|
Commit |
Commit message |
|
[17360] |
This is RELENG_1_2
|
|
[17362] |
* Remove RELENG_1
* Excluse .project files
|
|
[17369] |
Do not show blank openvpn configuration items.
|
|
[17372] |
If we cannot deterimine interrupts a second for an interface, do not recycle last known values.
|
|
[17375] |
Do not sort dns server list.
Reported-by: Goffredo Andreone
|
|
[17378] |
Remove time based rule debugging statements.
Reminded-by: Ryan Wagoner
|
|
[17381] |
Check for array type before foreach()
Reminded-by: Ryan Wagoner/Seth Mos
|
|
[17384] |
Hide "ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding
enabled, default to accept, logging disabled" while enabling time based
rules
Noticed-by: Ryan Wagoner
|
|
[17396] |
Sync RELENG_1_2
|
|
[17399] |
Disable ATA write caching which should help with loosing configuration on invalid power off events.
|
|
[17402] |
Add a note about firewall rule schedule logic that
will pop up in a new window describing how pass rules work when they
are outside of the schedule window, etc.
|
|
[17403] |
cvs_sync.sh releng_1 on RELENG_1_2 should sync RELENG_1_2, note this instead of RELENG_1.
|
|
[17406] |
Sync webgui passwords after cvs_sync.sh
|
|
[17408] |
Wrap text in <pre></pre>
|
|
[17410] |
Remove <br/> from schedule strong note.
|
|
[17412] |
Add some text breaks.
|
|
[17414] |
Uncomment pass rule logic. Fixes a problem report from the forum.
Reminded-by: Holger
|
|
[17417] |
Update lighttpd to 1.4.15
|
|
[17422] |
Remove stray ;
|
|
[17425] |
Add xml sync schedules option
|
|
[17430] |
Correctly note the filter configure item when removing the schedule feature from cron
|
|
[17431] |
hw.ata.wc is a read-only /boot/loader.conf value. Remove.
|
|
[17439] |
Turn off hard drive write caching correctly
|
|
[17447] |
MFC 17445
Don't round-robin on failover lb pools
|
|
[17448] |
Do not carriage return in the middle of a shell command
|
|
[17450] |
Remove trailing space
|
|
[17452] |
Do not echo out extra text when reloading the filter rules and correctly detect pftpx already started.
|
|
[17454] |
Load balancing seems to be fairly stable. Stop outputting so much debug information to the system logs.
|
|
[17455] |
Do not output TDR debug information to system logs
|
|
[17456] |
Woops, we need to show this error.
Reminded-by: Seth
|
|
[17457] |
Silence setting up route log error
|
|
[17458] |
Silence ftp proxy debugging statements for 1.2.
|
|
[17459] |
Increase timeout to 5 seconds so SLBD can deal with high load situations
better.
|
|
[17461] |
If the first ping failed, try once more before we mark the service down.
|
|
[17469] |
Add fping binary
|
|
[17476] |
Correctly define the state timeout value.
|
|
[17482] |
Use fping in RELENG_1_2
|
|
[17484] |
Note that we use the username admin when syncing in the error messages
|
|
[17489] |
Block traffic from source port 0 or destination port
0. Some crafty folks try to evade packet filters by using this type of
trickery.
See http://www.securityfocus.com/archive/75/402099/30/0/threaded for
more information.
|
|
[17490] |
Snapshot 1.2-BETA-1. We need to get a new version out for testing before 1.2-BETA-1.
|
|
[17493] |
We should anti spoof on the wan interface as well.
|
|
[17494] |
We really need to lock the configuration when outputting the config.cache
|
|
[17497] |
Do correct locking when cleaning the backup cache
|
|
[17500] |
When we iterate through the backup cache we call out
to parse the configuration file.
