diff options
| -rw-r--r-- | etc/inc/captiveportal.inc | 256 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 4 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 6 | ||||
| -rw-r--r-- | etc/inc/system.inc | 12 | ||||
| -rw-r--r-- | etc/pfSense.obsoletedfiles | 1 | ||||
| -rwxr-xr-x | etc/rc.linkup.sh | 5 | ||||
| -rwxr-xr-x | etc/rc.restart_webgui | 4 | ||||
| -rwxr-xr-x | etc/sshd | 4 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat.php | 36 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_admin.php | 2 |
10 files changed, 177 insertions, 153 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1b34717..a4e5d55 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -52,49 +52,7 @@ function captiveportal_configure() { $captiveportallck = lock('captiveportal'); - $cpactive = false; if (isset($config['captiveportal']['enable'])) { - $cpips = array(); - $ifaces = get_configured_interface_list(); - foreach ($ifaces as $kiface => $kiface2) { - $tmpif = get_real_interface($kiface); - pfSense_interface_flags($tmpif, -IFF_IPFW_FILTER); - } - $cpinterfaces = explode(",", $config['captiveportal']['interface']); - $firsttime = 0; - foreach ($cpinterfaces as $cpifgrp) { - if (!isset($ifaces[$cpifgrp])) - continue; - $tmpif = get_real_interface($cpifgrp); - if (!empty($tmpif)) { - if ($firsttime > 0) - $cpinterface .= " or "; - $cpinterface .= "via {$tmpif}"; - $firsttime = 1; - $cpipm = get_interface_ip($cpifgrp); - if (is_ipaddr($cpipm)) { - $carpif = link_ip_to_carp_interface($cpipm); - if (!empty($carpif)) { - $carpsif = explode(" ", $carpif); - foreach ($carpsif as $cpcarp) { - pfSense_interface_flags($cpcarp, IFF_IPFW_FILTER); - $carpip = find_interface_ip($cpcarp); - if (is_ipaddr($carpip)) - $cpips[] = $carpip; - } - } - $cpips[] = $cpipm; - pfSense_interface_flags($tmpif, IFF_IPFW_FILTER); - } - } - } - if (count($cpips) > 0) { - $cpactive = true; - $cpinterface = "{ {$cpinterface} } "; - } - } - - if ($cpactive == true) { if ($g['booting']) echo "Starting captive portal... "; @@ -108,7 +66,6 @@ function captiveportal_configure() { unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db"); unlink_if_exists("{$g['vardb_path']}/captiveportal_ip.db"); unlink_if_exists("{$g['vardb_path']}/captiveportal_radius.db"); - mwexec("/sbin/ipfw -q table all flush", true); /* setup new database in case someone tries to access the status -> captive portal page */ touch("{$g['vardb_path']}/captiveportal.db"); @@ -116,22 +73,11 @@ function captiveportal_configure() { /* kill any running minicron */ killbypid("{$g['varrun_path']}/minicron.pid"); - /* make sure ipfw is loaded */ - if (!is_module_loaded("ipfw.ko")) - filter_load_ipfw(); - /* Always load dummynet now that even allowed ip and mac passthrough use it. */ - if (!is_module_loaded("dummynet.ko")) - mwexec("/sbin/kldload dummynet"); - - /* generate ipfw rules */ + /* init dummynet/ipfw rules number database */ captiveportal_init_ipfw_ruleno(); - $cprules = captiveportal_rules_generate($cpinterface, $cpips); - $cprules .= "\n"; - /* generate passthru mac database */ - $cprules .= captiveportal_passthrumac_configure(true); - $cprules .= "\n"; - /* allowed ipfw rules to make allowed ip work */ - $cprules .= captiveportal_allowedip_configure(); + + /* init ipfw rules */ + captiveportal_init_rules(); /* stop accounting on all clients */ captiveportal_radius_stop_all(true); @@ -277,60 +223,8 @@ EOD; /* write elements */ captiveportal_write_elements(); - /* load rules */ - mwexec("/sbin/ipfw -q flush"); - - /* ipfw cannot accept rules directly on stdin, - so we have to write them to a temporary file first */ - $fd = @fopen("{$g['tmp_path']}/ipfw.cp.rules", "w"); - if (!