Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Include filter.inc for the ipfw load function. | Ermal | 2010-05-19 | 1 | -0/+1 |
| | |||||
* | Check if interface exists before issuing a command when disabling captiveportal. | Ermal | 2010-05-07 | 1 | -6/+8 |
| | |||||
* | The gui defaults to https in 2.0 correct it to make sure it is not stopped ↵ | Ermal | 2010-05-05 | 1 | -3/+3 |
| | | | | by CP on the CP interface[s]. | ||||
* | Ticket #565. Correct deleting passthru mac entries. revert back to always ↵ | Ermal | 2010-05-03 | 1 | -28/+36 |
| | | | | allow a passthru mac as with allowed ips. Remove the check during login for passthru mac entries they will never make it to the login page. | ||||
* | Ticket #566. Reimplement the allowed ips keeping previous funcitonality and ↵ | Ermal | 2010-05-03 | 1 | -39/+110 |
| | | | | improving by adding a both direction. The problem with previous commit is that it always assumes that allowed ip address would have a pipe configured and entires without one would just get dropped. | ||||
* | Make pasthrough GUI code catch-up with the latest changes. | Ermal | 2010-04-20 | 1 | -1/+1 |
| | |||||
* | Use tables of ipfw for passthrough mac entries. This makes it scale way ↵ | Ermal | 2010-04-20 | 1 | -68/+13 |
| | | | | better than previously. Fix multiple entries on adding mac through entries automatically after login for the same user. The changes allow even pass through mac to be controlled from the Status->Captiveportal. Use serialize/unserialize on some files that keep temporary information to speed up calculations. Really allow mac passthrough to follow radius rules or time out rules when present. | ||||
* | Add a new option which allows the admin user to configure CP so that it ↵ | Ermal | 2010-04-20 | 1 | -114/+175 |
| | | | | automatically enters an MAC passthru entry. The MAC is taken from login details and has to be removed manually. Also do improvements on rules handling and pipes. Add some optmizations. Teach the GUI/backend on ip/mac passthrough to configure a bw limit for this entries. | ||||
* | radius.inc already has this includes so do not include them explicitly. This ↵ | Ermal | 2010-04-14 | 1 | -2/+0 |
| | | | | unbreaks the loading of bcmath module since PEAR.inc is not yet included! | ||||
* | Use the ipfw(4) list functionality to reduce rules even more. Add allow ↵ | Ermal | 2010-03-17 | 1 | -28/+38 |
| | | | | rules for accessing pfSense webgui to not lock out operators behind the CP. Remove redundant rule regarding dns. Probably every dns request should be forwarded to the local dns server to not force clients to use the pfSense forwarder! | ||||
* | Add intermmediate certificate support to CP config page. | Ermal Luçi | 2010-03-01 | 1 | -1/+5 |
| | |||||
* | Include propper includes. | Ermal Luçi | 2010-02-26 | 1 | -0/+2 |
| | |||||
* | Put this code on propper context. | Ermal Luçi | 2010-02-26 | 1 | -6/+6 |
| | |||||
* | correct icmptypes so CP IP can be pinged | Chris Buechler | 2010-02-21 | 1 | -3/+3 |
| | |||||
* | Try to prevent empty interfaces. | Ermal Luçi | 2009-12-07 | 1 | -2/+4 |
| | |||||
* | Rework includes/require. This saves about 4 megabytes. | Scott Ullrich | 2009-11-21 | 1 | -2/+0 |
| | | | | Simplify get_memory(). Tested on mips/i386 | ||||
* | Properly correct ipfw rule. | Ermal Luçi | 2009-11-15 | 1 | -2/+2 |
| | |||||
* | Revert "Correct ipfw rule." | Ermal Luçi | 2009-11-15 | 1 | -2/+2 |
| | | | | | | Error of copy paste This reverts commit 0f6fdf29a2f31bbf816eb3df33c3f1fc38c8b2a6. | ||||
* | Correct ipfw rule. | Ermal Luçi | 2009-11-15 | 1 | -2/+2 |
| | |||||
* | Not sure why this was changed like this. As is, you couldn't disconnect the ↵ | Chris Buechler | 2009-11-15 | 1 | -4/+2 |
| | | | | first client. I don't see any reason to do it that way, and this is the way it's done in RELENG_1_2 | ||||
* | always return the IP address hosting the page, rather than forcing to the ↵ | Chris Buechler | 2009-11-14 | 1 | -0/+10 |
| | | | | hostname, requiring functional DNS name resolution which possibly doesn't exist. Restores 1.2.x behavior where client IP isn't in the same subnet as any CP-enabled interface. | ||||
* | actually allow DNS to forwarder. CP is still broken, but this is closer at ↵ | Chris Buechler | 2009-11-14 | 1 | -1/+3 |
| | | | | | | least. pointy-hat-to: eri | ||||
* | Allow udp only from/to our local dns server. If wanted pass through can be ↵ | Ermal Luçi | 2009-11-11 | 1 | -2/+2 |
| | | | | added. | ||||
* | - Should fix captive portal on carps Issue #116 | Ermal Luçi | 2009-11-10 | 1 | -3/+20 |
