17 files changed, 696 insertions, 286 deletions
diff --git a/config/cron/cron.inc b/config/cron/cron.inc
index 645575d9..87591e08 100644
--- a/config/cron/cron.inc
+++ b/config/cron/cron.inc
@@ -27,22 +27,30 @@
 	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 	POSSIBILITY OF SUCH DAMAGE.
 */
+require_once("pfsense-utils.inc");
 require_once("services.inc");
+require_once("util.inc");
 
 function cron_sync_package() {
 	configure_cron();
 	// Previous package versions were "helpfully" killing cron on uninstall.
 	// Also, need to make sure cron is running, otherwise the package is useless.
-	// TODO: Something like this needs to be eventually done in configure_cron() in services.inc.
-	if (!is_process_running("cron")) {
-		exec("cd /tmp && /usr/sbin/cron -s 2>/dev/null");
+	// configure_cron() function in services.inc already does this check on pfSense >=2.2.5
+	$pfs_version = str_replace(".", "", substr(trim(file_get_contents("/etc/version")), 0, 5));
+	if ($pfs_version < 225) {
+		if (!is_process_running("cron")) {
+			exec("cd /tmp && /usr/sbin/cron -s 2>/dev/null");
+		}
 	}
 }
 
 function cron_install_command() {
 	// Clean up possible lingering garbage after previous package versions
 	unlink_if_exists("/usr/local/etc/rc.d/cron.sh");
-	cron_sync_package();
+}
+
+function cron_deinstall_command() {
+	rmdir_recursive("/usr/local/www/packages/cron");
 }
 
 ?>
diff --git a/config/cron/cron.xml b/config/cron/cron.xml
index f777faff..181a4506 100644
--- a/config/cron/cron.xml
+++ b/config/cron/cron.xml
@@ -41,19 +41,16 @@
 /* ====================================================================================== */
 	]]>
 	</copyright>
-	<description>Cron</description>
-	<name>Cron Settings</name>
-	<version>0.3.1</version>
-	<title>Settings</title>
+	<name>cronsettings</name>
+	<version>0.3.3</version>
+	<title>Cron Settings</title>
 	<include_file>/usr/local/pkg/cron.inc</include_file>
 	<menu>
 		<name>Cron</name>
-		<tooltiptext>Cron settings.</tooltiptext>
 		<section>Services</section>
 		<configfile>cron.xml</configfile>
 		<url>/packages/cron/cron.php</url>
 	</menu>
-	<configpath>installedpackages->package->$packagename->configuration->cron</configpath>
 	<additional_files_needed>
 		<prefix>/usr/local/pkg/</prefix>
 		<item>https://packages.pfsense.org/packages/config/cron/cron.xml</item>
@@ -87,4 +84,7 @@
 	<custom_php_install_command>
 		cron_install_command();
 	</custom_php_install_command>
+	<custom_php_deinstall_command>
+		cron_deinstall_command();
+	</custom_php_deinstall_command>
 </packagegui>
diff --git a/config/iperf/iperf.xml b/config/iperf/iperf.xml
index b7e27871..49674a9f 100644
--- a/config/iperf/iperf.xml
+++ b/config/iperf/iperf.xml
@@ -42,7 +42,7 @@
 	]]>
 	</copyright>
 	<name>iperf</name>
-	<version>2.0.5.3</version>
+	<version>2.0.5.4</version>
 	<title>iperf: Client</title>
 	<savetext>Run iperf client</savetext>
 	<preoutput>yes</preoutput>
@@ -56,6 +56,7 @@
 		<name>iperf</name>
 		<executable>iperf</executable>
 		<description>iperf Network Performance Testing Daemon/Client</description>
+		<stopcmd>mwexec("/usr/bin/killall iperf");</stopcmd>
 	</service>
 	<tabs>
 		<tab>
diff --git a/config/olsrd/olsrd.inc b/config/olsrd/olsrd.inc
index 4e15f9cf..f65c1168 100644
--- a/config/olsrd/olsrd.inc
+++ b/config/olsrd/olsrd.inc
@@ -2,7 +2,7 @@
 /*
 	olsrd.inc
 	part of pfSense (https://www.pfSense.org/)
-	Copyright (C) 2012 Ermal Luçi
+	Copyright (C) 2006 Scott Ullrich
 	Copyright (C) 2015 ESF, LLC
 	All rights reserved.
 
@@ -28,27 +28,36 @@
 	POSSIBILITY OF SUCH DAMAGE.
 */
 require_once("config.inc");
+require_once("service-utils.inc");
+require_once("util.inc");
+
+$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+	define('OLSRD_LOCALBASE', '/usr/pbi/olsrd-' . php_uname("m") . '/local');
+} else {
+	define('OLSRD_LOCALBASE', '/usr/local');
+}
 
 function setup_wireless_olsr() {
 	global $config, $g;
 
-	if ($g['platform'] == 'jail' || !$config['installedpackages']['olsrd'] || !$config['installedpackages']) {
-		return;
-	}
-	if (isset($config['system']['developerspew'])) {
-		$mt = microtime();
-		echo "setup_wireless_olsr($interface) being called $mt\n";
-	}
 	conf_mount_rw();
 
-	foreach ($config['installedpackages']['olsrd']['config'] as $olsrd) {
-		$olsr_enable = $olsrd['enable'];
-		if ($olsr_enable <> "on") {
-			if (is_process_running("olsrd")) {
-				mwexec("/usr/bin/killall olsrd", true);
-			}
-			return;
+	if (is_array($config['installedpackages']['olsrd'])) {
+		$olsrd_config = $config['installedpackages']['olsrd']['config'][0];
+	} else {
+		$olsrd_config = array();
+	}
+
+	/* If disabled, stop service if needed, unlink the rc script and do nothing else */
+	if ($olsrd_config['enable'] != "on") {
+		if (is_service_running("olsrd")) {
+			stop_service("olsrd");
 		}
+		unlink_if_exists("/usr/local/etc/rc.d/olsrd.sh");
+		return;
+	} else {
+		/* parse package config and create configuration file */
 		$fd = fopen("{$g['varetc_path']}/olsr.conf", "w");
 
 		if ($olsrd['announcedynamicroute'] or $olsrd['enableannounce'] == "on") {
@@ -64,7 +73,8 @@ function setup_wireless_olsr() {
 		} else {
 			$enableannounce = "";
 		}
-
+		
+		$pluginpath = OLSRD_LOCALBASE . '/lib';
 		$olsr .= <<<EODA
 #
 # olsr.org OLSR daemon config file
@@ -201,10 +211,10 @@ MprCoverage	3
 
 EODA;
 
-	if ($olsrd['enablehttpinfo'] == "on") {
-		$olsr .= <<<EODB
+		if ($olsrd['enablehttpinfo'] == "on") {
+			$olsr .= <<<EODB
 
-LoadPlugin "/usr/local/lib/olsrd_httpinfo.so.0.1"
+LoadPlugin "{$pluginpath}/olsrd_httpinfo.so.0.1"
 {
     PlParam     "port"   "{$olsrd['port']}"
     PlParam     "Net"    "{$olsrd['allowedhttpinfohost']} {$olsrd['allowedhttpinfosubnet']}"
@@ -212,29 +222,29 @@ LoadPlugin "/usr/local/lib/olsrd_httpinfo.so.0.1"
 
 EODB;
 
-	}
+		}
 
-	if ($olsrd['enabledsecure'] == "on") {
-		@file_put_contents("{$g['tmp_path']}/olsrkey.txt", $olsrd['securekey']);
-		$olsr .= <<<EODC
+		if ($olsrd['enabledsecure'] == "on") {
+			@file_put_contents("{$g['tmp_path']}/olsrkey.txt", $olsrd['securekey']);
+			$olsr .= <<<EODC
 
-LoadPlugin "/usr/local/lib/olsrd_secure.so.0.5"
+LoadPlugin "{$pluginpath}/olsrd_secure.so.0.6"
 {
     PlParam     "Keyfile"   "{$g['tmp_path']}/olsrkey.txt"
 }
 
