Put the FQDN first in /etc/hosts to make dnsmasq happy when reverse resolving hostnames. Make a special exception for localhost. Fixes #7771
(cherry picked from commit 0e78c2f544ad577234a0a2f87ce2e8caefdfdb77)
Restructure how unbound zone data is written to fix processing of "redirect" zone entries. Fixes #7690Also corrects some other misc issues for formatting of zone data.While here, add an option, not exposed in the GUI, for users to get the previous behavior of defining short names for hosts.
Move uniqueid read to a function system_get_uniqueid()
Backport changes for syslogd handling to fix #7256
Fix APU2 with coreboot v4.x detection
See https://forum.pfsense.org/index.php?topic=106444.msg716558#msg716558(cherry picked from commit 9457d0f616506bf0e50e49d7d977ebc1aa945e4f)
Always add the CN as the first SAN when creating a certificate in the GUI or an automatic GUI self-signed certificate. Per RFC 2818, relying on the CN to determine the hostname is deprecated, SANs are required. Chrome 58 started enforcing this requirement. Fixes #7496
Only start dhcpleases if DHCP server is enabled (Bug #6750)(cherry picked from commit 3d8b01e8c6392b4177572d540c8160c7e6e071ca)
Set ntp gps mode for pgrmf even if no other modes are being set.
(cherry picked from commit 821110e8ff76564c23783c554fc89cd9458683ac)
Add to NTP GPS processing of PGRMF sentence
(cherry picked from commit 6924a2bf34a70cd33284a28ca3575f33f9834375)
Redmine #5549 Allow variable number of DNS Servers
(cherry picked from commit a2d23e88596deab6bbed2818385a0b72c913843a)
Simplify logic
Ticket #6712: Create system_hosts_entries()
This function will return an array all items to be added to /etc/hosts.
Ticket #6712: Create system_hosts_dhcpd_entries()
This function will return an array with dhcpd and dhcpdv6 items to be added to/etc/hosts.
Ticket #6712: Create system_hosts_override_entries()
This function will return an array with dnsmasq or unbound items to be added to/etc/hosts
Ticket #6712: Create system_hosts_local_entries()
This function will return an array with 127.0.0.1, ::1 and LAN (orfirst interface with no gateway when LAN is not there) items to beadded to /etc/hosts
Kill dhcpleases after we are sure we can write /etc/hosts
Fix style
Make sure IP address is v4 before create /etc/hosts entry
Exclude non-qualified hostnames from hosts file. Ticket #6064
Do not write a 'restrict' line to the NTP config if it will be empty. Fixes #7110
Captive portal: rework logging and RADIUS accounting when disabling a zone or rebooting
Make captiveportal_radius_stop_all() log the disconnections in the system log and fix it so that it works with the zone id parameter and sends complete RADIUS accounting packets....
Add missing include(cherry picked from commit 12094fd551055c40b3d0da8d27a5fcaabed0ae54)
Restart unbound after clearing logs (Bug #6915)(cherry picked from commit ef72cd5c2d36ff300de8de5971c05e19d1c9443c)
Add specific platform detection for PC Engines APU2
Based detection on $product rather than $hw_model, because $hw_modelreturns the name of the AMD SoC, which might be used on other boards.
(cherry picked from commit ffda0181a4c0989085a201e1a9b6bb0b1d691889)
Add BIND logging to proper facility (Bug #5524)
Stop the /etc/inc/system.inc patching by dns/pfSense-pkg-bind9 package.(cherry picked from commit 957ec89e7959e966e87f83055f57936a945a6b00)
Silence kenv calls
syslogd, create configured logsocket directories
(cherry picked from commit 4406922edb1000ef79f4fccfb484aa1103105ac0)
Fixup ntpd IPv6 restrict clauses.
This should eliminate the following errors from the ntpd log file whenusing IPv6 or dual-stack networks:"syntax error, unexpected T_Mask, expecting T_EOC"
(cherry picked from commit daed7646d7e8e5d555676299ce660408b490ef81)
Fix static blackhole routes. Bug was introduced in8be135cd114fbc9294ec9dafed2125d0e553956c (February, 2013).
(cherry picked from commit 580bef1ee3052437487553fcc5dc8428ca665098)
Fix #6768 IPv6 static mapping on delegated prefixes
For example, WAN receives a /48 delegated from the upstream (ISP...),e.g. "2001:470:abcd::" pfSense then uses this as a starting point tocalculate the addresses on LAN, OPT1, OPT2 etc where they have been...
Code style changes
(cherry picked from commit b2836666a8e7fc021ea750fafc8fc6e8097d52ff)
Allow packages to request syslogd log socket to be created inside chroot by specifying it in /package/logging/logsocket element. Implements #4898.
Example:<package> <logging> <logsocket>/var/appname/var/run/log</logsocket> </logging>...
Fix up/catch up remote syslog areas. Fixes #6780
More pptp bits
Remove some more dangling PPTP bits.
