/usr/local/www/system_advanced_firewall.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced_firewall.php @ 3643958c

1	df81417f	Matthew Grooms	<?php
2			/* $Id$ */
3			/*
4			system_advanced_firewall.php
5			part of pfSense
6	dd447bde	Jim Thompson	Copyright (C) 2005-2007 Scott Ullrich
7	29aef6c4	Jim Thompson	Copyright (C) 2008 Shrew Soft Inc
8	6317d31d	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
9	df81417f	Matthew Grooms
10			originally part of m0n0wall (http://m0n0.ch/wall)
11			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
12			All rights reserved.
13
14			Redistribution and use in source and binary forms, with or without
15			modification, are permitted provided that the following conditions are met:
16
17			1. Redistributions of source code must retain the above copyright notice,
18			this list of conditions and the following disclaimer.
19
20			2. Redistributions in binary form must reproduce the above copyright
21			notice, this list of conditions and the following disclaimer in the
22			documentation and/or other materials provided with the distribution.
23
24			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
28			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33			POSSIBILITY OF SUCH DAMAGE.
34			*/
35	1d333258	Scott Ullrich	/*
36			pfSense_MODULE: system
37			*/
38	df81417f	Matthew Grooms
39			##\|+PRIV
40			##\|*IDENT=page-system-advanced-firewall
41			##\|*NAME=System: Advanced: Firewall and NAT page
42			##\|*DESCR=Allow access to the 'System: Advanced: Firewall and NAT' page.
43	7997ed44	Renato Botelho	##\|MATCH=system_advanced_firewall.php
44	df81417f	Matthew Grooms	##\|-PRIV
45
46			require("guiconfig.inc");
47	7a927e67	Scott Ullrich	require_once("functions.inc");
48			require_once("filter.inc");
49			require_once("shaper.inc");
50	df81417f	Matthew Grooms
51			$pconfig['disablefilter'] = $config['system']['disablefilter'];
52			$pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
53			$pconfig['scrubnodf'] = $config['system']['scrubnodf'];
54	2867fa7b	Ermal Luçi	$pconfig['scrubrnid'] = $config['system']['scrubrnid'];
55	df81417f	Matthew Grooms	$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
56			$pconfig['optimization'] = $config['filter']['optimization'];
57	11d1d64e	Ermal	$pconfig['adaptivestart'] = $config['system']['adaptivestart'];
58			$pconfig['adaptiveend'] = $config['system']['adaptiveend'];
59	df81417f	Matthew Grooms	$pconfig['maximumstates'] = $config['system']['maximumstates'];
60	ab3ab2ac	Renato Botelho	$pconfig['aliasesresolveinterval'] = $config['system']['aliasesresolveinterval'];
61			$old_aliasesresolveinterval = $config['system']['aliasesresolveinterval'];
62	6fab0f03	Renato Botelho	$pconfig['checkaliasesurlcert'] = isset($config['system']['checkaliasesurlcert']);
63	fb586a16	jim-p	$pconfig['maximumtableentries'] = $config['system']['maximumtableentries'];
64	9e8ce1e2	jim-p	$pconfig['maximumfrags'] = $config['system']['maximumfrags'];
65	f1beeba5	lgcosta	$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']);
66	9ae39b01	smos	$pconfig['disablenegate'] = isset($config['system']['disablenegate']);
67	6b4480dc	bcyrill	$pconfig['bogonsinterval'] = $config['system']['bogons']['interval'];
68	df81417f	Matthew Grooms	$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
69	40fa6dde	Erik Fonnesbeck	$pconfig['enablebinatreflection'] = $config['system']['enablebinatreflection'];
70	bff94015	Erik Fonnesbeck	$pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout'];
71	df81417f	Matthew Grooms	$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
72			$pconfig['disablescrub'] = isset($config['system']['disablescrub']);
73	1beafceb	Erik Fonnesbeck	$pconfig['tftpinterface'] = explode(",", $config['system']['tftpinterface']);
74	9a36dc9d	Ermal	$pconfig['disablevpnrules'] = isset($config['system']['disablevpnrules']);
75	87ca92d0	Chris Buechler	$pconfig['tcpfirsttimeout'] = $config['system']['tcpfirsttimeout'];
76			$pconfig['tcpopeningtimeout'] = $config['system']['tcpopeningtimeout'];
77			$pconfig['tcpestablishedtimeout'] = $config['system']['tcpestablishedtimeout'];
78			$pconfig['tcpclosingtimeout'] = $config['system']['tcpclosingtimeout'];
79			$pconfig['tcpfinwaittimeout'] = $config['system']['tcpfinwaittimeout'];
80			$pconfig['tcpclosedtimeout'] = $config['system']['tcpclosedtimeout'];
81			$pconfig['udpfirsttimeout'] = $config['system']['udpfirsttimeout'];
82			$pconfig['udpsingletimeout'] = $config['system']['udpsingletimeout'];
83			$pconfig['udpmultipletimeout'] = $config['system']['udpmultipletimeout'];
84			$pconfig['icmpfirsttimeout'] = $config['system']['icmpfirsttimeout'];
85			$pconfig['icmperrortimeout'] = $config['system']['icmperrortimeout'];
86			$pconfig['otherfirsttimeout'] = $config['system']['otherfirsttimeout'];
87			$pconfig['othersingletimeout'] = $config['system']['othersingletimeout'];
88			$pconfig['othermultipletimeout'] = $config['system']['othermultipletimeout'];
89	df81417f	Matthew Grooms
90			if ($_POST) {
91
92			unset($input_errors);
93	6a605eec	Renato Botelho	$pconfig = $_POST;
94	df81417f	Matthew Grooms
95			/* input validation */
96	11d1d64e	Ermal	if ((empty($_POST['adaptivestart']) && !empty($_POST['adaptiveend'])) \|\| (!empty($_POST['adaptivestart']) && empty($_POST['adaptiveend'])))
97			$input_errors[] = gettext("The Firewall Adaptive values must be set together.");
98			if (!empty($_POST['adaptivestart']) && !is_numericint($_POST['adaptivestart'])) {
99			$input_errors[] = gettext("The Firewall Adaptive Start value must be an integer.");
100			}
101			if (!empty($_POST['adaptiveend']) && !is_numericint($_POST['adaptiveend'])) {
