summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
Commit message (Expand)AuthorAgeFilesLines
* Pass -S to tcpdump to avoid an increase in memory consumption over time.jim-p2013-01-031-2/+2
* Move to varrun_path for consistencyErmal2013-01-031-4/+4
* Tell filterdns to reload the config rather than restart if its runningErmal2013-01-021-6/+10
* Use file_put_contents for simplicity and concistencyErmal2012-12-281-5/+1
* Merge pull request #262 from PiBa-NL/cleanupJim P2012-12-051-2/+4
|\
| * code cleanup, and extra newline for message and rule generationPiBa-NL2012-11-181-2/+4
* | Resolves #2529. Load the ipfw module before any commands are executed on CP. ...Ermal2012-11-221-25/+0
* | Add correct rules for IPv6 tunnel endpoints which differ from the default route.smos2012-11-191-23/+31
* | Do not return here, else we end without any IPsec endoint rules if just one f...smos2012-11-191-2/+4
* | Add missing $Ermal2012-11-191-1/+1
* | Correct check to required functionErmal2012-11-191-1/+1
* | Merge pull request #259 from PiBa-NL/ipsecNATErmal Luçi2012-11-191-1/+5
|\ \
| * | ipsec binat rule not possible if using a subnet together with a single ip so ...PiBa-NL2012-11-181-1/+5
| |/
* | Aiming at IPv6 compatibility, do the same tricks on the pfil reorder as for v...Ermal2012-11-171-8/+3
|/
* Only openvpn networks need to stay on negate tableErmal2012-11-161-24/+5
* While here check if the function needed exists to avoid a require_once call. ...Ermal2012-11-151-4/+8
* For destination tolerate a 0.0.0.0/0 and convert it to anyErmal2012-11-151-1/+3
* Correct the destination for the binat to the real destinationErmal2012-11-151-1/+6
* Tune the binat a bit so it does not affect all traffic on enc but just for th...Ermal2012-11-151-1/+1
* Add ipsec/* anchor for radius dynamic rulesErmal2012-11-141-0/+2
* Remove carp nat rule auto generated since those are only applied on LAN(inter...Ermal2012-11-081-38/+0
* Do not generate carp NAT rules when in BACKUP/INIT modeErmal2012-11-081-1/+1
* revert change to if-bound states since this seems to have broken all kinds of...Chris Buechler2012-11-051-1/+1
* Add missing line ending to fix pf syntax error.Erik Fonnesbeck2012-10-311-1/+1
* Use if-bound states for better featuresErmal2012-10-311-1/+1
* Revert "Revert "Do not put the prefix len on the src ip""Ermal2012-10-311-1/+1
* Revert "Do not put the prefix len on the src ip"Ermal2012-10-311-1/+1
* Do not put the prefix len on the src ipErmal2012-10-311-1/+1
* use the proper array here for VIPs and use some suggestions from the ticket t...jim-p2012-10-301-6/+15
* Fix typoErik Fonnesbeck2012-10-111-1/+1
* Use only binat so both side can communicate properly. With nat only the side ...Ermal2012-10-111-5/+1
* Tune check so nat rules for single host ips get addedErmal2012-10-101-1/+1
* Correct check since it might be an ip as wellErmal2012-10-051-1/+5
* Be more strict on validation during filter reloadErmal2012-10-051-2/+2
* Don't write a rule out of the natlocal_subnet is blank.jim-p2012-10-051-1/+1
* Add a NAT entry for configuring NAT on ipsec phase2. It will add nat rules on...Ermal2012-10-041-0/+21
* Fix typobcyrill2012-10-011-1/+1
* Add ECE and CWR TCP flags as defined in RFC 3168bcyrill2012-10-011-4/+14
* don't log here, users can define their own logging rules if they want loggingChris Buechler2012-09-181-2/+2
* Bail here so we don't make invalid rules for IPsec if this is empty.jim-p2012-09-121-0/+2
* Added a setting for configuring the firewall log to either:PiBa-NL2012-09-101-4/+4
* Fix up tcpdump for pflog stop/start a little, consolodate code, and restart t...jim-p2012-09-041-1/+5
* Simplify schedules code and some styly nitsErmal2012-08-301-44/+28
* Month matching for scheduler rulesphildd2012-08-301-5/+2
* Correct filter tdr install_cron functionErmal2012-08-291-11/+10
* Don't put this rule in if $carp_int is empty, it makes an invalid rule. Fixes...jim-p2012-08-281-1/+1
* Correct carp rules and a weird nat rule on carp so they actually generate wha...Ermal2012-08-161-6/+5
* Put propper curlies since this is themeaning of this test so its readbleErmal2012-08-141-1/+1
* Add the new 100.64/10 nat 444 CGN/LSN shared transition space netblock here. ...smos2012-07-271-0/+1
* Make sure that the limits are included in the normal ruleset, otherwise pf wi...smos2012-06-201-0/+1
OpenPOWER on IntegriCloud