summaryrefslogtreecommitdiffstats
path: root/src/etc/inc/filter.inc
Commit message (Collapse)AuthorAgeFilesLines
* Fix VLAN Priority set pf syntax. Fixes #7744jim-p2017-08-011-3/+15
|
* nat, portforwards should not make up a new destination information when a ↵PiBa-NL2017-07-121-4/+0
| | | | | | configured dhcp interface does not currently have an address. fixes: https://forum.pfsense.org/index.php?topic=127585.msg733528#msg733528
* Removed MSS clamping exclusionsRobbert Rijkse2017-07-061-4/+1
|
* Add underscores to is_port* function namesPhil Davis2017-03-271-3/+3
|
* Redmine #7428 Hanlde empty port aliasPhil Davis2017-03-261-10/+28
|
* Refactor filter_generate_nested_aliasPhil Davis2017-03-261-9/+18
|
* Provide functions for checking port range alias combinationsPhil Davis2017-03-261-1/+1
|
* Fix handling of port ranges in this validation test. Ticket #7421jim-p2017-03-241-2/+6
|
* File a notice and omit rule(s) using a missing port alias. Fixes #7421jim-p2017-03-231-0/+10
|
* Fix #7372 Cannot filter ICMP Type SKIPPhil Davis2017-03-121-1/+3
|
* Remove deprecated unused functiondoktornotor2017-03-051-6/+0
| | | Not used anywhere and deprecated for ages (https://github.com/pfsense/pfsense/commit/fe9afce65fc36f278e18edf8959669de2e9ddeef)
* Merge pull request #3570 from phil-davis/fw-rule-desc-7294Renato Botelho2017-03-021-3/+10
|\
| * Fix 7294 keep full rule descriptionPhil Davis2017-02-221-3/+10
| | | | | | | | Signed-off-by: Phil Davis <phil.davis@inf.org>
* | Fix #7299 and other stuffPhil Davis2017-02-231-1/+1
|/ | | | | | | | | As far as I can see, filter_generate_user_rule() is always supposed to be called with 'ipprotocol' set to 'inet' or 'inet6'. The cases of rules for both ('inet46') are handled by calling filter_generate_user_rule() twice, passing 'inet' then 'inet6'. So at this point, if 'ipprotocol' is blank, then it is from an old rule, and it [can|should|must] default to 'inet'. This would provide a generic fix for old rules that do not have 'ipprotocol' specified. The other thing that could be done is make some upgrade code that fills in 'ipprotocol' on old rules at upgrade.
* Remove redundant commentjim-p2017-01-151-1/+1
|
* Fix #7118 icmp-type anyPhil Davis2017-01-131-1/+1
| | | When 'any' is selected as the ICMP type, do not write 'icmp-type any' in the rule, just leave it out.
* Fix #7105: Old rules may not have ipprotocol defined, consider it icmp6-type ↵Renato Botelho2017-01-121-1/+1
| | | | only when ipprotocol is inet6
* Merge pull request #3139 from stilez/patch-38Renato Botelho2016-12-301-63/+49
|\
| * add gettext() to icmptype descriptionsstilez2016-10-261-43/+43
| |
| * typostilez2016-09-151-1/+1
| |
| * Enhance ICMP rulesstilez2016-09-151-64/+50
| | | | | | See main PR details
* | Fix #6982: Remove wrong global definition of use_filterdns and pass it as ↵Renato Botelho2016-12-301-2/+2
| | | | | | | | reference
* | Ticket #6920: Use filter_rule_function tag to detect function nameRenato Botelho2016-12-291-1/+4
| |
* | Fix #6920: Do not include stale .inc filesRenato Botelho2016-12-291-21/+50
| | | | | | | | | | | | | | | | | | | | | | Packages can declare a function called $pkgname_generate_rules() and it will be executed during filter reload process and add the hability to package insert necessary firewall rules. Code was listing all files /usr/local/pkg/*.inc and processing all of them without any kind of check, what lead to the error reported in #6920. Change the code to read only .inc files that belongs to currently installed packages.
