pfSense

fix text

Add missing PF 'max' tracking option , and clarify message for 'max-src-nodes'

Add patch from lietu (Janne Enberg). Ticket #136

1) Multiple NAT rules can be assigned the same filter rule
-> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment

2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes)...

Add listtopic and extra save button.

Ticket #146 Fix typos ansd copy/pasto errors.

Oops, unbreak td

Fixup Source OS box

Minor formatting + hide Source OS behind Advanced box

Style / formatting changes

Show advanced option instead of Show state for every entry

Hide layer7 and in/out behind advanced button

Make xmlrpc sync, schedule, gateway, in/out, ackqueue and layer7 all advanced type buttons simplifying the firewall rule edit form for 99% of the cases

Resolves #146 Add propper validation on alias usage. Allow port type aliases only on port side and other aliases in ip specifications and similar. Introduce a new function is_portoralias to ressemble the is_ipaddroralias to check for the cases.

Ticket #146. Fix the autocompletion of ports aliases only for the ports and host/network aliases for the src/dst. Checking if a valid alias is entered end if it is a correct one for this box seems like to much overhead and work for this.

Seperate diffserv box into a <select> dropdown. Hide item behind advanced button. Move down one section near other advanced items. Resolves #60

Diffserv code point is not a reqired field

Include filter.inc and shaper.inc

Add support for 'max-src-conn' PF feature, to limit the maximum number of established connections per host

Fixes Issue #142

Add pfSense_BUILDER_BINARIES: and pfSense_MODULE:. Adjust Copyright to include 2009 on files that I have asserted (C) on

Pretty sure ruleid should be a hidden field.

Merge branch 'master' of git://rcs.pfsense.org/pfsense/automatically-managing-firewall-rules-with-nat-rules into review/master

Add avanced item indicator which will show when hovering the mouse over the icon which advanced item has been enabled

Added support for automatically managing firewall rules with NAT rules.

Fix typo its tagged and not tag.

Reported-by: mileswu
Patch-extracted-from: https://rcs.pfsense.org/projects/pfsense/repos/mainline/merge_requests/30

Prevent users to misconfigure layer7 rules for now.(Ther are supported only on pass rules)

Fix some typos.

fix some other shortcuts provided by the GUI.

This commit fixes even Bug #27

Add l2tp

Fix interface list usage

WARN: Please ask before introducing old code on what have changed!

• Reorganize the 'apply' button infrustructure in the GUI.
  - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals.
  - Convert all pages to the new infrustructure...

Fix the issue reported on http://forum.pfsense.org/index.php/topic,16559.0.html. Basically a missing convertion from 'source'/'destination' to target.

Show interface groups first in the interface dropdown.

• Convert schedules to pf(4).
  This allows to schedule the whole feature of the rules like queues/limiters/gateways/blocks/allows/etc...
• Whitespace cleaning on filter.inc
• Move schedule backend logic from pfsense-utils.inc to filter.inc and prefix with filter_....

Read shaper config only once. This should speedup on large shaper config the loading of the page.

• Introduce interface groups. For now they are availble only on Firewall:Rules section maybe it would be usable to have tham on nat too.
• Some fixes and cleanup.

Revert "Merge IPv6 changes"

This reverts commit f193cf92b2c925a2f3f71a713d766efd1e4d81e0.

Remove the 'L2TP clients' option on firewall src/dst address cause it does not make sense without a subnet.

More L2TP fixes

Add allow-opts filter rule option which is useful in multicast rule options.

Merge IPv6 changes

Frontend part for the layer7 with little cleaning up by me.

Submitted-by: Helder Pereira

Back out check we can handle this now.

Discussed-with: cmb@

don't allow gateway (route-to) to be selected with time based rules (ipfw)

it doesn't do anything, this just doesn't allow a configuration that people would expect to work.

Remove erroneus check.

Remove (not parsed) from description. It IS parsed and checked for XSS
problems now that we can assign owners of interfaces.

Backout last change, we need to think about this some more.

