summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSeth Mos <seth.mos@dds.nl>2011-02-23 09:03:59 +0100
committerSeth Mos <seth.mos@dds.nl>2011-02-23 09:03:59 +0100
commita299232e558aa3ca146ea78239522ce3730e8817 (patch)
tree9fe915a010727017e39cc274096240daebc98d32
parent8e559859c252d2840c93aad396b482e680ef958e (diff)
parentb877803194700f75cb264e7343695acf971fa07e (diff)
downloadpfsense-a299232e558aa3ca146ea78239522ce3730e8817.zip
pfsense-a299232e558aa3ca146ea78239522ce3730e8817.tar.gz
Merge remote branch 'upstream/master'
Conflicts: etc/inc/filter.inc etc/inc/vpn.inc
Diffstat
-rw-r--r--etc/inc/captiveportal.inc413
-rw-r--r--etc/inc/certs.inc3
-rw-r--r--etc/inc/filter.inc4
-rw-r--r--etc/inc/interfaces.inc2
-rw-r--r--etc/inc/ipsec.inc8
-rw-r--r--etc/inc/vpn.inc22
-rwxr-xr-xetc/rc.bootup2
-rwxr-xr-xusr/local/captiveportal/index.php406
-rwxr-xr-xusr/local/www/diag_defaults.php2
-rw-r--r--usr/local/www/diag_ipsec_xml.php83
-rwxr-xr-xusr/local/www/diag_logs_ipsec.php2
-rwxr-xr-xusr/local/www/firewall_rules_edit.php2
-rwxr-xr-xusr/local/www/interfaces_assign.php2
-rwxr-xr-xusr/local/www/pkg.php18
-rwxr-xr-xusr/local/www/pkg_mgr_installed.php1
-rwxr-xr-xusr/local/www/services_dnsmasq.php352
-rw-r--r--usr/local/www/system_advanced_firewall.php17
-rw-r--r--usr/local/www/system_usermanager.php5
-rw-r--r--usr/local/www/wizards/traffic_shaper_wizard.inc7
-rwxr-xr-xusr/local/www/wizards/traffic_shaper_wizard_dedicated.inc7
-rwxr-xr-xusr/local/www/wizards/traffic_shaper_wizard_multi_all.inc7
-rw-r--r--usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc7
22 files changed, 744 insertions, 628 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index e6fa70f..013a28a 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -211,6 +211,8 @@ function captiveportal_configure() {
if ($g['booting'])
echo "Starting captive portal... ";
+ else
+ captiveportal_syslog("Restarting captive portal.");
/* kill any running mini_httpd */
killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid");
@@ -1520,4 +1522,415 @@ function portal_ip_from_client_ip($cliip) {
return false;
}
+/* functions move from index.php */
+
+function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) {
+ global $g, $config;
+
+ /* Get captive portal layout */
+ if ($type == "redir") {
+ header("Location: {$redirurl}");
+ return;
+ } else if ($type == "login")
+ $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal.html");
+ else
+ $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-error.html");
+
+ /* substitute the PORTAL_REDIRURL variable */
+ if ($config['captiveportal']['preauthurl']) {
+ $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$config['captiveportal']['preauthurl']}", $htmltext);
+ $htmltext = str_replace("#PORTAL_REDIRURL#", "{$config['captiveportal']['preauthurl']}", $htmltext);
+ }
+
+ /* substitute other variables */
+ if (isset($config['captiveportal']['httpslogin'])) {
+ $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
+ $htmltext = str_replace("#PORTAL_ACTION#", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
+ } else {
+ $ifip = portal_ip_from_client_ip($clientip);
+ if (!$ifip)
+ $ourhostname = $config['system']['hostname'] . ":8000";
+ else
+ $ourhostname = "{$ifip}:8000";
+ $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$ourhostname}/", $htmltext);
+ $htmltext = str_replace("#PORTAL_ACTION#", "http://{$ourhostname}/", $htmltext);
+ }
+
+ $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext);
+ $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext);
+ $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext);
+ $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext);
+
+ // Special handling case for captive portal master page so that it can be ran
+ // through the PHP interpreter using the include method above. We convert the
+ // $VARIABLE$ case to #VARIABLE# in /etc/inc/captiveportal.inc before writing out.
+ $htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext);
+ $htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext);
+ $htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext);
+ $htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext);
+ $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext);
+ $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext);
+
+ echo $htmltext;
+}
+
+function portal_mac_radius($clientmac,$clientip) {
+ global $config ;
+
+ $radmac_secret = $config['captiveportal']['radmac_secret'];
+
+ /* authentication against the radius server */
+ $username = mac_format($clientmac);
+ $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN");
+ if ($auth_list['auth_val'] == 2)
+ return TRUE;
+ if (!empty($auth_list['url_redirection']))
+ portal_reply_page($auth_list['url_redirection'], "redir");
+
+ return FALSE;
+}
+
+function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null) {
+
+ global $redirurl, $g, $config, $type, $passthrumac, $_POST;
+
+ /* See if a ruleno is passed, if not start sessions because this means there isn't one atm */
+ if ($ruleno == null)
+ $ruleno = captiveportal_get_next_ipfw_ruleno();
+
+ /* if the pool is empty, return appropriate message and exit */
+ if (is_null($ruleno)) {
+ portal_reply_page($redirurl, "error", "System reached maximum login capacity");
+ log_error("WARNING! Captive portal has reached maximum login capacity");
+ exit;
+ }
+
+ // Ensure we create an array if we are missing attributes
+ if (!is_array($attributes))
+ $attributes = array();
+
+ /* read in client database */
+ $cpdb = captiveportal_read_db();
+
+ $radiusservers = captiveportal_get_radius_servers();
+
+ if ($attributes['voucher'])
+ $remaining_time = $attributes['session_timeout'];
+
+ $writecfg = false;
+ /* Find an existing session */
+ if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
+ if (isset($config['captiveportal']['passthrumacadd'])) {
+ $mac = captiveportal_passthrumac_findbyname($username);
+ if (!empty($mac)) {
+ if ($_POST['replacemacpassthru']) {
+ foreach ($config['captiveportal']['passthrumac'] as $idx => $macent) {
+ if ($macent['mac'] == $mac['mac']) {
+ $macrules = "";
+ $ruleno = captiveportal_get_ipfw_passthru_ruleno($mac['mac']);
+ if ($ruleno) {
+ captiveportal_free_ipfw_ruleno($ruleno, true);
+ $macrules .= "delete {$ruleno}\n";
+ ++$ruleno;
+ $macrules .= "delete {$ruleno}\n";
+ }
+ unset($config['captiveportal']['passthrumac'][$idx]);
+ $mac['mac'] = $clientmac;
+ $config['captiveportal']['passthrumac'][] = $mac;
+ $macrules .= captiveportal_passthrumac_configure_entry($mac);
+ file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules);
+ mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
+ $writecfg = true;
+ $sessionid = true;
+ break;
+ }
+ }
+ } else {
+ portal_reply_page($redirurl, "error", "Username: {$username} is already authenticated using another MAC address.",
+ $clientmac, $clientip, $username, $password);
+ exit;
+ }
+ }
+ }
+ }
+
+ $nousers = count($cpdb);
+ for ($i = 0; $i < $nousers; $i++) {
+ /* on the same ip */
+ if($cpdb[$i][2] == $clientip) {
+ captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION");
+ $sessionid = $cpdb[$i][5];
+ break;
+ }
+ elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpdb[$i][4] == $username)) {
+ // user logged in with an active voucher. Check for how long and calculate
+ // how much time we can give him (voucher credit - used time)
+ $remaining_time = $cpdb[$i][0] + $cpdb[$i][7] - time();
+ if ($remaining_time < 0) // just in case.
