Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | 3652 days worth is a too much. Scale it back to more reasonable 1.25 x ↵ | N0YB | 2013-07-19 | 1 | -26/+26 |
| | | | | maximum used data (2284 days). | ||||
* | Handle IPv6 in ip_in_interface_alias_subnet() | jim-p | 2013-07-19 | 1 | -1/+2 |
| | |||||
* | Minimize inclusion of bogonsv6 | Phil Davis | 2013-07-19 | 1 | -3/+18 |
| | | | | | If "Allow IPv6" is on, but actually there is no enabled interface with "Block bogon networks" enabled, then we also do not need to include the bogonsv6 table into pf. This allows some more flexibility for users to leave "Allow IPv6" checked, but still not use up memory for bogonsv6. | ||||
* | Disable the BEAST protection by default because the GUI *will* break if you ↵ | jim-p | 2013-07-18 | 1 | -2/+21 |
| | | | | use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected. | ||||
* | Sync p0f database for OS detection w/current file from FreeBSD | jim-p | 2013-07-17 | 1 | -3/+11 |
| | |||||
* | Don't blow up the config if someone enters int'l chars in an LDAP ↵ | jim-p | 2013-07-17 | 1 | -2/+14 |
| | | | | attribute/DN field. Ticket #2227 | ||||
* | Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. ↵ | jim-p | 2013-07-17 | 1 | -5/+19 |
| | | | | While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted. | ||||
* | Call interface_ipalias_cleanup() after $interface is initialized, and get ↵ | Renato Botelho | 2013-07-16 | 1 | -4/+8 |
| | | | | current IP after it | ||||
* | Add an RRD graph for MBUFs under system. Tweaks welcome. | jim-p | 2013-07-16 | 1 | -0/+39 |
| | |||||
* | Don't generate reflection rules if reflection is disabled for that rule. | jim-p | 2013-07-16 | 1 | -13/+14 |
| | |||||
* | Do not break ppp type interfaces on v6 | Ermal | 2013-07-16 | 1 | -0/+9 |
| | |||||
* | For ppp interfaces the real interface is not present anymore in the xml ↵ | Ermal | 2013-07-16 | 1 | -4/+18 |
| | | | | config section of the interface. Due to this do some more work on extracting the real interface when ipv4 is pppoe/ppp/... and ipv6 configuration files will use the wrong interface to request information from provider. Reported-by: http://forum.pfsense.org/index.php/topic,64483.0.html | ||||
* | Enable filtering on ipfw sysctl not dependent on ipfw module otherwise issue ↵ | Ermal | 2013-07-15 | 1 | -2/+2 |
| | | | | reported here http://forum.pfsense.org/index.php/topic,64412.0.html happens | ||||
* | Ignore errors/warnings from these calls | Ermal | 2013-07-15 | 1 | -6/+6 |
| | |||||
* | Merge pull request #683 from dhatz/RELENG_2_1 | Jim P | 2013-07-14 | 1 | -1/+2 |
|\ | | | | | support mitigating BEAST attack, see http://forum.pfsense.org/index.php/topic,63001.0.html | ||||
| * | support mitigating BEAST attack | dhatz | 2013-07-01 | 1 | -1/+2 |
| | | | | | | | | | | | | | | | | | | According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30 "...by setting ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" you can mitigate BEAST attacks." | ||||
* | | services_dhcrelay6_configure developerspew debug text fix | Phil Davis | 2013-07-14 | 1 | -1/+1 |
| | | |||||
* | | Start DHCrelay6 on boot | Phil Davis | 2013-07-14 | 1 | -0/+3 |
| | | |||||
* | | Correctly decide if dhcrelay is enabled | Phil Davis | 2013-07-14 | 1 | -6/+1 |
| | | |||||
* | | Teach service start stop restart about dhcrelay6 | Phil Davis | 2013-07-13 | 1 | -0/+25 |
| | | |||||
* | | Consistent dhcrelay6 pid file location | Phil Davis | 2013-07-13 | 1 | -1/+1 |
| | | |||||
* | | Fix #3091, fix bad var assignment | Renato Botelho | 2013-07-13 | 1 | -1/+1 |
| | | |||||
* | | Move variable declaration to the top, declare it global before defining. ↵ | jim-p | 2013-07-11 | 1 | -11/+13 |
| | | | | | | | | Fixes #3090 | ||||
* | | Remove irrelevant comment. | jim-p | 2013-07-11 | 1 | -15/+0 |
| | | |||||
* | | Fix copy/pasto introduced in previous commit. | Ermal Luçi | 2013-07-11 | 1 | -2/+2 |
| | | |||||
* | | Add support for custom IPv6 DDNS. | Daniel Becker | 2013-07-10 | 2 | -3/+10 |
| | | |||||
