summaryrefslogtreecommitdiffstats
path: root/conf.default
Commit message (Collapse)AuthorAgeFilesLines
* Ticket #136.Ermal Luçi2010-01-261-3/+3
| | | | | | | | Fix associated nat rules. Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together. The API to use for this is in itemid.inc. All the issues should be solved now.
* Add patch from lietu (Janne Enberg). Ticket #136pierrepomes2009-12-121-0/+1
| | | | | | | | | | | | | | | | | | | | | 1) Multiple NAT rules can be assigned the same filter rule -> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment 2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes) -> Fixed, when a NAT rule's association is removed, the filter rule is deleted. Added a "create new associated filter rule" option to the dropdown if there is none selected. 3) The destination IP and port of linked rules can be edited in firewall_rules_edit.php and shouldn't be. Source should be editable but not destination, since that should strictly be tied to the NAT rule. -> Fixed, you cannot edit the destination for the filter rules that are linked to NAT rules, this has been disabled both by JavaScript and PHP. 4) If you edit the source in a linked firewall rule, it gets overwritten when you edit the NAT rule. The NAT rule should never touch the firewall rule source after the rule exists. -> Fixed, previously the old rule was deleted and a new one created, now it only updates the old rule and doesn't touch the source. Also added crosslinking from the NAT rule to the filter rule and back, so you can jump to edit the filter rule from the NAT rule and vice-versa.
* Add lookup table for sysctl tunable (sysctl.inc). Make config.xml values ↵sullrich2009-12-061-26/+26
| | | | default to value 'default' Ticket #71
* Minor formatting changesullrich2009-12-031-1/+1
|
* Set default protocol to HTTPS. Somehow this commit did not make it last timesullrich2009-12-031-1/+1
|
* Make the default HTTPS. Ticket #63sullrich2009-12-021-8/+0
|
* Default to only system information and interfaces widgets. This reduces ↵Scott Ullrich2009-11-211-0/+3
| | | | load time on RSPRO from 9+ seconds to 2.5
* Add default load balancing monitor types for ICMP, TCP, HTTP, HTTPS and SMTP ↵Scott Ullrich2009-11-021-0/+45
| | | | from BillM
* Revert "add crontab entries for snort auto block and snort update"Scott Ullrich2009-09-091-18/+0
| | | | This reverts commit b0d639a5e7880ee55c671cbabdb01cd0f1ae1b38.
* add crontab entries for snort auto block and snort updaterobiscool2009-09-091-0/+18
|
* Added support for automatically managing firewall rules with NAT rules.unknown2009-08-141-0/+2
|
* Turn off flowtables by defaultScott Ullrich2009-07-131-1/+0
|
* Enable flow table support by default for new installationsScott Ullrich2009-07-121-0/+1
|
* Add enable/disable option for flow table support... Remove configuration option.Scott Ullrich2009-07-121-5/+0
|
* Make pfSense_ng the new default themehoba2009-06-261-1/+1
|
* Nuke snort2cScott Ullrich2009-06-111-10/+1
| | | | Requested-by: rob iscool
* Add L2 L3 Cache lookup by default.Scott Ullrich2009-06-091-1/+6
| | | | | | | | | | | | | - Import infrastructure for caching flows as a means of accelerating L3 and L2 lookups as well as providing stateful load balancing when used with RADIX_MPATH. - Currently compiled in to i386 and amd64 but disabled by default, it can be enabled at runtime with 'sysctl net.inet.flowtable.enable=1'. - Embedded users can remove it entirely from the kernel by adding 'nooption FLOWTABLE' to their kernel config files. - A minimal hookup will be added to ip_output in a subsequent commit. I would like to see more review before bringing in changes that require more churn.
* default to vr0/vr1 rather than sis, since the defaults should be for ALIX, ↵Chris Buechler2009-05-131-2/+2
| | | | not WRAP.
* Remove reset_slbd.sh from cron.Ermal Luçi2009-05-081-9/+0
|
* Catch up with the latest additions.Ermal Luçi2009-05-071-16/+0
|
* Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel ↵Ermal Luçi2009-03-161-1/+0
| | | | now.(yay!)
* Modify IPsec code to allow for transport mode. All existing configurations aremgrooms2009-03-151-1/+1
| | | | | marked as tunnel for backwards compatibility. There are problems with the spd read code which Will likely choke on transport entries. We can fix this later.
