Give needed +x flag to make working xauth proper
Oops this was moved accidentally
Correct sense of match and move the code up to since it makes more sense
Actually this should be rightauth2 since they should send the extra infor to be validated
bind HTTP->HTTPS redirect to IPv6 too. Ticket #3437
Allow to use PSK+agressive mode since user should have the choice even though it poses security risks
This slipped in wrongly
Allow a key to specified for all users as for exmpale when connecting from Apple iOS
Pass the loglevels on the config rather than execing commands to specify these loglevels. This allows somethings to be properly logged as config logs
No need to have the ip let strongswan do it for us! Keeping still filterdns to properly evaluate dns behaviour here
Strongswan does not need the quotes here
Show proper status for ipsec
Remove generate policy option since its not relevant with strongswan
Some adjustments to the code for logging
Convert protocol ssl:// to https:// when creating http headers
Small cleanup
Partialy revert 0ae4f3f:
It broke xmlrpc_client since https is not a valid php transport.
Work around some quirks in global handling to show filter rule descriptions in their own row/column when configured for that behavior.
Revert "Respect protocol from URL"
This reverts commit 4f5bea8b6e2e6b0d5c1352539268d720826b4760.
Respect protocol from URL
Remove units from burst as it is always specified in bytes. (Per ipfw(8)).Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate.
Use egrep here (and full path)
Consider tracker IDs when looking up filter log entries, if present
Fix http and https port for cpzone
Use global cpzoneid variable
Drop double $$ from variable name
Remove redundant set
Silent kldstat
Merge pull request #1125 from msilvoso/master
Migrate captive portal code to SQLite3 php module
Changes to make it work behind a bluecoat proxy - added a user agent, and changed url scheme
Oops specify mode of operation to fopen
Make the alias url processing functions not memory hungry!
Rewrite update_alias_url_data to be with small memory footprint. Also return the status if an update is performed to callers and remove the write_config call embedded here since its not good to have this by default.
Signal a reload if anything got updated
Merge the patch suggested in Ticket #3629. It also Fixes #3629. The question is why this is using config lock? Also where is filter configure called here?
Expose all p0f OS types that it supports so that subtypes of various Operating Systems can be detected
Fix kldstat match/output to check for a running module. It was claiming all modules were loaded so none were being loaded.
Send HUP to restart syslogd rather than trying to restart it, thus loosing messages
make sure unbound is included here
Handle 0MQ filter configure
If unbound is configured then assign it for the vpn service
If Unbound is been used then make sure to reload when system_hosts_generate() is called
Make sure unbound is reconfigured when interfaces are
Add space between configile and switch
Move clog from /usr to /usr/local
Add filterlog to separatefacilitylog to avoid logs going elsewhere
Another dir to be created
Correct the definitions of certificate path to correct place to allow the daemon to start
Update binaries used
Put this here for easier troubleshooting and code reading. Helps with Ticket #3619
Use php module calls here to speedup things
Correct the ridirection URL to unbreak ones passed through Radius attributes and repsect user choices. Reported-by: Antoine Guillemot
Use the daemon name to send the filter logs
Merge pull request #1032 from fichtner/contributions manually since it does not apply cleanly
Merge pull request #1098 from camlin/master
Merge pull request #1117 from derelict-pf/nohttpsforwards
Make sure to actually configure the outgoing query interfaces if selected.
Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
Merge pull request #1118 from phil-davis/patch-3
Merge pull request #1120 from phil-davis/patch-5
Fix PBI installation when target lies on different directorie
fix typo
This doesn't need via-env
Make sure that the DNS Forwarder/Resolver is actually capable of accepting queries on localhost before using it as a DNS server.
Missed pbi_prefix here
Fix PBI symlink creation and deletion under /usr/local following .pbiopt files, also drop setup_library_paths() since it's not necessary anymore
Make sure /usr/local/etc/rc.d exists
On 2.2-ALPHA (i386)built on Mon Apr 21 13:01:11 CDT 2014 (for example) there was /usr/local/etc but not /usr/local/etc/rc.d - when I tried to install bandwidthd, that called write_rcfile() which failed because /usr/local/etc/rc.d did not already exist....
Merge pull request #1116 from PiBa-NL/interface_has_gateway-ipv4_gif_gre
Merge pull request #1115 from PiBa-NL/reply-to_IPv6gateway
Load if_stf module when needed
Cut paste bug fix in Remote Syslog DHCP events
apinger is repeated here from the code above, but it should be dhcp.Forum https://forum.pfsense.org/index.php?topic=73734.0Selecting to remote syslog "Gateway Monitor events" would also switch on "DHCP service events" unintentionally.
Add nohttpsforwards option to captive portal
add gre and gif checks for for IPv4 function interface_has_gateway($friendly), like they are already for IPv6
check gateway for IPv6 also for reply-to rules.
Be smarter at using kenv
pfSense - Bug #3607: Fix issue whereby the ICMP6 messages sometimes have the wrong source IP when a monitor gateway has been set.
[pfSense - Bug #3607] Ensure gateway detection can cope with the gateway being a dynamically assigned PPoE interface.
Unload the ZFS module if its not in use to not consume uselss memory
support symlinked RC scripts from PBI packages
GC unused code and do not set this to 0 for now since it is not anymore relevant
Correct the sense of the check to allow openvpn to work
Correct auth-user-pass-verify to include parameters properly so openvpn can start
Fixup update URL
Avoid warnings later on if no config for layer7 exists
Get rid of embedded platform. Its time to GC this
Start using filterlog
Switch over to filterlog sooner than later
Unset also here
Do not allow upgrade_101_to_102 to exit early
This upgrade step does both Captive Portal stuff and OpenVPN stuff. So do not return early just because there is no Captive Portal config.Both Captive Portal and OpenVPN tests changed to be positive tests, to make sure that everything is checked/tested and there is no chance to return early.
Get real interface when dhcrelay uses default GW
If the DHCP Relay server is not on any local subnet, and not on any subnet that has an internal static route, but is somewhere that no specific route is known, then this code finds the default gateway and uses that in the DHCP relay "-i" parameter. The current code gets just the interface name (like "wan", "opt1"). But DHCP Relay command needs to be fed the actual device name "vr0", "vr1" etc....
tls-verify requires quotes around the command to be executed. Ticket #3596
fixing typo for GIF tunnels to work over IPv6
the call of get_interface_gatewayv6() in the creation of a GIF tunnel over IPv6 leads to a "Fatal error: Call to undefined function get_interface_gatewayv6() in /etc/inc/interfaces.inc on line 934". changeing the function call to get_interface_gateway_v6() fixed it for me on my local system.
Correct typo on function name that has slipped unnoticed. Reported-by: https://forum.pfsense.org/index.php?topic=74688.0
Merge pull request #1055 from ExolonDX/branch_master_10
Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale/invalid and there is still a running instance.
Put the fix to be more generic to prevent any other leak possible in the long run. Fixes #3062
Update captiveportal.inc
Release unused pipeno when client is already authenticated.
Bug #3062
Indentation