summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Eliminate the "this_device" test from the resync check in rc.openvpn.jim-p2015-03-251-8/+4
| | | | | | It is not necessary to check, as the only times a gateway event should trigger the VPN to restart are when the current and new devices differ. This also allows us to simplify the code a bit and eliminate some single-use variables. See the discussion at https://github.com/pfsense/pfsense/commit/4aefcf915112b38784b06abc8dd9a26d9a4960b3
* The logic of this test seems to be incorrect.jim-p2015-03-241-1/+2
| | | | | If the interface is the same, this test will fail, and that's the one case that should not need a resync. The logic in this test has been flipped and reversed a few times over the years and without comments it's difficult to discern its true purpose.
* Be consistent about Unbound service descriptive namePhil Davis2015-03-231-1/+1
| | | | | | | | | | | | Forum: https://forum.pfsense.org/index.php?topic=91075.0 For DNS Forwarder (dnsmasq) 1) dnsmasq is the name of the service 2) DNS Forwarder is the text description Make Unbound consistent with that, so that menu names and services status display and... work in the same way: 1) unbound is the name of the service 2) DNS Resolver is the text description
* Use is_numericint() instead of empty() to check if value has been entered ↵k-paulius2015-03-231-4/+4
| | | | because empty() does not allow 0, which is a valid value.
* Make sure 'DHCPv6 Prefix Delegation size' is provided if 'Send IPv6 prefix ↵k-paulius2015-03-231-0/+3
| | | | hint' flag is checked to avoid generating invalid dhcp6c configuration file.
* Handle release number in installerPhil Davis2015-03-231-2/+3
| | | | | This code just looked wrong. It was considering 10.1-RELEASE-p6 to be release number "1" and comparing it to "9". These changes to do what it seems to intend. This will make that UFS+J stuff appear, if that is of any consequence.
* Use `none` instead of a whitespace in sshd_configJose Luis Duran2015-03-201-2/+2
| | | | Use the `none` keyword instead of a whitespace to disable the FreeBSD version in sshd_config.
* Add option for wireless standard "auto", to omit "mode" entirely from ↵Chris Buechler2015-03-182-4/+15
| | | | ifconfig. This shouldn't be necessary, but specifying mode has proven to trigger driver problems that don't exist if it's left unspecified (such as FreeBSD PR 198680). Chosing "auto" fixes ath(4) BSS mode issues otherwise preventing it from connecting.
* change the location of jquery-ui images in each theme's css fileJared Dillard2015-03-189-144/+144
|
* Bump version to 2.2.2-DEVELOPMENTRenato Botelho2015-03-181-1/+1
|
* Cleanup code path when adding a new userPhil Davis2015-03-181-2/+2
| | | | | | | | | | | | | 1) Only attempt to delete the oldusername if it actually was non-empty - at the moment errors are logged in the system log when adding a new user, because the code was trying to delete the user name "". 2) Call local_user_set() first to create (change, whatever) the user record. This makes the user record exist for a new user. Then call local_user_set_groups() to sort out what groups the user should be in or not in. The existing code would fail to add a new user to the specified group/s because local_user_set_groups() was called too early, before the user actually existed. Typical system log errors from the old code: Mar 18 17:10:31 php-fpm[9542]: /system_usermanager.php: Tried to remove user but got user pw instead. Bailing. Mar 18 17:10:31 php-fpm[9542]: /system_usermanager.php: The command '/usr/sbin/pw groupmod admins -g 1999 -M '0,2003,2006,2008' 2>&1' returned exit code '67', the output was 'pw: user `2008' does not exist' From looking at the code history, I think this has been this way for a long time, not a new bug at all. Discussed in forum: https://forum.pfsense.org/index.php?topic=90700.msg501766#msg501766
* Do not allow VLAN tag zeroPhil Davis2015-03-181-1/+1
| | | | | At the moment you can make a VLAN with tag 0. The input validation does not catch it because when $_POST['tag'] = "0" that evaluates to false by PHP. Always make the checks on 'tag' value whenever the 'tag' key is set at all. If the (required) 'tag' key is not set, then that is already checked for by do_input_validation().
* Use subnet address in OPT net rulesPhil Davis2015-03-161-9/+11
| | | | | | | | | Example: LAN IP 10.0.1.1/24 OPT1 IP 10.0.2.1/24 Rules with SRC or DST LANnet correctly have 10.0.0.0/24 (the subnet base address) in /tmp/rules.debug Rules with SRC or DST OPT1net have 10.0.2.1/24 (the OPT1 IP address with OPT1 net mask) in /tmp/rules.debug It still works (I think) because actually 10.0.2.1/24 and 10.0.2.0/24 interpreted as a subnet still describes the same set of IP addresses, but it looks odd, as reported by: https://forum.pfsense.org/index.php?topic=90096.msg498474#msg498474 Same issue with IPv6 for OPT1net rules. This fixes the rule generation to that OPT1net uses the base subnet address in the rule, in the same way that LANnet and WANnet does.
* pfSsh.php readline function return valuePhil Davis2015-03-161-1/+1
| | | | This just looks wrong. But I guess the code path never comes through here because function readline() already exists in the environment of this script.
