/usr/local/www/system_advanced.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced.php @ b6f3005c

1	13128695	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	aa9e7aaa	Scott Ullrich	system_advanced.php
5	416ed28d	Scott Ullrich	part of pfSense
6	aa9e7aaa	Scott Ullrich	Copyright (C) 2005-2007 Scott Ullrich
7	13128695	Scott Ullrich
8	416ed28d	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	13128695	Scott Ullrich
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	13128695	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	13128695	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	13128695	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33
34	6b07c15a	Matthew Grooms	##\|+PRIV
35			##\|*IDENT=page-system-advancedfunctions
36			##\|*NAME=System: Advanced functions page
37			##\|*DESCR=Allow access to the 'System: Advanced functions' page.
38			##\|MATCH=system_advanced.php
39			##\|-PRIV
40
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43
44	35284e50	Scott Ullrich	$pconfig['disablefilter'] = $config['system']['disablefilter'];
45	38560a25	Bill Marquette	$pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
46	8f498445	Scott Ullrich	$pconfig['scrubnodf'] = $config['system']['scrubnodf'];
47	5b237745	Scott Ullrich	$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
48			$pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr'];
49			$pconfig['cert'] = base64_decode($config['system']['webgui']['certificate']);
50			$pconfig['key'] = base64_decode($config['system']['webgui']['private-key']);
51			$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
52	c11e337b	Scott Ullrich	$pconfig['harddiskstandby'] = $config['system']['harddiskstandby'];
53	5b237745	Scott Ullrich	$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
54			$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
55	351217ed	Scott Ullrich	$pconfig['maximumstates'] = $config['system']['maximumstates'];
56	68bf6021	Scott Ullrich	$pconfig['disablerendevouz'] = $config['system']['disablerendevouz'];
57	2f810bc1	Scott Ullrich	$pconfig['enableserial'] = $config['system']['enableserial'];
58	5c50ae40	Scott Ullrich	$pconfig['disablefirmwarecheck'] = isset($config['system']['disablefirmwarecheck']);
59	d5967a9a	Scott Ullrich	$pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']);
60	59d09874	Scott Ullrich	$pconfig['enablesshd'] = $config['system']['enablesshd'];
61	74806cee	Seth Mos	$pconfig['sshport'] = $config['system']['ssh']['port'];
62	ed4b63b0	Timo Boettcher	$pconfig['sshdkeyonly'] = $config['system']['ssh']['sshdkeyonly'];
63			$pconfig['authorizedkeys'] = base64_decode($config['system']['ssh']['authorizedkeys']);
64	243aa7b9	Scott Ullrich	$pconfig['sharednet'] = $config['system']['sharednet'];
65	8d36fd1d	Scott Ullrich	$pconfig['polling_enable'] = isset($config['system']['polling']);
66	bdac13de	Scott Ullrich	$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
67	a9b19d7f	Scott Ullrich	$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
68	507a5e3e	Scott Ullrich	$pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout'];
69	1c5ca2e9	Scott Ullrich	$pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']);
70	ff091d96	Scott Ullrich	$pconfig['disablescrub'] = isset($config['system']['disablescrub']);
71	81a6f5ea	Scott Ullrich	$pconfig['shapertype'] = $config['system']['shapertype'];
72	9534ea8b	Scott Ullrich	$pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']);
73	a9b19d7f	Scott Ullrich
74	5b237745	Scott Ullrich	if ($_POST) {
75
76			unset($input_errors);
77			$pconfig = $_POST;
78
79			/* input validation */
80			if ($_POST['ipv6nat_enable'] && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
81			$input_errors[] = "You must specify an IP address to NAT IPv6 packets.";
82			}
83	351217ed	Scott Ullrich	if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
84			$input_errors[] = "The Firewall Maximum States value must be an integer.";
85			}
86	5b237745	Scott Ullrich	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
87			$input_errors[] = "The TCP idle timeout must be an integer.";
88			}
89			if (($_POST['cert'] && !$_POST['key']) \|\| ($_POST['key'] && !$_POST['cert'])) {
90			$input_errors[] = "Certificate and key must always be specified together.";
91			} else if ($_POST['cert'] && $_POST['key']) {
