remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
bind HTTP->HTTPS redirect to IPv6 too. Ticket #3437
Send HUP to restart syslogd rather than trying to restart it, thus loosing messages
make sure unbound is included here
If Unbound is been used then make sure to reload when system_hosts_generate() is called
Move clog from /usr to /usr/local
Add filterlog to separatefacilitylog to avoid logs going elsewhere
Use the daemon name to send the filter logs
Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
Merge pull request #1118 from phil-davis/patch-3
Make sure that the DNS Forwarder/Resolver is actually capable of accepting queries on localhost before using it as a DNS server.
Cut paste bug fix in Remote Syslog DHCP events
apinger is repeated here from the code above, but it should be dhcp.Forum https://forum.pfsense.org/index.php?topic=73734.0Selecting to remote syslog "Gateway Monitor events" would also switch on "DHCP service events" unintentionally.
Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale/invalid and there is still a running instance.
Remove remenants of pccardd from FreeBSD 5
Avoid placing an empty "interface listen" directive in ntpd.conf
standardize URLs
Correct variable name, while here unset some large var
Make this a bit more efficient
Remove broken 'dynamic6' gateway, we already have ipprotocol to tell us the IP version, leave it more simple using only 'dynamic'. It helps #3484
silence any errors
More code fixes for ntpd
Update system.inc
Corrections made as requested
Add new NTPd functions
Really need the interface where v6 is running toa dd the gateway/route rather than the one used for the configuration. This Fixes #3357
Check for tmp captiveportal dir before making it
In forum: https://forum.pfsense.org/index.php/topic,72483.0.htmlWarning: mkdir(): File exists in /etc/inc/system.inc on line 878Not sure if you would rather call safe_mkdir here?
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Using "limited" for ntp in this way denies client access. Issue #3384
Add EDNS support for to resolv.conf
Fix typo on variable name, it fixes #3414
Fix openssl path
ports ntp moved to sbin, follow
Use "disable monitor" in NTP config to mitigate CVE-2013-5211.
Add 'limited' to ntpd restrict list to workaround CVE-2013-5211. It fixes #3384
Add a setting to allow the user to specify the clog file size so more (or less) entries may be kept in the raw logs. Retain previous default size values if the user has not specified a preferred size. Files can only be resized when initialized, so provide a "Reset All Logs" button as well to force clear all logs and set them up at the new size.
Mute the output of the command since its not really useful
Switch to php-fpm for lighty and check_reload_status will use it. Step by step will migrate the other calls
Teach system_timezone_configure() to deal with symlinks to avoid having timezone misconfigured. This fixes #3293
Add source address selection to syslog settings, so it can work more effectively over a VPN. Fixes #355
Use new names for get_memory parameters
Use ntpdate from ports also and obsolete base one
use correct domain names when registering static DHCP entries in DNS
When registering static DHCP entries in DNS, we first try to use the domain name configured for the static entry (if any), then the domain name configured in the DHCP server settings for the corresponding interface (if any), and as a last resort the system domain name....
Disable the BEAST protection by default because the GUI will break if you use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.
support mitigating BEAST attack
According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30
"...by setting
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
you can mitigate BEAST attacks."
Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
Use family parameter for v6 to get correct interface
Provide full path to route binary
Actually try to get the real interface for v6 family to correctly get stf(virtual) interfaces
Fixes to get routes + dns working:
. Simplify code using new parameter of get_staticroutes(). Check for subnets instead of ip addrs. Avoid touch filterdns when we are just updating dns
Use filterdns to update static routes using hostnames
Split system_routing_configure() and teach it to deal with hostnames
Simplify logic
Replace all linklocal checks by is_linklocal()
Shuffle some more logs around to more appropriate places.
Send filterdns logs to the resolver log.
Fix dnsmasq host overrides 'enabled' check.
Fix dnsmasq host overrides and dhcp integration
. Do not execute following actions when dnsmasq is disabled: . Add host overrides to /etc/hosts . Register DHCP leases in DNS Forwarder . Register DHCP static mappings in DNS forwarder
It should fix issue reported at following forum post:...
Show IPv6 link-local IPs as specific sources for ping, traceroute, and port testing.
Make fe80: addresses check case insensitive
Move some code to a function to avoid future duplication. Allow autocomplete on ping page. Add more escaping to command.
Remove *_defaultgwv6 also
Make sure captiveportal section of config is an array, reported on ticket #2838
Avoid Warning: Invalid argument supplied for foreach() in /etc/inc/system.inc
Warning: Invalid argument supplied for foreach() in /etc/inc/system.inc
Don't use captiveportal configuration option variable if it isn't set
add support for RADIUS NAS accounting, fixes redmine feature request 2143
Keep Unbound here for syslog messages
Backout Unbound for now bring back in 2.2. Fixes #2817
Set $interfacegw properly and avoid losing default route in some circumstances
Resolves #1284. Merge patch submitted a bit differentely
Whoops remove copypasta
The actual variable isn't an array, so this test will never succeed. Remove it. Unbreaks ntp.
Sprinkle some unsets
Correct setting default gateways
Correct function name
Use mwexec() with signal clearing. Use pid file for killining/tracking ntpd
Optimize and cleanup routing function
Correct system_routing_configure to do the right thing and guess the address family for the routing table correctly. While here cleanup some other code and leave a comment that disabled routing entries probably should not be dealt in here!
System: Advanced: Miscellaneous: PowerD
Add the on battery mode option settings.
Need to rethink this againRevert "Ticket #2636 Seems ipsec apart IP-IP does not have any after processing for input packets. Make the filter apropriately so the packets are passed correctly through BPF and pfil(9)"
This reverts commit e0f338eb1b02d7bf4920d4682404412e98a3075c.
Ticket #2636 Seems ipsec apart IP-IP does not have any after processing for input packets. Make the filter apropriately so the packets are passed correctly through BPF and pfil(9)
Use global var for path
Unlink pid file before starting a new process
Fixup paths when executing OpenSSL.
Correctly generate dhcpleases file to avoid issues with dhcpleases. Also while here correct code and make some optiomizations and corrections
Default to using sha256 digest for GUI cert.
Enable cgi for the webgui since some ports like lightsquid need it
Merge git pull request 313 from bcyrill with some modifications
Put syslogd into secure mode so no remote log messages are accepted. Sending to a remote syslog server still works with this option.
The ISC client was far worse then the WIDE client was, back to plan ARevert "Merge changes required for using the ISC dhclient in pfSense with prefix delegation. This should hopefully be a bit more reliable in the long run."
This reverts commit 651018775c78e38045966825b920b641a0302b43....
If less than 78 RAM just do not let php spawn another process
Slight code re-organization
Remove to parameters from system_generate_lighty_config that are unused and do a better job at tuning started php processes to not use less/more than needed. This also avoids DoS the system with php processes
Always make sure php has its own process manager to make lighty happy
Avoid duplicate log entries for facilities higher or equal daemon.info. It should fix #2626
Simplify lighty config and tune mod_evasive as needed. Mostly a cherry-pick from RELENG_2_0 changes
Cleanup a bit the syslog generation
Remove preload.php which warmed the caches. IT hurts on embedded and really does not help that much
Merge changes required for using the ISC dhclient in pfSense with prefix delegation. This should hopefully be a bit more reliable in the long run.The dhclient6-script could be merged with dhclient-script in the future.Still need to cleanup old adresses and prefixes, as well as LAN prefixes when a old prefix dissapears. This needs some thought and clue to strap together.
Rather use the system constants as defined
Use integer rather than hex to put these values. AMD64 builds do rather awkward problems
Add restrict lines to limit what local clients are allowed to do to the ntp server.