4 files changed, 42 insertions, 13 deletions

diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index c0391fcc..24ffa5b9 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -468,23 +468,32 @@ function sync_package_pfblocker($cron="") {
 		}
 		
 		if ($message == ""){
-			$last_iface="";
 			$rules=$config['filter']['rule'];
 			$new_rules=array();
-			# The assumption is that the rules in the config come in groups by interface then priority.
-			# e.g. all rules for WAN (highest priority first), then for LAN then for OPT1 etc.
-			# Note that floating rules (interface is "") can appear mixed in the list.
+			$interfaces_processed=array();
+			# The rules in the config come in priority order, 
+			# but the interface to which each rule applies can be all mixed up in the list.
+			# e.g. some WAN rules, then some LAN rules, then some floating rules, then more
+			# LAN rules, some OPT1 rules, some more LAN rules and so on.
+			# So we have to allow for this, and only add pfBlocker rules the first time an 
+			# interface is found in the rules list.
 			foreach ($rules as $rule){
-				# If this next rule is for a non-blank interface, different to the previous interface,
+				# If this next rule is for a non-blank interface, different from any interface already processed,
 				# then add any needed pfblocker rules to the interface. This puts pfblocker rules at the
 				# top of the list for each interface, after any built-in rules (e.g. anti-lockout)
-				if (($rule['interface'] != "") && ($rule['interface'] <> $last_iface)){
-					$last_iface = $rule['interface'];
+				$found_new_interface = TRUE;
+				foreach ($interfaces_processed as $processed_interface){
+					if ($processed_interface = $rule['interface']){
+						$found_new_interface = FALSE;
+					}
+				}
+				if (($rule['interface'] != "") && ($found_new_interface)){
+					$interfaces_processed[] = $rule['interface'];
 					#apply pfblocker rules if enabled
 				
 					#Inbound
 					foreach ($inbound_interfaces as $inbound_interface){
-						if ($inbound_interface==$last_iface){
+						if ($inbound_interface==$rule['interface']){
 							#permit rules
 							if (is_array($permit_inbound)){
 								foreach ($permit_inbound as $cb_rules){
@@ -503,7 +512,7 @@ function sync_package_pfblocker($cron="") {
 					}
 					#Outbound
 					foreach ($outbound_interfaces as $outbound_interface){
-						if ($outbound_interface==$last_iface){
+						if ($outbound_interface==$rule['interface']){
 							#permit rules
 							if (is_array($permit_outbound)){
 								foreach ($permit_outbound as $cb_rules){
diff --git a/config/sarg/sarg_frame.php b/config/sarg/sarg_frame.php
index 63cb3f3e..4d3421ab 100755
--- a/config/sarg/sarg_frame.php
+++ b/config/sarg/sarg_frame.php
@@ -27,6 +27,8 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+require_once("authgui.inc");
+
 $uname=posix_uname();
 if ($uname['machine']=='amd64')
         ini_set('memory_limit', '250M');
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index b8d20e5d..3daa21a3 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1763,15 +1763,14 @@
 		<website>http://www.balabit.com/network-security/syslog-ng/</website>
 		<descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr>
 		<category>Services</category>
-		<version>3.3.4_1</version>
+		<version>3.3.6_2</version>
 		<status>ALPHA</status>
 		<required_version>2.1</required_version>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
-		<depends_on_package_pbi>syslog-ng-3.3.4_1.pbi</depends_on_package_pbi>
-		<depends_on_package_pbi>logrotate-3.7.9.pbi</depends_on_package_pbi>
+		<depends_on_package_pbi>syslog-ng-3.3.6_2-i386.pbi</depends_on_package_pbi>
 		<build_pbi>
+			<ports_before>sysutils/logrotate</ports_before>
 			<port>sysutils/syslog-ng</port>
-			<port>sysutils/logrotate</port>
 		</build_pbi>
 		<build_options></build_options>
 		<maintainer>laleger@gmail.com</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 80ba838b..4efa7ea0 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -1745,5 +1745,24 @@
 			<logtab>tinc</logtab>
 		</logging>
 	</package>
+	<package>
+		<name>syslog-ng</name>
+		<website>http://www.balabit.com/network-security/syslog-ng/</website>
+		<descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr>
+		<category>Services</category>
+		<version>3.3.6_2</version>
+		<status>ALPHA</status>
+		<required_version>2.1</required_version>
+		<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
+		<depends_on_package_pbi>syslog-ng-3.3.6_2-amd64.pbi</depends_on_package_pbi>
+		<build_pbi>
+			<ports_before>sysutils/logrotate</ports_before>
+			<port>sysutils/syslog-ng</port>
+		</build_pbi>
+		<build_options></build_options>
+		<maintainer>laleger@gmail.com</maintainer>
+		<config_file>http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.xml</config_file>
+		<configurationfile>syslog-ng.xml</configurationfile>
+	</package>
 </packages>
 </pfsensepkgs>