|
Commit |
Commit message |
|
[17360] |
This is RELENG_1_2
|
|
[17362] |
* Remove RELENG_1
* Excluse .project files
|
|
[17369] |
Do not show blank openvpn configuration items.
|
|
[17372] |
If we cannot deterimine interrupts a second for an interface, do not recycle last known values.
|
|
[17375] |
Do not sort dns server list.
Reported-by: Goffredo Andreone
|
|
[17378] |
Remove time based rule debugging statements.
Reminded-by: Ryan Wagoner
|
|
[17381] |
Check for array type before foreach()
Reminded-by: Ryan Wagoner/Seth Mos
|
|
[17384] |
Hide "ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding
enabled, default to accept, logging disabled" while enabling time based
rules
Noticed-by: Ryan Wagoner
|
|
[17396] |
Sync RELENG_1_2
|
|
[17399] |
Disable ATA write caching which should help with loosing configuration on invalid power off events.
|
|
[17402] |
Add a note about firewall rule schedule logic that
will pop up in a new window describing how pass rules work when they
are outside of the schedule window, etc.
|
|
[17403] |
cvs_sync.sh releng_1 on RELENG_1_2 should sync RELENG_1_2, note this instead of RELENG_1.
|
|
[17406] |
Sync webgui passwords after cvs_sync.sh
|
|
[17408] |
Wrap text in <pre></pre>
|
|
[17410] |
Remove <br/> from schedule strong note.
|
|
[17412] |
Add some text breaks.
|
|
[17414] |
Uncomment pass rule logic. Fixes a problem report from the forum.
Reminded-by: Holger
|
|
[17417] |
Update lighttpd to 1.4.15
|
|
[17422] |
Remove stray ;
|
|
[17425] |
Add xml sync schedules option
|
|
[17430] |
Correctly note the filter configure item when removing the schedule feature from cron
|
|
[17431] |
hw.ata.wc is a read-only /boot/loader.conf value. Remove.
|
|
[17439] |
Turn off hard drive write caching correctly
|
|
[17447] |
MFC 17445
Don't round-robin on failover lb pools
|
|
[17448] |
Do not carriage return in the middle of a shell command
|
|
[17450] |
Remove trailing space
|
|
[17452] |
Do not echo out extra text when reloading the filter rules and correctly detect pftpx already started.
|
|
[17454] |
Load balancing seems to be fairly stable. Stop outputting so much debug information to the system logs.
|
|
[17455] |
Do not output TDR debug information to system logs
|
|
[17456] |
Woops, we need to show this error.
Reminded-by: Seth
|
|
[17457] |
Silence setting up route log error
|
|
[17458] |
Silence ftp proxy debugging statements for 1.2.
|
|
[17459] |
Increase timeout to 5 seconds so SLBD can deal with high load situations
better.
|
|
[17461] |
If the first ping failed, try once more before we mark the service down.
|
|
[17469] |
Add fping binary
|
|
[17476] |
Correctly define the state timeout value.
|
|
[17482] |
Use fping in RELENG_1_2
|
|
[17484] |
Note that we use the username admin when syncing in the error messages
|
|
[17489] |
Block traffic from source port 0 or destination port
0. Some crafty folks try to evade packet filters by using this type of
trickery.
See http://www.securityfocus.com/archive/75/402099/30/0/threaded for
more information.
|
|
[17490] |
Snapshot 1.2-BETA-1. We need to get a new version out for testing before 1.2-BETA-1.
|
|
[17493] |
We should anti spoof on the wan interface as well.
|
|
[17494] |
We really need to lock the configuration when outputting the config.cache
|
|
[17497] |
Do correct locking when cleaning the backup cache
|
|
[17500] |
When we iterate through the backup cache we call out
to parse the configuration file.
This can be fatal if the xml contents is corrupted and the process will
die out. Instead of dieing, return -1 and let the process continue
since we have further logic to detect these issues and restore a
previous configuration, etc.
|
|
[17503] |
xmlparse now returns -1 when a file is corrupt. Detect this situatioon and notify the user that we are unlinking the file.
|
|
[17506] |
xmlparse now returns -1 when a file is corrupt. Detect
this situation during parse_config() and trigger a backup. Note to the
user this occurance.
|
|
[17509] |
* Use copy instead of system()
* Lock the configuration before doing this operation
* Unlink config.cache if it exists
* Send the image to RO after this operation
|
|
[17512] |
Correct the copy() logic
|
|
[17515] |
Only check for server or client respectively instead
of checking for both. Otherwise if a operator is only running server or
client openvpn entries we do not show the configuration.
|
|
[17518] |
Use the correct array path to deterimine if a false entry exists.
|
|
[17521] |
Set tcsh autologout to 0
|
|
[17524] |
Debug out when a lock recursion issue is present. This might expose some missing unlocks and lead to performance speedups.
|
|
[17525] |
Fix a major time based rule bug. We need to match packets *INCOMING* to the interface similar to how pf works.
|
|
[17528] |
Fix another major bug in time based rules. When a * *
* rule is in affect on the wan interface we where killing outgoing
traffic from the firewall itself.
|
|
[17531] |
Use skipto type ipfw rules so that the pass type rules
will not bail out of the ipfw ruleset and keep processing at the next
rule.
|
|
[17534] |
Correct is_array() check.
Suggested-by: Bill M
|
|
[17537] |
Correct is_array() check.
Make sure all 3 branches are the same.
Suggested-by: Bill M
|
|
[17538] |
Correctly setup nat interface mappings when AON is disabled and a gateway is present.
Ticket #1289
|
|
[17541] |
Handle dhclient case on optX interfaces and map nat correctly.
|
|
[17544] |
Call sync with the lock held before allowing a new party to come along and start writing to config.xml.
|
|
[17547] |
When dhclient renews the ip address and the ip has not
changed then old_ip_address will not be set. Ignore this and do not
reload all packages when the ip has not changed.
|
|
[17550] |
Add a blurb that the IP change in the system logs and that we are restarting the packages. This is debug for the time being.
|
|
[17551] |
Do proper locking when writing out php.ini.
Sync the disk contents to force the write to disk after closing the
file. Hopefully this will help solve the php.ini from disappearing on
bootup when a panic occurs.
|
|
[17554] |
Bootstrap php.ini on non-cdrom platforms to *GUARANTEE* that we can invoke php correctly.
|
|
[17558] |
Add anti-lockout rule to ipfw so that you cannot lock yourself out of the GUI.
This is tunable via system -> advanced
|
|
[17561] |
Fix tdr_get_next_ipfw_rule to not return 2 every time.
|
|
[17564] |
Correctly incriment skipto rule number.
|
|
[17567] |
Make the ordering of the IPFW time based rules exactly
the same as PF so there are no strange "gotchas" or "caveats" that the
user would have to abide by.
|
|
[17568] |
Make the ordering of the IPFW time based rules exactly
the same as PF so there are no strange "gotchas" or "caveats" that the
user would have to abide by.
|
|
[17573] |
If $config['system']['dummynetshaper'] is set then load ipfw and dummynet early on
|
|
[17577] |
Do not reload ipfw if it is already loaded.
|
|
[17582] |
0 -> 00 for start time for consistency
|
|
[17583] |
MFC
Show schedule indicator.
|
|
[17584] |
Only foreach through valid arrays.
|
|
[17585] |
Move sync schedules underneath firewall rules section for cosmetic bling bling.
Suggested-mulitple-times-by: Holger
|
|
[17589] |
Apply OpenVPN patch from Martin Fuchs which adds outgoing tunnel bandwidthg control.
|
|
[17593] |
Add trailing slashes to upload directory
|
|
[17597] |
MFC 17596
Correctly use all interfaces.
|
|
[17598] |
* Fix get_interface_list()
* Backout Seth's changes. The bug was up the stack in get_interface_list()
|
|
[17601] |
use <object> instead of <embed>
Ironically this was already fixed in HEAD!