* | | Change separator as per JimP's request. | Daniel Becker | 2013-07-10 | 1 | -3/+3 |
| | | |||||
* | | Clean up HE.net AAAA backend support. | Daniel Becker | 2013-07-10 | 1 | -122/+51 |
| | | |||||
* | | Add backend support for HE.net AAAA record updates. | Daniel Becker | 2013-07-10 | 2 | -3/+118 |
| | | | | | | | | | | Defines a new DynDNS provider 'he-net-v6' for updating AAAA entries on dns.he.net. | ||||
* | | Don't automatically add hidden rules to pass all IPv6 traffic to/from ↵ | jim-p | 2013-07-10 | 1 | -18/+0 |
| | | | | | | | | delegated prefixes. Default IPv6 from LAN -> any rule covers outbound properly as-is, and WAN rules shouldn't pass in that permissively. Also the prefix length calculation was off and the LAN rule(s) would be too permissive anyhow. | ||||
* | | Implement proper releasing of pipes allocated based on CPzone. Keep track of ↵ | Ermal | 2013-07-10 | 1 | -5/+25 |
| | | | | | | | | which zone a pipe is and release those pipes during disabling/deleting of zone. Ticket #3062, Pull request #698 | ||||
* | | Use empty to cover all needed cases as suggested on #3062. Suggested from ↵ | Ermal | 2013-07-10 | 1 | -1/+2 |
| | | | | | | | | pull request #698 | ||||
* | | Add independent logging choices to disable logging of bogon network rules ↵ | jim-p | 2013-07-09 | 4 | -11/+36 |
| | | | | | | | | and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty. | ||||
* | | Fix typo in filter.inc. Fixes #3028. | Daniel Becker | 2013-07-07 | 1 | -1/+1 |
| | | | | | | | | | | | | Due to the typo, FilterIfList never got a 'track6-interface' entry, which in turn prevented the DHCP6-related pass rules from being generated for the LAN interface. | ||||
* | | Update services.inc | plinss | 2013-07-05 | 1 | -2/+1 |
| | | | | | | | | Turn on AdvManagedFlag and AdvOtherConfigFlag for both 'managed' and 'assist' ramodes. | ||||
* | | Actually do this upon entering to get proper ip | Ermal | 2013-07-05 | 1 | -1/+3 |
| | | |||||
* | | Fixes #2495. On trigering of rc.newwanip remove all ipaliases from the ↵ | Ermal | 2013-07-05 | 2 | -0/+16 |
| | | | | | | | | interface since they will be readded later on. This will also make sure to have the correct address order | ||||
* | | When a CARP VIP transitions to master, we need to bump servers also, ↵ | jim-p | 2013-07-05 | 1 | -0/+8 |
| | | | | | | | | otherwise a transition from disabled or init may not properly (re)attach to the IP address. | ||||
* | | Correct DHCPv6 rules test to also include a check for DHCPv6 relay. Fixes #3074 | jim-p | 2013-07-05 | 1 | -1/+2 |
| | | |||||
* | | Remove useless code | Renato Botelho | 2013-07-05 | 1 | -3/+0 |
| | | |||||
* | | Resolves #2910. Make apinger write its status file just after starting so ↵ | Ermal | 2013-07-05 | 1 | -0/+2 |
| | | | | | | | | that thing work as expected | ||||
* | | Remove duplicated line that makes dhcp6c not run correctly | Ermal | 2013-07-04 | 1 | -1/+0 |
| | | |||||
* | | Do not reconfigure dhcp v6 on v4 ip address event. Only handle 6rd and 6to4 ↵ | Ermal | 2013-07-04 | 1 | -4/+0 |
| | | | | | | | | while the former is questionable if needed | ||||
* | | Copy/pasto does well up to some point | Ermal | 2013-07-04 | 1 | -6/+4 |
| | | |||||
* | | On every ip change renew the hosts file | Ermal | 2013-07-04 | 1 | -2/+1 |
| | | |||||
* | | Omit IP warning if HTTP_REFERER check is disabled. | Matt Smith | 2013-07-03 | 1 | -1/+1 |
| | | |||||
* | | Enforce the checking of booting up for linkup events | Ermal | 2013-07-03 | 1 | -3/+1 |
| | | |||||
* | | modified radius function to release the pineno | falbertopl | 2013-07-03 | 1 | -3/+5 |
| | | | | | | | | modified radius function to release the pinene if the client is not authenticated properly, and modified function captiveportal_get_next_dn_ruleno to initially takes the value 2000 for the first pipeno. | ||||
* | | Include both dyndns and rfc2136 hosts in referer check | jim-p | 2013-07-02 | 1 | -0/+16 |
| | | |||||
* | | Include RFC2136 hosts in DNS rebinding checks. | jim-p | 2013-07-02 | 1 | -0/+7 |
| | |