| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
packages.pfsense.org
|
|
|
|
| |
they are numeric integer, also, pass them through htmlspecialchars() before print
|
|
|
|
|
|
|
|
| |
This makes sure the user puts in ordinary positive integers like "1" and "42" in these advanced options fields. It prevents everything else, including dodgy-looking possibilities like "007" which might actually work OK, but it is safer to allow just plain "7".
Note 1: The tests in function is_aoadv_used($rule_config) had to be changed back from using empty() to use $var != "" because if the user enters "0" in one of those fields and presses save, they get an error message, but the Advanced Options block on the GUI is closed (the "0" was considered empty()). That seemed rather confusing - the user would have had to click on the Advanced Options "Advanced" button again to open up that block and see the "0" they had entered.
Note 2: I have prohibited 2 things that "pf" allows into the ruleset without generating an error:
(max 0)
(tcp.established 0)
Both of these seem (IMHO) to have no valid use case. They would prevent states from ever happening, and so would effectively be block rules, which could be implemented easily as block rules.
|
|\
| |
| | |
Make Firewall Rules Advanced Options open if used
|
| | |
|
| |
| |
| |
| | |
Currently, if there are some settings defined in Firewall Rules Edit, Advanced Features, Advanced Options, the Advanced Options section is left minimized when the Firewall Edit screen is displayed. This makes it easy for a user to not notice that there are some Advanced Options settings.
This change makes the Advanced Options section be displayed if any of the settings are defined, in the same way it is done for all the other Advanced Features sections.
|
|\ \
| |/
| | |
Return GWG IP protocol (version) when no gateway IP
|
| |
| |
| | |
Tested this making a new rule, and editing existing IPv4, IPv6 and IPv4+Ipv6 rules, and switching the IP version on an existing rule. Seems to work!
|
| |
| |
| | |
While I notice this also, for a plain gateway, the current IP address is also listed in the dropdown list text, like "WAN_DHCP - 10.42.11.1". If there is no IP address currently, it might say "WAN_DHCP - dynamic". But for some DHCP gateways that have not had any non-default manual settings done, it can say "OPT1_DHCP -". This gets rid of the silly-looking "-"
|
| |
| |
| | |
Now return_gateway_groups_array() always returns at least the IP version 'ipprotocol' of each GWG, even if all its members are down at present. It is better to use this to check what IP version the GWG is. The previous check was using the IP address of the first member of the GWG to deduce 'ipprotocol'. That would fail if the WAN was DHCP and was down.
|
|/ |
|
|
|
|
|
| |
At the moment, even if a port number is entered, it's re-displayed only as a port name when editing. Users who don't have port names -> numbers lookup memorised can't easily confirm when editing a rule, that the port is as intended. Then, when they return to firewall_rules.php the same rules have ports displayed as numbers not names (inconsistent).
This small UI edit changes the port dropdowns from just the name "NetBIOS-NS" to "NetBIOS-NS (137)" and shows the very well known port number, for ease of use.
|
|
|
| |
PIM protocol for firewall rules.
|
|
|
|
|
|
|
| |
Clarifying the setting's meaning.
As suggested by forum member "Senser" on
https://forum.pfsense.org/index.php/topic,65472.msg356024.html#msg356024
|
|
|
| |
On the main firewall rules multi-rule display it shows "LAN net" "WAN net" etc. But on the edit screen it shows "LAN subnet" "WAN subnet" etc. Make the edit screen have the same text as the main screen - this has ben a source of enough little questions/queries on the forum.
|
| |
|
| |
|
|
|
|
| |
pfsync. Fix #2501
|
| |
|
|
|
|
| |
some rare cases.
|
|
|
|
| |
Various advanced options are now possible for any protocol since https://github.com/pfsense/pfsense/commit/653bde345e8f960de5bc745fe74e64d8ef3fd2d3
So allow these through the front-end GUI validation also.
|
|
|
| |
Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
|
|
|
|
|
| |
Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules.
Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html
Bug report #3098
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
For real this time. Friggin' github.
|
|
|
|
| |
removes residual "none" entries on save
|
| |
|
|
|
|
|
|
|
| |
Close INPUT, BR and IMG tags and add ALT to IMG tags
Update HTML boolean operators
Add missing closing P tags
Remove NAME paramenter from TR and DIV tags, invalid HTML
|
|
|
|
| |
information at the bottom of the page when viewing the firewall rule. Have various places in the system that create rules add a proper entry to indicate their origin.
|
| |
|
|
|
|
| |
fixes #2451
|
| |
|
|
|
|
| |
slave members
|
| |
|
|
|
|
| |
Some gateways do not have traditional addresses hard-coded into them - e.g. for OpenVPN dynamic gateways are created in software on-the-fly (they are not actually entries in the config). So traditional tests like is_ipaddrv4 are not useful to determine if the gateway is IPv4 or IPv6.
return_gateways_array() fills in an "ipprotocol" entry for each returned gateway ("inet" or "inet6"), as well as the "gateway" address field. This can be used to determine if the gateway is for IPv4 or IPv6.
|
|
|
|
| |
support is there in kernel so allow rules to be configured on this.
|
|
|
|
| |
gateway on outgoing
|
| |
|
|
|
| |
If there are no gateway groups defined, and you save a rule that has an ordinary gateway selected in "Advanced Features - Gateway", then a warning is emitted when trying to traverse an empty gateway groups array at line 214.
|
|
|
|
| |
unless the user is allowed to do that.
|
| |
|
| |
|
| |
|
|
|
|
| |
upgrade code for existing configs. The same fix is necessary for 2.0.x though not sure how this should be committed there.
|
|
|
|
|
|
|
| |
few of the most common limitations.
Still arguing if we should lock this down even further to aliases only.
Redmine ticket #2466
|
|
|
|
| |
supposed to be.
|
|
|
|
| |
trailing spaces are not deleted"
|