summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Don't remove all of /usr/local/libdata as obsolete files. User-installedRELENG_2_2_2Chris Buechler2015-04-131-1/+0
| | | | package contents may live there, factory default configs live there.
* Only initialize package's log if it doesn't existRobert Nelson2015-04-131-1/+2
|
* Remove obsolete logging code which is duplicated in system_syslogd_start()Robert Nelson2015-04-131-4/+0
|
* bump to 2.2.2-RELEASEChris Buechler2015-04-121-1/+1
|
* Setup ADI boards to boot only using serial to avoid duplicated output when ↵Renato Botelho2015-04-101-4/+14
| | | | VGA redirection is enabled
* Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564Chris Buechler2015-04-091-1/+7
|
* Allow disabling the APIPA block via hidden config option. Very rarely ↵Chris Buechler2015-04-081-2/+8
| | | | necessary or desirable, but Amazon VPC VPNs use that as their tunnel subnet with BGP setups.
* Only restore rrd.tgz where platform is appropriate, or RAM disk beingChris Buechler2015-04-081-2/+2
| | | | used, otherwise you're restoring a probably old backup file. Ticket #4531
* Add Super Micro C2758 to the list of known platformsRenato Botelho2015-04-061-1/+4
|
* small correction of relative paths to iconsdneuhaeuser2015-04-061-3/+3
|
* Few minor text typosPhil Davis2015-04-061-2/+2
| | | | | | Note that advertise is spelt with an "s" in other places in the GUI, so making it consistent in services_ntpd - but maybe Americans do spell it "advertize" these days?
* Include additional subnets for RAs in radvd.conf. Ticket #4468Chris Buechler2015-04-041-1/+36
|
* Fix up Ticket #4504 implementation. Match config style with other areas. Use ↵Chris Buechler2015-04-042-9/+6
| | | | a config setting to disable, rather than enable, this functionality since it's enabled by default so the tag isn't necessary in the default config. Remove now unnecessary config upgrade code.
* fix type. Ticket #4504Chris Buechler2015-04-041-1/+1
|
* Remove array_intersect_key here too, definitely not needed. add to ↵Chris Buechler2015-04-042-67/+1
| | | | obsoletedfiles
* uploadbar dir no longer neededChris Buechler2015-04-041-4/+0
|
* Prevent empty addresses for being put in the ruleset. Ticket #4564Ermal LUÇI2015-04-031-0/+3
|
* Ticket #4504 actually make it correctErmal LUÇI2015-04-031-1/+3
|
* Upgraded configurations should keep the default configuration of bypassing ↵Ermal LUÇI2015-04-031-0/+2
| | | | lan from ipsec. Ticket #4504
* Fixes #4504 Provide a newline to generate proper configErmal LUÇI2015-04-031-0/+1
|
* Fixes #4504 Allow the bypass policy for LAN to be enabled and prevent ↵Ermal LUÇI2015-04-031-0/+19
| | | | traffic sent to lan ip to go to the ipsec tunnel
* Only use mobile clients PFS config with mobile ph2ent. Ticket #4538Chris Buechler2015-04-031-1/+1
|
* disable SSL validation for selfhost since it fails. Ticket #4545Chris Buechler2015-04-031-0/+1
|
* enable ike_name for daemon facility as well, to add connection identifiers ↵Chris Buechler2015-04-021-0/+1
| | | | to logs.
* Use real interface here for dhcrelay v6. Ticket #4572Chris Buechler2015-04-021-2/+2
|
* 0 could be valid for hostname aliases too. Ticket #4573Chris Buechler2015-04-021-1/+1
|
* Don't omit hosts specified as "0". Ticket #4573Chris Buechler2015-04-021-2/+2
|
* Bug #4566 Only route-to a gateway if it is not force_downPhil Davis2015-04-021-1/+1
| | | | When generating policy-routing rules there was no check if a gateway had force-down set, so gateway with force_down set would still get policy-routing rules written for it, even if skip_rules_gw_down was enabled.
* call this RCC-VE rather than C2358Chris Buechler2015-03-311-2/+2
|
* Add a check for whether IPsec is enabled, so it doesn't spit out "IPsecChris Buechler2015-03-311-4/+8
| | | | daemon not running or has a problem!" when IPsec isn't enabled.
* Merge manually pull request #1593Ermal LUÇI2015-03-311-1/+2
|
* Remove wireless cards from ALTQ-capable interfaces, since ALTQ is broken on ↵Chris Buechler2015-03-281-4/+5
| | | | wlandev in FreeBSD 10.x at the moment. Ticket #4406
* add missing )Chris Buechler2015-03-261-1/+1
|
* Include net.key.preferred_oldsa in the sysctl list, set to 0 (disable) soChris Buechler2015-03-261-0/+1
| | | | it doesn't fall through to the default (1).
