/usr/local/www/system_advanced.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced.php @ 0831bc86

1	13128695	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			system_advanced.php
5	416ed28d	Scott Ullrich	part of pfSense
6			Copyright (C) 2005 Scott Ullrich
7	13128695	Scott Ullrich
8	416ed28d	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	13128695	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	13128695	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	13128695	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	13128695	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34			require("guiconfig.inc");
35
36	35284e50	Scott Ullrich	$pconfig['disablefilter'] = $config['system']['disablefilter'];
37	38560a25	Bill Marquette	$pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
38	5b237745	Scott Ullrich	$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
39			$pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr'];
40			$pconfig['cert'] = base64_decode($config['system']['webgui']['certificate']);
41			$pconfig['key'] = base64_decode($config['system']['webgui']['private-key']);
42			$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
43	c11e337b	Scott Ullrich	$pconfig['harddiskstandby'] = $config['system']['harddiskstandby'];
44	5b237745	Scott Ullrich	$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
45	3962b070	Scott Ullrich	$pconfig['filteringbridge_enable'] = isset($config['bridge']['filteringbridge']);
46	5b237745	Scott Ullrich	$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
47	96557c81	Scott Ullrich	/* billm: alternate schedulers are currently disable */
48			/*
49			* $pconfig['schedulertype'] = $config['shaper']['schedulertype'];
50			*/
51	351217ed	Scott Ullrich	$pconfig['maximumstates'] = $config['system']['maximumstates'];
52	ce5ddbd6	Scott Ullrich	$pconfig['theme'] = $config['system']['theme'];
53	68bf6021	Scott Ullrich	$pconfig['disablerendevouz'] = $config['system']['disablerendevouz'];
54	2f810bc1	Scott Ullrich	$pconfig['enableserial'] = $config['system']['enableserial'];
55	5c50ae40	Scott Ullrich	$pconfig['disablefirmwarecheck'] = isset($config['system']['disablefirmwarecheck']);
56	d5967a9a	Scott Ullrich	$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
57	59d09874	Scott Ullrich	$pconfig['enablesshd'] = $config['system']['enablesshd'];
58	74806cee	Seth Mos	$pconfig['sshport'] = $config['system']['ssh']['port'];
59	243aa7b9	Scott Ullrich	$pconfig['sharednet'] = $config['system']['sharednet'];
60	8d36fd1d	Scott Ullrich	$pconfig['polling_enable'] = isset($config['system']['polling']);
61	222b5299	Scott Ullrich
62	a9b19d7f	Scott Ullrich	$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
63
64	5b237745	Scott Ullrich	if ($_POST) {
65
66			unset($input_errors);
67			$pconfig = $_POST;
68
69			/* input validation */
70			if ($_POST['ipv6nat_enable'] && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
71			$input_errors[] = "You must specify an IP address to NAT IPv6 packets.";
72			}
73	351217ed	Scott Ullrich	if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
74			$input_errors[] = "The Firewall Maximum States value must be an integer.";
75			}
76	5b237745	Scott Ullrich	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
77			$input_errors[] = "The TCP idle timeout must be an integer.";
78			}
79			if (($_POST['cert'] && !$_POST['key']) \|\| ($_POST['key'] && !$_POST['cert'])) {
80			$input_errors[] = "Certificate and key must always be specified together.";
81			} else if ($_POST['cert'] && $_POST['key']) {
82			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
83			$input_errors[] = "This certificate does not appear to be valid.";
84			if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
85			$input_errors[] = "This key does not appear to be valid.";
86	a509ff63	Bill Marquette	if ($_POST['altfirmwareurl'])
