| Commit message (Expand) | Author | Age | Files | Lines |
* | remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days an... | Chris Buechler | 2014-11-04 | 1 | -1/+0 |
* | block IPv4 link-local. Per RFC 3927, hosts "MUST NOT send the packet to | Chris Buechler | 2014-10-14 | 1 | -0/+5 |
* | Fix pf syntax s/divert/divert-to/. It should fix #3921 | Renato Botelho | 2014-10-10 | 1 | -1/+1 |
* | Fix not rules for OPTn network case | Phil Davis | 2014-10-06 | 1 | -10/+7 |
* | get back to our standard RFC-defined capitalization of IPsec | Chris Buechler | 2014-10-02 | 1 | -2/+2 |
* | Change is_port() to only validate a single port, we have is_portrange() for s... | Renato Botelho | 2014-09-10 | 1 | -1/+1 |
* | As pointed out by Ermal, VIPs should go first in the list since NAT is first ... | Renato Botelho | 2014-09-09 | 1 | -2/+2 |
* | Take virtual IPs into consideration for automatic outbound NAT rules, it shou... | Renato Botelho | 2014-08-22 | 1 | -0/+18 |
* | Remove double defined 'localhost' on the list of networks to create outbound ... | Renato Botelho | 2014-08-11 | 1 | -1/+1 |
* | Do not create automatic outbound NAT rule for disabled openvpn servers and cl... | Renato Botelho | 2014-08-11 | 1 | -2/+2 |
* | Fix #983 - Add IP aliases subnets to interface subnet macro on GUI, since I'm... | Renato Botelho | 2014-07-22 | 1 | -6/+52 |
* | Convert almost all /sbin/sysctl calls to php functions | Renato Botelho | 2014-07-07 | 1 | -8/+10 |
* | Fix dscp values and provide a config upgrade to fix values stored in config.x... | Renato Botelho | 2014-06-24 | 1 | -1/+1 |
* | Merge pull request #1239 from phil-davis/patch-9 | jim-p | 2014-06-20 | 1 | -1/+1 |
|\ |
|
| * | Only include a scheduled rule if it is strictly before the end time | Phil Davis | 2014-06-19 | 1 | -1/+1 |
* | | Remove extra data after space and fix pf rule syntax. It should fix #3688 | Renato Botelho | 2014-06-20 | 1 | -1/+1 |
* | | Replace some backticks by exec ans simplify commands | Renato Botelho | 2014-06-19 | 1 | -1/+1 |
|/ |
|
* | Make logging of pass rules opt-in rather than opt-out | Ermal | 2014-05-27 | 1 | -1/+1 |
* | Split the setting of logging pass and block into 2 separate settings. Maybe t... | Ermal | 2014-05-27 | 1 | -92/+93 |
* | Add (self) keyword for specifying "any IP address on this firewall" as a rule... | jim-p | 2014-05-23 | 1 | -0/+6 |
* | Expose all p0f OS types that it supports so that subtypes of various Operatin... | jim-p | 2014-04-29 | 1 | -1/+1 |
* | check gateway for IPv6 also for reply-to rules. | PiBa-NL | 2014-04-19 | 1 | -1/+1 |
* | Switch over to filterlog sooner than later | Ermal | 2014-04-14 | 1 | -13/+3 |
* | Use proper variable name for the interface | Ermal | 2014-03-28 | 1 | -1/+1 |
* | Log everything when selected to do so | Ermal | 2014-03-26 | 1 | -93/+93 |
* | Correct the generation of antifpoof rules with tracker. Also honor the log di... | Ermal | 2014-03-26 | 1 | -4/+3 |
* | Give each rule hardcoded on the ruleset a tracker so log entries give up prop... | Ermal | 2014-03-26 | 1 | -103/+183 |
* | Do not garble the error logging message | Ermal | 2014-03-20 | 1 | -3/+4 |
* | Try to restore last working ruleset rather than staying without configuration... | Ermal | 2014-03-20 | 1 | -6/+11 |
* | Disable default allow incoming rules for 6to4 and 6rd interfaces. This rule u... | Ermal | 2014-03-17 | 1 | -2/+4 |
* | Only add dhcpv6 client allow rules if ipv6allow is set | Renato Botelho | 2014-02-18 | 1 | -1/+1 |
* | Move 'allow dhcpv6 client' rules above block bogonsv6 ones, it should fix #3395 | Renato Botelho | 2014-02-18 | 1 | -15/+18 |
* | Merge pull request #891 from PiBa-NL/captive_disable | Renato Botelho | 2014-02-18 | 1 | -0/+2 |
|\ |
|
| * | captive portal, don't generate rules for disabled portal | PiBa-NL | 2014-01-25 | 1 | -0/+2 |
* | | Move this global declaration to the proper file rather than backend code | Ermal | 2014-02-17 | 1 | -12/+0 |
* | | fix syntax | Renato Botelho | 2014-01-02 | 1 | -1/+1 |
* | | Generate a tracker id for the filter rules for now. Maybe for nat rules as well? | Ermal | 2013-12-31 | 1 | -2/+5 |
* | | Use _vip as identified for CARP vip IPs to allow easier upgrade code. This wa... | Ermal | 2013-12-06 | 1 | -1/+4 |
* | | Load only the options and nothing else | Ermal | 2013-12-06 | 1 | -1/+1 |
* | | Remove 0.0.0.0 from automatic outbound nat rules | Renato Botelho | 2013-11-28 | 1 | -1/+1 |
* | | Remove references to _vip interface and provide proper configuration for carp... | Ermal | 2013-11-28 | 1 | -5/+1 |
* | | fix 0.0.0.0 subnet for automatic outbound NAT rules, fixes #2416 | Renato Botelho | 2013-11-26 | 1 | -1/+1 |
* | | Fix #3331. Set interface subnet as destination when VIP is in the same subnet... | Renato Botelho | 2013-11-21 | 1 | -1/+4 |
* | | FreeBSD 10 pf does not have a limit for table entries | Ermal | 2013-11-21 | 1 | -3/+0 |
* | | Add gettext() to recently added strings | Renato Botelho | 2013-11-18 | 1 | -9/+9 |
* | | Add an option to return outbound NAT automatic to nat hosts with description,... | Renato Botelho | 2013-11-18 | 1 | -11/+41 |
* | | Add subnet to 0.0.0.0 otherwise it's not added to table, ticket #2416 | Renato Botelho | 2013-11-18 | 1 | -1/+1 |
* | | Make sure automatic rules are created even if mode is not set, ticket #2416 | Renato Botelho | 2013-11-18 | 1 | -1/+3 |
* | | Split automatic to nat hosts fill into a function to be able to call it from ... | Renato Botelho | 2013-11-14 | 1 | -95/+132 |
* | | Remove unused variables and fix automatic nat to alias-address | Renato Botelho | 2013-11-14 | 1 | -5/+1 |