/usr/local/www/system_advanced.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced.php @ 15173791

1	13128695	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	aa9e7aaa	Scott Ullrich	system_advanced.php
5	416ed28d	Scott Ullrich	part of pfSense
6	aa9e7aaa	Scott Ullrich	Copyright (C) 2005-2007 Scott Ullrich
7	13128695	Scott Ullrich
8	416ed28d	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	13128695	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	13128695	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	13128695	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	13128695	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34			require("guiconfig.inc");
35
36	35284e50	Scott Ullrich	$pconfig['disablefilter'] = $config['system']['disablefilter'];
37	38560a25	Bill Marquette	$pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
38	8f498445	Scott Ullrich	$pconfig['scrubnodf'] = $config['system']['scrubnodf'];
39	5b237745	Scott Ullrich	$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
40			$pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr'];
41			$pconfig['cert'] = base64_decode($config['system']['webgui']['certificate']);
42			$pconfig['key'] = base64_decode($config['system']['webgui']['private-key']);
43			$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
44	c11e337b	Scott Ullrich	$pconfig['harddiskstandby'] = $config['system']['harddiskstandby'];
45	5b237745	Scott Ullrich	$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
46	3962b070	Scott Ullrich	$pconfig['filteringbridge_enable'] = isset($config['bridge']['filteringbridge']);
47	5b237745	Scott Ullrich	$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
48	351217ed	Scott Ullrich	$pconfig['maximumstates'] = $config['system']['maximumstates'];
49	68bf6021	Scott Ullrich	$pconfig['disablerendevouz'] = $config['system']['disablerendevouz'];
50	2f810bc1	Scott Ullrich	$pconfig['enableserial'] = $config['system']['enableserial'];
51	5c50ae40	Scott Ullrich	$pconfig['disablefirmwarecheck'] = isset($config['system']['disablefirmwarecheck']);
52	d5967a9a	Scott Ullrich	$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
53	59d09874	Scott Ullrich	$pconfig['enablesshd'] = $config['system']['enablesshd'];
54	74806cee	Seth Mos	$pconfig['sshport'] = $config['system']['ssh']['port'];
55	243aa7b9	Scott Ullrich	$pconfig['sharednet'] = $config['system']['sharednet'];
56	8d36fd1d	Scott Ullrich	$pconfig['polling_enable'] = isset($config['system']['polling']);
57	bdac13de	Scott Ullrich	$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
58	a9b19d7f	Scott Ullrich	$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
59	1c5ca2e9	Scott Ullrich	$pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']);
60	ff091d96	Scott Ullrich	$pconfig['disablescrub'] = isset($config['system']['disablescrub']);
61	81a6f5ea	Scott Ullrich	$pconfig['shapertype'] = $config['system']['shapertype'];
62	9534ea8b	Scott Ullrich	$pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']);
63	a9b19d7f	Scott Ullrich
64	5b237745	Scott Ullrich	if ($_POST) {
65
66			unset($input_errors);
67			$pconfig = $_POST;
68
69			/* input validation */
70			if ($_POST['ipv6nat_enable'] && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
71			$input_errors[] = "You must specify an IP address to NAT IPv6 packets.";
72			}
73	351217ed	Scott Ullrich	if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
74			$input_errors[] = "The Firewall Maximum States value must be an integer.";
75			}
76	5b237745	Scott Ullrich	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
77			$input_errors[] = "The TCP idle timeout must be an integer.";
78			}
79			if (($_POST['cert'] && !$_POST['key']) \|\| ($_POST['key'] && !$_POST['cert'])) {
80			$input_errors[] = "Certificate and key must always be specified together.";
81			} else if ($_POST['cert'] && $_POST['key']) {
82			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
83			$input_errors[] = "This certificate does not appear to be valid.";
84			if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
85			$input_errors[] = "This key does not appear to be valid.";
