summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--etc/inc/filter.inc31
-rw-r--r--usr/local/www/system_advanced_network.php8
2 files changed, 30 insertions, 9 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index ed175d3..174b8bf 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -38,7 +38,7 @@
/* include all configuration functions */
require_once("config.inc");
-require_once ("shaper.inc");
+require_once("shaper.inc");
/* holds the items that will be executed *AFTER* the filter is fully loaded */
$after_filter_configure_run = array();
@@ -49,6 +49,26 @@ $time_based_rules = false;
/* Used to hold the interface list that will be used on ruleset creation. */
$FilterIflist = array();
+function flowtable_configure() {
+ global $config, $g;
+ // Figure out how many flows we should reserve
+ if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates']))
+ $maxstates = $config['system']['maximumstates'];
+ else
+ $maxstates = "15000";
+ // Is flowtable enabled?
+ if($config['system']['flowtable'])
+ $flowtable_enable = 1;
+ else
+ $flowtable_enable = 0;
+ // Flowtable currently only works on 8.0
+ if(get_freebsd_version() == "8") {
+ if($flowtable_enable == 1)
+ mwexec("/usr/sbin/sysctl net.inet.flowtable.nmbflows={$config['system']['maximumstates']}");
+ mwexec("/usr/sbin/sysctl net.inet.flowtable.emable={$flowtable_enable}");
+ }
+}
+
function filter_load_ipfw()
{
global $config;
@@ -189,16 +209,13 @@ function filter_configure_sync() {
if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) {
/* User defined maximum states in Advanced menu. */
$rules .= "set limit states {$config['system']['maximumstates']}\n";
- if(get_freebsd_version() == "8")
- if($config['system']['flowtable'])
- mwexec("/usr/sbin/sysctl net.inet.flowtable.nmbflows={$config['system']['maximumstates']}");
} else {
$max_states = pfsense_default_state_size();
$rules .= "set limit states {$max_states}\n";
- if(get_freebsd_version() == "8")
- if($config['system']['flowtable'])
- mwexec("/usr/sbin/sysctl net.inet.flowtable.nmbflows={$max_states}");
}
+
+ // Configure flowtable support if enabled.
+ flowtable_configure();
$rules .= "\n";
$rules .= "set skip on pfsync0\n";
diff --git a/usr/local/www/system_advanced_network.php b/usr/local/www/system_advanced_network.php
index a7c6de7..4326e86 100644
--- a/usr/local/www/system_advanced_network.php
+++ b/usr/local/www/system_advanced_network.php
@@ -40,8 +40,8 @@
##|*MATCH=system_advanced-network.php*
##|-PRIV
-
require("guiconfig.inc");
+require("filter.inc");
$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
$pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr'];
@@ -110,9 +110,13 @@ if ($_POST) {
unset($config['system']['disablechecksumoffloading']);
setup_microcode();
}
-
+
+ // Write out configuration (config.xml)
write_config();
+ // Configure flowtable support from filter.inc
+ flowtable_configure();
+
$retval = filter_configure();
if(stristr($retval, "error") <> true)
$savemsg = get_std_save_message($retval);
OpenPOWER on IntegriCloud