diff options
-rw-r--r-- | etc/inc/captiveportal.inc | 11 | ||||
-rw-r--r-- | etc/inc/filter.inc | 55 |
2 files changed, 41 insertions, 25 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 8e13850..462cbb55 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -65,6 +65,15 @@ function captiveportal_configure() { /* make sure ipfw is loaded */ mwexec("/sbin/kldload ipfw"); + + /* Set ipfw state limit */ + if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) { + /* Set ipfw states to user defined maximum states in Advanced menu. */ + mwexec("sysctl net.inet.ip.fw.dyn_max={$config['system']['maximumstates']}"); + } else { + /* Set to default 10,000 */ + mwexec("sysctl net.inet.ip.fw.dyn_max=10000"); + } mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"ipfw,pf\""); mwexec("/sbin/sysctl net.inet.ip.pfil.outbound=\"ipfw,pf\""); @@ -1125,4 +1134,4 @@ function portal_mac_fixed($clientmac) { return FALSE ; } -?> +?>
\ No newline at end of file diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b018bb3..5ae41b5 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -88,31 +88,38 @@ function filter_configure_sync() { /* load ipfw / dummynet early on if required */ if($config['system']['dummynetshaper']) { - $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`); - if($status == "0") { - mwexec("/sbin/kldload ipfw"); - mwexec("/sbin/kldload dummynet"); - } - } else { - /* check to see if any rules reference a schedule - * and if so load ipfw for later usage. - */ - foreach($config['filter']['rule'] as $rule) { - if($rule['sched']) - $time_based_rules = true; - } - if($time_based_rules == true) { - $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`); - if($status == "0") { - mute_kernel_msgs(); - mwexec("/sbin/kldload ipfw"); - unmute_kernel_msgs(); - } - exec("/sbin/ipfw delete set 9"); - exec("/sbin/ipfw delete 2"); - exec("/sbin/ipfw delete 3"); + $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`); + if($status == "0") { + mwexec("/sbin/kldload ipfw"); + mwexec("/sbin/kldload dummynet"); + } + } else { + /* check to see if any rules reference a schedule + * and if so load ipfw for later usage. + */ + foreach($config['filter']['rule'] as $rule) { + if($rule['sched']) + $time_based_rules = true; + } + if($time_based_rules == true) { + $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`); + if($status == "0") { + mute_kernel_msgs(); + mwexec("/sbin/kldload ipfw"); + unmute_kernel_msgs(); } - } + if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) { + /* Set ipfw states to user defined maximum states in Advanced menu. */ + mwexec("sysctl net.inet.ip.fw.dyn_max={$config['system']['maximumstates']}"); + } else { + /* Set to default 10,000 */ + mwexec("sysctl net.inet.ip.fw.dyn_max=10000"); + } + exec("/sbin/ipfw delete set 9"); + exec("/sbin/ipfw delete 2"); + exec("/sbin/ipfw delete 3"); + } + } $lan_if = $config['interfaces']['lan']['if']; $wan_if = get_real_wan_interface(); |