path: root/conf.default/config.xml
Commit message (Collapse)AuthorAgeFilesLines
* remove preferoldsa as a default value from 2.0.x also (was removed from 2.1 ↵jim-p2013-05-241-1/+0
| | | | as default a few months ago)
* Fix default SMTP monitor parameters so they will properly check to see if an ↵jim-p2011-11-011-2/+2
| | | | SMTP banner is received.
* Up config number for username sync upgrade.Ermal2011-06-141-1/+1
* Remove out-dated RRD file as it will cause broken images to appear on RRD ↵Warren Baker2011-05-261-1/+1
| | | | graphs page.
* Fix conf.default versionjim-p2011-05-191-1/+1
* Remove rndtest sysctl since the kernel module is not anymore part of our ↵Ermal2011-04-281-5/+0
| | | | kernels. Leftover noticed by: Jim
* Add the default value for the new tunable debug.pfftpproxy to 0. It allows ↵Ermal2011-01-171-0/+5
| | | | to disable the pfftpproxy. Also add it to the default config.xml though no upgrade code should be needed since people can create this from the gui and hopefully do not need to know about this anyway.
* Update config.xml to a more recent version, include a cron job for URL table ↵jim-p2011-01-101-96/+49
| | | | aliases updates.
* Add sysctl for maximum socket buffer sizing. Set to 42621444. This is ↵Scott Ullrich2011-01-041-0/+5
| | | | needed for some heavily loaded servers running unbound, squid, etc
* Remove bce item it is loader.conf only per jimpScott Ullrich2010-11-211-5/+0
* Add missing </item>Scott Ullrich2010-11-201-0/+1
* oops, typoScott Ullrich2010-11-201-1/+1
* Increase vfs.read_max to 32. See ↵Scott Ullrich2010-11-201-0/+4
| | | | .. This can help dramatically if using Squid or any other packae that does a lot of hard disk reads.
* Convert fullname field on users to descr, so it gains CDATA protection.jim-p2010-10-191-1/+1
* desc to descr in Load Balancer config, so they gain CDATA protection and ↵jim-p2010-10-191-5/+5
| | | | standardize field names. Ticket #320.
* Change the description field on sysctl tunables to be 'descr' and not 'desc' ↵jim-p2010-10-191-26/+26
| | | | so they will gain CDATA protection. Ticket #320
* Upgrade code for pppoe.Ermal2010-09-021-1/+1
* Disable TSO and LRO in the default config.jim-p2010-08-041-0/+2
* Remove these from the default config. They moved into other sections and do ↵jim-p2010-08-031-20/+0
| | | | not need to exist by default.
* Fix variable name for consistency.jim-p2010-07-271-1/+1
* Remove associated rule-id from default config they confuse rule edit page.Ermal2010-04-131-2/+0
* Remove bandwidth tags from default config they are not used.Ermal2010-04-121-4/+0
* Don't use "local" as a domain. It breaks DNS resolution for hosts running mDNS.gnhb2010-04-061-1/+1
| | | | | | | | | | | | | | | | | | | | | The "local" search domain signifies to local hosts that are running mDNS (bonjour or avahi) that mDNS is to be used to look up local hosts instead of doing a normal DNS query to the server listed in /etc/resolv.conf on the local host. Also, hosts running bonjour or avahi can not ping or reach *any* other host by name if it is not running some mDNS implementation. Essentially, if DHCP tells the local host that it's search domain is "local" then hosts running mDNS will not query the pfsense DNS server for any local lan DNS lookups. See here on apple's website: Quote from above link: "To indicate that the name should be looked up using local multicast instead of a standard DNS query, all Bonjour host names end with the extension ".local."
* Fix whitespace.Erik Fonnesbeck2010-03-261-7/+7
* Enable WAN and LAN in the default configuration.Erik Fonnesbeck2010-03-261-0/+2
* Make lan/wan behave as all other interfaces.Ermal2010-03-271-1/+1
* is no more in /etc. Remove some unneeded lines.Ermal Lui2010-02-031-9/+0
* Ticket #136.Ermal Lui2010-01-261-3/+3
| | | | | | | | Fix associated nat rules. Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together. The API to use for this is in All the issues should be solved now.
