Add some backend support for writing out a config so that the dhcp6 server can listen on the required MPD pppoe server interfaces.Also nuke the failover entries, these don't exist for IPv6, this is handled by 2 servers and differing priorities
Add the PPPoE Server IP addresses to the locally configured addresses, this prevents the HTTP_REFERER check from triggering.
Removing gettext from strins that should not be translated
Put protection for session functions even here
Make the logic a bit more robust and readble
While here try to hint the user from _ENV['USER'] if no session info
Since php_sapi_name() is useless in pfSense test if argc has been registered or not to avoid warnings on bootup
Make sure the dhcp6c client always launches with the correct real interface argument.Make sure we do a filter_configure_sync() here as otherwise the existing firewall rules (during boot) would block the dhcp6c client.
The ISC client was far worse then the WIDE client was, back to plan ARevert "Merge changes required for using the ISC dhclient in pfSense with prefix delegation. This should hopefully be a bit more reliable in the long run."
This reverts commit 651018775c78e38045966825b920b641a0302b43....
Fix outbound NAT rules when interface is deleted:
- When delete interface, do not touch outbound NAT rules- Skip outbound NAT rules when interface doesn't exist- Bump latest_config to 9.2- Since rules with no interface were considered as wan, convert old...
If less than 78 RAM just do not let php spawn another process
Slight code re-organization
Remove to parameters from system_generate_lighty_config that are unused and do a better job at tuning started php processes to not use less/more than needed. This also avoids DoS the system with php processes
Remove unused function
Welcoming in 2013
Always commit the session fast to allow other consumers to proceed to their requests. This unbreaks now the lock up the GUI had allowing only one action from same source per time. Now even if you run a command that blocks indefinitely for example the GUI want lock anymore but allow you to proceed to other actions
dynamic dns update url for dns.he.net fixed
Added curl option to use IPv4Updated url schema
Always make sure php has its own process manager to make lighty happy
Pass -S to tcpdump to avoid an increase in memory consumption over time.
Avoid duplicate log entries for facilities higher or equal daemon.info. It should fix #2626
Make is_pid_running function return more conisten results by using isvalidpid
Simplify lighty config and tune mod_evasive as needed. Mostly a cherry-pick from RELENG_2_0 changes
Move to varrun_path for consistency
Minimise rewriting of /etc/gettytab
See forum http://forum.pfsense.org/index.php/topic,57325.0.htmlAvoid possible problems with having a partial /etc/gettytab file by not rewriting it at every boot.
Tell filterdns to reload the config rather than restart if its running
Merge pull request #293 from bcyrill/patch-11
Add some unobtrusive IPv6 changes to CP
Merge pull request #294 from bcyrill/patch-12
Fix: Invert if condition
Merge pull request #298 from bcyrill/cp-sqlite
Various fixes to removal of pipes
Merge pull request #301 from bcyrill/cp_patch3
Fix: Voucher Sync
rename for clarification
serialize dbent array
Fix: Disconnect CP client
Fix: Remove entries from captiveportal DB
Fix: Check for the existence of the rules file
Fix: SQlite in CP
Determine subnet from address family
Get IPv6 address for IPv6 clients
Add [] to IPv6 address
Use file_put_contents for simplicity and concistency
Just check the file_exists let pkill decide if its a vaild file or not.
GC cmd_chain.inc it never found uses since pfSense module got used more. Also fix the problem with pfsync on bootup waiting 30 seconds since cmd chain was executed after and pfsync was never brought up to compleete the sync.
Merge pull request #278 from phil-davis/master
Support different package internal name - feature #2603
Merge pull request #289 from phildd/master
Handle null parameter to services_dyndns_configure
When service_dyndns_configure is called with a null parameter, it should check/update the dyndns state of all interfaces configured for dyndns. But actually it is only updating gateway groups. e.g. the daily cron job /etc/rc.dyndns.update does not update an ordinary WAN interface....
Fix comment
Since there is a firewall no need to do ingress checks in the routing table
Restore needed code
Properly setup array
Add IP alias support to GIF interfaces
Make gateways for assigned OpenVPN servers as well as clients.