Ticket #1290
|
|
[17603] |
Version bump
|
|
[17605] |
Ensure that old time based rules get deleted during reload
|
|
[17608] |
Add more well known ports to the protocols drop down.
Patch-submitted-by: Martin Fuchs
|
|
[17611] |
Detect when schedules are present and install non schedule rule correctly
|
|
[17614] |
check-state at the beginning of the tdr set
|
|
[17617] |
Use check-state on all TDR rules
|
|
[17620] |
Dont check-state on the rules.
|
|
[17622] |
Turn back off TDR debugging statements.
|
|
[17627] |
MFC 17588
Bug fix: Menu now shows on top of traffic graph instead of underneath
|
|
[17631] |
The earlier fix from today that fixed
get_interfaces_with_gateways() created new problem where all interfaces
would show up in assign_interfaces screen and other places. Instead of
showing them all by default teach get_interfaces_with_gateways() how to
extract the complete list.
|
|
[17635] |
* Use is_interface_mismatch() function * Do not allow
configuration to continue until the interfaces are setup correctly *
When restoring a configuration via the webConfigurator detect that a
interface mismatch has occured and redirect the user to the assign
interface screen. Once the assign interface Save button has been
pressed go ahead and reboot. This might just prevent someone from
throwing a fit since they do not have console access.
|
|
[17636] |
* Use is_interface_mismatch() function * Do not allow
configuration to continue until the interfaces are setup correctly *
When restoring a configuration via the webConfigurator detect that a
interface mismatch has occured and redirect the user to the assign
interface screen. Once the assign interface Save button has been
pressed go ahead and reboot. This might just prevent someone from
throwing a fit since they do not have console access.
|
|
[17638] |
s/resolved/resolve/
|
|
[17640] |
Detect 0 byte config.xml cases and attempt to restore a previous backup.
|
|
[17643] |
Detect 0 byte config.xml cases and attempt to restore
a previous backup.
With this change my wrap that has been panicing for 30 hours straight
boots right back off and we will continue the panic torture test.
|
|
[17646] |
File a notice when we restore a previous configuration file.
|
|
[17650] |
Recompile slbd with Seths Stay under 5 seconds for the poll cycl changes
|
|
[17653] |
Unbreak status graph. Someone is going to need to
submit *WORKING* patches that work with FireFox, IE and Opera for this
to get changed again!
Ticket #1290
|
|
[17655] |
Update racoon to 0.6.7
|
|
[17665] |
Increase the size of the openvpn custom options box.
|
|
[17670] |
Add is_private_ip function which will return true if an ip address falls within a private subnet range.
|
|
[17672] |
Correctly map static routes.
Work done by Seth Mos
TODO: Port to -HEAD.
|
|
[17673] |
Remove hack that checks for blank protocol. We need to
fix the upstream bug that is causing the blank entries. This bug is
also appearing in the load balancing area now.
|
|
[17678] |
MFC
Merge 2nd pass NAT rule generation. Take ipsec and voip into account.
|
|
[17681] |
MFC Alter outbound nat descriptions to match operation
|
|
[17687] |
MFC
3rd pass nat rules generation. Also process lan subnets with OPT gateway properly.
|
|
[17692] |
OpenVPN bandwidth fix from Martin Fuchs
|
|
[17696] |
Only deinstall filter reload item if it is presently installed
|
|
[17700] |
Do not writeout tdr_cron_install() entries on bootup. Somehow doing so adds a stray load balancing and openvpn entries.
|
|
[17703] |
Write out an entry to the logging system when we write_config() on bootup.
This will help us track down stray items writing out on bootup.
|
|
[17706] |
Quiet down the dhclient log files in preperation for 1.-2-BETA-1 release.
|
|
[17707] |
Trim carriage return off of the $old_ip so that the <> comparison works.
This should fix the packages from always being restarted even if the ip was the same.
|
|
[17710] |
PPPoE server fixes
Ticket #1283
|
|
[17715] |
* Add status virtual servers screen from Seth Mos
* Add tab code to the original LB pool status screen
|
|
[17718] |
MFC
The aliases edit page says we allow the - and _ but the pattern did not match.
|
|
[17724] |
miniupnpd-20070412
|
|
[17727] |
Add upnp status link in the menu
|
|
[17728] |
Quiet down ftpsesame.
|
|
[17731] |
Correctly delete old rules from TDR using set 9
|
|
[17734] |
Delete the 2nd and 3rd rules as well
|
|
[17737] |
Move TDR pruning routines to the correct location.
|
|
[17739] |
Note missing file before reinstalling package
|
|
[17745] |
Add missing / directory seperator.
This should hopefully fix squid from reinstalling itself a million times on bootup.
|
|
[17747] |
Correctly output the package name that we are attempting to reinstall instead of the package array number.
|
|
[17750] |
It is time for 1.2-BETA-1.
Agree'd by: smos, hoba
|
|
[17751] |
Use $_SERVER['argvc'] and $_SERVER['argv'][$x]. This fixes the linkup issues (hotplug)
|
|
[17754] |
Change Miniupnp to UPNP
|
|
[17757] |
$config needs to be a global. Someone needs a pointy-hat!
|
|
[17762] |
Add a pfSense interactive php shell for developers.
|
|
[17766] |
Escape $ so that it does not try to print out the variable
|
|
[17769] |
Add pfSense php shell option. This will be used by
developers to tell operators how to remove blank config options and
many other things that will be easier than instructing someone to edit
config.xml directly, etc.
|
|
[17772] |
Show that exit is a valid command
|
|
[17775] |
Add multiline support for multi-line mini programs/scripts.
|
|
[17779] |
Keep 5 backups on embedded. Keep 30 on full installations.
|
|
[17782] |
Clean backup cache before starting php environment
|
|
[17784] |
Back on the snapshot building program
|
|
[17785] |
Disable interrupt total box. We need a better parsing algo.
|
|
[17787] |
Do not allow the setting of the carp sync ip to be an ip address on the same firewall. This leads to a sync loop.
|
|
[17790] |
Do not forget VIP's as well.
|
|
[17793] |
Take into account the DHCP wan ip address as well
|
|
[17796] |
Capitalize IP
|
|
[17799] |
* add comments about scheduler logic
* correct one case where the logic was not correct
|
|
[17804] |
Delete package before reinstalling to avoid multiple service entries, etc.
|
|
[17809] |
Woops, use delete_package_xml() instead of delete_package()
|
|
[17812] |
Install the package, deinstall and reinstall to ensure it is in a proper state.
|
|
[17815] |
Allow synchornize to ip to be blank.
|
|
[17818] |
Prevent a configuration sync loop from occuring when a cluster has two nodes.
|
|
[17822] |
Add does_url_exist() which can verify a URL exists before downloading.
|
|
[17825] |
Woops, actually use $url
Noticed-by: Seth
|
|
[17829] |
Add firmware update menu option which can fetch a URL from the internet or use a already fetched file from the file system.
|
|
[17832] |
Add md5 support if the site is storing the value.
|
|
[17835] |
Launch file correctly
|
|
[17838] |
Exit if URL or PATH is blank.
|
|
[17841] |
* Do not close a buffer that has failed
* Automatically retry failed connection
|
|
[17844] |
Fetch the filesize initially and compare it. In addition we compare MD5 to be absolutely sure.
|
|
[17848] |
Do not allow - in aliases. This breaks port aliases.
tables are fine with the - and the _. Ports only work with _.
|
|
[17850] |
Install frickin pptp proxy rules correctly.
|
|
[17851] |
Snapshot version bump
|
|
[17853] |
Add a note that you do not use Synchronize IP and password option on backup cluster members.
|
|
[17858] |
Fix spelling mistake
Pointed-out-by: Summat via IRC
|
|
[17863] |
Show common commands in the php pfsense shell such as:
* Enabling SSH
* Enabling wireless on an interface (hostap, channel, ssid, etc)
* Enabling DHCP Server on an interface
* Disable firewall filter
* Set up an interface for DHCP and enable
* Set up an interface for static and enable
These commands come in handy when configuring a 1 port ethernet wrap with 2 wireless cards.
