diff --git a/src/bin/captiveportal_gather_stats.php b/src/bin/captiveportal_gather_stats.php
index 922ea7556..0b08c6d92 100644
--- a/src/bin/captiveportal_gather_stats.php
+++ b/src/bin/captiveportal_gather_stats.php
@@ -49,7 +49,7 @@ $concurrent_users = $no_users;
 $current_user_count = 0;
 
 /* tmp file to use to store old data (per interface)*/
-$tmpfile = "{$g['vardb_path']}/captiveportal_online_users";
+$tmpfile = '/var/db/captiveportal_online_users';
 
 if(empty($type))
 	exit;
diff --git a/src/captiveportal/index.php b/src/captiveportal/index.php
index 85787338f..44ebd3c2c 100644
--- a/src/captiveportal/index.php
+++ b/src/captiveportal/index.php
@@ -121,10 +121,11 @@ if ($macfilter || $passthrumac) {
 }
 
 /* find out if we need RADIUS + RADIUSMAC or not */
-if (file_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db")) {
+if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) {
 	$radius_enable = TRUE;
-	if (isset($cpcfg['radmac_enable']))
+	if (isset($cpcfg['radmac_enable'])) {
 		$radmac_enable = TRUE;
+	}
 }
 
 /* find radius context */
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index ff8dd33c8..bb6c87874 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -203,7 +203,7 @@ function index_groups()
 
 	$groupindex = array();
 
-	if (is_array($config['system']['group'])) {
+	if (isset($config['system']['group'])) {
 		$i = 0;
 		foreach($config['system']['group'] as $groupent) {
 			$groupindex[$groupent['name']] = $i;
@@ -261,7 +261,7 @@ function &getGroupEntryByGID($gid)
 {
 	global $config;
 
-	if (is_array($config['system']['group'])) {
+	if (isset($config['system']['group'])) {
 		foreach ($config['system']['group'] as & $group) {
 			if ($group['gid'] == $gid) {
 				return $group;
@@ -342,9 +342,8 @@ function local_sync_accounts()
 			 * If a crontab was created to user, pw userdel will be interactive and
 			 * can cause issues. Just remove crontab before run it when necessary
 			 */
-			unlink_if_exists("/var/cron/tabs/{$line[0]}");
-			$cmd = "/usr/sbin/pw userdel -n '{$line[0]}'";
-			mwexec($cmd);
+			@unlink("/var/cron/tabs/{$line[0]}");
+			mwexecf('/usr/sbin/pw userdel -n %s', $line[0]);
 		}
 		pclose($fd);
 	}
@@ -364,8 +363,7 @@ function local_sync_accounts()
 			if ($line[2] > 65000) {
 				continue;
 			}
-			$cmd = "/usr/sbin/pw groupdel {$line[2]}";
-			mwexec($cmd);
+			mwexecf('/usr/sbin/pw groupdel %s', $line[2]);
 		}
 		pclose($fd);
 	}
@@ -477,12 +475,11 @@ function local_user_set(&$user)
 		$keys = base64_decode($user['authorizedkeys']);
 		@file_put_contents("{$user_home}/.ssh/authorized_keys", $keys);
 		@chown("{$user_home}/.ssh/authorized_keys", $user_name);
-	} else
-		unlink_if_exists("{$user_home}/.ssh/authorized_keys");
-
-	$un = $lock_account ? "" : "un";
-	exec("/usr/sbin/pw {$un}lock {$user_name} -q");
+	} else {
+		@unlink("{$user_home}/.ssh/authorized_keys");
+	}
 
+	mwexecf('/usr/sbin/pw %s %s', array($lock_account ? 'lock' : 'unlock', $user_name), true);
 }
 
 function local_user_del($user)
@@ -518,7 +515,8 @@ function local_user_get_groups($user, $all = false)
 	global $config;
 
 	$groups = array();
-	if (!is_array($config['system']['group'])) {
+
+	if (!isset($config['system']['group'])) {
 		return $groups;
 	}
 
@@ -540,8 +538,9 @@ function local_user_set_groups($user, $new_groups = null)
 {
 	global $config, $groupindex;
 
-	if (!is_array($config['system']['group']))
+	if (!isset($config['system']['group'])) {
 		return;
+	}
 
 	$cur_groups = local_user_get_groups($user, true);
 	$mod_groups = array();
@@ -610,33 +609,26 @@ function local_group_set($group, $reset = false)
 {
 	$group_name = $group['name'];
 	$group_gid = $group['gid'];
-	$group_members = "''";
-	if (!$reset && !empty($group['member']) && count($group['member']) > 0)
-		$group_members = implode(",",$group['member']);
+	$group_members = '';
 
-	/* read from group db */
-	$fd = popen("/usr/sbin/pw groupshow {$group_name} 2>&1", "r");
-	$pwread = fgets($fd);
-	pclose($fd);
+	if (!$reset && !empty($group['member']) && count($group['member']) > 0) {
+		$group_members = implode(',', $group['member']);
+	}
 
-	/* determine add or mod */
-	if (!strncmp($pwread, "pw:", 3))
-		$group_op = "groupadd";
-	else
-		$group_op = "groupmod";
-
-	/* add or mod group db */
-	$cmd = "/usr/sbin/pw {$group_op} {$group_name} -g {$group_gid} -M {$group_members} 2>&1";
-
-	mwexec($cmd);
+	$ret = mwexecf('/usr/sbin/pw groupshow %s', $group_name, true);
+	if ($ret) {
+		$group_op = 'groupadd';
+	} else {
+		$group_op = 'groupmod';
+	}
 
+	mwexecf('/usr/sbin/pw %s %s -g %s -M %s', array($group_op, $group_name, $group_gid, $group_members));
 }
 
 function local_group_del($group)
 {
 	/* delete from group db */
-	$cmd = "/usr/sbin/pw groupdel {$group['name']}";
-	mwexec($cmd);
+	mwexecf('/usr/sbin/pw groupdel %s', $group['name']);
 }
 
 function ldap_test_connection($authcfg)
@@ -680,33 +672,31 @@ function ldap_test_connection($authcfg)
 
 function ldap_setup_caenv($authcfg)
 {
-	global $g;
-
 	require_once("certs.inc");
 
 	unset($caref);
+
 	if (empty($authcfg['ldap_caref']) || !strstr($authcfg['ldap_urltype'], "SSL")) {
 		putenv('LDAPTLS_REQCERT=never');
 		return;
-	} else {
-		$caref = lookup_ca($authcfg['ldap_caref']);
-		if (!$caref) {
-			log_error(sprintf(gettext("LDAP: Could not lookup CA by reference for host %s."), $authcfg['ldap_caref']));
-			/* XXX: Prevent for credential leaking since we cannot setup the CA env. Better way? */
-			putenv('LDAPTLS_REQCERT=hard');
-			return;
-		}
-		if (!is_dir("{$g['varrun_path']}/certs"))
-			@mkdir("{$g['varrun_path']}/certs");
-		if (file_exists("{$g['varrun_path']}/certs/{$caref['refid']}.ca"))
-			@unlink("{$g['varrun_path']}/certs/{$caref['refid']}.ca");
-		file_put_contents("{$g['varrun_path']}/certs/{$caref['refid']}.ca", base64_decode($caref['crt']));
-		@chmod("{$g['varrun_path']}/certs/{$caref['refid']}.ca", 0600);
-		putenv('LDAPTLS_REQCERT=hard');
-		/* XXX: Probably even the hashed link should be created for this? */
-		putenv("LDAPTLS_CACERTDIR={$g['varrun_path']}/certs");
-		putenv("LDAPTLS_CACERT={$g['varrun_path']}/certs/{$caref['refid']}.ca");
 	}
+
+	$caref = lookup_ca($authcfg['ldap_caref']);
+	if (!$caref) {
+		log_error(sprintf(gettext("LDAP: Could not lookup CA by reference for host %s."), $authcfg['ldap_caref']));
+		/* XXX: Prevent for credential leaking since we cannot setup the CA env. Better way? */
+		putenv('LDAPTLS_REQCERT=hard');
+		return;
+	}
+
+	@mkdir("/var/run/certs");
+	@unlink("/var/run/certs/{$caref['refid']}.ca");
+	file_put_contents("/var/run/certs/{$caref['refid']}.ca", base64_decode($caref['crt']));
+	@chmod("/var/run/certs/{$caref['refid']}.ca", 0600);
+	putenv('LDAPTLS_REQCERT=hard');
+	/* XXX: Probably even the hashed link should be created for this? */
+	putenv("LDAPTLS_CACERTDIR=/var/run/certs");
+	putenv("LDAPTLS_CACERT=/var/run/certs/{$caref['refid']}.ca");
 }
 
 function ldap_test_bind($authcfg)
@@ -1261,12 +1251,14 @@ function auth_get_authserver_list() {
 	return $list;
 }
 
-function getUserGroups($username, $authcfg) {
+function getUserGroups($username, $authcfg)
+{
 	global $config;
 
 	$allowed_groups = array();
+	$member_groups = array();
 
-	switch($authcfg['type']) {
+	switch ($authcfg['type']) {
         case 'ldap':
 		$allowed_groups = @ldap_get_groups($username, $authcfg);
 		break;
@@ -1278,11 +1270,12 @@ function getUserGroups($username, $authcfg) {
 		break;
 	}
 
-	$member_groups = array();
-        if (is_array($config['system']['group'])) {
-                foreach ($config['system']['group'] as $group)
-                        if (in_array($group['name'], $allowed_groups))
+        if (isset($config['system']['group'])) {
+                foreach ($config['system']['group'] as $group) {
+                        if (in_array($group['name'], $allowed_groups)) {
 				$member_groups[] = $group['name'];
+			}
+		}
 	}
 
 	return $member_groups;
@@ -1459,5 +1452,3 @@ function http_basic_auth($http_auth_header)
     // not authenticated
     return false;
 }
-
-?>
diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc
index f006395fa..196242ede 100644
--- a/src/etc/inc/captiveportal.inc
+++ b/src/etc/inc/captiveportal.inc
@@ -212,7 +212,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
         else
             $message = 0;
 
-        include("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
+        include("/var/etc/captiveportal-{$cpzone}-logout.html");
 
     } else {
         // TODO: remove? should be handled by login page
@@ -401,11 +401,11 @@ function captiveportal_configure_zone($cpcfg) {
             echo "Starting captive portal({$cpcfg['zone']})... ";
 
             /* remove old information */
-            unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");
+            @unlink("/var/db/captiveportal{$cpzone}.db");
         } else
             captiveportal_syslog("Reconfiguring captive portal({$cpcfg['zone']}).");
         /* kill any running minicron */
-        killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid");
+        killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
 
         /* initialize minicron interval value */
         $croninterval = $cpcfg['croninterval'] ? $cpcfg['croninterval'] : 60;
@@ -422,7 +422,7 @@ function captiveportal_configure_zone($cpcfg) {
             $htmltext = get_default_captive_portal_html();
         }
 
-        $fd = @fopen("{$g['varetc_path']}/captiveportal_{$cpzone}.html", "w");
+        $fd = @fopen("/var/etc/captiveportal_{$cpzone}.html", "w");
         if ($fd) {
             // Special case handling.  Convert so that we can pass this page
             // through the PHP interpreter later without clobbering the vars.
@@ -450,7 +450,7 @@ function captiveportal_configure_zone($cpcfg) {
             $errtext = get_default_captive_portal_html();
         }
 
-        $fd = @fopen("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html", "w");
+        $fd = @fopen("/var/etc/captiveportal-{$cpzone}-error.html", "w");
         if ($fd) {
             // Special case handling.  Convert so that we can pass this page
             // through the PHP interpreter later without clobbering the vars.
@@ -510,7 +510,7 @@ document.location.href="<?=\$my_redirurl;?>";
 EOD;
         }
 
-        $fd = @fopen("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html", "w");
+        $fd = @fopen("/var/etc/captiveportal-{$cpzone}-logout.html", "w");
         if ($fd) {
             fwrite($fd, $logouttext);
             fclose($fd);
@@ -521,22 +521,26 @@ EOD;
         captiveportal_write_elements();
 
         /* kill any running mini_httpd */
-        killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal.pid");
-        killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal-SSL.pid");
+        killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid");
+        killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid");
 
         /* start up the webserving daemon */
         captiveportal_init_webgui_zone($cpcfg);
 
         /* Kill any existing prunecaptiveportal processes */
-        if (file_exists("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid"))
-            killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid");
+        killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
 
         /* start pruning process (interval defaults to 60 seconds) */
-        mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/cp_prunedb_{$cpzone}.pid " .
-            "/usr/local/etc/rc.prunecaptiveportal {$cpzone}");
+        mwexecf(
+		'/usr/local/bin/minicron %s %s %s %s',
+		 $croninterval,
+		"/var/run/cp_prunedb_{$cpzone}.pid",
+		'/usr/local/etc/rc.prunecaptiveportal',
+		$cpzone
+	);
 
         /* generate radius server database */
-        unlink_if_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db");
+        @unlink("/var/db/captiveportal_radius_{$cpzone}.db");
         captiveportal_init_radius_servers();
 
         if (file_exists("/var/run/booting")) {
@@ -546,12 +550,12 @@ EOD;
         }
 
     } else {
-        killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal.pid");
-        killbypid("{$g['varrun_path']}/lighty-{$cpzone}-CaptivePortal-SSL.pid");
-        killbypid("{$g['varrun_path']}/cp_prunedb_{$cpzone}.pid");
-        @unlink("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
-        @unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
-        @unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
+        killbypid("/var/run/lighty-{$cpzone}-CaptivePortal.pid");
+        killbypid("/var/run/lighty-{$cpzone}-CaptivePortal-SSL.pid");
+        killbypid("/var/run/cp_prunedb_{$cpzone}.pid");
+        @unlink("/var/etc/captiveportal_{$cpzone}.html");
+        @unlink("/var/etc/captiveportal-{$cpzone}-error.html");
+        @unlink("/var/etc/captiveportal-{$cpzone}-logout.html");
 
         captiveportal_radius_stop_all();
 
@@ -561,13 +565,12 @@ EOD;
         }
 
         /* remove old information */
-        unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");
-        unlink_if_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db");
-        unlink_if_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules");
+        @unlink("/var/db/captiveportal{$cpzone}.db");
+        @unlink("/var/db/captiveportal_radius_{$cpzone}.db");
+        @unlink("/var/db/captiveportal_{$cpzone}.rules");
         /* Release allocated pipes for this zone */
         captiveportal_free_dnrules();
 
-
         if (empty($config['captiveportal']))
             set_single_sysctl("net.link.ether.ipfw", "0");
         else {
@@ -634,7 +637,7 @@ function captiveportal_init_webgui_zone($cpcfg)
         }
 
         system_generate_lighty_config(
-	    "{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf",
+	    "/var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf",
             $crt,
             $key,
             $ca,
@@ -655,7 +658,7 @@ function captiveportal_init_webgui_zone($cpcfg)
     }
 
     system_generate_lighty_config(
-        "{$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf",
+        "/var/etc/lighty-{$cpzone}-CaptivePortal.conf",
         "",
         "",
         "",
@@ -669,12 +672,12 @@ function captiveportal_init_webgui_zone($cpcfg)
 
     @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal.pid");
     /* attempt to start lighttpd */
-    $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal.conf");
+    $res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal.conf");
 
     /* fire up https instance */
     if (isset($cpcfg['httpslogin'])) {
         @unlink("{$g['varrun']}/lighty-{$cpzone}-CaptivePortal-SSL.pid");
-        $res = mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-{$cpzone}-CaptivePortal-SSL.conf");
+        $res = mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-{$cpzone}-CaptivePortal-SSL.conf");
     }
 }
 
@@ -950,7 +953,7 @@ function captiveportal_init_radius_servers() {
         $radiuskey4 = $config['captiveportal'][$cpzone]['radiuskey4'];
 
         $cprdsrvlck = lock("captiveportalradius{$cpzone}", LOCK_EX);
-        $fd = @fopen("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db", "w");
+        $fd = @fopen("/var/db/captiveportal_radius_{$cpzone}.db", "w");
         if (!$fd) {
             captiveportal_syslog("Error: cannot open radius DB file in captiveportal_configure().\n");
             unlock($cprdsrvlck);
@@ -976,9 +979,9 @@ function captiveportal_get_radius_servers() {
     global $g, $cpzone;
 
     $cprdsrvlck = lock("captiveportalradius{$cpzone}");
-    if (file_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db")) {
+    if (file_exists("/var/db/captiveportal_radius_{$cpzone}.db")) {
         $radiusservers = array();
-        $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db",
+        $cpradiusdb = file("/var/db/captiveportal_radius_{$cpzone}.db",
         FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
         if ($cpradiusdb) {
             foreach($cpradiusdb as $cpradiusentry) {
@@ -1100,8 +1103,8 @@ function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max =
     global $cpzone;
 
     $cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
-    if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
-        $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
+    if (file_exists("/var/db/captiveportaldn.rules")) {
+        $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules"));
         $ridx = $rulenos_start;
         while ($ridx < $rulenos_range_max) {
             if ($rules[$ridx] == $cpzone) {
@@ -1112,7 +1115,7 @@ function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max =
             } else
                 $ridx += 2;
         }
-        file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
+        file_put_contents("/var/db/captiveportaldn.rules", serialize($rules));
         unset($rules);
     }
     unlock($cpruleslck);
@@ -1123,8 +1126,8 @@ function captiveportal_get_next_dn_ruleno($rulenos_start = 2000, $rulenos_range_
 
     $cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
     $ruleno = 0;
-    if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
-        $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
+    if (file_exists("/var/db/captiveportaldn.rules")) {
+        $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules"));
         $ridx = $rulenos_start;
         while ($ridx < $rulenos_range_max) {
             if (empty($rules[$ridx])) {
@@ -1144,7 +1147,7 @@ function captiveportal_get_next_dn_ruleno($rulenos_start = 2000, $rulenos_range_
         $rulenos_start++;
         $rules[$rulenos_start] = $cpzone;
     }
-    file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
+    file_put_contents("/var/db/captiveportaldn.rules", serialize($rules));
     unlock($cpruleslck);
     unset($rules);
 
@@ -1155,12 +1158,12 @@ function captiveportal_free_dn_ruleno($ruleno) {
     global $config, $g;
 
     $cpruleslck = lock("captiveportalrulesdn", LOCK_EX);
-    if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) {
-        $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules"));
+    if (file_exists("/var/db/captiveportaldn.rules")) {
+        $rules = unserialize(file_get_contents("/var/db/captiveportaldn.rules"));
         $rules[$ruleno] = false;
         $ruleno++;
         $rules[$ruleno] = false;
-        file_put_contents("{$g['vardb_path']}/captiveportaldn.rules", serialize($rules));
+        file_put_contents("/var/db/captiveportaldn.rules", serialize($rules));
         unset($rules);
     }
     unlock($cpruleslck);
@@ -1315,9 +1318,9 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac
         header("Location: {$redirurl}");
         return;
     } else if ($type == "login")
-        $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal_{$cpzone}.html");
+        $htmltext = get_include_contents("/var/etc/captiveportal_{$cpzone}.html");
     else
-        $htmltext = get_include_contents("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
+        $htmltext = get_include_contents("/var/etc/captiveportal-{$cpzone}-error.html");
 
     $cpcfg = $config['captiveportal'][$cpzone];
 
@@ -1445,8 +1448,8 @@ function captiveportal_read_usedmacs_db() {
     global $g, $cpzone;
 
     $cpumaclck = lock("captiveusedmacs{$cpzone}");
-    if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs_{$cpzone}.db")) {
-        $usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs_{$cpzone}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+    if (file_exists("/var/db/captiveportal_usedmacs_{$cpzone}.db")) {
+        $usedmacs = file("/var/db/captiveportal_usedmacs_{$cpzone}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
         if (!$usedmacs)
             $usedmacs = array();
     } else
@@ -1460,7 +1463,7 @@ function captiveportal_write_usedmacs_db($usedmacs) {
     global $g, $cpzone;
 
     $cpumaclck = lock("captiveusedmacs{$cpzone}", LOCK_EX);
-    @file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs_{$cpzone}.db", implode("\n", $usedmacs));
+    @file_put_contents("/var/db/captiveportal_usedmacs_{$cpzone}.db", implode("\n", $usedmacs));
     unlock($cpumaclck);
 }
 
diff --git a/src/etc/inc/config.console.inc b/src/etc/inc/config.console.inc
index 9605477cf..baa6faed5 100644
--- a/src/etc/inc/config.console.inc
+++ b/src/etc/inc/config.console.inc
@@ -333,26 +333,34 @@ EODD;
 			if(isset($config['nat']))
 				unset($config['nat']);
 		}
-		if (preg_match($g['wireless_regex'], $lanif)) {
+
+		if (match_wireless_interface($lanif)) {
 			if (is_array($config['interfaces']['lan']) &&
-				(!is_array($config['interfaces']['lan']['wireless'])))
+				(!is_array($config['interfaces']['lan']['wireless']))) {
 				$config['interfaces']['lan']['wireless'] = array();
+			}
 		} else {
-			if (isset($config['interfaces']['lan']))
+			if (isset($config['interfaces']['lan'])) {
 				unset($config['interfaces']['lan']['wireless']);
+			}
 		}
 
-		if (!is_array($config['interfaces']['wan']))
+		if (!is_array($config['interfaces']['wan'])) {
 			$config['interfaces']['wan'] = array();
+		}
+
 		$config['interfaces']['wan']['if'] = $wanif;
 		$config['interfaces']['wan']['enable'] = true;
-		if (preg_match($g['wireless_regex'], $wanif)) {
+
+		if (match_wireless_interface($wanif)) {
 			if (is_array($config['interfaces']['wan']) &&
-				(!is_array($config['interfaces']['wan']['wireless'])))
+				(!is_array($config['interfaces']['wan']['wireless']))) {
 				$config['interfaces']['wan']['wireless'] = array();
+			}
 		} else {
-			if (isset($config['interfaces']['wan']))
+			if (isset($config['interfaces']['wan'])) {
 				unset($config['interfaces']['wan']['wireless']);
+			}
 		}
 
 		for ($i = 0; $i < count($optif); $i++) {
@@ -361,8 +369,7 @@ EODD;
 
 			$config['interfaces']['opt' . ($i+1)]['if'] = $optif[$i];
 
-			/* wireless interface? */
-			if (preg_match($g['wireless_regex'], $optif[$i])) {
+			if (match_wireless_interface($optif[$i])) {
 				if (!is_array($config['interfaces']['opt' . ($i+1)]['wireless']))
 					$config['interfaces']['opt' . ($i+1)]['wireless'] = array();
 			} else {
diff --git a/src/etc/inc/config.lib.inc b/src/etc/inc/config.lib.inc
index a2b2481da..84a2a3fc6 100644
--- a/src/etc/inc/config.lib.inc
+++ b/src/etc/inc/config.lib.inc
@@ -177,7 +177,7 @@ function write_config($desc = 'Unknown', $backup = true)
 		$cnf->save($revision_info, $backup);
 	} catch (OPNsense\Core\ConfigException $e) {
 		// write failure
-		log_error(gettext("WARNING: Config contents could not be save. Could not open file!"));
+		log_error(gettext("WARNING: Config contents could not be saved. Could not open file!"));
 		file_notice('config.xml', sprintf("%s\n", gettext('Unable to open /conf/config.xml for writing in write_config()')));
 		return -1;
 	}
@@ -204,7 +204,7 @@ function write_config($desc = 'Unknown', $backup = true)
  ******/
 function reset_factory_defaults($sync = true)
 {
-	unlink_if_exists('/conf/*' . $filename);
+	mwexec('/bin/rm -r /conf/*');
 	disable_security_checks();
 	setup_serial_port();
 
@@ -217,7 +217,8 @@ function reset_factory_defaults($sync = true)
 	}
 }
 
-function config_restore($conffile) {
+function config_restore($conffile)
+{
 	global $config, $g;
 
 	if (!file_exists($conffile))
diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class
index 0319f6445..4734e740d 100644
--- a/src/etc/inc/dyndns.class
+++ b/src/etc/inc/dyndns.class
@@ -139,7 +139,7 @@
 
 			$this->_cacheFile = "/conf/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.cache";
 			$this->_cacheFile_v6 = "/conf/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}_v6.cache";
-			$this->_debugFile = "{$g['varetc_path']}/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.debug";
+			$this->_debugFile = "/var/etc/dyndns_{$dnsIf}{$dnsService}" . escapeshellarg($dnsHost) . "{$dnsID}.debug";
 
 			$this->_curlIpresolveV4 = $curlIpresolveV4;
 			$this->_curlSslVerifypeer = $curlSslVerifypeer;
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 9ba0b621f..1a71aa9c5 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -100,14 +100,13 @@ function flowtable_configure() {
 	}
 }
 
-function filter_pflog_start($kill_first = false)
+function filter_pflog_start()
 {
-	global $config, $g;
-
-	if (!file_exists("{$g['varrun_path']}/filterlog.pid") ||
-	    !isvalidpid("{$g['varrun_path']}/filterlog.pid")) {
-		mwexec("/usr/local/sbin/filterlog -i pflog0 -p {$g['varrun_path']}/filterlog.pid");
+	if (isvalidpid('/var/run/filterlog.pid')) {
+		return;
 	}
+
+	mwexec('/usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid');
 }
 
 /* reload filter async */
@@ -319,31 +318,32 @@ function filter_configure_sync($delete_states_if_needed = true)
 	}
 
 	# If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine).
-	if (!is_bogonsv6_used())
-		$_grbg = exec("/sbin/pfctl -t bogonsv6 -T kill 2>/dev/null");
+	if (!is_bogonsv6_used()) {
+		$_grbg = exec('/sbin/pfctl -t bogonsv6 -T kill 2>/dev/null');
+	}
 
 	update_filter_reload_status(gettext("Starting up layer7 daemon"));
 	layer7_start_l7daemon();
 
-	if(!empty($filterdns)) {
-		@file_put_contents("{$g['varetc_path']}/filterdns.conf", implode("", $filterdns));
+	if (!empty($filterdns)) {
+		@file_put_contents('/var/etc/filterdns.conf', implode('', $filterdns));
 		unset($filterdns);
-		if (isvalidpid("{$g['varrun_path']}/filterdns.pid")) {
-			killbypid("{$g['varrun_path']}/filterdns.pid", 'HUP');
+		if (isvalidpid('/var/run/filterdns.pid')) {
+			killbypid('/var/run/filterdns.pid', 'HUP');
 		} else {
 			/*
 			 * FilterDNS has three debugging levels. The default choosen is 1.
 			 * Availabe are level 2 and greater then 2.
 			 */
-			if (isset($config['system']['aliasesresolveinterval']) && is_numeric($config['system']['aliasesresolveinterval']))
+			if (isset($config['system']['aliasesresolveinterval']) && is_numeric($config['system']['aliasesresolveinterval'])) {
 				$resolve_interval = $config['system']['aliasesresolveinterval'];
-			else
+			} else {
 				$resolve_interval = 300;
-			mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns.pid -i {$resolve_interval} -c {$g['varetc_path']}/filterdns.conf -d 1");
+			}
+			mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns.pid -i {$resolve_interval} -c /var/etc/filterdns.conf -d 1");
 		}
 	} else {
-		killbypid("{$g['varrun_path']}/filterdns.pid");
-		@unlink("{$g['varrun_path']}/filterdns.pid");
+		killbypid('/var/run/filterdns.pid');
 	}
 
 	/* run items scheduled for after filter configure run */
diff --git a/src/etc/inc/globals.inc b/src/etc/inc/globals.inc
index ea078c4fc..553e3f76c 100644
--- a/src/etc/inc/globals.inc
+++ b/src/etc/inc/globals.inc
@@ -37,9 +37,6 @@ $g = array(
 	"factory_shipped_password" => "opnsense",
 	"dhcpd_chroot_path" => "/var/dhcpd",
 	"unbound_chroot_path" => "/var/unbound",
-	"varrun_path" => "/var/run",
-	"varetc_path" => "/var/etc",
-	"vardb_path" => "/var/db",
 	"admin_group" => "admins",
 	"product_name" => "OPNsense",
 	"product_website" => "https://opnsense.org",
@@ -48,7 +45,6 @@ $g = array(
 	"product_copyright_years" => "2014 - 2015",
 	"product_copyright_url" => "https://www.deciso.com/",
 	"latest_config" => "11.2",
-	"wireless_regex" => "/^(ndis|wi|ath|an|ral|ural|iwi|wlan|rum|run|bwn|zyd|mwl|bwi|ipw|iwn|malo|uath|upgt|urtw|wpi)/",
 );
 
 /* IP TOS flags */
@@ -114,3 +110,9 @@ function is_install_media()
 
 	return true;
 }
+
+function match_wireless_interface($int)
+{
+	$wireless_regex = '/^(ndis|wi|ath|an|ral|ural|iwi|wlan|rum|run|bwn|zyd|mwl|bwi|ipw|iwn|malo|uath|upgt|urtw|wpi)/';
+	return preg_match($wireless_regex, $int);
+}
diff --git a/src/etc/inc/gwlb.inc b/src/etc/inc/gwlb.inc
index a347d18da..c55c44abc 100644
--- a/src/etc/inc/gwlb.inc
+++ b/src/etc/inc/gwlb.inc
@@ -48,20 +48,22 @@ function return_apinger_defaults() {
  * Creates monitoring configuration file and
  * adds appropriate static routes.
  */
-function setup_gateways_monitor() {
+function setup_gateways_monitor()
+{
 	global $config, $g;
 
 	$gateways_arr = return_gateways_array();
 	if (!is_array($gateways_arr)) {
 		log_error("No gateways to monitor. Apinger will not be run.");
-		killbypid("{$g['varrun_path']}/apinger.pid");
-		@unlink("{$g['varrun_path']}/apinger.status");
+		killbypid('/var/run/apinger.pid');
+		@unlink('/var/run/apinger.status');
 		return;
 	}
 
 	$apinger_debug = "";
-	if (isset($config['system']['apinger_debug']))
+	if (isset($config['system']['apinger_debug'])) {
 		$apinger_debug = "debug on";
+	}
 
 	$apinger_default = return_apinger_defaults();
 	$apingerconfig = <<<EOD
@@ -78,14 +80,14 @@ group "wheel"
 #mailer "/var/qmail/bin/qmail-inject"
 
 ## Location of the pid-file (default: "/var/run/apinger.pid")
-pid_file "{$g['varrun_path']}/apinger.pid"
+pid_file "/var/run/apinger.pid"
 
 ## Format of timestamp (%s macro) (default: "%b %d %H:%M:%S")
 #timestamp_format "%Y%m%d%H%M%S"
 
 status {
 	## File where the status information should be written to
-	file "{$g['varrun_path']}/apinger.status"
+	file "/var/run/apinger.status"
 	## Interval between file updates
 	## when 0 or not set, file is written only when SIGUSR1 is received
 	interval 5s
@@ -144,7 +146,7 @@ target default {
 	alarms "down","delay","loss"
 
 	## Location of the RRD
-	#rrd file "{$g['vardb_path']}/rrd/apinger-%t.rrd"
+	#rrd file "/var/db/rrd/apinger-%t.rrd"
 }
 
 EOD;
@@ -322,7 +324,7 @@ EOD;
 		if (isset($gateway['force_down']))
 			$apingercfg .= "\tforce_down on\n";
 
-		$apingercfg .= "	rrd file \"{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd\"\n";
+		$apingercfg .= "	rrd file \"/var/db/rrd/{$gateway['name']}-quality.rrd\"\n";
 		$apingercfg .= "}\n";
 		$apingercfg .= "\n";
 
@@ -332,25 +334,25 @@ EOD;
 		# Create gateway quality RRD with settings more suitable for OPNsense graph set,
 		# since apinger uses default step (300; 5 minutes) and other settings that don't
 		# match the OPNsense gateway quality graph set.
-		create_gateway_quality_rrd("{$g['vardb_path']}/rrd/{$gateway['name']}-quality.rrd");
+		create_gateway_quality_rrd("/var/db/rrd/{$gateway['name']}-quality.rrd");
 	}
-	@file_put_contents("{$g['varetc_path']}/apinger.conf", $apingerconfig);
+	@file_put_contents('/var/etc/apinger.conf', $apingerconfig);
 	unset($apingerconfig);
 
 	@chmod('/tmp', 01777);
-	@mkdir("{$g['vardb_path']}/rrd", 0775);
-	@chown("{$g['vardb_path']}/rrd", "nobody");
+	@mkdir('/var/db/rrd', 0775);
+	@chown('/var/db/rrd', 'nobody');
 
 	/* Restart apinger process */
-	if (isvalidpid("{$g['varrun_path']}/apinger.pid")) {
-		killbypid("{$g['varrun_path']}/apinger.pid", 'HUP');
+	if (isvalidpid('/var/run/apinger.pid')) {
+		killbypid('/var/run/apinger.pid', 'HUP');
 	} else {
 		/* start a new apinger process */
-		@unlink("{$g['varrun_path']}/apinger.status");
+		@unlink('/var/run/apinger.status');
 		sleep(1);
-		mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf");
+		mwexec_bg('/usr/local/sbin/apinger -c /var/etc/apinger.conf');
 		sleep(1);
-		killbypid("{$g['varrun_path']}/apinger.pid", 'USR1');
+		killbypid('/var/run/apinger.pid', 'USR1');
 	}
 
 	return 0;
@@ -359,23 +361,24 @@ EOD;
 /* return the status of the apinger targets as a array */
 function return_gateways_status($byname = false)
 {
-	global $config, $g;
+	global $config;
 
 	$apingerstatus = array();
 
 	/* Always get the latest status from apinger */
-	killbypid("{$g['varrun_path']}/apinger.pid", 'USR1');
-	if (file_exists("{$g['varrun_path']}/apinger.status")) {
-		$apingerstatus = file("{$g['varrun_path']}/apinger.status");
+	killbypid('/var/run/apinger.pid', 'USR1');
+	if (file_exists('/var/run/apinger.status')) {
+		$apingerstatus = file('/var/run/apinger.status');
 	}
 
 	$status = array();
-	foreach($apingerstatus as $line) {
-		$info = explode("|", $line);
-		if ($byname == false)
+	foreach ($apingerstatus as $line) {
+		$info = explode('|', $line);
+		if ($byname == false) {
 			$target = $info[0];
-		else
+		} else {
 			$target = $info[2];
+		}
 
 		$status[$target] = array();
 		$status[$target]['monitorip'] = $info[0];
diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index 71283c13b..5cce3e248 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -230,24 +230,24 @@ This block of code is only entered for OPTx interfaces that are configured for P
 
 function interfaces_loopback_configure()
 {
-	global $g;
-
-	if(file_exists("/var/run/booting")) {
+	if (file_exists("/var/run/booting")) {
 		echo gettext("Configuring loopback interface...");
 	}
 
 	pfSense_interface_setaddress("lo0", "127.0.0.1");
 	interfaces_bring_up("lo0");
 
-	if(file_exists("/var/run/booting")) {
+	if (file_exists("/var/run/booting")) {
 		echo gettext("done.") . "\n";
 	}
 
 	return 0;
 }
 
-function interfaces_vlan_configure($realif = "") {
-	global $config, $g;
+function interfaces_vlan_configure($realif = '')
+{
+	global $config;
+
 	if(file_exists("/var/run/booting"))
 		echo gettext("Configuring VLAN interfaces...");
 	if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
@@ -266,7 +266,7 @@ function interfaces_vlan_configure($realif = "") {
 }
 
 function interface_vlan_configure(&$vlan) {
-	global $config, $g;
+	global $config;
 
 	if (!is_array($vlan)) {
 		log_error(gettext("VLAN: called with wrong options. Problems with config!"));
@@ -308,7 +308,7 @@ function interface_vlan_configure(&$vlan) {
 }
 
 function interface_qinq_configure(&$vlan, $fd = NULL) {
-	global $config, $g;
+	global $config;
 
 	if (!is_array($vlan)) {
 		log_error(sprintf(gettext("QinQ compat VLAN: called with wrong options. Problems with config!%s"), "\n"));
@@ -386,7 +386,7 @@ function interface_qinq_configure(&$vlan, $fd = NULL) {
 }
 
 function interfaces_qinq_configure() {
-	global $config, $g;
+	global $config;
 	if(file_exists("/var/run/booting"))
 		echo gettext("Configuring QinQ interfaces...");
 	if (is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry'])) {
@@ -400,7 +400,7 @@ function interfaces_qinq_configure() {
 }
 
 function interface_qinq2_configure(&$qinq, $fd, $macaddr) {
-	global $config, $g;
+	global $config;
 
 	if (!is_array($qinq)) {
 		log_error(sprintf(gettext("QinQ compat VLAN: called with wrong options. Problems with config!%s"), "\n"));
@@ -429,7 +429,7 @@ function interface_qinq2_configure(&$qinq, $fd, $macaddr) {
 }
 
 function interfaces_create_wireless_clones() {
-	global $config, $g;
+	global $config;
 
 	if(file_exists("/var/run/booting"))
 		echo gettext("Creating wireless clone interfaces...");
@@ -495,7 +495,7 @@ function interfaces_bridge_configure($checkmember = 0, $realif = '')
 }
 
 function interface_bridge_configure(&$bridge, $checkmember = 0) {
-	global $config, $g;
+	global $config;
 
 	if (!is_array($bridge))
 		return;
@@ -747,7 +747,7 @@ function interface_bridge_add_member($bridgeif, $interface) {
 }
 
 function interfaces_lagg_configure($realif = "") {
-	global $config, $g;
+	global $config;
 	if(file_exists("/var/run/booting"))
 		echo gettext("Configuring LAGG interfaces...");
 	$i = 0;
@@ -767,7 +767,7 @@ function interfaces_lagg_configure($realif = "") {
 }
 
 function interface_lagg_configure(&$lagg) {
-	global $config, $g;
+	global $config;
 
 	if (!is_array($lagg))
 		return -1;
@@ -881,7 +881,7 @@ function interfaces_gre_configure($checkparent = 0, $realif = "") {
 
 /* NOTE: $grekey is not used but useful for passing this function to array_walk. */
 function interface_gre_configure(&$gre, $grekey = "") {
-	global $config, $g;
+	global $config;
 
 	if (!is_array($gre))
 		return -1;
@@ -964,7 +964,7 @@ function interfaces_gif_configure($checkparent = 0, $realif = "") {
 
 /* NOTE: $gifkey is not used but useful for passing this function to array_walk. */
 function interface_gif_configure(&$gif, $gifkey = "") {
-	global $config, $g;
+	global $config;
 
 	if (!is_array($gif))
 		return -1;
@@ -1054,7 +1054,7 @@ function interface_gif_configure(&$gif, $gifkey = "") {
 
 function interfaces_configure()
 {
-	global $config, $g;
+	global $config;
 
 	/* Set up our loopback interface */
 	interfaces_loopback_configure();
@@ -1183,38 +1183,39 @@ function interfaces_configure()
 	return 0;
 }
 
-function interface_reconfigure($interface = "wan", $reloadall = false) {
+function interface_reconfigure($interface = 'wan', $reloadall = false)
+{
 	interface_bring_down($interface);
 	interface_configure($interface, $reloadall);
 }
 
-function interface_vip_bring_down($vip) {
-	global $g;
-
+function interface_vip_bring_down($vip)
+{
 	$vipif = get_real_interface($vip['interface']);
 	switch ($vip['mode']) {
-	case "proxyarp":
-		if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid"))
-			killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid");
+	case 'proxyarp':
+		killbypid("/var/run/choparp_{$vipif}.pid");
 		break;
-	case "ipalias":
+	case 'ipalias':
 		if (does_interface_exist($vipif)) {
-			if (is_ipaddrv6($vip['subnet']))
+			if (is_ipaddrv6($vip['subnet'])) {
 				mwexec("/sbin/ifconfig {$vipif} inet6 " . escapeshellarg($vip['subnet']) . " -alias");
-			else
+			} else {
 				pfSense_interface_deladdress($vipif, $vip['subnet']);
+			}
 		}
 		break;
 	case "carp":
 		/* XXX: Is enough to delete ip address? */
-		if (does_interface_exist($vipif))
+		if (does_interface_exist($vipif)) {
 			pfSense_interface_deladdress($vipif, $vip['subnet']);
+		}
 		break;
 	}
 }
 
 function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg = false) {
-	global $config, $g;
+	global $config;
 
 	if (!isset($config['interfaces'][$interface]))
 		return;
@@ -1266,11 +1267,11 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
 						configd_run("interface reconfigure {$interface}");
 						break;
 					}
-					if (file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid")) {
-						killbypid("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid");
+					if (isvalidpid("/var/run/{$ppp['type']}_{$interface}.pid")) {
+						killbypid("/var/run/{$ppp['type']}_{$interface}.pid");
 						sleep(2);
 					}
-					unlink_if_exists("{$g['varetc_path']}/mpd_{$interface}.conf");
+					@unlink("/var/etc/mpd_{$interface}.conf");
 					break;
 				}
 			}
@@ -1278,7 +1279,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
 		break;
 	case "dhcp":
 		kill_dhclient_process($realif);
-		unlink_if_exists("{$g['varetc_path']}/dhclient_{$interface}.conf");
+		@unlink("/var/etc/dhclient_{$interface}.conf");
 		if(does_interface_exist("$realif")) {
 			mwexec("/sbin/ifconfig " . escapeshellarg($realif) . " delete", true);
 			interface_ipalias_cleanup($interface);
@@ -1307,7 +1308,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
 			exec('/bin/kill ' . $pidv6);
 		}
 		sleep(3);
-		unlink_if_exists("{$g['varetc_path']}/dhcp6c_{$interface}.conf");
+		@unlink("/var/etc/dhcp6c_{$interface}.conf");
 		if (does_interface_exist($realifv6)) {
 			$ip6 = find_interface_ipv6($realifv6);
 			if (is_ipaddrv6($ip6) && $ip6 != "::")
@@ -1365,14 +1366,13 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
 		mwexec("/sbin/pfctl -i " . escapeshellarg($realif) . " -Fs");
 	}
 
-	/* remove interface up file if it exists */
-	unlink_if_exists("/tmp/{$realif}up");
-	unlink_if_exists("{$g['vardb_path']}/{$interface}ip");
-	unlink_if_exists("{$g['vardb_path']}/{$interface}ipv6");
-	unlink_if_exists("/tmp/{$realif}_router");
-	unlink_if_exists("/tmp/{$realif}_routerv6");
-	unlink_if_exists("{$g['varetc_path']}/nameserver_{$realif}");
-	unlink_if_exists("{$g['varetc_path']}/searchdomain_{$realif}");
+	@unlink("/var/db/{$interface}ip");
+	@unlink("/var/db/{$interface}ipv6");
+	@unlink("/var/etc/nameserver_{$realif}");
+	@unlink("/var/etc/searchdomain_{$realif}");
+	@unlink("/tmp/{$realif}up");
+	@unlink("/tmp/{$realif}_router");
+	@unlink("/tmp/{$realif}_routerv6");
 
 	/* hostapd and wpa_supplicant do not need to be running when the interface is down.
 	 * They will also use 100% CPU if running after the wireless clone gets deleted. */
@@ -1428,10 +1428,11 @@ function interfaces_ptpid_next() {
 	return $ptpid;
 }
 
-function getMPDCRONSettings($pppif) {
+function getMPDCRONSettings($pppif)
+{
 	global $config;
 
