diff options
| author | gnhb <gnoahb@gmail.com> | 2010-05-18 16:52:33 +0700 |
|---|---|---|
| committer | gnhb <gnoahb@gmail.com> | 2010-05-18 16:52:33 +0700 |
| commit | 2666de59fed434671d6d869558f49dc89d126a67 (patch) | |
| tree | b8287375313089f6ad7f154456faa63439862143 | |
| parent | e40e6724198e2fa4af455c7bf28977fcdeac5896 (diff) | |
| parent | 98be58a2b2c042c6604b97bb12700ff8a2413115 (diff) | |
| download | pfsense-2666de59fed434671d6d869558f49dc89d126a67.zip pfsense-2666de59fed434671d6d869558f49dc89d126a67.tar.gz | |
Merge branch 'master' of http://gitweb.pfsense.org/pfsense/mainline into mlppp
| -rw-r--r-- | etc/inc/auth.inc | 2 | ||||
| -rw-r--r-- | etc/inc/config.lib.inc | 28 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 35 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 5 | ||||
| -rw-r--r-- | etc/inc/radius.inc | 2 | ||||
| -rw-r--r-- | etc/inc/system.inc | 36 | ||||
| -rw-r--r-- | etc/inc/upgrade_config.inc | 17 | ||||
| -rw-r--r-- | etc/inc/util.inc | 12 | ||||
| -rwxr-xr-x | etc/rc.bootup | 2 | ||||
| -rwxr-xr-x | etc/rc.php_ini_setup | 4 | ||||
| -rw-r--r-- | etc/version | 2 | ||||
| -rwxr-xr-x | sbin/dhclient-script | 2 | ||||
| -rwxr-xr-x | usr/local/www/bandwidth_by_ip.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/fbegin.inc | 2 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 5 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 3 | ||||
| -rwxr-xr-x | usr/local/www/interfaces.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/status_graph.php | 4 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_firewall.php | 20 | ||||
| -rwxr-xr-x | usr/local/www/vpn_ipsec.php | 3 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 3 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_client.php | 7 | ||||
| -rwxr-xr-x | usr/local/www/wizard.php | 4 |
23 files changed, 135 insertions, 67 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index d1be73e..826582f 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -298,7 +298,7 @@ function local_user_set(& $user) { /* admin user special handling */ if ($user_uid == 0) { - $cmd = "/usr/sbin/pw usermod -q -n {$user_name} -s /bin/sh -H 0"; + $cmd = "/usr/sbin/pw usermod -q -n {$user_name} -s /etc/rc.initial -H 0"; if($debug) log_error("Running: {$cmd}"); $fd = popen($cmd, "w"); diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index e0f63f6..0fa2315 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -338,8 +338,7 @@ function conf_mount_ro() { clear_subsystem_dirty('mount'); /* sync data, then force a remount of /cf */ - mwexec("/bin/sync"); - mwexec("/bin/sync"); + mwexec("/bin/sync; /bin/sync"); mwexec("/sbin/mount -u -r -f {$g['cf_path']}"); mwexec("/sbin/mount -u -r -f /"); } @@ -471,15 +470,15 @@ function write_config($desc="Unknown", $backup = true) { if ($desc == "Unknown") $desc = "{$_SERVER['SCRIPT_NAME']} made unknown change"; - $config['revision']['description'] = $desc; + $config['revision']['description'] = "{$_SESSION['Username']}: " . $desc; + $config['revision']['username'] = $_SESSION["Username"]; - $lockkey = lock('config'); + conf_mount_rw(); + $lockkey = lock('config', LOCK_EX); /* generate configuration XML */ $xmlconfig = dump_xml_config($config, $g['xml_rootobj']); - conf_mount_rw(); - /* write new configuration */ if (!safe_write_file("{$g['cf_conf_path']}/config.xml", $xmlconfig, false)) { log_error("WARNING: Config contents could not be save. Could not open file!"); @@ -505,14 +504,13 @@ function write_config($desc="Unknown", $backup = true) { fclose($fd); } - /* tell kernel to sync fs data */ - if (!$g['booting']) - conf_mount_ro(); - unlock($lockkey); unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php"); + /* tell kernel to sync fs data */ + conf_mount_ro(); + /* sync carp entries to other firewalls */ carp_sync_client(); @@ -533,9 +531,9 @@ function write_config($desc="Unknown", $backup = true) { function reset_factory_defaults($lock = false) { global $g; - if (!$lock) - $lockkey = lock('config'); conf_mount_rw(); + if (!$lock) + $lockkey = lock('config', LOCK_EX); /* create conf directory, if necessary */ safe_mkdir("{$g['cf_conf_path']}"); @@ -554,9 +552,9 @@ function reset_factory_defaults($lock = false) { /* call the wizard */ touch("/conf/trigger_initial_wizard"); - conf_mount_ro(); if (!