summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
Commit message (Expand)AuthorAgeFilesLines
* Merge pull request #1762 from doktornotor/patch-3Renato Botelho2015-07-181-4/+4
|\
| * Add labels to some default firewall rules doktornotor2015-07-181-4/+4
* | Really avoid error loading rules for numeric host name in aliasPhil Davis2015-07-181-1/+2
|/
* Revert "Avoid error loading rules for numeric host name in alias"Renato Botelho2015-07-151-1/+1
* Avoid error loading rules for numeric host name in aliasPhil Davis2015-07-151-1/+1
* Add a GUI field to increase the pf frag entries limit. Fixes ticket #4775jim-p2015-06-181-0/+5
* Blacklist invalid "from" sources since they can be picked up accidentally and...jim-p2015-06-171-1/+3
* Fixes #4651 use proper var name on global to have the correct id put on the ruleErmal LUÇI2015-06-071-1/+1
* Ticket #4235 put reply-to/route-to rules even for mobile-ipsec.Ermal LUÇI2015-05-011-7/+6
* Ticket #4651 Oops correct name of varErmal LUÇI2015-05-011-1/+1
* Fixes #4651 Assign a proper tracker for NEGATE rulesErmal LUÇI2015-05-011-1/+9
* Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564Chris Buechler2015-04-091-1/+7
* Allow disabling the APIPA block via hidden config option. Very rarely necessa...Chris Buechler2015-04-081-2/+8
* Prevent empty addresses for being put in the ruleset. Ticket #4564Ermal LUÇI2015-04-031-0/+3
* Bug #4566 Only route-to a gateway if it is not force_downPhil Davis2015-04-021-1/+1
* Use subnet address in OPT net rulesPhil Davis2015-03-161-9/+11
* Do not start filterdns during boot until a proper fix is done. Ticket #4296Renato Botelho2015-03-121-18/+20
* White space in filter.incPhil Davis2015-03-121-44/+44
* add granular control of state timeouts. Ticket #4509Chris Buechler2015-03-111-1/+50
* Leave adaptive.start and end at their defaults (60% and 120% of the state lim...Chris Buechler2015-03-111-2/+0
* Skip any numeric-only aliases in the ruleset to prevent errors from thoseChris Buechler2015-03-041-0/+5
* remove unused legacy codeChris Buechler2015-02-261-6/+0
* DHCPv6 client rules MUST come before bogons. Add a comment that hopefullyChris Buechler2015-02-111-14/+14
* remove CGN from "Block private networks" as it was in 2.0x and earlierChris Buechler2015-02-051-1/+0
* Fixes #4381 this was a leftover of the change of zoneids to start from 2.Ermal LUÇI2015-02-051-2/+2
* Fixes #4274 same fix as #4302 enclose in double quotes to tell yacc this is a...Ermal LUÇI2015-01-281-2/+6
* Apparently yacc became more strict in FreeBSD 10. Fixes #4302Ermal LUÇI2015-01-281-8/+9
* Add tracker and label to IPv4 Link-Local block rules.jim-p2015-01-091-2/+2
* Catch packets on all iunterfaces and send them out the correct one. Fixes #4174Ermal LUÇI2015-01-081-4/+4
* This is not the place for this setting and werid its here!Ermal LUÇI2015-01-081-6/+0
* Don't hard code the target IP in auto-generated outbound NAT rules, useChris Buechler2015-01-071-2/+2
* Enforce subnet check here to avoid any issues resulting from function call.Ermal LUÇI2015-01-061-1/+1
* Allow IPv6 on loopback needs quickPhil Davis2015-01-051-2/+2
* Use binat, not nat, where IPsec NAT is configured with an address for local a...Chris Buechler2014-12-311-10/+6
* Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of t...Chris Buechler2014-12-311-0/+3
* Only set route-to and reply-to on ESP and ISAKMP rules if the remote endpoint...Chris Buechler2014-12-301-12/+18
* Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket #...Ermal LUÇI2014-12-301-1/+1
* Split ICMP and ICMPv6 types on Firewall RulesRenato Botelho2014-12-111-0/+61
* Update filter.incDmitriy K.2014-12-011-1/+1
* Rather than set the g['booting'] on globals provide a function to test for th...Ermal LUÇI2014-11-261-11/+11
* MSS clamping on VPNs is necessary in both directions where it's needed. Rathe...Chris Buechler2014-11-221-0/+1
* Fixes #3198, check that subnet masks are equal when choosing binat type for I...Ermal LUÇI2014-11-201-2/+13
* Retire flowtable_configure as a useless code since its not in kernelErmal2014-11-101-30/+0
* Ticket #3967. Allow to have carp as parent of ipaliases - continuedErmal2014-11-101-1/+1
* When an alias contain hosts, add IPs and networks to filterdns too, otherwise...Renato Botelho2014-11-051-1/+15
* remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days an...Chris Buechler2014-11-041-1/+0
* block IPv4 link-local. Per RFC 3927, hosts "MUST NOT send the packet toChris Buechler2014-10-141-0/+5
* Fix pf syntax s/divert/divert-to/. It should fix #3921Renato Botelho2014-10-101-1/+1
* Fix not rules for OPTn network casePhil Davis2014-10-061-10/+7
* get back to our standard RFC-defined capitalization of IPsecChris Buechler2014-10-021-2/+2
OpenPOWER on IntegriCloud