From 947fe874607c3122457801afeceaeac77c0ae0ee Mon Sep 17 00:00:00 2001 From: smos Date: Wed, 9 Mar 2011 13:27:30 +0100 Subject: Correct firewall rule, remove flags any --- etc/inc/filter.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1cebbd3..8f98004 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2375,7 +2375,7 @@ EOD; if($sa) { $ipfrules .= << Date: Wed, 9 Mar 2011 11:23:29 -0500 Subject: Teach the console update by url about the default auto update url. --- etc/rc.initial.firmware_update | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/etc/rc.initial.firmware_update b/etc/rc.initial.firmware_update index 70e1dbc..8d16098 100755 --- a/etc/rc.initial.firmware_update +++ b/etc/rc.initial.firmware_update @@ -15,6 +15,25 @@ echo "."; $g['booting'] = false; +if(isset($config['system']['firmware']['alturl']['enable'])) + $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; +else + $updater_url = $g['update_url']; + +$nanosize = ""; +if ($g['platform'] == "nanobsd") { + if (file_exists("/etc/nano_use_vga.txt")) + $nanosize = "-nanobsd-vga-"; + else + $nanosize = "-nanobsd-"; + + $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); + $update_filename = "latest{$nanosize}.img.gz"; +} else { + $update_filename = "latest.tgz"; +} +$autoupdateurl = "{$updater_url}/{$update_filename}"; + $fp = fopen('php://stdin', 'r'); echo ".\n\n"; @@ -37,12 +56,15 @@ switch ($command) { die; break; case "1": - echo "\nEnter the URL to the .tgz or .img.gz update file:\n> "; + echo "\nEnter the URL to the .tgz or .img.gz update file. \nType 'auto' to use {$autoupdateurl}\n> "; $url = chop(fgets($fp)); if(!$url) { fclose($fp); die; } + if($url == "auto") { + $url = $autoupdateurl; + } $status = does_url_exist($url); if($status) { conf_mount_rw(); -- cgit v1.1 From fa1823516519cfc54c75d66e9a7145640af06177 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 9 Mar 2011 13:03:13 -0500 Subject: Only delete files in /tmp, not directories. Fixes rm errors on shutdown. (Doing rm -rf might cause it to go across filesystem boundaries again, which we're trying to avoid.) --- etc/rc.shutdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/rc.shutdown b/etc/rc.shutdown index b122f3f..f8dd4a2 100755 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -28,7 +28,7 @@ export PATH # temporary files on shutdown from /tmp/ PLATFORM=`cat /etc/platform` if [ "$PLATFORM" = "pfSense" ]; then - find -x /tmp/ -exec rm -f {} \; + find -x /tmp/ -type f -exec rm -f {} \; else /etc/rc.backup_rrd.sh /etc/rc.backup_dhcpleases.sh -- cgit v1.1 From 021b77af58a0fd0e6f9b3be52db098091690eb3e Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 9 Mar 2011 13:54:10 -0500 Subject: If PPTP is set for redir, actually add the NAT rules to rdr. --- etc/inc/filter.inc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8f98004..2e91944 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1540,6 +1540,16 @@ function filter_nat_rules_generate() { else sigkillbypid("/var/run/inetd.pid", "HUP"); } + + if (isset($config['pptpd']['mode']) && ($config['pptpd']['mode'] != "off")) { + if ($config['pptpd']['mode'] == "redir") { + $pptpdtarget = $config['pptpd']['redir']; + $natrules .= "# PPTP\n"; + $natrules .= "rdr on \$WAN proto gre from any to any -> {$pptpdtarget}\n"; + $natrules .= "rdr on \$WAN proto tcp from any to any port 1723 -> {$pptpdtarget}\n"; + } + } + $natrules .= discover_pkg_rules("nat"); $natrules .= filter_process_carp_nat_rules(); -- cgit v1.1 From a0140246b5bc2681bb7a748528e22a5b47f84461 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 9 Mar 2011 14:49:06 -0500 Subject: Add block rule to the top of the firewall rules. --- etc/inc/easyrule.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index b5b1620..0daeb95 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -114,7 +114,7 @@ function easyrule_block_rule_create($int = 'wan') { $filterent['destination']['any'] = ''; $filterent['descr'] = "Easy Rule: Blocked from Firewall Log View"; - $a_filter[] = $filterent; + array_splice($a_filter, 0, 0, array($filterent)); return true; } -- cgit v1.1 From 28a581b83d5feb8dcfadf2551e83552ccd43ed13 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 9 Mar 2011 14:49:35 -0500 Subject: Add {} around foreach contents. Fixes occasional duplication of the easyrule block alias. --- etc/inc/easyrule.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 0daeb95..8ef72f4 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -79,11 +79,12 @@ function easyrule_block_rule_exists($int = 'wan') { } /* Search through the rules for one referencing our alias */ - foreach ($config['filter']['rule'] as $rule) + foreach ($config['filter']['rule'] as $rule) { if (!is_array($rule) || !is_array($rule['source'])) continue; if ($rule['source']['address'] == $blockaliasname . strtoupper($int) && ($rule['interface'] == $int)) return true; + } return false; } -- cgit v1.1 From 47cc98de0585911b97a1242621d4a9697e54b6bf Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 9 Mar 2011 21:14:25 +0000 Subject: Correctly use the WAN macro definition for the interface on 2.0. Though i still insist that people should do this themselves rather than relying on some obscure gui option. --- etc/inc/filter.