Its long overdue the ez-ipupdate.cache file
trigger setup wizard
Remove duplicate config.xml and restore conf.default/config.xml if /conf/config.xml and no backups exist
Modify captive portal to use centralized user management. The user manager hasbeen modified to include an account expiration option to support this service.
Correct the configuration file IPsec certificate upgrade process.
Update config.xml to 5.5 to prevent RRD database conversion from triggering.add rrd tag to default enabled
change default to enable block bogons
Add TCP TSO = 0 sysctl
Change default icmplim to 750.
Revise default allow all to any rule text. Remove > and attempt to cleanuptext to make it more friendly to a new user.
Remove the page locking privileges after discussion with Scott on IRC. Thefeature was confusing and offered little utility that I could see. If wereally need to provide serialized access to sections of the webui, IMO itshould be a global lock option and enabled or disabled manually and not a...
Modify all the default configuration files to ensure the versions match.While in globals.inc, remove the easyrsa path and do some whitespacecleanup.
Set net.inet.icmp.icmplim to 500. Apparently the low setting of 200wrecked Seths firewall on upgrade due to overwhelming amounts of icmppackets.
Move WAN interface to appear first now that the interface codeprogramatically enumerates the interfaces. Not sure if we needupgrade code to move the interface order.
Disable extended TCP debugging.
Sync to new config version number.
Epose if_bridge(4) sysctl members.
Rewrite the pfsense privilege system with the following goals in mind ...
1) Redefine page privileges to not use static urls2) Accurate generation of privilege definitions from source3) Merging the user and group privileges into a single set4) Allow any privilege to be added to users or groups w/ inheritance...
latest config.xml version is 4.9
Add TCP Inflight
Remove unused tag.
Unbreak package manager
Add missing bits from HEAD.
Switch over to the newly provisioned 0.pfsense.pool.ntp.org whichntp.org has graciously setup for pfSense.
Really disable CTRL+ALT+DELETE.
Disable CTRL+ALT+DELETE reboot sequence on keyboard.
Admnins commonly have to press this sequence to login to winderz boxen andif you have a shared KVM you might accidently reboot your firewall.
Revert previous patch to retain compatibility in the GUI.
Add defualt pass rule on lan interface and remove it from config.It is a default policy so lets keep it with defaults and let the user override it when pleases.
Remove it from here since it is part of the default policy and allow that on a new installation,...
Move update bogons script to 3am.
Discussed on pfSense-support@
Increase net.inet.ip.intr_queue_maxlen to 1000 which is the IP input queue.
Reset slbd every 140 minutes as opposed to 300 minutes.
Set the ephemeral port range starting port to 1024 instead of 49152.
On a busy firewall it is possible to run out of ephemeral ports and then the system will block new connections until a port is available.
s/bin/sbin/
Reset SLBD every 5 hours to avoid 100% cpu utilization
Ticket #1316
We need to expire entries every hour, not every half hour. (snort)
Add overlooked sysctl's.
Add system tunables area which allows the user to fine control sysctl's.
Oops, we need /etc/ping_hosts.sh to run every 5 minutes.
Add NTP server field to dhcp config.From: Alexander Schaber
We actually have 2.9 has the default now.
Backport cron handling from HEAD.
Patches-submitted-by: DSH@
Change default theme to nervecenter.
No objections from any of the 13 other people in IRC. Make it so.
Disable NAT reflection by default.
Set theme back to metallic and avoid the lynching
Change default theme back to pfsense.
Some people claim the fancy metallic theme is slower.
See http://forums.whirlpool.net.au/forum-replies-archive.cfm/436523.html
Change back to sis0 and sis1 for embedded. CDROM platform and other will pull in conf.defaults which is set for VMWARE if need be.
Change the default interface setup in PC version to vmware.
Do not enable SSHD by default.
Ticket #682
Disable FTP proxy helper on WAN by default
1.10 -> 2.0
Bump config version to 1.9
Allow SSH service to be disabled / enabled.
Turn off raw filter for new installs
3 out of 4 kids agree, metallic is a better theme!
Enable ipsec passthrough by default
Turn on prefer older sa's by default
Default to "raw" logging until the loging parsing items are updated.
Switch default optimization method to normal. For some reason "default" does not work even though "Building firewalls with OpenBSD and PF" claims it does.
Allow for the user to customize the pf optimization options in the system -> advanced menu. the default is normal.
Commit what I have so far. Magic shaper now works 100% .. or atleast appears to!
switch xml format over to pfsense header and footer. time to break away from m0n0walls configuration since ours is a little different now.
Move schedulertype configuration setting to system since we have switched to one scheduler per system.
Change default password to pfsense
Change ntp interval to 300 in alternate config file
Change time update interval to 400.
Requested-by: B.Kharazmi
revert back to m0n0wall header and footer for xml config files. this will keep us partly compatible with m0n0wall -> pfSense upgraders
Say welcome to the pfSense package manager!
change default scheduler type to hfsc
change hostname to pfSense
Initial revision