diff options
| author | David Wood <david@wood2.org.uk> | 2015-12-31 13:46:50 +0000 |
|---|---|---|
| committer | David Wood <david@wood2.org.uk> | 2015-12-31 13:46:50 +0000 |
| commit | 60e15be211c5de855ab3d9746c78eb7296c50cde (patch) | |
| tree | 862af8eaa4a8ba95af792b3c98c484e33f2bc2ca /src/etc | |
| parent | 2e4cad90499f968474c4eca0852f352f1526b617 (diff) | |
| parent | 8dccfb20643cfda6b55429177410e6c66fcf0bbd (diff) | |
| download | pfsense-60e15be211c5de855ab3d9746c78eb7296c50cde.zip pfsense-60e15be211c5de855ab3d9746c78eb7296c50cde.tar.gz | |
Merge remote-tracking branch 'upstream/master' into rfc4638, fix conflict with c399d0d
Diffstat (limited to 'src/etc')
117 files changed, 4102 insertions, 9271 deletions
diff --git a/src/etc/fbtab b/src/etc/fbtab deleted file mode 100644 index 06d2d61..0000000 --- a/src/etc/fbtab +++ /dev/null @@ -1,4 +0,0 @@ -# $FreeBSD: src/etc/fbtab,v 1.3 1999/09/13 17:09:07 peter Exp $ -# -#/dev/ttyv0 0600 /dev/console -#/dev/ttyv0 0600 /dev/pcaudio:/dev/pcaudioctl diff --git a/src/etc/gettytab b/src/etc/gettytab deleted file mode 100644 index 5af5aae..0000000 --- a/src/etc/gettytab +++ /dev/null @@ -1,235 +0,0 @@ -# $FreeBSD: stable/10/etc/gettytab 241708 2012-10-18 22:20:02Z peterj $ -# from: @(#)gettytab 5.14 (Berkeley) 3/27/91 -# -# Most of the table entries here are just copies of the old getty table, -# it is by no means certain, or even likely, that any of them are optimal -# for any purpose whatever. Nor is it likely that more than a couple are -# even correct. -# -# The default gettytab entry, used to set defaults for all other -# entries, and in cases where getty is called with no table name. -# -# cb, ce and ck are desirable on most crt's. The non-crt entries need to -# be changed to turn them off (:cb@:ce@:ck@:). -# -# lc should always be on; it's a remainder of some stone age when there -# have been terminals around not being able of handling lower-case -# characters. Those terminals aren't supported any longer, but getty is -# `smart' about them by default. -# -# Parity defaults to even, but the Pc entry and all the `std' entries -# specify no parity. The different parities are: -# (none): same as ep for getty. login will use terminal as is. -# ep: getty will use raw mode (cs8 -parenb) (unless rw is set) and -# fake parity. login will use even parity (cs7 parenb -parodd). -# op: same as ep except odd parity (cs7 parenb parodd) for login. -# getty will fake odd parity as well. -# ap: same as ep except -inpck instead of inpck for login. -# ap overrides op and ep. -# np: 1. don't fake parity in getty. The fake parity garbles -# characters on non-terminals (like pccons) that don't -# support parity. It would probably better for getty not to -# try to fake parity. It could just use cbreak mode so as -# not to force cs8 and let the hardware handle the parity. -# login has to be rely on the hardware anyway. -# 2. set cs8 -parenb -istrip -inpck. -# ep:op: same as ap. -# -default:\ - :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\ - :if=/etc/issue: - -# -# Fixed speed entries -# -# The "std.NNN" names are known to the special case -# portselector code in getty, however they can -# be assigned to any table desired. -# The "NNN-baud" names are known to the special case -# autobaud code in getty, and likewise can -# be assigned to any table desired (hopefully the same speed). -# -a|std.110|110-baud:\ - :np:nd#1:cd#1:uc:sp#110: -b|std.134|134.5-baud:\ - :np:nd#1:cd#2:ff#1:td#1:sp#134:ht:nl: -1|std.150|150-baud:\ - :np:nd#1:cd#2:td#1:fd#1:sp#150:ht:nl:lm=\E\72\6\6\17login\72 : -c|std.300|300-baud:\ - :np:nd#1:cd#1:sp#300: -d|std.600|600-baud:\ - :np:nd#1:cd#1:sp#600: -f|std.1200|1200-baud:\ - :np:fd#1:sp#1200: -6|std.2400|2400-baud:\ - :np:sp#2400: -7|std.4800|4800-baud:\ - :np:sp#4800: -2|std.9600|9600-baud:\ - :np:sp#9600: -g|std.19200|19200-baud:\ - :np:sp#19200: -std.38400|38400-baud:\ - :np:sp#38400: -std.57600|57600-baud:\ - :np:sp#57600: -std.115200|115200-baud:\ - :np:sp#115200: -std.230400|230400-baud:\ - :np:sp#230400: - -# -# Entry specifying explicit device settings. See termios(4) and -# /usr/include/termios.h, too. The entry forces the tty into -# CLOCAL mode (so no DCD is required), and uses Xon/Xoff flow control. -# -# cflags: CLOCAL | HUPCL | CREAD | CS8 -# oflags: OPOST | ONLCR | OXTABS -# iflags: IXOFF | IXON | ICRNL | IGNPAR -# lflags: IEXTEN | ICANON | ISIG | ECHOCTL | ECHO | ECHOK | ECHOE | ECHOKE -# -# The `0' flags don't have input enabled. The `1' flags don't echo. -# (Echoing is done inside getty itself.) -# -local.9600|CLOCAL tty @ 9600 Bd:\ - :c0#0x0000c300:c1#0x0000cb00:c2#0x0000cb00:\ - :o0#0x00000007:o1#0x00000002:o2#0x00000007:\ - :i0#0x00000704:i1#0x00000000:i2#0x00000704:\ - :l0#0x000005cf:l1#0x00000000:l2#0x000005cf:\ - :sp#9600:np: - -# -# Dial in rotary tables, speed selection via 'break' -# -0|d300|Dial-300:\ - :nx=d1200:cd#2:sp#300: -d1200|Dial-1200:\ - :nx=d150:fd#1:sp#1200: -d150|Dial-150:\ - :nx=d110:lm@:tc=150-baud: -d110|Dial-110:\ - :nx=d300:tc=300-baud: - -# -# Fast dialup terminals, 2400/1200/300 rotary (can start either way) -# -D2400|d2400|Fast-Dial-2400:\ - :nx=D1200:tc=2400-baud: -3|D1200|Fast-Dial-1200:\ - :nx=D300:tc=1200-baud: -5|D300|Fast-Dial-300:\ - :nx=D2400:tc=300-baud: - -# -#telebit (19200) -# -t19200:\ - :nx=t2400:tc=19200-baud: -t2400:\ - :nx=t1200:tc=2400-baud: -t1200:\ - :nx=t19200:tc=1200-baud: - -# -#telebit (9600) -# -t9600:\ - :nx=t2400a:tc=9600-baud: -t2400a:\ - :nx=t1200a:tc=2400-baud: -t1200a:\ - :nx=t9600:tc=1200-baud: - -# -# Odd special case terminals -# --|tty33|asr33|Pity the poor user of this beast:\ - :tc=110-baud: - -4|Console|Console Decwriter II:\ - :nd@:cd@:rw:tc=300-baud: - -e|Console-1200|Console Decwriter III:\ - :fd@:nd@:cd@:rw:tc=1200-baud: - -i|Interdata console:\ - :uc:sp#0: - -l|lsi chess terminal:\ - :sp#300: - -X|Xwindow|X window system:\ - :fd@:nd@:cd@:rw:sp#9600: - -P|Pc|Pc console:\ - :ht:np:sp#9600: - -al.Pc:\ - :ht:np:sp#9600:al=root: - -# Weirdo special case for fast crt's with hardcopy devices -# -8|T9600|CRT with hardcopy:\ - :nx=T300:tc=9600-baud: -9|T300|CRT with hardcopy (300):\ - :nx=T9600:tc=300-baud: - -# -# Plugboard, and misc other terminals -# -plug-9600|Plugboard-9600:\ - :pf#1:tc=9600-baud: -p|P9600|Plugboard-9600-rotary:\ - :pf#1:nx=P300:tc=9600-baud: -q|P300|Plugboard-300:\ - :pf#1:nx=P1200:tc=300-baud: -r|P1200|Plugboard-1200:\ - :pf#1:nx=P9600:tc=1200-baud: - -# -# XXXX Port selector -# -s|DSW|Port Selector:\ - :ps:sp#2400: - -# -# Auto-baud speed detect entry for Micom 600. -# Special code in getty will switch this out -# to one of the NNN-baud entries. -# -A|Auto-baud:\ - :ab:sp#2400:f0#040: - -# -# autologin - automatically log in as root -# - -autologin|al.9600:\ - :al=root:tc=std.9600: -al.19200:\ - :al=root:tc=std.19200: -al.38400:\ - :al=root:tc=std.38400: -al.57600:\ - :al=root:tc=std.57600: -al.115200:\ - :al=root:tc=std.115200: -al.230400:\ - :al=root:tc=std.230400: - -# -# Entries for 3-wire serial terminals. These don't supply carrier, so -# clocal needs to be set, and crtscts needs to be unset. -# -3wire.9600|9600-3wire:\ - :np:nc:sp#9600: -3wire.19200|19200-3wire:\ - :np:nc:sp#19200: -3wire.38400|38400-3wire:\ - :np:nc:sp#38400: -3wire.57600|57600-3wire:\ - :np:nc:sp#57600: -3wire.115200|115200-3wire:\ - :np:nc:sp#115200: -3wire.230400|230400-3wire:\ - :np:nc:sp#230400: diff --git a/src/etc/inc/IPv6.inc b/src/etc/inc/IPv6.inc index faacb8d..bfc8124 100644 --- a/src/etc/inc/IPv6.inc +++ b/src/etc/inc/IPv6.inc @@ -1,9 +1,5 @@ <?php -/* - pfSense_MODULE: utils -*/ - /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */ /** diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index f30a996..fffe84f 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -1,46 +1,60 @@ <?php -/* $Id$ */ /* - Copyright (C) 2010 Ermal Luçi - All rights reserved. - - Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com> - All rights reserved. - - Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com> - All rights reserved. - - Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>. - All rights reserved. - - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - pfSense_BUILDER_BINARIES: /usr/sbin/pw /bin/cp - pfSense_MODULE: auth + auth.inc */ - +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2005-2006 Bill Marquette <bill.marquette@gmail.com> + * Copyright (c) 2006 Paul Taylor <paultaylor@winn-dixie.com> + * Copyright (c) 2003-2006 Manuel Kasper <mk@neon1.net> + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ /* * NOTE : Portions of the mschapv2 support was based on the BSD licensed CHAP.php * file courtesy of Michael Retterklieber. @@ -151,7 +165,7 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][ $referrer_host = str_replace(array("[", "]"), "", $referrer_host); if ($referrer_host) { if (strcasecmp($referrer_host, $config['system']['hostname'] . "." . $config['system']['domain']) == 0 || - strcasecmp($referrer_host, $config['system']['hostname']) == 0) { + strcasecmp($referrer_host, $config['system']['hostname']) == 0) { $found_host = true; } @@ -1112,11 +1126,11 @@ function ldap_get_groups($username, $authcfg) { $gresults = isset($authcfg['ldap_rfc2307']) ? $info : $info[0][$ldapgroupattribute]; - if(is_array($gresults)) { + if (is_array($gresults)) { /* Iterate through the groups and throw them into an array */ foreach ($gresults as $grp) { - if (((isset($authcfg['ldap_rfc2307'])) && (stristr($grp["dn"], "CN=") !== false)) - || ((!isset($authcfg['ldap_rfc2307'])) && (stristr($grp, "CN=") !== false))) { + if (((isset($authcfg['ldap_rfc2307'])) && (stristr($grp["dn"], "CN=") !== false)) || + ((!isset($authcfg['ldap_rfc2307'])) && (stristr($grp, "CN=") !== false))) { $grpsplit = isset($authcfg['ldap_rfc2307']) ? explode(",", $grp["dn"]) : explode(",", $grp); $memberof[] = preg_replace("/CN=/i", "", $grpsplit[0]); } diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc index d3b701d..c3536c8 100644 --- a/src/etc/inc/authgui.inc +++ b/src/etc/inc/authgui.inc @@ -1,42 +1,57 @@ <?php -/* $Id$ */ -/* - Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com> - All rights reserved. - - Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com> - All rights reserved. - - Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>. - All rights reserved. - - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - pfSense_MODULE: authgui -*/ - +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2005-2006 Bill Marquette <bill.marquette@gmail.com> + * Copyright (c) 2006 Paul Taylor <paultaylor@winn-dixie.com>. + * Copyright (c) 2003-2006 Manuel Kasper <mk@neon1.net>. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ include_once("auth.inc"); include_once("priv.inc"); if (!function_exists('platform_booting')) { @@ -103,18 +118,26 @@ session_commit(); */ function display_error_form($http_code, $desc) { global $config, $g; - $g['theme'] = get_current_theme(); + if (isAjax()) { printf(gettext('Error: %1$s Description: %2$s'), $http_code, $desc); return; } + $cssfile = "/bootstrap/css/pfSense.css"; + + if (isset($config['system']['webgui']['webguicss'])) { + if (file_exists("bootstrap/css/" . $config['system']['webgui']['webguicss'])) { + $cssfile = "/bootstrap/css/" . $config['system']['webgui']['webguicss']; + } +} + ?> -<<<<<<< HEAD <!DOCTYPE html> <html lang="en"> <head> - <link rel="stylesheet" href="/bootstrap/css/pfSense.css" /> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <link rel="stylesheet" href="<?=$cssfile?>" /> <title><?=gettext("Error: not allowed"); ?></title> </head> <body id="error" class="no-menu"> @@ -136,7 +159,6 @@ function display_error_form($http_code, $desc) { function display_login_form() { require_once("globals.inc"); global $config, $g; - $g['theme'] = get_current_theme(); unset($input_errors); @@ -206,13 +228,26 @@ if ($local_ip == false) { } } +$cssfile = "/bootstrap/css/pfSense.css"; + +if (isset($config['system']['webgui']['webguicss'])) { + if (file_exists("bootstrap/css/" . $config['system']['webgui']['webguicss'])) { + $cssfile = "/bootstrap/css/" . $config['system']['webgui']['webguicss']; + } +} + ?> <!DOCTYPE html> <html lang="en"> <head> - <link rel="stylesheet" href="/bootstrap/css/pfSense.css" /> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <link rel="stylesheet" href="<?=$cssfile?>" /> <title><?=gettext("Login"); ?></title> - <script>var events = events || [];</script> + <script type="text/javascript"> + //<![CDATA{ + var events = events || []; + //]]> + </script> </head> <body id="login" class="no-menu"> <div id="jumbotron"> @@ -264,7 +299,8 @@ if ($local_ip == false) { </div> </div> - <script> + <script type="text/javascript"> + //!<[CDATA[ events.push(function() { document.cookie= "cookie_test=1" + @@ -278,6 +314,7 @@ if ($local_ip == false) { // Delete it document.cookie = "cookie_test=1; expires=Thu, 01-Jan-1970 00:00:01 GMT"; }); + //]]> </script> <?php require('foot.inc'); diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc index f6bbb64..0730962 100644 --- a/src/etc/inc/captiveportal.inc +++ b/src/etc/inc/captiveportal.inc @@ -35,11 +35,6 @@ via returned RADIUS attributes. This page has been modified to delete any added rules which may have been created by other per-user code (index.php, etc). These changes are (c) 2004 Keycom PLC. - - pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/route - pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl - pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp - pfSense_MODULE: captiveportal */ /* include all configuration functions */ @@ -545,19 +540,14 @@ EOD; $rulenum++; $cprules .= "add {$rulenum} pass ip from table(100) to any out\n"; $rulenum++; - $ips = ""; foreach ($cpips as $cpip) { $cprules .= "table 100 add {$cpip}\n"; } - $cprules .= "table 100 add 255.255.255.255\n"; - $cprules .= "add {$rulenum} pass ip from any to {$ips} in\n"; - $rulenum++; - $cprules .= "add {$rulenum} pass ip from {$ips} to any out\n"; - $rulenum++; - $cprules .= "add {$rulenum} pass icmp from {$ips} to any out icmptype 0\n"; + $cprules .= "add {$rulenum} pass ip from any to 255.255.255.255 in\n"; $rulenum++; - $cprules .= "add {$rulenum} pass icmp from any to {$ips} in icmptype 8 \n"; + $cprules .= "add {$rulenum} pass ip from 255.255.255.255 to any out\n"; $rulenum++; + /* Allowed ips */ $cprules .= "add {$rulenum} pipe tablearg ip from table(3) to any in\n"; $rulenum++; @@ -936,6 +926,7 @@ function captiveportal_disconnect($dbent, $radiusservers, $term_cause = 1, $stop function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutReason = "LOGOUT") { global $g, $config; + $sessionid = SQLite3::escapeString($sessionid); $radiusservers = captiveportal_get_radius_servers(); /* read database */ @@ -1401,7 +1392,7 @@ function radius($username, $password, $clientip, $clientmac, $type, $radiusctx = } function captiveportal_opendb() { - global $g, $cpzone; + global $g, $config, $cpzone, $cpzoneid; $db_path = "{$g['vardb_path']}/captiveportal{$cpzone}.db"; $createquery = "CREATE TABLE IF NOT EXISTS captiveportal (" . @@ -1415,11 +1406,13 @@ function captiveportal_opendb() { try { $DB = new SQLite3($db_path); + $DB->busyTimeout(60000); } catch (Exception $e) { captiveportal_syslog("Could not open {$db_path} as an sqlite database for {$cpzone}. Error message: " . $e->getMessage() . " -- Trying again."); unlink_if_exists($db_path); try { $DB = new SQLite3($db_path); + $DB->busyTimeout(60000); } catch (Exception $e) { captiveportal_syslog("Still could not open {$db_path} as an sqlite database for {$cpzone}. Error message: " . $e->getMessage() . " -- Remove the database file manually and ensure there is enough free space."); return; @@ -1430,6 +1423,7 @@ function captiveportal_opendb() { captiveportal_syslog("Could not open {$db_path} as an sqlite database for {$cpzone}. Error message: {$DB->lastErrorMsg()}. Trying again."); unlink_if_exists($db_path); $DB = new SQLite3($db_path); + $DB->busyTimeout(60000); if (!$DB) { captiveportal_syslog("Still could not open {$db_path} as an sqlite database for {$cpzone}. Error message: {$DB->lastErrorMsg()}. Remove the database file manually and ensure there is enough free space."); return; @@ -1444,8 +1438,22 @@ function captiveportal_opendb() { unset($DB); unlink_if_exists($db_path); $DB = new SQLite3($db_path); + $DB->busyTimeout(60000); if ($DB->exec($createquery)) { captiveportal_syslog("Successfully reinitialized tables for {$cpzone} -- database has been reset."); + if (!is_numericint($cpzoneid)) { + if (is_array($config['captiveportal'])) { + foreach ($config['captiveportal'] as $cpkey => $cp) { + if ($cpzone == $cp['zone']) { + $cpzoneid = $cp['zoneid']; + } + } + } + } + if (is_numericint($cpzoneid)) { + mwexec("/sbin/ipfw -x $cpzoneid table all flush"); + captiveportal_syslog("Flushed tables for {$cpzone} after database reset."); + } } else { captiveportal_syslog("Still unable to create tables for {$cpzone}. Error message: {$DB->lastErrorMsg()}. Remove the database file manually and try again."); } @@ -1527,7 +1535,11 @@ function captiveportal_write_elements() { if (is_array($cpcfg['element'])) { conf_mount_rw(); foreach ($cpcfg['element'] as $data) { - if (!@file_put_contents("{$g['captiveportal_element_path']}/{$data['name']}", base64_decode($data['content']))) { + /* Do not attempt to decode or write out empty files. */ + if (empty($data['content']) || empty(base64_decode($data['content']))) { + unlink_if_exists("{$g['captiveportal_element_path']}/{$data['name']}"); + touch("{$g['captiveportal_element_path']}/{$data['name']}"); + } elseif (!@file_put_contents("{$g['captiveportal_element_path']}/{$data['name']}", base64_decode($data['content']))) { printf(gettext("Error: cannot open '%s' in captiveportal_write_elements()%s"), $data['name'], "\n"); return 1; } @@ -1977,6 +1989,8 @@ function portal_allow($clientip, $clientmac, $username, $password = null, $attri if ($attributes['voucher']) { $remaining_time = $attributes['session_timeout']; + // Set RADIUS-Attribute to Voucher to prevent ReAuth-Reqeuest for Vouchers Bug: #2155 + $radiusctx="voucher"; } $writecfg = false; diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index 9c99952..6d260e6 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* certs.inc Copyright (C) 2008 Shrew Soft Inc @@ -26,8 +25,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_MODULE: certificate_manager */ define("OPEN_SSL_CONF_PATH", "/etc/ssl/openssl.cnf"); @@ -284,6 +281,7 @@ function ca_inter_create(& $ca, $keylen, $lifetime, $dn, $caref, $digest_alg = " $ca['crt'] = base64_encode($str_crt); $ca['prv'] = base64_encode($str_key); $ca['serial'] = 0; + $ca['caref'] = $caref; return true; } diff --git a/src/etc/inc/config.console.inc b/src/etc/inc/config.console.inc index 33194bf..ce9dfd2 100644 --- a/src/etc/inc/config.console.inc +++ b/src/etc/inc/config.console.inc @@ -36,10 +36,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/umount /sbin/halt /sbin/fsck - pfSense_MODULE: config */ function set_networking_interfaces_ports() { @@ -101,15 +97,13 @@ BEGIN MANUAL CONFIGURATION OR WE WILL PROCEED WITH AUTO CONFIGURATION. EOD; } - echo <<<EOD - -Do you want to set up VLANs first? - -If you are not going to use VLANs, or only for optional interfaces, you should -say no here and use the webConfigurator to configure VLANs later, if required. - -Do you want to set up VLANs now [y|n]? -EOD; + echo "\n" . gettext("Do you want to set up VLANs first?"); + echo "\n" . + gettext( + "If you are not going to use VLANs, or only for optional interfaces, you should\n" . + "say no here and use the webConfigurator to configure VLANs later, if required.") . + "\n"; + echo "\n" . gettext("Do you want to set up VLANs now [y|n]?") . " "; if ($auto_assign) { $key = timeout(); @@ -314,10 +308,7 @@ EOD; echo "OPT" . ($i+1) . " -> " . $optif[$i] . "\n"; } - echo <<<EOD - -Do you want to proceed [y|n]? -EOD; + echo "\n" . gettext("Do you want to proceed [y|n]?") . " "; $key = chop(fgets($fp)); } @@ -330,13 +321,8 @@ EOD; $config['interfaces']['lan']['enable'] = true; } elseif (!platform_booting() && !$auto_assign) { -echo <<<EODD - -You have chosen to remove the LAN interface. - -Would you like to remove the LAN IP address and -unload the interface now? [y|n]? -EODD; + echo "\n" . gettext("You have chosen to remove the LAN interface.") . "\n"; + echo "\n" . gettext("Would you like to remove the LAN IP address and \nunload the interface now [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { if (isset($config['interfaces']['lan']) && $config['interfaces']['lan']['if']) { @@ -497,13 +483,8 @@ function vlan_setup() { $iflist = get_interface_list(); if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { - - echo <<<EOD - -WARNING: all existing VLANs will be cleared if you proceed! - -Do you want to proceed [y|n]? -EOD; + echo "\n" . gettext("WARNING: all existing VLANs will be cleared if you proceed!") . "\n"; + echo "\n" . gettext("Do you want to proceed [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") != 0) { return; @@ -563,4 +544,63 @@ EOD; } } +function check_for_alternate_interfaces() { + global $config; + + // If the WAN and/or LAN devices in the factory default config do not exist, + // then look for alternate devices. + // This lets many systems boot a factory default config without being + // forced to do interface assignment on the console. + + $specplatform = system_identify_specific_platform(); + $default_device = array(); + + // If we recognise the platform, then specify the devices directly. + switch ($specplatform['name']) { + case 'alix': + $default_device['wan'] = "vr1"; + $default_device['lan'] = "vr0"; + break; + case 'APU': + $default_device['wan'] = "re1"; + $default_device['lan'] = "re2"; + break; + case 'RCC-VE': + $default_device['wan'] = "igb0"; + $default_device['lan'] = "igb1"; + break; + default: + $default_device['wan'] = ""; + $default_device['lan'] = ""; + break; + } + + // Other common device names can be put here and will be looked for + // if the system was not one of the known platforms. + $other_devices_arr['wan'] = array("vr1", "re1", "igb0", "em0"); + $other_devices_arr['lan'] = array("vr0", "re2", "igb1", "em1"); + $interface_assignment_changed = false; + + foreach ($other_devices_arr as $ifname => $other_devices) { + if (!does_interface_exist($config['interfaces'][$ifname]['if'])) { + if (does_interface_exist($default_device[$ifname])) { + $config['interfaces'][$ifname]['if'] = $default_device[$ifname]; + $interface_assignment_changed = true; + } else { + foreach ($other_devices as $other_device) { + if (does_interface_exist($other_device)) { + $config['interfaces'][$ifname]['if'] = $other_device; + $interface_assignment_changed = true; + break; + } + } + } + } + } + + if ($interface_assignment_changed) { + write_config("Factory default boot detected WAN " . $config['interfaces']['wan']['if'] . " and LAN " . $config['interfaces']['lan']['if']); + } +} + ?> diff --git a/src/etc/inc/config.gui.inc b/src/etc/inc/config.gui.inc index 56b5555..0883ede 100644 --- a/src/etc/inc/config.gui.inc +++ b/src/etc/inc/config.gui.inc @@ -36,10 +36,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/umount /sbin/halt /sbin/fsck - pfSense_MODULE: config */ require_once("globals.inc"); @@ -80,8 +76,12 @@ if (file_exists("/debugging")) { $config = parse_config(); /* set timezone */ -$timezone = $config['system']['timezone']; -if (!$timezone) { +if (isset($config['system']['timezone']) && + !empty($config['system']['timezone'])) { + $timezone = $config['system']['timezone']; +} elseif (isset($g['default_timezone']) && !empty($g['default_timezone'])) { + $timezone = $g['default_timezone']; +} else { $timezone = "Etc/UTC"; } date_default_timezone_set("$timezone"); diff --git a/src/etc/inc/config.inc b/src/etc/inc/config.inc index 4792ac3..5f038fa 100644 --- a/src/etc/inc/config.inc +++ b/src/etc/inc/config.inc @@ -36,10 +36,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/umount /sbin/halt /sbin/fsck - pfSense_MODULE: config */ if (!function_exists('platform_booting')) { @@ -191,9 +187,6 @@ if (platform_booting(true)) { } } - /* write device name to a file for rc.firmware */ - file_put_contents("{$g['varetc_path']}/cfdevice", $cfgdevice . "\n"); - /* write out an fstab */ $fstab = "/dev/{$cfgpartition} {$g['cf_path']} {$cfgfstype} ro,noatime 1 1\n"; @@ -210,12 +203,28 @@ if (platform_booting(true)) { $config = parse_config(); /* set timezone */ -$timezone = $config['system']['timezone']; -if (!$timezone) { +if (isset($config['system']['timezone']) && + !empty($config['system']['timezone'])) { + $timezone = $config['system']['timezone']; +} elseif (isset($g['default_timezone']) && !empty($g['default_timezone'])) { + $timezone = $g['default_timezone']; +} else { $timezone = "Etc/UTC"; } date_default_timezone_set("$timezone"); +/* Set the default interface language */ +if ($config['system']['language'] <> "") { + $g['language'] = $config['system']['language']; +} elseif ($g['language'] == "") { + $g['language'] = 'en_US'; +} + +if (!function_exists('set_language')) { + require_once("pfsense-utils.inc"); +} +set_language($g['language']); + if ($config_parsed == true) { /* process packager manager custom rules */ if (is_dir("/usr/local/pkg/parse_config")) { diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc index 0ea97b3..0d66706 100644 --- a/src/etc/inc/config.lib.inc +++ b/src/etc/inc/config.lib.inc @@ -37,10 +37,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - - pfSense_BUILDER_BINARIES: /sbin/mount /sbin/umount /sbin/halt - pfSense_MODULE: config */ /****f* config/encrypted_configxml @@ -250,7 +246,7 @@ function parse_config_bootup() { if (strstr($g['platform'], "cdrom")) { /* try copying the default config. to the floppy */ echo gettext("Resetting factory defaults...") . "\n"; - reset_factory_defaults(true); + reset_factory_defaults(true, false); if (!file_exists("{$g['conf_path']}/config.xml")) { echo gettext("No XML configuration file found - using factory defaults.\n" . "Make sure that the configuration floppy disk with the conf/config.xml\n" . @@ -515,7 +511,7 @@ function safe_write_file($file, $content, $force_binary) { * null ******/ /* save the system configuration */ -function write_config($desc="Unknown", $backup = true) { +function write_config($desc="Unknown", $backup = true, $write_config_only = false) { global $config, $g; if (!empty($_SERVER['REMOTE_ADDR'])) { @@ -580,6 +576,12 @@ function write_config($desc="Unknown", $backup = true) { unlock($lockkey); + if ($write_config_only) { + /* tell kernel to sync fs data */ + conf_mount_ro(); + return $config; + } + unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php"); /* tell kernel to sync fs data */ @@ -602,7 +604,7 @@ function write_config($desc="Unknown", $backup = true) { * RESULT * integer - indicates completion ******/ -function reset_factory_defaults($lock = false) { +function reset_factory_defaults($lock = false, $reboot_required = true) { global $g; conf_mount_rw(); @@ -616,7 +618,7 @@ function reset_factory_defaults($lock = false) { /* clear out /conf */ $dh = opendir($g['conf_path']); while ($filename = readdir($dh)) { - if (($filename != ".") && ($filename != "..")) { + if (($filename != ".") && ($filename != "..") && (!is_dir($g['conf_path'] . "/" . $filename))) { unlink_if_exists($g['conf_path'] . "/" . $filename); } } @@ -629,7 +631,12 @@ function reset_factory_defaults($lock = false) { disable_security_checks(); /* call the wizard */ - touch("/conf/trigger_initial_wizard"); + if ($reboot_required) { + // If we need a reboot first then touch a different trigger file. + touch("/conf/trigger_initial_wizard_after_reboot"); + } else { + touch("/conf/trigger_initial_wizard"); + } if (!$lock) { unlock($lockkey); } @@ -1017,4 +1024,4 @@ function pfSense_clear_globals() { register_shutdown_function('pfSense_clear_globals'); -?> +?>
\ No newline at end of file diff --git a/src/etc/inc/crypt.inc b/src/etc/inc/crypt.inc index 8d96b26..f621588 100644 --- a/src/etc/inc/crypt.inc +++ b/src/etc/inc/crypt.inc @@ -1,6 +1,6 @@ <?php -/* $Id$ */ +/* crypt.inc */ /* Copyright (C) 2008 Shrew Soft Inc All rights reserved. @@ -25,10 +25,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_BUILDER_BINARIES: /usr/bin/openssl - pfSense_MODULE: crypto - */ function crypt_data($val, $pass, $opt) { diff --git a/src/etc/inc/dot.hushlogin b/src/etc/inc/dot.hushlogin deleted file mode 100644 index e69de29..0000000 --- a/src/etc/inc/dot.hushlogin +++ /dev/null diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index 104d4a6..1d1641b 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -33,6 +33,8 @@ * - DNSimple (dnsimple.com) * - Google Domains (domains.google.com) * - DNS Made Easy (www.dnsmadeeasy.com) + * - SPDNS (spdns.de) + * - SPDNS IPv6 (spdns.de) * +----------------------------------------------------+ * Requirements: * - PHP version 4.0.2 or higher with the CURL Library and the PCRE Library @@ -79,6 +81,8 @@ * DNSimple - Last Tested: 09 February 2015 * Google Domains - Last Tested: 27 April 2015 * DNS Made Easy - Last Tested: 27 April 2015 + * SPDNS - Last Tested: 04 December 2015 + * SPDNS IPv6 - Last Tested: 04 December 2015 * +====================================================+ * * @author E.Kristensen @@ -179,6 +183,7 @@ switch ($dnsService) { case 'he-net-v6': case 'custom-v6': + case 'spdns-v6': $this->_useIPv6 = true; break; default: @@ -254,6 +259,8 @@ case 'dnsimple': case 'googledomains': case 'dnsmadeeasy': + case 'spdns': + case 'spdns-v6': $this->_update(); if ($this->_dnsDummyUpdateDone == true) { // If a dummy update was needed, then sleep a while and do the update again to put the proper address back. @@ -282,7 +289,7 @@ if ($this->_dnsVerboseLog) { log_error("DynDNS ({$this->_dnsHost}): DynDns _update() starting."); } - + if (strstr($this->_dnsRequestIf, "_vip")) { $parentif = link_carp_interface_to_parent($this->_dnsRequestIf); $realparentif = convert_friendly_interface_to_real_interface_name($parentif); @@ -293,7 +300,7 @@ $ch = curl_init(); if ($this->_useIPv6 == false) { - curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); + curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); } if ($this->_dnsService != 'ods' and $this->_dnsService != 'route53 ') { @@ -684,7 +691,7 @@ case 'cloudflare': $needsIP = TRUE; $dnsServer ='api.cloudflare.com'; - $dnsHost = str_replace(' ','', $this->_dnsHost); + $dnsHost = str_replace(' ', '', $this->_dnsHost); $host_names = explode(".", $dnsHost); $bottom_host_name = $host_names[count($host_names)-2] . "." . $host_names[count($host_names)-1]; @@ -697,15 +704,15 @@ // Get zone ID $getZoneId = "https://{$dnsServer}/client/v4/zones/?name={$bottom_host_name}"; - curl_setopt($ch, CURLOPT_URL, $getZoneId); + curl_setopt($ch, CURLOPT_URL, $getZoneId); $output = json_decode(curl_exec($ch)); $zone = $output->result[0]->id; - if ($zone){ // If zone ID was found get host ID + if ($zone) { // If zone ID was found get host ID $getHostId = "https://{$dnsServer}/client/v4/zones/{$zone}/dns_records?name={$this->_dnsHost}"; - curl_setopt($ch, CURLOPT_URL, $getHostId); + curl_setopt($ch, CURLOPT_URL, $getHostId); $output = json_decode(curl_exec($ch)); $host = $output->result[0]->id; - if ($host){ // If host ID was found update host + if ($host) { // If host ID was found update host $hostData = array( "content" => "{$this->_dnsIP}", "type" => "A", @@ -715,9 +722,9 @@ ); $data_json = json_encode($hostData); $updateHostId = "https://{$dnsServer}/client/v4/zones/{$zone}/dns_records/{$host}"; - curl_setopt($ch, CURLOPT_URL, $updateHostId); + curl_setopt($ch, CURLOPT_URL, $updateHostId); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'PUT'); - curl_setopt($ch, CURLOPT_POSTFIELDS,$data_json); + curl_setopt($ch, CURLOPT_POSTFIELDS, $data_json); } } break; @@ -821,6 +828,23 @@ $server = "https://cp.dnsmadeeasy.com/servlet/updateip"; curl_setopt($ch, CURLOPT_URL, $server . '?username=' . $this->_dnsUser . '&password=' . $this->_dnsPass . '&id=' . $this->_dnsHost . '&ip=' . $this->_dnsIP); break; + case 'spdns': + case 'spdns-v6': + $needsIP = FALSE; + if ($this->_dnsVerboseLog) { + log_error("SPDNS: ({$this->_dnsHost}) DNS update() starting."); + } + curl_setopt($ch, CURLOPT_USERPWD, $this->_dnsUser.':'.$this->_dnsPass); + $server = "https://update.spdns.de/nic/update"; + $port = ""; + if ($this->_dnsServer) { + $server = $this->_dnsServer; + } + if ($this->_dnsPort) { + $port = ":" . $this->_dnsPort; + } + curl_setopt($ch, CURLOPT_URL, $server .$port . '?hostname=' . $this->_dnsHost . '&myip=' . $this->_dnsIP); + break; default: break; } @@ -1274,22 +1298,19 @@ if ($successful_update == true) { $status = "phpDynDNS: (Success) IP Address Updated Successfully!"; } else { - $status = "phpDynDNS: (Error) Result did not match."; + $status = "phpDynDNS: (Error) Result did not match. [$data]"; } break; case 'cloudflare': $output = json_decode($data); - if ($output->result->content === $this->_dnsIP){ + if ($output->result->content === $this->_dnsIP) { $status = "DynDNS: (Success) {$this->_dnsHost} updated to {$this->_dnsIP}"; $successful_update = true; - } - elseif ($output->errors[0]->code === 9103){ + } elseif ($output->errors[0]->code === 9103) { $status = "DynDNS ({$this->_dnsHost}): ERROR - Invalid Credentials! Don't forget to use API Key for password field with CloudFlare."; - } - elseif (($output->success) && (!$output->result[0]->id)) { + } elseif (($output->success) && (!$output->result[0]->id)) { $status = "DynDNS ({$this->_dnsHost}): ERROR - Zone or Host ID was not found, check your hostname."; - } - else { + } else { $status = "DynDNS ({$this->_dnsHost}): UNKNOWN ERROR - {$output->errors[0]->message}"; log_error("DynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); } @@ -1417,6 +1438,26 @@ break; } break; + case 'spdns': + case 'spdns-v6': + if (preg_match('/notfqdn/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Error) Not A FQDN!"; + } else if (preg_match('/nohost/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Error) No such host"; + } else if (preg_match('/nochg/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Success) No Change In IP Address"; + $successful_update = true; + } else if (preg_match('/good/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Success) IP Address Changed Successfully! (".$this->_dnsIP.")"; + $successful_update = true; + } else if (preg_match('/badauth/i', $data)) { + $status = "phpDynDNS ({$this->_dnsHost}): (Error) User Authorization Failed"; + } else { + $status = "phpDynDNS ({$this->_dnsHost}): (Unknown Response)"; + log_error("phpDynDNS ({$this->_dnsHost}): PAYLOAD: {$data}"); + $this->_debug($data); + } + break; } if ($successful_update == true) { diff --git a/src/etc/inc/easyrule.inc b/src/etc/inc/easyrule.inc index dbb8cfc..e91c8a5 100644 --- a/src/etc/inc/easyrule.inc +++ b/src/etc/inc/easyrule.inc @@ -27,15 +27,12 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* - pfSense_BUILDER_BINARIES: - pfSense_MODULE: filter -*/ $blockaliasname = 'EasyRuleBlockHosts'; $protocols_with_ports = array('tcp', 'udp'); require_once("functions.inc"); require_once("util.inc"); +require_once("ipsec.inc"); require_once("config.inc"); function easyrule_find_rule_interface($int) { @@ -52,7 +49,7 @@ function easyrule_find_rule_interface($int) { } /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (ipsec_enabled()) { $iflist["enc0"] = "IPSEC"; } diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 18cae55..a06b63e 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* filter.inc Copyright (C) 2004-2006 Scott Ullrich @@ -32,10 +31,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_BUILDER_BINARIES: /sbin/kldload /usr/sbin/tcpdump /sbin/pfctl /bin/rm - pfSense_BUILDER_BINARIES: /usr/sbin/inetd - pfSense_MODULE: filter */ @@ -278,8 +273,6 @@ function filter_configure_sync($delete_states_if_needed = true) { } update_filter_reload_status(gettext("Generating ALTQ queues")); $altq_queues = filter_generate_altq_queues(); - update_filter_reload_status(gettext("Generating Layer7 rules")); - generate_layer7_files(); if (platform_booting() == true) { echo "."; } @@ -433,31 +426,32 @@ function filter_configure_sync($delete_states_if_needed = true) { * then output the contents of the error to the caller */ if ($rules_loading <> 0) { - $saved_line_error = $rules_error[0]; - $line_error = explode(":", $rules_error[0]); - $line_number = $line_error[1]; - $line_split = file("{$g['tmp_path']}/rules.debug"); - if (is_array($line_split)) { - $line_error = sprintf(gettext('The line in question reads [%1$d]: %2$s'), $line_number, $line_split[$line_number-1]); - } - unset($line_split); - - /* Brutal ugly hack but required -- PF is stuck, unwedge */ - if (strstr("$rules_error[0]", "busy")) { - exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug"); - $error_msg = gettext("PF was wedged/busy and has been reset."); - file_notice("pf_busy", $error_msg, "pf_busy", ""); - } else { - $_grbg = exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug.old 2>&1"); + foreach ($rules_error as $errorline) { + $saved_line_error = $errorline; + $line_error = explode(":", $errorline); + $line_number = $line_error[1]; + $line_split = file("{$g['tmp_path']}/rules.debug"); + if (is_array($line_split)) { + $line_error = sprintf(gettext('The line in question reads [%1$d]: %2$s'), $line_number, $line_split[$line_number-1]); + } + unset($line_split); + + /* Brutal ugly hack but required -- PF is stuck, unwedge */ + if (strstr("$rules_error[0]", "busy")) { + exec("/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f {$g['tmp_path']}/rules.debug"); + $error_msg = gettext("PF was wedged/busy and has been reset."); + file_notice("pf_busy", $error_msg, "pf_busy", ""); + } else { + $_grbg = exec("/sbin/pfctl -o basic -f {$g['tmp_path']}/rules.debug.old 2>&1"); + } + if ($line_error and $line_number) { + file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error), "Filter Reload", ""); + update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error)); + unlock($filterlck); + return; + } } unset($rules_loading, $rules_error); - - if ($line_error and $line_number) { - file_notice("filter_load", sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error), "Filter Reload", ""); - update_filter_reload_status(sprintf(gettext('There were error(s) loading the rules: %1$s - %2$s'), $saved_line_error, $line_error)); - unlock($filterlck); - return; - } } # If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine). @@ -465,9 +459,6 @@ function filter_configure_sync($delete_states_if_needed = true) { $_grbg = exec("/sbin/pfctl -t bogonsv6 -T kill 2>/dev/null"); } - update_filter_reload_status(gettext("Starting up layer7 daemon")); - layer7_start_l7daemon(); - if (!platform_booting()) { if (!empty($filterdns)) { @file_put_contents("{$g['varetc_path']}/filterdns.conf", implode("", $filterdns)); @@ -934,13 +925,13 @@ function filter_get_vpns_list() { $vpns_arr = array(); /* ipsec */ - if (isset($config['ipsec']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { if ((!$ph2ent['mobile']) && ($ph2ent['mode'] != 'transport')) { - if (!function_exists('ipsec_idinfo_to_cidr')) { - require_once("ipsec.inc"); - } if (!is_array($ph2ent['remoteid'])) { continue; } @@ -1067,7 +1058,6 @@ function filter_generate_optcfg_array() { echo "filter_generate_optcfg_array() being called $mt\n"; } - read_layer7_config(); /* if list */ $iflist = get_configured_interface_with_descr(); foreach ($iflist as $if => $ifdetail) { @@ -1172,7 +1162,10 @@ function filter_generate_optcfg_array() { } } /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { $oic = array(); $oic['if'] = 'enc0'; $oic['descr'] = 'IPsec'; @@ -1329,12 +1322,12 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco return $natrules; } -function filter_generate_reflection_proxy($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_port, &$starting_localhost_port, &$reflection_txt) { +function filter_generate_reflection_proxy($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_port, &$starting_localhost_port, &$reflection_rules) { global $FilterIflist, $config; // Initialize natrules holder string $natrules = ""; - $reflection_txt = array(); + $reflection_rules = array(); if (!empty($rdr_ifs)) { if ($config['system']['reflectiontimeout']) { @@ -1509,17 +1502,27 @@ function filter_generate_reflection_proxy($rule, $nordr, $rdr_ifs, $srcaddr, $ds if ($reflect_proto == "udp") { $socktype = "dgram"; $dash_u = "-u "; - $wait = "wait\t"; + $wait = "yes"; } else { $socktype = "stream"; $dash_u = ""; - $wait = "nowait/0"; + $wait = "no"; } foreach ($rtarget as $targip) { if (empty($targip)) { continue; } - $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\t{$wait}\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n"; + $reflection_rule = array( + 'port' => $inetdport, + 'socket_type' => $socktype, + 'protocol' => $reflect_proto, + 'wait' => $wait, + 'user' => 'nobody', + 'server' => '/usr/bin/nc', + 'server_args' => "{$dash_u}-w {$reflectiontimeout} {$targip} {$tda}" + ); + $reflection_rules[] = $reflection_rule; + unset($reflection_rule); } } $inetdport++; @@ -1532,8 +1535,6 @@ function filter_generate_reflection_proxy($rule, $nordr, $rdr_ifs, $srcaddr, $ds break; } } - - $reflection_txt = array_unique($reflection_txt); } return $natrules; @@ -1787,6 +1788,26 @@ function filter_nat_rules_generate_if ($if, $src = "any", $srcport = "", $dst = return $natrule; } +function xinetd_service_entry($entry_array) { + $entry = <<<EOD +service {$entry_array['port']}-{$entry_array['protocol']} +{ + type = unlisted + bind = 127.0.0.1 + port = {$entry_array['port']} + socket_type = {$entry_array['socket_type']} + protocol = {$entry_array['protocol']} + wait = {$entry_array['wait']} + user = {$entry_array['user']} + server = {$entry_array['server']} + server_args = {$entry_array['server_args']} +} + + +EOD; + return $entry; +} + function filter_nat_rules_generate() { global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList, $aliases; @@ -1896,12 +1917,19 @@ function filter_nat_rules_generate() { } /* ipsec nat */ - if (is_array($config['ipsec']) && isset($config['ipsec']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { - if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid'])) { - if (!function_exists('ipsec_idinfo_to_cidr')) { - require_once("ipsec.inc"); + if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) { + ipsec_lookup_phase1($ph2ent, $ph1ent); + if (!is_array($ph1ent)) { + continue; + } + if (isset($ph1ent['disabled'])) { + continue; } if (!is_array($ph2ent['localid'])) { $ph2ent['localid'] = array(); @@ -2069,13 +2097,21 @@ function filter_nat_rules_generate() { $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto ipv6 from any to any -> {$config['diag']['ipv6nat']['ipaddr']}\n"; } - if (file_exists("/var/etc/inetd.conf")) { - @unlink("/var/etc/inetd.conf"); - } - // Open inetd.conf write handle - $inetd_fd = fopen("/var/etc/inetd.conf", "w"); + unlink_if_exists("{$g['varetc_path']}/xinetd.conf"); + // Open xinetd.conf write handle + $xinetd_fd = fopen("{$g['varetc_path']}/xinetd.conf", "w"); + /* add tftp protocol helper */ - fwrite($inetd_fd, "tftp-proxy\tdgram\tudp\twait\t\troot\t/usr/libexec/tftp-proxy\ttftp-proxy -v\n"); + $ftp_proxy_entry = array( + 'port' => 6969, + 'socket_type' => 'dgram', + 'protocol' => 'udp', + 'wait' => 'yes', + 'user' => 'root', + 'server' => '/usr/libexec/tftp-proxy', + 'server_args' => '-v' + ); + fwrite($xinetd_fd, xinetd_service_entry($ftp_proxy_entry)); if (isset($config['nat']['rule'])) { /* start reflection redirects on port 19000 of localhost */ @@ -2257,8 +2293,8 @@ function filter_nat_rules_generate() { if ($reflection_type == "proxy" && !isset($rule['nordr'])) { $natrules .= filter_generate_reflection_proxy($rule, $nordr, $nat_if_list, $srcaddr, $dstaddr, $starting_localhost_port, $reflection_rules); $nat_if_list = array($natif); - foreach ($reflection_rules as $txtline) { - fwrite($inetd_fd, $txtline); + foreach ($reflection_rules as $reflection_rule) { + fwrite($xinetd_fd, xinetd_service_entry($reflection_rule)); } } else if ($reflection_type == "purenat" || isset($rule['nordr'])) { $rdr_if_list = implode(" ", $nat_if_list); @@ -2282,7 +2318,7 @@ function filter_nat_rules_generate() { } } } - fclose($inetd_fd); // Close file handle + fclose($xinetd_fd); // Close file handle $natrules .= discover_pkg_rules("nat"); @@ -2293,13 +2329,15 @@ function filter_nat_rules_generate() { $natrules .= "\n# Reflection redirects and NAT for 1:1 mappings\n" . $reflection_txt; } - // Check if inetd is running, if not start it. If so, restart it gracefully. - $helpers = isvalidproc("inetd"); - if (file_exists("/var/etc/inetd.conf")) { - if (!$helpers) { - mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.conf"); + // Check if xinetd is running, if not start it. If so, restart it gracefully. + if (file_exists("{$g['varetc_path']}/xinetd.conf")) { + if (isvalidpid("{$g['varrun_path']}/xinetd.pid")) { + sigkillbypid("{$g['varrun_path']}/xinetd.pid", "HUP"); } else { - sigkillbypid("/var/run/inetd.pid", "HUP"); + mwexec("/usr/local/sbin/xinetd " . + "-syslog daemon " . + "-f {$g['varetc_path']}/xinetd.conf " . + "-pidfile {$g['varrun_path']}/xinetd.pid"); } } @@ -2558,7 +2596,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { function filter_generate_user_rule($rule) { global $config, $g, $FilterIflist, $GatewaysList; - global $layer7_rules_list, $dummynet_name_list; + global $dummynet_name_list; if (isset($config['system']['developerspew'])) { $mt = microtime(); @@ -2668,7 +2706,7 @@ function filter_generate_user_rule($rule) { $rg = get_interface_gateway($rule['interface']); if (is_ipaddrv4($rg)) { $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; - } + } } } /* if user has selected a custom gateway, lets work with it */ @@ -2719,15 +2757,6 @@ function filter_generate_user_rule($rule) { } $aline['dst'] = "to $dst "; - //Layer7 support - $l7_present = false; - $l7_structures = array(); - if (isset($rule['l7container']) && $rule['l7container'] != "none") { - $l7_present = true; - $l7rule =& $layer7_rules_list[$rule['l7container']]; - $l7_structures = $l7rule->get_unique_structures(); - $aline['divert'] = "divert-to " . $l7rule->GetRPort() . " "; - } if (($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet")) { $aline['icmp-type'] = "icmp-type {$rule['icmptype']} "; } @@ -2866,7 +2895,7 @@ function filter_generate_user_rule($rule) { $rule['nopfsync'] = true; } - if ($noadvoptions == false || $l7_present) { + if ($noadvoptions == false) { if ((isset($rule['source-track']) and $rule['source-track'] <> "") or (isset($rule['max']) and $rule['max'] <> "") or (isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") or @@ -2877,8 +2906,7 @@ function filter_generate_user_rule($rule) { (isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> ""))) or (isset($rule['sloppy'])) or - (isset($rule['nopfsync'])) or - ($l7_present)) { + (isset($rule['nopfsync']))) { $aline['flags'] .= "( "; if (isset($rule['sloppy'])) { $aline['flags'] .= "sloppy "; @@ -2917,10 +2945,6 @@ function filter_generate_user_rule($rule) { $aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global "; } - if (!empty($aline['divert'])) { - $aline['flags'] .= "max-packets 8 "; - } - $aline['flags'] .= " ) "; } } @@ -2991,7 +3015,7 @@ function filter_generate_user_rule($rule) { /* piece together the actual user rule */ $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] . - $aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['tracker'] . + $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['tracker'] . $aline['vlanprio'] . $aline['vlanprioset'] . $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'] . $aline['schedlabel']; unset($aline); @@ -3333,6 +3357,19 @@ EOD; } } + /* allow access to DHCP relay on interfaces */ + if (isset($config['dhcrelay']['enable'])) { + $dhcifaces = explode(",", $dhcrelaycfg['interface']); + foreach ($dhcifaces as $dhcrelayif) { + if ($dhcrelayif == $on) { + $ipfrules .= <<<EOD +# allow access to DHCP relay on {$oc['descr']} +pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 68 to 255.255.255.255 port = 67 tracker {$increment_tracker($tracker)} label "allow access to DHCP relay" + +EOD; + } + } + } break; } @@ -3460,7 +3497,10 @@ EOD; $saved_tracker += 300; $tracker = $saved_tracker; /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { $ipfrules .= "pass out {$log['pass']} on \$IPsec all tracker {$increment_tracker($tracker)} tracker {$increment_tracker($tracker)} keep state label \"IPsec internal host to host\"\n"; } @@ -3948,8 +3988,10 @@ function filter_generate_ipsec_rules($log = array()) { $increment_tracker = 'filter_rule_tracker'; $ipfrules = "\n# VPN Rules\n"; - if ((isset($config['ipsec']['enable'])) && - (is_array($config['ipsec']['phase1']))) { + if (!function_exists('ipsec_enabled')) { + require_once("ipsec.inc"); + } + if (ipsec_enabled()) { /* step through all phase1 entries */ foreach ($config['ipsec']['phase1'] as $ph1ent) { $tracker += 10; @@ -3959,9 +4001,6 @@ function filter_generate_ipsec_rules($log = array()) { } /* determine local and remote peer addresses */ if (!isset($ph1ent['mobile'])) { - if (!function_exists('ipsec_get_phase1_dst')) { - require_once("ipsec.inc"); - } $rgip = ipsec_get_phase1_dst($ph1ent); if (!$rgip) { $ipfrules .= "# ERROR! Unable to determine remote IPsec peer address for {$ph1ent['remote-gateway']}\n"; diff --git a/src/etc/inc/filter_log.inc b/src/etc/inc/filter_log.inc index 6779f4d..32ba9da 100644 --- a/src/etc/inc/filter_log.inc +++ b/src/etc/inc/filter_log.inc @@ -1,38 +1,57 @@ <?php -/* $Id$ */ /* filter_log.inc - part of pfSesne by Scott Ullrich - originally based on m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2009 Jim Pingle <myfirstname>@<mylastname>.org - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -/* - pfSense_BUILDER_BINARIES: /usr/sbin/fifolog_reader /usr/bin/tail /usr/local/sbin/clog - pfSense_MODULE: filter */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ require 'config.inc'; @@ -42,7 +61,7 @@ $buffer_rules_normal = array(); /* format filter logs */ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $filterinterface = null) { - global $config, $g; + global $config, $g, $pattern; /* Make sure this is a number before using it in a system call */ if (!(is_numeric($tail))) { @@ -56,11 +75,75 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil /* Always do a reverse tail, to be sure we're grabbing the 'end' of the log. */ $logarr = ""; - if (isset($config['system']['usefifolog'])) { - exec("/usr/sbin/fifolog_reader " . escapeshellarg($logfile) . " | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); - } else { - exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/grep 'filterlog:' | /usr/bin/tail -r -n {$tail}", $logarr); + if ($logfile == "{$g['varlog_path']}/system.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/gateways.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/routing.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/resolver.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/wireless.log") { $logfile_type = "system"; } + + else if ($logfile == "{$g['varlog_path']}/filter.log") { $logfile_type = "firewall"; } + else if ($logfile == "{$g['varlog_path']}/dhcpd.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/portalauth.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/ipsec.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/ppp.log") { $logfile_type = "system"; } + + else if ($logfile == "{$g['varlog_path']}/vpn.log") { $logfile_type = "tbd"; } + else if ($logfile == "{$g['varlog_path']}/poes.log") { $logfile_type = "tbd"; } + else if ($logfile == "{$g['varlog_path']}/l2tps.log") { $logfile_type = "tbd"; } + + else if ($logfile == "{$g['varlog_path']}/relayd.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/openvpn.log") { $logfile_type = "system"; } + else if ($logfile == "{$g['varlog_path']}/ntpd.log") { $logfile_type = "system"; } + + else { $logfile_type = "unknown"; } + + +# Common Regular Expression Patterns + $month_pattern = "[a-zA-Z]{3}"; + $day_pattern = "[0-9]{1,2}"; + $time_pattern = "[0-9]{2}:[0-9]{2}:[0-9]{2}"; + + $date_pattern = "\(" . $month_pattern . "\ +" . $day_pattern . "\ +" . $time_pattern . "\)"; + + $host_pattern = "\(.*?\)"; +# $host_pattern = "\([a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]\)"; + + $process_pattern = "\(.*?\)\(?::\ +\)?"; + $pid_pattern = "\(?:\\\[\([0-9:]*\)\\\]\)?:?"; + $process_pid_pattern = $process_pattern . $pid_pattern; + + $log_message_pattern = "\(.*\)"; + + + # Construct RegEx for specific log file type. + if ($logfile_type == 'firewall') { + $pattern = "filterlog:"; + } + else if ($logfile_type == 'system') { + $pattern = "^" . $date_pattern . "\ +" . $host_pattern . "\ +" . $process_pid_pattern . "\ +" . $log_message_pattern . "$"; } + else if ($logfile_type == 'tbd') { + $pattern = "^\(.*\)$"; + } + else if ($logfile_type == 'unknown') { + $pattern = "^" . $date_pattern . "\ +" . $log_message_pattern . "$"; + } + else { + $pattern = "^\(.*\)$"; + } + + + # Get a bunch of log entries. + exec("/usr/local/sbin/clog " . escapeshellarg($logfile) . " | /usr/bin/grep -v \"CLOG\" | /usr/bin/grep -v \"\033\" | /usr/bin/grep -E $pattern | /usr/bin/tail -r -n {$tail}", $logarr); + + + # Remove escapes and fix up the pattern for preg_match. + $pattern = '/' . $pattern . '/'; + $pattern = str_replace('\(', '(', $pattern); + $pattern = str_replace('\)', ')', $pattern); + $pattern = str_replace('\[', '[', $pattern); + $pattern = str_replace('\]', ']', $pattern); + $filterlog = array(); $counter = 0; @@ -71,7 +154,12 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil break; } - $flent = parse_filter_line($logent); + if ($logfile_type == 'firewall') { $flent = parse_firewall_log_line($logent); } + else if ($logfile_type == 'system') { $flent = parse_system_log_line($logent); } + else if ($logfile_type == 'tbd') { $flent = array(); } + else if ($logfile_type == 'unknown') { $flent = parse_unknown_log_line($logent); } + else { $flent = array(); } + if (!$filterinterface || ($filterinterface == $flent['interface'])) { if ((($flent != "") && (!is_array($filtertext)) && (match_filter_line($flent, $filtertext))) || (($flent != "") && (is_array($filtertext)) && (match_filter_field($flent, $filtertext)))) { @@ -81,7 +169,13 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $fil } } /* Since the lines are in reverse order, flip them around if needed based on the user's preference */ - return isset($config['syslog']['reverse']) ? $filterlog : array_reverse($filterlog); + # First get the "General Logging Options" (global) chronological order setting. Then apply specific log override if set. + $reverse = isset($config['syslog']['reverse']); + $specific_log = basename($logfile, '.log') . '_settings'; + if ($config['syslog'][$specific_log]['cronorder'] == 'forward') $reverse = false; + if ($config['syslog'][$specific_log]['cronorder'] == 'reverse') $reverse = true; + + return ($reverse) ? $filterlog : array_reverse($filterlog); } function escape_filter_regex($filtertext) { @@ -136,7 +230,53 @@ function in_arrayi($needle, $haystack) { return in_array(strtolower($needle), array_map('strtolower', $haystack)); } -function parse_filter_line($line) { +function parse_unknown_log_line($line) { + global $config, $g, $pattern; + + $flent = array(); + $log_split = ""; + + if (!preg_match($pattern, $line, $log_split)) { + return ""; + } + + list($all, $flent['time'], $flent['message']) = $log_split; + + /* If there is time, and message, fields, then the line should be usable/good */ + if (!((trim($flent['time']) == "") && (trim($flent['message']) == ""))) { + return $flent; + } else { + if ($g['debug']) { + log_error(sprintf(gettext("There was a error parsing log entry: %s. Please report to mailing list or forum."), $line)); + } + return ""; + } +} + +function parse_system_log_line($line) { + global $config, $g, $pattern; + + $flent = array(); + $log_split = ""; + + if (!preg_match($pattern, $line, $log_split)) { + return ""; + } + + list($all, $flent['time'], $flent['host'], $flent['process'], $flent['pid'], $flent['message']) = $log_split; + + /* If there is time, process, and message, fields, then the line should be usable/good */ + if (!((trim($flent['time']) == "") && (trim($flent['process']) == "") && (trim($flent['message']) == ""))) { + return $flent; + } else { + if ($g['debug']) { + log_error(sprintf(gettext("There was a error parsing log entry: %s. Please report to mailing list or forum."), $line)); + } + return ""; + } +} + +function parse_firewall_log_line($line) { global $config, $g; $flent = array(); @@ -271,7 +411,7 @@ function parse_filter_line($line) { return $flent; } else { if ($g['debug']) { - log_error(sprintf(gettext("There was a error parsing rule: %s. Please report to mailing list or forum."), $errline)); + log_error(sprintf(gettext("There was a error parsing rule: %s. Please report to mailing list or forum."), $line)); } return ""; } @@ -312,11 +452,7 @@ function find_rule_by_number($rulenum, $trackernum, $type="block") { if ($type == "rdr") { $_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | /usr/bin/egrep " . escapeshellarg("^@{$rulenum}"), $buffer); } else { - if (file_exists("{$g['tmp_path']}/rules.debug")) { - $_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep " . escapeshellarg($lookup_pattern), $buffer); - } else { - $_gb = exec("/sbin/pfctl -vvPsr | /usr/bin/egrep " . escapeshellarg($lookup_pattern), $buffer); - } + $_gb = exec("/sbin/pfctl -vvPsr | /usr/bin/egrep " . escapeshellarg($lookup_pattern), $buffer); } if (is_array($buffer)) { return $buffer[0]; @@ -333,7 +469,7 @@ function buffer_rules_load() { $buffer_rules_rdr = array(); $buffer_rules_normal = array(); - $_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | grep '^@'", $buffer); + $_gb = exec("/sbin/pfctl -vvPsn -a \"miniupnpd\" | /usr/bin/grep '^@'", $buffer); if (is_array($buffer)) { foreach ($buffer as $line) { list($key, $value) = explode (" ", $line, 2); @@ -341,11 +477,7 @@ function buffer_rules_load() { } } unset($buffer, $_gb); - if (file_exists("{$g['tmp_path']}/rules.debug")) { - $_gb = exec("/sbin/pfctl -vvPnf {$g['tmp_path']}/rules.debug 2>/dev/null | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]' | /usr/bin/egrep -v '^@[0-9]+\([0-9]+\)[[:space:]](nat|rdr|binat|no|scrub)'", $buffer); - } else { - $_gb = exec("/sbin/pfctl -vvPsr | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]'", $buffer); - } + $_gb = exec("/sbin/pfctl -vvPsr | /usr/bin/egrep '^@[0-9]+\([0-9]+\)[[:space:]].*[[:space:]]log[[:space:]]'", $buffer); if (is_array($buffer)) { foreach ($buffer as $line) { @@ -386,7 +518,7 @@ function find_rule_by_number_buffer($rulenum, $trackernum, $type) { } else { $ruleString = $buffer_rules_normal[$lookup_key]; list(,$rulename,) = explode("\"", $ruleString); - $rulename = str_replace("USER_RULE: ", '<img src="/themes/' . $g['theme'] . '/images/icons/icon_frmfld_user.png" width="11" height="12" title="USER_RULE" alt="USER_RULE"/> ', $rulename); + $rulename = str_replace("USER_RULE: ", '<i class="fa fa-user"></i> ', $rulename); } return "{$rulename} ({$lookup_key})"; } @@ -394,11 +526,11 @@ function find_rule_by_number_buffer($rulenum, $trackernum, $type) { function find_action_image($action) { global $g; if ((strstr(strtolower($action), "p")) || (strtolower($action) == "rdr")) { - return "/themes/{$g['theme']}/images/icons/icon_pass.gif"; + return "fa-check-circle-o"; } else if (strstr(strtolower($action), "r")) { - return "/themes/{$g['theme']}/images/icons/icon_reject.gif"; + return "fa-times-circle-o"; } else { - return "/themes/{$g['theme']}/images/icons/icon_block.gif"; + return "fa-ban"; } } @@ -406,7 +538,7 @@ function find_action_image($action) { function handle_ajax($nentries, $tail = 50) { global $config; if ($_GET['lastsawtime'] or $_POST['lastsawtime']) { - global $filter_logfile,$filterent; + global $filter_logfile, $filterent; if ($_GET['lastsawtime']) { $lastsawtime = $_GET['lastsawtime']; } @@ -423,13 +555,18 @@ function handle_ajax($nentries, $tail = 50) { $filterlog = isset($config['syslog']['reverse']) ? array_reverse($filterlog) : $filterlog; foreach ($filterlog as $log_row) { $row_time = strtotime($log_row['time']); - $img = "<img border='0' src='" . find_action_image($log_row['act']) . "' alt={$log_row['act']} title={$log_row['act']} />"; if ($row_time > $lastsawtime) { if ($log_row['proto'] == "TCP") { $log_row['proto'] .= ":{$log_row['tcpflags']}"; } - $btn = "<a href=\"#\" class=\"btn btn-danger btn-xs\" onClick=\"javascript:getURL('diag_logs_filter.php?getrulenum={$log_row['rulenum']},{$log_row['rulenum']}', outputrule);\">" . gettext("Block") . " </a>"; + if ($log_row['act'] == "block") { + $icon_act = "fa-times text-danger"; + } else { + $icon_act = "fa-check text-success"; + } + + $btn = '<i class="fa ' . $icon_act . ' icon-pointer" title="' . $log_row['act'] . '/' . $log_row['tracker'] . '" onclick="javascript:getURL(\'status_logs_filter.php?getrulenum=' . $log_row['rulenum'] . ',' . $log_row['tracker'] . ',' . $log_row['act'] . '\', outputrule);"></i>'; $new_rules .= "{$btn}||{$log_row['time']}||{$log_row['interface']}||{$log_row['srcip']}||{$log_row['srcport']}||{$log_row['dstip']}||{$log_row['dstport']}||{$log_row['proto']}||{$log_row['version']}||" . time() . "||\n"; } } diff --git a/src/etc/inc/functions.inc b/src/etc/inc/functions.inc index 40e2dae..1edd6a3 100644 --- a/src/etc/inc/functions.inc +++ b/src/etc/inc/functions.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* functions.inc Copyright (C) 2004-2006 Scott Ullrich @@ -29,9 +28,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_MODULE: utils - */ /* BEGIN compatibility goo with HEAD */ diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc index 3714032..9ac9c61 100644 --- a/src/etc/inc/globals.inc +++ b/src/etc/inc/globals.inc @@ -1,38 +1,65 @@ <?php -/* $Id$ */ -/* - globals.inc - part of pfSense (https://www.pfsense.org) - Copyright (C) 2004-2010 Scott Ullrich - - Originally Part of m0n0wall - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - pfSense_MODULE: utils - -*/ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ + + +// Global defines + +// Automatic panel collapse +define(COLLAPSIBLE, 0x08); +define(SEC_CLOSED, 0x04); +define(SEC_OPEN, 0x00); + +// AddPassword method defines +define(DMYPWD, "********"); global $g; $g = array( @@ -60,31 +87,26 @@ $g = array( "product_name" => "pfSense", "product_version" => trim(file_get_contents("/etc/version"), " \n"), "product_copyright" => "Electric Sheep Fencing LLC", - "product_copyright_url" => "http://www.electricsheepfencing.com", + "product_copyright_url" => "https://pfsense.org/license", "product_copyright_years" => "2004 - ".date("Y"), "product_website" => "www.pfsense.org", "product_website_footer" => "https://www.pfsense.org/?gui=bootstrap", "product_email" => "coreteam@pfsense.org", "hideplatform" => false, - "hidedownloadbackup" => false, "hidebackupbeforeupgrade" => false, - "disablethemeselection" => false, "disablehelpmenu" => false, "disablehelpicon" => false, "disablecrashreporter" => false, "crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "12.2", + "latest_config" => "13.4", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", "wan_interface_name" => "wan", - "xmlrpcbaseurl" => "https://packages.pfsense.org", "captiveportal_path" => "/usr/local/captiveportal", "captiveportal_element_path" => "/var/db/cpelements", "captiveportal_element_sizelimit" => 1048576, - "xmlrpcpath" => "/xmlrpc.php", - "embeddedbootupslice" => "/dev/ad0a", "services_dhcp_server_enable" => true, "wireless_regex" => "/^(ndis|wi|ath|an|ral|ural|iwi|wlan|rum|run|bwn|zyd|mwl|bwi|ipw|iwn|malo|uath|upgt|urtw|wpi)/", "help_base_url" => "/help.php", @@ -116,7 +138,6 @@ if (file_exists("/etc/platform")) { $g['platform'] = trim(file_get_contents("/etc/platform")); if ($g['platform'] == "nanobsd") { $g['firmware_update_text']="pfSense-*.img.gz"; - $g['hidedownloadbackup'] = true; $g['hidebackupbeforeupgrade'] = true; } else { @@ -137,7 +158,6 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.tcp.syncookies" => "1", "net.inet.tcp.recvspace" => "65228", "net.inet.tcp.sendspace" => "65228", - "net.inet.ip.fastforwarding" => "0", "net.inet.tcp.delayed_ack" => "0", "net.inet.udp.maxdgram" => "57344", "net.link.bridge.pfil_onlyip" => "0", @@ -158,7 +178,6 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "kern.random.sys.harvest.ethernet" => 0, "net.route.netisr_maxqlen" => 1024, "net.inet.udp.checksum" => 1, - "net.bpf.zerocopy_enable" => 1, "net.inet.icmp.reply_from_interface" => 1, "net.inet6.ip6.rfc6204w3" => 1, "net.enc.out.ipsec_bpf_mask" => "0x0001", diff --git a/src/etc/inc/growl.class b/src/etc/inc/growl.class index 8f639e5..a6fbcc1 100644 --- a/src/etc/inc/growl.class +++ b/src/etc/inc/growl.class @@ -1,8 +1,4 @@ <?PHP -/* - pfSense_MODULE: notifications -*/ - class Growl { const GROWL_PRIORITY_LOW = -2; @@ -99,4 +95,4 @@ } } -?>
\ No newline at end of file +?> diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc index 9880cdc..1987e28 100644 --- a/src/etc/inc/gwlb.inc +++ b/src/etc/inc/gwlb.inc @@ -25,143 +25,163 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_BUILDER_BINARIES: /sbin/route /usr/local/sbin/apinger - pfSense_MODULE: routing - */ + require_once("config.inc"); require_once("rrd.inc"); -/* Returns an array of default values used for apinger.conf */ -function return_apinger_defaults() { +/* Returns an array of default values used for dpinger */ +function return_dpinger_defaults() { return array( "latencylow" => "200", "latencyhigh" => "500", "losslow" => "10", "losshigh" => "20", - "interval" => "1", - "down" => "10", - "avg_delay_samples" => "10", - "avg_loss_samples" => "50", - "avg_loss_delay_samples" => "20"); + "interval" => "250", + "loss_interval" => "1000", + "time_period" => "25000", + "alert_interval" => "1000"); } -/* - * Creates monitoring configuration file and - * adds appropriate static routes. - */ -function setup_gateways_monitor() { - global $config, $g; +function running_dpinger_processes() { + global $g; - $gateways_arr = return_gateways_array(); - if (!is_array($gateways_arr)) { - log_error("No gateways to monitor. Apinger will not be run."); - killbypid("{$g['varrun_path']}/apinger.pid"); - @unlink("{$g['varrun_path']}/apinger.status"); - return; - } + $pidfiles = glob("{$g['varrun_path']}/dpinger_*.pid"); - $apinger_debug = ""; - if (isset($config['system']['apinger_debug'])) { - $apinger_debug = "debug on"; + $result = array(); + if ($pidfiles === FALSE) { + return $result; } - $apinger_default = return_apinger_defaults(); - $apingerconfig = <<<EOD - -# pfSense apinger configuration file. Automatically Generated! - -{$apinger_debug} - -## User and group the pinger should run as -user "root" -group "wheel" - -## Mailer to use (default: "/usr/lib/sendmail -t") -#mailer "/var/qmail/bin/qmail-inject" - -## Location of the pid-file (default: "/var/run/apinger.pid") -pid_file "{$g['varrun_path']}/apinger.pid" - -## Format of timestamp (%s macro) (default: "%b %d %H:%M:%S") -#timestamp_format "%Y%m%d%H%M%S" + foreach ($pidfiles as $pidfile) { + if (preg_match('/^dpinger_(.+)_([^_]+)_([^_]+)\.pid$/', + basename($pidfile), $matches)) { + $socket_file = preg_replace('/\.pid$/', '.sock', + $pidfile); + $result[$matches[1]] = array( + 'srcip' => $matches[2], + 'targetip' => $matches[3], + 'pidfile' => $pidfile, + 'socket' => $socket_file + ); + unset($gwinfo); + } + } -status { - ## File where the status information should be written to - file "{$g['varrun_path']}/apinger.status" - ## Interval between file updates - ## when 0 or not set, file is written only when SIGUSR1 is received - interval 5s + return $result; } -######################################## -# RRDTool status gathering configuration -# Interval between RRD updates -rrd interval 60s; - -## These parameters can be overridden in a specific alarm configuration -alarm default { - command on "/usr/local/sbin/pfSctl -c 'service reload dyndns %T' -c 'service reload ipsecdns' -c 'service reload openvpn %T' -c 'filter reload' " - command off "/usr/local/sbin/pfSctl -c 'service reload dyndns %T' -c 'service reload ipsecdns' -c 'service reload openvpn %T' -c 'filter reload' " - combine 10s -} +/* + * Stop one or more dpinger process + * default parameter $gwname is '*' that will kill all running sessions + * If a gateway name is passed, only this one will be killed + */ +function stop_dpinger($gwname = '') { + global $g; -## "Down" alarm definition. -## This alarm will be fired when target doesn't respond for 30 seconds. -alarm down "down" { - time {$apinger_default['down']}s -} + $running_processes = running_dpinger_processes(); -## "Delay" alarm definition. -## This alarm will be fired when responses are delayed more than 200ms -## it will be canceled, when the delay drops below 100ms -alarm delay "delay" { - delay_low {$apinger_default['latencylow']}ms - delay_high {$apinger_default['latencyhigh']}ms -} + foreach ($running_processes as $running_gwname => $process) { + if ($gwname != '' && $running_gwname != $gwname) { + continue; + } -## "Loss" alarm definition. -## This alarm will be fired when packet loss goes over 20% -## it will be canceled, when the loss drops below 10% -alarm loss "loss" { - percent_low {$apinger_default['losslow']} - percent_high {$apinger_default['losshigh']} + if (isvalidpid($process['pidfile'])) { + killbypid($process['pidfile']); + } else { + @unlink($process['pidfile']); + } + } } -target default { - ## How often the probe should be sent - interval {$apinger_default['interval']}s - - ## How many replies should be used to compute average delay - ## for controlling "delay" alarms - avg_delay_samples {$apinger_default['avg_delay_samples']} - - ## How many probes should be used to compute average loss - avg_loss_samples {$apinger_default['avg_loss_samples']} +function start_dpinger($gateway) { + global $g; - ## The delay (in samples) after which loss is computed - ## without this delays larger than interval would be treated as loss - avg_loss_delay_samples {$apinger_default['avg_loss_delay_samples']} - - ## Names of the alarms that may be generated for the target - alarms "down","delay","loss" + if (!isset($gateway['gwifip'])) { + return; + } - ## Location of the RRD - #rrd file "{$g['vardb_path']}/rrd/apinger-%t.rrd" + $dpinger_defaults = return_dpinger_defaults(); + + $pidfile = "{$g['varrun_path']}/dpinger_{$gateway['name']}_" . + "{$gateway['gwifip']}_{$gateway['monitor']}.pid"; + $socket = "{$g['varrun_path']}/dpinger_{$gateway['name']}_" . + "{$gateway['gwifip']}_{$gateway['monitor']}.sock"; + $alarm_cmd = "{$g['etc_path']}/rc.gateway_alarm"; + + $params = "-S "; /* Log warnings via syslog */ + $params .= "-r 0 "; /* Disable unused reporting thread */ + $params .= "-i {$gateway['name']} "; /* Identifier */ + $params .= "-B {$gateway['gwifip']} "; /* Bind src address */ + $params .= "-p {$pidfile} "; /* PID filename */ + $params .= "-u {$socket} "; /* Status Socket */ + $params .= "-C \"{$alarm_cmd}\" "; /* Command to run on alarm */ + + $params .= "-s " . + (isset($gateway['interval']) && is_numeric($gateway['interval']) + ? $gateway['interval'] + : $dpinger_defaults['interval'] + ) . " "; + + $params .= "-l " . + (isset($gateway['loss_interval']) && is_numeric($gateway['loss_interval']) + ? $gateway['loss_interval'] + : $dpinger_defaults['loss_interval'] + ) . " "; + + $params .= "-t " . + (isset($gateway['time_period']) && is_numeric($gateway['time_period']) + ? $gateway['time_period'] + : $dpinger_defaults['time_period'] + ) . " "; + + $params .= "-A " . + (isset($gateway['alert_interval']) && is_numeric($gateway['alert_interval']) + ? $gateway['alert_interval'] + : $dpinger_defaults['alert_interval'] + ) . " "; + + $params .= "-D " . + (isset($gateway['latencyhigh']) && is_numeric($gateway['latencyhigh']) + ? $gateway['latencyhigh'] + : $dpinger_defaults['latencyhigh'] + ) . " "; + + $params .= "-L " . + (isset($gateway['losshigh']) && is_numeric($gateway['losshigh']) + ? $gateway['losshigh'] + : $dpinger_defaults['losshigh'] + ) . " "; + + /* Make sure we don't end up with 2 process for the same GW */ + stop_dpinger($gateway['name']); + + /* Redirect stdout to /dev/null to avoid exec() to wait for dpinger */ + return mwexec("/usr/local/bin/dpinger {$params} {$gateway['monitor']} >/dev/null"); } -EOD; +/* + * Starts dpinger processes and adds appropriate static routes for monitor IPs + */ +function setup_gateways_monitor() { + global $config, $g; + + $gateways_arr = return_gateways_array(); + if (!is_array($gateways_arr)) { + log_error("No gateways to monitor. dpinger will not run."); + stop_dpinger(); + return; + } $monitor_ips = array(); - foreach ($gateways_arr as $name => $gateway) { + foreach ($gateways_arr as $gwname => $gateway) { /* Do not monitor if such was requested */ if (isset($gateway['monitor_disable'])) { continue; } if (empty($gateway['monitor']) || !is_ipaddr($gateway['monitor'])) { if (is_ipaddr($gateway['gateway'])) { - $gateway['monitor'] = $gateway['gateway']; + $gateways_arr[$gwname]['monitor'] = $gateway['gateway']; } else { /* No chance to get an ip to monitor skip target. */ continue; } @@ -172,9 +192,9 @@ EOD; continue; } - /* Interface ip is needed since apinger will bind a socket to it. + /* Interface ip is needed since dpinger will bind a socket to it. * However the config GUI should already have checked this and when - * PPoE is used the IP address is set to "dynamic". So using is_ipaddrv4 + * PPPoE is used the IP address is set to "dynamic". So using is_ipaddrv4 * or is_ipaddrv6 to identify packet type would be wrong, especially as * further checks (that can cope with the "dynamic" case) are present inside * the if block. So using $gateway['ipprotocol'] is the better option. @@ -208,33 +228,25 @@ EOD; pfSense_kill_states("0.0.0.0/0", $gateway['monitor'], $gateway['interface'], "icmp"); } } else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway... - if ($gateway['monitor'] == $gateway['gateway']) { - /* link locals really need a different src ip */ - if (is_linklocal($gateway['gateway'])) { - if (!strpos($gateway['gateway'], '%')) { - $gateway['gateway'] .= '%' . $gateway['interface']; - } - $gwifip = find_interface_ipv6_ll($gateway['interface'], true); - } else { - $gwifip = find_interface_ipv6($gateway['interface'], true); + if (is_linklocal($gateway['gateway']) && + get_ll_scope($gateway['gateway']) == '') { + $gateways_arr[$gwname]['gateway'] .= '%' . $gateway['interface']; + } + + if (is_linklocal($gateway['monitor'])) { + if (get_ll_scope($gateway['monitor']) == '') { + $gateways_arr[$gwname]['monitor'] .= '%' . $gateway['interface']; + } + + $gwifip = find_interface_ipv6_ll($gateway['interface'], true); + + if (get_ll_scope($gwifip) == '') { + $gwifip .= '%' . $gateway['interface']; } } else { - /* 'monitor' has been set, so makes sure it has precedence over - * 'gateway' in defining the source IP. Otherwise if 'gateway' - * is a local link and 'monitor' is global routable then the - * ICMP6 response would not find its way back home... - */ $gwifip = find_interface_ipv6($gateway['interface'], true); } - /* Make sure srcip and target have scope defined when they are ll */ - if (is_linklocal($gwifip) && !strpos($gwifip, '%')) { - $gwifip .= '%' . $gateway['interface']; - } - if (is_linklocal($gateway['monitor']) && !strpos($gateway['monitor'], '%')) { - $gateway['monitor'] .= "%{$gateway['interface']}"; - } - if (!is_ipaddrv6($gwifip)) { continue; //Skip this target } @@ -262,176 +274,138 @@ EOD; } $monitor_ips[] = $gateway['monitor']; - $apingercfg = "target \"{$gateway['monitor']}\" {\n"; - $apingercfg .= " description \"{$name}\"\n"; - $apingercfg .= " srcip \"{$gwifip}\"\n"; - - ## How often the probe should be sent - if (!empty($gateway['interval']) && is_numeric($gateway['interval'])) { - $interval = intval($gateway['interval']); # Restrict to Integer - if ($interval < 1) { - $interval = 1; # Minimum - } - if ($interval != $apinger_default['interval']) { # If not default value - $apingercfg .= " interval " . $interval . "s\n"; - } - } + $gateways_arr[$gwname]['enable_dpinger'] = true; + $gateways_arr[$gwname]['gwifip'] = $gwifip; + } - ## How many replies should be used to compute average delay - ## for controlling "delay" alarms - if (!empty($gateway['avg_delay_samples']) && is_numeric($gateway['avg_delay_samples'])) { - $avg_delay_samples = intval($gateway['avg_delay_samples']); # Restrict to Integer - if ($avg_delay_samples < 1) { - $avg_delay_samples = 1; # Minimum - } - if ($avg_delay_samples != $apinger_default['avg_delay_samples']) { # If not default value - $apingercfg .= " avg_delay_samples " . $avg_delay_samples . "\n"; - } - } + stop_dpinger(); - ## How many probes should be used to compute average loss - if (!empty($gateway['avg_loss_samples']) && is_numeric($gateway['avg_loss_samples'])) { - $avg_loss_samples = intval($gateway['avg_loss_samples']); # Restrict to Integer - if ($avg_loss_samples < 1) { - $avg_loss_samples = 1; # Minimum - } - if ($avg_loss_samples != $apinger_default['avg_loss_samples']) { # If not default value - $apingercfg .= " avg_loss_samples " . $avg_loss_samples . "\n"; - } + /* Start new processes */ + foreach ($gateways_arr as $gateway) { + if (!isset($gateway['enable_dpinger'])) { + continue; } - ## The delay (in samples) after which loss is computed - ## without this delays larger than interval would be treated as loss - if (!empty($gateway['avg_loss_delay_samples']) && is_numeric($gateway['avg_loss_delay_samples'])) { - $avg_loss_delay_samples = intval($gateway['avg_loss_delay_samples']); # Restrict to Integer - if ($avg_loss_delay_samples < 1) { - $avg_loss_delay_samples = 1; # Minimum - } - if ($avg_loss_delay_samples != $apinger_default['avg_loss_delay_samples']) { # If not default value - $apingercfg .= " avg_loss_delay_samples " . $avg_loss_delay_samples . "\n"; - } + if (start_dpinger($gateway) != 0) { + log_error("Error starting gateway monitor for " . + $gateway['name']); } + } - $alarms = ""; - $alarmscfg = ""; - $override = false; - if (!empty($gateway['losslow'])) { - $alarmscfg .= "alarm loss \"{$name}loss\" {\n"; - $alarmscfg .= "\tpercent_low {$gateway['losslow']}\n"; - $alarmscfg .= "\tpercent_high {$gateway['losshigh']}\n"; - $alarmscfg .= "}\n"; - $alarms .= "\"{$name}loss\""; - $override = true; - } else { - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"loss\""; - $override = true; - } - if (!empty($gateway['latencylow'])) { - $alarmscfg .= "alarm delay \"{$name}delay\" {\n"; - $alarmscfg .= "\tdelay_low {$gateway['latencylow']}ms\n"; - $alarmscfg .= "\tdelay_high {$gateway['latencyhigh']}ms\n"; - $alarmscfg .= "}\n"; - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"{$name}delay\""; - $override = true; - } else { - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"delay\""; - $override = true; - } - if (!empty($gateway['down'])) { - $alarmscfg .= "alarm down \"{$name}down\" {\n"; - $alarmscfg .= "\ttime {$gateway['down']}s\n"; - $alarmscfg .= "}\n"; - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"{$name}down\""; - $override = true; - } else { - if ($override == true) { - $alarms .= ","; - } - $alarms .= "\"down\""; - $override = true; - } - if ($override == true) { - $apingercfg .= "\talarms override {$alarms};\n"; - } + return; +} - if (isset($gateway['force_down'])) { - $apingercfg .= "\tforce_down on\n"; - } +function get_dpinger_status($gwname) { + global $g; - $apingercfg .= " rrd file \"{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd\"\n"; - $apingercfg .= "}\n"; - $apingercfg .= "\n"; + $running_processes = running_dpinger_processes(); - $apingerconfig .= $alarmscfg; - $apingerconfig .= $apingercfg; + if (!isset($running_processes[$gwname])) { + log_error("dpinger: No dpinger session running for gateway {$gwname}"); + return false; + } - # Create gateway quality RRD with settings more suitable for pfSense graph set, - # since apinger uses default step (300; 5 minutes) and other settings that don't - # match the pfSense gateway quality graph set. - create_gateway_quality_rrd("{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd"); + $proc = $running_processes[$gwname]; + unset($running_processes); + + if (!file_exists($proc['socket'])) { + log_error("dpinger: status socket {$proc['socket']} not found"); + return false; } - @file_put_contents("{$g['varetc_path']}/apinger.conf", $apingerconfig); - unset($apingerconfig); - /* Restart apinger process */ - if (isvalidpid("{$g['varrun_path']}/apinger.pid")) { - sigkillbypid("{$g['varrun_path']}/apinger.pid", "HUP"); - } else { - /* start a new apinger process */ - @unlink("{$g['varrun_path']}/apinger.status"); - sleep(1); - mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf"); - sleep(1); - sigkillbypid("{$g['varrun_path']}/apinger.pid", "USR1"); + $fp = stream_socket_client("unix://{$proc['socket']}", $errno, $errstr, 10); + if (!$fp) { + log_error("dpinger: cannot connect to status socket {$proc['socket']} - $errstr ($errno)"); + return false; } - return 0; -} + $status = ''; + while (!feof($fp)) { + $status .= fgets($fp, 1024); + } + fclose($fp); -/* return the status of the apinger targets as a array */ -function return_gateways_status($byname = false) { - global $config, $g; + $r = array(); + list( + $r['gwname'], + $r['latency_avg'], + $r['latency_stddev'], + $r['loss'] + ) = explode(' ', preg_replace('/\n/', '', $status)); + + $r['srcip'] = $proc['srcip']; + $r['targetip'] = $proc['targetip']; - $apingerstatus = array(); - /* Always get the latest status from apinger */ - if (file_exists("{$g['varrun_path']}/apinger.pid")) { - sigkillbypid("{$g['varrun_path']}/apinger.pid", "USR1"); + $gateways_arr = return_gateways_array(); + unset($gw); + if (isset($gateways_arr[$gwname])) { + $gw = $gateways_arr[$gwname]; } - if (file_exists("{$g['varrun_path']}/apinger.status")) { - $apingerstatus = file("{$g['varrun_path']}/apinger.status"); - } else { - $apingerstatus = array(); + + $r['latency_avg'] = round($r['latency_avg']/1000, 3); + $r['latency_stddev'] = round($r['latency_stddev']/1000, 3); + + $r['status'] = "none"; + if (isset($gw) && isset($gw['force_down'])) { + $r['status'] = "force_down"; + } else if (isset($gw)) { + $settings = return_dpinger_defaults(); + + $keys = array( + 'latencylow', + 'latencyhigh', + 'losslow', + 'losshigh' + ); + + /* Replace default values by user-defined */ + foreach ($keys as $key) { + if (isset($gw[$key]) && is_numeric($gw[$key])) { + $settings[$key] = $gw[$key]; + } + } + + if ($r['latency_avg'] > $settings['latencyhigh'] || + $r['loss'] > $settings['losshigh']) { + $r['status'] = "down"; + } else if ($r['latency_avg'] > $settings['latencylow']) { + $r['status'] = "delay"; + } else if ($r['loss'] > $settings['losslow']) { + $r['status'] = "loss"; + } } + return $r; +} + +/* return the status of the dpinger targets as an array */ +function return_gateways_status($byname = false) { + global $config, $g; + + $dpinger_gws = running_dpinger_processes(); $status = array(); - foreach ($apingerstatus as $line) { - $info = explode("|", $line); + + $gateways_arr = return_gateways_array(); + + foreach ($dpinger_gws as $gwname => $gwdata) { + $dpinger_status = get_dpinger_status($gwname); + if ($dpinger_status === false) { + continue; + } + if ($byname == false) { - $target = $info[0]; + $target = $dpinger_status['targetip']; } else { - $target = $info[2]; + $target = $gwname; } $status[$target] = array(); - $status[$target]['monitorip'] = $info[0]; - $status[$target]['srcip'] = $info[1]; - $status[$target]['name'] = $info[2]; - $status[$target]['lastcheck'] = $info[5] ? date('r', $info[5]) : date('r'); - $status[$target]['delay'] = empty($info[6]) ? "0ms" : round($info[6], 1) ."ms" ; - $status[$target]['loss'] = empty($info[7]) ? "0.0%" : round($info[7], 1) . "%"; - $status[$target]['status'] = trim($info[8]); + $status[$target]['monitorip'] = $dpinger_status['targetip']; + $status[$target]['srcip'] = $dpinger_status['srcip']; + $status[$target]['name'] = $gwname; + $status[$target]['delay'] = empty($dpinger_status['latency_avg']) ? "0ms" : $dpinger_status['latency_avg'] . "ms"; + $status[$target]['loss'] = empty($dpinger_status['loss']) ? "0.0%" : round($dpinger_status['loss'], 1) . "%"; + $status[$target]['status'] = $dpinger_status['status']; } /* tack on any gateways that have monitoring disabled @@ -441,7 +415,7 @@ function return_gateways_status($byname = false) { if (!isset($gwitem['monitor_disable'])) { continue; } - if (!is_ipaddr($gwitem['monitorip'])) { + if (!is_ipaddr($gwitem['monitor'])) { $realif = $gwitem['interface']; $tgtip = get_interface_gateway($realif); if (!is_ipaddr($tgtip)) { @@ -449,7 +423,7 @@ function return_gateways_status($byname = false) { } $srcip = find_interface_ip($realif); } else { - $tgtip = $gwitem['monitorip']; + $tgtip = $gwitem['monitor']; $srcip = find_interface_ip($realif); } if ($byname == true) { @@ -462,7 +436,6 @@ function return_gateways_status($byname = false) { if ($target == "none") { $target = $gwitem['name']; $status[$target]['name'] = $gwitem['name']; - $status[$target]['lastcheck'] = date('r'); $status[$target]['delay'] = "0.0ms"; $status[$target]['loss'] = "100.0%"; $status[$target]['status'] = "down"; @@ -470,7 +443,6 @@ function return_gateways_status($byname = false) { $status[$target]['monitorip'] = $tgtip; $status[$target]['srcip'] = $srcip; $status[$target]['name'] = $gwitem['name']; - $status[$target]['lastcheck'] = date('r'); $status[$target]['delay'] = "0.0ms"; $status[$target]['loss'] = "0.0%"; $status[$target]['status'] = "none"; @@ -1249,4 +1221,4 @@ function gateway_is_gwgroup_member($name) { return $members; } -?>
