Ticket #1193. Do not show default queue checkbox when another queue has it selected.
Ticket #1052. Enforce certificates if they are present for authenticating to ldap. Allow to select a CA under ldap type authentication backend to be used for this.
fix correct name
Correct ts filename
Revert "Only load modules once"
This reverts commit e4f3307c8bd1673bb6fbf74eed6aababb88c83e2.
Only load modules once
Allow a ZMQ syslog address
CRL fixes for empty CRLs (so they don't kill OpenVPN)
Adding ioncube_loader
Allow DHCP mappings to be resolved first for reverse lookups.
This was affecting a kerberos installation where the first DNS alias wasgiven for the PTR instead of the static DHCP mapping name, breaking thekerberos tokens.
Create dynamodules in the order they where touche
Do a more strict check on this to avoid warnings
Enable the pfsync checking unconditionally
Actually give pfsync time to catch up.
If the sync has not finished do not start carp yet
Fixes #1666. For OpenVPN interfaces always check if part of bridge or not.
fix text
Ticket #1564. Give +x to the script so it can be executed. Simple hah :)
$g needs to be a global. Resolves #1654
Use RELENG_2_0 for updates and gitsync default.
Actually do pass an argument for second -b to avoid matching more tha supposed too.
Ticket #1646. Put netmasks of /32 to the parameters of pfctl -b to avoid that ocassions it matches more than it should.
Feature #1603. Correct nested urltable alias code to be more fullproof to errors and does not break the ruleset on large lists of urltables. Though this needs a revisit to work properly since it breaks urltable alias property of reloading contents.
Add function to return a certificate's common name.
Add issing include to avoid PHP fatal error when calling enable_rrd_graphing()
Add checks for miniupnpd to avoid php errors.
Oops use ;
Show errors.
If vouchers are disabled do not allow users to authenticate thorugh existing(active/in use) vouchers. Reported-by: http://forum.pfsense.org/index.php/topic,38342.0.html
Launch running script as well
Don't check OpenVPN ports in use against disabled clients or servers
Add rc.local.running if rc.local is running so it can reattach after a console logout
Fix copy and pasto
Launch rc.local into &
Feature#1603. URL table aliases should be usable within network type aliases.
Remove $id. Bump (C) date
If rc.local exists launch it
Regenerate permissions
Use error log and log errors to /tmp/PHP_errors.log
Use empty() so we don't use it if it's defined but blank.
If available, also track the IP used by a user making a config change.
Correct pid filename so the instance of lighty for SSL is running.
Move interfaces_staticarp_configure() to interfaces.inc where it really belongs.
Instead of deleting arp entries, reconfigure static arp. For interfaces without static arp enabled, the net effect is the same (arp entries are already deleted as part of that function). Fixes #1628
Check if an item is an array before treating it as such in the upgrade code.
Put resolvconf generation first since gif tunnels can use hostanmes
Add recovery code for gif/gre the same as in interface_configure. This helps gif/gre tunnels. Needed for capr? Suggested-by: jim-p
Do not show the root interface queue on the queue list availble since it is not allowed to choose it. Ticket #636
Add proper checks in auth code for testing if the section has been set in the config. Also do the same in the ugprade code
Adding patch for pfearly hook from Andrew Thompson
Bail out of ipsec_get_phase1_dst if there is no remote gateway, else it falls into running resolve_retry() with invalid parameters causing a long delay in returning.
In upgrade code for server load balancing, set redirect_mode. Also in the backend code, assume redirect_mode as the default if it's not set.
send lighttpd a KILL in restart_webgui, once I've seen the former way result in a never ending stream of .... never killing it, and others have reported the same. a killall -9 sufficed in those instances to kill it, so this should resolve.
Fix off-by-one in OpenVPN "local" to "ipaddr" conversion.
No need to use nohup when using mwexec_bg since it calls nohup itself. Also use fullpath to executables.
Remove nohup from the calling for check_reload_status since it may cause issues to the processes that get forked from it.
Add LB monitor types to config during upgrade, or they will be missing from boxes upgraded from 1.2.3.
Import error handling to avoid errors.
Internal cert and CSR creation error handling added.
Internal CA creation error handling added.
Intermediate CAs and openssl_xxx() error checking in CA management.
Add small comment about rrd binaries
Loosen grep for rrd
Backup rrdtool binaries during package reinstallation. Currently that is the onlyp package that can be clobbered by others. We will rework this completely in a future version when we adopt PBIs.
The fix of Ticket #1341 broke the FQDN aliases with only one hostname entry, reported-by: http://forum.pfsense.org/index.php/topic,38051.0.html. Fix this regression by properly handling this cases.
Properly generate a subnet based on the range of IPs for PPTP clients. Bonus: fix off-by-one math error in the NAT code that does the same thing. Fixes #1614
New line missing after pkg is extracted.
Set extension name correctly.. Duh!
Add extension directory
More whitespace fixes.
If no event_address in globals.inc specified assume the default. Also fixed whitespaces.
Add custom boot early hook
Use correct directory
Kill olsrd if it is not enabled. Reported-by: http://forum.pfsense.org/index.php/topic,37931.0.html
mkdir zend modules
Add 'dynamodules' for zend_extension and zend_extension_ts. /etc/php_dynamodules_zend and /etc/php_dynamodules_zend_ts directories
Remove ioncube
bump to RC3
Do not check dynamic and special interfaces for a complete interface mismatch error
Do not create blank domain lines if domain is gone from config.xml. It breaks tools such as dig when troubleshooting, etc.
Simplify message that wraps off screen
Fix formatting of fastcgi params in lighty config.
Add a GUI field to adjust the max number of processes for lighttpd.
Bug #1437. Dropdown list for country codes (CA manager)
Do a more thorough check for platform on the ro call, or factory reset blows up.
Faster/more efficient xmlrpc sync for users/groups. Seems to work fine for me. Coded-By: Ermal
PHP says that arrays cannot be used as keys, protect against this case as reported that some keys are arrays!
Restore this back to allow both users and vouchers enabled at same time.
Add carp.xml to obsolete file list.
Use the new username field from the GUI or default to admin.
Up config number for username sync upgrade.
Upgrade sync username to latest config version.
Actually correct check so it throws some errors during the second try.
Correct functiong does_vip_exist() to actually work. Fixes #1598
Ooops fix the function. Spotted-by: wagnosa(IRC)
NEw functiong does_vip_exist() which works for carp and ipalias type vips to help in carp sync issues. Fixes #1598
Porvide information for the filter reload status screen.
Do not call time() uselessly every time for each entry. Instead just snapshot it and use it in calculations. This helps performance and useless paranoic time fetching since every 60 seconds the code will be executed again.
Do not test for availbility of voucher session_timeout in the database it is mandatory for vouchers. This will make sure that if ever a corrupted db happens a user will be required to relogin and correct the db. Possibly related to: http://forum.pfsense.org/index.php/topic,37636.0.html