102			$input_errors[] = gettext("The Firewall Adaptive End value must be an integer.");
103			}
104	df81417f	Matthew Grooms	if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
105	ca23c2f8	Renato Botelho	$input_errors[] = gettext("The Firewall Maximum States value must be an integer.");
106	df81417f	Matthew Grooms	}
107	ab3ab2ac	Renato Botelho	if ($_POST['aliasesresolveinterval'] && !is_numericint($_POST['aliasesresolveinterval'])) {
108			$input_errors[] = gettext("The Aliases Hostname Resolve Interval value must be an integer.");
109			}
110	fb586a16	jim-p	if ($_POST['maximumtableentries'] && !is_numericint($_POST['maximumtableentries'])) {
111			$input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer.");
112			}
113	9e8ce1e2	jim-p	if ($_POST['maximumfrags'] && !is_numericint($_POST['maximumfrags'])) {
114			$input_errors[] = gettext("The Firewall Maximum Fragment Entries value must be an integer.");
115			}
116	df81417f	Matthew Grooms	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
117	ca23c2f8	Renato Botelho	$input_errors[] = gettext("The TCP idle timeout must be an integer.");
118	df81417f	Matthew Grooms	}
119	bff94015	Erik Fonnesbeck	if ($_POST['reflectiontimeout'] && !is_numericint($_POST['reflectiontimeout'])) {
120			$input_errors[] = gettext("The Reflection timeout must be an integer.");
121			}
122	87ca92d0	Chris Buechler	if ($_POST['tcpfirsttimeout'] && !is_numericint($_POST['tcpfirsttimeout'])) {
123			$input_errors[] = gettext("The TCP first timeout value must be an integer.");
124			}
125			if ($_POST['tcpopeningtimeout'] && !is_numericint($_POST['tcpopeningtimeout'])) {
126			$input_errors[] = gettext("The TCP opening timeout value must be an integer.");
127			}
128			if ($_POST['tcpestablishedtimeout'] && !is_numericint($_POST['tcpestablishedtimeout'])) {
129			$input_errors[] = gettext("The TCP established timeout value must be an integer.");
130			}
131			if ($_POST['tcpclosingtimeout'] && !is_numericint($_POST['tcpclosingtimeout'])) {
132			$input_errors[] = gettext("The TCP closing timeout value must be an integer.");
133			}
134			if ($_POST['tcpfinwaittimeout'] && !is_numericint($_POST['tcpfinwaittimeout'])) {
135			$input_errors[] = gettext("The TCP FIN wait timeout value must be an integer.");
136			}
137			if ($_POST['tcpclosedtimeout'] && !is_numericint($_POST['tcpclosedtimeout'])) {
138			$input_errors[] = gettext("The TCP closed timeout value must be an integer.");
139			}
140			if ($_POST['udpfirsttimeout'] && !is_numericint($_POST['udpfirsttimeout'])) {
141			$input_errors[] = gettext("The UDP first timeout value must be an integer.");
142			}
143			if ($_POST['udpsingletimeout'] && !is_numericint($_POST['udpsingletimeout'])) {
144			$input_errors[] = gettext("The UDP single timeout value must be an integer.");
145			}
146			if ($_POST['udpmultipletimeout'] && !is_numericint($_POST['udpmultipletimeout'])) {
147			$input_errors[] = gettext("The UDP multiple timeout value must be an integer.");
148			}
149			if ($_POST['icmpfirsttimeout'] && !is_numericint($_POST['icmpfirsttimeout'])) {
150			$input_errors[] = gettext("The ICMP first timeout value must be an integer.");
151			}
152			if ($_POST['icmperrortimeout'] && !is_numericint($_POST['icmperrortimeout'])) {
153			$input_errors[] = gettext("The ICMP error timeout value must be an integer.");
154			}
155			if ($_POST['otherfirsttimeout'] && !is_numericint($_POST['otherfirsttimeout'])) {
156			$input_errors[] = gettext("The Other first timeout value must be an integer.");
157			}
158			if ($_POST['othersingletimeout'] && !is_numericint($_POST['othersingletimeout'])) {
159			$input_errors[] = gettext("The Other single timeout value must be an integer.");
160			}
161			if ($_POST['othermultipletimeout'] && !is_numericint($_POST['othermultipletimeout'])) {
162			$input_errors[] = gettext("The Other multiple timeout value must be an integer.");
163			}
164	df81417f	Matthew Grooms
165	db0aa52a	Renato Botelho	ob_flush();
166			flush();
167	df81417f	Matthew Grooms
168			if (!$input_errors) {
169
170			if($_POST['disablefilter'] == "yes")
171			$config['system']['disablefilter'] = "enabled";
172			else
173			unset($config['system']['disablefilter']);
174
175	9a36dc9d	Ermal	if($_POST['disablevpnrules'] == "yes")
176			$config['system']['disablevpnrules'] = true;
177			else
178			unset($config['system']['disablevpnrules']);
179	df81417f	Matthew Grooms	if($_POST['rfc959workaround'] == "yes")
180			$config['system']['rfc959workaround'] = "enabled";
181			else
182			unset($config['system']['rfc959workaround']);
183
184			if($_POST['scrubnodf'] == "yes")
185			$config['system']['scrubnodf'] = "enabled";
186			else
187			unset($config['system']['scrubnodf']);
188
189	2867fa7b	Ermal Luçi	if($_POST['scrubrnid'] == "yes")
190	db0aa52a	Renato Botelho	$config['system']['scrubrnid'] = "enabled";
191			else
192			unset($config['system']['scrubrnid']);
193	2867fa7b	Ermal Luçi
194	11d1d64e	Ermal	if (!empty($_POST['adaptiveend']))
195			$config['system']['adaptiveend'] = $_POST['adaptiveend'];
196	db0aa52a	Renato Botelho	else
197			unset($config['system']['adaptiveend']);
198	11d1d64e	Ermal	if (!empty($_POST['adaptivestart']))
199			$config['system']['adaptivestart'] = $_POST['adaptivestart'];
200	db0aa52a	Renato Botelho	else
201			unset($config['system']['adaptivestart']);
202	11d1d64e	Ermal
203	80dc15eb	Renato Botelho	if ($_POST['checkaliasesurlcert'] == "yes")
204	6fab0f03	Renato Botelho	$config['system']['checkaliasesurlcert'] = true;
205	08b861a8	Renato Botelho	else
206			unset($config['system']['checkaliasesurlcert']);
207
208	df81417f	Matthew Grooms	$config['system']['optimization'] = $_POST['optimization'];
