summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Don't remove all of /usr/local/libdata as obsolete files. User-installedRELENG_2_2_2Chris Buechler2015-04-131-1/+0
| | | | package contents may live there, factory default configs live there.
* Domain override with multiple authoritative DNS serversPhil Davis2015-04-131-1/+2
| | | | | | Tell users that this is possible in DNS Resolver and how to achieve it. The code in unbound.inc already supports it and works. I had asked for this in Redmine feature request #4350 and when I went to look at coding to implement it I found code that already did it. So IMHO it is worth telling users.
* Only initialize package's log if it doesn't existRobert Nelson2015-04-131-1/+2
|
* Remove obsolete logging code which is duplicated in system_syslogd_start()Robert Nelson2015-04-131-4/+0
|
* bump to 2.2.2-RELEASEChris Buechler2015-04-121-1/+1
|
* Setup ADI boards to boot only using serial to avoid duplicated output when ↵Renato Botelho2015-04-101-4/+14
| | | | VGA redirection is enabled
* Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564Chris Buechler2015-04-091-1/+7
|
* Allow single interface bridges. Useful with span port option, and when ↵Chris Buechler2015-04-081-2/+2
| | | | shuffling configuration around.
* Allow disabling the APIPA block via hidden config option. Very rarely ↵Chris Buechler2015-04-081-2/+8
| | | | necessary or desirable, but Amazon VPC VPNs use that as their tunnel subnet with BGP setups.
* Only restore rrd.tgz where platform is appropriate, or RAM disk beingChris Buechler2015-04-081-2/+2
| | | | used, otherwise you're restoring a probably old backup file. Ticket #4531
* Add Super Micro C2758 to the list of known platformsRenato Botelho2015-04-061-1/+4
|
* small correction of relative paths to iconsdneuhaeuser2015-04-061-3/+3
|
* Few minor text typosPhil Davis2015-04-064-9/+8
| | | | | | Note that advertise is spelt with an "s" in other places in the GUI, so making it consistent in services_ntpd - but maybe Americans do spell it "advertize" these days?
* diag_sockets show sockets listening on localhostPiBa-NL2015-04-061-2/+2
| | | | this helps pick a free port for services using sockets bound to localhost, and helps determine if the service has at least started and bound the port without needing to go through all 'connected' sockets as well
* Include additional subnets for RAs in radvd.conf. Ticket #4468Chris Buechler2015-04-041-1/+36
|
* Fix up Ticket #4504 implementation. Match config style with other areas. Use ↵Chris Buechler2015-04-043-18/+15
| | | | a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code.
* fix type. Ticket #4504Chris Buechler2015-04-041-1/+1
|
* Remove array_intersect_key here too, definitely not needed. add to ↵Chris Buechler2015-04-043-68/+1
| | | | obsoletedfiles
* uploadbar dir no longer neededChris Buechler2015-04-041-4/+0
|
* There is no longer any need to restrict protocols for IPv4+IPv6 rules, the ↵Chris Buechler2015-04-041-5/+0
| | | | appropriate ruleset is generated and problem scenarios that would otherwise break here are prevented by other input validation.
* remove dead code, clean up excess white space a bit.Chris Buechler2015-04-031-24/+0
|
* Prevent empty addresses for being put in the ruleset. Ticket #4564Ermal LUÇI2015-04-031-0/+3
|
* Ticket #4504 actually make it correctErmal LUÇI2015-04-031-1/+3
|
* Upgraded configurations should keep the default configuration of bypassing ↵Ermal LUÇI2015-04-031-0/+2
| | | | lan from ipsec. Ticket #4504
* Fixes #4504 Provide a newline to generate proper configErmal LUÇI2015-04-031-0/+1
|
* Fixes #4504 use correct key indexErmal LUÇI2015-04-031-1/+1
|
* Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent ↵Ermal LUÇI2015-04-032-0/+35
| | | | traffic sent to lan ip to go to the ipsec tunnel
* Fixes #4259 Use proper variable to do calculationsErmal LUÇI2015-04-032-5/+5
|
* Only use mobile clients PFS config with mobile ph2ent. Ticket #4538Chris Buechler2015-04-031-1/+1
|
* disable SSL validation for selfhost since it fails. Ticket #4545Chris Buechler2015-04-031-0/+1
|
* enable ike_name for daemon facility as well, to add connection identifiers ↵Chris Buechler2015-04-021-0/+1
| | | | to logs.
* Use real interface here for dhcrelay v6. Ticket #4572Chris Buechler2015-04-021-2/+2
|
* 0 could be valid for hostname aliases too. Ticket #4573Chris Buechler2015-04-021-1/+1
|
* Don't omit hosts specified as "0". Ticket #4573Chris Buechler2015-04-021-2/+2
|
* Bug #4566 Only route-to a gateway if it is not force_downPhil Davis2015-04-021-1/+1
| | | | When generating policy-routing rules there was no check if a gateway had force-down set, so gateway with force_down set would still get policy-routing rules written for it, even if skip_rules_gw_down was enabled.
