Revision ff091d96
Added by Scott Ullrich over 18 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 154 | 154 |
/* get our wan interface? */ |
| 155 | 155 |
$wanif = get_real_wan_interface(); |
| 156 | 156 |
|
| 157 |
/* set up MSS clamping */ |
|
| 158 |
if ($config['interfaces']['wan']['mtu'] <> "" and is_numeric($config['interfaces']['wan']['mtu'])) |
|
| 159 |
$mssclamp = "max-mss " . (intval($config['interfaces']['wan']['mtu'] - 40)); |
|
| 160 |
else |
|
| 161 |
if ($config['interfaces']['wan']['ipaddr'] == "pppoe") |
|
| 162 |
$mssclamp = "max-mss 1452"; |
|
| 157 |
/* disable scrub option */ |
|
| 158 |
if(!isset($config['system']['disablescrub'])) {
|
|
| 159 |
/* set up MSS clamping */ |
|
| 160 |
if ($config['interfaces']['wan']['mtu'] <> "" and is_numeric($config['interfaces']['wan']['mtu'])) |
|
| 161 |
$mssclamp = "max-mss " . (intval($config['interfaces']['wan']['mtu'] - 40)); |
|
| 163 | 162 |
else |
| 164 |
$mssclamp = ""; |
|
| 165 |
|
|
| 166 |
/* configure no-df for linux nfs and others */ |
|
| 167 |
if ($config['system']['scrubnodf']) |
|
| 168 |
$scrubnodf = "no-df random-id"; |
|
| 169 |
else |
|
| 170 |
$scrubnodf = "random-id"; |
|
| 171 |
$rules .= "scrub all {$scrubnodf} {$mssclamp} fragment reassemble\n"; // reassemble all directions
|
|
| 163 |
if ($config['interfaces']['wan']['ipaddr'] == "pppoe") |
|
| 164 |
$mssclamp = "max-mss 1452"; |
|
| 165 |
else |
|
| 166 |
$mssclamp = ""; |
|
| 167 |
|
|
| 168 |
/* configure no-df for linux nfs and others */ |
|
| 169 |
if ($config['system']['scrubnodf']) |
|
| 170 |
$scrubnodf = "no-df random-id"; |
|
| 171 |
else |
|
| 172 |
$scrubnodf = "random-id"; |
|
| 173 |
$rules .= "scrub all {$scrubnodf} {$mssclamp} fragment reassemble\n"; // reassemble all directions
|
|
| 174 |
} |
|
| 172 | 175 |
|
| 173 | 176 |
$rules.= "{$altq_ints}\n";
|
| 174 | 177 |
$rules.= "{$altq_queues}\n";
|
| usr/local/www/system_advanced.php | ||
|---|---|---|
| 57 | 57 |
$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); |
| 58 | 58 |
$pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; |
| 59 | 59 |
$pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']); |
| 60 |
$pconfig['disablescrub'] = isset($config['system']['disablescrub']); |
|
| 60 | 61 |
|
| 61 | 62 |
if ($_POST) {
|
| 62 | 63 |
|
| ... | ... | |
| 203 | 204 |
unset($config['system']['disablechecksumoffloading']); |
| 204 | 205 |
} |
| 205 | 206 |
|
| 207 |
if($_POST['disablescrub'] == "yes") {
|
|
| 208 |
$config['system']['disablescrub'] = $_POST['disablescrub']; |
|
| 209 |
} else {
|
|
| 210 |
unset($config['system']['disablescrub']); |
|
| 211 |
} |
|
| 212 |
|
|
| 206 | 213 |
if($_POST['disablenatreflection'] == "yes") {
|
| 207 | 214 |
$config['system']['disablenatreflection'] = $_POST['disablenatreflection']; |
| 208 | 215 |
} else {
|
| ... | ... | |
| 531 | 538 |
</span> |
| 532 | 539 |
</td> |
| 533 | 540 |
</tr> |
| 541 |
<tr> |
|
| 542 |
<td width="22%" valign="top" class="vncell">Disable Firewall Scrub</td> |
|
| 543 |
<td width="78%" class="vtable"> |
|
| 544 |
<input name="disablescrub" type="checkbox" id="disablescrub" value="yes" <?php if (isset($config['system']['disablescrub'])) echo "checked"; ?> onclick="enable_change(false)" /> |
|
| 545 |
<strong>Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.</strong> |
|
| 546 |
<br/> |
|
| 547 |
Click <a href='http://www.openbsd.org/faq/pf/scrub.html' target='_new'>here</a> for more information. |
|
| 548 |
</td> |
|
| 549 |
</tr> |
|
| 534 | 550 |
<tr> |
| 535 | 551 |
<td width="22%" valign="top" class="vncell">Firewall Maximum States</td> |
| 536 | 552 |
<td width="78%" class="vtable"> |
Also available in: Unified diff
Add an option to disable firewall scrubbing altogether.