Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fixes #610. Do not use the value of mtu blindly test it is set or use 1500 ↵ | Ermal | 2010-05-20 | 1 | -1/+1 |
| | | | | as default. | ||||
* | block carp traffic to hosts self to avoid loops. fixes #598 | Scott Ullrich | 2010-05-19 | 1 | -0/+1 |
| | |||||
* | get rid of flowtable | Chris Buechler | 2010-05-19 | 1 | -1/+3 |
| | |||||
* | Simplify/optimize code. | Ermal | 2010-05-13 | 1 | -3/+2 |
| | |||||
* | Add a GUI field to let the user configure the maxium table entries size. ↵ | jim-p | 2010-05-13 | 1 | -0/+5 |
| | | | | | | Resolves #588 NOTE: Actual tables, not states. | ||||
* | Using binat for reflection rules created some NAT issues under certain ↵ | Erik Fonnesbeck | 2010-05-13 | 1 | -9/+16 |
| | | | | circumstances. Use rdr with the bitmask address pool type instead. | ||||
* | Don't load the package include files if the packages are out of sync, which ↵ | jim-p | 2010-05-11 | 1 | -1/+2 |
| | | | | can lead to the system not booting properly. Should help with ticket #267. | ||||
* | Comment out the linkage of carp with alias members. As it is it does not ↵ | Ermal | 2010-05-10 | 1 | -2/+6 |
| | | | | work and passing 30000 addresses to match is not fun either in some edge cases. | ||||
* | Do not install reflection rules for port forwards when the destination is ↵ | Erik Fonnesbeck | 2010-05-08 | 1 | -0/+2 |
| | | | | invalid. | ||||
* | Revert changes to reflection for port forwards until finished and approved. | Erik Fonnesbeck | 2010-05-08 | 1 | -69/+196 |
| | |||||
* | Merge http://gitweb.pfsense.org/pfsense/efonne-new_nat_reflection into master | Erik Fonnesbeck | 2010-05-08 | 1 | -184/+116 |
|\ | |||||
| * | Add backend code for NAT reflection on 1:1 NAT mappings. | Erik Fonnesbeck | 2010-05-04 | 1 | -9/+30 |
| | | |||||
| * | Removed some redundant/obsolete code that is superceded by the new NAT ↵ | Erik Fonnesbeck | 2010-05-04 | 1 | -8/+0 |
| | | | | | | | | reflection code. | ||||
| * | Add the NAT that goes with the reflection redirects. | Erik Fonnesbeck | 2010-05-04 | 1 | -17/+49 |
| | | |||||
| * | Added reflection redirect rule and rearranged some related code that goes ↵ | Erik Fonnesbeck | 2010-05-04 | 1 | -57/+49 |
| | | | | | | | | with it. | ||||
| * | Remove the old reflection implementation and prepare for the new one. | Erik Fonnesbeck | 2010-05-04 | 1 | -116/+11 |
| | | |||||
* | | The global reference declaration is needed. | Ermal | 2010-05-07 | 1 | -1/+1 |
| | | |||||
* | | Use a global array to prevent errors on rulesets which have invalid ↵ | Ermal | 2010-05-07 | 1 | -3/+12 |
| | | | | | | | | gateways. If such are found do not use the gateway at all. Probably the rule should be skipped too?. | ||||
* | | Move auto generated rule for static routes on same subnet. Use sloppy states ↵ | Ermal | 2010-05-07 | 1 | -28/+29 |
| | | | | | | | | to speed things up and use flags any in tcp case so sloppy state does not choke. | ||||
* | | Fix the regular expression used in filter_generate_address for OPT subnet so ↵ | Erik Fonnesbeck | 2010-05-06 | 1 | -1/+1 |
| | | | | | | | | that it only matches the case intended. Ticket #571 | ||||
* | | Ticket #511. Do not penailize other packages if rules of one package are ↵ | Ermal | 2010-05-05 | 1 | -4/+8 |
| | | | | | | | | erroneous during package rule generation. | ||||
* | | Implement tcp flags and sloppy state on the GUI. | Ermal | 2010-05-05 | 1 | -15/+42 |
|/ | |||||
* | Put all of these lines in the block under this condition and remove the ↵ | Erik Fonnesbeck | 2010-05-04 | 1 | -4/+2 |
| | | | | irrelevant comment. | ||||
* | When 'No RDR' is set, skip some code that does not apply. | Erik Fonnesbeck | 2010-05-04 | 1 | -2/+2 |
| | |||||
* | This check is no longer needed here. | Erik Fonnesbeck | 2010-05-04 | 1 | -13/+11 |
| | |||||
* | Return if not a supported protocol for reflection. | Erik Fonnesbeck | 2010-05-04 | 1 | -1/+1 |
| | |||||
* | 'pass' is not valid with 'no rdr' | Erik Fonnesbeck | 2010-05-04 | 1 | -2/+3 |
| | |||||
* | Skip code for generating inetd.conf entries when 'no rdr' is used. | Erik Fonnesbeck | 2010-05-04 | 1 | -17/+21 |
| | |||||
* | Modify reflection code to avoid having duplicate rule generation code for ↵ | Erik Fonnesbeck | 2010-05-04 | 1 | -16/+19 |
