diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-05-03 09:38:16 -0300 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-05-03 09:38:16 -0300 |
| commit | 5be999d3feb53e927b0082ed924441eb5db72d42 (patch) | |
| tree | 8253b942f7aa68111be0be5b40ca926bdd4909ad | |
| parent | 93458966a1b5fccc1d12636fa383f89a81a73435 (diff) | |
| parent | 7133ab35b97ba2600d7ad1125bb15c3b6d51eb52 (diff) | |
| download | pfsense-5be999d3feb53e927b0082ed924441eb5db72d42.zip pfsense-5be999d3feb53e927b0082ed924441eb5db72d42.tar.gz | |
Merge remote branch 'mainline/master'
Conflicts:
usr/local/www/system_gateway_groups.php
usr/local/www/system_gateway_groups_edit.php
usr/local/www/system_gateways_edit.php
21 files changed, 293 insertions, 204 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 51c88f9..ed16434 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -237,7 +237,7 @@ function filter_configure_sync() { $rules .= "set limit states {$max_states}\n"; } - $rules .= discover_pkg_rules("pfearly"); + //$rules .= discover_pkg_rules("pfearly"); // Configure flowtable support if enabled. flowtable_configure(); @@ -254,7 +254,7 @@ function filter_configure_sync() { $rules .= "{$natrules}\n"; $rules .= "{$pfrules}\n"; - $rules .= discover_pkg_rules("pflate"); + $rules .= discover_pkg_rules("filter"); if(!file_put_contents("{$g['tmp_path']}/rules.debug", $rules, LOCK_EX)) { log_error("WARNING: Could not write new rules!"); @@ -549,13 +549,14 @@ function filter_generate_gateways() { if (!is_ipaddr($gwip)) $gwip = get_interface_gateway($gateway['friendlyiface']); if (is_ipaddr($gwip) && !empty($int)) - $route = "route-to ( {$int} {$gwip} )\n"; - $rules .= "{$gwname} = \" {$route} \"\n"; + $route = "route-to ( {$int} {$gwip} )"; + $rules .= "GW{$gwname} = \" {$route} \"\n"; } } - if(is_array($GatewayGroupsList)) { + if (is_array($GatewayGroupsList)) { foreach ($GatewayGroupsList as $gateway => $members) { + $route = ""; if (count($members) > 0) { $foundlb = 0; $routeto = ""; @@ -565,9 +566,10 @@ function filter_generate_gateways() { if (($int <> "") && is_ipaddr($gatewayip)) { if ($g['debug']) log_error("Setting up route with {$gatewayip} om $int"); - if ($idx > 1) - $routeto .= ", "; - $routeto .= "( {$int} {$gatewayip} ) "; + if ($member['weight'] > 1) { + $routeto .= str_repeat("( {$int} {$gatewayip} ) ", $member['weight']); + } else + $routeto .= "( {$int} {$gatewayip} ) "; $foundlb = 1; } else log_error("An error occurred while trying to find the interface got $gatewayip . The rule has not been added."); @@ -581,8 +583,8 @@ function filter_generate_gateways() { $route .= " sticky-address "; } } - $rules .= "{$gateway} = \" {$route} \"\n"; } + $rules .= "GW{$gateway} = \" {$route} \"\n"; } } @@ -770,7 +772,26 @@ function filter_flush_state_table() { return mwexec("/sbin/pfctl -F state"); } -function filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, &$starting_localhost_port, &$reflection_txt) { +function filter_get_reflection_interfaces($natif = "") { + global $FilterIflist; + + $nat_if_list = array(); + + foreach ($FilterIflist as $ifent => $ifname) { + if($ifname['if'] == $natif) + continue; + + /* Do not add reflection redirects for interfaces with gateways */ + if(interface_has_gateway($ifent)) + continue; + + $nat_if_list[] = $ifname['if']; + } + + return $nat_if_list; +} + +function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstport, &$starting_localhost_port, &$reflection_txt) { global $FilterIflist, $config; // Initialize natrules holder string @@ -783,21 +804,16 @@ function filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, &$startin else $reflectiontimeout = "2000"; - update_filter_reload_status("Setting up NAT Reflection"); + update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); - $natrules .= "\n# Reflection redirects\n"; - $rdr_if_list = ""; - foreach ($FilterIflist as $ifent => $ifname) { - /* do not process interfaces with gateways*/ - if(interface_has_gateway($ifent)) - continue; + if(empty($rdr_ifs)) + return ""; - $rdr_if_list .= " " . $ifname['if']; - } - if (!empty($rdr_if_list)) + $rdr_if_list = implode(" ", $rdr_ifs); + if(count($rdr_ifs) > 1) $rdr_if_list = "{ {$rdr_if_list} }"; - update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); + $natrules .