diff options
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/sbin/ppp-linkup | 73 | ||||
-rw-r--r-- | usr/local/www/diag_confbak.php | 2 | ||||
-rw-r--r-- | usr/local/www/diag_dns.php | 6 | ||||
-rw-r--r-- | usr/local/www/diag_ipsec.php | 55 | ||||
-rw-r--r-- | usr/local/www/diag_ipsec_spd.php | 15 | ||||
-rw-r--r-- | usr/local/www/diag_ipsec_xml.php | 7 | ||||
-rw-r--r-- | usr/local/www/diag_logs_filter.php | 4 | ||||
-rwxr-xr-x | usr/local/www/fbegin.inc | 2 | ||||
-rw-r--r-- | usr/local/www/filebrowser/browser.php | 57 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases_import.php | 93 | ||||
-rw-r--r-- | usr/local/www/firewall_virtual_ip_edit.php | 19 | ||||
-rw-r--r-- | usr/local/www/interfaces_assign.php | 2 | ||||
-rw-r--r-- | usr/local/www/pkg_mgr_install.php | 2 | ||||
-rwxr-xr-x | usr/local/www/status.php | 6 | ||||
-rw-r--r-- | usr/local/www/themes/pfsense_ng/all.css | 2 | ||||
-rw-r--r-- | usr/local/www/themes/pfsense_ng_fs/all.css | 2 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec.php | 12 | ||||
-rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 19 | ||||
-rw-r--r-- | usr/local/www/widgets/widgets/traffic_graphs.widget.php | 10 | ||||
-rw-r--r-- | usr/local/www/wizards/setup_wizard.xml | 2 |
21 files changed, 231 insertions, 161 deletions
diff --git a/usr/local/sbin/ppp-linkup b/usr/local/sbin/ppp-linkup index 9e4aafd..2d1eb33 100755 --- a/usr/local/sbin/ppp-linkup +++ b/usr/local/sbin/ppp-linkup @@ -1,61 +1,62 @@ #!/bin/sh +export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin + if [ "${2}" == "inet" ]; then - OLD_ROUTER=`/bin/cat /tmp/${1}_router` - if [ "${OLD_ROUTER}" != "" ]; then + OLD_ROUTER=`cat /tmp/${1}_router` + if [ -n "${OLD_ROUTER}" ]; then echo "Removing states to old router ${OLD_ROUTER}" | logger -t ppp-linkup - /sbin/pfctl -i ${1} -k 0.0.0.0/0 -k ${OLD_ROUTER}/32 - /sbin/pfctl -i ${1} -k ${OLD_ROUTER}/32 -k 0.0.0.0/0 + pfctl -i ${1} -k 0.0.0.0/0 -k ${OLD_ROUTER}/32 + pfctl -i ${1} -k ${OLD_ROUTER}/32 -k 0.0.0.0/0 fi # let the configuration system know that the ipv4 has changed. - /bin/echo ${4} > /tmp/${1}_router - /bin/echo ${3} > /tmp/${1}_ip - /usr/bin/touch /tmp/${1}up + echo ${4} > /tmp/${1}_router + echo ${3} > /tmp/${1}_ip + touch /tmp/${1}up - ALLOWOVERRIDE=`/usr/bin/grep -c dnsallowoverride /conf/config.xml` - if [ ${ALLOWOVERRIDE} -gt 0 ]; then + if grep -q dnsallowoverride /conf/config.xml; then # write nameservers to file - if [ "`echo ${6}|grep -c dns1`" -gt 0 ]; then - DNS1=`echo ${6} |awk '{print ${2}}'` - echo "${DNS1}"> /var/etc/nameserver_${1} - /sbin/route change "${DNS1}" ${4} + echo -n "" > /var/etc/nameserver_${1} + if echo "${6}" | grep -q dns1; then + DNS1=`echo "${6}" | awk '{print $2}'` + echo "${DNS1}" >> /var/etc/nameserver_${1} + route change "${DNS1}" ${4} fi - if [ "`echo ${7}|grep -c dns2`" -gt 0 ]; then - DNS2=`echo ${7} |awk '{print ${2}}'` + if echo "${7}" | grep -q dns2; then + DNS2=`echo "${7}" | awk '{print $2}'` echo "${DNS2}" >> /var/etc/nameserver_${1} - /sbin/route change "${DNS2}" ${4} + route change "${DNS2}" ${4} fi - /usr/local/sbin/pfSctl -c 'service reload dns' - /bin/sleep 1 + pfSctl -c 'service reload dns' + sleep 1 fi - /usr/local/sbin/pfSctl -c "interface newip ${1}" -fi + pfSctl -c "interface newip ${1}" -if [ "${2}" == "inet6" ]; then +elif [ "${2}" == "inet6" ]; then # let the configuration system know that the ipv6 has changed. - /bin/echo ${4} |cut -d% -f1 > /tmp/${1}_routerv6 - /bin/echo ${3} |cut -d% -f1 > /tmp/${1}_ipv6 - /usr/bin/touch /tmp/${1}upv6 + echo ${4} |cut -d% -f1 > /tmp/${1}_routerv6 + echo ${3} |cut -d% -f1 > /tmp/${1}_ipv6 + touch /tmp/${1}upv6 - ALLOWOVERRIDE=`/usr/bin/grep -c dnsallowoverride /conf/config.xml` - if [ ${ALLOWOVERRIDE} -gt 0 ]; then + if grep -q dnsallowoverride /conf/config.xml; then # write nameservers to file - if [ "`echo ${6}|grep -c dns1`" -gt 0 ]; then - DNS1=`echo ${6} |awk '{print ${2}}'` - echo "${DNS1}"> /var/etc/nameserver_v6${1} - /sbin/route