diff options
105 files changed, 1884 insertions, 1576 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index 67d6bfe..b617b23 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -449,6 +449,7 @@ <target></target> <local-port></local-port> <descr></descr> + <associated-filter-rule-id></associated-filter-rule-id> </rule> --> <!-- @@ -502,6 +503,7 @@ <!-- rule syntax: <rule> <disabled/> + <id>[0-9]*</id> <type>pass|block|reject</type> <descr>...</descr> <interface>lan|opt[n]|wan|pptp</interface> @@ -21,20 +21,14 @@ 105.0.0.0/8 106.0.0.0/8 107.0.0.0/8 -109.0.0.0/8 127.0.0.0/8 169.254.0.0/16 -175.0.0.0/8 176.0.0.0/8 177.0.0.0/8 -178.0.0.0/8 179.0.0.0/8 -180.0.0.0/8 181.0.0.0/8 -182.0.0.0/8 -183.0.0.0/8 185.0.0.0/8 192.0.2.0/24 198.18.0.0/15 223.0.0.0/8 -224.0.0.0/3 +224.0.0.0/3
\ No newline at end of file diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index eed86c6..59c39ee 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -3,6 +3,7 @@ captiveportal.inc part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2009 Ermal Luçi Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. All rights reserved. @@ -58,13 +59,16 @@ function captiveportal_configure() { continue; $tmpif = get_real_interface($cpifgrp); if (!empty($tmpif)) { + mwexec("/sbin/ifconfig {$tmpif} -ipfwfilter"); if ($firsttime > 0) $cpinterface .= " or "; $cpinterface .= "via {$tmpif}"; $firsttime = 1; $cpipm = get_interface_ip($cpifgrp); - if (is_ipaddr($cpipm)) + if (is_ipaddr($cpipm)) { $cpips[] = $cpipm; + mwexec("/sbin/ifconfig {$tmpif} ipfwfilter"); + } } } if (count($cpips) > 0) { @@ -168,7 +172,7 @@ EOD; <b> Username and/or password invalid. <br><br> -<a href="javascript:history.back()">Go back</a> +<a href="javascript:history.back(); ">Go back</a> </b> </body> </html> @@ -244,8 +248,8 @@ EOD; /* generate passthru mac database */ captiveportal_passthrumac_configure(true); - /* create allowed ip database and insert ipfw rules to make it so */ - captiveportal_allowedip_configure(true); + /* allowed ipfw rules to make allowed ip work */ + captiveportal_allowedip_configure(); /* generate radius server database */ if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || @@ -297,6 +301,9 @@ EOD; /* unload ipfw */ mwexec("/sbin/kldunload ipfw.ko"); + $listifs = get_configured_interface_list_by_realif(); + foreach ($listifs as $listrealif => $listif) + mwexec("/sbin/ifconfig {$listrealif} -ipfwfilter"); } unlock($captiveportallck); @@ -316,18 +323,6 @@ function captiveportal_rules_generate($cpif, &$cpiparray) { $cprules = "add 500 set 1 allow pfsync from any to any\n"; $cprules .= "add 500 set 1 allow carp from any to any\n"; - /* allow nat redirects to work see - http://cvstrac.pfsense.com/tktview?tn=651 - */ - /* if list */ - $iflist = get_configured_interface_list(); - foreach ($iflist as $ifent => $ifname) { - if(stristr($cpifn, $ifname)) - continue; - $int = get_real_interface($ifname); - $cprules .= "add 30 set 1 skipto 50000 all from any to any in via {$int} keep-state\n"; - } - /* captive portal on LAN interface? */ if (stristr($cpifn, "lan")) { /* add anti-lockout rules */ @@ -339,13 +334,7 @@ EOD; } $cprules .= <<<EOD -add 1000 set 1 skipto 1200 all from any to any not layer2 $cpif -# skip to traffic shaper if not on captive portal interface -add 1001 set 1 skipto 50000 all from any to any not layer2 -add 1003 set 1 skipto 1100 layer2 $cpif -# pass all layer2 traffic on other interfaces -add 1004 set 1 pass layer2 - +add 1000 set 1 skipto 1150 all from any to any not layer2 # layer 2: pass ARP add 1100 set 1 pass layer2 mac-type arp # pfsense requires for WPA @@ -362,11 +351,11 @@ add 1100 set 1 pass layer2 mac-type 0x888e # layer 2: block anything else non-IP add 1101 set 1 deny layer2 not mac-type ip # layer 2: check if MAC addresses of authenticated clients are correct -add 1102 set 1 skipto 20000 layer2 +add 1102 set 1 skipto 2000 layer2 EOD; - $rulenum = 1200; + $rulenum = 1150; foreach ($cpiparray as $cpip) { //# allow access to our DHCP server (which needs to be able to ping clients as well) $cprules .= "add {$rulenum} set 1 pass udp from any 68 to 255.255.255.255 67 in \n"; @@ -396,33 +385,33 @@ EOD; $cprules .= "add {$rulenum} set 1 pass tcp from {$cpip} 8001 to any out \n"; } } - $rulenum++; - //# allow access to our DNS forwarder if it incorrectly resolves the hostname to $lanip - $cprules .= "add {$rulenum} set 1 pass udp from any to {$lanip} 53 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass udp from {$lanip} 53 to any out \n"; - //# allow access to lan web server incase the dns name resolves incorrectly to $lanip - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from any to {$lanip} 8000 in \n"; - $rulenum++; - $cprules .= "add {$rulenum} set 1 pass tcp from {$lanip} 8000 to any out \n"; - - $cprules .= <<<EOD -# ... 10000-19899: rules per authenticated client go here... + if (isset($config['captiveportal']['peruserbw'])) { + $cprules .= "add {$rulenum} set 2 pipe tablearg ip from table(3) to any in\n"; + $rulenum++; + $cprules .= "add {$rulenum} set 2 pipe tablearg ip from any to table(4) out\n"; + $rulenum++; + } else { + $cprules .= "add {$rulenum} set 2 skipto 50000 ip from table(3) to any in\n"; + $rulenum++; + $cprules .= "add {$rulenum} set 2 skipto 50000 ip from any to table(4) out\n"; + $rulenum++; + } + + $cprules .= <<<EOD # redirect non-authenticated clients to captive portal -add 19902 set 1 fwd 127.0.0.1,8000 tcp from any to any 80 in +add 1990 set 1 fwd 127.0.0.1,8000 tcp from any to any 80 in # let the responses from the captive portal web server back out -add 19903 set 1 pass tcp from any 80 to any out +add 1991 set 1 pass tcp from any 80 to any out # block everything else -add 19904 set 1 deny all from any to any +add 1992 set 1 deny all from any to any -# ... 20000-29899: layer2 block rules per authenticated client go here... +# ... 2000-49899: layer2 block rules per authenticated client go here... # pass everything else on layer2 -add 29900 set 1 pass all from any to any layer2 +add 49900 set 1 pass all from any to any layer2 EOD; @@ -464,6 +453,7 @@ function captiveportal_prune_old() { * the loop would evalate count() on every iteration and since $i would increase and count() would decrement they * would meet before we had a chance to iterate over all accounts. */ + $unsetindexes = array(); $no_users = count($cpdb); for ($i = 0; $i < $no_users; $i++) { @@ -494,7 +484,7 @@ function captiveportal_prune_old() { $idletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; /* if an idle timeout is specified, get last activity timestamp from ipfw */ if (!$timedout && $idletimeout) { - $lastact = captiveportal_get_last_activity($cpdb[$i][1]); + $lastact = captiveportal_get_last_activity($cpdb[$i][2]); /* if the user has logged on but not sent any trafic they will never be logged out. * We "fix" this by setting lastact to the login timestamp */ @@ -525,7 +515,7 @@ function captiveportal_prune_old() { if ($timedout) { captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time); captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); - unset($cpdb[$i]); + $unsetindexes[$i] = $i; } /* do periodic RADIUS reauthentication? */ @@ -545,7 +535,8 @@ function captiveportal_prune_old() { $cpdb[$i][2], // clientip $cpdb[$i][3], // clientmac 10); // NAS Request - exec("/sbin/ipfw zero {$cpdb[$i][1]}"); + exec("/sbin/ipfw table 3 entryzerostats {$cpdb[$i][2]}"); + exec("/sbin/ipfw table 4 entryzerostats {$cpdb[$i][2]}"); RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno $cpdb[$i][4], // username $cpdb[$i][5], // sessionid @@ -580,10 +571,13 @@ function captiveportal_prune_old() { if ($auth_list['auth_val'] == 3) { captiveportal_disconnect($cpdb[$i], $radiusservers, 17); captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - unset($cpdb[$i]); + $unsetindexes[$i] = $i; } } } + /* This is a kludge to overcome some php weirdness */ + foreach($unsetindexes as $unsetindex) + unset($cpdb[$unsetindex]); /* write database */ captiveportal_write_db($cpdb); @@ -614,18 +608,20 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t $stop_time); } - mwexec("/sbin/ipfw delete " . $dbent[1] . " " . ($dbent[1]+10000)); - - /* We need to delete +40500 and +45500 as well... - * these are the pipe numbers we use to control traffic shaping for each logged in user via captive portal - * We could get an error if the pipe doesn't exist but everything should still be fine - */ - if (isset($config['captiveportal']['peruserbw'])) { - mwexec("/sbin/ipfw pipe " . ($dbent[1]+40500) . " delete"); - mwexec("/sbin/ipfw pipe " . ($dbent[1]+45500) . " delete"); - } + mwexec("/sbin/ipfw table 4 delete {$dbent[2]}"); + mwexec("/sbin/ipfw table 4 delete {$dbent[2]}"); + mwexec("/sbin/ipfw delete {$dbent[1]}"); + + /* + * These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal + * We could get an error if the pipe doesn't exist but everything should still be fine + */ + if (isset($config['captiveportal']['peruserbw'])) { + mwexec("/sbin/ipfw pipe " . ($dbent[1]+20000) . " delete"); + mwexec("/sbin/ipfw pipe " . ($dbent[1]+20001) . " delete"); + } - /* pfSense: ensure all pf states are killed (pfSense) */ + /* Ensure all pf(4) states are killed. */ mwexec("pfctl -k {$dbent[2]}"); mwexec("pfctl -K {$dbent[2]}"); @@ -643,14 +639,17 @@ function captiveportal_disconnect_client($id,$term_cause = 1) { $radiusservers = captiveportal_get_radius_servers(); /* find entry */ + $tmpindex = 0; for ($i = 0; $i < count($cpdb); $i++) { if ($cpdb[$i][1] == $id) { captiveportal_disconnect($cpdb[$i], $radiusservers, $term_cause); captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "DISCONNECT"); - unset($cpdb[$i]); + $tmpindex = $i; break; } } + if ($tmpindex > 0) + unset($cpdb[$tmpindex]); /* write database */ captiveportal_write_db($cpdb); @@ -728,8 +727,8 @@ function captiveportal_passthrumac_configure($lock = false) { foreach($config['captiveportal']['passthrumac'] as $ptm) { /* create the pass through mac entry */ //system("echo /sbin/ipfw add 50 skipto 65535 ip from any to any MAC {$ptm['mac']} any > /tmp/cp"); - mwexec("/sbin/ipfw add 50 skipto 29900 ip from any to any MAC {$ptm['mac']} any keep-state"); - mwexec("/sbin/ipfw add 50 skipto 29900 ip from any to any MAC any {$ptm['mac']} keep-state"); + mwexec("/sbin/ipfw add 50 skipto 49900 ip from any to any MAC {$ptm['mac']} any keep-state"); + mwexec("/sbin/ipfw add 50 skipto 49900 ip from any to any MAC any {$ptm['mac']} keep-state"); } } @@ -739,89 +738,50 @@ function captiveportal_passthrumac_configure($lock = false) { return 0; } -function captiveportal_allowedip_configure($lock = false) { +function captiveportal_allowedip_configure() { global $config, $g; - if (!$lock) - $captiveportallck = lock('captiveportal'); - /* clear out existing allowed ips, if necessary */ - if (file_exists("{$g['vardb_path']}/captiveportal_ip.db")) { - $fd = @fopen("{$g['vardb_path']}/captiveportal_ip.db", "r"); - if ($fd) { - while (!feof($fd)) { - $line = trim(fgets($fd)); - if ($line) { - list($ip,$rule) = explode(",",$line); - mwexec("/sbin/ipfw delete $rule"); - } - } - } - fclose($fd); - unlink("{$g['vardb_path']}/captiveportal_ip.db"); - } - - /* get next ipfw rule number */ - if (file_exists("{$g['vardb_path']}/captiveportal.nextrule")) - $ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule")); - if (!$ruleno) - $ruleno = 10000; /* first rule number */ + mwexec("/sbin/ipfw table 1 flush"); + mwexec("/sbin/ipfw table 2 flush"); if (is_array($config['captiveportal']['allowedip'])) { - - $fd = @fopen("{$g['vardb_path']}/captiveportal_ip.db", "w"); - if (!$fd) { - printf("Error: cannot open allowed ip DB file in captiveportal_allowedip_configure().\n"); - unlock($captiveportallck); - return 1; - } - + $tableone = false; + $tabletwo = false; foreach ($config['captiveportal']['allowedip'] as $ipent) { - /* get next ipfw rule number */ - $ruleno = captiveportal_get_next_ipfw_ruleno(); - - /* if the pool is empty, return apprioriate message and fail */ - if (is_null($ruleno)) { - printf("Error: system reached maximum login capacity, no free FW rulenos in captiveportal_allowedip_configure().\n"); - fclose($fd); - unlock($captiveportallck); - return 1; - } - - /* record allowed ip so it can be recognized and removed later */ - fwrite($fd, $ipent['ip'] . "," . $ruleno ."\n"); - - /* insert ipfw rule to allow ip thru */ - if ($ipent['dir'] == "from") { - mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from " . $ipent['ip'] . " to any in"); - mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to " . $ipent['ip'] . " out"); - } else { - mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to " . $ipent['ip'] . " in"); - mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from " . $ipent['ip'] . " to any out"); - } - - } - - fclose($fd); - } + /* insert address in ipfw table */ + if ($ipent['dir'] == "from") { + mwexec("/sbin/ipfw table 1 add {$ipent['ip']}"); + $tableone = true; + } else { + mwexec("/sbin/ipfw table 2 add {$ipent['ip']}"); + $tabletwo = true; + } + } + if ($tableone == true) { + mwexec("/sbin/ipfw add 1890 set 2 skipto 50000 ip from table\(1\) to any in"); + mwexec("/sbin/ipfw add 1891 set 2 skipto 50000 ip from any to table\(1\) out"); + } + if ($tabletwo == true) { + mwexec("/sbin/ipfw add 1892 set 2 skipto 50000 ip from any to table\(2\) in"); + mwexec("/sbin/ipfw add 1893 set 2 skipto 50000 ip from table\(2\) to any out"); + } + } - if (!$lock) - unlock($captiveportallck); return 0; } /* get last activity timestamp given ipfw rule number */ -function captiveportal_get_last_activity($ruleno) { +function captiveportal_get_last_activity($ip) { $ipfwoutput = ""; - exec("/sbin/ipfw -T list {$ruleno} 2>/dev/null", $ipfwoutput); - - /* in */ + exec("/sbin/ipfw table 3 entrystats {$ip} 2>/dev/null", $ipfwoutput); + /* Reading only from one of the tables is enough of approximation. */ if ($ipfwoutput[0]) { $ri = explode(" ", $ipfwoutput[0]); - if ($ri[1]) - return $ri[1]; + if ($ri[4]) + return $ri[4]; } return 0; @@ -996,28 +956,31 @@ function captiveportal_write_elements() { /* * This function will calculate the lowest free firewall ruleno - * within the range specified based on the actual installed rules + * within the range specified based on the actual logged on users * */ -function captiveportal_get_next_ipfw_ruleno($rulenos_start = 10000, $rulenos_range_max = 9899) { - - $fwrules = ""; - $matches = ""; - exec("/sbin/ipfw show", $fwrules); - foreach ($fwrules as $fwrule) { - preg_match("/^(\d+)\s+/", $fwrule, $matches); - $rulenos_used[] = $matches[1]; - } - $rulenos_used = array_unique($rulenos_used); - $rulenos_range = count($rulenos_used); - if ($rulenos_range > $rulenos_range_max) { - return NULL; - } - $rulenos_pool = range($rulenos_start, ($rulenos_start + $rulenos_range)); - $rulenos_free = array_diff($rulenos_pool, $rulenos_used); - $ruleno = array_shift($rulenos_free); +function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2000, $rulenos_range_max = 49899) { + global $config, $g; - return $ruleno; + $ruleno = 0; + if (file_exists("{$g['vardb_path']}/captiveportal.nextrule")) + $ruleno = intval(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule")); + else + $ruleno = 1; + if ($ruleno > 0 && (($rulenos_start + $ruleno) < $rulenos_range_max)) { + /* + * This allows our traffic shaping pipes to be the in pipe the same as ruleno + * and the out pipe ruleno + 1. This removes limitation that where present in + * previous version of the peruserbw. + */ + if (isset($config['captiveportal']['peruserbw'])) + $ruleno += 2; + else + $ruleno++; + file_put_contents("{$g['vardb_path']}/captiveportal.nextrule", $ruleno); + return $rulenos_start + $ruleno; + } + return NULL; } /** @@ -1031,7 +994,7 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 10000, $rulenos_ran * */ -function getVolume($ruleno) { +function getVolume($ip) { $volume = array(); @@ -1039,20 +1002,23 @@ function getVolume($ruleno) { $volume['input_pkts'] = $volume['input_bytes'] = $volume['output_pkts'] = $volume['output_bytes'] = 0 ; // Ingress - $ipfw = ""; - $matches = ""; - exec("/sbin/ipfw show {$ruleno}", $ipfw); - preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+.*/", $ipfw[0], $matches); - $volume['input_pkts'] = $matches[2]; - $volume['input_bytes'] = $matches[3]; - - // Flush internal buffer - unset($matches); - - // Outgress - preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+.*/", $ipfw[1], $matches); - $volume['output_pkts'] = $matches[2]; - $volume['output_bytes'] = $matches[3]; + $ipfwin = ""; + $ipfwout = ""; + $matchesin = ""; + $matchesout = ""; + exec("/sbin/ipfw table 3 entrystats {$ip}", $ipfwin); + if ($ipfwin[0]) { + $ipfwin = split(" ", $ipfwin[0]); + $volume['input_pkts'] = $ipfwin[2]; + $volume['input_bytes'] = $ipfwin[3]; + } + + exec("/sbin/ipfw table 4 entrystats {$ip}", $ipfwout); + if ($ipfwout[0]) { + $ipfwout = split(" ", $ipfwout[0]); + $volume['output_pkts'] = $ipfwout[2]; + $volume['output_bytes'] = $ipfwout[3]; + } return $volume; } diff --git a/etc/inc/config.inc b/etc/inc/config.inc index f6e17a8..8a48d23 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -240,10 +240,11 @@ function encrypted_configxml() { * $config - array containing all configuration variables ******/ function parse_config($parse = false) { - global $g; + global $g, $config_parsed; $lockkey = lock('config'); - if (filesize("{$g['conf_path']}/config.xml") == 0) { + $config_parsed == false; + if (!file_exists("{$g['conf_path']}/config.xml") || filesize("{$g['conf_path']}/config.xml") == 0) { $last_backup = discover_last_backup(); if($last_backup) { log_error("No config.xml found, attempting last known config restore."); @@ -302,14 +303,9 @@ function parse_config($parse = false) { } if($g['booting']) echo "."; alias_make_table($config); + $config_parsed = true; unlock($lockkey); - /* process packager manager custom rules */ - if(is_dir("/usr/local/pkg/parse_config")) { - update_filter_reload_status("Running plugins (parse_config)"); - run_plugins("/usr/local/pkg/parse_config/"); - update_filter_reload_status("Plugins completed."); - } return $config; } @@ -341,10 +337,12 @@ function discover_last_backup() { } function restore_backup($file) { + global $g; + if (file_exists($file)) { conf_mount_rw(); copy("$file","/cf/conf/config.xml"); - unlink_if_exists("/tmp/config.cache"); + unlink_if_exists("{$g['tmp_path']}/config.cache"); log_error("{$g['product_name']} is restoring the configuration $file"); file_notice("config.xml", "{$g['product_name']} is restoring the configuration $file", "pfSenseConfigurator", ""); conf_mount_ro(); @@ -647,9 +645,7 @@ function write_config($desc="Unknown", $backup = true) { if(is_dir("/usr/local/pkg/write_config")) { /* process packager manager custom rules */ - update_filter_reload_status("Running plugins"); run_plugins("/usr/local/pkg/write_config/"); - update_filter_reload_status("Plugins completed."); } return $config; @@ -698,18 +694,22 @@ function config_restore($conffile) { if (!file_exists($conffile)) return 1; - $lockkey = lock('config'); conf_mount_rw(); backup_config(); + + $lockkey = lock('config'); + copy($conffile, "{$g['cf_conf_path']}/config.xml"); + unlink_if_exists("{$g['tmp_path']}/config.cache"); + unlock($lockkey); + $config = parse_config(true); - $lockkey = lock('config'); + write_config("Reverted to " . array_pop(explode("/", $conffile)) . ".", false); conf_mount_ro(); - unlock($lockkey); return 0; } @@ -720,14 +720,16 @@ function config_install($conffile) { if (!file_exists($conffile)) return 1; - if (!config_validate("{$g['conf_path']}/config.xml")) + if (!config_validate("{$conffile}")) return 1; if($g['booting'] == true) echo "Installing configuration...\n"; + else + log_error("Installing configuration ...."); - $lockkey = lock('config'); conf_mount_rw(); + $lockkey = lock('config'); copy($conffile, "{$g['conf_path']}/config.xml"); @@ -735,8 +737,8 @@ function config_install($conffile) { if(file_exists("{$g['tmp_path']}/config.cache")) unlink("{$g['tmp_path']}/config.cache"); - conf_mount_ro(); unlock($lockkey); + conf_mount_ro(); return 0; } @@ -1397,4 +1399,11 @@ function set_device_perms() { if($g['booting']) echo "."; $config = parse_config(); +if($config_parsed == true) { + /* process packager manager custom rules */ + if(is_dir("/usr/local/pkg/parse_config")) { + run_plugins("/usr/local/pkg/parse_config/"); + } +} + ?> diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d93d857..f783255 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -292,20 +292,27 @@ function filter_configure_sync() { layer7_start_l7daemon(); /* run items scheduled for after filter configure run */ - $fda = fopen("/tmp/commands.txt", "w"); - foreach($after_filter_configure_run as $afcr) - fwrite($fda, $afcr . "\n"); - /* - * we need a way to let a user run a shell cmd after each - * filter_configure() call. run this xml command after - * each change. - */ - if($config['system']['afterfilterchangeshellcmd'] <> "") - fwrite($fda, $config['system']['afterfilterchangeshellcmd'] . "\n"); - fclose($fda); - if (file_exists("/tmp/commands.txt")) { - mwexec("sh /tmp/commands.txt &"); - unlink("/tmp/commands.txt"); + $fda = fopen("{$g['tmp_path']}/commands.txt", "w"); + if ($fda) { + if($after_filter_configure_run) + foreach($after_filter_configure_run as $afcr) + fwrite($fda, $afcr . "\n"); + /* + * we need a way to let a user run a shell cmd after each + * filter_configure() call. run this xml command after + * each change. + */ + if($config['system']['afterfilterchangeshellcmd'] <> "") + fwrite($fda, $config['system']['afterfilterchangeshellcmd'] . "\n"); + + fclose($fda); + } + + unlock($filterlck); + + if (file_exists("{$g['tmp_path']}/commands.txt")) { + mwexec("sh {$g['tmp_path']}/commands.txt &"); + unlink("{$g['tmp_path']}/commands.txt"); } /* if time based rules are enabled then swap in the set */ if ($time_based_rules == true) @@ -313,8 +320,6 @@ function filter_configure_sync() { else filter_tdr_install_cron(false); - unlock($filterlck); - if ($g['booting'] == true) echo "."; find_dns_aliases(); @@ -356,17 +361,23 @@ function filter_generate_scrubing() return $scrubrules; } -function filter_generate_nested_alias($alias) { +function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting) { global $aliastable; $addresses = split(" ", $alias); $finallist = ""; + $aliasnesting[$name] = $name; foreach ($addresses as $address) { $linelength = strlen($finallist); - if (isset($aliastable[$address])) - $tmpline = filter_generate_nested_alias($aliastable[$address]); - else + $tmpline = ""; + if (is_alias($address)) { + /* We already expanded this alias so there is no neccessity to do it again. */ + if (!isset($aliasnesting[$address])) + $tmpline = filter_generate_nested_alias($address, $aliastable[$address], $aliasnesting, $aliasaddrnesting); + } else if (!isset($aliasaddrnesting[$address])) { + $aliasaddrnesting[$address] = $address; $tmpline = " $address"; + } if ((strlen($tmpline)+ $linelength) > 4036) $finallist .= "\n"; $finallist .= " {$tmpline}"; @@ -375,7 +386,7 @@ function filter_generate_nested_alias($alias) { } function filter_generate_aliases() { - global $config, $FilterIflist, $aliastable; + global $config, $FilterIflist; if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "filter_generate_aliases() being called $mt\n"; @@ -394,10 +405,32 @@ function filter_generate_aliases() { $extraalias = ""; $ip = find_interface_ip($aliased['address']); $extraalias = " " . link_ip_to_carp_interface($ip); - $addrlist = filter_generate_nested_alias($aliased['address']); + $aliasnesting = array(); + $aliasaddrnesting = array(); + $addrlist = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); if ($aliased['type'] == "host" || $aliased['type'] == "network") { $aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n"; $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; + } else if ($aliased['type'] == "openvpn") { + $openvpncfg = array(); + if($config['openvpn']['user']) { + /* XXX: Check if we have a correct ip? */ + foreach ($config['openvpn']['user'] as $openvpn) + $openvpncfg[$openvpn['name']] = $openvpn['ip']; + } + $vpn_lines = split("\n", $addrlist); + foreach ($vpn_lines as $vpn_line) { + $vpn_address_split = split(" ", $vpn_line); + foreach($vpn_address_split as $vpnsplit) { + if(isset($openvpncfg[$vpnsplit])) { + $newaddress .= " "; + $newaddress .= $openvpn[$vpnsplit]; + break; + } + } + } + $aliases .= "table <{$aliased['name']}> { {$newaddress}{$extralias} } \n"; + $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; } else $aliases .= "{$aliased['name']} = \"{ {$aliased['address']}{$extralias} }\"\n"; } @@ -570,6 +603,109 @@ function filter_flush_state_table() return mwexec("/sbin/pfctl -F state"); } +function filter_generate_reflection($rule, $extport, &$starting_localhost_port) { + global $FilterIflist, $config; + + $natrules = ""; + if(!isset($config['system']['disablenatreflection'])) { + $inetd_fd = fopen("/var/etc/inetd.conf","w"); + /* add tftp protocol helper */ + fwrite($inetd_fd, "tftp\tdgram\tudp\twait\t\troot\t/usr/local/sbin/tftp-proxy -v\n"); + + update_filter_reload_status("Setting up reflection"); + $natrules .= "\n# Reflection redirects\n"; + foreach ($FilterIflist as $ifent => $ifname) { + /* do not process interfaces with gateways*/ + if (interface_has_gateway($ifent)) + continue; + if($extport[1]) + $range_end = ($extport[1]); + else + $range_end = ($extport[0]); + $range_end++; + if($rule['local-port']) + $lrange_start = $rule['local-port']; + if($range_end - $extport[0] > 500) { + $range_end = $extport[0]+1; + log_error("Not installing nat reflection rules for a port range > 500"); + } else { + /* only install reflection rules for < 19991 items */ + if($starting_localhost_port < 19991) { + $loc_pt = $lrange_start; + for($x=$extport[0]; $x<$range_end; $x++) { + $xxx = $x; + update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); + if($config['system']['reflectiontimeout']) + $reflectiontimeout = $config['system']['reflectiontimeout']; + else + $reflectiontimeout = "2000"; + $toadd_array = array(); + if(is_alias($loc_pt)) { + $loc_pt_translated = alias_expand($loc_pt); + add_hostname_to_watch($loc_pt_translated); + if(stristr($loc_pt_translated, " ")) { + /* XXX: we should deal with multiple ports */ + $loc_pt_translated_split = split(" ", $loc_pt_translated); + foreach($loc_pt_translated_split as $lpts) + $toadd_array[] = $lpts; + } else { + $toadd_array[] = $loc_pt_translated; + } + } else { + $loc_pt_translated = $loc_pt; + $toadd_array[] = $loc_pt_translated; + } + + switch($rule['protocol']) { + case "tcp/udp": + $protocol = "{ tcp udp }"; + foreach($toadd_array as $tda){ + fwrite($inetd_fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -w {$reflectiontimeout}{$target} {$tda}\n"); + $natrules .= "rdr on {$ifname['if']} proto tcp from any to {$extaddr} port {$xxx} tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; + $starting_localhost_port++; + fwrite($inetd_fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -u -w {$reflectiontimeout} {$target} {$tda}\n"); + $natrules .= "rdr on { {$ifname['if']} } proto udp from any to {$extaddr} port {$xxx} tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; + $xxx++; + $starting_localhost_port++; + } + break; + case "tcp": + case "udp": + $protocol = $rule['protocol']; + foreach($toadd_array as $tda){ + if($protocol == "udp") { + $socktype = "dgram"; + $dash_u = "-u "; + } else { + $socktype = "stream"; + $dash_u = ""; + } + if($config['system']['reflectiontimeout']) + $reflectiontimeout = $config['system']['reflectiontimeout']; + else + $reflectiontimeout = "20"; + fwrite($inetd_fd, "{$starting_localhost_port}\t{$socktype}\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc nc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"); + $natrules .= "rdr on { {$ifname['if']} } proto {$protocol} from any to {$extaddr} port {$xxx} tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; + $xxx++; + $starting_localhost_port++; + } + break; + default: + break; + } + $loc_pt++; + if($starting_localhost_port > 19990) { + log_error("Not installing nat reflection rules. Maximum 1,000 reached."); + $x = $range_end+1; + } + } + } + } + } + } + return $natrules; +} + /* Generate a 'nat on' or 'no nat on' rule for given interface */ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false) { @@ -809,21 +945,17 @@ function filter_nat_rules_generate() fwrite($inetd_fd, "tftp\tdgram\tudp\twait\t\troot\t/usr/local/sbin/tftp-proxy -v\n"); if (isset($config['nat']['rule'])) { - $natrules .= "# NAT Inbound Redirects\n"; - $inetd_fd = fopen("/var/etc/inetd.conf","w"); - /* add tftp protocol helper */ - fwrite($inetd_fd, "tftp\tdgram\tudp\twait\t\troot\t/usr/local/sbin/tftp-proxy -v\n"); if(!isset($config['system']['disablenatreflection'])) { /* start redirects on port 19000 of localhost */ $starting_localhost_port = 19000; } + $natrules .= "# NAT Inbound Redirects\n"; foreach ($config['nat']['rule'] as $rule) { update_filter_reload_status("Creating NAT rule {$rule['descr']}"); /* if item is an alias, expand */ $extport = ""; - unset($extport); if(alias_expand($rule['external-port'])) - $extport[0] = alias_expand_value($rule['external-port']); + $extport[0] = alias_expand($rule['external-port']); else $extport = explode("-", $rule['external-port']); /* if item is an alias, expand */ @@ -831,48 +963,34 @@ function filter_nat_rules_generate() $localport = ""; else $localport = " port {$rule['local-port']}"; - $target = alias_expand_host($rule['target']); + $target = alias_expand($rule['target']); if (!$target) { $natrules .= "# Unresolvable alias {$rule['target']}\n"; continue; /* unresolvable alias */ } - # use tables for aliases in rdr - if (!is_ipaddr($target)) { - $natrules .= "table <{$rule['target']}> { $target }\n"; - $target = "<{$rule['target']}>"; - } - if ($rule['external-address']) - if($rule['external-address'] <> "any") - $extaddr = $rule['external-address'] . "/32"; - else - $extaddr = $rule['external-address']; + if (!$rule['interface']) + $natif = "wan"; + else + $natif = $rule['interface']; + if (alias_expand($rule['external-address'])) + $extaddr = alias_expand($extaddr); + else if ($rule['external-address'] <> "") + $extaddr = $rule['external-address']; else $extaddr = $FilterIflist[$rule['interface']]['ip']; - if (!$rule['interface']) - $natif = "wan"; - else - $natif = $rule['interface']; $natif = $FilterIflist[$natif]['if']; - /* - * Expand aliases - * XXX: may want to integrate this into pf macros - */ - if(alias_expand($target)) - $target = alias_expand($target); - if(alias_expand($extaddr)) - $extaddr = alias_expand($extaddr); - if($extaddr == "") - $dontinstallrdr = true; - if($dontinstallrdr == false) { + + if ($extaddr <> "") { /* is rule a port range? */ if ((!$extport[1]) || ($extport[0] == $extport[1])) { + switch ($rule['protocol']) { case "tcp/udp": if($natif) { if($rule['external-port'] <> $rule['local-port']) - $natrules .= "{$nordr} rdr on $natif proto { tcp udp } from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}"; + $natrules .= "{$nordr} rdr on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]} -> {$target}{$localport}"; else - $natrules .= "{$nordr} rdr on $natif proto { tcp udp } from any to {$extaddr} port { {$extport[0]} } -> {$target}"; + $natrules .= "{$nordr} rdr on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]} -> {$target}"; } break; case "udp": @@ -880,9 +998,9 @@ function filter_nat_rules_generate() if($extport[0]) if($natif) { if($rule['external-port'] <> $rule['local-port']) - $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port { {$extport[0]} } -> {$target}{$localport}"; + $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]} -> {$target}{$localport}"; else - $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port { {$extport[0]} } -> {$target}"; + $natrules .= "rdr on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]} -> {$target}"; } else if($natif) @@ -922,115 +1040,7 @@ function filter_nat_rules_generate() $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$extport[0]} -> ({$natif})\n"; } } - if(!isset($config['system']['disablenatreflection'])) { - update_filter_reload_status("Setting up reflection"); - $natrules .= "\n# Reflection redirects\n"; - foreach ($FilterIflist as $ifent => $ifname) { - /* do not process interfaces with gateways*/ - if (interface_has_gateway($ifent)) - continue; - if($extport[1]) - $range_end = ($extport[1]); - else - $range_end = ($extport[0]); - $range_end++; - if($rule['local-port']) - $lrange_start = $rule['local-port']; - if($range_end - $extport[0] > 500) { - $range_end = $extport[0]+1; - log_error("Not installing nat reflection rules for a port range > 500"); - } else { - /* only install reflection rules for < 19991 items */ - if($starting_localhost_port < 19991) { - $loc_pt = $lrange_start; - for($x=$extport[0]; $x<$range_end; $x++) { - $xxx = $x; - /* do not install reflection rules for FTP. This simply - * opens up pandoras box. - */ - if($xxx == "21") - continue; - update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); - if($config['system']['reflectiontimeout']) - $reflectiontimeout = $config['system']['reflectiontimeout']; - else - $reflectiontimeout = "2000"; - switch($rule['protocol']) { - case "tcp/udp": - $protocol = "{ tcp udp }"; - $toadd_array = array(); - if(is_alias($loc_pt)) { - $loc_pt_translated = alias_expand_value($loc_pt); - add_hostname_to_watch($loc_pt_translated); - if(stristr($loc_pt_translated, " ")) { - /* XXX: we should deal with multiple ports */ - $loc_pt_translated_split = split(" ", $loc_pt_translated); - foreach($loc_pt_translated_split as $lpts) - $toadd_array[] = $lpts; - } else { - $toadd_array[] = $loc_pt_translated; - } - } else { - $loc_pt_translated = $loc_pt; - $toadd_array[] = $loc_pt_translated; - } - foreach($toadd_array as $tda){ - fwrite($inetd_fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -w {$reflectiontimeout} {$target} {$tda}\n"); - $natrules .= "rdr on {$ifname['if']} proto tcp from any to {$extaddr} port { {$xxx} } tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; - $starting_localhost_port++; - fwrite($inetd_fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -u -w {$reflectiontimeout} {$target} {$tda}\n"); - $natrules .= "rdr on { {$ifname['if']} } proto udp from any to {$extaddr} port { {$xxx} } tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; - $xxx++; - $starting_localhost_port++; - } - break; - case "tcp": - case "udp": - $protocol = $rule['protocol']; - $toadd_array = array(); - if(is_alias($loc_pt)) { - $loc_pt_translated = alias_expand_value($loc_pt); - add_hostname_to_watch($loc_pt_translated); - if(stristr($loc_pt_translated, " ")) { - /* XXX: we should deal with multiple ports */ - $loc_pt_translated_split = split(" ", $loc_pt_translated); - foreach($loc_pt_translated_split as $lpts) - $toadd_array[] = $lpts; - } else { - $toadd_array[] = $loc_pt_translated; - } - } else { - $loc_pt_translated = $loc_pt; - $toadd_array[] = $loc_pt_translated; - } - foreach($toadd_array as $tda){ - if($protocol == "udp") - $dash_u = "-u "; - else - $dash_u = ""; - if($config['system']['reflectiontimeout']) - $reflectiontimeout = $config['system']['reflectiontimeout']; - else - $reflectiontimeout = "20"; - fwrite($inetd_fd, "{$starting_localhost_port}\tstream\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc nc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"); - $natrules .= "rdr on { {$ifname['if']} } proto {$protocol} from any to {$extaddr} port { {$xxx} } tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; - $xxx++; - $starting_localhost_port++; - } - break; - default: - break; - } - $loc_pt++; - if($starting_localhost_port > 19990) { - log_error("Not installing nat reflection rules. Maximum 1,000 reached."); - $x = $range_end+1; - } - } - } - } - } - } + $natrules .= filter_generate_reflection($rule, $extport, $starting_localhost_port); $natrules .= "\n"; } } @@ -1483,8 +1493,9 @@ function filter_generate_user_rule($rule) foreach ($config['schedules']['schedule'] as $sched) { if ($sched['name'] == $rule['sched']) { if (!filter_get_time_based_rule_status($sched)) { - mwexec("/sbin/pfctl -y \"{$sched['schedlabel']}\""); - $line = "# schedule finished - {$rule}"; + if (!isset($config['system']['schedule_states'])) + mwexec("/sbin/pfctl -y {$sched['schedlabel']}"); + return "# schedule finished - {$rule['descr']}"; } else if ($g['debug']) log_error("[TDR DEBUG] status true -- rule type '$type'"); @@ -1739,7 +1750,7 @@ EOD; * interface in question to avoid problems with complicated routing * topologies */ - if (isset($config['system']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) { + if (isset($config['filter']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) { $ipfrules .= "anchor \"staticrouted\" \n"; foreach ($config['staticroutes']['route'] as $route) { $realif = guess_interface_from_ip(lookup_gateway_ip_by_name($route['gateway'])); @@ -1884,6 +1895,12 @@ function filter_rules_spoofcheck_generate($ifname, $if, $sa, $sn, $log) return $ipfrules; } +/* COMPAT Function */ +function tdr_install_cron($should_install) { + log_error("Please use filter_tdr_install_cron() function tdr_install_cron will be deprecated!"); + filter_tdr_install_cron($should_install); +} + /****f* filter/filter_tdr_install_cron * NAME * filter_tdr_install_cron diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc index c7189b5..79aa19d 100644 --- a/etc/inc/functions.inc +++ b/etc/inc/functions.inc @@ -83,5 +83,6 @@ require_once("vpn.inc"); require_once("vslb.inc"); require_once("cmd_chain.inc"); require_once("rrd.inc"); +require_once("itemid.inc"); ?> diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 6a032b6..666f759 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -31,6 +31,26 @@ POSSIBILITY OF SUCH DAMAGE. */ +function remove_numbers($string) { + $nums = array("1", "2", "3", "4", "5", "6", "7", "8", "9", "0", " "); + $string = str_replace($nums, '', $string); + return $string; +} + +function get_nics_with_capabilities($CAPABILITIES) { + $if_list = get_interface_list(); + $vlan_native_supp = array(); + foreach($if_list as $if => $iface) { + $capable = `ifconfig -m | grep -a1 $if | grep $CAPABILITIES`; + if($capable) { + $interfacenonum = remove_numbers($if); + if(!in_array($interfacenonum, $vlan_native_supp)) + $vlan_native_supp[] = $interfacenonum; + } + } + return $vlan_native_supp; +} + $g = array( "base_packages" => "AutoConfigBackup, siproxd", "factory_shipped_username" => "admin", @@ -76,11 +96,23 @@ $g = array( "embeddedbootupslice" => "/dev/ad0a", "services_dhcp_server_enable" => true, "firmware_update_text" => "(pfSense-*.tgz)", - "wireless_regex" => "/^(ndis|wi|ath|an|ral|ural|wai|iwi|awi|wlan|rum)/", - "vlan_native_supp" => array("bce", "bge", "bfe", "cxgb", "dc", "em", "fxp", "gem", "hme", "ixgb", "msk", "nge", "re", "rl", "sis", "ste", "stge", "ti", "tl", "tx", "txp", "vge", "vr", "xl", "lagg"), - "vlan_long_frame" => array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg") + "wireless_regex" => "/^(ndis|wi|ath|an|ral|ural|wai|iwi|awi|wlan|rum)/" ); +// Loop through and set vlan_native_supp (native vlan tagging) +$vlan_native_supp = get_nics_with_capabilities("HWTAGGING"); +if(count($vlan_native_supp) > 0) + $g['vlan_native_supp'] = $vlan_native_supp; +else + $g['vlan_native_supp'] = array("bce", "bge", "bfe", "cxgb", "dc", "em", "fxp", "gem", "hme", "ixgb", "msk", "nge", "re", "rl", "sis", "ste", "stge", "ti", "tl", "tx", "txp", "vge", "vr", "xl", "lagg"); + +// Loop through and set vlan_long_frame VLAN_MTU +$vlan_native_supp = get_nics_with_capabilities("VLAN_MTU"); +if(count($vlan_native_supp) > 0) + $g['vlan_long_frame'] = $vlan_native_supp; +else + $g['vlan_long_frame'] = array("vge", "bfe", "bge", "dc", "em", "fxp", "gem", "hme", "ixgb", "le", "nge", "re", "rl", "sis", "sk", "ste", "ti", "tl", "tx", "txp", "vr", "xl", "lagg"); + /* IP TOS flags */ $iptos = array("lowdelay", "throughput", "reliability"); diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index c7eab73..9e6ffee 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1979,18 +1979,17 @@ function interface_group_setup($groupname /* The parameter is an array */) { return; } -/* XXX: stub for code that references the old functions(mostly packages) */ -/* - * convert_friendly_interface_to_real_interface_name($interface): convert WAN to FXP0 - */ +/* COMPAT Function */ function convert_friendly_interface_to_real_interface_name($interface) { return get_real_interface($interface); } +/* COMPAT Function */ function get_real_wan_interface($interface = "wan") { return get_real_interface($interface); } +/* COMPAT Function */ function get_current_wan_address($interface = "wan") { return get_interface_ip($interface); } @@ -2185,7 +2184,7 @@ function get_real_interface($interface = "wan") { } function guess_interface_from_ip($ipaddress) { - $ret = `/usr/bin/netstat -rn | /usr/bin/awk '/^{$ipaddress}/ {print \$6}'`; + $ret = `/usr/bin/netstat -rn | /usr/bin/awk '/^{$ipaddress}/ {printf "%s", \$6}'`; if (empty($ret)) return false; @@ -2369,14 +2368,15 @@ function interface_has_gateway($friendly) { function is_altq_capable($int) { /* Per: - * http://www.freebsd.org/cgi/man.cgi?query=altq&manpath=FreeBSD+6.0-current&format=html + * http://www.freebsd.org/cgi/man.cgi?query=altq&manpath=FreeBSD+7.2-current&format=html * Only the following drivers have ALTQ support */ - $capable = array("an", "ath", "awi", "bfe", "bge", "dc", "de", "ed", - "em", "fxp", "hme", "le", "nve", "re", "rl", "ndis", "sf", "sis", "sk", - "tun", "vr", "wi", "xl", "vlan", "ste", "aue", "bce", "ep", "gem", "ipw", - "iwi", "msk", "mxge", "my", "nfe", "npe", "ral", "rum", "stge", "udav", - "ural", "pppoe", "pptp", "ng", "ppp"); + $capable = array("age", "ale", "an", "ath", "aue", "awi", "bce", + "bfe", "bge", "dc", "de", "ed", "em", "ep", "fxp", "gem", + "hme", "ipw", "iwi", "jme", "le", "msk", "mxge", "my", "nfe", + "npe", "nve", "ral", "re", "rl", "rum", "sf", "sis", "sk", + "ste", "stge", "txp", "udav", "ural", "vge", "vr", "wi", "xl", + "ndis", "tun", "vlan", "pppoe", "pptp", "ng", "ppp"); $int_family = preg_split("/[0-9]+/", $int); diff --git a/etc/inc/itemid.inc b/etc/inc/itemid.inc new file mode 100644 index 0000000..3a48e51 --- /dev/null +++ b/etc/inc/itemid.inc @@ -0,0 +1,85 @@ +<?php +/* $Id$ */ +/* + Copyright (C) 2009 Janne Enberg <janne.enberg@lietu.net> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + DISABLE_PHP_LINT_CHECKING +*/ + +/****f* itemid/delete_id + * NAME + * delete_id - delete an item with ['id'] = $id from $array + * INPUTS + * $id - int: The ID to delete + * $array - array to delete the item from + * RESULT + * boolean - true if item was found and deleted + ******/ +function delete_id($id, &$array){ + // Index to delete + $delete_index = NULL; + + // Search for the item in the array + foreach ($array as $key => $item){ + // If this item is the one we want to delete + if(isset($item['id']) && $item['id']==$id ){ + $delete_index = $key; + break; + } + } + + // If we found the item, unset it + if( $delete_index!==NULL ){ + unset($array[$delete_index]); + return true; + } else { + return false; + } + +} + +/****f* itemid/get_next_id + * NAME + * get_next_id - find the next available id from an item list + * INPUTS + * $array - array of items to get the id for + * RESULT + * integer - the next available id + ******/ +function get_next_id($array){ + // Default value + $next_id = 1; + + // Search for IDs + foreach ($array as $item){ + // If this item has an ID, and it's higher or equal to the current "next ID", use that + 1 as the next ID + if(isset($item['id']) && $item['id']>=$next_id ){ + $next_id = $item['id'] + 1; + } + } + return $next_id; +} + +?>
