/usr/local/www/system_advanced.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced.php @ 04257637

1	13128695	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system_advanced.php
5	416ed28d	Scott Ullrich	part of pfSense
6			Copyright (C) 2005 Scott Ullrich
7	13128695	Scott Ullrich
8	416ed28d	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	13128695	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	13128695	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	13128695	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	13128695	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34			require("guiconfig.inc");
35
36	35284e50	Scott Ullrich	$pconfig['disablefilter'] = $config['system']['disablefilter'];
37	38560a25	Bill Marquette	$pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
38	5b237745	Scott Ullrich	$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
39			$pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr'];
40			$pconfig['cert'] = base64_decode($config['system']['webgui']['certificate']);
41			$pconfig['key'] = base64_decode($config['system']['webgui']['private-key']);
42			$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
43	c11e337b	Scott Ullrich	$pconfig['harddiskstandby'] = $config['system']['harddiskstandby'];
44	5b237745	Scott Ullrich	$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
45	3962b070	Scott Ullrich	$pconfig['filteringbridge_enable'] = isset($config['bridge']['filteringbridge']);
46	5b237745	Scott Ullrich	$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
47	96557c81	Scott Ullrich	/* billm: alternate schedulers are currently disable */
48			/*
49			* $pconfig['schedulertype'] = $config['shaper']['schedulertype'];
50			*/
51	351217ed	Scott Ullrich	$pconfig['maximumstates'] = $config['system']['maximumstates'];
52	ce5ddbd6	Scott Ullrich	$pconfig['theme'] = $config['system']['theme'];
53	68bf6021	Scott Ullrich	$pconfig['disablerendevouz'] = $config['system']['disablerendevouz'];
54	2f810bc1	Scott Ullrich	$pconfig['enableserial'] = $config['system']['enableserial'];
55	5c50ae40	Scott Ullrich	$pconfig['disablefirmwarecheck'] = isset($config['system']['disablefirmwarecheck']);
56	d5967a9a	Scott Ullrich	$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
57	59d09874	Scott Ullrich	$pconfig['enablesshd'] = $config['system']['enablesshd'];
58	74806cee	Seth Mos	$pconfig['sshport'] = $config['system']['ssh']['port'];
59	243aa7b9	Scott Ullrich	$pconfig['sharednet'] = $config['system']['sharednet'];
60	8d36fd1d	Scott Ullrich	$pconfig['polling_enable'] = isset($config['system']['polling']);
61	222b5299	Scott Ullrich
62	a9b19d7f	Scott Ullrich	$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
63
64	5b237745	Scott Ullrich	if ($_POST) {
65
66			unset($input_errors);
67			$pconfig = $_POST;
68
69			/* input validation */
70			if ($_POST['ipv6nat_enable'] && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
71			$input_errors[] = "You must specify an IP address to NAT IPv6 packets.";
72			}
73	351217ed	Scott Ullrich	if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
74			$input_errors[] = "The Firewall Maximum States value must be an integer.";
75			}
76	5b237745	Scott Ullrich	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
77			$input_errors[] = "The TCP idle timeout must be an integer.";
78			}
79			if (($_POST['cert'] && !$_POST['key']) \|\| ($_POST['key'] && !$_POST['cert'])) {
80			$input_errors[] = "Certificate and key must always be specified together.";
81			} else if ($_POST['cert'] && $_POST['key']) {
82			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
83			$input_errors[] = "This certificate does not appear to be valid.";
84			if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
85			$input_errors[] = "This key does not appear to be valid.";