+ $remaining_time = 0;
+
+ /* This user was already logged in so we disconnect the old one */
+ captiveportal_disconnect($cpdb[$i],$radiusservers,13);
+ captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
+ unset($cpdb[$i]);
+ break;
+ }
+ elseif ((isset($config['captiveportal']['noconcurrentlogins'])) && ($username != 'unauthenticated')) {
+ /* on the same username */
+ if (strcasecmp($cpdb[$i][4], $username) == 0) {
+ /* This user was already logged in so we disconnect the old one */
+ captiveportal_disconnect($cpdb[$i],$radiusservers,13);
+ captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
+ unset($cpdb[$i]);
+ break;
+ }
+ }
+ }
+
+ if ($attributes['voucher'] && $remaining_time <= 0)
+ return 0; // voucher already used and no time left
+
+ if (!isset($sessionid)) {
+ /* generate unique session ID */
+ $tod = gettimeofday();
+ $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16);
+
+ /* Add rules for traffic shaping
+ * We don't need to add extra rules since traffic will pass due to the following kernel option
+ * net.inet.ip.fw.one_pass: 1
+ */
+ $peruserbw = isset($config['captiveportal']['peruserbw']);
+
+ $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup'];
+ $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn'];
+
+ if ($passthrumac) {
+ $mac = array();
+ $mac['mac'] = $clientmac;
+ if (isset($config['captiveportal']['passthrumacaddusername']))
+ $mac['username'] = $username;
+ $mac['descr'] = "Auto added pass-through MAC for user {$username}";
+ if (!empty($bw_up))
+ $mac['bw_up'] = $bw_up;
+ if (!empty($bw_down))
+ $mac['bw_down'] = $bw_down;
+ if (!is_array($config['captiveportal']['passthrumac']))
+ $config['captiveportal']['passthrumac'] = array();
+ $config['captiveportal']['passthrumac'][] = $mac;
+ $macrules = captiveportal_passthrumac_configure_entry($mac);
+ file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules);
+ mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
+ $writecfg = true;
+ } else {
+ if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) {
+ $bw_up_pipeno = $ruleno + 20000;
+ //$bw_up /= 1000; // Scale to Kbit/s
+ mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
+
+ if (!isset($config['captiveportal']['nomacfilter']))
+ mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}");
+ else
+ mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}");
+ } else {
+ if (!isset($config['captiveportal']['nomacfilter']))
+ mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}");
+ else
+ mwexec("/sbin/ipfw table 1 add {$clientip}");
+ }
+ if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
+ $bw_down_pipeno = $ruleno + 20001;
+ //$bw_down /= 1000; // Scale to Kbit/s
+ mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
+
+ if (!isset($config['captiveportal']['nomacfilter']))
+ mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}");
+ else
+ mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}");
+ } else {
+ if (!isset($config['captiveportal']['nomacfilter']))
+ mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}");
+ else
+ mwexec("/sbin/ipfw table 2 add {$clientip}");
+ }
+
+ if ($attributes['voucher'])
+ $attributes['session_timeout'] = $remaining_time;
+
+ /* encode password in Base64 just in case it contains commas */
+ $bpassword = base64_encode($password);
+ $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword,
+ $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']);
+
+ if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) {
+ $acct_val = RADIUS_ACCOUNTING_START($ruleno,
+ $username, $sessionid, $radiusservers, $clientip, $clientmac);
+ if ($acct_val == 1)
+ captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED");
+ }
+
+ /* rewrite information to database */
+ captiveportal_write_db($cpdb);
+ }
+ }
+
+ if ($writecfg == true)
+ write_config();
+
+ /* redirect user to desired destination */
+ if (!empty($attributes['url_redirection']))
+ $my_redirurl = $attributes['url_redirection'];
+ else if ($config['captiveportal']['redirurl'])
+ $my_redirurl = $config['captiveportal']['redirurl'];
+ else
+ $my_redirurl = $redirurl;
+
+ if(isset($config['captiveportal']['logoutwin_enable']) && !$passthrumac) {
+
+ if (isset($config['captiveportal']['httpslogin']))
+ $logouturl = "https://{$config['captiveportal']['httpsname']}:8001/";
+ else {
+ $ifip = portal_ip_from_client_ip($clientip);
+ if (!$ifip)
+ $ourhostname = $config['system']['hostname'] . ":8000";
+ else
+ $ourhostname = "{$ifip}:8000";
+ $logouturl = "http://{$ourhostname}/";
+ }
+
+ if (isset($attributes['reply_message']))
+ $message = $attributes['reply_message'];
+ else
+ $message = 0;
+
+ include("{$g['varetc_path']}/captiveportal-logout.html");
+
+ } else {
+ header("Location: " . $my_redirurl);
+ }
+
+ return $sessionid;
+}
+
+
+
+/* remove a single client by session ID
+ * by Dinesh Nair
+ */
+function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) {
+ global $g, $config;
+
+ /* read database */
+ $cpdb = captiveportal_read_db();
+
+ $radiusservers = captiveportal_get_radius_servers();
+
+ /* find entry */
+ $dbcount = count($cpdb);
+ for ($i = 0; $i < $dbcount; $i++) {
+ if ($cpdb[$i][5] == $sessionid) {
+ captiveportal_disconnect($cpdb[$i],$radiusservers, $term_cause);
+ captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason);
+ unset($cpdb[$i]);
+ break;
+ }
+ }
+
+ /* write database */
+ captiveportal_write_db($cpdb);
+}
+
+/*
+ * Used for when pass-through credits are enabled.
+ * Returns true when there was at least one free login to deduct for the MAC.
+ * Expired entries are removed as they are seen.
+ * Active entries are updated according to the configuration.
+ */
+function portal_consume_passthrough_credit($clientmac) {
+ global $config;
+
+ if (!empty($config['captiveportal']['freelogins_count']) && is_numeric($config['captiveportal']['freelogins_count']))
+ $freeloginscount = $config['captiveportal']['freelogins_count'];
+ else
+ return false;
+
+ if (!empty($config['captiveportal']['freelogins_resettimeout']) && is_numeric($config['captiveportal']['freelogins_resettimeout']))
+ $resettimeout = $config['captiveportal']['freelogins_resettimeout'];
+ else
+ return false;
+
+ if ($freeloginscount < 1 || $resettimeout <= 0 || !clientmac)
+ return false;
+
+ $updatetimeouts = isset($config['captiveportal']['freelogins_updatetimeouts']);
+
+ /*
+ * Read database of used MACs. Lines are a comma-separated list
+ * of the time, MAC, then the count of pass-through credits remaining.