 EODC;
 
-	}
+		}
 
-	if ($olsrd['enabledyngw'] == "on") {
+		if ($olsrd['enabledyngw'] == "on") {
 
-	/* unset default route, olsr auto negotiates */
-	mwexec("/sbin/route delete default");
+		/* unset default route, olsr auto negotiates */
+		mwexec("/sbin/route delete default");
 
-	$olsr .= <<<EODE
+		$olsr .= <<<EODE
 
-LoadPlugin "/usr/local/lib/olsrd_dyn_gw.so.0.4"
+LoadPlugin "{$pluginpath}/olsrd_dyn_gw.so.0.4"
 {
     # how often to look for a inet gw, in seconds
     # defaults to 5 secs, if commented out
@@ -252,13 +262,13 @@ LoadPlugin "/usr/local/lib/olsrd_dyn_gw.so.0.4"
 
 EODE;
 
-	}
+		}
 
-	foreach ($config['installedpackages']['olsrd']['config'] as $conf) {
-		$interfaces = explode(',', $conf['iface_array']);
-		foreach ($interfaces as $interface) {
-			$realinterface = convert_friendly_interface_to_real_interface_name($interface);
-			$olsr .= <<<EODAD
+		foreach ($config['installedpackages']['olsrd']['config'] as $conf) {
+			$interfaces = explode(',', $conf['iface_array']);
+			foreach ($interfaces as $interface) {
+				$realinterface = convert_friendly_interface_to_real_interface_name($interface);
+				$olsr .= <<<EODAD
 Interface "{$realinterface}"
 {
 
@@ -301,22 +311,78 @@ Interface "{$realinterface}"
 
 EODAD;
 
+			}
+			break;
 		}
-		break;
-	}
 
-	fwrite($fd, $olsr);
-	fclose($fd);
+		fwrite($fd, $olsr);
+		fclose($fd);
+
 
-}
 
-	if (is_process_running("olsrd")) {
-		mwexec("/usr/bin/killall olsrd", true);
+		/* create rc script and (re)start service */
+		$olsrd_start = "/usr/local/sbin/olsrd -f {$g['varetc_path']}/olsr.conf";
+		$olsrd_stop = "/usr/bin/killall olsrd; sleep 3";
+		write_rcfile(array(
+			"file" => "olsrd.sh",
+			"start" => $olsrd_start,
+			"stop" => $olsrd_stop
+			)
+		);
+		if (is_service_running("olsrd")) {
+			restart_service("olsrd");
+		} else {
+			start_service("olsrd");
+		}
 	}
 
-	sleep(2);
-	mwexec_bg("/usr/local/sbin/olsrd -f {$g['varetc_path']}/olsr.conf");
 	conf_mount_ro();
 }
 
