Increase vfs.read_max to 32. See http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html .. This can help dramatically if using Squid or any other packae that does a lot of hard disk reads.
Disable this test, it was causing some package file downloads to be skipped for me, and nothing else seems to set/use this variable anywhere.
Reorder some code and combine the nobind test with the lport code to ensure only the needed options are used in any given combination.
Cleanup some code and properly handle failure of pkg_fetch_recursive.
When the local port is left blank on an OpenVPN client, use 'lport 0' to direct the client to use a random source port. Fixes #1025
Clarify message.
Use correct extension of tgz rather than tgz for automatically discovered dependencies.
Honor the config parsed var if set.
Hopefully now the reinclusion of config will not override vars.
Use full path when we might not have full environment setup.
globals.inc is better first.
More safety belts.
Fix fetching of package list.
Add myself to the copyright. Have modified enough the file.
Some fixes for the upgrade code for captive portal users.
Remove the old field even if empty in rename_field.
Various fixes and improvements for the DNS rebind and HTTP referrer checks.
Fix problem with syslog adding/removing for pacakges. Fix sync pacakges to call the right functions. Optimizations and code cleanup along the way.
Clear up some code.
Boost timeout for file downloads to 60 seconds
Ticket #1017. Move the fwrite and fd_log initializing to a function. Name the function pkg_debug to properly show what is its purpose and also make it write something only when $debug is set.
Ticket #1017. Put a @ before each fwrite to silence errors. Also setup the log file in the beginning rather than on each individual function.
Resolves #1018. Provide a more unique host name for the file.
The way this option is currently defined, the configuration variable is always set; for this case, isset is not the correct condition. Reported at http://forum.pfsense.org/index.php/topic,30153.0.html
Add workaround for referrer check to not be triggered on the previous IP address when redirected by the setup wizard.
Fix typo
Make the pkg_fetch_recursive code stronger and try also to fetch from freebsd repo when fails to fetch from pfSense one.
Correctly form the url from where to fetch packages if a base is not specified. This unbreaks packages on amd64! Also do no remove a package which is required by other installations.
Correct variable name.
Tighten check even more. Ticket #1006.
Ticket #1006. Make sure to interpret the response as needed. First check if we got 0 and then check if we have a faultCode().
Make sure this isn't searching the referrer using a blank host or IP, which will always match the referrer.
Fix case for testing the referrer check setting. Ticket #1011
Remove these anchors they just provide overhead and are not really used much in pfSense.
Remove gre helping rules they are not anymore needed.
Send errors to 2>
Copy /boot/loader.conf.local to the newly imaged slice. Ticket #892
Don't perform referer check if display_error_form is not defined (captive portal), just like as is done for the DNS rebind check. Ticket #1007
Rework handling of ports for reflection on port forwards to work properly with port aliases. Ticket #672
Unset this reference before reusing the variable name to prevent corruption of groups.
Fix test for altq on vlans and wlan.
Fix a theoretical/potential XSS in the http_referer check warning.
Add whitespace to avoid breaking the resulting rule.
Whitespace fixes.
Make sure there is a direction specified otherwise errors might occur.
Initialize rule keeping array to avoid possible caching effects on php.
Separate this into the original case with the floating rule cases above it to fix some scenarios where the order was still wrong.
Move this function to allow removing it from easyrule.
Fix filter_rules_sort's compare function to know about floating rules so it won't change their order.
Take into account if we have redirection active to allow even port 443.
Make the antilockout rule match the webgui and ssh(if enabled) rather than any traffic destined to pfSense itself.
Small improvement no functional change.
Use php calls rather than forking to shell.
Use exec and check return value of command to avoid priting messages of stderr to console.
Not sure why sometimes works sometimes does not work when bound to localhost the lighttpd instance of CP. Back to previous setup! Though security of it is debatble.
Bring interfaces up only if there is a mismatch to allow them to be reassigned.
Ticket #904. Hmm fix the interface_has_gateway() too.
Ticket #904. Actually correctly handle the assigned openvpn client as a dynamic gateway rather than breaking the behaviour of the system. Strange nobody has noticed broken gateway behaviour with openvpn assigned!
Actually was coorect before. 3rd parameter is length not index.
Revert "Correct this to make it actually work. This is also mentioned in Ticket #904 though it was already implemented."
This reverts commit 6f2cc3a680f984ccbb387301a26d022e6969e665.
Correct HTTP_REFERER check when using an IP Address vs the Firewalls hostname
Remove trailing carriage return
This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
Add option to System: Firmware: Settings for running gitsync after installing an update, hidden/disabled if git has not been installed yet.
Remove csrf-magic include from functions.inc -- it was causing problems with console PHP scripts.
Correct this to make it actually work. This is also mentioned in Ticket #904 though it was already implemented.
Use a shell script rather than bad hack to execute php code for pppoe periodic reset.
Fix display of queues on rules and layer7 containers.
Revert
Testing csrf-magic
Set session.use_trans_sid to true
Add a setting for the data type of values used with DHCP option numbers and input validation for each type. Fixes #962
Kill dhcplease before writing the hosts file so that it does not scramble the content from kqueue events.
Cosmetic issue, add space before 'done', otherwise package XML name and done are combined.
Recent move (d32d3970d58683d02f89073103eb595eaa8f395f) of routed/ items required additional files to be updated to reflect correct path.
Add routed/ items to obsoleted files. Force removal of file so that directories can be included in the future
Ignore /var/etc directory to avoid these kinds of errors: tar: /var/etc/openvpn/client1.sock: tar format cannot archive socket
Spelling fix.
Change the dhcpd startup for isc dhcpd server 4.1
Activate code to allow ipsec to work normally.
Ticket #980. Bring CP widget up to date. Also bind lighty for CP to 127.0.0.1 it should not be accessible otherwise.
Protect from strange situations on bootup by testing for is_array(). Do not add anymore the 127.0.0.2 route its not needed anymore. Also during bootup bring up all interfaces so the assignment process can deal with them(Possibly should be done in another code flow!).
More VPN log fixes, for consistency. Ticket #912
Fix typo (standart -> standard)
Switch to a unified vpn-linkup and vpn-linkdown.
Fix l2tp interface naming. Fixes #985
Use individual linkdown scripts.
Various sync fixes to ensure sections are pushed even if empty, otherwise the last entries of these sections cannot be deleted and have that deletion sync to the secondary.
Make isvalidpid() know about pidfile the same as the other *pid functions do.(consistency)
Also mention that this allows access to the dashboard.
Ooops use meant logic.
Ticket #975. Properly initialize variables to avoid caching issues. Also check an array exists before trying to foreach to avoid errors.
Do some is_array() testing before renaming fields, otherwise empty variables can be accidentally created.
Do not require LDAP search base DN. Requiring this can prevent some valid LDAP configurations from properly authenticating. (See GDD-550841).
If there are no aliases, push an empty aliases array. Fixes #961
Add a note to the DNS Rebinding protection error letting the user know to try by IP address.
Do not show on the queue/limiters list the disabled entries(optimized and cleaner version).
Do not show on the queue/limiters list the disabled entries.
Ticket #943. Call the update procedure directly to not do an unecessary loop.