92			if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))
93			$input_errors[] = "This certificate does not appear to be valid.";
94			if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") \|\| !strstr($_POST['key'], "END RSA PRIVATE KEY"))
95			$input_errors[] = "This key does not appear to be valid.";
96	a509ff63	Bill Marquette	if ($_POST['altfirmwareurl'])
97			if ($_POST['firmwareurl'] == "" \|\| $_POST['firmwarename'] == "")
98			$input_errors[] = "You must specify a base URL and a filename for the alternate firmware.";
99	66f481cc	Colin Smith	if ($_POST['altpkgconfigurl'])
100			if ($_POST['pkgconfig_base_url'] == "" \|\| $_POST['pkgconfig_filename'] == "")
101			$input_errors[] = "You must specifiy and base URL and a filename before using an alternate pkg_config.xml.";
102	5b237745	Scott Ullrich	}
103	e52f293f	Scott Ullrich	if ($_POST['maximumstates'] <> "") {
104			if ($_POST['maximumstates'] < 1000)
105			$input_errors[] = "States must be above 1000 and below 100000000";
106			if ($_POST['maximumstates'] > 100000000)
107			$input_errors[] = "States must be above 1000 and below 100000000";
108			}
109	74806cee	Seth Mos	if ($_POST['sshport'] <> "") {
110			if( ! is_port($_POST['sshport'])) {
111			$input_errors[] = "You must specify a valid port number";
112			}
113			}
114	ed4b63b0	Timo Boettcher	if($_POST['sshdkeyonly'] == "yes") {
115			$config['system']['ssh']['sshdkeyonly'] = "enabled";
116			} else {
117			unset($config['system']['ssh']['sshdkeyonly']);
118			}
119			$config['system']['ssh']['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
120	74806cee	Seth Mos
121	5b237745	Scott Ullrich	}
122	b63695db	Scott Ullrich
123	aa9e7aaa	Scott Ullrich	if ($_POST) {
124			ob_flush();
125			flush();
126			if (!$input_errors) {
127			if($_POST['disablefilter'] == "yes") {
128			$config['system']['disablefilter'] = "enabled";
129			} else {
130			unset($config['system']['disablefilter']);
131			}
132			if($_POST['enablesshd'] == "yes") {
133			$config['system']['enablesshd'] = "enabled";
134			touch("{$g['tmp_path']}/start_sshd");
135			} else {
136			unset($config['system']['enablesshd']);
137			mwexec("/usr/bin/killall sshd");
138			}
139			$oldsshport = $config['system']['ssh']['port'];
140			$config['system']['ssh']['port'] = $_POST['sshport'];
141
142			if($_POST['polling_enable'] == "yes") {
143			$config['system']['polling'] = true;
144			setup_polling();
145			} else {
146			unset($config['system']['polling']);
147			setup_polling();
148			}
149
150	9534ea8b	Scott Ullrich	if($_POST['lb_use_sticky'] == "yes")
151			$config['system']['lb_use_sticky'] = true;
152			else
153			unset($config['system']['lb_use_sticky']);
154
155	aa9e7aaa	Scott Ullrich	if($_POST['sharednet'] == "yes") {
156			$config['system']['sharednet'] = true;
157			system_disable_arp_wrong_if();
158			} else {
159			unset($config['system']['sharednet']);
160			system_enable_arp_wrong_if();
161			}
162
163			if($_POST['scrubnodf'] == "yes")
164			$config['system']['scrubnodf'] = "enabled";
165			else
166			unset($config['system']['scrubnodf']);
167
168			if($_POST['rfc959workaround'] == "yes")
169			$config['system']['rfc959workaround'] = "enabled";
170			else
171			unset($config['system']['rfc959workaround']);
172
173			if($_POST['ipv6nat_enable'] == "yes") {
174			$config['diag']['ipv6nat']['enable'] = true;
175			$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
176			} else {
177	8f1e36ca	Scott Ullrich	if($config['diag']) {
178			if($config['diag']['ipv6nat']) {
179			unset($config['diag']['ipv6nat']['enable']);
180			unset($config['diag']['ipv6nat']['ipaddr']);
181			}
182			}
183	aa9e7aaa	Scott Ullrich	}
184			$oldcert = $config['system']['webgui']['certificate'];
185			$oldkey = $config['system']['webgui']['private-key'];
186			$config['system']['webgui']['certificate'] = base64_encode($_POST['cert']);
187			$config['system']['webgui']['private-key'] = base64_encode($_POST['key']);
188			if($_POST['disableconsolemenu'] == "yes") {
189			$config['system']['disableconsolemenu'] = true;
190			auto_login(true);
191			} else {
192			unset($config['system']['disableconsolemenu']);
193			auto_login(false);
194			}
195			unset($config['system']['webgui']['expanddiags']);
196			$config['system']['optimization'] = $_POST['optimization'];
197
198			if($_POST['disablefirmwarecheck'] == "yes")