Learn how to spell "Acknowledge"

Pointed-out-by: billm

We already escape characters. Do not worry about notifying user that
the description field is invalid as it will be escaped again
during firewall_rules.php

Remove modulate state per ticket 1730

Add CSS Header

Rework most of the OpenVPN support. The interfaces have been updated to
not use the pkg system and the configuration has been migrated to an
openvpn prefix. The centralized user and certificate manager is now used
to support the openvpn configurations. Most of the files removed in this...

Fixup FloatingRules creation. Not sure why it broke in the first place!

Rewrite the pfsense privilege system with the following goals in mind ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance...

source OS is not required.

Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.

I also took this opportunity to do some housekeeping. A lot of funtions...

Allow user to select dummynet pipes/queues.

• Merge multiple PPPoE/PPTP interfaces from RELENG_1_MULTI_ANYTHING
• Much improved rule generation speed
• Many bug fixing in general of the interface handling

NOTE: this is the other half of changes

Move none queue item to top of the list.
Check for empty queue names

Add gateway compound groups to the firewall gateway drop down

Do not use the same variable name as the interface we are working with.

Continue interface improvements

Allow tags placed on Floating Rules to be used for matching on interface tabs.

Correct the name

Introduce OpenVPN tab

Allow the FloatingRules extra options to be displayed when creating rules from scratch

Fix missing 'class' typo

• Make the GUI aware that we can now handle DSCP in firewall rules
• Remove duplicate entry for clamav package in filter_rules_generate()

• Unbreak rrd graphs for queues and make them multiinterface aware
• Add a new tab for queuedrops with multiinterface there is no way to have them in the same tab
• Remove $GLOBAL where used and use proper accessor functions
• Remove Manuel from copyright this file has been rewritten...

Do not show duplicate queues names on rules edit page

Move tag/mark options to the Advanced section.

Don't show LAN in Interfaces drop down if it doesn't actually exist.

Bye bye, LAN interface requirement.

Fix for "Invalid argument supplied for foreach()" on 937

Fix an error with previous commit.

Unbreak tags on the floating tab.

Fix some typos.

Finish the Floating rules toolbar.
Now you can create rules with tags/direction/match by tag/choose direction/choose multiple interface/quick.

Just for note the queue assignment has been moved to the Firewall->Rules section. Now for every rule you create you can choose the queue for it.

Bring in the new traffic shaper.
It is capable of multi interface shaping.

Also bring the wizard up-to-date. Now it is capable of doing multi interface too.

touch up text

Ticket #1569

Add product_copyright re-branding support
Add product_copyright_years re-branding support
Add product_website re-branding support
Add product_email re-branding support

Work sponsored-by: Centipede Networks

Tell user which characters are bad

Use htmlentities() to detect html injections.

Do a check on all ID's > -1. When we a dup a rule with id 0 the checks where bypassed.

Spotted-by: billm

• Run through all posted values and encode them to a temporary variable. IF the contents differ then the operator is doing something bad. Simply reject the item with invalid character error and let them fix their XSS exploit attempt, etc.

Only show interfaces user has accss to.

Only show interfaces that the user has access to edit on the firewall rules edit page.

Allow each interface to have ACL's so you can assign a user to be able to edit just that interfaces rules.

description text correction

fix typo and touch up text

Switch over to array style page titles. Obtained-from: m0n0wall

List the available Gateways on the rules edit screen

Fixing css layout

Remove IPV6 operations.

Remove <br/> from schedule strong note.

Add a note about firewall rule schedule logic that will pop up in a new window describing how pass rules work when they are outside of the schedule window, etc.

Do not output blank gateways

Only foreach() through the object if it is an array.

This should fix the Warning: Invalid argument supplied for foreach() in /usr/local/www/firewall_rules_edit.php on line 729

Firewall Schedule GUI! ... and there was much rejoicing.

Backport IPSEC filtering to 1.0.1.

Requested and will be tested by Seth

sICMPV6/ipv6-icmp/