/usr/local/www/system_advanced_firewall.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_advanced_firewall.php @ c07b2675

1	df81417f	Matthew Grooms	<?php
2			/* $Id$ */
3			/*
4			system_advanced_firewall.php
5			part of pfSense
6			Copyright (C) 2005-2007 Scott Ullrich
7
8			Copyright (C) 2008 Shrew Soft Inc
9
10			originally part of m0n0wall (http://m0n0.ch/wall)
11			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
12			All rights reserved.
13
14			Redistribution and use in source and binary forms, with or without
15			modification, are permitted provided that the following conditions are met:
16
17			1. Redistributions of source code must retain the above copyright notice,
18			this list of conditions and the following disclaimer.
19
20			2. Redistributions in binary form must reproduce the above copyright
21			notice, this list of conditions and the following disclaimer in the
22			documentation and/or other materials provided with the distribution.
23
24			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
28			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33			POSSIBILITY OF SUCH DAMAGE.
34			*/
35	1d333258	Scott Ullrich	/*
36			pfSense_MODULE: system
37			*/
38	df81417f	Matthew Grooms
39			##\|+PRIV
40			##\|*IDENT=page-system-advanced-firewall
41			##\|*NAME=System: Advanced: Firewall and NAT page
42			##\|*DESCR=Allow access to the 'System: Advanced: Firewall and NAT' page.
43			##\|MATCH=system_advanced.php
44			##\|-PRIV
45
46			require("guiconfig.inc");
47	7a927e67	Scott Ullrich	require_once("functions.inc");
48			require_once("filter.inc");
49			require_once("shaper.inc");
50	df81417f	Matthew Grooms
51			$pconfig['disablefilter'] = $config['system']['disablefilter'];
52			$pconfig['rfc959workaround'] = $config['system']['rfc959workaround'];
53			$pconfig['scrubnodf'] = $config['system']['scrubnodf'];
54	2867fa7b	Ermal Luçi	$pconfig['scrubrnid'] = $config['system']['scrubrnid'];
55	df81417f	Matthew Grooms	$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
56			$pconfig['optimization'] = $config['filter']['optimization'];
57			$pconfig['maximumstates'] = $config['system']['maximumstates'];
58	fb586a16	jim-p	$pconfig['maximumtableentries'] = $config['system']['maximumtableentries'];
59	f1beeba5	lgcosta	$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']);
60	df81417f	Matthew Grooms	$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
61	9fc22c6f	Erik Fonnesbeck	if (!isset($config['system']['enablebinatreflection']))
62			$pconfig['disablebinatreflection'] = "yes";
63			else
64			$pconfig['disablebinatreflection'] = "";
65	bff94015	Erik Fonnesbeck	$pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout'];
66	df81417f	Matthew Grooms	$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
67			$pconfig['disablescrub'] = isset($config['system']['disablescrub']);
68	1beafceb	Erik Fonnesbeck	$pconfig['tftpinterface'] = explode(",", $config['system']['tftpinterface']);
69	9a36dc9d	Ermal	$pconfig['disablevpnrules'] = isset($config['system']['disablevpnrules']);
70	df81417f	Matthew Grooms
71			if ($_POST) {
72
73			unset($input_errors);
74			$pconfig = $_POST;
75
76			/* input validation */
77			if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
78	ca23c2f8	Renato Botelho	$input_errors[] = gettext("The Firewall Maximum States value must be an integer.");
79	df81417f	Matthew Grooms	}
80	fb586a16	jim-p	if ($_POST['maximumtableentries'] && !is_numericint($_POST['maximumtableentries'])) {
81			$input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer.");
82			}
83	df81417f	Matthew Grooms	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
84	ca23c2f8	Renato Botelho	$input_errors[] = gettext("The TCP idle timeout must be an integer.");
85	df81417f	Matthew Grooms	}
86	bff94015	Erik Fonnesbeck	if ($_POST['reflectiontimeout'] && !is_numericint($_POST['reflectiontimeout'])) {
87			$input_errors[] = gettext("The Reflection timeout must be an integer.");
88			}
89	df81417f	Matthew Grooms
90			ob_flush();
91			flush();
92
93			if (!$input_errors) {
94
95			if($_POST['disablefilter'] == "yes")
96			$config['system']['disablefilter'] = "enabled";
97			else
98			unset($config['system']['disablefilter']);
99
100	9a36dc9d	Ermal	if($_POST['disablevpnrules'] == "yes")
101			$config['system']['disablevpnrules'] = true;
102			else
103			unset($config['system']['disablevpnrules']);
