| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
* rename function args to be clearer what they do ($local_only was quite ambiguous, at first sight it could mean any of: "don't update local catalog copy", "only check local catalog copy", or "only report local installed pkgs")
* merge nested if () conditions
* refactor minor code stuff
* rewrite explanatory comment
(cherry picked from commit 04daf8b1f016e17bede4ad00db46f2855d3e7c1f)
|
| |
|
|
| |
(cherry picked from commit 2f633b526075b2ed5e0e160ef6f0d025b509bd70)
|
| |
|
|
| |
(cherry picked from commit e5f96a2cb3c0cad0c828148bd7b8d45c130a9b17)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(resubmit)
Resubmit of PR #3157 with fix.
The issue in #3157 was that `pkg info` and `pkg search`, undocumented in man pages, seem to handle things differently if no packages match the pattern string. `pkg search` gives an error "No packages match [$pkgs]", whereas `pkg search` doesn't give an error.
I didn't come across this because it's not stated in the man pages for pkg info, and because I tested it with a bare install but at least one pkg, while @NYOB used it on a bare install.
The fix which I've tested and seems to work nicely, is to test using `pkg info -e` whether the pkg info call will hit a "no packages exist" issue or not. If `pkg info -e` returns 0 then it's safe as there's at least one matching pkg (any other errors are allowed to occur and be detected as usual). If it returns anything else, then there's no matching pkgs, so the main `pkg info` is skipped leaving $out and other variables at the correct values they need anyway, showing a null match/none found.
For details of the underlying issue being fixed, and the issue that this resubmit fixes, see the original PR.
(cherry picked from commit 587988f6df7e1d3b1a369b93a5634620129e3d9d)
|
| | |
|
| |
|
|
| |
(cherry picked from commit f0b1358dfe520ad3b771127127daed970ba2c0a0)
|
| |
|
|
| |
(cherry picked from commit cde28bfa0e11f268485ec1f6ccb73a3a2f66448f)
|
| |
|
|
| |
(cherry picked from commit 587995fb57f91894d1f8eb6b296a9fe2fa111fac)
|
| | |
|
| |
|
|
|
|
| |
so users can grant access to Services->UPNP
Note: Status->UPNP already has a priv and it works.
(cherry picked from commit a5a899e4388f2737a6d1cdc82c7325c20fb72ee4)
|
| |
|
|
|
| |
from a user that does not have admin or all page privilege.
(cherry picked from commit 166540830275318c8dec9199d8a9ee0e605f606a)
|
| |
|
|
| |
(cherry picked from commit ddf99718d5f1f4545483c39d3759fdfbb788b0fb)
|
| | |
|
| | |
|
| |
|
| |
When 'any' is selected as the ICMP type, do not write 'icmp-type any' in the rule, just leave it out.
|
| |
|
|
| |
only when ipprotocol is inet6
|
| | |
|
| |
|
|
| |
(cherry picked from commit a2d23e88596deab6bbed2818385a0b72c913843a)
|
| |
|
|
|
|
| |
Initialize cached IP and Time on loop for RFC2136 items, without this
the items used on last loop iteration will be used again and second
item on the same interface will not be updated
|
| |
|
|
|
|
|
|
|
| |
- Stop misusing fsck -F parameter, it's supposed to be used when you
plan to run background fsck after filesystems are mounted, what is
not the case on pfSense
- Increase attempts to mount all filesystems as read-write to 10
- If we cannot mount filesystems as read-write, start a recovery shell
and after it finishes, reboot system
|
| | |
|
| |
|
|
| |
Use system_hosts_entries to generate unbound host_entries.conf
|
| |
|
|
| |
This function will return an array all items to be added to /etc/hosts.
|
| |
|
|
|
| |
This function will return an array with dhcpd and dhcpdv6 items to be added to
/etc/hosts.
|
| |
|
|
|
| |
This function will return an array with dnsmasq or unbound items to be added to
/etc/hosts
|
| |
|
|
| |
Read local items from system_hosts_local_entries()
|
| |
|
|
|
|
| |
This function will return an array with 127.0.0.1, ::1 and LAN (or
first interface with no gateway when LAN is not there) items to be
added to /etc/hosts
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
#7110
|
| | |
|
| |
|
|
| |
(cherry picked from commit 0a3150896bc412868cfb79473293ed81c87a50a7)
|
| |
|
|
|
|
|
| |
captiveportal_disconnect_all() removes the users one at a time and in some cases, when many hundreds of users are connected, can take up to several dozens of seconds to complete.
Instead of looping through all users, send all the accounting information, reset the user database and delete all the active rules and reinit them. Use locking to prevent new users from logging in until the function ends.
(cherry picked from commit 47f967856ef25557d87430026e8b208a8852381f)
|
| |
|
|
| |
(cherry picked from commit a1b39e949ab3a0e53ac4c1837f5d2c02b28142f3)
|
| |
|
|
|
|
| |
openvpn, and wait for pid of child process to be written before exiting function
(cherry picked from commit 8845e137b630497d47a8ce93fb072e47419f8af5)
|
| |
|
|
| |
This reverts commit 46237e23f35db70a917939609061dce7b7f955f9.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an alternate monitor IP has been entered and saved, then the user
checks "Disable Gateway Monitoring" and saves, the alternate monitor IP
is retained in the config - that is handy for when unchecking "Disable
Gateway Monitoring" later on.
