Validate and protect powerd option values. Fixes #9061
(cherry picked from commit 3be699295e5cb7be24cc5361700be1a8b759e26c)
Use the fw domain for DNS search when no other choices exist. Fixes #9056
(cherry picked from commit 74a8a219d33c9b87ab4b6b4026d247f0f6bdcaa6)
Add missing regex to validate serial
Use all possible kenv variables to detect serial
Fix #7694: Replace sshlockout_pf by sshguard
Fix Minnowboard Turbot model names. SG-2320 -> MBT-2220, SG-2340 -> MBT-4220
Certs: Fix CA subject assumptions. Fixes #8801
Several areas made assumptions about the number and order of CA subjectfields that were no longer correct after issue #8381 was corrected.
While here, also remove some outdated references to fields that are no...
Update captiveportal RADIUS Accounting
8552 - enable http2
Make SG-2220 to use RCC-DFFresetbtn binary
Merge pull request #3781 from PiBa-NL/20170712-defaultgateway-group
Add array check
Even though I now set `$ns` equal to `array_unique(get_nameservers()`, just to be safe we check with `is_array($ns)` and set it to a blank array if not. Shouldn't ever happen, but an extra error avoidance test is better than a hard to track down bug later.
scope error?
Error on reboot.
```[04-Apr-2018 02:21:54 EST5EDT] PHP Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/system.inc on line 1380```
I believe this is because $ns is defined inside the above for loop. pulling it out of the loop
Fixing debug errors.
Change array index to use php-style
Add fixed suggested by jim-p
Allow ocsp-staple to override
Enable ocsp stapling to on if forced that way through configuration
Use cert_get_ocspstaple
Use cert_get_ocspstaple during nginx configuration generation
Create get_dns_nameservers function
Put code in a function since it gets called in two places.
Steal resolvconf
Steal the nameserver generation code from the resolvconf code
Use option properly
Use the option created by the config to control stapling(and add a missed semicolon!)
Beginings of enabling SSL Stapling
Add the option. Default to enable
Fix array index
Gateways, allow for configuring a gatewaygroup as the default gateway.-Avoid changing routes by just visiting a webgui page.-Avoid change some unneeded events when nothing changed.
Rename RCC-DFF to SG-2220
Silence warnings generated by sysctl to standard error.
Add ospf6d to routing logs.
Update the Copyright notice for pfSense.
Merge pull request #3769 from PiBa-NL/20170626-phpfpm-status
Also kill off sshlockout_pf processes when restarting syslogd. Fixes #7984
When ntp is bound to specific interfaces, disable listening on wildcard. Fixes #8046
Add option to disable HSTS for nginx (Bug #6650)
Do not allow direct download of .inc files (unparsed PHP source). Fixes #8005
Stop using hostuuid as serial
Merge pull request #3821 from PiBa-NL/20170916-bsnmp-hostrest-check
Detect XG-1537
SNMP, check for several hypervisors that cause hostres module high cpu usagealso skip setting it in the bnsmp config when such platform is detected without needing the user to save settings again
Put the FQDN first in /etc/hosts to make dnsmasq happy when reverse resolving hostnames. Make a special exception for localhost. Fixes #7771
Restructure how unbound zone data is written to fix processing of "redirect" zone entries. Fixes #7690Also corrects some other misc issues for formatting of zone data.While here, add an option, not exposed in the GUI, for users to get the previous behavior of defining short names for hosts.
Move uniqueid read to a function system_get_uniqueid()
php-fpm, add status page for local usage from console/shell, this provides a way to check what scripts are currently running in the php-fpm processes.
For example the following can be executed from the local shell:` fetch --no-verify-hostname --no-verify-peer "https://localhost/status?full" -o - `
SG-23* serial number is igb0 mac address
Refine some syslogd restarts, add a way to send it a HUP to reload w/o a full restart. Part of ticket #7256
Merge pull request #3725 from sestary/master
Make the changes suggested by jim-p and changed the way the disable function work to ensure the manually added host entries or DHCP reservations still work.
Fix APU2 with coreboot v4.x detection
See https://forum.pfsense.org/index.php?topic=106444.msg716558#msg716558
Detect SG-2320/SG-2340 models and set initial config for them
Always add the CN as the first SAN when creating a certificate in the GUI or an automatic GUI self-signed certificate. Per RFC 2818, relying on the CN to determine the hostname is deprecated, SANs are required. Chrome 58 started enforcing this requirement. Fixes #7496
Merge pull request #3560 from doktornotor/patch-5
Adds option to skip adding IPv6 entries in /etc/hosts for LANsIf a LAN interface's IPv6 configuration is set to Track, and the tracked interface loses connectivity, it can cause connections to the firewall that were established via IPv6 hostname to fail. This can happen unintentionally when accessing the system by hostname, since by default both IPv4 and IPv6 entries are added to /etc/hosts. This patch + enabling this option prevents those IPv6 records from being created and prevents this from occurring....