199			$config['system']['disablefirmwarecheck'] = true;
200			else
201			unset($config['system']['disablefirmwarecheck']);
202
203			if ($_POST['enableserial'] == "yes")
204			$config['system']['enableserial'] = true;
205			else
206			unset($config['system']['enableserial']);
207
208			if($_POST['harddiskstandby'] <> "") {
209			$config['system']['harddiskstandby'] = $_POST['harddiskstandby'];
210			system_set_harddisk_standby();
211			} else
212			unset($config['system']['harddiskstandby']);
213
214			if ($_POST['noantilockout'] == "yes")
215			$config['system']['webgui']['noantilockout'] = true;
216			else
217			unset($config['system']['webgui']['noantilockout']);
218
219			/* Firewall and ALTQ options */
220			$config['system']['maximumstates'] = $_POST['maximumstates'];
221
222			if($_POST['enablesshd'] == "yes") {
223			$config['system']['enablesshd'] = $_POST['enablesshd'];
224			} else {
225			unset($config['system']['enablesshd']);
226			}
227
228			if($_POST['disablechecksumoffloading'] == "yes") {
229			$config['system']['disablechecksumoffloading'] = $_POST['disablechecksumoffloading'];
230			} else {
231			unset($config['system']['disablechecksumoffloading']);
232			}
233
234	ff091d96	Scott Ullrich	if($_POST['disablescrub'] == "yes") {
235			$config['system']['disablescrub'] = $_POST['disablescrub'];
236			} else {
237			unset($config['system']['disablescrub']);
238			}
239
240	aa9e7aaa	Scott Ullrich	if($_POST['disablenatreflection'] == "yes") {
241			$config['system']['disablenatreflection'] = $_POST['disablenatreflection'];
242			} else {
243			unset($config['system']['disablenatreflection']);
244			}
245	507a5e3e	Scott Ullrich
246			$config['system']['reflectiontimeout'] = $_POST['reflectiontimeout'];
247	aa9e7aaa	Scott Ullrich
248	81a6f5ea	Scott Ullrich	// Traffic shaper
249			$config['system']['shapertype'] = $_POST['shapertype'];
250
251	aa9e7aaa	Scott Ullrich	$config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false;
252			$config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'] ? true : false;
253
254			write_config();
255
256			$retval = 0;
257			config_lock();
258			$retval = filter_configure();
259			if(stristr($retval, "error") <> true)
260			$savemsg = get_std_save_message($retval);
261			else
262			$savemsg = $retval;
263
264			config_unlock();
265
266			conf_mount_rw();
267
268			setup_serial_port();
269
270			conf_mount_ro();
271
272
273			}
274			}
275
276	d88c6a9f	Scott Ullrich	$pgtitle = array("System","Advanced functions");
277	b63695db	Scott Ullrich	include("head.inc");
278
279	5b237745	Scott Ullrich	?>
280	b63695db	Scott Ullrich
281	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
282	9ecd6ab7	Erik Kristensen
283	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
284	9ecd6ab7	Erik Kristensen	<form action="system_advanced.php" method="post" name="iform" id="iform">
285			<?php if ($input_errors) print_input_errors($input_errors); ?>
286			<?php if ($savemsg) print_info_box($savemsg); ?>
287			<p><span class="vexpl"><span class="red"><strong>Note: </strong></span>the options on this page are intended for use by advanced users only.</span></p>
288			<br />
289	416ed28d	Scott Ullrich
290	9ecd6ab7	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
291			<tbody>
292	dbb0b7d6	Holger Bauer	<?php if($g['platform'] == "pfSense" \|\| $g['platform'] == "cdrom"): ?>
293	9ecd6ab7	Erik Kristensen	<tr>
294			<td colspan="2" valign="top" class="listtopic">Enable Serial Console</td>
295			</tr>
296			<tr>
297			<td width="22%" valign="top" class="vncell"> </td>
298			<td width="78%" class="vtable">
299			<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked"; ?> onclick="enable_change(false)" />
300			<strong>This will enable the first serial port with 9600/8/N/1</strong>
301	b8467d8e	Scott Ullrich	<br>
302	3446ca38	Scott Ullrich	<span class="vexpl">Note: This will disable the internal video card/keyboard</span>
303	9ecd6ab7	Erik Kristensen	</td>
304			</tr>
305			<tr>
306			<td width="22%" valign="top"> </td>
307			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
308			</tr>
309			</tr>
310			<tr>
311			<td colspan="2" class="list" height="12"></td>
312	48ce54d0	Scott Ullrich	</tr>
313	0831bc86	Scott Ullrich	<?php endif; ?>
314	9ecd6ab7	Erik Kristensen	<tr>
315			<td colspan="2" valign="top" class="listtopic">Secure Shell</td>
