summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* Proper fix was put on f658bacErmal LUÇI2014-12-041-1/+2
| | | | | | Revert "Can't skip this if booting, ends up breaking config. Ticket #4071" This reverts commit effb3a3cfe4e57b781f35ba8a145eb627014d8ce.
* Properly unset booting flags to allow dynamic ipsec tunnels to work correctlyErmal LUÇI2014-12-042-3/+6
|
* change the ordering of dhcpd_configure and unbound_configure here, claims on ↵Chris Buechler2014-12-041-3/+3
| | | | forum it fixes issue I can't seem to replicate.
* Merge pull request #1360 from jean-m-cyr/masterChris Buechler2014-12-031-5/+7
|\
| * Link local interfaces don't have subnet.. don't create access-control statementJean Cyr2014-12-031-5/+7
| | | | | | | | | | | | Selecting link local interface for unbound causes invalid access-control statement in unbound config since link local address doesn't have subnet.
* | Can't skip this if booting, ends up breaking config. Ticket #4071Chris Buechler2014-12-031-2/+1
|/
* fix IPv6 static routes, is_ipaddrv6 returns true for strings including aChris Buechler2014-12-031-3/+2
| | | | CIDR mask, which then ended up broken.
* Change our default resolv-retry back to OpenVPN's default. Changing thisChris Buechler2014-12-031-1/+1
| | | | | | didn't help the ticket where it was intended to help, which was later fixed differently. This change in defaults is problematic in a lot of scenarios, go back to the way things were before. Ticket #3894
* Merge pull request #1357 from DasTestament/patch-1Chris Buechler2014-12-021-1/+1
|\
| * Update filter.incDmitriy K.2014-12-011-1/+1
| | | | | | | | | | Add missing gettext. p.s: Is it really needed to log? Lots of rules causes lots of spam on ifaces without gw. Such kind of this logging should be controllable by user via option at least.
* | reload Unbound here, fixes some instances of PD-assigned v6 IPs missing from ↵Chris Buechler2014-12-021-0/+3
| | | | | | | | unbound.conf
* | If get_interface_ip(v6) is passed an IP, return the IP.Chris Buechler2014-12-022-6/+19
| | | | | | | | | | | | Properly set up interface binding for v6 link local IPs. Ticket #4021 except had to comment out the fix for now because of #4062 to avoid config breakage.
* | Use clog -f /var/log/filter.log to view firewall log entries, so they are ↵jim-p2014-12-021-1/+1
| | | | | | | | displayed in the new format.
* | wait 10 minutes before retrying on soft failures to avoid us getting DoSedChris Buechler2014-12-021-1/+1
| | | | | | | | | | if something is wrong there (like someone's system can't validate the cert)
* | don't include cert.pem in the obsoletedfiles list.Chris Buechler2014-12-021-1/+0
| |
* | Preserve exit code lost from s/exit/return/Ermal LUÇI2014-12-022-3/+3
| |
* | Cleanup whitespace.Ermal LUÇI2014-12-021-3/+1
| |
* | Remove exit from as much as possible backend codeErmal LUÇI2014-12-022-9/+9
| |
* | Remove exit from as much as possible backend codeErmal LUÇI2014-12-023-11/+13
| |
* | Remove exit and also properly close open filesErmal LUÇI2014-12-022-5/+8
| |
* | Lock rc.linkup based on interface to avoid races in between up/down events ↵Ermal LUÇI2014-12-021-1/+4
| | | | | | | | which might create a loop. This is more a timing issue but better enforce serialization here. check_reload_status forces this but not between start and stop but just between similar events. Probably need to bring more inteligence there.
* | Avoid calling exit in backend now that fpm is used for php since its a ↵Ermal LUÇI2014-12-021-6/+7
| | | | | | | | pesimization and can break calling scripts assumption on locks.
* | Comment out copy paste of v4 code. No need to delete arp entries on v6.Ermal LUÇI2014-12-021-1/+1
| |
* | Comment out copy paste of v4 code. No need to delete arp entries on v6.Ermal LUÇI2014-12-021-1/+1
| |
* | also take into account the "all" option in Unbound Network Interfaces whenChris Buechler2014-12-011-2/+2
| | | | | | | | setting 127.0.0.1 into resolv.conf.
* | Revert "/etc/ssl/cert.pem was obsoleted by mistake, remove it"Renato Botelho2014-12-011-0/+1
| | | | | | | | | | | | Since /usr/local/ssl/cert.pem is in place now, it can be obsoleted This reverts commit bb788b8ceb3337b62401819378ec3070deb18966.
