From c437156bf59cb3a689761670e9e040e9a8ceaa62 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Wed, 28 Sep 2011 00:54:04 +0200
Subject: Make sure advanced options, for optimization, are actually used

---
 config/unbound/unbound.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index 001f05d7..6c6a814d 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -526,7 +526,7 @@ function unbound_ctl_exec($cmd) {
 function unbound_optimization() {
 	global $config;
 
-	$unbound_config = $config['installedpackages']['unbound']['config'][0];	
+	$unbound_config = $config['installedpackages']['unboundadvanced']['config'][0];
 	$optimization_settings = array();
 	
 	// Set the number of threads equal to number of CPUs.
-- 
cgit v1.2.3


From c6b67d94011e4c91388100a7f6a0b274f64e555a Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Wed, 28 Sep 2011 01:24:19 +0200
Subject: Start the support IPv6 ACLs

---
 config/unbound/unbound_acls.php      | 860 +++++++++++++++++++++++++++++++++++
 config/unbound/unbound_acls_edit.php | 277 +++++++++++
 2 files changed, 1137 insertions(+)
 create mode 100644 config/unbound/unbound_acls.php
 create mode 100644 config/unbound/unbound_acls_edit.php

diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php
new file mode 100644
index 00000000..d1b501d6
--- /dev/null
+++ b/config/unbound/unbound_acls.php
@@ -0,0 +1,860 @@
+<?php
+/* $Id$ */
+/*
+	unbound_acls.php
+	part of pfSense (http://www.pfsense.com/)
+
+	Copyright (C) 2011 Warren Baker <warren@decoy.co.za>
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if(!is_process_running("unbound")) {
+	Header("Location: /pkg_edit.php?xml=unbound.xml&id=0");
+	exit;
+}
+
+if (!is_array($config['installedpackages']['unboundacls'][0]['config']))
+	$config['installedpackages']['unboundacls'][0]['config'] = array();
+
+$a_acls = &$config['installedpackages']['unboundacls'][0]['config'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+	$id = $_POST['id'];
+
+$act = $_GET['act'];
+if (isset($_POST['act']))
+	$act = $_POST['act'];
+
+if ($_GET['act'] == "del") {
+
+	if (!$a_client[$id]) {
+		pfSenseHeader("vpn_openvpn_client.php");
+		exit;
+	}
+
+	openvpn_delete('client', $a_client[$id]);
+	unset($a_client[$id]);
+	write_config();
+	$savemsg = gettext("Client successfully deleted")."<br/>";
+}
+
+if($_GET['act']=="new"){
+	$pconfig['autokey_enable'] = "yes";
+	$pconfig['tlsauth_enable'] = "yes";
+	$pconfig['autotls_enable'] = "yes";
+	$pconfig['interface'] = "wan";
+	$pconfig['server_port'] = 1194;
+}
+
+if($_GET['act']=="edit"){
+
+	if (isset($id) && $a_client[$id]) {
+
+		$pconfig['disable'] = isset($a_client[$id]['disable']);
+		$pconfig['mode'] = $a_client[$id]['mode'];
+		$pconfig['protocol'] = $a_client[$id]['protocol'];
+		$pconfig['interface'] = $a_client[$id]['interface'];
+		if (!empty($a_client[$id]['ipaddr'])) {
+			$pconfig['interface'] = $pconfig['interface'] . '|' . $a_client[$id]['ipaddr'];
+		}
+		$pconfig['local_port'] = $a_client[$id]['local_port'];
+		$pconfig['server_addr'] = $a_client[$id]['server_addr'];
+		$pconfig['server_port'] = $a_client[$id]['server_port'];
+		$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
+		$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
+		$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
+		$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
+		$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
+		$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
+		$pconfig['description'] = $a_client[$id]['description'];
+		$pconfig['custom_options'] = $a_client[$id]['custom_options'];
+		$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
+		$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
+	
+		if ($pconfig['mode'] != "p2p_shared_key") {
+			$pconfig['caref'] = $a_client[$id]['caref'];
+			$pconfig['certref'] = $a_client[$id]['certref'];
+			if ($a_client[$id]['tls']) {
+				$pconfig['tlsauth_enable'] = "yes";
+				$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
+			}
+		} else
+			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
+		$pconfig['crypto'] = $a_client[$id]['crypto'];
+		$pconfig['engine'] = $a_client[$id]['engine'];
+
+		$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
+		$pconfig['remote_network'] = $a_client[$id]['remote_network'];
+		$pconfig['compression'] = $a_client[$id]['compression'];
+		$pconfig['passtos'] = $a_client[$id]['passtos'];
+
+		// just in case the modes switch
+		$pconfig['autokey_enable'] = "yes";
+		$pconfig['autotls_enable'] = "yes";
+	}
+}
+
+if ($_POST) {
+
+	unset($input_errors);
+	$pconfig = $_POST;
+
+	if (isset($id) && $a_client[$id])
+		$vpnid = $a_client[$id]['vpnid'];
+	else
+		$vpnid = 0;
+
+	if ($pconfig['mode'] != "p2p_shared_key")
+		$tls_mode = true;
+	else
+		$tls_mode = false;
+
+	/* input validation */
+	if ($pconfig['local_port']) {
+
+		if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
+			$input_errors[] = $result;
+
+		$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
+		if (($portused != $vpnid) && ($portused != 0))
+			$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
+	}
+
+	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
+		$input_errors[] = $result;
+
+	if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
+		$input_errors[] = $result;
+
+	if ($pconfig['proxy_addr']) {
+
+		if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
+			$input_errors[] = $result;
+
+		if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
+			$input_errors[] = $result;
+
+		if ($pconfig['proxy_authtype'] != "none") {
+			if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd']))
+				$input_errors[] = gettext("User name and password are required for proxy with authentication.");
+		}
+	}
+
+	if($pconfig['tunnel_network'])
+		if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
+			$input_errors[] = $result;
+
+	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
+		$input_errors[] = $result;
+
+    if ($pconfig['autokey_enable'])
+        $pconfig['shared_key'] = openvpn_create_key();
+
+	if (!$tls_mode && !$pconfig['autokey_enable'])
+		if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
+			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
+			$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
+
+	if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
+		if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
+			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
+			$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
+
+	/* If we are not in shared key mode, then we need the CA/Cert. */
+	if ($pconfig['mode'] != "p2p_shared_key") {
+		$reqdfields = explode(" ", "caref certref");
+		$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
+	} elseif (!$pconfig['autokey_enable']) {
+		/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
+		$reqdfields = array('shared_key');
+		$reqdfieldsn = array(gettext('Shared key'));
+	}
+
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+	
+	if (!$input_errors) {
+
+		$client = array();
+
+		if ($vpnid)
+			$client['vpnid'] = $vpnid;
+		else
+			$client['vpnid'] = openvpn_vpnid_next();
+
+		if ($_POST['disable'] == "yes")
+			$client['disable'] = true;
+		$client['protocol'] = $pconfig['protocol'];
+		$client['dev_mode'] = $pconfig['dev_mode'];
+		list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']);
+		$client['local_port'] = $pconfig['local_port'];
+		$client['server_addr'] = $pconfig['server_addr'];
+		$client['server_port'] = $pconfig['server_port'];
+		$client['resolve_retry'] = $pconfig['resolve_retry'];
+		$client['proxy_addr'] = $pconfig['proxy_addr'];
+		$client['proxy_port'] = $pconfig['proxy_port'];
+		$client['proxy_authtype'] = $pconfig['proxy_authtype'];
+		$client['proxy_user'] = $pconfig['proxy_user'];
+		$client['proxy_passwd'] = $pconfig['proxy_passwd'];
+		$client['description'] = $pconfig['description'];
+		$client['mode'] = $pconfig['mode'];
+		$client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
+
+        if ($tls_mode) {
+            $client['caref'] = $pconfig['caref'];
+            $client['certref'] = $pconfig['certref'];
+            if ($pconfig['tlsauth_enable']) {
+                if ($pconfig['autotls_enable'])
+                    $pconfig['tls'] = openvpn_create_key();
+                $client['tls'] = base64_encode($pconfig['tls']);
+            }
+        } else {
+            $client['shared_key'] = base64_encode($pconfig['shared_key']);
+        }
+		$client['crypto'] = $pconfig['crypto'];
+		$client['engine'] = $pconfig['engine'];
+
+		$client['tunnel_network'] = $pconfig['tunnel_network'];
+		$client['remote_network'] = $pconfig['remote_network'];
+		$client['compression'] = $pconfig['compression'];
+		$client['passtos'] = $pconfig['passtos'];
+
+		if (isset($id) && $a_client[$id])
+			$a_client[$id] = $client;
+		else
+			$a_client[] = $client;
+
+		openvpn_resync('client', $client);
+		write_config();
+		
+		header("Location: vpn_openvpn_client.php");
+		exit;
+	}
+}
+
+
+$pgtitle = "Services: Unbound DNS Forwarder: Access Lists";
+include("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<?php
+if (!$savemsg)
+	$savemsg = "";
+
+if ($input_errors)
+	print_input_errors($input_errors);
+if ($savemsg)
+	print_info_box($savemsg);
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ 	<tr>
+		<td class="tabnavtbl">
+			<ul id="tabnav">
+			<?php
+				$tab_array = array();
+				$tab_array[] = array(gettext("Unbound DNS Settings"), false, "/pkg_edit.php?xml=unbound.xml&amp;id=0");
+				$tab_array[] = array(gettext("Unbound DNS Advanced Settings"), false, "/pkg_edit.php?xml=unbound_advanced.xml&amp;id=0");
+				$tab_array[] = array(gettext("Unbound DNS ACLs"), true, "/unbound_acls.php");
+				$tab_array[] = array(gettext("Unbound DNS Status"), false, "/unbound_status.php");
+				display_top_tabs($tab_array, true);
+			?>
+			</ul>
+		</td>
+	</tr>    
+	<tr>
+		<td class="tabcont">
+
+			<?php if($act=="new" || $act=="edit"): ?>
+
+			<form action="unbound_acls.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
+				<table width="100%" border="0" cellpadding="6" cellspacing="0">
+					<tr>
+						<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="0" cellspacing="0">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['disable'],$chk); ?>
+										<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
+									</td>
+									<td>
+										&nbsp;
+										<span class="vexpl">
+											<strong><?=gettext("Disable this Access List"); ?></strong><br>
+										</span>
+									</td>
+								</tr>
+							</table>
+							<?=gettext("Set this option to disable this access list without removing it from the list"); ?>.
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
+						<td width="78%" class="vtable">
+							<select name='mode' id='mode' class="formselect" onchange='mode_change()'>
+							<?php
+								foreach ($openvpn_client_modes as $name => $desc):
+									$selected = "";
+									if ($pconfig['mode'] == $name)
+										$selected = "selected";
+							?>
+								<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
+							<?php endforeach; ?>
+							</select>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
+							<td width="78%" class="vtable">
+							<select name='protocol' class="formselect">
+							<?php
+								foreach ($openvpn_prots as $prot):
+									$selected = "";
+									if ($pconfig['protocol'] == $prot)
+										$selected = "selected";
+							?>
+								<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
+							<?php endforeach; ?>
+							</select>
+							</td>
+					</tr>
+                                        <tr>
+                                                <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
+                                                        <td width="78%" class="vtable">
+                                                        <select name='dev_mode' class="formselect">
+                                                        <?php
+                                                                foreach ($openvpn_dev_mode as $mode):
+                                                                        $selected = "";
+                                                                        if ($pconfig['dev_mode'] == $mode)
+                                                                                $selected = "selected";
+                                                        ?>
+                                                                <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
+                                                        <?php endforeach; ?>
+                                                        </select>
+                                                        </td>
+                                        </tr>
+					<tr>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
+						<td width="78%" class="vtable">
+							<select name="interface" class="formselect">
+								<?php
+									$interfaces = get_configured_interface_with_descr();
+									$carplist = get_configured_carp_interface_list();
+									foreach ($carplist as $cif => $carpip)
+										$interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
+									$aliaslist = get_configured_ip_aliases_list();
+									foreach ($aliaslist as $aliasip => $aliasif)
+										$interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
+									$interfaces['any'] = "any";
+									foreach ($interfaces as $iface => $ifacename):
+										$selected = "";
+										if ($iface == $pconfig['interface'])
+											$selected = "selected";
+								?>
+									<option value="<?=$iface;?>" <?=$selected;?>>
+										<?=htmlspecialchars($ifacename);?>
+									</option>
+								<?php endforeach; ?>
+							</select> <br>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
+						<td width="78%" class="vtable">
+							<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
+							<br/>
+							<?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
+						<td width="78%" class="vtable">
+							<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>"/>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
+						<td width="78%" class="vtable">
+							<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>"/>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
+						<td width="78%" class="vtable">
+							<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>"/>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
+						<td width="78%" class="vtable">
+							<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>"/>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+                                                                        <td align="right" width="25%">
+                                                                                <span class="vexpl">
+                                                                                         &nbsp;<?=gettext("Authentication method"); ?> :&nbsp;
+                                                                                </span>
+                                                                        </td>
+                                                                        <td>
+										<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()">
+											<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>><?=gettext("none"); ?></option>
+											<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>><?=gettext("basic"); ?></option>
+											<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>><?=gettext("ntlm"); ?></option>
+										</select>
+									</td>
+								</tr>
+							</table>
+							<br />
+							 <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none">
+                                                                <tr>
+                                                                        <td align="right" width="25%">
+                                                                                <span class="vexpl">
+                                                                                         &nbsp;<?=gettext("Username"); ?> :&nbsp;
+                                                                                </span>
+                                                                        </td>
+                                                                        <td>
+                                                                                <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
+                                                                        </td>
+                                                                </tr>
+                                                                <tr>
+                                                                        <td align="right" width="25%">
+                                                                                <span class="vexpl">
+                                                                                         &nbsp;<?=gettext("Password"); ?> :&nbsp;
+                                                                                </span>
+                                                                        </td>
+                                                                        <td>
+                                                                                <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
+                                                                        </td>
+                                                                </tr>
+                                                        </table>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Server host name resolution"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['resolve_retry'],$chk); ?>
+										<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?>>
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Infinitely resolve server"); ?>
+										</span>
+									</td>
+								</tr>
+							</table>
+							<?=gettext("Continuously attempt to resolve the server host " .
+							"name. Useful when communicating with a server " .
+							"that is not permanently connected to the Internet"); ?>.
+						</td>
+					</tr>
+					<tr> 
+						<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
