diff options
| -rw-r--r-- | etc/inc/filter.inc | 5 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_firewall.php | 34 |
2 files changed, 39 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b9641b1..1949c38 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -241,6 +241,11 @@ function filter_configure_sync($delete_states_if_needed = true) { } else $limitrules .= "set optimization normal\n"; + if (!empty($config['system']['adaptivestart']) && !empty($config['system']['adaptiveend'])) + $limitrules .= "set timeout { adaptive.start {$config['system']['adaptivestart']}, adaptive.end {$config['system']['adaptiveend']} }\n"; + else + $limitrules .= "set timeout { adaptive.start 0, adaptive.end 0 }\n"; + if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) { /* User defined maximum states in Advanced menu. */ $limitrules .= "set limit states {$config['system']['maximumstates']}\n"; diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 1b1f7ce..a4b135d 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -54,6 +54,8 @@ $pconfig['scrubnodf'] = $config['system']['scrubnodf']; $pconfig['scrubrnid'] = $config['system']['scrubrnid']; $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout']; $pconfig['optimization'] = $config['filter']['optimization']; +$pconfig['adaptivestart'] = $config['system']['adaptivestart']; +$pconfig['adaptiveend'] = $config['system']['adaptiveend']; $pconfig['maximumstates'] = $config['system']['maximumstates']; $pconfig['maximumtables'] = $config['system']['maximumtables']; $pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; @@ -74,6 +76,14 @@ if ($_POST) { $pconfig = array_merge($pconfig, $_POST); /* input validation */ + if ((empty($_POST['adaptivestart']) && !empty($_POST['adaptiveend'])) || (!empty($_POST['adaptivestart']) && empty($_POST['adaptiveend']))) + $input_errors[] = gettext("The Firewall Adaptive values must be set together."); + if (!empty($_POST['adaptivestart']) && !is_numericint($_POST['adaptivestart'])) { + $input_errors[] = gettext("The Firewall Adaptive Start value must be an integer."); + } + if (!empty($_POST['adaptiveend']) && !is_numericint($_POST['adaptiveend'])) { + $input_errors[] = gettext("The Firewall Adaptive End value must be an integer."); + } if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) { $input_errors[] = gettext("The Firewall Maximum States value must be an integer."); } @@ -119,6 +129,15 @@ if ($_POST) { else unset($config['system']['scrubrnid']); + if (!empty($_POST['adaptiveend'])) + $config['system']['adaptiveend'] = $_POST['adaptiveend']; + else + unset($config['system']['adaptiveend']); + if (!empty($_POST['adaptivestart'])) + $config['system']['adaptivestart'] = $_POST['adaptivestart']; + else + unset($config['system']['adaptivestart']); + $config['system']['optimization'] = $_POST['optimization']; $config['system']['maximumstates'] = $_POST['maximumstates']; $config['system']['maximumtables'] = $_POST['maximumtables']; @@ -323,6 +342,21 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Firewall Adaptive Timeouts");?></td> + <td width="78%" class="vtable"> + <strong><?=gettext("Timeouts for states can be scaled adaptively as the number of state table entries grows.");?></strong> + <br/> + <input name="adaptivestart" type="text" id="adaptivestart" value="<?php echo $pconfig['adaptivestart']; ?>" /> + <br/><?=gettext("When the number of state entries exceeds this value, adaptive scaling begins. All timeout values are scaled linearly with factor (adaptive.end - number of states) / (adaptive.end - adaptive.start).");?> + + <br/> + <input name="adaptiveend" type="text" id="adaptiveend" value="<?php echo $pconfig['adaptiveend']; ?>" /> + <br/><?=gettext("When reaching this number of state entries, all timeout values become zero, effectively purging all state entries immediately. This value is used to define the scale factor, it should not actually be reached (set a lower state limit, see below).");?> + <br/> + <span class="vexpl"><?=gettext("Note: Leave this blank for the default(0).");?></span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum States");?></td> <td width="78%" class="vtable"> <input name="maximumstates" type="text" id="maximumstates" value="<?php echo $pconfig['maximumstates']; ?>" /> |
