Even on child queue honor when bandwidth is empty for HFSC this is valid.
If no bandwidth specified for root queue honor this decision and generate proper rules.
Ticket #655. Another try at this.
Fixes #463. Actually define the correct variable so the pptp rdr rules can be added to the config.
Fixes #741. Restore behaviour of CP in 1.2.x by allowing in ipfw rules anything to the host ip on the interfaces configured for CP.
only match with a space behind the IP, otherwise 10.0.0.6 CARP IP may match against interface IP 10.0.0.60, and show incorrect info on the CARP status page
Ticket #667. Actually destroy when trying to reconfigure an interface.
Ticket #667. Take another approach at handling dial-on-demand and Connect/Disconnect button. If the link is chosen for dial on demand during a disconnect request it will be brough up again instead of just leaving it down so traffic will flow easily when there is a request.
Fixes #755. Workaround bug on dnswatch and properties_read by actually creating a correct file for properties_read API.
Fixes #717. Actually if no default gateway is found assume wan is the one.
Increase max requests to 2 so that requests can continue if a thread is blocked
Remove priority from HFSC it is a null config option. Center most of the text in the center of a <td> and add some space between objects.
Show the Enable/Disable and name first and then the bandwidth values. Fix html markup so the table is displayed propperly.
Do not try to reload apinger config but always kill the running process and start a new one so it behaves.
Fix the RFC dns updates config upgrade. It would blow up on an incomplete/invalid config.
Adding build_port_path
Honor the System -> Advanced -> DNS Rebinding flag and disable for dnsmasq if it is checked
Pass name instead of config_file for start_service
Move this block down, and fix the log name. It was in the wrong place and preventing IPsec logs from reaching remote servers.
Allow sticky-connections to work again. Ticket #337
No need to use # in color code, it's already set with this
Allow overriding the Nifty corners background color
Handle VIP DNS-Rebinding detection correctly
Allow setting the SMTP port for notifications. Fixes #677
Flip this back the other way, the group operation will fail if the user isn't set yet.
Silence this command
Fix path for relayctl. Fixes #739
Add OpenVPN none/null cipher.
Fix this function call, it only takes one parameter.
Get user pages as well as group pages. Fixes #735
Correct package rules error filename. Fixes #738
Add SSH tunneling privilege to list of available privileges.
Lock out shell accounts that have no OS access, or are expired/disabled.
Add check for user-ssh-tunnel to give users access to the ssh tunnel shell
Flip this test around so it is easier to follow/read.
Sync groups first, since users may rely on group changes.
Make sure a user gets deleted from the 'all' group.
Clean up this code.
Remove home directory when deleting a user.
only reload if relayd is already running, don't kill and then start it
fix some of the logging for load balancer, still partially broken
rename slbd pages since this is no longer slbd
couple load balancer fixes, resolves #723
Speed up loading information from regdomain.xml
Separate regdomain.xml parsing back to a separate file, so it can be used when xmlreader.inc is used instead of xmlparse.inc
Combine checkout logic for cloning and updating in gitsync and fix a condition showing an error message on the initial cloning.
Print a warning on the login screen if you are accessing the router by a non-local IP address (one not configured on the system) to warn about potential MITM attacks.
Bypass the DNS Rebind attack checks if accessing by IP address.
Add some user cert lookup functions.
Allow importing of a CA's private key (optionally).
duplicate logic
Allow forwarded domains to be queried.
Check for locally configured IPs in DNS rebind checks, so people who port forward from WAN to the LAN IP can still work.
Add a text box where someone can enter in alternate hostnames for the system to bypass the DNS rebind checks.
Add a checkbox to disable DNS rebinding checks if needed.
Remove extra }
More fixes for DNS rebinding checks (Most of this code is Scott's, with some minor fixes by me)
Fix up checks for changing wireless regulatory settings.
Correct check
Check for 127.0.0.1 as well
Oops, correct check
Add localhost as a valid host for SSH forwarding cases
Wrap the dns rebind check in a test to see if our error function exists. If it doesn't, it's probably being called from captive portal, so skip the check. Fixes #721
Move the skel dir to /etc/skel, where it's easier to manage from a build point of view.
Add ssh_tunnel_shell to /etc/shells
Slight fix to dyndns check
Check dyndns hostnames as well for DNS Rebind issues
Add per-rule NAT reflection override.
Adding back --rebind-localhost-ok now that dnsmasq version is bumped.
Do not include --rebind-localhost-ok it appears to not be in our version. Will re-add it once the binary is in place
This code returned the size in kilobytes, while the part usually used returns megabytes.
^ Potential
Binding -> Rebinding
Comment what we are doing here and add the ticket #.
More dns-rebind checks. Ticket #708
Adding --rebind-localhost-ok Suggested-by: BillM
Do not allow dns rebinding
Reorg this test a little, and make sure we only add client-to-client for remote access types.
Give users with ssh access a real shell, but make sure that admin still gets /etc/rc.initial
Set a skeleton directory for pw
Let pw handle the creation of the home directory rather than do it in php.
Give users who have "all" privileges shell access. Part of ticket #614
Load cpufreq on nanobsd when enabling powerd. It's in the kernel on full installs. Fixes #704
Use the real interface list in setup_microcode() Fixes #705
Add checkboxes to disable TSO and LRO since some drivers will misbehave with them set. Resolves #703
Remove some redundant code and make sure admin's home directory is /root - Fixes #218
Label for 1:1 NAT reflection rules in rules.debug.
Check for tcp/udp in the protocol specified for outbound NAT rules, since tcp/udp itself is not a valid protocol choice in pf. Fixes #696
Pass correct argument to killbyname and correctly check for sshdkeyonly toggle. Ticket #691
Be more strict when doing checks for empty values.
Actually apinger can be reloaded and this is not doing its job apparently.
Fixes #613. Add correctly users to all users group.
Add build-time comparison also.
Fix ssh key existence test.
Fix NanoBSD snapshot URL default.
Actually send the HUP signal to tell apinger that a new config file is to be loaded! This should solve a lot of issues with apinger monitoring.
Fixes #480. Correctly upgrade config for monitorip. When a gateway exists save there the monitorip instead of the interface.
Do a more thorough check for missing sshd key files. Should fix #673
Use proper locking.