86	a509ff63	Bill Marquette	if ($_POST['altfirmwareurl'])
87			if ($_POST['firmwareurl'] == "" \|\| $_POST['firmwarename'] == "")
88			$input_errors[] = "You must specify a base URL and a filename for the alternate firmware.";
89	66f481cc	Colin Smith	if ($_POST['altpkgconfigurl'])
90			if ($_POST['pkgconfig_base_url'] == "" \|\| $_POST['pkgconfig_filename'] == "")
91			$input_errors[] = "You must specifiy and base URL and a filename before using an alternate pkg_config.xml.";
92	5b237745	Scott Ullrich	}
93	e52f293f	Scott Ullrich	if ($_POST['maximumstates'] <> "") {
94			if ($_POST['maximumstates'] < 1000)
95			$input_errors[] = "States must be above 1000 and below 100000000";
96			if ($_POST['maximumstates'] > 100000000)
97			$input_errors[] = "States must be above 1000 and below 100000000";
98			}
99	74806cee	Seth Mos	if ($_POST['sshport'] <> "") {
100			if( ! is_port($_POST['sshport'])) {
101			$input_errors[] = "You must specify a valid port number";
102			}
103			}
104
105	5b237745	Scott Ullrich	if (!$input_errors) {
106	35284e50	Scott Ullrich	if($_POST['disablefilter'] == "yes") {
107			$config['system']['disablefilter'] = "enabled";
108			} else {
109			unset($config['system']['disablefilter']);
110			}
111	59d09874	Scott Ullrich	if($_POST['enablesshd'] == "yes") {
112			$config['system']['enablesshd'] = "enabled";
113	51579483	Scott Ullrich	touch("{$g['tmp_path']}/start_sshd");
114	36aaefff	Scott Ullrich	} else {
115	59d09874	Scott Ullrich	unset($config['system']['enablesshd']);
116	d7e10506	Scott Ullrich	mwexec("/usr/bin/killall sshd");
117	36aaefff	Scott Ullrich	}
118	74806cee	Seth Mos	$oldsshport = $config['system']['ssh']['port'];
119			$config['system']['ssh']['port'] = $_POST['sshport'];
120	243aa7b9	Scott Ullrich
121	562fca6d	Scott Ullrich	if($_POST['polling_enable'] == "yes") {
122	018ea877	Scott Ullrich	$config['system']['polling'] = true;
123	562fca6d	Scott Ullrich	setup_polling();
124			} else {
125	018ea877	Scott Ullrich	unset($config['system']['polling']);
126	562fca6d	Scott Ullrich	setup_polling();
127			}
128	8d36fd1d	Scott Ullrich
129	243aa7b9	Scott Ullrich	if($_POST['sharednet'] == "yes") {
130			$config['system']['sharednet'] = true;
131			system_disable_arp_wrong_if();
132			} else {
133			unset($config['system']['sharednet']);
134			system_enable_arp_wrong_if();
135			}
136
137	31f93981	Bill Marquette	if($_POST['rfc959workaround'] == "yes")
138	38560a25	Bill Marquette	$config['system']['rfc959workaround'] = "enabled";
139	31f93981	Bill Marquette	else
140			unset($config['system']['rfc959workaround']);
141
142			if($_POST['ipv6nat_enable'] == "yes") {
143			$config['diag']['ipv6nat']['enable'] = true;
144			$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
145			} else {
146			unset($config['diag']['ipv6nat']['enable']);
147			unset($config['diag']['ipv6nat']['ipaddr']);
148	38560a25	Bill Marquette	}
149	5b237745	Scott Ullrich	$oldcert = $config['system']['webgui']['certificate'];
150			$oldkey = $config['system']['webgui']['private-key'];
151			$config['system']['webgui']['certificate'] = base64_encode($_POST['cert']);
152			$config['system']['webgui']['private-key'] = base64_encode($_POST['key']);
153	8affb1da	Scott Ullrich	if($_POST['disableconsolemenu'] == "yes") {
154	31f93981	Bill Marquette	$config['system']['disableconsolemenu'] = true;
155	b1ce7649	Scott Ullrich	auto_login(true);
156	8affb1da	Scott Ullrich	} else {
157	31f93981	Bill Marquette	unset($config['system']['disableconsolemenu']);
158	b1ce7649	Scott Ullrich	auto_login(false);
159	8affb1da	Scott Ullrich	}
160	aefb60ce	Scott Ullrich	unset($config['system']['webgui']['expanddiags']);
161	416ed28d	Scott Ullrich	$config['system']['optimization'] = $_POST['optimization'];
162	5c50ae40	Scott Ullrich
163			if($_POST['disablefirmwarecheck'] == "yes")