= "\n# Reflection redirects\n"; if($dstport[1]) $range_end = ($dstport[1]); @@ -1174,17 +1190,6 @@ function filter_nat_rules_generate() { if(isset($rule['disabled'])) continue; - if (strtolower($rule['protocol']) == "tcp/udp") - $protocol = "{ tcp udp }"; - else - $protocol = strtolower($rule['protocol']); - - /* if item is an alias, expand */ - $srcport = ""; - $srcport[0] = alias_expand($rule['source']['port']); - if(!$srcport[0]) - $srcport = explode("-", $rule['source']['port']); - /* if item is an alias, expand */ $dstport = ""; $dstport[0] = alias_expand($rule['destination']['port']); @@ -1193,8 +1198,10 @@ function filter_nat_rules_generate() { /* if item is an alias, expand */ $localport = alias_expand($rule['local-port']); - if(!$localport || $rule['destination']['port'] == $rule['local-port']) { + if(!$localport || $dstport[0] == $localport) { $localport = ""; + } else if(is_alias($rule['destination']['port']) || is_alias($rule['local-port'])) { + $localport = " port {$localport}"; } else { if(($dstport[1]) && ($dstport[0] != $dstport[1])) { $localendport = $localport + ($dstport[1] - $dstport[0]); @@ -1205,6 +1212,20 @@ function filter_nat_rules_generate() { $localport = " port {$localport}"; } + switch(strtolower($rule['protocol'])) { + case "tcp/udp": + $protocol = "{ tcp udp }"; + break; + case "tcp": + case "udp": + $protocol = strtolower($rule['protocol']); + break; + default: + $protocol = strtolower($rule['protocol']); + $localport = ""; + break; + } + $target = alias_expand($rule['target']); if(!$target) { $natrules .= "# Unresolvable alias {$rule['target']}\n"; @@ -1242,7 +1263,7 @@ function filter_nat_rules_generate() { $natrules .= "{$nordr}rdr {$rdrpass}on {$natif} proto {$protocol} from {$srcaddr} to {$dstaddr}" . ($nordr == "" ? " -> {$target}{$localport}" : ""); /* Does this rule redirect back to a internal host? */ - if($dstaddr == "any" && !interface_has_gateway($rule['interface'])) { + if(isset($rule['destination']['any']) && !interface_has_gateway($rule['interface'])) { $rule_interface_ip = find_interface_ip($natif); $rule_interface_subnet = find_interface_subnet($natif); $rule_subnet = gen_subnet($rule_interface_ip, $rule_interface_subnet); @@ -1250,7 +1271,7 @@ function filter_nat_rules_generate() { $natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n"; $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n"; } - $natrules .= filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, $starting_localhost_port, $reflection_rules); + $natrules .= filter_generate_reflection($rule, $nordr, filter_get_reflection_interfaces($natif), $srcaddr, $dstport, $starting_localhost_port, $reflection_rules); $natrules .= "\n"; foreach ($reflection_rules as $txtline) @@ -1497,7 +1518,7 @@ function filter_generate_user_rule($rule) { /* if user has selected a custom gateway, lets work with it */ else if($rule['gateway'] <> "") { /* Add the load balanced gateways */ - $aline['route'] = " \${$rule['gateway']} "; + $aline['route'] = " \$GW{$rule['gateway']} "; } if(isset($rule['protocol'])) { @@ -1699,7 +1720,7 @@ function filter_rules_generate() { $pptpdcfg = $config['pptpd']; $pppoecfg = $config['pppoe']; - $ipfrules .= discover_pkg_rules("filter"); + //$ipfrules .= discover_pkg_rules("filter"); /* if captive portal is enabled, ensure that access to this port * is allowed on a locked down interface diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 30640b3..3506869 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -299,7 +299,7 @@ function return_gateways_array($disabled = false) { $gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']); $gateway['interface'] = get_real_interface($ifname); $gateway['friendlyiface'] = $ifname; - $gateway['name'] = "{$friendly}_GW"; + $gateway['name'] = "{$friendly}"; $gateway['attribute'] = "system"; /* Loopback dummy for dynamic interfaces without a IP */ @@ -309,10 +309,12 @@ function return_gateways_array($disabled = false) { /* automatically skip known static and dynamic gateways we have a array entry for */ foreach($gateways_arr as $gateway_item) { - if($gateway_item['gateway'] == $gateway['gateway'] && ($ifname == $gateway_item['friendlyiface'])) - continue 2; - if(($gateway_item['gateway'] == "dynamic") && ($ifname == $gateway_item['friendlyiface'])) - continue 2; + if ($ifname == $gateway_item['friendlyiface'] || $friendly == $gateway_item['name']) { + if ($gateway_item['gateway'] == $gateway['gateway']) + continue 2; + if ($gateway_item['gateway'] == "dynamic") + continue 2; + } } /* retrieve a proper monitor IP? */ @@ -403,22 +405,21 @@ function return_gateway_groups_array() { /* we do not really foreach the tiers as we stop after the first tier */ foreach($tiers as $tiernr => $tier) { /* process all gateways in this tier */ - $member_count = count($tier); foreach($tier as $tiernr => $member) { /* determine interface gateway */ - foreach($gateways_arr as $name => $gateway) { - if($gateway['name'] == $member) { - $int = $gateway['interface']; - if(is_ipaddr($gateway['gateway'])) - $gatewayip = $gateway['gateway']; - else - $gatewayip = lookup_gateway_ip_by_name($gateway['gateway']); - break; - } + if (isset($gateways_arr[$member])) { + $gateway = $gateways_arr[$member]; + $int = $gateway['interface']; + $gatewayip = ""; + if(is_ipaddr($gateway['gateway'])) + $gatewayip = $gateway['gateway']; + else if ($int <> "") + $gatewayip = get_interface_gateway($gateway['friendlyiface']); } if (($int <> "") && is_ipaddr($gatewayip)) { $gateway_groups_array[$group['name']][$tiernr]['int'] = "$int"; $gateway_groups_array[$group['name']][$tiernr]['gwip'] = "$gatewayip"; + $gateway_groups_array[$group['name']][$tiernr]['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; } } /* we should have the 1st available tier now, exit stage left */ @@ -498,19 +499,6 @@ function lookup_gateway_interface_by_name($name) { function get_interface_gateway($interface, &$dynamic = false) { global $config, $g; - $iflist = get_configured_interface_with_descr(); - /* - * XXX: BUG: This is silly at first, but we may be called with the interface - * descr for no apparent reason!!! - * Probably one of those silly strtoupper() legacy stuff! - */ - foreach ($iflist as $ifent => $ifdesc) { - if ($ifent == $interface || $ifdesc == $interface) { - $interface = $ifent; - break; - } - } - $gw = NULL; $gwcfg = $config['interfaces'][$interface]; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index edf92dd..41048d7 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -3037,7 +3037,6 @@ function get_wireless_modes($interface) { if(is_interface_wireless($wlif)) { $cloned_interface = get_real_interface($interface); - $wi = 1; $chan_list = "/sbin/ifconfig {$cloned_interface} list chan"; $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; $format_list = "/usr/bin/awk '{print \$5 \" \" \$6 \",\" \$1}'"; @@ -3076,6 +3075,30 @@ function get_wireless_modes($interface) { return($wireless_modes); } +/* return channel numbers, frequency, max txpower, and max regulation txpower */ +function get_wireless_channel_info($interface) { + $wireless_channels = array(); + + $wlif = interface_translate_type_to_real($interface); + + if(is_interface_wireless($wlif)) { + $cloned_interface = get_real_interface($interface); + $chan_list = "/sbin/ifconfig {$cloned_interface} list txpower"; + $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; + $format_list = "/usr/bin/awk '{print \$1 \",\" \$3 \" \" \$4 \",\" \$5 \",\" \$7}'"; + + $interface_channels = ""; + exec("$chan_list | $stack_list | sort -u | $format_list 2>&1", $interface_channels); + + foreach ($interface_channels as $channel_line) { + $channel_line = explode(",", $channel_line); + if(!isset($wireless_channels[$channel_line[0]])) + $wireless_channels[$channel_line[0]] = $channel_line; + } + } + return($wireless_channels); +} + /****f* interfaces/get_interface_mtu * NAME * get_interface_mtu - Return the mtu of an interface diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 0995a92..3011ef9 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1408,25 +1408,6 @@ function get_cpu_speed() { return exec("sysctl hw.clockrate | awk '{ print $2 }'"); } -/* check if the wan interface is up - * Wait for a maximum of 10 seconds - * If the interface is up before then continue - */ -function is_wan_interface_up($interface) { - global $g; - global $config; - $i = 0; - while($i < 10) { - if(get_interface_gateway($interface)) { - return true; - } else { - sleep(1); - } - $i++; - } - return false; -} - function add_hostname_to_watch($hostname) { if(!is_dir("/var/db/dnscache")) { mkdir("/var/db/dnscache"); diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index f5a5493..f4d64e8 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1886,6 +1886,13 @@ function upgrade_061_to_062() { "port" => $natent['external-port'] ); + if (empty($natent['destination']['address'])) { + $natent['destination']['address'] = $natent['interface'] . 