Add an option to set no-sync on rules to keep states from being synced via pfsync. Fix #2501
Remove call-time pass by reference for do_input_validation, helps ticket #2565
s/require/require_once/g for filter.inc to avoid redeclaration errors in some rare cases.
Relax advanced options firewall rules tests
Various advanced options are now possible for any protocol since https://github.com/pfsense/pfsense/commit/653bde345e8f960de5bc745fe74e64d8ef3fd2d3So allow these through the front-end GUI validation also.
Allow advanced options state-related parameters to be used for TCP, UDP and ICMP
Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
Validate firewall rule advanced options requirements
Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules.Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html...
Implement URL Table aliases for ports instead of IP addresses
Add support for protocol 41 in rules. Fixes #3007.
Add a new alias type, URLs containing Ports
Fix whitespace and indent
Fixed 802.1p duplicating values for vlanprio and vlanprioset
For real this time. Friggin' github.
Clean inconsistent "none" and empty conventions for advanced fields - removes residual "none" entries on save
Fix none where should be empty string for 802.1p
Tidy up "firewall_rules_edit.php" XHTML
Close INPUT, BR and IMG tags and add ALT to IMG tagsUpdate HTML boolean operatorsAdd missing closing P tagsRemove NAME paramenter from TR and DIV tags, invalid HTML
Track user/time a firewall rule was created and last updated, and show this information at the bottom of the page when viewing the firewall rule. Have various places in the system that create rules add a proper entry to indicate their origin.
Set (src|dst)mask to 128 for single IPv6 addresses. Fixes #2451
Deal correct with bitmask for ipv6 on destination, same we did for src. If fixes #2451
Refine the test for Ticket #2451 to check for aliases as well
Warn users that nosync option won't prevent it to be overwritten on carp slave members
Deal correct with /32 subnet mask for ipv6 addresses. If fixes #2451
Display gateways with matching IP protocol in Gateways list
Some gateways do not have traditional addresses hard-coded into them - e.g. for OpenVPN dynamic gateways are created in software on-the-fly (they are not actually entries in the config). So traditional tests like is_ipaddrv4 are not useful to determine if the gateway is IPv4 or IPv6....
Fixes #1575. Allow Match option to be used with limiters as well. The support is there in kernel so allow rules to be configured on this.
To allow limiters to work correctly on mutliwan for now enforce selecting a gateway on outgoing
Encode the interface parameter before using it in a redirect
Fix warning when no gateway groups
If there are no gateway groups defined, and you save a rule that has an ordinary gateway selected in "Advanced Features - Gateway", then a warning is emitted when trying to traverse an empty gateway groups array at line 214.
Refine saving/applying on more pages - don't show apply or take an action unless the user is allowed to do that.
Don't offer to apply changes if no changes actually happened.
remove bunk input validation
Activate new shortcuts/status in the rest of the areas that are currently setup.
Fixes #2428. Reference limiters in rules by name to avoid issues. Also put upgrade code for existing configs. The same fix is necessary for 2.0.x though not sure how this should be committed there.
Add a inet46 filter type on the firewall rules page. I have locked down a few of the most common limitations.Still arguing if we should lock this down even further to aliases only.Redmine ticket #2466
Properly test for the address family now that the array says what it's supposed to be.
Fix of bug #2374 "When entering values in firewall rules leading andtrailing spaces are not deleted"
Allow 802.1p tags to be controlled from firewall rules edit screen
cleanup: code for building arrays for autocompleted fields
Fix preservation of the selection of interfaces on input errors for floating rules.
feature #2320: JS helper to toggle subnet mask for ipv4/v6 during input
http://redmine.pfsense.org/issues/2320
prep work for feature #2320: tag for ipv4v6 fields
now we use the Chosen javascript plugin for jQuery
Add a check to prevent this gateway code from triggering the address family check. This might not be all that is needed for Ticket #1949
Unbreak the firewall rule Edit page, input error array was unset halfway the validation. Set that back up ontop.Add gateway validation
Catch another possiblity for invalid rule generation
Properly fix the address family check for gateway groups Ticket #1659
Unbreak firewall rules edit, missing a )
Add address family validation, also hide gateways or gateway groups from the gateway list.Fix Ticket #1659
Add chosen js library (mit lic). Modify interface multiple select box to use.
