Merge remote-tracking branch 'upstream/master' into origin/master
add granular control of state timeouts. Ticket #4509
Conflicts: etc/inc/filter.inc
update description after adaptive start/end default change.
Updated even more pages to new Form setup (include names)
refs #16
updated last incorrect _POST references
WIP: Converted advanced_firewall
Fix lineup of copyright lines
and module names and other bits of formatting and typos in headercomment sections.
Welcome 2015
Change copyright statement to reflect reality
modify copyright statement to reflect reality
XHTML Compliance - System Menu
Enforce select option
Advanced - Admin Access TabAdvanced - Firewall / NAT TabCert Manager - Certificate Revocation TabUser Manager - Users TabUser Manager - Groups Tab
xhtml Compliancereplaced <br>, <br/> and </br> with <br />
Remove maximumtables even from the GUI since there is no option
Many fixes on privileges, ticket #3216:
- Rename some privileges: page-diag-system-activity => page-diagnostics-system-activity page-interfacess-groups => page-interfaces-groups page-interfacess-lagg => page-interfaces-lagg page-interfacess-qinq => page-interfaces-qinq...
fix typo
Fix a small issue when disable a boolean option and save, it shows option as enabled
Remove extra { wrongly added on last commit
Fix whitespaces
Fix set/unset of checkaliasesurlcert
Add an option to check certificate for https URL aliases
Allow user to set interval between attempts to resolve hostnames configured on aliases
Tidy up System:Advanced:FirewallNat XHTML
Close BR tagsUpdated HTML boolean operators
Set adaptive.start/adaptive.end to disabled. Also allow them to be customized through system->advanced->firewall. This allows the firewall to be reachable if the state limit is hit but default.
use Sunday rather than Monday for weekly bogon update
Add bogons update frequency selection
Resolves #2529. Load the ipfw module before any commands are executed on CP. Also move the filter_load_ipfw() to captiveportal.inc:captiveportal_load_modules() since no other place uses ipfw(4)
Add "idle" to clarify that legitimate active connections would not be dropped by the pf optimization mode.
Add a knob to tune the maximum number of tables that can be defined, the pf default of 1000 is too low for systems with >500 aliases.
Conflicts:
etc/inc/filter.inc
Add note to NAT Reflection helper indicating where it works.
Change description of 1:1 NAT Reflection setting to be more accurate.
Allow optionally using the type of NAT reflection implementation used for 1:1 mappings with port forwards as well, in addition to allowing the old type, which is still useful in its own way.
Merge array and keep unchanged values.
Add a checkbox that disabled automatically generates negate rules for directly connected networks and VPNsTicket #2057 in redmine
Fix typo
Clarify notes so people don't think they need to disable pf to disable NAT.
remove dead link, no equivalent exists, will add info on that page's help
Test if a variable is set before trying to unset it. If a user has no rules in their config, then $config['filter'] would not be undefined, so unsettings $config['filter']['bypassstaticroutes'] would result in an error. http://forum.pfsense.org/index.php/topic,35702.0.html
Correct text to include PPTP as well.
Resolves #1391. Bring back VPN auto rule disable advanced setting.
This is not NAT, so put it under the Firewall Advanced heading instead.
Add Global reply-to disable checkbox, resolves the issue #1137
reversal of accidentally deleted filesRevert "Add Global reply-to disable checkbox, resolves the issue #1137"
This reverts commit c646776871dacebcaa4225b083aa0789dc0bfba6.
Add option to control automatic creation of NAT rules which assist forwarding rules that send traffic out to the same subnet it originated from.
gettext fixes
On system_advanced_firewall.php, fix display of selected TFTP interfaces after saving. Fixes #794
Make Firewall Optimization Options text readable
Add a GUI field to let the user configure the maxium table entries size. Resolves #588NOTE: Actual tables, not states.
Add note that reflection timeout only applies for port forwards.
Revert changes to reflection for port forwards until finished and approved.
Merge remote branch 'mainline/master' into patches
Resolved conflicts: usr/local/www/system_advanced_firewall.php
Slightly change wording of NAT reflection description.
Add configuration option in System: Advanced: Firewall/NAT for NAT reflection on 1:1 NAT.
Remove note about reflection being skipped on large port ranges.
Removed unused NAT reflection timeout setting.
Fix gettext issues
Merge branch 'master' into gettext
Resolved conflicts: usr/local/www/system_advanced_firewall.php usr/local/www/system_routes.php usr/local/www/system_routes_edit.php
properly show TFTP enabled interfaces
Fix : for translations
Add missing gettext() call
Implement gettext()
Mark this just informative textarea as readonly
Ticket #508. Make TFTP proxy configurable by System Advanced->Firewall/NAT for several interfaces.
Do not use the presence of lan as an indicator of having only one interface. Actually deduce that from the count of interfaces. It is perfectly legal on 2.0 to not have a lan interface and only opt/wan ones.
fix text
Require filter.inc and shaper.inc
Add pfSense_BUILDER_BINARIES: and pfSense_MODULE:. Adjust Copyright to include 2009 on files that I have asserted (C) on
Adding Notifications tab
From yesterday moving of ipfw loading to only captive portal a regression was noticed on ipfw states sizeing.Fix this regression by changing this states when they are changed on the system advanced settings page.
Reported by: cmb@
Remove "Allow IPv6" option from Firewall/NAT tab, it's already on the Networking tab with other IPv6 options.
Block all IPv6 traffic by default, since IPv6 isn't supported, there isn't any way to add such rules in the GUI, and nearly all users won't want IPv6 to traverse their firewall at this point. Add "Allow IPv6" checkbox to disable this behavior.
Remove ftp-proxy/pftpx/ftpsesame references we handle all of this in kernel now.(yay!)
Correct config path so filter rules are generated again for staticroutes.
Remove ocurrences of m0n0 for shaper type in the code.
Split random-id and no-df option for scrubbing.
Break before information text to match other pages
Move the 'advanced users only' notice into the tab body so the tab headersare not displaced by this message.
Cleanup the tab format of the system advanced pages. The edges were squareinstead of rounded like most pfSense pages.
Break out the advanced system options page into tabs group by categories.Fold the sysctl tunables page into a tab under the advanced options page.This reduces the top level menu options by one. There should be nofunctional changes.