'ip'; + } else if ($natent['destination']['address'] == 'any') { + unset($natent['destination']['address']); + $natent['destination']['any'] = true; + } + unset($natent['external-address']); unset($natent['external-port']); } diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index f02814e..7d51fc3 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -337,7 +337,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($passthrumacadd && $portalmac == NULL) { $mac = array(); $mac['mac'] = $clientmac; - $mac['descr'] = "Auto added mac passthrough with user {$username}"; + $mac['descr'] = "Auto added pass-through MAC for user {$username}"; if (!empty($bw_up)) $mac['bw_up'] = $bw_up; if (!empty($bw_down)) diff --git a/usr/local/sbin/ppp-log-uptime.sh b/usr/local/sbin/ppp-log-uptime.sh index 6fd8def..6fd8def 100644..100755 --- a/usr/local/sbin/ppp-log-uptime.sh +++ b/usr/local/sbin/ppp-log-uptime.sh diff --git a/usr/local/sbin/ppp-uptime.sh b/usr/local/sbin/ppp-uptime.sh index d7a8441..d7a8441 100644..100755 --- a/usr/local/sbin/ppp-uptime.sh +++ b/usr/local/sbin/ppp-uptime.sh diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index bff59ed..127a733 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -627,11 +627,11 @@ include("fbegin.inc"); ?> if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): $baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); - for ($i = $sn['subnet_bits']; $i <= 32; $i++): - $baseip = $baseip + 1; + for ($i = $sn['subnet_bits'] - 1; $i <= 32; $i++): $snip = long2ip($baseip); ?> <option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> + <?php $baseip = $baseip + 1; ?> <?php endfor; else: ?> @@ -668,7 +668,8 @@ include("fbegin.inc"); ?> <td> <select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> <option value="">(other)</option> -<?php foreach ($wkports as $wkport => $wkportdesc): ?> +<?php $bfound = 0; + foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> @@ -680,7 +681,8 @@ include("fbegin.inc"); ?> <td> <select name="dstendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> -<?php foreach ($wkports as $wkport => $wkportdesc): ?> +<?php $bfound = 0; + foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> @@ -805,6 +807,9 @@ include("fbegin.inc"); ?> dst_change(document.iform.interface.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>'); typesel_change(); proto_change(); + <?php if ($pconfig['srcnot'] || $pconfig['src'] != "any" || $pconfig['srcbeginport'] != "any" || $pconfig['srcendport'] != "any"): ?> + show_source(); + <?php endif; ?> //--> </script> <?php diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 07d696e..c4f21c1 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -134,79 +134,81 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $natent['destination']['any'] = true; $natent['natport'] = ""; $a_out[] = $natent; + + /* PPTP subnet */ + if($config['pptpd']['mode'] == "server") { + if (is_ipaddr($config['pptpd']['localip'])) { + if($config['pptpd']['pptp_subnet'] <> "") + $ossubnet = $config['pptpd']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['pptpd']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for PPTP server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* PPPoE subnet */ + if($config['pppoe']['mode'] == "server") { + if (is_ipaddr($config['pppoe']['localip'])) { + if($config['pppoe']['pppoe_subnet'] <> "") + $ossubnet = $config['pppoe']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['pppoe']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for PPPoE server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* L2TP subnet */ + if($config['l2tp']['mode'] == "server") { + if (is_ipaddr($config['l2tp']['localip'])) { + if($config['l2tp']['l2tp_subnet'] <> "") + $ossubnet = $config['l2tp']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['l2tp']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for L2TP server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* add openvpn interfaces */ + if($config['openvpn']['openvpn-server']) { + foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { + $natent = array(); + $natent['source']['network'] = $ovpnsrv['tunnel_network']; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for OpenVPN server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } } } - /* PPTP subnet */ - if($config['pptpd']['mode'] == "server") { - if (is_ipaddr($config['pptpd']['localip'])) { - if($config['pptpd']['pptp_subnet'] <> "") - $ossubnet = $config['pptpd']['pptp_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($config['pptpd']['localip'], $osn); - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = "Auto created rule for PPTP server"; - $natent['target'] = ""; - $natent['interface'] = "pptp"; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - } - } - /* PPPoE subnet */ - if($config['pppoe']['mode'] == "server") { - if (is_ipaddr($config['pppoe']['localip'])) { - if($config['pppoe']['pppoe_subnet'] <> "") - $ossubnet = $config['pppoe']['pptp_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($config['pppoe']['localip'], $osn); - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = "Auto created rule for PPPoE server"; - $natent['target'] = ""; - $natent['interface'] = "pppoe"; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - } - } - /* L2TP subnet */ - if($config['l2tp']['mode'] == "server") { - if (is_ipaddr($config['l2tp']['localip'])) { - if($config['l2tp']['l2tp_subnet'] <> "") - $ossubnet = $config['l2tp']['pptp_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($config['l2tp']['localip'], $osn); - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = "Auto created rule for L2TP server"; - $natent['target'] = ""; - $natent['interface'] = "l2tp"; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - } - } - /* add openvpn interfaces */ - if($config['openvpn']['openvpn-server']) { - foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { - $natent = array(); - $natent['source']['network'] = $ovpnsrv['tunnel_network']; - $natent['sourceport'] = ""; - $natent['descr'] = "Auto created rule for OpenVPN server"; - $natent['target'] = ""; - $natent['interface'] = "openvpn"; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - } - } + $savemsg = "Default rules for each interface have been created."; } break; diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 8b93c1e..2164233 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -213,6 +213,7 @@ if (isset($wancfg['wireless'])) { interface_wireless_clone($wlanif, $wancfg); $wlanbaseif = interface_get_wireless_base($wancfg['if']); $wl_modes = get_wireless_modes($if); + $wl_chaninfo = get_wireless_channel_info($if); $wl_regdomain_xml_attr = array(); $wl_regdomain_xml = parse_xml_regdomain($wl_regdomain_xml_attr); $wl_regdomains = &$wl_regdomain_xml['regulatory-domains']['rd']; @@ -1339,12 +1340,17 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" if ($pconfig['channel'] == "$wl_channel") { echo "selected "; } - echo "value=\"$wl_channel\">$wl_standard - $wl_channel</option>\n"; + echo "value=\"$wl_channel\">$wl_standard - $wl_channel"; + if(isset($wl_chaninfo[$wl_channel])) + echo " ({$wl_chaninfo[$wl_channel][1]} @ {$wl_chaninfo[$wl_channel][2]} / {$wl_chaninfo[$wl_channel][3]})"; + echo "</option>\n"; } } ?> </select> <br/> + Legend: wireless standards - channel # (frequency @ max TX power / TX power allowed in reg. domain) + <br/> Note: Not all channels may be supported by your card. Auto may override the wireless standard selected above. </td> </tr> @@ -1373,6 +1379,8 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" } ?> </select> + <br/> + Note: Some cards have a default that is not recognized and require changing the regulatory domain to one in this list for the changes to other regulatory settings to work. <br/><br/> Country (listed with country code and regulatory domain)<br/> <select name="regcountry" class="formselect" id="regcountry"> diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 99a943f..8f8262c 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -292,7 +292,7 @@ function enable_change(enable_change) { <strong>Enable captive portal </strong></td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq">Interface</td> + <td width="22%" valign="top" class="vncellreq">Interfaces</td> <td width="78%" class="vtable"> <select name="cinterface[]" multiple="true" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface"> <?php @@ -303,7 +303,7 @@ function enable_change(enable_change) { </option> <?php endforeach; ?