Correct testing behavior for default shell. Previously was tested with bash.
Check pfsense.com for newer versions when visiting the firmware menu.
Log upgrade actions to syslog.
If an error occurs during the rule loading, report the error to the user.
only set S/SA on tcp rules
Version bump to 0.26
Convert filter_configure to return the error text from pf if a ruleset is not loaded correctly for any reason
Convert altq ipfw code to use the newer queue types.
Overhaul many functions in the traffic shaper and make them simpler.
Instead of tareting queue numbers, target the queue name.
Add custom /usr/local/pkg/pf directory which will store custom php script that the packages use to modify the pf rules.
Log package changs to the system log.
Scheduler type has been switched to advanced screen. Remove a few bugger hiding from when this was per interface driven.
Reported-by: DungaBee
Top frame was much too large for logo. Shorten it down and add a break between table rows.
Bump version to 0.25
Add auto complete support to NAT.
Add port alias capability. Add auto complete widgets to all alias capable input boxes.
Make the iframe used to work around ie's select habits 5 pixels larger.
Add a highlight text color, add border color. Change to pfSense color scheme.
Do not use iframe hack on non Microsoft Internet Explorer Browsers
Add savemsg get parm.
Do not submit the form if the user presses enter in one of the textarea fields with a dropdown widget attached to it.
On internet explorer, select objects are window controls and therefore cannot be overlapped by another other items except for an iframe. To make sure our dropdown box shows up correcty, insert a iframe underneath the dropdowns table with a zorder of 1 less. This will cover the select box and make sure the dropdown looks correctly on IE....
On input validation note that the source or destionation ports can now be aliases.
Style cleanup
Break after each host / port or alias address.
Add auto_complete_helper.hs auto complete javascript helper file.
Aliases now work for ports. Add autocomplete hint field for aliases box on rules edit form.
Do not call shaper_configure() .. It is now built into filter_configure()
Correct the behavior for hosts networks and ports
Bump version to 0.24
The subnet box should be greyed out when entering a port alias.
ipfw -f flush before unloading
Since the IPFW module is now compiled with the default to allow all from any to any, take out the code that setup those specific rules.
Missed closing bracket.
Pointy-hat-to: me
Only unload ipfw module if traffic shaper is disabled AND captive portal is disabled.
Do not echo during shaper configuration.
Add back iplen
Do not echo commands out when setting up traffic shaper configuration.
Add T. Howell-Cintron expanded radius attributes patch.
move max-mss line to correct spot.
Doh!
Pass targetqueue, not queue.
wake -> take.
Noticed-by: Brian
Add an allow rules immediately following the kldload of the ipfw module.
Fixup ordering. ALTQ rules load out of the box now!
Clean up after major ipfw/altq conversion.
Its now working! w00t!
Change the reboot link color to yellow.
Add IPFW2+ALTQ traffic shaping. We have now switched the rules portion over to IPFW which will tag the packet accordingly.
No need for shifting $config around.. we use the pkg xml parser now
Start adding anchors to most common areas of rules so that packages and shell-cmd can furhter modify the system with ease.
Minor comment cleanups, add anchor to altqints and extra welcome text after boot sequence is finally complete.
Remove filter_configure() from late in the process, it interferes with shell-cmd
Add usbd to system startup.
Add anchors for: altq, nat and filter.
altq is where all the shaping rules currently live.
nat is where all of the nat related items live.
filter is where the actual filter rules live.
Version bump to 0.23
Add show log feature after package installation is completed.
After fixing the diagnostics and optional interfaces items, we lost the functionality to see which packages are installed. Bring this back.
m0n0wall -> pfSense
Alert the user that the upgrade will be in the background.
Add auto upgrade option to pfSense
Add /etc/rc.filter_configure which can be called from a shell script to configure the filter
Remove ftp-proxy debugging entry.
Add process_kill_command which will kill the process late after installation to allow other items to finish up such as filter_configure();
Alter ftp-proxy rules a little bit. Be sure to let the firewall itself to allow outgoing proxy traffic.
use parse_xml_config_pkg
Reset password to pfsense
Add start_command and restart_command xml tags.
Eliminate extra space after template parsing
Add size capability to rowhelper fields
Add template support to packages. Useful for generating the packages .conf files and such.
Woops its /25
Bump PPTP clients up to 128. Oddly running at 64 still used less ram than on 4.X.
Alert user during post package commands
Version bump to 0.22 - FTP-PROXY-TIME-EXCELLENT!
Really remove the label from rdr squid rule
Do not label squid transparent proxy rule
Add package reinstallation button to Backup/Restore area. The script will basically reinstall any packages needed by your configuration after a restore ;)
Add per rule state timeout option. Good for heavily loaded http servers, etc.
Bump version to 0.21
Fix ftp-proxy ;)
Add debugging entry to syslog
Bump PPTP vpn client count to 64 and the subnet to 26
Increase PPTP vpn maximum connections to 50.
Missing brace
Add IPCOMP (IP Compression) support to IPSEC VPN's
Allow for tcp and udp on ports. Create a proto list in thise case.
Remove extra space after udp ipsec rule
Label user rules as USER_RULE: "rule"
Reload the firewall rules when the shaper configuration changes.
Bump version to 0.20
add rule labels
Remove unused entries. Ensure the vpn only talks on necessary ports on each endpoint.
Redirect sysctl output to /dev/null
Supply full path to sysctl
Do not try to execute *
Make sure the description reads Default PPTP -> any
When user enables the PPTP server, check to see if a rule exists for PPTP. If not add one. Now the system DOES NOT automatically allocate PPTP rules during init. This brings greater flexibility allowing the user to tailer the PPTP traffic to their needs.
Supply complete path to sysctl
Switch default optimization method to normal. For some reason "default" does not work even though "Building firewalls with OpenBSD and PF" claims it does.
Change m0n0wall -> pfSense.
Noticed-by: Brianm