Project

General

Profile

Download (19.9 KB) Statistics
| Branch: | Tag: | Revision:
1 df81417f Matthew Grooms
<?php
2
/* $Id$ */
3
/*
4
	system_advanced_firewall.php
5
	part of pfSense
6
	Copyright (C) 2005-2007 Scott Ullrich
7
8
	Copyright (C) 2008 Shrew Soft Inc
9
10
	originally part of m0n0wall (http://m0n0.ch/wall)
11
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
12
	All rights reserved.
13
14
	Redistribution and use in source and binary forms, with or without
15
	modification, are permitted provided that the following conditions are met:
16
17
	1. Redistributions of source code must retain the above copyright notice,
18
	   this list of conditions and the following disclaimer.
19
20
	2. Redistributions in binary form must reproduce the above copyright
21
	   notice, this list of conditions and the following disclaimer in the
22
	   documentation and/or other materials provided with the distribution.
23
24
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
28
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33
	POSSIBILITY OF SUCH DAMAGE.
34
*/
35 1d333258 Scott Ullrich
/*
36
	pfSense_MODULE:	system
37
*/
38 df81417f Matthew Grooms
39
##|+PRIV
40
##|*IDENT=page-system-advanced-firewall
41
##|*NAME=System: Advanced: Firewall and NAT page
42
##|*DESCR=Allow access to the 'System: Advanced: Firewall and NAT' page.
43
##|*MATCH=system_advanced.php*
44
##|-PRIV
45
46
require("guiconfig.inc");
47 7a927e67 Scott Ullrich
require_once("functions.inc");
48
require_once("filter.inc");
49
require_once("shaper.inc");
50 df81417f Matthew Grooms
51
$pconfig['disablefilter'] = $config['system']['disablefilter'];
52
$pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
53
$pconfig['scrubnodf'] = $config['system']['scrubnodf'];
54 2867fa7b Ermal Luçi
$pconfig['scrubrnid'] = $config['system']['scrubrnid'];
55 df81417f Matthew Grooms
$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
56
$pconfig['optimization'] = $config['filter']['optimization'];
57
$pconfig['maximumstates'] = $config['system']['maximumstates'];
58 fb586a16 jim-p
$pconfig['maximumtableentries'] = $config['system']['maximumtableentries'];
59 f1beeba5 lgcosta
$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']);
60 df81417f Matthew Grooms
$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
61 9fc22c6f Erik Fonnesbeck
if (!isset($config['system']['enablebinatreflection']))
62
	$pconfig['disablebinatreflection'] = "yes";
63
else
64
	$pconfig['disablebinatreflection'] = "";
65 bff94015 Erik Fonnesbeck
$pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout'];
66 df81417f Matthew Grooms
$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
67
$pconfig['disablescrub'] = isset($config['system']['disablescrub']);
68 1beafceb Erik Fonnesbeck
$pconfig['tftpinterface'] = explode(",", $config['system']['tftpinterface']);
69 9a36dc9d Ermal
$pconfig['disablevpnrules'] = isset($config['system']['disablevpnrules']);
70 df81417f Matthew Grooms
71
if ($_POST) {
72
73
	unset($input_errors);
74
	$pconfig = $_POST;
75
76
	/* input validation */
77
	if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
78 ca23c2f8 Renato Botelho
		$input_errors[] = gettext("The Firewall Maximum States value must be an integer.");
79 df81417f Matthew Grooms
	}
80 fb586a16 jim-p
	if ($_POST['maximumtableentries'] && !is_numericint($_POST['maximumtableentries'])) {
81
		$input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer.");
82
	}
83 df81417f Matthew Grooms
	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
84 ca23c2f8 Renato Botelho
