This sort of completes the previous effort to improve the
sysctl handling. The idea to embed sysctls into the config.xml
is certainly valid, but for some values we needed more leeway
for system defaults and changing them over time, which lead
to this state where we can drop config.xml default tunables
since the system will now apply and display then for the same
visibility but offer less incentive to change these values.
One thing missing here is adding a system tunable override
(plus sign) for system values, but we shall deal with this later
because for now they can always be added manually by copy+paste.
remove all remnants from syslogd and circular log support excluding support from the log readers. When a user upgrades and was using clog, the old files remain and are still readable from the ui, new entries are generated into our syslog-ng directory structure.
for https://github.com/opnsense/core/issues/5337
This should be replaced with something more clever so for now
use this to keep an eye on the change until a strategy is clear.
We could remove the default and store unlimited backups although
that might hit a directory file limit sooner or later.
o remove <kill_states/> from our default config, since it was evaluated as empty (feature enabled), we might as well remove the option to reach the same effect.
o system_advanced_firewall.php isset() vs !empty(), we use !empty() in our support code, make sure the ui page does the same
o remove hook from filter_configure_sync(), so state resets only happen on request.
o monitor/10-dpinger request conditional state reset
ref https://forum.opnsense.org/index.php?topic=18068.msg82231#msg82231
o config: set disablevlanhwfilter by default, previous versions had issues with this, with FreeBSD 12.x it looks stable and is required for proper operation
o interface: move disablevlanhwfilter support to configure_interface_hardware(), in order for netmap to function properly all hardware support should be disabled (previous code location wasn't the right one)
o interface: exit configure_interface_hardware() when the caller is a vlan, there's no need to call legacy_interface_details() in that case (performance fix)
o tunables: set our default for hw.ixl.enable_head_writeback to 0, also hardware support and thus not compatible with netmap.
Eventually, the two remaining user privileges should be killed
as well in favour of similar approaches. The ACL should be for
page access, not more, not less.
unless explicity configured. We set "admins" in the default
config with also adds "wheel" underneath, but some systems may
not use "admins" so that doesn't work then.
PR: https://forum.opnsense.org/index.php?topic=6994.15
The installer user is injected for install media login, but
we authenticate against our database now instead. This has
larger consequences that require a persistent installer user,
which is not so easy to disable/defang after installation.
Hopefully this is temporary.
