| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Conflicts:
etc/inc/globals.inc
|
| | |
|
| |
|
|
| |
sync. Fixes #4902
|
| |
|
|
| |
Captive Portal. Fixes #4903
|
| |\ |
|
| | |
| |
| |
| | |
If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code here ends up with ports that look like "80\r" "443\r" ... and group_ports() does not match any of those and the final file ends up empty. That seems a shame just because the file was made in some editor that put "\r\n" line breaks. I messed about for a while trying to make my URL table ports alias work until I realized this.
This change first strips out any "\r" from the string, thus making it work with files that have either pure "\n" line breaks or "\r\n" line breaks.
|
| |/ |
|
| |
|
|
| |
This time I have typed url_ports correctly.
|
| | |
|
| |
|
|
| |
Clean it up a bit.
|
| |
|
|
|
|
|
| |
retain previous behavior.
Conflicts:
etc/inc/upgrade_config.inc
|
| |
|
|
| |
warning since it's not technically an error.
|
| |
|
|
|
|
|
| |
don't want to check peer ID.
Conflicts:
usr/local/www/vpn_ipsec_phase1.php
|
| |
|
|
| |
the password login attempt bypass bug in OpenSSH. Ticket #4875
|
| |
|
|
| |
logic gets ugly.
|
| | |
|
| |
|
|
|
| |
Conflicts:
usr/local/www/vpn_ipsec_phase1.php
|
| |
|
|
| |
vpn.inc for callers there that haven't already included it.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
LAN subnet to LAN IP. Same end result except it'll work for VIPs on same
interface now.
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| | |
Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset them. That will tidy up old configs that had the conversion done originally but these old sections were left behind.
|
| | |
| |
| |
| |
| | |
This looked odd. Why would we leave behind the old "ca" and "cert" section in $config["system"]?
I guess it would do no harm, but seems confusing for the future to have some unused entries like this remaining in the config.
Should a piece of code be put into the latest upgrade function to clean out these in any current config?
|
| |\ \ |
|
| | |/
| |
| | |
It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this code that sets dnpipe and dnqueue numbers should execute anyway.
|
| |/
|
| |
With the typo, this empty() test would always have been true. So maybe on upgrade some existing captive portal zoneid values have been getting overwritten by this even number counter? Or?
|
| |
|
|
|
|
| |
Opening redmine ticket. Revert "sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily."
This reverts commit 401adacfefbc6006bc2270ccc1640e1b15f767c1.
|
| |
|
|
|
|
| |
an earlier commit."
This reverts commit 948bbc9baf77b47e636c904faf677a698c13a293.
|
| | |
|
| |
|
|
| |
already added suffices for Windows clients, though strongswan docs suggest setting this as well.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1) A disabled gateway can always be enabled - no extra validation
needed.
2) When disabling an enabled gateway, check to see that the gateway is
not used in any gateway group or enabled static route (similar tests to
what is already checked before deleting a gateway).
3) A static route can always be disabled - no extra checks needed.
4) When enabling a static route, check that the selected gateway is
enabled - you cannot have a static route enabled on a disabled gateway.
5) Do the address family cross-check between static route and gateway
even when the static route is disabled - we do not want to save
mismatched IP address families in any case.
This covers all the cases I can see to ensure that the enable/disable
status combinations of Gateways and Static Routes is always valid.
|
| |\ \ |
|
| | | |
| | |
| | | |
... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers. This is for master branch.
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Create a host-type alias. Put just a number in "IP or FQDN" - e.g. I made alias name "Zqw" and a single host "23". The webGUI reports:
There were error(s) loading the rules: /tmp/rules.debug:44: syntax error - The line in question reads [44]: table { 23 }
and /tmp/rules.debug has:
table { 23 }
Zqw = ""
which pf does not cope with.
This change will differentiate between a number in the context of a port alias and a number that is_hostname.
This time I think it really works :) The call to alias_get_type() needed to send the alias name as parameter. alias_get_type() is a bit expensive - it scans through the whole list of aliases looking for a match on the name. So I made this code just call it once for the name and then use that $alias_type var each time as it loops through all the addresses in an alias.
I have tried this successfully with a few combinations of nested port/host/network aliases. But maybe there is some wacky combination of nested aliases possible that could still break this? I don't see how, but it needs testing on some configs that have all sorts of nested alias types.
|
| | | |
| | |
| | |
| | | |
unnecessary loop that'll amplify notifications unnecessarily.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
- Do not add leftid to confir when value is empty
- When asn1dn param is in binary form, explicit type
- Always add double quotes for asn1dn
|
| |/ / |
|
| | |
| |
| |
| |
| | |
- Add a upgrade code to fix asn1dn string format to match strongSwan needs
- Bump config version to 11.8
|
| | |
| |
| |
| | |
is asn1dn. Ticket #4792
|
| | | |
|
| | |
| |
| |
| | |
This reverts commit 81a73bcba3b3a79bb3a7add2e14a46e6af748f50.
|
| |\ \ |
|
| | | |
| | |
| | | |
Actually there was no real problem, but having a mis-spelling like this means that English speakers will waste time (like I did) double-checking to see if the mis-spelling would cause a real problem.
|