		$input_errors[] = gettext("The TCP idle timeout must be an integer.");
85 df81417f Matthew Grooms
	}
86 bff94015 Erik Fonnesbeck
	if ($_POST['reflectiontimeout'] && !is_numericint($_POST['reflectiontimeout'])) {
87
		$input_errors[] = gettext("The Reflection timeout must be an integer.");
88
	}
89 df81417f Matthew Grooms
90
    ob_flush();
91
    flush();
92
93
	if (!$input_errors) {
94
95
		if($_POST['disablefilter'] == "yes")
96
			$config['system']['disablefilter'] = "enabled";
97
		else
98
			unset($config['system']['disablefilter']);
99
100 9a36dc9d Ermal
		if($_POST['disablevpnrules'] == "yes")
101
			$config['system']['disablevpnrules'] = true;
102
		else
103
			unset($config['system']['disablevpnrules']);
104 df81417f Matthew Grooms
		if($_POST['rfc959workaround'] == "yes")
105
			$config['system']['rfc959workaround'] = "enabled";
106
		else
107
			unset($config['system']['rfc959workaround']);
108
109
		if($_POST['scrubnodf'] == "yes")
110
			$config['system']['scrubnodf'] = "enabled";
111
		else
112
			unset($config['system']['scrubnodf']);
113
114 2867fa7b Ermal Luçi
		if($_POST['scrubrnid'] == "yes")
115
                        $config['system']['scrubrnid'] = "enabled";
116
                else
117
                        unset($config['system']['scrubrnid']);
118
119 df81417f Matthew Grooms
		$config['system']['optimization'] = $_POST['optimization'];
120
		$config['system']['maximumstates'] = $_POST['maximumstates'];
121 fb586a16 jim-p
		$config['system']['maximumtableentries'] = $_POST['maximumtableentries'];
122 df81417f Matthew Grooms
123
		if($_POST['disablenatreflection'] == "yes")
124
			$config['system']['disablenatreflection'] = $_POST['disablenatreflection'];
125
		else
126
			unset($config['system']['disablenatreflection']);
127 9fc22c6f Erik Fonnesbeck
128
		if($_POST['disablebinatreflection'] == "yes")
129
			unset($config['system']['enablebinatreflection']);
130
		else
131
			$config['system']['enablebinatreflection'] = "yes";
132 df81417f Matthew Grooms
133 f1beeba5 lgcosta
		if($_POST['disablereplyto'] == "yes")
134
                        $config['system']['disablereplyto'] = $_POST['disablereplyto'];
135
                else
136
                        unset($config['system']['disablereplyto']);
137
138 a2b6c52f Erik Fonnesbeck
		if($_POST['enablenatreflectionhelper'] == "yes")
139
			$config['system']['enablenatreflectionhelper'] = "yes";
140
		else
141
			unset($config['system']['enablenatreflectionhelper']);
142
143 bff94015 Erik Fonnesbeck
		$config['system']['reflectiontimeout'] = $_POST['reflectiontimeout'];
144
145 df81417f Matthew Grooms
		if($_POST['bypassstaticroutes'] == "yes")
146 668c4990 Seth Mos
			$config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'];
147 d2903c0c jim-p
		elseif(isset($config['filter']['bypassstaticroutes']))
148 668c4990 Seth Mos
			unset($config['filter']['bypassstaticroutes']);
149 df81417f Matthew Grooms
150
		if($_POST['disablescrub'] == "yes")
151
			$config['system']['disablescrub'] = $_POST['disablescrub'];
152
		else
153
			unset($config['system']['disablescrub']);
154
155 cfdce2ad Ermal
		if ($_POST['tftpinterface'])
156
			$config['system']['tftpinterface'] = implode(",", $_POST['tftpinterface']);
157
		else
158
			unset($config['system']['tftpinterface']);
159
	
160 df81417f Matthew Grooms
		write_config();
161
162 bd448e7f Ermal Lu?i
		/* 
163
		 * XXX: This is a kludge here but its the better place than on every filter reload.
164
		 * NOTE: This is only for setting the ipfw state limits. 
