Revision 5ab6ce1d
Added by Renato Botelho about 7 years ago
| src/conf.default/config.xml | ||
|---|---|---|
| 1 | 1 |
<?xml version="1.0"?> |
| 2 | 2 |
<pfsense> |
| 3 |
<version>17.9</version>
|
|
| 3 |
<version>18.0</version>
|
|
| 4 | 4 |
<lastchange/> |
| 5 | 5 |
<system> |
| 6 | 6 |
<optimization>normal</optimization> |
| ... | ... | |
| 43 | 43 |
<disablesegmentationoffloading/> |
| 44 | 44 |
<disablelargereceiveoffloading/> |
| 45 | 45 |
<ipv6allow/> |
| 46 |
<maximumtableentries>400000</maximumtableentries> |
|
| 46 | 47 |
<powerd_ac_mode>hadp</powerd_ac_mode> |
| 47 | 48 |
<powerd_battery_mode>hadp</powerd_battery_mode> |
| 48 | 49 |
<powerd_normal_mode>hadp</powerd_normal_mode> |
| src/etc/inc/filter.inc | ||
|---|---|---|
| 147 | 147 |
} |
| 148 | 148 |
} |
| 149 | 149 |
|
| 150 |
function is_bogonsv6_used() {
|
|
| 150 |
function is_bogonsv6_used($force = false) {
|
|
| 151 | 151 |
global $config, $g; |
| 152 | 152 |
# Only use bogonsv6 table if IPv6 Allow is on, and at least 1 enabled interface also has "blockbogons" enabled. |
| 153 | 153 |
$usebogonsv6 = false; |
| 154 |
if (isset($config['system']['ipv6allow'])) {
|
|
| 154 |
if (isset($config['system']['ipv6allow']) || $force) {
|
|
| 155 | 155 |
foreach ($config['interfaces'] as $ifacedata) {
|
| 156 | 156 |
if (isset($ifacedata['enable']) && isset($ifacedata['blockbogons'])) {
|
| 157 | 157 |
$usebogonsv6 = true; |
| ... | ... | |
| 717 | 717 |
} |
| 718 | 718 |
|
| 719 | 719 |
function filter_generate_aliases() {
|
| 720 |
global $config, $FilterIflist, $after_filter_configure_run; |
|
| 720 |
global $g, $config, $FilterIflist, $after_filter_configure_run;
|
|
| 721 | 721 |
|
| 722 | 722 |
if (isset($config['system']['developerspew'])) {
|
| 723 | 723 |
$mt = microtime(); |
| ... | ... | |
| 770 | 770 |
} |
| 771 | 771 |
$aliases .= "table <bogons> persist file \"/etc/bogons\"\n"; |
| 772 | 772 |
if (is_bogonsv6_used()) {
|
| 773 |
$aliases .= "table <bogonsv6> persist file \"/etc/bogonsv6\"\n"; |
|
| 773 |
if (!isset($config['system']['maximumtableentries']) || |
|
| 774 |
$config['system']['maximumtableentries'] < |
|
| 775 |
$g['minimumtableentries_bogonsv6']) {
|
|
| 776 |
file_notice("Filter_Reload", sprintf(gettext(
|
|
| 777 |
"In order block bogon IPv6 networks the Firewall Maximum Table Entries value in System / Advanced / Firewall must be increased at least to %s"), |
|
| 778 |
$g['minimumtableentries_bogonsv6'])); |
|
| 779 |
} else {
|
|
| 780 |
$aliases .= "table <bogonsv6> persist file \"/etc/bogonsv6\"\n"; |
|
| 781 |
} |
|
| 774 | 782 |
} |
| 775 | 783 |
|
| 776 | 784 |
$vpns_list = filter_get_vpns_list(); |
| src/etc/inc/globals.inc | ||
|---|---|---|
| 74 | 74 |
"disablecrashreporter" => false, |
| 75 | 75 |
"crashreporterurl" => "https://crashreporter.pfsense.org/crash_reporter.php", |
| 76 | 76 |
"debug" => false, |
| 77 |
"latest_config" => "17.9",
|
|
| 77 |
"latest_config" => "18.0",
|
|
| 78 | 78 |
"minimum_ram_warning" => "101", |
| 79 | 79 |
"minimum_ram_warning_text" => "128 MB", |
| 80 | 80 |
"wan_interface_name" => "wan", |
| ... | ... | |
| 88 | 88 |
"pkg_prefix" => "pfSense-pkg-", |
| 89 | 89 |
"default_timezone" => "Etc/UTC", |
| 90 | 90 |
"language" => "en_US", |
| 91 |
"default_config_backup_count" => 30 |
|
| 91 |
"default_config_backup_count" => 30, |
|
| 92 |
"minimumtableentries_bogonsv6" => 400000 |
|
| 92 | 93 |
); |
| 93 | 94 |
|
| 94 | 95 |
/* IP TOS flags */ |
| src/etc/inc/upgrade_config.inc | ||
|---|---|---|
| 5543 | 5543 |
/* Placeholder for a factory update. */ |
