Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add py-speedtest-cli to packages. Ticket #5832 | Chris Buechler | 2016-02-06 | 1 | -0/+1 |
| | |||||
* | Fix NAS IP listing in captive portal. semi-related to Ticket #5656 | Chris Buechler | 2016-02-06 | 1 | -0/+1 |
| | |||||
* | Don't include 127.0.0.0/8 in unbound.conf in forward mode. Ticket #5750 | Chris Buechler | 2016-02-06 | 1 | -1/+3 |
| | |||||
* | Use a better check for whether there are DNS servers available with dynamic ↵ | Chris Buechler | 2016-02-06 | 1 | -5/+4 |
| | | | | WAN types. Ticket #4747 | ||||
* | Merge pull request #2587 from davidjwood/preserve-sshd-parent | Chris Buechler | 2016-02-06 | 1 | -1/+6 |
|\ | |||||
| * | Don't kill an sshd parent process on exit from /etc/rc.initial | David Wood | 2016-02-06 | 1 | -1/+6 |
| | | | | | | | | This stops exiting a shell running in an SSH session from terminating the parent sshd process, which has the unwanted side effect of killing all other sessions running under that sshd process (including cloned shell sessions). | ||||
* | | Merge pull request #2588 from davidjwood/rrd-ntp-offset | Chris Buechler | 2016-02-06 | 1 | -1/+1 |
|\ \ | |||||
| * | | Tell rrd that ntpd offset can be negative as well as positive | David Wood | 2016-02-06 | 1 | -1/+1 |
| | | | |||||
* | | | Verify a DNS server exists before allowing enabling of forwarding mode. ↵ | Chris Buechler | 2016-02-06 | 1 | -0/+26 |
| | | | | | | | | | | | | Ticket #4747 | ||||
* | | | Handle start/stop of OpenVPN client instances bound to gateway groups using ↵ | Chris Buechler | 2016-02-06 | 2 | -2/+26 |
| | | | | | | | | | | | | CARP IPs. Ticket #4858 | ||||
* | | | clean up text | Chris Buechler | 2016-02-06 | 2 | -4/+4 |
| | | | |||||
* | | | Fix get_interface_ip to return correct IP for CARP VIPs. Ticket #4858 | Chris Buechler | 2016-02-06 | 1 | -0/+4 |
|/ / | |||||
* | | Fix find_interface_ip for gateway groups with VIPs. Ticket #4858 | Chris Buechler | 2016-02-05 | 1 | -3/+3 |
|/ | |||||
* | $interface isn't used here. Wasn't before either, otherwise it would have ↵ | Chris Buechler | 2016-02-05 | 1 | -2/+0 |
| | | | | broken the get_configured_carp_interface_list. Ticket #5844 | ||||
* | Just show the IP to the user, the VIP's uniqid is meaningless noise to the ↵ | Chris Buechler | 2016-02-05 | 1 | -1/+1 |
| | | | | user. Ticket #5844 | ||||
* | Only show VIPs associated with the correct interface. Ticket #5844 | Chris Buechler | 2016-02-05 | 1 | -4/+5 |
| | |||||
* | Select appropriate VIP where one is configured. Ticket #5844 | Chris Buechler | 2016-02-05 | 1 | -1/+1 |
| | |||||
* | Add pfsync to the list of pre-defined packet capture filters. Also add ↵ | jim-p | 2016-02-05 | 1 | -2/+5 |
| | | | | negation for ESP that seems to have been accidentally omitted. | ||||
* | Store GIT_URL per session instead of using global conf | Renato Botelho | 2016-02-05 | 1 | -0/+7 |
| | |||||
* | Fix #5837 | Renato Botelho | 2016-02-05 | 1 | -23/+23 |
| | | | | | | | | | | | | | | | | | | | Since the introduction of pkg_with_pb(), direct calls to this function were added using the following format: if ! pkg_with_pb ... | tee -a $logfile; then What happened in this case is if was always getting a successfull return code from tee call, and pkg_with_pb return was always being ignored leading pfSense-upgrade to keep running when a fatal error happened. Since we need to print pkg output and also send it to log, _exec() call is the best option here. Added necessary flags to make sure necessary actions (unlock additional packages or cleaning up kernel package annotation) are executed on _exit call in fatal cases and replaced all direct calls by _exec() | ||||
