Alter ftp-proxy rules a little bit. Be sure to let the firewall itself to allow outgoing proxy traffic.
use parse_xml_config_pkg
m0n0wall -> pfSense
Reset password to pfsense
Add start_command and restart_command xml tags.
Eliminate extra space after template parsing
Add size capability to rowhelper fields
Add template support to packages. Useful for generating the packages .conf files and such.
Woops its /25
Bump PPTP clients up to 128. Oddly running at 64 still used less ram than on 4.X.
Alert user during post package commands
Version bump to 0.22 - FTP-PROXY-TIME-EXCELLENT!
Really remove the label from rdr squid rule
Do not label squid transparent proxy rule
Add package reinstallation button to Backup/Restore area. The script will basically reinstall any packages needed by your configuration after a restore ;)
Add per rule state timeout option. Good for heavily loaded http servers, etc.
Bump version to 0.21
Fix ftp-proxy ;)
Add debugging entry to syslog
Bump PPTP vpn client count to 64 and the subnet to 26
Increase PPTP vpn maximum connections to 50.
Missing brace
Add IPCOMP (IP Compression) support to IPSEC VPN's
Allow for tcp and udp on ports. Create a proto list in thise case.
Remove extra space after udp ipsec rule
Label user rules as USER_RULE: "rule"
Reload the firewall rules when the shaper configuration changes.
Bump version to 0.20
add rule labels
Remove unused entries. Ensure the vpn only talks on necessary ports on each endpoint.
Redirect sysctl output to /dev/null
Supply full path to sysctl
Do not try to execute *
Make sure the description reads Default PPTP -> any
When user enables the PPTP server, check to see if a rule exists for PPTP. If not add one. Now the system DOES NOT automatically allocate PPTP rules during init. This brings greater flexibility allowing the user to tailer the PPTP traffic to their needs.
Supply complete path to sysctl
Switch default optimization method to normal. For some reason "default" does not work even though "Building firewalls with OpenBSD and PF" claims it does.
Change m0n0wall -> pfSense.
Noticed-by: Brianm
Welcome to 0.19 - Drum N Bass Madness!
label the custom rules correctly
Load balancing rule should be created in the rules section. Duh!
Add label for custom and traffic shaper rules
Remove frag code.
We do not use the old flags
Add lowthroughtput items to magic shaper
Restore 1.2b3 version.
Add iptos support
Add maximum states for the firewall to advanced menu.
Remove old m0n0wall TCP Timeout field. This is now handled by PF's optimization dropdown.
Eliminate stray save button at top and the extra white space.
Rearrange ALTQ + PF options into their own area at very bottom.
Typo in aggressive.
Regenerate pf rules after save.
Use max-mss on the scrub rule
Dump the custom ipf custom mss clamping options. we can fine tune these in the pf rules.
Allow for the user to customize the pf optimization options in the system -> advanced menu. the default is normal.
Apparently we will need quick for ALTQ rules
Dont use the quick flag when creating ALTQ rules so the user doesnt accidently open up the firewall to something they do not wish to do.
Add swap space graph to main status screen.
Do not set a value="" on checkbox fields.
Inform the user that the reset password is pfsense .. not mono. While where here notify the user that WAN will be set to DHCP.
Add pfctl -vsq debugging command to status page
Resync with 1.2b3 with the additional pf options.
Remove console links browser option. It does not work correctly with wizard.
Disable scheduler type change when a queue is defined.
Cat out /tmp/rules.debug in status page
FIx bug in filter_altq_get_queuename
allow bandwidth to not be defined
Improve shaper port handling
Update (C)
Bump version to 0.18
Turn off debugging echo
Add support for squid transparent proxy
Add support for priortizing ACK's
Add queues counter status.
Commit what I have so far. Magic shaper now works 100% .. or atleast appears to!
switch xml format over to pfsense header and footer. time to break away from m0n0walls configuration since ours is a little different now.
Move schedulertype configuration setting to system since we have switched to one scheduler per system.
Move scheduler type to advanced menu. We'll default to PRIQ as a simple starting point for new users. NOTE: The scheduler type goes into affect for all interfaces.
Start the process of moving back to a m0n0wall style rules / queues system.
Bump to 0.17
Add carp entry
Correct new rc.d script
Reenable CARP. We need to copy the patched /etc/protocols over to the image for the protocol to work via pf.
Disable fragmentation rule toggle.
temporarily disable carp rules since i am getting invalid protocol yet it seems to work otherwise.
