• Config.xml

    4
    0 Votes
    4 Posts
    2k Views
    B
    @efk: Can someone explain the proper/clean way to update the config.xml file in pfsense? I see some code meant to handle the XML, and i see write_config(), but I'm having a hard time putting it all together. A brief tour of the componants and a quick example would help me out immensely. Thanks in advance! From what I understand: conf_mount_rw(); For making nanobsd read/write global $config; For manipulating the config $config['installedpackages']['packagename]['a']['b']['something'] = "something"; Array elements write_config(); To write the config conf_mount_ro(); For moving nanobsd back to read only Example Code function create_vnstati_image() { conf_mount_rw(); global $config; $iface = $_POST['vnstat_interface']; $ifaces_final = convert_friendly_interface_to_real_interface_name($iface); $config['installedpackages']['vnstat2']['config'][0]['vnstat_interface'] = $ifaces_final; exec("/usr/local/bin/vnstati -i ". $ifaces_final ." -vs -o /tmp/newpicture1.png"); exec("/usr/local/bin/vnstati -i ". $ifaces_final ." -m -o /tmp/newpicture2.png"); exec("/usr/local/bin/vnstati -i ". $ifaces_final ." -d -o /tmp/newpicture3.png"); exec("/usr/local/bin/vnstati -i ". $ifaces_final ." -t -o /tmp/newpicture4.png"); write_config(); conf_mount_ro(); } Matching Example XML <installedpackages><vnstat2><config><monthrotate>1</monthrotate> <vnstat_interface>em0</vnstat_interface> <vnstat_phpfrontend>on</vnstat_phpfrontend> <vnstat_interface2>em1</vnstat_interface2></config></vnstat2></installedpackages> I think we multiple tags that are in the same xml hierarchical level you would then use an index element in the array $config['installedpackages']['packagename]['testpackage']['config'][0]['something'] = "something in config 0"; $config['installedpackages']['packagename]['testpackage']['config'][1]['something'] = "something in config 1"; $config['installedpackages']['packagename]['testpackage']['config'][2]['something'] = "something in config 2"; <installedpackages><testpackage><config><something>something in config 0</something></config> <config><something>something in config 1</something></config> <config><something>something in config 2</something></config></testpackage></installedpackages>
  • Question by Clear-Pixel re 2.1.1

    1
    0 Votes
    1 Posts
    668 Views
    No one has replied
  • Issue booting on a board with USB

    2
    0 Votes
    2 Posts
    738 Views
    nesenseN
    You have to use the MEMSTICK-SERIAL image on a usb memstick and boot from it, then install pfsense on mSATA or SD if you want.
  • Git branch and tag question

    3
    0 Votes
    3 Posts
    867 Views
    J
    Hello, Thanks very much for answering my question! –jason
  • How to execute multiple socat?

    2
    0 Votes
    2 Posts
    2k Views
    G
    I figured out I need mwexec_bg and I was killing the processes killbyname("socat"); in the wrong location so it was also not showing up. root    socat      45837 3  stream /var/run/check_reload_status root    socat      45837 9  tcp4  *:19006              *:* root    socat      45529 3  stream /var/run/check_reload_status root    socat      45529 9  udp4  *:19005              *:* root    socat      45424 3  stream /var/run/check_reload_status root    socat      45424 9  tcp4  *:19005              *:* root    socat      45258 3  stream /var/run/check_reload_status root    socat      45258 9  udp4  *:19004              *:* root    socat      44829 3  stream /var/run/check_reload_status root    socat      44829 9  tcp4  *:19004              *:* root    socat      44561 3  stream /var/run/check_reload_status root    socat      44561 9  udp4  *:19003              *:* root    socat      44058 3  stream /var/run/check_reload_status root    socat      44058 9  tcp4  *:19003              *:* root    socat      43605 3  stream /var/run/check_reload_status root    socat      43605 9  udp4  *:19002              *:* root    socat      43237 3  stream /var/run/check_reload_status root    socat      43237 9  tcp4  *:19002              *:* root    socat      42753 3  stream /var/run/check_reload_status root    socat      42753 9  tcp4  *:19001              *:* root    socat      42315 3  stream /var/run/check_reload_status root    socat      42315 9  tcp4  *:19000              *:*
  • Change users password

    4
    0 Votes
    4 Posts
    1k Views
    G
    @Amirkabir: From /etc/inc/auth.inc: /* root user special handling */ if ($user_uid == 0) { $cmd = "/usr/sbin/pw usermod -q -n root -s /bin/sh -H 0"; if($debug) log_error(sprintf(gettext("Running: %s"), $cmd)); $fd = popen($cmd, "w"); fwrite($fd, $user['password']); pclose($fd); } ive tried but it does not work
  • PfSense 2.2 Alpha/play build/snapshot

    14
    0 Votes
    14 Posts
    12k Views
    ?
    @freebee: Received the new PC Engines (Alix) board today. The APU Amd board. Just waiting the pfSense 2.2 build for tests. :). already tested. Seems OK (about the speed of a FW-7541, really) except for some throughput tests over TCP, which suck.  I blame the ethernet driver.
  • ZFS

