Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Correct the leftsubnet specification for transport mode. | Ermal LUÇI | 2014-12-19 | 1 | -1/+1 |
| | |||||
* | Heh remove debugging code | Ermal LUÇI | 2014-12-19 | 1 | -1/+0 |
| | |||||
* | Ooops fix this identation on final config | Ermal LUÇI | 2014-12-19 | 1 | -13/+13 |
| | |||||
* | Just whitespace save from removing a useless else { branch | Ermal LUÇI | 2014-12-19 | 1 | -597/+599 |
| | |||||
* | Remove unused function | Ermal LUÇI | 2014-12-19 | 1 | -83/+0 |
| | |||||
* | Enforce some more checking to avoid ↵ | Ermal LUÇI | 2014-12-19 | 1 | -4/+4 |
| | | | | https://forum.pfsense.org/index.php?topic=85580.0 | ||||
* | include $myid in these PSK lines. Ticket #4126 | Chris Buechler | 2014-12-18 | 1 | -3/+3 |
| | |||||
* | Simplify logic using a proper function as spotted by Ermal | Renato Botelho | 2014-12-18 | 1 | -8/+5 |
| | |||||
* | Replace ; by newlines when upgrading custom_options from unbound packages, ↵ | Renato Botelho | 2014-12-18 | 1 | -0/+3 |
| | | | | it's related to ticket #4090 | ||||
* | Do not restart unneeded services. Also triger configuration for the proper ↵ | Ermal LUÇI | 2014-12-18 | 1 | -1/+3 |
| | | | | interface. | ||||
* | Add openvpn interfaces to group when they are created, it should fix #4110 | Renato Botelho | 2014-12-18 | 1 | -0/+9 |
| | |||||
* | Check if interface exist before try to add it to group | Renato Botelho | 2014-12-18 | 1 | -2/+3 |
| | |||||
* | Bump latest_config version that I forgot on previous commit. Spotted by Jim ↵ | Renato Botelho | 2014-12-17 | 1 | -1/+1 |
| | | | | Pingle | ||||
* | syslogd can't just be HUPed to pick up its new config, as many of those | Chris Buechler | 2014-12-17 | 1 | -3/+3 |
| | | | | | are command line arguments. Go back to 2.1x and prior behavior of TERM and restart. Fixes source IP use with syslog among other config changes. | ||||
* | Add a cron item to expire items from webConfiguratorlockout, also add config ↵ | Renato Botelho | 2014-12-17 | 1 | -0/+14 |
| | | | | upgrade code. This fixes #4122 | ||||
* | Check if interface is disabled when configuring DHCP server. It fixes #4119 | Renato Botelho | 2014-12-17 | 1 | -2/+5 |
| | |||||
* | Give the proper value for the logging level since even 0 is the correct ↵ | Ermal LUÇI | 2014-12-17 | 1 | -1/+1 |
| | | | | value coming from GUI. | ||||
* | Make logic more visible as suggested by Ermal | Renato Botelho | 2014-12-16 | 1 | -1/+6 |
| | |||||
* | Teach interface_vip_bring_down() to deal with IP Alias over CARP | Renato Botelho | 2014-12-16 | 1 | -1/+7 |
| | |||||
* | Add DNS Resolver to the list of services to be sync'd on HA, make sure it ↵ | Renato Botelho | 2014-12-15 | 1 | -2/+6 |
| | | | | and DNS Forwarder are not enabled simultaneously. It fixes #4067 | ||||
* | Use newline to separate unbound custom options during config upgrade, it ↵ | Renato Botelho | 2014-12-15 | 1 | -4/+4 |
| | | | | should fix #4104 | ||||
* | Where binding Unbound to *:53, set "interface-automatic: yes" so replies are ↵ | Chris Buechler | 2014-12-13 | 1 | -0/+1 |
| | | | | sourced from the correct IP. Ideally this should always work this way, but setting this causes Unbound to bind to *:53, which shouldn't happen where specific interfaces are chosen. Ticket #4111 | ||||
* | Validation of y/n answers in setlanip | Phil Davis | 2014-12-12 | 1 | -31/+33 |
| | | | | | | | At the moment the user can answer "yes" to most of the questions, but then later code only checks if the answer is "y". Thus you can type in "yes" in some places, have it accepted, but actually the negative action is taken. That is weird and will mess up people who try typing a whole string starting with "y". With this change it makes the user type one of "y", "yes", "n", "no". When they type 1 of those, it is turned into either "y" or "n". Then the existing implementation logic all works as expected. Hopefully this is the "final" version that fixes the behavior of the (y/n) questions. I also included the bit at 296-297 which adds the CIDR bit-count range to the prompt, so the user can see exactly what input is valid/expected there. Redmine issue #4100 | ||||
* | rc.initial.setlanip fix validation of CIDR within range | Phil Davis | 2014-12-12 | 1 | -1/+1 |
| | | | | Currently this allows the user to input any number for the CIDR. I happened to try 44 for an IPv4 CIDR when playing. This fixes that little bug - I think it is good to commit that first/separately so it can be identified apart from the other (y/n) checking/handling I am working on. Better to have separate commits for distinct bugs. | ||||
* | Split ICMP and ICMPv6 types on Firewall Rules | Renato Botelho | 2014-12-11 | 1 | -0/+61 |
| | | | | | | | | | | | - Remove redundant declaration of $icmptypes and move it to a common place (filter.inc) - Add missing ICMP types for v4 - Add ICMPv6 types - Adjust javascripts to show correct options depending of IP Protocol - Hide ICMP type selection when protocol is IPv4+v6 It fixes #3389 | ||||
