summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove old write caching tunable as well. Ticket #4203Chris Buechler2015-01-121-1/+0
|
* Remove the settings to disable DMA, which have changed in FreeBSD 10.Chris Buechler2015-01-121-2/+0
| | | | Ticket #4203
* Do not leak firewall rules as well when (re)creating rulesErmal LUÇI2015-01-121-0/+3
|
* Fix spell typo spotted by phil-davisRenato Botelho2015-01-121-1/+1
|
* Fix typos introduced by chaning to explicit id specification when necessary. ↵Ermal LUÇI2015-01-121-5/+5
| | | | Fixes #4202
* Fix cut paste brain fadePhil Davis2015-01-121-1/+1
|
* Restart PHP-FPM allow to setup ini filePhil Davis2015-01-121-0/+2
| | | | | | | | | | | | | | I was just using console menu option 16 Restart PHP-FPM and it hung on a nanoBSD system. I found /tmp/php_errors.txt with this in it: "override rw-r--r-- root/wheel for /usr/local/etc/php.ini?" Flying blind at the console I entered "y", then /tmp/php_errors.txt had this: -------- rm: /usr/local/etc/php.ini: Read-only file system override rw-r--r-- root/wheel for /usr/local/lib/php.ini? -------- Pressed return at the console and it proceeded, presumably without re-writing php.ini It works much better when the file system is mounted RW :)
* Properly handle large passthrough entries even here.Ermal LUÇI2015-01-121-8/+13
|
* Use this generation now of committing pipes directly and only rules to put ↵Ermal LUÇI2015-01-121-5/+1
| | | | on ruleset to avoid memory pressure and the timelimit will than be enforced by the caller
* Revert "Ticket #3932 Use array_map to get more parallelism when there are ↵Ermal LUÇI2015-01-121-3/+7
| | | | | | many entries. This makes it not reach the execution timeout with large entries." This reverts commit 7077addc5a5058fab4b4dc7678270c1000d342c9.
* Actually improve the previous resource leak commit since the function is ↵Ermal LUÇI2015-01-121-21/+1
| | | | there but it was not being used during init_rules process.
* * Try to autodetect if the execution limit needs to be raised on big number ↵Ermal LUÇI2015-01-121-0/+31
| | | | | | | | | of passthrough entries. Set the time limit to 0 and restore it back to default value when this is detected. * Do not leak pipes when reloading ruleset for CP since this will consume available descriptors. This has been noted before but considered fixed, this is the real fix actually for dnpipes.
* Put the value of password under double quotes(") to avoid issues with ↵Ermal LUÇI2015-01-121-1/+1
| | | | special characters in passwords. Ticket #4177
* Do not override the passwd string. First it prevents the md5 working if the ↵Ermal LUÇI2015-01-121-4/+2
| | | | crypt() check fails and also is useless to override it since the parameter is passed by value and not by reference.
* Prevent echo to insert a newline(\n) at the secret string. Fixes #4177Ermal LUÇI2015-01-121-1/+1
|
* Ticket #3932 Use array_map to get more parallelism when there are many ↵Ermal LUÇI2015-01-121-7/+3
| | | | entries. This makes it not reach the execution timeout with large entries.
* Fix typos and set needed variableErmal LUÇI2015-01-121-3/+4
|
* properly apply the passthrough entries when apply is hitr.Ermal LUÇI2015-01-121-0/+3
|
* Fix inherent issues with isset and empty values set as true by our parser. ↵Ermal LUÇI2015-01-122-14/+20
| | | | This made the piep configuration to be wrong at least for passthrough entries. Ticket #3932
* Bring back showing of default value like previous versions.Chris Buechler2015-01-111-0/+4
|
* Do not return disabled dynamic gatewaysPhil Davis2015-01-111-6/+13
| | | | | | | | When a dynamic gateway is disabled (by the user through the webGUI), it was still being returned by return_gateways_array(). But when called like that, disabled gateways should not be returned. The first part of the routine was correctly skipping disabled gateways, but then the later part would effectively re-generate those dynamic gateways on-the-fly and not realise they should be skipped because they were disabled. This code now remembers gateway details of all the gateways, including skipped ones, so the dynamic gateway code can easily realise all gateways that have been already processed, even those that were processed and skipped. Forum: https://forum.pfsense.org/index.php?topic=86565.0 It fixes Gateway Status Widget - now if a dynamic gateway is disabled, it does not appear on the display. This will also stop disabled dynamic gateways from being returned to other callers. So there may/will be impacts on other parts of the system when a user disables a dynamic gateway. e.g. filter.inc - a gateway that has been disabled by a user canot be used in rules any more.
* Remove debug codeErmal LUÇI2015-01-111-2/+0
|
* Fixes #4177 convert password to base64 to be submitted to avoid issues with ↵Ermal LUÇI2015-01-112-2/+4
| | | | special chars in shell and HTTP GET parameter passing. Probably should add POST support to fcgicli.
* Fix POST typo in interfaces_assign.phpPhil Davis2015-01-111-1/+1
| | | | | | | Obviously a typo. But this section is inside: if (isset($_POST['add_x']) && isset($_POST['if_add'])) { and I cannot find where 'add_x' is ever sent here, so I do not see how this whole code section is ever executed (and that will be why this typo bug has no symptoms). What is the history here? Can the whole block of code be removed? The code normally executed is the section for 'Submit' lower down.
