Only run pfctl once per interface for stats, rather than four times.
Use foreach here to be sure we do not reference unexisting results.
Do a proper test otherwise a override of the total_minutes var might happen.
Properly do testing of voucher existing or not rather than relying on an obscure feature of php. Also do exclusive locking rather than shared one when writing dbs.
Use racoonctl now that ipsec-0.8 is back to reload the config.
Handle the case on some special configs with a gateway of all 1's otherwise strange thing happens.
Fix typo
Add cas(4)
When doing conf_mount_ro/rw on NanoBSD, pass sync,noatime to mount to preserve the options we have already set in fstab. Ticket #1279 and Ticket #444
Enforce session establishment.
Add missing pages to the authentication system.
Be smart and remove the needs package sync toggle since the begining otherwise not behaving packages might mess up the whole thing.
Oops more make code correct.
Oops make code correct.
If the interface triggering rc.newwanip is not assigned just reload packages and the filter and exit.
Check if the protocol is empty, not just if it's set. Fixes #1323
Only change protocol if it's set and not empty.
Add upgrade code to ensure rule protocols are all lower case.
Make this lowercase before checking, or people who ended up with TCP or UDP in their config might end up with rules that have no port specified, leaving them a bit more open than expected.
Make sure we tell the code that the interface exists otherwise multiple laggs might get created.
Not needed anymore.
Ensure the protocol on the firewall rule from the OpenVPN wizard ends up lower case, or it causes some GUI irregularities. Seen http://forum.pfsense.org/index.php/topic,33865.0.html and elsewhere.
lower limit to 101 MB
Simplify is_macaddr regex.
Slight regex fix on is_macaddr - the previous regex was letting through a mac without : separators, leading to improper validation and potentially invalid dhcp configs. Seen here http://forum.pfsense.org/index.php/topic,33830.0.html
Show friendly names of interface for root queues of ALTQ.
Add GUI option to CARP settings for syncing certs. It was in the backend code but not the GUI. Fixes #1316
Attempt to mitigate fork bombs of rc.newipsecdns. Alternatively we should probably bail out with a exit(0);instead.
Always write out the filterdns-ipsec.hosts file, otherwise deleted tunnels will never get removed from thefilterdns-ipsec.hosts
Add the toggle to disable successful login messages, show actual help text for redirect item
Make it possible to turn off successful login messages, this should quiet the console, system logs
Add a check that should prevent configuration of racoon with duplicate phase 1 IP entries.
Fix page title text. Replace "Firewall" with "Interfaces" in title.
Remove custom code for checking ip_addr and use the pfsense provided one.
Do not be so drastic on normal failure.
Since its only called during bootup there is no need to do conditionals here. Always sync config and start the miniupnpd process.
More fixes to comments and code for upnpd. Also bring up to speed the stop/start logic.
Improve logging and some tests during miniupnpd config generation.
This is not true anymore as piece of code.
Correctly get only the interface mac address rather than any other found mac on this interface.
Pass the -a parameters to pgrep to be certain we search ancestors as well. The side effects might be inoquos from the pfSense context.
Use the call to basename to remove the extension rather than trim, since trim takes a list of characters, not the exact string to remove. Suggested by http://forum.pfsense.org/index.php/topic,32967.0.html
This is not NAT, so put it under the Firewall Advanced heading instead.
Fix page title.
Only make gateway changes if we have been given a new gateway IP.
Setup gateway monitoring since we just altered a gateway.
Fix gateway handling in setup wizard.
Only display gitsync settings on supported platforms.
Only show the you can monitor the filter reload process for filter related changes
Flush the buffer
Do a more strict check on the return value of the download function. Fixes #1309
Declare $g a global here.
Ensure the pkg staging area exists on nanobsd before trying to use it.
missing $
misc whitespace cleanups
Give this another shot
Fix admins group permission setting when upgrading from 1.2.3.
Correct IPsec carp interface upgrade code, off by one
Use full path to pw
Add missing _relayd group, and when upgrading from 1.2.3, add _relayd group and user.
Correct the test which displays an error if someone chose to save+test but doesn't have an ldap backend. Also, fix a typo.
Fix find again... apparently -xdev is depreciated and tosses errors, replaced by -x
Move this code up a bit and also use /root/tmp to fetch packages instead of /tmp so it won't fill up.
If we're on nanobsd, pass -t to pkg_add to specify a different "staging area" path.
Correct the vlan upgrade code to continue when we fixed up the interface
Correct the find command, pipe into xargs
Make sure to resolve the gateway name before passing it off to the IPsec reload function
Correct variable name. This could never have deleted the static route for IPsec vpns on multi wan
And one more place for PKG_TMPDIR... just in case.
Set PKG_TMPDIR here too, to help nanobsd pkg installs.
Allow queues on top of bridge. Though more investigation is needed on its correct meaning.
Set PKG_TMPDIR for embedded/nano because it will fill up /var trying to download packages otherwise. (From sullrich)
Don't forget to clear username field so it doesn't show up on next edit.
And if for some reason user enters a username, store it for them.
Merge branch 'master' of rcs.pfsense.org:pfsense/mainline
Try again, a little cleaner: Prevent GUI from giving error for freeDNS service since username and password
Revert "Prevent GUI from giving error for freeDNS service since username and password"
This reverts commit 740f745922549283e29d3d964c7a60266d7dbf0a.
This is a little ugly. Let's do it a little differently.
Update "Last Tested" date for freeDNS in comments
Prevent GUI from giving error for freeDNS service since username and passwordaren't required.
Also add a note for freeDNS users to enter "Authentication Token" in Hostname field. Zero out fake username and password before writing to configso they don't show up in the GUI when you edit the record again.
Correct the config path to the vip array
Attempted fix that should convert the old carp[$i] naming to vip[$vhid]
Make sure we iterate by the vlan number lest we end up with a empty variable? Hopefully fix new vlan name not being assigned to interfaces section
Correct the gateway group member name to the correct GW_". strtoupper($if) uppercase. This fixes outbound load balancer pools upgraded from 1.2.3not working
Do not cross filesystem boundaries when removing files lest we empty Seth' USB stick
Add a check if the configuration of dhcpd exists for wan before unset, resolves #1303
Remove direction from traffic shaper generated rules now that the match action is present to correctly put packets on proper queues. Before it was not possible since this would have also open firewall ports/holes.
Reset this var before this test, otherwise if the test is skipped, it will carry over the value from the previous run.
Don't consider a cert as in use by the GUI if it's in HTTP mode. Fixes #1171
Move all functions from index.php for captiveportal.inc
Add Global reply-to disable checkbox, resolves the issue #1137
reversal of accidentally deleted filesRevert "Add Global reply-to disable checkbox, resolves the issue #1137"
This reverts commit c646776871dacebcaa4225b083aa0789dc0bfba6.
Fix typo/spacing issue. Resolves #1300
Add the diag_ipsec_xml.php page, this provides a XML interface to thetunnel status built for a Coltex BV monitoring system
Prevent empty remote endpoints from skewing the log output
Trigger a VPN tunnel reload after configuring IPsec, it will handle all the hostname tunnels after boot finishes
Don't forget to include $g, otherwise the check will fail and still perform a DNS resolve