| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Conflicts:
etc/inc/ipsec.inc
|
| |
|
| |
|
|
|
|
|
| |
Conflicts:
etc/inc/interfaces.inc
|
|
|
|
|
|
|
| |
Because an ordinary port can be numeric here.
Forum https://forum.pfsense.org/index.php?topic=89906.0
Conflicts:
etc/inc/util.inc
|
| |
|
|
|
|
| |
who configured them on previous versions where that was allowed. Ticket
|
| |
|
| |
|
|
|
|
| |
most likely unnecessary.
|
|
|
|
|
|
|
|
|
| |
I was testing code and just doing stuff like:
require_once("zeromq.inc");
in Diagnostics->Command Prompt, PHP Execute
That brings an error because underneath that PHP Execute code it has already included auth.inc
I guess zeromq.inc is used quite separately to the rest of the system, and must be OK just having a "require" here. But it seems safer to always use require_once, just in case it gets called in a new way/sequence.
Comments welcome.
|
|
|
|
| |
Breaks things in many cases with strongSwan. For the very rare circumstances where this is actually desirable, it's just a sysctl that can be set in tunables.
|
|
|
|
|
|
|
|
|
|
|
| |
This code looked silly the way it was, with the construct:
$var = $var;
unset($var);
Seems it was accidentally changed to this way many years ago by https://github.com/pfsense/pfsense/commit/588a183b0e58f09932ffef35cc0003cca2313aba
IMHO we want to do the conversion to $config['system']['gateway'] here so that later config conversion will then process it as expected.
Note that in a current (2.2) config there is not $config['system']['gateway'] but that is switched over later in upgrade_021_to_022 - which switches back to $config['interfaces']['wan']['gateway'] and then later config conversions do their thing with that.
I guess this will only effect people who upgrade from some really old config (or monowall?)
|
| |
|
|
|
|
|
|
|
| |
This routine seems to go looking to see if the passed-in interface is PPP-style. At the end, if it is not PPP-style then it calls pfsense_ngctl_detach.
This foreach loop in its current state will always exit after the first iteration that is not mode "server". But it looks like it should look through all the 'pppoe' entries until it finds the interface or gets to the end.
In theory the code will sometimes miss setting $found = true when it should have. And thus pfsense_ngctl_detach would get called later for a PPP-style interface.
I noticed this while reviewing for code style guide - it is an example where the indenting shows the intention but there are no curlies to implement it.
|
| |
|
| |
|
| |
|
|
|
|
| |
dns_split
|
|
|
|
| |
space or comma to comply with strongswan requirements.
|
|
|
|
| |
Jeffrey Dvornek
|
| |
|
| |
|
|
|
|
| |
use it. Ticket #4436
|
|
|
|
|
|
|
|
| |
that match exactly a whole block of private address space.
e.g. if the user has checked "Do not forward private reverse lookups" and also adds adds a domain override that matches a whole block of private address space, such as:
10.in-addr.arpa -> 10.42.1.1
then we want all reverse lookups in the "10" network to be referred to their DNS server at 10.42.1.1 and reverse lookups of other private addresses to immediately return NXDOMAIN.
Without this change, those referrals were not happening, because there was a "-server=10.in-addr.arpa" to nowhere put on the command line and that was effectively overriding the user-specified domain override!
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Forum: https://forum.pfsense.org/index.php?topic=89302.0
If the user put "none" in the 'gateway' field for the DHCP settings of an interface, that would set $add_routers to false at line 742. Coming around the loop again for a subsequent interface, and going through the else line 744, nothing would set $add_routers back to true (actually back to the value originally calculated at line 461).
Use a different var to remember the boolean value calculated at line 461 so it can be remembered and used as needed each time through the loop.
I set Gateway "none" on my LAN and left it blank on OPT1 and came up with the same problem as the forum post - OPT1 got no " option routers" statement in dhcpd.conf
After this code fix it looks good.
|
|
|
|
|
|
| |
The existing implementation of Net_IPv6::compress produces an empty
string when compressing the all-zeros ("::") address; fix this by
checking for empty return values and replacing them with "::".
|
|
|
|
|
|
|
|
|
| |
The existing code only includes a v6 name server IP in the
automatically generated dhcpdv6 configuration for tracking interfaces if
there are additional prefixes that can be delegated on to the next
router (i.e., if PD length > 2). The correct behavior is for this option
to be included regardless of the PD length, as implemented in this
change.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
change, and that setting is unlikely to ever become a default. This allows users to configure an override to enable this option if desired. part of Ticket #4399
|
|
|
|
| |
NAT-T field display so it's on for IKEv1, off for IKEv2. Do same for reauth while here. Ticket #3979
|
|
|
|
| |
too long to stop, and it fails to restart because it's still running at that point. Add a KILL in case it's still running after that. Ticket #4393
|
| |
|
|
|
|
| |
strongswan parser identify properly the values. Ticket #4418
|
| |
|
|
|
|
| |
sticks out so this stops getting broken. Ticket #3395
|
|
|
|
| |
its parent interface subnet.
|
|
|
|
| |
identification of the VIP for tracking. Consider that when configuring gif/gre. Also on bridges you cannot set a vip interface as its member.
|
|
|
|
|
|
|
| |
in send_smtp_message()
Other packages like arpwatch sm.php and cron job output as reported in forum https://forum.pfsense.org/index.php?topic=88347.0 call send_smtp_message() directly, currently bypassing notification disabled checks. I think those packages [are intended to | should be] respecting the notifications disabled setting. People in the forum certainly expect them to respect this setting.
If we add the $force parameter here, passing it through from notify_via_smtp() then the default behavior of send_smtp_message() can be to respect the "disable" setting. That should stop other package callers from spamming people who have disabled SMTP notifications.
If a package really wants/needs to send regardless, then it can set $force, just like the "Test SMTP" button does.
|
|
|
|
| |
that I noticed.
|
| |
|
| |
|
| |
|
|
|
|
| |
this was fixes already!
|
|
|
|
| |
fixes for other authentication scripts.
|