summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
Commit message (Collapse)AuthorAgeFilesLines
* Create a management subnet on a wan interface if the interface is DHCP.Seth Mos2007-09-011-47/+79
| | | | | | Create automatic nat rules for the management subnet. Make the automatic nat rules always use the interface address. Allow entry of these subnets on the interfaces page.
* Negate local networks as well. It's required for proper operation after allSeth Mos2007-08-221-0/+25
| | | | MFC: Perhaps, fixes existing ticket with regards to load balancer rules
* Static port the mobile ipsec port 4500Seth Mos2007-08-041-0/+20
|
* Use $lanif for lan anti-lockout ruleScott Ullrich2007-07-051-1/+1
|
* Escape $lan correctlyScott Ullrich2007-07-051-1/+1
|
* Do not use $iface as source or destination as it may be a member of a bridge ↵Scott Ullrich2007-07-051-10/+10
| | | | without an ip address and pfctl will complain.
* Since we are matching traffic on incoming interface, do not link wan or lan ↵Scott Ullrich2007-07-051-4/+4
| | | | to bridgeX
* Only pass anti-lockout traffic on $lanScott Ullrich2007-07-051-1/+1
|
* Supress debug loggingSeth Mos2007-07-041-8/+15
|
* Cleanup IPSEC rules. We where blocking port = 500 UDP on CARP interfaces, ↵Scott Ullrich2007-07-011-6/+6
| | | | for one.
* Be more verbose on logging so that we can correctly deterimine protocol, ↵Scott Ullrich2007-07-011-2/+2
| | | | etc. Ticket #1348
* unbreak policy routing rules network access to LAN IP Ticket #1320Scott Ullrich2007-06-301-1/+1
|
* Do not antispoof on wan when it is bridged. Ticket #1352Scott Ullrich2007-06-301-3/+12
|
* Move CARP and PFSYNC allow traffic before USER_RULES section. If a person ↵Scott Ullrich2007-06-291-2/+2
| | | | has a restrictive ruleset then it is possible to disallow traffic.
* Default to nat-reflection inactivity of 2000 which is roughtly 33 minutes.Scott Ullrich2007-06-191-1/+1
|
* Restore previous PPTP changes.Scott Ullrich2007-06-041-5/+5
|
* Do not check for disabled nat reflection before installing tftp helper.Scott Ullrich2007-05-301-4/+4
|
* NITPICK, line up tabs.Scott Ullrich2007-05-301-1/+1
|
* Fix minor variable mismatches.Scott Ullrich2007-05-301-2/+2
|
* Backport tftp proxy helperScott Ullrich2007-05-301-2/+16
|
* Use keep state instead of modulate stateScott Ullrich2007-05-291-1/+1
|
* Initialize variable to false.Scott Ullrich2007-05-291-0/+1
|
* Really only allow adavanced tunables when some kind of state tracking is ↵Scott Ullrich2007-05-291-1/+2
| | | | enabled.
* Only allow adavanced tunables when some kind of state tracking is enabled.Scott Ullrich2007-05-291-22/+23
|
* Pass gre in any direction.Scott Ullrich2007-05-291-5/+5
|
* Update static routes on filter reloadScott Ullrich2007-05-271-0/+2
| | | | Ticket #1330
* Remove trailing space / crScott Ullrich2007-05-271-1/+1
|
* Scrub the absolute minimum amount for PPPoEScott Ullrich2007-05-111-0/+2
|
* when pppoe aliases on pppoe server are made they make aliases for ng0 to ↵Scott Ullrich2007-05-111-2/+5
| | | | whatever. but ng1 should be the start for pppoe-server ng0 should be reserved for pppoe client this problem could effect pptp server as well. Ticket #1308
* Honor sticky-address setting from system->advanced for outgoing load ↵Scott Ullrich2007-05-101-0/+2
| | | | balancing items if it is enabled.
* Trigger on right opt interfaceSeth Mos2007-05-071-1/+1
|
* get_interface_gateway() does not understand pppoeSeth Mos2007-05-061-1/+1
|
* Do not create nat on rules for opt interfaces with a gateway.Seth Mos2007-05-051-2/+2
|
* Install frickin pptp proxy rules correctly.Scott Ullrich2007-05-021-4/+15
|
* * add comments about scheduler logic * correct one case where the logic was ↵Scott Ullrich2007-04-301-4/+9
| | | | not correct
* Delete the 2nd and 3rd rules as wellScott Ullrich2007-04-281-1/+3
|
* Correctly delete old rules from TDR using set 9Scott Ullrich2007-04-281-1/+1
|
* PPPoE server fixesScott Ullrich2007-04-271-1/+1
| | | | Ticket #1283
* 3rd pass nat rules generation. Also process lan subnets with OPT gateway ↵Seth Mos2007-04-261-16/+17
| | | | | | properly. MFC: Soon
* Merge 2nd pass NAT rule generation. Take ipsec and voip into account.Seth Mos2007-04-251-13/+50
| | | | MFC: Soon?
* Correctly map static routes.Scott Ullrich2007-04-251-6/+38
| | | | | | Work done by Seth Mos TODO: Port to -HEAD.
* Detect when schedules are present and install non schedule rule correctlyScott Ullrich2007-04-231-0/+7
|
* Ensure that old time based rules get deleted during reloadScott Ullrich2007-04-231-0/+1
|
* Do not reload ipfw if it is already loaded.Scott Ullrich2007-04-221-2/+5
|
* If $config['system']['dummynetshaper'] is set then load ipfw and dummynet ↵Scott Ullrich2007-04-221-13/+19
| | | | early on
* Make the ordering of the IPFW time based rules exactly the same as PF so ↵Scott Ullrich2007-04-221-0/+6
| | | | there are no strange "gotchas" or "caveats" that the user would have to abide by.
* Handle dhclient case on optX interfaces and map nat correctly.Scott Ullrich2007-04-221-1/+1
|
* Correctly setup nat interface mappings when AON is disabled and a gateway is ↵Scott Ullrich2007-04-221-1/+1
| | | | present. Ticket #1289
* Use skipto type ipfw rules so that the pass type rules will not bail out of ↵Scott Ullrich2007-04-211-1/+5
| | | | the ipfw ruleset and keep processing at the next rule.
* We should anti spoof on the wan interface as well.Scott Ullrich2007-04-211-0/+1
|
OpenPOWER on IntegriCloud