+function validate_form_olsrd($post, &$input_errors) {
+	/*
+	if ($post['iface_array'] == "") {
+		$input_errors[] = 'You must select at least one interface for OSLRD.';
+	}
+	*/
+	if ($post['enablehttpinfo']) {
+		if (!$post['port'] || !$post['allowedhttpinfohost'] || !$post['allowedhttpinfosubnet']) {
+			$input_errors[] = "'HTTPInfo Port', 'Allowed Host(s) IP Address/Subnet' and 'Allowed Host(s) Netmask' must be filled in when HTTPInfo Plugin is enabled.";
+		}
+		if ($post['port'] && !is_port($post['port'])) {
+			$input_errors[] = "Invalid port entered for 'HTTPInfo Port'.";
+		}
+		if ($post['allowedhttpinfohost'] && !is_ipaddrv4($post['allowedhttpinfohost'])) {
+			$input_errors[] = "Invalid IPv4 address entered for 'Allowed Host(s) IP Address/Subnet'.";
+		}
+		if ($post['allowedhttpinfosubnet'] && !is_ipaddrv4($post['allowedhttpinfosubnet'])) {
+			$input_errors[] = "Invalid IPv4 address entered for 'Allowed Host(s) Netmask'.";
+		}
+		if ($post['allowedhttpinfohost'] && is_ipaddrv4($post['allowedhttpinfohost']) && $post['allowedhttpinfosubnet'] && is_ipaddrv4($post['allowedhttpinfosubnet'])) {
+			$cidr = 32 - log((ip2long($post['allowedhttpinfosubnet']) ^ ip2long('255.255.255.255')) + 1, 2);
+			$acl = "{$post['allowedhttpinfohost']}/{$cidr}";
+			if (!is_subnetv4($acl)) {
+				$input_errors[] = "'{$post['allowedhttpinfohost']}/{$post['allowedhttpinfosubnet']}' is not a valid IPv4 subnet.";
+			}
+		}
+	}
+	if ($post['enabledyngw']) {
+		if (!$post['ping'] || !$post['polling']) {
+			$input_errors[] = "'Ping IP Address' and 'Poll Interval' must be filled in when 'Enable Dynamic Gateway' is checked.";
+		}
+		if ($post['ping'] && !is_ipaddrv4($post['ping'])) {
+			$input_errors[] = "Invalid IPv4 address entered for 'Ping IP Address'.";
+		}
+		if ($post['polling'] && (!is_numericint($post['polling']) || ($post['polling'] < 1))) {
+			$input_errors[] = "'Poll Interval' must be numeric integer greater than 0.";
+		}
+	}
+}
+
+function php_deinstall_olsrd() {
+	global $g;
+	unlink_if_exists("{$g['varetc_path']}/olsr.conf");
+	unlink_if_exists("{$g['tmp_path']}/olsrkey.txt");
+}
+
 ?>
diff --git a/config/olsrd/olsrd.priv.inc b/config/olsrd/olsrd.priv.inc
new file mode 100644
index 00000000..159a2d36
--- /dev/null
+++ b/config/olsrd/olsrd.priv.inc
@@ -0,0 +1,37 @@
+<?php
+/*
+	olsrd.priv.inc
+	part of pfSense (http://www.pfSense.org/)
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-olsrd'] = array();
+$priv_list['page-services-olsrd']['name'] = "WebCfg - Services: OLSRD package";
+$priv_list['page-services-olsrd']['descr'] = "Allow access to OLSRD package GUI";
+$priv_list['page-services-olsrd']['match'] = array();
+$priv_list['page-services-olsrd']['match'][] = "pkg_edit.php?xml=olsrd.xml*";
+
+?>
diff --git a/config/olsrd/olsrd.xml b/config/olsrd/olsrd.xml
index 6623c31f..8023f818 100644
--- a/config/olsrd/olsrd.xml
+++ b/config/olsrd/olsrd.xml
@@ -9,7 +9,7 @@
 /*
 	olsrd.xml
 	part of pfSense (https://www.pfSense.org/)
-	Copyright (C) 2012 Ermal Luçi
+	Copyright (C) 2006 Scott Ullrich
 	Copyright (C) 2015 ESF, LLC
 	All rights reserved.
 */
@@ -42,38 +42,59 @@
 	]]>
 	</copyright>
 	<name>olsrd</name>
-	<version>1.0.3</version>
-	<title>OLSRD</title>
+	<version>1.0.4</version>
+	<title>Services: OLSRD Settings</title>
 	<include_file>/usr/local/pkg/olsrd.inc</include_file>
 	<menu>
 		<name>OLSRD</name>
 		<section>Services</section>
 		<configfile>olsrd.xml</configfile>
+		<url>/pkg_edit.php?xml=olsrd.xml</url>
 	</menu>
 	<service>
-		<name>OLSRD</name>
-		<rcfile>/usr/local/sbin/olsrd -f /var/etc/olsr.conf</rcfile>
+		<name>olsrd</name>
+		<rcfile>olsrd.sh</rcfile>
+		<executable>olsrd</executable>
+		<description>Optimized Link State Routing Protocol Daemon</description>
 	</service>
-	<tabs>
-		<tab>
-			<text>OLSRD Settings</text>
-			<url>/pkg_edit.php?xml=olsrd.xml&amp;id=0</url>
-			<active/>
-		</tab>
-	</tabs>
 	<additional_files_needed>
 		<prefix>/usr/local/pkg/</prefix>
 		<item>https://packages.pfsense.org/packages/config/olsrd/olsrd.inc</item>
 	</additional_files_needed>
-	<configpath>['installedpackages']['OLSRD']['config']</configpath>
+	<additional_files_needed>
+		<prefix>/etc/inc/priv/</prefix>
+		<item>https://packages.pfsense.org/packages/config/olsrd/olsrd.priv.inc</item>
+	</additional_files_needed>
 	<fields>
 		<field>
+			<name>Service Settings</name>
+			<type>listtopic</type>
+		</field>
+		<field>
 			<fielddescr>Enable OLSR</fielddescr>
 			<fieldname>enable</fieldname>
 			<description>Enables the dynamic mesh linking daemon.</description>
 			<type>checkbox</type>
 		</field>
 		<field>
+			<fielddescr>Enable Secure Mode</fielddescr>
+			<fieldname>enabledsecure</fieldname>
+			<description>Enables the secure mode.</description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<fielddescr>Key</fielddescr>
+			<fieldname>securekey</fieldname>
+			<description>Paste the secure key information here.</description>
+			<type>textarea</type>
+			<rows>5</rows>
+			<cols>50</cols>
+		</field>
+		<field>
+			<name>General Settings</name>
+			<type>listtopic</type>
+		</field>
+		<field>
 			<fielddescr>Link Quality Level</fielddescr>
 			<fieldname>enablelqe</fieldname>
 			<type>select</type>
@@ -83,6 +104,7 @@
 				<option><value>0</value><name>0</name></option>
 				<option><value>1</value><name>1</name></option>
 			</options>
+			<default_value>2</default_value>
 		</field>
 		<field>
 			<fielddescr>Interfaces</fielddescr>
@@ -98,6 +120,7 @@
 			<fieldname>enablehttpinfo</fieldname>
 			<description>Enables the OLSR stats web server.</description>
 			<type>checkbox</type>
+			<enablefields>port,allowedhttpinfohost,allowedhttpinfosubnet</enablefields>
 		</field>
 		<field>
 			<fielddescr>HTTPInfo Port</fielddescr>
@@ -106,65 +129,67 @@
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>Allowed host(s)</fielddescr>
+			<fielddescr>Allowed Host(s) IP Address/Subnet</fielddescr>
 			<fieldname>allowedhttpinfohost</fieldname>
-			<description>Hosts that are allowed to access the HTTPInfo web service.</description>
+			<description>IP(s) that are allowed to access the HTTPInfo web service.</description>
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>Allowed host(s) subnet</fielddescr>
+			<fielddescr>Allowed Host(s) Netmask</fielddescr>
 			<fieldname>allowedhttpinfosubnet</fieldname>
-			<description>Enter the subnet mask in form 255.255.255.0</description>
+			<description>Enter the subnet mask in long form (e.g. 255.255.255.0)</description>
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>Enable Dynamic Gateway</fielddescr>
-			<fieldname>enabledyngw</fieldname>
-			<description>Enables the OLSR Dynamic Gateways feature.</description>
-			<type>checkbox</type>
-		</field>
-		<field>
-			<fielddescr>Announce self as Dynamic Gateway</fielddescr>
+			<fielddescr>Announce Self as Dynamic Gateway</fielddescr>
 			<fieldname>enableannounce</fieldname>
 			<description>Enables the OLSR Dynamic Gateways Announcing feature.</description>
 			<type>checkbox</type>
 		</field>
 		<field>
-			<fielddescr>Announce Dynamic local route</fielddescr>
+			<fielddescr>Announce Dynamic Local Route</fielddescr>
 			<fieldname>announcedynamicroute</fieldname>
 			<description>Enter the IP/Netmask.</description>
 			<type>textarea</type>
 			<rows>3</rows>
 			<cols>50</cols>
 		</field>
+		<!-- Disabled since the required plugin is missing in the package -->
+		<!--
 		<field>
-			<fielddescr>Ping</fielddescr>
-			<fieldname>ping</fieldname>
-			<description>Pings this host to ensure connectivity.</description>
-			<type>input</type>
+			<name>Dynamic Gateway</name>
+			<type>listtopic</type>
 		</field>
 		<field>
-			<fielddescr>Poll</fielddescr>
-			<fieldname>polling</fieldname>
-			<description>How often to look for a inet gw, in seconds.</description>
-			<type>input</type>
+			<fielddescr>Enable Dynamic Gateway</fielddescr>
+			<fieldname>enabledyngw</fieldname>
+			<description>Enables the OLSR Dynamic Gateways feature.</description>
+			<type>checkbox</type>
+			<enablefields>ping,polling</enablefields>
 		</field>
 		<field>
-			<fielddescr>Enable Secure Mode</fielddescr>
-			<fieldname>enabledsecure</fieldname>
-			<description>Enables the secure mode.</description>
-			<type>checkbox</type>
+			<fielddescr>Ping IP Address</fielddescr>
+			<fieldname>ping</fieldname>
+			<description>Pings this IPv4 address to ensure connectivity.</description>
+			<type>input</type>
+			<default_value>5</default_value>
 		</field>
 		<field>
-			<fielddescr>Key</fielddescr>
-			<fieldname>securekey</fieldname>
-			<description>Paste the secure key information here.</description>
-			<type>textarea</type>
-			<rows>5</rows>
-			<cols>50</cols>
+			<fielddescr>Poll Interval</fielddescr>
+			<fieldname>polling</fieldname>
+			<description>How often to look for an inet GW (in seconds).</description>
+			<type>input</type>
+			<default_value>5</default_value>
 		</field>
+		-->
 	</fields>
+	<custom_php_deinstall_command>
+		php_deinstall_olsrd();
+	</custom_php_deinstall_command>
 	<custom_php_resync_config_command>
 		setup_wireless_olsr($if);
 	</custom_php_resync_config_command>
+	<custom_php_validation_command>
+		validate_form_olsrd($_POST, $input_errors);
+	</custom_php_validation_command>
 </packagegui>
diff --git a/config/openbgpd/openbgpd.priv.inc b/config/openbgpd/openbgpd.priv.inc
new file mode 100644
index 00000000..6a0cae94
--- /dev/null
+++ b/config/openbgpd/openbgpd.priv.inc
@@ -0,0 +1,47 @@
+<?php
+/*
+	openbgpd.priv.inc
+	part of pfSense (http://www.pfSense.org/)
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-openbgpd'] = array();
+$priv_list['page-services-openbgpd']['name'] = "WebCfg - Services: OpenBGPD package";
+$priv_list['page-services-openbgpd']['descr'] = "Allow access to OpenBGPD package GUI";
+
+$priv_list['page-services-openbgpd']['match'] = array();
+$priv_list['page-services-openbgpd']['match'][] = "pkg.php?xml=openbgpd.xml*";
+$priv_list['page-services-openbgpd']['match'][] = "pkg.php?xml=openbgpd_neighbors.xml*";
+$priv_list['page-services-openbgpd']['match'][] = "pkg.php?xml=openbgpd_groups.xml*";
+
+$priv_list['page-services-openbgpd']['match'][] = "pkg_edit.php?xml=openbgpd.xml*";
+$priv_list['page-services-openbgpd']['match'][] = "pkg_edit.php?xml=openbgpd_neighbors.xml*";
+$priv_list['page-services-openbgpd']['match'][] = "pkg_edit.php?xml=openbgpd_groups.xml*";
+
+$priv_list['page-services-openbgpd']['match'][] = "openbgpd_raw.php*";
+$priv_list['page-services-openbgpd']['match'][] = "openbgpd_status.php*";
+
+?>
diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml
index 6ed587d6..351182cc 100644
--- a/config/openbgpd/openbgpd.xml
+++ b/config/openbgpd/openbgpd.xml
@@ -42,7 +42,7 @@
 	]]>
 	</copyright>
 	<name>OpenBGPD</name>
-	<version>0.9.3.7</version>
+	<version>0.9.3.9</version>
 	<title>Services: OpenBGPD</title>
 	<include_file>/usr/local/pkg/openbgpd.inc</include_file>
 	<service>
@@ -64,6 +64,10 @@
 		<item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.inc</item>
 	</additional_files_needed>
 	<additional_files_needed>
+		<prefix>/etc/inc/priv/</prefix>
+		<item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd.priv.inc</item>
+	</additional_files_needed>
+	<additional_files_needed>
 		<prefix>/usr/local/pkg/</prefix>
 		<item>https://packages.pfsense.org/packages/config/openbgpd/openbgpd_groups.xml</item>
 	</additional_files_needed>
@@ -73,7 +77,6 @@
 	</additional_files_needed>
 	<menu>
 		<name>OpenBGPD</name>
-		<tooltiptext></tooltiptext>
 		<section>Services</section>
 		<url>/pkg_edit.php?xml=openbgpd.xml&amp;id=0</url>
 	</menu>
diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc
index 50b6e558..9eae2567 100644
--- a/config/siproxd/siproxd.inc
+++ b/config/siproxd/siproxd.inc
@@ -31,6 +31,7 @@
 if (!function_exists("filter_configure")) {
 	require_once("filter.inc");
 }
+require_once("pfsense-utils.inc");
 require_once("service-utils.inc");
 