+ */
+ $usedmacs = captiveportal_read_usedmacs_db();
+
+ $currenttime = time();
+ $found = false;
+ foreach ($usedmacs as $key => $usedmac) {
+ $usedmac = explode(",", $usedmac);
+
+ if ($usedmac[1] == $clientmac) {
+ if ($usedmac[0] + ($resettimeout * 3600) > $currenttime) {
+ if ($usedmac[2] < 1) {
+ if ($updatetimeouts) {
+ $usedmac[0] = $currenttime;
+ unset($usedmacs[$key]);
+ $usedmacs[] = implode(",", $usedmac);
+ captiveportal_write_usedmacs_db($usedmacs);
+ }
+
+ return false;
+ } else {
+ $usedmac[2] -= 1;
+ $usedmacs[$key] = implode(",", $usedmac);
+ }
+
+ $found = true;
+ } else
+ unset($usedmacs[$key]);
+
+ break;
+ } else if ($usedmac[0] + ($resettimeout * 3600) <= $currenttime)
+ unset($usedmacs[$key]);
+ }
+
+ if (!$found) {
+ $usedmac = array($currenttime, $clientmac, $freeloginscount - 1);
+ $usedmacs[] = implode(",", $usedmac);
+ }
+
+ captiveportal_write_usedmacs_db($usedmacs);
+ return true;
+}
+
+function captiveportal_read_usedmacs_db() {
+ global $g;
+
+ $cpumaclck = lock('captiveusedmacs');
+ if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs.db")) {
+ $usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+ if (!usedmacs)
+ $usedmacs = array();
+ } else
+ $usedmacs = array();
+
+ unlock($cpumaclck);
+ return $usedmacs;
+}
+
+function captiveportal_write_usedmacs_db($usedmacs) {
+ global $g;
+
+ $cpumaclck = lock('captiveusedmacs', LOCK_EX);
+ @file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs));
+ unlock($cpumaclck);
+}
+
+
+
?>
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc
index cc61d9b..8d5604f 100644
--- a/etc/inc/certs.inc
+++ b/etc/inc/certs.inc
@@ -417,7 +417,8 @@ function is_ipsec_cert($certref) {
function is_webgui_cert($certref) {
global $config;
- if ($config['system']['webgui']['ssl-certref'] == $certref)
+ if (($config['system']['webgui']['ssl-certref'] == $certref)
+ && ($config['system']['webgui']['protocol'] != "http"))
return true;
}
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 00a3600..a51c36e 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1820,7 +1820,7 @@ function filter_generate_user_rule($rule) {
update_filter_reload_status("Setting up pass/block rules {$rule['descr']}");
/* do not process reply-to for gateway'd rules */
- if($rule['gateway'] == "" && $aline['direction'] <> "" && interface_has_gateway($rule['interface']) && !isset($rule['disablereplyto'])) {
+ if($rule['gateway'] == "" && $aline['direction'] <> "" && interface_has_gateway($rule['interface']) && !isset($config['system']['disablereplyto'])) {
if($rule['ipprotocol'] == "inet6") {
$rg = get_interface_gateway_v6($rule['interface']);
if(is_ipaddrv6($rg)) {
@@ -1847,7 +1847,7 @@ function filter_generate_user_rule($rule) {
/* Add the load balanced gateways */
$aline['route'] = " \$GW{$rule['gateway']} ";
else
- log_error("The gateway: {$rule['gateway']} is invalid/unkown not using it.");
+ log_error("The gateway: {$rule['gateway']} is invalid or unknown, not using it.");
}
if(isset($rule['protocol'])) {
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index a0741f9..a6d802d 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -3658,7 +3658,7 @@ function is_altq_capable($int) {
* http://www.freebsd.org/cgi/man.cgi?query=altq&manpath=FreeBSD+7.2-current&format=html
* Only the following drivers have ALTQ support
*/
- $capable = array("age", "ale", "an", "ath", "aue", "awi", "bce",
+ $capable = array("age", "alc", "ale", "an", "ath", "aue", "awi", "bce",
"bfe", "bge", "dc", "de", "ed", "em", "ep", "fxp", "gem",
"hme", "igb", "ipw", "iwi", "jme", "le", "lem", "msk", "mxge", "my", "nfe",
"npe", "nve", "ral", "re", "rl", "rum", "run", "bwn", "sf", "sis", "sk",
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc
index 2653297..e15a14c 100644
--- a/etc/inc/ipsec.inc
+++ b/etc/inc/ipsec.inc
@@ -143,11 +143,13 @@ function ipsec_get_phase1_src(& $ph1ent) {
* Return phase1 local address
*/
function ipsec_get_phase1_dst(& $ph1ent) {
+ global $g;
$rg = $ph1ent['remote-gateway'];
- if (!is_ipaddr($rg))
- return resolve_retry($rg);
-
+ if (!is_ipaddr($rg)) {
+ if(! $g['booting'])
+ return resolve_retry($rg);
+ }
if(!is_ipaddr($rg))
return false;
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index caf8006..624098d 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -159,8 +159,9 @@ function vpn_ipsec_configure($ipchg = false)
if (!is_ipaddr($rg)) {
$filterdns_list[] = "{$rg}";
add_hostname_to_watch($rg);
- $rg = resolve_retry($rg);
- if (!$rg)
+ if(! $g['booting'])
+ $rg = resolve_retry($rg);
+ if (!is_ipaddr($rg))
continue;
}
@@ -813,6 +814,8 @@ EOD;
continue;
$rgip = $rgmap[$ph1ent['remote-gateway']];
+ if(!is_ipaddr($rgip))
+ continue;
$localid = ipsec_idinfo_to_cidr($ph2ent['localid'],true);
$remoteid = ipsec_idinfo_to_cidr($ph2ent['remoteid'],true);
@@ -844,7 +847,7 @@ EOD;
else
$parentinterface = $ph1ent['interface'];
- if ($parentinterface <> "wan") {
+ if (($parentinterface <> "wan") && (is_ipaddr($rgip))) {
/* add endpoint routes to correct gateway on interface */
if (interface_has_gateway($parentinterface)) {
$gatewayip = get_interface_gateway("$parentinterface");
@@ -862,7 +865,7 @@ EOD;
}
}
}
- } else {
+ } elseif(is_ipaddr($rgip)) {
if(stristr($route_str, "{$rgip}")) {
mwexec("/sbin/route delete -host {$rgip}", true);
}
@@ -1676,10 +1679,15 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) {
/* see if this tunnel has a hostname for the remote-gateway, and if so,
* try to resolve it now and add it to the list for filterdns */
+ $rgip = "";
if (!is_ipaddr($phase1['remote-gateway'])) {
- $rgip = resolve_retry($phase1['remote-gateway']);
- add_hostname_to_watch($phase1['remote-gateway']);
- if (!$rgip) {
+ if(! $g['booting']) {
+ $rgip = resolve_retry($phase1['remote-gateway']);
+ add_hostname_to_watch($phase1['remote-gateway']);
+ } else {
+ add_hostname_to_watch($phase1['remote-gateway']);
+ }
+ if (!is_ipaddr($rgip)) {
log_error("Could not determine VPN endpoint for '{$phase1['descr']}'");
return false;
}
diff --git a/etc/rc.bootup b/etc/rc.bootup
index b6c8eab..6cff6ac 100755
--- a/etc/rc.bootup
+++ b/etc/rc.bootup
@@ -324,6 +324,8 @@ system_do_shell_commands();
/* start IPsec tunnels */
vpn_ipsec_configure();
+/* Reload dynamic hostname tunnels after bootup finishes */
+mwexec_bg("/etc/rc.newipsecdns");
/* start SNMP service */
services_snmpd_configure();
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php
index caaa4d2..30dec37 100755
--- a/usr/local/captiveportal/index.php
+++ b/usr/local/captiveportal/index.php
@@ -204,411 +204,5 @@ EOD;
exit;
-function portal_reply_page($redirurl, $type = null, $message = null, $clientmac = null, $clientip = null, $username = null, $password = null) {
- global $g, $config;
-
- /* Get captive portal layout */
- if ($type == "redir") {
- header("Location: {$redirurl}");
- return;
- } else if ($type == "login")
- $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal.html");
- else
- $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-error.html");
-
- /* substitute the PORTAL_REDIRURL variable */
- if ($config['captiveportal']['preauthurl']) {
- $htmltext = str_replace("\$PORTAL_REDIRURL\$", "{$config['captiveportal']['preauthurl']}", $htmltext);
- $htmltext = str_replace("#PORTAL_REDIRURL#", "{$config['captiveportal']['preauthurl']}", $htmltext);
- }
-
- /* substitute other variables */
- if (isset($config['captiveportal']['httpslogin'])) {
- $htmltext = str_replace("\$PORTAL_ACTION\$", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
- $htmltext = str_replace("#PORTAL_ACTION#", "https://{$config['captiveportal']['httpsname']}:8001/", $htmltext);
- } else {
- $ifip = portal_ip_from_client_ip($clientip);
- if (!$ifip)
- $ourhostname = $config['system']['hostname'] . ":8000";
- else
- $ourhostname = "{$ifip}:8000";
- $htmltext = str_replace("\$PORTAL_ACTION\$", "http://{$ourhostname}/", $htmltext);
- $htmltext = str_replace("#PORTAL_ACTION#", "http://{$ourhostname}/", $htmltext);
- }
-
- $htmltext = str_replace("\$PORTAL_REDIRURL\$", htmlspecialchars($redirurl), $htmltext);
- $htmltext = str_replace("\$PORTAL_MESSAGE\$", htmlspecialchars($message), $htmltext);
- $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext);
- $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext);
-
- // Special handling case for captive portal master page so that it can be ran
- // through the PHP interpreter using the include method above. We convert the
- // $VARIABLE$ case to #VARIABLE# in /etc/inc/captiveportal.inc before writing out.