This can be fatal if the xml contents is corrupted and the process will
die out. Instead of dieing, return -1 and let the process continue
since we have further logic to detect these issues and restore a
previous configuration, etc.
|
|
[17503] |
xmlparse now returns -1 when a file is corrupt. Detect this situatioon and notify the user that we are unlinking the file.
|
|
[17506] |
xmlparse now returns -1 when a file is corrupt. Detect
this situation during parse_config() and trigger a backup. Note to the
user this occurance.
|
|
[17509] |
* Use copy instead of system()
* Lock the configuration before doing this operation
* Unlink config.cache if it exists
* Send the image to RO after this operation
|
|
[17512] |
Correct the copy() logic
|
|
[17515] |
Only check for server or client respectively instead
of checking for both. Otherwise if a operator is only running server or
client openvpn entries we do not show the configuration.
|
|
[17518] |
Use the correct array path to deterimine if a false entry exists.
|
|
[17521] |
Set tcsh autologout to 0
|
|
[17524] |
Debug out when a lock recursion issue is present. This might expose some missing unlocks and lead to performance speedups.
|
|
[17525] |
Fix a major time based rule bug. We need to match packets *INCOMING* to the interface similar to how pf works.
|
|
[17528] |
Fix another major bug in time based rules. When a * *
* rule is in affect on the wan interface we where killing outgoing
traffic from the firewall itself.
|
|
[17531] |
Use skipto type ipfw rules so that the pass type rules
will not bail out of the ipfw ruleset and keep processing at the next
rule.
|
|
[17534] |
Correct is_array() check.
Suggested-by: Bill M
|
|
[17537] |
Correct is_array() check.
Make sure all 3 branches are the same.
Suggested-by: Bill M
|
|
[17538] |
Correctly setup nat interface mappings when AON is disabled and a gateway is present.
Ticket #1289
|
|
[17541] |
Handle dhclient case on optX interfaces and map nat correctly.
|
|
[17544] |
Call sync with the lock held before allowing a new party to come along and start writing to config.xml.
|
|
[17547] |
When dhclient renews the ip address and the ip has not
changed then old_ip_address will not be set. Ignore this and do not
reload all packages when the ip has not changed.
|
|
[17550] |
Add a blurb that the IP change in the system logs and that we are restarting the packages. This is debug for the time being.
|
|
[17551] |
Do proper locking when writing out php.ini.
Sync the disk contents to force the write to disk after closing the
file. Hopefully this will help solve the php.ini from disappearing on
bootup when a panic occurs.
|
|
[17554] |
Bootstrap php.ini on non-cdrom platforms to *GUARANTEE* that we can invoke php correctly.
|
|
[17558] |
Add anti-lockout rule to ipfw so that you cannot lock yourself out of the GUI.
This is tunable via system -> advanced
|
|
[17561] |
Fix tdr_get_next_ipfw_rule to not return 2 every time.
|
|
[17564] |
Correctly incriment skipto rule number.
|
|
[17567] |
Make the ordering of the IPFW time based rules exactly
the same as PF so there are no strange "gotchas" or "caveats" that the
user would have to abide by.
|
|
[17568] |
Make the ordering of the IPFW time based rules exactly
the same as PF so there are no strange "gotchas" or "caveats" that the
user would have to abide by.
|
|
[17573] |
If $config['system']['dummynetshaper'] is set then load ipfw and dummynet early on
|
|
[17577] |
Do not reload ipfw if it is already loaded.
|
|
[17582] |
0 -> 00 for start time for consistency
|
|
[17583] |
MFC
Show schedule indicator.
|
|
[17584] |
Only foreach through valid arrays.
|
|
[17585] |
Move sync schedules underneath firewall rules section for cosmetic bling bling.
Suggested-mulitple-times-by: Holger
|
|
[17589] |
Apply OpenVPN patch from Martin Fuchs which adds outgoing tunnel bandwidthg control.
|
|
[17593] |
Add trailing slashes to upload directory
|
|
[17597] |
MFC 17596
Correctly use all interfaces.
|
|
[17598] |
* Fix get_interface_list()
* Backout Seth's changes. The bug was up the stack in get_interface_list()
|
|
[17601] |
use <object> instead of <embed>
Ironically this was already fixed in HEAD!
Ticket #1290
|
|
[17603] |
Version bump
|
|
[17605] |
Ensure that old time based rules get deleted during reload
|
|
[17608] |
Add more well known ports to the protocols drop down.