209			$config['system']['maximumstates'] = $_POST['maximumstates'];
210	ab3ab2ac	Renato Botelho	$config['system']['aliasesresolveinterval'] = $_POST['aliasesresolveinterval'];
211	fb586a16	jim-p	$config['system']['maximumtableentries'] = $_POST['maximumtableentries'];
212	9e8ce1e2	jim-p	$config['system']['maximumfrags'] = $_POST['maximumfrags'];
213	df81417f	Matthew Grooms
214	87ca92d0	Chris Buechler	if (!empty($_POST['tcpfirsttimeout'])) {
215			$config['system']['tcpfirsttimeout'] = $_POST['tcpfirsttimeout'];
216			} else {
217			unset($config['system']['tcpfirsttimeout']);
218			}
219			if (!empty($_POST['tcpopeningtimeout'])) {
220			$config['system']['tcpopeningtimeout'] = $_POST['tcpopeningtimeout'];
221			} else {
222			unset($config['system']['tcpopeningtimeout']);
223			}
224			if (!empty($_POST['tcpestablishedtimeout'])) {
225			$config['system']['tcpestablishedtimeout'] = $_POST['tcpestablishedtimeout'];
226			} else {
227			unset($config['system']['tcpestablishedtimeout']);
228			}
229			if (!empty($_POST['tcpclosingtimeout'])) {
230			$config['system']['tcpclosingtimeout'] = $_POST['tcpclosingtimeout'];
231			} else {
232			unset($config['system']['tcpclosingtimeout']);
233			}
234			if (!empty($_POST['tcpfinwaittimeout'])) {
235			$config['system']['tcpfinwaittimeout'] = $_POST['tcpfinwaittimeout'];
236			} else {
237			unset($config['system']['tcpfinwaittimeout']);
238			}
239			if (!empty($_POST['tcpclosedtimeout'])) {
240			$config['system']['tcpclosedtimeout'] = $_POST['tcpclosedtimeout'];
241			} else {
242			unset($config['system']['tcpclosedtimeout']);
243			}
244			if (!empty($_POST['udpfirsttimeout'])) {
245			$config['system']['udpfirsttimeout'] = $_POST['udpfirsttimeout'];
246			} else {
247			unset($config['system']['udpfirsttimeout']);
248			}
249			if (!empty($_POST['udpsingletimeout'])) {
250			$config['system']['udpsingletimeout'] = $_POST['udpsingletimeout'];
251			} else {
252			unset($config['system']['udpsingletimeout']);
253			}
254			if (!empty($_POST['udpmultipletimeout'])) {
255			$config['system']['udpmultipletimeout'] = $_POST['udpmultipletimeout'];
256			} else {
257			unset($config['system']['udpmultipletimeout']);
258			}
259			if (!empty($_POST['icmpfirsttimeout'])) {
260			$config['system']['icmpfirsttimeout'] = $_POST['icmpfirsttimeout'];
261			} else {
262			unset($config['system']['icmpfirsttimeout']);
263			}
264			if (!empty($_POST['icmperrortimeout'])) {
265			$config['system']['icmperrortimeout'] = $_POST['icmperrortimeout'];
266			} else {
267			unset($config['system']['icmperrortimeout']);
268			}
269			if (!empty($_POST['otherfirsttimeout'])) {
270			$config['system']['otherfirsttimeout'] = $_POST['otherfirsttimeout'];
271			} else {
272			unset($config['system']['otherfirsttimeout']);
273			}
274			if (!empty($_POST['othersingletimeout'])) {
275			$config['system']['othersingletimeout'] = $_POST['othersingletimeout'];
276			} else {
277			unset($config['system']['othersingletimeout']);
278			}
279			if (!empty($_POST['othermultipletimeout'])) {
280			$config['system']['othermultipletimeout'] = $_POST['othermultipletimeout'];
281			} else {
282			unset($config['system']['othermultipletimeout']);
283			}
284
285	40fa6dde	Erik Fonnesbeck	if($_POST['natreflection'] == "proxy") {
286			unset($config['system']['disablenatreflection']);
287			unset($config['system']['enablenatreflectionpurenat']);
288			} else if($_POST['natreflection'] == "purenat") {
289	df81417f	Matthew Grooms	unset($config['system']['disablenatreflection']);
290	40fa6dde	Erik Fonnesbeck	$config['system']['enablenatreflectionpurenat'] = "yes";
291			} else {
292			$config['system']['disablenatreflection'] = "yes";
293			unset($config['system']['enablenatreflectionpurenat']);
294			}
295	9fc22c6f	Erik Fonnesbeck
296	40fa6dde	Erik Fonnesbeck	if($_POST['enablebinatreflection'] == "yes")
297	9fc22c6f	Erik Fonnesbeck	$config['system']['enablebinatreflection'] = "yes";
298	40fa6dde	Erik Fonnesbeck	else
299			unset($config['system']['enablebinatreflection']);
300	df81417f	Matthew Grooms
301	f1beeba5	lgcosta	if($_POST['disablereplyto'] == "yes")
302	db0aa52a	Renato Botelho	$config['system']['disablereplyto'] = $_POST['disablereplyto'];
303			else
304			unset($config['system']['disablereplyto']);
305	f1beeba5	lgcosta
306	9ae39b01	smos	if($_POST['disablenegate'] == "yes")
307	db0aa52a	Renato Botelho	$config['system']['disablenegate'] = $_POST['disablenegate'];
308			else
309			unset($config['system']['disablenegate']);
310	9ae39b01	smos
311	a2b6c52f	Erik Fonnesbeck	if($_POST['enablenatreflectionhelper'] == "yes")
312			$config['system']['enablenatreflectionhelper'] = "yes";
313			else
314			unset($config['system']['enablenatreflectionhelper']);
315
316	bff94015	Erik Fonnesbeck	$config['system']['reflectiontimeout'] = $_POST['reflectiontimeout'];
317
318	df81417f	Matthew Grooms	if($_POST['bypassstaticroutes'] == "yes")
319	668c4990	Seth Mos	$config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'];
320	d2903c0c	jim-p	elseif(isset($config['filter']['bypassstaticroutes']))
321	668c4990	Seth Mos	unset($config['filter']['bypassstaticroutes']);
322	df81417f	Matthew Grooms
323			if($_POST['disablescrub'] == "yes")
324			$config['system']['disablescrub'] = $_POST['disablescrub'];
325			else
326			unset($config['system']['disablescrub']);
327
328	cfdce2ad	Ermal	if ($_POST['tftpinterface'])
329			$config['system']['tftpinterface'] = implode(",", $_POST['tftpinterface']);
330			else
331			unset($config['system']['tftpinterface']);
332	db0aa52a	Renato Botelho
333	6b4480dc	bcyrill	if ($_POST['bogonsinterval'] != $config['system']['bogons']['interval']) {