+						<td width="78%" class="vtable"> 
+							<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
+							<br>
+							<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
+						</td>
+					</tr>
+					<tr>
+						<td colspan="2" class="list" height="12"></td>
+					</tr>
+					<tr>
+						<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
+					</tr>
+					<tr id="tls">
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
+										<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Enable authentication of TLS packets"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+							<?php if (!$pconfig['tls']): ?>
+							<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
+								<tr>
+									<td>
+										<?php set_checked($pconfig['autotls_enable'],$chk); ?>
+										<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+							<?php endif; ?>
+							<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
+								<tr>
+									<td>
+										<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
+										<br/>
+										<?=gettext("Paste your shared key here"); ?>.
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+					<tr id="tls_ca">
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
+							<td width="78%" class="vtable">
+							<?php if (count($a_ca)): ?>
+							<select name='caref' class="formselect">
+							<?php
+								foreach ($a_ca as $ca):
+									$selected = "";
+									if ($pconfig['caref'] == $ca['refid'])
+										$selected = "selected";
+							?>
+								<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
+							<?php endforeach; ?>
+							</select>
+							<?php else: ?>
+								<b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System &gt; Cert Manager</a>.
+							<?php endif; ?>
+							</td>
+					</tr>
+					<tr id="tls_cert">
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>
+							<td width="78%" class="vtable">
+							<?php if (count($a_cert)): ?>
+							<select name='certref' class="formselect">
+							<?php
+							foreach ($a_cert as $cert):
+								$selected = "";
+								$caname = "";
+								$inuse = "";
+								$revoked = "";
+								$ca = lookup_ca($cert['caref']);
+								if ($ca)
+									$caname = " (CA: {$ca['descr']})";
+								if ($pconfig['certref'] == $cert['refid'])
+									$selected = "selected";
+								if (cert_in_use($cert['refid']))
+									$inuse = " *In Use";
+								if (is_cert_revoked($cert))
+									$revoked = " *Revoked";
+							?>
+								<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
+							<?php endforeach; ?>
+							</select>
+							<?php else: ?>
+								<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.
+							<?php endif; ?>
+						</td>
+					</tr>
+					<tr id="psk">
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
+						<td width="78%" class="vtable">
+							<?php if (!$pconfig['shared_key']): ?>
+							<table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['autokey_enable'],$chk); ?>
+										<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Automatically generate a shared key"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+							<?php endif; ?>
+							<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
+								<tr>
+									<td>
+										<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
+										<br/>
+										<?=gettext("Paste your shared key here"); ?>.
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
+						<td width="78%" class="vtable">
+							<select name="crypto" class="formselect">
+								<?php
+									$cipherlist = openvpn_get_cipherlist();
+									foreach ($cipherlist as $name => $desc):
+									$selected = '';
+									if ($name == $pconfig['crypto'])
+										$selected = ' selected';
+								?>
+								<option value="<?=$name;?>"<?=$selected?>>
+									<?=htmlspecialchars($desc);?>
+								</option>
+								<?php endforeach; ?>
+							</select>
+						</td>
+					</tr>
+					<tr id="engine">
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
+						<td width="78%" class="vtable">
+							<select name="engine" class="formselect">
+								<?php
+									$engines = openvpn_get_engines();
+									foreach ($engines as $name => $desc):
+									$selected = '';
+									if ($name == $pconfig['engine'])
+										$selected = ' selected';
+								?>
+								<option value="<?=$name;?>"<?=$selected?>>
+									<?=htmlspecialchars($desc);?>
+								</option>
+								<?php endforeach; ?>
+							</select>
+						</td>
+					</tr>
+					<tr>
+						<td colspan="2" class="list" height="12"></td>
+					</tr>
+					<tr>
+						<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Tunnel Network"); ?></td>
+						<td width="78%" class="vtable">
+							<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
+							<br>
+							<?=gettext("This is the virtual network used for private " .
+							"communications between this client and the " .
+							"server expressed using CIDR (eg. 10.0.8.0/24). " .
+							"The first network address is assumed to be the " .
+							"server address and the second network address " .
+							"will be assigned to the client virtual " .
+							"interface"); ?>.
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td>
+						<td width="78%" class="vtable">
+							<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
+							<br>
+							<?=gettext("This is a network that will be routed through " .
+							"the tunnel, so that a site-to-site VPN can be " .
+							"established without manually changing the " .
+							"routing tables. Expressed as a CIDR range. If " .
+							"this is a site-to-site VPN, enter here the " .
+							"remote LAN here. You may leave this blank to " .
+							"only communicate with other clients"); ?>.
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
+						<td width="78%" class="vtable">
+							<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>"/>
+							<br/>
+							<?=gettext("Maximum outgoing bandwidth for this tunnel. " .
+							"Leave empty for no limit. The input value has " .
+							"to be something between 100 bytes/sec and 100 " .
+							"Mbytes/sec (entered as bytes per second)"); ?>.
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['compression'],$chk); ?>
+										<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Compress tunnel packets using the LZO algorithm"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+									<td>
+										<?php set_checked($pconfig['passtos'],$chk); ?>
+										<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
+									</td>
+									<td>
+										<span class="vexpl">
+											<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
+										</span>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>
+					<tr>
+						<td colspan="2" class="list" height="12"></td>
+					</tr>
+					<tr>
+						<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
+					</tr>
+					<tr>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
+						<td width="78%" class="vtable">
+							<table border="0" cellpadding="2" cellspacing="0">
+								<tr>
+									<td>
+										<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
+										<?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br/>
+										<?=gettext("EXAMPLE: route 10.0.0.0 255.255.255.0;"); ?>
+									</td>
+								</tr>
+							</table>
+						</td>
+					</tr>					
+					<tr>
+						<td width="22%" valign="top">&nbsp;</td>
+						<td width="78%"> 
+							<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> 
+							<input name="act" type="hidden" value="<?=$act;?>">
+							<?php if (isset($id) && $a_client[$id]): ?>
+							<input name="id" type="hidden" value="<?=$id;?>">
+							<?php endif; ?>
+						</td>
+					</tr>
+				</table>
+			</form>
+
+			<?php else: ?>
+
+			<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0">
+				<thead>
+				<tr>
+					<td width="25%" class="listhdrr"><?=gettext("Access List Name"); ?></td>
+					<td width="25%" class="listhdrr"><?=gettext("Action"); ?></td>
+					<td width="40%" class="listhdrr"><?=gettext("Description"); ?></td>
+					<td width="10%" class="list"></td>
+				</tr>
+				</thead>
+				<tbody>
+				<?php
+					$i = 0;
+					foreach($a_acls as $acl):
+						$disabled = "NO";
+						if (isset($client['disable']))
+							$disabled = "YES";
+						$server = "{$client['server_addr']}:{$client['server_port']}";
+				?>
+				<tr ondblclick="document.location='unbound_acls.php?act=edit&id=<?=$i;?>'">
+					<td class="listlr">
+						<?=$disabled;?>
+					</td>
+					<td class="listr">
+						<?=htmlspecialchars($client['protocol']);?>
+					</td>
+					<td class="listr">
+						<?=htmlspecialchars($server);?>
+					</td>
+					<td class="listbg">
+						<?=htmlspecialchars($client['description']);?>
+					</td>
+					<td valign="middle" nowrap class="list">
+						<a href="unbound_acls.php?act=edit&id=<?=$i;?>">
+							<img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit client"); ?>" width="17" height="17" border="0">
+						</a>
+						&nbsp;
+						<a href="unbound_acls.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this client?"); ?>')">
+							<img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete client"); ?>" width="17" height="17" border="0">
+						</a>
+					</td>
+				</tr>
+				<?php
+					$i++;
+					endforeach;
+				?>
+				</tbody>
+				<tfoot>
+				<tr>
+					<td class="list" colspan="4"></td>
+					<td class="list">
+						<a href="unbound_acls.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add client"); ?>" width="17" height="17" border="0">
+						</a>
+					</td>
+				</tr>
+				<tr>
+					<td colspan="4">
+						<p>
+							<?=gettext("Access Lists to control access to Unbound can be defined here.");?>
+						</p>
+					</td>
+				</tr>
+				</tfoot>
+			</table>
+
+			<?php endif; ?>
+
+		</td>
+	</tr>
+</table>
+<script language="JavaScript">
+<!--
+mode_change();
+autokey_change();
+//-->
+</script>
+</body>
+<?php include("fend.inc"); ?>
+
+<?php
+
+/* local utility functions */
+
+function set_checked($var,& $chk) {
+    if($var)
+        $chk = 'checked';
+    else
+        $chk = '';
+}
+
+?>
\ No newline at end of file
diff --git a/config/unbound/unbound_acls_edit.php b/config/unbound/unbound_acls_edit.php
new file mode 100644
index 00000000..db1f9bdb
--- /dev/null
+++ b/config/unbound/unbound_acls_edit.php
@@ -0,0 +1,277 @@
+<?php
+/* $Id$ */
+/*
+	unbound_acls_edit.php
+	part of pfSense (http://www.pfsense.com)
+	Copyright (C) 2011 Warren Baker (warren@decoy.co.za)
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['installedpackages']['unboundacls']['config'])) {
+	$config['installedpackages']['unboundacls']['config'] = array();
+}
+
+$a_acl = &$config['installedpackages']['unboundacls']['config'];
+
+$id = $_GET['id'];
+if (is_numeric($_POST['id']))
+	$id = $_POST['id'];
+
+if (isset($id) && $a_acl[$id]) {
+
+	if (!isset($a_acl[$id]['aclaction']))
+		$pconfig['aclaction'] = "allow";
+	else
+		$pconfig['aclaction'] = $a_acl[$id]['aclaction'];
+
+	$pconfig['descr'] = $a_acl[$id]['descr'];
+
+} else {
+	/* defaults */
+	$pconfig['aclaction'] = "allow";
+}
+
+if ($_POST) {
+	
+	print_r($_POST);
+	exit;
+	unset($input_errors);
+	$pconfig = $_POST;
+	
+	/* input validation */
+	$reqdfields = explode(" ", "src");
+	$reqdfieldsn = explode(",", "Source");
+	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+	if ($pconfig['ipprotocol'] == "inet") {
+		if(!is_ipaddr($pconfig['inetsrc']))
+			$input_errors[] = gettext("You must enter a valid IPv4 IP address.");
+	} else {
+		if(!is_ipaddrv6($pconfig['inet6src']))
+			$input_errors[] = gettext("You must enter a valid IPv6 IP address.");
+	}
+
+
+	if (!$input_errors) {
+		$aclent = array();
+		$aclent['aclaction'] = $_POST['aclaction'];
+				
+		if ($pconfig['ipprotocol'] == "inet") {
+			$aclent['acl_network'] = $_POST['inetsrc']."/".$_POST['inetsrcmask'];
+
+		} else {
+			$aclent['acl_network'] = $_POST['inet6src']."/".$_POST['inet6srcmask'];
+
+		}
+		strncpy($aclent['descr'], $_POST['descr'], 52);
+		
+			
+		if ($_POST['disabled'])
+			$aclent['disabled'] = true;
+		else
+			unset($aclent['disabled']);
+	
+
+
+		if (isset($id) && $a_acl[$id])
+			$a_acl[$id] = $aclent;
+		else {
+			if (is_numeric($after))
+				array_splice($a_acl, $after+1, 0, array($aclent));
+			else
+				$a_acl[] = $aclent;
+		}
+
+		write_config();
+
+		header("Location: unbound_acls.php");
+		exit;
+	}
+}
+
+$pgtitle = array(gettext("Services"),gettext("Unbound ACLs"),gettext("Edit"));
+$statusurl = "unbound_status.php";
+$logurl = "diag_pkglogs.php?pkg=Unbound";
+
+$page_filename = "unbound_acls_edit.php";
+include("head.inc");
+
+?>
+<script type="text/javascript" language="javascript" src="/javascript/row_helper_dynamic.js">
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="Effect.Appear('inet', { duration : 0.5 });">
+<script language="JavaScript"> 
+function doFade( optionValue )
+{
+	switch( optionValue )
+	{
+		case "inet" :
+		Effect.Appear('IPV4',{ duration: 0.5 });
+		Effect.Fade('IPV6', { duration: 0.1 });
+		break;
+
+		case "inet6" :
+		Effect.Appear('IPV6',{ duration: 0.5 });
+		Effect.Fade('IPV4', { duration: 0.1 });
+		break;
+									
+	}
+} 
+</script>
+
+<?php include("fbegin.inc"); ?>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+
+<form action="unbound_acls_edit.php" method="post" name="iform" id="iform">
+<input type='hidden' name="aclid" value="<?=(isset($pconfig['aclid']) && $pconfig['aclid']>0)?htmlspecialchars($pconfig['aclid']):''?>">
+
+	<table width="100%" border="0" cellpadding="6" cellspacing="0">
+		<tr>
+			<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit ACL");?></td>
+		</tr>	
+    	<tr>
+			<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
+			<td width="78%" class="vtable">
+				<select name="aclaction" class="formselect">
+					<?php $types = explode(",", "Deny,Refuse,Allow,Allow Snoop"); foreach ($types as $type): ?>
+					<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
+					<?=htmlspecialchars($type);?>
+					</option>
+					<?php endforeach; ?>
+				</select>
+				<br/>
+				<span class="vexpl">
+					<?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br/>
+					<?=gettext("<b>Deny:</b> This actions stops queries from hosts within the netblock defined below.");?> <br/>
+					<?=gettext("<b>Refuse:</b> This actions also stops queries from hosts within the netblock defined below, but sends back DNS rcode REFUSED error message back tot eh client.");?> <br/>
+					<?=gettext("<b>Allow:</b> This actions allows queries from hosts within the netblock defined below.");?> <br/>
+					<?=gettext("<b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/>
+				</span>
+			</td>
+		</tr>
+		<tr>
+			<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
+			<td width="78%" class="vtable">
+				<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
+				<strong><?=gettext("Disable this ACL");?></strong><br />
+				<span class="vexpl"><?=gettext("Set this option to disable this ACL without removing it from the list.");?></span>
+			</td>
+		</tr>
+		<tr>
+			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
+			<td width="78%" class="vtable">
+				<select name="ipprotocol" class="formselect" onchange="doFade( this.value )">
+				<?php      $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6');
+					foreach ($ipproto as $proto => $name): ?>
+						<option value="<?=$proto;?>"
+							<?php if ($proto == $pconfig['ipprotocol']): ?>
+								selected="selected"
+							<?php endif; ?>
+							><?=$name;?></option>
+					<?php endforeach; ?>
+				</select>
+				<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br/>
+			</td>
+        </tr>
+		<tr>
+			<td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td>
+			<td width="78%" class="vtable">
+				<script type="text/javascript" language='javascript'> 
+							<!--
+							rowname[0] = "acl_network";
+							rowtype[0] = "input";
+							rowname[1] = "mask";
+							rowtype[1] = "select";
+							-->
+							</script> 
+			
+				<table border="0" cellspacing="0" cellpadding="0" id="IPV4">
+					<tr>
+						<td>&nbsp;<?=gettext("Network");?></td>
+						<td>&nbsp;&nbsp;<?=gettext("CIDR");?></td>
+					</tr>
+					<tr>
+						<td><input name="src" type="text" id="src" size="20" value="<?php echo htmlspecialchars($pconfig['src']);?>"> / </td>
+						<td>&nbsp;
+							<select name="srcmask" class="formselect" id="srcmask">
+<?php						for ($i = 31; $i > 0; $i--): ?>
+								<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
+<?php 						endfor; ?>
+							</select>
+						</td>
+					</tr>
+				</table>
+				
+				<table border="0" cellspacing="0" cellpadding="0" id="IPV6">
+					<tr>
+						<td><?=gettext("Type:");?>&nbsp;&nbsp;</td>
+						<td>
+							<select name="inet6srctype" class="formselect" onChange="typeselinet6_change()">
+								<option value="network"><?=gettext("Network");?></option>
+							</select>
+						</td>
+					</tr>
+					<tr>
+						<td><?=gettext("Network:");?>&nbsp;&nbsp;</td>
+						<td>
+							<input autocomplete='off' name="inet6src" type="text" id="inet6src" size="20" value="<?php echo htmlspecialchars($pconfig['inet6src']);?>"> /
+							<select name="inet6srcmask" class="formselect" id="inet6srcmask">
+							<?php	for ($i = 128; $i > 0; $i--): ?>
+								<option value="<?=$i;?>" <?php if ($i == $pconfig['inet6srcmask']) echo "selected"; ?>><?=$i;?></option>
+							<?php	endfor; ?>
+							</select>
+						</td>
+					</tr>
+				</table>
+			</td>
+		</tr>
+		<tr>
+			<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
+			<td width="78%" class="vtable">
+				<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
+				<br />
+				<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
+			</td>
+		</tr>
+		<tr>
+			<td>&nbsp;</td>
+		</tr>
+		<tr>
+			<td width="22%" valign="top">&nbsp;</td>
+			<td width="78%">
+				&nbsp;<br>&nbsp;
+				<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">  <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
+<?php			if (isset($id) && $a_filter[$id]): ?>
+					<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
+<?php 			endif; ?>
+				<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
+			</td>
+		</tr>
+	</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
-- 
cgit v1.2.3