86	a509ff63	Bill Marquette	if ($_POST['altfirmwareurl'])
87			if ($_POST['firmwareurl'] == "" \|\| $_POST['firmwarename'] == "")
88			$input_errors[] = "You must specify a base URL and a filename for the alternate firmware.";
89	66f481cc	Colin Smith	if ($_POST['altpkgconfigurl'])
90			if ($_POST['pkgconfig_base_url'] == "" \|\| $_POST['pkgconfig_filename'] == "")
91			$input_errors[] = "You must specifiy and base URL and a filename before using an alternate pkg_config.xml.";
92	5b237745	Scott Ullrich	}
93	e52f293f	Scott Ullrich	if ($_POST['maximumstates'] <> "") {
94			if ($_POST['maximumstates'] < 1000)
95			$input_errors[] = "States must be above 1000 and below 100000000";
96			if ($_POST['maximumstates'] > 100000000)
97			$input_errors[] = "States must be above 1000 and below 100000000";
98			}
99	74806cee	Seth Mos	if ($_POST['sshport'] <> "") {
100			if( ! is_port($_POST['sshport'])) {
101			$input_errors[] = "You must specify a valid port number";
102			}
103			}
104
105	5b237745	Scott Ullrich	}
106	b63695db	Scott Ullrich
107	aa9e7aaa	Scott Ullrich	if ($_POST) {
108			ob_flush();
109			flush();
110			if (!$input_errors) {
111			if($_POST['disablefilter'] == "yes") {
112			$config['system']['disablefilter'] = "enabled";
113			} else {
114			unset($config['system']['disablefilter']);
115			}
116			if($_POST['enablesshd'] == "yes") {
117			$config['system']['enablesshd'] = "enabled";
118			touch("{$g['tmp_path']}/start_sshd");
119			} else {
120			unset($config['system']['enablesshd']);
121			mwexec("/usr/bin/killall sshd");
122			}
123			$oldsshport = $config['system']['ssh']['port'];
124			$config['system']['ssh']['port'] = $_POST['sshport'];
125
126			if($_POST['polling_enable'] == "yes") {
127			$config['system']['polling'] = true;
128			setup_polling();
129			} else {
130			unset($config['system']['polling']);
131			setup_polling();
132			}
133
134	9534ea8b	Scott Ullrich	if($_POST['lb_use_sticky'] == "yes")
135			$config['system']['lb_use_sticky'] = true;
136			else
137			unset($config['system']['lb_use_sticky']);
138
139	aa9e7aaa	Scott Ullrich	if($_POST['sharednet'] == "yes") {
140			$config['system']['sharednet'] = true;
141			system_disable_arp_wrong_if();
142			} else {
143			unset($config['system']['sharednet']);
144			system_enable_arp_wrong_if();
145			}
146
147			if($_POST['scrubnodf'] == "yes")
148			$config['system']['scrubnodf'] = "enabled";
149			else
150			unset($config['system']['scrubnodf']);
151
152			if($_POST['rfc959workaround'] == "yes")
153			$config['system']['rfc959workaround'] = "enabled";
154			else
155			unset($config['system']['rfc959workaround']);
156
157			if($_POST['ipv6nat_enable'] == "yes") {
158			$config['diag']['ipv6nat']['enable'] = true;
159			$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
160			} else {
161			unset($config['diag']['ipv6nat']['enable']);
162			unset($config['diag']['ipv6nat']['ipaddr']);
163			}
164			$oldcert = $config['system']['webgui']['certificate'];
165			$oldkey = $config['system']['webgui']['private-key'];
166			$config['system']['webgui']['certificate'] = base64_encode($_POST['cert']);
167			$config['system']['webgui']['private-key'] = base64_encode($_POST['key']);
168			if($_POST['disableconsolemenu'] == "yes") {
169			$config['system']['disableconsolemenu'] = true;
170			auto_login(true);
171			} else {
172			unset($config['system']['disableconsolemenu']);
173			auto_login(false);
174			}
175			unset($config['system']['webgui']['expanddiags']);
176			$config['system']['optimization'] = $_POST['optimization'];
177
178			if($_POST['disablefirmwarecheck'] == "yes")
179			$config['system']['disablefirmwarecheck'] = true;
180			else
181			unset($config['system']['disablefirmwarecheck']);
182
183			if ($_POST['enableserial'] == "yes")
184			$config['system']['enableserial'] = true;
185			else
186			unset($config['system']['enableserial']);
187
188			if($_POST['harddiskstandby'] <> "") {
189			$config['system']['harddiskstandby'] = $_POST['harddiskstandby'];
190			system_set_harddisk_standby();
191			} else
192			unset($config['system']['harddiskstandby']);
193
194			if ($_POST['noantilockout'] == "yes")
