Only initialize package's log if it doesn't exist
Add Super Micro C2758 to the list of known platforms
0 could be valid for hostname aliases too. Ticket #4573
Don't omit hosts specified as "0". Ticket #4573
call this RCC-VE rather than C2358
add missing )
Only list nameservers once in resolv.conf
I was on a test system and had an upstream DNS server IP specified in System-General Setup. WAN was setup with a static IP and a gateway to that upstream device. All good.Then I also checked "Allow DNS server list to be overridden by DHCP/PPP on WAN" and changed WAN to be DHCP. It received by DHCP the same DNS server IP that already happened to be in General Setup (and the same gateway IP - not the issue here)....
use-compression is no longer a valid config option in lighttpd, it can't be enabled. This just throws an error in the log, remove it.
Explicit disable ssl.use-compression on lighty config. It should fix #4230
Remove BEAST protection option since default cipher is now good and works with hifn cards
Update cipher-list in web interface to prefer PFS. Ticket #4230
Put the bits to use the new reset utility
Wait a bit after sending a TERM to syslogd as in some instances it can take too long to stop, and it fails to restart because it's still running at that point. Add a KILL in case it's still running after that. Ticket #4393
Random text typos
that I noticed.
Fixes #4370 Use the curlies to not confuse php
also add v6 IPs to hosts in the same manner v4 IPs are added. Ticket #4395
In last case, use dmesg.boot do detect ALIX boards when hw.model is not enough
Silent kenv when smbios.system.product is not present. While here, add VirtualBox to the list of virtualenvs
The reset button check should happen on all platforms, not only NanoBSD
Add reset button support for APU and FW7541
add detection for 7541, APU
Prevent resolvconf(8) from stomping all over our newly generatedresolv.conf and subsequent updates.
Enforce some more checking to avoid https://forum.pfsense.org/index.php?topic=85580.0
syslogd can't just be HUPed to pick up its new config, as many of thoseare command line arguments. Go back to 2.1x and prior behavior of TERM andrestart. Fixes source IP use with syslog among other config changes.
Disable RC4 ciphers in lighttpd
fix IPv6 static routes, is_ipaddrv6 returns true for strings including aCIDR mask, which then ended up broken.
Cleanup whitespace.
also take into account the "all" option in Unbound Network Interfaces whensetting 127.0.0.1 into resolv.conf.
Rather than set the g['booting'] on globals provide a function to test for that doing the right checks
correct logic here to omit 127.0.0.1 from resolv.conf when no DNS resolver bound there.
d DHCPLeases starting before Unbound/DNSMasq and returning a pid not found message. Add missing reload feature
also check port of dnsmasq/unbound and skip 127.0.0.1 in resolv.conf ifnot port 53. Ticket #4022
don't blow away previous contents of this variable. fixes #4022
Take unbound into consideration when creating /etc/hosts, also use new unbound parameters for dhcpleases when it's necessary, helps ticket #4011
Make sure dhcpleases use correct pid file for dnsmasq or unbound. Fixes #4008
Strengthen check
Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Make ipsec_starter log go to ipsec.log rather than system one
add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.
fix comment
Fixes #3941. When optimizations of the loops were made this brought the problems of overriding default gateway by dynamic interfaces. Try to stick to the first found for now!
Remove redundancy as pointed out by phil-davis
Decode recently created cert and key. It fixes #3964. While here, fix logical condition to create a new cert if crt or key is not present
domain and search should not both be defined in resolv.conf per FreeBSD man page and handbook (only the latter is actually used). Change this to just not use domain, and set the search to the system's domain where not using the function that generates the search list for dynamic WANs.
Fix descriptions and cn on generated GUI cert to be consistent.
Tame the poodle. Disable SSLv3.