$lock) unlock($lockkey); + conf_mount_ro(); return 0; } @@ -571,7 +569,7 @@ function config_restore($conffile) { conf_mount_rw(); - $lockkey = lock('config'); + $lockkey = lock('config', LOCK_EX); copy($conffile, "{$g['cf_conf_path']}/config.xml"); unlink_if_exists("{$g['tmp_path']}/config.cache"); @@ -602,7 +600,7 @@ function config_install($conffile) { log_error("Installing configuration ...."); conf_mount_rw(); - $lockkey = lock('config'); + $lockkey = lock('config', LOCK_EX); copy($conffile, "{$g['conf_path']}/config.xml"); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d485de8..77a06d2 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -240,6 +240,11 @@ function filter_configure_sync() { $rules .= "set limit states {$max_states}\n"; } + if($config['system']['maximumtableentries'] <> "" && is_numeric($config['system']['maximumtableentries'])) { + /* User defined maximum table entries in Advanced menu. */ + $rules .= "set limit table-entries {$config['system']['maximumtableentries']}\n"; + } + //$rules .= discover_pkg_rules("pfearly"); // Configure flowtable support if enabled. @@ -1056,6 +1061,8 @@ function filter_nat_rules_generate() { $natrules .= "nat-anchor \"natrules/*\"\n\n"; update_filter_reload_status("Creating 1:1 rules..."); + $reflection_txt = ""; + /* any 1:1 mappings? */ if(is_array($config['nat']['onetoone'])) { foreach ($config['nat']['onetoone'] as $natent) { @@ -1078,16 +1085,18 @@ function filter_nat_rules_generate() { $nat_if_list = array(); } + $natrules .= "binat on {$natif} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n"; + + if(!empty($nat_if_list)) { + $binat_if_list = implode(" ", $nat_if_list); + if(count($nat_if_list) > 1) + $binat_if_list = "{ {$binat_if_list} }"; + + $reflection_txt .= "rdr on {$binat_if_list} from any to {$natent['external']}/{$sn} -> {$natent['internal']}/{$sn} bitmask\n"; + } + $nat_if_list = array_merge(array($natif), $nat_if_list); - //$binat_if_list = implode(" ", $nat_if_list); - //if(count($nat_if_list) > 1) - // $binat_if_list = "{ {$binat_if_list} }"; - - /* binat seems to currently only work with the first interface specified on the line */ - // $natrules .= "binat on {$binat_if_list} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n"; - foreach ($nat_if_list as $natifname) - $natrules .= "binat on {$natifname} from {$natent['internal']}/{$sn} to any -> {$natent['external']}/{$sn}\n"; - $natrules .= filter_generate_reflection_nat($rule, $nat_if_list, "", "{$natent['internal']}/{$sn}", $natent['internal'], $sn); + $reflection_txt .= filter_generate_reflection_nat($rule, $nat_if_list, "", "{$natent['internal']}/{$sn}", $natent['internal'], $sn); } } } @@ -1413,6 +1422,9 @@ EOD; $natrules .= "# UPnPd rdr anchor\n"; $natrules .= "rdr-anchor \"miniupnpd\"\n"; + if(!empty($reflection_txt)) + $natrules .= "\n" . $reflection_txt; + return $natrules; } @@ -1837,7 +1849,7 @@ function filter_generate_user_rule($rule) { } function filter_rules_generate() { - global $config, $g, $FilterIflist, $time_based_rules; + global $config, $g, $FilterIflist, $time_based_rules, $GatewaysList; update_filter_reload_status("Creating default rules"); if(isset($config['system']['developerspew'])) { @@ -2159,8 +2171,7 @@ EOD; if(isset($config['filter']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) { $ipfrules .= "anchor \"staticrouted\" \n"; foreach ($config['staticroutes']['route'] as $route) { - $realif = guess_interface_from_ip(lookup_gateway_ip_by_name($route['gateway'])); - $friendly = convert_real_interface_to_friendly_interface_name($realif); + $friendly = $GatewaysList[$route['gateway']]['friendlyiface']; if(is_array($FilterIflist[$friendly])) { $oc = $FilterIflist[$friendly]; if($oc['ip']) { diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 1397aa1..14beba4 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1469,6 +1469,11 @@ function pfsense_default_state_size() { return $max_states; } +function pfsense_default_table_entries_size() { + $current = `pfctl -sm | grep table-entries | awk '{print $4};'`; + return $current; +} + /* Compare the current hostname DNS to the DNS cache we made * if it has changed we return the old records * if no change we return true */ diff --git a/etc/inc/radius.inc b/etc/inc/radius.inc index 2ee6809..dddacc3 100644 --- a/etc/inc/radius.inc +++ b/etc/inc/radius.inc @@ -613,7 +613,7 @@ class Auth_RADIUS extends PEAR { case 6: /* WISPr-Bandwidth-Min-Down */ $this->attributes['bw_down_min'] = radius_cvt_int($datav); break; - case 7: /* WIPSr-Bandwidth-Max-Up */ + case 7: /* WISPr-Bandwidth-Max-Up */ $this->attributes['bw_up'] = radius_cvt_int($datav); break; case 8: /* WISPr-Bandwidth-Max-Down */ diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 369d181..c3502c8 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -283,26 +283,38 @@ function system_routing_configure() { } } } - if($dont_add_route == false) { - if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) - mwexec("/sbin/route delete default; /sbin/route add default " . escapeshellarg($gatewayip), true); - else { + /* Create a array from the existing route table */ + exec("/usr/bin/netstat -rnf inet", $route_str); + array_shift($route_str); + array_shift($route_str); + array_shift($route_str); + array_shift($route_str); + $route_arr = array(); + foreach($route_str as $routeline) { + $items = preg_split("/[ ]+/i", $routeline); + $route_arr[$item[0]] = array($items[0], $items[1], $items[5]); + } + + if ($dont_add_route == false) { + if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) { + $action = "add"; + if(isset($route_arr['default'])) { + $action = "change"; + } + log_error("ROUTING: $action default route to $gatewayip"); + mwexec("/sbin/route {$action} default " . escapeshellarg($gatewayip)); + } else if (is_ipaddr($config['interfaces']['wan']['gateway'])) { /* Adding gateway for 1.2-style configs without the new * gateway setup configured. * Force WAN to be default gateway because that is the 1.2 behavior. */ log_error("WARNING: There is no default gateway in the configuration."); - if (is_ipaddr($config['interfaces']['wan']['gateway'])) { - $gatewayip = $config['interfaces']['wan']['gateway']; - mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true); - } + $gatewayip = $config['interfaces']['wan']['gateway']; + mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true); } } if (is_array($config['staticroutes']['route'])) { - $route_str = array(); - exec("/usr/bin/netstat -rnf inet | /usr/bin/cut -d \" \" -f 1", $route_str); - $route_str = array_flip($route_str); $gateways_arr = return_gateways_array(); foreach ($config['staticroutes']['route'] as $rtent) { @@ -318,7 +330,7 @@ function system_routing_configure() { } $action = "add"; - if (isset($route_str[$rtent['network']])) + if (isset($route_arr[$rtent['network']])) $action = "change"; if (is_ipaddr($gatewayip)) { diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index d72e5a6..cb690d6 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -793,6 +793,13 @@ function upgrade_042_to_043() { } $j++; } + + /* rename old Quality RRD files in the process */ + $rrddbpath = "/var/db/rrd"; + $gwname = "GW_" . strtoupper($ifname); + if(is_readable("{$rrddbpath}/{$ifname}-quality.rrd")) { + rename("{$rrddbpath}/{$ifname}-quality.rrd", "{$rrddbpath}/{$gwname}-quality.rrd"); + } $i++; } } @@ -1405,6 +1412,11 @@ function upgrade_051_to_052() { $server['wins_server1'] = $server['dhcp_wins']; unset($server['dhcp_wins']); + if (!empty($server['disable'])) + $server['disable'] = true; + else + unset($server['disable']); + /* allocate vpnid */ $server['vpnid'] = $vpnid++; @@ -1482,6 +1494,11 @@ function upgrade_051_to_052() { /* allocate vpnid */ $client['vpnid'] = $vpnid++; + if (!empty($client['disable'])) + $client['disable'] = true; + else + unset($client['disable']); + $config['openvpn']['openvpn-client'][] = $client; } diff --git a/etc/inc/util.inc b/etc/inc/util.inc index d71c512..930f9ac 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -119,18 +119,18 @@ function config_unlock() { } /* lock configuration file */ -function lock($lock) { +function lock($lock, $op = LOCK_SH) { global $g, $cfglckkeyconsumers; if (!