Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add the default value for the new tunable debug.pfftpproxy to 0. It allows ↵ | Ermal | 2011-01-17 | 1 | -0/+5 |
| | | | | to disable the pfftpproxy. Also add it to the default config.xml though no upgrade code should be needed since people can create this from the gui and hopefully do not need to know about this anyway. | ||||
* | Update config.xml to a more recent version, include a cron job for URL table ↵ | jim-p | 2011-01-10 | 1 | -96/+49 |
| | | | | aliases updates. | ||||
* | Add sysctl for maximum socket buffer sizing. Set to 42621444. This is ↵ | Scott Ullrich | 2011-01-04 | 1 | -0/+5 |
| | | | | needed for some heavily loaded servers running unbound, squid, etc | ||||
* | Remove bce item it is loader.conf only per jimp | Scott Ullrich | 2010-11-21 | 1 | -5/+0 |
| | |||||
* | Add missing </item> | Scott Ullrich | 2010-11-20 | 1 | -0/+1 |
| | |||||
* | oops, typo | Scott Ullrich | 2010-11-20 | 1 | -1/+1 |
| | |||||
* | Increase vfs.read_max to 32. See ↵ | Scott Ullrich | 2010-11-20 | 1 | -0/+4 |
| | | | | http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html .. This can help dramatically if using Squid or any other packae that does a lot of hard disk reads. | ||||
* | Convert fullname field on users to descr, so it gains CDATA protection. | jim-p | 2010-10-19 | 1 | -1/+1 |
| | |||||
* | desc to descr in Load Balancer config, so they gain CDATA protection and ↵ | jim-p | 2010-10-19 | 1 | -5/+5 |
| | | | | standardize field names. Ticket #320. | ||||
* | Change the description field on sysctl tunables to be 'descr' and not 'desc' ↵ | jim-p | 2010-10-19 | 1 | -26/+26 |
| | | | | so they will gain CDATA protection. Ticket #320 | ||||
* | Upgrade code for pppoe. | Ermal | 2010-09-02 | 1 | -1/+1 |
| | |||||
* | Disable TSO and LRO in the default config. | jim-p | 2010-08-04 | 1 | -0/+2 |
| | |||||
* | Remove these from the default config. They moved into other sections and do ↵ | jim-p | 2010-08-03 | 1 | -20/+0 |
| | | | | not need to exist by default. | ||||
* | Fix variable name for consistency. | jim-p | 2010-07-27 | 1 | -1/+1 |
| | |||||
* | Remove associated rule-id from default config they confuse rule edit page. | Ermal | 2010-04-13 | 1 | -2/+0 |
| | |||||
* | Remove bandwidth tags from default config they are not used. | Ermal | 2010-04-12 | 1 | -4/+0 |
| | |||||
* | Don't use "local" as a domain. It breaks DNS resolution for hosts running mDNS. | gnhb | 2010-04-06 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | The "local" search domain signifies to local hosts that are running mDNS (bonjour or avahi) that mDNS is to be used to look up local hosts instead of doing a normal DNS query to the server listed in /etc/resolv.conf on the local host. Also, hosts running bonjour or avahi can not ping or reach *any* other host by name if it is not running some mDNS implementation. Essentially, if DHCP tells the local host that it's search domain is "local" then hosts running mDNS will not query the pfsense DNS server for any local lan DNS lookups. See here on apple's website: http://support.apple.com/kb/TA20999?viewlocale=en_US Quote from above link: "To indicate that the name should be looked up using local multicast instead of a standard DNS query, all Bonjour host names end with the extension ".local." | ||||
* | Fix whitespace. | Erik Fonnesbeck | 2010-03-26 | 1 | -7/+7 |
| | |||||
* | Enable WAN and LAN in the default configuration. | Erik Fonnesbeck | 2010-03-26 | 1 | -0/+2 |
| | |||||
* | Make lan/wan behave as all other interfaces. | Ermal | 2010-03-27 | 1 | -1/+1 |
| | |||||
* | ping_hosts.sh is no more in /etc. Remove some unneeded lines. | Ermal Luçi | 2010-02-03 | 1 | -9/+0 |
| | |||||
* | Ticket #136. | Ermal Luçi | 2010-01-26 | 1 | -3/+3 |
| | | | | | | | | Fix associated nat rules. Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together. The API to use for this is in itemid.inc. All the issues should be solved now. | ||||
* | Add patch from lietu (Janne Enberg). Ticket #136 | pierrepomes | 2009-12-12 | 1 | -0/+1 |