164			$config['system']['disablefirmwarecheck'] = true;
165			else
166	2629e5d1	Scott Ullrich	unset($config['system']['disablefirmwarecheck']);
167
168	31f93981	Bill Marquette	if ($_POST['enableserial'] == "yes")
169	538bb06f	Bill Marquette	$config['system']['enableserial'] = true;
170	31f93981	Bill Marquette	else
171			unset($config['system']['enableserial']);
172
173	d1975a6a	Scott Ullrich	if($_POST['harddiskstandby'] <> "") {
174	102239f9	Scott Ullrich	$config['system']['harddiskstandby'] = $_POST['harddiskstandby'];
175	31f93981	Bill Marquette	system_set_harddisk_standby();
176			} else
177			unset($config['system']['harddiskstandby']);
178
179			if ($_POST['noantilockout'] == "yes")
180			$config['system']['webgui']['noantilockout'] = true;
181			else
182			unset($config['system']['webgui']['noantilockout']);
183	13128695	Scott Ullrich
184	351217ed	Scott Ullrich	/* Firewall and ALTQ options */
185	ae48674b	Scott Ullrich	/* alternate scheduler types are currently unsupported */
186			//$config['shaper']['schedulertype'] = $_POST['schedulertype'];
187	351217ed	Scott Ullrich	$config['system']['maximumstates'] = $_POST['maximumstates'];
188	12bcdc89	Scott Ullrich
189	59d09874	Scott Ullrich	if($_POST['enablesshd'] == "yes") {
190			$config['system']['enablesshd'] = $_POST['enablesshd'];
191	f6efd9a5	Scott Ullrich	} else {
192	59d09874	Scott Ullrich	unset($config['system']['enablesshd']);
193	f6efd9a5	Scott Ullrich	}
194
195	a9b19d7f	Scott Ullrich	if($_POST['disablenatreflection'] == "yes") {
196			$config['system']['disablenatreflection'] = $_POST['disablenatreflection'];
197			} else {
198			unset($config['system']['disablenatreflection']);
199			}
200
201	d5967a9a	Scott Ullrich	$config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false;
202	15a87e25	Scott Ullrich
203	3962b070	Scott Ullrich	$config['bridge']['filteringbridge'] = $_POST['filteringbridge_enable'] ? true : false;
204
205	ce5ddbd6	Scott Ullrich	/* pfSense themes */
206			$config['theme'] = $_POST['theme'];
207	d5967a9a	Scott Ullrich
208	5b237745	Scott Ullrich	write_config();
209	b3d44462	Scott Ullrich
210	5b237745	Scott Ullrich	$retval = 0;
211	3851094f	Scott Ullrich	config_lock();
212			$retval = filter_configure();
213			if(stristr($retval, "error") <> true)
214			$savemsg = get_std_save_message($retval);
215			else
216			$savemsg = $retval;
217			$retval \|= interfaces_optional_configure();
218			config_unlock();
219	82184ab0	Scott Ullrich
220	3446ca38	Scott Ullrich	conf_mount_rw();
221
222			/* serial console - write out /boot.config */
223	82184ab0	Scott Ullrich	if(file_exists("/boot.config"))
224			$boot_config = file_get_contents("/boot.config");
225			else
226			$boot_config = "";
227
228			$boot_config_split = split("\n", $boot_config);
229	fd958fd6	Scott Ullrich	if($g['platform'] <> "cdrom") {
230			$fd = fopen("/boot.config","w");
231			if($fd) {
232			foreach($boot_config_split as $bcs) {
233			if(stristr($bcs, "-D")) {
234			/* DONT WRITE OUT, WE'LL DO IT LATER */
235			} else {
236			if($bcs <> "")
237			fwrite($fd, "{$bcs}\n");
238			}
239	3446ca38	Scott Ullrich	}
240	fd958fd6	Scott Ullrich	if(isset($config['system']['enableserial'])) {
241			fwrite($fd, "-D");
242			}
243			fclose($fd);
244	3446ca38	Scott Ullrich	}
245	fd958fd6	Scott Ullrich	/* serial console - write out /boot/loader.conf */
246			$boot_config = file_get_contents("/boot/loader.conf");
247			$boot_config_split = split("\n", $boot_config);
248			$fd = fopen("/boot/loader.conf","w");
249			if($fd) {
250			foreach($boot_config_split as $bcs) {
251			if(stristr($bcs, "console")) {
252			/* DONT WRITE OUT, WE'LL DO IT LATER */
253			} else {
254			if($bcs <> "")
255			fwrite($fd, "{$bcs}\n");
256			}
257	9c853fb5	Scott Ullrich	}
258	fd958fd6	Scott Ullrich	if(isset($config['system']['enableserial'])) {
