diff options
| -rw-r--r-- | config/apache_mod_security-dev/apache_mod_security.inc | 176 | ||||
| -rwxr-xr-x | config/apache_mod_security-dev/apache_mod_security_sync.xml | 145 | ||||
| -rw-r--r-- | config/filer/filer.inc | 177 | ||||
| -rw-r--r-- | config/filer/filer_sync.xml | 112 | ||||
| -rw-r--r-- | config/haproxy-legacy/haproxy.inc | 4 | ||||
| -rwxr-xr-x | config/postfix/postfix.inc | 285 | ||||
| -rw-r--r-- | config/postfix/postfix.php | 307 | ||||
| -rw-r--r-- | config/postfix/postfix_sync.xml | 198 | ||||
| -rw-r--r-- | config/squidGuard/squidguard.priv.inc | 55 | ||||
| -rw-r--r-- | config/squidGuard/squidguard.xml | 61 | ||||
| -rw-r--r-- | pkg_config.10.xml | 325 | ||||
| -rw-r--r-- | pkg_config.8.xml | 18 | ||||
| -rw-r--r-- | pkg_config.8.xml.amd64 | 18 |
13 files changed, 1099 insertions, 782 deletions
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc index ed5596d6..4ec13bd0 100644 --- a/config/apache_mod_security-dev/apache_mod_security.inc +++ b/config/apache_mod_security-dev/apache_mod_security.inc @@ -1,19 +1,20 @@ <?php /* apache_mod_security.inc - part of apache_mod_security package (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2009, 2010 Scott Ullrich Copyright (C) 2012-2013 Marcello Coutinho Copyright (C) 2013 Stephane Lapie <stephane.lapie@asahinet.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form MUST reproduce the above copyright + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. @@ -28,7 +29,6 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require_once("service-utils.inc"); $shortcut_section = "apache"; @@ -157,27 +157,38 @@ function apache_mod_security_resync() { if (is_array($config['installedpackages']['apachesync']['config'])){ $apache_sync = $config['installedpackages']['apachesync']['config'][0]; $synconchanges = $apache_sync['synconchanges']; - $synctimeout = $apache_sync['synctimeout']; - switch ($synconchanges){ + $synctimeout = $apache_sync['synctimeout'] ?: '250'; + switch ($synconchanges) { case "manual": - if (is_array($apache_sync[row])){ - $rs = $apache_sync[row]; + if (is_array($apache_sync['row'])) { + $rs = $apache_sync['row']; } else { - log_error("apache_mod_security_package: XMLRPC sync is enabled, but there is no local host to push on apache config."); + log_error("apache_mod_security_package: XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ // pfSense 2.0.x - $system_carp = $config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; - $rs[0]['username'] = $system_carp['username']; - $rs[0]['password'] = $system_carp['password']; - } else if (is_array($config['hasync'])) { // pfSense 2.1 + if (is_array($config['hasync'])) { $system_carp = $config['hasync']; $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; $rs[0]['username'] = $system_carp['username']; $rs[0]['password'] = $system_carp['password']; + $rs[0]['syncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; + } + if ($system_carp['synchronizetoip'] == "") { + log_error("apache_mod_security_package: XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } else { + $rs[0]['syncdestinenable'] = TRUE; + } } else { log_error("apache_mod_security_package: XMLRPC sync is enabled, but there is no global backup host to push apache config."); return; @@ -185,55 +196,63 @@ function apache_mod_security_resync() { break; default: return; - break; + break; } - } - if (is_array($rs)){ - foreach($rs as $sh){ - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if ($sh['username']) - $username = $sh['username']; - else - $username = 'admin'; - if ($password && $sync_to_ip) - apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout); + if (is_array($rs)) { + log_error("apache_mod_security_package: XMLRPC sync is starting."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['syncdestinenable']) { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + apache_mod_security_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("apache_mod_security_package: XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } + } + log_error("apache_mod_security_package: XMLRPC sync completed."); } } } // Do the actual XMLRPC Sync -function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { +function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { global $config, $g; - if(!$username) - return; - - if(!$password) - return; - - if(!$sync_to_ip) + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("apache_mod_security_package: A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; - - if(!$synctimeout) - $synctimeout=25; - - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; + + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - $synchronizetoip .= $sync_to_ip; - /* xml will hold the sections to sync */ + $url = "{$protocol}://{$sync_to_ip}"; + + /* XML will hold the sections to sync. */ $xml = array(); $xml['apachesettings'] = $config['installedpackages']['apachesettings']; $xml['apachemodsecurity'] = $config['installedpackages']['apachemodsecurity']; @@ -243,67 +262,58 @@ function apache_mod_security_do_xmlrpc_sync($sync_to_ip, $username, $password, $ $xml['apachevirtualhost'] = $config['installedpackages']['apachevirtualhost']; $xml['apachelisten'] = $config['installedpackages']['apachelisten']; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("apache_mod_security_package: Beginning apache_mod_security XMLRPC sync to {$url}:{$port}."); + /* Set a few variables needed for sync code */ $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - if($g['debug']) + if ($g['debug']) { $cli->setDebug(1); - /* send our XMLRPC message and timeout after defined sync timeout value*/ + } + /* Send our XMLRPC message and timeout after defined sync timeout value */ $resp = $cli->send($msg, $synctimeout); - if(!$resp) { - $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port}."; - log_error($error); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("apache_mod_security_package: {$error}"); file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("apache_mod_security_package: {$error}"); file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); } else { log_error("apache_mod_security_package: XMLRPC sync successfully completed with {$url}:{$port}."); } - /* tell apache_mod_security to reload our settings on the destination sync host. */ + /* Tell apache_mod_security to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/apache_mod_security.inc');\n"; $execcmd .= "apache_mod_security_resync();"; - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); - log_error("apache_mod_security_package: XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); - if(!$resp) { - $error = "A communications error occurred while attempting apache_mod_security XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error("apache_mod_security_package: {$error}"); file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting apache_mod_security XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("apache_mod_security_package: {$error}"); file_notice("sync_settings", $error, "apache_mod_security Settings Sync", ""); } else { - log_error("apache_mod_security XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + log_error("apache_mod_security_package: XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } - } function apache_mod_security_checkconfig() { diff --git a/config/apache_mod_security-dev/apache_mod_security_sync.xml b/config/apache_mod_security-dev/apache_mod_security_sync.xml index 7ecfb68e..425069b6 100755 --- a/config/apache_mod_security-dev/apache_mod_security_sync.xml +++ b/config/apache_mod_security-dev/apache_mod_security_sync.xml @@ -1,46 +1,46 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - apache_sync.xml - part of the sarg package for pfSense - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + apache_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>apachesync</name> <version>1.0</version> <title>Proxy server: XMLRPC Sync</title> @@ -66,9 +66,15 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync apache configuration changes</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for Apache + ModSecurity.</description> + <description> + <![CDATA[ + Select a sync method for Apache + ModSecurity.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> <type>select</type> <required/> <default_value>auto</default_value> @@ -79,39 +85,70 @@ </options> </field> <field> - <fielddescr>Sync timeout</fielddescr> + <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> - <description>Select sync max wait time</description> + <description>XMLRPC timeout in seconds.</description> <type>select</type> <required/> <default_value>250</default_value> <options> - <option><name>30 seconds(Default)</name><value>30</value></option> - <option><name>60 seconds</name><value>60</value></option> - <option><name>90 seconds</name><value>90</value></option> + <option><name>250 seconds (Default)</name><value>250</value></option> <option><name>120 seconds</name><value>120</value></option> - <option><name>250 seconds</name><value>250</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> </options> </field> <field> - <fielddescr>Remote Server</fielddescr> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - </rowhelperfield> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> + <fieldname>ipaddress</fieldname> + <description><![CDATA[IP address or hostname of the destination host.]]></description> + <type>input</type> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Username (admin)</fielddescr> + <fieldname>username</fieldname> + <description><![CDATA[Enter the username account for administration.]]></description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Admin Password</fielddescr> + <fieldname>password</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> + <type>password</type> + <size>20</size> + </rowhelperfield> </rowhelper> </field> </fields> diff --git a/config/filer/filer.inc b/config/filer/filer.inc index 7b795acb..63cdb302 100644 --- a/config/filer/filer.inc +++ b/config/filer/filer.inc @@ -103,75 +103,113 @@ function filer_validate_input($post, &$input_errors) { /* Uses XMLRPC to synchronize the changes to a remote node. */ function filer_sync_on_changes() { - global $config, $g; + global $config; - log_error("[filer] filer_xmlrpc_sync.php is starting."); - $synconchanges = $config['installedpackages']['filersync']['config'][0]['synconchanges']; - if (!$synconchanges) { - return; - } - foreach ($config['installedpackages']['filersync']['config'] as $rs) { - foreach ($rs['row'] as $sh) { - $sync_to_ip = $sh['ipaddress']; - $password = $sh['password']; - if ($sh['username']) { - $username = $sh['username']; - } else { - $username = 'admin'; - } - if ($password && $sync_to_ip) { - filer_do_xmlrpc_sync($sync_to_ip, $username, $password); + if (is_array($config['installedpackages']['filersync']['config'])) { + $filer_sync = $config['installedpackages']['filersync']['config'][0]; + $synconchanges = $filer_sync['synconchanges']; + $synctimeout = $filer_sync['synctimeout'] ?: '250'; + switch ($synconchanges) { + case "manual": + if (is_array($filer_sync['row'])) { + $rs = $filer_sync['row']; + } else { + log_error("[filer] XMLRPC sync is enabled but there are no hosts configured as replication targets."); + return; + } + break; + case "auto": + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + $rs[0]['syncdestinenable'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; + } + if ($system_carp['synchronizetoip'] == "") { + log_error("[filer] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } else { + $rs[0]['syncdestinenable'] = TRUE; + } + } else { + log_error("[filer] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } + break; + default: + return; + break; + } + if (is_array($rs)) { + log_error("[filer] XMLRPC sync is starting."); + foreach ($rs as $sh) { + // Only sync enabled replication targets + if ($sh['syncdestinenable']) { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + filer_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("[filer] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } + } } + log_error("[filer] XMLRPC sync completed."); } - } - log_error("[filer] filer_xmlrpc_sync.php is ending."); + } } /* Do the actual XMLRPC sync. */ -function filer_do_xmlrpc_sync($sync_to_ip, $username, $password) { +function filer_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { global $config, $g; - if (!$username) { + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[filer] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; } - if (!$password) { - return; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; } - if (!