-	$cron_cmd_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}";
+	$cron_cmd_file = "/var/etc/pppoe_restart_{$pppif}";
 	if (is_array($config['cron']['item'])) {
 		foreach ($config['cron']['item'] as $i => $item) {
 			if (stripos($item['command'], $cron_cmd_file) !== false)
@@ -1443,10 +1444,10 @@ function getMPDCRONSettings($pppif) {
 }
 
 function handle_pppoe_reset($post_array) {
-	global $config, $g;
+	global $config;
 
 	$pppif = "{$post_array['type']}{$post_array['ptpid']}";
-	$cron_cmd_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}";
+	$cron_cmd_file = "/var/etc/pppoe_restart_{$pppif}";
 
 	if (!is_array($config['cron']['item']))
 		$config['cron']['item'] = array();
@@ -1455,14 +1456,17 @@ function handle_pppoe_reset($post_array) {
 
 	// reset cron items if necessary and return
 	if (empty($post_array['pppoe-reset-type'])) {
-		if (isset($itemhash))
+		if (isset($itemhash)) {
 			unset($config['cron']['item'][$itemhash['ID']]);
-		killbypid("{$g['varrun_path']}/cron.pid", 'HUP');
+		}
+		killbypid('/var/run/cron.pid', 'HUP');
 		return;
 	}
 
-	if (empty($itemhash))
+	if (empty($itemhash)) {
 		$itemhash = array();
+	}
+
 	$item = array();
 	if (isset($post_array['pppoe-reset-type']) && $post_array['pppoe-reset-type'] == "custom") {
 		$item['minute'] = $post_array['pppoe_resetminute'];
@@ -1524,8 +1528,9 @@ function handle_pppoe_reset($post_array) {
  * This function can configure PPPoE, MLPPP (PPPoE), PPTP.
  * It writes the mpd config file to /var/etc every time the link is opened.
  */
-function interface_ppps_configure($interface) {
-	global $config, $g;
+function interface_ppps_configure($interface)
+{
+	global $config;
 
 	/* Return for unassigned interfaces. This is a minimum requirement. */
 	if (empty($config['interfaces'][$interface]))
@@ -1535,12 +1540,12 @@ function interface_ppps_configure($interface) {
 		return 0;
 
 	// mpd5 requires a /var/spool/lock directory for PPP modem links.
-	if(!is_dir("/var/spool/lock")) {
-		mkdir("/var/spool/lock", 0777, true);
-	}
+	@mkdir("/var/spool/lock", 0777, true);
+
 	// mpd5 modem chat script expected in the same directory as the mpd_xxx.conf files
-	if (!file_exists("{$g['varetc_path']}/mpd.script"))
-		@symlink("/usr/local/sbin/mpd.script", "{$g['varetc_path']}/mpd.script");
+	if (!file_exists('/var/etc/mpd.script')) {
+		symlink('/usr/local/sbin/mpd.script', '/var/etc/mpd.script');
+	}
 
 	if (is_array($config['ppps']['ppp']) && count($config['ppps']['ppp'])) {
 		foreach ($config['ppps']['ppp'] as $pppid => $ppp) {
@@ -1563,8 +1568,9 @@ function interface_ppps_configure($interface) {
 		$descr = isset($ifcfg['descr']) ? $ifcfg['descr'] : strtoupper($interface);
 		echo "starting {$pppif} link...";
 		// Do not re-configure the interface if we are booting and it's already been started
-		if(file_exists("{$g['varrun_path']}/{$ppp['type']}_{$interface}.pid"))
+		if (isvalidproc("/var/run/{$ppp['type']}_{$interface}.pid")) {
 			return 0;
+		}
 	}
 
 	$ports = explode(',',$ppp['ports']);
@@ -1886,9 +1892,9 @@ EOD;
 
 	/* Generate mpd.conf. If mpd_[interface].conf exists in the conf path, then link to it instead of generating a fresh conf file. */
 	if (file_exists("/conf/mpd_{$interface}.conf"))
-		@symlink("/conf/mpd_{$interface}.conf", "{$g['varetc_path']}/mpd_{$interface}.conf");
+		@symlink("/conf/mpd_{$interface}.conf", "/var/etc/mpd_{$interface}.conf");
 	else {
-		$fd = fopen("{$g['varetc_path']}/mpd_{$interface}.conf", "w");
+		$fd = fopen("/var/etc/mpd_{$interface}.conf", "w");
 		if (!$fd) {
 			log_error(sprintf(gettext("Error: cannot open mpd_%s.conf in interface_ppps_configure().%s"), $interface, "\n"));
 			return 0;
@@ -1911,13 +1917,12 @@ EOD;
 	}
 
 	/* clean up old lock files */
-	foreach($ports as $port) {
-		if(file_exists("{$g['var_path']}/spool/lock/LCK..{$port}"))
-			unlink("{$g['var_path']}/spool/lock/LCK..{$port}");
+	foreach ($ports as $port) {
+		@unlink("/var/spool/lock/LCK..{$port}");
 	}
 
 	/* fire up mpd */
-	mwexec("/usr/local/sbin/mpd5 -b -k -d {$g['varetc_path']} -f mpd_{$interface}.conf -p {$g['varrun_path']}/" .
+	mwexec("/usr/local/sbin/mpd5 -b -k -d /var/etc -f mpd_{$interface}.conf -p /var/run/" .
 		escapeshellarg($ppp['type']) . "_{$interface}.pid -s ppp " . escapeshellarg($ppp['type']) . "client");
 
 	// Check for PPPoE periodic reset request
@@ -1960,7 +1965,7 @@ EOD;
 
 function interfaces_carp_setup()
 {
-	global $g, $config;
+	global $config;
 
 	if (file_exists("/var/run/booting")) {
 		echo gettext("Configuring CARP settings...");
@@ -2026,15 +2031,14 @@ function interfaces_carp_setup()
 
 function interface_proxyarp_configure($interface = '')
 {
-	global $config, $g;
+	global $config;
 
 	/* kill any running choparp */
 	if (empty($interface))
-		killbyname("choparp");
+		killbyname('choparp');
 	else {
 		$vipif = get_real_interface($interface);
-		if (file_exists("{$g['varrun_path']}/choparp_{$vipif}.pid"))
-			killbypid("{$g['varrun_path']}/choparp_{$vipif}.pid");
+		killbypid("/var/run/choparp_{$vipif}.pid");
 	}
 
 	$paa = array();
@@ -2090,16 +2094,18 @@ function interface_proxyarp_configure($interface = '')
 	}
 }
 
-function interface_ipalias_cleanup($interface, $inet = "inet4") {
-	global $g, $config;
+function interface_ipalias_cleanup($interface, $inet = 'inet4')
+{
+	global $config;
 
-	if (is_array($config['virtualip']['vip'])) {
+	if (isset($config['virtualip']['vip'])) {
 		foreach ($config['virtualip']['vip'] as $vip) {
-			if ($vip['mode'] == "ipalias" && $vip['interface'] == $interface) {
-				if ($inet == "inet6" && is_ipaddrv6($vip['subnet']))
+			if ($vip['mode'] == 'ipalias' && $vip['interface'] == $interface) {
+				if ($inet == 'inet6' && is_ipaddrv6($vip['subnet'])) {
 					interface_vip_bring_down($vip);
-				else if ($inet == "inet4" && is_ipaddrv4($vip['subnet']))
+				} elseif ($inet == 'inet4' && is_ipaddrv4($vip['subnet'])) {
 					interface_vip_bring_down($vip);
+				}
 			}
 		}
 	}
@@ -2107,10 +2113,11 @@ function interface_ipalias_cleanup($interface, $inet = "inet4") {
 
 function interfaces_vips_configure($interface = '')
 {
-	global $g, $config;
+	global $config;
 
 	$paa = array();
-	if(is_array($config['virtualip']['vip'])) {
+
+	if (isset($config['virtualip']['vip'])) {
 		$carp_setuped = false;
 		$anyproxyarp = false;
 		foreach ($config['virtualip']['vip'] as $vip) {
@@ -2163,7 +2170,7 @@ function interface_ipalias_configure(&$vip) {
 
 function interface_carp_configure(&$vip)
 {
-	global $config, $g;
+	global $config;
 
 	if ($vip['mode'] != 'carp') {
 		return;
@@ -2217,8 +2224,10 @@ function interface_carp_configure(&$vip)
 	return $realif;
 }
 
-function interface_wireless_clone($realif, $wlcfg) {
-	global $config, $g;
+function interface_wireless_clone($realif, $wlcfg)
+{
+	global $config;
+
 	/*   Check to see if interface has been cloned as of yet.
 	 *   If it has not been cloned then go ahead and clone it.
 	 */
@@ -2281,8 +2290,9 @@ function interface_wireless_clone($realif, $wlcfg) {
 	return true;
 }
 
-function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false) {
-	global $config, $g;
+function interface_sync_wireless_clones(&$ifcfg, $sync_changes = false)
+{
+	global $config;
 
 	$shared_settings = array('standard', 'turbo', 'protmode', 'txpower', 'channel',
 				 'diversity', 'txantenna', 'rxantenna', 'distance',
@@ -2361,7 +2371,7 @@ function interface_wireless_configure($if, &$wl, &$wlcfg) {
 	 */
 
 	// Remove script file
-	unlink_if_exists("/tmp/{$if}_setup.sh");
+	@unlink("/tmp/{$if}_setup.sh");
 
 	// Clone wireless nic if needed.
 	interface_wireless_clone($if, $wl);
@@ -2523,7 +2533,7 @@ function interface_wireless_configure($if, &$wl, &$wlcfg) {
 	case 'bss':
 		if (isset($wlcfg['wpa']['enable'])) {
 			$wpa .= <<<EOD
-ctrl_interface={$g['varrun_path']}/wpa_supplicant
+ctrl_interface=/var/run/wpa_supplicant
 ctrl_interface_group=0
 ap_scan=1
 #fast_reauth=1
@@ -2538,7 +2548,7 @@ group={$wlcfg['wpa']['wpa_pairwise']}
 }
 EOD;
 
-			@file_put_contents("{$g['varetc_path']}/wpa_supplicant_{$if}.conf", $wpa);
+			@file_put_contents("/var/etc/wpa_supplicant_{$if}.conf", $wpa);
 			unset($wpa);
 		}
 		break;
@@ -2556,7 +2566,7 @@ logger_syslog_level=0
 logger_stdout=-1
 logger_stdout_level=0
 dump_file=/tmp/hostapd_{$if}.dump
-ctrl_interface={$g['varrun_path']}/hostapd
+ctrl_interface=/var/run/hostapd
 ctrl_interface_group=wheel
 #accept_mac_file=/tmp/hostapd_{$if}.accept
 #deny_mac_file=/tmp/hostapd_{$if}.deny
@@ -2611,7 +2621,7 @@ EOD;
 				}
 			}
 
-			@file_put_contents("{$g['varetc_path']}/hostapd_{$if}.conf", $wpa);
+			@file_put_contents("/var/etc/hostapd_{$if}.conf", $wpa);
 			unset($wpa);
 		}
 		break;
@@ -2641,7 +2651,7 @@ EOD;
 
 	if (isset($wlcfg['wpa']['enable'])) {
 		if ($wlcfg['mode'] == "bss") {
-			fwrite($fd_set, "{$wpa_supplicant} -B -i {$if} -c {$g['varetc_path']}/wpa_supplicant_{$if}.conf\n");
+			fwrite($fd_set, "{$wpa_supplicant} -B -i {$if} -c /var/etc/wpa_supplicant_{$if}.conf\n");
 		}
 		if ($wlcfg['mode'] == "hostap") {
 			/* add line to script to restore old mac to make hostapd happy */
@@ -2652,7 +2662,7 @@ EOD;
 						" link " . escapeshellarg($if_oldmac) . "\n");
 			}
 
-			fwrite($fd_set, "{$hostapd} -B -P {$g['varrun_path']}/hostapd_{$if}.pid {$g['varetc_path']}/hostapd_{$if}.conf\n");
+			fwrite($fd_set, "{$hostapd} -B -P /var/run/hostapd_{$if}.pid /var/etc/hostapd_{$if}.conf\n");
 
 			/* add line to script to restore spoofed mac after running hostapd */
 			if (file_exists("/tmp/{$if}_oldmac")) {
@@ -2765,11 +2775,9 @@ EOD;
 	return 0;
 }
 
-function kill_hostapd($interface) {
-	global $g;
-
-	if (isvalidpid("{$g['varrun_path']}/hostapd_{$interface}.pid"))
-		return killbypid("{$g['varrun_path']}/hostapd_{$interface}.pid");
+function kill_hostapd($interface)
+{
+	return killbypid("/var/run/hostapd_{$interface}.pid");
 }
 
 function kill_wpasupplicant($interface) {
@@ -2802,15 +2810,14 @@ function kill_dhclient_process($interface)
 	unset($i);
 }
 
-function find_dhcp6c_process($interface) {
-	global $g;
+function find_dhcp6c_process($interface)
+{
+	if ($interface && isvalidpid("/var/run/dhcp6c_{$interface}.pid")) {
+		$pid = trim(file_get_contents("/var/run/dhcp6c_{$interface}.pid"), " \n");
+		return intval($pid);
+	}
 
-	if ($interface && isvalidpid("{$g['varrun_path']}/dhcp6c_{$interface}.pid"))
-		$pid = trim(file_get_contents("{$g['varrun_path']}/dhcp6c_{$interface}.pid"), " \n");
-	else
-		return(false);
-
-	return intval($pid);
+	return false;
 }
 
 function interface_vlan_mtu_configured($realhwif, $mtu) {
@@ -2898,8 +2905,9 @@ function interface_vlan_adapt_mtu($vlanifs, $mtu) {
 	}
 }
 
-function interface_configure($interface = "wan", $reloadall = false, $linkupevent = false) {
-	global $config, $g;
+function interface_configure($interface = 'wan', $reloadall = false, $linkupevent = false)
+{
+	global $config;
 	global $interface_sn_arr_cache, $interface_ip_arr_cache;
 	global $interface_snv6_arr_cache, $interface_ipv6_arr_cache;
 
@@ -3182,8 +3190,9 @@ function interface_configure($interface = "wan", $reloadall = false, $linkupeven
 	return 0;
 }
 
-function interface_track6_configure($interface = "lan", $wancfg, $linkupevent = false) {
-	global $config, $g;
+function interface_track6_configure($interface = 'lan', $wancfg, $linkupevent = false)
+{
+	global $config;
 
 	if (!is_array($wancfg))
 		return;
@@ -3244,8 +3253,9 @@ function interface_track6_configure($interface = "lan", $wancfg, $linkupevent =
 	return 0;
 }
 
-function interface_track6_6rd_configure($interface = "lan", $lancfg) {
-	global $config, $g;
+function interface_track6_6rd_configure($interface = 'lan', $lancfg)
+{
+	global $config;
 	global $interface_ipv6_arr_cache;
 	global $interface_snv6_arr_cache;
 
@@ -3305,8 +3315,9 @@ function interface_track6_6rd_configure($interface = "lan", $lancfg) {
 	return 0;
 }
 
-function interface_track6_6to4_configure($interface = "lan", $lancfg) {
-	global $config, $g;
+function interface_track6_6to4_configure($interface = 'lan', $lancfg)
+{
+	global $config;
 	global $interface_ipv6_arr_cache;
 	global $interface_snv6_arr_cache;
 
@@ -3362,8 +3373,9 @@ function interface_track6_6to4_configure($interface = "lan", $lancfg) {
 	return 0;
 }
 
-function interface_6rd_configure($interface = "wan", $wancfg) {
-	global $config, $g;
+function interface_6rd_configure($interface = "wan", $wancfg)
+{
+	global $config;
 
 	/* because this is a tunnel interface we can only function
 	 *	with a public IPv4 address on the interface */
@@ -3439,8 +3451,9 @@ function interface_6rd_configure($interface = "wan", $wancfg) {
 	return 0;
 }
 
-function interface_6to4_configure($interface = "wan", $wancfg){
-	global $config, $g;
+function interface_6to4_configure($interface = 'wan', $wancfg)
+{
+	global $config;
 
 	/* because this is a tunnel interface we can only function
 	 *	with a public IPv4 address on the interface */
@@ -3534,8 +3547,9 @@ function interface_6to4_configure($interface = "wan", $wancfg){
 	return 0;
 }
 
-function interface_dhcpv6_configure($interface = "wan", $wancfg) {
-	global $config, $g;
+function interface_dhcpv6_configure($interface = 'wan', $wancfg)
+{
+	global $config;
 
 	if (!is_array($wancfg))
 		return;
@@ -3549,7 +3563,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
 		$dhcp6cconf .= "	information-only;\n";
 		$dhcp6cconf .= "	request domain-name-servers;\n";
 		$dhcp6cconf .= "	request domain-name;\n";
-		$dhcp6cconf .= "	script \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n";
+		$dhcp6cconf .= "	script \"/var/etc/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n";
 		$dhcp6cconf .= "};\n";
 	} else {
 		/* skip address request if this is set */
@@ -3560,7 +3574,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
 
 		$dhcp6cconf .= "\trequest domain-name-servers;\n";
 		$dhcp6cconf .= "\trequest domain-name;\n";
-		$dhcp6cconf .= "\tscript \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n";
+		$dhcp6cconf .= "\tscript \"/var/etc/dhcp6c_{$interface}_script.sh\"; # we'd like some nameservers please\n";
 
 		$dhcp6cconf .= "};\n";
 
@@ -3595,7 +3609,7 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
 	if ($wancfg['adv_dhcp6_config_file_override']) { $dhcp6cconf = DHCP6_Config_File_Override($wancfg, $wanif); }
 
 	/* wide-dhcp6c works for now. */
-	if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}.conf", $dhcp6cconf)) {
+	if (!@file_put_contents("/var/etc/dhcp6c_{$interface}.conf", $dhcp6cconf)) {
 		printf("Error: cannot open dhcp6c_{$interface}.conf in interface_dhcpv6_configure() for writing.\n");
 		unset($dhcp6cconf);
 		return 1;
@@ -3606,32 +3620,32 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
 	$dhcp6cscript .= "# This shell script launches /usr/local/etc/rc.newwanipv6 with a interface argument.\n";
 	$dhcp6cscript .= "/usr/local/etc/rc.newwanipv6 {$wanif} \n";
 	/* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */
-	if (!@file_put_contents("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) {
+	if (!@file_put_contents("/var/etc/dhcp6c_{$interface}_script.sh", $dhcp6cscript)) {
 		printf("Error: cannot open dhcp6c_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n");
 		unset($dhcp6cscript);
 		return 1;
 	}
 	unset($dhcp6cscript);
-	@chmod("{$g['varetc_path']}/dhcp6c_{$interface}_script.sh", 0755);
+	chmod("/var/etc/dhcp6c_{$interface}_script.sh", 0755);
 
 	$rtsoldscript = "#!/bin/sh\n";
 	$rtsoldscript .= "# This shell script launches dhcp6c and configured gateways for this interface.\n";
 	$rtsoldscript .= "echo $2 > /tmp/{$wanif}_routerv6\n";
 	$rtsoldscript .= "echo $2 > /tmp/{$wanif}_defaultgwv6\n";
-	$rtsoldscript .= "if [ -f {$g['varrun_path']}/dhcp6c_{$wanif}.pid ]; then\n";
-	$rtsoldscript .= "\t/bin/pkill -F {$g['varrun_path']}/dhcp6c_{$wanif}.pid\n";
+	$rtsoldscript .= "if [ -f /var/run/dhcp6c_{$wanif}.pid ]; then\n";
+	$rtsoldscript .= "\t/bin/pkill -F /var/run/dhcp6c_{$wanif}.pid\n";
 	$rtsoldscript .= "\t/bin/sleep 1\n";
 	$rtsoldscript .= "fi\n";
-	$rtsoldscript .= "/usr/local/sbin/dhcp6c -d -c {$g['varetc_path']}/dhcp6c_{$interface}.conf -p {$g['varrun_path']}/dhcp6c_{$wanif}.pid {$wanif}\n";
+	$rtsoldscript .= "/usr/local/sbin/dhcp6c -d -c /var/etc/dhcp6c_{$interface}.conf -p /var/run/dhcp6c_{$wanif}.pid {$wanif}\n";
 	$rtsoldscript .= "/usr/bin/logger -t rtsold \"Starting dhcp6 client for interface {$interface}({$wanif})\"\n";
 	/* Add wide-dhcp6c shell script here. Because we can not pass a argument to it. */
-	if (!@file_put_contents("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", $rtsoldscript)) {
+	if (!@file_put_contents("/var/etc/rtsold_{$wanif}_script.sh", $rtsoldscript)) {
 		printf("Error: cannot open rtsold_{$interface}_script.sh in interface_dhcpv6_configure() for writing.\n");
 		unset($rtsoldscript);
 		return 1;
 	}
 	unset($rtsoldscript);
-	@chmod("{$g['varetc_path']}/rtsold_{$wanif}_script.sh", 0755);
+	chmod("/var/etc/rtsold_{$wanif}_script.sh", 0755);
 
 	/* accept router advertisements for this interface */
 	set_single_sysctl("net.inet6.ip6.accept_rtadv", "1");
@@ -3642,16 +3656,16 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
 	set_single_sysctl("net.inet6.ip6.rfc6204w3", "1");
 
 	/* fire up rtsold for IPv6 RAs first, this backgrounds immediately. It will call dhcp6c */
-	if (isvalidpid("{$g['varrun_path']}/rtsold_{$wanif}.pid")) {
-		killbypid("{$g['varrun_path']}/rtsold_{$wanif}.pid");
+	if (isvalidpid("/var/run/rtsold_{$wanif}.pid")) {
+		killbypid("/var/run/rtsold_{$wanif}.pid");
 		sleep(2);
 	}
 
 	mwexecf(
 		'/usr/sbin/rtsold -p %s -O %s -R %s %s',
 		array(
-			"{$g['varrun_path']}/rtsold_{$wanif}.pid",
-			"{$g['varetc_path']}/rtsold_{$wanif}_script.sh",
+			"/var/run/rtsold_{$wanif}.pid",
+			"/var/etc/rtsold_{$wanif}_script.sh",
 			'/usr/bin/true', /* XXX missing proper script to refresh resolv.conf */
 			$wanif
 		)
@@ -3664,9 +3678,8 @@ function interface_dhcpv6_configure($interface = "wan", $wancfg) {
 	return 0;
 }
 
-function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif) {
-	global $g;
-
+function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif)
+{
 	$send_options = "";
 	if ($wancfg['adv_dhcp6_interface_statement_send_options'] != '') {
 		$options = split(",", $wancfg['adv_dhcp6_interface_statement_send_options']);
@@ -3687,7 +3700,7 @@ function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif) {
 	if ($wancfg['adv_dhcp6_interface_statement_information_only_enable'] != '')
 		$information_only = "\tinformation-only;\n";
 
-	$script = "\tscript \"{$g['varetc_path']}/dhcp6c_{$interface}_script.sh\";\n";
+	$script = "\tscript \"/var/etc/dhcp6c_{$interface}_script.sh\";\n";
 	if ($wancfg['adv_dhcp6_interface_statement_script'] != '')
 		$script = "\tscript \"{$wancfg['adv_dhcp6_interface_statement_script']}\";\n";
 
@@ -3804,8 +3817,8 @@ function DHCP6_Config_File_Advanced($interface, $wancfg, $wanif) {
 }
 
 
-function DHCP6_Config_File_Override($wancfg, $wanif) {
-
+function DHCP6_Config_File_Override($wancfg, $wanif)
+{
 	$dhcp6cconf = file_get_contents($wancfg['adv_dhcp6_config_file_override_path']);
 	$dhcp6cconf = DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf);
 
@@ -3813,16 +3826,17 @@ function DHCP6_Config_File_Override($wancfg, $wanif) {
 }
 
 
-function DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf) {
-
+function DHCP6_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf)
+{
 	$dhcp6cconf = DHCP_Config_File_Substitutions($wancfg, $wanif, $dhcp6cconf);
 
 	return $dhcp6cconf;
 }
 
 
-function interface_dhcp_configure($interface = "wan") {
-	global $config, $g;
+function interface_dhcp_configure($interface = 'wan')
+{
+	global $config;
 
 	$wancfg = $config['interfaces'][$interface];
 	$wanif = $wancfg['if'];
@@ -3830,7 +3844,7 @@ function interface_dhcp_configure($interface = "wan") {
 		$wancfg = array();
 
 	/* generate dhclient_wan.conf */
-	$fd = fopen("{$g['varetc_path']}/dhclient_{$interface}.conf", "w");
+	$fd = fopen("/var/etc/dhclient_{$interface}.conf", "w");
 	if (!$fd) {
 		printf(printf(gettext("Error: cannot open dhclient_%s.conf in interface_dhcp_configure() for writing.%s"), $interface, "\n"));
 		return 1;
@@ -3904,7 +3918,7 @@ EOD;
 	kill_dhclient_process($wanif);
 
 	/* fire up dhclient */
-	mwexec("/sbin/dhclient -c {$g['varetc_path']}/dhclient_{$interface}.conf {$wanif} > /tmp/{$wanif}_output 2> /tmp/{$wanif}_error_output");
+	mwexec("/sbin/dhclient -c /var/etc/dhclient_{$interface}.conf {$wanif} > /tmp/{$wanif}_output 2> /tmp/{$wanif}_error_output");
 
 	return 0;
 }
@@ -4038,41 +4052,47 @@ function DHCP_Config_File_Substitutions($wancfg, $wanif, $dhclientconf) {
 	return $dhclientconf;
 }
 
-function interfaces_group_setup() {
+function interfaces_group_setup()
+{
 	global $config;
 
-	if (!is_array($config['ifgroups']['ifgroupentry']))
+	if (!isset($config['ifgroups']['ifgroupentry'])) {
 		return;
-
-	foreach ($config['ifgroups']['ifgroupentry'] as $groupar)
-		interface_group_setup($groupar);
-
-	return;
-}
-
-function interface_group_setup(&$groupname /* The parameter is an array */) {
-	global $config;
-
-	if (!is_array($groupname))
-		return;
-	$members = explode(" ", $groupname['members']);
-	foreach($members as $ifs) {
-		$realif = get_real_interface($ifs);
-		if ($realif)
-			mwexec("/sbin/ifconfig {$realif} group {$groupname['ifname']}");
 	}
 
-	return;
+	foreach ($config['ifgroups']['ifgroupentry'] as $groupar) {
+		interface_group_setup($groupar);
+	}
 }
 
-function is_interface_group($if) {
+function interface_group_setup(&$groupname)
+{
 	global $config;
 
-	if (is_array($config['ifgroups']['ifgroupentry']))
-		foreach ($config['ifgroups']['ifgroupentry'] as $groupentry) {
-			if ($groupentry['ifname'] === $if)
-				return true;
+	if (!is_array($groupname)) {
+		return;
+	}
+
+	$members = explode(" ", $groupname['members']);
+	foreach ($members as $ifs) {
+		$realif = get_real_interface($ifs);
+		if ($realif) {
+			mwexec("/sbin/ifconfig {$realif} group {$groupname['ifname']}");
 		}
+	}
+}
+
+function is_interface_group($if)
+{
+	global $config;
+
+	if (isset($config['ifgroups']['ifgroupentry'])) {
+		foreach ($config['ifgroups']['ifgroupentry'] as $groupentry) {
+			if ($groupentry['ifname'] === $if) {
+				return true;
+			}
+		}
+	}
 
 	return false;
 }
@@ -4316,10 +4336,11 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface =
 			case 'ppp':
 			case 'l2tp':
 			case 'pptp':
-				if( is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if']))
+				if (isset($cfg['wireless']) || match_wireless_interface($cfg['if'])) {
 					$wanif = interface_get_wireless_clone($cfg['if']);
-				else
+				} else {
 					$wanif = $cfg['if'];
+				}
 				break;
 			default:
 				switch ($cfg['ipaddr']) {
@@ -4338,10 +4359,11 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface =
 					}
 					break;
 				default:
-					if( is_array($cfg['wireless']) || preg_match($g['wireless_regex'], $cfg['if']))
+					if (isset($cfg['wireless']) || match_wireless_interface($cfg['if'])) {
 						$wanif = interface_get_wireless_clone($cfg['if']);
-					else
+					} else {
 						$wanif = $cfg['if'];
+					}
 					break;
 				}
 				break;
@@ -4350,10 +4372,11 @@ function get_real_interface($interface = "wan", $family = "all", $realv6iface =
 			// Wireless cloned NIC support (FreeBSD 8+)
 			// interface name format: $parentnic_wlanparentnic#
 			// example: ath0_wlan0
-			if( (isset($cfg['wireless']) && is_array($cfg['wireless'])) || preg_match($g['wireless_regex'], $cfg['if']))
+			if (isset($cfg['wireless']) || match_wireless_interface($cfg['if'])) {
 				$wanif = interface_get_wireless_clone($cfg['if']);
-			else
+			} else {
 				$wanif = $cfg['if'];
+			}
 		}
 		break;
 	}
@@ -5030,19 +5053,22 @@ function is_altq_capable($int)
  * RESULT
  *   $tmp       - Returns if an interface is wireless
  ******/
-function is_interface_wireless($interface) {
+function is_interface_wireless($interface)
+{
 	global $config, $g;
 
 	$friendly = convert_real_interface_to_friendly_interface_name($interface);
-	if(!isset($config['interfaces'][$friendly]['wireless'])) {
-		if (preg_match($g['wireless_regex'], $interface)) {
-			if (isset($config['interfaces'][$friendly]))
+	if (!isset($config['interfaces'][$friendly]['wireless'])) {
+		if (match_wireless_interface($interface)) {
+			if (isset($config['interfaces'][$friendly])) {
 				$config['interfaces'][$friendly]['wireless'] = array();
+			}
 			return true;
 		}
 		return false;
-	} else
-		return true;
+	}
+
+	return true;
 }
 
 function get_wireless_modes($interface) {
@@ -5162,10 +5188,9 @@ function is_jumbo_capable($iface) {
 	return false;
 }
 
-function interface_setup_pppoe_reset_file($pppif, $iface="") {
-	global $g;
-
-	$cron_file = "{$g['varetc_path']}/pppoe_restart_{$pppif}";
+function interface_setup_pppoe_reset_file($pppif, $iface = '')
+{
+	$cron_file = "/var/etc/pppoe_restart_{$pppif}";
 
 	if(!empty($iface) && !empty($pppif)){
 		$cron_cmd = <<<EOD
@@ -5177,9 +5202,9 @@ EOD;
 
 		@file_put_contents($cron_file, $cron_cmd);
 		chmod($cron_file, 0755);
-		killbypid("{$g['varrun_path']}/cron.pid", 'HUP');
+		killbypid('/var/run/cron.pid', 'HUP');
 	} else {
-		unlink_if_exists($cron_file);
+		@unlink($cron_file);
 	}
 }
 
diff --git a/src/etc/inc/notices.inc b/src/etc/inc/notices.inc
index 269d4a7d2..053a9b034 100644
--- a/src/etc/inc/notices.inc
+++ b/src/etc/inc/notices.inc
@@ -128,7 +128,7 @@ function close_notice($id)
 	$ids = array();
 	if(!$notices = get_notices()) return;
 	if($id == "all") {
-		unlink_if_exists('/tmp/notices');
+		@unlink('/tmp/notices');
 		return;
 	}
 	foreach(array_keys($notices) as $time) {
@@ -151,13 +151,10 @@ function close_notice($id)
 		fwrite($queueout, serialize($notices));
 		fclose($queueout);
 	} else {
-		unlink_if_exists('/tmp/notices');
+		@unlink('/tmp/notices');
 	}
-
-	return;
 }
 
-
 /****f* notices/print_notices
  * NAME
  *   print_notices
@@ -360,5 +357,3 @@ function notify_all_remote($msg) {
 	notify_via_smtp($msg);
 	notify_via_growl($msg);
 }
-
-?>
diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php
index 3d70cdb62..17da3aa58 100644
--- a/src/etc/inc/openvpn.auth-user.php
+++ b/src/etc/inc/openvpn.auth-user.php
@@ -98,8 +98,8 @@ if (!$username || !$password) {
 /* Replaced by a sed with propper variables used below(ldap parameters). */
 //<template>
 
-if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) {
-	putenv("LDAPTLS_CACERT={$g['varetc_path']}/openvpn/{$modeid}.ca");
+if (file_exists("/var/etc/openvpn/{$modeid}.ca")) {
+	putenv("LDAPTLS_CACERT=/var/etc/openvpn/{$modeid}.ca");
 	putenv("LDAPTLS_REQCERT=never");
 }
 
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
index 64a2ffdff..627c23003 100644
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -367,10 +367,9 @@ function openvpn_add_custom(& $settings, & $conf) {
 	}
 }
 
-function openvpn_add_keyfile(& $data, & $conf, $mode_id, $directive, $opt = "") {
-	global $g;
-
-	$fpath = $g['varetc_path']."/openvpn/{$mode_id}.{$directive}";
+function openvpn_add_keyfile(&$data, &$conf, $mode_id, $directive, $opt = '')
+{
+	$fpath = "/var/etc/openvpn/{$mode_id}.{$directive}";
 	openvpn_create_dirs();
 	file_put_contents($fpath, base64_decode($data));
 	//chown($fpath, 'nobody');
@@ -530,7 +529,7 @@ function openvpn_reconfigure($mode, $settings)
 				//  See ticket #1417
 				if (!empty($ip) && !empty($mask) && ($cidr < 30)) {
 					$conf .= "server {$ip} {$mask}\n";
-					$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+					$conf .= "client-config-dir /var/etc/openvpn-csc\n";
 					if(is_ipaddr($ipv6))
 						$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
 				}
@@ -557,7 +556,7 @@ function openvpn_reconfigure($mode, $settings)
 					$conf .= "server {$ip} {$mask}\n";
 					if(is_ipaddr($ipv6))
 						$conf .= "server-ipv6 {$ipv6}/{$prefix}\n";
-					$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+					$conf .= "client-config-dir /var/etc/openvpn-csc\n";
 				} else {
 					if ($settings['serverbridge_dhcp']) {
 						if ((!empty($settings['serverbridge_interface'])) && (strcmp($settings['serverbridge_interface'], "none"))) {
@@ -565,7 +564,7 @@ function openvpn_reconfigure($mode, $settings)
 							$biface_sm=gen_subnet_mask(get_interface_subnet($settings['serverbridge_interface']));
 							if (is_ipaddrv4($biface_ip) && is_ipaddrv4($settings['serverbridge_dhcp_start']) && is_ipaddrv4($settings['serverbridge_dhcp_end'])) {
 								$conf .= "server-bridge {$biface_ip} {$biface_sm} {$settings['serverbridge_dhcp_start']} {$settings['serverbridge_dhcp_end']}\n";
-								$conf .= "client-config-dir {$g['varetc_path']}/openvpn-csc\n";
+								$conf .= "client-config-dir /var/etc/openvpn-csc\n";
 							} else {
 								$conf .= "mode server\n";
 							}
@@ -611,7 +610,7 @@ function openvpn_reconfigure($mode, $settings)
 
 		// The management port to listen on
 		// Use unix socket to overcome the problem on any type of server
-		$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
+		$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
 		//$conf .= "management 127.0.0.1 {$settings['local_port']}\n";
 
 		if ($settings['maxclients'])
@@ -663,7 +662,7 @@ function openvpn_reconfigure($mode, $settings)
 			$conf .= "lport 0\n";
 
 		// Use unix socket to overcome the problem on any type of server
-		$conf .= "management {$g['varetc_path']}/openvpn/{$mode_id}.sock unix\n";
+		$conf .= "management /var/etc/openvpn/{$mode_id}.sock unix\n";
 
 		// The remote server
 		$conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n";
@@ -691,7 +690,7 @@ function openvpn_reconfigure($mode, $settings)
 		}
 
 		if ($settings['auth_user'] && $settings['auth_pass']) {
-			$up_file = "{$g['varetc_path']}/openvpn/{$mode_id}.up";
+			$up_file = "/var/etc/openvpn/{$mode_id}.up";
 			$conf .= "auth-user-pass {$up_file}\n";
 			$userpass = "{$settings['auth_user']}\n";
 			$userpass .= "{$settings['auth_pass']}\n";
@@ -701,10 +700,10 @@ function openvpn_reconfigure($mode, $settings)
 		if ($settings['proxy_addr']) {
 			$conf .= "http-proxy {$settings['proxy_addr']} {$settings['proxy_port']}";
 			if ($settings['proxy_authtype'] != "none") {
-				$conf .= " {$g['varetc_path']}/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}";
+				$conf .= " /var/etc/openvpn/{$mode_id}.pas {$settings['proxy_authtype']}";
 				$proxypas = "{$settings['proxy_user']}\n";
 				$proxypas .= "{$settings['proxy_passwd']}\n";
-				file_put_contents("{$g['varetc_path']}/openvpn/{$mode_id}.pas", $proxypas);
+				file_put_contents("/var/etc/openvpn/{$mode_id}.pas", $proxypas);
 			}
 			$conf .= " \n";
 		}
@@ -787,18 +786,18 @@ function openvpn_reconfigure($mode, $settings)
 	openvpn_add_custom($settings, $conf);
 
 	openvpn_create_dirs();
-	$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.conf";
+	$fpath = "/var/etc/openvpn/{$mode_id}.conf";
 	file_put_contents($fpath, $conf);
 	unset($conf);
-	$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
+	$fpath = "/var/etc/openvpn/{$mode_id}.interface";
 	file_put_contents($fpath, $interface);
 	//chown($fpath, 'nobody');
 	//chgrp($fpath, 'nobody');
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600);
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.interface", 0600);
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.key", 0600);
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.tls-auth", 0600);
-	@chmod("{$g['varetc_path']}/openvpn/{$mode_id}.conf", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.interface", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.key", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.tls-auth", 0600);
+	@chmod("/var/etc/openvpn/{$mode_id}.conf", 0600);
 }
 
 function openvpn_restart($mode, $settings)
@@ -833,7 +832,7 @@ function openvpn_restart($mode, $settings)
 	}
 
 	/* start the new process */
-	$fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf";
+	$fpath = "/var/etc/openvpn/{$mode_id}.conf";
 	openvpn_clear_route($mode, $settings);
 	mwexec_bg("/usr/local/sbin/openvpn --config " . escapeshellarg($fpath));
 
@@ -870,26 +869,22 @@ function openvpn_delete($mode, & $settings)
 	mwexec("/sbin/ifconfig " . escapeshellarg($devname) . " name " . escapeshellarg($tunname));
 
 	/* remove the configuration files */
-	@array_map('unlink', glob("{$g['varetc_path']}/openvpn/{$mode_id}.*"));
+	@array_map('unlink', glob("/var/etc/openvpn/{$mode_id}.*"));
 }
 
-function openvpn_cleanup_csc($common_name) {
-	global $g, $config;
-	if (empty($common_name))
-		return;
-	$fpath = "{$g['varetc_path']}/openvpn-csc/" . basename($common_name);
-	if (is_file($fpath))
-		unlink_if_exists($fpath);
-	return;
+function openvpn_cleanup_csc($common_name)
+{
+	@unlink('/var/etc/openvpn-csc/' . basename($common_name));
 }
 
-function openvpn_resync_csc(& $settings) {
+function openvpn_resync_csc(&$settings)
+{
 	global $g, $config;
 
-	$fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name'];
+	$fpath = "/var/etc/openvpn-csc/{$settings['common_name']}";
 
 	if (isset($settings['disable'])) {
-		unlink_if_exists($fpath);
+		@unlink($fpath);
 		return;
 	}
 	openvpn_create_dirs();
@@ -941,20 +936,17 @@ function openvpn_resync_csc(& $settings) {
 	chgrp($fpath, 'nobody');
 }
 
-function openvpn_delete_csc(& $settings) {
-	global $g, $config;
-
-	$fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name'];
-	unlink_if_exists($fpath);
+function openvpn_delete_csc(&$settings)
+{
+	@unlink("/var/etc/openvpn-csc/{$settings['common_name']}");
 }
 
-// Resync the configuration and restart the VPN
-function openvpn_resync($mode, $settings) {
+function openvpn_resync($mode, $settings)
+{
 	openvpn_reconfigure($mode, $settings);
 	openvpn_restart($mode, $settings);
 }
 
-// Resync and restart all VPNs
 function openvpn_resync_all($interface = '')
 {
 	global $g, $config;
@@ -1042,7 +1034,7 @@ function openvpn_get_active_servers($type="multipoint") {
 			$server['conns'] = array();
 			$server['vpnid'] = $settings['vpnid'];
 			$server['mgmt'] = "server{$server['vpnid']}";
-			$socket = "unix://{$g['varetc_path']}/openvpn/{$server['mgmt']}.sock";
+			$socket = "unix:///var/etc/openvpn/{$server['mgmt']}.sock";
 			list($tn, $sm) = explode('/', $settings['tunnel_network']);
 
 			if ((($server['mode'] == "p2p_shared_key") || ($sm >= 30) ) && ($type == "p2p"))
@@ -1144,7 +1136,7 @@ function openvpn_get_active_clients() {
 
 			$client['vpnid'] = $settings['vpnid'];
 			$client['mgmt'] = "client{$client['vpnid']}";
-			$socket = "unix://{$g['varetc_path']}/openvpn/{$client['mgmt']}.sock";
+			$socket = "unix:///var/etc/openvpn/{$client['mgmt']}.sock";
 			$client['status']="down";
 
 			$clients[] = openvpn_get_client_status($client, $socket);
@@ -1263,7 +1255,7 @@ function openvpn_refresh_crls() {
 					if (!empty($settings['crlref'])) {
 						$crl = lookup_crl($settings['crlref']);
 						crl_update($crl);
-						$fpath = $g['varetc_path']."/openvpn/server{$settings['vpnid']}.crl-verify";
+						$fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
 						file_put_contents($fpath, base64_decode($crl['text']));
 						@chmod($fpath, 0644);
 					}
diff --git a/src/etc/inc/pfsense-utils.inc b/src/etc/inc/pfsense-utils.inc
index 74e4877c2..d47f8577f 100644
--- a/src/etc/inc/pfsense-utils.inc
+++ b/src/etc/inc/pfsense-utils.inc
@@ -110,27 +110,28 @@ function get_dns_servers() {
  * NOTES
  *   This function only supports the fxp driver's loadable microcode.
  ******/
-function enable_hardware_offloading($interface) {
-	global $g, $config;
+function enable_hardware_offloading($interface)
+{
+	global $config;
 
-	if(isset($config['system']['do_not_use_nic_microcode']))
+	if (isset($config['system']['do_not_use_nic_microcode'])) {
 		return;
+	}
 
 	/* translate wan, lan, opt -> real interface if needed */
 	$int = get_real_interface($interface);
-	if(empty($int))
+	if (empty($int)) {
 		return;
-	$int_family = preg_split("/[0-9]+/", $int);
+	}
+	$int_family = preg_split('/[0-9]+/', $int);
 	$supported_ints = array('fxp');
 	if (in_array($int_family, $supported_ints)) {
-		if(does_interface_exist($int))
+		if (does_interface_exist($int)) {
 			pfSense_interface_flags($int, IFF_LINK0);
+		}
 	}
-
-	return;
 }
 