From 0c865d94a4e758a45e31c0787ecec4bc04cdd371 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@gmail.com>
Date: Wed, 28 Sep 2011 16:36:18 -0400
Subject: Add pbi for avahi.

---
 pkg_config.8.xml.amd64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index eb118b0c..daa52fc2 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -210,6 +210,7 @@
 		<build_port_path>/usr/ports/net/avahi</build_port_path>
 		<build_port_path>/usr/ports/net/avahi-app</build_port_path>
 		<depends_on_package>avahi-0.6.28.tbz</depends_on_package>
+		<depends_on_package_pbi>avahi-0.6.29-amd64.pbi</depends_on_package_pbi>
 		<version>0.6.25_1</version>
 		<status>ALPHA</status>
 		<required_version>1.2.3</required_version>
-- 
cgit v1.2.3


From 6453743b122269c3a193e034a44cdccd3dd1bb3f Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@gmail.com>
Date: Wed, 28 Sep 2011 19:07:00 -0400
Subject: Add snort pbi

---
 pkg_config.8.xml.amd64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index daa52fc2..300a68ce 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -368,6 +368,7 @@
 		<descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr>
 		<category>Security</category>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
+		<depends_on_package_pbi>snort-2.9.1-amd64.pbi</depends_on_package_pbi>
 		<depends_on_package>mysql-client-5.1.53.tbz</depends_on_package>
 		<depends_on_package>snort-2.9.0.5.tbz</depends_on_package>
 		<depends_on_package>perl-threaded-5.10.1_3.tbz</depends_on_package>
-- 
cgit v1.2.3


From ba56c44bc73146b8e3e43073e1f153b667111964 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@gmail.com>
Date: Wed, 28 Sep 2011 19:07:55 -0400
Subject: Add spamd pbi

---
 pkg_config.8.xml.amd64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 300a68ce..b0062363 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -434,6 +434,7 @@
 		<config_file>http://www.pfsense.com/packages/config/postfix/postfix.xml</config_file>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
 		<depends_on_package>postfix-2.8.5,1.tbz</depends_on_package>
+		<depends_on_package_pbi>spamd-4.9.1-amd64.pbi</depends_on_package_pbi>
 		<version>2.8.5,1 pkg v.2.1</version>
 		<status>RC1</status>
 		<required_version>2.0</required_version>
-- 
cgit v1.2.3


From 6781217b5321b6e2129bf24d9ad8d60e9ddc05c0 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@gmail.com>
Date: Wed, 28 Sep 2011 19:11:28 -0400
Subject: Adding squid pbi

---
 pkg_config.8.xml.amd64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index b0062363..f73aa6ca 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -42,6 +42,7 @@
 		<maintainer>fernando@netfilter.com.br seth.mos@xs4all.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
 		<depends_on_package>squid-2.7.9_1.tbz</depends_on_package>
+		<depends_on_package_pbi>squid-2.7.9_1-amd64.pbi</depends_on_package_pbi>
 		<depends_on_package>squid_radius_auth-1.10.tbz</depends_on_package>
 		<depends_on_package>libwww-5.4.0_4.tbz</depends_on_package>
 		<build_port_path>/usr/ports/www/squid</build_port_path>
-- 
cgit v1.2.3


From 5aa5ff55030f22aee394d643b32399157878ef9e Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@gmail.com>
Date: Wed, 28 Sep 2011 19:12:13 -0400
Subject: Adding varnish pbi

---
 pkg_config.8.xml.amd64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index f73aa6ca..f32ecb7c 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -65,6 +65,7 @@
 		<configurationfile>varnish_backends.xml</configurationfile>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
 		<depends_on_package>varnish-2.1.5.tbz</depends_on_package>
+		<depends_on_package_pbi>varnish-3.0.1_2-amd64.pbi</depends_on_package_pbi>
 		<depends_on_package>gcc-4.2.5.20090325_5.tbz</depends_on_package>
 		<build_port_path>/usr/ports/www/varnish</build_port_path>
 		<build_port_path>/usr/ports/lang/gcc42</build_port_path>
-- 
cgit v1.2.3


From f956b613ddbf967e736902ac2b60d337e4d94a44 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@gmail.com>
Date: Wed, 28 Sep 2011 19:13:17 -0400
Subject: Adding ntop pbi

---
 pkg_config.8.xml.amd64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index f32ecb7c..b8710c15 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -226,6 +226,7 @@
 		<descr>ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.</descr>
 		<category>Network Management</category>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
+		<depends_on_package_pbi>ntop-4.1.0_1-amd64.pbi</depends_on_package_pbi>
 		<depends_on_package>rrdtool-1.2.26_1.tbz</depends_on_package>
 		<depends_on_package>gdbm-1.8.3_3.tbz</depends_on_package>
 		<depends_on_package>perl-5.12.3.tbz</depends_on_package>
-- 
cgit v1.2.3