$sync_to_ip) { - return; - } + $url = "{$protocol}://{$sync_to_ip}"; - $xmlrpc_sync_neighbor = $sync_to_ip; - if ($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* If port is empty, let's rely on the protocol selection. */ - if ($port == "") { - if ($config['system']['webgui']['protocol'] == "http") { - $port = "80"; - } else { - $port = "443"; - } - } - $synchronizetoip .= $sync_to_ip; - - /* xml will hold the sections to sync. */ + /* XML will hold the sections to sync. */ $xml = array(); $xml['filer'] = $config['installedpackages']['filer']; - /* Assemble XMLRPC payload. */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* Set a few variables needed for sync; code borrowed from filter.inc. */ - $url = $synchronizetoip; - log_error("Beginning Filer XMLRPC sync to {$url}:{$port}."); + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -180,19 +218,19 @@ function filer_do_xmlrpc_sync($sync_to_ip, $username, $password) { $cli->setDebug(1); } /* Send our XMLRPC message and timeout after 250 seconds. */ - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting filer XMLRPC sync with {$url}:{$port}."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[filer] {$error}"); file_notice("sync_settings", $error, "filer Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting filer XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[filer] {$error}"); file_notice("sync_settings", $error, "filer Settings Sync", ""); } else { - log_error("filer XMLRPC sync successfully completed with {$url}:{$port}."); + log_error("[filer] XMLRPC sync successfully completed with {$url}:{$port}."); } /* Tell filer to reload our settings on the destination sync host. */ @@ -200,28 +238,25 @@ function filer_do_xmlrpc_sync($sync_to_ip, $username, $password) { $execcmd = "require_once('/usr/local/pkg/filer.inc');\n"; $execcmd .= "sync_package_filer();"; /* Assemble XMLRPC payload. */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); - log_error("filer XMLRPC reload data {$url}:{$port}."); + log_error("[filer] XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting filer XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error("[filer] {$error}"); file_notice("sync_settings", $error, "filer Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while attempting filer XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $resp = $cli->send($msg, $synctimeout); + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[filer] {$error}"); file_notice("sync_settings", $error, "filer Settings Sync", ""); } else { - log_error("filer XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + log_error("[filer] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } diff --git a/config/filer/filer_sync.xml b/config/filer/filer_sync.xml index 0b4124ce..1e3614d0 100644 --- a/config/filer/filer_sync.xml +++ b/config/filer/filer_sync.xml @@ -44,7 +44,7 @@ ]]> </copyright> <name>filersync</name> - <version>1.2</version> + <version>0.60.6</version> <title>Filer: Sync</title> <include_file>/usr/local/pkg/filer.inc</include_file> <tabs> @@ -61,50 +61,96 @@ <fields> <field> <type>listtopic</type> - <fieldname>temp</fieldname> - <name>Enable Filer configuration sync</name> + <name>XMLRPC Sync</name> </field> <field> - <fielddescr>Automatically sync Filer configuration changes.</fielddescr> + <fielddescr>Enable Sync</fielddescr> <fieldname>synconchanges</fieldname> - <description>pfSense will automatically sync changes to the hosts defined below. (Leave blank to use 'admin'.)</description> - <type>checkbox</type> + <description> + <![CDATA[ + Select a sync method for Filer.<br/><br/> + <strong>Important:</strong> While using "Sync to host(s) defined below", only sync from host A to B, A to C but <strong>do not</strong> enable XMLRPC sync <b>to</b> A. + This will result in a loop! + ]]> + </description> + <type>select</type> + <required/> + <default_value>disabled</default_value> + <options> + <option><name>Sync to configured system backup server</name><value>auto</value></option> + <option><name>Sync to host(s) defined below</name><value>manual</value></option> + <option><name>Do not sync this package configuration</name><value>disabled</value></option> + </options> </field> <field> - <fielddescr>Remote Servers</fielddescr> + <fielddescr>Sync Timeout</fielddescr> + <fieldname>synctimeout</fieldname> + <description>XMLRPC timeout in seconds.</description> + <type>select</type> + <required/> + <default_value>250</default_value> + <options> + <option><name>250 seconds (Default)</name><value>250</value></option> + <option><name>120 seconds</name><value>120</value></option> + <option><name>90 seconds</name><value>90</value></option> + <option><name>60 seconds</name><value>60</value></option> + <option><name>30 seconds</name><value>30</value></option> + </options> + </field> + <field> + <fielddescr>Replication Targets</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server.</description> - <type>input</type> - <size>20</size> - <required/> - </rowhelperfield> - <rowhelperfield> - <fielddescr>User Name</fielddescr> - <fieldname>username</fieldname> - <description>user name of remote server.</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - <required/> - </rowhelperfield> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>syncdestinenable</fieldname> + <description><![CDATA[Enable this host as a replication target]]></description> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description><![CDATA[Choose the protocol used to sync with the destination host (HTTP or HTTPS).]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address/Hostname</fielddescr> + <fieldname>ipaddress</fieldname> + <description><![CDATA[IP address or hostname of the destination host.]]></description> + <type>input</type> + <size>40</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description><![CDATA[Choose the sync port of the destination host.]]></description> + <type>input</type> + <size>3</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Username (admin)</fielddescr> + <fieldname>username</fieldname> + <description><![CDATA[Enter the username account for administration.]]></description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Admin Password</fielddescr> + <fieldname>password</fieldname> + <description><![CDATA[Password of the user "admin" on the destination host.]]></description> + <type>password</type> + <size>20</size> + </rowhelperfield> </rowhelper> </field> </fields> <custom_php_resync_config_command> filer_sync_on_changes(); </custom_php_resync_config_command> - <custom_php_command_before_form> - unset($_POST['temp']); - </custom_php_command_before_form> </packagegui> diff --git a/config/haproxy-legacy/haproxy.inc b/config/haproxy-legacy/haproxy.inc index 55b86882..9b19bbd4 100644 --- a/config/haproxy-legacy/haproxy.inc +++ b/config/haproxy-legacy/haproxy.inc @@ -345,8 +345,8 @@ function haproxy_sync_on_changes() { } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; $rs[0]['ipaddress']=$system_carp['synchronizetoip']; $rs[0]['username']=$system_carp['username']; $rs[0]['password']=$system_carp['password']; diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index 0629c187..9db7e5a1 100755 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -1,16 +1,16 @@ <?php /* postfix.inc - part of the Postfix package for pfSense + part of pfSense (https://www.pfSense.org/) Copyright (C) 2010 Erik Fonnesbeck Copyright (C) 2011-2014 Marcello Coutinho - + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -27,7 +27,6 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ $shortcut_section = "postfix"; require_once("util.inc"); @@ -689,8 +688,15 @@ MASTEREOF2; //check postfix etc dir on 2.2 $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); $postfix_etc_lnk="/usr/local/etc/postfix"; - if ($pfs_version == 2.2 && !is_dir($postfix_etc_lnk)) + if ($pfs_version == 2.2 && !is_dir($postfix_etc_lnk)) { @symlink(POSTFIX_LOCALBASE.'/etc/postfix',$postfix_etc_lnk); + } + + // Fixup library path so postfix can find its libraries + // XXX: Bug #4420 + if (POSTFIX_LOCALBASE != '/usr/local') { + mwexec("/sbin/ldconfig -m " . POSTFIX_LOCALBASE . "/local/lib/"); + } log_error("Writing out configuration"); file_put_contents(POSTFIX_LOCALBASE."/etc/postfix/main.cf", $postfix_main, LOCK_EX); @@ -737,6 +743,12 @@ MASTEREOF2; function postfix_start(){ global $config; $pf_dir=POSTFIX_LOCALBASE; + if (POSTFIX_LOCALBASE != '/usr/local') { + $pf_libdir = POSTFIX_LOCALBASE . "/local/lib"; + $pf_start_cmd = "LD_LIBRARY_PATH={$pf_libdir} {$pf_dir}/sbin/postfix start"; + } else { + $pf_start_cmd = "{$pf_dir}/sbin/postfix start"; + } $start=<<<EOF sysctl kern.ipc.nmbclusters=65536 @@ -744,7 +756,7 @@ function postfix_start(){ sysctl kern.maxfiles=131072 sysctl kern.maxfilesperproc=104856 sysctl kern.threads.max_threads_per_proc=4096 - {$pf_dir}/sbin/postfix start + {$pf_start_cmd} EOF; $stop = POSTFIX_LOCALBASE."/sbin/postfix stop\n"; @@ -813,163 +825,166 @@ function postfix_php_deinstall_command() { /* Uses XMLRPC to synchronize the changes to a remote node */ function postfix_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['postfixsync']['config'])){ - $postfix_sync=$config['installedpackages']['postfixsync']['config'][0]; - $synctimeout = $postfix_sync['synctimeout']; + if (is_array($config['installedpackages']['postfixsync']['config'])) { + $postfix_sync = $config['installedpackages']['postfixsync']['config'][0]; + $synctimeout = $postfix_sync['synctimeout'] ?: '250'; $synconchanges = $postfix_sync['synconchanges']; - switch ($synconchanges){ + switch ($synconchanges) { case "manual": - if (is_array($postfix_sync[row])){ - $rs=$postfix_sync[row]; - } - else{ - log_error("[postfix] xmlrpc sync is enabled but there is no hosts to push postfix config."); + if (is_array($postfix_sync['row'])) { + $rs = $postfix_sync['row']; + } else { + log_error("[postfix] XMLRPC sync is enabled but there are no hosts configured as replication targets."); return; - } + } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['ipaddress']=$system_carp['synchronizetoip']; - $rs[0]['username']=$system_carp['username']; - $rs[0]['password']=$system_carp['password']; - $rs[0]['enabless']=true; - $rs[0]['sync_type']="xmlrpc"; - if (! is_ipaddr($system_carp['synchronizetoip'])){ - log_error("[postfix] xmlrpc sync is enabled but there is no system backup hosts to push postfix config."); - return; - } + if (is_array($config['hasync'])) { + $system_carp = $config['hasync']; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + $rs[0]['sync_type'] = "xmlrpc"; + $rs[0]['enabless'] = FALSE; + + // XMLRPC sync is currently only supported over connections using the same protocol and port as this system + if ($config['system']['webgui']['protocol'] == "http") { + $rs[0]['syncprotocol'] = "http"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '80'; + } else { + $rs[0]['syncprotocol'] = "https"; + $rs[0]['syncport'] = $config['system']['webgui']['port'] ?: '443'; } - else{ - log_error("[postfix] xmlrpc sync is enabled but there is no system backup hosts to push postfix config."); + if (!is_ipaddr($system_carp['synchronizetoip'])) { + log_error("[postfix] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); return; + } else { + $rs[0]['enabless'] = TRUE; } + } else { + log_error("[postfix] XMLRPC CARP/HA sync is enabled but there are no system backup hosts configured as replication targets."); + return; + } break; default: return; - break; + break; } - if (is_array($rs)){ - log_error("[postfix] xmlrpc sync is starting."); - foreach($rs as $sh){ - $sync_to_ip = $sh['ipaddress']; - if($sh['username']) - $username = $sh['username']; - else - $username = 'admin'; - if($sh['password'] && $sh['ipaddress'] && $sh['enabless']) - postfix_do_xmlrpc_sync($sh['ipaddress'], $username, $sh['password'],$sh['sync_type'],$synctimeout); + if (is_array($rs)) { + log_error("[postfix] XMLRPC sync is starting."); + foreach($rs as $sh) { + if ($sh['enabless'] && $sh['sync_type'] == 'xmlrpc') { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + $sync_type = $sh['sync_type']; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + postfix_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout); + } else { + log_error("[postfix] XMLRPC sync with '{$sync_to_ip}' aborted due to the following error(s): {$error}"); + } } - log_error("[postfix] xmlrpc sync is ending."); } - } + log_error("[postfix] XMLRPC sync completed."); + } + } } /* Do the actual XMLRPC sync */ -function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$synctimeout) { +function postfix_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $password, $synctimeout) { global $config, $g; - if(!$username) - $username="admin"; - - if(!