Patch-submitted-by: Martin Fuchs
|
|
[17611] |
Detect when schedules are present and install non schedule rule correctly
|
|
[17614] |
check-state at the beginning of the tdr set
|
|
[17617] |
Use check-state on all TDR rules
|
|
[17620] |
Dont check-state on the rules.
|
|
[17622] |
Turn back off TDR debugging statements.
|
|
[17627] |
MFC 17588
Bug fix: Menu now shows on top of traffic graph instead of underneath
|
|
[17631] |
The earlier fix from today that fixed
get_interfaces_with_gateways() created new problem where all interfaces
would show up in assign_interfaces screen and other places. Instead of
showing them all by default teach get_interfaces_with_gateways() how to
extract the complete list.
|
|
[17635] |
* Use is_interface_mismatch() function * Do not allow
configuration to continue until the interfaces are setup correctly *
When restoring a configuration via the webConfigurator detect that a
interface mismatch has occured and redirect the user to the assign
interface screen. Once the assign interface Save button has been
pressed go ahead and reboot. This might just prevent someone from
throwing a fit since they do not have console access.
|
|
[17636] |
* Use is_interface_mismatch() function * Do not allow
configuration to continue until the interfaces are setup correctly *
When restoring a configuration via the webConfigurator detect that a
interface mismatch has occured and redirect the user to the assign
interface screen. Once the assign interface Save button has been
pressed go ahead and reboot. This might just prevent someone from
throwing a fit since they do not have console access.
|
|
[17638] |
s/resolved/resolve/
|
|
[17640] |
Detect 0 byte config.xml cases and attempt to restore a previous backup.
|
|
[17643] |
Detect 0 byte config.xml cases and attempt to restore
a previous backup.
With this change my wrap that has been panicing for 30 hours straight
boots right back off and we will continue the panic torture test.
|
|
[17646] |
File a notice when we restore a previous configuration file.
|
|
[17650] |
Recompile slbd with Seths Stay under 5 seconds for the poll cycl changes
|
|
[17653] |
Unbreak status graph. Someone is going to need to
submit *WORKING* patches that work with FireFox, IE and Opera for this
to get changed again!
Ticket #1290
|
|
[17655] |
Update racoon to 0.6.7
|
|
[17665] |
Increase the size of the openvpn custom options box.
|
|
[17670] |
Add is_private_ip function which will return true if an ip address falls within a private subnet range.
|
|
[17672] |
Correctly map static routes.
Work done by Seth Mos
TODO: Port to -HEAD.
|
|
[17673] |
Remove hack that checks for blank protocol. We need to
fix the upstream bug that is causing the blank entries. This bug is
also appearing in the load balancing area now.
|
|
[17678] |
MFC
Merge 2nd pass NAT rule generation. Take ipsec and voip into account.
|
|
[17681] |
MFC Alter outbound nat descriptions to match operation
|
|
[17687] |
MFC
3rd pass nat rules generation. Also process lan subnets with OPT gateway properly.
|
|
[17692] |
OpenVPN bandwidth fix from Martin Fuchs
|
|
[17696] |
Only deinstall filter reload item if it is presently installed
|
|
[17700] |
Do not writeout tdr_cron_install() entries on bootup. Somehow doing so adds a stray load balancing and openvpn entries.
|
|
[17703] |
Write out an entry to the logging system when we write_config() on bootup.
This will help us track down stray items writing out on bootup.
|
|
[17706] |
Quiet down the dhclient log files in preperation for 1.-2-BETA-1 release.
|
|
[17707] |
Trim carriage return off of the $old_ip so that the <> comparison works.
This should fix the packages from always being restarted even if the ip was the same.
|
|
[17710] |
PPPoE server fixes
Ticket #1283
|
|
[17715] |
* Add status virtual servers screen from Seth Mos
* Add tab code to the original LB pool status screen
|
|
[17718] |
MFC
The aliases edit page says we allow the - and _ but the pattern did not match.
|
|
[17724] |
miniupnpd-20070412
|
|
[17727] |
Add upnp status link in the menu
|
|
[17728] |
Quiet down ftpsesame.
|
|
[17731] |
Correctly delete old rules from TDR using set 9
|
|
[17734] |
Delete the 2nd and 3rd rules as well
|
|
[17737] |
Move TDR pruning routines to the correct location.
|
|
[17739] |
Note missing file before reinstalling package
|
|
[17745] |
Add missing / directory seperator.