 // Check to find out on which pfSense version the package is running
@@ -42,6 +43,18 @@ if ($pfs_version == "2.1" || $pfs_version == "2.2") {
 	define('SIPROXD', '/usr/local');
 }
 
+function install_package_siproxd() {
+	siproxd_create_chroot();
+	/* remove rc script distributed with the package */
+	unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd');
+}
+
+function deinstall_package_siproxd() {
+	rmdir_recursive("/var/siproxd");
+	unlink_if_exists(SIPROXD . '/etc/siproxd.conf');
+	unlink_if_exists(SIPROXD . '/etc/siproxd_passwd.cfg');
+}
+
 function sync_package_siproxd_users() {
 	global $g, $config;
 	conf_mount_rw();
@@ -64,23 +77,28 @@ function sync_package_siproxd_users() {
 function siproxd_generate_rules($type) {
 	global $config;
 
-	$siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0];
+	if (is_array($config['installedpackages']['siproxdsettings'])) {
+		$siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0];
+	} else {
+		$siproxd_conf = array();
+	}
+
 	if (!is_service_running('siproxd')) {
-		log_error("Siproxd is installed but not started. Not installing redirect rules.");
+		log_error("[siproxd] Package is installed but not started. Not installing firewall rules.");
 		return;
 	}
 
 	/* proxy is turned off in package settings */
-	if ($siproxd_conf['sipenable'] == "0") {
-		log_error("WARNING: siproxd proxy has not been enabled. Not installing rules.");
+	if ($siproxd_conf['sipenable'] != "on") {
+		log_error("[siproxd] WARNING: siproxd proxy has not been enabled. Not installing firewall rules.");
 		return "\n";
 	}
 
 	$ifaces = explode(",", $siproxd_conf['if_inbound']);
 	$ifaces = array_map('convert_friendly_interface_to_real_interface_name', $ifaces);
-	$rtplower = ($siproxd_conf['rtplower'] ? $siproxd_conf['rtplower'] : 7070);
-	$rtpupper = ($siproxd_conf['rtpupper'] ? $siproxd_conf['rtpupper'] : 7079);
-	$port = ($siproxd_conf['port'] ? $siproxd_conf['port'] : 5060);
+	$rtplower = $siproxd_conf['rtplower'] ?: '7070';
+	$rtpupper = $siproxd_conf['rtpupper'] ?: '7079';
+	$port = $siproxd_conf['port'] ?: '5060';
 
 	switch($type) {
 		case 'nat':
@@ -108,18 +126,24 @@ function siproxd_generate_rules($type) {
 	return $rules;
 }
 
-function sync_package_siproxd() {
-	global $config, $pfs_version;
-
-	conf_mount_rw();
-
+function siproxd_create_chroot() {
 	$siproxd_chroot = "/var/siproxd/";
 	safe_mkdir($siproxd_chroot);
 	@chown($siproxd_chroot, "nobody");
 	@chgrp($siproxd_chroot, "nobody");
-	unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd');
+}
+
+function sync_package_siproxd() {
+	global $config, $pfs_version;
+
+	conf_mount_rw();
+	siproxd_create_chroot();
 
-	$siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0];
+	if (is_array($config['installedpackages']['siproxdsettings'])) {
+		$siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0];
+	} else {
+		$siproxd_conf = array();
+	}
 	$siproxd_conffile = SIPROXD . '/etc/siproxd.conf';
 	$siproxd_pwfile = SIPROXD . '/etc/siproxd_passwd.cfg';
 
@@ -136,9 +160,14 @@ function sync_package_siproxd() {
 	fwrite($fout, "# This file was automatically generated by the pfSense\n");
 	fwrite($fout, "# package management system.\n\n");
 
-	/* proxy is turned off in package settings */
-	if ($siproxd_conf['sipenable'] == "0") {
+	/* if proxy is turned off in package settings, stop service, remove rc script and do nothing else */
+	if ($siproxd_conf['sipenable'] != "on") {
 		fclose($fout);
+		if (is_service_running('siproxd')) {
+			stop_service("siproxd");
+			sleep(3);
+		}
+		unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd.sh');
 		return;
 	}
 
@@ -147,11 +176,7 @@ function sync_package_siproxd() {
 	}
 
 	if ($siproxd_conf['if_outbound'] != "") {
-		if (intval($config['version']) < 6 && $config['interfaces'][$siproxd_conf['if_outbound']]['ipaddr'] == "pppoe") {
-			fwrite($fout, "if_outbound = ng0\n");
-		} else {
-			fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n");
-		}
+		fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n");
 	}
 