> </select> <br> - <span class="vexpl">Choose which interface(s) to run the captive portal on.</span></td> + <span class="vexpl">Select the interface(s) to enable for captive portal.</span></td> </tr> <tr> <td valign="top" class="vncell">Maximum concurrent connections</td> @@ -364,12 +364,12 @@ to access after they've authenticated.</td> If this is enabled, RADIUS MAC authentication cannot be used.</td> </tr> <tr> - <td valign="top" class="vncell">MAC passthrough</td> + <td valign="top" class="vncell">Pass-through MAC Auto Entry</td> <td class="vtable"> <input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked"; ?>> - <strong>MAC passthrough authentication</strong><br> - If this option is set, after a user is authenticated a mac passthrough entry will be added. - To remove the passthrough MAC entry you either have to log in and remove it manually from the MAC passthrough tab or send a POST to remove it from some other system. + <strong>Enable Pass-through MAC automatic additions</strong><br> + If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again. + To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it. If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.</td> </tr> <tr> @@ -530,7 +530,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> } ?></select><br> If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and - the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td> + the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td> </tr> </table> </tr> @@ -585,7 +585,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> Paste an RSA private key in PEM format here.</td> </tr> <tr> - <td valign="top" class="vncell">HTTPS intermmediate certificate</td> + <td valign="top" class="vncell">HTTPS intermediate certificate</td> <td class="vtable"> <textarea name="cacert" cols="65" rows="7" id="cacert" class="formpre"><?=htmlspecialchars($pconfig['cacert']);?></textarea> <br> diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 964163f..fb8711b 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -102,7 +102,7 @@ include("head.inc"); </td> </tr> <?php $i = 0; foreach ($a_allowedips as $ip): ?> - <tr> + <tr ondblclick="document.location='services_captiveportal_ip_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=strtolower($ip['ip']);?> </td> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 24bd4a0..45c4e2f 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -166,13 +166,13 @@ include("head.inc"); <td width="22%" valign="top" class="vncell">Bandwidth up</td> <td width="78%" class="vtable"> <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>"> - <br> <span class="vexpl">Enter a upload limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a upload limit to be enforced on this IP address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top" class="vncell">Bandwidth down</td> <td width="78%" class="vtable"> <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>"> - <br> <span class="vexpl">Enter a download limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a download limit to be enforced on this IP address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 88ba019..dd5fdfe 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -132,7 +132,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_passthrumacs as $mac): ?> - <tr> + <tr ondblclick="document.location='services_captiveportal_mac_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=strtolower($mac['mac']);?> </td> @@ -151,7 +151,7 @@ include("head.inc"); <td colspan="2" class="list"><span class="vexpl"><span class="red"><strong> Note:<br> </strong></span> - Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.</span></td> + Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.