    8
    0 Votes
    8 Posts
    3k Views
    H
    Upstream the question was 'what is the point of ZFS on a firewall? it just complicates things.' That's certainly the case for many sorts of firewalls.  Consider firewalls that do lots of caching of client side http downloads, that run postfix mail exchangers and other 'big storage' packages.  Restoring from an XML backup doesn't preserve the mail queue, doesn't preserve potentially gigabytes of cached downloads.  ZFS snapshots and rollbacks and remote sends can do that. There's an even better reason:  The ability to run pfsense with ZFS on the 'bare metal' with direct access to several hardware nics, while running other 'close to the network' type servers (web, mail, cloud, voip/pbx, etc) in virtual machines running on a 'big iron' style pfsense install.  All those can use zvols maintained by ZFS on the bare metal with all the sys-admin and error catching advantages zfs brings. Currently to use ZFS and pfsense on a 'big iron' system, pfsense has to run in a virtual machine and the network interface card 'plumbing' is a pain.
  • Replace openvpn package with my custom build package

    1
    0 Votes
    1 Posts
    701 Views
    No one has replied
  • Scripting and using auth.inc functions

    4
    0 Votes
    4 Posts
    2k Views
    B
    I have finished my script for the autoremoval of expired users and it seems to work  :) I created the file delete_expired_users.php in /usr/local/bin and set the needed permission (chmod 755) and added a cronjob running once a day, the auth_addon.inc from above is placed in /etc/inc Use at your own risk! #!/usr/local/bin/php -f require_once("auth.inc"); require_once("auth_addon.inc"); // How many users are there? $id = count($config['system']['user']); // We must begin our search for expired users with the last useable ID // Else strange things happen to the config.xml :) $check_id = $id - 1; // Check all found users except ID 0 - it's the admin, no need to check him while ($check_id != 0) { // Get the username $uname = $config['system']['user'][$check_id]['name']; // Get the user's expirydate $uexpirydate = $config['system']['user'][$check_id]['expires']; echo "USER: ".$uname."\n"; echo "EXPIRES: ".$uexpirydate."\n"; // Check if the user is expired - function of auth_addon.inc if ( isAccountExpired($uname) ) {   echo "EXPIRED: YES \n";   // Delete user locally - function of auth.inc   local_user_del($config['system']['user'][$check_id]);   // Delete user in config - function of auth.inc   unset($config['system']['user'][$check_id]);   echo "USER DELETED! \n"; } else {   // User isn't expired or has no expirydate set   echo "EXPIRED: NO \n"; } echo "### \n"; // Next ID $check_id = $check_id - 1; } // Write the new config write_config(); ?>
  • Carp status at runtime?

    3
    0 Votes
    3 Posts
    1k Views
    R
    Cool, thanks for the tip!
  • Feature Request 3388 (HTTPS Captive Portal)

    1
    0 Votes
    1 Posts
    899 Views
    No one has replied
  • Crypto-related enhancements to pfSense

    4
    0 Votes
    4 Posts
    2k Views
    T
    @jimp: Those are only better if you trust that ECC hasn't been compromised by the NSA, which seems to still be under debate/scrutiny. Well, if you don't trust the ECC stuff, then you still would want the larger RSA key sizes, since 3072-bit RSA corresponds to AES-128 key strength.  If you do trust the ECC stuff, you can get a performance boost at the larger key-equivalent sizes to 192-bit and 256-bit AES (384-bit and 512-bit ECC), since you'd need 7680-bit and 15360-bit RSA respectively.  The former is slow, but probably tolerable in many applications; the latter is impractically slow.
  • Change partition name (NanoBSD)

    5
    0 Votes
    5 Posts
    2k Views
    ?
    I want to compile the images.  Which files should be changed?
  • Building RELENG_2_1 with FreeBSD_8.3

    4
    0 Votes
    4 Posts
    2k Views
    T
    Thanks Phil; that's helpful to understand.  It then seems like both the touch pfSense-build.conf, and the const char * fixes in check_reload_status need to be made to get the build to work.
  • 0 Votes
    2 Posts
    1k Views
    ?
    Problem solved - after some reading through source in the git, a workaround was: /home/pfsense/tools/builder_scripts touch pfsense-build.conf With an empty file in place, the builder scripts will populate it with default values. Seems to be a bug in the builder_scripts/set_version.sh file.  Line 52 should check whether the file exists first.
  • Fstrim for SSD

    2
    0 Votes
    2 Posts
    2k Views
    C
    Why would it be better to do it in userspace as you describe, rather than natively? Please see this http://forum.pfsense.org/index.php/topic,63656.0.html thread for background, but for 2.1 basically all you need to do is: A) Edit /boot/loader.conf.local to add ahci_load="YES" B) Reboot C) Perform the TRIM_set action at a shell: touch /root/TRIM_set     (if you need to remove: touch /root/TRIM_unset) D) Reboot E) Verify if TRIM is enabled with "tunefs -p /" I haven't checked out the 2.2 installer, but it's likely you will see an option to enable TRIM during install with 2.2
  • Added Disable HTTPS Forwards to Captive Portal / Github n00b

    2
    0 Votes
    2 Posts
    1k Views
    DerelictD
    I am going to figure out git before I go any further.  The link above is dead because I'm going to delete my repository and start over.
  • Change installer for install on full encrypted hard

    2
    0 Votes
    2 Posts
    840 Views
    jimpJ
    The installer code is in github with all the other code. Check in the tools repository.
  • 2.1.1 release timeline?

    5
    0 Votes
    5 Posts
    3k Views
    S
    I dont know mate! I havent checked TBH :) Just wondering since Snort suffers from it.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.