Activity
From 03/19/2007 to 04/17/2007
04/17/2007
- 09:26 PM Revision 5014eab1: Turn off hard drive write caching correctly
- 09:26 PM Revision d6240d7f: Turn off hard drive write caching correctly
- 07:38 PM Revision 3b907eb1: Show icon when schedule is active
- MFC: asap
- 06:51 PM Revision 2a113ca9: Schedule popup on firewall page, stop min 0>00
- MFC: asap
- 06:11 PM Revision f89e550c: hw.ata.wc is a read-only /boot/loader.conf value. Remove.
- 06:11 PM Revision 2f17ee86: hw.ata.wc is a read-only /boot/loader.conf value. Remove.
04/16/2007
- 11:09 PM Revision d48ccbcd: Correctly note the filter configure item when removing the schedule feature from cron
- 11:09 PM Revision e85212d9: Correctly note the filter configure item when removing the schedule feature from cron
04/15/2007
- 07:37 PM Revision 2c57ec50: Add xml sync schedules option
- 07:37 PM Revision e130cfd3: Add xml sync schedules option
- 05:59 PM Revision 8476b3b3: Remove stray ;
- 05:59 PM Revision 530b5e46: Remove stray ;
04/14/2007
- 10:37 PM Revision 89f10d65: Uncomment pass rule logic. Fixes a problem report from the forum. Reminded-by: Holger
- 10:36 PM Revision 2d2d95e1: Uncomment pass rule logic. Fixes a problem report from the forum. Reminded-by: Holger
- 10:28 PM Revision e9f661b9: Add some text breaks.
- 10:28 PM Revision 1fa1ddc7: Add some text breaks.
- 10:25 PM Revision 099ab77e: Remove <br/> from schedule strong note.
- 10:25 PM Revision 49decb66: Remove <br/> from schedule strong note.
- 10:23 PM Revision 72067762: Wrap text in <pre></pre>
- 10:23 PM Revision 0618f66b: Wrap text in <pre></pre>
- 10:08 PM Revision 7f7ad501: Add a note about firewall rule schedule logic that will pop up in a new window describing how pass rules work when they are outside of the schedule window, etc.
- 10:08 PM Revision 4cf2b7fd: Add a note about firewall rule schedule logic that will pop up in a new window describing how pass rules work when they are outside of the schedule window, etc.
04/13/2007
- 08:50 PM Revision 752d210b: Disable ATA write caching which should help with loosing configuration on invalid power off events.
- 08:50 PM Revision 92f86ca6: Disable ATA write caching which should help with loosing configuration on invalid power off events.
- 03:26 AM Revision fab7ff44: Backport usermanager code from HEAD so I can get it in the snaps and
- start testing it properly
There's still some CSS/HTML fixes needed but the code seems to work
04/11/2007
- 05:02 PM Revision 6d838c83: Hide "ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding enabled, default to accept, logging disabled" while enabling time based rules
- Noticed-by: Ryan Wagoner
- 05:02 PM Revision 5472fbdb: Hide "ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding enabled, default to accept, logging disabled" while enabling time based rules
- Noticed-by: Ryan Wagoner
- 04:59 PM Revision d85052a3: Check for array type before foreach()
- Reminded-by: Ryan Wagoner/Seth Mos
- 04:59 PM Revision 4df064d4: Check for array type before foreach()
- Reminded-by: Ryan Wagoner/Seth Mos
- 04:57 PM Revision 16696fbb: Remove time based rule debugging statements.
- Reminded-by: Ryan Wagoner
- 04:57 PM Revision 228ac087: Remove time based rule debugging statements.
- Reminded-by: Ryan Wagoner
- 04:54 PM Revision 06dae605: Do not sort dns server list.
- Reported-by: Goffredo Andreone
- 04:54 PM Revision 96a33933: Do not sort dns server list.
- Reported-by: Goffredo Andreone
04/10/2007
- 06:04 PM Revision 7dddd075: If we cannot deterimine interrupts a second for an interface, do not recycle last known values.
- 06:04 PM Revision aa8f9947: If we cannot deterimine interrupts a second for an interface, do not recycle last known values.