$fd) { - printf("Cannot open ipfw.cp.rules in captiveportal_configure()\n"); - return 1; - } - - fwrite($fd, $cprules); - fclose($fd); - - mwexec("/sbin/ipfw -q {$g['tmp_path']}/ipfw.cp.rules"); - - @unlink("{$g['tmp_path']}/ipfw.cp.rules"); - - /* filter on layer2 as well so we can check MAC addresses */ - mwexec("/sbin/sysctl net.link.ether.ipfw=1"); - - chdir($g['captiveportal_path']); - - if ($config['captiveportal']['maxproc']) - $maxproc = $config['captiveportal']['maxproc']; - else - $maxproc = 16; - - $use_fastcgi = true; - - if(isset($config['captiveportal']['httpslogin'])) { - $cert = base64_decode($config['captiveportal']['certificate']); - if (isset($config['captiveportal']['cacertificate'])) - $cacert = base64_decode($config['captiveportal']['cacertificate']); - else - $cacert = ""; - $key = base64_decode($config['captiveportal']['private-key']); - /* generate lighttpd configuration */ - system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal-SSL.conf", - $cert, $key, $cacert, "lighty-CaptivePortal-ssl.pid", "8001", "/usr/local/captiveportal/", - "cert-portal.pem", "ca-portal.pem", "1", $maxproc, $use_fastcgi, true); - } - - /* generate lighttpd configuration */ - system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal.conf", - "", "", "", "lighty-CaptivePortal.pid", "8000", "/usr/local/captiveportal/", - "cert-portal.pem", "ca-portal.pem", "1", $maxproc, $use_fastcgi, true); - - /* attempt to start lighttpd */ - $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-CaptivePortal.conf"); - - /* fire up https instance */ - if(isset($config['captiveportal']['httpslogin'])) - $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-CaptivePortal-SSL.conf"); + /* start up the webserving daemon */ + captiveportal_init_webgui(); /* start pruning process (interval defaults to 60 seconds) */ mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/minicron.pid " . @@ -408,9 +302,98 @@ EOD; return 0; } -function captiveportal_rules_generate($cpif, &$cpiparray) { +function captiveportal_init_webgui() { + global $g, $config; + + if (!isset($config['captiveportal']['enable'])) + return; + + if ($config['captiveportal']['maxproc']) + $maxproc = $config['captiveportal']['maxproc']; + else + $maxproc = 16; + + $use_fastcgi = true; + + if (isset($config['captiveportal']['httpslogin'])) { + $cert = base64_decode($config['captiveportal']['certificate']); + if (isset($config['captiveportal']['cacertificate'])) + $cacert = base64_decode($config['captiveportal']['cacertificate']); + else + $cacert = ""; + $key = base64_decode($config['captiveportal']['private-key']); + /* generate lighttpd configuration */ + system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal-SSL.conf", + $cert, $key, $cacert, "lighty-CaptivePortal-ssl.pid", "8001", "/usr/local/captiveportal/", + "cert-portal.pem", "ca-portal.pem", "1", $maxproc, $use_fastcgi, true); + } + + /* generate lighttpd configuration */ + system_generate_lighty_config("{$g['varetc_path']}/lighty-CaptivePortal.conf", + "", "", "", "lighty-CaptivePortal.pid", "8000", "/usr/local/captiveportal/", + "cert-portal.pem", "ca-portal.pem", "1", $maxproc, $use_fastcgi, true); + + /* attempt to start lighttpd */ + $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-CaptivePortal.conf"); + + /* fire up https instance */ + if (isset($config['captiveportal']['httpslogin'])) + $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-CaptivePortal-SSL.conf"); +} + +function captiveportal_init_rules() { global $config, $g; + if (!isset($config['captiveportal']['enable'])) + return; + + $cpips = array(); + $ifaces = get_configured_interface_list(); + foreach ($ifaces as $kiface => $kiface2) { + $tmpif = get_real_interface($kiface); + pfSense_interface_flags($tmpif, -IFF_IPFW_FILTER); + } + $cpinterfaces = explode(",", $config['captiveportal']['interface']); + $firsttime = 0; + foreach ($cpinterfaces as $cpifgrp) { + if (!isset($ifaces[$cpifgrp])) + continue; + $tmpif = get_real_interface($cpifgrp); + if (!empty($tmpif)) { + if ($firsttime > 0) + $cpinterface .