Ermal
20a9590486
Make ipsec_starter log go to ipsec.log rather than system one
2014-11-07 14:37:09 +01:00
Chris Buechler
7bd413ebc6
add a route debug option to log info about route commands executed (where those aren't already logged) to help with troubleshooting various routing scenarios.
2014-11-06 20:19:24 -06:00
Chris Buechler
756d867a89
fix comment
2014-11-04 13:31:38 -06:00
Ermal
d35dfaaecb
Fixes #3941 . When optimizations of the loops were made this brought the problems of overriding default gateway by dynamic interfaces. Try to stick to the first found for now!
2014-11-01 18:43:28 +01:00
Renato Botelho
0a8dd27b5f
Remove redundancy as pointed out by phil-davis
2014-10-28 14:55:07 -02:00
Renato Botelho
143c22f771
Decode recently created cert and key. It fixes #3964 . While here, fix logical condition to create a new cert if crt or key is not present
2014-10-28 10:17:16 -02:00
Chris Buechler
e8b5f72496
domain and search should not both be defined in resolv.conf per FreeBSD man page and handbook (only the latter is actually used). Change this to just not use domain, and set the search to the system's domain where not using the function that generates the search list for dynamic WANs.
2014-10-25 22:11:45 -05:00
jim-p
2cf2c62b27
Fix descriptions and cn on generated GUI cert to be consistent.
2014-10-15 14:01:00 -04:00
jim-p
5ff7f58e59
Tame the poodle. Disable SSLv3.
2014-10-15 08:40:36 -04:00
jim-p
7c4c77ee62
Teach the certificate generation code how to make a self-signed certificate, and change the GUI cert generation code to use it. Also, move the GUI cert generation code to its own function so we can add a GUI option to regenerate it later.
...
Also use some more sane defaults for the contents of the default self-signed certificate's fields so it will be more unique and less likely to trigger problems in browser certificate storage handling.
2014-10-14 15:30:33 -04:00
Chris Buechler
1f4ad8f4cf
update comment to reflect breakage caused here and reference associated redmine ticket, not high priority, can be fixed later
2014-10-14 13:44:56 -05:00
Steven Selph
3d77cc359f
Add powerd normal mode flag (-n)
2014-10-05 18:35:08 -04:00
Renato Botelho
b462fc5eea
Move dhcp6c log to dhcpd.log, it fixes #3799
2014-08-11 11:47:14 -03:00
Renato Botelho
ef74c9e4e4
Concat var before call escapeshellarg
2014-07-21 18:57:08 -03:00
Renato Botelho
604623a136
Make dhcpleases use unbound pid when it's configured
2014-07-21 18:56:07 -03:00
Renato Botelho
971de1f98a
Convert almost all /sbin/sysctl calls to php functions
2014-07-07 20:06:37 -03:00
Chris Buechler
cac386b68e
remove openbgpd bits from system_gateways_edit and system.inc. The package
...
match is case-sensitive and hasn't matched the openbgpd package's name in
at least 5 years, so it doesn't do anything. It's far from functional in
any useful manner even fixing that issue.
2014-05-30 20:01:46 -05:00
Chris Buechler
64a2da809c
bind HTTP->HTTPS redirect to IPv6 too. Ticket #3437
2014-05-14 11:20:39 -05:00
Ermal
66201c9617
Send HUP to restart syslogd rather than trying to restart it, thus loosing messages
2014-04-28 21:12:38 +00:00
Warren Baker
3f06e5383f
make sure unbound is included here
2014-04-28 22:36:48 +02:00
Warren Baker
f624877441
If Unbound is been used then make sure to reload when system_hosts_generate() is called
2014-04-28 22:00:25 +02:00
Renato Botelho
2a50fd8ac8
Move clog from /usr to /usr/local
2014-04-28 11:54:22 -03:00
Ermal
ebf45d96e1
Add filterlog to separatefacilitylog to avoid logs going elsewhere
2014-04-28 13:41:38 +00:00
Ermal
686777c419
Use the daemon name to send the filter logs
2014-04-28 08:08:59 +00:00
Renato Botelho
75a8ba834d
Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
2014-04-24 17:02:22 -03:00
Renato Botelho
b149b3a10a
Merge pull request #1118 from phil-davis/patch-3
2014-04-24 17:00:23 -03:00
jim-p
bd5737dc22
Make sure that the DNS Forwarder/Resolver is actually capable of accepting queries on localhost before using it as a DNS server.