- $htmltext = str_replace("#PORTAL_REDIRURL#", htmlspecialchars($redirurl), $htmltext);
- $htmltext = str_replace("#PORTAL_MESSAGE#", htmlspecialchars($message), $htmltext);
- $htmltext = str_replace("#CLIENT_MAC#", htmlspecialchars($clientmac), $htmltext);
- $htmltext = str_replace("#CLIENT_IP#", htmlspecialchars($clientip), $htmltext);
- $htmltext = str_replace("#USERNAME#", htmlspecialchars($username), $htmltext);
- $htmltext = str_replace("#PASSWORD#", htmlspecialchars($password), $htmltext);
-
- echo $htmltext;
-}
-
-function portal_mac_radius($clientmac,$clientip) {
- global $config ;
-
- $radmac_secret = $config['captiveportal']['radmac_secret'];
-
- /* authentication against the radius server */
- $username = mac_format($clientmac);
- $auth_list = radius($username,$radmac_secret,$clientip,$clientmac,"MACHINE LOGIN");
- if ($auth_list['auth_val'] == 2)
- return TRUE;
- if (!empty($auth_list['url_redirection']))
- portal_reply_page($auth_list['url_redirection'], "redir");
-
- return FALSE;
-}
-
-function portal_allow($clientip,$clientmac,$username,$password = null, $attributes = null, $ruleno = null) {
-
- global $redirurl, $g, $config, $type, $passthrumac, $_POST;
-
- /* See if a ruleno is passed, if not start sessions because this means there isn't one atm */
- if ($ruleno == null)
- $ruleno = captiveportal_get_next_ipfw_ruleno();
-
- /* if the pool is empty, return appropriate message and exit */
- if (is_null($ruleno)) {
- portal_reply_page($redirurl, "error", "System reached maximum login capacity");
- log_error("WARNING! Captive portal has reached maximum login capacity");
- exit;
- }
-
- // Ensure we create an array if we are missing attributes
- if (!is_array($attributes))
- $attributes = array();
-
- /* read in client database */
- $cpdb = captiveportal_read_db();
-
- $radiusservers = captiveportal_get_radius_servers();
-
- if ($attributes['voucher'])
- $remaining_time = $attributes['session_timeout'];
-
- $writecfg = false;
- /* Find an existing session */
- if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
- if (isset($config['captiveportal']['passthrumacadd'])) {
- $mac = captiveportal_passthrumac_findbyname($username);
- if (!empty($mac)) {
- if ($_POST['replacemacpassthru']) {
- foreach ($config['captiveportal']['passthrumac'] as $idx => $macent) {
- if ($macent['mac'] == $mac['mac']) {
- $macrules = "";
- $ruleno = captiveportal_get_ipfw_passthru_ruleno($mac['mac']);
- if ($ruleno) {
- captiveportal_free_ipfw_ruleno($ruleno, true);
- $macrules .= "delete {$ruleno}\n";
- ++$ruleno;
- $macrules .= "delete {$ruleno}\n";
- }
- unset($config['captiveportal']['passthrumac'][$idx]);
- $mac['mac'] = $clientmac;
- $config['captiveportal']['passthrumac'][] = $mac;
- $macrules .= captiveportal_passthrumac_configure_entry($mac);
- file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules);
- mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
- $writecfg = true;
- $sessionid = true;
- break;
- }
- }
- } else {
- portal_reply_page($redirurl, "error", "Username: {$username} is already authenticated using another MAC address.",
- $clientmac, $clientip, $username, $password);
- exit;
- }
- }
- }
- }
-
- $nousers = count($cpdb);
- for ($i = 0; $i < $nousers; $i++) {
- /* on the same ip */
- if($cpdb[$i][2] == $clientip) {
- captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - REUSING OLD SESSION");
- $sessionid = $cpdb[$i][5];
- break;
- }
- elseif (($attributes['voucher']) && ($username != 'unauthenticated') && ($cpdb[$i][4] == $username)) {
- // user logged in with an active voucher. Check for how long and calculate
- // how much time we can give him (voucher credit - used time)
- $remaining_time = $cpdb[$i][0] + $cpdb[$i][7] - time();
- if ($remaining_time < 0) // just in case.
- $remaining_time = 0;
-
- /* This user was already logged in so we disconnect the old one */
- captiveportal_disconnect($cpdb[$i],$radiusservers,13);
- captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
- unset($cpdb[$i]);
- break;
- }
- elseif ((isset($config['captiveportal']['noconcurrentlogins'])) && ($username != 'unauthenticated')) {
- /* on the same username */
- if (strcasecmp($cpdb[$i][4], $username) == 0) {
- /* This user was already logged in so we disconnect the old one */
- captiveportal_disconnect($cpdb[$i],$radiusservers,13);
- captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],"CONCURRENT LOGIN - TERMINATING OLD SESSION");
- unset($cpdb[$i]);
- break;
- }
- }
- }
-
- if ($attributes['voucher'] && $remaining_time <= 0)
- return 0; // voucher already used and no time left
-
- if (!isset($sessionid)) {
- /* generate unique session ID */
- $tod = gettimeofday();
- $sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16);
-
- /* Add rules for traffic shaping
- * We don't need to add extra rules since traffic will pass due to the following kernel option
- * net.inet.ip.fw.one_pass: 1
- */
- $peruserbw = isset($config['captiveportal']['peruserbw']);
-
- $bw_up = isset($attributes['bw_up']) ? trim($attributes['bw_up']) : $config['captiveportal']['bwdefaultup'];
- $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn'];
-
- if ($passthrumac) {
- $mac = array();
- $mac['mac'] = $clientmac;
- if (isset($config['captiveportal']['passthrumacaddusername']))
- $mac['username'] = $username;
- $mac['descr'] = "Auto added pass-through MAC for user {$username}";
- if (!empty($bw_up))
- $mac['bw_up'] = $bw_up;
- if (!empty($bw_down))
- $mac['bw_down'] = $bw_down;
- if (!is_array($config['captiveportal']['passthrumac']))
- $config['captiveportal']['passthrumac'] = array();
- $config['captiveportal']['passthrumac'][] = $mac;
- $macrules = captiveportal_passthrumac_configure_entry($mac);
- file_put_contents("{$g['tmp_path']}/macentry.rules.tmp", $macrules);
- mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
- $writecfg = true;
- } else {
- if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) {
- $bw_up_pipeno = $ruleno + 20000;
- //$bw_up /= 1000; // Scale to Kbit/s
- mwexec("/sbin/ipfw pipe {$bw_up_pipeno} config bw {$bw_up}Kbit/s queue 100");
-
- if (!isset($config['captiveportal']['nomacfilter']))
- mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac} {$bw_up_pipeno}");
- else
- mwexec("/sbin/ipfw table 1 add {$clientip} {$bw_up_pipeno}");
- } else {
- if (!isset($config['captiveportal']['nomacfilter']))
- mwexec("/sbin/ipfw table 1 add {$clientip} mac {$clientmac}");
- else
- mwexec("/sbin/ipfw table 1 add {$clientip}");
- }
- if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) {
- $bw_down_pipeno = $ruleno + 20001;
- //$bw_down /= 1000; // Scale to Kbit/s
- mwexec("/sbin/ipfw pipe {$bw_down_pipeno} config bw {$bw_down}Kbit/s queue 100");
-
- if (!isset($config['captiveportal']['nomacfilter']))
- mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac} {$bw_down_pipeno}");
- else
- mwexec("/sbin/ipfw table 2 add {$clientip} {$bw_down_pipeno}");
- } else {
- if (!isset($config['captiveportal']['nomacfilter']))
- mwexec("/sbin/ipfw table 2 add {$clientip} mac {$clientmac}");
- else
- mwexec("/sbin/ipfw table 2 add {$clientip}");
- }
-
- if ($attributes['voucher'])
- $attributes['session_timeout'] = $remaining_time;
-
- /* encode password in Base64 just in case it contains commas */
- $bpassword = base64_encode($password);
- $cpdb[] = array(time(), $ruleno, $clientip, $clientmac, $username, $sessionid, $bpassword,
- $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time']);
-
- if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) {
- $acct_val = RADIUS_ACCOUNTING_START($ruleno,
- $username, $sessionid, $radiusservers, $clientip, $clientmac);
- if ($acct_val == 1)
- captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED");
- }
-
- /* rewrite information to database */
- captiveportal_write_db($cpdb);
- }
- }
-
- if ($writecfg == true)
- write_config();
-
- /* redirect user to desired destination */
- if (!empty($attributes['url_redirection']))
- $my_redirurl = $attributes['url_redirection'];
- else if ($config['captiveportal']['redirurl'])
- $my_redirurl = $config['captiveportal']['redirurl'];
- else
- $my_redirurl = $redirurl;
-
- if(isset($config['captiveportal']['logoutwin_enable']) && !$passthrumac) {
-
- if (isset($config['captiveportal']['httpslogin']))
- $logouturl = "https://{$config['captiveportal']['httpsname']}:8001/";
- else {
- $ifip = portal_ip_from_client_ip($clientip);
- if (!$ifip)
- $ourhostname = $config['system']['hostname'] . ":8000";
- else
- $ourhostname = "{$ifip}:8000";
- $logouturl = "http://{$ourhostname}/";
- }
-
- if (isset($attributes['reply_message']))
- $message = $attributes['reply_message'];
- else
- $message = 0;
-
- include("{$g['varetc_path']}/captiveportal-logout.html");
-
- } else {
- header("Location: " . $my_redirurl);
- }
-
- return $sessionid;
-}
-
-
-
-/* remove a single client by session ID
- * by Dinesh Nair
- */
-function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) {
- global $g, $config;
-
- /* read database */
- $cpdb = captiveportal_read_db();
-
- $radiusservers = captiveportal_get_radius_servers();
-
- /* find entry */
- $dbcount = count($cpdb);
- for ($i = 0; $i < $dbcount; $i++) {
- if ($cpdb[$i][5] == $sessionid) {
- captiveportal_disconnect($cpdb[$i],$radiusservers, $term_cause);
- captiveportal_logportalauth($cpdb[$i][4],$cpdb[$i][3],$cpdb[$i][2],$logoutReason);
- unset($cpdb[$i]);
- break;
- }
- }
-
- /* write database */
- captiveportal_write_db($cpdb);
-}
-
-/*
- * Used for when pass-through credits are enabled.