334			switch ($_POST['bogonsinterval']) {
335			case 'daily':
336			install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "", "", "*");
337			break;
338			case 'weekly':
339	610f3ff6	Chris Buechler	install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "", "", "0");
340	6b4480dc	bcyrill	break;
341			case 'monthly':
342			// fall through
343			default:
344			install_cron_job("/usr/bin/nice -n20 /etc/rc.update_bogons.sh", true, "1", "3", "1", "", "");
345			}
346			$config['system']['bogons']['interval'] = $_POST['bogonsinterval'];
347			}
348	db0aa52a	Renato Botelho
349	df81417f	Matthew Grooms	write_config();
350
351	ab3ab2ac	Renato Botelho	// Kill filterdns when value changes, filter_configure() will restart it
352			if (($old_aliasesresolveinterval != $config['system']['aliasesresolveinterval']) &&
353			isvalidpid("{$g['varrun_path']}/filterdns.pid"))
354			killbypid("{$g['varrun_path']}/filterdns.pid");
355
356	df81417f	Matthew Grooms	$retval = 0;
357			$retval = filter_configure();
358			if(stristr($retval, "error") <> true)
359	db0aa52a	Renato Botelho	$savemsg = get_std_save_message($retval);
360	df81417f	Matthew Grooms	else
361	db0aa52a	Renato Botelho	$savemsg = $retval;
362	df81417f	Matthew Grooms	}
363			}
364
365	ca23c2f8	Renato Botelho	$pgtitle = array(gettext("System"),gettext("Advanced: Firewall and NAT"));
366	df81417f	Matthew Grooms	include("head.inc");
367
368			?>
369
370			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
371			<?php include("fbegin.inc"); ?>
372
373	8712fab6	Colin Fleming	<script type="text/javascript">
374			//<![CDATA[
375	df81417f	Matthew Grooms
376			var descs=new Array(5);
377	ca23c2f8	Renato Botelho	descs[0]="<?=gettext("as the name says, it's the normal optimization algorithm");?>";
378			descs[1]="<?=gettext("used for high latency links, such as satellite links. Expires idle connections later than default");?>";
379	0d5eff9f	jim-p	descs[2]="<?=gettext("expires idle connections quicker. More efficient use of CPU and memory but can drop legitimate idle connections");?>";
380			descs[3]="<?=gettext("tries to avoid dropping any legitimate idle connections at the expense of increased memory usage and CPU utilization.");?>";
381	df81417f	Matthew Grooms
382			function update_description(itemnum) {
383	db0aa52a	Renato Botelho	document.forms[0].info.value=descs[itemnum];
384	df81417f	Matthew Grooms
385			}
386
387	8712fab6	Colin Fleming	//]]>
388	df81417f	Matthew Grooms	</script>
389
390			<?php
391			if ($input_errors)
392			print_input_errors($input_errors);
393			if ($savemsg)
394			print_info_box($savemsg);
395			?>
396	ab3c8553	Matthew Grooms	<form action="system_advanced_firewall.php" method="post" name="iform" id="iform">
397	8712fab6	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="system advanced firewall/nat">
398	ab3c8553	Matthew Grooms	<tr>
399			<td class="tabnavtbl">
400			<?php
401			$tab_array = array();
402	ca23c2f8	Renato Botelho	$tab_array[] = array(gettext("Admin Access"), false, "system_advanced_admin.php");
403			$tab_array[] = array(gettext("Firewall / NAT"), true, "system_advanced_firewall.php");
404			$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
405			$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
406			$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
407			$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
408	ab3c8553	Matthew Grooms	display_top_tabs($tab_array);
409			?>
410			</td>
411			</tr>
412			<tr>
413	2ff19bfd	Matthew Grooms	<td id="mainarea">
414			<div class="tabcont">
415			<span class="vexpl">
416			<span class="red">
417	8712fab6	Colin Fleming	<strong><?=gettext("NOTE:");?> </strong>
418	2ff19bfd	Matthew Grooms	</span>
419	ca23c2f8	Renato Botelho	<?=gettext("The options on this page are intended for use by advanced users only.");?>
420	8cd558b6	ayvis	<br />
421	2ff19bfd	Matthew Grooms	</span>
422	8cd558b6	ayvis	<br />
423	8712fab6	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
424	ab3c8553	Matthew Grooms	<tr>
425	ca23c2f8	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("Firewall Advanced");?></td>
426	ab3c8553	Matthew Grooms	</tr>
427			<tr>
428	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("IP Do-Not-Fragment compatibility");?></td>
429	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
430	8712fab6	Colin Fleming	<input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked=\"checked\""; ?> />
431	8cd558b6	ayvis	<strong><?=gettext("Clear invalid DF bits instead of dropping the packets");?></strong><br />
432	f0d1af93	Carlos Eduardo Ramos	<?=gettext("This allows for communications with hosts that generate fragmented " .
433			"packets with the don't fragment (DF) bit set. Linux NFS is known to " .
434			"do this. This will cause the filter to not drop such packets but " .
435			"instead clear the don't fragment bit.");?>
436	2867fa7b	Ermal Luçi	</td>
437			</tr>
438			<tr>
439	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("IP Random id generation");?></td>
440	2867fa7b	Ermal Luçi	<td width="78%" class="vtable">
441	8712fab6	Colin Fleming	<input name="scrubrnid" type="checkbox" id="scrubrnid" value="yes" <?php if (isset($config['system']['scrubrnid'])) echo "checked=\"checked\""; ?> />
442	8cd558b6	ayvis	<strong><?=gettext("Insert a stronger id into IP header of packets passing through the filter.");?></strong><br />
443	f0d1af93	Carlos Eduardo Ramos	<?=gettext("Replaces the IP identification field of packets with random values to " .
444	08847295	jim-p	"compensate for operating systems that use predictable values. " .
445	f0d1af93	Carlos Eduardo Ramos	"This option only applies to packets that are not fragmented after the " .