165
		 */
166
		if ($_POST['maximumstates'] && is_numeric($_POST['maximumstates']) && is_module_loaded("ipfw.ko"))
167
			filter_load_ipfw();
168
			
169 df81417f Matthew Grooms
		$retval = 0;
170
		$retval = filter_configure();
171
		if(stristr($retval, "error") <> true)
172
		    $savemsg = get_std_save_message($retval);
173
		else
174
		    $savemsg = $retval;
175
	}
176
}
177
178 ca23c2f8 Renato Botelho
$pgtitle = array(gettext("System"),gettext("Advanced: Firewall and NAT"));
179 df81417f Matthew Grooms
include("head.inc");
180
181
?>
182
183
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
184
<?php include("fbegin.inc"); ?>
185
186
<script language="JavaScript">
187
<!--
188
189
var descs=new Array(5);
190 ca23c2f8 Renato Botelho
descs[0]="<?=gettext("as the name says, it's the normal optimization algorithm");?>";
191
descs[1]="<?=gettext("used for high latency links, such as satellite links.  Expires idle connections later than default");?>";
192
descs[2]="<?=gettext("expires idle connections quicker. More efficient use of CPU and memory but can drop legitimate connections");?>";
193
descs[3]="<?=gettext("tries to avoid dropping any legitimate connections at the expense of increased memory usage and CPU utilization.");?>";
194 df81417f Matthew Grooms
195
function update_description(itemnum) {
196
        document.forms[0].info.value=descs[itemnum];
197
198
}
199
200
//-->
201
</script>
202
203
<?php
204
	if ($input_errors)
205
		print_input_errors($input_errors);
206
	if ($savemsg)
207
		print_info_box($savemsg);
208
?>
209 ab3c8553 Matthew Grooms
	<form action="system_advanced_firewall.php" method="post" name="iform" id="iform">
210
		<table width="100%" border="0" cellpadding="0" cellspacing="0">
211
			<tr>
212
				<td class="tabnavtbl">
213
					<?php
214
						$tab_array = array();
215 ca23c2f8 Renato Botelho
						$tab_array[] = array(gettext("Admin Access"), false, "system_advanced_admin.php");
216
						$tab_array[] = array(gettext("Firewall / NAT"), true, "system_advanced_firewall.php");
217
						$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
218
						$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
219
						$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
220
						$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
221 ab3c8553 Matthew Grooms
						display_top_tabs($tab_array);
222
					?>
223 df81417f Matthew Grooms
				</ul>
224 ab3c8553 Matthew Grooms
				</td>
225
			</tr>
226
			<tr>
227 2ff19bfd Matthew Grooms
				<td id="mainarea">
228
					<div class="tabcont">
229
						<span class="vexpl">
230
							<span class="red">
231 ea53e38f Renato Botelho
								<strong><?=gettext("NOTE:");?>&nbsp</strong>
232 2ff19bfd Matthew Grooms
							</span>
233 ca23c2f8 Renato Botelho
							<?=gettext("The options on this page are intended for use by advanced users only.");?>
234 2ff19bfd Matthew Grooms
							<br/>
235
						</span>
236
						<br/>
237
						<table width="100%" border="0" cellpadding="6" cellspacing="0">
238 ab3c8553 Matthew Grooms
							<tr>
239 ca23c2f8 Renato Botelho
								<td colspan="2" valign="top" class="listtopic"><?=gettext("Firewall Advanced");?></td>
240 ab3c8553 Matthew Grooms
							</tr>
241
							<tr>
242 ca23c2f8 Renato Botelho
								<td width="22%" valign="top" class="vncell"><?=gettext("IP Do-Not-Fragment compatibility");?></td>
243 ab3c8553 Matthew Grooms
								<td width="78%" class="vtable">
244
									<input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked"; ?> />
245 ca23c2f8 Renato Botelho
									<strong><?=gettext("Clear invalid DF bits instead of dropping the packets");?></strong><br/>
246 f0d1af93 Carlos Eduardo Ramos
									<?=gettext("This allows for communications with hosts that generate fragmented " .
247
									"packets with the don't fragment (DF) bit set. Linux NFS is known to " .
248
									"do this. This will cause the filter to not drop such packets but " .
249
									"instead clear the don't fragment bit.");?>
250 2867fa7b Ermal Luçi
								</td>
251
							</tr>
252
							<tr>
253 ca23c2f8 Renato Botelho
								<td width="22%" valign="top" class="vncell"><?=gettext("IP Random id generation");?></td>
254 2867fa7b Ermal Luçi
								<td width="78%" class="vtable">
255
									<input name="scrubrnid" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubrnid'])) echo "checked"; ?> />
256 ca23c2f8 Renato Botelho
									<strong><?=gettext("Insert a stronger id into IP header of packets passing through the filter.");?></strong><br/>
257 f0d1af93 Carlos Eduardo Ramos
									<?=gettext("Replaces the IP identification field of packets with random values to " .