- * Returns true when there was at least one free login to deduct for the MAC.
- * Expired entries are removed as they are seen.
- * Active entries are updated according to the configuration.
- */
-function portal_consume_passthrough_credit($clientmac) {
- global $config;
-
- if (!empty($config['captiveportal']['freelogins_count']) && is_numeric($config['captiveportal']['freelogins_count']))
- $freeloginscount = $config['captiveportal']['freelogins_count'];
- else
- return false;
-
- if (!empty($config['captiveportal']['freelogins_resettimeout']) && is_numeric($config['captiveportal']['freelogins_resettimeout']))
- $resettimeout = $config['captiveportal']['freelogins_resettimeout'];
- else
- return false;
-
- if ($freeloginscount < 1 || $resettimeout <= 0 || !clientmac)
- return false;
-
- $updatetimeouts = isset($config['captiveportal']['freelogins_updatetimeouts']);
-
- /*
- * Read database of used MACs. Lines are a comma-separated list
- * of the time, MAC, then the count of pass-through credits remaining.
- */
- $usedmacs = captiveportal_read_usedmacs_db();
-
- $currenttime = time();
- $found = false;
- foreach ($usedmacs as $key => $usedmac) {
- $usedmac = explode(",", $usedmac);
-
- if ($usedmac[1] == $clientmac) {
- if ($usedmac[0] + ($resettimeout * 3600) > $currenttime) {
- if ($usedmac[2] < 1) {
- if ($updatetimeouts) {
- $usedmac[0] = $currenttime;
- unset($usedmacs[$key]);
- $usedmacs[] = implode(",", $usedmac);
- captiveportal_write_usedmacs_db($usedmacs);
- }
-
- return false;
- } else {
- $usedmac[2] -= 1;
- $usedmacs[$key] = implode(",", $usedmac);
- }
-
- $found = true;
- } else
- unset($usedmacs[$key]);
-
- break;
- } else if ($usedmac[0] + ($resettimeout * 3600) <= $currenttime)
- unset($usedmacs[$key]);
- }
-
- if (!$found) {
- $usedmac = array($currenttime, $clientmac, $freeloginscount - 1);
- $usedmacs[] = implode(",", $usedmac);
- }
-
- captiveportal_write_usedmacs_db($usedmacs);
- return true;
-}
-
-function captiveportal_read_usedmacs_db() {
- global $g;
-
- $cpumaclck = lock('captiveusedmacs');
- if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs.db")) {
- $usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
- if (!usedmacs)
- $usedmacs = array();
- } else
- $usedmacs = array();
-
- unlock($cpumaclck);
- return $usedmacs;
-}
-
-function captiveportal_write_usedmacs_db($usedmacs) {
- global $g;
-
- $cpumaclck = lock('captiveusedmacs', LOCK_EX);
- @file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs));
- unlock($cpumaclck);
-}
?>
diff --git a/usr/local/www/diag_defaults.php b/usr/local/www/diag_defaults.php
index 85c05da..612e02a 100755
--- a/usr/local/www/diag_defaults.php
+++ b/usr/local/www/diag_defaults.php
@@ -73,7 +73,7 @@ include("head.inc");
<li><?=gettext("Reboot after changes are installed");?></li>
<li><?=gettext("WAN interface will be set to obtain an address automatically from a DHCP server");?></li>
<li><?=gettext("webConfigurator admin username will be reset to 'admin'");?></li>
- <li><?=gettext("webConfigurator admin password will be reset to");?> '<?=$g['product_name']?>'</li>
+ <li><?=gettext("webConfigurator admin password will be reset to");?> '<?=$g['factory_shipped_password']?>'</li>
</ul>
<?=gettext("Are you sure you want to proceed?");?></strong></p>
diff --git a/usr/local/www/diag_ipsec_xml.php b/usr/local/www/diag_ipsec_xml.php
new file mode 100644
index 0000000..4b9d6ea
--- /dev/null
+++ b/usr/local/www/diag_ipsec_xml.php
@@ -0,0 +1,83 @@
+<?php
+/* $Id$ */
+/*
+ diag_ipsec_xml.php
+ Copyright (C) 2007 pfSense Project
+ Copyright (C) 2010 Seth Mos
+ All rights reserved.
+
+ Parts of this code was originally based on vpn_ipsec_sad.php
+ Copyright (C) 2003-2004 Manuel Kasper
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-ipsecxml
+##|*NAME=Diag IPsec XML page
+##|*DESCR=Allow access to the 'Diag IPsec XML' page.
+##|*MATCH=diag_ipsec_xml.php
+##|-PRIV
+
+global $g;
+$nocsrf = true;
+
+require("guiconfig.inc");
+require("ipsec.inc");
+
+if (!is_array($config['ipsec']['phase2']))
+ $config['ipsec']['phase2'] = array();
+
+$ipsec_status = array();
+
+$a_phase2 = &$config['ipsec']['phase2'];
+
+$spd = ipsec_dump_spd();
+$sad = ipsec_dump_sad();
+
+if(is_array($a_phase2)) {
+ foreach ($a_phase2 as $ph2ent) {
+ ipsec_lookup_phase1($ph2ent,$ph1ent);
+ $tunnel = array();
+ if (!isset($ph2ent['disabled']) && !isset($ph1ent['disabled'])) {
+ if(ipsec_phase2_status($spd,$sad,$ph1ent,$ph2ent))
+ $tunnel['state'] = "up";
+ elseif(!isset($config['ipsec']['enable']))
+ $tunnel['state'] = "disabled";
+ else
+ $tunnel['state'] = "down";
+
+ $tunnel['src'] = ipsec_get_phase1_src($ph1ent);
+ $tunnel['endpoint'] = $ph1ent['remote-gateway'];
+ $tunnel['local'] = ipsec_idinfo_to_text($ph2ent['localid']);
+ $tunnel['remote'] = ipsec_idinfo_to_text($ph2ent['remoteid']);
+ $tunnel['name'] = "{$ph2ent['descr']}";
+ $ipsec_status['tunnel'][] = $tunnel;
+ }
+ }
+}
+
+$listtags = array("tunnel");
+$xml = dump_xml_config($ipsec_status, "ipsec");
+
+echo $xml;
+?>
diff --git a/usr/local/www/diag_logs_ipsec.php b/usr/local/www/diag_logs_ipsec.php
index b0bba94..560cd1a 100755
--- a/usr/local/www/diag_logs_ipsec.php
+++ b/usr/local/www/diag_logs_ipsec.php
@@ -54,6 +54,8 @@ $replace = array();
if(is_array($config['ipsec']['phase1']))
foreach($config['ipsec']['phase1'] as $ph1ent) {
$gateway = ipsec_get_phase1_dst($ph1ent);
+ if(!is_ipaddr($gateway))
+ continue;
$search[] = "/(racoon: )([A-Z:].*?)({$gateway}\[[0-9].+\]|{$gateway})(.*)/i";
$replace[] = "$1<strong>[{$ph1ent['descr']}]</strong>: $2$3$4";
}
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 8ab5670..e4cb57f 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -1151,7 +1151,7 @@ $i--): ?>
<br/><center>
<input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center>
<br/>
- <span class="vexpl"><?=gettext("Use this to choose TCP flags that must".
