OPNSense/core 0abc31dsrc/etc/inc services.inc

services: for full consistency

OPNSense/core 32aad85src/etc rc.reload_all, src/etc/inc interfaces.inc

interfaces: unwind inverted call stack, interfaces_configure() can do less

OPNSense/core 66bd3dbsrc/opnsense/scripts/shell setports.php

rc: fix syntax

OPNSense/core 145ff37. plist, src/etc rc.reload_interfaces

rc: remove unused script

OPNSense/core 3c38c26src/opnsense/scripts/shell setports.php

rc: reload filter as well in previous

OPNSense/core 046eaa8src/opnsense/scripts/shell setports.php

rc: missing local reload spot

OPNSense/core b3f8477src/etc/inc interfaces.inc

interfaces: consolidate reload behaviour

PR: https://github.com/opnsense/core/pull/2337

OPNSense/core 8b0f702src/etc rc.bootup, src/etc/inc interfaces.inc

interfaces: pass reload flag instead of guessing

PR: https://github.com/opnsense/core/pull/2337

OPNSense/core d15d3b9src/etc/inc interfaces.inc

interfaces: zap unused gobal $config invokes

Incremental cleanups over the years seem to pay off.  :)

OPNSense/core 91d9cdasrc/opnsense/service/conf/actions.d actions_netflow.conf

netflow: "||" avoidance

OPNSense/core 904b059src/opnsense/service/conf/actions.d actions_openssh.conf

openssh: do not mask stop return value

OPNSense/core fa9f04esrc/opnsense/service/conf/actions.d actions_openssh.conf actions_ids.conf

backend: changes for "||" avoidance

OPNSense/core 52f9fbbsrc/opnsense/mvc/app/controllers/OPNsense/IDS/forms generalSettings.xml, src/opnsense/service/templates/OPNsense/IDS suricata.yaml

intrusion detection: optional fast log to syslog

(cherry picked from commit 0d79bfda3c53d211e86077f9c7383ec3790f7764)
(cherry picked from commit 062ad3f82ce5b1146a3d9aae7fa8ca72858ea1e3)

OPNSense/core 9a23b66src/www diag_logs_settings.php

system: fixup previous

OPNSense/core c2160d7src/etc/inc system.inc, src/etc/inc/plugins.inc.d suricata.inc

intrusion detection: remote syslog and associated cleanups; closes #2349

OPNSense/core 062ad3fsrc/opnsense/mvc/app/controllers/OPNsense/IDS/forms generalSettings.xml, src/opnsense/mvc/app/models/OPNsense/IDS IDS.xml

intrusion detection: optional fast log to syslog

Change syslog to be always on but use the syslog checkbox
to decide whether alert logging is forwarded or not.

Discussed with: @adschellevis

OPNSense/core 9f9e54esrc/etc/inc interfaces.inc

interfaces: tracking again, naming and check for track6 marker

OPNSense/core 83408cfsrc/opnsense/mvc/app/models/OPNsense/Base/Menu Menu.xml

mvc: menu node name tweak, no functional change

OPNSense/ports ed69165net/freeradius3 distinfo Makefile

net/freeradius3: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 123c41dtextproc/py-m2r Makefile distinfo

textproc/py-m2r: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 250f41fsecurity/vuxml vuln.xml

security/vuxml: sync with upstream

Taken from: HardenedBSD

OPNSense/ports e45be81devel/flang-clang pkg-plist, java/openjdk8/files patch-bsd patch-bsd-test

*/*: sync with upstream

Taken from: HardenedBSD

OPNSense/plugins 1f23d92net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms dialogBackend.xml, net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy HAProxy.xml

net/haproxy: merge version 2.7 from master

Leave out tokenzier drop for now.

OPNSense/core bfe404f. plist, src/opnsense/mvc/app/controllers/OPNsense/Core/Api FirmwareController.php

firmware: many change, such wow

A backport half-requested by @Adschellevis.  It doesn't make
a lot of sense to split our current work into bits and pieces
because if we don't push all of these changes now we end up
needing to push them before the EoL date anyway and this is
better to revert and improve.  Most changes have been on the
development track for a while to mature, others are simple

Needless to say, requires more testing towards 18.1.9 next

* Parse and return to be removed packages for update summary
* Release type change properly updates the repository, summary
* The firmware options can be set via XML files
* Return repository errors in greater detail (4 new error types)
* Add and use API for major upgrades
* Make returned backend JSON a bit more human-readable
* Fix leak of base/kernel update info on package manager updates
* Refactor package manager update summary parsing for speed

OPNSense/core 4cbc8e1src/opnsense/site-python log_helper.py

python, improve performance of reverse_log_reader() by avoiding string copies while 
parsing. Tried the new method using a 50MB suricata log file, which was parsed about 30% 
quicker then using the previous version.