= " or "; + $cpinterface .= "via {$tmpif}"; + $firsttime = 1; + $cpipm = get_interface_ip($cpifgrp); + if (is_ipaddr($cpipm)) { + $carpif = link_ip_to_carp_interface($cpipm); + if (!empty($carpif)) { + $carpsif = explode(" ", $carpif); + foreach ($carpsif as $cpcarp) { + pfSense_interface_flags($cpcarp, IFF_IPFW_FILTER); + $carpip = find_interface_ip($cpcarp); + if (is_ipaddr($carpip)) + $cpips[] = $carpip; + } + } + $cpips[] = $cpipm; + pfSense_interface_flags($tmpif, IFF_IPFW_FILTER); + } + } + } + if (count($cpips) > 0) { + $cpactive = true; + $cpinterface = "{ {$cpinterface} } "; + } else + return false; + + /* make sure ipfw is loaded */ + if (!is_module_loaded("ipfw.ko")) + filter_load_ipfw(); + /* Always load dummynet now that even allowed ip and mac passthrough use it. */ + if (!is_module_loaded("dummynet.ko")) + mwexec("/sbin/kldload dummynet"); + $cprules = "add 65291 set 1 allow pfsync from any to any\n"; $cprules .= "add 65292 set 1 allow carp from any to any\n"; @@ -436,7 +419,7 @@ EOD; $rulenum = 65310; $ips = "255.255.255.255 "; - foreach ($cpiparray as $cpip) + foreach ($cpips as $cpip) $ips .= "or {$cpip} "; $ips = "{ {$ips} }"; //# allow access to our DHCP server (which needs to be able to ping clients as well) @@ -522,7 +505,23 @@ add 65534 set 1 pass all from any to any layer2 EOD; - return $cprules; + /* generate passthru mac database */ + $cprules .= captiveportal_passthrumac_configure(true); + $cprules .= "\n"; + /* allowed ipfw rules to make allowed ip work */ + $cprules .= captiveportal_allowedip_configure(); + + /* load rules */ + $cprules = "table all flush\nflush\n{$cprules}"; + if (file_put_contents("{$g['tmp_path']}/ipfw.cp.rules", $cprules)) { + mwexec("/sbin/ipfw -q {$g['tmp_path']}/ipfw.cp.rules", true); + //@unlink("{$g['tmp_path']}/ipfw.cp.rules"); + } + + /* filter on layer2 as well so we can check MAC addresses */ + mwexec("/sbin/sysctl net.link.ether.ipfw=1"); + + return $cprules; } /* remove clients that have been around for longer than the specified amount of time */ @@ -1071,20 +1070,19 @@ function captiveportal_write_db($cpdb) { } function captiveportal_write_elements() { - global $g, $config; - - /* delete any existing elements */ - if (is_dir($g['captiveportal_element_path'])) { - $dh = opendir($g['captiveportal_element_path']); - while (($file = readdir($dh)) !== false) { - if ($file != "." && $file != "..") - unlink($g['captiveportal_element_path'] . "/" . $file); - } - closedir($dh); - } else { - @mkdir($g['captiveportal_element_path']); - } + global $g, $config; + /* delete any existing elements */ + if (is_dir($g['captiveportal_element_path'])) { + $dh = opendir($g['captiveportal_element_path']); + while (($file = readdir($dh)) !== false) { + if ($file != "." && $file != "..") + unlink($g['captiveportal_element_path'] . "/" . $file); + } + closedir($dh); + } else + @mkdir($g['captiveportal_element_path']); + if (is_array($config['captiveportal']['element'])) { conf_mount_rw(); foreach ($config['captiveportal']['element'] as $data) { @@ -1103,7 +1101,7 @@ function captiveportal_write_elements() { conf_mount_ro(); } - return 0; + return 0; } function captiveportal_init_ipfw_ruleno($rulenos_start = 2000, $rulenos_range_max = 49899) { diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7ef9f32..c3a8cd2 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -145,9 +145,9 @@ function filter_delete_states_for_down_gateways() { $a_gateways = return_gateways_status(); foreach ($a_gateways as $gateway) { - if ($gateway['status'] == "down") { + if (stristr($status['status'], "down")) { $int_ip = get_interface_ip($gateway['interface']); - if(is_ipaddr($int_ip)) + if (is_ipaddr($int_ip)) mwexec("/sbin/pfctl -b {$int_ip}"); } } diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index e28ec51..004f2b3 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -760,7 +760,7 @@ function interfaces_configure() { services_dnsmasq_configure(); /* reload captive portal */ - captiveportal_configure(); + captiveportal_init_rules(); /* set the reload filter dity flag */ filter_configure(); @@ -2355,7 +2355,7 @@ function interface_configure($interface = "wan", $reloadall = false) { if ($reloadall == true) { /* reconfigure static routes (kernel may have deleted them) */ - system_routing_configure(); + system_routing_configure($interface); /* reload ipsec tunnels */ vpn_ipsec_configure(); @@ -2370,7 +2370,7 @@ function interface_configure($interface = "wan", $reloadall = false) { services_dnsmasq_configure(); /* reload captive portal */ - captiveportal_configure(); + captiveportal_init_rules(); /* set the reload filter dity flag */ filter_configure(); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 86916cf..ac8fa37 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -260,7 +260,7 @@ function system_hostname_configure() { return $status; } -function system_routing_configure() { +function system_routing_configure($interface = "") { global $config, $g; if(isset($config['system']['developerspew'])) { $mt = microtime(); @@ -276,7 +276,7 @@ function system_routing_configure() { $interfacegw = ""; /* tack on all the hard defined gateways as well */ if (is_array($config['gateways']['gateway_item'])) { - mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw"); + mwexec("/bin/rm {$g['tmp_path']}/*_defaultgw", true); $foundgw = false; foreach ($config['gateways']['gateway_item'] as $gateway) { if (isset($gateway['defaultgw'])) { @@ -322,8 +322,10 @@ function system_routing_configure() { $route_arr[$items[0]] = array($items[0], $items[1], $items[5]); } - if ($dont_add_route == false) { - if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) { + if ($dont_add_route == false ) { + if (!empty($interface) && $inteface != $interafegw) + ; + else if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) { $action = "add"; if(isset($route_arr['default'])) { $action = "change"; @@ -345,6 +347,8 @@ function system_routing_configure() { $gateways_arr = return_gateways_array(); foreach ($config['staticroutes']['route'] as $rtent) { + if (!empty($interface) && $interface != $rtent['interface']) + continue; $gatewayip = ""; if (isset($gateways_arr[$rtent['gateway']])) { $gatewayip = $gateways_arr[$rtent['gateway']]['gateway']; diff --git a/etc/pfSense.obsoletedfiles b/etc/pfSense.obsoletedfiles index 3efbb16..04b9a77 100644 --- a/etc/pfSense.obsoletedfiles +++ b/etc/pfSense.obsoletedfiles @@ -1,4 +1,5 @@ /etc/rc.parse-isc-dhcpd +/etc/rc.linkup.sh /etc/phpshellsessions/cvssync /etc/inc/regdomain.inc /etc/inc/sysctl.inc diff --git a/etc/rc.linkup.sh b/etc/rc.linkup.sh deleted file mode 100755 index 3ab0e3f..0000000 --- a/etc/rc.linkup.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -LINKUP=`cat /tmp/rc.linkup` -/usr/local/bin/php /etc/rc.linkup $LINKUP -rm /tmp/rc.linkup diff --git a/etc/rc.restart_webgui b/etc/rc.restart_webgui index fd0d8b9..463f934 100755 --- a/etc/rc.restart_webgui +++ b/etc/rc.restart_webgui @@ -14,10 +14,10 @@ echo "Restarting webConfigurator..."; system_webgui_start(); -captiveportal_configure(); +captiveportal_init_webgui(); enable_rrd_graphing(); echo " done.\n\n"; -?>