258
									"compensate for operating systems that use predicatable values. " .
259
									"This option only applies to packets that are not fragmented after the " .
260
									"optional packet reassembly.");?>
261 ab3c8553 Matthew Grooms
								</td>
262
							</tr>
263
							<tr>
264 ca23c2f8 Renato Botelho
								<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Optimization Options");?></td>
265 ab3c8553 Matthew Grooms
								<td width="78%" class="vtable">
266
									<select onChange="update_description(this.selectedIndex);" name="optimization" id="optimization">
267 ca23c2f8 Renato Botelho
										<option value="normal"<?php if($config['system']['optimization']=="normal") echo " selected"; ?>><?=gettext("normal");?></option>
268
										<option value="high-latency"<?php if($config['system']['optimization']=="high-latency") echo " selected"; ?>><?=gettext("high-latency");?></option>
269
										<option value="aggressive"<?php if($config['system']['optimization']=="aggressive") echo " selected"; ?>><?=gettext("aggressive");?></option>
270
										<option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>><?=gettext("conservative");?></option>
271 ab3c8553 Matthew Grooms
									</select>
272
									<br/>
273 dc4f649e Scott Ullrich
									<textarea readonly="yes" cols="60" rows="2" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
274 ab3c8553 Matthew Grooms
									<script language="javascript" type="text/javascript">
275
										update_description(document.forms[0].optimization.selectedIndex);
276
									</script>
277
									<br/>
278 ca23c2f8 Renato Botelho
									<?=gettext("Select the type of state table optimization to use");?>
279 ab3c8553 Matthew Grooms
								</td>
280
							</tr>
281
							<tr>
282 ca23c2f8 Renato Botelho
								<td width="22%" valign="top" class="vncell"><?=gettext("Disable Firewall");?></td>
283 ab3c8553 Matthew Grooms
								<td width="78%" class="vtable">
284
									<input name="disablefilter" type="checkbox" id="disablefilter" value="yes" <?php if (isset($config['system']['disablefilter'])) echo "checked"; ?> />
285 ca23c2f8 Renato Botelho
									<strong><?=gettext("Disable all packet filtering.");?></strong>
286 ab3c8553 Matthew Grooms
									<br/>
287 ca23c2f8 Renato Botelho
									<span class="vexpl"><?php printf(gettext("Note:  This converts %s into a routing only platform!"), $g['product_name']);?><br>
288
										<?=gettext("Note:  This will turn off NAT!");?>
289 ab3c8553 Matthew Grooms
									</span>
290
								</td>
291
							</tr>
292
							<tr>
293 ca23c2f8 Renato Botelho
								<td width="22%" valign="top" class="vncell"><?=gettext("Disable Firewall Scrub");?></td>
294 ab3c8553 Matthew Grooms
								<td width="78%" class="vtable">
295
									<input name="disablescrub" type="checkbox" id="disablescrub" value="yes" <?php if (isset($config['system']['disablescrub'])) echo "checked"; ?> />
296 ca23c2f8 Renato Botelho
									<strong><?=gettext("Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.");?></strong>
297 ab3c8553 Matthew Grooms
									<br/>
298 ca23c2f8 Renato Botelho
									<?=gettext("Click")?> <a href='http://www.openbsd.org/faq/pf/scrub.html' target='_new'><?=gettext("here");?></a> <?=gettext("for more information.");?>
299 ab3c8553 Matthew Grooms
								</td>
300
							</tr>
301
							<tr>
302 ca23c2f8 Renato Botelho
								<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum States");?></td>