195			$config['system']['webgui']['noantilockout'] = true;
196			else
197			unset($config['system']['webgui']['noantilockout']);
198
199			/* Firewall and ALTQ options */
200			$config['system']['maximumstates'] = $_POST['maximumstates'];
201
202			if($_POST['enablesshd'] == "yes") {
203			$config['system']['enablesshd'] = $_POST['enablesshd'];
204			} else {
205			unset($config['system']['enablesshd']);
206			}
207
208			if($_POST['disablechecksumoffloading'] == "yes") {
209			$config['system']['disablechecksumoffloading'] = $_POST['disablechecksumoffloading'];
210			} else {
211			unset($config['system']['disablechecksumoffloading']);
212			}
213
214	ff091d96	Scott Ullrich	if($_POST['disablescrub'] == "yes") {
215			$config['system']['disablescrub'] = $_POST['disablescrub'];
216			} else {
217			unset($config['system']['disablescrub']);
218			}
219
220	aa9e7aaa	Scott Ullrich	if($_POST['disablenatreflection'] == "yes") {
221			$config['system']['disablenatreflection'] = $_POST['disablenatreflection'];
222			} else {
223			unset($config['system']['disablenatreflection']);
224			}
225
226	81a6f5ea	Scott Ullrich	// Traffic shaper
227			$config['system']['shapertype'] = $_POST['shapertype'];
228
229	aa9e7aaa	Scott Ullrich	$config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false;
230			$config['bridge']['filteringbridge'] = $_POST['filteringbridge_enable'] ? true : false;
231			$config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'] ? true : false;
232
233			write_config();
234
235			$retval = 0;
236			config_lock();
237			$retval = filter_configure();
238			if(stristr($retval, "error") <> true)
239			$savemsg = get_std_save_message($retval);
240			else
241			$savemsg = $retval;
242
243			config_unlock();
244
245			setup_filter_bridge();
246
247			conf_mount_rw();
248
249			setup_serial_port();
250
251			setup_filter_bridge();
252
253			conf_mount_ro();
254
255
256			}
257			}
258
259	b63695db	Scott Ullrich	$pgtitle = "System: Advanced functions";
260			include("head.inc");
261
262	5b237745	Scott Ullrich	?>
263	b63695db	Scott Ullrich
264	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
265	9ecd6ab7	Erik Kristensen
266	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
267	74f446e8	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
268	9ecd6ab7	Erik Kristensen	<form action="system_advanced.php" method="post" name="iform" id="iform">
269			<?php if ($input_errors) print_input_errors($input_errors); ?>
270			<?php if ($savemsg) print_info_box($savemsg); ?>
271			<p><span class="vexpl"><span class="red"><strong>Note: </strong></span>the options on this page are intended for use by advanced users only.</span></p>
272			<br />
273	416ed28d	Scott Ullrich
274	9ecd6ab7	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
275			<tbody>
276	dbb0b7d6	Holger Bauer	<?php if($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom"): ?>
277	9ecd6ab7	Erik Kristensen	<tr>
278			<td colspan="2" valign="top" class="listtopic">Enable Serial Console</td>
279			</tr>
280			<tr>
281			<td width="22%" valign="top" class="vncell"> </td>
282			<td width="78%" class="vtable">
283			<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked"; ?> onclick="enable_change(false)" />
284			<strong>This will enable the first serial port with 9600/8/N/1</strong>
285	b8467d8e	Scott Ullrich	<br>
286	3446ca38	Scott Ullrich	<span class="vexpl">Note: This will disable the internal video card/keyboard</span>
287	9ecd6ab7	Erik Kristensen	</td>
288			</tr>
289			<tr>
290			<td width="22%" valign="top"> </td>
291			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
292			</tr>
293			</tr>
294			<tr>
295			<td colspan="2" class="list" height="12"></td>
296	48ce54d0	Scott Ullrich	</tr>
297	0831bc86	Scott Ullrich	<?php endif; ?>
298	9ecd6ab7	Erik Kristensen	<tr>
299			<td colspan="2" valign="top" class="listtopic">Secure Shell</td>
300			</tr>
301			<tr>
302			<td width="22%" valign="top" class="vncell"> </td>
303			<td width="78%" class="vtable">
304			<input name="enablesshd" type="checkbox" id="enablesshd" value="yes" <?php if (isset($pconfig['enablesshd'])) echo "checked"; ?> onclick="enable_change(false)" />
