Use proper var here for calculation
Remove to parameters from system_generate_lighty_config that are unused and do a better job at tuning started php processes to not use less/more than needed. This also avoids DoS the system with php processes
Always use fastcgi since the requirement is the same anyhow
Remove preload.php even here now that is possible to avoid issues during startup of lighty
Always make sure php has its own process manager to make lighty happy
Make mod_fastcgi last to have url.rewrite work properly
Enable mod_evasive if needed for CP
Simpligy lighty config and send all lighty logs to syslog rather to a file not readble by anything
Don't die silently if the time is too far off. Fix from: dhatz
Expand cipher list and remove a cipher that Safari on iOS does not like after recent lighttpd changes. Fixes #2553
Fix input validation and import test.
Switch to ntpd from ports, add Services > NTP to select interfaces for binding. Respect old ntp settings in the process.
Conflicts:
etc/inc/system.inc usr/local/www/fbegin.inc
Fixup ntpd logging
On its own, ntpd does not sync fast enough at bootup, so bring back the ntpdate sync but improve it so it can't get stuck forever.
etc/rc.newwanipv6
Hackish workaround for ntpd failing to move away from init when called from within PHP 5.2, PHP 5.3 has a better workaround.
Revert "Clear process signals before exec() or ntpd misbehaves if called from PHP on i386." -- this only works on PHP 5.3
This reverts commit ac4bc5853f75a8f8467f5c53704f33e2066c3da6.
Clear process signals before exec() or ntpd misbehaves if called from PHP on i386.
Use FreeBSD's ntpd instead in the backend
Move the stop_packages code to a function, and call the function from the shell script, and call the function directly for a reboot. Fixes #2402 and ticket #1564
Enable verbosity to actually put something in the logs
Add alias support to static routes (needs some testing) Ticket #2239
Set FCGI_CHILDREN to 0 since it does not make sense php to manage itself when lighttpd is doing so. This makes it possible to recover from 550-Internal... error.
Ermal says the new openntpd binary fixes this instead -- Revert "Start ntpd in the background since we don't need to care about its return data. Speeds up GUI with broken DNS."
This reverts commit 9281c9c66c4a5d64e6fda459ce89f18bc8fc27db.
Start ntpd in the background since we don't need to care about its return data. Speeds up GUI with broken DNS.
Correctly match ntpd syslog messages
Put the end of code marker :)
only skip adding default gateway if OLSR is actually enabled, and log why you're skipping it, otherwise it's tons of "fun" to dig in and figure out what's going on.
Change SNMP binding option to work on any eligible interface/VIP. Fixes #2158
Fix up syslog settings a bit, add some missing options, fix formatting of syslog.conf, correct behavior of 'everything', code cleanup.
Change the way syslogd is killed/restarted a bit. Fixes log related pages hanging when logs are reset (or saving syslog settings)
Move hostapd to its own log and tab, so it stops spamming the system log.
Exclude relayd from main system log, it's really spammy, and is already in relayd.log
Revert "Make initial changes to allow pfSense to work in a jail."
This reverts commit a26d95383a6146734f67c9db21cd83534052843a.
Make initial changes to allow pfSense to work in a jail.
This mostly avoids starting things that will not work and gets theinitial config. Most of the pfSense functionality will not work(pf rules, routing, etc) but it can be used for testing.
Also only add 127.0.0.1 as a DNS server if dnsmasq (DNS Forwarder) is enabled.
Allow disabling having localhost in resolv.conf. There are some special setups that might need this.
When clicked allow overriding of dns servers by dynamic WANs still configure the other dns servers so in multi-WAN environments dns has a chance to work still.
Tell the local system to use the locally running dns forwarder as a primary source. This should help ticket #1407
Start hostid
Max procs should be 1 when using an op code cacher
Use route change here as well to avoid leaving the routing table without a destination for a short period.
Rework rc.stop_packages a little. Fixes #1564
Correct check as per http://forum.pfsense.org/index.php/topic,39155.0.html
Resolve issues that made php core dump or eat a lot of memory when big routing tables are present
Allow a ZMQ syslog address
Allow DHCP mappings to be resolved first for reverse lookups.