446			"optional packet reassembly.");?>
447	ab3c8553	Matthew Grooms	</td>
448			</tr>
449			<tr>
450	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Optimization Options");?></td>
451	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
452	8712fab6	Colin Fleming	<select onchange="update_description(this.selectedIndex);" name="optimization" id="optimization">
453			<option value="normal"<?php if($config['system']['optimization']=="normal") echo " selected=\"selected\""; ?>><?=gettext("normal");?></option>
454			<option value="high-latency"<?php if($config['system']['optimization']=="high-latency") echo " selected=\"selected\""; ?>><?=gettext("high-latency");?></option>
455			<option value="aggressive"<?php if($config['system']['optimization']=="aggressive") echo " selected=\"selected\""; ?>><?=gettext("aggressive");?></option>
456			<option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected=\"selected\""; ?>><?=gettext("conservative");?></option>
457	ab3c8553	Matthew Grooms	</select>
458	8cd558b6	ayvis	<br />
459	b4e9a4da	N0YB	<textarea readonly="readonly" cols="60" rows="2" id="info" name="info" style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
460	8712fab6	Colin Fleming	<script type="text/javascript">
461			//<![CDATA[
462	ab3c8553	Matthew Grooms	update_description(document.forms[0].optimization.selectedIndex);
463	8712fab6	Colin Fleming	//]]>
464	ab3c8553	Matthew Grooms	</script>
465	8cd558b6	ayvis	<br />
466	ca23c2f8	Renato Botelho	<?=gettext("Select the type of state table optimization to use");?>
467	ab3c8553	Matthew Grooms	</td>
468			</tr>
469			<tr>
470	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Firewall");?></td>
471	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
472	8712fab6	Colin Fleming	<input name="disablefilter" type="checkbox" id="disablefilter" value="yes" <?php if (isset($config['system']['disablefilter'])) echo "checked=\"checked\""; ?> />
473	ca23c2f8	Renato Botelho	<strong><?=gettext("Disable all packet filtering.");?></strong>
474	8cd558b6	ayvis	<br />
475	8712fab6	Colin Fleming	<span class="vexpl"><?php printf(gettext("Note: This converts %s into a routing only platform!"), $g['product_name']);?><br />
476	5a8a7545	jim-p	<?=gettext("Note: This will also turn off NAT!");?>
477	8cd558b6	ayvis	<br /><?=gettext("If you only want to disable NAT, and not firewall rules, visit the");?> <a href="firewall_nat_out.php"><?=gettext("Outbound NAT");?></a> <?=gettext("page");?>.
478	ab3c8553	Matthew Grooms	</span>
479			</td>
480			</tr>
481			<tr>
482	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Firewall Scrub");?></td>
483	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
484	8712fab6	Colin Fleming	<input name="disablescrub" type="checkbox" id="disablescrub" value="yes" <?php if (isset($config['system']['disablescrub'])) echo "checked=\"checked\""; ?> />
485	ca23c2f8	Renato Botelho	<strong><?=gettext("Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.");?></strong>
486	8cd558b6	ayvis	<br />
487	ab3c8553	Matthew Grooms	</td>
488			</tr>
489	11d1d64e	Ermal	<tr>
490			<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Adaptive Timeouts");?></td>
491			<td width="78%" class="vtable">
492			<strong><?=gettext("Timeouts for states can be scaled adaptively as the number of state table entries grows.");?></strong>
493	8cd558b6	ayvis	<br />
494	2a1b44c9	jim-p	<input name="adaptivestart" type="text" id="adaptivestart" value="<?php echo htmlspecialchars($pconfig['adaptivestart']); ?>" />
495	8cd558b6	ayvis	<br /><?=gettext("When the number of state entries exceeds this value, adaptive scaling begins. All timeout values are scaled linearly with factor (adaptive.end - number of states) / (adaptive.end - adaptive.start).");?>
496	db0aa52a	Renato Botelho
497	8cd558b6	ayvis	<br />
498	2a1b44c9	jim-p	<input name="adaptiveend" type="text" id="adaptiveend" value="<?php echo htmlspecialchars($pconfig['adaptiveend']); ?>" />
499	8cd558b6	ayvis	<br /><?=gettext("When reaching this number of state entries, all timeout values become zero, effectively purging all state entries immediately. This value is used to define the scale factor, it should not actually be reached (set a lower state limit, see below).");?>
500			<br />
501	bf57f6ba	Chris Buechler	<span class="vexpl"><?=gettext("Note: Leave this blank for the default, which auto-calculates these values from your maximum state table size. Adaptive start is 60% and end is 120% of the state table size by default.");?></span>
502	11d1d64e	Ermal	</td>
503			</tr>
504	ab3c8553	Matthew Grooms	<tr>
505	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum States");?></td>
506	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
507	2a1b44c9	jim-p	<input name="maximumstates" type="text" id="maximumstates" value="<?php echo htmlspecialchars($pconfig['maximumstates']); ?>" />
508	8cd558b6	ayvis	<br />
509	ca23c2f8	Renato Botelho	<strong><?=gettext("Maximum number of connections to hold in the firewall state table.");?></strong>
510	8cd558b6	ayvis	<br />
511	ea53e38f	Renato Botelho	<span class="vexpl"><?=gettext("Note: Leave this blank for the default. On your system the default size is:");?> <?= pfsense_default_state_size() ?></span>
512	ab3c8553	Matthew Grooms	</td>
513			</tr>
514	fb586a16	jim-p	<tr>
515			<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Table Entries");?></td>
516			<td width="78%" class="vtable">
517	2a1b44c9	jim-p	<input name="maximumtableentries" type="text" id="maximumtableentries" value="<?php echo htmlspecialchars($pconfig['maximumtableentries']); ?>" />
518	8cd558b6	ayvis	<br />
519	fb586a16	jim-p	<strong><?=gettext("Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined.");?></strong>
520	8cd558b6	ayvis	<br />
521	fb586a16	jim-p	<span class="vexpl">
522			<?=gettext("Note: Leave this blank for the default.");?>
523			<?php if (empty($pconfig['maximumtableentries'])): ?>
524	ea53e38f	Renato Botelho	<?= gettext("On your system the default size is:");?> <?= pfsense_default_table_entries_size(); ?>
525	fb586a16	jim-p	<?php endif; ?>
526			</span>
527			</td>
528			</tr>
529	9e8ce1e2	jim-p	<tr>
530			<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Fragment Entries");?></td>
531			<td width="78%" class="vtable">
532			<input name="maximumfrags" type="text" id="maximumfrags" value="<?php echo htmlspecialchars($pconfig['maximumfrags']); ?>" />
533			<br />
534			<strong><?=gettext("Maximum number of packet fragments to hold for reassembly by scrub rules.");?></strong>
535			<br />
536			<span class="vexpl">
537			<?=gettext("Note: Leave this blank for the default (5000).");?>
538			</span>
539			</td>
540			</tr>
541	ab3c8553	Matthew Grooms	<tr>
542	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Static route filtering");?></td>
543	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
544	8712fab6	Colin Fleming	<input name="bypassstaticroutes" type="checkbox" id="bypassstaticroutes" value="yes" <?php if ($pconfig['bypassstaticroutes']) echo "checked=\"checked\""; ?> />
545	ca23c2f8	Renato Botelho	<strong><?=gettext("Bypass firewall rules for traffic on the same interface");?></strong>
546	8cd558b6	ayvis	<br />
547	f0d1af93	Carlos Eduardo Ramos	<?=gettext("This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and " .