Sponsored-by: Bluegrass.net
|
|
[17866] |
Minor text updates
|
|
[17869] |
Minor text updates
|
|
[17872] |
Show the reboot command as well for php pfSense shell
Sponsored-by: Bluegrass.net
|
|
[17875] |
* Correct printr typo.
* Show how to output the interfaces and dhcpd portions of the configuration
|
|
[17878] |
Clarify DHCP server comment
|
|
[17881] |
Show how to output the wireless options such as channels, modes, etc.
|
|
[17887] |
Move help / common usage scenarios to the "help" command.
|
|
[17894] |
Do not attempt to touch /needs_package_sync on CDROM platform.
|
|
[17899] |
Update to PHP 4.4.7 (cgi-fcgi) (built: May 4 2007 13:35:10)
|
|
[17902] |
Snapshot version bump
|
|
[17912] |
Somehow the path is not being set past .:, remove it for testing
|
|
[17913] |
Backout last change
|
|
[17914] |
Backout last change
|
|
[17917] |
Install compatibility symlink for packages built in /tmp/tmp (FreeBSD 7 currently)
|
|
[17920] |
Correct compatibility symlink
|
|
[17923] |
Correct the compatibility location again.
|
|
[17929] |
Do not create nat on rules for opt interfaces with a gateway.
|
|
[17932] |
Show icon that indicates whether the traffic is being blocked or allowed
MFC: 17931
|
|
[17957] |
Return the virtual interface for PPPoE
|
|
[17960] |
get_interface_gateway() does not understand pppoe
|
|
[18020] |
Trigger on right opt interface
|
|
[18021] |
correctly determine if time range exists
|
|
[18026] |
Make naming consistent
|
|
[18027] |
Version bump. Working pppoe load balancer code
|
|
[18029] |
Add more protocols.
Submitted-by: Martin Fuchs
|
|
[18037] |
Add is_wan_interface_up($interface)
Can be optional interface as well.
|
|
[18042] |
Binary without NAT-T support.
|
|
[18045] |
Remove trailing line and unbreak snapshot server.
|
|
[18046] |
Execute tcpdump in background for speed improvement
|
|
[18051] |
Add NTP Server field to dhcp config.
From: Alexander Schaber
|
|
[18052] |
Compile static racoon which includes libipsec.so.0
|
|
[18059] |
Sometimes people have local domains which they do not
want forwarded to upstream servers. This is accomodated by using server
options without the server IP address. To make things clearer local is
a synonym for server. For example the option local=/localnet/ ensures
that any domain name query which ends in .localnet will be answered if
possible from /etc/hosts or DHCP, but never sent to an upstream server.
Ticket #1190
|
|
[18061] |
Commit missing fragment, align with other branches.
|
|
[18062] |
Add DHCP options to OpenVPN
Submitted-by: Martin Fuchs
|
|
[18063] |
Kill trailing space
|
|
[18066] |
Only apply md5 summaries to real files. *.tgz is NOT a real file.
|
|
[18068] |
When Enable Static ARP entries is enabled, do not
allow entries that lack an ip address from being added. Currently we do
not have any type of dhcp server hooks to automatically add the arp
address to the arp table to make this work otherwise.
|
|
[18073] |
Create upgrade scripts for embedded which turns on the serial console.
|
|
[18076] |
Add a plus button on the top header of these pages.
This to make it easier on large configurations.
|
|
[18078] |
Lot's of plus buttons added.
|
|
[18081] |
Add a wan interface up check before we start any time syncing.
|
|
[18087] |
Show active schedules and their corresponding actions
|
|
[18088] |
Show active schedules
|
|
[18089] |
Show captive portal errors properly
|
|
[18092] |
Use /root/ as temporary storage.
|
|
[18095] |
Unlink upgrade file on upgrade.
|
|
[18098] |
Unlink upgrade file on upgrade.
|
|
[18101] |
Use unlink_if_exists()
|
|
[18103] |
Unbreak firewall_nat_out.php
Pointy-hat-to: smos
|
|
[18104] |
Port load balancer sticky address option
|
|
[18108] |
Update XML_RPC to 1.5.1
This fixes sync issues on configs > 500KB
|
|
[18111] |
Lock the configuration while we fix the serial console
|
|
[18113] |
Use /etc/ttys and /etc/gettytab that ships with the
update instead of rewriting the file from a custom script (and loosing
special formatting such as tabs)
|
|
[18137] |
Mount read/write before fetching url.
|
|
[18141] |
Rework stop and start logic. If we are already alive, reload instead of stop and start.
Tested by Seth.
|
|
[18145] |
Add missing closing td tag.
|
|
[18147] |
Patch from Martin to fix http://forum.pfsense.org/index.php/topic,4773.0.html
|
|
[18149] |
Add system routes duplicate option.
|
|
[18151] |
Honor sticky-address setting from system->advanced for outgoing load balancing items if it is enabled.
|
|
[18154] |
$config needs to be a global item
|
|
[18158] |
Remove syslog from port definitions
Ticket #1314
|
|
[18161] |
Mount image read write before upgrading.
|
|
[18170] |
Do not flush SPA and SPD before starting. It upsets racoon.
|
|
[18172] |
DHCP Relay - server textbox field doesn't toggle properly
Ticket #1313
|
|
[18176] |
s/occured/occurred/
Ticket #1309
|
|
[18178] |
when pppoe aliases on pppoe server are made they make
aliases for ng0 to whatever. but ng1 should be the start for
pppoe-server ng0 should be reserved for pppoe client this problem could
effect pptp server as well.
Ticket #1308
|
|
[18183] |
Scrub the absolute minimum amount for PPPoE
|
|
[18185] |
Version bump using that confusing american date format.
|
|
[18187] |
add option for no count, correct host field
|
|
[18190] |
Remove previous firmware.tgz on bootup if present.
|
|
[18194] |
Add missing )'s.
How this got past our PHP LINT checker is beyond me.
|
|
[18198] |
Remove extra "'s.
|
|
[18201] |
save capture to /tmp, fix other various issues
|
|
[18203] |
Use pfSync SYNCPEER directive if defined.
Ticket #1317
|
|
[18208] |
Add stop / start / restart racoon (IPSEC VPN) service option.
|
|
[18210] |
Snapshot version bump
|
|
[18213] |
prepare for widget package
|
|
[18225] |
Add a function to forcefully reload VPN on wan ip change.
|
|
[18230] |
Reset dynamic dns upon pppoe forced disconnect.
Ticket #1325
|
|
[18231] |
For some reason check_reload_status was doing strange things(TM)
when it forked. We will need to consult with a C god of why
this actually fixed the problem.
|
|
[18236] |
crs fork code is out, executing in background
|
|
[18237] |
Launch in BG
|
|
[18247] |
Work around a FreeBSD where 2 carp interfaces exist
and you delete 1. This ends up panicing the kernel. This is fixed in 7
so this will not be needed much longer.
|
|
[18251] |
Commit forgotten vpn_ipsec_force_reload()
|
|
[18252] |
Update miniupnpd binary to be in line with the rest
|
|
[18254] |
Use nohup construct for launching check_reload_status
|
|
[18257] |
Do not destroy carp interface which can lead to a
panic. This has been tested and works just fine after deleting and
adding new carp interfaces.
|
|
[18260] |
usleep(1000); between down and delete. this appears to fix the carp issues.
|
|
[18262] |
Don't check carp settings, check if vip addresses exist.
|
|
[18267] |
Alert the user that deleting the CARP ip addresses will reboot.
|
|
[18268] |
Move post routine to end so that the page will refresh before rebooting (panicing)
|
|
[18269] |
* Tell user when we are rebooting
* Issue a shutdown -r now command instead of panicing and potentially corrupting the configuration
|
|
[18270] |
This is PHP code, not HTML. Woops.
|
|
[18271] |
* Issue a shutdown -r now command instead of panicing and potentially corrupting the configuration
|
|
[18272] |
* Flush buffer
* Run shutdown in parallel
* Exit immediately
|
|
[18273] |
Really output message correctly, remove previous notice.
|
|
[18274] |
Woops, only reboot on carp entries.
|
|
[18275] |
Woops, only reboot on carp entries.
|
|
[18277] |
Version bump
|
|
[18287] |
-bump miniupnpd version 20070521
-dropped status tab from upnp services page
-dropped tabs from upnp status page
|
|
[18292] |
Back out #1313. It breaks dhcp relay.