This was affecting a kerberos installation where the first DNS alias wasgiven for the PTR instead of the static DHCP mapping name, breaking thekerberos tokens.
Do not create blank domain lines if domain is gone from config.xml. It breaks tools such as dig when troubleshooting, etc.
Fix formatting of fastcgi params in lighty config.
Add a GUI field to adjust the max number of processes for lighttpd.
Allow OpenNTPD to listen on Virtual IPs, not just interfaces. Fixes #342
Disable this until it can be properly fixed.
Prevent races on resovlconf generation as well by adding a lock.
Ticket #1534. Try to stop packages during reboot of system.
Don't just blindly echo to the ntpd.log, it's a clog file and that will break it.
Harden SSL settings a bit. Verified OK with Chris Buechler and Bill Marquette
Drop the ntpdate sync in favor of using ntpd -s, which should have the same net effect without needing the shell script that has been prone to hanging.
Fix variable name
Generate the config file in a variable then write it as a whole to a file.
Fix url. Do not include mod_accesslog twice
Add the empty check otherwise all static routes are skipped. Reported-by: Seth
This logic was reversed fix it. Reported-by: Seth
Prevent a IPv6 address from breaking system routing. This is a hack because we don't have the proper ip validation in 2.0 mainline
Specify the -inet family so that accidental IPv6 addresses here don't break the system routing.
Remove extra brace
Better test for an empty CA to avoid writing out an empty CA file (some on the forum are seeing this.)
Unbreak dns server colletion. Pointyhat: myself
Oops remove forgotten line and correct variable name error that seems to have existed from long time. Even though the file read is not used in pfSense this days!
Use glob instead of forking cat with glob patterns. Also use file() instead of forking cat just for reading a file. This might help with the issue reported on Ticket #943 which seems like a timing issue even though the dns events happen before newip events.
nuke trailing carriage returns
Make the CP locking more granular and make use correctly of exclusive/shared locks where appripriate. This speeds up CP login process.
Do not spam console, spam log
use is_dir(). Sometimes php lack of uniform function names can be annoying.
Ensure log directory exists before invoking syslogd
Add missing - in syslogd command line parameters, fixes #1111
Hard code maxlockouts to 15 until GUI portion is ready
Correct webConfgurator auth/error messages
Get rid of fastforwarding since it is not maintained from long time. Courtesy-of: battlez_ IRC
If a pkg has logging enabled in syslog, then correctly ensure that it does not get logged to one of the other logs but only to its specified log file.
Syslog.conf would end up with multiple pkg facility names on the same line. So multiple pkgs with logging enabled would end up with the previous pkg prepended to its syslog entry.
Revert "Use -ss for syslogd. Suggested-by: Ermal"
This reverts commit c57e0d704ac08afee31e1e79f0b8228f5eb66cb1.
Use -ss for syslogd. Suggested-by: Ermal
Use -l
Unbreak Status -> System Logs -> DHCP due to chroot and new version of DHCPD.
Use pfSense_sync()
Reintroduce this optimization, but use the correct return value this time.
Unbreak sysctl handling.
No need to go through the array when the key can be tested directly.
Nuke trailing c/r
Not sure why sometimes works sometimes does not work when bound to localhost the lighttpd instance of CP. Back to previous setup! Though security of it is debatble.
Remove trailing carriage return
Kill dhcplease before writing the hosts file so that it does not scramble the content from kqueue events.
Ticket #980. Bring CP widget up to date. Also bind lighty for CP to 127.0.0.1 it should not be accessible otherwise.
More VPN log fixes, for consistency. Ticket #912
Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.
Make sure this is an array before entering the foreach loop. Reported at http://forum.pfsense.org/index.php/topic,29118.0.html
Fix syslog.conf generation. Ticket #929
Make this code more readble and clear on what it does.
Remove legacy code for static routes.
Oops fix long standing variable name mistype.
Remove legacy code