cron: migrate the time-based rules cron job to autocron

o Gets rid of cron save/flush in the filter reload path.
o Gets rid of cron job injection into config.
o Move configure_cron() to the rules edit where it can be
  flipped in case of schedule changes.

To be totally frank, a 15 minute hook to deploy a time
based system is hardly accurate.  But what worries me more
is that we still have this patch in the kernel, totally
unsure of what it actually does when we have a schedule-based
reload on top anyway:

0a19f81317

src/etc/inc/filter.inc

@@ -164,9 +164,6 @@ function filter_configure_sync()
     /* holds the tables to be flushed *AFTER* the filter is fully loaded */
     $after_filter_configure_run = array();
 
-    /* For installing cron job of schedules */
-    $time_based_rules = false;
-
     $FilterIflist = filter_generate_optcfg_array();
 
     /* Use filter lock to not allow concurrent filter reloads during this run. */
@@ -363,17 +360,6 @@ function filter_configure_sync()
         mwexecf('/sbin/pfctl -T flush -t %s', $afcr);
     }
 
-    /* if time based rules are enabled then swap in the set */
-    if (isset($config['filter']['rule'])) {
-        foreach ($config['filter']['rule'] as $rule) {
-            if (isset($rule['sched']) && !empty($rule['sched'])) {
-                $time_based_rules = true;
-                break;
-            }
-        }
-        filter_tdr_install_cron($time_based_rules);
-    }
-
     if (file_exists("/var/run/booting")) {
         echo ".";
     }
@@ -3371,66 +3357,6 @@ function filter_rules_spoofcheck_generate($ifname, $ifcfg, $log)
     return $ipfrules;
 }
 
-/****f* filter/filter_tdr_install_cron
- * NAME
- *   filter_tdr_install_cron
- * INPUTS
- *   $should_install true if the cron entry should be installed, false
- *   if the entry should be removed if it is present
- * RESULT
- *   none
- ******/
-function filter_tdr_install_cron($should_install)
-{
-    global $config;
-
-    if (file_exists("/var/run/booting")) {
-        return;
-    }
-
-    if (!is_array($config['cron'])) {
-        $config['cron'] = array();
-    }
-    if (!is_array($config['cron']['item'])) {
-        $config['cron']['item'] = array();
-    }
-
-    $x=0;
-    $is_installed = false;
-    foreach($config['cron']['item'] as $item) {
-        if (strstr($item['command'], "filter_configure_sync")) {
-            $is_installed = true;
-            break;
-        }
-        $x++;
-    }
-
-    switch($should_install) {
-        case true:
-            if (!$is_installed) {
-                $cron_item = array();
-                $cron_item['minute'] = "0,15,30,45";
-                $cron_item['hour'] = "*";
-                $cron_item['mday'] = "*";
-                $cron_item['month'] = "*";
-                $cron_item['wday'] = "*";
-                $cron_item['who'] = "root";
-                $cron_item['command'] = "/usr/local/etc/rc.filter_configure_sync";
-                $config['cron']['item'][] = $cron_item;
-                write_config(gettext("Installed 15 minute filter reload for Time Based Rules"));
-                configure_cron();
-            }
-            break;
-        case false:
-            if ($is_installed == true) {
-                unset($config['cron']['item'][$x]);
-                write_config(gettext("Removed 15 minute filter reload for Time Based Rules"));
-                configure_cron();
-            }
-            break;
-    }
-}
-
 /****f* filter/filter_get_time_based_rule_status
  * NAME
  *   filter_get_time_based_rule_status

src/etc/inc/services.inc

@@ -2349,6 +2349,7 @@ function configure_cron()
         '/usr/local/etc/rc.backup_dhcpleases',
         '/usr/local/etc/rc.backup_netflow',
         '/usr/local/etc/rc.backup_rrd',
+        '/usr/local/etc/rc.filter_configure_sync',
         '/usr/local/etc/rc.dyndns.update',
         '/usr/local/etc/rc.update_bogons',
         '/usr/local/etc/rc.update_urltables',
@@ -2398,21 +2399,30 @@ function configure_cron()
     $autocron[] = generate_cron_job('/usr/local/etc/rc.update_urltables', '30', '12');
 
     if (!empty($config['system']['rrdbackup'])) {
-       $autocron[] = generate_cron_job('/usr/local/etc/rc.backup_rrd', $minute = '0', '*/' . $config['system']['rrdbackup']);
+       $autocron[] = generate_cron_job('/usr/local/etc/rc.backup_rrd', '0', '*/' . $config['system']['rrdbackup']);
     }
 
     if (!empty($config['system']['dhcpbackup'])) {
-        $autocron[] = generate_cron_job('/usr/local/etc/rc.backup_dhcpleases', $minute = '0', '*/' . $config['system']['dhcpbackup']);
+        $autocron[] = generate_cron_job('/usr/local/etc/rc.backup_dhcpleases', '0', '*/' . $config['system']['dhcpbackup']);
     }
 
     if (!empty($config['system']['netflowbackup'])) {
-        $autocron[] = generate_cron_job('/usr/local/etc/rc.backup_netflow', $minute = '0', '*/' . $config['system']['netflowbackup']);
+        $autocron[] = generate_cron_job('/usr/local/etc/rc.backup_netflow', '0', '*/' . $config['system']['netflowbackup']);
     }
 
     if (!empty($config['system']['remotebackup']['GDriveEnabled'])) {
         $autocron[] = generate_cron_job('/usr/local/opnsense/scripts/remote_backup.php', 0, 1);
     }
 
+    if (isset($config['filter']['rule'])) {
+        foreach ($config['filter']['rule'] as $rule) {
+            if (!empty($rule['sched'])) {
+                $autocron[] = generate_cron_job('/usr/local/etc/rc.filter_configure_sync', '0,15,30,45');
+                break;
+            }
+        }
+    }
+
     /* bogons fetch always set in default config.xml */
     switch ($config['system']['bogons']['interval']) {
         case 'daily':

src/www/firewall_rules_edit.php

@@ -517,6 +517,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         }
         // sort filter items per interface, not really necessary but leaves a bit nicer sorted config.xml behind.
         filter_rules_sort();
+        configure_cron();
         // write to config
         if (write_config()) {
             mark_subsystem_dirty('filter');