Teach the certificate generation code how to make a self-signed certificate, and change the GUI cert generation code to use it. Also, move the GUI cert generation code to its own function so we can add a GUI option to regenerate it later.Also use some more sane defaults for the contents of the default self-signed certificate's fields so it will be more unique and less likely to trigger problems in browser certificate storage handling.
update comment to reflect breakage caused here and reference associated redmine ticket, not high priority, can be fixed later
Add powerd normal mode flag (-n)
Move dhcp6c log to dhcpd.log, it fixes #3799
Concat var before call escapeshellarg
Make dhcpleases use unbound pid when it's configured
Convert almost all /sbin/sysctl calls to php functions
remove openbgpd bits from system_gateways_edit and system.inc. The packagematch is case-sensitive and hasn't matched the openbgpd package's name inat least 5 years, so it doesn't do anything. It's far from functional inany useful manner even fixing that issue.
bind HTTP->HTTPS redirect to IPv6 too. Ticket #3437
Send HUP to restart syslogd rather than trying to restart it, thus loosing messages
make sure unbound is included here
If Unbound is been used then make sure to reload when system_hosts_generate() is called
Move clog from /usr to /usr/local
Add filterlog to separatefacilitylog to avoid logs going elsewhere
Use the daemon name to send the filter logs
Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
Merge pull request #1118 from phil-davis/patch-3
Make sure that the DNS Forwarder/Resolver is actually capable of accepting queries on localhost before using it as a DNS server.
Cut paste bug fix in Remote Syslog DHCP events
apinger is repeated here from the code above, but it should be dhcp.Forum https://forum.pfsense.org/index.php?topic=73734.0Selecting to remote syslog "Gateway Monitor events" would also switch on "DHCP service events" unintentionally.
Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale/invalid and there is still a running instance.
Remove remenants of pccardd from FreeBSD 5
Avoid placing an empty "interface listen" directive in ntpd.conf
standardize URLs
Correct variable name, while here unset some large var
Make this a bit more efficient
Remove broken 'dynamic6' gateway, we already have ipprotocol to tell us the IP version, leave it more simple using only 'dynamic'. It helps #3484
silence any errors
More code fixes for ntpd
Update system.inc
Corrections made as requested
Add new NTPd functions
Really need the interface where v6 is running toa dd the gateway/route rather than the one used for the configuration. This Fixes #3357
Check for tmp captiveportal dir before making it
In forum: https://forum.pfsense.org/index.php/topic,72483.0.htmlWarning: mkdir(): File exists in /etc/inc/system.inc on line 878Not sure if you would rather call safe_mkdir here?
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
Using "limited" for ntp in this way denies client access. Issue #3384
Add EDNS support for to resolv.conf
Fix typo on variable name, it fixes #3414
Fix openssl path
ports ntp moved to sbin, follow
Use "disable monitor" in NTP config to mitigate CVE-2013-5211.
Add 'limited' to ntpd restrict list to workaround CVE-2013-5211. It fixes #3384
Add a setting to allow the user to specify the clog file size so more (or less) entries may be kept in the raw logs. Retain previous default size values if the user has not specified a preferred size. Files can only be resized when initialized, so provide a "Reset All Logs" button as well to force clear all logs and set them up at the new size.
Mute the output of the command since its not really useful
Switch to php-fpm for lighty and check_reload_status will use it. Step by step will migrate the other calls
Teach system_timezone_configure() to deal with symlinks to avoid having timezone misconfigured. This fixes #3293
Add source address selection to syslog settings, so it can work more effectively over a VPN. Fixes #355
Use new names for get_memory parameters
Use ntpdate from ports also and obsolete base one
use correct domain names when registering static DHCP entries in DNS
When registering static DHCP entries in DNS, we first try to use the domain name configured for the static entry (if any), then the domain name configured in the DHCP server settings for the corresponding interface (if any), and as a last resort the system domain name....
Disable the BEAST protection by default because the GUI will break if you use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.
support mitigating BEAST attack
According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30
"...by setting
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
you can mitigate BEAST attacks."
Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
Use family parameter for v6 to get correct interface