pfSense

Fixing gettext calls on firewall_rules_edit.php

Revert "Implemment gettext() calls"

This reverts commit 7502ef0a698a49d9652cd3616447eb717cba707d.
A lot of mistakes

Conflicts:

usr/local/www/firewall_nat.php

Revert "Implemment gettext() calls"

This reverts commit 49031495b501e4477941fa6248fe94cc698f9dcd.
A lot of mistakes

Conflicts:

usr/local/www/firewall_nat.php

Implemment gettext() calls

Implemment gettext() calls

Implement gettext() calls

Add status/log links to Firewall rules

Allow the use of ">" in filter rule descriptions. Even whilst stripping the > before the comparison htmlentities
will still trigger on the <. It is safe to assume here that creating any sort of html tag is unlikely. Ticket #465

Fix source input validation, saving, and the "View the NAT rule" link on linked filter rules. Ticket #586

It wasn't clear enough why source port should usually be any. Make it more clear.

check more closely for match here, to fix multiple items being marked as "selected", leading to the wrong interface being selected.

Use common function to return gateway array so consinstency is preserved around code.

Ticket #568. Programatically decide if to show an advanced button or the value if non default.

Implement tcp flags and sloppy state on the GUI.

Fix indent

Merge remote branch 'mainline/master'

Conflicts:
etc/inc/filter.inc

Add a new alias type, urltable, which downloads a file of IP/CIDR addresses and loads them into a pf persist table instead of importing the addresses directly into a traditional alias. This allows for using huge tables of addresses that would otherwise break the GUI and/or fail to load into pf. Part of ticket #512

Block source edit on associated firewall rules

Initialise the correct array if empty.

fix text

Redo most of the ppp interface handling to be consistent with the other mpd5 configurations. This way there is no more special handling for ppp around.

Ticket #14. Implement an advanced option to allow disabling autogenerated reply-to. Submitted-by: Dan Swartzendruber

Ticket #136.

Fix associated nat rules.
Now both the filter rules and the nat ones contain a associated-rule-id tag which helps link the items together.
The API to use for this is in itemid.inc.

All the issues should be solved now.

add PPP support to dynamic gateways

shift this around a little, put the dynamic gateways beneath the static ones, not beneath the gateway groups. Also show the dynamic gateways correctly ($ifent not $if)

clean up text

fix reject rules to the same as in 1_2. return is valid on all rules

fixup text

fix text

Add missing PF 'max' tracking option , and clarify message for 'max-src-nodes'

Add patch from lietu (Janne Enberg). Ticket #136

1) Multiple NAT rules can be assigned the same filter rule
-> Fixed, added assigned-nat-rule-id to filter rules to keep track of the assignment

2) when removing the link (i.e. switching to "pass" or "none", the linked rule isn't deleted (should it be? probably yes)...

Add listtopic and extra save button.

Ticket #146 Fix typos ansd copy/pasto errors.

Oops, unbreak td

Fixup Source OS box

Minor formatting + hide Source OS behind Advanced box

Style / formatting changes

Show advanced option instead of Show state for every entry

Hide layer7 and in/out behind advanced button

Make xmlrpc sync, schedule, gateway, in/out, ackqueue and layer7 all advanced type buttons simplifying the firewall rule edit form for 99% of the cases

Resolves #146 Add propper validation on alias usage. Allow port type aliases only on port side and other aliases in ip specifications and similar. Introduce a new function is_portoralias to ressemble the is_ipaddroralias to check for the cases.

Ticket #146. Fix the autocompletion of ports aliases only for the ports and host/network aliases for the src/dst. Checking if a valid alias is entered end if it is a correct one for this box seems like to much overhead and work for this.

Seperate diffserv box into a <select> dropdown. Hide item behind advanced button. Move down one section near other advanced items. Resolves #60

Diffserv code point is not a reqired field

Include filter.inc and shaper.inc

Add support for 'max-src-conn' PF feature, to limit the maximum number of established connections per host

Fixes Issue #142

Add pfSense_BUILDER_BINARIES: and pfSense_MODULE:. Adjust Copyright to include 2009 on files that I have asserted (C) on

Pretty sure ruleid should be a hidden field.