259			fwrite($fd, "console=\"comconsole\"\n");
260			}
261			fclose($fd);
262	2f810bc1	Scott Ullrich	}
263			}
264
265	24d31909	Scott Ullrich	conf_mount_ro();
266	82184ab0	Scott Ullrich
267	3962b070	Scott Ullrich	setup_filter_bridge();
268
269	5b237745	Scott Ullrich	}
270			}
271	b63695db	Scott Ullrich
272			$pgtitle = "System: Advanced functions";
273			include("head.inc");
274
275	5b237745	Scott Ullrich	?>
276	b63695db	Scott Ullrich
277	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
278	9ecd6ab7	Erik Kristensen
279	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
280	9ecd6ab7	Erik Kristensen
281	74f446e8	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
282	13128695	Scott Ullrich
283	9ecd6ab7	Erik Kristensen	<form action="system_advanced.php" method="post" name="iform" id="iform">
284			<?php if ($input_errors) print_input_errors($input_errors); ?>
285			<?php if ($savemsg) print_info_box($savemsg); ?>
286			<p><span class="vexpl"><span class="red"><strong>Note: </strong></span>the options on this page are intended for use by advanced users only.</span></p>
287			<br />
288	416ed28d	Scott Ullrich
289	9ecd6ab7	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
290			<tbody>
291	dbb0b7d6	Holger Bauer	<?php if($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom"): ?>
292	9ecd6ab7	Erik Kristensen	<tr>
293			<td colspan="2" valign="top" class="listtopic">Enable Serial Console</td>
294			</tr>
295			<tr>
296			<td width="22%" valign="top" class="vncell"> </td>
297			<td width="78%" class="vtable">
298			<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked"; ?> onclick="enable_change(false)" />
299			<strong>This will enable the first serial port with 9600/8/N/1</strong>
300	b8467d8e	Scott Ullrich	<br>
301	3446ca38	Scott Ullrich	<span class="vexpl">Note: This will disable the internal video card/keyboard</span>
302	9ecd6ab7	Erik Kristensen	</td>
303			</tr>
304			<tr>
305			<td width="22%" valign="top"> </td>
306			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
307			</tr>
308			</tr>
309			<tr>
310			<td colspan="2" class="list" height="12"></td>
311			</tr>
312	0831bc86	Scott Ullrich	<?php endif; ?>
313	9ecd6ab7	Erik Kristensen	<tr>
314			<td colspan="2" valign="top" class="listtopic">Secure Shell</td>
315			</tr>
316			<tr>
317			<td width="22%" valign="top" class="vncell"> </td>
318			<td width="78%" class="vtable">
319			<input name="enablesshd" type="checkbox" id="enablesshd" value="yes" <?php if (isset($pconfig['enablesshd'])) echo "checked"; ?> onclick="enable_change(false)" />
320			<strong>Enable Secure Shell</strong>
321			</td>
322			</tr>
323	74806cee	Seth Mos	<tr>
324			<td width="22%" valign="top" class="vncell">SSH port</td>
325			<td width="78%" class="vtable">
326			<input name="sshport" type="text" id="sshport" value="<?php echo $pconfig['sshport']; ?>" onclick="enable_change(false)" />
327			<br />
328			<span class="vexpl">Note: Leave this blank for the default of 22</span>
329			</td>
330			</tr>
331	9ecd6ab7	Erik Kristensen	<tr>
332			<td width="22%" valign="top"> </td>
333			<td width="78%">
334			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
335			</td>
336			</tr>
337			<tr>
338			<td colspan="2" class="list" height="12"> </td>
339			</tr>
340			<tr>
341			<td colspan="2" valign="top" class="listtopic">Shared Physical Network</td>
342			</tr>
343			<tr>
344			<td width="22%" valign="top" class="vncell"> </td>
345			<td width="78%" class="vtable">
346			<input name="sharednet" type="checkbox" id="sharednet" value="yes" <?php if (isset($pconfig['sharednet'])) echo "checked"; ?> onclick="enable_change(false)" />
347	3d0d1aa8	Colin Smith	<strong>This will suppress ARP messages when interfaces share the same physical network</strong>
348	9ecd6ab7	Erik Kristensen	</td>
