If no config.xml is found, attempt restore from the latest backup.
Never install rdr or nat on rules if we cannot deterimine the interface.
Ticket #1061
Attempt restore of previous backup if we are halting.
Take into account PPPoE for IPSEC tunnels.
Actually make OPT$INT address work
Fine tune IPSEC rules.
Ticket #1060
Wrong value slipped in
Return and log error when we cannot open a valid write stream
MFC 13272skip past blank packages (not sure where this comes from)
MFC 13273package include files need to be included for custom php commands to run inpackage resync
Alert rule label to match reality. This is a block rule.
Use isset()
Pointed-and-prodded-by: Seth On-my-ass-since-day-one: Angelo Turreto
Erm. Having a firewall is good, mmmkay?
Only process enabled interfaces for multi-wan ipsec.
MFC 13441shrink scrub code and instead of adding it to each interface except LAN go ahead and add to all
Turn off fast cgi on machines with less than 65 megs of ram. We told you it would be slow!
Let PF sort out interface ip addresses for multi-wan IPSEC.
Ticket #1028
Use friendly interface names
Allow IPSEC traffic on all WAN interfaces as needed.
file_notice() requires a category
Send alerts to syslog as well.
Suggested-by: BillM
File a notice when the aliases are unresolvable.
Ticket #995
Correct OLSR paramaters
Ticket #1050
Since we are caught in somewhat of a pickle concerning captive portal local element manager, force users to include "captiveportal" somewhere in the filename so that Lighty mod rewrites can deterimine if the request is indeed local, etc.
Allow captive portal local element manager HTML or HTM pages to display correctly.
Do not keep state on CARP packets
MFC 13233rrdcreateoutput needs to be an arrayphp5 seems to be less forgiving - billm
Catch OLSR up to reserved name interface changes
Unbreak inbound ftp.
-g 21 is already the default. Reminded by Angelo Turetta
Correct set overridden source ip
Increase size to 6 megs, because COUGH 3 megs is NOT enough for everyone.
Do not start pftpx with address any.
Wrap grep around double quotes so it doesn't bomb out on the shell.
Line up entries better.
Enable SSH Lockout. I really thought this was there before.
Add entries for optional interfaces ip address
Ticket #1041
Add is_dhcp_server_enabled() function which returns true or false if the dhcp server is enabled. This will start to remove code duplication.
Do not include enc with interface list.
Do not print errors to console, output them to syslog.
Add $force_ftp_source_ip optionTicket #1037
Ticket #1034 - racoon & OpenVPN log never sent to remote syslog server
When booting and conf_mount_rw() is run, if it decides to run fsck -y alert to user of this fact.
MFC 12834create is_valid_shaperbw function - to be used shortly
Fix logging. Pointy-hats and party favors to me.
Woops, back that out, this MFC has already taken place.
MFC 12503dded set_device_perms. This is needed by the new packages, cause the proxies run as proxy:proxy, and need to access /dev/pf.
MFC 12765fix multiple rdr generation in squid and clamav
We really want to fragment reassemble
Only pass in pptp server on the WAN interface instead of any.
Add get_interface_gateway()
Log OpenVPN to correct log file
Ticket #1016
When you include a dropdown widget, its generally a good idea to have backend code to actually intrepret the option!
Add group to the array field so that importing recent m0n0wall configurations do not go boom.
Add pages to the array field so that importing recent m0n0wall configurations do not go boom.
MFC 12676reload filter policy on openvpn change (this will catch initial openvpn setup without requiring any other policy changes
MFC 12674s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/post/s/settings/po...
MFC 12640The OUI 00:a0:8e belongs to Nokia so use a locally administered addresses instead.
see: http://www.mynetwatchman.com/pckidiot/chap04.htm
MFC 12633Run as root.
Add PPPoE types so that Captive Portal will function with PPPoE Server
ETHERTYPE_PPPOEDISC 0x8863 /* PPP Over Ethernet Discovery Stage /ETHERTYPE_PPPOE 0x8864 / PPP Over Ethernet Session Stage */
Only allow mac-type 0x888e traffic for WPA. This is a lot better than allowing all layer2.
Thanks Andrew Thompson for the suggestion!
Allow WPA + Captive Portal to work. Amazing its taken this long to discover the problem.
Woops, unlock config after writing out cache, not before.
Sync back with m0n0wall. This method of saving is quicker than ours.
Do not open /var/etc/inetd.conf twice for writing.
Apparently some patch has snuck in, it doesnt appear to affect anything at the moment other than reflection.
Correct spelling mistake
Ticket #1009
Patch from Nick Buraglio
Is there any reason, other than maybe the ssl certificate error that it would cause, that https isn't redirected to the portal by default? I just noticed that this isn't default behavior. It's a feature that I thought would be somewhat handy and I think only would take a simple ipfw change.
MFC 12578Transparent proxy for Squid, p3scan and clamsmtp.
Disable sasyncd. Sniff sniff. I gave it all I could, cap'n.
Maybe 1.1.
MFC make_dirs changes required by packages
Allow uppercase or lowercase .gif | .png or .jpg
Correct regex. We want PNG's to work as well.
MFC needed package changes from Fernando
Install outbound nat entries for needed optional interfaces, too.
Restore evil ugly hacks that was there before me without being even more evil by calling killall.
This code is wacked and really needs fixing in HEAD. I'll leave it broken to entice someone to fix it the correct way soon.
Spell hostapd correctly
Do not killall all hostpad or wpa_supplicant processes. This is NOT multi interface friendly.
Instead look for the process with the interface in it and kill the correct one.
Increase the maximum loads per process from 1 to 10. (Lighttpd)
Fix discover_bridge()
Update filter status to disabled if need be
MFC 12461"\t0\n" > 0, therefore is_process_running always returned 1. Btw, now it returns true or false, cause I don't see how it could be any different. Should just work now.
We need to generate optional interface nat entries automatically just like WAN does if DHCP is enabled.
Add check for DHCP on WAN too. It's required by OLSR in some cases.
/bridge_if/bridge/
MFM0N0WALL
do not generate anti-spoof rules for optional interfaces that have other interfaces bridged to them (as opposed to being bridged to another interface, which was already handled properly) when the filtering bridge is on.
Backout last commit, it didnt help the php count.
change max_procs to 1
Add back removed ng0 from the wan defintion.
MFC 12314MFC 12315Present the 11b mode as a empty array instead of TRUE. This fixes a channel list with mixed 11b and 11g modes.