305			<strong>Enable Secure Shell</strong>
306			</td>
307			</tr>
308	74806cee	Seth Mos	<tr>
309			<td width="22%" valign="top" class="vncell">SSH port</td>
310			<td width="78%" class="vtable">
311			<input name="sshport" type="text" id="sshport" value="<?php echo $pconfig['sshport']; ?>" onclick="enable_change(false)" />
312			<br />
313			<span class="vexpl">Note: Leave this blank for the default of 22</span>
314			</td>
315			</tr>
316	9ecd6ab7	Erik Kristensen	<tr>
317			<td width="22%" valign="top"> </td>
318			<td width="78%">
319			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
320			</td>
321			</tr>
322			<tr>
323			<td colspan="2" class="list" height="12"> </td>
324	48ce54d0	Scott Ullrich	</tr>
325	9ecd6ab7	Erik Kristensen	<tr>
326			<td colspan="2" valign="top" class="listtopic">Shared Physical Network</td>
327			</tr>
328			<tr>
329			<td width="22%" valign="top" class="vncell"> </td>
330			<td width="78%" class="vtable">
331			<input name="sharednet" type="checkbox" id="sharednet" value="yes" <?php if (isset($pconfig['sharednet'])) echo "checked"; ?> onclick="enable_change(false)" />
332	3d0d1aa8	Colin Smith	<strong>This will suppress ARP messages when interfaces share the same physical network</strong>
333	9ecd6ab7	Erik Kristensen	</td>
334			</tr>
335			<tr>
336			<td width="22%" valign="top"> </td>
337			<td width="78%">
338			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
339			</td>
340			</tr>
341			<tr>
342			<td colspan="2" class="list" height="12"> </td>
343			</tr>
344			<tr>
345			<td colspan="2" valign="top" class="listtopic">IPv6 tunneling</td>
346			</tr>
347			<tr>
348			<td width="22%" valign="top" class="vncell"> </td>
349			<td width="78%" class="vtable">
350			<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?php if ($pconfig['ipv6nat_enable']) echo "checked"; ?> onclick="enable_change(false)" />
351			<strong>NAT encapsulated IPv6 packets (IP protocol 41/RFC2893) to:</strong>
352			<br /> <br />
353			<input name="ipv6nat_ipaddr" type="text" class="formfld" id="ipv6nat_ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipv6nat_ipaddr']);?>" />
354			(IP address)<span class="vexpl"><br /> Don't forget to add a firewall rule to permit IPv6 packets!</span>
355			</td>
356			</tr>
357	b0703b01	Scott Ullrich	<tr>
358			<td colspan="2" class="list" height="12"> </td>
359	48ce54d0	Scott Ullrich	</tr>
360	02f0c58f	Scott Ullrich	<tr>
361			<td colspan="2" valign="top" class="listtopic">Filtering Bridge</td>
362			</tr>
363	48ce54d0	Scott Ullrich	<tr>
364	3962b070	Scott Ullrich	<td width="22%" valign="top" class="vncell"> </td>
365	48ce54d0	Scott Ullrich	<td width="78%" class="vtable">
366	3962b070	Scott Ullrich	<input name="filteringbridge_enable" type="checkbox" id="filteringbridge_enable" value="yes" <?php if ($pconfig['filteringbridge_enable']) echo "checked"; ?>>
367			<strong>Enable filtering bridge</strong><span class="vexpl"><br>
368	48ce54d0	Scott Ullrich	This will cause bridged packets to pass through the packet
369			filter in the same way as routed packets do (by default bridged
370			packets are always passed). If you enable this option, you'll
371			have to add filter rules to selectively permit traffic from
372	3962b070	Scott Ullrich	bridged interfaces.</span></td>
373	48ce54d0	Scott Ullrich	</tr>
374	9ecd6ab7	Erik Kristensen	<tr>
375			<td width="22%" valign="top"> </td>
376			<td width="78%">
377			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
378			</td>
379			</tr>
380			<tr>
381			<td colspan="2" class="list" height="12"> </td>
382			</tr>
383			<tr>
384			<td colspan="2" valign="top" class="listtopic">webGUI SSL certificate/key</td>
385			</tr>
386			<tr>
387			<td width="22%" valign="top" class="vncell">Certificate</td>
388			<td width="78%" class="vtable">
389			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
390			<br />
391			Paste a signed certificate in X.509 PEM format here. <a href="javascript:if(openwindow('system_advanced_create_certs.php') == false) alert('Popup blocker detected. Action aborted.');" >Create</a> certificates automatically.