2014-04-23 10:16:15 -04:00
Phil Davis
80571c81a4
Cut paste bug fix in Remote Syslog DHCP events
...
apinger is repeated here from the code above, but it should be dhcp.
Forum https://forum.pfsense.org/index.php?topic=73734.0
Selecting to remote syslog "Gateway Monitor events" would also switch on "DHCP service events" unintentionally.
2014-04-20 21:57:58 -07:00
jim-p
69e593c14f
Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale/invalid and there is still a running instance.
2014-04-07 10:10:48 -04:00
Ermal
362fdc4cc3
Remove remenants of pccardd from FreeBSD 5
2014-03-28 22:54:12 +01:00
jim-p
8b650e57d6
Avoid placing an empty "interface listen" directive in ntpd.conf
2014-03-20 12:09:16 -04:00
Chris Buechler
e1a456e6a8
standardize URLs
2014-03-14 19:30:56 -05:00
Ermal
703b1ce1c5
Correct variable name, while here unset some large var
2014-03-14 20:35:39 +00:00
Ermal
f0014c6499
Make this a bit more efficient
2014-03-11 15:40:27 +00:00
Renato Botelho
d07bc322c5
Remove broken 'dynamic6' gateway, we already have ipprotocol to tell us the IP version, leave it more simple using only 'dynamic'. It helps #3484
2014-03-03 13:31:01 -03:00
Ermal
7335fa5380
* Correct logging to syslog and proper file for ipsec from strongswan
...
* Use proper commands to reload strongswan rather than just the daemon
2014-02-25 11:10:01 +01:00
Ermal
e570f0eb56
silence any errors
2014-02-20 09:02:55 +00:00
Ermal
ec7bc948b7
More code fixes for ntpd
2014-02-19 15:43:37 +00:00
nagyrobi
0fd64e94fa
Update system.inc
...
Corrections made as requested
2014-02-18 16:06:07 +01:00
nagyrobi
142f7393a8
Update system.inc
...
Add new NTPd functions
2014-02-18 15:12:43 +01:00
Ermal
c79f717a58
Really need the interface where v6 is running toa dd the gateway/route rather than the one used for the configuration. This Fixes #3357
2014-02-18 09:25:41 +00:00
Phil Davis
6240ba7bd1
Check for tmp captiveportal dir before making it
...
In forum: https://forum.pfsense.org/index.php/topic,72483.0.html
Warning: mkdir(): File exists in /etc/inc/system.inc on line 878
Not sure if you would rather call safe_mkdir here?
2014-02-10 19:05:26 -08:00
Renato Botelho
873c1701a8
Add escapeshellarg() calls on exec parameters. While I'm here, replace some exec() calls by php functions like symlink, copy, unlink, mkdir
2014-02-04 12:34:41 -02:00
jim-p
ca79de534b
Using "limited" for ntp in this way denies client access. Issue #3384
2014-02-03 09:34:06 -05:00
Warren Baker
3b95d9ece3
Add EDNS support for to resolv.conf
2014-01-29 17:06:42 +02:00
Renato Botelho
f4a4bcbc4c
Fix typo on variable name, it fixes #3414
2014-01-28 17:01:02 -02:00
Renato Botelho
2ec95f1ffb
Fix openssl path
2014-01-24 08:33:31 -02:00
jim-p
fdfa8f43ed
ports ntp moved to sbin, follow
2014-01-15 12:35:50 -05:00
jim-p
706ba0e4b1
Use "disable monitor" in NTP config to mitigate CVE-2013-5211.
2014-01-10 11:41:49 -05:00
Renato Botelho
6b66073164
Add 'limited' to ntpd restrict list to workaround CVE-2013-5211. It fixes #3384
2014-01-07 08:58:33 -02:00