+ <span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
"be set or cleared for this rule to match.");?></span>
</div>
</td>
diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php
index 3d2cec0..5dca193 100755
--- a/usr/local/www/interfaces_assign.php
+++ b/usr/local/www/interfaces_assign.php
@@ -298,7 +298,7 @@ if ($_GET['act'] == "del") {
* then ensure that we are not running DHCP on the wan which
* will make a lot of ISP's unhappy.
*/
- if($config['interfaces']['lan']) {
+ if($config['interfaces']['lan'] && $config['dhcpd']['wan']) {
unset($config['dhcpd']['wan']);
}
diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php
index 32c9463..b3485f0 100755
--- a/usr/local/www/pkg.php
+++ b/usr/local/www/pkg.php
@@ -238,15 +238,17 @@ if ($pkg['tabs'] <> "") {
$page = 1;
$tmpcount = 0;
$tmppp = 0;
- foreach ($evaledvar as $ipa) {
- if($tmpcount == $display_maximum_rows) {
- $page++;
- $tmpcount = 0;
+ if(is_array($evaledvar)) {
+ foreach ($evaledvar as $ipa) {
+ if($tmpcount == $display_maximum_rows) {
+ $page++;
+ $tmpcount = 0;
+ }
+ if($tmppp == $startdisplayingat)
+ break;
+ $tmpcount++;
+ $tmppp++;
}
- if($tmppp == $startdisplayingat)
- break;
- $tmpcount++;
- $tmppp++;
}
echo "<tr><td colspan='" . count($pkg['adddeleteeditpagefields']['columnitem']) . "'>";
echo "<table width='100%'>";
diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php
index 02fb8d3..78a3362 100755
--- a/usr/local/www/pkg_mgr_installed.php
+++ b/usr/local/www/pkg_mgr_installed.php
@@ -129,6 +129,7 @@ include("head.inc");
}
} else {
// unknown available package version
+ $pkgver = "";
if(!strcmp($pkg['version'], $latest_package)) {
$tdclass = "listr";
$pkgver = $pkg['version'];
diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php
index 4535f6b..defb275 100755
--- a/usr/local/www/services_dnsmasq.php
+++ b/usr/local/www/services_dnsmasq.php
@@ -28,7 +28,7 @@
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
-/*
+/*
pfSense_MODULE: dnsforwarder
*/
@@ -44,18 +44,18 @@ require_once("functions.inc");
require_once("filter.inc");
require_once("shaper.inc");
-$pconfig['enable'] = isset($config['dnsmasq']['enable']);
+$pconfig['enable'] = isset($config['dnsmasq']['enable']);
$pconfig['regdhcp'] = isset($config['dnsmasq']['regdhcp']);
$pconfig['regdhcpstatic'] = isset($config['dnsmasq']['regdhcpstatic']);
-if (!is_array($config['dnsmasq']['hosts']))
+if (!is_array($config['dnsmasq']['hosts']))
$config['dnsmasq']['hosts'] = array();
-if (!is_array($config['dnsmasq']['domainoverrides']))
- $config['dnsmasq']['domainoverrides'] = array();
+if (!is_array($config['dnsmasq']['domainoverrides']))
+ $config['dnsmasq']['domainoverrides'] = array();
-$a_hosts = &$config['dnsmasq']['hosts'];
+$a_hosts = &$config['dnsmasq']['hosts'];
$a_domainOverrides = &$config['dnsmasq']['domainoverrides'];
if ($_POST) {
@@ -80,24 +80,24 @@ if ($_POST) {
}
if ($_GET['act'] == "del") {
- if ($_GET['type'] == 'host') {
- if ($a_hosts[$_GET['id']]) {
- unset($a_hosts[$_GET['id']]);
- write_config();
+ if ($_GET['type'] == 'host') {
+ if ($a_hosts[$_GET['id']]) {
+ unset($a_hosts[$_GET['id']]);
+ write_config();
mark_subsystem_dirty('hosts');
- header("Location: services_dnsmasq.php");
- exit;
- }
- }
- elseif ($_GET['type'] == 'doverride') {
- if ($a_domainOverrides[$_GET['id']]) {
- unset($a_domainOverrides[$_GET['id']]);
- write_config();
+ header("Location: services_dnsmasq.php");
+ exit;
+ }
+ }
+ elseif ($_GET['type'] == 'doverride') {
+ if ($a_domainOverrides[$_GET['id']]) {
+ unset($a_domainOverrides[$_GET['id']]);
+ write_config();
mark_subsystem_dirty('hosts');
- header("Location: services_dnsmasq.php");
- exit;
- }
- }
+ header("Location: services_dnsmasq.php");
+ exit;
+ }
+ }
}
$pgtitle = array(gettext("Services"),gettext("DNS forwarder"));
@@ -123,157 +123,173 @@ function enable_change(enable_over) {
<?php if (is_subsystem_dirty('hosts')): ?><p>
<?php print_info_box_np(gettext("The DNS forwarder configuration has been changed") . ".<br>" . gettext("You must apply the changes in order for them to take effect."));?><br>
<?php endif; ?>
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td class="vtable"><p>
- <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?> onClick="enable_change(false)">
- <strong><?=gettext("Enable DNS forwarder");?><br>
- </strong></p></td>
- </tr>
- <tr>
- <td class="vtable"><p>
- <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked";?>>
- <strong><?=gettext("Register DHCP leases in DNS forwarder");?><br>
- </strong><?php printf(gettext("If this option is set, then machines that specify".
- " their hostname when requesting a DHCP lease will be registered".
- " in the DNS forwarder, so that their name can be resolved.".
- " You should also set the domain in %sSystem:".
- " General setup%s to the proper value."),'<a href="system.php">','</a>')?></p>
- </td>
- </tr>
- <tr>
- <td class="vtable"><p>
- <input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?php if ($pconfig['regdhcpstatic'] == "yes") echo "checked";?>>
- <strong><?=gettext("Register DHCP static mappings in DNS forwarder");?><br>
- </strong><?php printf(gettext("If this option is set, then DHCP static mappings will ".
- "be registered in the DNS forwarder, so that their name can be ".
- "resolved. You should also set the domain in %s".
- "System: General setup%s to the proper value."),'<a href="system.php">','</a>');?></p>
- </td>
- </tr>
- <tr>
- <td> <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)">
- </td>
- </tr>
- <tr>
- <td><p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br>
- </strong></span><?php printf(gettext("If the DNS forwarder is enabled, the DHCP".
- " service (if enabled) will automatically serve the LAN IP".
- " address as a DNS server to DHCP clients so they will use".
- " the forwarder. The DNS forwarder will use the DNS servers".
- " entered in %sSystem: General setup%s".
- " or those obtained via DHCP or PPP on WAN if the &quot;Allow".
- " DNS server list to be overridden by DHCP/PPP on WAN&quot;".
- " is checked. If you don't use that option (or if you use".
- " a static IP address on WAN), you must manually specify at".
- " least one DNS server on the %sSystem:".
- "General setup%s page."),'<a href="system.php">','</a>','<a href="system.php">','</a>');?><br>
- <br>
- <?=gettext("You may enter records that override the results from the".