Merge branch 'master' of git://rcs.pfsense.org/pfsense/automatically-managing-firewall-rules-with-nat-rules into review/master

Add avanced item indicator which will show when hovering the mouse over the icon which advanced item has been enabled

Added support for automatically managing firewall rules with NAT rules.

Fix typo its tagged and not tag.

Reported-by: mileswu
Patch-extracted-from: https://rcs.pfsense.org/projects/pfsense/repos/mainline/merge_requests/30

Prevent users to misconfigure layer7 rules for now.(Ther are supported only on pass rules)

Fix some typos.

fix some other shortcuts provided by the GUI.

This commit fixes even Bug #27

Add l2tp

Fix interface list usage

WARN: Please ask before introducing old code on what have changed!

• Reorganize the 'apply' button infrustructure in the GUI.
  - Present three new functions is/mark/clear_subsystem_dirty('name_of_subsystem'). This makes easier to create such things without needing to introduce new globals.
  - Convert all pages to the new infrustructure...

Fix the issue reported on http://forum.pfsense.org/index.php/topic,16559.0.html. Basically a missing convertion from 'source'/'destination' to target.

Show interface groups first in the interface dropdown.

• Convert schedules to pf(4).
  This allows to schedule the whole feature of the rules like queues/limiters/gateways/blocks/allows/etc...
• Whitespace cleaning on filter.inc
• Move schedule backend logic from pfsense-utils.inc to filter.inc and prefix with filter_....

Read shaper config only once. This should speedup on large shaper config the loading of the page.

• Introduce interface groups. For now they are availble only on Firewall:Rules section maybe it would be usable to have tham on nat too.
• Some fixes and cleanup.

Revert "Merge IPv6 changes"

This reverts commit f193cf92b2c925a2f3f71a713d766efd1e4d81e0.

Remove the 'L2TP clients' option on firewall src/dst address cause it does not make sense without a subnet.

More L2TP fixes

Add allow-opts filter rule option which is useful in multicast rule options.

Merge IPv6 changes

Frontend part for the layer7 with little cleaning up by me.

Submitted-by: Helder Pereira

Back out check we can handle this now.

Discussed-with: cmb@

don't allow gateway (route-to) to be selected with time based rules (ipfw)

it doesn't do anything, this just doesn't allow a configuration that people would expect to work.

Remove erroneus check.

Remove (not parsed) from description. It IS parsed and checked for XSS
problems now that we can assign owners of interfaces.

Backout last change, we need to think about this some more.

Learn how to spell "Acknowledge"

Pointed-out-by: billm

We already escape characters. Do not worry about notifying user that
the description field is invalid as it will be escaped again
during firewall_rules.php

Remove modulate state per ticket 1730

Add CSS Header

Rework most of the OpenVPN support. The interfaces have been updated to
not use the pkg system and the configuration has been migrated to an
openvpn prefix. The centralized user and certificate manager is now used
to support the openvpn configurations. Most of the files removed in this...

Fixup FloatingRules creation. Not sure why it broke in the first place!

Rewrite the pfsense privilege system with the following goals in mind ...

1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance...

source OS is not required.

Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.

I also took this opportunity to do some housekeeping. A lot of funtions...

Allow user to select dummynet pipes/queues.

• Merge multiple PPPoE/PPTP interfaces from RELENG_1_MULTI_ANYTHING
• Much improved rule generation speed
• Many bug fixing in general of the interface handling

NOTE: this is the other half of changes

Move none queue item to top of the list.
Check for empty queue names

Add gateway compound groups to the firewall gateway drop down

Do not use the same variable name as the interface we are working with.

Continue interface improvements

Allow tags placed on Floating Rules to be used for matching on interface tabs.

Correct the name

Introduce OpenVPN tab

Allow the FloatingRules extra options to be displayed when creating rules from scratch

Fix missing 'class' typo

• Make the GUI aware that we can now handle DSCP in firewall rules
• Remove duplicate entry for clamav package in filter_rules_generate()

• Unbreak rrd graphs for queues and make them multiinterface aware
• Add a new tab for queuedrops with multiinterface there is no way to have them in the same tab
• Remove $GLOBAL where used and use proper accessor functions
• Remove Manuel from copyright this file has been rewritten...

Do not show duplicate queues names on rules edit page

Move tag/mark options to the Advanced section.

Don't show LAN in Interfaces drop down if it doesn't actually exist.

Bye bye, LAN interface requirement.