pfSense

Ticket #136. Fixed showing the link and calculating correct id to the rule edit page.

Ticket #136.

Fix associated nat rules.
Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together.
The API to use for this is in itemid.inc.

All the issues should be solved now.

link to correct associated firewall rule

Add patch from lietu (Janne Enberg). Ticket #136

1) Multiple NAT rules can be assigned the same filter rule
-> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment

2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes)...

Resolves #146 Add propper validation on alias usage. Allow port type aliases only on port side and other aliases in ip specifications and similar. Introduce a new function is_portoralias to ressemble the is_ipaddroralias to check for the cases.

Restore the external port range to. Resolves #192

Correctly set vtable class

Ticket #146. Fix the autocompletion of ports aliases only for the ports and host/network aliases for the src/dst. Checking if a valid alias is entered end if it is a correct one for this box seems like to much overhead and work for this. (For firewall_nat_edit.php)

Include filter.inc and shaper.inc

Rework includes/require. This saves about 4 megabytes.
Simplify get_memory(). Tested on mips/i386

Fixes Issue #142

show pass icon for rdr pass entries, fix editing of pass entries

old version got committed accidentally, fix

Fix "Filter rule association" "Pass" option

Add pfSense_BUILDER_BINARIES: and pfSense_MODULE:. Adjust Copyright to include 2009 on files that I have asserted (C) on

Clarify what the drop down is for

Add space in between save and end of table data

Add missing vncell

Changed automatical filter rule creation to have multiple options.

Added support for automatically managing firewall rules with NAT rules.

Clear guiconfig from all sort junk functions and put them on the specific pages where they are needed.
Remove some sort functions not used.

• Reorganize the 'apply' button infrustructure in the GUI.
  - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals.
  - Convert all pages to the new infrustructure...

Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel now.(yay!)

Add CSS header like most pages already have

Rewrite the pfsense privilege system with the following goals in mind ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance...

Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.

I also took this opportunity to do some housekeeping. A lot of funtions...

Continue interface improvements

shorten description field to prevent creating rulesets that won't load.

Ticket #1619

touch up text

Ticket #1569

Tell user which characters are bad

Use htmlentities() to detect html injections.

Do a check on all ID's > -1. When we a dup a rule with id 0 the checks where bypassed.

Spotted-by: billm

• Run through all posted values and encode them to a temporary variable. IF the contents differ then the operator is doing something bad. Simply reject the item with invalid character error and let them fix their XSS exploit attempt, etc.

Add multi user firewall nat port forward capabilities.

Switch over to array style page titles. Obtained-from: m0n0wall

Fixing css layout

Limit NAT description to prevent invalid rules.
Submitted-by: Devon O'Dell <devon.odell@coyotepoint.com>

Fix case-o

s/carp/CARP

Ticket #1097

When a External port range item is an alias, disallow the entry of Local port.

In-discussion-with: BillM
Bug-reported-by: ChrisB

Correct error message field names

Ticket #1084

When redirecting FTP entries to internal, install rules for interface address correctly if chosen.

Make field names in input validation consistent with the field names on the form. Our users are already confused enough to have this type of stuff going on.

Return correct field for input validation for nat ip

add value="yes" for nosync

Correctly display NOSYNC

Ticket #848

Complete nosync support

Ticket #848

Add PPPOE options.

When adding a redirect for FTP alert the user that it really creates 2 firewall rules

Ticket #899

When adding a redirect for FTP alert the user that it really creates 2 firewall rules

Ticket #899

When selecting WAN ip in NAT port forward, correctly create the helper firewall rule for it if the service is ftp

Ticket #843

Sync w/ m0n0wall 1.21 to bring back in the overlap port check

Remove #!/usr/local/bin/php

MFC 8805
Fix protocol checking so that existing input validation works use endport as startport if specified w/out startport

Check "Auto-add a firewall rule to permit traffic through this NAT rule" by default. This seems to be a really commonly asked question in #m0n0wall

MFC 7730
When adding a NAT redirect to a internal FTP server automatically create a rule to allow traffic to the external IP of the redirect, port 21 so that pftpx can function.

• Grey out port items when proto is GRE or ESP
• Ignore ports in input validation fields when port is GRE or ESP

Ticket #585

Adding AutoComplete to firewall_nat_edit
head.inc searchs javascript directory for includes now

Ticket #283 - make the error message contain enough information to help
further debugging

Allow port forwarding of GRE and ESP protocols

Ticket #289

Auto complete alias ports correctyl

Merge in virtual IP code
This changeset does the following:
merges proxy arp and carp setup menus
removes proxy arp menu from left side
upgrades config file from 1.7 to 1.8
moves existing carp virtual IP and proxy arp config to new <virtualip> tag...

Display grey topbar

Change "Inbound NAT" to "Port Forward"
Update _edit.php's to use diaplay_topbar()
Change "Outgoing" to "Outbound" for consistency between load balancing and NAT

Don't close <head> tag - these files use javascript inside <head>

Use $pgtitle instead of re-typing the page title over
Use head.inc on the _edit.php files

Fix nat rule dup so we really create a new rule instead of just editing the current one.
Reported-By: Criggie

Allow hijacking of PPTP connections.

This should fix Ticket #69

Ticket 6: Allow NAT to duplicate rules

Whitespace cleanup

Do not define name twice. This broke port range capability

show any option

Fix missing closing bracket

Make Cancel button match the Save buttons style

Add any option and blurb about when to use it

• Add missing cancel button
• cancel -> Cancel

Add a Cancel button which takes the browser back to the page prior.

Add Alias optoins to NAT ports

Clean up error text to be same as other port range errors

Add $Id$ tag

Do not sort nat out rules. Bill says its evil ;)

Add LAN option for redirects aka inbound nat.

Do not parse aliases entries unless they are defined

More standardization

Add auto complete support to NAT.

Initial revision