-
 /****f* legacy/is_schedule_inuse
  * NAME
  *   checks to see if a schedule is currently in use by a rule
@@ -141,16 +142,23 @@ function enable_hardware_offloading($interface) {
  * NOTES
  *
  ******/
-function is_schedule_inuse($schedule) {
-	global $g, $config;
+function is_schedule_inuse($schedule)
+{
+	global $config;
+
+	if ($schedule == '') {
+		return false;
+	}
 
-	if($schedule == "") return false;
 	/* loop through firewall rules looking for schedule in use */
-	if(is_array($config['filter']['rule']))
-		foreach($config['filter']['rule'] as $rule) {
-			if($rule['sched'] == $schedule)
+	if (isset($config['filter']['rule'])) {
+		foreach ($config['filter']['rule'] as $rule) {
+			if ($rule['sched'] == $schedule) {
 				return true;
+			}
 		}
+	}
+
 	return false;
 }
 
@@ -164,20 +172,27 @@ function is_schedule_inuse($schedule) {
  * NOTES
  *
  ******/
-function setup_polling() {
-	global $g, $config;
+function setup_polling()
+{
+	global $config;
 
-	if (isset($config['system']['polling']))
+	if (isset($config['system']['polling'])) {
 		set_single_sysctl("kern.polling.idle_poll", "1");
-	else
+	} else {
 		set_single_sysctl("kern.polling.idle_poll", "0");
+	}
 
-	if($config['system']['polling_each_burst'])
+	if ($config['system']['polling_each_burst']) {
 		set_single_sysctl("kern.polling.each_burst", $config['system']['polling_each_burst']);
-	if($config['system']['polling_burst_max'])
+	}
+
+	if ($config['system']['polling_burst_max']) {
 		set_single_sysctl("kern.polling.burst_max", $config['system']['polling_burst_max']);
-	if($config['system']['polling_user_frac'])
+	}
+
+	if ($config['system']['polling_user_frac']) {
 		set_single_sysctl("kern.polling.user_frac", $config['system']['polling_user_frac']);
+	}
 }
 
 function set_language($lang)
@@ -296,8 +311,10 @@ function add_text_to_file($file, $text, $replace = false) {
 /*
  *   after_sync_bump_adv_skew(): create skew values by 1S
  */
-function after_sync_bump_adv_skew() {
-	global $config, $g;
+function after_sync_bump_adv_skew()
+{
+	global $config;
+
 	$processed_skew = 1;
 	$a_vip = &$config['virtualip']['vip'];
 	foreach ($a_vip as $vipent) {
@@ -306,8 +323,10 @@ function after_sync_bump_adv_skew() {
 			$vipent['advskew'] = $vipent['advskew']+1;
 		}
 	}
-	if($processed_skew == 1)
+
+	if ($processed_skew == 1) {
 		write_config(gettext("After synch increase advertising skew"));
+	}
 }
 
 /*
@@ -513,8 +532,9 @@ function rmdir_recursive($path,$follow_links=false) {
 /*
  * check_firmware_version(): Check whether the current firmware installed is the most recently released.
  */
-function check_firmware_version($tocheck = "all", $return_php = true) {
-	global $g, $config;
+function check_firmware_version($tocheck = "all", $return_php = true)
+{
+	global $config;
 
 	$xmlrpcfqdn = preg_replace('(https?://)', '', '/xmlrpc.php');
 	$ip = gethostbyname($xmlrpcfqdn);
@@ -547,8 +567,9 @@ function check_firmware_version($tocheck = "all", $return_php = true) {
 /*
  * host_firmware_version(): Return the versions used in this install
  */
-function host_firmware_version($tocheck = "") {
-	global $g, $config;
+function host_firmware_version($tocheck = "")
+{
+	global $config;
 
 	$os_version = trim(substr(php_uname("r"), 0, strpos(php_uname("r"), '-')));
 
@@ -585,8 +606,9 @@ function strncpy(&$dst, $src, $length) {
  * RESULT
  *   none
  ******/
-function reload_interfaces_sync() {
-	global $config, $g;
+function reload_interfaces_sync()
+{
+	global $config;
 
 	/* parse config.xml again */
 	$config = parse_config();
@@ -631,7 +653,7 @@ function reload_interfaces() {
  *   none
  ******/
 function reload_all_sync() {
-	global $config, $g;
+	global $config;
 
 	/* parse config.xml again */
 	$config = parse_config();
@@ -664,8 +686,8 @@ function reload_all_sync() {
 	system_ntp_configure();
 
 	/* sync pw database */
-	unlink_if_exists("/etc/spwd.db.tmp");
-	mwexec("/usr/sbin/pwd_mkdb -d /etc/ /etc/master.passwd");
+	@unlink('/etc/spwd.db.tmp');
+	mwexec('/usr/sbin/pwd_mkdb -d /etc/ /etc/master.passwd');
 
 	/* restart sshd */
 	mwexec_bg('/usr/local/etc/rc.sshd');
@@ -676,7 +698,7 @@ function reload_all_sync() {
 
 function setup_serial_port($when = 'save', $path = '')
 {
-	global $g, $config;
+	global $config;
 	$prefix = "";
 	if (($when == "upgrade") && (!empty($path)) && is_dir($path.'/boot/'))
 		$prefix = "/tmp/{$path}";
@@ -926,8 +948,9 @@ function get_ppp_uptime($port){
 }
 
 //returns interface information
-function get_interface_info($ifdescr) {
-	global $config, $g;
+function get_interface_info($ifdescr)
+{
+	global $config;
 
 	$ifinfo = array();
 	if (empty($config['interfaces'][$ifdescr]))
@@ -1079,7 +1102,7 @@ function get_interface_info($ifdescr) {
 		break;
 	}
 
-	if (file_exists("{$g['varrun_path']}/{$link_type}_{$ifdescr}.pid")) {
+	if (file_exists("/var/run/{$link_type}_{$ifdescr}.pid")) {
 		$sec = trim(`/usr/local/sbin/ppp-uptime.sh {$ifinfo['if']}`);
 		$ifinfo['ppp_uptime'] = convert_seconds_to_hms($sec);
 	}
@@ -1296,12 +1319,15 @@ function compare_hostname_to_dnscache($hostname) {
 /*
  * load_crypto() - Load crypto modules if enabled in config.
  */
-function load_crypto() {
-	global $config, $g;
+function load_crypto()
+{
+	global $config;
+
 	$crypto_modules = array('glxsb', 'aesni');
 
-	if (!in_array($config['system']['crypto_hardware'], $crypto_modules))
+	if (!in_array($config['system']['crypto_hardware'], $crypto_modules)) {
 		return false;
+	}
 
 	if (!empty($config['system']['crypto_hardware']) && !is_module_loaded($config['system']['crypto_hardware'])) {
 		log_error("Loading {$config['system']['crypto_hardware']} cryptographic accelerator module.");
@@ -1312,12 +1338,15 @@ function load_crypto() {
 /*
  * load_thermal_hardware() - Load temperature monitor kernel module
  */
-function load_thermal_hardware() {
-	global $config, $g;
+function load_thermal_hardware()
+{
+	global $config;
+
 	$thermal_hardware_modules = array('coretemp', 'amdtemp');
 
-	if (!in_array($config['system']['thermal_hardware'], $thermal_hardware_modules))
+	if (!in_array($config['system']['thermal_hardware'], $thermal_hardware_modules)) {
 		return false;
+	}
 
 	if (!empty($config['system']['thermal_hardware']) && !is_module_loaded($config['system']['thermal_hardware'])) {
 		log_error("Loading {$config['system']['thermal_hardware']} thermal monitor module.");
@@ -1326,12 +1355,14 @@ function load_thermal_hardware() {
 }
 
 
-function get_freebsd_version() {
+function get_freebsd_version()
+{
 	$version = explode(".", php_uname("r"));
 	return $version[0];
 }
 
-function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0) {
+function download_file($url, $destination, $verify_ssl = false, $connect_timeout = 60, $timeout = 0)
+{
 	global $config, $g;
 
 	$fp = fopen($destination, "wb");
@@ -1443,9 +1474,11 @@ if(!function_exists("split")) {
 
 function update_alias_names_upon_change($section, $field, $new_alias_name, $origname)
 {
-	global $g, $config, $pconfig;
-	if(!$origname)
+	global $config, $pconfig;
+
+	if (!$origname) {
 		return;
+	}
 
 	$sectionref = &$config;
 	foreach($section as $sectionname) {
@@ -1474,8 +1507,9 @@ function update_alias_names_upon_change($section, $field, $new_alias_name, $orig
 	}
 }
 
-function update_alias_url_data() {
-	global $config, $g;
+function update_alias_url_data()
+{
+	global $config;
 
 	$updated = false;
 
@@ -1623,18 +1657,19 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) {
 		|| $forceupdate) {
 
 		// Try to fetch the URL supplied
-		unlink_if_exists($urltable_filename . ".tmp");
+		@unlink("{$urltable_filename}.tmp");
 		$verify_ssl = isset($config['system']['checkaliasesurlcert']);
-		if (download_file($url, $urltable_filename . ".tmp", $verify_ssl)) {
+		if (download_file($url, "{$urltable_filename}.tmp", $verify_ssl)) {
 			mwexec("/usr/bin/sed -E 's/\;.*//g; /^[[:space:]]*($|#)/d' ". escapeshellarg($urltable_filename . ".tmp") . " > " . escapeshellarg($urltable_filename));
 			if (alias_get_type($name) == "urltable_ports") {
 				$ports = explode("\n", file_get_contents($urltable_filename));
 				$ports = group_ports($ports);
 				file_put_contents($urltable_filename, implode("\n", $ports));
 			}
-			unlink_if_exists($urltable_filename . ".tmp");
-		} else
+			@unlink("{$urltable_filename}.tmp");
+		} else {
 			touch($urltable_filename);
+		}
 		return true;
 	} else {
 		// File exists, and it doesn't need updated.
diff --git a/src/etc/inc/priv.defs.inc b/src/etc/inc/priv.defs.inc
index b595aa240..27b619d9f 100644
--- a/src/etc/inc/priv.defs.inc
+++ b/src/etc/inc/priv.defs.inc
@@ -461,8 +461,8 @@ $priv_list['page-xmlrpcinterfacestats']['match'] = array();
 $priv_list['page-xmlrpcinterfacestats']['match'][] = "ifstats.php*";
 
 $priv_list['page-system-login/logout'] = array();
-$priv_list['page-system-login/logout']['name'] = gettext("WebCfg - System: Login / Logout page / Dashboard");
-$priv_list['page-system-login/logout']['descr'] = gettext("Allow access to the 'System: Login / Logout' page and Dashboard.");
+$priv_list['page-system-login/logout']['name'] = gettext("WebCfg - Lobby: Login / Logout / Dashboard page");
+$priv_list['page-system-login/logout']['descr'] = gettext("Allow access to the 'Lobby: Login / Logout/ Dashboard' page.");
 $priv_list['page-system-login/logout']['match'] = array();
 $priv_list['page-system-login/logout']['match'][] = "index.php*";
 
diff --git a/src/etc/inc/rrd.inc b/src/etc/inc/rrd.inc
index 813db5ab4..f6fba806c 100644
--- a/src/etc/inc/rrd.inc
+++ b/src/etc/inc/rrd.inc
@@ -30,7 +30,7 @@ function dump_rrd_to_xml($rrddatabase, $xmldumpfile)
 {
 	$rrdtool = '/usr/local/bin/rrdtool';
 
-	unlink_if_exists($xmldumpfile);
+	@unlink($xmldumpfile);
 
 	exec("$rrdtool dump " . escapeshellarg($rrddatabase) . " {$xmldumpfile} 2>&1", $dumpout, $dumpret);
 	if ($dumpret <> 0) {
@@ -77,7 +77,7 @@ function restore_rrd()
 		}
 		/* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */
 		if (!isset($config['system']['use_mfs_tmpvar'])) {
-			unlink_if_exists('/conf/rrd.tgz');
+			@unlink('/conf/rrd.tgz');
 		}
 		return true;
 	}
@@ -287,7 +287,7 @@ function enable_rrd_graphing() {
 		$rrdupdatesh .= "\n";
 		$rrdupdatesh .= "export TERM=dumb\n";
 		$rrdupdatesh .= "\n";
-		$rrdupdatesh .= 'echo $$ > ' . $g['varrun_path'] . '/updaterrd.sh.pid';
+		$rrdupdatesh .= 'echo $$ > /var/run/updaterrd.sh.pid';
 		$rrdupdatesh .= "\n";
 		$rrdupdatesh .= "counter=1\n";
 		$rrdupdatesh .= "while [ \"\$counter\" -ne 0 ]\n";
@@ -441,7 +441,7 @@ function enable_rrd_graphing() {
 				$rrdupdatesh .= " sleep 0.2\n";
 				$rrdupdatesh .= " echo \"quit\"\n";
 				$rrdupdatesh .= "}\n";
-				$rrdupdatesh .= "OVPN=`list_current_users | nc -U {$g['varetc_path']}/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n";
+				$rrdupdatesh .= "OVPN=`list_current_users | nc -U /var/etc/openvpn/server{$vpnid}.sock | awk -F\",\" '/^CLIENT_LIST/ {print \$2}' | wc -l | awk '{print $1}'`\n";
 				$rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$vpnusers N:\${OVPN}\n";
 			}
 
@@ -864,7 +864,7 @@ function enable_rrd_graphing() {
 		$rrdupdatesh .= "done\n";
 		log_error(gettext("Creating rrd update script"));
 		/* write the rrd update script */
-		$updaterrdscript = "{$g['vardb_path']}/rrd/updaterrd.sh";
+		$updaterrdscript = '/var/db/rrd/updaterrd.sh';
 		$fd = fopen("$updaterrdscript", "w");
 		fwrite($fd, "$rrdupdatesh");
 		fclose($fd);
@@ -920,10 +920,7 @@ function create_gateway_quality_rrd($rrd_file) {
 	unset($rrdtool, $rrdinterval, $valid, $rrd_file);
 }
 
-function kill_traffic_collector() {
-	global $g;
-
-	killbypid("{$g['varrun_path']}/updaterrd.sh.pid");
+function kill_traffic_collector()
+{
+	killbypid('/var/run/updaterrd.sh.pid');
 }
-
-?>
diff --git a/src/etc/inc/service-utils.inc b/src/etc/inc/service-utils.inc
index e79a31788..a9e3a8035 100644
--- a/src/etc/inc/service-utils.inc
+++ b/src/etc/inc/service-utils.inc
@@ -34,7 +34,6 @@ require_once("vpn.inc");
 require_once("vslb.inc");
 require_once("gwlb.inc");
 
-
 if (!function_exists('get_services')) {
 
 	function get_services() {
@@ -386,7 +385,7 @@ if (!function_exists('service_control_start')) {
 				$vpnmode = isset($extras['vpnmode']) ? htmlspecialchars($extras['vpnmode']) : htmlspecialchars($extras['mode']);
 				if (($vpnmode == "server") || ($vpnmode == "client")) {
 					$id = isset($extras['vpnid']) ? htmlspecialchars($extras['vpnid']) : htmlspecialchars($extras['id']);
-					$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
+					$configfile = "/var/etc/openvpn/{$vpnmode}{$id}.conf";
 					if (file_exists($configfile))
 						openvpn_restart_by_vpnid($vpnmode, $id);
 				}
@@ -530,7 +529,7 @@ if (!function_exists('service_control_restart')) {
 				$vpnmode = htmlspecialchars($extras['vpnmode']);
 				if ($vpnmode == "server" || $vpnmode == "client") {
 					$id = htmlspecialchars($extras['id']);
-					$configfile = "{$g['varetc_path']}/openvpn/{$vpnmode}{$id}.conf";
+					$configfile = "/var/etc/openvpn/{$vpnmode}{$id}.conf";
 					if (file_exists($configfile))
 						openvpn_restart_by_vpnid($vpnmode, $id);
 				}
diff --git a/src/etc/inc/services.inc b/src/etc/inc/services.inc
index cd03b1b4b..1bc98c49d 100644
--- a/src/etc/inc/services.inc
+++ b/src/etc/inc/services.inc
@@ -304,7 +304,7 @@ function services_radvd_configure($blacklist = array())
 	}
 
 	/* write radvd.conf */
-	if (!@file_put_contents("{$g['varetc_path']}/radvd.conf", $radvdconf)) {
+	if (!@file_put_contents("/var/etc/radvd.conf", $radvdconf)) {
 		log_error("Error: cannot open radvd.conf in services_radvd_configure().\n");
 		if (file_exists("/var/run/booting"))
 			printf("Error: cannot open radvd.conf in services_radvd_configure().\n");
@@ -312,18 +312,17 @@ function services_radvd_configure($blacklist = array())
 	unset($radvdconf);
 
 	if (count($radvdifs) > 0) {
-		if (isvalidpid("{$g['varrun_path']}/radvd.pid")) {
-			killbypid("{$g['varrun_path']}/radvd.pid", 'HUP');
+		if (isvalidpid('/var/run/radvd.pid')) {
+			killbypid('/var/run/radvd.pid', 'HUP');
 		} else {
-			mwexec("/usr/local/sbin/radvd -p {$g['varrun_path']}/radvd.pid -C {$g['varetc_path']}/radvd.conf -m syslog");
+			mwexec('/usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog');
 		}
 	} else {
 		/* we need to shut down the radvd cleanly, it will send out the prefix
 		 * information with a lifetime of 0 to notify clients of a (possible) new prefix */
-		if (isvalidpid("{$g['varrun_path']}/radvd.pid")) {
+		if (isvalidpid('/var/run/radvd.pid')) {
 			log_error("Shutting down Router Advertisment daemon cleanly");
-			killbypid("{$g['varrun_path']}/radvd.pid");
-			@unlink("{$g['varrun_path']}/radvd.pid");
+			killbypid('/var/run/radvd.pid');
 		}
 	}
 	return 0;
@@ -370,8 +369,7 @@ function services_dhcpdv4_configure()
 	$ddns_zones = array();
 
 	/* kill any running dhcpd */
-	if (isvalidpid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid"))
-		killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid");
+	killbypid("{$g['dhcpd_chroot_path']}/var/run/dhcpd.pid");
 
 	/* DHCP enabled on any interfaces? */
 	if (!is_dhcp_server_enabled())
@@ -390,7 +388,7 @@ function services_dhcpdv4_configure()
 		}
 		/* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */
 		if (!isset($config['system']['use_mfs_tmpvar'])) {
-			unlink_if_exists('/conf/dhcpleases.tgz');
+			@unlink('/conf/dhcpleases.tgz');
 		}
 	}
 
@@ -900,16 +898,15 @@ EOD;
 	unset($dhcpdconf);
 
 	/* create an empty leases database */
-	if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases"))
-		@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
+	@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
 
 	/* make sure there isn't a stale dhcpd.pid file, which can make dhcpd fail to start.   */
 	/* if we get here, dhcpd has been killed and is not started yet                        */
-	unlink_if_exists("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpd.pid");
+	@unlink("{$g['dhcpd_chroot_path']}/var/run/dhcpd.pid");
 
 	/* fire up dhcpd in a chroot */
 	if (count($dhcpdifs) > 0) {
-		mwexec("/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpd.conf -pf {$g['varrun_path']}/dhcpd.pid " .
+		mwexec("/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid " .
 			join(" ", $dhcpdifs));
 	}
 
@@ -987,14 +984,13 @@ function services_dhcpdv6_configure($blacklist = array())
 	global $config, $g;
 
 	/* kill any running dhcpd */
-	if (isvalidpid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid"))
-		killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid");
-	if (isvalidpid("{$g['varrun_path']}/dhcpleases6.pid"))
-		killbypid("{$g['varrun_path']}/dhcpleases6.pid");
+	killbypid("{$g['dhcpd_chroot_path']}/var/run/dhcpdv6.pid");
+	killbypid('/var/run/dhcpleases6.pid');
 
 	/* DHCP enabled on any interfaces? */
-	if (!is_dhcpv6_server_enabled())
+	if (!is_dhcpv6_server_enabled()) {
 		return 0;
+	}
 
 	if (file_exists("/var/run/booting")) {
 		if (is_install_media()) {
@@ -1012,7 +1008,7 @@ function services_dhcpdv6_configure($blacklist = array())
 		}
 		/* If this backup is still there on a full install, but we aren't going to use ram disks, remove the archive since this is a transition. */
 		if (isset($config['system']['use_mfs_tmpvar'])) {
-			unlink_if_exists('/conf/dhcp6leases.tgz');
+			@unlink('/conf/dhcp6leases.tgz');
 		}
 	}
 
@@ -1310,11 +1306,11 @@ EOD;
 
         /* make sure there isn't a stale dhcpdv6.pid file, which may make dhcpdv6 fail to start.  */
         /* if we get here, dhcpdv6 has been killed and is not started yet                         */
-        unlink_if_exists("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid");
+        @unlink("{$g['dhcpd_chroot_path']}/var/run/dhcpdv6.pid");
 
 	/* fire up dhcpd in a chroot */
 	if (count($dhcpdv6ifs) > 0) {
-		mwexec("/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpdv6.conf -pf {$g['varrun_path']}/dhcpdv6.pid " .
+		mwexec("/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot {$g['dhcpd_chroot_path']} -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid " .
 			join(" ", $dhcpdv6ifs));
 		mwexec("/usr/local/sbin/dhcpleases6 -c \"/usr/local/bin/php -f /usr/local/sbin/prefixes.php|/bin/sh\" -l {$g['dhcpd_chroot_path']}/var/db/dhcpd6.leases");
 	}
@@ -1386,7 +1382,7 @@ function services_dhcrelay_configure()
 	global $config, $g;
 
 	/* kill any running dhcrelay */
-	killbypid("{$g['varrun_path']}/dhcrelay.pid");
+	killbypid('/var/run/dhcrelay.pid');
 
 	$dhcrelaycfg =& $config['dhcrelay'];
 
@@ -1503,7 +1499,7 @@ function services_dhcrelay6_configure()
 	global $config, $g;
 
 	/* kill any running dhcrelay */
-	killbypid("{$g['varrun_path']}/dhcrelay6.pid");
+	killbypid('/var/run/dhcrelay6.pid');
 
 	$dhcrelaycfg =& $config['dhcrelay6'];
 
@@ -1599,7 +1595,7 @@ function services_dhcrelay6_configure()
 		return; /* XXX */
 	}
 
-	$cmd = "/usr/local/sbin/dhcrelay -6 -pf \"{$g['varrun_path']}/dhcrelay6.pid\"";
+	$cmd = '/usr/local/sbin/dhcrelay -6 -pf /var/run/dhcrelay6.pid';
 	foreach ($dhcrelayifs as $dhcrelayif) {
 		$cmd .= " -l {$dhcrelayif}";
 	}
@@ -1743,7 +1739,7 @@ function services_dnsmasq_configure()
 	);
 
 	/* kill any running dnsmasq */
-	killbypid("{$g['varrun_path']}/dnsmasq.pid");
+	killbypid('/var/run/dnsmasq.pid');
 
 	if (isset($config['dnsmasq']['enable'])) {
 
@@ -1883,7 +1879,7 @@ function services_unbound_configure()
 	$return = 0;
 
 	// kill any running Unbound instance
-	killbypid("{$g['varrun_path']}/unbound.pid");
+	killbypid('/var/run/unbound.pid');
 
 	if (isset($config['unbound']['enable'])) {
 		if (file_exists("/var/run/booting"))
@@ -1910,10 +1906,12 @@ function services_snmpd_configure()
 	global $config, $g;
 
 	/* kill any running snmpd */
-	killbypid("{$g['varrun_path']}/snmpd.pid");
+	killbypid('/var/run/snmpd.pid');
 	sleep(2);
-	if(is_process_running("bsnmpd"))
-		mwexec("/usr/bin/killall bsnmpd", true);
+
+	if (is_process_running('bsnmpd')) {
+		mwexec('/usr/bin/killall bsnmpd', true);
+	}
 
 	if (isset($config['snmpd']['enable'])) {
 
@@ -1921,7 +1919,7 @@ function services_snmpd_configure()
 			echo gettext("Starting SNMP daemon... ");
 
 		/* generate snmpd.conf */
-		$fd = fopen("{$g['varetc_path']}/snmpd.conf", "w");
+		$fd = fopen("/var/etc/snmpd.conf", "w");
 		if (!$fd) {
 			printf(gettext("Error: cannot open snmpd.conf in services_snmpd_configure().%s"),"\n");
 			return 1;
@@ -2094,8 +2092,8 @@ EOD;
 		}
 
 		/* run bsnmpd */
-		mwexec("/usr/sbin/bsnmpd -c {$g['varetc_path']}/snmpd.conf" .
-			"{$bindlan} -p {$g['varrun_path']}/snmpd.pid");
+		mwexec("/usr/sbin/bsnmpd -c /var/etc/snmpd.conf" .
+			"{$bindlan} -p /var/run/snmpd.pid");
 
 		if (file_exists("/var/run/booting"))
 			echo gettext("done.") . "\n";
@@ -2145,7 +2143,7 @@ function services_dnsupdate_process($int = '', $updatehost = '', $forced = false
 				/* write private key file
 				   this is dumb - public and private keys are the same for HMAC-MD5,
 				   but nsupdate insists on having both */
-				$fd = fopen("{$g['varetc_path']}/K{$i}{$keyname}+157+00000.private", "w");
+				$fd = fopen("/var/etc/K{$i}{$keyname}+157+00000.private", "w");
 				$privkey = <<<EOD
 Private-key-format: v1.2
 Algorithm: 157 (HMAC)
@@ -2167,7 +2165,7 @@ EOD;
 					$proto = 2;
 				}
 
-				$fd = fopen("{$g['varetc_path']}/K{$i}{$keyname}+157+00000.key", "w");
+				$fd = fopen("/var/etc/K{$i}{$keyname}+157+00000.key", "w");
 				fwrite($fd, "{$keyname} IN KEY {$flags} {$proto} 157 {$dnsupdate['keydata']}\n");
 				fclose($fd);
 
@@ -2220,13 +2218,13 @@ EOD;
 				$upinst .= "\n";	/* mind that trailing newline! */
 
 				if ($need_update) {
-					@file_put_contents("{$g['varetc_path']}/nsupdatecmds{$i}", $upinst);
+					@file_put_contents("/var/etc/nsupdatecmds{$i}", $upinst);
 					unset($upinst);
 					/* invoke nsupdate */
-					$cmd = "/usr/local/bin/nsupdate -k {$g['varetc_path']}/K{$i}{$keyname}+157+00000.key";
+					$cmd = "/usr/local/bin/nsupdate -k /var/etc/K{$i}{$keyname}+157+00000.key";
 					if (isset($dnsupdate['usetcp']))
 						$cmd .= " -v";
-					$cmd .= " {$g['varetc_path']}/nsupdatecmds{$i}";
+					$cmd .= " /var/etc/nsupdatecmds{$i}";
 					mwexec_bg($cmd);
 					unset($cmd);
 				}
@@ -2280,11 +2278,11 @@ function configure_cron() {
 	}
 
 	/* please maintain the newline at the end of file */
-	file_put_contents("/etc/crontab", $crontab_contents);
+	file_put_contents('/etc/crontab', $crontab_contents);
 	unset($crontab_contents);
 
 	/* do a HUP kill to force sync changes */
-	killbypid("{$g['varrun_path']}/cron.pid", 'HUP');
+	killbypid('/var/run/cron.pid', 'HUP');
 
 }
 
@@ -2293,12 +2291,12 @@ function upnp_action ($action) {
 	switch($action) {
 		case "start":
 			if (file_exists('/var/etc/miniupnpd.conf')) {
-				@unlink("{$g['varrun_path']}/miniupnpd.pid");
-				mwexec_bg("/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P {$g['varrun_path']}/miniupnpd.pid");
+				@unlink('/var/run/miniupnpd.pid');
+				mwexec_bg('/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid');
 			}
 			break;
 		case "stop":
-			killbypid("{$g['varrun_path']}/miniupnpd.pid");
+			killbypid('/var/run/miniupnpd.pid');
 			while((int)exec("/bin/pgrep -a miniupnpd | wc -l") > 0)
 				mwexec('killall miniupnpd 2>/dev/null', true);
 			mwexec('/sbin/pfctl -aminiupnpd -Fr 2>&1 >/dev/null');
@@ -2382,5 +2380,3 @@ function install_cron_job($command, $active=false, $minute="0", $hour="*", $mont
 	}
 	configure_cron();
 }
-
-?>
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 918d4c46c..a943b3c77 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -302,7 +302,7 @@ function system_hosts_generate()
 	 * Do not remove this because dhcpleases monitors with kqueue
 	 * it needs to be * killed before writing to hosts files.
 	 */
-	killbypid("{$g['varrun_path']}/dhcpleases.pid");
+	killbypid('/var/run/dhcpleases.pid');
 
 	$fd = fopen('/etc/hosts', 'w');
 	if (!$fd) {
@@ -334,8 +334,8 @@ function system_dhcpleases_configure()
 		if (!file_exists("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases")) {
 			@touch("{$g['dhcpd_chroot_path']}/var/db/dhcpd.leases");
 		}
-		if (isvalidpid("{$g['varrun_path']}/dhcpleases.pid")) {
-			killbypid("{$g['varrun_path']}/dhcpleases.pid", 'HUP');
+		if (isvalidpid('/var/run/dhcpleases.pid')) {
+			killbypid('/var/run/dhcpleases.pid', 'HUP');
 		} else {
 			/* To ensure we do not start multiple instances of dhcpleases, perform some clean-up first. */
 			killbyname('dhcpleases');
@@ -356,7 +356,7 @@ function system_dhcpleases_configure()
 			);
 		}
 	} else {
-		killbypid("{$g['varrun_path']}/dhcpleases.pid");
+		killbypid('/var/run/dhcpleases.pid');
 	}
 }
 
@@ -549,17 +549,16 @@ function system_staticroutes_configure($interface = "", $update_dns = false) {
 			array_unique($filterdns_list);
 			foreach ($filterdns_list as $hostname)
 				$hostnames .= "cmd {$hostname} '/usr/local/opnsense/service/configd_ctl.py \"routedns reload\"'\n";
-			file_put_contents("{$g['varetc_path']}/filterdns-route.hosts", $hostnames);
+			file_put_contents("/var/etc/filterdns-route.hosts", $hostnames);
 			unset($hostnames);
 
-			if (isvalidpid("{$g['varrun_path']}/filterdns-route.pid")) {
-				killbypid("{$g['varrun_path']}/filterdns-route.pid", 'HUP');
+			if (isvalidpid('/var/run/filterdns-route.pid')) {
+				killbypid('/var/run/filterdns-route.pid', 'HUP');
 			} else {
-				mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-route.pid -i {$interval} -c {$g['varetc_path']}/filterdns-route.hosts -d 1");
+				mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns-route.pid -i {$interval} -c /var/etc/filterdns-route.hosts -d 1");
 			}
 		} else {
-			killbypid("{$g['varrun_path']}/filterdns-route.pid");
-			@unlink("{$g['varrun_path']}/filterdns-route.pid");
+			killbypid('/var/run/filterdns-route.pid');
 		}
 	}
 	unset($filterdns_list);
@@ -745,7 +744,7 @@ EOD;
 EOD;
 		}
 		/* write syslog.conf */
-		if (!@file_put_contents("{$g['varetc_path']}/syslog.conf", $syslogconf)) {
+		if (!@file_put_contents("/var/etc/syslog.conf", $syslogconf)) {
 			printf(gettext("Error: cannot open syslog.conf in system_syslogd_start().%s"), "\n");
 			unset($syslogconf);
 			return 1;
@@ -772,17 +771,18 @@ EOD;
 			}
 		}
 
-		$syslogd_extra = "-f {$g['varetc_path']}/syslog.conf {$sourceip}";
+		$syslogd_extra = "-f /var/etc/syslog.conf {$sourceip}";
 	}
 
-	if (isvalidpid("{$g['varrun_path']}/syslog.pid")) {
-		killbypid("{$g['varrun_path']}/syslog.pid", 'HUP');
+	if (isvalidpid('/var/run/syslog.pid')) {
+		killbypid('/var/run/syslog.pid', 'HUP');
 	} else {
-		$retval = mwexec_bg("/usr/local/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -P {$g['varrun_path']}/syslog.pid {$syslogd_extra}");
+		$retval = mwexec_bg("/usr/local/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -P /var/run/syslog.pid {$syslogd_extra}");
 	}
 
-	if (file_exists("/var/run/booting"))
+	if (file_exists("/var/run/booting")) {
 		echo gettext("done.") . "\n";
+	}
 
 	return $retval;
 }
@@ -845,22 +845,20 @@ function system_webgui_start()
 	}
 
 	/* generate lighttpd configuration */
-	system_generate_lighty_config("{$g['varetc_path']}/lighty-webConfigurator.conf",
+	system_generate_lighty_config("/var/etc/lighty-webConfigurator.conf",
 		$crt, $key, $ca, "lighty-webConfigurator.pid", $portarg, "/usr/local/www/",
 		"cert.pem", "ca.pem");
 
 	/* kill any running lighttpd */
-	killbypid("{$g['varrun_path']}/lighty-webConfigurator.pid");
+	killbypid('/var/run/lighty-webConfigurator.pid');
 
 	sleep(1);
 
-	@unlink("{$g['varrun_path']}/lighty-webConfigurator.pid");
-
 	/* regenerate the php.ini files in case the setup has changed */
 	mwexec('/usr/local/etc/rc.php_ini_setup');
 
 	/* attempt to start lighthttpd and return true if ok */
-	return !mwexec("/usr/local/sbin/lighttpd -f {$g['varetc_path']}/lighty-webConfigurator.conf");
+	return !mwexec("/usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf");
 }
 
 function system_generate_lighty_config(
@@ -1090,9 +1088,9 @@ EOD;
 		$lighty_config .= "\n";
 		$lighty_config .= "## ssl configuration\n";
 		$lighty_config .= "ssl.engine = \"enable\"\n";
-		$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
+		$lighty_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
 		if($ca <> "")
-			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
+			$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
 	}
 	$lighty_config .= " }\n";
 
@@ -1104,7 +1102,7 @@ EOD;
 #server.error-handler-404   = "/error-handler.php"
 
 ## to help the rc.scripts
-server.pid-file            = "{$g['varrun_path']}/{$pid_file}"
+server.pid-file            = "/var/run/{$pid_file}"
 
 ## virtual directory listings
 server.dir-listing         = "disable"
@@ -1144,30 +1142,30 @@ EOD;
 	$ca = str_replace("\n\n", "\n", $ca);
 
 	if($cert <> "" and $key <> "") {
-		$fd = fopen("{$g['varetc_path']}/{$cert_location}", "w");
+		$fd = fopen("/var/etc/{$cert_location}", "w");
 		if (!$fd) {
 			printf(gettext("Error: cannot open cert.pem in system_webgui_start().%s"), "\n");
 			return 1;
 		}
-		chmod("{$g['varetc_path']}/{$cert_location}", 0600);
+		chmod("/var/etc/{$cert_location}", 0600);
 		fwrite($fd, $cert);
 		fwrite($fd, "\n");
 		fwrite($fd, $key);
 		fclose($fd);
 		if(!(empty($ca) || (strlen(trim($ca)) == 0))) {
-			$fd = fopen("{$g['varetc_path']}/{$ca_location}", "w");
+			$fd = fopen("/var/etc/{$ca_location}", "w");
 			if (!$fd) {
 				printf(gettext("Error: cannot open ca.pem in system_webgui_start().%s"), "\n");
 				return 1;
 			}
-			chmod("{$g['varetc_path']}/{$ca_location}", 0600);
+			chmod("/var/etc/{$ca_location}", 0600);
 			fwrite($fd, $ca);
 			fclose($fd);
 		}
 		$lighty_config .= "\n";
 		$lighty_config .= "## " . gettext("ssl configuration") . "\n";
 		$lighty_config .= "ssl.engine = \"enable\"\n";
-		$lighty_config .= "ssl.pemfile = \"{$g['varetc_path']}/{$cert_location}\"\n\n";
+		$lighty_config .= "ssl.pemfile = \"/var/etc/{$cert_location}\"\n\n";
 
 		// Harden SSL a bit for PCI conformance testing
 		$lighty_config .= "ssl.use-sslv2 = \"disable\"\n";
@@ -1194,7 +1192,7 @@ EOD;
 		}
 
 		if(!(empty($ca) || (strlen(trim($ca)) == 0)))
-			$lighty_config .= "ssl.ca-file = \"{$g['varetc_path']}/{$ca_location}\"\n\n";
+			$lighty_config .= "ssl.ca-file = \"/var/etc/{$ca_location}\"\n\n";
 	}
 
 	// Add HTTP to HTTPS redirect
@@ -1266,7 +1264,7 @@ function system_ntp_setup_gps($serialport) {
 		return false;
 
 	// Create symlink that ntpd requires
-	unlink_if_exists($gps_device);
+	@unlink($gps_device);
 	symlink($serialport, $gps_device);
 
 	/* Send the following to the GPS port to initialize the GPS */
@@ -1308,23 +1306,22 @@ function system_ntp_setup_gps($serialport) {
 	return true;
 }
 
-function system_ntp_setup_pps($serialport) {
-	global $config, $g;
-
+function system_ntp_setup_pps($serialport)
+{
 	$pps_device = '/dev/pps0';
-	$serialport = '/dev/'.$serialport;
+	$serialport = "/dev/{$serialport}";
 
-	if (!file_exists($serialport))
+	if (!file_exists($serialport)) {
 		return false;
+	}
 
 	// Create symlink that ntpd requires
-	unlink_if_exists($pps_device);
+	@unlink($pps_device);
 	@symlink($serialport, $pps_device);
 
 	return true;
 }
 
-
 function system_ntp_configure($start_ntpd = true)
 {
 	global $config, $g;
@@ -1568,8 +1565,8 @@ function system_ntp_configure($start_ntpd = true)
 	}
 
 	/* open configuration for wrting or bail */
-	if (!@file_put_contents("{$g['varetc_path']}/ntpd.conf", $ntpcfg)) {
-		log_error("Could not open {$g['varetc_path']}/ntpd.conf for writing");
+	if (!@file_put_contents('/var/etc/ntpd.conf', $ntpcfg)) {
+		log_error("Could not open /var/etc/ntpd.conf for writing");
 		return;
 	}
 
@@ -1578,21 +1575,19 @@ function system_ntp_configure($start_ntpd = true)
 		return;
 
 	/* if ntpd is running, kill it */
-	while (isvalidpid("{$g['varrun_path']}/ntpd.pid")) {
-		killbypid("{$g['varrun_path']}/ntpd.pid");
+	while (isvalidpid('/var/run/ntpd.pid')) {
+		killbypid('/var/run/ntpd.pid');
+		usleep(200 * 1000);
 	}
-	@unlink("{$g['varrun_path']}/ntpd.pid");
 
 	/* if /var/empty does not exist, create it */
-	if(!is_dir("/var/empty"))
-		mkdir("/var/empty", 0775, true);
+	@mkdir('/var/empty', 0775, true);
 
-	/* start opentpd, set time now and use /var/etc/ntpd.conf */
-	mwexec("/usr/local/sbin/ntpd -g -c {$g['varetc_path']}/ntpd.conf -p {$g['varrun_path']}/ntpd.pid", false, true);
+	/* start opentpd, set time now and use new config */
+	mwexec('/usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid', false, true);
 
 	// Note that we are starting up
 	log_error("NTPD is starting up.");
-	return;
 }
 
 function system_halt($sync = false)
diff --git a/src/etc/inc/upgrade_config.inc b/src/etc/inc/upgrade_config.inc
index a84696c99..fb3b573f8 100644
--- a/src/etc/inc/upgrade_config.inc
+++ b/src/etc/inc/upgrade_config.inc
@@ -2025,12 +2025,12 @@ function upgrade_054_to_055() {
 	/* Let's save the RRD graphs after we run enable RRD graphing */
 	/* The function will restore the rrd.tgz so we will save it after */
 	exec("cd /; LANG=C NO_REMOUNT=1 RRDDBPATH='{$rrddbpath}' CF_CONF_PATH='/conf' /usr/local/etc/rc.backup_rrd");
-	unlink_if_exists("{$g['vardb_path']}/rrd/*.xml");
-	if (file_exists("/var/run/booting"))
+	mwexec('/bin/rm /var/db/rrd/*.xml');
+	if (file_exists("/var/run/booting")) {
 		echo "Updating configuration...";
+	}
 }
 
-
 function upgrade_055_to_056() {
 	global $config;
 
@@ -2526,10 +2526,10 @@ function upgrade_077_to_078() {
 		$config['pptpd']['n_pptp_units'] = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units'];
 	}
 }
-function upgrade_078_to_079() {
-	global $g;
+function upgrade_078_to_079()
+{
 	/* Delete old and unused RRD file */
-	unlink_if_exists("{$g['vardb_path']}/rrd/captiveportal-totalusers.rrd");
+	@unlink('/var/db/rrd/captiveportal-totalusers.rrd');
 }
 
 function upgrade_079_to_080() {
@@ -2692,8 +2692,8 @@ function upgrade_080_to_081() {
 		mwexec("$rrdtool restore -f /tmp/{$xmldumpnew} {$rrddbpath}/{$database} 2>&1");
 		unset($xml);
 		# Default /tmp tmpfs is ~40mb, do not leave temp files around
-		unlink_if_exists("/tmp/{$xmldump}");
-		unlink_if_exists("/tmp/{$xmldumpnew}");
+		@unlink("/tmp/{$xmldump}");
+		@unlink("/tmp/{$xmldumpnew}");
 	}
 	enable_rrd_graphing();
 	/* Let's save the RRD graphs after we run enable RRD graphing */
@@ -2943,9 +2943,9 @@ function upgrade_092_to_093() {
 	$suffixes = array("concurrent", "loggedin");
 
 	foreach ($suffixes as $suffix)
-		if (file_exists("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd"))
-			rename("{$g['vardb_path']}/rrd/captiveportal-{$suffix}.rrd",
-				"{$g['vardb_path']}/rrd/captiveportal-cpZone-{$suffix}.rrd");
+		if (file_exists("/var/db/rrd/captiveportal-{$suffix}.rrd"))
+			rename("/var/db/rrd/captiveportal-{$suffix}.rrd",
+				"/var/db/rrd/captiveportal-cpZone-{$suffix}.rrd");
 
 	enable_rrd_graphing();
 }
@@ -3230,13 +3230,13 @@ function upgrade_110_to_111()
 	mwexec('/usr/sbin/pw useradd -n unbound -c "Unbound DNS Resolver" -d /var/unbound -s /usr/sbin/nologin -u 59 -g 59', true);
 
 	/* cleanup old unbound package stuffs */
-	unlink_if_exists("/usr/local/pkg/unbound.xml");
-	unlink_if_exists("/usr/local/pkg/unbound.inc");
-	unlink_if_exists("/usr/local/pkg/unbound_advanced.xml");
-	unlink_if_exists("/usr/local/www/unbound_status.php");
-	unlink_if_exists("/usr/local/www/unbound_acls.php");
-	unlink_if_exists("/usr/local/bin/unbound_monitor.sh");
-	unlink_if_exists("/usr/local/etc/rc.d/unbound.sh");
+	@unlink('/usr/local/pkg/unbound.xml');
+	@unlink('/usr/local/pkg/unbound.inc');
+	@unlink('/usr/local/pkg/unbound_advanced.xml');
+	@unlink('/usr/local/www/unbound_status.php');
+	@unlink('/usr/local/www/unbound_acls.php');
+	@unlink('/usr/local/bin/unbound_monitor.sh');
+	@unlink('/usr/local/etc/rc.d/unbound.sh');
 
 	/* Remove old menu and service entries */
 	if (isset($config['installedpackages']['menu']) && is_array($config['installedpackages']['menu'])) {
diff --git a/src/etc/inc/util.inc b/src/etc/inc/util.inc
index 0102129c8..8d91d25a8 100644
--- a/src/etc/inc/util.inc
+++ b/src/etc/inc/util.inc
@@ -1034,21 +1034,6 @@ function mwexec_bg($command, $mute = false, $clearsigmask = false)
 	mwexec("/usr/sbin/daemon -f {$command}", $mute, $clearsigmask);
 }
 
-/* unlink a file or directory, if it exists */
-function unlink_if_exists($fn)
-{
-	$to_do = glob($fn);
-
-	foreach($to_do as $filename) {
-		if (is_dir($filename)) {
-			/* rmdir() is not recursive... */
-			mwexecf('/bin/rm -r %s', $filename);
-		} else {
-			unlink($filename);
-		}
-	}
-}
-
 /* make a global alias table (for faster lookups) */
 function alias_make_table($config)
 {
diff --git a/src/etc/inc/voucher.inc b/src/etc/inc/voucher.inc
index fb4ac23eb..f2a935c27 100644
--- a/src/etc/inc/voucher.inc
+++ b/src/etc/inc/voucher.inc
@@ -60,7 +60,7 @@ function voucher_expire($voucher_received) {
 			continue;   // seems too short to be a voucher!
 
 		unset($output);
-		$_gb = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v", $output);
+		$_gb = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v", $output);
 		list($status, $roll, $nr) = explode(" ", $output[0]);
 		if ($status == "OK") {
 			// check if we have this ticket on a registered roll for this ticket
@@ -165,7 +165,7 @@ function voucher_auth($voucher_received, $test = 0) {
 		if (strlen($voucher) < 3)
 			continue;   // seems too short to be a voucher!
 
