diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-07-05 03:11:25 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-07-05 03:11:25 +0000 |
| commit | f6970b2fdfb8863c9c54d26219bb7e8c5e5a1f3c (patch) | |
| tree | b1a401fa31eff62f5dece6be30f747a43d1cd631 /usr/local/www | |
| parent | be812936b9659cb8fbecca0c08bb9af32d2b8629 (diff) | |
| download | pfsense-f6970b2fdfb8863c9c54d26219bb7e8c5e5a1f3c.zip pfsense-f6970b2fdfb8863c9c54d26219bb7e8c5e5a1f3c.tar.gz | |
Keep state really wants to be an advanced option, too. Let him join the party.
Diffstat (limited to 'usr/local/www')
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 33 | ||||
| -rw-r--r-- | usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js | 6 |
2 files changed, 25 insertions, 14 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 660c2fb..890ba6d 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -675,20 +675,25 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell">State Type</td> <td width="78%" class="vtable"> - <select name="statetype"> - <option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>>keep state</option> - <option value="modulate state" <?php if($pconfig['statetype'] == "modulate state") echo "selected"; ?>>modulate state</option> - <option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>>synproxy state</option> - <option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>>none</option> - </select><br>HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state. - <p> - <table width="90%"> - <tr><td width="25%"><ul><li>keep state</li></td><td>works with TCP, UDP, and ICMP.</ul></td></tr> - <tr><td width="25%"><ul><li>modulate state</li></td><td>works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs) for packets matching this rule.</li></ul></td></tr> - <tr><td width="25%"><ul><li>synproxy state</li></td><td>proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.</ul></td></tr> - <tr><td width="25%"><ul><li>none</li></td><td>do not use state mechanisms to keep track. this is only useful if your doing advanced queueing in certain situations. please check the faq.</ul></td></tr> - </table> - </p> + <div id="showadvstatebox"> + <input type="button" onClick="show_advanced_state()" value="Advanced"></input> - Show state</a> + </div> + <div id="showstateadv" style="display:none"> + <select name="statetype"> + <option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>>keep state</option> + <option value="modulate state" <?php if($pconfig['statetype'] == "modulate state") echo "selected"; ?>>modulate state</option> + <option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>>synproxy state</option> + <option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>>none</option> + </select><br>HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state. + <p> + <table width="90%"> + <tr><td width="25%"><ul><li>keep state</li></td><td>works with TCP, UDP, and ICMP.</ul></td></tr> + <tr><td width="25%"><ul><li>modulate state</li></td><td>works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs) for packets matching this rule.</li></ul></td></tr> + <tr><td width="25%"><ul><li>synproxy state</li></td><td>proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.</ul></td></tr> + <tr><td width="25%"><ul><li>none</li></td><td>do not use state mechanisms to keep track. this is only useful if your doing advanced queueing in certain situations. please check the faq.</ul></td></tr> + </table> + </p> + </div> </td> </tr> <tr> diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js index e3aae7c..8ac037f 100644 --- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js +++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js @@ -125,6 +125,12 @@ function show_aodiv() { aodiv.style.display = "block"; } +function show_advanced_state() { + document.getElementById("showadvstatebox").innerHTML=''; + aodiv = document.getElementById('showstateadv'); + aodiv.style.display = "block"; +} + function src_rep_change() { document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex; } |
