Automatically select destination as $Interface address when Interface is changed just for new rules, or, if previous rule has already the combination interface + interface address selected
Merge remote branch 'mainline/master'
Silence and correct command that tries to kill a previous running ipfw-classifyd command.
Missed curly.
Do not error out when trying to delete an unexisting package. Just display an error message.
Add binding support for row helper drop downs
Allow mapping a select drop down to any area of config.xml
Fix test to not penalized variable value of 0.
Remove option 'any' from Destination Port Range
Mark this just informative textarea as readonly
no rdr rules shouldon't have ->, take care of nat reflection rules either
correctly go to interface for edit bogons/rfc1918
Use the source address/ports and nordr parameter with reflection redirects as well.
temporary work around for ticket #536
add note about 1:1s and interface IPs
remove unnecessary input validation checks
remove this check, the WAN IP can be used in binat now with no problems
remove bunk input validation
Fix perms
Improve NanoBSD slice updating/changing a bit, add some error checking. Resolves #534.
Relocate some NanoBSD functions to a central place. Change NanoBSD diagnostics and system info widget to use the new code. Ticket #533 and some prerequisite parts of Ticket #534.
Well there was a reason for this being returned out. Ticket #539.
Remove all code for directions it is not needed any more on passthrough ip's.
Add missing ;
Conflicts: etc/inc/filter.inc
Unbreak limiter rule creation.
Ticket #528. Do not route-to for local connected subnets.
Add a new alias type, urltable, which downloads a file of IP/CIDR addresses and loads them into a pf persist table instead of importing the addresses directly into a traditional alias. This allows for using huge tables of addresses that would otherwise break the GUI and/or fail to load into pf. Part of ticket #512
Validate imported URL data. Resolves #530.
Fix creation of pipe/queue aka limiters.
Warn the user when we cannot get the MAC address on pass through auto add case. Also when a user does a logout through clicking the logout form exit after showing sending info on logout successful.
Allow a passthrough mac to be deleted by a POST. Take the neccessary actions to disconnect and remove the mac from CP.
Allow users to send in the same POST authentication info and post fields. This will be allowed by authentication code if the special post var 'postafterlogin' isset.
Make pasthrough GUI code catch-up with the latest changes.
Use tables of ipfw for passthrough mac entries. This makes it scale way better than previously. Fix multiple entries on adding mac through entries automatically after login for the same user. The changes allow even pass through mac to be controlled from the Status->Captiveportal. Use serialize/unserialize on some files that keep temporary information to speed up calculations. Really allow mac passthrough to follow radius rules or time out rules when present.
Call dst_change with right param and on right place to use correct destination address for new rules
Consider VIPs on Destination Address and below few fixes
- Rename change_dst to dst_change to follow standards- Fix indent
changed destination type according to the selected interface
Validating Source address and Destination address
Hidding Redirect Target Port when using GRE and ESP
Disable redirect port field when a port different of (other) is selected
Do not include filter.inc twice
Add a new option which allows the admin user to configure CP so that it automatically enters an MAC passthru entry. The MAC is taken from login details and has to be removed manually. Also do improvements on rules handling and pipes. Add some optmizations. Teach the GUI/backend on ip/mac passthrough to configure a bw limit for this entries.
Show p2 items correctly (add missing td's)
Perform IP/Host and Port number validation for Authentication servers in the OpenVPN Wizard.
Restrict country code entry in the OpenVPN wizard to two letters.
Block source edit on associated firewall rules
Fix default port choices for LDAP/RADIUS server in OpenVPN wizard.
Fix OpenVPN port default choice in Wizard. Also fix protocol specification. (Should be Uppercase)
Revert "Fix finding next OpenVPN port. Protocol should be lowercase." - This was wrong in the wizard, apparently, and not the main page.
This reverts commit a48613a65d8d04dfec2aeefdb37440bdd399cdab.
Fix finding next OpenVPN port. Protocol should be lowercase.
redirect port range must not use :*, calculate end port and create the correct rule
Fix port range calculation
Use isset() to check boolean values from xml, to be sure it is or not set. It fixes a bug to add "no rdr" rules. While i am here, fix another small issue setting $nordr to "" when nordr is not set to fix all next rules
fix text
remove commented out bit that causes annoying pop ups in IE. Ticket #299
show port and proto
fix up text
clarify text
Fix growl issues.
Ticket #518Ticket #519
Submibtted-by: Blake Skinner
Use FQDN for HELLO SMTP command. Ticket #443
use 6969 for tftp-proxy
Ticket #511. Actually return the rules from all the packages not just the first one.
Ticket #508. Make TFTP proxy configurable by System Advanced->Firewall/NAT for several interfaces.
Do not use the presence of lan as an indicator of having only one interface. Actually deduce that from the count of interfaces. It is perfectly legal on 2.0 to not have a lan interface and only opt/wan ones.
Update system information widget to use new version checking mechanism.
Beef up the version comparison code. This should let us compare several combinations of local and remote versions and properly determine if the current version is older or the same as the remote version.
Fail over update check to report the supplied version from the remote server if it is not a build time/datestamp.
Fix whitespace
Fix CA cert dupe detection when no certs yet exist.
Add titles to wizard steps, change some wording to be more consistent.
radius.inc already has this includes so do not include them explicitly. This unbreaks the loading of bcmath module since PEAR.inc is not yet included!
Ticket #386. Add even the network address to the list of addresses on proxy arp vips to the naat out edit.
Ticket #483. Load the bcmath extension dynamically through PEAR for Radius accounting.
Ticket #486. Convert even the gateways that specify the interface itself.
Ticket #499. Create custom options propperly for each interface. This solution binds the option name to the interface name so it is even easier to distinguish.
Add code to allow applications on pfSense itself that bind to a socket or want to source route traffic to work. This fixes DynDns on multi-wan as the simplest of it.
Add a timeout for curl_exec. Combine all dyndns.org methods to one catching up with its API changes.
Fix regex on matching ip when behind nat.
Move checking if dyndns is enabled to the proper place.
Improve startup time by delaying dyndns synching.
Remove associated rule-id from default config they confuse rule edit page.
Conflicts: usr/local/www/firewall_aliases.php usr/local/www/firewall_virtual_ip.php
Check if var exist before compare its value
Use correct xml tag to compare with nat port forward destination address
On Virtual IPs, the ip is stored on subnet xml tag, use it to compare with external-address.
source address is been checked 2 times and destination address no one, fix this
Remove bandwidth tags from default config they are not used.
Actually disable flowtables support by default.