summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Specify keyUsage and extendedKeyUsage in openssl.cnf, use crl_ext.Chris Buechler2015-07-201-6/+6
|
* Merge pull request #1764 from doktornotor/patch-2Renato Botelho2015-07-193-4/+4
|\
| * Fix capsdoktornotor2015-07-181-1/+1
| |
| * Bug #4551 - consistent usage of Forwarder/Resolver across the WebGUIdoktornotor2015-07-181-2/+2
| | | | | | Clarify that this applies to DNS Resolver as well. Update the translations template.
| * Bug #4551 - consistent usage of Forwarder/Resolver across the WebGUIdoktornotor2015-07-181-1/+1
| | | | | | Clarify that this applies to DNS Resolver as well.
| * Bug #4551 - consistent usage of Forwarder/Resolver across the WebGUIdoktornotor2015-07-181-1/+1
|/ | | Clarify that this applies to DNS Resolver as well.
* Merge pull request #1738 from phil-davis/Static-RoutesRenato Botelho2015-07-185-30/+88
|\
| * Switch logic of $disabled tests system_gatewaysPhil Davis2015-07-181-10/+8
| |
| * Static routes merge "else" and "if" into "else if"Phil Davis2015-07-122-26/+22
| | | | | | | | As suggested by Renato.
| * Fix #4813 validation of enable/disable of gateways and static routesPhil Davis2015-07-055-30/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) A disabled gateway can always be enabled - no extra validation needed. 2) When disabling an enabled gateway, check to see that the gateway is not used in any gateway group or enabled static route (similar tests to what is already checked before deleting a gateway). 3) A static route can always be disabled - no extra checks needed. 4) When enabling a static route, check that the selected gateway is enabled - you cannot have a static route enabled on a disabled gateway. 5) Do the address family cross-check between static route and gateway even when the static route is disabled - we do not want to save mismatched IP address families in any case. This covers all the cases I can see to ensure that the enable/disable status combinations of Gateways and Static Routes is always valid.
* | Merge pull request #1763 from doktornotor/patch-4Renato Botelho2015-07-181-4/+4
|\ \
| * | Add labels to some default firewall rulesdoktornotor2015-07-181-4/+4
| | | | | | | | | ... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers. This is for master branch.
* | | Merge pull request #1759 from phil-davis/patch-2Renato Botelho2015-07-181-1/+2
|\ \ \
| * | | Really avoid error loading rules for numeric host name in aliasPhil Davis2015-07-171-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports: There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 } and /tmp/rules.debug has: table { 23 } Zqw = "" which pf does not cope with. This change will differentiate between a number in the context of a port alias and a number that is_hostname. This time I think it really works :) The call to alias_get_type() needed to send the alias name as parameter. alias_get_type() is a bit expensive - it scans through the whole list of aliases looking for a match on the name. So I made this code just call it once for the name and then use that $alias_type var each time as it loops through all the addresses in an alias. I have tried this successfully with a few combinations of nested port/host/network aliases. But maybe there is some wacky combination of nested aliases possible that could still break this? I don't see how, but it needs testing on some configs that have all sorts of nested alias types.
* | | | Merge pull request #1760 from doktornotor/patch-1Renato Botelho2015-07-181-4/+4
|\ \ \ \ | |_|/ / |/| | |
| * | | Fix Firewall - Aliases GUI inconsistencies for URL Table type aliasesdoktornotor2015-07-171-4/+4
| | | | | | | | | | | | The GUI should show descriptions according to what's selected from the dropdown, but currently does not for URL Table (IPs) and URL Table (Ports) type of aliases.
* | | | sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of ↵Chris Buechler2015-07-181-33/+47
|/ / / | | | | | | | | | unnecessary loop that'll amplify notifications unnecessarily.
* | | Fixes for IPSec ASN1.DN, ticket #4792Renato Botelho2015-07-171-7/+17
| | | | | | | | | | | | | | | | | | - Do not add leftid to confir when value is empty - When asn1dn param is in binary form, explicit type - Always add double quotes for asn1dn
* | | only add outgoing-interface if it's an IP. Ticket #4852Chris Buechler2015-07-171-2/+2
|/ /
* | Fix #4794:Renato Botelho2015-07-173-3/+24
| | | | | | | | | | - Add a upgrade code to fix asn1dn string format to match strongSwan needs - Bump config version to 11.8
* | Merge pull request #1758 from phil-davis/patch-2Renato Botelho2015-07-171-4/+4
|\ \
| * | Restrict serial ports glob to cua followed by alphaPhil Davis2015-07-161-3/+3
| | | | | | | | | Improve this a little more to match only alpha after /dev/cua (/dev/cuau for example)
| * | Make serial ports glob cope with many more possibilitiesPhil Davis2015-07-161-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It originally coped with things like cuau1 cuau1.1 Then I made it cope with things like cuau1 cuau11 but it stopped working for cuau1.1 This one copes with: cuau1 cuau1.1 cuau1.11 cuau11 cuau11.1 cuau11.11 That should allow for all sorts of reasonable device name files without matching other stuff in /dev (like cuau1.init cuau1.lock) that we need to ignore. Please think if I have covered the bases here.
* | | Revert "myid_data and peerid_data fields are not relevant with asn1dn."Chris Buechler2015-07-161-5/+1
| | | | | | | | | | | | This reverts commit 0e19c4bba659a5f4d28f9c8b20c80717a90964b9.
