summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
Commit message (Expand)AuthorAgeFilesLines
* Protect from cases when the ipv4 might be missing on the interface for any re...Ermal2013-02-051-5/+9
* Correct setting protocol for generated rulesErmal2013-02-051-0/+12
* Fixes #2598. In case the rule is both for v4 and v6 generate 2 rules for each...Ermal2013-02-051-46/+48
* Merge pull request #371 from bcyrill/patch-18rbgarga2013-02-041-1/+3
|\
| * Kill filterdns when not being usedbcyrill2013-02-021-1/+3
* | Make not LAN address etc rules workPhil Davis2013-02-041-0/+4
|/
* Use the better -Fs modifies to pf to kill the states by interface. Also kill ...Ermal2013-01-311-1/+1
* Create link_interface_to_track6 to make code more readble and easily trackble...Ermal2013-01-311-48/+40
* Put more checks hereErmal2013-01-301-2/+11
* Ticket #2412. Also allow ipv6 traffic to flow on the stf interfaceErmal2013-01-301-0/+4
* Ticket #2412 6to4 can come from any source. Also tighten rule that reply come...Ermal2013-01-301-2/+2
* pfctl -b is gone just use std tools of pfctlErmal2013-01-301-11/+6
* Use correct key. Be more strict while checking by suing v4 version for ipv4. ...Ermal2013-01-291-4/+4
* Use pfSense function where possible and rename stf0 to interface_stf to allow...Ermal2013-01-291-3/+3
* Move the definition of negate_networks/vpn_networks to its place and re-inclu...Ermal2013-01-281-14/+29
* Put outgoing policy routes even for the vips to correct sourced traffic from ...Ermal2013-01-251-2/+35
* Correct error/alert displaying. Also remove redundant log_errror since file_n...Ermal2013-01-211-7/+6
* Just the first line is interesting hereErmal2013-01-211-1/+1
* Unset some vars to free space and also gather the error from pfctl since the ...Ermal2013-01-211-20/+11
* Merge git pull request 313 from bcyrill with some modificationsErmal2013-01-161-0/+7
* Set adaptive.start/adaptive.end to disabled. Also allow them to be customized...Ermal2013-01-131-0/+5
* Use get_parent_interface() instead of doing it manuallyRenato Botelho2013-01-091-4/+4
* Add physical interface alias for pptp interfaces. It should fix #2663Renato Botelho2013-01-091-1/+10
* Fix outbound NAT rules when interface is deleted:Renato Botelho2013-01-051-8/+4
* Pass -S to tcpdump to avoid an increase in memory consumption over time.jim-p2013-01-031-2/+2
* Move to varrun_path for consistencyErmal2013-01-031-4/+4
* Tell filterdns to reload the config rather than restart if its runningErmal2013-01-021-6/+10
* Use file_put_contents for simplicity and concistencyErmal2012-12-281-5/+1
* Merge pull request #262 from PiBa-NL/cleanupJim P2012-12-051-2/+4
|\
| * code cleanup, and extra newline for message and rule generationPiBa-NL2012-11-181-2/+4
* | Resolves #2529. Load the ipfw module before any commands are executed on CP. ...Ermal2012-11-221-25/+0
* | Add correct rules for IPv6 tunnel endpoints which differ from the default route.smos2012-11-191-23/+31
* | Do not return here, else we end without any IPsec endoint rules if just one f...smos2012-11-191-2/+4
* | Add missing $Ermal2012-11-191-1/+1
* | Correct check to required functionErmal2012-11-191-1/+1
* | Merge pull request #259 from PiBa-NL/ipsecNATErmal Luçi2012-11-191-1/+5
|\ \
| * | ipsec binat rule not possible if using a subnet together with a single ip so ...PiBa-NL2012-11-181-1/+5
| |/
* | Aiming at IPv6 compatibility, do the same tricks on the pfil reorder as for v...Ermal2012-11-171-8/+3
|/
* Only openvpn networks need to stay on negate tableErmal2012-11-161-24/+5
* While here check if the function needed exists to avoid a require_once call. ...Ermal2012-11-151-4/+8
* For destination tolerate a 0.0.0.0/0 and convert it to anyErmal2012-11-151-1/+3
* Correct the destination for the binat to the real destinationErmal2012-11-151-1/+6
* Tune the binat a bit so it does not affect all traffic on enc but just for th...Ermal2012-11-151-1/+1
* Add ipsec/* anchor for radius dynamic rulesErmal2012-11-141-0/+2
* Remove carp nat rule auto generated since those are only applied on LAN(inter...Ermal2012-11-081-38/+0
* Do not generate carp NAT rules when in BACKUP/INIT modeErmal2012-11-081-1/+1
* revert change to if-bound states since this seems to have broken all kinds of...Chris Buechler2012-11-051-1/+1
* Add missing line ending to fix pf syntax error.Erik Fonnesbeck2012-10-311-1/+1
* Use if-bound states for better featuresErmal2012-10-311-1/+1
* Revert "Revert "Do not put the prefix len on the src ip""Ermal2012-10-311-1/+1
OpenPOWER on IntegriCloud