316			</tr>
317			<tr>
318			<td width="22%" valign="top" class="vncell"> </td>
319			<td width="78%" class="vtable">
320			<input name="enablesshd" type="checkbox" id="enablesshd" value="yes" <?php if (isset($pconfig['enablesshd'])) echo "checked"; ?> onclick="enable_change(false)" />
321			<strong>Enable Secure Shell</strong>
322			</td>
323			</tr>
324	ed4b63b0	Timo Boettcher	<tr>
325			<td width="22%" valign="top" class="vncell"> </td>
326			<td width="78%" class="vtable">
327			<input name="sshdkeyonly" type="checkbox" id="sshdkeyonly" value="yes" <?php if (isset($pconfig['sshdkeyonly'])) echo "checked"; ?> onclick="enable_change(false)" />
328	e1cb5d69	Scott Ullrich	<strong>Disable Password login for Secure Shell (KEY only)</strong>
329	ed4b63b0	Timo Boettcher	</td>
330			</tr>
331	74806cee	Seth Mos	<tr>
332			<td width="22%" valign="top" class="vncell">SSH port</td>
333			<td width="78%" class="vtable">
334			<input name="sshport" type="text" id="sshport" value="<?php echo $pconfig['sshport']; ?>" onclick="enable_change(false)" />
335			<br />
336			<span class="vexpl">Note: Leave this blank for the default of 22</span>
337			</td>
338			</tr>
339	ed4b63b0	Timo Boettcher	<tr>
340			<td width="22%" valign="top" class="vncell"><?=gettext("Authorizedkeys");?></td>
341			<td width="78%" class="vtable">
342			<textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea>
343			<br />
344			Paste an authorized keys file here.
345			</td>
346			</tr>
347	9ecd6ab7	Erik Kristensen	<tr>
348			<td width="22%" valign="top"> </td>
349			<td width="78%">
350			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
351			</td>
352			</tr>
353			<tr>
354			<td colspan="2" class="list" height="12"> </td>
355	48ce54d0	Scott Ullrich	</tr>
356	9ecd6ab7	Erik Kristensen	<tr>
357			<td colspan="2" valign="top" class="listtopic">Shared Physical Network</td>
358			</tr>
359			<tr>
360			<td width="22%" valign="top" class="vncell"> </td>
361			<td width="78%" class="vtable">
362			<input name="sharednet" type="checkbox" id="sharednet" value="yes" <?php if (isset($pconfig['sharednet'])) echo "checked"; ?> onclick="enable_change(false)" />
363	3d0d1aa8	Colin Smith	<strong>This will suppress ARP messages when interfaces share the same physical network</strong>
364	9ecd6ab7	Erik Kristensen	</td>
365			</tr>
366			<tr>
367			<td width="22%" valign="top"> </td>
368			<td width="78%">
369			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
370			</td>
371			</tr>
372			<tr>
373			<td colspan="2" class="list" height="12"> </td>
374			</tr>
375			<tr>
376			<td colspan="2" valign="top" class="listtopic">IPv6 tunneling</td>
377			</tr>
378			<tr>
379			<td width="22%" valign="top" class="vncell"> </td>
380			<td width="78%" class="vtable">
381			<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?php if ($pconfig['ipv6nat_enable']) echo "checked"; ?> onclick="enable_change(false)" />
382			<strong>NAT encapsulated IPv6 packets (IP protocol 41/RFC2893) to:</strong>
383			<br /> <br />
384	b5c78501	Seth Mos	<input name="ipv6nat_ipaddr" type="text" class="formfld unknown" id="ipv6nat_ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipv6nat_ipaddr']);?>" />
385	9ecd6ab7	Erik Kristensen	(IP address)<span class="vexpl"><br /> Don't forget to add a firewall rule to permit IPv6 packets!</span>
386			</td>
387			</tr>
388	b0703b01	Scott Ullrich	<tr>
389			<td colspan="2" class="list" height="12"> </td>
390	48ce54d0	Scott Ullrich	</tr>
391	9ecd6ab7	Erik Kristensen	<tr>
392			<td width="22%" valign="top"> </td>
393			<td width="78%">
394			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
395			</td>
396			</tr>
397			<tr>
398			<td colspan="2" class="list" height="12"> </td>
399			</tr>
400			<tr>
401	709cc6e0	Bill Marquette	<td colspan="2" valign="top" class="listtopic">webConfigurator SSL certificate/key</td>
402	9ecd6ab7	Erik Kristensen	</tr>
403			<tr>
404			<td width="22%" valign="top" class="vncell">Certificate</td>
405			<td width="78%" class="vtable">
406			<textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
407			<br />
408			Paste a signed certificate in X.509 PEM format here. <a href="javascript:if(openwindow('system_advanced_create_certs.php') == false) alert('Popup blocker detected. Action aborted.');" >Create</a> certificates automatically.