-		$result = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v");
+		$result = exec("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -k /var/etc/voucher_{$cpzone}.public -- $v");
 		list($status, $roll, $nr) = explode(" ", $result);
 		if ($status == "OK") {
 			if (!$first_voucher) {
@@ -303,7 +303,7 @@ function voucher_configure_zone($sync = false)
 
 	/* write public key used to verify vouchers */
 	$pubkey = base64_decode($config['voucher'][$cpzone]['publickey']);
-	$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.public", "w");
+	$fd = fopen("/var/etc/voucher_{$cpzone}.public", "w");
 	if (!$fd) {
 		captiveportal_syslog("Voucher error: cannot write voucher.public\n");
 		unlock($voucherlck);
@@ -311,10 +311,10 @@ function voucher_configure_zone($sync = false)
 	}
 	fwrite($fd, $pubkey);
 	fclose($fd);
-	@chmod("{$g['varetc_path']}/voucher_{$cpzone}.public", 0600);
+	@chmod("/var/etc/voucher_{$cpzone}.public", 0600);
 
 	/* write config file used by voucher binary to decode vouchers */
-	$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.cfg", "w");
+	$fd = fopen("/var/etc/voucher_{$cpzone}.cfg", "w");
 	if (!$fd) {
 		captiveportal_syslog(gettext("Error: cannot write voucher.cfg") . "\n");
 		unlock($voucherlck);
@@ -322,7 +322,7 @@ function voucher_configure_zone($sync = false)
 	}
 	fwrite($fd, "{$config['voucher'][$cpzone]['rollbits']},{$config['voucher'][$cpzone]['ticketbits']},{$config['voucher'][$cpzone]['checksumbits']},{$config['voucher'][$cpzone]['magic']},{$config['voucher'][$cpzone]['charset']}\n");
 	fclose($fd);
-	@chmod("{$g['varetc_path']}/voucher_{$cpzone}.cfg", 0600);
+	@chmod("/var/etc/voucher_{$cpzone}.cfg", 0600);
 	unlock($voucherlck);
 
 	if (!$sync) {
@@ -364,15 +364,19 @@ function voucher_configure_zone($sync = false)
 /* write bitstring of used vouchers to ramdisk.
  * Bitstring must already be base64_encoded!
  */
-function voucher_write_used_db($roll, $vdb) {
-	global $g, $cpzone;
+function voucher_write_used_db($roll, $vdb)
+{
+	global $cpzone;
 
-	$fd = fopen("{$g['vardb_path']}/voucher_{$cpzone}_used_$roll.db", "w");
+	$fn = "/var/db/voucher_{$cpzone}_used_{$roll}.db";
+
+	$fd = fopen($fn, 'w');
 	if ($fd) {
 		fwrite($fd, $vdb . "\n");
 		fclose($fd);
-	} else
-		voucher_log(LOG_ERR, sprintf(gettext('cant write %1$s/voucher_%s_used_%2$s.db'), $g['vardb_path'], $cpzone, $roll));
+	} else {
+		voucher_log(LOG_ERR, sprintf(gettext('Can\'t write %s'), $fn));
+	}
 }
 
 /* return assoc array of active vouchers with activation timestamp
@@ -383,7 +387,7 @@ function voucher_read_active_db($roll) {
 
 	$active = array();
 	$dirty = 0;
-	$file = "{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db";
+	$file = "/var/db/voucher_{$cpzone}_active_{$roll}.db";
 	if (file_exists($file)) {
 		$fd = fopen($file, "r");
 		if ($fd) {
@@ -415,7 +419,7 @@ function voucher_write_active_db($roll, $active) {
 
 	if (!is_array($active))
 		return;
-    $fd = fopen("{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db", "w");
+    $fd = fopen("/var/db/voucher_{$cpzone}_active_{$roll}.db", "w");
     if ($fd) {
         foreach($active as $voucher => $value)
             fwrite($fd, "$voucher,$value\n");
@@ -442,32 +446,35 @@ function voucher_used_count($roll) {
     return $used;
 }
 
-function voucher_read_used_db($roll) {
-    global $g, $cpzone;
+function voucher_read_used_db($roll)
+{
+	global $cpzone;
 
-    $vdb = "";
-    $file = "{$g['vardb_path']}/voucher_{$cpzone}_used_$roll.db";
-    if (file_exists($file)) {
-        $fd = fopen($file, "r");
+	$fn = "/var/db/voucher_{$cpzone}_used_{$roll}.db";
+	$vdb = '';
+
+        $fd = fopen($fn, 'r');
         if ($fd) {
-            $vdb = trim(fgets($fd));
-            fclose($fd);
-        } else {
-	    voucher_log(LOG_ERR, sprintf(gettext('cant read %1$s/voucher_%s_used_%2$s.db'), $g['vardb_path'], $cpzone, $roll));
-        }
-    }
-    return base64_decode($vdb);
+		$vdb = trim(fgets($fd));
+		fclose($fd);
+	} else {
+		voucher_log(LOG_ERR, sprintf(gettext('Can\'t read %s'), $fn));
+	}
+
+	return base64_decode($vdb);
 }
 
-function voucher_unlink_db($roll) {
-    global $g, $cpzone;
-    @unlink("{$g['vardb_path']}/voucher_{$cpzone}_used_$roll.db");
-    @unlink("{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db");
+function voucher_unlink_db($roll)
+{
+	global $cpzone;
+
+	@unlink("/var/db/voucher_{$cpzone}_used_{$roll}.db");
+	@unlink("/var/db/voucher_{$cpzone}_active_{$roll}.db");
 }
 
 /* we share the log with captiveportal for now */
-function voucher_log($priority, $message) {
-
+function voucher_log($priority, $message)
+{
     $message = trim($message);
     openlog("logportalauth", LOG_PID, LOG_LOCAL4);
     syslog($priority, sprintf(gettext("Voucher: %s"),$message));
diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc
index be8cd2914..d9fef2615 100644
--- a/src/etc/inc/vpn.inc
+++ b/src/etc/inc/vpn.inc
@@ -88,8 +88,8 @@ function vpn_ipsec_configure($ipchg = false)
 	global $config, $g, $sa, $sn, $p1_ealgos, $p2_ealgos;
 
 	/* get the automatic ping_hosts.sh ready */
-	unlink_if_exists("{$g['vardb_path']}/ipsecpinghosts");
-	touch("{$g['vardb_path']}/ipsecpinghosts");
+	@unlink('/var/db/ipsecpinghosts');
+	touch('/var/db/ipsecpinghosts');
 
 	vpn_ipsec_configure_preferoldsa();
 
@@ -101,9 +101,9 @@ function vpn_ipsec_configure($ipchg = false)
 
 	if (!isset($ipseccfg['enable'])) {
 		/* try to stop charon */
-		mwexec("/usr/local/sbin/ipsec stop");
+		mwexec('/usr/local/sbin/ipsec stop');
 		/* Stop dynamic monitoring */
-		killbypid("{$g['varrun_path']}/filterdns-ipsec.pid");
+		killbypid('/var/run/filterdns-ipsec.pid');
 
 		/* wait for process to die */
 		sleep(2);
@@ -120,26 +120,17 @@ function vpn_ipsec_configure($ipchg = false)
 
 		mwexec("/sbin/ifconfig enc0 up");
 		set_single_sysctl("net.inet.ip.ipsec_in_use", "1");
-		/* needed for config files */
-		if (!is_dir("/usr/local/etc/ipsec.d"))
-			mkdir("/usr/local/etc/ipsec.d");
-		if (!is_dir($capath))
-			mkdir($capath);
-		if (!is_dir($keypath))
-			mkdir($keypath);
-		if (!is_dir("/usr/local/etc/ipsec.d/crls"))
-			mkdir("/usr/local/etc/ipsec.d/crls");
-		if (!is_dir($certpath))
-			mkdir($certpath);
-		if (!is_dir("/usr/local/etc/ipsec.d/aacerts"))
-			mkdir("/usr/local/etc/ipsec.d/aacerts");
-		if (!is_dir("/usr/local/etc/ipsec.d/acerts"))
-			mkdir("/usr/local/etc/ipsec.d/acerts");
-		if (!is_dir("/usr/local/etc/ipsec.d/ocspcerts"))
-			mkdir("/usr/local/etc/ipsec.d/ocspcerts");
-		if (!is_dir("/usr/local/etc/ipsec.d/reqs"))
-			mkdir("/usr/local/etc/ipsec.d/reqs");
 
+		/* needed directories for config files */
+		@mkdir($capath);
+		@mkdir($keypath);
+		@mkdir($certpath);
+		@mkdir('/usr/local/etc/ipsec.d');
+		@mkdir('/usr/local/etc/ipsec.d/crls');
+		@mkdir('/usr/local/etc/ipsec.d/aacerts');
+		@mkdir('/usr/local/etc/ipsec.d/acerts');
+		@mkdir('/usr/local/etc/ipsec.d/ocspcerts');
+		@mkdir('/usr/local/etc/ipsec.d/reqs');
 
 		if (file_exists("/var/run/booting"))
 			echo gettext("Configuring IPsec VPN... ");
@@ -256,7 +247,7 @@ function vpn_ipsec_configure($ipchg = false)
 					}
 				}
 			}
-			@file_put_contents("{$g['vardb_path']}/ipsecpinghosts", $ipsecpinghosts);
+			@file_put_contents('/var/db/ipsecpinghosts', $ipsecpinghosts);
 			unset($ipsecpinghosts);
 		}
 		unset($iflist);
@@ -816,11 +807,11 @@ EOD;
 	/* end ipsec.conf */
 
 	/* mange process */
-	if (isvalidpid("{$g['varrun_path']}/charon.pid")) {
+	if (isvalidpid('/var/run/charon.pid')) {
 		/* Read secrets */
-		mwexec("/usr/local/sbin/ipsec rereadall", false);
+		mwexec('/usr/local/sbin/ipsec rereadall', false);
 		/* Update configuration changes */
-		mwexec("/usr/local/sbin/ipsec reload", false);
+		mwexec('/usr/local/sbin/ipsec reload', false);
 	} else {
 		mwexec("/usr/local/sbin/ipsec start", false);
 	}
@@ -840,14 +831,13 @@ EOD;
 		file_put_contents("/usr/local/etc/filterdns-ipsec.hosts", $hostnames);
 		unset($hostnames);
 
-		if (isvalidpid("{$g['varrun_path']}/filterdns-ipsec.pid")) {
-			killbypid("{$g['varrun_path']}/filterdns-ipsec.pid", 'HUP');
+		if (isvalidpid('/var/run/filterdns-ipsec.pid')) {
+			killbypid('/var/run/filterdns-ipsec.pid', 'HUP');
 		} else {
-			mwexec("/usr/local/sbin/filterdns -p {$g['varrun_path']}/filterdns-ipsec.pid -i {$interval} -c /usr/local/etc/filterdns-ipsec.hosts -d 1");
+			mwexec("/usr/local/sbin/filterdns -p /var/run/filterdns-ipsec.pid -i {$interval} -c /usr/local/etc/filterdns-ipsec.hosts -d 1");
 		}
 	} else {
-		killbypid("{$g['varrun_path']}/filterdns-ipsec.pid");
-		@unlink("{$g['varrun_path']}/filterdns-ipsec.pid");
+		killbypid('/var/run/filterdns-ipsec.pid');
 	}
 
 	if (file_exists("/var/run/booting"))
@@ -927,20 +917,20 @@ function vpn_pptpd_configure() {
 		echo gettext("Configuring PPTP VPN service... ");
 	} else {
 		/* kill mpd */
-		killbypid("{$g['varrun_path']}/pptp-vpn.pid");
+		killbypid('/var/run/pptp-vpn.pid');
 
 		/* wait for process to die */
 		sleep(3);
 
 		if (is_process_running("mpd -b")) {
-			killbypid("{$g['varrun_path']}/pptp-vpn.pid");
+			killbypid('/var/run/pptp-vpn.pid');
 			log_error(gettext("Could not kill mpd within 3 seconds.   Trying again."));
 		}
 
 		/* remove mpd.conf, if it exists */
-		unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.conf");
-		unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.links");
-		unlink_if_exists("{$g['varetc_path']}/pptp-vpn/mpd.secret");
+		@unlink('/var/etc/pptp-vpn/mpd.conf');
+		@unlink('/var/etc/pptp-vpn/mpd.links');
+		@unlink('/var/etc/pptp-vpn/mpd.secret');
 	}
 
 	if (empty($pptpdcfg['n_pptp_units'])) {
@@ -949,13 +939,12 @@ function vpn_pptpd_configure() {
 	}
 
 	/* make sure pptp-vpn directory exists */
-	if (!file_exists("{$g['varetc_path']}/pptp-vpn"))
-		mkdir("{$g['varetc_path']}/pptp-vpn");
+	@mkdir('/var/etc/pptp-vpn');
 
 	switch ($pptpdcfg['mode']) {
 		case 'server' :
 			/* write mpd.conf */
-			$fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.conf", "w");
+			$fd = fopen('/var/etc/pptp-vpn/mpd.conf', 'w');
 			if (!$fd) {
 				printf(gettext("Error: cannot open mpd.conf in vpn_pptpd_configure().") . "\n");
 				return 1;
@@ -1074,7 +1063,7 @@ EOD;
 			unset($mpdconf);
 
 			/* write mpd.links */
-			$fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.links", "w");
+			$fd = fopen('/var/etc/pptp-vpn/mpd.links', 'w');
 			if (!$fd) {
 				printf(gettext("Error: cannot open mpd.links in vpn_pptpd_configure().") . "\n");
 				return 1;
@@ -1099,7 +1088,7 @@ EOD;
 			unset($mpdlinks);
 
 			/* write mpd.secret */
-			$fd = fopen("{$g['varetc_path']}/pptp-vpn/mpd.secret", "w");
+			$fd = fopen('/var/etc/pptp-vpn/mpd.secret', 'w');
 			if (!$fd) {
 				printf(gettext("Error: cannot open mpd.secret in vpn_pptpd_configure().") . "\n");
 				return 1;
@@ -1118,12 +1107,12 @@ EOD;
 			fwrite($fd, $mpdsecret);
 			fclose($fd);
 			unset($mpdsecret);
-			chmod("{$g['varetc_path']}/pptp-vpn/mpd.secret", 0600);
+			chmod('/var/etc/pptp-vpn/mpd.secret', 0600);
 
 			vpn_netgraph_support();
 
 			/* fire up mpd */
-			mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/pptp-vpn -p {$g['varrun_path']}/pptp-vpn.pid -s pptps pptps");
+			mwexec('/usr/local/sbin/mpd4 -b -d /var/etc/pptp-vpn -p /var/run/pptp-vpn.pid -s pptps pptps');
 
 			break;
 
@@ -1152,8 +1141,7 @@ function vpn_pppoe_configure(&$pppoecfg) {
 	$syscfg = $config['system'];
 
 	/* create directory if it does not exist */
-	if (!is_dir("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn"))
-		mkdir("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn");
+	@mkdir("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn");
 
 	if (file_exists("/var/run/booting")) {
 		if (!$pppoecfg['mode'] || ($pppoecfg['mode'] == "off"))
@@ -1162,7 +1150,7 @@ function vpn_pppoe_configure(&$pppoecfg) {
 		echo gettext("Configuring PPPoE VPN service... ");
 	} else {
 		/* kill mpd */
-		killbypid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
+		killbypid("/var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
 
 		/* wait for process to die */
 		sleep(2);
@@ -1181,7 +1169,7 @@ function vpn_pppoe_configure(&$pppoecfg) {
 				$paporchap = "set link enable pap";
 
 			/* write mpd.conf */
-			$fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
+			$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.conf", "w");
 			if (!$fd) {
 				printf(gettext("Error: cannot open mpd.conf in vpn_pppoe_configure().") . "\n");
 				return 1;
@@ -1290,7 +1278,7 @@ EOD;
 			unset($mpdconf);
 
 			/* write mpd.links */
-			$fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w");
+			$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.links", "w");
 			if (!$fd) {
 				printf(gettext("Error: cannot open mpd.links in vpn_pppoe_configure().") . "\n");
 				return 1;
@@ -1317,7 +1305,7 @@ EOD;
 
 			if ($pppoecfg['username']) {
 				/* write mpd.secret */
-				$fd = fopen("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
+				$fd = fopen("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", "w");
 				if (!$fd) {
 					printf(gettext("Error: cannot open mpd.secret in vpn_pppoe_configure().") . "\n");
 					return 1;
@@ -1336,17 +1324,16 @@ EOD;
 				fwrite($fd, $mpdsecret);
 				fclose($fd);
 				unset($mpdsecret);
-				chmod("{$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", 0600);
+				chmod("/var/etc/pppoe{$pppoecfg['pppoeid']}-vpn/mpd.secret", 0600);
 			}
 
 			/* Check if previous instance is still up */
-			while (file_exists("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid") && isvalidpid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid"))
-				killbypid("{$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
+			killbypid("/var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid");
 
 			/* Get support for netgraph(4) from the nic */
 			pfSense_ngctl_attach(".", $pppoe_interface);
 			/* fire up mpd */
-			mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/pppoe{$pppoecfg['pppoeid']}-vpn -p {$g['varrun_path']}/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes");
+			mwexec("/usr/local/sbin/mpd4 -b -d /var/etc/pppoe{$pppoecfg['pppoeid']}-vpn -p /var/run/pppoe{$pppoecfg['pppoeid']}-vpn.pid -s poes poes");
 
 			break;
 	}
@@ -1357,33 +1344,26 @@ EOD;
 	return 0;
 }
 
-function vpn_l2tp_configure() {
+function vpn_l2tp_configure()
+{
 	global $config, $g;
 
 	$syscfg = $config['system'];
 	$l2tpcfg = $config['l2tp'];
 
-	/* create directory if it does not exist */
-	if (!is_dir("{$g['varetc_path']}/l2tp-vpn"))
-		mkdir("{$g['varetc_path']}/l2tp-vpn");
-
 	if (file_exists("/var/run/booting")) {
 		if (!$l2tpcfg['mode'] || ($l2tpcfg['mode'] == "off"))
 			return 0;
 
 		echo gettext("Configuring l2tp VPN service... ");
 	} else {
-		/* kill mpd */
-		killbypid("{$g['varrun_path']}/l2tp-vpn.pid");
-
-		/* wait for process to die */
-		sleep(8);
-
+		while (isvalidpid('/var/run/l2tp-vpn.pid')) {
+			killbypid('/var/run/l2tp-vpn.pid');
+			usleep(250 * 1000);
+		}
 	}
 
-	/* make sure l2tp-vpn directory exists */
-	if (!file_exists("{$g['varetc_path']}/l2tp-vpn"))
-		mkdir("{$g['varetc_path']}/l2tp-vpn");
+	@mkdir('/var/etc/l2tp-vpn');
 
 	switch ($l2tpcfg['mode']) {
 
@@ -1394,7 +1374,7 @@ function vpn_l2tp_configure() {
 				$paporchap = "set link enable pap";
 
 			/* write mpd.conf */
-			$fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.conf", "w");
+			$fd = fopen("/var/etc/l2tp-vpn/mpd.conf", "w");
 			if (!$fd) {
 				printf(gettext("Error: cannot open mpd.conf in vpn_l2tp_configure().") . "\n");
 				return 1;
@@ -1493,7 +1473,7 @@ EOD;
 			unset($mpdconf);
 
 			/* write mpd.links */
-			$fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.links", "w");
+			$fd = fopen("/var/etc/l2tp-vpn/mpd.links", "w");
 			if (!$fd) {
 				printf(gettext("Error: cannot open mpd.links in vpn_l2tp_configure().") . "\n");
 				return 1;
@@ -1519,7 +1499,7 @@ EOD;
 			unset($mpdlinks);
 
 			/* write mpd.secret */
-			$fd = fopen("{$g['varetc_path']}/l2tp-vpn/mpd.secret", "w");
+			$fd = fopen("/var/etc/l2tp-vpn/mpd.secret", "w");
 			if (!$fd) {
 				printf(gettext("Error: cannot open mpd.secret in vpn_l2tp_configure().") . "\n");
 				return 1;
@@ -1535,12 +1515,12 @@ EOD;
 			fwrite($fd, $mpdsecret);
 			fclose($fd);
 			unset($mpdsecret);
-			chmod("{$g['varetc_path']}/l2tp-vpn/mpd.secret", 0600);
+			chmod('/var/etc/l2tp-vpn/mpd.secret', 0600);
 
 			vpn_netgraph_support();
 
 			/* fire up mpd */
-			mwexec("/usr/local/sbin/mpd4 -b -d {$g['varetc_path']}/l2tp-vpn -p {$g['varrun_path']}/l2tp-vpn.pid -s l2tps l2tps");
+			mwexec('/usr/local/sbin/mpd4 -b -d /var/etc/l2tp-vpn -p /var/run/l2tp-vpn.pid -s l2tps l2tps');
 
 			break;
 
@@ -1554,12 +1534,13 @@ EOD;
 	return 0;
 }
 
-function vpn_ipsec_configure_preferoldsa() {
+function vpn_ipsec_configure_preferoldsa()
+{
 	global $config;
-	if(isset($config['ipsec']['preferoldsa']))
-		set_single_sysctl("net.key.preferred_oldsa", "-30");
-	else
-		set_single_sysctl("net.key.preferred_oldsa", "0");
-}
 
-?>
+	if (isset($config['ipsec']['preferoldsa'])) {
+		set_single_sysctl("net.key.preferred_oldsa", "-30");
+	} else {
+		set_single_sysctl("net.key.preferred_oldsa", "0");
+	}
+}
diff --git a/src/etc/inc/vslb.inc b/src/etc/inc/vslb.inc
index 65a4937f3..5f338c648 100644
--- a/src/etc/inc/vslb.inc
+++ b/src/etc/inc/vslb.inc
@@ -183,8 +183,7 @@ function relayd_configure($kill_first=false) {
 		}
 	}
 
-
-	$fd = fopen("{$g['varetc_path']}/relayd.conf", "w");
+	$fd = fopen('/var/etc/relayd.conf', 'w');
 	$conf .= "log updates \n";
 
 	/* Global timeout, interval and prefork settings
@@ -355,13 +354,13 @@ function relayd_configure($kill_first=false) {
 	if (is_process_running('relayd')) {
 		if (! empty($vs_a)) {
 			if ($kill_first) {
-				mwexec('pkill relayd');
+				killbyname('relayd');
 				/* Remove all active relayd anchors now that relayd is no longer running. */
-				cleanup_lb_anchor("*");
-				mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
+				cleanup_lb_anchor('*');
+				mwexec('/usr/local/sbin/relayd -f /var/etc/relayd.conf');
 			} else {
 				// it's running and there is a config, just reload
-				mwexec("/usr/local/sbin/relayctl reload");
+				mwexec('/usr/local/sbin/relayctl reload');
 			}
 		} else {
 			/*
@@ -371,7 +370,7 @@ function relayd_configure($kill_first=false) {
 			 * mwexec('/usr/local/sbin/relayctl stop');
 			 *  returns "command failed"
 			 */
-			mwexec('pkill relayd');
+			killbyname('relayd');
 			/* Remove all active relayd anchors now that relayd is no longer running. */
 			cleanup_lb_anchor("*");
 		}
@@ -379,8 +378,8 @@ function relayd_configure($kill_first=false) {
 		if (! empty($vs_a)) {
 			// not running and there is a config, start it
 			/* Remove all active relayd anchors so it can start fresh. */
-			cleanup_lb_anchor("*");
-			mwexec("/usr/local/sbin/relayd -f {$g['varetc_path']}/relayd.conf");
+			cleanup_lb_anchor('*');
+			mwexec('/usr/local/sbin/relayd -f /var/etc/relayd.conf');
 		}
 	}
 }
@@ -557,5 +556,5 @@ function cleanup_lb_marked()
 		}
 	}
 
-	unlink_if_exists($filename);
+	@unlink($filename);
 }
diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip
index db6340aec..c859d199d 100755
--- a/src/etc/rc.newwanip
+++ b/src/etc/rc.newwanip
@@ -95,15 +95,15 @@ if ($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) {
 
 
 $oldip = "0.0.0.0";
-if (file_exists("{$g['vardb_path']}/{$interface}_cacheip"))
-	$oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip");
+if (file_exists("/var/db/{$interface}_cacheip"))
+	$oldip = file_get_contents("/var/db/{$interface}_cacheip");
 
 /* regenerate resolv.conf if DNS overrides are allowed */
 system_resolvconf_generate(true);
 
 /* write the current interface IP to file */
 if (is_ipaddr($curwanip))
-	@file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip);
+	@file_put_contents("/var/db/{$interface}_ip", $curwanip);
 
 link_interface_to_vips($interface, "update");
 
@@ -174,7 +174,7 @@ if (!is_ipaddr($oldip) || $curwanip != $oldip || !is_ipaddrv4($config['interface
 	setup_gateways_monitor();
 
 	if (is_ipaddr($curwanip))
-		@file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip);
+		@file_put_contents("/var/db/{$interface}_cacheip", $curwanip);
 
 	/* perform RFC 2136 DNS update */
 	services_dnsupdate_process($interface);
diff --git a/src/etc/rc.newwanipv6 b/src/etc/rc.newwanipv6
index 5c9b41c90..58b0ba167 100755
--- a/src/etc/rc.newwanipv6
+++ b/src/etc/rc.newwanipv6
@@ -87,21 +87,21 @@ if (!empty($new_domain_name_servers)) {
 	}
 
 	if (count($valid_ns > 0))
-		file_put_contents("{$g['varetc_path']}/nameserver_v6{$interface}", implode("\n", $valid_ns));
+		file_put_contents("/var/etc/nameserver_v6{$interface}", implode("\n", $valid_ns));
 }
 $new_domain_name = getenv("new_domain_name");
 if (!empty($new_domain_name))
-	file_put_contents("{$g['varetc_path']}/searchdomain_v6{$interface}", $new_domain_name);
+	file_put_contents("/var/etc/searchdomain_v6{$interface}", $new_domain_name);
 
 /* write current WAN IPv6 to file */
 if (is_ipaddrv6($curwanipv6))
-	@file_put_contents("{$g['vardb_path']}/{$interface}_ipv6", $curwanipv6);
+	@file_put_contents("/var/db/{$interface}_ipv6", $curwanipv6);
 
 log_error("rc.newwanipv6: on (IP address: {$curwanipv6}) (interface: {$interface}) (real interface: {$interface_real}).");
 
 $oldipv6 = "";
-if (file_exists("{$g['vardb_path']}/{$interface}_cacheipv6"))
-	$oldipv6 = file_get_contents("{$g['vardb_path']}/{$interface}_cacheipv6");
+if (file_exists("/var/db/{$interface}_cacheipv6"))
+	$oldipv6 = file_get_contents("/var/db/{$interface}_cacheipv6");
 
 $grouptmp = link_interface_to_group($interface);
 if (!empty($grouptmp))
@@ -136,7 +136,7 @@ if (is_ipaddrv6($oldipv6)) {
 	} else if (does_interface_exist($interface_real))
 		mwexec("/sbin/ifconfig {$interface_real} inet6 {$oldipv6} delete");
 
-	file_put_contents("{$g['vardb_path']}/{$interface}_cacheipv6", $curwanipv6);
+	file_put_contents("/var/db/{$interface}_cacheipv6", $curwanipv6);
 }
 
 /* perform RFC 2136 DNS update */
diff --git a/src/etc/rc.openvpn b/src/etc/rc.openvpn
index 8590e97d8..20be390c4 100755
--- a/src/etc/rc.openvpn
+++ b/src/etc/rc.openvpn
@@ -45,7 +45,7 @@ function openvpn_resync_if_needed ($mode, $ovpn_settings, $interface) {
 	} else {
 		if (!empty($interface)) {
 			$mode_id = $mode . $ovpn_settings['vpnid'];
-			$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
+			$fpath = "/var/etc/openvpn/{$mode_id}.interface";
 			if (file_exists($fpath)) {
 				$current_device = file_get_contents($fpath);
 				$current_device = trim($current_device, " \t\n");
diff --git a/src/opnsense/mvc/app/config/config.php b/src/opnsense/mvc/app/config/config.php
index 1d8c8bfb1..7bae63091 100644
--- a/src/opnsense/mvc/app/config/config.php
+++ b/src/opnsense/mvc/app/config/config.php
@@ -20,9 +20,7 @@ return new \Phalcon\Config(array(
     'globals' => array(
         'config_path'    => '/conf/',
         'temp_path'      => '/tmp/',
-        'vardb_path'     => '/var/db/',
         'debug'          => false,
         'simulate_mode'  => false
-
     )
 ));
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php
index f37477920..5f3a13abb 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/Api/ServiceController.php
@@ -45,7 +45,7 @@ class ServiceController extends ApiControllerBase
     public function startAction()
     {
         $backend = new Backend();
-        $response = $backend->configdRun("service start proxy");
+        $response = $backend->configdRun("proxy start", true);
         return array("response" => $response);
     }
 
@@ -56,7 +56,7 @@ class ServiceController extends ApiControllerBase
     public function stopAction()
     {
         $backend = new Backend();
-        $response = $backend->configdRun("service stop proxy");
+        $response = $backend->configdRun("proxy stop");
         return array("response" => $response);
     }
 
@@ -67,7 +67,7 @@ class ServiceController extends ApiControllerBase
     public function restartAction()
     {
         $backend = new Backend();
-        $response = $backend->configdRun("service restart proxy");
+        $response = $backend->configdRun("proxy restart");
         return array("response" => $response);
     }
 
@@ -79,7 +79,7 @@ class ServiceController extends ApiControllerBase
     public function statusAction()
     {
         $backend = new Backend();
-        $response = $backend->configdRun("service status proxy");
+        $response = $backend->configdRun("proxy status");
 
         if (strpos($response, "not running") > 0) {
             $status = "stopped";
@@ -117,7 +117,7 @@ class ServiceController extends ApiControllerBase
         // (res)start daemon
         if ($mdlProxy->general->enabled->__toString() == 1) {
             if ($runStatus['status'] == "running") {
-                $backend->configdRun("service reconfigure proxy");
+                $backend->configdRun("proxy reconfigure");
             } else {
                 $this->startAction();
             }
diff --git a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php
index ae600f004..7495920b6 100644
--- a/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php
+++ b/src/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php
@@ -122,8 +122,7 @@ class DB
     public function open()
     {
         // open database
-        $db_path = FactoryDefault::getDefault()->get('config')->globals->vardb_path .
-            "/captiveportal" . $this->zone . ".db";
+        $db_path = "/var/db/captiveportal{$this->zone}.db";
 
         try {
             $this->handle = new Sqlite(array("dbname" => $db_path));
diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
index d4199c933..33816fa5d 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@@ -35,8 +35,25 @@
                 <Required>Y</Required>
             </dnsV4First>
             <forwardedForHandling type="OptionField">
+                <default>on</default>
+                <Required>N</Required>
+                <OptionValues>
+                    <on>Append client's IP (on)</on>
+                    <off>Set forward header to unknown (off)</off>
+                    <transparent>Do not alter forward header (transparent)</transparent>
+                    <truncate>Replace all with client's IP (truncate)</truncate>
+                </OptionValues>
             </forwardedForHandling>
             <uriWhitespaceHandling type="OptionField">
+                <default>strip</default>
+                <Required>N</Required>
+                <OptionValues>
+                    <strip>Strip whitespaces</strip>
+                    <deny>Deny request</deny>
+                    <allow>Allow whitespaces</allow>
+                    <encode>Encode whitespaces (RFC1738)</encode>
+                    <chop>Chop URI at first whitespace</chop>
+                </OptionValues>
             </uriWhitespaceHandling>
             <useViaHeader type="BooleanField">
                 <default>1</default>
@@ -46,6 +63,66 @@
                 <default>0</default>
                 <Required>N</Required>
             </suppressVersion>
+            <cache>
+                <local>
+                    <enabled type="BooleanField">
+                        <default>0</default>
+                        <Required>Y</Required>
+                    </enabled>
+                    <directory type="TextField">
+                        <default>/var/squid/cache</default>
+                        <Required>Y</Required>
+                    </directory>
+                    <size type="IntegerField">
+                        <default>100</default>
+                        <MinimumValue>1</MinimumValue>
+                        <ValidationMessage>"Specify a positive cache size. (number of MB's)"</ValidationMessage>
+                        <Required>Y</Required>
+                    </size>
+                    <l1 type="IntegerField">
+                        <default>16</default>
+                        <MinimumValue>1</MinimumValue>
+                        <ValidationMessage>"Specify a positive number of first-level subdirectories."</ValidationMessage>
+                        <Required>Y</Required>
+                    </l1>
+                    <l2 type="IntegerField">
+                        <default>256</default>
+                        <MinimumValue>1</MinimumValue>
+                        <ValidationMessage>"Specify a positive number of second-level subdirectories."</ValidationMessage>
+                        <Required>Y</Required>
+                    </l2>
+                </local>
+            </cache>
+            <traffic>
+                <enabled type="BooleanField">
+                    <default>0</default>
+                    <Required>Y</Required>
+                </enabled>
+                <maxDownloadSize type="IntegerField">
+                    <default>2048</default>
+                    <MinimumValue>1</MinimumValue>
+                    <ValidationMessage>"Specify the maximum download size. (number of KB's)"</ValidationMessage>
+                    <Required>N</Required>
+                </maxDownloadSize>
+                <maxUploadSize type="IntegerField">
+                    <default>1024</default>
+                    <MinimumValue>1</MinimumValue>
+                    <ValidationMessage>"Specify the maximum upload size. (number of KB's)"</ValidationMessage>
+                    <Required>N</Required>
+                </maxUploadSize>
+                <OverallBandwidthTrotteling type="IntegerField">
+                    <default>1024</default>
+                    <MinimumValue>1</MinimumValue>
+                    <ValidationMessage>"Specify the overall bandwidth for downloads in kilobits per second."</ValidationMessage>
+                    <Required>N</Required>
+                </OverallBandwidthTrotteling>
+                <perHostTrotteling type="IntegerField">
+                    <default>256</default>
+                    <MinimumValue>1</MinimumValue>
+                    <ValidationMessage>"Specify the per host bandwidth for downloads in kilobits per second."</ValidationMessage>
+                    <Required>N</Required>
+                </perHostTrotteling>
+            </traffic>
         </general>
         <forward>
             <interfaces type="CSVListField">
diff --git a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt b/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
index 437eeed50..5e0485f0c 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
@@ -234,19 +234,80 @@ maxheight: define max height of select box, default=170px to hold 5 items
                         replies as required by RFC2616.',
                 'advanced':'true'
                 ],
+                ['id':'proxy.general.forwardedForHandling',
+                'label':'X-Forwarded for header handling',
+                'type':'dropdown',
+                'help':'Select what to do with X-Forwarded for header.',
+                'advanced':'true'
+                ],
                 ['id': 'proxy.general.suppressVersion',
                 'label':'Suppress version string',
                 'type':'checkbox',
                 'help':'Suppress Squid version string info in HTTP headers and HTML error pages.',
                 'advanced':'true'
+                ],
+                ['id':'proxy.general.uriWhitespaceHandling',
+                'label':'Whitespace handling of URI',
+                'type':'dropdown',
+                'help':'Select what to do with URI that contain whitespaces.<br/>
+                        <div class="text-info"><b>NOTE:</b> the current Squid implementation of encode and chop violates
+                        RFC2616 by not using a 301 redirect after altering the URL.</div>',
+                'advanced':'true'
                 ]}
             ],
-            [ 'proxy-general-cache','Local Cache Settings',
-                {['id': 'proxy.general.enabled',
-                'label':'Enable proxy',
+            [ 'proxy-general-cache-local','Local Cache Settings',
+                {['id': 'proxy.general.cache.local.enabled',
+                'label':'Enable local cache.',
                 'type':'checkbox',
-                'help':'Enable or disable the proxy service.'
+                'help':'Enable or disable the local cache.<br/>
+                        Curently only ufs directory cache type is supported.<br/>
+                        <b class="text-danger">Do not enable on embedded systems with SD or CF cards as this may break your drive.</b>'
+                ],
+                ['id': 'proxy.general.cache.local.size',
+                'label':'Cache size in Megabytes',
+                'type':'text',
+                'help':'Enter the storage size for the local cache (default is 100).',
+                'advanced':'true'
+                ],
+                ['id': 'proxy.general.cache.local.l1',
+                'label':'Number of first-level subdirectories',
+                'type':'text',
+                'help':'Enter the number of first-level subdirectories for the local cache (default is 16).',
+                'advanced':'true'
+                ],
+                ['id': 'proxy.general.cache.local.l2',
+                'label':'Number of second-level subdirectories',
+                'type':'text',
+                'help':'Enter the number of first-level subdirectories for the local cache (default is 256).',
+                'advanced':'true'
                 ]}
+            ],
+            [ 'proxy-general-traffic','Traffic Management Settings',
+                    {['id': 'proxy.general.traffic.enabled',
+                    'label':'Enable traffic management.',
+                    'type':'checkbox',
+                    'help':'Enable or disable traffic management.'
+                    ],
+                    ['id': 'proxy.general.traffic.maxDownloadSize',
+                    'label':'Maximum download size (Kb)',
+                    'type':'text',
+                    'help':'Enter the maxium size for downloads in kilobytes (leave empty to disable).'
+                    ],
+                    ['id': 'proxy.general.traffic.maxUploadSize',
+                    'label':'Maximum upload size (Kb)',
+                    'type':'text',
+                    'help':'Enter the maxium size for uploads in kilobytes (leave empty to disable).'
+                    ],
+                    ['id': 'proxy.general.traffic.OverallBandwidthTrotteling',
+                    'label':'Overall bandwidth throtteling (Kbps)',
+                    'type':'text',
+                    'help':'Enter the allowed overall bandtwith in kilobits per second (leave empty to disable).'
+                    ],
+                    ['id': 'proxy.general.traffic.perHostTrotteling',
+                    'label':'Per host bandwidth throtteling (Kbps)',
+                    'type':'text',
+                    'help':'Enter the allowed per host bandtwith in kilobits per second (leave empty to disable).'
+                    ]}
             ]}
         ],
         ['proxy-forward','Forward Proxy','subtabs': {
@@ -266,7 +327,7 @@ maxheight: define max height of select box, default=170px to hold 5 items
                 ['id': 'proxy.forward.transparentMode',
                 'label':'Enable Transparent HTTP proxy',
                 'type':'checkbox',
-                'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
+                'help':'Enable transparent proxy mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
                 ],
                 ['id': 'proxy.forward.addACLforInterfaceSubnets',
                 'label':'Allow interface subnets',
diff --git a/src/opnsense/service/conf/actions.d/actions_proxy.conf b/src/opnsense/service/conf/actions.d/actions_proxy.conf
index 5be4b8608..18fab1097 100644
--- a/src/opnsense/service/conf/actions.d/actions_proxy.conf
+++ b/src/opnsense/service/conf/actions.d/actions_proxy.conf
@@ -1,28 +1,28 @@
-[start.proxy]
-command:/usr/local/etc/rc.d/squid start
+[start]
+command:/usr/local/sbin/squid -z;/usr/local/etc/rc.d/squid start
 parameters:
 type:script
 message:starting proxy
 
-[stop.proxy]
+[stop]
 command:/usr/local/etc/rc.d/squid stop;/usr/bin/killall squid;exit 0
 parameters:
 type:script
 message:stopping proxy
 
-[restart.proxy]
+[restart]
 command:/usr/local/etc/rc.d/squid restart
 parameters:
 type:script
 message:restarting proxy
 
-[reconfigure.proxy]
+[reconfigure]
 command:/usr/local/etc/rc.d/squid reload
 parameters:
 type:script
 message:reconfigure proxy
 
-[status.proxy]
+[status]
 command:/usr/local/etc/rc.d/squid status;exit 0
 parameters:
 type:script_output
diff --git a/src/opnsense/service/modules/processhandler.py b/src/opnsense/service/modules/processhandler.py
index 400982051..ac5e04442 100644
--- a/src/opnsense/service/modules/processhandler.py
+++ b/src/opnsense/service/modules/processhandler.py
@@ -274,7 +274,8 @@ class ActionHandler(object):
         if command in self.action_map:
             if action in self.action_map[command]:
                 if type(self.action_map[command][action]) == dict:
-                    if len(parameters) > 0 and parameters[0] in self.action_map[command][action]:
+                    if parameters is not None and len(parameters) > 0 \
+                            and parameters[0] in self.action_map[command][action]:
                         # 3 level action (  "interface linkup start" for example )
                         if isinstance(self.action_map[command][action][parameters[0]], Action):
                             action_obj = self.action_map[command][action][parameters[0]]
diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
index fbb2503f1..feba67679 100644
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -8,7 +8,6 @@
 {%      for intf_key,intf_item in interfaces.iteritems() %}
 {%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
 http_port {{intf_item.ipaddr}}:{{  OPNsense.proxy.forward.port }} {%if OPNsense.proxy.forward.transparentMode == '1' %}tproxy{% endif %}
-
 {%          endif %}
 {%      endfor %}
 {# virtual ip's #}
@@ -25,88 +24,90 @@ http_port {{intf_item.subnet}}:{{  OPNsense.proxy.forward.port }}
 # Rules allowing access from your local networks.
 # Generated list of (internal) IP networks from where browsing
 # should be allowed. (Allow interface subnets).
-{% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
-{%  if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
-{%   for interface in OPNsense.proxy.forward.interfaces.split(",") %}
-{%      for intf_key,intf_item in interfaces.iteritems() %}
-{%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
-acl localnet src {{intf_item.ipaddr}}/{{intf_item.subnet}} # Possible internal network
-{%          endif %}
-{%      endfor %}
-{%      if helpers.exists('virtualip') %}
-{%          for intf_key,intf_item in virtualip.iteritems() %}
-{%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
-acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
+{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
+{%  if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
+{%      if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
+{%      for interface in OPNsense.proxy.forward.interfaces.split(",") %}
+{%          for intf_key,intf_item in interfaces.iteritems() %}
+{%              if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
+acl localnet src {{intf_item.ipaddr.split(".")[0:3]|join(".")}}.0/{{intf_item.subnet}} # Possible internal network
 {%              endif %}
 {%          endfor %}
+{%          if helpers.exists('virtualip') %}
+{%              for intf_key,intf_item in virtualip.iteritems() %}
+{%                  if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
+acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
+{%                  endif %}
+{%              endfor %}
+{%          endif %}
+{%      endfor %}
 {%      endif %}
-{%   endfor %}
 {%  endif %}
 {% endif %}
-
 # Default allow for local-link and private networks
 acl localnet src fc00::/7       # RFC 4193 local private network range
 acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
 
