diff options
author | Ermal <eri@pfsense.org> | 2013-01-13 12:11:40 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2013-01-13 12:11:40 +0000 |
commit | 11d1d64e81484f3175780e841f72fe845d7205f3 (patch) | |
tree | d1534c9eaf56770adb218ed922b2e2d301c10a7c /usr | |
parent | 46215352480f3bda73c86cb89f10471f046e40e0 (diff) | |
download | pfsense-11d1d64e81484f3175780e841f72fe845d7205f3.zip pfsense-11d1d64e81484f3175780e841f72fe845d7205f3.tar.gz |
Set adaptive.start/adaptive.end to disabled. Also allow them to be customized through system->advanced->firewall. This allows the firewall to be reachable if the state limit is hit but default.
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/system_advanced_firewall.php | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 1b1f7ce..a4b135d 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -54,6 +54,8 @@ $pconfig['scrubnodf'] = $config['system']['scrubnodf']; $pconfig['scrubrnid'] = $config['system']['scrubrnid']; $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout']; $pconfig['optimization'] = $config['filter']['optimization']; +$pconfig['adaptivestart'] = $config['system']['adaptivestart']; +$pconfig['adaptiveend'] = $config['system']['adaptiveend']; $pconfig['maximumstates'] = $config['system']['maximumstates']; $pconfig['maximumtables'] = $config['system']['maximumtables']; $pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; @@ -74,6 +76,14 @@ if ($_POST) { $pconfig = array_merge($pconfig, $_POST); /* input validation */ + if ((empty($_POST['adaptivestart']) && !empty($_POST['adaptiveend'])) || (!empty($_POST['adaptivestart']) && empty($_POST['adaptiveend']))) + $input_errors[] = gettext("The Firewall Adaptive values must be set together."); + if (!empty($_POST['adaptivestart']) && !is_numericint($_POST['adaptivestart'])) { + $input_errors[] = gettext("The Firewall Adaptive Start value must be an integer."); + } + if (!empty($_POST['adaptiveend']) && !is_numericint($_POST['adaptiveend'])) { + $input_errors[] = gettext("The Firewall Adaptive End value must be an integer."); + } if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) { $input_errors[] = gettext("The Firewall Maximum States value must be an integer."); } @@ -119,6 +129,15 @@ if ($_POST) { else unset($config['system']['scrubrnid']); + if (!empty($_POST['adaptiveend'])) + $config['system']['adaptiveend'] = $_POST['adaptiveend']; + else + unset($config['system']['adaptiveend']); + if (!empty($_POST['adaptivestart'])) + $config['system']['adaptivestart'] = $_POST['adaptivestart']; + else + unset($config['system']['adaptivestart']); + $config['system']['optimization'] = $_POST['optimization']; $config['system']['maximumstates'] = $_POST['maximumstates']; $config['system']['maximumtables'] = $_POST['maximumtables']; @@ -323,6 +342,21 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Firewall Adaptive Timeouts");?></td> + <td width="78%" class="vtable"> + <strong><?=gettext("Timeouts for states can be scaled adaptively as the number of state table entries grows.");?></strong> + <br/> + <input name="adaptivestart" type="text" id="adaptivestart" value="<?php echo $pconfig['adaptivestart']; ?>" /> + <br/><?=gettext("When the number of state entries exceeds this value, adaptive scaling begins. All timeout values are scaled linearly with factor (adaptive.end - number of states) / (adaptive.end - adaptive.start).");?> + + <br/> + <input name="adaptiveend" type="text" id="adaptiveend" value="<?php echo $pconfig['adaptiveend']; ?>" /> + <br/><?=gettext("When reaching this number of state entries, all timeout values become zero, effectively purging all state entries immediately. This value is used to define the scale factor, it should not actually be reached (set a lower state limit, see below).");?> + <br/> + <span class="vexpl"><?=gettext("Note: Leave this blank for the default(0).");?></span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum States");?></td> <td width="78%" class="vtable"> <input name="maximumstates" type="text" id="maximumstates" value="<?php echo $pconfig['maximumstates']; ?>" /> |