Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Do not allow duplicate netcat reflection entries. Resolves #193 | sullrich | 2009-11-29 | 1 | -6/+6 |
| | |||||
* | Use any for block until a diff solution can be created | sullrich | 2009-11-29 | 1 | -1/+1 |
| | |||||
* | Lock out SSH going to LANIPS. Use correct SSH port if custom port is defined. | sullrich | 2009-11-29 | 1 | -2/+7 |
| | |||||
* | Nuke motd | sullrich | 2009-11-29 | 1 | -15/+27 |
| | |||||
* | Include neccessary filter.inc. | Ermal Luçi | 2009-11-24 | 1 | -1/+0 |
| | |||||
* | Rework includes/require. This saves about 4 megabytes. | Scott Ullrich | 2009-11-21 | 1 | -2/+0 |
| | | | | Simplify get_memory(). Tested on mips/i386 | ||||
* | Add support for 'max-src-conn' PF feature, to limit the maximum number of ↵ | pierrepomes | 2009-11-16 | 1 | -1/+4 |
| | | | | established connections per host | ||||
* | Don't add hard coded rules to allow traffic to the portal. | Chris Buechler | 2009-11-15 | 1 | -5/+0 |
| | | | | | 1) the no state breaks CP 2) it's never been automatically allowed previously, and hard coded non-editable rules are bad. | ||||
* | err, this defeats the entire purpose of NAT-T for clients behind the ↵ | Chris Buechler | 2009-11-08 | 1 | -2/+0 |
| | | | | firewall, let's not do this. | ||||
* | Don't add port on no nat rules. Fixes #120 | Chris Buechler | 2009-11-07 | 1 | -8/+9 |
| | |||||
* | Fix "Filter rule association" "Pass" option | unknown | 2009-11-07 | 1 | -9/+13 |
| | |||||
* | The wizards do not set the rule type and queues should be enabled even on ↵ | Ermal Luçi | 2009-11-02 | 1 | -19/+17 |
| | | | | block rules so add the queues to the rules even if the type of rule is not set(which means pass btw). This unbreaks the traffic shaper wizards and block shaping rules. | ||||
* | Revert "Fix no nat rules where ports 1024:65535 is added Resolves #120" | Scott Ullrich | 2009-10-27 | 1 | -7/+3 |
| | | | | This reverts commit 8763e56d20eec74f1c4caaea80ac1cfcb46bbe03. | ||||
* | Fix no nat rules where ports 1024:65535 is added Resolves #120 | Scott Ullrich | 2009-10-27 | 1 | -3/+7 |
| | |||||
* | On second look, turn on PPP interfaces at the get_interfaces_with_gateway level | Scott Ullrich | 2009-10-25 | 1 | -1/+1 |
| | |||||
* | Add nat on rules for PPP | Scott Ullrich | 2009-10-25 | 1 | -10/+8 |
| | |||||
* | Correctly fix the function so that the table expands again. | Seth Mos | 2009-10-23 | 1 | -1/+2 |
| | | | | Whoever rewrote this must have been sleep deprived or really lost. | ||||
* | Unbreak filter_get_direct_networks() | Seth Mos | 2009-10-23 | 1 | -1/+2 |
| | | | | Check if the array is empty | ||||
* | Remove double dollar sign | Seth Mos | 2009-10-23 | 1 | -1/+1 |
| | |||||
* | Restore the filter_get_vpns_list() functionality | Seth Mos | 2009-10-23 | 1 | -12/+24 |
| | | | | Increase readability | ||||
* | Use useland pppd for ppp connections | Scott Ullrich | 2009-10-19 | 1 | -1/+29 |
| | |||||
* | Do not use state on the CP authentication port. This is necessary since the ↵ | Ermal Luçi | 2009-10-08 | 1 | -2/+2 |
| | | | | fwd from layer 2 being done with the latest code will break the mechanism that pf keeps state. | ||||
* | Turn off FLOWTABLE | Scott Ullrich | 2009-09-28 | 1 | -1/+2 |
| | |||||
* | Fix typo: Pointy-hat-to: ?! | Ermal Luçi | 2009-09-28 | 1 | -1/+1 |
| | |||||
* | Filter rules for interface-subnet rules fixed. | Eirik Oeverby | 2009-09-23 | 1 | -2/+4 |
| | |||||
* | Merge remote branch 'mainline/master' | Eirik Oeverby | 2009-09-23 | 1 | -2/+12 |
|\ | |||||