- 05:19 PM Revision 2fb4c391: Do not show blank openvpn configuration items.
- 05:19 PM Revision 5f7bb797: Do not show blank openvpn configuration items.
04/09/2007
- 05:03 PM Revision afd0cbb4: Set RELENG_1 version to 1.3. 1.2 will be released form RELENG_1_2.
- 12:48 AM Revision 84dd057a: Time for 1.2-BETA-1
- 12:01 AM Revision d254fe7b: If the interface is "lan" and bridging is enabled then skip creation of the DHCP Server subnet. Ticket #1281
04/08/2007
- 11:46 PM Revision 8f798977: Remove configuration lock that would be acquired when you login to ssh after a firmware update. Ticket #1258
- 11:22 PM Revision 89f4b6a3: Correct sysctl name.. it is movements not movement.
- 06:22 PM Revision 011bff69: startup routed on boot if it's enabled
- 11:50 AM Revision 530c0044: Correct rrd_gateway path
04/07/2007
- 08:58 PM Revision ecd43b7f: Skip rule creation when interface_ip or remote_gateway is unknown
- 07:52 PM Revision 6ec72f51: When a 0 byte configuration file is found, remove it (unlink) and continue processing.
- 07:24 PM Revision 33a0c37d: Remove IP Compression box. A lot of further refactoring is going to be required to make this work and we do not have enough time to do so before 1.2 beta.
- 05:00 AM Revision cd110adf: Ticket 1280: updated
- 02:10 AM Revision be58a5d1: Use -o when loading the pf ruleset. From the pfctl man page: -o Enable the ruleset optimizer. The ruleset optimizer attempts to improve rulesets by removing rule duplication and making better use of rule ordering. Specifically, it does four things: 1. remove duplicate rules 2. remove rules that are a subset of another rule 3. combine multiple rules into a table when advantageous 4. re-order the rules to improve evaluation performance A second -o may be specified to use the currently loaded ruleset as a feedback profile to tailor the optimization of the quick rules to the actual network behavior. It is important to note that the ruleset optimizer will modify the ruleset to improve performance. A side effect of the ruleset modification is that per-rule accounting statistics will have different meanings than before.
- Use -o when loading the pf ruleset. From the pfctl man page:
-o Enable the ruleset optimizer. The rulese...
04/06/2007
- 05:56 PM Revision 3d8e2f77: Cleanup IPSEC rules a bit. More work will be performed in this area over the weekend.
- 05:55 PM Revision 91f1378c: Both -HEAD and -RELENG_1 have had a hidden feature to allow IPSEC compression. Add a checkbox to the screen to allow this hidden value to be toggled.
04/05/2007
- 05:23 PM Revision e801f662: Add UDP bit torrent traffic rule to wizard
- 02:13 PM Revision 914b7021: Fix bad paths resulting from move of routed package
- Reported-by: Samer Chaer <samerchaer at gmail.com>
04/04/2007
- 09:17 PM Revision d49ef3af: Comment out what appears to be non-needed code.
- 08:17 PM Revision 1318f78b: Allow multiple stacked rules (allow) to work correctly in the time based new world order. How deep this rabbit hole is yet to be deterimined.
- 02:07 PM Revision 3595b631: highlight schedule column on single clicks
04/03/2007
- 10:14 PM Revision 2a08bf6b: Do not zap cron entries with a large hammer. Instead gently use a knife.
- 09:49 PM Revision ae84328e: Also configure loopback. Otherwise filter rules can not be loaded
- 08:48 PM Revision ee3f99f1: Add back 59 minute option
- 08:46 PM Revision 81f0619c: Deal with block type rules correctly during time based rule operations
- 08:12 PM Revision e73e73f6: Do not unset cron entries.. This needs a bit more work.
- 07:19 PM Revision 51282f04: Correctly report false
- 07:12 PM Revision 9865652e: rework the check code to be more readable since it is falsing
- 07:07 PM Revision 75aaf51c: Add more debugging info
- 06:55 PM Revision 431840f6: Add debugging info for hourstatus
04/02/2007
- 11:54 PM Revision 92712545: Install deny rule correctly
- 09:42 PM Revision 70b76187: Deny rules are already the defeault. Do not switch to allow.