$password) + if ($username == "" || $password == "" || $sync_to_ip == "" || $port == "" || $protocol == "") { + log_error("[postfix] A required XMLRPC sync parameter (username, password, replication target, port or protocol) is empty ... aborting pkg sync"); return; + } - if(!$sync_to_ip) - return; + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; + } - if(!$synctimeout) - $synctimeout=120; - - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } - $synchronizetoip .= $sync_to_ip; + $url = "{$protocol}://{$sync_to_ip}"; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync. */ $xml = array(); - $sync_xml=$config['installedpackages']['postfixsync']['config'][0]['synconchanges']; - $sync_db=$config['installedpackages']['postfixsync']['config'][0]['rsync']; - if ($sync_xml && preg_match("/xmlrpc/",$sync_type)){ - log_error("Include postfix xmls"); - $xml['postfix'] = $config['installedpackages']['postfix']; - $xml['postfixdomains'] = $config['installedpackages']['postfixdomains']; - $xml['postfixacl'] = $config['installedpackages']['postfixacl']; - $xml['postfixrecipients'] = $config['installedpackages']['postfixrecipients']; - $xml['postfixantispam'] = $config['installedpackages']['postfixantispam']; - } - if (count($xml) > 0){ - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($xml) - ); - - /* set a few variables needed for sync code borrowed from filter.inc */ - $url = $synchronizetoip; - log_error("Beginning Postfix XMLRPC sync to {$url}:{$port}."); - $method = 'pfsense.merge_installedpackages_section_xmlrpc'; - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials($username, $password); - if($g['debug']) - $cli->setDebug(1); - /* send our XMLRPC message and timeout after $sync_timeout seconds */ + $xml['postfix'] = $config['installedpackages']['postfix']; + $xml['postfixdomains'] = $config['installedpackages']['postfixdomains']; + $xml['postfixacl'] = $config['installedpackages']['postfixacl']; + $xml['postfixrecipients'] = $config['installedpackages']['postfixrecipients']; + $xml['postfixantispam'] = $config['installedpackages']['postfixantispam']; + + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($xml)); + + /* Set a few variables needed for sync code */ + log_error("[postfix] Beginning XMLRPC sync to {$url}:{$port}."); + $method = 'pfsense.merge_installedpackages_section_xmlrpc'; + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + if ($g['debug']) { + $cli->setDebug(1); + } + /* Send our XMLRPC message and timeout after defined sync timeout value */ + $resp = $cli->send($msg, $synctimeout); + if (!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port}."; + log_error("[postfix] {$error}"); + file_notice("sync_settings", $error, "Postfix Settings Sync", ""); + } elseif ($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - if(!$resp) { - $error = "A communications error occurred while attempting postfix XMLRPC sync with {$url}:{$port}."; - log_error($error); - file_notice("sync_settings", $error, "Postfix Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting postfix XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "Postfix Settings Sync", ""); - } else { - log_error("Postfix XMLRPC sync successfully completed with {$url}:{$port}."); - } + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[postfix] {$error}"); + file_notice("sync_settings", $error, "Postfix Settings Sync", ""); + } else { + log_error("[postfix] XMLRPC sync successfully completed with {$url}:{$port}."); + } - /* tell postfix to reload our settings on the destionation sync host. */ - $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/postfix.inc');\n"; - $execcmd .= "sync_package_postfix('yes');"; - - /* assemble xmlrpc payload */ - $params = array( - XML_RPC_encode($password), - XML_RPC_encode($execcmd) - ); - - log_error("postfix XMLRPC reload data {$url}:{$port}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials($username, $password); + /* Tell postfix to reload our settings on the destionation sync host. */ + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/pkg/postfix.inc');\n"; + $execcmd .= "sync_package_postfix('yes');"; + + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); + log_error("[postfix] XMLRPC reload data {$url}:{$port}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + $resp = $cli->send($msg, $synctimeout); + if(!$resp) { + $error = "A communications error occurred while attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + log_error("[postfix] {$error}"); + file_notice("sync_settings", $error, "postfix Settings Sync", ""); + } elseif($resp->faultCode()) { + $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - if(!$resp) { - $error = "A communications error occurred while attempting postfix XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; - log_error($error); - file_notice("sync_settings", $error, "postfix Settings Sync", ""); - } elseif($resp->faultCode()) { - $cli->setDebug(1); - $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting postfix XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); - file_notice("sync_settings", $error, "postfix Settings Sync", ""); - } else { - log_error("postfix XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); - } + $error = "An error code was received while attempting XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("[postfix] {$error}"); + file_notice("sync_settings", $error, "postfix Settings Sync", ""); + } else { + log_error("[postfix] XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } diff --git a/config/postfix/postfix.php b/config/postfix/postfix.php index 4cf85033..4c444ab8 100644 --- a/config/postfix/postfix.php +++ b/config/postfix/postfix.php @@ -1,15 +1,15 @@ <?php /* postfix.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2011-2014 Marcello Coutinho <marcellocoutinho@gmail.com> - based on varnish_view_config. + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -33,110 +33,140 @@ require_once("/etc/inc/pkg-utils.inc"); require_once("/etc/inc/globals.inc"); require_once("/usr/local/pkg/postfix.inc"); -$uname=posix_uname(); -if ($uname['machine']=='amd64') +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') { ini_set('memory_limit', '250M'); +} -function get_remote_log(){ - global $config,$g,$postfix_dir; +function get_remote_log() { + global $config, $g, $postfix_dir; $curr_time = time(); - $log_time=date('YmdHis',$curr_time); - #get protocol - if($config['system']['webgui']['protocol'] != "") - $synchronizetoip = $config['system']['webgui']['protocol']. "://"; - #get port - $port = $config['system']['webgui']['port']; - #if port is empty lets rely on the protocol selection - if($port == "") - $port =($config['system']['webgui']['protocol'] == "http"?"80":"443"); - $synchronizetoip .= $sync_to_ip; - if (is_array($config['installedpackages']['postfixsync'])) - foreach($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh){ - $sync_to_ip = $sh['ipaddress']; - $sync_type = $sh['sync_type']; - $password = $sh['password']; - $file= '/var/db/postfix/'.$server.'.sql'; - #get remote data - if ($sync_type=='fetch'){ - $url= $synchronizetoip . $sync_to_ip; - print "$sync_to_ip $url, $port\n"; - $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/www/postfix.php');\n"; - $execcmd .= '$toreturn=get_sql('.$log_time.');'; - /* assemble xmlrpc payload */ - $params = array(XML_RPC_encode($password), - XML_RPC_encode($execcmd)); - log_error("postfix get sql data from {$sync_to_ip}."); - $msg = new XML_RPC_Message($method, $params); - $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - #$cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $a=$resp->value(); - $errors=0; - #var_dump($sql); - foreach($a as $b) - foreach ($b as $c) - foreach ($c as $d) - foreach ($d as $e){ - $update=unserialize($e['string']); - print $update['day']."\n"; - if ($update['day'] != ""){ - create_db($update['day'].".db"); - if ($debug=true) - print $update['day'] ." writing from remote system to db..."; - $dbhandle = sqlite_open($postfix_dir.'/'.$update['day'].".db", 0666, $error); - #file_put_contents("/tmp/".$key.'-'.$update['day'].".sql",gzuncompress(base64_decode($update['sql'])), LOCK_EX); - $ok = sqlite_exec($dbhandle, gzuncompress(base64_decode($update['sql'])), $error); - if (!$ok){ - $errors++; - die ("Cannot execute query. $error\n".$update['sql']."\n"); - } - else{ - if ($debug=true) - print "ok\n"; - } - sqlite_close($dbhandle); - } - } - if ($errors ==0){ + $log_time = date('YmdHis', $curr_time); + + if (is_array($config['installedpackages']['postfixsync'])) { + $synctimeout = $config['installedpackages']['postfixsync']['config'][0]['synctimeout'] ?: '250'; + foreach ($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh) { + // Get remote data for enabled fetch hosts + if ($sh['enabless'] && $sh['sync_type'] == 'fetch') { + $sync_to_ip = $sh['ipaddress']; + $port = $sh['syncport']; + $username = $sh['username'] ?: 'admin'; + $password = $sh['password']; + $protocol = $sh['syncprotocol']; + $file = '/var/db/postfix/' . $server . '.sql'; + + $error = ''; + $valid = TRUE; + + if ($password == "") { + $error = "Password parameter is empty. "; + $valid = FALSE; + } + if ($protocol == "") { + $error = "Protocol parameter is empty. "; + $valid = FALSE; + } + if (!is_ipaddr($sync_to_ip) && !is_hostname($sync_to_ip) && !is_domain($sync_to_ip)) { + $error .= "Misconfigured Replication Target IP Address or Hostname. "; + $valid = FALSE; + } + if (!is_port($port)) { + $error .= "Misconfigured Replication Target Port. "; + $valid = FALSE; + } + if ($valid) { + // Take care of IPv6 literal address + if (is_ipaddrv6($sync_to_ip)) { + $sync_to_ip = "[{$sync_to_ip}]"; + } + $url = "{$protocol}://{$sync_to_ip}"; + + print "{$sync_to_ip} {$url}, {$port}\n"; $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/www/postfix.php');\n"; - $execcmd .= 'flush_sql('.$log_time.');'; - /* assemble xmlrpc payload */ - $params = array(XML_RPC_encode($password), - XML_RPC_encode($execcmd)); - log_error("postfix flush sql buffer file from {$sync_to_ip}."); + $execcmd .= '$toreturn = get_sql('.$log_time.');'; + + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); + log_error("[postfix] Fetching sql data from {$sync_to_ip}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); - $cli->setCredentials('admin', $password); - #$cli->setDebug(1); - $resp = $cli->send($msg, "250"); + $cli->setCredentials($username, $password); + //$cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); + $a = $resp->value(); + $errors = 0; + //var_dump($sql); + foreach($a as $b) { + foreach ($b as $c) { + foreach ($c as $d) { + foreach ($d as $e) { + $update = unserialize($e['string']); + print $update['day'] . "\n"; + if ($update['day'] != "") { + create_db($update['day'] . ".db"); + if ($debug) { + print $update['day'] . " writing from remote system to db..."; + } + $dbhandle = sqlite_open($postfix_dir . '/' . $update['day'] . ".db", 0666, $error); + //file_put_contents("/tmp/" . $key . '-' . $update['day'] . ".sql", gzuncompress(base64_decode($update['sql'])), LOCK_EX); + $ok = sqlite_exec($dbhandle, gzuncompress(base64_decode($update['sql'])), $error); + if (!$ok) { + $errors++; + die ("Cannot execute query. $error\n".$update['sql']."\n"); + } elseif ($debug) { + print "ok\n"; + } + sqlite_close($dbhandle); + } + } + } + } + } + if ($errors == 0) { + $method = 'pfsense.exec_php'; + $execcmd = "require_once('/usr/local/www/postfix.php');\n"; + $execcmd .= 'flush_sql('.$log_time.');'; + /* Assemble XMLRPC payload. */ + $params = array(XML_RPC_encode($password), XML_RPC_encode($execcmd)); + log_error("[postfix] Flushing sql buffer file from {$sync_to_ip}."); + $msg = new XML_RPC_Message($method, $params); + $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); + $cli->setCredentials($username, $password); + //$cli->setDebug(1); + $resp = $cli->send($msg, $synctimeout); } + } else { + log_error("[postfix] Fetch sql database from '{$sync_to_ip}' aborted due to the following error(s): {$error}"); } + } } + log_error("[postfix] Fetch sql database completed."); + } } -function get_sql($log_time){ - global $config,$xmlrpc_g; - $server=$_SERVER['REMOTE_ADDR']; - if (is_array($config['installedpackages']['postfixsync'])) - foreach($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh){ +function get_sql($log_time) { + global $config, $xmlrpc_g; + $server = $_SERVER['REMOTE_ADDR']; + + if (is_array($config['installedpackages']['postfixsync'])) { + foreach($config['installedpackages']['postfixsync']['config'][0]['row'] as $sh) { $sync_to_ip = $sh['ipaddress']; $sync_type = $sh['sync_type']; - $password = $sh['password']; - $file= '/var/db/postfix/'.$server.'.sql'; - if ($sync_to_ip==$server && $sync_type=='share' && file_exists($file)){ - rename($file,$file.".$log_time"); - return (file($file.".