409			</td>
410			</tr>
411			<tr>
412			<td width="22%" valign="top" class="vncell">Key</td>
413			<td width="78%" class="vtable">
414			<textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
415			<br />
416			Paste an RSA private key in PEM format here.
417			</td>
418			</tr>
419			<tr>
420			<td width="22%" valign="top"> </td>
421			<td width="78%">
422			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
423			</td>
424			</tr>
425			<tr>
426			<td colspan="2" class="list" height="12"> </td>
427			</tr>
428	9534ea8b	Scott Ullrich
429			<tr>
430			<td colspan="2" valign="top" class="listtopic">Load Balancing</td>
431			</tr>
432			<tr>
433			<td width="22%" valign="top" class="vncell">Load Balancing</td>
434			<td width="78%" class="vtable">
435			<input name="lb_use_sticky" type="checkbox" id="lb_use_sticky" value="yes" <?php if ($pconfig['lb_use_sticky']) echo "checked=\"checked\""; ?> />
436			<strong>Use sticky connections</strong>
437			<br />
438			<span class="vexpl">
439	d9d55d40	Bill Marquette	Successive connections will be redirected to the servers in a round-robin manner with connections from the same source being sent to the same web server. This "sticky connection" will exist as long as there are states that refer to this connection. Once the states expire, so will the sticky connection. Further connections from that host will be redirected to the next web server in the round robin.
440	9534ea8b	Scott Ullrich	</span>
441			</td>
442			</tr>
443			<tr>
444			<td width="22%" valign="top"> </td>
445			<td width="78%">
446			<input type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
447			</td>
448			</tr>
449			<tr>
450			<td colspan="2" class="list" height="12"> </td>
451			</tr>
452
453	9ecd6ab7	Erik Kristensen	<tr>
454			<td colspan="2" valign="top" class="listtopic">Miscellaneous</td>
455			</tr>
456	8d36fd1d	Scott Ullrich
457	9534ea8b	Scott Ullrich	<tr>
458			<td colspan="2" class="list" height="12"> </td>
459			</tr>
460
461
462	8d36fd1d	Scott Ullrich	<tr>
463			<td width="22%" valign="top" class="vncell">Device polling</td>
464			<td width="78%" class="vtable">
465			<input name="polling_enable" type="checkbox" id="polling_enable" value="yes" <?php if ($pconfig['polling_enable']) echo "checked"; ?>>
466			<strong>Use device polling</strong><br>
467	709cc6e0	Bill Marquette	Device polling is a technique that lets the system periodically poll network devices for new data instead of relying on interrupts. This prevents your webConfigurator, SSH, etc. from being inaccessible due to interrupt floods when under extreme load. Generally this is not recommended.
468	d9d55d40	Bill Marquette	Not all NICs support polling; see the <?= $g['product_name'] ?> homepage for a list of supported cards.