87			if ($_POST['firmwareurl'] == "" \|\| $_POST['firmwarename'] == "")
88			$input_errors[] = "You must specify a base URL and a filename for the alternate firmware.";
89	66f481cc	Colin Smith	if ($_POST['altpkgconfigurl'])
90			if ($_POST['pkgconfig_base_url'] == "" \|\| $_POST['pkgconfig_filename'] == "")
91			$input_errors[] = "You must specifiy and base URL and a filename before using an alternate pkg_config.xml.";
92	5b237745	Scott Ullrich	}
93	e52f293f	Scott Ullrich	if ($_POST['maximumstates'] <> "") {
94			if ($_POST['maximumstates'] < 1000)
95			$input_errors[] = "States must be above 1000 and below 100000000";
96			if ($_POST['maximumstates'] > 100000000)
97			$input_errors[] = "States must be above 1000 and below 100000000";
98			}
99	74806cee	Seth Mos	if ($_POST['sshport'] <> "") {
100			if( ! is_port($_POST['sshport'])) {
101			$input_errors[] = "You must specify a valid port number";
102			}
103			}
104
105	5b237745	Scott Ullrich	if (!$input_errors) {
106	35284e50	Scott Ullrich	if($_POST['disablefilter'] == "yes") {
107			$config['system']['disablefilter'] = "enabled";
108			} else {
109			unset($config['system']['disablefilter']);
110			}
111	59d09874	Scott Ullrich	if($_POST['enablesshd'] == "yes") {
112			$config['system']['enablesshd'] = "enabled";
113	51579483	Scott Ullrich	touch("{$g['tmp_path']}/start_sshd");
114	36aaefff	Scott Ullrich	} else {
115	59d09874	Scott Ullrich	unset($config['system']['enablesshd']);
116	d7e10506	Scott Ullrich	mwexec("/usr/bin/killall sshd");
117	36aaefff	Scott Ullrich	}
118	74806cee	Seth Mos	$oldsshport = $config['system']['ssh']['port'];
119			$config['system']['ssh']['port'] = $_POST['sshport'];
120	243aa7b9	Scott Ullrich
121	562fca6d	Scott Ullrich	if($_POST['polling_enable'] == "yes") {
122	018ea877	Scott Ullrich	$config['system']['polling'] = true;
123	562fca6d	Scott Ullrich	setup_polling();
124			} else {
125	018ea877	Scott Ullrich	unset($config['system']['polling']);
126	562fca6d	Scott Ullrich	setup_polling();
127			}
128	8d36fd1d	Scott Ullrich
129	243aa7b9	Scott Ullrich	if($_POST['sharednet'] == "yes") {
130			$config['system']['sharednet'] = true;
131			system_disable_arp_wrong_if();
132			} else {
133			unset($config['system']['sharednet']);
134			system_enable_arp_wrong_if();
135			}
136
137	31f93981	Bill Marquette	if($_POST['rfc959workaround'] == "yes")
138	38560a25	Bill Marquette	$config['system']['rfc959workaround'] = "enabled";
139	31f93981	Bill Marquette	else
140			unset($config['system']['rfc959workaround']);
141
142			if($_POST['ipv6nat_enable'] == "yes") {
143			$config['diag']['ipv6nat']['enable'] = true;
144			$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
145			} else {
146			unset($config['diag']['ipv6nat']['enable']);
147			unset($config['diag']['ipv6nat']['ipaddr']);
148	38560a25	Bill Marquette	}
149	5b237745	Scott Ullrich	$oldcert = $config['system']['webgui']['certificate'];
150			$oldkey = $config['system']['webgui']['private-key'];
151			$config['system']['webgui']['certificate'] = base64_encode($_POST['cert']);
152			$config['system']['webgui']['private-key'] = base64_encode($_POST['key']);
153	8affb1da	Scott Ullrich	if($_POST['disableconsolemenu'] == "yes") {
154	31f93981	Bill Marquette	$config['system']['disableconsolemenu'] = true;
155	b1ce7649	Scott Ullrich	auto_login(true);
156	8affb1da	Scott Ullrich	} else {
157	31f93981	Bill Marquette	unset($config['system']['disableconsolemenu']);
158	b1ce7649	Scott Ullrich	auto_login(false);
159	8affb1da	Scott Ullrich	}
160	aefb60ce	Scott Ullrich	unset($config['system']['webgui']['expanddiags']);
161	416ed28d	Scott Ullrich	$config['system']['optimization'] = $_POST['optimization'];
162	5c50ae40	Scott Ullrich
163			if($_POST['disablefirmwarecheck'] == "yes")
164			$config['system']['disablefirmwarecheck'] = true;
165			else
166	2629e5d1	Scott Ullrich	unset($config['system']['disablefirmwarecheck']);
