Unbreak 'add rule on top of the list' allowing after param to be -1
Expose all p0f OS types that it supports so that subtypes of various Operating Systems can be detected
Merge branch 'master-br' of https://github.com/ayvis/pfsense into ayvis-master-br
standardize on www.pfsense.org and HTTPS, point package URLs topackages.pfsense.org
xhtml Compliancereplaced <br>, <br/> and </br> with <br />
Improve checks for params 'id', 'dup' and other similar ones to make sure they are numeric integer, also, pass them through htmlspecialchars() before print
Validate rule Advanced Options numeric entries
This makes sure the user puts in ordinary positive integers like "1" and "42" in these advanced options fields. It prevents everything else, including dodgy-looking possibilities like "007" which might actually work OK, but it is safer to allow just plain "7"....
Merge pull request #997 from phil-davis/master
Make Firewall Rules Advanced Options open if used
Refine check for existence of rule advanced options
Currently, if there are some settings defined in Firewall Rules Edit, Advanced Features, Advanced Options, the Advanced Options section is left minimized when the Firewall Edit screen is displayed. This makes it easy for a user to not notice that there are some Advanced Options settings....
Merge pull request #984 from phil-davis/master
Return GWG IP protocol (version) when no gateway IP
Validate if src OR dst have IP address set when protocol is IPv4+v6. Fixes #3499
Tidy up GWG dropdown selection tests
Tested this making a new rule, and editing existing IPv4, IPv6 and IPv4+Ipv6 rules, and switching the IP version on an existing rule. Seems to work!
Tidy "gateway name - IP" in dropdown list
While I notice this also, for a plain gateway, the current IP address is also listed in the dropdown list text, like "WAN_DHCP - 10.42.11.1". If there is no IP address currently, it might say "WAN_DHCP - dynamic". But for some DHCP gateways that have not had any non-default manual settings done, it can say "OPT1_DHCP ". This gets rid of the silly-looking ""
Use return_gateway_groups_array() to build correct GWG list
Now return_gateway_groups_array() always returns at least the IP version 'ipprotocol' of each GWG, even if all its members are down at present. It is better to use this to check what IP version the GWG is. The previous check was using the IP address of the first member of the GWG to deduce 'ipprotocol'. That would fail if the WAN was DHCP and was down.
Port dropdowns: Put port no. after descrip
At the moment, even if a port number is entered, it's re-displayed only as a port name when editing. Users who don't have port names -> numbers lookup memorised can't easily confirm when editing a rule, that the port is as intended. Then, when they return to firewall_rules.php the same rules have ports displayed as numbers not names (inconsistent)....
Update firewall_rules_edit.php
PIM protocol for firewall rules.
Change string to "Maximum new connections per host / per second(s)"
Clarifying the setting's meaning.
As suggested by forum member "Senser" onhttps://forum.pfsense.org/index.php/topic,65472.msg356024.html#msg356024
Standardise LAN net display
On the main firewall rules multi-rule display it shows "LAN net" "WAN net" etc. But on the edit screen it shows "LAN subnet" "WAN subnet" etc. Make the edit screen have the same text as the main screen - this has ben a source of enough little questions/queries on the forum.
added input hidden with tracker value
Generate a tracker id for the filter rules for now. Maybe for nat rules as well?
Add an option to set no-sync on rules to keep states from being synced via pfsync. Fix #2501
Remove call-time pass by reference for do_input_validation, helps ticket #2565
s/require/require_once/g for filter.inc to avoid redeclaration errors in some rare cases.
Relax advanced options firewall rules tests
Various advanced options are now possible for any protocol since https://github.com/pfsense/pfsense/commit/653bde345e8f960de5bc745fe74e64d8ef3fd2d3So allow these through the front-end GUI validation also.
Allow advanced options state-related parameters to be used for TCP, UDP and ICMP
Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
Validate firewall rule advanced options requirements
Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules.Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html...
Implement URL Table aliases for ports instead of IP addresses
Add support for protocol 41 in rules. Fixes #3007.
Add a new alias type, URLs containing Ports
Fix whitespace and indent
Fixed 802.1p duplicating values for vlanprio and vlanprioset
For real this time. Friggin' github.
Clean inconsistent "none" and empty conventions for advanced fields - removes residual "none" entries on save
Fix none where should be empty string for 802.1p
Tidy up "firewall_rules_edit.php" XHTML
Close INPUT, BR and IMG tags and add ALT to IMG tagsUpdate HTML boolean operatorsAdd missing closing P tagsRemove NAME paramenter from TR and DIV tags, invalid HTML
Track user/time a firewall rule was created and last updated, and show this information at the bottom of the page when viewing the firewall rule. Have various places in the system that create rules add a proper entry to indicate their origin.