* Modify captive portal to use centralized user management. The user manager hasmgrooms2009-03-151-1/+1
| | | | been modified to include an account expiration option to support this service.
* Correct the configuration file IPsec certificate upgrade process.mgrooms2009-03-121-2/+2
|
* Use nice -n20 for common launched itemsScott Ullrich2009-03-111-4/+4
|
* Update config.xml to 5.5 to prevent RRD database updates from triggering.Seth Mos2008-12-231-1/+4
| | | | add rrd tag to default enabled
* change default to enable block bogonsChris Buechler2008-11-301-0/+1
|
* Add TCP TSO = 0 sysctlScott Ullrich2008-11-041-0/+10
|
* Change default icmplim to 750.Scott Ullrich2008-10-251-1/+1
|
* Revise default allow all to any rule text. Remove > and attempt to cleanupScott Ullrich2008-09-101-1/+1
| | | | text to make it more friendly to a new user.
* Remove the page locking privileges after discussion with Scott on IRC. TheMatthew Grooms2008-09-031-2/+0
| | | | | | | feature was confusing and offered little utility that I could see. If we really need to provide serialized access to sections of the webui, IMO it should be a global lock option and enabled or disabled manually and not a privilege that is on all the time.
* Modify all the default configuration files to ensure the versions match.Matthew Grooms2008-09-021-1/+1
| | | | | While in globals.inc, remove the easyrsa path and do some whitespace cleanup.
* Set net.inet.icmp.icmplim to 500. Apparently the low setting of 200Scott Ullrich2008-09-011-10/+15
| | | | | wrecked Seths firewall on upgrade due to overwhelming amounts of icmp packets.
* Move WAN interface to appear first now that the interface codeScott Ullrich2008-08-301-14/+14
| | | | | programatically enumerates the interfaces. Not sure if we need upgrade code to move the interface order.
* Disable extended TCP debugging.Scott Ullrich2008-08-111-0/+5
|
* Epose if_bridge(4) sysctl members.Ermal Luçi2008-08-051-0/+10
|
* Rewrite the pfsense privilege system with the following goals in mind ...Matthew Grooms2008-08-011-23/+7
| | | | | | | | 1) Redefine page privileges to not use static urls 2) Accurate generation of privilege definitions from source 3) Merging the user and group privileges into a single set 4) Allow any privilege to be added to users or groups w/ inheritance 5) Cleaning up the related WebUI pages
* * Switch XML tag from </pages> to <pages/>Scott Ullrich2008-07-301-1/+1
| | | | * Sync the all group which appears to be missing
* latest config.xml version is 4.9Scott Ullrich2008-07-281-1/+1
|
* Rewrite portions of the user manager to ensure data is properly synced toMatthew Grooms2008-07-251-4/+10
| | | | | | | | | | | the system password and group databases. This is to provide better support for centralized user management when local account administration is preferred. I also took this opportunity to do some housekeeping. A lot of funtions that were only being used in one place or not at all were removed. The user page privelege checks were also simplified in preperation for future work in this area.
* Add TCP InflightScott Ullrich2008-07-191-0/+5
|
* re-enable the sending of ICMP redirects by defaultChris Buechler2008-06-141-4/+4
|
* Remove unused tag.Scott Ullrich2008-03-101-2/+0
|
* Unbreak package managerScott Ullrich2008-03-101-2/+0
|
* Add missing bits from HEAD.Scott Ullrich2008-02-201-0/+38
|
* Switch over to the newly provisioned 0.pfsense.pool.ntp.org whichScott Ullrich2008-02-181-1/+1
| | | | ntp.org has graciously setup for pfSense.
* Really disable CTRL+ALT+DELETE.Scott Ullrich2008-02-021-1/+1
|
* Disable CTRL+ALT+DELETE reboot sequence on keyboard.Scott Ullrich2008-02-021-0/+5
| | | | | Admnins commonly have to press this sequence to login to winderz boxen and if you have a shared KVM you might accidently reboot your firewall.
* Move update bogons script to 3am.Scott Ullrich2007-11-281-1/+1
| | | | Discussed on pfSense-support@
* * Download bogons entries from pfsense.comScott Ullrich2007-11-271-1/+1
| | | | | * Do not update on every minute on the 1st of the month * Sleep for a random period before updating to avoid killing the server
OpenPOWER on IntegriCloud