Run /usr/local/etc/rc.d/* items if they exist
Add description for interfaces selection widget if its set.
Add support for vpn_selection.
Add type column to adddeleteeditpagefields allowing for the script to answer yes and no for checkbox items.
reset selected variable at the begining of foreach loop
Bump to 0.16
Tweak package manager to not require a package to function.
If a package does not list any packages needed do not check to make sure its installed.
If carp is compiled into the kernel and userland lets make the appropriate firewall rules to pass the traffic.
Add variable substitutions: $wanip, $lanip to wizard and pkg_edit facilities.
Expand the usage of $myurl in wizard fields and pkg_edit
Bump to 0.15
Check isset values to make sure they have a value before using.
Change default password to pfsense
Correctly save and restore values.
Say hello to package editing capabilities!
Add package edit buttons
Bump to 0.14
sysctl -> system
Convert Add to + button, Delete to - button
Add save button for ftp proxy item
Seperate firewall and ftp-proxy sections
fastforwarding is not compatible with ipsec tunnels -- turn it off if the user has ipsec tunnels.
Allow FTP-Proxy to be disabled under advanced menu.
Correct typo
Move ftp proxy rules above
Move RDR rule up higher in chain
Enable ftp-proxy rule
Enable ftp-proxy
Update license for pfSense
Update a few (C)
Add package web address links
Time for a new build
Break status into its own column
Seperate Category and status better
Add status field
Record package version upon install for future upgrade option.
Correctly remove packages when a lot of packages are installed.
Reported-by: bkw
Bump version to 0.12
When a package does not install correctly, clear the output windows and alert the user that something has gone wrong. Also clear the progress bar.
Allow multiple interfaces
Honour multiselect tag
allow outgoing pings
Change (C)
Change description color to white
Bump version to 0.11
Remove /31 from interfaces.
remove /31 from interface IP assignment screens since a /31 subnet has 0 usable IP addresses. simpify all 1-32 loops by using the same code as much as possible.
Add interfaces_selection field type which will populate a select box filled with the interfaces.
Change m0n0wall -> pfSense
Noticed-by: Bryan
Check for package installation after running both sets of pkg_add -r
Sync master.passwd on bootup
If pkg_add fails, do not continue installation.
Remove extra trailing space
Un tar extra package items to /
Move the stepsubmitphpaction out of the field collection. It was not setting the root password correctly.
Bump to 0.10
Change ntp interval to 300 in alternate config file
Explain what the Admin password is.
Call system_password_configure which syncs the http password.
Add new custom_php_command_before_form directive which is handy to setup function evals that can be hooked into throughout the life of a package
Bump to 0.9
Add a number of directives allowing fields to be tied together similar to wizard.php
Correctly set the left hand panes package url if configfile is set
Sync web GUI password when saving the Admin password. Also sync ssh password at the same time.
Reported-by: B.Kharazmi
Clarify Admin password is for WebGUI
Change time update interval to 400.
Requested-by: B.Kharazmi
change m0n0wall to pfSense
Alert to the user that packages do not modify firewall rules
Correctly disable fast routing when user selects this option
Time to create 0.8-NEW-YEARS-SPECIAL!
Clean up log statements. No functional changes.
comment lines added
Add selection for HTTP or HTTPS web console.
Submitted-by: B.Kharazmi
Do not show fetch progress directly on screen
Download all additional files correctly listed in xml file.
Do not use a array on the additional item
Teach package manager about $myurl variable that can be used to help send a user to another port such as http://$myurl:3000 for ntop.
Add bkw's changes which enable halting from the console menu.
Bump to 0.6
evalulate $myurl to the environment ip of the server
Use configfile or url tag for each file. If .xml is ommited for a configfile and no url is specified then add .xml
Use configfile attribute or url atribute
Make package deinstall script aware of the fact that there may be multiple left hand menu items for each package.
Fix eval bug.
update (C)
Make sure xml configuration filename is lowercase
Correct package header name
Actually hault when called.
Fix checkbox bug where checkboxes are not enabled in the wizards properly.
bump version to 0.5
Use original logo, do not resize.
Upon post, redirect to halt.php.
Noticed-by: B.Kharazmi
Finishing add halt to the system.Suggested-by: Bachman Kharazmi
Add rc.halt command which will shutdown and halt a running system.
Suggested-by: Bachman Kharazmi
Use shutdown -r instead of reboot.
Noticed-by: Bachman Kharazmi
Allow additional files to be defined, downloaded and un tarred if need be.
