o Batch the backend call calling from GUI once and
only if needed from configuration.
o Turn the configuration into a generic loop.
o Move advanced options to the back of the configuration.
o Warning level for both log messages.
As OpenSSH 8.8 disables RSA signatures using the SHA-1 hash algorithm
by default some older SSH clients might not be able to connect to
OPNsense anymore. Therefore, it might be needed to manually modify the
PubkeyAcceptedAlgorithms sshd config option.
Prevent generating of invalid configuration values for dynamic
crypto parameters (KexAlgorithms, Ciphers, MACs, HostKeyAlgorithms and
PubkeyAcceptedAlgorithms).
Moral of the story: don't try to call backend scripts to grab env
variables that you could easily read using the acual nameserver
script sort of like dhclient-script is doing it.
ALLOWOVERRIDE is silly as we guard against that in get_nameservers().
o Only operate the /var/db IP files via rc.newwanip(v6)
o Consistenly flush a cache IP on a triggered reload
o Remove IPv6 address removal workaround from https://redmine.pfsense.org/issues/2627
o Assume that IP is properly checked making $cacheip != $ip a valid assumption when $cacheip is empty
o Remove creation from dhclient script
same same as dd6a04a68a, but different.
Concerns fixed in this commit:
o archive shouldn't generate files so old "archived" files remain untouched
o "latest.log" should point to the latest version know, which could be todays or a file from the past
o better to not remove links when unchanged to prevent excessive writes
We shuffle the cron jobs around a bit to let the script start at
minute 1 of every hour which is close enough.
We might consider a soft-update of the link instead of removing
it every hour depending on how tail -f and such work, but for now
use what PHP has to offer.
PR: https://github.com/opnsense/core/issues/4993
Most of the system already uses it and users are informed about
it too. Might just be a good time to write a little manual page
for it...
While here some use of daemon -f suggests that configctl -d should
be used more widely than it is now.
To make verbatim script passthrough work we also need to introduce
a scripting option to reach the random sleep option afterwards.
We add a random delay of up to 25 minutes to the cron based operations
in order to give the update servers more room to breathe.
Download only if necessary, but verify and unpack unconditionally.
Add a cron job for nightly poll to be used with upcoming pending
script to "skim" the changelog for potential updates.
o allow repetitive metadata tags to be used, representing them as multiline options. Since \n can't exist in rules it should be rather save to concat repeating entries
o convert multiline items in the UI (rule info) (convert \n --> <br/>)