 # Default localhost and to_localhost acl's
-acl localhost src 127.0.0.1/32 ::1
-acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
+#acl localhost src 127.0.0.1/32 ::1
+#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
 
 # ACL lists
 {% if helpers.exists('OPNsense.proxy.forward.acl.allowedSubnets') %}
+
 # ACL - Allow Subnets - User defined (subnets)
 {%  for network in OPNsense.proxy.forward.acl.allowedSubnets.split(",") %}
 acl subnets src {{network}}
 {%  endfor %}
 {% endif %}
-
 {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}
+
 # ACL - Unrestricted IPs - User defined (unrestricted)
 {%  for ip in OPNsense.proxy.forward.acl.unrestricted.split(",") %}
 acl unrestricted src {{ip}}
 {%  endfor %}
 {% endif %}
-
 {% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %}
+
 # ACL - Banned Hosts - User defined (bannedHosts)
 {%  for ip in OPNsense.proxy.forward.acl.bannedHosts.split(",") %}
 acl bannedHosts src {{ip}}
 {%  endfor %}
 {% endif %}
-
 {% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}
 # ALC - Whitelist - User defined (whiteList)
 {%  for element in OPNsense.proxy.forward.acl.whiteList.split(",") %}
-{%      if '^' or '\\' or '$' or '[' in element %}
+{%      if ('^' or '\\' or '$' or '[') in element %}
 acl whiteList url_regex {{element}}
 {%      else %}
-acl dstdomain {{element}}
+acl whiteList url_regex .+{{element|replace(".","\.")}}
 {%      endif %}
 {%  endfor %}
 {% endif %}
-
 {% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %}
+
 # ALC - Blacklist - User defined (blackList)
 {%  for element in OPNsense.proxy.forward.acl.blackList.split(",") %}
-{%      if '^' or '\\' or '$' or '[' in element %}
-acl url_regex {{element}}
+{%      if ('^' or '\\' or '$' or '[') in element %}
+acl blackList url_regex {{element}}
 {%      else %}
-acl blackList dstdomain {{element}}
+acl blackList url_regex .+{{element|replace(".","\.")}}
 {%      endif %}
 {%  endfor %}
 {% endif %}
-
 {% if helpers.exists('OPNsense.proxy.forward.acl.browser') %}
+
 # ALC - Block browser/user-agent - User defined (browser)
 {%  for element in OPNsense.proxy.forward.acl.browser.split(",") %}
 acl blockuseragents browser {{element}}
 {%  endfor %}
 {% endif %}
-
 {% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %}
+
 # ALC - Block MIME types - User defined (mimetype)
 {%  for element in OPNsense.proxy.forward.acl.mimeType.split(",") %}
 acl blockmimetypes rep_mime_type {{element}}
+acl blockmimetypes_requests req_mime_type {{element}}
 {%  endfor %}
 {% endif %}
 
@@ -144,20 +145,25 @@ auth_param basic children {{OPNsense.proxy.forward.authentication.children}}
 # ACL - Local Authorized Users - local_auth
 acl local_auth proxy_auth REQUIRED
 {% endif %}
-
-# ALLOW UNRESTRICTED
 {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}
 
+# ALLOW UNRESTRICTED
 # ACL list (Allow) unrestricted
 http_access allow unrestricted
 {% endif %}
 
-#
+{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}
+
+# ACL list (Allow) whitelist
+http_access allow whiteList
+{% endif %}
+
 {% if helpers.exists('OPNsense.proxy.forward.acl.blackList') %}
+
+#
 # ACL list (Deny) blacklist
 http_access deny blackList
 {% endif %}
-
 {% if helpers.exists('OPNsense.proxy.forward.acl.browser') %}
 
 # ACL list (Deny) blockuseragent
@@ -167,14 +173,17 @@ http_access deny blockuseragents
 {% if helpers.exists('OPNsense.proxy.forward.acl.mimeType') %}
 
 # ACL list (Deny) blockmimetypes
-http_access deny blockmimetypes
+http_reply_access deny blockmimetypes {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}
+
+http_access deny blockmimetypes_requests {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted {% endif %}
+
 {% endif %}
 
 # Deny requests to certain unsafe ports
-http_access deny !Safe_ports
+http_access deny !Safe_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
 
 # Deny CONNECT to other than secure SSL ports
-http_access deny CONNECT !SSL_ports
+http_access deny CONNECT !SSL_ports {% if helpers.exists('OPNsense.proxy.forward.acl.unrestricted') %}!unrestricted{% endif %}
 
 {% if helpers.exists('OPNsense.proxy.forward.acl.bannedHosts') %}
 http_access deny bannedHosts
@@ -189,12 +198,6 @@ http_access deny manager
 # one who can access services on "localhost" is a local user
 http_access deny to_localhost
 
-{% if helpers.exists('OPNsense.proxy.forward.acl.whiteList') %}
-
-# ACL list (Allow) whitelist
-http_access allow whiteList
-{% endif %}
-
 #
 # Access Permission configuration:
 #
@@ -218,8 +221,12 @@ http_access allow subnets
 # Deny all other access to this proxy
 http_access deny all
 
+{% if helpers.exists('OPNsense.proxy.general.cache.local')  %}
+{%  if OPNsense.proxy.general.cache.local.enabled == '1' %}
 # Uncomment and adjust the following to add a disk cache directory.
-#cache_dir ufs /var/squid/cache 100 16 256
+cache_dir ufs {{OPNsense.proxy.general.cache.local.directory}} {{OPNsense.proxy.general.cache.local.size}} {{OPNsense.proxy.general.cache.local.l1}} {{OPNsense.proxy.general.cache.local.l2}}
+{%  endif %}
+{% endif %}
 
 # Leave coredumps in the first cache dir
 coredump_dir /var/squid/cache
@@ -273,3 +280,40 @@ httpd_suppress_version_string on
 icp_port {{OPNsense.proxy.general.icpPort}}
 {%      endif %}
 {% endif %}
+{% if helpers.exists('OPNsense.proxy.general.uriWhitespaceHandling') %}
+# URI hanlding with Whitespaces (default=strip)
+uri_whitespace {{OPNsense.proxy.general.uriWhitespaceHandling}}
+{% endif %}
+{% if helpers.exists('OPNsense.proxy.general.forwardedForHandling') %}
+# X-Forwarded header handling (default=on)
+forwarded_for {{OPNsense.proxy.general.forwardedForHandling}}
+{% endif %}
+{% if helpers.exists('OPNsense.proxy.general.traffic.enabled') and OPNsense.proxy.general.traffic.enabled == '1' %}
+{%  if helpers.exists('OPNsense.proxy.general.traffic.maxDownloadSize') %}
+# Define max download size
+reply_body_max_size {{OPNsense.proxy.general.traffic.maxDownloadSize}} KB
+{%  endif %}
+{%  if helpers.exists('OPNsense.proxy.general.traffic.maxUploadSize') %}
+# Define max upload size
+request_body_max_size {{OPNsense.proxy.general.traffic.maxUploadSize}} KB
+{%  endif %}
+{%  if helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %}
+delay_pools 1
+delay_class 1 3
+delay_access 1 allow all
+{%      if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') %}
+# Define PerHost and Overall Bandwith Trotteling
+delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}} -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}
+{%      else %}
+# Define PerHost Trotteling
+delay_parameters -1/-1 {{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.perHostTrotteling|int // 8 * 1000}}
+{%      endif %}
+{%  endif %}
+{%  if helpers.exists('OPNsense.proxy.general.traffic.OverallBandwidthTrotteling') and not helpers.exists('OPNsense.proxy.general.traffic.perHostTrotteling') %}
+# Define Overall Bandwidth Trotteling
+delay_pools 1
+delay_class 1 1
+delay_access 1 allow all
+delay_parameters 1 {{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}/{{OPNsense.proxy.general.traffic.OverallBandwidthTrotteling|int // 8 * 1000}}
+{%  endif %}
+{% endif %}
diff --git a/src/opnsense/www/js/jquery.tokenize.js b/src/opnsense/www/js/jquery.tokenize.js
index d2e32454a..35c0a815d 100755
--- a/src/opnsense/www/js/jquery.tokenize.js
+++ b/src/opnsense/www/js/jquery.tokenize.js
@@ -479,17 +479,17 @@
         },
 
         tokenRemove: function(value){
-
-            var option = $('option[value="' + value.replace('\\','\\\\') + '"]', this.select);
+            var new_value=value.replace(/\\/g,'\\\\').replace(/\*/g,'\\*'); // add escape character
+            var option = $('option[value="' + new_value + '"]', this.select);
             if(option.attr('data-type') == 'custom'){
                 option.remove();
             } else {
                 option.removeAttr('selected');
             }
 
-            $('li.Token[data-value="' + value.replace('\\','\\\\')  + '"]', this.tokensContainer).remove();
+            $('li.Token[data-value="' + new_value  + '"]', this.tokensContainer).remove();
 
-            this.options.onRemoveToken(value.replace('\\','\\\\') );
+            this.options.onRemoveToken(new_value );
             this.resizeSearchInput();
             this.dropdownHide();
 
diff --git a/src/pkg/openvpn-client-export.inc b/src/pkg/openvpn-client-export.inc
index 35c894e64..238fd5d27 100644
--- a/src/pkg/openvpn-client-export.inc
+++ b/src/pkg/openvpn-client-export.inc
@@ -63,9 +63,9 @@ function openvpn_client_export_deinstall()
 	$ovpndir = "/usr/local/share/openvpn";
 	$workdir = "{$ovpndir}/client-export";
 
-	unlink_if_exists("/usr/local/www/{$phpfile}");
-	unlink_if_exists("/usr/local/www/{$phpfile2}");
-	unlink_if_exists("/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz");
+	@unlink("/usr/local/www/{$phpfile}");
+	@unlink("/usr/local/www/{$phpfile2}");
+	@unlink("/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz");
 
 	exec("/bin/rm -r {$workdir}");
 }
@@ -363,7 +363,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
 	switch ($expformat) {
 		case "zip":
 			// create template directory
-			$tempdir = "{$g['tmp_path']}/{$prefix}";
+			$tempdir = "/tmp/{$prefix}";
 			@mkdir($tempdir, 0700, true);
 
 			file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
@@ -391,12 +391,12 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
 			}
 			$command = "cd " . escapeshellarg("{$tempdir}/..")
 					. " && /usr/local/bin/zip -r "
-					. escapeshellarg("{$g['tmp_path']}/{$prefix}-config.zip")
+					. escapeshellarg("/tmp/{$prefix}-config.zip")
 					. " " . escapeshellarg($prefix);
 			exec($command);
 			// Remove temporary directory
 			exec("rm -rf " . escapeshellarg($tempdir));
-			return "{$g['tmp_path']}/{$prefix}-config.zip";
+			return "/tmp/{$prefix}-config.zip";
 			break;
 		case "inline":
 		case "inlinedroid":
@@ -422,7 +422,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
 		case "yealink_t38g":
 		case "yealink_t38g2":
 			// create template directory
-			$tempdir = "{$g['tmp_path']}/{$prefix}";
+			$tempdir = "/tmp/{$prefix}";
 			$keydir  = "{$tempdir}/keys";
 			mkdir($tempdir, 0700, true);
 			mkdir($keydir, 0700, true);
@@ -443,14 +443,13 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
 				$keyfile = "{$keydir}/client1.key";
 				file_put_contents($keyfile, base64_decode($cert['prv']));
 			}
-			exec("tar -C {$tempdir} -cf {$g['tmp_path']}/client.tar ./keys ./vpn.cnf");
+			exec("tar -C {$tempdir} -cf /tmp/client.tar ./keys ./vpn.cnf");
 			// Remove temporary directory
 			exec("rm -rf {$tempdir}");
-			return $g['tmp_path'] . "/client.tar";
-			break;
+			return '/tmp/client.tar';
 		case "snom":
 			// create template directory
-			$tempdir = "{$g['tmp_path']}/{$prefix}";
+			$tempdir = "/tmp/{$prefix}";
 			mkdir($tempdir, 0700, true);
 
 			file_put_contents("{$tempdir}/vpn.cnf", $conf);
@@ -469,11 +468,10 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys
 				$keyfile = "{$tempdir}/phone1.key";
 				file_put_contents($keyfile, base64_decode($cert['prv']));
 			}
-			exec("cd {$tempdir}/ && tar -cf {$g['tmp_path']}/vpnclient.tar *");
+			exec("cd {$tempdir}/ && tar -cf /tmp/vpnclient.tar *");
 			// Remove temporary directory
 			exec("rm -rf {$tempdir}");
-			return $g['tmp_path'] . "/vpnclient.tar";
-			break;
+			return '/tmp/vpnclient.tar';
 		default:
 			return $conf;
 	}
@@ -513,7 +511,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri
 	}
 
 	// create template directory
-	$tempdir = $g['tmp_path'] . "/openvpn-export-".uniqid();
+	$tempdir = "/tmp//openvpn-export-".uniqid();
 	mkdir($tempdir, 0700, true);
 
 	// create config directory
@@ -593,7 +591,7 @@ RunProgram="openvpn-postinstall.exe"
 
 	// create the final installer
 	$outfile = "{$tempdir}-install.exe";
-	chdir($g['tmp_path']);
+	chdir('/tmp');
 	exec("/bin/cat {$tempdir}/7zS.sfx {$tempdir}/7zipConfig {$tempdir}/archive.7z > {$outfile}");
 
 	// cleanup
@@ -611,8 +609,8 @@ function viscosity_openvpn_client_config_exporter($srvid, $usrid, $crtid, $usead
 		openvpn_client_export_install();
 
 	$uniq = uniqid();
-	$tempdir = $g['tmp_path'] . "/openvpn-export-" . $uniq;
-	$zipfile = $g['tmp_path'] . "/{$uniq}-Viscosity.visc.zip";
+	$tempdir = "/tmp/openvpn-export-{$uniq}";
+	$zipfile = "/tmp/{$uniq}-Viscosity.visc.zip";
 
 	$validconfig = openvpn_client_export_validate_config($srvid, $usrid, $crtid);
 	if ($validconfig) {
@@ -821,7 +819,7 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
 
 	if ($zipconf == true) {
 		// create template directory
-		$tempdir = "{$g['tmp_path']}/{$prefix}";
+		$tempdir = "/tmp/{$prefix}";
 		mkdir($tempdir, 0700, true);
 
 		file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf);
@@ -830,9 +828,9 @@ function openvpn_client_export_sharedkey_config($srvid, $useaddr, $proxy, $zipco
 		file_put_contents("{$shkeyfile}", base64_decode($settings['shared_key']));
 
 		if(file_exists("/usr/pbi/zip-{$uname_p}/bin/zip"))
-			exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
+			exec("cd {$tempdir}/.. && /usr/pbi/zip-{$uname_p}/bin/zip -r /tmp/{$prefix}-config.zip {$prefix}");
 		else
-			exec("cd {$tempdir}/.. && /usr/local/bin/zip -r {$g['tmp_path']}/{$prefix}-config.zip {$prefix}");
+			exec("cd {$tempdir}/.. && /usr/local/bin/zip -r /tmp/{$prefix}-config.zip {$prefix}");
 
 		// Remove temporary directory
 		exec("rm -rf {$tempdir}");
diff --git a/src/sbin/gmirror_status_check.php b/src/sbin/gmirror_status_check.php
index 3fd88d3ae..0d73b91a5 100644
--- a/src/sbin/gmirror_status_check.php
+++ b/src/sbin/gmirror_status_check.php
@@ -32,7 +32,7 @@ require_once("globals.inc");
 require_once("gmirror.inc");
 
 global $g;
-$status_file = "{$g['varrun_path']}/gmirror.status";
+$status_file = '/var/run/gmirror.status';
 
 $mirror_status = gmirror_get_status();
 $mirror_list = array_keys($mirror_status);
diff --git a/src/share/locale/en/LC_MESSAGES/OPNsense.pot b/src/share/locale/en/LC_MESSAGES/OPNsense.pot
index 473a55226..2844d9bee 100644
--- a/src/share/locale/en/LC_MESSAGES/OPNsense.pot
+++ b/src/share/locale/en/LC_MESSAGES/OPNsense.pot
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: 15.x releases\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2014-03-15 18:00-0400\n"
-"PO-Revision-Date: 2015-04-17 00:00-0400\n"
+"PO-Revision-Date: 2015-04-23 00:00-0400\n"
 "Last-Translator: Isaac (.ike) Levy <ike@blackskyresearch.net>\n"
 "Language-Team: ENGLISH <http://opnsense.org/>\n"
 "Language: EN\n"
@@ -36,17 +36,6 @@ msgstr ""
 msgid " - Submit this to the developers for inspection"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1205
-msgid " >>> Trying to fetch package info..."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1212
-msgid ""
-" >>> Unable to communicate with %1$s. "
-"Please verify DNS and interface configuration, "
-"and that %2$s has functional Internet connectivity."
-msgstr ""
-
 #: src/etc/inc/shaper.inc:672
 msgid " Beware you can lose information."
 msgstr ""
@@ -92,10 +81,6 @@ msgstr ""
 msgid " done!"
 msgstr ""
 
-#: src/etc/inc/array_intersect_key.inc:46
-msgid " is not an array"
-msgstr ""
-
 #: src/www/firewall_nat_out.php:621
 msgid " may also be required."
 msgstr ""
@@ -119,11 +104,6 @@ msgstr ""
 msgid " update(s) are available."
 msgstr ""
 
-#: src/www/pkg_mgr.php:254
-#: src/www/pkg_mgr_installed.php:203
-msgid " version to check its change log."
-msgstr ""
-
 #: src/www/diag_dump_states_sources.php:144
 msgid "# Connections"
 msgstr ""
@@ -158,10 +138,6 @@ msgstr ""
 msgid "#2"
 msgstr ""
 
-#: src/www/system_firmware_restorefullbackup.php:77
-msgid "$filename has been deleted."
-msgstr ""
-
 #: src/www/status_dhcp_leases.php:381
 msgid "$mac - send Wake on LAN packet to this MAC address"
 msgstr ""
@@ -175,19 +151,10 @@ msgstr ""
 msgid "%1$s (%2$s/%3$s) active and good for %4$d Minutes"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:666
-msgid "%1$s at line %2$d"
-msgstr ""
-
 #: src/www/firewall_aliases_edit.php:281
 msgid "%1$s is not a valid %2$s alias."
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:187
-#: src/etc/inc/config.lib.inc:188
-msgid "%1$s is restoring the configuration %2$s"
-msgstr ""
-
 #: src/www/firewall_rules_edit.php:396
 msgid "%s  is not a valid end source port. It must be a port alias or integer between 1 and 65535."
 msgstr ""
@@ -297,14 +264,6 @@ msgstr ""
 msgid "%s made unknown change"
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:89
-msgid "%s packages"
-msgstr ""
-
-#: src/etc/inc/config.console.inc:48
-msgid "%s requires *AT LEAST* %s RAM to function correctly.%s"
-msgstr ""
-
 #: src/www/vpn_ipsec_phase2.php:544
 #: src/www/vpn_ipsec_phase2.php:579
 msgid "%s subnet"
@@ -462,27 +421,6 @@ msgstr ""
 msgid "(this might create problems for some clients)."
 msgstr ""
 
-#: src/etc/inc/smtp.inc:247
-msgid "-3 socket could not be created"
-msgstr ""
-
-
-#: src/etc/inc/smtp.inc:249
-msgid "-4 dns lookup on hostname \"%s\" failed"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:251
-msgid "-5 connection refused or timed out"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:253
-msgid "-6 fdopen() call failed"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:255
-msgid "-7 setvbuf() call failed"
-msgstr ""
-
 #: src/www/system_advanced_misc.php:500
 msgid "/tmp RAM Disk Size"
 msgstr ""
@@ -572,14 +510,6 @@ msgstr ""
 msgid "802.1p"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:93
-msgid ": data access time out"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:96
-msgid ": the server disconnected"
-msgstr ""
-
 #: src/www/services_unbound_acls.php:224
 msgid "<b>Allow Snoop:</b> This action allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host."
 msgstr ""
@@ -671,7 +601,7 @@ msgstr ""
 msgid "A IPv4 subnet can not be over 32 bits."
 msgstr ""
 
-#: src/www/system.php:151
+#: src/www/system_general.php:151
 msgid "A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'."
 msgstr ""
 
@@ -798,10 +728,6 @@ msgstr ""
 msgid "A valid FQDN for 'Peer identifier' must be specified."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:93
-msgid "A valid Hostname must be specified. [%s]"
-msgstr ""
-
 #: src/www/services_unbound_domainoverride_edit.php:76
 msgid ""
 "A valid IP address and port must be specified, for example "
@@ -844,7 +770,7 @@ msgstr ""
 msgid "A valid IP address for 'WINS Server #2' must be specified."
 msgstr ""
 
-#: src/www/system.php:108
+#: src/www/system_general.php:108
 msgid "A valid IP address must be specified for DNS server $dnscounter."
 msgstr ""
 
@@ -1287,10 +1213,6 @@ msgstr ""
 msgid "A valid value for 'Login Banner' must be specified."
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:104
-msgid "A warning is printed on the Dashboard and in the package manager when an unofficial package server is in use."
-msgstr ""
-
 #: src/www/interfaces_ppps_edit.php:734
 msgid "ACFComp"
 msgstr ""
@@ -1608,10 +1530,6 @@ msgstr ""
 msgid "Adding MAC addresses as 'pass' MACs allows them access through the captive portal automatically without being taken to the portal page."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname.php:142
-msgid "Adding allowed Hostnames will allow a DNS hostname access to/from access through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying <em>from</em> addresses, it may be used to always allow pass-through access from a client behind the captive portal."
-msgstr ""
-
 #: src/www/services_captiveportal_ip.php:146
 msgid "Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example."
 msgstr ""
@@ -1637,10 +1555,6 @@ msgstr ""
 msgid "Additional authentication servers can be added here."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1481
-msgid "Additional files... "
-msgstr ""
-
 #: src/www/system_usermanager.php:892
 msgid ""
 "Additional users can be added here. User permissions for accessing "
@@ -1722,7 +1636,7 @@ msgid ""
 "If not specified, heuristics based on the interface "
 msgstr ""
 
-#: src/www/system_advanced_tabs.php:9
+#: src/www/system_advanced_tabs.inc:9
 msgid "Admin Access"
 msgstr ""
 
@@ -1749,9 +1663,9 @@ msgstr ""
 msgid "Advanced Resolver Options"
 msgstr ""
 
-#: src/www/vpn_ipsec_phase1.php:528
-#: src/www/vpn_ipsec_phase2.php:490
-#: src/www/vpn_ipsec_tabs.php:6
+#: src/www/vpn_ipsec_phase1.php:535
+#: src/www/vpn_ipsec_phase2.php:495
+#: src/www/vpn_ipsec_tabs.inc:6
 msgid "Advanced Settings"
 msgstr ""
 
@@ -1949,20 +1863,10 @@ msgstr ""
 msgid "All Users"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname.php:146
-#: src/www/services_captiveportal_hostname.php:153
-msgid "All connections"
-msgstr ""
-
 #: src/www/firewall_rules.php:804
 msgid "All incoming connections on this interface will be blocked until you add pass rules."
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:261
-#: src/www/pkg_mgr_install.php:262
-msgid "All packages reinstalled."
-msgstr ""
-
 #: src/www/services_ntpd_gps.php:425
 msgid "All serial ports are listed, be sure to pick the port with the GPS attached."
 msgstr ""
@@ -1973,7 +1877,6 @@ msgstr ""
 
 #: src/www/diag_smart.php:299
 #: src/www/firewall_aliases.php:176
-#: src/www/pkg_mgr.php:171
 msgid "All"
 msgstr ""
 
@@ -1981,7 +1884,7 @@ msgstr ""
 msgid "Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)."
 msgstr ""
 
-#: src/www/system.php:386
+#: src/www/system_general.php:386
 msgid "Allow DNS server list to be overridden by DHCP/PPP on WAN"
 msgstr ""
 
@@ -2919,13 +2822,8 @@ msgstr ""
 msgid "Allow unprivileged access to tap(4) device nodes"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:88
-msgid "Allowed Hostname"
-msgstr ""
-
 #: src/www/services_captiveportal.php:504
 #: src/www/services_captiveportal_filemanager.php:150
-#: src/www/services_captiveportal_hostname.php:89
 #: src/www/services_captiveportal_ip.php:90
 #: src/www/services_captiveportal_mac.php:156
 #: src/www/services_captiveportal_vouchers.php:447
@@ -2938,7 +2836,6 @@ msgstr ""
 
 #: src/www/services_captiveportal.php:502
 #: src/www/services_captiveportal_filemanager.php:148
-#: src/www/services_captiveportal_hostname.php:88
 #: src/www/services_captiveportal_ip.php:88
 #: src/www/services_captiveportal_mac.php:154
 #: src/www/services_captiveportal_vouchers.php:445
@@ -2973,11 +2870,6 @@ msgstr ""
 msgid "Allows selection of different speeds for the serial console port."
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:1636
-#: src/etc/inc/xmlrpc_client.inc:1652
-msgid "Already initialized as a [%s]"
-msgstr ""
-
 #: src/www/firewall_rules.php:123
 #: src/www/firewall_rules_edit.php:991
 msgid "Alternate Host"
@@ -3058,10 +2950,6 @@ msgstr ""
 msgid "An invalid subnet or alias was specified. [%s/%s]"
 msgstr ""
 
-#: src/www/system_firmware.php:93
-msgid "An upgrade is currently in progress.<p>The firewall will reboot when the operation is complete."
-msgstr ""
-
 #: src/www/system_groupmanager.php:119
 msgid "Another entry with the same group name already exists."
 msgstr ""
@@ -3113,7 +3001,6 @@ msgstr ""
 
 #: src/www/firewall_rules.php:354
 #: src/www/guiconfig.inc:285
-#: src/www/headjs.php:131
 msgid "Apply changes"
 msgstr ""
 
@@ -3122,14 +3009,9 @@ msgid "Apply the action immediately on match."
 msgstr ""
 
 #: src/www/javascript/datepicker/js/datepicker.js:66
-#: src/www/javascript/jquery/jquery-ui-1.11.1.min.js:6
 msgid "April"
 msgstr ""
 
-#: src/www/halt.php:56
-msgid "Are you sure you want to halt the system?"
-msgstr ""
-
 #: src/www/diag_defaults.php:69
 msgid "Are you sure you want to proceed?"
 msgstr ""
@@ -3195,16 +3077,11 @@ msgstr ""
 msgid "Attempting to fetch Organizational Units from"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1206
-msgid "Attempting to reinstall all packages"
-msgstr ""
-
 #: src/www/diag_smart.php:298
 msgid "Attributes"
 msgstr ""
 
 #: src/www/javascript/datepicker/js/datepicker.js:70
-#: src/www/javascript/jquery/jquery-ui-1.11.1.min.js:6
 msgid "August"
 msgstr ""
 
@@ -3251,11 +3128,6 @@ msgstr ""
 msgid "Authentication containers"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:317
-#: src/etc/inc/smtp.inc:347
-msgid "Authentication error:"
-msgstr ""
-
 #: src/www/xmlrpc.php:57
 msgid "Authentication failed"
 msgstr ""
@@ -3295,9 +3167,8 @@ msgstr ""
 msgid "Auto PTP ports"
 msgstr ""
 
-#: src/www/system_firmware_auto.php:47
 #: src/www/system_firmware_check.php:98
-#: src/www/system_firmware_tabs.php:33
+#: src/www/system_firmware_tabs.inc:33
 msgid "Auto Update"
 msgstr ""
 
@@ -3317,10 +3188,6 @@ msgstr ""
 msgid "Auto sync on update"
 msgstr ""
 
-#: src/www/system_firmware_auto.php:200
-msgid "Auto upgrade aborted."
-msgstr ""
-
 #: src/www/interfaces.php:2880
 #: src/www/interfaces.php:2927
 #: src/www/interfaces.php:2939
@@ -3364,10 +3231,6 @@ msgstr ""
 msgid "Automatically ping host"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1088
-msgid "Auxiliary files... "
-msgstr ""
-
 #: src/www/load_balancer_relay_protocol_edit.php:239
 msgid "Available Actions"
 msgstr ""
@@ -3376,11 +3239,6 @@ msgstr ""
 msgid "Available Consumers"
 msgstr ""
 
-#: src/www/pkg_mgr.php:130
-#: src/www/pkg_mgr_installed.php:104
-msgid "Available Packages"
-msgstr ""
-
 #: src/www/foot.inc:25
 msgid "Available Widgets"
 msgstr ""
@@ -3389,22 +3247,11 @@ msgstr ""
 msgid "Available network ports:"
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:98
-msgid "Available packages"
-msgstr ""
-
 #: src/www/services_dhcp.php:791
 #: src/www/services_dhcpv6.php:557
 msgid "Available range"
 msgstr ""
 
-#: src/www/pkg_mgr_installed.php:148
-#: src/www/pkg_mgr_installed.php:150
-#: src/www/pkg_mgr_installed.php:157
-#: src/www/pkg_mgr_installed.php:159
-msgid "Available"
-msgstr ""
-
 #: src/www/system_gateways_edit.php:813
 msgid "Average Delay Replies Qty"
 msgstr ""
@@ -3481,7 +3328,6 @@ msgstr ""
 msgid "Bandwidth cannot be negative."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:201
 #: src/www/services_captiveportal_ip_edit.php:220
 #: src/www/services_captiveportal_mac_edit.php:238
 msgid "Bandwidth down"
@@ -3512,7 +3358,6 @@ msgstr ""
 msgid "Bandwidth must be an integer."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:195
 #: src/www/services_captiveportal_ip_edit.php:213
 #: src/www/services_captiveportal_mac_edit.php:230
 msgid "Bandwidth up"
@@ -3549,7 +3394,6 @@ msgstr ""
 msgid "Base DN:"
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:116
 #: src/www/system_firmware_settings.php:153
 msgid "Base URL:"
 msgstr ""
@@ -3580,19 +3424,6 @@ msgid ""
 "increase significantly."
 msgstr ""
 
-#: src/www/system_firmware_auto.php:103
-msgid "Beginning firmware upgrade"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:622
-msgid "Beginning package installation for %s ."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:620
-#: src/www/pkg_mgr_install.php:169
-msgid "Beginning package installation."
-msgstr ""
-
 #: src/www/firewall_shaper_layer7.php:484
 msgid "Behaviour"
 msgstr ""
@@ -3659,18 +3490,6 @@ msgstr ""
 msgid "Boolean"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:131
-msgid "Bootup information"
-msgstr ""
-
-#: src/www/diag_nanobsd.php:143
-msgid "Bootup slice is currently:"
-msgstr ""
-
-#: src/www/diag_nanobsd.php:140
-msgid "Bootup"
-msgstr ""
-
 #: src/etc/inc/shaper.inc:2426
 msgid "Borrow from other queues when available"
 msgstr ""
@@ -3696,7 +3515,6 @@ msgstr ""
 #: src/www/interfaces.php:3176
 #: src/www/interfaces.php:3186
 #: src/www/interfaces.php:3195
-#: src/www/services_captiveportal_hostname_edit.php:170
 msgid "Both"
 msgstr ""
 
@@ -3820,7 +3638,7 @@ msgstr ""
 msgid "By default NTP will listen for all supported NMEA sentences. Here one or more sentences to listen for may be specified."
 msgstr ""
 
-#: src/www/system.php:401
+#: src/www/system_general.php:401
 msgid ""
 "By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on Localhost, so system can use the local DNS service to perform lookups. "
 "Checking this box omits localhost from the list of DNS servers."
@@ -3942,11 +3760,6 @@ msgstr ""
 msgid "CARP"
 msgstr ""
 
-#: src/www/system_manager_tabs.php:5
-#: src/www/system_tabs.php:4
-msgid "CAs"
-msgstr ""
-
 #: src/www/vpn_l2tp.php:391
 msgid "CHAP"
 msgstr ""
@@ -4008,10 +3821,6 @@ msgstr ""
 msgid "Can't find PPP config for %s in interface_ppps_configure()."
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:155
-msgid "Can't introspect: method unknown"
-msgstr ""
-
 #: src/www/firewall_aliases_edit.php:750
 #: src/www/firewall_aliases_import.php:214
 #: src/www/firewall_nat_1to1_edit.php:567
@@ -4089,10 +3898,6 @@ msgstr ""
 msgid "Cannot get CPU load"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1214
-msgid "Cannot reinstall packages: "
-msgstr ""
-
 #: src/www/diag_logs_filter.php:42
 msgid "Cannot resolve"
 msgstr ""
@@ -4140,8 +3945,6 @@ msgstr ""
 
 #: src/www/services_captiveportal.php:56
 #: src/www/services_captiveportal_filemanager.php:59
-#: src/www/services_captiveportal_hostname.php:49
-#: src/www/services_captiveportal_hostname_edit.php:46
 #: src/www/services_captiveportal_ip.php:48
 #: src/www/services_captiveportal_ip_edit.php:47
 #: src/www/services_captiveportal_mac.php:52
@@ -4158,7 +3961,6 @@ msgstr ""
 
 #: src/www/services_captiveportal.php:500
 #: src/www/services_captiveportal_filemanager.php:146
-#: src/www/services_captiveportal_hostname.php:86
 #: src/www/services_captiveportal_ip.php:86
 #: src/www/services_captiveportal_mac.php:152
 #: src/www/services_captiveportal_vouchers.php:443
@@ -4173,11 +3975,6 @@ msgstr ""
 msgid "Captiveportal"
 msgstr ""
 
-#: src/www/pkg_mgr.php:201
-#: src/www/pkg_mgr_installed.php:118
-msgid "Category"
-msgstr ""
-
 #: src/www/status_interfaces.php:235
 msgid "Cell Current Down"
 msgstr ""
@@ -4210,7 +4007,7 @@ msgstr ""
 msgid "Cell Upstream"
 msgstr ""
 
-#: src/www/status_rrd_graph_tabs.php:23
+#: src/www/status_rrd_graph_tabs.inc:23
 msgid "Cellular"
 msgstr ""
 
@@ -4270,8 +4067,7 @@ msgstr ""
 msgid "Certificate Revocation List data"
 msgstr ""
 
-#: src/www/system_manager_tabs.php:7
-#: src/www/system_tabs.php:6
+#: src/www/system_certificates_tabs.inc:8
 msgid "Certificate Revocation"
 msgstr ""
 
@@ -4301,10 +4097,10 @@ msgstr ""
 msgid "Certificate"
 msgstr ""
 
+#: src/www/fbegin.inc:129
 #: src/www/system_camanager.php:601
+#: src/www/system_certificates_tabs.inc:6
 #: src/www/system_crlmanager.php:549
-#: src/www/system_manager_tabs.php:6
-#: src/www/system_tabs.php:5
 msgid "Certificates"
 msgstr ""
 
@@ -4328,10 +4124,6 @@ msgstr ""
 msgid "Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1513
-msgid "Changing file mode to %1$s for %2$s%3$s%4$s"
-msgstr ""
-
 #: src/www/system_gateway_groups_edit.php:89
 msgid "Changing name on a gateway group is not allowed."
 msgstr ""
@@ -4373,10 +4165,6 @@ msgstr ""
 msgid "Checking ..."
 msgstr ""
 
-#: src/etc/inc/filter.inc:3576
-msgid "Checking for %1$s PF hooks in package %2$s"
-msgstr ""
-
 #: src/www/system_advanced_network.php:246
 msgid "Checking this option will disable hardware TCP segmentation offloading (TSO, TSO4, TSO6). This offloading is broken in some hardware drivers, and may impact performance with some specific NICs."
 msgstr ""
@@ -4415,7 +4203,7 @@ msgid ""
 "These are valid for TCP and UDP protocols only."
 msgstr ""
 
-#: src/www/system.php:463
+#: src/www/system_general.php:463
 msgid "Choose a language for the webConfigurator"
 msgstr ""
 
@@ -4553,18 +4341,6 @@ msgstr ""
 msgid "Clear"
 msgstr ""
 
-#: src/www/pkg_mgr.php:254
-msgid "Click "
-msgstr ""
-
-#: src/www/system_firmware.php:236
-msgid "Click \"Enable firmware upload\" to begin."
-msgstr ""
-
-#: src/www/system_firmware.php:257
-msgid "Click \"Upgrade firmware\" to start the upgrade process."
-msgstr ""
-
 #: src/www/interfaces.php:2613
 #: src/www/interfaces.php:2618
 #: src/www/interfaces.php:2722
@@ -4578,24 +4354,6 @@ msgstr ""
 msgid "Click individual date to select that date only. Click the appropriate weekday Header to select all occurrences of that weekday."
 msgstr ""
 
-#: src/www/pkg_mgr_installed.php:203
-msgid ""
-"Click on \".ucfirst($pkg['name']).\" version to check its change log."
-msgstr ""
-
-#: src/www/pkg_mgr.php:245
-msgid "Click on package name to access its website."
-msgstr ""
-
-#: src/www/pkg_mgr.php:270
-msgid ""
-"Click package info for more details about \".ucfirst($index['name']).\" package."
-msgstr ""
-
-#: src/www/pkg_mgr_installed.php:205
-msgid "Click package info for more details about \".ucfirst($pkg['name']).\" package."
-msgstr ""
-
 #: src/www/firewall_rules.php:806
 msgid "Click the"
 msgstr ""
@@ -4814,10 +4572,6 @@ msgstr ""
 msgid "Config"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:71
-msgid "Config.xml unlocked."
-msgstr ""
-
 #: src/www/diag_confbak.php:256
 msgid "Configuration Change"
 msgstr ""
@@ -4843,10 +4597,6 @@ msgstr ""
 msgid "Configuration"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1121
-msgid "Configuration... "
-msgstr ""
-
 #: src/etc/rc.initial.setlanip:249
 msgid "Configure %s address %s interface via %s?"
 msgstr ""
@@ -4914,10 +4664,6 @@ msgstr ""
 msgid "Configuring loopback interface..."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:738
-msgid "Configuring package components...\n"
-msgstr ""
-
 #: src/www/diag_confbak.php:177
 #: src/www/diag_gmirror.php:187
 msgid "Confirm Action"
@@ -4947,14 +4693,6 @@ msgstr ""
 msgid "Connected Since"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:464
-msgid "Connected to SMTP server \"%s\"."
-msgstr ""
-
-#: src/etc/inc/smtp.inc:240
-msgid "Connecting to host address \"%1$s\" port %2$s..."
-msgstr ""
-
 #: src/www/system_firmware_check.php:78
 #: src/www/widgets/widgets/system_information.widget.php:57
 msgid "Connection Error"
@@ -4972,18 +4710,6 @@ msgstr ""
 msgid "Connection failed (Refused/Timeout)"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:957
-msgid ""
-"'Connection to RPC server"
-"                              %1$s:%2$s failed. %3$s"
-msgstr ""
-
-#: src/etc/inc/xmlrpc_client.inc:951
-msgid ""
-"Connection to proxy server"
-"                              %1$s:%2$s failed. %3$s"
-msgstr ""
-
 #: src/www/wizards/traffic_shaper_wizard_dedicated.inc:1465
 #: src/www/wizards/traffic_shaper_wizard_multi_all.inc:1535
 msgid "Connections From Upstream SIP Server"
@@ -5106,18 +4832,10 @@ msgstr ""
 msgid "Could not create new queue/discipline!"
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:208
-msgid "Could not find %s."
-msgstr ""
-
 #: src/etc/inc/filter.inc:2343
 msgid "Could not find IPv4 gateway for interface (%s)."
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:224
-msgid "Could not find a usable configuration file! Exiting...."
-msgstr ""
-
 #: src/www/system_usermanager_settings_test.php:47
 msgid "Could not find settings for %s%s"
 msgstr ""
@@ -5134,10 +4852,6 @@ msgstr ""
 msgid "Could not locate any defined CARP interfaces."
 msgstr ""
 
-#: src/www/system_firmware_restorefullbackup.php:165
-msgid "Could not locate any previous backups."
-msgstr ""
-
 #: src/etc/rc.openvpn:91
 msgid "Could not obtain openvpn lock for executing rc.openvpn for more than 10 seconds continuing..."
 msgstr ""
@@ -5164,31 +4878,15 @@ msgstr ""
 msgid "Could not process aliases from alias: {$alias_url}"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:352
-msgid "Could not process the SASL authentication step:"
-msgstr ""
-
 #: src/etc/inc/config.lib.inc:508
 msgid "Could not restore config.xml."
 msgstr ""
 
-#: src/etc/inc/smtp.inc:302
-msgid "Could not send the AUTH command"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:332
-msgid "Could not send the authentication step message"
-msgstr ""
-
 #: src/etc/inc/notices.inc:326
 #: src/etc/inc/notices.inc:327
 msgid "Could not send the message to %1$s -- Error: %2$s"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:295
-msgid "Could not start the SASL authentication client:"
-msgstr ""
-
 #: src/etc/inc/services.inc:1347
 msgid "Could not write Igmpproxy configuration file!"
 msgstr ""
@@ -5344,10 +5042,6 @@ msgstr ""
 msgid "Creating reflection rule for %s..."
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:219
-msgid "Creating restore point before package installation."
-msgstr ""
-
 #: src/etc/inc/rrd.inc:896
 msgid "Creating rrd update script"
 msgstr ""
@@ -5413,13 +5107,9 @@ msgstr ""
 msgid "Custom Bandwidths are greater than 30%. Please lower them for the wizard to continue."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:778
-msgid "Custom commands..."
-msgstr ""
-
 #: src/www/interfaces.php:2676
 #: src/www/interfaces_ppps_edit.php:616
-#: src/www/status_rrd_graph_tabs.php:38
+#: src/www/status_rrd_graph_tabs.inc:38
 msgid "Custom"
 msgstr ""
 
@@ -5427,10 +5117,6 @@ msgstr ""
 msgid "Czech"
 msgstr ""
 
-#: src/etc/inc/config.console.inc:47
-msgid "DANGER!  WARNING!  ACHTUNG!"
-msgstr ""
-
 #: src/www/vpn_openvpn_server.php:1021
 msgid "DH Parameters Length"
 msgstr ""
@@ -5501,7 +5187,6 @@ msgid "DHCP service events"
 msgstr ""
 