</span></td> <td class="list"> </td> </tr> </table> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index 70049cd..89e2757 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -151,13 +151,13 @@ include("head.inc"); <td width="22%" valign="top" class="vncell">Bandwidth up</td> <td width="78%" class="vtable"> <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>"> - <br> <span class="vexpl">Enter a upload limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a upload limit to be enforced on this MAC address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top" class="vncell">Bandwidth down</td> <td width="78%" class="vtable"> <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>"> - <br> <span class="vexpl">Enter a download limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a download limit to be enforced on this MAC address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php index e580a8b..1c4a95e 100755 --- a/usr/local/www/system_gateway_groups.php +++ b/usr/local/www/system_gateway_groups.php @@ -73,6 +73,10 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_gateway_groups[$_GET['id']]) { $changedesc .= gettext("removed gateway group") . " {$_GET['id']}"; + foreach ($config['filter']['rule'] as $idx => $rule) { + if ($rule['gateway'] == $a_gateway_groups[$_GET['id']]['name']) + unset($config['filter']['rule'][$idx]['gateway']); + } unset($a_gateway_groups[$_GET['id']]); write_config($changedesc); mark_subsystem_dirty('staticroutes'); diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index 7807ccf..533abd5 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -105,10 +105,10 @@ if ($_POST) { /* Build list of items in group with priority */ $pconfig['item'] = array(); - foreach($a_gateways as $gateway) { - if($_POST[$gateway['name']] > 0) { + foreach($a_gateways as $gwname => $gateway) { + if($_POST[$gwname] > 0) { /* we have a priority above 0 (disabled), add item to list */ - $pconfig['item'][] = "{$gateway[name]}|{$_POST[$gateway['name']]}"; + $pconfig['item'][] = "{$gwname}|{$_POST[$gwname]}"; } } @@ -160,27 +160,27 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq"><?=gettext("Gateway Priority"); ?></td> <td width="78%" class="vtable"> <?php - foreach($a_gateways as $gateway) { + foreach($a_gateways as $gwname => $gateway) { $selected = array(); - $name = $gateway['name']; $interface = $gateway['interface']; foreach((array)$pconfig['item'] as $item) { $itemsplit = explode("|", $item); - if($itemsplit[0] == $name) { + if($itemsplit[0] == $gwname) { $selected[$itemsplit[1]] = "selected"; + break; } else { $selected[0] = "selected"; } - } - echo "<select name='{$name}' class='formfldselect' id='{$name}'>"; +<<<<<<< HEAD + echo "<select name='{$gwname}' class='formfldselect' id='{$gwname}'>"; echo "<option value='0' $selected[0] >" . gettext("Never") . "</option>"; echo "<option value='1' $selected[1] >" . gettext("Tier 1") . "</option>"; echo "<option value='2' $selected[2] >" . gettext("Tier 2") . "</option>"; echo "<option value='3' $selected[3] >" . gettext("Tier 3") . "</option>"; echo "<option value='4' $selected[4] >" . gettext("Tier 4") . "</option>"; echo "<option value='5' $selected[5] >" . gettext("Tier 5") . "</option>"; - echo "</select> <strong>{$name} - {$gateway['descr']}</strong><br/>"; + echo "</select> <strong>{$gateway['name']} - {$gateway['descr']}</strong><br />"; } ?> <br/><span class="vexpl"> @@ -218,6 +218,7 @@ value="<?=htmlspecialchars($pconfig['descr']);?>"> <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>"> <input type="button" value="<?=gettext("Cancel"); ?>" class="formbtn" onclick="history.back()"> + <a href="system_gateway_groups.php"><input type="button" value="Cancel" class="formbtn" ></a> <?php if (isset($id) && $a_gateway_groups[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> diff --git a/usr/local/www/system_gateways.php b/usr/local/www/system_gateways.php index d50665a..f064023 100755 --- a/usr/local/www/system_gateways.php +++ b/usr/local/www/system_gateways.php @@ -46,9 +46,8 @@ require_once("shaper.inc"); $a_gateways = return_gateways_array(true); $a_gateways_arr = array(); -foreach($a_gateways as $gw) { +foreach ($a_gateways as $gw) $a_gateways_arr[] = $gw; -} $a_gateways = $a_gateways_arr; if (!is_array($config['gateways']['gateway_item'])) @@ -81,15 +80,39 @@ if ($_GET['act'] == "del") { if ($a_gateways[$_GET['id']]) { /* remove the real entry */ $realid = $a_gateways[$_GET['id']]['attribute']; - - if ($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway'] == $a_gateways[$_GET['id']]['name']) - unset($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway']); - $changedesc .