Correct static route checks when saving. Fix #16625
Fix input validation checks for route overlaps when re-saving routes.
Also add missing checks for pending system route changes when clearing
the staticroutes subsystem. While there also avoid clobbering $route.
Don't send duplicate logs to remote syslog servers. Fix #16376
Move the remote server config lines to their appropriate sections with
the appropriate program/message specifications. This avoids the need to
re-declare the specifications for the remote server config lines. Also
add validation checks to prevent enabling specific remote logging
categories when "Everything" is already selected.
Mitigate config access races during post-upgrade package reinstall
This change avoids false-positive config cache hits while the config is
being written. Additionally the config modification during package
installation is now more precise by targeting the specific package path
rather than overwriting all packages.
Introduce a way for packages to keep RAM disk data. Implement #16624
Packages that maintain their own databases need to recreate the db after
each boot when the RAM Disk feature is enabled. With this change packages
can specify a directory at /var/db/<name> which will be included in the
RAM disk backup and restore scripts.
Update cert expiration warnings. Implements #16605
To accommodate short-lived certificates, change the warning threshold to
be the *lesser* of 1/3 the lifetime (minus one day) or the configured
max warning days. This avoids warning too early/too often for certs with
short lifetimes.
Restore previous logging levels.
Separates levels per facilities group to allow more granular control of
the default log level used. Also add a "Default" log level preference to
keep the previous (to the commit) log levels.
Followup to 79f3776fd3f06df9aced2f94ecf78b8d4db13cb0.
Add a global log level preference. Implement #16616
Additionally:
Remove the extra "daemon.none" that was left in when config lines merged.
Add "local4.none" to the remote logging config to match local logging.
Allow using interface subnet macros which only have VIPs. Implement #16613
Remove the check for a primary address when generating a pf rule's
interface subnet macro. And allow the rule to be generated if the macro
contains any address or VIP. This behavior aligns with the table output
shown in the WebGUI when hovering over the alias used in a rule.
Upgrade: remove quick from old match rules
Filter match rules previously continued evaluation regardless of "quick"
being set. Remove "quick" from existing rules on upgrade to retain the
expected behavior of continuing evaluation for match rules.