548	db0aa52a	Renato Botelho	"leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where " .
549	f0d1af93	Carlos Eduardo Ramos	"multiple subnets are connected to the same interface.");?>
550	8cd558b6	ayvis	<br />
551	ab3c8553	Matthew Grooms	</td>
552			</tr>
553	9a36dc9d	Ermal	<tr>
554			<td width="22%" valign="top" class="vncell">Disable Auto-added VPN rules</td>
555			<td width="78%" class="vtable">
556	8712fab6	Colin Fleming	<input name="disablevpnrules" type="checkbox" id="disablevpnrules" value="yes" <?php if (isset($config['system']['disablevpnrules'])) echo "checked=\"checked\""; ?> />
557	9a36dc9d	Ermal	<strong><?=gettext("Disable all auto-added VPN rules.");?></strong>
558			<br />
559	db0aa52a	Renato Botelho	<span class="vexpl"><?=gettext("Note: This disables automatically added rules for IPsec, PPTP.");?>
560	9a36dc9d	Ermal	</span>
561			</td>
562			</tr>
563	8b19f4a7	Erik Fonnesbeck	<tr>
564			<td width="22%" valign="top" class="vncell">Disable reply-to</td>
565			<td width="78%" class="vtable">
566	8712fab6	Colin Fleming	<input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked=\"checked\""; ?> />
567	8b19f4a7	Erik Fonnesbeck	<strong><?=gettext("Disable reply-to on WAN rules");?></strong>
568			<br />
569			<?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default. " .
570			"When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?>
571			<br />
572			</td>
573			</tr>
574	9ae39b01	smos	<tr>
575	db0aa52a	Renato Botelho	<td width="22%" valign="top" class="vncell">Disable Negate rules</td>
576	9ae39b01	smos	<td width="78%" class="vtable">
577	8712fab6	Colin Fleming	<input name="disablenegate" type="checkbox" id="disablenegate" value="yes" <?php if ($pconfig['disablenegate']) echo "checked=\"checked\""; ?> />
578	9ae39b01	smos	<strong><?=gettext("Disable Negate rule on policy routing rules");?></strong>
579			<br />
580			<?=gettext("With Multi-WAN you generally want to ensure traffic reaches directly connected networks and VPN networks when using policy routing. You can disable this for special purposes but it requires manually creating rules for these networks");?>
581			<br />
582			</td>
583	ab3ab2ac	Renato Botelho	</tr>
584			<tr>
585			<td width="22%" valign="top" class="vncell"><?=gettext("Aliases Hostnames Resolve Interval");?></td>
586			<td width="78%" class="vtable">
587	2a1b44c9	jim-p	<input name="aliasesresolveinterval" type="text" id="aliasesresolveinterval" value="<?php echo htmlspecialchars($pconfig['aliasesresolveinterval']); ?>" />
588	8cd558b6	ayvis	<br />
589	ab3ab2ac	Renato Botelho	<strong><?=gettext("Interval, in seconds, that will be used to resolve hostnames configured on aliases.");?></strong>
590	8cd558b6	ayvis	<br />
591	ab3ab2ac	Renato Botelho	<span class="vexpl"><?=gettext("Note: Leave this blank for the default (300s).");?></span>
592			</td>
593	08b861a8	Renato Botelho	</tr>
594			<tr>
595			<td width="22%" valign="top" class="vncell"><?=gettext("Check certificate of aliases URLs");?></td>
596			<td width="78%" class="vtable">
597			<input name="checkaliasesurlcert" type="checkbox" id="checkaliasesurlcert" value="yes" <?php if ($pconfig['checkaliasesurlcert']) echo "checked=\"checked\""; ?> />
598	e66c4a0f	Chris Buechler	<strong><?=gettext("Verify HTTPS certificates when downloading alias URLs");?></strong>
599	08b861a8	Renato Botelho	<br />
600	e66c4a0f	Chris Buechler	<?=gettext("Make sure the certificate is valid for all HTTPS addresses on aliases. If it's not valid or is revoked, do not download it.");?>
601	08b861a8	Renato Botelho	<br />
602			</td>
603	9ae39b01	smos	</tr>
604	ab3c8553	Matthew Grooms	<tr>
605			<td colspan="2" class="list" height="12"> </td>
606			</tr>
607	6b4480dc	bcyrill	<tr>
608			<td colspan="2" valign="top" class="listtopic"><?=gettext("Bogon Networks");?></td>
609	db0aa52a	Renato Botelho	</tr>
610	6b4480dc	bcyrill	<tr>
611			<td width="22%" valign="top" class="vncell"><?=gettext("Update Frequency");?></td>
612			<td width="78%" class="vtable">
613			<select name="bogonsinterval" class="formselect">
614	8712fab6	Colin Fleming	<option value="monthly" <?php if (empty($pconfig['bogonsinterval']) \|\| $pconfig['bogonsinterval'] == 'monthly') echo "selected=\"selected\""; ?>><?=gettext("Monthly"); ?></option>
615			<option value="weekly" <?php if ($pconfig['bogonsinterval'] == 'weekly') echo "selected=\"selected\""; ?>><?=gettext("Weekly"); ?></option>
616			<option value="daily" <?php if ($pconfig['bogonsinterval'] == 'daily') echo "selected=\"selected\""; ?>><?=gettext("Daily"); ?></option>
617	6b4480dc	bcyrill	</select>
618	8cd558b6	ayvis	<br />
619	6b4480dc	bcyrill	<?=gettext("The frequency of updating the lists of IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA.");?>
620			</td>
621			</tr>
622			<tr>
623			<td colspan="2" class="list" height="12"> </td>
624			</tr>
625	f691243d	Ermal	<?php if(count($config['interfaces']) > 1): ?>
626	ab3c8553	Matthew Grooms	<tr>
627	ca23c2f8	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("Network Address Translation");?></td>
628	db0aa52a	Renato Botelho	</tr>
629	ab3c8553	Matthew Grooms	<tr>
630	40fa6dde	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("NAT Reflection mode for port forwards");?></td>
631	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
632	40fa6dde	Erik Fonnesbeck	<select name="natreflection" class="formselect">
633	8712fab6	Colin Fleming	<option value="disable" <?php if (isset($config['system']['disablenatreflection'])) echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
634			<option value="proxy" <?php if (!isset($config['system']['disablenatreflection']) && !isset($config['system']['enablenatreflectionpurenat'])) echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option>
