5 files changed, 67 insertions, 23 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 8932d7ca..92ec2e4f 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -2459,24 +2459,31 @@ conf_mount_ro();
 function freeradius_sync_on_changes() {
 	global $config, $g;
 	$varsyncenablexmlrpc = $config['installedpackages']['freeradiussync']['config'][0]['varsyncenablexmlrpc'];	
-	
+
 	// if checkbox is NOT checked do nothing
 	if(!$varsyncenablexmlrpc) {
 		return;
 	}
-	
-	log_error("FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync).");	
+ 
+	log_error("FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync).");
+	log_error("FreeRADIUS: Starting XMLRPC with time out: {$varsynctimeout}.");
 	
 	// if checkbox is checked get IP and password of the destination hosts
 	foreach ($config['installedpackages']['freeradiussync']['config'] as $rs ){
 		foreach($rs['row'] as $sh){
+			// if checkbox is NOT checked do nothing
+			if($sh['varsyncdestinenable']) {
 			$varsyncprotocol 	= $sh['varsyncprotocol'];
 			$sync_to_ip 		= $sh['varsyncipaddress'];
-			$password   		= $sh['varsyncpassword'];
+                        $password   		= $sh['varsyncpassword'];
 			$varsyncport 		= $sh['varsyncport'];
 			if($password && $sync_to_ip && $varsyncport && $varsyncprotocol)
 				freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol);
-		}
+		    }
+                    else {
+                    log_error("FreeRADIUS: Sync with {$sh['varsyncipaddress']} is disable");
+                    }
+        }
 	}
 	log_error("FreeRADIUS: Finished XMLRPC process (freeradius_do_xmlrpc_sync).");
 }
@@ -2485,6 +2492,14 @@ function freeradius_sync_on_changes() {
 function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol) {
 	global $config, $g;
 
+	$varsynctimeout = $config['installedpackages']['freeradiussync']['config'][0]['varsynctimeout'];
+
+        if($varsynctimeout == '' || $varsynctimeout == 0) {
+		$varsynctimeout = 150;
+	}
+
+	log_error("FreeRADIUS: Starting XMLRPC with time out: {$varsynctimeout}.");
+
 	if(!$password)
 		return;
 
@@ -2524,15 +2539,15 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
 	$cli->setCredentials('admin', $password);
 		if($g['debug'])
 			$cli->setDebug(1);
-		/* send our XMLRPC message and timeout after 150 seconds */
-		$resp = $cli->send($msg, "150");
+		/* send our XMLRPC message and timeout after $varsynctimeout seconds */
+		$resp = $cli->send($msg, $varsynctimeout);
 		if(!$resp) {
 			$error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port}.";
 			log_error("FreeRADIUS: $error");
 			file_notice("sync_settings", $error, "freeradius Settings Sync", "");
 		} elseif($resp->faultCode()) {
 			$cli->setDebug(1);
-			$resp = $cli->send($msg, "150");
+			$resp = $cli->send($msg, $varsynctimeout);
 			$error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
 			log_error("FreeRADIUS: $error");
 			file_notice("sync_settings", $error, "freeradius Settings Sync", "");
@@ -2556,14 +2571,14 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyn
 	$msg = new XML_RPC_Message($method, $params);
 	$cli = new XML_RPC_Client('/xmlrpc.php', $url, $port);
 	$cli->setCredentials('admin', $password);
-		$resp = $cli->send($msg, "150");
+		$resp = $cli->send($msg, $varsynctimeout);
 		if(!$resp) {
 			$error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port} (exec_php).";
 			log_error($error);
 			file_notice("sync_settings", $error, "freeradius Settings Sync", "");
 		} elseif($resp->faultCode()) {
 			$cli->setDebug(1);
-			$resp = $cli->send($msg, "150");
+			$resp = $cli->send($msg, $varsynctimeout);
 			$error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString();
 			log_error($error);
 			file_notice("sync_settings", $error, "freeradius Settings Sync", "");
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index c0391fcc..24ffa5b9 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -468,23 +468,32 @@ function sync_package_pfblocker($cron="") {
 		}
 		