* | Merge pull request #2586 from NOYB/HTML_Compliance_-_Status_/_OpenVPN | Renato Botelho | 2016-02-05 | 1 | -3/+2 |
|\ | |||||
| * | HTML Compliance - Status / OpenVPN | NOYB | 2016-02-05 | 1 | -3/+2 |
|/ | | | | | Start tag body seen but an element of the same type was already open. Stray start tag script. | ||||
* | Merge pull request #2585 from k-paulius/patch-pkg-syslog-v2 | Chris Buechler | 2016-02-04 | 2 | -1/+14 |
|\ | |||||
| * | Adding ability to run dhcp6c in debug mode. | k-paulius | 2016-02-04 | 2 | -1/+14 |
| | | |||||
* | | Set gif interface MTU in interface_gif_configure if it's not already ↵ | Chris Buechler | 2016-02-04 | 1 | -0/+14 |
|/ | | | | correct. Ticket #5842 | ||||
* | Fixed #5841 | Stephen Beaver | 2016-02-04 | 2 | -3/+4 |
| | |||||
* | Lessen the boot delay at the F1 prompt on nanobsd from ~12 seconds to ~6 ↵ | Chris Buechler | 2016-02-04 | 1 | -1/+1 |
| | | | | seconds. Ticket #3426 | ||||
* | Now that the fields on interfaces.php aren't hidden upon disabling the ↵ | Chris Buechler | 2016-02-04 | 1 | -18/+0 |
| | | | | interface, we don't want to handle disable separately from everything else, as that discards all the changes other than disabling the interface. Everything else with handling bringing down of interfaces is still handled correctly. semi-related to Ticket #2453 | ||||
* | Return blank rather than 0ms/0% for unmonitored gateways latency and loss. ↵ | Chris Buechler | 2016-02-04 | 2 | -3/+7 |
| | | | | Show on dashboard widget when a gateway is unmonitored. Ticket #2226 | ||||
* | Remove rc.restore_full_backup, remainder of full backup components were ↵ | Chris Buechler | 2016-02-04 | 2 | -20/+1 |
| | | | | removed already. | ||||
* | Enable gzip compression in nginx. | Chris Buechler | 2016-02-04 | 1 | -0/+3 |
| | |||||
* | Allow gateway weights up to 30, and add a check in filter.inc to prevent ↵ | Chris Buechler | 2016-02-04 | 2 | -1/+9 |
| | | | | creating too long of a route-to line. Related to pull request 1614 | ||||
* | Fix multi-session time counting for the FreeRADIUS start/stop case. Ticket #2164 | jim-p | 2016-02-04 | 1 | -1/+8 |
| | |||||
* | Fix typo in button class for CP status | jim-p | 2016-02-04 | 1 | -1/+1 |
| | |||||
* | Merge pull request #2584 from schinken/radvd-lifetime-defaults | Renato Botelho | 2016-02-04 | 1 | -0/+4 |
|\ | |||||
| * | Add defaults to radvd valid and preferred lifetime | schinken | 2016-02-04 | 1 | -0/+4 |
| | | |||||
* | | Make sure subnet_size() didn't return 0 | Renato Botelho | 2016-02-04 | 1 | -1/+3 |
| | | |||||
* | | Merge pull request #2435 from stilez/patch-7 | Renato Botelho | 2016-02-04 | 1 | -7/+39 |
|\ \ | |/ |/| | |||||
| * | variable | stilez | 2016-01-14 | 1 | -4/+4 |
| | | | | | | Used explode to array rather than to a list, and tested array size, so as not to assume it has exactly 2 parts separated by "/". | ||||
| * | fixing comment | stilez | 2016-01-14 | 1 | -10/+7 |
| | | |||||
| * | Subnet size logic | stilez | 2016-01-14 | 1 | -7/+42 |
| | | |||||