| * | Only create a rdr for local interfaces which is destined for the actual ↵ | Seth Mos | 2009-09-23 | 1 | -2/+12 |
| | | | | | | | | | | | | | | address we have a portforward for. This prevents people from ending up in our netcat code for reflection when trying to access other websites. Should fix Issue #99 | ||||
* | | More IPSec, filter.inc changes | Eirik Oeverby | 2009-09-23 | 1 | -2/+6 |
| | | |||||
* | | WIP: fixing IPSec screens/config | Eirik Oeverby | 2009-09-22 | 1 | -1/+1 |
|/ | |||||
* | Fix rdr generation, fix by ltning | Chris Buechler | 2009-09-20 | 1 | -1/+1 |
| | |||||
* | With latest improvements to ipfw(4) we do not need ipfw on layer3 everything ↵ | Ermal Luçi | 2009-09-20 | 1 | -2/+2 |
| | | | | is done on layer2 now. | ||||
* | Generate FilterIflist members if not generated before. This function is ↵ | Ermal Luçi | 2009-09-20 | 1 | -1/+3 |
| | | | | supposed to be private to filter.inc but seems some other code depends on it. | ||||
* | Merge branch 'master' of git://rcs.pfsense.org/pfsense/Eugene-igmpproxy | Scott Ullrich | 2009-09-16 | 1 | -18/+1 |
|\ | |||||
| * | Remove igmpproxy specific stuff from filter.inc, add allow-opt into pass out ↵ | Eugene | 2009-09-17 | 1 | -18/+1 |
| | | | | | | | | all... | ||||
* | | Merge branch 'master' of git://rcs.pfsense.org/pfsense/Eugene-igmpproxy into ↵ | Scott Ullrich | 2009-09-16 | 1 | -0/+21 |
|\ \ | |/ | | | | | review/master | ||||
| * | Add allow-opts at Upstream igmpproxy interface if the package is present | Charlie | 2009-09-16 | 1 | -0/+21 |
| | | |||||
* | | Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions | Scott Ullrich | 2009-09-12 | 1 | -1/+4 |
|/ | |||||
* | Only process after_filter_configure_run if it is an array | Scott Ullrich | 2009-08-22 | 1 | -2/+3 |
| | |||||
* | oops fix if statement | Scott Ullrich | 2009-08-20 | 1 | -1/+1 |
| | |||||
* | Fix Warning: Invalid argument supplied for foreach() in /etc/inc/filter.inc ↵ | Scott Ullrich | 2009-08-20 | 1 | -2/+4 |
| | | | | on line 415 | ||||
* | Fix NAT reflection for UDP. Was using the incorrect socket type, when udp ↵ | jim-p | 2009-08-15 | 1 | -3/+6 |
| | | | | was reflected, inetd was still listening on TCP. | ||||
* | Actually do the test right. | Ermal Luçi | 2009-08-12 | 1 | -1/+1 |
| | |||||
* | Catch up with the new System->Misc option added for schedules. | Ermal Luçi | 2009-08-12 | 1 | -1/+2 |
| | |||||
* | Just return without the complete rule otherwise some misconfiguration may ↵ | Ermal Luçi | 2009-08-12 | 1 | -1/+1 |
| | | | | | | happen when a schedule expires. Reported-by: mileswu | ||||
* | Remove unneeded double quoutes from expression. | Ermal Luçi | 2009-08-11 | 1 | -1/+1 |
| | |||||
* | Add a compat function after renaming tdr_install_cron to ↵ | Ermal Luçi | 2009-08-11 | 1 | -0/+6 |
| | | | | filter_tdr_install_cron with a warning for the renaming. | ||||
* | Unlock a little faster otherwise a deadlock will occur. | Ermal Luçi | 2009-08-11 | 1 | -2/+2 |
| | | | | | Reported-by: mileswu Patch-extracted-from: https://rcs.pfsense.org/projects/pfsense/repos/mainline/merge_requests/30 | ||||
* | Use the global variable for referencing tmp path and do not use hardcoded value. | Ermal Luçi | 2009-08-11 | 1 | -14/+18 |
| | |||||
* | Fix routes on the same interface and the return value of ↵ | Ermal Luçi | 2009-07-27 | 1 | -1/+1 |
| | | | | guess_interface_from_ip to not include \n. Reported on http://forum.pfsense.org/index.php/topic,18001.0.html. | ||||
* | Eliminate the usage of global variables on the aliases. Remove some ↵ | Ermal Luçi | 2009-07-24 | 1 | -7/+10 |
| | | | | debugging leftovers. |