* Add patch from lietu (Janne Enberg). Ticket #136pierrepomes2009-12-121-0/+1
| | | | | | | | | | | | | | | | | | | | | 1) Multiple NAT rules can be assigned the same filter rule -> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment 2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes) -> Fixed, when a NAT rule's association is removed, the filter rule is deleted. Added a "create new associated filter rule" option to the dropdown if there is none selected. 3) The destination IP and port of linked rules can be edited in firewall_rules_edit.php and shouldn't be. Source should be editable but not destination, since that should strictly be tied to the NAT rule. -> Fixed, you cannot edit the destination for the filter rules that are linked to NAT rules, this has been disabled both by JavaScript and PHP. 4) If you edit the source in a linked firewall rule, it gets overwritten when you edit the NAT rule. The NAT rule should never touch the firewall rule source after the rule exists. -> Fixed, previously the old rule was deleted and a new one created, now it only updates the old rule and doesn't touch the source. Also added crosslinking from the NAT rule to the filter rule and back, so you can jump to edit the filter rule from the NAT rule and vice-versa.
* Add lookup table for sysctl tunable ( Make config.xml values ↵sullrich2009-12-061-26/+26
| | | | default to value 'default' Ticket #71
* Minor formatting changesullrich2009-12-031-1/+1
* Set default protocol to HTTPS. Somehow this commit did not make it last timesullrich2009-12-031-1/+1
* Make the default HTTPS. Ticket #63sullrich2009-12-021-8/+0
* Default to only system information and interfaces widgets. This reduces ↵Scott Ullrich2009-11-211-0/+3
| | | | load time on RSPRO from 9+ seconds to 2.5
* Add default load balancing monitor types for ICMP, TCP, HTTP, HTTPS and SMTP ↵Scott Ullrich2009-11-021-0/+45
| | | | from BillM
* Revert "add crontab entries for snort auto block and snort update"Scott Ullrich2009-09-091-18/+0
| | | | This reverts commit b0d639a5e7880ee55c671cbabdb01cd0f1ae1b38.
* add crontab entries for snort auto block and snort updaterobiscool2009-09-091-0/+18
* Added support for automatically managing firewall rules with NAT rules.unknown2009-08-141-0/+2
* Turn off flowtables by defaultScott Ullrich2009-07-131-1/+0
* Enable flow table support by default for new installationsScott Ullrich2009-07-121-0/+1
* Add enable/disable option for flow table support... Remove configuration option.Scott Ullrich2009-07-121-5/+0
* Make pfSense_ng the new default themehoba2009-06-261-1/+1
* Nuke snort2cScott Ullrich2009-06-111-10/+1
| | | | Requested-by: rob iscool
* Add L2 L3 Cache lookup by default.Scott Ullrich2009-06-091-1/+6
| | | | | | | | | | | | | - Import infrastructure for caching flows as a means of accelerating L3 and L2 lookups as well as providing stateful load balancing when used with RADIX_MPATH. - Currently compiled in to i386 and amd64 but disabled by default, it can be enabled at runtime with 'sysctl net.inet.flowtable.enable=1'. - Embedded users can remove it entirely from the kernel by adding 'nooption FLOWTABLE' to their kernel config files. - A minimal hookup will be added to ip_output in a subsequent commit. I would like to see more review before bringing in changes that require more churn.
* default to vr0/vr1 rather than sis, since the defaults should be for ALIX, ↵Chris Buechler2009-05-131-2/+2
| | | | not WRAP.
* Remove from cron.Ermal Lui2009-05-081-9/+0
* Catch up with the latest additions.Ermal Lui2009-05-071-16/+0
* Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel ↵Ermal Lui2009-03-161-1/+0
| | | | now.(yay!)
* Modify IPsec code to allow for transport mode. All existing configurations aremgrooms2009-03-151-1/+1
| | | | | marked as tunnel for backwards compatibility. There are problems with the spd read code which Will likely choke on transport entries. We can fix this later.
* Modify captive portal to use centralized user management. The user manager hasmgrooms2009-03-151-1/+1
| | | | been modified to include an account expiration option to support this service.
OpenPOWER on IntegriCloud