Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Correct the copy() logic | Scott Ullrich | 2007-04-21 | 1 | -1/+1 |
| | |||||
* | * Use copy instead of system() * Lock the configuration before doing this ↵ | Scott Ullrich | 2007-04-21 | 1 | -2/+6 |
| | | | | operation * Unlink config.cache if it exists * Send the image to RO after this operation | ||||
* | xmlparse now returns -1 when a file is corrupt. Detect this situation ↵ | Scott Ullrich | 2007-04-21 | 1 | -0/+8 |
| | | | | during parse_config() and trigger a backup. Note to the user this occurance. | ||||
* | xmlparse now returns -1 when a file is corrupt. Detect this situatioon and ↵ | Scott Ullrich | 2007-04-21 | 1 | -0/+5 |
| | | | | notify the user that we are unlinking the file. | ||||
* | When we iterate through the backup cache we call out to parse the ↵ | Scott Ullrich | 2007-04-21 | 1 | -1/+2 |
| | | | | configuration file. This can be fatal if the xml contents is corrupted and the process will die out. Instead of dieing, return -1 and let the process continue since we have further logic to detect these issues and restore a previous configuration, etc. | ||||
* | Do correct locking when cleaning the backup cache | Scott Ullrich | 2007-04-21 | 1 | -0/+2 |
| | |||||
* | We really need to lock the configuration when outputting the config.cache | Scott Ullrich | 2007-04-21 | 1 | -0/+2 |
| | |||||
* | We should anti spoof on the wan interface as well. | Scott Ullrich | 2007-04-21 | 1 | -0/+1 |
| | |||||
* | Block traffic from source port 0 or destination port 0. Some crafty folks ↵ | Scott Ullrich | 2007-04-20 | 1 | -0/+4 |
| | | | | try to evade packet filters by using this type of trickery. See http://www.securityfocus.com/archive/75/402099/30/0/threaded for more information. | ||||
* | Note that we use the username admin when syncing in the error messages | Scott Ullrich | 2007-04-19 | 1 | -2/+2 |
| | |||||
* | Correctly define the state timeout value. | Scott Ullrich | 2007-04-19 | 1 | -1/+2 |
| | |||||
* | Do not echo out extra text when reloading the filter rules and correctly ↵ | Scott Ullrich | 2007-04-18 | 1 | -1/+1 |
| | | | | detect pftpx already started. | ||||
* | Remove trailing space | Scott Ullrich | 2007-04-18 | 1 | -1/+1 |
| | |||||
* | Do not carriage return in the middle of a shell command | Scott Ullrich | 2007-04-18 | 1 | -2/+1 |
| | |||||
* | Don not use round-robin on failover lb pools | Seth Mos | 2007-04-18 | 1 | -2/+7 |
| | | | | MFC: ASAP | ||||
* | initialize variable correctly | Scott Dale | 2007-04-18 | 1 | -1/+1 |
| | | | | MFC: asap | ||||
* | Turn off hard drive write caching correctly | Scott Ullrich | 2007-04-17 | 2 | -2/+5 |
| | |||||
* | Show icon when schedule is active | Scott Dale | 2007-04-17 | 1 | -1/+4 |
| | | | | MFC: asap | ||||
* | Schedule popup on firewall page, stop min 0>00 | Scott Dale | 2007-04-17 | 3 | -11/+117 |
| | | | | MFC: asap | ||||
* | hw.ata.wc is a read-only /boot/loader.conf value. Remove. | Scott Ullrich | 2007-04-17 | 1 | -1/+0 |
| | |||||
* | Correctly note the filter configure item when removing the schedule feature ↵ | Scott Ullrich | 2007-04-16 | 1 | -1/+2 |
| | | | | from cron | ||||
* | Add xml sync schedules option | Scott Ullrich | 2007-04-15 | 2 | -5/+14 |
| | |||||
* | Remove stray ; | Scott Ullrich | 2007-04-15 | 1 | -1/+1 |
| | |||||
* | Uncomment pass rule logic. Fixes a problem report from the forum. ↵ | Scott Ullrich | 2007-04-14 | 1 | -2/+2 |
| | | | | Reminded-by: Holger | ||||
* | Add some text breaks. | Scott Ullrich | 2007-04-14 | 1 | -1/+4 |
| | |||||
* | Remove <br/> from schedule strong note. | Scott Ullrich | 2007-04-14 | 1 | -1/+1 |
| | |||||
* | Wrap text in <pre></pre> | Scott Ullrich | 2007-04-14 | 1 | -2/+2 |
| | |||||
* | Add a note about firewall rule schedule logic that will pop up in a new ↵ | Scott Ullrich | 2007-04-14 | 2 | -1/+9 |
| | | | | window describing how pass rules work when they are outside of the schedule window, etc. | ||||
* | Disable ATA write caching which should help with loosing configuration on ↵ | Scott Ullrich | 2007-04-13 | 1 | -0/+1 |
| | | | | invalid power off events. | ||||
* | Backport usermanager code from HEAD so I can get it in the snaps and | Bill Marquette | 2007-04-13 | 12 | -122/+2638 |
| | | | | | start testing it properly There's still some CSS/HTML fixes needed but the code seems to work | ||||
