diff options
author | Renato Botelho <renato.botelho@bluepex.com> | 2010-07-07 08:28:38 -0300 |
---|---|---|
committer | Renato Botelho <renato.botelho@bluepex.com> | 2010-07-07 08:28:38 -0300 |
commit | 0143ee301bdf62aa5c6efd3793e8845600ea2d8f (patch) | |
tree | e3b78ececfe9a7e31d2bd63f4e0abe478046952f /usr | |
parent | 0e919325c010eeaa37d70f6ebe0f83169f20ac58 (diff) | |
parent | 29721fe6a60c1f772c601b1f43e54518e58b97f0 (diff) | |
download | pfsense-0143ee301bdf62aa5c6efd3793e8845600ea2d8f.zip pfsense-0143ee301bdf62aa5c6efd3793e8845600ea2d8f.tar.gz |
Merge remote branch 'mainline/master' into 1_diag
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_1to1_edit.php | 43 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 24 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 27 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 3 | ||||
-rw-r--r-- | usr/local/www/system_advanced_admin.php | 42 | ||||
-rw-r--r-- | usr/share/skel/dot.tcshrc | 5 |
7 files changed, 137 insertions, 9 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index dca3d12..5835bd2 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -267,7 +267,7 @@ if ($_POST) { $address = array_merge($address, $rangesubnets); } else { $tmpaddress = $_POST["address{$x}"]; - if(($_POST['type'] == "network" || is_ipaddr($_POST["address{$x}"])) && $_POST["address_subnet{$x}"] <> "") + if(is_ipaddr($_POST["address{$x}"]) && $_POST["address_subnet{$x}"] <> "") $tmpaddress .= "/" . $_POST["address_subnet{$x}"]; $address[] = $tmpaddress; } diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index d7ed094..4966e14 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -77,6 +77,7 @@ if (isset($id) && $a_1to1[$id]) { else $pconfig['subnet'] = $a_1to1[$id]['subnet']; $pconfig['descr'] = $a_1to1[$id]['descr']; + $pconfig['natreflection'] = $a_1to1[$id]['natreflection']; } else { $pconfig['subnet'] = 32; $pconfig['interface'] = "wan"; @@ -123,6 +124,11 @@ if ($_POST) { $natent['descr'] = $_POST['descr']; $natent['interface'] = $_POST['interface']; + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") + $natent['natreflection'] = $_POST['natreflection']; + else + unset($natent['natreflection']); + if (isset($id) && $a_1to1[$id]) $a_1to1[$id] = $natent; else @@ -156,7 +162,32 @@ include("head.inc"); <td width="78%" class="vtable"> <select name="interface" class="formselect"> <?php - $interfaces = get_configured_interface_with_descr(); + $iflist = get_configured_interface_with_descr(); + foreach ($iflist as $if => $ifdesc) + if(have_ruleint_access($if)) + $interfaces[$if] = $ifdesc; + + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> @@ -195,6 +226,16 @@ include("head.inc"); <br> <span class="vexpl">You may enter a description here for your reference (not parsed).</span></td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">NAT reflection</td> + <td width="78%" class="vtable"> + <select name="natreflection" class="formselect"> + <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>>use system default</option> + <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>>enable</option> + <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>>disable</option> + </select> + </td> + </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 719e32f..3f06928 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -84,6 +84,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id']; $pconfig['nosync'] = isset($a_nat[$id]['nosync']); + $pconfig['natreflection'] = $a_nat[$id]['natreflection']; if (!$pconfig['interface']) $pconfig['interface'] = "wan"; @@ -315,6 +316,11 @@ if ($_POST) { else unset($natent['nosync']); + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") + $natent['natreflection'] = $_POST['natreflection']; + else + unset($natent['natreflection']); + // If we used to have an associated filter rule, but no-longer should have one if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { // Delete the previous rule @@ -456,6 +462,10 @@ include("fbegin.inc"); ?> if(have_ruleint_access($if)) $interfaces[$if] = $ifdesc; + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + if ($config['pptpd']['mode'] == "server") if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; @@ -469,6 +479,10 @@ include("fbegin.inc"); ?> if(have_ruleint_access("enc0")) $interfaces["enc0"] = "IPsec"; + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> <?=htmlspecialchars($ifacename);?> @@ -741,6 +755,16 @@ include("fbegin.inc"); ?> HINT: This prevents the rule from automatically syncing to other CARP members. </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">NAT reflection</td> + <td width="78%" class="vtable"> + <select name="natreflection" class="formselect"> + <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>>use system default</option> + <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>>enable</option> + <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>>disable</option> + </select> + </td> + </tr> <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?