Only use freebsd-sendfile network handler on Full Installations. Tests have shown that it actually slows down the metallic theme on embedded by Holger.
Fix DHCP status on status_interfaces.php. Use find_dhclient_process() for test.
version bump
Use correct directive.
MFC use freebsd-sendfile
Remove bad sysctl
Pointed-out-by: rsw686 via irc
Output dhclient.conf in the same format as current m0n0.ch beta (freebsd 6 + isc dhclient)
Obtained from latest m0n0 beta 1.3
Version bump
Switch to ISC-Dhclient. OpenBSD's dhclient is driving me bonkers.
Use correct interface when restarting dhclient
"Always sent Session-Time in accounting packets. This makes most prepaid systems to work again."
Obtained from m0n0wall
Revert previous dhclient crontab mojo. When running rc.newwanip if the ip == 0.0.0.0 then fire off dhclient again.
As seen on the forums ( http://forum.pfsense.org/index.php/topic,2645.0/topicseen.html )
Version bump.
Captive portal optional interface users should consider upgrading to this version.
Create valid pf Syntax!
Only pass in on Captive Portal interface
Ticket #1188
For interfaces using the Captive Portal, ensure that traffic can reach port 8000 and 8001 which is the Captive Portal auth interfaces.
Check DHCP interfaces every 6 hours for dhclient issues. Launch dhclient if it is not bound to an interface correctly.
- livecd/embedded: do not create a md on /var/db/rrd, /var already is one -7 lines, +6MB ram. Tested on WRAP + LiveCD
Silence eclipse warnings
Ticket #1185Check $hostname, not $domain
Work around a dynamic rule problem that is known in FreeBSD for IPFW2:
">Strange, why only me(?) get this problem.. Isn't
net.inet.ip.fw.dyn_keepalive=1 by default ?
This is a workaround. I am aware about this problem from several people.Here is needed more testing to determine the cause of the bug."
MFC 15495fix: root key files are not in /etc/ssh/root ...
MFC 15411is_domain(): MS breaks all laws, so unserscores are allowed...
MFC 15402is_domain(): domains must not contain underscores; empty strings are not valid
Back out changes to try and fix OpenVPN. We really need to fix check_reload_status
Misc spelling mistakes. Remove old commented out code.
Work around the fact that check_reload_status is inheriting socket descriptors from other programs. Kill check_reload_status on wan ip change and restart it. That way openvpn can be killed and restarted, etc.
In addition while I am here, we really should restart openvpn after WAN ip changes as well.
Do no install default pass in rules for openvpn interfaces with agateway.
Install frickin pptp proxy rules
Add frickin pptp proxy hooks.
Start OpenVPN with nohup
Version bump. Includes check_reload_status fixes which should help some DHCLIENT users.
Uhm, previous was almost right. Limit dropped to a 115MB available ramso people can use computers with up to 8MB of shared graphics memory.
Do not forget rule anchor for imspector.
Pointed-out-by: dberlin
MFC 15441added imspector anchor
If the available memory is between 97 and 128 MB do not prompt. This isthe same approach as system.inc does. This fixes boot for people withonboard graphic cards and you miss a few MB.
Merge newer rrd graphing code, drop down now only lists valid rrdtargets. Added CPU and States graphs. More logging in case of graphgeneration. Minor bugfixes and cleanup.
Move $config = parse_config() statement to end of file to attempt to prevent the error:
Fatal error: Unknown function: parse_config() in /etc/inc/config.inc on line 198
Run fsck -fy instead of fsck -y
MFC 15106 Ticket #1146: binat rules MUST be before NAT else they don't work asexpected.
MFC 15382fix: is_process_running() does inaccurate matches
Version bump to SNAPSHOT.
MFCpclose -> fclose
Do not complain unless user has less than 126 megs of ram. Some motherboards share ram with video cards.
MFC [15285]add dhcpd static mappings to dns forwarder
Only enumerate the variable if it is an array to avoid:
Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/system.inc on line 147
Allow priv to appear multiple times so that a person can downgrade from the pile of SHIT we call -HEAD.
Apparently my big fat warning about needing two interfaces is not a big enough warning. Make the language a bit more precise and stern to thwart bogus support requests.
MFC [15201]unset $extport before assigning to it as not all elements of the array areassigned each time through the loop, but all elements are checked and usedif already assigned. Oops.
apparently 5m cache slows stuff WAAAYYYYYYY down, 7m has a negligableperformance diff from 30m and works better than 5m, so let's use it
Only check for check_reload_status process if machine is bootedrc scripts launch this process at the end of boot
Ticket #1154: Bad format for generated syslog.conf
Submitted-by: Angelo Turetta aturetta+pfsense at bestunion.it
at
Be a little more agressive when blocking snort2c traffic
Version bump to 1.0.1
Woops, somehow I forgot to add this files content.
Ticket #1136: Make sure check_reload_status is running so we can regenrules
PF doesn't know what "congestion" TOS flag is
MFC [15086]Ticket #1137: find_interface_ip() doesn't do what it says. Really return only the first found IP. This fixes issues with people configuring FreeBSD IP aliases on interfaces
MFC [15083]Ticket #1145: Don't background the stop process, we really do need to stop the daemon before it tries to start again
Remove pf states for client ip when disconnecting from captive portal.
Create rc.linkup.sh to simplify check_reload_status
Woops, we need the ftp anchor BEFORE the user rules, and the inital PASS rules AFTER.
This controls the initial port 21 connetion and once that is allowed through the ftp rules installed by pftpx should bypass USER_RULES.
Change APC caching size to 5 megabytes. php.ini is generated from system.inc on bootup now.
Set ClientAliveCountMax to 5.
ZoneEdit now works, tested by myself and korozionMFC checkin [15047]
file_notice() requires notices.inc
Ticket #1124 - fix wordingMFC of commit [15039]
Do not unlink filter_drity, allow check_reload_status to handle this.
1.0-RELEASE time. I never thought we would make it! w00h0000!
Do not write out php.ini on cdrom platform.
Call the php.ini creation function after the other functions have been loaded into memory.
If user has defined the maxprocperip to 0 then do not install mod_evasive directions to limit the connection count per ip address.
Use mod_evasive to limit connections per ip
Ensure nameserver information is removed at bootup before its discovered again.
Add missing \n
Add missing "
Show a big fat warning on every bootup via the notices system if the minimum ram requirements are not met.
Show a BIG FAT WARNING that under 128 megaytes does not work during initial setup if <128 megs of ram detected.
Stop packages before restarting.
Check for TAP interfaces as well as TUN. Some people fancy bridging openvpn to TAP which allows for stuff like Bonjour to work across the tunnel.
Do not log NTPD messages to OpenVPN tab
Add OpenNTPD logging tab