469	8d36fd1d	Scott Ullrich	</td>
470			</tr>
471	48ce54d0	Scott Ullrich
472	9ecd6ab7	Erik Kristensen	<tr>
473			<td width="22%" valign="top" class="vncell">Console menu </td>
474			<td width="78%" class="vtable">
475			<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked"; ?> />
476			<strong>Disable console menu</strong>
477			<br />
478			<span class="vexpl">Changes to this option will take effect after a reboot.</span>
479			</td>
480			</tr>
481	48ce54d0	Scott Ullrich	<?php if($g['platform'] == "pfSenseDISABLED"): ?>
482	a509ff63	Bill Marquette	<tr>
483	9ecd6ab7	Erik Kristensen	<td width="22%" valign="top" class="vncell">Hard disk standby time </td>
484			<td width="78%" class="vtable">
485	b5c78501	Seth Mos	<select name="harddiskstandby" class="formselect">
486	9ecd6ab7	Erik Kristensen	<?php
487			## Values from ATA-2 http://www.t13.org/project/d0948r3-ATA-2.pdf (Page 66)
488			$sbvals = explode(" ", "0.5,6 1,12 2,24 3,36 4,48 5,60 7.5,90 10,120 15,180 20,240 30,241 60,242");
489			?>
490			<option value="" <?php if(!$pconfig['harddiskstandby']) echo('selected');?>>Always on</option>
491			<?php
492	5b237745	Scott Ullrich	foreach ($sbvals as $sbval):
493			list($min,$val) = explode(",", $sbval); ?>
494	9ecd6ab7	Erik Kristensen	<option value="<?=$val;?>" <?php if($pconfig['harddiskstandby'] == $val) echo('selected');?>><?=$min;?> minutes</option>
495			<?php endforeach; ?>
496			</select>
497			<br />
498			Puts the hard disk into standby mode when the selected amount of time after the last
499			access has elapsed. <em>Do not set this for CF cards.</em>
500			</td>
501			</tr>
502	48ce54d0	Scott Ullrich	<?php endif; ?>
503	e6bbd933	Scott Ullrich	<?php
504			if($config['interfaces']['lan'])
505			$lockout_interface = "LAN";
506			else
507			$lockout_interface = "WAN";
508			?>
509	9ecd6ab7	Erik Kristensen	<tr>
510	709cc6e0	Bill Marquette	<td width="22%" valign="top" class="vncell">webConfigurator anti-lockout</td>
511	9ecd6ab7	Erik Kristensen	<td width="78%" class="vtable">
512			<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked"; ?> />
513	709cc6e0	Bill Marquette	<strong>Disable webConfigurator anti-lockout rule</strong>
514	9ecd6ab7	Erik Kristensen	<br />
515	e6bbd933	Scott Ullrich	By default, access to the webConfigurator on the {$lockout_interface} interface is always permitted, regardless of the user-defined filter
516	709cc6e0	Bill Marquette	rule set. Enable this feature to control webConfigurator access (make sure to have a filter rule in place that allows you
517	9ecd6ab7	Erik Kristensen	in, or you will lock yourself out!).
518			<br />
519	e6bbd933	Scott Ullrich	Hint: the "set configure IP address" option in the console menu resets this setting as well.
520	9ecd6ab7	Erik Kristensen	</td>
521			</tr>
522	bdac13de	Scott Ullrich	<tr>
523			<td width="22%" valign="top" class="vncell">Static route filtering</td>
524			<td width="78%" class="vtable">
525			<input name="bypassstaticroutes" type="checkbox" id="bypassstaticroutes" value="yes" <?php if ($pconfig['bypassstaticroutes']) echo "checked"; ?> />
526			<strong>Bypass firewall rules for traffic on the same interface</strong>
527			<br />
528	48ce54d0	Scott Ullrich	This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and
529			leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where
530	bdac13de	Scott Ullrich	multiple subnets are connected to the same interface.
531			<br />
532			</td>
533			</tr>
534	9ecd6ab7	Erik Kristensen	<tr>
535			<td width="22%" valign="top" class="vncell">IPsec SA preferral</td>
536			<td width="78%" class="vtable">
537			<input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked"; ?> />
538			<strong>Prefer old IPsec SAs</strong>
539			<br />
540			By default, if several SAs match, the newest one is preferred if it's at least 30 seconds old.Select this option to always prefer old SAs over new ones.
