diff options
-rw-r--r-- | etc/inc/filter.inc | 5 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 5 | ||||
-rw-r--r-- | usr/local/www/system_advanced_firewall.php | 21 |
3 files changed, 31 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 2f2dc9f..dc21e26 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -254,10 +254,15 @@ function filter_configure_sync($delete_states_if_needed = true) { copy("{$g['tmp_path']}/rules.debug", "{$g['tmp_path']}/rules.debug.old"); $rules = ""; + if($config['system']['maximumtables'] <> "" && is_numeric($config['system']['maximumtables'])) { + /* User defined maximum table entries in Advanced menu. */ + $rules .= "set limit tables {$config['system']['maximumtables']}\n"; + } if($config['system']['maximumtableentries'] <> "" && is_numeric($config['system']['maximumtableentries'])) { /* User defined maximum table entries in Advanced menu. */ $rules .= "set limit table-entries {$config['system']['maximumtableentries']}\n"; } + $rules .= "{$aliases} \n"; $rules .= "{$gateways} \n"; update_filter_reload_status(gettext("Setting up logging information")); diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 7ac1f4b..a9c2f1f 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1434,6 +1434,11 @@ function pfsense_default_state_size() { return $max_states; } +function pfsense_default_tables_size() { + $current = `pfctl -sm | grep ^tables | awk '{print $4};'`; + return $current; +} + function pfsense_default_table_entries_size() { $current = `pfctl -sm | grep table-entries | awk '{print $4};'`; return $current; diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 8430ac0..0796ce3 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -55,6 +55,7 @@ $pconfig['scrubrnid'] = $config['system']['scrubrnid']; $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout']; $pconfig['optimization'] = $config['filter']['optimization']; $pconfig['maximumstates'] = $config['system']['maximumstates']; +$pconfig['maximumtables'] = $config['system']['maximumtables']; $pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; $pconfig['disablereplyto'] = isset($config['system']['disablereplyto']); $pconfig['disablenegate'] = isset($config['system']['disablenegate']); @@ -75,6 +76,9 @@ if ($_POST) { if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) { $input_errors[] = gettext("The Firewall Maximum States value must be an integer."); } + if ($_POST['maximumtables'] && !is_numericint($_POST['maximumtables'])) { + $input_errors[] = gettext("The Firewall Maximum Tables value must be an integer."); + } if ($_POST['maximumtableentries'] && !is_numericint($_POST['maximumtableentries'])) { $input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer."); } @@ -116,6 +120,7 @@ if ($_POST) { $config['system']['optimization'] = $_POST['optimization']; $config['system']['maximumstates'] = $_POST['maximumstates']; + $config['system']['maximumtables'] = $_POST['maximumtables']; $config['system']['maximumtableentries'] = $_POST['maximumtableentries']; if($_POST['natreflection'] == "proxy") { @@ -318,6 +323,22 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Tables");?></td> + <td width="78%" class="vtable"> + <input name="maximumtables" type="text" id="maximumtables" value="<?php echo $pconfig['maximumtables']; ?>" /> + <br/> + <strong><?=gettext("Maximum number of tables for systems such as aliases, sshlockout, snort, etc, combined.");?></strong> + <br/><?php echo gettext("This is the actual number of tables, not the number of entries inside the tables (see below)");?> + <br/> + <span class="vexpl"> + <?=gettext("Note: Leave this blank for the default.");?> + <?php if (empty($pconfig['maximumtables'])): ?> + <?= gettext("On your system the default size is:");?> <?= pfsense_default_tables_size(); ?> + <?php endif; ?> + </span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Table Entries");?></td> <td width="78%" class="vtable"> <input name="maximumtableentries" type="text" id="maximumtableentries" value="<?php echo $pconfig['maximumtableentries']; ?>" /> |