 #: src/www/diag_logs_dhcp.php:44
-#: src/www/diag_logs_tabs.php:31
 #: src/www/interfaces.php:1340
 #: src/www/services_dhcp_edit.php:314
 msgid "DHCP"
@@ -5618,7 +5303,7 @@ msgstr ""
 msgid "DNS Resolver"
 msgstr ""
 
-#: src/www/system.php:322
+#: src/www/system_general.php:322
 msgid "DNS Server"
 msgstr ""
 
@@ -5642,7 +5327,7 @@ msgstr ""
 #: src/www/services_dhcp_edit.php:438
 #: src/www/services_dhcpv6.php:618
 #: src/www/services_router_advertisements.php:356
-#: src/www/system.php:316
+#: src/www/system_general.php:316
 #: src/www/vpn_pppoe_edit.php:466
 msgid "DNS servers"
 msgstr ""
@@ -5668,12 +5353,6 @@ msgstr ""
 msgid "DNSSEC"
 msgstr ""
 
-#: src/www/system_firmware.php:274
-msgid ""
-"DO NOT abort the firmware upgrade once it "
-"has started. The firewall will reboot automatically after "
-msgstr ""
-
 #: src/www/services_dhcpv6_edit.php:100
 #: src/www/services_dhcpv6_edit.php:201
 msgid "DUID Identifier"
@@ -5702,7 +5381,6 @@ msgid "Data"
 msgstr ""
 
 #: src/www/diag_confbak.php:253
-#: src/www/system_firmware_restorefullbackup.php:128
 msgid "Date"
 msgstr ""
 
@@ -5729,7 +5407,6 @@ msgid "Debug info range"
 msgstr ""
 
 #: src/www/javascript/datepicker/js/datepicker.js:74
-#: src/www/javascript/jquery/jquery-ui-1.11.1.min.js:6
 msgid "December"
 msgstr ""
 
@@ -5832,10 +5509,6 @@ msgstr ""
 msgid "Defines the time in minutes that a user is allowed access. The clock starts ticking the first time a voucher is used for authentication"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1069
-msgid "Deinstall commands... "
-msgstr ""
-
 #: src/www/vpn_ipsec_phase1.php:904
 msgid "Delay between requesting peer acknowledgement"
 msgstr ""
@@ -5881,7 +5554,6 @@ msgstr ""
 #: src/www/diag_tables.php:170
 #: src/www/firewall_shaper_layer7.php:571
 #: src/www/services_dhcpv6.php:797
-#: src/www/system_firmware_restorefullbackup.php:154
 msgid "Delete"
 msgstr ""
 
@@ -5971,10 +5643,6 @@ msgstr ""
 #: src/www/load_balancer_relay_protocol_edit.php:69
 #: src/www/load_balancer_relay_protocol_edit.php:220
 #: src/www/load_balancer_virtual_server_edit.php:173
-#: src/www/pkg_mgr.php:204
-#: src/www/pkg_mgr_installed.php:120
-#: src/www/services_captiveportal_hostname.php:107
-#: src/www/services_captiveportal_hostname_edit.php:189
 #: src/www/services_captiveportal_ip.php:107
 #: src/www/services_captiveportal_ip_edit.php:205
 #: src/www/services_captiveportal_mac.php:174
@@ -6172,10 +5840,6 @@ msgstr ""
 msgid "Destination server"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:199
-msgid "Destination slice:"
-msgstr ""
-
 #: src/www/firewall_rules.php:120
 #: src/www/firewall_rules_edit.php:988
 msgid "Destination unreachable"
@@ -6246,7 +5910,6 @@ msgstr ""
 #: src/www/diag_dump_states.php:59
 #: src/www/diag_dump_states_sources.php:53
 #: src/www/diag_gmirror.php:33
-#: src/www/diag_nanobsd.php:36
 #: src/www/diag_ndp.php:91
 #: src/www/diag_packet_capture.php:75
 #: src/www/diag_patterns.php:52
@@ -6260,10 +5923,7 @@ msgstr ""
 #: src/www/diag_testport.php:32
 #: src/www/diag_traceroute.php:32
 #: src/www/fbegin.inc:446
-#: src/www/halt.php:35
 #: src/www/reboot.php:34
-#: src/www/system_firmware_auto.php:47
-#: src/www/system_firmware_restorefullbackup.php:89
 msgid "Diagnostics"
 msgstr ""
 
@@ -6304,10 +5964,6 @@ msgstr ""
 msgid "Dial on demand"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:156
-msgid "Didn't receive 200 OK from remote server."
-msgstr ""
-
 #: src/www/diag_confbak.php:252
 #: src/www/diag_confbak.php:309
 msgid "Diff"
@@ -6327,7 +5983,6 @@ msgstr ""
 #: src/www/firewall_rules_edit.php:932
 #: src/www/load_balancer_relay_action_edit.php:107
 #: src/www/load_balancer_relay_action_edit.php:444
-#: src/www/services_captiveportal_hostname_edit.php:166
 msgid "Direction"
 msgstr ""
 
@@ -6406,10 +6061,6 @@ msgstr ""
 msgid "Disable concurrent logins"
 msgstr ""
 
-#: src/www/system_firmware.php:239
-msgid "Disable firmware upload"
-msgstr ""
-
 #: src/www/system_advanced_network.php:245
 msgid "Disable hardware TCP segmentation offload"
 msgstr ""
@@ -6523,7 +6174,6 @@ msgstr ""
 #: src/www/system_advanced_firewall.php:461
 #: src/www/system_advanced_misc.php:522
 #: src/www/system_advanced_misc.php:538
-#: src/www/system_firmware.php:112
 #: src/www/vpn_ipsec_phase1.php:883
 msgid "Disable"
 msgstr ""
@@ -6574,10 +6224,6 @@ msgstr ""
 msgid "Disconnect"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:284
-msgid "Disk is dirty.  Running fsck -y"
-msgstr ""
-
 #: src/www/diag_logs_settings.php:288
 msgid "Disk space currently used by log files: "
 msgstr ""
@@ -6709,7 +6355,7 @@ msgstr ""
 msgid "Do not strip away parts of the username after the @ symbol, e.g. user@host becomes user when unchecked."
 msgstr ""
 
-#: src/www/system.php:309
+#: src/www/system_general.php:309
 msgid "Do not use 'local' as a domain name. It will cause local hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve local hosts not running mDNS."
 msgstr ""
 
@@ -6717,7 +6363,7 @@ msgstr ""
 msgid "Do not use state mechanisms to keep track.  This is only useful if you're doing advanced queueing in certain situations.  Please check the documentation."
 msgstr ""
 
-#: src/www/system.php:398
+#: src/www/system_general.php:398
 msgid "Do not use the DNS Forwarder as a DNS server for the firewall"
 msgstr ""
 
@@ -6807,7 +6453,6 @@ msgstr ""
 msgid "Do you really want to delete this access list?"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname.php:134
 #: src/www/services_captiveportal_ip.php:138
 msgid "Do you really want to delete this address?"
 msgstr ""
@@ -6816,10 +6461,6 @@ msgstr ""
 msgid "Do you really want to delete this alias? All elements that still use it will become invalid (e.g. filter rules)!"
 msgstr ""
 
-#: src/www/system_firmware_restorefullbackup.php:153
-msgid "Do you really want to delete this backup?"
-msgstr ""
-
 #: src/www/interfaces_bridge.php:155
 msgid "Do you really want to delete this bridge?"
 msgstr ""
@@ -6888,10 +6529,6 @@ msgstr ""
 msgid "Do you really want to delete this interface?"
 msgstr ""
 
-#: src/www/pkg.php:456
-msgid "Do you really want to delete this item?"
-msgstr ""
-
 #: src/www/firewall_nat_npt.php:155
 #: src/www/services_dhcp.php:1249
 #: src/www/services_dhcpv6.php:881
@@ -6963,18 +6600,10 @@ msgid ""
 "data."
 msgstr ""
 
-#: src/www/pkg.php:187
-msgid "Do you really want to save changes?"
-msgstr ""
-
 #: src/etc/rc.initial.setlanip:106
 msgid "Do you want to enable the %s server on %s?"
 msgstr ""
 
-#: src/www/system_firmware.php:205
-msgid "Do you want to install this image anyway (on your own risk)?"
-msgstr ""
-
 #: src/etc/rc.initial.setlanip:416
 msgid "Do you want to revert to HTTP as the webConfigurator protocol?"
 msgstr ""
@@ -7029,8 +6658,8 @@ msgstr ""
 #: src/www/services_unbound_host_edit.php:72
 #: src/www/services_unbound_host_edit.php:209
 #: src/www/services_unbound_host_edit.php:245
-#: src/www/system.php:91
-#: src/www/system.php:305
+#: src/www/system_general.php:91
+#: src/www/system_general.php:305
 msgid "Domain"
 msgstr ""
 
@@ -7075,10 +6704,6 @@ msgid ""
 msgstr ""
 
 #: src/etc/inc/filter.inc:390
-#: src/www/restart_httpd.php:41
-#: src/www/restart_httpd.php:44
-#: src/www/restart_httpd.php:47
-#: src/www/restart_httpd.php:50
 msgid "Done"
 msgstr ""
 
@@ -7112,7 +6737,6 @@ msgstr ""
 msgid "Download current page"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:98
 #: src/www/services_captiveportal_ip_edit.php:101
 #: src/www/services_captiveportal_mac_edit.php:112
 msgid "Download speed needs to be an integer"
@@ -7125,38 +6749,9 @@ msgstr ""
 #: src/www/diag_backup.php:239
 #: src/www/diag_tables.php:158
 #: src/www/diag_tables.php:167
-#: src/www/system_firmware_restorefullbackup.php:157
 msgid "Download"
 msgstr ""
 
-#: src/www/system_firmware_auto.php:200
-msgid "Downloaded SHA256"
-msgstr ""
-
-#: src/www/system_firmware_auto.php:199
-msgid "Downloading complete but sha256 does not match."
-msgstr ""
-
-#: src/www/system_firmware_auto.php:126
-msgid "Downloading current version information"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1434
-msgid "Downloading package configuration file... "
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1436
-msgid "Downloading package configuration file..."
-msgstr ""
-
-#: src/www/system_firmware_auto.php:155
-msgid "Downloading updates"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:707
-msgid "Downloading"
-msgstr ""
-
 #: src/www/services_igmpproxy_edit.php:189
 msgid "Downstream Interface"
 msgstr ""
@@ -7201,22 +6796,6 @@ msgstr ""
 msgid "Duplicate Connections"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:193
-msgid "Duplicate bootup slice to alternate"
-msgstr ""
-
-#: src/www/diag_nanobsd.php:196
-msgid "Duplicate bootup slice"
-msgstr ""
-
-#: src/www/diag_nanobsd.php:207
-msgid "Duplicate slice"
-msgstr ""
-
-#: src/www/diag_nanobsd.php:72
-msgid "Duplicating slice.  Please wait, this will take a moment..."
-msgstr ""
-
 #: src/etc/inc/pfsense-utils.inc:2554
 msgid "Dutch"
 msgstr ""
@@ -7299,10 +6878,6 @@ msgstr ""
 msgid "ERROR!  Could not connect to server %s."
 msgstr ""
 
-#: src/etc/inc/config.inc:65
-msgid "ERROR!  Could not convert m0n0wall -> pfsense in config.xml"
-msgstr ""
-
 #: src/etc/inc/auth.inc:808
 msgid "ERROR!  ldap_get_user_ous() backed selected with no LDAP authentication server defined."
 msgstr ""
@@ -7319,14 +6894,6 @@ msgstr ""
 msgid "ERROR! Either LDAP search failed, or multiple users were found."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1440
-msgid "ERROR! Unable to fetch package configuration file. Aborting installation."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1442
-msgid "ERROR! Unable to fetch package configuration file. Aborting package installation."
-msgstr ""
-
 #: src/etc/inc/auth.inc:1056
 msgid "ERROR! ldap_backed() called with no LDAP authentication server defined.  Defaulting to local user database. Visit System -> User Manager."
 msgstr ""
@@ -7364,10 +6931,6 @@ msgstr ""
 msgid "ERROR: Could not parse /usr/local/www/wizards/%s file."
 msgstr ""
 
-#: src/www/pkg.php:55
-msgid "ERROR: No package defined."
-msgstr ""
-
 #: src/www/pkg_edit.php:60
 msgid "ERROR: No valid package defined."
 msgstr ""
@@ -7543,10 +7106,6 @@ msgstr ""
 msgid "Edit alias"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:46
-msgid "Edit allowed Hostname"
-msgstr ""
-
 #: src/www/services_captiveportal_ip_edit.php:47
 msgid "Edit allowed IP address"
 msgstr ""
@@ -7874,11 +7433,6 @@ msgstr ""
 msgid "Enable falling edge PPS signal processing (default: rising edge)."
 msgstr ""
 
-#: src/www/system_firmware.php:234
-#: src/www/system_firmware.php:236
-msgid "Enable firmware upload"
-msgstr ""
-
 #: src/www/services_ntpd_pps.php:188
 msgid "Enable kernel PPS clock discipline (default: disabled)."
 msgstr ""
@@ -7971,7 +7525,6 @@ msgstr ""
 #: src/www/services_snmp.php:370
 #: src/www/services_snmp.php:372
 #: src/www/services_unbound.php:215
-#: src/www/system_firmware.php:110
 #: src/www/vpn_ipsec_phase1.php:884
 msgid "Enable"
 msgstr ""
@@ -8096,7 +7649,7 @@ msgstr ""
 msgid "Enter 0 to never expire sessions. NOTE: This is a security risk!"
 msgstr ""
 
-#: src/www/system.php:374
+#: src/www/system_general.php:374
 msgid ""
 "Enter IP addresses to be used by the system for DNS resolution. "
 "These are also used for the DHCP service, DNS forwarder and for PPTP VPN "
@@ -8166,10 +7719,6 @@ msgstr ""
 msgid "Enter a description (name) for the interface here."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:204
-msgid "Enter a download limit to be enforced on this Hostname in Kbit/s"
-msgstr ""
-
 #: src/www/services_captiveportal_ip_edit.php:223
 msgid "Enter a download limit to be enforced on this IP address in Kbit/s"
 msgstr ""
@@ -8198,10 +7747,6 @@ msgstr ""
 msgid "Enter a single URL containing a list of Port numbers and/or Port ranges. After saving %s will download the URL."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:198
-msgid "Enter a upload limit to be enforced on this Hostname in Kbit/s"
-msgstr ""
-
 #: src/www/services_captiveportal_ip_edit.php:216
 msgid "Enter a upload limit to be enforced on this IP address in Kbit/s"
 msgstr ""
@@ -8748,18 +8293,6 @@ msgstr ""
 msgid "Example:"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:782
-msgid "Executing custom_php_global_functions()..."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:789
-msgid "Executing custom_php_install_command()..."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:818
-msgid "Executing custom_php_resync_config_command()..."
-msgstr ""
-
 #: src/www/system_camanager.php:404
 msgid "Existing Certificate Authority"
 msgstr ""
@@ -8853,14 +8386,6 @@ msgstr ""
 msgid "External subnet"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1507
-msgid "Extracting tarball to -C for "
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:272
-msgid "FAILED!"
-msgstr ""
-
 #: src/www/diag_smart.php:69
 msgid "FAILED"
 msgstr ""
@@ -8893,14 +8418,6 @@ msgstr ""
 msgid "Failed to delete Certificate %s from CRL %s"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:651
-msgid "Failed to install package."
-msgstr ""
-
-#: src/www/system_firmware.php:78
-msgid "Failed to write file to disk"
-msgstr ""
-
 #: src/www/status_dhcp_leases.php:295
 #: src/www/status_dhcpv6_leases.php:382
 msgid "Failover Group"
@@ -8926,29 +8443,16 @@ msgstr ""
 
 #: src/www/services_captiveportal.php:506
 #: src/www/services_captiveportal_filemanager.php:152
-#: src/www/services_captiveportal_hostname.php:91
 #: src/www/services_captiveportal_ip.php:92
 #: src/www/services_captiveportal_mac.php:158
 #: src/www/services_captiveportal_vouchers.php:449
 msgid "File Manager"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:295
-msgid "File system is dirty.  Launching FSCK for /"
-msgstr ""
-
 #: src/www/diag_patterns.php:79
 msgid "File to upload:"
 msgstr ""
 
-#: src/www/system_firmware.php:80
-msgid "File upload stopped by extension"
-msgstr ""
-
-#: src/www/system_firmware_restorefullbackup.php:127
-msgid "Filename"
-msgstr ""
-
 #: src/www/status_filter_reload.php:33
 msgid "Filter Reload Status"
 msgstr ""
@@ -8995,18 +8499,6 @@ msgstr ""
 msgid "Final certificate data"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1235
-msgid "Finished installing package"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1238
-msgid "Finished reinstalling all packages."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1232
-msgid "Finished uninstalling package"
-msgstr ""
-
 #: src/etc/inc/pfsense-utils.inc:2557
 msgid "Finnish"
 msgstr ""
@@ -9019,7 +8511,7 @@ msgstr ""
 msgid "Firewall (Dynamic View)"
 msgstr ""
 
-#: src/www/system_advanced_tabs.php:10
+#: src/www/system_advanced_tabs.inc:10
 msgid "Firewall / NAT"
 msgstr ""
 
@@ -9064,7 +8556,6 @@ msgid "Firewall state table"
 msgstr ""
 
 #: src/www/diag_logs_filter.php:107
-#: src/www/diag_logs_tabs.php:30
 #: src/www/fbegin.inc:410
 #: src/www/firewall_aliases.php:142
 #: src/www/firewall_aliases_edit.php:38
@@ -9111,18 +8602,7 @@ msgstr ""
 msgid "Firmware Branch"
 msgstr ""
 
-#: src/www/system_firmware.php:251
-msgid "Firmware image file ($type):"
-msgstr ""
-
-#: src/www/system_firmware.php:159
-msgid "Firmware image missing or other error, please try again %s."
-msgstr ""
-
 #: src/www/fbegin.inc:159
-#: src/www/system_firmware.php:88
-#: src/www/system_firmware.php:166
-#: src/www/system_firmware_auto.php:47
 #: src/www/system_firmware_check.php:98
 #: src/www/system_firmware_settings.php:64
 msgid "Firmware"
@@ -9227,10 +8707,6 @@ msgstr ""
 msgid "Forcefully reloading IPsec"
 msgstr ""
 
-#: src/www/restart_httpd.php:42
-msgid "Forcing all PHP file permissions to 0755"
-msgstr ""
-
 #: src/www/diag_gmirror.php:235
 msgid "Forget Disconnected Disks"
 msgstr ""
@@ -9277,8 +8753,6 @@ msgstr ""
 msgid "From e-mail address"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:170
-#: src/www/services_captiveportal_hostname_edit.php:178
 #: src/www/system_gateways_edit.php:772
 #: src/www/system_gateways_edit.php:784
 msgid "From"
@@ -9538,7 +9012,7 @@ msgid "General Settings"
 msgstr ""
 
 #: src/www/fbegin.inc:160
-#: src/www/system.php:264
+#: src/www/system_general.php:264
 msgid "General Setup"
 msgstr ""
 
@@ -9720,10 +9194,6 @@ msgstr ""
 msgid "HTTP Code"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:1470
-msgid "HTTP error, got response: %s"
-msgstr ""
-
 #: src/www/load_balancer_monitor_edit.php:186
 #: src/www/load_balancer_monitor_edit.php:270
 #: src/www/load_balancer_relay_action_edit.php:174
@@ -9754,10 +9224,6 @@ msgstr ""
 msgid "Halt System"
 msgstr ""
 
-#: src/www/halt.php:35
-msgid "Halt system"
-msgstr ""
-
 #: src/etc/inc/upgrade_config.inc:603
 msgid "Handling of non-IP packets which are not passed to pfil (see if_bridge(4))"
 msgstr ""
@@ -10157,9 +9623,6 @@ msgstr ""
 #: src/www/diag_arp.php:327
 #: src/www/diag_ndp.php:144
 #: src/www/interfaces.php:1949
-#: src/www/services_captiveportal_hostname.php:106
-#: src/www/services_captiveportal_hostname_edit.php:182
-#: src/www/services_captiveportal_hostname_edit.php:186
 #: src/www/services_dhcp.php:1213
 #: src/www/services_dhcp_edit.php:397
 #: src/www/services_dhcpv6.php:850
@@ -10170,8 +9633,8 @@ msgstr ""
 #: src/www/services_rfc2136_edit.php:70
 #: src/www/services_rfc2136_edit.php:163
 #: src/www/status_dhcp_leases.php:332
-#: src/www/system.php:91
-#: src/www/system.php:294
+#: src/www/system_general.php:91
+#: src/www/system_general.php:294
 #: src/www/widgets/widgets/dyn_dns_status.widget.php:76
 msgid "Hostname"
 msgstr ""
@@ -10429,7 +9892,6 @@ msgstr ""
 #: src/www/diag_ipsec_leases.php:32
 #: src/www/diag_ipsec_sad.php:33
 #: src/www/diag_ipsec_spd.php:33
-#: src/www/diag_logs_tabs.php:33
 #: src/www/fbegin.inc:221
 #: src/www/fbegin.inc:237
 #: src/www/vpn_ipsec.php:205
@@ -10835,7 +10297,7 @@ msgid ""
 ""
 msgstr ""
 
-#: src/www/system.php:389
+#: src/www/system_general.php:389
 msgid ""
 "If this option is set, %s will "
 "use DNS servers assigned by a DHCP/PPP server on WAN "
@@ -11067,10 +10529,6 @@ msgid ""
 "enter it here twice."
 msgstr ""
 
-#: src/www/diag_nanobsd.php:81
-msgid "If you would like to boot from this newly duplicated slice please set it using the bootup information area."
-msgstr ""
-
 #: src/www/diag_logs_filter.php:301
 #: src/www/diag_logs_filter_dynamic.php:111
 #: src/www/firewall_nat.php:225
@@ -11086,10 +10544,6 @@ msgstr ""
 msgid "Ignoring IPsec reload since there are no tunnels on interface %s"
 msgstr ""
 
-#: src/www/system_firmware.php:136
-msgid "Image upload failed (out of memory?)"
-msgstr ""
-
 #: src/www/status_rrd_graph_img.php:38
 msgid "Image viewer"
 msgstr ""
@@ -11127,7 +10581,7 @@ msgstr ""
 msgid "In Use"
 msgstr ""
 
-#: src/www/system.php:379
+#: src/www/system_general.php:379
 msgid ""
 "In addition, optionally select the gateway for each DNS server. "
 "When using multiple WAN connections there should be at least one unique DNS server per gateway."
@@ -11190,14 +10644,6 @@ msgstr ""
 msgid "Incorrect ip address  specified for username %s"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:154
-msgid "Incorrect parameters passed to method"
-msgstr ""
-
-#: src/etc/inc/priv/user.priv.inc:7
-msgid "Indicates whether the user is able to login on the captive portal."
-msgstr ""
-
 #: src/etc/inc/upgrade_config.inc:532
 msgid "Indicates whether this user is able to login for example via SSH."
 msgstr ""
@@ -11292,73 +10738,18 @@ msgid "Insert my local MAC address"
 msgstr ""
 
 #: TODO: does this even work?
-#: src/www/pkg_mgr.php:282
 msgid "Install \".ucfirst($index['name']).\" package."
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:44
-msgid "Install Package"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:874
-msgid "Installation aborted."
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:282
-msgid "Installation completed.   Please check to make sure that the package is configured from the respective menu then start the package."
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:280
-msgid "Installation completed."
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:273
-msgid "Installation halted."
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:272
-msgid "Installation of"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:634
-msgid "Installed %s package."
-msgstr ""
 
 #: src/etc/inc/filter.inc:3274
 msgid "Installed 15 minute filter reload for Time Based Rules"
 msgstr ""
 
-#: src/www/pkg_mgr.php:131
-#: src/www/pkg_mgr_installed.php:108
-#: src/www/pkg_mgr_settings.php:90
-msgid "Installed Packages"
-msgstr ""
-
 #: src/etc/inc/services.inc:2342
 msgid "Installed cron job for %s"
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:99
-msgid "Installed packages"
-msgstr ""
-
-#: src/www/pkg_mgr_installed.php:151
-#: src/www/pkg_mgr_installed.php:160
-msgid "Installed"
-msgstr ""
-
-#: src/etc/inc/config.lib.inc:612
-msgid "Installing configuration ...."
-msgstr ""
-
-#: src/etc/inc/config.lib.inc:610
-msgid "Installing configuration..."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:706
-msgid "Installing"
-msgstr ""
-
 #: src/www/diag_dump_states.php:162
 msgid "Int"
 msgstr ""
@@ -11371,10 +10762,6 @@ msgstr ""
 msgid "Int."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:843
-msgid "Integrated Tab items... "
-msgstr ""
-
 #: src/www/system_advanced_misc.php:69
 msgid "Intel Core* CPU on-die thermal sensor"
 msgstr ""
@@ -11770,10 +11157,6 @@ msgstr ""
 msgid "Invalid monitor chosen."
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:74
-msgid "Invalid password entered.  Please try again."
-msgstr ""
-
 #: src/etc/inc/easyrule.inc:347
 msgid "Invalid protocol for pass rule:"
 msgstr ""
@@ -11782,14 +11165,6 @@ msgstr ""
 msgid "Invalid protocol."
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:158
-msgid "Invalid request payload"
-msgstr ""
-
-#: src/etc/inc/xmlrpc_client.inc:153
-msgid "Invalid return payload: enable debugging to examine incoming payload"
-msgstr ""
-
 #: src/www/status_rrd_graph.php:147
 msgid "Invalid start date/time:"
 msgstr ""
@@ -11822,10 +11197,6 @@ msgstr ""
 msgid "Invert Acct-Input-Octets and Acct-Output-Octets"
 msgstr ""
 
-#: src/www/system_firmware.php:224
-msgid "Invoke"
-msgstr ""
-
 #: src/etc/rc.restore_config_backup:67
 msgid "Is this the backup you wish to restore?"
 msgstr ""
@@ -11913,10 +11284,6 @@ msgstr ""
 msgid "Kbps"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:184
-msgid "Keep media mounted read/write at all times."
-msgstr ""
-
 #: src/www/interfaces.php:3098
 msgid "Key 1:"
 msgstr ""
@@ -12107,7 +11474,7 @@ msgstr ""
 msgid "Lagg protocol"
 msgstr ""
 
-#: src/www/system.php:450
+#: src/www/system_general.php:450
 msgid "Language"
 msgstr ""
 
@@ -12168,10 +11535,6 @@ msgstr ""
 msgid "Last config change"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:221
-msgid "Last known config found and restored.  Please double check your configuration file for accuracy."
-msgstr ""
-
 #: src/www/system_gateways_edit.php:770
 msgid "Latency thresholds"
 msgstr ""
@@ -12206,7 +11569,6 @@ msgid "Lease Type"
 msgstr ""
 
 #: src/www/diag_ipsec_leases.php:32
-#: src/www/diag_ipsec_tabs.php:29
 msgid "Leases"
 msgstr ""
 
@@ -12365,10 +11727,6 @@ msgstr ""
 msgid "List of mirrors changed. Old: (%s) New: (%s)"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1223
-msgid "List of packages to reinstall: "
-msgstr ""
-
 #: src/www/services_dnsmasq.php:265
 #: src/www/services_unbound.php:223
 msgid "Listen Port"
@@ -12379,7 +11737,6 @@ msgid "Load Balance"
 msgstr ""
 
 #: src/www/diag_logs_relayd.php:41
-#: src/www/diag_logs_tabs.php:36
 #: src/www/fbegin.inc:206
 #: src/www/fbegin.inc:238
 #: src/www/load_balancer_monitor.php:77
@@ -12432,20 +11789,6 @@ msgstr ""
 msgid "Loading filter rules"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:733
-#: src/etc/inc/pkg-utils.inc:1474
-msgid "Loading package configuration... "
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:874
-msgid "Loading package configuration... failed!"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:763
-#: src/etc/inc/pkg-utils.inc:1035
-msgid "Loading package instructions..."
-msgstr ""
-
 #: src/www/index.php:618
 msgid "Loading selected widget"
 msgstr ""
@@ -12569,10 +11912,6 @@ msgstr ""
 msgid "Log type"
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:200
-msgid "Log was not retrievable."
-msgstr ""
-
 #: src/www/firewall_rules_edit.php:1219
 msgid "Log"
 msgstr ""
@@ -12598,10 +11937,6 @@ msgstr ""
 msgid "Logs are held in constant-size circular log files. This field controls how large each log file is, and thus how many entries may exist inside the log. By default this is approximately 500KB per log file, and there are nearly 20 such log files."
 msgstr ""
 
-#: src/www/diag_ipsec_tabs.php:32
-msgid "Logs"
-msgstr ""
-
 #: src/www/diag_smart.php:351
 #: src/www/diag_system_pftop.php:128
 msgid "Long"
@@ -12651,7 +11986,6 @@ msgstr ""
 
 #: src/www/services_captiveportal.php:501
 #: src/www/services_captiveportal_filemanager.php:147
-#: src/www/services_captiveportal_hostname.php:87
 #: src/www/services_captiveportal_ip.php:87
 #: src/www/services_captiveportal_mac.php:153
 #: src/www/services_captiveportal_vouchers.php:444
@@ -12759,15 +12093,10 @@ msgstr ""
 msgid "Manual Outbound NAT rule generation"
 msgstr ""
 
-#: src/www/system_firmware.php:88
-#: src/www/system_firmware_tabs.php:32
+#: src/www/system_firmware_tabs.inc:32
 msgid "Manual Update"
 msgstr ""
 
-#: src/www/system_firmware.php:224
-msgid "Manual Upgrade"
-msgstr ""
-
 #: src/www/firewall_nat_out.php:300
 msgid "Mappings:"
 msgstr ""
@@ -12936,10 +12265,6 @@ msgstr ""
 msgid "Mbps"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:154
-msgid "Media Read/Write Status"
-msgstr ""
-
 #: src/www/status_interfaces.php:322
 msgid "Media"
 msgstr ""
@@ -12986,11 +12311,6 @@ msgstr ""
 msgid "Memory usage"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:827
-#: src/etc/inc/pkg-utils.inc:982
-msgid "Menu items... "
-msgstr ""
-
 #: src/www/xmlrpc.php:219
 #: src/www/xmlrpc.php:306
 #: src/www/xmlrpc.php:337
@@ -13074,14 +12394,10 @@ msgstr ""
 msgid "Mirror"
 msgstr ""
 
-#: src/www/system_advanced_tabs.php:12
+#: src/www/system_advanced_tabs.inc:12
 msgid "Miscellaneous"
 msgstr ""
 
-#: src/www/system_firmware.php:76
-msgid "Missing a temporary folder"
-msgstr ""
-
 #: src/etc/inc/easyrule.inc:357
 msgid "Missing destination port:"
 msgstr ""
@@ -13107,7 +12423,7 @@ msgstr ""
 
 #: src/www/vpn_ipsec_phase1.php:526
 #: src/www/vpn_ipsec_phase2.php:488
-#: src/www/vpn_ipsec_tabs.php:4
+#: src/www/vpn_ipsec_tabs.inc:4
 msgid "Mobile clients"
 msgstr ""
 
@@ -13186,14 +12502,6 @@ msgstr ""
 msgid "More Information:"
 msgstr ""
 
-#: src/www/restart_httpd.php:45
-msgid "Mounting file systems read only"
-msgstr ""
-
-#: src/www/restart_httpd.php:39
-msgid "Mounting file systems read/write"
-msgstr ""
-
 #: src/www/interfaces_ppps_edit.php:206
 msgid "Multilink connections (MLPPP) using the PPP link type is not currently supported. Please select only one Link Interface."
 msgstr ""
@@ -13421,10 +12729,6 @@ msgstr ""
 msgid "NOTE: This schedule is in use so the name may not be modified!"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:177
-msgid "NOTE: This setting is only temporary, and can be switched dynamically in the background."
-msgstr ""
-
 #: src/www/vpn_l2tp.php:336
 #: src/www/vpn_pppoe_edit.php:448
 #: src/www/vpn_pptp.php:370
@@ -13454,13 +12758,12 @@ msgid "NOTE: leave blank to use the system default DNS servers - this interface'
 msgstr ""
 
 #: src/www/diag_gmirror.php:176
-#: src/www/diag_nanobsd.php:123
 #: src/www/interfaces.php:3435
 #: src/www/interfaces.php:3444
 #: src/www/interfaces_groups_edit.php:326
 #: src/www/load_balancer_virtual_server_edit.php:211
 #: src/www/load_balancer_virtual_server_edit.php:230
-#: src/www/system_advanced_tabs.php:3
+#: src/www/system_advanced_tabs.inc:3
 #: src/www/system_firmware_settings.php:158
 #: src/www/system_routes_edit.php:408
 msgid "NOTE:"
@@ -13522,12 +12825,11 @@ msgstr ""
 msgid "NTP should prefer this clock (default: enabled)."
 msgstr ""
 
-#: src/www/system.php:438
+#: src/www/system_general.php:438
 msgid "NTP time server"
 msgstr ""
 
 #: src/www/diag_logs_ntpd.php:41
-#: src/www/diag_logs_tabs.php:38
 #: src/www/fbegin.inc:207
 #: src/www/fbegin.inc:239
 #: src/www/services_ntpd.php:168
@@ -13539,7 +12841,7 @@ msgstr ""
 msgid "NTP"
 msgstr ""
 
-#: src/www/system.php:298
+#: src/www/system_general.php:298
 msgid "Name of the firewall host, without domain part"
 msgstr ""
 
@@ -13589,8 +12891,6 @@ msgstr ""
 #: src/www/load_balancer_virtual_server_edit.php:61
 #: src/www/load_balancer_virtual_server_edit.php:66
 #: src/www/load_balancer_virtual_server_edit.php:167
-#: src/www/pkg_mgr.php:198
-#: src/www/pkg_mgr_installed.php:117
 #: src/www/services_captiveportal_filemanager.php:189
 #: src/www/services_igmpproxy.php:96
 #: src/www/status_gateways.php:71
@@ -13615,11 +12915,6 @@ msgstr ""
 msgid "NanoBSD Boot Slice"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:134
-msgid "NanoBSD Image size"
-msgstr ""
-
-#: src/www/diag_nanobsd.php:36
 #: src/www/fbegin.inc:292
 msgid "NanoBSD"
 msgstr ""
@@ -13636,10 +12931,6 @@ msgstr ""
 msgid "Need private RSA key to print vouchers"
 msgstr ""
 
-#: src/www/system_firmware_auto.php:200
-msgid "Needed SHA256"
-msgstr ""
-
 #: src/www/firewall_nat_out_edit.php:177
 msgid "Negating destination address of \"any\" is invalid."
 msgstr ""
@@ -13711,7 +13002,7 @@ msgstr ""
 msgid "Network-specific wireless configuration"
 msgstr ""
 
-#: src/www/system_advanced_tabs.php:11
+#: src/www/system_advanced_tabs.inc:11
 msgid "Networking"
 msgstr ""
 
@@ -13804,21 +13095,6 @@ msgstr ""
 msgid "No callback function for getURL"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:99
-#: src/etc/inc/config.lib.inc:100
-#: src/etc/inc/config.lib.inc:211
-#: src/etc/inc/config.lib.inc:232
-#: src/etc/inc/config.lib.inc:233
-msgid "No config.xml found, attempting last known config restore."
-msgstr ""
-
-#: src/etc/inc/config.lib.inc:103
-#: src/etc/inc/config.lib.inc:128
-#: src/etc/inc/config.lib.inc:138
-#: src/etc/inc/config.lib.inc:236
-msgid "No config.xml found, attempting to restore factory config."
-msgstr ""
-
 #: src/www/diag_testport.php:94
 msgid "No data is transmitted to the remote host during this test, it will only attempt to open a connection and optionally display the data sent back from the server."
 msgstr ""
@@ -13840,10 +13116,6 @@ msgstr ""
 msgid "No entry exists yet!"
 msgstr ""
 
-#: src/www/system_firmware.php:74
-msgid "No file was uploaded"
-msgstr ""
-
 #: src/www/firewall_rules.php:801
 msgid "No floating rules are currently defined."
 msgstr ""
@@ -13896,15 +13168,6 @@ msgid ""
 "No output received, or connection failed. Try with \"Show Remote Text\" unchecked first."
 msgstr ""
 
-#: src/www/pkg_mgr.php:238
-#: src/www/pkg_mgr_installed.php:188
-msgid "No package info, check the forum"
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:266
-msgid "No packages are installed."
-msgstr ""
-
 #: src/etc/inc/authgui.inc:66
 msgid "No page assigned to this user! Click here to logout."
 msgstr ""
@@ -13957,10 +13220,7 @@ msgstr ""
 #: src/www/crash_reporter.php:63
 #: src/www/crash_reporter.php:118
 #: src/www/diag_defaults.php:74
-#: src/www/halt.php:60
-#: src/www/pkg.php:422
 #: src/www/reboot.php:58
-#: src/www/system_firmware.php:214
 msgid "No"
 msgstr ""
 
@@ -13981,10 +13241,6 @@ msgstr ""
 msgid "Non-Temporary Address Allocation"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:431
-msgid "Non-numeric value received in INT or DOUBLE"
-msgstr ""
-
 #: src/etc/inc/openvpn.inc:211
 msgid "None (No Authentication)"
 msgstr ""
@@ -14045,10 +13301,6 @@ msgstr ""
 msgid "Not Members"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:1600
-msgid "Not a scalar type (%s)"
-msgstr ""
-
 #: src/etc/inc/system.inc:439
 msgid "Not adding default route because OLSR dynamic gateway is enabled."
 msgstr ""
@@ -14301,7 +13553,6 @@ msgstr ""
 #: src/www/load_balancer_virtual_server_edit.php:289
 #: src/www/services_captiveportal.php:1071
 #: src/www/services_captiveportal_filemanager.php:219
-#: src/www/services_captiveportal_hostname.php:140
 #: src/www/services_captiveportal_ip.php:144
 #: src/www/services_captiveportal_mac.php:207
 #: src/www/services_captiveportal_vouchers.php:611
@@ -14344,7 +13595,7 @@ msgstr ""
 msgid "Notification Name"
 msgstr ""
 
-#: src/www/system_advanced_tabs.php:14
+#: src/www/system_advanced_tabs.inc:14
 msgid "Notifications"
 msgstr ""
 
@@ -14471,10 +13722,6 @@ msgstr ""
 msgid "On"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1204
-msgid "One moment please, reinstalling packages...\n"
-msgstr ""
-
 #: src/etc/inc/config.console.inc:405
 msgid "One moment while we reload the settings..."
 msgstr ""
@@ -14496,10 +13743,6 @@ msgstr ""
 msgid "Online"
 msgstr ""
 
-#: src/etc/inc/config.console.inc:49
-msgid "Only (%s) MB RAM has been detected, with (%s) available to %s.%s"
-msgstr ""
-
 #: src/www/interfaces_qinq_edit.php:314
 msgid "Only QinQ capable interfaces will be shown."
 msgstr ""
@@ -14584,7 +13827,6 @@ msgstr ""
 #: src/etc/inc/system.inc:1931
 #: src/www/diag_backup.php:176
 #: src/www/diag_logs_openvpn.php:30
-#: src/www/diag_logs_tabs.php:37
 #: src/www/diag_packet_capture.php:97
 #: src/www/fbegin.inc:222
 #: src/www/fbegin.inc:240
@@ -14640,10 +13882,6 @@ msgstr ""
 msgid "Orphan mode allows the system clock to be used when no other clocks are available. The number here specifies the stratum reported during orphan mode and should normally be set to a number high enough to insure that any other servers available to clients are preferred over this server. (default: 12)."
 msgstr ""
 
-#: src/www/pkg_mgr.php:179
-msgid "Other Categories"
-msgstr ""
-
 #: src/www/firewall_nat_out_edit.php:703
 msgid "Other Subnet (Enter Below)"
 msgstr ""
@@ -14653,7 +13891,6 @@ msgid "Other Subnet:"
 msgstr ""
 
 #: src/www/firewall_virtual_ip_edit.php:361
-#: src/www/pkg_mgr.php:179
 msgid "Other"
 msgstr ""
 
@@ -14691,14 +13928,6 @@ msgstr ""
 msgid "Output R and W characters to the console for each packet read and write, uppercase is used for TCP/UDP packets and lowercase is used for TUN/TAP packets"
 msgstr ""
 
-#: src/www/diag_ipsec_tabs.php:28
-msgid "Overview"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:638
-msgid "Overwrote previous installation of %s."
-msgstr ""
-
 #: src/www/vpn_ipsec.php:246
 msgid "P1 Description"
 msgstr ""
@@ -14755,24 +13984,11 @@ msgstr ""
 msgid "PFS key group"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:437
-msgid "POP3 authentication password was not accepted:"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:421
-msgid "POP3 authentication server greeting was not found"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:429
-msgid "POP3 authentication user was not accepted:"
-msgstr ""
-
 #: src/www/interfaces.php:2527
 msgid "PPP configuration"
 msgstr ""
 
 #: src/www/diag_logs_ppp.php:41
-#: src/www/diag_logs_tabs.php:34
 #: src/www/interfaces.php:1340
 #: src/www/interfaces_ppps_edit.php:377
 #: src/www/status_interfaces.php:161
@@ -14946,10 +14162,6 @@ msgstr ""
 msgid "PTP ports"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:613
-msgid "Package %s is not supported on this version."
-msgstr ""
-
 #: src/www/pkg_edit.php:249
 msgid "Package Editor"
 msgstr ""
@@ -14958,66 +14170,15 @@ msgstr ""
 msgid "Package Functions"
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:100
-msgid "Package Installer"
-msgstr ""
-
 #: src/www/fbegin.inc:242
 msgid "Package Logs"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1415
-msgid "Package Manager Settings"
-msgstr ""
-
 #: src/www/diag_backup.php:177
 #: src/www/fbegin.inc:332
-#: src/www/pkg_mgr.php:47
-#: src/www/pkg_mgr.php:88
-#: src/www/pkg_mgr_install.php:44
-#: src/www/pkg_mgr_installed.php:41
-#: src/www/pkg_mgr_installed.php:70
 msgid "Package Manager"
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:109
-#: src/www/pkg_mgr_settings.php:112
-msgid "Package Repository URL"
-msgstr ""
-
-#: src/www/pkg_mgr_settings.php:51
-#: src/www/pkg_mgr_settings.php:91
-msgid "Package Settings"
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:719
-msgid "Package WAS NOT installed properly."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1102
-msgid "Package XML... "
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:224
-#: src/www/pkg_mgr_install.php:225
-msgid "Package deleted."
-msgstr ""
-
-#: src/www/pkg_mgr.php:235
-#: src/www/pkg_mgr_installed.php:184
-msgid "Package info"
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:235
-#: src/www/pkg_mgr_install.php:236
-msgid "Package reinstallation failed."
-msgstr ""
-
-#: src/www/pkg_mgr_install.php:239
-#: src/www/pkg_mgr_install.php:240
-msgid "Package reinstalled."
-msgstr ""
-
 #: src/www/system_advanced_misc.php:580
 msgid "Package settings"
 msgstr ""
@@ -15030,7 +14191,6 @@ msgstr ""
 msgid "Packages are currently being reinstalled in the background.<p>Do not make changes in the GUI until this is complete."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:416
 #: src/www/fbegin.inc:163
 msgid "Packages"
 msgstr ""
@@ -15095,7 +14255,7 @@ msgid "Packets matching this rule will be mapped to the IP address given here."
 msgstr ""
 