change -inet6 "${DNS1}" ${4} + echo -n "" > /var/etc/nameserver_v6${1} + if echo "${6}" | grep -q dns1; then + DNS1=`echo "${6}" | awk '{print $2}'` + echo "${DNS1}" >> /var/etc/nameserver_v6${1} + route change -inet6 "${DNS1}" ${4} fi - if [ "`echo ${7}|grep -c dns2`" -gt 0 ]; then - DNS2=`echo ${7} |awk '{print ${2}}'` + if echo "${7}" | grep -q dns2; then + DNS2=`echo "${7}" | awk '{print $2}'` echo "${DNS2}" >> /var/etc/nameserver_v6${1} - /sbin/route change -inet6 "${DNS2}" ${4} + route change -inet6 "${DNS2}" ${4} fi - /usr/local/sbin/pfSctl -c 'service reload dns' - /bin/sleep 1 + pfSctl -c 'service reload dns' + sleep 1 fi - /usr/local/sbin/pfSctl -c "interface newipv6 ${1}" + pfSctl -c "interface newipv6 ${1}" fi exit 0 diff --git a/usr/local/www/diag_confbak.php b/usr/local/www/diag_confbak.php index 5fd6796..4d631a3 100644 --- a/usr/local/www/diag_confbak.php +++ b/usr/local/www/diag_confbak.php @@ -210,7 +210,7 @@ include("head.inc"); <?php if (is_array($confvers)): ?> <tr> <td colspan="7" class="list"> - <?= gettext("To view the differences between an older configuration and a newer configuration, select the older configuration using the left column of radio options and select the newer configuration in the right colomn, then press the Diff button."); ?> + <?= gettext("To view the differences between an older configuration and a newer configuration, select the older configuration using the left column of radio options and select the newer configuration in the right column, then press the Diff button."); ?> <br /><br /> </td> </tr> diff --git a/usr/local/www/diag_dns.php b/usr/local/www/diag_dns.php index 69a93a3..415b714 100644 --- a/usr/local/www/diag_dns.php +++ b/usr/local/www/diag_dns.php @@ -37,7 +37,11 @@ require("guiconfig.inc"); $host = trim($_REQUEST['host'], " \t\n\r\0\x0B[];\"'"); $host_esc = escapeshellarg($host); -$a_aliases = &$config['aliases']['alias']; +if (is_array($config['aliases']['alias'])) { + $a_aliases = &$config['aliases']['alias']; +} else { + $a_aliases = array(); +} $aliasname = str_replace(array(".","-"), "_", $host); $alias_exists = false; $counter=0; diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php index ad6c463..33b0c85 100644 --- a/usr/local/www/diag_ipsec.php +++ b/usr/local/www/diag_ipsec.php @@ -52,16 +52,16 @@ require("guiconfig.inc"); include("head.inc"); require("ipsec.inc"); -if ($_GET['act'] == "connect") { - if (is_ipaddrv4($_GET['remoteid']) && is_ipaddrv4($_GET['source'])) { - exec("/sbin/ping -S " . escapeshellarg($_GET['source']) . " -c 1 " . escapeshellarg($_GET['remoteid'])); +if ($_GET['act'] == 'connect') { + if (ctype_digit($_GET['ikeid'])) { + mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); + mwexec("/usr/local/sbin/ipsec up con" . escapeshellarg($_GET['ikeid'])); } - else if (is_ipaddrv6($_GET['remoteid']) && is_ipaddrv6($_GET['source'])) { - exec("/sbin/ping6 -S " . escapeshellarg($_GET['source']) . " -c 1 " . escapeshellarg($_GET['remoteid'])); +} else if ($_GET['act'] == 'ikedisconnect') { + if (ctype_digit($_GET['ikeid'])) { + mwexec("/usr/local/sbin/ipsec down con" . escapeshellarg($_GET['ikeid'])); } -} - -if ($_GET['act'] == "disconnect") { +} else if ($_GET['act'] == 'disconnect') { if (!empty($_GET['user'])) { ipsec_disconnect_mobile($_GET['user']); sleep(1); @@ -107,23 +107,31 @@ $status = ipsec_smp_dump_status(); <th class="listhdrr nowrap"><?php echo gettext("Remote IP");?></th> <th class="listhdrr nowrap"><?php echo gettext("Role");?></th> <th class="listhdrr nowrap"><?php echo gettext("Status");?></th> + <td class="list nowrap"></td> </tr> </thead> <tbody> <?php if (is_array($status['query']) && is_array($status['query']['ikesalist']) && is_array($status['query']['ikesalist']['ikesa'])) { foreach ($status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) { + if (ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ikesa['id'])) { + $icon = "pass"; + } elseif(!isset($config['ipsec']['enable'])) { + $icon = "block"; + } else { + $icon = "reject"; + } ?