Increase vfs.read_max to 32. See http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html .. This can help dramatically if using Squid or any other packae that does a lot of hard disk reads.
Disable this test, it was causing some package file downloads to be skipped for me, and nothing else seems to set/use this variable anywhere.
Reorder some code and combine the nobind test with the lport code to ensure only the needed options are used in any given combination.
Cleanup some code and properly handle failure of pkg_fetch_recursive.
When the local port is left blank on an OpenVPN client, use 'lport 0' to direct the client to use a random source port. Fixes #1025
Clarify message.
Use correct extension of tgz rather than tgz for automatically discovered dependencies.
Honor the config parsed var if set.
Hopefully now the reinclusion of config will not override vars.
Use full path when we might not have full environment setup.
globals.inc is better first.
More safety belts.
Fix fetching of package list.
Add myself to the copyright. Have modified enough the file.
Some fixes for the upgrade code for captive portal users.
Remove the old field even if empty in rename_field.
Various fixes and improvements for the DNS rebind and HTTP referrer checks.
Fix problem with syslog adding/removing for pacakges. Fix sync pacakges to call the right functions. Optimizations and code cleanup along the way.
Clear up some code.
Boost timeout for file downloads to 60 seconds
Ticket #1017. Move the fwrite and fd_log initializing to a function. Name the function pkg_debug to properly show what is its purpose and also make it write something only when $debug is set.
Ticket #1017. Put a @ before each fwrite to silence errors. Also setup the log file in the beginning rather than on each individual function.
Resolves #1018. Provide a more unique host name for the file.
The way this option is currently defined, the configuration variable is always set; for this case, isset is not the correct condition. Reported at http://forum.pfsense.org/index.php/topic,30153.0.html
Add workaround for referrer check to not be triggered on the previous IP address when redirected by the setup wizard.
Fix typo
Make the pkg_fetch_recursive code stronger and try also to fetch from freebsd repo when fails to fetch from pfSense one.
Correctly form the url from where to fetch packages if a base is not specified. This unbreaks packages on amd64! Also do no remove a package which is required by other installations.
Correct variable name.
Make sure this isn't searching the referrer using a blank host or IP, which will always match the referrer.
Fix case for testing the referrer check setting. Ticket #1011
Remove these anchors they just provide overhead and are not really used much in pfSense.
Remove gre helping rules they are not anymore needed.
Send errors to 2>
Don't perform referer check if display_error_form is not defined (captive portal), just like as is done for the DNS rebind check. Ticket #1007
Rework handling of ports for reflection on port forwards to work properly with port aliases. Ticket #672
Unset this reference before reusing the variable name to prevent corruption of groups.
Fix test for altq on vlans and wlan.
Fix a theoretical/potential XSS in the http_referer check warning.
Add whitespace to avoid breaking the resulting rule.
Whitespace fixes.
Make sure there is a direction specified otherwise errors might occur.
Initialize rule keeping array to avoid possible caching effects on php.
Separate this into the original case with the floating rule cases above it to fix some scenarios where the order was still wrong.
Move this function to allow removing it from easyrule.
Fix filter_rules_sort's compare function to know about floating rules so it won't change their order.
Take into account if we have redirection active to allow even port 443.
Make the antilockout rule match the webgui and ssh(if enabled) rather than any traffic destined to pfSense itself.
Small improvement no functional change.
Use php calls rather than forking to shell.
Use exec and check return value of command to avoid priting messages of stderr to console.
Not sure why sometimes works sometimes does not work when bound to localhost the lighttpd instance of CP. Back to previous setup! Though security of it is debatble.
Ticket #904. Hmm fix the interface_has_gateway() too.
Ticket #904. Actually correctly handle the assigned openvpn client as a dynamic gateway rather than breaking the behaviour of the system. Strange nobody has noticed broken gateway behaviour with openvpn assigned!
Actually was coorect before. 3rd parameter is length not index.
Revert "Correct this to make it actually work. This is also mentioned in Ticket #904 though it was already implemented."
This reverts commit 6f2cc3a680f984ccbb387301a26d022e6969e665.
Correct HTTP_REFERER check when using an IP Address vs the Firewalls hostname
Remove trailing carriage return
This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
Remove csrf-magic include from functions.inc -- it was causing problems with console PHP scripts.
Correct this to make it actually work. This is also mentioned in Ticket #904 though it was already implemented.
Use a shell script rather than bad hack to execute php code for pppoe periodic reset.
Fix display of queues on rules and layer7 containers.
Testing csrf-magic
Add a setting for the data type of values used with DHCP option numbers and input validation for each type. Fixes #962
Kill dhcplease before writing the hosts file so that it does not scramble the content from kqueue events.
Cosmetic issue, add space before 'done', otherwise package XML name and done are combined.
Spelling fix.
Change the dhcpd startup for isc dhcpd server 4.1
Activate code to allow ipsec to work normally.
Ticket #980. Bring CP widget up to date. Also bind lighty for CP to 127.0.0.1 it should not be accessible otherwise.
Protect from strange situations on bootup by testing for is_array(). Do not add anymore the 127.0.0.2 route its not needed anymore. Also during bootup bring up all interfaces so the assignment process can deal with them(Possibly should be done in another code flow!).
More VPN log fixes, for consistency. Ticket #912
Fix typo (standart -> standard)
Switch to a unified vpn-linkup and vpn-linkdown.
Fix l2tp interface naming. Fixes #985
Use individual linkdown scripts.
Make isvalidpid() know about pidfile the same as the other *pid functions do.(consistency)
Also mention that this allows access to the dashboard.
Do some is_array() testing before renaming fields, otherwise empty variables can be accidentally created.
Do not require LDAP search base DN. Requiring this can prevent some valid LDAP configurations from properly authenticating. (See GDD-550841).
Add a note to the DNS Rebinding protection error letting the user know to try by IP address.
Do not show on the queue/limiters list the disabled entries(optimized and cleaner version).
Do not show on the queue/limiters list the disabled entries.
Make this more strict checking.
Be smart and correct; first check for opt*ip and after check for opt* otherwise it will never match the first case!
Mark this entry as an array before treating it as such otherwise php complains.
Check to see if it is not an array first - as per jim-p on IRC.
Fix crl upgrade code.
Add ability to select reason codes for revocation. Reformat CRL edit screen a bit. Ticket #555
Refresh OpenVPN CRL files when a CRL has a cert added/removed. Ticket #555
Add upgrade code for importing CRLs. Ticket #555
Add more CRL functionality. Needs to wait on a new build for further testing.
move dhcpd.conf authoritative; so it's only there once, not once per interface.
Correctly call die() in the places needed. Also remove unused global.
Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.
Generalize this function and use it in more places to reduce duplicated code.
Convert fullname field on users to descr, so it gains CDATA protection.
desc to descr in Load Balancer config, so they gain CDATA protection and standardize field names. Ticket #320.