```
$fw = filter_core_get_initialized_plugin_system();
filter_core_bootstrap($fw);
plugins_firewall($fw);
filter_core_rules_user($fw);
```
Above block should offer a complete view on the firewall rules now, which we may use in the gui as well. There's still an idea to offer a full view on all firewall rules that apply to an interface (including floating and groups), a bit inspired by this request https://github.com/opnsense/core/issues/6024. In order to do this, we should likely be able to offer a single rule provider first so we can just query the object.
Since filter_rules_sort() is only called via front end pages, it should be safe to check if rules already have a uuid assigned and assign them if they don't. This prevents a migration and increases the change of fast adoption of the rule uuid's.
This commit adds generate_uuid() to config.inc and mimics the same behaviour as mvc models will do, if at a later point in time we would like to hook uuid's to xml attributes in other areas as well, we can simply reuse this.
It is likely a good idea to start using the uuid's in filter_core_rules_user() as labels too as this would prevent the use of the rule hash calculation (saves time and is a more stable id in most cases).
Impact of this change should be rather low as nothing depends on the uuids yet.
According to the notes in https://phpseclib.com/docs/x509 the signCRL() method previously set the signatureAlgorithm by default (sha1WithRSAEncryption), without specific request we now seem to be using SIGNATURE_PSS by default.
```
Note that whereas in the 1.0 and 2.0 branches, the signature algorithm was set by using an additional parameter in the sign method (or signCSR, signCRL, etc) in this case it's set based on the key. So if you want to create an rsaEncryption X509 cert you'd need to do $publicKey = $publicKey->withHashing(RSA::SIGNATURE_PKCS1) since, by default, RSA keys use RSA::SIGNATURE_PSS.
```
This commit implements the suggested approach to revert the default hashing back to what it was, which at least generates CRL's and is properly handled in validateSignature().
Most likely this fixes https://forum.opnsense.org/index.php?topic=30164.msg145633#msg145633
cc @swhite2
Our current default of 9999 days will calculate to a date in 2050, we could either choose to cap on 20491231 here or set to lifetime, the latter seems to be more logical when the number of days is higher than a couple of years.
fix a small php 8 notice as well in the same scope.
noted here https://forum.opnsense.org/index.php?topic=30164.msg145665#msg145665
Currently this doesn't work (yet), likely needs https://reviews.freebsd.org/D35848 so vlanproto can be set after the interface creation phase (now it's only possible to set proto there).
If `ifconfig XXXX vlanproto 802.1ad` sets the property, we do need this code to make sure we set these on QinQ parent vlan tags. As a workaround we could pass proto in legacy_interface_create() as well to make this (only) work on boot, but looking at the upstream fix, this might be something easy to pull in the near future.
for https://github.com/opnsense/core/issues/5893