167
168	31f93981	Bill Marquette	if ($_POST['enableserial'] == "yes")
169	538bb06f	Bill Marquette	$config['system']['enableserial'] = true;
170	31f93981	Bill Marquette	else
171			unset($config['system']['enableserial']);
172
173	d1975a6a	Scott Ullrich	if($_POST['harddiskstandby'] <> "") {
174	102239f9	Scott Ullrich	$config['system']['harddiskstandby'] = $_POST['harddiskstandby'];
175	31f93981	Bill Marquette	system_set_harddisk_standby();
176			} else
177			unset($config['system']['harddiskstandby']);
178
179			if ($_POST['noantilockout'] == "yes")
180			$config['system']['webgui']['noantilockout'] = true;
181			else
182			unset($config['system']['webgui']['noantilockout']);
183	13128695	Scott Ullrich
184	351217ed	Scott Ullrich	/* Firewall and ALTQ options */
185	ae48674b	Scott Ullrich	/* alternate scheduler types are currently unsupported */
186			//$config['shaper']['schedulertype'] = $_POST['schedulertype'];
187	351217ed	Scott Ullrich	$config['system']['maximumstates'] = $_POST['maximumstates'];
188	12bcdc89	Scott Ullrich
189	59d09874	Scott Ullrich	if($_POST['enablesshd'] == "yes") {
190			$config['system']['enablesshd'] = $_POST['enablesshd'];
191	f6efd9a5	Scott Ullrich	} else {
192	59d09874	Scott Ullrich	unset($config['system']['enablesshd']);
193	f6efd9a5	Scott Ullrich	}
194
195	a9b19d7f	Scott Ullrich	if($_POST['disablenatreflection'] == "yes") {
196			$config['system']['disablenatreflection'] = $_POST['disablenatreflection'];
197			} else {
198			unset($config['system']['disablenatreflection']);
199			}
200
201	d5967a9a	Scott Ullrich	$config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false;
202	15a87e25	Scott Ullrich
203	3962b070	Scott Ullrich	$config['bridge']['filteringbridge'] = $_POST['filteringbridge_enable'] ? true : false;
204
205	ce5ddbd6	Scott Ullrich	/* pfSense themes */
206			$config['theme'] = $_POST['theme'];
207	d5967a9a	Scott Ullrich
208	5b237745	Scott Ullrich	write_config();
209	13128695	Scott Ullrich
210	5b237745	Scott Ullrich	if (($config['system']['webgui']['certificate'] != $oldcert)
211			\|\| ($config['system']['webgui']['private-key'] != $oldkey)) {
212	61deccba	Bill Marquette	system_webgui_start();
213	5b237745	Scott Ullrich	}
214	13128695	Scott Ullrich
215	b3d44462	Scott Ullrich
216	5b237745	Scott Ullrich	$retval = 0;
217	3851094f	Scott Ullrich	config_lock();
218			$retval = filter_configure();
219			if(stristr($retval, "error") <> true)
220			$savemsg = get_std_save_message($retval);
221			else
222			$savemsg = $retval;
223			$retval \|= interfaces_optional_configure();
224			config_unlock();
225	82184ab0	Scott Ullrich
226	3446ca38	Scott Ullrich	conf_mount_rw();
227
228			/* serial console - write out /boot.config */
229	82184ab0	Scott Ullrich	if(file_exists("/boot.config"))
230			$boot_config = file_get_contents("/boot.config");
231			else
232			$boot_config = "";
233
234			$boot_config_split = split("\n", $boot_config);
235	fd958fd6	Scott Ullrich	if($g['platform'] <> "cdrom") {
236			$fd = fopen("/boot.config","w");
237			if($fd) {
238			foreach($boot_config_split as $bcs) {
239			if(stristr($bcs, "-D")) {
240			/* DONT WRITE OUT, WE'LL DO IT LATER */
241			} else {
242			if($bcs <> "")
243			fwrite($fd, "{$bcs}\n");
244			}
245	3446ca38	Scott Ullrich	}
246	fd958fd6	Scott Ullrich	if(isset($config['system']['enableserial'])) {
247			fwrite($fd, "-D");
248			}
249			fclose($fd);
250	3446ca38	Scott Ullrich	}
251	fd958fd6	Scott Ullrich	/* serial console - write out /boot/loader.conf */
252			$boot_config = file_get_contents("/boot/loader.conf");
253			$boot_config_split = split("\n", $boot_config);
254			$fd = fopen("/boot/loader.conf","w");
255			if($fd) {
256			foreach($boot_config_split as $bcs) {
257			if(stristr($bcs, "console")) {
258			/* DONT WRITE OUT, WE'LL DO IT LATER */
259			} else {
260			if($bcs <> "")
261			fwrite($fd, "{$bcs}\n");