* | Fix #4099: | Renato Botelho | 2014-12-11 | 1 | -1/+3 |
| | | | | | | - When interface is 'lo0', strpos returns 0, that is erroneously considered false (boolean) on the test. Be more strict on strpos return to avoid skiping lo0 ip aliases during sync. | ||||
* | Improve check if no OpenVPN defined | Phil Davis | 2014-12-11 | 1 | -1/+2 |
| | | | | | Alternate version of https://github.com/pfsense/pfsense/pull/1376 This version retains the is_array() checks and then only does the count() if the is_array() is true. Take whichever version you like. | ||||
* | Setup ddb on all platforms. On full install it will save the dump, on ↵ | jim-p | 2014-12-10 | 2 | -6/+6 |
| | | | | | | NanoBSD it will print to console and auto-reboot. This way, a router running NanoBSD won't sit at a db> prompt indefinitely if it crashes. | ||||
* | Make sure this message is only displayed on console | Renato Botelho | 2014-12-10 | 1 | -1/+2 |
| | |||||
* | get_failover_interface() is already called inside get_interface_ip(v6), no ↵ | Renato Botelho | 2014-12-10 | 1 | -4/+2 |
| | | | | need to call it twice. It should fix #4089 | ||||
* | Use exit instead of return here, otherwise script's return code is always 0 ↵ | Renato Botelho | 2014-12-08 | 1 | -4/+4 |
| | | | | and user with wrong password is authenticated | ||||
* | Provide success return indication from console_configure_dhcpd | Phil Davis | 2014-12-07 | 1 | -0/+1 |
| | | | | | | Recent commit https://github.com/pfsense/pfsense/commit/9ea554ee5cb25ea3bf5bb6bf7997c6c7379ce349 added testing of the return status of console_configure_dhcpd() - this let a user effectively abort from doing anything if they have answered "y" to prompt_for_enable_dhcp_server() and are being asked for the start and end of the range, and then decide they do not want to proceed. However, even when they gave good answers, status 0 was being returned. This prevented changes ever being implemented. Redmine: https://redmine.pfsense.org/issues/4080 The fix is to return 1 at the routine end, when all is good and the code should proceed. | ||||
* | Disable RC4 ciphers in lighttpd | Chris Buechler | 2014-12-05 | 1 | -2/+2 |
| | |||||
* | Call filter_configure_sync() is a better fix for #4066, as pointed by Ermal | Renato Botelho | 2014-12-05 | 1 | -3/+2 |
| | |||||
* | Fix #4066: | Renato Botelho | 2014-12-05 | 1 | -3/+12 |
| | | | | | | | Make sure pf is configured before other services are restarted when WAN IP changes. The way it was before, 'pass out' rules with route-to still have old IP set as 'from' and some Dynamic DNS ended up not being updated. | ||||
* | Add RELENG_2_2 to gitsync | Renato Botelho | 2014-12-05 | 1 | -0/+1 |
| | |||||
* | dyn.dns.he.net uses a self-signed cert, disable verification for it. | Chris Buechler | 2014-12-04 | 1 | -0/+1 |
| | |||||
* | Don't try to launch 3gstats unless it's on a valid device. | Chris Buechler | 2014-12-04 | 1 | -2/+4 |
| | |||||
* | Proper CA certificates are in place to validate SSL in these cases where it ↵ | Chris Buechler | 2014-12-04 | 1 | -22/+3 |
| | | | | previously couldn't be, remove disabling of verification. | ||||
* | Merge pull request #1365 from jean-m-cyr/master | Chris Buechler | 2014-12-04 | 1 | -1/+1 |
|\ | |||||
| * | Don't include link-locals as unbound interface candidates | Jean Cyr | 2014-12-04 | 1 | -1/+1 |
| | | | | | | | | Unbound does not presently support link-local interfaces. | ||||
* | | The time has come - bump to 2.2-RC | Chris Buechler | 2014-12-04 | 1 | -1/+1 |
| | | |||||
* | | After discussion with Ermal, remove this to force consumers to send things | Chris Buechler | 2014-12-04 | 1 | -7/+0 |
| | | | | | | | | | | properly. I fixed the scenario in Unbound where it was sending IPs to these functions rather than an interface, so this has no functional diff. | ||||
* | | replace spaces with tabs | Chris Buechler | 2014-12-04 | 1 | -2/+2 |
|/ | |||||
* | Proper fix was put on f658bac | Ermal LUÇI | 2014-12-04 | 1 | -1/+2 |
| | | | | | | Revert "Can't skip this if booting, ends up breaking config. Ticket #4071" This reverts commit effb3a3cfe4e57b781f35ba8a145eb627014d8ce. | ||||
* | Properly unset booting flags to allow dynamic ipsec tunnels to work correctly | Ermal LUÇI | 2014-12-04 | 2 | -3/+6 |
| | |||||
* | change the ordering of dhcpd_configure and unbound_configure here, claims on ↵ | Chris Buechler | 2014-12-04 | 1 | -3/+3 |
| | | | | forum it fixes issue I can't seem to replicate. | ||||
* | Merge pull request #1360 from jean-m-cyr/master | Chris Buechler | 2014-12-03 | 1 | -5/+7 |
|\ | |||||
| * | Link local interfaces don't have subnet.. don't create access-control statement | Jean Cyr | 2014-12-03 | 1 | -5/+7 |
| | | | | | | | | | | | | Selecting link local interface for unbound causes invalid access-control statement in unbound config since link local address doesn't have subnet. | ||||
* | | Can't skip this if booting, ends up breaking config. Ticket #4071 | Chris Buechler | 2014-12-03 | 1 | -2/+1 |
|/ |