This should hopefully fix squid from reinstalling itself a million times on bootup.
|
|
[17747] |
Correctly output the package name that we are attempting to reinstall instead of the package array number.
|
|
[17750] |
It is time for 1.2-BETA-1.
Agree'd by: smos, hoba
|
|
[17751] |
Use $_SERVER['argvc'] and $_SERVER['argv'][$x]. This fixes the linkup issues (hotplug)
|
|
[17754] |
Change Miniupnp to UPNP
|
|
[17757] |
$config needs to be a global. Someone needs a pointy-hat!
|
|
[17762] |
Add a pfSense interactive php shell for developers.
|
|
[17766] |
Escape $ so that it does not try to print out the variable
|
|
[17769] |
Add pfSense php shell option. This will be used by
developers to tell operators how to remove blank config options and
many other things that will be easier than instructing someone to edit
config.xml directly, etc.
|
|
[17772] |
Show that exit is a valid command
|
|
[17775] |
Add multiline support for multi-line mini programs/scripts.
|
|
[17779] |
Keep 5 backups on embedded. Keep 30 on full installations.
|
|
[17782] |
Clean backup cache before starting php environment
|
|
[17784] |
Back on the snapshot building program
|
|
[17785] |
Disable interrupt total box. We need a better parsing algo.
|
|
[17787] |
Do not allow the setting of the carp sync ip to be an ip address on the same firewall. This leads to a sync loop.
|
|
[17790] |
Do not forget VIP's as well.
|
|
[17793] |
Take into account the DHCP wan ip address as well
|
|
[17796] |
Capitalize IP
|
|
[17799] |
* add comments about scheduler logic
* correct one case where the logic was not correct
|
|
[17804] |
Delete package before reinstalling to avoid multiple service entries, etc.
|
|
[17809] |
Woops, use delete_package_xml() instead of delete_package()
|
|
[17812] |
Install the package, deinstall and reinstall to ensure it is in a proper state.
|
|
[17815] |
Allow synchornize to ip to be blank.
|
|
[17818] |
Prevent a configuration sync loop from occuring when a cluster has two nodes.
|
|
[17822] |
Add does_url_exist() which can verify a URL exists before downloading.
|
|
[17825] |
Woops, actually use $url
Noticed-by: Seth
|
|
[17829] |
Add firmware update menu option which can fetch a URL from the internet or use a already fetched file from the file system.
|
|
[17832] |
Add md5 support if the site is storing the value.
|
|
[17835] |
Launch file correctly
|
|
[17838] |
Exit if URL or PATH is blank.
|
|
[17841] |
* Do not close a buffer that has failed
* Automatically retry failed connection
|
|
[17844] |
Fetch the filesize initially and compare it. In addition we compare MD5 to be absolutely sure.
|
|
[17848] |
Do not allow - in aliases. This breaks port aliases.
tables are fine with the - and the _. Ports only work with _.
|
|
[17850] |
Install frickin pptp proxy rules correctly.
|
|
[17851] |
Snapshot version bump
|
|
[17853] |
Add a note that you do not use Synchronize IP and password option on backup cluster members.
|
|
[17858] |
Fix spelling mistake
Pointed-out-by: Summat via IRC
|
|
[17863] |
Show common commands in the php pfsense shell such as:
* Enabling SSH
* Enabling wireless on an interface (hostap, channel, ssid, etc)
* Enabling DHCP Server on an interface
* Disable firewall filter
* Set up an interface for DHCP and enable
* Set up an interface for static and enable
These commands come in handy when configuring a 1 port ethernet wrap with 2 wireless cards.
Sponsored-by: Bluegrass.net
|
|
[17866] |
Minor text updates
|
|
[17869] |
Minor text updates
|
|
[17872] |
Show the reboot command as well for php pfSense shell
Sponsored-by: Bluegrass.net
|
|
[17875] |
* Correct printr typo.
