summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Fix path for pre and post upgrade scriptsRenato Botelho2015-08-171-12/+12
|
* The "enableallowallwan" script should also allow bogons, or it makes running ↵jim-p2015-08-131-0/+2
| | | | test firewalls with RFC5735/6890 test network style WANs a pain.
* Deprecate rootmfsRenato Botelho2015-08-122-62/+1
|
* Don't lowercase the whole group namejim-p2015-08-121-2/+2
|
* Fix GUI auth from RADIUS to grab group names from the Class attribute. ↵jim-p2015-08-124-5/+28
| | | | | | Implements #935 The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.
* put back the missing newlinenagyrobi2015-08-041-2/+2
| | | Since 2.2 the console is missing the separating line between the interfaces list and the menu, which makes it harder to overlook on a VGA screen. This restores the appearance which we were used to during so many years.
* only read file if it exists, and only foreach if an array.Chris Buechler2015-08-031-9/+13
|
* Merge pull request #1804 from phil-davis/bogons-not-existsRenato Botelho2015-08-031-5/+9
|\
| * Allow to create empty bogons on nanoBSDPhil Davis2015-07-301-5/+9
| | | | | | | | | | | | | | If for some reason the bogons file/s do not exist then this code creates empty ones before making any use of them in the rule set. On nanoBSD this can fail if the file system is mount RO. Protect against this possibility by use conf_mount_rw and conf_mount_ro
* | Drop support for jail platformRenato Botelho2015-07-3110-140/+45
| |
* | Use /cf/conf to populate default config on cdrom since it is always present, ↵Renato Botelho2015-07-311-6/+4
| | | | | | | | /conf is a synlink
* | Do not try to use a variable that is not set yetRenato Botelho2015-07-311-1/+1
| |
* | Call lua_installer passing rescue as parameter since lua_installer_rescue is ↵Renato Botelho2015-07-311-1/+1
| | | | | | | | gone
* | Remove extra parenthesisRenato Botelho2015-07-311-2/+2
| |
* | Add UUID to pkg user agentRenato Botelho2015-07-311-4/+14
| |
* | Define HTTP_USER_AGENT for pkg callsRenato Botelho2015-07-311-0/+2
| |
* | Introduce a new item to $g global, 'product_version' and stop reading ↵Renato Botelho2015-07-314-12/+10
| | | | | | | | /etc/version all around
* | Remove option C from cdrom boot menu and disable LiveCD optionRenato Botelho2015-07-301-11/+6
| |
* | Remove options ~ and ! from valid keys on cdrom boot menuRenato Botelho2015-07-301-1/+1
| |
* | Remove an undocumented and hidden option called 'RecoveryConsoleShell'Renato Botelho2015-07-303-23/+0
| |
* | remove the destination server's interface(s) from dhcrelay. Ticket #4908Chris Buechler2015-07-301-135/+6
| |
* | Remove more rc files from Obsolete listRenato Botelho2015-07-301-117/+0
| |
* | Remove more files from obsolete, they are still part of recent versionsRenato Botelho2015-07-301-8/+0
| |
* | Remove more files from obsolete, they are still part of recent versionsRenato Botelho2015-07-301-16/+0
| |
* | Remove more files from obsolete, they are still part of recent versionsRenato Botelho2015-07-301-15/+0
| |
* | This is handled above now.jim-p2015-07-301-1/+0
| |
* | More safety belts on CP DB openjim-p2015-07-301-0/+13
| |
* | Remove more bsdinstaller files from pfSense.obsoletedfilesRenato Botelho2015-07-301-15/+0
| |
* | Do not obsolete items from /var/db/pkgRenato Botelho2015-07-301-5/+0
| |
* | Do not obsolete after_installation_routines.sh, it's part of bsdinstaller pkgRenato Botelho2015-07-301-1/+0
| |
* | Remove unused ftmp referencesRenato Botelho2015-07-302-5/+0
| |
* | Remove bdiff supportRenato Botelho2015-07-302-69/+2
| |
* | Change welcome to /dev/null on login.conf and stop removing /etc/motdRenato Botelho2015-07-302-4/+1
| |
* | Take more care when attempting to open the CP database. Don't assume it's ↵jim-p2015-07-301-0/+10
| | | | | | | | valid before attempting to use it.
* | Reinitialize the captive portal database for a zone if it is ↵jim-p2015-07-301-10/+24
|/ | | | corrupt/unreadable. Fixes #4904
* remove more old, unused platform stuffChris Buechler2015-07-301-3/+0
|
* remove old unused nopccard_platformsChris Buechler2015-07-291-1/+0
| | | | | Conflicts: etc/inc/globals.inc
* remove wrap and net4501 platforms, they haven't existed for years.Chris Buechler2015-07-291-19/+0
|
* Check both greater and less than for the configuration version in XMLRPC ↵jim-p2015-07-291-3/+4
| | | | sync. Fixes #4902
* Use an alternate method to find VIP targets that should be allowed for ↵jim-p2015-07-292-20/+14
| | | | Captive Portal. Fixes #4903
* Merge pull request #1797 from phil-davis/patch-10Renato Botelho2015-07-271-1/+1
|\
| * Strip any \r when parsing URL table ports filePhil Davis2015-07-271-1/+1
| | | | | | | | If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code here ends up with ports that look like "80\r" "443\r" ... and group_ports() does not match any of those and the final file ends up empty. That seems a shame just because the file was made in some editor that put "\r\n" line breaks. I messed about for a while trying to make my URL table ports alias work until I realized this. This change first strips out any "\r" from the string, thus making it work with files that have either pure "\n" line breaks or "\r\n" line breaks.
* | Fix typo in variable name, spotted by Phil DavisRenato Botelho2015-07-271-1/+1
|/
* Consider url_port alias type when checking port-type aliases V2Phil Davis2015-07-271-1/+1
| | | | This time I have typed url_ports correctly.
* add a check to avoid foreach on non-arrayChris Buechler2015-07-271-0/+4
|
* Bring back the ability to specify file and URL as command line arguments. ↵Chris Buechler2015-07-261-15/+21
| | | | Clean it up a bit.
* Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to ↵Chris Buechler2015-07-251-0/+13
| | | | | | | retain previous behavior. Conflicts: etc/inc/upgrade_config.inc
* Change the log for CRLs with no data (exists but no certs revoked) to a ↵Chris Buechler2015-07-251-1/+1
| | | | warning since it's not technically an error.
* Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵Chris Buechler2015-07-252-1/+4
| | | | | | | don't want to check peer ID. Conflicts: usr/local/www/vpn_ipsec_phase1.php
* Lower LoginGraceTime to 30s, should be plenty long for users, and mitigates ↵Chris Buechler2015-07-231-0/+1
| | | | the password login attempt bypass bug in OpenSSH. Ticket #4875
OpenPOWER on IntegriCloud