Only start dhcpleases if DHCP server is enabled (Bug #6750)
Fix nginx certificate permissions (Bug #6862)
Set ntp gps mode for pgrmf even if no other modes are being set.
Add to NTP GPS processing of PGRMF sentence
Code with multiple %s in etc
Restart unbound after clearing logs (Bug #6915)
Handle clearing the individual log as well.
Redmine #5549 Allow variable number of DNS Servers
Simplify logic
Ticket #6712: Create system_hosts_entries()
This function will return an array all items to be added to /etc/hosts.
Ticket #6712: Create system_hosts_dhcpd_entries()
This function will return an array with dhcpd and dhcpdv6 items to be added to/etc/hosts.
Ticket #6712: Create system_hosts_override_entries()
This function will return an array with dnsmasq or unbound items to be added to/etc/hosts
Ticket #6712: Create system_hosts_local_entries()
This function will return an array with 127.0.0.1, ::1 and LAN (orfirst interface with no gateway when LAN is not there) items to beadded to /etc/hosts
Kill dhcpleases after we are sure we can write /etc/hosts
Fix style
Make sure IP address is v4 before create /etc/hosts entry
Do not write a 'restrict' line to the NTP config if it will be empty. Fixes #7110
Add VMware detection to system_identify_specific_platform(). Ticket #6882
Merge pull request #3315 from plumbeo/accounting-on-disable-reboot
Captive portal: rework logging and RADIUS accounting when disabling a zone or rebooting
Make captiveportal_radius_stop_all() log the disconnections in the system log and fix it so that it works with the zone id parameter and sends complete RADIUS accounting packets....
Add reroot support to system_reboot_sync() and to the /etc/rc.initial.reboot menu. Ticket #6045
Exclude /var/empty from tar extract and make sure its permissions are respected when it's created
Add missing include
Add specific platform detection for PC Engines APU2
Based detection on $product rather than $hw_model, because $hw_modelreturns the name of the AMD SoC, which might be used on other boards.
Add BIND logging to proper facility (Bug #5524)
Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package.
Silence kenv calls
Remove config files symlinks from /etc to /var/etc. Fixes #5538
Use the ntpd "pool" command for more robust timekeeping. Attempting to automatically determine if we are using a pool, and allow it to be set optionally otherwise. Implements #5985
syslogd, create configured logsocket directories
Fix #6828
Until 2.3.x pfSense carried a patch that changed the behavior of 'routechange' command, making it add the route when it fails to change.On 2.4 this patch was removed and will not be added back. This changeadjust PHP code to deal with route add / change and make it work...
Deprecate nanobsd platform and remove all conditionals that uses it
Remove all calls to conf_mount_r* functions
Merge pull request #3171 from phroggster/patch-2
Fixup ntpd IPv6 restrict clauses.
This should eliminate the following errors from the ntpd log file whenusing IPv6 or dual-stack networks:"syntax error, unexpected T_Mask, expecting T_EOC"
Fix static blackhole routes. Bug was introduced in8be135cd114fbc9294ec9dafed2125d0e553956c (February, 2013).
Merge pull request #3135 from phil-davis/pdlen
Merge pull request #2616 from k-paulius/patch-pkg-syslog-v2
Fix #6768 IPv6 static mapping on delegated prefixes
For example, WAN receives a /48 delegated from the upstream (ISP...),e.g. "2001:470:abcd::" pfSense then uses this as a starting point tocalculate the addresses on LAN, OPT1, OPT2 etc where they have been...
Fix up/catch up remote syslog areas. Fixes #6780
More pptp bits
Remove some more dangling PPTP bits.
Move copyright from ESF to Netgate
Merge pull request #3122 from NewEraCracker/patch-11
Improve dhcpd and dhcpleases reload
1) Avoid running services_dhcpd_configure() more times than needed.2) Always restart dhcpleases after it's killed during interface recycle.3) It's not necessary to restart dhcpdv4 when doing changes in ipv6 config.
system_dhcpleases_configure() - Improve pidfile handling
1) Set the pidfile variable in the correct place. pidfile variable is required in both 'if' and 'else' blocks.
2) Ensure pidfile is valid before sending term signal
Set HTTP_PROXY to empty as recommended at https://httpoxy.org/#fix-now
Move to Apache License 2.0
Review license / copyright on all files (final round)
Review license / copyright on all files (1st round)