 #: src/www/status_rrd_graph_settings.php:42
-#: src/www/status_rrd_graph_tabs.php:8
+#: src/www/status_rrd_graph_tabs.inc:8
 msgid "Packets"
 msgstr ""
 
@@ -15313,10 +14473,6 @@ msgstr ""
 msgid "Perform Self-tests"
 msgstr ""
 
-#: src/www/system_firmware.php:254
-msgid "Perform full backup prior to upgrade"
-msgstr ""
-
 #: src/www/status_rrd_graph.php:506
 msgid "Period:"
 msgstr ""
@@ -15325,10 +14481,6 @@ msgstr ""
 msgid "Periodic DHCP Leases Backup"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:215
-msgid "Periodic Data Backup"
-msgstr ""
-
 #: src/www/system_advanced_misc.php:518
 msgid "Periodic RRD Backup"
 msgstr ""
@@ -15534,10 +14686,6 @@ msgstr ""
 msgid "Plr must be a value between 0 and 1."
 msgstr ""
 
-#: src/etc/inc/filter.inc:387
-msgid "Plugins completed."
-msgstr ""
-
 #: src/www/firewall_rules_edit.php:1308
 msgid "Policy filtering"
 msgstr ""
@@ -15655,7 +14803,6 @@ msgid "Portal Auth events"
 msgstr ""
 
 #: src/www/diag_logs_auth.php:40
-#: src/www/diag_logs_tabs.php:32
 msgid "Portal Auth"
 msgstr ""
 
@@ -15719,7 +14866,7 @@ msgstr ""
 
 #: src/www/vpn_ipsec_phase1.php:527
 #: src/www/vpn_ipsec_phase2.php:489
-#: src/www/vpn_ipsec_tabs.php:5
+#: src/www/vpn_ipsec_tabs.inc:5
 msgid "Pre-Shared Keys"
 msgstr ""
 
@@ -15783,10 +14930,6 @@ msgstr ""
 msgid "Press <ENTER> to continue."
 msgstr ""
 
-#: src/etc/inc/config.console.inc:50
-msgid "Press ENTER to continue."
-msgstr ""
-
 #: src/www/vpn_openvpn_csc.php:501
 msgid "Prevent this client from receiving any server-defined client settings"
 msgstr ""
@@ -15853,10 +14996,6 @@ msgstr ""
 msgid "Processing down interface states"
 msgstr ""
 
-#: src/etc/inc/filter.inc:3582
-msgid "Processing early %1$s rules for package %2$s"
-msgstr ""
-
 #: src/www/crash_reporter.php:95
 msgid "Processing..."
 msgstr ""
@@ -16126,7 +15265,7 @@ msgid "Qlimit must be positive."
 msgstr ""
 
 #: src/www/status_rrd_graph_settings.php:43
-#: src/www/status_rrd_graph_tabs.php:10
+#: src/www/status_rrd_graph_tabs.inc:10
 msgid "Quality"
 msgstr ""
 
@@ -16204,14 +15343,14 @@ msgstr ""
 msgid "Queue"
 msgstr ""
 
-#: src/www/status_rrd_graph_tabs.php:15
+#: src/www/status_rrd_graph_tabs.inc:15
 msgid "QueueDrops"
 msgstr ""
 
 #: src/www/fbegin.inc:243
 #: src/www/status_queues.php:111
 #: src/www/status_rrd_graph_settings.php:44
-#: src/www/status_rrd_graph_tabs.php:13
+#: src/www/status_rrd_graph_tabs.inc:13
 msgid "Queues"
 msgstr ""
 
@@ -16375,10 +15514,6 @@ msgstr ""
 msgid "RRD dump failed exited with %1$s, the error is: %2$s"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:218
-msgid "RRD/DHCP Backup"
-msgstr ""
-
 #: src/www/status_interfaces.php:373
 msgid "RSSI"
 msgstr ""
@@ -16461,14 +15596,6 @@ msgstr ""
 msgid "Read Community String"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:172
-msgid "Read-Only"
-msgstr ""
-
-#: src/www/diag_nanobsd.php:168
-msgid "Read/Write"
-msgstr ""
-
 #: src/www/status_openvpn.php:162
 #: src/www/status_openvpn.php:232
 msgid "Real Address"
@@ -16598,14 +15725,6 @@ msgstr ""
 msgid "Regulatory settings"
 msgstr ""
 
-#: src/www/pkg_mgr_installed.php:213
-msgid "Reinstall ".ucfirst($pkg['name'])." package."
-msgstr ""
-
-#: src/www/pkg_mgr_installed.php:216
-msgid "Reinstall ".ucfirst($pkg['name'])."'s GUI components."
-msgstr ""
-
 #: src/www/diag_backup.php:803
 msgid "Reinstall packages"
 msgstr ""
@@ -16614,10 +15733,6 @@ msgstr ""
 msgid "Reinstall"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1233
-msgid "Reinstalling package"
-msgstr ""
-
 #: src/www/interfaces.php:1986
 msgid "Reject Leases From"
 msgstr ""
@@ -16770,10 +15885,6 @@ msgstr ""
 msgid "Remote tunnel network"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1081
-msgid "Remove '%s'"
-msgstr ""
-
 #: src/www/diag_confbak.php:190
 msgid "Remove Configuration Backup"
 msgstr ""
@@ -16823,18 +15934,6 @@ msgstr ""
 msgid "Removed cron job for %s"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:953
-msgid "Removing %s components..."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:952
-msgid "Removing %s package... "
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1079
-msgid "Removing package instructions..."
-msgstr ""
-
 #: src/www/status_interfaces.php:99
 #: src/www/status_interfaces.php:115
 msgid "Renew"
@@ -16983,14 +16082,6 @@ msgstr ""
 msgid "Resolver"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:414
-msgid "Resolving POP3 authentication host \"%s\"..."
-msgstr ""
-
-#: src/etc/inc/smtp.inc:452
-msgid "Resolving SMTP server domain \"%s\"..."
-msgstr ""
-
 #: src/etc/inc/service-utils.inc:546
 msgid "Restart %sService"
 msgstr ""
@@ -16999,14 +16090,6 @@ msgstr ""
 msgid "Restart HTTPD"
 msgstr ""
 
-#: src/www/restart_httpd.php:31
-msgid "Restarting httpd"
-msgstr ""
-
-#: src/www/restart_httpd.php:48
-msgid "Restarting mini_httpd"
-msgstr ""
-
 #: src/etc/rc.restore_config_backup:93
 msgid "Restore Backup from Configuration History"
 msgstr ""
@@ -17015,7 +16098,7 @@ msgstr ""
 msgid "Restore Backup"
 msgstr ""
 
-#: src/www/system_firmware_tabs.php:35
+#: src/www/system_firmware_tabs.inc:35
 msgid "Restore Full Backup"
 msgstr ""
 
@@ -17053,18 +16136,10 @@ msgstr ""
 msgid "Restore from Configuration Backup"
 msgstr ""
 
-#: src/www/system_firmware_restorefullbackup.php:89
-msgid "Restore full backup"
-msgstr ""
-
 #: src/www/diag_backup.php:241
 msgid "Restore version"
 msgstr ""
 
-#: src/www/system_firmware_restorefullbackup.php:175
-msgid "Restore"
-msgstr ""
-
 #: src/etc/inc/pfsense-utils.inc:502
 #: src/etc/inc/pfsense-utils.inc:526
 msgid "Restored %s of config file (maybe from CARP partner)"
@@ -17078,28 +16153,10 @@ msgstr ""
 msgid "Result Match"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:201
-msgid "Resyncing configuration for all packages."
-msgstr ""
-
 #: src/www/load_balancer_pool_edit.php:239
 msgid "Retry"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_server.inc:66
-msgid ""
-"Returns an array of known"
-" signatures (an array of arrays) for the method name passed. If"
-" no signatures are known, returns a none-array (test for type !="
-" array to detect missing signature)"
-msgstr ""
-
-#: src/etc/inc/xmlrpc_server.inc:86
-msgid ""
-"Returns help text if defined"
-" for the method passed, otherwise returns an empty string"
-msgstr ""
-
 #: src/www/diag_traceroute.php:138
 msgid "Reverse Address Lookup"
 msgstr ""
@@ -17280,10 +16337,6 @@ msgstr ""
 msgid "Run ''net stop dnscache'', ''net start dnscache'', ''ipconfig /flushdns'' and ''ipconfig /registerdns'' on connection initiation. This is known to kick Windows into recognizing pushed DNS servers."
 msgstr ""
 
-#: src/etc/inc/filter.inc:385
-msgid "Running plugins (pf)"
-msgstr ""
-
 #: src/etc/inc/filter.inc:381
 msgid "Running plugins"
 msgstr ""
@@ -17301,7 +16354,6 @@ msgid "S.M.A.R.T. Monitor Tools"
 msgstr ""
 
 #: src/www/diag_ipsec_sad.php:33
-#: src/www/diag_ipsec_tabs.php:30
 msgid "SAD"
 msgstr ""
 
@@ -17360,7 +16412,6 @@ msgid "SNMP"
 msgstr ""
 
 #: src/www/diag_ipsec_spd.php:33
-#: src/www/diag_ipsec_tabs.php:31
 msgid "SPD"
 msgstr ""
 
@@ -17433,7 +16484,6 @@ msgstr ""
 
 #: src/www/diag_confbak.php:222
 #: src/www/diag_logs_settings.php:445
-#: src/www/diag_nanobsd.php:185
 #: src/www/diag_smart.php:233
 #: src/www/firewall_aliases_edit.php:749
 #: src/www/firewall_aliases_import.php:213
@@ -17466,9 +16516,7 @@ msgstr ""
 #: src/www/load_balancer_relay_protocol_edit.php:282
 #: src/www/load_balancer_setting.php:155
 #: src/www/pkg_edit.php:437
-#: src/www/pkg_mgr_settings.php:131
 #: src/www/services_captiveportal.php:1065
-#: src/www/services_captiveportal_hostname_edit.php:209
 #: src/www/services_captiveportal_ip_edit.php:230
 #: src/www/services_captiveportal_mac_edit.php:249
 #: src/www/services_captiveportal_vouchers.php:605
@@ -17499,7 +16547,7 @@ msgstr ""
 #: src/www/services_wol_edit.php:164
 #: src/www/status_lb_pool.php:221
 #: src/www/status_rrd_graph_settings.php:192
-#: src/www/system.php:497
+#: src/www/system_general.php:497
 #: src/www/system_advanced_admin.php:581
 #: src/www/system_advanced_firewall.php:529
 #: src/www/system_advanced_misc.php:594
@@ -17544,18 +16592,6 @@ msgstr ""
 msgid "Save"
 msgstr ""
 
-#: src/www/pkg.php:186
-msgid "Saving changes..."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:630
-msgid "Saving updated package information..."
-msgstr ""
-
-#: src/etc/inc/xmlrpc_client.inc:1593
-msgid "Scalar can have only one value"
-msgstr ""
-
 #: src/www/widgets/widgets/traffic_graphs.widget.php:137
 msgid "Scale follow"
 msgstr ""
@@ -17765,7 +16801,7 @@ msgstr ""
 msgid "Select the interface(s) to enable for captive portal."
 msgstr ""
 
-#: src/www/system.php:420
+#: src/www/system_general.php:420
 msgid "Select the location closest to you"
 msgstr ""
 
@@ -18116,8 +17152,6 @@ msgstr ""
 #: src/www/load_balancer_virtual_server_edit.php:132
 #: src/www/services_captiveportal.php:56
 #: src/www/services_captiveportal_filemanager.php:59
-#: src/www/services_captiveportal_hostname.php:49
-#: src/www/services_captiveportal_hostname_edit.php:46
 #: src/www/services_captiveportal_ip.php:48
 #: src/www/services_captiveportal_ip_edit.php:47
 #: src/www/services_captiveportal_mac.php:52
@@ -18156,8 +17190,6 @@ msgstr ""
 msgid "Services"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:859
-#: src/etc/inc/pkg-utils.inc:999
 #: src/www/fbegin.inc:245
 msgid "Services... "
 msgstr ""
@@ -18376,10 +17408,6 @@ msgstr ""
 msgid "Setting hard disk standby... "
 msgstr ""
 
-#: src/www/diag_nanobsd.php:56
-msgid "Setting slice information, please wait..."
-msgstr ""
-
 #: src/www/interfaces.php:3226
 msgid "Setting this option will enable 802.1x authentication."
 msgstr ""
@@ -18417,13 +17445,12 @@ msgid "Setting up pass/block rules %s"
 msgstr ""
 
 #: src/www/diag_logs_settings.php:171
-#: src/www/diag_logs_tabs.php:39
 #: src/www/load_balancer_monitor.php:108
 #: src/www/load_balancer_pool.php:119
 #: src/www/load_balancer_setting.php:85
 #: src/www/load_balancer_setting.php:113
 #: src/www/load_balancer_virtual_server.php:118
-#: src/www/status_rrd_graph_tabs.php:40
+#: src/www/status_rrd_graph_tabs.inc:40
 #: src/www/system_authservers.php:451
 #: src/www/system_firmware_settings.php:64
 #: src/www/system_groupmanager.php:249
@@ -18683,7 +17710,6 @@ msgstr ""
 #: src/www/diag_system_pftop.php:131
 #: src/www/diag_system_pftop.php:146
 #: src/www/services_captiveportal_filemanager.php:190
-#: src/www/system_firmware_restorefullbackup.php:129
 msgid "Size"
 msgstr ""
 
@@ -18716,10 +17742,6 @@ msgstr ""
 msgid "Some network adapters do not support or work well in promiscuous mode."
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:196
-msgid "Something is wrong on the request."
-msgstr ""
-
 #: src/etc/inc/interfaces.inc:2167
 msgid "Sorry but we could not find a required assigned ip address on the interface for the virtual IP address %s."
 msgstr ""
@@ -19031,10 +18053,6 @@ msgstr ""
 msgid "Starting initial configuration"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:921
-msgid "Starting package deletion for %s..."
-msgstr ""
-
 #: src/etc/inc/system.inc:621
 msgid "Starting syslog..."
 msgstr ""
@@ -19218,7 +18236,6 @@ msgstr ""
 #: src/www/diag_logs_wireless.php:42
 #: src/www/easyrule.php:77
 #: src/www/fbegin.inc:437
-#: src/www/pkg_mgr.php:203
 #: src/www/status_captiveportal_expire.php:49
 #: src/www/status_captiveportal_test.php:49
 #: src/www/status_captiveportal_voucher_rolls.php:48
@@ -19361,7 +18378,6 @@ msgstr ""
 #: src/www/firewall_rules_edit.php:1240
 #: src/www/firewall_rules_edit.php:1716
 #: src/www/firewall_virtual_ip_edit.php:474
-#: src/www/halt.php:59
 #: src/www/interfaces.php:3322
 #: src/www/interfaces_assign.php:556
 #: src/www/interfaces_bridge_edit.php:606
@@ -19377,11 +18393,9 @@ msgstr ""
 #: src/www/load_balancer_relay_protocol_edit.php:282
 #: src/www/load_balancer_setting.php:155
 #: src/www/load_balancer_virtual_server_edit.php:280
-#: src/www/pkg_mgr_settings.php:131
 #: src/www/reboot.php:57
 #: src/www/services_captiveportal.php:1065
 #: src/www/services_captiveportal_filemanager.php:173
-#: src/www/services_captiveportal_hostname_edit.php:209
 #: src/www/services_captiveportal_ip_edit.php:230
 #: src/www/services_captiveportal_mac_edit.php:249
 #: src/www/services_captiveportal_vouchers.php:605
@@ -19412,15 +18426,12 @@ msgstr ""
 #: src/www/status_lb_pool.php:221
 #: src/www/status_rrd_graph.php:537
 #: src/www/status_rrd_graph_settings.php:192
-#: src/www/system.php:497
+#: src/www/system_general.php:497
 #: src/www/system_advanced_admin.php:581
 #: src/www/system_advanced_firewall.php:529
 #: src/www/system_advanced_misc.php:594
 #: src/www/system_advanced_network.php:273
 #: src/www/system_advanced_sysctl.php:223
-#: src/www/system_firmware.php:234
-#: src/www/system_firmware.php:239
-#: src/www/system_firmware.php:256
 #: src/www/system_firmware_settings.php:261
 #: src/www/system_gateway_groups_edit.php:342
 #: src/www/system_gateways_edit.php:862
@@ -19560,14 +18571,6 @@ msgstr ""
 msgid "Swedish"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:170
-msgid "Switch to Read-Only"
-msgstr ""
-
-#: src/www/diag_nanobsd.php:174
-msgid "Switch to Read/Write"
-msgstr ""
-
 #: src/www/graph.php:109
 msgid "Switch to bytes/s"
 msgstr ""
@@ -19592,10 +18595,6 @@ msgstr ""
 msgid "Synchronize Voucher Database IP"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:221
-msgid "Syncing packages:"
-msgstr ""
-
 #: src/etc/inc/system.inc:1653
 msgid "Syncing system time before startup..."
 msgstr ""
@@ -19604,10 +18603,6 @@ msgstr ""
 msgid "Syslog"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:220
-msgid "System > Advanced, Miscellaneous tab"
-msgstr ""
-
 #: src/www/fbegin.inc:278
 msgid "System Activity"
 msgstr ""
@@ -19635,7 +18630,7 @@ msgstr ""
 msgid "System Sounds"
 msgstr ""
 
-#: src/www/system_advanced_tabs.php:13
+#: src/www/system_advanced_tabs.inc:13
 msgid "System Tunables"
 msgstr ""
 
@@ -19647,11 +18642,6 @@ msgstr ""
 msgid "System events"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:744
-#: src/etc/inc/pkg-utils.inc:1059
-msgid "System files... "
-msgstr ""
-
 #: src/www/services_snmp.php:310
 msgid "System location"
 msgstr ""
@@ -19685,21 +18675,14 @@ msgid "System will be configured as a DHCP server on the default LAN interface"
 msgstr ""
 
 #: src/www/diag_backup.php:182
-#: src/www/diag_logs_tabs.php:29
 #: src/www/fbegin.inc:332
 #: src/www/fbegin.inc:392
-#: src/www/pkg_mgr.php:47
-#: src/www/pkg_mgr.php:88
-#: src/www/pkg_mgr_install.php:44
-#: src/www/pkg_mgr_installed.php:41
-#: src/www/pkg_mgr_installed.php:70
-#: src/www/pkg_mgr_settings.php:51
 #: src/www/status_rrd_graph_img.php:38
 #: src/www/status_rrd_graph_settings.php:40
-#: src/www/status_rrd_graph_tabs.php:4
-#: src/www/system.php:62
-#: src/www/system.php:264
-#: src/www/system.php:289
+#: src/www/status_rrd_graph_tabs.inc:4
+#: src/www/system_general.php:62
+#: src/www/system_general.php:264
+#: src/www/system_general.php:289
 #: src/www/system_advanced_admin.php:268
 #: src/www/system_advanced_firewall.php:219
 #: src/www/system_advanced_misc.php:225
@@ -19710,8 +18693,6 @@ msgstr ""
 #: src/www/system_camanager.php:41
 #: src/www/system_certmanager.php:44
 #: src/www/system_crlmanager.php:35
-#: src/www/system_firmware.php:88
-#: src/www/system_firmware.php:166
 #: src/www/system_firmware_check.php:98
 #: src/www/system_firmware_settings.php:64
 #: src/www/system_gateway_groups.php:89
@@ -19745,10 +18726,6 @@ msgstr ""
 msgid "System: Firmware: Auto Update"
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:119
-msgid "System: Packages"
-msgstr ""
-
 #: src/www/diag_logs_filter_dynamic.php:144
 msgid "TCP Flags"
 msgstr ""
@@ -19836,10 +18813,6 @@ msgstr ""
 msgid "Tables"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:965
-msgid "Tabs items... "
-msgstr ""
-
 #: src/www/interfaces_qinq.php:126
 #: src/www/interfaces_qinq_edit.php:353
 msgid "Tag"
@@ -19933,32 +18906,10 @@ msgstr ""
 msgid "That username is reserved by the system."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:263
-msgid ""
-"The %1$s package is missing required dependencies and must be reinstalled. %2$s"
-msgstr ""
-
 #: src/www/interfaces.php:1556
 msgid "The %s configuration has been changed."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:383
-msgid "The %s package is missing its configuration file and must be reinstalled."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:288
-#: src/etc/inc/pkg-utils.inc:416
-msgid "The %s package is missing required dependencies and must be reinstalled."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:941
-msgid "The %s package is not installed.%sDeletion aborted."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:691
-msgid "The %s package is not installed.%sInstallation aborted."
-msgstr ""
-
 #: src/www/firewall_nat_1to1_edit.php:532
 msgid "The 1:1 mapping will only be used for connections to or from the specified destination."
 msgstr ""
@@ -20278,11 +19229,6 @@ msgstr ""
 msgid "The average packet loss probes qty needs to be positive."
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:713
-#: src/etc/inc/config.lib.inc:715
-msgid "The backup cache file %s is corrupted.  Unlinking."
-msgstr ""
-
 #: src/www/vpn_openvpn_client.php:231
 msgid "The bandwidth limit must be a positive numeric value."
 msgstr ""
@@ -20299,10 +19245,6 @@ msgstr ""
 msgid "The bogons database has been updated."
 msgstr ""
 
-#: src/www/diag_nanobsd.php:65
-msgid "The boot slice has been set to"
-msgstr ""
-
 #: src/www/services_captiveportal_mac.php:145
 msgid "The captive portal MAC address configuration has been changed.<br />You must apply the changes in order for them to take effect."
 msgstr ""
@@ -20367,10 +19309,6 @@ msgid ""
 "You may include"
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:101
-msgid "The contents of unofficial packages servers cannot be verified and may contain malicious files."
-msgstr ""
-
 #: src/www/interfaces.php:2168
 msgid "The current DUID is: '%s'"
 msgstr ""
@@ -20413,7 +19351,7 @@ msgstr ""
 msgid "The destination port range overlaps with an existing entry."
 msgstr ""
 
-#: src/www/system.php:99
+#: src/www/system_general.php:99
 msgid "The domain may only contain the characters a-z, 0-9, '-' and '.'."
 msgstr ""
 
@@ -20539,16 +19477,10 @@ msgid "The field 'WINS Server #2' must contain a valid IP address"
 msgstr ""
 
 #: src/www/diag_backup.php:614
-#: src/www/system_firmware_restorefullbackup.php:116
 msgid "The firewall configuration has been changed."
 msgstr ""
 
-#: src/www/system_firmware_restorefullbackup.php:85
-msgid "The firewall is currently restoring $filename"
-msgstr ""
-
 #: src/www/diag_backup.php:614
-#: src/www/system_firmware_restorefullbackup.php:116
 msgid "The firewall is now rebooting."
 msgstr ""
 
@@ -20571,10 +19503,6 @@ msgstr ""
 msgid "The firewall will reboot after restoring the configuration."
 msgstr ""
 
-#: src/www/system_firmware.php:156
-msgid "The firmware is now being updated. The firewall will reboot automatically."
-msgstr ""
-
 #: src/etc/inc/pfsense-utils.inc:1844
 #: src/etc/inc/pfsense-utils.inc:1876
 msgid "The following file could not be read {$f2p} from {$temp_filename}"
@@ -20691,7 +19619,7 @@ msgstr ""
 msgid "The hostname cannot end with a hyphen according to RFC952"
 msgstr ""
 
-#: src/www/system.php:96
+#: src/www/system_general.php:96
 msgid "The hostname may only contain the characters a-z, 0-9 and '-'."
 msgstr ""
 
@@ -20709,11 +19637,6 @@ msgstr ""
 msgid "The idle timeout value must be an integer."
 msgstr ""
 
-#: src/www/system_firmware.php:143
-#: src/www/system_firmware_auto.php:187
-msgid "The image file is corrupt."
-msgstr ""
-
 #: src/www/firewall_virtual_ip_edit.php:120
 msgid "The interface chosen for the VIP has no IPv4 or IPv6 address configured so it cannot be used as a parent for the VIP."
 msgstr ""
@@ -20915,15 +19838,10 @@ msgstr ""
 msgid "The options on this page are intended for use by advanced users only. This page is for managing existing mirrors, not creating new mirrors."
 msgstr ""
 
-#: src/www/diag_nanobsd.php:125
-#: src/www/system_advanced_tabs.php:3
+#: src/www/system_advanced_tabs.inc:3
 msgid "The options on this page are intended for use by advanced users only."
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:102
-msgid "The package server settings should remain at their default values to ensure that verifiable and trusted packages are recevied."
-msgstr ""
-
 #: src/www/diag_packet_capture.php:370
 msgid "The packet capture file was last updated:"
 msgstr ""
@@ -21031,10 +19949,6 @@ msgid ""
 "The remote gateway \"%1$s\" is already used by phase1 \"%2$s\"."
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:157
-msgid "The requested method didn't return an XML_RPC_Response object."
-msgstr ""
-
 #: src/www/load_balancer_pool_edit.php:91
 msgid "The retry value must be an integer between 1 and 65535."
 msgstr ""
@@ -21068,10 +19982,6 @@ msgstr ""
 msgid "The settings have been applied. The firewall rules are now reloading in the background.<br />You can also %s monitor %s the reload progress"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:81
-msgid "The slice has been duplicated."
-msgstr ""
-
 #: src/www/diag_resetstate.php:46
 msgid "The source tracking table has been flushed successfully."
 msgstr ""
@@ -21126,10 +20036,6 @@ msgstr ""
 msgid "The static route configuration has been changed.%sYou must apply the changes in order for them to take effect."
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:1330
-msgid "The submitted request did not contain this parameter"
-msgstr ""
-
 #: src/www/services_dhcp.php:314
 msgid "The subnet range cannot overlap with virtual IP address %s."
 msgstr ""
@@ -21147,10 +20053,6 @@ msgstr ""
 msgid "The system has been reset to factory defaults and is now rebooting. This may take a few minutes, depending on your hardware."
 msgstr ""
 
-#: src/www/halt.php:48
-msgid "The system is halting now. This may take one minute."
-msgstr ""
-
 #: src/www/interfaces_assign.php:422
 msgid "The system is now rebooting.  Please wait."
 msgstr ""
@@ -21171,7 +20073,7 @@ msgstr ""
 msgid "The test was not performed because it is supported only for ldap based backends."
 msgstr ""
 
-#: src/www/system.php:144
+#: src/www/system_general.php:144
 msgid "The time update interval must be either 0 (disabled) or between 6 and 1440."
 msgstr ""
 
@@ -21214,23 +20116,6 @@ msgstr ""
 msgid "The uploaded file does not appear to contain an encrypted OPNsense configuration."
 msgstr ""
 
-#:rc/www/system_firmware.php:70
-msgid ""
-"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"
-msgstr ""
-
-#: src/www/system_firmware.php:68
-msgid "The uploaded file exceeds the upload_max_filesize directive in php.ini"
-msgstr ""
-
-#: src/www/system_firmware.php:72
-msgid "The uploaded file was only partially uploaded"
-msgstr ""
-
-#: src/www/system_firmware.php:133
-msgid "The uploaded image file is not for this platform."
-msgstr ""
-
 #: src/www/services_dyndns_edit.php:119
 #: src/www/system_usermanager.php:188
 #: src/www/vpn_l2tp_users_edit.php:82
@@ -21356,19 +20241,10 @@ msgstr ""
 msgid "The zone name can only contain letters, digits, and underscores (_)."
 msgstr ""
 
-#: src/www/system.php:468
+#: src/www/system_general.php:468
 msgid "Theme"
 msgstr ""
 
-#: src/www/pkg_mgr.php:213
-#: src/www/pkg_mgr.php:288
-msgid "There are currently no packages available for installation."
-msgstr ""
-
-#: src/www/pkg_mgr_installed.php:227
-msgid "There are no packages currently installed."
-msgstr ""
-
 #: src/www/vpn_ipsec_phase1.php:213
 msgid "There is a Phase 2 using IPv4, you cannot use IPv6."
 msgstr ""
@@ -21393,10 +20269,6 @@ msgstr ""
 msgid "There was an error performing the chosen mirror operation. Check the System Log for details."
 msgstr ""
 
-#: src/www/diag_nanobsd.php:83
-msgid "There was an error while duplicating the slice.  Operation aborted."
-msgstr ""
-
 #: src/etc/inc/filter.inc:3587
 msgid "There was an error while parsing the package filter rules for %s."
 msgstr ""
@@ -21527,10 +20399,6 @@ msgstr ""
 msgid "These options enable additional messages from NTP to be written to the System Log"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:220
-msgid "These options have been relocated to"
-msgstr ""
-
 #: src/www/system_advanced_misc.php:440
 msgid ""
 "These settings have moved to <a href=\"vpn_ipsec_settings.php\">VPN &gt; IPsec on the Advanced Settings tab</a>."
@@ -21895,10 +20763,6 @@ msgstr ""
 msgid "This is usually"
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:119
-msgid "This is where %s will check for packages when the"
-msgstr ""
-
 #: src/www/system_firmware_settings.php:156
 msgid "This is where"
 msgstr ""
@@ -21927,20 +20791,6 @@ msgstr ""
 msgid "This may be useful if, for some reason, you want ntpd to prefer a different clock"
 msgstr ""
 
-#: src/www/system_firmware.php:201
-msgid ""
-"This means that the image you uploaded "
-"is not an official/supported image and may lead to unexpected behavior or security "
-"compromises. Only install images that come from sources that you trust, and make sure "
-"that the image has not been tampered with."
-msgstr ""
-
-#: src/etc/inc/xmlrpc_server.inc:48
-msgid ""
-"This method lists all the"
-" methods that the XML-RPC server knows how to dispatch"
-msgstr ""
-
 #: src/www/load_balancer_monitor_edit.php:84
 msgid "This monitor name has already been used.  Monitor names must be unique."
 msgstr ""
@@ -22077,10 +20927,6 @@ msgstr ""
 msgid "This option will suppress ARP log messages when multiple interfaces reside on the same broadcast domain"
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:100
-msgid "This page allows an alternate package repository to be configured, primarily for temporary use as a testing mechanism."
-msgstr ""
-
 #: src/www/diag_testport.php:92
 msgid "This page allows you to perform a simple TCP connection test to determine if a host is up and accepting connections on a given port. This test does not function for UDP since there is no way to reliably determine if a UDP port accepts connections in this manner."
 msgstr ""
@@ -22202,7 +21048,7 @@ msgstr ""
 msgid "This will be used if the field is left blank."
 msgstr ""
 
-#: src/www/system.php:489
+#: src/www/system_general.php:489
 msgid "This will change the look and feel of"
 msgstr ""
 
@@ -22218,10 +21064,6 @@ msgstr ""
 msgid "This will disable the autoedge status of interfaces."
 msgstr ""
 
-#: src/www/diag_nanobsd.php:206
-msgid "This will duplicate the bootup slice to the alternate slice.  Use this if you would like to duplicate the known good working boot partition to the alternate."
-msgstr ""
-
 #: src/www/system_gateways_edit.php:741
 msgid "This will force this gateway to be considered Down"
 msgstr ""
@@ -22238,10 +21080,6 @@ msgstr ""
 msgid "This will select the above gateway as the default gateway"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:144
-msgid "This will switch the bootup slice to the alternate slice."
-msgstr ""
-
 #: src/www/system_advanced_network.php:238
 #: src/www/system_advanced_network.php:249
 #: src/www/system_advanced_network.php:260
@@ -22261,7 +21099,6 @@ msgid "Threshold"
 msgstr ""
 
 #: src/www/firewall_schedule_edit.php:861
-#: src/www/javascript/jquery/jquery-ui-1.11.1.min.js:6
 msgid "Thu"
 msgstr ""
 
@@ -22330,7 +21167,7 @@ msgstr ""
 msgid "Time to live for when a delegation is considered to be lame. The default is 15 minutes."
 msgstr ""
 
-#: src/www/system.php:408
+#: src/www/system_general.php:408
 msgid "Time zone"
 msgstr ""
 
@@ -22389,8 +21226,6 @@ msgstr ""
 msgid "To view the differences between an older configuration and a newer configuration, select the older configuration using the left column of radio options and select the newer configuration in the right column, then press the Diff button."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:170
-#: src/www/services_captiveportal_hostname_edit.php:179
 #: src/www/system_gateways_edit.php:775
 #: src/www/system_gateways_edit.php:787
 msgid "To"
@@ -22477,7 +21312,7 @@ msgid "Traffic shaping is not configured."
 msgstr ""
 
 #: src/www/status_rrd_graph_settings.php:41
-#: src/www/status_rrd_graph_tabs.php:6
+#: src/www/status_rrd_graph_tabs.inc:6
 msgid "Traffic"
 msgstr ""
 
@@ -22587,9 +21422,10 @@ msgstr ""
 msgid "Tunnel to..."
 msgstr ""
 
-#: src/www/vpn_ipsec_phase1.php:525
-#: src/www/vpn_ipsec_phase2.php:487
-#: src/www/vpn_ipsec_tabs.php:3
+#: src/www/vpn_ipsec_phase1.php:532
+#: src/www/vpn_ipsec_phase2.php:492
+#: src/www/vpn_ipsec_tabs.inc:3
+#: src/www/widgets/widgets/ipsec.widget.php:42
 msgid "Tunnels"
 msgstr ""
 
@@ -22711,32 +21547,14 @@ msgstr ""
 msgid "Unable to change mode to %s.  You may already have the maximum number of wireless clones supported in this mode."
 msgstr ""
 
-#: src/www/system_firmware_auto.php:141
-#: src/www/system_firmware_auto.php:150
-msgid "Unable to check for updates."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:1212
-#: src/www/pkg_mgr.php:76
-msgid "Unable to communicate with %1$s. Please verify DNS and interface configuration, and that %2$s has functional Internet connectivity."
-msgstr ""
-
 #: src/www/firewall_aliases_edit.php:167
 msgid "Unable to fetch usable data."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:876
-msgid "Unable to load package configuration. Installation aborted."
-msgstr ""
-
 #: src/etc/inc/config.lib.inc:487
 msgid "Unable to open /conf/config.xml for writing in write_config()"
 msgstr ""
 
-#: src/www/pkg_mgr.php:73
-msgid "Unable to retrieve package info from %s. Cached data will be used."
-msgstr ""
-
 #: src/etc/rc.restore_config_backup:79
 #: src/www/diag_confbak.php:54
 msgid "Unable to revert to the selected configuration."
@@ -22763,10 +21581,6 @@ msgstr ""
 msgid "Unfortunately we have detected a programming bug."
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1230
-msgid "Uninstalling package"
-msgstr ""
-
 #: src/www/vpn_ipsec_phase2.php:122
 msgid "Unique Identifier"
 msgstr ""
@@ -22779,18 +21593,10 @@ msgstr ""
 msgid "Unknown block error."
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:152
-msgid "Unknown method"
-msgstr ""
-
 #: src/etc/inc/easyrule.inc:374
 msgid "Unknown pass error."
 msgstr ""
 
-#: src/www/system_firmware.php:82
-msgid "Unknown upload error"
-msgstr ""
-
 #: src/etc/rc.restore_config_backup:16
 #: src/www/diag_confbak.php:278
 #: src/www/widgets/widgets/gateways.widget.php:119
@@ -22842,14 +21648,6 @@ msgstr ""
 msgid "Update URL"
 msgstr ""
 
-#: src/www/system_firmware_auto.php:188
-msgid "Update cannot continue"
-msgstr ""
-
-#: src/www/system_firmware_auto.php:181
-msgid "Update cannot continue.  You can disable this check on the Updater Settings tab."
-msgstr ""
-
 #: src/www/diag_routes.php:198
 #: src/www/system_certmanager.php:397
 #: src/www/system_certmanager.php:996
@@ -22872,7 +21670,7 @@ msgstr ""
 msgid "Updated"
 msgstr ""
 
-#: src/www/system_firmware_tabs.php:34
+#: src/www/system_firmware_tabs.inc:34
 msgid "Updater Settings"
 msgstr ""
 
@@ -22890,19 +21688,10 @@ msgstr ""
 msgid "Upgrade Now"
 msgstr ""
 
-#: src/www/system_firmware.php:256
-#: src/www/system_firmware.php:257
-msgid "Upgrade firmware"
-msgstr ""
-
 #: src/www/system_firmware_check.php:86
 msgid "Upgrade pkg and recheck, there maybe other updates available."
 msgstr ""
 
-#: src/www/system_firmware.php:114
-msgid "Upgrade"
-msgstr ""
-
 #: src/etc/inc/upgrade_config.inc:1212
 msgid "Upgraded Dyndns %s"
 msgstr ""
@@ -22919,10 +21708,6 @@ msgstr ""
 msgid "Upgrading m0n0wall configuration to OPNsense."
 msgstr ""
 
-#: src/etc/inc/config.inc:62
-msgid "Upgrading m0n0wall configuration to pfSense... "
-msgstr ""
-
 #: src/www/diag_patterns.php:32
 #: src/www/diag_patterns.php:87
 msgid "Upload Pattern file"
@@ -22946,7 +21731,6 @@ msgstr ""
 msgid "Upload layer7 pattern file"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:96
 #: src/www/services_captiveportal_ip_edit.php:98
 #: src/www/services_captiveportal_mac_edit.php:110
 msgid "Upload speed needs to be an integer"
@@ -23040,15 +21824,11 @@ msgstr ""
 msgid "Use a different management port on clients. The default port is 166. Specify a different port if the client machines need to select from multiple OpenVPN links."
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:114
-msgid "Use a non-official server for packages"
-msgstr ""
-
 #: src/www/diag_routes.php:192
 msgid "Use a regular expression to filter IP address or hostnames."
 msgstr ""
 
-#: src/www/system.php:443
+#: src/www/system_general.php:443
 msgid ""
 "Use a space to separate multiple hosts (only one "
 "required). Remember to set up at least one DNS server "
@@ -23069,7 +21849,7 @@ msgstr ""
 msgid "Use calculated value."
 msgstr ""
 
-#: src/www/system.php:324
+#: src/www/system_general.php:324
 msgid "Use gateway"
 msgstr ""
 
@@ -23121,19 +21901,10 @@ msgid ""
 "be set or cleared for this rule to match."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:178
-#: src/www/services_captiveportal_hostname_edit.php:179
-msgid "Use"
-msgstr ""
-
 #: src/www/vpn_pppoe_edit.php:546
 msgid "User (s)"
 msgstr ""
 
-#: src/etc/inc/priv/user.priv.inc:6
-msgid "User - Services - Captive portal login"
-msgstr ""
-
 #: src/www/vpn_openvpn_client.php:672
 msgid "User Authentication Settings"
 msgstr ""
@@ -23366,7 +22137,6 @@ msgstr ""
 msgid "VPN PPTP"
 msgstr ""
 
-#: src/www/diag_logs_tabs.php:35
 #: src/www/diag_logs_vpn.php:30
 #: src/www/fbegin.inc:428
 #: src/www/vpn_ipsec.php:205
@@ -23449,7 +22219,6 @@ msgid "Verify SSL peer"
 msgstr ""
 
 #: src/www/diag_confbak.php:254
-#: src/www/pkg_mgr_installed.php:119
 #: src/www/widgets/widgets/system_information.widget.php:106
 msgid "Version"
 msgstr ""
@@ -23472,10 +22241,6 @@ msgstr ""
 msgid "View current page"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:231
-msgid "View previous upgrade log"
-msgstr ""
-
 #: src/www/firewall_rules_edit.php:867
 msgid "View the NAT rule"
 msgstr ""
@@ -23488,10 +22253,6 @@ msgstr ""
 msgid "View type:"
 msgstr ""
 
-#: src/www/diag_nanobsd.php:228
-msgid "View upgrade log"
-msgstr ""
-
 #: src/www/diag_smart.php:320
 #: src/www/diag_smart.php:424
 msgid "View"
@@ -23611,7 +22372,6 @@ msgstr ""
 #: src/www/services_captiveportal.php:505
 #: src/www/services_captiveportal.php:655
 #: src/www/services_captiveportal_filemanager.php:151
-#: src/www/services_captiveportal_hostname.php:90
 #: src/www/services_captiveportal_ip.php:91
 #: src/www/services_captiveportal_mac.php:157
 #: src/www/services_captiveportal_vouchers.php:83
@@ -23624,8 +22384,8 @@ msgstr ""
 msgid "WAN interface will be set to obtain an address automatically from a DHCP server"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:485
-msgid "WARNING: Config contents could not be save. Could not open file!"
+#: src/etc/inc/config.lib.inc:180
+msgid "WARNING: Config contents could not be saved. Could not open file!"
 msgstr ""
 
 #: src/etc/inc/util.inc:86
@@ -23763,10 +22523,6 @@ msgstr ""
 msgid "Warning: this will terminate all current l2tp sessions!"
 msgstr ""
 
-#: src/www/system_firmware.php:271
-msgid "Warning:"
-msgstr ""
-
 #: src/etc/inc/priv.defs.inc:432
 msgid "WebCfg - AJAX: Get Service Providers"
 msgstr ""
@@ -24945,7 +23701,7 @@ msgstr ""
 #: src/www/interfaces_wireless.php:66
 #: src/www/interfaces_wireless.php:93
 #: src/www/interfaces_wireless_edit.php:138
-#: src/www/status_rrd_graph_tabs.php:19
+#: src/www/status_rrd_graph_tabs.inc:19
 #: src/www/status_wireless.php:31
 msgid "Wireless"
 msgstr ""
@@ -24989,10 +23745,6 @@ msgstr ""
 msgid "Would you like to submit the programming debug logs to the OPNsense developers for inspection?"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:655
-msgid "Writing configuration... "
-msgstr ""
-
 #: src/www/bandwidth_by_ip.php:47
 msgid "Wrong Interface"
 msgstr ""
@@ -25001,22 +23753,10 @@ msgstr ""
 msgid "Wrong data submitted"
 msgstr ""
 
-#: src/etc/inc/array_intersect_key.inc:37
-msgid "Wrong parameter count for array_intersect_key()"
-msgstr ""
-
 #: src/etc/inc/interfaces.inc:1191
 msgid "Wrong parameters used during interface_bring_down"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:215
-msgid "XML configuration file not found.  %s cannot continue booting."
-msgstr ""
-
-#: src/etc/inc/xmlrpc_client.inc:1497
-msgid "XML error at line 1, check URL"
-msgstr ""
-
 #: src/etc/inc/xmlparse.inc:93
 #: src/etc/inc/xmlparse_attr.inc:73
 msgid "XML error: %1$s at line %2$d cannot occur more than once"
@@ -25040,10 +23780,6 @@ msgstr ""
 msgid "XML error: no %s object found!"
 msgstr ""
 
-#: src/etc/inc/config.lib.inc:660
-msgid "XML error: unable to open file"
-msgstr ""
-
 #: src/etc/inc/pfsense-utils.inc:640
 msgid "XMLRPC communication error: %s"
 msgstr ""
@@ -25100,12 +23836,8 @@ msgstr ""
 #: src/www/diag_defaults.php:47
 #: src/www/diag_defaults.php:59
 #: src/www/diag_defaults.php:73
-#: src/www/halt.php:47
-#: src/www/halt.php:59
-#: src/www/pkg.php:424
 #: src/www/reboot.php:47
 #: src/www/reboot.php:57
-#: src/www/system_firmware.php:213
 msgid "Yes"
 msgstr ""
 