635			<option value="purenat" <?php if (!isset($config['system']['disablenatreflection']) && isset($config['system']['enablenatreflectionpurenat'])) echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option>
636	40fa6dde	Erik Fonnesbeck	</select>
637	8cd558b6	ayvis	<br />
638	40fa6dde	Erik Fonnesbeck	<strong><?=gettext("When enabled, this automatically creates additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks.");?></strong>
639	8cd558b6	ayvis	<br /><br />
640	40fa6dde	Erik Fonnesbeck	<?=gettext("The NAT + proxy mode uses a helper program to send packets to the target of the port forward. It is useful in setups where the interface and/or gateway IP used for communication with the target cannot be accurately determined at the time the rules are loaded. Reflection rules are not created for ranges larger than 500 ports and will not be used for more than 1000 ports total between all port forwards. Only TCP and UDP protocols are supported.");?>
641	8cd558b6	ayvis	<br /><br />
642	40fa6dde	Erik Fonnesbeck	<?=gettext("The pure NAT mode uses a set of NAT rules to direct packets to the target of the port forward. It has better scalability, but it must be possible to accurately determine the interface and gateway IP used for communication with the target at the time the rules are loaded. There are no inherent limits to the number of ports other than the limits of the protocols. All protocols available for port forwards are supported.");?>
643	8cd558b6	ayvis	<br /><br />
644	40fa6dde	Erik Fonnesbeck	<?=gettext("Individual rules may be configured to override this system setting on a per-rule basis.");?>
645	bff94015	Erik Fonnesbeck	</td>
646			</tr>
647			<tr>
648			<td width="22%" valign="top" class="vncell"><?=gettext("Reflection Timeout");?></td>
649			<td width="78%" class="vtable">
650	8cd558b6	ayvis	<input name="reflectiontimeout" id="reflectiontimeout" value="<?php echo $config['system']['reflectiontimeout']; ?>" /><br />
651	40fa6dde	Erik Fonnesbeck	<strong><?=gettext("Enter value for Reflection timeout in seconds.");?></strong>
652	8cd558b6	ayvis	<br /><br />
653	40fa6dde	Erik Fonnesbeck	<?=gettext("Note: Only applies to Reflection on port forwards in NAT + proxy mode.");?>
654	ab3c8553	Matthew Grooms	</td>
655			</tr>
656			<tr>
657	40fa6dde	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Enable NAT Reflection for 1:1 NAT");?></td>
658	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
659	8712fab6	Colin Fleming	<input name="enablebinatreflection" type="checkbox" id="enablebinatreflection" value="yes" <?php if (isset($config['system']['enablebinatreflection'])) echo "checked=\"checked\""; ?> />
660	8c06bd69	Erik Fonnesbeck	<strong><?=gettext("Enables the automatic creation of additional NAT redirect rules for access to 1:1 mappings of your external IP addresses from within your internal networks.");?></strong>
661	8cd558b6	ayvis	<br /><br />
662	40fa6dde	Erik Fonnesbeck	<?=gettext("Note: Reflection on 1:1 mappings is only for the inbound component of the 1:1 mappings. This functions the same as the pure NAT mode for port forwards. For more details, refer to the pure NAT mode description above.");?>
663	8cd558b6	ayvis	<br /><br />
664	40fa6dde	Erik Fonnesbeck	<?=gettext("Individual rules may be configured to override this system setting on a per-rule basis.");?>
665	ab3c8553	Matthew Grooms	</td>
666			</tr>
667	a2b6c52f	Erik Fonnesbeck	<tr>
668	40fa6dde	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Enable automatic outbound NAT for Reflection");?></td>
669	a2b6c52f	Erik Fonnesbeck	<td width="78%" class="vtable">
670	8712fab6	Colin Fleming	<input name="enablenatreflectionhelper" type="checkbox" id="enablenatreflectionhelper" value="yes" <?php if (isset($config['system']['enablenatreflectionhelper'])) echo "checked=\"checked\""; ?> />
671	a2b6c52f	Erik Fonnesbeck	<strong><?=gettext("Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from.");?></strong>
672	8cd558b6	ayvis	<br />
673	40fa6dde	Erik Fonnesbeck	<?=gettext("Required for full functionality of the pure NAT mode of NAT Reflection for port forwards or NAT Reflection for 1:1 NAT.");?>
674	8cd558b6	ayvis	<br /><br />
675	3f76f90e	Erik Fonnesbeck	<?=gettext("Note: This only works for assigned interfaces. Other interfaces require manually creating the outbound NAT rules that direct the reply packets back through the router.");?>
676	a2b6c52f	Erik Fonnesbeck	</td>
677			</tr>
678	cfdce2ad	Ermal	<tr>
679	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("TFTP Proxy");?></td>
680	cfdce2ad	Ermal	<td width="78%" class="vtable">
681	8712fab6	Colin Fleming	<select name="tftpinterface[]" multiple="multiple" class="formselect" size="3">
682	cfdce2ad	Ermal	<?php
683	ca23c2f8	Renato Botelho	$ifdescs = get_configured_interface_with_descr();
684	2464e353	N0YB	$rowIndex = 0;
685	ca23c2f8	Renato Botelho	foreach ($ifdescs as $ifent => $ifdesc):
686	2464e353	N0YB	$rowIndex++;
687	cfdce2ad	Ermal	?>
688	8712fab6	Colin Fleming	<option value="<?=$ifent;?>" <?php if (in_array($ifent, $pconfig['tftpinterface'])) echo "selected=\"selected\""; ?>><?=gettext($ifdesc);?></option>
689	2464e353	N0YB	<?php endforeach;
690			if ($rowIndex == 0)
691			echo "<option></option>";
692			?>
693	ca23c2f8	Renato Botelho	</select>
694	87ca92d0	Chris Buechler	<br/><strong><?=gettext("Choose the interfaces where you want TFTP proxy helper to be enabled.");?></strong>
695			</td>
696			</tr>
697			<?php endif; ?>
698			<tr>
699			<td colspan="2" valign="top" class="listtopic"><?=gettext("State Timeouts");?></td>
700			</tr>
701			<tr>
702			<td colspan="2">