* Show how to output the interfaces and dhcpd portions of the configuration
|
|
[17878] |
Clarify DHCP server comment
|
|
[17881] |
Show how to output the wireless options such as channels, modes, etc.
|
|
[17887] |
Move help / common usage scenarios to the "help" command.
|
|
[17894] |
Do not attempt to touch /needs_package_sync on CDROM platform.
|
|
[17899] |
Update to PHP 4.4.7 (cgi-fcgi) (built: May 4 2007 13:35:10)
|
|
[17902] |
Snapshot version bump
|
|
[17912] |
Somehow the path is not being set past .:, remove it for testing
|
|
[17913] |
Backout last change
|
|
[17914] |
Backout last change
|
|
[17917] |
Install compatibility symlink for packages built in /tmp/tmp (FreeBSD 7 currently)
|
|
[17920] |
Correct compatibility symlink
|
|
[17923] |
Correct the compatibility location again.
|
|
[17929] |
Do not create nat on rules for opt interfaces with a gateway.
|
|
[17932] |
Show icon that indicates whether the traffic is being blocked or allowed
MFC: 17931
|
|
[17957] |
Return the virtual interface for PPPoE
|
|
[17960] |
get_interface_gateway() does not understand pppoe
|
|
[18020] |
Trigger on right opt interface
|
|
[18021] |
correctly determine if time range exists
|
|
[18026] |
Make naming consistent
|
|
[18027] |
Version bump. Working pppoe load balancer code
|
|
[18029] |
Add more protocols.
Submitted-by: Martin Fuchs
|
|
[18037] |
Add is_wan_interface_up($interface)
Can be optional interface as well.
|
|
[18042] |
Binary without NAT-T support.
|
|
[18045] |
Remove trailing line and unbreak snapshot server.
|
|
[18046] |
Execute tcpdump in background for speed improvement
|
|
[18051] |
Add NTP Server field to dhcp config.
From: Alexander Schaber
|
|
[18052] |
Compile static racoon which includes libipsec.so.0
|
|
[18059] |
Sometimes people have local domains which they do not
want forwarded to upstream servers. This is accomodated by using server
options without the server IP address. To make things clearer local is
a synonym for server. For example the option local=/localnet/ ensures
that any domain name query which ends in .localnet will be answered if
possible from /etc/hosts or DHCP, but never sent to an upstream server.
Ticket #1190
|
|
[18061] |
Commit missing fragment, align with other branches.
|
|
[18062] |
Add DHCP options to OpenVPN
Submitted-by: Martin Fuchs
|
|
[18063] |
Kill trailing space
|
|
[18066] |
Only apply md5 summaries to real files. *.tgz is NOT a real file.
|
|
[18068] |
When Enable Static ARP entries is enabled, do not
allow entries that lack an ip address from being added. Currently we do
not have any type of dhcp server hooks to automatically add the arp
address to the arp table to make this work otherwise.
|
|
[18073] |
Create upgrade scripts for embedded which turns on the serial console.
|
|
[18076] |
Add a plus button on the top header of these pages.
This to make it easier on large configurations.
|
|
[18078] |
Lot's of plus buttons added.
|
|
[18081] |
Add a wan interface up check before we start any time syncing.
|
|
[18087] |
Show active schedules and their corresponding actions
|
|
[18088] |
Show active schedules
|
|
[18089] |
Show captive portal errors properly
|
|
[18092] |
Use /root/ as temporary storage.
|
|
[18095] |
Unlink upgrade file on upgrade.
|
|
[18098] |
Unlink upgrade file on upgrade.
|
|
[18101] |
Use unlink_if_exists()
|
|
[18103] |
Unbreak firewall_nat_out.php
Pointy-hat-to: smos
|
|
[18104] |
Port load balancer sticky address option
|
|
[18108] |
Update XML_RPC to 1.5.1
This fixes sync issues on configs > 500KB
|
|
[18111] |
Lock the configuration while we fix the serial console
|
|
[18113] |
Use /etc/ttys and /etc/gettytab that ships with the
update instead of rewriting the file from a custom script (and loosing
special formatting such as tabs)
|
|
[18137] |
Mount read/write before fetching url.
|
|
[18141] |
Rework stop and start logic. If we are already alive, reload instead of stop and start.