349			</tr>
350			<tr>
351			<td width="22%" valign="top"> </td>
352			<td width="78%">
353			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
354			</td>
355			</tr>
356			<tr>
357			<td colspan="2" class="list" height="12"> </td>
358			</tr>
359			<tr>
360			<td colspan="2" valign="top" class="listtopic">Theme</td>
361			</tr>
362			<tr>
363			<td width="22%" valign="top" class="vncell"> </td>
364			<td width="78%" class="vtable">
365			<select name="theme">
366	15a87e25	Scott Ullrich	<?php
367	9ecd6ab7	Erik Kristensen	$files = return_dir_as_array("/usr/local/www/themes/");
368			foreach($files as $f) {
369			if ( (substr($f, 0, 1) == "_") && !isset($config['system']['developer']) ) continue;
370			if($f == "CVS") continue;
371			$selected = "";
372			if($f == $config['theme'])
373			$selected = " SELECTED";
374			if($config['theme'] == "" and $f == "pfsense")
375			$selceted = " SELECTED";
376			echo "\t\t\t\t\t"."<option{$selected}>{$f}</option>\n";
377			}
378	15a87e25	Scott Ullrich	?>
379	9ecd6ab7	Erik Kristensen	</select>
380			<strong>This will change the look and feel of pfSense</strong>
381			</td>
382			</tr>
383			<tr>
384			<td width="22%" valign="top"> </td>
385			<td width="78%">
386			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
387			</td>
388			</tr>
389			<tr>
390			<td colspan="2" class="list" height="12"> </td>
391			</tr>
392			<tr>
393			<td colspan="2" valign="top" class="listtopic">IPv6 tunneling</td>
394			</tr>
395			<tr>
396			<td width="22%" valign="top" class="vncell"> </td>
397			<td width="78%" class="vtable">
398			<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?php if ($pconfig['ipv6nat_enable']) echo "checked"; ?> onclick="enable_change(false)" />
399			<strong>NAT encapsulated IPv6 packets (IP protocol 41/RFC2893) to:</strong>
400			<br /> <br />
401			<input name="ipv6nat_ipaddr" type="text" class="formfld" id="ipv6nat_ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipv6nat_ipaddr']);?>" />
402			(IP address)<span class="vexpl"><br /> Don't forget to add a firewall rule to permit IPv6 packets!</span>
403			</td>
404			</tr>
405	b0703b01	Scott Ullrich	<tr>
406			<td colspan="2" class="list" height="12"> </td>
407			</tr>
408	02f0c58f	Scott Ullrich	<tr>
409			<td colspan="2" valign="top" class="listtopic">Filtering Bridge</td>
410			</tr>
411	3962b070	Scott Ullrich	<tr>
412			<td width="22%" valign="top" class="vncell"> </td>
413			<td width="78%" class="vtable">
414			<input name="filteringbridge_enable" type="checkbox" id="filteringbridge_enable" value="yes" <?php if ($pconfig['filteringbridge_enable']) echo "checked"; ?>>
415			<strong>Enable filtering bridge</strong><span class="vexpl"><br>
416			This will cause bridged packets to pass through the packet
417			filter in the same way as routed packets do (by default bridged
418			packets are always passed). If you enable this option, you'll
419			have to add filter rules to selectively permit traffic from
420			bridged interfaces.</span></td>
421			</tr>
422	9ecd6ab7	Erik Kristensen	<tr>
423			<td width="22%" valign="top"> </td>
424			<td width="78%">
425			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
426			</td>
427			</tr>
428			<tr>
429			<td colspan="2" class="list" height="12"> </td>
430			</tr>
431			<tr>
432			<td colspan="2" valign="top" class="listtopic">webGUI SSL certificate/key</td>
433			</tr>
434			<tr>
435			<td width="22%" valign="top" class="vncell">Certificate</td>
436			<td width="78%" class="vtable">
437			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
438			<br />
439			Paste a signed certificate in X.509 PEM format here. <a href="javascript:if(openwindow('system_advanced_create_certs.php') == false) alert('Popup blocker detected. Action aborted.');" >Create</a> certificates automatically.