= "removed gateway {$realid}"; - unset($a_gateway_item[$realid]); - write_config($changedesc); - mark_subsystem_dirty('staticroutes'); - header("Location: system_gateways.php"); - exit; + $remove = true; + if (is_array($config['gateways']['gateway_group'])) { + foreach ($config['gateways']['gateway_group'] as $group) { + foreach ($group['item'] as $item) { + $items = explode("|", $item); + if ($items[0] == $a_gateways[$_GET['id']]['name']) { + $input_errors[] = "Gateway cannot be deleted because it is in use on Gateway Group '{$group['name']}'"; + $remove = false; + break; + } + + } + } + } + if (is_array($config['staticroutes']['route'])) { + foreach ($config['staticroutes']['route'] as $route) { + if ($route['gateway'] == $a_gateways[$_GET['id']]['name']) { + $input_errors[] = "Gateway cannot be deleted because it is in use on Static Routes '{$route['network']}'"; + $remove = false; + break; + } + } + } + if ($remove == true) { + if ($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway'] == $a_gateways[$_GET['id']]['name']) + unset($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway']); + $changedesc .= "removed gateway {$realid}"; + unset($a_gateway_item[$realid]); + write_config($changedesc); + mark_subsystem_dirty('staticroutes'); + header("Location: system_gateways.php"); + exit; + } } } @@ -101,6 +124,7 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> <form action="system_gateways.php" method="post"> <input type="hidden" name="y1" value="1"> <?php if ($savemsg) print_info_box($savemsg); ?> diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 0daaaf2..6f6211a 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -64,6 +64,7 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_gateways[$id]) { $pconfig['name'] = $a_gateways[$id]['name']; + $pconfig['weight'] = $a_gateways[$id]['weight']; $pconfig['interface'] = $a_gateways[$id]['interface']; $pconfig['friendlyiface'] = $a_gateways[$id]['friendlyiface']; $pconfig['gateway'] = $a_gateways[$id]['gateway']; @@ -148,7 +149,7 @@ if ($_POST) { if (!$input_errors) { $reloadif = false; /* if we are processing a system gateway only save the monitorip */ - if(($_POST['attribute'] == "system" && empty($_POST['defaultgw'])) || (empty($_POST['interface']) && empty($_POST['gateway']) && empty($_POST['defaultgw']))) { + if ($_POST['weight'] == 1 && (($_POST['attribute'] == "system" && empty($_POST['defaultgw'])) || (empty($_POST['interface']) && empty($_POST['gateway']) && empty($_POST['defaultgw'])))) { if (is_ipaddr($_POST['monitor'])) { if (empty($_POST['interface'])) $interface = $pconfig['friendlyiface']; @@ -166,9 +167,15 @@ if ($_POST) { /* rebuild the array with the manual entries only */ $gateway = array(); - $gateway['interface'] = $_POST['interface']; + if ($_POST['attribute'] == "system") { + $gateway['interface'] = $pconfig['friendlyiface']; + $gateway['gateway'] = "dynamic"; + } else { + $gateway['interface'] = $_POST['interface']; + $gateway['gateway'] = $_POST['gateway']; + } $gateway['name'] = $_POST['name']; - $gateway['gateway'] = $_POST['gateway']; + $gateway['weight'] = $_POST['weight']; $gateway['descr'] = $_POST['descr']; if(is_ipaddr($_POST['monitor'])) { $gateway['monitor'] = $_POST['monitor']; @@ -308,6 +315,22 @@ function enable_change(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Weight</td> + <td width="78%" class="vtable"> + <select name='weight' class='formfldselect' id='weight'> + <?php + for ($i = 1; $i < 6; $i++) { + $selected = ""; + if ($pconfig['weight'] == $i) + $selected = "selected"; + echo "<option value='{$i}' {$selected} >{$i}</option>"; + } + ?> + </select> + <strong>Weight for this gateway when used in a Gateway Group.</strong> <br /> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> <td width="78%" class="vtable"> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index 9be787c..41189e1 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -271,10 +271,12 @@ function step9_submitphpaction() { $certnames = array(); $certcns = array(); - foreach($config['system']['cert'] as $cert) { - $certnames[] = $cert['name']; - $certinfo = cert_get_subject_hash($cert['crt']); - $certcns[] = $certinfo["CN"]; + if (is_array($config['system']['cert'])) { + foreach($config['system']['cert'] as $cert) { + $certnames[] = $cert['name']; + $certinfo = cert_get_subject_hash($cert['crt']); + $certcns[] = $certinfo["CN"]; + } } if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || |
