Ensure space after vpns list
Do not destroy previous items, whiping out the listen directive.
do not unlink sh commands.txt, simply unlink commands.txt
Pointy-hat-to: ME
Correct filenames in (C) header
Correctly associate carp interfaces with optional interfaces as well. This should hopefully fix CARP failover on optional interfaces
MFC openvpn fixes by Fernando
Introduce rc.filter_configure and rc.filter_configure_sync.
Use /etc/rc.filter_figure instead of 2 command touch /tmp/filter_dirty which does the absolute same thing but prevents openvpn from being tricked due to quoting.
Inctroduce another snapshot before RC3
nve will support altq in just a moment.
Reminded-numerous-times-by: Christos Dionissopoulos <chdio@debug.gr>
Move helper function to correct area
-HEAD wasn't working. Unify both tree's.
--ipchange silently didnt allow openvpn to run
--up only needs one argument
RC3 time. Party on, excellent.
MFC 14433Move miniupnpd anchor to the end of the NAT rules so they have precedence.
Do not allow openvpn and ipsec entries to run together.
Set net.link.tap.user_open to 1 by default.
512K is enough for 1000 rows. Back out previous commit.
Version bump
Increase filter log space to 784K so that it can accept 999 entries
When a failover ipsec ip address is defined, use it as the ip address endpoint for ipsec.
Include Id and copyright headers. Not sure how this slipped past.
The interface le absolutely supports ALTQ. Make it so.
When running with verbose mode, tcpdump deocdes sip traffic. Bad boy.
Ensure filter reloads after openvpn state changes
Allow CTRL-C, CTRL-Z on console, etc.
Version bump from outter space
Dont allow items to run together
Ticket #1105
Add (y/n) hint
Explain to the user that the developer bootstrap process populates /usr/src, etc.
Execute after commands via sh &
Kill correct process
Woops, only change the first occurance of 19999
Start at 19000 since we are ++'ing at the end of the loop.
Version bump from outter space!
Match on the beginning of the string so that the 110 network is included
Submitted-by: XAI via IRC
We + the starting port at the end of the for loop. Do not + it at the beginning leading to power of 2 redirect entries.
Correctly deterimine the previous ip address when running under pppoe, as well. Log an error if we cannot deterimine the ip address for any reason.
Clear the filter cache before reloading. Now that Bill has worked his caching magic, this hit is almost nill.
Expand special character descrption search and replace for xmlrpc to all description areas that are sync'd via XMLRPC. Note: this only replaces the special characters on the backup nodes
$starting_localhost_port++ for tcp/udp rules
Install both tcp and udp reflection helper entries
We already check for $g['booting'] at the beginning of the function. Do not do it twice.
Do not install vpn helper entries on Optional interfaces that are disabled
Convert interface to friendly name, actually use it.
Actually redirect traffic when no vpn's are defined, too.
Backout last commit
Cover the tcp case since Alan swears up and down it is not being invoked correctly.
See http://forum.pfsense.org/index.php/topic,2043.0.html
Submitted-by: alan walters <alan@aillweecave.ie>
Back out last commit
Fix reflection typo.
Missed commits
Our compatibility code raelly needs to go into functions.inc so it can get installed before other php files are sourced.
Correctly write out ttyd0 entry
Actually enable the serial port correctly and present the menu when needed.
Set export VARMFS_COPYDBPKG=yes during varmfs mounting so that we can see the entire /var/db/pkg/$PACKAGENAME/$CONTENTS structure
We only need to match connections coming in on the interface
Noticed-by: BillM
Only define $vpns if there are vpns defined.
Correctly negate IPSEC FTP Helper connections and OpenVPN FTP Helper connections.
Correctly define remote OpenVPN subnets thanks to Fernando.
Ticket #1099
NOTE: Not tested as of yet. Will test when I arrive at home.
Reflection + FTP don't play well together, mmmkay?
Fix usage of multi-host aliases in rdr
MFC commit [14178]Correctly handle multi-host aliases
Increase default clog log file sizes
Bump snapshot date
When the local port and external ports are the same, do not install a target port = foo entry
Do not start ftpsesame on disabled interfaces (optionals)
Set net.link.bridge.pfil_onlyip=0
Build a snapshot set and test latest build changes
Check that watchdogd is running before trying to kill it
Provide other writable upload and post temporary folders for lighty
Check to see if dhcpd is running before blindly issuing killall
Don't echo . on bootup in rw and ro functions
Make bootup text consistent with others
Do not space after ...
Now that we are optimized switch the loading firewall output on bootup to a "." method.
Don't duplicate upload-dirs lighttpd directive
Set upload path to /root/
Use a much larger growable ram disk (128 megs) vs the default low one.
It is now possible to upgrade firmware on embedded images, ladies and gentleman.
When a firmware update is in progress, it is very important that we do not go RO.
This in combination with 128 megabyte embedded images should fix the dreaded upgrade problem for the embedded platform.
MFC 13859Move the upnp rules to the end of the list so a user rule can block access!
Restart OLSR correctly.
Ticket #1071
Don't spike RRD stats after reboot.
Ticket #1089
Submitted-by: gd@spherenet.de
MFC of [14076]fix typo and don't output the package config file
NAT reflection is created for the int. instead for the ext. port
Ticket #1088
Send dhcp client name.
Ticket #1087