Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Merge pull request #1762 from doktornotor/patch-3 | Renato Botelho | 2015-07-18 | 1 | -4/+4 |
|\ | |||||
| * | Add labels to some default firewall rules | doktornotor | 2015-07-18 | 1 | -4/+4 |
| | | | | | | ... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers. | ||||
* | | Really avoid error loading rules for numeric host name in alias | Phil Davis | 2015-07-18 | 1 | -1/+2 |
|/ | | | | | | | | | | | | Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports: There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 } and /tmp/rules.debug has: table { 23 } Zqw = "" which pf does not cope with. This change will differentiate between a number in the context of a port alias and a number that is_hostname. This time I think it really works :) The call to alias_get_type() needed to send the alias name as parameter. alias_get_type() is a bit expensive - it scans through the whole list of aliases looking for a match on the name. So I made this code just call it once for the name and then use that $alias_type var each time as it loops through all the addresses in an alias. I have tried this successfully with a few combinations of nested port/host/network aliases. But maybe there is some wacky combination of nested aliases possible that could still break this? I don't see how, but it needs testing on some configs that have all sorts of nested alias types. | ||||
* | Handle OpenVPN bound to gateway groups using CARP IPs in ↵ | Chris Buechler | 2015-07-18 | 2 | -2/+31 |
| | | | | rc.carpmaster/backup. Ticket #4854 | ||||
* | Fixes for IPSec ASN1.DN, ticket #4792 | Renato Botelho | 2015-07-17 | 1 | -7/+17 |
| | | | | | | - Do not add leftid to confir when value is empty - When asn1dn param is in binary form, explicit type - Always add double quotes for asn1dn | ||||
* | Only add outgoing-interface if IP. Ticket #4852 | Chris Buechler | 2015-07-17 | 1 | -2/+2 |
| | |||||
* | Fix #4794: | Renato Botelho | 2015-07-17 | 2 | -1/+22 |
| | | | | | - Add a upgrade code to fix asn1dn string format to match strongSwan needs - Bump config version to 11.8 | ||||
* | Add leftid and rightid value between double quotes on ipsec config when type ↵ | Renato Botelho | 2015-07-16 | 2 | -3/+8 |
| | | | | is asn1dn. Ticket #4792 | ||||
* | Remove old, unused NetUtils.js | Chris Buechler | 2015-07-16 | 1 | -0/+1 |
| | |||||
* | Revert "Avoid error loading rules for numeric host name in alias" | Renato Botelho | 2015-07-15 | 1 | -1/+1 |
| | | | | This reverts commit 6605035f9d2a04d1d4b724f6e993bc3f5c6d173d. | ||||
* | Fix issue_ip_type var name spelling | Phil Davis | 2015-07-15 | 1 | -6/+6 |
| | | | Actually there was no real problem, but having a mis-spelling like this means that English speakers will waste time (like I did) double-checking to see if the mis-spelling would cause a real problem. | ||||
* | Avoid error loading rules for numeric host name in alias | Phil Davis | 2015-07-15 | 1 | -1/+1 |
| | | | | | | | | | | | Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports: There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 } and /tmp/rules.debug has: table <Zqw> { 23 } Zqw = "<Zqw>" which pf does not cope with. It is possible to have a host name that is a number, and end up with a domain name like 23.mycompany.com - unfortunately some Wally allowed such things in standards many years ago, so it can be rather difficult to tell the difference between a number and a host name. This change improves the check when looking through alias entries and deciding if they are meant to be a name or a "bottom-level" value (address, subnet, port, port range). Anything that ends up looking like a host name gets given to filterdns to sort out. "Names" like "23" now get given to filterdns instead of being put directly into the table in pf. This makes things happier. Even if filterdns cannot resolve "23", at least it tries and nothing barfs. | ||||
* | Fix GratisDNS support, manual merge of commit ↵ | Chris Buechler | 2015-07-14 | 1 | -2/+2 |
| | | | | 3e31a7f82589d3350f111bd7d81cc83a0ab253e2 | ||||
* | fix fsync, thanks Phil Davis for noticing | Chris Buechler | 2015-07-10 | 1 | -1/+1 |
| | |||||
* | fix fsync | Chris Buechler | 2015-07-10 | 1 | -1/+1 |
| | |||||
* | fsync after fclose here, clean up some white space while here. | Chris Buechler | 2015-07-10 | 1 | -21/+27 |
| | |||||
* | fsync conf_path here too | Chris Buechler | 2015-07-10 | 1 | -0/+1 |
| | |||||
* | fix typo | Chris Buechler | 2015-07-10 | 1 | -1/+1 |
| | |||||