262			}
263	9c853fb5	Scott Ullrich	}
264	fd958fd6	Scott Ullrich	if(isset($config['system']['enableserial'])) {
265			fwrite($fd, "console=\"comconsole\"\n");
266			}
267			fclose($fd);
268	2f810bc1	Scott Ullrich	}
269			}
270
271	24d31909	Scott Ullrich	conf_mount_ro();
272	82184ab0	Scott Ullrich
273	3962b070	Scott Ullrich	setup_filter_bridge();
274
275	5b237745	Scott Ullrich	}
276			}
277	b63695db	Scott Ullrich
278			$pgtitle = "System: Advanced functions";
279			include("head.inc");
280
281	5b237745	Scott Ullrich	?>
282	b63695db	Scott Ullrich
283	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
284	9ecd6ab7	Erik Kristensen
285	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
286	9ecd6ab7	Erik Kristensen
287	74f446e8	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
288	13128695	Scott Ullrich
289	9ecd6ab7	Erik Kristensen	<form action="system_advanced.php" method="post" name="iform" id="iform">
290			<?php if ($input_errors) print_input_errors($input_errors); ?>
291			<?php if ($savemsg) print_info_box($savemsg); ?>
292			<p><span class="vexpl"><span class="red"><strong>Note: </strong></span>the options on this page are intended for use by advanced users only.</span></p>
293			<br />
294	416ed28d	Scott Ullrich
295	9ecd6ab7	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
296			<tbody>
297	dbb0b7d6	Holger Bauer	<?php if($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom"): ?>
298	9ecd6ab7	Erik Kristensen	<tr>
299			<td colspan="2" valign="top" class="listtopic">Enable Serial Console</td>
300			</tr>
301			<tr>
302			<td width="22%" valign="top" class="vncell"> </td>
303			<td width="78%" class="vtable">
304			<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked"; ?> onclick="enable_change(false)" />
305			<strong>This will enable the first serial port with 9600/8/N/1</strong>
306	b8467d8e	Scott Ullrich	<br>
307	3446ca38	Scott Ullrich	<span class="vexpl">Note: This will disable the internal video card/keyboard</span>
308	9ecd6ab7	Erik Kristensen	</td>
309			</tr>
310			<tr>
311			<td width="22%" valign="top"> </td>
312			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
313			</tr>
314			</tr>
315			<tr>
316			<td colspan="2" class="list" height="12"></td>
317			</tr>
318	0831bc86	Scott Ullrich	<?php endif; ?>
319	9ecd6ab7	Erik Kristensen	<tr>
320			<td colspan="2" valign="top" class="listtopic">Secure Shell</td>
321			</tr>
322			<tr>
323			<td width="22%" valign="top" class="vncell"> </td>
324			<td width="78%" class="vtable">
325			<input name="enablesshd" type="checkbox" id="enablesshd" value="yes" <?php if (isset($pconfig['enablesshd'])) echo "checked"; ?> onclick="enable_change(false)" />
326			<strong>Enable Secure Shell</strong>
327			</td>
328			</tr>
329	74806cee	Seth Mos	<tr>
330			<td width="22%" valign="top" class="vncell">SSH port</td>
331			<td width="78%" class="vtable">
332			<input name="sshport" type="text" id="sshport" value="<?php echo $pconfig['sshport']; ?>" onclick="enable_change(false)" />
333			<br />
334			<span class="vexpl">Note: Leave this blank for the default of 22</span>
335			</td>
336			</tr>
337	9ecd6ab7	Erik Kristensen	<tr>
338			<td width="22%" valign="top"> </td>
339			<td width="78%">
340			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
341			</td>
342			</tr>
343			<tr>
344			<td colspan="2" class="list" height="12"> </td>
345			</tr>
346			<tr>
347			<td colspan="2" valign="top" class="listtopic">Shared Physical Network</td>
348			</tr>
349			<tr>
350			<td width="22%" valign="top" class="vncell"> </td>
351			<td width="78%" class="vtable">
352			<input name="sharednet" type="checkbox" id="sharednet" value="yes" <?php if (isset($pconfig['sharednet'])) echo "checked"; ?> onclick="enable_change(false)" />
353	3d0d1aa8	Colin Smith	<strong>This will suppress ARP messages when interfaces share the same physical network</strong>