If there is no roll do not try to save anything
Correct field name and add an index for ip
Convert the CP db to sqlite rather than a text file. Some more optimizations might be needed and probably vouchers db might need conversion as well.
Correct limiter queue rule generation
Put the CP call during reload of interface under function_exists its not fatal and in some scripts captiveportal might not be included
Move down a bit of code
Add square brackets around IPv6 addresses
Needs more thought - might route something an unintended path. Perhaps a checkbox. Revert "Exclude the VPN peer from routes so as to not break connectivity to the actual VPN peer if a route includes its IP."
This reverts commit 5d8e8c9d25b55c6d3260e69fcf4620f76488d173.
Do not flush tables on save of CP. This should allow the informations to be retained during cp reconfigurations.
Handle even hostname through filterdns entries correctly now that only 3/4 table exists and they consider pipe argument. While here adapt addinga hostname without reloading CP
There is no more table 7,8
Give a minimum bucket paramter of 16 since it does not need much. To avoid those console warnings
Merge pull request #284 from bcyrill/cp_certs
Allow multiple cp zones with different ssl certs
Separate ipfw rule no db from limiter ones. Since ipfw has per instance feature while dummynet/limiters is a single instance.
Update etc/inc/openvpn.inc
Mute error when interface does not exist, e.g. after reboot.
Merge pull request #281 from bcyrill/cp_table
Fix action and table order in pfSense_ipfw_Tableaction calls
Fix cp variable
Add missing cpzone
Support different package internal name
Allow the package external name (e.g. Ipguard-dev or squid3) to be different from the internal name (ipguard or squid). In particular, this allows package start and stop code to know what the associated package service name and/or *.sh start/stop script name is when the external package name is different.
Switch all the actions(pipe create/table modify/get mac address) during fast path of CP to pfSense modules ones.
Remove IPFW_FILTER flag since it gets not used anymore
Remove set 1 keywords from rules since sets are not used in CP since long time.
Remove useless rule and reorder the static rule numbers
Correct rule number for https
Fixes #2006 Forward to lighty only port 80 and 443 tcp rather than all tcp traffic.
Use the hex value since seems parsing of ipfw is broken for these
Remove remain from IFF_IPFW_FILTER flag not used anymore
Exclude the VPN peer from routes so as to not break connectivity to the actual VPN peer if a route includes its IP.
Add the new tunable in the GUI for custommization and its default value
Properly unlock before exit. Allow rarp to flow through ipfw of CP alos allow ipv6 packets so CP can work on v6
Add extra checks for reading and saving certain wireless settings and fix an existing check.
ARP Table Static Entries from Individual DHCP Static Mappings
Assign individual DHCP static mappings as ARP table static entries.Useful / necessary for sending WoL magic packets from external services / sources, and for any other purpose that needs a static ARP table entry.
Fixes #2703 correctly remove ips from v6 interfaces. Also cleanup the srd0 bits here
Merge pull request #273 from N0YB/Widget-Firewall-Logs-Filtering
Widget Firewall Logs Filtering
Also consider 0.0.0.0/0 here since it fails both these tests but is still a valid/special config.
Update etc/inc/filter_log.inc
Firewall Logs Widget FilteringOptions to filter on interfaces, 'pass', 'block', & 'reject'
If the old configuration is present there use the new one for local users
Use functions to reduce code duplication; Add function to clear route to the interface IP before starting openvpn, otherwise the process cannot start. Ticket #2712
Merge pull request #262 from PiBa-NL/cleanup
code formatting, and extra newline for message and rule generation
Activate choices for UDP6 and TCP6 for OpenVPN. Make sure interface IP selection chooses the proper IP and sets the proper protocol string. May need some GUI input validation to prevent someone from selecting a *6 proto with an IPv4 VIP and vice versa.
Do not echo any messages here as this would otherwise end up through the XML of the XMLRPC server.
Use the IPv6 tunnel network for peer to peer OpenVPN modes.
Add a couple more (small, optional) snmp modules.
Make this a bit more easier to read