Make the webConfigurator lockout rule to catch even edp protocol so that xmlrpc bruteforce is caught as well.
Fix several issues in pppoe code and remove duplicated code.
Fixup OpenVPN status a bit to properly handle SSL servers using a /30 (no server directive) and also be a little more verbose about what is happening, if we can tell.
DNSMasq was generating the error 'Socket operation on non-socket' and using 100% of the CPU, changing it to mwexec_bg() resolves the issue.
Fix VPN network listing for OpenVPN, and also add tunnel networks to this list.
Compensate some more occurencies of write_config() during the path
Make update_status and update_output_window consistent on checking for console version or not.
Show the package name that are geing downloaded even during console update
Compenstate for the write_config calls sending the filesystem to ro during pacakge installation.
Prevent negative references to be used for the refcount API. This should help with misusage of it as may occur in mount rw/ro calls.
Fix copy paste error which cleared args
Ticket #1279. Decrease the refcount even though we're in booting phase. This helps the refcount to work as intended and help in making filesystem read only correctly on embedded platfroms. While here put some exceptions to refcount API and silent any related errors that might trigger. Also take not of the NOTE on the php manual that after a share memory is opened further references to it for size and access mode should be 0.
Include the rate output in the privilege for the traffic graph.
Revert "Make initial changes to allow pfSense to work in a jail."
This reverts commit a26d95383a6146734f67c9db21cd83534052843a.
Make initial changes to allow pfSense to work in a jail.
This mostly avoids starting things that will not work and gets theinitial config. Most of the pfSense functionality will not work(pf rules, routing, etc) but it can be used for testing.
Allow custom dnsmasq options so ppl can set SRV records and such for xmpp/kerberos
Resolves #1731. Correctly handle nested alias that have hostnames. While here prevent putting duplicated dns hostnames under the same table to prevent possible hickups and save double work.
Revert "Feature#1603. URL table aliases should be usable within network type aliases."
This reverts commit ae660b3ce7d7e2b1f34cb9f1b52eb4ce21e17c42.
Revert "Feature #1603. Correct nested urltable alias code to be more fullproof to errors and does not break the ruleset on large lists of urltables. Though this needs a revisit to work properly since it breaks urltable alias property of reloading contents."...
Another roll at fixing the voucher sync problems.
Also only add 127.0.0.1 as a DNS server if dnsmasq (DNS Forwarder) is enabled.
Correct the link generation. Reported-by: http://forum.pfsense.org/index.php/topic,39855.0.html
Remove a slipped in text that confuses people
Allow disabling having localhost in resolv.conf. There are some special setups that might need this.
Resolves #1193. Properly warn about duplicate default queue
Fix description
Move these permissions to user.priv.inc so they don't get blasted when priv.defs.inc is automatically regenerated.
Fix missing $ on variable.
Sort user privileges so dashboard/index.php come first, so if a user has those permissions, they get redirected there first and not to another page.
Add Dashboard privilege which is a collection of all required pages for the dashboard. Partial fix for ticket #620 - may do something more for 2.1
Fix privilege matching so that it respects wildcards better, especially when leading.
Syncrhonize the information with the wizards xml. Reported-by: http://forum.pfsense.org/index.php/topic,39176.msg205359.html#msg205359
Fix priv name
Add privilege to directly access dashboard widgets if needed for ajax.
If a user has access to RRD graphs, also let them access the actual RRD graph images.
Log when a user tries to access an unauthorized page.
Correct world of wordcraft rule description array. Reported-by: http://forum.pfsense.org/index.php/topic,39176.0.html
When clicked allow overriding of dns servers by dynamic WANs still configure the other dns servers so in multi-WAN environments dns has a chance to work still.
Tell the local system to use the locally running dns forwarder as a primary source. This should help ticket #1407
Correct array key typo mistake. Ticket #1052
Fix typo
Move seting up of tabs/menus/service entries after custom php commands. Seems there is something tripping config vars that make these steps not work.
Correct the ambiguity caused by missing curlies
Remove this write_config call seems to be causing grief.
Add yet another intermediate config write during pacakge processing which breaks some installation steps.
Oops fix variable name
Blacklist lan as being used as default gateway when auto switching is on. This prevents some problems in general functionality with services.