Tested by Seth.
|
|
[18145] |
Add missing closing td tag.
|
|
[18147] |
Patch from Martin to fix http://forum.pfsense.org/index.php/topic,4773.0.html
|
|
[18149] |
Add system routes duplicate option.
|
|
[18151] |
Honor sticky-address setting from system->advanced for outgoing load balancing items if it is enabled.
|
|
[18154] |
$config needs to be a global item
|
|
[18158] |
Remove syslog from port definitions
Ticket #1314
|
|
[18161] |
Mount image read write before upgrading.
|
|
[18170] |
Do not flush SPA and SPD before starting. It upsets racoon.
|
|
[18172] |
DHCP Relay - server textbox field doesn't toggle properly
Ticket #1313
|
|
[18176] |
s/occured/occurred/
Ticket #1309
|
|
[18178] |
when pppoe aliases on pppoe server are made they make
aliases for ng0 to whatever. but ng1 should be the start for
pppoe-server ng0 should be reserved for pppoe client this problem could
effect pptp server as well.
Ticket #1308
|
|
[18183] |
Scrub the absolute minimum amount for PPPoE
|
|
[18185] |
Version bump using that confusing american date format.
|
|
[18187] |
add option for no count, correct host field
|
|
[18190] |
Remove previous firmware.tgz on bootup if present.
|
|
[18194] |
Add missing )'s.
How this got past our PHP LINT checker is beyond me.
|
|
[18198] |
Remove extra "'s.
|
|
[18201] |
save capture to /tmp, fix other various issues
|
|
[18203] |
Use pfSync SYNCPEER directive if defined.
Ticket #1317
|
|
[18208] |
Add stop / start / restart racoon (IPSEC VPN) service option.
|
|
[18210] |
Snapshot version bump
|
|
[18213] |
prepare for widget package
|
|
[18225] |
Add a function to forcefully reload VPN on wan ip change.
|
|
[18230] |
Reset dynamic dns upon pppoe forced disconnect.
Ticket #1325
|
|
[18231] |
For some reason check_reload_status was doing strange things(TM)
when it forked. We will need to consult with a C god of why
this actually fixed the problem.
|
|
[18236] |
crs fork code is out, executing in background
|
|
[18237] |
Launch in BG
|
|
[18247] |
Work around a FreeBSD where 2 carp interfaces exist
and you delete 1. This ends up panicing the kernel. This is fixed in 7
so this will not be needed much longer.
|
|
[18251] |
Commit forgotten vpn_ipsec_force_reload()
|
|
[18252] |
Update miniupnpd binary to be in line with the rest
|
|
[18254] |
Use nohup construct for launching check_reload_status
|
|
[18257] |
Do not destroy carp interface which can lead to a
panic. This has been tested and works just fine after deleting and
adding new carp interfaces.
|
|
[18260] |
usleep(1000); between down and delete. this appears to fix the carp issues.
|
|
[18262] |
Don't check carp settings, check if vip addresses exist.
|
|
[18267] |
Alert the user that deleting the CARP ip addresses will reboot.
|
|
[18268] |
Move post routine to end so that the page will refresh before rebooting (panicing)
|
|
[18269] |
* Tell user when we are rebooting
* Issue a shutdown -r now command instead of panicing and potentially corrupting the configuration
|
|
[18270] |
This is PHP code, not HTML. Woops.
|
|
[18271] |
* Issue a shutdown -r now command instead of panicing and potentially corrupting the configuration
|
|
[18272] |
* Flush buffer
* Run shutdown in parallel
* Exit immediately
|
|
[18273] |
Really output message correctly, remove previous notice.
|
|
[18274] |
Woops, only reboot on carp entries.
|
|
[18275] |
Woops, only reboot on carp entries.
|
|
[18277] |
Version bump
|
|
[18287] |
-bump miniupnpd version 20070521
-dropped status tab from upnp services page
-dropped tabs from upnp status page
|
|
[18292] |
Back out #1313. It breaks dhcp relay.