104	df81417f	Matthew Grooms	if($_POST['rfc959workaround'] == "yes")
105			$config['system']['rfc959workaround'] = "enabled";
106			else
107			unset($config['system']['rfc959workaround']);
108
109			if($_POST['scrubnodf'] == "yes")
110			$config['system']['scrubnodf'] = "enabled";
111			else
112			unset($config['system']['scrubnodf']);
113
114	2867fa7b	Ermal Luçi	if($_POST['scrubrnid'] == "yes")
115			$config['system']['scrubrnid'] = "enabled";
116			else
117			unset($config['system']['scrubrnid']);
118
119	df81417f	Matthew Grooms	$config['system']['optimization'] = $_POST['optimization'];
120			$config['system']['maximumstates'] = $_POST['maximumstates'];
121	fb586a16	jim-p	$config['system']['maximumtableentries'] = $_POST['maximumtableentries'];
122	df81417f	Matthew Grooms
123			if($_POST['disablenatreflection'] == "yes")
124			$config['system']['disablenatreflection'] = $_POST['disablenatreflection'];
125			else
126			unset($config['system']['disablenatreflection']);
127	9fc22c6f	Erik Fonnesbeck
128			if($_POST['disablebinatreflection'] == "yes")
129			unset($config['system']['enablebinatreflection']);
130			else
131			$config['system']['enablebinatreflection'] = "yes";
132	df81417f	Matthew Grooms
133	f1beeba5	lgcosta	if($_POST['disablereplyto'] == "yes")
134			$config['system']['disablereplyto'] = $_POST['disablereplyto'];
135			else
136			unset($config['system']['disablereplyto']);
137
138	a2b6c52f	Erik Fonnesbeck	if($_POST['enablenatreflectionhelper'] == "yes")
139			$config['system']['enablenatreflectionhelper'] = "yes";
140			else
141			unset($config['system']['enablenatreflectionhelper']);
142
143	bff94015	Erik Fonnesbeck	$config['system']['reflectiontimeout'] = $_POST['reflectiontimeout'];
144
145	df81417f	Matthew Grooms	if($_POST['bypassstaticroutes'] == "yes")
146	668c4990	Seth Mos	$config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'];
147	d2903c0c	jim-p	elseif(isset($config['filter']['bypassstaticroutes']))
148	668c4990	Seth Mos	unset($config['filter']['bypassstaticroutes']);
149	df81417f	Matthew Grooms
150			if($_POST['disablescrub'] == "yes")
151			$config['system']['disablescrub'] = $_POST['disablescrub'];
152			else
153			unset($config['system']['disablescrub']);
154
155	cfdce2ad	Ermal	if ($_POST['tftpinterface'])
156			$config['system']['tftpinterface'] = implode(",", $_POST['tftpinterface']);
157			else
158			unset($config['system']['tftpinterface']);
159
160	df81417f	Matthew Grooms	write_config();
161
162	bd448e7f	Ermal Lu?i	/*
163			* XXX: This is a kludge here but its the better place than on every filter reload.
164			* NOTE: This is only for setting the ipfw state limits.
165			*/
166			if ($_POST['maximumstates'] && is_numeric($_POST['maximumstates']) && is_module_loaded("ipfw.ko"))
167			filter_load_ipfw();
168
169	df81417f	Matthew Grooms	$retval = 0;
170			$retval = filter_configure();
171			if(stristr($retval, "error") <> true)
172			$savemsg = get_std_save_message($retval);
173			else
174			$savemsg = $retval;
175			}
176			}
177
178	ca23c2f8	Renato Botelho	$pgtitle = array(gettext("System"),gettext("Advanced: Firewall and NAT"));
179	df81417f	Matthew Grooms	include("head.inc");
180
181			?>
182
183			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
184			<?php include("fbegin.inc"); ?>
185
186			<script language="JavaScript">
187			<!--
188
189			var descs=new Array(5);
190	ca23c2f8	Renato Botelho	descs[0]="<?=gettext("as the name says, it's the normal optimization algorithm");?>";
191			descs[1]="<?=gettext("used for high latency links, such as satellite links. Expires idle connections later than default");?>";
192			descs[2]="<?=gettext("expires idle connections quicker. More efficient use of CPU and memory but can drop legitimate connections");?>";
193			descs[3]="<?=gettext("tries to avoid dropping any legitimate connections at the expense of increased memory usage and CPU utilization.");?>";
194	df81417f	Matthew Grooms
195			function update_description(itemnum) {
196			document.forms[0].info.value=descs[itemnum];
197
198			}
199
200			//-->
201			</script>
202
203			<?php
204			if ($input_errors)
205			print_input_errors($input_errors);
206			if ($savemsg)
207			print_info_box($savemsg);
208			?>
209	ab3c8553	Matthew Grooms	<form action="system_advanced_firewall.php" method="post" name="iform" id="iform">
