diff options
| author | Bill Marquette <billm@pfsense.org> | 2005-03-15 04:39:58 +0000 |
|---|---|---|
| committer | Bill Marquette <billm@pfsense.org> | 2005-03-15 04:39:58 +0000 |
| commit | 80933129da81e0e449f8ee952610543ab0d1f59b (patch) | |
| tree | a602f32888bdcf0fd615b0b1ea9e6952a245ba57 | |
| parent | ee9f992cae4638476e24655a15fe520a415a1941 (diff) | |
| download | pfsense-80933129da81e0e449f8ee952610543ab0d1f59b.zip pfsense-80933129da81e0e449f8ee952610543ab0d1f59b.tar.gz | |
static arp entries are interface specific now - no longer tied to only LAN interface
added warning that this will break communications with hosts not in dhcp table
I fully expect we'll want to move this to it's own section at some point
| -rw-r--r-- | etc/inc/services.inc | 14 | ||||
| -rwxr-xr-x | usr/local/www/services_dhcp.php | 18 |
2 files changed, 17 insertions, 15 deletions
diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 177c783..d236076 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -179,25 +179,25 @@ EOD; return 0; } -function interfaces_staticarp_configure() { +function interfaces_staticarp_configure($if) { global $config, $g; - $lancfg = $config['interfaces']['lan']; + $ifcfg = $config['interfaces'][$if]; /* Enable staticarp, if enabled */ - if(isset($config['staticarp']['enablestaticarp'])) { - mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) . " staticarp " ); + if(isset($config['dhcpd'][$if]['staticarp'])) { + mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " staticarp " ); mwexec("/usr/sbin/arp -ad > /dev/null 2>&1 "); - if (is_array($config['dhcpd']['lan']['staticmap'])) { + if (is_array($config['dhcpd'][$if]['staticmap'])) { - foreach ($config['dhcpd']['lan']['staticmap'] as $arpent) { + foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) { mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac'])); } } } else { - mwexec("/sbin/ifconfig " . escapeshellarg($lancfg['if']) . " -staticarp " ); + mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " -staticarp " ); mwexec("/usr/sbin/arp -ad > /dev/null 2>&1 "); } diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 3d4f74a..192aa5b 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -55,6 +55,7 @@ $pconfig['maxtime'] = $config['dhcpd'][$if]['maxleasetime']; list($pconfig['wins1'],$pconfig['wins2']) = $config['dhcpd'][$if]['winsserver']; $pconfig['enable'] = isset($config['dhcpd'][$if]['enable']); $pconfig['denyunknown'] = isset($config['dhcpd'][$if]['denyunknown']); +$pconfig['staticarp'] = isset($config['dhcpd'][$if]['staticarp']); $ifcfg = $config['interfaces'][$if]; @@ -69,12 +70,6 @@ if ($_POST) { unset($input_errors); - if ($_POST['enablestaticarp'] == "") { - unset($config['staticarp']['enablestaticarp']); - } else { - $config['staticarp']['enablestaticarp'] = "enabled"; - } - $pconfig = $_POST; /* input validation */ @@ -137,8 +132,14 @@ if ($_POST) { $config['dhcpd'][$if]['gateway'] = $_POST['gateway']; + $config['dhcpd'][$if]['staticarp'] = $_POST['staticarp'] ? true : false; + + write_config(); - interfaces_staticarp_configure(); + + /* static arp configuration */ + if (isset($config['dhcpd'][$if]['staticarp'])) + interfaces_staticarp_configure($if); $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { @@ -291,7 +292,8 @@ The default is to use the IP of the firewall as the gateway. Specify an alterna </tr> <tr> <td width="22%" valign="top" class="vncell">Static ARP</td> - <td width="78%" class="vtable"><input type="checkbox" name="enablestaticarp" id="enablestaticarp" <?php if($config['staticarp']['enablestaticarp'] == "enabled") echo " checked"; ?>> <b>Enable Static ARP entries</b></td> + <td width="78%" class="vtable"><input type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if($pconfig['staticarp']) echo " checked"; ?>> <b>Enable Static ARP entries</b><br> +<span class="red"><strong>Note:</strong></span> This feature is under development. Only the machines listed below will be able to communicate with the firewall on this NIC. Disabling this has been tested to be broken, a reboot will be required to disable. Be warned!</td> </tr> <tr> <td width="22%" valign="top"> </td> |