\ No newline at end of file diff --git a/etc/inc/notices.inc b/etc/inc/notices.inc index c2722b2..2f8e5fa 100644 --- a/etc/inc/notices.inc +++ b/etc/inc/notices.inc @@ -190,4 +190,42 @@ function are_notices_pending($category = "all") { return false; } +/****f* pfsense-utils/notify_via_growl + * NAME + * notify_via_growl + * INPUTS + * notification string to send + * RESULT + * returns true if message was sent + ******/ +function notify_via_growl($message) { + require_once("growl.class"); + global $config; + $growl_ip = $config['notifications']['growl']['ipaddress']; + $growl_password = $config['notifications']['growl']['password']; + if($growl_ip) { + $growl = new Growl($growl_ip, $growl_password); + $growl->notify("pfSense growl alert", "pfSense", "{$message}"); + } +} + +/****f* pfsense-utils/register_via_growl + * NAME + * register_via_growl + * INPUTS + * none + * RESULT + * none + ******/ +function register_via_growl() { + require_once("growl.class"); + global $config; + $growl_ip = $config['notifications']['growl']['ipaddress']; + $growl_password = $config['notifications']['growl']['password']; + if($growl_ip) { + $growl = new Growl($growl_ip, $growl_password); + $growl->register(); + } +} + ?>
\ No newline at end of file diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 42781d8..69e65bc 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -128,7 +128,8 @@ function is_private_ip($iptocheck) { * returns a temporary filename ******/ function get_tmp_file() { - return "/tmp/tmp-" . time(); + global $g; + return "{$g['tmp_path']}/tmp-" . time(); } /****f* pfsense-utils/find_number_of_needed_carp_interfaces @@ -893,9 +894,10 @@ Content-Length: $content_length * php_check_syntax($code_tocheck, $errormessage): checks $code_to_check for errors */ if (!function_exists('php_check_syntax')){ + global $g; function php_check_syntax($code_to_check, &$errormessage){ return false; - $fout = fopen("/tmp/codetocheck.php","w"); + $fout = fopen("{$g['tmp_path']}/codetocheck.php","w"); $code = $_POST['content']; $code = str_replace("<?php", "", $code); $code = str_replace("?>", "", $code); @@ -903,7 +905,7 @@ if (!function_exists('php_check_syntax')){ fwrite($fout, $code_to_check); fwrite($fout, "\n\n?>\n"); fclose($fout); - $command = "/usr/local/bin/php -l /tmp/codetocheck.php"; + $command = "/usr/local/bin/php -l {$g['tmp_path']}/codetocheck.php"; $output = exec_command($command); if (stristr($output, "Errors parsing") == false) { echo "false\n"; @@ -1084,7 +1086,7 @@ function reload_interfaces_sync() { log_error("Removing {$g['tmp_path']}/reloading_all"); /* start devd back up */ - mwexec("/bin/rm /tmp/reload*"); + mwexec("/bin/rm {$g['tmp_path']}/reload*"); } /****f* pfsense-utils/reload_all @@ -1096,7 +1098,8 @@ function reload_interfaces_sync() { * none ******/ function reload_all() { - touch("/tmp/reload_all"); + global $g; + touch("{$g['tmp_path']}/reload_all"); } /****f* pfsense-utils/reload_interfaces @@ -1108,7 +1111,8 @@ function reload_all() { * none ******/ function reload_interfaces() { - touch("/tmp/reload_interfaces"); + global $g; + touch("{$g['tmp_path']}/reload_interfaces"); } /****f* pfsense-utils/reload_all_sync @@ -1167,12 +1171,12 @@ function reload_all_sync() { conf_mount_ro(); /* restart sshd */ - @touch("/tmp/start_sshd"); + @touch("{$g['tmp_path']}/start_sshd"); /* restart webConfigurator if needed */ - touch("/tmp/restart_webgui"); + touch("{$g['tmp_path']}/restart_webgui"); - mwexec("/bin/rm /tmp/reload*"); + mwexec("/bin/rm {$g['tmp_path']}/reload*"); } function auto_login($status) { @@ -1668,47 +1672,116 @@ function isvm() { return false; } -/****f* pfsense-utils/notify_via_growl - * NAME - * notify_via_growl - * INPUTS - * notification string to send - * RESULT - * returns true if message was sent - ******/ -function notify_via_growl($message) { - require_once("growl.class"); - global $config; - $growl_ip = $config['notifications']['growl']['ipaddress']; - $growl_password = $config['notifications']['growl']['password']; - if($growl_ip) { - $growl = new Growl($growl_ip, $growl_password); - $growl->notify("pfSense growl alert", "pfSense", "{$message}"); - } +function get_freebsd_version() { + $version = trim(`/usr/bin/uname -r | /usr/bin/cut -d'.' -f1`); + return $version; } -/****f* pfsense-utils/register_via_growl - * NAME - * register_via_growl - * INPUTS - * none - * RESULT - * none - ******/ -function register_via_growl() { - require_once("growl.class"); - global $config; - $growl_ip = $config['notifications']['growl']['ipaddress']; - $growl_password = $config['notifications']['growl']['password']; - if($growl_ip) { - $growl = new Growl($growl_ip, $growl_password); - $growl->register(); - } +function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') { + global $ch, $fout, $file_size, $downloaded; + $file_size = 1; + $downloaded = 1; + /* open destination file */ + $fout = fopen($destination_file, "wb"); + + /* + * Originally by Author: Keyvan Minoukadeh + * Modified by Scott Ullrich to return Content-Length size + */ + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); + curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if($fout) + fclose($fout); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; +} + +function read_header($ch, $string) { + global $file_size, $fout; + $length = strlen($string); + $regs = ""; + ereg("(Content-Length:) (.*)", $string, $regs); + if($regs[2] <> "") { + $file_size = intval($regs[2]); + } + ob_flush(); + return $length; +} + +function read_body($ch, $string) { + global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; + $length = strlen($string); + $downloaded += intval($length); + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + if($lastseen <> $downloadProgress and $downloadProgress < 101) { + if($sendto == "status") { + $tostatus = $static_status . $downloadProgress . "%"; + update_status($tostatus); + } else { + $tooutput = $static_output . $downloadProgress . "%"; + update_output_window($tooutput); + } + update_progress_bar($downloadProgress); + $lastseen = $downloadProgress; + } + if($fout) + fwrite($fout, $string); + ob_flush(); + return $length; } -function get_freebsd_version() { - $version = trim(`/usr/bin/uname -r | /usr/bin/cut -d'.' -f1`); - return $version; +/* + * update_output_window: update bottom textarea dynamically. + */ +function update_output_window($text) { + global $pkg_interface; + $log = ereg_replace("\n", "\\n", $text); + if($pkg_interface == "console") { + /* too chatty */ + } else { + echo "\n<script language=\"JavaScript\">this.document.forms[0].output.value = \"" . $log . "\";</script>"; + } + /* ensure that contents are written out */ + ob_flush(); +} + +/* + * update_output_window: update top textarea dynamically. + */ +function update_status($status) { + global $pkg_interface; + if($pkg_interface == "console") { + echo $status . "\n"; + } else { + echo "\n<script type=\"text/javascript\">this.document.forms[0].status.value=\"" . $status . "\";</script>"; + } + /* ensure that contents are written out */ + ob_flush(); +} + +/* + * update_progress_bar($percent): updates the javascript driven progress bar. + */ +function update_progress_bar($percent) { + global $pkg_interface; + if($percent > 100) $percent = 1; + if($pkg_interface <> "console") { + echo "\n<script type=\"text/javascript\" language=\"javascript\">"; + echo "\ndocument.progressbar.style.width='" . $percent . "%';"; + echo "\n</script>"; + } else { + echo " {$percent}%"; + } } ?> diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 78f42c6..721316e 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -55,7 +55,10 @@ function create_new_rrd($rrdcreatecmd) { } function migrate_rrd_format($rrdoldxml, $rrdnewxml) { - exec("echo 'Converting RRD configuration to new format. This might take a bit...' | wall"); + if(!file_exists("/tmp/rrd_notice_sent.txt")) { + exec("echo 'Converting RRD configuration to new format. This might take a bit...' | wall"); + touch("/tmp/rrd_notice_sent.txt"); + } $numrraold = count($rrdoldxml['rra']); $numdsold = count($rrdoldxml['ds']); $numrranew = count($rrdnewxml['rra']); diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 4310283..ce3d3c7 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -2,8 +2,9 @@ /* $Id$ */ /* services.inc - part of m0n0wall (http://m0n0.ch/wall) + part of the pfSense project (http://www.pfsense.com) + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. @@ -94,13 +95,23 @@ function services_dhcpd_configure() { return 1; } - + $optcounter = 0; + $custoptions = ""; + foreach ($dhcpdcfg as $dhcpif => $dhcpifconf) { + if($dhcpifconf['numberoptions']['item']) { + foreach($dhcpifconf['numberoptions']['item'] as $item) { + $custoptions .= "option custom-opt-$optcounter code {$item['number']} = text;\n"; + $optcounter++; + } + } + } $dhcpdconf = <<<EOD option domain-name "{$syscfg['domain']}"; option ldap-server code 95 = text; option domain-search-list code 119 = text; +{$custoptions} default-lease-time 7200; max-lease-time 86400; log-facility local7; @@ -256,25 +267,43 @@ $dnscfg EOD; - if ($dhcpifconf['defaultleasetime']) + // default-lease-time + if ($dhcpifconf['defaultleasetime']) $dhcpdconf .= " default-lease-time {$dhcpifconf['defaultleasetime']};\n"; + + // max-lease-time if ($dhcpifconf['maxleasetime']) $dhcpdconf .= " max-lease-time {$dhcpifconf['maxleasetime']};\n"; + // netbios-name* if (is_array($dhcpifconf['winsserver']) && $dhcpifconf['winsserver'][0]) { $dhcpdconf .= " option netbios-name-servers " . join(",", $dhcpifconf['winsserver']) . ";\n"; $dhcpdconf .= " option netbios-node-type 8;\n"; } + // ntp-servers if (is_array($dhcpifconf['ntpserver']) && $dhcpifconf['ntpserver'][0]) $dhcpdconf .= " option ntp-servers " . join(",", $dhcpifconf['ntpserver']) . ";\n"; + // tftp-server-name if ($dhcpifconf['tftp'] <> "") $dhcpdconf .= " option tftp-server-name \"{$dhcpifconf['tftp']}\";\n"; - if ($dhcpifconf['ldap'] <> "") + // Handle option, number rowhelper values + $optcounter = 0; + $dhcpdconf .= "\n"; + if($dhcpifconf['numberoptions']['item']) { + foreach($dhcpifconf['numberoptions']['item'] as $item) { + $dhcpdconf .= " option custom-opt-$optcounter \"{$item['value']}\";\n"; + $optcounter++; + } + } + + // ldap-server + if ($dhcpifconf['ldap'] <> "") $dhcpdconf .= " option ldap-server \"{$dhcpifconf['ldap']}\";\n"; + // net boot information if(isset($dhcpifconf['netboot'])) { if (($dhcpifconf['next-server'] <> "") && ($dhcpifconf['filename'] <> "")) { $dhcpdconf .= " next-server {$dhcpifconf['next-server']};\n"; @@ -282,7 +311,7 @@ EOD; } if ($dhcpifconf['rootpath'] <> "") { $dhcpdconf .= " option root-path \"{$dhcpifconf['rootpath']}\";\n"; - } + } } $dhcpdconf .= <<<EOD diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 7ce0bee..f97ec20 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -3549,6 +3549,10 @@ function read_altq_config() { global $altq_list_queues, $config; $path = array(); + if (!is_array($config['shaper'])) + $config['shaper'] = array(); + if (!is_array($config['shaper']['queue'])) + $config['shaper']['queue'] = array(); $a_int = &$config['shaper']['queue']; $altq_list_queues = array(); @@ -3585,6 +3589,10 @@ function read_dummynet_config() { $dnqueuenumber = 1; $dnpipenumber = 1; + if (!is_array($config['dnshaper'])) + $config['dnshaper'] = array(); + if (!is_array($config['dnshaper']['queue'])) + $config['dnshaper']['queue'] = array(); $a_int = &$config['dnshaper']['queue']; $dummynet_pipe_list = array(); diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 9217bd5..3939471 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -42,9 +42,9 @@ function activate_powerd() { function activate_sysctls() { global $config, $g; - exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000"); + exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001"); exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001"); - exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000"); + exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002"); exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002"); if (is_array($config['sysctl'])) @@ -455,16 +455,22 @@ auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']} *.emerg @{$syslogcfg['remoteserver']} EOD; + if (isset($syslogcfg['logall'])) { + $syslogconf .= <<<EOD +*.* @{$syslogcfg['remoteserver']} + +EOD; + } fwrite($fd, $syslogconf); fclose($fd); // Are we logging to a least one remote server ? if(strpos($syslogconf, "@") != false) - $retval = system("/usr/sbin/syslogd -f {$g['varetc_path']}/syslog.conf"); + $retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf"); else - $retval = system("/usr/sbin/syslogd -f {$g['varetc_path']}/syslog.conf"); + $retval = system("/usr/sbin/syslogd -c -f {$g['varetc_path']}/syslog.conf"); } else { - $retval = mwexec("/usr/sbin/syslogd"); + $retval = mwexec("/usr/sbin/syslogd -c"); } if ($g['booting']) @@ -519,7 +525,7 @@ function system_webgui_start() { $key = ""; /* non-standard port? */ - if ($config['system']['webgui']['port']) + if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "") $portarg = "{$config['system']['webgui']['port']}"; if ($config['system']['webgui']['protocol'] == "https") { @@ -598,7 +604,11 @@ function system_generate_lighty_config($filename, $memory = get_memory(); $avail = $memory[0]; - if($avail > 0 and $avail < 98) { + if($avail > 0 and $avail < 65) { + $fast_cgi_enable = false; + } + + if($avail > 65 and $avail < 98) { $max_procs = 1; $max_requests = 1; } @@ -959,6 +969,9 @@ function system_ntp_configure() { /* start opentpd, set time now and use /var/etc/ntpd.conf */ exec("/usr/local/sbin/ntpd -s -f {$g['varetc_path']}/ntpd.conf"); + + // Note that we are starting up + exec("echo 'OpenNTPD is starting up' >> {$g['varlog_path']}/ntpd.log"); } diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 8191d89..7d05575 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -1,10 +1,10 @@ <?php /* - Copyright (C) 2004-2006 Scott Ullrich + Copyright (C) 2004-2009 Scott Ullrich <sullrich@gmail.com> All rights reserved. originally part of m0n0wall (http://m0n0.ch/wall) -Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 4304801..c289d62 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -1,7 +1,9 @@ -<?php /* $Id$ */ /* +<?php +/* util.inc - part of m0n0wall (http://m0n0.ch/wall) + part of the pfSense project (http://www.pfsense.com) + originally part of m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. All rights reserved. @@ -648,34 +650,6 @@ function is_alias($name) { return isset($aliastable[$name]); } -function alias_expand_value($name) { - - global $aliastable, $config; - $newaddress = ""; - $firstentry = true; - if($config['aliases']['alias']) - foreach($config['aliases']['alias'] as $alias) { - if($alias['name'] == $name) { - if($alias['type'] == "openvpn") { - $vpn_address_split = split(" ", $alias['address']); - foreach($vpn_address_split as $vpnsplit) { - foreach($config['openvpn']['user'] as $openvpn) { - if($openvpn['name'] == $vpnsplit) { - if($firstentry == false) - $newaddress .= " "; - $newaddress .= $openvpn['ip']; - $firstentry = false; - } - } - } - } else { - $newaddress = $alias['address']; - } - } - } - return $newaddress; -} - /* expand a host or network alias, if necessary */ function alias_expand($name) { @@ -689,36 +663,6 @@ function alias_expand($name) { return null; } -/* expand a host alias, if necessary */ -function alias_expand_host($name) { - global $aliastable; - - if (isset($aliastable[$name])) { - $ip_arr = explode(" ", $aliastable[$name]); - foreach($ip_arr as $ip) { - if (!is_ipaddr($ip)) - return null; - } - return $aliastable[$name]; - } else if (is_ipaddr($name)) - return $name; - else - return null; -} - -/* expand a network alias, if necessary */ -function alias_expand_net($name) { - - global $aliastable; - - if (isset($aliastable[$name]) && is_subnet($aliastable[$name])) - return $aliastable[$name]; - else if (is_subnet($name)) - return $name; - else - return null; -} - /* find out whether two subnets overlap */ function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) { diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index b1620c4..51fd673 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -38,6 +38,7 @@ require_once ("functions.inc"); function vpn_ipsec_failover_configure() { global $config, $g; + require_once ("ipsec.inc"); $sasyncd_text = ""; @@ -91,6 +92,7 @@ function find_last_gif_device() { function vpn_ipsec_configure($ipchg = false) { global $config, $g, $sa, $sn, $p1_ealgos, $p2_ealgos; + require_once ("ipsec.inc"); mwexec("/sbin/ifconfig enc0 up"); @@ -871,6 +873,7 @@ EOD; function vpn_ipsec_force_reload() { global $config; global $g; + require_once ("ipsec.inc"); $ipseccfg = $config['ipsec']; diff --git a/etc/inc/xmlparse.inc b/etc/inc/xmlparse.inc index cb55117..78178b8 100644 --- a/etc/inc/xmlparse.inc +++ b/etc/inc/xmlparse.inc @@ -49,87 +49,47 @@ function listtags() { "serversdisabled earlyshellcmd shellcmd staticmap subqueue timerange ". "tunnel user vip virtual_server vlan winsserver wolentry widget " ); - return $ret; + return array_flip($ret); } /* Package XML tags that should be treat as a list not as a traditional array */ function listtags_pkg() { $ret = array("depends_on_package", "onetoone", "queue", "rule", "servernat", "alias", "additional_files_needed", "tab", "template", "menu", "rowhelperfield", "service", "step", "package", "columnitem", "option", "item", "field", "package", "file"); - return $ret; + return array_flip($ret); } -function startElement($parser, $name, $attrs) { - global $parsedcfg, $depth, $curpath, $havedata, $listtags; +function add_elements(&$cfgarray, &$parser) { + global $listtags; + while ($parser->read()) { + switch ($parser->nodeType) { + case XMLReader::WHITESPACE: + //$type = "WHITESPACE"; + break; + case XMLReader::SIGNIFICANT_WHITESPACE: + //$type = "SIGNIFICANT_WHITESPACE"; + break; + case XMLReader::ELEMENT: + if ($parser->isEmptyElement) { + $cfgarray[$parser->name] = ""; + } else { + if (isset($listtags[$parser->name])) + add_elements($cfgarray[$parser->name][], $parser); + else + add_elements($cfgarray[$parser->name], $parser); + } + break; + case XMLReader::TEXT: + $cfgarray = $parser->value; + break; + case XMLReader::END_ELEMENT: + return; + break; + default: + break; + } - array_push($curpath, strtolower($name)); - - $ptr =& $parsedcfg; - foreach ($curpath as $path) { - $ptr =& $ptr[$path]; - } - - /* is it an element that belongs to a list? */ - if (in_array(strtolower($name), $listtags)) { - - /* is there an array already? */ - if (!is_array($ptr)) { - /* make an array */ - $ptr = array(); - } - - array_push($curpath, count($ptr)); - - } else if (isset($ptr)) { - /* multiple entries not allowed for this element, bail out */ - die(sprintf("XML error: %s at line %d cannot occur more than once\n", - $name, - xml_get_current_line_number($parser))); - } - - $depth++; - $havedata = $depth; -} - -function endElement($parser, $name) { - global $depth, $curpath, $parsedcfg, $havedata, $listtags; - - if ($havedata == $depth) { - $ptr =& $parsedcfg; - foreach ($curpath as $path) { - $ptr =& $ptr[$path]; - } - $ptr = ""; - } - - array_pop($curpath); - - if (in_array(strtolower($name), $listtags)) - array_pop($curpath); - - $depth--; -} - -function cData($parser, $data) { - global $depth, $curpath, $parsedcfg, $havedata; - - $data = trim($data, "\t\n\r"); - - if ($data != "") { - $ptr =& $parsedcfg; - foreach ($curpath as $path) { - $ptr =& $ptr[$path]; - } - - if (is_string($ptr)) { - $ptr .