summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
Commit message (Expand)AuthorAgeFilesLines
* Check whether the P2 or its associated P1 are disabled before adding NATChris Buechler2015-10-201-1/+8
* fix comparison here. Ticket #4558Chris Buechler2015-10-151-1/+1
* Auto-add firewall rules for DHCP Relay, same as is done for DHCP Server. Add ...Chris Buechler2015-10-141-0/+13
* Use self rather than any in auto-added IPsec rules to preventChris Buechler2015-09-281-8/+8
* Remove useless log spam. Ticket #4102Chris Buechler2015-09-161-4/+0
* Only add 6rd rules if there is an IPv4 IP defined for the gateway,Chris Buechler2015-09-141-1/+4
* Allow to create empty bogons on nanoBSDPhil Davis2015-08-031-4/+8
* Use an alternate method to find VIP targets that should be allowed for Captiv...jim-p2015-07-291-9/+7
* Fix typo in variable name, spotted by Phil DavisRenato Botelho2015-07-271-1/+1
* Consider url_port alias type when checking port-type aliases V2Phil Davis2015-07-271-1/+1
* Merge pull request #1762 from doktornotor/patch-3Renato Botelho2015-07-181-4/+4
|\
| * Add labels to some default firewall rules doktornotor2015-07-181-4/+4
* | Really avoid error loading rules for numeric host name in aliasPhil Davis2015-07-181-1/+2
|/
* Revert "Avoid error loading rules for numeric host name in alias"Renato Botelho2015-07-151-1/+1
* Avoid error loading rules for numeric host name in aliasPhil Davis2015-07-151-1/+1
* Add a GUI field to increase the pf frag entries limit. Fixes ticket #4775jim-p2015-06-181-0/+5
* Blacklist invalid "from" sources since they can be picked up accidentally and...jim-p2015-06-171-1/+3
* Fixes #4651 use proper var name on global to have the correct id put on the ruleErmal LUÇI2015-06-071-1/+1
* Ticket #4235 put reply-to/route-to rules even for mobile-ipsec.Ermal LUÇI2015-05-011-7/+6
* Ticket #4651 Oops correct name of varErmal LUÇI2015-05-011-1/+1
* Fixes #4651 Assign a proper tracker for NEGATE rulesErmal LUÇI2015-05-011-1/+9
* Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564Chris Buechler2015-04-091-1/+7
* Allow disabling the APIPA block via hidden config option. Very rarely necessa...Chris Buechler2015-04-081-2/+8
* Prevent empty addresses for being put in the ruleset. Ticket #4564Ermal LUÇI2015-04-031-0/+3
* Bug #4566 Only route-to a gateway if it is not force_downPhil Davis2015-04-021-1/+1
* Use subnet address in OPT net rulesPhil Davis2015-03-161-9/+11
* Do not start filterdns during boot until a proper fix is done. Ticket #4296Renato Botelho2015-03-121-18/+20
* White space in filter.incPhil Davis2015-03-121-44/+44
* add granular control of state timeouts. Ticket #4509Chris Buechler2015-03-111-1/+50
* Leave adaptive.start and end at their defaults (60% and 120% of the state lim...Chris Buechler2015-03-111-2/+0
* Skip any numeric-only aliases in the ruleset to prevent errors from thoseChris Buechler2015-03-041-0/+5
* remove unused legacy codeChris Buechler2015-02-261-6/+0
* DHCPv6 client rules MUST come before bogons. Add a comment that hopefullyChris Buechler2015-02-111-14/+14
* remove CGN from "Block private networks" as it was in 2.0x and earlierChris Buechler2015-02-051-1/+0
* Fixes #4381 this was a leftover of the change of zoneids to start from 2.Ermal LUÇI2015-02-051-2/+2
* Fixes #4274 same fix as #4302 enclose in double quotes to tell yacc this is a...Ermal LUÇI2015-01-281-2/+6
* Apparently yacc became more strict in FreeBSD 10. Fixes #4302Ermal LUÇI2015-01-281-8/+9
* Add tracker and label to IPv4 Link-Local block rules.jim-p2015-01-091-2/+2
* Catch packets on all iunterfaces and send them out the correct one. Fixes #4174Ermal LUÇI2015-01-081-4/+4
* This is not the place for this setting and werid its here!Ermal LUÇI2015-01-081-6/+0
* Don't hard code the target IP in auto-generated outbound NAT rules, useChris Buechler2015-01-071-2/+2
* Enforce subnet check here to avoid any issues resulting from function call.Ermal LUÇI2015-01-061-1/+1
* Allow IPv6 on loopback needs quickPhil Davis2015-01-051-2/+2
* Use binat, not nat, where IPsec NAT is configured with an address for local a...Chris Buechler2014-12-311-10/+6
* Allow IPv6 on loopback even where IPv6 is otherwise disabled. The intent of t...Chris Buechler2014-12-311-0/+3
* Only set route-to and reply-to on ESP and ISAKMP rules if the remote endpoint...Chris Buechler2014-12-301-12/+18
* Unbreak IPsec rules generation for IPsec over CARP. Should help even Ticket #...Ermal LUÇI2014-12-301-1/+1
* Split ICMP and ICMPv6 types on Firewall RulesRenato Botelho2014-12-111-0/+61
* Update filter.incDmitriy K.2014-12-011-1/+1
* Rather than set the g['booting'] on globals provide a function to test for th...Ermal LUÇI2014-11-261-11/+11
OpenPOWER on IntegriCloud