diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-03-23 23:25:41 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-03-23 23:25:41 +0000 |
commit | 8f498445161ab9be7495bf62c50c866a1f3ca59f (patch) | |
tree | 746d1ff52a9447a32479c816363c04ccc6f9c346 /usr | |
parent | 8899dcf1a6afa770a0698d3699bf1f3a6603378d (diff) | |
download | pfsense-8f498445161ab9be7495bf62c50c866a1f3ca59f.zip pfsense-8f498445161ab9be7495bf62c50c866a1f3ca59f.tar.gz |
Add ability to turn off packet scrubbing.
Ticket #882
Submitted-by: sdier@cs.umn.edu
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/system_advanced.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php index 74c6c4e..cfa5360 100755 --- a/usr/local/www/system_advanced.php +++ b/usr/local/www/system_advanced.php @@ -35,6 +35,7 @@ require("guiconfig.inc"); $pconfig['disablefilter'] = $config['system']['disablefilter']; $pconfig['rfc959workaround'] = $config['system']['rfc959workaround']; +$pconfig['scrubnodf'] = $config['system']['scrubnodf']; $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']); $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr']; $pconfig['cert'] = base64_decode($config['system']['webgui']['certificate']); @@ -135,6 +136,11 @@ if ($_POST) { else unset($config['system']['rfc959workaround']); + if($_POST['scrubnodf'] == "yes") + $config['system']['scrubnodf'] = "enabled"; + else + unset($config['system']['scrubnodf']); + if($_POST['ipv6nat_enable'] == "yes") { $config['diag']['ipv6nat']['enable'] = true; $config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr']; @@ -504,6 +510,14 @@ include("head.inc"); </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Clear DF bit instead of dropping</td> + <td width="78%" class="vtable"> + <input name="scrubnodf" type="checkbox" id="scrubnodf" value="yes" <?php if (isset($config['system']['scrubnodf'])) echo "checked"; ?> onclick="enable_change(false)" /> + <strong class="vexpl">Workaround for operating systems that generate fragmented packets with the don't fragment (DF) bit set. Linux NFS is known to do this. This will cause the filter to not drop such packets but instead clear the don't fragment bit. The filter will also randomize the IP identification field of outgoing packets with this option on, to compensate for operating systems that set the DF bit but set a zero IP identification header field.</strong> + <br /> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Firewall Optimization Options</td> <td width="78%" class="vtable"> <select onChange="update_description(this.selectedIndex);" name="optimization" id="optimization"> @@ -710,4 +724,4 @@ if (($config['system']['webgui']['certificate'] != $oldcert) touch("/tmp/restart_webgui"); } -?>
\ No newline at end of file +?> |