* | | Simplify is_linklocal() | Renato Botelho | 2016-02-04 | 1 | -20/+9 |
| | | |||||
* | | Merge pull request #2320 from stilez/patch-3 | Renato Botelho | 2016-02-04 | 1 | -14/+33 |
|\ \ | |||||
| * | | REBASE of #1786 and #1788, tightening three IP functions | stilez | 2015-12-23 | 1 | -14/+33 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resubmit of two PRs that couldn't be merged due to basecode conflicts is_linklocal() - tightened and made correctly IPv4/v6 agnostic per RFCs is_literalipaddrv6() - simplified is_hostnamewithport() - simplified IS_LINKLOCAL() is_linklocal has a few issues, including validating as linklocal, addresses that aren't linklocal according to RFC 4291, validating as a linklocal address input that could contain arbitrary text/no validation of reasonableness on any %(scope/interface) present, and appearing from its function name to be suitable for all linklocal addresses but actually not IPv4/v6 agnostic. 1) IPv4/6 agnostic: while IPv4 linklocal testing isn't much needed, not it should probably be recognised because some code handling linklocal may reasonably expect is_linklocal() to be IPv4/IPv6 agnostic. 2) For IPv6, it tests at least, that the purported scope/interface is [0-9a-z]+ otherwise user input or other text such as "fe80::%\n;ARBIRARYTEXT;" would be validated as a linklocal address and inserted into pf and perhaps other places without further detection, leading to possible vulnerabilities. Also tests scope/interface for a reasonable length of <= 64 chars "just in case". But it doesn't test more than this (and probably should test for valid scope/interface if present). 3) Follows RFC 4291 exactly: IPv6 linklocal isn't just "fe80::", it requires the rest of the first 64 bits to be zero too. The RFC defines it as '1111111010' + 54 zeros (Ref: https://tools.ietf.org/html/rfc4291#section-2.5.6 ) 4) Returns 4 or 6 to give a more exact response to the calling function as to whether the match was an IPv4 linklocal or IPv6 linklocal address (both evaluate to True for Boolean test purposes such as "if (is_linklocal(...))") Note: Net_IPv6::_Ip2Bin() can return shorter binary strings for IPv4 or "junk" input. So this code tests that it returned a 128 bit length, which ensure it was meaningful IPv6. IS_HOSTNAMEWITHPORT() simplified - we don't need to pop() or assign a new variable just to test 2nd member of the array IS_LITERALIPADDRV6() simplified - we don't need an expensive preg_match() to test if it's a valid IPv6 wrapped in "[" ... "]" | ||||
* | | | Isolate the check for @label in the end of hostname only for noip and noip-free | Renato Botelho | 2016-02-04 | 1 | -5/+8 |
| | | | |||||
* | | | Merge pull request #2574 from tiagobar/master | Renato Botelho | 2016-02-04 | 2 | -1/+8 |
|\ \ \ | |||||
| * | | | Dynamic DNS URL for NO-IP needs to be updated. | Tiago Barrionuevo | 2016-01-30 | 2 | -1/+8 |
| | | | | |||||
* | | | | Merge pull request #2579 from NOYB/HTML_Compliance_-_Status_/_DHCPv6_leases | Renato Botelho | 2016-02-04 | 1 | -2/+2 |
|\ \ \ \ | |||||
| * | | | | HTML Compliance - Status / DHCPv6 leases | NOYB | 2016-02-02 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | Stray end tag tr. Move stray tr end tags inside foreach loops. | ||||
* | | | | | Also switch admin password in the default config.xml to bcrypt. Ticket #4120 | jim-p | 2016-02-04 | 1 | -1/+1 |
| | | | | |