* Always include general setup DNS servers in unbound.confPhil Davis2015-03-261-6/+6
| | | | | | | | | | | | when forwarding mode is on. The General Setup setting "Allow DNS server list to be overridden by DHCP/PPP on WAN" has always been used in dnsmasq to ADD DHCP/PPP provided DNS servers to the list, while also keeping the DNS servers specified in General Setup. That behavior is needed if: 1) WAN1 static IP with upstream DNS server/s specified in General Setup and selecting the WAN1 gateway. WAN2 uses DHCP, DNS server received by DHCP from upstream. The user needs to tick "Allow DNS server list to be overridden by DHCP/PPP on WAN" to get the WAN2 DNS server to be used, but also wants the DNS server from General Setup to also be used. 2) WAN1 static IP, DNS server/s specified in General Setup. For whatever reason the user has also ticked "Allow DNS server list to be overridden by DHCP/PPP on WAN". In actual fact there are no WAN-style interfaces set to DHCP, so "allowing to be overridden" should not come into effect anyway - the DNS servers in General Setup should be used. 3) WAN1 DHCP, but the upstream DHCP does not give out any DNS server/s. "Allow DNS server list to be overridden by DHCP/PPP on WAN" is ticked. Again there are no DNS servers received via DHCP, so any "override" should not be invoked. In all cases, it turns out that actually we want any General Setup DNS servers to be included in the DNS forwarder/resolver conf in addition to whatever (if any) DNS servers happen to be provided from a DHPC-WAN. This change makes unbound behave that way - the same as dnsmasq already does.
* Only list nameservers once in resolv.confPhil Davis2015-03-261-3/+5
| | | | | | | | I was on a test system and had an upstream DNS server IP specified in System-General Setup. WAN was setup with a static IP and a gateway to that upstream device. All good. Then I also checked "Allow DNS server list to be overridden by DHCP/PPP on WAN" and changed WAN to be DHCP. It received by DHCP the same DNS server IP that already happened to be in General Setup (and the same gateway IP - not the issue here). /var/etc/resolv.conf had the name server line twice with the same IP address - once from the DHCP acquired data, and once from the General Setup data. I don't think it broke anything, but it does look odd. This change makes sure that DNS servers from General Setup are only added to resolv.conf when they are not already there.
* Eliminate the "this_device" test from the resync check in rc.openvpn.jim-p2015-03-251-8/+4
| | | | | | It is not necessary to check, as the only times a gateway event should trigger the VPN to restart are when the current and new devices differ. This also allows us to simplify the code a bit and eliminate some single-use variables. See the discussion at https://github.com/pfsense/pfsense/commit/4aefcf915112b38784b06abc8dd9a26d9a4960b3
* The logic of this test seems to be incorrect.jim-p2015-03-241-1/+2
| | | | | If the interface is the same, this test will fail, and that's the one case that should not need a resync. The logic in this test has been flipped and reversed a few times over the years and without comments it's difficult to discern its true purpose.
* Be consistent about Unbound service descriptive namePhil Davis2015-03-231-1/+1
| | | | | | | | | | | | Forum: https://forum.pfsense.org/index.php?topic=91075.0 For DNS Forwarder (dnsmasq) 1) dnsmasq is the name of the service 2) DNS Forwarder is the text description Make Unbound consistent with that, so that menu names and services status display and... work in the same way: 1) unbound is the name of the service 2) DNS Resolver is the text description
* Use `none` instead of a whitespace in sshd_configJose Luis Duran2015-03-201-2/+2
| | | | Use the `none` keyword instead of a whitespace to disable the FreeBSD version in sshd_config.
* Add option for wireless standard "auto", to omit "mode" entirely from ↵Chris Buechler2015-03-181-4/+10
| | | | ifconfig. This shouldn't be necessary, but specifying mode has proven to trigger driver problems that don't exist if it's left unspecified (such as FreeBSD PR 198680). Chosing "auto" fixes ath(4) BSS mode issues otherwise preventing it from connecting.
* Bump version to 2.2.2-DEVELOPMENTRenato Botelho2015-03-181-1/+1
|
* Use subnet address in OPT net rulesPhil Davis2015-03-161-9/+11
| | | | | | | | | Example: LAN IP 10.0.1.1/24 OPT1 IP 10.0.2.1/24 Rules with SRC or DST LANnet correctly have 10.0.0.0/24 (the subnet base address) in /tmp/rules.debug Rules with SRC or DST OPT1net have 10.0.2.1/24 (the OPT1 IP address with OPT1 net mask) in /tmp/rules.debug It still works (I think) because actually 10.0.2.1/24 and 10.0.2.0/24 interpreted as a subnet still describes the same set of IP addresses, but it looks odd, as reported by: https://forum.pfsense.org/index.php?topic=90096.msg498474#msg498474 Same issue with IPv6 for OPT1net rules. This fixes the rule generation to that OPT1net uses the base subnet address in the rule, in the same way that LANnet and WANnet does.
* It's time for 2.2.1-RELEASERELENG_2_2_1Renato Botelho2015-03-131-1/+1
|
* txpower was disabled for good reason it would appear, it triggers syntax ↵Chris Buechler2015-03-131-1/+3
| | | | errors in some configurations. Disable it again since it's been disabled for years, and comment out the user-facing config portion for now since it doesn't do anything. Ticket #4516
* add missing double == in ipsec.incChris Buechler2015-03-121-1/+1
|
* Missin double equals in captiveportal.incPhil Davis2015-03-121-1/+1
| | | | | | Looking at where this is nested inside various if statements, I do not think this error did too much harm - only to the $mac['descr'] - in this particular code flow $username is not used for important stuff after this point. Conflicts: etc/inc/captiveportal.inc
* Set txpower since that seems to work fine now. Explicitly set authmode wpa ↵Chris Buechler2015-03-121-2/+5
| | | | here, though it's also handled by the supplicant/authenticator. Ticket #4516
* Do not start filterdns during boot until a proper fix is done. Ticket #4296Renato Botelho2015-03-122-18/+22
|
* If we bail not being able to find the P1 source, log an error.Chris Buechler2015-03-121-1/+3
|
OpenPOWER on IntegriCloud