Firmware upgrade is now working!
Allow multiple menu items to be installed
start cron on bootup
Turn off debugging
Update build times
Only unlink if file exists.
Remove PF from kernel and use GENERIC kernel since we wil be relying on FreeBSD update
Teach verify_gzip_file to use gzip instead of gunzip.
Sync root password with admin password
add config which is needed by pfstat.xml
Reverse the lan and wan interfaces. Woopsy!
Remove debugging info.
Ignore pflog and plip interfaces.
Correctly restore SelectedType selection on wizard load and correctly save out the selected type setting.
links -> Links
Correct value cases and simplify setting of type.
Correct Type save selection on WAN interface wizard screen.
Add stepsubmitbeforesave tag which will process text before saving.
Missing ;;
Set net.link.ether.bridge.pf when enabling bridge.
9) Access web GUI using links
Add link to pfsense home page
Add suport for pfstat.conf
add row as an array item
Add password and normal input options
Make sure item is array before traversing.
Teach package manager how to save the rowhelper row values correctly as arrays.
Add rowhelper type which will place add and delete row items on a form. This can be used to group like items together on the web gui. First package employing this neat feature is pfStat
Add custom_add_php_command_late tag.
Stray a.
Dont delete pkg* here, delete in pkg_mgr only.
Move loop counter. Fixes a add / delete bug.
Remove package manifest after usage forcing fresh package listing each time you enter packaage manager.
Changes for nmap and packages that do not require anything to be saved.
Allow packages to live under Diagnostics menu
document the new xml variable setting routine
Finish packaging storage mechanism. Upon package deletin the package manager will loop through the variables and set them so that you can invoke commands such as system("pw userdel " . $username); from the xml configuration file.
Create a xml_safe_fieldname function which strips out all of the bad characters that could be associated with a xml fieldname.
Correctly save out posted fields to xml configuration file.
Use javascript to detect which state Type should be in initially.
Wizard.xml -> wizard.php
Add enable and disable fields feature to XML language. Fix the TYPE dropdown.
Correct white space seperation.
Dont set root password if fields are blank.
Update (C) info.
Clean up arraynum handling.
Redirect to the initial setup wizard on the first time the web gui is accessed.
Wizard should now be in fully working oorder including reboot, etc.
Move the "User has been added." save message to the XML file where it belongs.
Add arraynum flag which is used when there is an array of values.
Example would be:<dnsserver>X.X.X.X</dnsserver><dnsserver>Y.Y.Y.Y</dnsserver>
Dont forget to output the fields description if it exists.
The wizard system now works!
Dont forget closing name '.
Wizard now will walk through entire step process.
TODO: Save posted items correctly.
Add steps 1-6 from cmb.
Updated to match wizard.php
Introduce wizard system.
Forced commit.
Honour the ext/$category/$FILENAME contents as the URL of the installed package.
Use the correct name when invoking the left menus.
Use correct service name.
Alert when no packages are installed.
use name no menu->name
woops! its str_replace not replace.
Correctly add neededtext field.
Clean up leftovers from nat.
We dont really need fancy_name afterall.
Alert user if no packages are installed.
Add FancyName xml field
Fix delete and install.
Make sure /usr/local/pkg/ exists
disable debugging
revert back to m0n0wall header and footer for xml config files. this will keep us partly compatible with m0n0wall -> pfSense upgraders
Packages continued. New log file facility added.
Add custom after add and after delete commands. Correct a bug where it shows the url instead of the name on the left.
add size, rows and cols flags
Say hello to the pkg_edit.php automated gui creation utility!http://www.pfsense.com/screens/pkg_mgr.JPGhttp://www.pfsense.com/screens/pkg_edit.JPG
Add green_dot.jpg which can be used for progress bars.
Correct this to sound more english like instead of southern twang ;)
dive line better with |
Move save buttom to top while here and also lower to 45.
extend filename size to 50 characters. Im not sure what too so long for this. ..
Include menu item in the subsections on the left. Menu XML file must be in lower case,. Ex: /usr/local/www/ext/Servuces/ifgraph.xml
Enhanced logging of installed packages and their dependencies.
Add tem field as array xml markers
Say welcome to the pfSense package manager!
Add trying to add a break between items on elinks
Add automatic create certificate options to Captive Portal.
Enable/disable Accounting port as needed.
Update color to pfSense red
Update WebGUI -> WebConfigurator
Update pfSense to check for firmware upgrades from our site.
