| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
configured dhcp interface does not currently have an address.
fixes: https://forum.pfsense.org/index.php?topic=127585.msg733528#msg733528
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
Not used anywhere and deprecated for ages (https://github.com/pfsense/pfsense/commit/fe9afce65fc36f278e18edf8959669de2e9ddeef)
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Phil Davis <phil.davis@inf.org>
|
|/
|
|
|
|
|
|
|
| |
As far as I can see, filter_generate_user_rule() is always supposed to be called with 'ipprotocol' set to 'inet' or 'inet6'. The cases of rules for both ('inet46') are handled by calling filter_generate_user_rule() twice, passing 'inet' then 'inet6'.
So at this point, if 'ipprotocol' is blank, then it is from an old rule, and it [can|should|must] default to 'inet'.
This would provide a generic fix for old rules that do not have 'ipprotocol' specified.
The other thing that could be done is make some upgrade code that fills in 'ipprotocol' on old rules at upgrade.
|
| |
|
|
|
| |
When 'any' is selected as the ICMP type, do not write 'icmp-type any' in the rule, just leave it out.
|
|
|
|
| |
only when ipprotocol is inet6
|
|\ |
|
| | |
|
| | |
|
| |
| |
| | |
See main PR details
|
| |
| |
| |
| | |
reference
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Packages can declare a function called $pkgname_generate_rules() and it
will be executed during filter reload process and add the hability to
package insert necessary firewall rules. Code was listing all files
/usr/local/pkg/*.inc and processing all of them without any kind of
check, what lead to the error reported in #6920.
Change the code to read only .inc files that belongs to currently
installed packages.
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1) util.inc - add parameter to get_staticroutes() so the caller can
choose to see all static routes or only the ones that are currently
enabled.
2) filter.inc - just process enabled static routes when making direct
networks list, tonathosts etc.
3) services.inc - only include enabled static routes when making confogs
for DHCP(6) Relay.
4) unbound.inc - only include enable static routes in
unbound_acls_config
5) rc.newroutedns - only trigger if there is an enabled static route.
Note: GUI validation has been left as-is. e.g. in system_gateways we don
not allow to delete a gateway if there is a disabled static route using
it... If people want to delete "higher level" stuff, then they need to
first delete the disabled static route(s). Otherwise it will get rather
"risky" having disabled static routes in the config that refer to
gateways that no longer exist, or have a subnet range that now matches a
local interafce or...
|
| | |
| | |
| | |
| | |
| | |
| | | |
Make $use_filterdns a parameter. It needs to be persistent across
recursive calls otherwise it ends up not adding necessary items to
filterdns depending of how items are sorted
|
|/ / |
|
| | |
|
| |
| |
| |
| | |
settings.
|
| | |
|
| |
| |
| |
| | |
Ticket #6985
|
| | |
|
| |
| |
| |
| | |
previous versions. Fixes #6985
|
| |
| |
| |
| | |
Ticket #6985
|
| |
| |
| |
| | |
rather than overwrite the file
|
| |
| |
| |
| | |
Ticket #6206
|
| |
| |
| |
| | |
Fix the generated pf rules.
|
| |
| |
| |
| | |
Ticket #6206
|
| | |
|
|\ \
| |/
|/| |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Store the source-hash key in its own config field.
- Validate the provided source-hash key. Check that hex string input is
of the form "0x" followed by 32 hexadecimal digits. Any other string
not starting with "0x" is hashed using md5 and stored as "0x" followed
by the md5 hash.
- Correct style issues making sure to follow pfSense Developer Style
Guide.
- Addition of the stored source-hash key config field in filter.inc,
append it to the poolopts variable
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
1) PPPoE Clients are located within 'Remote Address Range' (sa) and not Server Address (ip), see lines 1194 and 1195. 2) Interfaces for floating rules were not being correctly added due to a bug on interface detection caused by PPPoE differences.
This commit fixes those two issues.
|
| |
| |
| |
| | |
Make the code cleaner and easier to follow by using the same alias type designations as config.
|
| |
| |
| |
| | |
Fix for Bug #6395 that keeps full line comments of the downloaded file but strips them for the pf rules load.
|