\ No newline at end of file +?> diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc index 8adadc0..49fd2ca 100644 --- a/src/etc/inc/interfaces.inc +++ b/src/etc/inc/interfaces.inc @@ -33,12 +33,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_BUILDER_BINARIES: /sbin/dhclient /bin/sh /usr/bin/grep /usr/bin/xargs /usr/bin/awk /usr/local/sbin/choparp - pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/route /usr/sbin/ngctl /usr/sbin/arp /bin/kill /usr/local/sbin/mpd5 - pfSense_BUILDER_BINARIES: /usr/local/sbin/dhcp6c - pfSense_MODULE: interfaces - */ /* include all configuration functions */ @@ -228,28 +222,29 @@ function interface_vlan_configure(&$vlan) { return; } $if = $vlan['if']; - $vlanif = empty($vlan['vlanif']) ? "{$if}_vlan{$vlan['tag']}" : $vlan['vlanif']; - $tag = $vlan['tag']; - if (empty($if)) { log_error(gettext("interface_vlan_configure called with if undefined.")); return; } + $vlanif = empty($vlan['vlanif']) ? "{$if}_vlan{$vlan['tag']}" : $vlan['vlanif']; + $tag = $vlan['tag']; + $pcp = empty($vlan['pcp']) ? 0 : $vlan['pcp']; /* Apply "Best Effort" if not set */ + /* make sure the parent interface is up */ interfaces_bring_up($if); /* Since we are going to add vlan(4) try to enable all that hardware supports. */ pfSense_interface_capabilities($if, IFCAP_VLAN_HWTAGGING|IFCAP_VLAN_MTU|IFCAP_VLAN_HWFILTER); if (!empty($vlanif) && does_interface_exist($vlanif)) { - interface_bring_down($vlanif, true); - } else { - $tmpvlanif = pfSense_interface_create("vlan"); - pfSense_interface_rename($tmpvlanif, $vlanif); - pfSense_ngctl_name("{$tmpvlanif}:", $vlanif); + pfSense_interface_destroy($vlanif); } - pfSense_vlan_create($vlanif, $if, $tag); + $tmpvlanif = pfSense_interface_create("vlan"); + pfSense_interface_rename($tmpvlanif, $vlanif); + pfSense_ngctl_name("{$tmpvlanif}:", $vlanif); + + pfSense_vlan_create($vlanif, $if, $tag, $pcp); interfaces_bring_up($vlanif); @@ -807,6 +802,7 @@ function interface_gre_configure(&$gre, $grekey = "") { $realif = get_real_interface($gre['if']); $realifip = get_interface_ip($gre['if']); + $realifip6 = get_interface_ipv6($gre['if']); /* make sure the parent interface is up */ interfaces_bring_up($realif); @@ -820,7 +816,11 @@ function interface_gre_configure(&$gre, $grekey = "") { } /* Do not change the order here for more see gre(4) NOTES section. */ - mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr'])); + if (is_ipaddrv6($gre['remote-addr'])) { + mwexec("/sbin/ifconfig {$greif} inet6 tunnel {$realifip6} " . escapeshellarg($gre['remote-addr'])); + } else { + mwexec("/sbin/ifconfig {$greif} tunnel {$realifip} " . escapeshellarg($gre['remote-addr'])); + } if ((is_ipaddrv6($gre['tunnel-local-addr'])) || (is_ipaddrv6($gre['tunnel-remote-addr']))) { /* XXX: The prefixlen argument for tunnels of ipv6 is useless since it needs to be 128 as enforced by kernel */ //mwexec("/sbin/ifconfig {$greif} inet6 " . escapeshellarg($gre['tunnel-local-addr']) . " " . escapeshellarg($gre['tunnel-remote-addr']) . " prefixlen /" . escapeshellarg($gre['tunnel-remote-net'])); @@ -936,7 +936,11 @@ function interface_gif_configure(&$gif, $gifkey = "") { } /* Do not change the order here for more see gif(4) NOTES section. */ - mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); + if (is_ipaddrv6($gif['remote-addr'])) { + mwexec("/sbin/ifconfig {$gifif} inet6 tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); + } else { + mwexec("/sbin/ifconfig {$gifif} tunnel {$realifip} " . escapeshellarg($gif['remote-addr'])); + } if ((is_ipaddrv6($gif['tunnel-local-addr'])) || (is_ipaddrv6($gif['tunnel-remote-addr']))) { /* XXX: The prefixlen argument for tunnels of ipv6 is useless since it needs to be 128 as enforced by kernel */ //mwexec("/sbin/ifconfig {$gifif} inet6 " . escapeshellarg($gif['tunnel-local-addr']) . " " . escapeshellarg($gif['tunnel-remote-addr']) . " prefixlen /" . escapeshellarg($gif['tunnel-remote-net'])); @@ -1621,7 +1625,7 @@ function interface_ppps_configure($interface) { interfaces_bring_up($port); pfSense_ngctl_attach(".", $port); /* Enable setautosrc to automatically change mac address if parent interface's changes */ - mwexec("ngctl msg {$port}: setautosrc 1"); + mwexec("/usr/sbin/ngctl msg {$port}: setautosrc 1"); break; case "pptp": case "l2tp": @@ -2019,8 +2023,8 @@ EOD; /* we only support the 3gstats.php for huawei modems for now. Will add more later. */ /* We should be able to launch the right version for each modem */ /* We can also guess the mondev from the manufacturer */ - exec("usbconfig | egrep -ie '(huawei)'", $usbmodemoutput); - mwexec("/bin/ps auxww|grep \"{$interface}\" |grep \"[3]gstats\" | awk '{print $2}' |xargs kill"); + exec("/usr/sbin/usbconfig | /usr/bin/egrep -ie '(huawei)'", $usbmodemoutput); + mwexec("/bin/ps auxww | /usr/bin/grep \"{$interface}\" | /usr/bin/grep \"[3]gstats\" | /usr/bin/awk '{print $2}' | /usr/bin/xargs kill"); foreach ($ports as $port) { if (preg_match("/huawei/i", implode("\n", $usbmodemoutput))) { $mondev = substr(basename($port), 0, -1); @@ -2653,29 +2657,8 @@ function interface_wireless_configure($if, &$wl, &$wlcfg) { $wlcmd[] = "-wme"; } - /* set up wep if enabled */ - $wepset = ""; - if (isset($wlcfg['wep']['enable']) && is_array($wlcfg['wep']['key'])) { - switch ($wlcfg['wpa']['auth_algs']) { - case "1": - $wepset .= "authmode open wepmode on "; - break; - case "2": - $wepset .= "authmode shared wepmode on "; - break; - case "3": - $wepset .= "authmode mixed wepmode on "; - } - $i = 1; - foreach ($wlcfg['wep']['key'] as $wepkey) { - $wepset .= "wepkey " . escapeshellarg("{$i}:{$wepkey['value']}") . " "; - if (isset($wepkey['txkey'])) { - $wlcmd[] = "weptxkey {$i} "; - } - $i++; - } - $wlcmd[] = $wepset; - } else if (isset($wlcfg['wpa']['enable'])) { + /* Enable wpa if it's configured. No WEP support anymore. */ + if (isset($wlcfg['wpa']['enable'])) { $wlcmd[] = "authmode wpa wepmode off "; } else { $wlcmd[] = "authmode open wepmode off "; @@ -2732,7 +2715,6 @@ ctrl_interface_group=wheel #macaddr_acl={$wlcfg['wpa']['macaddr_acl']} ssid={$wlcfg['ssid']} debug={$wlcfg['wpa']['debug_mode']} -auth_algs={$wlcfg['wpa']['auth_algs']} wpa={$wlcfg['wpa']['wpa_mode']} wpa_key_mgmt={$wlcfg['wpa']['wpa_key_mgmt']} wpa_pairwise={$wlcfg['wpa']['wpa_pairwise']} @@ -3294,57 +3276,55 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven } } - // Limit the MTU to 1500 if no explicit MTU configured - if ($wantedmtu == 0 && get_interface_mtu($mtuif) > 1500) { - $wantedmtu = 1500; + // Set the MTU to 1500 if no explicit MTU configured + if ($wantedmtu == 0) { + $wantedmtu = 1500; /* Default */ } - if ($wantedmtu != 0) { - if (stristr($mtuif, "_vlan")) { - $assignedparent = convert_real_interface_to_friendly_interface_name($mtuhwif); - if (!empty($assignedparent) && !empty($config['interfaces'][$assignedparent]['mtu'])) { - $parentmtu = $config['interfaces'][$assignedparent]['mtu']; - if ($wancfg['mtu'] > $parentmtu) { - log_error("There is a conflict on MTU between parent {$mtuhwif} and VLAN({$mtuif})"); - } - } else { - $parentmtu = 0; + if (stristr($mtuif, "_vlan")) { + $assignedparent = convert_real_interface_to_friendly_interface_name($mtuhwif); + if (!empty($assignedparent) && !empty($config['interfaces'][$assignedparent]['mtu'])) { + $parentmtu = $config['interfaces'][$assignedparent]['mtu']; + if ($wancfg['mtu'] > $parentmtu) { + log_error("There is a conflict on MTU between parent {$mtuhwif} and VLAN({$mtuif})"); } + } else { + $parentmtu = 0; + } - $parentmtu = interface_vlan_mtu_configured($mtuhwif, $parentmtu); + $parentmtu = interface_vlan_mtu_configured($mtuhwif, $parentmtu); - if (get_interface_mtu($mtuhwif) != $parentmtu) { - pfSense_interface_mtu($mtuhwif, $parentmtu); - } + if (get_interface_mtu($mtuhwif) != $parentmtu) { + pfSense_interface_mtu($mtuhwif, $parentmtu); + } - /* All vlans need to use the same mtu value as their parent. */ - interface_vlan_adapt_mtu(link_interface_to_vlans($mtuhwif), $parentmtu); - } else if (substr($mtuif, 0, 4) == 'lagg') { - /* LAGG interface must be destroyed and re-created to change MTU */ - if ($wantedmtu != get_interface_mtu($mtuif)) { - if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { - foreach ($config['laggs']['lagg'] as $lagg) { - if ($lagg['laggif'] == $mtuif) { - interface_lagg_configure($lagg); - break; - } + /* All vlans need to use the same mtu value as their parent. */ + interface_vlan_adapt_mtu(link_interface_to_vlans($mtuhwif), $parentmtu); + } else if (substr($mtuif, 0, 4) == 'lagg') { + /* LAGG interface must be destroyed and re-created to change MTU */ + if ($wantedmtu != get_interface_mtu($mtuif)) { + if (isset($config['laggs']['lagg']) && is_array($config['laggs']['lagg'])) { + foreach ($config['laggs']['lagg'] as $lagg) { + if ($lagg['laggif'] == $mtuif) { + interface_lagg_configure($lagg); + break; } } } - } else { - if ($wantedmtu != get_interface_mtu($mtuif)) { - pfSense_interface_mtu($mtuif, $wantedmtu); - } + } + } else { + if ($wantedmtu != get_interface_mtu($mtuif)) { + pfSense_interface_mtu($mtuif, $wantedmtu); + } - /* This case is needed when the parent of vlans is being configured */ - $vlans = link_interface_to_vlans($mtuif); - if (is_array($vlans)) { - interface_vlan_adapt_mtu($vlans, $wantedmtu); - } - unset($vlans); + /* This case is needed when the parent of vlans is being configured */ + $vlans = link_interface_to_vlans($mtuif); + if (is_array($vlans)) { + interface_vlan_adapt_mtu($vlans, $wantedmtu); } - /* XXX: What about gre/gif/.. ? */ + unset($vlans); } + /* XXX: What about gre/gif/.. ? */ switch ($wancfg['ipaddr']) { case 'dhcp': @@ -4473,7 +4453,7 @@ function convert_real_interface_to_friendly_interface_name($interface = "wan", $ if (stripos($interface, "_vip")) { foreach ($config['virtualip']['vip'] as $counter => $vip) { if ($vip['mode'] == "carp") { - if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") { + if ($interface == "_vip{$vip['uniqid']}") { return $vip['interface']; } } @@ -4546,7 +4526,7 @@ function convert_friendly_interface_to_friendly_descr($interface) { if (is_array($config['virtualip']['vip'])) { foreach ($config['virtualip']['vip'] as $counter => $vip) { if ($vip['mode'] == "carp") { - if ($interface == "{$vip['interface']}_vip{$vip['vhid']}") { + if ($interface == "_vip{$vip['uniqid']}") { return "{$vip['subnet']} - {$vip['descr']}"; } } @@ -4706,6 +4686,7 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface = case "openvpn": $wanif = "openvpn"; break; + case "IPsec": case "ipsec": case "enc0": $wanif = "enc0"; @@ -4715,7 +4696,7 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface = break; default: if (substr($interface, 0, 4) == '_vip') { - $wanif = get_configured_carp_interface_list($interface, '', 'iface'); + $wanif = get_configured_carp_interface_list($interface, $family, 'iface'); if (!empty($wanif)) { $wanif = get_real_interface($wanif, $family); } @@ -4899,7 +4880,7 @@ function find_virtual_ip_alias($ip, $bits = null) { * find_number_of_created_carp_interfaces: return the number of carp interfaces */ function find_number_of_created_carp_interfaces() { - return `/sbin/ifconfig | grep "carp:" | wc -l`; + return `/sbin/ifconfig | /usr/bin/grep "carp:" | /usr/bin/wc -l`; } /* @@ -5370,11 +5351,19 @@ function get_possible_listen_ips($include_ipv6_link_local=false) { /* XXX: Maybe use array_merge below? */ $carplist = get_configured_carp_interface_list(); foreach ($carplist as $cif => $carpip) { - $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; + if (get_vip_descr($carpip)) { + $interfaces[$cif] = $carpip . ' (' . get_vip_descr($carpip) . ')'; + } else { + $interfaces[$cif] = $carpip; + } } $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif) { - $interfaces[$aliasip] = $aliasip . ' (' . get_vip_descr($aliasip) . ')'; + if (get_vip_descr($aliasip)) { + $interfaces[$aliasip] = $aliasip . ' (' . get_vip_descr($aliasip) . ')'; + } else { + $interfaces[$aliasip] = $aliasip; + } } $interfaces['lo0'] = 'Localhost'; @@ -5401,17 +5390,16 @@ function get_possible_traffic_source_addresses($include_ipv6_link_local=false) { function get_interface_ip($interface = "wan") { - $realif = get_failover_interface($interface); + $realif = get_failover_interface($interface, 'inet'); if (!$realif) { return null; } - if (substr($realif, 0, 4) == '_vip') { - return get_configured_carp_interface_list($realif, 'inet', 'ip'); - } - - if (strstr($realif, "_vip")) { - return get_configured_carp_interface_list($realif); + if (substr($interface, 0, 4) == '_vip') { + return get_configured_carp_interface_list($interface, 'inet', 'ip'); + } else if (substr($interface, 0, 5) == '_lloc') { + /* No link-local address for v4. */ + return null; } $curip = find_interface_ip($realif); @@ -5430,9 +5418,9 @@ function get_interface_ipv6($interface = "wan", $flush = false) { return null; } - if (substr($realif, 0, 4) == '_vip') { - return get_configured_carp_interface_list($realif, 'inet6', 'ip'); - } else if (substr($realif, 0, 5) == '_lloc') { + if (substr($interface, 0, 4) == '_vip') { + return get_configured_carp_interface_list($interface, 'inet6', 'ip'); + } else if (substr($interface, 0, 5) == '_lloc') { return get_interface_linklocal($interface); } diff --git a/src/etc/inc/ipsec.auth-user.php b/src/etc/inc/ipsec.auth-user.php index 2589598..a504d11 100755 --- a/src/etc/inc/ipsec.auth-user.php +++ b/src/etc/inc/ipsec.auth-user.php @@ -31,10 +31,6 @@ */ /* - pfSense_BUILDER_BINARIES: - pfSense_MODULE: openvpn -*/ -/* * ipsec calls this script to authenticate a user * based on a username and password. We lookup these * in our config.xml file and check the credentials. @@ -123,13 +119,13 @@ if (($strictusercn === true) && ($common_name != $username)) { $attributes = array(); foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); - if (!$authcfg && $authmode != "local") { + if (!$authcfg && $authmode != "Local Database") { continue; } $authenticated = authenticate_user($username, $password, $authcfg, $attributes); if ($authenticated == true) { - if (stristr($authmode, "local")) { + if ($authmode == "Local Database") { $user = getUserEntry($username); if (!is_array($user) || !userHasPrivilege($user, "user-ipsec-xauth-dialin")) { $authenticated = false; diff --git a/src/etc/inc/ipsec.inc b/src/etc/inc/ipsec.inc index 6654166..b1e8c19 100644 --- a/src/etc/inc/ipsec.inc +++ b/src/etc/inc/ipsec.inc @@ -28,10 +28,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_BUILDER_BINARIES: /sbin/setkey /sbin/route - pfSense_MODULE: ipsec - */ /* IPsec defines */ @@ -42,6 +38,36 @@ $ipsec_loglevels = array("dmn" => "Daemon", "mgr" => "SA Manager", "ike" => "IKE "imc" => "Integrity checker", "imv" => "Integrity Verifier", "pts" => "Platform Trust Service", "tls" => "TLS handler", "esp" => "IPsec traffic", "lib" => "StrongSwan Lib"); +global $ipsec_log_sevs; +$ipsec_log_sevs = array( + '-1' => 'Silent', + '0' => 'Audit', + '1' => 'Control', + '2' => 'Diag', + '3' => 'Raw', + '4' => 'Highest' +); + +global $ipsec_log_cats; +$ipsec_log_cats = array( + "dmn" => "Daemon", + "mgr" => "SA Manager", + "ike" => "IKE SA", + "chd" => "IKE Child SA", + "job" => "Job Processing", + "cfg" => "Configuration backend", + "knl" => "Kernel Interface", + "net" => "Networking", + "asn" => "ASN encoding", + "enc" => "Message encoding", + "imc" => "Integrity checker", + "imv" => "Integrity Verifier", + "pts" => "Platform Trust Service", + "tls" => "TLS handler", + "esp" => "IPsec traffic", + "lib" => "StrongSwan Lib" +); + global $my_identifier_list; $my_identifier_list = array( 'myaddress' => array('desc' => gettext('My IP address'), 'mobile' => true), @@ -70,13 +96,9 @@ $ipsec_idhandling = array( global $p1_ealgos; $p1_ealgos = array( 'aes' => array('name' => 'AES', 'keysel' => array('lo' => 128, 'hi' => 256, 'step' => 64)), - 'aes128gcm' => array('name' => 'AES128-GCM', 'keysel' => array('lo' => 64, 'hi' => 128, 'step' => 32)), - 'aes192gcm' => array('name' => 'AES192-GCM', 'keysel' => array('lo' => 64, 'hi' => 128, 'step' => 32)), - 'aes256gcm' => array('name' => 'AES256-GCM', 'keysel' => array('lo' => 64, 'hi' => 128, 'step' => 32)), 'blowfish' => array('name' => 'Blowfish', 'keysel' => array('lo' => 128, 'hi' => 256, 'step' => 64)), '3des' => array('name' => '3DES'), - 'cast128' => array('name' => 'CAST128'), - 'des' => array('name' => 'DES')); + 'cast128' => array('name' => 'CAST128')); global $p2_ealgos; $p2_ealgos = array( @@ -86,8 +108,7 @@ $p2_ealgos = array( 'aes256gcm' => array('name' => 'AES256-GCM', 'keysel' => array('lo' => 64, 'hi' => 128, 'step' => 32)), 'blowfish' => array('name' => 'Blowfish', 'keysel' => array('lo' => 128, 'hi' => 256, 'step' => 64)), '3des' => array('name' => '3DES'), - 'cast128' => array('name' => 'CAST128'), - 'des' => array('name' => 'DES')); + 'cast128' => array('name' => 'CAST128')); global $p1_halgos; $p1_halgos = array( @@ -177,6 +198,29 @@ $p2_pfskeygroups = array( 30 => '30 (brainpool ecp512)' ); +function ipsec_enabled() { + global $config; + + if (!isset($config['ipsec']) || !is_array($config['ipsec'])) { + return false; + } + + /* Check if we have at least one phase 1 entry. */ + if (!isset($config['ipsec']['phase1']) || + !is_array($config['ipsec']['phase1']) || + empty($config['ipsec']['phase1'])) { + return false; + } + /* Check if at least one phase 1 entry is enabled. */ + foreach ($config['ipsec']['phase1'] as $phase1) { + if (!isset($phase1['disabled'])) { + return true; + } + } + + return false; +} + /* * ikeid management functions */ @@ -426,51 +470,16 @@ function ipsec_phase2_status(&$ipsec_status, &$phase2) { return false; } -function ipsec_smp_dump_status() { - global $config, $g, $custom_listtags; - - if (isset($config['ipsec']['enable'])) { - if (!file_exists("{$g['varrun_path']}/charon.xml")) { - log_error("IPsec daemon not running or has a problem!"); - return; - } - } else { - return; - } - - $fd = @fsockopen("unix://{$g['varrun_path']}/charon.xml"); - if (!$fd) { - log_error("Could not read status from IPsec"); - return; - } - $query = '<?xml version="1.0"?><message xmlns="http://www.strongswan.org/smp/1.0" type="request" id="1">'; - $query .= '<query><ikesalist/></query></message>'; - - @fwrite($fd, $query); - $response = ""; - while (!strstr($sread, "</message>")) { - $sread = fgets($fd); - if ($sread === false) { - break; - } - $response .= $sread; - } - fclose($fd); +/* + * Wrapper to call pfSense_ipsec_list_sa() when IPsec is enabled + */ +function ipsec_list_sa() { - if ($sread === false) { - log_error("Error during reading of status from IPsec"); - return; + if (ipsec_enabled()) { + return pfSense_ipsec_list_sa(); } - @file_put_contents("{$g['tmp_path']}/smp_status.xml", $response); - unset($response, $sread); - - $custom_listtags = array('ikesa', 'childsa', 'network', 'auth'); - $response = parse_xml_config("{$g['tmp_path']}/smp_status.xml", "message"); - @unlink("{$g['tmp_path']}/smp_status.xml"); - unset($custom_listtags); - - return $response; + return array(); } /* @@ -584,24 +593,52 @@ function ipsec_dump_sad() { * Return dump of mobile user list */ function ipsec_dump_mobile() { - global $g, $custom_listtags; + global $g; - $_gb = exec("/usr/local/sbin/ipsec stroke leases > {$g['tmp_path']}/strongswan_leases.xml"); + $_gb = exec("/usr/local/sbin/ipsec leases 2>/dev/null", $output, $rc); - if (!file_exists("{$g['tmp_path']}/strongswan_leases.xml")) { + if ($rc != 0) { log_error(gettext("Unable to find IPsec daemon leases file. Could not display mobile user stats!")); return array(); } - /* This is needed for fixing #4130 */ - if (filesize("{$g['tmp_path']}/strongswan_leases.xml") < 200) { - return array(); + $response = array(); + $id = -1; + + /* Leases in pool '10.7.200.0/24', usage: 1/254, 1 online */ + $lease_regex='/^Leases *in *pool *\'(?P<name>.+)\', *usage: *(?P<usage>\d+)\/(?P<size>\d+), *(?P<online>\d+) *online/'; + /* 10.7.200.1 online 'jimp' */ + $pool_regex='/\s*(?P<host>[\d\.]+)\s+(?P<status>online|offline)\s+\'(?P<id>.*)\'/'; + /* no matching leases found */ + $nopool_regex='/no *matching *leases *found/'; + + $lease=false; + foreach ($output as $line) { + if (preg_match($lease_regex, $line, $matches)) { + $id++; + $response['pool'][$id] = array( + 'name' => $matches['name'], + 'usage' => $matches['usage'], + 'size' => $matches['size'], + 'online' => $matches['online'], + ); + $lease=true; + } else if ($lease) { + if (preg_match($nopool_regex, $line)) { + $response['pool'][$id]['lease'][] = array(); + $lease=false; + } else if (preg_match($pool_regex, $line, $matches)) { + $response['pool'][$id]['lease'][] = array( + 'host' => $matches['host'], + 'status' => $matches['status'], + 'id' => $matches['id'] + ); + } + } } - $custom_listtags = array('lease', 'pool'); - $response = parse_xml_config("{$g['tmp_path']}/strongswan_leases.xml", "leases"); - @unlink("{$g['tmp_path']}/strongswan_leases.xml"); - unset($custom_listtags, $_gb); + unset($_gb, $lease, $output, $rc, $id, $lease_regex, $pool_regex, + $nopool_regex); return $response; } diff --git a/src/etc/inc/itemid.inc b/src/etc/inc/itemid.inc index c698cfa..1cbe34a 100644 --- a/src/etc/inc/itemid.inc +++ b/src/etc/inc/itemid.inc @@ -1,10 +1,6 @@ <?php /* - pfSense_MODULE: utils -*/ - -/* Copyright (C) 2009 Janne Enberg <janne.enberg@lietu.net> All rights reserved. @@ -105,4 +101,4 @@ function get_unique_id() { return uniqid("nat_", true); } -?>
\ No newline at end of file +?> diff --git a/src/etc/inc/led.inc b/src/etc/inc/led.inc index a08eef4..241d013 100644 --- a/src/etc/inc/led.inc +++ b/src/etc/inc/led.inc @@ -7,10 +7,6 @@ * LED control library that wraps around the functionality of led(4) * */ -/* - pfSense_BUILDER_BINARIES: /bin/echo - pfSense_MODULE: utils -*/ $led_root = "/dev/led/led"; @@ -353,4 +349,4 @@ function char_to_morse($char) { } } -?>
\ No newline at end of file +?> diff --git a/src/etc/inc/meta.inc b/src/etc/inc/meta.inc index ac8bdfc..28bf408 100644 --- a/src/etc/inc/meta.inc +++ b/src/etc/inc/meta.inc @@ -23,9 +23,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_MODULE: utils - */ /* diff --git a/src/etc/inc/notices.inc b/src/etc/inc/notices.inc index 0a1657c..92f74a1 100644 --- a/src/etc/inc/notices.inc +++ b/src/etc/inc/notices.inc @@ -32,11 +32,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - pfSense_BUILDER_BINARIES: /bin/echo - pfSense_MODULE: notifications -*/ - require_once("globals.inc"); require_once("led.inc"); diff --git a/src/etc/inc/openvpn.attributes.php b/src/etc/inc/openvpn.attributes.php index 467d691..4da9f0d 100644 --- a/src/etc/inc/openvpn.attributes.php +++ b/src/etc/inc/openvpn.attributes.php @@ -128,7 +128,7 @@ function parse_cisco_acl($attribs) { $isblock = false; } } else if (trim($rule[$index]) == "any") { - $tmprule .= "from any"; + $tmprule .= "from any "; $index++; } else { $tmprule .= "from {$rule[$index]}"; diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php index 0f6864b..a95051d 100644 --- a/src/etc/inc/openvpn.auth-user.php +++ b/src/etc/inc/openvpn.auth-user.php @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* openvpn.auth-user.php @@ -32,10 +31,6 @@ */ /* - pfSense_BUILDER_BINARIES: - pfSense_MODULE: openvpn -*/ -/* * OpenVPN calls this script to authenticate a user * based on a username and password. We lookup these * in our config.xml file and check the credentials. @@ -118,7 +113,7 @@ if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) { $authenticated = false; -if (($strictusercn === true) && ($common_name != $username)) { +if (($strictusercn === true) && (mb_strtolower($common_name) !== mb_strtolower($username))) { syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n"); if (isset($_GET['username'])) { echo "FAILED"; @@ -145,7 +140,7 @@ if (!is_array($authmodes)) { $attributes = array(); foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); - if (!$authcfg && $authmode != "local") { + if (!$authcfg && $authmode != "Local Database") { continue; } diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc index c163294..9dc83c5 100644 --- a/src/etc/inc/openvpn.inc +++ b/src/etc/inc/openvpn.inc @@ -37,12 +37,8 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - - pfSense_BUILDER_BINARIES: /usr/local/sbin/openvpn /usr/bin/openssl /sbin/ifconfig - pfSense_MODULE: openvpn - */ + require_once('config.inc'); require_once("certs.inc"); require_once('pfsense-utils.inc'); @@ -104,6 +100,9 @@ $openvpn_server_modes = array( 'server_user' => gettext("Remote Access ( User Auth )"), 'server_tls_user' => gettext("Remote Access ( SSL/TLS + User Auth )")); +global $openvpn_tls_server_modes; +$openvpn_tls_server_modes = array('p2p_tls', 'server_tls', 'server_user', 'server_tls_user'); + global $openvpn_client_modes; $openvpn_client_modes = array( 'p2p_tls' => gettext("Peer to Peer ( SSL/TLS )"), @@ -116,6 +115,165 @@ $openvpn_compression_modes = array( 'adaptive' => gettext("Enabled with Adaptive Compression"), 'yes' => gettext("Enabled without Adaptive Compression")); +global $openvpn_topologies; +$openvpn_topologies = array( + 'subnet' => gettext("Subnet -- One IP address per client in a common subnet"), + 'net30' => gettext("net30 -- Isolated /30 network per client") +// 'p2p => gettext("Peer to Peer -- One IP address per client peer-to-peer style. Does not work on Windows.") +); + +function openvpn_build_mode_list() { + global $openvpn_server_modes; + + $list = array(); + + foreach ($openvpn_server_modes as $name => $desc) { + $list[$name] = $desc; + } + + return($list); +} + +function openvpn_build_if_list() { + $list = array(); + + $interfaces = get_configured_interface_with_descr(); + $carplist = get_configured_carp_interface_list(); + + foreach ($carplist as $cif => $carpip) { + $interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; + } + + $aliaslist = get_configured_ip_aliases_list(); + + foreach ($aliaslist as $aliasip => $aliasif) { + $interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } + + $grouplist = return_gateway_groups_array(); + + foreach ($grouplist as $name => $group) { + if ($group['ipprotocol'] != inet) { + continue; + } + + if ($group[0]['vip'] != "") { + $vipif = $group[0]['vip']; + } else { + $vipif = $group[0]['int']; + } + + $interfaces[$name] = "GW Group {$name}"; + } + + $interfaces['lo0'] = "Localhost"; + $interfaces['any'] = "any"; + + foreach ($interfaces as $iface => $ifacename) { + $list[$iface] = $ifacename; + } + + return($list); +} + +function openvpn_build_crl_list() { + global $a_crl; + + $list = array('' => 'None'); + + foreach ($a_crl as $crl) { + $caname = ""; + $ca = lookup_ca($crl['caref']); + + if ($ca) { + $caname = " (CA: {$ca['descr']})"; + } + + $list[$crl['refid']] = $crl['descr'] . $caname; + } + + return($list); +} + +function openvpn_build_cert_list($include_none = false, $prioritize_server_certs = false) { + global $a_cert; + + if ($include_none) { + $list = array('' => 'None (Username and/or Password required)'); + } else { + $list = array(); + } + + $non_server_list = array(); + + if ($prioritize_server_certs) { + $list[' '] = "===== Server Certificates ====="; + $non_server_list[' '] = "===== Non-Server Certificates ====="; + } + + foreach ($a_cert as $cert) { + $properties = array(); + $propstr = ""; + $ca = lookup_ca($cert['caref']); + $purpose = cert_get_purpose($cert['crt'], true); + + if ($purpose['server'] == "Yes") { + $properties[] = "Server: Yes"; + } elseif ($prioritize_server_certs) { + $properties[] = "Server: NO"; + } + if ($ca) { + $properties[] = "CA: {$ca['descr']}"; + } + if (cert_in_use($cert['refid'])) { + $properties[] = "In Use"; + } + if (is_cert_revoked($cert)) { + $properties[] = "Revoked"; + } + + if (!empty($properties)) { + $propstr = " (" . implode(", ", $properties) . ")"; + } + + if ($prioritize_server_certs) { + if ($purpose['server'] == "Yes") { + $list[$cert['refid']] = $cert['descr'] . $propstr; + } else { + $non_server_list[$cert['refid']] = $cert['descr'] . $propstr; + } + } else { + $list[$cert['refid']] = $cert['descr'] . $propstr; + } + } + + return(array('server' => $list, 'non-server' => $non_server_list)); +} + +function openvpn_build_bridge_list() { + $list = array(); + + $serverbridge_interface['none'] = "none"; + $serverbridge_interface = array_merge($serverbridge_interface, get_configured_interface_with_descr()); + $carplist = get_configured_carp_interface_list(); + + foreach ($carplist as $cif => $carpip) { + $serverbridge_interface[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")"; + } + + $aliaslist = get_configured_ip_aliases_list(); + + foreach ($aliaslist as $aliasip => $aliasif) { + $serverbridge_interface[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")"; + } + + foreach ($serverbridge_interface as $iface => $ifacename) { + $list[$iface] = htmlspecialchars($ifacename); + } + + return($list); +} + function openvpn_create_key() { $fp = popen("/usr/local/sbin/openvpn --genkey --secret /dev/stdout 2>/dev/null", "r"); @@ -454,7 +612,7 @@ function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive, $opt = "") } function openvpn_reconfigure($mode, $settings) { - global $g, $config; + global $g, $config, $openvpn_tls_server_modes; if (empty($settings)) { return; @@ -615,7 +773,7 @@ function openvpn_reconfigure($mode, $settings) { // See ticket #1417 if (!empty($ip) && !empty($mask) && ($cidr < 30)) { $conf .= "server {$ip} {$mask}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc/server{$vpnid}\n"; if (is_ipaddr($ipv6)) { $conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; } @@ -646,7 +804,7 @@ function openvpn_reconfigure($mode, $settings) { if (is_ipaddr($ipv6)) { $conf .= "server-ipv6 {$ipv6}/{$prefix}\n"; } - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc/server{$vpnid}\n"; } else { if ($settings['serverbridge_dhcp']) { if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) { @@ -654,7 +812,7 @@ function openvpn_reconfigure($mode, $settings) { $biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface'])); if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) { $conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n"; - $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n"; + $conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc/server{$vpnid}\n"; } else { $conf .= "mode server\n"; } @@ -883,8 +1041,11 @@ function openvpn_reconfigure($mode, $settings) { $conf .= "float\n"; } - if ($settings['topology_subnet']) { - $conf .= "topology subnet\n"; + if (in_array($settings['mode'], $openvpn_tls_server_modes)) { + if (empty($settings['topology'])) { + $settings['topology'] = "subnet"; + } + $conf .= "topology {$settings['topology']}\n"; } // New client features @@ -1016,29 +1177,23 @@ function openvpn_delete($mode, & $settings) { @array_map('unlink', glob("{$g['varetc_path']}/openvpn/{$mode_id}.*")); } -function openvpn_cleanup_csc($common_name) { - global $g, $config; - if (empty($common_name)) { - return; - } - $fpath = "{$g['varetc_path']}/openvpn-csc/" . basename($common_name); - if (is_file($fpath)) { - unlink_if_exists($fpath); - } - return; -} - function openvpn_resync_csc(& $settings) { - global $g, $config; + global $g, $config, $openvpn_tls_server_modes; - $fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name']; + $csc_base_path = "{$g['varetc_path']}/openvpn-csc"; if (isset($settings['disable'])) { - unlink_if_exists($fpath); + openvpn_delete_csc($settings); return; } openvpn_create_dirs(); + if (empty($settings['server_list'])) { + $csc_server_list = array(); + } else { + $csc_server_list = explode(",", $settings['server_list']); + } + $conf = ''; if ($settings['block']) { $conf .= "disable\n"; @@ -1048,19 +1203,6 @@ function openvpn_resync_csc(& $settings) { $conf .= "push-reset\n"; } - if (!empty($settings['tunnel_network'])) { - list($ip, $mask) = explode('/', $settings['tunnel_network']); - $baselong = ip2long32($ip) & gen_subnet_mask_long($mask); - $serverip = long2ip32($baselong + 1); - $clientip = long2ip32($baselong + 2); - /* Because this is being pushed, the order from the client's point of view. */ - if ($settings['dev_mode'] != 'tap') { - $conf .= "ifconfig-push {$clientip} {$serverip}\n"; - } else { - $conf .= "ifconfig-push {$clientip} {$mask}\n"; - } - } - if ($settings['local_network']) { $conf .= openvpn_gen_routes($settings['local_network'], "ipv4", true); } @@ -1084,17 +1226,61 @@ function openvpn_resync_csc(& $settings) { } openvpn_add_custom($settings, $conf); - - file_put_contents($fpath, $conf); - chown($fpath, 'nobody'); - chgrp($fpath, 'nobody'); + /* Loop through servers, find which ones can use this CSC */ + if (is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as $serversettings) { + if (isset($serversettings['disable'])) { + continue; + } + if (in_array($serversettings['mode'], $openvpn_tls_server_modes)) { + if ($serversettings['vpnid'] && (empty($csc_server_list) || in_array($serversettings['vpnid'], $csc_server_list))) { + $csc_path = "{$csc_base_path}/server{$serversettings['vpnid']}/" . basename($settings['common_name']); + $csc_conf = $conf; + + if (!empty($serversettings['tunnel_network']) && !empty($settings['tunnel_network'])) { + list($ip, $mask) = explode('/', $settings['tunnel_network']); + if (($serversettings['dev_mode'] == 'tap') || ($serversettings['topology'] == "subnet")) { + $csc_conf .= "ifconfig-push {$ip} " . gen_subnet_mask($mask) . "\n"; + } else { + /* Because this is being pushed, the order from the client's point of view. */ + $baselong = ip2long32($ip) & gen_subnet_mask_long($mask); + $serverip = long2ip32($baselong + 1); + $clientip = long2ip32($baselong + 2); + $csc_conf .= "ifconfig-push {$clientip} {$serverip}\n"; + } + } + file_put_contents($csc_path, $csc_conf); + chown($csc_path, 'nobody'); + chgrp($csc_path, 'nobody'); + } + } + } + } } function openvpn_delete_csc(& $settings) { - global $g, $config; + global $g, $config, $openvpn_tls_server_modes; + $csc_base_path = "{$g['varetc_path']}/openvpn-csc"; + if (empty($settings['server_list'])) { + $csc_server_list = array(); + } else { + $csc_server_list = explode(",", $settings['server_list']); + } - $fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name']; - unlink_if_exists($fpath); + /* Loop through servers, find which ones used this CSC */ + if (is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as $serversettings) { + if (isset($serversettings['disable'])) { + continue; + } + if (in_array($serversettings['mode'], $openvpn_tls_server_modes)) { + if ($serversettings['vpnid'] && (empty($csc_server_list) || in_array($serversettings['vpnid'], $csc_server_list))) { + $csc_path = "{$csc_base_path}/server{$serversettings['vpnid']}/" . basename($settings['common_name']); + unlink_if_exists($csc_path); + } + } + } + } } // Resync the configuration and restart the VPN @@ -1425,6 +1611,42 @@ function openvpn_get_client_status($client, $socket) { return $client; } +function openvpn_kill_client($port, $remipp) { + global $g; + + //$tcpsrv = "tcp://127.0.0.1:{$port}"; + $tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$port}.sock"; + $errval = null; + $errstr = null; + + /* open a tcp connection to the management port of each server */ + $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); + $killed = -1; + if ($fp) { + stream_set_timeout($fp, 1); + fputs($fp, "kill {$remipp}\n"); + while (!feof($fp)) { + $line = fgets($fp, 1024); + + $info = stream_get_meta_data($fp); + if ($info['timed_out']) { + break; + } + + /* parse header list line */ + if (strpos($line, "INFO:") !== false) { + continue; + } + if (strpos($line, "SUCCESS") !== false) { + $killed = 0; + } + break; + } + fclose($fp); + } + return $killed; +} + function openvpn_refresh_crls() { global $g, $config; @@ -1458,13 +1680,27 @@ function openvpn_refresh_crls() { } function openvpn_create_dirs() { - global $g; + global $g, $config, $openvpn_tls_server_modes; if (!is_dir("{$g['varetc_path']}/openvpn")) { safe_mkdir("{$g['varetc_path']}/openvpn", 0750); } if (!is_dir("{$g['varetc_path']}/openvpn-csc")) { safe_mkdir("{$g['varetc_path']}/openvpn-csc", 0750); } + + /* Check for enabled servers and create server-specific CSC dirs */ + if (is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as $settings) { + if (isset($settings['disable'])) { + continue; + } + if (in_array($settings['mode'], $openvpn_tls_server_modes)) { + if ($settings['vpnid']) { + safe_mkdir("{$g['varetc_path']}/openvpn-csc/server{$settings['vpnid']}"); + } + } + } + } } function openvpn_get_interface_ip($ip, $mask) { diff --git a/src/etc/inc/openvpn.tls-verify.php b/src/etc/inc/openvpn.tls-verify.php index 9e21342..ea17207 100644 --- a/src/etc/inc/openvpn.tls-verify.php +++ b/src/etc/inc/openvpn.tls-verify.php @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* openvpn.tls-verify.php @@ -31,10 +30,6 @@ */ /* - pfSense_BUILDER_BINARIES: - pfSense_MODULE: openvpn -*/ -/* * OpenVPN calls this script to validate a certificate * This script is called ONCE per DEPTH of the certificate chain * Normal operation would have two runs - one for the server certificate diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc index 4eefaa0..1041dec 100644 --- a/src/etc/inc/pfsense-utils.inc +++ b/src/etc/inc/pfsense-utils.inc @@ -31,13 +31,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - pfSense_BUILDER_BINARIES: /sbin/ifconfig /sbin/pfctl /usr/local/bin/php-cgi /usr/bin/netstat - pfSense_BUILDER_BINARIES: /bin/df /usr/bin/grep /usr/bin/awk /bin/rm /usr/sbin/pwd_mkdb /usr/bin/host - pfSense_BUILDER_BINARIES: /sbin/kldload - pfSense_MODULE: utils -*/ - /****f* pfsense-utils/have_natpfruleint_access * NAME * have_natpfruleint_access @@ -405,21 +398,35 @@ function convert_ip_to_network_format($ip, $subnet) { * get_carp_interface_status($carpinterface): returns the status of a carp ip */ function get_carp_interface_status($carpinterface) { + global $config; - $interface = get_real_interface($interface); - $carp_query = ''; - $_gb = exec("/sbin/ifconfig $interface | /usr/bin/grep -v grep | /usr/bin/grep carp: | /usr/bin/head -n 1", $carp_query); - foreach ($carp_query as $int) { - if (stripos($int, "MASTER")) { - return "MASTER"; + foreach ($config['virtualip']['vip'] as $carp) { + if ($carp['mode'] != "carp") { + continue; } - if (stripos($int, "BACKUP")) { - return "BACKUP"; + $carpif = "_vip{$carp['uniqid']}"; + if ($carpinterface !== $carpif) { + continue; } - if (stripos($int, "INIT")) { - return "INIT"; + + $interface = get_real_interface($carp['interface']); + $vhid = $carp['vhid']; + $carp_query = ''; + $_gb = exec("/sbin/ifconfig $interface | /usr/bin/grep carp: | /usr/bin/grep \"vhid $vhid\"", $carp_query); + foreach ($carp_query as $int) { + if (stripos($int, "MASTER")) { + return "MASTER"; + } + if (stripos($int, "BACKUP")) { + return "BACKUP"; + } + if (stripos($int, "INIT")) { + return "INIT"; + } } + break; } + return; } @@ -618,50 +625,6 @@ function merge_config_section($section_name, $new_contents) { } /* - * http_post($server, $port, $url, $vars): does an http post to a web server - * posting the vars array. - * written by nf@bigpond.net.au - */ -function http_post($server, $port, $url, $vars) { - $user_agent = "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"; - $urlencoded = ""; - while (list($key, $value) = each($vars)) { - $urlencoded .= urlencode($key) . "=" . urlencode($value) . "&"; - } - $urlencoded = substr($urlencoded, 0, -1); - $content_length = strlen($urlencoded); - $headers = "POST $url HTTP/1.1 -Accept: */* -Accept-Language: en-au -Content-Type: application/x-www-form-urlencoded -User-Agent: $user_agent -Host: $server -Connection: Keep-Alive -Cache-Control: no-cache -Content-Length: $content_length - -"; - - $errno = ""; - $errstr = ""; - $fp = fsockopen($server, $port, $errno, $errstr); - if (!$fp) { - return false; - } - - fputs($fp, $headers); - fputs($fp, $urlencoded); - - $ret = ""; - while (!feof($fp)) { - $ret .= fgets($fp, 1024); - } - fclose($fp); - - return $ret; -} - -/* * php_check_syntax($code_tocheck, $errormessage): checks $code_to_check for errors */ if (!function_exists('php_check_syntax')) { @@ -740,103 +703,6 @@ function rmdir_recursive($path, $follow_links=false) { } /* - * call_pfsense_method(): Call a method exposed by the pfsense.org XMLRPC server. - */ -function call_pfsense_method($method, $params, $timeout = 0) { - global $g, $config; - - $xmlrpc_base_url = get_active_xml_rpc_base_url(); - $xmlrpc_path = $g['xmlrpcpath']; - - $xmlrpcfqdn = preg_replace("(https?://)", "", $xmlrpc_base_url); - $ip = gethostbyname($xmlrpcfqdn); - if ($ip == $xmlrpcfqdn) { - return false; - } - - $msg = new XML_RPC_Message($method, array(XML_RPC_Encode($params))); - $port = 0; - $proxyurl = ""; - $proxyport = 0; - $proxyuser = ""; - $proxypass = ""; - if (!empty($config['system']['proxyurl'])) { - $proxyurl = $config['system']['proxyurl']; - } - if (!empty($config['system']['proxyport']) && is_numeric($config['system']['proxyport'])) { - $proxyport = $config['system']['proxyport']; - } - if (!empty($config['system']['proxyuser'])) { - $proxyuser = $config['system']['proxyuser']; - } - if (!empty($config['system']['proxypass'])) { - $proxypass = $config['system']['proxypass']; - } - $cli = new XML_RPC_Client($xmlrpc_path, $xmlrpc_base_url, $port, $proxyurl, $proxyport, $proxyuser, $proxypass); - // If the ALT PKG Repo has a username/password set, use it. - if ($config['system']['altpkgrepo']['username'] && - $config['system']['altpkgrepo']['password']) { - $username = $config['system']['altpkgrepo']['username']; - $password = $config['system']['altpkgrepo']['password']; - $cli->setCredentials($username, $password); - } - $resp = $cli->send($msg, $timeout); - if (!is_object($resp)) { - log_error(sprintf(gettext("XMLRPC communication error: %s"), $cli->errstr)); - return false; - } elseif ($resp->faultCode()) { - log_error(sprintf(gettext('XMLRPC request failed with error %1$s: %2$s'), $resp->faultCode(), $resp->faultString())); - return false; - } else { - return XML_RPC_Decode($resp->value()); - } -} - -/* - * check_firmware_version(): Check whether the current firmware installed is the most recently released. - */ -function check_firmware_version($tocheck = "all", $return_php = true) { - global $g, $config; - - $xmlrpc_base_url = get_active_xml_rpc_base_url(); - $xmlrpcfqdn = preg_replace("(https?://)", "", $xmlrpc_base_url); - $ip = gethostbyname($xmlrpcfqdn); - if ($ip == $xmlrpcfqdn) { - return false; - } - $version = php_uname('r'); - $version = explode('-', $version); - $rawparams = array("firmware" => array("version" => $g['product_version']), - "kernel" => array("version" => $version[0]), - "base" => array("version" => $version[0]), - "platform" => trim(file_get_contents('/etc/platform')), - "config_version" => $config['version'] - ); - unset($version); - - if ($tocheck == "all") { - $params = $rawparams; - } else { - foreach ($tocheck as $check) { - $params['check'] = $rawparams['check']; - $params['platform'] = $rawparams['platform']; - } - } - if ($config['system']['firmware']['branch']) { - $params['branch'] = $config['system']['firmware']['branch']; - } - - /* XXX: What is this method? */ - if (!($versions = call_pfsense_method('pfsense.get_firmware_version', $params))) { - return false; - } else { - $versions["current"] = $params; - } - - return $versions; -} - -/* * host_firmware_version(): Return the versions used in this install */ function host_firmware_version($tocheck = "") { @@ -1436,7 +1302,7 @@ function get_interface_info($ifdescr) { } $usbmodemoutput = array(); - exec("usbconfig", $usbmodemoutput); + exec("/usr/sbin/usbconfig", $usbmodemoutput); $mondev = "{$g['tmp_path']}/3gstats.{$ifdescr}"; if (file_exists($mondev)) { $cellstats = file($mondev); @@ -1588,7 +1454,7 @@ function add_hostname_to_watch($hostname) { if ((is_fqdn($hostname)) && (!is_ipaddr($hostname))) { $domrecords = array(); $domips = array(); - exec("host -t A " . escapeshellarg($hostname), $domrecords, $rethost); + exec("/usr/bin/host -t A " . escapeshellarg($hostname), $domrecords, $rethost); if ($rethost == 0) { foreach ($domrecords as $domr) { $doml = explode(" ", $domr); @@ -1646,7 +1512,7 @@ function pfsense_default_tables_size() { function pfsense_default_table_entries_size() { $current = `pfctl -sm | grep table-entries | awk '{print $4};'`; - return $current; + return (trim($current)); } /* Compare the current hostname DNS to the DNS cache we made @@ -1665,7 +1531,7 @@ function compare_hostname_to_dnscache($hostname) { if ((is_fqdn($hostname)) && (!is_ipaddr($hostname))) { $domrecords = array(); $domips = array(); - exec("host -t A " . escapeshellarg($hostname), $domrecords, $rethost); + exec("/usr/bin/host -t A " . escapeshellarg($hostname), $domrecords, $rethost); if ($rethost == 0) { foreach ($domrecords as $domr) { $doml = explode(" ", $domr); @@ -1776,7 +1642,7 @@ function download_file($url, $destination, $verify_ssl = true, $connect_timeout curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); - if (!isset($config['system']['host_uuid'])) { + if (!isset($config['system']['do_not_send_host_uuid'])) { curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version'] . ' : ' . get_single_sysctl('kern.hostuuid')); } else { curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version']); @@ -1822,7 +1688,7 @@ function download_file_with_progress_bar($url_file, $destination_file, $readbody curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout); curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - if (!isset($config['system']['host_uuid'])) { + if (!isset($config['system']['do_not_send_host_uuid'])) { curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version'] . ' : ' . get_single_sysctl('kern.hostuuid')); } else { curl_setopt($ch, CURLOPT_USERAGENT, $g['product_name'] . '/' . $g['product_version']); @@ -1920,9 +1786,11 @@ function update_output_window($text) { $log = preg_replace("/\n/", "\\n", $text); if ($pkg_interface != "console") { ?> -<script> +<script type="text/javascript"> +//<![CDATA[ document.getElementById("output").textContent="<?=htmlspecialchars($log)?>"; document.getElementById("output").scrollTop = document.getElementById("output").scrollHeight; +//]]> </script> <?php } @@ -1935,10 +1803,9 @@ function update_output_window($text) { */ function update_status($status) { global $pkg_interface; + if ($pkg_interface == "console") { - echo "\r{$status}"; - } else { - echo '<script>document.getElementById("status").innerText="'. htmlspecialchars($status).'";</script>'; + print ("{$status}"); } /* ensure that contents are written out */ @@ -1954,7 +1821,11 @@ function update_progress_bar($percent, $first_time) { $percent = 1; } if ($pkg_interface <> "console") { - echo '<script>document.getElementById("progressbar").style.width="'. $percent.'%";</script>'; + echo '<script type="text/javascript">'; + echo "\n//<![CDATA[\n"; + echo 'document.getElementById("progressbar").style.width="'. $percent.'%"'; + echo "\n//]]>\n"; + echo '</script>'; } else { if (!($first_time)) { echo "\x08\x08\x08\x08\x08"; @@ -2372,7 +2243,7 @@ function nanobsd_switch_boot_slice() { $ABOOTFLASH = "{$BOOT_DRIVE}s{$AOLDSLICE}"; conf_mount_rw(); set_single_sysctl("kern.geom.debugflags", "16"); - exec("gpart set -a active -i {$ASLICE} {$BOOT_DRIVE}"); + exec("/sbin/gpart set -a active -i {$ASLICE} {$BOOT_DRIVE}"); exec("/usr/sbin/boot0cfg -s {$ASLICE} -v /dev/{$BOOT_DRIVE}"); // We can't update these if they are mounted now. if ($BOOTFLASH != $slice) { @@ -2424,7 +2295,7 @@ EOF; $status = false; } } else { - $status = exec("sed -i \"\" \"s/pfsense{$oldufs}/pfsense{$newufs}/g\" {$fstabpath}"); + $status = exec("/usr/bin/sed -i \"\" \"s/pfsense{$oldufs}/pfsense{$newufs}/g\" {$fstabpath}"); } exec("/sbin/umount {$tmppath}"); rmdir($tmppath); @@ -2820,7 +2691,7 @@ function where_is_ipaddr_configured($ipaddr, $ignore_if = "", $check_localip = f $interface_list_vips = get_configured_vips_list(true); foreach ($interface_list_vips as $id => $vip) { /* Skip CARP interfaces here since they were already checked above */ - if ($id == $ignore_vip_id || (substr($ignore_if, 0, 4) == '_vip') && substr($ignore_vip_if, 5) == $vip['uniqdid']) { + if ($id == $ignore_vip_id || (substr($ignore_if, 0, 4) == '_vip') && $ignore_vip_if === $vip['if']) { continue; } if (strcasecmp($ipaddr, $vip['ipaddr']) == 0) { @@ -2866,7 +2737,6 @@ function pfSense_handle_custom_code($src_dir) { } function set_language($lang = 'en_US', $encoding = "UTF-8") { - putenv("LANG={$lang}.{$encoding}"); setlocale(LC_ALL, "{$lang}.{$encoding}"); textdomain("pfSense"); bindtextdomain("pfSense", "/usr/local/share/locale"); @@ -2883,66 +2753,6 @@ function get_locale_list() { return $locales; } -function system_get_language_code() { - global $config, $g_languages; - - // a language code, as per [RFC3066] - $language = $config['system']['language']; - //$code = $g_languages[$language]['code']; - $code = str_replace("_", "-", $language); - - if (empty($code)) { - $code = "en-US"; // Set default code. - } - - return $code; -} - -function system_get_language_codeset() { - global $config, $g_languages; - - $language = $config['system']['language']; - $codeset = $g_languages[$language]['codeset']; - - if (empty($codeset)) { - $codeset = "UTF-8"; // Set default codeset. - } - - return $codeset; -} - -/* Available languages/locales */ -$g_languages = array ( - "sq" => array("codeset" => "UTF-8", "desc" => gettext("Albanian")), - "bg" => array("codeset" => "UTF-8", "desc" => gettext("Bulgarian")), - "zh_CN" => array("codeset" => "UTF-8", "desc" => gettext("Chinese (Simplified)")), - "zh_TW" => array("codeset" => "UTF-8", "desc" => gettext("Chinese (Traditional)")), - "nl" => array("codeset" => "UTF-8", "desc" => gettext("Dutch")), - "da" => array("codeset" => "UTF-8", "desc" => gettext("Danish")), - "en_US" => array("codeset" => "UTF-8", "desc" => gettext("English")), - "fi" => array("codeset" => "UTF-8", "desc" => gettext("Finnish")), - "fr" => array("codeset" => "UTF-8", "desc" => gettext("French")), - "de" => array("codeset" => "UTF-8", "desc" => gettext("German")), - "el" => array("codeset" => "UTF-8", "desc" => gettext("Greek")), - "hu" => array("codeset" => "UTF-8", "desc" => gettext("Hungarian")), - "it" => array("codeset" => "UTF-8", "desc" => gettext("Italian")), - "ja" => array("codeset" => "UTF-8", "desc" => gettext("Japanese")), - "ko" => array("codeset" => "UTF-8", "desc" => gettext("Korean")), - "lv" => array("codeset" => "UTF-8", "desc" => gettext("Latvian")), - "nb" => array("codeset" => "UTF-8", "desc" => gettext("Norwegian (Bokmal)")), - "pl" => array("codeset" => "UTF-8", "desc" => gettext("Polish")), - "pt_BR" => array("codeset" => "UTF-8", "desc" => gettext("Portuguese (Brazil)")), - "pt" => array("codeset" => "UTF-8", "desc" => gettext("Portuguese (Portugal)")), - "ro" => array("codeset" => "UTF-8", "desc" => gettext("Romanian")), - "ru" => array("codeset" => "UTF-8", "desc" => gettext("Russian")), - "sl" => array("codeset" => "UTF-8", "desc" => gettext("Slovenian")), - "tr" => array("codeset" => "UTF-8", "desc" => gettext("Turkish")), - "es" => array("codeset" => "UTF-8", "desc" => gettext("Spanish")), - "sv" => array("codeset" => "UTF-8", "desc" => gettext("Swedish")), - "sk" => array("codeset" => "UTF-8", "desc" => gettext("Slovak")), - "cs" => array("codeset" => "UTF-8", "desc" => gettext("Czech")) -); - function return_hex_ipv4($ipv4) { if (!is_ipaddrv4($ipv4)) { return(false); @@ -3133,7 +2943,7 @@ function get_pppoes_child_interfaces($ifpattern) { return; } - exec("ifconfig", $out, $ret); + exec("/sbin/ifconfig", $out, $ret); foreach ($out as $line) { if (preg_match("/^({$ifpattern}[0-9]+):/i", $line, $match)) { $if_arr[] = $match[1]; @@ -3183,15 +2993,4 @@ function pkg_call_plugins($plugin_type, $plugin_params) { return $results; } -/* Function to find and return the active XML RPC base URL to avoid code duplication */ -function get_active_xml_rpc_base_url() { - global $config, $g; - /* If the user has activated the option to enable an alternate xmlrpcbaseurl, and it's not empty, then use it */ - if (isset($config['system']['altpkgrepo']['enable']) && !empty($config['system']['altpkgrepo']['xmlrpcbaseurl'])) { - return $config['system']['altpkgrepo']['xmlrpcbaseurl']; - } else { - return $g['xmlrpcbaseurl']; - } -} - ?> diff --git a/src/etc/inc/pkg-utils.inc b/src/etc/inc/pkg-utils.inc index be7a533..426a043 100644 --- a/src/etc/inc/pkg-utils.inc +++ b/src/etc/inc/pkg-utils.inc @@ -1,15 +1,9 @@ <?php -/****h* pfSense/pkg-utils - NAME - pkg-utils.inc - Package subsystem - DESCRIPTION - This file contains various functions used by the pfSense package system. - HISTORY - $Id$ -*/ +/* + * pkg-utils.inc + */ /* ==================================================================== * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. - * Copyright (c) 2004, 2005 Scott Ullrich * Copyright (c) 2005-2006 Colin Smith (ethethlay@gmail.com) * * Redistribution and use in source and binary forms, with or without modification, @@ -59,11 +53,6 @@ * ==================================================================== * */ -/* - pfSense_BUILDER_BINARIES: /usr/bin/cd /usr/bin/tar /usr/sbin/fifolog_create /bin/chmod - pfSense_BUILDER_BINARIES: /usr/sbin/pkg_add /usr/sbin/pkg_info /usr/sbin/pkg_delete /bin/rm - pfSense_MODULE: pkg -*/ require_once("globals.inc"); require_once("service-utils.inc"); @@ -87,18 +76,13 @@ if (!function_exists("pkg_debug")) { if (!$fd_log) { if (!$fd_log = fopen("{$g['tmp_path']}/pkg_mgr_debug.log", "w")) { - update_output_window("Warning, could not open log for writing."); + update_status(gettext("Warning, could not open log for writing.") . "\n"); } } @fwrite($fd_log, $msg); } } -global $g; -if (!isset($g['platform'])) { - $g['platform'] = trim(file_get_contents("/etc/platform")); -} - /* Remove pkg_prefix from package name if it's present */ function pkg_remove_prefix(&$pkg_name) { global $g; @@ -108,33 +92,55 @@ function pkg_remove_prefix(&$pkg_name) { } } +/* Execute pkg update when it's necessary */ +function pkg_update($force = false) { + global $g; + + $now = strftime('%s'); + $last_update_file="{$g['varrun_path']}/{$g['product_name']}-upgrade-last-update"; + if (!$force) { + if (file_exists($last_update_file)) { + $last_update = rtrim(file_get_contents($last_update_file), "\n"); + if (!is_numericint($last_update)) { + $last_update = 0; + } + } + + if ($last_update > 0) { + if ($now > $last_update && ($now - $last_update) <= (60 * 60)) { + return true; + } + } + } + + $rc = pkg_call("update"); + + if ($rc) { + file_put_contents($last_update_file, $now . "\n"); + } + + return $rc; +} + /* Execute a pkg call */ function pkg_call($params, $mute = false) { - global $static_output, $g, $config; + global $g, $config; if (empty($params)) { return false; } $user_agent = $g['product_name'] . '/' . $g['product_version']; - if (!isset($config['system']['host_uuid'])) { + if (!isset($config['system']['do_not_send_host_uuid'])) { $user_agent .= ' : ' . get_single_sysctl('kern.hostuuid'); } $env = array( "HTTP_USER_AGENT" => $user_agent, - "ASSUME_ALWAYS_YES" => "true" + "ASSUME_ALWAYS_YES" => "true", + "REPO_AUTOUPDATE" => "false" ); - $debug_fifo = $g['tmp_path'] . "/pkg-debug.fifo"; - if (!file_exists($debug_fifo)) { - posix_mkfifo($debug_fifo, 0600); - } - - if (filetype($debug_fifo) == 'fifo') { - $env["EVENT_PIPE"] = $debug_fifo; - } - $descriptorspec = array( 1 => array("pipe", "w"), /* stdout */ 2 => array("pipe", "w") /* stderr */ @@ -170,8 +176,7 @@ function pkg_call($params, $mute = false) { } if ($pipe === $pipes[1]) { if (!$mute) { - $static_output .= $content; - update_output_window($static_output); + update_status($content); } flush(); } else if ($pipe === $pipes[2]) { @@ -184,7 +189,7 @@ function pkg_call($params, $mute = false) { $now = time(); - if(($now - $started) >= $maxwaittime) { + if (($now - $started) >= $maxwaittime) { $rc = -1; proc_terminate($process); break; @@ -196,7 +201,7 @@ function pkg_call($params, $mute = false) { fclose($pipes[2]); proc_close($process); - if(!isset($rc)) { + if (!isset($rc)) { $rc = $status['exitcode']; } @@ -207,8 +212,9 @@ function pkg_call($params, $mute = false) { pkg_debug("pkg_call(): error_log\n{$error_log}\n"); if (!$mute) { - $static_output .= "\n\n" . sprintf(gettext("ERROR!!! An error occurred on pkg execution (rc = %d) with parameters '%s':"), $rc, $params) . "\n" . $error_log; - update_output_window($static_output); + update_status("\n\n" . sprintf(gettext( + "ERROR!!! An error occurred on pkg execution (rc = %d) with parameters '%s':"), + $rc, $params) . "\n" . $error_log . "\n"); } return false; @@ -223,24 +229,16 @@ function pkg_exec($params, &$stdout, &$stderr) { } $user_agent = $g['product_name'] . '/' . $g['product_version']; - if (!isset($config['system']['host_uuid'])) { + if (!isset($config['system']['do_not_send_host_uuid'])) { $user_agent .= ' : ' . get_single_sysctl('kern.hostuuid'); } $env = array( "HTTP_USER_AGENT" => $user_agent, - "ASSUME_ALWAYS_YES" => "true" + "ASSUME_ALWAYS_YES" => "true", + "REPO_AUTOUPDATE" => "false" ); - $debug_fifo = $g['tmp_path'] . "/pkg-debug.fifo"; - if (!file_exists($debug_fifo)) { - posix_mkfifo($debug_fifo, 0600); - } - - if (filetype($debug_fifo) == 'fifo') { - $env["EVENT_PIPE"] = $debug_fifo; - } - $descriptorspec = array( 1 => array("pipe", "w"), /* stdout */ 2 => array("pipe", "w") /* stderr */ @@ -268,25 +266,53 @@ function pkg_exec($params, &$stdout, &$stderr) { return proc_close($process); } +/* Compare 2 pkg versions and return: + * '=' - versions are the same + * '>' - $v1 > $v2 + * '<' - $v1 < $v2 + * '?' - Error + */ +function pkg_version_compare($v1, $v2) { + if (empty($v1) || empty($v2)) { + return '?'; + } + + $rc = pkg_exec("version -t '{$v1}' '{$v2}'", $stdout, $stderr); + + if ($rc != 0) { + return '?'; + } + + return str_replace("\n", "", $stdout); +} + /* Check if package is installed */ function is_pkg_installed($pkg_name) { global $g; - pkg_remove_prefix($pkg_name); + if (empty($pkg_name)) { + return false; + } - return pkg_call("info -e " . $g['pkg_prefix'] . $pkg_name, true); + return pkg_call("info -e " . $pkg_name, true); } /* Install package, $pkg_name should not contain prefix */ -function pkg_install($pkg_name) { +function pkg_install($pkg_name, $force = false) { global $g; $result = false; - pkg_remove_prefix($pkg_name); + $shortname = $pkg_name; + pkg_remove_prefix($shortname); + + $pkg_force = ""; + if ($force) { + $pkg_force = "-f "; + } - pkg_debug("Installing package {$pkg_name}\n"); - if (!is_pkg_installed($pkg_name)) { - $result = pkg_call("install -y " . $g['pkg_prefix'] . $pkg_name); + pkg_debug("Installing package {$shortname}\n"); + if ($force || !is_pkg_installed($pkg_name)) { + $result = pkg_call("install -y " . $pkg_force . $pkg_name); /* Cleanup cacke to free disk space */ pkg_call("clean -y"); } @@ -298,11 +324,12 @@ function pkg_install($pkg_name) { function pkg_delete($pkg_name) { global $g; - pkg_remove_prefix($pkg_name); + $shortname = $pkg_name; + pkg_remove_prefix($shortname); - pkg_debug("Removing package {$pkg_name}\n"); + pkg_debug("Removing package {$shortname}\n"); if (is_pkg_installed($pkg_name)) { - pkg_call("delete -y " . $g['pkg_prefix'] . $pkg_name); + pkg_call("delete -y " . $pkg_name); /* Cleanup unecessary dependencies */ pkg_call("autoremove -y"); } @@ -323,7 +350,7 @@ function get_package_id($package_name) { foreach ($config['installedpackages']['package'] as $idx => $pkg) { if ($pkg['name'] == $package_name || - get_package_internal_name($pkg) == $package_name) { + get_package_internal_name($pkg) == $package_name) { return $idx; } } @@ -348,36 +375,44 @@ function get_package_internal_name($package_data) { // Get information about packages. function get_pkg_info($pkgs = 'all', $info = 'all') { - global $g, $static_output, $input_errors; + global $g, $input_errors; $out = ''; $err = ''; + unset($pkg_filter); + if (is_array($pkgs)) { + $pkg_filter = $pkgs; + $pkgs = 'all'; + } + if ($pkgs == 'all') { $pkgs = $g['pkg_prefix']; } - /* Make sure repo metadata is up2date */ - $static_output .= "\n" . gettext("Updating package repository metadada...") . "\n"; - update_status($static_output); - - if (!pkg_call("update")) { - $input_errors[] = gettext("ERROR: An error occurred when updating packages repository. Aborting...") . "\n"; - $static_output .= "\n" . gettext("ERROR: An error occurred when updating packages repository. Aborting...") . "\n"; - update_status($static_output); + update_status("\n" . + gettext("Updating package repository metadada...") . "\n"); + + if (!pkg_update()) { + $input_errors[] = gettext( + "ERROR: An error occurred when updating packages repository. Aborting...") + . "\n"; + update_status("\n" . gettext( + "ERROR: An error occurred when updating packages repository. Aborting...") + . "\n"); return array(); } - $rc = pkg_exec("search -U --raw-format json-compact " . $pkgs, $out, $err); if ($rc != 0) { - $static_output .= "\n" . gettext("ERROR: Error trying to get packages list. Aborting...") . "\n"; - $static_output .= $err; + update_status("\n" . gettext( + "ERROR: Error trying to get packages list. Aborting...") + . "\n"); + update_status($err); $input_errors[] = gettext("ERROR: Error trying to get packages list. Aborting...") . "\n"; $input_errors[] = $err; - update_status($static_output); return array(); } @@ -389,10 +424,49 @@ function get_pkg_info($pkgs = 'all', $info = 'all') { continue; } + if (isset($pkg_filter) && !in_array($pkg_info['name'], $pkg_filter)) { + continue; + } + + $pkg_info['shortname'] = $pkg_info['name']; + pkg_remove_prefix($pkg_info['shortname']); + + /* XXX: Add it to globals.inc? */ + $pkg_info['changeloglink'] = + "https://github.com/pfsense/FreeBSD-ports/commits/devel/" . + $pkg_info['categories'][0] . '/' . $pkg_info['name']; + + if (is_pkg_installed($pkg_info['name'])) { + $pkg_info['installed'] = true; + + $rc = pkg_exec("query %v {$pkg_info['name']}", $out, $err); + + if ($rc != 0) { + update_status("\n" . gettext( + "ERROR: Error trying to get package version. Aborting...") + . "\n"); + update_status($err); + $input_errors[] = gettext("ERROR: Error trying to get package version. Aborting...") . "\n"; + $input_errors[] = $err; + return array(); + } + + $pkg_info['installed_version'] = str_replace("\n", "", $out); + } else if (is_package_installed($pkg_info['shortname'])) { + $pkg_info['broken'] = true; + } + + $pkg_info['desc'] = preg_replace('/\n+WWW:.*$/', '', $pkg_info['desc']); + $result[] = $pkg_info; unset($pkg_info); } + /* Sort result alphabetically */ + usort($result, function($a, $b) { + return(strcasecmp ($a['name'], $b['name'])); + }); + return $result; } @@ -426,9 +500,7 @@ function resync_all_package_configs($show_message = false) { stop_service(get_package_internal_name($package)); } sync_package($package['name']); - if ($pkg_interface == "console") { - echo "\n" . gettext("Syncing packages:"); - } + update_status(gettext("Syncing packages...") . "\n"); } if ($show_message == true) { @@ -440,7 +512,7 @@ function resync_all_package_configs($show_message = false) { } function uninstall_package($package_name) { - global $config, $static_output; + global $config; $internal_name = $package_name; $id = get_package_id($package_name); @@ -448,17 +520,16 @@ function uninstall_package($package_name) { $internal_name = get_package_internal_name($config['installedpackages']['package'][$id]); stop_service($internal_name); } + $pkg_name = $g['pkg_prefix'] . $internal_name; - if (is_pkg_installed($internal_name)) { - $static_output .= "Removing package...\n"; - update_output_window($static_output); - pkg_delete($internal_name); + if (is_pkg_installed($pkg_name)) { + update_status(gettext("Removing package...") . "\n"); + pkg_delete($pkg_name); } else { delete_package_xml($package_name); } - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); } /* Run <custom_php_resync_config_command> */ @@ -543,6 +614,28 @@ function read_package_config($package_name) { return $pkg_info['package'][0]; } +/* Read package configurationfile and return an array */ +function read_package_configurationfile($package_name) { + global $config, $g; + + $pkg_config = array(); + $id = get_package_id($package_name); + + if ($id < 0 || !isset($config['installedpackages']['package'][$id]['configurationfile'])) { + return $pkg_config; + } + + $pkg_configurationfile = $config['installedpackages']['package'][$id]['configurationfile']; + + if (empty($pkg_configurationfile) || !file_exists('/usr/local/pkg/' . $pkg_configurationfile)) { + return $pkg_config; + } + + $pkg_config = parse_xml_config_pkg('/usr/local/pkg/' . $pkg_configurationfile, "packagegui"); + + return $pkg_config; +} + function get_after_install_info($package_name) { $pkg_config = read_package_config($package_name); @@ -566,18 +659,8 @@ function eval_once($toeval) { return; } -function install_package($package_name) { - global $g, $config, $static_output, $pkg_interface; - - if ($pkg_interface == "console") { - echo "\n"; - } - - return pkg_install($package_name); -} - function install_package_xml($package_name) { - global $g, $config, $static_output, $pkg_interface; + global $g, $config, $pkg_interface; if (($pkg_info = read_package_config($package_name)) == false) { return false; @@ -588,13 +671,10 @@ function install_package_xml($package_name) { pkg_debug(gettext("Beginning package installation.") . "\n"); log_error(sprintf(gettext('Beginning package installation for %s .'), $pkg_info['name'])); - $static_output .= sprintf(gettext("Beginning package installation for %s .\n"), $pkg_info['name']); - update_status($static_output); /* add package information to config.xml */ $pkgid = get_package_id($pkg_info['name']); - $static_output .= gettext("Saving updated package information...") . " "; - update_output_window($static_output); + update_status(gettext("Saving updated package information...") . "\n"); if ($pkgid == -1) { $config['installedpackages']['package'][] = $pkg_info; $changedesc = sprintf(gettext("Installed %s package."), $pkg_info['name']); @@ -607,37 +687,26 @@ function install_package_xml($package_name) { unlink_if_exists('/conf/needs_package_sync'); write_config("Intermediate config write during package install for {$pkg_info['name']}."); conf_mount_ro(); - $static_output .= $to_output; - update_output_window($static_output); + update_status($to_output); if (($pkgid = get_package_id($package_name)) == -1) { - $static_output .= sprintf(gettext("The %s package is not installed.%sInstallation aborted."), $package_name, "\n\n"); - update_output_window($static_output); - if ($pkg_interface <> "console") { - echo "\n<script>document.getElementById('progressbar').style.visibility='hidden';</script>"; - echo "\n<script>document.getElementById('progholder').style.visibility='hidden';</script>"; - } + update_status(sprintf(gettext("The %s package is not installed.%sInstallation aborted."), $package_name, "\n\n")); uninstall_package($package_name); write_config($changedesc); log_error(sprintf(gettext("Failed to install package: %s."), $pkg_info['name'])); - $static_output .= gettext("Failed to install package.") . "\n"; - update_output_window($static_output); + update_status(gettext("Failed to install package.") . "\n"); return false; } - $configfile = substr(strrchr($pkg_info['config_file'], '/'), 1); - if (file_exists("/usr/local/pkg/" . $configfile)) { - $static_output .= gettext("Loading package configuration... "); - update_output_window($static_output); - $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $configfile, "packagegui"); - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); - $static_output .= gettext("Configuring package components...\n"); + if (file_exists("/usr/local/pkg/" . $pkg_info['configurationfile'])) { + update_status(gettext("Loading package configuration... ")); + $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $pkg_info['configurationfile'], "packagegui"); + update_status(gettext("done.") . "\n"); + update_status(gettext("Configuring package components...") . "\n"); if (!empty($pkg_config['filter_rules_needed'])) { $config['installedpackages']['package'][$pkgid]['filter_rule_function'] = $pkg_config['filter_rules_needed']; } - update_output_window($static_output); /* modify system files */ /* if a require exists, include it. this will @@ -646,56 +715,45 @@ function install_package_xml($package_name) { */ $missing_include = false; if ($pkg_config['include_file'] <> "") { - $static_output .= gettext("Loading package instructions...") . "\n"; - update_output_window($static_output); + update_status(gettext("Loading package instructions...") . "\n"); if (file_exists($pkg_config['include_file'])) { pkg_debug("require_once('{$pkg_config['include_file']}')\n"); require_once($pkg_config['include_file']); } else { pkg_debug("Missing include {$pkg_config['include_file']}\n"); $missing_include = true; - $static_output .= "Include " . basename($pkg_config['include_file']) . " is missing!\n"; - update_output_window($static_output); + update_status("Include " . basename($pkg_config['include_file']) . " is missing!\n"); uninstall_package($package_name); write_config($changedesc); log_error(sprintf(gettext("Failed to install package: %s."), $pkg_info['name'])); - $static_output .= gettext("Failed to install package.") . "\n"; - update_output_window($static_output); + update_status(gettext("Failed to install package.") . "\n"); return false; } } /* custom commands */ - $static_output .= gettext("Custom commands...") . "\n"; - update_output_window($static_output); + update_status(gettext("Custom commands...") . "\n"); if ($missing_include == false) { if ($pkg_config['custom_php_global_functions'] <> "") { - $static_output .= gettext("Executing custom_php_global_functions()..."); - update_output_window($static_output); + update_status(gettext("Executing custom_php_global_functions()...")); eval_once($pkg_config['custom_php_global_functions']); - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); } if ($pkg_config['custom_php_install_command']) { - $static_output .= gettext("Executing custom_php_install_command()..."); - update_output_window($static_output); + update_status(gettext("Executing custom_php_install_command()...")); eval_once($pkg_config['custom_php_install_command']); - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); } if ($pkg_config['custom_php_resync_config_command'] <> "") { - $static_output .= gettext("Executing custom_php_resync_config_command()..."); - update_output_window($static_output); + update_status(gettext("Executing custom_php_resync_config_command()...")); eval_once($pkg_config['custom_php_resync_config_command']); - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); } } /* sidebar items */ if (is_array($pkg_config['menu'])) { - $static_output .= gettext("Menu items... "); - update_output_window($static_output); + update_status(gettext("Menu items... ")); foreach ($pkg_config['menu'] as $menu) { if (is_array($config['installedpackages']['menu'])) { foreach ($config['installedpackages']['menu'] as $amenu) { @@ -708,13 +766,11 @@ function install_package_xml($package_name) { } $config['installedpackages']['menu'][] = $menu; } - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); } /* services */ if (is_array($pkg_config['service'])) { - $static_output .= gettext("Services... "); - update_output_window($static_output); + update_status(gettext("Services... ")); foreach ($pkg_config['service'] as $service) { if (is_array($config['installedpackages']['service'])) { foreach ($config['installedpackages']['service'] as $aservice) { @@ -727,24 +783,17 @@ function install_package_xml($package_name) { } $config['installedpackages']['service'][] = $service; } - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); } } else { pkg_debug("Unable to find config file\n"); - $static_output .= gettext("Loading package configuration... failed!") . "\n\n" . gettext("Installation aborted."); - update_output_window($static_output); + update_status(gettext("Loading package configuration... failed!") . "\n\n" . gettext("Installation aborted.")); pkg_debug(gettext("Unable to load package configuration. Installation aborted.") ."\n"); - if ($pkg_interface <> "console") { - echo "\n<script>document.getElementById('progressbar').style.visibility='hidden';</script>"; - echo "\n<script>document.getElementById('progholder').style.visibility='hidden';</script>"; - } uninstall_package($package_name); write_config($changedesc); log_error(sprintf(gettext("Failed to install package: %s."), $pkg_info['name'])); - $static_output .= gettext("Failed to install package.") . "\n"; - update_output_window($static_output); + update_status(gettext("Failed to install package.") . "\n"); return false; } @@ -753,57 +802,32 @@ function install_package_xml($package_name) { system_syslogd_start(); } - $static_output .= gettext("Writing configuration... "); - update_output_window($static_output); + update_status(gettext("Writing configuration... ")); write_config($changedesc); log_error(sprintf(gettext("Successfully installed package: %s."), $pkg_info['name'])); - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); if ($pkg_info['after_install_info']) { - update_output_window($pkg_info['after_install_info']); + update_status($pkg_info['after_install_info']); } return true; } -function delete_package($package_name) { - global $config, $g, $static_output; - - if (!is_package_installed($package_name)) { - return; - } - - $static_output .= sprintf(gettext("Starting package deletion for %s..."), $package_name); - update_output_window($static_output); - - pkg_delete($package_name); - $static_output .= "done.\n"; - update_output_window($static_output); - - return; -} - function delete_package_xml($package_name, $when = "post-deinstall") { - global $g, $config, $static_output, $pkg_interface; + global $g, $config, $pkg_interface; conf_mount_rw(); $pkgid = get_package_id($package_name); if ($pkgid == -1) { - $static_output .= sprintf(gettext("The %s package is not installed.%sDeletion aborted."), $package_name, "\n\n"); - update_output_window($static_output); - if ($pkg_interface <> "console") { - echo "\n<script>document.getElementById('progressbar').style.visibility='hidden';</script>"; - echo "\n<script>document.getElementById('progholder').style.visibility='hidden';</script>"; - } + update_status(sprintf(gettext("The %s package is not installed.%sDeletion aborted."), $package_name, "\n\n")); ob_flush(); sleep(1); conf_mount_ro(); return; } pkg_debug(sprintf(gettext("Removing %s package... "), $package_name)); - $static_output .= sprintf(gettext("Removing %s components..."), $package_name) . "\n"; - update_output_window($static_output); + update_status(sprintf(gettext("Removing %s components..."), $package_name) . "\n"); /* parse package configuration */ $packages = &$config['installedpackages']['package']; $menus =& $config['installedpackages']['menu']; @@ -813,8 +837,7 @@ function delete_package_xml($package_name, $when = "post-deinstall") { $pkg_config = parse_xml_config_pkg("/usr/local/pkg/" . $packages[$pkgid]['configurationfile'], "packagegui"); /* remove menu items */ if (is_array($pkg_config['menu'])) { - $static_output .= gettext("Menu items... "); - update_output_window($static_output); + update_status(gettext("Menu items... ")); if (is_array($pkg_config['menu']) && is_array($menus)) { foreach ($pkg_config['menu'] as $menu) { foreach ($menus as $key => $instmenu) { @@ -825,13 +848,11 @@ function delete_package_xml($package_name, $when = "post-deinstall") { } } } - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); } /* remove services */ if (is_array($pkg_config['service'])) { - $static_output .= gettext("Services... "); - update_output_window($static_output); + update_status(gettext("Services... ")); if (is_array($pkg_config['service']) && is_array($services)) { foreach ($pkg_config['service'] as $service) { foreach ($services as $key => $instservice) { @@ -853,8 +874,7 @@ function delete_package_xml($package_name, $when = "post-deinstall") { } } } - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); + update_status(gettext("done.") . "\n"); } /* * XXX: Otherwise inclusion of config.inc again invalidates actions taken. @@ -869,16 +889,14 @@ function delete_package_xml($package_name, $when = "post-deinstall") { */ $missing_include = false; if ($pkg_config['include_file'] <> "") { - $static_output .= gettext("Loading package instructions...") . "\n"; - update_output_window($static_output); + update_status(gettext("Loading package instructions...") . "\n"); if (file_exists($pkg_config['include_file'])) { pkg_debug("require_once(\"{$pkg_config['include_file']}\")\n"); require_once($pkg_config['include_file']); } else { pkg_debug("Missing include {$pkg_config['include_file']}\n"); $missing_include = true; - update_output_window($static_output); - $static_output .= "Include file " . basename($pkg_config['include_file']) . " could not be found for inclusion.\n"; + update_status("Include file " . basename($pkg_config['include_file']) . " could not be found for inclusion.\n"); } } /* ermal @@ -896,35 +914,31 @@ function delete_package_xml($package_name, $when = "post-deinstall") { } /* deinstall commands */ if ($when == "post-deinstall" && $pkg_config['custom_php_deinstall_command'] <> "") { - $static_output .= gettext("Deinstall commands... "); - update_output_window($static_output); + update_status(gettext("Deinstall commands... ")); if ($missing_include == false) { eval_once($pkg_config['custom_php_deinstall_command']); - $static_output .= gettext("done.") . "\n"; + update_status(gettext("done.") . "\n"); } else { - $static_output .= "\nNot executing custom deinstall hook because an include is missing.\n"; + update_status("\nNot executing custom deinstall hook because an include is missing.\n"); } - update_output_window($static_output); } } /* syslog */ $need_syslog_restart = false; if (is_array($pkg_info['logging']) && $pkg_info['logging']['logfilename'] <> "") { - $static_output .= "Syslog entries... "; - update_output_window($static_output); + update_status("Syslog entries... "); @unlink("{$g['varlog_path']}/{$pkg_info['logging']['logfilename']}"); - $static_output .= "done.\n"; - update_output_window($static_output); + update_status("done.\n"); $need_syslog_restart = true; } - /* remove config.xml entries */ - $static_output .= gettext("Configuration... "); - update_output_window($static_output); - unset($config['installedpackages']['package'][$pkgid]); - $static_output .= gettext("done.") . "\n"; - update_output_window($static_output); - write_config("Removed {$package_name} package.\n"); + if ($when == "post-deinstall") { + /* remove config.xml entries */ + update_status(gettext("Configuration... ")); + unset($config['installedpackages']['package'][$pkgid]); + update_status(gettext("done.") . "\n"); + write_config("Removed {$package_name} package.\n"); + } /* remove package entry from /etc/syslog.conf if needed */ /* this must be done after removing the entries from config.xml */ @@ -935,11 +949,68 @@ function delete_package_xml($package_name, $when = "post-deinstall") { conf_mount_ro(); } -function pkg_reinstall_all() { - global $g, $config; +/* + * Used during upgrade process or retore backup process, verify all + * packages installed in config.xml and install pkg accordingly + */ +function package_reinstall_all() { + global $g, $config, $pkg_interface; - // XXX: implement - return; + if (!isset($config['installedpackages']['package']) || + !is_array($config['installedpackages']['package'])) { + return true; + } + + $upgrade = (file_exists('/conf/needs_package_sync') && platform_booting()); + + /* During boot after upgrade, wait for internet connection */ + if ($upgrade) { + update_status(gettext("Waiting for internet connection to update pkg metadata and fini package reinstallation")); + while (true) { + if (pkg_update(true)) { + break; + } + update_status('.'); + sleep(1); + } + update_status("\n"); + } else { + if (!pkg_update()) { + return false; + } + } + + $pkg_info = get_pkg_info(); + + foreach ($config['installedpackages']['package'] as $package) { + $found = false; + $internal_name = get_package_internal_name($package); + foreach ($pkg_info as $pkg) { + pkg_remove_prefix($pkg['name']); + if ($pkg['name'] == $internal_name) { + $found = true; + break; + } + } + + if (!$found) { + if (!function_exists("file_notice")) { + require_once("notices.inc"); + } + + file_notice(gettext("Package reinstall"), + sprintf(gettext("Package %s does not exist in current %s version and it has been removed."), $package['name'], $g['product_name'])); + uninstall_package($package['name']); + } + } + + /* Obsoleted packages were removed, lets reinstall all remaining */ + foreach ($config['installedpackages']['package'] as $package) { + $internal_name = get_package_internal_name($package); + pkg_install($g['pkg_prefix'] . $internal_name, true); + } + + return true; } function stop_packages() { @@ -992,14 +1063,101 @@ function stop_packages() { } } -function verify_all_package_servers() { - // XXX: Remove it after GUI is ready - return true; +/* Identify which meta package is installed */ +function get_meta_pkg_name() { + global $g; + + /* XXX: Use pkg annotation */ + if (is_pkg_installed($g['product_name'])) { + return $g['product_name']; + } else if (is_pkg_installed($g['product_name'] . '-vmware')) { + return $g['product_name'] . '-vmware'; + } + return false; } -function check_package_server_ssl() { - // XXX: Remove it after GUI is ready - return true; +/* Identify which base package is installed */ +function get_base_pkg_name() { + global $g; + + /* XXX: Use pkg annotation */ + if (is_pkg_installed($g['product_name'] . '-base-' . $g['platform'])) { + return $g['product_name']; + return $g['product_name'] . '-base-' . $g['platform']; + } else if (is_pkg_installed($g['product_name'] . '-base')) { + return $g['product_name'] . '-base'; + } + return false; +} + +/* Verify if system needs upgrade (meta package or base) */ +function get_system_pkg_version() { + global $g; + + $base_pkg = get_base_pkg_name(); + $meta_pkg = get_meta_pkg_name(); + + if (!