Display optional interfaces correctly
Make all tabs look similar when active or inactive.
Add key generation items found on list and comment out even though ours works atm.
Woops, y is now height.
Move NOTE to bottom.
Custom graph width / height settings now inputtable by user.
Idea from:http://m0n0.ch/wall/gallery/stefan_zier/monowall-pic.jpg
Update with 1.2b3
Update servics_proxyarp* from 1.2b3.
dont try to deterimine swap volume until primary volume is mounted (need grep and cut)
add back queues
Merge in m0n0wall 1.2b3 changes.
Synchornize with m0n0wall 1.2b3. These files have not really beenmodified too much so a straight copy works. 9 files remain to bepatched by hand.
Do not hard code IDE swap device, probe /etc/fstab for its existance
make sure to unlink first during tar operations
Introduce an easy way to upgrade firmware for pfSense.
update platform to pfSense
Clean up a little more (whitespace) and echo after menu selection
Trim off some extra screen real-estate by combining the interface line with ip addresses (add wan ip). Update (C)
Make the default source port any instead of other
Correctly toggle accounting port if the service is enabled or disabled.
Remove type and make all code uniform.
Make 2 line ifs all the same by nut using opening and closing braces {}
Throw a input_error if user tries to use modulate state or synproxy state and icmp or udp
Allow rules to be assigned different state mechanisms such as: keep state, modulate state, synproxy state and none.
This file was not added correctly after the Captive Portal logging patch
Make sure to enable swap before trying to obtain core dump
extra safe-guard when creating nat outgoing balancing rules.
Fix small bug in outgoing load balancing rule generation.
Do not call shaper_configure. This is now handled in the rules section.
Reported-by: Daimao
Turn SACK off.
remove sysctl.conf
surround macros with ""
remove /var/tmp and /tmp on boot
Fix certificate creation .... again.
Remove /var/run/sysreboot.reqd on boot if exists
Turn off SACK since this is most likely causing kernel panics
lets call mkdir by full path just in case
include panic support since freebsd 5 is apparently not so stable. :(
<br> after the notice
No need for opening brace in this case. Paste-typo
When Applying rules, go back to self
Add logout feature to console (for ssh sessions)
Only insert alias if alias: is contained within the text item
Forgot a closing brace.
Pointy-hat-to-me-award.
add NOTE: Leave these fields blank to disable this feature. to edit rule
Add Simultaneous client connection limit (max-src-nodes) and Maximum state entries per host (max-src-states) webConfigurator
Update to dropdowns to count to /32
Add option in status.php to better show the source-track, max-src-nodes and max-src-states options
Add backend support for source-track, max-src-nodes and max-src-states.
enable hard disk stand-by option
remove <br> between checkbox and description to maintain the forms style
Backend piece of insert a disable firewall option to turn pfSense into a router only.
Insert a disable firewall option to turn pfSense into a router only.
Correct a bug where someone could not turn off FastRouting
Enable fast forwarding (fast routing).
A description of fastforwarding:
Fastforwarding caches the results of a route lookup for destinationaddresses that are not on the local machine, and uses the cached routeto short-circuit the normal (relatively slow) route lookup process. The...
Surround interface with ()
change default scheduler type to hfsc
evailable -> available
"The firewall" -> pfSense
Update copyright
Forgot to implement option 2 Ports
Small bug fixes and minor description changes
heh.
blue -> red
on a completely off topic note, uofl rules!
Move the alias selection screen to the dropdown menu that includes all network or alias, etc.
Change ALIAS color to pfSense red. Add a dropdown box that lists aliases on the rules that when you select it will fill in the alias name in either src or dst boxes.
reflect that this could be address(s) or host(s) or port(s)
Backend portino of add the ability to define networks, ports and or hosts as aliases. Allow the alias to point to more than ONE item ;)
Add the ability to define networks, ports and or hosts as aliases. Allow the alias to point to more than ONE item ;)
Add Outgoing load balancing
Add a SSH configuration file which permits root login.
no message
Update changed files with new copyright, attribute Manuel Kasper
Fix a couple typos and mis-pastes
add rio support to front end gui Random Early Detection In and Out
implement upperlimit, realtime, linkshare and rio options
Implement bandwidith percentages
Implement borrow ALTQ option
update version infomration to 0.2
Add Copyright to each file that we have touched so far and re attribute the file to Manuel Kasper such as:
Copyright (C) 2004 Scott Ullrich All rights reserved.
originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>....
bug fix: Honour newer sa setting
Move ASCII characters only under input box.
make sure we are not using skip rules
change description box font color to white
Clarify about outbound NAT load balancing
Setup load balancing on outbound nat
Load balancing makes more sense on the outgoing tab
Prefer older IPSEC SA's option.