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 2e91944..5850224 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1545,8 +1545,8 @@ function filter_nat_rules_generate() { if ($config['pptpd']['mode'] == "redir") { $pptpdtarget = $config['pptpd']['redir']; $natrules .= "# PPTP\n"; - $natrules .= "rdr on \$WAN proto gre from any to any -> {$pptpdtarget}\n"; - $natrules .= "rdr on \$WAN proto tcp from any to any port 1723 -> {$pptpdtarget}\n"; + $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto gre from any to any -> {$pptpdtarget}\n"; + $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto tcp from any to any port 1723 -> {$pptpdtarget}\n"; } } -- cgit v1.1 From 05c8d0b1eba0ed309c457b26d4dea923c82114c0 Mon Sep 17 00:00:00 2001 From: smos Date: Thu, 10 Mar 2011 08:30:52 +0100 Subject: Correct the config path to the upnp array, this prevented the filter rule from being generated --- etc/inc/filter.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 5850224..ff83f97 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2373,7 +2373,7 @@ anchor "miniupnpd" EOD; - $upnp_interfaces = explode(",", $config['installedpackages']['miniupnpd']['config']['iface_array']); + $upnp_interfaces = explode(",", $config['installedpackages']['miniupnpd'][0]['config']['iface_array']); foreach($upnp_interfaces as $upnp_if) { if(is_array($FilterIflist[$upnp_if])) { $oc = $FilterIflist[$upnp_if]; -- cgit v1.1 From 48ab12a9cebd27c9996104574d1ddbd0fb90cb2d Mon Sep 17 00:00:00 2001 From: smos Date: Thu, 10 Mar 2011 08:32:28 +0100 Subject: Remove quick from the filter rule by request of Erik. --- etc/inc/filter.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index ff83f97..58a9931 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2385,7 +2385,7 @@ EOD; if($sa) { $ipfrules .= << Date: Thu, 10 Mar 2011 01:55:45 -0700 Subject: Remove extra unmatched conf_mount_ro for a potential race condition preventing writes when generating ssh keys in the background. Ticket #673 --- etc/rc | 2 -- 1 file changed, 2 deletions(-) diff --git a/etc/rc b/etc/rc index 38b971a..75fa7bf 100755 --- a/etc/rc +++ b/etc/rc @@ -403,6 +403,4 @@ echo "Bootup complete" # Reset the cache. read-only requires this. /bin/rm /tmp/config.cache -/etc/rc.conf_mount_ro - exit 0 -- cgit v1.1 From 298ca201d8e45f6682e1a5b76f023efe8d2ab5ee Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 10 Mar 2011 13:05:01 +0000 Subject: Define only one loginterface since that is what pf(4) allows. This prevents a memory leak from pfctl(1) which may lead to memory depletion if the utility is run frequently with the pfSense generated ruleset. --- etc/inc/filter.inc | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 58a9931..15aee5d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2632,16 +2632,11 @@ function filter_setup_logging_interfaces() { echo "filter_setup_logging_interfaces() being called $mt\n"; } $rules = ""; - foreach ($FilterIflist as $ifdescr => $ifcfg) { - /* - * XXX: This should be cleared out after a discussion - * between pf(4) devs is cleared out. This breaks - * compatibility with OpenBSD. - */ - if(isset($ifcfg['virtual'])) - continue; + if (isset($FilterIflist['lan'])) $rules .= "set loginterface {$ifcfg['if']}\n"; - } + else if (isset($FilterIflist['wan'])) + $rules .= "set loginterface {$ifcfg['if']}\n"; + return $rules; } -- cgit v1.1 From 2f23caf2ec17f992def5357e39fb3b2125a02370 Mon Sep 17 00:00:00 2001 From: Ermal Date: Thu, 10 Mar 2011 13:06:09 +0000 Subject: Correctly generate the interface. --- etc/inc/filter.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 15aee5d..36e7624 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2633,9 +2633,9 @@ function filter_setup_logging_interfaces() { } $rules = ""; if (isset($FilterIflist['lan'])) - $rules .= "set loginterface {$ifcfg['if']}\n"; + $rules .= "set loginterface {$FilterIflist['lan']['if']}\n"; else if (isset($FilterIflist['wan'])) - $rules .= "set loginterface {$ifcfg['if']}\n"; + $rules .= "set loginterface {$FilterIflist['wan']['if']}\n"; return $rules; } -- cgit v1.1 From 64d42525afb0c714310d45e7fa4a8948ae7996f2 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 10 Mar 2011 11:24:26 -0500 Subject: Clarify text on outbound NAT page. --- usr/local/www/firewall_nat_out.php | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 0a8af47..958f903 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -447,14 +447,18 @@ include("head.inc"); -


-
+


+ +
" . + "If manual outbound NAT is enabled, outbound NAT rules will not be " . + "automatically generated and only the mappings you specify on this page " . + "will be used.