354	9ecd6ab7	Erik Kristensen	</td>
355			</tr>
356			<tr>
357			<td width="22%" valign="top"> </td>
358			<td width="78%">
359			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
360			</td>
361			</tr>
362			<tr>
363			<td colspan="2" class="list" height="12"> </td>
364			</tr>
365			<tr>
366			<td colspan="2" valign="top" class="listtopic">Theme</td>
367			</tr>
368			<tr>
369			<td width="22%" valign="top" class="vncell"> </td>
370			<td width="78%" class="vtable">
371			<select name="theme">
372	15a87e25	Scott Ullrich	<?php
373	9ecd6ab7	Erik Kristensen	$files = return_dir_as_array("/usr/local/www/themes/");
374			foreach($files as $f) {
375			if ( (substr($f, 0, 1) == "_") && !isset($config['system']['developer']) ) continue;
376			if($f == "CVS") continue;
377			$selected = "";
378			if($f == $config['theme'])
379			$selected = " SELECTED";
380			if($config['theme'] == "" and $f == "pfsense")
381			$selceted = " SELECTED";
382			echo "\t\t\t\t\t"."<option{$selected}>{$f}</option>\n";
383			}
384	15a87e25	Scott Ullrich	?>
385	9ecd6ab7	Erik Kristensen	</select>
386			<strong>This will change the look and feel of pfSense</strong>
387			</td>
388			</tr>
389			<tr>
390			<td width="22%" valign="top"> </td>
391			<td width="78%">
392			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
393			</td>
394			</tr>
395			<tr>
396			<td colspan="2" class="list" height="12"> </td>
397			</tr>
398			<tr>
399			<td colspan="2" valign="top" class="listtopic">IPv6 tunneling</td>
400			</tr>
401			<tr>
402			<td width="22%" valign="top" class="vncell"> </td>
403			<td width="78%" class="vtable">
404			<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?php if ($pconfig['ipv6nat_enable']) echo "checked"; ?> onclick="enable_change(false)" />
405			<strong>NAT encapsulated IPv6 packets (IP protocol 41/RFC2893) to:</strong>
406			<br /> <br />
407			<input name="ipv6nat_ipaddr" type="text" class="formfld" id="ipv6nat_ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipv6nat_ipaddr']);?>" />
408			(IP address)<span class="vexpl"><br /> Don't forget to add a firewall rule to permit IPv6 packets!</span>
409			</td>
410			</tr>
411	b0703b01	Scott Ullrich	<tr>
412			<td colspan="2" class="list" height="12"> </td>
413			</tr>
414	02f0c58f	Scott Ullrich	<tr>
415			<td colspan="2" valign="top" class="listtopic">Filtering Bridge</td>
416			</tr>
417	3962b070	Scott Ullrich	<tr>
418			<td width="22%" valign="top" class="vncell"> </td>
419			<td width="78%" class="vtable">
420			<input name="filteringbridge_enable" type="checkbox" id="filteringbridge_enable" value="yes" <?php if ($pconfig['filteringbridge_enable']) echo "checked"; ?>>
421			<strong>Enable filtering bridge</strong><span class="vexpl"><br>
422			This will cause bridged packets to pass through the packet
423			filter in the same way as routed packets do (by default bridged
424			packets are always passed). If you enable this option, you'll
425			have to add filter rules to selectively permit traffic from
426			bridged interfaces.</span></td>
427			</tr>
428	9ecd6ab7	Erik Kristensen	<tr>
429			<td width="22%" valign="top"> </td>
430			<td width="78%">
431			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
432			</td>
433			</tr>
434			<tr>
435			<td colspan="2" class="list" height="12"> </td>
436			</tr>
437			<tr>
438			<td colspan="2" valign="top" class="listtopic">webGUI SSL certificate/key</td>
439			</tr>
440			<tr>
441			<td width="22%" valign="top" class="vncell">Certificate</td>
442			<td width="78%" class="vtable">
443			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
444			<br />
445			Paste a signed certificate in X.509 PEM format here. <a href="javascript:if(openwindow('system_advanced_create_certs.php') == false) alert('Popup blocker detected. Action aborted.');" >Create</a> certificates automatically.
