summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* remove the destination server's interface(s) from dhcrelay. Ticket #4908Chris Buechler2015-07-301-135/+6
|
* Remove more rc files from Obsolete listRenato Botelho2015-07-301-117/+0
|
* Remove more files from obsolete, they are still part of recent versionsRenato Botelho2015-07-301-8/+0
|
* Remove more files from obsolete, they are still part of recent versionsRenato Botelho2015-07-301-16/+0
|
* Remove more files from obsolete, they are still part of recent versionsRenato Botelho2015-07-301-15/+0
|
* This is handled above now.jim-p2015-07-301-1/+0
|
* More safety belts on CP DB openjim-p2015-07-301-0/+13
|
* Remove more bsdinstaller files from pfSense.obsoletedfilesRenato Botelho2015-07-301-15/+0
|
* Do not obsolete items from /var/db/pkgRenato Botelho2015-07-301-5/+0
|
* Do not obsolete after_installation_routines.sh, it's part of bsdinstaller pkgRenato Botelho2015-07-301-1/+0
|
* Remove unused ftmp referencesRenato Botelho2015-07-302-5/+0
|
* Remove bdiff supportRenato Botelho2015-07-302-69/+2
|
* Change welcome to /dev/null on login.conf and stop removing /etc/motdRenato Botelho2015-07-302-4/+1
|
* Take more care when attempting to open the CP database. Don't assume it's ↵jim-p2015-07-301-0/+10
| | | | valid before attempting to use it.
* Reinitialize the captive portal database for a zone if it is ↵jim-p2015-07-301-10/+24
| | | | corrupt/unreadable. Fixes #4904
* remove more old, unused platform stuffChris Buechler2015-07-301-3/+0
|
* remove old unused nopccard_platformsChris Buechler2015-07-291-1/+0
| | | | | Conflicts: etc/inc/globals.inc
* remove wrap and net4501 platforms, they haven't existed for years.Chris Buechler2015-07-291-19/+0
|
* Check both greater and less than for the configuration version in XMLRPC ↵jim-p2015-07-291-3/+4
| | | | sync. Fixes #4902
* Use an alternate method to find VIP targets that should be allowed for ↵jim-p2015-07-292-20/+14
| | | | Captive Portal. Fixes #4903
* Merge pull request #1797 from phil-davis/patch-10Renato Botelho2015-07-271-1/+1
|\
| * Strip any \r when parsing URL table ports filePhil Davis2015-07-271-1/+1
| | | | | | | | If the URL table ports file at the URL specified has lines separated by "\r\n" rather than just "\n", then the code here ends up with ports that look like "80\r" "443\r" ... and group_ports() does not match any of those and the final file ends up empty. That seems a shame just because the file was made in some editor that put "\r\n" line breaks. I messed about for a while trying to make my URL table ports alias work until I realized this. This change first strips out any "\r" from the string, thus making it work with files that have either pure "\n" line breaks or "\r\n" line breaks.
* | Fix typo in variable name, spotted by Phil DavisRenato Botelho2015-07-271-1/+1
|/
* Consider url_port alias type when checking port-type aliases V2Phil Davis2015-07-271-1/+1
| | | | This time I have typed url_ports correctly.
* add a check to avoid foreach on non-arrayChris Buechler2015-07-271-0/+4
|
* Bring back the ability to specify file and URL as command line arguments. ↵Chris Buechler2015-07-261-15/+21
| | | | Clean it up a bit.
* Upgrade config to 11.9. Changes IPsec peer ID for EAP types to "any", to ↵Chris Buechler2015-07-251-0/+13
| | | | | | | retain previous behavior. Conflicts: etc/inc/upgrade_config.inc
* Change the log for CRLs with no data (exists but no certs revoked) to a ↵Chris Buechler2015-07-251-1/+1
| | | | warning since it's not technically an error.
