| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html .. This can help dramatically if using Squid or any other packae that does a lot of hard disk reads.
|
| |
|
|
|
|
| |
standardize field names. Ticket #320.
|
|
|
|
| |
so they will gain CDATA protection. Ticket #320
|
| |
|
| |
|
|
|
|
| |
not need to exist by default.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "local" search domain signifies to local hosts that are running
mDNS (bonjour or avahi) that mDNS is to be used to look up local hosts
instead of doing a normal DNS query to the server listed in
/etc/resolv.conf on the local host.
Also, hosts running bonjour or avahi can not ping or reach *any* other
host by name if it is not running some mDNS implementation.
Essentially, if DHCP tells the local host that it's search domain is
"local" then hosts running mDNS will not query the pfsense DNS server
for any local lan DNS lookups.
See here on apple's website:
http://support.apple.com/kb/TA20999?viewlocale=en_US
Quote from above link:
"To indicate that the name should be looked up using local multicast
instead of a standard DNS query, all Bonjour host names end with the
extension ".local."
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Fix associated nat rules.
Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together.
The API to use for this is in itemid.inc.
All the issues should be solved now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Multiple NAT rules can be assigned the same filter rule
-> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment
2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes)
-> Fixed, when a NAT rule's association is removed, the filter rule is deleted. Added a "create new associated filter rule" option to the
dropdown if there is none selected.
3) The destination IP and port of linked rules can be edited in firewall_rules_edit.php and shouldn't be. Source should be editable but not
destination, since that should strictly be tied to the NAT rule.
-> Fixed, you cannot edit the destination for the filter rules that are linked to NAT rules, this has been disabled both by JavaScript and
PHP.
4) If you edit the source in a linked firewall rule, it gets overwritten when you edit the NAT rule. The NAT rule should never touch the
firewall rule source after the rule exists.
-> Fixed, previously the old rule was deleted and a new one created, now it only updates the old rule and doesn't touch the source.
Also added crosslinking from the NAT rule to the filter rule and back, so you can jump to edit the filter rule from the NAT rule and
vice-versa.
|
|
|
|
| |
default to value 'default' Ticket #71
|
| |
|
| |
|
| |
|
|
|
|
| |
load time on RSPRO from 9+ seconds to 2.5
|
|
|
|
| |
from BillM
|
|
|
|
| |
This reverts commit b0d639a5e7880ee55c671cbabdb01cd0f1ae1b38.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Requested-by: rob iscool
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Import infrastructure for caching flows as a means of accelerating L3 and L2 lookups
as well as providing stateful load balancing when used with RADIX_MPATH.
- Currently compiled in to i386 and amd64 but disabled by default, it can be enabled at
runtime with 'sysctl net.inet.flowtable.enable=1'.
- Embedded users can remove it entirely from the kernel by adding 'nooption FLOWTABLE' to
their kernel config files.
- A minimal hookup will be added to ip_output in a subsequent commit. I would like to see
more review before bringing in changes that require more churn.
|
|
|
|
| |
not WRAP.
|
| |
|
| |
|
|
|
|
| |
now.(yay!)
|
|
|
|
|
| |
marked as tunnel for backwards compatibility. There are problems with the spd
read code which Will likely choke on transport entries. We can fix this later.
|
|
|
|
| |
been modified to include an account expiration option to support this service.
|
| |
|
| |
|
|
|
|
| |
add rrd tag to default enabled
|
| |
|
| |
|
| |
|
|
|
|
| |
text to make it more friendly to a new user.
|
|
|
|
|
|
|
| |
feature was confusing and offered little utility that I could see. If we
really need to provide serialized access to sections of the webui, IMO it
should be a global lock option and enabled or disabled manually and not a
privilege that is on all the time.
|
|
|
|
|
| |
While in globals.inc, remove the easyrsa path and do some whitespace
cleanup.
|
|
|
|
|
| |
wrecked Seths firewall on upgrade due to overwhelming amounts of icmp
packets.
|
|
|
|
|
| |
programatically enumerates the interfaces. Not sure if we need
upgrade code to move the interface order.
|