Adding pre_input_errors hook
Revert "Move early call up a bit"
This reverts commit 35843e59c81366a7d30a44a94c8a135fc6834454.
Move early call up a bit
Adding hook for interfaces allowing pfCenter and friends to add interfaces to the dropdown
Merge remote-tracking branch 'upstream/master'
Conflicts: etc/inc/easyrule.inc etc/inc/filter.inc etc/inc/interfaces.inc etc/inc/services.inc etc/inc/xmlrpc_client.inc usr/local/www/fbegin.inc usr/local/www/services_dhcp.php
Bug #1639. Port alias missing input validation in firewall_rules_edit.php.
Merge remote branch 'upstream/master'
Be consistent with upper and lowercase.
Make the ICMP echo request type less ambiguous, and since it's likely the main one to get used, move it to the top.
Conflicts: conf.default/config.xml etc/inc/filter.inc etc/inc/globals.inc etc/inc/pfsense-utils.inc etc/inc/upgrade_config.inc usr/local/www/interfaces.php
Remove bogus protection. We have better handling of this now.
Add missing plugin code. Move the pre_write section up a bit.
Adding a new hook system for firewall nat edit and firewall rules edit page.Basically if the directory exists it will suck in the files to extend these pags.
/usr/local/pkg/firewall_nat/input_validation/usr/local/pkg/firewall_nat/pre_write_config/usr/local/pkg/firewall_nat/htmlphpearly...
Conflicts: etc/inc/filter.inc usr/local/www/themes/the_wall/rrdcolors.inc.php
In IPsec, s/mobileclients/client/, this was changed long ago in the config but not everywhere followed.
Resolve merge conflict
Show friendly names of interface for root queues of ALTQ.
Conflicts: etc/inc/filter.inc etc/inc/vpn.inc
Fix typo/spacing issue. Resolves #1300
Use autocomplete='off' like all other fields that accept aliases, to prevent web browser auto-complete from covering up the alias list popup.
Catch up
Allow match action on Floating rules and exposed it with name Queue. More validation is needed.
Generalize pppoe server enabled check and use it elsewhere in the GUI that needed fixed. Still needs changes in filter.inc - Ticket #1243
Conflicts: etc/inc/system.inc
fix text
Enlarge subnet bits to 128
Conflicts: etc/inc/interfaces.inc etc/inc/system.inc
remove <strong> to make consistent with all other text
Add OSPF to firewall rule protocol choices
Conflicts: etc/inc/interfaces.inc etc/inc/vslb.inc usr/local/www/interfaces.php
Ticket #1043. Check for '' and not for 'default' since this is the default value of the select.
Do not allow gateways to be selected without a direction.
Allow floating rules without direction to be created again.
Resolves #1043. Do not allow limiters in floating rules without direction. It is invalid practice and while the backend skips it the user should be warned.
Conflicts: etc/inc/filter.inc etc/inc/system.inc usr/local/www/interfaces.php usr/local/www/interfaces_gif_edit.php
Fix XSS issues
Bring in XSS id fixes from m0n0wall
Use this sort before saving, so the rule just added is sorted into the proper category like the rest.
Conflicts: etc/inc/filter.inc
Change the firewall rule generation to look for the ipprotocol tag which defines inet or inet6. This makes sure that we use ipv6 addresses and change to the correct ipv6-icmp tag.
Balance <p> with </p>
Put </ul> tags inside the same <td> since they cannot span multiple of them.
Unhide the source port options on firewall rules when they are not at the defaults.
Revert "Shows source ports when they are already defined" - this only made it so they were never hidden.
This reverts commit d886ebd6d438cf9b397face67ed4f254de661a94.
Ticket #568. Do not show the save/cancel buttons on the edit page of firewall rules if that are advanced options set.
Fix text for the source port note on firewall rules.
Fix gettext mishap/typo. Cosmetic only. Fixes #857
Shows source ports when they are already defined
Merge remote branch 'mainline/master'
Conflicts: usr/local/www/diag_smart.php usr/local/www/firewall_rules_edit.php usr/local/www/interfaces.php usr/local/www/load_balancer_pool_edit.php usr/local/www/pkg_mgr_settings.php
Use
Fix gettext on firewall_rules_edit.php