Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Make sure this message is only displayed on console | Renato Botelho | 2014-12-10 | 1 | -1/+2 |
| | |||||
* | get_failover_interface() is already called inside get_interface_ip(v6), no ↵ | Renato Botelho | 2014-12-10 | 1 | -4/+2 |
| | | | | need to call it twice. It should fix #4089 | ||||
* | Use exit instead of return here, otherwise script's return code is always 0 ↵ | Renato Botelho | 2014-12-08 | 1 | -4/+4 |
| | | | | and user with wrong password is authenticated | ||||
* | Provide success return indication from console_configure_dhcpd | Phil Davis | 2014-12-07 | 1 | -0/+1 |
| | | | | | | | Recent commit https://github.com/pfsense/pfsense/commit/9ea554ee5cb25ea3bf5bb6bf7997c6c7379ce349 added testing of the return status of console_configure_dhcpd() - this let a user effectively abort from doing anything if they have answered "y" to prompt_for_enable_dhcp_server() and are being asked for the start and end of the range, and then decide they do not want to proceed. However, even when they gave good answers, status 0 was being returned. This prevented changes ever being implemented. Redmine: https://redmine.pfsense.org/issues/4080 The fix is to return 1 at the routine end, when all is good and the code should proceed. | ||||
* | Disable RC4 ciphers in lighttpd | Chris Buechler | 2014-12-05 | 1 | -2/+2 |
| | |||||
* | Call filter_configure_sync() is a better fix for #4066, as pointed by Ermal | Renato Botelho | 2014-12-05 | 1 | -3/+2 |
| | |||||
* | Fix #4066: | Renato Botelho | 2014-12-05 | 1 | -3/+12 |
| | | | | | | | Make sure pf is configured before other services are restarted when WAN IP changes. The way it was before, 'pass out' rules with route-to still have old IP set as 'from' and some Dynamic DNS ended up not being updated. | ||||
* | Add RELENG_2_2 to gitsync | Renato Botelho | 2014-12-05 | 1 | -0/+1 |
| | |||||
* | dyn.dns.he.net uses a self-signed cert, disable verification for it. | Chris Buechler | 2014-12-04 | 1 | -0/+1 |
| | |||||
* | Don't try to launch 3gstats unless it's on a valid device. | Chris Buechler | 2014-12-04 | 1 | -2/+4 |
| | |||||
* | Proper CA certificates are in place to validate SSL in these cases where it ↵ | Chris Buechler | 2014-12-04 | 1 | -22/+3 |
| | | | | previously couldn't be, remove disabling of verification. | ||||
* | replace spaces with tabs | Chris Buechler | 2014-12-04 | 1 | -2/+2 |
| | |||||
* | After discussion with Ermal, remove this to force consumers to send things | Chris Buechler | 2014-12-04 | 1 | -7/+0 |
| | | | | | properly. I fixed the scenario in Unbound where it was sending IPs to these functions rather than an interface, so this has no functional diff. | ||||
* | Don't include link-locals as unbound interface candidates | Jean Cyr | 2014-12-04 | 1 | -1/+1 |
| | | | | Unbound does not presently support link-local interfaces. | ||||
* | The time has come - bump to 2.2-RC | Chris Buechler | 2014-12-04 | 1 | -1/+1 |
| | |||||
* | Fix update url since now we have RELENG_2_2 | Renato Botelho | 2014-12-04 | 1 | -1/+1 |
| | |||||
* | Proper fix was put on f658bac | Ermal LUÇI | 2014-12-04 | 1 | -1/+2 |
| | | | | | | Revert "Can't skip this if booting, ends up breaking config. Ticket #4071" This reverts commit effb3a3cfe4e57b781f35ba8a145eb627014d8ce. | ||||
* | Properly unset booting flags to allow dynamic ipsec tunnels to work correctly | Ermal LUÇI | 2014-12-04 | 2 | -3/+6 |
| | |||||
* | change the ordering of dhcpd_configure and unbound_configure here, claims on ↵ | Chris Buechler | 2014-12-04 | 1 | -3/+3 |
| | | | | forum it fixes issue I can't seem to replicate. | ||||
* | Merge pull request #1360 from jean-m-cyr/master | Chris Buechler | 2014-12-03 | 1 | -5/+7 |
|\ | |||||
| * | Link local interfaces don't have subnet.. don't create access-control statement | Jean Cyr | 2014-12-03 | 1 | -5/+7 |
| | | | | | | | | | | | | Selecting link local interface for unbound causes invalid access-control statement in unbound config since link local address doesn't have subnet. | ||||
* | | Can't skip this if booting, ends up breaking config. Ticket #4071 | Chris Buechler | 2014-12-03 | 1 | -2/+1 |
|/ | |||||
* | fix IPv6 static routes, is_ipaddrv6 returns true for strings including a | Chris Buechler | 2014-12-03 | 1 | -3/+2 |
| | | | | CIDR mask, which then ended up broken. | ||||
* | Change our default resolv-retry back to OpenVPN's default. Changing this | Chris Buechler | 2014-12-03 | 1 | -1/+1 |
| | | | | | | didn't help the ticket where it was intended to help, which was later fixed differently. This change in defaults is problematic in a lot of scenarios, go back to the way things were before. Ticket #3894 | ||||
* | Merge pull request #1357 from DasTestament/patch-1 | Chris Buechler | 2014-12-02 | 1 | -1/+1 |
