o Gets rid of cron save/flush in the filter reload path.
o Gets rid of cron job injection into config.
o Move configure_cron() to the rules edit where it can be
flipped in case of schedule changes.
To be totally frank, a 15 minute hook to deploy a time
based system is hardly accurate. But what worries me more
is that we still have this patch in the kernel, totally
unsure of what it actually does when we have a schedule-based
reload on top anyway:
0a19f81317
Even though we take a hit for running through the filter rules
array again, it's the first step for sidestepping the need to
use the config to inject our cron job and flush the rules in
mid-reload...
o Synchronise the calls as there should be no drawback running
in the background for a table flush.
o Locallise the after-filter hook to the two functions using it.
o Restrict the functionality to flush tables only.
o Remove some dead code along the way.
This adds the following directories to avoid problems with
smaller embedded systems that do not have enough RAM:
/var/cache/opnsense-update
/var/cache/pkg
This is particularly bad for Nano systems with enough RAM
as it may grind the flash storage, but since this is a
"luxury" problem with Nano the scope is limited to that.
It's either being able to upgrade the firmware for all or
not at all.
FWIW, firmware upgrades will have to move to persistent
storage as soon as we hit FreeBSD 11 for the simple fact
that we'll have to do partial upgrade stages for the ABI
jumps of the kernel / base system anyway and cannot expect
to fetch more packages after reboot.
Proper garbage collection exists in both tools that shall
avoid overloading the persistant storage.
o restructure session open/close for better visibility
o remove potentially insecure "try again" button
o remove override for switching csrf off (defer)