If no pppoe service name is configured, send a null service name. Seems to help clients especially when reconnecting.
Declare the arrays as global since that is what they are. Correct the name of asterisk in the global defniition.
Correct battlenet data to not be overriden. Reported-by: http://forum.pfsense.org/index.php/topic,39176.0.html
Start hostid
Max procs should be 1 when using an op code cacher
Silence pfctl -d errors
Add an override for default interval to send icmp
Add a new option to allow disabling of gateway monitoring. This gateways will always be reported as up.
Use route change here as well to avoid leaving the routing table without a destination for a short period.
Rework rc.stop_packages a little. Fixes #1564
Also escape \ in pptp passwords.
Do not add any reply-to information to rules with action match. Reported-by: http://forum.pfsense.org/index.php/topic,39247.msg202728.html#msg202728
Correct check as per http://forum.pfsense.org/index.php/topic,39155.0.html
Prevent php from coring if the wrong parameters are passed to ip2long
Relax PPTP password restrictions, just prevent starting with a !, and limit to common printable/keyboard characters so it doesn't result in invalid xml. Fixes #1720
Rework OpenVPN status, show status for shared key servers.
Resolves #1719. Prevent disabled client/servers from being displayed on the widget.
Always send the route delete command even if it fails its ok. This avoids having to dump the routing table.
Use the new change to be less distuptive
Use change here to be cleaner and less disruptive.
Resolve issues that made php core dump or eat a lot of memory when big routing tables are present
Add a flag that defaults to on allowing the control of delete states from external callers such as pfCenter
Switch back to the default gateway configured when possible when gateway switching is active
Correct check for the gif mtu during an interface readdition to bridge.
Only apply remote_network setting for p2p modes, since it is not valid for remote access modes. Fixes #1707
Revert wrong fix of Bug #1711.
Correctly restart the SSL lighty instance when running.
Remove 'maxproc' since its unused in the code and correctly use maxprocperip to allow the GUI setting to be actually usable. Reported-by: http://forum.pfsense.org/index.php/topic,39155.0.html
Bug #1711. Acct-x-Octets are always 0 in Captive Portal -> Radius acct messages.
Correct the check for mtu 1500 to inlcude it. Also add the check on bridge_add_member function
Fix php behaviour on xmlrpc sync and vouchers starting with a number. Apparently php uses that to deduce the type of var and gets confused.
Ticket #1552. Do not allow route-to to be set on block/reject rules for now. The issue is in the kernel but for 2.0 this protection is enough.
Ticket #1193. Do not show default queue checkbox when another queue has it selected.
Ticket #1052. Enforce certificates if they are present for authenticating to ldap. Allow to select a CA under ldap type authentication backend to be used for this.
Allow a ZMQ syslog address
CRL fixes for empty CRLs (so they don't kill OpenVPN)
Allow DHCP mappings to be resolved first for reverse lookups.
This was affecting a kerberos installation where the first DNS alias wasgiven for the PTR instead of the static DHCP mapping name, breaking thekerberos tokens.
Enable the pfsync checking unconditionally
Actually give pfsync time to catch up.
If the sync has not finished do not start carp yet
Fixes #1666. For OpenVPN interfaces always check if part of bridge or not.
$g needs to be a global. Resolves #1654
Use RELENG_2_0 for updates and gitsync default.
Actually do pass an argument for second -b to avoid matching more tha supposed too.
Ticket #1646. Put netmasks of /32 to the parameters of pfctl -b to avoid that ocassions it matches more than it should.
Feature #1603. Correct nested urltable alias code to be more fullproof to errors and does not break the ruleset on large lists of urltables. Though this needs a revisit to work properly since it breaks urltable alias property of reloading contents.
Add function to return a certificate's common name.
Add checks for miniupnpd to avoid php errors.
If vouchers are disabled do not allow users to authenticate thorugh existing(active/in use) vouchers. Reported-by: http://forum.pfsense.org/index.php/topic,38342.0.html
Don't check OpenVPN ports in use against disabled clients or servers
Feature#1603. URL table aliases should be usable within network type aliases.
Regenerate permissions
Use empty() so we don't use it if it's defined but blank.