> <tr> <td class="listlr"> - <?php echo htmlspecialchars(ipsec_get_descr_by_peerconfig($ikesa['peerconfig']));?> + <?php echo "({$ikesa['id']}) " . htmlspecialchars(ipsec_get_descr($ikesa['id']));?> </td> <td class="listr"> <?php if (!is_array($ikesa['local'])) echo "Unknown"; else { if (!empty($ikesa['local']['identification'])) - echo htmlspecialchars($ikesa['local']['identification']) . '<br />' . htmlspecialchars($ikesa['local']['spi']); + echo htmlspecialchars($ikesa['local']['identification']); else echo 'Unknown'; } @@ -137,7 +145,7 @@ $status = ipsec_smp_dump_status(); echo htmlspecialchars($ikesa['local']['address']) . ':' . htmlspecialchars($ikesa['local']['port']); else echo 'Unknown'; - if ($ikesa['local']['nat']) + if ($ikesa['local']['nat'] != 'false') echo " NAT-T"; } ?> @@ -147,7 +155,7 @@ $status = ipsec_smp_dump_status(); echo "Unknown"; else { if (!empty($ikesa['remote']['identification'])) - echo htmlspecialchars($ikesa['remote']['identification']) . '<br />' . htmlspecialchars($ikesa['remote']['spi']); + echo htmlspecialchars($ikesa['remote']['identification']); else echo 'Unknown'; } @@ -161,7 +169,7 @@ $status = ipsec_smp_dump_status(); echo htmlspecialchars($ikesa['remote']['address']) . ':' . htmlspecialchars($ikesa['remote']['port']); else echo 'Unknown'; - if ($ikesa['remote']['nat']) + if ($ikesa['remote']['nat'] != 'false') echo " NAT-T"; } ?> @@ -170,10 +178,25 @@ $status = ipsec_smp_dump_status(); <?php echo htmlspecialchars($ikesa['role']);?> </td> <td class="listr"> - <?php echo htmlspecialchars($ikesa['status']);?> + <center> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_<?php echo $icon; ?>.gif" title="<?php echo $ikesa['status']; ?>" alt=""/> + <br/><?php echo htmlspecialchars($ikesa['status']);?> + </center> </td> - <td class="listbg"> - <?php ?> + <td > + <?php if ($icon != "pass"): ?> + <center> + <a href="diag_ipsec.php?act=connect&ikeid=<?php echo $ikesa['id']; ?>"> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_start.gif" alt="Connect VPN" title="Connect VPN" border="0"/> + </a> + </center> + <?php else: ?> + <center> + <a href="diag_ipsec.php?act=ikedisconnect&ikeid=<?php echo $ikesa['id']; ?>"> + <img src ="/themes/<?php echo $g['theme']; ?>/images/icons/icon_service_stop.gif" alt="Disconnect VPN" title="Disconnect VPN" border="0"/> + </a> + </center> + <?php endif; ?> </td> <td valign="middle" class="list nowrap"> <table border="0" cellspacing="0" cellpadding="1" summary=""> diff --git a/usr/local/www/diag_ipsec_spd.php b/usr/local/www/diag_ipsec_spd.php index d156105..3c854af 100644 --- a/usr/local/www/diag_ipsec_spd.php +++ b/usr/local/www/diag_ipsec_spd.php @@ -32,7 +32,7 @@ */ /* - pfSense_BUILDER_BINARIES: /usr/local/sbin/setkey + pfSense_BUILDER_BINARIES: /sbin/setkey pfSense_MODULE: ipsec */ @@ -50,16 +50,6 @@ $pgtitle = array(gettext("Status"),gettext("IPsec"),gettext("SPD")); $shortcut_section = "ipsec"; include("head.inc"); -/* delete any SP? */ -if ($_GET['act'] == "del") { - $fd = @popen("/usr/local/sbin/setkey -c > /dev/null 2>&1", "w"); - if ($fd) { - fwrite($fd, "spddelete {$_GET['srcid']} {$_GET['dstid']} any -P {$_GET['dir']} ;\n"); - pclose($fd); - sleep(1); - } -} - $spd = ipsec_dump_spd(); ?> @@ -106,9 +96,6 @@ $spd = ipsec_dump_spd(); $args .= "&dstid=".rawurlencode($sp['dstid']); $args .= "&dir=".rawurlencode($sp['dir']); ?> - <a href="diag_ipsec_spd.php?act=del&<?=$args;?>" onclick="return confirm('<?= gettext("Do you really want to delete this security policy?"); ?>')"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="delete" /> - </a> </td> </tr> <?php endforeach; ?