Add NAT outbound load balancing
add support for net.key.preferred_oldsa and add a checkbox on IPSec screen
add support for net.key.preferred_oldsa
Convert description font color to white
Convert font color to white
fix certificate creation
Change color from brown to new deep red
Line break about 4 characters before.
Add Create Certificate support to OpenVPN.
Update colors.
Update certificiate creation process.
Change color to #990000 so I dont have to hear about ppl pooping the same color any longer.
comment up some of the functions
Cleanup table, make all fields bold.
Create certificate for HTTP Server option
add pftop to console menu
do not foreach through pfqueue, queues if it does not exist.
Add captive portal logging.
Patch-submitted-to-m0n0wall-list-by: Matt Juszczak <matt_AT_atopia.net>
Note to the user to only use ascii characters in the IPSEC pre-shared keys.
Noticed-by: D. Ubevidste <detubevidste_AT_gmail.com
Show that we are creating a pf and altq ruleset instead of ipfilter. No functional changes.
Our checks where too loose before, if the same type of scheduler was on more than one interface we assigned the queues to all the interfaces with the same definition, etc.
traffic shaper changes
do not call shaper_configure
do not include /sbin/pfctl -vvsq
save and restore optional interface bandwidth management settings
add filter_get_rule_interface function to return a interface of a rule
restore the selected rule when editing a queue
do not sort or breakup rules.
do not allow user to select queue from firewall rule edit screen, instead the user will bond a queue up on the queue edit screen.
show scheduler type in the "Associate with rule" item
disable debugging echo's
Turn the color from baby blue to a lighter brown
Add scheduler type per interface and allow user to define overall bandwidth for the interface
I designed the queues screen wrong the last time (and backend scripts). Instead we need to design where only we allow only one scheduler per interface
do not assign queues to every interface, instead traverse all queue and only return a queue if its destined for the appropriate interface.
Instead of allowing the user to pick a scheduler per queue, we are supposed to pick a scheduler for overall interface
Interface speed definitions for interfaces
Clean up save or reboot message, add bandwidth elements to WAN and LAN for traffic shaping. Clean up a few bugs in traffic shaping queue edit screen.
correctly restore the schedulertype information
take out the previous echo $ifface since that was a debugging item.
correct description from not showing
add debugging screen for altq
automatically disable fields for altq that do not apply to currently selected scheduler mode
When no parent queue is selected, output "" as option
do not spawn a new window when user clicks on pfSense logo in left corner, take them back to index.php
update field when posting, etc.
Add needed options for HFSC/CBQ screens.
be sure to post interface value
fix bugs and only enable priority based queueing for the time being
allow user to set a hidden ipsec field called "creategif" which will create gif entries which are useful for routing.
modify altq options to fall under their own xml items
add interface selection screen for proxyarp
add pfSense copyright, attribute Manuel Kasper and T. Lechat
change graphing colors
Move shaper.inc to the attic since we no longer support dummynet traffic shaping. Say hello to ALTQ!
Do not run shaper.inc since we no longer support dummynet traffic shaping.
Turn the ALTQ queue options into a options XML holder. IE options->red would be set to on if this option is used.
Comment out HFSC and CBQ until I can finish the extra input screens required by them.
remove trailing c/r
typo
add ms rdp, change name to pfsense, attribute m0n0wall
convert name to pfSense, keep m0n0wall credits
convert filter logs diagnostics over to parse pf format instead of ipf
change name to pfSense
Delete files.
Update files.
Update binaries. Make them static.
Update binaries.
correct the path to pfctl and silence any warnings
change status page name to pfSense
Go ahead and sync up needed binaries since we have a pfSense_sync script.
make sure we define the ipsec vpn rules correctly pf style
allow VPN's to talk
change name to pfSense, attribute Manuel Kasper as original author.
do not hard code the size of the image.
rename webGUI Configuration -> to our webConfigurator
change colors to #7F3B00
no need to scale the logo up REALLY large. let it scale its normal size.
Automatically replace spaces with "" for queue names
correct a typo classe -> classed
update a href to go to the home of the pfSense install
update priority message to match altq
change hostname to pfSense
Initial revision
Formats disponibles : Atom