| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564 | Chris Buechler | 2015-04-09 | 1 | -1/+7 |
| * | Allow disabling the APIPA block via hidden config option. Very rarely necessa... | Chris Buechler | 2015-04-08 | 1 | -2/+8 |
| * | Prevent empty addresses for being put in the ruleset. Ticket #4564 | Ermal LUÇI | 2015-04-03 | 1 | -0/+3 |
| * | Bug #4566 Only route-to a gateway if it is not force_down | Phil Davis | 2015-04-02 | 1 | -1/+1 |
| * | Use subnet address in OPT net rules | Phil Davis | 2015-03-16 | 1 | -9/+11 |
| * | Do not start filterdns during boot until a proper fix is done. Ticket #4296 | Renato Botelho | 2015-03-12 | 1 | -18/+20 |
| * | White space in filter.inc | Phil Davis | 2015-03-12 | 1 | -44/+44 |
| * | add granular control of state timeouts. Ticket #4509 | Chris Buechler | 2015-03-11 | 1 | -1/+50 |
| * | Leave adaptive.start and end at their defaults (60% and 120% of the state lim... | Chris Buechler | 2015-03-11 | 1 | -2/+0 |
| * | Skip any numeric-only aliases in the ruleset to prevent errors from those | Chris Buechler | 2015-03-04 | 1 | -0/+5 |
| * | remove unused legacy code | Chris Buechler | 2015-02-26 | 1 | -6/+0 |
| * | DHCPv6 client rules MUST come before bogons. Add a comment that hopefully | Chris Buechler | 2015-02-11 | 1 | -14/+14 |
| * | remove CGN from "Block private networks" as it was in 2.0x and earlier | Chris Buechler | 2015-02-05 | 1 | -1/+0 |
| * | Fixes #4381 this was a leftover of the change of zoneids to start from 2. | Ermal LUÇI | 2015-02-05 | 1 | -2/+2 |
| * | Fixes #4274 same fix as #4302 enclose in double quotes to tell yacc this is a... | Ermal LUÇI | 2015-01-28 | 1 | -2/+6 |
| * | Apparently yacc became more strict in FreeBSD 10. Fixes #4302 | Ermal LUÇI | 2015-01-28 | 1 | -8/+9 |
| * | Add tracker and label to IPv4 Link-Local block rules. | jim-p | 2015-01-09 | 1 | -2/+2 |
| * | Catch packets on all iunterfaces and send them out the correct one. Fixes #4174 | Ermal LUÇI | 2015-01-08 | 1 | -4/+4 |
| * | This is not the place for this setting and werid its here! | Ermal LUÇI | 2015-01-08 | 1 | -6/+0 |
| * | Don't hard code the target IP in auto-generated outbound NAT rules, use | Chris Buechler | 2015-01-07 | 1 | -2/+2 |
| * | Enforce subnet check here to avoid any issues resulting from function call. | Ermal LUÇI | 2015-01-06 | 1 | -1/+1 |
| * | Allow IPv6 on loopback needs quick | Phil Davis | 2015-01-05 | 1 | -2/+2 |
| * | Use binat, not nat, where IPsec NAT is configured with an address for local a... | Chris Buechler | 2014-12-31 | 1 | -10/+6 |
| * | Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of t... | Chris Buechler | 2014-12-31 | 1 | -0/+3 |
| * | Only set route-to and reply-to on ESP and ISAKMP rules if the remote endpoint... | Chris Buechler | 2014-12-30 | 1 | -12/+18 |
| * | Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket #... | Ermal LUÇI | 2014-12-30 | 1 | -1/+1 |
| * | Split ICMP and ICMPv6 types on Firewall Rules | Renato Botelho | 2014-12-11 | 1 | -0/+61 |
| * | Update filter.inc | Dmitriy K. | 2014-12-01 | 1 | -1/+1 |
| * | Rather than set the g['booting'] on globals provide a function to test for th... | Ermal LUÇI | 2014-11-26 | 1 | -11/+11 |
| * | MSS clamping on VPNs is necessary in both directions where it's needed. Rathe... | Chris Buechler | 2014-11-22 | 1 | -0/+1 |
| * | Fixes #3198, check that subnet masks are equal when choosing binat type for I... | Ermal LUÇI | 2014-11-20 | 1 | -2/+13 |
| * | Retire flowtable_configure as a useless code since its not in kernel | Ermal | 2014-11-10 | 1 | -30/+0 |
| * | Ticket #3967. Allow to have carp as parent of ipaliases - continued | Ermal | 2014-11-10 | 1 | -1/+1 |
| * | When an alias contain hosts, add IPs and networks to filterdns too, otherwise... | Renato Botelho | 2014-11-05 | 1 | -1/+15 |
| * | remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days an... | Chris Buechler | 2014-11-04 | 1 | -1/+0 |
| * | block IPv4 link-local. Per RFC 3927, hosts "MUST NOT send the packet to | Chris Buechler | 2014-10-14 | 1 | -0/+5 |
| * | Fix pf syntax s/divert/divert-to/. It should fix #3921 | Renato Botelho | 2014-10-10 | 1 | -1/+1 |
| * | Fix not rules for OPTn network case | Phil Davis | 2014-10-06 | 1 | -10/+7 |
| * | get back to our standard RFC-defined capitalization of IPsec | Chris Buechler | 2014-10-02 | 1 | -2/+2 |
| * | Change is_port() to only validate a single port, we have is_portrange() for s... | Renato Botelho | 2014-09-10 | 1 | -1/+1 |
| * | As pointed out by Ermal, VIPs should go first in the list since NAT is first ... | Renato Botelho | 2014-09-09 | 1 | -2/+2 |
| * | Take virtual IPs into consideration for automatic outbound NAT rules, it shou... | Renato Botelho | 2014-08-22 | 1 | -0/+18 |
| * | Remove double defined 'localhost' on the list of networks to create outbound ... | Renato Botelho | 2014-08-11 | 1 | -1/+1 |
| * | Do not create automatic outbound NAT rule for disabled openvpn servers and cl... | Renato Botelho | 2014-08-11 | 1 | -2/+2 |
| * | Fix #983 - Add IP aliases subnets to interface subnet macro on GUI, since I'm... | Renato Botelho | 2014-07-22 | 1 | -6/+52 |
| * | Convert almost all /sbin/sysctl calls to php functions | Renato Botelho | 2014-07-07 | 1 | -8/+10 |
| * | Fix dscp values and provide a config upgrade to fix values stored in config.x... | Renato Botelho | 2014-06-24 | 1 | -1/+1 |
| * | Merge pull request #1239 from phil-davis/patch-9 | jim-p | 2014-06-20 | 1 | -1/+1 |
| |\ |
|
| | * | Only include a scheduled rule if it is strictly before the end time | Phil Davis | 2014-06-19 | 1 | -1/+1 |
| * | | Remove extra data after space and fix pf rule syntax. It should fix #3688 | Renato Botelho | 2014-06-20 | 1 | -1/+1 |