 	if ($siproxd_conf['port'] != "") {
@@ -286,7 +311,7 @@ function sync_package_siproxd() {
 		sleep(3);
 	}
 	/* Only (re)start the service when siproxd is enabled */
-	if ($siproxd_conf['sipenable'] != "0") {
+	if ($siproxd_conf['sipenable'] == "on") {
 		start_service("siproxd");
 		sleep(3);
 	}
diff --git a/config/siproxd/siproxd.priv.inc b/config/siproxd/siproxd.priv.inc
new file mode 100644
index 00000000..9980a353
--- /dev/null
+++ b/config/siproxd/siproxd.priv.inc
@@ -0,0 +1,42 @@
+<?php
+/*
+	siproxd.priv.inc
+	part of pfSense (http://www.pfSense.org/)
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+global $priv_list;
+
+$priv_list['page-services-siproxd'] = array();
+$priv_list['page-services-siproxd']['name'] = "WebCfg - Services: siproxd package";
+$priv_list['page-services-siproxd']['descr'] = "Allow access to siproxd package GUI";
+
+$priv_list['page-services-siproxd']['match'] = array();
+$priv_list['page-services-siproxd']['match'][] = "pkg.php?xml=siproxd.xml*";
+$priv_list['page-services-siproxd']['match'][] = "pkg.php?xml=siproxdusers.xml*";
+$priv_list['page-services-siproxd']['match'][] = "pkg_edit.php?xml=siproxd.xml*";
+$priv_list['page-services-siproxd']['match'][] = "pkg_edit.php?xml=siproxdusers.xml*";
+$priv_list['page-services-siproxd']['match'][] = "siproxd_registered_phones.php*";
+
+?>
diff --git a/config/siproxd/siproxd.xml b/config/siproxd/siproxd.xml
index e4375d8e..b0866eb1 100644
--- a/config/siproxd/siproxd.xml
+++ b/config/siproxd/siproxd.xml
@@ -43,25 +43,25 @@
 	]]>
 	</copyright>
 	<name>siproxdsettings</name>
-	<version>1.0.6</version>
+	<version>1.0.7</version>
 	<title>siproxd: Settings</title>
 	<include_file>/usr/local/pkg/siproxd.inc</include_file>
-	<aftersaveredirect>/pkg_edit.php?xml=siproxd.xml&amp;id=0</aftersaveredirect>
+	<aftersaveredirect>/pkg_edit.php?xml=siproxd.xml</aftersaveredirect>
 	<menu>
 		<name>siproxd</name>
-		<tooltiptext>Modify siproxd users and settings.</tooltiptext>
 		<section>Services</section>
-		<url>/pkg_edit.php?xml=siproxd.xml&amp;id=0</url>
+		<url>/pkg_edit.php?xml=siproxd.xml</url>
 	</menu>
 	<service>
 		<name>siproxd</name>
 		<rcfile>siproxd.sh</rcfile>
 		<executable>siproxd</executable>
+		<description>Proxy/Masquerading Daemon for SIP</description>
 	</service>
 	<tabs>
 		<tab>
 			<text>Settings</text>
-			<url>/pkg_edit.php?xml=siproxd.xml&amp;id=0</url>
+			<url>/pkg_edit.php?xml=siproxd.xml</url>
 			<active/>
 		</tab>
 		<tab>
@@ -82,6 +82,10 @@
 		<item>https://packages.pfsense.org/packages/config/siproxd/siproxd.inc</item>
 	</additional_files_needed>
 	<additional_files_needed>
+		<prefix>/etc/inc/priv/</prefix>
+		<item>https://packages.pfsense.org/packages/config/siproxd/siproxd.priv.inc</item>
+	</additional_files_needed>
+	<additional_files_needed>
 		<prefix>/usr/local/www/</prefix>
 		<item>https://packages.pfsense.org/packages/config/siproxd/siproxd_registered_phones.php</item>
 	</additional_files_needed>
@@ -89,23 +93,23 @@
 		<field>
 			<fielddescr>Enable siproxd</fielddescr>
 			<fieldname>sipenable</fieldname>
-			<description>Enable or disable siproxd</description>
+			<description>Enable or disable siproxd.</description>
 			<type>checkbox</type>
 		</field>
 		<field>
-			<fielddescr>Inbound interface</fielddescr>
+			<fielddescr>Inbound Interface</fielddescr>
 			<fieldname>if_inbound</fieldname>
 			<description>Select the inbound interface.</description>
 			<type>interfaces_selection</type>
 		</field>
 		<field>
-			<fielddescr>Outbound interface</fielddescr>
+			<fielddescr>Outbound Interface</fielddescr>
 			<fieldname>if_outbound</fieldname>
 			<description>Select the outbound interface.</description>
 			<type>interfaces_selection</type>
 		</field>
 		<field>
-			<fielddescr>Listening port</fielddescr>
+			<fielddescr>Listening Port</fielddescr>
 			<fieldname>port</fieldname>
 			<description>
 				<![CDATA[
@@ -114,11 +118,12 @@
 				]]>
 			</description>
 			<type>input</type>
+			<default_value>5060</default_value>
 		</field>
 		<field>
-			<fielddescr>Default expiration timeout</fielddescr>
+			<fielddescr>Default Expiration Timeout</fielddescr>
 			<fieldname>defaulttimeout</fieldname>
-			<description>If a REGISTER request dose not contain an Expires header or expires= parameter, this number of seconds will be used and reported back to the UA in the answer.</description>
+			<description>If a REGISTER request does not contain an Expires header or expires= parameter, this number of seconds will be used and reported back to the UA in the answer.</description>
 			<type>input</type>
 		</field>
 		<field>
@@ -126,38 +131,36 @@
 			<type>listtopic</type>
 		</field>
 		<field>
-			<fielddescr>Enable RTP proxy</fielddescr>
+			<fielddescr>Enable RTP Proxy</fielddescr>
 			<fieldname>rtpenable</fieldname>
-			<description>Enable or disable the RTP proxy. (default is enabled)</description>
+			<description>Enable or disable the RTP proxy. (Default: enabled)</description>
 			<type>select</type>
 			<options>
-				<option>
-					<name>Enable</name>
-					<value>1</value>
-				</option>
-				<option>
-					<name>Disable</name>
-					<value>0</value>
-				</option>
+				<option><name>Enable</name><value>1</value></option>
+				<option><name>Disable</name><value>0</value></option>
 			</options>
+			<default_value>1</default_value>
 		</field>
 		<field>
-			<fielddescr>RTP port range (lower)</fielddescr>
+			<fielddescr>RTP Port Range (Lower)</fielddescr>
 			<fieldname>rtplower</fieldname>
-			<description>Enter the bottom edge of the port range siproxd will allocate for incoming RTP traffic. This range must be one not blocked by the firewall (default 7070).</description>
+			<description>Enter the bottom edge of the port range siproxd will allocate for incoming RTP traffic. This range must not be blocked by the firewall. (Default: 7070)</description>
 			<type>input</type>
+			<default_value>7070</default_value>
 		</field>
 		<field>
-			<fielddescr>RTP port range (upper)</fielddescr>
+			<fielddescr>RTP Port Range (Upper)</fielddescr>
 			<fieldname>rtpupper</fieldname>
-			<description>Enter the top edge of the port range siproxd will allocate for incoming RTP traffic. This range must be one not blocked by the firewall (default 7079).</description>
+			<description>Enter the top edge of the port range siproxd will allocate for incoming RTP traffic. This range must not be blocked by the firewall. (Default: 7079)</description>
 			<type>input</type>
+			<default_value>7079</default_value>
 		</field>
 		<field>
-			<fielddescr>RTP stream timeout</fielddescr>
+			<fielddescr>RTP Stream Timeout</fielddescr>
 			<fieldname>rtptimeout</fieldname>
-			<description>After this number of seconds, an RTP stream is considered dead and proxying it will be stopped (default 300sec).</description>
+			<description>After this number of seconds, an RTP stream is considered dead and proxying it will be stopped. (Default: 300sec)</description>
 			<type>input</type>
+			<default_value>300</default_value>
 		</field>
 		<field>
 			<name>Dejittering Settings</name>
@@ -180,7 +183,7 @@
 			<type>listtopic</type>
 		</field>
 		<field>
-			<fielddescr>TCP inactivity timeout</fielddescr>
+			<fielddescr>TCP Inactivity Timeout</fielddescr>
 			<fieldname>tcp_timeout</fieldname>
 			<description>
 				<![CDATA[
@@ -195,8 +198,8 @@
 			<fieldname>tcp_connect_timeout</fieldname>
 			<description>
 				<![CDATA[
-				Defines How many msecs siproxd will wait for an successful connect when establishing an outgoing SIP signalling connection.<br />
-				This should be kept as short as possible as waiting for an TCP connection to establish is a BLOCKING operation - while waiting for a connect to succeed no SIP messages are processed (RTP is not affected).
+				Defines How many msecs siproxd will wait for a successful connect when establishing an outgoing SIP signalling connection.<br />
+				This should be kept as short as possible as waiting for an TCP connection to establish is a BLOCKING operation - no SIP messages are processed while waiting for a connect to succeed (RTP is not affected).
 				]]>
 			</description>
 			<type>input</type>
@@ -212,19 +215,19 @@
 			<type>listtopic</type>
 		</field>
 		<field>
-			<fielddescr>Enable proxy authentication</fielddescr>
+			<fielddescr>Enable Proxy Authentication</fielddescr>
 			<fieldname>authentication</fieldname>
-			<description>If this is checked, clients will be forced to authenticate themselves at the proxy (for registration only).</description>
+			<description>If checked, clients will be forced to authenticate themselves at the proxy (for registration only).</description>
 			<type>checkbox</type>
 		</field>
 		<field>
-			<fielddescr>Outbound proxy hostname</fielddescr>
+			<fielddescr>Outbound Proxy Hostname</fielddescr>
 			<fieldname>outboundproxyhost</fieldname>
 			<description>Enter the hostname of an outbound proxy to send all traffic to. This is only useful if you have multiple masquerading firewalls to cross.</description>
 			<type>input</type>
 		</field>
 		<field>
-			<fielddescr>Outbound proxy port</fielddescr>
+			<fielddescr>Outbound Proxy Port</fielddescr>
 			<fieldname>outboundproxyport</fieldname>
 			<description>Enter the port of the outbound proxy to send all traffic to. This is only useful if you have multiple masquerading firewalls to cross.</description>
 			<type>input</type>
@@ -266,7 +269,7 @@
 			<type>checkbox</type>
 		</field>
 		<field>
-			<fielddescr>Log redirected calls</fielddescr>
+			<fielddescr>Log Redirected Calls</fielddescr>
 			<fieldname>plugin_defaulttarget_log</fieldname>
 			<description>Log redirected calls.</description>
 			<type>checkbox</type>
@@ -371,6 +374,12 @@
 			<type>input</type>
 		</field>
 	</fields>
+	<custom_php_install_command>
+		install_package_siproxd();
+	</custom_php_install_command>
+	<custom_php_deinstall_command>
+		deinstall_package_siproxd();
+	</custom_php_deinstall_command>
 	<custom_add_php_command>
 		sync_package_siproxd();
 	</custom_add_php_command>
@@ -378,7 +387,7 @@
 		sync_package_siproxd();
 	</custom_php_resync_config_command>
 	<filter_rules_needed>
-		siproxd_generate_rules();
+		siproxd_generate_rules
 	</filter_rules_needed>
 	<custom_php_validation_command>
 		validate_form_siproxd($_POST, $input_errors);
diff --git a/config/siproxd/siproxd_registered_phones.php b/config/siproxd/siproxd_registered_phones.php
index 51eb474a..0648aa2f 100644
--- a/config/siproxd/siproxd_registered_phones.php
+++ b/config/siproxd/siproxd_registered_phones.php
@@ -82,7 +82,7 @@ require("head.inc");
 <tr><td>
 <?php
 	$tab_array = array();
-	$tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=siproxd.xml&amp;id=0");
+	$tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=siproxd.xml");
 	$tab_array[] = array(gettext("Users"), false, "pkg.php?xml=siproxdusers.xml");
 	$tab_array[] = array(gettext("Registered Phones"), true, "siproxd_registered_phones.php");
 	display_top_tabs($tab_array);
diff --git a/config/siproxd/siproxdusers.xml b/config/siproxd/siproxdusers.xml
index 6dd53efe..390c4f35 100644
--- a/config/siproxd/siproxdusers.xml
+++ b/config/siproxd/siproxdusers.xml
@@ -43,13 +43,13 @@
 	]]>
 	</copyright>
 	<name>siproxdusers</name>
-	<version>1.0.6</version>
+	<version>1.0.7</version>
 	<title>siproxd: Users</title>
 	<include_file>/usr/local/pkg/siproxd.inc</include_file>
 	<tabs>
 		<tab>
 			<text>Settings</text>
-			<url>/pkg_edit.php?xml=siproxd.xml&amp;id=0</url>
+			<url>/pkg_edit.php?xml=siproxd.xml</url>
 		</tab>
 		<tab>
 			<text>Users</text>
@@ -61,7 +61,6 @@
 			<url>/siproxd_registered_phones.php</url>
 		</tab>
 	</tabs>
-	<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
 	<adddeleteeditpagefields>
 		<columnitem>
 			<fielddescr>Username</fielddescr>
@@ -76,19 +75,19 @@
 		<field>
 			<fielddescr>Username</fielddescr>
 			<fieldname>username</fieldname>
-			<description>Enter the username here</description>
+			<description>Enter the username here.</description>
 			<type>input</type>
 		</field>
 		<field>
 			<fielddescr>Password</fielddescr>
 			<fieldname>password</fieldname>
-			<description>Enter the password here</description>
+			<description>Enter the password here.</description>
 			<type>password</type>
 		</field>
 		<field>
 			<fielddescr>Username Description</fielddescr>
 			<fieldname>description</fieldname>
-			<description>Enter the description of the user here</description>
+			<description>Enter the description of the user here.</description>
 			<type>input</type>
 		</field>
 	</fields>
diff --git a/config/zabbix2/zabbix2.inc b/config/zabbix2/zabbix2-agent.inc
index 9b5f3ed3..4aa0d5f7 100644
--- a/config/zabbix2/zabbix2.inc
+++ b/config/zabbix2/zabbix2-agent.inc
@@ -1,6 +1,6 @@
 <?php
 /*
-	zabbix2.inc
+	zabbix2-agent.inc
 	part of pfSense (https://www.pfSense.org/)
 	Copyright (C) 2013 Danilo G. Baio
 	Copyright (C) 2013 Marcello Coutinho
@@ -77,50 +77,7 @@ function php_deinstall_zabbix2_agent() {
 	}
 }
 