| | | | | | - Should fix the captive portal not working reports and Issue #118 NOTE: Now Captive portal is open on dns so no more is needed to add dns servers to pass through ips. | ||||
* | Forward all udp request to port 53(DNS) to our local server. This allows ↵ | Ermal Luçi | 2009-09-23 | 1 | -1/+1 |
| | | | | people with other dns configured other than the one in pfSense to still be able to authenticate in the CP. | ||||
* | Only unload ipfw.ko if it is loaded. Doh | Scott Ullrich | 2009-09-21 | 1 | -1/+2 |
| | |||||
* | set 2/3 are no more used with ipfw. | Ermal Luçi | 2009-09-20 | 1 | -2/+0 |
| | |||||
* | Move the allowed ips to set 1 as well. | Ermal Luçi | 2009-09-20 | 1 | -4/+4 |
| | |||||
* | Forward everything to the CP portal page since some people might have ↵ | Ermal Luçi | 2009-09-20 | 1 | -1/+1 |
| | | | | proxies in between. | ||||
* | Remove the anti lockout rule on captive portal ruleset this opens a can of ↵ | Ermal Luçi | 2009-09-20 | 1 | -10/+0 |
| | | | | worms. | ||||
* | Teach captiveportal code to use the mac in tables functionality. Change the ↵ | Ermal Luçi | 2009-09-20 | 1 | -8/+4 |
| | | | | default ruleset to reflect this. | ||||
* | It seems upon captive portal startup the captiveportal.db file is not ↵ | Scott Ullrich | 2009-09-17 | 1 | -0/+3 |
| | | | | written out until the /etc/rc.prunecaptiveportal script is run. If the Operator decides to visit status -> captive portal right after enabling the service they will be greated with some nasty nasty errors. Silence this nonsense by creating a blank captiveportal.db file right after nuking it. | ||||
* | Return NULL when captive portal is not enabled | Scott Ullrich | 2009-09-17 | 1 | -1/+1 |
| | |||||
* | Do not process IPFW rules if captive portal is disabled. | Scott Ullrich | 2009-09-17 | 1 | -1/+2 |
| | |||||
* | Fix multiple radius server handling. | Ermal Luçi | 2009-09-14 | 1 | -18/+8 |
| | |||||
* | Before configuring CP make sure that all interfaces are not set for ↵ | Ermal Luçi | 2009-09-13 | 1 | -1/+4 |
| | | | | filtering with ipfw. Otherwise some wrong misconfigurations might happen when changing the interface on an active CP config. | ||||
* | Flush all tables when restarting/saving a CP configuration. | Ermal Luçi | 2009-09-13 | 1 | -1/+2 |
| | |||||
* | Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions | Scott Ullrich | 2009-09-12 | 1 | -4/+9 |
| | |||||
* | Spelling and comment formatting changes, no code changes. | stompro | 2009-09-08 | 1 | -8/+10 |
| | |||||
* | Correct typo. Reported-by: ↵ | Ermal Luçi | 2009-09-05 | 1 | -1/+1 |
| | | | | stompro(forums:http://forum.pfsense.org/index.php/topic,18841.0.html) | ||||
* | Merge branch 'master' of git://rcs.pfsense.org/pfsense/nigel-ca-chain into ↵ | Scott Ullrich | 2009-08-24 | 1 | -4/+4 |
|\ | | | | | | | | | | | | | | | review/master Conflicts: etc/inc/certs.inc etc/inc/upgrade_config.inc | ||||
| * | Added a missing argument in the lighty configuration for captive portal. | Nigel Graham | 2009-05-26 | 1 | -2/+2 |
| | | |||||
| * | Added support for certificate chains to manager so that lighty can deliver ↵ | Nigel Graham | 2009-05-24 | 1 | -2/+2 |
| | | | | | | | | them via SSL. | ||||
* | | Add my copyright. | Ermal Luçi | 2009-08-14 | 1 | -0/+1 |
| | | |||||
* | | Forgotten increase of the limit. | Ermal Luçi | 2009-08-14 | 1 | -1/+1 |
| | | |||||
* | | * Convert captive portal rules to use tables. This reduces the number of ↵ | Ermal Luçi | 2009-08-14 | 1 | -96/+88 |
| | | | | | | | | | | | | | | | | | | | | rules ALOT. * Make the peruserbw setting use tables also by taking advantage of the tablearg option. * Convert statistics to use the new improvements of ipfw tables merged previously. * Make the limit of users allowed around 25000 instead of 9999 of before. NOTE: The only thing remaining for full optimization on ipfw(4) side is converting passthrumac and layer2 secure rules to tables aswell. | ||||
* | | Use ipfw tables for allowed ips. This reduces the number of rules needed for ↵ | Ermal Luçi | 2009-08-13 | 1 | -53/+41 |
| | | | | | | | | them and speedups things when this list is big. This simplifies even deleteing an allowed ip from services->captiveportal->allowedips since we just need to remove them from the table. | ||||
* | | Fix some logic on enabling or disabling ipfw filtering on interfaces. | Ermal Luçi | 2009-08-12 | 1 | -2/+5 |
| | | |||||
* | | Readd rule since it makes the policy easier to read. | Ermal Luçi | 2009-08-12 | 1 | -0/+1 |
| | | |||||
* | | Reduce some unneeded overhead in CP generated ipfw rules. | Ermal Luçi | 2009-08-11 | 1 | -30/+4 |
| | |