|\ | |||||
| * | Update filter.inc | Dmitriy K. | 2014-12-01 | 1 | -1/+1 |
| | | | | | | | | | | Add missing gettext. p.s: Is it really needed to log? Lots of rules causes lots of spam on ifaces without gw. Such kind of this logging should be controllable by user via option at least. | ||||
* | | reload Unbound here, fixes some instances of PD-assigned v6 IPs missing from ↵ | Chris Buechler | 2014-12-02 | 1 | -0/+3 |
| | | | | | | | | unbound.conf | ||||
* | | If get_interface_ip(v6) is passed an IP, return the IP. | Chris Buechler | 2014-12-02 | 2 | -6/+19 |
| | | | | | | | | | | | | Properly set up interface binding for v6 link local IPs. Ticket #4021 except had to comment out the fix for now because of #4062 to avoid config breakage. | ||||
* | | Use clog -f /var/log/filter.log to view firewall log entries, so they are ↵ | jim-p | 2014-12-02 | 1 | -1/+1 |
| | | | | | | | | displayed in the new format. | ||||
* | | wait 10 minutes before retrying on soft failures to avoid us getting DoSed | Chris Buechler | 2014-12-02 | 1 | -1/+1 |
| | | | | | | | | | | if something is wrong there (like someone's system can't validate the cert) | ||||
* | | don't include cert.pem in the obsoletedfiles list. | Chris Buechler | 2014-12-02 | 1 | -1/+0 |
| | | |||||
* | | Preserve exit code lost from s/exit/return/ | Ermal LUÇI | 2014-12-02 | 2 | -3/+3 |
| | | |||||
* | | Cleanup whitespace. | Ermal LUÇI | 2014-12-02 | 1 | -3/+1 |
| | | |||||
* | | Remove exit from as much as possible backend code | Ermal LUÇI | 2014-12-02 | 2 | -9/+9 |
| | | |||||
* | | Remove exit from as much as possible backend code | Ermal LUÇI | 2014-12-02 | 3 | -11/+13 |
| | | |||||
* | | Remove exit and also properly close open files | Ermal LUÇI | 2014-12-02 | 2 | -5/+8 |
| | | |||||
* | | Lock rc.linkup based on interface to avoid races in between up/down events ↵ | Ermal LUÇI | 2014-12-02 | 1 | -1/+4 |
| | | | | | | | | which might create a loop. This is more a timing issue but better enforce serialization here. check_reload_status forces this but not between start and stop but just between similar events. Probably need to bring more inteligence there. | ||||
* | | Avoid calling exit in backend now that fpm is used for php since its a ↵ | Ermal LUÇI | 2014-12-02 | 1 | -6/+7 |
| | | | | | | | | pesimization and can break calling scripts assumption on locks. | ||||
* | | Comment out copy paste of v4 code. No need to delete arp entries on v6. | Ermal LUÇI | 2014-12-02 | 1 | -1/+1 |
| | | |||||
* | | Comment out copy paste of v4 code. No need to delete arp entries on v6. | Ermal LUÇI | 2014-12-02 | 1 | -1/+1 |
| | | |||||
* | | also take into account the "all" option in Unbound Network Interfaces when | Chris Buechler | 2014-12-01 | 1 | -2/+2 |
| | | | | | | | | setting 127.0.0.1 into resolv.conf. | ||||
* | | Revert "/etc/ssl/cert.pem was obsoleted by mistake, remove it" | Renato Botelho | 2014-12-01 | 1 | -0/+1 |
| | | | | | | | | | | | | Since /usr/local/ssl/cert.pem is in place now, it can be obsoleted This reverts commit bb788b8ceb3337b62401819378ec3070deb18966. | ||||
* | | /etc/ssl/cert.pem was obsoleted by mistake, remove it | Renato Botelho | 2014-12-01 | 1 | -1/+0 |
|/ | |||||
* | Unlink temporary xml file to avoid filling up space with junk files | Ermal LUÇI | 2014-12-01 | 1 | -0/+4 |
| | |||||
* | Only set i_dont_care_about_security_and_use_aggressive_mode_psk=yes where ↵ | Chris Buechler | 2014-11-29 | 1 | -4/+10 |
| | | | | there is a P1 with aggressive+PSK enabled. Log a warning when such a configuration is in use. | ||||
* | Correctly delete xml file after restore and conversion to rrd | Phil Davis | 2014-11-29 | 1 | -1/+1 |
| | | | | When doing "Generating RRD graphs" at bootup, the data is restored from /cf/conf/rrd.tgz into xml format files in /var/db/rrd. Those xml files are then convert to rrd files. After that, the xml files should be deleted - but the xml file path was not quite right, so they were not being deleted. This fixes it. | ||||
* | Fix bracketing of if statement in unbound | Phil Davis | 2014-11-29 | 1 | -2/+2 |
| | | | | | | Stops message: Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/unbound.inc on line 607 The problem was introduced when lines 607-608 were added without adding these brackets. IMHO programming standards should include ALWAYS using brackets for "if" and other similar statements. That way this sort of code addition accident does not happen. But I guess there are others who have different opinions. | ||||
* | fix syntax on prefix6 for DHCPv6 PD | Chris Buechler | 2014-11-28 | 1 | -1/+1 |
| | |||||
* | Add input validation on vpn_ipsec_settings.php. Fixes #4052. | Chris Buechler | 2014-11-28 | 1 | -1/+1 |
| | |||||
* | Skip v6 WANs in Unbound access-control. Ticket #4023 | Chris Buechler | 2014-11-28 | 1 | -1/+3 |
| |