- 09:08 PM Revision b9f7b277: * Remove 59 * Change 0 to 00 for consistency
- 08:52 PM Revision b8257606: * Add more debugging helpers to system logs * Unbreak logic since the recent traffic shaper 'fix'
- 05:20 PM Revision 02dee88e: Remove class elements from TD so that elements do not look strange.
- Suggested-by: Scott Dale
- 04:33 PM Revision 36df0acc: Remove openvpn-csc when needed.
- Submitted-By: Fernando Lemos
- 04:30 PM Revision 031aed01: Remove trailing space
- 04:29 PM Revision 74f890cb: Set /sbin/sysctl -n net.link.ether.inet.log_arp_movement=0 when shared physical net is checked
- 04:28 PM Revision 6cb438cf: Use mwexec() to avoid printing out the sysctl operation
04/01/2007
- 09:27 PM Revision f745ee76: * Do no \n * Be consistent on output
- 09:19 PM Revision 0c247ed5: Add logging helper statements
- 06:07 PM Revision 3db43518: Correctly handle hour and minutes on the dot.
03/31/2007
03/30/2007
- 09:19 PM Revision e4913b90: Handle port ranges correctly
- 04:17 PM Revision 6df4e01c: Do not foreach through an item that does not exist
- 09:45 AM Revision 1a4f3123: more logic checks.
03/29/2007
- 08:05 PM Revision 636a69e6: more logic checks
- 08:04 PM Revision 591ceb32: corrected schedule_inuse function
- 07:51 PM Revision 63724b02: Added is_schedule_inuse()
- 07:48 PM Revision 1e19ee66: Check that cron items exist before foreach()
- 07:46 PM Revision 83e44209: Remove debugging statement. Remove missed code from HEAD.
- 07:27 PM Revision 17271f41: Remove bogus IPSEC interface checks
- 07:10 PM Revision 00eee841: Correctly check if an alias is in use
- 07:05 PM Revision 346e2e6b: Correct check
- 05:35 PM Revision a4f15b52: MFC 17270
- Fix hostname check when hostname field is blank
- 05:33 PM Revision 6c893f02: Ensure PFTPX is running as it should on filter reloads
- 05:17 PM Revision cfc5a090: Back out last commit, it removes the hostname check and is not the correct fix.
- Ryan will be investigating the issue further since he added this feature.
- 05:10 PM Revision c229a1d8: Sync w/ m0n0wall
- 04:46 PM Revision 7604679a: Unlink pool file only if it exists
- 04:45 PM Revision 1833f54d: Fix comment formatting. No functional change.
- 04:25 PM Revision 903c6f6a: Unlink pool file only if it exists
- 04:17 PM Revision a53c0219: s/!/not/ for not based rules (tdr)
- 04:53 AM Revision a0ff31f2: Correct the reload filter filename
- 12:17 AM Revision 72aea38d: Signal filter reload after change
03/28/2007
- 10:13 PM Revision d4aab1eb: is_validaliasname() will not allow _, remove that from the allowed description. If we want to allow _ then a new function will have to be created in place of is_validaliasname()
- 09:11 PM Revision 8cb370b9: * Add comments * Remove blank space at end of file
- 09:10 PM Revision 6a6d2f63: Monday is first now
- 08:10 PM Revision 9c0dd6a8: Use cron instead of minicron and reload the rules on 0,15,30,45
- 07:48 PM Revision 9a3b9aa0: Check for p2pcatchall with isset()
- 05:11 PM Revision 94cb706d: Ensure deny rules are allowed when necessary. Submitted-by: Scott Dale
- 09:35 AM Revision f124cb15: removed unnecessary logic check
- 07:44 AM Revision 101fd849: time is now drop down, various other logic checks
- 07:31 AM Revision 40ad834c: Fixed column alignment for new schedule column
- 01:11 AM Revision f9cf51f2: Shift icons to the right now that the schedule column is appearing
- 12:42 AM Revision 67d9ec69: updated text descriptions and added check to ensure at least 1 time range is configured
- 12:40 AM Revision e61c7d6b: Don't forget to pass rule back to caller
- 12:15 AM Revision a2e114ec: Make the nat reflection timeout overridable if <system><reflectiontimeout> is specified in config.xml
03/27/2007
- 11:43 PM Revision 7738faa8: Include schedule column
- 11:32 PM Revision 5721c8f6: Use correct queue name for p2p download (ftp)
- 11:25 PM Revision 5ca505e2: Pass along the correct queue names to ftpseasme and pftpx.