OPNSense/core b7c6c6fsrc/etc rc.newwanip

interfaces: another related cleanup from master

OPNSense/core eaa84ecsrc/etc/inc interfaces.inc

interfaces: another cleanup from master

OPNSense/core 0cacd85src/etc/inc interfaces.inc

interfaces: wancfg is lancfg since we are tracking

Selective change from master, no code behaviour change.

OPNSense/core a4a7383src/etc/inc interfaces.inc, src/www interfaces.php

interfaces: simplifications for dhclient #2372

Remove the dhclient "handlers" and use the PID file
like everything else.  The pid file is already there
under the same name, but we make it explicit in
case something changes or code needs to be traced.

(cherry picked from commit 65186994744db703e01c1addb4d31be514a145e3)

OPNSense/core a1b0906src/etc/inc interfaces.inc

interfaces: style update

(cherry picked from commit 456fb9ab75b2ffc455eb98cdbbdf5706ddf5324b)
(cherry picked from commit 1cde6c33b4332f9ba349bc2d863bffed1e2c2172)

OPNSense/core 901551fsrc/etc/inc interfaces.inc

interfaces: in track6, wancfg is lancfg; cleanups

Make it easier to read the code and remove unused bits
and doubled validation.  The track6 functions are internal
and could potentially be inlined as well, but some of them
are a bit heavy.

OPNSense/core 0c1c48bsrc/etc rc.newwanip, src/etc/inc interfaces.inc

interfaces: reconfigure interfaces tracking SLAAC WAN #2394

OPNSense/core 1cde6c3src/etc/inc interfaces.inc

interfaces: fix typo in comment

OPNSense/core 456fb9asrc/etc/inc interfaces.inc

interfaces: style update

OPNSense/core fd94b3asrc/etc rc.newwanipv6, src/etc/inc interfaces.inc

interfaces: simplify semantics of link_interface_to_track6()

OPNSense/core 3acf26esrc/man/man8 opnsense-importer.8

man: annotate arguemnt `disk'

(cherry picked from commit b357788c1a00bd9489798683e78a35f90d878947)

OPNSense/core b357788src/man/man8 opnsense-importer.8

man: annotate arguemnt `disk'

OPNSense/core c5b9f67src/etc rc.newwanip rc.newwanipv6, src/etc/inc filter.inc

firewall: reset states on IPv4 change

(cherry picked from commit 8844e7260ac34cd44687c8fc500b00d9ab7fd553)
(cherry picked from commit 95723454776bea801befec3d91c5adbaf2bb1fe4)

OPNSense/core ea6a2basrc/sbin opnsense-importer

rc: remove unused variable

(cherry picked from commit 57148f483aca38c0e1e479dd9a51587fb2aba175)

OPNSense/core 57148f4src/sbin opnsense-importer

rc: remove unused variable

OPNSense/core 9572345src/etc rc.newwanip rc.newwanipv6, src/www system_advanced_firewall.php

firewall: reset states on IPv4 change; closes #2414

OPNSense/tools 2747ceaconfig/18.1 ports.conf

config: ansible is now flavored in ports

OPNSense/ports 3bcf8ab. UPDATING MOVED, Mk bsd.qt.mk

Framework: sync with upstream

Taken from: HardenedBSD
+28-64 files

OPNSense/ports 9b183a7sysutils/ansible Makefile distinfo

sysutils/ansible: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 6f9f732net/GeoIP Makefile distinfo, net/GeoIP/files pkg-message.in

net/GeoIP: sync with upstream

Taken from: HardenedBSD

OPNSense/ports ff99edfnet/zerotier Makefile distinfo, net/zerotier/files patch-node_Packet.cpp patch-make-bsd.mk

net/zerotier: sync with upstream

Taken from: HardenedBSD

OPNSense/ports e4d2ce9net/haproxy-devel distinfo Makefile

net/haproxy-devel: partially sync with upstream

Taken from: HardenedBSD

OPNSense/plugins 1da93adsecurity/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient AcmeClient.xml

security/acme-client: Required=Y should bump model version

(cherry picked from commit 58e0c6022029713b603f70bfac82dcc021d27ef1)

OPNSense/ports fe66945sysutils/e2fsprogs/files patch-zc patch-zb

sysutils/e2fsprogs: sync with upstream

Taken from: HardenedBSD

OPNSense/ports 0d4ca5aeditors/vim distinfo Makefile

editors/vim: sync with upstream

Taken from: HardenedBSD