| 5544 | 5544 |
function upgrade_178_to_179() {
|
| 5545 | 5545 |
} |
| 5546 |
|
|
| 5547 |
function upgrade_179_to_180() {
|
|
| 5548 |
global $config, $g; |
|
| 5549 |
|
|
| 5550 |
/* Change default to 400000 to make sure bogonsv6 works */ |
|
| 5551 |
if (empty($config['system']['maximumtableentries'])) {
|
|
| 5552 |
$config['system']['maximumtableentries'] = |
|
| 5553 |
$g['minimumtableentries_bogonsv6']; |
|
| 5554 |
} |
|
| 5555 |
} |
|
| 5556 |
|
|
| 5546 | 5557 |
?> |
| src/usr/local/www/interfaces.php | ||
|---|---|---|
| 541 | 541 |
} |
| 542 | 542 |
} |
| 543 | 543 |
|
| 544 |
if ($_POST['blockbogons'] == "yes" && |
|
| 545 |
isset($config['system']['ipv6allow']) && |
|
| 546 |
(!isset($config['system']['maximumtableentries']) || |
|
| 547 |
$config['system']['maximumtableentries'] < |
|
| 548 |
$g['minimumtableentries_bogonsv6'])) {
|
|
| 549 |
$input_errors[] = sprintf(gettext( |
|
| 550 |
"In order to block bogon networks the Firewall Maximum Table Entries value in System / Advanced / Firewall must be increased at least to %s."), |
|
| 551 |
$g['minimumtableentries_bogonsv6']); |
|
| 552 |
} |
|
| 553 |
|
|
| 544 | 554 |
if (isset($config['dhcpd']) && isset($config['dhcpd'][$if]['enable'])) {
|
| 545 | 555 |
if (!preg_match("/^staticv4/", $_POST['type'])) {
|
| 546 | 556 |
$input_errors[] = gettext("The DHCP Server is active " .
|
| src/usr/local/www/system_advanced_firewall.php | ||
|---|---|---|
| 149 | 149 |
$input_errors[] = gettext("The Other multiple timeout value must be an integer.");
|
| 150 | 150 |
} |
| 151 | 151 |
|
| 152 |
if ($_POST['maximumtableentries']) {
|
|
| 153 |
$maximumtableentries = $_POST['maximumtableentries']; |
|
| 154 |
} else {
|
|
| 155 |
$maximumtableentries = pfsense_default_table_entries_size(); |
|
| 156 |
} |
|
| 157 |
if (!is_numericint($maximumtableentries)) {
|
|
| 158 |
$input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer.");
|
|
| 159 |
} else if (is_bogonsv6_used() && |
|
| 160 |
$maximumtableentries < $g['minimumtableentries_bogonsv6']) {
|
|
| 161 |
$input_errors[] = sprintf(gettext( |
|
| 162 |
"The Firewall Maximum Table Entries value must be greater than %s when block bogons is enabled."), |
|
| 163 |
$g['minimumtableentries_bogonsv6']); |
|
| 164 |
} |
|
| 165 |
|
|
| 152 | 166 |
ob_flush(); |
| 153 | 167 |
flush(); |
| 154 | 168 |
|
| src/usr/local/www/system_advanced_network.php | ||
|---|---|---|
| 90 | 90 |
} |
| 91 | 91 |
} |
| 92 | 92 |
|
| 93 |
if ($_POST['ipv6allow'] == "yes" && is_bogonsv6_used(true) && |
|
| 94 |
(!isset($config['system']['maximumtableentries']) || |
|
| 95 |
$config['system']['maximumtableentries'] < |
|
| 96 |
$g['minimumtableentries_bogonsv6'])) {
|
|
| 97 |
$input_errors[] = sprintf(gettext( |
|
| 98 |
"In order enable IPv6 and block bogon networks the Firewall Maximum Table Entries value in System / Advanced / Firewall must be increased at least to %s."), |
|
| 99 |
$g['minimumtableentries_bogonsv6']); |
|
| 100 |
} |
|
| 101 |
|
|
| 93 | 102 |
ob_flush(); |
| 94 | 103 |
flush(); |
| 95 | 104 |
if (!$input_errors) {
|
Also available in: Unified diff
Fix #8417
- Changed default value for Maximum Table Entries to 400000 in order to
make bogonsv6 to work
- Added code to upgrade config and set default value on systems where
it's not defined
- Changed default config to match new default and version 18.0
- Added checks to enable 'block bogons' and to enable IPv6 requesting
the minimum value
- Notify admin when Maximum Table Entries value is too small and in
this case skip bogonsv6 table creation