision cf83f490: Fix usage of multi-host aliases in rdr
- 02:33 AM Revision 9b00dc26: MFC commit [14178]
- Correctly handle multi-host aliases
- 02:10 AM Revision bc8c1e56: Set javascript state on form load
- 02:09 AM Revision 3d50349e: When static port is checked, disable the port option.
- 01:01 AM Revision 1d05769d: Increase default clog log file sizes
09/04/2006
- 11:15 PM Revision a8c5b0a8: Bump snapshot date
- 11:14 PM Revision b7edc0e7: When the local port and external ports are the same, do not install a target port = foo entry
- 10:52 PM Revision 6ec18a7a: Allow item to be saved
- 10:38 PM Revision 120daf83: If the destination port is an alias, then force the local port as the same alias. We will need to circle back in filter.inc to detect this situation and omit the local port from the rule.
- 10:19 PM Revision 3280df11: Turn off debugging alert()
- 10:07 PM Revision f5a68408: Re-enable items when needed
- 10:03 PM Revision e2705d67: When a External port range item is an alias, disallow the entry of Local port.
- In-discussion-with: BillM
Bug-reported-by: ChrisB - 03:54 AM Revision cedeafc0: Do not start ftpsesame on disabled interfaces (optionals)
- 01:16 AM Revision 6b11069e: If user selects IP adddress, domain name, user fqdn or dynamic dns and leaves the actual value empty in p1myident then throw a input validation error.
- 12:08 AM Revision 9a77bfbe: Kill debugging text
09/03/2006
- 11:58 PM Revision 9cee2260: Backout last commit, we need some better parsing goo
- 11:51 PM Revision bf875fa9: Correctly match the interface to the state
- 11:12 PM Revision 0529547c: Add bridge status
- 10:30 PM Revision f559eaf6: Report gateway for an interface for optional interfaces if needed
- 09:32 PM Revision 7ce318d6: Set net.link.bridge.pfil_onlyip=0
- 09:02 PM Revision 2382762b: Build a snapshot set and test latest build changes
09/02/2006
- 12:27 AM Revision 709f48f0: Use new upload path
- 12:20 AM Revision b6f67235: Mount RW for uploads
- 12:11 AM Revision 2e44fb05: Check that watchdogd is running before trying to kill it
09/01/2006
- 11:23 PM Revision f15b7e03: Provide other writable upload and post temporary folders for lighty
- 11:18 PM Revision a3046c54: Check to see if dhcpd is running before blindly issuing killall
- 11:16 PM Revision 17bdf526: Don't echo . on bootup in rw and ro functions
- 11:07 PM Revision 2e269da2: Make bootup text consistent with others
- 10:37 PM Revision f05740c1: Do not space after ...
- 10:23 PM Revision cb74ffd5: Now that we are optimized switch the loading firewall output on bootup to a "." method.
- 10:16 PM Revision 87294955: * Do not read-only mount if a firmware upgrade is in progress
- * Spew more .'s and pretend we boot faster
- 10:08 PM Revision d03f2faa: Don't duplicate upload-dirs lighttpd directive
- 09:53 PM Revision ee959dc4: Set upload path to /root/
- 09:40 PM Revision e9f2dd08: Use a much larger growable ram disk (128 megs) vs the default low one.
- It is now possible to upgrade firmware on embedded images, ladies and gentleman.
- 09:38 PM Revision 6d2b109d: When a firmware update is in progress, it is very important that we do not go RO.
- 06:08 PM Revision 1ef7b568: * Move lighty upload to a definable globals.inc value upload_path
- * Use new upload_path for firmware updates
This in combination with 128 megabyte embedded images should fix the drea... - 05:49 PM Revision 9503c25e: MFC 13859
- Move the upnp rules to the end of the list so a user rule can block access!
- 04:56 PM Revision 97fd5cb8: Restart OLSR correctly.
- Ticket #1071
- 04:50 PM Revision 81d12935: Don't spike RRD stats after reboot.
- Ticket #1089
Submitted-by: gd@spherenet.de - 04:39 PM Revision 0e5ddcd9: Do not allow user to select "network" and enter an alias. Alert user the item is an alias and that is should be set to "Single host or alias" option before saving.
- Ticket #1090
- 04:44 AM Revision d012cff4: display page title during package editing
- 12:13 AM Revision e1567752: per dsh@ this breaks enablechange() when multiselect is used (routed package
- is an example of this)
- 12:03 AM Revision 5e5f5fac: MFC of [14076]
- fix typo and don't output the package config file
08/31/2006
- 03:14 PM Revision 97a105c3: MFC 14070
- fix: removed redundant Apply Changes button
08/29/2006
Also available in: Atom