Move copyright from ESF to Netgate
Improve dhcpd and dhcpleases reload
1) Avoid running services_dhcpd_configure() more times than needed.2) Always restart dhcpleases after it's killed during interface recycle.3) It's not necessary to restart dhcpdv4 when doing changes in ipv6 config.
(cherry picked from commit 509e9357df4755a4fe5d1d9b20eda65bafb855e7)
system_dhcpleases_configure() - Improve pidfile handling
1) Set the pidfile variable in the correct place. pidfile variable is required in both 'if' and 'else' blocks.
2) Ensure pidfile is valid before sending term signal
(cherry picked from commit 4509abc380552554cbdf3f42c6783b47112f245a)
Set HTTP_PROXY to empty as recommended at https://httpoxy.org/#fix-now
Review license / copyright on all files (final round)
Review license / copyright on all files (1st round)
Missing closing quote
Create /var/run/dmesg.boot symlink for vm-bhyve (Feature #6573)
See https://redmine.pfsense.org/issues/6573
Include interface scope on IPv6 static routes to link local gateway IPs. Ticket #6506
This needs a newline
Set keepalive_timeout 0 where captive portal in use, and update otherwise to nginx's current default of 75. Ticket #6421
Prefer index.php over index.html where both exist.
A simple fix for #6120
- Retire system_console_configure()- Replace above call on rc.bootup by setup_serial_port()
Add Hyper-V support to system_identify_specific_platform, and disable S.M.A.R.T. actions in Hyper-V guests. Ticket #6147
Ticket #6053
- Do not call ntpdate before start ntpd, ntpd g parameter is enough Deprecate /usr/local/sbin/ntpdate_sync_once.sh- Remove system_ntp_configure parameter and always start ntpd
Remove unused function sync_system_time()
Implement system_get_serial()
Remove dead code
Identify specific hardware models of some Netgate products
Rename variable to a name that make sense
Don't log 404s for captive portal. Ticket #6027
Remove ssl_stapling. Ticket #6020
Don't log to filter.log when local logging is disabled. Ticket #6018
Cleanup nginx configuration file
- Fix indentations- Use the `ssl` parameter of the `listen` directive [1]- Change the rewrite rule to use the recommended syntax [2]
[1]: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl[2]: http://nginx.org/en/docs/http/converting_rewrite_rules.html
Use product name rather than smbios here.
Disable TLSv1.0 for web GUI's nginx instance. Ticket #5984
Merge RCC add, 1540 name fix, from 2_2 branch.
log dhcpleases and dhcpleases6 to dhcpd.log. Ticket #5968
Remove duplicated text/javascript
Update nginx gzip_types. Remove text/html since it's redundant, and add a few others. Particularly useful, json, since status_monitoring.php uses it. Reduces load time on slow connections to about 1/4th of what it is without gzip on json. Ticket #5498
Move NTP access restrictions to their own tab and add the ability to craft custom restrictions for arbitrary networks. Fixes #4463
Fix #3029
Teach system_hosts_generate() to deal with PD length != 64
Ticket #3029
Import patch from @Robert-Nelson to enable DHCPv6 Server/RA tointerfaces configured to track DHCP-PD
This patch only works for PD with length 64
Internationalize etc inc i through s
Prefer dnsmasq's host overrides when it's enabled. Ticket #5883
Fix style issues.
Review of CARP uniqid changes.
It turns out that current CARP implementation is not much different from an IP alias.
This commit converts the IP alias to also use the CARP uniqid scheme, this simplify the code in all other places because now we have only two different cases to deal with:...
Enable gzip compression in nginx.
Set fastcgi_read_timeout to 180 seconds rather than the default 60 for the occasional long-running page.
Remove all additional packages from the system before reset to factory default. Fixes #5829
Remove static routes to DNS servers when gateway is disabled. It should fix #4921
Fix dns test for localhost inclusion, when saving now the port value can be set but empty. Fixes #5775
Update license on files from /etc/inc
Use case-insensitive regex matching for http_host in nginx captive portal configs.
Match nginx max body size with PHP's upload_max_filesize
set nginx client_max_body_size large enough for config restore and other purposes.
10m ssl_session_cache is adequate for our use cases.
Use the local dh-parameters for nginx rather than the default.
Make sure httpsname is a valid domain to avoid breaking nginx conf
Merge pull request #2355 from jlduran/no-preload-in-hsts
Include limit_conn config for CP maxprocperip
Only log to remote syslog server(s) if remote logging is enabled
Remove preload token from HSTS header
Please see the documentation on how to include your domain in thepreload lists:
https://hstspreload.appspot.com
Fix nginx startup on NanoBSD
Fix spaces and indent
fix redirurl for nginx
Include CA chain in certificate for nginx
Add nginx redirection for captive portal
lighty clean up
some CP clean up in nginx start
Bring back $ca in config function
Retire system_generate_lighty_config()
un-break SVG graphs
Skip error_log when disabled.