210			<table width="100%" border="0" cellpadding="0" cellspacing="0">
211			<tr>
212			<td class="tabnavtbl">
213			<?php
214			$tab_array = array();
215	ca23c2f8	Renato Botelho	$tab_array[] = array(gettext("Admin Access"), false, "system_advanced_admin.php");
216			$tab_array[] = array(gettext("Firewall / NAT"), true, "system_advanced_firewall.php");
217			$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
218			$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
219			$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
220			$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
221	ab3c8553	Matthew Grooms	display_top_tabs($tab_array);
222			?>
223	df81417f	Matthew Grooms	</ul>
224	ab3c8553	Matthew Grooms	</td>
225			</tr>
226			<tr>
227	2ff19bfd	Matthew Grooms	<td id="mainarea">
228			<div class="tabcont">
229			<span class="vexpl">
230			<span class="red">
231	ea53e38f	Renato Botelho	<strong><?=gettext("NOTE:");?>&nbsp</strong>
232	2ff19bfd	Matthew Grooms	</span>
233	ca23c2f8	Renato Botelho	<?=gettext("The options on this page are intended for use by advanced users only.");?>
234	2ff19bfd	Matthew Grooms	<br/>
235			</span>
236			<br/>
237			<table width="100%" border="0" cellpadding="6" cellspacing="0">
238	ab3c8553	Matthew Grooms	<tr>
239	ca23c2f8	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("Firewall Advanced");?></td>
240	ab3c8553	Matthew Grooms	</tr>
241			<tr>
242	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("IP Do-Not-Fragment compatibility");?></td>
243	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
244			<input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked"; ?> />
245	ca23c2f8	Renato Botelho	<strong><?=gettext("Clear invalid DF bits instead of dropping the packets");?></strong><br/>
246	f0d1af93	Carlos Eduardo Ramos	<?=gettext("This allows for communications with hosts that generate fragmented " .
247			"packets with the don't fragment (DF) bit set. Linux NFS is known to " .
248			"do this. This will cause the filter to not drop such packets but " .
249			"instead clear the don't fragment bit.");?>
250	2867fa7b	Ermal Luçi	</td>
251			</tr>
252			<tr>
253	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("IP Random id generation");?></td>
254	2867fa7b	Ermal Luçi	<td width="78%" class="vtable">
255			<input name="scrubrnid" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubrnid'])) echo "checked"; ?> />
256	ca23c2f8	Renato Botelho	<strong><?=gettext("Insert a stronger id into IP header of packets passing through the filter.");?></strong><br/>
257	f0d1af93	Carlos Eduardo Ramos	<?=gettext("Replaces the IP identification field of packets with random values to " .
258			"compensate for operating systems that use predicatable values. " .
259			"This option only applies to packets that are not fragmented after the " .
260			"optional packet reassembly.");?>
261	ab3c8553	Matthew Grooms	</td>
262			</tr>
263			<tr>
264	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Optimization Options");?></td>
265	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
266			<select onChange="update_description(this.selectedIndex);" name="optimization" id="optimization">
267	ca23c2f8	Renato Botelho	<option value="normal"<?php if($config['system']['optimization']=="normal") echo " selected"; ?>><?=gettext("normal");?></option>
268			<option value="high-latency"<?php if($config['system']['optimization']=="high-latency") echo " selected"; ?>><?=gettext("high-latency");?></option>
269			<option value="aggressive"<?php if($config['system']['optimization']=="aggressive") echo " selected"; ?>><?=gettext("aggressive");?></option>
270			<option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>><?=gettext("conservative");?></option>
271	ab3c8553	Matthew Grooms	</select>
272			<br/>
273	dc4f649e	Scott Ullrich	<textarea readonly="yes" cols="60" rows="2" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea>
274	ab3c8553	Matthew Grooms	<script language="javascript" type="text/javascript">
275			update_description(document.forms[0].optimization.selectedIndex);
276			</script>
277			<br/>
278	ca23c2f8	Renato Botelho	<?=gettext("Select the type of state table optimization to use");?>
279	ab3c8553	Matthew Grooms	</td>
280			</tr>
281			<tr>
282	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Firewall");?></td>
283	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
