Teach system_timezone_configure() to deal with symlinks to avoid having timezone misconfigured. This fixes #3293
Add source address selection to syslog settings, so it can work more effectively over a VPN. Fixes #355
Use new names for get_memory parameters
use correct domain names when registering static DHCP entries in DNS
When registering static DHCP entries in DNS, we first try to use the domain name configured for the static entry (if any), then the domain name configured in the DHCP server settings for the corresponding interface (if any), and as a last resort the system domain name....
Disable the BEAST protection by default because the GUI will break if you use this and have a Hifn card installed. Others may break similarly. Change it into a checkbox option, off by default, and automatically disable it if a conflicting card has been detected.
Merge pull request #683 from dhatz/RELENG_2_1
support mitigating BEAST attack, see http://forum.pfsense.org/index.php/topic,63001.0.html
Add independent logging choices to disable logging of bogon network rules and private network rules. Add upgrade code to obey the existing behavior for users (if default block logging was disabled, so is bogon/private rule blocking). Also add a checkbox to disable the lighttpd log for people who don't want their system log spammed by lighty.
support mitigating BEAST attack
According to http://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_30
"...by setting
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
you can mitigate BEAST attacks."
Use family parameter for v6 to get correct interface
Provide full path to route binary
Actually try to get the real interface for v6 family to correctly get stf(virtual) interfaces
Replace all linklocal checks by is_linklocal()
Shuffle some more logs around to more appropriate places.
Send filterdns logs to the resolver log.
Fix dnsmasq host overrides 'enabled' check.
Fix dnsmasq host overrides and dhcp integration
. Do not execute following actions when dnsmasq is disabled: . Add host overrides to /etc/hosts . Register DHCP leases in DNS Forwarder . Register DHCP static mappings in DNS forwarder
It should fix issue reported at following forum post:...
Show IPv6 link-local IPs as specific sources for ping, traceroute, and port testing.
Make fe80: addresses check case insensitive
Move some code to a function to avoid future duplication. Allow autocomplete on ping page. Add more escaping to command.
Remove *_defaultgwv6 also
Make sure captiveportal section of config is an array, reported on ticket #2838
Avoid Warning: Invalid argument supplied for foreach() in /etc/inc/system.inc
Warning: Invalid argument supplied for foreach() in /etc/inc/system.inc
Don't use captiveportal configuration option variable if it isn't set
add support for RADIUS NAS accounting, fixes redmine feature request 2143
Keep Unbound here for syslog messages
Backout Unbound for now bring back in 2.2. Fixes #2817
Set $interfacegw properly and avoid losing default route in some circumstances
Resolves #1284. Merge patch submitted a bit differentely
Whoops remove copypasta
The actual variable isn't an array, so this test will never succeed. Remove it. Unbreaks ntp.
Sprinkle some unsets
Correct setting default gateways
Correct function name
Use mwexec() with signal clearing. Use pid file for killining/tracking ntpd
Optimize and cleanup routing function
Correct system_routing_configure to do the right thing and guess the address family for the routing table correctly. While here cleanup some other code and leave a comment that disabled routing entries probably should not be dealt in here!
System: Advanced: Miscellaneous: PowerD
Add the on battery mode option settings.
Need to rethink this againRevert "Ticket #2636 Seems ipsec apart IP-IP does not have any after processing for input packets. Make the filter apropriately so the packets are passed correctly through BPF and pfil(9)"
This reverts commit e0f338eb1b02d7bf4920d4682404412e98a3075c.
Ticket #2636 Seems ipsec apart IP-IP does not have any after processing for input packets. Make the filter apropriately so the packets are passed correctly through BPF and pfil(9)
Use global var for path
Unlink pid file before starting a new process
Fixup paths when executing OpenSSL.
Correctly generate dhcpleases file to avoid issues with dhcpleases. Also while here correct code and make some optiomizations and corrections
Default to using sha256 digest for GUI cert.
Enable cgi for the webgui since some ports like lightsquid need it
Merge git pull request 313 from bcyrill with some modifications
Put syslogd into secure mode so no remote log messages are accepted. Sending to a remote syslog server still works with this option.
The ISC client was far worse then the WIDE client was, back to plan ARevert "Merge changes required for using the ISC dhclient in pfSense with prefix delegation. This should hopefully be a bit more reliable in the long run."
This reverts commit 651018775c78e38045966825b920b641a0302b43....
