Add some protection to parameters that come through _GET
Allow the user to select "None" for OpenVPN client certificate, so long as they supply and auth user/pass. Ticket #3633
Silent pbi_info
Reduce possible noise
allow ipaliases to be configured on lo0
Fix variable name
remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
Bring in proper gmirror support for the GUI and notifications.Made a general gmirror library to perform various gmirror tasks and get information, using some of the former widget logic to start. Updated widget to use this new code.Added a Diag > GEOM Mirrors page that displays information about existing mirrors and perform various management tasks. Current actions include rebuilding a drive, forgetting disconnected mirror drives, insert/remove, deactivate/activate, clearing medatada. It's now possible to use the GUI to rebuild a failed mirror by performing a forget, then insert action to replace a missing/dead drive....
client-config-dir is also useful when using OpenVPN's internal DHCP while bridging.
Include the v4 prefix on the v6 netmask to make routing more sane and alos tracking interface configurations work!
Update rrd.inc
fixed NTPd graphs resetting when service restarts or reconfigured (thanks charliem https://forum.pfsense.org/index.php?topic=76620.msg422811#msg422811)
Make logging of pass rules opt-in rather than opt-out
Split the setting of logging pass and block into 2 separate settings. Maybe this can be extended to control even the user rules?
Add ICMP to filter parser, it should fix #3663
Add (self) keyword for specifying "any IP address on this firewall" as a rule choice.
Merge pull request #1149 from phil-davis/patch-7
Merge pull request #1205 from ExolonDX/branch_master_59
Properly handle this rename, and squelch errors if it fails.
Delete all ip aliases when interface is disabled, it should fix #3650
Correct variable test here, too. Ticket #3662
Restore 989d361e88d08bd9e71bf7daafcb3b39af65bd3d to preserve a scenario that seems useful as suggested from @fitchner.
Remove commented out code since long time
Remove a line spotted by @fitchner which is not needed at all
Put a line on logs when this situation happens!
Update SCRIPT tags.
Add CDATA sections to SCRIPT tags in various files
Fix test (variable is a checkbox, not an array/string). Fixes #3662
Use correct variable name here.
Make some fixes related to Ticket #3662. Its mostly cleanup.
Spell that correctly
Handle enc0->IPSec convertion. Should help Ticket #3664
Actually make this correct
Use subnet rather than address/netmask to allow multiple clients to behave properly
/etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the info instead.
Move duplicated code into a function; Include local ID on mobile tunnel key line in ipsec.secrets.
Use the right specification for ahnding over the subnet to mobile clients
Do not specify the rightid in mobile tunnels since it makes things not work
Give needed +x flag to make working xauth proper
Oops this was moved accidentally
Correct sense of match and move the code up to since it makes more sense
Actually this should be rightauth2 since they should send the extra infor to be validated
bind HTTP->HTTPS redirect to IPv6 too. Ticket #3437
Use function_exists test
Allow to use PSK+agressive mode since user should have the choice even though it poses security risks
This slipped in wrongly
Allow a key to specified for all users as for exmpale when connecting from Apple iOS
Pass the loglevels on the config rather than execing commands to specify these loglevels. This allows somethings to be properly logged as config logs
No need to have the ip let strongswan do it for us! Keeping still filterdns to properly evaluate dns behaviour here
Strongswan does not need the quotes here
Show proper status for ipsec
Remove generate policy option since its not relevant with strongswan
Some adjustments to the code for logging
Use require_once in more places
Convert protocol ssl:// to https:// when creating http headers
Small cleanup
Partialy revert 0ae4f3f:
It broke xmlrpc_client since https is not a valid php transport.
Work around some quirks in global handling to show filter rule descriptions in their own row/column when configured for that behavior.
Revert "Respect protocol from URL"
This reverts commit 4f5bea8b6e2e6b0d5c1352539268d720826b4760.
Respect protocol from URL
Remove units from burst as it is always specified in bytes. (Per ipfw(8)).Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate.
Use egrep here (and full path)
Consider tracker IDs when looking up filter log entries, if present
Fix http and https port for cpzone
Use global cpzoneid variable
Drop double $$ from variable name
Remove redundant set
Silent kldstat
Merge pull request #1125 from msilvoso/master
Migrate captive portal code to SQLite3 php module
Changes to make it work behind a bluecoat proxy - added a user agent, and changed url scheme
Oops specify mode of operation to fopen
Make the alias url processing functions not memory hungry!
Rewrite update_alias_url_data to be with small memory footprint. Also return the status if an update is performed to callers and remove the write_config call embedded here since its not good to have this by default.
Signal a reload if anything got updated
Merge the patch suggested in Ticket #3629. It also Fixes #3629. The question is why this is using config lock? Also where is filter configure called here?
Expose all p0f OS types that it supports so that subtypes of various Operating Systems can be detected
Fix kldstat match/output to check for a running module. It was claiming all modules were loaded so none were being loaded.
Send HUP to restart syslogd rather than trying to restart it, thus loosing messages
make sure unbound is included here
Handle 0MQ filter configure
If unbound is configured then assign it for the vpn service
If Unbound is been used then make sure to reload when system_hosts_generate() is called
Make sure unbound is reconfigured when interfaces are
Add space between configile and switch
Move clog from /usr to /usr/local
Add filterlog to separatefacilitylog to avoid logs going elsewhere
Another dir to be created
Correct the definitions of certificate path to correct place to allow the daemon to start
Update binaries used
Put this here for easier troubleshooting and code reading. Helps with Ticket #3619
Use php module calls here to speedup things
Correct the ridirection URL to unbreak ones passed through Radius attributes and repsect user choices. Reported-by: Antoine Guillemot
Use the daemon name to send the filter logs
Merge pull request #1032 from fichtner/contributions manually since it does not apply cleanly
Merge pull request #1098 from camlin/master
Merge pull request #1117 from derelict-pf/nohttpsforwards
Make sure to actually configure the outgoing query interfaces if selected.
Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
Merge pull request #1118 from phil-davis/patch-3
Merge pull request #1120 from phil-davis/patch-5
Fix PBI installation when target lies on different directorie