diff options
author | pierrepomes <pierre.pomes@interface-tech.com> | 2009-12-13 09:14:55 -0500 |
---|---|---|
committer | pierrepomes <pierre.pomes@interface-tech.com> | 2009-12-13 09:14:55 -0500 |
commit | a56b2fa034022bdfa1e9dab08e2758792a1098f4 (patch) | |
tree | 27c4070cecba970beb5e7a0c91d775e3c5be0a0b | |
parent | fa03b3c1d117cef18dbe0f4b1081e072b752e441 (diff) | |
download | pfsense-a56b2fa034022bdfa1e9dab08e2758792a1098f4.zip pfsense-a56b2fa034022bdfa1e9dab08e2758792a1098f4.tar.gz |
Add missing PF 'max' tracking option , and clarify message for 'max-src-nodes'
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 7 |
3 files changed, 11 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a3c9b4b..50f78b8 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1488,7 +1488,7 @@ function filter_generate_user_rule($rule) if ($type == "pass") { if (isset($rule['allowopts'])) $aline['allowopts'] = " allow-opts "; - if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-conn']) or isset($rule['max-src-states']) ) + if( isset($rule['source-track']) or isset($rule['max']) or isset($rule['max-src-nodes']) or isset($rule['max-src-conn']) or isset($rule['max-src-states']) ) if($rule['protocol'] == "tcp") $aline['flags'] = "flags S/SA "; /* @@ -1524,6 +1524,7 @@ function filter_generate_user_rule($rule) if ($noadvoptions == false || $l7_present) if( isset($rule['source-track']) and $rule['source-track'] <> "" or + isset($rule['max']) and $rule['max'] <> "" or isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "" or isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "" or isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "" or @@ -1534,6 +1535,8 @@ function filter_generate_user_rule($rule) $aline['flags'] .= "( "; if(isset($rule['source-track']) and $rule['source-track'] <> "") $aline['flags'] .= "source-track rule "; + if(isset($rule['max']) and $rule['max'] <> "") + $aline['flags'] .= "max " . $rule['max'] . " "; if(isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "") $aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " "; if(isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index bcfa435..380a003 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -49,6 +49,8 @@ require_once("shaper.inc"); function check_for_advaned_options(&$item) { $item_set = ""; + if($item['max']) + $item_set .= "max {$item['max']} "; if($item['max-src-nodes']) $item_set .= "max-src-nodes {$item['max-src-nodes']} "; if($item['max-src-conn']) diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index a0ce08a..3f8874b 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -131,6 +131,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['allowopts'] = true; /* advanced */ + $pconfig['max'] = $a_filter[$id]['max']; $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes']; $pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn']; $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; @@ -382,6 +383,7 @@ if ($_POST) { $filterent['allowopts'] = true; else unset($filterent['allowopts']); + $filterent['max'] = $_POST['max']; $filterent['max-src-nodes'] = $_POST['max-src-nodes']; $filterent['max-src-conn'] = $_POST['max-src-conn']; $filterent['max-src-states'] = $_POST['max-src-states']; @@ -962,8 +964,9 @@ include("head.inc"); <input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>"> <br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?> </span> <p> - <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br> Simultaneous client connection limit<p> - <input name="max-src-conn" id="max-src-conn" value="<?php echo $pconfig['max-src-conn'] ?>"><br> Maximum established TCP connections per host<p> + <input name="max" id="max" value="<?php echo $pconfig['max'] ?>"><br> Maximum state entries this rule can create<p> + <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br> Maximum number of unique source host<p> + <input name="max-src-conn" id="max-src-conn" value="<?php echo $pconfig['max-src-conn'] ?>"><br> Maximum number of established TCP connections per host<p> <input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br> Maximum state entries per host<p> <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> / <select name="max-src-conn-rates" id="max-src-conn-rates"> |