541			</td>
542	48ce54d0	Scott Ullrich	</tr>
543	9ecd6ab7	Erik Kristensen	<tr>
544			<td width="22%" valign="top"> </td>
545			<td width="78%">
546			<input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" />
547			</td>
548			</tr>
549			<tr>
550			<td colspan="2" class="list" height="12"> </td>
551			</tr>
552			<tr>
553			<td colspan="2" valign="top" class="listtopic">Traffic Shaper and Firewall Advanced</td>
554			</tr>
555	073abaa6	Scott Ullrich	<?php
556			/*
557	81a6f5ea	Scott Ullrich	<tr>
558			<td width="22%" valign="top" class="vncell">Traffic shaper type</td>
559			<td width="78%" class="vtable">
560			<select name="shapertype" class="formselect">
561			<option value="pfSense"<?php if($pconfig['shapertype'] == 'pfSense') echo " selected"; ?>><?= $g['product_name'] ?> (ALTQ)</option>
562			<option value="m0n0"<?php if($pconfig['shapertype'] == 'm0n0') echo " selected"; ?>>M0n0wall (dummynet)</option>
563			</select>
564			</td>
565			</tr>
566	073abaa6	Scott Ullrich	*/
567			?>
568	9ecd6ab7	Erik Kristensen	<tr>
569			<td width="22%" valign="top" class="vncell">FTP RFC 959 data port violation workaround</td>
570			<td width="78%" class="vtable">
571			<input name="rfc959workaround" type="checkbox" id="rfc959workaround" value="yes" <?php if (isset($config['system']['rfc959workaround'])) echo "checked"; ?> onclick="enable_change(false)" />
572			<strong class="vexpl">Workaround for sites that violate RFC 959 which specifies that the data connection be sourced from the command port - 1 (typically port 20). This workaround doesn't expose you to any extra risk as the firewall will still only allow connections on a port that the ftp-proxy is listening on.</strong>
573			<br />
574			</td>
575			</tr>
576	8f498445	Scott Ullrich	<tr>
577			<td width="22%" valign="top" class="vncell">Clear DF bit instead of dropping</td>
578			<td width="78%" class="vtable">
579			<input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked"; ?> onclick="enable_change(false)" />
580			<strong class="vexpl">Workaround for operating systems that generate fragmented packets with the don't fragment (DF) bit set. Linux NFS is known to do this. This will cause the filter to not drop such packets but instead clear the don't fragment bit. The filter will also randomize the IP identification field of outgoing packets with this option on, to compensate for operating systems that set the DF bit but set a zero IP identification header field.</strong>
581			<br />
582			</td>
583			</tr>
584	9ecd6ab7	Erik Kristensen	<tr>
585			<td width="22%" valign="top" class="vncell">Firewall Optimization Options</td>
586			<td width="78%" class="vtable">
587			<select onChange="update_description(this.selectedIndex);" name="optimization" id="optimization">
588			<option value="normal"<?php if($config['system']['optimization']=="normal") echo " selected"; ?>>normal</option>
589			<option value="high-latency"<?php if($config['system']['optimization']=="high-latency") echo " selected"; ?>>high-latency</option>
590			<option value="aggressive"<?php if($config['system']['optimization']=="aggressive") echo " selected"; ?>>aggressive</option>
591			<option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>>conservative</option>
592			</select>
593			<br />
594	d4fddf14	Scott Ullrich	<textarea cols="60" rows="2" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
595	9ecd6ab7	Erik Kristensen	<script language="javascript" type="text/javascript">
596			update_description(document.forms[0].optimization.selectedIndex);
597			</script>
598			<br />
599			<span class="vexpl"><b>Select which type of state table optimization your would like to use</b></span>
600			</td>
601			</tr>
602			<tr>
603			<td width="22%" valign="top" class="vncell">Disable Firewall</td>
604			<td width="78%" class="vtable">
605			<input name="disablefilter" type="checkbox" id="disablefilter" value="yes" <?php if (isset($config['system']['disablefilter'])) echo "checked"; ?> onclick="enable_change(false)" />
606	a200ac93	Chris Buechler	<strong>Disable all packet filtering.</strong>
607	9ecd6ab7	Erik Kristensen	<br />
608	a200ac93	Chris Buechler	<span class="vexpl">Note: This converts <?= $g['product_name'] ?> into a routing only platform!<br>
609	8d0abf6b	Scott Ullrich	Note: This will turn off NAT!
610			</span>
611	9ecd6ab7	Erik Kristensen	</td>
612			</tr>
613	ff091d96	Scott Ullrich	<tr>
614			<td width="22%" valign="top" class="vncell">Disable Firewall Scrub</td>
615			<td width="78%" class="vtable">
616			<input name="disablescrub" type="checkbox" id="disablescrub" value="yes" <?php if (isset($config['system']['disablescrub'])) echo "checked"; ?> onclick="enable_change(false)" />