- 11:24 PM Revision 9b2040c6: Version bump
- 09:48 PM Revision 360cf3cf: Don't forget minicron's .pid file pointer
- 09:42 PM Revision c5cb3ac2: Teach the captive portal about time based rules so that it will not unload ipfw from underneath ourselves.
- 09:37 PM Revision 1c3da6b3: Use == "0"
- 09:36 PM Revision d6d0ac8b: Use intval() on shell command which contains a c/r
- 09:18 PM Revision 0711d73f: Add firewall rules schedule page
- 09:14 PM Revision c5ebc6d4: Check correct status values
- 09:13 PM Revision bd080157: update error checks for minutes ending in 59
- 09:02 PM Revision b2cd31a1: Correctly check return status values
- 08:49 PM Revision fdb29c8a: Corrected xml schema
- 08:34 PM Revision 9cd0b618: Add useful commands for checking system status
- 08:11 PM Revision 7568638b: s/day/position to reflect reality
- 06:52 PM Revision 16c7d217: Further trim openntpd.xml now that it is in base
- 06:49 PM Revision 6418cabb: Further trim openntpd.xml now that it is in base
- 06:47 PM Revision 5f8e5160: * Include system.inc
- * Call system_configure_ntp(); to configure
- 05:03 PM Revision 98e392c5: Prefer two dns servers by default. Add a hidden variable in <pppoe> called <dnsnosec/> which wil prevent pfSense from requiring a secondary dns server.
- Broken/busted ISP users that do not give out 2 dns servers will need to set this option manually.
Obtained-from: M0n... - 04:06 PM Revision 479bc061: Kill old comment
- 03:55 PM Revision 800e9138: Only foreach through aliases if they exist
- 03:48 PM Revision 9494b0e0: Pass schedule xml block correctly
- 03:39 PM Revision 84679732: s/$rule['schedule']/$rule['sched']/
- 07:04 AM Revision 273c8b1c: New XML Schema and multiple bug fixes.
- 04:13 AM Revision 860de1e8: correcting day positions
- 03:37 AM Revision c2aefc7a: update functions for correct support of php-date
03/26/2007
- 11:29 PM Revision ea83ac64: Remove cron spam on bootup
- 10:29 PM Revision 26dd685f: Back out softupdates check code
- 06:20 PM Revision 8071cce7: * Add function comments
- * Swap in the IPFW TDR set after filter configuration if a schedule is found
- 06:09 PM Revision bd413d75: * Delete previous rules
- * If a schedule is referenced then ensure ipfw is loaded
* Add a deny rule via ipfw when a items schedule is expired - 05:57 PM Revision 747e17dc: Correctly convert port aliases into their $port,$port counterpart
- 05:17 PM Revision 2d0177a4: Adding tdr_create_ipfw_rule() which will convert a rule into ipfw logic.
- TODO: Resolve port aliases and clean up > < = logic
- 02:57 PM Revision a60fd0cb: Only foreach() through the object if it is an array. This should fix the Warning: Invalid argument supplied for foreach() in /usr/local/www/firewall_rules_edit.php on line 729
03/25/2007
- 05:44 AM Revision 329069c9: Comment out the per user bw option until the kernel panics are tamed
- 05:40 AM Revision 073abaa6: Comment out the m0n0wall option until the kernel panics are tamed
- 05:13 AM Revision f479b407: Kill trailing space
- 05:12 AM Revision d244855a: s/timepart/timerange
- 03:43 AM Revision f59f9de4: Include file correctly
- 03:35 AM Revision 39242ec7: Kill -HEADisms
- 03:31 AM Revision 401432ac: Print out variable correctly
- 03:23 AM Revision 81a6f5ea: MFC m0n0wall traffic shaper option
- 01:30 AM Revision 7e587bdb: Add back per user bandwidth now that dummynet works correctly
- 12:51 AM Revision 54473744: Since we already have a "time" field convert the time day "time" to "timepart"
03/24/2007
03/23/2007
- 11:03 PM Revision ffb71439: Remove unused variable array
- 10:56 PM Revision 6e80ce90: Invert should_add_rule logic
- 10:54 PM Revision dfa29ccc: Glue the time / day rule logic and do the hokey-pokey.
