summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
...
* Setup ddb on all platforms. On full install it will save the dump, on ↵jim-p2014-12-102-6/+6
| | | | | | NanoBSD it will print to console and auto-reboot. This way, a router running NanoBSD won't sit at a db> prompt indefinitely if it crashes.
* Make sure this message is only displayed on consoleRenato Botelho2014-12-101-1/+2
|
* get_failover_interface() is already called inside get_interface_ip(v6), no ↵Renato Botelho2014-12-101-4/+2
| | | | need to call it twice. It should fix #4089
* Use exit instead of return here, otherwise script's return code is always 0 ↵Renato Botelho2014-12-081-4/+4
| | | | and user with wrong password is authenticated
* Provide success return indication from console_configure_dhcpdPhil Davis2014-12-071-0/+1
| | | | | | Recent commit https://github.com/pfsense/pfsense/commit/9ea554ee5cb25ea3bf5bb6bf7997c6c7379ce349 added testing of the return status of console_configure_dhcpd() - this let a user effectively abort from doing anything if they have answered "y" to prompt_for_enable_dhcp_server() and are being asked for the start and end of the range, and then decide they do not want to proceed. However, even when they gave good answers, status 0 was being returned. This prevented changes ever being implemented. Redmine: https://redmine.pfsense.org/issues/4080 The fix is to return 1 at the routine end, when all is good and the code should proceed.
* Disable RC4 ciphers in lighttpdChris Buechler2014-12-051-2/+2
|
* Call filter_configure_sync() is a better fix for #4066, as pointed by ErmalRenato Botelho2014-12-051-3/+2
|
* Fix #4066:Renato Botelho2014-12-051-3/+12
| | | | | | | Make sure pf is configured before other services are restarted when WAN IP changes. The way it was before, 'pass out' rules with route-to still have old IP set as 'from' and some Dynamic DNS ended up not being updated.
* Add RELENG_2_2 to gitsyncRenato Botelho2014-12-051-0/+1
|
* dyn.dns.he.net uses a self-signed cert, disable verification for it.Chris Buechler2014-12-041-0/+1
|
* Don't try to launch 3gstats unless it's on a valid device.Chris Buechler2014-12-041-2/+4
|
* Proper CA certificates are in place to validate SSL in these cases where it ↵Chris Buechler2014-12-041-22/+3
| | | | previously couldn't be, remove disabling of verification.
* Merge pull request #1365 from jean-m-cyr/masterChris Buechler2014-12-041-1/+1
|\
| * Don't include link-locals as unbound interface candidatesJean Cyr2014-12-041-1/+1
| | | | | | | | Unbound does not presently support link-local interfaces.
* | The time has come - bump to 2.2-RCChris Buechler2014-12-041-1/+1
| |
* | After discussion with Ermal, remove this to force consumers to send thingsChris Buechler2014-12-041-7/+0
| | | | | | | | | | properly. I fixed the scenario in Unbound where it was sending IPs to these functions rather than an interface, so this has no functional diff.
* | replace spaces with tabsChris Buechler2014-12-041-2/+2
|/
* Proper fix was put on f658bacErmal LUÇI2014-12-041-1/+2
| | | | | | Revert "Can't skip this if booting, ends up breaking config. Ticket #4071" This reverts commit effb3a3cfe4e57b781f35ba8a145eb627014d8ce.
* Properly unset booting flags to allow dynamic ipsec tunnels to work correctlyErmal LUÇI2014-12-042-3/+6
|
* change the ordering of dhcpd_configure and unbound_configure here, claims on ↵Chris Buechler2014-12-041-3/+3
| | | | forum it fixes issue I can't seem to replicate.
* Merge pull request #1360 from jean-m-cyr/masterChris Buechler2014-12-031-5/+7
|\
| * Link local interfaces don't have subnet.. don't create access-control statementJean Cyr2014-12-031-5/+7
| | | | | | | | | | | | Selecting link local interface for unbound causes invalid access-control statement in unbound config since link local address doesn't have subnet.
* | Can't skip this if booting, ends up breaking config. Ticket #4071Chris Buechler2014-12-031-2/+1
|/
* fix IPv6 static routes, is_ipaddrv6 returns true for strings including aChris Buechler2014-12-031-3/+2
| | | | CIDR mask, which then ended up broken.