> diff --git a/usr/local/www/diag_ipsec_xml.php b/usr/local/www/diag_ipsec_xml.php index b2c2ad6..2d74c1b 100644 --- a/usr/local/www/diag_ipsec_xml.php +++ b/usr/local/www/diag_ipsec_xml.php @@ -50,15 +50,14 @@ $ipsec_status = array(); $a_phase2 = &$config['ipsec']['phase2']; -$spd = ipsec_dump_spd(); -$sad = ipsec_dump_sad(); +$status = ipsec_smp_dump_status(); -if(is_array($a_phase2)) { +if (is_array($status['query']) && $status['query']['ikesalist'] && $status['query']['ikesalist']['ikesa'])) { foreach ($a_phase2 as $ph2ent) { ipsec_lookup_phase1($ph2ent,$ph1ent); $tunnel = array(); if (!isset($ph2ent['disabled']) && !isset($ph1ent['disabled'])) { - if(ipsec_phase2_status($spd,$sad,$ph1ent,$ph2ent)) + if(ipsec_phase1_status($status['query']['ikesalist']['ikesa'], $ph1ent['ikeid'])) $tunnel['state'] = "up"; elseif(!isset($config['ipsec']['enable'])) $tunnel['state'] = "disabled"; diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php index d12ad43..5595fc6 100644 --- a/usr/local/www/diag_logs_filter.php +++ b/usr/local/www/diag_logs_filter.php @@ -91,9 +91,8 @@ if ($filterlogentries_submit) { $actpass = getGETPOSTsettingvalue('actpass', null); $actblock = getGETPOSTsettingvalue('actblock', null); - $actreject = getGETPOSTsettingvalue('actreject', null); - $filterfieldsarray['act'] = str_replace(" ", " ", trim($actpass . " " . $actblock . " " . $actreject)); + $filterfieldsarray['act'] = str_replace(" ", " ", trim($actpass . " " . $actblock)); $filterfieldsarray['act'] = $filterfieldsarray['act'] != "" ? $filterfieldsarray['act'] : 'All'; $filterfieldsarray['time'] = getGETPOSTsettingvalue('filterlogentries_time', null); $filterfieldsarray['interface'] = getGETPOSTsettingvalue('filterlogentries_interfaces', null); @@ -175,7 +174,6 @@ include("head.inc"); <div align="left"> <input id="actpass" name="actpass" type="checkbox" value="Pass" <?php if (in_arrayi('Pass', $Include_Act)) echo "checked=\"checked\""; ?> /> Pass<br /> <input id="actblock" name="actblock" type="checkbox" value="Block" <?php if (in_arrayi('Block', $Include_Act)) echo "checked=\"checked\""; ?> /> Block<br /> - <input id="actreject" name="actreject" type="checkbox" value="Reject" <?php if (in_arrayi('Reject', $Include_Act)) echo "checked=\"checked\""; ?> /> Reject<br /> </div> </td> <td> diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 4710c29..1775d49 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -242,7 +242,7 @@ if (isset($config['system']['developer'])) { $diagnostics_menu = msort(array_merge($diagnostics_menu, return_ext_menu("Diagnostics")),0); $gold_menu = array(); -$gold_menu[] = array(gettext("pfSense Gold"), "https://portal.pfsense.org/gold-subscription.php"); +$gold_menu[] = array(gettext("pfSense Gold"), "https://www.pfsense.org/gold"); $gold_menu = msort(array_merge($gold_menu, return_ext_menu("Gold")),0); if(! $g['disablehelpmenu']) { diff --git a/usr/local/www/filebrowser/browser.php b/usr/local/www/filebrowser/browser.php index 4a456be..d8cbea3 100644 --- a/usr/local/www/filebrowser/browser.php +++ b/usr/local/www/filebrowser/browser.php @@ -91,25 +91,44 @@ endforeach; foreach($files as $file): $ext = strrchr($file, "."); - if($ext == ".css" ) $type = "code"; - elseif($ext == ".html") $type = "code"; - elseif($ext == ".xml" ) $type = "code"; - elseif($ext == ".rrd" ) $type = "database"; - elseif($ext == ".gif" ) $type = "image"; - elseif($ext == ".jpg" ) $type = "image"; - elseif($ext == ".png" ) $type = "image"; - elseif($ext == ".js" ) $type = "js"; - elseif($ext == ".pdf" ) $type = "pdf"; - elseif($ext == ".inc" ) $type = "php"; - elseif($ext == ".php" ) $type = "php"; - elseif($ext == ".conf") $type = "system"; - elseif($ext == ".pid" ) $type = "system"; - elseif($ext == ".sh" ) $type = "system"; - elseif($ext == ".bz2" ) $type = "zip"; - elseif($ext == ".gz" ) $type = "zip"; - elseif($ext == ".tgz" ) $type = "zip"; - elseif($ext == ".zip" ) $type = "zip"; - else $type = "generic"; + switch ($ext) { + case ".css": + case ".html": + case ".xml": + $type = "code"; + break; + case ".rrd": + $type = "database"; + break; + case ".gif": + case ".jpg": + case ".png": + $type = "image"; + break; + case ".js": + $type = "js"; + break; + case ".pdf": + $type = "pdf"; + break; + case ".inc": + case ".php": + $type = "php"; + break; + case ".conf": + case ".pid": + case ".sh": + $type = "system"; + break; + case ".bz2": + case ".gz": + case ".tgz": + case ".zip": + $type = "zip"; + break; + default: + $type = "generic"; + } $fqpn = "{$path}/{$file}"; diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index e3c0471..3479e8d 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -643,7 +643,7 @@ if (empty($tab)) { <td valign="top" class="vncellreq"><?