Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Move main pfSense content to src/ | Renato Botelho | 2015-08-25 | 71 | -79274/+0 |
| | |||||
* | Get rid of NT-hash crap | Jim Thompson | 2015-08-25 | 1 | -3/+1 |
| | |||||
* | Fix handling of the description in the shaper code. | jim-p | 2015-08-24 | 1 | -4/+4 |
| | |||||
* | Replace php calls to php-cgi, binary is not being renamed anymore | Renato Botelho | 2015-08-20 | 7 | -9/+9 |
| | |||||
* | Properly declare an error when a too-short voucher is submitted. | jim-p | 2015-08-18 | 1 | -0/+3 |
| | |||||
* | Don't lowercase the whole group name | jim-p | 2015-08-12 | 1 | -2/+2 |
| | |||||
* | Fix GUI auth from RADIUS to grab group names from the Class attribute. ↵ | jim-p | 2015-08-12 | 4 | -5/+28 |
| | | | | | | Implements #935 The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups. | ||||
* | only read file if it exists, and only foreach if an array. | Chris Buechler | 2015-08-03 | 1 | -9/+13 |
| | |||||
* | Merge pull request #1804 from phil-davis/bogons-not-exists | Renato Botelho | 2015-08-03 | 1 | -5/+9 |
|\ | |||||
| * | Allow to create empty bogons on nanoBSD | Phil Davis | 2015-07-30 | 1 | -5/+9 |
| | | | | | | | | | | | | | | If for some reason the bogons file/s do not exist then this code creates empty ones before making any use of them in the rule set. On nanoBSD this can fail if the file system is mount RO. Protect against this possibility by use conf_mount_rw and conf_mount_ro | ||||
* | | Drop support for jail platform | Renato Botelho | 2015-07-31 | 7 | -65/+11 |
| | | |||||
* | | Do not try to use a variable that is not set yet | Renato Botelho | 2015-07-31 | 1 | -1/+1 |
| | | |||||
* | | Remove extra parenthesis | Renato Botelho | 2015-07-31 | 1 | -2/+2 |
| | | |||||
* | | Add UUID to pkg user agent | Renato Botelho | 2015-07-31 | 1 | -4/+14 |
| | | |||||
* | | Define HTTP_USER_AGENT for pkg calls | Renato Botelho | 2015-07-31 | 1 | -0/+2 |
| | | |||||
* | | Introduce a new item to $g global, 'product_version' and stop reading ↵ | Renato Botelho | 2015-07-31 | 3 | -10/+9 |
| | | | | | | | | /etc/version all around | ||||
* | | remove the destination server's interface(s) from dhcrelay. Ticket #4908 | Chris Buechler | 2015-07-30 | 1 | -135/+6 |
| | | |||||
* | | This is handled above now. | jim-p | 2015-07-30 | 1 | -1/+0 |
| | | |||||
* | | More safety belts on CP DB open | jim-p | 2015-07-30 | 1 | -0/+13 |
| | | |||||
* | | Remove unused ftmp references | Renato Botelho | 2015-07-30 | 1 | -1/+0 |
| | | |||||
* | | Take more care when attempting to open the CP database. Don't assume it's ↵ | jim-p | 2015-07-30 | 1 | -0/+10 |
| | | | | | | | | valid before attempting to use it. | ||||
* | | Reinitialize the captive portal database for a zone if it is ↵ | jim-p | 2015-07-30 | 1 | -10/+24 |
|/ | | | | corrupt/unreadable. Fixes #4904 | ||||
* | remove old unused nopccard_platforms | Chris Buechler | 2015-07-29 | 1 | -1/+0 |
| | | | | | Conflicts: etc/inc/globals.inc | ||||
* | Use an alternate method to find VIP targets that should be allowed for ↵ | jim-p | 2015-07-29 | 2 | -20/+14 |
| | | | | Captive Portal. Fixes #4903 | ||||
* | Merge pull request #1797 from phil-davis/patch-10 | Renato Botelho | 2015-07-27 | 1 | -1/+1 |
|\ | |||||
| * | Strip any \r when parsing URL table ports file | Phil Davis | 2015-07-27 | 1 | -1/+1 |
| | | | | | | | | If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code here ends up with ports that look like "80\r" "443\r" ... and group_ports() does not match any of those and the final file ends up empty. That seems a shame just because the file was made in some editor that put "\r\n" line breaks. I messed about for a while trying to make my URL table ports alias work until I realized this. This change first strips out any "\r" from the string, thus making it work with files that have either pure "\n" line breaks or "\r\n" line breaks. | ||||
* | | Fix typo in variable name, spotted by Phil Davis | Renato Botelho | 2015-07-27 | 1 | -1/+1 |
|/ | |||||
* | Consider url_port alias type when checking port-type aliases V2 | Phil Davis | 2015-07-27 | 1 | -1/+1 |
| | | | | This time I have typed url_ports correctly. | ||||
* | add a check to avoid foreach on non-array | Chris Buechler | 2015-07-27 | 1 | -0/+4 |
| | |||||
* | Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to ↵ | Chris Buechler | 2015-07-25 | 1 | -0/+13 |
| | | | | | | | retain previous behavior. Conflicts: etc/inc/upgrade_config.inc | ||||
