diff options
author | Chris Buechler <cmb@pfsense.org> | 2009-04-05 22:20:53 -0400 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2009-04-05 22:20:53 -0400 |
commit | 910efe277f7dacadab9a8517e5b87b2be878a377 (patch) | |
tree | b31e27a913727392224f2c3b6402e55d9b34d973 /usr/local/www | |
parent | 354f1f01450976ef769941a3a26a9c5615d5a484 (diff) | |
download | pfsense-910efe277f7dacadab9a8517e5b87b2be878a377.zip pfsense-910efe277f7dacadab9a8517e5b87b2be878a377.tar.gz |
Block all IPv6 traffic by default, since IPv6 isn't supported, there isn't any way to add such rules in the GUI, and nearly all users won't want IPv6 to traverse their firewall at this point. Add "Allow IPv6" checkbox to disable this behavior.
Diffstat (limited to 'usr/local/www')
-rw-r--r-- | usr/local/www/system_advanced_firewall.php | 18 | ||||
-rw-r--r-- | usr/local/www/system_advanced_network.php | 16 |
2 files changed, 33 insertions, 1 deletions
diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 770634e..74287b8 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -54,6 +54,7 @@ $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; $pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout']; $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); $pconfig['disablescrub'] = isset($config['system']['disablescrub']); +$pconfig['ipv6allow'] = isset($config['system']['ipv6allow']); if ($_POST) { @@ -116,6 +117,11 @@ if ($_POST) { else unset($config['system']['disablescrub']); + if($_POST['ipv6allow'] == "yes") + $config['system']['ipv6allow'] = true; + else + unset($config['system']['ipv6allow']); + write_config(); $retval = 0; @@ -275,7 +281,17 @@ function update_description(itemnum) { <tr> <td colspan="2" class="list" height="12"> </td> </tr> - + <tr> + <td colspan="2" valign="top" class="listtopic">IPv6</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Allow IPv6</td> + <td width="78%" class="vtable"> + <input name="ipv6allow" type="checkbox" id="ipv6allow" value="yes" <?php if (isset($config['system']['ipv6allow'])) echo "checked"; ?> /> + <strong>Allow IPv6</strong> + <br>All IPv6 traffic will be blocked unless this box is checked. + </td> + </tr> <?php if($config['interfaces']['lan']): ?> <tr> <td colspan="2" valign="top" class="listtopic">Network Address Translation</td> diff --git a/usr/local/www/system_advanced_network.php b/usr/local/www/system_advanced_network.php index 5eaab75..0088caa 100644 --- a/usr/local/www/system_advanced_network.php +++ b/usr/local/www/system_advanced_network.php @@ -45,6 +45,7 @@ require("guiconfig.inc"); $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']); $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr']; +$pconfig['ipv6allow'] = isset($config['system']['ipv6allow']); $pconfig['polling_enable'] = isset($config['system']['polling']); $pconfig['sharednet'] = $config['system']['sharednet']; $pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']); @@ -72,6 +73,12 @@ if ($_POST) { } } } + + if($_POST['ipv6allow'] == "yes") { + $config['system']['ipv6allow'] = true; + } else { + unset($config['system']['ipv6allow']); + } if($_POST['sharednet'] == "yes") { $config['system']['sharednet'] = true; @@ -166,6 +173,15 @@ function enable_change(enable_over) { <td colspan="2" valign="top" class="listtopic">IPv6 Options</td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Allow IPv6</td> + <td width="78%" class="vtable"> + <input name="ipv6allow" type="checkbox" id="ipv6allow" value="yes" <?php if ($pconfig['ipv6allow']) echo "checked"; ?> onclick="enable_change(false)" /> + <strong>Allow IPv6</strong><br/> + All IPv6 will be blocked unless this box is checked.<br/> + <br/> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">IPv6 over IPv4 Tunneling</td> <td width="78%" class="vtable"> <input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?php if ($pconfig['ipv6nat_enable']) echo "checked"; ?> onclick="enable_change(false)" /> |