| | | | | when the protocol is different. | ||||
* | Reflection can have side effects unexpected to the user with rules using any ↵ | Erik Fonnesbeck | 2010-05-04 | 1 | -1/+18 |
| | | | | for destination address, so change any to the interface subnet for reflection rules, which should be closer to the desired behavior in most cases but without the side effect. | ||||
* | Use the same destination address and port in reflection rules as is used in ↵ | Erik Fonnesbeck | 2010-05-03 | 1 | -12/+15 |
| | | | | the port forward's main rule. | ||||
* | In reflection rules, fix the end of the port range in port range forwards. | Erik Fonnesbeck | 2010-05-03 | 1 | -5/+5 |
| | |||||
* | Move the reflection enabled check out of filter_generate_reflection, so this ↵ | Erik Fonnesbeck | 2010-05-03 | 1 | -5/+8 |
| | | | | function can be used elsewhere regardless of the system setting for it (in preparation for reflection support on 1:1 NAT mappings). | ||||
* | Various fixes for handling of ports in port forwards. | Erik Fonnesbeck | 2010-05-02 | 1 | -12/+17 |
| | | | | | | | - Removed unused $srcport variable. - Moved setting the $protocol variable to after setting the ports, so it can clear the ports variables when using non-tcp/udp protocols. - Handle a couple extra possible cases for local port. | ||||
* | Moving reflection's interface listing code to its own function, for use in ↵ | Erik Fonnesbeck | 2010-05-02 | 1 | -13/+27 |
| | | | | future NAT reflection improvements. | ||||
* | Fix a check for "any" in port forwards. | Erik Fonnesbeck | 2010-05-02 | 1 | -1/+1 |
| | |||||
* | Ticket #506. Correctly save dynamic gateways extra parameters. | Ermal | 2010-04-30 | 1 | -3/+3 |
| | |||||
* | Unbreak this. Seems it needs to be filter for the rules to work. | Ermal | 2010-04-30 | 1 | -1/+1 |
| | |||||
* | Make sure package rules are last. As the way they are coded they will null ↵ | Ermal | 2010-04-30 | 1 | -2/+2 |
| | | | | out entire rulesets. More work is needed to make them 2.0 comliant but for now this is enough. | ||||
* | Allow for each gateway a weight to be choosen if the gateway has to be used ↵ | Ermal | 2010-04-30 | 1 | -6/+8 |
| | | | | in Gateway groups. This will create that many entries in the route-to statement as the weight says. | ||||
* | Always generate macros so ruleset does not fail even when the gateway has no ↵ | Ermal | 2010-04-29 | 1 | -2/+5 |
| | | | | members. | ||||
* | Generate gateways as macros and then just substitute them during the rules. ↵ | Ermal | 2010-04-29 | 1 | -61/+66 |
| | | | | This allows optimizations and features as repeating the same gateway more than one to be done. | ||||
* | Improve NAT Port Forwarding | Renato Botelho | 2010-04-29 | 1 | -428/+430 |
| | | | | | | | | | | | | | | New features available are: * Now you can disable a rule * You can define "no rdr" rules * Source type, address and port, with an option "not" for exceptions * Destination type, address and port, with an option "not" for exceptions Implemented by: Carlos Eduardo Ramos <carlos.ramos@bluepex.com> Renato Botelho <renato.botelho@bluepex.com> Vinicius Coque <vinicius.coque@bluepex.com> Reviewed by: cmb and efonne Sponsored by: BluePex Security Solutions | ||||
* | Resolves #554. Correct path to tftp-proxy. | Ermal | 2010-04-29 | 1 | -1/+1 |
| | |||||
* | Well there was a reason for this being returned out. Ticket #539. | Ermal | 2010-04-23 | 1 | -1/+1 |
| | |||||
* | Ticket #528. Do not route-to for local connected subnets. | Ermal | 2010-04-22 | 1 | -2/+2 |
| | |||||
* | Add a new alias type, urltable, which downloads a file of IP/CIDR addresses ↵ | jim-p | 2010-04-21 | 1 | -1/+7 |
| | | | | and loads them into a pf persist table instead of importing the addresses directly into a traditional alias. This allows for using huge tables of addresses that would otherwise break the GUI and/or fail to load into pf. Part of ticket #512 | ||||
* | use 6969 for tftp-proxy | Chris Buechler | 2010-04-17 | 1 | -3/+3 |
| | |||||
* | Ticket #511. Actually return the rules from all the packages not just the ↵ | Ermal | 2010-04-16 | 1 | -2/+1 |
| | | | | first one. | ||||
* | Ticket #508. Make TFTP proxy configurable by System Advanced->Firewall/NAT ↵ | Ermal | 2010-04-16 | 1 | -2/+9 |
| | | | | for several interfaces. |