$log_time")); - } + $file = '/var/db/postfix/' . $server . '.sql'; + if ($sync_to_ip == "{$server}" && $sync_type == "share" && file_exists($file)) { + rename($file, $file . ".$log_time"); + return (file($file . ".$log_time")); + } } return ""; + } } -function flush_sql($log_time){ - if (preg_match("/\d+\.\d+\.\d+\.\d+/",$_SERVER['REMOTE_ADDR'])) - unlink_if_exists('/var/db/postfix/'.$_SERVER['REMOTE_ADDR'].".sql.$log_time"); +function flush_sql($log_time) { + if (preg_match("/\d+\.\d+\.\d+\.\d+/", $_SERVER['REMOTE_ADDR'])) { + unlink_if_exists('/var/db/postfix/' . $_SERVER['REMOTE_ADDR'] . ".sql.{$log_time}"); + } } function grep_log(){ @@ -296,73 +326,60 @@ function grep_log(){ } } - $config=parse_xml_config("{$g['conf_path']}/config.xml", $g['xml_rootobj']); - //print count($config['installedpackages']); - #start db replication if configured - if ($config['installedpackages']['postfixsync']['config'][0]['rsync']) - foreach ($config['installedpackages']['postfixsync']['config'] as $rs ) - foreach($rs['row'] as $sh){ - $sync_to_ip = $sh['ipaddress']; - $sync_type = $sh['sync_type']; - $password = $sh['password']; - print "checking replication to $sync_to_ip..."; - if ($password && $sync_to_ip && preg_match("/(both|database)/",$sync_type)) - postfix_do_xmlrpc_sync($sync_to_ip, $password,$sync_type); - print "ok\n"; - } - } -function write_db($stm,$table,$days){ - global $postfix_dir,$config,$g; +function write_db($stm, $table, $days) { + global $postfix_dir, $config, $g; conf_mount_rw(); - $do_sync=array(); + $do_sync = array(); print "writing to database..."; - foreach ($days as $day) - if (strlen($stm[$day]) > 10){ - if ($config['installedpackages']['postfixsync']['config'][0]) - foreach ($config['installedpackages']['postfixsync']['config'] as $rs ) - foreach($rs['row'] as $sh){ + foreach ($days as $day) { + if ((strlen($stm[$day]) > 10) && (is_array($config['installedpackages']['postfixsync']['config']))) { + foreach ($config['installedpackages']['postfixsync']['config'] as $rs) { + foreach($rs['row'] as $sh) { $sync_to_ip = $sh['ipaddress']; $sync_type = $sh['sync_type']; $password = $sh['password']; - $sql_file='/var/db/postfix/'.$sync_to_ip.'.sql'; - ${$sync_to_ip}=""; - if (file_exists($sql_file)) - ${$sync_to_ip}=file_get_contents($sql_file); - if ($sync_to_ip && $sync_type=="share"){ - ${$sync_to_ip}.=serialize(array('day'=> $day,'sql'=> base64_encode(gzcompress($stm[$day]."COMMIT;",9))))."\n"; - if (! in_array($sync_to_ip,$do_sync)) - $do_sync[]=$sync_to_ip; + $sql_file = '/var/db/postfix/' . $sync_to_ip . '.sql'; + ${$sync_to_ip} = ""; + if (file_exists($sql_file)) { + ${$sync_to_ip} = file_get_contents($sql_file); + } + if ($sync_to_ip && $sync_type == "share") { + ${$sync_to_ip} .= serialize(array('day' => $day, 'sql' => base64_encode(gzcompress($stm[$day] . "COMMIT;", 9)))) . "\n"; + if (!in_array($sync_to_ip, $do_sync)) { + $do_sync[] = $sync_to_ip; } } - #write local db file - create_db($day.".db"); - if ($debug=true) - print " writing to local db $day..."; - $dbhandle = sqlite_open($postfix_dir.$day.".db", 0666, $error); - if (!$dbhandle) die ($error); - #file_put_contents("/tmp/".$key.'-'.$update['day'].".sql",gzuncompress(base64_decode($update['sql'])), LOCK_EX); - $ok = sqlite_exec($dbhandle, $stm[$day]."COMMIT;", $error); - if (!$ok){ - if ($debug=true) - print ("Cannot execute query. $error\n".$stm[$day]."COMMIT;\n"); - } - else{ - if ($debug=true) - print "ok\n"; } - sqlite_close($dbhandle); } - #write update sql files - if (count ($do_sync) > 0 ){ - - foreach($do_sync as $ip) - file_put_contents('/var/db/postfix/'.$ip.'.sql',${$ip},LOCK_EX); - conf_mount_ro(); + /* Write local db file */ + create_db($day . ".db"); + if ($debug) { + print "writing to local db $day..."; + } + $dbhandle = sqlite_open($postfix_dir.$day.".db", 0666, $error); + if (!$dbhandle) { + die ($error); + } + //file_put_contents("/tmp/" . $key . '-' . $update['day'] . ".sql", gzuncompress(base64_decode($update['sql'])), LOCK_EX); + $ok = sqlite_exec($dbhandle, $stm[$day] . "COMMIT;", $error); + if (!$ok) { + print ("Cannot execute query. $error\n" . $stm[$day] . "COMMIT;\n"); + } elseif ($debug) { + print "ok\n"; + } + sqlite_close($dbhandle); + } } - #write local file - + /* Write updated sql files */ + if (count($do_sync) > 0 ) { + foreach ($do_sync as $ip) { + file_put_contents('/var/db/postfix/' . $ip . '.sql', ${$ip}, LOCK_EX); + } + } + conf_mount_ro(); + /* Write local file */ } function create_db($postfix_db){ @@ -748,4 +765,4 @@ if ($_REQUEST['files']!= ""){ print '</table>'; } } -?>
\ No newline at end of file +?> diff --git a/config/postfix/postfix_sync.xml b/config/postfix/postfix_sync.xml index 727305ff..eb3ab27b 100644 --- a/config/postfix/postfix_sync.xml +++ b/config/postfix/postfix_sync.xml @@ -5,44 +5,44 @@ <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - postfix_sync.xml - part of the Postfix package for pfSense - Copyright (C) 2011-2014 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + postfix_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2011-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>postfix_sync</name> - <version>1.0</version> + <name>postfixsync</name> + <version>2.4.5</version> <title>Services: Postfix relay and antispam</title> <include_file>/usr/local/pkg/postfix.inc</include_file> <menu> @@ -100,12 +100,12 @@ <type>listtopic</type> </field> <field> - <fielddescr>Sync method</fielddescr> + <fielddescr>Sync Method</fielddescr> <fieldname>synconchanges</fieldname> <description>Automatically sync postfix configuration changes.</description> <type>select</type> <required/> - <default_value>auto</default_value> + <default_value>disabled</default_value> <options> <option><name>Sync to configured system backup server</name><value>auto</value></option> <option><name>Sync to host(s) defined below</name><value>manual</value></option> @@ -113,7 +113,7 @@ </options> </field> <field> - <fielddescr>Sync timeout</fielddescr> + <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> <description>Select sync max wait time</description> <type>select</type> @@ -128,73 +128,89 @@ </options> </field> <field> - <fielddescr><![CDATA[Remote Server]]></fielddescr> + <fielddescr>Remote Server</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> <dontdisplayname/> <usecolspan2/> <rowhelper> - <rowhelperfield> - <fielddescr>Enable</fielddescr> - <fieldname>enabless</fieldname> - <type>checkbox</type> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Sync Type </fielddescr> - <fieldname>sync_type</fieldname> - <type>select</type> - <options> - <option><name>XMLRPC Sync</name><value>xmlrpc</value></option> - <option><name>Share Database To</name><value>share</value></option> - <option><name>Fetch Database From</name><value>fetch</value></option> - <option><name>Disabled</name><value>disabled</value></option> - </options> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Remote Server IP</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> - <type>input</type> - <size>10</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Username</fielddescr> - <fieldname>username</fieldname> - <description>Username for remote server.</description> - <type>input</type> - <size>10</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>10</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Description</fielddescr> - <fieldname>description</fieldname> - <type>input</type> - <size>27</size> - </rowhelperfield> + <rowhelperfield> + <fielddescr>Enable</fielddescr> + <fieldname>enabless</fieldname> + <type>checkbox</type> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Sync Type</fielddescr> + <fieldname>sync_type</fieldname> + <type>select</type> + <options> + <option><name>XMLRPC Sync</name><value>xmlrpc</value></option> + <option><name>Share Database To</name><value>share</value></option> + <option><name>Fetch Database From</name><value>fetch</value></option> + <option><name>Disabled</name><value>disabled</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Protocol</fielddescr> + <fieldname>syncprotocol</fieldname> + <description>Choose the protocol used to sync with the destination host (HTTP or HTTPS).</description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Remote Server IP/Hostname</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP address or hostname of remote server</description> + <type>input</type> + <size>30</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Port</fielddescr> + <fieldname>syncport</fieldname> + <description>Choose the sync port of the remote server.</description> + <type>input</type> + <size>5</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Username</fielddescr> + <fieldname>username</fieldname> + <description>Username for remote server.</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <type>input</type> + <size>30</size> + </rowhelperfield> </rowhelper> - <description><![CDATA[<br>Sync types Description:<br><br> - <strong>XMLRPC Sync</strong> - Forward postfix settings to other pfsense boxes. Remote password required<br> - <strong>Share Database To</strong> - Allow other pfsense boxes to fetch maillog data via xml. Remote password NOT required.<br> - <strong>Fetch Database From</strong> - Merge logs from other pfsense boxes to this local database. Remote password required.<br> - <strong>Disabled</strong> - Ignore this host while sync.<br><br> - While sharing databases works only when you select 'Sync to host(s) defined below' on sync method and you must setup 'Share Database To' in source box and 'Fetch Database From' on destination box.]]></description> + <description> + <![CDATA[ + <br/>Sync types Description:<br/><br/> + <strong>XMLRPC Sync</strong> - Forward postfix settings to other pfSense boxes. Remote password required.<br/> + <strong>Share Database To</strong> - Allow other pfSense boxes to fetch maillog data via XMLRPC. Remote password NOT required.<br/> + <strong>Fetch Database From</strong> - Merge logs from other pfSense boxes to this local database. Remote password required.<br/> + <strong>Disabled</strong> - Ignore this host while syncing.<br/><br/> + Sharing databases works only when you select 'Sync to host(s) defined below' sync method; you must setup 'Share Database To' in source box and 'Fetch Database From' on destination box. + ]]> + </description> </field> </fields> - <custom_php_install_command> - postfix_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - postfix_php_deinstall_command(); - </custom_php_deinstall_command> <custom_php_validation_command> postfix_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sync_package_postfix(); </custom_php_resync_config_command> diff --git a/config/squidGuard/squidguard.priv.inc b/config/squidGuard/squidguard.priv.inc new file mode 100644 index 00000000..a80c798b --- /dev/null +++ b/config/squidGuard/squidguard.priv.inc @@ -0,0 +1,55 @@ +<?php +/* + squidguard.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-squidguard'] = array(); +$priv_list['page-services-squidguard']['name'] = "WebCfg - Services: SquidGuard package"; +$priv_list['page-services-squidguard']['descr'] = "Allow access to SquidGuard package GUI"; +$priv_list['page-services-squidguard']['match'] = array(); + +$priv_list['page-services-squidguard']['match'][] = "pkg.php?xml=squidguard.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg.php?xml=squidguard_acl.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg.php?xml=squidguard_default.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg.php?xml=squidguard_dest.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg.php?xml=squidguard_sync.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg.php?xml=squidguard_time.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg.php?xml=squidguard_rewr.xml*"; + +$priv_list['page-services-squidguard']['match'][] = "pkg_edit.php?xml=squidguard.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg_edit.php?xml=squidguard_acl.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg_edit.php?xml=squidguard_default.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg_edit.php?xml=squidguard_dest.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg_edit.php?xml=squidguard_sync.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg_edit.php?xml=squidguard_time.xml*"; +$priv_list['page-services-squidguard']['match'][] = "pkg_edit.php?xml=squidguard_rewr.xml*"; + +$priv_list['page-services-squidguard']['match'][] = "squidguard_blacklist.php*"; +$priv_list['page-services-squidguard']['match'][] = "squidguard_log.php*"; + +?