Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Create a management subnet on a wan interface if the interface is DHCP. | Seth Mos | 2007-09-01 | 1 | -47/+79 |
| | | | | | | Create automatic nat rules for the management subnet. Make the automatic nat rules always use the interface address. Allow entry of these subnets on the interfaces page. | ||||
* | Negate local networks as well. It's required for proper operation after all | Seth Mos | 2007-08-22 | 1 | -0/+25 |
| | | | | MFC: Perhaps, fixes existing ticket with regards to load balancer rules | ||||
* | Static port the mobile ipsec port 4500 | Seth Mos | 2007-08-04 | 1 | -0/+20 |
| | |||||
* | Use $lanif for lan anti-lockout rule | Scott Ullrich | 2007-07-05 | 1 | -1/+1 |
| | |||||
* | Escape $lan correctly | Scott Ullrich | 2007-07-05 | 1 | -1/+1 |
| | |||||
* | Do not use $iface as source or destination as it may be a member of a bridge ↵ | Scott Ullrich | 2007-07-05 | 1 | -10/+10 |
| | | | | without an ip address and pfctl will complain. | ||||
* | Since we are matching traffic on incoming interface, do not link wan or lan ↵ | Scott Ullrich | 2007-07-05 | 1 | -4/+4 |
| | | | | to bridgeX | ||||
* | Only pass anti-lockout traffic on $lan | Scott Ullrich | 2007-07-05 | 1 | -1/+1 |
| | |||||
* | Supress debug logging | Seth Mos | 2007-07-04 | 1 | -8/+15 |
| | |||||
* | Cleanup IPSEC rules. We where blocking port = 500 UDP on CARP interfaces, ↵ | Scott Ullrich | 2007-07-01 | 1 | -6/+6 |
| | | | | for one. | ||||
* | Be more verbose on logging so that we can correctly deterimine protocol, ↵ | Scott Ullrich | 2007-07-01 | 1 | -2/+2 |
| | | | | etc. Ticket #1348 | ||||
* | unbreak policy routing rules network access to LAN IP Ticket #1320 | Scott Ullrich | 2007-06-30 | 1 | -1/+1 |
| | |||||
* | Do not antispoof on wan when it is bridged. Ticket #1352 | Scott Ullrich | 2007-06-30 | 1 | -3/+12 |
| | |||||
* | Move CARP and PFSYNC allow traffic before USER_RULES section. If a person ↵ | Scott Ullrich | 2007-06-29 | 1 | -2/+2 |
| | | | | has a restrictive ruleset then it is possible to disallow traffic. | ||||
* | Default to nat-reflection inactivity of 2000 which is roughtly 33 minutes. | Scott Ullrich | 2007-06-19 | 1 | -1/+1 |
| | |||||
* | Restore previous PPTP changes. | Scott Ullrich | 2007-06-04 | 1 | -5/+5 |
| | |||||
* | Do not check for disabled nat reflection before installing tftp helper. | Scott Ullrich | 2007-05-30 | 1 | -4/+4 |
| | |||||
* | NITPICK, line up tabs. | Scott Ullrich | 2007-05-30 | 1 | -1/+1 |
| | |||||
* | Fix minor variable mismatches. | Scott Ullrich | 2007-05-30 | 1 | -2/+2 |
| | |||||
* | Backport tftp proxy helper | Scott Ullrich | 2007-05-30 | 1 | -2/+16 |
| | |||||
* | Use keep state instead of modulate state | Scott Ullrich | 2007-05-29 | 1 | -1/+1 |
| | |||||
* | Initialize variable to false. | Scott Ullrich | 2007-05-29 | 1 | -0/+1 |
| | |||||
* | Really only allow adavanced tunables when some kind of state tracking is ↵ | Scott Ullrich | 2007-05-29 | 1 | -1/+2 |
| | | | | enabled. | ||||
* | Only allow adavanced tunables when some kind of state tracking is enabled. | Scott Ullrich | 2007-05-29 | 1 | -22/+23 |
| | |||||
* | Pass gre in any direction. | Scott Ullrich | 2007-05-29 | 1 | -5/+5 |
| | |||||
* | Update static routes on filter reload | Scott Ullrich | 2007-05-27 | 1 | -0/+2 |
