Correctly return wan or lan. It seems that this function can fail in certain cases that I am still trying to resolve.
Woops, preventing one to one from pftpx requires src address logic. Rework.
Do not redirect 1:1 ftp traffic to pftpx. Let FTP Sesame handle it.
require_once("services.inc") to prevent: Fatal error: Call to undefined function: configure_cron() in /etc/inc/config.inc on line 909
upgrade config if cron items are missing.
Only install icmp rule if we can obtain an IP address for the WAN interface
PPPoE automatic disconnect MFC
Submitted-by: DSHReally, really, really wanted by: Hoba
Commit #1 of #2
Add support for both Soekris and WRAP led's for trigger an alert.
Woops, use /dev/led/error
Toggle the LED on wrap/soekris when an alert is filed if /dev/led1 exists.
Backport cron handling from HEAD.
Patches-submitted-by: DSH@
Permit firewall to ping out from the WAN IP for ping_hosts.sh
Oops, down the interface first, then delete.
Update native and long frame support from vlan(4)
Add pfsense.merge_config_section which can merge two keys together via XMLRPC sync instead of killing the prior section. This is useful when merging subkeys of installedpackets for example.
Backport the alias rowhelper description feature
Fix filter rules when using load balancing pools. Latest CVS was broken.Logic error. And we do need to guess. It's not a local IP, it's a gateway.Something with toffees
Make DHCP server rules work again. on OPT interfaces.
Do not launch check_reload_status from filter.inc. This creates some strange situation where check_reload_status inherits socket descriptors from OpenVPN.
Don't guess interface, we know.
If the load balancer interface name turns out to be a ip address we guess the interface and log a error.
Found by Holger
Add back missing WINS statement that was accidently chopped in commit #9051
Ticket #1209
Fix indenation and possible conflicting variable naming (future commits)
filter.inc logic and filter rule fix for new load balancer by interface name
Let's see if this works ok over the course of a few snapshots. If not we can always revert this checkin combination.Do note the s/$POST/$_POST fixes!
Allow for a failover type next to the already available load balancing type.The gui server list box needs some up and down box for ordering....
Do not configure DHCP server on dhcp interfaces.
Do not create DHCP server firewall rules for interfaces which are configured for DHCP.They/We/He/She should not run into this, except when migrating a interface configuration to something else.
This code is tested for outbound load balancing on a carp cluster and...
Renumber, assign and delete rules as needed.
Observed-by: Vacum via irc
s/array_count/array_count_values/
Revert back to base dhclient
Go back to stock FreeBSD dhclient. ISC's is not very multi wan friendly and will make rearchitecting our code a complete interface rewrite.
Fix spellingSubmitted-by: Devon O'Dell <devon.odell@coyotepoint.com>
Fix ticket 1192 as seen by hoba and seth.
REALLY release and renew correctly.
Correct path to pgrep:
Reverse platform testing logic. It must have been oppisite day.
Only use freebsd-sendfile network handler on Full Installations. Tests have shown that it actually slows down the metallic theme on embedded by Holger.
Fix DHCP status on status_interfaces.php. Use find_dhclient_process() for test.
Use correct directive.
MFC use freebsd-sendfile
Output dhclient.conf in the same format as current m0n0.ch beta (freebsd 6 + isc dhclient)
Obtained from latest m0n0 beta 1.3
Switch to ISC-Dhclient. OpenBSD's dhclient is driving me bonkers.
"Always sent Session-Time in accounting packets. This makes most prepaid systems to work again."
Obtained from m0n0wall
Create valid pf Syntax!
Only pass in on Captive Portal interface
Ticket #1188
For interfaces using the Captive Portal, ensure that traffic can reach port 8000 and 8001 which is the Captive Portal auth interfaces.
- livecd/embedded: do not create a md on /var/db/rrd, /var already is one -7 lines, +6MB ram. Tested on WRAP + LiveCD
Silence eclipse warnings
Ticket #1185Check $hostname, not $domain
MFC 15411is_domain(): MS breaks all laws, so unserscores are allowed...
MFC 15402is_domain(): domains must not contain underscores; empty strings are not valid
Do no install default pass in rules for openvpn interfaces with agateway.
Install frickin pptp proxy rules
Add frickin pptp proxy hooks.
Start OpenVPN with nohup
Uhm, previous was almost right. Limit dropped to a 115MB available ramso people can use computers with up to 8MB of shared graphics memory.
Do not forget rule anchor for imspector.
Pointed-out-by: dberlin
MFC 15441added imspector anchor
If the available memory is between 97 and 128 MB do not prompt. This isthe same approach as system.inc does. This fixes boot for people withonboard graphic cards and you miss a few MB.
Merge newer rrd graphing code, drop down now only lists valid rrdtargets. Added CPU and States graphs. More logging in case of graphgeneration. Minor bugfixes and cleanup.
Move $config = parse_config() statement to end of file to attempt to prevent the error:
Fatal error: Unknown function: parse_config() in /etc/inc/config.inc on line 198
MFC 15106 Ticket #1146: binat rules MUST be before NAT else they don't work asexpected.
MFC 15382fix: is_process_running() does inaccurate matches
MFC [15285]add dhcpd static mappings to dns forwarder
Only enumerate the variable if it is an array to avoid:
Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/system.inc on line 147
Allow priv to appear multiple times so that a person can downgrade from the pile of SHIT we call -HEAD.
Apparently my big fat warning about needing two interfaces is not a big enough warning. Make the language a bit more precise and stern to thwart bogus support requests.
MFC [15201]unset $extport before assigning to it as not all elements of the array areassigned each time through the loop, but all elements are checked and usedif already assigned. Oops.
apparently 5m cache slows stuff WAAAYYYYYYY down, 7m has a negligableperformance diff from 30m and works better than 5m, so let's use it
Only check for check_reload_status process if machine is bootedrc scripts launch this process at the end of boot
Ticket #1154: Bad format for generated syslog.conf
Submitted-by: Angelo Turetta aturetta+pfsense at bestunion.it
at
Be a little more agressive when blocking snort2c traffic
Ticket #1136: Make sure check_reload_status is running so we can regenrules
PF doesn't know what "congestion" TOS flag is
MFC [15086]Ticket #1137: find_interface_ip() doesn't do what it says. Really return only the first found IP. This fixes issues with people configuring FreeBSD IP aliases on interfaces
Remove pf states for client ip when disconnecting from captive portal.
Woops, we need the ftp anchor BEFORE the user rules, and the inital PASS rules AFTER.
This controls the initial port 21 connetion and once that is allowed through the ftp rules installed by pftpx should bypass USER_RULES.
Change APC caching size to 5 megabytes. php.ini is generated from system.inc on bootup now.
ZoneEdit now works, tested by myself and korozionMFC checkin [15047]
file_notice() requires notices.inc
Do not unlink filter_drity, allow check_reload_status to handle this.
Do not write out php.ini on cdrom platform.
If user has defined the maxprocperip to 0 then do not install mod_evasive directions to limit the connection count per ip address.
Use mod_evasive to limit connections per ip
Add missing \n
Show a BIG FAT WARNING that under 128 megaytes does not work during initial setup if <128 megs of ram detected.