> diff --git a/config/squidGuard/squidguard.xml b/config/squidGuard/squidguard.xml index e268fb7a..e7514f63 100644 --- a/config/squidGuard/squidguard.xml +++ b/config/squidGuard/squidguard.xml @@ -2,16 +2,52 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <description>[<![CDATA[Describe your package here]]></description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + <copyright> +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ +/* + squidguard.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2006-2013 Sergey Dvoriancev <dv_serg@mail.ru> + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidguardgeneral</name> - <version>1.4_7 pkg v.1.9.14</version> + <version>1.9.16</version> <title>Proxy filter SquidGuard: General settings</title> <include_file>/usr/local/pkg/squidguard.inc</include_file> <!-- Installation --> <menu> - <name>Proxy filter</name> + <name>SquidGuard Proxy Filter</name> <tooltiptext>Modify the proxy server's filter settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squidguard.xml&id=0</url> @@ -62,57 +98,50 @@ </service> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_configurator.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_acl.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_default.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_dest.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_rewr.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_time.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/squidGuard/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_log.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/squidGuard/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/squidguard_blacklist.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/squidGuard/sgerror.php</item> </additional_files_needed> <fields> diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 891af90b..1a4c020e 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -40,7 +40,7 @@ <website>http://www.asterisk.org/</website> <category>Services</category> <version>0.3.3</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/asterisk/asterisk.xml</config_file> <run_depends>sbin/asterisk:net/asterisk</run_depends> @@ -52,7 +52,7 @@ <build_options>asterisk_SET_FORCE=SRTP;asterisk_UNSET_FORCE=FREETDS PGSQL</build_options> <maintainer>marcellocoutinho@gmail.com robreg@zsurob.hu</maintainer> <configurationfile>asterisk.xml</configurationfile> - <after_install_info>Please visit the Asterisk tab on status menu.</after_install_info> + <after_install_info>Please visit Status - Asterisk menu.</after_install_info> <maximum_version>2.2.999</maximum_version> </package> <package> @@ -79,11 +79,11 @@ <package> <name>Filer</name> <descr>Allows you to create and overwrite files from the GUI.</descr> - <category>File Management</category> + <category>Utility</category> <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> - <version>0.60.5</version> - <status>Beta</status> + <version>0.60.6</version> + <status>BETA</status> <required_version>2.2</required_version> <maintainer>bscholer@cshl.edu</maintainer> <configurationfile>filer.xml</configurationfile> @@ -93,11 +93,11 @@ <name>File Manager</name> <internal_name>File_Manager</internal_name> <descr>PHP File Manager.</descr> - <category>Diagnostics</category> + <category>Utility</category> <pkginfolink>https://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</config_file> <version>0.2.2</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <maintainer>tom@tomschaefer.org</maintainer> <configurationfile>filemgr.xml</configurationfile> @@ -114,11 +114,11 @@ Advanced Integration for Emerging Threats IQRisk IP Reputation Threat Sources. ]]> </descr> - <category>Firewall</category> + <category>Security</category> <pkginfolink>https://forum.pfsense.org/index.php?topic=86212.0</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.xml</config_file> <version>1.10</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <maintainer>BBCan177@gmail.com</maintainer> <configurationfile>pfblockerng.xml</configurationfile> @@ -144,7 +144,7 @@ <website>http://haproxy.1wt.eu/</website> <category>Services</category> <version>0.32</version> - <status>Release</status> + <status>RELEASE</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy1_5/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> @@ -172,7 +172,7 @@ <website>http://haproxy.1wt.eu/</website> <category>Services</category> <version>0.33</version> - <status>Release</status> + <status>RELEASE</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> @@ -193,14 +193,14 @@ <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> <descr><![CDATA[ - ModSecurity is a web application firewall that can work either embedded or as a reverse proxy.<br /> + ModSecurity (Apache 2.4 branch) is a web application firewall that can work either embedded or as a reverse proxy.<br /> It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br /> In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br /> <strong>Backup your location config before updating from 0.2.x to 0.3 package version.</strong> ]]> </descr> - <category>Network Management</category> - <version>0.44</version> + <category>Security</category> + <version>0.45</version> <status>ALPHA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> @@ -217,7 +217,7 @@ <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> <build_options>apache24_UNSET_FORCE=MPM_PREFORK;apache24_SET_FORCE=MPM_EVENT SLOTMEM_SHM MOST_ENABLED_MODULES MPM_SHARED SESSION_ENABLED_MODULES PROXY_ENABLED_MODULES SESSION_ENABLED_MODULES;mod_security_SET_FORCE=MLOGC</build_options> - <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> + <after_install_info>Please visit Services - Mod_Security+Apache+Proxy menu and set the service up so that it may be started.</after_install_info> <maximum_version>2.2.999</maximum_version> </package> <package> @@ -225,8 +225,13 @@ <internal_name>apache-mod_security</internal_name> <pkginfolink>https://doc.pfsense.org/index.php/ProxyServerModSecurity_package</pkginfolink> <website>http://www.modsecurity.org/</website> - <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> - <category>Network Management</category> + <descr><![CDATA[ + ModSecurity (Apache 2.2 branch) is a web application firewall that can work either embedded or as a reverse proxy.<br/> + It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.<br/> + In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address. + ]]> + </descr> + <category>Security</category> <version>0.1.8</version> <status>ALPHA</status> <required_version>2.2</required_version> @@ -245,13 +250,19 @@ <ports_after>www/mod_security www/mod_memcache</ports_after> </build_pbi> <build_options>apr_UNSET_FORCE=BDB MYSQL PGSQL NSS;apr_SET_FORCE=SQLITE THREADS IPV6 SSL;apache22-worker-mpm_UNSET_FORCE=AUTHNZ_LDAP AUTHN_DBD BUCKETEER CASE_FILTER CASE_FILTER_IN CGID DBD EXT_FILTER LDAP LOG_FORENSIC OPTIONAL_FN_EXPORT OPTIONAL_FN_IMPORT OPTIONAL_HOOK_EXPORT OPTIONAL_HOOK_IMPORT SUBSTITUTE SUEXEC SUEXEC_RSRCLIMIT;apache22-worker-mpm_SET_FORCE=ACTIONS ALIAS AUTHN_ALIAS VHOST_ALIAS ASIS AUTHN_ANON AUTHN_DBM AUTHN_DEFAULT AUTHN_FILE AUTHZ_DBM AUTHZ_DEFAULT AUTHZ_GROUPFILE AUTHZ_HOST AUTHZ_OWNER AUTHZ_USER AUTH_BASIC AUTH_DIGEST AUTOINDEX CACHE DISK_CACHE FILE_CACHE MEM_CACHE CERN_META CGI CHARSET_LITE DAV DAV_FS DEFLATE DIR DUMPIO ENV EXPIRES FILTER HEADERS IMAGEMAP INCLUDE INFO LOGIO LOG_CONFIG MIME MIME_MAGIC NEGOTIATION PROXY PROXY_AJP PROXY_BALANCER PROXY_CONNECT PROXY_FTP PROXY_HTTP PROXY_SCGI REQTIMEOUT REWRITE SETENVIF SPELING STATUS THREADS UNIQUE_ID USERDIR USERTRACK VERSION</build_options> - <after_install_info>Please visit the ProxyServer settings tab and set the service up so that it may be started.</after_install_info> + <after_install_info>Please visit Services - Mod_Security+Apache+Proxy menu and set the service up so that it may be started.</after_install_info> </package> <package> <name>Avahi</name> <pkginfolink>https://doc.pfsense.org/index.php/Avahi_package</pkginfolink> <website>http://www.avahi.org/</website> - <descr>Avahi is a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in Apple Mac OS X (branded Rendezvous, Bonjour and sometimes Zeroconf) and is very convenient. Avahi is mainly based on Lennart Poettering's flexmdns mDNS implementation for Linux which has been discontinued in favour of Avahi.</descr> + <descr><![CDATA[ + Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite.<br/> + This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.<br/> + In addition it supports some nifty things that have never been seen elsewhere like correct mDNS reflection across LAN segments.<br/> + Compatible technology is found in Apple MacOS X (branded ​Bonjour and sometimes Zeroconf). + ]]> + </descr> <category>Network Management</category> <lib_depends>libavahi-core.so:net/avahi-app</lib_depends> <port_category>net</port_category> @@ -266,7 +277,7 @@ <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> <configurationfile>avahi.xml</configurationfile> - <after_install_info>Please visit the Avahi settings tab and select which interfaces you do not wish Avahi to listen on and click save to start the service.</after_install_info> + <after_install_info>Please visit Services - Avahi menu, enable the service and select which interfaces you do NOT wish Avahi to listen on. Save settings to start the service.</after_install_info> </package> <package> <name>ntop</name> @@ -309,11 +320,11 @@ <package> <name>Notes</name> <descr>Track things you want to note for this system.</descr> - <category>Status</category> + <category>Utility</category> <pkginfolink/> <config_file>https://packages.pfsense.org/packages/config/notes/notes.xml</config_file> <version>0.2.7</version> - <status>Alpha</status> + <status>RC</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> <configurationfile>notes.xml</configurationfile> @@ -326,7 +337,7 @@ <port_category>ftp</port_category> <config_file>https://packages.pfsense.org/packages/config/tftp2/tftp.xml</config_file> <version>2.2.2</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <configurationfile>tftp.xml</configurationfile> <maximum_version>2.2.999</maximum_version> @@ -338,7 +349,7 @@ <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> <version>0.5.1</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> <configurationfile>phpservice.xml</configurationfile> @@ -350,7 +361,7 @@ <category>System</category> <config_file>https://packages.pfsense.org/packages/config/backup/backup.xml</config_file> <version>0.2.1</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> <configurationfile>backup.xml</configurationfile> @@ -358,23 +369,27 @@ <package> <name>Cron</name> <descr>The cron utility is used to manage commands on a schedule.</descr> - <category>Services</category> + <category>System</category> <config_file>https://packages.pfsense.org/packages/config/cron/cron.xml</config_file> <version>0.3.2</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> <configurationfile>cron.xml</configurationfile> </package> <package> <name>vHosts</name> - <descr>A web server package that can host HTML, Javascript, CSS, and PHP. It uses the lighttpd web server that is already installed. It uses PHP5 in FastCGI mode and has access to PHP Data Ojbects and PDO SQLite.</descr> + <descr><![CDATA[ + A web server package that can host HTML, Javascript, CSS, and PHP. It uses the lighttpd web server that is already installed.<br/> + It uses PHP5 in FastCGI mode and has access to PHP Data Objects and PDO SQLite. + ]]> + </descr> <category>Services</category> <port_category>www</port_category> <pkginfolink>https://doc.pfsense.org/index.php/vhosts</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/vhosts/vhosts.xml</config_file> <version>0.8.3</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> <configurationfile>vhosts.xml</configurationfile> @@ -397,15 +412,19 @@ <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> <version>3.2.8.3</version> <required_version>2.2</required_version> - <status>Stable</status> + <status>RELEASE</status> <configurationfile>/snort.xml</configurationfile> - <after_install_info>Please visit the Snort settings tab first and select your desired rules. Afterwards visit the update rules tab to download your configured rules.</after_install_info> + <after_install_info>Please visit Services - Snort - Interfaces tab first and select your desired rules. Afterwards visit the Updates tab to download your configured rulesets.</after_install_info> </package> <package> <name>olsrd</name> <website>http://www.olsr.org/</website> - <descr>The olsr.org OLSR daemon is an implementation of the Optimized Link State Routing protocol. OLSR is a routing protocol for mobile ad-hoc networks. The protocol is pro-active, table driven and utilizes a technique called multipoint relaying for message flooding.</descr> - <category>Services</category> + <descr><![CDATA[ + The olsr.org OLSR daemon is an implementation of the Optimized Link State Routing protocol.