From aa5e95e3d1829d86f8f851b4d77488dc59a23a19 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Thu, 29 Sep 2011 20:58:58 +0200
Subject: Add function to determine next available ACL id and replace spaces
 with _ for acl actions

---
 config/unbound/unbound.inc | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index 6c6a814d..cec618c9 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -623,6 +623,7 @@ function unbound_validate($post, $type=null) {
 	/* Validate the access lists */
 	if($type == "acl") {
 		$acls = $post;
+		$acls['aclaction'] = preg_replace(" ", "_", $acls['aclaction']);
 		// Check to ensure values entered is an action that is in the list
 		if ($acls['aclaction'] != 'refuse' && $acls['aclaction'] != 'allow' && $acls['aclaction'] != 'allow_snoop' && $acls['aclaction'] != 'deny')
 			$input_errors[] = "{$acls['aclaction']} is not a valid ACL Action. Please select one of the four actions defined in the list.";
@@ -861,4 +862,24 @@ function unbound_add_domain_overrides($pvt=false) {
 	}	
 }
 
+function unbound_acl_id_used($id) {
+	global $config;
+
+	if (is_array($config['installedpackages']['unboundacls']['config']))
+		foreach ($config['installedpackages']['unboundacls']['config'] as & $acls)
+			if ($id == $acls['aclid'])
+				return true;
+
+	return false;
+}
+
+function unbound_get_next_id() {
+
+	$aclid = 0;
+	while(unbound_acl_id_used($aclid))
+		$aclid++;
+
+	return $aclid;
+}
+
 ?>
\ No newline at end of file
-- 
cgit v1.2.3


From d7f430d3f66fa0461737b2cf2485649084c469e2 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Thu, 29 Sep 2011 21:06:07 +0200
Subject: Add support for IPv6 ACLs and mixing of both IPv6 and v4 ACLs

---
 config/unbound/unbound_acls.php      | 805 +++++++----------------------------
 config/unbound/unbound_acls_edit.php | 277 ------------
 2 files changed, 158 insertions(+), 924 deletions(-)
 delete mode 100644 config/unbound/unbound_acls_edit.php

diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php
index d1b501d6..b60de2dd 100644
--- a/config/unbound/unbound_acls.php
+++ b/config/unbound/unbound_acls.php
@@ -30,91 +30,46 @@
 */
 
 require("guiconfig.inc");
+require("unbound.inc");
 
 if(!is_process_running("unbound")) {
 	Header("Location: /pkg_edit.php?xml=unbound.xml&id=0");
 	exit;
 }
 
-if (!is_array($config['installedpackages']['unboundacls'][0]['config']))
-	$config['installedpackages']['unboundacls'][0]['config'] = array();
+if (!is_array($config['installedpackages']['unboundacls']['config']))
+	$config['installedpackages']['unboundacls']['config'] = array();
 
-$a_acls = &$config['installedpackages']['unboundacls'][0]['config'];
+$a_acls = &$config['installedpackages']['unboundacls']['config'];
 
 $id = $_GET['id'];
-if (isset($_POST['id']))
-	$id = $_POST['id'];
+if (isset($_POST['aclid']))
+	$id = $_POST['aclid'];
 
 $act = $_GET['act'];
 if (isset($_POST['act']))
 	$act = $_POST['act'];
 
-if ($_GET['act'] == "del") {
-
-	if (!$a_client[$id]) {
-		pfSenseHeader("vpn_openvpn_client.php");
+if ($act == "del") {
+	if (!$a_acls[$id]) {
+		pfSenseHeader("unbound_acls.php");
 		exit;
 	}
 
-	openvpn_delete('client', $a_client[$id]);
-	unset($a_client[$id]);
+	unset($a_acls[$id]);
 	write_config();
-	$savemsg = gettext("Client successfully deleted")."<br/>";
+	unbound_reconfigure();
+	$savemsg = gettext("Access List successfully deleted")."<br/>";
 }
 
-if($_GET['act']=="new"){
-	$pconfig['autokey_enable'] = "yes";
-	$pconfig['tlsauth_enable'] = "yes";
-	$pconfig['autotls_enable'] = "yes";
-	$pconfig['interface'] = "wan";
-	$pconfig['server_port'] = 1194;
+if ($act == "new") {
+	$id = unbound_get_next_id();
 }
 
-if($_GET['act']=="edit"){
-
-	if (isset($id) && $a_client[$id]) {
-
-		$pconfig['disable'] = isset($a_client[$id]['disable']);
-		$pconfig['mode'] = $a_client[$id]['mode'];
-		$pconfig['protocol'] = $a_client[$id]['protocol'];
-		$pconfig['interface'] = $a_client[$id]['interface'];
-		if (!empty($a_client[$id]['ipaddr'])) {
-			$pconfig['interface'] = $pconfig['interface'] . '|' . $a_client[$id]['ipaddr'];
-		}
-		$pconfig['local_port'] = $a_client[$id]['local_port'];
-		$pconfig['server_addr'] = $a_client[$id]['server_addr'];
-		$pconfig['server_port'] = $a_client[$id]['server_port'];
-		$pconfig['resolve_retry'] = $a_client[$id]['resolve_retry'];
-		$pconfig['proxy_addr'] = $a_client[$id]['proxy_addr'];
-		$pconfig['proxy_port'] = $a_client[$id]['proxy_port'];
-		$pconfig['proxy_user'] = $a_client[$id]['proxy_user'];
-		$pconfig['proxy_passwd'] = $a_client[$id]['proxy_passwd'];
-		$pconfig['proxy_authtype'] = $a_client[$id]['proxy_authtype'];
-		$pconfig['description'] = $a_client[$id]['description'];
-		$pconfig['custom_options'] = $a_client[$id]['custom_options'];
-		$pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type'];
-		$pconfig['dev_mode'] = $a_client[$id]['dev_mode'];
-	
-		if ($pconfig['mode'] != "p2p_shared_key") {
-			$pconfig['caref'] = $a_client[$id]['caref'];
-			$pconfig['certref'] = $a_client[$id]['certref'];
-			if ($a_client[$id]['tls']) {
-				$pconfig['tlsauth_enable'] = "yes";
-				$pconfig['tls'] = base64_decode($a_client[$id]['tls']);
-			}
-		} else
-			$pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']);
-		$pconfig['crypto'] = $a_client[$id]['crypto'];
-		$pconfig['engine'] = $a_client[$id]['engine'];
-
-		$pconfig['tunnel_network'] = $a_client[$id]['tunnel_network'];
-		$pconfig['remote_network'] = $a_client[$id]['remote_network'];
-		$pconfig['compression'] = $a_client[$id]['compression'];
-		$pconfig['passtos'] = $a_client[$id]['passtos'];
-
-		// just in case the modes switch
-		$pconfig['autokey_enable'] = "yes";
-		$pconfig['autotls_enable'] = "yes";
+if ($act == "edit") {
+	if (isset($id) && $a_acls[$id]) {
+		$pconfig = $a_acls[$id];
+		$networkacl = $a_acls[$id]['row'];
 	}
 }
 
@@ -123,134 +78,46 @@ if ($_POST) {
 	unset($input_errors);
 	$pconfig = $_POST;
 
-	if (isset($id) && $a_client[$id])
-		$vpnid = $a_client[$id]['vpnid'];
-	else
-		$vpnid = 0;
-
-	if ($pconfig['mode'] != "p2p_shared_key")
-		$tls_mode = true;
-	else
-		$tls_mode = false;
-
-	/* input validation */
-	if ($pconfig['local_port']) {
-
-		if ($result = openvpn_validate_port($pconfig['local_port'], 'Local port'))
-			$input_errors[] = $result;
-
-		$portused = openvpn_port_used($pconfig['protocol'], $pconfig['local_port']);
-		if (($portused != $vpnid) && ($portused != 0))
-			$input_errors[] = gettext("The specified 'Local port' is in use. Please select another value");
-	}
-
-	if ($result = openvpn_validate_host($pconfig['server_addr'], 'Server host or address'))
-		$input_errors[] = $result;
-
-	if ($result = openvpn_validate_port($pconfig['server_port'], 'Server port'))
-		$input_errors[] = $result;
-
-	if ($pconfig['proxy_addr']) {
-
-		if ($result = openvpn_validate_host($pconfig['proxy_addr'], 'Proxy host or address'))
-			$input_errors[] = $result;
-
-		if ($result = openvpn_validate_port($pconfig['proxy_port'], 'Proxy port'))
-			$input_errors[] = $result;
-
-		if ($pconfig['proxy_authtype'] != "none") {
-			if (empty($pconfig['proxy_user']) || empty($pconfig['proxy_passwd']))
-				$input_errors[] = gettext("User name and password are required for proxy with authentication.");
+	/* input validation - only allow 50 entries in a single ACL*/
+	for($x=0; $x<50; $x++) {
+		if(isset($pconfig["acl_network{$x}"])) {
+			$networkacl[$x] = array();
+			$networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"];
+			$networkacl[$x]['mask'] = $pconfig["mask{$x}"];
+			$networkacl[$x]['description'] = $pconfig["description{$x}"];
+			if (!is_ipaddr($networkacl[$x]['acl_network']))
+				$input_errors[] = gettext("You must enter a valid network IP address for {$networkacl[$x]['acl_network']}.");
+
+			if (is_ipaddrv4($networkacl[$x]['acl_network'])) {
+				if (!is_subnet($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask']))
+					$input_errors[] = gettext("You must enter a valid IPv4 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}.");
+			} else if (function_exists("is_ipaddrv6")) {
+				if (!is_ipaddrv6($networkacl[$x]['acl_network']))
+					$input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}.");
+				else if (!is_subnetv6($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask']))
+					$input_errors[] = gettext("You must enter a valid IPv6 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}.");
+			} else
+				$input_errors[] = gettext("You must enter a valid IPv4 address for {$networkacl[$x]['acl_network']}.");
 		}
 	}
-
-	if($pconfig['tunnel_network'])
-		if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network'))
-			$input_errors[] = $result;
-
-	if ($result = openvpn_validate_cidr($pconfig['remote_network'], 'Remote network'))
-		$input_errors[] = $result;
-
-    if ($pconfig['autokey_enable'])
-        $pconfig['shared_key'] = openvpn_create_key();
-
-	if (!$tls_mode && !$pconfig['autokey_enable'])
-		if (!strstr($pconfig['shared_key'], "-----BEGIN OpenVPN Static key V1-----") ||
-			!strstr($pconfig['shared_key'], "-----END OpenVPN Static key V1-----"))
-			$input_errors[] = gettext("The field 'Shared Key' does not appear to be valid");
-
-	if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable'])
-		if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") ||
-			!strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----"))
-			$input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid");
-
-	/* If we are not in shared key mode, then we need the CA/Cert. */
-	if ($pconfig['mode'] != "p2p_shared_key") {
-		$reqdfields = explode(" ", "caref certref");
-		$reqdfieldsn = array(gettext("Certificate Authority"),gettext("Certificate"));
-	} elseif (!$pconfig['autokey_enable']) {
-		/* We only need the shared key filled in if we are in shared key mode and autokey is not selected. */
-		$reqdfields = array('shared_key');
-		$reqdfieldsn = array(gettext('Shared key'));
-	}
-
-	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
 	