303 ab3c8553 Matthew Grooms
								<td width="78%" class="vtable">
304
									<input name="maximumstates" type="text" id="maximumstates" value="<?php echo $pconfig['maximumstates']; ?>" />
305
									<br/>
306 ca23c2f8 Renato Botelho
									<strong><?=gettext("Maximum number of connections to hold in the firewall state table.");?></strong>
307 ab3c8553 Matthew Grooms
									<br/>
308 ea53e38f Renato Botelho
									<span class="vexpl"><?=gettext("Note:  Leave this blank for the default.  On your system the default size is:");?> <?= pfsense_default_state_size() ?></span>
309 ab3c8553 Matthew Grooms
								</td>
310
							</tr>
311 fb586a16 jim-p
							<tr>
312
								<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Table Entries");?></td>
313
								<td width="78%" class="vtable">
314
									<input name="maximumtableentries" type="text" id="maximumtableentries" value="<?php echo $pconfig['maximumtableentries']; ?>" />
315
									<br/>
316
									<strong><?=gettext("Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined.");?></strong>
317
									<br/>
318
									<span class="vexpl">
319
										<?=gettext("Note:  Leave this blank for the default.");?>
320
										<?php if (empty($pconfig['maximumtableentries'])): ?>
321 ea53e38f Renato Botelho
											<?= gettext("On your system the default size is:");?> <?= pfsense_default_table_entries_size(); ?>
322 fb586a16 jim-p
										<?php endif; ?>
323
									</span>
324
								</td>
325
							</tr>
326 ab3c8553 Matthew Grooms
							<tr>
327 ca23c2f8 Renato Botelho
								<td width="22%" valign="top" class="vncell"><?=gettext("Static route filtering");?></td>
328 ab3c8553 Matthew Grooms
								<td width="78%" class="vtable">
329
									<input name="bypassstaticroutes" type="checkbox" id="bypassstaticroutes" value="yes" <?php if ($pconfig['bypassstaticroutes']) echo "checked"; ?> />
330 ca23c2f8 Renato Botelho
									<strong><?=gettext("Bypass firewall rules for traffic on the same interface");?></strong>
331 ab3c8553 Matthew Grooms
									<br/>
332 f0d1af93 Carlos Eduardo Ramos
									<?=gettext("This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and " .
333
					 				"leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where " .
334
									"multiple subnets are connected to the same interface.");?>
335 ab3c8553 Matthew Grooms
									<br/>
336
								</td>
337
							</tr>
338 9a36dc9d Ermal
							<tr>
339
								<td width="22%" valign="top" class="vncell">Disable Auto-added VPN rules</td>
340
								<td width="78%" class="vtable">
341
									<input name="disablevpnrules" type="checkbox" id="disablevpnrules" value="yes" <?php if (isset($config['system']['disablevpnrules'])) echo "checked"; ?> />
342
									<strong><?=gettext("Disable all auto-added VPN rules.");?></strong>
343
									<br />
344 87bb66af Ermal
									<span class="vexpl"><?=gettext("Note: This disables automatically added rules for IPsec, PPTP.");?> 
345 9a36dc9d Ermal
									</span>
346
								</td>
347
							</tr>
348 8b19f4a7 Erik Fonnesbeck
							<tr>
349
								<td width="22%" valign="top" class="vncell">Disable reply-to</td>
350
								<td width="78%" class="vtable">
351
									<input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> />
352
									<strong><?=gettext("Disable reply-to on WAN rules");?></strong>
353
									<br />
354
									<?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default. " .
