Fix typo
Load glxsb by default, unless disabled. Add option to disable to System -> Advanced.
Do not add hostname to watch in the refresh ipsec policy section, there may be other tunnels using the sameendpoint which need refreshing as well.This is also done in the part where the racoon configuration is written so it's safe to skip it here.
Silence the logging in the dnscache code and the ipsec route add code into a debug check...
Match 4.X polling behavior. See thread "Polling and kern.polling.idle_poll"
Add missing /
Kill rrdtool before killing updaterrd, possibly prevent multiple updaterrd from running.
Fix "disable checksum offloading", and some other bugs with certain combinations of options while here.
Clean up polling fix a bit.
Fix polling, update supported interfaces list.
Trigger drop down menus on 83 chars
Use 80 chars
Woops, use 80 chars not 70
Switch to a dropdown menu when there are more than 80 characters combinedin the display_top_tabs() function.
Improve the matching of carp ints to IPs.Previously this stristr substring match would return incorrect/unexpected results. 10.0.0.1 would also match 10.0.0.16, 10.0.0.135. Adding a space to the IP to check will only match the specific IP given, since it is followed by spaces in the ifconfig output.
correctly convert friendly name for PPTP interface.
Ticket #1875 (cvstrac)
changes from smos@
fix CPU RRD graphs
Fix foreach error when dhcp settings do not exis on status -> services
- Add proper support for using hostnames for the remote IPsec gateway.- Make IPsec reloading granular, this resolves the long standing issuethat a IPsec reload will cause all tunnels to drop.- Change IPsec edit screen description for remote gateway that a IP...
Replace another route -n get command. These can sometimes hang and cause a filter reload to get stuck.Always use netstat -rn instead, these behave differently and can not hang according to ermal@
Replace route get default with netstat -rn|awk '/default/ {print $2}' whichcannot block according to ermal because it uses libkvm
Nuke stray n's
Patches from smos@
Remove newlines at end of files
Skip checksumming and polling for vlans
Send output to mwexec
Do not step on var.Make exception for vlans
Do not toggle polling on vlan interfaces
Do not lock the filter when setting filter reload status.
this is of no use with if_bridge, in the sense it was with m0n0 (where this came from)
Since we force filtering on the parent interfaces, we cannot disable it in the same sense as in m0n0 for the bridge.
Because you cannot assign a bridge as an interface, you can't filter on it anyway. Will now always remain disabled and checkbox on Advanced page will be ignored.
Correctly get mtu size on 7.x
Make the vpn configuration add static routes on interfaces other then WAN.link_carp_interface_to_parent() now correctly returns parent interface instead of always WAN.
MFC of changeset [22584]Atomic file writingPatch-by: David Rees
If $interface is not defined, return false.
MFC from releng_1. Do not run pfctl -ss 4 times.Dated Nov 15 2007
Reapply patches from ticket #1532
Revert broken OPT interface removal commit. This breaks configurations entirely, worse than just improperly shifting configuration items.
Ticket #1532
The original code did a mixed work: the part in interfaces_assign.php first renamed the interfaces, and then called cleanup_opt_interfaces_after_removal(). The latter didn't do anything at all: it never entered the loop, it didn't save the result of str_replace, it didn't save the resulting config after the processing. And if it had worked, it would have renamed the interfaces a second time as a side effect, completely messing-up the config....
If /etc/pwd.db.tmp exists when we are syncing the password database then remove the temporary file prior to attempting to sync.
MFC RELENG_1. Make it possible to disable RRD graphs. Bump config so it's on by default if it wasn't already.
Correct average times, otherwise the grap stops after 8 months.
Correct location of use_rrd_gateway.
usleep(1000); between down and delete. this appears to fix the carp issues.
Do not destroy carp interface which can lead to a panic. This has been tested and works just fine after deleting and adding new carp interfaces.
Work around a FreeBSD where 2 carp interfaces exist and you delete 1. This ends up panicing the kernel. This is fixed in 7 so this will not be needed much longer.
Add is_wan_interface_up($interface)Can be optional interface as well.
Return the virtual interface for PPPoE
Woops, actually use $url
Noticed-by: Seth
Add does_url_exist() which can verify a URL exists before downloading.
Do not writeout tdr_cron_install() entries on bootup. Somehow doing so adds a stray load balancing and openvpn entries.
Only deinstall filter reload item if it is presently installed
Add is_private_ip function which will return true if an ip address falls within a private subnet range.
The earlier fix from today that fixed get_interfaces_with_gateways() created new problem where all interfaces would show up in assign_interfaces screen and other places. Instead of showing them all by default teach get_interfaces_with_gateways() how to extract the complete list.
Turn back off TDR debugging statements.
Dont check-state on the rules.
Use check-state on all TDR rules
check-state at the beginning of the tdr set
MFC 17596Correctly use all interfaces.
Make the ordering of the IPFW time based rules exactly the same as PF so there are no strange "gotchas" or "caveats" that the user would have to abide by.
Correctly incriment skipto rule number.
Fix tdr_get_next_ipfw_rule to not return 2 every time.
Add anti-lockout rule to ipfw so that you cannot lock yourself out of the GUI.
This is tunable via system -> advanced
Use skipto type ipfw rules so that the pass type rules will not bail out of the ipfw ruleset and keep processing at the next rule.
Fix another major bug in time based rules. When a * * * rule is in affect on the wan interface we where killing outgoing traffic from the firewall itself.
Fix a major time based rule bug. We need to match packets INCOMING to the interface similar to how pf works.
Remove trailing space
Do not carriage return in the middle of a shell command
Correctly note the filter configure item when removing the schedule feature from cron
Remove time based rule debugging statements.
Reminded-by: Ryan Wagoner
Do not sort dns server list.
Reported-by: Goffredo Andreone
Correct rrd_gateway path
Do not zap cron entries with a large hammer. Instead gently use a knife.
Also configure loopback. Otherwise filter rules can not be loaded
Do not unset cron entries.. This needs a bit more work.
Correctly report false
rework the check code to be more readable since it is falsing
Add more debugging info
Add debugging info for hourstatus
Add logging helper statements
Correctly handle hour and minutes on the dot.
Handle port ranges correctly
corrected schedule_inuse function
Added is_schedule_inuse()
Check that cron items exist before foreach()
Correctly check if an alias is in use
Correct check
s/!/not/ for not based rules (tdr)
Correct the reload filter filename
Monday is first now
Use cron instead of minicron and reload the rules on 0,15,30,45