See ticket #1332
|
|
[18294] |
Version bump
|
|
[18303] |
* Add functions required for dashboard
* Killing trailing space
|
|
[18305] |
Add widget CSS items.
|
|
[18307] |
Icons for new widgets
|
|
[18309] |
css for widgets
|
|
[18310] |
css for widgets
|
|
[18315] |
Update graph refresh interval to 3 seconds from 1.
|
|
[18316] |
update css for widgets config div
|
|
[18323] |
Allow graph to receive incoming refresh interval. Default is 1 sec.
|
|
[18328] |
Version bump
|
|
[18338] |
Set net.inet.tcp.inflight.enable to 3 and gather feedback from users.
|
|
[18340] |
Version bump
|
|
[18372] |
Update pftop
|
|
[18374] |
Unbreak local queries that where broken in Ticket #1190 until we hear back from author of the patch.
|
|
[18377] |
s/dhcprelay/dhcrelay/ so that service status shows up correctly
Ticket #1333
|
|
[18379] |
Version bump
|
|
[18380] |
Remove c/r
|
|
[18381] |
Update static routes on filter reload
Ticket #1330
|
|
[18392] |
add closing tr tag
|
|
[18405] |
Pass gre in any direction.
|
|
[18408] |
Only allow adavanced tunables when some kind of state tracking is enabled.
|
|
[18411] |
Really only allow adavanced tunables when some kind of state tracking is enabled.
|
|
[18416] |
Increase update delay.
|
|
[18418] |
Use keep state instead of modulate state
|
|
[18419] |
Version bump
|
|
[18429] |
get_interface_info() now resides in pfsense-utils.inc.
|
|
[18430] |
get_interface_info is now in pfsense-utils.inc. Who moved this function without testing the rest of the pages!?
|
|
[18432] |
Change link 'System' to 'Dashboard'
|
|
[18445] |
update icons for interface widget
|
|
[18446] |
and back we go to System, oops
|
|
[18452] |
Instead of skipping DHCP server on LAN in a bridged
environment, simply log an error letting the operator know that DHCP
Server is enabled on LAN in a bridging environment.
|
|
[18470] |
Remove IPV6 operations.
|
|
[18478] |
* Sleep between restarting racoon
* Use vpn_ipsec_force_reload();
* Break when needed
|
|
[18479] |
Kill trailing space
|
|
[18480] |
Correct ps location
|
|
[18485] |
* Remove path from racoon grep
* Remove [r] from racoon and simply grep for racoon
|
|
[18488] |
Call vpn_ipsec_force_reload() when user clicks "Save"
|
|
[18491] |
* Flush SPD's on reload
* Kilall -HUP racoon if its already running since racoonctl is brokie brokie
|
|
[18494] |
use killall
|
|
[18498] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18502] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18505] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18506] |
SSH-Key(only) Login
|
|
[18509] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18512] |
Close STDIN ($fp) handle before returning back to shell. Major doh's.
|
|
[18513] |
Instead of running an endless loop, let the console
logout and log back in after a command. This fixes some of the issues
on serial console.
|
|
[18514] |
* Backout last commit
* Change the logic a bit by sleeping for 10 seconds after option 2 and
then logout and log back in. This works around the strange strange
shell issues on serial console.
|
|
[18523] |
Set the recv and send space to 4096 when folks use pfSense on 64 megabyte machines.
|
|
[18528] |
Reset terminals on blank input which could be a console reload war between some kind of strange "new spawned console".
|
|
[18530] |
With the tweaks that have occured today fastcgi can now run again on 64 megabyte machines.
|
|
[18538] |
Restore previous PPTP changes.
|
|
[18541] |
Catch checkreload.sh back up to check_reload_status changes.
|
|
[18545] |
Version bump.
|
|
[18548] |
Revert previous commits now that IPSEC is reloading correctly.
|
|
[18564] |
Version bump
|
|
[18607] |
find_interface_ip() requires a real interface
|
|
[18611] |
Cleanup logging line so that it is more readable.
|
|
[18616] |
Unbreak captive portal images.
|
|
[18619] |
Make sure we are writable for /etc/crontab
|
|
[18630] |
Revise polling text.
|
|
[18695] |
Correct location of use_rrd_gateway.
|
|
[18706] |
Default to nat-reflection inactivity of 2000 which is roughtly 33 minutes.
|
|
[18709] |
Note that failover mode only applies to ougoing (multi-wan) rules.
|
|
[18716] |
update widget css
|
|
[18717] |
update widget css
|
|
[18735] |
Reset SLBD every 5 hours to avoid 100% cpu utilization
Ticket #1316
|
|
[18737] |
Version bump
|
|
[18740] |
parse entire path for packet capture file to download correctly
|
|
[18746] |
Version bump.
|
|
[18752] |
Move CARP and PFSYNC allow traffic before USER_RULES
section. If a person has a restrictive ruleset then it is possible to
disallow traffic.
|
|
[18754] |
Version bump.
|
|
[18768] |
Recompile against libevent 1.3a
|
|
[18773] |
Do not antispoof on wan when it is bridged.
Ticket #1352
|
|
[18780] |
Remove openvpn csc file when option is disabled.
Ticket #1339
|
|
[18786] |
Correctly move upnp to base since LiveCD cannot write files to /usr/local/etc or /usr/local/etc/rc.d/
Ticket #1342
|
|
[18789] |
Correctly move upnp to base since LiveCD cannot write files to /usr/local/etc or /usr/local/etc/rc.d/
Ticket #1342
|
|
[18794] |
unbreak policy routing rules network access to LAN IP
Ticket #1320
|
|
[18795] |
use correct path for miniupnpd.conf
|
|
[18798] |
Woops, we need this code. Write out config file correctly.
|
|
[18800] |
$config needs to be global
|
|
[18804] |
Use /var/etc/
|
|
[18805] |
Remove debugging helpers
|
|
[18806] |
Remove debugging helpers
|
|
[18808] |
Version bump
|
|
[18814] |
set filename properly upon downloading capture
|
|
[18818] |
Be more verbose on logging so that we can correctly deterimine protocol, etc.
Ticket #1348
|
|
[18825] |
Cleanup IPSEC rules. We where blocking port = 500 UDP on CARP interfaces, for one.
|
|
[18826] |
Version bump
|
|
[18830] |
Remove code which does not belong in RELENG_1_2. The new login / user system is in RELENG_1+
|
|
[18847] |
Correct location to "true".
Noticed-by: dsh
|
|
[18854] |
Version bump.
|
|
[18855] |
Version bump. Resume snapshots.
|
|
[18872] |
MFC 18866
Update reg ex to accommodate extra data thrown into log
Ticket #1371
|
|
[18873] |
Recompile ftpsesame
|
|
[18880] |
Set the ephemeral port range starting port to 1024
instead of 49152.
On a busy firewall it is possible to run out of ephemeral ports and
then the system will block new connections until a port is available.
|
|
[18891] |
Only pass anti-lockout traffic on $lan
|
|
[18894] |
Since we are matching traffic on incoming interface, do not link wan or lan to bridgeX
|
|
[18896] |
Version bump
|
|
[18898] |
Do not use $iface as source or destination as it may be a member of a bridge without an ip address and pfctl will complain.
|
|
[18901] |
Escape $lan correctly
|
|
[18903] |
Missed commmit
|
|
[18905] |
Use $lanif for lan anti-lockout rule
|
|
[18908] |
Remove the dynamic log viewer link for 1.2. It needs a lot of work still.