 		if ($message == ""){
-			$last_iface="";
 			$rules=$config['filter']['rule'];
 			$new_rules=array();
-			# The assumption is that the rules in the config come in groups by interface then priority.
-			# e.g. all rules for WAN (highest priority first), then for LAN then for OPT1 etc.
-			# Note that floating rules (interface is "") can appear mixed in the list.
+			$interfaces_processed=array();
+			# The rules in the config come in priority order, 
+			# but the interface to which each rule applies can be all mixed up in the list.
+			# e.g. some WAN rules, then some LAN rules, then some floating rules, then more
+			# LAN rules, some OPT1 rules, some more LAN rules and so on.
+			# So we have to allow for this, and only add pfBlocker rules the first time an 
+			# interface is found in the rules list.
 			foreach ($rules as $rule){
-				# If this next rule is for a non-blank interface, different to the previous interface,
+				# If this next rule is for a non-blank interface, different from any interface already processed,
 				# then add any needed pfblocker rules to the interface. This puts pfblocker rules at the
 				# top of the list for each interface, after any built-in rules (e.g. anti-lockout)
-				if (($rule['interface'] != "") && ($rule['interface'] <> $last_iface)){
-					$last_iface = $rule['interface'];
+				$found_new_interface = TRUE;
+				foreach ($interfaces_processed as $processed_interface){
+					if ($processed_interface = $rule['interface']){
+						$found_new_interface = FALSE;
+					}
+				}
+				if (($rule['interface'] != "") && ($found_new_interface)){
+					$interfaces_processed[] = $rule['interface'];
 					#apply pfblocker rules if enabled
 				
 					#Inbound
 					foreach ($inbound_interfaces as $inbound_interface){
-						if ($inbound_interface==$last_iface){
+						if ($inbound_interface==$rule['interface']){
 							#permit rules
 							if (is_array($permit_inbound)){
 								foreach ($permit_inbound as $cb_rules){
@@ -503,7 +512,7 @@ function sync_package_pfblocker($cron="") {
 					}
 					#Outbound
 					foreach ($outbound_interfaces as $outbound_interface){
-						if ($outbound_interface==$last_iface){
+						if ($outbound_interface==$rule['interface']){
 							#permit rules
 							if (is_array($permit_outbound)){
 								foreach ($permit_outbound as $cb_rules){
diff --git a/config/sarg/sarg_frame.php b/config/sarg/sarg_frame.php
index 63cb3f3e..4d3421ab 100755
--- a/config/sarg/sarg_frame.php
+++ b/config/sarg/sarg_frame.php
@@ -27,6 +27,8 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+require_once("authgui.inc");
+
 $uname=posix_uname();
 if ($uname['machine']=='amd64')
         ini_set('memory_limit', '250M');
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index b8d20e5d..3daa21a3 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1763,15 +1763,14 @@
 		<website>http://www.balabit.com/network-security/syslog-ng/</website>
 		<descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr>
 		<category>Services</category>
-		<version>3.3.4_1</version>
+		<version>3.3.6_2</version>
 		<status>ALPHA</status>
 		<required_version>2.1</required_version>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
-		<depends_on_package_pbi>syslog-ng-3.3.4_1.pbi</depends_on_package_pbi>
-		<depends_on_package_pbi>logrotate-3.7.9.pbi</depends_on_package_pbi>
+		<depends_on_package_pbi>syslog-ng-3.3.6_2-i386.pbi</depends_on_package_pbi>
 		<build_pbi>
+			<ports_before>sysutils/logrotate</ports_before>
 			<port>sysutils/syslog-ng</port>
-			<port>sysutils/logrotate</port>
 		</build_pbi>
 		<build_options></build_options>
 		<maintainer>laleger@gmail.com</maintainer>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 80ba838b..4efa7ea0 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -1745,5 +1745,24 @@
 			<logtab>tinc</logtab>
 		</logging>
 	</package>
+	<package>
+		<name>syslog-ng</name>
+		<website>http://www.balabit.com/network-security/syslog-ng/</website>
+		<descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr>
+		<category>Services</category>
+		<version>3.3.6_2</version>
+		<status>ALPHA</status>
+		<required_version>2.1</required_version>
+		<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
+		<depends_on_package_pbi>syslog-ng-3.3.6_2-amd64.pbi</depends_on_package_pbi>
+		<build_pbi>
+			<ports_before>sysutils/logrotate</ports_before>
+			<port>sysutils/syslog-ng</port>
+		</build_pbi>
+		<build_options></build_options>
+		<maintainer>laleger@gmail.com</maintainer>
+		<config_file>http://www.pfsense.com/packages/config/syslog-ng/syslog-ng.xml</config_file>
+		<configurationfile>syslog-ng.xml</configurationfile>
+	</package>
 </packages>
 </pfsensepkgs>