$lock) die("WARNING: You must give a name as parameter to lock() function."); if (!file_exists("{$g['tmp_path']}/{$lock}.lock")) @touch("{$g['tmp_path']}/{$lock}.lock"); $cfglckkeyconsumers++; - if ($fp = fopen("{$g['tmp_path']}/{$lock}.lock", "w+")) { - //if (flock($fp, LOCK_EX)) + if ($fp = fopen("{$g['tmp_path']}/{$lock}.lock", "w")) { + if (flock($fp, $op)) return $fp; - //else - // fclose($fp); + else + fclose($fp); } } @@ -858,7 +858,7 @@ function alias_expand_urltable($name) { foreach ($config['aliases']['alias'] as $alias) { if (($alias['type'] == 'urltable') && ($alias['name'] == $name)) { - if (is_URL($alias["url"]) && file_exists($urltable_filename)) + if (is_URL($alias["url"]) && file_exists($urltable_filename) && filesize($urltable_filename)) return $urltable_filename; else if (process_alias_urltable($name, $alias["url"], 0, true)) return $urltable_filename; diff --git a/etc/rc.bootup b/etc/rc.bootup index 65cc5dc..8decbcd 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -225,7 +225,7 @@ setup_gateways_monitor(); echo "done.\n"; echo "Synchronizing user settings..."; -if (!isset($config['system']['webgui']['backend'])) +if (empty($config['system']['webgui']['backend'])) local_sync_accounts(); echo "done.\n"; diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 2a0a433..5d7de54 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -31,9 +31,9 @@ EXTENSIONSDIR="/usr/local/lib/php/20060613/" # Grab amount of memory that is detected if [ -f /var/log/dmesg.boot ]; then - AVAILMEM=`/bin/cat /var/log/dmesg.boot |/usr/bin/awk '/avail memory/ { print $5 }'| sed 's/(//g'|tail -1` + AVAILMEM=`/bin/cat /var/log/dmesg.boot |/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}'` else - AVAILMEM=`/sbin/dmesg -a |/usr/bin/awk '/avail memory/ { print $5 }'| sed 's/(//g'|tail -1` + AVAILMEM=`/sbin/dmesg -a |/usr/bin/awk '/avail memory/ { memory=($4 / 1048576); printf("%0.0f\n", memory); exit}'` fi # Calculate APC SHM size according diff --git a/etc/version b/etc/version index 6ab5680..d97206c 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -2.0-BETA1 +2.0-BETA2 diff --git a/sbin/dhclient-script b/sbin/dhclient-script index 8d10af5..5ef88ea 100755 --- a/sbin/dhclient-script +++ b/sbin/dhclient-script @@ -189,7 +189,7 @@ add_new_resolv_conf() { # so that mulitple wans work correctly with multiple dns # also backup the nameserver for later route removal echo $nameserver >>/var/etc/nameserver_$interface - route add $nameserver -if $interface + route add $nameserver -iface $interface done echo $new_domain_name >/var/etc/defaultdomain.conf fi diff --git a/usr/local/www/bandwidth_by_ip.php b/usr/local/www/bandwidth_by_ip.php index b85db4f..e2d2417 100755 --- a/usr/local/www/bandwidth_by_ip.php +++ b/usr/local/www/bandwidth_by_ip.php @@ -30,7 +30,7 @@ $intip = explode (".", $intip); //use class A subnet to make sure we capture all traffic on specified interface $intsubnet = $intip[0] . ".0.0.0/8"; -exec("rate -i {$real_interface} -nlq 1 -Aa 10 -c {$intsubnet} | awk '{ printf \"%s:%s:%s:%s:%s\\n\", $1, $2, $5, $8, $11 }'", $listedIPs); +exec("/usr/local/bin/rate -i {$real_interface} -nlq 1 -Aba 20 -c {$intsubnet} | awk '{ printf \"%s:%s:%s:%s:%s\\n\", $1, $2, $5, $8, $11 }'", $listedIPs); unset($bandwidthinfo); unset($receivebytesarray); diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 9dda6cc..5f02b69 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -74,7 +74,7 @@ function output_menu($arrayitem, $target="") { foreach($arrayitem as $item) { if($target) $targetinfo = "target='{$target}'"; - echo '<li><a ' . $targetinfo. ' href="' . $item[1] . ' "class="navlnk">' . $item[0] . '</a></li>' . "\n"; + echo '<li><a ' . $targetinfo. ' href="' . $item[1] . '" class="navlnk">' . $item[0] . '</a></li>' . "\n"; } } diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index d840d35..11744ae 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -316,7 +316,7 @@ if ($_POST) { unset($natent['nosync']); // If we used to have an associated filter rule, but no-longer should have one - if ($a_nat[$id]>0 && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { + if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { // Delete the previous rule delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']); mark_subsystem_dirty('filter'); @@ -448,7 +448,7 @@ include("fbegin.inc"); ?