* | Change the log for CRLs with no data (exists but no certs revoked) to a ↵ | Chris Buechler | 2015-07-25 | 1 | -1/+1 |
| | | | | warning since it's not technically an error. | ||||
* | Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵ | Chris Buechler | 2015-07-25 | 2 | -1/+4 |
| | | | | | | | don't want to check peer ID. Conflicts: usr/local/www/vpn_ipsec_phase1.php | ||||
* | Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 ! | Chris Buechler | 2015-07-23 | 1 | -2/+3 |
| | | | | logic gets ugly. | ||||
* | change iketype auto to ikev2 on upgrade. Ticket #4873 | Chris Buechler | 2015-07-23 | 1 | -0/+5 |
| | |||||
* | Remove "auto", it's just a synonym for IKEv2. Ticket #4873 | Chris Buechler | 2015-07-23 | 1 | -3/+1 |
| | | | | | Conflicts: usr/local/www/vpn_ipsec_phase1.php | ||||
* | include vpn.inc so IPsec CRL reload works. require_once filter.inc in | Chris Buechler | 2015-07-23 | 1 | -0/+1 |
| | | | | vpn.inc for callers there that haven't already included it. | ||||
* | make the IPsec bypass LAN from LAN subnet to LAN subnet rather than from | Chris Buechler | 2015-07-22 | 1 | -1/+1 |
| | | | | | LAN subnet to LAN IP. Same end result except it'll work for VIPs on same interface now. | ||||
* | Add IPsec advanced option for strict CRL checking | Chris Buechler | 2015-07-22 | 1 | -0/+4 |
| | |||||
* | write out built-in CRLs for strongswan | Chris Buechler | 2015-07-22 | 1 | -2/+18 |
| | |||||
* | Merge pull request #1770 from phil-davis/patch-1 | Chris Buechler | 2015-07-21 | 1 | -0/+10 |
|\ | |||||
| * | Unset old CA and Cert in left system config | Phil Davis | 2015-07-21 | 1 | -0/+8 |
| | | | | | | Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset them. That will tidy up old configs that had the conversion done originally but these old sections were left behind. | ||||
| * | Unset old CA and Cert in system config | Phil Davis | 2015-07-21 | 1 | -0/+2 |
| | | | | | | | | | | This looked odd. Why would we leave behind the old "ca" and "cert" section in $config["system"]? I guess it would do no harm, but seems confusing for the future to have some unused entries like this remaining in the config. Should a piece of code be put into the latest upgrade function to clean out these in any current config? | ||||
* | | Merge pull request #1771 from phil-davis/patch-2 | Renato Botelho | 2015-07-21 | 1 | -3/+4 |
|\ \ | |||||
| * | | Allocate dnpipe and dnqueue numbers even if no filter rules | Phil Davis | 2015-07-21 | 1 | -3/+4 |
| |/ | | | | | It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this code that sets dnpipe and dnqueue numbers should execute anyway. | ||||
* | | Captive Portal zoneid upgrade fix var name typo | Phil Davis | 2015-07-21 | 1 | -1/+1 |
|/ | | | With the typo, this empty() test would always have been true. So maybe on upgrade some existing captive portal zoneid values have been getting overwritten by this even number counter? Or? | ||||
* | Merge pull request #1738 from phil-davis/Static-Routes | Renato Botelho | 2015-07-18 | 1 | -5/+5 |
|\ | |||||
| * | Fix #4813 validation of enable/disable of gateways and static routes | Phil Davis | 2015-07-05 | 1 | -5/+5 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) A disabled gateway can always be enabled - no extra validation needed. 2) When disabling an enabled gateway, check to see that the gateway is not used in any gateway group or enabled static route (similar tests to what is already checked before deleting a gateway). 3) A static route can always be disabled - no extra checks needed. 4) When enabling a static route, check that the selected gateway is enabled - you cannot have a static route enabled on a disabled gateway. 5) Do the address family cross-check between static route and gateway even when the static route is disabled - we do not want to save mismatched IP address families in any case. This covers all the cases I can see to ensure that the enable/disable status combinations of Gateways and Static Routes is always valid. | ||||
* | | Merge pull request #1763 from doktornotor/patch-4 | Renato Botelho | 2015-07-18 | 1 | -4/+4 |
|\ \ | |||||
| * | | Add labels to some default firewall rules | doktornotor | 2015-07-18 | 1 | -4/+4 |
| | | | | | | | | | ... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers. This is for master branch. | ||||
* | | | Merge pull request #1759 from phil-davis/patch-2 | Renato Botelho | 2015-07-18 | 1 | -1/+2 |
|\ \ \ | |/ / |/| | |