* | Merge pull request #3312 from phil-davis/staticroutesRenato Botelho2016-12-271-3/+5
|\ \
| * | Fix #3560 correctly handle disabled static routesPhil Davis2016-12-271-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) util.inc - add parameter to get_staticroutes() so the caller can choose to see all static routes or only the ones that are currently enabled. 2) filter.inc - just process enabled static routes when making direct networks list, tonathosts etc. 3) services.inc - only include enabled static routes when making confogs for DHCP(6) Relay. 4) unbound.inc - only include enable static routes in unbound_acls_config 5) rc.newroutedns - only trigger if there is an enabled static route. Note: GUI validation has been left as-is. e.g. in system_gateways we don not allow to delete a gateway if there is a disabled static route using it... If people want to delete "higher level" stuff, then they need to first delete the disabled static route(s). Otherwise it will get rather "risky" having disabled static routes in the config that refer to gateways that no longer exist, or have a subnet range that now matches a local interafce or...
* | | Fix nested aliases with FQDN (Fixes #6982)Renato Botelho2016-12-271-4/+3
| | | | | | | | | | | | | | | | | | Make $use_filterdns a parameter. It needs to be persistent across recursive calls otherwise it ends up not adding necessary items to filterdns depending of how items are sorted
* | | Remove unused variableRenato Botelho2016-12-271-5/+4
|/ /
* | If nothing is enabled that requires xinetd, do not run xinetd. Fixes #6308jim-p2016-12-151-12/+16
| |
* | Correct the descriptions and behavior of the Adaptive Start and Adaptive End ↵jim-p2016-12-141-1/+1
| | | | | | | | settings.
* | Ensure that mobile IPsec client addresses are added to vpn_networks. Fixes #7005jim-p2016-12-121-0/+11
| |
* | Revert the workaround now that the pf parsing issue is fixed.Luiz Otavio O Souza2016-12-091-3/+2
| | | | | | | | Ticket #6985
* | Fix #6996 using existing variableRenato Botelho2016-12-091-1/+1
| |
* | Work around the NPt rule loading issue to load the rules as they were on ↵jim-p2016-12-061-2/+2
| | | | | | | | previous versions. Fixes #6985
* | Stopgap to keep filter reload errors from happening due to NPt rule errors. ↵jim-p2016-12-051-1/+2
| | | | | | | | Ticket #6985
* | Revise update_filter_relaod_status() function to append status messages ↵Steve Beaver2016-11-211-1/+1
| | | | | | | | rather than overwrite the file
* | The IPv6 packets are always blocked.Luiz Otavio O Souza2016-11-091-2/+2
| | | | | | | | Ticket #6206
* | So, PHP eats the last '\n' and we need an additional new line...Luiz Otavio O Souza2016-11-071-0/+7
| | | | | | | | Fix the generated pf rules.
* | Do not generate IPv6 rules when IPv6 is disabled.Luiz Otavio O Souza2016-11-061-1/+24
| | | | | | | | Ticket #6206
* | Remove all calls to conf_mount_r* functionsRenato Botelho2016-10-121-2/+0
| |
* | Merge pull request #2782 from fredronnv/masterRenato Botelho2016-09-151-0/+5
|\ \ | |/ |/|
| * Use !empty() instead of isset()Fredrik Rönnvall2016-09-151-1/+1
| |
| * Improve handling of source-hash keyFredrik Rönnvall2016-03-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | - Store the source-hash key in its own config field. - Validate the provided source-hash key. Check that hex string input is of the form "0x" followed by 32 hexadecimal digits. Any other string not starting with "0x" is hashed using md5 and stored as "0x" followed by the md5 hash. - Correct style issues making sure to follow pfSense Developer Style Guide. - Addition of the stored source-hash key config field in filter.inc, append it to the poolopts variable
* | Move copyright from ESF to NetgateRenato Botelho2016-09-061-1/+1
| |
* | Move to Apache License 2.0Renato Botelho2016-07-151-41/+9
| |
* | Review license / copyright on all files (final round)Renato Botelho2016-07-151-1/+1
| |
* | Review license / copyright on all files (1st round)Renato Botelho2016-07-141-56/+56
| |
* | Fix firewall rules for PPPoE serverNewEraCracker2016-06-301-3/+8
| | | | | | | | | | | | 1) PPPoE Clients are located within 'Remote Address Range' (sa) and not Server Address (ip), see lines 1194 and 1195. 2) Interfaces for floating rules were not being correctly added due to a bug on interface detection caused by PPPoE differences. This commit fixes those two issues.
* | Firewall / Aliases / Edit - New URL Table Alias TypeNOYB2016-05-241-1/+1
| | | | | | | | Make the code cleaner and easier to follow by using the same alias type designations as config.
* | URL Table (Ports) File CommentsNOYB2016-05-231-1/+2
| | | | | | | | Fix for Bug #6395 that keeps full line comments of the downloaded file but strips them for the pf rules load.
OpenPOWER on IntegriCloud