* call this RCC-VE rather than C2358Chris Buechler2015-03-311-2/+2
|
* Add a check for whether IPsec is enabled, so it doesn't spit out "IPsecChris Buechler2015-03-311-4/+8
| | | | daemon not running or has a problem!" when IPsec isn't enabled.
* Add SCTP to protocol list for filtering.jim-p2015-03-311-1/+1
|
* Merge manually pull request #1593Ermal LUÇI2015-03-312-1/+3
|
* Fix encoding issues in Configuration History list.jim-p2015-03-311-4/+4
|
* Fix a few misc encoding issues in load balancer code.jim-p2015-03-316-10/+26
|
* Fixed minor spelling errorPhilip Hansen2015-03-301-1/+1
|
* Remove wireless cards from ALTQ-capable interfaces, since ALTQ is broken on ↵Chris Buechler2015-03-281-4/+5
| | | | wlandev in FreeBSD 10.x at the moment. Ticket #4406
* add missing )Chris Buechler2015-03-261-1/+1
|
* Include net.key.preferred_oldsa in the sysctl list, set to 0 (disable) soChris Buechler2015-03-261-0/+1
| | | | it doesn't fall through to the default (1).
* Voucher messages using wrong config field nameGertjan2015-03-261-3/+3
| | | | | | | | | | | | https://forum.pfsense.org/index.php?topic=91168.msg505273#msg505273 $config['voucher'][$cpzone]['msgnoaccess'] and $config['voucher'][$cpzone]['msgexpired'] do not exist. These should be $config['voucher'][$cpzone]['descrmsgnoaccess'] and $config['voucher'][$cpzone]['descrmsgexpired']
* RRD Graph Custom Tab display friendly descriptionPhil Davis2015-03-261-1/+5
| | | | | The other tabs of Status:RRD Graphs put the friendly description of each interface into the drop-down list for selection. This change makes the Custom tab do that also.
* Always include general setup DNS servers in unbound.confPhil Davis2015-03-261-6/+6
| | | | | | | | | | | | when forwarding mode is on. The General Setup setting "Allow DNS server list to be overridden by DHCP/PPP on WAN" has always been used in dnsmasq to ADD DHCP/PPP provided DNS servers to the list, while also keeping the DNS servers specified in General Setup. That behavior is needed if: 1) WAN1 static IP with upstream DNS server/s specified in General Setup and selecting the WAN1 gateway. WAN2 uses DHCP, DNS server received by DHCP from upstream. The user needs to tick "Allow DNS server list to be overridden by DHCP/PPP on WAN" to get the WAN2 DNS server to be used, but also wants the DNS server from General Setup to also be used. 2) WAN1 static IP, DNS server/s specified in General Setup. For whatever reason the user has also ticked "Allow DNS server list to be overridden by DHCP/PPP on WAN". In actual fact there are no WAN-style interfaces set to DHCP, so "allowing to be overridden" should not come into effect anyway - the DNS servers in General Setup should be used. 3) WAN1 DHCP, but the upstream DHCP does not give out any DNS server/s. "Allow DNS server list to be overridden by DHCP/PPP on WAN" is ticked. Again there are no DNS servers received via DHCP, so any "override" should not be invoked. In all cases, it turns out that actually we want any General Setup DNS servers to be included in the DNS forwarder/resolver conf in addition to whatever (if any) DNS servers happen to be provided from a DHPC-WAN. This change makes unbound behave that way - the same as dnsmasq already does.
* Only list nameservers once in resolv.confPhil Davis2015-03-261-3/+5
| | | | | | | | I was on a test system and had an upstream DNS server IP specified in System-General Setup. WAN was setup with a static IP and a gateway to that upstream device. All good. Then I also checked "Allow DNS server list to be overridden by DHCP/PPP on WAN" and changed WAN to be DHCP. It received by DHCP the same DNS server IP that already happened to be in General Setup (and the same gateway IP - not the issue here). /var/etc/resolv.conf had the name server line twice with the same IP address - once from the DHCP acquired data, and once from the General Setup data. I don't think it broke anything, but it does look odd. This change makes sure that DNS servers from General Setup are only added to resolv.conf when they are not already there.
* Status DHCP Leases handle expire neverPhil Davis2015-03-261-6/+16
| | | | | | | | | | | | | | Note: We can let the code pass "never" (or any other unexpected stuff) to adjust_gmt() adjust_gmt() should anyway handle the case when strtotime() cannot understand the input string and thus returns false. In that case we return the input string as-is so it will be displayed as the time. That way the user will see it and can report easily whatever other unexpected char data was in the leases file. It also prevents "false" (zero) being converted to the date-time string and thus becoming the Unix epoch 1 Jan 1970 on the display. Latest forum report of this kind of thing: https://forum.pfsense.org/index.php?topic=90083.0
OpenPOWER on IntegriCloud