=gettext("Name"); ?></td> <td class="vtable"> <input name="origname" type="hidden" id="origname" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> - <input name="name" type="text" id="name" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> + <input name="name" type="text" id="name" class="formfld unknown" size="40" maxlength="31" value="<?=htmlspecialchars($pconfig['name']);?>" /> <?php if (isset($id) && $a_aliases[$id]): ?> <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <?php endif; ?> diff --git a/usr/local/www/firewall_aliases_import.php b/usr/local/www/firewall_aliases_import.php index 4151521..c028b3e 100755 --- a/usr/local/www/firewall_aliases_import.php +++ b/usr/local/www/firewall_aliases_import.php @@ -57,7 +57,7 @@ $reserved_ifs = get_configured_interface_list(false, true); $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names); if (!is_array($config['aliases']['alias'])) - $config['aliases']['alias'] = array(); + $config['aliases']['alias'] = array(); $a_aliases = &$config['aliases']['alias']; if($_POST['aliasimport'] <> "") { @@ -65,7 +65,7 @@ if($_POST['aliasimport'] <> "") { $reqdfieldsn = array(gettext("Name"),gettext("Aliases")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - + if (is_validaliasname($_POST['name']) == false) $input_errors[] = gettext("The alias name may only consist of the characters") . " a-z, A-Z, 0-9, _."; @@ -75,17 +75,17 @@ if($_POST['aliasimport'] <> "") { /* Check for reserved keyword names */ - foreach($reserved_keywords as $rk) - if ($rk == $_POST['name']) - $input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk); - - /* check for name interface description conflicts */ - foreach($config['interfaces'] as $interface) { - if($interface['descr'] == $_POST['name']) { - $input_errors[] = gettext("An interface description with this name already exists."); - break; - } - } + foreach($reserved_keywords as $rk) + if ($rk == $_POST['name']) + $input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk); + + /* check for name interface description conflicts */ + foreach($config['interfaces'] as $interface) { + if($interface['descr'] == $_POST['name']) { + $input_errors[] = gettext("An interface description with this name already exists."); + break; + } + } if ($_POST['aliasimport']) { $tocheck = explode("\n", $_POST['aliasimport']); @@ -147,7 +147,7 @@ if($_POST['aliasimport'] <> "") { if (write_config()) mark_subsystem_dirty('aliases'); pfSenseHeader("firewall_aliases.php"); - + exit; } } @@ -163,38 +163,53 @@ include("head.inc"); <div id="inputerrors"></div> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall alias import"> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Alias Import"); ?></td> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Alias Import"); ?></td> </tr> <tr> - <td valign="top" class="vncellreq"><?=gettext("Alias Name"); ?></td> - <td class="vtable"> <input name="name" type="text" class="formfld unknown" id="name" size="40" value="<?=htmlspecialchars($_POST['name']);?>" /> - <br /> <span class="vexpl"> - <?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z and 0-9\"."); ?></span></td> + <td valign="top" class="vncellreq"><?=gettext("Alias Name"); ?></td> + <td class="vtable"> + <input name="name" type="text" class="formfld unknown" id="name" size="40" maxlength="31" value="<?=htmlspecialchars($_POST['name']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("The name of the alias may only consist of the characters \"a-z, A-Z and 0-9\"."); ?