See ticket #1332
|
|
[18294] |
Version bump
|
|
[18303] |
* Add functions required for dashboard
* Killing trailing space
|
|
[18305] |
Add widget CSS items.
|
|
[18307] |
Icons for new widgets
|
|
[18309] |
css for widgets
|
|
[18310] |
css for widgets
|
|
[18315] |
Update graph refresh interval to 3 seconds from 1.
|
|
[18316] |
update css for widgets config div
|
|
[18323] |
Allow graph to receive incoming refresh interval. Default is 1 sec.
|
|
[18328] |
Version bump
|
|
[18338] |
Set net.inet.tcp.inflight.enable to 3 and gather feedback from users.
|
|
[18340] |
Version bump
|
|
[18372] |
Update pftop
|
|
[18374] |
Unbreak local queries that where broken in Ticket #1190 until we hear back from author of the patch.
|
|
[18377] |
s/dhcprelay/dhcrelay/ so that service status shows up correctly
Ticket #1333
|
|
[18379] |
Version bump
|
|
[18380] |
Remove c/r
|
|
[18381] |
Update static routes on filter reload
Ticket #1330
|
|
[18392] |
add closing tr tag
|
|
[18405] |
Pass gre in any direction.
|
|
[18408] |
Only allow adavanced tunables when some kind of state tracking is enabled.
|
|
[18411] |
Really only allow adavanced tunables when some kind of state tracking is enabled.
|
|
[18416] |
Increase update delay.
|
|
[18418] |
Use keep state instead of modulate state
|
|
[18419] |
Version bump
|
|
[18429] |
get_interface_info() now resides in pfsense-utils.inc.
|
|
[18430] |
get_interface_info is now in pfsense-utils.inc. Who moved this function without testing the rest of the pages!?
|
|
[18432] |
Change link 'System' to 'Dashboard'
|
|
[18445] |
update icons for interface widget
|
|
[18446] |
and back we go to System, oops
|
|
[18452] |
Instead of skipping DHCP server on LAN in a bridged
environment, simply log an error letting the operator know that DHCP
Server is enabled on LAN in a bridging environment.
|
|
[18470] |
Remove IPV6 operations.
|
|
[18478] |
* Sleep between restarting racoon
* Use vpn_ipsec_force_reload();
* Break when needed
|
|
[18479] |
Kill trailing space
|
|
[18480] |
Correct ps location
|
|
[18485] |
* Remove path from racoon grep
* Remove [r] from racoon and simply grep for racoon
|
|
[18488] |
Call vpn_ipsec_force_reload() when user clicks "Save"
|
|
[18491] |
* Flush SPD's on reload
* Kilall -HUP racoon if its already running since racoonctl is brokie brokie
|
|
[18494] |
use killall
|
|
[18498] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18502] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18505] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18506] |
SSH-Key(only) Login
|
|
[18509] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18512] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18513] |
Instead of running an endless loop, let the console
logout and log back in after a command. This fixes some of the issues
on serial console.
|
|
[18514] |
* Backout last commit
* Change the logic a bit by sleeping for 10 seconds after option 2 and
then logout and log back in. This works around the strange strange
shell issues on serial console.
|
|
[18523] |
Set the recv and send space to 4096 when folks use pfSense on 64 megabyte machines.
|
|
[18528] |
Reset terminals on blank input which could be a console reload war between some kind of strange "new spawned console".
|
|
[18530] |
With the tweaks that have occured today fastcgi can now run again on 64 megabyte machines.
|
|
[18538] |
Restore previous PPTP changes.
|
|
[18541] |
Catch checkreload.sh back up to check_reload_status changes.
|
|
[18545] |
Version bump.
|
|
[18548] |
Revert previous commits now that IPSEC is reloading correctly.
|
|
[18564] |
Version bump
|
|
[18607] |
find_interface_ip() requires a real interface
|
|
[18611] |
Cleanup logging line so that it is more readable.
|
|
[18616] |
Unbreak captive portal images.
|
|
[18619] |
Make sure we are writable for /etc/crontab
|
|
[18630] |
Revise polling text.
|
|
[18695] |
Correct location of use_rrd_gateway.
|
|
[18706] |
Default to nat-reflection inactivity of 2000 which is roughtly 33 minutes.
|
|
[18709] |
Note that failover mode only applies to ougoing (multi-wan) rules.
|
|
[18716] |
update widget css
|
|
[18717] |
update widget css
|
|
[18735] |
Reset SLBD every 5 hours to avoid 100% cpu utilization
Ticket #1316
|
|
[18737] |
Version bump
|
|
[18740] |
parse entire path for packet capture file to download correctly
|
|
[18746] |
Version bump.
|
|
[18752] |
Move CARP and PFSYNC allow traffic before USER_RULES
section. If a person has a restrictive ruleset then it is possible to
disallow traffic.
|
|
[18754] |
Version bump.
|
|
[18768] |
Recompile against libevent 1.3a
|
|
[18773] |
Do not antispoof on wan when it is bridged.
