summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
Commit message (Collapse)AuthorAgeFilesLines
* Do not allow duplicate netcat reflection entries. Resolves #193sullrich2009-11-291-6/+6
|
* Use any for block until a diff solution can be createdsullrich2009-11-291-1/+1
|
* Lock out SSH going to LANIPS. Use correct SSH port if custom port is defined.sullrich2009-11-291-2/+7
|
* Nuke motdsullrich2009-11-291-15/+27
|
* Include neccessary filter.inc.Ermal Luçi2009-11-241-1/+0
|
* Rework includes/require. This saves about 4 megabytes.Scott Ullrich2009-11-211-2/+0
| | | | Simplify get_memory(). Tested on mips/i386
* Add support for 'max-src-conn' PF feature, to limit the maximum number of ↵pierrepomes2009-11-161-1/+4
| | | | established connections per host
* Don't add hard coded rules to allow traffic to the portal.Chris Buechler2009-11-151-5/+0
| | | | | 1) the no state breaks CP 2) it's never been automatically allowed previously, and hard coded non-editable rules are bad.
* err, this defeats the entire purpose of NAT-T for clients behind the ↵Chris Buechler2009-11-081-2/+0
| | | | firewall, let's not do this.
* Don't add port on no nat rules. Fixes #120Chris Buechler2009-11-071-8/+9
|
* Fix "Filter rule association" "Pass" optionunknown2009-11-071-9/+13
|
* The wizards do not set the rule type and queues should be enabled even on ↵Ermal Luçi2009-11-021-19/+17
| | | | block rules so add the queues to the rules even if the type of rule is not set(which means pass btw). This unbreaks the traffic shaper wizards and block shaping rules.
* Revert "Fix no nat rules where ports 1024:65535 is added Resolves #120"Scott Ullrich2009-10-271-7/+3
| | | | This reverts commit 8763e56d20eec74f1c4caaea80ac1cfcb46bbe03.
* Fix no nat rules where ports 1024:65535 is added Resolves #120Scott Ullrich2009-10-271-3/+7
|
* On second look, turn on PPP interfaces at the get_interfaces_with_gateway levelScott Ullrich2009-10-251-1/+1
|
* Add nat on rules for PPPScott Ullrich2009-10-251-10/+8
|
* Correctly fix the function so that the table expands again.Seth Mos2009-10-231-1/+2
| | | | Whoever rewrote this must have been sleep deprived or really lost.
* Unbreak filter_get_direct_networks()Seth Mos2009-10-231-1/+2
| | | | Check if the array is empty
* Remove double dollar signSeth Mos2009-10-231-1/+1
|
* Restore the filter_get_vpns_list() functionalitySeth Mos2009-10-231-12/+24
| | | | Increase readability
* Use useland pppd for ppp connectionsScott Ullrich2009-10-191-1/+29
|
* Do not use state on the CP authentication port. This is necessary since the ↵Ermal Luçi2009-10-081-2/+2
| | | | fwd from layer 2 being done with the latest code will break the mechanism that pf keeps state.
* Turn off FLOWTABLEScott Ullrich2009-09-281-1/+2
|
* Fix typo: Pointy-hat-to: ?!Ermal Luçi2009-09-281-1/+1
|
* Filter rules for interface-subnet rules fixed.Eirik Oeverby2009-09-231-2/+4
|
* Merge remote branch 'mainline/master'Eirik Oeverby2009-09-231-2/+12
|\
| * Only create a rdr for local interfaces which is destined for the actual ↵Seth Mos2009-09-231-2/+12
| | | | | | | | | | | | | | address we have a portforward for. This prevents people from ending up in our netcat code for reflection when trying to access other websites. Should fix Issue #99
* | More IPSec, filter.inc changesEirik Oeverby2009-09-231-2/+6
| |
* | WIP: fixing IPSec screens/configEirik Oeverby2009-09-221-1/+1
|/
* Fix rdr generation, fix by ltningChris Buechler2009-09-201-1/+1
|
* With latest improvements to ipfw(4) we do not need ipfw on layer3 everything ↵Ermal Luçi2009-09-201-2/+2
| | | | is done on layer2 now.
* Generate FilterIflist members if not generated before. This function is ↵Ermal Luçi2009-09-201-1/+3
| | | | supposed to be private to filter.inc but seems some other code depends on it.
* Merge branch 'master' of git://rcs.pfsense.org/pfsense/Eugene-igmpproxyScott Ullrich2009-09-161-18/+1
|\
| * Remove igmpproxy specific stuff from filter.inc, add allow-opt into pass out ↵Eugene2009-09-171-18/+1
| | | | | | | | all...
* | Merge branch 'master' of git://rcs.pfsense.org/pfsense/Eugene-igmpproxy into ↵Scott Ullrich2009-09-161-0/+21
|\ \ | |/ | | | | review/master
| * Add allow-opts at Upstream igmpproxy interface if the package is presentCharlie2009-09-161-0/+21
| |
* | Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additionsScott Ullrich2009-09-121-1/+4
|/
* Only process after_filter_configure_run if it is an arrayScott Ullrich2009-08-221-2/+3
|
* oops fix if statementScott Ullrich2009-08-201-1/+1
|
* Fix Warning: Invalid argument supplied for foreach() in /etc/inc/filter.inc ↵Scott Ullrich2009-08-201-2/+4
| | | | on line 415
* Fix NAT reflection for UDP. Was using the incorrect socket type, when udp ↵jim-p2009-08-151-3/+6
| | | | was reflected, inetd was still listening on TCP.
* Actually do the test right.Ermal Luçi2009-08-121-1/+1
|
* Catch up with the new System->Misc option added for schedules.Ermal Luçi2009-08-121-1/+2
|
* Just return without the complete rule otherwise some misconfiguration may ↵Ermal Luçi2009-08-121-1/+1
| | | | | | happen when a schedule expires. Reported-by: mileswu
* Remove unneeded double quoutes from expression.Ermal Luçi2009-08-111-1/+1
|
* Add a compat function after renaming tdr_install_cron to ↵Ermal Luçi2009-08-111-0/+6
| | | | filter_tdr_install_cron with a warning for the renaming.
* Unlock a little faster otherwise a deadlock will occur.Ermal Luçi2009-08-111-2/+2
| | | | | Reported-by: mileswu Patch-extracted-from: https://rcs.pfsense.org/projects/pfsense/repos/mainline/merge_requests/30
* Use the global variable for referencing tmp path and do not use hardcoded value.Ermal Luçi2009-08-111-14/+18
|
* Fix routes on the same interface and the return value of ↵Ermal Luçi2009-07-271-1/+1
| | | | guess_interface_from_ip to not include \n. Reported on http://forum.pfsense.org/index.php/topic,18001.0.html.
* Eliminate the usage of global variables on the aliases. Remove some ↵Ermal Luçi2009-07-241-7/+10
| | | | debugging leftovers.
OpenPOWER on IntegriCloud