 	if (!$input_errors) {
 
-		$client = array();
-
-		if ($vpnid)
-			$client['vpnid'] = $vpnid;
-		else
-			$client['vpnid'] = openvpn_vpnid_next();
-
-		if ($_POST['disable'] == "yes")
-			$client['disable'] = true;
-		$client['protocol'] = $pconfig['protocol'];
-		$client['dev_mode'] = $pconfig['dev_mode'];
-		list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']);
-		$client['local_port'] = $pconfig['local_port'];
-		$client['server_addr'] = $pconfig['server_addr'];
-		$client['server_port'] = $pconfig['server_port'];
-		$client['resolve_retry'] = $pconfig['resolve_retry'];
-		$client['proxy_addr'] = $pconfig['proxy_addr'];
-		$client['proxy_port'] = $pconfig['proxy_port'];
-		$client['proxy_authtype'] = $pconfig['proxy_authtype'];
-		$client['proxy_user'] = $pconfig['proxy_user'];
-		$client['proxy_passwd'] = $pconfig['proxy_passwd'];
-		$client['description'] = $pconfig['description'];
-		$client['mode'] = $pconfig['mode'];
-		$client['custom_options'] = str_replace("\r\n", "\n", $pconfig['custom_options']);
-
-        if ($tls_mode) {
-            $client['caref'] = $pconfig['caref'];
-            $client['certref'] = $pconfig['certref'];
-            if ($pconfig['tlsauth_enable']) {
-                if ($pconfig['autotls_enable'])
-                    $pconfig['tls'] = openvpn_create_key();
-                $client['tls'] = base64_encode($pconfig['tls']);
-            }
-        } else {
-            $client['shared_key'] = base64_encode($pconfig['shared_key']);
-        }
-		$client['crypto'] = $pconfig['crypto'];
-		$client['engine'] = $pconfig['engine'];
-
-		$client['tunnel_network'] = $pconfig['tunnel_network'];
-		$client['remote_network'] = $pconfig['remote_network'];
-		$client['compression'] = $pconfig['compression'];
-		$client['passtos'] = $pconfig['passtos'];
-
-		if (isset($id) && $a_client[$id])
-			$a_client[$id] = $client;
-		else
-			$a_client[] = $client;
-
-		openvpn_resync('client', $client);
-		write_config();
-		
-		header("Location: vpn_openvpn_client.php");
+		if(!$a_acls[$id])
+			$a_acls[$id]['aclid'] = $id;
+
+		if (isset($id) && $a_acls[$id]) {
+			$a_acls[$id]['aclid'] = $pconfig['aclid'];
+			$a_acls[$id]['aclname'] = $pconfig['aclname'];
+			$a_acls[$id]['aclaction'] = $pconfig['aclaction'];
+			$a_acls[$id]['description'] = $pconfig['description'];
+			$a_acls[$id]['row'] = array();
+			foreach ($networkacl as $acl)
+				$a_acls[$id]['row'][] = $acl;
+			write_config();
+			unbound_reconfigure();
+		}
+		header("Location: unbound_acls.php");
 		exit;
 	}
 }
@@ -260,7 +127,31 @@ $pgtitle = "Services: Unbound DNS Forwarder: Access Lists";
 include("head.inc");
 
 ?>
+
+<script type="text/javascript" src="/javascript/row_helper.js">
+</script>
+
+<script type="text/javascript">
+	function mask_field(fieldname, fieldsize, n) {
+		return '<select name="' + fieldname + n + '" class="formselect" id="' + fieldname + n + '"><?php
+			for ($i = 128; $i >= 0; $i--) {
+					echo "<option value=\"$i\">$i</option>";
+			}
+		?></select>';
+	}
+
+	rowtype[0] = "textbox";
+	rowname[0] = "acl_network";
+	rowsize[0] = "30";
+	rowname[1] = "mask";
+	rowtype[1] = mask_field;
+	rowtype[2] = "textbox";
+	rowname[2] = "description";
+	rowsize[2] = "40";
+</script>
+
 <body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
 <?php include("fbegin.inc"); ?>
 <?php
 if (!$savemsg)
@@ -268,6 +159,7 @@ if (!$savemsg)
 
 if ($input_errors)
 	print_input_errors($input_errors);
+
 if ($savemsg)
 	print_info_box($savemsg);
 ?>
@@ -291,476 +183,119 @@ if ($savemsg)
 