355
									"When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?>
356
									<br />
357
								</td>
358
							</tr>
359 ab3c8553 Matthew Grooms
							<tr>
360
								<td colspan="2" class="list" height="12">&nbsp;</td>
361
							</tr>
362 f691243d Ermal
							<?php if(count($config['interfaces']) > 1): ?>
363 ab3c8553 Matthew Grooms
							<tr>
364 ca23c2f8 Renato Botelho
								<td colspan="2" valign="top" class="listtopic"><?=gettext("Network Address Translation");?></td>
365 ab3c8553 Matthew Grooms
							</tr>		
366
							<tr>
367 129bc052 Erik Fonnesbeck
								<td width="22%" valign="top" class="vncell"><?=gettext("Disable NAT Reflection for port forwards");?></td>
368 ab3c8553 Matthew Grooms
								<td width="78%" class="vtable">
369
									<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> />
370 bff94015 Erik Fonnesbeck
									<strong><?=gettext("Disables the automatic creation of additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks.  Note: Reflection for port forward entries is skipped for ranges larger than 500 ports.");?></strong>
371
								</td>
372
							</tr>
373
							<tr>
374
								<td width="22%" valign="top" class="vncell"><?=gettext("Reflection Timeout");?></td>
375
								<td width="78%" class="vtable">
376
									<input name="reflectiontimeout" id="reflectiontimeout" value="<?php echo $config['system']['reflectiontimeout']; ?>" /><br/>
377 ed69be7a Erik Fonnesbeck
									<strong><?=gettext("Enter value for Reflection timeout in seconds.  Note: Only applies to Reflection on port forwards.");?></strong>
378 ab3c8553 Matthew Grooms
								</td>
379
							</tr>
380
							<tr>
381 129bc052 Erik Fonnesbeck
								<td width="22%" valign="top" class="vncell"><?=gettext("Disable NAT Reflection for 1:1 NAT");?></td>
382 ab3c8553 Matthew Grooms
								<td width="78%" class="vtable">
383 9fc22c6f Erik Fonnesbeck
									<input name="disablebinatreflection" type="checkbox" id="disablebinatreflection" value="yes" <?php if (!isset($config['system']['enablebinatreflection'])) echo "checked"; ?> />
384 bff94015 Erik Fonnesbeck
									<strong><?=gettext("Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your external IP addresses from within your internal networks.  Note: Reflection for 1:1 NAT might not fully work in certain complex routing scenarios.");?></strong>
385 ab3c8553 Matthew Grooms
								</td>
386
							</tr>
387 a2b6c52f Erik Fonnesbeck
							<tr>
388
								<td width="22%" valign="top" class="vncell">&nbsp;</td>
389
								<td width="78%" class="vtable">
390
									<input name="enablenatreflectionhelper" type="checkbox" id="enablenatreflectionhelper" value="yes" <?php if (isset($config['system']['enablenatreflectionhelper'])) echo "checked"; ?> />
391
									<strong><?=gettext("Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from.");?></strong>
392
									<br/>
393
									<?=gettext("Currently only applies to 1:1 NAT rules.  Required for full functionality of NAT Reflection for 1:1 NAT.");?>
394
								</td>
395
							</tr>
396 cfdce2ad Ermal
							<tr>
397 ca23c2f8 Renato Botelho
								<td width="22%" valign="top" class="vncell"><?=gettext("TFTP Proxy");?></td>
398 cfdce2ad Ermal
								<td width="78%" class="vtable">
399
									<select name="tftpinterface[]" multiple="true" class="formselect" size="3">
400
<?php
401 ca23c2f8 Renato Botelho
										$ifdescs = get_configured_interface_with_descr();
402
										foreach ($ifdescs as $ifent => $ifdesc):
403 cfdce2ad Ermal
?>
404 1beafceb Erik Fonnesbeck
											<option value="<?=$ifent;?>" <?php if (in_array($ifent, $pconfig['tftpinterface'])) echo "selected"; ?>><?=gettext($ifdesc);?></option>
405 ca23c2f8 Renato Botelho
<?php									endforeach; ?>
406
									</select>
407 c3c2fd20 Erik Fonnesbeck
									<strong><?=gettext("Choose the interfaces where you want TFTP proxy helper to be enabled.");?></strong>
408 cfdce2ad Ermal
								</td>
409
							</tr>
410 ab3c8553 Matthew Grooms
							<tr>
411
								<td colspan="2" class="list" height="12">&nbsp;</td>
412
							</tr>
413
							<?php endif; ?>
414
							<tr>
415
								<td width="22%" valign="top">&nbsp;</td>
416 cf9331b3 Renato Botelho
								<td width="78%"><input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /></td>
417 ab3c8553 Matthew Grooms
							</tr>
418
						</table>
419
					</td>
420
				</tr>
421
			</div>
422
		</table>
423
	</form>
424 df81417f Matthew Grooms
425
<?php include("fend.inc"); ?>
426
</body>
427
</html>