* | | myid_data and peerid_data fields are not relevant with asn1dn.Chris Buechler2015-07-161-1/+5
| | | | | | | | | | | | | | | Conflicts: usr/local/www/vpn_ipsec_phase1.php
* | | Add leftid and rightid value between double quotes on ipsec config when type ↵Renato Botelho2015-07-162-3/+8
| | | | | | | | | | | | is asn1dn. Ticket #4792
* | | Remove old, unused NetUtils.jsChris Buechler2015-07-162-114/+1
|/ /
* | Revert "Avoid error loading rules for numeric host name in alias"Renato Botelho2015-07-151-1/+1
| | | | | | | | This reverts commit 81a73bcba3b3a79bb3a7add2e14a46e6af748f50.
* | Merge pull request #1741 from phil-davis/patch-2Renato Botelho2015-07-151-6/+6
|\ \
| * | Fix issue_ip_type var name spellingPhil Davis2015-07-121-6/+6
| | | | | | | | | Actually there was no real problem, but having a mis-spelling like this means that English speakers will waste time (like I did) double-checking to see if the mis-spelling would cause a real problem.
* | | Merge pull request #1742 from phil-davis/patch-3Renato Botelho2015-07-151-1/+1
|\ \ \
| * | | Firewall Aliases Import display error message for invalid alias namePhil Davis2015-07-121-1/+1
| |/ / | | | | | | | | | If you open firewall_aliases_import and enter just an invalid Alias Name (e.g. a$b) and press save or press save with all fields empty, then the screen redraws but the input error(s) is not displayed. This fixes it.
* | | Merge pull request #1743 from phil-davis/patch-4Renato Botelho2015-07-151-0/+1
|\ \ \
| * | | Firewall Aliases Edit ensure input_addresses array existsPhil Davis2015-07-121-0/+1
| |/ / | | | | | | | | | | | | | | | If you click "+" to add an alias, then press Save without entering anything, you get: Warning: Invalid argument supplied for foreach() in /usr/local/www/firewall_aliases_edit.php on line 402 as well as the various messages related to $input_errors. This change ensures that $input_addresses array always exists (even if it has no real entries) so that the foreach() warning does not happen.
* | | Merge pull request #1744 from phil-davis/patch-5Renato Botelho2015-07-151-1/+1
|\ \ \
| * | | Avoid error loading rules for numeric host name in aliasPhil Davis2015-07-121-1/+1
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports: There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 } and /tmp/rules.debug has: table <Zqw> { 23 } Zqw = "<Zqw>" which pf does not cope with. It is possible to have a host name that is a number, and end up with a domain name like 23.mycompany.com - unfortunately some Wally allowed such things in standards many years ago, so it can be rather difficult to tell the difference between a number and a host name. This change improves the check when looking through alias entries and deciding if they are meant to be a name or a "bottom-level" value (address, subnet, port, port range). Anything that ends up looking like a host name gets given to filterdns to sort out. "Names" like "23" now get given to filterdns instead of being put directly into the table in pf. This makes things happier. Even if filterdns cannot resolve "23", at least it tries and nothing barfs.
* | | Merge pull request #1745 from phil-davis/patch-6Renato Botelho2015-07-151-2/+2
|\ \ \
| * | | Interfaces GIF Edit fix do_input_validationPhil Davis2015-07-131-2/+2
| |/ / | | | | | | Make the required fields be correct and match thier text names, which should each have their own gettext() cal so as to build a proper array at line 81. Basically it was all broken and the errors displayed when field/s were left empty were rubbish.
* | | Merge pull request #1746 from phil-davis/patch-7Renato Botelho2015-07-151-2/+2
|\ \ \
| * | | Interfaces GRE Edit fix required fields textPhil Davis2015-07-131-2/+2
| |/ / | | | | | | | | | The reqdfields had only 4 entries but reqdfieldsn has 5 entries and the field names to text descriptions did not match up. Fixed it.
* | | Merge pull request #1747 from phil-davis/patch-8Renato Botelho2015-07-151-15/+17
|\ \ \
| * | | Interfaces PPPs edit avoid foreach() warningPhil Davis2015-07-131-15/+17
| |/ / | | | | | | | | | If you go to Interfaces, assign, PPPs, press "+" to add an entry, then press Save without entering anything then you get a warning about the foreach() here. The is_array() check fixes it.
* | | Merge pull request #1749 from phil-davis/cancel-refererRenato Botelho2015-07-1535-35/+210
|\ \ \
| * | | Cancel button after input errorPhil Davis2015-07-1335-35/+210
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If there is an input error then the edit page is redrawn showing the input errors. The HTTP_REFERER becomes the current page, rather than the true original referer. Then if you click Cancel the current page is just redrawn. This change makes the code remember the original referer, so if the user enters some invalid data, presses Save, reads the input error messages then presses Cancel they are taken back out to the original page - the same as if Cancel was used before Save.
* | | Merge pull request #1752 from phil-davis/patch-9Chris Buechler2015-07-141-1/+6
|\ \ \
| * | | Fix glob for serial device namesPhil Davis2015-07-141-1/+6
| | | | | | | | | | | | | | | | Removing the "." that was in {,.[0-9]} allows it to match /dev/cuau10 and onward. I added lots of comments on the glob expression, because the format of the glob expression is not the same as an ordinary regex.
* | | | Fix adding of VoIP rules from traffic shaper wizard where IP/alias is notChris Buechler2015-07-141-0/+6
| | | | | | | | | | | | | | | | specified.
* | | | Merge pull request #1753 from mortencombat/patch-1Chris Buechler2015-07-141-2/+2
|\ \ \ \ | |/ / / |/| | |
| * | | Fix GratisDNS supportmortencombat2015-07-141-2/+2
|/ / / | | | | | | The current implementation is not working for me, maybe the interface was changed by GratisDNS? I tested the update URL manually with the IP added ("&i=<ip>") which fixed the issue for me. Code adjusted to include IP.
* | | Merge pull request #1748 from phil-davis/patch-9Chris Buechler2015-07-131-4/+4
|\ \ \ | |/ / |/| |
OpenPOWER on IntegriCloud