diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2009-11-16 20:31:18 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2009-11-16 20:31:18 -0500 |
| commit | 174fa1abe48d6fefbb8c2a0d5d4a611898ae0e72 (patch) | |
| tree | bba4d270b77ab789dfef3afe5bf8a3b611333f3f | |
| parent | 664efd436725e8c48d66ccf5fe31bb151877b828 (diff) | |
| parent | 26dd6a541d0e6d3fac351e5dd8fcc18894a1095a (diff) | |
| download | pfsense-174fa1abe48d6fefbb8c2a0d5d4a611898ae0e72.zip pfsense-174fa1abe48d6fefbb8c2a0d5d4a611898ae0e72.tar.gz | |
Merge branch 'master' of git://rcs.pfsense.org/pfsense/pierrepomes-max-src-conn into review/master
| -rw-r--r-- | etc/inc/filter.inc | 5 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 3 |
3 files changed, 9 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3d9936f..3586e4f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1464,7 +1464,7 @@ function filter_generate_user_rule($rule) if ($type == "pass") { if (isset($rule['allowopts'])) $aline['allowopts'] = " allow-opts "; - if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) ) + if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-conn']) or isset($rule['max-src-states']) ) if($rule['protocol'] == "tcp") $aline['flags'] = "flags S/SA "; /* @@ -1501,6 +1501,7 @@ function filter_generate_user_rule($rule) if ($noadvoptions == false || $l7_present) if( isset($rule['source-track']) and $rule['source-track'] <> "" or isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "" or + isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "" or isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "" or isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "" or isset($rule['max-src-states']) and $rule['max-src-states'] <> "" or @@ -1511,6 +1512,8 @@ function filter_generate_user_rule($rule) $aline['flags'] .= "source-track rule "; if(isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") $aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " "; + if(isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") + $aline['flags'] .= "max-src-conn " . $rule['max-src-conn'] . " "; if(isset($rule['max-src-states']) and $rule['max-src-states'] <> "") $aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " "; if(isset($rule['statetimeout']) and $rule['statetimeout'] <> "") diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 331b607..0a064f6 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -48,6 +48,8 @@ function check_for_advaned_options(&$item) { $item_set = ""; if($item['max-src-nodes']) $item_set .= "max-src-nodes {$item['max-src-nodes']} "; + if($item['max-src-conn']) + $item_set .= "max-src-conn {$item['max-src-conn']} "; if($item['max-src-states']) $item_set .= "max-src-states {$item['max-src-states']} "; if($item['statetype'] != "keep state" && $item['statetype'] != "") diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 834916a..27eb08d 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -131,6 +131,7 @@ if (isset($id) && $a_filter[$id]) { /* advanced */ $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes']; + $pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn']; $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; $pconfig['statetype'] = $a_filter[$id]['statetype']; $pconfig['statetimeout'] = $a_filter[$id]['statetimeout']; @@ -379,6 +380,7 @@ if ($_POST) { else unset($filterent['allowopts']); $filterent['max-src-nodes'] = $_POST['max-src-nodes']; + $filterent['max-src-conn'] = $_POST['max-src-conn']; $filterent['max-src-states'] = $_POST['max-src-states']; $filterent['statetimeout'] = $_POST['statetimeout']; $filterent['statetype'] = $_POST['statetype']; @@ -905,6 +907,7 @@ include("head.inc"); <br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?> </span> <p> <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br> Simultaneous client connection limit<p> + <input name="max-src-conn" id="max-src-conn" value="<?php echo $pconfig['max-src-conn'] ?>"><br> Maximum established TCP connections per host<p> <input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br> Maximum state entries per host<p> <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> / <select name="max-src-conn-rates" id="max-src-conn-rates"> |