$base_pkg || !$meta_pkg) { + return false; + } + + $info = get_pkg_info($base_pkg); + $pkg_name = $base_pkg; + + $pkg_info = array(); + foreach ($info as $item) { + if ($item['name'] == $base_pkg) { + $pkg_info = $item; + } + } + + if (empty($pkg_info) || + $pkg_info['version'] == $pkg_info['installed_version']) { + $info = get_pkg_info($meta_pkg); + $pkg_name = $meta_pkg; + + foreach ($info as $item) { + if ($item['name'] == $meta_pkg) { + $pkg_info = $item; + } + } + } + + if (empty($pkg_info)) { + return false; + } + + return array( + 'pkg_name' => $pkg_name, + 'version' => $pkg_info['version'], + 'installed_version' => $pkg_info['installed_version'] + ); +} + +/* Switch between stable and devel repos */ +function pkg_switch_repo($devel = false) { + global $g; + + $repo_stable = $g['product_name'] . '-repo'; + $repo_devel = $g['product_name'] . '-repo-devel'; + + if ($devel) { + $repo_target = $repo_devel; + } else { + $repo_target = $repo_stable; + } + + if (is_pkg_installed($repo_target)) { + /* It's already installed */ + return true; + } + + /* + * Since both install files in the same place, just + * call pkg_install for target and current one will + * be replaced + */ + return pkg_install($repo_target, true); } ?> diff --git a/src/etc/inc/priv.defs.inc b/src/etc/inc/priv.defs.inc index 7d2154f..06d0418 100644 --- a/src/etc/inc/priv.defs.inc +++ b/src/etc/inc/priv.defs.inc @@ -1,6 +1,13 @@ <?php /* - * priv.defs.inc - Generated privilege definitions + * priv.defs.inc - Default Privilege Definitions + * Generated by pfSense/tools/scripts/generate-privdefs.php + * + * *************************************************** + * DO NOT EDIT THIS FILE. IT IS GENERATED BY A SCRIPT. + * *************************************************** + * + * Text is pulled from metadata headers in the referenced files. * */ @@ -13,10 +20,10 @@ $priv_list['page-all']['match'] = array(); $priv_list['page-all']['match'][] = "*"; $priv_list['page-status-carp'] = array(); -$priv_list['page-status-carp']['name'] = gettext("WebCfg - Status: CARP page"); +$priv_list['page-status-carp']['name'] = gettext("WebCfg - Status: CARP"); $priv_list['page-status-carp']['descr'] = gettext("Allow access to the 'Status: CARP' page."); $priv_list['page-status-carp']['match'] = array(); -$priv_list['page-status-carp']['match'][] = "carp_status.php*"; +$priv_list['page-status-carp']['match'][] = "status_carp.php*"; $priv_list['page-diagnostics-crash-reporter'] = array(); $priv_list['page-diagnostics-crash-reporter']['name'] = gettext("WebCfg - Crash reporter"); @@ -25,196 +32,124 @@ $priv_list['page-diagnostics-crash-reporter']['match'] = array(); $priv_list['page-diagnostics-crash-reporter']['match'][] = "crash_reporter.php*"; $priv_list['page-diagnostics-arptable'] = array(); -$priv_list['page-diagnostics-arptable']['name'] = gettext("WebCfg - Diagnostics: ARP Table page"); +$priv_list['page-diagnostics-arptable']['name'] = gettext("WebCfg - Diagnostics: ARP Table"); $priv_list['page-diagnostics-arptable']['descr'] = gettext("Allow access to the 'Diagnostics: ARP Table' page."); $priv_list['page-diagnostics-arptable']['match'] = array(); $priv_list['page-diagnostics-arptable']['match'][] = "diag_arp.php*"; $priv_list['page-diagnostics-authentication'] = array(); -$priv_list['page-diagnostics-authentication']['name'] = gettext("WebCfg - Diagnostics: Authentication page"); +$priv_list['page-diagnostics-authentication']['name'] = gettext("WebCfg - Diagnostics: Authentication"); $priv_list['page-diagnostics-authentication']['descr'] = gettext("Allow access to the 'Diagnostics: Authentication' page."); $priv_list['page-diagnostics-authentication']['match'] = array(); $priv_list['page-diagnostics-authentication']['match'][] = "diag_authentication.php*"; $priv_list['page-diagnostics-backup/restore'] = array(); -$priv_list['page-diagnostics-backup/restore']['name'] = gettext("WebCfg - Diagnostics: Backup/restore page"); +$priv_list['page-diagnostics-backup/restore']['name'] = gettext("WebCfg - Diagnostics: Backup/restore"); $priv_list['page-diagnostics-backup/restore']['descr'] = gettext("Allow access to the 'Diagnostics: Backup/restore' page."); $priv_list['page-diagnostics-backup/restore']['match'] = array(); $priv_list['page-diagnostics-backup/restore']['match'][] = "diag_backup.php*"; $priv_list['page-diagnostics-configurationhistory'] = array(); -$priv_list['page-diagnostics-configurationhistory']['name'] = gettext("WebCfg - Diagnostics: Configuration History page"); +$priv_list['page-diagnostics-configurationhistory']['name'] = gettext("WebCfg - Diagnostics: Configuration History"); $priv_list['page-diagnostics-configurationhistory']['descr'] = gettext("Allow access to the 'Diagnostics: Configuration History' page."); $priv_list['page-diagnostics-configurationhistory']['match'] = array(); $priv_list['page-diagnostics-configurationhistory']['match'][] = "diag_confbak.php*"; $priv_list['page-diagnostics-factorydefaults'] = array(); -$priv_list['page-diagnostics-factorydefaults']['name'] = gettext("WebCfg - Diagnostics: Factory defaults page"); +$priv_list['page-diagnostics-factorydefaults']['name'] = gettext("WebCfg - Diagnostics: Factory defaults"); $priv_list['page-diagnostics-factorydefaults']['descr'] = gettext("Allow access to the 'Diagnostics: Factory defaults' page."); $priv_list['page-diagnostics-factorydefaults']['match'] = array(); $priv_list['page-diagnostics-factorydefaults']['match'][] = "diag_defaults.php*"; -$priv_list['page-diagnostics-ndptable'] = array(); -$priv_list['page-diagnostics-ndptable']['name'] = gettext("Webcfg - Diagnostics: NDP Table page"); -$priv_list['page-diagnostics-ndptable']['descr'] = gettext("Allow access to the 'Diagnostics: NDP Table' page."); -$priv_list['page-diagnostics-ndptable']['match'] = array(); -$priv_list['page-diagnostics-ndptable']['match'][] = "diag_ndp.php*"; - -$priv_list['page-diagnostics-restore-full-backup'] = array(); -$priv_list['page-diagnostics-restore-full-backup']['name'] = gettext("Webcfg - Diagnostics: Restore full backup"); -$priv_list['page-diagnostics-restore-full-backup']['descr'] = gettext("Allow access to the 'Diagnostics: Restore Full Backup' page."); -$priv_list['page-diagnostics-restore-full-backup']['match'] = array(); -$priv_list['page-diagnostics-restore-full-backup']['match'][] = "system_firmware_restorefullbackup.php"; +$priv_list['page-diagnostics-dns'] = array(); +$priv_list['page-diagnostics-dns']['name'] = gettext("WebCfg - Diagnostics: DNS Lookup"); +$priv_list['page-diagnostics-dns']['descr'] = gettext("Allow access to the 'Diagnostics: DNS Lookup' page."); +$priv_list['page-diagnostics-dns']['match'] = array(); +$priv_list['page-diagnostics-dns']['match'][] = "diag_dns.php*"; $priv_list['page-diagnostics-showstates'] = array(); -$priv_list['page-diagnostics-showstates']['name'] = gettext("WebCfg - Diagnostics: Show States page"); +$priv_list['page-diagnostics-showstates']['name'] = gettext("WebCfg - Diagnostics: Show States"); $priv_list['page-diagnostics-showstates']['descr'] = gettext("Allow access to the 'Diagnostics: Show States' page."); $priv_list['page-diagnostics-showstates']['match'] = array(); $priv_list['page-diagnostics-showstates']['match'][] = "diag_dump_states.php*"; -$priv_list['page-diagnostics-sockets'] = array(); -$priv_list['page-diagnostics-sockets']['name'] = gettext("WebCfg - Diagnostics: Sockets page"); -$priv_list['page-diagnostics-sockets']['descr'] = gettext("Allow access to the 'Diagnostics: Sockets' page."); -$priv_list['page-diagnostics-sockets']['match'] = array(); -$priv_list['page-diagnostics-sockets']['match'][] = "diag_sockets.php*"; +$priv_list['page-diagnostics-sourcetracking'] = array(); +$priv_list['page-diagnostics-sourcetracking']['name'] = gettext("WebCfg - Diagnostics: Show Source Tracking"); +$priv_list['page-diagnostics-sourcetracking']['descr'] = gettext("Allow access to the 'Diagnostics: Show Source Tracking' page."); +$priv_list['page-diagnostics-sourcetracking']['match'] = array(); +$priv_list['page-diagnostics-sourcetracking']['match'][] = "diag_dump_states_sources.php*"; -$priv_list['page-diagnostics-testport'] = array(); -$priv_list['page-diagnostics-testport']['name'] = gettext("Webcfg - Diagnostics: Test Port"); -$priv_list['page-diagnostics-testport']['descr'] = gettext("Allow access to the 'Diagnostics: Test Port' page."); -$priv_list['page-diagnostics-testport']['match'] = array(); -$priv_list['page-diagnostics-testport']['match'][] = "diag_testport.php*"; +$priv_list['page-diagnostics-gmirror'] = array(); +$priv_list['page-diagnostics-gmirror']['name'] = gettext("WebCfg - Diagnostics: GEOM Mirrors"); +$priv_list['page-diagnostics-gmirror']['descr'] = gettext("Allow access to the 'Diagnostics: GEOM Mirrors' page."); +$priv_list['page-diagnostics-gmirror']['match'] = array(); +$priv_list['page-diagnostics-gmirror']['match'][] = "diag_gmirror.php*"; $priv_list['page-status-ipsec'] = array(); -$priv_list['page-status-ipsec']['name'] = gettext("WebCfg - Status: IPsec page"); +$priv_list['page-status-ipsec']['name'] = gettext("WebCfg - Status: IPsec"); $priv_list['page-status-ipsec']['descr'] = gettext("Allow access to the 'Status: IPsec' page."); $priv_list['page-status-ipsec']['match'] = array(); -$priv_list['page-status-ipsec']['match'][] = "diag_ipsec.php*"; +$priv_list['page-status-ipsec']['match'][] = "status_ipsec.php*"; $priv_list['page-status-ipsec-leases'] = array(); -$priv_list['page-status-ipsec-leases']['name'] = gettext("WebCfg - Status: IPsec: Leasespage"); +$priv_list['page-status-ipsec-leases']['name'] = gettext("WebCfg - Status: IPsec: Leases"); $priv_list['page-status-ipsec-leases']['descr'] = gettext("Allow access to the 'Status: IPsec: Leases' page."); $priv_list['page-status-ipsec-leases']['match'] = array(); -$priv_list['page-status-ipsec-leases']['match'][] = "diag_ipsec_leases.php*"; +$priv_list['page-status-ipsec-leases']['match'][] = "status_ipsec_leases.php*"; $priv_list['page-status-ipsec-sad'] = array(); -$priv_list['page-status-ipsec-sad']['name'] = gettext("WebCfg - Status: IPsec: SAD page"); +$priv_list['page-status-ipsec-sad']['name'] = gettext("WebCfg - Status: IPsec: SAD"); $priv_list['page-status-ipsec-sad']['descr'] = gettext("Allow access to the 'Status: IPsec: SAD' page."); $priv_list['page-status-ipsec-sad']['match'] = array(); -$priv_list['page-status-ipsec-sad']['match'][] = "diag_ipsec_sad.php*"; +$priv_list['page-status-ipsec-sad']['match'][] = "status_ipsec_sad.php*"; $priv_list['page-status-ipsec-spd'] = array(); -$priv_list['page-status-ipsec-spd']['name'] = gettext("WebCfg - Status: IPsec: SPD page"); +$priv_list['page-status-ipsec-spd']['name'] = gettext("WebCfg - Status: IPsec: SPD"); $priv_list['page-status-ipsec-spd']['descr'] = gettext("Allow access to the 'Status: IPsec: SPD' page."); $priv_list['page-status-ipsec-spd']['match'] = array(); -$priv_list['page-status-ipsec-spd']['match'][] = "diag_ipsec_spd.php*"; +$priv_list['page-status-ipsec-spd']['match'][] = "status_ipsec_spd.php*"; -$priv_list['page-status-ntp'] = array(); -$priv_list['page-status-ntp']['name'] = gettext("Webcfg - Status: NTP page"); -$priv_list['page-status-ntp']['descr'] = gettext("Allow access to the 'Status: NTP' page."); -$priv_list['page-status-ntp']['match'] = array(); -$priv_list['page-status-ntp']['match'][] = "status_ntpd.php*"; - -$priv_list['page-ipsecxml'] = array(); -$priv_list['page-ipsecxml']['name'] = gettext("WebCfg - Diag IPsec XML page"); -$priv_list['page-ipsecxml']['descr'] = gettext("Allow access to the 'Diag IPsec XML' page."); -$priv_list['page-ipsecxml']['match'] = array(); -$priv_list['page-ipsecxml']['match'][] = "diag_ipsec_xml.php"; +$priv_list['page-diagnostics-limiter-info'] = array(); +$priv_list['page-diagnostics-limiter-info']['name'] = gettext("WebCfg - Diagnostics: Limiter Info"); +$priv_list['page-diagnostics-limiter-info']['descr'] = gettext("Allows access to the 'Diagnostics: Limiter Info' page"); +$priv_list['page-diagnostics-limiter-info']['match'] = array(); +$priv_list['page-diagnostics-limiter-info']['match'][] = "diag_limiter_info.php*"; $priv_list['page-diagnostics-logs-system'] = array(); -$priv_list['page-diagnostics-logs-system']['name'] = gettext("WebCfg - Diagnostics: Logs: System page"); -$priv_list['page-diagnostics-logs-system']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: System' page."); +$priv_list['page-diagnostics-logs-system']['name'] = gettext("WebCfg - Status: Logs: System"); +$priv_list['page-diagnostics-logs-system']['descr'] = gettext("Allow access to the 'Status: System Logs: General' page."); $priv_list['page-diagnostics-logs-system']['match'] = array(); -$priv_list['page-diagnostics-logs-system']['match'][] = "diag_logs.php*"; - -$priv_list['page-status-systemlogs-portalauth'] = array(); -$priv_list['page-status-systemlogs-portalauth']['name'] = gettext("WebCfg - Status: System logs: Portal Auth page"); -$priv_list['page-status-systemlogs-portalauth']['descr'] = gettext("Allow access to the 'Status: System logs: Portal Auth' page."); -$priv_list['page-status-systemlogs-portalauth']['match'] = array(); -$priv_list['page-status-systemlogs-portalauth']['match'][] = "diag_logs_auth.php*"; - -$priv_list['page-diagnostics-logs-dhcp'] = array(); -$priv_list['page-diagnostics-logs-dhcp']['name'] = gettext("WebCfg - Diagnostics: Logs: DHCP page"); -$priv_list['page-diagnostics-logs-dhcp']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: DHCP' page."); -$priv_list['page-diagnostics-logs-dhcp']['match'] = array(); -$priv_list['page-diagnostics-logs-dhcp']['match'][] = "diag_logs_dhcp.php*"; +$priv_list['page-diagnostics-logs-system']['match'][] = "status_logs.php"; $priv_list['page-diagnostics-logs-firewall'] = array(); -$priv_list['page-diagnostics-logs-firewall']['name'] = gettext("WebCfg - Diagnostics: Logs: Firewall page"); -$priv_list['page-diagnostics-logs-firewall']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: Firewall' page."); +$priv_list['page-diagnostics-logs-firewall']['name'] = gettext("WebCfg - Status: Logs: Firewall"); +$priv_list['page-diagnostics-logs-firewall']['descr'] = gettext("Allow access to the 'Status: Logs: Firewall' page."); $priv_list['page-diagnostics-logs-firewall']['match'] = array(); -$priv_list['page-diagnostics-logs-firewall']['match'][] = "diag_logs_filter.php*"; - -$priv_list['page-diagnostics-logs-gateways'] = array(); -$priv_list['page-diagnostics-logs-gateways']['name'] = gettext("WebCfg - Diagnostics: Logs: Gateways page"); -$priv_list['page-diagnostics-logs-gateways']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: System: Gateways' page."); -$priv_list['page-diagnostics-logs-gateways']['match'] = array(); -$priv_list['page-diagnostics-logs-gateways']['match'][] = "diag_logs_gateways.php*"; - -$priv_list['page-diagnostics-logs-resolver'] = array(); -$priv_list['page-diagnostics-logs-resolver']['name'] = gettext("WebCfg - Diagnostics: Logs: Resolver page"); -$priv_list['page-diagnostics-logs-resolver']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: System: Resolver' page."); -$priv_list['page-diagnostics-logs-resolver']['match'] = array(); -$priv_list['page-diagnostics-logs-resolver']['match'][] = "diag_logs_resolver.php*"; - -$priv_list['page-hidden-nolongerincluded'] = array(); -$priv_list['page-hidden-nolongerincluded']['name'] = gettext("WebCfg - Hidden: No longer included page"); -$priv_list['page-hidden-nolongerincluded']['descr'] = gettext("Allow access to the 'Hidden: No longer included' page."); -$priv_list['page-hidden-nolongerincluded']['match'] = array(); -$priv_list['page-hidden-nolongerincluded']['match'][] = "diag_logs_filter_dynamic.php*"; - -$priv_list['page-status-systemlogs-ipsecvpn'] = array(); -$priv_list['page-status-systemlogs-ipsecvpn']['name'] = gettext("WebCfg - Status: System logs: IPsec VPN page"); -$priv_list['page-status-systemlogs-ipsecvpn']['descr'] = gettext("Allow access to the 'Status: System logs: IPsec VPN' page."); -$priv_list['page-status-systemlogs-ipsecvpn']['match'] = array(); -$priv_list['page-status-systemlogs-ipsecvpn']['match'][] = "diag_logs_ipsec.php*"; - -$priv_list['page-status-systemlogs-ntpd'] = array(); -$priv_list['page-status-systemlogs-ntpd']['name'] = gettext("WebCfg - Status: System logs: NTP page"); -$priv_list['page-status-systemlogs-ntpd']['descr'] = gettext("Allow access to the 'Status: System logs: NTP' page."); -$priv_list['page-status-systemlogs-ntpd']['match'] = array(); -$priv_list['page-status-systemlogs-ntpd']['match'][] = "diag_logs_ntpd.php*"; - -$priv_list['page-status-systemlogs-openvpn'] = array(); -$priv_list['page-status-systemlogs-openvpn']['name'] = gettext("WebCfg - Status: System logs: OpenVPN page"); -$priv_list['page-status-systemlogs-openvpn']['descr'] = gettext("Allow access to the 'Status: System logs: OpenVPN' page."); -$priv_list['page-status-systemlogs-openvpn']['match'] = array(); -$priv_list['page-status-systemlogs-openvpn']['match'][] = "diag_logs_openvpn.php*"; - -$priv_list['page-status-systemlogs-ppp'] = array(); -$priv_list['page-status-systemlogs-ppp']['name'] = gettext("WebCfg - Status: System logs: IPsec VPN page"); -$priv_list['page-status-systemlogs-ppp']['descr'] = gettext("Allow access to the 'Status: System logs: IPsec VPN' page."); -$priv_list['page-status-systemlogs-ppp']['match'] = array(); -$priv_list['page-status-systemlogs-ppp']['match'][] = "diag_logs_ppp.php*"; - -$priv_list['page-status-systemlogs-loadbalancer'] = array(); -$priv_list['page-status-systemlogs-loadbalancer']['name'] = gettext("WebCfg - Status: System logs: Load Balancer page"); -$priv_list['page-status-systemlogs-loadbalancer']['descr'] = gettext("Allow access to the 'Status: System logs: Load Balancer' page."); -$priv_list['page-status-systemlogs-loadbalancer']['match'] = array(); -$priv_list['page-status-systemlogs-loadbalancer']['match'][] = "diag_logs_relayd.php*"; - -$priv_list['page-status-systemlogs-routing'] = array(); -$priv_list['page-status-systemlogs-routing']['name'] = gettext("Webcfg - Status: System logs: Routing page"); -$priv_list['page-status-systemlogs-routing']['descr'] = gettext("Allow access to the 'Status: System logs: System: Routing' page."); -$priv_list['page-status-systemlogs-routing']['match'] = array(); -$priv_list['page-status-systemlogs-routing']['match'][] = "diag_logs_routing.php*"; - -$priv_list['page-status-systemlogs-wireless'] = array(); -$priv_list['page-status-systemlogs-wireless']['name'] = gettext("Webcfg - Status: System logs: Wireless page"); -$priv_list['page-status-systemlogs-wireless']['descr'] = gettext("Allow access to the 'Status: System logs: System: Wireless' page."); -$priv_list['page-status-systemlogs-wireless']['match'] = array(); -$priv_list['page-status-systemlogs-wireless']['match'][] = "diag_logs_wireless.php*"; +$priv_list['page-diagnostics-logs-firewall']['match'][] = "status_logs_filter.php*"; + +$priv_list['page-diagnostics-logs-firewall-dynamic'] = array(); +$priv_list['page-diagnostics-logs-firewall-dynamic']['name'] = gettext("WebCfg - Status: System Logs: Firewall (Dynamic View)"); +$priv_list['page-diagnostics-logs-firewall-dynamic']['descr'] = gettext("Allow access to the 'Status: System Logs: Firewall (Dynamic View)' page"); +$priv_list['page-diagnostics-logs-firewall-dynamic']['match'] = array(); +$priv_list['page-diagnostics-logs-firewall-dynamic']['match'][] = "status_logs_filter_dynamic.php*"; + +$priv_list['page-diagnostics-logs-firewall-summary'] = array(); +$priv_list['page-diagnostics-logs-firewall-summary']['name'] = gettext("WebCfg - Status: System Logs: Firewall Log Summary"); +$priv_list['page-diagnostics-logs-firewall-summary']['descr'] = gettext("Allow access to the 'Status: System Logs: Firewall Log Summary' page"); +$priv_list['page-diagnostics-logs-firewall-summary']['match'] = array(); +$priv_list['page-diagnostics-logs-firewall-summary']['match'][] = "status_logs_filter_summary.php*"; $priv_list['page-diagnostics-logs-settings'] = array(); -$priv_list['page-diagnostics-logs-settings']['name'] = gettext("WebCfg - Diagnostics: Logs: Settings page"); -$priv_list['page-diagnostics-logs-settings']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: Settings' page."); +$priv_list['page-diagnostics-logs-settings']['name'] = gettext("WebCfg - Status: Logs: Settings"); +$priv_list['page-diagnostics-logs-settings']['descr'] = gettext("Allow access to the 'Status: Logs: Settings' page."); $priv_list['page-diagnostics-logs-settings']['match'] = array(); -$priv_list['page-diagnostics-logs-settings']['match'][] = "diag_logs_settings.php*"; +$priv_list['page-diagnostics-logs-settings']['match'][] = "status_logs_settings.php*"; $priv_list['page-diagnostics-logs-pptpvpn'] = array(); -$priv_list['page-diagnostics-logs-pptpvpn']['name'] = gettext("WebCfg - Diagnostics: Logs: VPN page"); -$priv_list['page-diagnostics-logs-pptpvpn']['descr'] = gettext("Allow access to the 'Diagnostics: Logs: VPN' page."); +$priv_list['page-diagnostics-logs-pptpvpn']['name'] = gettext("WebCfg - Status: Logs: VPN"); +$priv_list['page-diagnostics-logs-pptpvpn']['descr'] = gettext("Allow access to the 'Status: Logs: VPN' page."); $priv_list['page-diagnostics-logs-pptpvpn']['match'] = array(); -$priv_list['page-diagnostics-logs-pptpvpn']['match'][] = "diag_logs_vpn.php*"; +$priv_list['page-diagnostics-logs-pptpvpn']['match'][] = "status_logs_vpn.php*"; $priv_list['page-diagnostics-nanobsd'] = array(); $priv_list['page-diagnostics-nanobsd']['name'] = gettext("WebCfg - Diagnostics: NanoBSD"); @@ -222,86 +157,104 @@ $priv_list['page-diagnostics-nanobsd']['descr'] = gettext("Allow access to the ' $priv_list['page-diagnostics-nanobsd']['match'] = array(); $priv_list['page-diagnostics-nanobsd']['match'][] = "diag_nanobsd.php*"; +$priv_list['page-diagnostics-ndptable'] = array(); +$priv_list['page-diagnostics-ndptable']['name'] = gettext("WebCfg - Diagnostics: NDP Table"); +$priv_list['page-diagnostics-ndptable']['descr'] = gettext("Allow access to the 'Diagnostics: NDP Table' page."); +$priv_list['page-diagnostics-ndptable']['match'] = array(); +$priv_list['page-diagnostics-ndptable']['match'][] = "diag_ndp.php*"; + $priv_list['page-diagnostics-packetcapture'] = array(); -$priv_list['page-diagnostics-packetcapture']['name'] = gettext("WebCfg - Diagnostics: Packet Capture page"); +$priv_list['page-diagnostics-packetcapture']['name'] = gettext("WebCfg - Diagnostics: Packet Capture"); $priv_list['page-diagnostics-packetcapture']['descr'] = gettext("Allow access to the 'Diagnostics: Packet Capture' page."); $priv_list['page-diagnostics-packetcapture']['match'] = array(); $priv_list['page-diagnostics-packetcapture']['match'][] = "diag_packet_capture.php*"; -$priv_list['page-diagnostics-patters'] = array(); -$priv_list['page-diagnostics-patters']['name'] = gettext("WebCfg - Diagnostics: Patterns page"); -$priv_list['page-diagnostics-patters']['descr'] = gettext("Allow access to the 'Diagnostics: Patterns' page."); -$priv_list['page-diagnostics-patters']['match'] = array(); -$priv_list['page-diagnostics-patters']['match'][] = "patterns.php*"; - -$priv_list['page-diagnostics-limiter-info'] = array(); -$priv_list['page-diagnostics-limiter-info']['name'] = gettext("Diagnostics: Limiter Info"); -$priv_list['page-diagnostics-limiter-info']['descr'] = gettext("Allows access to the 'Diagnostics: Limiter Info' page"); -$priv_list['page-diagnostics-limiter-info']['match'] = array(); -$priv_list['page-diagnostics-limiter-info']['match'][] = "diag_limiter_info.php*"; - $priv_list['page-diagnostics-pf-info'] = array(); -$priv_list['page-diagnostics-pf-info']['name'] = gettext("Diagnostics: pfInfo"); +$priv_list['page-diagnostics-pf-info']['name'] = gettext("WebCfg - Diagnostics: pfInfo"); $priv_list['page-diagnostics-pf-info']['descr'] = gettext("Allows access to the 'Diagnostics: pfInfo' page"); $priv_list['page-diagnostics-pf-info']['match'] = array(); $priv_list['page-diagnostics-pf-info']['match'][] = "diag_pf_info.php*"; -$priv_list['page-diagnostics-system-activity'] = array(); -$priv_list['page-diagnostics-system-activity']['name'] = gettext("WebCfg - Diagnostics: System Activity"); -$priv_list['page-diagnostics-system-activity']['descr'] = gettext("Allows access to the 'Diagnostics: System Activity' page"); -$priv_list['page-diagnostics-system-activity']['match'] = array(); -$priv_list['page-diagnostics-system-activity']['match'][] = "diag_system_activity.php*"; - -$priv_list['page-diagnostics-system-pftop'] = array(); -$priv_list['page-diagnostics-system-pftop']['name'] = gettext("Diagnostics: pfTop"); -$priv_list['page-diagnostics-system-pftop']['descr'] = gettext("Allows access to the 'Diagnostics: pfTop' page"); -$priv_list['page-diagnostics-system-pftop']['match'] = array(); -$priv_list['page-diagnostics-system-pftop']['match'][] = "diag_system_pftop.php*"; - $priv_list['page-diagnostics-ping'] = array(); -$priv_list['page-diagnostics-ping']['name'] = gettext("WebCfg - Diagnostics: Ping page"); +$priv_list['page-diagnostics-ping']['name'] = gettext("WebCfg - Diagnostics: Ping"); $priv_list['page-diagnostics-ping']['descr'] = gettext("Allow access to the 'Diagnostics: Ping' page."); $priv_list['page-diagnostics-ping']['match'] = array(); $priv_list['page-diagnostics-ping']['match'][] = "diag_ping.php*"; $priv_list['page-status-packagelogs'] = array(); -$priv_list['page-status-packagelogs']['name'] = gettext("WebCfg - Status: Package logs page"); +$priv_list['page-status-packagelogs']['name'] = gettext("WebCfg - Status: Package logs"); $priv_list['page-status-packagelogs']['descr'] = gettext("Allow access to the 'Status: Package logs' page."); $priv_list['page-status-packagelogs']['match'] = array(); -$priv_list['page-status-packagelogs']['match'][] = "diag_pkglogs.php*"; +$priv_list['page-status-packagelogs']['match'][] = "status_pkglogs.php*"; $priv_list['page-diagnostics-resetstate'] = array(); -$priv_list['page-diagnostics-resetstate']['name'] = gettext("WebCfg - Diagnostics: Reset state page"); -$priv_list['page-diagnostics-resetstate']['descr'] = gettext("Allow access to the 'Diagnostics: Reset state' page."); +$priv_list['page-diagnostics-resetstate']['name'] = gettext("WebCfg - Diagnostics: Reset states"); +$priv_list['page-diagnostics-resetstate']['descr'] = gettext("Allow access to the 'Diagnostics: Reset states' page."); $priv_list['page-diagnostics-resetstate']['match'] = array(); $priv_list['page-diagnostics-resetstate']['match'][] = "diag_resetstate.php*"; $priv_list['page-diagnostics-routingtables'] = array(); -$priv_list['page-diagnostics-routingtables']['name'] = gettext("WebCfg - Diagnostics: Routing tables page"); +$priv_list['page-diagnostics-routingtables']['name'] = gettext("WebCfg - Diagnostics: Routing tables"); $priv_list['page-diagnostics-routingtables']['descr'] = gettext("Allow access to the 'Diagnostics: Routing tables' page."); $priv_list['page-diagnostics-routingtables']['match'] = array(); $priv_list['page-diagnostics-routingtables']['match'][] = "diag_routes.php*"; +$priv_list['page-diagnostics-smart'] = array(); +$priv_list['page-diagnostics-smart']['name'] = gettext("WebCfg - Diagnostics: S.M.A.R.T. Monitor Tools"); +$priv_list['page-diagnostics-smart']['descr'] = gettext("Allow access to the 'Diagnostics: S.M.A.R.T. Monitor Tools' page."); +$priv_list['page-diagnostics-smart']['match'] = array(); +$priv_list['page-diagnostics-smart']['match'][] = "diag_smart.php*"; + +$priv_list['page-diagnostics-sockets'] = array(); +$priv_list['page-diagnostics-sockets']['name'] = gettext("WebCfg - Diagnostics: Sockets"); +$priv_list['page-diagnostics-sockets']['descr'] = gettext("Allow access to the 'Diagnostics: Sockets' page."); +$priv_list['page-diagnostics-sockets']['match'] = array(); +$priv_list['page-diagnostics-sockets']['match'][] = "diag_sockets.php*"; + $priv_list['page-diagnostics-statessummary'] = array(); -$priv_list['page-diagnostics-statessummary']['name'] = gettext("WebCfg - Diagnostics: States Summary page"); +$priv_list['page-diagnostics-statessummary']['name'] = gettext("WebCfg - Diagnostics: States Summary"); $priv_list['page-diagnostics-statessummary']['descr'] = gettext("Allow access to the 'Diagnostics: States Summary' page."); $priv_list['page-diagnostics-statessummary']['match'] = array(); $priv_list['page-diagnostics-statessummary']['match'][] = "diag_states_summary.php*"; +$priv_list['page-diagnostics-system-activity'] = array(); +$priv_list['page-diagnostics-system-activity']['name'] = gettext("WebCfg - Diagnostics: System Activity"); +$priv_list['page-diagnostics-system-activity']['descr'] = gettext("Allows access to the 'Diagnostics: System Activity' page"); +$priv_list['page-diagnostics-system-activity']['match'] = array(); +$priv_list['page-diagnostics-system-activity']['match'][] = "diag_system_activity.php*"; + +$priv_list['page-diagnostics-system-pftop'] = array(); +$priv_list['page-diagnostics-system-pftop']['name'] = gettext("WebCfg - Diagnostics: pfTop"); +$priv_list['page-diagnostics-system-pftop']['descr'] = gettext("Allows access to the 'Diagnostics: pfTop' page"); +$priv_list['page-diagnostics-system-pftop']['match'] = array(); +$priv_list['page-diagnostics-system-pftop']['match'][] = "diag_pftop.php*"; + $priv_list['page-diagnostics-tables'] = array(); -$priv_list['page-diagnostics-tables']['name'] = gettext("WebCfg - Diagnostics: PF Table IP addresses"); +$priv_list['page-diagnostics-tables']['name'] = gettext("WebCfg - Diagnostics: pf Table IP addresses"); $priv_list['page-diagnostics-tables']['descr'] = gettext("Allow access to the 'Diagnostics: Tables' page."); $priv_list['page-diagnostics-tables']['match'] = array(); $priv_list['page-diagnostics-tables']['match'][] = "diag_tables.php*"; +$priv_list['page-diagnostics-testport'] = array(); +$priv_list['page-diagnostics-testport']['name'] = gettext("WebCfg - Diagnostics: Test Port"); +$priv_list['page-diagnostics-testport']['descr'] = gettext("Allow access to the 'Diagnostics: Test Port' page."); +$priv_list['page-diagnostics-testport']['match'] = array(); +$priv_list['page-diagnostics-testport']['match'][] = "diag_testport.php*"; + $priv_list['page-diagnostics-traceroute'] = array(); -$priv_list['page-diagnostics-traceroute']['name'] = gettext("WebCfg - Diagnostics: Traceroute page"); +$priv_list['page-diagnostics-traceroute']['name'] = gettext("WebCfg - Diagnostics: Traceroute"); $priv_list['page-diagnostics-traceroute']['descr'] = gettext("Allow access to the 'Diagnostics: Traceroute' page."); $priv_list['page-diagnostics-traceroute']['match'] = array(); $priv_list['page-diagnostics-traceroute']['match'][] = "diag_traceroute.php*"; +$priv_list['page-firewall-easyrule'] = array(); +$priv_list['page-firewall-easyrule']['name'] = gettext("WebCfg - Firewall: Easy Rule add/status"); +$priv_list['page-firewall-easyrule']['descr'] = gettext("Allow access to the 'Firewall: Easy Rule' add/status page."); +$priv_list['page-firewall-easyrule']['match'] = array(); +$priv_list['page-firewall-easyrule']['match'][] = "easyrule.php*"; + $priv_list['page-diagnostics-edit'] = array(); -$priv_list['page-diagnostics-edit']['name'] = gettext("WebCfg - Diagnostics: Edit FIle"); +$priv_list['page-diagnostics-edit']['name'] = gettext("WebCfg - Diagnostics: Edit File"); $priv_list['page-diagnostics-edit']['descr'] = gettext("Allow access to the 'Diagnostics: Edit File' page."); $priv_list['page-diagnostics-edit']['match'] = array(); $priv_list['page-diagnostics-edit']['match'][] = "edit.php*"; @@ -309,139 +262,133 @@ $priv_list['page-diagnostics-edit']['match'][] = "browser.php*"; $priv_list['page-diagnostics-edit']['match'][] = "filebrowser/browser.php*"; $priv_list['page-diagnostics-command'] = array(); -$priv_list['page-diagnostics-command']['name'] = gettext("WebCfg - Diagnostics: Command page"); +$priv_list['page-diagnostics-command']['name'] = gettext("WebCfg - Diagnostics: Command"); $priv_list['page-diagnostics-command']['descr'] = gettext("Allow access to the 'Diagnostics: Command' page."); $priv_list['page-diagnostics-command']['match'] = array(); $priv_list['page-diagnostics-command']['match'][] = "exec.php*"; $priv_list['page-firewall-aliases'] = array(); -$priv_list['page-firewall-aliases']['name'] = gettext("WebCfg - Firewall: Aliases page"); +$priv_list['page-firewall-aliases']['name'] = gettext("WebCfg - Firewall: Aliases"); $priv_list['page-firewall-aliases']['descr'] = gettext("Allow access to the 'Firewall: Aliases' page."); $priv_list['page-firewall-aliases']['match'] = array(); $priv_list['page-firewall-aliases']['match'][] = "firewall_aliases.php*"; $priv_list['page-firewall-alias-edit'] = array(); -$priv_list['page-firewall-alias-edit']['name'] = gettext("WebCfg - Firewall: Alias: Edit page"); +$priv_list['page-firewall-alias-edit']['name'] = gettext("WebCfg - Firewall: Alias: Edit"); $priv_list['page-firewall-alias-edit']['descr'] = gettext("Allow access to the 'Firewall: Alias: Edit' page."); $priv_list['page-firewall-alias-edit']['match'] = array(); $priv_list['page-firewall-alias-edit']['match'][] = "firewall_aliases_edit.php*"; $priv_list['page-firewall-alias-import'] = array(); -$priv_list['page-firewall-alias-import']['name'] = gettext("WebCfg - Firewall: Alias: Import page"); +$priv_list['page-firewall-alias-import']['name'] = gettext("WebCfg - Firewall: Alias: Import"); $priv_list['page-firewall-alias-import']['descr'] = gettext("Allow access to the 'Firewall: Alias: Import' page."); $priv_list['page-firewall-alias-import']['match'] = array(); $priv_list['page-firewall-alias-import']['match'][] = "firewall_aliases_import.php*"; -$priv_list['page-firewall-nat-npt'] = array(); -$priv_list['page-firewall-nat-npt']['name'] = gettext("Webcfg - Firewall: NAT: NPT page"); -$priv_list['page-firewall-nat-npt']['descr'] = gettext("Allow access to the 'Firewall: NAT: NPT' page."); -$priv_list['page-firewall-nat-npt']['match'] = array(); -$priv_list['page-firewall-nat-npt']['match'][] = "firewall_nat_npt.php*"; - -$priv_list['page-firewall-nat-npt-edit'] = array(); -$priv_list['page-firewall-nat-npt-edit']['name'] = gettext("Webcfg - Firewall: NAT: NPt: Edit page"); -$priv_list['page-firewall-nat-npt-edit']['descr'] = gettext("Allow access to the 'Firewall: NAT: NPt: Edit' page."); -$priv_list['page-firewall-nat-npt-edit']['match'] = array(); -$priv_list['page-firewall-nat-npt-edit']['match'][] = "firewall_nat_npt_edit.php*"; - $priv_list['page-firewall-nat-portforward'] = array(); -$priv_list['page-firewall-nat-portforward']['name'] = gettext("WebCfg - Firewall: NAT: Port Forward page"); +$priv_list['page-firewall-nat-portforward']['name'] = gettext("WebCfg - Firewall: NAT: Port Forward"); $priv_list['page-firewall-nat-portforward']['descr'] = gettext("Allow access to the 'Firewall: NAT: Port Forward' page."); $priv_list['page-firewall-nat-portforward']['match'] = array(); $priv_list['page-firewall-nat-portforward']['match'][] = "firewall_nat.php*"; $priv_list['page-firewall-nat-1-1'] = array(); -$priv_list['page-firewall-nat-1-1']['name'] = gettext("WebCfg - Firewall: NAT: 1:1 page"); +$priv_list['page-firewall-nat-1-1']['name'] = gettext("WebCfg - Firewall: NAT: 1:1"); $priv_list['page-firewall-nat-1-1']['descr'] = gettext("Allow access to the 'Firewall: NAT: 1:1' page."); $priv_list['page-firewall-nat-1-1']['match'] = array(); $priv_list['page-firewall-nat-1-1']['match'][] = "firewall_nat_1to1.php*"; $priv_list['page-firewall-nat-1-1-edit'] = array(); -$priv_list['page-firewall-nat-1-1-edit']['name'] = gettext("WebCfg - Firewall: NAT: 1:1: Edit page"); +$priv_list['page-firewall-nat-1-1-edit']['name'] = gettext("WebCfg - Firewall: NAT: 1:1: Edit"); $priv_list['page-firewall-nat-1-1-edit']['descr'] = gettext("Allow access to the 'Firewall: NAT: 1:1: Edit' page."); $priv_list['page-firewall-nat-1-1-edit']['match'] = array(); $priv_list['page-firewall-nat-1-1-edit']['match'][] = "firewall_nat_1to1_edit.php*"; $priv_list['page-firewall-nat-portforward-edit'] = array(); -$priv_list['page-firewall-nat-portforward-edit']['name'] = gettext("WebCfg - Firewall: NAT: Port Forward: Edit page"); +$priv_list['page-firewall-nat-portforward-edit']['name'] = gettext("WebCfg - Firewall: NAT: Port Forward: Edit"); $priv_list['page-firewall-nat-portforward-edit']['descr'] = gettext("Allow access to the 'Firewall: NAT: Port Forward: Edit' page."); $priv_list['page-firewall-nat-portforward-edit']['match'] = array(); $priv_list['page-firewall-nat-portforward-edit']['match'][] = "firewall_nat_edit.php*"; +$priv_list['page-firewall-nat-npt'] = array(); +$priv_list['page-firewall-nat-npt']['name'] = gettext("WebCfg - Firewall: NAT: NPt"); +$priv_list['page-firewall-nat-npt']['descr'] = gettext("Allow access to the 'Firewall: NAT: NPt' page."); +$priv_list['page-firewall-nat-npt']['match'] = array(); +$priv_list['page-firewall-nat-npt']['match'][] = "firewall_nat_npt.php*"; + +$priv_list['page-firewall-nat-npt-edit'] = array(); +$priv_list['page-firewall-nat-npt-edit']['name'] = gettext("WebCfg - Firewall: NAT: NPt: Edit"); +$priv_list['page-firewall-nat-npt-edit']['descr'] = gettext("Allow access to the 'Firewall: NAT: NPt: Edit' page."); +$priv_list['page-firewall-nat-npt-edit']['match'] = array(); +$priv_list['page-firewall-nat-npt-edit']['match'][] = "firewall_nat_npt_edit.php*"; + $priv_list['page-firewall-nat-outbound'] = array(); -$priv_list['page-firewall-nat-outbound']['name'] = gettext("WebCfg - Firewall: NAT: Outbound page"); +$priv_list['page-firewall-nat-outbound']['name'] = gettext("WebCfg - Firewall: NAT: Outbound"); $priv_list['page-firewall-nat-outbound']['descr'] = gettext("Allow access to the 'Firewall: NAT: Outbound' page."); $priv_list['page-firewall-nat-outbound']['match'] = array(); $priv_list['page-firewall-nat-outbound']['match'][] = "firewall_nat_out.php*"; $priv_list['page-firewall-nat-outbound-edit'] = array(); -$priv_list['page-firewall-nat-outbound-edit']['name'] = gettext("WebCfg - Firewall: NAT: Outbound: Edit page"); +$priv_list['page-firewall-nat-outbound-edit']['name'] = gettext("WebCfg - Firewall: NAT: Outbound: Edit"); $priv_list['page-firewall-nat-outbound-edit']['descr'] = gettext("Allow access to the 'Firewall: NAT: Outbound: Edit' page."); $priv_list['page-firewall-nat-outbound-edit']['match'] = array(); $priv_list['page-firewall-nat-outbound-edit']['match'][] = "firewall_nat_out_edit.php*"; $priv_list['page-firewall-rules'] = array(); -$priv_list['page-firewall-rules']['name'] = gettext("WebCfg - Firewall: Rules page"); +$priv_list['page-firewall-rules']['name'] = gettext("WebCfg - Firewall: Rules"); $priv_list['page-firewall-rules']['descr'] = gettext("Allow access to the 'Firewall: Rules' page."); $priv_list['page-firewall-rules']['match'] = array(); $priv_list['page-firewall-rules']['match'][] = "firewall_rules.php*"; $priv_list['page-firewall-rules-edit'] = array(); -$priv_list['page-firewall-rules-edit']['name'] = gettext("WebCfg - Firewall: Rules: Edit page"); +$priv_list['page-firewall-rules-edit']['name'] = gettext("WebCfg - Firewall: Rules: Edit"); $priv_list['page-firewall-rules-edit']['descr'] = gettext("Allow access to the 'Firewall: Rules: Edit' page."); $priv_list['page-firewall-rules-edit']['match'] = array(); $priv_list['page-firewall-rules-edit']['match'][] = "firewall_rules_edit.php*"; $priv_list['page-firewall-schedules'] = array(); -$priv_list['page-firewall-schedules']['name'] = gettext("WebCfg - Firewall: Schedules page"); +$priv_list['page-firewall-schedules']['name'] = gettext("WebCfg - Firewall: Schedules"); $priv_list['page-firewall-schedules']['descr'] = gettext("Allow access to the 'Firewall: Schedules' page."); $priv_list['page-firewall-schedules']['match'] = array(); $priv_list['page-firewall-schedules']['match'][] = "firewall_schedule.php*"; $priv_list['page-firewall-schedules-edit'] = array(); -$priv_list['page-firewall-schedules-edit']['name'] = gettext("WebCfg - Firewall: Schedules: Edit page"); +$priv_list['page-firewall-schedules-edit']['name'] = gettext("WebCfg - Firewall: Schedules: Edit"); $priv_list['page-firewall-schedules-edit']['descr'] = gettext("Allow access to the 'Firewall: Schedules: Edit' page."); $priv_list['page-firewall-schedules-edit']['match'] = array(); $priv_list['page-firewall-schedules-edit']['match'][] = "firewall_schedule_edit.php*"; $priv_list['page-firewall-trafficshaper'] = array(); -$priv_list['page-firewall-trafficshaper']['name'] = gettext("WebCfg - Firewall: Traffic Shaper page"); +$priv_list['page-firewall-trafficshaper']['name'] = gettext("WebCfg - Firewall: Traffic Shaper"); $priv_list['page-firewall-trafficshaper']['descr'] = gettext("Allow access to the 'Firewall: Traffic Shaper' page."); $priv_list['page-firewall-trafficshaper']['match'] = array(); $priv_list['page-firewall-trafficshaper']['match'][] = "firewall_shaper.php*"; -$priv_list['page-firewall-trafficshaper-layer7'] = array(); -$priv_list['page-firewall-trafficshaper-layer7']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Layer7 page"); -$priv_list['page-firewall-trafficshaper-layer7']['descr'] = gettext("Allow access to the 'Firewall: Traffic Shaper: Layer7' page."); -$priv_list['page-firewall-trafficshaper-layer7']['match'] = array(); -$priv_list['page-firewall-trafficshaper-layer7']['match'][] = "firewall_shaper_layer7.php*"; - $priv_list['page-firewall-trafficshaper-queues'] = array(); -$priv_list['page-firewall-trafficshaper-queues']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Queues page"); +$priv_list['page-firewall-trafficshaper-queues']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Queues"); $priv_list['page-firewall-trafficshaper-queues']['descr'] = gettext("Allow access to the 'Firewall: Traffic Shaper: Queues' page."); $priv_list['page-firewall-trafficshaper-queues']['match'] = array(); $priv_list['page-firewall-trafficshaper-queues']['match'][] = "firewall_shaper_queues.php*"; $priv_list['page-firewall-trafficshaper-limiter'] = array(); -$priv_list['page-firewall-trafficshaper-limiter']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Limiter page"); +$priv_list['page-firewall-trafficshaper-limiter']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Limiter"); $priv_list['page-firewall-trafficshaper-limiter']['descr'] = gettext("Allow access to the 'Firewall: Traffic Shaper: Limiter' page."); $priv_list['page-firewall-trafficshaper-limiter']['match'] = array(); $priv_list['page-firewall-trafficshaper-limiter']['match'][] = "firewall_shaper_vinterface.php*"; $priv_list['page-firewall-trafficshaper-wizard'] = array(); -$priv_list['page-firewall-trafficshaper-wizard']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Wizard page"); +$priv_list['page-firewall-trafficshaper-wizard']['name'] = gettext("WebCfg - Firewall: Traffic Shaper: Wizard"); $priv_list['page-firewall-trafficshaper-wizard']['descr'] = gettext("Allow access to the 'Firewall: Traffic Shaper: Wizard' page."); $priv_list['page-firewall-trafficshaper-wizard']['match'] = array(); $priv_list['page-firewall-trafficshaper-wizard']['match'][] = "firewall_shaper_wizards.php*"; $priv_list['page-firewall-virtualipaddresses'] = array(); -$priv_list['page-firewall-virtualipaddresses']['name'] = gettext("WebCfg - Firewall: Virtual IP Addresses page"); +$priv_list['page-firewall-virtualipaddresses']['name'] = gettext("WebCfg - Firewall: Virtual IP Addresses"); $priv_list['page-firewall-virtualipaddresses']['descr'] = gettext("Allow access to the 'Firewall: Virtual IP Addresses' page."); $priv_list['page-firewall-virtualipaddresses']['match'] = array(); $priv_list['page-firewall-virtualipaddresses']['match'][] = "firewall_virtual_ip.php*"; $priv_list['page-firewall-virtualipaddress-edit'] = array(); -$priv_list['page-firewall-virtualipaddress-edit']['name'] = gettext("WebCfg - Firewall: Virtual IP Address: Edit page"); +$priv_list['page-firewall-virtualipaddress-edit']['name'] = gettext("WebCfg - Firewall: Virtual IP Address: Edit"); $priv_list['page-firewall-virtualipaddress-edit']['descr'] = gettext("Allow access to the 'Firewall: Virtual IP Address: Edit' page."); $priv_list['page-firewall-virtualipaddress-edit']['match'] = array(); $priv_list['page-firewall-virtualipaddress-edit']['match'][] = "firewall_virtual_ip_edit.php*"; @@ -459,565 +406,548 @@ $priv_list['page-getstats']['match'] = array(); $priv_list['page-getstats']['match'][] = "getstats.php*"; $priv_list['page-diagnostics-interfacetraffic'] = array(); -$priv_list['page-diagnostics-interfacetraffic']['name'] = gettext("WebCfg - Diagnostics: Interface Traffic page"); +$priv_list['page-diagnostics-interfacetraffic']['name'] = gettext("WebCfg - Diagnostics: Interface Traffic"); $priv_list['page-diagnostics-interfacetraffic']['descr'] = gettext("Allow access to the 'Diagnostics: Interface Traffic' page."); $priv_list['page-diagnostics-interfacetraffic']['match'] = array(); $priv_list['page-diagnostics-interfacetraffic']['match'][] = "graph.php*"; $priv_list['page-diagnostics-cpuutilization'] = array(); -$priv_list['page-diagnostics-cpuutilization']['name'] = gettext("WebCfg - Diagnostics: CPU Utilization page"); +$priv_list['page-diagnostics-cpuutilization']['name'] = gettext("WebCfg - Diagnostics: CPU Utilization"); $priv_list['page-diagnostics-cpuutilization']['descr'] = gettext("Allow access to the 'Diagnostics: CPU Utilization' page."); $priv_list['page-diagnostics-cpuutilization']['match'] = array(); $priv_list['page-diagnostics-cpuutilization']['match'][] = "graph_cpu.php*"; +$priv_list['page-diagnostics-cpuutilization']['match'][] = "stats.php*"; $priv_list['page-diagnostics-haltsystem'] = array(); -$priv_list['page-diagnostics-haltsystem']['name'] = gettext("WebCfg - Diagnostics: Halt system page"); +$priv_list['page-diagnostics-haltsystem']['name'] = gettext("WebCfg - Diagnostics: Halt system"); $priv_list['page-diagnostics-haltsystem']['descr'] = gettext("Allow access to the 'Diagnostics: Halt system' page."); $priv_list['page-diagnostics-haltsystem']['match'] = array(); -$priv_list['page-diagnostics-haltsystem']['match'][] = "halt.php*"; - -$priv_list['page-requiredforjavascript'] = array(); -$priv_list['page-requiredforjavascript']['name'] = gettext("WebCfg - Required for javascript page"); -$priv_list['page-requiredforjavascript']['descr'] = gettext("Allow access to the 'Required for javascript' page."); -$priv_list['page-requiredforjavascript']['match'] = array(); -$priv_list['page-requiredforjavascript']['match'][] = "headjs.php*"; +$priv_list['page-diagnostics-haltsystem']['match'][] = "diag_halt.php*"; $priv_list['page-xmlrpcinterfacestats'] = array(); -$priv_list['page-xmlrpcinterfacestats']['name'] = gettext("WebCfg - XMLRPC Interface Stats page"); +$priv_list['page-xmlrpcinterfacestats']['name'] = gettext("WebCfg - XMLRPC Interface Stats"); $priv_list['page-xmlrpcinterfacestats']['descr'] = gettext("Allow access to the 'XMLRPC Interface Stats' page."); $priv_list['page-xmlrpcinterfacestats']['match'] = array(); $priv_list['page-xmlrpcinterfacestats']['match'][] = "ifstats.php*"; $priv_list['page-system-login/logout'] = array(); -$priv_list['page-system-login/logout']['name'] = gettext("WebCfg - System: Login / Logout page / Dashboard"); +$priv_list['page-system-login/logout']['name'] = gettext("WebCfg - System: Login / Logout / Dashboard"); $priv_list['page-system-login/logout']['descr'] = gettext("Allow access to the 'System: Login / Logout' page and Dashboard."); $priv_list['page-system-login/logout']['match'] = array(); $priv_list['page-system-login/logout']['match'][] = "index.php*"; $priv_list['page-interfaces'] = array(); -$priv_list['page-interfaces']['name'] = gettext("WebCfg - Interfaces: WAN page"); +$priv_list['page-interfaces']['name'] = gettext("WebCfg - Interfaces: WAN"); $priv_list['page-interfaces']['descr'] = gettext("Allow access to the 'Interfaces' page."); $priv_list['page-interfaces']['match'] = array(); $priv_list['page-interfaces']['match'][] = "interfaces.php*"; $priv_list['page-interfaces-assignnetworkports'] = array(); -$priv_list['page-interfaces-assignnetworkports']['name'] = gettext("WebCfg - Interfaces: Assign network ports page"); +$priv_list['page-interfaces-assignnetworkports']['name'] = gettext("WebCfg - Interfaces: Assign network ports"); $priv_list['page-interfaces-assignnetworkports']['descr'] = gettext("Allow access to the 'Interfaces: Assign network ports' page."); $priv_list['page-interfaces-assignnetworkports']['match'] = array(); $priv_list['page-interfaces-assignnetworkports']['match'][] = "interfaces_assign.php*"; $priv_list['page-interfaces-bridge'] = array(); -$priv_list['page-interfaces-bridge']['name'] = gettext("WebCfg - Interfaces: Bridge page"); +$priv_list['page-interfaces-bridge']['name'] = gettext("WebCfg - Interfaces: Bridge"); $priv_list['page-interfaces-bridge']['descr'] = gettext("Allow access to the 'Interfaces: Bridge' page."); $priv_list['page-interfaces-bridge']['match'] = array(); $priv_list['page-interfaces-bridge']['match'][] = "interfaces_bridge.php*"; $priv_list['page-interfaces-bridge-edit'] = array(); -$priv_list['page-interfaces-bridge-edit']['name'] = gettext("WebCfg - Interfaces: Bridge edit page"); +$priv_list['page-interfaces-bridge-edit']['name'] = gettext("WebCfg - Interfaces: Bridge edit"); $priv_list['page-interfaces-bridge-edit']['descr'] = gettext("Allow access to the 'Interfaces: Bridge : Edit' page."); $priv_list['page-interfaces-bridge-edit']['match'] = array(); $priv_list['page-interfaces-bridge-edit']['match'][] = "interfaces_bridge_edit.php*"; $priv_list['page-interfaces-gif'] = array(); -$priv_list['page-interfaces-gif']['name'] = gettext("WebCfg - Interfaces: GIF page"); +$priv_list['page-interfaces-gif']['name'] = gettext("WebCfg - Interfaces: GIF"); $priv_list['page-interfaces-gif']['descr'] = gettext("Allow access to the 'Interfaces: GIF' page."); $priv_list['page-interfaces-gif']['match'] = array(); $priv_list['page-interfaces-gif']['match'][] = "interfaces_gif.php*"; $priv_list['page-interfaces-gif-edit'] = array(); -$priv_list['page-interfaces-gif-edit']['name'] = gettext("WebCfg - Interfaces: GIF: Edit page"); +$priv_list['page-interfaces-gif-edit']['name'] = gettext("WebCfg - Interfaces: GIF: Edit"); $priv_list['page-interfaces-gif-edit']['descr'] = gettext("Allow access to the 'Interfaces: GIF: Edit' page."); $priv_list['page-interfaces-gif-edit']['match'] = array(); $priv_list['page-interfaces-gif-edit']['match'][] = "interfaces_gif_edit.php*"; $priv_list['page-interfaces-gre'] = array(); -$priv_list['page-interfaces-gre']['name'] = gettext("WebCfg - Interfaces: GRE page"); +$priv_list['page-interfaces-gre']['name'] = gettext("WebCfg - Interfaces: GRE"); $priv_list['page-interfaces-gre']['descr'] = gettext("Allow access to the 'Interfaces: GRE' page."); $priv_list['page-interfaces-gre']['match'] = array(); $priv_list['page-interfaces-gre']['match'][] = "interfaces_gre.php*"; $priv_list['page-interfaces-gre-edit'] = array(); -$priv_list['page-interfaces-gre-edit']['name'] = gettext("WebCfg - Interfaces: GRE: Edit page"); +$priv_list['page-interfaces-gre-edit']['name'] = gettext("WebCfg - Interfaces: GRE: Edit"); $priv_list['page-interfaces-gre-edit']['descr'] = gettext("Allow access to the 'Interfaces: GRE: Edit' page."); $priv_list['page-interfaces-gre-edit']['match'] = array(); $priv_list['page-interfaces-gre-edit']['match'][] = "interfaces_gre_edit.php*"; $priv_list['page-interfaces-groups'] = array(); -$priv_list['page-interfaces-groups']['name'] = gettext("WebCfg - Interfaces: Groups page"); +$priv_list['page-interfaces-groups']['name'] = gettext("WebCfg - Interfaces: Groups"); $priv_list['page-interfaces-groups']['descr'] = gettext("Create interface groups"); $priv_list['page-interfaces-groups']['match'] = array(); $priv_list['page-interfaces-groups']['match'][] = "interfaces_groups.php*"; $priv_list['page-interfaces-groups-edit'] = array(); -$priv_list['page-interfaces-groups-edit']['name'] = gettext("Interfaces: Groups: Edit page"); +$priv_list['page-interfaces-groups-edit']['name'] = gettext("WebCfg - Interfaces: Groups: Edit"); $priv_list['page-interfaces-groups-edit']['descr'] = gettext("Allow access to the 'Interfaces: Groups: Edit' page."); $priv_list['page-interfaces-groups-edit']['match'] = array(); $priv_list['page-interfaces-groups-edit']['match'][] = "interfaces_groups_edit.php*"; $priv_list['page-interfaces-lagg'] = array(); -$priv_list['page-interfaces-lagg']['name'] = gettext("WebCfg - Interfaces: LAGG: page"); -$priv_list['page-interfaces-lagg']['descr'] = gettext("Edit Interface LAGG"); +$priv_list['page-interfaces-lagg']['name'] = gettext("WebCfg - Interfaces: LAGG:"); +$priv_list['page-interfaces-lagg']['descr'] = gettext("Allow access to the 'Interfaces: LAGG' page."); $priv_list['page-interfaces-lagg']['match'] = array(); $priv_list['page-interfaces-lagg']['match'][] = "interfaces_lagg.php*"; $priv_list['page-interfaces-lagg-edit'] = array(); -$priv_list['page-interfaces-lagg-edit']['name'] = gettext("Interfaces: LAGG: Edit page"); +$priv_list['page-interfaces-lagg-edit']['name'] = gettext("WebCfg - Interfaces: LAGG: Edit"); $priv_list['page-interfaces-lagg-edit']['descr'] = gettext("Allow access to the 'Interfaces: LAGG: Edit' page."); $priv_list['page-interfaces-lagg-edit']['match'] = array(); $priv_list['page-interfaces-lagg-edit']['match'][] = "interfaces_lagg_edit.php*"; $priv_list['page-interfaces-ppps'] = array(); -$priv_list['page-interfaces-ppps']['name'] = gettext("WebCfg - Interfaces: ppps page"); -$priv_list['page-interfaces-ppps']['descr'] = gettext("Allow access to the 'Interfaces: ppps' page."); +$priv_list['page-interfaces-ppps']['name'] = gettext("WebCfg - Interfaces: PPPs"); +$priv_list['page-interfaces-ppps']['descr'] = gettext("Allow access to the 'Interfaces: PPPs' page."); $priv_list['page-interfaces-ppps']['match'] = array(); $priv_list['page-interfaces-ppps']['match'][] = "interfaces_ppps.php*"; $priv_list['page-interfaces-ppps-edit'] = array(); -$priv_list['page-interfaces-ppps-edit']['name'] = gettext("WebCfg - Interfaces: PPPs: Edit page"); +$priv_list['page-interfaces-ppps-edit']['name'] = gettext("WebCfg - Interfaces: PPPs: Edit"); $priv_list['page-interfaces-ppps-edit']['descr'] = gettext("Allow access to the 'Interfaces: PPPs: Edit' page."); $priv_list['page-interfaces-ppps-edit']['match'] = array(); $priv_list['page-interfaces-ppps-edit']['match'][] = "interfaces_ppps_edit.php*"; $priv_list['page-interfaces-qinq'] = array(); -$priv_list['page-interfaces-qinq']['name'] = gettext("WebCfg - Interfaces: QinQ page"); +$priv_list['page-interfaces-qinq']['name'] = gettext("WebCfg - Interfaces: QinQ"); $priv_list['page-interfaces-qinq']['descr'] = gettext("Allow access to the 'Interfaces: QinQ' page."); $priv_list['page-interfaces-qinq']['match'] = array(); $priv_list['page-interfaces-qinq']['match'][] = "interfaces_qinq.php*"; $priv_list['page-interfaces-qinq-edit'] = array(); -$priv_list['page-interfaces-qinq-edit']['name'] = gettext("Interfaces: QinQ: Edit page"); +$priv_list['page-interfaces-qinq-edit']['name'] = gettext("WebCfg - Interfaces: QinQ: Edit"); $priv_list['page-interfaces-qinq-edit']['descr'] = gettext("Allow access to 'Interfaces: QinQ: Edit' page"); $priv_list['page-interfaces-qinq-edit']['match'] = array(); $priv_list['page-interfaces-qinq-edit']['match'][] = "interfaces_qinq_edit.php*"; $priv_list['page-interfaces-vlan'] = array(); -$priv_list['page-interfaces-vlan']['name'] = gettext("WebCfg - Interfaces: VLAN page"); +$priv_list['page-interfaces-vlan']['name'] = gettext("WebCfg - Interfaces: VLAN"); $priv_list['page-interfaces-vlan']['descr'] = gettext("Allow access to the 'Interfaces: VLAN' page."); $priv_list['page-interfaces-vlan']['match'] = array(); $priv_list['page-interfaces-vlan']['match'][] = "interfaces_vlan.php*"; $priv_list['page-interfaces-vlan-edit'] = array(); -$priv_list['page-interfaces-vlan-edit']['name'] = gettext("WebCfg - Interfaces: VLAN: Edit page"); +$priv_list['page-interfaces-vlan-edit']['name'] = gettext("WebCfg - Interfaces: VLAN: Edit"); $priv_list['page-interfaces-vlan-edit']['descr'] = gettext("Allow access to the 'Interfaces: VLAN: Edit' page."); $priv_list['page-interfaces-vlan-edit']['match'] = array(); $priv_list['page-interfaces-vlan-edit']['match'][] = "interfaces_vlan_edit.php*"; $priv_list['page-interfaces-wireless'] = array(); -$priv_list['page-interfaces-wireless']['name'] = gettext("WebCfg - Interfaces: Wireless page"); +$priv_list['page-interfaces-wireless']['name'] = gettext("WebCfg - Interfaces: Wireless"); $priv_list['page-interfaces-wireless']['descr'] = gettext("Allow access to the 'Interfaces: Wireless' page."); $priv_list['page-interfaces-wireless']['match'] = array(); $priv_list['page-interfaces-wireless']['match'][] = "interfaces_wireless.php*"; $priv_list['page-interfaces-wireless-edit'] = array(); -$priv_list['page-interfaces-wireless-edit']['name'] = gettext("WebCfg - Interfaces: Wireless edit page"); -$priv_list['page-interfaces-wireless-edit']['descr'] = gettext("Allow access to the 'Interfaces: Wireless : Edit' page."); +$priv_list['page-interfaces-wireless-edit']['name'] = gettext("WebCfg - Interfaces: Wireless: Edit"); +$priv_list['page-interfaces-wireless-edit']['descr'] = gettext("Allow access to the 'Interfaces: Wireless: Edit' page."); $priv_list['page-interfaces-wireless-edit']['match'] = array(); $priv_list['page-interfaces-wireless-edit']['match'][] = "interfaces_wireless_edit.php*"; $priv_list['page-system-license'] = array(); -$priv_list['page-system-license']['name'] = gettext("WebCfg - System: License page"); +$priv_list['page-system-license']['name'] = gettext("WebCfg - System: License"); $priv_list['page-system-license']['descr'] = gettext("Allow access to the 'System: License' page."); $priv_list['page-system-license']['match'] = array(); $priv_list['page-system-license']['match'][] = "license.php*"; $priv_list['page-services-loadbalancer-monitor'] = array(); -$priv_list['page-services-loadbalancer-monitor']['name'] = gettext("WebCfg - Services: Load Balancer: Monitors page"); +$priv_list['page-services-loadbalancer-monitor']['name'] = gettext("WebCfg - Services: Load Balancer: Monitors"); $priv_list['page-services-loadbalancer-monitor']['descr'] = gettext("Allow access to the 'Services: Load Balancer: Monitors' page."); $priv_list['page-services-loadbalancer-monitor']['match'] = array(); $priv_list['page-services-loadbalancer-monitor']['match'][] = "load_balancer_monitor.php*"; $priv_list['page-services-loadbalancer-monitor-edit'] = array(); -$priv_list['page-services-loadbalancer-monitor-edit']['name'] = gettext("WebCfg - Services: Load Balancer: Monitor: Edit page"); +$priv_list['page-services-loadbalancer-monitor-edit']['name'] = gettext("WebCfg - Services: Load Balancer: Monitor: Edit"); $priv_list['page-services-loadbalancer-monitor-edit']['descr'] = gettext("Allow access to the 'Services: Load Balancer: Monitor: Edit' page."); $priv_list['page-services-loadbalancer-monitor-edit']['match'] = array(); $priv_list['page-services-loadbalancer-monitor-edit']['match'][] = "load_balancer_monitor_edit.php*"; $priv_list['page-loadbalancer-pool'] = array(); -$priv_list['page-loadbalancer-pool']['name'] = gettext("WebCfg - Load Balancer: Pool page"); +$priv_list['page-loadbalancer-pool']['name'] = gettext("WebCfg - Load Balancer: Pool"); $priv_list['page-loadbalancer-pool']['descr'] = gettext("Allow access to the 'Load Balancer: Pool' page."); $priv_list['page-loadbalancer-pool']['match'] = array(); $priv_list['page-loadbalancer-pool']['match'][] = "load_balancer_pool.php*"; $priv_list['page-loadbalancer-pool-edit'] = array(); -$priv_list['page-loadbalancer-pool-edit']['name'] = gettext("WebCfg - Load Balancer: Pool: Edit page"); +$priv_list['page-loadbalancer-pool-edit']['name'] = gettext("WebCfg - Load Balancer: Pool: Edit"); $priv_list['page-loadbalancer-pool-edit']['descr'] = gettext("Allow access to the 'Load Balancer: Pool: Edit' page."); $priv_list['page-loadbalancer-pool-edit']['match'] = array(); $priv_list['page-loadbalancer-pool-edit']['match'][] = "load_balancer_pool_edit.php*"; $priv_list['page-services-loadbalancer-setting'] = array(); -$priv_list['page-services-loadbalancer-setting']['name'] = gettext("Webcfg - Services: Load Balancer: setting page"); +$priv_list['page-services-loadbalancer-setting']['name'] = gettext("WebCfg - Services: Load Balancer: Settings"); $priv_list['page-services-loadbalancer-setting']['descr'] = gettext("Allow access to the 'Settings: Load Balancer: Settings' page."); $priv_list['page-services-loadbalancer-setting']['match'] = array(); $priv_list['page-services-loadbalancer-setting']['match'][] = "load_balancer_setting.php*"; $priv_list['page-services-loadbalancer-virtualservers'] = array(); -$priv_list['page-services-loadbalancer-virtualservers']['name'] = gettext("WebCfg - Services: Load Balancer: Virtual Servers page"); +$priv_list['page-services-loadbalancer-virtualservers']['name'] = gettext("WebCfg - Services: Load Balancer: Virtual Servers"); $priv_list['page-services-loadbalancer-virtualservers']['descr'] = gettext("Allow access to the 'Services: Load Balancer: Virtual Servers' page."); $priv_list['page-services-loadbalancer-virtualservers']['match'] = array(); $priv_list['page-services-loadbalancer-virtualservers']['match'][] = "load_balancer_virtual_server.php*"; -$priv_list['page-services-ntpd'] = array(); -$priv_list['page-services-ntpd']['name'] = gettext("Webcfg - Services: NTP"); -$priv_list['page-services-ntpd']['descr'] = gettext("Allow access to the 'Services: NTP' page."); -$priv_list['page-services-ntpd']['match'] = array(); -$priv_list['page-services-ntpd']['match'][] = "services_ntpd.php*"; - -$priv_list['page-services-ntp-gps'] = array(); -$priv_list['page-services-ntp-gps']['name'] = gettext("Webcfg - Status: NTP GPS page"); -$priv_list['page-services-ntp-gps']['descr'] = gettext("Allow access to the 'Status: NTP Serial GPS' page."); -$priv_list['page-services-ntp-gps']['match'] = array(); -$priv_list['page-services-ntp-gps']['match'][] = "status_ntpd_gps.php*"; - -$priv_list['page-services-ntp-pps'] = array(); -$priv_list['page-services-ntp-pps']['name'] = gettext("Webcfg - Status: NTP PPS page"); -$priv_list['page-services-ntp-pps']['descr'] = gettext("Allow access to the 'Status: NTP PPS' page."); -$priv_list['page-services-ntp-pps']['match'] = array(); -$priv_list['page-services-ntp-pps']['match'][] = "status_ntpd_pps.php*"; - $priv_list['page-loadbalancer-virtualserver-edit'] = array(); -$priv_list['page-loadbalancer-virtualserver-edit']['name'] = gettext("WebCfg - Load Balancer: Virtual Server: Edit page"); +$priv_list['page-loadbalancer-virtualserver-edit']['name'] = gettext("WebCfg - Load Balancer: Virtual Server: Edit"); $priv_list['page-loadbalancer-virtualserver-edit']['descr'] = gettext("Allow access to the 'Load Balancer: Virtual Server: Edit' page."); $priv_list['page-loadbalancer-virtualserver-edit']['match'] = array(); $priv_list['page-loadbalancer-virtualserver-edit']['match'][] = "load_balancer_virtual_server_edit.php*"; $priv_list['page-package-settings'] = array(); -$priv_list['page-package-settings']['name'] = gettext("WebCfg - Package: Settings page"); +$priv_list['page-package-settings']['name'] = gettext("WebCfg - Package: Settings"); $priv_list['page-package-settings']['descr'] = gettext("Allow access to the 'Package: Settings' page."); $priv_list['page-package-settings']['match'] = array(); $priv_list['page-package-settings']['match'][] = "pkg.php*"; $priv_list['page-package-edit'] = array(); -$priv_list['page-package-edit']['name'] = gettext("WebCfg - Package: Edit page"); +$priv_list['page-package-edit']['name'] = gettext("WebCfg - Package: Edit"); $priv_list['page-package-edit']['descr'] = gettext("Allow access to the 'Package: Edit' page."); $priv_list['page-package-edit']['match'] = array(); $priv_list['page-package-edit']['match'][] = "pkg_edit.php*"; $priv_list['page-system-packagemanager'] = array(); -$priv_list['page-system-packagemanager']['name'] = gettext("WebCfg - System: Package Manager page"); +$priv_list['page-system-packagemanager']['name'] = gettext("WebCfg - System: Package Manager"); $priv_list['page-system-packagemanager']['descr'] = gettext("Allow access to the 'System: Package Manager' page."); $priv_list['page-system-packagemanager']['match'] = array(); $priv_list['page-system-packagemanager']['match'][] = "pkg_mgr.php*"; $priv_list['page-system-packagemanager-installpackage'] = array(); -$priv_list['page-system-packagemanager-installpackage']['name'] = gettext("WebCfg - System: Package Manager: Install Package page"); +$priv_list['page-system-packagemanager-installpackage']['name'] = gettext("WebCfg - System: Package Manager: Install Package"); $priv_list['page-system-packagemanager-installpackage']['descr'] = gettext("Allow access to the 'System: Package Manager: Install Package' page."); $priv_list['page-system-packagemanager-installpackage']['match'] = array(); $priv_list['page-system-packagemanager-installpackage']['match'][] = "pkg_mgr_install.php*"; $priv_list['page-system-packagemanager-installed'] = array(); -$priv_list['page-system-packagemanager-installed']['name'] = gettext("WebCfg - System: Package Manager: Installed page"); +$priv_list['page-system-packagemanager-installed']['name'] = gettext("WebCfg - System: Package Manager: Installed"); $priv_list['page-system-packagemanager-installed']['descr'] = gettext("Allow access to the 'System: Package Manager: Installed' page."); $priv_list['page-system-packagemanager-installed']['match'] = array(); $priv_list['page-system-packagemanager-installed']['match'][] = "pkg_mgr_installed.php*"; -$priv_list['page-pkg-mgr-settings'] = array(); -$priv_list['page-pkg-mgr-settings']['name'] = gettext("WebCfg - Packages: Settings page"); -$priv_list['page-pkg-mgr-settings']['descr'] = gettext("Allow access to the 'Packages: Settings' page."); -$priv_list['page-pkg-mgr-settings']['match'] = array(); -$priv_list['page-pkg-mgr-settings']['match'][] = "pkg_mgr_settings.php*"; - $priv_list['page-diagnostics-rebootsystem'] = array(); -$priv_list['page-diagnostics-rebootsystem']['name'] = gettext("WebCfg - Diagnostics: Reboot System page"); +$priv_list['page-diagnostics-rebootsystem']['name'] = gettext("WebCfg - Diagnostics: Reboot System"); $priv_list['page-diagnostics-rebootsystem']['descr'] = gettext("Allow access to the 'Diagnostics: Reboot System' page."); $priv_list['page-diagnostics-rebootsystem']['match'] = array(); -$priv_list['page-diagnostics-rebootsystem']['match'][] = "reboot.php*"; +$priv_list['page-diagnostics-rebootsystem']['match'][] = "diag_reboot.php*"; $priv_list['page-diagnostics-restart-httpd'] = array(); -$priv_list['page-diagnostics-restart-httpd']['name'] = gettext("WebCfg - Diagnostics: Restart HTTPD : System page"); -$priv_list['page-diagnostics-restart-httpd']['descr'] = gettext("Allow access to the 'Diagnostics: Restart HTTPD: System' page."); +$priv_list['page-diagnostics-restart-httpd']['name'] = gettext("WebCfg - Diagnostics: Restart Web Server Daemon"); +$priv_list['page-diagnostics-restart-httpd']['descr'] = gettext("Allow access to the 'Diagnostics: Restart Web Server Daemon' page."); $priv_list['page-diagnostics-restart-httpd']['match'] = array(); $priv_list['page-diagnostics-restart-httpd']['match'][] = "restart_httpd.php*"; $priv_list['page-services-captiveportal'] = array(); -$priv_list['page-services-captiveportal']['name'] = gettext("WebCfg - Services: Captive portal page"); +$priv_list['page-services-captiveportal']['name'] = gettext("WebCfg - Services: Captive portal"); $priv_list['page-services-captiveportal']['descr'] = gettext("Allow access to the 'Services: Captive portal' page."); $priv_list['page-services-captiveportal']['match'] = array(); $priv_list['page-services-captiveportal']['match'][] = "services_captiveportal.php*"; $priv_list['page-services-captiveportal-filemanager'] = array(); -$priv_list['page-services-captiveportal-filemanager']['name'] = gettext("WebCfg - Services: Captive portal: File Manager page"); +$priv_list['page-services-captiveportal-filemanager']['name'] = gettext("WebCfg - Services: Captive portal: File Manager"); $priv_list['page-services-captiveportal-filemanager']['descr'] = gettext("Allow access to the 'Services: Captive portal: File Manager' page."); $priv_list['page-services-captiveportal-filemanager']['match'] = array(); $priv_list['page-services-captiveportal-filemanager']['match'][] = "services_captiveportal_filemanager.php*"; +$priv_list['page-services-captiveportal-allowedhostnames'] = array(); +$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed Hostnames"); +$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page."); +$priv_list['page-services-captiveportal-allowedhostnames']['match'] = array(); +$priv_list['page-services-captiveportal-allowedhostnames']['match'][] = "services_captiveportal_hostname.php*"; + +$priv_list['page-services-captiveportal-editallowedhostnames'] = array(); +$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed Hostnames"); +$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed Hostnames' page."); +$priv_list['page-services-captiveportal-editallowedhostnames']['match'] = array(); +$priv_list['page-services-captiveportal-editallowedhostnames']['match'][] = "services_captiveportal_hostname_edit.php*"; + $priv_list['page-services-captiveportal-allowedips'] = array(); -$priv_list['page-services-captiveportal-allowedips']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs page"); +$priv_list['page-services-captiveportal-allowedips']['name'] = gettext("WebCfg - Services: Captive portal: Allowed IPs"); $priv_list['page-services-captiveportal-allowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed IPs' page."); $priv_list['page-services-captiveportal-allowedips']['match'] = array(); $priv_list['page-services-captiveportal-allowedips']['match'][] = "services_captiveportal_ip.php*"; $priv_list['page-services-captiveportal-editallowedips'] = array(); -$priv_list['page-services-captiveportal-editallowedips']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs page"); +$priv_list['page-services-captiveportal-editallowedips']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed IPs"); $priv_list['page-services-captiveportal-editallowedips']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Allowed IPs' page."); $priv_list['page-services-captiveportal-editallowedips']['match'] = array(); $priv_list['page-services-captiveportal-editallowedips']['match'][] = "services_captiveportal_ip_edit.php*"; $priv_list['page-services-captiveportal-macaddresses'] = array(); -$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Mac Addresses page"); +$priv_list['page-services-captiveportal-macaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Mac Addresses"); $priv_list['page-services-captiveportal-macaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Mac Addresses' page."); $priv_list['page-services-captiveportal-macaddresses']['match'] = array(); $priv_list['page-services-captiveportal-macaddresses']['match'][] = "services_captiveportal_mac.php*"; $priv_list['page-services-captiveportal-editmacaddresses'] = array(); -$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit MAC Addresses page"); +$priv_list['page-services-captiveportal-editmacaddresses']['name'] = gettext("WebCfg - Services: Captive portal: Edit MAC Addresses"); $priv_list['page-services-captiveportal-editmacaddresses']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit MAC Addresses' page."); $priv_list['page-services-captiveportal-editmacaddresses']['match'] = array(); $priv_list['page-services-captiveportal-editmacaddresses']['match'][] = "services_captiveportal_mac_edit.php*"; -$priv_list['page-services-captiveportal-allowedhostnames'] = array(); -$priv_list['page-services-captiveportal-allowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Allowed Hostnames page"); -$priv_list['page-services-captiveportal-allowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page."); -$priv_list['page-services-captiveportal-allowedhostnames']['match'] = array(); -$priv_list['page-services-captiveportal-allowedhostnames']['match'][] = "services_captiveportal_hostname.php*"; - -$priv_list['page-services-captiveportal-editallowedhostnames'] = array(); -$priv_list['page-services-captiveportal-editallowedhostnames']['name'] = gettext("WebCfg - Services: Captive portal: Edit Allowed Hostnames page"); -$priv_list['page-services-captiveportal-editallowedhostnames']['descr'] = gettext("Allow access to the 'Services: Captive portal: Allowed Hostnames' page."); -$priv_list['page-services-captiveportal-editallowedhostnames']['match'] = array(); -$priv_list['page-services-captiveportal-editallowedhostnames']['match'][] = "services_captiveportal_hostname_edit.php*"; - -$priv_list['page-services-captiveportal-editzones'] = array(); -$priv_list['page-services-captiveportal-editzones']['name'] = gettext("Webcfg - Services: Captive portal: Edit Zones page"); -$priv_list['page-services-captiveportal-editzones']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Zones' page."); -$priv_list['page-services-captiveportal-editzones']['match'] = array(); -$priv_list['page-services-captiveportal-editzones']['match'][] = "services_captiveportal_zones_edit.php*"; - $priv_list['page-services-captiveportal-vouchers'] = array(); -$priv_list['page-services-captiveportal-vouchers']['name'] = gettext("WebCfg - Services: Captive portal Vouchers page"); +$priv_list['page-services-captiveportal-vouchers']['name'] = gettext("WebCfg - Services: Captive portal Vouchers"); $priv_list['page-services-captiveportal-vouchers']['descr'] = gettext("Allow access to the 'Services: Captive portal Vouchers' page."); $priv_list['page-services-captiveportal-vouchers']['match'] = array(); $priv_list['page-services-captiveportal-vouchers']['match'][] = "services_captiveportal_vouchers.php*"; $priv_list['page-services-captiveportal-voucher-edit'] = array(); -$priv_list['page-services-captiveportal-voucher-edit']['name'] = "WebCfg - Services: Captive portal Voucher Rolls page"; -$priv_list['page-services-captiveportal-voucher-edit']['descr'] = "Allow access to the 'Services: Captive portal Edit Voucher Rolls' page."; +$priv_list['page-services-captiveportal-voucher-edit']['name'] = gettext("WebCfg - Services: Captive portal Voucher Rolls"); +$priv_list['page-services-captiveportal-voucher-edit']['descr'] = gettext("Allow access to the 'Services: Captive portal Edit Voucher Rolls' page."); $priv_list['page-services-captiveportal-voucher-edit']['match'] = array(); $priv_list['page-services-captiveportal-voucher-edit']['match'][] = "services_captiveportal_vouchers_edit.php*"; $priv_list['page-services-captiveportal-zones'] = array(); -$priv_list['page-services-captiveportal-zones']['name'] = gettext("WebCfg - Services: Captive portal Zones page"); +$priv_list['page-services-captiveportal-zones']['name'] = gettext("WebCfg - Services: Captive portal Zones"); $priv_list['page-services-captiveportal-zones']['descr'] = gettext("Allow access to the 'Services: Captive portal Zones' page."); $priv_list['page-services-captiveportal-zones']['match'] = array(); $priv_list['page-services-captiveportal-zones']['match'][] = "services_captiveportal_zones.php*"; +$priv_list['page-services-captiveportal-editzones'] = array(); +$priv_list['page-services-captiveportal-editzones']['name'] = gettext("WebCfg - Services: Captive portal: Edit Zones"); +$priv_list['page-services-captiveportal-editzones']['descr'] = gettext("Allow access to the 'Services: Captive portal: Edit Zones' page."); +$priv_list['page-services-captiveportal-editzones']['match'] = array(); +$priv_list['page-services-captiveportal-editzones']['match'][] = "services_captiveportal_zones_edit.php*"; + $priv_list['page-services-dhcpserver'] = array(); -$priv_list['page-services-dhcpserver']['name'] = gettext("WebCfg - Services: DHCP server page"); -$priv_list['page-services-dhcpserver']['descr'] = gettext("Allow access to the 'Services: DHCP server' page."); +$priv_list['page-services-dhcpserver']['name'] = gettext("WebCfg - Services: DHCP Server"); +$priv_list['page-services-dhcpserver']['descr'] = gettext("Allow access to the 'Services: DHCP Server' page."); $priv_list['page-services-dhcpserver']['match'] = array(); $priv_list['page-services-dhcpserver']['match'][] = "services_dhcp.php*"; $priv_list['page-services-dhcpserver-editstaticmapping'] = array(); -$priv_list['page-services-dhcpserver-editstaticmapping']['name'] = gettext("WebCfg - Services: DHCP Server : Edit static mapping page"); -$priv_list['page-services-dhcpserver-editstaticmapping']['descr'] = gettext("Allow access to the 'Services: DHCP Server : Edit static mapping' page."); +$priv_list['page-services-dhcpserver-editstaticmapping']['name'] = gettext("WebCfg - Services: DHCP Server: Edit static mapping"); +$priv_list['page-services-dhcpserver-editstaticmapping']['descr'] = gettext("Allow access to the 'Services: DHCP Server: Edit static mapping' page."); $priv_list['page-services-dhcpserver-editstaticmapping']['match'] = array(); $priv_list['page-services-dhcpserver-editstaticmapping']['match'][] = "services_dhcp_edit.php*"; $priv_list['page-services-dhcprelay'] = array(); -$priv_list['page-services-dhcprelay']['name'] = gettext("WebCfg - Services: DHCP Relay page"); +$priv_list['page-services-dhcprelay']['name'] = gettext("WebCfg - Services: DHCP Relay"); $priv_list['page-services-dhcprelay']['descr'] = gettext("Allow access to the 'Services: DHCP Relay' page."); $priv_list['page-services-dhcprelay']['match'] = array(); $priv_list['page-services-dhcprelay']['match'][] = "services_dhcp_relay.php*"; $priv_list['page-services-dhcpv6server'] = array(); -$priv_list['page-services-dhcpv6server']['name'] = gettext("Webcfg - Services: DHCPv6 server page"); +$priv_list['page-services-dhcpv6server']['name'] = gettext("WebCfg - Services: DHCPv6 server"); $priv_list['page-services-dhcpv6server']['descr'] = gettext("Allow access to the 'Services: DHCPv6 server' page."); $priv_list['page-services-dhcpv6server']['match'] = array(); $priv_list['page-services-dhcpv6server']['match'][] = "services_dhcpv6.php*"; $priv_list['page-services-dhcpserverv6-editstaticmapping'] = array(); -$priv_list['page-services-dhcpserverv6-editstaticmapping']['name'] = gettext("Webcfg - Services: DHCPv6 Server : Edit static mapping page"); +$priv_list['page-services-dhcpserverv6-editstaticmapping']['name'] = gettext("WebCfg - Services: DHCPv6 Server: Edit static mapping"); $priv_list['page-services-dhcpserverv6-editstaticmapping']['descr'] = gettext("Allow access to the 'Services: DHCPv6 Server : Edit static mapping' page."); $priv_list['page-services-dhcpserverv6-editstaticmapping']['match'] = array(); $priv_list['page-services-dhcpserverv6-editstaticmapping']['match'][] = "services_dhcpv6_edit.php*"; $priv_list['page-services-dhcpv6relay'] = array(); -$priv_list['page-services-dhcpv6relay']['name'] = gettext("Webcfg - Services: DHCPv6 Relay page"); +$priv_list['page-services-dhcpv6relay']['name'] = gettext("WebCfg - Services: DHCPv6 Relay"); $priv_list['page-services-dhcpv6relay']['descr'] = gettext("Allow access to the 'Services: DHCPv6 Relay' page."); $priv_list['page-services-dhcpv6relay']['match'] = array(); $priv_list['page-services-dhcpv6relay']['match'][] = "services_dhcpv6_relay.php*"; $priv_list['page-services-dnsforwarder'] = array(); -$priv_list['page-services-dnsforwarder']['name'] = gettext("WebCfg - Services: DNS Forwarder page"); +$priv_list['page-services-dnsforwarder']['name'] = gettext("WebCfg - Services: DNS Forwarder"); $priv_list['page-services-dnsforwarder']['descr'] = gettext("Allow access to the 'Services: DNS Forwarder' page."); $priv_list['page-services-dnsforwarder']['match'] = array(); $priv_list['page-services-dnsforwarder']['match'][] = "services_dnsmasq.php*"; $priv_list['page-services-dnsforwarder-editdomainoverride'] = array(); -$priv_list['page-services-dnsforwarder-editdomainoverride']['name'] = gettext("WebCfg - Services: DNS Forwarder: Edit Domain Override page"); +$priv_list['page-services-dnsforwarder-editdomainoverride']['name'] = gettext("WebCfg - Services: DNS Forwarder: Edit Domain Override"); $priv_list['page-services-dnsforwarder-editdomainoverride']['descr'] = gettext("Allow access to the 'Services: DNS Forwarder: Edit Domain Override' page."); $priv_list['page-services-dnsforwarder-editdomainoverride']['match'] = array(); $priv_list['page-services-dnsforwarder-editdomainoverride']['match'][] = "services_dnsmasq_domainoverride_edit.php*"; $priv_list['page-services-dnsforwarder-edithost'] = array(); -$priv_list['page-services-dnsforwarder-edithost']['name'] = gettext("WebCfg - Services: DNS Forwarder: Edit host page"); +$priv_list['page-services-dnsforwarder-edithost']['name'] = gettext("WebCfg - Services: DNS Forwarder: Edit host"); $priv_list['page-services-dnsforwarder-edithost']['descr'] = gettext("Allow access to the 'Services: DNS Forwarder: Edit host' page."); $priv_list['page-services-dnsforwarder-edithost']['match'] = array(); $priv_list['page-services-dnsforwarder-edithost']['match'][] = "services_dnsmasq_edit.php*"; -$priv_list['page-services-dnsresolver'] = array(); -$priv_list['page-services-dnsresolver']['name'] = gettext("WebCfg - Services: DNS Resolver page"); -$priv_list['page-services-dnsresolver']['descr'] = gettext("Allow access to the 'Services: DNS Resolver' page."); -$priv_list['page-services-dnsresolver']['match'] = array(); -$priv_list['page-services-dnsresolver']['match'][] = "services_unbound.php*"; - -$priv_list['page-services-dnsresolver-advanced'] = array(); -$priv_list['page-services-dnsresolver-advanced']['name'] = gettext("WebCfg - Services: DNS Resolver: Advanced page"); -$priv_list['page-services-dnsresolver-advanced']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Advanced' page."); -$priv_list['page-services-dnsresolver-advanced']['match'] = array(); -$priv_list['page-services-dnsresolver-advanced']['match'][] = "services_unbound_advanced.php*"; - -$priv_list['page-services-dnsresolver-acls'] = array(); -$priv_list['page-services-dnsresolver-acls']['name'] = gettext("WebCfg - Services: DNS Resolver: Access Lists page"); -$priv_list['page-services-dnsresolver-acls']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Access Lists' page."); -$priv_list['page-services-dnsresolver-acls']['match'] = array(); -$priv_list['page-services-dnsresolver-acls']['match'][] = "services_unbound_acls.php*"; - -$priv_list['page-services-dnsresolver-editacls'] = array(); -$priv_list['page-services-dnsresolver-editacls']['name'] = gettext("WebCfg - Services: DNS Resolver: Access Lists: Edit page"); -$priv_list['page-services-dnsresolver-editacls']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Access Lists: Edit' page."); -$priv_list['page-services-dnsresolver-editacls']['match'] = array(); -$priv_list['page-services-dnsresolver-editacls']['match'][] = "services_unbound_acls_edit.php*"; - -$priv_list['page-services-dnsresolver-editdomainoverride'] = array(); -$priv_list['page-services-dnsresolver-editdomainoverride']['name'] = gettext("WebCfg - Services: DNS Resolver: Edit Domain Override page"); -$priv_list['page-services-dnsresolver-editdomainoverride']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Edit Domain Override' page."); -$priv_list['page-services-dnsresolver-editdomainoverride']['match'] = array(); -$priv_list['page-services-dnsresolver-editdomainoverride']['match'][] = "services_unbound_domainoverride_edit.php*"; - -$priv_list['page-services-dnsresolver-edithost'] = array(); -$priv_list['page-services-dnsresolver-edithost']['name'] = gettext("WebCfg - Services: DNS Resolver: Edit host page"); -$priv_list['page-services-dnsresolver-edithost']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Edit host' page."); -$priv_list['page-services-dnsresolver-edithost']['match'] = array(); -$priv_list['page-services-dnsresolver-edithost']['match'][] = "services_unbound_host_edit.php*"; - $priv_list['page-services-dynamicdnsclients'] = array(); -$priv_list['page-services-dynamicdnsclients']['name'] = gettext("WebCfg - Services: Dynamic DNS clients page"); +$priv_list['page-services-dynamicdnsclients']['name'] = gettext("WebCfg - Services: Dynamic DNS clients"); $priv_list['page-services-dynamicdnsclients']['descr'] = gettext("Allow access to the 'Services: Dynamic DNS clients' page."); $priv_list['page-services-dynamicdnsclients']['match'] = array(); $priv_list['page-services-dynamicdnsclients']['match'][] = "services_dyndns.php*"; $priv_list['page-services-dynamicdnsclient'] = array(); -$priv_list['page-services-dynamicdnsclient']['name'] = gettext("WebCfg - Services: Dynamic DNS client page"); +$priv_list['page-services-dynamicdnsclient']['name'] = gettext("WebCfg - Services: Dynamic DNS client"); $priv_list['page-services-dynamicdnsclient']['descr'] = gettext("Allow access to the 'Services: Dynamic DNS client' page."); $priv_list['page-services-dynamicdnsclient']['match'] = array(); $priv_list['page-services-dynamicdnsclient']['match'][] = "services_dyndns_edit.php*"; $priv_list['page-services-igmpproxy'] = array(); -$priv_list['page-services-igmpproxy']['name'] = gettext("WebCfg - Services: Igmpproxy page"); -$priv_list['page-services-igmpproxy']['descr'] = gettext("Allow access to the 'Services: Igmpproxy' page."); +$priv_list['page-services-igmpproxy']['name'] = gettext("WebCfg - Services: IGMP Proxy"); +$priv_list['page-services-igmpproxy']['descr'] = gettext("Allow access to the 'Services: IGMP Proxy' page."); $priv_list['page-services-igmpproxy']['match'] = array(); $priv_list['page-services-igmpproxy']['match'][] = "services_igmpproxy.php*"; $priv_list['page-services-igmpproxy-edit'] = array(); -$priv_list['page-services-igmpproxy-edit']['name'] = gettext("Firewall: Igmpproxy: Edit page"); -$priv_list['page-services-igmpproxy-edit']['descr'] = gettext("Allow access to the 'Services: Igmpproxy: Edit' page."); +$priv_list['page-services-igmpproxy-edit']['name'] = gettext("WebCfg - Services: IGMP Proxy: Edit"); +$priv_list['page-services-igmpproxy-edit']['descr'] = gettext("Allow access to the 'Services: IGMP Proxy: Edit' page."); $priv_list['page-services-igmpproxy-edit']['match'] = array(); $priv_list['page-services-igmpproxy-edit']['match'][] = "services_igmpproxy_edit.php*"; +$priv_list['page-services-ntpd'] = array(); +$priv_list['page-services-ntpd']['name'] = gettext("WebCfg - Services: NTP"); +$priv_list['page-services-ntpd']['descr'] = gettext("Allow access to the 'Services: NTP' page."); +$priv_list['page-services-ntpd']['match'] = array(); +$priv_list['page-services-ntpd']['match'][] = "services_ntpd.php*"; + +$priv_list['page-services-ntpd-gps'] = array(); +$priv_list['page-services-ntpd-gps']['name'] = gettext("WebCfg - Services: NTP Serial GPS"); +$priv_list['page-services-ntpd-gps']['descr'] = gettext("Allow access to the 'Services: NTP Serial GPS' page."); +$priv_list['page-services-ntpd-gps']['match'] = array(); +$priv_list['page-services-ntpd-gps']['match'][] = "services_ntpd_gps.php*"; + +$priv_list['page-services-ntpd-pps'] = array(); +$priv_list['page-services-ntpd-pps']['name'] = gettext("WebCfg - Services: NTP PPS"); +$priv_list['page-services-ntpd-pps']['descr'] = gettext("Allow access to the 'Services: NTP PPS' page."); +$priv_list['page-services-ntpd-pps']['match'] = array(); +$priv_list['page-services-ntpd-pps']['match'][] = "services_ntpd_pps.php*"; + $priv_list['page-services-rfc2136clients'] = array(); -$priv_list['page-services-rfc2136clients']['name'] = gettext("WebCfg - Services: RFC 2136 clients page"); -$priv_list['page-services-rfc2136clients']['descr'] = gettext("Allow access to the 'Services: RFC 2136 clients' page."); +$priv_list['page-services-rfc2136clients']['name'] = gettext("WebCfg - Services: RFC 2136 Clients"); +$priv_list['page-services-rfc2136clients']['descr'] = gettext("Allow access to the 'Services: RFC 2136 Clients' page."); $priv_list['page-services-rfc2136clients']['match'] = array(); $priv_list['page-services-rfc2136clients']['match'][] = "services_rfc2136.php*"; +$priv_list['page-services-rfc2136edit'] = array(); +$priv_list['page-services-rfc2136edit']['name'] = gettext("WebCfg - Services: RFC 2136 Client: Edit"); +$priv_list['page-services-rfc2136edit']['descr'] = gettext("Allow access to the 'Services: RFC 2136 Client: Edit' page."); +$priv_list['page-services-rfc2136edit']['match'] = array(); +$priv_list['page-services-rfc2136edit']['match'][] = "services_rfc2136.php*"; + $priv_list['page-services-router-advertisements'] = array(); -$priv_list['page-services-router-advertisements']['name'] = gettext("Webcfg - Services: Router Advertisements page"); +$priv_list['page-services-router-advertisements']['name'] = gettext("WebCfg - Services: Router Advertisements"); $priv_list['page-services-router-advertisements']['descr'] = gettext("Allow access to the 'Services: Router Advertisements' page."); $priv_list['page-services-router-advertisements']['match'] = array(); $priv_list['page-services-router-advertisements']['match'][] = "services_router_advertisements.php*"; $priv_list['page-services-snmp'] = array(); -$priv_list['page-services-snmp']['name'] = gettext("WebCfg - Services: SNMP page"); +$priv_list['page-services-snmp']['name'] = gettext("WebCfg - Services: SNMP"); $priv_list['page-services-snmp']['descr'] = gettext("Allow access to the 'Services: SNMP' page."); $priv_list['page-services-snmp']['match'] = array(); $priv_list['page-services-snmp']['match'][] = "services_snmp.php*"; +$priv_list['page-services-dnsresolver'] = array(); +$priv_list['page-services-dnsresolver']['name'] = gettext("WebCfg - Services: DNS Resolver"); +$priv_list['page-services-dnsresolver']['descr'] = gettext("Allow access to the 'Services: DNS Resolver' page."); +$priv_list['page-services-dnsresolver']['match'] = array(); +$priv_list['page-services-dnsresolver']['match'][] = "services_unbound.php*"; + +$priv_list['page-services-dnsresolver-acls'] = array(); +$priv_list['page-services-dnsresolver-acls']['name'] = gettext("WebCfg - Services: DNS Resolver: Access Lists"); +$priv_list['page-services-dnsresolver-acls']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Access Lists' page."); +$priv_list['page-services-dnsresolver-acls']['match'] = array(); +$priv_list['page-services-dnsresolver-acls']['match'][] = "services_unbound_acls.php*"; + +$priv_list['page-services-dnsresolver-advanced'] = array(); +$priv_list['page-services-dnsresolver-advanced']['name'] = gettext("WebCfg - Services: DNS Resolver: Advanced"); +$priv_list['page-services-dnsresolver-advanced']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Advanced' page."); +$priv_list['page-services-dnsresolver-advanced']['match'] = array(); +$priv_list['page-services-dnsresolver-advanced']['match'][] = "services_unbound_advanced.php*"; + +$priv_list['page-services-dnsresolver-editdomainoverride'] = array(); +$priv_list['page-services-dnsresolver-editdomainoverride']['name'] = gettext("WebCfg - Services: DNS Resolver: Edit Domain Override"); +$priv_list['page-services-dnsresolver-editdomainoverride']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Edit Domain Override' page."); +$priv_list['page-services-dnsresolver-editdomainoverride']['match'] = array(); +$priv_list['page-services-dnsresolver-editdomainoverride']['match'][] = "services_unbound_domainoverride_edit.php*"; + +$priv_list['page-services-dnsresolver-edithost'] = array(); +$priv_list['page-services-dnsresolver-edithost']['name'] = gettext("WebCfg - Services: DNS Resolver: Edit host"); +$priv_list['page-services-dnsresolver-edithost']['descr'] = gettext("Allow access to the 'Services: DNS Resolver: Edit host' page."); +$priv_list['page-services-dnsresolver-edithost']['match'] = array(); +$priv_list['page-services-dnsresolver-edithost']['match'][] = "services_unbound_host_edit.php*"; + $priv_list['page-services-wakeonlan'] = array(); -$priv_list['page-services-wakeonlan']['name'] = gettext("WebCfg - Services: Wake on LAN page"); +$priv_list['page-services-wakeonlan']['name'] = gettext("WebCfg - Services: Wake on LAN"); $priv_list['page-services-wakeonlan']['descr'] = gettext("Allow access to the 'Services: Wake on LAN' page."); $priv_list['page-services-wakeonlan']['match'] = array(); $priv_list['page-services-wakeonlan']['match'][] = "services_wol.php*"; $priv_list['page-services-wakeonlan-edit'] = array(); -$priv_list['page-services-wakeonlan-edit']['name'] = gettext("WebCfg - Services: Wake on LAN: Edit page"); +$priv_list['page-services-wakeonlan-edit']['name'] = gettext("WebCfg - Services: Wake on LAN: Edit"); $priv_list['page-services-wakeonlan-edit']['descr'] = gettext("Allow access to the 'Services: Wake on LAN: Edit' page."); $priv_list['page-services-wakeonlan-edit']['match'] = array(); $priv_list['page-services-wakeonlan-edit']['match'][] = "services_wol_edit.php*"; -$priv_list['page-diagnostics-cpuutilization'] = array(); -$priv_list['page-diagnostics-cpuutilization']['name'] = gettext("WebCfg - Diagnostics: CPU Utilization page"); -$priv_list['page-diagnostics-cpuutilization']['descr'] = gettext("Allow access to the 'Diagnostics: CPU Utilization' page."); -$priv_list['page-diagnostics-cpuutilization']['match'] = array(); -$priv_list['page-diagnostics-cpuutilization']['match'][] = "stats.php*"; - $priv_list['page-hidden-detailedstatus'] = array(); -$priv_list['page-hidden-detailedstatus']['name'] = gettext("WebCfg - Hidden: Detailed Status page"); +$priv_list['page-hidden-detailedstatus']['name'] = gettext("WebCfg - Hidden: Detailed Status"); $priv_list['page-hidden-detailedstatus']['descr'] = gettext("Allow access to the 'Hidden: Detailed Status' page."); $priv_list['page-hidden-detailedstatus']['match'] = array(); $priv_list['page-hidden-detailedstatus']['match'][] = "status.php*"; $priv_list['page-status-captiveportal'] = array(); -$priv_list['page-status-captiveportal']['name'] = gettext("WebCfg - Status: Captive portal page"); +$priv_list['page-status-captiveportal']['name'] = gettext("WebCfg - Status: Captive portal"); $priv_list['page-status-captiveportal']['descr'] = gettext("Allow access to the 'Status: Captive portal' page."); $priv_list['page-status-captiveportal']['match'] = array(); $priv_list['page-status-captiveportal']['match'][] = "status_captiveportal.php*"; $priv_list['page-status-captiveportal-expire'] = array(); -$priv_list['page-status-captiveportal-expire']['name'] = gettext("Webcfg - Status: Captive portal Expire Vouchers page"); -$priv_list['page-status-captiveportal-expire']['descr'] = gettext("Allow access to the 'Status: Captive portal Expire Vouchers' page."); +$priv_list['page-status-captiveportal-expire']['name'] = gettext("WebCfg - Status: Captive Portal: Expire Vouchers"); +$priv_list['page-status-captiveportal-expire']['descr'] = gettext("Allow access to the 'Status: Captive Portal: Expire Vouchers' page."); $priv_list['page-status-captiveportal-expire']['match'] = array(); $priv_list['page-status-captiveportal-expire']['match'][] = "status_captiveportal_expire.php*"; $priv_list['page-status-captiveportal-test'] = array(); -$priv_list['page-status-captiveportal-test']['name'] = gettext("WebCfg - Status: Captive portal Test Vouchers page"); -$priv_list['page-status-captiveportal-test']['descr'] = gettext("Allow access to the 'Status: Captive portal Test Vouchers' page."); +$priv_list['page-status-captiveportal-test']['name'] = gettext("WebCfg - Status: Captive Portal: Test Vouchers"); +$priv_list['page-status-captiveportal-test']['descr'] = gettext("Allow access to the 'Status: Captive Portal: Test Vouchers' page."); $priv_list['page-status-captiveportal-test']['match'] = array(); $priv_list['page-status-captiveportal-test']['match'][] = "status_captiveportal_test.php*"; $priv_list['page-status-captiveportal-voucher-rolls'] = array(); -$priv_list['page-status-captiveportal-voucher-rolls']['name'] = gettext("WebCfg - Status: Captive portal Voucher Rolls page"); +$priv_list['page-status-captiveportal-voucher-rolls']['name'] = gettext("WebCfg - Status: Captive portal Voucher Rolls"); $priv_list['page-status-captiveportal-voucher-rolls']['descr'] = gettext("Allow access to the 'Status: Captive portal Voucher Rolls' page."); $priv_list['page-status-captiveportal-voucher-rolls']['match'] = array(); $priv_list['page-status-captiveportal-voucher-rolls']['match'][] = "status_captiveportal_voucher_rolls.php*"; $priv_list['page-status-captiveportal-vouchers'] = array(); -$priv_list['page-status-captiveportal-vouchers']['name'] = gettext("WebCfg - Status: Captive portal Vouchers page"); +$priv_list['page-status-captiveportal-vouchers']['name'] = gettext("WebCfg - Status: Captive portal Vouchers"); $priv_list['page-status-captiveportal-vouchers']['descr'] = gettext("Allow access to the 'Status: Captive portal Vouchers' page."); $priv_list['page-status-captiveportal-vouchers']['match'] = array(); $priv_list['page-status-captiveportal-vouchers']['match'][] = "status_captiveportal_vouchers.php*"; $priv_list['page-status-dhcpleases'] = array(); -$priv_list['page-status-dhcpleases']['name'] = gettext("WebCfg - Status: DHCP leases page"); +$priv_list['page-status-dhcpleases']['name'] = gettext("WebCfg - Status: DHCP leases"); $priv_list['page-status-dhcpleases']['descr'] = gettext("Allow access to the 'Status: DHCP leases' page."); $priv_list['page-status-dhcpleases']['match'] = array(); $priv_list['page-status-dhcpleases']['match'][] = "status_dhcp_leases.php*"; $priv_list['page-status-dhcpv6leases'] = array(); -$priv_list['page-status-dhcpv6leases']['name'] = gettext("Webcfg - Status: DHCPv6 leases page"); +$priv_list['page-status-dhcpv6leases']['name'] = gettext("WebCfg - Status: DHCPv6 leases"); $priv_list['page-status-dhcpv6leases']['descr'] = gettext("Allow access to the 'Status: DHCPv6 leases' page."); $priv_list['page-status-dhcpv6leases']['match'] = array(); $priv_list['page-status-dhcpv6leases']['match'][] = "status_dhcpv6_leases.php*"; $priv_list['page-status-filterreloadstatus'] = array(); -$priv_list['page-status-filterreloadstatus']['name'] = gettext("WebCfg - Status: Filter Reload Status page"); +$priv_list['page-status-filterreloadstatus']['name'] = gettext("WebCfg - Status: Filter Reload Status"); $priv_list['page-status-filterreloadstatus']['descr'] = gettext("Allow access to the 'Status: Filter Reload Status' page."); $priv_list['page-status-filterreloadstatus']['match'] = array(); $priv_list['page-status-filterreloadstatus']['match'][] = "status_filter_reload.php*"; $priv_list['page-status-gatewaygroups'] = array(); -$priv_list['page-status-gatewaygroups']['name'] = gettext("WebCfg - Status: Gateway Groups page"); +$priv_list['page-status-gatewaygroups']['name'] = gettext("WebCfg - Status: Gateway Groups"); $priv_list['page-status-gatewaygroups']['descr'] = gettext("Allow access to the 'Status: Gateway Groups' page."); $priv_list['page-status-gatewaygroups']['match'] = array(); $priv_list['page-status-gatewaygroups']['match'][] = "status_gateway_groups.php*"; $priv_list['page-status-gateways'] = array(); -$priv_list['page-status-gateways']['name'] = gettext("WebCfg - Status: Gateways page"); +$priv_list['page-status-gateways']['name'] = gettext("WebCfg - Status: Gateways"); $priv_list['page-status-gateways']['descr'] = gettext("Allow access to the 'Status: Gateways' page."); $priv_list['page-status-gateways']['match'] = array(); $priv_list['page-status-gateways']['match'][] = "status_gateways.php*"; $priv_list['page-status-trafficgraph'] = array(); -$priv_list['page-status-trafficgraph']['name'] = gettext("WebCfg - Status: Traffic Graph page"); +$priv_list['page-status-trafficgraph']['name'] = gettext("WebCfg - Status: Traffic Graph"); $priv_list['page-status-trafficgraph']['descr'] = gettext("Allow access to the 'Status: Traffic Graph' page."); $priv_list['page-status-trafficgraph']['match'] = array(); $priv_list['page-status-trafficgraph']['match'][] = "status_graph.php*"; @@ -1026,74 +956,80 @@ $priv_list['page-status-trafficgraph']['match'][] = "graph.php*"; $priv_list['page-status-trafficgraph']['match'][] = "ifstats.php*"; $priv_list['page-status-cpuload'] = array(); -$priv_list['page-status-cpuload']['name'] = gettext("WebCfg - Status: CPU load page"); +$priv_list['page-status-cpuload']['name'] = gettext("WebCfg - Status: CPU load"); $priv_list['page-status-cpuload']['descr'] = gettext("Allow access to the 'Status: CPU load' page."); $priv_list['page-status-cpuload']['match'] = array(); $priv_list['page-status-cpuload']['match'][] = "status_graph_cpu.php*"; $priv_list['page-status-interfaces'] = array(); -$priv_list['page-status-interfaces']['name'] = gettext("WebCfg - Status: Interfaces page"); +$priv_list['page-status-interfaces']['name'] = gettext("WebCfg - Status: Interfaces"); $priv_list['page-status-interfaces']['descr'] = gettext("Allow access to the 'Status: Interfaces' page."); $priv_list['page-status-interfaces']['match'] = array(); $priv_list['page-status-interfaces']['match'][] = "status_interfaces.php*"; $priv_list['page-status-loadbalancer-pool'] = array(); -$priv_list['page-status-loadbalancer-pool']['name'] = gettext("WebCfg - Status: Load Balancer: Pool page"); +$priv_list['page-status-loadbalancer-pool']['name'] = gettext("WebCfg - Status: Load Balancer: Pool"); $priv_list['page-status-loadbalancer-pool']['descr'] = gettext("Allow access to the 'Status: Load Balancer: Pool' page."); $priv_list['page-status-loadbalancer-pool']['match'] = array(); $priv_list['page-status-loadbalancer-pool']['match'][] = "status_lb_pool.php*"; $priv_list['page-status-loadbalancer-virtualserver'] = array(); -$priv_list['page-status-loadbalancer-virtualserver']['name'] = gettext("WebCfg - Status: Load Balancer: Virtual Server page"); +$priv_list['page-status-loadbalancer-virtualserver']['name'] = gettext("WebCfg - Status: Load Balancer: Virtual Server"); $priv_list['page-status-loadbalancer-virtualserver']['descr'] = gettext("Allow access to the 'Status: Load Balancer: Virtual Server' page."); $priv_list['page-status-loadbalancer-virtualserver']['match'] = array(); $priv_list['page-status-loadbalancer-virtualserver']['match'][] = "status_lb_vs.php*"; +$priv_list['page-status-ntp'] = array(); +$priv_list['page-status-ntp']['name'] = gettext("WebCfg - Status: NTP"); +$priv_list['page-status-ntp']['descr'] = gettext("Allow access to the 'Status: NTP' page."); +$priv_list['page-status-ntp']['match'] = array(); +$priv_list['page-status-ntp']['match'][] = "status_ntpd.php*"; + $priv_list['page-status-openvpn'] = array(); -$priv_list['page-status-openvpn']['name'] = gettext("WebCfg - Status: OpenVPN page"); +$priv_list['page-status-openvpn']['name'] = gettext("WebCfg - Status: OpenVPN"); $priv_list['page-status-openvpn']['descr'] = gettext("Allow access to the 'Status: OpenVPN' page."); $priv_list['page-status-openvpn']['match'] = array(); $priv_list['page-status-openvpn']['match'][] = "status_openvpn.php*"; $priv_list['page-status-trafficshaper-queues'] = array(); -$priv_list['page-status-trafficshaper-queues']['name'] = gettext("WebCfg - Status: Traffic shaper: Queues page"); +$priv_list['page-status-trafficshaper-queues']['name'] = gettext("WebCfg - Status: Traffic shaper: Queues"); $priv_list['page-status-trafficshaper-queues']['descr'] = gettext("Allow access to the 'Status: Traffic shaper: Queues' page."); $priv_list['page-status-trafficshaper-queues']['match'] = array(); $priv_list['page-status-trafficshaper-queues']['match'][] = "status_queues.php*"; $priv_list['page-status-rrdgraphs'] = array(); -$priv_list['page-status-rrdgraphs']['name'] = gettext("WebCfg - Status: RRD Graphs page"); +$priv_list['page-status-rrdgraphs']['name'] = gettext("WebCfg - Status: RRD Graphs"); $priv_list['page-status-rrdgraphs']['descr'] = gettext("Allow access to the 'Status: RRD Graphs' page."); $priv_list['page-status-rrdgraphs']['match'] = array(); $priv_list['page-status-rrdgraphs']['match'][] = "status_rrd_graph.php*"; $priv_list['page-status-rrdgraphs']['match'][] = "status_rrd_graph_img.php*"; $priv_list['page-status-rrdgraph-settings'] = array(); -$priv_list['page-status-rrdgraph-settings']['name'] = gettext("WebCfg - Status: RRD Graphs settings page"); -$priv_list['page-status-rrdgraph-settings']['descr'] = gettext("Allow access to the 'Status: RRD Graphs: settings' page."); +$priv_list['page-status-rrdgraph-settings']['name'] = gettext("WebCfg - Status: RRD Graphs: Settings"); +$priv_list['page-status-rrdgraph-settings']['descr'] = gettext("Allow access to the 'Status: RRD Graphs: Settings' page."); $priv_list['page-status-rrdgraph-settings']['match'] = array(); $priv_list['page-status-rrdgraph-settings']['match'][] = "status_rrd_graph_settings.php*"; $priv_list['page-status-services'] = array(); -$priv_list['page-status-services']['name'] = gettext("WebCfg - Status: Services page"); +$priv_list['page-status-services']['name'] = gettext("WebCfg - Status: Services"); $priv_list['page-status-services']['descr'] = gettext("Allow access to the 'Status: Services' page."); $priv_list['page-status-services']['match'] = array(); $priv_list['page-status-services']['match'][] = "status_services.php*"; $priv_list['page-status-upnpstatus'] = array(); -$priv_list['page-status-upnpstatus']['name'] = gettext("WebCfg - Status: UPnP Status page"); +$priv_list['page-status-upnpstatus']['name'] = gettext("WebCfg - Status: UPnP Status"); $priv_list['page-status-upnpstatus']['descr'] = gettext("Allow access to the 'Status: UPnP Status' page."); $priv_list['page-status-upnpstatus']['match'] = array(); $priv_list['page-status-upnpstatus']['match'][] = "status_upnp.php*"; $priv_list['page-diagnostics-wirelessstatus'] = array(); -$priv_list['page-diagnostics-wirelessstatus']['name'] = gettext("WebCfg - Status: Wireless page"); +$priv_list['page-diagnostics-wirelessstatus']['name'] = gettext("WebCfg - Status: Wireless"); $priv_list['page-diagnostics-wirelessstatus']['descr'] = gettext("Allow access to the 'Status: Wireless' page."); $priv_list['page-diagnostics-wirelessstatus']['match'] = array(); $priv_list['page-diagnostics-wirelessstatus']['match'][] = "status_wireless.php*"; $priv_list['page-system-generalsetup'] = array(); -$priv_list['page-system-generalsetup']['name'] = gettext("WebCfg - System: General Setup page"); +$priv_list['page-system-generalsetup']['name'] = gettext("WebCfg - System: General Setup"); $priv_list['page-system-generalsetup']['descr'] = gettext("Allow access to the 'System: General Setup' page."); $priv_list['page-system-generalsetup']['match'] = array(); $priv_list['page-system-generalsetup']['match'][] = "system.php*"; @@ -1105,31 +1041,31 @@ $priv_list['page-system-advanced-admin']['match'] = array(); $priv_list['page-system-advanced-admin']['match'][] = "system_advanced_admin.php*"; $priv_list['page-system-advanced-firewall'] = array(); -$priv_list['page-system-advanced-firewall']['name'] = gettext("WebCfg - System: Advanced: Firewall and NAT page"); +$priv_list['page-system-advanced-firewall']['name'] = gettext("WebCfg - System: Advanced: Firewall and NAT"); $priv_list['page-system-advanced-firewall']['descr'] = gettext("Allow access to the 'System: Advanced: Firewall and NAT' page."); $priv_list['page-system-advanced-firewall']['match'] = array(); $priv_list['page-system-advanced-firewall']['match'][] = "system_advanced_firewall.php*"; $priv_list['page-system-advanced-misc'] = array(); -$priv_list['page-system-advanced-misc']['name'] = gettext("WebCfg - System: Advanced: Miscellaneous page"); +$priv_list['page-system-advanced-misc']['name'] = gettext("WebCfg - System: Advanced: Miscellaneous"); $priv_list['page-system-advanced-misc']['descr'] = gettext("Allow access to the 'System: Advanced: Miscellaneous' page."); $priv_list['page-system-advanced-misc']['match'] = array(); $priv_list['page-system-advanced-misc']['match'][] = "system_advanced_misc.php*"; $priv_list['page-system-advanced-network'] = array(); -$priv_list['page-system-advanced-network']['name'] = gettext("WebCfg - System: Advanced: Networking page"); +$priv_list['page-system-advanced-network']['name'] = gettext("WebCfg - System: Advanced: Networking"); $priv_list['page-system-advanced-network']['descr'] = gettext("Allow access to the 'System: Advanced: Networking' page."); $priv_list['page-system-advanced-network']['match'] = array(); $priv_list['page-system-advanced-network']['match'][] = "system_advanced_network.php*"; $priv_list['page-system-advanced-notifications'] = array(); -$priv_list['page-system-advanced-notifications']['name'] = gettext("WebCfg - System: Advanced: Notifications page"); +$priv_list['page-system-advanced-notifications']['name'] = gettext("WebCfg - System: Advanced: Notifications"); $priv_list['page-system-advanced-notifications']['descr'] = gettext("Allow access to the 'System: Advanced: Notifications' page."); $priv_list['page-system-advanced-notifications']['match'] = array(); $priv_list['page-system-advanced-notifications']['match'][] = "system_advanced_notifications.php*"; $priv_list['page-system-advanced-sysctl'] = array(); -$priv_list['page-system-advanced-sysctl']['name'] = gettext("WebCfg - System: Advanced: Tunables page"); +$priv_list['page-system-advanced-sysctl']['name'] = gettext("WebCfg - System: Advanced: Tunables"); $priv_list['page-system-advanced-sysctl']['descr'] = gettext("Allow access to the 'System: Advanced: Tunables' page."); $priv_list['page-system-advanced-sysctl']['match'] = array(); $priv_list['page-system-advanced-sysctl']['match'][] = "system_advanced_sysctl.php*"; @@ -1158,128 +1094,110 @@ $priv_list['page-system-crlmanager']['descr'] = gettext("Allow access to the 'Sy $priv_list['page-system-crlmanager']['match'] = array(); $priv_list['page-system-crlmanager']['match'][] = "system_crlmanager.php*"; -$priv_list['page-system-firmware-manualupdate'] = array(); -$priv_list['page-system-firmware-manualupdate']['name'] = gettext("WebCfg - System: Firmware: Manual Update page"); -$priv_list['page-system-firmware-manualupdate']['descr'] = gettext("Allow access to the 'System: Firmware: Manual Update' page."); -$priv_list['page-system-firmware-manualupdate']['match'] = array(); -$priv_list['page-system-firmware-manualupdate']['match'][] = "system_firmware.php*"; - -$priv_list['page-system-firmware-checkforupdate'] = array(); -$priv_list['page-system-firmware-checkforupdate']['name'] = gettext("WebCfg - System: Firmware: Check For Update page"); -$priv_list['page-system-firmware-checkforupdate']['descr'] = gettext("Allow access to the 'System: Firmware: Check For Update' page."); -$priv_list['page-system-firmware-checkforupdate']['match'] = array(); -$priv_list['page-system-firmware-checkforupdate']['match'][] = "system_firmware_auto.php*"; - -$priv_list['page-system-firmware-autoupdate'] = array(); -$priv_list['page-system-firmware-autoupdate']['name'] = gettext("WebCfg - System: Firmware: Auto Update page"); -$priv_list['page-system-firmware-autoupdate']['descr'] = gettext("Allow access to the 'System: Firmware: Auto Update' page."); -$priv_list['page-system-firmware-autoupdate']['match'] = array(); -$priv_list['page-system-firmware-autoupdate']['match'][] = "system_firmware_check.php*"; - -$priv_list['page-system-firmware-settings'] = array(); -$priv_list['page-system-firmware-settings']['name'] = gettext("WebCfg - System: Firmware: Settings page"); -$priv_list['page-system-firmware-settings']['descr'] = gettext("Allow access to the 'System: Firmware: Settings' page."); -$priv_list['page-system-firmware-settings']['match'] = array(); -$priv_list['page-system-firmware-settings']['match'][] = "system_firmware_settings.php*"; - $priv_list['page-system-gatewaygroups'] = array(); -$priv_list['page-system-gatewaygroups']['name'] = gettext("WebCfg - System: Gateway Groups page"); +$priv_list['page-system-gatewaygroups']['name'] = gettext("WebCfg - System: Gateway Groups"); $priv_list['page-system-gatewaygroups']['descr'] = gettext("Allow access to the 'System: Gateway Groups' page."); $priv_list['page-system-gatewaygroups']['match'] = array(); $priv_list['page-system-gatewaygroups']['match'][] = "system_gateway_groups.php*"; $priv_list['page-system-gateways-editgatewaygroups'] = array(); -$priv_list['page-system-gateways-editgatewaygroups']['name'] = gettext("WebCfg - System: Gateways: Edit Gateway Groups page"); +$priv_list['page-system-gateways-editgatewaygroups']['name'] = gettext("WebCfg - System: Gateways: Edit Gateway Groups"); $priv_list['page-system-gateways-editgatewaygroups']['descr'] = gettext("Allow access to the 'System: Gateways: Edit Gateway Groups' page."); $priv_list['page-system-gateways-editgatewaygroups']['match'] = array(); $priv_list['page-system-gateways-editgatewaygroups']['match'][] = "system_gateway_groups_edit.php*"; $priv_list['page-system-gateways'] = array(); -$priv_list['page-system-gateways']['name'] = gettext("WebCfg - System: Gateways page"); +$priv_list['page-system-gateways']['name'] = gettext("WebCfg - System: Gateways"); $priv_list['page-system-gateways']['descr'] = gettext("Allow access to the 'System: Gateways' page."); $priv_list['page-system-gateways']['match'] = array(); $priv_list['page-system-gateways']['match'][] = "system_gateways.php*"; $priv_list['page-system-gateways-editgateway'] = array(); -$priv_list['page-system-gateways-editgateway']['name'] = gettext("WebCfg - System: Gateways: Edit Gateway page"); +$priv_list['page-system-gateways-editgateway']['name'] = gettext("WebCfg - System: Gateways: Edit Gateway"); $priv_list['page-system-gateways-editgateway']['descr'] = gettext("Allow access to the 'System: Gateways: Edit Gateway' page."); $priv_list['page-system-gateways-editgateway']['match'] = array(); $priv_list['page-system-gateways-editgateway']['match'][] = "system_gateways_edit.php*"; $priv_list['page-system-groupmanager'] = array(); -$priv_list['page-system-groupmanager']['name'] = gettext("WebCfg - System: Group manager page"); +$priv_list['page-system-groupmanager']['name'] = gettext("WebCfg - System: Group manager"); $priv_list['page-system-groupmanager']['descr'] = gettext("Allow access to the 'System: Group manager' page."); $priv_list['page-system-groupmanager']['match'] = array(); $priv_list['page-system-groupmanager']['match'][] = "system_groupmanager.php*"; $priv_list['page-system-groupmanager-addprivs'] = array(); -$priv_list['page-system-groupmanager-addprivs']['name'] = gettext("WebCfg - System: Group Manager: Add Privileges page"); +$priv_list['page-system-groupmanager-addprivs']['name'] = gettext("WebCfg - System: Group Manager: Add Privileges"); $priv_list['page-system-groupmanager-addprivs']['descr'] = gettext("Allow access to the 'System: Group Manager: Add Privileges' page."); $priv_list['page-system-groupmanager-addprivs']['match'] = array(); $priv_list['page-system-groupmanager-addprivs']['match'][] = "system_groupmanager_addprivs.php*"; $priv_list['page-system-hasync'] = array(); -$priv_list['page-system-hasync']['name'] = gettext("Webcfg - System: High Availability Sync"); +$priv_list['page-system-hasync']['name'] = gettext("WebCfg - System: High Availability Sync"); $priv_list['page-system-hasync']['descr'] = gettext("Allow access to the 'System: High Availability Sync' page."); $priv_list['page-system-hasync']['match'] = array(); $priv_list['page-system-hasync']['match'][] = "system_hasync.php*"; $priv_list['page-system-staticroutes'] = array(); -$priv_list['page-system-staticroutes']['name'] = gettext("WebCfg - System: Static Routes page"); +$priv_list['page-system-staticroutes']['name'] = gettext("WebCfg - System: Static Routes"); $priv_list['page-system-staticroutes']['descr'] = gettext("Allow access to the 'System: Static Routes' page."); $priv_list['page-system-staticroutes']['match'] = array(); $priv_list['page-system-staticroutes']['match'][] = "system_routes.php*"; $priv_list['page-system-staticroutes-editroute'] = array(); -$priv_list['page-system-staticroutes-editroute']['name'] = gettext("WebCfg - System: Static Routes: Edit route page"); +$priv_list['page-system-staticroutes-editroute']['name'] = gettext("WebCfg - System: Static Routes: Edit route"); $priv_list['page-system-staticroutes-editroute']['descr'] = gettext("Allow access to the 'System: Static Routes: Edit route' page."); $priv_list['page-system-staticroutes-editroute']['match'] = array(); $priv_list['page-system-staticroutes-editroute']['match'][] = "system_routes_edit.php*"; +$priv_list['page-system-update-settings'] = array(); +$priv_list['page-system-update-settings']['name'] = gettext("WebCfg - System: Update: Settings"); +$priv_list['page-system-update-settings']['descr'] = gettext("Allow access to the 'System: Update: Settings' page."); +$priv_list['page-system-update-settings']['match'] = array(); +$priv_list['page-system-update-settings']['match'][] = "system_update_settings.php*"; + $priv_list['page-system-usermanager'] = array(); -$priv_list['page-system-usermanager']['name'] = gettext("WebCfg - System: User Manager page"); +$priv_list['page-system-usermanager']['name'] = gettext("WebCfg - System: User Manager"); $priv_list['page-system-usermanager']['descr'] = gettext("Allow access to the 'System: User Manager' page."); $priv_list['page-system-usermanager']['match'] = array(); $priv_list['page-system-usermanager']['match'][] = "system_usermanager.php*"; $priv_list['page-system-usermanager-addprivs'] = array(); -$priv_list['page-system-usermanager-addprivs']['name'] = gettext("WebCfg - System: User Manager: Add Privileges page"); +$priv_list['page-system-usermanager-addprivs']['name'] = gettext("WebCfg - System: User Manager: Add Privileges"); $priv_list['page-system-usermanager-addprivs']['descr'] = gettext("Allow access to the 'System: User Manager: Add Privileges' page."); $priv_list['page-system-usermanager-addprivs']['match'] = array(); $priv_list['page-system-usermanager-addprivs']['match'][] = "system_usermanager_addprivs.php*"; $priv_list['page-system-usermanager-passwordmg'] = array(); -$priv_list['page-system-usermanager-passwordmg']['name'] = gettext("WebCfg - System: User Password Manager page"); +$priv_list['page-system-usermanager-passwordmg']['name'] = gettext("WebCfg - System: User Password Manager"); $priv_list['page-system-usermanager-passwordmg']['descr'] = gettext("Allow access to the 'System: User Password Manager' page."); $priv_list['page-system-usermanager-passwordmg']['match'] = array(); $priv_list['page-system-usermanager-passwordmg']['match'][] = "system_usermanager_passwordmg.php*"; $priv_list['page-system-usermanager-settings'] = array(); -$priv_list['page-system-usermanager-settings']['name'] = gettext("WebCfg - System: User Manager: settings page"); -$priv_list['page-system-usermanager-settings']['descr'] = gettext("Allow access to the 'System: User Manager: settings' page."); +$priv_list['page-system-usermanager-settings']['name'] = gettext("WebCfg - System: User Manager: Settings"); +$priv_list['page-system-usermanager-settings']['descr'] = gettext("Allow access to the 'System: User Manager: Settings' page."); $priv_list['page-system-usermanager-settings']['match'] = array(); $priv_list['page-system-usermanager-settings']['match'][] = "system_usermanager_settings.php*"; +$priv_list['page-system-usermanager-settings-ldappicker'] = array(); +$priv_list['page-system-usermanager-settings-ldappicker']['name'] = gettext("WebCfg - System: User Manager: Settings: LDAP Picker"); +$priv_list['page-system-usermanager-settings-ldappicker']['descr'] = gettext("Allow access to the 'System: User Manager: Settings: LDAP Picker' page."); +$priv_list['page-system-usermanager-settings-ldappicker']['match'] = array(); +$priv_list['page-system-usermanager-settings-ldappicker']['match'][] = "system_usermanager_settings_ldapacpicker.php*"; + $priv_list['page-system-usermanager-settings-testldap'] = array(); -$priv_list['page-system-usermanager-settings-testldap']['name'] = gettext("WebCfg - System: User Manager: Settings: Test LDAP page"); +$priv_list['page-system-usermanager-settings-testldap']['name'] = gettext("WebCfg - System: User Manager: Settings: Test LDAP"); $priv_list['page-system-usermanager-settings-testldap']['descr'] = gettext("Allow access to the 'System: User Manager: Settings: Test LDAP' page."); $priv_list['page-system-usermanager-settings-testldap']['match'] = array(); $priv_list['page-system-usermanager-settings-testldap']['match'][] = "system_usermanager_settings_test.php*"; -$priv_list['page-upload_progress'] = array(); -$priv_list['page-upload_progress']['name'] = gettext("WebCfg - System: Firmware: Manual Update page (progress bar)"); -$priv_list['page-upload_progress']['descr'] = gettext("Allow access to the 'System: Firmware: Manual Update: Progress bar' page."); -$priv_list['page-upload_progress']['match'] = array(); -$priv_list['page-upload_progress']['match'][] = "upload_progress*"; - $priv_list['page-hidden-uploadconfiguration'] = array(); -$priv_list['page-hidden-uploadconfiguration']['name'] = gettext("WebCfg - Hidden: Upload Configuration page"); +$priv_list['page-hidden-uploadconfiguration']['name'] = gettext("WebCfg - Hidden: Upload Configuration"); $priv_list['page-hidden-uploadconfiguration']['descr'] = gettext("Allow access to the 'Hidden: Upload Configuration' page."); $priv_list['page-hidden-uploadconfiguration']['match'] = array(); $priv_list['page-hidden-uploadconfiguration']['match'][] = "uploadconfig.php*"; $priv_list['page-vpn-ipsec'] = array(); -$priv_list['page-vpn-ipsec']['name'] = gettext("WebCfg - VPN: IPsec page"); +$priv_list['page-vpn-ipsec']['name'] = gettext("WebCfg - VPN: IPsec"); $priv_list['page-vpn-ipsec']['descr'] = gettext("Allow access to the 'VPN: IPsec' page."); $priv_list['page-vpn-ipsec']['match'] = array(); $priv_list['page-vpn-ipsec']['match'][] = "vpn_ipsec.php*"; @@ -1297,106 +1215,89 @@ $priv_list['page-vpn-ipsec-editkeys']['match'] = array(); $priv_list['page-vpn-ipsec-editkeys']['match'][] = "vpn_ipsec_keys_edit.php*"; $priv_list['page-vpn-ipsec-mobile'] = array(); -$priv_list['page-vpn-ipsec-mobile']['name'] = gettext("WebCfg - VPN: IPsec: Mobile page"); +$priv_list['page-vpn-ipsec-mobile']['name'] = gettext("WebCfg - VPN: IPsec: Mobile"); $priv_list['page-vpn-ipsec-mobile']['descr'] = gettext("Allow access to the 'VPN: IPsec: Mobile' page."); $priv_list['page-vpn-ipsec-mobile']['match'] = array(); $priv_list['page-vpn-ipsec-mobile']['match'][] = "vpn_ipsec_mobile.php*"; $priv_list['page-vpn-ipsec-editphase1'] = array(); -$priv_list['page-vpn-ipsec-editphase1']['name'] = gettext("WebCfg - VPN: IPsec: Edit Phase 1 page"); +$priv_list['page-vpn-ipsec-editphase1']['name'] = gettext("WebCfg - VPN: IPsec: Edit Phase 1"); $priv_list['page-vpn-ipsec-editphase1']['descr'] = gettext("Allow access to the 'VPN: IPsec: Edit Phase 1' page."); $priv_list['page-vpn-ipsec-editphase1']['match'] = array(); $priv_list['page-vpn-ipsec-editphase1']['match'][] = "vpn_ipsec_phase1.php*"; $priv_list['page-vpn-ipsec-editphase2'] = array(); -$priv_list['page-vpn-ipsec-editphase2']['name'] = gettext("WebCfg - VPN: IPsec: Edit Phase 2 page"); +$priv_list['page-vpn-ipsec-editphase2']['name'] = gettext("WebCfg - VPN: IPsec: Edit Phase 2"); $priv_list['page-vpn-ipsec-editphase2']['descr'] = gettext("Allow access to the 'VPN: IPsec: Edit Phase 2' page."); $priv_list['page-vpn-ipsec-editphase2']['match'] = array(); $priv_list['page-vpn-ipsec-editphase2']['match'][] = "vpn_ipsec_phase2.php*"; +$priv_list['page-vpn-ipsec-settings'] = array(); +$priv_list['page-vpn-ipsec-settings']['name'] = gettext("WebCfg - VPN: IPsec: Settings"); +$priv_list['page-vpn-ipsec-settings']['descr'] = gettext("Allow access to the 'VPN: IPsec: Settings' page."); +$priv_list['page-vpn-ipsec-settings']['match'] = array(); +$priv_list['page-vpn-ipsec-settings']['match'][] = "vpn_ipsec_settings.php*"; + $priv_list['page-vpn-vpnl2tp'] = array(); -$priv_list['page-vpn-vpnl2tp']['name'] = gettext("WebCfg - VPN: VPN L2TP page"); -$priv_list['page-vpn-vpnl2tp']['descr'] = gettext("Allow access to the 'VPN: VPN L2TP' page."); +$priv_list['page-vpn-vpnl2tp']['name'] = gettext("WebCfg - VPN: L2TP"); +$priv_list['page-vpn-vpnl2tp']['descr'] = gettext("Allow access to the 'VPN: L2TP' page."); $priv_list['page-vpn-vpnl2tp']['match'] = array(); $priv_list['page-vpn-vpnl2tp']['match'][] = "vpn_l2tp.php*"; $priv_list['page-vpn-vpnl2tp-users'] = array(); -$priv_list['page-vpn-vpnl2tp-users']['name'] = gettext("WebCfg - VPN: VPN L2TP : Users page"); -$priv_list['page-vpn-vpnl2tp-users']['descr'] = gettext("Allow access to the 'VPN: VPN L2TP : Users' page."); +$priv_list['page-vpn-vpnl2tp-users']['name'] = gettext("WebCfg - VPN: L2TP: Users"); +$priv_list['page-vpn-vpnl2tp-users']['descr'] = gettext("Allow access to the 'VPN: L2TP: Users' page."); $priv_list['page-vpn-vpnl2tp-users']['match'] = array(); $priv_list['page-vpn-vpnl2tp-users']['match'][] = "vpn_l2tp_users.php*"; $priv_list['page-vpn-vpnl2tp-users-edit'] = array(); -$priv_list['page-vpn-vpnl2tp-users-edit']['name'] = gettext("WebCfg - VPN: VPN L2TP : Users : Edit page"); -$priv_list['page-vpn-vpnl2tp-users-edit']['descr'] = gettext("Allow access to the 'VPN: VPN L2TP : Users : Edit' page."); +$priv_list['page-vpn-vpnl2tp-users-edit']['name'] = gettext("WebCfg - VPN: L2TP: Users: Edit"); +$priv_list['page-vpn-vpnl2tp-users-edit']['descr'] = gettext("Allow access to the 'VPN: L2TP: Users: Edit' page."); $priv_list['page-vpn-vpnl2tp-users-edit']['match'] = array(); $priv_list['page-vpn-vpnl2tp-users-edit']['match'][] = "vpn_l2tp_users_edit.php*"; $priv_list['page-openvpn-client'] = array(); -$priv_list['page-openvpn-client']['name'] = gettext("WebCfg - OpenVPN: Client page"); +$priv_list['page-openvpn-client']['name'] = gettext("WebCfg - OpenVPN: Client"); $priv_list['page-openvpn-client']['descr'] = gettext("Allow access to the 'OpenVPN: Client' page."); $priv_list['page-openvpn-client']['match'] = array(); $priv_list['page-openvpn-client']['match'][] = "vpn_openvpn_client.php*"; $priv_list['page-openvpn-csc'] = array(); -$priv_list['page-openvpn-csc']['name'] = gettext("WebCfg - OpenVPN: Client Specific Override page"); +$priv_list['page-openvpn-csc']['name'] = gettext("WebCfg - OpenVPN: Client Specific Override"); $priv_list['page-openvpn-csc']['descr'] = gettext("Allow access to the 'OpenVPN: Client Specific Override' page."); $priv_list['page-openvpn-csc']['match'] = array(); $priv_list['page-openvpn-csc']['match'][] = "vpn_openvpn_csc.php*"; $priv_list['page-openvpn-server'] = array(); -$priv_list['page-openvpn-server']['name'] = gettext("WebCfg - OpenVPN: Server page"); +$priv_list['page-openvpn-server']['name'] = gettext("WebCfg - OpenVPN: Server"); $priv_list['page-openvpn-server']['descr'] = gettext("Allow access to the 'OpenVPN: Server' page."); $priv_list['page-openvpn-server']['match'] = array(); $priv_list['page-openvpn-server']['match'][] = "vpn_openvpn_server.php*"; $priv_list['page-services-pppoeserver'] = array(); -$priv_list['page-services-pppoeserver']['name'] = gettext("WebCfg - Services: PPPoE Server page"); +$priv_list['page-services-pppoeserver']['name'] = gettext("WebCfg - Services: PPPoE Server"); $priv_list['page-services-pppoeserver']['descr'] = gettext("Allow access to the 'Services: PPPoE Server' page."); $priv_list['page-services-pppoeserver']['match'] = array(); -$priv_list['page-services-pppoeserver']['match'][] = "vpn_pppoe.php*"; +$priv_list['page-services-pppoeserver']['match'][] = "services_pppoe.php*"; $priv_list['page-services-pppoeserver-edit'] = array(); -$priv_list['page-services-pppoeserver-edit']['name'] = gettext("WebCfg - Services: PPPoE Server: Edit page"); +$priv_list['page-services-pppoeserver-edit']['name'] = gettext("WebCfg - Services: PPPoE Server: Edit"); $priv_list['page-services-pppoeserver-edit']['descr'] = gettext("Allow access to the 'Services: PPPoE Server: Edit' page."); $priv_list['page-services-pppoeserver-edit']['match'] = array(); -$priv_list['page-services-pppoeserver-edit']['match'][] = "vpn_pppoe_edit.php*"; - -$priv_list['page-vpn-vpnpptp'] = array(); -$priv_list['page-vpn-vpnpptp']['name'] = gettext("WebCfg - VPN: VPN PPTP page"); -$priv_list['page-vpn-vpnpptp']['descr'] = gettext("Allow access to the 'VPN: VPN PPTP' page."); -$priv_list['page-vpn-vpnpptp']['match'] = array(); -$priv_list['page-vpn-vpnpptp']['match'][] = "vpn_pptp.php*"; - -$priv_list['page-vpn-vpnpptp-users'] = array(); -$priv_list['page-vpn-vpnpptp-users']['name'] = gettext("WebCfg - VPN: VPN PPTP: Users page"); -$priv_list['page-vpn-vpnpptp-users']['descr'] = gettext("Allow access to the 'VPN: VPN PPTP: Users' page."); -$priv_list['page-vpn-vpnpptp-users']['match'] = array(); -$priv_list['page-vpn-vpnpptp-users']['match'][] = "vpn_pptp_users.php*"; - -$priv_list['page-vpn-vpnpptp-user-edit'] = array(); -$priv_list['page-vpn-vpnpptp-user-edit']['name'] = gettext("WebCfg - VPN: VPN PPTP: User: Edit page"); -$priv_list['page-vpn-vpnpptp-user-edit']['descr'] = gettext("Allow access to the 'VPN: VPN PPTP: User: Edit' page."); -$priv_list['page-vpn-vpnpptp-user-edit']['match'] = array(); -$priv_list['page-vpn-vpnpptp-user-edit']['match'][] = "vpn_pptp_users_edit.php*"; +$priv_list['page-services-pppoeserver-edit']['match'][] = "services_pppoe_edit.php*"; $priv_list['page-pfsensewizardsubsystem'] = array(); -$priv_list['page-pfsensewizardsubsystem']['name'] = gettext("WebCfg - pfSense wizard subsystem page"); +$priv_list['page-pfsensewizardsubsystem']['name'] = gettext("WebCfg - pfSense wizard subsystem"); $priv_list['page-pfsensewizardsubsystem']['descr'] = gettext("Allow access to the 'pfSense wizard subsystem' page."); $priv_list['page-pfsensewizardsubsystem']['match'] = array(); $priv_list['page-pfsensewizardsubsystem']['match'][] = "wizard.php*"; $priv_list['page-xmlrpclibrary'] = array(); -$priv_list['page-xmlrpclibrary']['name'] = gettext("WebCfg - XMLRPC Library page"); +$priv_list['page-xmlrpclibrary']['name'] = gettext("WebCfg - XMLRPC Library"); $priv_list['page-xmlrpclibrary']['descr'] = gettext("Allow access to the 'XMLRPC Library' page."); $priv_list['page-xmlrpclibrary']['match'] = array(); $priv_list['page-xmlrpclibrary']['match'][] = "xmlrpc.php*"; -$priv_list['page-firewall-easyrule'] = array(); -$priv_list['page-firewall-easyrule']['name'] = gettext("WebCfg - Firewall: Easy Rule add/status page"); -$priv_list['page-firewall-easyrule']['descr'] = gettext("Allow access to the 'Firewall: Easy Rule' add/status page."); -$priv_list['page-firewall-easyrule']['match'] = array(); -$priv_list['page-firewall-easyrule']['match'][] = "easyrule.php*"; $priv_rmvd = array(); diff --git a/src/etc/inc/priv.inc b/src/etc/inc/priv.inc index 851643b..676351b 100644 --- a/src/etc/inc/priv.inc +++ b/src/etc/inc/priv.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* priv.inc Copyright (C) 2008 Shrew Soft Inc @@ -40,10 +39,6 @@ */ -/* - pfSense_MODULE: auth -*/ - require_once("priv.defs.inc"); /* Load and process custom privs. */ diff --git a/src/etc/inc/priv/user.priv.inc b/src/etc/inc/priv/user.priv.inc index 6414008..fca9be2 100644 --- a/src/etc/inc/priv/user.priv.inc +++ b/src/etc/inc/priv/user.priv.inc @@ -3,18 +3,18 @@ global $priv_list; $priv_list['user-services-captiveportal-login'] = array(); -$priv_list['user-services-captiveportal-login']['name'] = gettext("User - Services - Captive portal login"); +$priv_list['user-services-captiveportal-login']['name'] = gettext("User - Services: Captive Portal login"); $priv_list['user-services-captiveportal-login']['descr'] = gettext("Indicates whether the user is able to login on the captive portal."); $priv_list['page-help-all'] = array(); -$priv_list['page-help-all']['name'] = "WebCfg - Help pages"; -$priv_list['page-help-all']['descr'] = "Show all items on help menu"; +$priv_list['page-help-all']['name'] = gettext("WebCfg - Help pages"); +$priv_list['page-help-all']['descr'] = gettext("Show all items on help menu"); $priv_list['page-help-all']['match'] = array(); $priv_list['page-help-all']['match'][] = "*help.php"; $priv_list['page-dashboard-all'] = array(); -$priv_list['page-dashboard-all']['name'] = "WebCfg - Dashboard (all)"; -$priv_list['page-dashboard-all']['descr'] = "Allow access to all pages required for the dashboard."; +$priv_list['page-dashboard-all']['name'] = gettext("WebCfg - Dashboard (all)"); +$priv_list['page-dashboard-all']['descr'] = gettext("Allow access to all pages required for the dashboard."); $priv_list['page-dashboard-all']['match'] = array(); $priv_list['page-dashboard-all']['match'][] = "index.php*"; $priv_list['page-dashboard-all']['match'][] = "*.widget.php*"; @@ -22,53 +22,114 @@ $priv_list['page-dashboard-all']['match'][] = "graph.php*"; $priv_list['page-dashboard-all']['match'][] = "graph_cpu.php*"; $priv_list['page-dashboard-all']['match'][] = "getstats.php*"; $priv_list['page-dashboard-all']['match'][] = "ifstats.php*"; -$priv_list['page-dashboard-all']['match'][] = "diag_logs_filter_dynamic.php*"; +$priv_list['page-dashboard-all']['match'][] = "status_logs_filter_dynamic.php*"; $priv_list['page-dashboard-widgets'] = array(); -$priv_list['page-dashboard-widgets']['name'] = "WebCfg - Dashboard widgets (direct access)."; -$priv_list['page-dashboard-widgets']['descr'] = "Allow direct access to all Dashboard widget pages, required for some widgets using AJAX."; +$priv_list['page-dashboard-widgets']['name'] = gettext("WebCfg - Dashboard widgets (direct access)."); +$priv_list['page-dashboard-widgets']['descr'] = gettext("Allow direct access to all Dashboard widget pages, required for some widgets using AJAX."); $priv_list['page-dashboard-widgets']['match'] = array(); $priv_list['page-dashboard-widgets']['match'][] = "*.widget.php*"; $priv_list['user-config-readonly'] = array(); -$priv_list['user-config-readonly']['name'] = "User - Config - Deny Config Write"; -$priv_list['user-config-readonly']['descr'] = "If present, ignores requests from this user to write config.xml."; +$priv_list['user-config-readonly']['name'] = gettext("User - Config: Deny Config Write"); +$priv_list['user-config-readonly']['descr'] = gettext("If present, ignores requests from this user to write config.xml."); $priv_list['user-shell-access'] = array(); -$priv_list['user-shell-access']['name'] = "User - System - Shell account access"; -$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ". - "example via SSH."; +$priv_list['user-shell-access']['name'] = gettext("User - System: Shell account access"); +$priv_list['user-shell-access']['descr'] = gettext("Indicates whether the user is able to login for example via SSH."); $priv_list['user-copy-files'] = array(); -$priv_list['user-copy-files']['name'] = "User - System - Copy files"; -$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ". +$priv_list['user-copy-files']['name'] = gettext("User - System: Copy files (scp)"); +$priv_list['user-copy-files']['descr'] = gettext("Indicates whether the user is allowed to copy files ". "onto the {$g['product_name']} appliance via SCP/SFTP. ". "If you are going to use this privilege, you must install ". - "scponly on the appliance (Hint: pkg_add -r scponly)."; + "scponly on the appliance (Hint: pkg_add -r scponly)."); $priv_list['user-ssh-tunnel'] = array(); -$priv_list['user-ssh-tunnel']['name'] = "User - System - SSH tunneling"; -$priv_list['user-ssh-tunnel']['descr'] = "Indicates whether the user is able to login for ". +$priv_list['user-ssh-tunnel']['name'] = gettext("User - System: SSH tunneling"); +$priv_list['user-ssh-tunnel']['descr'] = gettext("Indicates whether the user is able to login for ". "tunneling via SSH when they have no shell access. ". "Note: User - System - Copy files conflicts with ". - "this privilege."; + "this privilege."); $priv_list['user-ipsec-xauth-dialin'] = array(); -$priv_list['user-ipsec-xauth-dialin']['name'] = "User - VPN - IPsec xauth Dialin"; -$priv_list['user-ipsec-xauth-dialin']['descr'] = "Indicates whether the user is allowed to dial in via IPsec xauth ". +$priv_list['user-ipsec-xauth-dialin']['name'] = gettext("User - VPN: IPsec xauth Dialin"); +$priv_list['user-ipsec-xauth-dialin']['descr'] = gettext("Indicates whether the user is allowed to dial in via IPsec xauth ". "(Note: Does not allow shell access, but may allow ". - "the user to create SSH tunnels)"; + "the user to create SSH tunnels)"); $priv_list['user-l2tp-dialin'] = array(); -$priv_list['user-l2tp-dialin']['name'] = "User - VPN - L2TP Dialin"; -$priv_list['user-l2tp-dialin']['descr'] = "Indicates whether the user is allowed to dial in via L2TP"; - -$priv_list['user-pptp-dialin'] = array(); -$priv_list['user-pptp-dialin']['name'] = "User - VPN - PPTP Dialin"; -$priv_list['user-pptp-dialin']['descr'] = "Indicates whether the user is allowed to dial in via PPTP"; +$priv_list['user-l2tp-dialin']['name'] = gettext("User - VPN: L2TP Dialin"); +$priv_list['user-l2tp-dialin']['descr'] = gettext("Indicates whether the user is allowed to dial in via L2TP"); $priv_list['user-pppoe-dialin'] = array(); -$priv_list['user-pppoe-dialin']['name'] = "User - VPN - PPPOE Dialin"; -$priv_list['user-pppoe-dialin']['descr'] = "Indicates whether the user is allowed to dial in via PPPOE"; +$priv_list['user-pppoe-dialin']['name'] = gettext("User - VPN: PPPOE Dialin"); +$priv_list['user-pppoe-dialin']['descr'] = gettext("Indicates whether the user is allowed to dial in via PPPOE"); + +$priv_list['page-status-systemlogs-portalauth'] = array(); +$priv_list['page-status-systemlogs-portalauth']['name'] = gettext("WebCfg - Status: System logs: Portal Auth"); +$priv_list['page-status-systemlogs-portalauth']['descr'] = gettext("Allow access to the 'Status: System logs: Portal Auth' page."); +$priv_list['page-status-systemlogs-portalauth']['match'] = array(); +$priv_list['page-status-systemlogs-portalauth']['match'][] = "status_logs.php?logfile=portalauth"; + +$priv_list['page-diagnostics-logs-dhcp'] = array(); +$priv_list['page-diagnostics-logs-dhcp']['name'] = gettext("WebCfg - Status: Logs: DHCP"); +$priv_list['page-diagnostics-logs-dhcp']['descr'] = gettext("Allow access to the 'Status: Logs: DHCP' page."); +$priv_list['page-diagnostics-logs-dhcp']['match'] = array(); +$priv_list['page-diagnostics-logs-dhcp']['match'][] = "status_logs.php?logfile=dhcpd"; + +$priv_list['page-diagnostics-logs-gateways'] = array(); +$priv_list['page-diagnostics-logs-gateways']['name'] = gettext("WebCfg - Status: Logs: Gateways"); +$priv_list['page-diagnostics-logs-gateways']['descr'] = gettext("Allow access to the 'Status: Logs: System: Gateways' page."); +$priv_list['page-diagnostics-logs-gateways']['match'] = array(); +$priv_list['page-diagnostics-logs-gateways']['match'][] = "status_logs.php?logfile=gateways"; + +$priv_list['page-diagnostics-logs-resolver'] = array(); +$priv_list['page-diagnostics-logs-resolver']['name'] = gettext("WebCfg - Status: Logs: Resolver"); +$priv_list['page-diagnostics-logs-resolver']['descr'] = gettext("Allow access to the 'Status: Logs: System: Resolver' page."); +$priv_list['page-diagnostics-logs-resolver']['match'] = array(); +$priv_list['page-diagnostics-logs-resolver']['match'][] = "status_logs.php?logfile=resolver"; + +$priv_list['page-status-systemlogs-ipsecvpn'] = array(); +$priv_list['page-status-systemlogs-ipsecvpn']['name'] = gettext("WebCfg - Status: System logs: IPsec VPN"); +$priv_list['page-status-systemlogs-ipsecvpn']['descr'] = gettext("Allow access to the 'Status: System logs: IPsec VPN' page."); +$priv_list['page-status-systemlogs-ipsecvpn']['match'] = array(); +$priv_list['page-status-systemlogs-ipsecvpn']['match'][] = "status_logs.php?logfile=ipsec"; + +$priv_list['page-status-systemlogs-ntpd'] = array(); +$priv_list['page-status-systemlogs-ntpd']['name'] = gettext("WebCfg - Status: System logs: NTP"); +$priv_list['page-status-systemlogs-ntpd']['descr'] = gettext("Allow access to the 'Status: System logs: NTP' page."); +$priv_list['page-status-systemlogs-ntpd']['match'] = array(); +$priv_list['page-status-systemlogs-ntpd']['match'][] = "status_logs.php?logfile=ntpd"; + +$priv_list['page-status-systemlogs-openvpn'] = array(); +$priv_list['page-status-systemlogs-openvpn']['name'] = gettext("WebCfg - Status: System logs: OpenVPN"); +$priv_list['page-status-systemlogs-openvpn']['descr'] = gettext("Allow access to the 'Status: System logs: OpenVPN' page."); +$priv_list['page-status-systemlogs-openvpn']['match'] = array(); +$priv_list['page-status-systemlogs-openvpn']['match'][] = "status_logs.php?logfile=openvpn"; + +$priv_list['page-status-systemlogs-ppp'] = array(); +$priv_list['page-status-systemlogs-ppp']['name'] = gettext("WebCfg - Status: System logs: IPsec VPN"); +$priv_list['page-status-systemlogs-ppp']['descr'] = gettext("Allow access to the 'Status: System logs: IPsec VPN' page."); +$priv_list['page-status-systemlogs-ppp']['match'] = array(); +$priv_list['page-status-systemlogs-ppp']['match'][] = "status_logs.php?logfile=ppp"; + +$priv_list['page-status-systemlogs-loadbalancer'] = array(); +$priv_list['page-status-systemlogs-loadbalancer']['name'] = gettext("WebCfg - Status: System logs: Load Balancer"); +$priv_list['page-status-systemlogs-loadbalancer']['descr'] = gettext("Allow access to the 'Status: System logs: Load Balancer' page."); +$priv_list['page-status-systemlogs-loadbalancer']['match'] = array(); +$priv_list['page-status-systemlogs-loadbalancer']['match'][] = "status_logs.php?logfile=relayd"; + +$priv_list['page-status-systemlogs-routing'] = array(); +$priv_list['page-status-systemlogs-routing']['name'] = gettext("WebCfg - Status: System logs: Routing"); +$priv_list['page-status-systemlogs-routing']['descr'] = gettext("Allow access to the 'Status: System logs: System: Routing' page."); +$priv_list['page-status-systemlogs-routing']['match'] = array(); +$priv_list['page-status-systemlogs-routing']['match'][] = "status_logs.php?logfile=routing"; + +$priv_list['page-status-systemlogs-wireless'] = array(); +$priv_list['page-status-systemlogs-wireless']['name'] = gettext("WebCfg - Status: System logs: Wireless"); +$priv_list['page-status-systemlogs-wireless']['descr'] = gettext("Allow access to the 'Status: System logs: System: Wireless' page."); +$priv_list['page-status-systemlogs-wireless']['match'] = array(); +$priv_list['page-status-systemlogs-wireless']['match'][] = "status_logs.php?logfile=wireless"; ?> diff --git a/src/etc/inc/radius.inc b/src/etc/inc/radius.inc index ac610bd..a63b831 100644 --- a/src/etc/inc/radius.inc +++ b/src/etc/inc/radius.inc @@ -47,10 +47,6 @@ */ -/* - pfSense_MODULE: auth -*/ - require_once("PEAR.inc"); require_once("radius_authentication.inc"); require_once("radius_accounting.inc"); diff --git a/src/etc/inc/rrd.inc b/src/etc/inc/rrd.inc index 8d4f194..50d7b42 100644 --- a/src/etc/inc/rrd.inc +++ b/src/etc/inc/rrd.inc @@ -28,11 +28,6 @@ */ -/* - pfSense_BUILDER_BINARIES: /bin/rm /usr/bin/nice /usr/local/bin/rrdtool /bin/cd - pfSense_MODULE: rrd -*/ - /* include all configuration functions */ function dump_rrd_to_xml($rrddatabase, $xmldumpfile) { @@ -50,7 +45,7 @@ function dump_rrd_to_xml($rrddatabase, $xmldumpfile) { function restore_rrd() { global $g, $config; - $rrddbpath = "/var/db/rrd/"; + $rrddbpath = "{$g['vardb_path']}/rrd/"; $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; $rrdrestore = ""; @@ -211,7 +206,7 @@ function enable_rrd_graphing() { echo gettext("Generating RRD graphs..."); } - $rrddbpath = "/var/db/rrd/"; + $rrddbpath = "{$g['vardb_path']}/rrd/"; $rrdgraphpath = "/usr/local/www/rrd"; $traffic = "-traffic.rrd"; @@ -229,6 +224,7 @@ function enable_rrd_graphing() { $captiveportalconcurrent = "-concurrent.rrd"; $captiveportalloggedin = "-loggedin.rrd"; $ntpd = "ntpd.rrd"; + $dhcpd = "-dhcpd.rrd"; $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; $netstat = "/usr/bin/netstat"; @@ -241,6 +237,7 @@ function enable_rrd_graphing() { $spamd_gather = "/usr/local/bin/spamd_gather_stats.php"; $ifconfig = "/sbin/ifconfig"; $captiveportal_gather = "/usr/local/bin/captiveportal_gather_stats.php"; + $dhcpd_gather = "/usr/local/bin/dhcpd_gather_stats.php"; $ntpq = "/usr/local/sbin/ntpq"; $rrdtrafficinterval = 60; @@ -258,6 +255,7 @@ function enable_rrd_graphing() { $rrdvpninterval = 60; $rrdcaptiveportalinterval = 60; $rrdntpdinterval = 60; + $rrddhcpdinterval = 60; $trafficvalid = $rrdtrafficinterval * 2; $wirelessvalid = $rrdwirelessinterval * 2; @@ -274,6 +272,7 @@ function enable_rrd_graphing() { $vpnvalid = $rrdvpninterval * 2; $captiveportalvalid = $rrdcaptiveportalinterval * 2; $ntpdvalid = $rrdntpdinterval * 2; + $dhcpdvalid = $rrddhcpdinterval * 2; /* Assume 2*10GigE for now */ $downstream = 2500000000; @@ -319,11 +318,11 @@ function enable_rrd_graphing() { } if (platform_booting()) { - if (!is_dir("{$g['vardb_path']}/rrd")) { - mkdir("{$g['vardb_path']}/rrd", 0775); + if (!is_dir($rrddbpath)) { + mkdir($rrddbpath, 0775); } - @chown("{$g['vardb_path']}/rrd", "nobody"); + @chown($rrddbpath, "nobody"); } /* process all real and pseudo interfaces */ @@ -912,6 +911,92 @@ function enable_rrd_graphing() { } /* End NTP statistics */ + /* Start dhcpd statistics */ + if (is_array($config['dhcpd'])) { + foreach ($config['dhcpd'] as $dhcpif => $dhcpifconf) { + if (isset($config['dhcpd'][$dhcpif]['statsgraph'])) { + if (!file_exists("$rrddbpath$dhcpif$dhcpd")) { + $rrdcreate = "$rrdtool create $rrddbpath$dhcpif$dhcpd --step $rrddhcpdinterval "; + $rrdcreate .= "DS:leases:GAUGE:$dhcpdvalid:0:100000 "; + $rrdcreate .= "DS:staticleases:GAUGE:$dhcpdvalid:0:100000 "; + $rrdcreate .= "DS:dhcprange:GAUGE:$dhcpdvalid:0:100000 "; + $rrdcreate .= "RRA:MIN:0.5:1:1200 "; + $rrdcreate .= "RRA:MIN:0.5:5:720 "; + $rrdcreate .= "RRA:MIN:0.5:60:1860 "; + $rrdcreate .= "RRA:MIN:0.5:1440:2284 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1200 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:720 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1860 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 "; + $rrdcreate .= "RRA:MAX:0.5:1:1200 "; + $rrdcreate .= "RRA:MAX:0.5:5:720 "; + $rrdcreate .= "RRA:MAX:0.5:60:1860 "; + $rrdcreate .= "RRA:MAX:0.5:1440:2284 "; + create_new_rrd($rrdcreate); + unset($rrdcreate); + } + + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if (platform_booting()) { + mwexec("$rrdtool update $rrddbpath$dhcpif$dhcpd N:U:U:U:U:U:U:U:U"); + } + + $rrdupdatesh .= "\n"; + $rrdupdatesh .= "# polling leases for dhcp \n"; + $rrdupdatesh .= "DHCP=`${php} -q ${dhcpd_gather} '${dhcpif}'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$dhcpif$dhcpd \${DHCP}\n"; + + } + } + } + /* END dhcpd statistics */ + + /* Start gateway quality */ + $rrdupdatesh .= <<<EOD + +# Gateway quality graphs +for sock in {$g['varrun_path']}/dpinger_*.sock; do + if [ ! -S "\$sock" ]; then + continue + fi + + gw=\$(/usr/bin/nc -U \$sock | awk '{ print \$1 }') + + if [ -z "\$gw" ]; then + continue + fi + + delay=\$(/usr/bin/nc -U \$sock | awk '{ print \$2 }') + loss=\$(/usr/bin/nc -U \$sock | awk '{ print \$4 }') + + if echo "\$loss" | grep -Eqv '^[0-9]+\$'; then + loss="U" + fi + if echo "\$delay" | grep -Eqv '^[0-9]+\$'; then + delay="U" + else + # Convert delay to millisecond + delay=\$(echo "scale=7; \$delay / 1000 / 1000" | /usr/bin/bc) + fi + + if [ ! -f {$rrddbpath}\$gw-quality.rrd ]; then + {$rrdtool} create {$rrddbpath}\$gw-quality.rrd --step 60 \\ + DS:loss:GAUGE:120:0:100 \\ + DS:delay:GAUGE:120:0:100000 \\ + RRA:AVERAGE:0.5:1:1200 \\ + RRA:AVERAGE:0.5:5:720 \\ + RRA:AVERAGE:0.5:60:1860 \\ + RRA:AVERAGE:0.5:1440:2284 + + {$rrdtool} update {$rrddbpath}\$gw-quality.rrd -t loss:delay N:U:U + fi + + {$rrdtool} update {$rrddbpath}\$gw-quality.rrd -t loss:delay N:\$loss:\$delay +done + +EOD; + /* End gateway quality */ + $rrdupdatesh .= "sleep 60\n"; $rrdupdatesh .= "done\n"; log_error(gettext("Creating rrd update script")); @@ -945,41 +1030,6 @@ function enable_rrd_graphing() { } -# Create gateway quality RRD with settings suitable for pfSense graph set. -function create_gateway_quality_rrd($rrd_file) { - global $g; - - $rrdinterval = 60; - $valid = $rrdinterval * 2; - $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; - - /* GATEWAY QUALITY, set up the rrd file */ - if (!file_exists("$rrd_file")) { - $rrdcreate = "$rrdtool create $rrd_file --step $rrdinterval "; - $rrdcreate .= "DS:loss:GAUGE:$valid:0:100 "; - $rrdcreate .= "DS:delay:GAUGE:$valid:0:100000 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1:1200 "; - $rrdcreate .= "RRA:AVERAGE:0.5:5:720 "; - $rrdcreate .= "RRA:AVERAGE:0.5:60:1860 "; - $rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 "; - - create_new_rrd($rrdcreate); - unset($rrdcreate); - } - - /* enter UNKNOWN values in the RRD so it knows we rebooted. */ - if (platform_booting()) { - if (!is_dir("{$g['vardb_path']}/rrd")) { - mkdir("{$g['vardb_path']}/rrd", 0775); - } - - @chown("{$g['vardb_path']}/rrd", "nobody"); - - mwexec("$rrdtool update $rrd_file N:U:U"); - } - unset($rrdtool, $rrdinterval, $valid, $rrd_file); -} - function kill_traffic_collector() { global $g; diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc index 265ad9f..ca72d5f 100644 --- a/src/etc/inc/service-utils.inc +++ b/src/etc/inc/service-utils.inc @@ -32,10 +32,6 @@ */ -/* - pfSense_BUILDER_BINARIES: /bin/pgrep /bin/sh /usr/bin/killall - pfSense_MODULE: utils -*/ require_once("globals.inc"); require_once("captiveportal.inc"); require_once("openvpn.inc"); @@ -138,6 +134,8 @@ function stop_service($name) { } if (!empty($service['stopcmd'])) { eval($service['stopcmd']); + } elseif (!empty($service['executable'])) { + mwexec("/usr/bin/killall " . escapeshellarg($service['executable'])); } break; @@ -153,7 +151,9 @@ function restart_service($name) { return; } - stop_service($name); + if (is_service_running($name)) { + stop_service($name); + } start_service($name); if (is_array($config['installedpackages']) && is_array($config['installedpackages']['service'])) { @@ -318,7 +318,7 @@ function get_services() { $gateways_arr = return_gateways_array(); if (is_array($gateways_arr)) { $pconfig = array(); - $pconfig['name'] = "apinger"; + $pconfig['name'] = "dpinger"; $pconfig['description'] = gettext("Gateway Monitoring Daemon"); $services[] = $pconfig; } @@ -344,7 +344,7 @@ function get_services() { $services[] = $pconfig; } - if (isset($config['ipsec']['enable'])) { + if (ipsec_enabled()) { $pconfig = array(); $pconfig['name'] = "ipsec"; $pconfig['description'] = gettext("IPsec VPN"); @@ -465,7 +465,7 @@ function get_service_status_icon($service, $withtext = true, $smallicon = false) if (get_service_status($service)) { $statustext = gettext("Running"); $output .= "<a title=\"" . sprintf(gettext("%s Service is"), $service["name"]) . " {$statustext}\" ><i class=\""; - $output .= ($smallicon) ? "icon icon-play" : "icon icon-large icon-play"; + $output .= ($smallicon) ? "fa fa-play" : "fa fa-lg fa-play"; $output .= "\" ></i></a>"; if ($withtext) { $output .= " " . $statustext; @@ -474,7 +474,7 @@ function get_service_status_icon($service, $withtext = true, $smallicon = false) $service_enabled = is_service_enabled($service['name']); $statustext = ($service_enabled) ? gettext("Stopped") : gettext("Disabled"); $output .= "<a title=\"" . sprintf(gettext("%s Service is"), $service["name"]) . " {$statustext}\" ><i class=\""; - $output .= ($smallicon) ? "icon icon-remove" : "icon icon-large icon-remove"; + $output .= ($smallicon) ? "fa fa-times" : "fa fa-lg fa-times"; $output .= "\" ></i></a>"; if ($withtext) { $output .= " " . $statustext; @@ -504,32 +504,32 @@ function get_service_control_GET_links($service, $addname = false) { if (get_service_status($service)) { switch ($service['name']) { case "openvpn": - $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; + $output .= "<a href=\"status_services.php?mode=restartservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}\">"; break; case "captiveportal": - $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}&zone={$service['zone']}'>"; + $output .= "<a href=\"status_services.php?mode=restartservice&service={$service['name']}&zone={$service['zone']}\">"; break; default: - $output .= "<a href='status_services.php?mode=restartservice&service={$service['name']}'>"; + $output .= "<a href=\"status_services.php?mode=restartservice&service={$service['name']}\">"; } - $output .= "<i class=\"icon-large icon-repeat\" title='" . sprintf(gettext("Restart %sService"), $stitle) . "' alt='restart'></i></a>\n"; + $output .= "<i class=\"fa fa-repeat\" title=\"" . sprintf(gettext("Restart %sService"), $stitle) . "\"></i></a>\n"; switch ($service['name']) { case "openvpn": - $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}'>"; + $output .= "<a href=\"status_services.php?mode=stopservice&service={$service['name']}&vpnmode={$service['mode']}&id={$service['vpnid']}\">"; break; case "captiveportal": - $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}&zone={$service['zone']}'>"; + $output .= "<a href=\"status_services.php?mode=stopservice&service={$service['name']}&zone={$service['zone']}\">"; break; default: - $output .= "<a href='status_services.php?mode=stopservice&service={$service['name']}'>"; + $output .= "<a href=\"status_services.php?mode=stopservice&service={$service['name']}\">"; } - $output .= "<i class=\"icon-large icon-stop\" title='" . sprintf(gettext("Stop %sService"), $stitle) . "' alt='stop'></i></a>"; + $output .= "<i class=\"fa fa-stop-circle-o\" title=\"" . sprintf(gettext("Stop %sService"), $stitle) . "\"></i></a>"; } else { $service_enabled = is_service_enabled($service['name']); if ($service['name'] == 'openvpn' || $service['name'] == 'captiveportal' || $service_enabled) { $output .= sprintf($link, sprintf(gettext("Start %sService"), $stitle), 'startservice'); - $output .= '<i class="icon icon-play-circle"></i></a> '; + $output .= '<i class="fa fa-play-circle"></i></a> '; } } @@ -549,7 +549,7 @@ function get_service_control_links($service, $addname = false) { $link = '<a title="%s" href="#" id="captiveportal-%s-' . $service['zone'] . '">'; break; default: - $link = '<a title="%s" href="#" value="" id="%s-' . $service['name'] . '">'; + $link = '<a title="%s" href="#" id="%s-' . $service['name'] . '">'; } if (get_service_status($service)) { @@ -558,33 +558,33 @@ function get_service_control_links($service, $addname = false) { $output .= '<a href="#" id="openvpn-restartservice-' . $service['mode'] . '-' . $service['vpnid'] . '" >'; break; case "captiveportal": - $output .= '<a href="#" value="" id=captiveportal-restartservice-' . $service['zone'] . '">'; + $output .= '<a href="#" id="captiveportal-restartservice-' . $service['zone'] . '">'; break; default: $output .= '<a href="#" id="restartservice-' . $service['name'] . '" >'; } - $output .= "<i class=\"icon-large icon-repeat\" title='" . sprintf(gettext("Restart %sService"), $stitle) . "' alt='restart'></i></a>\n"; + $output .= "<i class=\"fa fa-repeat\" title=\"" . sprintf(gettext("Restart %sService"), $stitle) . "\"></i></a>\n"; switch ($service['name']) { case "openvpn": $output .= '<a href="#" id="openvpn-stopservice-' . $service['mode'] . '-' . $service['vpnid'] . '" >'; break; case "captiveportal": - $output .= '<a href="#" value="" id=captiveportal-stopservice-' . $service['zone'] . '">'; + $output .= '<a href="#" id="captiveportal-stopservice-' . $service['zone'] . '">'; break; default: $output .= '<a href="#" id="stopservice-' . $service['name'] . '">'; } - $output .= "<i class=\"icon-large icon-stop\" title='" . sprintf(gettext("Stop %sService"), $stitle) . "' alt='stop'></i></a>"; + $output .= "<i class=\"fa fa-stop-circle-o\" title=\"" . sprintf(gettext("Stop %sService"), $stitle) . "\"></i></a>"; } else { $service_enabled = is_service_enabled($service['name']); if ($service['name'] == 'openvpn' || $service['name'] == 'captiveportal' || $service_enabled) { $output .= sprintf($link, sprintf(gettext("Start %sService"), $stitle), 'startservice'); - $output .= '<i class="icon icon-play-circle"></i></a> '; + $output .= '<i class="fa fa-play-circle"></i></a> '; } } @@ -605,7 +605,7 @@ function service_control_start($name, $extras) { case 'openntpd': system_ntp_configure(); break; - case 'apinger': + case 'dpinger': setup_gateways_monitor(); break; case 'bsnmpd': @@ -674,8 +674,8 @@ function service_control_stop($name, $extras) { case 'openntpd': killbyname("openntpd"); break; - case 'apinger': - killbypid("{$g['varrun_path']}/apinger.pid"); + case 'dpinger': + stop_dpinger(); break; case 'bsnmpd': killbypid("{$g['varrun_path']}/snmpd.pid"); @@ -744,8 +744,7 @@ function service_control_restart($name, $extras) { case 'openntpd': system_ntp_configure(); break; - case 'apinger': - killbypid("{$g['varrun_path']}/apinger.pid"); + case 'dpinger': setup_gateways_monitor(); break; case 'bsnmpd': diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc index 37fdf46..0a1d56a 100644 --- a/src/etc/inc/services.inc +++ b/src/etc/inc/services.inc @@ -30,16 +30,8 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - pfSense_BUILDER_BINARIES: /usr/bin/killall /bin/pgrep /bin/sh /usr/local/sbin/dhcpd /usr/local/sbin/igmpproxy - pfSense_BUILDER_BINARIES: /sbin/ifconfig /usr/local/sbin/dnsmasq - pfSense_BUILDER_BINARIES: /usr/local/sbin/miniupnpd /usr/sbin/radvd - pfSense_BUILDER_BINARIES: /usr/local/sbin/dhcleases6 /usr/sbin/bsnmpd - pfSense_MODULE: utils -*/ - -define('DYNDNS_PROVIDER_VALUES', 'citynetwork cloudflare custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost zoneedit'); -define('DYNDNS_PROVIDER_DESCRIPTIONS', 'City Network,CloudFlare,Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,ZoneEdit'); +define('DYNDNS_PROVIDER_VALUES', 'citynetwork cloudflare custom custom-v6 dnsexit dnsimple dnsmadeeasy dnsomatic dyndns dyndns-custom dyndns-static dyns easydns eurodns freedns glesys googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker loopia namecheap noip noip-free ods opendns ovh-dynhost route53 selfhost spdns spdns-v6 zoneedit'); +define('DYNDNS_PROVIDER_DESCRIPTIONS', 'City Network,CloudFlare,Custom,Custom (v6),DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,GleSYS,Google Domains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Route 53,SelfHost,SPDNS,SPDNS (v6),ZoneEdit'); /* implement ipv6 route advertising daemon */ function services_radvd_configure($blacklist = array()) { @@ -1583,8 +1575,7 @@ EOD; fclose($igmpfl); unset($igmpconf); - /* NOTE: -d4 means everything LOG_WARNING and smaller */ - mwexec("/usr/local/sbin/igmpproxy -d4 -c {$g['tmp_path']}/igmpproxy.conf"); + mwexec_bg("/usr/local/sbin/igmpproxy -v {$g['tmp_path']}/igmpproxy.conf"); log_error(gettext("Started IGMP proxy service.")); return 0; @@ -1628,12 +1619,81 @@ function services_dhcrelay_configure() { } } + /* + * In order for the relay to work, it needs to be active + * on the interface in which the destination server sits. + */ $srvips = explode(",", $dhcrelaycfg['server']); if (!is_array($srvips)) { log_error("No destination IP has been configured!"); return; } + foreach ($srvips as $srcidx => $srvip) { + unset($destif); + foreach ($iflist as $ifname) { + $subnet = get_interface_ip($ifname); + if (!is_ipaddr($subnet)) { + continue; + } + $subnet .= "/" . get_interface_subnet($ifname); + if (ip_in_subnet($srvip, $subnet)) { + $destif = get_real_interface($ifname); + break; + } + } + if (!isset($destif)) { + foreach (get_staticroutes() as $rtent) { + if (ip_in_subnet($srvip, $rtent['network'])) { + $a_gateways = return_gateways_array(true); + $destif = $a_gateways[$rtent['gateway']]['interface']; + break; + } + } + } + + if (!isset($destif)) { + /* Create a array from the existing route table */ + exec("/usr/bin/netstat -rnWf inet", $route_str); + array_shift($route_str); + array_shift($route_str); + array_shift($route_str); + array_shift($route_str); + $route_arr = array(); + foreach ($route_str as $routeline) { + $items = preg_split("/[ ]+/i", $routeline); + if (is_subnetv4($items[0])) { + $subnet = $items[0]; + } elseif (is_ipaddrv4($items[0])) { + $subnet = "{$items[0]}/32"; + } else { + // Not a subnet or IP address, skip to the next line. + continue; + } + if (ip_in_subnet($srvip, $subnet)) { + $destif = trim($items[6]); + break; + } + } + } + + if (!isset($destif)) { + if (is_array($config['gateways']['gateway_item'])) { + foreach ($config['gateways']['gateway_item'] as $gateway) { + if (isset($gateway['defaultgw'])) { + $destif = get_real_interface($gateway['interface']); + break; + } + } + } else { + $destif = get_real_interface("wan"); + } + } + + if (!empty($destif)) { + $dhcrelayifs[] = $destif; + } + } $dhcrelayifs = array_unique($dhcrelayifs); /* fire up dhcrelay */ @@ -1694,10 +1754,70 @@ function services_dhcrelay6_configure() { } $dhcrelayifs = array_unique($dhcrelayifs); + /* + * In order for the relay to work, it needs to be active + * on the interface in which the destination server sits. + */ $srvips = explode(",", $dhcrelaycfg['server']); - if (!is_array($srvips)) { - log_error("No destination IP has been configured!"); - return; + $srvifaces = array(); + foreach ($srvips as $srcidx => $srvip) { + unset($destif); + foreach ($iflist as $ifname) { + $subnet = get_interface_ipv6($ifname); + if (!is_ipaddrv6($subnet)) { + continue; + } + $subnet .= "/" . get_interface_subnetv6($ifname); + if (ip_in_subnet($srvip, $subnet)) { + $destif = get_real_interface($ifname); + break; + } + } + if (!isset($destif)) { + if (is_array($config['staticroutes']['route'])) { + foreach ($config['staticroutes']['route'] as $rtent) { + if (ip_in_subnet($srvip, $rtent['network'])) { + $a_gateways = return_gateways_array(true); + $destif = $a_gateways[$rtent['gateway']]['interface']; + break; + } + } + } + } + + if (!isset($destif)) { + /* Create a array from the existing route table */ + exec("/usr/bin/netstat -rnWf inet6", $route_str); + array_shift($route_str); + array_shift($route_str); + array_shift($route_str); + array_shift($route_str); + $route_arr = array(); + foreach ($route_str as $routeline) { + $items = preg_split("/[ ]+/i", $routeline); + if (ip_in_subnet($srvip, $items[0])) { + $destif = trim($items[6]); + break; + } + } + } + + if (!isset($destif)) { + if (is_array($config['gateways']['gateway_item'])) { + foreach ($config['gateways']['gateway_item'] as $gateway) { + if (isset($gateway['defaultgw'])) { + $destif = get_real_interface($gateway['interface']); + break; + } + } + } else { + $destif = get_real_interface("wan"); + } + } + + if (!empty($destif)) { + $srvifaces[] = "{$srvip}%{$destif}"; + } } /* fire up dhcrelay */ @@ -2148,10 +2268,6 @@ begemotSnmpdCommunityDisable = 1 EOD; - if (isset($config['snmpd']['bindlan'])) { - $config['snmpd']['bindip'] = 'lan'; - unset($config['snmpd']['bindlan']); - } $bind_to_ip = "0.0.0.0"; if (isset($config['snmpd']['bindip'])) { if (is_ipaddr($config['snmpd']['bindip'])) { @@ -2210,17 +2326,10 @@ EOD; } if (isset($config['snmpd']['modules']['hostres'])) { - /* XXX: hostres module crashes APU - ticket #4403 */ - $specplatform = system_identify_specific_platform(); - if ($specplatform['name'] == 'APU') { - log_error("'Host Resources' SNMP module was ignored because it can potentially crash system on APU boards"); - } else { - $snmpdconf .= <<<EOD + $snmpdconf .= <<<EOD begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so" EOD; - } - unset($specplatform); } if (isset($config['snmpd']['modules']['bridge'])) { @@ -2248,13 +2357,9 @@ EOD; fclose($fd); unset($snmpdconf); - if (isset($config['snmpd']['bindlan'])) { - $bindlan = ""; - } - /* run bsnmpd */ mwexec("/usr/sbin/bsnmpd -c {$g['varetc_path']}/snmpd.conf" . - "{$bindlan} -p {$g['varrun_path']}/snmpd.pid"); + " -p {$g['varrun_path']}/snmpd.pid"); if (platform_booting()) { echo gettext("done.") . "\n"; @@ -2490,7 +2595,7 @@ function upnp_action ($action) { case "stop": killbypid("{$g['varrun_path']}/miniupnpd.pid"); while ((int)exec("/bin/pgrep -a miniupnpd | wc -l") > 0) { - mwexec('killall miniupnpd 2>/dev/null', true); + mwexec('/usr/bin/killall miniupnpd 2>/dev/null', true); } mwexec('/sbin/pfctl -aminiupnpd -Fr 2>&1 >/dev/null'); mwexec('/sbin/pfctl -aminiupnpd -Fn 2>&1 >/dev/null'); diff --git a/src/etc/inc/shaper.inc b/src/etc/inc/shaper.inc index f4b562e..9b57170 100644 --- a/src/etc/inc/shaper.inc +++ b/src/etc/inc/shaper.inc @@ -3,11 +3,13 @@ shaper.inc */ /* ==================================================================== - * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. - * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: + * Some or all of this file is based on the m0n0wall project which is + * Copyright (c) 2004 Manuel Kasper (BSD 2 clause) + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. @@ -15,12 +17,12 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the - * distribution. + * distribution. * - * 3. All advertising materials mentioning features or use of this software + * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgment: * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution. (http://www.pfsense.org/). + * for use in the pfSense software distribution. (http://www.pfsense.org/). * * 4. The names "pfSense" and "pfSense Project" must not be used to * endorse or promote products derived from this software without @@ -749,6 +751,8 @@ class altq_root_queue { 'Save' )); + $sform->setAction("firewall_shaper.php"); + $section = new Form_Section(null); $section->addInput(new Form_Checkbox( @@ -1306,9 +1310,14 @@ class priq_queue { function build_form() { - $sform = new Form(); + $sform = new Form(new Form_Button( + 'Submit', + 'Save' + )); - $section = new Form_Section(null); + $sform->setAction("firewall_shaper.php"); + + $section = new Form_Section(""); $section->addInput(new Form_Checkbox( 'enabled', @@ -1318,12 +1327,21 @@ class priq_queue { 'on' )); - $section->addInput(new Form_StaticText( + $section->addInput(new Form_Input( + 'newname', 'Name', + 'text', $this->GetQname() ))->setHelp('Enter the name of the queue here. Do not use spaces and limit the size to 15 characters.'); $section->addInput(new Form_Input( + 'name', + null, + 'hidden', + $this->GetQname() + )); + + $section->addInput(new Form_Input( 'priority', 'Priority', 'number', @@ -1345,7 +1363,8 @@ class priq_queue { 'default', null, null, - $this->GetDefault() + $this->GetDefault(), + 'default' ))->setHelp('Default Queue'); } @@ -1375,7 +1394,7 @@ class priq_queue { null, null, !empty($this->GetCodel()) - ))->setHelp('<a target="_new" href="http://www.openbsd.org/faq/pf/queueing.html#ecn">' . gettext('Explicit Congestion Notification') . '</a>'); + ))->setHelp('<a target="_new" href="http://www.openbsd.org/faq/pf/queueing.html#ecn">' . gettext('Codel Active Queue') . '</a>'); $group->setHelp('Select options for this queue'); @@ -1388,14 +1407,21 @@ class priq_queue { $this->GetDescription() )); - $section->addInput(new Form_Input( + $sform->add($section); + + $sform->addGlobal(new Form_Input( 'interface', null, 'hidden', $this->GetInterface() )); - $sform->add($section); + $sform->addGlobal(new Form_Input( + 'name', + null, + 'hidden', + $this->GetQname() + )); return($sform); } @@ -2227,7 +2253,7 @@ EOJS; 'text', $this->GetU_d() ))->setHelp('d'); - + $group->add(new Form_Input( 'upperlimit3', null, @@ -2260,7 +2286,7 @@ EOJS; 'text', $this->GetR_d() ))->setHelp('d'); - + $group->add(new Form_Input( 'realtime3', null, @@ -2292,7 +2318,7 @@ EOJS; 'text', $this->GetL_d() ))->setHelp('d'); - + $group->add(new Form_Input( 'linkshare3', null, @@ -3735,9 +3761,10 @@ EOD; $form .