XHTML Compliance
Firewall - NAT - Port Forward - Edit
Standardise LAN net display
s/require/require_once/g for filter.inc to avoid redeclaration errors in some rare cases.
Make NAT port forward data entry error message match GUI text
The GUI has "Redirect target IP" and "Redirect target port". But the error message when validating "Redirect target port" refers to it as "local port". I was just confused when I forgot to type in the "Redirect target port", the error told me I had to enter a valid local port. I looked down the GUI page for "local port" and it is not there.
Fix #3103, cleanup ports fields when protocol changes
Tidy up "firewall_nat_edit,php" XHTML
Add "closehead" PHP variableAdd type to LINKClose INPUT and BR tagsUpdate HTML Boolean operatorsAdd CDATA section to SCRIPT tags
Add the user/time tracking to Port forwards and outbound NAT also.
Track user/time a firewall rule was created and last updated, and show this information at the bottom of the page when viewing the firewall rule. Have various places in the system that create rules add a proper entry to indicate their origin.
Add NAT rule based on NAT rule below it instead of at the bottom of the list. Fixes #1118
Warn users that nosync option won't prevent it to be overwritten on carp slave members
Add a note about rdr pass not supporting Multi-WAN.
Do a more strict type match here, otherwise if the result returned is 0, that is also "== false" but not actually boolean false.
While I'm here, allow an ICMP rdr.
Only apply this port check for TCP and UDP.
Refine saving/applying on more pages - don't show apply or take an action unless the user is allowed to do that.
Add check for local port being set before testing. Fixes #2606
Fix of bug #2374 "When entering values in firewall rules leading andtrailing spaces are not deleted"
cleanup: code for building arrays for autocompleted fields
Allow optionally using the type of NAT reflection implementation used for 1:1 mappings with port forwards as well, in addition to allowing the old type, which is still useful in its own way.
Local port must be specified, fix input validation
now we use the Chosen javascript plugin for jQuery
Add chosen js library (mit lic). Modify interface multiple select box to use.
Adding hook for interfaces edit
Add missing plugin code. Move the pre_write section up a bit.
Bug #1403. Filter Rules description do not get saved when "(quote) present as character
Adding a new hook system for firewall nat edit and firewall rules edit page.Basically if the directory exists it will suck in the files to extend these pags.
/usr/local/pkg/firewall_nat/input_validation/usr/local/pkg/firewall_nat/pre_write_config/usr/local/pkg/firewall_nat/htmlphpearly...
In IPsec, s/mobileclients/client/, this was changed long ago in the config but not everywhere followed.
Use autocomplete='off' like all other fields that accept aliases, to prevent web browser auto-complete from covering up the alias list popup.
Generalize pppoe server enabled check and use it elsewhere in the GUI that needed fixed. Still needs changes in filter.inc - Ticket #1243
Add a per-entry option for Proxy ARP VIPs of the Network type to disable their expansion on Port Forwards and Outbound NAT screens. Will allow users with large proxy arp subnets used only with 1:1 to still load those pages in a reasonable time. Resolves #1119
Fix XSS issues
Bring in XSS id fixes from m0n0wall
Fix input validation with "no rdr" for ticket #570
Hide redirect and filter rule association fields when "no rdr" is checked. Ticket #570
Fix associated rule source address changes on NAT Port Forward
When we change the source address on a NAT Port Forward rule that hadan associated rule, we need to change the associated rule source addressas well
Merge remote branch 'mainline/master'
Conflicts: usr/local/www/diag_smart.php usr/local/www/firewall_rules_edit.php usr/local/www/interfaces.php usr/local/www/load_balancer_pool_edit.php usr/local/www/pkg_mgr_settings.php
gettext() fixes on firewall_nat_edit.php
Fix the ID for the link to the associated filter rule when a filter rule has not been saved since the associated rule was created.
Fix link to the associated filter rule for port forwards on an interface other than the first with a filter rule.
Checked gettext() implementation on firewall_nat_edit.php
Corrections gettext implementation on firewall_nat_edit.php
Merge remote branch 'mainline/master' into 2_firewall
Add per-rule NAT reflection override.
Add the missing VPN types to the interface list on port forwards and add the same VPNs to the list available on other types of NAT rules.
