Silent pbi_info
Reduce possible noise
allow ipaliases to be configured on lo0
Fix variable name
remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
Bring in proper gmirror support for the GUI and notifications.Made a general gmirror library to perform various gmirror tasks and get information, using some of the former widget logic to start. Updated widget to use this new code.Added a Diag > GEOM Mirrors page that displays information about existing mirrors and perform various management tasks. Current actions include rebuilding a drive, forgetting disconnected mirror drives, insert/remove, deactivate/activate, clearing medatada. It's now possible to use the GUI to rebuild a failed mirror by performing a forget, then insert action to replace a missing/dead drive....
glob() is already called by unlink_if_exists
client-config-dir is also useful when using OpenVPN's internal DHCP while bridging.
Add @ to silent any possible return of posix_kill
Fix typo
Improve /etc/sshd:
. Create ed25519 key for ssh and silent daemon. Remove some exec() calls. We do not need to re-create all keys if /root/.ssh/authorized_keys is empty. Remove some redundancy and declare a single array with all keys
Include the v4 prefix on the v6 netmask to make routing more sane and alos tracking interface configurations work!
Update rrd.inc
fixed NTPd graphs resetting when service restarts or reconfigured (thanks charliem https://forum.pfsense.org/index.php?topic=76620.msg422811#msg422811)
Make sure check_reload_status is stopped so it can be upgraded and no events disturb the upgrade.
Remove the space here which probably is preventing from calling sshd from fcgi
Make logging of pass rules opt-in rather than opt-out
Split the setting of logging pass and block into 2 separate settings. Maybe this can be extended to control even the user rules?
Add ICMP to filter parser, it should fix #3663
Add (self) keyword for specifying "any IP address on this firewall" as a rule choice.
Merge pull request #1149 from phil-davis/patch-7
Merge pull request #1205 from ExolonDX/branch_master_59
Properly handle this rename, and squelch errors if it fails.
Delete all ip aliases when interface is disabled, it should fix #3650
fix variable typo. ticket #3669
Correct variable test here, too. Ticket #3662
Restore 989d361e88d08bd9e71bf7daafcb3b39af65bd3d to preserve a scenario that seems useful as suggested from @fitchner.
Remove commented out code since long time
Remove a line spotted by @fitchner which is not needed at all
Put a line on logs when this situation happens!
Update SCRIPT tags.
Add CDATA sections to SCRIPT tags in various files
Fix test (variable is a checkbox, not an array/string). Fixes #3662
Use correct variable name here.
Make some fixes related to Ticket #3662. Its mostly cleanup.
Spell that correctly
Handle enc0->IPSec convertion. Should help Ticket #3664
Actually make this correct
Use subnet rather than address/netmask to allow multiple clients to behave properly
/etc/version_kernel and /etc/version_base no longer exist, use php_uname to get the info instead.
Move duplicated code into a function; Include local ID on mobile tunnel key line in ipsec.secrets.
Use the right specification for ahnding over the subnet to mobile clients
Do not specify the rightid in mobile tunnels since it makes things not work
Give needed +x flag to make working xauth proper
Oops this was moved accidentally
Correct sense of match and move the code up to since it makes more sense
Actually this should be rightauth2 since they should send the extra infor to be validated
bind HTTP->HTTPS redirect to IPv6 too. Ticket #3437
Use function_exists test
Allow to use PSK+agressive mode since user should have the choice even though it poses security risks
PBIs are crashing without LOGNAME being defined in the environment, define it here until PBI is fixed
This slipped in wrongly
Allow a key to specified for all users as for exmpale when connecting from Apple iOS
Pass the loglevels on the config rather than execing commands to specify these loglevels. This allows somethings to be properly logged as config logs
No need to have the ip let strongswan do it for us! Keeping still filterdns to properly evaluate dns behaviour here
Strongswan does not need the quotes here
Show proper status for ipsec
Remove generate policy option since its not relevant with strongswan
Some adjustments to the code for logging
Use require_once in more places
I got:PHP Fatal error: Cannot redeclare file_notice() (previously declared in /etc/inc/notices.inc:55) in /etc/inc/notices.inc on line 91So there are places that notices.inc gets require() when already required.
Convert protocol ssl:// to https:// when creating http headers
Small cleanup
Partialy revert 0ae4f3f:
It broke xmlrpc_client since https is not a valid php transport.
Work around some quirks in global handling to show filter rule descriptions in their own row/column when configured for that behavior.
Revert "Respect protocol from URL"
This reverts commit 4f5bea8b6e2e6b0d5c1352539268d720826b4760.
Respect protocol from URL
Remove units from burst as it is always specified in bytes. (Per ipfw(8)).Worked for me in testing, I watched a file briefly burst until and then be clamped down to the limiter's rate.
Use egrep here (and full path)
Consider tracker IDs when looking up filter log entries, if present
Fix http and https port for cpzone
Use global cpzoneid variable
Drop double $$ from variable name
Remove redundant set
Silent kldstat
Sometimes fsck requires a second run, teach rc script to call it more than once when it's necessary
Obsolete old clog binary from /usr/sbin
Merge pull request #1125 from msilvoso/master
Migrate captive portal code to SQLite3 php module
sqlite module is now called sqlite3
Obsolete old php modules
Take care of interfaces that have no ip but might be part of the bridge as done for openvpn to avoid loops
Changes to make it work behind a bluecoat proxy - added a user agent, and changed url scheme
Oops specify mode of operation to fopen
Make the alias url processing functions not memory hungry!
Rewrite update_alias_url_data to be with small memory footprint. Also return the status if an update is performed to callers and remove the write_config call embedded here since its not good to have this by default.
Signal a reload if anything got updated
Merge the patch suggested in Ticket #3629. It also Fixes #3629. The question is why this is using config lock? Also where is filter configure called here?
Expose all p0f OS types that it supports so that subtypes of various Operating Systems can be detected
Fix kldstat match/output to check for a running module. It was claiming all modules were loaded so none were being loaded.
Send HUP to restart syslogd rather than trying to restart it, thus loosing messages
make sure unbound is included here
Handle 0MQ filter configure
If unbound is configured then assign it for the vpn service
If Unbound is been used then make sure to reload when system_hosts_generate() is called
Make sure unbound is reconfigured when interfaces are
Add space between configile and switch
Move clog from /usr to /usr/local
Add filterlog to separatefacilitylog to avoid logs going elsewhere
Change log level to error for php-fpm
Another dir to be created
Correct the definitions of certificate path to correct place to allow the daemon to start