Enable filtering on ipfw sysctl not dependent on ipfw module otherwise issue reported here http://forum.pfsense.org/index.php/topic,64412.0.html happens
Fix copy/pasto introduced in previous commit.
Implement proper releasing of pipes allocated based on CPzone. Keep track of which zone a pipe is and release those pipes during disabling/deleting of zone. Ticket #3062, Pull request #698
Use empty to cover all needed cases as suggested on #3062. Suggested from pull request #698
modified radius function to release the pineno
modified radius function to release the pinene if the client is not authenticated properly, and modified function captiveportal_get_next_dn_ruleno to initially takes the value 2000 for the first pipeno.
Correct variable used to delete symlinks and files delete from CP filemanager. Reported-by: http://forum.pfsense.org/index.php/topic,64016.0/topicseen.html. While here reduce some uneeded extra operations
Prevent errors from flowing up to the clients workspace and preventing functionality
Give the rules their own number and swap table numbers to correct statistics gathering.
Make sure some value is present here during boot
Consider CP allowed IPs for both directions. It will help ticket #2780
Make sure captiveportal section of config is an array, reported on ticket #2838
Revert "Merge pull request #417 from miken32/cp-database-fix"
It breaks customizations, it's not a good time for such big change.
This reverts commit 40c7b1a98bfdc61261154adaac5fdefc234ecb08, reversingchanges made to d896f86751bae79625197da6c80d709fdf185448.
Merge pull request #417 from miken32/cp-database-fix
Use associative array for captive portal database
self-explanatory now, no comments needed
while we're here, send named termination causes
use associative array for captive portal to prevent confusion, messiness, and abuse
only send Accounting-On at boot; can't tell if CP's being newly enabled or not
add support for RADIUS NAS accounting, fixes redmine feature request 2143
During bootup do not try to resolve hostnames filterdns will handle those
remove unsed getNasID function
Test that timeout value is bigger than 0
Cleanup some code
Unlink pid file before starting a new process
Merge pull request #371 from bcyrill/patch-18
Fix filterdns termination
Kill filterdns when not being used
check for optional reversing of statistics
Configure pipe directly in php until ipfw binary is fixed to correctly configure pipes even that context is specified
Fix ipfw config generation for allowed IPs
Merge pull request #320 from bcyrill/patch2
Allow empty RADIUS secrets
Fix concurrent username logins
Merge #237 manually whitout the GUI option for specifying interim interval. It will read now this attribute if present in a reply and use it. Fixes #1492
Convert all captiveportal code to not use ipfw_set_context since its not needed anymore. Also add code to validate cpzone on webgui pages before being used
Use symlink rather than forked commands. Also simplify a bit code
Unser some vars to free space
Remove remenant of file based days
Correct stoping of the db and sending radius stops
Missing return statement
Merge pull request #329 from bcyrill/patch-8
Update etc/inc/captiveportal.inc
Add portal_hostname_from_client_ip function
Allow empty RADIUS keys
Remove to parameters from system_generate_lighty_config that are unused and do a better job at tuning started php processes to not use less/more than needed. This also avoids DoS the system with php processes
Move to varrun_path for consistency
Tell filterdns to reload the config rather than restart if its running
Merge pull request #293 from bcyrill/patch-11
Add some unobtrusive IPv6 changes to CP
Merge pull request #294 from bcyrill/patch-12
Fix: Invert if condition
Merge pull request #298 from bcyrill/cp-sqlite
Various fixes to removal of pipes
Fix: Disconnect CP client
Fix: Remove entries from captiveportal DB
Fix: Check for the existence of the rules file
Fix: SQlite in CP
Determine subnet from address family
Get IPv6 address for IPv6 clients
Add [] to IPv6 address
Fix comment
Restore needed code
Properly setup array
Correct field name and add an index for ip
Convert the CP db to sqlite rather than a text file. Some more optimizations might be needed and probably vouchers db might need conversion as well.
Move down a bit of code
Add square brackets around IPv6 addresses
Do not flush tables on save of CP. This should allow the informations to be retained during cp reconfigurations.
Handle even hostname through filterdns entries correctly now that only 3/4 table exists and they consider pipe argument. While here adapt addinga hostname without reloading CP
There is no more table 7,8
Give a minimum bucket paramter of 16 since it does not need much. To avoid those console warnings
Merge pull request #284 from bcyrill/cp_certs
Allow multiple cp zones with different ssl certs
Separate ipfw rule no db from limiter ones. Since ipfw has per instance feature while dummynet/limiters is a single instance.
Merge pull request #281 from bcyrill/cp_table
Fix action and table order in pfSense_ipfw_Tableaction calls
Fix cp variable
Add missing cpzone
Switch all the actions(pipe create/table modify/get mac address) during fast path of CP to pfSense modules ones.
Remove IPFW_FILTER flag since it gets not used anymore
Remove set 1 keywords from rules since sets are not used in CP since long time.
Remove useless rule and reorder the static rule numbers
Correct rule number for https
Fixes #2006 Forward to lighty only port 80 and 443 tcp rather than all tcp traffic.
Use the hex value since seems parsing of ipfw is broken for these
Remove remain from IFF_IPFW_FILTER flag not used anymore
Properly unlock before exit. Allow rarp to flow through ipfw of CP alos allow ipv6 packets so CP can work on v6
Make this a bit more easier to read
No need to duplicate all this code here. If vouchers are enabled just display even the voucher input box along side the user/pass ones.
The context creation and memmber interfaces are only used during rules creation so make that contained only in init_rules and rule creation functions
Update copyright
Resolves #2529. Load the ipfw module before any commands are executed on CP. Also move the filter_load_ipfw() to captiveportal.inc:captiveportal_load_modules() since no other place uses ipfw(4)
Add unset
Enable io_fast on dummynet to avoid uncessesary loop arounds of packets
Implement a pruning for auto added mac passthrough and vouchers. This allows to prune the added entries logged-in through vouchers
Always create a pipe for any user on CP and if no limit present set it to 0(unlimited). If any limit comes from the sources of reauthentication this limit will be applied without any other consequences
Fix secondary auth source to reference the zone like everything else in this section does, which is where the gui stores the value.
Do some cleanup of code for zones
Fix Captive Portal SSL
Make sure one_pass i selected when CP is active
Implement certificate chain in Captive Portal
Use Certificate Manager in Captive Portal settings
Add missing global