-function php_deinstall_zabbix2_proxy() {
-	global $config, $g;
-
-	$pfs_version = php_zabbix2_pfs_version();
-	$zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version);
-
-	if ($pfs_version == "2.1" || $pfs_version == "2.2") {
-		define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m"));
-	} else {
-		define('ZABBIX_PROXY_BASE', '/usr/local');
-	}
-
-	exec("/usr/bin/killall zabbix_proxy");
-	unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf");
-	unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log");
-	unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid");
-
-	if (!is_array($config['installedpackages']['zabbixagent'])) {
-		if (is_dir("/var/log/zabbix2")) {
-			exec("/bin/rm -r /var/log/zabbix2/");
-		}
-		if (is_dir("/var/run/zabbix2")) {
-			exec("/bin/rm -r /var/run/zabbix2/");
-		}
-	}
-
-	if (is_dir("/var/db/zabbix2")) {
-		exec("/bin/rm -r /var/db/zabbix2/");
-	}
-}
-
-function validate_input_zabbix2($post, &$input_errors) {
-	if  (isset($post['proxyenabled'])) {
-		if (!is_numericint($post['serverport'])) {
-			$input_errors[] = "'Server Port' value is not numeric.";
-   		} elseif ($post['serverport'] < 1 || $post['serverport'] > 65535) {
-			$input_errors[] = "You must enter a valid value for 'Server Port'.";
-		}
-
-		if (!is_numericint($post['configfrequency'])) {
-			$input_errors[] = "'Config Frequency' value is not numeric.";
-		}
-	}
-
+function validate_input_zabbix2_agent($post, &$input_errors) {
 	if (isset($post['agentenabled'])) {
 		if (!preg_match("/\w+/", $post['server'])) {
 			$input_errors[] = "Server field is required.";
@@ -186,7 +143,7 @@ function validate_input_zabbix2($post, &$input_errors) {
 	}
 }
 
-function sync_package_zabbix2() {
+function sync_package_zabbix2_agent() {
 	global $config, $g;
 
 	conf_mount_rw();
@@ -195,38 +152,10 @@ function sync_package_zabbix2() {
 
 	if ($pfs_version == "2.1" || $pfs_version == "2.2") {
 		define('ZABBIX_AGENT_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-agent-' . php_uname("m"));
-		define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m"));
 	} else {
 		define('ZABBIX_AGENT_BASE', '/usr/local');
-		define('ZABBIX_PROXY_BASE', '/usr/local');
 	}
 
