| Commit message (Expand) | Author | Age | Files | Lines |
* | Do not start filterdns during boot until a proper fix is done. Ticket #4296 | Renato Botelho | 2015-03-12 | 1 | -18/+20 |
* | White space in filter.inc | Phil Davis | 2015-03-12 | 1 | -44/+44 |
* | add granular control of state timeouts. Ticket #4509 | Chris Buechler | 2015-03-11 | 1 | -1/+50 |
* | Leave adaptive.start and end at their defaults (60% and 120% of the state lim... | Chris Buechler | 2015-03-11 | 1 | -2/+0 |
* | Skip any numeric-only aliases in the ruleset to prevent errors from those | Chris Buechler | 2015-03-04 | 1 | -0/+5 |
* | remove unused legacy code | Chris Buechler | 2015-02-26 | 1 | -6/+0 |
* | DHCPv6 client rules MUST come before bogons. Add a comment that hopefully | Chris Buechler | 2015-02-11 | 1 | -14/+14 |
* | remove CGN from "Block private networks" as it was in 2.0x and earlier | Chris Buechler | 2015-02-05 | 1 | -1/+0 |
* | Fixes #4381 this was a leftover of the change of zoneids to start from 2. | Ermal LUÇI | 2015-02-05 | 1 | -2/+2 |
* | Fixes #4274 same fix as #4302 enclose in double quotes to tell yacc this is a... | Ermal LUÇI | 2015-01-28 | 1 | -2/+6 |
* | Apparently yacc became more strict in FreeBSD 10. Fixes #4302 | Ermal LUÇI | 2015-01-28 | 1 | -8/+9 |
* | Add tracker and label to IPv4 Link-Local block rules. | jim-p | 2015-01-09 | 1 | -2/+2 |
* | Catch packets on all iunterfaces and send them out the correct one. Fixes #4174 | Ermal LUÇI | 2015-01-08 | 1 | -4/+4 |
* | This is not the place for this setting and werid its here! | Ermal LUÇI | 2015-01-08 | 1 | -6/+0 |
* | Don't hard code the target IP in auto-generated outbound NAT rules, use | Chris Buechler | 2015-01-07 | 1 | -2/+2 |
* | Enforce subnet check here to avoid any issues resulting from function call. | Ermal LUÇI | 2015-01-06 | 1 | -1/+1 |
* | Allow IPv6 on loopback needs quick | Phil Davis | 2015-01-05 | 1 | -2/+2 |
* | Use binat, not nat, where IPsec NAT is configured with an address for local a... | Chris Buechler | 2014-12-31 | 1 | -10/+6 |
* | Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of t... | Chris Buechler | 2014-12-31 | 1 | -0/+3 |
* | Only set route-to and reply-to on ESP and ISAKMP rules if the remote endpoint... | Chris Buechler | 2014-12-30 | 1 | -12/+18 |
* | Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket #... | Ermal LUÇI | 2014-12-30 | 1 | -1/+1 |
* | Split ICMP and ICMPv6 types on Firewall Rules | Renato Botelho | 2014-12-11 | 1 | -0/+61 |
* | Update filter.inc | Dmitriy K. | 2014-12-01 | 1 | -1/+1 |
* | Rather than set the g['booting'] on globals provide a function to test for th... | Ermal LUÇI | 2014-11-26 | 1 | -11/+11 |
* | MSS clamping on VPNs is necessary in both directions where it's needed. Rathe... | Chris Buechler | 2014-11-22 | 1 | -0/+1 |
* | Fixes #3198, check that subnet masks are equal when choosing binat type for I... | Ermal LUÇI | 2014-11-20 | 1 | -2/+13 |
* | Retire flowtable_configure as a useless code since its not in kernel | Ermal | 2014-11-10 | 1 | -30/+0 |
* | Ticket #3967. Allow to have carp as parent of ipaliases - continued | Ermal | 2014-11-10 | 1 | -1/+1 |
* | When an alias contain hosts, add IPs and networks to filterdns too, otherwise... | Renato Botelho | 2014-11-05 | 1 | -1/+15 |
* | remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days an... | Chris Buechler | 2014-11-04 | 1 | -1/+0 |
* | block IPv4 link-local. Per RFC 3927, hosts "MUST NOT send the packet to | Chris Buechler | 2014-10-14 | 1 | -0/+5 |
* | Fix pf syntax s/divert/divert-to/. It should fix #3921 | Renato Botelho | 2014-10-10 | 1 | -1/+1 |
* | Fix not rules for OPTn network case | Phil Davis | 2014-10-06 | 1 | -10/+7 |
* | get back to our standard RFC-defined capitalization of IPsec | Chris Buechler | 2014-10-02 | 1 | -2/+2 |
* | Change is_port() to only validate a single port, we have is_portrange() for s... | Renato Botelho | 2014-09-10 | 1 | -1/+1 |
* | As pointed out by Ermal, VIPs should go first in the list since NAT is first ... | Renato Botelho | 2014-09-09 | 1 | -2/+2 |
* | Take virtual IPs into consideration for automatic outbound NAT rules, it shou... | Renato Botelho | 2014-08-22 | 1 | -0/+18 |
* | Remove double defined 'localhost' on the list of networks to create outbound ... | Renato Botelho | 2014-08-11 | 1 | -1/+1 |
* | Do not create automatic outbound NAT rule for disabled openvpn servers and cl... | Renato Botelho | 2014-08-11 | 1 | -2/+2 |
* | Fix #983 - Add IP aliases subnets to interface subnet macro on GUI, since I'm... | Renato Botelho | 2014-07-22 | 1 | -6/+52 |
* | Convert almost all /sbin/sysctl calls to php functions | Renato Botelho | 2014-07-07 | 1 | -8/+10 |
* | Fix dscp values and provide a config upgrade to fix values stored in config.x... | Renato Botelho | 2014-06-24 | 1 | -1/+1 |
* | Merge pull request #1239 from phil-davis/patch-9 | jim-p | 2014-06-20 | 1 | -1/+1 |
|\ |
|
| * | Only include a scheduled rule if it is strictly before the end time | Phil Davis | 2014-06-19 | 1 | -1/+1 |
* | | Remove extra data after space and fix pf rule syntax. It should fix #3688 | Renato Botelho | 2014-06-20 | 1 | -1/+1 |
* | | Replace some backticks by exec ans simplify commands | Renato Botelho | 2014-06-19 | 1 | -1/+1 |
|/ |
|
* | Make logging of pass rules opt-in rather than opt-out | Ermal | 2014-05-27 | 1 | -1/+1 |
* | Split the setting of logging pass and block into 2 separate settings. Maybe t... | Ermal | 2014-05-27 | 1 | -92/+93 |
* | Add (self) keyword for specifying "any IP address on this firewall" as a rule... | jim-p | 2014-05-23 | 1 | -0/+6 |
* | Expose all p0f OS types that it supports so that subtypes of various Operatin... | jim-p | 2014-04-29 | 1 | -1/+1 |