* | /etc/ssl/cert.pem was obsoleted by mistake, remove itRenato Botelho2014-12-011-1/+0
|/
* Unlink temporary xml file to avoid filling up space with junk filesErmal LUÇI2014-12-011-0/+4
|
* Only set i_dont_care_about_security_and_use_aggressive_mode_psk=yes where ↵Chris Buechler2014-11-291-4/+10
| | | | there is a P1 with aggressive+PSK enabled. Log a warning when such a configuration is in use.
* Correctly delete xml file after restore and conversion to rrdPhil Davis2014-11-291-1/+1
| | | | When doing "Generating RRD graphs" at bootup, the data is restored from /cf/conf/rrd.tgz into xml format files in /var/db/rrd. Those xml files are then convert to rrd files. After that, the xml files should be deleted - but the xml file path was not quite right, so they were not being deleted. This fixes it.
* Fix bracketing of if statement in unboundPhil Davis2014-11-291-2/+2
| | | | | | Stops message: Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/unbound.inc on line 607 The problem was introduced when lines 607-608 were added without adding these brackets. IMHO programming standards should include ALWAYS using brackets for "if" and other similar statements. That way this sort of code addition accident does not happen. But I guess there are others who have different opinions.
* fix syntax on prefix6 for DHCPv6 PDChris Buechler2014-11-281-1/+1
|
* Add input validation on vpn_ipsec_settings.php. Fixes #4052.Chris Buechler2014-11-281-1/+1
|
* Skip v6 WANs in Unbound access-control. Ticket #4023Chris Buechler2014-11-281-1/+3
|
* fix v6 access-control in Unbound, Ticket #4023Chris Buechler2014-11-281-1/+2
|
* Ticket #4009 Force serial console whenever the installer told us so.Ermal LUÇI2014-11-281-0/+3
|
* check if Unbound is enabled in addition to dnsmasq for v6 DNS assignment. ↵Chris Buechler2014-11-281-3/+3
| | | | Fixes #4051
* Fix input validation for DNS resolver when localhost is enabled in ↵Chris Buechler2014-11-281-7/+12
| | | | resolv.conf and "all" chosen in Network Interfaces. While here, set something other than '' when all is chosen.
* Merge pull request #1354 from phil-davis/patch-2Ermal2014-11-281-5/+9
|\
| * Process RRD backup compression in varPhil Davis2014-11-281-5/+9
| | | | | | | | | | | | | | | | Prior to this the RRD xml files were added uncompressed to the archive in /cf/conf and then that archive was compressed at the end. My /cf partition is only 50MB. The uncompressed archive of all the xml files is already 35MB. With a few config backups, or a few more VLANs (xml files) I will soon run into the 50MB limit. This change creates each xml from rrd one at a time, then compresses that 1 xml into a tgz in /var/db/rrd, deletes the xml then loops to the next rrd file. At the end of the loop, there are a bunch of /var/db/rrd/*.tgz files, which are small (they take up <2MB on my system, from XMLs that total 35MB). They are then unpacked and put into 1 /cf/conf/rrd.tgz in a single command. Thus there is no time when 35MB of xml content has to be stored anywhere. This should work for systems with a lot of RRD files that turn into XML and then TGZ one at a time.
* | Correct some logic and remove temporary filesErmal LUÇI2014-11-281-1/+2
| |
* | Make restore one by one to help ↵Ermal LUÇI2014-11-281-8/+12
|/ | | | https://forum.pfsense.org/index.php?topic=84693.0
* Process the rrd files one by one to fix ↵Ermal LUÇI2014-11-281-2/+8
| | | | https://forum.pfsense.org/index.php?topic=84693.0. Restore will come after
* Correct typo on variable. Should help ↵Ermal LUÇI2014-11-281-1/+1
| | | | https://forum.pfsense.org/index.php?topic=84451.0
* Add a parameter on platform_booting to help detect if it's on GUI on console ↵Renato Botelho2014-11-283-6/+7
| | | | and use it in appropriate places, it fixes #4049
* Fix sapi name check to detect if it's on console, ticket #4049Renato Botelho2014-11-281-4/+4
|
* Remove the . here they just confuse things as in Ticket #4049. Also check ↵Ermal LUÇI2014-11-281-9/+1
| | | | that the script is called from console to trigger the convertion and mounting of floppy.
* Remove these booting settings since are uselessErmal LUÇI2014-11-281-3/+0
|
* Remove these booting settings since are uselessErmal LUÇI2014-11-282-6/+0
|
* Bring back the old way of waiting for 3 times of 10seconds on bootup for a ↵Ermal LUÇI2014-11-281-6/+4
| | | | ppp type interface to come up. while here also do bringup of virtual interfaces only when not booting
OpenPOWER on IntegriCloud