> <tr> <td width="22%" valign="top" class="vncellreq">Interface</td> <td width="78%" class="vtable"> - <select name="interface" class="formselect" onChange="dst_change(this.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>');typesel_change();"> + <select name="interface" class="formselect" onChange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();"> <?php $iflist = get_configured_interface_with_descr(false, true); @@ -805,6 +805,7 @@ include("fbegin.inc"); ?> <!-- ext_change(); dst_change(document.iform.interface.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>'); + var iface_old = document.iform.interface.value; typesel_change(); proto_change(); <?php if ($pconfig['srcnot'] || $pconfig['src'] != "any" || $pconfig['srcbeginport'] != "any" || $pconfig['srcendport'] != "any"): ?> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 05ad793..2baaef0 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -247,7 +247,8 @@ if ($_POST) { * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { - $temp = $value; + $temp = str_replace(">", "", $value); + if (isset($_POST['floating']) && $key == "interface") continue; $newpost = htmlentities($temp); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index cb98aca..fe7e1dd 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -954,7 +954,7 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" <form action="interfaces.php" method="post" name="iform" id="iform"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if (is_subsystem_dirty('interfaces')): ?><p> - <?php print_info_box_np(gettext("The {$wancfg['descr']} configuration has been changed.<p>You must apply the changes in order for them to take effect.<p>Don't forget to adjust the DHCP Server range if needed before applying."));?><br /> + <?php print_info_box_np(gettext("The {$wancfg['descr']} configuration has been changed.<p>You must apply the changes in order for them to take effect.<p>Don't forget to adjust the DHCP Server range if needed after applying."));?><br /> <?php endif; ?> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="6" cellspacing="0"> diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php index e194b47..a4f940b 100755 --- a/usr/local/www/status_graph.php +++ b/usr/local/www/status_graph.php @@ -114,12 +114,12 @@ function updateBandwidthHosts(data){ //update bandwidth inbound to host var hostbandwidthInID = "bandwidthin" + y; var hostbandwidthin = d.getElementById(hostbandwidthInID); - hostbandwidthin.innerHTML = hostinfo[1] + " Bytes/sec"; + hostbandwidthin.innerHTML = hostinfo[1] + " Bits/sec"; //update bandwidth outbound from host var hostbandwidthOutID = "bandwidthout" + y; var hostbandwidthOut = d.getElementById(hostbandwidthOutID); - hostbandwidthOut.innerHTML = hostinfo[2] + " Bytes/sec"; + hostbandwidthOut.innerHTML = hostinfo[2] + " Bits/sec"; //make the row appear if hidden var rowid = "host" + y; diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 742cc5d..74a315b 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -55,6 +55,7 @@ $pconfig['scrubrnid'] = $config['system']['scrubrnid']; $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout']; $pconfig['optimization'] = $config['filter']['optimization']; $pconfig['maximumstates'] = $config['system']['maximumstates']; +$pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; if (!isset($config['system']['enablebinatreflection'])) $pconfig['disablebinatreflection'] = "yes"; @@ -74,6 +75,9 @@ if ($_POST) { if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) { $input_errors[] = gettext("The Firewall Maximum States value must be an integer."); } + if ($_POST['maximumtableentries'] && !is_numericint($_POST['maximumtableentries'])) { + $input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer."); + } if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) { $input_errors[] = gettext("The TCP idle timeout must be an integer."); } @@ -108,6 +112,7 @@ if ($_POST) { $config['system']['optimization'] = $_POST['optimization']; $config['system']['maximumstates'] = $_POST['maximumstates']; + $config['system']['maximumtableentries'] = $_POST['maximumtableentries']; if($_POST['disablenatreflection'] == "yes") $config['system']['disablenatreflection'] = $_POST['disablenatreflection']; @@ -288,6 +293,21 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Table Entries");?