Revert "Implemment gettext()"
This reverts commit 1baff2e5d32ebb5a71b07f38d9f97e3c4788e3be.
Lot of syntax errors
Conflicts:
usr/local/www/firewall_nat_edit.php
Review firewall_nat_edit.php
Implemment gettext()
Implement gettext() calls
Properly generate a list of proxy arp VIPs for address drop-down list.
Various fixes to usage of ip2long, long2ip, and negated subnet masks, mostly affecting 64-bit. Ticket #459
Use client-side values in the function call rather than PHP-generated values for further calls to this client-side function.
Test correctly for previous existing entries of linked rules otherwise some bad deletions might happen. Reported-by: http://forum.pfsense.org/index.php/topic,25091.0.html
It wasn't clear enough why source port should usually be any. Make it more clear.
fix display of PARP VIP ranges. Resolves #386
Show the source options on port forwards if they are not at the defaults.
Initialize variable properly, it fixes #557
Improve NAT Port Forwarding
Add a new alias type, urltable, which downloads a file of IP/CIDR addresses and loads them into a pf persist table instead of importing the addresses directly into a traditional alias. This allows for using huge tables of addresses that would otherwise break the GUI and/or fail to load into pf. Part of ticket #512
Ticket #386. Add all possible proxy arp to the external ip when it is defined as network.
Ticket #136. Fixed showing the link and calculating correct id to the rule edit page.
Ticket #136.
Fix associated nat rules.Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together.The API to use for this is in itemid.inc.
All the issues should be solved now.
link to correct associated firewall rule
Add patch from lietu (Janne Enberg). Ticket #136
1) Multiple NAT rules can be assigned the same filter rule-> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment
2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes)...
Resolves #146 Add propper validation on alias usage. Allow port type aliases only on port side and other aliases in ip specifications and similar. Introduce a new function is_portoralias to ressemble the is_ipaddroralias to check for the cases.
Restore the external port range to. Resolves #192
Correctly set vtable class
Ticket #146. Fix the autocompletion of ports aliases only for the ports and host/network aliases for the src/dst. Checking if a valid alias is entered end if it is a correct one for this box seems like to much overhead and work for this. (For firewall_nat_edit.php)
Include filter.inc and shaper.inc
Rework includes/require. This saves about 4 megabytes.Simplify get_memory(). Tested on mips/i386
Fixes Issue #142
show pass icon for rdr pass entries, fix editing of pass entries
old version got committed accidentally, fix
Fix "Filter rule association" "Pass" option
Add pfSense_BUILDER_BINARIES: and pfSense_MODULE:. Adjust Copyright to include 2009 on files that I have asserted (C) on
Clarify what the drop down is for
Add space in between save and end of table data
Add missing vncell
Changed automatical filter rule creation to have multiple options.
Added support for automatically managing firewall rules with NAT rules.
Clear guiconfig from all sort junk functions and put them on the specific pages where they are needed.Remove some sort functions not used.
Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel now.(yay!)
Add CSS header like most pages already have
Rewrite the pfsense privilege system with the following goals in mind ...
1) Redefine page privileges to not use static urls2) Accurate generation of privilege definitions from source3) Merging the user and group privileges into a single set4) Allow any privilege to be added to users or groups w/ inheritance...
Rewrite portions of the user manager to ensure data is properly synced tothe system password and group databases. This is to provide better supportfor centralized user management when local account administration ispreferred.
I also took this opportunity to do some housekeeping. A lot of funtions...
Continue interface improvements
shorten description field to prevent creating rulesets that won't load.
Ticket #1619
touch up text
Ticket #1569
Tell user which characters are bad
Use htmlentities() to detect html injections.
Do a check on all ID's > -1. When we a dup a rule with id 0 the checks where bypassed.
Spotted-by: billm
Add multi user firewall nat port forward capabilities.
Switch over to array style page titles. Obtained-from: m0n0wall
Fixing css layout
Limit NAT description to prevent invalid rules.Submitted-by: Devon O'Dell <devon.odell@coyotepoint.com>
Fix case-o
s/carp/CARP
Ticket #1097
When a External port range item is an alias, disallow the entry of Local port.
In-discussion-with: BillMBug-reported-by: ChrisB
Correct error message field names
Ticket #1084