* Change our default resolv-retry back to OpenVPN's default. Changing thisChris Buechler2014-12-031-1/+1
| | | | | | didn't help the ticket where it was intended to help, which was later fixed differently. This change in defaults is problematic in a lot of scenarios, go back to the way things were before. Ticket #3894
* Merge pull request #1357 from DasTestament/patch-1Chris Buechler2014-12-021-1/+1
|\
| * Update filter.incDmitriy K.2014-12-011-1/+1
| | | | | | | | | | Add missing gettext. p.s: Is it really needed to log? Lots of rules causes lots of spam on ifaces without gw. Such kind of this logging should be controllable by user via option at least.
* | reload Unbound here, fixes some instances of PD-assigned v6 IPs missing from ↵Chris Buechler2014-12-021-0/+3
| | | | | | | | unbound.conf
* | If get_interface_ip(v6) is passed an IP, return the IP.Chris Buechler2014-12-022-6/+19
| | | | | | | | | | | | Properly set up interface binding for v6 link local IPs. Ticket #4021 except had to comment out the fix for now because of #4062 to avoid config breakage.
* | Use clog -f /var/log/filter.log to view firewall log entries, so they are ↵jim-p2014-12-021-1/+1
| | | | | | | | displayed in the new format.
* | wait 10 minutes before retrying on soft failures to avoid us getting DoSedChris Buechler2014-12-021-1/+1
| | | | | | | | | | if something is wrong there (like someone's system can't validate the cert)
* | don't include cert.pem in the obsoletedfiles list.Chris Buechler2014-12-021-1/+0
| |
* | Preserve exit code lost from s/exit/return/Ermal LUÇI2014-12-022-3/+3
| |
* | Cleanup whitespace.Ermal LUÇI2014-12-021-3/+1
| |
* | Remove exit from as much as possible backend codeErmal LUÇI2014-12-022-9/+9
| |
* | Remove exit from as much as possible backend codeErmal LUÇI2014-12-023-11/+13
| |
* | Remove exit and also properly close open filesErmal LUÇI2014-12-022-5/+8
| |
* | Lock rc.linkup based on interface to avoid races in between up/down events ↵Ermal LUÇI2014-12-021-1/+4
| | | | | | | | which might create a loop. This is more a timing issue but better enforce serialization here. check_reload_status forces this but not between start and stop but just between similar events. Probably need to bring more inteligence there.
* | Avoid calling exit in backend now that fpm is used for php since its a ↵Ermal LUÇI2014-12-021-6/+7
| | | | | | | | pesimization and can break calling scripts assumption on locks.
* | Comment out copy paste of v4 code. No need to delete arp entries on v6.Ermal LUÇI2014-12-021-1/+1
| |
* | Comment out copy paste of v4 code. No need to delete arp entries on v6.Ermal LUÇI2014-12-021-1/+1
| |
* | also take into account the "all" option in Unbound Network Interfaces whenChris Buechler2014-12-011-2/+2
| | | | | | | | setting 127.0.0.1 into resolv.conf.
* | Revert "/etc/ssl/cert.pem was obsoleted by mistake, remove it"Renato Botelho2014-12-011-0/+1
| | | | | | | | | | | | Since /usr/local/ssl/cert.pem is in place now, it can be obsoleted This reverts commit bb788b8ceb3337b62401819378ec3070deb18966.
* | /etc/ssl/cert.pem was obsoleted by mistake, remove itRenato Botelho2014-12-011-1/+0
|/
* Unlink temporary xml file to avoid filling up space with junk filesErmal LUÇI2014-12-011-0/+4
|
* Only set i_dont_care_about_security_and_use_aggressive_mode_psk=yes where ↵Chris Buechler2014-11-291-4/+10
| | | | there is a P1 with aggressive+PSK enabled. Log a warning when such a configuration is in use.
* Correctly delete xml file after restore and conversion to rrdPhil Davis2014-11-291-1/+1
| | | | When doing "Generating RRD graphs" at bootup, the data is restored from /cf/conf/rrd.tgz into xml format files in /var/db/rrd. Those xml files are then convert to rrd files. After that, the xml files should be deleted - but the xml file path was not quite right, so they were not being deleted. This fixes it.
* Fix bracketing of if statement in unboundPhil Davis2014-11-291-2/+2
| | | | | | Stops message: Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/unbound.inc on line 607 The problem was introduced when lines 607-608 were added without adding these brackets. IMHO programming standards should include ALWAYS using brackets for "if" and other similar statements. That way this sort of code addition accident does not happen. But I guess there are others who have different opinions.
* fix syntax on prefix6 for DHCPv6 PDChris Buechler2014-11-281-1/+1
|
* Add input validation on vpn_ipsec_settings.php. Fixes #4052.Chris Buechler2014-11-281-1/+1
|
OpenPOWER on IntegriCloud