* | Hide "ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding ↵ | Scott Ullrich | 2007-04-11 | 1 | -1/+4 |
| | | | | | | enabled, default to accept, logging disabled" while enabling time based rules Noticed-by: Ryan Wagoner | ||||
* | Check for array type before foreach() | Scott Ullrich | 2007-04-11 | 1 | -4/+5 |
| | | | | Reminded-by: Ryan Wagoner/Seth Mos | ||||
* | Remove time based rule debugging statements. | Scott Ullrich | 2007-04-11 | 1 | -20/+0 |
| | | | | Reminded-by: Ryan Wagoner | ||||
* | Do not sort dns server list. | Scott Ullrich | 2007-04-11 | 1 | -1/+0 |
| | | | | Reported-by: Goffredo Andreone | ||||
* | If we cannot deterimine interrupts a second for an interface, do not recycle ↵ | Scott Ullrich | 2007-04-10 | 1 | -0/+3 |
| | | | | last known values. | ||||
* | Do not show blank openvpn configuration items. | Scott Ullrich | 2007-04-10 | 2 | -0/+8 |
| | |||||
* | Set RELENG_1 version to 1.3. 1.2 will be released form RELENG_1_2. | Scott Ullrich | 2007-04-09 | 1 | -1/+1 |
| | |||||
* | Time for 1.2-BETA-1Root_RELENG_1_2 | Scott Ullrich | 2007-04-09 | 1 | -1/+1 |
| | |||||
* | If the interface is "lan" and bridging is enabled then skip creation of the ↵ | Scott Ullrich | 2007-04-09 | 1 | -0/+3 |
| | | | | DHCP Server subnet. Ticket #1281 | ||||
* | Remove configuration lock that would be acquired when you login to ssh after ↵ | Scott Ullrich | 2007-04-08 | 1 | -0/+2 |
| | | | | a firmware update. Ticket #1258 | ||||
* | Correct sysctl name.. it is movements not movement. | Scott Ullrich | 2007-04-08 | 1 | -2/+2 |
| | |||||
* | startup routed on boot if it's enabled | Bill Marquette | 2007-04-08 | 1 | -0/+4 |
| | |||||
* | Correct rrd_gateway path | Seth Mos | 2007-04-08 | 1 | -1/+1 |
| | |||||
* | Skip rule creation when interface_ip or remote_gateway is unknown | Scott Ullrich | 2007-04-07 | 1 | -0/+4 |
| | |||||
* | When a 0 byte configuration file is found, remove it (unlink) and continue ↵ | Scott Ullrich | 2007-04-07 | 1 | -12/+17 |
| | | | | processing. | ||||
* | Remove IP Compression box. A lot of further refactoring is going to be ↵ | Scott Ullrich | 2007-04-07 | 1 | -6/+0 |
| | | | | required to make this work and we do not have enough time to do so before 1.2 beta. | ||||
* | Ticket 1280: updated | Scott Dale | 2007-04-07 | 1 | -1/+1 |
| | |||||
* | Use -o when loading the pf ruleset. From the pfctl man page: -o ↵ | Scott Ullrich | 2007-04-07 | 1 | -1/+1 |
| | | | | | | Enable the ruleset optimizer. The ruleset optimizer attempts to improve rulesets by removing rule duplication and making better use of rule ordering. Specifically, it does four things: 1. remove duplicate rules 2. remove rules that are a subset of another rule 3. combine multiple rules into a table when advantageous 4. re-order the rules to improve evaluation performance A second -o may be specified to use the currently loaded ruleset as a feedback profile to tailor the optimization of the quick rules to the actual network behavior. It is important to note that the ruleset optimizer will modify the ruleset to improve performance. A side effect of the ruleset modification is that per-rule accounting statistics will have different meanings than before. Use -o when loading the pf ruleset. From the pfctl man page: -o Enable the ruleset optimizer. The ruleset optimizer attempts to improve rulesets by removing rule duplication and making better use of rule ordering. Specifically, it does four things: 1. remove duplicate rules 2. remove rules that are a subset of another rule 3. combine multiple rules into a table when advantageous 4. re-order the rules to improve evaluation performance A second -o may be specified to use the currently loaded ruleset as a feedback profile to tailor the optimization of the quick rules to the actual network behavior. It is important to note that the ruleset optimizer will modify the ruleset to improve performance. A side effect of the ruleset modification is that per-rule accounting statistics will have different meanings than before. | ||||
* | Cleanup IPSEC rules a bit. More work will be performed in this area over ↵ | Scott Ullrich | 2007-04-06 | 1 | -15/+3 |
| | | | | the weekend. | ||||
* | Both -HEAD and -RELENG_1 have had a hidden feature to allow IPSEC ↵ | Scott Ullrich | 2007-04-06 | 1 | -1/+9 |
| | | | | compression. Add a checkbox to the screen to allow this hidden value to be toggled. |