703			<strong><?=gettext("NOTE: The options below should usually be left at their defaults, as chosen by Firewall Optimization Options above. Click the Help link on this page for information.");?> </strong>
704			</td>
705			<br />
706			</tr>
707			<tr>
708			<td width="22%" valign="top" class="vncell"><?=gettext("TCP Timeouts");?></td>
709			<td width="78%" class="vtable">
710			<strong><?=gettext("TCP First: ");?></strong><input name="tcpfirsttimeout" id="tcpfirsttimeout" value="<?php echo $config['system']['tcpfirsttimeout']; ?>" /> <br/>
711			<?=gettext("Enter value for TCP first timeout in seconds. Leave blank for default (recommended).");?>
712			<br/><br/>
713			<strong><?=gettext("TCP Opening: ");?></strong><input name="tcpopeningtimeout" id="tcpopeningtimeout" value="<?php echo $config['system']['tcpopeningtimeout']; ?>" /><br />
714			<?=gettext("Enter value for TCP opening timeout in seconds. Leave blank for default (recommended).");?>
715			<br/><br/>
716			<strong><?=gettext("TCP Established: ");?></strong><input name="tcpestablishedtimeout" id="tcpestablishedtimeout" value="<?php echo $config['system']['tcpestablishedtimeout']; ?>" /><br />
717			<?=gettext("Enter value for TCP established timeout in seconds. Leave blank for default (recommended).");?>
718			<br/><br/>
719			<strong><?=gettext("TCP Closing: ");?></strong><input name="tcpclosingtimeout" id="tcpclosingtimeout" value="<?php echo $config['system']['tcpclosingtimeout']; ?>" /><br />
720			<?=gettext("Enter value for TCP closing timeout in seconds. Leave blank for default (recommended).");?>
721			<br/><br/>
722			<strong><?=gettext("TCP FIN Wait: ");?></strong><input name="tcpfinwaittimeout" id="tcpfinwaittimeout" value="<?php echo $config['system']['tcpfinwaittimeout']; ?>" /><br />
723			<?=gettext("Enter value for TCP FIN wait timeout in seconds. Leave blank for default (recommended).");?>
724			<br/><br/>
725			<strong><?=gettext("TCP Closed: ");?></strong><input name="tcpclosedtimeout" id="tcpclosedtimeout" value="<?php echo $config['system']['tcpclosedtimeout']; ?>" /><br />
726			<?=gettext("Enter value for TCP closed timeout in seconds. Leave blank for default (recommended).");?>
727			</td>
728			</tr>
729			<tr>
730			<td width="22%" valign="top" class="vncell"><?=gettext("UDP Timeouts");?></td>
731			<td width="78%" class="vtable">
732			<strong><?=gettext("UDP First: ");?></strong><input name="udpfirsttimeout" id="udpfirsttimeout" value="<?php echo $config['system']['udpfirsttimeout']; ?>" /><br />
733			<?=gettext("Enter value for UDP first timeout in seconds. Leave blank for default (recommended).");?>
734			<br /><br />
735			<strong><?=gettext("UDP Single: ");?></strong><input name="udpsingletimeout" id="udpsingletimeout" value="<?php echo $config['system']['udpsingletimeout']; ?>" /><br />
736			<?=gettext("Enter value for UDP single timeout in seconds. Leave blank for default (recommended).");?>
737			<br /><br />
738			<strong><?=gettext("UDP Multiple: ");?></strong><input name="udpmultipletimeout" id="udpmultipletimeout" value="<?php echo $config['system']['udpmultipletimeout']; ?>" /><br />
739			<?=gettext("Enter value for UDP multiple timeout in seconds. Leave blank for default (recommended).");?>
740			</td>
741			</tr>
742			<tr>
743			<td width="22%" valign="top" class="vncell"><?=gettext("ICMP Timeouts");?></td>
744			<td width="78%" class="vtable">
745			<strong><?=gettext("ICMP First: ");?></strong><input name="icmpfirsttimeout" id="icmpfirsttimeout" value="<?php echo $config['system']['icmpfirsttimeout']; ?>" /><br />
746			<?=gettext("Enter value for ICMP first timeout in seconds. Leave blank for default (recommended).");?>
747			<br /><br />
748			<strong><?=gettext("ICMP Error: ");?></strong><input name="icmperrortimeout" id="icmperrortimeout" value="<?php echo $config['system']['icmperrortimeout']; ?>" /><br />
749			<?=gettext("Enter value for ICMP error timeout in seconds. Leave blank for default (recommended).");?>
750			</td>
751			</tr>
752			<tr>
753			<td width="22%" valign="top" class="vncell"><?=gettext("Other Timeouts");?></td>
754			<td width="78%" class="vtable">
755			<strong><?=gettext("Other First: ");?></strong><input name="otherfirsttimeout" id="otherfirsttimeout" value="<?php echo $config['system']['otherfirsttimeout']; ?>" /><br />
756			<?=gettext("Enter value for Other first timeout in seconds. Leave blank for default (recommended).");?>
757			<br /><br />
758			<strong><?=gettext("Other Single: ");?></strong><input name="othersingletimeout" id="othersingletimeout" value="<?php echo $config['system']['othersingletimeout']; ?>" /><br />
759			<?=gettext("Enter value for Other single timeout in seconds. Leave blank for default (recommended).");?>
760			<br /><br />
761			<strong><?=gettext("Other Multiple: ");?></strong><input name="othermultipletimeout" id="othermultipletimeout" value="<?php echo $config['system']['othermultipletimeout']; ?>" /><br />
762			<?=gettext("Enter value for Other multiple timeout in seconds. Leave blank for default (recommended).");?>
763	cfdce2ad	Ermal	</td>
764			</tr>
765	ab3c8553	Matthew Grooms	<tr>
766			<td colspan="2" class="list" height="12"> </td>
767			</tr>
768			<tr>
769			<td width="22%" valign="top"> </td>
770	cf9331b3	Renato Botelho	<td width="78%"><input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /></td>
771	ab3c8553	Matthew Grooms	</tr>
772			</table>
773	8712fab6	Colin Fleming	</div>
774			</td>
775			</tr>
776	ab3c8553	Matthew Grooms	</table>
777			</form>
778	df81417f	Matthew Grooms
779			<?php include("fend.inc"); ?>
780			</body>
781			</html>

Project

General

Profile

pfSense