" . + "If a target address other than a WAN-type interface's IP address is used, " . + "then depending on the way the WAN connection is setup, a " . + "need a "); ?> +
-- cgit v1.1 From d0404e467ab5c6c6cb4b5bd244043572fb9ca983 Mon Sep 17 00:00:00 2001 From: jim-p Date: Thu, 10 Mar 2011 20:37:34 -0500 Subject: Fix typo --- usr/local/www/firewall_nat_out.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 958f903..4649795 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -456,8 +456,8 @@ include("head.inc"); "automatically generated and only the mappings you specify on this page " . "will be used.

" . "If a target address other than a WAN-type interface's IP address is used, " . - "then depending on the way the WAN connection is setup, a " . - "need a "); ?> + "then depending on the way the WAN connection is setup, a "); ?> +
-- cgit v1.1 From e92916d689ddd71f3fcfe40be249836e78fe281b Mon Sep 17 00:00:00 2001 From: Ermal Date: Sat, 12 Mar 2011 00:26:28 +0000 Subject: Make sure we do not write stale data during prunning periods. --- etc/inc/captiveportal.inc | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1191c7f..0363f78 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -837,7 +837,8 @@ function captiveportal_prune_old() { } /* write database */ - captiveportal_write_db($cpdb, false, $unsetindexes); + if (!empty($unsetindexes)) + captiveportal_write_db($cpdb, false, $unsetindexes); } /* remove a single client according to the DB entry */ @@ -1285,16 +1286,19 @@ function captiveportal_read_db($locked = false) { } /* write captive portal DB */ -function captiveportal_write_db($cpdb, $locked = false, $remove = array()) { +function captiveportal_write_db($cpdb, $locked = false, $remove = false) { global $g; if ($locked == false) $cpdblck = lock('captiveportaldb', LOCK_EX); - if (!empty($remove)) { - $cpdb = captiveportal_read_db(true); - foreach ($remove as $key) - unset($cpdb[$key]); + if (is_array($remove)) { + if (!empty($remove)) { + $cpdb = captiveportal_read_db(true); + foreach ($remove as $key) + unset($cpdb[$key]); + } else + return; //This makes sure no record removal calls } $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); if ($fd) { -- cgit v1.1 From 2bf16ba278737b9837be350f4f39c305c8050048 Mon Sep 17 00:00:00 2001 From: Ermal Date: Sat, 12 Mar 2011 00:36:06 +0000 Subject: Prevent the command wol for being called without propper ip information. Reported-by: http://forum.pfsense.org/index.php/topic,34314.0.html --- usr/local/www/services_wol.php | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index e3c5b7d..cdc3e6a 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -54,15 +54,15 @@ if($_GET['wakeall'] <> "") { $mac = $wolent['mac']; $if = $wolent['interface']; $description = $wolent['descr']; - $bcip = gen_subnet_max(get_interface_ip($if), - get_interface_subnet($if)); + $ipaddr = get_interface_ip($if); + if (!is_ipaddr($ipaddr)) + continue; + $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")){ + if (!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) $savemsg .= sprintf(gettext('Sent magic packet to %1$s (%2$s)%3$s'),$mac, $description, ".
"); - } - else { + else $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s (%4$s) did not complete successfully%5$s'),'','',$description,$mac,".
"); - } } } @@ -89,14 +89,16 @@ if ($_POST || $_GET['mac']) { if (!$input_errors) { /* determine broadcast address */ - $bcip = gen_subnet_max(get_interface_ip($if), - get_interface_subnet($if)); - /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")){ - $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); - } + $ipaddr = get_interface_ip($if); + if (!is_ipaddr($ipaddr)) + $input_errors[] = gettext("A valid ip could not be found!"); else { - $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'', '', $mac, ".
"); + $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); + /* Execute wol command and check return code. */ + if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) + $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); + else + $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'', '', $mac, ".
"); } } } -- cgit v1.1 From 96f1a57a168fcca66d7c5079ff2b22f5ea444494 Mon Sep 17 00:00:00 2001 From: Ermal Date: Mon, 14 Mar 2011 19:53:58 +0000 Subject: Remove comment since the service is not started anymore after installation in 2.0 --- etc/inc/pkg-utils.inc | 1 - 1 file changed, 1 deletion(-) diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 9af1c43..5c21428 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -592,7 +592,6 @@ function install_package($package, $pkg_info = "") { write_config($changedesc); $static_output .= "done.\n"; update_output_window($static_output); - $static_output .= "Starting service.\n"; update_output_window($static_output); if($pkg_info['after_install_info']) update_output_window($pkg_info['after_install_info']); -- cgit v1.1