But the Gateways widget and Status Gateways do not correctly understand
this combination. The gateway status shows as "Online" when it is
intended to show "Online (unmonitored)".
This PR corrects this.
(cherry picked from commit 0c5d4e8d3e4dc81a9c7eb883a40296493e9faa2b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*Current behaviour*
At the moment, get_pkg_info() is used to get all information on packages. The parameter _$local_only_ is set to request info directly from the local copy of the repo catalog (using -U) without requesting the remote repo catalog or updating the local copy from the remote repo catalog. If the calling code wants only installed pkgs, it filters the returned list of pkgs looking for _$pkg['installed'] == true_.
There's a couple of problems with this method as it stands, due to the behaviour of pkg search -U.
1. When the remote catalog is requested and the request failed, the local copy is also deleted. If this happens, then pkg search returns an error even with -U, so even if all we wanted was to know from get_pkg_info() was the names of locally installed packages, it can't be used for this (even though this info doesn't need access to a remote repo catalog)
2. This behaviour, and the use of get_pkg_info() as the main method to get a list of installed pfSense packages and their data, means that any time we don't have a network connection or for any reason get_pkg_info() fails to access the repo catalog remotely, we become blocked from *any* inquiry, lookup, listing, or action on *all* optional packages, even if our desired action wouldn't need remote access to complete. We remain unable to do these things until remote repo access is obtained again and a catalog copy can be re-acquired.
3. This also means that nothing to do with getting installed package information or removal can occur offline either.
*Change made*
It's likely that when code explicitly requests $local_only, it isn't expecting or requiring the local copy to be up to date. So I've modified the code as follows:
1. New optional parameter $installed_only to explicitly request installed pkg info only (faster if we know that no remote request will be needed)
2. If $local_only is set and pkg search failed, retry falling back to pkg info to at least provide info on matching installed packages. This is probably more helpful than returning an error, as the assumption with $local_only is not "latest data in repo" so no harm done, and it allows pkg code to at least operate on local pkgs at all times, if not other pkgs in the repo.
(cherry picked from commit e47af756de79d4e8b0356cf22f72f62f09e9ad7d)
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
or rebooting
Make captiveportal_radius_stop_all() log the disconnections in the system log and fix it so that it works with the zone id parameter and sends complete RADIUS accounting packets.
Since several zones can share the same RADIUS server, send an Accounting-Off packet only when rebooting, not when disabling a zone.
(cherry picked from commit 3ece6d5404e0d4a53243d12e6b58793fad66dd5a)
|
| |
|
|
|
|
|
|
| |
rc.prunecaptiveportal and captiveportal_disconnect_all()
Convert rc.prunecaptiveportal to lock()/unlock()/try_lock() and use the lock to ensure that there aren't race conditions between it and captiveportal_disconnect_all().
(cherry picked from commit d793617ee9b4c3f66575737df3e8f6cf04e7c782)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
captiveportal_disconnect_all() and captiveportal_prune_old()
Captiveportal_disconnect_all() loops through the active users and disconnects them immediately but doesn't remove them from the user database, only adding them to a list that is processed after the end of the loop.
Since the loop can take several seconds if there are many users connected, captiveportal_prune_old() can be called after some users have been disconnected but before they're removed from the database.
When this happens and the user has an idle timeout set, captiveportal_prune_old() tries to find the last activity time and gets an invalid value because the user has already been removed from the fw table, so it uses the login time as last activity time.
Finally, if the login time is more than one idle timeout in the past, it tries to disconnect again the user and sends a RADIUS Accounting-Stop packet with termination-cause Idle-Timeout and zero Acct-Input-Octets/Acct-Output-Octets that overwrites the correct packet sent by captiveportal_disconnect_all().
To work around it, remove the users from the database before disconnecting them (this fixes only the case where captiveportal_disconnect_all() runs before captiveportal_prune_old()).
(cherry picked from commit 025ec94a3285c129d2e14b00b629e811b83a9330)
|
| |
|
|
| |
(cherry picked from commit 15dcf1320c08eb9339eda3e6fdf04599c51694b7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Included a checkbox to enable and disable this feature when CloudeFlare
type is selected.
Included proxied variable in the update script as well.
Defaults to false, as the is the current functionality
Added help text
Updated Last tested date
Hope this helps other people. I use both dynDNS and the Proxy service.
And by default without this feature, the proxy gets disabled. This
is a huge problem, as I have all traffic blocked except for CloudFlare.
And because I have certain other security features enabled, when the Proxy
goes disabled, The Site goes down hard to end users.
With this feature, I can ensure the proxy stays enabled.
(cherry picked from commit e10d25b4c3109347a43a729f8c098138272fe1e7)
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
human interaction
|