Ticket #1371
|
|
[18909] |
Do not show IPSEC rules tab when IPSEC is disabled.
|
|
[18912] |
Increase default time from 1 second to 3 which is far too short.
|
|
[18915] |
Version bump
|
|
[18916] |
Misc grammer fixes
|
|
[18919] |
Remove extra PasswordAuthentication line.
Ticket #1374
|
|
[18922] |
Restart filter logging process after timezone change so that the entries reflect the correct time and date.
|
|
[18927] |
MFC IPSEC fixes from seth, this should properly reload and handle large
configs > 300 tunnels.
|
|
[18931] |
Use pattern matching for proper database selection
|
|
[18935] |
Kill off old pftpx processes correctly
|
|
[18941] |
CAPS kills. Literally. Do not set the description to upper case LAN when we are looking for lower case.
|
|
[18951] |
Oops, correct path to binaries
|
|
[18962] |
Tag 1.2-B3
|
|
[18965] |
Recompile ftpsesame
|
|
[18968] |
Turn off extended logging errors
|
|
[18972] |
Start DHCPD before DNSMASQ to avoid this error on embedded:
Jul 12 01:34:39 dnsmasq[588]: failed to access /var/dhcpd/var/db/dhcpd.leases: No such file or directory
|
|
[18989] |
Correct average times, otherwise the grap stops after 8 months.
|
|
[18998] |
Remove bogus warning.
|
|
[19002] |
Version bump. RC1 time.
|
|
[19009] |
Version bump
|
|
[19015] |
Shutdown miniupnpd correctly.
Ticket #1383
|
|
[19019] |
Update DNSMASQ to 2.39
|
|
[19024] |
s/Passwordlogin/Password login/
|
|
[19025] |
Update APC to 3.0.14
|
|
[19027] |
Update to lighttpd 1.4.15
|
|
[19031] |
Back to testing snapshot status
|
|
[19052] |
-move upnp_action to services.inc
-make sure to clear rules when stopping miniupnpd
-fix status_upnp and status_services pages so they use upnp_action and not the rcfile
|
|
[19053] |
-move upnp_action to services.inc
-make sure to clear rules when stopping miniupnpd
-fix status_upnp and status_services pages so they use upnp_action and not the rcfile
|
|
[19058] |
Show the IPSEC firewall rule interface when mobile ipsec is enabled
|
|
[19062] |
Silence "reading /var/dhcpd/var/db/dhcpd.leases message that spams
syslog to death
|
|
[19065] |
show ipsec tab properly when mobile clients is enabled and no tunnel exists
|
|
[19086] |
Quality graph alignment
|
|
[19099] |
Backport username display feature in captive portal. Really not sure why it wasn't included in RELENG_* versions.
|
|
[19103] |
remove duplicate upnp disabled message
|
|
[19104] |
Update dnsmasq
|
|
[19111] |
Do not allow aliases to be named "pptp".
|
|
[19114] |
Correct error string to read "pptp" instead of "WAN".
|
|
[19131] |
Increase timeouts when using a 1000 hz.
From the FreeBSD commit message:
ÊChange TCPTV_MIN to be independent of HZ. ÊWhile it was documented to
Êbe in ticks "for algorithm stability" when originally committed, it turns
Êout that it has a significant impact in timing out connections. ÊWhen we
Êchanged HZ from 100 to 1000, this had a big effect on reducing the time
Êbefore dropping connections.
ÊTo demonstrate, boot with kern.hz=100. Êssh to a box on local ethernet
Êand establish a reliable round-trip-time (ie: type a few commands).
ÊThen unplug the ethernet and press a key. ÊTime how long it takes to
Êdrop the connection.
ÊThe old behavior (with hz=100) caused the connection to typically drop
Êbetween 90 and 110 seconds of getting no response.
ÊNow boot with kern.hz=1000 (default). ÊThe same test causes the ssh session
Êto drop after just 9-10 seconds. ÊThis is a big deal on a wifi connection.
ÊWith kern.hz=1000, change sysctl net.inet.tcp.rexmit_min from 3 to 30.
ÊNote how it behaves the same as when HZ was 100. ÊAlso, note that when
Êbooting with hz=100, net.inet.tcp.rexmit_min *used* to be 30.
ÊThis commit changes TCPTV_MIN to be scaled with hz. Êrexmit_min should
Êalways be about 30. ÊIf you set hz to Really Slow(TM), there is a safety
Êfeature to prevent a value of 0 being used.
ÊThis may be revised in the future, but for the time being, it restores the
Êold, pre-hz=1000 behavior, which is significantly less annoying.
ÊAs a workaround, to avoid rebooting or rebuilding a kernel, you can run
Ê"sysctl net.inet.tcp.rexmit_min=30" and add "net.inet.tcp.rexmit_min=30"
Êto /etc/sysctl.conf. ÊThis is safe to run from 6.0 onwards.
ÊApproved by: Êre (rwatson)
ÊReviewed by: Êandre, silby
|
|
[19134] |
* Remove trailing space
* Remove duplicate command accidently commited
|
|
[19172] |
Reinstall correct kernel after upgrade.
|
|
[19184] |
* Ensure source kernel exists before blindly copying
* Move embedded ttys back into place after upgrade
|
|
[19187] |
Only zap /kernels directory if it exists
|
|
[19190] |
* Drop the lock before exiting
* Fall back to RO on needed platforms before exiting
|
|
[19193] |
* The drop is locked in /etc/rc.firmware
* Modify ttys after the correct file is moved into place
|
|
[19214] |
Sync NATT support from m0n0wall
|
|
[19235] |
Sync w/ HEAD
|
|
[19238] |
Ensure CARP cache is cleared on status page reload.
|
|
[19241] |
Ensure CARP cache is cleared on status page reload.
|
|
[19257] |
Move to RC2
|
|
[19273] |
Add script which checks for racoon issues created by Seth Mos.
|
|
[19276] |
Start racoon_watch.sh script on bootup if racoon is enabled.
|
|
[19279] |
Do not invoke GDB for debugging when racoon goes belly up in the sbwait state.
|
|
[19282] |
Enahance reloading vpn error to reflect what is really happening.
|
|
[19286] |
Ahem, commit working code, never write shell scripts in under 5 minutes.
Pointy-hat-to: Seth
|
|
[19296] |
Show MBUF usage.
|
|
[19301] |
Use maximum mbuf field
|
|
[19307] |
Only reload webGUI con CERT or KEY changes.
|
|
[19310] |
Increase net.inet.ip.intr_queue_maxlen to 1000 which is the IP input queue.
|
|
[19313] |
Add defCmdT("netstat -s -ppfsync","netstat -s -ppfsync"); which will be useful in debugging pfsync errors.
|
|
[19319] |
Remove the warning per ticket #1397
|
|
[19320] |
Do not allow sticky connection bit to be set if pppoe is enabled.
Ticket #1319
|
|
[19321] |
Correct if checks.
|
|
[19330] |
Disable firmware upgrade for embedded and cdrom and suggest using the console option to upgrade.
Ticket #1433
|
|
[19331] |
Recompile MPD with MSS/dial-on-demand patches (also fixes idle timeout bug)
Obtained-from:
http://svn.m0n0.ch/wall/tags/release-1.3b3/build/patches/packages/mpd.patch
|
|
[19333] |
Fix CP not sending Acct-Session-Time to Radius during accounting update
Ticket #1434
|
|
[19336] |
Sleep between ping cycles. When no hosts are being pinged then it can turn into a endless loop.
|
|
[19339] |
Woops, that should be sleep 1
|
|
[19342] |
Exit script immediately if there are no hosts to ping
|
|
[19345] |
Prompt for kernel type if it is not defined.
Ticket #1435
|
|
[19348] |
Do not close STDIN until script is done processing.
|
|
[19351] |
Make $fp global
|
|
[19354] |
Add carriage return
|
|
[19357] |
Exit immediately after firmware update operation completes.
|
|
[19360] |
Set $pkg_interface='console'; in php shell.
|
|
[19370] |
bump miniupnpd version
|
|
[19407] |
Work around heavy network activity issues.