<br/> + OLSR is a routing protocol for mobile ad-hoc networks. The protocol is pro-active, table driven and utilizes a technique called multipoint relaying for message flooding. + ]]> + </descr> + <category>Network Management</category> <config_file>https://packages.pfsense.org/packages/config/olsrd/olsrd.xml</config_file> <depends_on_package_pbi>olsrd-0.6.6.2_1-##ARCH##.pbi</depends_on_package_pbi> <run_depends>sbin/olsrd:net/olsrd</run_depends> @@ -414,7 +433,7 @@ <port>net/olsrd</port> </build_pbi> <version>1.0.3</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <configurationfile>olsrd.xml</configurationfile> <maximum_version>2.2.999</maximum_version> @@ -427,19 +446,23 @@ <port_category>net</port_category> <config_file>https://packages.pfsense.org/packages/config/routed/routed.xml</config_file> <version>1.2.1</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <configurationfile>routed.xml</configurationfile> </package> <package> <name>spamd</name> <website>http://www.openbsd.org/spamd/</website> - <descr>Tarpits like spamd are fake SMTP servers, which accept connections but don't deliver mail. Instead, they keep the connections open and reply very slowly. If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a 'temporary error' code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in their queue and retry again later.</descr> + <descr><![CDATA[ + Tarpits like spamd are fake SMTP servers, which accept connections but don't deliver mail. Instead, they keep the connections open and reply very slowly.<br/> + If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a 'temporary error' code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in their queue and retry again later. + ]]> + </descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/spamd/spamd.xml</config_file> <depends_on_package_pbi>spamd-4.9.1_2-##ARCH##.pbi</depends_on_package_pbi> <version>1.1.6</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <port_category>mail</port_category> <run_depends>sbin/spamdb:mail/spamd</run_depends> @@ -460,15 +483,15 @@ <descr><![CDATA[ Postfix mail forwarder acts as a relay server for your domain.<br /> It can do first and second line antispam combat before sending incoming mail to local mail servers.<br /> - Postfix can also detect zombies, check RBLS, SPF, search ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution. + Postfix can also detect zombies, check RBLs, SPF, search LDAP for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution. ]]> </descr> <category>Services</category> <pkginfolink>https://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/postfix/postfix.xml</config_file> <depends_on_package_pbi>postfix-2.11.3_2-##ARCH##.pbi</depends_on_package_pbi> - <version>2.4.4</version> - <status>Release</status> + <version>2.4.5</version> + <status>RELEASE</status> <required_version>2.2</required_version> <configurationfile>postfix.xml</configurationfile> <port_category>mail</port_category> @@ -486,8 +509,8 @@ DansGuardian is an award winning Open Source web content filter.<br /> It filters the actual content of pages based on many methods, including phrase matching, PICS filtering and URL filtering.<br /> It does not purely filter based on a banned list of sites like lesser totally commercial filters.<br /> - For all non-commercial use it's free, without cost.<br /> - For all commercial use visit DansGuardian website to get a licence. + For all non-commercial use it's free, without cost. For all commercial use visit DansGuardian website to get a licence.<br /><br /> + <strong>WARNING! This package bundles ClamAV that conflicts with 'Squid3', 'Mailscanner' and 'HAVP antivirus' packages! Installing these will result in a broken state.</strong> ]]> </descr> <category>Services</category> @@ -495,7 +518,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,43786.0.html</pkginfolink> <depends_on_package_pbi>dansguardian-2.12.0.3_2-##ARCH##.pbi</depends_on_package_pbi> <version>2.12.0.3_2 pkg v.0.1.12</version> - <status>beta</status> + <status>BETA</status> <required_version>2.2</required_version> <configurationfile>dansguardian.xml</configurationfile> <build_pbi> @@ -512,7 +535,8 @@ <website>http://www.mailscanner.info</website> <descr><![CDATA[ MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.<br /> - This is a level3 mail scanning tool with high CPU load. + This is a level3 mail scanning tool with high CPU load.<br/><br/> + <strong>WARNING! This package bundles ClamAV that conflicts with 'Squid3', 'Dansguardian' and 'HAVP antivirus' packages! Installing these will result in a broken state.</strong> ]]> </descr> <category>Services</category> @@ -520,7 +544,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,43687.0.html</pkginfolink> <depends_on_package_pbi>mailscanner-4.84.6-##ARCH##.pbi</depends_on_package_pbi> <version>0.2.12</version> - <status>beta</status> + <status>BETA</status> <required_version>2.2</required_version> <configurationfile>mailscanner.xml</configurationfile> <port_category>mail</port_category> @@ -547,7 +571,7 @@ <port>net/siproxd</port> </build_pbi> <version>1.0.6</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <configurationfile>siproxd.xml</configurationfile> </package> @@ -558,7 +582,7 @@ <strong>WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.</strong> ]]> </descr> - <category>NET</category> + <category>Network Management</category> <config_file>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.xml</config_file> <port_category>net</port_category> <run_depends>sbin/bgpctl:net/openbgpd</run_depends> @@ -567,7 +591,7 @@ <port>net/openbgpd</port> </build_pbi> <version>0.9.3.8</version> - <status>STABLE</status> + <status>RELEASE</status> <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>2.2</required_version> <configurationfile>openbgpd.xml</configurationfile> @@ -575,9 +599,13 @@ </package> <package> <name>Lightsquid</name> - <descr>LightSquid is a high performance web proxy reporting tool. Proxy realtime statistics (SQStat). Requires Squid HTTP proxy.</descr> + <descr><![CDATA[ + LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat). + <strong>Requires Squid3 or Squid package.</strong> + ]]> + </descr> <website>http://lightsquid.sf.net/</website> - <category>Network Report</category> + <category>Network Management</category> <version>2.42</version> <maintainer>dv_serg@mail.ru</maintainer> <port_category>www</port_category> @@ -588,7 +616,7 @@ <port>www/lightsquid</port> </build_pbi> <build_options>lightsquid_SET_FORCE=GD;libgd_UNSET_FORCE=FONTCONFIG XPM;perl_UNSET_FORCE=MULTIPLICITY</build_options> - <status>RC1</status> + <status>RC</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/lightsquid/lightsquid.xml</config_file> <configurationfile>lightsquid.xml</configurationfile> @@ -600,15 +628,15 @@ <website>http://www.dansguardian.org/</website> <descr><![CDATA[ Sarg - Squid Analysis Report Generator - is a tool that generates reports about where your users are going on the Internet.<br /> - Sarg provides information about proxy users' activities: times, bytes, sites, etc. for those using Squid, SquidGuard or DansGuardian. + Sarg provides information about proxy users' activities: times, bytes, sites, etc. for those using Squid3/Squid, SquidGuard or DansGuardian packages. ]]> </descr> - <category>Network Report</category> + <category>Network Management</category> <config_file>https://packages.pfsense.org/packages/config/sarg/sarg.xml</config_file> <pkginfolink>https://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> <depends_on_package_pbi>sarg-2.3.9-##ARCH##.pbi</depends_on_package_pbi> <version>0.6.7</version> - <status>Release</status> + <status>RELEASE</status> <required_version>2.2</required_version> <port_category>www</port_category> <run_depends>bin/sarg:www/sarg</run_depends> @@ -617,7 +645,7 @@ <port>www/sarg</port> </build_pbi> <build_options>sarg_UNSET_FORCE=PHP</build_options> - <after_install_info>Please visit sarg settings on Status Menu to configure sarg.</after_install_info> + <after_install_info>Please visit Status - Sarg Reports menu to configure Sarg package.</after_install_info> <maximum_version>2.2.999</maximum_version> </package> <package> @@ -635,7 +663,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,49917.msg263664.html#msg263664</pkginfolink> <depends_on_package_pbi>ipguard-1.04_2-##ARCH##.pbi</depends_on_package_pbi> <version>0.1.2</version> - <status>beta</status> + <status>BETA</status> <required_version>2.2</required_version> <configurationfile>ipguard.xml</configurationfile> <port_category>security</port_category> @@ -643,7 +671,7 @@ <build_pbi> <port>security/ipguard</port> </build_pbi> - <after_install_info>Please visit ipguard settings on the Firewall Menu to configure.</after_install_info> + <after_install_info>Please visit Firewall - IPguard menu to configure the package.</after_install_info> <maximum_version>2.2.999</maximum_version> </package> <package> @@ -652,7 +680,7 @@ <descr><![CDATA[ Varnish is a state-of-the-art, high-performance HTTP accelerator.<br /> It uses the advanced features in FreeBSD to achieve its high performance.<br /> - Version 3 includes streaming support + Version 3 includes streaming support. ]]> </descr> <website>http://varnish-cache.org</website> @@ -678,7 +706,7 @@ <website>http://humdi.net/vnstat/</website> <descr><![CDATA[ Vnstat is a console-based network traffic monitor.<br /> - The vnstat PHP frontend and vnstati adds a more user friendly way of displaying traffic usage. + The vnstat PHP frontend and vnstati add a more user friendly way of displaying traffic usage. ]]> </descr> <pkginfolink>https://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> @@ -690,7 +718,7 @@ <port>net/vnstat</port> </build_pbi> <version>1.12.8</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <maintainer>crazypark2@yahoo.dk</maintainer> <config_file>https://packages.pfsense.org/packages/config/vnstat2/vnstat2.xml</config_file> @@ -703,7 +731,7 @@ <website>http://cr.yp.to/djbdns.html</website> <category>Services</category> <version>1.0.6.24</version> - <status>Beta</status> + <status>BETA</status> <pkginfolink>https://doc.pfsense.org/index.php/Tinydns_package</pkginfolink> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/tinydns/tinydns.xml</config_file> @@ -722,9 +750,9 @@ <name>Open-VM-Tools</name> <descr>VMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine.</descr> <website>http://open-vm-tools.sourceforge.net/</website> - <category>Services</category> + <category>System</category> <version>1280544.12</version> - <status>Stable</status> + <status>RELEASE</status> <pkginfolink>https://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/open-vm-tools_2/open-vm-tools.xml</config_file> @@ -747,7 +775,7 @@ <website>https://portal.pfsense.org</website> <category>Services</category> <version>1.29</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <pkginfolink>https://doc.pfsense.org/index.php/AutoConfigBackup</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/autoconfigbackup/autoconfigbackup.xml</config_file> @@ -757,9 +785,9 @@ <name>arping</name> <descr>Broadcasts a who-has ARP packet on the network and prints answers.</descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> - <category>Services</category> + <category>Network Management</category> <version>1.2.1</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/arping/arping.xml</config_file> <configurationfile>arping.xml</configurationfile> @@ -774,12 +802,17 @@ <package> <name>nmap</name> <maintainer>jimp@pfsense.org</maintainer> - <descr>NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more.</descr> + <descr><![CDATA[ + NMap is a utility for network exploration or security auditing.<br/> + It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is running on a port), and TCP/IP fingerprinting (remote host OS or device identification). + It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. + ]]> + </descr> <category>Security</category> <depends_on_package_pbi>nmap-6.47-##ARCH##.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/nmap/nmap.xml</config_file> <version>1.4</version> - <status>Stable</status> + <status>RELEASE</status> <pkginfolink>https://doc.pfsense.org/index.php/Nmap_package</pkginfolink> <required_version>2.2</required_version> <configurationfile>nmap.xml</configurationfile> @@ -814,7 +847,7 @@ <name>nut</name> <descr>Network UPS Tools.