392			</td>
393			</tr>
394			<tr>
395			<td width="22%" valign="top" class="vncell">Key</td>
396			<td width="78%" class="vtable">
397			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
398			<br />
399			Paste an RSA private key in PEM format here.
400			</td>
401			</tr>
402			<tr>
403			<td width="22%" valign="top"> </td>
404			<td width="78%">
405			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
406			</td>
407			</tr>
408			<tr>
409			<td colspan="2" class="list" height="12"> </td>
410			</tr>
411	9534ea8b	Scott Ullrich
412			<tr>
413			<td colspan="2" valign="top" class="listtopic">Load Balancing</td>
414			</tr>
415			<tr>
416			<td width="22%" valign="top" class="vncell">Load Balancing</td>
417			<td width="78%" class="vtable">
418			<input name="lb_use_sticky" type="checkbox" id="lb_use_sticky" value="yes" <?php if ($pconfig['lb_use_sticky']) echo "checked=\"checked\""; ?> />
419			<strong>Use sticky connections</strong>
420			<br />
421			<span class="vexpl">
422			Successive connections will be redirected to the servers in a round-robin manner with connections from the same source being sent to the same web server. This \"sticky connection\" will exist as long as there are states that refer to this connection. Once the states expire, so will the sticky connection. Further connections from that host will be redirected to the next web server in the round robin.
423			</span>
424			</td>
425			</tr>
426			<tr>
427			<td width="22%" valign="top"> </td>
428			<td width="78%">
429			<input type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
430			</td>
431			</tr>
432			<tr>
433			<td colspan="2" class="list" height="12"> </td>
434			</tr>
435
436	9ecd6ab7	Erik Kristensen	<tr>
437			<td colspan="2" valign="top" class="listtopic">Miscellaneous</td>
438			</tr>
439	8d36fd1d	Scott Ullrich
440	9534ea8b	Scott Ullrich	<tr>
441			<td colspan="2" class="list" height="12"> </td>
442			</tr>
443
444
445	8d36fd1d	Scott Ullrich	<tr>
446			<td width="22%" valign="top" class="vncell">Device polling</td>
447			<td width="78%" class="vtable">
448			<input name="polling_enable" type="checkbox" id="polling_enable" value="yes" <?php if ($pconfig['polling_enable']) echo "checked"; ?>>
449			<strong>Use device polling</strong><br>
450			Device polling is a technique that lets the system periodically poll network devices for new
451			data instead of relying on interrupts. This can reduce CPU load and therefore increase
452			throughput, at the expense of a slightly higher forwarding delay (the devices are polled 1000 times
453	dabf1d2d	Scott Ullrich	per second). Not all NICs support polling; see the pfSense homepage for a list of supported cards.
