diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-04-22 21:17:30 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-04-22 21:17:30 +0000 |
| commit | e78c077151eb4009cdaf5663429f44b958fca805 (patch) | |
| tree | 1b96d8f7c8783f291dbe963a0d9b0cfdd206c6ff /etc | |
| parent | 469d68939b0c694c9dab526e2c7d4ed3dcf69739 (diff) | |
| download | pfsense-e78c077151eb4009cdaf5663429f44b958fca805.zip pfsense-e78c077151eb4009cdaf5663429f44b958fca805.tar.gz | |
Add anti-lockout rule to ipfw so that you cannot lock yourself out of the GUI.
This is tunable via system -> advanced
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 2a72de5..a8e2101 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -510,11 +510,21 @@ function tdr_get_next_ipfw_rule() { * swaps in the temporary ipfw time based rule set ******/ function tdr_install_set() { - /* set 8 contains time based rules */ + global $config; + mwexec("/sbin/ipfw delete 1"); mwexec("/sbin/ipfw delete 65534"); mwexec("/sbin/ipfw add 1 allow all from me to any keep-state"); + if (!isset ($config['system']['webgui']['noantilockout'])) { + /* lan ip lockout */ + $lancfg = $config['interfaces']['lan']; + $lanip = $lancfg['ipaddr']; + $lansn = $lancfg['subnet']; + $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); + mwexec("/sbin/ipfw add 1 allow all from {$lansa}/{$lansn} to $lanip keep-state"); + } mwexec("/sbin/ipfw add 65534 check-state"); + /* set 8 contains time based rules */ mwexec("/sbin/ipfw -f delete set 8"); mwexec("/sbin/ipfw -f set swap 9 8"); } |