> <tr> <td width="22%" valign="top" class="vncell">Filter rule association</td> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index df0487f..b1e7a64 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -318,7 +318,32 @@ function sourcesel_change() { <td width="78%" class="vtable"> <select name="interface" class="formselect"> <?php - $interfaces = get_configured_interface_with_descr(false, true); + $iflist = get_configured_interface_with_descr(false, true); + foreach ($iflist as $if => $ifdesc) + if(have_ruleint_access($if)) + $interfaces[$if] = $ifdesc; + + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> <?=htmlspecialchars($ifacename);?> diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 4d6283b..94fd82f 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -492,7 +492,8 @@ if ($_POST) { unset($wancfg['provider']); unset($wancfg['ondemand']); unset($wancfg['timeout']); - unset($wancfg['pppoe']['pppoe-reset-type']); + if (isset($wancfg['pppoe']['pppoe-reset-type'])) + unset($wancfg['pppoe']['pppoe-reset-type']); unset($wancfg['local']); unset($wancfg['subnet']); unset($wancfg['remote']); diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 840d6bf..c853c91 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -55,6 +55,8 @@ $pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref']; $pconfig['disablehttpredirect'] = isset($config['system']['disablehttpredirect']); $pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); $pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); +$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']); +$pconfig['althostnames'] = $config['system']['webgui']['althostnames']; $pconfig['enableserial'] = $config['system']['enableserial']; $pconfig['enablesshd'] = $config['system']['enablesshd']; $pconfig['sshport'] = $config['system']['ssh']['port']; @@ -79,6 +81,13 @@ if ($_POST) { if(!is_port($_POST['webguiport'])) $input_errors[] = gettext("You must specify a valid webConfigurator port number"); + if ($_POST['althostnames']) { + $althosts = explode(" ", $_POST['althostnames']); + foreach ($althosts as $ah) + if (!is_hostname($ah)) + $input_errors[] = gettext("Alternate hostname " . htmlspecialchars($ah) . " is not a valid hostname."); + } + if ($_POST['sshport']) if(!is_port($_POST['sshport'])) $input_errors[] = gettext("You must specify a valid port number"); @@ -126,6 +135,16 @@ if ($_POST) { else unset($config['system']['enableserial']); + if ($_POST['nodnsrebindcheck'] == "yes") + $config['system']['webgui']['nodnsrebindcheck'] = true; + else + unset($config['system']['webgui']['nodnsrebindcheck']); + + if ($_POST['althostnames']) + $config['system']['webgui']['althostnames'] = $_POST['althostnames']; + else + unset($config['system']['webgui']['althostnames']); + $sshd_enabled = $config['system']['enablesshd']; if($_POST['enablesshd']) $config['system']['enablesshd'] = "enabled"; @@ -316,6 +335,29 @@ function prot_change() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("DNS Rebind Check"); ?></td> + <td width="78%" class="vtable"> + <input name="nodnsrebindcheck" type="checkbox" id="nodnsrebindcheck" value="yes" <?php if ($pconfig['nodnsrebindcheck']) echo "checked"; ?> /> + <strong><?=gettext("Disable webConfigurator DNS Rebinding Checks"); ?></strong> + <br/> + <?php echo gettext("When this is unchecked, access to the webConfigurator " . + "is protected against <a href=\"http://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding attacks</a>. " . + "Check this box to disable this protection if you find that it interferes with " . + "webConfigurator access in certain corner cases. "); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Alternate Hostnames"); ?></td> + <td width="78%" class="vtable"> + <input name="althostnames" type="text" class="formfld unknown" id="althostnames" size="75" value="<?=htmlspecialchars($pconfig['althostnames']);?>"/> + <br/> + <strong><?=gettext("Alternate Hostnames for DNS Rebinding Checks"); ?></strong> + <br/> + <?php echo gettext("Here you can specify alternate hostnames by which the router may be queried, to " . + "bypass the DNS Rebinding Attack checks. Separate hostnames with spaces."); ?> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <tr> diff --git a/usr/share/skel/dot.tcshrc b/usr/share/skel/dot.tcshrc deleted file mode 100644 index 97ca003..0000000 --- a/usr/share/skel/dot.tcshrc +++ /dev/null @@ -1,5 +0,0 @@ -set prompt="%{\033[0;1;33m%}[%{\033[0;1;37m%}`cat /etc/version`%{\033[0;1;33m%}]%{\033[0;1;33m%}%B[%{\033[0;1;37m%}%n%{\033[0;1;31m%}@%{\033[0;1;37m%}%M%{\033[0;1;33m%}]%{\033[0;1;32m%}%b%/%{\033[0;1;33m%}(%{\033[0;1;37m%}%h%{\033[0;1;33m%})%{\033[0;1;36m%}%{\033[0;1;31m%}:%{\033[0;40;37m%} " -set autologout="0" -set autolist set color set colorcat -setenv CLICOLOR "true" -setenv LSCOLORS "exfxcxdxbxegedabagacad" |