</descr> <website>http://www.networkupstools.org/</website> - <category>Network Management</category> + <category>Services</category> <version>2.1.1</version> <status>BETA</status> <required_version>2.2</required_version> @@ -848,7 +881,7 @@ <category>Network Management</category> <depends_on_package_pbi>darkstat-3.0.718-##ARCH##.pbi</depends_on_package_pbi> <version>3.1.1</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <maintainer>coreteam@pfsense.org</maintainer> <config_file>https://packages.pfsense.org/packages/config/darkstat/darkstat.xml</config_file> @@ -867,7 +900,7 @@ <config_file>https://packages.pfsense.org/packages/config/pfflowd/pfflowd.xml</config_file> <depends_on_package_pbi>pfflowd-0.8_1-##ARCH##.pbi</depends_on_package_pbi> <version>1.0.3</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>3.0</required_version> <configurationfile>pfflowd.xml</configurationfile> <port_category>net</port_category> @@ -884,7 +917,7 @@ <category>Services</category> <depends_on_package_pbi>widentd-1.03_2-##ARCH##.pbi</depends_on_package_pbi> <version>1.0.5</version> - <status>Stable</status> + <status>RELEASE</status> <pkginfolink>https://doc.pfsense.org/index.php/Widentd_package</pkginfolink> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/widentd/widentd.xml</config_file> @@ -907,15 +940,15 @@ ]]> </descr> <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> - <category>System</category> + <category>Services</category> <version>1.6.17</version> - <status>RC1</status> + <status>RC</status> <required_version>2.2</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> <depends_on_package_pbi>freeradius-2.2.6_3-##ARCH##.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/freeradius2/freeradius.xml</config_file> <configurationfile>freeradius.xml</configurationfile> - <after_install_info>Please visit Services: FreeRADIUS.</after_install_info> + <after_install_info>Please visit Services - FreeRADIUS menu to configure the package.</after_install_info> <port_category>net</port_category> <run_depends>sbin/radiusd:net/freeradius2 bin/bash:shells/bash</run_depends> <build_pbi> @@ -928,8 +961,13 @@ <package> <name>bandwidthd</name> <website>http://bandwidthd.sourceforge.net/</website> - <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> - <category>System</category> + <descr><![CDATA[ + BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization.<br/> + Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each IP address's utilization can be logged out in CDF format, or to a backend database server.<br/> + HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded. + ]]> + </descr> + <category>Network Management</category> <version>0.6.3</version> <status>BETA</status> <required_version>2.2</required_version> @@ -950,10 +988,10 @@ <name>stunnel</name> <website>http://www.stunnel.org/</website> <descr>SSL encryption wrapper between remote client and local or remote servers.</descr> - <category>Network Management</category> + <category>Security</category> <depends_on_package_pbi>stunnel-5.20-##ARCH##.pbi</depends_on_package_pbi> <version>5.20.3</version> - <status>Stable</status> + <status>RELEASE</status> <pkginfolink>https://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/stunnel/stunnel.xml</config_file> @@ -974,7 +1012,7 @@ <config_file>https://packages.pfsense.org/packages/config/iperf/iperf.xml</config_file> <depends_on_package_pbi>iperf-2.0.5-##ARCH##.pbi</depends_on_package_pbi> <version>2.0.5.2</version> - <status>Beta</status> + <status>BETA</status> <pkginfolink>https://doc.pfsense.org/index.php/Iperf_package</pkginfolink> <required_version>2.2</required_version> <configurationfile>iperf.xml</configurationfile> @@ -1010,7 +1048,7 @@ <category>Network Management</category> <depends_on_package_pbi>mtr-0.85_1-##ARCH##.pbi</depends_on_package_pbi> <version>0.85_3</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/mtr-nox11/mtr-nox11.xml</config_file> <configurationfile>mtr-nox11.xml</configurationfile> @@ -1023,11 +1061,11 @@ </package> <package> <name>squid</name> - <descr>High performance web proxy cache.</descr> + <descr>High performance web proxy cache (2.7 legacy branch).</descr> <website>http://www.squid-cache.org/</website> - <category>Network</category> + <category>Services</category> <version>4.3.10</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> <depends_on_package_pbi>squid-2.7.9_4-##ARCH##.pbi</depends_on_package_pbi> @@ -1045,16 +1083,16 @@ <name>squid3</name> <internal_name>squid</internal_name> <descr><![CDATA[ - High performance web proxy cache.<br /> - It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> - It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP. + High performance web proxy cache (3.4 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.<br /> + It includes an Exchange-Web-Access (OWA) Assistant, SSL filtering and antivirus integration via C-ICAP.<br/><br/> + <strong>WARNING! This package bundles ClamAV that conflicts with 'Dansguardian', 'Mailscanner' and 'HAVP antivirus' packages! Installing these will result in a broken state.</strong> ]]> </descr> <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> - <category>Network</category> + <category>Services</category> <version>0.4.2</version> - <status>beta</status> + <status>BETA</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> <run_depends>sbin/squid:www/squid libexec/squid/squid_radius_auth:www/squid_radius_auth lib/c_icap/virus_scan.so:www/c-icap-modules lib/c_icap/squidclamav.so:www/squidclamav</run_depends> @@ -1068,12 +1106,13 @@ <config_file>https://packages.pfsense.org/packages/config/squid3/34/squid.xml</config_file> <configurationfile>squid.xml</configurationfile> <depends_on_package_pbi>squid-3.4.10_2-##ARCH##.pbi</depends_on_package_pbi> + <after_install_info>Please visit Services - Squid Proxy Server menu to configure the package and enable the proxy.</after_install_info> </package> <package> <name>LCDproc</name> <descr>LCD display driver.</descr> <website>http://www.lcdproc.org/</website> - <category>Utility</category> + <category>System</category> <version>1.0.4</version> <status>BETA</status> <required_version>2.2</required_version> @@ -1088,7 +1127,7 @@ <port>sysutils/lcdproc</port> </build_pbi> <build_options>lcdproc_SET_FORCE=USB</build_options> - <after_install_info>Please set the service options in Services - LCDproc before running the service.</after_install_info> + <after_install_info>Please visit Services - LCDproc menu and configure the package before running the service.</after_install_info> <maximum_version>2.2.999</maximum_version> </package> <package> @@ -1096,7 +1135,7 @@ <internal_name>lcdproc</internal_name> <descr>LCD display driver - development version.</descr> <website>http://www.lcdproc.org/</website> - <category>Utility</category> + <category>System</category> <version>0.9.14</version> <status>BETA</status> <required_version>2.2</required_version> @@ -1112,14 +1151,14 @@ <port>sysutils/lcdproc</port> </build_pbi> <build_options>lcdproc_SET_FORCE=USB</build_options> - <after_install_info>Please set the service options in Services - LCDproc before running the service.</after_install_info> + <after_install_info>Please visit Services - LCDproc menu and configure the package before running the service.</after_install_info> <maximum_version>2.2.999</maximum_version> </package> <package> <name>arpwatch</name> <descr>Arpwatch monitors Ethernet to IP address pairings. It logs certain changes to syslog.</descr> <website>http://ee.lbl.gov/</website> - <category>Security</category> + <category>Network Management</category> <depends_on_package_pbi>arpwatch-2.1.a15_8-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>net-mgmt/arpwatch</port> @@ -1137,12 +1176,16 @@ </package> <package> <name>squidGuard</name> - <descr>High performance web proxy URL filter. Works with both Squid 2.x and Squid 3.x.</descr> + <descr><![CDATA[ + High performance web proxy URL filter.<br/> + <strong>Works with both Squid (2.7 legacy branch) and Squid3 (3.4 branch) packages.</strong> + ]]> + </descr> <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.9.15</version> - <status>Beta</status> + <version>1.9.16</version> + <status>BETA</status> <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-1.4_7-##ARCH##.pbi</depends_on_package_pbi> <port_category>www</port_category> @@ -1157,12 +1200,16 @@ </package> <package> <name>squidGuard-devel</name> - <descr>High performance web proxy URL filter. Requires proxy Squid 2.x package.</descr> + <descr><![CDATA[ + High performance web proxy URL filter.<br/> + <strong>Requires Squid (2.7 legacy branch) package.</strong> + ]]> + </descr> <website>http://www.squidGuard.org/</website> <maintainer>gugabsd@mundounix.com.br</maintainer> <category>Network Management</category> <version>1.5.8</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-devel-1.5_1-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> @@ -1194,7 +1241,13 @@ <package> <name>HAVP antivirus</name> <website>http://www.server-side.de/</website> - <descr>Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. HAVP antivirus proxy has a parent and transparent proxy mode. It can be used with Squid or standalone.</descr> + <descr><![CDATA[ + Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner.<br/> + The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic.<br/> + HAVP antivirus proxy has a parent and transparent proxy mode. It can be used with Squid or standalone.<br/><br/> + <strong>WARNING! This package bundles ClamAV that conflicts with 'Squid3', 'Mailscanner' and 'Dansguardian' packages! Installing these will result in a broken state.</strong> + ]]> + </descr> <category>Network Management</category> <depends_on_package_pbi>havp-0.91_3-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> @@ -1202,14 +1255,13 @@ <ports_after>security/clamav</ports_after> </build_pbi> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <conflicts>squid3</conflicts> <version>1.10.0</version> <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> <configurationfile>havp.xml</configurationfile> <maintainer>dv_serg@mail.ru</maintainer> - <after_install_info>Please check the HAVP settings.</after_install_info> + <after_install_info>Please visit Services - Antivirus menu to configure HAVP package.</after_install_info> <noembedded>true</noembedded> <maximum_version>2.2.999</maximum_version> </package> @@ -1218,7 +1270,7 @@ <descr>Allows you to use LEDs for monitoring network activity on supported platforms (ALIX, WRAP, Soekris, etc.)</descr> <category>System</category> <version>0.4.6</version> - <status>Beta</status> + <status>BETA</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/blinkled8/blinkled.xml</config_file> @@ -1237,7 +1289,7 @@ <descr>Allows you to use LEDs for monitoring gateway status on supported platforms (ALIX, WRAP, Soekris, etc.)</descr> <category>System</category> <version>0.2.3</version> - <status>Beta</status> + <status>BETA</status> <maintainer>jimp@pfsense.org</maintainer> <port_category>sysutils</port_category> <required_version>2.2</required_version> @@ -1247,7 +1299,7 @@ <package> <name>Dashboard Widget: HAVP</name> <descr>Dashboard widget for HAVP alerts.</descr> - <category>System</category> + <category>Utility</category> <config_file>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.xml</config_file> <version>0.1.1</version> <status>BETA</status> @@ -1258,7 +1310,7 @@ <package> <name>Dashboard Widget: Antivirus Status</name> <descr>Dashboard widget for HAVP status.</descr> - <category>System</category> + <category>Utility</category> <config_file>https://packages.pfsense.org/packages/config/widget-antivirus/widget-antivirus.xml</config_file> <version>0.1.1</version> <status>BETA</status> @@ -1270,9 +1322,9 @@ <name>RRD Summary</name> <internal_name>RRD_Summary</internal_name> <descr>RRD Summary Page, which will give a total amount of traffic passed In/Out during this and the previous month.</descr> - <category>System</category> + <category>Network Management</category> <version>1.2</version> - <status>Beta</status> + <status>BETA</status> <maintainer>jimp@pfsense.org</maintainer> <port_category>sysutils</port_category> <required_version>2.2</required_version> @@ -1282,10 +1334,10 @@ <package> <name>Shellcmd</name> <descr>The shellcmd utility is used to manage commands on system startup.</descr> - <category>Services</category> + <category>System</category> <config_file>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</config_file> <version>1.0</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> <configurationfile>shellcmd.xml</configurationfile> @@ -1294,7 +1346,7 @@ <name>NRPE v2</name> <website>http://wiki.nagios.org/index.php/Howtos:nrpe_nsca</website> <descr>NRPE is an addon for Nagios that allows you to execute plugins on remote Linux/Unix hosts. This is useful if you need to monitor local resources/attributes like disk usage, CPU load, memory usage, etc. on a remote host.