- 10:46 PM Revision 1394846f: Add tdr_day() code which will compare the day of the month 0-31.
- 10:43 PM Revision cce81b9e: Add tdr_week() code which verifies which week number that we are currently on. For example calling tdr_week("10,11,12") will evaluate to try if the current week of the year is 10, 11 or 12. As of the time of this commit we are on week 12.
- 10:39 PM Revision 946a3c91: Add tdr_position chechking code which verifies a day of week. For instance calling tdr_position("0,1,2,3") will evaluate if the day of the week is Sunday - Weds and return true if it matches
- 10:27 PM Revision 10c913d2: * Add many comments
- * Add hour comparison code which will evaluate a string such as 16:00-19:00 which says that the hour of the rule is b...
- 08:44 PM Revision da32c14c: * Add time based rule support to filter.inc
- * Start stubbing in needed framework for TBR
- 08:25 PM Revision bce8a719: Make <time> an array so it can appear multiple times
- 08:21 PM Revision d8c091f8: Back out last commit, we are going to use <schedule>
- 08:17 PM Revision 8bf167b6: Allow multiple timeday entries (set as an array)
- 06:45 PM Revision c7a9cb7a: Hide schedule area. We are not ready for bug reports yet, Martin!!!
- 11:19 AM Revision dcef097d: header correct now, oops
- 11:16 AM Revision 2ab72859: version bump
- 11:08 AM Revision 615b27bc: Firewall Schedule GUI! ... and there was much rejoicing.
- 05:11 AM Revision ba393f6c: Removed redundant code, added feature to copy over data when input errors are detected (prevents retyping).
03/21/2007
- 09:15 PM Revision 29ed06c9: Only show interrupts a second if we can obtain the information for that interface
- 09:08 PM Revision 12bade7c: deal with uhci edge case
- 08:57 PM Revision 6f7fb5c9: If vmstat is present then display interrupt total and rate. Recent snapshots already contain vmstat.
- 06:31 PM Revision b7dd3a25: Ignore down or unconfigured interfaces
- 06:17 PM Revision 77bded26: Make it easier to read filter rule creation, and only work when we have a gateway _and_ a rule.
- 04:29 PM Revision 637345f3: Silence eclipse errors
- 04:28 PM Revision 5918fbaf: Silence eclipse errors
- 04:26 PM Revision 01ccbfc1: Kill trailing space
- 04:26 PM Revision cf97af9a: Initialize variable to clear eclipse error
- 04:23 PM Revision 5370388a: Fix eclipse errors
- 04:03 PM Revision ff091d96: Add an option to disable firewall scrubbing altogether.
03/20/2007
- 09:17 PM Revision 2c8e5579: Fix load balancer filter logic.
- Add extra checking for valid configurations.
A bit more verbose. - 09:16 PM Revision 6e489ce2: Remove load balancer pool status file when we reconfigure a pool.
- 06:38 PM Revision 91bf75df: Unbreak exec.php
- 06:30 PM Revision cff1e21d: Unbreak exec.php
- 05:46 PM Revision 357cde41: Add link_carp_interface_to_parent() function
- 05:24 PM Revision 95594e5a: Add missing text from ntp configure
- 05:01 PM Revision 48f4405e: After openvpn resync all function, sleep for 5 seconds and trigger a filter reload
- 02:57 AM Revision 66138bf6: Page title was defined twice, removed incorrect definition.
- 02:41 AM Revision ee035da7: Ticket #1272 - fix path to routed.inc
- MFC: [17086]
03/19/2007
Also available in: Atom