Remove config.extra.xml, I will just merge the remote configuration areas right into config.xml
bump to BETA4
Comment out this line for now, since it was preventing config saving.
use more efficient is_macaddr from bblacey on forum
partially fix Status>CARP enable/disable
Remove trailing newline
If config.extra.xml exists parse and merge its contents into the array as long as we are not writing out the config.
Require radius.inc if the webGUI is using radius as the method.
Add micro optimization.
Ticket #725. Before falling back to the default gw interface search even static routes. Also catch up with routing code on how to find the default gw.
Fix test of preferoldsa to check the proper variable name.
Disable SSL peer verification in cURL. Also, explicitly set FOLLOWLOCATION to make sure that we can redirect properly. Both of these are needed to fix snort rule downloads.
Change this find to a chdir/glob.
partially fix linkup. ticket #656
Shift all the top fields by one, seems like top output has changed.
Correct my email address, adjust copyright to 2010
fix path to nsupdate
add apinger.log here too to silence error at boot
Add OpenVPN users database, sync the tabs on the settings page.Graphing page doesn't know about openvpn users yet. But that's ok.
Add OpenVPN traffic statistics for all configured OpenVPN serverinstances, this adds traffic and packets.
Add a subnet option to allowed ip addresses on CP.
Even on child queue honor when bandwidth is empty for HFSC this is valid.
If no bandwidth specified for root queue honor this decision and generate proper rules.
Ticket #655. Another try at this.
Fixes #463. Actually define the correct variable so the pptp rdr rules can be added to the config.
Fixes #741. Restore behaviour of CP in 1.2.x by allowing in ipfw rules anything to the host ip on the interfaces configured for CP.
only match with a space behind the IP, otherwise 10.0.0.6 CARP IP may match against interface IP 10.0.0.60, and show incorrect info on the CARP status page
Ticket #667. Actually destroy when trying to reconfigure an interface.
Ticket #667. Take another approach at handling dial-on-demand and Connect/Disconnect button. If the link is chosen for dial on demand during a disconnect request it will be brough up again instead of just leaving it down so traffic will flow easily when there is a request.
Fixes #755. Workaround bug on dnswatch and properties_read by actually creating a correct file for properties_read API.
Fixes #717. Actually if no default gateway is found assume wan is the one.
Increase max requests to 2 so that requests can continue if a thread is blocked
Remove priority from HFSC it is a null config option. Center most of the text in the center of a <td> and add some space between objects.
Show the Enable/Disable and name first and then the bandwidth values. Fix html markup so the table is displayed propperly.
Do not try to reload apinger config but always kill the running process and start a new one so it behaves.
Fix the RFC dns updates config upgrade. It would blow up on an incomplete/invalid config.
Adding build_port_path
Honor the System -> Advanced -> DNS Rebinding flag and disable for dnsmasq if it is checked
Pass name instead of config_file for start_service
Move this block down, and fix the log name. It was in the wrong place and preventing IPsec logs from reaching remote servers.
Allow sticky-connections to work again. Ticket #337
No need to use # in color code, it's already set with this
Allow overriding the Nifty corners background color
Handle VIP DNS-Rebinding detection correctly
Allow setting the SMTP port for notifications. Fixes #677
Flip this back the other way, the group operation will fail if the user isn't set yet.
Silence this command
Fix path for relayctl. Fixes #739
Add OpenVPN none/null cipher.
Fix this function call, it only takes one parameter.
Get user pages as well as group pages. Fixes #735
Correct package rules error filename. Fixes #738
Add SSH tunneling privilege to list of available privileges.
Lock out shell accounts that have no OS access, or are expired/disabled.
Add check for user-ssh-tunnel to give users access to the ssh tunnel shell
Flip this test around so it is easier to follow/read.
Sync groups first, since users may rely on group changes.
Make sure a user gets deleted from the 'all' group.
Clean up this code.
Remove home directory when deleting a user.
only reload if relayd is already running, don't kill and then start it
fix some of the logging for load balancer, still partially broken
rename slbd pages since this is no longer slbd
couple load balancer fixes, resolves #723
Speed up loading information from regdomain.xml
Separate regdomain.xml parsing back to a separate file, so it can be used when xmlreader.inc is used instead of xmlparse.inc
Combine checkout logic for cloning and updating in gitsync and fix a condition showing an error message on the initial cloning.
Print a warning on the login screen if you are accessing the router by a non-local IP address (one not configured on the system) to warn about potential MITM attacks.
Bypass the DNS Rebind attack checks if accessing by IP address.
Add some user cert lookup functions.
Allow importing of a CA's private key (optionally).
duplicate logic
Allow forwarded domains to be queried.
Check for locally configured IPs in DNS rebind checks, so people who port forward from WAN to the LAN IP can still work.
Add a text box where someone can enter in alternate hostnames for the system to bypass the DNS rebind checks.
Add a checkbox to disable DNS rebinding checks if needed.
Remove extra }
More fixes for DNS rebinding checks (Most of this code is Scott's, with some minor fixes by me)
Fix up checks for changing wireless regulatory settings.
Correct check
Check for 127.0.0.1 as well
Oops, correct check
Add localhost as a valid host for SSH forwarding cases
Wrap the dns rebind check in a test to see if our error function exists. If it doesn't, it's probably being called from captive portal, so skip the check. Fixes #721
Move the skel dir to /etc/skel, where it's easier to manage from a build point of view.
Add ssh_tunnel_shell to /etc/shells
Slight fix to dyndns check
Check dyndns hostnames as well for DNS Rebind issues
Add per-rule NAT reflection override.
Adding back --rebind-localhost-ok now that dnsmasq version is bumped.
Do not include --rebind-localhost-ok it appears to not be in our version. Will re-add it once the binary is in place
This code returned the size in kilobytes, while the part usually used returns megabytes.
^ Potential
Binding -> Rebinding
Comment what we are doing here and add the ticket #.
More dns-rebind checks. Ticket #708
Adding --rebind-localhost-ok Suggested-by: BillM
Do not allow dns rebinding
Reorg this test a little, and make sure we only add client-to-client for remote access types.