* It's time for 2.2.1-RELEASERELENG_2_2_1Renato Botelho2015-03-131-1/+1
|
* txpower was disabled for good reason it would appear, it triggers syntax ↵Chris Buechler2015-03-132-2/+6
| | | | errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516
* Apply WME input validation to all modes, not just hostap. Ticket #4516Chris Buechler2015-03-131-5/+5
|
* Default to 11ng if an option hasn't been configured. Previously we let the ↵Chris Buechler2015-03-131-1/+7
| | | | browser pick the first in the list (the first the card reported as available), which ended up being 802.11b. Ticket #4516
* Default to WPA2, AES for new wireless interface configs. Ticket #4516Chris Buechler2015-03-131-2/+2
|
* Auto-size the interface box on the bridge edit page.Chris Buechler2015-03-131-1/+2
|
* touch up interfaces.php textChris Buechler2015-03-137-10/+10
|
* Require WPA PSK where WPA-PSK is enabled. Clean up some other text. Ticket #4516Chris Buechler2015-03-127-10/+15
|
* clean up input errors textChris Buechler2015-03-127-9/+9
|
* add missing double == in ipsec.incChris Buechler2015-03-121-1/+1
|
* Missin double equals in captiveportal.incPhil Davis2015-03-121-1/+1
| | | | | | Looking at where this is nested inside various if statements, I do not think this error did too much harm - only to the $mac['descr'] - in this particular code flow $username is not used for important stuff after this point. Conflicts: etc/inc/captiveportal.inc
* Fix up text, remove "only for Atheros" since the option is only shown if a ↵Chris Buechler2015-03-127-5/+5
| | | | compatible card exists.
* "Auto" channel with hostap doesn't work correctly at the moment, force ↵Chris Buechler2015-03-121-0/+4
| | | | choosing a specific channel with hostap mode for now.
* Set txpower since that seems to work fine now. Explicitly set authmode wpa ↵Chris Buechler2015-03-121-2/+5
| | | | here, though it's also handled by the supplicant/authenticator. Ticket #4516
* Do not start filterdns during boot until a proper fix is done. Ticket #4296Renato Botelho2015-03-122-18/+22
|
* add more wireless validation. Ticket #4516Chris Buechler2015-03-121-1/+4
|
* Add more validation for wireless config settings. Ticket #4516Chris Buechler2015-03-121-0/+22
|
* Add more input validation for wireless parameters. Ticket #4516Chris Buechler2015-03-121-0/+36
|
* Touch up wifi textChris Buechler2015-03-127-12/+12
|
* If we bail not being able to find the P1 source, log an error.Chris Buechler2015-03-121-1/+3
|
* White space in ipsec.incPhil Davis2015-03-121-10/+10
|
* White space in filter.incPhil Davis2015-03-121-44/+44
| | | | | Conflicts: etc/inc/filter.inc
* use-compression is no longer a valid config option in lighttpd, it can't be ↵Chris Buechler2015-03-121-3/+0
| | | | enabled. This just throws an error in the log, remove it.
* Fix IPsec on CARP IPs, broken when fixing IPsec with gateway groups and VIPs.Chris Buechler2015-03-121-5/+9
|
* clean up unique IDs text a bit.Chris Buechler2015-03-111-2/+2
|
* Move libstrongswan-unity.so when Unity plugin is disabled so it can't modify ↵Chris Buechler2015-03-111-3/+13
| | | | | | | the P2. Workaround for Ticket #4178 Conflicts: etc/inc/vpn.inc
* Proper fix #4443, do not unset carp entry when content differ, also set ↵Renato Botelho2015-03-111-3/+7
| | | | correct real interface and use subnet to check IP protocol
* Detect when broken rc.firmware is running, fix it and restart. This should ↵Renato Botelho2015-03-111-0/+21
| | | | fix #4328
* Remove -U from mtree call used to restore files permissions, this is ↵Renato Botelho2015-03-111-1/+1
| | | | replacing symlink targets by the old values. Ticket #4328
* Save vip interface and subnet to use to delete old vips from secondary ↵Renato Botelho2015-03-111-13/+14
| | | | nodes. Fixes #4446
* Revert "Use a consistent variable name here. related to Ticket #4446"Renato Botelho2015-03-111-4/+4
| | | | This reverts commit 0e7954b8a333d7ca92f56c86c74e2d9d7457b546.
* add granular control of state timeouts. Ticket #4509Chris Buechler2015-03-112-3/+246
|
* Explicit disable ssl.use-compression on lighty config. It should fix #4230Renato Botelho2015-03-111-0/+3
|
* Remove BEAST protection option since default cipher is now good and works ↵Renato Botelho2015-03-112-57/+2
| | | | with hifn cards
* Add a log message when hostres SNMP module is ignored on APU boardsRenato Botelho2015-03-111-5/+9
|
* Disable SNMP hostres module on APU boards until we figure out why it's ↵Renato Botelho2015-03-111-1/+5
| | | | crashing on this specific board. Ticket #4403
OpenPOWER on IntegriCloud