summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* 3652 days worth is a too much. Scale it back to more reasonable 1.25 x ↵N0YB2013-07-191-26/+26
| | | | maximum used data (2284 days).
* Handle IPv6 in ip_in_interface_alias_subnet()jim-p2013-07-191-1/+2
|
* Minimize inclusion of bogonsv6Phil Davis2013-07-191-3/+18
| | | | | If "Allow IPv6" is on, but actually there is no enabled interface with "Block bogon networks" enabled, then we also do not need to include the bogonsv6 table into pf. This allows some more flexibility for users to leave "Allow IPv6" checked, but still not use up memory for bogonsv6.
* Disable the BEAST protection by default because the GUI *will* break if you ↵jim-p2013-07-181-2/+21
| | | | use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.
* Sync p0f database for OS detection w/current file from FreeBSDjim-p2013-07-171-3/+11
|
* Don't blow up the config if someone enters int'l chars in an LDAP ↵jim-p2013-07-171-2/+14
| | | | attribute/DN field. Ticket #2227
* Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. ↵jim-p2013-07-171-5/+19
| | | | While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted.
* Call interface_ipalias_cleanup() after $interface is initialized, and get ↵Renato Botelho2013-07-161-4/+8
| | | | current IP after it
* Add an RRD graph for MBUFs under system. Tweaks welcome.jim-p2013-07-161-0/+39
|
* Don't generate reflection rules if reflection is disabled for that rule.jim-p2013-07-161-13/+14
|
* Do not break ppp type interfaces on v6Ermal2013-07-161-0/+9
|
* For ppp interfaces the real interface is not present anymore in the xml ↵Ermal2013-07-161-4/+18
| | | | config section of the interface. Due to this do some more work on extracting the real interface when ipv4 is pppoe/ppp/... and ipv6 configuration files will use the wrong interface to request information from provider. Reported-by: http://forum.pfsense.org/index.php/topic,64483.0.html
* Enable filtering on ipfw sysctl not dependent on ipfw module otherwise issue ↵Ermal2013-07-151-2/+2
| | | | reported here http://forum.pfsense.org/index.php/topic,64412.0.html happens
* Ignore errors/warnings from these callsErmal2013-07-151-6/+6
|
* Merge pull request #683 from dhatz/RELENG_2_1Jim P2013-07-141-1/+2
|\ | | | | support mitigating BEAST attack, see http://forum.pfsense.org/index.php/topic,63001.0.html
| * support mitigating BEAST attackdhatz2013-07-011-1/+2
| | | | | | | | | | | | | | | | | | According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30 "...by setting ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" you can mitigate BEAST attacks."
* | services_dhcrelay6_configure developerspew debug text fixPhil Davis2013-07-141-1/+1
| |
* | Start DHCrelay6 on bootPhil Davis2013-07-141-0/+3
| |
* | Correctly decide if dhcrelay is enabledPhil Davis2013-07-141-6/+1
| |
* | Teach service start stop restart about dhcrelay6Phil Davis2013-07-131-0/+25
| |
* | Consistent dhcrelay6 pid file locationPhil Davis2013-07-131-1/+1
| |
* | Fix #3091, fix bad var assignmentRenato Botelho2013-07-131-1/+1
| |
* | Move variable declaration to the top, declare it global before defining. ↵jim-p2013-07-111-11/+13
| | | | | | | | Fixes #3090
* | Remove irrelevant comment.jim-p2013-07-111-15/+0
| |
* | Fix copy/pasto introduced in previous commit.Ermal Luçi2013-07-111-2/+2
| |
* | Add support for custom IPv6 DDNS.Daniel Becker2013-07-102-3/+10
| |
* | Change separator as per JimP's request.Daniel Becker2013-07-101-3/+3
| |
* | Clean up HE.net AAAA backend support.Daniel Becker2013-07-101-122/+51
| |
* | Add backend support for HE.net AAAA record updates.Daniel Becker2013-07-102-3/+118
| | | | | | | | | | Defines a new DynDNS provider 'he-net-v6' for updating AAAA entries on dns.he.net.
* | Don't automatically add hidden rules to pass all IPv6 traffic to/from ↵jim-p2013-07-101-18/+0
| | | | | | | | delegated prefixes. Default IPv6 from LAN -> any rule covers outbound properly as-is, and WAN rules shouldn't pass in that permissively. Also the prefix length calculation was off and the LAN rule(s) would be too permissive anyhow.
* | Implement proper releasing of pipes allocated based on CPzone. Keep track of ↵Ermal2013-07-101-5/+25
| | | | | | | | which zone a pipe is and release those pipes during disabling/deleting of zone. Ticket #3062, Pull request #698
* | Use empty to cover all needed cases as suggested on #3062. Suggested from ↵Ermal2013-07-101-1/+2
| | | | | | | | pull request #698
* | Add independent logging choices to disable logging of bogon network rules ↵jim-p2013-07-094-11/+36
| | | | | | | | and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
* | Fix typo in filter.inc. Fixes #3028.Daniel Becker2013-07-071-1/+1
| | | | | | | | | | | | Due to the typo, FilterIfList never got a 'track6-interface' entry, which in turn prevented the DHCP6-related pass rules from being generated for the LAN interface.
* | Update services.incplinss2013-07-051-2/+1
| | | | | | | | Turn on AdvManagedFlag and AdvOtherConfigFlag for both 'managed' and 'assist' ramodes.
* | Actually do this upon entering to get proper ipErmal2013-07-051-1/+3
| |
* | Fixes #2495. On trigering of rc.newwanip remove all ipaliases from the ↵Ermal2013-07-052-0/+16
| | | | | | | | interface since they will be readded later on. This will also make sure to have the correct address order
* | When a CARP VIP transitions to master, we need to bump servers also, ↵jim-p2013-07-051-0/+8
| | | | | | | | otherwise a transition from disabled or init may not properly (re)attach to the IP address.
* | Correct DHCPv6 rules test to also include a check for DHCPv6 relay. Fixes #3074jim-p2013-07-051-1/+2
| |
* | Remove useless codeRenato Botelho2013-07-051-3/+0
| |
* | Resolves #2910. Make apinger write its status file just after starting so ↵Ermal2013-07-051-0/+2
| | | | | | | | that thing work as expected
* | Remove duplicated line that makes dhcp6c not run correctlyErmal2013-07-041-1/+0
| |
* | Do not reconfigure dhcp v6 on v4 ip address event. Only handle 6rd and 6to4 ↵Ermal2013-07-041-4/+0
| | | | | | | | while the former is questionable if needed
* | Copy/pasto does well up to some pointErmal2013-07-041-6/+4
| |
* | On every ip change renew the hosts fileErmal2013-07-041-2/+1
| |
* | Omit IP warning if HTTP_REFERER check is disabled.Matt Smith2013-07-031-1/+1
| |
* | Enforce the checking of booting up for linkup eventsErmal2013-07-031-3/+1
| |
* | modified radius function to release the pinenofalbertopl2013-07-031-3/+5
| | | | | | | | modified radius function to release the pinene if the client is not authenticated properly, and modified function captiveportal_get_next_dn_ruleno to initially takes the value 2000 for the first pipeno.
* | Include both dyndns and rfc2136 hosts in referer checkjim-p2013-07-021-0/+16
| |
* | Include RFC2136 hosts in DNS rebinding checks.jim-p2013-07-021-0/+7
| |
OpenPOWER on IntegriCloud