284			<input name="disablefilter" type="checkbox" id="disablefilter" value="yes" <?php if (isset($config['system']['disablefilter'])) echo "checked"; ?> />
285	ca23c2f8	Renato Botelho	<strong><?=gettext("Disable all packet filtering.");?></strong>
286	ab3c8553	Matthew Grooms	<br/>
287	ca23c2f8	Renato Botelho	<span class="vexpl"><?php printf(gettext("Note: This converts %s into a routing only platform!"), $g['product_name']);?><br>
288			<?=gettext("Note: This will turn off NAT!");?>
289	ab3c8553	Matthew Grooms	</span>
290			</td>
291			</tr>
292			<tr>
293	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Disable Firewall Scrub");?></td>
294	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
295			<input name="disablescrub" type="checkbox" id="disablescrub" value="yes" <?php if (isset($config['system']['disablescrub'])) echo "checked"; ?> />
296	ca23c2f8	Renato Botelho	<strong><?=gettext("Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.");?></strong>
297	ab3c8553	Matthew Grooms	<br/>
298	ca23c2f8	Renato Botelho	<?=gettext("Click")?> <a href='http://www.openbsd.org/faq/pf/scrub.html' target='_new'><?=gettext("here");?></a> <?=gettext("for more information.");?>
299	ab3c8553	Matthew Grooms	</td>
300			</tr>
301			<tr>
302	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum States");?></td>
303	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
304			<input name="maximumstates" type="text" id="maximumstates" value="<?php echo $pconfig['maximumstates']; ?>" />
305			<br/>
306	ca23c2f8	Renato Botelho	<strong><?=gettext("Maximum number of connections to hold in the firewall state table.");?></strong>
307	ab3c8553	Matthew Grooms	<br/>
308	ea53e38f	Renato Botelho	<span class="vexpl"><?=gettext("Note: Leave this blank for the default. On your system the default size is:");?> <?= pfsense_default_state_size() ?></span>
309	ab3c8553	Matthew Grooms	</td>
310			</tr>
311	fb586a16	jim-p	<tr>
312			<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Table Entries");?></td>
313			<td width="78%" class="vtable">
314			<input name="maximumtableentries" type="text" id="maximumtableentries" value="<?php echo $pconfig['maximumtableentries']; ?>" />
315			<br/>
316			<strong><?=gettext("Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined.");?></strong>
317			<br/>
318			<span class="vexpl">
319			<?=gettext("Note: Leave this blank for the default.");?>
320			<?php if (empty($pconfig['maximumtableentries'])): ?>
321	ea53e38f	Renato Botelho	<?= gettext("On your system the default size is:");?> <?= pfsense_default_table_entries_size(); ?>
322	fb586a16	jim-p	<?php endif; ?>
323			</span>
324			</td>
325			</tr>
326	ab3c8553	Matthew Grooms	<tr>
327	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("Static route filtering");?></td>
328	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
329			<input name="bypassstaticroutes" type="checkbox" id="bypassstaticroutes" value="yes" <?php if ($pconfig['bypassstaticroutes']) echo "checked"; ?> />
330	ca23c2f8	Renato Botelho	<strong><?=gettext("Bypass firewall rules for traffic on the same interface");?></strong>
331	ab3c8553	Matthew Grooms	<br/>
332	f0d1af93	Carlos Eduardo Ramos	<?=gettext("This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and " .
333			"leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where " .
334			"multiple subnets are connected to the same interface.");?>
335	ab3c8553	Matthew Grooms	<br/>
336			</td>
337			</tr>
338	9a36dc9d	Ermal	<tr>
339			<td width="22%" valign="top" class="vncell">Disable Auto-added VPN rules</td>
340			<td width="78%" class="vtable">
341			<input name="disablevpnrules" type="checkbox" id="disablevpnrules" value="yes" <?php if (isset($config['system']['disablevpnrules'])) echo "checked"; ?> />
342			<strong><?=gettext("Disable all auto-added VPN rules.");?></strong>
343			<br />
344	87bb66af	Ermal	<span class="vexpl"><?=gettext("Note: This disables automatically added rules for IPsec, PPTP.");?>
345	9a36dc9d	Ermal	</span>
346			</td>
347			</tr>
348	8b19f4a7	Erik Fonnesbeck	<tr>
349			<td width="22%" valign="top" class="vncell">Disable reply-to</td>
350			<td width="78%" class="vtable">
351			<input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> />
352			<strong><?=gettext("Disable reply-to on WAN rules");?></strong>
353			<br />
354			<?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default. " .