= $data; - } else { - if (trim($data, " ") != "") { - $ptr = $data; - $havedata++; - } - } - } + } } function parse_xml_config($cffile, $rootobj, $isstring = "false") { @@ -137,10 +97,10 @@ function parse_xml_config($cffile, $rootobj, $isstring = "false") { $listtags = listtags(); if (isset($GLOBALS['custom_listtags'])) { foreach($GLOBALS['custom_listtags'] as $tag) { - $listtags[] = $tag; + $listtags[$tag] = $tag; } } - return parse_xml_config_raw($cffile, $rootobj, $isstring); + return parse_xml_config_raw($cffile, $rootobj); } function parse_xml_config_pkg($cffile, $rootobj, $isstring = "false") { @@ -148,7 +108,7 @@ function parse_xml_config_pkg($cffile, $rootobj, $isstring = "false") { $listtags = listtags_pkg(); if (isset($GLOBALS['custom_listtags_pkg'])) { foreach($GLOBALS['custom_listtags_pkg'] as $tag) { - $listtags[] = $tag; + $listtags[$tag] = $tag; } } return parse_xml_config_raw($cffile, $rootobj, $isstring); @@ -156,34 +116,14 @@ function parse_xml_config_pkg($cffile, $rootobj, $isstring = "false") { function parse_xml_config_raw($cffile, $rootobj, $isstring = "false") { - global $depth, $curpath, $parsedcfg, $havedata, $listtags; $parsedcfg = array(); - $curpath = array(); - $depth = 0; - $havedata = 0; - - $xml_parser = xml_parser_create(); - - xml_set_element_handler($xml_parser, "startElement", "endElement"); - xml_set_character_data_handler($xml_parser, "cdata"); - - if (!($fp = fopen($cffile, "r"))) { - die("Error: could not open XML input\n"); - } - while ($data = fread($fp, 4096)) { - if (!xml_parse($xml_parser, $data, feof($fp))) { - log_error(sprintf("XML error: %s at line %d\n", - xml_error_string(xml_get_error_code($xml_parser)), - xml_get_current_line_number($xml_parser))); - return -1; - } - } - xml_parser_free($xml_parser); - - if (!$parsedcfg[$rootobj]) { - die("XML error: no $rootobj object found!\n"); - } + $par = new XMLReader(); + if ($par->open($cffile)) { + add_elements($parsedcfg, $par); + $par->close(); + } else + log_error("Error returned while trying to parse {$cffile}"); return $parsedcfg[$rootobj]; } @@ -197,7 +137,7 @@ function dump_xml_config_sub($arr, $indent) { foreach ($arr as $ent => $val) { if (is_array($val)) { /* is it just a list of multiple values? */ - if (in_array(strtolower($ent), $listtags)) { + if (isset($listtags[strtolower($ent)])) { foreach ($val as $cval) { if (is_array($cval)) { $xmlconfig .= str_repeat("\t", $indent); @@ -242,7 +182,7 @@ function dump_xml_config($arr, $rootobj) { $listtags = listtags(); if (isset($GLOBALS['custom_listtags'])) { foreach($GLOBALS['custom_listtags'] as $tag) { - $listtags[] = $tag; + $listtags[$tag] = $tag; } } return dump_xml_config_raw($arr, $rootobj); @@ -253,7 +193,7 @@ function dump_xml_config_pkg($arr, $rootobj) { $listtags = listtags_pkg(); if (isset($GLOBALS['custom_listtags_pkg'])) { foreach($GLOBALS['custom_listtags_pkg'] as $tag) { - $listtags[] = $tag; + $listtags[$tag] = $tag; } } return dump_xml_config_raw($arr, $rootobj); diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index e39a1be..5abfb59 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -202,6 +202,9 @@ function post_cvssync_commands() { exec("pfctl -f /tmp/rules.debug"); echo "\n"; + if(file_exists("/etc/rc.php_ini_setup")) + exec("/etc/rc.php_ini_setup"); + echo "===> Signaling PHP and Lighty restart..."; $fd = fopen("/tmp/restart_lighty", "w"); fwrite($fd, "#!/bin/sh\n"); @@ -211,6 +214,7 @@ function post_cvssync_commands() { fclose($fd); mwexec_bg("sh /tmp/restart_lighty"); echo "\n"; + } function isUrl($url = "") { @@ -41,7 +41,7 @@ if [ "$PLATFORM" = "pfSense" ]; then mdmfs -S -M -s 4m md /var/run fi -product=`cat /etc/inc/globals.inc | grep product_name | cut -d'"' -f4` +product=`echo '<? include("/etc/inc/globals.inc"); die($g["product_name"]); ?>' | /usr/local/bin/php -q` hideplatform=`cat /etc/inc/globals.inc | grep hideplatform | wc -l` if [ "$hideplatform" -gt "0" ]; then @@ -92,7 +92,10 @@ if [ "$PLATFORM" = "cdrom" ] ; then elif [ "$PLATFORM" = "embedded" ] ; then # do nothing for embedded platform elif [ "$PLATFORM" = "nanobsd" ] ; then - # do nothing for nanobsd platform + # Ensure that packages can be persistent across reboots + /bin/mkdir -p /root/var/db/pkg + rm -rf /var/db/pkg + ln -s /root/var/db/pkg/ /var/db/pkg else SWAPDEVICE=`cat /etc/fstab | grep swap | cut -f1` /sbin/swapon -a 2>/dev/null >/dev/null diff --git a/etc/rc.bootup b/etc/rc.bootup index 75ddd36..0ea8a92 100755 --- a/etc/rc.bootup +++ b/etc/rc.bootup @@ -105,7 +105,10 @@ if($g['platform'] == "cdrom") { require_once("/etc/inc/config.inc"); echo "."; require_once("/etc/inc/functions.inc"); +echo "."; require_once("openvpn.inc"); +echo "."; + /* get system memory amount */ $memory = get_memory(); $avail = $memory[0]; @@ -192,12 +195,12 @@ interfaces_configure(); if(!$debugging) unmute_kernel_msgs(); -/* setup altq + pf */ -filter_configure_sync(); - /* generate resolv.conf */ system_resolvconf_generate(); +/* setup altq + pf */ +filter_configure_sync(); + /* start pflog */ echo "Starting PFLOG..."; filter_pflog_start(); diff --git a/etc/rc.embedded b/etc/rc.embedded index ef3c064..ada4558 100755 --- a/etc/rc.embedded +++ b/etc/rc.embedded @@ -27,6 +27,8 @@ else fi # Create some needed directories -/bin/mkdir -p /var/db/pkg/ +/bin/mkdir -p /var/db + +# Ensure vi's recover directory is present /bin/mkdir -p /var/tmp/vi.recover/ echo " done."
\ No newline at end of file diff --git a/etc/rc.firmware b/etc/rc.firmware index 1e64128..ae472d6 100755 --- a/etc/rc.firmware +++ b/etc/rc.firmware @@ -198,7 +198,7 @@ pfSenseNanoBSDupgrade) NEW_IMG_SIZE=`echo $((\`gzip -l ${IMG} | grep -v compressed | awk '{ print $2}'\` / 1024 / 1024))` SIZE=`/sbin/fdisk ${COMPLETE_PATH} | /usr/bin/grep Meg | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d"(" -f2` if [ "$SIZE" -lt "$NEW_IMG_SIZE" ]; then - file_notice "UpgradeFailure" "Upgrade failed due to the upgrade image being larger than the partition that is configured on disk. Halting." + file_notice "UpgradeFailure" "Upgrade failed due to the upgrade image being larger than the partition that is configured on disk. Halting. $SIZE < $NEW_IMG_SIZE" echo "Upgrade failed. Please check the system log file for more information" | wall rm /var/run/firmwarelock.dirty /etc/rc.conf_mount_ro @@ -264,6 +264,9 @@ pfSenseNanoBSDupgrade) exit 1 fi + # Enable foot shooting + sysctl kern.geom.debugflags=16 + # Add back the corresponding glabel echo "" >> /conf/upgrade_log.txt echo "/sbin/tunefs -L ${GLABEL_SLICE} /dev/$COMPLETE_PATH" >> /conf/upgrade_log.txt @@ -311,7 +314,7 @@ pfSenseNanoBSDupgrade) # Set active mount slice in fdisk echo "" >> /conf/upgrade_log.txt echo "gpart set -a active -i ${SLICE} ${BOOT_DRIVE}" >> /conf/upgrade_log.txt - gpart set -a active -i ${SLICE} ${BOOT_DRIVE} + gpart set -a active -i ${SLICE} ${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1 sync @@ -321,6 +324,9 @@ pfSenseNanoBSDupgrade) echo "/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE}" >> /conf/upgrade_log.txt /usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1 + # Disable foot shooting + sysctl kern.geom.debugflags=0 + # Grab a final look at fdisk echo "" >> /conf/fdisk_upgrade_log.txt echo "Final upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt diff --git a/etc/rc.firmware_auto b/etc/rc.firmware_auto index be5da91..6dab193 100755 --- a/etc/rc.firmware_auto +++ b/etc/rc.firmware_auto @@ -6,7 +6,7 @@ FMBASEURL=$1 FMFILENAME=$2 FETCHFILENAME=$1/$2 -product=`cat /etc/inc/globals.inc | grep product_name | cut -d'"' -f4` +product=`echo '<? include("/etc/inc/globals.inc"); die($g["product_name"]); ?>' | /usr/local/bin/php -q` # wait 5 seconds before beginning sleep 5 diff --git a/etc/rc.initial b/etc/rc.initial index a0cd9bc..aafac5b 100755 --- a/etc/rc.initial +++ b/etc/rc.initial @@ -64,7 +64,7 @@ fi /etc/rc.banner -product=`cat /etc/inc/globals.inc | grep product_name | cut -d'"' -f4` +product=`echo '<? include("/etc/inc/globals.inc"); die($g["product_name"]); ?>' | /usr/local/bin/php -q` hidebanner=`cat /etc/inc/globals.inc | grep hidebanner | cut -d'"' -f4` # display a cheap menu diff --git a/etc/rc.initial.setlanip b/etc/rc.initial.setlanip index 34112a0..24497bf 100755 --- a/etc/rc.initial.setlanip +++ b/etc/rc.initial.setlanip @@ -106,6 +106,7 @@ $intip = "dhcp"; $intbits = ""; $isintdhcp = true; + $restart_dhcpd = true; } } @@ -121,11 +122,11 @@ echo "e.g. 255.255.255.0 = 24\n"; echo " 255.255.0.0 = 16\n"; echo " 255.0.0.0 = 8\n"; - do { $upperifname = strtoupper($interface); echo "\n" . gettext("Enter the new {$upperifname} IPv4 subnet bit count:") . "\n> "; $intbits = chop(fgets($fp)); + $restart_dhcpd = true; } while (!is_numeric($intbits) || ($intbits < 1) || ($intbits > 31)); } } @@ -158,7 +159,7 @@ exit(0); } } while (!(is_ipaddr($dhcpendip))); - + $restart_dhcpd = true; $config['dhcpd'][$interface]['enable'] = true; $config['dhcpd'][$interface]['range']['from'] = $dhcpstartip; $config['dhcpd'][$interface]['range']['to'] = $dhcpendip; @@ -168,8 +169,9 @@ number */ if($config['dhcpd'][$interface]) unset($config['dhcpd'][$interface]['enable']); - + echo "Disabling DHCPD..."; services_dhcpd_configure(); + echo "Done!\n"; } if ($config['system']['webgui']['protocol'] == "https") { @@ -213,6 +215,10 @@ echo " Reloading filter..."; filter_configure_sync(); echo "\n"; + if($restart_dhcpd) { + echo " DHCPD..."; + services_dhcpd_configure(); + } if ($intip != '') { if (is_ipaddr($intip)) { diff --git a/etc/rc.php_ini_setup b/etc/rc.php_ini_setup index 04134ee..08aed85 100755 --- a/etc/rc.php_ini_setup +++ b/etc/rc.php_ini_setup @@ -31,9 +31,7 @@ EXTENSIONSDIR="/usr/local/lib/php/20060613/" APCSHMEMSIZE="25" # Set upload directory -if [ "$PLATFORM" = "embedded" ]; then - UPLOADTMPDIR="/root" -elif [ "$PLATFORM" = "embedded" ] ; then +if [ "$PLATFORM" = "embedded" -o "$PLATFORM" = "nanobsd" ]; then UPLOADTMPDIR="/root" else UPLOADTMPDIR="/tmp" @@ -72,6 +70,7 @@ PHPMODULES="apc \ tokenizer \ uploadprogress \ xml \ + xmlreader \ zlib" # Get a loaded module list in the stock php diff --git a/etc/rc.shutdown b/etc/rc.shutdown index f6175b4..2dd233c 100755 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -9,7 +9,7 @@ if [ -e /dev/ukbd0 ]; then /usr/sbin/vidcontrol -s 2 fi -product=`cat /etc/inc/globals.inc | grep product_name | cut -d'"' -f4` +product=`echo '<? include("/etc/inc/globals.inc"); die($g["product_name"]); ?>' | /usr/local/bin/php -q` echo echo "${product} is now shutting down ..." diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh index 469ef70..d07cfb9 100755 --- a/etc/rc.update_bogons.sh +++ b/etc/rc.update_bogons.sh @@ -6,13 +6,12 @@ echo "rc.update_bogons.sh is starting up." | logger -# Grab a random value -value=`od -A n -d -N2 /dev/random | awk '{ print $1 }'` - -echo "rc.update_bogons.sh is sleeping for $value" | logger - # Sleep for that time, unless an argument is specified. -if [ ! $1 ]; then + +if [ "$1" = "" ]; then + # Grab a random value + value=`od -A n -d -N2 /dev/random | awk '{ print $1 }'` + echo "rc.update_bogons.sh is sleeping for $value" | logger sleep $value fi diff --git a/tmp/post_upgrade_command b/tmp/post_upgrade_command index 48b3f59..a2fb94e 100755 --- a/tmp/post_upgrade_command +++ b/tmp/post_upgrade_command @@ -27,6 +27,16 @@ if [ $KERNELTYPE = "UP" ]; then fi fi +# Detect interactive logins and display the shell +echo "if [ \`env | grep SSH_TTY | wc -l\` -gt 0 ] || [ \`env | grep cons25 | wc -l\` -gt 0 ]; then" > $CVS_CO_DIR/root/.shrc +echo " /etc/rc.initial" >> $CVS_CO_DIR/root/.shrc +echo " exit" >> $CVS_CO_DIR/root/.shrc +echo "fi" >> $CVS_CO_DIR/root/.shrc +echo "if [ \`env | grep SSH_TTY | wc -l\` -gt 0 ] || [ \`env | grep cons25 | wc -l\` -gt 0 ]; then" >> $CVS_CO_DIR/root/.profile +echo " /etc/rc.initial" >> $CVS_CO_DIR/root/.profile +echo " exit" >> $CVS_CO_DIR/root/.profile +echo "fi" >> $CVS_CO_DIR/root/.profile + # Now turn on or off serial console as needed php -f /tmp/post_upgrade_command.php diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index 408e7f5..aef677d 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -3,6 +3,7 @@ $Id$ part of m0n0wall (http://m0n0.ch/wall) + Copyrigth (C) 2009 Ermal Luçi Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. All rights reserved. @@ -317,25 +318,24 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut $bw_down = isset($attributes['bw_down']) ? trim($attributes['bw_down']) : $config['captiveportal']['bwdefaultdn']; if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) { - $bw_up_pipeno = $ruleno + 40500; - exec("/sbin/ipfw add $ruleno set 2 pipe $bw_up_pipeno ip from $clientip to any in"); - exec("/sbin/ipfw pipe $bw_up_pipeno config bw {$bw_up}Kbit/s queue 100"); + $bw_up_pipeno = $ruleno + 20000; + mwexec("/sbin/ipfw pipe $bw_up_pipeno config bw {$bw_up}Kbit/s queue 100"); + mwexec("/sbin/ipfw table 3 add {$clientip} {$bw_up_pipeno}"); } else { - exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in"); + mwexec("/sbin/ipfw table 3 add {$clientip}"); } if ($peruserbw && !empty($bw_down) && is_numeric($bw_down)) { - $bw_down_pipeno = $ruleno + 45500; - exec("/sbin/ipfw add $ruleno set 2 pipe $bw_down_pipeno ip from any to $clientip out"); - exec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100"); + $bw_down_pipeno = $ruleno + 20001; + mwexec("/sbin/ipfw pipe $bw_down_pipeno config bw {$bw_down}Kbit/s queue 100"); + mwexec("/sbin/ipfw table 4 add {$clientip} {$bw_down_pipeno}"); } else { - exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out"); + mwexec("/sbin/ipfw table 4 add {$clientip}"); } /* add ipfw rules for layer 2 */ if (!isset($config['captiveportal']['nomacfilter'])) { - $l2ruleno = $ruleno + 10000; - exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); - exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); + exec("/sbin/ipfw add $ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in"); + exec("/sbin/ipfw add $ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out"); } if ($attributes['voucher']) diff --git a/usr/local/captiveportal/radius_accounting.inc b/usr/local/captiveportal/radius_accounting.inc index fb8ece3..bfd0247 100644 --- a/usr/local/captiveportal/radius_accounting.inc +++ b/usr/local/captiveportal/radius_accounting.inc @@ -157,7 +157,7 @@ function RADIUS_ACCOUNTING_STOP($ruleno,$username,$sessionid,$start_time,$radius $radiusvendor = $config['captiveportal']['radiusvendor'] ? $config['captiveportal']['radiusvendor'] : null; $stop_time = (empty($stop_time)) ? time() : $stop_time; $session_time = $stop_time - $start_time; - $volume = getVolume($ruleno); + $volume = getVolume($clientip); $volume['input_bytes_radius'] = remainder($volume['input_bytes']); $volume['input_gigawords'] = gigawords($volume['input_bytes']); $volume['output_bytes_radius'] = remainder($volume['output_bytes']); @@ -306,4 +306,4 @@ function remainder($bytes) { } -?>
\ No newline at end of file +?> diff --git a/usr/local/pkg/miniupnpd.inc b/usr/local/pkg/miniupnpd.inc index 328d9ec..8d45bad 100644 --- a/usr/local/pkg/miniupnpd.inc +++ b/usr/local/pkg/miniupnpd.inc @@ -34,7 +34,11 @@ function upnp_validate_queue($qname) { read_altq_config(); $qlist = get_altq_name_list(); - return in_array($qname, $qlist); + if (is_array($qlist)) { + return in_array($qname, $qlist); + } else { + return false; + } } function upnp_validate_ip($ip, $check_cdir) { diff --git a/usr/local/pkg/openntpd.xml b/usr/local/pkg/openntpd.xml index c503e62..907c6fb 100644 --- a/usr/local/pkg/openntpd.xml +++ b/usr/local/pkg/openntpd.xml @@ -9,7 +9,6 @@ <fielddescr>Enable</fielddescr> <description>Check this to enable the NTP server.</description> <type>checkbox</type> - <enablefields>interface</enablefields> </field> <field> <fieldname>interface</fieldname> diff --git a/usr/local/www/carp_status.php b/usr/local/www/carp_status.php index 5d4875b..c4d9477 100755 --- a/usr/local/www/carp_status.php +++ b/usr/local/www/carp_status.php @@ -79,7 +79,7 @@ include("head.inc"); <div id="mainlevel"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td class="tabcont"> + <td> <?php if(is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $carp) { @@ -99,7 +99,7 @@ include("head.inc"); ?> <p> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td class="listhdrr"><b><center>Carp Interface</center></b></td> <td class="listhdrr"><b><center>Virtual IP</center></b></td> @@ -149,42 +149,30 @@ include("head.inc"); } } ?> - <tr> - <td> - <center> -<?php - echo "<br>pfSync nodes:<br>"; - echo "<pre>"; - system("/sbin/pfctl -vvss | /usr/bin/grep creator | /usr/bin/cut -d\" \" -f7 | /usr/bin/sort -u"); - echo "</pre>"; -?> - </center> - </td> - </tr> - <tr> - <td colspan="4"> - <p> - <span class="vexpl"> - <span class="red"> - <strong> - Note: - </strong> - </span> - <br /> - You can configure CARP settings <a href="pkg_edit.php?xml=carp_settings.xml&id=0">here</a>. - </span> - </p> - </td> - </tr> </table> - </td> </tr> </table> </div> -<?php include("fend.inc"); ?> +<p/> + +<span class="vexpl"> +<span class="red"><strong>Note:</strong></span> +<br /> +You can configure CARP settings <a href="pkg_edit.php?xml=carp_settings.xml&id=0">here</a>. +</span> +<p/> + +<?php + echo "<br>pfSync nodes:<br>"; + echo "<pre>"; + system("/sbin/pfctl -vvss | /usr/bin/grep creator | /usr/bin/cut -d\" \" -f7 | /usr/bin/sort -u"); + echo "</pre>"; +?> + +<?php include("fend.inc"); ?> </body> </html> diff --git a/usr/local/www/diag_arp.php b/usr/local/www/diag_arp.php index 00f9b60..4b07f8b 100755 --- a/usr/local/www/diag_arp.php +++ b/usr/local/www/diag_arp.php @@ -240,12 +240,11 @@ $pgtitle = array("Diagnostics","ARP Table"); include("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000"> -<script src="/javascript/sorttable.js"></script> <? include("fbegin.inc"); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> -<table class="sortable" name="sortabletable" id="sortabletable" width="100%" border="0" cellpadding="0" cellspacing="0"> +<table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="listhdrr">IP address</td> <td class="listhdrr">MAC address</td> diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 9d542d5..86100fc 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -52,9 +52,10 @@ function add_base_packages_menu_items() { $base_packages = split($g['base_packages'], ","); $modified_config = false; foreach($base_packages as $bp) { - $basepkg_path = "/usr/local/pkg/"; - if(file_exists($basepkg_path . $configfile)) { - $pkg_config = parse_xml_config_pkg($basepkg_path . $bp, "packagegui"); + $basepkg_path = "/usr/local/pkg/{$bp}"; + $tmpinfo = pathinfo($basepkg_path, PATHINFO_EXTENSION); + if($tmpinfo['extension'] == "xml" && file_exists($basepkg_path)) { + $pkg_config = parse_xml_config_pkg($basepkg_path, "packagegui"); if($pkg_config['menu'] != "") { if(is_array($pkg_config['menu'])) { foreach($pkg_config['menu'] as $menu) { @@ -130,6 +131,17 @@ function spit_out_select_items($area, $showall) { } +if ($_POST['apply']) { + ob_flush(); + flush(); + sleep(5); + conf_mount_rw(); + clear_subsystem_dirty("restore"); + conf_mount_ro(); + mwexec("/sbin/shutdown -r now"); + exit; +} + if ($_POST) { unset($input_errors); if (stristr($_POST['Submit'], "Restore configuration")) @@ -167,7 +179,7 @@ if ($_POST) { $data = ""; if($options == "nopackages") { - $sfn = "/tmp/config.xml.nopkg"; + $sfn = "{$g['tmp_path']}/config.xml.nopkg"; exec("sed '/<installedpackages>/,/<\/installedpackages>/d' /conf/config.xml > {$sfn}"); $data = file_get_contents($sfn); } else { @@ -181,6 +193,8 @@ if ($_POST) { } } + unlock($lockbckp); + if ($_POST['encrypt']) { $data = encrypt_data($data, $_POST['encrypt_password']); tagfile_reformat($data, $data, "config.xml"); @@ -213,7 +227,6 @@ if ($_POST) { header("Content-Length: $size"); echo $data; - unlock($lockbckp); exit; } } @@ -252,7 +265,6 @@ if ($_POST) { $data = str_replace("m0n0wall", "pfsense", $data); $m0n0wall_upgrade = true; } - if($_POST['restorearea']) { /* restore a specific area of the configuration */ if(!stristr($data, $_POST['restorearea'])) { @@ -271,13 +283,12 @@ if ($_POST) { if (config_install($_FILES['conffile']['tmp_name']) == 0) { /* this will be picked up by /index.php */ conf_mount_rw(); - if($g['platform'] <> "cdrom") - touch("/needs_package_sync"); - $reboot_needed = true; - $savemsg = "The configuration has been restored. The firewall is now rebooting."; + mark_subsystem_dirty("restore"); + $savemsg = "The configuration has been restored. You need to reboot your firewall."; + touch("/conf/needs_package_sync"); /* remove cache, we will force a config reboot */ - if(file_exists("/tmp/config.cache")) - unlink("/tmp/config.cache"); + if(file_exists("{$g['tmp_path']}/config.cache")) + unlink("{$g['tmp_path']}/config.cache"); $config = parse_config(true); /* extract out rrd items, unset from $confgi when done */ if($config['rrddata']) { @@ -287,7 +298,7 @@ if ($_POST) { fclose($rrd_fd); } unset($config['rrddata']); - unlink_if_exists("/tmp/config.cache"); + unlink_if_exists("{$g['tmp_path']}/config.cache"); write_config(); add_base_packages_menu_items(); convert_config(); @@ -303,23 +314,85 @@ if ($_POST) { if(is_array($ifdescrs)) foreach($ifdescrs as $iface) $config['interfaces'][$iface]['descr'] = remove_bad_chars($config['interfaces'][$iface]['descr']); - unlink_if_exists("/tmp/config.cache"); + unlink_if_exists("{$g['tmp_path']}/config.cache"); + // Reset configuration version to something low + // in order to force the config upgrade code to + // run through with all steps that are required. + $config['system']['version'] = "1.0"; + // Deal with descriptions longer than 63 characters + for ($i = 0; isset($config["filter"]["rule"][$i]); $i++) { + if(count($config['filter']['rule'][$i]['descr']) > 63) + $config['filter']['rule'][$i]['descr'] = substr($config['filter']['rule'][$i]['descr'], 0, 63); + } + // Move interface from ipsec to enc0 + for ($i = 0; isset($config["filter"]["rule"][$i]); $i++) { + if($config['filter']['rule'][$i]['interface'] == "ipsec") + $config['filter']['rule'][$i]['interface'] = "enc0"; + } + // Convert icmp types + // http://www.openbsd.org/cgi-bin/man.cgi?query=icmp&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Current + for ($i = 0; isset($config["filter"]["rule"][$i]); $i++) { + if($config["filter"]["rule"][$i]['icmptype']) { + switch($config["filter"]["rule"][$i]['icmptype']) { + case "echo": + $config["filter"]["rule"][$i]['icmptype'] = "echoreq"; + break; + case "unreach": + $config["filter"]["rule"][$i]['icmptype'] = "unreach"; + break; + case "echorep": + $config["filter"]["rule"][$i]['icmptype'] = "echorep"; + break; + case "squench": + $config["filter"]["rule"][$i]['icmptype'] = "squench"; + break; + case "redir": + $config["filter"]["rule"][$i]['icmptype'] = "redir"; + break; + case "timex": + $config["filter"]["rule"][$i]['icmptype'] = "timex"; + break; + case "paramprob": + $config["filter"]["rule"][$i]['icmptype'] = "paramprob"; + break; + case "timest": + $config["filter"]["rule"][$i]['icmptype'] = "timereq"; + break; + case "timestrep": + $config["filter"]["rule"][$i]['icmptype'] = "timerep"; + break; + case "inforeq": + $config["filter"]["rule"][$i]['icmptype'] = "inforeq"; + break; + case "inforep": + $config["filter"]["rule"][$i]['icmptype'] = "inforep"; + break; + case "maskreq": + $config["filter"]["rule"][$i]['icmptype'] = "maskreq"; + break; + case "maskrep": + $config["filter"]["rule"][$i]['icmptype'] = "maskrep"; + break; + } + } + } write_config(); add_base_packages_menu_items(); convert_config(); conf_mount_ro(); - $savemsg = "The m0n0wall configuration has been restored and upgraded to pfSense.<p>The firewall is now rebooting."; - $reboot_needed = true; + $savemsg = "The m0n0wall configuration has been restored and upgraded to pfSense. You need to reboot your firewall."; + mark_subsystem_dirty("restore"); } if(isset($config['captiveportal']['enable'])) { /* for some reason ipfw doesn't init correctly except on bootup sequence */ - $savemsg = "The configuration has been restored.<p>The firewall is now rebooting."; - $reboot_needed = true; + $savemsg = "The configuration has been restored. You need to reboot your firewall."; + mark_subsystem_dirty("restore"); } setup_serial_port(); if(is_interface_mismatch() == true) { touch("/var/run/interface_mismatch_reboot_needed"); - $reboot_needed = false; + clear_subsystem_dirty("restore"); + convert_config(); header("Location: interfaces_assign.php"); exit; } @@ -343,8 +416,8 @@ if ($_POST) { if ($ver2restore <> "") { $conf_file = "{$g['cf_conf_path']}/bak/config-" . strtotime($ver2restore) . ".xml"; if (config_install($conf_file) == 0) { - $reboot_needed = true; - $savemsg = "The configuration has been restored. The firewall is now rebooting."; + mark_subsystem_dirty("restore"); + $savemsg = "The configuration has been restored. You need to reboot your firewall."; } else { $input_errors[] = "The configuration could not be restored."; } @@ -391,6 +464,9 @@ function decrypt_change() { <form action="diag_backup.php" method="post" name="iform" enctype="multipart/form-data"> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> +<?php if (is_subsystem_dirty('restore')): ?><p> +<?php print_info_box_np("The firewall configuration has been changed.<br>You must apply the new config by restarting the firewall in order for changes to take effect.", "apply", "Reboot firewall");?><br> +<?php endif; ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td> @@ -537,17 +613,3 @@ decrypt_change(); <?php include("fend.inc"); ?> </body> </html> - -<?php - -if($reboot_needed == true) { - ob_flush(); - flush(); - sleep(5); - while(file_exists("{$g['varrun_path']}/config.lock")) - sleep(3); - mwexec("/sbin/shutdown -r now"); - exit; -} - -?> diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php index bdf02c9..c79f309 100755 --- a/usr/local/www/diag_dhcp_leases.php +++ b/usr/local/www/diag_dhcp_leases.php @@ -278,7 +278,7 @@ if ($_GET['order']) /* only print pool status when we have one */ if(count($pools) > 0) { ?> -<table class="sortable" id="sortabletable" name="sortabletable" width="100%" border="0" cellpadding="0" cellspacing="0"> +<table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="listhdrr">Failover Group</a></td> <td class="listhdrr">My State</a></td> @@ -309,7 +309,7 @@ foreach ($pools as $data) { <p> -<table class="sortable" id="sortabletable" name="sortabletable" width="100%" border="0" cellpadding="0" cellspacing="0"> +<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="listhdrr"><a href="#">IP address</a></td> <td class="listhdrr"><a href="#">MAC address</a></td> diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php index fce3d19..6c56b2f 100755 --- a/usr/local/www/diag_dump_states.php +++ b/usr/local/www/diag_dump_states.php @@ -122,7 +122,7 @@ include("head.inc"); $current_statecount=`pfctl -si | grep "current entries" | awk '{ print $3 }'`; ?> -<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> +<table class="tabcont sortable" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td> <form action="<?=$_SERVER['SCRIPT_NAME'];?>" method="get"> @@ -141,7 +141,7 @@ include("head.inc"); </tr> <tr> <td> - <table class="tabcont sortable" width="100%" border="0" cellspacing="0" cellpadding="0"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td class="listhdrr" width="10%"><?=gettext("Proto");?></td> <td class="listhdrr" width="65"><?=gettext("Source -> Router -> Destination");?></td> diff --git a/usr/local/www/diag_ipsec.php b/usr/local/www/diag_ipsec.php index a080a5b..7422503 100644 --- a/usr/local/www/diag_ipsec.php +++ b/usr/local/www/diag_ipsec.php @@ -74,7 +74,7 @@ $sad = ipsec_dump_sad(); <tr> <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" class="tabcont sortable"> <tr> <td nowrap class="listhdrr">Local IP</td> <td nowrap class="listhdrr">Remote IP</a></td> @@ -116,25 +116,23 @@ $sad = ipsec_dump_sad(); } } ?> - <tr> - <td colspan="4"> - <p> - <span class="vexpl"> - <span class="red"> - <strong>Note:<br /></strong> - </span> - You can configure your IPsec - <a href="vpn_ipsec.php">here</a>. - </span> - </p> - </td> - </tr> </table> </div> </td> </tr> </table> +<p/> + +<span class="vexpl"> + <span class="red"> + <strong>Note:<br /></strong> + </span> + You can configure your IPsec + <a href="vpn_ipsec.php">here</a>. +</span> + + <?php include("fend.inc"); ?> </body> </html> diff --git a/usr/local/www/diag_ipsec_sad.php b/usr/local/www/diag_ipsec_sad.php index 1162289..4d67869 100755 --- a/usr/local/www/diag_ipsec_sad.php +++ b/usr/local/www/diag_ipsec_sad.php @@ -75,7 +75,7 @@ if ($_GET['act'] == "del") { <tr> <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> <?php if (count($sad)): ?> <tr> <td nowrap class="listhdrr">Source</td> @@ -114,21 +114,19 @@ if ($_GET['act'] == "del") { </td> </tr> <?php endif; ?> - <td colspan="4"> - <p> - <span class="vexpl"> - <span class="red"> - <strong>Note:<br></strong> - </span> - You can configure your IPsec <a href="vpn_ipsec.php">here</a>. - </span> - </p> - </td> </table> </div> </td> </tr> </table> - <?php include("fend.inc"); ?> + +<p/> + +<span class="vexpl"> +<span class="red"><strong>Note:<br></strong></span> +You can configure your IPsec <a href="vpn_ipsec.php">here</a>. +</span> + +<?php include("fend.inc"); ?> </body> </html> diff --git a/usr/local/www/diag_ipsec_spd.php b/usr/local/www/diag_ipsec_spd.php index cb4008f..a910cae 100755 --- a/usr/local/www/diag_ipsec_spd.php +++ b/usr/local/www/diag_ipsec_spd.php @@ -74,7 +74,7 @@ $spd = ipsec_dump_spd(); <tr> <td> <div id="mainarea" style="background:#eeeeee"> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> <?php if (count($spd)): ?> <tr> <td nowrap class="listhdrr">Source</td> @@ -126,22 +126,19 @@ $spd = ipsec_dump_spd(); </td> </tr> <?php endif; ?> - <td colspan="4"> - <p> - <span class="vexpl"> - <span class="red"> - <strong>Note:<br></strong> - </span> - You can configure your IPsec <a href="vpn_ipsec.php">here</a>. - </span> - </p> - </td> </table> </div> </td> </tr> </table> - <?php include("fend.inc"); ?> + +<p> +<span class="vexpl"> +<span class="red"><strong>Note:<br></strong></span> +You can configure your IPsec <a href="vpn_ipsec.php">here</a>. +</span> + +<?php include("fend.inc"); ?> </body> </html> diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php index d98bd6f..b744258 100755 --- a/usr/local/www/diag_logs_settings.php +++ b/usr/local/www/diag_logs_settings.php @@ -47,6 +47,7 @@ $pconfig['filter'] = isset($config['syslog']['filter']); $pconfig['dhcp'] = isset($config['syslog']['dhcp']); $pconfig['portalauth'] = isset($config['syslog']['portalauth']); $pconfig['vpn'] = isset($config['syslog']['vpn']); +$pconfig['logall'] = isset($config['syslog']['logall']); $pconfig['system'] = isset($config['syslog']['system']); $pconfig['enable'] = isset($config['syslog']['enable']); $pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); @@ -77,6 +78,7 @@ if ($_POST) { $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; + $config['syslog']['logall'] = $_POST['logall'] ? true : false; $config['syslog']['system'] = $_POST['system'] ? true : false; $config['syslog']['disablelocallogging'] = $_POST['disablelocallogging'] ? true : false; $config['syslog']['enable'] = $_POST['enable'] ? true : false; @@ -197,7 +199,10 @@ function enable_change(enable_over) { firewall events<br> <input name="dhcp" id="dhcp" type="checkbox" value="yes" <?php if ($pconfig['dhcp']) echo "checked"; ?>> DHCP service events<br> <input name="portalauth" id="portalauth" type="checkbox" value="yes" <?php if ($pconfig['portalauth']) echo "checked"; ?>> Portal Auth<br> <input name="vpn" id="vpn" type="checkbox" value="yes" <?php if ($pconfig['vpn']) echo "checked"; ?>> - PPTP VPN events</td> + PPTP VPN events + <br> <input name="logall" id="logall" type="checkbox" value="yes" <?php if ($pconfig['logall']) echo "checked"; ?>> + Everything + </td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/diag_nanobsd.php b/usr/local/www/diag_nanobsd.php index b6e0954..06f4c3e 100755 --- a/usr/local/www/diag_nanobsd.php +++ b/usr/local/www/diag_nanobsd.php @@ -38,41 +38,52 @@ ini_set('implicit_flush', 1); ini_set('max_input_time', '9999'); require_once("guiconfig.inc"); +require_once("config.inc"); $pgtitle = array("Diagnostics","NanoBSD"); include("head.inc"); -$BOOT_DEVICE=trim(`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`); -$REAL_BOOT_DEVICE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/{$BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`); -$BOOT_DRIVE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1`); +function detect_slice_info() { + global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; + global $GLABEL_SLIZE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; + global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE; -// Detect which slice is active and set information. -if(strstr($REAL_BOOT_DEVICE, "s1")) { - $SLICE="2"; - $OLDSLICE="1"; - $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; - $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; - $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; - $GLABEL_SLICE="pfsense1"; - $UFS_ID="1"; - $OLD_UFS_ID="0"; - $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; + $BOOT_DEVICE=trim(`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`); + $REAL_BOOT_DEVICE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/{$BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`); + $BOOT_DRIVE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1`); -} else { - $SLICE="1"; - $OLDSLICE="2"; - $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; - $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; - $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; - $GLABEL_SLICE="pfsense0"; - $UFS_ID="0"; - $OLD_UFS_ID="1"; - $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; + // Detect which slice is active and set information. + if(strstr($REAL_BOOT_DEVICE, "s1")) { + $SLICE="2"; + $OLDSLICE="1"; + $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; + $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; + $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; + $GLABEL_SLICE="pfsense1"; + $UFS_ID="1"; + $OLD_UFS_ID="0"; + $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; + + } else { + $SLICE="1"; + $OLDSLICE="2"; + $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; + $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; + $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; + $GLABEL_SLICE="pfsense0"; + $UFS_ID="0"; + $OLD_UFS_ID="1"; + $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; + } } +// Survey slice info +detect_slice_info(); + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>"> +<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> <?php include("fbegin.inc"); ?> @@ -92,34 +103,40 @@ EOF; $ASLICE="2"; $AOLDSLICE="1"; $ATOFLASH="{$BOOT_DRIVE}s{$ASLICE}"; - $ACOMPLETE_PATH="{$ABOOT_DRIVE}s{$ASLICE}a"; + $ACOMPLETE_PATH="{$BOOT_DRIVE}s{$ASLICE}a"; $AGLABEL_SLICE="pfsense1"; $AUFS_ID="1"; $AOLD_UFS_ID="0"; - $ABOOTFLASH="{$ABOOT_DRIVE}s{$AOLDSLICE}"; + $ABOOTFLASH="{$BOOT_DRIVE}s{$AOLDSLICE}"; } else { $ASLICE="1"; $AOLDSLICE="2"; - $ATOFLASH="{$ABOOT_DRIVE}s{$ASLICE}"; - $ACOMPLETE_PATH="{$ABOOT_DRIVE}s{$ASLICE}a"; + $ATOFLASH="{$BOOT_DRIVE}s{$ASLICE}"; + $ACOMPLETE_PATH="{$BOOT_DRIVE}s{$ASLICE}a"; $AGLABEL_SLICE="pfsense0"; $AUFS_ID="0"; $AOLD_UFS_ID="1"; - $ABOOTFLASH="{$ABOOT_DRIVE}s{$AOLDSLICE}"; + $ABOOTFLASH="{$BOOT_DRIVE}s{$AOLDSLICE}"; } + conf_mount_rw(); + exec("sysctl kern.geom.debugflags=16"); exec("gpart set -a active -i {$ASLICE} {$BOOT_DRIVE}"); exec("/usr/sbin/boot0cfg -s {$ASLICE} -v /dev/{$BOOT_DRIVE}"); exec("/bin/mkdir /tmp/{$AGLABEL_SLICE}"); exec("/sbin/fsck_ufs -y /dev/{$ACOMPLETE_PATH}"); exec("/sbin/mount /dev/ufs/{$AGLABEL_SLICE} /tmp/{$AGLABEL_SLICE}"); - exec("/bin/cp /etc/fstab /tmp/{$AGLABEL_SLICE}/etc/fstab"); $fstab = <<<EOF /dev/ufs/{$AGLABEL_SLICE} / ufs ro 1 1 /dev/ufs/cf /cf ufs ro 1 1 EOF; file_put_contents("/tmp/{$AGLABEL_SLICE}/etc/fstab", $fstab); exec("/sbin/umount /tmp/{$AGLABEL_SLICE}"); - $savemsg = "The boot slice has been set to {$ABOOT_DRIVE} {$AGLABEL_SLICE}"; + exec("sysctl kern.geom.debugflags=0"); + conf_mount_ro(); + $savemsg = "The boot slice has been set to {$BOOT_DRIVE} {$AGLABEL_SLICE}"; + // Survey slice info + detect_slice_info(); + } if($_POST['destslice']) { @@ -127,12 +144,13 @@ if($_POST['destslice']) { echo <<<EOF <div id="loading"> <img src="/themes/metallic/images/misc/loader.gif"> - Duplicaating slice. Please wait, this will take a moment... + Duplicating slice. Please wait, this will take a moment... <p/> </div> EOF; for ($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } ob_implicit_flush(1); + exec("sysctl kern.geom.debugflags=16"); exec("dd if=/dev/zero of=/dev/{$TOFLASH} bs=1m count=1"); exec("/bin/dd if=/dev/{$BOOTFLASH} of=/dev/{$TOFLASH} bs=64k"); exec("/sbin/tunefs -L {$GLABEL_SLICE} /dev/{$COMPLETE_PATH}"); @@ -148,6 +166,9 @@ EOF; $savemsg = "The slice has been duplicated.<p/>If you would like to boot from this newly duplicated slice please set it using the bootup information area."; exec("/sbin/umount /tmp/{$GLABEL_SLICE}"); } + exec("sysctl kern.geom.debugflags=0"); + // Re-Survey slice info + detect_slice_info(); } if ($savemsg) @@ -266,4 +287,4 @@ echo "<script type=\"text/javascript\">"; echo "$('loading').innerHTML = '';"; echo "</script>"; -?>
\ No newline at end of file +?> diff --git a/usr/local/www/diag_showbogons.php b/usr/local/www/diag_showbogons.php new file mode 100644 index 0000000..690e4de --- /dev/null +++ b/usr/local/www/diag_showbogons.php @@ -0,0 +1,100 @@ +<?php +/* $Id$ */ +/* + diag_showbogons.php + Copyright (C) 2009 Scott Ullrich + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +##|+PRIV +##|*IDENT=page-diag-showbogons +##|*NAME=Diagnostics: System Activity +##|*DESCR=Allows access to the 'Diagnostics: Show Bogons' page +##|*MATCH=diag_showbogons.php +##|-PRIV + +require("guiconfig.inc"); + +if($_POST['Download']) { + mwexec_bg("/etc/rc.update_bogons.sh now"); + $maxtimetowait = 0; + $loading = true; + while($loading == true) { + $isrunning = `ps awwwux | grep -v grep | grep bogons`; + if($isrunning == "") + $loading = false; + $maxtimetowait++; + if($maxtimetowait > 89) + $loading = false; + sleep(1); + } + if($maxtimetowait < 90) + $savemsg = "The bogons database has been updated."; +} + +$bogons = `cat /etc/bogons`; +$pgtitle = "Diagnostics: Show Bogons"; + +include("head.inc"); +include("fbegin.inc"); + +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<style type="text/css"> +body { font-family: Verdana; font-size: 100%; } +pre { font-size: 1.15em; } +</style> +<?php if ($input_errors) print_input_errors($input_errors); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> +<form method="post" action="diag_showbogons.php"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td> + <table id="backuptable" class="tabcont" align="left" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td> + <table> + <tr> + <td> +<b>Currently loaded bogons table:</b><p/> +<pre> + +<?php echo $bogons; ?> +</pre> + </td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> +</table> +<p/> +<input type="submit" name="Download" value="Download"> latest bogon data. +</form> +<?php include("fend.inc"); ?> +</body> +</html> diff --git a/usr/local/www/diag_system_pftop.php b/usr/local/www/diag_system_pftop.php index 78fdbe5..abdd7e3 100644 --- a/usr/local/www/diag_system_pftop.php +++ b/usr/local/www/diag_system_pftop.php @@ -1,7 +1,7 @@ <?php /* $Id$ */ /* - diag_cpu_pftop.php + diag_system_pftop.php Copyright (C) 2008 Scott Ullrich All rights reserved. @@ -31,7 +31,7 @@ ##|*IDENT=page-diag-system-activity ##|*NAME=Diagnostics: System Activity ##|*DESCR=Allows access to the 'Diagnostics: System Activity' page -##|*MATCH=diag_system_activity* +##|*MATCH=diag_system_pftop* ##|-PRIV require("guiconfig.inc"); diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 51eeb73..6a5b0cb 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -1,3 +1,6 @@ + +<script src="/javascript/sorttable.js"></script> + <?php require_once("globals.inc"); @@ -259,7 +262,7 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { output_menu_item("/diag_arp.php", "ARP Tables"); output_menu_item("/diag_backup.php", "Backup/Restore"); output_menu_item("/exec.php", "Command Prompt"); - output_menu_item("/diag_dns.php", "DNS"); + output_menu_item("/diag_dns.php", "DNS Lookup"); output_menu_item("/edit.php", "Edit File"); output_menu_item("/diag_defaults.php", "Factory Defaults"); output_menu_item("/halt.php", "Halt System"); @@ -269,6 +272,7 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { output_menu_item("/diag_system_pftop.php", "pfTOP"); output_menu_item("/reboot.php", "Reboot"); output_menu_item("/diag_routes.php", "Routes"); + output_menu_item("/diag_showbogons.php", "Show Bogons"); output_menu_item("/diag_dump_states.php", "States"); output_menu_item("/diag_system_activity.php", "System Activity"); output_menu_item("/diag_traceroute.php", "Traceroute"); diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 90c0673..d99ae71 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -3,6 +3,7 @@ /* firewall_aliases_edit.php Copyright (C) 2004 Scott Ullrich + Copyright (C) 2009 Ermal Luçi All rights reserved. originially part of m0n0wall (http://m0n0.ch/wall) @@ -48,12 +49,68 @@ if (!is_array($config['aliases']['alias'])) aliases_sort(); $a_aliases = &$config['aliases']['alias']; + +if($_POST) + $origname = $_POST['origname']; + +// Debugging +if($debug) + exec("rm -f {$g['tmp_path']}/alias_rename_log.txt"); + +function update_alias_names_upon_change($section, $subsection, $fielda, $fieldb, $new_alias_name) { + global $g, $config, $pconfig, $origname, $debug; + if(!$origname) + return; + + if($debug) $fd = fopen("{$g['tmp_path']}/print_r", "a"); + if($debug) fwrite($fd, print_r($pconfig, true)); + + if($fieldb) { + if($debug) fwrite($fd, "fieldb exists\n"); + for ($i = 0; isset($config["$section"]["$subsection"][$i]["$fielda"]); $i++) { + if($debug) fwrite($fd, "$i\n"); + if($config["$section"]["$subsection"][$i]["$fielda"]["$fieldb"] == $origname) { + if($debug) fwrite($fd, "Setting old alias value $origname to $new_alias_name\n"); + $config["$section"]["$subsection"][$i]["$fielda"]["$fieldb"] = $new_alias_name; + } + } + } else { + if($debug) fwrite($fd, "fieldb does not exist\n"); + for ($i = 0; isset($config["$section"]["$subsection"][$i]["$fielda"]); $i++) { + if($config["$section"]["$subsection"][$i]["$fielda"] == $origname) { + $config["$section"]["$subsection"][$i]["$fielda"] = $new_alias_name; + if($debug) fwrite($fd, "Setting old alias value $origname to $new_alias_name\n"); + } + } + } + + if($debug) fclose($fd); + +} + +function alias_same_type($name, $type) { + global $config; + + foreach ($config['aliases']['alias'] as $alias) { + if ($name == $alias['name']) { + if (in_array($type, array("host", "network")) && + in_array($alias['type'], array("host", "network"))) + return true; + if ($type == $alias['type']) + return true; + else + return false; + } + } + return true; +} $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; if (isset($id) && $a_aliases[$id]) { + $original_alias_name = $a_aliases[$id]['name']; $pconfig['name'] = $a_aliases[$id]['name']; $pconfig['detail'] = $a_aliases[$id]['detail']; $pconfig['address'] = $a_aliases[$id]['address']; @@ -144,9 +201,9 @@ if ($_POST) { if($_POST['address' . $x]) { /* fetch down and add in */ $isfirst = 0; - $temp_filename = tempnam("/tmp/", "alias_import"); + $temp_filename = tempnam("{$g['tmp_path']}/", "alias_import"); unlink($temp_filename); - $fda = fopen("/tmp/tmpfetch","w"); + $fda = fopen("{$g['tmp_path']}/tmpfetch","w"); fwrite($fda, "/usr/bin/fetch -q -o \"{$temp_filename}/aliases\" \"" . $_POST['address' . $x] . "\""); fclose($fda); mwexec("mkdir -p {$temp_filename}"); @@ -190,6 +247,7 @@ if ($_POST) { $address = ""; $isfirst = 0; /* item is a normal alias type */ + $wrongaliases = ""; for($x=0; $x<4999; $x++) { if($_POST["address{$x}"] <> "") { if ($isfirst > 0) @@ -207,7 +265,13 @@ if ($_POST) { $final_address_details .= "||"; $isfirst++; } + if (is_alias($_POST["address{$x}"])) { + if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) + $wrongaliases .= " " . $_POST["address{$x}"]; + } } + if ($wrongaliases <> "") + $input_errors[] = "The following aliases: {$wrongaliases} \ncannot be nested cause they are not of the same type."; } if (!$input_errors) { @@ -216,9 +280,40 @@ if ($_POST) { $alias['type'] = $_POST['type']; $alias['detail'] = $final_address_details; - if (isset($id) && $a_aliases[$id]) + /* Check to see if alias name needs to be + * renamed on referenced rules and such + */ + if ($_POST['name'] <> $_POST['origname']) { + // Firewall rules + update_alias_names_upon_change('filter', 'rule', 'source', 'address', $_POST['name']); + update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $_POST['name']); + // NAT Rules + update_alias_names_upon_change('nat', 'rule', 'target', '', $_POST['name']); + update_alias_names_upon_change('nat', 'rule', 'external-port', '', $_POST['name']); + update_alias_names_upon_change('nat', 'rule', 'local-port', '' , $_POST['name']); + // Alias in an alias + update_alias_names_upon_change('aliases', 'alias', 'address', '' , $_POST['name']); + } + + if (isset($id) && $a_aliases[$id]) { + if ($a_aliases[$id]['name'] <> $alias['name']) { + foreach ($a_aliases as $aliasid => $aliasd) { + if ($aliasd['address'] <> "") { + $tmpdirty = false; + $tmpaddr = explode(" ", $aliasd['address']); + foreach ($tmpaddr as $tmpidx => $tmpalias) { + if ($tmpalias == $a_aliases[$id]['name']) { + $tmpaddr[$tmpidx] = $alias['name']; + $tmpdirty = true; + } + } + if ($tmpdirty == true) + $a_aliases[$aliasid]['address'] = implode(" ", $tmpaddr); + } + } + } $a_aliases[$id] = $alias; - else + } else $a_aliases[] = $alias; mark_subsystem_dirty('aliases'); @@ -244,6 +339,8 @@ include("head.inc"); $jscriptstr = <<<EOD <script type="text/javascript"> + +var objAlias = new Array(4999); function typesel_change() { switch (document.iform.type.selectedIndex) { case 0: /* host */ @@ -300,6 +397,13 @@ function typesel_change() { } } +function add_alias_control() { + var name = "address" + (totalrows - 1); + obj = document.getElementById(name); + obj.setAttribute('class', 'formfldalias'); + obj.setAttribute('autocomplete', 'off'); + objAlias[totalrows - 1] = new AutoSuggestControl(obj, new StateSuggestions(addressarray)); +} EOD; $network_str = gettext("Network"); @@ -374,6 +478,10 @@ EOD; <script type="text/javascript" src="/javascript/row_helper.js"> </script> +<script type="text/javascript" src="/javascript/autosuggest.js"> +</script> +<script type="text/javascript" src="/javascript/suggestions.js"> +</script> <input type='hidden' name='address_type' value='textbox' /> <input type='hidden' name='address_subnet_type' value='select' /> @@ -400,20 +508,10 @@ EOD; <tr> <td colspan="2" valign="top" class="listtopic">Alias Edit</td> </tr> -<?php if(is_alias_inuse($pconfig['name']) == true): ?> - <tr> - <td valign="top" class="vncellreq">Name</td> - <td class="vtable"> <input name="name" type="hidden" id="name" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> - <?php echo $pconfig['name']; ?> - <p> - <span class="vexpl">NOTE: This alias is in use so the name may not be modified!</span> - </p> - </td> - </tr> -<?php else: ?> <tr> <td valign="top" class="vncellreq">Name</td> <td class="vtable"> + <input name="origname" type="hidden" id="origname" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <input name="name" type="text" id="name" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['name']);?>" /> <br /> <span class="vexpl"> @@ -421,7 +519,6 @@ EOD; </span> </td> </tr> -<?php endif; ?> <tr> <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable"> @@ -480,7 +577,7 @@ EOD; ?> <tr> <td> - <input name="address<?php echo $tracker; ?>" type="text" class="formfld unknown" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" /> + <input autocomplete="off" name="address<?php echo $tracker; ?>" type="text" class="formfldalias" id="address<?php echo $tracker; ?>" size="30" value="<?=htmlspecialchars($address);?>" /> </td> <td> <select name="address_subnet<?php echo $tracker; ?>" class="formselect" id="address_subnet<?php echo $tracker; ?>"> @@ -508,7 +605,7 @@ EOD; </tfoot> </table> - <a onclick="javascript:addRowTo('maintable'); typesel_change(); return false;" href="#"> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); typesel_change(); add_alias_control(this); return false;" href="#"> <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> </a> </td> @@ -533,6 +630,30 @@ EOD; loaded = <?php echo $counter; ?>; typesel_change(); update_box_type(); + +<?php + $isfirst = 0; + $aliases = ""; + $addrisfirst = 0; + $aliasesaddr = ""; + if(isset($config['aliases']['alias']) && is_array($config['aliases']['alias'])) + foreach($config['aliases']['alias'] as $alias_name) { + if ($pconfig['name'] <> "" && $pconfig['name'] == $alias_name['name']) + continue; + if($addrisfirst == 1) $aliasesaddr .= ","; + $aliasesaddr .= "'" . $alias_name['name'] . "'"; + $addrisfirst = 1; + } +?> + + var addressarray=new Array(<?php echo $aliasesaddr; ?>); + +<?php + for ($jv = 0; $jv < $counter; $jv++) + echo "objAlias[{$jv}] = new AutoSuggestControl(document.getElementById(\"address{$jv}\"), new StateSuggestions(addressarray));\n"; +?> + + </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 741e15a..274a3f2 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -81,6 +81,12 @@ if (isset($_POST['del_x'])) { if (is_array($_POST['rule']) && count($_POST['rule'])) { foreach ($_POST['rule'] as $rulei) { $target = $rule['target']; + // Check for filter rule associations + if (isset($a_nat[$rulei]['associated-filter-rule-id'])){ + delete_id($a_nat[$rulei]['associated-filter-rule-id'], $config['filter']['rule']); + + mark_subsystem_dirty('filter'); + } unset($a_nat[$rulei]); } write_config(); @@ -217,7 +223,11 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript ?> <tr valign="top" id="fr<?=$nnats;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> - <td class="listt" align="center"></td> + <td class="listt" align="center"> + <?php if(isset($natent['associated-filter-rule-id']) && $natent['associated-filter-rule-id']>0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="Firewall rule ID <?=htmlspecialchars($natent['associated-filter-rule-id']); ?> is managed with this rule" border="0"> + <?php endif; ?> + </td> <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> <?php if (!$natent['interface'] || ($natent['interface'] == "wan")) diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 10fb84d..d8a9fb6 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -61,6 +61,7 @@ if (isset($id) && $a_nat[$id]) { $pconfig['localbeginport'] = $a_nat[$id]['local-port']; $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['interface'] = $a_nat[$id]['interface']; + $pconfig['associated-filter-rule-id'] = $a_nat[$id]['associated-filter-rule-id']; $pconfig['nosync'] = isset($a_nat[$id]['nosync']); if (!$pconfig['interface']) $pconfig['interface'] = "wan"; @@ -181,24 +182,29 @@ if ($_POST) { $natent['local-port'] = $_POST['localbeginport']; $natent['interface'] = $_POST['interface']; $natent['descr'] = $_POST['descr']; + $natent['associated-filter-rule-id'] = $_POST['associated-filter-rule-id']; if($_POST['nosync'] == "yes") $natent['nosync'] = true; else unset($natent['nosync']); - if (isset($id) && $a_nat[$id]) - $a_nat[$id] = $natent; - else { - if (is_numeric($after)) - array_splice($a_nat, $after+1, 0, array($natent)); - else - $a_nat[] = $natent; - } + $need_filter_rule = false; + // Updating a rule with a filter rule associated + if( $natent['associated-filter-rule-id']>0 ) + $need_filter_rule = true; + // If creating a new rule, where we want to add the filter rule, associated or not + else if( isset($_POST['filter-rule-association']) && + ($_POST['filter-rule-association']=='add-associated' || + $_POST['filter-rule-association']=='add-unassociated') ) + $need_filter_rule = true; - mark_subsystem_dirty('natconf'); + if ($need_filter_rule) { + + // If we had a previous rule associated with this NAT rule, delete that + if( $natent['associated-filter-rule-id'] > 0 ) + delete_id($natent['associated-filter-rule-id'], $config['filter']['rule']); - if ($_POST['autoadd']) { /* auto-generate a matching firewall rule */ $filterent = array(); $filterent['interface'] = $_POST['interface']; @@ -221,11 +227,30 @@ if ($_POST) { */ $filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 59); + // If we had a previous rule association, update this rule with that ID so we don't lose association + if ($natent['associated-filter-rule-id'] > 0) + $filterent['id'] = $natent['associated-filter-rule-id']; + // If we wanted this rule to be associated, make sure the NAT entry is updated with the same ID + else if($_POST['filter-rule-association']=='add-associated') + $natent['associated-filter-rule-id'] = $filterent['id'] = get_next_id($config['filter']['rule']); + $config['filter']['rule'][] = $filterent; mark_subsystem_dirty('filter'); } + // Update NAT entry after creating/updating the firewall rule, so we have it's rule ID if one was created + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else { + if (is_numeric($after)) + array_splice($a_nat, $after+1, 0, array($natent)); + else + $a_nat[] = $natent; + } + + mark_subsystem_dirty('natconf'); + write_config(); header("Location: firewall_nat.php"); @@ -390,13 +415,34 @@ include("fbegin.inc"); ?> HINT: This prevents the rule from automatically syncing to other CARP members. </td> </tr> + <?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?> + <tr> + <td width="22%" valign="top" class="vncell">Filter rule association</td> + <td width="78%" class="vtable"> + <select name="associated-filter-rule-id"> + <option value="">None</option> + <?php foreach ($config['filter']['rule'] as $filter_rule): ?> + <?php if (isset($filter_rule['id']) && $filter_rule['id']>0): ?> + <option value="<?php echo $filter_rule['id']; ?>"<?php if($filter_rule['id']==$pconfig['associated-filter-rule-id']) echo " SELECTED"; ?>> + <?php echo htmlspecialchars('Rule ' . $filter_rule['id'] . ' - ' . $filter_rule['descr']); ?> + </option> + <?php endif; ?> + <?php endforeach; ?> + </select> + </td> + </tr> + <?php endif; ?> <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']))): ?> <tr> - <td width="22%" valign="top"> </td> + <td width="22%" valign="top">Filter rule association</td> <td width="78%"> - <input name="autoadd" type="checkbox" id="autoadd" value="yes" CHECKED> - <strong>Auto-add a firewall rule to permit traffic through - this NAT rule</strong></td> + <select name="filter-rule-association" id="filter-rule-association"> + <option value="">None</option> + <option value="add-associated" selected="selected">Add associated rule</option> + <option value="add-unassociated">Add unassociated rule</option> + <option value="pass">Pass</option> + </select> + </td> </tr><?php endif; ?> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/firewall_nat_server.php b/usr/local/www/firewall_nat_server.php deleted file mode 100755 index 876b73e..0000000 --- a/usr/local/www/firewall_nat_server.php +++ /dev/null @@ -1,159 +0,0 @@ -<?php -/* $Id$ */ -/* - firewall_nat_server.php - part of m0n0wall (http://m0n0.ch/wall) - - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -##|+PRIV -##|*IDENT=page-firewall-nat-nataddresses -##|*NAME=Firewall: NAT: NAT Addresses page -##|*DESCR=Allow access to the 'Firewall: NAT: NAT Addresses' page. -##|*MATCH=firewall_nat_server.php* -##|-PRIV - - -require("guiconfig.inc"); - -if (!is_array($config['nat']['servernat'])) { - $config['nat']['servernat'] = array(); -} -$a_snat = &$config['nat']['servernat']; -nat_server_rules_sort(); - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - $retval |= filter_configure(); - - $savemsg = get_std_save_message($retval); - - if ($retval == 0) { - clear_subsystem_dirty('natconf'); - clear_subsystem_dirty('filter'); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_snat[$_GET['id']]) { - /* make sure no inbound NAT mappings reference this entry */ - if (is_array($config['nat']['rule'])) { - foreach ($config['nat']['rule'] as $rule) { - if ($rule['external-address'] == $a_snat[$_GET['id']]['ipaddr']) { - $input_errors[] = "This entry cannot be deleted because it is still referenced by at least one inbound NAT mapping."; - break; - } - } - } - - if (!$input_errors) { - unset($a_snat[$_GET['id']]); - write_config(); - mark_subsystem_dirty('natconf'); - header("Location: firewall_nat_server.php"); - exit; - } - } -} - -$pgtitle = array("Firewall","NAT","NAT Addresses"); -include("head.inc"); - -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<form action="firewall_nat_server.php" method="post"> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (is_subsystem_dirty('natconf')): ?><p> -<?php print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> -<?php endif; ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> -<?php - $tab_array = array(); - $tab_array[0] = array("Port Forward", false, "firewall_nat.php"); - $tab_array[1] = array("NAT Addresses", true, "firewall_nat_server.php"); - $tab_array[2] = array("1:1", false, "firewall_nat_1to1.php"); - $tab_array[3] = array("Outbound", false, "firewall_nat_out.php"); - $tab_array[4] = array("Outbound Load Balancing", false, "firewall_nat_out_load_balancing.php"); - display_top_tabs($tab_array); -?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="40%" class="listhdrr">External IP address</td> - <td width="50%" class="listhdr">Description</td> - <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach ($a_snat as $natent): ?> - <tr> - <td class="listlr" ondblclick="document.location='firewall_nat_server_edit.php?id=<?=$i;?>';"> - <?=$natent['ipaddr'];?> - </td> - <td class="listbg" ondblclick="document.location='firewall_nat_server_edit.php?id=<?=$i;?>';"> - <?=htmlspecialchars($natent['descr']);?> - </td> - <td class="list" nowrap> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="firewall_nat_server_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="firewall_nat_server.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="firewall_nat_server_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - <tr> - <td colspan="2"> - <p><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span>The external IP addresses defined on this page may be used in <a href="firewall_nat.php">inbound NAT</a> mappings. Depending on the way your WAN connection is setup, you may also need a <a href="services_virtual_ip.php">Virtual IP</a>.</span></p> - </td> - </tr> - </table> - </div> - </table> - </form> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/firewall_nat_server_edit.php b/usr/local/www/firewall_nat_server_edit.php deleted file mode 100755 index 2ed8624..0000000 --- a/usr/local/www/firewall_nat_server_edit.php +++ /dev/null @@ -1,172 +0,0 @@ -<?php -/* $Id$ */ -/* - firewall_nat_server_edit.php - Copyright (C) 2004, 2005 Scott Ullrich - All rights reserved. - - Originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -##|+PRIV -##|*IDENT=page-firewall-nat-nataddresses-edit -##|*NAME=Firewall: NAT: NAT Addresses: Edit page -##|*DESCR=Allow access to the 'Firewall: NAT: NAT Addresses: Edit' page. -##|*MATCH=firewall_nat_server_edit.php* -##|-PRIV - -function natservercmp($a, $b) { - return ipcmp($a['ipaddr'], $b['ipaddr']); -} - -function nat_server_rules_sort() { - global $g, $config; - - if (!is_array($config['nat']['servernat'])) - return; - - usort($config['nat']['servernat'], "natservercmp"); -} - -require("guiconfig.inc"); - -if (!is_array($config['nat']['servernat'])) { - $config['nat']['servernat'] = array(); -} -nat_server_rules_sort(); -$a_snat = &$config['nat']['servernat']; - -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if (isset($id) && $a_snat[$id]) { - $pconfig['ipaddr'] = $a_snat[$id]['ipaddr']; - $pconfig['descr'] = $a_snat[$id]['descr']; -} - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "ipaddr"); - $reqdfieldsn = explode(",", "External IP address"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { - $input_errors[] = "A valid external IP address must be specified."; - } - - if ($_POST['ipaddr'] == get_interface_ip("wan")) - $input_errors[] = "The WAN IP address may not be used in a NAT Address entry."; - - /* check for overlaps with other server NAT */ - foreach ($a_snat as $natent) { - if (isset($id) && ($a_snat[$id]) && ($a_snat[$id] === $natent)) - continue; - - if ($_POST['ipaddr'] == $natent['ipaddr']) { - $input_errors[] = "There is already a server NAT entry for the specified external IP address."; - break; - } - } - - /* check for overlaps with 1:1 NAT */ - if (is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $natent) { - if (check_subnets_overlap($_POST['ipaddr'], 32, $natent['external'], $natent['subnet'])) { - $input_errors[] = "A 1:1 NAT mapping overlaps with the specified external IP address."; - break; - } - } - } - - if (!$input_errors) { - $natent = array(); - $natent['ipaddr'] = $_POST['ipaddr']; - $natent['descr'] = $_POST['descr']; - - nat_server_rules_sort(); - if (isset($id) && $a_snat[$id]) { - /* modify all inbound NAT rules with this address */ - for ($i = 0; isset($config['nat']['rule'][$i]); $i++) { - if ($config['nat']['rule'][$i]['external-address'] == $a_snat[$id]['ipaddr']) - $config['nat']['rule'][$i]['external-address'] = $natent['ipaddr']; - } - $a_snat[$id] = $natent; - } else - $a_snat[] = $natent; - - mark_subsystem_dirty('natconf'); - - write_config(); - - header("Location: firewall_nat_server.php"); - exit; - } -} - -$pgtitle = array("Firewall","NAT","NAT Addresses","Edit"); -include("head.inc"); - -?> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="firewall_nat_server_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">External IP address</td> - <td width="78%" class="vtable"> - <input name="ipaddr" type="text" class="formfld unknown" id="ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipaddr']);?>"> - - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> - <br> <span class="vexpl">You may enter a description here - for your reference (not parsed).</span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> - <?php if (isset($id) && $a_snat[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - </table> -</form> -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index a4da1e0..a6f5b38 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -42,6 +42,25 @@ $pgtitle = array("Firewall", "Rules"); require("guiconfig.inc"); +function check_for_advaned_options(&$item) { + $item_set = ""; + if($item['max-src-nodes']) + $item_set .= "max-src-nodes {$item['max-src-nodes']} "; + if($item['max-src-states']) + $item_set .= "max-src-states {$item['max-src-states']} "; + if($item['statetype'] != "keep state" && $item['statetype'] != "") + $item_set .= "statetype {$item['statetype']} {$item['statetype']}"; + if($item['statetimeout']) + $item_set .= "statetimeout {$item['statetimeout']}"; + if($item['nosync']) + $item_set .= "nosync "; + if($item['max-src-conn-rate']) + $item_set .= "max-src-conn-rate {$item['max-src-conn-rate']} "; + if($item['max-src-conn-rates']) + $item_set .= "max-src-conn-rates {$item['max-src-conn-rates']} "; + return $item_set; +} + if (!is_array($config['filter']['rule'])) { $config['filter']['rule'] = array(); } @@ -230,15 +249,16 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <tr id="frheader"> <td width="3%" class="list"> </td> <td width="5%" class="list"> </td> + <td width="3%" class="listhdrr">ID</td> <td width="6%" class="listhdrr">Proto</td> - <td width="15%" class="listhdrr">Source</td> + <td width="14%" class="listhdrr">Source</td> <td width="7%" class="listhdrr">Port</td> - <td width="15%" class="listhdrr">Destination</td> + <td width="14%" class="listhdrr">Destination</td> <td width="7%" class="listhdrr">Port</td> <td width="5%" class="listhdrr">Gateway</td> <td width="10%" class="listhdrr">Queue</td> <td width="5%" class="listhdrr">Schedule</td> - <td width="22%" class="listhdr">Description</td> + <td width="21%" class="listhdr">Description</td> <td width="10%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> @@ -247,8 +267,8 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript for ($i = 0; isset($a_filter[$i]); $i++) { $filterent = $a_filter[$i]; if ($filterent['interface'] != $if && !isset($filterent['floating'])) - continue; - if (isset($filterent['floating']) && "FloatingRules" != $if) + continue; + if (isset($filterent['floating']) && "FloatingRules" != $if) continue; $nrules++; } @@ -267,7 +287,8 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <tr valign="top" id="frrfc1918"> <td width="3%" class="list"> </td> <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0"></td> - <td class="listlr" style="background-color: #e0e0e0">*</td> + <td class="listlr" style="background-color: #e0e0e0"></td> + <td class="listr" style="background-color: #e0e0e0">*</td> <td class="listr" style="background-color: #e0e0e0">RFC 1918 networks</td> <td class="listr" style="background-color: #e0e0e0">*</td> <td class="listr" style="background-color: #e0e0e0">*</td> @@ -294,7 +315,8 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <tr valign="top" id="frrfc1918"> <td width="3%" class="list"> </td> <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0"></td> - <td class="listlr" style="background-color: #e0e0e0">*</td> + <td class="listlr" style="background-color: #e0e0e0"></td> + <td class="listr" style="background-color: #e0e0e0">*</td> <td class="listr" style="background-color: #e0e0e0">Reserved/not assigned by IANA</td> <td class="listr" style="background-color: #e0e0e0">*</td> <td class="listr" style="background-color: #e0e0e0">*</td> @@ -320,12 +342,20 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++): $filterent = $a_filter[$i]; if ($filterent['interface'] != $if && !isset($filterent['floating'])) - continue; - if (isset($filterent['floating']) && "FloatingRules" != $if) - continue; + continue; + if (isset($filterent['floating']) && "FloatingRules" != $if) + continue; + $isadvset = check_for_advaned_options($filterent); + if($isadvset) + $advanced_set = "<img src=\"./themes/{$g['theme']}/images/icons/icon_advanced.gif\" title=\"advanced settings set: $isadvset\" border=\"0\">"; + else + $advanced_set = "" ?> <tr valign="top" id="fr<?=$nrules;?>"> - <td class="listt"><input type="checkbox" id="frc<?=$nrules;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nrules;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> + <td class="listt"> + <input type="checkbox" id="frc<?=$nrules;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nrules;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"> + <?php echo $advanced_set; ?> + </td> <td class="listt" align="center"> <?php if ($filterent['type'] == "block") $iconfn = "block"; @@ -518,6 +548,9 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript } ?> <td class="listlr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?><?php if (isset($filterent['id'])) echo $filterent['id']; else echo ""; ?><?=$textse;?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> <?=$textss;?><?php if (isset($filterent['protocol'])) echo strtoupper($filterent['protocol']); else echo "*"; ?><?=$textse;?> </td> <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> @@ -584,6 +617,7 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td class="list"> </td> <td class="list"> </td> <td class="list"> </td> + <td class="list"> </td> <td class="list"> </td> <td class="list"> </td> <td class="list"> </td> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index d7e1c39..d9bc01b 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -71,6 +71,9 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_filter[$id]) { $pconfig['interface'] = $a_filter[$id]['interface']; + if (isset($a_filter[$id]['id'])) + $pconfig['ruleid'] = $a_filter[$id]['id']; + if (!isset($a_filter[$id]['type'])) $pconfig['type'] = "pass"; else @@ -116,7 +119,7 @@ if (isset($id) && $a_filter[$id]) { if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "") $pconfig['tag'] = $a_filter[$id]['tag']; - if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tag'] <> "") + if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "") $pconfig['tagged'] = $a_filter[$id]['tagged']; if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick']) $pconfig['quick'] = $a_filter[$id]['quick']; @@ -124,11 +127,12 @@ if (isset($id) && $a_filter[$id]) { $pconfig['allowopts'] = true; /* advanced */ - $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes']; - $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; - $pconfig['statetype'] = $a_filter[$id]['statetype']; + $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes']; + $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; + $pconfig['statetype'] = $a_filter[$id]['statetype']; $pconfig['statetimeout'] = $a_filter[$id]['statetimeout']; + /* advanced - nosync */ $pconfig['nosync'] = isset($a_filter[$id]['nosync']); /* advanced - new connection per second banning*/ @@ -336,6 +340,8 @@ if ($_POST) { else if ($dnpipe[0] == "?" && $pdnpipe[0] <> "?") $input_errors[] = "You cannot select one queue and one virtual interface for IN and Out. both must be from the same type."; } + if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid'])) + $input_errors[] = 'ID must be an integer'; if($_POST['l7container'] && $_POST['l7container'] != "none") { if(!($_POST['proto'] == "tcp" || $_POST['proto'] == "udp" || $_POST['proto'] == "tcp/udp")) $input_errors[] = "You can only select a layer7 container for tcp and/or udp protocols"; @@ -345,6 +351,7 @@ if ($_POST) { if (!$input_errors) { $filterent = array(); + $filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:''; $filterent['type'] = $_POST['type']; if (isset($_POST['interface'] )) $filterent['interface'] = $_POST['interface']; @@ -492,6 +499,12 @@ include("head.inc"); <td colspan="2" valign="top" class="listtopic">Edit Firewall rule</td> </tr> <tr> + <td width="22%" valign="top" class="vncell">ID</td> + <td width="78%" class="vtable"> + <input name="ruleid" value="<?=(isset($pconfig['ruleid'])&&$pconfig['ruleid']>0)?htmlspecialchars($pconfig['ruleid']):''?>"> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq">Action</td> <td width="78%" class="vtable"> <select name="type" class="formselect"> diff --git a/usr/local/www/firewall_schedule.php b/usr/local/www/firewall_schedule.php index 888a2b1..46bef20 100644 --- a/usr/local/www/firewall_schedule.php +++ b/usr/local/www/firewall_schedule.php @@ -88,7 +88,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <?php if ($savemsg) print_info_box($savemsg); ?> <form action="firewall_schedule.php" method="post"> - <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="25%" class="listhdrr">Name</td> <td width="35%" class="listhdrr">Time Range(s)</td> diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 5aed15a..ebb1e35 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -250,7 +250,7 @@ function verify_gzip_file($fname) { function print_info_box_np($msg, $name="apply",$value="Apply changes") { global $g; - if(stristr($msg, "apply") == true || stristr($msg, "save") || stristr($msg, "create")) { + if(stristr($msg, "apply") != false || stristr($msg, "save") != false || stristr($msg, "create") != false) { $savebutton = "<td class='infoboxsave'>"; $savebutton .= "<input name=\"{$name}\" type=\"submit\" class=\"formbtn\" id=\"${name}\" value=\"{$value}\">"; if($_POST['if']) @@ -910,85 +910,6 @@ function add_package_tabs($tabgroup, & $tab_array) { } } -/* - * update_output_window: update bottom textarea dynamically. - */ -function update_output_window($text) { - global $pkg_interface; - $log = ereg_replace("\n", "\\n", $text); - if($pkg_interface == "console") { - /* too chatty */ - } else { - echo "\n<script language=\"JavaScript\">this.document.forms[0].output.value = \"" . $log . "\";</script>"; - } - /* ensure that contents are written out */ - ob_flush(); -} - -/* - * update_output_window: update top textarea dynamically. - */ -function update_status($status) { - global $pkg_interface; - if($pkg_interface == "console") { - echo $status . "\n"; - } else { - echo "\n<script type=\"text/javascript\">this.document.forms[0].status.value=\"" . $status . "\";</script>"; - } - /* ensure that contents are written out */ - ob_flush(); -} - -/* - * update_progress_bar($percent): updates the javascript driven progress bar. - */ -function update_progress_bar($percent) { - global $pkg_interface; - if($percent > 100) $percent = 1; - if($pkg_interface <> "console") { - echo "\n<script type=\"text/javascript\" language=\"javascript\">"; - echo "\ndocument.progressbar.style.width='" . $percent . "%';"; - echo "\n</script>"; - } else { - echo " {$percent}%"; - } -} - -function read_header($ch, $string) { - global $file_size, $fout; - $length = strlen($string); - $regs = ""; - ereg("(Content-Length:) (.*)", $string, $regs); - if($regs[2] <> "") { - $file_size = intval($regs[2]); - } - ob_flush(); - return $length; -} - -function read_body($ch, $string) { - global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - if($lastseen <> $downloadProgress and $downloadProgress < 101) { - if($sendto == "status") { - $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); - } else { - $tooutput = $static_output . $downloadProgress . "%"; - update_output_window($tooutput); - } - update_progress_bar($downloadProgress); - $lastseen = $downloadProgress; - } - if($fout) - fwrite($fout, $string); - ob_flush(); - return $length; -} - function rule_popup($src,$srcport,$dst,$dstport){ global $config; $aliases_array = array(); @@ -1051,32 +972,4 @@ function rule_popup($src,$srcport,$dst,$dstport){ } } -function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') { - global $ch, $fout, $file_size, $downloaded; - $file_size = 1; - $downloaded = 1; - /* open destination file */ - $fout = fopen($destination_file, "wb"); - - /* - * Originally by Author: Keyvan Minoukadeh - * Modified by Scott Ullrich to return Content-Length size - */ - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); - curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); - curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); - - curl_exec($ch); - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if($fout) - fclose($fout); - curl_close($ch); - return ($http_code == 200) ? true : $http_code; -} - ?> diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 3b84802..e8cfc08 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -312,15 +312,17 @@ if(file_exists("/var/run/interface_mismatch_reboot_needed")) <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> <form action="interfaces_assign.php" method="post" name="iform" id="iform"> + <?php if (file_exists("/tmp/reload_interfaces")): ?><p> -<?php print_info_box_np("The interface configuration has been changed.<br>You must apply - the changes in order for them to take effect.");?><br> + <?php print_info_box_np("The interface configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> +<?php elseif; ?> + <?php if ($savemsg) print_info_box($savemsg); ?> <?php endif; ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php diff --git a/usr/local/www/interfaces_bridge_edit.php b/usr/local/www/interfaces_bridge_edit.php index c66ae5f..8eef909 100644 --- a/usr/local/www/interfaces_bridge_edit.php +++ b/usr/local/www/interfaces_bridge_edit.php @@ -251,6 +251,8 @@ function show_source_port_range() { <select name="members[]" multiple="true" class="formselect" size="3"> <?php foreach ($ifacelist as $ifn => $ifinfo) { + if (strstr(get_real_interface($ifn), "gif") != FALSE) + continue; /* gif(4) cannot be part of bridge since it does not know about layer2 */ echo "<option value=\"{$ifn}\""; if (stristr($pconfig['members'], $ifn)) echo "selected"; diff --git a/usr/local/www/javascript/row_helper.js b/usr/local/www/javascript/row_helper.js index 15d23f1..8193043 100755 --- a/usr/local/www/javascript/row_helper.js +++ b/usr/local/www/javascript/row_helper.js @@ -25,7 +25,7 @@ var addRowTo = (function() { for (i = 0; i < field_counter_js; i++) { td = d.createElement("td"); if(rowtype[i] == 'textbox') { - td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input size='" + rowsize[i] + "' class='formfld unknown' name='" + rowname[i] + totalrows + "'></input> "; + td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input size='" + rowsize[i] + "' class='formfld unknown' name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'></input> "; } else if(rowtype[i] == 'select') { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select size='1' name='" + rowname[i] + totalrows + "'><option value=\"32\" selected>32</option><option value=\"31\" >31</option><option value=\"30\" >30</option><option value=\"29\" >29</option><option value=\"28\" >28</option><option value=\"27\" >27</option><option value=\"26\" >26</option><option value=\"25\" >25</option><option value=\"24\" >24</option><option value=\"23\" >23</option><option value=\"22\" >22</option><option value=\"21\" >21</option><option value=\"20\" >20</option><option value=\"19\" >19</option><option value=\"18\" >18</option><option value=\"17\" >17</option><option value=\"16\" >16</option><option value=\"15\" >15</option><option value=\"14\" >14</option><option value=\"13\" >13</option><option value=\"12\" >12</option><option value=\"11\" >11</option><option value=\"10\" >10</option><option value=\"9\" >9</option><option value=\"8\" >8</option><option value=\"7\" >7</option><option value=\"6\" >6</option><option value=\"5\" >5</option><option value=\"4\" >4</option><option value=\"3\" >3</option><option value=\"2\" >2</option><option value=\"1\" >1</option></select> "; } else { diff --git a/usr/local/www/javascript/suggestions.js b/usr/local/www/javascript/suggestions.js index 1b30fff..682a352 100644 --- a/usr/local/www/javascript/suggestions.js +++ b/usr/local/www/javascript/suggestions.js @@ -22,7 +22,7 @@ StateSuggestions.prototype.requestSuggestions = function (oAutoSuggestControl /* //search for matching states for (var i=0; i < this.states.length; i++) { - if (this.states[i].indexOf(sTextboxValue) == 0) { + if (this.states[i].toLowerCase().indexOf(sTextboxValue.toLowerCase()) == 0) { aSuggestions.push(this.states[i]); } } @@ -30,4 +30,4 @@ StateSuggestions.prototype.requestSuggestions = function (oAutoSuggestControl /* //provide suggestions to the control oAutoSuggestControl.autosuggest(aSuggestions, bTypeAhead); -};
\ No newline at end of file +}; diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index 3542742..a1bfb5d 100755 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -38,7 +38,7 @@ require_once("globals.inc"); require_once("guiconfig.inc"); require_once("pkg-utils.inc"); -$pkg_info = get_pkg_info('all', array('name', 'category', 'website', 'version', 'status', 'descr', 'maintainer', 'required_version', 'maximum_version', 'pkginfolink')); +$pkg_info = get_pkg_info('all', array('noembedded', 'name', 'category', 'website', 'version', 'status', 'descr', 'maintainer', 'required_version', 'maximum_version', 'pkginfolink')); if($pkg_info) { $fout = fopen("{$g['tmp_path']}/pkg_info.cache", "w"); fwrite($fout, serialize($pkg_info)); diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 093c3a7..0c8983c 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -44,26 +44,16 @@ if (!is_array($config['captiveportal']['allowedip'])) $a_allowedips = &$config['captiveportal']['allowedip'] ; -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - - $retval = captiveportal_allowedip_configure(); - - $savemsg = get_std_save_message($retval); - if ($retval == 0) - clear_subsystem_dirty('allowedips'); - } -} - if ($_GET['act'] == "del") { if ($a_allowedips[$_GET['id']]) { + $ipent = $a_allowedips[$_GET['id']]; + if ($ipent['dir'] == "from") + mwexec("/sbin/ipfw table 1 delete " . $ipent['ip']); + else + mwexec("/sbin/ipfw table 2 delete " . $ipent['ip']); + unset($a_allowedips[$_GET['id']]); write_config(); - mark_subsystem_dirty('allowedips'); header("Location: services_captiveportal_ip.php"); exit; } @@ -76,9 +66,6 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <form action="services_captiveportal_ip.php" method="post"> <?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (is_subsystem_dirty('allowedips')): ?> -<?php print_info_box_np("The captive portal IP address configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> -<?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> <?php diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 0810077..1ae6f36 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -103,7 +103,12 @@ if ($_POST) { write_config(); - mark_subsystem_dirty('allowedips'); + if (isset($config['captiveportal']['enable'])) { + if ($ip['dir'] == "from") + mwexec("/sbin/ipfw table 1 add " . $ip['ip']); + else + mwexec("/sbin/ipfw table 2 add " . $ip['ip']); + } header("Location: services_captiveportal_ip.php"); exit; diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 418c75a..c31fa96 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -141,6 +141,7 @@ if (is_array($config['dhcpd'][$if])){ $pconfig['rootpath'] = $config['dhcpd'][$if]['rootpath']; $pconfig['failover_peerip'] = $config['dhcpd'][$if]['failover_peerip']; $pconfig['netmask'] = $config['dhcpd'][$if]['netmask']; + $pconfig['numberoptions'] = $config['dhcpd'][$if]['numberoptions']; if (!is_array($config['dhcpd'][$if]['staticmap'])) $config['dhcpd'][$if]['staticmap'] = array(); $a_maps = &$config['dhcpd'][$if]['staticmap']; @@ -295,6 +296,20 @@ if ($_POST) { $config['dhcpd'][$if]['filename'] = $_POST['filename']; $config['dhcpd'][$if]['rootpath'] = $_POST['rootpath']; + // Handle the custom options rowhelper + $numbervalue = array(); + unset($config['dhcpd'][$if]['numberoptions']['item']); + for($x=0; $x<isset($_POST["number{$x}"]); $x++) { + if(is_int(intval($_POST["number{$x}"]))) { + $numbervalue['number'] = htmlspecialchars($_POST["number{$x}"]); + $numbervalue['value'] = htmlspecialchars($_POST["value{$x}"]); + $config['dhcpd'][$if]['numberoptions']['item'][] = $numbervalue; + } + } + + // Reload the new pconfig variable that the forum uses. + $pconfig['numberoptions'] = $config['dhcpd'][$if]['numberoptions']; + write_config(); /* static arp configuration */ @@ -344,67 +359,83 @@ include("head.inc"); ?> -<script type="text/javascript" language="JavaScript"> +<script type="text/javascript" src="/javascript/row_helper.js"> +</script> -function enable_change(enable_over) { - var endis; - endis = !(document.iform.enable.checked || enable_over); - document.iform.range_from.disabled = endis; - document.iform.range_to.disabled = endis; - document.iform.wins1.disabled = endis; - document.iform.wins2.disabled = endis; - document.iform.dns1.disabled = endis; - document.iform.dns2.disabled = endis; - document.iform.deftime.disabled = endis; - document.iform.maxtime.disabled = endis; - document.iform.gateway.disabled = endis; - document.iform.failover_peerip.disabled = endis; - document.iform.domain.disabled = endis; - document.iform.domainsearchlist.disabled = endis; - document.iform.staticarp.disabled = endis; - document.iform.ddnsdomain.disabled = endis; - document.iform.ddnsupdate.disabled = endis; - document.iform.ntp1.disabled = endis; - document.iform.ntp2.disabled = endis; - document.iform.tftp.disabled = endis; - document.iform.ldap.disabled = endis; - document.iform.netboot.disabled = endis; - document.iform.nextserver.disabled = endis; - document.iform.filename.disabled = endis; - document.iform.rootpath.disabled = endis; - document.iform.denyunknown.disabled = endis; -} +<script type="text/javascript"> + rowname[0] = "number"; + rowtype[0] = "textbox"; + rowsize[0] = "10"; + rowname[1] = "value"; + rowtype[1] = "textbox"; + rowsize[1] = "55"; +</script> -function show_ddns_config() { - document.getElementById("showddnsbox").innerHTML=''; - aodiv = document.getElementById('showddns'); - aodiv.style.display = "block"; -} +<script type="text/javascript" language="JavaScript"> + function enable_change(enable_over) { + var endis; + endis = !