446			</td>
447			</tr>
448			<tr>
449			<td width="22%" valign="top" class="vncell">Key</td>
450			<td width="78%" class="vtable">
451			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
452			<br />
453			Paste an RSA private key in PEM format here.
454			</td>
455			</tr>
456			<tr>
457			<td width="22%" valign="top"> </td>
458			<td width="78%">
459			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
460			</td>
461			</tr>
462			<tr>
463			<td colspan="2" class="list" height="12"> </td>
464			</tr>
465			<tr>
466			<td colspan="2" valign="top" class="listtopic">Miscellaneous</td>
467			</tr>
468	8d36fd1d	Scott Ullrich
469			<tr>
470			<td width="22%" valign="top" class="vncell">Device polling</td>
471			<td width="78%" class="vtable">
472			<input name="polling_enable" type="checkbox" id="polling_enable" value="yes" <?php if ($pconfig['polling_enable']) echo "checked"; ?>>
473			<strong>Use device polling</strong><br>
474			Device polling is a technique that lets the system periodically poll network devices for new
475			data instead of relying on interrupts. This can reduce CPU load and therefore increase
476			throughput, at the expense of a slightly higher forwarding delay (the devices are polled 1000 times
477	dabf1d2d	Scott Ullrich	per second). Not all NICs support polling; see the pfSense homepage for a list of supported cards.
478	8d36fd1d	Scott Ullrich	</td>
479			</tr>
480
481	9ecd6ab7	Erik Kristensen	<tr>
482			<td width="22%" valign="top" class="vncell">Console menu </td>
483			<td width="78%" class="vtable">
484			<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked"; ?> />
485			<strong>Disable console menu</strong>
486			<br />
487			<span class="vexpl">Changes to this option will take effect after a reboot.</span>
488			</td>
489			</tr>
490			<tr>
491			<td valign="top" class="vncell">Firmware version check</td>
492			<td class="vtable">
493			<input name="disablefirmwarecheck" type="checkbox" id="disablefirmwarecheck" value="yes" <?php if ($pconfig['disablefirmwarecheck']) echo "checked"; ?> />
494			<strong>Disable firmware version check</strong>
495			<br />
496			<span class="vexpl">This will cause pfSense not to check for newer firmware versions when the <a href="system_firmware.php">System: Firmware</a> page is viewed.</span>
497			</td>
498	abf5a84b	Scott Ullrich	</tr>
499			<?php if($g['platform'] == "pfSense"): ?>
500	a509ff63	Bill Marquette	<tr>
501	9ecd6ab7	Erik Kristensen	<td width="22%" valign="top" class="vncell">Hard disk standby time </td>
502			<td width="78%" class="vtable">
503			<select name="harddiskstandby" class="formfld">
504			<?php
505			## Values from ATA-2 http://www.t13.org/project/d0948r3-ATA-2.pdf (Page 66)
506			$sbvals = explode(" ", "0.5,6 1,12 2,24 3,36 4,48 5,60 7.5,90 10,120 15,180 20,240 30,241 60,242");
507			?>
508			<option value="" <?php if(!$pconfig['harddiskstandby']) echo('selected');?>>Always on</option>
509			<?php
510	5b237745	Scott Ullrich	foreach ($sbvals as $sbval):
511			list($min,$val) = explode(",", $sbval); ?>
512	9ecd6ab7	Erik Kristensen	<option value="<?=$val;?>" <?php if($pconfig['harddiskstandby'] == $val) echo('selected');?>><?=$min;?> minutes</option>
513			<?php endforeach; ?>
514			</select>
515			<br />
516			Puts the hard disk into standby mode when the selected amount of time after the last
517			access has elapsed. <em>Do not set this for CF cards.</em>
518			</td>
519			</tr>
520	abf5a84b	Scott Ullrich	<?php endif; ?>
521	9ecd6ab7	Erik Kristensen	<tr>
522			<td width="22%" valign="top" class="vncell">webGUI anti-lockout</td>
523			<td width="78%" class="vtable">
524			<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked"; ?> />
525			<strong>Disable webGUI anti-lockout rule</strong>
526			<br />
527			By default, access to the webGUI on the LAN interface is always permitted, regardless of the user-defined filter
528			rule set. Enable this feature to control webGUI access (make sure to have a filter rule in place that allows you
529			in, or you will lock yourself out!).
