Give needed +x flag to make working xauth proper
Oops this was moved accidentally
Correct sense of match and move the code up to since it makes more sense
Actually this should be rightauth2 since they should send the extra infor to be validated
bind HTTP->HTTPS redirect to IPv6 too. Ticket #3437
Allow to use PSK+agressive mode since user should have the choice even though it poses security risks
PBIs are crashing without LOGNAME being defined in the environment, define it here until PBI is fixed
This slipped in wrongly
Allow a key to specified for all users as for exmpale when connecting from Apple iOS
Pass the loglevels on the config rather than execing commands to specify these loglevels. This allows somethings to be properly logged as config logs
No need to have the ip let strongswan do it for us! Keeping still filterdns to properly evaluate dns behaviour here
Strongswan does not need the quotes here
Show proper status for ipsec
Remove generate policy option since its not relevant with strongswan
Some adjustments to the code for logging
Convert protocol ssl:// to https:// when creating http headers
Small cleanup
Partialy revert 0ae4f3f:
It broke xmlrpc_client since https is not a valid php transport.
Work around some quirks in global handling to show filter rule descriptions in their own row/column when configured for that behavior.
Revert "Respect protocol from URL"
This reverts commit 4f5bea8b6e2e6b0d5c1352539268d720826b4760.
Respect protocol from URL
Remove units from burst as it is always specified in bytes. (Per ipfw(8)).Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate.
Use egrep here (and full path)
Consider tracker IDs when looking up filter log entries, if present
Fix http and https port for cpzone
Use global cpzoneid variable
Drop double $$ from variable name
Remove redundant set
Silent kldstat
Sometimes fsck requires a second run, teach rc script to call it more than once when it's necessary
Obsolete old clog binary from /usr/sbin
Merge pull request #1125 from msilvoso/master
Migrate captive portal code to SQLite3 php module
sqlite module is now called sqlite3
Obsolete old php modules
Take care of interfaces that have no ip but might be part of the bridge as done for openvpn to avoid loops
Changes to make it work behind a bluecoat proxy - added a user agent, and changed url scheme
Oops specify mode of operation to fopen
Make the alias url processing functions not memory hungry!
Rewrite update_alias_url_data to be with small memory footprint. Also return the status if an update is performed to callers and remove the write_config call embedded here since its not good to have this by default.
Signal a reload if anything got updated
Merge the patch suggested in Ticket #3629. It also Fixes #3629. The question is why this is using config lock? Also where is filter configure called here?
Expose all p0f OS types that it supports so that subtypes of various Operating Systems can be detected
Fix kldstat match/output to check for a running module. It was claiming all modules were loaded so none were being loaded.
Send HUP to restart syslogd rather than trying to restart it, thus loosing messages
make sure unbound is included here
Handle 0MQ filter configure
If unbound is configured then assign it for the vpn service
If Unbound is been used then make sure to reload when system_hosts_generate() is called
Make sure unbound is reconfigured when interfaces are
Add space between configile and switch
Move clog from /usr to /usr/local
Add filterlog to separatefacilitylog to avoid logs going elsewhere
Change log level to error for php-fpm
Another dir to be created
Correct the definitions of certificate path to correct place to allow the daemon to start
Update binaries used
Put this here for easier troubleshooting and code reading. Helps with Ticket #3619
Use php module calls here to speedup things
Correct the ridirection URL to unbreak ones passed through Radius attributes and repsect user choices. Reported-by: Antoine Guillemot
Use the daemon name to send the filter logs
Merge pull request #1032 from fichtner/contributions manually since it does not apply cleanly
Merge pull request #1040 from fichtner/pw_userdel manually since it does not apply cleanly
Merge pull request #1098 from camlin/master
Merge pull request #1117 from derelict-pf/nohttpsforwards
Make sure to actually configure the outgoing query interfaces if selected.
Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
Merge pull request #1118 from phil-davis/patch-3
Merge pull request #1120 from phil-davis/patch-5
Fix PBI installation when target lies on different directorie
fix typo
This doesn't need via-env
Make sure that the DNS Forwarder/Resolver is actually capable of accepting queries on localhost before using it as a DNS server.
Missed pbi_prefix here
Fix PBI symlink creation and deletion under /usr/local following .pbiopt files, also drop setup_library_paths() since it's not necessary anymore
Make sure /usr/local/etc/rc.d exists
On 2.2-ALPHA (i386)built on Mon Apr 21 13:01:11 CDT 2014 (for example) there was /usr/local/etc but not /usr/local/etc/rc.d - when I tried to install bandwidthd, that called write_rcfile() which failed because /usr/local/etc/rc.d did not already exist....
Merge pull request #1116 from PiBa-NL/interface_has_gateway-ipv4_gif_gre
Merge pull request #1115 from PiBa-NL/reply-to_IPv6gateway
Load if_stf module when needed
Cut paste bug fix in Remote Syslog DHCP events
apinger is repeated here from the code above, but it should be dhcp.Forum https://forum.pfsense.org/index.php?topic=73734.0Selecting to remote syslog "Gateway Monitor events" would also switch on "DHCP service events" unintentionally.
Add nohttpsforwards option to captive portal
add gre and gif checks for for IPv4 function interface_has_gateway($friendly), like they are already for IPv6
check gateway for IPv6 also for reply-to rules.
Be smarter at using kenv
pfSense - Bug #3607: Fix issue whereby the ICMP6 messages sometimes have the wrong source IP when a monitor gateway has been set.
[pfSense - Bug #3607] Ensure gateway detection can cope with the gateway being a dynamically assigned PPoE interface.
Unload the ZFS module if its not in use to not consume uselss memory
support symlinked RC scripts from PBI packages
GC unused code and do not set this to 0 for now since it is not anymore relevant
Fix susbstr-substr typo
I just got this error again on 14 Apr 2014 2.2 snapshot. I can see the fix in 2.1 branch. I could have sworn it got fixed in Master also, but I can't see it. So here is the fix for Master.
Correct the sense of the check to allow openvpn to work
Correct auth-user-pass-verify to include parameters properly so openvpn can start
Fixup update URL
Use the FreeBSD script for ldconfig to catch all libs
Avoid warnings later on if no config for layer7 exists
Get rid of embedded platform. Its time to GC this
Start using filterlog
Switch over to filterlog sooner than later
Unset also here
Do not allow upgrade_101_to_102 to exit early
This upgrade step does both Captive Portal stuff and OpenVPN stuff. So do not return early just because there is no Captive Portal config.Both Captive Portal and OpenVPN tests changed to be positive tests, to make sure that everything is checked/tested and there is no chance to return early.