pfSense

Add option to set IPsec filtering mode. Implements #11395

User can choose between filtering enc (tunnel+VTI) or filtering on
assigned VTI interface tabs (VTI only, drops all tunnel mode traffic).
See https://redmine.pfsense.org/issues/11395 for details.

Identify minnowboard with BIOS 1.0

Intel has changed MBT identification

Obtained from: https://github.com/pfsense/pfsense/pull/4495

Update the Copyright year.

A subsequent commit will deal with .po's.

Add product_label global variable

Introduce product_label global variable, by default with same value of
product_name. The idea is to make it easier for rebranded products to
change the name on all visual texts while internal structures are
preserved.

While here, remove deprecated $g['platform'] and also replace places...

Remove use of deprecated $g['platform']

Dynamic IPv6 DNS servers fix. Feature #10931

Force NTP peers DNS resolution protocol. Implements #10322

NTP server authentication. Issue #8794

System DNS Server changes. Implements #10931

There are significant changes here, but ultimately should be a smooth
transition. See https://redmine.pfsense.org/issues/10931 for more
details.

Handle net.pf.request_maxcount via sysctl. Fixes #10861

Merge pull request #4443 from vktg/unboundmultiip

Rework route functions

- Created route_table() that returns an array containing all items from
route table. It uses --libxo to get a json object
- Created route_get() that return an array with route items to desired
target
- Created route_get_default() to get current default route for inet or...

DNS Resolver multi IP for host overrides. Implements #10896

Full IPv6 host address for DHCP6 static entries. Fixes #8156

Make sure dhcpleases is killed before writing the hosts file.

Needs to happen before fopen($hosts, "w") as it is going to truncate the file
and that breaks the tracking of hosts size in dhcpleases.

Ticket: #9383

Fix Google Cloud Platform spelling

Deect Azure and differentiate from Hyper-V by looking at hte bios version

Fixed #10621. Identify Amazon AWS instances without breaking Hyper-V

Fixed #10621. Identify Amazon AWS instances

NTPd GPS baud rate set fix. Issue #7284

Merge pull request #4252 from vktg/cleandnsdhcpleases

Add option to disable NTP server. Issue #3567

Clear DNS dhcpleases entries. Issue #8981

Merge pull request #4224 from kiokoman/master

Update system.inc

string before the if

NTPd Autoset GPS device baud rate. Issue #7284

Update system.inc

orphan mode and maximum candidate ntp peers on the same tos line
increased default maxclock to 5 if config empty

Update system.inc

change from space to tab

Feature #10323

Add min-max ntp peers default 4

NTP: do not add noserve to restrict source. Issue #9830

Server cert lifetime reduced to 398. Fixes #9825

New requirements coming this fall will require new certs to be valid for at most
398 days. Setup this new requirement now, rather than waiting.

While here, reduce usage of hardcoded value where possible.

Update SSL refs to SSL/TLS. Fixes #10172

This is 2020. Issue #9245

fixes

cosmetic

fix route delete code

fix route delete code

Don't dedup DNS from dyn sources if override is disabled. Fixes #9963

Merge pull request #4112 from vktg/poly1305tls12

order fix

add poly1305-chacha20 to nginx cipher list

Certificate strength improvements. Fixes #9825

• Change default GUI cert lifetime to 825 days
• Add notes on CA/Cert pages about using potentially insecure parameter
  chocies
• Add visible warnings on CA/Cert pages if paramers are insecure/not
  recommended.

Fix #6846: Properly detect Super Micro C2558/C2758

Merge pull request #4042 from plumbeo/fix-reconfig

Merge pull request #3985 from luckman212/system-general-sr-fix1

Additional logs & optimizations. Issue #9714

• Add log tabs for nginx, userlog, and some other previously hidden logs
• Start working on output of utx log via list/libxo (work in progress)
• Consolodate function that retrieves log messages to avoid duplicated...

Move log-related functions to their own file. Issue #8350

Also add a simple shell program that will dump all log entries for a given
log + all rotated/compressed logs in order.