| | | | | Ticket #1330 | ||||
* | Remove trailing space / cr | Scott Ullrich | 2007-05-27 | 1 | -1/+1 |
| | |||||
* | Scrub the absolute minimum amount for PPPoE | Scott Ullrich | 2007-05-11 | 1 | -0/+2 |
| | |||||
* | when pppoe aliases on pppoe server are made they make aliases for ng0 to ↵ | Scott Ullrich | 2007-05-11 | 1 | -2/+5 |
| | | | | whatever. but ng1 should be the start for pppoe-server ng0 should be reserved for pppoe client this problem could effect pptp server as well. Ticket #1308 | ||||
* | Honor sticky-address setting from system->advanced for outgoing load ↵ | Scott Ullrich | 2007-05-10 | 1 | -0/+2 |
| | | | | balancing items if it is enabled. | ||||
* | Trigger on right opt interface | Seth Mos | 2007-05-07 | 1 | -1/+1 |
| | |||||
* | get_interface_gateway() does not understand pppoe | Seth Mos | 2007-05-06 | 1 | -1/+1 |
| | |||||
* | Do not create nat on rules for opt interfaces with a gateway. | Seth Mos | 2007-05-05 | 1 | -2/+2 |
| | |||||
* | Install frickin pptp proxy rules correctly. | Scott Ullrich | 2007-05-02 | 1 | -4/+15 |
| | |||||
* | * add comments about scheduler logic * correct one case where the logic was ↵ | Scott Ullrich | 2007-04-30 | 1 | -4/+9 |
| | | | | not correct | ||||
* | Delete the 2nd and 3rd rules as well | Scott Ullrich | 2007-04-28 | 1 | -1/+3 |
| | |||||
* | Correctly delete old rules from TDR using set 9 | Scott Ullrich | 2007-04-28 | 1 | -1/+1 |
| | |||||
* | PPPoE server fixes | Scott Ullrich | 2007-04-27 | 1 | -1/+1 |
| | | | | Ticket #1283 | ||||
* | 3rd pass nat rules generation. Also process lan subnets with OPT gateway ↵ | Seth Mos | 2007-04-26 | 1 | -16/+17 |
| | | | | | | properly. MFC: Soon | ||||
* | Merge 2nd pass NAT rule generation. Take ipsec and voip into account. | Seth Mos | 2007-04-25 | 1 | -13/+50 |
| | | | | MFC: Soon? | ||||
* | Correctly map static routes. | Scott Ullrich | 2007-04-25 | 1 | -6/+38 |
| | | | | | | Work done by Seth Mos TODO: Port to -HEAD. | ||||
* | Detect when schedules are present and install non schedule rule correctly | Scott Ullrich | 2007-04-23 | 1 | -0/+7 |
| | |||||
* | Ensure that old time based rules get deleted during reload | Scott Ullrich | 2007-04-23 | 1 | -0/+1 |
| | |||||
* | Do not reload ipfw if it is already loaded. | Scott Ullrich | 2007-04-22 | 1 | -2/+5 |
| | |||||
* | If $config['system']['dummynetshaper'] is set then load ipfw and dummynet ↵ | Scott Ullrich | 2007-04-22 | 1 | -13/+19 |
| | | | | early on | ||||
* | Make the ordering of the IPFW time based rules exactly the same as PF so ↵ | Scott Ullrich | 2007-04-22 | 1 | -0/+6 |
| | | | | there are no strange "gotchas" or "caveats" that the user would have to abide by. | ||||
* | Handle dhclient case on optX interfaces and map nat correctly. | Scott Ullrich | 2007-04-22 | 1 | -1/+1 |
| | |||||
* | Correctly setup nat interface mappings when AON is disabled and a gateway is ↵ | Scott Ullrich | 2007-04-22 | 1 | -1/+1 |
| | | | | present. Ticket #1289 | ||||
* | Use skipto type ipfw rules so that the pass type rules will not bail out of ↵ | Scott Ullrich | 2007-04-21 | 1 | -1/+5 |
| | | | | the ipfw ruleset and keep processing at the next rule. | ||||
* | We should anti spoof on the wan interface as well. | Scott Ullrich | 2007-04-21 | 1 | -0/+1 |
| |