440			</td>
441			</tr>
442			<tr>
443			<td width="22%" valign="top" class="vncell">Key</td>
444			<td width="78%" class="vtable">
445			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
446			<br />
447			Paste an RSA private key in PEM format here.
448			</td>
449			</tr>
450			<tr>
451			<td width="22%" valign="top"> </td>
452			<td width="78%">
453			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
454			</td>
455			</tr>
456			<tr>
457			<td colspan="2" class="list" height="12"> </td>
458			</tr>
459			<tr>
460			<td colspan="2" valign="top" class="listtopic">Miscellaneous</td>
461			</tr>
462	8d36fd1d	Scott Ullrich
463			<tr>
464			<td width="22%" valign="top" class="vncell">Device polling</td>
465			<td width="78%" class="vtable">
466			<input name="polling_enable" type="checkbox" id="polling_enable" value="yes" <?php if ($pconfig['polling_enable']) echo "checked"; ?>>
467			<strong>Use device polling</strong><br>
468			Device polling is a technique that lets the system periodically poll network devices for new
469			data instead of relying on interrupts. This can reduce CPU load and therefore increase
470			throughput, at the expense of a slightly higher forwarding delay (the devices are polled 1000 times
471	dabf1d2d	Scott Ullrich	per second). Not all NICs support polling; see the pfSense homepage for a list of supported cards.
472	8d36fd1d	Scott Ullrich	</td>
473			</tr>
474
475	9ecd6ab7	Erik Kristensen	<tr>
476			<td width="22%" valign="top" class="vncell">Console menu </td>
477			<td width="78%" class="vtable">
478			<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked"; ?> />
479			<strong>Disable console menu</strong>
480			<br />
481			<span class="vexpl">Changes to this option will take effect after a reboot.</span>
482			</td>
483			</tr>
484			<tr>
485			<td valign="top" class="vncell">Firmware version check</td>
486			<td class="vtable">
487			<input name="disablefirmwarecheck" type="checkbox" id="disablefirmwarecheck" value="yes" <?php if ($pconfig['disablefirmwarecheck']) echo "checked"; ?> />
488			<strong>Disable firmware version check</strong>
489			<br />
490			<span class="vexpl">This will cause pfSense not to check for newer firmware versions when the <a href="system_firmware.php">System: Firmware</a> page is viewed.</span>
491			</td>
492	abf5a84b	Scott Ullrich	</tr>
493			<?php if($g['platform'] == "pfSense"): ?>
494	a509ff63	Bill Marquette	<tr>
495	9ecd6ab7	Erik Kristensen	<td width="22%" valign="top" class="vncell">Hard disk standby time </td>
496			<td width="78%" class="vtable">
497			<select name="harddiskstandby" class="formfld">
498			<?php
499			## Values from ATA-2 http://www.t13.org/project/d0948r3-ATA-2.pdf (Page 66)
500			$sbvals = explode(" ", "0.5,6 1,12 2,24 3,36 4,48 5,60 7.5,90 10,120 15,180 20,240 30,241 60,242");
501			?>
502			<option value="" <?php if(!$pconfig['harddiskstandby']) echo('selected');?>>Always on</option>
503			<?php
504	5b237745	Scott Ullrich	foreach ($sbvals as $sbval):
505			list($min,$val) = explode(",", $sbval); ?>
506	9ecd6ab7	Erik Kristensen	<option value="<?=$val;?>" <?php if($pconfig['harddiskstandby'] == $val) echo('selected');?>><?=$min;?> minutes</option>
507			<?php endforeach; ?>
508			</select>
509			<br />
510			Puts the hard disk into standby mode when the selected amount of time after the last
511			access has elapsed. <em>Do not set this for CF cards.</em>
512			</td>
513			</tr>
514	abf5a84b	Scott Ullrich	<?php endif; ?>
515	9ecd6ab7	Erik Kristensen	<tr>
516			<td width="22%" valign="top" class="vncell">webGUI anti-lockout</td>
517			<td width="78%" class="vtable">
518			<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked"; ?> />
519			<strong>Disable webGUI anti-lockout rule</strong>
520			<br />
521			By default, access to the webGUI on the LAN interface is always permitted, regardless of the user-defined filter
522			rule set. Enable this feature to control webGUI access (make sure to have a filter rule in place that allows you
523			in, or you will lock yourself out!).