-	// Check zabbix proxy config
-	if (is_array($config['installedpackages']['zabbixproxy'])) {
-		$zbproxy_config = $config['installedpackages']['zabbixproxy']['config'][0];
-		if ($zbproxy_config['proxyenabled'] == "on") {
-			$Mode = (is_numericint($zbproxy_config['proxymode']) ? $zbproxy_config['proxymode'] : 0);
-			$AdvancedParams = base64_decode($zbproxy_config['advancedparams']);
-
-			$zbproxy_conf_file = <<< EOF
-Server={$zbproxy_config['server']}
-ServerPort={$zbproxy_config['serverport']}
-Hostname={$zbproxy_config['hostname']}
-PidFile=/var/run/zabbix2/zabbix2_proxy.pid
-DBName=/var/db/zabbix2/proxy.db
-LogFile=/var/log/zabbix2/zabbix_proxy.log
-ConfigFrequency={$zbproxy_config['configfrequency']}
-FpingLocation=/usr/local/sbin/fping
-# There's currently no fping6 (IPv6) dependency in the package,
-# but if there was, the binary would likely also be in /usr/local/sbin.
-Fping6Location=/usr/local/sbin/fping6
-ProxyMode={$Mode}
-{$AdvancedParams}
-
-EOF;
-			file_put_contents(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => "")));
-		}
-	}
 	// Check zabbix agent settings
 	if (is_array($config['installedpackages']['zabbixagent'])) {
 		$zbagent_config = $config['installedpackages']['zabbixagent']['config'][0];
@@ -310,8 +239,8 @@ EOF;
 
 	// Check startup script files
 	// Create a few directories and ensure the sample files are in place
-	if (!is_dir(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base)) {
-		mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base);
+	if (!is_dir(ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base)) {
+		mwexec("/bin/mkdir -p " . ZABBIX_AGENT_BASE . "/etc/" . $zabbix2_pkg_base);
 	}
 
 	$dir_checks = <<< EOF
@@ -336,29 +265,6 @@ EOF;
 
 EOF;
 