</descr> - <category>Services</category> + <category>Network Management</category> <depends_on_package_pbi>nrpe-2.15_5-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>net-mgmt/nagios-plugins</ports_before> @@ -1303,7 +1355,7 @@ <build_options>nrpe_SET_FORCE=SSL;nrpe_UNSET_FORCE=ARGS</build_options> <config_file>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> <version>2.2.5</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2.1</required_version> <maintainer>erik@erikkristensen.com</maintainer> <configurationfile>nrpe2.xml</configurationfile> @@ -1317,7 +1369,7 @@ For each host to be monitored check_mk is called by Nagios only once per time period. ]]> </descr> - <category>Services</category> + <category>Network Management</category> <depends_on_package_pbi>muse-0.2-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <ports_before>sysutils/ipmitool devel/libstatgrab</ports_before> @@ -1325,7 +1377,7 @@ </build_pbi> <config_file>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.xml</config_file> <version>0.1.5</version> - <status>RC1</status> + <status>RC</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com</maintainer> <configurationfile>checkmk.xml</configurationfile> @@ -1338,9 +1390,9 @@ This package acts as an access list frontend for ssh connections ]]> </descr> - <category>Enhancements</category> + <category>System</category> <version>1.0.6</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.xml</config_file> <maintainer>namezero@afim.info</maintainer> @@ -1350,9 +1402,9 @@ <package> <name>mailreport</name> <descr>Allows you to setup periodic e-mail reports containing command output, log file contents, and RRD graphs.</descr> - <category>Network Management</category> + <category>System</category> <version>2.3_1</version> - <status>Stable</status> + <status>RELEASE</status> <port_category>mail</port_category> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/mailreport/mailreport.xml</config_file> @@ -1368,7 +1420,7 @@ </descr> <maintainer>jimp@pfsense.org</maintainer> <version>0.6.8</version> - <category>Routing</category> + <category>Network Management</category> <status>BETA</status> <depends_on_package_pbi>quagga-0.99.23.1_2-##ARCH##.pbi</depends_on_package_pbi> <config_file>https://packages.pfsense.org/packages/config/quagga_ospfd/quagga_ospfd.xml</config_file> @@ -1401,7 +1453,7 @@ <website>http://www.bacula.org/</website> <category>Services</category> <version>1.0.12</version> - <status>Stable</status> + <status>RELEASE</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> <depends_on_package_pbi>bacula-7.0.5-##ARCH##.pbi</depends_on_package_pbi> @@ -1410,16 +1462,16 @@ </build_pbi> <maintainer>marcioc.antao@gmail.com</maintainer> <configurationfile>bacula-client.xml</configurationfile> - <after_install_info>Please visit the bacula client tab on services menu.</after_install_info> + <after_install_info>Please visit Services - Bacula Client menu to configure the package.</after_install_info> <maximum_version>2.2.999</maximum_version> </package> <package> <name>urlsnarf</name> <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr>HTTP URL Sniffer (console/shell only).</descr> - <category>Services</category> + <category>Network Management</category> <version>2.4b1</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/urlsnarf/urlsnarf.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> @@ -1436,9 +1488,9 @@ <pkginfolink>https://forum.pfsense.org/</pkginfolink> <descr>Realtime interface monitor (console/shell only).</descr> <website>http://www.ex-parrot.com/~pdw/iftop/</website> - <category>Services</category> + <category>Network Management</category> <version>0.17</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/iftop/iftop.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> @@ -1457,7 +1509,7 @@ <website>http://git-scm.com/</website> <category>Services</category> <version>2.2.1</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/git/git.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> @@ -1475,7 +1527,7 @@ <name>tinc</name> <website>http://www.tinc-vpn.org/</website> <descr>tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private mesh network between hosts on the Internet.</descr> - <category>Network Management</category> + <category>Security</category> <depends_on_package_pbi>tinc-1.0.24-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>security/tinc</port> @@ -1497,7 +1549,7 @@ <name>syslog-ng</name> <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> - <category>Services</category> + <category>System</category> <version>1.1.1</version> <status>BETA</status> <required_version>2.2</required_version> @@ -1623,9 +1675,9 @@ <pkginfolink>https://doc.pfsense.org/index.php/Sudo_Package</pkginfolink> <descr>sudo allows delegation of privileges to users in the shell so commands can be run as other users, such as root.</descr> <website>http://www.sudo.ws/</website> - <category>Security</category> + <category>System</category> <version>0.2.8</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sudo/sudo.xml</config_file> <maintainer>jimp@pfsense.org</maintainer> @@ -1644,7 +1696,7 @@ <maintainer>jimp@pfsense.org</maintainer> <version>1.7.1</version> <category>Services</category> - <status>Release</status> + <status>RELEASE</status> <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> <required_version>2.2</required_version> <configurationfile>servicewatchdog.xml</configurationfile> @@ -1652,12 +1704,17 @@ <package> <name>softflowd</name> <website>http://code.google.com/p/softflowd/</website> - <descr>Softflowd is flow-based network traffic analyser capable of Cisco NetFlow data export. Softflowd semi-statefully tracks traffic flows recorded by listening on a network interface or by reading a packet capture file. These flows may be reported via NetFlow to a collecting host or summarised within softflowd itself. Softflowd supports Netflow versions 1, 5 and 9 and is fully IPv6-capable - it can track IPv6 flows and send export datagrams via IPv6. It also supports export to multicast groups, allowing for redundant flow collectors.</descr> + <descr><![CDATA[ + Softflowd is flow-based network traffic analyser capable of Cisco NetFlow data export.<br/> + Softflowd semi-statefully tracks traffic flows recorded by listening on a network interface or by reading a packet capture file. These flows may be reported via NetFlow to a collecting host or summarised within softflowd itself.<br/> + Softflowd supports Netflow versions 1, 5 and 9 and is fully IPv6-capable - it can track IPv6 flows and send export datagrams via IPv6. It also supports export to multicast groups, allowing for redundant flow collectors.<br/> + ]]> + </descr> <category>Network Management</category> <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> <depends_on_package_pbi>softflowd-0.9.8_2-##ARCH##.pbi</depends_on_package_pbi> <version>1.2.1</version> - <status>Beta</status> + <status>BETA</status> <required_version>2.2</required_version> <configurationfile>softflowd.xml</configurationfile> <port_category>net-mgmt</port_category> @@ -1729,7 +1786,7 @@ <maintainer>jimp@pfsense.org</maintainer> <version>0.3</version> <category>Services</category> - <status>Beta</status> + <status>BETA</status> <port_category>ftp</port_category> <config_file>https://packages.pfsense.org/packages/config/ftpproxy/ftpproxy.xml</config_file> <required_version>2.2</required_version> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index d4032e66..c4e1c8d4 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -74,7 +74,7 @@ <category>File Management</category> <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> - <version>0.60.5</version> + <version>0.60.6</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>bscholer@cshl.edu</maintainer> @@ -149,9 +149,9 @@ (Legacy version)]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.4.24 pkg v 1.1.2</version> + <version>1.4.24 pkg v 1.1.3</version> <status>Release</status> - <required_version>2.0</required_version> + <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -215,9 +215,9 @@ In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> <b>Backup your location config before updating from 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.4.9 pkg v0.43</version> + <version>2.4.9 pkg v0.45</version> <status>ALPHA</status> - <required_version>2.0</required_version> + <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>db42-4.2.52_5.tbz</depends_on_package> @@ -508,7 +508,7 @@ <website>http://www.postfix.org/</website> <descr><![CDATA[Postfix mail forwarder acts as a relay server for your domain.<br /> It can do first and second line antispam combat before sending incoming mail to local mail servers.<br /> - Postfix can also detect zombies, check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]></descr> + Postfix can also detect zombies, check RBLS, SPF, seach LDAP for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]></descr> <category>Services</category> <pkginfolink>https://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/postfix/postfix.xml</config_file> @@ -516,7 +516,7 @@ <depends_on_package>postfix-2.10.2,1.tbz</depends_on_package> <depends_on_package>perl5-5.16.3_4.tbz</depends_on_package> <depends_on_package_pbi>postfix-2.10.2-i386.pbi</depends_on_package_pbi> - <version>2.10.2 pkg v.2.4.4</version> + <version>2.10.2 pkg v2.4.5</version> <status>Release</status> <required_version>2.1</required_version> <configurationfile>postfix.xml</configurationfile> @@ -1252,7 +1252,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.4_4 pkg v.1.9.14</version> + <version>1.4_4 pkg v1.9.16</version> <status>Beta</status> <required_version>1.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -1297,7 +1297,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.4_4 pkg v.1.9.12</version> + <version>1.4_4 pkg v1.9.16</version> <status>Beta</status> <required_version>2.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 76bff1ec..204e1e82 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -74,7 +74,7 @@ <category>File Management</category> <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> - <version>0.60.5</version> + <version>0.60.6</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>bscholer@cshl.edu</maintainer> @@ -136,9 +136,9 @@ (Legacy version)]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.4.24 pkg v 1.1.2</version> + <version>1.4.24 pkg v 1.1.3</version> <status>Release</status> - <required_version>2.0</required_version> + <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-legacy/haproxy.xml</config_file> <configurationfile>haproxy.xml</configurationfile> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> @@ -202,9 +202,9 @@ In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.<br> <b>Backup your location config before updating from 0.2.x to 0.3 package version.</b>]]></descr> <category>Network Management</category> - <version>2.4.9 pkg v0.43</version> + <version>2.4.9 pkg v0.45</version> <status>ALPHA</status> - <required_version>2.0</required_version> + <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security-dev/apache_virtualhost.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>db42-4.2.52_5.tbz</depends_on_package> @@ -495,7 +495,7 @@ <website>http://www.postfix.org/</website> <descr><![CDATA[Postfix mail forwarder acts as a relay server for your domain.<br /> It can do first and second line antispam combat before sending incoming mail to local mail servers.<br /> - Postfix can also detect zombies, check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]></descr> + Postfix can also detect zombies, check RBLS, SPF, seach LDAP for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.]]></descr> <category>Services</category> <pkginfolink>https://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/postfix/postfix.xml</config_file> @@ -503,7 +503,7 @@ <depends_on_package>postfix-2.10.2,1.tbz</depends_on_package> <depends_on_package>perl5-5.16.3_4.tbz</depends_on_package> <depends_on_package_pbi>postfix-2.10.2-amd64.pbi</depends_on_package_pbi> - <version>2.10.2 pkg v.2.4.4</version> + <version>2.10.2 pkg v2.4.5</version> <status>Release</status> <required_version>2.1</required_version> <configurationfile>postfix.xml</configurationfile> @@ -1239,7 +1239,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.4_4 pkg v.1.9.14</version> + <version>1.4_4 pkg v1.9.16</version> <status>Beta</status> <required_version>1.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> @@ -1284,7 +1284,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.4_4 pkg v.1.9.12</version> + <version>1.4_4 pkg v1.9.16</version> <status>Beta</status> <required_version>2.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> |