[20070116, update 20070212] Systems with very heavy network activity
have been observed to have some problems with the kernel memory
allocator. Symptoms are processes that get stuck in zonelimit state, or
system livelocks. One partial workaround for this problem is to add the
following line to /boot/loader.conf and reboot:
kern.ipc.nmbclusters="0"
|
|
[19412] |
Bump lighttpd to 1.4.18
|
|
[19422] |
Use racoon's setkey
|
|
[19423] |
update racoon to 0.7
|
|
[19430] |
Add NAT-T settings.
Obtained-from: m0n0wall
|
|
[19431] |
Recompile ipsec-tools as static.
|
|
[19439] |
Use non NAT-T setkey.
|
|
[19445] |
Recompile OpenVPN
|
|
[19447] |
Remove NAT-T option
|
|
[19451] |
Trigger on lesser cpu usage
|
|
[19454] |
Downgrade back to 0.6.7 because of stability issues with 0.7
|
|
[19469] |
Sleep a little longer
|
|
[19472] |
Show wireless nodes regardless if we can deterimine
BSS value. Now the AP my test unit is associated with shows the signal
strength, etc correctly.
|
|
[19475] |
Fix formatting errors introduced by last commit.
|
|
[19478] |
Show both associated stations and nearby AP's regardless of operating mode.
|
|
[19481] |
Oops, do not list stations twice.
|
|
[19482] |
MFC RELENG_1. IPSEC tunnel endpoint highlighting.
|
|
[19483] |
MFC RELENG_1. Show the IPSEC interface as a option for the traffic graph.
|
|
[19484] |
MFC RELENG_1. Add RRD Settings page.
|
|
[19485] |
MFC RELENG_1. Make it possible to disable RRD graphs. Bump config so it's on by default if it wasn't already.
|
|
[19488] |
Correctly set reflection timeout for all protocols.
|
|
[19491] |
Restart snmp services after LAN IP changes
Ticket #1453
|
|
[19495] |
Ask for kernel type if the kernel upgrade type is unknown.
Ticket #1435
|
|
[19501] |
New setkey breaks status pages, downgrade
|
|
[19502] |
MFC RELENG_1. Add ipsec overview page from RELENG_1
|
|
[19503] |
Back to 60 seconds from 180
|
|
[19506] |
Do not show mbuf clusters, show mbufs.
|
|
[19521] |
Start /usr/sbin/update_dns_cache.sh on startup
|
|
[19539] |
Wrong branch. Back out.
|
|
[19558] |
-bump miniupnpd version to RC9
-add multiple interface support
|
|
[19561] |
Do not error on empty arrays
|
|
[19566] |
- clean up miniupnpd.inc use array directly instead of seperate function
|
|
[19576] |
If index.html, fred.png or dfuife.cgi is found remove them on upgrade.
|
|
[19578] |
* Fix uniprocessor option
* Cleanup text
|
|
[19581] |
Only break twice if we are asking for kernel type.
|
|
[19584] |
Only iterate an array if it is truly an array
Ticket #1463
|
|
[19587] |
Do not show Apply button if IPSEC is disabled.
Ticket #1467
|
|
[19592] |
Do not trigger as easy
Allow for more failures
This script will only work for racoon 0.6.7 not 0.7!
|
|
[19610] |
Fix ipsec overview for wan interface, carp already worked
|
|
[19616] |
Fix broken ipsec logic
|
|
[19623] |
Include second argument for pkg_delete()
Ticket #1470
|
|
[19624] |
Fix wording per ticket #1471
|
|
[19626] |
MFC:
Ticket #1448 IP Address sorting was MF'd from HEAD
|
|
[19628] |
Do not handle blank interface names.
Ticket #1461
|
|
[19635] |
MFC of [19631] for Ticket #1456
drop one level of verbosity in tcpdump. Some protocols will still
decode to multi-line message - not an easy fix. Doesn't appear to break
non-raw log display
Add VRRP as a protocol type in the decode
|
|
[19648] |
Version bump to 1.2-RC3
|
|
[19656] |
MFC 19653 19654 19655
Check if interface is passed along, otherwise return
Do not reconfigure on pptp interfaces.
Do not reconfigure on pptp interfaces.
|
|
[19659] |
Fix wording per ticket #1471
|
|
[19660] |
Rebooting, not may need to be...got reworded by mistake.
|
|
[19666] |
Allow the interface assignment code to exit from its
strict checking. This allows Netboot installation services to work
correctly.
|
|
[19669] |
Remove blank c/r
|
|
[19682] |
Do not show disabled tunnels
|
|
[19691] |
Correct menu entry
|
|
[19700] |
MFC of [19699]
Fix check_firmware_version description All XMLRPC functions should be authenticated
|
|
[19704] |
No need to remove param[0] again :)
|
|
[19728] |
Correctly set rowhelper input textbox sizes.
|
|
[19750] |
Ensure that all form elements have an id.
|
|
[19773] |
Correctly check disabled bit
|
|
[19779] |
Speedup ARP page by using diag_dhcp_leases.php page code for parsing the dhcpd.leases file
|
|
[19790] |
Ticket #1494 - when wrapping at 32bits, the difference is 32bits - last + current, not some massive negative number
|
|
[19805] |
Ticket #1476 - use convert multibyte instead of just specialchars
|
|
[19810] |
Relax the ip address check and allow duplicate ip address entries.
|
|
[19813] |
Relax the ip address check and allow duplicate ip address entries.
|
|
[19816] |
Ticket #1482 - set the source to an interface that is inside the subnet definition
|
|
[19818] |
ratio load balancing should actually work
|
|
[19820] |
Fix Javascript errors. Thanks JSLint!!
|
|
[19824] |
Remove the beastie boot loader prompt and return to prior freebsd behavior.
|
|
[19825] |
issed one
|
|
[19830] |
lint
|
|
[19847] |
Remove size headers since they seem to screw up IE
|
|
[19851] |
MFC
Ticket 1709: fexed typo in OpenVPN cfg-page
|
|
[19857] |
MFC
Ticket 1709: fixed typo in OpenVPN cfg-page
|
|
[19860] |
Update bogons list, it is severly out of date
|
|
[19863] |
Remove private networks
|
|
[19866] |
Fix for Ticket #1494 was committed from my first stab at the fix and not the actual fixed code and ended up in ticket #1496
|
|
[19867] |
MFC [19856] - ticket #1497
|
|
[19876] |
Remove Thumbs.db
|
|
[19895] |
Fix courtesey of Billm, hackathon 2007 conversation.
Forgotten commit.
|
|
[19899] |
Adding keep alive host to IPsec causes warning in webGUI
Ticket #1509
|
|
[19900] |
Backout RELENG_1_2 alias edit changes since it breaks until a proper fix can be sought.
Modify existing "Aliases" - php error
Ticket #1513
|
|
[19905] |
multiple vlans + spoofmac result in unexpected
behaviour
Ticket #1514
Introduction
I have an acceptable workaround, so the problem is not urgent, but
before i fiogured out the workaround, is was severely impacting
performance (3 interfaces not operating). I am a network specialist and
I am available to assist wherever possible. If the issue si considered
seriousenough for a fix, I can assist in more detailed pinpointing
using tcpdumps on test-platforms.
Symptoms
If a interface is using vlan tagging for virtual interfaces and also
the untagged interface is using MAC address spoofing, communication
fails on the tagged vlans.
Description
On interface rl1 is untagged the WAN connection. This requires a
spoofed MAC address, eg using
<spoofmac>00:03:6b:f7:3b:3f</spoofmac>. On interface rl1 is
also a vlan/tagged interface, eg vlan0 using rl1 and vlan tag 5. The
tagged interface vlan0 expects to use the original MAC address of the
interface rl0. But the issue is that interface rl0 is only processing
incoming packets with destination mac address spoof_mac_rl1.