 			<?php if($act=="new" || $act=="edit"): ?>
 
-			<form action="unbound_acls.php" method="post" name="iform" id="iform" onsubmit="presubmit()">
+			<form action="unbound_acls.php" method="post" name="iform" id="iform">
+			<input name="aclid" type="hidden" value="<?=$id;?>">
+			<input name="act" type="hidden" value="<?=$act;?>">
+
 				<table width="100%" border="0" cellpadding="6" cellspacing="0">
 					<tr>
-						<td colspan="2" valign="top" class="listtopic"><?=gettext("General information"); ?></td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
-						<td width="78%" class="vtable">
-							<table border="0" cellpadding="0" cellspacing="0">
-								<tr>
-									<td>
-										<?php set_checked($pconfig['disable'],$chk); ?>
-										<input name="disable" type="checkbox" value="yes" <?=$chk;?>/>
-									</td>
-									<td>
-										&nbsp;
-										<span class="vexpl">
-											<strong><?=gettext("Disable this Access List"); ?></strong><br>
-										</span>
-									</td>
-								</tr>
-							</table>
-							<?=gettext("Set this option to disable this access list without removing it from the list"); ?>.
-						</td>
+						<td colspan="2" valign="top" class="listtopic"><?=sprintf(gettext("%s ACL"),$act);?></td>
 					</tr>
 					<tr>
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server Mode");?></td>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("ACL name");?></td>
 						<td width="78%" class="vtable">
-							<select name='mode' id='mode' class="formselect" onchange='mode_change()'>
-							<?php
-								foreach ($openvpn_client_modes as $name => $desc):
-									$selected = "";
-									if ($pconfig['mode'] == $name)
-										$selected = "selected";
-							?>
-								<option value="<?=$name;?>" <?=$selected;?>><?=$desc;?></option>
-							<?php endforeach; ?>
-							</select>
+							<input name="aclname" type="text" class="formfld" id="aclname" size="30" maxlength="30" value="<?=htmlspecialchars($pconfig['aclname']);?>">
+							<br />
+							<span class="vexpl"><?=gettext("Provide an ACL name.");?></span>
 						</td>
 					</tr>
 					<tr>
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
-							<td width="78%" class="vtable">
-							<select name='protocol' class="formselect">
-							<?php
-								foreach ($openvpn_prots as $prot):
-									$selected = "";
-									if ($pconfig['protocol'] == $prot)
-										$selected = "selected";
-							?>
-								<option value="<?=$prot;?>" <?=$selected;?>><?=$prot;?></option>
-							<?php endforeach; ?>
-							</select>
-							</td>
-					</tr>
-                                        <tr>
-                                                <td width="22%" valign="top" class="vncellreq"><?=gettext("Device mode");?></td>
-                                                        <td width="78%" class="vtable">
-                                                        <select name='dev_mode' class="formselect">
-                                                        <?php
-                                                                foreach ($openvpn_dev_mode as $mode):
-                                                                        $selected = "";
-                                                                        if ($pconfig['dev_mode'] == $mode)
-                                                                                $selected = "selected";
-                                                        ?>
-                                                                <option value="<?=$mode;?>" <?=$selected;?>><?=$mode;?></option>
-                                                        <?php endforeach; ?>
-                                                        </select>
-                                                        </td>
-                                        </tr>
-					<tr>
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
+						<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
 						<td width="78%" class="vtable">
-							<select name="interface" class="formselect">
-								<?php
-									$interfaces = get_configured_interface_with_descr();
-									$carplist = get_configured_carp_interface_list();
-									foreach ($carplist as $cif => $carpip)
-										$interfaces[$cif.'|'.$carpip] = $carpip." (".get_vip_descr($carpip).")";
-									$aliaslist = get_configured_ip_aliases_list();
-									foreach ($aliaslist as $aliasip => $aliasif)
-										$interfaces[$aliasif.'|'.$aliasip] = $aliasip." (".get_vip_descr($aliasip).")";
-									$interfaces['any'] = "any";
-									foreach ($interfaces as $iface => $ifacename):
-										$selected = "";
-										if ($iface == $pconfig['interface'])
-											$selected = "selected";
-								?>
-									<option value="<?=$iface;?>" <?=$selected;?>>
-										<?=htmlspecialchars($ifacename);?>
-									</option>
+							<select name="aclaction" class="formselect">
+								<?php $types = explode(",", "Deny,Refuse,Allow,Allow Snoop"); foreach ($types as $type): ?>
+								<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['aclaction'])) echo "selected"; ?>>
+								<?=htmlspecialchars($type);?>
+								</option>
 								<?php endforeach; ?>
-							</select> <br>
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Local port");?></td>
-						<td width="78%" class="vtable">
-							<input name="local_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['local_port']);?>"/>
+							</select>
 							<br/>
-							<?=gettext("Set this option if you would like to bind to a specific port. Leave this blank or enter 0 for a random dynamic port."); ?>
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server host or address");?></td>
-						<td width="78%" class="vtable">
-							<input name="server_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['server_addr']);?>"/>
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Server port");?></td>
-						<td width="78%" class="vtable">
-							<input name="server_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['server_port']);?>"/>
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy host or address");?></td>
-						<td width="78%" class="vtable">
-							<input name="proxy_addr" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['proxy_addr']);?>"/>
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy port");?></td>
-						<td width="78%" class="vtable">
-							<input name="proxy_port" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['proxy_port']);?>"/>
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Proxy authentication extra options");?></td>
-						<td width="78%" class="vtable">
-							<table border="0" cellpadding="2" cellspacing="0">
-								<tr>
-                                                                        <td align="right" width="25%">
-                                                                                <span class="vexpl">
-                                                                                         &nbsp;<?=gettext("Authentication method"); ?> :&nbsp;
-                                                                                </span>
-                                                                        </td>
-                                                                        <td>
-										<select name="proxy_authtype" id="proxy_authtype" class="formfld select" onChange="useproxy_changed()">
-											<option value="none" <?php if ($pconfig['proxy_authtype'] == "none") echo "selected"; ?>><?=gettext("none"); ?></option>
-											<option value="basic" <?php if ($pconfig['proxy_authtype'] == "basic") echo "selected"; ?>><?=gettext("basic"); ?></option>
-											<option value="ntlm" <?php if ($pconfig['proxy_authtype'] == "ntlm") echo "selected"; ?>><?=gettext("ntlm"); ?></option>
-										</select>
-									</td>
-								</tr>
-							</table>
-							<br />
-							 <table border="0" cellpadding="2" cellspacing="0" id="proxy_authtype_opts" style="display:none">
-                                                                <tr>
-                                                                        <td align="right" width="25%">
-                                                                                <span class="vexpl">
-                                                                                         &nbsp;<?=gettext("Username"); ?> :&nbsp;
-                                                                                </span>
-                                                                        </td>
-                                                                        <td>
-                                                                                <input name="proxy_user" id="proxy_user" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['proxy_user']);?>" />
-                                                                        </td>
-                                                                </tr>
-                                                                <tr>
-                                                                        <td align="right" width="25%">
-                                                                                <span class="vexpl">
-                                                                                         &nbsp;<?=gettext("Password"); ?> :&nbsp;
-                                                                                </span>
-                                                                        </td>
-                                                                        <td>
-                                                                                <input name="proxy_passwd" id="proxy_passwd" type="password" class="formfld pwd" size="20" value="<?=htmlspecialchars($pconfig['proxy_passwd']);?>" />
-                                                                        </td>
-                                                                </tr>
-                                                        </table>
+							<span class="vexpl">
+								<?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br/>
+								<?=gettext("<b>Deny:</b> This actions stops queries from hosts within the netblock defined below.");?> <br/>
+								<?=gettext("<b>Refuse:</b> This actions also stops queries from hosts within the netblock defined below, but sends back DNS rcode REFUSED error message back tot eh client.");?> <br/>
+								<?=gettext("<b>Allow:</b> This actions allows queries from hosts within the netblock defined below.");?> <br/>
+								<?=gettext("<b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/>
+							</span>
 						</td>
 					</tr>
 					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Server host name resolution"); ?></td>
-						<td width="78%" class="vtable">
-							<table border="0" cellpadding="2" cellspacing="0">
+					<td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td>
+					<td width="78%" class="vtable">
+						<table id="maintable">
+							<tbody>
 								<tr>
-									<td>
-										<?php set_checked($pconfig['resolve_retry'],$chk); ?>
-										<input name="resolve_retry" type="checkbox" value="yes" <?=$chk;?>>
-									</td>
-									<td>
-										<span class="vexpl">
-											<?=gettext("Infinitely resolve server"); ?>
-										</span>
-									</td>
+									<td><div id="onecolumn"><?=gettext("Network");?></div></td>
+									<td><div id="twocolumn"><?=gettext("CIDR");?></div></td>
+									<td><div id="threecolumn"><?=gettext("Description");?></div></td>
 								</tr>
-							</table>
-							<?=gettext("Continuously attempt to resolve the server host " .
-							"name. Useful when communicating with a server " .
-							"that is not permanently connected to the Internet"); ?>.
-						</td>
-					</tr>
-					<tr> 
-						<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
-						<td width="78%" class="vtable"> 
-							<input name="description" type="text" class="formfld unknown" size="30" value="<?=htmlspecialchars($pconfig['description']);?>">
-							<br>
-							<?=gettext("You may enter a description here for your reference (not parsed)"); ?>.
-						</td>
-					</tr>
-					<tr>
-						<td colspan="2" class="list" height="12"></td>
-					</tr>
-					<tr>
-						<td colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Settings"); ?></td>
-					</tr>
-					<tr id="tls">
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("TLS Authentication"); ?></td>
-						<td width="78%" class="vtable">
-							<table border="0" cellpadding="2" cellspacing="0">
-								<tr>
-									<td>
-										<?php set_checked($pconfig['tlsauth_enable'],$chk); ?>
-										<input name="tlsauth_enable" id="tlsauth_enable" type="checkbox" value="yes" <?=$chk;?> onClick="tlsauth_change()">
-									</td>
-									<td>
-										<span class="vexpl">
-											<?=gettext("Enable authentication of TLS packets"); ?>.
-										</span>
-									</td>
-								</tr>
-							</table>
-							<?php if (!$pconfig['tls']): ?>
-							<table border="0" cellpadding="2" cellspacing="0" id='tlsauth_opts'>
-								<tr>
-									<td>
-										<?php set_checked($pconfig['autotls_enable'],$chk); ?>
-										<input name="autotls_enable" id="autotls_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autotls_change()">
-									</td>
-									<td>
-										<span class="vexpl">
-											<?=gettext("Automatically generate a shared TLS authentication key"); ?>.
-										</span>
-									</td>
-								</tr>
-							</table>
-							<?php endif; ?>
-							<table border="0" cellpadding="2" cellspacing="0" id='autotls_opts'>
+								<?php $counter = 0; ?>
+								<?php
+									if($networkacl)
+										foreach($networkacl as $item):
+								?>
+										<?php
+											$network = $item['acl_network'];
+											$cidr = $item['mask'];
+											$description = $item['description'];
+										?>
 								<tr>
 									<td>
-										<textarea name="tls" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['tls']);?></textarea>
-										<br/>
-										<?=gettext("Paste your shared key here"); ?>.
+										<input autocomplete="off" name="acl_network<?=$counter;?>" type="text" class="formfld unknown" id="acl_network<?=$counter;?>" size="40" value="<?=htmlspecialchars($network);?>" />
 									</td>
-								</tr>
-							</table>
-						</td>
-					</tr>
-					<tr id="tls_ca">
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Peer Certificate Authority"); ?></td>
-							<td width="78%" class="vtable">
-							<?php if (count($a_ca)): ?>
-							<select name='caref' class="formselect">
-							<?php
-								foreach ($a_ca as $ca):
-									$selected = "";
-									if ($pconfig['caref'] == $ca['refid'])
-										$selected = "selected";
-							?>
-								<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
-							<?php endforeach; ?>
-							</select>
-							<?php else: ?>
-								<b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System &gt; Cert Manager</a>.
-							<?php endif; ?>
-							</td>
-					</tr>
-					<tr id="tls_cert">
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Client Certificate"); ?></td>
-							<td width="78%" class="vtable">
-							<?php if (count($a_cert)): ?>
-							<select name='certref' class="formselect">
-							<?php
-							foreach ($a_cert as $cert):
-								$selected = "";
-								$caname = "";
-								$inuse = "";
-								$revoked = "";
-								$ca = lookup_ca($cert['caref']);
-								if ($ca)
-									$caname = " (CA: {$ca['descr']})";
-								if ($pconfig['certref'] == $cert['refid'])
-									$selected = "selected";
-								if (cert_in_use($cert['refid']))
-									$inuse = " *In Use";
-								if (is_cert_revoked($cert))
-									$revoked = " *Revoked";
-							?>
-								<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
-							<?php endforeach; ?>
-							</select>
-							<?php else: ?>
-								<b>No Certificates defined.</b> <br/>Create one under <a href="system_certmanager.php">System &gt; Cert Manager</a>.
-							<?php endif; ?>
-						</td>
-					</tr>
-					<tr id="psk">
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Key"); ?></td>
-						<td width="78%" class="vtable">
-							<?php if (!$pconfig['shared_key']): ?>
-							<table border="0" cellpadding="2" cellspacing="0">
-								<tr>
 									<td>
-										<?php set_checked($pconfig['autokey_enable'],$chk); ?>
-										<input name="autokey_enable" type="checkbox" value="yes" <?=$chk;?> onClick="autokey_change()">
+										<select name="mask<?=$counter;?>" class="formselect" id="mask<?=$counter;?>">
+										<?php
+											for ($i = 128; $i > 0; $i--) {
+												echo "<option value=\"$i\" ";
+												if ($i == $cidr) echo "selected";
+												echo ">" . $i . "</option>";
+											}
+										?>
+										</select>
 									</td>
 									<td>
-										<span class="vexpl">
-											<?=gettext("Automatically generate a shared key"); ?>.
-										</span>
+										<input autocomplete="off" name="description<?=$counter;?>" type="text" class="listbg" id="description<?=$counter;?>" size="40" value="<?=htmlspecialchars($description);?>" />
 									</td>
-								</tr>
-							</table>
-							<?php endif; ?>
-							<table border="0" cellpadding="2" cellspacing="0" id='autokey_opts'>
-								<tr>
 									<td>
-										<textarea name="shared_key" cols="65" rows="7" class="formpre"><?=htmlspecialchars($pconfig['shared_key']);?></textarea>
-										<br/>
-										<?=gettext("Paste your shared key here"); ?>.
+										<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" /></a>
 									</td>
 								</tr>
-							</table>
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Encryption algorithm"); ?></td>
-						<td width="78%" class="vtable">
-							<select name="crypto" class="formselect">
-								<?php
-									$cipherlist = openvpn_get_cipherlist();
-									foreach ($cipherlist as $name => $desc):
-									$selected = '';
-									if ($name == $pconfig['crypto'])
-										$selected = ' selected';
-								?>
-								<option value="<?=$name;?>"<?=$selected?>>
-									<?=htmlspecialchars($desc);?>
-								</option>
-								<?php endforeach; ?>
-							</select>
-						</td>
-					</tr>
-					<tr id="engine">
-						<td width="22%" valign="top" class="vncellreq"><?=gettext("Hardware Crypto"); ?></td>
-						<td width="78%" class="vtable">
-							<select name="engine" class="formselect">
-								<?php
-									$engines = openvpn_get_engines();
-									foreach ($engines as $name => $desc):
-									$selected = '';
-									if ($name == $pconfig['engine'])
-										$selected = ' selected';
-								?>
-								<option value="<?=$name;?>"<?=$selected?>>
-									<?=htmlspecialchars($desc);?>
-								</option>
+								<?php $counter++; ?>
 								<?php endforeach; ?>
-							</select>
-						</td>
-					</tr>
-					<tr>
-						<td colspan="2" class="list" height="12"></td>
-					</tr>
-					<tr>
-						<td colspan="2" valign="top" class="listtopic"><?=gettext("Tunnel Settings"); ?></td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Tunnel Network"); ?></td>
-						<td width="78%" class="vtable">
-							<input name="tunnel_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['tunnel_network']);?>">
-							<br>
-							<?=gettext("This is the virtual network used for private " .
-							"communications between this client and the " .
-							"server expressed using CIDR (eg. 10.0.8.0/24). " .
-							"The first network address is assumed to be the " .
-							"server address and the second network address " .
-							"will be assigned to the client virtual " .
-							"interface"); ?>.
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Remote Network"); ?></td>
-						<td width="78%" class="vtable">
-							<input name="remote_network" type="text" class="formfld unknown" size="20" value="<?=htmlspecialchars($pconfig['remote_network']);?>">
-							<br>
-							<?=gettext("This is a network that will be routed through " .
-							"the tunnel, so that a site-to-site VPN can be " .
-							"established without manually changing the " .
-							"routing tables. Expressed as a CIDR range. If " .
-							"this is a site-to-site VPN, enter here the " .
-							"remote LAN here. You may leave this blank to " .
-							"only communicate with other clients"); ?>.
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Limit outgoing bandwidth");?></td>
-						<td width="78%" class="vtable">
-							<input name="use_shaper" type="text" class="formfld unknown" size="5" value="<?=htmlspecialchars($pconfig['use_shaper']);?>"/>
-							<br/>
-							<?=gettext("Maximum outgoing bandwidth for this tunnel. " .
-							"Leave empty for no limit. The input value has " .
-							"to be something between 100 bytes/sec and 100 " .
-							"Mbytes/sec (entered as bytes per second)"); ?>.
-						</td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Compression"); ?></td>
-						<td width="78%" class="vtable">
-							<table border="0" cellpadding="2" cellspacing="0">
-								<tr>
-									<td>
-										<?php set_checked($pconfig['compression'],$chk); ?>
-										<input name="compression" type="checkbox" value="yes" <?=$chk;?>>
-									</td>
-									<td>
-										<span class="vexpl">
-											<?=gettext("Compress tunnel packets using the LZO algorithm"); ?>.
-										</span>
-									</td>
-								</tr>
-							</table>
+							</tbody>
+							<tfoot>
+							</tfoot>
+						</table>
+						<a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#">
+							<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" />
+						</a>
+						<script type="text/javascript">
+							field_counter_js = 3;
+							rows = 1;
+							totalrows = <?php echo $counter; ?>;
+							loaded = <?php echo $counter; ?>;
+						</script>
+
 						</td>
 					</tr>
+
 					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Type-of-Service"); ?></td>
+						<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
 						<td width="78%" class="vtable">
-							<table border="0" cellpadding="2" cellspacing="0">
-								<tr>
-									<td>
-										<?php set_checked($pconfig['passtos'],$chk); ?>
-										<input name="passtos" type="checkbox" value="yes" <?=$chk;?>>
-									</td>
-									<td>
-										<span class="vexpl">
-											<?=gettext("Set the TOS IP header value of tunnel packets to match the encapsulated packet value"); ?>.
-										</span>
-									</td>
-								</tr>
-							</table>
+							<input name="description" type="text" class="formfld unknown" id="description" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['description']);?>">
+							<br />
+							<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
 						</td>
 					</tr>
 					<tr>
-						<td colspan="2" class="list" height="12"></td>
+						<td>&nbsp;</td>
 					</tr>
-					<tr>
-						<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced configuration"); ?></td>
-					</tr>
-					<tr>
-						<td width="22%" valign="top" class="vncell"><?=gettext("Advanced"); ?></td>
-						<td width="78%" class="vtable">
-							<table border="0" cellpadding="2" cellspacing="0">
-								<tr>
-									<td>
-										<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
-										<?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br/>
-										<?=gettext("EXAMPLE: route 10.0.0.0 255.255.255.0;"); ?>
-									</td>
-								</tr>
-							</table>
-						</td>
-					</tr>					
 					<tr>
 						<td width="22%" valign="top">&nbsp;</td>
-						<td width="78%"> 
-							<input name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> 
-							<input name="act" type="hidden" value="<?=$act;?>">
-							<?php if (isset($id) && $a_client[$id]): ?>
-							<input name="id" type="hidden" value="<?=$id;?>">
-							<?php endif; ?>
+						<td width="78%">
+							&nbsp;<br>&nbsp;
+							<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">  <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
 						</td>
 					</tr>
 				</table>
@@ -781,23 +316,16 @@ if ($savemsg)
 				<?php
 					$i = 0;
 					foreach($a_acls as $acl):
-						$disabled = "NO";
-						if (isset($client['disable']))
-							$disabled = "YES";
-						$server = "{$client['server_addr']}:{$client['server_port']}";
 				?>
 				<tr ondblclick="document.location='unbound_acls.php?act=edit&id=<?=$i;?>'">
 					<td class="listlr">
-						<?=$disabled;?>
+						<?=$acl['aclname'];?>
 					</td>
 					<td class="listr">
-						<?=htmlspecialchars($client['protocol']);?>
-					</td>
-					<td class="listr">
-						<?=htmlspecialchars($server);?>
+						<?=htmlspecialchars($acl['aclaction']);?>
 					</td>
 					<td class="listbg">
-						<?=htmlspecialchars($client['description']);?>
+						<?=htmlspecialchars($acl['description']);?>
 					</td>
 					<td valign="middle" nowrap class="list">
 						<a href="unbound_acls.php?act=edit&id=<?=$i;?>">
@@ -818,7 +346,7 @@ if ($savemsg)
 				<tr>
 					<td class="list" colspan="4"></td>
 					<td class="list">
-						<a href="unbound_acls.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add client"); ?>" width="17" height="17" border="0">
+						<a href="unbound_acls.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Add new ACL"); ?>" width="17" height="17" border="0">
 						</a>
 					</td>
 				</tr>
@@ -837,24 +365,7 @@ if ($savemsg)
 		</td>
 	</tr>
 </table>
-<script language="JavaScript">
-<!--
-mode_change();
-autokey_change();
-//-->
-</script>
 </body>
 <?php include("fend.inc"); ?>
 