@@ -25121,10 +23853,6 @@ msgstr ""
 msgid "You are editing an existing entry and modifying the interface is not allowed."
 msgstr ""
 
-#: src/www/system_firmware_auto.php:167
-msgid "You are on the latest version."
-msgstr ""
-
 #: src/www/firewall_shaper_layer7.php:54
 msgid "You can add new layer7 protocol patterns by simply uploading the file"
 msgstr ""
@@ -25199,7 +23927,7 @@ msgstr ""
 msgid "You can not assign a IPv6 gateway group on IPv4 Address Family rule"
 msgstr ""
 
-#: src/www/system.php:135
+#: src/www/system_general.php:135
 msgid "You can not assign a gateway to DNS '%s' server which is on a directly connected network."
 msgstr ""
 
@@ -25220,11 +23948,11 @@ msgstr ""
 msgid "You can not assign the IPv6 Gateway to a IPv4 Filter rule"
 msgstr ""
 
-#: src/www/system.php:117
+#: src/www/system_general.php:117
 msgid "You can not specify IPv4 gateway '{$_POST[$dnsgwname]}' for IPv6 DNS server '{$_POST[$dnsname]}'"
 msgstr ""
 
-#: src/www/system.php:114
+#: src/www/system_general.php:114
 msgid "You can not specify IPv6 gateway '{$_POST[$dnsgwname]}' for IPv4 DNS server '{$_POST[$dnsname]}'"
 msgstr ""
 
@@ -25501,7 +24229,6 @@ msgid ""
 msgstr ""
 
 #: src/www/firewall_aliases_import.php:188
-#: src/www/services_captiveportal_hostname_edit.php:192
 #: src/www/services_captiveportal_ip_edit.php:208
 #: src/www/services_captiveportal_mac_edit.php:225
 #: src/www/services_captiveportal_zones_edit.php:115
@@ -25636,10 +24363,6 @@ msgstr ""
 msgid "You must provide a valid URL."
 msgstr ""
 
-#: src/www/system_firmware.php:259
-msgid "You must reboot the system before you can upgrade the firmware."
-msgstr ""
-
 #: src/www/vpn_openvpn_server.php:238
 msgid "You must select a Backend for Authentication if the server mode requires User Auth."
 msgstr ""
@@ -25955,7 +24678,6 @@ msgstr ""
 msgid "all"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:105
 #: src/www/services_captiveportal_ip_edit.php:108
 msgid "already allowed"
 msgstr ""
@@ -25977,14 +24699,6 @@ msgstr ""
 msgid "and almost never equal to the destination port range (and should usually be"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:706
-msgid "and its dependencies."
-msgstr ""
-
-#: src/etc/inc/pkg-utils.inc:707
-msgid "and its dependencies... "
-msgstr ""
-
 #: src/www/services_dhcp.php:1089
 msgid "and the UEFI 32bit filename  "
 msgstr ""
@@ -26016,8 +24730,6 @@ msgstr ""
 #: src/www/firewall_rules_edit.php:1188
 #: src/www/firewall_rules_edit.php:1201
 #: src/www/interfaces.php:3040
-#: src/www/services_captiveportal_hostname.php:145
-#: src/www/services_captiveportal_hostname.php:152
 msgid "any"
 msgstr ""
 
@@ -26030,10 +24742,6 @@ msgstr ""
 msgid "aren't allowed."
 msgstr ""
 
-#: src/etc/inc/array_intersect_key.inc:45
-msgid "array_intersect_key() Argument #"
-msgstr ""
-
 #: src/www/system_advanced_firewall.php:231
 msgid "as the name says, it is the normal optimization algorithm"
 msgstr ""
@@ -26042,10 +24750,6 @@ msgstr ""
 msgid "association removed."
 msgstr ""
 
-#: src/etc/inc/smtp.inc:290
-msgid "authenticated mechanism %1$s may not be used: %2$s"
-msgstr ""
-
 #: src/www/diag_authentication.php:46
 msgid "authenticated successfully."
 msgstr ""
@@ -26155,31 +24859,6 @@ msgstr ""
 msgid "confirmation"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:686
-msgid "connection is already established and the recipient is already set"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:366
-msgid "connection is already established"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:640
-msgid "connection is not in the initial state"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:698
-msgid "connection is not in the recipient setting state"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:757
-#: src/etc/inc/smtp.inc:768
-msgid "connection is not in the sending data state"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:727
-msgid "connection is not in the start sending data state"
-msgstr ""
-
 #: src/www/interfaces.php:2658
 #: src/www/interfaces.php:2780
 msgid "connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected."
@@ -26206,18 +24885,6 @@ msgstr ""
 msgid "could not bring realif up -- variable not defined -- interface_gif_configure()"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:257
-msgid "could not connect to the host \"%1$s\": %2$s"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:446
-msgid "could not determine the SMTP to connect"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:234
-msgid "could not resolve host \"%s\""
-msgstr ""
-
 #: src/www/guiconfig.inc:292
 #: src/www/system_certmanager.php:654
 #: src/www/vpn_ipsec_mobile.php:331
@@ -26416,10 +25083,6 @@ msgstr ""
 msgid "device not present! Is the modem attached to the system?"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:632
-msgid "direct delivery connection is already established and sender is already set"
-msgstr ""
-
 #: src/www/firewall_nat_1to1_edit.php:558
 #: src/www/firewall_nat_edit.php:823
 #: src/www/firewall_nat_edit.php:826
@@ -26431,14 +25094,6 @@ msgstr ""
 msgid "disabled route to"
 msgstr ""
 
-#: src/www/system_firmware_restorefullbackup.php:173
-msgid "do not restore config.xml."
-msgstr ""
-
-#: src/etc/inc/smtp.inc:238
-msgid "domain \"%s\" resolved to an address excluded to be valid"
-msgstr ""
-
 #: src/www/vpn_pptp.php:487
 msgid "don't forget to "
 msgstr ""
@@ -26469,29 +25124,6 @@ msgstr ""
 #: src/etc/inc/interfaces.inc:1105
 #: src/etc/inc/interfaces.inc:1118
 #: src/etc/inc/interfaces.inc:1978
-#: src/etc/inc/pkg-utils.inc:347
-#: src/etc/inc/pkg-utils.inc:635
-#: src/etc/inc/pkg-utils.inc:658
-#: src/etc/inc/pkg-utils.inc:736
-#: src/etc/inc/pkg-utils.inc:751
-#: src/etc/inc/pkg-utils.inc:785
-#: src/etc/inc/pkg-utils.inc:814
-#: src/etc/inc/pkg-utils.inc:821
-#: src/etc/inc/pkg-utils.inc:838
-#: src/etc/inc/pkg-utils.inc:854
-#: src/etc/inc/pkg-utils.inc:870
-#: src/etc/inc/pkg-utils.inc:977
-#: src/etc/inc/pkg-utils.inc:994
-#: src/etc/inc/pkg-utils.inc:1019
-#: src/etc/inc/pkg-utils.inc:1064
-#: src/etc/inc/pkg-utils.inc:1073
-#: src/etc/inc/pkg-utils.inc:1083
-#: src/etc/inc/pkg-utils.inc:1098
-#: src/etc/inc/pkg-utils.inc:1105
-#: src/etc/inc/pkg-utils.inc:1124
-#: src/etc/inc/pkg-utils.inc:1451
-#: src/etc/inc/pkg-utils.inc:1477
-#: src/etc/inc/pkg-utils.inc:1520
 #: src/etc/inc/rrd.inc:922
 #: src/etc/inc/services.inc:1298
 #: src/etc/inc/services.inc:1678
@@ -26510,10 +25142,6 @@ msgstr ""
 msgid "done.%s"
 msgstr ""
 
-#: src/www/system_firmware_auto.php:165
-msgid "download complete."
-msgstr ""
-
 #: src/www/firewall_nat_edit.php:782
 #: src/www/services_dnsmasq_domainoverride_edit.php:140
 #: src/www/services_dnsmasq_domainoverride_edit.php:147
@@ -26525,8 +25153,8 @@ msgstr ""
 #: src/www/services_unbound_host_edit.php:205
 #: src/www/services_unbound_host_edit.php:213
 #: src/www/services_unbound_host_edit.php:221
-#: src/www/system.php:300
-#: src/www/system.php:311
+#: src/www/system_general.php:300
+#: src/www/system_general.php:311
 msgid "e.g."
 msgstr ""
 
@@ -26655,18 +25283,6 @@ msgstr ""
 msgid "error page"
 msgstr ""
 
-#: src/etc/inc/meta.inc:132
-msgid "error: tag mismatch ( %1$s != %2$s ) in '%3$s'%4$s"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:222
-msgid "establishing SSL connections requires at least PHP version 4.3.0"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:225
-msgid "establishing SSL connections requires the OpenSSL extension enabled"
-msgstr ""
-
 #: src/www/system_camanager.php:528
 #: src/www/system_camanager.php:538
 #: src/www/system_camanager.php:548
@@ -26733,10 +25349,6 @@ msgstr ""
 msgid "failed!"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:1444
-msgid "failed!nnInstallation aborted.n"
-msgstr ""
-
 #: src/www/system_usermanager_settings_test.php:72
 #: src/www/system_usermanager_settings_test.php:75
 #: src/www/system_usermanager_settings_test.php:78
@@ -26802,10 +25414,6 @@ msgstr ""
 msgid "found on top of the generated/printed vouchers. WARNING: Changing this number for an existing Roll will mark all vouchers as unused again"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname.php:153
-msgid "from"
-msgstr ""
-
 #: src/www/firewall_nat_edit.php:621
 #: src/www/firewall_nat_edit.php:742
 #: src/www/firewall_rules_edit.php:1085
@@ -26898,10 +25506,6 @@ msgstr ""
 msgid "incoming (as seen by firewall)"
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:205
-msgid "installation completed."
-msgstr ""
-
 #: src/www/diag_arp.php:363
 msgid "instead of ARP"
 msgstr ""
@@ -26974,46 +25578,6 @@ msgstr ""
 msgid "is"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:266
-msgid "it is not possible to authenticate using the specified mechanism because the SASL library class is not loaded"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:681
-msgid "it is not possible to deliver directly to recipients of different domains"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:542
-msgid "it is not supported any of the authentication mechanisms required by the server"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:114
-msgid "it was not possible to read line from the SMTP server"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:136
-msgid "it was not possible to send a line to the SMTP server"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:150
-msgid "it was not possible to send data to the SMTP server"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:804
-msgid "it was not previously established a SMTP connection"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:662
-msgid "it was not specified a valid direct recipient"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:410
-msgid "it was not specified the POP3 authentication password"
-msgstr ""
-
-#: src/etc/inc/smtp.inc:404
-msgid "it was not specified the POP3 authentication user"
-msgstr ""
-
 #: src/www/firewall_rules_edit.php:1387
 #: src/www/firewall_rules_edit.php:1396
 msgid "keep state"
@@ -27055,10 +25619,6 @@ msgstr ""
 msgid "linkshare service curve defined but missing initial bandwidth (m1) value"
 msgstr ""
 
-#: src/etc/inc/meta.inc:68
-msgid "list_phpfiles: unable to examine path %s\n"
-msgstr ""
-
 #: src/www/guiconfig.inc:1041
 msgid "listing only first 10k items"
 msgstr ""
@@ -27104,11 +25664,6 @@ msgstr ""
 msgid "matched log entries."
 msgstr ""
 
-#: TODO: figure out what's going on with src/etc/inc/xmlrpc_server.inc:392
-#: src/etc/inc/xmlrpc_client.inc:1361
-msgid "mb_convert_encoding() is not available"
-msgstr ""
-
 #: src/www/interfaces_qinq_edit.php:263
 msgid "members"
 msgstr ""
@@ -27131,10 +25686,6 @@ msgstr ""
 msgid "minutes"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:260
-msgid "missing top level xmlrpc element"
-msgstr ""
-
 #: src/www/load_balancer_relay_action_edit.php:124
 msgid "modified '%s' action:"
 msgstr ""
@@ -27200,7 +25751,7 @@ msgstr ""
 msgid "move selected rules to end"
 msgstr ""
 
-#: src/www/system.php:311
+#: src/www/system_general.php:311
 msgid "mycorp.com, home, office, private, etc."
 msgstr ""
 
@@ -27364,23 +25915,10 @@ msgstr ""
 msgid "outgoing (as seen by firewall)"
 msgstr ""
 
-#: src/etc/inc/pkg-utils.inc:639
-msgid "overwrite!"
-msgstr ""
-
-#: src/www/pkg_mgr_installed.php:105
-msgid "packages"
-msgstr ""
-
 #: src/www/diag_packet_capture.php:255
 msgid "packet capture"
 msgstr ""
 
-#: src/www/pkg_mgr_settings.php:119
-#: src/www/system_firmware_settings.php:156
-msgid "page is viewed."
-msgstr ""
-
 #: src/www/firewall_rules_edit.php:1224
 #: src/www/services_captiveportal.php:1044
 #: src/www/system_advanced_firewall.php:317
@@ -27435,10 +25973,6 @@ msgstr ""
 msgid "phase2 for %s"
 msgstr ""
 
-#: src/www/pkg_mgr.php:266
-msgid "platform"
-msgstr ""
-
 #: src/www/load_balancer_setting.php:145
 msgid "prefork"
 msgstr ""
@@ -27469,10 +26003,6 @@ msgstr ""
 msgid "rate"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:108
-msgid "reached the end of data while reading from the SMTP server conection"
-msgstr ""
-
 #: src/www/status_captiveportal_voucher_rolls.php:95
 msgid "ready"
 msgstr ""
@@ -27650,18 +26180,10 @@ msgstr ""
 msgid "send Wake on LAN packet to this MAC address"
 msgstr ""
 
-#: src/etc/inc/smtp.inc:478
-msgid "server does not require authentication"
-msgstr ""
-
 #: src/etc/inc/pfsense-utils.inc:431
 msgid "setsockopt() failed, error: %s"
 msgstr ""
 
-#: src/www/pkg_mgr_install.php:280
-msgid "setup instructions"
-msgstr ""
-
 #: src/www/services_captiveportal.php:925
 msgid "singledash:"
 msgstr ""
@@ -27735,11 +26257,6 @@ msgstr ""
 msgid "that has been granted secure shell access."
 msgstr ""
 
-#: src/www/services_captiveportal_hostname.php:146
-#: src/www/services_captiveportal_hostname.php:153
-msgid "the Hostname are allowed"
-msgstr ""
-
 #: src/www/diag_defaults.php:59
 msgid "the firewall will:"
 msgstr ""
@@ -27769,14 +26286,6 @@ msgstr ""
 msgid "timeout"
 msgstr ""
 
-#: src/www/services_captiveportal_hostname_edit.php:179
-msgid "to allow access from all clients (even non-authenticated ones) behind the portal to this Hostname"
-msgstr ""
-
-#: src/www/services_captiveportal_hostname_edit.php:178
-msgid "to always allow an Hostname through the captive portal (without authentication)"
-msgstr ""
-
 #: src/www/interfaces.php:2619
 msgid "to create a PPP configuration."
 msgstr ""
@@ -27815,7 +26324,6 @@ msgstr ""
 #: src/www/diag_dump_states_sources.php:177
 #: src/www/firewall_nat_edit.php:649
 #: src/www/firewall_nat_edit.php:772
-#: src/www/services_captiveportal_hostname.php:146
 #: src/www/services_dhcp.php:839
 #: src/www/services_dhcpv6.php:596
 #: src/www/services_dhcpv6.php:603
@@ -27855,10 +26363,6 @@ msgstr ""
 msgid "type"
 msgstr ""
 
-#: src/etc/inc/meta.inc:99
-msgid "unable to read %sn"
-msgstr ""
-
 #: src/www/services_captiveportal.php:928
 msgid "unformatted:"
 msgstr ""
@@ -27940,18 +26444,6 @@ msgstr ""
 msgid "virtual full time"
 msgstr ""
 
-#: src/etc/inc/meta.inc:185
-msgid "warning: tag %1\$s has invalid data in '%2\$s'%3\$s"
-msgstr ""
-
-#: src/etc/inc/meta.inc:163
-msgid "warning: tag %1$s has malformed data in '%2$s'%3$s"
-msgstr ""
-
-#: src/etc/inc/meta.inc:143
-msgid "warning: tag %1$s has no data in '%2$s'%3$s"
-msgstr ""
-
 #: src/www/diag_defaults.php:67
 msgid "webConfigurator admin password will be reset to"
 msgstr ""
@@ -28016,12 +26508,7 @@ msgstr ""
 msgid "www.example.com"
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:268
-msgid "xmlrpc element %1$s cannot be child of %2$s"
-msgstr ""
-
 #: src/www/diag_routes.php:172
-#: src/www/pkg_mgr_settings.php:114
 #: src/www/services_captiveportal.php:828
 #: src/www/services_captiveportal.php:873
 #: src/www/services_captiveportal.php:897
@@ -28043,10 +26530,6 @@ msgstr ""
 msgid "The Captive Portal zone '%s' has Hard Timeout parameter set to a value bigger than Default lease time (%s)."
 msgstr ""
 
-#: src/etc/inc/xmlrpc_client.inc:860
-msgid "send()'s %s parameter must be an XML_RPC_Message object."
-msgstr ""
-
 #: internationalize date() calls
 #: src/etc/inc/services.inc:2246
 msgid "Created:"
@@ -28067,32 +26550,12 @@ msgstr ""
 msgid "$_POST['Submit']) == \"No\""
 msgstr ""
 
-# TODO: unqouted gettext string,
-# src/www/pkg_mgr.php:174
-#msgid ($category)
-#msgstr ""
-
-# TODO: unqouted gettext string,
-# src/www/pkg.php:437
-#msgid ($column['listmodeoff']). $column['suffix'];
-#msgstr ""
-
-# TODO: unqouted gettext string,
-# src/www/pkg.php:434
-#msgid ($column['listmodeon']). $column['suffix'];
-#msgstr ""
-
 # TODO: unqouted gettext string,
 # src/www/status_interfaces.php:76
 # src/www/system_advanced_firewall.php:516
 #msgid ($ifdesc);?></option>
 #msgstr ""
 
-# TODO: unqouted gettext string,
-# src/www/pkg_mgr.php:249
-#msgid ($index['category']).'</td>'."n";
-#msgstr ""
-
 # TODO: unqouted gettext string,
 # src/www/services_captiveportal.php:915
 # src/www/services_captiveportal.php:917:                                         
@@ -28106,12 +26569,6 @@ msgstr ""
 #msgid ($macformat),"</option>n";
 #msgstr ""
 
-# TODO: unqouted vars gettext string,
-# src/etc/inc/pkg-utils.inc:1402
-# src/etc/inc/pkg-utils.inc:1414
-#msgid ($msg)
-#msgstr ""
-
 # TODO: unqouted vars gettext string,
 # src/www/system_advanced_misc.php:213
 # src/www/system_advanced_network.php:139
@@ -28124,11 +26581,6 @@ msgstr ""
 #msgid ($text) {
 #msgstr ""
 
-# TODO: unqouted vars gettext string,
-# src/www/pkg.php:49
-#msgid ($title_msg)
-#msgstr ""
-
 # TODO: unqouted vars gettext string,
 # src/etc/inc/notices.inc:361:
 #msgid sprintf("%s (%s) - Notification", $g['product_name'], $hostname)
@@ -28159,11 +26611,6 @@ msgstr ""
 #msgid (sprintf("How often that an ICMP probe will be sent in seconds. Default is %d.", $apinger_default['interval']));?><br /><br />
 #msgstr ""
 
-# TODO: vars cleanup, does this even work: 
-# src/www/pkg_mgr_install.php:276
-#msgid (sprintf("Installation of %s completed.", $pkgid)); 				update_status($status_a);
-#msgstr ""
-
 # TODO: vars cleanup, does this even work: 
 # src/www/system_gateways_edit.php:778
 #msgid (sprintf("Low and high thresholds for latency in milliseconds. Default is %d/%d.", $apinger_default['latencylow'], $apinger_default['latencyhigh']));?></span>
@@ -28225,14 +26672,6 @@ msgid ""
 "end of the returned results are removed before comparison.");?>
 msgstr ""
 
-#: src/www/system_firmware_auto.php:202
-msgid "is now upgrading."
-msgstr ""
-
-#: src/www/system_firmware_auto.php:202
-msgid "The firewall will reboot once the operation is completed."
-msgstr ""
-
 # TODO: These lines need clarification in the source:
 # src/www/interfaces.php:1931
 # src/www/interfaces.php:2092
@@ -28250,3 +26689,16 @@ msgstr ""
 # src/www/interfaces.php:2288
 # src/www/interfaces.php:2317
 # src/www/interfaces.php:2288
+
+#: src/etc/inc/config.lib.inc:157
+msgid "WARNING: User"
+msgstr ""
+
+#: src/etc/inc/config.lib.inc:157
+msgid "may not write config (user-config-readonly set)"
+msgstr ""
+
+#: src/etc/inc/config.lib.inc:169
+msgid "WARNING: Corrupt config!"
+msgstr ""
+
diff --git a/src/www/diag_backup.php b/src/www/diag_backup.php
index 50d3ad19f..9d50a814e 100644
--- a/src/www/diag_backup.php
+++ b/src/www/diag_backup.php
@@ -75,7 +75,7 @@ function restore_rrddata() {
 	global $config, $g, $rrdtool, $input_errors;
 	foreach($config['rrddata']['rrddatafile'] as $rrd) {
 		if ($rrd['xmldata']) {
-			$rrd_file = "{$g['vardb_path']}/rrd/{$rrd['filename']}";
+			$rrd_file = "/var/db/rrd/{$rrd['filename']}";
 			$xml_file = preg_replace('/\.rrd$/', ".xml", $rrd_file);
 			if (file_put_contents($xml_file, gzinflate(base64_decode($rrd['xmldata']))) === false) {
 				log_error("Cannot write $xml_file");
@@ -91,7 +91,7 @@ function restore_rrddata() {
 			unlink($xml_file);
 		}
 		else if ($rrd['data']) {
-			$rrd_file = "{$g['vardb_path']}/rrd/{$rrd['filename']}";
+			$rrd_file = "/var/db/rrd/{$rrd['filename']}";
 			$rrd_fd = fopen($rrd_file, "w");
 			if (!$rrd_fd) {
 				log_error("Cannot write $rrd_file");
diff --git a/src/www/diag_confbak.php b/src/www/diag_confbak.php
index fdc7cf79f..5455adb1e 100644
--- a/src/www/diag_confbak.php
+++ b/src/www/diag_confbak.php
@@ -55,7 +55,7 @@ if (isset($_POST['backupcount'])) {
 			$savemsg = gettext("Unable to revert to the selected configuration.");
 	}
 	if($_POST['rmver'] != "") {
-		unlink_if_exists('/conf/backup/config-' . $_POST['rmver'] . '.xml');
+		@unlink('/conf/backup/config-' . $_POST['rmver'] . '.xml');
 		$savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['rmver']),$confvers[$_POST['rmver']]['description']);
 	}
 }
diff --git a/src/www/diag_logs_settings.php b/src/www/diag_logs_settings.php
index 6bde2cd89..4d68200bf 100644
--- a/src/www/diag_logs_settings.php
+++ b/src/www/diag_logs_settings.php
@@ -164,7 +164,7 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) {
 			$savemsg .= "<br />" . gettext("WebGUI process is restarting.");
 		}
 
-		filter_pflog_start(true);
+		filter_pflog_start();
 	}
 }
 
diff --git a/src/www/fbegin.inc b/src/www/fbegin.inc
index 955c42cd7..2f18fa1e4 100755
--- a/src/www/fbegin.inc
+++ b/src/www/fbegin.inc
@@ -215,8 +215,9 @@ if(count($config['interfaces']) > 1)
 $ifentries = get_configured_interface_with_descr();
 foreach ($ifentries as $ent => $entdesc) {
 	if (is_array($config['interfaces'][$ent]['wireless']) &&
-		preg_match($g['wireless_regex'], $config['interfaces'][$ent]['if']))
+		match_wireless_interface($config['interfaces'][$ent]['if'])) {
 		$wifdescrs[$ent] = $entdesc;
+	}
 }
 if (count($wifdescrs) > 0)
 	$status_menu[] = array(gettext("Wireless"), "/status_wireless.php");
@@ -295,7 +296,7 @@ $pgtitle_output = true;
 
 		<div class="container-fluid">
 			<div class="navbar-header">
-				<a class="navbar-brand" href="/">
+				<a class="navbar-brand" href="/index.php">
 				<img class="brand-logo" src="/themes/<?=$g['theme'];?>/assets/images/default-logo.png" height="30" width="150"/>
 				<img class="brand-icon" src="/themes/<?=$g['theme'];?>/assets/images/icon-logo.png" height="30" width="29"/>
 				</a>
diff --git a/src/www/firewall_aliases_edit.php b/src/www/firewall_aliases_edit.php
index adb04fe80..47a337180 100755
--- a/src/www/firewall_aliases_edit.php
+++ b/src/www/firewall_aliases_edit.php
@@ -194,7 +194,7 @@ if ($_POST) {
 				/* fetch down and add in */
 				$isfirst = 0;
 				$temp_filename = tempnam('/tmp/', 'alias_import');
-				unlink_if_exists($temp_filename);
+				@unlink($temp_filename);
 				$verify_ssl = isset($config['system']['checkaliasesurlcert']);
 				mkdir($temp_filename);
 				download_file($_POST['address' . $x], $temp_filename . "/aliases", $verify_ssl);
diff --git a/src/www/firewall_shaper.php b/src/www/firewall_shaper.php
index 74c07d68c..bca3459b8 100644
--- a/src/www/firewall_shaper.php
+++ b/src/www/firewall_shaper.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2004, 2005 Scott Ullrich
@@ -303,7 +304,6 @@ if ($_GET) {
 		$output_form .= $default_shaper_msg;
 		$dontshow = true;
 	}
-	mwexec("killall qstats");
 } else {
 	$output_form .= $default_shaper_msg;
 	$dontshow = true;
diff --git a/src/www/firewall_shaper_wizards.php b/src/www/firewall_shaper_wizards.php
index 9ec6bab01..8057e076f 100644
--- a/src/www/firewall_shaper_wizards.php
+++ b/src/www/firewall_shaper_wizards.php
@@ -52,8 +52,8 @@ if ($_POST['apply']) {
 		$savemsg = $retval;
 
 	/* reset rrd queues */
-	unlink_if_exists("/var/db/rrd/*queuedrops.rrd");
-	unlink_if_exists("/var/db/rrd/*queues.rrd");
+	mwexec('/bin/rm /var/db/rrd/*queuedrops.rrd');
+	mwexec('/bin/rm /var/db/rrd/*queues.rrd');
 	enable_rrd_graphing();
 
 	clear_subsystem_dirty('shaper');
diff --git a/src/www/interfaces_assign.php b/src/www/interfaces_assign.php
index a10f24f52..22abf0e76 100644
--- a/src/www/interfaces_assign.php
+++ b/src/www/interfaces_assign.php
@@ -209,7 +209,7 @@ if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
 		$config['interfaces'][$newifname] = array();
 		$config['interfaces'][$newifname]['descr'] = $descr;
 		$config['interfaces'][$newifname]['if'] = $_POST['if_add'];
-		if (preg_match($g['wireless_regex'], $_POST['if_add'])) {
+		if (match_wireless_interface($_POST['if_add'])) {
 			$config['interfaces'][$newifname]['wireless'] = array();
 			interface_sync_wireless_clones($config['interfaces'][$newifname], false);
 		}
@@ -315,7 +315,7 @@ if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
 					}
 
 					/* check for wireless interfaces, set or clear ['wireless'] */
-					if (preg_match($g['wireless_regex'], $ifport)) {
+					if (match_wireless_interface($ifport)) {
 						if (!is_array($config['interfaces'][$ifname]['wireless']))
 							$config['interfaces'][$ifname]['wireless'] = array();
 					} else {
@@ -327,8 +327,9 @@ if (isset($_POST['add_x']) && isset($_POST['if_add'])) {
 						$config['interfaces'][$ifname]['descr'] = strtoupper($ifname);
 
 					if ($reloadif == true) {
-						if (preg_match($g['wireless_regex'], $ifport))
+						if (match_wireless_interface($ifport)) {
 							interface_sync_wireless_clones($config['interfaces'][$ifname], false);
+						}
 						/* Reload all for the interface. */
 						interface_configure($ifname, true);
 					}
diff --git a/src/www/interfaces_wireless_edit.php b/src/www/interfaces_wireless_edit.php
index 7235ab8f7..ae9b847be 100644
--- a/src/www/interfaces_wireless_edit.php
+++ b/src/www/interfaces_wireless_edit.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014-2015 Deciso B.V.
 	Copyright (C) 2010 Erik Fonnesbeck
@@ -163,7 +164,7 @@ include("head.inc");
 					                    <select name="if" class="selectpicker">
 					                      <?php
 					                      foreach ($portlist as $ifn => $ifinfo)
-					                        if (preg_match($g['wireless_regex'], $ifn)) {
+					                        if (match_wireless_interface($ifn)) {
 					                            echo "<option value=\"{$ifn}\"";
 					                            if ($ifn == $pconfig['if'])
 					                                echo " selected=\"selected\"";
diff --git a/src/www/services_captiveportal_vouchers.php b/src/www/services_captiveportal_vouchers.php
index 6020f0926..1805850d5 100644
--- a/src/www/services_captiveportal_vouchers.php
+++ b/src/www/services_captiveportal_vouchers.php
@@ -156,11 +156,11 @@ if ($_GET['act'] == "del") {
 else if ($_GET['act'] == "csv") {
 	$privkey = base64_decode($config['voucher'][$cpzone]['privatekey']);
 	if (strstr($privkey,"BEGIN RSA PRIVATE KEY")) {
-		$fd = fopen("{$g['varetc_path']}/voucher_{$cpzone}.private","w");
+		$fd = fopen("/var/etc/voucher_{$cpzone}.private","w");
 		if (!$fd) {
 			$input_errors[] = gettext("Cannot write private key file") . ".\n";
 		} else {
-			chmod("{$g['varetc_path']}/voucher_{$cpzone}.private", 0600);
+			chmod("/var/etc/voucher_{$cpzone}.private", 0600);
 			fwrite($fd, $privkey);
 			fclose($fd);
 			$a_voucher = &$config['voucher'][$cpzone]['roll'];
@@ -170,11 +170,13 @@ else if ($_GET['act'] == "csv") {
 				$count = $a_voucher[$id]['count'];
 				header("Content-Type: application/octet-stream");
 				header("Content-Disposition: attachment; filename=vouchers_{$cpzone}_roll{$number}.csv");
-				if (file_exists("{$g['varetc_path']}/voucher_{$cpzone}.cfg"))
-					system("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -p {$g['varetc_path']}/voucher_{$cpzone}.private $number $count");
-				@unlink("{$g['varetc_path']}/voucher_{$cpzone}.private");
-			} else
+				if (file_exists("/var/etc/voucher_{$cpzone}.cfg")) {
+					system("/usr/local/bin/voucher -c /var/etc/voucher_{$cpzone}.cfg -p /var/etc/voucher_{$cpzone}.private $number $count");
+				}
+				@unlink("/var/etc/voucher_{$cpzone}.private");
+			} else {
 				header("Location: services_captiveportal_vouchers.php?zone={$cpzone}");
+			}
 			exit;
 		}
 	} else {
diff --git a/src/www/services_dhcpv6.php b/src/www/services_dhcpv6.php
index dcfc0f97e..c3608952f 100644
--- a/src/www/services_dhcpv6.php
+++ b/src/www/services_dhcpv6.php
@@ -301,7 +301,7 @@ if ($_POST) {
 
 	if (!$input_errors || $_POST['apply'] == 'Apply changes') {
 		/* Stop DHCPv6 so we can cleanup leases */
-		killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid");
+		killbypid("{$g['dhcpd_chroot_path']}/var/run/dhcpdv6.pid");
 		// dhcp_clean_leases();
 		/* dnsmasq_configure calls dhcpd_configure */
 		/* no need to restart dhcpd twice */
diff --git a/src/www/status_captiveportal_vouchers.php b/src/www/status_captiveportal_vouchers.php
index 635b82800..93bfe1a64 100644
--- a/src/www/status_captiveportal_vouchers.php
+++ b/src/www/status_captiveportal_vouchers.php
@@ -65,10 +65,11 @@ foreach($a_roll as $rollent) {
 	$roll = $rollent['number'];
 	$minutes = $rollent['minutes'];
 
-	if (!file_exists("{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db"))
+	if (!file_exists("/var/db/voucher_{$cpzone}_active_{$roll}.db")) {
 		continue;
+	}
 
-	$active_vouchers = file("{$g['vardb_path']}/voucher_{$cpzone}_active_$roll.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+	$active_vouchers = file("/var/db/voucher_{$cpzone}_active_{$roll}.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
 	foreach($active_vouchers as $voucher => $line) {
 		list($voucher,$timestamp, $minutes) = explode(",", $line);
 		$remaining = (($timestamp + 60*$minutes) - time());
diff --git a/src/www/status_filter_reload.php b/src/www/status_filter_reload.php
index 8e50abe1b..5f4a69059 100644
--- a/src/www/status_filter_reload.php
+++ b/src/www/status_filter_reload.php
@@ -1,6 +1,6 @@
 <?php
+
 /*
-	status_filter_reload.php
 	Copyright (C) 2006 Scott Ullrich
 	All rights reserved.
 
@@ -33,8 +33,9 @@ require_once("functions.inc");
 $pgtitle = array(gettext("Status"),gettext("Filter Reload Status"));
 $shortcut_section = "firewall";
 
-if(file_exists("{$g['varrun_path']}/filter_reload_status"))
-	$status = file_get_contents("{$g['varrun_path']}/filter_reload_status");
+if (file_exists('/var/run/filter_reload_status')) {
+	$status = file_get_contents('/var/run/filter_reload_status');
+}
 
 if($_GET['getstatus']) {
 	echo "|{$status}|";
diff --git a/src/www/status_openvpn.php b/src/www/status_openvpn.php
index fc47c8d73..52b67e62d 100644
--- a/src/www/status_openvpn.php
+++ b/src/www/status_openvpn.php
@@ -57,7 +57,7 @@ function kill_client($port, $remipp) {
 	global $g;
 
 	//$tcpsrv = "tcp://127.0.0.1:{$port}";
-	$tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$port}.sock";
+	$tcpsrv = "unix:///var/etc/openvpn/{$port}.sock";
 	$errval;
 	$errstr;
 
diff --git a/src/www/status_queues.php b/src/www/status_queues.php
index 20aa3e8cb..5eb775a1f 100644
--- a/src/www/status_queues.php
+++ b/src/www/status_queues.php
@@ -45,13 +45,15 @@ class QueueStats {
 	public $suspends;
 	public $drops;
 }
-if (!file_exists("{$g['varrun_path']}/qstats.pid") || !isvalidpid("{$g['varrun_path']}/qstats.pid")) {
+
+if (!isvalidpid('/var/run/qstats.pid')) {
 	/* Start in the background so we don't hang up the GUI */
-	mwexec_bg("/usr/local/sbin/qstats -p {$g['varrun_path']}/qstats.pid");
+	mwexec_bg('/usr/local/sbin/qstats -p /var/run/qstats.pid');
 	/* Give it a moment to start up */
 	sleep(1);
 }
-$fd = @fsockopen("unix://{$g['varrun_path']}/qstats");
+
+$fd = @fsockopen('unix:///var/run/qstats');
  if (!$fd) {
 	$error = "Something wrong happened during comunication with stat gathering";
 } else {
diff --git a/src/www/status_rrd_graph_img.php b/src/www/status_rrd_graph_img.php
index 1fef5476f..bbe3803a9 100644
--- a/src/www/status_rrd_graph_img.php
+++ b/src/www/status_rrd_graph_img.php
@@ -1236,14 +1236,14 @@ if(($graphcmdreturn <> 0) || (! $data)) {
 	log_error(sprintf(gettext('Failed to create graph with error code %1$s, the error is: %2$s'),$graphcmdreturn,$graphcmdoutput));
 	if(strstr($curdatabase, "queues")) {
 		log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase));
-		unlink_if_exists($rrddbpath . $curif . $queues);
+		@unlink($rrddbpath . $curif . $queues);
 		flush();
 		usleep(500);
 		enable_rrd_graphing();
 	}
 	if(strstr($curdatabase, "queuesdrop")) {
 		log_error(sprintf(gettext("failed to create graph from %s%s, removing database"),$rrddbpath,$curdatabase));
-		unlink_if_exists($rrddbpath . $curdatabase);
+		@unlink($rrddbpath . $curdatabase);
 		flush();
 		usleep(500);
 		enable_rrd_graphing();
diff --git a/src/www/system_advanced_firewall.php b/src/www/system_advanced_firewall.php
index fd3e04ce1..9656c3763 100644
--- a/src/www/system_advanced_firewall.php
+++ b/src/www/system_advanced_firewall.php
@@ -203,9 +203,9 @@ if ($_POST) {
 		write_config();
 
 		// Kill filterdns when value changes, filter_configure() will restart it
-		if (($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval']) &&
-		    isvalidpid("{$g['varrun_path']}/filterdns.pid"))
-			killbypid("{$g['varrun_path']}/filterdns.pid");
+		if ($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval']) {
+			killbypid('/var/run/filterdns.pid');
+		}
 
 		$retval = 0;
 		$retval = filter_configure();
diff --git a/src/www/system_advanced_notifications.php b/src/www/system_advanced_notifications.php
index f476d5e54..074653bf9 100644
--- a/src/www/system_advanced_notifications.php
+++ b/src/www/system_advanced_notifications.php
@@ -136,15 +136,14 @@ if ($_POST) {
 		// Send test message via growl
 		if($config['notifications']['growl']['ipaddress'] &&
 			$config['notifications']['growl']['password'] = $_POST['password']) {
-			unlink_if_exists($g['vardb_path'] . "/growlnotices_lastmsg.txt");
+			@unlink('/var/db/growlnotices_lastmsg.txt');
 			register_via_growl();
 			notify_via_growl(sprintf(gettext("This is a test message from %s.  It is safe to ignore this message."), $g['product_name']), true);
 		}
 	}
 	if ($_POST['test_smtp'] == gettext("Test SMTP")) {
 		// Send test message via smtp
-		if(file_exists("/var/db/notices_lastmsg.txt"))
-			unlink("/var/db/notices_lastmsg.txt");
+		@unlink('/var/db/notices_lastmsg.txt');
 		$savemsg = notify_via_smtp(sprintf(gettext("This is a test message from %s.  It is safe to ignore this message."), $g['product_name']), true);
 	}
 }
diff --git a/src/www/system_general.php b/src/www/system_general.php
index af036e732..c3e39af63 100644
--- a/src/www/system_general.php
+++ b/src/www/system_general.php
@@ -70,8 +70,8 @@ if (!$pconfig['timeservers'])
 $changedesc = gettext("System") . ": ";
 $changecount = 0;
 
-if($pconfig['timezone'] <> $_POST['timezone']) {
-	filter_pflog_start(true);
+if ($pconfig['timezone'] <> $_POST['timezone']) {
+	filter_pflog_start();
 }
 
 $timezonelist = array_map(
diff --git a/src/www/vpn_openvpn_export_shared.php b/src/www/vpn_openvpn_export_shared.php
index be0d05279..732b8d60a 100644
--- a/src/www/vpn_openvpn_export_shared.php
+++ b/src/www/vpn_openvpn_export_shared.php
@@ -1,7 +1,6 @@
 <?php
-/*
-	vpn_openvpn_export_shared.php
 
+/*
 	Copyright (C) 2008 Shrew Soft Inc.
 	Copyright (C) 2010 Ermal Luçi
 	All rights reserved.
@@ -26,13 +25,11 @@
 	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
-
-	DISABLE_PHP_LINT_CHECKING
 */
 
 require_once("globals.inc");
 require_once("guiconfig.inc");
-require("openvpn-client-export.inc");
+require_once("openvpn-client-export.inc");
 
 $pgtitle = array("OpenVPN", "Client Export Utility");
 
@@ -125,7 +122,7 @@ if(($act == "skconf") || ($act == "skzipconf")) {
 	if (!$error) {
 		if ($zipconf) {
 			$exp_name = urlencode($exp_data);
-			$exp_size = filesize("{$g['tmp_path']}/{$exp_data}");
+			$exp_size = filesize("/tmp/{$exp_data}");
 		} else {
 			$exp_name = urlencode($exp_name."-config.ovpn");
 			$exp_size = strlen($exp_data);
@@ -137,11 +134,11 @@ if(($act == "skconf") || ($act == "skzipconf")) {
 		header("Content-Disposition: attachment; filename={$exp_name}");
 		header("Content-Length: $exp_size");
 		if ($zipconf)
-			readfile("{$g['tmp_path']}/{$exp_data}");
+			readfile("/tmp/{$exp_data}");
 		else
 			echo $exp_data;
 
-		@unlink("{$g['tmp_path']}/{$exp_data}");
+		@unlink("/tmp/{$exp_data}");
 		exit;
 	}
 }
diff --git a/src/www/vpn_pppoe.php b/src/www/vpn_pppoe.php
index 2c7f83fc7..13ebf39fc 100644
--- a/src/www/vpn_pppoe.php
+++ b/src/www/vpn_pppoe.php
@@ -31,8 +31,13 @@ require_once("guiconfig.inc");
 require_once("filter.inc");
 require_once("vpn.inc");
 
-if (!is_array($config['pppoes']['pppoe']))
+if (!is_array($config['pppoes'])) {
+	$config['pppoes'] = array();
+}
+
+if (!is_array($config['pppoes']['pppoe'])) {
 	$config['pppoes']['pppoe'] = array();
+}
 
 $a_pppoes = &$config['pppoes']['pppoe'];
 
@@ -65,10 +70,8 @@ if ($_POST) {
 
 if ($_GET['act'] == "del") {
 	if ($a_pppoes[$_GET['id']]) {
-		if ("{$g['varrun_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'] . "-vpn.pid")
-			killbypid("{$g['varrun_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid'] . "-vpn.pid");
-		if (is_dir("{$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid']))
-			mwexec("/bin/rm -r {$g['varetc_path']}/pppoe" . $a_pppoes[$_GET['id']]['pppoeid']);
+		killbypid("/var/run/pppoe{$a_pppoes[$_GET['id']]['pppoeid']}-vpn.pid");
+		mwexecf('/bin/rm -r %s', "/var/etc/pppoe{$a_pppoes[$_GET['id']]['pppoeid']}");
 		unset($a_pppoes[$_GET['id']]);
 		write_config();
 		header("Location: vpn_pppoe.php");
diff --git a/src/www/widgets/widgets/openvpn.widget.php b/src/www/widgets/widgets/openvpn.widget.php
index 4eba75bab..feb836a51 100644
--- a/src/www/widgets/widgets/openvpn.widget.php
+++ b/src/www/widgets/widgets/openvpn.widget.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
 	Copyright (C) 2014 Deciso B.V.
 	All rights reserved.
@@ -50,7 +51,7 @@ function kill_client($port, $remipp) {
 	global $g;
 
 	//$tcpsrv = "tcp://127.0.0.1:{$port}";
-	$tcpsrv = "unix://{$g['varetc_path']}/openvpn/{$port}.sock";
+	$tcpsrv = "unix:///var/etc/openvpn/{$port}.sock";
 	$errval;
 	$errstr;