Ticket #1352
|
|
[18780] |
Remove openvpn csc file when option is disabled.
Ticket #1339
|
|
[18786] |
Correctly move upnp to base since LiveCD cannot write files to /usr/local/etc or /usr/local/etc/rc.d/
Ticket #1342
|
|
[18789] |
Correctly move upnp to base since LiveCD cannot write files to /usr/local/etc or /usr/local/etc/rc.d/
Ticket #1342
|
|
[18794] |
unbreak policy routing rules network access to LAN IP
Ticket #1320
|
|
[18795] |
use correct path for miniupnpd.conf
|
|
[18798] |
Woops, we need this code. Write out config file correctly.
|
|
[18800] |
$config needs to be global
|
|
[18804] |
Use /var/etc/
|
|
[18805] |
Remove debugging helpers
|
|
[18806] |
Remove debugging helpers
|
|
[18808] |
Version bump
|
|
[18814] |
set filename properly upon downloading capture
|
|
[18818] |
Be more verbose on logging so that we can correctly deterimine protocol, etc.
Ticket #1348
|
|
[18825] |
Cleanup IPSEC rules. We where blocking port = 500 UDP on CARP interfaces, for one.
|
|
[18826] |
Version bump
|
|
[18830] |
Remove code which does not belong in RELENG_1_2. The new login / user system is in RELENG_1+
|
|
[18847] |
Correct location to "true".
Noticed-by: dsh
|
|
[18854] |
Version bump.
|
|
[18855] |
Version bump. Resume snapshots.
|
|
[18872] |
MFC 18866
Update reg ex to accommodate extra data thrown into log
Ticket #1371
|
|
[18873] |
Recompile ftpsesame
|
|
[18880] |
Set the ephemeral port range starting port to 1024
instead of 49152.
On a busy firewall it is possible to run out of ephemeral ports and
then the system will block new connections until a port is available.
|
|
[18891] |
Only pass anti-lockout traffic on $lan
|
|
[18894] |
Since we are matching traffic on incoming interface, do not link wan or lan to bridgeX
|
|
[18896] |
Version bump
|
|
[18898] |
Do not use $iface as source or destination as it may be a member of a bridge without an ip address and pfctl will complain.
|
|
[18901] |
Escape $lan correctly
|
|
[18903] |
Missed commmit
|
|
[18905] |
Use $lanif for lan anti-lockout rule
|
|
[18908] |
Remove the dynamic log viewer link for 1.2. It needs a lot of work still.
Ticket #1371
|
|
[18909] |
Do not show IPSEC rules tab when IPSEC is disabled.
|
|
[18912] |
Increase default time from 1 second to 3 which is far too short.
|
|
[18915] |
Version bump
|
|
[18916] |
Misc grammer fixes
|
|
[18919] |
Remove extra PasswordAuthentication line.
Ticket #1374
|
|
[18922] |
Restart filter logging process after timezone change so that the entries reflect the correct time and date.
|
|
[18927] |
MFC IPSEC fixes from seth, this should properly reload and handle large
configs > 300 tunnels.
|
|
[18931] |
Use pattern matching for proper database selection
|
|
[18935] |
Kill off old pftpx processes correctly
|
|
[18941] |
CAPS kills. Literally. Do not set the description to upper case LAN when we are looking for lower case.
|
|
[18951] |
Oops, correct path to binaries
|
|
[18962] |
Tag 1.2-B3
|
|
[18965] |
Recompile ftpsesame
|
|
[18968] |
Turn off extended logging errors
|
|
[18972] |
Start DHCPD before DNSMASQ to avoid this error on embedded:
Jul 12 01:34:39 dnsmasq[588]: failed to access /var/dhcpd/var/db/dhcpd.leases: No such file or directory
|
|
[18989] |
Correct average times, otherwise the grap stops after 8 months.
|
|
[18998] |
Remove bogus warning.
|
|
[19002] |
Version bump. RC1 time.
|
|
|