If less than 78 RAM just do not let php spawn another process
Slight code re-organization
Remove to parameters from system_generate_lighty_config that are unused and do a better job at tuning started php processes to not use less/more than needed. This also avoids DoS the system with php processes
Always make sure php has its own process manager to make lighty happy
Avoid duplicate log entries for facilities higher or equal daemon.info. It should fix #2626
Simplify lighty config and tune mod_evasive as needed. Mostly a cherry-pick from RELENG_2_0 changes
Cleanup a bit the syslog generation
Remove preload.php which warmed the caches. IT hurts on embedded and really does not help that much
Merge changes required for using the ISC dhclient in pfSense with prefix delegation. This should hopefully be a bit more reliable in the long run.The dhclient6-script could be merged with dhclient-script in the future.Still need to cleanup old adresses and prefixes, as well as LAN prefixes when a old prefix dissapears. This needs some thought and clue to strap together.
Rather use the system constants as defined
Use integer rather than hex to put these values. AMD64 builds do rather awkward problems
Add restrict lines to limit what local clients are allowed to do to the ntp server.
Don't die silently if the time is too far off. Fix from: dhatz
Fix ntp config syntax for the version we're using
This file won't exist at bootup yet, drop it from the sanity test.
Teach ntpd how to get its time from a local GPS on serial.
Correct mod_evasive setting per CP to confirm to what the CP page description says. Resolves #2270
Refine test
Correct generation of lighty config for CP now that zone is passed as parameter
Expand cipher list and remove a cipher that Safari on iOS does not like after recent lighttpd changes. Fixes #2553
Fix for this crash report, received after resetting a test system to factory defaults and setting up initila stuff:i3868.3-RELEASE-p3FreeBSD 8.3-RELEASE-p3 #0: Sat Jul 7 21:34:19 EDT 2012 root@FreeBSD_8.3_pfSense_2.1.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386...
Fix system_routing_configure() function so it does not try to add static routes ipv6 subnets to ipv4 gateways or ipv4 subnets to ipv6 gateways while using aliases that includes both ipv4 and ipv6 subnets.
maxprocperip is defined per zone
Add blackhole to Null routesRedmine ticket #2471
Allow for Null routes
Fix input validation and import test.
Switch to ntpd from ports, add Services > NTP to select interfaces for binding. Respect old ntp settings in the process.
On its own, ntpd does not sync fast enough at bootup, so bring back the ntpdate sync but improve it so it can't get stuck forever.
Clear process signals before exec() or ntpd misbehaves if called from PHP on i386.
Use FreeBSD's ntpd instead in the backend
max_procs adjustments for small memory systems, attempt 2
Per Jim P's feedback, move max_procs completely out ofsystem_webgui_start() and move all of the memory/procs decision logicto system_generate_lighty_config().
Adjust the captive portal max_procs to reflect the low memory...
Test if this is an array before using it as an array.
Add support for aliases in DNS Forwarder, fixes #2410
Move routing (radvd, routed, ospf, bgp) to its own log since these daemons can be really spammy at times.
Move the stop_packages code to a function, and call the function from the shell script, and call the function directly for a reboot. Fixes #2402 and ticket #1564
Include the ntp facility also, should fix ntp logging
Prevent a invalid argument on a empty array
Fix missing - on route parameter
Merge pull request #90 from vizvayu/master
Mode selection options for PowerD
Enable verbosity to actually put something in the logs
Add brackets to a syslog server if it's an IPv6 IP. (Though FreeBSD's syslogd still won't send to it ... http://www.freebsd.org/cgi/query-pr.cgi?pr=150530&cat=misc )
Add alias support to static routes (needs some testing) Ticket #2239
Conflicts:
etc/inc/filter.inc etc/inc/util.inc usr/local/www/system_routes_edit.php
Added mode selection options for PowerD.
Expand these checks to include 'dynamic' or they'll never match dynamic gateways, leading to issues with routing.
Move some of the log file tabs around.Add seperate tabs for dnsmasq,unbound as well as gateways.
fix for: Captive Portal cannot work on master branch
reverting to listening on 0.0.0.0 seems to work just fine
mostly fixes #1700 .
http://redmine.pfsense.org/issues/1700
Set FCGI_CHILDREN to 0 since it does not make sense php to manage itself when lighttpd is doing so. This makes it possible to recover from 550-Internal... error.
Ermal says the new openntpd binary fixes this instead -- Revert "Start ntpd in the background since we don't need to care about its return data. Speeds up GUI with broken DNS."
This reverts commit 89d291ec25c12ed5744c63679270d1a13b5c6b3a.
Start ntpd in the background since we don't need to care about its return data. Speeds up GUI with broken DNS.
Add the ability to disable static routes without deleting them
Correctly match ntpd syslog messages
only skip adding default gateway if OLSR is actually enabled, and log why you're skipping it, otherwise it's tons of "fun" to dig in and figure out what's going on.
Change SNMP binding option to work on any eligible interface/VIP. Fixes #2158