Workarounds (no code change required)
acceptable configure the
<spoofmac>00:03:6b:f7:3b:3f</spoofmac> on all vlan
interfaces connected to interface rl1
funny start a tcpdump on the vlan interface. This will put the
interface in promiscuous mode and it will process all packets. Now the
packets destined for the original MAC address (and active on the vlan
interface)
bypass Do not use tagged interfaces on a interface with spoofmac
Remarks
It is very confusing that when a vlan is created, the GUI a refernece
shows to the physical/original MAC address, even when the MAC addres of
the untagged interface is
|
|
[19908] |
Back out counter wrap fix from ticket 1494 as it causes more issues then
we were trying to solve.
|
|
[19913] |
Revert graph.php back to 1.8.2.10.2.3
Tested-by: hoba
Ticket #1496
|
|
[19914] |
Do not allow dhcp-relay to be enabled if dhcp server is enabled on any interface.
Ticket #1488
|
|
[19929] |
Do not allow DHCP server to be enabled when DHCP relay is enabled, and vice versa
Ticket #1488
|
|
[19932] |
comment out debugging code, was slightly breaking IPsec logs page and possibly others.
|
|
[19933] |
fix setting of sysctls to remove error at bootup
|
|
[19934] |
remove whitespace at end
|
|
[19939] |
IPSEC keep alive pinger using the wrong source IP address
Ticket #1482
|
|
[19944] |
Failover in 10 seconds as opposed to 60 seconds on DHCP Server failover mode.
|
|
[19950] |
Remove any previous MD5 sums after upgrade.
|
|
[19953] |
Remove any previous MD5 sums after upgrade.
|
|
[19954] |
1.2-RC3
|
|
[19969] |
Correctly define Developers option.
|
|
[20026] |
Fix spelling
|
|
[20031] |
Fix math on throughput graph
|
|
[20055] |
fix typo and touch up text
|
|
[20066] |
description text correction
|
|
[20119] |
Turn register_argc_argv on
|
|
[20148] |
include readline support.
|
|
[20149] |
Really include libreadline support
|
|
[20150] |
MFC pfSense shell from HEAD.
|
|
[20151] |
Add pfSense php shell playback scripts
|
|
[20152] |
Nuke cvs_sync.sh. It has been moved to a pfSense php shell playback
script and is intended for developers only.
|
|
[20153] |
Add libreadline libraries
|
|
[20156] |
Recompile php binary
|
|
[20157] |
Nuke cvs_sync.sh on upgrade
|
|
[20158] |
don't ping on CARP backup hosts, breaks IPsec.
Ticket #1521
|
|
[20161] |
edit.php show an error on opening an empty file
Ticket #1519
|
|
[20163] |
MFC php from RELENG_1
|
|
[20166] |
Remove syslog.conf from checked out files marked for updating.
|
|
[20167] |
Allow command arguments from pfSsh.php
|
|
[20170] |
Really allow command arguments from pfSsh.php
|
|
[20175] |
Remove extra C/R
|
|
[20179] |
Really kill off slbd
Ticket #1533
|
|
[20182] |
Proper fix for aliases edit, backing out entire change was overzealous.
Ticket #1513
Ticket #1476
|
|
[20186] |
Move PPPoE Server to Services, VPN menu is misleading
|
|
[20187] |
Move PPPoE Server to Services, VPN menu is misleading
|
|
[20205] |
* Download bogons entries from pfsense.com
* Do not update on every minute on the 1st of the month
* Sleep for a random period before updating to avoid killing the server
|
|
[20210] |
Generate a random number correctly
|
|
[20214] |
Throw an error when we cannot download bogons file instead of blindly assuming it succeedded.
|
|
[20217] |
Report how many changes where made in bogons file.
|
|
[20220] |
Use files.pfsense.org
Requested-by: CMB
|
|
[20225] |
Switch to a more random number between 1-2,000. that'd be somewhere between
immediately and 33 minutes. If people are setting their time zone
properly that also helps distribute the load, since it runs at 1:01 AM
local time.
|
|
[20228] |
Change bogons update script frequency to 2am.
|
|
[20229] |
Change bogons update script frequency to 2am.
|
|
[20234] |
Move special case fixes before we return so that it can be processed.
|
|
[20237] |
Log when we change the bogons frequency hour.
|
|
[20239] |
Move update bogons script to 3am.
Discussed on pfSense-support@
|
|
[20242] |
Correctly show the console upgrade notice and exit.
|
|
[20244] |
Check value of /etc/platform when installing the correct ttys file.
Reported-by: Vivek Khera
|
|
[20247] |
Correctly check that an item is a symlink before blowing it away and recreating.
|
|
[20250] |
Improve check for /conf symlink on non cd-rom platform.
Suggested-by: Fernando Tarl‡ Cardoso Lemos
|
|
[20317] |
Increase maximum alias count to 299 from 99.
http://forum.pfsense.org/index.php/topic,7068.0/topicseen.html
|
|
[20321] |
Clarify that the httpsname should resolve to the correct interface ip on the captive portal interface.
|
|
[20324] |
Sometimes when the user enters the hostname of the
HTTPs captive portal server it resolves the IP address to $LANIP. Allow
access to $LANIP in addition to the $CPIP so that we can speedup
captive portal by 10000* in these cases.
|
|
[20333] |
MFC from HEAD
Set dhclient timeout to 1200.
Set retry value to 1.
Set select-timeout to 0.
Set initial-interval to 1.
|
|
[20357] |
Allow pfsync and carp traffic on captive portal.
|
|
[20359] |
Limit captive portal uploads to /tmp/captiveportal which has no access to write files.
|
|
[20362] |
Set server.max-request-size to 384 for captive portal.
|
|
[20365] |
Set server.max-request-size to 384 for captive portal.
|
|
[20372] |
Define lanip
|
|
[20375] |
Correctly remove old clients correctly.
Submitted to m0n0wall list by Ršnnblom JanŒke /Teknous
|
|
[20376] |
Don't forget line breaks!
|
|
[20381] |
Correct release information
|
|
[20384] |
s/Diagnostics/Status/
|
|
[20388] |
Update (C) and comment
|
|
[20391] |
If /etc/pwd.db.tmp exists when we are syncing the password database then remove the temporary file prior to attempting to sync.
|
|
[20394] |
change default kernel on upgrade to SMP. Virtually all
installs are running the SMP kernel, defaulting to uniprocessor broke
several systems.
related to Ticket #1534
|
|
[20399] |
don't create /tmp/tmp symlink if it already exists (silences error at boot time when it does exist)
|
|
[20401] |
globals.inc is required so that we use the correct lock file!
|
|
[20404] |
globals.inc is required so that we use the correct lock file!
|
|
[20432] |
MFC pf.os change by mfuchs
|
|
[20433] |
MFC printcap change by mfuchs
|
|
[20438] |
remove annoying and potentially problematic forced page refresh.
Ticket #1545
|
|
[20444] |
Slow down the pipe even more
|
|
[20447] |
racoon 0.6.7 with dpd and frag.
Has the MSG_DONTWAIT Fix from Timo Teras timo.teras@iki.fi
|
|
[20465] |
Remove invalid php. We use /usr/local/bin/php.
|
|
[20467] |
Move ttys_wrap into place last.
|
|
[20472] |
The original code did a mixed work: the part in
interfaces_assign.php first renamed the interfaces, and then called
cleanup_opt_interfaces_after_removal(). The latter didn't do anything
at all: it never entered the loop, it didn't save the result of
str_replace, it didn't save the resulting config after the processing.
And if it had worked, it would have renamed the interfaces a second
time as a side effect, completely messing-up the config.
Ticket #1532
|
|
[20473] |
Remove ipv6 rule reminder statement
Ticket #1560
|
|
[20474] |
Do not corrupt output when a space is in the SSID name.