- " forwarders below.");?></span></p></td>
- </tr>
- </table>
- &nbsp;<br>
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="20%" class="listhdrr"><?=gettext("Host");?></td>
- <td width="25%" class="listhdrr"><?=gettext("Domain");?></td>
- <td width="20%" class="listhdrr"><?=gettext("IP");?></td>
- <td width="25%" class="listhdr"><?=gettext("Description");?></td>
- <td width="10%" class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17"></td>
- <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
+<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td class="vtable"><p>
+ <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable'] == "yes") echo "checked";?> onClick="enable_change(false)">
+ <strong><?=gettext("Enable DNS forwarder");?><br>
+ </strong></p></td>
</tr>
- <?php $i = 0; foreach ($a_hosts as $hostent): ?>
- <tr>
- <td class="listlr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';">
- <?=strtolower($hostent['host']);?>&nbsp;
- </td>
- <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';">
- <?=strtolower($hostent['domain']);?>&nbsp;
- </td>
- <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';">
- <?=$hostent['ip'];?>&nbsp;
- </td>
- <td class="listbg" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';">
- <?=htmlspecialchars($hostent['descr']);?>&nbsp;
- </td>
- <td valign="middle" nowrap class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td valign="middle"><a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
- <td><a href="services_dnsmasq.php?type=host&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this host?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="4"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17"></td>
- <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
- </table>
- </td>
- </table>
-<!-- update to enable domain overrides -->
- <table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr><td>&nbsp;</td></tr>
- <tr>
- <td><p><?=gettext("Below you can override an entire domain by specifying an".
- " authoritative DNS server to be queried for that domain.");?></p></td>
- </tr>
- </table>
- &nbsp;<br>
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td width="35%" class="listhdrr"><?=gettext("Domain");?></td>
- <td width="20%" class="listhdrr"><?=gettext("IP");?></td>
- <td width="35%" class="listhdr"><?=gettext("Description");?></td>
- <td width="10%" class="list">
+ <tr>
+ <td class="vtable"><p>
+ <input name="regdhcp" type="checkbox" id="regdhcp" value="yes" <?php if ($pconfig['regdhcp'] == "yes") echo "checked";?>>
+ <strong><?=gettext("Register DHCP leases in DNS forwarder");?><br>
+ </strong><?php printf(gettext("If this option is set, then machines that specify".
+ " their hostname when requesting a DHCP lease will be registered".
+ " in the DNS forwarder, so that their name can be resolved.".
+ " You should also set the domain in %sSystem:".
+ " General setup%s to the proper value."),'<a href="system.php">','</a>')?></p>
+ </td>
+ </tr>
+ <tr>
+ <td class="vtable"><p>
+ <input name="regdhcpstatic" type="checkbox" id="regdhcpstatic" value="yes" <?php if ($pconfig['regdhcpstatic'] == "yes") echo "checked";?>>
+ <strong><?=gettext("Register DHCP static mappings in DNS forwarder");?><br>
+ </strong><?php printf(gettext("If this option is set, then DHCP static mappings will ".
+ "be registered in the DNS forwarder, so that their name can be ".
+ "resolved. You should also set the domain in %s".
+ "System: General setup%s to the proper value."),'<a href="system.php">','</a>');?></p>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <input name="submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onclick="enable_change(true)">
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br>
+ </strong></span><?php printf(gettext("If the DNS forwarder is enabled, the DHCP".
+ " service (if enabled) will automatically serve the LAN IP".
+ " address as a DNS server to DHCP clients so they will use".
+ " the forwarder. The DNS forwarder will use the DNS servers".
+ " entered in %sSystem: General setup%s".
+ " or those obtained via DHCP or PPP on WAN if the &quot;Allow".
+ " DNS server list to be overridden by DHCP/PPP on WAN&quot;".
+ " is checked. If you don't use that option (or if you use".
+ " a static IP address on WAN), you must manually specify at".
+ " least one DNS server on the %sSystem:".
+ "General setup%s page."),'<a href="system.php">','</a>','<a href="system.php">','</a>');?><br>
+ <br>
+ <?=gettext("You may enter records that override the results from the".
+ " forwarders below.");?></span></p>
+ </td>
+ </tr>
+</table>
+&nbsp;<br>
+<table width="100%" border="0" cellpadding="0" cellspacing="0" class="sortable">
+ <thead>
+ <tr>
+ <td width="20%" class="listhdrr"><?=gettext("Host");?></td>
+ <td width="25%" class="listhdrr"><?=gettext("Domain");?></td>
+ <td width="20%" class="listhdrr"><?=gettext("IP");?></td>
+ <td width="25%" class="listhdr"><?=gettext("Description");?></td>
+ <td width="10%" class="list">
<table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17" heigth="17"></td>
- <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
+ <tr>
+ <td width="17"></td>
+ <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
</table>
- </td>
- </tr>
- <?php $i = 0; foreach ($a_domainOverrides as $doment): ?>
- <tr>
- <td class="listlr">
- <?=strtolower($doment['domain']);?>&nbsp;
- </td>
- <td class="listr">
- <?=$doment['ip'];?>&nbsp;
- </td>
- <td class="listbg">
- <?=htmlspecialchars($doment['descr']);?>&nbsp;
- </td>
- <td valign="middle" nowrap class="list"> <a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a>
- &nbsp;<a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this domain override?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="3"></td>
- <td class="list">
+ </td>
+ </tr>
+ </thead>
+ <tbody>
+ <?php $i = 0; foreach ($a_hosts as $hostent): ?>
+ <tr>
+ <td class="listlr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';">
+ <?=strtolower($hostent['host']);?>&nbsp;
+ </td>
+ <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';">
+ <?=strtolower($hostent['domain']);?>&nbsp;
+ </td>
+ <td class="listr" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';">
+ <?=$hostent['ip'];?>&nbsp;
+ </td>
+ <td class="listbg" ondblclick="document.location='services_dnsmasq_edit.php?id=<?=$i;?>';">
+ <?=htmlspecialchars($hostent['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list">
<table border="0" cellspacing="0" cellpadding="1">
- <tr>
- <td width="17" heigth="17"></td>
- <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
- </tr>
+ <tr>
+ <td valign="middle"><a href="services_dnsmasq_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td>
+ <td><a href="services_dnsmasq.php?type=host&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this host?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </tr>
+ <?php $i++; endforeach; ?>
+ </tbody>
+ <tfoot>
+ <tr>
+ <td class="list" colspan="4"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17"></td>
+ <td valign="middle"><a href="services_dnsmasq_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
</table>
- </td>
- </tr>
- </table>
- </form>
+ </td>
+ </tr>
+ </tfoot>
+</table>
+<!-- update to enable domain overrides -->
+<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr><td>&nbsp;</td></tr>
+ <tr>
+ <td><p><?=gettext("Below you can override an entire domain by specifying an".
+ " authoritative DNS server to be queried for that domain.");?></p></td>
+ </tr>
+</table>
+&nbsp;<br>
+<table width="100%" border="0" cellpadding="0" cellspacing="0" class="sortable">
+ <thead>
+ <tr>
+ <td width="35%" class="listhdrr"><?=gettext("Domain");?></td>
+ <td width="20%" class="listhdrr"><?=gettext("IP");?></td>
+ <td width="35%" class="listhdr"><?=gettext("Description");?></td>
+ <td width="10%" class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17" heigth="17"></td>
+ <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </thead>
+ <tbody>
+ <?php $i = 0; foreach ($a_domainOverrides as $doment): ?>
+ <tr>
+ <td class="listlr">
+ <?=strtolower($doment['domain']);?>&nbsp;
+ </td>
+ <td class="listr">
+ <?=$doment['ip'];?>&nbsp;
+ </td>
+ <td class="listbg">
+ <?=htmlspecialchars($doment['descr']);?>&nbsp;
+ </td>
+ <td valign="middle" nowrap class="list"> <a href="services_dnsmasq_domainoverride_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a>
+ &nbsp;<a href="services_dnsmasq.php?act=del&type=doverride&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this domain override?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ </tbody>
+ <tfoot>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1">
+ <tr>
+ <td width="17" heigth="17"></td>
+ <td><a href="services_dnsmasq_domainoverride_edit.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </tfoot>
+</table>
+</form>
<script language="JavaScript">
<!--
enable_change(false);
diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index 38d12c1..34bf11d 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -56,6 +56,7 @@ $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
$pconfig['optimization'] = $config['filter']['optimization'];
$pconfig['maximumstates'] = $config['system']['maximumstates'];
$pconfig['maximumtableentries'] = $config['system']['maximumtableentries'];
+$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']);
$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
if (!isset($config['system']['enablebinatreflection']))
$pconfig['disablebinatreflection'] = "yes";
@@ -124,6 +125,11 @@ if ($_POST) {
else
$config['system']['enablebinatreflection'] = "yes";
+ if($_POST['disablereplyto'] == "yes")
+ $config['system']['disablereplyto'] = $_POST['disablereplyto'];
+ else
+ unset($config['system']['disablereplyto']);
+
if($_POST['enablenatreflectionhelper'] == "yes")
$config['system']['enablenatreflectionhelper'] = "yes";
else
@@ -361,6 +367,17 @@ function update_description(itemnum) {
<?=gettext("Currently only applies to 1:1 NAT rules. Required for full functionality of NAT Reflection for 1:1 NAT.");?>
</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Disable reply-to</td>
+ <td width="78%" class="vtable">
+ <input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> />
+ <strong><?=gettext("Disable reply-to on WAN rules");?></strong>
+ <br />
+ <?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default." .