-<?php
-
-/* local utility functions */
-
-function set_checked($var,& $chk) {
-    if($var)
-        $chk = 'checked';
-    else
-        $chk = '';
-}
-
 ?>
\ No newline at end of file
diff --git a/config/unbound/unbound_acls_edit.php b/config/unbound/unbound_acls_edit.php
deleted file mode 100644
index db1f9bdb..00000000
--- a/config/unbound/unbound_acls_edit.php
+++ /dev/null
@@ -1,277 +0,0 @@
-<?php
-/* $Id$ */
-/*
-	unbound_acls_edit.php
-	part of pfSense (http://www.pfsense.com)
-	Copyright (C) 2011 Warren Baker (warren@decoy.co.za)
-	All rights reserved.
-
-	Redistribution and use in source and binary forms, with or without
-	modification, are permitted provided that the following conditions are met:
-
-	1. Redistributions of source code must retain the above copyright notice,
-	   this list of conditions and the following disclaimer.
-
-	2. Redistributions in binary form must reproduce the above copyright
-	   notice, this list of conditions and the following disclaimer in the
-	   documentation and/or other materials provided with the distribution.
-
-	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-	POSSIBILITY OF SUCH DAMAGE.
-*/
-
-require("guiconfig.inc");
-
-if (!is_array($config['installedpackages']['unboundacls']['config'])) {
-	$config['installedpackages']['unboundacls']['config'] = array();
-}
-
-$a_acl = &$config['installedpackages']['unboundacls']['config'];
-
-$id = $_GET['id'];
-if (is_numeric($_POST['id']))
-	$id = $_POST['id'];
-
-if (isset($id) && $a_acl[$id]) {
-
-	if (!isset($a_acl[$id]['aclaction']))
-		$pconfig['aclaction'] = "allow";
-	else
-		$pconfig['aclaction'] = $a_acl[$id]['aclaction'];
-
-	$pconfig['descr'] = $a_acl[$id]['descr'];
-
-} else {
-	/* defaults */
-	$pconfig['aclaction'] = "allow";
-}
-
-if ($_POST) {
-	
-	print_r($_POST);
-	exit;
-	unset($input_errors);
-	$pconfig = $_POST;
-	
-	/* input validation */
-	$reqdfields = explode(" ", "src");
-	$reqdfieldsn = explode(",", "Source");
-	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
-	if ($pconfig['ipprotocol'] == "inet") {
-		if(!is_ipaddr($pconfig['inetsrc']))
-			$input_errors[] = gettext("You must enter a valid IPv4 IP address.");
-	} else {
-		if(!is_ipaddrv6($pconfig['inet6src']))
-			$input_errors[] = gettext("You must enter a valid IPv6 IP address.");
-	}
-
-
-	if (!$input_errors) {
-		$aclent = array();
-		$aclent['aclaction'] = $_POST['aclaction'];
-				
-		if ($pconfig['ipprotocol'] == "inet") {
-			$aclent['acl_network'] = $_POST['inetsrc']."/".$_POST['inetsrcmask'];
-
-		} else {
-			$aclent['acl_network'] = $_POST['inet6src']."/".$_POST['inet6srcmask'];
-
-		}
-		strncpy($aclent['descr'], $_POST['descr'], 52);
-		
-			
-		if ($_POST['disabled'])
-			$aclent['disabled'] = true;
-		else
-			unset($aclent['disabled']);
-	
-
-
-		if (isset($id) && $a_acl[$id])
-			$a_acl[$id] = $aclent;
-		else {
-			if (is_numeric($after))
-				array_splice($a_acl, $after+1, 0, array($aclent));
-			else
-				$a_acl[] = $aclent;
-		}
-
-		write_config();
-
-		header("Location: unbound_acls.php");
-		exit;
-	}
-}
-
-$pgtitle = array(gettext("Services"),gettext("Unbound ACLs"),gettext("Edit"));
-$statusurl = "unbound_status.php";
-$logurl = "diag_pkglogs.php?pkg=Unbound";
-
-$page_filename = "unbound_acls_edit.php";
-include("head.inc");
-
-?>
-<script type="text/javascript" language="javascript" src="/javascript/row_helper_dynamic.js">
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="Effect.Appear('inet', { duration : 0.5 });">
-<script language="JavaScript"> 
-function doFade( optionValue )
-{
-	switch( optionValue )
-	{
-		case "inet" :
-		Effect.Appear('IPV4',{ duration: 0.5 });
-		Effect.Fade('IPV6', { duration: 0.1 });
-		break;
-
-		case "inet6" :
-		Effect.Appear('IPV6',{ duration: 0.5 });
-		Effect.Fade('IPV4', { duration: 0.1 });
-		break;
-									
-	}
-} 
-</script>
-
-<?php include("fbegin.inc"); ?>
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-
-<form action="unbound_acls_edit.php" method="post" name="iform" id="iform">
-<input type='hidden' name="aclid" value="<?=(isset($pconfig['aclid']) && $pconfig['aclid']>0)?htmlspecialchars($pconfig['aclid']):''?>">
-
-	<table width="100%" border="0" cellpadding="6" cellspacing="0">
-		<tr>
-			<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit ACL");?></td>
-		</tr>	
-    	<tr>
-			<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
-			<td width="78%" class="vtable">
-				<select name="aclaction" class="formselect">
-					<?php $types = explode(",", "Deny,Refuse,Allow,Allow Snoop"); foreach ($types as $type): ?>
-					<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
-					<?=htmlspecialchars($type);?>
-					</option>
-					<?php endforeach; ?>
-				</select>
-				<br/>
-				<span class="vexpl">
-					<?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br/>
-					<?=gettext("<b>Deny:</b> This actions stops queries from hosts within the netblock defined below.");?> <br/>
-					<?=gettext("<b>Refuse:</b> This actions also stops queries from hosts within the netblock defined below, but sends back DNS rcode REFUSED error message back tot eh client.");?> <br/>
-					<?=gettext("<b>Allow:</b> This actions allows queries from hosts within the netblock defined below.");?> <br/>
-					<?=gettext("<b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/>
-				</span>
-			</td>
-		</tr>
-		<tr>
-			<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
-			<td width="78%" class="vtable">
-				<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
-				<strong><?=gettext("Disable this ACL");?></strong><br />
-				<span class="vexpl"><?=gettext("Set this option to disable this ACL without removing it from the list.");?></span>
-			</td>
-		</tr>
-		<tr>
-			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
-			<td width="78%" class="vtable">
-				<select name="ipprotocol" class="formselect" onchange="doFade( this.value )">
-				<?php      $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6');
-					foreach ($ipproto as $proto => $name): ?>
-						<option value="<?=$proto;?>"
-							<?php if ($proto == $pconfig['ipprotocol']): ?>
-								selected="selected"
-							<?php endif; ?>
-							><?=$name;?></option>
-					<?php endforeach; ?>
-				</select>
-				<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br/>
-			</td>
-        </tr>
-		<tr>
-			<td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td>
-			<td width="78%" class="vtable">
-				<script type="text/javascript" language='javascript'> 
-							<!--
-							rowname[0] = "acl_network";
-							rowtype[0] = "input";
-							rowname[1] = "mask";
-							rowtype[1] = "select";
-							-->
-							</script> 
-			
-				<table border="0" cellspacing="0" cellpadding="0" id="IPV4">
-					<tr>
-						<td>&nbsp;<?=gettext("Network");?></td>
-						<td>&nbsp;&nbsp;<?=gettext("CIDR");?></td>
-					</tr>
-					<tr>
-						<td><input name="src" type="text" id="src" size="20" value="<?php echo htmlspecialchars($pconfig['src']);?>"> / </td>
-						<td>&nbsp;
-							<select name="srcmask" class="formselect" id="srcmask">
-<?php						for ($i = 31; $i > 0; $i--): ?>
-								<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
-<?php 						endfor; ?>
-							</select>
-						</td>
-					</tr>
-				</table>
-				
-				<table border="0" cellspacing="0" cellpadding="0" id="IPV6">
-					<tr>
-						<td><?=gettext("Type:");?>&nbsp;&nbsp;</td>
-						<td>
-							<select name="inet6srctype" class="formselect" onChange="typeselinet6_change()">
-								<option value="network"><?=gettext("Network");?></option>
-							</select>
-						</td>
-					</tr>
-					<tr>
-						<td><?=gettext("Network:");?>&nbsp;&nbsp;</td>
-						<td>
-							<input autocomplete='off' name="inet6src" type="text" id="inet6src" size="20" value="<?php echo htmlspecialchars($pconfig['inet6src']);?>"> /
-							<select name="inet6srcmask" class="formselect" id="inet6srcmask">
-							<?php	for ($i = 128; $i > 0; $i--): ?>
-								<option value="<?=$i;?>" <?php if ($i == $pconfig['inet6srcmask']) echo "selected"; ?>><?=$i;?></option>
-							<?php	endfor; ?>
-							</select>
-						</td>
-					</tr>
-				</table>
-			</td>
-		</tr>
-		<tr>
-			<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
-			<td width="78%" class="vtable">
-				<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
-				<br />
-				<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
-			</td>
-		</tr>
-		<tr>
-			<td>&nbsp;</td>
-		</tr>
-		<tr>
-			<td width="22%" valign="top">&nbsp;</td>
-			<td width="78%">
-				&nbsp;<br>&nbsp;
-				<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">  <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
-<?php			if (isset($id) && $a_filter[$id]): ?>
-					<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
-<?php 			endif; ?>
-				<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
-			</td>
-		</tr>
-	</table>
-</form>
-<?php include("fend.inc"); ?>
-</body>
-</html>
-- 
cgit v1.2.3


From 9667e04e3eddfcb4bc140898af8c4026c4d02b9d Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Thu, 29 Sep 2011 21:23:48 +0200
Subject: Update files to make use of new ACLs

---
 config/unbound/unbound.xml          | 6 +++---
 config/unbound/unbound_advanced.xml | 2 +-
 config/unbound/unbound_status.php   | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/unbound/unbound.xml b/config/unbound/unbound.xml
index ff73d1ed..5e6361d5 100644
--- a/config/unbound/unbound.xml
+++ b/config/unbound/unbound.xml
@@ -66,9 +66,9 @@
 		<item>http://www.pfsense.org/packages/config/unbound/unbound_status.php</item>
 	</additional_files_needed>
 	<additional_files_needed>
-		<prefix>/usr/local/pkg/</prefix>
+		<prefix>/usr/local/www/</prefix>
 		<chmod>0644</chmod>
-		<item>http://www.pfsense.org/packages/config/unbound/unbound_acls.xml</item>
+		<item>http://www.pfsense.org/packages/config/unbound/unbound_acls.php</item>
 	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/usr/local/pkg/</prefix>
@@ -89,7 +89,7 @@
 		</tab>
 		<tab>
 			<text>Unbound DNS ACLs</text>
-			<url>/pkg.php?xml=unbound_acls.xml</url>
+			<url>/unbound_acls.php</url>
 		</tab>
 		<tab>
 			<text>Unbound DNS Status</text>
diff --git a/config/unbound/unbound_advanced.xml b/config/unbound/unbound_advanced.xml
index 10449b2d..239c39ee 100644
--- a/config/unbound/unbound_advanced.xml
+++ b/config/unbound/unbound_advanced.xml
@@ -68,7 +68,7 @@
 		</tab>
 		<tab>
 			<text>Unbound DNS ACLs</text>
-			<url>/pkg.php?xml=unbound_acls.xml</url>
+			<url>/unbound_acls.php</url>
 		</tab>
 		<tab>
 			<text>Unbound DNS Status</text>
diff --git a/config/unbound/unbound_status.php b/config/unbound/unbound_status.php
index 405b24d4..d011b109 100644
--- a/config/unbound/unbound_status.php
+++ b/config/unbound/unbound_status.php
@@ -127,7 +127,7 @@ function execCmds() {
 		$tab_array = array();
 		$tab_array[] = array(gettext("Unbound DNS Settings"), false, "/pkg_edit.php?xml=unbound.xml&amp;id=0");
 		$tab_array[] = array(gettext("Unbound DNS Advanced Settings"), false, "/pkg_edit.php?xml=unbound_advanced.xml&amp;id=0");
-		$tab_array[] = array(gettext("Unbound DNS ACLs"), false, "/pkg.php?xml=unbound_acls.xml");
+		$tab_array[] = array(gettext("Unbound DNS ACLs"), false, "/unbound_acls.php");
 		$tab_array[] = array(gettext("Unbound DNS Status"), true, "/unbound_status.php");
 		display_top_tabs($tab_array, true);
 	?>
-- 
cgit v1.2.3