Ticket #1531
|
|
[20477] |
Alert the user that the firewall must be rebooted after VLAN changes
Ticket #1555
|
|
[20478] |
* Only output one error message or save notice at a time
* Correc the reboot workaround for kernel panics (CARP interface deletion)
Ticket #1397
|
|
[20482] |
Nuke /usr/local/sbin/php if it exists on upgrade
|
|
[20493] |
change label to more accurately portray purpose of rule
|
|
[20494] |
fix typo
Ticket 1555
|
|
[20495] |
Revert broken OPT interface removal commit. This
breaks configurations entirely, worse than just improperly shifting
configuration items.
Ticket #1532
|
|
[20496] |
Revert broken OPT interface removal commit. This
breaks configurations entirely, worse than just improperly shifting
configuration items.
Ticket #1532
|
|
[20497] |
Only iterate items if it is an array.
|
|
[20509] |
Use list of VLAN long frame and native capable
interfaces from globals.inc, and remove duplicate (and incomplete) list
in interfaces.inc. Update list in globals.inc.
|
|
[20516] |
text cleanup
|
|
[20520] |
fix typo
|
|
[20525] |
remove forced reboot, expand comment
Ticket #1555
|
|
[20526] |
remove forced reboot, warn user a reboot may be required
Ticket #1555
|
|
[20530] |
Correctly remove freebsd package upon package deletion.
|
|
[20535] |
Detect vmware and embedded platforms and lower the note duration
automatically.
|
|
[20542] |
Pretent we are a little bit more secure and hide the password from folks
that can look over your shoulder.
|
|
[20555] |
Use correct var
|
|
[20590] |
Reapply patches from ticket #1532
|
|
[20591] |
Time to bump to 1.2-RC4. This RC is dedicated to Adam Armstrong.
|
|
[20592] |
add vr(4) VLAN support
Ticket #1561
|
|
[20595] |
Add patch for options reject processing.
Obtained-from: m0n0wall which obtained it from MPD 4.X.
|
|
[20598] |
Do not reset every hour. Wait until the process goes out of control.
|
|
[20601] |
touch up text
Ticket #1569
|
|
[20603] |
touch up text
Ticket #1569
|
|
[20611] |
remove unnecessary grep
Ticket #1573
|
|
[20615] |
touch up text
Ticket #1576
|
|
[20620] |
touch up text
Ticket #1577
|
|
[20621] |
touch up text
Ticket #1578
|
|
[20626] |
* Do not allow the image to go read only during download / upgrade ops
* If a previous /root/firmware.tgz file exists before download, unlink
the file to avoid a out of space error if the prior download operation
happens to fail (or if / becomes rw again)
|
|
[20629] |
Automatically assume the embedded platform on update if the platform
is set to embedded or wrap. We do not include any kernels outside
of embedded anyways for this paticular platform.
|
|
[20636] |
touch up text
Ticket #1586
|
|
[20639] |
remove DynDNS cache in services_dyndns_reset()
Ticket #1589
|
|
[20644] |
Make sure $d_fwupenabled_path is defined since it is initially defined
in guiconfig.inc. At some point in the future these variables should
be moved to globals.inc.
|
|
[20653] |
Make 3 passes at loading the SPD entries as this will fail on large configurations > 250 tunnels
Tested by smos@ 399 tunnels 239 active, ok by sullrich@
|
|
[20659] |
Add sipproxd hooks.
|
|
[20672] |
* Use correct package name
* Include filter rules
|
|
[20675] |
Fix copy and pasto.
|
|
[20681] |
Flush both SA and SPD entries
|
|
[20684] |
Somehow sending a SIGHUP before flushing and reloading works better then
after. Technically a SIGHUP to racoon should not do anything.
|
|
[20688] |
attempt loading SPD entries 4 times
|
|
[20691] |
Only process /boot/loader.conf if it exists avoiding a
somehwhat ugly looking error on cdrom boot.
|
|
[20693] |
clarify wording in tabs to appropriately reflect purpose of these pages
|
|
[20726] |
Revert dhclient timeout to the default of 60 seconds. Setting it to 20 minutes
is a bit insane (if you haven't gotten a reply in 60 seconds, you aren't
getting one), and causes systems to hang 20 minutes during
"Configuring WAN" at boot when there is no DHCP server available
on the WAN interface.
|
|
[20728] |
Remove accidentally added debug code
|
|
[20740] |
Revert dhclient timeout to the default of 60 seconds (originally didn't realize it was in there two more times).
|
|
[20746] |
When changing the IP address, reassign all static routes.
Tested-by: Gary Buckmaster via ORU
|
|
[20764] |
touch up text
Ticket #1610
|
|
[20779] |
Use ip_in_subnet() to correctly determineif we have a matching real ip
address defined somewhere before allowing the CARP address to be added.
|
|
[20781] |
Cleanup if(). Remove additional save message.
|
|
[20797] |
Lower threshold to 86. Noticed a scenario where slbd was chewing up
roughtly 91% of the cpu.
|
|
[20798] |
Do not pass traffic on user proxy which can cause deadlocks in freebsd
|
|
[20813] |
Update to racoon-0.7-cvs with Timo Teras patches.
Use setkey -f because spd loading works normally now.
|
|
[20835] |
shorten description field to prevent creating rulesets that won't load.
Ticket #1619
|
|
[20841] |
Do not load CARP IP address if we cannot find a matching subnet on a
real interface.
|
|
[20842] |
Trim long interface names to prevent broken rulesets.
Ticket #1612
|
|
[20843] |
Prevent users from entering queue names that break the ruleset
sort of related to Ticket #1612
|
|
[20849] |
Tag as RC5. We might not release RC5 but we need to seperate the previous
release from all of the misc changes made this week. All of the changes
should work okay but it will be good to know this information if a bug
report comes in so we can seperate the last release from what is in the
tree at this point.
|
|
[20851] |
correct bogons file location
|
|
[20857] |
When a CARP parent interface is down or disabled, ignore the CARP IP
address as this will introduce a panic situation in FreeBSD.
|
|
[20860] |
Only check disabled/enabled status on OPTX interfaces. WAN and LAN are
assumed to always be enabled.
|
|
[20864] |
With the current Racoon we need to inform that we are reloading
our SPD entries with a SIGHUP
|
|
[20867] |
Correctly deterimine if /boot/loader.conf exists.
|
|
[20869] |
Do not show Apply button twice.
|
|
[20870] |
MFC from releng_1. Do not run pfctl -ss 4 times.
Dated Nov 15 2007
|
|
[20871] |
touch up text
Ticket #1627
|
|
[20994] |
Make scripts XSS input safe.
Pointed-out: by hoopercharles@gmail.com
|
|
[21005] |
fix typo
Ticket #1645
|
|
[21021] |
touch up text
Ticket #1644
|
|
[21024] |
touch up text
Ticket #1644
|
|
[21029] |
* Add merge_installedpackages_section_xmlrpc() call used for merging
specific <installedpackages><AREANAME> sub items without replacing
the entire <installedpackages> area with just this item
* Adjust TinyDNS sync to use this new method to avoid replacing the
entire destination <installedpackages> area which also whipes
out all other installd package information.
|
|
[21032] |
* Add xmlrpc declarations missed in last commit
* MFC exec_shell() package related function
* MFC exec_php() package related function
|
|
[21042] |
Make sure we sync before mounting ro.
|
|
[21047] |
Close off XSS execution hole.
Submitted-by: Charles Hooper
|
|
[21059] |
clarify text
|
|
[21062] |
touch up text
|
|
[21074] |
Do not destory CARP interface, simply delete it to avoid FreeBSD panics.
|
|
[21078] |
File an alert we cannot find a matching subnet for a CARP IP address.
|
|
[21100] |
Missing global $g and $config
|
|
[21103] |
Ensure /tmp/y exists before running pkg_delete command.
|
|
[21106] |
Remove bogus check.
|
|
[21131] |
fix typo
|
|
[21150] |
Backport -ss syslogd feature from HEAD. Only bind to 127.0.0.1 if we
are not remotely sending logs.
|
|
[21227] |
Guard against javascript injection attacks
Ticket #1656
|
|
[21247] |
Get ready for 1.2-RELEASE.
|
|
[21254] |
Trigger initial wizard upon installation
|