pfSense

Prevent users to misconfigure layer7 rules for now.(Ther are supported only on pass rules)

Fix some typos.

fix some other shortcuts provided by the GUI.

This commit fixes even Bug #27

Add l2tp

Fix interface list usage

WARN: Please ask before introducing old code on what have changed!

• Reorganize the 'apply' button infrustructure in the GUI.
  - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals.
  - Convert all pages to the new infrustructure...

Fix the issue reported on http://forum.pfsense.org/index.php/topic,16559.0.html. Basically a missing convertion from 'source'/'destination' to target.

Show interface groups first in the interface dropdown.

• Convert schedules to pf(4).
  This allows to schedule the whole feature of the rules like queues/limiters/gateways/blocks/allows/etc...
• Whitespace cleaning on filter.inc
• Move schedule backend logic from pfsense-utils.inc to filter.inc and prefix with filter_....

Read shaper config only once. This should speedup on large shaper config the loading of the page.

• Introduce interface groups. For now they are availble only on Firewall:Rules section maybe it would be usable to have tham on nat too.
• Some fixes and cleanup.

Revert "Merge IPv6 changes"

This reverts commit f193cf92b2c925a2f3f71a713d766efd1e4d81e0.

Remove the 'L2TP clients' option on firewall src/dst address cause it does not make sense without a subnet.

More L2TP fixes

Add allow-opts filter rule option which is useful in multicast rule options.

Merge IPv6 changes

Frontend part for the layer7 with little cleaning up by me.

Submitted-by: Helder Pereira

Back out check we can handle this now.

Discussed-with: cmb@

don't allow gateway (route-to) to be selected with time based rules (ipfw)

it doesn't do anything, this just doesn't allow a configuration that people would expect to work.

Remove erroneus check.

Remove (not parsed) from description. It IS parsed and checked for XSS
problems now that we can assign owners of interfaces.

Backout last change, we need to think about this some more.

Learn how to spell "Acknowledge"

Pointed-out-by: billm

We already escape characters. Do not worry about notifying user that
the description field is invalid as it will be escaped again
during firewall_rules.php

Remove modulate state per ticket 1730

Add CSS Header

Rework most of the OpenVPN support. The interfaces have been updated to
not use the pkg system and the configuration has been migrated to an
openvpn prefix. The centralized user and certificate manager is now used
to support the openvpn configurations. Most of the files removed in this...

Fixup FloatingRules creation. Not sure why it broke in the first place!

Rewrite the pfsense privilege system with the following goals in mind ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance...

source OS is not required.

Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.

I also took this opportunity to do some housekeeping. A lot of funtions...

Allow user to select dummynet pipes/queues.

• Merge multiple PPPoE/PPTP interfaces from RELENG_1_MULTI_ANYTHING
• Much improved rule generation speed
• Many bug fixing in general of the interface handling

NOTE: this is the other half of changes

Move none queue item to top of the list.
Check for empty queue names

Add gateway compound groups to the firewall gateway drop down

Do not use the same variable name as the interface we are working with.

Continue interface improvements

Allow tags placed on Floating Rules to be used for matching on interface tabs.

Correct the name

Introduce OpenVPN tab

Allow the FloatingRules extra options to be displayed when creating rules from scratch

Fix missing 'class' typo

• Make the GUI aware that we can now handle DSCP in firewall rules
• Remove duplicate entry for clamav package in filter_rules_generate()

• Unbreak rrd graphs for queues and make them multiinterface aware
• Add a new tab for queuedrops with multiinterface there is no way to have them in the same tab
• Remove $GLOBAL where used and use proper accessor functions
• Remove Manuel from copyright this file has been rewritten...

Do not show duplicate queues names on rules edit page

Move tag/mark options to the Advanced section.

Don't show LAN in Interfaces drop down if it doesn't actually exist.

Bye bye, LAN interface requirement.

Fix for "Invalid argument supplied for foreach()" on 937

Fix an error with previous commit.

Unbreak tags on the floating tab.

Fix some typos.

Finish the Floating rules toolbar.
Now you can create rules with tags/direction/match by tag/choose direction/choose multiple interface/quick.

Just for note the queue assignment has been moved to the Firewall->Rules section. Now for every rule you create you can choose the queue for it.

Bring in the new traffic shaper.
It is capable of multi interface shaping.

Also bring the wizard up-to-date. Now it is capable of doing multi interface too.

touch up text

Ticket #1569

Add product_copyright re-branding support
Add product_copyright_years re-branding support
Add product_website re-branding support
Add product_email re-branding support

Work sponsored-by: Centipede Networks

Tell user which characters are bad

Use htmlentities() to detect html injections.

Do a check on all ID's > -1. When we a dup a rule with id 0 the checks where bypassed.

Spotted-by: billm

• Run through all posted values and encode them to a temporary variable. IF the contents differ then the operator is doing something bad. Simply reject the item with invalid character error and let them fix their XSS exploit attempt, etc.

Only show interfaces user has accss to.

Only show interfaces that the user has access to edit on the firewall rules edit page.

Allow each interface to have ACL's so you can assign a user to be able to edit just that interfaces rules.

description text correction

fix typo and touch up text

Switch over to array style page titles. Obtained-from: m0n0wall

List the available Gateways on the rules edit screen

Fixing css layout

Remove IPV6 operations.

Remove <br/> from schedule strong note.

Add a note about firewall rule schedule logic that will pop up in a new window describing how pass rules work when they are outside of the schedule window, etc.

Do not output blank gateways

Only foreach() through the object if it is an array.

This should fix the Warning: Invalid argument supplied for foreach() in /usr/local/www/firewall_rules_edit.php on line 729

Firewall Schedule GUI! ... and there was much rejoicing.

Backport IPSEC filtering to 1.0.1.

Requested and will be tested by Seth

sICMPV6/ipv6-icmp/

Notify user that reject style rules only work with the TCP protocol.

Ticket #1118

Do not allow user to select "network" and enter an alias. Alert user the item is an alias and that is should be set to "Single host or alias" option before saving.

Ticket #1090

• Allow setting of OPTional interface IP address correctly
• Print "Interface IP Address" in firewall rules summary when selected

Ticket #1052

MFC 13319
Add NMAP to OS list Useful for blocking NMAP scans :)

Add entries for optional interfaces ip address

Ticket #1041

Add entries for optional interfaces ip address

Ticket #1041

While I am nitpciking this form to all get out, move the description to the bottom where it should be.

s/gettext//

Keep state really wants to be an advanced option, too. Let him join the party.

Make other button consistent now with a -

- Show advanced options

Turn advanced option are into a default to no show area as well.

Move state timeout to advanced options row, its the same as the other options as you leave it blank for default.

Only foreach if lb pool is an array

MFC
Hide source and destination port boxes when protocol is not tcp, udp or tcp/udp

Convert to button so page does not shift after url being pressed

Hide Show advanced option button when user clicks on the option

MFC
Require the user to have a brain to see the Source port range for a firewall rule by adding a link in the source box that says Advanced - Show source port range.

MFC
Require the user to have a brain to see the Source port range for a firewall rule by adding a link in the source box that says Advanced - Show source port range.

Add missing <ul> and </ul> elements.

MFC 11098
Helper -> Allow for LAN Address in rules MFC: with billm changes for next snapshot.

MFC 11097
Allow for LAN Address in rules MFC: for next snapshot

Remove #!/usr/local/bin/php

Fix members

Add blurb HINT: This prevents the rule from automatically syncing to other carp memebers.