454	8d36fd1d	Scott Ullrich	</td>
455			</tr>
456	48ce54d0	Scott Ullrich
457	9ecd6ab7	Erik Kristensen	<tr>
458			<td width="22%" valign="top" class="vncell">Console menu </td>
459			<td width="78%" class="vtable">
460			<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked"; ?> />
461			<strong>Disable console menu</strong>
462			<br />
463			<span class="vexpl">Changes to this option will take effect after a reboot.</span>
464			</td>
465			</tr>
466	48ce54d0	Scott Ullrich	<?php if($g['platform'] == "pfSenseDISABLED"): ?>
467	a509ff63	Bill Marquette	<tr>
468	9ecd6ab7	Erik Kristensen	<td width="22%" valign="top" class="vncell">Hard disk standby time </td>
469			<td width="78%" class="vtable">
470			<select name="harddiskstandby" class="formfld">
471			<?php
472			## Values from ATA-2 http://www.t13.org/project/d0948r3-ATA-2.pdf (Page 66)
473			$sbvals = explode(" ", "0.5,6 1,12 2,24 3,36 4,48 5,60 7.5,90 10,120 15,180 20,240 30,241 60,242");
474			?>
475			<option value="" <?php if(!$pconfig['harddiskstandby']) echo('selected');?>>Always on</option>
476			<?php
477	5b237745	Scott Ullrich	foreach ($sbvals as $sbval):
478			list($min,$val) = explode(",", $sbval); ?>
479	9ecd6ab7	Erik Kristensen	<option value="<?=$val;?>" <?php if($pconfig['harddiskstandby'] == $val) echo('selected');?>><?=$min;?> minutes</option>
480			<?php endforeach; ?>
481			</select>
482			<br />
483			Puts the hard disk into standby mode when the selected amount of time after the last
484			access has elapsed. <em>Do not set this for CF cards.</em>
485			</td>
486			</tr>
487	48ce54d0	Scott Ullrich	<?php endif; ?>
488	9ecd6ab7	Erik Kristensen	<tr>
489			<td width="22%" valign="top" class="vncell">webGUI anti-lockout</td>
490			<td width="78%" class="vtable">
491			<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked"; ?> />
492			<strong>Disable webGUI anti-lockout rule</strong>
493			<br />
494	48ce54d0	Scott Ullrich	By default, access to the webGUI on the LAN interface is always permitted, regardless of the user-defined filter
495			rule set. Enable this feature to control webGUI access (make sure to have a filter rule in place that allows you
496	9ecd6ab7	Erik Kristensen	in, or you will lock yourself out!).
497			<br />
498			Hint: the "set LAN IP address" option in the console menu resets this setting as well.
499			</td>
500			</tr>
501	bdac13de	Scott Ullrich	<tr>
502			<td width="22%" valign="top" class="vncell">Static route filtering</td>
503			<td width="78%" class="vtable">
504			<input name="bypassstaticroutes" type="checkbox" id="bypassstaticroutes" value="yes" <?php if ($pconfig['bypassstaticroutes']) echo "checked"; ?> />
505			<strong>Bypass firewall rules for traffic on the same interface</strong>
506			<br />
507	48ce54d0	Scott Ullrich	This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and
508			leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where
509	bdac13de	Scott Ullrich	multiple subnets are connected to the same interface.
510			<br />
511			</td>
512			</tr>
513	9ecd6ab7	Erik Kristensen	<tr>
514			<td width="22%" valign="top" class="vncell">IPsec SA preferral</td>
515			<td width="78%" class="vtable">
516			<input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked"; ?> />
517			<strong>Prefer old IPsec SAs</strong>
518			<br />
519			By default, if several SAs match, the newest one is preferred if it's at least 30 seconds old.Select this option to always prefer old SAs over new ones.