= "<tbody>"; // If there are no bandwidths defined, make a blank one for convenience - if(empty($bandwidth)) + if (empty($bandwidth)) { $bandwidth = array(0 => array('bw' => '', 'bwscale' => 'Kb', 'bwsched' => 'none')); - + } + if (is_array($bandwidth)) { foreach ($bandwidth as $bwidx => $bw) { $form .= '<tr>'; @@ -3748,31 +3775,31 @@ EOD; $form .= "</td>"; $form .= '<td class="col-xs-4">'; $form .= "<select id=\"bwtype{$bwidx}\" name=\"bwtype{$bwidx}\" class=\"form-control\">"; - + foreach (array("Kb" => "Kbit/s", "Mb" => "Mbit/s", "Gb" => "Gbit/s", "b" => "Bit/s") as $bwsidx => $bwscale) { $form .= "<option value=\"{$bwsidx}\""; - + if ($bw['bwscale'] == $bwsidx) { - $form .= " selected=\"selected\""; + $form .= " selected"; } - + $form .= ">{$bwscale}</option>"; } - + $form .= "</select>"; $form .= "</td>"; $form .= '<td class="col-xs-4">'; $form .= "<select id=\"bwsched{$bwidx}\" name=\"bwsched{$bwidx}\" class=\"form-control\">"; - + foreach ($schedules as $schd) { $selected = ""; if ($bw['bwsched'] == $schd) { - $selected = "selected=\"selected\""; + $selected = "selected"; } - + $form .= "<option value='{$schd}' {$selected}>{$schd}</option>"; } - + $form .= "</select>"; $form .= "</td>"; $form .= '<td>'; @@ -3804,6 +3831,7 @@ EOD; $sform = new Form(); + $sform->setAction("firewall_shaper.php"); $section = new Form_Section('Limiters'); @@ -3848,7 +3876,7 @@ EOD; // if($_GET['newbwrow']) { // array_push($bandwidth, array(count($bandwidth) => array('bw' => '', 'burst' => '', 'bwscale' => 'Kb', 'bwsched' => 'none') )); // } - + if (is_array($bandwidth)) { $section->addInput(new Form_StaticText( 'Bandwidth', @@ -3859,7 +3887,7 @@ EOD; $mask = $this->GetMask(); $section->addInput(new Form_Select( - 'scheduler', + 'mask', 'Mask', $mask['type'], array('none' => 'None', 'srcaddress' => 'Source addresses', 'dstaddress' => 'Destination addresses') @@ -4126,7 +4154,7 @@ class dnqueue_class extends dummynet_class { $sform = new Form(); - + $sform->setAction("firewall_shaper.php"); $section = new Form_Section('Limiters'); $section->addInput(new Form_Checkbox( @@ -4163,11 +4191,12 @@ class dnqueue_class extends dummynet_class { $bandwidth = $this->GetBandwidth(); // Delete a row - if(isset($_GET['delbwrow']) && (count($bandwidth) > 0)) + if (isset($_GET['delbwrow']) && (count($bandwidth) > 0)) { unset($bandwidth[$_GET['delbwrow']]); + } // Add a row - if($_GET['newbwrow']) { + if ($_GET['newbwrow']) { array_push($bandwidth, array(count($bandwidth) => array('bw' => '', 'burst' => '', 'bwscale' => 'Kb', 'bwsched' => 'none') )); } @@ -4176,7 +4205,7 @@ class dnqueue_class extends dummynet_class { $row = 0; $numrows = count($bandwidth) - 1; - if($numrows >= 0) { + if ($numrows >= 0) { foreach ($bandwidth as $bwidx => $bw) { $group = new Form_Group($row == 0 ? 'Bandwidth':null); @@ -4207,8 +4236,9 @@ class dnqueue_class extends dummynet_class { 'firewall_shaper_vinterface.php?pipe=' . $pipe . '&queue=' . $qname . '&action=' . $action . '&delbwrow=' . $bwidx ))->removeClass('btn-primary')->addClass('btn-danger btn-sm'); - if($row == $numrows) + if ($row == $numrows) { $group->setHelp('Bandwidth is the rate (e.g. Mbit/s) to which traffic in this limiter will be restricted.'); + } $section->add($group); $row++; @@ -4336,461 +4366,6 @@ class dnqueue_class extends dummynet_class { } } -// List of layer7 objects -$layer7_rules_list = array(); - -class layer7 { - - var $rname; //alias - var $rdescription; //alias description - var $rport; //divert port - var $renabled; //rule enabled - var $rsets = array(); //array of l7 associations - - // Auxiliary functions - - function GetRName() { - return $this->rname; - } - function SetRName($rname) { - $this->rname = $rname; - } - function GetRDescription() { - return $this->rdescription; - } - function SetRDescription($rdescription) { - $this->rdescription = $rdescription; - } - function GetRPort() { - return $this->rport; - } - function SetRPort($rport) { - $this->rport = $rport; - } - function GetREnabled() { - return $this->renabled; - } - function SetREnabled($value) { - $this->renabled = $value; - } - function GetRl7() { - return $this->rsets; - } - function SetRl7($rsets) { - $this->rsets = $rsets; - } - - //Add a tuple (rule,structure,element) to the $rsets - - function add_rule($l7set) { - $this->rsets[] = $l7set; - } - - // Build the layer7 rules - function build_l7_rules() { - if ($this->GetREnabled() == "") { - return; - } - //$l7rules = "#" . $this->rdescription . "\n"; - foreach ($this->rsets as $rl7) { - $l7rules .= $rl7->build_rules(); - } - return $l7rules; - } - - // Read the config from array - function ReadConfig(&$qname, &$q) { - $this->SetRName($qname); - $this->SetREnabled($q['enabled']); - $this->SetRPort($q['divert_port']); - if (isset($q['description']) && $q['description'] <> "") { - $this->SetRDescription($q['description']); - } - $rsets = $q['l7rules']; - //Put individual rules in the array - if (is_array($rsets)) { - $this->rsets = array(); // XXX: ugly hack - foreach ($rsets as $l7r) { - $l7obj = new l7rule(); - $l7obj->SetRProtocol($l7r['protocol']); - $l7obj->SetRStructure($l7r['structure']); - $l7obj->SetRBehaviour($l7r['behaviour']); - $this->add_rule($l7obj); - } - } - } - - //Generate a random port for the divert socket - function gen_divert_port() { - $dports = get_divert_ports(); //array of used ports - $divert_port = 1; // Initialize - while (($divert_port % 2) != 0 || in_array($divert_port, $dports)) { - $divert_port = rand(40000, 60000); - } - return $divert_port; - } - - //Helps building the left tree - function build_tree() { - $tree = " <li><a href=\"firewall_shaper_layer7.php?container=" . $this->GetRName() ."&action=show\">"; - $tree .= $this->GetRName() . "</a>"; - $tree .= "</li>"; - - return $tree; - } - - function build_form() { - - $form = new Form(new Form_Button( - 'Submit', - 'Save' - )); - - $section = new Form_Section('Traffic Shaper'); - - $section->addInput(new Form_Checkbox( - 'enabled', - 'Enable/Disable', - 'Enable/disable discipline and its children', - ($this->GetREnabled() == "on"), - 'on' - )); - - $section->addInput(new Form_Input( - 'container', - 'Name', - 'text', - $this->GetRName() - )); - - $section->addInput(new Form_Input( - 'description', - 'Description', - 'text', - $this->GetRDescription() - ))->setHelp('You may enter a description here for your reference (not parsed).'); - - $form->add($section); - - return $form; - } - - //Write the setting to the $config array - function wconfig() { - global $config; - - if (!is_array($config['l7shaper']['container'])) { - $config['l7shaper']['container'] = array(); - } - // - $cflink =& get_l7c_reference_to_me_in_config($this->GetRName()); - // Test if this rule exists already - if (!$cflink) { - $cflink =& $config['l7shaper']['container'][]; - } - $cflink['name'] = $this->GetRName(); - $cflink['enabled'] = $this->GetREnabled(); - $cflink['description'] = $this->GetRDescription(); - $cflink['divert_port'] = $this->GetRPort(); - - // Destroy previously existent rules - if (is_array($cflink['rules'])) { - unset($cflink['l7rules']); - } - - $cflink['l7rules'] = array(); - - $i = 0; - foreach ($this->rsets as $rulel7) { - $cflink['l7rules'][$i]['protocol'] = $rulel7->GetRProtocol(); - $cflink['l7rules'][$i]['structure'] = $rulel7->GetRStructure(); - $cflink['l7rules'][$i]['behaviour'] = $rulel7->GetRBehaviour(); - $i++; - } - } - - //This function is necessary to help producing the overload options for keep state - function get_unique_structures() { - - $unique_structures = array("action" => false, "dummynet" => false, "altq" => false); - foreach ($this->rsets as $l7rule) { - if ($l7rule->GetRStructure() == "action") { - $unique_structures['action'] = true; - } else if ($l7rule->GetRStructure() == "limiter") { - $unique_structures['dummynet'] = true; - } else { - $unique_structures['altq'] = true; - } - } - //Delete non used structures so we don't have to check this in filter.inc - foreach ($unique_structures as $key => $value) { - if (!$value) { - unset($unique_structures[$key]); - } - } - return $unique_structures; - } - - function validate_input($data, &$input_errors) { - $reqdfields[] = "container"; - $reqdfieldsn[] = gettext("Name"); - - shaper_do_input_validation($data, $reqdfields, $reqdfieldsn, $input_errors); - - if (!preg_match("/^[a-zA-Z0-9_-]+$/", $data['container'])) { - $input_errors[] = gettext("Queue names must be alphanumeric and _ or - only."); - } - } - - function delete_l7c() { - mwexec("/bin/pkill -f 'ipfw-classifyd .* -p ". $this->GetRPort() . "'", true); - unset_l7_object_by_reference($this->GetRName()); - cleanup_l7_from_rules($this->GetRName()); - } -} - -class l7rule { - - var $rprotocol; //protocol - var $rstructure; //action, limiter, queue - var $rbehaviour; //allow, block, queue_name, pipe_number ... - - //Auxiliary Functions - - function GetRProtocol() { - return $this->rprotocol; - } - function SetRProtocol($rprotocol) { - $this->rprotocol = $rprotocol; - } - function GetRStructure() { - return $this->rstructure; - } - function SetRStructure($rstructure) { - $this->rstructure = $rstructure; - } - function GetRBehaviour() { - return $this->rbehaviour; - } - function SetRBehaviour($rbehaviour) { - $this->rbehaviour = $rbehaviour; - } - - //XXX Do we need to test any particularity for AltQ queues? - function build_rules() { - global $dummynet_pipe_list; - switch ($this->GetRStructure()) { - case "limiter": - read_dummynet_config(); - $dn_list =& get_unique_dnqueue_list(); - $found = false; - if (is_array($dn_list)) { - foreach ($dn_list as $key => $value) { - if ($key == $this->GetRBehaviour()) { - if ($value[0] == "?") { - $l7rule = $this->GetRProtocol() . " = dnqueue " . substr($value, 1) . "\n"; - } else { - $l7rule = $this->GetRProtocol() . " = dnpipe " . $value . "\n"; - } - $found = true; - } - if ($found) { - break; - } - } - } - break; - default: //This is for action and for altq - $l7rule = $this->GetRProtocol() . " = " . $this->GetRStructure() . " " . $this->GetRBehaviour() . "\n"; - break; - } - return $l7rule; - } -} - -/* - * This function allows to return an array with all the used divert socket ports - */ -function get_divert_ports() { - global $layer7_rules_list; - $dports = array(); - - foreach ($layer7_rules_list as $l7r) { - $dports[] = $l7r->GetRPort(); - } - - return $dports; -} - -function &get_l7c_reference_to_me_in_config(&$name) { - global $config; - - $ptr = NULL; - - if (is_array($config['l7shaper']['container'])) { - foreach ($config['l7shaper']['container'] as $key => $value) { - if ($value['name'] == $name) { - $ptr =& $config['l7shaper']['container'][$key]; - } - } - } - return $ptr; - // $ptr can be null. has to be checked later -} - -function unset_l7_object_by_reference(&$name) { - global $config; - - if (is_array($config['l7shaper']['container'])) { - foreach ($config['l7shaper']['container'] as $key => $value) { - if ($value['name'] == $name) { - unset($config['l7shaper']['container'][$key]['l7rules']); - unset($config['l7shaper']['container'][$key]); - break; - } - } - } -} - -function read_layer7_config() { - global $layer7_rules_list, $config; - - if (!is_array($config['l7shaper']['container']) || !count($config['l7shaper']['container'])) { - $layer7_rules_list = array(); - return; - } - - $l7cs = &$config['l7shaper']['container']; - - $layer7_rules_list = array(); - - foreach ($l7cs as $conf) { - if (empty($conf['name'])) { - continue; /* XXX: grrrrrr at php */ - } - $root =& new layer7(); - $root->ReadConfig($conf['name'], $conf); - $layer7_rules_list[$root->GetRName()] = &$root; - } -} - -function update_layer7_custom_patterns() { - global $config; - - if (!is_array($config['l7shaper']['custom_pat'])) { - return; - } - - foreach ($config['l7shaper']['custom_pat'] as $filename => $filecontent) { - if (!file_exists("/usr/local/share/protocols/" . $filename)) { - @file_put_contents("/usr/local/share/protocols/" . $filename, base64_decode($filecontent)); - } - } -} - -function generate_layer7_files() { - global $layer7_rules_list, $g; - - read_layer7_config(); - - if (!empty($layer7_rules_list)) { - if (!is_module_loaded("ipdivert.ko")) { - mwexec("/sbin/kldload ipdivert.ko"); - } - - array_map('unlink', glob("{$g['tmp_path']}/*.l7")); - } - - update_layer7_custom_patterns(); - - foreach ($layer7_rules_list as $l7rules) { - if ($l7rules->GetREnabled()) { - $filename = $l7rules->GetRName() . ".l7"; - $path = "{$g['tmp_path']}/" . $filename; - - $rules = $l7rules->build_l7_rules(); - - $fp = fopen($path, 'w'); - fwrite($fp, $rules); - fclose($fp); - } - } -} - -function layer7_start_l7daemon() { - global $layer7_rules_list, $g; - - /* - * XXX: ermal - Needed ?! - * read_layer7_config(); - */ - - foreach ($layer7_rules_list as $l7rules) { - if ($l7rules->GetREnabled()) { - $filename = $l7rules->GetRName() . ".l7"; - $path = "{$g['tmp_path']}/" . $filename; - - unset($l7pid); - /* Only reread the configuration rather than restart to avoid losing information. */ - exec("/bin/pgrep -f 'ipfw-classifyd .* -p ". $l7rules->GetRPort() . "'", $l7pid); - if (count($l7pid) > 0) { - log_error(sprintf(gettext("Sending HUP signal to %s"), $l7pid[0])); - mwexec("/bin/kill -HUP {$l7pid[0]}"); - } else { - // XXX: Hardcoded number of packets to garbage collect and queue length. - $ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 8 -q 700 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols"; - mwexec_bg($ipfw_classifyd_init); - } - } - } -} - -// This function uses /usr/local/share/protocols as a default directory for searching .pat files -function generate_protocols_array() { - - update_layer7_custom_patterns(); - - $protocols = return_dir_as_array("/usr/local/share/protocols"); - $protocols_new = array(); - if (is_array($protocols)) { - foreach ($protocols as $key => $proto) { - if (strstr($proto, ".pat")) { - $protocols_new[$key] =& str_replace(".pat", "", $proto); - } - } - sort($protocols_new); - } - return $protocols_new; -} - -function get_l7_unique_list() { - global $layer7_rules_list; - - $l7list = array(); - if (is_array($layer7_rules_list)) { - foreach ($layer7_rules_list as $l7c) { - if ($l7c->GetREnabled()) { - $l7list[] = $l7c->GetRName(); - } - } - } - - return $l7list; -} - -// Disable a removed l7 container from the filter -function cleanup_l7_from_rules(&$name) { - global $config; - - if (is_array($config['filter']['rule'])) { - foreach ($config['filter']['rule'] as $key => $rule) { - if ($rule['l7container'] == $name) { - unset($config['filter']['rule'][$key]['l7container']); - } - } - } -} - function get_dummynet_name_list() { $dn_name_list =& get_unique_dnqueue_list(); @@ -5149,7 +4724,7 @@ function build_iface_without_this_queue($iface, $qname) { } -$default_shaper_msg = sprintf(gettext("Welcome to the %s Traffic Shaper."), $g['product_name']) . "</b><br />"; +$default_shaper_msg = sprintf(gettext("Welcome to the %s Traffic Shaper."), $g['product_name']) . "<br />"; $default_shaper_msg .= gettext("The tree on the left helps you navigate through the queues.<br />" . "Buttons at the bottom represent queue actions and are activated accordingly."); diff --git a/src/etc/inc/simplepie/simplepie.inc b/src/etc/inc/simplepie/simplepie.inc index 32f158e..7052eb4 100644 --- a/src/etc/inc/simplepie/simplepie.inc +++ b/src/etc/inc/simplepie/simplepie.inc @@ -4010,16 +4010,16 @@ class SimplePie_Item $temp = explode(':', $this->sanitize($duration_parent[0]['data'], SIMPLEPIE_CONSTRUCT_TEXT)); if (sizeof($temp) > 0) { - $seconds = (int)array_pop($temp); + (int) $seconds = array_pop($temp); } if (sizeof($temp) > 0) { - $minutes = (int)array_pop($temp); + (int) $minutes = array_pop($temp); $seconds += $minutes * 60; } if (sizeof($temp) > 0) { - $hours = (int)array_pop($temp); + (int) $hours = array_pop($temp); $seconds += $hours * 3600; } unset($temp); @@ -9132,6 +9132,8 @@ class SimplePie_Misc return 'Adobe-Symbol-Encoding'; case 'ami1251': + case 'ami1251': + case 'amiga1251': case 'amiga1251': return 'Amiga-1251'; @@ -9226,6 +9228,7 @@ class SimplePie_Misc case 'csiso646danish': case 'dk': case 'ds2089': + case 'ds2089': case 'iso646dk': return 'DS_2089'; @@ -9722,6 +9725,7 @@ class SimplePie_Misc return 'IBM1026'; case 'ibm1047': + case 'ibm1047': return 'IBM1047'; case 'csiso143iecp271': @@ -9887,6 +9891,7 @@ class SimplePie_Misc return 'ISO-8859-14'; case 'iso885915': + case 'iso885915': case 'latin9': return 'ISO-8859-15'; @@ -10434,6 +10439,9 @@ class SimplePie_Misc case 'windows1254': return 'Windows-1254'; + case 'windows1254': + return 'windows-1254'; + case 'windows1255': return 'windows-1255'; @@ -11144,6 +11152,7 @@ class SimplePie_Decode_HTML_Entities case "\x09": case "\x0A": case "\x0B": + case "\x0B": case "\x0C": case "\x20": case "\x3C": diff --git a/src/etc/inc/smtp.inc b/src/etc/inc/smtp.inc index 035a30a..9a70e90 100644 --- a/src/etc/inc/smtp.inc +++ b/src/etc/inc/smtp.inc @@ -6,10 +6,6 @@ * */ -/* - pfSense_MODULE: notifications -*/ - class smtp_class { var $user=""; diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc index 1a8f9dd..c125bc2 100644 --- a/src/etc/inc/system.inc +++ b/src/etc/inc/system.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* system.inc part of m0n0wall (http://m0n0.ch/wall) @@ -29,16 +28,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - pfSense_BUILDER_BINARIES: /usr/sbin/powerd /usr/bin/killall /sbin/route - pfSense_BUILDER_BINARIES: /bin/hostname /bin/ls /usr/sbin/syslogd - pfSense_BUILDER_BINARIES: /usr/sbin/pccardd /usr/local/sbin/lighttpd /bin/chmod /bin/mkdir - pfSense_BUILDER_BINARIES: /usr/bin/tar /usr/local/sbin/ntpd /usr/local/sbin/ntpdate - pfSense_BUILDER_BINARIES: /usr/bin/nohup /sbin/dmesg /usr/local/sbin/atareinit /sbin/kldload - pfSense_BUILDER_BINARIES: /usr/local/sbin/filterdns - pfSense_MODULE: utils -*/ - function activate_powerd() { global $config, $g; @@ -587,6 +576,24 @@ function system_routing_configure($interface = "") { } } + $gateways_arr = return_gateways_array(false, true); + foreach ($gateways_arr as $gateway) { + // setup static interface routes for nonlocal gateways + if (isset($gateway["nonlocalgateway"])) { + $srgatewayip = $gateway['gateway']; + $srinterfacegw = $gateway['interface']; + if (is_ipaddr($srgatewayip) && !empty($srinterfacegw)) { + $inet = (!is_ipaddrv4($srgatewayip) ? "-inet6" : "-inet"); + $cmd = "/sbin/route change {$inet} " . escapeshellarg($srgatewayip) . " "; + mwexec($cmd . "-iface " . escapeshellarg($srinterfacegw)); + if (isset($config['system']['route-debug'])) { + $mt = microtime(); + log_error("ROUTING debug: $mt - $cmd -iface $srinterfacegw "); + } + } + } + } + if ($dont_add_route == false) { if (!empty($interface) && $interface != $interfacegw) { ; @@ -771,7 +778,7 @@ function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") { // Rather than repeatedly use the same code, use this function to build a list of remote servers. $facility .= " ". $remote_servers = ""; - $pad_to = 56; + $pad_to = max(strlen($facility), 56); $padding = ceil(($pad_to - strlen($facility))/8)+1; if ($syslogcfg['remoteserver']) { $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n"; @@ -785,6 +792,41 @@ function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") { return $remote_servers; } +function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = true) { + global $config, $g; + if ($restart_syslogd) { + exec("/usr/bin/killall syslogd"); + } + if (isset($config['system']['disablesyslogclog'])) { + unlink($logfile); + touch($logfile); + } else { + $log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "511488"; + $log_size = isset($config['syslog'][basename($logfile, '.log') . '_settings']['logfilesize']) ? $config['syslog'][basename($logfile, '.log') . '_settings']['logfilesize'] : $log_size; + exec("/usr/local/sbin/clog -i -s {$log_size} " . escapeshellarg($logfile)); + } + if ($restart_syslogd) { + system_syslogd_start(); + } +} + +function clear_all_log_files($restart = false) { + global $g; + exec("/usr/bin/killall syslogd"); + + $log_files = array("system", "filter", "dhcpd", "vpn", "pptps", "poes", "l2tps", "openvpn", "portalauth", "ipsec", "ppp", "relayd", "wireless", "lighttpd", "ntpd", "gateways", "resolver", "routing"); + foreach ($log_files as $lfile) { + clear_log_file("{$g['varlog_path']}/{$lfile}.log", false); + } + + if ($restart) { + system_syslogd_start(); + killbyname("dhcpd"); + services_dhcpd_configure(); + } + return; +} + function system_syslogd_start() { global $config, $g; if (isset($config['system']['developerspew'])) { @@ -800,19 +842,11 @@ function system_syslogd_start() { echo gettext("Starting syslog..."); } - if (is_process_running("fifolog_writer")) { - mwexec('/bin/pkill fifolog_writer'); - } - // Which logging type are we using this week?? if (isset($config['system']['disablesyslogclog'])) { $log_directive = ""; $log_create_directive = "/usr/bin/touch "; $log_size = ""; - } else if (isset($config['system']['usefifolog'])) { - $log_directive = "|/usr/sbin/fifolog_writer "; - $log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "10240"; - $log_create_directive = "/usr/sbin/fifolog_create -s "; } else { // Defaults to CLOG $log_directive = "%"; $log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "10240"; @@ -821,7 +855,7 @@ function system_syslogd_start() { $syslogd_extra = ""; if (isset($syslogcfg)) { - $separatelogfacilities = array('ntp', 'ntpd', 'ntpdate', 'charon', 'ipsec_starter', 'openvpn', 'pptps', 'poes', 'l2tps', 'relayd', 'hostapd', 'dnsmasq', 'filterdns', 'unbound', 'dhcpd', 'dhcrelay', 'dhclient', 'dhcp6c', 'apinger', 'radvd', 'routed', 'olsrd', 'zebra', 'ospfd', 'bgpd', 'miniupnpd', 'filterlog'); + $separatelogfacilities = array('ntp', 'ntpd', 'ntpdate', 'charon', 'ipsec_starter', 'openvpn', 'pptps', 'poes', 'l2tps', 'relayd', 'hostapd', 'dnsmasq', 'filterdns', 'unbound', 'dhcpd', 'dhcrelay', 'dhclient', 'dhcp6c', 'dpinger', 'radvd', 'routed', 'olsrd', 'zebra', 'ospfd', 'bgpd', 'miniupnpd', 'filterlog'); $syslogconf = ""; if ($config['installedpackages']['package']) { foreach ($config['installedpackages']['package'] as $package) { @@ -881,11 +915,11 @@ function system_syslogd_start() { $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); } - $syslogconf .= "!apinger\n"; + $syslogconf .= "!dpinger\n"; if (!isset($syslogcfg['disablelocallogging'])) { $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/gateways.log\n"; } - if (isset($syslogcfg['apinger'])) { + if (isset($syslogcfg['dpinger'])) { $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); } @@ -930,11 +964,7 @@ function system_syslogd_start() { local3.* {$log_directive}{$g['varlog_path']}/vpn.log local4.* {$log_directive}{$g['varlog_path']}/portalauth.log local7.* {$log_directive}{$g['varlog_path']}/dhcpd.log -*.notice;kern.debug;lpr.info;mail.crit;daemon.none; {$log_directive}{$g['varlog_path']}/system.log -news.err;local0.none;local3.none;local4.none; {$log_directive}{$g['varlog_path']}/system.log -local7.none {$log_directive}{$g['varlog_path']}/system.log -security.* {$log_directive}{$g['varlog_path']}/system.log -auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log +*.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info {$log_directive}{$g['varlog_path']}/system.log auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 *.emerg * @@ -950,11 +980,7 @@ EOD; $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*"); } if (isset($syslogcfg['system'])) { - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;"); - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none"); - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*"); - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info"); - $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg"); + $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg;*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local7.none;security.*;auth.info;authpriv.info;daemon.info"); } if (isset($syslogcfg['logall'])) { // Make everything mean everything, including facilities excluded above. @@ -1501,13 +1527,27 @@ EOD; function system_get_timezone_list() { global $g; - $file_list = glob("/usr/share/zoneinfo/*/*"); + $file_list = array_merge( + glob("/usr/share/zoneinfo/[A-Z]*"), + glob("/usr/share/zoneinfo/*/*"), + glob("/usr/share/zoneinfo/*/*/*") + ); if (empty($file_list)) { $file_list[] = $g['default_timezone']; + } else { + /* Remove directories from list */ + $file_list = array_filter($file_list, function($v) { + return !is_dir($v); + }); } - return str_replace('/usr/share/zoneinfo/', '', $file_list); + /* Remove directory prefix */ + $file_list = str_replace('/usr/share/zoneinfo/', '', $file_list); + + sort($file_list); + + return $file_list; } function system_timezone_configure() { @@ -1741,6 +1781,10 @@ function system_ntp_configure($start_ntpd=true) { $ntpcfg .= ' refid '; $ntpcfg .= $config['ntpd']['gps']['refid']; } + if (!empty($config['ntpd']['gps']['stratum'])) { + $ntpcfg .= ' stratum '; + $ntpcfg .= $config['ntpd']['gps']['stratum']; + } $ntpcfg .= "\n"; } elseif (is_array($config['ntpd']) && !empty($config['ntpd']['gpsport']) && file_exists('/dev/'.$config['ntpd']['gpsport']) && diff --git a/src/etc/inc/unbound.inc b/src/etc/inc/unbound.inc index 043ced2..ccae458 100644 --- a/src/etc/inc/unbound.inc +++ b/src/etc/inc/unbound.inc @@ -25,10 +25,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - pfSense_BUILDER_BINARIES: /usr/local/sbin/unbound /usr/local/sbin/unbound-anchor /usr/local/sbin/unbound-checkconf - pfSense_BUILDER_BINARIES: /usr/local/sbin/unbound-control /usr/local/sbin/unbound-control-setup - pfSense_MODULE: unbound */ /* include all configuration functions */ @@ -103,14 +99,52 @@ function unbound_optimization() { } +function test_unbound_config($unboundcfg, &$output) { + global $g; + + $cfgfile = "{$g['unbound_chroot_path']}/unbound.test.conf"; + $unboundcfgtxt = unbound_generate_config_text($unboundcfg); + file_put_contents($cfgfile, $unboundcfgtxt); + + $rv = 0; + exec("/usr/local/sbin/unbound-checkconf {$cfgfile} 2>&1", $output, $rv); + unlink_if_exists($cfgfile); + + return $rv; +} + + function unbound_generate_config() { + global $g; + + $unboundcfgtxt = unbound_generate_config_text(); + + // Configure static Host entries + unbound_add_host_entries(); + + // Configure Domain Overrides + unbound_add_domain_overrides(); + + // Configure Unbound access-lists + unbound_acls_config(); + + create_unbound_chroot_path(); + file_put_contents("{$g['unbound_chroot_path']}/unbound.conf", $unboundcfgtxt); +} + + +function unbound_generate_config_text($unboundcfg=NULL) { + global $config, $g; + if (is_null($unboundcfg)) { + $unboundcfg = $config['unbound']; + } // Setup optimization $optimization = unbound_optimization(); // Setup DNSSEC support - if (isset($config['unbound']['dnssec'])) { + if (isset($unboundcfg['dnssec'])) { $module_config = "validator iterator"; $anchor_file = "auto-trust-anchor-file: {$g['unbound_chroot_path']}/root.key"; } else { @@ -133,8 +167,8 @@ EOF; // Determine interfaces to run on $bindints = ""; - if (!empty($config['unbound']['active_interface'])) { - $active_interfaces = explode(",", $config['unbound']['active_interface']); + if (!empty($unboundcfg['active_interface'])) { + $active_interfaces = explode(",", $unboundcfg['active_interface']); if (in_array("all", $active_interfaces, true)) { $bindints .= "interface: 0.0.0.0\n"; $bindints .= "interface: ::0\n"; @@ -142,7 +176,7 @@ EOF; } else { foreach ($active_interfaces as $ubif) { if (is_ipaddr($ubif)) { - //$bindints .= "interface: $ubif\n"; -- until redmine #4062 is fixed, then uncomment this. + $bindints .= "interface: $ubif\n"; } else { $intip = get_interface_ip($ubif); if (is_ipaddrv4($intip)) { @@ -150,9 +184,7 @@ EOF; } $intip = get_interface_ipv6($ubif); if (is_ipaddrv6($intip)) { - if (!is_linklocal($intip)) { // skipping link local for the moment to not break people's configs: https://redmine.pfsense.org/issues/4062 - $bindints .= "interface: $intip\n"; - } + $bindints .= "interface: $intip\n"; } } } @@ -166,9 +198,9 @@ EOF; // Determine interfaces to run on $outgoingints = ""; - if (!empty($config['unbound']['outgoing_interface'])) { + if (!empty($unboundcfg['outgoing_interface'])) { $outgoingints = "# Outgoing interfaces to be used\n"; - $outgoing_interfaces = explode(",", $config['unbound']['outgoing_interface']); + $outgoing_interfaces = explode(",", $unboundcfg['outgoing_interface']); foreach ($outgoing_interfaces as $outif) { $outip = get_interface_ip($outif); if (is_ipaddr($outip)) { @@ -182,7 +214,7 @@ EOF; } // Allow DNS Rebind for forwarded domains - if (isset($config['unbound']['domainoverrides']) && is_array($config['unbound']['domainoverrides'])) { + if (isset($unboundcfg['domainoverrides']) && is_array($unboundcfg['domainoverrides'])) { if (!isset($config['system']['webgui']['nodnsrebindcheck'])) { $private_domains = "# Set private domains in case authoritative name server returns a Private IP address\n"; $private_domains .= unbound_add_domain_overrides("private"); @@ -190,21 +222,12 @@ EOF; $reverse_zones .= unbound_add_domain_overrides("reverse"); } - // Configure static Host entries - unbound_add_host_entries(); - - // Configure Domain Overrides - unbound_add_domain_overrides(); - // Configure Unbound statistics $statistics = unbound_statistics(); - // Configure Unbound access-lists - unbound_acls_config(); - // Add custom Unbound options - if ($config['unbound']['custom_options']) { - $custom_options_source = explode("\n", base64_decode($config['unbound']['custom_options'])); + if ($unboundcfg['custom_options']) { + $custom_options_source = explode("\n", base64_decode($unboundcfg['custom_options'])); $custom_options = "# Unbound custom options\n"; foreach ($custom_options_source as $ent) { $custom_options .= $ent."\n"; @@ -212,31 +235,31 @@ EOF; } // Server configuration variables - $port = (is_port($config['unbound']['port'])) ? $config['unbound']['port'] : "53"; - $hide_identity = isset($config['unbound']['hideidentity']) ? "yes" : "no"; - $hide_version = isset($config['unbound']['hideversion']) ? "yes" : "no"; - $harden_dnssec_stripped = isset($config['unbound']['dnssecstripped']) ? "yes" : "no"; - $prefetch = isset($config['unbound']['prefetch']) ? "yes" : "no"; - $prefetch_key = isset($config['unbound']['prefetchkey']) ? "yes" : "no"; - $outgoing_num_tcp = (!empty($config['unbound']['outgoing_num_tcp'])) ? $config['unbound']['outgoing_num_tcp'] : "10"; - $incoming_num_tcp = (!empty($config['unbound']['incoming_num_tcp'])) ? $config['unbound']['incoming_num_tcp'] : "10"; - $edns_buffer_size = (!empty($config['unbound']['edns_buffer_size'])) ? $config['unbound']['edns_buffer_size'] : "4096"; - $num_queries_per_thread = (!empty($config['unbound']['num_queries_per_thread'])) ? $config['unbound']['num_queries_per_thread'] : "4096"; - $jostle_timeout = (!empty($config['unbound']['jostle_timeout'])) ? $config['unbound']['jostle_timeout'] : "200"; - $cache_max_ttl = (!empty($config['unbound']['cache_max_ttl'])) ? $config['unbound']['cache_max_ttl'] : "86400"; - $cache_min_ttl = (!empty($config['unbound']['cache_min_ttl'])) ? $config['unbound']['cache_min_ttl'] : "0"; - $infra_host_ttl = (!empty($config['unbound']['infra_host_ttl'])) ? $config['unbound']['infra_host_ttl'] : "900"; - $infra_cache_numhosts = (!empty($config['unbound']['infra_cache_numhosts'])) ? $config['unbound']['infra_cache_numhosts'] : "10000"; - $unwanted_reply_threshold = (!empty($config['unbound']['unwanted_reply_threshold'])) ? $config['unbound']['unwanted_reply_threshold'] : "0"; + $port = (is_port($unboundcfg['port'])) ? $unboundcfg['port'] : "53"; + $hide_identity = isset($unboundcfg['hideidentity']) ? "yes" : "no"; + $hide_version = isset($unboundcfg['hideversion']) ? "yes" : "no"; + $harden_dnssec_stripped = isset($unboundcfg['dnssecstripped']) ? "yes" : "no"; + $prefetch = isset($unboundcfg['prefetch']) ? "yes" : "no"; + $prefetch_key = isset($unboundcfg['prefetchkey']) ? "yes" : "no"; + $outgoing_num_tcp = (!empty($unboundcfg['outgoing_num_tcp'])) ? $unboundcfg['outgoing_num_tcp'] : "10"; + $incoming_num_tcp = (!empty($unboundcfg['incoming_num_tcp'])) ? $unboundcfg['incoming_num_tcp'] : "10"; + $edns_buffer_size = (!empty($unboundcfg['edns_buffer_size'])) ? $unboundcfg['edns_buffer_size'] : "4096"; + $num_queries_per_thread = (!empty($unboundcfg['num_queries_per_thread'])) ? $unboundcfg['num_queries_per_thread'] : "4096"; + $jostle_timeout = (!empty($unboundcfg['jostle_timeout'])) ? $unboundcfg['jostle_timeout'] : "200"; + $cache_max_ttl = (!empty($unboundcfg['cache_max_ttl'])) ? $unboundcfg['cache_max_ttl'] : "86400"; + $cache_min_ttl = (!empty($unboundcfg['cache_min_ttl'])) ? $unboundcfg['cache_min_ttl'] : "0"; + $infra_host_ttl = (!empty($unboundcfg['infra_host_ttl'])) ? $unboundcfg['infra_host_ttl'] : "900"; + $infra_cache_numhosts = (!empty($unboundcfg['infra_cache_numhosts'])) ? $unboundcfg['infra_cache_numhosts'] : "10000"; + $unwanted_reply_threshold = (!empty($unboundcfg['unwanted_reply_threshold'])) ? $unboundcfg['unwanted_reply_threshold'] : "0"; if ($unwanted_reply_threshold == "disabled") { $unwanted_reply_threshold = "0"; } - $msg_cache_size = (!empty($config['unbound']['msgcachesize'])) ? $config['unbound']['msgcachesize'] : "4"; - $verbosity = isset($config['unbound']['log_verbosity']) ? $config['unbound']['log_verbosity'] : 1; - $use_caps = isset($config['unbound']['use_caps']) ? "yes" : "no"; + $msg_cache_size = (!empty($unboundcfg['msgcachesize'])) ? $unboundcfg['msgcachesize'] : "4"; + $verbosity = isset($unboundcfg['log_verbosity']) ? $unboundcfg['log_verbosity'] : 1; + $use_caps = isset($unboundcfg['use_caps']) ? "yes" : "no"; // Set up forwarding if it is configured - if (isset($config['unbound']['forwarding'])) { + if (isset($unboundcfg['forwarding'])) { $dnsservers = array(); if (isset($config['system']['dnsallowoverride'])) { $ns = array_unique(get_nameservers()); @@ -356,10 +379,7 @@ include: {$g['unbound_chroot_path']}/remotecontrol.conf EOD; - create_unbound_chroot_path(); - file_put_contents("{$g['unbound_chroot_path']}/unbound.conf", $unboundconf); - - return 0; + return $unboundconf; } function unbound_remote_control_setup() { @@ -470,7 +490,16 @@ function do_as_unbound_user($cmd) { mwexec("echo '/usr/local/sbin/unbound-control reload' | /usr/bin/su -m unbound", true); break; case "unbound-anchor": + // sanity check root.key because unbound-anchor will fail without manual removal otherwise. redmine #5334 + if (file_exists("{$g['unbound_chroot_path']}/root.key")) { + $rootkeycheck = mwexec("/usr/bin/grep 'autotrust trust anchor file' {$g['unbound_chroot_path']}/root.key", true); + if ($rootkeycheck != "0") { + log_error("Unbound root.key file is corrupt, removing and recreating."); + unlink_if_exists("{$g['unbound_chroot_path']}/root.key"); + } + } mwexec("echo '/usr/local/sbin/unbound-anchor -a {$g['unbound_chroot_path']}/root.key' | /usr/bin/su -m unbound", true); + pfSense_fsync("{$g['unbound_chroot_path']}/root.key"); break; case "unbound-control-setup": mwexec("echo '/usr/local/sbin/unbound-control-setup -d {$g['unbound_chroot_path']}' | /usr/bin/su -m unbound", true); @@ -526,7 +555,13 @@ function unbound_add_domain_overrides($pvt_rev="") { function unbound_add_host_entries() { global $config, $g; - $unbound_entries = "local-zone: \"{$config['system']['domain']}\" transparent\n"; + if (empty($config['unbound']['system_domain_local_zone_type'])) { + $system_domain_local_zone_type = "transparent"; + } else { + $system_domain_local_zone_type = $config['unbound']['system_domain_local_zone_type']; + } + + $unbound_entries = "local-zone: \"{$config['system']['domain']}\" $system_domain_local_zone_type\n"; $hosts = read_hosts(); $added_ptr = array(); diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc index 9bf570e..14db11e 100644 --- a/src/etc/inc/upgrade_config.inc +++ b/src/etc/inc/upgrade_config.inc @@ -1,39 +1,57 @@ <?php /* upgrade_config.inc - Copyright (C) 2004-2009 Scott Ullrich <sullrich@gmail.com> - All rights reserved. - - originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - pfSense_BUILDER_BINARIES: /usr/bin/find /bin/cd /usr/local/bin/rrdtool /usr/bin/nice - pfSense_MODULE: config */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ if (!function_exists("dump_rrd_to_xml")) { require("rrd.inc"); @@ -378,7 +396,6 @@ function upgrade_017_to_018() { function upgrade_018_to_019() { global $config; - $config['theme'] = "metallic"; } @@ -694,54 +711,50 @@ function upgrade_040_to_041() { $config['sysctl']['item'][8]['descr'] = gettext("Maximum outgoing TCP datagram size"); $config['sysctl']['item'][8]['value'] = "default"; - $config['sysctl']['item'][9]['tunable'] = "net.inet.ip.fastforwarding"; - $config['sysctl']['item'][9]['descr'] = gettext("Fastforwarding (see http://lists.freebsd.org/pipermail/freebsd-net/2004-January/002534.html)"); + $config['sysctl']['item'][9]['tunable'] = "net.inet.tcp.delayed_ack"; + $config['sysctl']['item'][9]['descr'] = gettext("Do not delay ACK to try and piggyback it onto a data packet"); $config['sysctl']['item'][9]['value'] = "default"; - $config['sysctl']['item'][10]['tunable'] = "net.inet.tcp.delayed_ack"; - $config['sysctl']['item'][10]['descr'] = gettext("Do not delay ACK to try and piggyback it onto a data packet"); + $config['sysctl']['item'][10]['tunable'] = "net.inet.udp.maxdgram"; + $config['sysctl']['item'][10]['descr'] = gettext("Maximum outgoing UDP datagram size"); $config['sysctl']['item'][10]['value'] = "default"; - $config['sysctl']['item'][11]['tunable'] = "net.inet.udp.maxdgram"; - $config['sysctl']['item'][11]['descr'] = gettext("Maximum outgoing UDP datagram size"); + $config['sysctl']['item'][11]['tunable'] = "net.link.bridge.pfil_onlyip"; + $config['sysctl']['item'][11]['descr'] = gettext("Handling of non-IP packets which are not passed to pfil (see if_bridge(4))"); $config['sysctl']['item'][11]['value'] = "default"; - $config['sysctl']['item'][12]['tunable'] = "net.link.bridge.pfil_onlyip"; - $config['sysctl']['item'][12]['descr'] = gettext("Handling of non-IP packets which are not passed to pfil (see if_bridge(4))"); + $config['sysctl']['item'][12]['tunable'] = "net.link.tap.user_open"; + $config['sysctl']['item'][12]['descr'] = gettext("Allow unprivileged access to tap(4) device nodes"); $config['sysctl']['item'][12]['value'] = "default"; - $config['sysctl']['item'][13]['tunable'] = "net.link.tap.user_open"; - $config['sysctl']['item'][13]['descr'] = gettext("Allow unprivileged access to tap(4) device nodes"); + $config['sysctl']['item'][13]['tunable'] = "kern.randompid"; + $config['sysctl']['item'][13]['descr'] = gettext("Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())"); $config['sysctl']['item'][13]['value'] = "default"; - $config['sysctl']['item'][15]['tunable'] = "kern.randompid"; - $config['sysctl']['item'][15]['descr'] = gettext("Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())"); + $config['sysctl']['item'][14]['tunable'] = "net.inet.tcp.inflight.enable"; + $config['sysctl']['item'][14]['descr'] = gettext("The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput. "); + $config['sysctl']['item'][14]['value'] = "default"; + + $config['sysctl']['item'][15]['tunable'] = "net.inet.icmp.icmplim"; + $config['sysctl']['item'][15]['descr'] = gettext("Set ICMP Limits"); $config['sysctl']['item'][15]['value'] = "default"; - $config['sysctl']['item'][16]['tunable'] = "net.inet.tcp.inflight.enable"; - $config['sysctl']['item'][16]['descr'] = gettext("The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput. "); + $config['sysctl']['item'][16]['tunable'] = "net.inet.tcp.tso"; + $config['sysctl']['item'][16]['descr'] = gettext("TCP Offload engine"); $config['sysctl']['item'][16]['value'] = "default"; - $config['sysctl']['item'][17]['tunable'] = "net.inet.icmp.icmplim"; - $config['sysctl']['item'][17]['descr'] = gettext("Set ICMP Limits"); + $config['sysctl']['item'][17]['tunable'] = "net.inet.ip.portrange.first"; + $config['sysctl']['item'][17]['descr'] = "Set the ephemeral port range starting port"; $config['sysctl']['item'][17]['value'] = "default"; - $config['sysctl']['item'][18]['tunable'] = "net.inet.tcp.tso"; - $config['sysctl']['item'][18]['descr'] = gettext("TCP Offload engine"); + $config['sysctl']['item'][18]['tunable'] = "hw.syscons.kbd_reboot"; + $config['sysctl']['item'][18]['descr'] = "Enables ctrl+alt+delete"; $config['sysctl']['item'][18]['value'] = "default"; - $config['sysctl']['item'][19]['tunable'] = "net.inet.ip.portrange.first"; - $config['sysctl']['item'][19]['descr'] = "Set the ephemeral port range starting port"; + $config['sysctl']['item'][19]['tunable'] = "kern.ipc.maxsockbuf"; + $config['sysctl']['item'][19]['descr'] = "Maximum socket buffer size"; $config['sysctl']['item'][19]['value'] = "default"; - $config['sysctl']['item'][20]['tunable'] = "hw.syscons.kbd_reboot"; - $config['sysctl']['item'][20]['descr'] = "Enables ctrl+alt+delete"; - $config['sysctl']['item'][20]['value'] = "default"; - - $config['sysctl']['item'][21]['tunable'] = "kern.ipc.maxsockbuf"; - $config['sysctl']['item'][21]['descr'] = "Maximum socket buffer size"; - $config['sysctl']['item'][21]['value'] = "default"; - } } @@ -2144,10 +2157,6 @@ function upgrade_054_to_055() { @unlink("{$g['tmp_path']}/{$xmldump}"); @unlink("{$g['tmp_path']}/{$xmldumpnew}"); } - /* let apinger recreate required files */ - if (!platform_booting()) { - setup_gateways_monitor(); - } /* build a list of traffic and packets databases */ $databases = return_dir_as_array($rrddbpath, '/-(traffic|packets)\.rrd$/'); @@ -2428,13 +2437,7 @@ function upgrade_061_to_062() { function upgrade_062_to_063() { /* Upgrade legacy Themes to the new pfsense_ng */ - global $config; - - switch ($config['theme']) { - case "nervecenter": - $config['theme'] = "pfsense_ng"; - break; - } + // Not supported in 2.3+ } @@ -3809,10 +3812,6 @@ function upgrade_117_to_118() { $ph1_entry['peerid_data'] = preg_replace('/\/\s*emailAddress\s*=\s*/', ', E=', $ph1_entry['peerid_data']); } - // iketype 'auto' was removed and is really v2, update accordingly - if ($ph1_entry['iketype'] == "auto") { - $ph1_entry['iketype'] = "ikev2"; - } } } @@ -3834,6 +3833,24 @@ function upgrade_118_to_119() { } function upgrade_119_to_120() { + require_once("ipsec.inc"); + global $config, $ipsec_log_cats; + + if (!is_array($config['ipsec'])) { + return; + } + + // add 1 to configured log levels as part of redmine #5340 + foreach ($ipsec_log_cats as $lkey => $ldescr) { + if (isset($config['ipsec']["ipsec_{$lkey}"])) { + $config['ipsec']["ipsec_{$lkey}"] = $config['ipsec']["ipsec_{$lkey}"] + 1; + } + } + +} + + +function upgrade_120_to_121() { global $config; if (!isset($config['installedpackages']['miniupnpd']['config'][0])) { @@ -3852,7 +3869,7 @@ function upgrade_119_to_120() { } } -function upgrade_120_to_121() { +function upgrade_121_to_122() { global $config; foreach ($config['system']['user'] as &$user) { if (isset($user['nt-hash'])) { @@ -3861,7 +3878,7 @@ function upgrade_120_to_121() { } } -function upgrade_121_to_122() { +function upgrade_122_to_123() { global $config; // PPTP server was removed @@ -3959,4 +3976,288 @@ function upgrade_121_to_122() { } } +function upgrade_123_to_124() { + if (isset($config['system']['altpkgrepo'])) { + unset($config['system']['altpkgrepo']); + } + + if (isset($config['theme'])) { + unset($config['theme']); + } +} + +function upgrade_124_to_125() { + global $config; + + /* Find interfaces with WEP configured. */ + foreach ($config['interfaces'] as $ifname => $intf) { + if (!is_array($intf['wireless'])) { + continue; + } + + /* Generate a notice, disable interface, remove WEP settings */ + if (isset($intf['wireless']['wep']['enable'])) { + if (!function_exists("file_notice")) { + require_once("notices.inc"); + } + file_notice("WirelessSettings", "WEP is no longer supported. It will be disabled on the {$ifname} interface and the interface will be disabled. Please reconfigure the interface."); + unset($config['interfaces'][$ifname]['wireless']['wep']); + if (isset($intf['enable'])) { + unset($config['interfaces'][$ifname]['enable']); + } + } + } +} + +function upgrade_125_to_126() { + require_once("ipsec.inc"); + global $config, $ipsec_log_cats, $ipsec_log_sevs; + + $def_loglevel = 1; + if (!is_array($config['ipsec'])) { + return; + } + + if (!isset($config['ipsec']['logging']) || !is_array($config['ipsec']['logging'])) { + $config['ipsec']['logging'] = array(); + } + + /* subtract 2 from ipsec log levels. the value stored in the config.xml + * will now match the strongswan level exactly. + */ + foreach (array_keys($ipsec_log_cats) as $cat) { + if (!isset($config['ipsec']["ipsec_{$cat}"])) { + $new_level = $def_loglevel; + } else { + $new_level = intval($config['ipsec']["ipsec_{$cat}"]) - 2; + } + + if (in_array($new_level, array_keys($ipsec_log_sevs))) { + $config['ipsec']['logging'][$cat] = $new_level; + } else { + $config['ipsec']['logging'][$cat] = $def_loglevel; + } + unset($config['ipsec']["ipsec_{$cat}"]); + } +} + +// prior to v2.3 <widgets><sequence> contains a list of widgets with display types: +// none, close, hide, & show +// v2.3 & later uses: +// close & open +// widgets not in use are simply not in the list +function upgrade_126_to_127() { + global $config; + + if (!isset($config['widgets']['sequence'])) { + return; + } + + $cur_widgets = explode(',', trim($config['widgets']['sequence'])); + $new_widgets = array(); + + foreach ($cur_widgets as $widget) { + list($file, $col, $display) = explode(':', $widget); + + switch ($display) { + case 'hide': + $display = 'close'; + break; + case 'show': + $display = 'open'; + break; + case 'open': + break; + default: + continue 2; + } + + /* Remove '-container' from widget name */ + $file = preg_replace('/-container$/', '', $file); + + $new_widgets[] = "{$file}:{$col}:{$display}"; + } + + $config['widgets']['sequence'] = implode(',', $new_widgets); + +} + +function upgrade_127_to_128() { + global $config; + + // If bindip is not already specified then migrate the old SNMP bindlan flag to a bindip setting + if (isset($config['snmpd']['bindlan'])) { + if (!isset($config['snmpd']['bindip'])) { + $config['snmpd']['bindip'] = 'lan'; + } + unset($config['snmpd']['bindlan']); + } +} + +function upgrade_128_to_129() { + global $config; + + /* net.inet.ip.fastforwarding does not exist in 2.3. */ + if (!isset($config['sysctl']['item']) || + !is_array($config['sysctl']['item'])) { + return; + } + + foreach ($config['sysctl']['item'] as $idx => $sysctl) { + if ($sysctl['tunable'] == "net.inet.ip.fastforwarding") { + unset($config['sysctl']['item'][$idx]); + } + if ($sysctl['tunable'] == "net.inet.ipsec.debug") { + $config['sysctl']['item'][$idx]['value'] = "0"; + } + } + + /* IPSEC is always on in 2.3. */ + if (isset($config['ipsec']['enable'])) { + unset($config['ipsec']['enable']); + } else if (is_array($config['ipsec']['phase1'])) { + /* + * If IPsec was globally disabled, disable all + * phase1 entries + */ + foreach ($config['ipsec']['phase1'] as $idx => $p1) { + $config['ipsec']['phase1'][$idx]['disabled'] = true; + } + } +} + +function upgrade_129_to_130() { + global $config; + + /* Change OpenVPN topology_subnet checkbox into topology multi-select #5526 */ + if (is_array($config['openvpn']) && is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as & $serversettings) { + if (isset($serversettings['topology_subnet'])) { + unset($serversettings['topology_subnet']); + $serversettings['topology'] = "subnet"; + } else { + $serversettings['topology'] = "net30"; + } + } + } +} + +function upgrade_130_to_131() { + global $config; + + if (isset($config['syslog']['apinger'])) { + $config['syslog']['dpinger'] = true; + unset($config['syslog']['apinger']); + } + + if (isset($config['system']['apinger_debug'])) { + unset($config['system']['apinger_debug']); + } + + if (!isset($config['gateways']['gateway_item']) || + !is_array($config['gateways']['gateway_item'])) { + return; + } + + foreach ($config['gateways']['gateway_item'] as &$gw) { + // dpinger uses milliseconds + if (isset($gw['interval']) && + is_numeric($gw['interval'])) { + $gw['interval'] = $gw['interval'] * 1000; + } + if (isset($gw['down']) && + is_numeric($gw['down'])) { + $gw['loss_interval'] = $gw['down'] * 1000; + unset($gw['down']); + } + + if (isset($gw['avg_delay_samples'])) { + unset($gw['avg_delay_samples']); + } + if (isset($gw['avg_delay_samples_calculated'])) { + unset($gw['avg_delay_samples_calculated']); + } + if (isset($gw['avg_loss_samples'])) { + unset($gw['avg_loss_samples']); + } + if (isset($gw['avg_loss_samples_calculated'])) { + unset($gw['avg_loss_samples_calculated']); + } + if (isset($gw['avg_loss_delay_samples'])) { + unset($gw['avg_loss_delay_samples']); + } + if (isset($gw['avg_loss_delay_samples_calculated'])) { + unset($gw['avg_loss_delay_samples_calculated']); + } + } +} + +function upgrade_131_to_132() { + global $config; + if (isset($config['system']['usefifolog'])) { + unset($config['system']['usefifolog']); + clear_all_log_files(false); + } +} + +function upgrade_132_to_133() { + global $config; + + if (isset($config['ipsec']['phase1']) && + is_array($config['ipsec']['phase1'])) { + foreach ($config['ipsec']['phase1'] as &$p1) { + if (isset($p1['encryption-algorithm']['name']) && + $p1['encryption-algorithm']['name'] == 'des') { + $p1['disabled'] = true; + file_notice("IPsec", + "DES is no longer supported, IPsec phase 1 " . + "item '{$p1['descr']}' is being disabled."); + } + } + } + + if (isset($config['ipsec']['phase2']) && + is_array($config['ipsec']['phase2'])) { + foreach ($config['ipsec']['phase2'] as &$p2) { + if (!isset($p2['encryption-algorithm-option']) || + !is_array($p2['encryption-algorithm-option'])) { + continue; + } + + foreach ($p2['encryption-algorithm-option'] as $ealgo) { + if ($ealgo['name'] == 'des') { + $p2['disabled'] = true; + file_notice("IPsec", + "DES is no longer supported, IPsec phase 2 " . + "item '{$p2['descr']}' is being disabled."); + } + } + } + } +} + +// Determine the highest column number in use and set dashboardcolumns accordingly +function upgrade_133_to_134() { + global $config; + + if (!isset($config['widgets']['sequence']) || isset($config['system']['webgui']['dashboardcolumns'])) { + return; + } + + $cur_widgets = explode(',', trim($config['widgets']['sequence'])); + $maxcols = 2; + + foreach ($cur_widgets as $widget) { + list($file, $col, $display) = explode(':', $widget); + + if (($display != 'none') && ($display != 'hide')) { + preg_match('#[0-9]+$#', $col, $column); + if ($column[0] > $maxcols) { + $maxcols = $column[0]; + } + } + } + + $config['system']['webgui']['dashboardcolumns'] = $maxcols % 10; +} ?> diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc index 315ccb8..b542566 100644 --- a/src/etc/inc/util.inc +++ b/src/etc/inc/util.inc @@ -1,40 +1,60 @@ <?php /* util.inc - part of the pfSense project (https://www.pfsense.org) - - originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* - pfSense_BUILDER_BINARIES: /bin/ps /bin/kill /usr/bin/killall /sbin/ifconfig /usr/bin/netstat - pfSense_BUILDER_BINARIES: /usr/bin/awk /sbin/dmesg /sbin/ping /usr/local/sbin/gzsig /usr/sbin/arp - pfSense_BUILDER_BINARIES: /sbin/conscontrol /sbin/devd /bin/ps - pfSense_MODULE: utils */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * + * Some or all of this file is based on the m0n0wall project which is + * Copyright (c) 2004 Manuel Kasper (BSD 2 clause) + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ /* kill a process by pid file */ function killbypid($pidfile) { @@ -372,7 +392,7 @@ function gen_subnetv4_max($ipaddr, $bits) { if ($bits == 32) { return $ipaddr; } - return long2ip32(ip2long($ipaddr) | ~gen_subnet_mask_long($bits)); + return long2ip32(ip2long($ipaddr) | (~gen_subnet_mask_long($bits) & 0xFFFFFFFF)); } return ""; } @@ -401,17 +421,20 @@ function gen_subnet_mask($bits) { return long2ip(gen_subnet_mask_long($bits)); } -/* Convert long int to IP address, truncating to 32-bits. */ +/* Convert long int to IPv4 address + Returns '' if not valid IPv4 (including if any bits >32 are non-zero) */ function long2ip32($ip) { return long2ip($ip & 0xFFFFFFFF); } -/* Convert IP address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. */ +/* Convert IPv4 address to long int, truncated to 32-bits to avoid sign extension on 64-bit platforms. + Returns '' if not valid IPv4. */ function ip2long32($ip) { return (ip2long($ip) & 0xFFFFFFFF); } -/* Convert IP address to unsigned long int. */ +/* Convert IPv4 address to unsigned long int. + Returns '' if not valid IPv4. */ function ip2ulong($ip) { return sprintf("%u", ip2long32($ip)); } @@ -502,73 +525,127 @@ function ip_range_to_address_array($startip, $endip, $max_size = 5000) { return $rangeaddresses; } -/* Convert a range of IPv4 addresses to an array of subnets which can contain the range. */ -/* Note: IPv6 ranges are not yet supported here. */ -function ip_range_to_subnet_array($startip, $endip) { - if (!is_ipaddrv4($startip) || !is_ipaddrv4($endip)) { +/* Convert an IPv4 or IPv6 IP range to an array of subnets which can contain the range. + Algorithm and embodying code PD'ed by Stilez - enjoy as you like :-) + + Documented on pfsense dev list 19-20 May 2013. Summary: + + The algorithm looks at patterns of 0's and 1's in the least significant bit(s), whether IPv4 or IPv6. + These are all that needs checking to identify a _guaranteed_ correct, minimal and optimal subnet array. + + As a result, string/binary pattern matching of the binary IP is very efficient. It uses just 2 pattern-matching rules + to chop off increasingly larger subnets at both ends that can't be part of larger subnets, until nothing's left. + + (a) If any range has EITHER low bit 1 (in startip) or 0 (in endip), that end-point is _always guaranteed_ to be optimally + represented by its own 'single IP' CIDR; the remaining range then shrinks by one IP up or down, causing the new end-point's + low bit to change from 1->0 (startip) or 0->1 (endip). Only one edge case needs checking: if a range contains exactly 2 + adjacent IPs of this format, then the two IPs themselves are required to span it, and we're done. + Once this rule is applied, the remaining range is _guaranteed_ to end in 0's and 1's so rule (b) can now be used, and its + low bits can now be ignored. + + (b) If any range has BOTH startip and endip ending in some number of 0's and 1's respectively, these low bits can + *always* be ignored and "bit-shifted" for subnet spanning. So provided we remember the bits we've place-shifted, we can + _always_ right-shift and chop off those bits, leaving a smaller range that has EITHER startip ending in 1 or endip ending + in 0 (ie can now apply (a) again) or the entire range has vanished and we're done. + We then loop to redo (a) again on the remaining (place shifted) range until after a few loops, the remaining (place shifted) + range 'vanishes' by meeting the exit criteria of (a) or (b), and we're done. +*/ + +function ip_range_to_subnet_array($ip1, $ip2) { + + if (is_ipaddrv4($ip1) && is_ipaddrv4($ip2)) { + $proto = 'ipv4'; // for clarity + $bits = 32; + $ip1bin = decbin(ip2long32($ip1)); + $ip2bin = decbin(ip2long32($ip2)); + } elseif (is_ipaddrv6($ip1) && is_ipaddrv6($ip2)) { + $proto = 'ipv6'; + $bits = 128; + $ip1bin = Net_IPv6::_ip2Bin($ip1); + $ip2bin = Net_IPv6::_ip2Bin($ip2); + } else { return array(); } - if (ip_greater_than($startip, $endip)) { - // Swap start and end so we can process sensibly. - $temp = $startip; - $startip = $endip; - $endip = $temp; + // it's *crucial* that binary strings are guaranteed the expected length; do this for certainty even though for IPv6 it's redundant + $ip1bin = str_pad($ip1bin, $bits, '0', STR_PAD_LEFT); + $ip2bin = str_pad($ip2bin, $bits, '0', STR_PAD_LEFT); + + if ($ip1bin == $ip2bin) { + return array($ip1 . '/' . $bits); // exit if ip1=ip2 (trivial case) + } + + if ($ip1bin > $ip2bin) { + list ($ip1bin, $ip2bin) = array($ip2bin, $ip1bin); // swap if needed (ensures ip1 < ip2) } - // Container for subnets within this range. $rangesubnets = array(); + $netsize = 0; - // Figure out what the smallest subnet is that holds the number of IPs in the given range. - $cidr = find_smallest_cidr_v4(ip_range_size_v4($startip, $endip)); + do { + // at loop start, $ip1 is guaranteed strictly less than $ip2 (important for edge case trapping and preventing accidental binary wrapround) + // which means the assignments $ip1 += 1 and $ip2 -= 1 will always be "binary-wrapround-safe" - // Loop here to reduce subnet size and retest as needed. We need to make sure - // that the target subnet is wholly contained between $startip and $endip. - for ($cidr; $cidr <= 32; $cidr++) { - // Find the network and broadcast addresses for the subnet being tested. - $targetsub_min = gen_subnet($startip, $cidr); - $targetsub_max = gen_subnet_max($startip, $cidr); + // step #1 if start ip (as shifted) ends in any '1's, then it must have a single cidr to itself (any cidr would include the '0' below it) - // Check best case where the range is exactly one subnet. - if (($targetsub_min == $startip) && ($targetsub_max == $endip)) { - // Hooray, the range is exactly this subnet! - return array("{$startip}/{$cidr}"); + if (substr($ip1bin, -1, 1) == '1') { + // the start ip must be in a separate one-IP cidr range + $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + $n = strrpos($ip1bin, '0'); //can't be all 1's + $ip1bin = ($n == 0 ? '' : substr($ip1bin, 0, $n)) . '1' . str_repeat('0', $bits - $n - 1); // BINARY VERSION OF $ip1 += 1 } - // These remaining scenarios will find a subnet that uses the largest - // chunk possible of the range being tested, and leave the rest to be - // tested recursively after the loop. + // step #2, if end ip (as shifted) ends in any zeros then that must have a cidr to itself (as cidr cant span the 1->0 gap) - // Check if the subnet begins with $startip and ends before $endip - if (($targetsub_min == $startip) && ip_less_than($targetsub_max, $endip)) { - break; + if (substr($ip2bin, -1, 1) == '0') { + // the end ip must be in a separate one-IP cidr range + $new_subnet_ip = substr($ip2bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + $n = strrpos($ip2bin, '1'); //can't be all 0's + $ip2bin = ($n == 0 ? '' : substr($ip2bin, 0, $n)) . '0' . str_repeat('1', $bits - $n - 1); // BINARY VERSION OF $ip2 -= 1 + // already checked for the edge case where end = start+1 and start ends in 0x1, above, so it's safe } - // Check if the subnet ends at $endip and starts after $startip - if (ip_greater_than($targetsub_min, $startip) && ($targetsub_max == $endip)) { - break; + // this is the only edge case arising from increment/decrement. + // it happens if the range at start of loop is exactly 2 adjacent ips, that spanned the 1->0 gap. (we will have enumerated both by now) + + if ($ip2bin < $ip1bin) { + continue; } - // Check if the subnet is between $startip and $endip - if (ip_greater_than($targetsub_min, $startip) && ip_less_than($targetsub_max, $endip)) { - break; + // step #3 the start and end ip MUST now end in '0's and '1's respectively + // so we have a non-trivial range AND the last N bits are no longer important for CIDR purposes. + + $shift = $bits - max(strrpos($ip1bin, '0'), strrpos($ip2bin, '1')); // num of low bits which are '0' in ip1 and '1' in ip2 + $ip1bin = str_repeat('0', $shift) . substr($ip1bin, 0, $bits - $shift); + $ip2bin = str_repeat('0', $shift) . substr($ip2bin, 0, $bits - $shift); + $netsize += $shift; + if ($ip1bin == $ip2bin) { + // we're done. + $new_subnet_ip = substr($ip1bin, $netsize, $bits - $netsize) . str_repeat('0', $netsize); + $rangesubnets[$new_subnet_ip] = $bits - $netsize; + continue; } - } - // Some logic that will recursively search from $startip to the first IP before the start of the subnet we just found. - // NOTE: This may never be hit, the way the above algo turned out, but is left for completeness. - if ($startip != $targetsub_min) { - $rangesubnets = array_merge($rangesubnets, ip_range_to_subnet_array($startip, ip_before($targetsub_min))); - } + // at this point there's still a remaining range, and either startip ends with '1', or endip ends with '0'. So repeat cycle. + } while ($ip1bin < $ip2bin); - // Add in the subnet we found before, to preserve ordering - $rangesubnets[] = "{$targetsub_min}/{$cidr}"; + // subnets are ordered by bit size. Re sort by IP ("naturally") and convert back to IPv4/IPv6 - // And some more logic that will search after the subnet we found to fill in to the end of the range. - if ($endip != $targetsub_max) { - $rangesubnets = array_merge($rangesubnets, ip_range_to_subnet_array(ip_after($targetsub_max), $endip)); + ksort($rangesubnets, SORT_STRING); + $out = array(); + + foreach ($rangesubnets as $ip => $netmask) { + if ($proto == 'ipv4') { + $i = str_split($ip, 8); + $out[] = implode('.', array(bindec($i[0]), bindec($i[1]), bindec($i[2]), bindec($i[3]))) . '/' . $netmask; + } else { + $out[] = Net_IPv6::compress(Net_IPv6::_bin2Ip($ip)) . '/' . $netmask; + } } - return $rangesubnets; + + return $out; } /* returns true if $range is a valid pair of IPv4 or IPv6 addresses separated by a "-" @@ -738,12 +815,10 @@ function subnet_size($subnet) { if (is_subnetv4($subnet)) { list ($ip, $bits) = explode("/", $subnet); return round(exp(log(2) * (32 - $bits))); - } - else if (is_subnetv6($subnet)) { + } else if (is_subnetv6($subnet)) { list ($ip, $bits) = explode("/", $subnet); return round(exp(log(2) * (128 - $bits))); - } - else { + } else { return 0; } } @@ -1015,51 +1090,57 @@ function get_configured_carp_interface_list($carpinterface = '', $family = 'inet $iflist = array(); - if (is_array($config['virtualip']['vip'])) { - $viparr = &$config['virtualip']['vip']; - foreach ($viparr as $vip) { - switch ($vip['mode']) { - case "carp": - if (!empty($carpinterface)) { - if ($carpinterface == "_vip{$vip['uniqid']}") { - switch ($what) { - case 'subnet': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['subnet_bits']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['subnet_bits']; - } - break; - case 'iface': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['interface']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['interface']; - } - break; - case 'vip': - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip; - } - break; - case 'ip': - default: - if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { - return $vip['subnet']; - } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { - return $vip['subnet']; - } - break; - } - } - } else { - $iflist["_vip{$vip['uniqid']}"] = $vip['subnet']; - } - break; - } + if (!is_array($config['virtualip']['vip']) || empty($config['virtualip']['vip'])) { + return $iflist; + } + + $viparr = &$config['virtualip']['vip']; + foreach ($viparr as $vip) { + if ($vip['mode'] != "carp") { + continue; + } + + if (empty($carpinterface)) { + $iflist["_vip{$vip['uniqid']}"] = $vip['subnet']; + continue; + } + + if ($carpinterface != "_vip{$vip['uniqid']}") { + continue; + } + + switch ($what) { + case 'subnet': + if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { + return $vip['subnet_bits']; + } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { + return $vip['subnet_bits']; + } + break; + case 'iface': + if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { + return $vip['interface']; + } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { + return $vip['interface']; + } + break; + case 'vip': + if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { + return $vip; + } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { + return $vip; + } + break; + case 'ip': + default: + if ($family == 'inet' && is_ipaddrv4($vip['subnet'])) { + return $vip['subnet']; + } else if ($family == 'inet6' && is_ipaddrv6($vip['subnet'])) { + return $vip['subnet']; + } + break; } + break; } return $iflist; @@ -1097,7 +1178,7 @@ function get_configured_vips_list() { $viparr = &$config['virtualip']['vip']; foreach ($viparr as $vip) { if ($vip['mode'] == "carp") { - $alias_list[] = array("ipaddr" => $vip['subnet'], "if" => "{$vip['interface']}_vip{$vip['vhid']}"); + $alias_list[] = array("ipaddr" => $vip['subnet'], "if" => "_vip{$vip['uniqid']}"); } else { $alias_list[] = array("ipaddr" => $vip['subnet'], "if" => $vip['interface']); } @@ -1449,8 +1530,9 @@ function mwexec($command, $nologentry = false, $clearsigmask = false, $backgroun // run in foreground, and (optionally) log if nonzero return $outputarray = array(); exec("$command 2>&1", $outputarray, $retval); - if (($retval <> 0) && (!$nologentry || isset($config['system']['developerspew']))) + if (($retval <> 0) && (!$nologentry || isset($config['system']['developerspew']))) { log_error(sprintf(gettext("The command '%1\$s' returned exit code '%2\$d', the output was '%3\$s' "), $command, $retval, implode(" ", $outputarray))); + } } if ($clearsigmask) { @@ -1465,13 +1547,13 @@ function mwexec_bg($command, $clearsigmask = false) { return mwexec($command, false, $clearsigmask, true); } -/* unlink a file, if it exists */ +/* unlink a file, or pattern-match of a file, if it exists + if the file/path contains glob() compatible wildcards, all matching files will be unlinked + if no matches, no error occurs */ function unlink_if_exists($fn) { $to_do = glob($fn); - if (is_array($to_do)) { - foreach ($to_do as $filename) { - @unlink($filename); - } + if (is_array($to_do) && count($to_do) > 0) { + @array_map("unlink", $to_do); } else { @unlink($fn); } @@ -1549,17 +1631,6 @@ function alias_expand_urltable($name) { return null; } -/* verify (and remove) the digital signature on a file - returns 0 if OK */ -function verify_digital_signature($fname) { - global $g; - - if (!file_exists("/usr/local/sbin/gzsig")) { - return 4; - } - - return mwexec("/usr/local/sbin/gzsig verify {$g['etc_path']}/pubkey.pem < " . escapeshellarg($fname)); -} - /* obtain MAC address given an IP address by looking at the ARP table */ function arp_get_mac_by_ip($ip) { mwexec("/sbin/ping -c 1 -t 1 " . escapeshellarg($ip), true); @@ -2182,32 +2253,6 @@ function array_exclude($needle, $haystack) { return $result; } -function get_current_theme() { - global $config, $g; - /* - * if user has selected a custom template, use it. - * otherwise default to pfsense template - */ - if (($g["disablethemeselection"] === true) && !empty($g["default_theme"]) && (is_dir($g["www_path"].'/themes/'.$g["default_theme"]))) { - $theme = $g["default_theme"]; - } elseif ($config['theme'] <> "" && (is_dir($g["www_path"].'/themes/'.$config['theme']))) { - $theme = $config['theme']; - } else { - $theme = "pfsense"; - } - /* - * If this device is an apple ipod/iphone - * switch the theme to one that works with it. - */ - $lowres_ua = array("iPhone", "iPod", "iPad", "Android", "BlackBerry", "Opera Mini", "Opera Mobi", "PlayBook", "IEMobile"); - foreach ($lowres_ua as $useragent) { - if (strstr($_SERVER['HTTP_USER_AGENT'], $useragent)) { - $theme = (empty($g['theme_lowres']) && (is_dir($g["www_path"].'/themes/'.$g['theme_lowres']))) ? "pfsense" : $g['theme_lowres']; - } - } - return $theme; -} - /* Define what is preferred, IPv4 or IPv6 */ function prefer_ipv4_or_ipv6() { global $config; @@ -2229,7 +2274,12 @@ function post_redirect($page, $params) { foreach ($params as $key => $value) { print "<input type=\"hidden\" name=\"{$key}\" value=\"{$value}\" />\n"; } - print "</form><script type=\"text/javascript\">document.formredir.submit();</script>\n"; + print "</form>\n"; + print "<script type=\"text/javascript\">\n"; + print "//<![CDATA[\n"; + print "document.formredir.submit();\n"; + print "//]]>\n"; + print "</script>\n"; print "</body></html>\n"; } diff --git a/src/etc/inc/uuid.php b/src/etc/inc/uuid.php deleted file mode 100644 index 700f392..0000000 --- a/src/etc/inc/uuid.php +++ /dev/null @@ -1,327 +0,0 @@ -<?php -/*- - * Copyright (c) 2008 Fredrik Lindberg - http://www.shapeshifter.se - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/* - * UUID (RFC4122) Generator - * http://tools.ietf.org/html/rfc4122 - * - * Implements version 1, 3, 4 and 5 - */ -class UUID { - /* UUID versions */ - const UUID_TIME = 1; /* Time based UUID */ - const UUID_NAME_MD5 = 3; /* Name based (MD5) UUID */ - const UUID_RANDOM = 4; /* Random UUID */ - const UUID_NAME_SHA1 = 5; /* Name based (SHA1) UUID */ - - /* UUID formats */ - const FMT_FIELD = 100; - const FMT_STRING = 101; - const FMT_BINARY = 102; - const FMT_QWORD = 1; /* Quad-word, 128-bit (not impl.) */ - const FMT_DWORD = 2; /* Double-word, 64-bit (not impl.) */ - const FMT_WORD = 4; /* Word, 32-bit (not impl.) */ - const FMT_SHORT = 8; /* Short (not impl.) */ - const FMT_BYTE = 16; /* Byte */ - const FMT_DEFAULT = 16; - - /* Field UUID representation */ - static private $m_uuid_field = array( - 'time_low' => 0, /* 32-bit */ - 'time_mid' => 0, /* 16-bit */ - 'time_hi' => 0, /* 16-bit */ - 'clock_seq_hi' => 0, /* 8-bit */ - 'clock_seq_low' => 0, /* 8-bit */ - 'node' => array() /* 48-bit */ - ); - - static private $m_generate = array( - self::UUID_TIME => "generateTime", - self::UUID_RANDOM => "generateRandom", - self::UUID_NAME_MD5 => "generateNameMD5", - self::UUID_NAME_SHA1 => "generateNameSHA1" - ); - - static private $m_convert = array( - self::FMT_FIELD => array( - self::FMT_BYTE => "conv_field2byte", - self::FMT_STRING => "conv_field2string", - self::FMT_BINARY => "conv_field2binary" - ), - self::FMT_BYTE => array( - self::FMT_FIELD => "conv_byte2field", - self::FMT_STRING => "conv_byte2string", - self::FMT_BINARY => "conv_byte2binary" - ), - self::FMT_STRING => array( - self::FMT_BYTE => "conv_string2byte", - self::FMT_FIELD => "conv_string2field", - self::FMT_BINARY => "conv_string2binary" - ), - ); - - /* Swap byte order of a 32-bit number */ - static private function swap32($x) { - return (($x & 0x000000ff) << 24) | (($x & 0x0000ff00) << 8) | - (($x & 0x00ff0000) >> 8) | (($x & 0xff000000) >> 24); - } - - /* Swap byte order of a 16-bit number */ - static private function swap16($x) { - return (($x & 0x00ff) << 8) | (($x & 0xff00) >> 8); - } - - /* Auto-detect UUID format */ - static private function detectFormat($src) { - if (is_string($src)) - return self::FMT_STRING; - else if (is_array($src)) { - $len = count($src); - if ($len == 1 || ($len % 2) == 0) - return $len; - else - return (-1); - } - else - return self::FMT_BINARY; - } - - /* - * Public API, generate a UUID of 'type' in format 'fmt' for - * the given namespace 'ns' and node 'node' - */ - static public function generate($type, $fmt = self::FMT_BYTE, - $node = "", $ns = "") { - $func = self::$m_generate[$type]; - if (!isset($func)) - return null; - $conv = self::$m_convert[self::FMT_FIELD][$fmt]; - - $uuid = self::$func($ns, $node); - return self::$conv($uuid); - } - - /* - * Public API, convert a UUID from one format to another - */ - static public function convert($uuid, $from, $to) { - $conv = self::$m_convert[$from][$to]; - if (!isset($conv)) - return ($uuid); - - return (self::$conv($uuid)); - } - - /* - * Generate an UUID version 4 (pseudo random) - */ - static private function generateRandom($ns, $node) { - $uuid = self::$m_uuid_field; - - $uuid['time_hi'] = (4 << 12) | (mt_rand(0, 0x1000)); - $uuid['clock_seq_hi'] = (1 << 7) | mt_rand(0, 128); - $uuid['time_low'] = mt_rand(0, 0xffffffff); - $uuid['time_mid'] = mt_rand(0, 0x0000ffff); - $uuid['clock_seq_low'] = mt_rand(0, 255); - for ($i = 0; $i < 6; $i++) - $uuid['node'][$i] = mt_rand(0, 255); - return ($uuid); - } - - /* - * Generate UUID version 3 and 5 (name based) - */ - static private function generateName($ns, $node, $hash, $version) { - $ns_fmt = self::detectFormat($ns); - $field = self::convert($ns, $ns_fmt, self::FMT_FIELD); - - /* Swap byte order to keep it in big endian on all platforms */ - $field['time_low'] = self::swap32($field['time_low']); - $field['time_mid'] = self::swap16($field['time_mid']); - $field['time_hi'] = self::swap16($field['time_hi']); - - /* Convert the namespace to binary and concatenate node */ - $raw = self::convert($field, self::FMT_FIELD, self::FMT_BINARY); - $raw .= $node; - - /* Hash the namespace and node and convert to a byte array */ - $val = $hash($raw, true); - $tmp = unpack('C16', $val); - foreach (array_keys($tmp) as $key) - $byte[$key - 1] = $tmp[$key]; - - /* Convert byte array to a field array */ - $field = self::conv_byte2field($byte); - - $field['time_low'] = self::swap32($field['time_low']); - $field['time_mid'] = self::swap16($field['time_mid']); - $field['time_hi'] = self::swap16($field['time_hi']); - - /* Apply version and constants */ - $field['clock_seq_hi'] &= 0x3f; - $field['clock_seq_hi'] |= (1 << 7); - $field['time_hi'] &= 0x0fff; - $field['time_hi'] |= ($version << 12); - - return ($field); - } - static private function generateNameMD5($ns, $node) { - return self::generateName($ns, $node, "md5", - self::UUID_NAME_MD5); - } - static private function generateNameSHA1($ns, $node) { - return self::generateName($ns, $node, "sha1", - self::UUID_NAME_SHA1); - } - - /* - * Generate UUID version 1 (time based) - */ - static private function generateTime($ns, $node) { - $uuid = self::$m_uuid_field; - - /* - * Get current time in 100 ns intervals. The magic value - * is the offset between UNIX epoch and the UUID UTC - * time base October 15, 1582. - */ - $tp = gettimeofday(); - $time = ($tp['sec'] * 10000000) + ($tp['usec'] * 10) + - 0x01B21DD213814000; - - /* Work around PHP 32-bit bit-operation limits */ - $q = intval($time / 0xffffffff); - $low = $time - ($q * (0xffffffff + 1)); - $high = intval(($time - $low) / 0xffffffff); - - $uuid['time_low'] = $low; - $uuid['time_mid'] = $high & 0x0000ffff; - $uuid['time_hi'] = ($high & 0x0fff) | (self::UUID_TIME << 12); - - /* - * We don't support saved state information and generate - * a random clock sequence each time. - */ - $uuid['clock_seq_hi'] = (1 << 7) | mt_rand(0, 128); - $uuid['clock_seq_low'] = mt_rand(0, 255); - - /* - * Node should be set to the 48-bit IEEE node identifier, but - * we leave it for the user to supply the node. - */ - for ($i = 0; $i < 6; $i++) - $uuid['node'][$i] = ord(substr($node, $i, 1)); - - return ($uuid); - } - - /* Assumes correct byte order */ - static private function conv_field2byte($src) { - $uuid[0] = ($src['time_low'] & 0xff000000) >> 24; - $uuid[1] = ($src['time_low'] & 0x00ff0000) >> 16; - $uuid[2] = ($src['time_low'] & 0x0000ff00) >> 8; - $uuid[3] = ($src['time_low'] & 0x000000ff); - $uuid[4] = ($src['time_mid'] & 0xff00) >> 8; - $uuid[5] = ($src['time_mid'] & 0x00ff); - $uuid[6] = ($src['time_hi'] & 0xff00) >> 8; - $uuid[7] = ($src['time_hi'] & 0x00ff); - $uuid[8] = $src['clock_seq_hi']; - $uuid[9] = $src['clock_seq_low']; - - for ($i = 0; $i < 6; $i++) - $uuid[10+$i] = $src['node'][$i]; - - return ($uuid); - } - - static private function conv_field2string($src) { - $str = sprintf( - '%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x', - ($src['time_low']), ($src['time_mid']), ($src['time_hi']), - $src['clock_seq_hi'], $src['clock_seq_low'], - $src['node'][0], $src['node'][1], $src['node'][2], - $src['node'][3], $src['node'][4], $src['node'][5]); - return ($str); - } - - static private function conv_field2binary($src) { - $byte = self::conv_field2byte($src); - return self::conv_byte2binary($byte); - } - - static private function conv_byte2field($uuid) { - $field = self::$m_uuid_field; - $field['time_low'] = ($uuid[0] << 24) | ($uuid[1] << 16) | - ($uuid[2] << 8) | $uuid[3]; - $field['time_mid'] = ($uuid[4] << 8) | $uuid[5]; - $field['time_hi'] = ($uuid[6] << 8) | $uuid[7]; - $field['clock_seq_hi'] = $uuid[8]; - $field['clock_seq_low'] = $uuid[9]; - - for ($i = 0; $i < 6; $i++) - $field['node'][$i] = $uuid[10+$i]; - return ($field); - } - - static public function conv_byte2string($src) { - $field = self::conv_byte2field($src); - return self::conv_field2string($field); - } - - static private function conv_byte2binary($src) { - $raw = pack('C16', $src[0], $src[1], $src[2], $src[3], - $src[4], $src[5], $src[6], $src[7], $src[8], $src[9], - $src[10], $src[11], $src[12], $src[13], $src[14], $src[15]); - return ($raw); - } - - static private function conv_string2field($src) { - $parts = sscanf($src, '%x-%x-%x-%x-%02x%02x%02x%02x%02x%02x'); - $field = self::$m_uuid_field; - $field['time_low'] = ($parts[0]); - $field['time_mid'] = ($parts[1]); - $field['time_hi'] = ($parts[2]); - $field['clock_seq_hi'] = ($parts[3] & 0xff00) >> 8; - $field['clock_seq_low'] = $parts[3] & 0x00ff; - for ($i = 0; $i < 6; $i++) - $field['node'][$i] = $parts[4+$i]; - - return ($field); - } - - static private function conv_string2byte($src) { - $field = self::conv_string2field($src); - return self::conv_field2byte($field); - } - - static private function conv_string2binary($src) { - $byte = self::conv_string2byte($src); - return self::conv_byte2binary($byte); - } -} - -?>