355			"When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?>
356			<br />
357			</td>
358			</tr>
359	ab3c8553	Matthew Grooms	<tr>
360			<td colspan="2" class="list" height="12"> </td>
361			</tr>
362	f691243d	Ermal	<?php if(count($config['interfaces']) > 1): ?>
363	ab3c8553	Matthew Grooms	<tr>
364	ca23c2f8	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("Network Address Translation");?></td>
365	ab3c8553	Matthew Grooms	</tr>
366			<tr>
367	129bc052	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Disable NAT Reflection for port forwards");?></td>
368	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
369			<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> />
370	bff94015	Erik Fonnesbeck	<strong><?=gettext("Disables the automatic creation of additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks. Note: Reflection for port forward entries is skipped for ranges larger than 500 ports.");?></strong>
371			</td>
372			</tr>
373			<tr>
374			<td width="22%" valign="top" class="vncell"><?=gettext("Reflection Timeout");?></td>
375			<td width="78%" class="vtable">
376			<input name="reflectiontimeout" id="reflectiontimeout" value="<?php echo $config['system']['reflectiontimeout']; ?>" /><br/>
377	ed69be7a	Erik Fonnesbeck	<strong><?=gettext("Enter value for Reflection timeout in seconds. Note: Only applies to Reflection on port forwards.");?></strong>
378	ab3c8553	Matthew Grooms	</td>
379			</tr>
380			<tr>
381	129bc052	Erik Fonnesbeck	<td width="22%" valign="top" class="vncell"><?=gettext("Disable NAT Reflection for 1:1 NAT");?></td>
382	ab3c8553	Matthew Grooms	<td width="78%" class="vtable">
383	9fc22c6f	Erik Fonnesbeck	<input name="disablebinatreflection" type="checkbox" id="disablebinatreflection" value="yes" <?php if (!isset($config['system']['enablebinatreflection'])) echo "checked"; ?> />
384	bff94015	Erik Fonnesbeck	<strong><?=gettext("Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your external IP addresses from within your internal networks. Note: Reflection for 1:1 NAT might not fully work in certain complex routing scenarios.");?></strong>
385	ab3c8553	Matthew Grooms	</td>
386			</tr>
387	a2b6c52f	Erik Fonnesbeck	<tr>
388			<td width="22%" valign="top" class="vncell"> </td>
389			<td width="78%" class="vtable">
390			<input name="enablenatreflectionhelper" type="checkbox" id="enablenatreflectionhelper" value="yes" <?php if (isset($config['system']['enablenatreflectionhelper'])) echo "checked"; ?> />
391			<strong><?=gettext("Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from.");?></strong>
392			<br/>
393			<?=gettext("Currently only applies to 1:1 NAT rules. Required for full functionality of NAT Reflection for 1:1 NAT.");?>
394			</td>
395			</tr>
396	cfdce2ad	Ermal	<tr>
397	ca23c2f8	Renato Botelho	<td width="22%" valign="top" class="vncell"><?=gettext("TFTP Proxy");?></td>
398	cfdce2ad	Ermal	<td width="78%" class="vtable">
399			<select name="tftpinterface[]" multiple="true" class="formselect" size="3">
400			<?php
401	ca23c2f8	Renato Botelho	$ifdescs = get_configured_interface_with_descr();
402			foreach ($ifdescs as $ifent => $ifdesc):
403	cfdce2ad	Ermal	?>
404	1beafceb	Erik Fonnesbeck	<option value="<?=$ifent;?>" <?php if (in_array($ifent, $pconfig['tftpinterface'])) echo "selected"; ?>><?=gettext($ifdesc);?></option>
405	ca23c2f8	Renato Botelho	<?php endforeach; ?>
406			</select>
407	c3c2fd20	Erik Fonnesbeck	<strong><?=gettext("Choose the interfaces where you want TFTP proxy helper to be enabled.");?></strong>
408	cfdce2ad	Ermal	</td>
409			</tr>
410	ab3c8553	Matthew Grooms	<tr>
411			<td colspan="2" class="list" height="12"> </td>
412			</tr>
413			<?php endif; ?>
414			<tr>
415			<td width="22%" valign="top"> </td>
416	cf9331b3	Renato Botelho	<td width="78%"><input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /></td>
417	ab3c8553	Matthew Grooms	</tr>
418			</table>
419			</td>
420			</tr>
421			</div>
422			</table>
423			</form>
424	df81417f	Matthew Grooms
425			<?php include("fend.inc"); ?>
426			</body>
427			</html>

Project

General

Profile

pfSense