This was refactored previously and all the logic should live outside
dhclient-script but it seems it's only loosely handled over there.
For now put a check back in the old way and rework this later correctly
from the system.inc point of view: we do want to register nameserver
and searchdomain in the cache files, but should not add a route if
those are not required. It would be helpful to show them in the overview
regardless (as for DNS servers) but with a hint that they are not being
used.
PR: https://forum.opnsense.org/index.php?topic=26765.0
o Merge defaults and requirements.
o Get rid of get_default_sysctl_value().
o Manually set 'type' for e.g. boot enviroment tunables.
o Cache sysctl map once per boot.
o Edit system defaults for easier override.
While sysctls might change when (un)loading kernel modules the
risk of missing something vital is not given. We could always
flush the cache file in that case later.
o Batch the backend call calling from GUI once and
only if needed from configuration.
o Turn the configuration into a generic loop.
o Move advanced options to the back of the configuration.
o Warning level for both log messages.
As OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm
by default some older SSH clients might not be able to connect to
OPNsense anymore. Therefore, it might be needed to manually modify the
PubkeyAcceptedAlgorithms sshd config option.
Prevent generating of invalid configuration values for dynamic
crypto parameters (KexAlgorithms, Ciphers, MACs, HostKeyAlgorithms and
PubkeyAcceptedAlgorithms).
Moral of the story: don't try to call backend scripts to grab env
variables that you could easily read using the acual nameserver
script sort of like dhclient-script is doing it.
ALLOWOVERRIDE is silly as we guard against that in get_nameservers().
o Only operate the /var/db IP files via rc.newwanip(v6)
o Consistenly flush a cache IP on a triggered reload
o Remove IPv6 address removal workaround from https://redmine.pfsense.org/issues/2627
o Assume that IP is properly checked making $cacheip != $ip a valid assumption when $cacheip is empty
o Remove creation from dhclient script
same same as dd6a04a68a, but different.
Concerns fixed in this commit:
o archive shouldn't generate files so old "archived" files remain untouched
o "latest.log" should point to the latest version know, which could be todays or a file from the past
o better to not remove links when unchanged to prevent excessive writes
We shuffle the cron jobs around a bit to let the script start at
minute 1 of every hour which is close enough.
We might consider a soft-update of the link instead of removing
it every hour depending on how tail -f and such work, but for now
use what PHP has to offer.
PR: https://github.com/opnsense/core/issues/4993