></td> + <td width="78%" class="vtable"> + <input name="maximumtableentries" type="text" id="maximumtableentries" value="<?php echo $pconfig['maximumtableentries']; ?>" /> + <br/> + <strong><?=gettext("Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined.");?></strong> + <br/> + <span class="vexpl"> + <?=gettext("Note: Leave this blank for the default.");?> + <?php if (empty($pconfig['maximumtableentries'])): ?> + <?= gettext("On your system the default size is");?>: <?= pfsense_default_table_entries_size(); ?> + <?php endif; ?> + </span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Static route filtering");?></td> <td width="78%" class="vtable"> <input name="bypassstaticroutes" type="checkbox" id="bypassstaticroutes" value="yes" <?php if ($pconfig['bypassstaticroutes']) echo "checked"; ?> /> diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 8aa6f09..7d6e0db 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -144,7 +144,8 @@ include("head.inc"); $tab_array = array(); $tab_array[0] = array("Tunnels", true, "vpn_ipsec.php"); $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php"); - $tab_array[2] = array("Logs", false, "diag_logs_ipsec.php"); + $tab_array[2] = array("Pre-shared keys", false, "vpn_ipsec_keys.php"); + $tab_array[3] = array("Logs", false, "diag_logs_ipsec.php"); display_top_tabs($tab_array); ?> </td> diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index 0058f4d..5be729c 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -313,7 +313,8 @@ function change_protocol() { $tab_array = array(); $tab_array[0] = array("Tunnels", true, "vpn_ipsec.php"); $tab_array[1] = array("Mobile clients", false, "vpn_ipsec_mobile.php"); - $tab_array[2] = array("Logs", false, "diag_logs_ipsec.php"); + $tab_array[2] = array("Pre-shared keys", false, "vpn_ipsec_keys.php"); + $tab_array[3] = array("Logs", false, "diag_logs_ipsec.php"); display_top_tabs($tab_array); ?> </td> diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php index 2d7197d..70f5cd1 100644 --- a/usr/local/www/vpn_openvpn_client.php +++ b/usr/local/www/vpn_openvpn_client.php @@ -77,7 +77,7 @@ if($_GET['act']=="edit"){ if (isset($id) && $a_client[$id]) { - $pconfig['disable'] = $a_client[$id]['disable']; + $pconfig['disable'] = isset($a_client[$id]['disable']); $pconfig['mode'] = $a_client[$id]['mode']; $pconfig['protocol'] = $a_client[$id]['protocol']; $pconfig['interface'] = $a_client[$id]['interface']; @@ -207,7 +207,8 @@ if ($_POST) { else $client['vpnid'] = openvpn_vpnid_next(); - $client['disable'] = $pconfig['disable']; + if ($_POST['disable'] == "yes") + $client['disable'] = true; $client['protocol'] = $pconfig['protocol']; $client['dev_mode'] = $pconfig['dev_mode']; list($client['interface'], $client['ipaddr']) = explode ("|",$pconfig['interface']); @@ -808,7 +809,7 @@ function autotls_change() { $i = 0; foreach($a_client as $client): $disabled = "NO"; - if ($client['disable']) + if (isset($client['disable'])) $disabled = "YES"; $server = "{$client['server_addr']}:{$client['server_port']}"; ?> diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index e5d3a8d..08d2716 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -196,7 +196,7 @@ function enablechange() { <?php foreach($pkg['step'][$stepid]['fields']['field'] as $field) { if(isset($field['enablefields']) or isset($field['checkenablefields'])) { - print "\t" . 'if (document.iform.' . strtolower($field['name']) . '.checked == false) {' . "\n"; + print "\t" . 'if (document.iform.' . strtolower($field['name']) . '.checked) {' . "\n"; if(isset($field['enablefields'])) { $enablefields = explode(',', $field['enablefields']); foreach($enablefields as $enablefield) { @@ -365,7 +365,7 @@ function showchange() { $arraynum = "[" . $field['arraynum'] . "]"; foreach ($field_split as $f) $field_conv .= "['" . $f . "']"; - $toeval = "if (isset(\$config" . $field_conv . $arraynum . ")) \$value = \$config" . $field_conv . $arraynum . ";"; + $toeval = "if (isset(\$config" . $field_conv . $arraynum . ")) { \$value = \$config" . $field_conv . $arraynum . "; if (empty(\$value)) \$value = true; }"; eval($toeval); } |
