| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Fix associated nat rules.
Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together.
The API to use for this is in itemid.inc.
All the issues should be solved now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Multiple NAT rules can be assigned the same filter rule
-> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment
2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes)
-> Fixed, when a NAT rule's association is removed, the filter rule is deleted. Added a "create new associated filter rule" option to the
dropdown if there is none selected.
3) The destination IP and port of linked rules can be edited in firewall_rules_edit.php and shouldn't be. Source should be editable but not
destination, since that should strictly be tied to the NAT rule.
-> Fixed, you cannot edit the destination for the filter rules that are linked to NAT rules, this has been disabled both by JavaScript and
PHP.
4) If you edit the source in a linked firewall rule, it gets overwritten when you edit the NAT rule. The NAT rule should never touch the
firewall rule source after the rule exists.
-> Fixed, previously the old rule was deleted and a new one created, now it only updates the old rule and doesn't touch the source.
Also added crosslinking from the NAT rule to the filter rule and back, so you can jump to edit the filter rule from the NAT rule and
vice-versa.
|
|
|
|
| |
default to value 'default' Ticket #71
|
| |
|
| |
|
| |
|
|
|
|
| |
load time on RSPRO from 9+ seconds to 2.5
|
|
|
|
| |
from BillM
|
|
|
|
| |
This reverts commit b0d639a5e7880ee55c671cbabdb01cd0f1ae1b38.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Requested-by: rob iscool
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Import infrastructure for caching flows as a means of accelerating L3 and L2 lookups
as well as providing stateful load balancing when used with RADIX_MPATH.
- Currently compiled in to i386 and amd64 but disabled by default, it can be enabled at
runtime with 'sysctl net.inet.flowtable.enable=1'.
- Embedded users can remove it entirely from the kernel by adding 'nooption FLOWTABLE' to
their kernel config files.
- A minimal hookup will be added to ip_output in a subsequent commit. I would like to see
more review before bringing in changes that require more churn.
|
|
|
|
| |
not WRAP.
|
| |
|
| |
|
|
|
|
| |
now.(yay!)
|
|
|
|
|
| |
marked as tunnel for backwards compatibility. There are problems with the spd
read code which Will likely choke on transport entries. We can fix this later.
|
|
|
|
| |
been modified to include an account expiration option to support this service.
|
| |
|
| |
|
|
|
|
| |
add rrd tag to default enabled
|
| |
|
| |
|
| |
|
|
|
|
| |
text to make it more friendly to a new user.
|
|
|
|
|
|
|
| |
feature was confusing and offered little utility that I could see. If we
really need to provide serialized access to sections of the webui, IMO it
should be a global lock option and enabled or disabled manually and not a
privilege that is on all the time.
|
|
|
|
|
| |
While in globals.inc, remove the easyrsa path and do some whitespace
cleanup.
|
|
|
|
|
| |
wrecked Seths firewall on upgrade due to overwhelming amounts of icmp
packets.
|
|
|
|
|
| |
programatically enumerates the interfaces. Not sure if we need
upgrade code to move the interface order.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance
5) Cleaning up the related WebUI pages
|
|
|
|
| |
* Sync the all group which appears to be missing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.
I also took this opportunity to do some housekeeping. A lot of funtions
that were only being used in one place or not at all were removed. The
user page privelege checks were also simplified in preperation for future
work in this area.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ntp.org has graciously setup for pfSense.
|
| |
|
|
|
|
|
| |
Admnins commonly have to press this sequence to login to winderz boxen and
if you have a shared KVM you might accidently reboot your firewall.
|
|
|
|
| |
Discussed on pfSense-support@
|
|
|
|
|
| |
* Do not update on every minute on the 1st of the month
* Sleep for a random period before updating to avoid killing the server
|