\ No newline at end of file diff --git a/src/etc/inc/voucher.inc b/src/etc/inc/voucher.inc index 2e0f5f5..31078e2 100644 --- a/src/etc/inc/voucher.inc +++ b/src/etc/inc/voucher.inc @@ -29,11 +29,6 @@ */ -/* - pfSense_BUILDER_BINARIES: /usr/local/bin/voucher - pfSense_MODULE: captiveportal -*/ - /* include all configuration functions */ if (!function_exists('captiveportal_syslog')) { require_once("captiveportal.inc"); @@ -588,8 +583,9 @@ function voucher_configure_zone($sync = false) { $roll = $rollent['number']; $len = ($rollent['count'] >> 3) + 1; - if (strlen(base64_decode($rollent['used'])) != $len) + if (strlen(base64_decode($rollent['used'])) != $len) { $rollent['used'] = base64_encode(str_repeat("\000", $len)); + } voucher_write_used_db($roll, $rollent['used']); $minutes = $rollent['minutes']; $active_vouchers = array(); diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc index e277da5..50f0b01 100644 --- a/src/etc/inc/vpn.inc +++ b/src/etc/inc/vpn.inc @@ -1,5 +1,4 @@ <?php - /* vpn.inc Copyright (C) 2004 Scott Ullrich @@ -33,32 +32,36 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - pfSense_BUILDER_BINARIES: /sbin/ifconfig - pfSense_BUILDER_BINARIES: /usr/local/sbin/ipsec /usr/local/libexec/ipsec/charon /usr/local/libexec/ipsec/starter - pfSense_BUILDER_BINARIES: /usr/local/sbin/filterdns /usr/local/sbin/mpd4 - pfSense_MODULE: vpn -*/ - require_once("ipsec.inc"); require_once("filter.inc"); -function vpn_ipsec_configure_loglevels($forconfig = false) { - global $config, $ipsec_loglevels; +function vpn_update_daemon_loglevel($category, $level) { + global $ipsec_log_cats, $ipsec_log_sevs; - $cfgtext = array(); - foreach ($ipsec_loglevels as $lkey => $ldescr) { - if (!isset($config['ipsec']["ipsec_{$lkey}"]) && !$forconfig) { - mwexec("/usr/local/sbin/ipsec stroke loglevel {$lkey} -- -1", false); - } else if (is_numeric($config['ipsec']["ipsec_{$lkey}"]) && - intval($config['ipsec']["ipsec_{$lkey}"]) >= 0 && intval($config['ipsec']["ipsec_{$lkey}"]) <= 5) { - $forconfig ? $cfgtext[] = "${lkey} " . (intval($config['ipsec']["ipsec_{$lkey}"]) - 1) : - mwexec("/usr/local/sbin/ipsec stroke loglevel {$lkey} " . (intval($config['ipsec']["ipsec_{$lkey}"]) - 1) , false); + if (in_array($category, array_keys($ipsec_log_cats), true) && in_array(intval($level), array_keys($ipsec_log_sevs), true)) { + + /* if you're setting to -1, need to add "--" to args */ + $argterm = ""; + if ($level == "-1") { + $argterm = "--"; } + + mwexec("/usr/local/sbin/ipsec stroke loglevel {$category} {$argterm} {$level}"); } - if ($forconfig) { - return implode(',', $cfgtext); +} + +function vpn_logging_cfgtxt() { + global $config, $ipsec_log_cats, $ipsec_log_sevs; + + $cfgtext = array(); + foreach (array_keys($ipsec_log_cats) as $cat) { + if (is_numeric($config['ipsec']['logging'][$cat]) && + in_array(intval($config['ipsec']['logging'][$cat]), array_keys($ipsec_log_sevs), true)) { + $cfgtext[] = "${cat} = {$config['ipsec']['logging'][$cat]}"; + } } + + return $cfgtext; } /* include all configuration functions */ @@ -128,13 +131,14 @@ function vpn_ipsec_configure($restart = false) { /* get the automatic ping_hosts.sh ready */ unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts"); touch("{$g['vardb_path']}/ipsecpinghosts"); + $ipsecpinghostsactive = false; /* service may have been enabled, disabled, or otherwise changed in a way requiring rule updates */ filter_configure(); $syscfg = $config['system']; $ipseccfg = $config['ipsec']; - if (!isset($ipseccfg['enable'])) { + if (!ipsec_enabled()) { /* try to stop charon */ mwexec("/usr/local/sbin/ipsec stop"); /* Stop dynamic monitoring */ @@ -143,9 +147,8 @@ function vpn_ipsec_configure($restart = false) { /* wait for process to die */ sleep(2); - /* disallow IPSEC, it is off */ + /* IPSEC is off, shutdown enc interface.*/ mwexec("/sbin/ifconfig enc0 down"); - set_single_sysctl("net.inet.ip.ipsec_in_use", "0"); return 0; } @@ -160,7 +163,6 @@ function vpn_ipsec_configure($restart = false) { $crlpath = "{$g['varetc_path']}/ipsec/ipsec.d/crls"; mwexec("/sbin/ifconfig enc0 up"); - set_single_sysctl("net.inet.ip.ipsec_in_use", "1"); if (php_uname('m') != "amd64") { set_single_sysctl("net.inet.ipsec.directdispatch", "0"); } @@ -172,6 +174,11 @@ function vpn_ipsec_configure($restart = false) { if (!is_dir("{$g['varetc_path']}/ipsec/ipsec.d")) { mkdir("{$g['varetc_path']}/ipsec/ipsec.d"); } + // delete these paths first to ensure old CAs, certs and CRLs aren't left behind. redmine #5238 + rmdir_recursive($capath); + rmdir_recursive($keypath); + rmdir_recursive($crlpath); + rmdir_recursive($certpath); if (!is_dir($capath)) { mkdir($capath); } @@ -197,14 +204,49 @@ function vpn_ipsec_configure($restart = false) { mkdir("{$g['varetc_path']}/ipsec/ipsec.d/reqs"); } + if (!file_exists("/usr/local/etc/ipsec.d") || + !is_link("/usr/local/etc/ipsec.d")) { + conf_mount_rw(); + if (file_exists("/usr/local/etc/ipsec.d")) { + rmdir_recursive("/usr/local/etc/ipsec.d"); + } + @symlink("{$g['varetc_path']}/ipsec/ipsec.d", + "/usr/local/etc/ipsec.d"); + conf_mount_ro(); + } + if (!file_exists("{$g['varetc_path']}/etc/strongswan.d") || + !is_link("{$g['varetc_path']}/etc/strongswan.d")) { + conf_mount_rw(); + if (is_link("{$g['varetc_path']}/etc/strongswan.d")) { + @unlink("{$g['varetc_path']}/etc/strongswan.d"); + } else { + rmdir_recursive("{$g['varetc_path']}/etc/strongswan.d"); + } + @symlink("/usr/local/etc/strongswan.d", + "{$g['varetc_path']}/ipsec/strongswan.d"); + conf_mount_ro(); + } + if (!file_exists("/usr/local/etc/strongswan.conf") || + !is_link("/usr/local/etc/strongswan.conf")) { + conf_mount_rw(); + @unlink("/usr/local/etc/strongswan.conf"); + @symlink("{$g['varetc_path']}/ipsec/strongswan.conf", + "/usr/local/etc/strongswan.conf"); + conf_mount_ro(); + } + if (!file_exists("/usr/local/etc/ipsec.conf") || + !is_link("/usr/local/etc/ipsec.conf")) { + conf_mount_rw(); + @unlink("/usr/local/etc/ipsec.conf"); + @symlink("{$g['varetc_path']}/ipsec/ipsec.conf", + "/usr/local/etc/ipsec.conf"); + conf_mount_ro(); + } if (platform_booting()) { echo gettext("Configuring IPsec VPN... "); } - /* fastforwarding is not compatible with ipsec tunnels */ - set_single_sysctl("net.inet.ip.fastforwarding", "0"); - /* resolve all local, peer addresses and setup pings */ $ipmap = array(); $rgmap = array(); @@ -213,6 +255,7 @@ function vpn_ipsec_configure($restart = false) { $aggressive_mode_psk = false; unset($iflist); $ifacesuse = array(); + $mobile_ipsec_auth = ""; if (is_array($a_phase1) && count($a_phase1)) { $ipsecpinghosts = ""; @@ -256,6 +299,7 @@ function vpn_ipsec_configure($restart = false) { try to resolve it now and add it to the list for filterdns */ if (isset ($ph1ent['mobile'])) { + $mobile_ipsec_auth = $ph1ent['authentication_method']; continue; } @@ -336,6 +380,7 @@ function vpn_ipsec_configure($restart = false) { } if (is_ipaddr($srcip)) { $ipsecpinghosts[] = "{$srcip}|{$dstip}|3|||||{$family}|\n"; + $ipsecpinghostsactive = true; } } } @@ -396,11 +441,19 @@ function vpn_ipsec_configure($restart = false) { unset($stronconf); + $strongswanlog = ""; + $ipsecloglevels = vpn_logging_cfgtxt(); + if (is_array($ipsecloglevels)) { + foreach ($ipsecloglevels as $loglevel) { + $strongswanlog .= "\t\t" . $loglevel . "\n"; + } + } $strongswan = <<<EOD # Automatically generated config file - DO NOT MODIFY. Changes will be overwritten. starter { -load_warning = no + load_warning = no + config_file = {$g['varetc_path']}/ipsec/ipsec.conf } charon { @@ -416,53 +469,61 @@ cisco_unity = {$unity_enabled} {$ifacesuse} {$makebeforebreak} -# And two loggers using syslog. The subsections define the facility to log -# to, currently one of: daemon, auth. syslog { identifier = charon - # default level to the LOG_DAEMON facility + # log everything under daemon since it ends up in the same place regardless with our syslog.conf daemon { ike_name = yes +{$strongswanlog} } - # very minimalistic IKE auditing logs to LOG_AUTHPRIV + # disable logging under auth so logs aren't duplicated auth { default = -1 - ike = 1 - ike_name = yes } } + plugins { + stroke { + secrets_file = {$g['varetc_path']}/ipsec/ipsec.secrets + } + EOD; - $strongswan .= "\tplugins {\n"; + /* Find RADIUS servers designated for Mobile IPsec user auth */ + $radius_server_txt = ""; + $user_sources = explode(',', $config['ipsec']['client']['user_source']); + foreach ($user_sources as $user_source) { + $auth_server = auth_get_authserver($user_source); + $nice_user_source = strtolower(preg_replace('/\s+/', '_', $user_source)); + if ($auth_server && $auth_server['type'] === 'radius') { + $radius_server_txt .= <<<EOD + {$nice_user_source} { + address = {$auth_server['host']} + secret = "{$auth_server['radius_secret']}" + auth_port = {$auth_server['radius_auth_port']} + acct_port = {$auth_server['radius_acct_port']} + } + +EOD; + } + } - $a_servers = auth_get_authserver_list(); - foreach ($a_servers as $id => $pconfig) { - if ($id == $config['ipsec']['client']['user_source'] && $pconfig['type'] == "radius") { - $strongswan .= <<<EOD + /* write an eap-radius config section if appropriate */ + if (strlen($radius_server_txt) && ($mobile_ipsec_auth === "eap-radius")) { + $strongswan .= <<<EOD eap-radius { class_group = yes eap_start = no servers { - primary { - address = {$pconfig['host']} - secret = {$pconfig['radius_secret']} - auth_port = {$pconfig['radius_auth_port']} - acct_port = {$pconfig['radius_acct_port']} - } +{$radius_server_txt} } } EOD; - break; - } } if (is_array($a_client) && isset($a_client['enable'])) { $strongswan .= "\t\tattr {\n"; - if ($a_client['pool_address'] && $a_client['pool_netbits']) { - $strongswan .= "\t\t\tsubnet = {$a_client['pool_address']}/{$a_client['pool_netbits']}\n"; - } $cfgservers = array(); if (!empty($a_client['dns_server1'])) { @@ -514,6 +575,7 @@ EOD; } if (!empty($net_list)) { + $strongswan .= "\t\t\tsubnet = {$net_list}\n"; $strongswan .= "\t\t\tsplit-include = {$net_list}\n"; unset($net_list); } @@ -570,28 +632,6 @@ EOD; @file_put_contents("{$g['varetc_path']}/ipsec/strongswan.conf", $strongswan); unset($strongswan); - /* generate CA certificates files */ - if (is_array($config['ca']) && count($config['ca'])) { - foreach ($config['ca'] as $ca) { - if (!isset($ca['crt'])) { - log_error(sprintf(gettext("Error: Invalid certificate info for %s"), $ca['descr'])); - continue; - } - $cert = base64_decode($ca['crt']); - $x509cert = openssl_x509_parse(openssl_x509_read($cert)); - if (!is_array($x509cert) || !isset($x509cert['hash'])) { - log_error(sprintf(gettext("Error: Invalid certificate hash info for %s"), $ca['descr'])); - continue; - } - $fname = "{$capath}/{$x509cert['hash']}.0.crt"; - if (!@file_put_contents($fname, $cert)) { - log_error(sprintf(gettext("Error: Cannot write IPsec CA file for %s"), $ca['descr'])); - continue; - } - unset($cert); - } - } - /* write out CRL files */ if (is_array($config['crl']) && count($config['crl'])) { foreach ($config['crl'] as $crl) { @@ -609,6 +649,7 @@ EOD; $pskconf = ""; + $vpncas = array(); if (is_array($a_phase1) && count($a_phase1)) { foreach ($a_phase1 as $ph1ent) { @@ -628,6 +669,16 @@ EOD; continue; } + /* add signing CA cert chain of server cert + * to the list of CAs to write + */ + $cachain = ca_chain_array($cert); + if ($cachain && is_array($cachain)) { + foreach ($cachain as $cacrt) { + $vpncas[$cacrt['refid']] = $cacrt; + } + } + @chmod($certpath, 0600); $ph1keyfile = "{$keypath}/cert-{$ikeid}.key"; @@ -676,6 +727,41 @@ EOD; } } } + + /* if the client authenticates with a cert add the + * client cert CA chain to the list of CAs to write + */ + if (in_array($ph1ent['authentication_method'], + array('rsasig', 'eap-tls', 'xauth_rsa_server'))) { + + if (!empty($ph1ent['caref']) && !array_key_exists($ph1ent['caref'], $vpncas)) { + $thisca = lookup_ca($ph1ent['caref']); + $vpncas[$ph1ent['caref']] = $thisca; + + /* follow chain up to root */ + $cachain = ca_chain_array($thisca); + if ($cachain and is_array($cachain)) { + foreach ($cachain as $cacrt) { + $vpncas[$cacrt['refid']] = $cacrt; + } + } + } + } + } + } + + /* write the required CAs */ + foreach ($vpncas as $carefid => $cadata) { + $cacrt = base64_decode($cadata['crt']); + $cacrtattrs = openssl_x509_parse($cacrt); + if (!is_array($cacrtattrs) || !isset($cacrtattrs['hash'])) { + log_error(sprintf(gettext("Error: Invalid certificate hash info for %s"), $cadata['descr'])); + continue; + } + $cafilename = "{$capath}/{$cacrtattrs['hash']}.0.crt"; + if (!@file_put_contents($cafilename, $cacrt)) { + log_error(sprintf(gettext("Error: Cannot write IPsec CA file for %s"), $cadata['descr'])); + continue; } } @@ -724,7 +810,6 @@ EOD; $ipsecconf .= "# This file is automatically generated. Do not edit\n"; $ipsecconf .= "config setup\n\tuniqueids = {$uniqueids}\n"; - $ipsecconf .= "\tcharondebug=\"" . vpn_ipsec_configure_loglevels(true) . "\"\n"; if (isset($config['ipsec']['strictcrlpolicy'])) { $ipsecconf .= "\tstrictcrlpolicy = yes \n"; @@ -942,6 +1027,21 @@ EOD; } } + if (!empty($ph1ent['caref'])) { + $ca = lookup_ca($ph1ent['caref']); + if ($ca) { + $casubarr = cert_get_subject_array($ca['crt']); + $casub = ""; + foreach ($casubarr as $casubfield) { + if (empty($casub)) { + $casub = "/"; + } + $casub .= "{$casubfield['a']}={$casubfield['v']}/"; + } + + } + } + $authentication = ""; switch ($ph1ent['authentication_method']) { case 'eap-mschapv2': @@ -950,6 +1050,7 @@ EOD; $authentication .= "leftauth=pubkey\n\trightauth=eap-mschapv2"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } break; @@ -959,13 +1060,18 @@ EOD; $authentication .= "leftauth=pubkey\n\trightauth=eap-tls"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } else { $authentication = "leftauth=eap-tls\n\trightauth=eap-tls"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } + if (isset($casub)) { + $authentication .= "\n\trightca=\"$casub\""; + } break; case 'eap-radius': if (isset($ph1ent['mobile'])) { @@ -973,11 +1079,13 @@ EOD; $authentication .= "leftauth=pubkey\n\trightauth=eap-radius"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } else { $authentication = "leftauth=eap-radius\n\trightauth=eap-radius"; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; + $authentication .= "\n\tleftsendcert=always"; } } break; @@ -987,6 +1095,9 @@ EOD; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; } + if (isset($casub)) { + $authentication .= "\n\trightca=\"$casub\""; + } break; case 'xauth_psk_server': $authentication = "leftauth = psk\n\trightauth = psk"; @@ -1000,6 +1111,9 @@ EOD; if (!empty($ph1ent['certref'])) { $authentication .= "\n\tleftcert={$certpath}/cert-{$ph1ent['ikeid']}.crt"; } + if (isset($casub)) { + $authentication .= "\n\trightca=\"$casub\""; + } break; case 'hybrid_rsa_server': $authentication = "leftauth = pubkey\n\trightauth = xauth-generic"; @@ -1102,7 +1216,8 @@ EOD; $tunneltype = "type = transport"; if ((($ph1ent['authentication_method'] == "xauth_psk_server") || - ($ph1ent['authentication_method'] == "pre_shared_key")) && isset($ph1ent['mobile'])) { + ($ph1ent['authentication_method'] == "pre_shared_key")) && + isset($ph1ent['mobile'])) { $left_spec = "%any"; } else { $tmpsubnet = ipsec_get_phase1_src($ph1ent); @@ -1318,6 +1433,11 @@ EOD; } } + // run ping_hosts.sh once if it's enabled to avoid wait for minicron + if ($ipsecpinghostsactive == true) { + mwexec_bg("/usr/local/bin/ping_hosts.sh"); + } + if ($natfilterrules == true) { filter_configure(); } @@ -1677,10 +1797,16 @@ function vpn_l2tp_configure() { $l2tp_listen="set l2tp self $ipaddr"; } - if ($l2tpcfg['paporchap'] == "chap") { - $paporchap = "set link enable chap"; - } else { - $paporchap = "set link enable pap"; + switch ($l2tpcfg['paporchap']) { + case 'chap': + $paporchap = "set link enable chap"; + break; + case 'chap-msv2': + $paporchap = "set link enable chap-msv2"; + break; + default: + $paporchap = "set link enable pap"; + break; } /* write mpd.conf */ diff --git a/src/etc/inc/vslb.inc b/src/etc/inc/vslb.inc index 05bef31..cb2c50b 100644 --- a/src/etc/inc/vslb.inc +++ b/src/etc/inc/vslb.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* vslb.inc Copyright (C) 2005-2008 Bill Marquette @@ -28,12 +27,6 @@ */ -/* - pfSense_BUILDER_BINARIES: /usr/local/sbin/relayd - pfSense_MODULE: routing -*/ - - /* include all configuration functions */ class Monitor { diff --git a/src/etc/inc/xmlparse.inc b/src/etc/inc/xmlparse.inc index 08d9b19..cd44aa5 100644 --- a/src/etc/inc/xmlparse.inc +++ b/src/etc/inc/xmlparse.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* xmlparse.inc functions to parse/dump configuration files in XML format diff --git a/src/etc/inc/xmlparse_attr.inc b/src/etc/inc/xmlparse_attr.inc index ab90e98..c9f6c3a 100644 --- a/src/etc/inc/xmlparse_attr.inc +++ b/src/etc/inc/xmlparse_attr.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* xmlparse_attr.inc functions to parse configuration files in XML format with attributes diff --git a/src/etc/inc/xmlreader.inc b/src/etc/inc/xmlreader.inc index 960acb1..3982c60 100644 --- a/src/etc/inc/xmlreader.inc +++ b/src/etc/inc/xmlreader.inc @@ -1,5 +1,4 @@ <?php -/* $Id$ */ /* xmlreader.inc functions to parse/dump configuration files in XML format @@ -30,10 +29,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - pfSense_MODULE: utils -*/ - /* The following items will be treated as arrays in config.xml */ function listtags() { /* diff --git a/src/etc/inc/xmlrpc.inc b/src/etc/inc/xmlrpc.inc index e96e783..001777c 100644 --- a/src/etc/inc/xmlrpc.inc +++ b/src/etc/inc/xmlrpc.inc @@ -1,7 +1,5 @@ <?php /* - $Id$ - xmlrpc.inc Copyright (C) 2005-2006 Colin Smith All rights reserved. @@ -28,11 +26,6 @@ POSSIBILITY OF SUCH DAMAGE. */ -/* - pfSense_BUILDER_BINARIES: - pfSense_MODULE: utils -*/ - require_once("auth.inc"); require_once("xmlrpc_client.inc"); @@ -52,30 +45,6 @@ function xmlrpc_params_to_php($params) { * xmlrpc_value_to_php: Convert an XMLRPC value into a PHP scalar/array and return it. */ function xmlrpc_value_to_php($raw_value) { - /* - switch ($raw_value->kindOf()) { - case "scalar": - if ($raw_value->scalartyp() == "boolean") { - $return = (boolean) $raw_value->scalarval(); - } - $return = $raw_value->scalarval(); - break; - case "array": - $return = array(); - for ($i = 0; $i < $raw_value->arraysize(); $i++) { - $value = $raw_value->arraymem($i); - $return[] = xmlrpc_value_to_php($value); - } - break; - case "struct": - $return = array(); - for ($i = 0; $i < $raw_value->arraysize(); $i++) { - list($key, $value) = $raw_value->structeach(); - $return[$key] = xmlrpc_value_to_php($value); - } - break; - } - */ return XML_RPC_decode($raw_value); } @@ -85,25 +54,6 @@ function xmlrpc_value_to_php($raw_value) { function php_value_to_xmlrpc($value, $force_array = false) { $toreturn = XML_RPC_encode($value); return $force_array ? array($toreturn) : $toreturn; - /* - if (gettype($value) == "array") { - $xmlrpc_type = "array"; - $toreturn = array(); - foreach ($value as $key => $val) { - if (is_string($key)) { - $xmlrpc_type = "struct"; - } - $toreturn[$key] = php_value_to_xmlrpc($val); - } - return new XML_RPC_Value($toreturn, $xmlrpc_type); - } else { - if ($force_array == true) { - return new XML_RPC_Value(array(new XML_RPC_Value($value, gettype($value))), "array"); - } else { - return new XML_RPC_Value($value, gettype($value)); - } - } - */ } /* @@ -123,7 +73,8 @@ function xmlrpc_auth(&$params) { array_shift($params); unset($params['xmlrpcauth']); return true; - } else if (!empty($params['xmlrpcauth']) && (authenticate_user("admin", $params['xmlrpcauth'], $authcfg) || + } else if (!empty($params['xmlrpcauth']) && + (authenticate_user("admin", $params['xmlrpcauth'], $authcfg) || authenticate_user("admin", $params['xmlrpcauth']))) { array_shift($params); unset($params['xmlrpcauth']); @@ -133,7 +84,8 @@ function xmlrpc_auth(&$params) { array_shift($params); unset($params['xmlrpcauth']); return true; - } else if (!empty($params['xmlrpcauth']) && authenticate_user("admin", $params['xmlrpcauth'])) { + } else if (!empty($params['xmlrpcauth']) && + authenticate_user("admin", $params['xmlrpcauth'])) { array_shift($params); unset($params['xmlrpcauth']); return true; diff --git a/src/etc/inc/xmlrpc_client.inc b/src/etc/inc/xmlrpc_client.inc index fbbf977..a701419 100644 --- a/src/etc/inc/xmlrpc_client.inc +++ b/src/etc/inc/xmlrpc_client.inc @@ -911,38 +911,28 @@ class XML_RPC_Client extends XML_RPC_Base { print "\n---END---</pre>\n"; } - /* - * If we're using a proxy open a socket to the proxy server - * instead to the xml-rpc server - */ + $ctx_options = array(); + + /* Add proxy to context when it's set */ if ($this->proxy) { - if ($this->proxy_protocol == 'http://') { - $protocol = ''; - } else { - $protocol = $this->proxy_protocol; - } - if ($timeout > 0) { - $fp = @fsockopen($protocol . $this->proxy, $this->proxy_port, - $this->errno, $this->errstr, $timeout); - } else { - $fp = @fsockopen($protocol . $this->proxy, $this->proxy_port, - $this->errno, $this->errstr); - } - } else { - if ($this->protocol == 'http://') { - $protocol = ''; - } else { - $protocol = $this->protocol; - } - if ($timeout > 0) { - $fp = @fsockopen($protocol . $server, $port, - $this->errno, $this->errstr, $timeout); - } else { - $fp = @fsockopen($protocol . $server, $port, - $this->errno, $this->errstr); - } + $ctx_options['http'] = array( + 'proxy' => "{$this->proxy_protocol}{$this->proxy}:{$this->proxy_port}" + ); } + /* Disable SSL certificate check since it's used only by HA nowadays */ + $ctx_options['ssl'] = array( + 'verify_peer' => false, + 'verify_peer_name' => false + ); + + $ctx = stream_context_create($ctx_options); + + $fp = stream_socket_client("{$this->protocol}{$server}:{$port}", + $this->errno, $this->errstr, + ($timeout > 0 ? $timeout : ini_get("default_socket_timeout")), + STREAM_CLIENT_CONNECT, $ctx); + /* * Just raising the error without returning it is strange, * but keep it here for backwards compatibility. @@ -961,14 +951,6 @@ class XML_RPC_Client extends XML_RPC_Base { return 0; } - if ($timeout) { - /* - * Using socket_set_timeout() because stream_set_timeout() - * was introduced in 4.3.0, but we need to support 4.2.0. - */ - socket_set_timeout($fp, $timeout); - } - if (!fputs($fp, $op, strlen($op))) { $this->errstr = 'Write error'; return 0; diff --git a/src/etc/inc/xmlrpc_server.inc b/src/etc/inc/xmlrpc_server.inc index f4d8a46..627078a 100644 --- a/src/etc/inc/xmlrpc_server.inc +++ b/src/etc/inc/xmlrpc_server.inc @@ -246,7 +246,7 @@ function XML_RPC_Server_debugmsg($m) * ), * 1, * 0 - * ); + * ); * </code> * * @category Web Services @@ -562,8 +562,8 @@ class XML_RPC_Server $XML_RPC_xh[$parser]['isf'] = 0; $XML_RPC_xh[$parser]['params'] = array(); $XML_RPC_xh[$parser]['method'] = ''; - $XML_RPC_xh[$parser]['stack'] = array(); - $XML_RPC_xh[$parser]['valuestack'] = array(); + $XML_RPC_xh[$parser]['stack'] = array(); + $XML_RPC_xh[$parser]['valuestack'] = array(); $plist = ''; diff --git a/src/etc/inc/zeromq.inc b/src/etc/inc/zeromq.inc deleted file mode 100644 index 6b513d3..0000000 --- a/src/etc/inc/zeromq.inc +++ /dev/null @@ -1,340 +0,0 @@ -<?php -/* - zeromq.inc - part of the pfSense project (https://www.pfsense.org) - Copyright 2010 Scott Ullrich <sullrich@gmail.com> - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -define('ZEROMQ_AUTH_FAIL', 'authfail'); -define('ZEROMQ_TRUE', 'true'); -define('ZEROMQ_FASLE', 'false'); - -$do_not_include_config_gui_inc = true; -require_once("auth.inc"); - -//$debug = true; - -/* zeromq_send: Send a message to a member node */ -function zeromq_send($protocol = "tcp", $ipaddress = "127.0.0.1", $port = "8888", - $method, $params, $username, $password) { - - global $debug; - - /* Set calling function and auth information */ - $xmlparams = array( - $username, - $password, - $method, - $params - ); - - /* Create new queue object */ - $queue = new ZMQSocket(new ZMQContext(), ZMQ::SOCKET_REQ, "MySock1"); - $queue->connect("{$protocol}://{$ipaddress}:{$port}"); - - /* Assign socket 1 to the queue, send and receive */ - $result = $queue->send(serialize($xmlparams))->recv(); - - /* xmlrpc_params_to_php() the result and return */ - $unserializedresult = unserialize($result); - - /* Return the result to the caller */ - return $unserializedresult; -} - -function zeromq_server($protocol = "tcp", $ipaddress = "127.0.0.1", $port = "8888") { - global $debug; - if (!$ipaddress || !$port) { - if ($debug) { - echo "ERROR: You must pass, proto, ipaddress and port\n"; - } - return; - } - if ($debug) { - echo "Creating ZMQSocket()\n"; - } - $server = new ZMQSocket(new ZMQContext(), ZMQ::SOCKET_REP); - if ($debug) { - echo "Binding to {$protocol}://{$ipaddress}:{$port}\n"; - } - $server->bind("{$protocol}://{$ipaddress}:{$port}"); - if ($debug) { - echo "Entering while() loop\n"; - } - while ($msg = $server->recv()) { - // Convert the XML to a PHP array - $message = unserialize($msg); - if ($debug) { - echo "Message received:\n"; - print_r($message); - } - switch ($message[2]) { - case "pfsense.exec_shell": - $function_to_call = "exec_shell_zeromq"; - break; - case "pfsense.exec_php": - $function_to_call = "exec_php_zeromq"; - break; - case "pfsense.filter_configure": - $function_to_call = "filter_configure_zeromq"; - break; - case "pfsense.interfaces_carp_configure": - $function_to_call = "interfaces_carp_configure_zeromq"; - break; - case "pfsense.backup_config_section": - $function_to_call = "backup_config_section_zeromq"; - break; - case "pfsense.restore_config_section": - $function_to_call = "restore_config_section_zeromq"; - break; - case "pfsense.merge_config_section": - $function_to_call = "merge_config_section_zeromq"; - break; - case "pfsense.merge_installedpackages_section_zeromq": - $function_to_call = "merge_installedpackages_section_zeromq"; - break; - case "pfsense.check_firmware_version": - $function_to_call = "check_firmware_version_zeromq"; - break; - case "pfsense.reboot": - $function_to_call = "reboot_zeromq"; - break; - case "pfsense.get_notices": - $function_to_call = "get_notices_zeromq"; - break; - } - if (!$function_to_call) { - if ($debug) { - echo "ERROR: Could not find a function to call"; - } - return; - } else { - if ($debug) { - echo "Invoking function {$message[2]}()\n;"; - } - } - /* Call function that is being invoked */ - $result = $function_to_call($message); - /* echo back the result */ - $server->send($result); - } -} - -function zeromq_auth($params) { - global $config, $g, $debug; - - $username = $params[0]; - $passwd = $params[1]; - - $user = getUserEntry($username); - if (!$user) { - if ($debug) { - echo "Could not locate user $username with getUserEntry()\n"; - } - return false; - } - - if (is_account_disabled($username) || is_account_expired($username)) { - if ($debug) { - echo "Returning account expired/disabled\n"; - } - return false; - } - - if ($user['password']) { - $passwd = crypt($passwd, $user['password']); - if ($passwd == $user['password']) { - return true; - } - } - - if ($user['md5-hash']) { - $passwd = md5($passwd); - if ($passwd == $user['md5-hash']) { - return true; - } - } - - if ($debug) { - echo "zeromq_auth() fall through == false\n"; - } - - return false; -} - -function exec_php_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - if ($debug) { - echo "Auth failed in exec_shell_zeromq()\n"; - } - return ZEROMQ_AUTH_FAIL; - } - $exec_php = $params[3]; - if ($debug) { - echo "Running exec_php_zeromq(): {$exec_php}\n"; - } - eval($exec_php); - if ($toreturn) { - return serialize($toreturn); - } else { - return ZEROMQ_FASLE; - } -} - -function exec_shell_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - if ($debug) { - echo "Auth failed in exec_shell_zeromq()\n"; - } - return ZEROMQ_AUTH_FAIL; - } - $shell_cmd = $params[3]; - if ($debug) { - echo "Running exec_shell_zeromq(): {$shell_cmd}\n"; - } - mwexec($shell_cmd); - return ZEROMQ_FASLE; -} - -function backup_config_section_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - $val = array_intersect_key($config, array_flip($params[3])); - return serialize($val); -} - -function restore_config_section_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - $config = array_merge($config, $params[3]); - $mergedkeys = implode(",", array_keys($params[3])); - write_config(sprintf(gettext("Merged in config (%s sections) from ZeroMQ client."), $mergedkeys)); - return ZEROMQ_FASLE; -} - -function merge_installedpackages_section_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - $config['installedpackages'] = array_merge($config['installedpackages'], $params[0]); - $mergedkeys = implode(",", array_keys($params[3])); - write_config(sprintf(gettext("Merged in config (%s sections) from ZeroMQ client."), $mergedkeys)); - return ZEROMQ_FASLE; -} - -function merge_config_section_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - $config = array_merge_recursive_unique($config, $params[0]); - $mergedkeys = implode(",", array_keys($params[3])); - write_config("Merged in config ({$mergedkeys} sections) from ZeroMQ client."); - return ZEROMQ_FASLE; -} - -function filter_configure_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - filter_configure(); - system_routing_configure(); - setup_gateways_monitor(); - relayd_configure(); - require_once("openvpn.inc"); - openvpn_resync_all(); - services_dhcpd_configure(); - if (isset($config['dnsmasq']['enable'])) { - services_dnsmasq_configure(); - } elseif (isset($config['unbound']['enable'])) { - services_unbound_configure(); - } - local_sync_accounts(); - return ZEROMQ_FASLE; -} - -function interfaces_carp_configure_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - interfaces_sync_setup(); - interfaces_vips_configure(); - return ZEROMQ_FASLE; -} - -function check_firmware_version_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - return serialize(check_firmware_version(false)); -} - -function reboot_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - mwexec_bg("/etc/rc.reboot"); - return ZEROMQ_FASLE; -} - -function get_notices_zeromq($raw_params) { - global $config, $g, $debug; - $params = $raw_params; - if (zeromq_auth($raw_params) == false) { - return ZEROMQ_AUTH_FAIL; - } - if (!function_exists("get_notices")) { - require("notices.inc"); - } - if (!$params) { - $toreturn = get_notices(); - } else { - $toreturn = get_notices($params); - } - return serialize($toreturn); -} - -?> diff --git a/src/etc/login.conf b/src/etc/login.conf index 1e61a9f..98324e2 100644 --- a/src/etc/login.conf +++ b/src/etc/login.conf @@ -35,7 +35,7 @@ default:\ :maxproc=unlimited:\ :sbsize=unlimited:\ :vmemoryuse=unlimited:\ - :idletime=unlimited:\ + :idletime=unlimited:\ :priority=0:\ :ignoretime@:\ :umask=022: @@ -81,7 +81,7 @@ russian|Russian Users Accounts:\ ###################################################################### ## ## Example entries -## +## ###################################################################### ###################################################################### diff --git a/src/etc/pfSense.obsoletedfiles b/src/etc/pfSense.obsoletedfiles index 647866f..5b5b7d0 100644 --- a/src/etc/pfSense.obsoletedfiles +++ b/src/etc/pfSense.obsoletedfiles @@ -8,16 +8,20 @@ /etc/auth.conf /etc/current-supfile /etc/defaults/pccard.conf +/etc/fbtab /etc/freebsd-update.conf /etc/gnats /etc/hostid /etc/hosts.lpd /etc/inc/array_intersect_key.inc /etc/inc/cmd_chain.inc +/etc/inc/dot.hushlogin /etc/inc/lb.inc /etc/inc/m0n0 /etc/inc/regdomain.inc /etc/inc/sysctl.inc +/etc/inc/uuid.php +/etc/inc/zeromq.inc /etc/isdn /etc/locate.rc /etc/mail.rc @@ -54,6 +58,7 @@ /etc/phpshellsessions/restartftphelper /etc/ping_hosts.sh /etc/portsnap.conf +/etc/rc.create_full_backup /etc/rc.d/amd /etc/rc.d/auto_linklocal /etc/rc.d/bluetooth @@ -87,7 +92,9 @@ /etc/rc.d/uzip /etc/rc.dyndns.storecache /etc/rc.firewall6 -/etc/rc.initial_firmware_update +/etc/rc.firmware +/etc/rc.firmware_auto +/etc/rc.initial.firmware_update /etc/rc.linkup.sh /etc/rc.parse-isc-dhcpd /etc/rc.sendmail @@ -214,6 +221,7 @@ /usr/bin/ntpq /usr/bin/objcopy /usr/bin/objdump +/usr/bin/pbisyscmd /usr/bin/pfbtops /usr/bin/pic /usr/bin/post-grohtml @@ -436,7 +444,6 @@ /usr/local/bin/tickadj /usr/local/bin/verifysig /usr/local/etc/pkg.conf -/usr/local/include /usr/local/info /usr/local/lib/engines /usr/local/lib/engines/lib4758cca.so @@ -454,6 +461,12 @@ /usr/local/lib/event2 /usr/local/lib/event2/libevent_core-2.0.so.6 /usr/local/lib/event2/libevent_pthreads-2.0.so.6 +/usr/local/lib/ipsec/plugins/libstrongswan-eap-aka-3gpp2.so +/usr/local/lib/ipsec/plugins/libstrongswan-eap-aka.so +/usr/local/lib/ipsec/plugins/libstrongswan-gmp.so +/usr/local/lib/ipsec/plugins/libstrongswan-smp.so +/usr/local/lib/ipsec/plugins/libstrongswan-smp.a +/usr/local/lib/ipsec/plugins/libstrongswan-smp.la /usr/local/lib/libcrypto.a /usr/local/lib/libcrypto.so /usr/local/lib/libcrypto.so.8 @@ -466,13 +479,8 @@ /usr/local/lib/libevent-1.2.so /usr/local/lib/libevent-1.3e.so.1 /usr/local/lib/libevent-1.4.so.4 -/usr/local/lib/libevtlog.so.0 /usr/local/lib/libfreetype.so.9 -/usr/local/lib/libglib-2.0.so.0 -/usr/local/lib/libgmodule-2.0.so.0 -/usr/local/lib/libgthread-2.0.so.0 /usr/local/lib/libhistory.so.5 -/usr/local/lib/libiconv.so.3 /usr/local/lib/libidn.so.17 /usr/local/lib/libipsec.so /usr/local/lib/libipsec.so.0 @@ -568,7 +576,6 @@ /usr/local/lib/lighttpd/mod_webdav.a /usr/local/lib/lighttpd/mod_webdav.la /usr/local/lib/mysql/libmysqlclient.so.15 -/usr/local/lib/mysql/libmysqlclient.so.18 /usr/local/lib/olsrd_dot_draw.so.0.3 /usr/local/lib/olsrd_dyn_gw.so.0.4 /usr/local/lib/olsrd_dyn_gw_plain.so.0.4 @@ -580,6 +587,7 @@ /usr/local/lib/olsrd_power.so.0.3 /usr/local/lib/olsrd_secure.so.0.5 /usr/local/lib/olsrd_txtinfo.so.0.1 +/usr/local/lib/php.ini /usr/local/lib/php/20060613 /usr/local/lib/php/20090626 /usr/local/lib/php/20121212 @@ -611,8 +619,6 @@ /usr/local/pkg/openvpn_cli.xml /usr/local/pkg/openvpn_csc.xml /usr/local/pkg/routed -/usr/local/pkg/routed.inc -/usr/local/pkg/routed.xml /usr/local/pkg/routed/routed.inc /usr/local/pkg/routed/routed.xml /usr/local/pkg/sasyncd.xml @@ -623,18 +629,39 @@ /usr/local/sbin/dnsextd /usr/local/sbin/dnswatch /usr/local/sbin/env4801 -/usr/local/sbin/fping /usr/local/sbin/ftpsesame /usr/local/sbin/grub-install1 /usr/local/sbin/ipfw_context +/usr/local/sbin/ipfw-classifyd /usr/local/sbin/kbdcheck /usr/local/sbin/mdnsd /usr/local/sbin/mini_httpd /usr/local/sbin/mpd /usr/local/sbin/olsrd +/usr/local/sbin/pbi +/usr/local/sbin/pbi-crashhandler +/usr/local/sbin/pbi_add +/usr/local/sbin/pbi_addrepo +/usr/local/sbin/pbi_autobuild +/usr/local/sbin/pbi_browser +/usr/local/sbin/pbi_create +/usr/local/sbin/pbi_delete +/usr/local/sbin/pbi_deleterepo +/usr/local/sbin/pbi_icon +/usr/local/sbin/pbi_indextool +/usr/local/sbin/pbi_info +/usr/local/sbin/pbi_listrepo +/usr/local/sbin/pbi_makepatch +/usr/local/sbin/pbi_makeport /usr/local/sbin/pbi_makeport_chroot +/usr/local/sbin/pbi_makerepo +/usr/local/sbin/pbi_metatool +/usr/local/sbin/pbi_patch /usr/local/sbin/pbi_pbid +/usr/local/sbin/pbi_update +/usr/local/sbin/pbi_update_hashdir /usr/local/sbin/pfsense-upgrade.sh +/usr/local/sbin/pfSense-upgrade-GUI.sh /usr/local/sbin/pftpx /usr/local/sbin/racoon /usr/local/sbin/racoon_watch.sh @@ -644,7 +671,6 @@ /usr/local/sbin/setkey /usr/local/sbin/slbd /usr/local/sbin/slbd.sh -/usr/local/sbin/syslog-ng /usr/local/share/aclocal /usr/local/share/dict /usr/local/share/doc @@ -710,10 +736,14 @@ /usr/local/share/locale/zh_TW.Big5 /usr/local/share/misc /usr/local/share/nls +/usr/local/share/pbi-keys +/usr/local/share/protocols /usr/local/share/sgml /usr/local/share/skel +/usr/local/share/strongswan/templates/config/plugins/smp.conf /usr/local/share/xml /usr/local/www/auto_complete_helper.js +/usr/local/www/carp_status.php /usr/local/www/classes/maintable.inc /usr/local/www/code-syntax-highlighter /usr/local/www/csrf/csrf-secret.php @@ -724,8 +754,16 @@ /usr/local/www/dfuife.css /usr/local/www/dfuife.js /usr/local/www/diag_dhcp_leases.php +/usr/local/www/diag_ipsec.php +/usr/local/www/diag_ipsec_leases.php +/usr/local/www/diag_ipsec_sad.php +/usr/local/www/diag_ipsec_spd.php +/usr/local/www/diag_logs.php /usr/local/www/diag_logs_auth.php /usr/local/www/diag_logs_dhcp.php +/usr/local/www/diag_logs_filter.php +/usr/local/www/diag_logs_filter_dynamic.php +/usr/local/www/diag_logs_filter_summary.php /usr/local/www/diag_logs_gateways.php /usr/local/www/diag_logs_ipsec.php /usr/local/www/diag_logs_ntpd.php @@ -734,9 +772,14 @@ /usr/local/www/diag_logs_relayd.php /usr/local/www/diag_logs_resolver.php /usr/local/www/diag_logs_routing.php +/usr/local/www/diag_logs_settings.php /usr/local/www/diag_logs_slbd.php +/usr/local/www/diag_logs_vpn.php /usr/local/www/diag_logs_wireless.php +/usr/local/www/diag_patterns.php +/usr/local/www/diag_pkglogs.php /usr/local/www/diag_showbogons.php +/usr/local/diag_system_pftop.php /usr/local/www/dom-drag.js /usr/local/www/draglist.js /usr/local/www/dtree.js @@ -748,11 +791,13 @@ /usr/local/www/firewall_nat_server_edit.php /usr/local/www/firewall_rules_schedule_logic.php /usr/local/www/firewall_shaper_edit.php +/usr/local/www/firewall_shaper_layer7.php /usr/local/www/firewall_shaper_queues_edit.php /usr/local/www/fred-bg.png /usr/local/www/fred.png /usr/local/www/green_dot.jpg /usr/local/www/gui.css +/usr/local/www/halt.php /usr/local/www/headjs.php /usr/local/www/ifstats.cgi /usr/local/www/includes/javascript.inc.php @@ -781,12 +826,14 @@ /usr/local/www/niftycssprintCode.css /usr/local/www/niftyjsCode.js /usr/local/www/pool.js +/usr/local/www/pkg_mgr_settings.php /usr/local/www/preload.php /usr/local/www/progress.php /usr/local/www/protochart /usr/local/www/protochart/ProtoChart.js /usr/local/www/protochart/excanvas-compressed.js /usr/local/www/protochart/excanvas.js +/usr/local/www/reboot.php /usr/local/www/row_helper.js /usr/local/www/row_helper_dynamic.js /usr/local/www/row_toggle.js @@ -799,10 +846,16 @@ /usr/local/www/services_proxyarp_edit.php /usr/local/www/services_usermanager.php /usr/local/www/shortcuts/pkg_upnp.inc +/usr/local/www/sortable/sortable.min.js /usr/local/www/status_slbd_pool.php /usr/local/www/status_slbd_vs.php /usr/local/www/system_advanced.php /usr/local/www/system_advanced_create_certs.php +/usr/local/www/system_firmware.php +/usr/local/www/system_firmware_auto.php +/usr/local/www/system_firmware_check.php +/usr/local/www/system_firmware_settings.php +/usr/local/www/system_firmware_restorefullbackup.php /usr/local/www/system_usermanager_addcert.php /usr/local/www/themes /usr/local/www/ticker.js @@ -823,6 +876,8 @@ /usr/local/www/vpn_openvpn_crl_edit.php /usr/local/www/vpn_openvpn_srv.php /usr/local/www/vpn_openvpn_srv_edit.php +/usr/local/www/vpn_pppoe.php +/usr/local/www/vpn_pppoe_edit.php /usr/local/www/vpn_pppoe_users.php /usr/local/www/vpn_pppoe_users_edit.php /usr/local/www/wizards/traffic_shaper_wizard.inc @@ -830,6 +885,7 @@ /usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc /usr/local/www/wizards/traffic_shaper_wizard_multi_lan.xml /usr/local/www/wlan_strong_key_generator +/usr/pbi /usr/sbin/arlcontrol /usr/sbin/audit /usr/sbin/auditd @@ -960,6 +1016,7 @@ /usr/share/zoneinfo/GMT /usr/share/zoneinfo.tgz /var/db/dhclient.leases.sis1 +/var/db/pbi /var/db/rrd/71 /var/db/rrd/index.html /var/dhcpd/lib/libc.so.6 diff --git a/src/etc/phpshellsessions/gitsync b/src/etc/phpshellsessions/gitsync index 25d1996..3aa072f 100644 --- a/src/etc/phpshellsessions/gitsync +++ b/src/etc/phpshellsessions/gitsync @@ -48,7 +48,7 @@ while (!empty($temp_args)) { switch ($arg) { case "--help": echo "Usage: playback gitsync [options] [[repository] <branch>]\nOptions:\n"; - foreach($valid_args as $arg_name => $arg_desc) { + foreach ($valid_args as $arg_name => $arg_desc) { echo $arg_name . "\n" . $arg_desc; } exit; @@ -307,27 +307,24 @@ exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && {$GIT_BIN} rev-parse -q --verif exec("mkdir -p /tmp/lighttpd/cache/compress/"); -// Nuke CVS and pfSense tarballs -exec("cd ${CODIR}/pfSenseGITREPO/pfSenseGITREPO && find . -name CVS -exec rm -rf {} \; 2>/dev/null"); -exec("cd ${CODIR}/pfSenseGITREPO/pfSenseGITREPO && find . -name pfSense.tgz -exec rm {} \; 2>/dev/null"); - // Remove files that we do not want to overwrite the system with -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/crontab 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/master.passwd 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/passwd 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/fstab 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/ttys 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/group 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/fstab 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/platform 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/boot/device.hints 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/boot/loader.conf 2>/dev/null"); -exec("rm ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/boot/loader.rc 2>/dev/null"); -exec("rm -rf ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/conf*"); -exec("rm -rf ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/cf 2>/dev/null"); -exec("rm -rf ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/root/.shrc"); -exec("rm -rf ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/root/.tcshrc"); -exec("rm -f ${CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/syslog.conf 2>/dev/null"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/crontab"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/master.passwd"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/passwd"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/fstab"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/ttys"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/group"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/fstab"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/platform"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/boot/device.hints"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/boot/loader.conf"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/boot/loader.rc"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/etc/syslog.conf"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/root/.shrc"); +@unlink("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/root/.tcshrc"); +exec("rm -rf {$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/conf*"); +exec("rm -rf {$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/cf 2>/dev/null"); +@chmod("{$CODIR}/pfSenseGITREPO/pfSenseGITREPO/src/tmp", 01777); echo "===> Installing new files...\n"; @@ -384,7 +381,7 @@ function post_cvssync_commands() { if (file_exists("/etc/rc.php_ini_setup")) { echo "===> Running /etc/rc.php_ini_setup..."; - exec("/etc/rc.php_ini_setup"); + exec("/etc/rc.php_ini_setup >/dev/null 2>&1"); echo "\n"; } diff --git a/src/etc/phpshellsessions/installpkg b/src/etc/phpshellsessions/installpkg index 1ac71bf..a0e74c6 100644 --- a/src/etc/phpshellsessions/installpkg +++ b/src/etc/phpshellsessions/installpkg @@ -10,27 +10,16 @@ if (is_array($command_split)) { $args = array_slice($argv, 2); } -$pkg_name = $args[0]; +$pkg_name = $args[1]; -echo "Installing package \"{$pkg_name}\"...\n"; +pkg_remove_prefix($pkg_name); -echo "Trying to fetch package info..."; -$pkg_info = get_pkg_info(); -if ($pkg_info) { - echo " Done.\n"; -} else { - echo "\n" . gettext(' >>> Unable to get pkg info.') . "\n"; - return; -} - -$static_output = ""; -$pkg_interface = "console"; +echo "Installing package \"{$pkg_name}\"... "; -if (empty($pkg_info[$pkg_name])) { - echo "\nPackage not found.\n"; - return; +if (mwexec("/usr/local/sbin/{$g['product_name']}-upgrade -y -i {$g['pkg_prefix']}{$pkg_name}") == 0) { + echo "Done.\n"; + return true; +} else { + echo "Failed.\n"; + return false; } - -install_package($pkg_name); - -echo "\nDone.\n"; diff --git a/src/etc/phpshellsessions/uninstallpkg b/src/etc/phpshellsessions/uninstallpkg index 9030e56..941a8af 100644 --- a/src/etc/phpshellsessions/uninstallpkg +++ b/src/etc/phpshellsessions/uninstallpkg @@ -10,25 +10,15 @@ if (is_array($command_split)) { $args = array_slice($argv, 2); } -$pkg_name = $args[0]; -$pkg_info = array(); +$pkg_name = $args[1]; +pkg_remove_prefix($pkg_name); -echo "Removing package \"{$pkg_name}\"...\n"; +echo "Removing package \"{$pkg_name}\"... "; -foreach ($config['installedpackages']['package'] as $package) { - if ($pkg_name == $package['name']) { - $pkg_info = $package; - } -} - -$static_output = ""; -$pkg_interface = "console"; - -if (empty($pkg_info)) { - echo "\nPackage not installed.\n"; - return; +if (mwexec("/usr/local/sbin/{$g['product_name']}-upgrade -y -r {$g['pkg_prefix']}{$pkg_name}") == 0) { + echo "Done.\n"; + return true; +} else { + echo "Failed.\n"; + return false; } - -uninstall_package($pkg_name); - -echo "\nDone.\n"; diff --git a/src/etc/printcap b/src/etc/printcap deleted file mode 100644 index e69de29..0000000 --- a/src/etc/printcap +++ /dev/null diff --git a/src/etc/protocols b/src/etc/protocols deleted file mode 100644 index 763cbcd..0000000 --- a/src/etc/protocols +++ /dev/null @@ -1,158 +0,0 @@ -# -# Internet protocols -# -# $FreeBSD: stable/10/etc/protocols 250453 2013-05-10 13:57:44Z eadler $ -# from: @(#)protocols 5.1 (Berkeley) 4/17/89 -# -# See also http://www.iana.org/assignments/protocol-numbers -# -ip 0 IP # internet protocol, pseudo protocol number -#hopopt 0 HOPOPT # hop-by-hop options for ipv6 -icmp 1 ICMP # internet control message protocol -igmp 2 IGMP # internet group management protocol -ggp 3 GGP # gateway-gateway protocol -ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') -st2 5 ST2 # ST2 datagram mode (RFC 1819) (officially ``ST'') -tcp 6 TCP # transmission control protocol -cbt 7 CBT # CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk> -egp 8 EGP # exterior gateway protocol -igp 9 IGP # any private interior gateway (Cisco: for IGRP) -bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring -nvp 11 NVP-II # Network Voice Protocol -pup 12 PUP # PARC universal packet protocol -argus 13 ARGUS # ARGUS -emcon 14 EMCON # EMCON -xnet 15 XNET # Cross Net Debugger -chaos 16 CHAOS # Chaos -udp 17 UDP # user datagram protocol -mux 18 MUX # Multiplexing protocol -dcn 19 DCN-MEAS # DCN Measurement Subsystems -hmp 20 HMP # host monitoring protocol -prm 21 PRM # packet radio measurement protocol -xns-idp 22 XNS-IDP # Xerox NS IDP -trunk-1 23 TRUNK-1 # Trunk-1 -trunk-2 24 TRUNK-2 # Trunk-2 -leaf-1 25 LEAF-1 # Leaf-1 -leaf-2 26 LEAF-2 # Leaf-2 -rdp 27 RDP # "reliable datagram" protocol -irtp 28 IRTP # Internet Reliable Transaction Protocol -iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4 -netblt 30 NETBLT # Bulk Data Transfer Protocol -mfe-nsp 31 MFE-NSP # MFE Network Services Protocol -merit-inp 32 MERIT-INP # MERIT Internodal Protocol -dccp 33 DCCP # Datagram Congestion Control Protocol -3pc 34 3PC # Third Party Connect Protocol -idpr 35 IDPR # Inter-Domain Policy Routing Protocol -xtp 36 XTP # Xpress Tranfer Protocol -ddp 37 DDP # Datagram Delivery Protocol -idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto -tp++ 39 TP++ # TP++ Transport Protocol -il 40 IL # IL Transport Protocol -ipv6 41 IPV6 # ipv6 -sdrp 42 SDRP # Source Demand Routing Protocol -ipv6-route 43 IPV6-ROUTE # routing header for ipv6 -ipv6-frag 44 IPV6-FRAG # fragment header for ipv6 -idrp 45 IDRP # Inter-Domain Routing Protocol -rsvp 46 RSVP # Resource ReSerVation Protocol -gre 47 GRE # Generic Routing Encapsulation -dsr 48 DSR # Dynamic Source Routing Protocol -bna 49 BNA # BNA -esp 50 ESP # encapsulating security payload -ah 51 AH # authentication header -i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA -swipe 53 SWIPE # IP with Encryption -narp 54 NARP # NBMA Address Resolution Protocol -mobile 55 MOBILE # IP Mobility -tlsp 56 TLSP # Transport Layer Security Protocol -skip 57 SKIP # SKIP -ipv6-icmp 58 IPV6-ICMP icmp6 # ICMP for IPv6 -ipv6-nonxt 59 IPV6-NONXT # no next header for ipv6 -ipv6-opts 60 IPV6-OPTS # destination options for ipv6 -# 61 # any host internal protocol -cftp 62 CFTP # CFTP -# 63 # any local network -sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK -kryptolan 65 KRYPTOLAN # Kryptolan -rvd 66 RVD # MIT Remote Virtual Disk Protocol -ippc 67 IPPC # Internet Pluribus Packet Core -# 68 # any distributed filesystem -sat-mon 69 SAT-MON # SATNET Monitoring -visa 70 VISA # VISA Protocol -ipcv 71 IPCV # Internet Packet Core Utility -cpnx 72 CPNX # Computer Protocol Network Executive -cphb 73 CPHB # Computer Protocol Heart Beat -wsn 74 WSN # Wang Span Network -pvp 75 PVP # Packet Video Protocol -br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring -sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary -wb-mon 78 WB-MON # WIDEBAND Monitoring -wb-expak 79 WB-EXPAK # WIDEBAND EXPAK -iso-ip 80 ISO-IP # ISO Internet Protocol -vmtp 81 VMTP # Versatile Message Transport -secure-vmtp 82 SECURE-VMTP # SECURE-VMTP -vines 83 VINES # VINES -ttp 84 TTP # TTP -#iptm 84 IPTM # Protocol Internet Protocol Traffic -nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP -dgp 86 DGP # Dissimilar Gateway Protocol -tcf 87 TCF # TCF -eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco) -ospf 89 OSPFIGP # Open Shortest Path First IGP -sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol -larp 91 LARP # Locus Address Resolution Protocol -mtp 92 MTP # Multicast Transport Protocol -ax.25 93 AX.25 # AX.25 Frames -ipip 94 IPIP # Yet Another IP encapsulation -micp 95 MICP # Mobile Internetworking Control Pro. -scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro. -etherip 97 ETHERIP # Ethernet-within-IP Encapsulation -encap 98 ENCAP # Yet Another IP encapsulation -# 99 # any private encryption scheme -gmtp 100 GMTP # GMTP -ifmp 101 IFMP # Ipsilon Flow Management Protocol -pnni 102 PNNI # PNNI over IP -pim 103 PIM # Protocol Independent Multicast -aris 104 ARIS # ARIS -scps 105 SCPS # SCPS -qnx 106 QNX # QNX -a/n 107 A/N # Active Networks -ipcomp 108 IPComp # IP Payload Compression Protocol -snp 109 SNP # Sitara Networks Protocol -compaq-peer 110 Compaq-Peer # Compaq Peer Protocol -ipx-in-ip 111 IPX-in-IP # IPX in IP -carp 112 CARP vrrp # Common Address Redundancy Protocol -pgm 113 PGM # PGM Reliable Transport Protocol -# 114 # any 0-hop protocol -l2tp 115 L2TP # Layer Two Tunneling Protocol -ddx 116 DDX # D-II Data Exchange -iatp 117 IATP # Interactive Agent Transfer Protocol -stp 118 STP # Schedule Transfer Protocol -srp 119 SRP # SpectraLink Radio Protocol -uti 120 UTI # UTI -smp 121 SMP # Simple Message Protocol -sm 122 SM # SM -ptp 123 PTP # Performance Transparency Protocol -isis 124 ISIS # ISIS over IPv4 -fire 125 FIRE -crtp 126 CRTP # Combat Radio Transport Protocol -crudp 127 CRUDP # Combat Radio User Datagram -sscopmce 128 SSCOPMCE -iplt 129 IPLT -sps 130 SPS # Secure Packet Shield -pipe 131 PIPE # Private IP Encapsulation within IP -sctp 132 SCTP # Stream Control Transmission Protocol -fc 133 FC # Fibre Channel -rsvp-e2e-ignore 134 RSVP-E2E-IGNORE # Aggregation of RSVP for IP reservations -mobility-header 135 Mobility-Header # Mobility Support in IPv6 -udplite 136 UDPLite # The UDP-Lite Protocol -mpls-in-ip 137 MPLS-IN-IP # Encapsulating MPLS in IP -manet 138 MANET # MANET Protocols (RFC5498) -hip 139 HIP # Host Identity Protocol (RFC5201) -shim6 140 SHIM6 # Shim6 Protocol (RFC5533) -wesp 141 WESP # Wrapped Encapsulating Security Payload (RFC5840) -rohc 142 ROHC # Robust Header Compression (RFC5858) -# 138-254 # Unassigned -pfsync 240 PFSYNC # PF Synchronization -# 253-254 # Use for experimentation and testing (RFC3692) -# 255 # Reserved -divert 258 DIVERT # Divert pseudo-protocol [non IANA] diff --git a/src/etc/pubkey.pem b/src/etc/pubkey.pem deleted file mode 100644 index 7dd575d..0000000 --- a/src/etc/pubkey.pem +++ /dev/null @@ -1 +0,0 @@ -ssh-dss AAAAB3NzaC1kc3MAAACBAN08c22jym3KCRUF8/rKNXgU/J0vv6UC9eCta/ATTNgeW/z2rp/HsjcPkMLx9dLaqufShC0VzsUbGlqCsdQT8jfwBiLG2pjUkX20qTStRG/rs9Tv0rS/8eVNT/DbQ6zL3PTdp+XAIq+KQLucqcBazTqSzyF7ghZ7OVmsX1/ixTP3AAAAFQCYcP378X/dQ08l6u8O5uvEtxbvEwAAAIEAyOOuWttXGrprzBhKrjhop58bZTOZp0J0IMHMwi/J+K3HUuPZnaltGoW21MjqSvVor4m22r/3b8aUIom+jp4I/bmpxTOUgO6owTlCVX614fGPWcCw2M017aghQ/vUa/92DaMLO//FYD8X2b7WgyPNrJh9ckZ14oncBleJUfXmue8AAACBAKw00/IkoMJzTumFfT9+Jb442O1KZvtGyj1YWpyYXf3xbQFGXND7m4rTIS2zPvTcOauCHbZwZ9uBxE4zTdlGJ4XirPEbWwOl1TU71bZ3OqonVesyqSC04LLiuLGlIHyXxyc/UCzg1UL8mCBlLzqmPUkJoL0ZINo8Raqip8WM63KM root@freebsd-nexus-computers.pfsense.org @@ -45,7 +45,7 @@ if [ -e /root/force_fsck ]; then /sbin/fsck -y -F -t ufs fi -if [ ! "${PLATFORM}" = "cdrom" ]; then +if [ "${PLATFORM}" != "cdrom" ]; then /sbin/fsck -p -F FSCK_ACTION_NEEDED=0 case $? in @@ -96,9 +96,35 @@ if [ ! "${PLATFORM}" = "cdrom" ]; then fi USE_MFS_TMPVAR=$(/usr/local/sbin/read_xml_tag.sh boolean system/use_mfs_tmpvar) + unset MOVE_PKG_DATA + if [ "$PLATFORM" = "${product}" ]; then + # If use MFS var is disabled, move files back to place + if [ "${USE_MFS_TMPVAR}" != "true" -a -f /root/var/db/pkg/local.sqlite ]; then + MOVE_PKG_DATA=1 + rm -rf /var/db/pkg 2>/dev/null + rm -rf /var/cache/pkg 2>/dev/null + mv /root/var/db/pkg /var/db + mv /root/var/cache/pkg /var/cache + # If use MFS var is enabled, move files to a safe place + elif [ "${USE_MFS_TMPVAR}" = "true" -a -f /var/db/pkg/local.sqlite ]; then + MOVE_PKG_DATA=1 + /bin/mkdir -p /root/var/db /root/var/cache + mv /var/db/pkg /root/var/db + mv /var/cache/pkg /root/var/cache + fi + elif [ "${PLATFORM}" = "nanobsd" ]; then + MOVE_PKG_DATA=1 + fi + if [ "${PLATFORM}" = "nanobsd" ] || [ "${USE_MFS_TMPVAR}" = "true" ]; then /etc/rc.embedded fi + + if [ -n "${MOVE_PKG_DATA}" -o "${USE_MFS_TMPVAR}" = "true" ]; then + /bin/mkdir -p /var/db /var/cache + ln -sf ../../root/var/db/pkg /var/db/pkg + ln -sf ../../root/var/cache/pkg /var/cache/pkg + fi fi /bin/rm -f /root/force_fsck @@ -165,28 +191,9 @@ echo /sbin/conscontrol mute off >/dev/null if [ "$PLATFORM" = "${product}" ]; then - # If use MFS var is disabled, move files back to place - if [ "${USE_MFS_TMPVAR}" != "true" -a -d /root/var/db/pkg ]; then - rm -rf /var/db/pkg 2>/dev/null - rm -rf /var/cache/pkg 2>/dev/null - mv /root/var/db/pkg /var/db - mv /root/var/cache/pkg /var/cache - # If use MFS var is enabled, move files to a safe place - elif [ "${USE_MFS_TMPVAR}" = "true" -a ! -d /root/var/db/pkg ]; then - /bin/mkdir -p /root/var/db /root/var/cache - mv /var/db/pkg /root/var/db - mv /var/cache/pkg /root/var/cache - ln -sf ../../root/var/db/pkg /var/db/pkg - ln -sf ../../root/var/cache/pkg /var/cache/pkg - fi - SWAPDEVICE=`/bin/cat /etc/fstab | /usr/bin/grep swap | /usr/bin/cut -f1` /sbin/swapon -a 2>/dev/null >/dev/null /etc/rc.savecore -elif [ "${PLATFORM}" = "nanobsd" ]; then - /bin/mkdir -p /var/db /var/cache - ln -sf ../../root/var/db/pkg /var/db/pkg - ln -sf ../../root/var/cache/pkg /var/cache/pkg fi if [ "$PLATFORM" = "cdrom" ] ; then @@ -217,6 +224,22 @@ fi # Cleanup configuration files from previous instance /bin/rm -rf /var/etc/* +# Workaround for ipsec symlinks, otherwise it's going to break +# strongswan pkg upgrade + +if [ -L /usr/local/etc/ipsec.d ]; then + rm -f /usr/local/etc/ipsec.d +fi +if [ -L /usr/local/etc/ipsec.conf ]; then + rm -f /usr/local/etc/ipsec.conf +fi +if [ -L /usr/local/etc/strongswan.d ]; then + rm -f /usr/local/etc/strongswan.d +fi +if [ -L /usr/local/etc/strongswan.conf ]; then + rm -f /usr/local/etc/strongswan.conf +fi + echo -n "Creating symlinks..." # Repair symlinks if they are broken if [ -f /etc/newsyslog.conf ]; then @@ -285,7 +308,6 @@ trap "echo 'Reboot interrupted'; exit 1" 3 echo -n "." DISABLESYSLOGCLOG=$(/usr/local/sbin/read_xml_tag.sh boolean system/disablesyslogclog) -ENABLEFIFOLOG=$(/usr/local/sbin/read_xml_tag.sh boolean system/usefifolog) LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing" DEFAULT_LOG_FILE_SIZE=$(/usr/local/sbin/read_xml_tag.sh string syslog/logfilesize) @@ -296,17 +318,12 @@ for logfile in $LOG_FILES; do /usr/bin/touch /var/log/$logfile.log else if [ ! -f /var/log/$logfile.log ]; then - if [ "$ENABLEFIFOLOG" = "true" ]; then - # generate fifolog files - /usr/sbin/fifolog_create -s ${DEFAULT_LOG_FILE_SIZE} /var/log/$logfile.log - else - /usr/local/sbin/clog -i -s ${DEFAULT_LOG_FILE_SIZE} /var/log/$logfile.log - fi + /usr/local/sbin/clog -i -s ${DEFAULT_LOG_FILE_SIZE} /var/log/$logfile.log fi fi done -# change permissions on newly created fifolog files. +# change permissions on newly created log files. /bin/chmod 0600 /var/log/*.log echo -n "." @@ -345,9 +362,9 @@ echo "done." /usr/local/sbin/${product}-upgrade -y -b 2 # Run the php.ini setup file and populate -# /usr/local/etc/php.ini and /usr/local/lib/php.ini +# /usr/local/etc/php.ini /etc/rc.php_ini_setup 2>/tmp/php_errors.txt -/usr/local/sbin/php-fpm -c /usr/local/lib/php.ini -y /usr/local/lib/php-fpm.conf -RD 2>&1 >/dev/null +/usr/local/sbin/php-fpm -c /usr/local/etc/php.ini -y /usr/local/lib/php-fpm.conf -RD 2>&1 >/dev/null # Launch external configuration loader for supported platforms if [ "$PLATFORM" = "nanobsd" ]; then diff --git a/src/etc/rc.banner b/src/etc/rc.banner index 5e64dae..8974a05 100755 --- a/src/etc/rc.banner +++ b/src/etc/rc.banner @@ -1,8 +1,6 @@ #!/usr/local/bin/php-cgi -f <?php /* - $Id$ - rc.banner part of pfSense Copyright (C) 2005 Scott Ullrich and Colin Smith diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index e4a83f1..b7c3afb 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -132,6 +132,18 @@ if (file_exists("/root/firmware.tgz")) { unlink("/root/firmware.tgz"); } +/* Reinstall of packages after reboot has been requested */ +if (file_exists('/conf/needs_package_sync_after_reboot')) { + touch('/conf/needs_package_sync'); + @unlink('/conf/needs_package_sync_after_reboot'); +} + +/* Triggering of the initial setup wizard after reboot has been requested */ +if (file_exists('/conf/trigger_initial_wizard_after_reboot')) { + touch('/conf/trigger_initial_wizard'); + @unlink('/conf/trigger_initial_wizard_after_reboot'); +} + /* start devd (dhclient now uses it) */ echo "Starting device manager (devd)..."; mute_kernel_msgs(); @@ -152,6 +164,10 @@ echo "done.\n"; /* run any early shell commands specified in config.xml */ system_do_shell_commands(1); +if (file_exists("/conf/trigger_initial_wizard")) { + check_for_alternate_interfaces(); +} + /* * Determine if we need to throw a interface exception * and ask the user to reassign interfaces. This will @@ -393,16 +409,14 @@ if (file_exists("/sbin/shutdown.old")) { } /* Resync / Reinstall packages if need be */ -if (file_exists('/conf/needs_package_sync')) { - if ($config['installedpackages'] <> '' && is_array($config['installedpackages']['package'])) { - require_once("pkg-utils.inc"); - if ($g['platform'] == $g['product_name'] || $g['platform'] == "nanobsd") { - mark_subsystem_dirty('packagelock'); - pkg_reinstall_all(); - clear_subsystem_dirty('packagelock'); - } +if (file_exists('/conf/needs_package_sync') && + ($g['platform'] == $g['product_name'] || $g['platform'] == "nanobsd")) { + require_once("pkg-utils.inc"); + mark_subsystem_dirty('packagelock'); + if (package_reinstall_all()) { + @unlink('/conf/needs_package_sync'); } - @unlink('/conf/needs_package_sync'); + clear_subsystem_dirty('packagelock'); } /* Give syslogd a kick after everything else has been initialized, otherwise it can occasionally diff --git a/src/etc/rc.captiveportal_configure b/src/etc/rc.captiveportal_configure index 45c26bf..586583d 100755 --- a/src/etc/rc.captiveportal_configure +++ b/src/etc/rc.captiveportal_configure @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.captiveportal_configure part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.carpbackup b/src/etc/rc.carpbackup index bf27a17..e74ea3c 100755 --- a/src/etc/rc.carpbackup +++ b/src/etc/rc.carpbackup @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.carpbackup part of pfSense (https://www.pfsense.org) @@ -51,10 +50,10 @@ $friendly_descr = convert_friendly_interface_to_friendly_descr($friendly); $vips = link_interface_to_vips($friendly, '', $vhid); $carp_iface = "{$friendly}_vip{$vhid}"; -if(is_array($vips)) { +if (is_array($vips)) { foreach ($vips as $vip) { $notificationmsg = sprintf('Carp cluster member "(%1$s): (%2$s)" has resumed the state "BACKUP" for vhid %3$s', $argument, $friendly_descr, $vhid); - + notify_via_smtp($notificationmsg); notify_via_growl($notificationmsg); log_error($notificationmsg); diff --git a/src/etc/rc.carpmaster b/src/etc/rc.carpmaster index 8413b04..79e8262 100755 --- a/src/etc/rc.carpmaster +++ b/src/etc/rc.carpmaster @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.carpmaster part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.conf_mount_ro b/src/etc/rc.conf_mount_ro index 6beb5e8..7e34f3d 100755 --- a/src/etc/rc.conf_mount_ro +++ b/src/etc/rc.conf_mount_ro @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.conf_mount_ro part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.conf_mount_rw b/src/etc/rc.conf_mount_rw index b153e36..f9ac2b9 100755 --- a/src/etc/rc.conf_mount_rw +++ b/src/etc/rc.conf_mount_rw @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.conf_mount_rw part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.create_full_backup b/src/etc/rc.create_full_backup deleted file mode 100755 index 048e68b..0000000 --- a/src/etc/rc.create_full_backup +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -FILENAME="pfSense-full-backup-`date "+%Y%m%d-%H%M"`.tgz" -echo ">>> Creating full backup to /root/$FILENAME" -tar czPf /root/$FILENAME \ - --exclude dev/* \ - --exclude tmp/* \ - --exclude var/db \ - --exclude var/run/* \ - --exclude root/* \ - --exclude var/empty/* \ - --exclude var/empty \ - --exclude var/etc \ - / - -echo ">>> Backup completed. Note: this backup includes config.xml!" -echo ">>> To restore this backup run this command:" -echo " /etc/rc.restore_full_backup /root/$FILENAME" diff --git a/src/etc/rc.dhclient_cron b/src/etc/rc.dhclient_cron index a38932d..06009b2 100755 --- a/src/etc/rc.dhclient_cron +++ b/src/etc/rc.dhclient_cron @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.dhclient_cron part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.dyndns.update b/src/etc/rc.dyndns.update index 543b5a0..f1f44a5 100755 --- a/src/etc/rc.dyndns.update +++ b/src/etc/rc.dyndns.update @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.dyndns.update part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.expireaccounts b/src/etc/rc.expireaccounts index 3befa17..8777eef 100755 --- a/src/etc/rc.expireaccounts +++ b/src/etc/rc.expireaccounts @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.expireaccounts part of pfSense diff --git a/src/etc/rc.filter_configure b/src/etc/rc.filter_configure index 2c996e9..2b159a9 100755 --- a/src/etc/rc.filter_configure +++ b/src/etc/rc.filter_configure @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.filter_configure part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.filter_configure_sync b/src/etc/rc.filter_configure_sync index 86ab309..7135bff 100755 --- a/src/etc/rc.filter_configure_sync +++ b/src/etc/rc.filter_configure_sync @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.filter_configure_sync part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.filter_synchronize b/src/etc/rc.filter_synchronize index b7148eb..4964f5c 100755 --- a/src/etc/rc.filter_synchronize +++ b/src/etc/rc.filter_synchronize @@ -359,9 +359,6 @@ if (is_array($config['hasync'])) { if ($hasync['synchronizetrafficshaperlimiter'] != "" and is_array($config['dnshaper'])) { $sections[] = 'dnshaper'; } - if ($hasync['synchronizetrafficshaperlayer7'] != "" and is_array($config['l7shaper'])) { - $sections[] = 'l7shaper'; - } if ($hasync['synchronizestaticroutes'] != "") { if (!is_array($config['staticroutes'])) { $config['staticroutes'] = array(); diff --git a/src/etc/rc.firmware b/src/etc/rc.firmware deleted file mode 100755 index e8d549f..0000000 --- a/src/etc/rc.firmware +++ /dev/null @@ -1,476 +0,0 @@ -#!/bin/sh - -# /etc/rc.firmware -# originally part of m0n0wall (http://neon1.net/m0n0wall) -# Copyright (C) 2005-2009 Scott Ullrich <sullrich@pfsense.org>. -# Copyright (C) 2003 Manuel Kasper <mk@neon1.net>. -# All rights reserved. - -# mount /cf -/etc/rc.conf_mount_rw - -# Reset file(s) -echo "" >/conf/upgrade_log.txt -echo "" >/conf/firmware_update_misc_log.txt -echo "" >/conf/fdisk_upgrade_log.txt - -exec 3>&2 2>>/conf/firmware_update_misc_log.txt - -export ACTION=$1 -export IMG=$2 -if [ $# -eq 3 ]; then - export CUSTOMIMG=$3 -fi - -file_notice() { - /usr/local/bin/php-cgi -q -d auto_prepend_file=config.inc <<ENDOFF - <?php - require_once("globals.inc"); - require_once("functions.inc"); - file_notice("$1", "$2", "$1", ""); - ?> -ENDOFF -} - -output_env_to_log() { - date >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - ls -lah /dev/ >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - ls -lah $IMG >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - md5 $IMG >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - mount >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - top >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt -} - -backup_chflags() { - TOPROCESS="bin lib libexec sbin usr" - for files in $TOPROCESS; do - /usr/sbin/mtree -Pcp /${files} | bzip2 -9 > /tmp/chflags.dist.${files}.bz2 2>> /conf/upgrade_log.txt - done -} - -restore_chflags() { - TOPROCESS="bin lib libexec sbin usr" - for files in $TOPROCESS; do - cd / && /usr/bin/bzcat /tmp/chflags.dist.${files}.bz2 | /usr/sbin/mtree -P -p /${files} >> /conf/upgrade_log.txt 2>&1 - done -} - -remove_chflags() { - TOPROCESS="bin lib libexec sbin usr" - for files in $TOPROCESS; do - /bin/chflags -R noschg /${files} - /bin/chmod -R u+rw /${files} - done -} - -case $ACTION in -enable) - touch /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - echo "Enable" >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - /etc/rc.conf_mount_ro - ;; -auto) - touch /var/run/firmwarelock.dirty - backup_chflags - remove_chflags - /etc/rc.firmware_auto - restore_chflags - /etc/rc.conf_mount_ro - ;; -pfSenseNanoBSDupgrade) - - # Sanity check - bail early if there's no firmware file! - if [ ! -r $IMG ]; then - echo "2nd parameter has not been passed or file does not exist. Exiting." >> /conf/upgrade_log.txt 2>&1 - /etc/rc.conf_mount_ro - exit 1 - fi - - # Prevent full upgrade file from being used to upgrade - if [ `echo $IMG | grep "full"` ]; then - echo "You cannot use a full file for upgrade. Please use a file labelled nanobsd upgrade." - file_notice "NanoBSDUpgradeFailure" "You have attempted to use a full NanoBSD installation file as an upgrade. Please use a NanoBSD file labelled 'upgrade' instead." - rm -f $IMG - /etc/rc.conf_mount_ro - exit 1 - fi - - touch /var/run/firmwarelock.dirty - - echo "NanoBSD Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1 - echo "NanoBSD Firmware upgrade in progress..." | wall - /etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade in progress..." - - # backup config - /bin/mkdir -p /tmp/configbak - cp -Rp /conf/* /tmp/configbak 2>/dev/null - - # Remove logs from backup dir to avoid clobbering upon restore. - rm /tmp/configbak/*_log.txt 2>/dev/null - - echo "" >> /conf/upgrade_log.txt - - echo "Installing ${IMG}." >> /conf/upgrade_log.txt 2>&1 - echo "Installing ${IMG}." | wall - - # resolve glabel label that we booted from - BOOT_DEVICE=`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1` - # resolve glabel to the real boot dev entry - REAL_BOOT_DEVICE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/${BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '` - # grab the boot device, example ad1, ad0 - BOOT_DRIVE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1` - # test the slice. if we are on slice 1 we need to flash 2 and vice versa - if [ `echo $REAL_BOOT_DEVICE | /usr/bin/grep "s1"` ]; then - SLICE="2" - OLDSLICE="1" - TOFLASH="${BOOT_DRIVE}s${SLICE}" - COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a" - GLABEL_SLICE="pfsense1" - UFS_ID="1" - OLD_UFS_ID="0" - else - SLICE="1" - OLDSLICE="2" - TOFLASH="${BOOT_DRIVE}s${SLICE}" - COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a" - GLABEL_SLICE="pfsense0" - UFS_ID="0" - OLD_UFS_ID="1" - fi - - # Output specific information that this script is using - echo "SLICE ${SLICE}" >> /conf/upgrade_log.txt - echo "OLDSLICE ${OLDSLICE}" >> /conf/upgrade_log.txt - echo "TOFLASH ${TOFLASH}" >> /conf/upgrade_log.txt - echo "COMPLETE_PATH ${COMPLETE_PATH}" >> /conf/upgrade_log.txt - echo "GLABEL_SLICE ${GLABEL_SLICE}" >> /conf/upgrade_log.txt - - # First ensure the new file can fit inside the - # slice that we are going to be operating on. - NEW_IMG_SIZE=`echo $((\`gzip -l ${IMG} | grep -v compressed | awk '{ print $2}'\` / 1024 / 1024))` - SIZE=`/sbin/fdisk ${COMPLETE_PATH} | /usr/bin/grep Meg | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d"(" -f2` - # USB slices are under-reported even more than CF slices when viewed - # directly, instead of when looking at the entire disk. Compensate - # by adding exactly 6MB. 4MB was consistently 2MB too few, and - # was resulting in failing upgrades on USB Flash based installs. - SIZE=`expr $SIZE + 6` - if [ "$SIZE" -lt "$NEW_IMG_SIZE" ]; then - file_notice "UpgradeFailure" "Upgrade failed due to the upgrade image being larger than the partition that is configured on disk. Halting. Size on disk: $SIZE < Size of new image: $NEW_IMG_SIZE" - echo "Upgrade failed. Please check the system log file for more information" | wall - rm -f $IMG - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - rm -f ${IMG} - /etc/rc.conf_mount_ro - exit 1 - fi - - # Output environment information to log file - output_env_to_log - - # Grab a before upgrade look at fdisk - echo "" >> /conf/fdisk_upgrade_log.txt - echo "Before upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt - fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt - echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt - echo "" >> /conf/fdisk_upgrade_log.txt - - # Log that we are really doing a NanoBSD upgrade - echo "" >> /conf/upgrade_log.txt - echo "NanoBSD upgrade starting" >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - # Remove TOFLASH and get ready for new flash image - echo "" >> /conf/upgrade_log.txt - echo "dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1" >> /conf/upgrade_log.txt - dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1 >> /conf/upgrade_log.txt 2>&1 - - # Stream gzipped image to dd and explode image to new area - echo "" >> /conf/upgrade_log.txt - echo "/usr/bin/gzip -dc $IMG | /bin/dd of=/dev/${TOFLASH} obs=64k" >> /conf/upgrade_log.txt - /usr/bin/gzip -dc $IMG | /bin/dd of=/dev/${TOFLASH} obs=64k >> /conf/upgrade_log.txt 2>&1 - - # Grab an after upgrade look at fdisk - echo "" >> /conf/fdisk_upgrade_log.txt - echo "After upgrade fdisk/bsdlabel" >> /conf/upgrade_log.txt - fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt - echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt - echo "" >> /conf/fdisk_upgrade_log.txt - - # Ensure that our new system is sound and bail if it is not and file a notice - echo "" >> /conf/upgrade_log.txt - echo "/sbin/fsck_ufs -y /dev/${COMPLETE_PATH}" >> /conf/upgrade_log.txt - /sbin/fsck_ufs -y /dev/${COMPLETE_PATH} >> /conf/upgrade_log.txt 2>&1 - if [ $? != 0 ]; then - file_notice "UpgradeFailure" "{\$g['product_name']} upgrade has failed. Your system has been left in a usable state." - rm -f $IMG - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - /etc/rc.conf_mount_ro - exit 1 - fi - - # Enable foot shooting - sysctl kern.geom.debugflags=16 - - # Add back the corresponding glabel - echo "" >> /conf/upgrade_log.txt - echo "/sbin/tunefs -L ${GLABEL_SLICE} /dev/${COMPLETE_PATH}" >> /conf/upgrade_log.txt - /sbin/tunefs -L ${GLABEL_SLICE} /dev/${COMPLETE_PATH} >> /conf/upgrade_log.txt 2>&1 - - # restore config - cp -Rp /tmp/configbak/* /conf 2>/dev/null - - # Remove upgrade file - rm -f $IMG - - # Mount newly prepared slice - mkdir /tmp/$GLABEL_SLICE - mount /dev/ufs/$GLABEL_SLICE /tmp/$GLABEL_SLICE - - # If /boot/loader.conf.local exists - # copy to the other slice. - if [ -f /boot/loader.conf.local ]; then - cp /boot/loader.conf.local /tmp/$GLABEL_SLICE/boot/loader.conf.local - fi - - # If /tmp/$GLABEL_SLICE/usr/local/share/pfSense/post_upgrade_command exists - # after update then execute the command. - echo "Checking for post_upgrade_command..." >> /conf/upgrade_log.txt - if [ -f /tmp/$GLABEL_SLICE/usr/local/share/pfSense/post_upgrade_command ]; then - echo "Found post_upgrade_command, executing ($GLABEL_SLICE)..." >> /conf/upgrade_log.txt - sh /tmp/$GLABEL_SLICE/usr/local/share/pfSense/post_upgrade_command $GLABEL_SLICE >> /conf/upgrade_log.txt 2>&1 - fi - - # Update fstab - cp /etc/fstab /tmp/$GLABEL_SLICE/etc/fstab - sed -i "" "s/pfsense${OLD_UFS_ID}/pfsense${UFS_ID}/g" /tmp/$GLABEL_SLICE/etc/fstab - if [ $? != 0 ]; then - echo "Something went wrong when trying to update the fstab entry. Aborting upgrade." - file_notice "UpgradeFailure" "Something went wrong when trying to update the fstab entry. Aborting upgrade." - rm -f $IMG - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - umount /tmp/$GLABEL_SLICE - /etc/rc.conf_mount_ro - exit 1 - fi - echo "" >> /conf/upgrade_log.txt - cat /tmp/$GLABEL_SLICE/etc/fstab >> /conf/upgrade_log.txt - - echo "" >> /conf/upgrade_log.txt - find /tmp/$GLABEL_SLICE >/conf/file_upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - # Unmount newly prepared slice - umount /tmp/$GLABEL_SLICE - - sync - - # Set active mount slice in fdisk - echo "" >> /conf/upgrade_log.txt - echo "gpart set -a active -i ${SLICE} ${BOOT_DRIVE}" >> /conf/upgrade_log.txt - gpart set -a active -i ${SLICE} ${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1 - - sync - - # Set active boot source - NanoBSD does not do this but otherwise we - # end up with the wrong partition being active. - echo "" >> /conf/upgrade_log.txt - echo "/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE}" >> /conf/upgrade_log.txt - /usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1 - - # Disable foot shooting - sysctl kern.geom.debugflags=0 - - # Grab a final look at fdisk - echo "" >> /conf/fdisk_upgrade_log.txt - echo "Final upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt - fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt - bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt - echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt - echo "" >> /conf/fdisk_upgrade_log.txt - - # Remove extra stuff - rm -rf /usr/savecore/* - - date >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - # Trigger a package reinstallation on reboot - touch /conf/needs_package_sync - - # remount /cf ro - /etc/rc.conf_mount_ro - /bin/sync - - echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1 - echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." | wall - /etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." - - sleep 10 - - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - . /etc/rc.reboot - - ;; -pfSenseupgrade) - - # Sanity check - bail early if there's no firmware file! - if [ ! -r $IMG ]; then - echo "2nd parameter has not been passed or file does not exist. Exiting." >> /conf/upgrade_log.txt 2>&1 - /etc/rc.conf_mount_ro - exit - fi - - # wait 1 second before beginning - sleep 1 - - # Log that we are really doing a pfSense upgrade - echo "" >> /conf/upgrade_log.txt - echo "pfSenseupgrade upgrade starting" >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - touch /var/run/firmwarelock.dirty - - if [ -f /tmp/perform_full_backup.txt ]; then - echo "Performing full backup" >> /conf/upgrade_log.txt - /etc/rc.create_full_backup - rm /tmp/perform_full_backup.txt - fi - - touch /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - # Output environment information to log file - output_env_to_log - - backup_chflags - remove_chflags - - # Do we have a pre-upgrade hook in the update file? - if [ `tar tvzf $IMG | grep /usr/local/share/pfSense/pre_upgrade_command | wc -l` -gt 0 ]; then - tar xzvf $IMG -C / ./usr/local/share/pfSense/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 - chmod a+rx /usr/local/share/pfSense/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 - sh /usr/local/share/pfSense/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1 - fi - - echo "Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1 - echo "Firmware upgrade in progress..." | wall - /etc/rc.notify_message -e -g -m "Firmware upgrade in progress..." - - # backup config - [ -d /tmp/configbak ] && rm -rf /tmp/configbak - /bin/mkdir -p /tmp/configbak - cp -Rp /conf/* /tmp/configbak 2>/dev/null - - # Remove logs from backup dir to avoid clobbering upon restore. - rm /tmp/configbak/*_log.txt 2>/dev/null - - # tar explode image onto hd - killall -9 check_reload_status - killall -9 check_reload_status - echo "Installing $IMG." >> /conf/upgrade_log.txt 2>&1 - cd / && /usr/bin/tar --exclude=./dev -xzUPf $IMG >> /conf/upgrade_log.txt 2>&1 - /usr/local/sbin/check_reload_status - echo "Image installed $IMG." >> /conf/upgrade_log.txt 2>&1 - - # process custom image if its passed - if [ $# -eq 3 ]; then - if [ -f $CUSTOMIMG ]; then - echo "Custom image $CUSTOMIMG found." >> /conf/upgrade_log.txt 2>&1 - echo "Custom image ($CUSTOMIMG) found." >> /conf/upgrade_log.txt 2>&1 - PWD_DIR=`pwd` - cd / && /usr/bin/tar xzPUf $CUSTOMIMG >> /conf/upgrade_log.txt 2>&1 - cd $PWD_DIR - echo "Custom image $CUSTOMIMG installed." >> /conf/upgrade_log.txt 2>&1 - fi - fi - - # restore config - cp -Rp /tmp/configbak/* /conf 2>/dev/null - - # restore /etc symlinks - rm /etc/hosts - ln -s /var/etc/hosts /etc/hosts - - restore_chflags - - # Remove upgrade file - rm -f $IMG - - if [ -e /etc/init_bootloader.sh ]; then - if [ ! -x /etc/init_bootloader.sh ]; then - chmod ug+x /etc/init_bootloader.sh - fi - /etc/init_bootloader.sh >> /conf/upgrade_log.txt 2>&1 - fi - - # Remove saved commit ID for gitsync - rm -f /etc/version.gitsync - - # If /usr/local/share/pfSense/post_upgrade_command exists after update - # then execute the command. - if [ -f /usr/local/share/pfSense/post_upgrade_command ]; then - if [ ! -x /usr/local/share/pfSense/post_upgrade_command ]; then - chmod ug+x /usr/local/share/pfSense/post_upgrade_command - fi - /usr/local/share/pfSense/post_upgrade_command >> /conf/upgrade_log.txt 2>&1 - fi - - # remove unused files - rm -rf /etc/rc.conf - rm -rf /usr/savecore/* - - date >> /conf/upgrade_log.txt - echo "" >> /conf/upgrade_log.txt - - # remount /cf ro - /etc/rc.conf_mount_ro - - # release the firmware lock - rm -f /var/run/firmwarelock.dirty - rm -f /var/run/firmware.lock - /bin/sync - - echo "Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1 - echo "Firmware upgrade is complete. Rebooting in 10 seconds." | wall - /etc/rc.notify_message -e -g -m "Firmware upgrade is complete. Rebooting in 10 seconds." - - # Sleep and allow disks to catch up - sleep 10 - - # If the archive has unpacked a file called - # /tmp/no_upgrade_reboot_required then do - # not reboot after upgrade. - if [ -f /tmp/no_upgrade_reboot_required ]; then - rm /tmp/no_upgrade_reboot_required - else - . /etc/rc.reboot - fi - - ;; -esac - diff --git a/src/etc/rc.firmware_auto b/src/etc/rc.firmware_auto deleted file mode 100755 index 47ad8c9..0000000 --- a/src/etc/rc.firmware_auto +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh - -# /etc/rc.firmware_auto -# Copyright (C) 2005-2015 Electric Sheep Fencing LLC -# Part of pfSense - -# $Id$ - -FMBASEURL=$1 -FMFILENAME=$2 -FETCHFILENAME=$1/$2 - -# Read product_name from $g, defaults to pfSense -product=$(/usr/local/sbin/read_global_var product_name pfSense) - -# wait 5 seconds before beginning -sleep 5 - -logger -p daemon.info -i -t AutoUpgrade "Auto Upgrade started" - -HTTP_AUTH="" - -# if username and password is passed, let fetch utilize. -if [ $# -gt 3 ]; then -HTTP_AUTH="basic:*:$3:$4" -fi - -if [ $# -gt 1 ]; then - echo "Downloading $FMFILENAME from $FMBASEURL ..." | logger -p daemon.info -i -t AutoUpgrade - /usr/bin/fetch -o /tmp/latest.tgz $FETCHFILENAME | logger -p daemon.info -i -t AutoUpgrade - echo "Downloading $FMFILENAME.sha256 from $FMBASEURL ..." | logger -p daemon.info -i -t AutoUpgrade - /usr/bin/fetch -o /tmp/latest.tgz.sha256 $FETCHFILENAME.sha256 | logger -p daemon.info -i -t AutoUpgrade -fi - -DLHASH=`/bin/cat /tmp/latest.tgz.sha256 | cut -d" " -f4 ` -FILEHASH=`/sbin/sha256 /tmp/latest.tgz | cut -d" " -f4` - -PLATFORM=`cat /etc/platform` - -echo " Package sha256: ${DLHASH}" | logger -p daemon.info -i -t AutoUpgrade -echo "Downloaded sha256: ${FILEHASH}" | logger -p daemon.info -i -t AutoUpgrade - -if [ "$DLHASH" = "" ]; then - echo "Downloaded sha256 is null. Require proxy auth?" | logger -p daemon.info -i -t AutoUpgrade - exit 1 -fi - -if [ "$FILEHASH" = "" ]; then - echo "Downloaded file's sha256 is null." | logger -p daemon.info -i -t AutoUpgrade - exit 1 -fi - -if [ "$DLHASH" = "$FILEHASH" ]; then - echo "sha256 hashes match." | logger -p daemon.info -i -t AutoUpgrade - echo "Beginning ${product} upgrade." | wall - if [ "$PLATFORM" = "nanobsd" ]; then - /usr/local/bin/php-cgi /etc/rc.conf_mount_rw - fi - if [ -r "/tmp/custom.tgz" ]; then - sh /etc/rc.firmware ${product}upgrade /tmp/latest.tgz /tmp/custom.tgz - else - if [ "$PLATFORM" = "nanobsd" ]; then - sh /etc/rc.firmware ${product}NanoBSDupgrade /tmp/latest.tgz - else - sh /etc/rc.firmware ${product}upgrade /tmp/latest.tgz - fi - fi - exit 0 -fi - -echo "sha256 hashes do not match. Upgrade aborted." | logger -p daemon.info -i -t AutoUpgrade -rm /tmp/latest* -exit 1 diff --git a/src/etc/rc.gateway_alarm b/src/etc/rc.gateway_alarm new file mode 100755 index 0000000..a1afb65 --- /dev/null +++ b/src/etc/rc.gateway_alarm @@ -0,0 +1,63 @@ +#!/bin/sh +# +# rc.gateway_alarm +# +# Copyright (c) 2015 Electric Sheep Fencing, LLC. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgment: +# "This product includes software developed by the pfSense Project +# for use in the pfSense® software distribution. (http://www.pfsense.org/). +# +# 4. The names "pfSense" and "pfSense Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# coreteam@pfsense.org. +# +# 5. Products derived from this software may not be called "pfSense" +# nor may "pfSense" appear in their names without prior written +# permission of the Electric Sheep Fencing, LLC. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# +# "This product includes software developed by the pfSense Project +# for use in the pfSense software distribution (http://www.pfsense.org/). +# +# THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. + +GW="$1" + +if [ -z "$GW" ]; then + exit 1 +fi + +/usr/local/sbin/pfSctl \ + -c "service reload dyndns ${GW}" \ + -c "service reload ipsecdns" \ + -c "service reload openvpn ${GW}" \ + -c "filter reload" >/dev/null 2>&1 + +exit $? diff --git a/src/etc/rc.halt b/src/etc/rc.halt index fd6318b..94a676f 100755 --- a/src/etc/rc.halt +++ b/src/etc/rc.halt @@ -1,6 +1,6 @@ #!/bin/sh -# $Id$ +# /etc/rc.halt if ! /usr/bin/lockf -s -t 30 /tmp/config.lock /usr/bin/true; then echo "Cannot halt at this moment, a config write operation is in progress and 30 seconds have passed." diff --git a/src/etc/rc.initial b/src/etc/rc.initial index 3d20ff1..ae78375 100755 --- a/src/etc/rc.initial +++ b/src/etc/rc.initial @@ -28,6 +28,18 @@ if [ -f /etc/rc.local ]; then fi fi +# Parse command line parameters +while [ $# -gt 0 ]; do + case $1 in + -c ) shift + /bin/sh -c $1 + exit + ;; + * ) + esac + shift +done + CONFIG="/cf/conf/config.xml" WORD="https" @@ -71,7 +83,7 @@ echo " 0) Logout (SSH only) 9) pfTop" echo " 1) Assign Interfaces 10) Filter Logs" echo " 2) Set interface(s) IP address 11) Restart webConfigurator" echo " 3) Reset webConfigurator password 12) ${product} Developer Shell" -echo " 4) Reset to factory defaults 13) Upgrade from console" +echo " 4) Reset to factory defaults 13) Update from console" echo " 5) Reboot system ${sshd_option}" echo " 6) Halt system 15) Restore recent configuration" echo " 7) Ping host 16) Restart PHP-FPM" diff --git a/src/etc/rc.initial.defaults b/src/etc/rc.initial.defaults index 6901dae..c80a18d 100755 --- a/src/etc/rc.initial.defaults +++ b/src/etc/rc.initial.defaults @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.initial.defaults part of m0n0wall (http://m0n0.ch/wall) @@ -37,24 +36,13 @@ $fp = fopen('php://stdin', 'r'); - echo <<<EOD - -You are about to reset the firewall to factory defaults. -The firewall will reboot after resetting the configuration. - -Do you want to proceed [y|n]? -EOD; + echo "\n" . gettext("You are about to reset the firewall to factory defaults."); + echo "\n" . gettext("The firewall will reboot after resetting the configuration."); + echo "\n" . gettext("Do you want to proceed [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - reset_factory_defaults(); - - echo <<<EOD - -{$g['product_name']} is rebooting now. - -EOD; - + echo "\n" . sprintf(gettext("%s is rebooting now."), $g['product_name']) . "\n"; system_reboot_sync(); } diff --git a/src/etc/rc.initial.firmware_update b/src/etc/rc.initial.firmware_update deleted file mode 100755 index 143dbbd..0000000 --- a/src/etc/rc.initial.firmware_update +++ /dev/null @@ -1,190 +0,0 @@ -#!/usr/local/bin/php-cgi -f - -<?php - -require("globals.inc"); -require("config.inc"); -require("functions.inc"); - -echo "Starting the {$g['product_name']} console firmware update system"; - -require("functions.inc"); -echo "."; - -if (isset($config['system']['firmware']['alturl']['enable'])) { - $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; -} else { - $updater_url = $g['update_url']; -} - -$nanosize = ""; -if ($g['platform'] == "nanobsd") { - if (!isset($g['enableserial_force'])) { - $nanosize = "-nanobsd-vga-"; - } else { - $nanosize = "-nanobsd-"; - } - - $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); - $update_filename = "latest{$nanosize}.img.gz"; -} else { - $update_filename = "latest.tgz"; -} -$autoupdateurl = "{$updater_url}/{$update_filename}"; - -$fp = fopen('php://stdin', 'r'); - -echo ".\n\n"; - -$shell_active = true; - -echo "1) Update from a URL\n"; -echo "2) Update from a local file\n"; -echo "Q) Quit\n"; - -echo "\nPlease select an option to continue: "; - -$pkg_interface = 'console'; -$command = strtoupper(chop(fgets($fp))); - -switch ($command) { - case "q": - case "quit": - echo "\n"; - fclose($fp); - die; - break; - case "1": - echo "\nEnter the URL to the .tgz or .img.gz update file. \nType 'auto' to use {$autoupdateurl}\n> "; - $url = chop(fgets($fp)); - if (!$url) { - fclose($fp); - die; - } - if ($url == "auto") { - $url = $autoupdateurl; - } - $status = does_url_exist($url); - if ($status) { - conf_mount_rw(); - mark_subsystem_dirty('firmware'); - unlink_if_exists("/root/firmware.tgz"); - echo "\nFetching file... "; - download_file_with_progress_bar($url, '/root/firmware.tgz'); - if (!file_exists("/root/firmware.tgz")) { - echo "Something went wrong during file transfer. Exiting.\n\n"; - fclose($fp); - clear_subsystem_dirty('firmware'); - die; - } - $status = does_url_exist("$url.sha256"); - if ($status) { - echo "\nFetching sha256... "; - download_file_with_progress_bar($url . ".sha256", '/root/firmware.tgz.sha256'); - echo "\n"; - } else { - echo "\n\nWARNING.\n"; - echo "\nCould not locate a sha256 file. We cannot verify the download once completed.\n\n"; - echo "Do you still want to proceed with the upgrade [n]? "; - $answer = strtoupper(chop(fgets($fp))); - if ($answer == "Y" or $answer == "YES") { - echo "\nContinuing upgrade..."; - } else { - echo "\nUpgrade cancelled.\n\n"; - die; - } - } - if (file_exists("/root/firmware.tgz.sha256")) { - $source_sha256 = trim(`cat /root/firmware.tgz.sha256 | awk '{ print \$4 }'`, "\r"); - $file_sha256 = trim(`sha256 /root/firmware.tgz | awk '{ print \$4 }'`, "\r"); - echo "URL sha256: $source_sha256\n"; - echo "Downloaded file sha256: $file_sha256\n"; - if ($source_sha256 <> $file_sha256) { - echo "\n\nsha256 checksum does not match. Cancelling upgrade.\n\n"; - unlink_if_exists("/root/firmware.tgz.sha256"); - fclose($fp); - clear_subsystem_dirty('firmware'); - die -1; - } - echo "\nsha256 checksum matches.\n"; - unlink_if_exists("/root/firmware.tgz.sha256"); - } - if (strstr($url, "nanobsd")) { - echo "NanoBSD upgrade file detected...\n"; - $type = "nanobsd"; - } else { - $type = "normal"; - } - do_upgrade("/root/firmware.tgz", $type); - clear_subsystem_dirty('firmware'); - exit; - } - case "2": - echo "\nEnter the complete path to the .tgz or .img.gz update file: "; - $path = chop(fgets($fp)); - if (!$path) { - fclose($fp); - die; - } - if (stristr($path, "nanobsd")) { - $type = "nanobsd"; - } - if (file_exists($path)) { - mark_subsystem_dirty('firmware'); - do_upgrade($path, $type); - clear_subsystem_dirty('firmware'); - } else { - echo "\nCould not find file.\n\n"; - fclose($fp); - die -1; - } -} - -function do_upgrade($path, $type) { - global $g, $fp; - - $sigchk = verify_digital_signature($path); - if ($sigchk == 1) { - $sig_warning = "The digital signature on this image is invalid."; - } elseif ($sigchk == 2) { - $sig_warning = "This image is not digitally signed."; - } elseif (($sigchk == 3) || ($sigchk == 4)) { - $sig_warning = "There has been an error verifying the signature on this image."; - } - if ($sig_warning) { - $sig_warning = "\nWARNING! ACHTUNG! DANGER!\n\n{$sig_warning}\n\n" . - "This means that the image you uploaded is not an official/supported image and\n" . - "may lead to unexpected behavior or security compromises.\n\n" . - "Only install images that come from sources that you trust, and make sure\n". - "that the image has not been tampered with.\n\n". - "Do you want to install this image anyway at your own risk [n]?"; - echo $sig_warning; - $command = strtoupper(chop(fgets($fp))); - if (strtoupper($command) == "Y" or strtoupper($command) == "Y" or strtoupper($command) == "YES") { - echo "\nContinuing upgrade..."; - } else { - echo "\nUpgrade cancelled.