524			<br />
525			Hint: the "set LAN IP address" option in the console menu resets this setting as well.
526			</td>
527			</tr>
528			<tr>
529			<td width="22%" valign="top" class="vncell">IPsec SA preferral</td>
530			<td width="78%" class="vtable">
531			<input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked"; ?> />
532			<strong>Prefer old IPsec SAs</strong>
533			<br />
534			By default, if several SAs match, the newest one is preferred if it's at least 30 seconds old.Select this option to always prefer old SAs over new ones.
535			</td>
536			</tr>
537			<tr>
538			<td width="22%" valign="top"> </td>
539			<td width="78%">
540			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
541			</td>
542			</tr>
543			<tr>
544			<td colspan="2" class="list" height="12"> </td>
545			</tr>
546			<tr>
547			<td colspan="2" valign="top" class="listtopic">Traffic Shaper and Firewall Advanced</td>
548			</tr>
549			<tr>
550			<td width="22%" valign="top" class="vncell">FTP RFC 959 data port violation workaround</td>
551			<td width="78%" class="vtable">
552			<input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> onclick="enable_change(false)" />
553			<strong class="vexpl">Workaround for sites that violate RFC 959 which specifies that the data connection be sourced from the command port - 1 (typically port 20). This workaround doesn't expose you to any extra risk as the firewall will still only allow connections on a port that the ftp-proxy is listening on.</strong>
554			<br />
555			</td>
556			</tr>
557	a48aec0a	Bill Marquette	<!---
558	9ecd6ab7	Erik Kristensen	<tr>
559			<td width="22%" valign="top" class="vncell">Traffic Shaper Scheduler</td>
560			<td width="78%" class="vtable">
561			<select id="schedulertype" name="schedulertype" <?= $style ?>>
562			<option value="priq"<?php if($pconfig['schedulertype'] == 'priq') echo " selected"; ?>>Priority based queueing</option>
563			<option value="cbq"<?php if($pconfig['schedulertype'] == 'cbq') echo " selected"; ?>>Class based queueing</option>
564			<option value="hfsc"<?php if($pconfig['schedulertype'] == 'hfsc') echo " selected"; ?>>Hierarchical Fair Service Curve queueing</option>
565			</select>
566			<br />
567			<span class="vexpl"><b>Select which type of queueing you would like to use</b></span>
568			<?php if (is_array($config['shaper']['queue']) > 0): ?>
569			<script language="javascript" type="text/javascript">
570			document.iform.schedulertype.disabled = 1;
571			</script>
572			<br />
573			NOTE: This option is disabled since there are queues defined.
574			<?php endif; ?>
575			</td>
576			</tr>
577	a48aec0a	Bill Marquette	-->
578	9ecd6ab7	Erik Kristensen	<tr>
579			<td width="22%" valign="top" class="vncell">Firewall Optimization Options</td>
580			<td width="78%" class="vtable">
581			<select onChange="update_description(this.selectedIndex);" name="optimization" id="optimization">
582			<option value="normal"<?php if($config['system']['optimization']=="normal") echo " selected"; ?>>normal</option>
583			<option value="high-latency"<?php if($config['system']['optimization']=="high-latency") echo " selected"; ?>>high-latency</option>
584			<option value="aggressive"<?php if($config['system']['optimization']=="aggressive") echo " selected"; ?>>aggressive</option>
585			<option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>>conservative</option>
586			</select>
587			<br />
588	d4fddf14	Scott Ullrich	<textarea cols="60" rows="2" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
589	9ecd6ab7	Erik Kristensen	<script language="javascript" type="text/javascript">
590			update_description(document.forms[0].optimization.selectedIndex);
591			</script>
592			<br />
593			<span class="vexpl"><b>Select which type of state table optimization your would like to use</b></span>
594			</td>
595			</tr>
596			<tr>
597			<td width="22%" valign="top" class="vncell">Disable Firewall</td>
598			<td width="78%" class="vtable">
599			<input name="disablefilter" type="checkbox" id="disablefilter" value="yes" <?php if (isset($config['system']['disablefilter'])) echo "checked"; ?> onclick="enable_change(false)" />
600			<strong>Disable the firewalls filter altogether.</strong>
601			<br />
602	8d0abf6b	Scott Ullrich	<span class="vexpl">Note: This basically converts pfSense into a routing only platform!<br>