520			</td>
521	48ce54d0	Scott Ullrich	</tr>
522	9ecd6ab7	Erik Kristensen	<tr>
523			<td width="22%" valign="top"> </td>
524			<td width="78%">
525			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
526			</td>
527			</tr>
528			<tr>
529			<td colspan="2" class="list" height="12"> </td>
530			</tr>
531			<tr>
532			<td colspan="2" valign="top" class="listtopic">Traffic Shaper and Firewall Advanced</td>
533			</tr>
534	073abaa6	Scott Ullrich	<?php
535			/*
536	81a6f5ea	Scott Ullrich	<tr>
537			<td width="22%" valign="top" class="vncell">Traffic shaper type</td>
538			<td width="78%" class="vtable">
539			<select name="shapertype" class="formselect">
540			<option value="pfSense"<?php if($pconfig['shapertype'] == 'pfSense') echo " selected"; ?>><?= $g['product_name'] ?> (ALTQ)</option>
541			<option value="m0n0"<?php if($pconfig['shapertype'] == 'm0n0') echo " selected"; ?>>M0n0wall (dummynet)</option>
542			</select>
543			</td>
544			</tr>
545	073abaa6	Scott Ullrich	*/
546			?>
547	9ecd6ab7	Erik Kristensen	<tr>
548			<td width="22%" valign="top" class="vncell">FTP RFC 959 data port violation workaround</td>
549			<td width="78%" class="vtable">
550			<input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> onclick="enable_change(false)" />
551			<strong class="vexpl">Workaround for sites that violate RFC 959 which specifies that the data connection be sourced from the command port - 1 (typically port 20). This workaround doesn't expose you to any extra risk as the firewall will still only allow connections on a port that the ftp-proxy is listening on.</strong>
552			<br />
553			</td>
554			</tr>
555	8f498445	Scott Ullrich	<tr>
556			<td width="22%" valign="top" class="vncell">Clear DF bit instead of dropping</td>
557			<td width="78%" class="vtable">
558			<input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked"; ?> onclick="enable_change(false)" />
559			<strong class="vexpl">Workaround for operating systems that generate fragmented packets with the don't fragment (DF) bit set. Linux NFS is known to do this. This will cause the filter to not drop such packets but instead clear the don't fragment bit. The filter will also randomize the IP identification field of outgoing packets with this option on, to compensate for operating systems that set the DF bit but set a zero IP identification header field.</strong>
560			<br />
561			</td>
562			</tr>
563	9ecd6ab7	Erik Kristensen	<tr>
564			<td width="22%" valign="top" class="vncell">Firewall Optimization Options</td>
565			<td width="78%" class="vtable">
566			<select onChange="update_description(this.selectedIndex);" name="optimization" id="optimization">
567			<option value="normal"<?php if($config['system']['optimization']=="normal") echo " selected"; ?>>normal</option>
568			<option value="high-latency"<?php if($config['system']['optimization']=="high-latency") echo " selected"; ?>>high-latency</option>
569			<option value="aggressive"<?php if($config['system']['optimization']=="aggressive") echo " selected"; ?>>aggressive</option>
570			<option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>>conservative</option>
571			</select>
572			<br />
573	d4fddf14	Scott Ullrich	<textarea cols="60" rows="2" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
574	9ecd6ab7	Erik Kristensen	<script language="javascript" type="text/javascript">
575			update_description(document.forms[0].optimization.selectedIndex);
576			</script>
577			<br />
578			<span class="vexpl"><b>Select which type of state table optimization your would like to use</b></span>
579			</td>
580			</tr>
581			<tr>
582			<td width="22%" valign="top" class="vncell">Disable Firewall</td>
583			<td width="78%" class="vtable">
584			<input name="disablefilter" type="checkbox" id="disablefilter" value="yes" <?php if (isset($config['system']['disablefilter'])) echo "checked"; ?> onclick="enable_change(false)" />
585			<strong>Disable the firewalls filter altogether.</strong>
586			<br />
587	8d0abf6b	Scott Ullrich	<span class="vexpl">Note: This basically converts pfSense into a routing only platform!<br>
588			Note: This will turn off NAT!
589			</span>
590	9ecd6ab7	Erik Kristensen	</td>
591			</tr>
592	ff091d96	Scott Ullrich	<tr>
593			<td width="22%" valign="top" class="vncell">Disable Firewall Scrub</td>
594			<td width="78%" class="vtable">
595			<input name="disablescrub" type="checkbox" id="disablescrub" value="yes" <?php if (isset($config['system']['disablescrub'])) echo "checked"; ?> onclick="enable_change(false)" />
