diff options
author | Phil Davis <phil.davis@world.inf.org> | 2013-07-24 01:38:47 -0700 |
---|---|---|
committer | Phil Davis <phil.davis@world.inf.org> | 2013-07-24 01:38:47 -0700 |
commit | 08597fcc811eaa8299610b1e797b16abe3c7235d (patch) | |
tree | 49db1c7344a6599eb8f48a4ebedc1f076132e054 /usr/local/www/firewall_rules_edit.php | |
parent | 06d6a543840f97398ccfd519aa7052c72877787c (diff) | |
download | pfsense-08597fcc811eaa8299610b1e797b16abe3c7235d.zip pfsense-08597fcc811eaa8299610b1e797b16abe3c7235d.tar.gz |
Allow advanced options state-related parameters to be used for TCP, UDP and ICMP
Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 13e7b2a..d8c70e8 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -472,21 +472,24 @@ if ($_POST) { $input_errors[] = gettext("You can only select a layer7 container for Pass type rules."); } - if ($_POST['proto'] <> "tcp") { - if (!empty($_POST['max'])) - $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for TCP protocol."); - if (!empty($_POST['max-src-nodes'])) - $input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for TCP protocol."); + if (!in_array($_POST['proto'], array("tcp","tcp/udp"))) { if (!empty($_POST['max-src-conn'])) $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for TCP protocol."); - if (!empty($_POST['max-src-states'])) - $input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for TCP protocol."); if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) $input_errors[] = gettext("You can only specify the maximum new connections / per second(s) (advanced option) for TCP protocol."); if (!empty($_POST['statetimeout'])) $input_errors[] = gettext("You can only specify the state timeout (advanced option) for TCP protocol."); } + if (!in_array($_POST['proto'], array("icmp","udp","tcp","tcp/udp"))) { + if (!empty($_POST['max'])) + $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for ICMP/TCP/UDP protocols."); + if (!empty($_POST['max-src-nodes'])) + $input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for ICMP/TCP/UDP protocols."); + if (!empty($_POST['max-src-states'])) + $input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for ICMP/TCP/UDP protocols."); + } + if ($_POST['type'] <> "pass") { if (!empty($_POST['max'])) $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for Pass type rules."); @@ -1252,10 +1255,10 @@ $i--): ?> <input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>" /> <br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?> </span></p><p> - <input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>" /><br/><?=gettext(" Maximum state entries this rule can create");?></p><p> - <input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>" /><br/><?=gettext(" Maximum number of unique source hosts");?></p><p> - <input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>" /><br/><?=gettext(" Maximum number of established connections per host");?></p><p> - <input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>" /><br/><?=gettext(" Maximum state entries per host");?></p><p> + <input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>" /><br/><?=gettext(" Maximum state entries this rule can create (TCP/UDP/ICMP)");?></p><p> + <input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>" /><br/><?=gettext(" Maximum number of unique source hosts (TCP/UDP/ICMP)");?></p><p> + <input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>" /><br/><?=gettext(" Maximum number of established connections per host (TCP only)");?></p><p> + <input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>" /><br/><?=gettext(" Maximum state entries per host (TCP/UDP/ICMP)");?></p><p> <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>" /> / <select name="max-src-conn-rates" id="max-src-conn-rates"> <option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected=\"selected\""; ?>></option> @@ -1264,10 +1267,10 @@ $i--): ?> echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n"; } ?> </select><br /> - <?=gettext("Maximum new connections / per second(s)");?> + <?=gettext("Maximum new connections / per second(s) (TCP only)");?> </p><p> <input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>" /><br/> - <?=gettext("State Timeout in seconds");?> + <?=gettext("State Timeout in seconds (TCP only)");?> </p> <p><strong><?=gettext("Note: Leave fields blank to disable that feature.");?></strong></p> </div> |