\ No newline at end of file +?> @@ -64,7 +64,7 @@ foreach($files_to_check as $f2c) { if(file_exists("/etc/ssh/{$f2c}")) if(file_size("/etc/ssh/{$f2c}")==0) { - mwexec("rm /etc/ssh/ssh_host*"); + mwexec("rm /etc/ssh/ssh_host*", true); } } @@ -138,7 +138,7 @@ if (!file_exists("$sshConfigDir/ssh_host_key")) { /* remove previous keys and regen later */ file_notice("SSH", "{$g['product_name']} has started creating your SSH keys. SSH Startup will be delayed. Please note that reloading the filter rules and changes will be delayed until this operation is completed.", "SSH KeyGen", ""); - mwexec("rm /etc/ssh/ssh_host_*"); + mwexec("rm /etc/ssh/ssh_host_*", true); mark_subsystem_dirty('sshdkeys'); echo " Generating Keys:\n"; system("/usr/bin/nice -n20 /usr/bin/ssh-keygen -t rsa1 -N '' -f $sshConfigDir/ssh_host_key"); diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 0c9229b..84fc0e8 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -82,6 +82,19 @@ if ($_POST) { } } +if ($_GET['act'] == "del") { + if ($a_nat[$_GET['id']]) { + if (isset($a_nat[$_GET['id']]['associated-rule-id'])) { + delete_id($a_nat[$_GET['id']]['associated-rule-id'], $config['filter']['rule']); + } + unset($a_nat[$_GET['id']]); + write_config(); + mark_subsystem_dirty('nat'); + header("Location: firewall_nat.php"); + exit; + } +} + if (isset($_POST['del_x'])) { /* delete selected rules */ if (is_array($_POST['rule']) && count($_POST['rule'])) { @@ -195,7 +208,13 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td width="5%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td width="17"></td> + <td width="17"> + <?php if (count($a_nat) == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"> + <?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected rules" onclick="return confirm('Do you really want to delete the selected rules?')"> + <?php endif; ?> + </td> <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> </tr> </table> @@ -293,10 +312,11 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td valign="middle" class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> + <td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="move selected rules before this rule" height="17" type="image" width="17" border="0"></td> <td><a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="edit rule"></a></td> </tr> <tr> - <td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="move selected rules before this rule" height="17" type="image" width="17" border="0"></td> + <td align="center" valign="middle"><a href="firewall_nat.php?act=del&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete rule" onclick="return confirm('Do you really want to delete this rule?')"></a></td> <td><a href="firewall_nat_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new nat based on this one" width="17" height="17" border="0"></a></td> </tr> </table> @@ -310,11 +330,17 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td class="list" valign="middle" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected mappings to end" border="0"><?php endif; ?></td> - <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected rules to end" border="0"><?php endif; ?></td> </tr> <tr> - <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected mappings" onclick="return confirm('Do you really want to delete the selected mappings?')"><?php endif; ?></td> + <td width="17"> + <?php if (count($a_nat) == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"> + <?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected rules" onclick="return confirm('Do you really want to delete the selected rules?')"> + <?php endif; ?> + </td> + <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> </tr> </table> </td> diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 6f7a077..ca4cee3 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -412,7 +412,7 @@ function prot_change() { <?php if ($restart_sshd) { - mwexec("/usr/bin/killall sshd"); + killbyname(sshd); log_error(gettext("secure shell configuration has changed. Stopping sshd.")); if ($config['system']['enablesshd']) { |
