| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
rules, it was confusing and potentially incorrect for floating rule purposes.
|
|
|
|
|
| |
and module names and other bits of formatting and typos in header
comment sections.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove redundant declaration of $icmptypes and move it to a common
place (filter.inc)
- Add missing ICMP types for v4
- Add ICMPv6 types
- Adjust javascripts to show correct options depending of IP Protocol
- Hide ICMP type selection when protocol is IPv4+v6
It fixes #3389
|
| |
|
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| | |
HTTP_REFERER, there are a couple of places I didn't touch on this commit because it requires more work
|
| |
| |
| |
| | |
rule choice.
|
| |
| |
| |
| | |
Add CDATA sections to SCRIPT tags in various files
|
| | |
|
|/
|
|
| |
Operating Systems can be detected
|
|\
| |
| |
| | |
ayvis-master-br
|
| |
| |
| | |
replaced <br>, <br/> and </br> with <br />
|
|/
|
|
| |
packages.pfsense.org
|
|
|
|
| |
they are numeric integer, also, pass them through htmlspecialchars() before print
|
|
|
|
|
|
|
|
| |
This makes sure the user puts in ordinary positive integers like "1" and "42" in these advanced options fields. It prevents everything else, including dodgy-looking possibilities like "007" which might actually work OK, but it is safer to allow just plain "7".
Note 1: The tests in function is_aoadv_used($rule_config) had to be changed back from using empty() to use $var != "" because if the user enters "0" in one of those fields and presses save, they get an error message, but the Advanced Options block on the GUI is closed (the "0" was considered empty()). That seemed rather confusing - the user would have had to click on the Advanced Options "Advanced" button again to open up that block and see the "0" they had entered.
Note 2: I have prohibited 2 things that "pf" allows into the ruleset without generating an error:
(max 0)
(tcp.established 0)
Both of these seem (IMHO) to have no valid use case. They would prevent states from ever happening, and so would effectively be block rules, which could be implemented easily as block rules.
|
|\
| |
| | |
Make Firewall Rules Advanced Options open if used
|
| | |
|
| |
| |
| |
| | |
Currently, if there are some settings defined in Firewall Rules Edit, Advanced Features, Advanced Options, the Advanced Options section is left minimized when the Firewall Edit screen is displayed. This makes it easy for a user to not notice that there are some Advanced Options settings.
This change makes the Advanced Options section be displayed if any of the settings are defined, in the same way it is done for all the other Advanced Features sections.
|
|\ \
| |/
| | |
Return GWG IP protocol (version) when no gateway IP
|
| |
| |
| | |
Tested this making a new rule, and editing existing IPv4, IPv6 and IPv4+Ipv6 rules, and switching the IP version on an existing rule. Seems to work!
|
| |
| |
| | |
While I notice this also, for a plain gateway, the current IP address is also listed in the dropdown list text, like "WAN_DHCP - 10.42.11.1". If there is no IP address currently, it might say "WAN_DHCP - dynamic". But for some DHCP gateways that have not had any non-default manual settings done, it can say "OPT1_DHCP -". This gets rid of the silly-looking "-"
|
| |
| |
| | |
Now return_gateway_groups_array() always returns at least the IP version 'ipprotocol' of each GWG, even if all its members are down at present. It is better to use this to check what IP version the GWG is. The previous check was using the IP address of the first member of the GWG to deduce 'ipprotocol'. That would fail if the WAN was DHCP and was down.
|
|/ |
|
|
|
|
|
| |
At the moment, even if a port number is entered, it's re-displayed only as a port name when editing. Users who don't have port names -> numbers lookup memorised can't easily confirm when editing a rule, that the port is as intended. Then, when they return to firewall_rules.php the same rules have ports displayed as numbers not names (inconsistent).
This small UI edit changes the port dropdowns from just the name "NetBIOS-NS" to "NetBIOS-NS (137)" and shows the very well known port number, for ease of use.
|
|
|
| |
PIM protocol for firewall rules.
|
|
|
|
|
|
|
| |
Clarifying the setting's meaning.
As suggested by forum member "Senser" on
https://forum.pfsense.org/index.php/topic,65472.msg356024.html#msg356024
|
|
|
| |
On the main firewall rules multi-rule display it shows "LAN net" "WAN net" etc. But on the edit screen it shows "LAN subnet" "WAN subnet" etc. Make the edit screen have the same text as the main screen - this has ben a source of enough little questions/queries on the forum.
|
| |
|
| |
|
|
|
|
| |
pfsync. Fix #2501
|
| |
|
|
|
|
| |
some rare cases.
|
|
|
|
| |
Various advanced options are now possible for any protocol since https://github.com/pfsense/pfsense/commit/653bde345e8f960de5bc745fe74e64d8ef3fd2d3
So allow these through the front-end GUI validation also.
|
|
|
| |
Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
|
|
|
|
|
| |
Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules.
Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html
Bug report #3098
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
For real this time. Friggin' github.
|
|
|
|
| |
removes residual "none" entries on save
|
| |
|
|
|
|
|
|
|
| |
Close INPUT, BR and IMG tags and add ALT to IMG tags
Update HTML boolean operators
Add missing closing P tags
Remove NAME paramenter from TR and DIV tags, invalid HTML
|
|
|
|
| |
information at the bottom of the page when viewing the firewall rule. Have various places in the system that create rules add a proper entry to indicate their origin.
|