From 9efe5a19b096db0a66c1c2dfe068e6d860b73fc7 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Thu, 29 Sep 2011 21:24:25 +0200
Subject: Update Unbound to v1.4.13 and bump package version

---
 pkg_config.8.xml       | 4 ++--
 pkg_config.8.xml.amd64 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index b9765f0b..a777dee4 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -1077,7 +1077,7 @@
 		<descr>Unbound is a validating, recursive, and caching DNS resolver. This package is a drop in replacement for Services: DNS Forwarder and also supports DNSSEC extensions. Once installed please configure the Unbound service by visiting Services: Unbound DNS.</descr>
 		<website>http://www.unbound.net/</website>
 		<category>Services</category>
-		<version>1.4.12_03</version>
+		<version>1.4.13_00</version>
 		<status>Alpha</status>
 		<maintainer>warren@decoy.co.za</maintainer>
 		<required_version>2.0</required_version>
@@ -1085,7 +1085,7 @@
 		<config_file>http://www.pfsense.com/packages/config/unbound/unbound.xml</config_file>
 		<configurationfile>unbound.xml</configurationfile>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url>
-		<depends_on_package>unbound-1.4.12.tbz</depends_on_package>
+		<depends_on_package>unbound-1.4.13.tbz</depends_on_package>
 		<depends_on_package>ldns-1.6.10.tbz</depends_on_package>
 		<depends_on_package>expat-2.0.1_1.tbz</depends_on_package>
 		<depends_on_package>libevent-1.4.14b_2.tbz</depends_on_package>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index b8710c15..b631fa79 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -1062,7 +1062,7 @@
 		<descr>Unbound is a validating, recursive, and caching DNS resolver. This package is a drop in replacement for Services: DNS Forwarder and also supports DNSSEC extensions. Once installed please configure the Unbound service by visiting Services: Unbound DNS.</descr>
 		<website>http://www.unbound.net/</website>
 		<category>Services</category>
-		<version>1.4.12_03</version>
+		<version>1.4.13_00</version>
 		<status>Alpha</status>
 		<maintainer>warren@decoy.co.za</maintainer>
 		<required_version>2.0</required_version>
@@ -1070,7 +1070,7 @@
 		<config_file>http://www.pfsense.com/packages/config/unbound/unbound.xml</config_file>
 		<configurationfile>unbound.xml</configurationfile>
 		<depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url>
-		<depends_on_package>unbound-1.4.12.tbz</depends_on_package>
+		<depends_on_package>unbound-1.4.13.tbz</depends_on_package>
 		<depends_on_package>ldns-1.6.10.tbz</depends_on_package>
 		<depends_on_package>expat-2.0.1_1.tbz</depends_on_package>
 		<depends_on_package>libevent-1.4.14b_2.tbz</depends_on_package>
-- 
cgit v1.2.3


From 053744f58c69b71f6d2cce08b29173106a2e46ac Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Thu, 29 Sep 2011 21:46:39 +0200
Subject: Late nights equal though processes to suffer and thus mistakes start
 to happen and silly things like this get done, but i blame it on jetlag -
 swop order around for ln

---
 config/unbound/unbound.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index cec618c9..d44d01a0 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -200,7 +200,7 @@ function unbound_control($action) {
 						unbound_ctl_exec("start");
 						/* Link dnsmasq.pid to prevent dhcpleases logging error */
 						if (!file_exists("/var/run/dnsmasq.pid"))
-							mwexec("/bin/ln -s /var/run/dnsmasq.pid /var/run/unbound.pid");
+							mwexec("/bin/ln -s /var/run/unbound.pid /var/run/dnsmasq.pid");
 					fetch_root_hints();
 				}
 				break;
-- 
cgit v1.2.3


From bf6f1542ec79dcf5e363732f9c902b6bbd4b5535 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 29 Sep 2011 16:23:20 -0400
Subject: Ensure a newline comes before the options placed into loader.conf

---
 config/open-vm-tools/open-vm-tools.inc   | 1 +
 config/open-vm-tools_2/open-vm-tools.inc | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/open-vm-tools/open-vm-tools.inc b/config/open-vm-tools/open-vm-tools.inc
index f963d9b7..5db7de3f 100644
--- a/config/open-vm-tools/open-vm-tools.inc
+++ b/config/open-vm-tools/open-vm-tools.inc
@@ -11,6 +11,7 @@ function open_vm_tools_install() {
 	$load_conf = file_get_contents("/boot/loader.conf") . "\n";
 	if(!strstr($load_conf, "vmxnet")) {
 		$load_conf .= <<<EOFA
+
 vmblock_load="YES"
 vmmemct_load="YES"
 vmhgfs_load="YES"
diff --git a/config/open-vm-tools_2/open-vm-tools.inc b/config/open-vm-tools_2/open-vm-tools.inc
index 679eec62..742eaee9 100644
--- a/config/open-vm-tools_2/open-vm-tools.inc
+++ b/config/open-vm-tools_2/open-vm-tools.inc
@@ -11,6 +11,7 @@ function open_vm_tools_install() {
 	$load_conf = file_get_contents("/boot/loader.conf");
 	if(!strstr($load_conf, "vmxnet")) {
 		$load_conf .= <<<EOFA
+
 vmblock_load="YES"
 vmmemct_load="YES"
 vmhgfs_load="YES"
@@ -168,4 +169,4 @@ EOF;
 
 }
 
-?>
\ No newline at end of file
+?>
-- 
cgit v1.2.3


From df75910df06941921b7bbb2f0ccc71168d587f12 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Thu, 29 Sep 2011 22:50:09 +0200
Subject: Handle snoop acl correctly

---
 config/unbound/unbound.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc
index d44d01a0..afb3c0b7 100644
--- a/config/unbound/unbound.inc
+++ b/config/unbound/unbound.inc
@@ -311,6 +311,8 @@ function unbound_acls_config() {
 		foreach($unbound_acls as $unbound_acl){
 			$unboundcfg .= "#{$unbound_acl['aclname']}\n";
 			foreach($unbound_acl['row'] as $network) {
+				if ($unbound_acl['aclaction'] == "allow snoop")
+					$unbound_acl['aclaction'] = "allow_snoop";
 				$unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n";
 			}			
 		}
@@ -623,7 +625,6 @@ function unbound_validate($post, $type=null) {
 	/* Validate the access lists */
 	if($type == "acl") {
 		$acls = $post;
-		$acls['aclaction'] = preg_replace(" ", "_", $acls['aclaction']);
 		// Check to ensure values entered is an action that is in the list
 		if ($acls['aclaction'] != 'refuse' && $acls['aclaction'] != 'allow' && $acls['aclaction'] != 'allow_snoop' && $acls['aclaction'] != 'deny')
 			$input_errors[] = "{$acls['aclaction']} is not a valid ACL Action. Please select one of the four actions defined in the list.";
-- 
cgit v1.2.3


From 63b21977b98eec6857eb112fbfd3a3267717e3f7 Mon Sep 17 00:00:00 2001
From: Warren Baker <warren@decoy.co.za>
Date: Thu, 29 Sep 2011 22:50:31 +0200
Subject: Swop order for select list

---
 config/unbound/unbound_acls.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php
index b60de2dd..40f21595 100644
--- a/config/unbound/unbound_acls.php
+++ b/config/unbound/unbound_acls.php
@@ -203,7 +203,7 @@ if ($savemsg)
 						<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
 						<td width="78%" class="vtable">
 							<select name="aclaction" class="formselect">
-								<?php $types = explode(",", "Deny,Refuse,Allow,Allow Snoop"); foreach ($types as $type): ?>
+								<?php $types = explode(",", "Allow,Deny,Refuse,Allow Snoop"); foreach ($types as $type): ?>
 								<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['aclaction'])) echo "selected"; ?>>
 								<?=htmlspecialchars($type);?>
 								</option>
-- 
cgit v1.2.3


From 4763db0d8ca282fc0e3d0165ba9804fae2e7aefe Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Thu, 29 Sep 2011 22:53:27 +0000
Subject: Correct clearing the alerts.

---
 config/snort/snort.inc        |  2 +-
 config/snort/snort_alerts.php | 29 +++++++++--------------------
 2 files changed, 10 insertions(+), 21 deletions(-)

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index f27bb383..2973a409 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -473,7 +473,7 @@ function post_delete_logs()
 			//create_barnyard2_conf($id, $if_real, $snort_uuid);
 
 			if ($value['perform_stat'] == 'on')
-				file_put_contents("/var/log/snort/snort_{$snort_uuid}_{$if_real}.stats", "");
+				@file_put_contents("/var/log/snort/snort_{$snort_uuid}_{$if_real}.stats", "");
 		}
 	}
 }
diff --git a/config/snort/snort_alerts.php b/config/snort/snort_alerts.php
index 7bd47934..49bb9bff 100644
--- a/config/snort/snort_alerts.php
+++ b/config/snort/snort_alerts.php
@@ -85,7 +85,7 @@ if ($_POST['save'])
 
 }
 
-if ($_POST['delete'])
+if ($_GET['clear'])
 {
 	if(file_exists('/var/log/snort/alert'))
 	{
@@ -96,10 +96,9 @@ if ($_POST['delete'])
 		mwexec('/bin/chmod 660 /var/log/snort/*', true);
 		mwexec('/usr/bin/killall -HUP snort', true);
 		conf_mount_ro();
-
-		header("Location: /snort/snort_alerts.php");
-		exit;
 	}
+	header("Location: /snort/snort_alerts.php");
+	exit;
 }
 
 if ($_POST['download'])
@@ -304,9 +303,9 @@ if ($pconfig['arefresh'] == 'on')
 				<td width="78%" class="vtable">
 				<form action="/snort/snort_alerts.php" method="post"><input
 					name="download" type="submit" class="formbtn" value="Download"> All
-				log files will be saved. <input name="delete" type="submit"
+				log files will be saved. <a href="/snort/snort_alerts.php?action=clear"><input name="delete" type="button"
 					class="formbtn" value="Clear"
-					onclick="return confirm('Do you really want to remove all your logs ? All snort rule interfces may have to be restarted.')">
+					onclick="return confirm('Do you really want to remove all your logs ? All snort rule interfces may have to be restarted.')"></a>
 				<span class="red"><strong>Warning:</strong></span> all log files
 				will be deleted.</form>
 				</td>
@@ -561,21 +560,11 @@ if ($pconfig['arefresh'] == 'on')
 
 </div>
 
-		<?php
-
-		include("fend.inc");
-
-		echo $snort_custom_rnd_box;
-
-		?>
-
+<?php
+include("fend.inc");
 
-<script type="text/javascript">
-			var myTable = {};
-			window.addEvent('domready', function(){
-				myTable = new sortableTable('myTable', {overCls: 'over'});
-			});
-		</script>
+echo $snort_custom_rnd_box;
 
+?>
 </body>
 </html>
-- 
cgit v1.2.3