Log rotation settings. Issue #9711 and Issue #9712

• Add rotation count GUI option and per-log option
• Add settings for packages to override more fields not supported in the
  GUI

Add log compression type option. Issue #9711

Merge branch 'master' into system-general-sr-fix1

Change logging to plain text, deprecate clog. Issue #8350

Fix some model detection instances. Issue #8051

Make NTP minpoll and maxpoll user-configurable. Implements #6787

Fix copyright message years to reflect BSDP -> ESF -> Netgate

Update comment. Issue #9607

Update TLS versions used by nginx. Implements #9607

Ticket #3500: Implement system_get_dhcpleases()

Implement system_get_arp_table()

Captive portal: cleanup pipe database at shutdown

Create an option for saving connected users across reboot
Implement redmine #5644

Deprecate the built-in relayd Load Balancer. Closes #9386

It is not available on FreeBSD 12 with OpenSSL 1.1.x.

Users can migrate to the HAProxy package.

Update copyright notices to 2019. Happy New Year

Fix nginx resolver handling when a cert needs OCSP stapling. Fixes #9160

Fix #9121: Initialize arrays to prevent PHP 7 errors

Remove obsolete OLSRD code. Implements #9117

Prevent log size from being too large, which breaks clog. Fixes #9081

Fix #8864: Let users modify sshguard parameters and whitelist

Validate and protect powerd option values. Fixes #9061

Use the fw domain for DNS search when no other choices exist. Fixes #9056

fix a few bugs in system.inc and system.php

Add missing regex to validate serial

Use all possible kenv variables to detect serial

Fix #7694: Replace sshlockout_pf by sshguard

Fix Minnowboard Turbot model names. SG-2320 -> MBT-2220, SG-2340 -> MBT-4220

Certs: Fix CA subject assumptions. Fixes #8801

Several areas made assumptions about the number and order of CA subject
fields that were no longer correct after issue #8381 was corrected.

While here, also remove some outdated references to fields that are no...

Update captiveportal RADIUS Accounting

8552 - enable http2

Make SG-2220 to use RCC-DFFresetbtn binary

Merge pull request #3781 from PiBa-NL/20170712-defaultgateway-group

Add array check

Even though I now set `$ns` equal to `array_unique(get_nameservers()`, just to be safe we check with `is_array($ns)` and set it to a blank array if not. Shouldn't ever happen, but an extra error avoidance test is better than a hard to track down bug later.

scope error?

Error on reboot.

```
[04-Apr-2018 02:21:54 EST5EDT] PHP Warning: in_array() expects parameter 2 to be array, null given in /etc/inc/system.inc on line 1380
```

I believe this is because $ns is defined inside the above for loop. pulling it out of the loop

Fixing debug errors.

Change array index to use php-style

Add fixed suggested by jim-p

Allow ocsp-staple to override

Enable ocsp stapling to on if forced that way through configuration

Use cert_get_ocspstaple

Use cert_get_ocspstaple during nginx configuration generation

Create get_dns_nameservers function

Put code in a function since it gets called in two places.

Steal resolvconf

Steal the nameserver generation code from the resolvconf code

Use option properly

Use the option created by the config to control stapling
(and add a missed semicolon!)

Beginings of enabling SSL Stapling

Add the option. Default to enable

Fix array index

Gateways, allow for configuring a gatewaygroup as the default gateway.
-Avoid changing routes by just visiting a webgui page.
-Avoid change some unneeded events when nothing changed.

Rename RCC-DFF to SG-2220

Silence warnings generated by sysctl to standard error.

Add ospf6d to routing logs.

Update the Copyright notice for pfSense.

Merge pull request #3769 from PiBa-NL/20170626-phpfpm-status

Also kill off sshlockout_pf processes when restarting syslogd. Fixes #7984

When ntp is bound to specific interfaces, disable listening on wildcard. Fixes #8046

Add option to disable HSTS for nginx (Bug #6650)