pfSense

Add TCP Inflight

re-enable the sending of ICMP redirects by default

Remove unused tag.

Unbreak package manager

Add missing bits from HEAD.

Switch over to the newly provisioned 0.pfsense.pool.ntp.org which
ntp.org has graciously setup for pfSense.

Really disable CTRL+ALT+DELETE.

Disable CTRL+ALT+DELETE reboot sequence on keyboard.

Admnins commonly have to press this sequence to login to winderz boxen and
if you have a shared KVM you might accidently reboot your firewall.

Move update bogons script to 3am.

Discussed on pfSense-support@

• Download bogons entries from pfsense.com
• Do not update on every minute on the 1st of the month
• Sleep for a random period before updating to avoid killing the server

Increase net.inet.ip.intr_queue_maxlen to 1000 which is the IP input queue.

Reset slbd every 140 minutes as opposed to 300 minutes.

Set the ephemeral port range starting port to 1024 instead of 49152.

On a busy firewall it is possible to run out of ephemeral ports and then the system will block new connections until a port is available.

s/bin/sbin/

Reset SLBD every 5 hours to avoid 100% cpu utilization

Ticket #1316

We need to expire entries every hour, not every half hour. (snort)

Add overlooked sysctl's.

Add system tunables area which allows the user to fine control sysctl's.

Oops, we need /etc/ping_hosts.sh to run every 5 minutes.

Add NTP server field to dhcp config.
From: Alexander Schaber

We actually have 2.9 has the default now.

• Bump config version to 2.8
• Automatically install a IPSEC pass rule for unsuspecting users

Backport cron handling from HEAD.

Patches-submitted-by: DSH@

Change default theme to nervecenter.

No objections from any of the 13 other people in IRC. Make it so.

Disable NAT reflection by default.

Change back to sis0 and sis1 factory defaults

Set theme back to metallic and avoid the lynching

Change default theme back to pfsense.

Some people claim the fancy metallic theme is slower.

See http://forums.whirlpool.net.au/forum-replies-archive.cfm/436523.html

Change default interfaces to vmware (lnc0 lnc1) for PC version

Do not enable SSHD by default.

Ticket #682

Disable FTP proxy helper on WAN by default

Remove ability to change schedulertype - we're only supporting HFSC for
now - priq may come back in future, the return of CBQ is unlikely

1.10 -> 2.0

Bump config version to 1.9

Allow SSH service to be disabled / enabled.

Turn off raw filter for new installs

3 out of 4 kids agree, metallic is a better theme!

Enable ipsec passthrough by default

Turn on prefer older sa's by default

Default to "raw" logging until the loging parsing items are updated.

Switch default optimization method to normal. For some reason "default" does not work even though "Building firewalls with OpenBSD and PF" claims it does.

Allow for the user to customize the pf optimization options in the system -> advanced menu. the default is normal.

Commit what I have so far. Magic shaper now works 100% .. or atleast appears to!

switch xml format over to pfsense header and footer. time to break away from m0n0walls configuration since ours is a little different now.

Move schedulertype configuration setting to system since we have switched to one scheduler per system.

Change default password to pfsense

revert back to m0n0wall header and footer for xml config files. this will keep us partly compatible with m0n0wall -> pfSense upgraders

Say welcome to the pfSense package manager!

change hostname to pfSense

Initial revision