* Fixes #3281 do not undo any changes already done for gif/gre interface.Ermal LUÇI2015-01-101-9/+13
|
* Properly rename the var Ticket #4164Ermal LUÇI2015-01-101-3/+3
|
* Default to only AES and SHA1 for new P2s.Chris Buechler2015-01-091-2/+2
|
* Default IPsec to AESChris Buechler2015-01-091-1/+1
|
* Default IPsec to main mode, unless mobile client.Chris Buechler2015-01-091-2/+4
|
* Do not count twice the phase2 entriesErmal LUÇI2015-01-091-6/+10
|
* Just some reshufling and cleanupErmal LUÇI2015-01-091-5/+4
|
* Let the kernel handle REQID rather than handling it manually. The connection ↵Ermal LUÇI2015-01-091-2/+0
| | | | name is the one needed here.
* Add tracker and label to IPv4 Link-Local block rules.jim-p2015-01-091-2/+2
|
* After the other set of changes had unexpected complications, let's back this ↵Chris Buechler2015-01-091-1/+1
| | | | | | out too. Revert "PEAR static method call warning" This reverts commit 4751f76a6772147097906b699d4216ae38c58c39.
* This broke a variety of things. Revert "Deprecated and non-static method ↵Chris Buechler2015-01-097-224/+224
| | | | | | messages" This reverts commit 91b9a02fb131746c67fdf9f34282f123a13f1b13.
* PEAR static method call warningPhil Davis2015-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | Forum https://forum.pfsense.org/index.php?topic=86478.0 PEAR is used by IPv6.inc auth.inc captiveportal.inc radius.inc xmlrpc_client.inc radius_accounting.inc radius_authentication.inc I have just changed this 1 function to "public static" Also used are: PEAR::raiseError PEAR::loadExtension (already has "static function") Not sure if PEAR::raiseError will throw a similar "static method" call warning, not game to touch it.
* disable this PHP error logging, errors that are really significant end up ↵Chris Buechler2015-01-091-2/+3
| | | | with a crash report, this is more noise than useful at this stage in 2.2.
* Make this code less memory hungry and fix route command generationErmal LUÇI2015-01-081-19/+17
|
* Catch packets on all iunterfaces and send them out the correct one. Fixes #4174Ermal LUÇI2015-01-081-4/+4
|
* Deprecated and non-static method messagesPhil Davis2015-01-087-224/+224
| | | | | | | | | | | | | | | | Fix various files that can emit messages like: PHP Strict Standards: Non-static method SimplePie_Misc::array_unique() should not be called statically, assuming $this from incompatible context in /etc/inc/simplepie/simplepie.inc on line 5508 php-fpm[16262]: /rc.newipsecdns: PHP ERROR: Type: 8192, File: /etc/inc/shaper.inc, Line: 4365, Message: Assigning the return value of new by reference is deprecated Some of these style messages have been reported on the forum, e.g. https://forum.pfsense.org/index.php?topic=86448.0 I had RSS widget on, and simplepie sent the system beserk telling about all this stuff.
* Improve URL and URL ports alias update data:Renato Botelho2015-01-082-53/+45
| | | | | | | | | | | | - Move redundant code to a function parse_aliases_file(). Before the max number of items was not being respected when URL content is updated, only when alias was saved. Same was happening with ip/subnet/port validation and user could end up with a bad pf.conf - Remove unused variables These changes were based on Pull Request #1264. It should fix #4189 Submitted by:▸ PiBa-NL
* Change OpenVPN CARP VIP test to be more accurate. The client should also not ↵jim-p2015-01-081-2/+2
| | | | be run if the VIP is in the INIT state.
* Unobsolete libcurl.so.4 since it's installed by recent versions of curl packageRenato Botelho2015-01-081-1/+0
|
* Fix check for cookies, the way it was implemented didn't work because it ↵Renato Botelho2015-01-081-15/+16
| | | | would need a refresh to check if cookie was set or not. Use javascript to do a simple test
* Add a value to cookie, otherwise it's not set. Before my last change ↵Renato Botelho2015-01-081-1/+1
| | | | parameters were out of order and expiration time was being set as value. It should fix #4069
* This is not the place for this setting and werid its here!Ermal LUÇI2015-01-081-6/+0
|
* some lagg modes are missing vlanmtu, but work fine with VLANs. Work around ↵Chris Buechler2015-01-081-0/+4
| | | | it for now at least. Ticket #4186
* Also include /127 for IPv6, it works fine. Ticket #3657Chris Buechler2015-01-071-5/+3
|
* Allow for configuring /31 masks on interfaces.php. The rest of the code was ↵Chris Buechler2015-01-071-10/+6
| | | | updated accordingly some time ago, and an employee with Cox Communications has confirmed this allows things to work on their circuits deployed with /31s. Ticket #4190
* "Like with like" - move a few functions to better places in the code (they ↵stilez2015-01-071-87/+88
| | | | | | | | are placed strangely) A few functions such as ipcmp(), subnet_expand(), and check_subnets_overlap() are in illogical places - away from all the other ip comparison and subnet basic functions and in the middle of alias handling and interface enumeration. No change to functional code, just moving to earlier in the file (next to other IP compare and subnet functions) for ease of future contributors.
OpenPOWER on IntegriCloud