530			<br />
531			Hint: the "set LAN IP address" option in the console menu resets this setting as well.
532			</td>
533			</tr>
534			<tr>
535			<td width="22%" valign="top" class="vncell">IPsec SA preferral</td>
536			<td width="78%" class="vtable">
537			<input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked"; ?> />
538			<strong>Prefer old IPsec SAs</strong>
539			<br />
540			By default, if several SAs match, the newest one is preferred if it's at least 30 seconds old.Select this option to always prefer old SAs over new ones.
541			</td>
542			</tr>
543			<tr>
544			<td width="22%" valign="top"> </td>
545			<td width="78%">
546			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
547			</td>
548			</tr>
549			<tr>
550			<td colspan="2" class="list" height="12"> </td>
551			</tr>
552			<tr>
553			<td colspan="2" valign="top" class="listtopic">Traffic Shaper and Firewall Advanced</td>
554			</tr>
555			<tr>
556			<td width="22%" valign="top" class="vncell">FTP RFC 959 data port violation workaround</td>
557			<td width="78%" class="vtable">
558			<input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> onclick="enable_change(false)" />
559			<strong class="vexpl">Workaround for sites that violate RFC 959 which specifies that the data connection be sourced from the command port - 1 (typically port 20). This workaround doesn't expose you to any extra risk as the firewall will still only allow connections on a port that the ftp-proxy is listening on.</strong>
560			<br />
561			</td>
562			</tr>
563	a48aec0a	Bill Marquette	<!---
564	9ecd6ab7	Erik Kristensen	<tr>
565			<td width="22%" valign="top" class="vncell">Traffic Shaper Scheduler</td>
566			<td width="78%" class="vtable">
567			<select id="schedulertype" name="schedulertype" <?= $style ?>>
568			<option value="priq"<?php if($pconfig['schedulertype'] == 'priq') echo " selected"; ?>>Priority based queueing</option>
569			<option value="cbq"<?php if($pconfig['schedulertype'] == 'cbq') echo " selected"; ?>>Class based queueing</option>
570			<option value="hfsc"<?php if($pconfig['schedulertype'] == 'hfsc') echo " selected"; ?>>Hierarchical Fair Service Curve queueing</option>
571			</select>
572			<br />
573			<span class="vexpl"><b>Select which type of queueing you would like to use</b></span>
574			<?php if (is_array($config['shaper']['queue']) > 0): ?>
575			<script language="javascript" type="text/javascript">
576			document.iform.schedulertype.disabled = 1;
577			</script>
578			<br />
579			NOTE: This option is disabled since there are queues defined.
580			<?php endif; ?>
581			</td>
582			</tr>
583	a48aec0a	Bill Marquette	-->
584	9ecd6ab7	Erik Kristensen	<tr>
585			<td width="22%" valign="top" class="vncell">Firewall Optimization Options</td>
586			<td width="78%" class="vtable">
587			<select onChange="update_description(this.selectedIndex);" name="optimization" id="optimization">
588			<option value="normal"<?php if($config['system']['optimization']=="normal") echo " selected"; ?>>normal</option>
589			<option value="high-latency"<?php if($config['system']['optimization']=="high-latency") echo " selected"; ?>>high-latency</option>
590			<option value="aggressive"<?php if($config['system']['optimization']=="aggressive") echo " selected"; ?>>aggressive</option>
591			<option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>>conservative</option>
592			</select>
593			<br />
594	d4fddf14	Scott Ullrich	<textarea cols="60" rows="2" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
595	9ecd6ab7	Erik Kristensen	<script language="javascript" type="text/javascript">
596			update_description(document.forms[0].optimization.selectedIndex);
597			</script>
598			<br />
599			<span class="vexpl"><b>Select which type of state table optimization your would like to use</b></span>
600			</td>
601			</tr>
602			<tr>
603			<td width="22%" valign="top" class="vncell">Disable Firewall</td>
604			<td width="78%" class="vtable">
605			<input name="disablefilter" type="checkbox" id="disablefilter" value="yes" <?php if (isset($config['system']['disablefilter'])) echo "checked"; ?> onclick="enable_change(false)" />
606			<strong>Disable the firewalls filter altogether.</strong>
607			<br />
608	8d0abf6b	Scott Ullrich	<span class="vexpl">Note: This basically converts pfSense into a routing only platform!<br>