> + </span> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($_POST['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here " . - "for your reference (not parsed)"); ?>.</span></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($_POST['descr']);?>" /> + <br /> + <span class="vexpl"> + <?=gettext("You may enter a description here for your reference (not parsed)"); ?>. + </span> + </td> </tr> <tr> - <td valign="top" class="vncellreq"><?=gettext("Aliases to import"); ?></td> - <td class="vtable"><textarea name="aliasimport" rows="15" cols="40"><?php echo $_POST['aliasimport']; ?></textarea> - <br /> <span class="vexpl"><?=gettext("Paste in the aliases to import separated by a carriage return. Common examples are lists of IPs, networks, blacklists, etc."); ?> - <br /> <?=gettext("The list may contain IP addresses, with or without CIDR prefix, IP ranges, blank lines (ignored) and an optional description after each IP. e.g.:"); ?> - <br />172.16.1.2 - <br />172.16.0.0/24 - <br />10.11.12.100-10.11.12.200 - <br />192.168.1.254 Home router - <br />10.20.0.0/16 Office network - <br />10.40.1.10-10.40.1.19 Managed switches</span></td> + <td valign="top" class="vncellreq"><?=gettext("Aliases to import"); ?></td> + <td class="vtable"> + <textarea name="aliasimport" rows="15" cols="40"><?php echo $_POST['aliasimport']; ?></textarea> + <br /> + <span class="vexpl"> + <?=gettext("Paste in the aliases to import separated by a carriage return. Common examples are lists of IPs, networks, blacklists, etc."); ?> + <br /> + <?=gettext("The list may contain IP addresses, with or without CIDR prefix, IP ranges, blank lines (ignored) and an optional description after each IP. e.g.:"); ?> + <br />172.16.1.2 + <br />172.16.0.0/24 + <br />10.11.12.100-10.11.12.200 + <br />192.168.1.254 Home router + <br />10.20.0.0/16 Office network + <br />10.40.1.10-10.40.1.19 Managed switches + </span> + </td> </tr> <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input class="formbtn" type="button" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> - </td></tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <input class="formbtn" type="button" value="<?=gettext("Cancel"); ?>" onclick="history.back()" /> + </td> + </tr> </table> @@ -202,7 +217,7 @@ include("head.inc"); </div> <?php include("fend.inc"); ?> - + <script type="text/javascript"> //<![CDATA[ NiftyCheck(); diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index bf48e12..c33166b 100644 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -113,8 +113,23 @@ if ($_POST) { if ($_POST['subnet']) { if (!is_ipaddr($_POST['subnet'])) $input_errors[] = gettext("A valid IP address must be specified."); - else if (is_ipaddr_configured($_POST['subnet'], "{$_POST['interface']}_vip{$id}")) - $input_errors[] = gettext("This IP address is being used by another interface or VIP."); + else { + if (isset($id) && isset($a_vip[$id])) { + $ignore_if = $a_vip[$id]['interface']; + $ignore_mode = $a_vip[$id]['mode']; + } else { + $ignore_if = $_POST['interface']; + $ignore_mode = $_POST['mode']; + } + + if ($ignore_mode == 'carp') + $ignore_if .= "_vip{$id}"; + + if (is_ipaddr_configured($_POST['subnet'], $ignore_if)) + $input_errors[] = gettext("This IP address is being used by another interface or VIP."); + + unset($ignore_if, $ignore_mode); + } } $natiflist = get_configured_interface_with_descr(); diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 42ba60e..515ea92 100644 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -384,7 +384,7 @@ if(file_exists("/var/run/interface_mismatch_reboot_needed")) else $savemsg = gettext("Reboot is needed. Please apply the settings in order to reboot."); } else { - $savemsg = gettext("Interface mismatch detected. Please resolve the mismatch and click Save. The firewall will reboot afterwards."); + $savemsg = gettext("Interface mismatch detected. Please resolve the mismatch and click 'Apply changes'. The firewall will reboot afterwards."); } ?> diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 2f5d04c..945aa2d 100644 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -226,6 +226,8 @@ if ($_GET) { filter_configure(); break; case 'reinstallxml': + pkg_fetch_config_file($pkgid); + pkg_fetch_additional_files($pkgid); case 'reinstallpkg': delete_package_xml($pkgid); if (install_package($pkgid) < 0) { diff --git a/usr/local/www/status.php b/usr/local/www/status.php index 5b1624a..93fe21e 100755 --- a/usr/local/www/status.php +++ b/usr/local/www/status.php @@ -29,7 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - pfSense_BUILDER_BINARIES: /usr/bin/vmstat /usr/bin/netstat /sbin/dmesg /sbin/mount /usr/local/sbin/setkey /usr/local/sbin/pftop + pfSense_BUILDER_BINARIES: /usr/bin/vmstat /usr/bin/netstat /sbin/dmesg /sbin/mount /sbin/setkey /usr/local/sbin/pftop pfSense_BUILDER_BINARIES: /sbin/pfctl /sbin/sysctl /usr/bin/top /usr/bin/netstat /sbin/pfctl /sbin/ifconfig pfSense_MODULE: support */ @@ -180,8 +180,8 @@ defCmdT("dhcpd.conf","cat /var/dhcpd/etc/dhcpd.conf"); defCmdT("df","/bin/df"); defCmdT("racoon.conf","cat /var/etc/racoon.conf"); -defCmdT("SPD","/usr/local/sbin/setkey -DP"); -defCmdT("SAD","/usr/local/sbin/setkey -D"); +defCmdT("SPD","/sbin/setkey -DP"); +defCmdT("SAD","/sbin/setkey -D"); if(isset($config['system']['usefifolog'])) { defCmdT("last 200 system log entries","/usr/sbin/fifolog_reader /var/log/system.log 2>&1 | tail -n 200"); diff --git a/usr/local/www/themes/pfsense_ng/all.css b/usr/local/www/themes/pfsense_ng/all.css index 80dd171..46f74fa 100644 --- a/usr/local/www/themes/pfsense_ng/all.css +++ b/usr/local/www/themes/pfsense_ng/all.css @@ -428,7 +428,7 @@ table#marquee div#container div#scroller { #navigation ul li { float: left; position: relative; - width: 6.2em; + padding-right: 27px; top: 0px; } diff --git a/usr/local/www/themes/pfsense_ng_fs/all.css b/usr/local/www/themes/pfsense_ng_fs/all.css index c0898e9..7ccc4c7 100644 --- a/usr/local/www/themes/pfsense_ng_fs/all.css +++ b/usr/local/www/themes/pfsense_ng_fs/all.css @@ -389,7 +389,7 @@ table#marquee div#container div#scroller { #navigation ul li { float: left; position: relative; - width: 6.2em; + padding-right: 27px; top: 0px; } diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 587c048..75118b5 100644 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -102,7 +102,7 @@ if ($_GET['act'] == "delph1") if ($_GET['act'] == "delph2") { - if ($a_phase1[$_GET['p1index']] && $a_phase2[$_GET['p2index']]) { + if ($a_phase1[$_GET['p1index']]) { /* remove the phase2 entry */ foreach ($a_phase2 as $ph2idx => $ph2) { if ($ph2['uniqid'] == $_GET['p2index']) { @@ -374,10 +374,12 @@ include("head.inc"); <td class="listr nowrap"> <?=$spans;?> <?php - foreach ($ph2ent['hash-algorithm-option'] as $k => $ph2ha) { - if ($k) - echo ", "; - echo $p2_halgos[$ph2ha]; + if (!empty($ph2ent['hash-algorithm-option']) && is_array($ph2ent['hash-algorithm-option'])) { + foreach ($ph2ent['hash-algorithm-option'] as $k => $ph2ha) { + if ($k) + echo ", "; + echo $p2_halgos[$ph2ha]; + } } ?> <?=$spane;?> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 8a78065..461a708 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -127,8 +127,8 @@ if ($_POST) { $input_errors[] = gettext("A valid ikeid must be specified."); /* input validation */ - $reqdfields = explode(" ", "localid_type halgos uniqid"); - $reqdfieldsn = array(gettext("Local network type"),gettext("P2 Hash Algorithms"), gettext("Unique Identifier")); + $reqdfields = explode(" ", "localid_type uniqid"); + $reqdfieldsn = array(gettext("Local network type"), gettext("Unique Identifier")); if (!isset($pconfig['mobile'])){ $reqdfields[] = "remoteid_type"; $reqdfieldsn[] = gettext("Remote network type"); @@ -254,7 +254,17 @@ if ($_POST) { if (!count($ealgos)) { $input_errors[] = gettext("At least one encryption algorithm must be selected."); + } else { + if (empty($pconfig['halgos'])) { + foreach ($ealgos as $ealgo) { + if (!strpos($ealgo['name'], "gcm")) { + $input_errors[] = gettext("At least one hashing algorithm needs to be selected."); + break; + } + } + } } + } if (($_POST['lifetime'] && !is_numeric($_POST['lifetime']))) { $input_errors[] = gettext("The P2 lifetime must be an integer."); @@ -277,7 +287,10 @@ if ($_POST) { $ph2ent['protocol'] = $pconfig['proto']; $ph2ent['encryption-algorithm-option'] = $ealgos; - $ph2ent['hash-algorithm-option'] = $pconfig['halgos']; + if (!empty($pconfig['halgos'])) + $ph2ent['hash-algorithm-option'] = $pconfig['halgos']; + else + unset($ph2ent['hash-algorithm-option']); $ph2ent['pfsgroup'] = $pconfig['pfsgroup']; $ph2ent['lifetime'] = $pconfig['lifetime']; $ph2ent['pinghost'] = $pconfig['pinghost']; diff --git a/usr/local/www/widgets/widgets/traffic_graphs.widget.php b/usr/local/www/widgets/widgets/traffic_graphs.widget.php index 2dedc2d..3523bc1 100644 --- a/usr/local/www/widgets/widgets/traffic_graphs.widget.php +++ b/usr/local/www/widgets/widgets/traffic_graphs.widget.php @@ -98,12 +98,6 @@ if (isset($a_config["scale_type"])) { ?> <input type="hidden" id="traffic_graphs-config" name="traffic_graphs-config" value="" /> -<?php - //set variables for traffic graph - $width = "100%"; - $height = "150"; -?> - <div id="traffic_graphs-settings" class="widgetconfigdiv" style="display:none;"> <form action="/widgets/widgets/traffic_graphs.widget.php" method="post" name="iform" id="iform"> <?php foreach ($ifdescrs as $ifname => $ifdescr) { ?> @@ -173,11 +167,9 @@ foreach ($ifdescrs as $ifname => $ifdescr) { <div style="clear:both;"></div> </div> <div id="<?=$ifname;?>graphdiv" style="display:<?php echo $graphdisplay;?>"> - <object data="graph.php?ifnum=<?=$ifname;?>&ifname=<?=rawurlencode($ifdescr);?>&timeint=<?=$refreshinterval;?>&initdelay=<?=($graphcounter+1) * 2;?>"> + <object data="graph.php?ifnum=<?=$ifname;?>&ifname=<?=rawurlencode($ifdescr);?>&timeint=<?=$refreshinterval;?>&initdelay=<?=($graphcounter+1) * 2;?>" height="100%" width="100%"> <param name="id" value="graph" /> <param name="type" value="image/svg+xml" /> - <param name="width" value="<? echo $width; ?>" /> - <param name="height" value="<? echo $height; ?>" /> <param name="pluginspage" value="http://www.adobe.com/svg/viewer/install/auto" /> </object> </div> diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index 2556a05..0558250 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -53,7 +53,7 @@ <id>2</id> <title>Bling your pfSense with pfSense Gold</title> <disableheader>true</disableheader> - <description>Feel the power of a pfSense Gold subscription. Receive special benefits while supporting ongoing development of the Open Source pfSense project.<br/> <br/> Benefits include access to our AutoConfigBackup secure cloud based backup service for up to 10 hosts, pre-publication access to the updated pfSense: The Definitive Guide book in PDF, fully updated for the pfSense 2.1 release, and a monthly online MeetUp! Video conference to discuss and demonstrate advanced features and architectures using pfSense. <br/> <br/> Go to <a href="https://portal.pfsense.org/gold-subscription.php" target="_blank"> pfSense Gold Subscriptions</a> to sign up now <br/> <br/> </description> + <description>Feel the power of a pfSense Gold subscription. Receive special benefits while supporting ongoing development of the Open Source pfSense project.<br/> <br/> Benefits include access to our AutoConfigBackup secure cloud based backup service for up to 10 hosts, pre-publication access to the updated pfSense: The Definitive Guide book in PDF, fully updated for the pfSense 2.1 release, and a monthly online MeetUp! Video conference to discuss and demonstrate advanced features and architectures using pfSense. <br/> <br/> Go to <a href="https://www.pfsense.org/gold" target="_blank"> pfSense Gold Subscriptions</a> to sign up now <br/> <br/> </description> <fields> <field> <name>Next</name> |