* Add 'any' option for peer ID, for mobile IPsec scenarios where you can't or ↵Chris Buechler2015-07-252-1/+4
| | | | | | | don't want to check peer ID. Conflicts: usr/local/www/vpn_ipsec_phase1.php
* Lower LoginGraceTime to 30s, should be plenty long for users, and mitigates ↵Chris Buechler2015-07-231-0/+1
| | | | the password login attempt bypass bug in OpenSSH. Ticket #4875
* Only omit rightid for PSK mobile types. Flip the logic here as the 2_1 !Chris Buechler2015-07-231-2/+3
| | | | logic gets ugly.
* change iketype auto to ikev2 on upgrade. Ticket #4873Chris Buechler2015-07-231-0/+5
|
* Remove "auto", it's just a synonym for IKEv2. Ticket #4873Chris Buechler2015-07-231-3/+1
| | | | | Conflicts: usr/local/www/vpn_ipsec_phase1.php
* include vpn.inc so IPsec CRL reload works. require_once filter.inc inChris Buechler2015-07-231-0/+1
| | | | vpn.inc for callers there that haven't already included it.
* Obsolete device.hints_wrap, it's not being usedRenato Botelho2015-07-231-0/+1
|
* Move mfs related rc.d scripts from tools to main repoRenato Botelho2015-07-233-0/+208
|
* Obsolete /etc/rc.d/uzip and stop using itRenato Botelho2015-07-233-6/+1
|
* make the IPsec bypass LAN from LAN subnet to LAN subnet rather than fromChris Buechler2015-07-221-1/+1
| | | | | LAN subnet to LAN IP. Same end result except it'll work for VIPs on same interface now.
* Add IPsec advanced option for strict CRL checkingChris Buechler2015-07-221-0/+4
|
* write out built-in CRLs for strongswanChris Buechler2015-07-221-2/+18
|
* Merge pull request #1770 from phil-davis/patch-1Chris Buechler2015-07-211-0/+10
|\
| * Unset old CA and Cert in left system configPhil Davis2015-07-211-0/+8
| | | | | | Unset any old CA and Cert in the system section that might still be there from when upgrade_066_to_067 did not unset them. That will tidy up old configs that had the conversion done originally but these old sections were left behind.
| * Unset old CA and Cert in system configPhil Davis2015-07-211-0/+2
| | | | | | | | | | This looked odd. Why would we leave behind the old "ca" and "cert" section in $config["system"]? I guess it would do no harm, but seems confusing for the future to have some unused entries like this remaining in the config. Should a piece of code be put into the latest upgrade function to clean out these in any current config?
* | Merge pull request #1771 from phil-davis/patch-2Renato Botelho2015-07-211-3/+4
|\ \
| * | Allocate dnpipe and dnqueue numbers even if no filter rulesPhil Davis2015-07-211-3/+4
| |/ | | | | It would be quite unusual to have no filter rules array, but if that is indeed the case then the first part of this code that sets dnpipe and dnqueue numbers should execute anyway.
* | Captive Portal zoneid upgrade fix var name typoPhil Davis2015-07-211-1/+1
|/ | | With the typo, this empty() test would always have been true. So maybe on upgrade some existing captive portal zoneid values have been getting overwritten by this even number counter? Or?
* Reverting this for master, needs review in context of uniqid changes. ↵Chris Buechler2015-07-211-47/+33
| | | | | | Opening redmine ticket. Revert "sync up rc.carpmaster with RELENG_2_2. Ticket #4854, plus removal of unnecessary loop that'll amplify notifications unnecessarily." This reverts commit 401adacfefbc6006bc2270ccc1640e1b15f767c1.
* Going back to prior to earlier commit. Revert "fix indent my editor broke in ↵Chris Buechler2015-07-211-26/+26
| | | | | | an earlier commit." This reverts commit 948bbc9baf77b47e636c904faf677a698c13a293.
* fix indent my editor broke in an earlier commit.Chris Buechler2015-07-211-26/+26
|
* Add IPsec IKE Intermediate EKU to server certificates. The serverAuth EKU ↵Chris Buechler2015-07-201-2/+2
| | | | already added suffices for Windows clients, though strongswan docs suggest setting this as well.
OpenPOWER on IntegriCloud