\n\n"; - die; - } - } - mark_subsystem_dirty('firmwarelock'); - echo "\nOne moment please...\nInvoking firmware upgrade..."; - if ($type == "nanobsd") { - mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade $path"); - } else { - mwexec_bg("/etc/rc.firmware pfSenseupgrade $path"); - } - sleep(10); - while (is_subsystem_dirty('firmwarelock')) { - sleep(1); - echo "."; - } - sleep(10); - echo "Done. Rebooting...\n\n"; - clear_subsystem_dirty('firmwarelock'); -} - -exec("rm -f /root/*.sha256"); -fclose($fp); - -?> diff --git a/src/etc/rc.initial.halt b/src/etc/rc.initial.halt index 9ff189b..27377b5 100755 --- a/src/etc/rc.initial.halt +++ b/src/etc/rc.initial.halt @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.initial.halt part of pfSense (www.pfSense.com) @@ -38,21 +37,11 @@ $fp = fopen('php://stdin', 'r'); - echo <<<EOD - -{$g['product_name']} will shutdown and halt system. This may take a few minutes, depending on your hardware. - -Do you want to proceed [y|n]? -EOD; + echo "\n" . sprintf(gettext("%s will shutdown and halt system. This may take a few minutes, depending on your hardware."), $g['product_name']) . "\n"; + echo gettext("Do you want to proceed [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - - echo <<<EOD - -{$g['product_name']} will shutdown and halt system now. - -EOD; - + echo "\n" . sprintf(gettext("%s will shutdown and halt system now."), $g['product_name']) . "\n"; system_halt(); } diff --git a/src/etc/rc.initial.password b/src/etc/rc.initial.password index b5e01ed..969745b 100755 --- a/src/etc/rc.initial.password +++ b/src/etc/rc.initial.password @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.initial.password part of m0n0wall (http://m0n0.ch/wall) @@ -41,14 +40,14 @@ echo "\n" . gettext(' The webConfigurator admin password and privileges will be reset to the default (which is "' . strtolower($g['product_name']) . '").') . "\n" . - gettext('Do you want to proceed [y|n]?'); + gettext('Do you want to proceed [y|n]?') . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { if (isset($config['system']['webgui']['authmode']) && - $config['system']['webgui']['authmode'] != "Local Database") { + $config['system']['webgui']['authmode'] != "Local Database") { echo "\n" . gettext(' The User manager authentication server is set to "' . $config['system']['webgui']['authmode'] . '".') . "\n" . - gettext('Do you want to set it back to Local Database [y|n]?'); + gettext('Do you want to set it back to Local Database [y|n]?') . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { $config['system']['webgui']['authmode'] = "Local Database"; } @@ -77,7 +76,7 @@ The User manager authentication server is set to "' . $config['system']['webgui' write_config(gettext("password changed from console menu")); echo "\n" . gettext(' -The password for the webConfigurator has been reset and +The password for the webConfigurator has been reset and the default username has been set to "admin".') . "\n" . gettext(' Remember to set the password to something else than diff --git a/src/etc/rc.initial.ping b/src/etc/rc.initial.ping index 055d556..6a553e7 100755 --- a/src/etc/rc.initial.ping +++ b/src/etc/rc.initial.ping @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.initial.ping part of m0n0wall (http://m0n0.ch/wall) diff --git a/src/etc/rc.initial.reboot b/src/etc/rc.initial.reboot index 38f9e3b..fdcc480 100755 --- a/src/etc/rc.initial.reboot +++ b/src/etc/rc.initial.reboot @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.initial.reboot part of m0n0wall (http://m0n0.ch/wall) @@ -38,21 +37,11 @@ $fp = fopen('php://stdin', 'r'); - echo <<<EOD - -{$g['product_name']} will reboot. This may take a few minutes, depending on your hardware. - -Do you want to proceed [y|n]? -EOD; + echo "\n" . sprintf(gettext("%s will reboot. This may take a few minutes, depending on your hardware."), $g['product_name']) . "\n"; + echo gettext("Do you want to proceed [y|n]?") . " "; if (strcasecmp(chop(fgets($fp)), "y") == 0) { - - echo <<<EOD - -{$g['product_name']} is rebooting now. - -EOD; - + echo "\n" . sprintf(gettext("%s is rebooting now."), $g['product_name']) . "\n"; system_reboot_sync(); } diff --git a/src/etc/rc.initial.setlanip b/src/etc/rc.initial.setlanip index e33a05a..4f51ca9 100755 --- a/src/etc/rc.initial.setlanip +++ b/src/etc/rc.initial.setlanip @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -q <?php -/* $Id$ */ /* rc.initial.setlanip part of m0n0wall (http://m0n0.ch/wall) diff --git a/src/etc/rc.initial.setports b/src/etc/rc.initial.setports index 147912f..e70547d 100755 --- a/src/etc/rc.initial.setports +++ b/src/etc/rc.initial.setports @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.initial.setports part of m0n0wall (http://m0n0.ch/wall) diff --git a/src/etc/rc.initial.store_config_to_removable_device b/src/etc/rc.initial.store_config_to_removable_device index a40df6f..a7814c1 100755 --- a/src/etc/rc.initial.store_config_to_removable_device +++ b/src/etc/rc.initial.store_config_to_removable_device @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.initial.store_config_to_removable_device part of m0n0wall (http://m0n0.ch/wall) diff --git a/src/etc/rc.interfaces_carp_configure b/src/etc/rc.interfaces_carp_configure index 33a0b38..62131c8 100755 --- a/src/etc/rc.interfaces_carp_configure +++ b/src/etc/rc.interfaces_carp_configure @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.interfaces_carp_configure part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.interfaces_lan_configure b/src/etc/rc.interfaces_lan_configure index 2924cf9..8cfcbe8 100755 --- a/src/etc/rc.interfaces_lan_configure +++ b/src/etc/rc.interfaces_lan_configure @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.interfaces_lan_configure part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.interfaces_opt_configure b/src/etc/rc.interfaces_opt_configure index c00877a..74bcaa9 100755 --- a/src/etc/rc.interfaces_opt_configure +++ b/src/etc/rc.interfaces_opt_configure @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.interfaces_opt_configure part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.interfaces_wan_configure b/src/etc/rc.interfaces_wan_configure index 9b064d0..fbb7e55 100755 --- a/src/etc/rc.interfaces_wan_configure +++ b/src/etc/rc.interfaces_wan_configure @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.interfaces_wan_configure part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.kill_states b/src/etc/rc.kill_states index 715c860..571cc90 100755 --- a/src/etc/rc.kill_states +++ b/src/etc/rc.kill_states @@ -1,31 +1,54 @@ #!/usr/local/bin/php-cgi -f <?php /* - rc.kill_states - Copyright (C) 2013 Renato Botelho (garga@pfsense.org) - part of pfSense (https://www.pfsense.org) - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + * rc.kill_states + * + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense® software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ /* parse the configuration and include all functions used below */ require_once("globals.inc"); diff --git a/src/etc/rc.newroutedns b/src/etc/rc.newroutedns index de3a081..31d0ace 100755 --- a/src/etc/rc.newroutedns +++ b/src/etc/rc.newroutedns @@ -1,31 +1,54 @@ #!/usr/local/bin/php-cgi -f <?php /* - rc.newroutedns - Copyright (C) 2013 Renato Botelho <garga@pfsense.org>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + * rc.newroutedns + * + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense® software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ /* parse the configuration and include all functions used below */ require_once("util.inc"); diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip index ea44b81..45cef96 100755 --- a/src/etc/rc.newwanip +++ b/src/etc/rc.newwanip @@ -216,8 +216,8 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface /* * Some services (e.g. dyndns, see ticket #4066) depend on * filter_configure() to be called before, otherwise pass out - * route-to rules have the old ip set in 'from' and connection - * do not go through correct link + * route-to rules have the old ip set in 'from' and connections + * do not go through the correct link */ filter_configure_sync(); diff --git a/src/etc/rc.ntpdate b/src/etc/rc.ntpdate index 4bdc647..02f53aa 100755 --- a/src/etc/rc.ntpdate +++ b/src/etc/rc.ntpdate @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id: */ /* rc.ntpdate part of m0n0wall (http://m0n0.ch/wall) diff --git a/src/etc/rc.openvpn b/src/etc/rc.openvpn index cda8067..790f9c8 100755 --- a/src/etc/rc.openvpn +++ b/src/etc/rc.openvpn @@ -76,7 +76,7 @@ if (isset($_GET['interface'])) { } if ((is_array($config['openvpn']['openvpn-server']) && count($config['openvpn']['openvpn-server'])) || - (is_array($config['openvpn']['openvpn-client']) && count($config['openvpn']['openvpn-client']))) { + (is_array($config['openvpn']['openvpn-client']) && count($config['openvpn']['openvpn-client']))) { if (empty($argument) || $argument == "all") { $argument = "all"; $log_text = "all"; diff --git a/src/etc/rc.packages b/src/etc/rc.packages index 59fb5ca..f4ec045 100755 --- a/src/etc/rc.packages +++ b/src/etc/rc.packages @@ -1,6 +1,5 @@ #!/usr/local/bin/php -f <?php -/* $Id$ */ /* rc.packages part of pfSense (https://www.pfsense.org) @@ -74,15 +73,15 @@ if ($pkg == '' || $when == '') { pkg_remove_prefix($pkg); switch ($when) { -case "post-install": - install_package_xml($pkg); - break; -case "deinstall": -case "post-deinstall": - delete_package_xml($pkg, $when); - break; -default: - usage(); + case "post-install": + install_package_xml($pkg); + break; + case "deinstall": + case "post-deinstall": + delete_package_xml($pkg, $when); + break; + default: + usage(); } ?> diff --git a/src/etc/rc.php-fpm_restart b/src/etc/rc.php-fpm_restart index 6ce04c6..a9a9ee1 100755 --- a/src/etc/rc.php-fpm_restart +++ b/src/etc/rc.php-fpm_restart @@ -5,7 +5,7 @@ echo ">>> Killing php-fpm" sleep 2 # Run the php.ini setup file and populate -# /usr/local/etc/php.ini and /usr/local/lib/php.ini +# /usr/local/etc/php.ini /etc/rc.conf_mount_rw /etc/rc.php_ini_setup 2>/tmp/php_errors.txt /bin/rm -f /var/run/php-fpm.pid 2>/dev/null @@ -13,5 +13,5 @@ sleep 2 /etc/rc.conf_mount_ro echo ">>> Restarting php-fpm" | /usr/bin/logger -p daemon.info -i -t rc.php-fpm_restart echo ">>> Starting php-fpm" -/usr/local/sbin/php-fpm -c /usr/local/lib/php.ini -y /usr/local/lib/php-fpm.conf -RD 2>&1 >/dev/null +/usr/local/sbin/php-fpm -c /usr/local/etc/php.ini -y /usr/local/lib/php-fpm.conf -RD 2>&1 >/dev/null diff --git a/src/etc/rc.php_ini_setup b/src/etc/rc.php_ini_setup index b4038e7..7d1054e 100755 --- a/src/etc/rc.php_ini_setup +++ b/src/etc/rc.php_ini_setup @@ -151,9 +151,6 @@ PHP_ZEND_MODULES="" if [ -f /usr/local/etc/php.ini ]; then /bin/rm /usr/local/etc/php.ini fi -if [ -f /usr/local/lib/php.ini ]; then - /bin/rm /usr/local/lib/php.ini -fi LOADED_MODULES=`/usr/local/bin/php-cgi -m | /usr/bin/grep -v "\["` unset TIMEZONE @@ -176,7 +173,7 @@ fi # Populate a dummy php.ini to avoid # the file being clobbered and the firewall # not being able to boot back up. -/bin/cat >/usr/local/lib/php.ini <<EOF +/bin/cat >/usr/local/etc/php.ini <<EOF ; File generated from /etc/rc.php_ini_setup output_buffering = "0" expose_php = Off @@ -194,7 +191,7 @@ post_max_size = 200M html_errors = Off zlib.output_compression = Off zlib.output_compression_level = 1 -include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg" +include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg:/usr/local/www/classes:/usr/local/www/classes/Form" display_startup_errors=on display_errors=on log_errors=on @@ -206,9 +203,6 @@ date.timezone="${TIMEZONE}" EOF -# Copy php.ini file to etc/ too (cli) -/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini - # Loop through and generate modules to load. # Take into account modules built into php. for EXT in $PHPMODULES; do @@ -222,7 +216,7 @@ for EXT in $PHPMODULES; do if [ "$SHOULDADD" = "true" ]; then # Ensure extension exists before adding. if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then - echo "extension=${EXT}.so" >> /usr/local/lib/php.ini + echo "extension=${EXT}.so" >> /usr/local/etc/php.ini fi fi done @@ -231,13 +225,13 @@ done for EXT in $PHP_ZEND_MODULES; do # Ensure extension exists before adding. if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then - echo "zend_extension=${EXT}.so" >> /usr/local/lib/php.ini + echo "zend_extension=${EXT}.so" >> /usr/local/etc/php.ini fi done if [ "$LOWMEM" != "TRUE" ]; then - /bin/cat >>/usr/local/lib/php.ini <<EOF + /bin/cat >>/usr/local/etc/php.ini <<EOF ; opcache Settings opcache.enabled="1" @@ -246,13 +240,13 @@ opcache.memory_consumption="${OPCACHEMEMSIZE}" EOF else - /bin/cat >>/usr/local/lib/php.ini <<EOF + /bin/cat >>/usr/local/etc/php.ini <<EOF ; opcache Settings opcache.enabled="0" EOF fi - /bin/cat >>/usr/local/lib/php.ini <<EOF + /bin/cat >>/usr/local/etc/php.ini <<EOF [suhosin] suhosin.get.max_array_depth = 5000 @@ -343,9 +337,6 @@ EOF fi -# Copy php.ini file to etc/ too (cli) -/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini - # Remove old log file if it exists. if [ -f /var/run/php_modules_load_errors.txt ]; then /bin/rm /var/run/php_modules_load_errors.txt @@ -376,12 +367,9 @@ for EXT in $PHPMODULESLC; do if [ "$SHOULDREMOVE" = "true" ]; then if [ -f "${EXTENSIONSDIR}${EXT}.so" ]; then echo ">>> ${EXT} did not load correctly. Removing from php.ini..." >> /var/run/php_modules_load_errors.txt - /bin/cat /usr/local/lib/php.ini | /usr/bin/grep -v $EXT > /tmp/php.ini - /bin/rm -f /usr/local/lib/php.ini - /bin/mv /tmp/php.ini /usr/local/lib/php.ini + /bin/cat /usr/local/etc/php.ini | /usr/bin/grep -v $EXT > /tmp/php.ini + /bin/rm -f /usr/local/etc/php.ini + /bin/mv /tmp/php.ini /usr/local/etc/php.ini fi fi done - -# Copy php.ini file to etc/ too (cli) -/bin/cp /usr/local/lib/php.ini /usr/local/etc/php.ini diff --git a/src/etc/rc.prunecaptiveportal b/src/etc/rc.prunecaptiveportal index c4b760a..d53d2bb 100755 --- a/src/etc/rc.prunecaptiveportal +++ b/src/etc/rc.prunecaptiveportal @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.prunecaptiveportal part of m0n0wall (http://m0n0.ch/wall) diff --git a/src/etc/rc.reload_all b/src/etc/rc.reload_all index 162553c..39007a8 100755 --- a/src/etc/rc.reload_all +++ b/src/etc/rc.reload_all @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.reload_all part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.reload_interfaces b/src/etc/rc.reload_interfaces index e34588f..59bfe79 100755 --- a/src/etc/rc.reload_interfaces +++ b/src/etc/rc.reload_interfaces @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.reload_interfaces part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.savevoucher b/src/etc/rc.savevoucher index 22e592d..824641d 100755 --- a/src/etc/rc.savevoucher +++ b/src/etc/rc.savevoucher @@ -1,6 +1,7 @@ #!/usr/local/bin/php-cgi -f <?php /* + rc.savevoucher part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2007 Marcel Wiget <mwiget@mac.com>. diff --git a/src/etc/rc.start_packages b/src/etc/rc.start_packages index 233c236..011e2e7 100755 --- a/src/etc/rc.start_packages +++ b/src/etc/rc.start_packages @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.start_packages part of pfSense (https://www.pfsense.org) diff --git a/src/etc/rc.update_alias_url_data b/src/etc/rc.update_alias_url_data index fd56b43..65a13ba 100755 --- a/src/etc/rc.update_alias_url_data +++ b/src/etc/rc.update_alias_url_data @@ -1,6 +1,5 @@ #!/usr/local/bin/php-cgi -f <?php -/* $Id$ */ /* rc.update_alias_url_data part of pfSense (https://www.pfsense.org) diff --git a/src/etc/services b/src/etc/services deleted file mode 100644 index 1f85da0..0000000 --- a/src/etc/services +++ /dev/null @@ -1,4111 +0,0 @@ -# -# Network services, Internet style -# -# Note that it is presently the policy of IANA to assign a single well-known -# port number for both TCP and UDP; hence, most entries here have two entries -# even if the protocol doesn't support UDP operations. -# -# The latest IANA port assignments can be gotten from -# -# http://www.iana.org/assignments/port-numbers -# -# The Well Known Ports are those from 0 through 1023. -# The Registered Ports are those from 1024 through 49151 -# The Dynamic and/or Private Ports are those from 49152 through 65535 -# -# Kerberos services are for Kerberos v4, and are unofficial. Sites running -# v5 should uncomment v5 entries and comment v4 entries. -# -# $FreeBSD: src/etc/services,v 1.62.2.12 2003/02/01 16:48:17 schweikh Exp $ -# From: @(#)services 5.8 (Berkeley) 5/9/91 -# -# WELL KNOWN PORT NUMBERS -# -rtmp 1/ddp #Routing Table Maintenance Protocol -tcpmux 1/tcp #TCP Port Service Multiplexer -tcpmux 1/udp #TCP Port Service Multiplexer -nbp 2/ddp #Name Binding Protocol -compressnet 2/tcp #Management Utility -compressnet 2/udp #Management Utility -compressnet 3/tcp #Compression Process -compressnet 3/udp #Compression Process -echo 4/ddp #AppleTalk Echo Protocol -rje 5/tcp #Remote Job Entry -rje 5/udp #Remote Job Entry -zip 6/ddp #Zone Information Protocol -echo 7/tcp -echo 7/udp -discard 9/tcp sink null -discard 9/udp sink null -systat 11/tcp users #Active Users -systat 11/udp users #Active Users -daytime 13/tcp -daytime 13/udp -qotd 17/tcp quote #Quote of the Day -qotd 17/udp quote #Quote of the Day -msp 18/tcp #Message Send Protocol -msp 18/udp #Message Send Protocol -chargen 19/tcp ttytst source #Character Generator -chargen 19/udp ttytst source #Character Generator -ftp-data 20/tcp #File Transfer [Default Data] -ftp-data 20/udp #File Transfer [Default Data] -ftp 21/tcp #File Transfer [Control] -ftp 21/udp #File Transfer [Control] -ssh 22/tcp #Secure Shell Login -ssh 22/udp #Secure Shell Login -telnet 23/tcp -telnet 23/udp -# 24/tcp any private mail system -# 24/udp any private mail system -smtp 25/tcp mail #Simple Mail Transfer -smtp 25/udp mail #Simple Mail Transfer -nsw-fe 27/tcp #NSW User System FE -nsw-fe 27/udp #NSW User System FE -msg-icp 29/tcp #MSG ICP -msg-icp 29/udp #MSG ICP -msg-auth 31/tcp #MSG Authentication -msg-auth 31/udp #MSG Authentication -dsp 33/tcp #Display Support Protocol -dsp 33/udp #Display Support Protocol -# 35/tcp any private printer server -# 35/udp any private printer server -time 37/tcp timserver -time 37/udp timserver -rap 38/tcp #Route Access Protocol -rap 38/udp #Route Access Protocol -rlp 39/tcp resource #Resource Location Protocol -rlp 39/udp resource #Resource Location Protocol -graphics 41/tcp -graphics 41/udp -nameserver 42/tcp name #Host Name Server -nameserver 42/udp name #Host Name Server -nicname 43/tcp whois -nicname 43/udp whois -mpm-flags 44/tcp #MPM FLAGS Protocol -mpm-flags 44/udp #MPM FLAGS Protocol -mpm 45/tcp #Message Processing Module [recv] -mpm 45/udp #Message Processing Module [recv] -mpm-snd 46/tcp #MPM [default send] -mpm-snd 46/udp #MPM [default send] -ni-ftp 47/tcp #NI FTP -ni-ftp 47/udp #NI FTP -auditd 48/tcp #Digital Audit Daemon -auditd 48/udp #Digital Audit Daemon -tacacs 49/tcp #Login Host Protocol (TACACS) -tacacs 49/udp #Login Host Protocol (TACACS) -re-mail-ck 50/tcp #Remote Mail Checking Protocol -re-mail-ck 50/udp #Remote Mail Checking Protocol -la-maint 51/tcp #IMP Logical Address Maintenance -la-maint 51/udp #IMP Logical Address Maintenance -xns-time 52/tcp #XNS Time Protocol -xns-time 52/udp #XNS Time Protocol -domain 53/tcp #Domain Name Server -domain 53/udp #Domain Name Server -xns-ch 54/tcp #XNS Clearinghouse -xns-ch 54/udp #XNS Clearinghouse -isi-gl 55/tcp #ISI Graphics Language -isi-gl 55/udp #ISI Graphics Language -xns-auth 56/tcp #XNS Authentication -xns-auth 56/udp #XNS Authentication -mtp 57/tcp # deprecated -#PROBLEMS!============================================================== -# 57/tcp any private terminal access -#PROBLEMS!============================================================== -# 57/udp any private terminal access -xns-mail 58/tcp #XNS Mail -xns-mail 58/udp #XNS Mail -# 59/tcp any private file service -# 59/udp any private file service -ni-mail 61/tcp #NI MAIL -ni-mail 61/udp #NI MAIL -acas 62/tcp #ACA Services -acas 62/udp #ACA Services -whois++ 63/tcp -whois++ 63/udp -covia 64/tcp #Communications Integrator (CI) -covia 64/udp #Communications Integrator (CI) -tacacs-ds 65/tcp #TACACS-Database Service -tacacs-ds 65/udp #TACACS-Database Service -sql*net 66/tcp #Oracle SQL*NET -sql*net 66/udp #Oracle SQL*NET -bootps 67/tcp dhcps #Bootstrap Protocol Server -bootps 67/udp dhcps #Bootstrap Protocol Server -bootpc 68/tcp dhcpc #Bootstrap Protocol Client -bootpc 68/udp dhcpc #Bootstrap Protocol Client -tftp 69/tcp #Trivial File Transfer -tftp 69/udp #Trivial File Transfer -tftp-proxy 6969/udp -gopher 70/tcp -gopher 70/udp -netrjs-1 71/tcp #Remote Job Service -netrjs-1 71/udp #Remote Job Service -netrjs-2 72/tcp #Remote Job Service -netrjs-2 72/udp #Remote Job Service -netrjs-3 73/tcp #Remote Job Service -netrjs-3 73/udp #Remote Job Service -netrjs-4 74/tcp #Remote Job Service -netrjs-4 74/udp #Remote Job Service -# 75/tcp any private dial out service -# 75/udp any private dial out service -deos 76/tcp #Distributed External Object Store -deos 76/udp #Distributed External Object Store -netrjs 77/tcp -#PROBLEMS!============================================================== -# 77/tcp any private RJE service -#PROBLEMS!============================================================== -# 77/udp any private RJE service -vettcp 78/tcp -vettcp 78/udp -finger 79/tcp -finger 79/udp -http 80/tcp www www-http #World Wide Web HTTP -http 80/udp www www-http #World Wide Web HTTP -hosts2-ns 81/tcp #HOSTS2 Name Server -hosts2-ns 81/udp #HOSTS2 Name Server -xfer 82/tcp #XFER Utility -xfer 82/udp #XFER Utility -mit-ml-dev 83/tcp #MIT ML Device -mit-ml-dev 83/udp #MIT ML Device -ctf 84/tcp #Common Trace Facility -ctf 84/udp #Common Trace Facility -mit-ml-dev 85/tcp #MIT ML Device -mit-ml-dev 85/udp #MIT ML Device -mfcobol 86/tcp #Micro Focus Cobol -mfcobol 86/udp #Micro Focus Cobol -ttylink 87/tcp -#PROBLEMS!=========================================================== -# 87/tcp any private terminal link -#PROBLEMS!=========================================================== -# 87/udp any private terminal link -kerberos-sec 88/tcp kerberos # krb5 # Kerberos (v5) -kerberos-sec 88/udp kerberos # krb5 # Kerberos (v5) -su-mit-tg 89/tcp #SU/MIT Telnet Gateway -su-mit-tg 89/udp #SU/MIT Telnet Gateway -dnsix 90/tcp #DNSIX Securit Attribute Token Map -dnsix 90/udp #DNSIX Securit Attribute Token Map -mit-dov 91/tcp #MIT Dover Spooler -mit-dov 91/udp #MIT Dover Spooler -npp 92/tcp #Network Printing Protocol -npp 92/udp #Network Printing Protocol -dcp 93/tcp #Device Control Protocol -dcp 93/udp #Device Control Protocol -objcall 94/tcp #Tivoli Object Dispatcher -objcall 94/udp #Tivoli Object Dispatcher -supdup 95/tcp -supdup 95/udp -dixie 96/tcp #DIXIE Protocol Specification -dixie 96/udp #DIXIE Protocol Specification -swift-rvf 97/tcp #Swift Remote Virtural File Protocol -swift-rvf 97/udp #Swift Remote Virtural File Protocol -tacnews 98/tcp #TAC News, Unofficial: Red Hat linuxconf -tacnews 98/udp #TAC News, Unofficial: Red Hat linuxconf -metagram 99/tcp #Metagram Relay -metagram 99/udp #Metagram Relay -newacct 100/tcp #[unauthorized use] -hostname 101/tcp hostnames #NIC Host Name Server -hostname 101/udp hostnames #NIC Host Name Server -iso-tsap 102/tcp tsap #ISO-TSAP Class 0 -iso-tsap 102/udp tsap #ISO-TSAP Class 0 -gppitnp 103/tcp #Genesis Point-to-Point Trans Net -gppitnp 103/udp #Genesis Point-to-Point Trans Net -acr-nema 104/tcp #ACR-NEMA Digital Imag. & Comm. 300 -acr-nema 104/udp #ACR-NEMA Digital Imag. & Comm. 300 -csnet-ns 105/tcp cso-ns cso #Mailbox Name Nameserver -csnet-ns 105/udp cso-ns cso #Mailbox Name Nameserver -pop3pw 106/tcp 3com-tsmux #Eudora compatible PW changer -3com-tsmux 106/udp -rtelnet 107/tcp #Remote Telnet Service -rtelnet 107/udp #Remote Telnet Service -snagas 108/tcp #SNA Gateway Access Server -snagas 108/udp #SNA Gateway Access Server -pop2 109/tcp postoffice #Post Office Protocol - Version 2 -pop2 109/udp postoffice #Post Office Protocol - Version 2 -pop3 110/tcp #Post Office Protocol - Version 3 -pop3 110/udp #Post Office Protocol - Version 3 -sunrpc 111/tcp rpcbind #SUN Remote Procedure Call -sunrpc 111/udp rpcbind #SUN Remote Procedure Call -mcidas 112/tcp #McIDAS Data Transmission Protocol -mcidas 112/udp #McIDAS Data Transmission Protocol -auth 113/tcp ident tap #Authentication Service -auth 113/udp ident tap #Authentication Service -audionews 114/tcp #Audio News Multicast -audionews 114/udp #Audio News Multicast -sftp 115/tcp #Simple File Transfer Protocol -sftp 115/udp #Simple File Transfer Protocol -ansanotify 116/tcp #ANSA REX Notify -ansanotify 116/udp #ANSA REX Notify -uucp-path 117/tcp #UUCP Path Service -uucp-path 117/udp #UUCP Path Service -sqlserv 118/tcp #SQL Services -sqlserv 118/udp #SQL Services -nntp 119/tcp usenet #Network News Transfer Protocol -nntp 119/udp usenet #Network News Transfer Protocol -cfdptkt 120/tcp -cfdptkt 120/udp -erpc 121/tcp #Encore Expedited Remote Pro.Call -erpc 121/udp #Encore Expedited Remote Pro.Call -smakynet 122/tcp -smakynet 122/udp -ntp 123/tcp #Network Time Protocol -ntp 123/udp #Network Time Protocol -ansatrader 124/tcp #ANSA REX Trader -ansatrader 124/udp #ANSA REX Trader -locus-map 125/tcp #Locus PC-Interface Net Map Ser -locus-map 125/udp #Locus PC-Interface Net Map Ser -unitary 126/tcp #Unisys Unitary Login -unitary 126/udp #Unisys Unitary Login -locus-con 127/tcp #Locus PC-Interface Conn Server -locus-con 127/udp #Locus PC-Interface Conn Server -gss-xlicen 128/tcp #GSS X License Verification -gss-xlicen 128/udp #GSS X License Verification -pwdgen 129/tcp #Password Generator Protocol -pwdgen 129/udp #Password Generator Protocol -cisco-fna 130/tcp #cisco FNATIVE -cisco-fna 130/udp #cisco FNATIVE -cisco-tna 131/tcp #cisco TNATIVE -cisco-tna 131/udp #cisco TNATIVE -cisco-sys 132/tcp #cisco SYSMAINT -cisco-sys 132/udp #cisco SYSMAINT -statsrv 133/tcp #Statistics Service -statsrv 133/udp #Statistics Service -ingres-net 134/tcp #INGRES-NET Service -ingres-net 134/udp #INGRES-NET Service -loc-srv 135/tcp epmap #Location Service -loc-srv 135/udp epmap #Location Service -profile 136/tcp #PROFILE Naming System -profile 136/udp #PROFILE Naming System -netbios-ns 137/tcp #NETBIOS Name Service -netbios-ns 137/udp #NETBIOS Name Service -netbios-dgm 138/tcp #NETBIOS Datagram Service -netbios-dgm 138/udp #NETBIOS Datagram Service -netbios-ssn 139/tcp #NETBIOS Session Service -netbios-ssn 139/udp #NETBIOS Session Service -emfis-data 140/tcp #EMFIS Data Service -emfis-data 140/udp #EMFIS Data Service -emfis-cntl 141/tcp #EMFIS Control Service -emfis-cntl 141/udp #EMFIS Control Service -bl-idm 142/tcp #Britton-Lee IDM -bl-idm 142/udp #Britton-Lee IDM -imap 143/tcp imap2 imap4 #Interim Mail Access Protocol v2 -imap 143/udp imap2 imap4 #Interim Mail Access Protocol v2 -NeWS 144/tcp # Window System -NeWS 144/udp # Window System -#PROBLEMS!============================================================== -#uma 144/tcp #Universal Management Architecture -#uma 144/udp #Universal Management Architecture -#PROBLEMS!============================================================== -uaac 145/tcp #UAAC Protocol -uaac 145/udp #UAAC Protocol -iso-tp0 146/tcp -iso-tp0 146/udp -iso-ip 147/tcp -iso-ip 147/udp -cronus 148/tcp jargon #CRONUS-SUPPORT -cronus 148/udp jargon #CRONUS-SUPPORT -aed-512 149/tcp #AED 512 Emulation Service -aed-512 149/udp #AED 512 Emulation Service -sql-net 150/tcp -sql-net 150/udp -hems 151/tcp -hems 151/udp -bftp 152/tcp #Background File Transfer Program -bftp 152/udp #Background File Transfer Program -sgmp 153/tcp -sgmp 153/udp -netsc-prod 154/tcp -netsc-prod 154/udp -netsc-dev 155/tcp -netsc-dev 155/udp -sqlsrv 156/tcp #SQL Service -sqlsrv 156/udp #SQL Service -knet-cmp 157/tcp #KNET/VM Command/Message Protocol -knet-cmp 157/udp #KNET/VM Command/Message Protocol -pcmail-srv 158/tcp #PCMail Server -pcmail-srv 158/udp #PCMail Server -nss-routing 159/tcp -nss-routing 159/udp -sgmp-traps 160/tcp -sgmp-traps 160/udp -snmp 161/tcp -snmp 161/udp -snmptrap 162/tcp snmp-trap -snmptrap 162/udp snmp-trap -cmip-man 163/tcp #CMIP/TCP Manager -cmip-man 163/udp #CMIP/TCP Manager -cmip-agent 164/tcp #CMIP/TCP Agent -smip-agent 164/udp #CMIP/TCP Agent -xns-courier 165/tcp #Xerox -xns-courier 165/udp #Xerox -s-net 166/tcp #Sirius Systems -s-net 166/udp #Sirius Systems -namp 167/tcp -namp 167/udp -rsvd 168/tcp -rsvd 168/udp -send 169/tcp -send 169/udp -print-srv 170/tcp #Network PostScript -print-srv 170/udp #Network PostScript -multiplex 171/tcp #Network Innovations Multiplex -multiplex 171/udp #Network Innovations Multiplex -cl/1 172/tcp #Network Innovations CL/1 -cl/1 172/udp #Network Innovations CL/1 -xyplex-mux 173/tcp -xyplex-mux 173/udp -mailq 174/tcp -mailq 174/udp -vmnet 175/tcp -vmnet 175/udp -genrad-mux 176/tcp -genrad-mux 176/udp -xdmcp 177/tcp #X Display Manager Control Protocol -xdmcp 177/udp #X Display Manager Control Protocol -NextStep 178/tcp nextstep NeXTStep #NextStep Window Server -NextStep 178/udp nextstep NeXTStep #NextStep Window Server -bgp 179/tcp #Border Gateway Protocol -bgp 179/udp #Border Gateway Protocol -ris 180/tcp #Intergraph -ris 180/udp #Intergraph -unify 181/tcp -unify 181/udp -audit 182/tcp #Unisys Audit SITP -audit 182/udp #Unisys Audit SITP -ocbinder 183/tcp -ocbinder 183/udp -ocserver 184/tcp -ocserver 184/udp -remote-kis 185/tcp -remote-kis 185/udp -kis 186/tcp #KIS Protocol -kis 186/udp #KIS Protocol -aci 187/tcp #Application Communication Interface -aci 187/udp #Application Communication Interface -mumps 188/tcp #Plus Five's MUMPS -mumps 188/udp #Plus Five's MUMPS -qft 189/tcp #Queued File Transport -qft 189/udp #Queued File Transport -gacp 190/tcp #Gateway Access Control Protocol -gacp 190/udp cacp #Gateway Access Control Protocol -prospero 191/tcp #Prospero Directory Service -prospero 191/udp #Prospero Directory Service -osu-nms 192/tcp #OSU Network Monitoring System -osu-nms 192/udp #OSU Network Monitoring System -srmp 193/tcp #Spider Remote Monitoring Protocol -srmp 193/udp #Spider Remote Monitoring Protocol -irc 194/tcp #Internet Relay Chat Protocol -irc 194/udp #Internet Relay Chat Protocol -dn6-nlm-aud 195/tcp #DNSIX Network Level Module Audit -dn6-nlm-aud 195/udp #DNSIX Network Level Module Audit -dn6-smm-red 196/tcp #DNSIX Session Mgt Module Audit Redir -dn6-smm-red 196/udp #DNSIX Session Mgt Module Audit Redir -dls 197/tcp #Directory Location Service -dls 197/udp #Directory Location Service -dls-mon 198/tcp #Directory Location Service Monitor -dls-mon 198/udp #Directory Location Service Monitor -smux 199/tcp -smux 199/udp -src 200/tcp #IBM System Resource Controller -src 200/udp #IBM System Resource Controller -at-rtmp 201/tcp #AppleTalk Routing Maintenance -at-rtmp 201/udp #AppleTalk Routing Maintenance -at-nbp 202/tcp #AppleTalk Name Binding -at-nbp 202/udp #AppleTalk Name Binding -at-3 203/tcp #AppleTalk Unused -at-3 203/udp #AppleTalk Unused -at-echo 204/tcp #AppleTalk Echo -at-echo 204/udp #AppleTalk Echo -at-5 205/tcp #AppleTalk Unused -at-5 205/udp #AppleTalk Unused -at-zis 206/tcp #AppleTalk Zone Information -at-zis 206/udp #AppleTalk Zone Information -at-7 207/tcp #AppleTalk Unused -at-7 207/udp #AppleTalk Unused -at-8 208/tcp #AppleTalk Unused -at-8 208/udp #AppleTalk Unused -qmtp 209/tcp #The Quick Mail Transfer Protocol -qmtp 209/udp #The Quick Mail Transfer Protocol -#PROBLEMS!============================================================== -#tam 209/tcp #Trivial Authenticated Mail Protocol -#tam 209/udp #Trivial Authenticated Mail Protocol -#PROBLEMS!============================================================== -z39.50 210/tcp wais #ANSI Z39.50 -z39.50 210/udp wais #ANSI Z39.50 -914c/g 211/tcp #Texas Instruments 914C/G Terminal -914c/g 211/udp #Texas Instruments 914C/G Terminal -anet 212/tcp #ATEXSSTR -anet 212/udp #ATEXSSTR -ipx 213/tcp -ipx 213/udp -vmpwscs 214/tcp -vmpwscs 214/udp -softpc 215/tcp #Insignia Solutions -softpc 215/udp #Insignia Solutions -CAIlic 216/tcp atls #Computer Associates Int'l License Server -CAIlic 216/udp atls #Computer Associates Int'l License Server -dbase 217/tcp #dBASE Unix -dbase 217/udp #dBASE Unix -mpp 218/tcp #Netix Message Posting Protocol -mpp 218/udp #Netix Message Posting Protocol -uarps 219/tcp #Unisys ARPs -uarps 219/udp #Unisys ARPs -#imap3@220 was never used and never should have been allocated. See PR 46294. -#imap3 220/tcp #Interactive Mail Access Protocol v3 -#imap3 220/udp #Interactive Mail Access Protocol v3 -fln-spx 221/tcp #Berkeley rlogind with SPX auth -fln-spx 221/udp #Berkeley rlogind with SPX auth -rsh-spx 222/tcp #Berkeley rshd with SPX auth -rsh-spx 222/udp #Berkeley rshd with SPX auth -cdc 223/tcp #Certificate Distribution Center -cdc 223/udp #Certificate Distribution Center -direct 242/tcp -direct 242/udp -sur-meas 243/tcp #Survey Measurement -sur-meas 243/udp #Survey Measurement -dayna 244/tcp -dayna 244/udp -link 245/tcp -link 245/udp -dsp3270 246/tcp #Display Systems Protocol -dsp3270 246/udp #Display Systems Protocol -subntbcst_tftp 247/tcp #subntbcst_tftp -subntbcst_tftp 247/udp #subntbcst_tftp -bhfhs 248/tcp -bhfhs 248/udp -# 249-255 reserved -rap 256/tcp -rap 256/udp -set 257/tcp #secure electronic transaction -set 257/udp #secure electronic transaction -yak-chat 258/tcp #yak winsock personal chat -yak-chat 258/udp #yak winsock personal chat -esro-gen 259/tcp #efficient short remote operations -esro-gen 259/udp #efficient short remote operations -openport 260/tcp -openport 260/udp -nsiiops 261/tcp #iiop name service over tls/ssl -nsiiops 261/udp #iiop name service over tls/ssl -arcisdms 262/tcp -arcisdms 262/udp -hdap 263/tcp -hdap 263/udp -bgmp 264/tcp -bgmp 264/udp -# 265-279 unassigned -http-mgmt 280/tcp -http-mgmt 280/udp -personal-link 281/tcp -personal-link 281/udp -cableport-ax 282/tcp #cable port a/x -cableport-ax 282/udp #cable port a/x -# 283-307 unassigned -novastorbakcup 308/tcp #novastor backup -novastorbakcup 308/udp #novastor backup -entrusttime 309/tcp -entrusttime 309/udp -bhmds 310/tcp -bhmds 310/udp -asip-webadmin 311/tcp #appleshare ip webadmin -asip-webadmin 311/udp #appleshare ip webadmin -vslmp 312/tcp -vslmp 312/udp -magenta-logic 313/tcp -magenta-logic 313/udp -opalis-robot 314/tcp -opalis-robot 314/udp -dpsi 315/tcp -dpsi 315/udp -decauth 316/tcp -decauth 316/udp -zannet 317/tcp -zannet 317/udp -# 318-320 #unassigned -pip 321/tcp -pip 321/udp -# 322-343 #unassigned -pdap 344/tcp #Prospero Data Access Protocol -pdap 344/udp #Prospero Data Access Protocol -pawserv 345/tcp #Perf Analysis Workbench -pawserv 345/udp #Perf Analysis Workbench -zserv 346/tcp #Zebra server -zserv 346/udp #Zebra server -fatserv 347/tcp #Fatmen Server -fatserv 347/udp #Fatmen Server -csi-sgwp 348/tcp #Cabletron Management Protocol -csi-sgwp 348/udp #Cabletron Management Protocol -mftp 349/tcp -mftp 349/udp -matip-type-a 350/tcp #MATIP Type A -matip-type-a 350/udp -matip-type-b 351/tcp #MATIP Type B -matip-type-b 351/udp -bhoetty 351/tcp #unassigned but widespread use -bhoetty 351/udp #unassigned but widespread use -dtag-ste-sb 352/tcp #DTAG -dtag-ste-sb 352/udp #DTAG -bhoedap4 352/tcp #unassigned but widespread use -bhoedap4 352/udp #unassigned but widespread use -ndsauth 353/tcp -ndsauth 353/udp -bh611 354/tcp -bh611 354/udp -datex-asn 355/tcp -datex-asn 355/udp -cloanto-net-1 356/tcp #Cloanto Net 1 -cloanto-net-1 356/udp -bhevent 357/tcp -bhevent 357/udp -shrinkwrap 358/tcp -shrinkwrap 358/udp -tenebris_nts 359/tcp #Tenebris Network Trace Service -tenebris_nts 359/udp #Tenebris Network Trace Service -scoi2odialog 360/tcp -scoi2odialog 360/udp -semantix 361/tcp -semantix 361/udp -srssend 362/tcp #SRS Send -srssend 362/udp #SRS Send -rsvp_tunnel 363/tcp -rsvp_tunnel 363/udp -aurora-cmgr 364/tcp -aurora-cmgr 364/udp -dtk 365/tcp #Deception Tool Kit - Fred Cohen <fc@all.net> -dtk 365/udp #Deception Tool Kit - Fred Cohen <fc@all.net> -odmr 366/tcp -odmr 366/udp -mortgageware 367/tcp -mortgageware 367/udp -qbikgdp 368/tcp #QbikGDP -qbikgdp 368/udp -rpc2portmap 369/tcp -rpc2portmap 369/udp -codaauth2 370/tcp -codaauth2 370/udp -clearcase 371/tcp -clearcase 371/udp -ulistserv 372/tcp ulistproc #Unix Listserv -ulistserv 372/udp ulistproc #Unix Listserv -legent-1 373/tcp #Legent Corporation (now Computer Associates Intl.) -legent-1 373/udp #Legent Corporation (now Computer Associates Intl.) -legent-2 374/tcp #Legent Corporation (now Computer Associates Intl.) -legent-2 374/udp #Legent Corporation (now Computer Associates Intl.) -hassle 375/tcp -hassle 375/udp -nip 376/tcp #Amiga Envoy Network Inquiry Proto -nip 376/udp #Amiga Envoy Network Inquiry Proto -tnETOS 377/tcp #NEC Corporation -tnETOS 377/udp #NEC Corporation -dsETOS 378/tcp #NEC Corporation -dsETOS 378/udp #NEC Corporation -is99c 379/tcp #TIA/EIA/IS-99 modem client -is99c 379/udp #TIA/EIA/IS-99 modem client -is99s 380/tcp #TIA/EIA/IS-99 modem server -is99s 380/udp #TIA/EIA/IS-99 modem server -hp-collector 381/tcp #hp performance data collector -hp-collector 381/udp #hp performance data collector -hp-managed-node 382/tcp #hp performance data managed node -hp-managed-node 382/udp #hp performance data managed node -hp-alarm-mgr 383/tcp #hp performance data alarm manager -hp-alarm-mgr 383/udp #hp performance data alarm manager -arns 384/tcp #A Remote Network Server System -arns 384/udp #A Remote Network Server System -ibm-app 385/tcp #IBM Application -ibm-app 385/udp #IBM Application -asa 386/tcp #ASA Message Router Object Def. -asa 386/udp #ASA Message Router Object Def. -aurp 387/tcp #Appletalk Update-Based Routing Pro. -aurp 387/udp #Appletalk Update-Based Routing Pro. -unidata-ldm 388/tcp #Unidata LDM Version 4 -unidata-ldm 388/udp #Unidata LDM Version 4 -ldap 389/tcp #Lightweight Directory Access Protocol -ldap 389/udp #Lightweight Directory Access Protocol -uis 390/tcp -uis 390/udp -synotics-relay 391/tcp #SynOptics SNMP Relay Port -synotics-relay 391/udp #SynOptics SNMP Relay Port -synotics-broker 392/tcp #SynOptics Port Broker Port -synotics-broker 392/udp #SynOptics Port Broker Port -dis 393/tcp #Data Interpretation System -dis 393/udp #Data Interpretation System -embl-ndt 394/tcp #EMBL Nucleic Data Transfer -embl-ndt 394/udp #EMBL Nucleic Data Transfer -netcp 395/tcp #NETscout Control Protocol -netcp 395/udp #NETscout Control Protocol -netware-ip 396/tcp #Novell Netware over IP -netware-ip 396/udp #Novell Netware over IP -mptn 397/tcp #Multi Protocol Trans. Net. -mptn 397/udp #Multi Protocol Trans. Net. -kryptolan 398/tcp -kryptolan 398/udp -iso-tsap-c2 399/tcp #ISO-TSAP Class 2 -iso-tsap-c2 399/udp #ISO-TSAP Class 2 -work-sol 400/tcp #Workstation Solutions -work-sol 400/udp #Workstation Solutions -ups 401/tcp #Uninterruptible Power Supply -ups 401/udp #Uninterruptible Power Supply -genie 402/tcp #Genie Protocol -genie 402/udp #Genie Protocol -decap 403/tcp -decap 403/udp -nced 404/tcp -nced 404/udp -ncld 405/tcp -ncld 405/udp -imsp 406/tcp #Interactive Mail Support Protocol -imsp 406/udp #Interactive Mail Support Protocol -timbuktu 407/tcp -timbuktu 407/udp -prm-sm 408/tcp #Prospero Resource Manager Sys. Man. -prm-sm 408/udp #Prospero Resource Manager Sys. Man. -prm-nm 409/tcp #Prospero Resource Manager Node Man. -prm-nm 409/udp #Prospero Resource Manager Node Man. -decladebug 410/tcp #DECLadebug Remote Debug Protocol -decladebug 410/udp #DECLadebug Remote Debug Protocol -rmt 411/tcp #Remote MT Protocol -rmt 411/udp #Remote MT Protocol -synoptics-trap 412/tcp #Trap Convention Port -synoptics-trap 412/udp #Trap Convention Port -smsp 413/tcp -smsp 413/udp -infoseek 414/tcp -infoseek 414/udp -bnet 415/tcp -bnet 415/udp -silverplatter 416/tcp -silverplatter 416/udp -onmux 417/tcp -onmux 417/udp -hyper-g 418/tcp -hyper-g 418/udp -ariel1 419/tcp -ariel1 419/udp -smpte 420/tcp -smpte 420/udp -ariel2 421/tcp -ariel2 421/udp -ariel3 422/tcp -ariel3 422/udp -opc-job-start 423/tcp #IBM Operations Planning and Control Start -opc-job-start 423/udp #IBM Operations Planning and Control Start -opc-job-track 424/tcp #IBM Operations Planning and Control Track -opc-job-track 424/udp #IBM Operations Planning and Control Track -icad-el 425/tcp -icad-el 425/udp -smartsdp 426/tcp -smartsdp 426/udp -svrloc 427/tcp #Server Location -svrloc 427/udp #Server Location -ocs_cmu 428/tcp -ocs_cmu 428/udp -ocs_amu 429/tcp -ocs_amu 429/udp -utmpsd 430/tcp -utmpsd 430/udp -utmpcd 431/tcp -utmpcd 431/udp -iasd 432/tcp -iasd 432/udp -nnsp 433/tcp -nnsp 433/udp -mobileip-agent 434/tcp -mobileip-agent 434/udp -mobilip-mn 435/tcp -mobilip-mn 435/udp -dna-cml 436/tcp -dna-cml 436/udp -comscm 437/tcp -comscm 437/udp -dsfgw 438/tcp -dsfgw 438/udp -dasp 439/tcp -dasp 439/udp -sgcp 440/tcp -sgcp 440/udp -decvms-sysmgt 441/tcp -decvms-sysmgt 441/udp -cvc_hostd 442/tcp -cvc_hostd 442/udp -https 443/tcp -https 443/udp -snpp 444/tcp #Simple Network Paging Protocol -snpp 444/udp #Simple Network Paging Protocol -# [RFC1568] -microsoft-ds 445/tcp -microsoft-ds 445/udp -ddm-rdb 446/tcp -ddm-rdb 446/udp -ddm-dfm 447/tcp -ddm-dfm 447/udp -ddm-ssl 448/tcp ddm-byte -ddm-ssl 448/udp ddm-byte -as-servermap 449/tcp #AS Server Mapper -as-servermap 449/udp #AS Server Mapper -tserver 450/tcp -tserver 450/udp -sfs-smp-net 451/tcp #Cray Network Semaphore server -sfs-smp-net 451/udp #Cray Network Semaphore server -sfs-config 452/tcp #Cray SFS config server -sfs-config 452/udp #Cray SFS config server -creativeserver 453/tcp #CreativeServer -creativeserver 453/udp #CreativeServer -contentserver 454/tcp #ContentServer -contentserver 454/udp #ContentServer -creativepartnr 455/tcp #CreativePartnr -creativepartnr 455/udp #CreativePartnr -macon-tcp 456/tcp -macon-udp 456/udp -scohelp 457/tcp -scohelp 457/udp -appleqtc 458/tcp #apple quick time -appleqtc 458/udp #apple quick time -ampr-rcmd 459/tcp -ampr-rcmd 459/udp -skronk 460/tcp -skronk 460/udp -datasurfsrv 461/tcp -datasurfsrv 461/udp -datasurfsrvsec 462/tcp -datasurfsrvsec 462/udp -alpes 463/tcp -alpes 463/udp -# -kpasswd5 464/tcp # Kerberos (v5) -kpasswd5 464/udp # Kerberos (v5) -#PROBLEMS!============================================================== -# IANA has offically assigned these two ports as ``kpasswd'' -#kpasswd 464/tcp # Kerberos (v5) -#kpasswd 464/udp # Kerberos (v5) -#PROBLEMS!============================================================== -smtps 465/tcp #smtp protocol over TLS/SSL (was ssmtp) -smtps 465/udp #smtp protocol over TLS/SSL (was ssmtp) -digital-vrc 466/tcp -digital-vrc 466/udp -mylex-mapd 467/tcp -mylex-mapd 467/udp -photuris 468/tcp -photuris 468/udp -rcp 469/tcp #Radio Control Protocol -rcp 469/udp #Radio Control Protocol -scx-proxy 470/tcp -scx-proxy 470/udp -mondex 471/tcp -mondex 471/udp -ljk-login 472/tcp -ljk-login 472/udp -hybrid-pop 473/tcp -hybrid-pop 473/udp -tn-tl-w1 474/tcp -tn-tl-w2 474/udp -tcpnethaspsrv 475/tcp -tcpnethaspsrv 475/udp -tn-tl-fd1 476/tcp -tn-tl-fd1 476/udp -ss7ns 477/tcp -ss7ns 477/udp -spsc 478/tcp -spsc 478/udp -iafserver 479/tcp -iafserver 479/udp -iafdbase 480/tcp -iafdbase 480/udp -ph 481/tcp -ph 481/udp -bgs-nsi 482/tcp -bgs-nsi 482/udp -ulpnet 483/tcp -ulpnet 483/udp -integra-sme 484/tcp #Integra Software Management Environment -integra-sme 484/udp #Integra Software Management Environment -powerburst 485/tcp #Air Soft Power Burst -powerburst 485/udp #Air Soft Power Burst -avian 486/tcp -avian 486/udp -saft 487/tcp #saft Simple Asynchronous File Transfer -saft 487/udp #saft Simple Asynchronous File Transfer -gss-http 488/tcp -gss-http 488/udp -nest-protocol 489/tcp -nest-protocol 489/udp -micom-pfs 490/tcp -micom-pfs 490/udp -go-login 491/tcp -go-login 491/udp -ticf-1 492/tcp #Transport Independent Convergence for FNA -ticf-1 492/udp #Transport Independent Convergence for FNA -ticf-2 493/tcp #Transport Independent Convergence for FNA -ticf-2 493/udp #Transport Independent Convergence for FNA -pov-ray 494/tcp -pov-ray 494/udp -intecourier 495/tcp -intecourier 495/udp -pim-rp-disc 496/tcp -pim-rp-disc 496/udp -dantz 497/tcp -dantz 497/udp -siam 498/tcp -siam 498/udp -iso-ill 499/tcp #ISO ILL Protocol -iso-ill 499/udp #ISO ILL Protocol -isakmp 500/tcp -isakmp 500/udp -stmf 501/tcp -stmf 501/udp -asa-appl-proto 502/tcp -asa-appl-proto 502/udp -intrinsa 503/tcp -intrinsa 503/udp -citadel 504/tcp -citadel 504/udp -mailbox-lm 505/tcp -mailbox-lm 505/udp -ohimsrv 506/tcp -ohimsrv 506/udp -crs 507/tcp -crs 507/udp -xvttp 508/tcp -xvttp 508/udp -snare 509/tcp -snare 509/udp -fcp 510/tcp #FirstClass Protocol -fcp 510/udp #FirstClass Protocol -passgo 511/tcp -passgo 511/udp -# -# Berkeley-specific services -# -exec 512/tcp #remote process execution; -# authentication performed using -# passwords and UNIX login names -biff 512/udp comsat #used by mail system to notify users -# of new mail received; currently -# receives messages only from -# processes on the same machine -login 513/tcp #remote login a la telnet; -# automatic authentication performed -# based on priviledged port numbers -# and distributed data bases which -# identify "authentication domains" -who 513/udp whod #maintains data bases showing who's -# logged in to machines on a local -# net and the load average of the -# machine -shell 514/tcp cmd #like exec, but automatic -# authentication is performed as for -# login server -syslog 514/udp -printer 515/tcp spooler -printer 515/udp spooler -videotex 516/tcp -videotex 516/udp -talk 517/tcp #like tenex link, but across -# machine - unfortunately, doesn't -# use link protocol (this is actually -# just a rendezvous port from which a -# tcp connection is established) -talk 517/udp #like tenex link, but across -# machine - unfortunately, doesn't -# use link protocol (this is actually -# just a rendezvous port from which a -# tcp connection is established) -ntalk 518/tcp -ntalk 518/udp -utime 519/tcp unixtime -utime 519/udp unixtime -efs 520/tcp #extended file name server -router 520/udp route routed #local routing process (on site); -# uses variant of Xerox NS routing -# information protocol -ripng 521/tcp -ripng 521/udp -ulp 522/tcp -ulp 522/udp -ibm-db2 523/tcp -ibm-db2 523/udp -ncp 524/tcp -ncp 524/udp -timed 525/tcp timeserver -timed 525/udp timeserver -tempo 526/tcp newdate -tempo 526/udp newdate -stx 527/tcp #Stock IXChange -stx 527/udp #Stock IXChange -custix 528/tcp #Customer IXChange -custix 528/udp #Customer IXChange -irc-serv 529/tcp -irc-serv 529/udp -courier 530/tcp rpc -courier 530/udp rpc -conference 531/tcp chat -conference 531/udp chat -netnews 532/tcp readnews -netnews 532/udp readnews -netwall 533/tcp #for emergency broadcasts -netwall 533/udp #for emergency broadcasts -mm-admin 534/tcp #MegaMedia Admin -mm-admin 534/udp #MegaMedia Admin -iiop 535/tcp -iiop 535/udp -opalis-rdv 536/tcp -opalis-rdv 536/udp -nmsp 537/tcp #Networked Media Streaming Protocol -nmsp 537/udp #Networked Media Streaming Protocol -gdomap 538/tcp -gdomap 538/udp -apertus-ldp 539/tcp #Apertus Technologies Load Determination -apertus-ldp 539/udp #Apertus Technologies Load Determination -uucp 540/tcp uucpd -uucp 540/udp uucpd -uucp-rlogin 541/tcp -uucp-rlogin 541/udp -commerce 542/tcp -commerce 542/udp -klogin 543/tcp # Kerberos (v4/v5) -klogin 543/udp # Kerberos (v4/v5) -kshell 544/tcp krcmd # Kerberos (v4/v5) -kshell 544/udp krcmd # Kerberos (v4/v5) -appleqtcsrvr 545/tcp -appleqtcsrvr 545/udp -dhcpv6-client 546/tcp #DHCPv6 Client -dhcpv6-client 546/udp #DHCPv6 Client -dhcpv6-server 547/tcp #DHCPv6 Server -dhcpv6-server 547/udp #DHCPv6 Server -afpovertcp 548/tcp #AFP over TCP -afpovertcp 548/udp #AFP over TCP -idfp 549/tcp -idfp 549/udp -new-rwho 550/tcp new-who -new-rwho 550/udp new-who -cybercash 551/tcp -cybercash 551/udp -deviceshare 552/tcp -deviceshare 552/udp -pirp 553/tcp -pirp 553/udp -rtsp 554/tcp #Real Time Stream Control Protocol -rtsp 554/udp #Real Time Stream Control Protocol -dsf 555/tcp -dsf 555/udp -remotefs 556/tcp rfs rfs_server # Brunhoff remote filesystem -remotefs 556/udp rfs rfs_server # Brunhoff remote filesystem -openvms-sysipc 557/tcp -openvms-sysipc 557/udp -sdnskmp 558/tcp -sdnskmp 558/udp -teedtap 559/tcp -teedtap 559/udp -rmonitor 560/tcp rmonitord -rmonitor 560/udp rmonitord -monitor 561/tcp -monitor 561/udp -chshell 562/tcp chcmd -chshell 562/udp chcmd -nntps 563/tcp snntp #nntp protocol over TLS/SSL -nntps 563/udp snntp #nntp protocol over TLS/SSL -9pfs 564/tcp #plan 9 file service -9pfs 564/udp #plan 9 file service -whoami 565/tcp -whoami 565/udp -streettalk 566/tcp -banyan-rpc 567/tcp -banyan-rpc 567/udp -ms-shuttle 568/tcp #Microsoft shuttle -ms-shuttle 568/udp #Microsoft shuttle -ms-rome 569/tcp #Microsoft rome -ms-rome 569/udp #Microsoft rome -meter 570/tcp #demon -meter 570/udp #demon -umeter 571/tcp #udemon -umeter 571/udp #udemon -sonar 572/tcp -sonar 572/udp -banyan-vip 573/tcp -banyan-vip 573/udp -ftp-agent 574/tcp #FTP Software Agent System -ftp-agent 574/udp #FTP Software Agent System -vemmi 575/tcp -vemmi 575/udp -ipcd 576/tcp -ipcd 576/udp -vnas 577/tcp -vnas 577/udp -ipdd 578/tcp -ipdd 578/udp -decbsrv 579/tcp -decbsrv 579/udp -sntp-heartbeat 580/tcp -sntp-heartbeat 580/udp -bdp 581/tcp #Bundle Discovery Protocol -bdp 581/udp #Bundle Discovery Protocol -scc-security 582/tcp -scc-security 582/udp -philips-vc 583/tcp #Philips Video-Conferencing -philips-vc 583/udp #Philips Video-Conferencing -keyserver 584/tcp -keyserver 584/udp -#imap4-ssl@585 never should have been allocated. See PR 46294. -#imap4-ssl 585/tcp #IMAP4+SSL (use of 585 is not recommended, -#imap4-ssl 585/udp # use 993 instead) -password-chg 586/tcp -password-chg 586/udp -submission 587/tcp -submission 587/udp -cal 588/tcp -cal 588/udp -eyelink 589/tcp -eyelink 589/udp -tns-cml 590/tcp -tns-cml 590/udp -http-alt 591/tcp #FileMaker, Inc. - HTTP Alternate (see Port 80) -http-alt 591/udp #FileMaker, Inc. - HTTP Alternate (see Port 80) -eudora-set 592/tcp -eudora-set 592/udp -http-rpc-epmap 593/tcp #HTTP RPC Ep Map -http-rpc-epmap 593/udp #HTTP RPC Ep Map -tpip 594/tcp -tpip 594/udp -cab-protocol 595/tcp -cab-protocol 595/udp -smsd 596/tcp -smsd 596/udp -ptcnameservice 597/tcp #PTC Name Service -ptcnameservice 597/udp #PTC Name Service -sco-websrvrmg3 598/tcp #SCO Web Server Manager 3 -sco-websrvrmg3 598/udp #SCO Web Server Manager 3 -acp 599/tcp #Aeolon Core Protocol -acp 599/udp #Aeolon Core Protocol -ipcserver 600/tcp #Sun IPC server -ipcserver 600/udp #Sun IPC server -nqs 607/tcp -nqs 607/udp -urm 606/tcp #Cray Unified Resource Manager -urm 606/udp #Cray Unified Resource Manager -sift-uft 608/tcp #Sender-Initiated/Unsolicited File Transfer -sift-uft 608/udp #Sender-Initiated/Unsolicited File Transfer -npmp-trap 609/tcp -npmp-trap 609/udp -npmp-local 610/tcp -npmp-local 610/udp -npmp-gui 611/tcp -npmp-gui 611/udp -sshell 614/tcp #SSLshell -sshell 614/udp -ipp 631/tcp #IPP (Internet Printing Protocol) -ipp 631/udp #IPP (Internet Printing Protocol) -ginad 634/tcp -ginad 634/udp -ldaps 636/tcp sldap #ldap protocol over TLS/SSL -ldaps 636/udp sldap -mdqs 666/tcp -mdqs 666/udp -#PROBLEMS!=============================================== -doom 666/tcp #doom Id Software -doom 666/udp #doom Id Software -#PROBLEMS!=============================================== -acap 674/tcp #Application Configuration Access Protocol -acap 674/udp #Application Configuration Access Protocol -elcsd 704/tcp #errlog copy/server daemon -elcsd 704/udp #errlog copy/server daemon -entrustmanager 709/tcp #EntrustManager -entrustmanager 709/udp #EntrustManager -netviewdm1 729/tcp #IBM NetView DM/6000 Server/Client -netviewdm1 729/udp #IBM NetView DM/6000 Server/Client -netviewdm2 730/tcp #IBM NetView DM/6000 send/tcp -netviewdm2 730/udp #IBM NetView DM/6000 send/tcp -netviewdm3 731/tcp #IBM NetView DM/6000 receive/tcp -netviewdm3 731/udp #IBM NetView DM/6000 receive/tcp -netgw 741/tcp -netgw 741/udp -netrcs 742/tcp #Network based Rev. Cont. Sys. -netrcs 742/udp #Network based Rev. Cont. Sys. -flexlm 744/tcp #Flexible License Manager -flexlm 744/udp #Flexible License Manager -fujitsu-dev 747/tcp #Fujitsu Device Control -fujitsu-dev 747/udp #Fujitsu Device Control -ris-cm 748/tcp #Russell Info Sci Calendar Manager -ris-cm 748/udp #Russell Info Sci Calendar Manager -kerberos-adm 749/tcp #Kerberos administration (v5) -kerberos-adm 749/udp #Kerberos administration (v5) -kerberos-iv 750/udp kdc # Kerberos (v4) -kerberos-iv 750/tcp kdc # Kerberos (v4) -#PROBLEMS!======================================================== -#rfile 750/tcp -#loadav 750/udp -#PROBLEMS!======================================================== -kerberos_master 751/tcp # Kerberos `kadmin' (v4) -kerberos_master 751/udp # Kerberos `kadmin' (v4) -#PROBLEMS!======================================================== -pump 751/tcp -pump 751/udp -#PROBLEMS!======================================================== -qrh 752/tcp -qrh 752/udp -rrh 753/tcp -rrh 753/udp -krb_prop 754/tcp krb5_prop # kerberos/v5 server propagation -#PROBLEMS!======================================================== -tell 754/tcp #send -#PROBLEMS!======================================================== -tell 754/udp #send -nlogin 758/tcp -nlogin 758/udp -con 759/tcp -con 759/udp -krbupdate 760/tcp kreg # Kerberos (v4) registration -#PROBLEMS!======================================================== -ns 760/tcp -#PROBLEMS!======================================================== -ns 760/udp -kpasswd 761/tcp kpwd # Kerberos (v4) "passwd" -#PROBLEMS!======================================================== -rxe 761/tcp -#PROBLEMS!======================================================== -rxe 761/udp -quotad 762/tcp -quotad 762/udp -cycleserv 763/tcp -cycleserv 763/udp -omserv 764/tcp -omserv 764/udp -webster 765/tcp -webster 765/udp -phonebook 767/tcp #phone -phonebook 767/udp #phone -vid 769/tcp -vid 769/udp -cadlock 770/tcp -cadlock 770/udp -rtip 771/tcp -rtip 771/udp -cycleserv2 772/tcp -cycleserv2 772/udp -submit 773/tcp -notify 773/udp -rpasswd 774/tcp -acmaint_dbd 774/udp -entomb 775/tcp -acmaint_transd 775/udp -wpages 776/tcp -wpages 776/udp -wpgs 780/tcp -wpgs 780/udp -concert 786/tcp -concert 786/udp -mdbs_daemon 800/tcp -mdbs_daemon 800/udp -device 801/tcp -device 801/udp -supfilesrv 871/tcp # for SUP -rsync 873/tcp -rsync 873/udp -accessbuilder 888/tcp -accessbuilder 888/udp -swat 901/tcp # samba web configuration tool -ftps-data 989/tcp # ftp protocol, data, over TLS/SSL -ftps-data 989/udp -ftps 990/tcp # ftp protocol, control, over TLS/SSL -ftps 990/udp -telnets 992/tcp # telnet protocol over TLS/SSL -telnets 992/udp -imaps 993/tcp # imap4 protocol over TLS/SSL -imaps 993/udp -ircs 994/tcp # irc protocol over TLS/SSL -ircs 994/udp -pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL -pop3s 995/udp spop3 -vsinet 996/tcp -vsinet 996/udp -maitrd 997/tcp -maitrd 997/udp -busboy 998/tcp -puparp 998/udp -garcon 999/tcp -applix 999/udp #Applix ac -puprouter 999/tcp -puprouter 999/udp -cadlock 1000/tcp -ock 1000/udp -# -# REGISTERED PORT NUMBERS -# -blackjack 1025/tcp #network blackjack -blackjack 1025/udp #network blackjack -iad1 1030/tcp #BBN IAD -iad1 1030/udp #BBN IAD -iad2 1031/tcp #BBN IAD -iad2 1031/udp #BBN IAD -iad3 1032/tcp #BBN IAD -iad3 1032/udp #BBN IAD -nim 1058/tcp -nim 1058/udp -nimreg 1059/tcp -nimreg 1059/udp -instl_boots 1067/tcp #Installation Bootstrap Proto. Serv. -instl_boots 1067/udp #Installation Bootstrap Proto. Serv. -instl_bootc 1068/tcp #Installation Bootstrap Proto. Cli. -instl_bootc 1068/udp #Installation Bootstrap Proto. Cli. -socks 1080/tcp -socks 1080/udp -ansoft-lm-1 1083/tcp #Anasoft License Manager -ansoft-lm-1 1083/udp #Anasoft License Manager -ansoft-lm-2 1084/tcp #Anasoft License Manager -ansoft-lm-2 1084/udp #Anasoft License Manager -webobjects 1085/tcp #Web Objects -webobjects 1085/udp #Web Objects -kpop 1109/tcp #Unofficial -kpop 1109/udp #Unofficial -nfsd-status 1110/tcp #Cluster status info -nfsd-keepalive 1110/udp #Client status info -supfiledbg 1127/tcp # for SUP -nfa 1155/tcp #Network File Access -nfa 1155/udp #Network File Access -phone 1167/udp #conference calling -skkserv 1178/tcp #SKK (kanji input) -lupa 1212/tcp -lupa 1212/udp -nerv 1222/tcp #SNI R&D network -nerv 1222/udp #SNI R&D network -hermes 1248/tcp -hermes 1248/udp -healthd 1281/tcp #healthd -healthd 1281/udp #healthd -alta-ana-lm 1346/tcp #Alta Analytics License Manager -alta-ana-lm 1346/udp #Alta Analytics License Manager -bbn-mmc 1347/tcp #multi media conferencing -bbn-mmc 1347/udp #multi media conferencing -bbn-mmx 1348/tcp #multi media conferencing -bbn-mmx 1348/udp #multi media conferencing -sbook 1349/tcp #Registration Network Protocol -sbook 1349/udp #Registration Network Protocol -editbench 1350/tcp #Registration Network Protocol -editbench 1350/udp #Registration Network Protocol -equationbuilder 1351/tcp #Digital Tool Works (MIT) -equationbuilder 1351/udp #Digital Tool Works (MIT) -lotusnote 1352/tcp #Lotus Note -lotusnote 1352/udp #Lotus Note -relief 1353/tcp #Relief Consulting -relief 1353/udp #Relief Consulting -rightbrain 1354/tcp #RightBrain Software -rightbrain 1354/udp #RightBrain Software -intuitive-edge 1355/tcp #Intuitive Edge -intuitive-edge 1355/udp #Intuitive Edge -cuillamartin 1356/tcp #CuillaMartin Company -cuillamartin 1356/udp #CuillaMartin Company -pegboard 1357/tcp #Electronic PegBoard -pegboard 1357/udp #Electronic PegBoard -connlcli 1358/tcp -connlcli 1358/udp -ftsrv 1359/tcp -ftsrv 1359/udp -mimer 1360/tcp -mimer 1360/udp -linx 1361/tcp -linx 1361/udp -timeflies 1362/tcp -timeflies 1362/udp -ndm-requester 1363/tcp #Network DataMover Requester -ndm-requester 1363/udp #Network DataMover Requester -ndm-server 1364/tcp #Network DataMover Server -ndm-server 1364/udp #Network DataMover Server -adapt-sna 1365/tcp #Network Software Associates -adapt-sna 1365/udp #Network Software Associates -netware-csp 1366/tcp #Novell NetWare Comm Service Platform -netware-csp 1366/udp #Novell NetWare Comm Service Platform -dcs 1367/tcp -dcs 1367/udp -screencast 1368/tcp -screencast 1368/udp -gv-us 1369/tcp #GlobalView to Unix Shell -gv-us 1369/udp #GlobalView to Unix Shell -us-gv 1370/tcp #Unix Shell to GlobalView -us-gv 1370/udp #Unix Shell to GlobalView -fc-cli 1371/tcp #Fujitsu Config Protocol -fc-cli 1371/udp #Fujitsu Config Protocol -fc-ser 1372/tcp #Fujitsu Config Protocol -fc-ser 1372/udp #Fujitsu Config Protocol -chromagrafx 1373/tcp -chromagrafx 1373/udp -molly 1374/tcp #EPI Software Systems -molly 1374/udp #EPI Software Systems -bytex 1375/tcp -bytex 1375/udp -ibm-pps 1376/tcp #IBM Person to Person Software -ibm-pps 1376/udp #IBM Person to Person Software -cichlid 1377/tcp #Cichlid License Manager -cichlid 1377/udp #Cichlid License Manager -elan 1378/tcp #Elan License Manager -elan 1378/udp #Elan License Manager -dbreporter 1379/tcp #Integrity Solutions -dbreporter 1379/udp #Integrity Solutions -telesis-licman 1380/tcp #Telesis Network License Manager -telesis-licman 1380/udp #Telesis Network License Manager -apple-licman 1381/tcp #Apple Network License Manager -apple-licman 1381/udp #Apple Network License Manager -#udt_os 1382/tcp -#udt_os 1382/udp -gwha 1383/tcp #GW Hannaway Network License Manager -gwha 1383/udp #GW Hannaway Network License Manager -os-licman 1384/tcp #Objective Solutions License Manager -os-licman 1384/udp #Objective Solutions License Manager -atex_elmd 1385/tcp #Atex Publishing License Manager -atex_elmd 1385/udp #Atex Publishing License Manager -checksum 1386/tcp #CheckSum License Manager -checksum 1386/udp #CheckSum License Manager -cadsi-lm 1387/tcp #Computer Aided Design Software Inc LM -cadsi-lm 1387/udp #Computer Aided Design Software Inc LM -objective-dbc 1388/tcp #Objective Solutions DataBase Cache -objective-dbc 1388/udp #Objective Solutions DataBase Cache -iclpv-dm 1389/tcp #Document Manager -iclpv-dm 1389/udp #Document Manager -iclpv-sc 1390/tcp #Storage Controller -iclpv-sc 1390/udp #Storage Controller -iclpv-sas 1391/tcp #Storage Access Server -iclpv-sas 1391/udp #Storage Access Server -iclpv-pm 1392/tcp #Print Manager -iclpv-pm 1392/udp #Print Manager -iclpv-nls 1393/tcp #Network Log Server -iclpv-nls 1393/udp #Network Log Server -iclpv-nlc 1394/tcp #Network Log Client -iclpv-nlc 1394/udp #Network Log Client -iclpv-wsm 1395/tcp #PC Workstation Manager software -iclpv-wsm 1395/udp #PC Workstation Manager software -dvl-activemail 1396/tcp #DVL Active Mail -dvl-activemail 1396/udp #DVL Active Mail -audio-activmail 1397/tcp #Audio Active Mail -audio-activmail 1397/udp #Audio Active Mail -video-activmail 1398/tcp #Video Active Mail -video-activmail 1398/udp #Video Active Mail -cadkey-licman 1399/tcp #Cadkey License Manager -cadkey-licman 1399/udp #Cadkey License Manager -cadkey-tablet 1400/tcp #Cadkey Tablet Daemon -cadkey-tablet 1400/udp #Cadkey Tablet Daemon -goldleaf-licman 1401/tcp #Goldleaf License Manager -goldleaf-licman 1401/udp #Goldleaf License Manager -prm-sm-np 1402/tcp #Prospero Resource Manager -prm-sm-np 1402/udp #Prospero Resource Manager -prm-nm-np 1403/tcp #Prospero Resource Manager -prm-nm-np 1403/udp #Prospero Resource Manager -igi-lm 1404/tcp #Infinite Graphics License Manager -igi-lm 1404/udp #Infinite Graphics License Manager -ibm-res 1405/tcp #IBM Remote Execution Starter -ibm-res 1405/udp #IBM Remote Execution Starter -netlabs-lm 1406/tcp #NetLabs License Manager -netlabs-lm 1406/udp #NetLabs License Manager -dbsa-lm 1407/tcp #DBSA License Manager -dbsa-lm 1407/udp #DBSA License Manager -sophia-lm 1408/tcp #Sophia License Manager -sophia-lm 1408/udp #Sophia License Manager -here-lm 1409/tcp #Here License Manager -here-lm 1409/udp #Here License Manager -hiq 1410/tcp #HiQ License Manager -hiq 1410/udp #HiQ License Manager -af 1411/tcp #AudioFile -af 1411/udp #AudioFile -innosys 1412/tcp -innosys 1412/udp -innosys-acl 1413/tcp -innosys-acl 1413/udp -ibm-mqseries 1414/tcp #IBM MQSeries -ibm-mqseries 1414/udp #IBM MQSeries -dbstar 1415/tcp -dbstar 1415/udp -novell-lu6.2 1416/tcp #Novell LU6.2 -novell-lu6.2 1416/udp #Novell LU6.2 -timbuktu-srv1 1417/tcp #Timbuktu Service 1 Port -timbuktu-srv1 1417/udp #Timbuktu Service 1 Port -timbuktu-srv2 1418/tcp #Timbuktu Service 2 Port -timbuktu-srv2 1418/udp #Timbuktu Service 2 Port -timbuktu-srv3 1419/tcp #Timbuktu Service 3 Port -timbuktu-srv3 1419/udp #Timbuktu Service 3 Port -timbuktu-srv4 1420/tcp #Timbuktu Service 4 Port -timbuktu-srv4 1420/udp #Timbuktu Service 4 Port -gandalf-lm 1421/tcp #Gandalf License Manager -gandalf-lm 1421/udp #Gandalf License Manager -autodesk-lm 1422/tcp #Autodesk License Manager -autodesk-lm 1422/udp #Autodesk License Manager -essbase 1423/tcp #Essbase Arbor Software -essbase 1423/udp #Essbase Arbor Software -hybrid 1424/tcp #Hybrid Encryption Protocol -hybrid 1424/udp #Hybrid Encryption Protocol -zion-lm 1425/tcp #Zion Software License Manager -zion-lm 1425/udp #Zion Software License Manager -sas-1 1426/tcp #Satellite-data Acquisition System 1 -sas-1 1426/udp #Satellite-data Acquisition System 1 -mloadd 1427/tcp #mloadd monitoring tool -mloadd 1427/udp #mloadd monitoring tool -informatik-lm 1428/tcp #Informatik License Manager -informatik-lm 1428/udp #Informatik License Manager -nms 1429/tcp #Hypercom NMS -nms 1429/udp #Hypercom NMS -tpdu 1430/tcp #Hypercom TPDU -tpdu 1430/udp #Hypercom TPDU -rgtp 1431/tcp #Reverse Gossip Transport -rgtp 1431/udp #Reverse Gossip Transport -blueberry-lm 1432/tcp #Blueberry Software License Manager -blueberry-lm 1432/udp #Blueberry Software License Manager -ms-sql-s 1433/tcp #Microsoft-SQL-Server -ms-sql-s 1433/udp #Microsoft-SQL-Server -ms-sql-m 1434/tcp #Microsoft-SQL-Monitor -ms-sql-m 1434/udp #Microsoft-SQL-Monitor -ibm-cics 1435/tcp -ibm-cics 1435/udp -sas-2 1436/tcp #Satellite-data Acquisition System 2 -sas-2 1436/udp #Satellite-data Acquisition System 2 -tabula 1437/tcp -tabula 1437/udp -eicon-server 1438/tcp #Eicon Security Agent/Server -eicon-server 1438/udp #Eicon Security Agent/Server -eicon-x25 1439/tcp #Eicon X25/SNA Gateway -eicon-x25 1439/udp #Eicon X25/SNA Gateway -eicon-slp 1440/tcp #Eicon Service Location Protocol -eicon-slp 1440/udp #Eicon Service Location Protocol -cadis-1 1441/tcp #Cadis License Management -cadis-1 1441/udp #Cadis License Management -cadis-2 1442/tcp #Cadis License Management -cadis-2 1442/udp #Cadis License Management -ies-lm 1443/tcp #Integrated Engineering Software -ies-lm 1443/udp #Integrated Engineering Software -marcam-lm 1444/tcp #Marcam License Management -marcam-lm 1444/udp #Marcam License Management -proxima-lm 1445/tcp #Proxima License Manager -proxima-lm 1445/udp #Proxima License Manager -ora-lm 1446/tcp #Optical Research Associates License Manager -ora-lm 1446/udp #Optical Research Associates License Manager -apri-lm 1447/tcp #Applied Parallel Research LM -apri-lm 1447/udp #Applied Parallel Research LM -oc-lm 1448/tcp #OpenConnect License Manager -oc-lm 1448/udp #OpenConnect License Manager -peport 1449/tcp -peport 1449/udp -dwf 1450/tcp #Tandem Distributed Workbench Facility -dwf 1450/udp #Tandem Distributed Workbench Facility -infoman 1451/tcp #IBM Information Management -infoman 1451/udp #IBM Information Management -gtegsc-lm 1452/tcp #GTE Government Systems License Man -gtegsc-lm 1452/udp #GTE Government Systems License Man -genie-lm 1453/tcp #Genie License Manager -genie-lm 1453/udp #Genie License Manager -interhdl_elmd 1454/tcp #interHDL License Manager -interhdl_elmd 1454/udp #interHDL License Manager -esl-lm 1455/tcp #ESL License Manager -esl-lm 1455/udp #ESL License Manager -dca 1456/tcp -dca 1456/udp -valisys-lm 1457/tcp #Valisys License Manager -valisys-lm 1457/udp #Valisys License Manager -nrcabq-lm 1458/tcp #Nichols Research Corp. -nrcabq-lm 1458/udp #Nichols Research Corp. -proshare1 1459/tcp #Proshare Notebook Application -proshare1 1459/udp #Proshare Notebook Application -proshare2 1460/tcp #Proshare Notebook Application -proshare2 1460/udp #Proshare Notebook Application -ibm_wrless_lan 1461/tcp #IBM Wireless LAN -ibm_wrless_lan 1461/udp #IBM Wireless LAN -world-lm 1462/tcp #World License Manager -world-lm 1462/udp #World License Manager -nucleus 1463/tcp -nucleus 1463/udp -msl_lmd 1464/tcp #MSL License Manager -msl_lmd 1464/udp #MSL License Manager -pipes 1465/tcp #Pipes Platform -pipes 1465/udp #Pipes Platform mfarlin@peerlogic.com -oceansoft-lm 1466/tcp #Ocean Software License Manager -oceansoft-lm 1466/udp #Ocean Software License Manager -csdmbase 1467/tcp -csdmbase 1467/udp -csdm 1468/tcp -csdm 1468/udp -aal-lm 1469/tcp #Active Analysis Limited License Manager -aal-lm 1469/udp #Active Analysis Limited License Manager -uaiact 1470/tcp #Universal Analytics -uaiact 1470/udp #Universal Analytics -csdmbase 1471/tcp -csdmbase 1471/udp -csdm 1472/tcp -csdm 1472/udp -openmath 1473/tcp -openmath 1473/udp -telefinder 1474/tcp -telefinder 1474/udp -taligent-lm 1475/tcp #Taligent License Manager -taligent-lm 1475/udp #Taligent License Manager -clvm-cfg 1476/tcp -clvm-cfg 1476/udp -ms-sna-server 1477/tcp -ms-sna-server 1477/udp -ms-sna-base 1478/tcp -ms-sna-base 1478/udp -dberegister 1479/tcp -dberegister 1479/udp -pacerforum 1480/tcp -pacerforum 1480/udp -airs 1481/tcp -airs 1481/udp -miteksys-lm 1482/tcp #Miteksys License Manager -miteksys-lm 1482/udp #Miteksys License Manager -afs 1483/tcp #AFS License Manager -afs 1483/udp #AFS License Manager -confluent 1484/tcp #Confluent License Manager -confluent 1484/udp #Confluent License Manager -lansource 1485/tcp -lansource 1485/udp -nms_topo_serv 1486/tcp -nms_topo_serv 1486/udp -localinfosrvr 1487/tcp -localinfosrvr 1487/udp -docstor 1488/tcp -docstor 1488/udp -dmdocbroker 1489/tcp -dmdocbroker 1489/udp -insitu-conf 1490/tcp -insitu-conf 1490/udp -anynetgateway 1491/tcp -anynetgateway 1491/udp -stone-design-1 1492/tcp -stone-design-1 1492/udp -netmap_lm 1493/tcp -netmap_lm 1493/udp -ica 1494/tcp -ica 1494/udp -cvc 1495/tcp -cvc 1495/udp -liberty-lm 1496/tcp -liberty-lm 1496/udp -rfx-lm 1497/tcp -rfx-lm 1497/udp -watcom-sql 1498/tcp -watcom-sql 1498/udp -fhc 1499/tcp #Federico Heinz Consultora -fhc 1499/udp #Federico Heinz Consultora -vlsi-lm 1500/tcp #VLSI License Manager -vlsi-lm 1500/udp #VLSI License Manager -sas-3 1501/tcp #Satellite-data Acquisition System 3 -sas-3 1501/udp #Satellite-data Acquisition System 3 -shivadiscovery 1502/tcp #Shiva -shivadiscovery 1502/udp #Shiva -imtc-mcs 1503/tcp #Databeam -imtc-mcs 1503/udp #Databeam -evb-elm 1504/tcp #EVB Software Engineering License Manager -evb-elm 1504/udp #EVB Software Engineering License Manager -funkproxy 1505/tcp #Funk Software, Inc. -funkproxy 1505/udp #Funk Software, Inc. -utcd 1506/tcp #Universal Time daemon (utcd) -utcd 1506/udp #Universal Time daemon (utcd) -symplex 1507/tcp -symplex 1507/udp -diagmond 1508/tcp -diagmond 1508/udp -robcad-lm 1509/tcp #Robcad, Ltd. License Manager -robcad-lm 1509/udp #Robcad, Ltd. License Manager -mvx-lm 1510/tcp #Midland Valley Exploration Ltd. Lic. Man. -mvx-lm 1510/udp #Midland Valley Exploration Ltd. Lic. Man. -3l-l1 1511/tcp -3l-l1 1511/udp -wins 1512/tcp #Microsoft's Windows Internet Name Service -wins 1512/udp #Microsoft's Windows Internet Name Service -fujitsu-dtc 1513/tcp #Fujitsu Systems Business of America, Inc -fujitsu-dtc 1513/udp #Fujitsu Systems Business of America, Inc -fujitsu-dtcns 1514/tcp #Fujitsu Systems Business of America, Inc -fujitsu-dtcns 1514/udp #Fujitsu Systems Business of America, Inc -ifor-protocol 1515/tcp -ifor-protocol 1515/udp -vpad 1516/tcp #Virtual Places Audio data -vpad 1516/udp #Virtual Places Audio data -vpac 1517/tcp #Virtual Places Audio control -vpac 1517/udp #Virtual Places Audio control -vpvd 1518/tcp #Virtual Places Video data -vpvd 1518/udp #Virtual Places Video data -vpvc 1519/tcp #Virtual Places Video control -vpvc 1519/udp #Virtual Places Video control -atm-zip-office 1520/tcp #atm zip office -atm-zip-office 1520/udp #atm zip office -ncube-lm 1521/tcp #nCube License Manager -ncube-lm 1521/udp #nCube License Manager -rna-lm 1522/tcp #Ricardo North America License Manager -rna-lm 1522/udp #Ricardo North America License Manager -cichild-lm 1523/tcp -cichild-lm 1523/udp -ingreslock 1524/tcp #ingres -ingreslock 1524/udp #ingres -prospero-np 1525/tcp #Prospero Directory Service non-priv -prospero-np 1525/udp #Prospero Directory Service non-priv -#PROBLEMS!======================================================== -orasrv 1525/tcp #oracle -orasrv 1525/udp #oracle -#PROBLEMS!======================================================== -pdap-np 1526/tcp #Prospero Data Access Prot non-priv -pdap-np 1526/udp #Prospero Data Access Prot non-priv -tlisrv 1527/tcp #oracle -tlisrv 1527/udp #oracle -mciautoreg 1528/tcp -mciautoreg 1528/udp -support 1529/tcp prmsd gnatsd # cygnus bug tracker -coauthor 1529/tcp #oracle -coauthor 1529/udp #oracle -rap-service 1530/tcp -rap-service 1530/udp -rap-listen 1531/tcp -rap-listen 1531/udp -miroconnect 1532/tcp -miroconnect 1532/udp -virtual-places 1533/tcp #Virtual Places Software -virtual-places 1533/udp #Virtual Places Software -micromuse-lm 1534/tcp -micromuse-lm 1534/udp -ampr-info 1535/tcp -ampr-info 1535/udp -ampr-inter 1536/tcp -ampr-inter 1536/udp -sdsc-lm 1537/tcp -sdsc-lm 1537/udp -3ds-lm 1538/tcp -3ds-lm 1538/udp -intellistor-lm 1539/tcp #Intellistor License Manager -intellistor-lm 1539/udp #Intellistor License Manager -rds 1540/tcp -rds 1540/udp -rds2 1541/tcp -rds2 1541/udp -gridgen-elmd 1542/tcp -gridgen-elmd 1542/udp -simba-cs 1543/tcp -simba-cs 1543/udp -aspeclmd 1544/tcp -aspeclmd 1544/udp -vistium-share 1545/tcp -vistium-share 1545/udp -abbaccuray 1546/tcp -abbaccuray 1546/udp -laplink 1547/tcp -laplink 1547/udp -axon-lm 1548/tcp #Axon License Manager -axon-lm 1548/udp #Axon License Manager -shivahose 1549/tcp #Shiva Hose -shivasound 1549/udp #Shiva Sound -3m-image-lm 1550/tcp #Image Storage license manager 3M Company -3m-image-lm 1550/udp #Image Storage license manager 3M Company -hecmtl-db 1551/tcp -hecmtl-db 1551/udp -pciarray 1552/tcp -pciarray 1552/udp -issd 1600/tcp -issd 1600/udp -# IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by -# many vendors without obtaining official IANA assignment. The official -# assignment is now ports 1812/1813 and users are encouraged to migrate -# when possible to these new ports. -#radius 1645/udp #RADIUS authentication protocol (old) -#radacct 1646/udp #RADIUS accounting protocol (old) -nkd 1650/tcp -nkd 1650/udp -shiva_confsrvr 1651/tcp -shiva_confsrvr 1651/udp -xnmp 1652/tcp -xnmp 1652/udp -netview-aix-1 1661/tcp -netview-aix-1 1661/udp -netview-aix-2 1662/tcp -netview-aix-2 1662/udp -netview-aix-3 1663/tcp -netview-aix-3 1663/udp -netview-aix-4 1664/tcp -netview-aix-4 1664/udp -netview-aix-5 1665/tcp -netview-aix-5 1665/udp -netview-aix-6 1666/tcp -netview-aix-6 1666/udp -netview-aix-7 1667/tcp -netview-aix-7 1667/udp -netview-aix-8 1668/tcp -netview-aix-8 1668/udp -netview-aix-9 1669/tcp -netview-aix-9 1669/udp -netview-aix-10 1670/tcp -netview-aix-10 1670/udp -netview-aix-11 1671/tcp -netview-aix-11 1671/udp -netview-aix-12 1672/tcp -netview-aix-12 1672/udp -l2f 1701/tcp #l2f -l2f 1701/udp #l2f -l2tp 1701/tcp #Layer 2 Tunnelling Protocol -l2tp 1701/udp #Layer 2 Tunnelling Protocol -pptp 1723/tcp #Point-to-point tunnelling protocol -# IMPORTANT NOTE: See comments for ports 1645/1646 when using older equipment -radius 1812/udp #RADIUS authentication protocol (IANA sanctioned) -radacct 1813/udp #RADIUS accounting protocol (IANA sanctioned) -licensedaemon 1986/tcp #cisco license management -licensedaemon 1986/udp #cisco license management -tr-rsrb-p1 1987/tcp #cisco RSRB Priority 1 port -tr-rsrb-p1 1987/udp #cisco RSRB Priority 1 port -tr-rsrb-p2 1988/tcp #cisco RSRB Priority 2 port -tr-rsrb-p2 1988/udp #cisco RSRB Priority 2 port -tr-rsrb-p3 1989/tcp #cisco RSRB Priority 3 port -tr-rsrb-p3 1989/udp #cisco RSRB Priority 3 port -#PROBLEMS!=================================================== -mshnet 1989/tcp #MHSnet system -mshnet 1989/udp #MHSnet system -#PROBLEMS!=================================================== -stun-p1 1990/tcp #cisco STUN Priority 1 port -stun-p1 1990/udp #cisco STUN Priority 1 port -stun-p2 1991/tcp #cisco STUN Priority 2 port -stun-p2 1991/udp #cisco STUN Priority 2 port -stun-p3 1992/tcp #cisco STUN Priority 3 port -stun-p3 1992/udp #cisco STUN Priority 3 port -#PROBLEMS!=================================================== -ipsendmsg 1992/tcp -ipsendmsg 1992/udp -#PROBLEMS!=================================================== -snmp-tcp-port 1993/tcp #cisco SNMP TCP port -snmp-tcp-port 1993/udp #cisco SNMP TCP port -stun-port 1994/tcp #cisco serial tunnel port -stun-port 1994/udp #cisco serial tunnel port -perf-port 1995/tcp #cisco perf port -perf-port 1995/udp #cisco perf port -tr-rsrb-port 1996/tcp #cisco Remote SRB port -tr-rsrb-port 1996/udp #cisco Remote SRB port -gdp-port 1997/tcp #cisco Gateway Discovery Protocol -gdp-port 1997/udp #cisco Gateway Discovery Protocol -x25-svc-port 1998/tcp #cisco X.25 service (XOT) -x25-svc-port 1998/udp #cisco X.25 service (XOT) -tcp-id-port 1999/tcp #cisco identification port -tcp-id-port 1999/udp #cisco identification port -callbook 2000/tcp -callbook 2000/udp -dc 2001/tcp -wizard 2001/udp #curry -globe 2002/tcp -globe 2002/udp -cfingerd 2003/tcp #GNU finger -mailbox 2004/tcp -emce 2004/udp #CCWS mm conf -berknet 2005/tcp -oracle 2005/udp -invokator 2006/tcp -raid-cc 2006/udp #raid -dectalk 2007/tcp -raid-am 2007/udp -conf 2008/tcp -terminaldb 2008/udp -news 2009/tcp -whosockami 2009/udp -search 2010/tcp -pipe_server 2010/udp -raid-cc 2011/tcp #raid -servserv 2011/udp -ttyinfo 2012/tcp -raid-ac 2012/udp -raid-am 2013/tcp -raid-cd 2013/udp -troff 2014/tcp -raid-sf 2014/udp -cypress 2015/tcp -raid-cs 2015/udp -bootserver 2016/tcp -bootserver 2016/udp -cypress-stat 2017/tcp -bootclient 2017/udp -terminaldb 2018/tcp -rellpack 2018/udp -whosockami 2019/tcp -about 2019/udp -xinupageserver 2020/tcp -xinupageserver 2020/udp -servexec 2021/tcp -xinuexpansion1 2021/udp -down 2022/tcp -xinuexpansion2 2022/udp -xinuexpansion3 2023/tcp -xinuexpansion3 2023/udp -xinuexpansion4 2024/tcp -xinuexpansion4 2024/udp -ellpack 2025/tcp -xribs 2025/udp -scrabble 2026/tcp -scrabble 2026/udp -shadowserver 2027/tcp -shadowserver 2027/udp -submitserver 2028/tcp -submitserver 2028/udp -device2 2030/tcp -device2 2030/udp -blackboard 2032/tcp -blackboard 2032/udp -glogger 2033/tcp -glogger 2033/udp -scoremgr 2034/tcp -scoremgr 2034/udp -imsldoc 2035/tcp -imsldoc 2035/udp -objectmanager 2038/tcp -objectmanager 2038/udp -lam 2040/tcp -lam 2040/udp -interbase 2041/tcp -interbase 2041/udp -isis 2042/tcp -isis 2042/udp -isis-bcast 2043/tcp -isis-bcast 2043/udp -rimsl 2044/tcp -rimsl 2044/udp -cdfunc 2045/tcp -cdfunc 2045/udp -sdfunc 2046/tcp -sdfunc 2046/udp -#dls 2047/tcp -#dls 2047/udp -dls-monitor 2048/tcp -dls-monitor 2048/udp -nfsd 2049/tcp nfs # NFS server daemon -nfsd 2049/udp nfs # NFS server daemon -#PROBLEMS!============================================================= -#shilp 2049/tcp -#shilp 2049/udp -#PROBLEMS!============================================================= -dlsrpn 2065/tcp #Data Link Switch Read Port Number -dlsrpn 2065/udp #Data Link Switch Read Port Number -dlswpn 2067/tcp #Data Link Switch Write Port Number -dlswpn 2067/udp #Data Link Switch Write Port Number -zephyr-clt 2103/udp #Zephyr serv-hm connection -zephyr-hm 2104/udp #Zephyr hostmanager -#PROBLEMS!============================================================= -#zephyr-hm-srv 2105/udp #Zephyr hm-serv connection -#PROBLEMS!