Set (src|dst)mask to 128 for single IPv6 addresses. Fixes #2451
Deal correct with bitmask for ipv6 on destination, same we did for src. If fixes #2451
Refine the test for Ticket #2451 to check for aliases as well
Warn users that nosync option won't prevent it to be overwritten on carp slave members
Deal correct with /32 subnet mask for ipv6 addresses. If fixes #2451
Display gateways with matching IP protocol in Gateways list
Some gateways do not have traditional addresses hard-coded into them - e.g. for OpenVPN dynamic gateways are created in software on-the-fly (they are not actually entries in the config). So traditional tests like is_ipaddrv4 are not useful to determine if the gateway is IPv4 or IPv6....
Fixes #1575. Allow Match option to be used with limiters as well. The support is there in kernel so allow rules to be configured on this.
To allow limiters to work correctly on mutliwan for now enforce selecting a gateway on outgoing
Encode the interface parameter before using it in a redirect
Fix warning when no gateway groups
If there are no gateway groups defined, and you save a rule that has an ordinary gateway selected in "Advanced Features - Gateway", then a warning is emitted when trying to traverse an empty gateway groups array at line 214.
Refine saving/applying on more pages - don't show apply or take an action unless the user is allowed to do that.
Don't offer to apply changes if no changes actually happened.
remove bunk input validation
Activate new shortcuts/status in the rest of the areas that are currently setup.
Fixes #2428. Reference limiters in rules by name to avoid issues. Also put upgrade code for existing configs. The same fix is necessary for 2.0.x though not sure how this should be committed there.
Add a inet46 filter type on the firewall rules page. I have locked down a few of the most common limitations.Still arguing if we should lock this down even further to aliases only.Redmine ticket #2466
Properly test for the address family now that the array says what it's supposed to be.
Fix of bug #2374 "When entering values in firewall rules leading andtrailing spaces are not deleted"
Allow 802.1p tags to be controlled from firewall rules edit screen
cleanup: code for building arrays for autocompleted fields
Fix preservation of the selection of interfaces on input errors for floating rules.
feature #2320: JS helper to toggle subnet mask for ipv4/v6 during input
http://redmine.pfsense.org/issues/2320
prep work for feature #2320: tag for ipv4v6 fields
now we use the Chosen javascript plugin for jQuery
Add a check to prevent this gateway code from triggering the address family check. This might not be all that is needed for Ticket #1949
Unbreak the firewall rule Edit page, input error array was unset halfway the validation. Set that back up ontop.Add gateway validation
Catch another possiblity for invalid rule generation
Properly fix the address family check for gateway groups Ticket #1659
Unbreak firewall rules edit, missing a )
Add address family validation, also hide gateways or gateway groups from the gateway list.Fix Ticket #1659
Add chosen js library (mit lic). Modify interface multiple select box to use.
Adding pre_input_errors hook
Revert "Move early call up a bit"
This reverts commit 35843e59c81366a7d30a44a94c8a135fc6834454.
Move early call up a bit
Adding hook for interfaces allowing pfCenter and friends to add interfaces to the dropdown
Merge remote-tracking branch 'upstream/master'
Conflicts: etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/interfaces.inc etc/inc/services.inc etc/inc/xmlrpc_client.inc usr/local/www/fbegin.inc usr/local/www/services_dhcp.php
Bug #1639. Port alias missing input validation in firewall_rules_edit.php.
Merge remote branch 'upstream/master'
Be consistent with upper and lowercase.
Make the ICMP echo request type less ambiguous, and since it's likely the main one to get used, move it to the top.
Conflicts: conf.default/config.xml etc/inc/filter.inc etc/inc/globals.inc etc/inc/pfsense-utils.inc etc/inc/upgrade_config.inc usr/local/www/interfaces.php
Remove bogus protection. We have better handling of this now.
Add missing plugin code. Move the pre_write section up a bit.
Adding a new hook system for firewall nat edit and firewall rules edit page.Basically if the directory exists it will suck in the files to extend these pags.
/usr/local/pkg/firewall_nat/input_validation/usr/local/pkg/firewall_nat/pre_write_config/usr/local/pkg/firewall_nat/htmlphpearly...
Conflicts: etc/inc/filter.inc usr/local/www/themes/the_wall/rrdcolors.inc.php
In IPsec, s/mobileclients/client/, this was changed long ago in the config but not everywhere followed.
Resolve merge conflict
Show friendly names of interface for root queues of ALTQ.
Conflicts: etc/inc/filter.inc etc/inc/vpn.inc
Fix typo/spacing issue. Resolves #1300
Use autocomplete='off' like all other fields that accept aliases, to prevent web browser auto-complete from covering up the alias list popup.
Catch up
Allow match action on Floating rules and exposed it with name Queue. More validation is needed.
Generalize pppoe server enabled check and use it elsewhere in the GUI that needed fixed. Still needs changes in filter.inc - Ticket #1243
Conflicts: etc/inc/system.inc
fix text
Enlarge subnet bits to 128
Conflicts: etc/inc/interfaces.inc etc/inc/system.inc
remove <strong> to make consistent with all other text
Add OSPF to firewall rule protocol choices
Conflicts: etc/inc/interfaces.inc etc/inc/vslb.inc usr/local/www/interfaces.php