summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-05-04 04:02:24 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-05-04 04:02:24 +0000
commited08ef3ea307de4dd0a72b84ee353cdf1ff70d1d (patch)
tree1d488d7cec7814571851c8713df4d905a6170de4 /usr
parent15ae8170e0ebeb36939fd2dc81431e10e2b3b77c (diff)
downloadpfsense-ed08ef3ea307de4dd0a72b84ee353cdf1ff70d1d.zip
pfsense-ed08ef3ea307de4dd0a72b84ee353cdf1ff70d1d.tar.gz
Backend and support for allow limiting of TCP connections by establishment rate
Useful for protecting against sudden outburts, etc.
Diffstat (limited to 'usr')
-rwxr-xr-xusr/local/www/firewall_rules_edit.php28
1 files changed, 24 insertions, 4 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 12a3f02..66e6379 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -155,10 +155,16 @@ if (isset($id) && $a_filter[$id]) {
$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
$pconfig['log'] = isset($a_filter[$id]['log']);
$pconfig['descr'] = $a_filter[$id]['descr'];
+
+ /* advanced */
$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
$pconfig['statetype'] = $a_filter[$id]['statetype'];
$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
+
+ /* advanced - new connection per second banning*/
+ $pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
+ $pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
} else {
/* defaults */
@@ -352,6 +358,9 @@ if ($_POST) {
$a_filter[] = $filterent;
}
+ $filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
+ $filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
+
write_config();
touch($d_filterconfdirty_path);
@@ -781,18 +790,29 @@ Hint: the difference between block and reject is that with reject, a packet (TCP
<br> <span class="vexpl">You may enter a description here
for your reference (not parsed).</span></td>
</tr>
-
-
<tr>
<td width="22%" valign="top" class="vncell">Advanced Options</td>
<td width="78%" class="vtable">
<input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br> Simultaneous client connection limit<p>
<input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br> Maximum state entries per host<p>
-
+ <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> /
+ <select name="max-src-conn-rates" id="max-src-conn-rates">
+ <option value=""<?php if($pconfig['max-src-conn-rates'] == "") echo " selected"; ?>></option>
+ <?php
+ for($x=0; $x<255; $x++) {
+ if($x == $pconfig['max-src-conn-rates'])
+ $selected = " selected";
+ else
+ $selected = "";
+ echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
+ }
+ ?>
+ </select>
+ <br>
+ New connections / per second
<p><strong>NOTE: Leave these fields blank to disable this feature.</strong>
</td>
</tr>
-
<tr>
<td width="22%" valign="top" class="vncell">State Type</td>
<td width="78%" class="vtable">
OpenPOWER on IntegriCloud