============================================================= -eklogin 2105/tcp #Kerberos (v4) encrypted rlogin -eklogin 2105/udp #Kerberos (v4) encrypted rlogin -ekshell 2106/tcp #Kerberos (v4) encrypted rshell -ekshell 2106/udp #Kerberos (v4) encrypted rshell -rkinit 2108/tcp #Kerberos (v4) remote initialization -rkinit 2108/udp #Kerberos (v4) remote initialization -ats 2201/tcp #Advanced Training System Program -ats 2201/udp #Advanced Training System Program -ivs-video 2232/tcp #IVS Video default -ivs-video 2232/udp #IVS Video default -ivsd 2241/tcp #IVS Daemon -ivsd 2241/udp #IVS Daemon -pehelp 2307/tcp -pehelp 2307/udp -cvspserver 2401/tcp #CVS network server -cvspserver 2401/udp #CVS network server -venus 2430/tcp #venus -venus 2430/udp #venus -venus-se 2431/tcp #venus-se -venus-se 2431/udp #venus-se -codasrv 2432/tcp #codasrv -codasrv 2432/udp #codasrv -codasrv-se 2433/tcp #codasrv-se -codasrv-se 2433/udp #codasrv-se -rtsserv 2500/tcp #Resource Tracking system server -rtsserv 2500/udp #Resource Tracking system server -rtsclient 2501/tcp #Resource Tracking system client -rtsclient 2501/udp #Resource Tracking system client -hp-3000-telnet 2564/tcp #HP 3000 NS/VT block mode telnet -zebrasrv 2600/tcp #zebra service -zebra 2601/tcp #zebra vty -ripd 2602/tcp #RIPd vty -ripngd 2603/tcp #RIPngd vty -ospfd 2604/tcp #OSPFd vty -bgpd 2605/tcp #BGPd vty -ospf6d 2606/tcp #OSPF6d vty -listen 2766/tcp #System V listener port -www-dev 2784/tcp #world wide web - development -www-dev 2784/udp #world wide web - development -dict 2628/tcp #RFC 2229 -dict 2628/udp #RFC 2229 -eppc 3031/tcp #Remote AppleEvents/PPC Toolbox -eppc 3031/udp #Remote AppleEvents/PPC Toolbox -NSWS 3049/tcp -NSWS 3049/udp -sj3 3086/tcp #SJ3 (kanji input) -vmodem 3141/tcp -vmodem 3141/udp -ccmail 3264/tcp #cc:mail/lotus -ccmail 3264/udp #cc:mail/lotus -dec-notes 3333/tcp #DEC Notes -dec-notes 3333/udp #DEC Notes -rsvp-encap 3455/udp #RSVP encapsulated in UDP -mapper-nodemgr 3984/tcp #MAPPER network node manager -mapper-nodemgr 3984/udp #MAPPER network node manager -mapper-mapethd 3985/tcp #MAPPER TCP/IP server -mapper-mapethd 3985/udp #MAPPER TCP/IP server -mapper-ws_ethd 3986/tcp #MAPPER workstation server -mapper-ws_ethd 3986/udp #MAPPER workstation server -bmap 3421/tcp #Bull Apprise portmapper -bmap 3421/udp #Bull Apprise portmapper -prsvp 3455/tcp #RSVP Port -prsvp 3455/udp #RSVP Port -vat 3456/tcp #VAT default data -vat 3456/udp #VAT default data -vat-control 3457/tcp #VAT default control -vat-control 3457/udp #VAT default control -udt_os 3900/tcp #Unidata UDT OS -udt_os 3900/udp #Unidata UDT OS -netcheque 4008/tcp #NetCheque accounting -netcheque 4008/udp #NetCheque accounting -lockd 4045/udp # NFS lock daemon/manager -lockd 4045/tcp -nuts_dem 4132/tcp #NUTS Daemon -nuts_dem 4132/udp #NUTS Daemon -nuts_bootp 4133/tcp #NUTS Bootp Server -nuts_bootp 4133/udp #NUTS Bootp Server -rwhois 4321/tcp #Remote Who Is -rwhois 4321/udp #Remote Who Is -unicall 4343/tcp -unicall 4343/udp -krb524 4444/tcp -krb524 4444/udp -# PROBLEM krb524 assigned the port, -# PROBLEM nv used it without an assignment -nv-video 4444/tcp #NV Video default -nv-video 4444/udp #NV Video default -sae-urn 4500/tcp -sae-urn 4500/udp -fax 4557/tcp #FAX transmission service -hylafax 4559/tcp #HylaFAX client-server protocol -rfa 4672/tcp #remote file access server -rfa 4672/udp #remote file access server -commplex-main 5000/tcp -commplex-main 5000/udp -commplex-link 5001/tcp -commplex-link 5001/udp -rfe 5002/tcp #radio free ethernet -rfe 5002/udp #radio free ethernet -telelpathstart 5010/tcp -telelpathstart 5010/udp -telelpathattack 5011/tcp -telelpathattack 5011/udp -mmcc 5050/tcp #multimedia conference control tool -mmcc 5050/udp #multimedia conference control tool -rmonitor_secure 5145/tcp -rmonitor_secure 5145/udp -aol 5190/tcp #America-Online -aol 5190/udp #America-Online -aol-1 5191/tcp #AmericaOnline1 -aol-1 5191/udp #AmericaOnline1 -aol-2 5192/tcp #AmericaOnline2 -aol-2 5192/udp #AmericaOnline2 -aol-3 5193/tcp #AmericaOnline3 -aol-3 5193/udp #AmericaOnline3 -jabber-client 5222/tcp #Jabber Client Connection -jabber-client 5222/udp #Jabber Client Connection -padl2sim 5236/tcp -padl2sim 5236/udp -jabber-server 5269/tcp #Jabber Server Connection -jabber-server 5269/udp #Jabber Server Connection -hacl-hb 5300/tcp # HA cluster heartbeat -hacl-hb 5300/udp # HA cluster heartbeat -hacl-gs 5301/tcp # HA cluster general services -hacl-gs 5301/udp # HA cluster general services -hacl-cfg 5302/tcp # HA cluster configuration -hacl-cfg 5302/udp # HA cluster configuration -hacl-probe 5303/tcp # HA cluster probing -hacl-probe 5303/udp # HA cluster probing -hacl-local 5304/tcp -hacl-local 5304/udp -hacl-test 5305/tcp -hacl-test 5305/udp -cfengine 5308/tcp -cfengine 5308/udp -postgresql 5432/tcp #PostgreSQL Database -postgresql 5432/udp #PostgreSQL Database -rplay 5555/udp -canna 5680/tcp #Canna (Japanese Input) -proshareaudio 5713/tcp #proshare conf audio -proshareaudio 5713/udp #proshare conf audio -prosharevideo 5714/tcp #proshare conf video -prosharevideo 5714/udp #proshare conf video -prosharedata 5715/tcp #proshare conf data -prosharedata 5715/udp #proshare conf data -prosharerequest 5716/tcp #proshare conf request -prosharerequest 5716/udp #proshare conf request -prosharenotify 5717/tcp #proshare conf notify -prosharenotify 5717/udp #proshare conf notify -cvsup 5999/tcp #CVSup file transfer/John Polstra/FreeBSD -x11 6000/tcp #6000-6063 are assigned to X Window System -x11 6000/udp -x11-ssh 6010/tcp #Unofficial name, for convenience -x11-ssh 6010/udp -softcm 6110/tcp #HP SoftBench CM -softcm 6110/udp #HP SoftBench CM -spc 6111/tcp #HP SoftBench Sub-Process Control -spc 6111/udp #HP SoftBench Sub-Process Control -meta-corp 6141/tcp #Meta Corporation License Manager -meta-corp 6141/udp #Meta Corporation License Manager -aspentec-lm 6142/tcp #Aspen Technology License Manager -aspentec-lm 6142/udp #Aspen Technology License Manager -watershed-lm 6143/tcp #Watershed License Manager -watershed-lm 6143/udp #Watershed License Manager -statsci1-lm 6144/tcp #StatSci License Manager - 1 -statsci1-lm 6144/udp #StatSci License Manager - 1 -statsci2-lm 6145/tcp #StatSci License Manager - 2 -statsci2-lm 6145/udp #StatSci License Manager - 2 -lonewolf-lm 6146/tcp #Lone Wolf Systems License Manager -lonewolf-lm 6146/udp #Lone Wolf Systems License Manager -montage-lm 6147/tcp #Montage License Manager -montage-lm 6147/udp #Montage License Manager -ricardo-lm 6148/tcp #Ricardo North America License Manager -ricardo-lm 6148/udp #Ricardo North America License Manager -xdsxdm 6558/tcp -xdsxdm 6558/udp -ircd 6667/tcp #Internet Relay Chat (unoffical) -acmsoda 6969/tcp -acmsoda 6969/udp -afs3-fileserver 7000/tcp #file server itself -afs3-fileserver 7000/udp #file server itself -afs3-callback 7001/tcp #callbacks to cache managers -afs3-callback 7001/udp #callbacks to cache managers -afs3-prserver 7002/tcp #users & groups database -afs3-prserver 7002/udp #users & groups database -afs3-vlserver 7003/tcp #volume location database -afs3-vlserver 7003/udp #volume location database -afs3-kaserver 7004/tcp #AFS/Kerberos authentication service -afs3-kaserver 7004/udp #AFS/Kerberos authentication service -afs3-volser 7005/tcp #volume management server -afs3-volser 7005/udp #volume management server -afs3-errors 7006/tcp #error interpretation service -afs3-errors 7006/udp #error interpretation service -afs3-bos 7007/tcp #basic overseer process -afs3-bos 7007/udp #basic overseer process -afs3-update 7008/tcp #server-to-server updater -afs3-update 7008/udp #server-to-server updater -afs3-rmtsys 7009/tcp #remote cache manager service -afs3-rmtsys 7009/udp #remote cache manager service -afs3-resserver 7010/tcp #MR-AFS residence server -afs3-resserver 7010/udp #MR-AFS residence server -afs3-remio 7011/tcp #MR-AFS remote IO server -afs3-remio 7011/udp #MR-AFS remote IO server -ups-onlinet 7010/tcp #onlinet uninterruptable power supplies -ups-onlinet 7010/udp #onlinet uninterruptable power supplies -font-service 7100/tcp #X Font Service -font-service 7100/udp #X Font Service -fodms 7200/tcp #FODMS FLIP -fodms 7200/udp #FODMS FLIP -dlip 7201/tcp -dlip 7201/udp -ftp-proxy 8021/tcp # pf ftp-proxy -spamd 8025/tcp # spamd(8) -spamd-sync 8025/udp # spamd(8) synchronisation -spamd-cfg 8026/tcp # spamd(8) configuration -natd 8668/divert # Network Address Translation -jetdirect 9100/tcp #HP JetDirect card -man 9535/tcp -man 9535/udp -sd 9876/tcp #Session Director -sd 9876/udp #Session Director -amanda 10080/udp #Dump server control -amandaidx 10082/tcp #Amanda indexing -amidxtape 10083/tcp #Amanda tape indexing -isode-dua 17007/tcp -isode-dua 17007/udp -biimenu 18000/tcp #Beckman Instruments, Inc. -biimenu 18000/udp #Beckman Instruments, Inc. -19000 19000/tcp # pfSense nat bouncing -19000 19000/udp # pfSense nat bouncing -19001 19001/tcp # pfSense nat bouncing -19001 19001/udp # pfSense nat bouncing -19002 19002/tcp # pfSense nat bouncing -19002 19002/udp # pfSense nat bouncing -19003 19003/tcp # pfSense nat bouncing -19003 19003/udp # pfSense nat bouncing -19004 19004/tcp # pfSense nat bouncing -19004 19004/udp # pfSense nat bouncing -19005 19005/tcp # pfSense nat bouncing -19005 19005/udp # pfSense nat bouncing -19006 19006/tcp # pfSense nat bouncing -19006 19006/udp # pfSense nat bouncing -19007 19007/tcp # pfSense nat bouncing -19007 19007/udp # pfSense nat bouncing -19008 19008/tcp # pfSense nat bouncing -19008 19008/udp # pfSense nat bouncing -19009 19009/tcp # pfSense nat bouncing -19009 19009/udp # pfSense nat bouncing -19010 19010/tcp # pfSense nat bouncing -19010 19010/udp # pfSense nat bouncing -19011 19011/tcp # pfSense nat bouncing -19011 19011/udp # pfSense nat bouncing -19012 19012/tcp # pfSense nat bouncing -19012 19012/udp # pfSense nat bouncing -19013 19013/tcp # pfSense nat bouncing -19013 19013/udp # pfSense nat bouncing -19014 19014/tcp # pfSense nat bouncing -19014 19014/udp # pfSense nat bouncing -19015 19015/tcp # pfSense nat bouncing -19015 19015/udp # pfSense nat bouncing -19016 19016/tcp # pfSense nat bouncing -19016 19016/udp # pfSense nat bouncing -19017 19017/tcp # pfSense nat bouncing -19017 19017/udp # pfSense nat bouncing -19018 19018/tcp # pfSense nat bouncing -19018 19018/udp # pfSense nat bouncing -19019 19019/tcp # pfSense nat bouncing -19019 19019/udp # pfSense nat bouncing -19020 19020/tcp # pfSense nat bouncing -19020 19020/udp # pfSense nat bouncing -19021 19021/tcp # pfSense nat bouncing -19021 19021/udp # pfSense nat bouncing -19022 19022/tcp # pfSense nat bouncing -19022 19022/udp # pfSense nat bouncing -19023 19023/tcp # pfSense nat bouncing -19023 19023/udp # pfSense nat bouncing -19024 19024/tcp # pfSense nat bouncing -19024 19024/udp # pfSense nat bouncing -19025 19025/tcp # pfSense nat bouncing -19025 19025/udp # pfSense nat bouncing -19026 19026/tcp # pfSense nat bouncing -19026 19026/udp # pfSense nat bouncing -19027 19027/tcp # pfSense nat bouncing -19027 19027/udp # pfSense nat bouncing -19028 19028/tcp # pfSense nat bouncing -19028 19028/udp # pfSense nat bouncing -19029 19029/tcp # pfSense nat bouncing -19029 19029/udp # pfSense nat bouncing -19030 19030/tcp # pfSense nat bouncing -19030 19030/udp # pfSense nat bouncing -19031 19031/tcp # pfSense nat bouncing -19031 19031/udp # pfSense nat bouncing -19032 19032/tcp # pfSense nat bouncing -19032 19032/udp # pfSense nat bouncing -19033 19033/tcp # pfSense nat bouncing -19033 19033/udp # pfSense nat bouncing -19034 19034/tcp # pfSense nat bouncing -19034 19034/udp # pfSense nat bouncing -19035 19035/tcp # pfSense nat bouncing -19035 19035/udp # pfSense nat bouncing -19036 19036/tcp # pfSense nat bouncing -19036 19036/udp # pfSense nat bouncing -19037 19037/tcp # pfSense nat bouncing -19037 19037/udp # pfSense nat bouncing -19038 19038/tcp # pfSense nat bouncing -19038 19038/udp # pfSense nat bouncing -19039 19039/tcp # pfSense nat bouncing -19039 19039/udp # pfSense nat bouncing -19040 19040/tcp # pfSense nat bouncing -19040 19040/udp # pfSense nat bouncing -19041 19041/tcp # pfSense nat bouncing -19041 19041/udp # pfSense nat bouncing -19042 19042/tcp # pfSense nat bouncing -19042 19042/udp # pfSense nat bouncing -19043 19043/tcp # pfSense nat bouncing -19043 19043/udp # pfSense nat bouncing -19044 19044/tcp # pfSense nat bouncing -19044 19044/udp # pfSense nat bouncing -19045 19045/tcp # pfSense nat bouncing -19045 19045/udp # pfSense nat bouncing -19046 19046/tcp # pfSense nat bouncing -19046 19046/udp # pfSense nat bouncing -19047 19047/tcp # pfSense nat bouncing -19047 19047/udp # pfSense nat bouncing -19048 19048/tcp # pfSense nat bouncing -19048 19048/udp # pfSense nat bouncing -19049 19049/tcp # pfSense nat bouncing -19049 19049/udp # pfSense nat bouncing -19050 19050/tcp # pfSense nat bouncing -19050 19050/udp # pfSense nat bouncing -19051 19051/tcp # pfSense nat bouncing -19051 19051/udp # pfSense nat bouncing -19052 19052/tcp # pfSense nat bouncing -19052 19052/udp # pfSense nat bouncing -19053 19053/tcp # pfSense nat bouncing -19053 19053/udp # pfSense nat bouncing -19054 19054/tcp # pfSense nat bouncing -19054 19054/udp # pfSense nat bouncing -19055 19055/tcp # pfSense nat bouncing -19055 19055/udp # pfSense nat bouncing -19056 19056/tcp # pfSense nat bouncing -19056 19056/udp # pfSense nat bouncing -19057 19057/tcp # pfSense nat bouncing -19057 19057/udp # pfSense nat bouncing -19058 19058/tcp # pfSense nat bouncing -19058 19058/udp # pfSense nat bouncing -19059 19059/tcp # pfSense nat bouncing -19059 19059/udp # pfSense nat bouncing -19060 19060/tcp # pfSense nat bouncing -19060 19060/udp # pfSense nat bouncing -19061 19061/tcp # pfSense nat bouncing -19061 19061/udp # pfSense nat bouncing -19062 19062/tcp # pfSense nat bouncing -19062 19062/udp # pfSense nat bouncing -19063 19063/tcp # pfSense nat bouncing -19063 19063/udp # pfSense nat bouncing -19064 19064/tcp # pfSense nat bouncing -19064 19064/udp # pfSense nat bouncing -19065 19065/tcp # pfSense nat bouncing -19065 19065/udp # pfSense nat bouncing -19066 19066/tcp # pfSense nat bouncing -19066 19066/udp # pfSense nat bouncing -19067 19067/tcp # pfSense nat bouncing -19067 19067/udp # pfSense nat bouncing -19068 19068/tcp # pfSense nat bouncing -19068 19068/udp # pfSense nat bouncing -19069 19069/tcp # pfSense nat bouncing -19069 19069/udp # pfSense nat bouncing -19070 19070/tcp # pfSense nat bouncing -19070 19070/udp # pfSense nat bouncing -19071 19071/tcp # pfSense nat bouncing -19071 19071/udp # pfSense nat bouncing -19072 19072/tcp # pfSense nat bouncing -19072 19072/udp # pfSense nat bouncing -19073 19073/tcp # pfSense nat bouncing -19073 19073/udp # pfSense nat bouncing -19074 19074/tcp # pfSense nat bouncing -19074 19074/udp # pfSense nat bouncing -19075 19075/tcp # pfSense nat bouncing -19075 19075/udp # pfSense nat bouncing -19076 19076/tcp # pfSense nat bouncing -19076 19076/udp # pfSense nat bouncing -19077 19077/tcp # pfSense nat bouncing -19077 19077/udp # pfSense nat bouncing -19078 19078/tcp # pfSense nat bouncing -19078 19078/udp # pfSense nat bouncing -19079 19079/tcp # pfSense nat bouncing -19079 19079/udp # pfSense nat bouncing -19080 19080/tcp # pfSense nat bouncing -19080 19080/udp # pfSense nat bouncing -19081 19081/tcp # pfSense nat bouncing -19081 19081/udp # pfSense nat bouncing -19082 19082/tcp # pfSense nat bouncing -19082 19082/udp # pfSense nat bouncing -19083 19083/tcp # pfSense nat bouncing -19083 19083/udp # pfSense nat bouncing -19084 19084/tcp # pfSense nat bouncing -19084 19084/udp # pfSense nat bouncing -19085 19085/tcp # pfSense nat bouncing -19085 19085/udp # pfSense nat bouncing -19086 19086/tcp # pfSense nat bouncing -19086 19086/udp # pfSense nat bouncing -19087 19087/tcp # pfSense nat bouncing -19087 19087/udp # pfSense nat bouncing -19088 19088/tcp # pfSense nat bouncing -19088 19088/udp # pfSense nat bouncing -19089 19089/tcp # pfSense nat bouncing -19089 19089/udp # pfSense nat bouncing -19090 19090/tcp # pfSense nat bouncing -19090 19090/udp # pfSense nat bouncing -19091 19091/tcp # pfSense nat bouncing -19091 19091/udp # pfSense nat bouncing -19092 19092/tcp # pfSense nat bouncing -19092 19092/udp # pfSense nat bouncing -19093 19093/tcp # pfSense nat bouncing -19093 19093/udp # pfSense nat bouncing -19094 19094/tcp # pfSense nat bouncing -19094 19094/udp # pfSense nat bouncing -19095 19095/tcp # pfSense nat bouncing -19095 19095/udp # pfSense nat bouncing -19096 19096/tcp # pfSense nat bouncing -19096 19096/udp # pfSense nat bouncing -19097 19097/tcp # pfSense nat bouncing -19097 19097/udp # pfSense nat bouncing -19098 19098/tcp # pfSense nat bouncing -19098 19098/udp # pfSense nat bouncing -19099 19099/tcp # pfSense nat bouncing -19099 19099/udp # pfSense nat bouncing -19100 19100/tcp # pfSense nat bouncing -19100 19100/udp # pfSense nat bouncing -19101 19101/tcp # pfSense nat bouncing -19101 19101/udp # pfSense nat bouncing -19102 19102/tcp # pfSense nat bouncing -19102 19102/udp # pfSense nat bouncing -19103 19103/tcp # pfSense nat bouncing -19103 19103/udp # pfSense nat bouncing -19104 19104/tcp # pfSense nat bouncing -19104 19104/udp # pfSense nat bouncing -19105 19105/tcp # pfSense nat bouncing -19105 19105/udp # pfSense nat bouncing -19106 19106/tcp # pfSense nat bouncing -19106 19106/udp # pfSense nat bouncing -19107 19107/tcp # pfSense nat bouncing -19107 19107/udp # pfSense nat bouncing -19108 19108/tcp # pfSense nat bouncing -19108 19108/udp # pfSense nat bouncing -19109 19109/tcp # pfSense nat bouncing -19109 19109/udp # pfSense nat bouncing -19110 19110/tcp # pfSense nat bouncing -19110 19110/udp # pfSense nat bouncing -19111 19111/tcp # pfSense nat bouncing -19111 19111/udp # pfSense nat bouncing -19112 19112/tcp # pfSense nat bouncing -19112 19112/udp # pfSense nat bouncing -19113 19113/tcp # pfSense nat bouncing -19113 19113/udp # pfSense nat bouncing -19114 19114/tcp # pfSense nat bouncing -19114 19114/udp # pfSense nat bouncing -19115 19115/tcp # pfSense nat bouncing -19115 19115/udp # pfSense nat bouncing -19116 19116/tcp # pfSense nat bouncing -19116 19116/udp # pfSense nat bouncing -19117 19117/tcp # pfSense nat bouncing -19117 19117/udp # pfSense nat bouncing -19118 19118/tcp # pfSense nat bouncing -19118 19118/udp # pfSense nat bouncing -19119 19119/tcp # pfSense nat bouncing -19119 19119/udp # pfSense nat bouncing -19120 19120/tcp # pfSense nat bouncing -19120 19120/udp # pfSense nat bouncing -19121 19121/tcp # pfSense nat bouncing -19121 19121/udp # pfSense nat bouncing -19122 19122/tcp # pfSense nat bouncing -19122 19122/udp # pfSense nat bouncing -19123 19123/tcp # pfSense nat bouncing -19123 19123/udp # pfSense nat bouncing -19124 19124/tcp # pfSense nat bouncing -19124 19124/udp # pfSense nat bouncing -19125 19125/tcp # pfSense nat bouncing -19125 19125/udp # pfSense nat bouncing -19126 19126/tcp # pfSense nat bouncing -19126 19126/udp # pfSense nat bouncing -19127 19127/tcp # pfSense nat bouncing -19127 19127/udp # pfSense nat bouncing -19128 19128/tcp # pfSense nat bouncing -19128 19128/udp # pfSense nat bouncing -19129 19129/tcp # pfSense nat bouncing -19129 19129/udp # pfSense nat bouncing -19130 19130/tcp # pfSense nat bouncing -19130 19130/udp # pfSense nat bouncing -19131 19131/tcp # pfSense nat bouncing -19131 19131/udp # pfSense nat bouncing -19132 19132/tcp # pfSense nat bouncing -19132 19132/udp # pfSense nat bouncing -19133 19133/tcp # pfSense nat bouncing -19133 19133/udp # pfSense nat bouncing -19134 19134/tcp # pfSense nat bouncing -19134 19134/udp # pfSense nat bouncing -19135 19135/tcp # pfSense nat bouncing -19135 19135/udp # pfSense nat bouncing -19136 19136/tcp # pfSense nat bouncing -19136 19136/udp # pfSense nat bouncing -19137 19137/tcp # pfSense nat bouncing -19137 19137/udp # pfSense nat bouncing -19138 19138/tcp # pfSense nat bouncing -19138 19138/udp # pfSense nat bouncing -19139 19139/tcp # pfSense nat bouncing -19139 19139/udp # pfSense nat bouncing -19140 19140/tcp # pfSense nat bouncing -19140 19140/udp # pfSense nat bouncing -19141 19141/tcp # pfSense nat bouncing -19141 19141/udp # pfSense nat bouncing -19142 19142/tcp # pfSense nat bouncing -19142 19142/udp # pfSense nat bouncing -19143 19143/tcp # pfSense nat bouncing -19143 19143/udp # pfSense nat bouncing -19144 19144/tcp # pfSense nat bouncing -19144 19144/udp # pfSense nat bouncing -19145 19145/tcp # pfSense nat bouncing -19145 19145/udp # pfSense nat bouncing -19146 19146/tcp # pfSense nat bouncing -19146 19146/udp # pfSense nat bouncing -19147 19147/tcp # pfSense nat bouncing -19147 19147/udp # pfSense nat bouncing -19148 19148/tcp # pfSense nat bouncing -19148 19148/udp # pfSense nat bouncing -19149 19149/tcp # pfSense nat bouncing -19149 19149/udp # pfSense nat bouncing -19150 19150/tcp # pfSense nat bouncing -19150 19150/udp # pfSense nat bouncing -19151 19151/tcp # pfSense nat bouncing -19151 19151/udp # pfSense nat bouncing -19152 19152/tcp # pfSense nat bouncing -19152 19152/udp # pfSense nat bouncing -19153 19153/tcp # pfSense nat bouncing -19153 19153/udp # pfSense nat bouncing -19154 19154/tcp # pfSense nat bouncing -19154 19154/udp # pfSense nat bouncing -19155 19155/tcp # pfSense nat bouncing -19155 19155/udp # pfSense nat bouncing -19156 19156/tcp # pfSense nat bouncing -19156 19156/udp # pfSense nat bouncing -19157 19157/tcp # pfSense nat bouncing -19157 19157/udp # pfSense nat bouncing -19158 19158/tcp # pfSense nat bouncing -19158 19158/udp # pfSense nat bouncing -19159 19159/tcp # pfSense nat bouncing -19159 19159/udp # pfSense nat bouncing -19160 19160/tcp # pfSense nat bouncing -19160 19160/udp # pfSense nat bouncing -19161 19161/tcp # pfSense nat bouncing -19161 19161/udp # pfSense nat bouncing -19162 19162/tcp # pfSense nat bouncing -19162 19162/udp # pfSense nat bouncing -19163 19163/tcp # pfSense nat bouncing -19163 19163/udp # pfSense nat bouncing -19164 19164/tcp # pfSense nat bouncing -19164 19164/udp # pfSense nat bouncing -19165 19165/tcp # pfSense nat bouncing -19165 19165/udp # pfSense nat bouncing -19166 19166/tcp # pfSense nat bouncing -19166 19166/udp # pfSense nat bouncing -19167 19167/tcp # pfSense nat bouncing -19167 19167/udp # pfSense nat bouncing -19168 19168/tcp # pfSense nat bouncing -19168 19168/udp # pfSense nat bouncing -19169 19169/tcp # pfSense nat bouncing -19169 19169/udp # pfSense nat bouncing -19170 19170/tcp # pfSense nat bouncing -19170 19170/udp # pfSense nat bouncing -19171 19171/tcp # pfSense nat bouncing -19171 19171/udp # pfSense nat bouncing -19172 19172/tcp # pfSense nat bouncing -19172 19172/udp # pfSense nat bouncing -19173 19173/tcp # pfSense nat bouncing -19173 19173/udp # pfSense nat bouncing -19174 19174/tcp # pfSense nat bouncing -19174 19174/udp # pfSense nat bouncing -19175 19175/tcp # pfSense nat bouncing -19175 19175/udp # pfSense nat bouncing -19176 19176/tcp # pfSense nat bouncing -19176 19176/udp # pfSense nat bouncing -19177 19177/tcp # pfSense nat bouncing -19177 19177/udp # pfSense nat bouncing -19178 19178/tcp # pfSense nat bouncing -19178 19178/udp # pfSense nat bouncing -19179 19179/tcp # pfSense nat bouncing -19179 19179/udp # pfSense nat bouncing -19180 19180/tcp # pfSense nat bouncing -19180 19180/udp # pfSense nat bouncing -19181 19181/tcp # pfSense nat bouncing -19181 19181/udp # pfSense nat bouncing -19182 19182/tcp # pfSense nat bouncing -19182 19182/udp # pfSense nat bouncing -19183 19183/tcp # pfSense nat bouncing -19183 19183/udp # pfSense nat bouncing -19184 19184/tcp # pfSense nat bouncing -19184 19184/udp # pfSense nat bouncing -19185 19185/tcp # pfSense nat bouncing -19185 19185/udp # pfSense nat bouncing -19186 19186/tcp # pfSense nat bouncing -19186 19186/udp # pfSense nat bouncing -19187 19187/tcp # pfSense nat bouncing -19187 19187/udp # pfSense nat bouncing -19188 19188/tcp # pfSense nat bouncing -19188 19188/udp # pfSense nat bouncing -19189 19189/tcp # pfSense nat bouncing -19189 19189/udp # pfSense nat bouncing -19190 19190/tcp # pfSense nat bouncing -19190 19190/udp # pfSense nat bouncing -19191 19191/tcp # pfSense nat bouncing -19191 19191/udp # pfSense nat bouncing -19192 19192/tcp # pfSense nat bouncing -19192 19192/udp # pfSense nat bouncing -19193 19193/tcp # pfSense nat bouncing -19193 19193/udp # pfSense nat bouncing -19194 19194/tcp # pfSense nat bouncing -19194 19194/udp # pfSense nat bouncing -19195 19195/tcp # pfSense nat bouncing -19195 19195/udp # pfSense nat bouncing -19196 19196/tcp # pfSense nat bouncing -19196 19196/udp # pfSense nat bouncing -19197 19197/tcp # pfSense nat bouncing -19197 19197/udp # pfSense nat bouncing -19198 19198/tcp # pfSense nat bouncing -19198 19198/udp # pfSense nat bouncing -19199 19199/tcp # pfSense nat bouncing -19199 19199/udp # pfSense nat bouncing -19200 19200/tcp # pfSense nat bouncing -19200 19200/udp # pfSense nat bouncing -19201 19201/tcp # pfSense nat bouncing -19201 19201/udp # pfSense nat bouncing -19202 19202/tcp # pfSense nat bouncing -19202 19202/udp # pfSense nat bouncing -19203 19203/tcp # pfSense nat bouncing -19203 19203/udp # pfSense nat bouncing -19204 19204/tcp # pfSense nat bouncing -19204 19204/udp # pfSense nat bouncing -19205 19205/tcp # pfSense nat bouncing -19205 19205/udp # pfSense nat bouncing -19206 19206/tcp # pfSense nat bouncing -19206 19206/udp # pfSense nat bouncing -19207 19207/tcp # pfSense nat bouncing -19207 19207/udp # pfSense nat bouncing -19208 19208/tcp # pfSense nat bouncing -19208 19208/udp # pfSense nat bouncing -19209 19209/tcp # pfSense nat bouncing -19209 19209/udp # pfSense nat bouncing -19210 19210/tcp # pfSense nat bouncing -19210 19210/udp # pfSense nat bouncing -19211 19211/tcp # pfSense nat bouncing -19211 19211/udp # pfSense nat bouncing -19212 19212/tcp # pfSense nat bouncing -19212 19212/udp # pfSense nat bouncing -19213 19213/tcp # pfSense nat bouncing -19213 19213/udp # pfSense nat bouncing -19214 19214/tcp # pfSense nat bouncing -19214 19214/udp # pfSense nat bouncing -19215 19215/tcp # pfSense nat bouncing -19215 19215/udp # pfSense nat bouncing -19216 19216/tcp # pfSense nat bouncing -19216 19216/udp # pfSense nat bouncing -19217 19217/tcp # pfSense nat bouncing -19217 19217/udp # pfSense nat bouncing -19218 19218/tcp # pfSense nat bouncing -19218 19218/udp # pfSense nat bouncing -19219 19219/tcp # pfSense nat bouncing -19219 19219/udp # pfSense nat bouncing -19220 19220/tcp # pfSense nat bouncing -19220 19220/udp # pfSense nat bouncing -19221 19221/tcp # pfSense nat bouncing -19221 19221/udp # pfSense nat bouncing -19222 19222/tcp # pfSense nat bouncing -19222 19222/udp # pfSense nat bouncing -19223 19223/tcp # pfSense nat bouncing -19223 19223/udp # pfSense nat bouncing -19224 19224/tcp # pfSense nat bouncing -19224 19224/udp # pfSense nat bouncing -19225 19225/tcp # pfSense nat bouncing -19225 19225/udp # pfSense nat bouncing -19226 19226/tcp # pfSense nat bouncing -19226 19226/udp # pfSense nat bouncing -19227 19227/tcp # pfSense nat bouncing -19227 19227/udp # pfSense nat bouncing -19228 19228/tcp # pfSense nat bouncing -19228 19228/udp # pfSense nat bouncing -19229 19229/tcp # pfSense nat bouncing -19229 19229/udp # pfSense nat bouncing -19230 19230/tcp # pfSense nat bouncing -19230 19230/udp # pfSense nat bouncing -19231 19231/tcp # pfSense nat bouncing -19231 19231/udp # pfSense nat bouncing -19232 19232/tcp # pfSense nat bouncing -19232 19232/udp # pfSense nat bouncing -19233 19233/tcp # pfSense nat bouncing -19233 19233/udp # pfSense nat bouncing -19234 19234/tcp # pfSense nat bouncing -19234 19234/udp # pfSense nat bouncing -19235 19235/tcp # pfSense nat bouncing -19235 19235/udp # pfSense nat bouncing -19236 19236/tcp # pfSense nat bouncing -19236 19236/udp # pfSense nat bouncing -19237 19237/tcp # pfSense nat bouncing -19237 19237/udp # pfSense nat bouncing -19238 19238/tcp # pfSense nat bouncing -19238 19238/udp # pfSense nat bouncing -19239 19239/tcp # pfSense nat bouncing -19239 19239/udp # pfSense nat bouncing -19240 19240/tcp # pfSense nat bouncing -19240 19240/udp # pfSense nat bouncing -19241 19241/tcp # pfSense nat bouncing -19241 19241/udp # pfSense nat bouncing -19242 19242/tcp # pfSense nat bouncing -19242 19242/udp # pfSense nat bouncing -19243 19243/tcp # pfSense nat bouncing -19243 19243/udp # pfSense nat bouncing -19244 19244/tcp # pfSense nat bouncing -19244 19244/udp # pfSense nat bouncing -19245 19245/tcp # pfSense nat bouncing -19245 19245/udp # pfSense nat bouncing -19246 19246/tcp # pfSense nat bouncing -19246 19246/udp # pfSense nat bouncing -19247 19247/tcp # pfSense nat bouncing -19247 19247/udp # pfSense nat bouncing -19248 19248/tcp # pfSense nat bouncing -19248 19248/udp # pfSense nat bouncing -19249 19249/tcp # pfSense nat bouncing -19249 19249/udp # pfSense nat bouncing -19250 19250/tcp # pfSense nat bouncing -19250 19250/udp # pfSense nat bouncing -19251 19251/tcp # pfSense nat bouncing -19251 19251/udp # pfSense nat bouncing -19252 19252/tcp # pfSense nat bouncing -19252 19252/udp # pfSense nat bouncing -19253 19253/tcp # pfSense nat bouncing -19253 19253/udp # pfSense nat bouncing -19254 19254/tcp # pfSense nat bouncing -19254 19254/udp # pfSense nat bouncing -19255 19255/tcp # pfSense nat bouncing -19255 19255/udp # pfSense nat bouncing -19256 19256/tcp # pfSense nat bouncing -19256 19256/udp # pfSense nat bouncing -19257 19257/tcp # pfSense nat bouncing -19257 19257/udp # pfSense nat bouncing -19258 19258/tcp # pfSense nat bouncing -19258 19258/udp # pfSense nat bouncing -19259 19259/tcp # pfSense nat bouncing -19259 19259/udp # pfSense nat bouncing -19260 19260/tcp # pfSense nat bouncing -19260 19260/udp # pfSense nat bouncing -19261 19261/tcp # pfSense nat bouncing -19261 19261/udp # pfSense nat bouncing -19262 19262/tcp # pfSense nat bouncing -19262 19262/udp # pfSense nat bouncing -19263 19263/tcp # pfSense nat bouncing -19263 19263/udp # pfSense nat bouncing -19264 19264/tcp # pfSense nat bouncing -19264 19264/udp # pfSense nat bouncing -19265 19265/tcp # pfSense nat bouncing -19265 19265/udp # pfSense nat bouncing -19266 19266/tcp # pfSense nat bouncing -19266 19266/udp # pfSense nat bouncing -19267 19267/tcp # pfSense nat bouncing -19267 19267/udp # pfSense nat bouncing -19268 19268/tcp # pfSense nat bouncing -19268 19268/udp # pfSense nat bouncing -19269 19269/tcp # pfSense nat bouncing -19269 19269/udp # pfSense nat bouncing -19270 19270/tcp # pfSense nat bouncing -19270 19270/udp # pfSense nat bouncing -19271 19271/tcp # pfSense nat bouncing -19271 19271/udp # pfSense nat bouncing -19272 19272/tcp # pfSense nat bouncing -19272 19272/udp # pfSense nat bouncing -19273 19273/tcp # pfSense nat bouncing -19273 19273/udp # pfSense nat bouncing -19274 19274/tcp # pfSense nat bouncing -19274 19274/udp # pfSense nat bouncing -19275 19275/tcp # pfSense nat bouncing -19275 19275/udp # pfSense nat bouncing -19276 19276/tcp # pfSense nat bouncing -19276 19276/udp # pfSense nat bouncing -19277 19277/tcp # pfSense nat bouncing -19277 19277/udp # pfSense nat bouncing -19278 19278/tcp # pfSense nat bouncing -19278 19278/udp # pfSense nat bouncing -19279 19279/tcp # pfSense nat bouncing -19279 19279/udp # pfSense nat bouncing -19280 19280/tcp # pfSense nat bouncing -19280 19280/udp # pfSense nat bouncing -19281 19281/tcp # pfSense nat bouncing -19281 19281/udp # pfSense nat bouncing -19282 19282/tcp # pfSense nat bouncing -19282 19282/udp # pfSense nat bouncing -19283 19283/tcp # pfSense nat bouncing -19283 19283/udp # pfSense nat bouncing -19284 19284/tcp # pfSense nat bouncing -19284 19284/udp # pfSense nat bouncing -19285 19285/tcp # pfSense nat bouncing -19285 19285/udp # pfSense nat bouncing -19286 19286/tcp # pfSense nat bouncing -19286 19286/udp # pfSense nat bouncing -19287 19287/tcp # pfSense nat bouncing -19287 19287/udp # pfSense nat bouncing -19288 19288/tcp # pfSense nat bouncing -19288 19288/udp # pfSense nat bouncing -19289 19289/tcp # pfSense nat bouncing -19289 19289/udp # pfSense nat bouncing -19290 19290/tcp # pfSense nat bouncing -19290 19290/udp # pfSense nat bouncing -19291 19291/tcp # pfSense nat bouncing -19291 19291/udp # pfSense nat bouncing -19292 19292/tcp # pfSense nat bouncing -19292 19292/udp # pfSense nat bouncing -19293 19293/tcp # pfSense nat bouncing -19293 19293/udp # pfSense nat bouncing -19294 19294/tcp # pfSense nat bouncing -19294 19294/udp # pfSense nat bouncing -19295 19295/tcp # pfSense nat bouncing -19295 19295/udp # pfSense nat bouncing -19296 19296/tcp # pfSense nat bouncing -19296 19296/udp # pfSense nat bouncing -19297 19297/tcp # pfSense nat bouncing -19297 19297/udp # pfSense nat bouncing -19298 19298/tcp # pfSense nat bouncing -19298 19298/udp # pfSense nat bouncing -19299 19299/tcp # pfSense nat bouncing -19299 19299/udp # pfSense nat bouncing -19300 19300/tcp # pfSense nat bouncing -19300 19300/udp # pfSense nat bouncing -19301 19301/tcp # pfSense nat bouncing -19301 19301/udp # pfSense nat bouncing -19302 19302/tcp # pfSense nat bouncing -19302 19302/udp # pfSense nat bouncing -19303 19303/tcp # pfSense nat bouncing -19303 19303/udp # pfSense nat bouncing -19304 19304/tcp # pfSense nat bouncing -19304 19304/udp # pfSense nat bouncing -19305 19305/tcp # pfSense nat bouncing -19305 19305/udp # pfSense nat bouncing -19306 19306/tcp # pfSense nat bouncing -19306 19306/udp # pfSense nat bouncing -19307 19307/tcp # pfSense nat bouncing -19307 19307/udp # pfSense nat bouncing -19308 19308/tcp # pfSense nat bouncing -19308 19308/udp # pfSense nat bouncing -19309 19309/tcp # pfSense nat bouncing -19309 19309/udp # pfSense nat bouncing -19310 19310/tcp # pfSense nat bouncing -19310 19310/udp # pfSense nat bouncing -19311 19311/tcp # pfSense nat bouncing -19311 19311/udp # pfSense nat bouncing -19312 19312/tcp # pfSense nat bouncing -19312 19312/udp # pfSense nat bouncing -19313 19313/tcp # pfSense nat bouncing -19313 19313/udp # pfSense nat bouncing -19314 19314/tcp # pfSense nat bouncing -19314 19314/udp # pfSense nat bouncing -19315 19315/tcp # pfSense nat bouncing -19315 19315/udp # pfSense nat bouncing -19316 19316/tcp # pfSense nat bouncing -19316 19316/udp # pfSense nat bouncing -19317 19317/tcp # pfSense nat bouncing -19317 19317/udp # pfSense nat bouncing -19318 19318/tcp # pfSense nat bouncing -19318 19318/udp # pfSense nat bouncing -19319 19319/tcp # pfSense nat bouncing -19319 19319/udp # pfSense nat bouncing -19320 19320/tcp # pfSense nat bouncing -19320 19320/udp # pfSense nat bouncing -19321 19321/tcp # pfSense nat bouncing -19321 19321/udp # pfSense nat bouncing -19322 19322/tcp # pfSense nat bouncing -19322 19322/udp # pfSense nat bouncing -19323 19323/tcp # pfSense nat bouncing -19323 19323/udp # pfSense nat bouncing -19324 19324/tcp # pfSense nat bouncing -19324 19324/udp # pfSense nat bouncing -19325 19325/tcp # pfSense nat bouncing -19325 19325/udp # pfSense nat bouncing -19326 19326/tcp # pfSense nat bouncing -19326 19326/udp # pfSense nat bouncing -19327 19327/tcp # pfSense nat bouncing -19327 19327/udp # pfSense nat bouncing -19328 19328/tcp # pfSense nat bouncing -19328 19328/udp # pfSense nat bouncing -19329 19329/tcp # pfSense nat bouncing -19329 19329/udp # pfSense nat bouncing -19330 19330/tcp # pfSense nat bouncing -19330 19330/udp # pfSense nat bouncing -19331 19331/tcp # pfSense nat bouncing -19331 19331/udp # pfSense nat bouncing -19332 19332/tcp # pfSense nat bouncing -19332 19332/udp # pfSense nat bouncing -19333 19333/tcp # pfSense nat bouncing -19333 19333/udp # pfSense nat bouncing -19334 19334/tcp # pfSense nat bouncing -19334 19334/udp # pfSense nat bouncing -19335 19335/tcp # pfSense nat bouncing -19335 19335/udp # pfSense nat bouncing -19336 19336/tcp # pfSense nat bouncing -19336 19336/udp # pfSense nat bouncing -19337 19337/tcp # pfSense nat bouncing -19337 19337/udp # pfSense nat bouncing -19338 19338/tcp # pfSense nat bouncing -19338 19338/udp # pfSense nat bouncing -19339 19339/tcp # pfSense nat bouncing -19339 19339/udp # pfSense nat bouncing -19340 19340/tcp # pfSense nat bouncing -19340 19340/udp # pfSense nat bouncing -19341 19341/tcp # pfSense nat bouncing -19341 19341/udp # pfSense nat bouncing -19342 19342/tcp # pfSense nat bouncing -19342 19342/udp # pfSense nat bouncing -19343 19343/tcp # pfSense nat bouncing -19343 19343/udp # pfSense nat bouncing -19344 19344/tcp # pfSense nat bouncing -19344 19344/udp # pfSense nat bouncing -19345 19345/tcp # pfSense nat bouncing -19345 19345/udp # pfSense nat bouncing -19346 19346/tcp # pfSense nat bouncing -19346 19346/udp # pfSense nat bouncing -19347 19347/tcp # pfSense nat bouncing -19347 19347/udp # pfSense nat bouncing -19348 19348/tcp # pfSense nat bouncing -19348 19348/udp # pfSense nat bouncing -19349 19349/tcp # pfSense nat bouncing -19349 19349/udp # pfSense nat bouncing -19350 19350/tcp # pfSense nat bouncing -19350 19350/udp # pfSense nat bouncing -19351 19351/tcp # pfSense nat bouncing -19351 19351/udp # pfSense nat bouncing -19352 19352/tcp # pfSense nat bouncing -19352 19352/udp # pfSense nat bouncing -19353 19353/tcp # pfSense nat bouncing -19353 19353/udp # pfSense nat bouncing -19354 19354/tcp # pfSense nat bouncing -19354 19354/udp # pfSense nat bouncing -19355 19355/tcp # pfSense nat bouncing -19355 19355/udp # pfSense nat bouncing -19356 19356/tcp # pfSense nat bouncing -19356 19356/udp # pfSense nat bouncing -19357 19357/tcp # pfSense nat bouncing -19357 19357/udp # pfSense nat bouncing -19358 19358/tcp # pfSense nat bouncing -19358 19358/udp # pfSense nat bouncing -19359 19359/tcp # pfSense nat bouncing -19359 19359/udp # pfSense nat bouncing -19360 19360/tcp # pfSense nat bouncing -19360 19360/udp # pfSense nat bouncing -19361 19361/tcp # pfSense nat bouncing -19361 19361/udp # pfSense nat bouncing -19362 19362/tcp # pfSense nat bouncing -19362 19362/udp # pfSense nat bouncing -19363 19363/tcp # pfSense nat bouncing -19363 19363/udp # pfSense nat bouncing -19364 19364/tcp # pfSense nat bouncing -19364 19364/udp # pfSense nat bouncing -19365 19365/tcp # pfSense nat bouncing -19365 19365/udp # pfSense nat bouncing -19366 19366/tcp # pfSense nat bouncing -19366 19366/udp # pfSense nat bouncing -19367 19367/tcp # pfSense nat bouncing -19367 19367/udp # pfSense nat bouncing -19368 19368/tcp # pfSense nat bouncing -19368 19368/udp # pfSense nat bouncing -19369 19369/tcp # pfSense nat bouncing -19369 19369/udp # pfSense nat bouncing -19370 19370/tcp # pfSense nat bouncing -19370 19370/udp # pfSense nat bouncing -19371 19371/tcp # pfSense nat bouncing -19371 19371/udp # pfSense nat bouncing -19372 19372/tcp # pfSense nat bouncing -19372 19372/udp # pfSense nat bouncing -19373 19373/tcp # pfSense nat bouncing -19373 19373/udp # pfSense nat bouncing -19374 19374/tcp # pfSense nat bouncing -19374 19374/udp # pfSense nat bouncing -19375 19375/tcp # pfSense nat bouncing -19375 19375/udp # pfSense nat bouncing -19376 19376/tcp # pfSense nat bouncing -19376 19376/udp # pfSense nat bouncing -19377 19377/tcp # pfSense nat bouncing -19377 19377/udp # pfSense nat bouncing -19378 19378/tcp # pfSense nat bouncing -19378 19378/udp # pfSense nat bouncing -19379 19379/tcp # pfSense nat bouncing -19379 19379/udp # pfSense nat bouncing -19380 19380/tcp # pfSense nat bouncing -19380 19380/udp # pfSense nat bouncing -19381 19381/tcp # pfSense nat bouncing -19381 19381/udp # pfSense nat bouncing -19382 19382/tcp # pfSense nat bouncing -19382 19382/udp # pfSense nat bouncing -19383 19383/tcp # pfSense nat bouncing -19383 19383/udp # pfSense nat bouncing -19384 19384/tcp # pfSense nat bouncing -19384 19384/udp # pfSense nat bouncing -19385 19385/tcp # pfSense nat bouncing -19385 19385/udp # pfSense nat bouncing -19386 19386/tcp # pfSense nat bouncing -19386 19386/udp # pfSense nat bouncing -19387 19387/tcp # pfSense nat bouncing -19387 19387/udp # pfSense nat bouncing -19388 19388/tcp # pfSense nat bouncing -19388 19388/udp # pfSense nat bouncing -19389 19389/tcp # pfSense nat bouncing -19389 19389/udp # pfSense nat bouncing -19390 19390/tcp # pfSense nat bouncing -19390 19390/udp # pfSense nat bouncing -19391 19391/tcp # pfSense nat bouncing -19391 19391/udp # pfSense nat bouncing -19392 19392/tcp # pfSense nat bouncing -19392 19392/udp # pfSense nat bouncing -19393 19393/tcp # pfSense nat bouncing -19393 19393/udp # pfSense nat bouncing -19394 19394/tcp # pfSense nat bouncing -19394 19394/udp # pfSense nat bouncing -19395 19395/tcp # pfSense nat bouncing -19395 19395/udp # pfSense nat bouncing -19396 19396/tcp # pfSense nat bouncing -19396 19396/udp # pfSense nat bouncing -19397 19397/tcp # pfSense nat bouncing -19397 19397/udp # pfSense nat bouncing -19398 19398/tcp # pfSense nat bouncing -19398 19398/udp # pfSense nat bouncing -19399 19399/tcp # pfSense nat bouncing -19399 19399/udp # pfSense nat bouncing -19400 19400/tcp # pfSense nat bouncing -19400 19400/udp # pfSense nat bouncing -19401 19401/tcp # pfSense nat bouncing -19401 19401/udp # pfSense nat bouncing -19402 19402/tcp # pfSense nat bouncing -19402 19402/udp # pfSense nat bouncing -19403 19403/tcp # pfSense nat bouncing -19403 19403/udp # pfSense nat bouncing -19404 19404/tcp # pfSense nat bouncing -19404 19404/udp # pfSense nat bouncing -19405 19405/tcp # pfSense nat bouncing -19405 19405/udp # pfSense nat bouncing -19406 19406/tcp # pfSense nat bouncing -19406 19406/udp # pfSense nat bouncing -19407 19407/tcp # pfSense nat bouncing -19407 19407/udp # pfSense nat bouncing -19408 19408/tcp # pfSense nat bouncing -19408 19408/udp # pfSense nat bouncing -19409 19409/tcp # pfSense nat bouncing -19409 19409/udp # pfSense nat bouncing -19410 19410/tcp # pfSense nat bouncing -19410 19410/udp # pfSense nat bouncing -19411 19411/tcp # pfSense nat bouncing -19411 19411/udp # pfSense nat bouncing -19412 19412/tcp # pfSense nat bouncing -19412 19412/udp # pfSense nat bouncing -19413 19413/tcp # pfSense nat bouncing -19413 19413/udp # pfSense nat bouncing -19414 19414/tcp # pfSense nat bouncing -19414 19414/udp # pfSense nat bouncing -19415 19415/tcp # pfSense nat bouncing -19415 19415/udp # pfSense nat bouncing -19416 19416/tcp # pfSense nat bouncing -19416 19416/udp # pfSense nat bouncing -19417 19417/tcp # pfSense nat bouncing -19417 19417/udp # pfSense nat bouncing -19418 19418/tcp # pfSense nat bouncing -19418 19418/udp # pfSense nat bouncing -19419 19419/tcp # pfSense nat bouncing -19419 19419/udp # pfSense nat bouncing -19420 19420/tcp # pfSense nat bouncing -19420 19420/udp # pfSense nat bouncing -19421 19421/tcp # pfSense nat bouncing -19421 19421/udp # pfSense nat bouncing -19422 19422/tcp # pfSense nat bouncing -19422 19422/udp # pfSense nat bouncing -19423 19423/tcp # pfSense nat bouncing -19423 19423/udp # pfSense nat bouncing -19424 19424/tcp # pfSense nat bouncing -19424 19424/udp # pfSense nat bouncing -19425 19425/tcp # pfSense nat bouncing -19425 19425/udp # pfSense nat bouncing -19426 19426/tcp # pfSense nat bouncing -19426 19426/udp # pfSense nat bouncing -19427 19427/tcp # pfSense nat bouncing -19427 19427/udp # pfSense nat bouncing -19428 19428/tcp # pfSense nat bouncing -19428 19428/udp # pfSense nat bouncing -19429 19429/tcp # pfSense nat bouncing -19429 19429/udp # pfSense nat bouncing -19430 19430/tcp # pfSense nat bouncing -19430 19430/udp # pfSense nat bouncing -19431 19431/tcp # pfSense nat bouncing -19431 19431/udp # pfSense nat bouncing -19432 19432/tcp # pfSense nat bouncing -19432 19432/udp # pfSense nat bouncing -19433 19433/tcp # pfSense nat bouncing -19433 19433/udp # pfSense nat bouncing -19434 19434/tcp # pfSense nat bouncing -19434 19434/udp # pfSense nat bouncing -19435 19435/tcp # pfSense nat bouncing -19435 19435/udp # pfSense nat bouncing -19436 19436/tcp # pfSense nat bouncing -19436 19436/udp # pfSense nat bouncing -19437 19437/tcp # pfSense nat bouncing -19437 19437/udp # pfSense nat bouncing -19438 19438/tcp # pfSense nat bouncing -19438 19438/udp # pfSense nat bouncing -19439 19439/tcp # pfSense nat bouncing -19439 19439/udp # pfSense nat bouncing -19440 19440/tcp # pfSense nat bouncing -19440 19440/udp # pfSense nat bouncing -19441 19441/tcp # pfSense nat bouncing -19441 19441/udp # pfSense nat bouncing -19442 19442/tcp # pfSense nat bouncing -19442 19442/udp # pfSense nat bouncing -19443 19443/tcp # pfSense nat bouncing -19443 19443/udp # pfSense nat bouncing -19444 19444/tcp # pfSense nat bouncing -19444 19444/udp # pfSense nat bouncing -19445 19445/tcp # pfSense nat bouncing -19445 19445/udp # pfSense nat bouncing -19446 19446/tcp # pfSense nat bouncing -19446 19446/udp # pfSense nat bouncing -19447 19447/tcp # pfSense nat bouncing -19447 19447/udp # pfSense nat bouncing -19448 19448/tcp # pfSense nat bouncing -19448 19448/udp # pfSense nat bouncing -19449 19449/tcp # pfSense nat bouncing -19449 19449/udp # pfSense nat bouncing -19450 19450/tcp # pfSense nat bouncing -19450 19450/udp # pfSense nat bouncing -19451 19451/tcp # pfSense nat bouncing -19451 19451/udp # pfSense nat bouncing -19452 19452/tcp # pfSense nat bouncing -19452 19452/udp # pfSense nat bouncing -19453 19453/tcp # pfSense nat bouncing -19453 19453/udp # pfSense nat bouncing -19454 19454/tcp # pfSense nat bouncing -19454 19454/udp # pfSense nat bouncing -19455 19455/tcp # pfSense nat bouncing -19455 19455/udp # pfSense nat bouncing -19456 19456/tcp # pfSense nat bouncing -19456 19456/udp # pfSense nat bouncing -19457 19457/tcp # pfSense nat bouncing -19457 19457/udp # pfSense nat bouncing -19458 19458/tcp # pfSense nat bouncing -19458 19458/udp # pfSense nat bouncing -19459 19459/tcp # pfSense nat bouncing -19459 19459/udp # pfSense nat bouncing -19460 19460/tcp # pfSense nat bouncing -19460 19460/udp # pfSense nat bouncing -19461 19461/tcp # pfSense nat bouncing -19461 19461/udp # pfSense nat bouncing -19462 19462/tcp # pfSense nat bouncing -19462 19462/udp # pfSense nat bouncing -19463 19463/tcp # pfSense nat bouncing -19463 19463/udp # pfSense nat bouncing -19464 19464/tcp # pfSense nat bouncing -19464 19464/udp # pfSense nat bouncing -19465 19465/tcp # pfSense nat bouncing -19465 19465/udp # pfSense nat bouncing -19466 19466/tcp # pfSense nat bouncing -19466 19466/udp # pfSense nat bouncing -19467 19467/tcp # pfSense nat bouncing -19467 19467/udp # pfSense nat bouncing -19468 19468/tcp # pfSense nat bouncing -19468 19468/udp # pfSense nat bouncing -19469 19469/tcp # pfSense nat bouncing -19469 19469/udp # pfSense nat bouncing -19470 19470/tcp # pfSense nat bouncing -19470 19470/udp # pfSense nat bouncing -19471 19471/tcp # pfSense nat bouncing -19471 19471/udp # pfSense nat bouncing -19472 19472/tcp # pfSense nat bouncing -19472 19472/udp # pfSense nat bouncing -19473 19473/tcp # pfSense nat bouncing -19473 19473/udp # pfSense nat bouncing -19474 19474/tcp # pfSense nat bouncing -19474 19474/udp # pfSense nat bouncing -19475 19475/tcp # pfSense nat bouncing -19475 19475/udp # pfSense nat bouncing -19476 19476/tcp # pfSense nat bouncing -19476 19476/udp # pfSense nat bouncing -19477 19477/tcp # pfSense nat bouncing -19477 19477/udp # pfSense nat bouncing -19478 19478/tcp # pfSense nat bouncing -19478 19478/udp # pfSense nat bouncing -19479 19479/tcp # pfSense nat bouncing -19479 19479/udp # pfSense nat bouncing -19480 19480/tcp # pfSense nat bouncing -19480 19480/udp # pfSense nat bouncing -19481 19481/tcp # pfSense nat bouncing -19481 19481/udp # pfSense nat bouncing -19482 19482/tcp # pfSense nat bouncing -19482 19482/udp # pfSense nat bouncing -19483 19483/tcp # pfSense nat bouncing -19483 19483/udp # pfSense nat bouncing -19484 19484/tcp # pfSense nat bouncing -19484 19484/udp # pfSense nat bouncing -19485 19485/tcp # pfSense nat bouncing -19485 19485/udp # pfSense nat bouncing -19486 19486/tcp # pfSense nat bouncing -19486 19486/udp # pfSense nat bouncing -19487 19487/tcp # pfSense nat bouncing -19487 19487/udp # pfSense nat bouncing -19488 19488/tcp # pfSense nat bouncing -19488 19488/udp # pfSense nat bouncing -19489 19489/tcp # pfSense nat bouncing -19489 19489/udp # pfSense nat bouncing -19490 19490/tcp # pfSense nat bouncing -19490 19490/udp # pfSense nat bouncing -19491 19491/tcp # pfSense nat bouncing -19491 19491/udp # pfSense nat bouncing -19492 19492/tcp # pfSense nat bouncing -19492 19492/udp # pfSense nat bouncing -19493 19493/tcp # pfSense nat bouncing -19493 19493/udp # pfSense nat bouncing -19494 19494/tcp # pfSense nat bouncing -19494 19494/udp # pfSense nat bouncing -19495 19495/tcp # pfSense nat bouncing -19495 19495/udp # pfSense nat bouncing -19496 19496/tcp # pfSense nat bouncing -19496 19496/udp # pfSense nat bouncing -19497 19497/tcp # pfSense nat bouncing -19497 19497/udp # pfSense nat bouncing -19498 19498/tcp # pfSense nat bouncing -19498 19498/udp # pfSense nat bouncing -19499 19499/tcp # pfSense nat bouncing -19499 19499/udp # pfSense nat bouncing -19500 19500/tcp # pfSense nat bouncing -19500 19500/udp # pfSense nat bouncing -19501 19501/tcp # pfSense nat bouncing -19501 19501/udp # pfSense nat bouncing -19502 19502/tcp # pfSense nat bouncing -19502 19502/udp # pfSense nat bouncing -19503 19503/tcp # pfSense nat bouncing -19503 19503/udp # pfSense nat bouncing -19504 19504/tcp # pfSense nat bouncing -19504 19504/udp # pfSense nat bouncing -19505 19505/tcp # pfSense nat bouncing -19505 19505/udp # pfSense nat bouncing -19506 19506/tcp # pfSense nat bouncing -19506 19506/udp # pfSense nat bouncing -19507 19507/tcp # pfSense nat bouncing -19507 19507/udp # pfSense nat bouncing -19508 19508/tcp # pfSense nat bouncing -19508 19508/udp # pfSense nat bouncing -19509 19509/tcp # pfSense nat bouncing -19509 19509/udp # pfSense nat bouncing -19510 19510/tcp # pfSense nat bouncing -19510 19510/udp # pfSense nat bouncing -19511 19511/tcp # pfSense nat bouncing -19511 19511/udp # pfSense nat bouncing -19512 19512/tcp # pfSense nat bouncing -19512 19512/udp # pfSense nat bouncing -19513 19513/tcp # pfSense nat bouncing -19513 19513/udp # pfSense nat bouncing -19514 19514/tcp # pfSense nat bouncing -19514 19514/udp # pfSense nat bouncing -19515 19515/tcp # pfSense nat bouncing -19515 19515/udp # pfSense nat bouncing -19516 19516/tcp # pfSense nat bouncing -19516 19516/udp # pfSense nat bouncing -19517 19517/tcp # pfSense nat bouncing -19517 19517/udp # pfSense nat bouncing -19518 19518/tcp # pfSense nat bouncing -19518 19518/udp # pfSense nat bouncing -19519 19519/tcp # pfSense nat bouncing -19519 19519/udp # pfSense nat bouncing -19520 19520/tcp # pfSense nat bouncing -19520 19520/udp # pfSense nat bouncing -19521 19521/tcp # pfSense nat bouncing -19521 19521/udp # pfSense nat bouncing -19522 19522/tcp # pfSense nat bouncing -19522 19522/udp # pfSense nat bouncing -19523 19523/tcp # pfSense nat bouncing -19523 19523/udp # pfSense nat bouncing -19524 19524/tcp # pfSense nat bouncing -19524 19524/udp # pfSense nat bouncing -19525 19525/tcp # pfSense nat bouncing -19525 19525/udp # pfSense nat bouncing -19526 19526/tcp # pfSense nat bouncing -19526 19526/udp # pfSense nat bouncing -19527 19527/tcp # pfSense nat bouncing -19527 19527/udp # pfSense nat bouncing -19528 19528/tcp # pfSense nat bouncing -19528 19528/udp # pfSense nat bouncing -19529 19529/tcp # pfSense nat bouncing -19529 19529/udp # pfSense nat bouncing -19530 19530/tcp # pfSense nat bouncing -19530 19530/udp # pfSense nat bouncing -19531 19531/tcp # pfSense nat bouncing -19531 19531/udp # pfSense nat bouncing -19532 19532/tcp # pfSense nat bouncing -19532 19532/udp # pfSense nat bouncing -19533 19533/tcp # pfSense nat bouncing -19533 19533/udp # pfSense nat bouncing -19534 19534/tcp # pfSense nat bouncing -19534 19534/udp # pfSense nat bouncing -19535 19535/tcp # pfSense nat bouncing -19535 19535/udp # pfSense nat bouncing -19536 19536/tcp # pfSense nat bouncing -19536 19536/udp # pfSense nat bouncing -19537 19537/tcp # pfSense nat bouncing -19537 19537/udp # pfSense nat bouncing -19538 19538/tcp # pfSense nat bouncing -19538 19538/udp # pfSense nat bouncing -19539 19539/tcp # pfSense nat bouncing -19539 19539/udp # pfSense nat bouncing -19540 19540/tcp # pfSense nat bouncing -19540 19540/udp # pfSense nat bouncing -19541 19541/tcp # pfSense nat bouncing -19541 19541/udp # pfSense nat bouncing -19542 19542/tcp # pfSense nat bouncing -19542 19542/udp # pfSense nat bouncing -19543 19543/tcp # pfSense nat bouncing -19543 19543/udp # pfSense nat bouncing -19544 19544/tcp # pfSense nat bouncing -19544 19544/udp # pfSense nat bouncing -19545 19545/tcp # pfSense nat bouncing -19545 19545/udp # pfSense nat bouncing -19546 19546/tcp # pfSense nat bouncing -19546 19546/udp # pfSense nat bouncing -19547 19547/tcp # pfSense nat bouncing -19547 19547/udp # pfSense nat bouncing -19548 19548/tcp # pfSense nat bouncing -19548 19548/udp # pfSense nat bouncing -19549 19549/tcp # pfSense nat bouncing -19549 19549/udp # pfSense nat bouncing -19550 19550/tcp # pfSense nat bouncing -19550 19550/udp # pfSense nat bouncing -19551 19551/tcp # pfSense nat bouncing -19551 19551/udp # pfSense nat bouncing -19552 19552/tcp # pfSense nat bouncing -19552 19552/udp # pfSense nat bouncing -19553 19553/tcp # pfSense nat bouncing -19553 19553/udp # pfSense nat bouncing -19554 19554/tcp # pfSense nat bouncing -19554 19554/udp # pfSense nat bouncing -19555 19555/tcp # pfSense nat bouncing -19555 19555/udp # pfSense nat bouncing -19556 19556/tcp # pfSense nat bouncing -19556 19556/udp # pfSense nat bouncing -19557 19557/tcp # pfSense nat bouncing -19557 19557/udp # pfSense nat bouncing -19558 19558/tcp # pfSense nat bouncing -19558 19558/udp # pfSense nat bouncing -19559 19559/tcp # pfSense nat bouncing -19559 19559/udp # pfSense nat bouncing -19560 19560/tcp # pfSense nat bouncing -19560 19560/udp # pfSense nat bouncing -19561 19561/tcp # pfSense nat bouncing -19561 19561/udp # pfSense nat bouncing -19562 19562/tcp # pfSense nat bouncing -19562 19562/udp # pfSense nat bouncing -19563 19563/tcp # pfSense nat bouncing -19563 19563/udp # pfSense nat bouncing -19564 19564/tcp # pfSense nat bouncing -19564 19564/udp # pfSense nat bouncing -19565 19565/tcp # pfSense nat bouncing -19565 19565/udp # pfSense nat bouncing -19566 19566/tcp # pfSense nat bouncing -19566 19566/udp # pfSense nat bouncing -19567 19567/tcp # pfSense nat bouncing -19567 19567/udp # pfSense nat bouncing -19568 19568/tcp # pfSense nat bouncing -19568 19568/udp # pfSense nat bouncing -19569 19569/tcp # pfSense nat bouncing -19569 19569/udp # pfSense nat bouncing -19570 19570/tcp # pfSense nat bouncing -19570 19570/udp # pfSense nat bouncing -19571 19571/tcp # pfSense nat bouncing -19571 19571/udp # pfSense nat bouncing -19572 19572/tcp # pfSense nat bouncing -19572 19572/udp # pfSense nat bouncing -19573 19573/tcp # pfSense nat bouncing -19573 19573/udp # pfSense nat bouncing -19574 19574/tcp # pfSense nat bouncing -19574 19574/udp # pfSense nat bouncing -19575 19575/tcp # pfSense nat bouncing -19575 19575/udp # pfSense nat bouncing -19576 19576/tcp # pfSense nat bouncing -19576 19576/udp # pfSense nat bouncing -19577 19577/tcp # pfSense nat bouncing -19577 19577/udp # pfSense nat bouncing -19578 19578/tcp # pfSense nat bouncing -19578 19578/udp # pfSense nat bouncing -19579 19579/tcp # pfSense nat bouncing -19579 19579/udp # pfSense nat bouncing -19580 19580/tcp # pfSense nat bouncing -19580 19580/udp # pfSense nat bouncing -19581 19581/tcp # pfSense nat bouncing -19581 19581/udp # pfSense nat bouncing -19582 19582/tcp # pfSense nat bouncing -19582 19582/udp # pfSense nat bouncing -19583 19583/tcp # pfSense nat bouncing -19583 19583/udp # pfSense nat bouncing -19584 19584/tcp # pfSense nat bouncing -19584 19584/udp # pfSense nat bouncing -19585 19585/tcp # pfSense nat bouncing -19585 19585/udp # pfSense nat bouncing -19586 19586/tcp # pfSense nat bouncing -19586 19586/udp # pfSense nat bouncing -19587 19587/tcp # pfSense nat bouncing -19587 19587/udp # pfSense nat bouncing -19588 19588/tcp # pfSense nat bouncing -19588 19588/udp # pfSense nat bouncing -19589 19589/tcp # pfSense nat bouncing -19589 19589/udp # pfSense nat bouncing -19590 19590/tcp # pfSense nat bouncing -19590 19590/udp # pfSense nat bouncing -19591 19591/tcp # pfSense nat bouncing -19591 19591/udp # pfSense nat bouncing -19592 19592/tcp # pfSense nat bouncing -19592 19592/udp # pfSense nat bouncing -19593 19593/tcp # pfSense nat bouncing -19593 19593/udp # pfSense nat bouncing -19594 19594/tcp # pfSense nat bouncing -19594 19594/udp # pfSense nat bouncing -19595 19595/tcp # pfSense nat bouncing -19595 19595/udp # pfSense nat bouncing -19596 19596/tcp # pfSense nat bouncing -19596 19596/udp # pfSense nat bouncing -19597 19597/tcp # pfSense nat bouncing -19597 19597/udp # pfSense nat bouncing -19598 19598/tcp # pfSense nat bouncing -19598 19598/udp # pfSense nat bouncing -19599 19599/tcp # pfSense nat bouncing -19599 19599/udp # pfSense nat bouncing -19600 19600/tcp # pfSense nat bouncing -19600 19600/udp # pfSense nat bouncing -19601 19601/tcp # pfSense nat bouncing -19601 19601/udp # pfSense nat bouncing -19602 19602/tcp # pfSense nat bouncing -19602 19602/udp # pfSense nat bouncing -19603 19603/tcp # pfSense nat bouncing -19603 19603/udp # pfSense nat bouncing -19604 19604/tcp # pfSense nat bouncing -19604 19604/udp # pfSense nat bouncing -19605 19605/tcp # pfSense nat bouncing -19605 19605/udp # pfSense nat bouncing -19606 19606/tcp # pfSense nat bouncing -19606 19606/udp # pfSense nat bouncing -19607 19607/tcp # pfSense nat bouncing -19607 19607/udp # pfSense nat bouncing -19608 19608/tcp # pfSense nat bouncing -19608 19608/udp # pfSense nat bouncing -19609 19609/tcp # pfSense nat bouncing -19609 19609/udp # pfSense nat bouncing -19610 19610/tcp # pfSense nat bouncing -19610 19610/udp # pfSense nat bouncing -19611 19611/tcp # pfSense nat bouncing -19611 19611/udp # pfSense nat bouncing -19612 19612/tcp # pfSense nat bouncing -19612 19612/udp # pfSense nat bouncing -19613 19613/tcp # pfSense nat bouncing -19613 19613/udp # pfSense nat bouncing -19614 19614/tcp # pfSense nat bouncing -19614 19614/udp # pfSense nat bouncing -19615 19615/tcp # pfSense nat bouncing -19615 19615/udp # pfSense nat bouncing -19616 19616/tcp # pfSense nat bouncing -19616 19616/udp # pfSense nat bouncing -19617 19617/tcp # pfSense nat bouncing -19617 19617/udp # pfSense nat bouncing -19618 19618/tcp # pfSense nat bouncing -19618 19618/udp # pfSense nat bouncing -19619 19619/tcp # pfSense nat bouncing -19619 19619/udp # pfSense nat bouncing -19620 19620/tcp # pfSense nat bouncing -19620 19620/udp # pfSense nat bouncing -19621 19621/tcp # pfSense nat bouncing -19621 19621/udp # pfSense nat bouncing -19622 19622/tcp # pfSense nat bouncing -19622 19622/udp # pfSense nat bouncing -19623 19623/tcp # pfSense nat bouncing -19623 19623/udp # pfSense nat bouncing -19624 19624/tcp # pfSense nat bouncing -19624 19624/udp # pfSense nat bouncing -19625 19625/tcp # pfSense nat bouncing -19625 19625/udp # pfSense nat bouncing -19626 19626/tcp # pfSense nat bouncing -19626 19626/udp # pfSense nat bouncing -19627 19627/tcp # pfSense nat bouncing -19627 19627/udp # pfSense nat bouncing -19628 19628/tcp # pfSense nat bouncing -19628 19628/udp # pfSense nat bouncing -19629 19629/tcp # pfSense nat bouncing -19629 19629/udp # pfSense nat bouncing -19630 19630/tcp # pfSense nat bouncing -19630 19630/udp # pfSense nat bouncing -19631 19631/tcp # pfSense nat bouncing -19631 19631/udp # pfSense nat bouncing -19632 19632/tcp # pfSense nat bouncing -19632 19632/udp # pfSense nat bouncing -19633 19633/tcp # pfSense nat bouncing -19633 19633/udp # pfSense nat bouncing -19634 19634/tcp # pfSense nat bouncing -19634 19634/udp # pfSense nat bouncing -19635 19635/tcp # pfSense nat bouncing -19635 19635/udp # pfSense nat bouncing -19636 19636/tcp # pfSense nat bouncing -19636 19636/udp # pfSense nat bouncing -19637 19637/tcp # pfSense nat bouncing -19637 19637/udp # pfSense nat bouncing -19638 19638/tcp # pfSense nat bouncing -19638 19638/udp # pfSense nat bouncing -19639 19639/tcp # pfSense nat bouncing -19639 19639/udp # pfSense nat bouncing -19640 19640/tcp # pfSense nat bouncing -19640 19640/udp # pfSense nat bouncing -19641 19641/tcp # pfSense nat bouncing -19641 19641/udp # pfSense nat bouncing -19642 19642/tcp # pfSense nat bouncing -19642 19642/udp # pfSense nat bouncing -19643 19643/tcp # pfSense nat bouncing -19643 19643/udp # pfSense nat bouncing -19644 19644/tcp # pfSense nat bouncing -19644 19644/udp # pfSense nat bouncing -19645 19645/tcp # pfSense nat bouncing -19645 19645/udp # pfSense nat bouncing -19646 19646/tcp # pfSense nat bouncing -19646 19646/udp # pfSense nat bouncing -19647 19647/tcp # pfSense nat bouncing -19647 19647/udp # pfSense nat bouncing -19648 19648/tcp # pfSense nat bouncing -19648 19648/udp # pfSense nat bouncing -19649 19649/tcp # pfSense nat bouncing -19649 19649/udp # pfSense nat bouncing -19650 19650/tcp # pfSense nat bouncing -19650 19650/udp # pfSense nat bouncing -19651 19651/tcp # pfSense nat bouncing -19651 19651/udp # pfSense nat bouncing -19652 19652/tcp # pfSense nat bouncing -19652 19652/udp # pfSense nat bouncing -19653 19653/tcp # pfSense nat bouncing -19653 19653/udp # pfSense nat bouncing -19654 19654/tcp # pfSense nat bouncing -19654 19654/udp # pfSense nat bouncing -19655 19655/tcp # pfSense nat bouncing -19655 19655/udp # pfSense nat bouncing -19656 19656/tcp # pfSense nat bouncing -19656 19656/udp # pfSense nat bouncing -19657 19657/tcp # pfSense nat bouncing -19657 19657/udp # pfSense nat bouncing -19658 19658/tcp # pfSense nat bouncing -19658 19658/udp # pfSense nat bouncing -19659 19659/tcp # pfSense nat bouncing -19659 19659/udp # pfSense nat bouncing -19660 19660/tcp # pfSense nat bouncing -19660 19660/udp # pfSense nat bouncing -19661 19661/tcp # pfSense nat bouncing -19661 19661/udp # pfSense nat bouncing -19662 19662/tcp # pfSense nat bouncing -19662 19662/udp # pfSense nat bouncing -19663 19663/tcp # pfSense nat bouncing -19663 19663/udp # pfSense nat bouncing -19664 19664/tcp # pfSense nat bouncing -19664 19664/udp # pfSense nat bouncing -19665 19665/tcp # pfSense nat bouncing -19665 19665/udp # pfSense nat bouncing -19666 19666/tcp # pfSense nat bouncing -19666 19666/udp # pfSense nat bouncing -19667 19667/tcp # pfSense nat bouncing -19667 19667/udp # pfSense nat bouncing -19668 19668/tcp # pfSense nat bouncing -19668 19668/udp # pfSense nat bouncing -19669 19669/tcp # pfSense nat bouncing -19669 19669/udp # pfSense nat bouncing -19670 19670/tcp # pfSense nat bouncing -19670 19670/udp # pfSense nat bouncing -19671 19671/tcp # pfSense nat bouncing -19671 19671/udp # pfSense nat bouncing -19672 19672/tcp # pfSense nat bouncing -19672 19672/udp # pfSense nat bouncing -19673 19673/tcp # pfSense nat bouncing -19673 19673/udp # pfSense nat bouncing -19674 19674/tcp # pfSense nat bouncing -19674 19674/udp # pfSense nat bouncing -19675 19675/tcp # pfSense nat bouncing -19675 19675/udp # pfSense nat bouncing -19676 19676/tcp # pfSense nat bouncing -19676 19676/udp # pfSense nat bouncing -19677 19677/tcp # pfSense nat bouncing -19677 19677/udp # pfSense nat bouncing -19678 19678/tcp # pfSense nat bouncing -19678 19678/udp # pfSense nat bouncing -19679 19679/tcp # pfSense nat bouncing -19679 19679/udp # pfSense nat bouncing -19680 19680/tcp # pfSense nat bouncing -19680 19680/udp # pfSense nat bouncing -19681 19681/tcp # pfSense nat bouncing -19681 19681/udp # pfSense nat bouncing -19682 19682/tcp # pfSense nat bouncing -19682 19682/udp # pfSense nat bouncing -19683 19683/tcp # pfSense nat bouncing -19683 19683/udp # pfSense nat bouncing -19684 19684/tcp # pfSense nat bouncing -19684 19684/udp # pfSense nat bouncing -19685 19685/tcp # pfSense nat bouncing -19685 19685/udp # pfSense nat bouncing -19686 19686/tcp # pfSense nat bouncing -19686 19686/udp # pfSense nat bouncing -19687 19687/tcp # pfSense nat bouncing -19687 19687/udp # pfSense nat bouncing -19688 19688/tcp # pfSense nat bouncing -19688 19688/udp # pfSense nat bouncing -19689 19689/tcp # pfSense nat bouncing -19689 19689/udp # pfSense nat bouncing -19690 19690/tcp # pfSense nat bouncing -19690 19690/udp # pfSense nat bouncing -19691 19691/tcp # pfSense nat bouncing -19691 19691/udp # pfSense nat bouncing -19692 19692/tcp # pfSense nat bouncing -19692 19692/udp # pfSense nat bouncing -19693 19693/tcp # pfSense nat bouncing -19693 19693/udp # pfSense nat bouncing -19694 19694/tcp # pfSense nat bouncing -19694 19694/udp # pfSense nat bouncing -19695 19695/tcp # pfSense nat bouncing -19695 19695/udp # pfSense nat bouncing -19696 19696/tcp # pfSense nat bouncing -19696 19696/udp # pfSense nat bouncing -19697 19697/tcp # pfSense nat bouncing -19697 19697/udp # pfSense nat bouncing -19698 19698/tcp # pfSense nat bouncing -19698 19698/udp # pfSense nat bouncing -19699 19699/tcp # pfSense nat bouncing -19699 19699/udp # pfSense nat bouncing -19700 19700/tcp # pfSense nat bouncing -19700 19700/udp # pfSense nat bouncing -19701 19701/tcp # pfSense nat bouncing -19701 19701/udp # pfSense nat bouncing -19702 19702/tcp # pfSense nat bouncing -19702 19702/udp # pfSense nat bouncing -19703 19703/tcp # pfSense nat bouncing -19703 19703/udp # pfSense nat bouncing -19704 19704/tcp # pfSense nat bouncing -19704 19704/udp # pfSense nat bouncing -19705 19705/tcp # pfSense nat bouncing -19705 19705/udp # pfSense nat bouncing -19706 19706/tcp # pfSense nat bouncing -19706 19706/udp # pfSense nat bouncing -19707 19707/tcp # pfSense nat bouncing -19707 19707/udp # pfSense nat bouncing -19708 19708/tcp # pfSense nat bouncing -19708 19708/udp # pfSense nat bouncing -19709 19709/tcp # pfSense nat bouncing -19709 19709/udp # pfSense nat bouncing -19710 19710/tcp # pfSense nat bouncing -19710 19710/udp # pfSense nat bouncing -19711 19711/tcp # pfSense nat bouncing -19711 19711/udp # pfSense nat bouncing -19712 19712/tcp # pfSense nat bouncing -19712 19712/udp # pfSense nat bouncing -19713 19713/tcp # pfSense nat bouncing -19713 19713/udp # pfSense nat bouncing -19714 19714/tcp # pfSense nat bouncing -19714 19714/udp # pfSense nat bouncing -19715 19715/tcp # pfSense nat bouncing -19715 19715/udp # pfSense nat bouncing -19716 19716/tcp # pfSense nat bouncing -19716 19716/udp # pfSense nat bouncing -19717 19717/tcp # pfSense nat bouncing -19717 19717/udp # pfSense nat bouncing -19718 19718/tcp # pfSense nat bouncing -19718 19718/udp # pfSense nat bouncing -19719 19719/tcp # pfSense nat bouncing -19719 19719/udp # pfSense nat bouncing -19720 19720/tcp # pfSense nat bouncing -19720 19720/udp # pfSense nat bouncing -19721 19721/tcp # pfSense nat bouncing -19721 19721/udp # pfSense nat bouncing -19722 19722/tcp # pfSense nat bouncing -19722 19722/udp # pfSense nat bouncing -19723 19723/tcp # pfSense nat bouncing -19723 19723/udp # pfSense nat bouncing -19724 19724/tcp # pfSense nat bouncing -19724 19724/udp # pfSense nat bouncing -19725 19725/tcp # pfSense nat bouncing -19725 19725/udp # pfSense nat bouncing -19726 19726/tcp # pfSense nat bouncing -19726 19726/udp # pfSense nat bouncing -19727 19727/tcp # pfSense nat bouncing -19727 19727/udp # pfSense nat bouncing -19728 19728/tcp # pfSense nat bouncing -19728 19728/udp # pfSense nat bouncing -19729 19729/tcp # pfSense nat bouncing -19729 19729/udp # pfSense nat bouncing -19730 19730/tcp # pfSense nat bouncing -19730 19730/udp # pfSense nat bouncing -19731 19731/tcp # pfSense nat bouncing -19731 19731/udp # pfSense nat bouncing -19732 19732/tcp # pfSense nat bouncing -19732 19732/udp # pfSense nat bouncing -19733 19733/tcp # pfSense nat bouncing -19733 19733/udp # pfSense nat bouncing -19734 19734/tcp # pfSense nat bouncing -19734 19734/udp # pfSense nat bouncing -19735 19735/tcp # pfSense nat bouncing -19735 19735/udp # pfSense nat bouncing -19736 19736/tcp # pfSense nat bouncing -19736 19736/udp # pfSense nat bouncing -19737 19737/tcp # pfSense nat bouncing -19737 19737/udp # pfSense nat bouncing -19738 19738/tcp # pfSense nat bouncing -19738 19738/udp # pfSense nat bouncing -19739 19739/tcp # pfSense nat bouncing -19739 19739/udp # pfSense nat bouncing -19740 19740/tcp # pfSense nat bouncing -19740 19740/udp # pfSense nat bouncing -19741 19741/tcp # pfSense nat bouncing -19741 19741/udp # pfSense nat bouncing -19742 19742/tcp # pfSense nat bouncing -19742 19742/udp # pfSense nat bouncing -19743 19743/tcp # pfSense nat bouncing -19743 19743/udp # pfSense nat bouncing -19744 19744/tcp # pfSense nat bouncing -19744 19744/udp # pfSense nat bouncing -19745 19745/tcp # pfSense nat bouncing -19745 19745/udp # pfSense nat bouncing -19746 19746/tcp # pfSense nat bouncing -19746 19746/udp # pfSense nat bouncing -19747 19747/tcp # pfSense nat bouncing -19747 19747/udp # pfSense nat bouncing -19748 19748/tcp # pfSense nat bouncing -19748 19748/udp # pfSense nat bouncing -19749 19749/tcp # pfSense nat bouncing -19749 19749/udp # pfSense nat bouncing -19750 19750/tcp # pfSense nat bouncing -19750 19750/udp # pfSense nat bouncing -19751 19751/tcp # pfSense nat bouncing -19751 19751/udp # pfSense nat bouncing -19752 19752/tcp # pfSense nat bouncing -19752 19752/udp # pfSense nat bouncing -19753 19753/tcp # pfSense nat bouncing -19753 19753/udp # pfSense nat bouncing -19754 19754/tcp # pfSense nat bouncing -19754 19754/udp # pfSense nat bouncing -19755 19755/tcp # pfSense nat bouncing -19755 19755/udp # pfSense nat bouncing -19756 19756/tcp # pfSense nat bouncing -19756 19756/udp # pfSense nat bouncing -19757 19757/tcp # pfSense nat bouncing -19757 19757/udp # pfSense nat bouncing -19758 19758/tcp # pfSense nat bouncing -19758 19758/udp # pfSense nat bouncing -19759 19759/tcp # pfSense nat bouncing -19759 19759/udp # pfSense nat bouncing -19760 19760/tcp # pfSense nat bouncing -19760 19760/udp # pfSense nat bouncing -19761 19761/tcp # pfSense nat bouncing -19761 19761/udp # pfSense nat bouncing -19762 19762/tcp # pfSense nat bouncing -19762 19762/udp # pfSense nat bouncing -19763 19763/tcp # pfSense nat bouncing -19763 19763/udp # pfSense nat bouncing -19764 19764/tcp # pfSense nat bouncing -19764 19764/udp # pfSense nat bouncing -19765 19765/tcp # pfSense nat bouncing -19765 19765/udp # pfSense nat bouncing -19766 19766/tcp # pfSense nat bouncing -19766 19766/udp # pfSense nat bouncing -19767 19767/tcp # pfSense nat bouncing -19767 19767/udp # pfSense nat bouncing -19768 19768/tcp # pfSense nat bouncing -19768 19768/udp # pfSense nat bouncing -19769 19769/tcp # pfSense nat bouncing -19769 19769/udp # pfSense nat bouncing -19770 19770/tcp # pfSense nat bouncing -19770 19770/udp # pfSense nat bouncing -19771 19771/tcp # pfSense nat bouncing -19771 19771/udp # pfSense nat bouncing -19772 19772/tcp # pfSense nat bouncing -19772 19772/udp # pfSense nat bouncing -19773 19773/tcp # pfSense nat bouncing -19773 19773/udp # pfSense nat bouncing -19774 19774/tcp # pfSense nat bouncing -19774 19774/udp # pfSense nat bouncing -19775 19775/tcp # pfSense nat bouncing -19775 19775/udp # pfSense nat bouncing -19776 19776/tcp # pfSense nat bouncing -19776 19776/udp # pfSense nat bouncing -19777 19777/tcp # pfSense nat bouncing -19777 19777/udp # pfSense nat bouncing -19778 19778/tcp # pfSense nat bouncing -19778 19778/udp # pfSense nat bouncing -19779 19779/tcp # pfSense nat bouncing -19779 19779/udp # pfSense nat bouncing -19780 19780/tcp # pfSense nat bouncing -19780 19780/udp # pfSense nat bouncing -19781 19781/tcp # pfSense nat bouncing -19781 19781/udp # pfSense nat bouncing -19782 19782/tcp # pfSense nat bouncing -19782 19782/udp # pfSense nat bouncing -19783 19783/tcp # pfSense nat bouncing -19783 19783/udp # pfSense nat bouncing -19784 19784/tcp # pfSense nat bouncing -19784 19784/udp # pfSense nat bouncing -19785 19785/tcp # pfSense nat bouncing -19785 19785/udp # pfSense nat bouncing -19786 19786/tcp # pfSense nat bouncing -19786 19786/udp # pfSense nat bouncing -19787 19787/tcp # pfSense nat bouncing -19787 19787/udp # pfSense nat bouncing -19788 19788/tcp # pfSense nat bouncing -19788 19788/udp # pfSense nat bouncing -19789 19789/tcp # pfSense nat bouncing -19789 19789/udp # pfSense nat bouncing -19790 19790/tcp # pfSense nat bouncing -19790 19790/udp # pfSense nat bouncing -19791 19791/tcp # pfSense nat bouncing -19791 19791/udp # pfSense nat bouncing -19792 19792/tcp # pfSense nat bouncing -19792 19792/udp # pfSense nat bouncing -19793 19793/tcp # pfSense nat bouncing -19793 19793/udp # pfSense nat bouncing -19794 19794/tcp # pfSense nat bouncing -19794 19794/udp # pfSense nat bouncing -19795 19795/tcp # pfSense nat bouncing -19795 19795/udp # pfSense nat bouncing -19796 19796/tcp # pfSense nat bouncing -19796 19796/udp # pfSense nat bouncing -19797 19797/tcp # pfSense nat bouncing -19797 19797/udp # pfSense nat bouncing -19798 19798/tcp # pfSense nat bouncing -19798 19798/udp # pfSense nat bouncing -19799 19799/tcp # pfSense nat bouncing -19799 19799/udp # pfSense nat bouncing -19800 19800/tcp # pfSense nat bouncing -19800 19800/udp # pfSense nat bouncing -19801 19801/tcp # pfSense nat bouncing -19801 19801/udp # pfSense nat bouncing -19802 19802/tcp # pfSense nat bouncing -19802 19802/udp # pfSense nat bouncing -19803 19803/tcp # pfSense nat bouncing -19803 19803/udp # pfSense nat bouncing -19804 19804/tcp # pfSense nat bouncing -19804 19804/udp # pfSense nat bouncing -19805 19805/tcp # pfSense nat bouncing -19805 19805/udp # pfSense nat bouncing -19806 19806/tcp # pfSense nat bouncing -19806 19806/udp # pfSense nat bouncing -19807 19807/tcp # pfSense nat bouncing -19807 19807/udp # pfSense nat bouncing -19808 19808/tcp # pfSense nat bouncing -19808 19808/udp # pfSense nat bouncing -19809 19809/tcp # pfSense nat bouncing -19809 19809/udp # pfSense nat bouncing -19810 19810/tcp # pfSense nat bouncing -19810 19810/udp # pfSense nat bouncing -19811 19811/tcp # pfSense nat bouncing -19811 19811/udp # pfSense nat bouncing -19812 19812/tcp # pfSense nat bouncing -19812 19812/udp # pfSense nat bouncing -19813 19813/tcp # pfSense nat bouncing -19813 19813/udp # pfSense nat bouncing -19814 19814/tcp # pfSense nat bouncing -19814 19814/udp # pfSense nat bouncing -19815 19815/tcp # pfSense nat bouncing -19815 19815/udp # pfSense nat bouncing -19816 19816/tcp # pfSense nat bouncing -19816 19816/udp # pfSense nat bouncing -19817 19817/tcp # pfSense nat bouncing -19817 19817/udp # pfSense nat bouncing -19818 19818/tcp # pfSense nat bouncing -19818 19818/udp # pfSense nat bouncing -19819 19819/tcp # pfSense nat bouncing -19819 19819/udp # pfSense nat bouncing -19820 19820/tcp # pfSense nat bouncing -19820 19820/udp # pfSense nat bouncing -19821 19821/tcp # pfSense nat bouncing -19821 19821/udp # pfSense nat bouncing -19822 19822/tcp # pfSense nat bouncing -19822 19822/udp # pfSense nat bouncing -19823 19823/tcp # pfSense nat bouncing -19823 19823/udp # pfSense nat bouncing -19824 19824/tcp # pfSense nat bouncing -19824 19824/udp # pfSense nat bouncing -19825 19825/tcp # pfSense nat bouncing -19825 19825/udp # pfSense nat bouncing -19826 19826/tcp # pfSense nat bouncing -19826 19826/udp # pfSense nat bouncing -19827 19827/tcp # pfSense nat bouncing -19827 19827/udp # pfSense nat bouncing -19828 19828/tcp # pfSense nat bouncing -19828 19828/udp # pfSense nat bouncing -19829 19829/tcp # pfSense nat bouncing -19829 19829/udp # pfSense nat bouncing -19830 19830/tcp # pfSense nat bouncing -19830 19830/udp # pfSense nat bouncing -19831 19831/tcp # pfSense nat bouncing -19831 19831/udp # pfSense nat bouncing -19832 19832/tcp # pfSense nat bouncing -19832 19832/udp # pfSense nat bouncing -19833 19833/tcp # pfSense nat bouncing -19833 19833/udp # pfSense nat bouncing -19834 19834/tcp # pfSense nat bouncing -19834 19834/udp # pfSense nat bouncing -19835 19835/tcp # pfSense nat bouncing -19835 19835/udp # pfSense nat bouncing -19836 19836/tcp # pfSense nat bouncing -19836 19836/udp # pfSense nat bouncing -19837 19837/tcp # pfSense nat bouncing -19837 19837/udp # pfSense nat bouncing -19838 19838/tcp # pfSense nat bouncing -19838 19838/udp # pfSense nat bouncing -19839 19839/tcp # pfSense nat bouncing -19839 19839/udp # pfSense nat bouncing -19840 19840/tcp # pfSense nat bouncing -19840 19840/udp # pfSense nat bouncing -19841 19841/tcp # pfSense nat bouncing -19841 19841/udp # pfSense nat bouncing -19842 19842/tcp # pfSense nat bouncing -19842 19842/udp # pfSense nat bouncing -19843 19843/tcp # pfSense nat bouncing -19843 19843/udp # pfSense nat bouncing -19844 19844/tcp # pfSense nat bouncing -19844 19844/udp # pfSense nat bouncing -19845 19845/tcp # pfSense nat bouncing -19845 19845/udp # pfSense nat bouncing -19846 19846/tcp # pfSense nat bouncing -19846 19846/udp # pfSense nat bouncing -19847 19847/tcp # pfSense nat bouncing -19847 19847/udp # pfSense nat bouncing -19848 19848/tcp # pfSense nat bouncing -19848 19848/udp # pfSense nat bouncing -19849 19849/tcp # pfSense nat bouncing -19849 19849/udp # pfSense nat bouncing -19850 19850/tcp # pfSense nat bouncing -19850 19850/udp # pfSense nat bouncing -19851 19851/tcp # pfSense nat bouncing -19851 19851/udp # pfSense nat bouncing -19852 19852/tcp # pfSense nat bouncing -19852 19852/udp # pfSense nat bouncing -19853 19853/tcp # pfSense nat bouncing -19853 19853/udp # pfSense nat bouncing -19854 19854/tcp # pfSense nat bouncing -19854 19854/udp # pfSense nat bouncing -19855 19855/tcp # pfSense nat bouncing -19855 19855/udp # pfSense nat bouncing -19856 19856/tcp # pfSense nat bouncing -19856 19856/udp # pfSense nat bouncing -19857 19857/tcp # pfSense nat bouncing -19857 19857/udp # pfSense nat bouncing -19858 19858/tcp # pfSense nat bouncing -19858 19858/udp # pfSense nat bouncing -19859 19859/tcp # pfSense nat bouncing -19859 19859/udp # pfSense nat bouncing -19860 19860/tcp # pfSense nat bouncing -19860 19860/udp # pfSense nat bouncing -19861 19861/tcp # pfSense nat bouncing -19861 19861/udp # pfSense nat bouncing -19862 19862/tcp # pfSense nat bouncing -19862 19862/udp # pfSense nat bouncing -19863 19863/tcp # pfSense nat bouncing -19863 19863/udp # pfSense nat bouncing -19864 19864/tcp # pfSense nat bouncing -19864 19864/udp # pfSense nat bouncing -19865 19865/tcp # pfSense nat bouncing -19865 19865/udp # pfSense nat bouncing -19866 19866/tcp # pfSense nat bouncing -19866 19866/udp # pfSense nat bouncing -19867 19867/tcp # pfSense nat bouncing -19867 19867/udp # pfSense nat bouncing -19868 19868/tcp # pfSense nat bouncing -19868 19868/udp # pfSense nat bouncing -19869 19869/tcp # pfSense nat bouncing -19869 19869/udp # pfSense nat bouncing -19870 19870/tcp # pfSense nat bouncing -19870 19870/udp # pfSense nat bouncing -19871 19871/tcp # pfSense nat bouncing -19871 19871/udp # pfSense nat bouncing -19872 19872/tcp # pfSense nat bouncing -19872 19872/udp # pfSense nat bouncing -19873 19873/tcp # pfSense nat bouncing -19873 19873/udp # pfSense nat bouncing -19874 19874/tcp # pfSense nat bouncing -19874 19874/udp # pfSense nat bouncing -19875 19875/tcp # pfSense nat bouncing -19875 19875/udp # pfSense nat bouncing -19876 19876/tcp # pfSense nat bouncing -19876 19876/udp # pfSense nat bouncing -19877 19877/tcp # pfSense nat bouncing -19877 19877/udp # pfSense nat bouncing -19878 19878/tcp # pfSense nat bouncing -19878 19878/udp # pfSense nat bouncing -19879 19879/tcp # pfSense nat bouncing -19879 19879/udp # pfSense nat bouncing -19880 19880/tcp # pfSense nat bouncing -19880 19880/udp # pfSense nat bouncing -19881 19881/tcp # pfSense nat bouncing -19881 19881/udp # pfSense nat bouncing -19882 19882/tcp # pfSense nat bouncing -19882 19882/udp # pfSense nat bouncing -19883 19883/tcp # pfSense nat bouncing -19883 19883/udp # pfSense nat bouncing -19884 19884/tcp # pfSense nat bouncing -19884 19884/udp # pfSense nat bouncing -19885 19885/tcp # pfSense nat bouncing -19885 19885/udp # pfSense nat bouncing -19886 19886/tcp # pfSense nat bouncing -19886 19886/udp # pfSense nat bouncing -19887 19887/tcp # pfSense nat bouncing -19887 19887/udp # pfSense nat bouncing -19888 19888/tcp # pfSense nat bouncing -19888 19888/udp # pfSense nat bouncing -19889 19889/tcp # pfSense nat bouncing -19889 19889/udp # pfSense nat bouncing -19890 19890/tcp # pfSense nat bouncing -19890 19890/udp # pfSense nat bouncing -19891 19891/tcp # pfSense nat bouncing -19891 19891/udp # pfSense nat bouncing -19892 19892/tcp # pfSense nat bouncing -19892 19892/udp # pfSense nat bouncing -19893 19893/tcp # pfSense nat bouncing -19893 19893/udp # pfSense nat bouncing -19894 19894/tcp # pfSense nat bouncing -19894 19894/udp # pfSense nat bouncing -19895 19895/tcp # pfSense nat bouncing -19895 19895/udp # pfSense nat bouncing -19896 19896/tcp # pfSense nat bouncing -19896 19896/udp # pfSense nat bouncing -19897 19897/tcp # pfSense nat bouncing -19897 19897/udp # pfSense nat bouncing -19898 19898/tcp # pfSense nat bouncing -19898 19898/udp # pfSense nat bouncing -19899 19899/tcp # pfSense nat bouncing -19899 19899/udp # pfSense nat bouncing -19900 19900/tcp # pfSense nat bouncing -19900 19900/udp # pfSense nat bouncing -19901 19901/tcp # pfSense nat bouncing -19901 19901/udp # pfSense nat bouncing -19902 19902/tcp # pfSense nat bouncing -19902 19902/udp # pfSense nat bouncing -19903 19903/tcp # pfSense nat bouncing -19903 19903/udp # pfSense nat bouncing -19904 19904/tcp # pfSense nat bouncing -19904 19904/udp # pfSense nat bouncing -19905 19905/tcp # pfSense nat bouncing -19905 19905/udp # pfSense nat bouncing -19906 19906/tcp # pfSense nat bouncing -19906 19906/udp # pfSense nat bouncing -19907 19907/tcp # pfSense nat bouncing -19907 19907/udp # pfSense nat bouncing -19908 19908/tcp # pfSense nat bouncing -19908 19908/udp # pfSense nat bouncing -19909 19909/tcp # pfSense nat bouncing -19909 19909/udp # pfSense nat bouncing -19910 19910/tcp # pfSense nat bouncing -19910 19910/udp # pfSense nat bouncing -19911 19911/tcp # pfSense nat bouncing -19911 19911/udp # pfSense nat bouncing -19912 19912/tcp # pfSense nat bouncing -19912 19912/udp # pfSense nat bouncing -19913 19913/tcp # pfSense nat bouncing -19913 19913/udp # pfSense nat bouncing -19914 19914/tcp # pfSense nat bouncing -19914 19914/udp # pfSense nat bouncing -19915 19915/tcp # pfSense nat bouncing -19915 19915/udp # pfSense nat bouncing -19916 19916/tcp # pfSense nat bouncing -19916 19916/udp # pfSense nat bouncing -19917 19917/tcp # pfSense nat bouncing -19917 19917/udp # pfSense nat bouncing -19918 19918/tcp # pfSense nat bouncing -19918 19918/udp # pfSense nat bouncing -19919 19919/tcp # pfSense nat bouncing -19919 19919/udp # pfSense nat bouncing -19920 19920/tcp # pfSense nat bouncing -19920 19920/udp # pfSense nat bouncing -19921 19921/tcp # pfSense nat bouncing -19921 19921/udp # pfSense nat bouncing -19922 19922/tcp # pfSense nat bouncing -19922 19922/udp # pfSense nat bouncing -19923 19923/tcp # pfSense nat bouncing -19923 19923/udp # pfSense nat bouncing -19924 19924/tcp # pfSense nat bouncing -19924 19924/udp # pfSense nat bouncing -19925 19925/tcp # pfSense nat bouncing -19925 19925/udp # pfSense nat bouncing -19926 19926/tcp # pfSense nat bouncing -19926 19926/udp # pfSense nat bouncing -19927 19927/tcp # pfSense nat bouncing -19927 19927/udp # pfSense nat bouncing -19928 19928/tcp # pfSense nat bouncing -19928 19928/udp # pfSense nat bouncing -19929 19929/tcp # pfSense nat bouncing -19929 19929/udp # pfSense nat bouncing -19930 19930/tcp # pfSense nat bouncing -19930 19930/udp # pfSense nat bouncing -19931 19931/tcp # pfSense nat bouncing -19931 19931/udp # pfSense nat bouncing -19932 19932/tcp # pfSense nat bouncing -19932 19932/udp # pfSense nat bouncing -19933 19933/tcp # pfSense nat bouncing -19933 19933/udp # pfSense nat bouncing -19934 19934/tcp # pfSense nat bouncing -19934 19934/udp # pfSense nat bouncing -19935 19935/tcp # pfSense nat bouncing -19935 19935/udp # pfSense nat bouncing -19936 19936/tcp # pfSense nat bouncing -19936 19936/udp # pfSense nat bouncing -19937 19937/tcp # pfSense nat bouncing -19937 19937/udp # pfSense nat bouncing -19938 19938/tcp # pfSense nat bouncing -19938 19938/udp # pfSense nat bouncing -19939 19939/tcp # pfSense nat bouncing -19939 19939/udp # pfSense nat bouncing -19940 19940/tcp # pfSense nat bouncing -19940 19940/udp # pfSense nat bouncing -19941 19941/tcp # pfSense nat bouncing -19941 19941/udp # pfSense nat bouncing -19942 19942/tcp # pfSense nat bouncing -19942 19942/udp # pfSense nat bouncing -19943 19943/tcp # pfSense nat bouncing -19943 19943/udp # pfSense nat bouncing -19944 19944/tcp # pfSense nat bouncing -19944 19944/udp # pfSense nat bouncing -19945 19945/tcp # pfSense nat bouncing -19945 19945/udp # pfSense nat bouncing -19946 19946/tcp # pfSense nat bouncing -19946 19946/udp # pfSense nat bouncing -19947 19947/tcp # pfSense nat bouncing -19947 19947/udp # pfSense nat bouncing -19948 19948/tcp # pfSense nat bouncing -19948 19948/udp # pfSense nat bouncing -19949 19949/tcp # pfSense nat bouncing -19949 19949/udp # pfSense nat bouncing -19950 19950/tcp # pfSense nat bouncing -19950 19950/udp # pfSense nat bouncing -19951 19951/tcp # pfSense nat bouncing -19951 19951/udp # pfSense nat bouncing -19952 19952/tcp # pfSense nat bouncing -19952 19952/udp # pfSense nat bouncing -19953 19953/tcp # pfSense nat bouncing -19953 19953/udp # pfSense nat bouncing -19954 19954/tcp # pfSense nat bouncing -19954 19954/udp # pfSense nat bouncing -19955 19955/tcp # pfSense nat bouncing -19955 19955/udp # pfSense nat bouncing -19956 19956/tcp # pfSense nat bouncing -19956 19956/udp # pfSense nat bouncing -19957 19957/tcp # pfSense nat bouncing -19957 19957/udp # pfSense nat bouncing -19958 19958/tcp # pfSense nat bouncing -19958 19958/udp # pfSense nat bouncing -19959 19959/tcp # pfSense nat bouncing -19959 19959/udp # pfSense nat bouncing -19960 19960/tcp # pfSense nat bouncing -19960 19960/udp # pfSense nat bouncing -19961 19961/tcp # pfSense nat bouncing -19961 19961/udp # pfSense nat bouncing -19962 19962/tcp # pfSense nat bouncing -19962 19962/udp # pfSense nat bouncing -19963 19963/tcp # pfSense nat bouncing -19963 19963/udp # pfSense nat bouncing -19964 19964/tcp # pfSense nat bouncing -19964 19964/udp # pfSense nat bouncing -19965 19965/tcp # pfSense nat bouncing -19965 19965/udp # pfSense nat bouncing -19966 19966/tcp # pfSense nat bouncing -19966 19966/udp # pfSense nat bouncing -19967 19967/tcp # pfSense nat bouncing -19967 19967/udp # pfSense nat bouncing -19968 19968/tcp # pfSense nat bouncing -19968 19968/udp # pfSense nat bouncing -19969 19969/tcp # pfSense nat bouncing -19969 19969/udp # pfSense nat bouncing -19970 19970/tcp # pfSense nat bouncing -19970 19970/udp # pfSense nat bouncing -19971 19971/tcp # pfSense nat bouncing -19971 19971/udp # pfSense nat bouncing -19972 19972/tcp # pfSense nat bouncing -19972 19972/udp # pfSense nat bouncing -19973 19973/tcp # pfSense nat bouncing -19973 19973/udp # pfSense nat bouncing -19974 19974/tcp # pfSense nat bouncing -19974 19974/udp # pfSense nat bouncing -19975 19975/tcp # pfSense nat bouncing -19975 19975/udp # pfSense nat bouncing -19976 19976/tcp # pfSense nat bouncing -19976 19976/udp # pfSense nat bouncing -19977 19977/tcp # pfSense nat bouncing -19977 19977/udp # pfSense nat bouncing -19978 19978/tcp # pfSense nat bouncing -19978 19978/udp # pfSense nat bouncing -19979 19979/tcp # pfSense nat bouncing -19979 19979/udp # pfSense nat bouncing -19980 19980/tcp # pfSense nat bouncing -19980 19980/udp # pfSense nat bouncing -19981 19981/tcp # pfSense nat bouncing -19981 19981/udp # pfSense nat bouncing -19982 19982/tcp # pfSense nat bouncing -19982 19982/udp # pfSense nat bouncing -19983 19983/tcp # pfSense nat bouncing -19983 19983/udp # pfSense nat bouncing -19984 19984/tcp # pfSense nat bouncing -19984 19984/udp # pfSense nat bouncing -19985 19985/tcp # pfSense nat bouncing -19985 19985/udp # pfSense nat bouncing -19986 19986/tcp # pfSense nat bouncing -19986 19986/udp # pfSense nat bouncing -19987 19987/tcp # pfSense nat bouncing -19987 19987/udp # pfSense nat bouncing -19988 19988/tcp # pfSense nat bouncing -19988 19988/udp # pfSense nat bouncing -19989 19989/tcp # pfSense nat bouncing -19989 19989/udp # pfSense nat bouncing -19990 19990/tcp # pfSense nat bouncing -19990 19990/udp # pfSense nat bouncing -19991 19991/tcp # pfSense nat bouncing -19991 19991/udp # pfSense nat bouncing -19992 19992/tcp # pfSense nat bouncing -19992 19992/udp # pfSense nat bouncing -19993 19993/tcp # pfSense nat bouncing -19993 19993/udp # pfSense nat bouncing -19994 19994/tcp # pfSense nat bouncing -19994 19994/udp # pfSense nat bouncing -19995 19995/tcp # pfSense nat bouncing -19995 19995/udp # pfSense nat bouncing -19996 19996/tcp # pfSense nat bouncing -19996 19996/udp # pfSense nat bouncing -19997 19997/tcp # pfSense nat bouncing -19997 19997/udp # pfSense nat bouncing -19998 19998/tcp # pfSense nat bouncing -19998 19998/udp # pfSense nat bouncing -19999 19999/tcp # pfSense nat bouncing -19999 19999/udp # pfSense nat bouncing -dbbrowse 47557/tcp #Databeam Corporation -dbbrowse 47557/udp #Databeam Corporation -wnn4 22273/tcp #Wnn4 (Japanese input) -wnn4_Cn 22289/tcp #Wnn4 (Chinese input) -wnn4_Tw 22321/tcp #Wnn4 (Taiwanse input) -wnn4_Kr 22305/tcp #Wnn4 (Korean input) -wnn6 22273/tcp #Wnn6 (Japanese input) -wnn6_Cn 22289/tcp #Wnn6 (Chinese input) -wnn6_Tw 22321/tcp #Wnn6 (Taiwanse input) -wnn6_Kr 22305/tcp #Wnn6 (Korean input) -wnn6_DS 26208/tcp #Wnn6 (Dserver) diff --git a/src/etc/sshd b/src/etc/sshd index 05ddb63..2e59824 100755 --- a/src/etc/sshd +++ b/src/etc/sshd @@ -163,7 +163,7 @@ $generate_keys = array(); foreach ($keys as $key) { if (!file_exists("{$sshConfigDir}/ssh_host_{$key['suffix']}key") || - !file_exists("{$sshConfigDir}/ssh_host_{$key['suffix']}key.pub")) { + !file_exists("{$sshConfigDir}/ssh_host_{$key['suffix']}key.pub")) { $generate_keys[] = $key; } } diff --git a/src/etc/ssl/openssl.cnf b/src/etc/ssl/openssl.cnf index 41664e6..3ea2df5 100644 --- a/src/etc/ssl/openssl.cnf +++ b/src/etc/ssl/openssl.cnf @@ -275,7 +275,7 @@ authorityKeyIdentifier=keyid:always,issuer:always # So we do this instead. basicConstraints = CA:true -# Key usage: this is typical for a CA certificate. +# Key usage: this is typical for a CA certificate. keyUsage = cRLSign, keyCertSign # Some might want this also |