* | Make sure config.xml is safe on disk when restoring a backup, ticket #4803 | Renato Botelho | 2015-07-06 | 1 | -0/+1 |
| | |||||
* | Make sure temporary config file is safe on disk before rename, ticket #4803 | Renato Botelho | 2015-07-06 | 1 | -1/+1 |
| | |||||
* | Remove reference to vfs.forcesync | Renato Botelho | 2015-07-06 | 1 | -1/+0 |
| | |||||
* | Use right function pfSense_fsync to make sure config file is safe on disk, ↵ | Renato Botelho | 2015-07-06 | 1 | -4/+2 |
| | | | | ticket #4803 | ||||
* | fix includes so shellsession restartipsec works. | Chris Buechler | 2015-07-05 | 1 | -0/+2 |
| | |||||
* | remove debug.pfftpproxy, it no longer exists. | Chris Buechler | 2015-07-04 | 1 | -1/+0 |
| | |||||
* | Fix keyid identifers, and go back to using %any in ipsec.secrets as in ↵ | Chris Buechler | 2015-07-03 | 1 | -2/+4 |
| | | | | previous versions, fixing a variety of other ID issues. Latter will break some mobile IPsec circumstances, fix for that to come after more testing. Ticket #4811 | ||||
* | sync up vpn.inc with master. Mostly white space and style changes | Chris Buechler | 2015-07-02 | 1 | -280/+426 |
| | |||||
* | sync up ipsec.inc with master. Mostly whitespace and style changes. | Chris Buechler | 2015-07-02 | 1 | -174/+219 |
| | |||||
* | fix part of keyid problem. Ticket #4811 | Chris Buechler | 2015-07-01 | 1 | -1/+1 |
| | |||||
* | Remove unnecessary deletion of rc.conf. Add an empty rc.conf with a note | Chris Buechler | 2015-07-01 | 3 | -6/+1 |
| | | | | so people don't think they should be using it. | ||||
* | Improve handling of port ranges in relayd, fixes #4810 | jim-p | 2015-07-01 | 1 | -1/+5 |
| | |||||
* | Use interface-automatic for Unbound when the interfaces list is empty (same ↵ | jim-p | 2015-06-26 | 1 | -0/+2 |
| | | | | as All) otherwise it breaks with a default CARP config. | ||||
* | Bump version to 2.2.4-DEVELOPMENT | Renato Botelho | 2015-06-25 | 1 | -1/+1 |
| | |||||
* | It's time for 2.2.3-RELEASERELENG_2_2_3 | Renato Botelho | 2015-06-23 | 1 | -1/+1 |
| | |||||
* | Add D1540-XG. | Matt Smith | 2015-06-23 | 1 | -0/+3 |
| | |||||
* | Introduce Netgate RCC-DFF to the list of known platforms | Renato Botelho | 2015-06-23 | 2 | -2/+8 |
| | |||||
* | rereadall is not enough here, restore reload call to make sure everything ↵ | Renato Botelho | 2015-06-23 | 1 | -0/+1 |
| | | | | works. Ticket #4785 | ||||
* | Replace ipsec rereadsecrets + reload by single rereadall, that will re-read ↵ | Renato Botelho | 2015-06-23 | 1 | -2/+1 |
| | | | | also cert changes. Ticket #4785 | ||||
* | Instead of sending USR1, just call ipsec reload. And before it, call ipsec ↵ | Renato Botelho | 2015-06-23 | 1 | -1/+2 |
| | | | | rereadsecrets to make sure new secretes are updated. It should fix #4785 | ||||
* | Partially revert 019ee2bc8c, this workaround is not necessary. Real fix will ↵ | Renato Botelho | 2015-06-23 | 1 | -8/+0 |
| | | | | be committed after this | ||||
* | Add a workaround for ticket #4785: | Renato Botelho | 2015-06-23 | 1 | -4/+18 |
| | | | | | | There was a regression on strongswan between 5.3.0 and 5.3.2 as reported at [1]. To workaround this issue, add an extra line on ipsec.secrets with right fqdn. | ||||
* | Fix var name typo in shaper.inc | Chris Buechler | 2015-06-23 | 1 | -1/+1 |
| | |||||
* | Don't delete /var/tmp/, that was originally done to clear session data at ↵ | Chris Buechler | 2015-06-22 | 1 | -1/+0 |
| | | | | boot, but no longer applicable as session data is no longer in /var/tmp/. Credit to 'aa' on opnsense forum. | ||||
* | Use $myid in ipsec.secrets. Ticket #4785 | Chris Buechler | 2015-06-22 | 1 | -2/+2 |
| | |||||
* | This is incomplete. Leaving for 2.3. Revert "Ticket #4683 merge in brainpool ↵ | Chris Buechler | 2015-06-22 | 1 | -11/+2 |
| | | | | | | for DH parameters" This reverts commit 7dc35024af3af1d644c25b002ca9f40f1d61c05b. | ||||
* | Specify $myid rather than %any here, otherwise user manager and mobile PSKs ↵ | Chris Buechler | 2015-06-21 | 1 | -3/+4 |
| | | | | won't match. Ticket #4781 | ||||
* | Obsolete pt_BR.ISO-88591 in favor of UTF-8 | Renato Botelho | 2015-06-19 | 1 | -1/+1 |
| | |||||
* | Move pt_BR translation from ISO to UTF-8 | Renato Botelho | 2015-06-19 | 1 | -1/+1 |
| | |||||
* | Ticket #4746 Correctly set global variables to be used by hostnames cod epaths | Ermal LUÇI | 2015-06-19 | 1 | -2/+2 |
| | |||||
* | Ticket #4683 merge in brainpool for DH parameters | Ermal LUÇI | 2015-06-19 | 1 | -2/+11 |
| | |||||
* | Add a GUI field to increase the pf frag entries limit. Fixes ticket #4775 | jim-p | 2015-06-18 | 1 | -0/+5 |
| |