-	$zproxy_rcfile = "/usr/local/etc/rc.d/zabbix2_proxy.sh";
-	if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled'] == "on") {
-		$zproxy_start = strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy\"...\n";
-		$zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n";
-
-		$zproxy_stop  = "echo \"Stopping Zabbix Proxy\"\n";
-		$zproxy_stop .= "/usr/bin/killall zabbix_proxy\n";
-		$zproxy_stop .= "/bin/sleep 5\n";
-
-		write_rcfile(array(
-			"file" => "zabbix2_proxy.sh",
-			"start" => $zproxy_start,
-			"stop" => $zproxy_stop
-			)
-		);
-		restart_service("zabbix_proxy");
-	} else {
-		if (is_service_running("zabbix_proxy")) {
-			stop_service("zabbix_proxy");
-		}
-		unlink_if_exists($zproxy_rcfile);
-	}
-
 	$zagent_rcfile="/usr/local/etc/rc.d/zabbix2_agentd.sh";
 	if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on") {
 		$zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent...\"\n";
@@ -374,7 +280,11 @@ EOF;
 			"stop" => $zagent_stop
 			)
 		);
-		restart_service("zabbix_agentd");
+		if (is_service_running("zabbix_agentd")) {
+			restart_service("zabbix_agentd");
+		} else {
+			start_service("zabbix_agentd");
+		}
 	} else {
 		if (is_service_running("zabbix_agentd")) {
 			stop_service("zabbix_agentd");
diff --git a/config/zabbix2/zabbix2-agent.xml b/config/zabbix2/zabbix2-agent.xml
index e02caefc..be081603 100644
--- a/config/zabbix2/zabbix2-agent.xml
+++ b/config/zabbix2/zabbix2-agent.xml
@@ -45,13 +45,13 @@
 	<name>zabbixagent</name>
 	<title>Services: Zabbix-2 Agent</title>
 	<category>Monitoring</category>
-	<version>0.8.4</version>
-	<include_file>/usr/local/pkg/zabbix2.inc</include_file>
-	<addedit_string>Zabbix Agent has been created/modified.</addedit_string>
-	<delete_string>Zabbix Agent has been deleted.</delete_string>
+	<version>0.8.5</version>
+	<include_file>/usr/local/pkg/zabbix2-agent.inc</include_file>
+	<addedit_string>Zabbix Agent configuration has been created/modified.</addedit_string>
+	<delete_string>Zabbix Agent configuration has been deleted.</delete_string>
 	<restart_command>/usr/local/etc/rc.d/zabbix2_agentd.sh restart</restart_command>
 	<additional_files_needed>
-		<item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item>
+		<item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-agent.inc</item>
 		<prefix>/usr/local/pkg/</prefix>
 	</additional_files_needed>
 	<additional_files_needed>
@@ -204,14 +204,11 @@
 			<advancedfield/>
 		</field>
 	</fields>
-	<custom_php_install_command>
-		sync_package_zabbix2();
-	</custom_php_install_command>
 	<custom_php_validation_command>
-		validate_input_zabbix2($_POST, $input_errors);
+		validate_input_zabbix2_agent($_POST, $input_errors);
 	</custom_php_validation_command>
 	<custom_php_resync_config_command>
-		sync_package_zabbix2();
+		sync_package_zabbix2_agent();
 	</custom_php_resync_config_command>
 	<custom_php_deinstall_command>
 		php_deinstall_zabbix2_agent();
diff --git a/config/zabbix2/zabbix2-proxy.inc b/config/zabbix2/zabbix2-proxy.inc
new file mode 100644
index 00000000..aa21b817
--- /dev/null
+++ b/config/zabbix2/zabbix2-proxy.inc
@@ -0,0 +1,244 @@
+<?php
+/*
+	zabbix2-proxy.inc
+	part of pfSense (https://www.pfSense.org/)
+	Copyright (C) 2013 Danilo G. Baio
+	Copyright (C) 2013 Marcello Coutinho
+	Copyright (C) 2015 ESF, LLC
+	All rights reserved.
+
+	Redistribution and use in source and binary forms, with or without
+	modification, are permitted provided that the following conditions are met:
+
+	1. Redistributions of source code must retain the above copyright notice,
+	   this list of conditions and the following disclaimer.
+
+	2. Redistributions in binary form must reproduce the above copyright
+	   notice, this list of conditions and the following disclaimer in the
+	   documentation and/or other materials provided with the distribution.
+
+	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+	POSSIBILITY OF SUCH DAMAGE.
+*/
+require_once("util.inc");
+require_once("functions.inc");
+require_once("pkg-utils.inc");
+require_once("globals.inc");
+
+function php_zabbix2_pfs_version() {
+	$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3);
+	return $pfs_version;
+}
+
+function php_zabbix2_pkg_base($pfs_version) {
+	if ($pfs_version >= 2.2) {
+		// pfSense 2.2 with zabbix 2.4
+		$zabbix2_pkg_base = "zabbix24";
+	} else {
+		// pfSense 2.1 with zabbix 2.2
+		$zabbix2_pkg_base = "zabbix22";
+	}
+	return $zabbix2_pkg_base;
+}
+
+function php_deinstall_zabbix2_proxy() {
+	global $config, $g;
+
+	$pfs_version = php_zabbix2_pfs_version();
+	$zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version);
+
+	if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+		define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m"));
+	} else {
+		define('ZABBIX_PROXY_BASE', '/usr/local');
+	}
+
+	exec("/usr/bin/killall zabbix_proxy");
+	unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf");
+	unlink_if_exists("/var/log/zabbix2/zabbix_proxy.log");
+	unlink_if_exists("/var/run/zabbix2/zabbix2_proxy.pid");
+
+	if (!is_array($config['installedpackages']['zabbixagent'])) {
+		if (is_dir("/var/log/zabbix2")) {
+			exec("/bin/rm -r /var/log/zabbix2/");
+		}
+		if (is_dir("/var/run/zabbix2")) {
+			exec("/bin/rm -r /var/run/zabbix2/");
+		}
+		if (is_dir("/var/db/zabbix2")) {
+			exec("/bin/rm -r /var/db/zabbix2/");
+		}
+	}
+}
+
+function validate_input_zabbix2_proxy($post, &$input_errors) {
+	if  (isset($post['proxyenabled'])) {
+		if (!is_numericint($post['serverport'])) {
+			$input_errors[] = "'Server Port' value is not numeric.";
+   		} elseif ($post['serverport'] < 1 || $post['serverport'] > 65535) {
+			$input_errors[] = "You must enter a valid value for 'Server Port'.";
+		}
+
+		if (!preg_match("/\w+/", $post['hostname'])) {
+			$input_errors[] = "Hostname field is required.";
+		}
+
+		if (!is_numericint($post['configfrequency'])) {
+			$input_errors[] = "'Config Frequency' value is not numeric.";
+		}
+	}
+}
+
+function sync_package_zabbix2_proxy() {
+	global $config, $g;
+
+	conf_mount_rw();
+	$pfs_version = php_zabbix2_pfs_version();
+	$zabbix2_pkg_base = php_zabbix2_pkg_base($pfs_version);
+
+	if ($pfs_version == "2.1" || $pfs_version == "2.2") {
+		define('ZABBIX_PROXY_BASE', '/usr/pbi/' . $zabbix2_pkg_base . '-proxy-' . php_uname("m"));
+	} else {
+		define('ZABBIX_PROXY_BASE', '/usr/local');
+	}
+
+	// Check zabbix proxy config
+	if (is_array($config['installedpackages']['zabbixproxy'])) {
+		$zbproxy_config = $config['installedpackages']['zabbixproxy']['config'][0];
+		if ($zbproxy_config['proxyenabled'] == "on") {
+			$Mode = (is_numericint($zbproxy_config['proxymode']) ? $zbproxy_config['proxymode'] : 0);
+			$AdvancedParams = base64_decode($zbproxy_config['advancedparams']);
+
+			$zbproxy_conf_file = <<< EOF
+Server={$zbproxy_config['server']}
+ServerPort={$zbproxy_config['serverport']}
+Hostname={$zbproxy_config['hostname']}
+PidFile=/var/run/zabbix2/zabbix2_proxy.pid
+DBName=/var/db/zabbix2/proxy.db
+LogFile=/var/log/zabbix2/zabbix_proxy.log
+ConfigFrequency={$zbproxy_config['configfrequency']}
+FpingLocation=/usr/local/sbin/fping
+# There's currently no fping6 (IPv6) dependency in the package,
+# but if there was, the binary would likely also be in /usr/local/sbin.
+Fping6Location=/usr/local/sbin/fping6
+ProxyMode={$Mode}
+{$AdvancedParams}
+
+EOF;
+			file_put_contents(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base . "/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => "")));
+		}
+	}
+
+	$want_sysctls = array(
+		'kern.ipc.shmall' => '2097152',
+		'kern.ipc.shmmax' => '2147483648',
+		'kern.ipc.semmsl' => '250'
+	);
+	$sysctls = array();
+	// Check sysctl file values
+	$sc_file="";
+	if (file_exists("/etc/sysctl.conf")) {
+		$sc = file("/etc/sysctl.conf");
+		foreach ($sc as $line) {
+			list($sysk, $sysv) = explode("=", $line, 2);
+			if (preg_match("/\w/", $line) && !array_key_exists($sysk, $want_sysctls)) {
+				$sc_file .= $line;
+			}
+		}
+	}
+	foreach ($want_sysctls as $ws => $wv) {
+		$sc_file .= "{$ws}={$wv}\n";
+		mwexec("/sbin/sysctl {$ws}={$wv}");
+	}
+	file_put_contents("/etc/sysctl.conf", $sc_file);
+
+	// Check bootloader values
+	$lt_file = "";
+	$want_tunables = array(
+		'kern.ipc.semopm' => '100',
+		'kern.ipc.semmni' => '128',
+		'kern.ipc.semmns' => '32000',
+		'kern.ipc.shmmni' => '4096'
+	);
+	$tunables = array();
+	if (file_exists("/boot/loader.conf")) {
+		$lt = file("/boot/loader.conf");
+		foreach ($lt as $line) {
+			list($tunable, $val) = explode("=", $line, 2);
+			if (preg_match("/\w/", $line) && !array_key_exists($tunable, $want_tunables)) {
+				$lt_file .= $line;
+			}
+		}
+	}
+	foreach ($want_tunables as $wt => $wv) {
+		$lt_file .= "{$wt}={$wv}\n";
+	}
+	file_put_contents("/boot/loader.conf", $lt_file);
+
+	// Check startup script files
+	// Create a few directories and ensure the sample files are in place
+	if (!is_dir(ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base)) {
+		mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/" . $zabbix2_pkg_base);
+	}
+
+	$dir_checks = <<< EOF
+
+	if [ ! -d /var/log/zabbix2 ]; then
+		/bin/mkdir -p /var/log/zabbix2
+		/usr/sbin/chmod 755 /var/log/zabbix2
+	fi
+	/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix2
+
+	if [ ! -d /var/run/zabbix2 ]; then
+		/bin/mkdir -p /var/run/zabbix2
+		/usr/sbin/chmod 755 /var/run/zabbix2
+	fi
+	/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix2
+
+	if [ ! -d /var/db/zabbix2 ]; then
+		/bin/mkdir -p /var/db/zabbix2
+		/usr/sbin/chmod 755 /var/db/zabbix2
+	fi
+	/usr/sbin/chown -R zabbix:zabbix /var/db/zabbix2
+
+EOF;
+
+	$zproxy_rcfile = "/usr/local/etc/rc.d/zabbix2_proxy.sh";
+	if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled'] == "on") {
+		$zproxy_start = strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Proxy\"...\n";
+		$zproxy_start .= ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n";
+
+		$zproxy_stop  = "echo \"Stopping Zabbix Proxy\"\n";
+		$zproxy_stop .= "/usr/bin/killall zabbix_proxy\n";
+		$zproxy_stop .= "/bin/sleep 5\n";
+
+		write_rcfile(array(
+			"file" => "zabbix2_proxy.sh",
+			"start" => $zproxy_start,
+			"stop" => $zproxy_stop
+			)
+		);
+		if (is_service_running("zabbix_proxy")) {
+			restart_service("zabbix_proxy");
+		} else {
+			start_service("zabbix_proxy");
+		}
+	} else {
+		if (is_service_running("zabbix_proxy")) {
+			stop_service("zabbix_proxy");
+		}
+		unlink_if_exists($zproxy_rcfile);
+	}
+
+	conf_mount_ro();
+}
+
+?>
diff --git a/config/zabbix2/zabbix2-proxy.xml b/config/zabbix2/zabbix2-proxy.xml
index 398c3df4..c39bbdc6 100644
--- a/config/zabbix2/zabbix2-proxy.xml
+++ b/config/zabbix2/zabbix2-proxy.xml
@@ -45,13 +45,13 @@
 	<name>zabbixproxy</name>
 	<title>Services: Zabbix-2 Proxy</title>
 	<category>Monitoring</category>
-	<version>0.8.4</version>
-	<include_file>/usr/local/pkg/zabbix2.inc</include_file>
-	<addedit_string>Zabbix Proxy has been created/modified.</addedit_string>
-	<delete_string>Zabbix Proxy has been deleted.</delete_string>
+	<version>0.8.5</version>
+	<include_file>/usr/local/pkg/zabbix2-proxy.inc</include_file>
+	<addedit_string>Zabbix Proxy configuration has been created/modified.</addedit_string>
+	<delete_string>Zabbix Proxy configuration has been deleted.</delete_string>
 	<restart_command>/usr/local/etc/rc.d/zabbix2_proxy.sh restart</restart_command>
 	<additional_files_needed>
-		<item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2.inc</item>
+		<item>https://packages.pfsense.org/packages/config/zabbix2/zabbix2-proxy.inc</item>
 		<prefix>/usr/local/pkg/</prefix>
 	</additional_files_needed>
 	<additional_files_needed>
@@ -148,14 +148,11 @@
 			<advancedfield/>
 		</field>
 	</fields>
-	<custom_php_install_command>
-		sync_package_zabbix2();
-	</custom_php_install_command>
 	<custom_php_validation_command>
-		validate_input_zabbix2($_POST, $input_errors);
+		validate_input_zabbix2_proxy($_POST, $input_errors);
 	</custom_php_validation_command>
 	<custom_php_resync_config_command>
-		sync_package_zabbix2();
+		sync_package_zabbix2_proxy();
 	</custom_php_resync_config_command>
 	<custom_php_deinstall_command>
 		php_deinstall_zabbix2_proxy();