603			Note: This will turn off NAT!
604			</span>
605	9ecd6ab7	Erik Kristensen	</td>
606			</tr>
607			<tr>
608			<td width="22%" valign="top" class="vncell">Firewall Maximum States</td>
609			<td width="78%" class="vtable">
610			<input name="maximumstates" type="text" id="maximumstates" value="<?php echo $pconfig['maximumstates']; ?>" onclick="enable_change(false)" />
611			<br />
612			<strong>Maximum number of connections to hold in the firewall state table.</strong>
613			<br />
614			<span class="vexpl">Note: Leave this blank for the default of 10000</span>
615			</td>
616			</tr>
617	a9b19d7f	Scott Ullrich	<tr>
618	b5675af6	Scott Ullrich	<td width="22%" valign="top"> </td>
619			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
620	a9b19d7f	Scott Ullrich	</tr>
621	b5675af6	Scott Ullrich	<tr>
622			<td colspan="2" class="list" height="12"> </td>
623			</tr>
624	a9b19d7f	Scott Ullrich	<tr>
625			<td colspan="2" valign="top" class="listtopic">Network Address Translation</td>
626			</tr>
627			<tr>
628	1b45d566	Scott Ullrich	<td width="22%" valign="top" class="vncell">Disable NAT Reflection</td>
629	a9b19d7f	Scott Ullrich	<td width="78%" class="vtable">
630			<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> onclick="enable_change(false)" />
631	85c4dee1	Scott Ullrich	<strong>Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks</strong>
632	a9b19d7f	Scott Ullrich	</td>
633			</tr>
634	9ecd6ab7	Erik Kristensen	<tr>
635			<td width="22%" valign="top"> </td>
636			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
637			</tr>
638			<tr>
639			<td colspan="2" class="list" height="12"> </td>
640			</tr>
641			</tbody>
642			</table>
643	5b237745	Scott Ullrich	</form>
644	9ecd6ab7	Erik Kristensen
645			<script language="JavaScript" type="text/javascript">
646	5b237745	Scott Ullrich	<!--
647	9ecd6ab7	Erik Kristensen	enable_change(false);
648			//enable_altfirmwareurl(false);
649			//enable_altpkgconfigurl(false);
650	5b237745	Scott Ullrich	//-->
651			</script>
652	9ecd6ab7	Erik Kristensen
653	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
654	9ecd6ab7	Erik Kristensen
655	8affb1da	Scott Ullrich	<?php
656
657	04257637	Scott Ullrich	if (($config['system']['webgui']['certificate'] != $oldcert)
658			\|\| ($config['system']['webgui']['private-key'] != $oldkey)) {
659			touch("/tmp/restart_webgui");
660			}
661
662	8affb1da	Scott Ullrich	function auto_login($status) {
663	02adef9e	Scott Ullrich	$gettytab = file_get_contents("/etc/gettytab");
664	8affb1da	Scott Ullrich	$getty_split = split("\n", $gettytab);
665			conf_mount_rw();
666			$fd = fopen("/etc/gettytab", "w");
667			foreach($getty_split as $gs) {
668			if(stristr($gs, "cb:ce:ck:lc") == true) {
669			if($status == true) {
670	a2100503	Scott Ullrich	fwrite($fd, ":cb:ce:ck:lc:fd#1000:im=\\r\\n%s/%m (%h) (%t)\\r\\n\\r\\n:sp#1200:\\\n");
671	8affb1da	Scott Ullrich	} else {
672	a421e5c8	Scott Ullrich	fwrite($fd, ":al=root:cb:ce:ck:lc:fd#1000:im=\\r\\n%s/%m (%h) (%t)\\r\\n\\r\\n:sp#1200:\\\n");
673	8affb1da	Scott Ullrich	}
674			} else {
675			fwrite($fd, "{$gs}\n");
676			}
677			}
678			fclose($fd);
679			conf_mount_ro();
680			}
681
682			?>
683	5b237745	Scott Ullrich	</body>
684			</html>

Project

General

Profile

pfSense