596			<strong>Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.</strong>
597			<br/>
598			Click <a href='http://www.openbsd.org/faq/pf/scrub.html' target='_new'>here</a> for more information.
599			</td>
600			</tr>
601	9ecd6ab7	Erik Kristensen	<tr>
602			<td width="22%" valign="top" class="vncell">Firewall Maximum States</td>
603			<td width="78%" class="vtable">
604			<input name="maximumstates" type="text" id="maximumstates" value="<?php echo $pconfig['maximumstates']; ?>" onclick="enable_change(false)" />
605			<br />
606			<strong>Maximum number of connections to hold in the firewall state table.</strong>
607			<br />
608			<span class="vexpl">Note: Leave this blank for the default of 10000</span>
609			</td>
610			</tr>
611	a9b19d7f	Scott Ullrich	<tr>
612	b5675af6	Scott Ullrich	<td width="22%" valign="top"> </td>
613			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
614	a9b19d7f	Scott Ullrich	</tr>
615	b5675af6	Scott Ullrich	<tr>
616			<td colspan="2" class="list" height="12"> </td>
617	48ce54d0	Scott Ullrich	</tr>
618	a9b19d7f	Scott Ullrich	<tr>
619			<td colspan="2" valign="top" class="listtopic">Network Address Translation</td>
620			</tr>
621			<tr>
622	1b45d566	Scott Ullrich	<td width="22%" valign="top" class="vncell">Disable NAT Reflection</td>
623	a9b19d7f	Scott Ullrich	<td width="78%" class="vtable">
624			<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> onclick="enable_change(false)" />
625	3a9ba28f	Scott Ullrich	<strong>Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks. Note: Reflection only works on port forward type items and does not work for large ranges > 500 ports.</strong>
626	a9b19d7f	Scott Ullrich	</td>
627			</tr>
628	d2eb5def	Scott Ullrich	<tr>
629			<td width="22%" valign="top"> </td>
630			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
631			</tr>
632			<tr>
633			<td colspan="2" class="list" height="12"> </td>
634			</tr>
635			<tr>
636			<td colspan="2" valign="top" class="listtopic">Hardware Checksum Offloading</td>
637			</tr>
638			<tr>
639			<td width="22%" valign="top" class="vncell">Disable Hardware Checksum Offloading</td>
640			<td width="78%" class="vtable">
641			<input name="disablechecksumoffloading" type="checkbox" id="disablechecksumoffloading" value="yes" <?php if (isset($config['system']['disablechecksumoffloading'])) echo "checked"; ?> onclick="enable_change(false)" />
642			<strong>Checking this option will prevent hardware checksum offloading. FreeBSD sometimes has difficulties with certain drivers.</strong>
643			</td>
644			</tr>
645	9ecd6ab7	Erik Kristensen	<tr>
646			<td width="22%" valign="top"> </td>
647			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
648			</tr>
649			<tr>
650			<td colspan="2" class="list" height="12"> </td>
651			</tr>
652			</tbody>
653			</table>
654	5b237745	Scott Ullrich	</form>
655	9ecd6ab7	Erik Kristensen
656			<script language="JavaScript" type="text/javascript">
657	5b237745	Scott Ullrich	<!--
658	9ecd6ab7	Erik Kristensen	enable_change(false);
659	5b237745	Scott Ullrich	//-->
660			</script>
661	9ecd6ab7	Erik Kristensen
662	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
663	9ecd6ab7	Erik Kristensen
664	a6318c60	Scott Ullrich	</body>
665			</html>
666
667	8affb1da	Scott Ullrich	<?php
668
669	04257637	Scott Ullrich	if (($config['system']['webgui']['certificate'] != $oldcert)
670			\|\| ($config['system']['webgui']['private-key'] != $oldkey)) {
671	72a58eed	Scott Ullrich	ob_flush();
672	a8b10422	Scott Ullrich	flush();
673			log_error("webConfigurator certificates have changed. Restarting webConfigurator.");
674			sleep(1);
675	04257637	Scott Ullrich	touch("/tmp/restart_webgui");
676			}
677
678	bdac13de	Scott Ullrich	?>

Project

General

Profile

pfSense