| | | | | | | | | | | | | | | | | | | | | | 1) Multiple NAT rules can be assigned the same filter rule -> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment 2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes) -> Fixed, when a NAT rule's association is removed, the filter rule is deleted. Added a "create new associated filter rule" option to the dropdown if there is none selected. 3) The destination IP and port of linked rules can be edited in firewall_rules_edit.php and shouldn't be. Source should be editable but not destination, since that should strictly be tied to the NAT rule. -> Fixed, you cannot edit the destination for the filter rules that are linked to NAT rules, this has been disabled both by JavaScript and PHP. 4) If you edit the source in a linked firewall rule, it gets overwritten when you edit the NAT rule. The NAT rule should never touch the firewall rule source after the rule exists. -> Fixed, previously the old rule was deleted and a new one created, now it only updates the old rule and doesn't touch the source. Also added crosslinking from the NAT rule to the filter rule and back, so you can jump to edit the filter rule from the NAT rule and vice-versa. | ||||
* | Add lookup table for sysctl tunable (sysctl.inc). Make config.xml values ↵ | sullrich | 2009-12-06 | 1 | -26/+26 |
| | | | | default to value 'default' Ticket #71 | ||||
* | Minor formatting change | sullrich | 2009-12-03 | 1 | -1/+1 |
| | |||||
* | Set default protocol to HTTPS. Somehow this commit did not make it last time | sullrich | 2009-12-03 | 1 | -1/+1 |
| | |||||
* | Make the default HTTPS. Ticket #63 | sullrich | 2009-12-02 | 1 | -8/+0 |
| | |||||
* | Default to only system information and interfaces widgets. This reduces ↵ | Scott Ullrich | 2009-11-21 | 1 | -0/+3 |
| | | | | load time on RSPRO from 9+ seconds to 2.5 | ||||
* | Add default load balancing monitor types for ICMP, TCP, HTTP, HTTPS and SMTP ↵ | Scott Ullrich | 2009-11-02 | 1 | -0/+45 |
| | | | | from BillM | ||||
* | Revert "add crontab entries for snort auto block and snort update" | Scott Ullrich | 2009-09-09 | 1 | -18/+0 |
| | | | | This reverts commit b0d639a5e7880ee55c671cbabdb01cd0f1ae1b38. | ||||
* | add crontab entries for snort auto block and snort update | robiscool | 2009-09-09 | 1 | -0/+18 |
| | |||||
* | Added support for automatically managing firewall rules with NAT rules. | unknown | 2009-08-14 | 1 | -0/+2 |
| | |||||
* | Turn off flowtables by default | Scott Ullrich | 2009-07-13 | 1 | -1/+0 |
| | |||||
* | Enable flow table support by default for new installations | Scott Ullrich | 2009-07-12 | 1 | -0/+1 |
| | |||||
* | Add enable/disable option for flow table support... Remove configuration option. | Scott Ullrich | 2009-07-12 | 1 | -5/+0 |
| | |||||
* | Make pfSense_ng the new default theme | hoba | 2009-06-26 | 1 | -1/+1 |
| | |||||
* | Nuke snort2c | Scott Ullrich | 2009-06-11 | 1 | -10/+1 |
| | | | | Requested-by: rob iscool | ||||
* | Add L2 L3 Cache lookup by default. | Scott Ullrich | 2009-06-09 | 1 | -1/+6 |
| | | | | | | | | | | | | | - Import infrastructure for caching flows as a means of accelerating L3 and L2 lookups as well as providing stateful load balancing when used with RADIX_MPATH. - Currently compiled in to i386 and amd64 but disabled by default, it can be enabled at runtime with 'sysctl net.inet.flowtable.enable=1'. - Embedded users can remove it entirely from the kernel by adding 'nooption FLOWTABLE' to their kernel config files. - A minimal hookup will be added to ip_output in a subsequent commit. I would like to see more review before bringing in changes that require more churn. | ||||
* | default to vr0/vr1 rather than sis, since the defaults should be for ALIX, ↵ | Chris Buechler | 2009-05-13 | 1 | -2/+2 |
| | | | | not WRAP. | ||||
* | Remove reset_slbd.sh from cron. | Ermal Luçi | 2009-05-08 | 1 | -9/+0 |
| | |||||
* | Catch up with the latest additions. | Ermal Luçi | 2009-05-07 | 1 | -16/+0 |
| | |||||
* | Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel ↵ | Ermal Luçi | 2009-03-16 | 1 | -1/+0 |
| | | | | now.(yay!) | ||||
* | Modify IPsec code to allow for transport mode. All existing configurations are | mgrooms | 2009-03-15 | 1 | -1/+1 |
| | | | | | marked as tunnel for backwards compatibility. There are problems with the spd read code which Will likely choke on transport entries. We can fix this later. | ||||
* | Modify captive portal to use centralized user management. The user manager has | mgrooms | 2009-03-15 | 1 | -1/+1 |
| | | | | been modified to include an account expiration option to support this service. | ||||
* | Correct the configuration file IPsec certificate upgrade process. | mgrooms | 2009-03-12 | 1 | -2/+2 |
| | |||||
* | Use nice -n20 for common launched items | Scott Ullrich | 2009-03-11 | 1 | -4/+4 |
| | |||||
* | Update config.xml to 5.5 to prevent RRD database updates from triggering. | Seth Mos | 2008-12-23 | 1 | -1/+4 |
| | | | | add rrd tag to default enabled | ||||
* | change default to enable block bogons | Chris Buechler | 2008-11-30 | 1 | -0/+1 |
| | |||||
* | Add TCP TSO = 0 sysctl | Scott Ullrich | 2008-11-04 | 1 | -0/+10 |
| | |||||
* | Change default icmplim to 750. | Scott Ullrich | 2008-10-25 | 1 | -1/+1 |
| |