609			Note: This will turn off NAT!
610			</span>
611	9ecd6ab7	Erik Kristensen	</td>
612			</tr>
613			<tr>
614			<td width="22%" valign="top" class="vncell">Firewall Maximum States</td>
615			<td width="78%" class="vtable">
616			<input name="maximumstates" type="text" id="maximumstates" value="<?php echo $pconfig['maximumstates']; ?>" onclick="enable_change(false)" />
617			<br />
618			<strong>Maximum number of connections to hold in the firewall state table.</strong>
619			<br />
620			<span class="vexpl">Note: Leave this blank for the default of 10000</span>
621			</td>
622			</tr>
623	a9b19d7f	Scott Ullrich
624			<tr>
625			<td colspan="2" class="list" height="12"> </td>
626			</tr>
627			<tr>
628			<td colspan="2" valign="top" class="listtopic">Network Address Translation</td>
629			</tr>
630			<tr>
631	1b45d566	Scott Ullrich	<td width="22%" valign="top" class="vncell">Disable NAT Reflection</td>
632	a9b19d7f	Scott Ullrich	<td width="78%" class="vtable">
633			<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> onclick="enable_change(false)" />
634	85c4dee1	Scott Ullrich	<strong>Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks</strong>
635	a9b19d7f	Scott Ullrich	</td>
636			</tr>
637
638	9ecd6ab7	Erik Kristensen	<tr>
639			<td width="22%" valign="top"> </td>
640			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
641			</tr>
642			<tr>
643			<td colspan="2" class="list" height="12"> </td>
644			</tr>
645			</tbody>
646			</table>
647	5b237745	Scott Ullrich	</form>
648	9ecd6ab7	Erik Kristensen
649			<script language="JavaScript" type="text/javascript">
650	5b237745	Scott Ullrich	<!--
651	9ecd6ab7	Erik Kristensen	enable_change(false);
652			//enable_altfirmwareurl(false);
653			//enable_altpkgconfigurl(false);
654	5b237745	Scott Ullrich	//-->
655			</script>
656	9ecd6ab7	Erik Kristensen
657	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
658	9ecd6ab7	Erik Kristensen
659	8affb1da	Scott Ullrich	<?php
660
661			function auto_login($status) {
662	02adef9e	Scott Ullrich	$gettytab = file_get_contents("/etc/gettytab");
663	8affb1da	Scott Ullrich	$getty_split = split("\n", $gettytab);
664			conf_mount_rw();
665			$fd = fopen("/etc/gettytab", "w");
666			foreach($getty_split as $gs) {
667			if(stristr($gs, "cb:ce:ck:lc") == true) {
668			if($status == true) {
669	a2100503	Scott Ullrich	fwrite($fd, ":cb:ce:ck:lc:fd#1000:im=\\r\\n%s/%m (%h) (%t)\\r\\n\\r\\n:sp#1200:\\\n");
670	8affb1da	Scott Ullrich	} else {
671	a421e5c8	Scott Ullrich	fwrite($fd, ":al=root:cb:ce:ck:lc:fd#1000:im=\\r\\n%s/%m (%h) (%t)\\r\\n\\r\\n:sp#1200:\\\n");
672	8affb1da	Scott Ullrich	}
673			} else {
674			fwrite($fd, "{$gs}\n");
675			}
676			}
677			fclose($fd);
678			conf_mount_ro();
679			}
680
681			?>
682	5b237745	Scott Ullrich	</body>
683			</html>

Project

General

Profile

pfSense