diff options
| author | Ermal <eri@pfsense.org> | 2013-12-19 14:52:59 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2013-12-19 14:52:59 +0000 |
| commit | cc2630208cc31ac3a19c185036a4b589d125e99a (patch) | |
| tree | f5a18230045e119a35c767371c455dae7d8893b9 | |
| parent | 85d0e9591d0fd4d09f739491b76bb5aa4acd7b08 (diff) | |
| download | pfsense-cc2630208cc31ac3a19c185036a4b589d125e99a.zip pfsense-cc2630208cc31ac3a19c185036a4b589d125e99a.tar.gz | |
Provide a setting to disable the auto added LAN SPDs in the DB
| -rw-r--r-- | etc/inc/vpn.inc | 2 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_misc.php | 20 |
2 files changed, 21 insertions, 1 deletions
diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index 3dc4a4a..75b10d7 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -828,7 +828,7 @@ EOD; $natfilterrules = false; if (is_array($a_phase2) && count($a_phase2)) { /* Try to prevent people from locking themselves out of webgui. Just in case. */ - if ($config['interfaces']['lan']) { + if (!isset($config['system']['noinstalllanspd']) && $config['interfaces']['lan']) { $lanip = get_interface_ip("lan"); if (!empty($lanip) && is_ipaddrv4($lanip)) { $lansn = get_interface_subnet("lan"); diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 114f029..b5f6498 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -73,6 +73,7 @@ $pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']); $pconfig['use_mfs_tmpvar'] = isset($config['system']['use_mfs_tmpvar']); $pconfig['use_mfs_tmp_size'] = $config['system']['use_mfs_tmp_size']; $pconfig['use_mfs_var_size'] = $config['system']['use_mfs_var_size']; +$pconfig['noinstalllanspd'] = $config['system']['noinstalllanspd']; $pconfig['powerd_ac_mode'] = "hadp"; if (!empty($config['system']['powerd_ac_mode'])) @@ -177,6 +178,15 @@ if ($_POST) { $need_racoon_restart = true; } } + if($_POST['noinstalllanspd'] == "yes") { + if (!isset($pconfig['noinstalllanspd'])) + $need_racoon_restart = true; + $config['system']['noinstalllanspd'] = true; + } else { + if (isset($config['system']['noinstalllanspd'])) + $need_racoon_restart = true; + unset($config['system']['noinstalllanspd']); + } if($_POST['maxmss_enable'] == "yes") { $config['system']['maxmss_enable'] = true; @@ -497,6 +507,16 @@ function tmpvar_checked(obj) { <td colspan="2" valign="top" class="listtopic"><?=gettext("IP Security"); ?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("LAN security associsations"); ?></td> + <td width="78%" class="vtable"> + <input name="noinstalllanspd" type="checkbox" id="noinstalllanspd" value="yes" <?php if ($pconfig['noinstalllanspd']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Do not install LAN SPD"); ?></strong> + <br /> + <?=gettext("By default, if IPSec is enabled negating SPD are inserted to provide protection. " . + "This behaviour can be changed by enabling this setting which will prevent installing these SPDs."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Security Associations"); ?></td> <td width="78%" class="vtable"> <input name="preferoldsa_enable" type="checkbox" id="preferoldsa_enable" value="yes" <?php if ($pconfig['preferoldsa_enable']) echo "checked=\"checked\""; ?> /> |
