summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Use get_failover_interface here to find appropriate interface. Ticket #4482Chris Buechler2015-03-061-3/+4
| | | | | Conflicts: etc/inc/ipsec.inc
* same change as previous commit, for IPv6. Ticket #4482Chris Buechler2015-03-061-1/+7
|
* Use the parent interface, not the _vip for interfaces_use. Part of Ticket #4482Chris Buechler2015-03-061-2/+11
|
* Destroy stf interface when 6rd or 6to4 tunnel is disabled. Fixes #4471Chris Buechler2015-03-051-45/+59
| | | | | Conflicts: etc/inc/interfaces.inc
* Be nicer when checking if alias is numericPhil Davis2015-03-051-6/+6
| | | | | | | Because an ordinary port can be numeric here. Forum https://forum.pfsense.org/index.php?topic=89906.0 Conflicts: etc/inc/util.inc
* Remove the harden-glue option entirely and hard code it to yes. Ticket #4402Chris Buechler2015-03-051-2/+1
|
* Skip any numeric-only aliases in the ruleset to prevent errors from thoseChris Buechler2015-03-042-0/+9
| | | | who configured them on previous versions where that was allowed. Ticket
* Add missing comma. Fixes #4485jim-p2015-03-041-1/+1
|
* Enable UnicastOnly in radvd for ovpn* interfaces. Ticket #4455Chris Buechler2015-03-031-0/+3
|
* Tweak the carp demotion factors slightly to avoid CARP transitions that are ↵jim-p2015-03-031-0/+2
| | | | most likely unnecessary.
* Be safe use require_once in zeromqPhil Davis2015-03-031-1/+1
| | | | | | | | | I was testing code and just doing stuff like: require_once("zeromq.inc"); in Diagnostics->Command Prompt, PHP Execute That brings an error because underneath that PHP Execute code it has already included auth.inc I guess zeromq.inc is used quite separately to the rest of the system, and must be OK just having a "require" here. But it seems safer to always use require_once, just in case it gets called in a new way/sequence. Comments welcome.
* Remove "Prefer old SA" option, and ignore it in all existing configurations. ↵Chris Buechler2015-03-031-10/+0
| | | | Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables.
* Ancient bug on upgrade_014_to_015Phil Davis2015-03-021-1/+1
| | | | | | | | | | | This code looked silly the way it was, with the construct: $var = $var; unset($var); Seems it was accidentally changed to this way many years ago by https://github.com/pfsense/pfsense/commit/588a183b0e58f09932ffef35cc0003cca2313aba IMHO we want to do the conversion to $config['system']['gateway'] here so that later config conversion will then process it as expected. Note that in a current (2.2) config there is not $config['system']['gateway'] but that is switched over later in upgrade_021_to_022 - which switches back to $config['interfaces']['wan']['gateway'] and then later config conversions do their thing with that. I guess this will only effect people who upgrade from some really old config (or monowall?)
* Fix type (trime->trim)jim-p2015-02-261-1/+1
|
* interface_netgraph_needed can miss setting found equals truePhil Davis2015-02-261-1/+2
| | | | | | | This routine seems to go looking to see if the passed-in interface is PPP-style. At the end, if it is not PPP-style then it calls pfsense_ngctl_detach. This foreach loop in its current state will always exit after the first iteration that is not mode "server". But it looks like it should look through all the 'pppoe' entries until it finds the interface or gets to the end. In theory the code will sometimes miss setting $found = true when it should have. And thus pfsense_ngctl_detach would get called later for a PPP-style interface. I noticed this while reviewing for code style guide - it is an example where the indenting shows the intention but there are no curlies to implement it.
* remove unused legacy codeChris Buechler2015-02-261-6/+0
|
* Log ifconfig commands used to setup wireless interfacesChris Buechler2015-02-261-0/+7
|
* Put the bits to use the new reset utilityErmal LUÇI2015-02-251-0/+4
|
* Ticket #4418 Actually make each entry a clear token to strongswan parser for ↵Ermal LUÇI2015-02-251-2/+3
| | | | dns_split
* Ticket #4418 make sure the dns_split is separated with spaces rather than ↵Ermal LUÇI2015-02-251-7/+0
| | | | space or comma to comply with strongswan requirements.
* Ticket #4418 Make the DNS names attr 28675 space separated as identified by ↵Ermal LUÇI2015-02-251-1/+16
| | | | Jeffrey Dvornek
* remove old, unused codeChris Buechler2015-02-251-2/+0
|
* Initialize var and move unset outside the loopRenato Botelho2015-02-241-1/+3
|
* Do not request prefix delegation if no tracking interfaces are setup tok-paulius2015-02-241-14/+17
| | | | use it. Ticket #4436
* Handle reverse lookup domain overridesPhil Davis2015-02-241-6/+22
| | | | | | | | that match exactly a whole block of private address space. e.g. if the user has checked "Do not forward private reverse lookups" and also adds adds a domain override that matches a whole block of private address space, such as: 10.in-addr.arpa -> 10.42.1.1 then we want all reverse lookups in the "10" network to be referred to their DNS server at 10.42.1.1 and reverse lookups of other private addresses to immediately return NXDOMAIN. Without this change, those referrals were not happening, because there was a "-server=10.in-addr.arpa" to nowhere put on the command line and that was effectively overriding the user-specified domain override!
* Fix PTR records for aliases in host overridesLorenz Schori2015-02-241-2/+2
|
* Preserve "add routers" value across loop for each interfacePhil Davis2015-02-231-2/+3
| | | | | | | | | | | Forum: https://forum.pfsense.org/index.php?topic=89302.0 If the user put "none" in the 'gateway' field for the DHCP settings of an interface, that would set $add_routers to false at line 742. Coming around the loop again for a subsequent interface, and going through the else line 744, nothing would set $add_routers back to true (actually back to the value originally calculated at line 461). Use a different var to remember the boolean value calculated at line 461 so it can be remembered and used as needed each time through the loop. I set Gateway "none" on my LAN and left it blank on OPT1 and came up with the same problem as the forum post - OPT1 got no " option routers" statement in dhcpd.conf After this code fix it looks good.
* fix Net_IPv6::compress() to properly handle all-zeros addressDaniel Becker2015-02-231-0/+6
| | | | | | The existing implementation of Net_IPv6::compress produces an empty string when compressing the all-zeros ("::") address; fix this by checking for empty return values and replacing them with "::".
* add dhcp6.name-servers option with DHCPD-PD regardless of PD lengthDaniel Becker2015-02-231-2/+2
| | | | | | | | | The existing code only includes a v6 name server IP in the automatically generated dhcpdv6 configuration for tracking interfaces if there are additional prefixes that can be delegated on to the next router (i.e., if PD length > 2). The correct behavior is for this option to be included regardless of the PD length, as implemented in this change.
* Do not add PTR records for aliases in host overridesLorenz Schori2015-02-231-1/+5
|
* Modified DynDns -> Eurodns urljohnbyronent2015-02-231-1/+1
|
* Clean up some old, possibly stale, files when restarting php-fpmjim-p2015-02-201-0/+2
|
* add a couple unnecessary bsdinstaller files to obsoletedfilesChris Buechler2015-02-181-0/+2
|
* remove unused dfuife files.Chris Buechler2015-02-181-0/+3
|
* Don't hard code harden-referral-path. It defaults to no, so no behavior ↵Chris Buechler2015-02-181-1/+0
| | | | change, and that setting is unlikely to ever become a default. This allows users to configure an override to enable this option if desired. part of Ticket #4399
* Add GUI control for MOBIKE. Hide it when IKEv1 selected. Enable toggling of ↵Chris Buechler2015-02-181-0/+6
| | | | NAT-T field display so it's on for IKEv1, off for IKEv2. Do same for reauth while here. Ticket #3979
* Wait a bit after sending a TERM to syslogd as in some instances it can take ↵Chris Buechler2015-02-171-1/+10
| | | | too long to stop, and it fails to restart because it's still running at that point. Add a KILL in case it's still running after that. Ticket #4393
* Unobsolete libpcre.so.1Renato Botelho2015-02-131-2/+0
|
* Surrond the some mobile clients attributes with " ( quote ) to help the ↵Ermal LUÇI2015-02-131-5/+5
| | | | strongswan parser identify properly the values. Ticket #4418
* Unobsolete crypto tools and athstats, ticket #4239Renato Botelho2015-02-121-4/+0
|
* DHCPv6 client rules MUST come before bogons. Add a comment that hopefullyChris Buechler2015-02-111-14/+14
| | | | sticks out so this stops getting broken. Ticket #3395
* Fixes #4390 Properly return the vip subnet now that the CARP might not match ↵Ermal LUÇI2015-02-112-10/+8
| | | | its parent interface subnet.
* Fixes #4389 The VIP interfaces cannot be assigned since they are just an ↵Ermal LUÇI2015-02-111-8/+2
| | | | identification of the VIP for tracking. Consider that when configuring gif/gre. Also on bridges you cannot set a vip interface as its member.
* Check if notification is disabledPhil Davis2015-02-111-2/+5
| | | | | | | in send_smtp_message() Other packages like arpwatch sm.php and cron job output as reported in forum https://forum.pfsense.org/index.php?topic=88347.0 call send_smtp_message() directly, currently bypassing notification disabled checks. I think those packages [are intended to | should be] respecting the notifications disabled setting. People in the forum certainly expect them to respect this setting. If we add the $force parameter here, passing it through from notify_via_smtp() then the default behavior of send_smtp_message() can be to respect the "disable" setting. That should stop other package callers from spamming people who have disabled SMTP notifications. If a package really wants/needs to send regardless, then it can set $force, just like the "Test SMTP" button does.
* Random text typosPhil Davis2015-02-115-23/+23
| | | | that I noticed.
* Remove unset variable, spotted by phil-davisRenato Botelho2015-02-111-1/+0
|
* rrset-cache-size should == 2 * msg-cache-size. Ticket #4367Chris Buechler2015-02-111-3/+5
|
* Fixes #4370 Use the curlies to not confuse phpErmal LUÇI2015-02-101-2/+2
|
* Actually fix even the openvpn auth user script with proper checks. I thought ↵Ermal LUÇI2015-02-101-6/+6
| | | | this was fixes already!
* Fixes #4329, Fix even tls.auth script by using proper isset() test as the ↵Ermal LUÇI2015-02-101-3/+3
| | | | fixes for other authentication scripts.
OpenPOWER on IntegriCloud