+ "When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?>
+ <br />
+ </td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("TFTP Proxy");?></td>
<td width="78%" class="vtable">
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 9256c40..6b1a81b 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -205,6 +205,9 @@ if (isAllowedPage("system_usermanager")) {
if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
$input_errors[] = gettext("The username contains invalid characters.");
+ if (strlen($_POST['usernamefld']) > 16)
+ $input_errors[] = gettext("The username is longer than 16 characters.");
+
if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
$input_errors[] = gettext("The passwords do not match.");
@@ -478,7 +481,7 @@ function sshkeyClicked(obj) {
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td>
<td width="78%" class="vtable">
- <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/>
+ <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/>
<input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" />
</td>
</tr>
diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc
index 9de74a2..408d663 100644
--- a/usr/local/www/wizards/traffic_shaper_wizard.inc
+++ b/usr/local/www/wizards/traffic_shaper_wizard.inc
@@ -960,7 +960,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = gettext("Penalty Box");
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['defaultqueue'] = "qOthersLow";
$rule['source']['address'] = $config['ezshaper']['step4']['address'];
@@ -980,7 +979,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = gettext("VOIP Adapter");
- $rule['direction'] = "out";
$rule['protocol'] = "udp";
$rule['defaultqueue'] = "qVoIP";
$rule['source']['address'] = $config['ezshaper']['step3']['address'];
@@ -995,7 +993,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = "DiffServ/Lowdelay/Upload";
- $rule['direction'] = "out";
$rule['protocol'] = "udp";
$rule['source']['any'] = TRUE;
$rule['defaultqueue'] = "qVoIP";
@@ -1012,7 +1009,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['defaultqueue'] = 'qVoIP';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['descr'] = "m_voip {$voip[0]} outbound";
@@ -1036,7 +1032,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['defaultqueue'] = 'qP2P';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['descr'] = "m_P2P {$p2pclient[0]} outbound";
@@ -1061,7 +1056,6 @@ function apply_all_choosen_items() {
$rule['defaultqueue'] = 'qGames';
if ($Gameclient[1] == "tcp")
$rule['ackqueue'] = 'qACK';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['floating'] = "yes";
@@ -1110,7 +1104,6 @@ function apply_all_choosen_items() {
$loop = 1;
}
if (!$loop) {
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['floating'] = "yes";
diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc
index d550497..9e1b03c 100755
--- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc
+++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc
@@ -1024,7 +1024,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = gettext("Penalty Box");
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['defaultqueue'] = "qOthersLow";
$rule['source']['address'] = $config['ezshaper']['step4']['address'];
@@ -1044,7 +1043,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = gettext("VOIP Adapter");
- $rule['direction'] = "out";
$rule['protocol'] = "udp";
$rule['defaultqueue'] = "qVoIP";
$rule['source']['address'] = $config['ezshaper']['step3']['address'];
@@ -1059,7 +1057,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = "DiffServ/Lowdelay/Upload";
- $rule['direction'] = "out";
$rule['protocol'] = "udp";
$rule['source']['any'] = TRUE;
$rule['defaultqueue'] = "qVoIP";
@@ -1076,7 +1073,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['defaultqueue'] = 'qVoIP';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['descr'] = "m_voip {$voip[0]} outbound";
@@ -1100,7 +1096,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['defaultqueue'] = 'qP2P';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['descr'] = "m_P2P {$p2pclient[0]} outbound";
@@ -1125,7 +1120,6 @@ function apply_all_choosen_items() {
$rule['defaultqueue'] = 'qGames';
if ($Gameclient[1] == "tcp")
$rule['ackqueue'] = 'qACK';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['floating'] = "yes";
@@ -1174,7 +1168,6 @@ function apply_all_choosen_items() {
$loop = 1;
}
if (!$loop) {
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['floating'] = "yes";
diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc
index 40f036d..aaeeccc 100755
--- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc
+++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc
@@ -1057,7 +1057,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = gettext("Penalty Box");
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['defaultqueue'] = "qOthersLow";
$rule['source']['address'] = $config['ezshaper']['step4']['address'];
@@ -1077,7 +1076,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = gettext("VOIP Adapter");
- $rule['direction'] = "out";
$rule['protocol'] = "udp";
$rule['defaultqueue'] = "qVoIP";
$rule['source']['address'] = $config['ezshaper']['step3']['address'];
@@ -1092,7 +1090,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = "DiffServ/Lowdelay/Upload";
- $rule['direction'] = "out";
$rule['protocol'] = "udp";
$rule['source']['any'] = TRUE;
$rule['defaultqueue'] = "qVoIP";
@@ -1109,7 +1106,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['defaultqueue'] = 'qVoIP';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['descr'] = "m_voip {$voip[0]} outbound";
@@ -1133,7 +1129,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['defaultqueue'] = 'qP2P';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['descr'] = "m_P2P {$p2pclient[0]} outbound";
@@ -1158,7 +1153,6 @@ function apply_all_choosen_items() {
$rule['defaultqueue'] = 'qGames';
if ($Gameclient[1] == "tcp")
$rule['ackqueue'] = 'qACK';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['floating'] = "yes";
@@ -1207,7 +1201,6 @@ function apply_all_choosen_items() {
$loop = 1;
}
if (!$loop) {
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['floating'] = "yes";
diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc
index 9453aae..0dedfea 100644
--- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc
+++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc
@@ -1205,7 +1205,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = gettext("Penalty Box");
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['defaultqueue'] = "qOthersLow";
$rule['source']['address'] = $config['ezshaper']['step4']['address'];
@@ -1225,7 +1224,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = gettext("VOIP Adapter");
- $rule['direction'] = "out";
$rule['protocol'] = "udp";
$rule['defaultqueue'] = "qVoIP";
$rule['source']['address'] = $config['ezshaper']['step3']['address'];
@@ -1240,7 +1238,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['descr'] = "DiffServ/Lowdelay/Upload";
- $rule['direction'] = "out";
$rule['protocol'] = "udp";
$rule['source']['any'] = TRUE;
$rule['defaultqueue'] = "qVoIP";
@@ -1257,7 +1254,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['defaultqueue'] = 'qVoIP';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['descr'] = "m_voip {$voip[0]} outbound";
@@ -1281,7 +1277,6 @@ function apply_all_choosen_items() {
$rule = array();
$rule['type'] = "match";
$rule['defaultqueue'] = 'qP2P';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['descr'] = "m_P2P {$p2pclient[0]} outbound";
@@ -1306,7 +1301,6 @@ function apply_all_choosen_items() {
$rule['defaultqueue'] = 'qGames';
if ($Gameclient[1] == "tcp")
$rule['ackqueue'] = 'qACK';
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['floating'] = "yes";
@@ -1355,7 +1349,6 @@ function apply_all_choosen_items() {
$loop = 1;
}
if (!$loop) {
- $rule['direction'] = "out";
$rule['source']['any'] = TRUE;
$rule['destination']['any'] = TRUE;
$rule['floating'] = "yes";
OpenPOWER on IntegriCloud