617			<strong>Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.</strong>
618			<br/>
619			Click <a href='http://www.openbsd.org/faq/pf/scrub.html' target='_new'>here</a> for more information.
620			</td>
621			</tr>
622	9ecd6ab7	Erik Kristensen	<tr>
623			<td width="22%" valign="top" class="vncell">Firewall Maximum States</td>
624			<td width="78%" class="vtable">
625			<input name="maximumstates" type="text" id="maximumstates" value="<?php echo $pconfig['maximumstates']; ?>" onclick="enable_change(false)" />
626			<br />
627			<strong>Maximum number of connections to hold in the firewall state table.</strong>
628			<br />
629	639aaa95	Bill Marquette	<span class="vexpl">Note: Leave this blank for the default. On your system the default size is: <?= pfsense_default_state_size() ?></span>
630	9ecd6ab7	Erik Kristensen	</td>
631			</tr>
632	a9b19d7f	Scott Ullrich	<tr>
633	b5675af6	Scott Ullrich	<td width="22%" valign="top"> </td>
634			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
635	a9b19d7f	Scott Ullrich	</tr>
636	612bb4f3	Scott Ullrich	<?php if($config['interfaces']['lan']): ?>
637	b5675af6	Scott Ullrich	<tr>
638			<td colspan="2" class="list" height="12"> </td>
639	48ce54d0	Scott Ullrich	</tr>
640	a9b19d7f	Scott Ullrich	<tr>
641			<td colspan="2" valign="top" class="listtopic">Network Address Translation</td>
642	612bb4f3	Scott Ullrich	</tr>
643	a9b19d7f	Scott Ullrich	<tr>
644	1b45d566	Scott Ullrich	<td width="22%" valign="top" class="vncell">Disable NAT Reflection</td>
645	a9b19d7f	Scott Ullrich	<td width="78%" class="vtable">
646			<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> onclick="enable_change(false)" />
647	3a9ba28f	Scott Ullrich	<strong>Disables the automatic creation of NAT redirect rules for access to your public IP addresses from within your internal networks. Note: Reflection only works on port forward type items and does not work for large ranges > 500 ports.</strong>
648	a9b19d7f	Scott Ullrich	</td>
649			</tr>
650	507a5e3e	Scott Ullrich	<tr>
651			<td width="22%" valign="top" class="vncell">Reflection Timeout</td>
652			<td width="78%" class="vtable">
653	8e7b8da0	Scott Ullrich	<input name="reflectiontimeout" id="reflectiontimeout" value="<?php echo $config['system']['reflectiontimeout']; ?>" />
654	507a5e3e	Scott Ullrich	<strong>Enter value for Reflection timeout in seconds.</strong>
655			</td>
656			</tr>
657	d2eb5def	Scott Ullrich	<tr>
658			<td width="22%" valign="top"> </td>
659			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
660			</tr>
661	612bb4f3	Scott Ullrich	<?php endif; ?>
662
663	d2eb5def	Scott Ullrich	<tr>
664			<td colspan="2" class="list" height="12"> </td>
665			</tr>
666			<tr>
667			<td colspan="2" valign="top" class="listtopic">Hardware Checksum Offloading</td>
668			</tr>
669			<tr>
670			<td width="22%" valign="top" class="vncell">Disable Hardware Checksum Offloading</td>
671			<td width="78%" class="vtable">
672			<input name="disablechecksumoffloading" type="checkbox" id="disablechecksumoffloading" value="yes" <?php if (isset($config['system']['disablechecksumoffloading'])) echo "checked"; ?> onclick="enable_change(false)" />
673			<strong>Checking this option will prevent hardware checksum offloading. FreeBSD sometimes has difficulties with certain drivers.</strong>
674			</td>
675			</tr>
676	9ecd6ab7	Erik Kristensen	<tr>
677			<td width="22%" valign="top"> </td>
678			<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)" /></td>
679			</tr>
680			<tr>
681			<td colspan="2" class="list" height="12"> </td>
682			</tr>
683			</tbody>
684			</table>
685	5b237745	Scott Ullrich	</form>
686	9ecd6ab7	Erik Kristensen
687			<script language="JavaScript" type="text/javascript">
688	5b237745	Scott Ullrich	<!--
689	9ecd6ab7	Erik Kristensen	enable_change(false);
690	5b237745	Scott Ullrich	//-->
691			</script>
692	9ecd6ab7	Erik Kristensen
693	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
694	9ecd6ab7	Erik Kristensen
695	a6318c60	Scott Ullrich	</body>
696			</html>
697
698	8affb1da	Scott Ullrich	<?php
699
700	d8e8296d	Scott Ullrich	if($_POST['cert'] \|\| $_POST['key']) {
701			if (($config['system']['webgui']['certificate'] != $oldcert)
702			\|\| ($config['system']['webgui']['private-key'] != $oldkey)) {
703			ob_flush();
704			flush();
705			log_error("webConfigurator certificates have changed. Restarting webConfigurator.");
706			sleep(1);
707			touch("/tmp/restart_webgui");
708			}
709	04257637	Scott Ullrich	}
710
711	bdac13de	Scott Ullrich	?>

Project

General

Profile

pfSense