(document.iform.enable.checked || enable_over); + document.iform.range_from.disabled = endis; + document.iform.range_to.disabled = endis; + document.iform.wins1.disabled = endis; + document.iform.wins2.disabled = endis; + document.iform.dns1.disabled = endis; + document.iform.dns2.disabled = endis; + document.iform.deftime.disabled = endis; + document.iform.maxtime.disabled = endis; + document.iform.gateway.disabled = endis; + document.iform.failover_peerip.disabled = endis; + document.iform.domain.disabled = endis; + document.iform.domainsearchlist.disabled = endis; + document.iform.staticarp.disabled = endis; + document.iform.ddnsdomain.disabled = endis; + document.iform.ddnsupdate.disabled = endis; + document.iform.ntp1.disabled = endis; + document.iform.ntp2.disabled = endis; + document.iform.tftp.disabled = endis; + document.iform.ldap.disabled = endis; + document.iform.netboot.disabled = endis; + document.iform.nextserver.disabled = endis; + document.iform.filename.disabled = endis; + document.iform.rootpath.disabled = endis; + document.iform.denyunknown.disabled = endis; + } -function show_ntp_config() { - document.getElementById("showntpbox").innerHTML=''; - aodiv = document.getElementById('showntp'); - aodiv.style.display = "block"; -} + function show_shownumbervalue() { + document.getElementById("shownumbervaluebox").innerHTML=''; + aodiv = document.getElementById('shownumbervalue'); + aodiv.style.display = "block"; + } -function show_tftp_config() { - document.getElementById("showtftpbox").innerHTML=''; - aodiv = document.getElementById('showtftp'); - aodiv.style.display = "block"; -} + function show_ddns_config() { + document.getElementById("showddnsbox").innerHTML=''; + aodiv = document.getElementById('showddns'); + aodiv.style.display = "block"; + } -function show_ldap_config() { - document.getElementById("showldapbox").innerHTML=''; - aodiv = document.getElementById('showldap'); - aodiv.style.display = "block"; -} + function show_ntp_config() { + document.getElementById("showntpbox").innerHTML=''; + aodiv = document.getElementById('showntp'); + aodiv.style.display = "block"; + } -function show_netboot_config() { - document.getElementById("shownetbootbox").innerHTML=''; - aodiv = document.getElementById('shownetboot'); - aodiv.style.display = "block"; -} + function show_tftp_config() { + document.getElementById("showtftpbox").innerHTML=''; + aodiv = document.getElementById('showtftp'); + aodiv.style.display = "block"; + } + function show_ldap_config() { + document.getElementById("showldapbox").innerHTML=''; + aodiv = document.getElementById('showldap'); + aodiv.style.display = "block"; + } + + function show_netboot_config() { + document.getElementById("shownetbootbox").innerHTML=''; + aodiv = document.getElementById('shownetboot'); + aodiv.style.display = "block"; + } </script> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -459,7 +490,7 @@ function show_netboot_config() { <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> - <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)"> + <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)"> <strong>Enable DHCP server on <?=htmlspecialchars($iflist[$if]);?> interface</strong></td> @@ -467,7 +498,7 @@ function show_netboot_config() { <tr> <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> - <input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked"; ?>> + <input name="denyunknown" id="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked"; ?>> <strong>Deny unknown clients</strong><br> If this is checked, only the clients defined below will get DHCP leases from this server. </td> </tr> @@ -516,43 +547,43 @@ function show_netboot_config() { <td width="78%" class="vtable"> <input name="range_from" type="text" class="formfld unknown" id="range_from" size="20" value="<?=htmlspecialchars($pconfig['range_from']);?>"> to <input name="range_to" type="text" class="formfld unknown" id="range_to" size="20" value="<?=htmlspecialchars($pconfig['range_to']);?>"> - </td> + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">WINS servers</td> <td width="78%" class="vtable"> <input name="wins1" type="text" class="formfld unknown" id="wins1" size="20" value="<?=htmlspecialchars($pconfig['wins1']);?>"><br> <input name="wins2" type="text" class="formfld unknown" id="wins2" size="20" value="<?=htmlspecialchars($pconfig['wins2']);?>"> - </td> + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">DNS servers</td> <td width="78%" class="vtable"> <input name="dns1" type="text" class="formfld unknown" id="dns1" size="20" value="<?=htmlspecialchars($pconfig['dns1']);?>"><br> <input name="dns2" type="text" class="formfld unknown" id="dns2" size="20" value="<?=htmlspecialchars($pconfig['dns2']);?>"><br> - NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page. - </td> + NOTE: leave blank to use the system default DNS servers - this interface's IP if DNS forwarder is enabled, otherwise the servers configured on the General page. + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Gateway</td> <td width="78%" class="vtable"> <input name="gateway" type="text" class="formfld host" id="gateway" size="20" value="<?=htmlspecialchars($pconfig['gateway']);?>"><br> - The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. - </td> + The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Domain-Name</td> <td width="78%" class="vtable"> <input name="domain" type="text" class="formfld unknown" id="domain" size="20" value="<?=htmlspecialchars($pconfig['domain']);?>"><br> - The default is to use the domainname of the router as DNS-Search string that is served via DHCP. Specify an alternate DNS-Search string here. - </td> + The default is to use the domainname of the router as DNS-Search string that is served via DHCP. Specify an alternate DNS-Search string here. + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Domain-Searchlist</td> <td width="78%" class="vtable"> <input name="domainsearchlist" type="text" class="formfld unknown" id="domainsearchlist" size="20" value="<?=htmlspecialchars($pconfig['domainsearchlist']);?>"><br> - DNS-Searchlist: the DHCP server can serve a list of domains to be searched. - </td> + DNS-Searchlist: the DHCP server can serve a list of domains to be searched. + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Default lease time</td> @@ -562,7 +593,7 @@ function show_netboot_config() { This is used for clients that do not ask for a specific expiration time.<br> The default is 7200 seconds. - </td> + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Maximum lease time</td> @@ -572,7 +603,7 @@ function show_netboot_config() { This is the maximum lease time for clients that ask for a specific expiration time.<br> The default is 86400 seconds. - </td> + </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Failover peer IP:</td> @@ -580,49 +611,53 @@ function show_netboot_config() { <input name="failover_peerip" type="text" class="formfld host" id="failover_peerip" size="20" value="<?=htmlspecialchars($pconfig['failover_peerip']);?>"><br> Leave blank to disable. Enter the REAL address of the other machine. Machines must be using CARP. </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + Static ARP + </td> + <td width="78%" class="vtable"> + <table> + <tr> + <td> + <input valign="middle" type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if($pconfig['staticarp']) echo " checked"; ?>> + </td> + <td> + <b>Enable Static ARP entries</b> + </td> + </tr> + <tr> + <td> + + </td> + <td> + <span class="red"><strong>Note:</strong></span> Only the machines listed below will be able to communicate with the firewall on this NIC. + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + Dynamic DNS + </td> + <td width="78%" class="vtable"> + <div id="showddnsbox"> + <input type="button" onClick="show_ddns_config()" value="Advanced"></input> - Show Dynamic DNS</a> + </div> + <div id="showddns" style="display:none"> + <input valign="middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if($pconfig['ddnsupdate']) echo " checked"; ?>> + <b>Enable registration of DHCP client names in DNS.</b><br /> + <p> + <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>"><br /> + Note: Leave blank to disable dynamic DNS registration.<br /> + Enter the dynamic DNS domain which will be used to register client names in the DNS server. + </div> + </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell">Static ARP</td> - <td width="78%" class="vtable"> - <table> - <tr> - <td> - <input valign="middle" type="checkbox" value="yes" name="staticarp" id="staticarp" <?php if($pconfig['staticarp']) echo " checked"; ?>> - </td> - <td> - <b>Enable Static ARP entries</b> - </td> - </tr> - <tr> - <td> - - </td> - <td> - <span class="red"><strong>Note:</strong></span> Only the machines listed below will be able to communicate with the firewall on this NIC. - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Dynamic DNS</td> - <td width="78%" class="vtable"> - <div id="showddnsbox"> - <input type="button" onClick="show_ddns_config()" value="Advanced"></input> - Show Dynamic DNS</a> - </div> - <div id="showddns" style="display:none"> - <input valign="middle" type="checkbox" value="yes" name="ddnsupdate" id="ddnsupdate" <?php if($pconfig['ddnsupdate']) echo " checked"; ?>> - <b>Enable registration of DHCP client names in DNS.</b><br /> - <p> - <input name="ddnsdomain" type="text" class="formfld unknown" id="ddnsdomain" size="20" value="<?=htmlspecialchars($pconfig['ddnsdomain']);?>"><br /> - Note: Leave blank to disable dynamic DNS registration.<br /> - Enter the dynamic DNS domain which will be used to register client names in the DNS server. - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">NTP servers</td> - <td width="78%" class="vtable"> + <tr> + <td width="22%" valign="top" class="vncell">NTP servers</td> + <td width="78%" class="vtable"> <div id="showntpbox"> <input type="button" onClick="show_ntp_config()" value="Advanced"></input> - Show NTP configuration</a> </div> @@ -631,10 +666,12 @@ function show_netboot_config() { <input name="ntp2" type="text" class="formfld unknown" id="ntp2" size="20" value="<?=htmlspecialchars($pconfig['ntp2']);?>"> </div> </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">TFTP server</td> - <td width="78%" class="vtable"> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"> + TFTP server + </td> + <td width="78%" class="vtable"> <div id="showtftpbox"> <input type="button" onClick="show_tftp_config()" value="Advanced"></input> - Show TFTP configuration</a> </div> @@ -643,76 +680,139 @@ function show_netboot_config() { Leave blank to disable. Enter a full hostname or IP for the TFTP server. </div> </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP URI</td> - <td width="78%" class="vtable"> - <div id="showldapbox"> - <input type="button" onClick="show_ldap_config()" value="Advanced"></input> - Show LDAP configuration</a> - </div> - <div id="showldap" style="display:none"> - <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>"><br> - Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com - </div> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">LDAP URI</td> + <td width="78%" class="vtable"> + <div id="showldapbox"> + <input type="button" onClick="show_ldap_config()" value="Advanced"></input> - Show LDAP configuration</a> + </div> + <div id="showldap" style="display:none"> + <input name="ldap" type="text" class="formfld unknown" id="ldap" size="80" value="<?=htmlspecialchars($pconfig['ldap']);?>"><br> + Leave blank to disable. Enter a full URI for the LDAP server in the form ldap://ldap.example.com/dc=example,dc=com + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Enable Network booting</td> + <td width="78%" class="vtable"> + <div id="shownetbootbox"> + <input type="button" onClick="show_netboot_config()" value="Advanced"></input> - Show Network booting</a> + </div> + <div id="shownetboot" style="display:none"> + <input valign="middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if($pconfig['netboot']) echo " checked"; ?>> + <b>Enables network booting.</b> + <p> + Enter the IP of the <b>next-server</b> + <input name="nextserver" type="text" class="formfld unknown" id="nextserver" size="20" value="<?=htmlspecialchars($pconfig['nextserver']);?>"> + and the filename + <input name="filename" type="text" class="formfld unknown" id="filename" size="20" value="<?=htmlspecialchars($pconfig['filename']);?>"><br> + Note: You need both a filename and a boot server configured for this to work! + <p> + Enter the <b>root-path</b>-string + <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>"><br> + Note: string-format: iscsi:(servername):(protocol):(port):(LUN):targetname + </div> </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Enable Network booting</td> - <td width="78%" class="vtable"> - <div id="shownetbootbox"> - <input type="button" onClick="show_netboot_config()" value="Advanced"></input> - Show Network booting</a> + </tr> + <tr> + + + <td width="22%" valign="top" class="vncell"> + Additional BOOTP/DHCP Options + </td> + <td width="78%" class="vtable"> + <div id="shownumbervaluebox"> + <input type="button" onClick="show_shownumbervalue()" value="Advanced"></input> - Show Additional BOOTP/DHCP Options</a> + </div> + <div id="shownumbervalue" style="display:none"> + <table id="maintable"> + <tbody> + <tr> + <td colspan="3"> + <div style="padding:5px; margin-top: 16px; margin-bottom: 16px; border:1px dashed #000066; background-color: #ffffff; color: #000000; font-size: 8pt;" id="itemhelp"> + Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information. For a list of available options please visit this <a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_new">URL</a>. + </div> + </td> + </tr> + <tr> + <td><div id="onecolumn">Number</div></td> + <td><div id="twocolumn">Value</div></td> + </tr> + <?php $counter = 0; ?> + <?php + if($pconfig['numberoptions']) + foreach($pconfig['numberoptions']['item'] as $item): + ?> + <?php + $number = $item['number']; + $value = $item['value']; + ?> + <tr> + <td> + <input autocomplete="off" name="number<?php echo $counter; ?>" type="text" class="formfld" id="number<?php echo $counter; ?>" size="10" value="<?=htmlspecialchars($number);?>" /> + </td> + <td> + <input autocomplete="off" name="value<?php echo $counter; ?>" type="text" class="formfld" id="value<?php echo $counter; ?>" size="55" value="<?=htmlspecialchars($value);?>" /> + </td> + <td> + <input type="image" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" onclick="removeRow(this); return false;" value="Delete" /> + </td> + </tr> + <?php $counter++; ?> + <?php endforeach; ?> + </tbody> + <tfoot> + </tfoot> + </table> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> + <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="add another entry" /> + </a> + <script type="text/javascript"> + field_counter_js = 2; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + </script> </div> - <div id="shownetboot" style="display:none"> - <input valign="middle" type="checkbox" value="yes" name="netboot" id="netboot" <?php if($pconfig['netboot']) echo " checked"; ?>> - <b>Enables network booting.</b> - <p> - Enter the IP of the <b>next-server</b> - <input name="nextserver" type="text" class="formfld unknown" id="nextserver" size="20" value="<?=htmlspecialchars($pconfig['nextserver']);?>"> - and the filename - <input name="filename" type="text" class="formfld unknown" id="filename" size="20" value="<?=htmlspecialchars($pconfig['filename']);?>"><br> - Note: You need both a filename and a boot server configured for this to work! - <p> - Enter the <b>root-path</b>-string - <input name="rootpath" type="text" class="formfld unknown" id="rootpath" size="90" value="<?=htmlspecialchars($pconfig['rootpath']);?>"><br> - Note: string-format: iscsi:(servername):(protocol):(port):(LUN):targetname - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="if" type="hidden" value="<?=$if;?>"> - <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> <p><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span>The DNS servers entered in <a href="system.php">System: - General setup</a> (or the <a href="services_dnsmasq.php">DNS - forwarder</a>, if enabled) </span><span class="vexpl">will - be assigned to clients by the DHCP server.<br> - <br> - The DHCP lease table can be viewed on the <a href="diag_dhcp_leases.php">Status: - DHCP leases</a> page.<br> - </span></p> - </td> - </tr> - </table> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="25%" class="listhdrr">MAC address</td> - <td width="15%" class="listhdrr">IP address</td> - <td width="20%" class="listhdrr">Hostname</td> - <td width="30%" class="listhdr">Description</td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> + + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="if" type="hidden" value="<?=$if;?>"> + <input name="Submit" type="submit" class="formbtn" value="Save" onclick="enable_change(true)"> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> <p><span class="vexpl"><span class="red"><strong>Note:<br> + </strong></span>The DNS servers entered in <a href="system.php">System: + General setup</a> (or the <a href="services_dnsmasq.php">DNS + forwarder</a>, if enabled) </span><span class="vexpl">will + be assigned to clients by the DHCP server.<br> + <br> + The DHCP lease table can be viewed on the <a href="diag_dhcp_leases.php">Status: + DHCP leases</a> page.<br> + </span></p> + </td> + </tr> + </table> + <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">MAC address</td> + <td width="15%" class="listhdrr">IP address</td> + <td width="20%" class="listhdrr">Hostname</td> + <td width="30%" class="listhdr">Description</td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> + <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + </tr> + </table> + </td> </tr> <?php if(is_array($a_maps)): ?> <?php $i = 0; foreach ($a_maps as $mapent): ?> diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php index 55d433f..1f93e2a 100755 --- a/usr/local/www/services_dnsmasq.php +++ b/usr/local/www/services_dnsmasq.php @@ -166,7 +166,7 @@ function enable_change(enable_over) { </tr> </table> <br> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="20%" class="listhdrr">Host</td> <td width="25%" class="listhdrr">Domain</td> diff --git a/usr/local/www/services_igmpproxy.php b/usr/local/www/services_igmpproxy.php index c69e0a8..7307b15 100755 --- a/usr/local/www/services_igmpproxy.php +++ b/usr/local/www/services_igmpproxy.php @@ -86,7 +86,7 @@ include("head.inc"); <?php print_info_box_np("The IGMP entry list has been changed.<br>You must apply the changes in order for them to take effect.");?> <?php endif; ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="15%" class="listhdrr">Name</td> <td width="10%" class="listhdrr">Type</td> diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 9e17d4b..ab0e20d 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -71,7 +71,7 @@ $concurrent = count($cpcontents); foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); if ($_GET['showact']) - $cpent[5] = captiveportal_get_last_activity($cpent[1]); + $cpent[5] = captiveportal_get_last_activity($cpent[2]); $cpdb[] = $cpent; } if ($_GET['order']) { @@ -106,7 +106,7 @@ if ($_GET['order']) { <td class="tabcont"> <? endif; ?> -<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> +<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="listhdrr"><a href="?order=ip&showact=<?=$_GET['showact'];?>"><?=gettext("IP address");?></a></td> <td class="listhdrr"><a href="?order=mac&showact=<?=$_GET['showact'];?>"><?=gettext("MAC address");?></a></td> diff --git a/usr/local/www/status_gateways.php b/usr/local/www/status_gateways.php index 048c901..e8b0702 100755 --- a/usr/local/www/status_gateways.php +++ b/usr/local/www/status_gateways.php @@ -66,7 +66,7 @@ include("head.inc"); <tr> <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="10%" class="listhdrr">Name</td> <td width="10%" class="listhdrr">Gateway</td> diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php index b8c0b86..b8cae6f 100644 --- a/usr/local/www/status_openvpn.php +++ b/usr/local/www/status_openvpn.php @@ -110,48 +110,54 @@ echo $buff; ?> <?php foreach ($servers as $server): ?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td colspan="6" class="listtopic"> Client connections for <?=$server['name'];?> </td> </tr> <tr> - <td class="listhdrr">Common Name</td> - <td class="listhdrr">Real Address</td> - <td class="listhdrr">Virtual Address</td> - <td class="listhdrr">Connected Since</td> - <td class="listhdrr">Bytes Sent</td> - <td class="listhdrr">Bytes Received</td> - </tr> - - <?php foreach ($server['conns'] as $conn): ?> - <tr> - <td class="listlr"> - <?=$conn['common_name'];?> - </td> - <td class="listr"> - <?=$conn['remote_host'];?> - </td> - <td class="listr"> - <?=$conn['virtual_addr'];?> - </td> - <td class="listr"> - <?=$conn['connect_time'];?> + <td> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Common Name</td> + <td class="listhdrr">Real Address</td> + <td class="listhdrr">Virtual Address</td> + <td class="listhdrr">Connected Since</td> + <td class="listhdrr">Bytes Sent</td> + <td class="listhdrr">Bytes Received</td> + </tr> + + <?php foreach ($server['conns'] as $conn): ?> + <tr> + <td class="listlr"> + <?=$conn['common_name'];?> + </td> + <td class="listr"> + <?=$conn['remote_host'];?> + </td> + <td class="listr"> + <?=$conn['virtual_addr'];?> + </td> + <td class="listr"> + <?=$conn['connect_time'];?> + </td> + <td class="listr"> + <?=$conn['bytes_sent'];?> + </td> + <td class="listr"> + <?=$conn['bytes_recv'];?> + </td> + </tr> + + <?php endforeach; ?> + <tr> + <td colspan="6" class="list" height="12"></td> + </tr> + + </table> </td> - <td class="listr"> - <?=$conn['bytes_sent'];?> - </td> - <td class="listr"> - <?=$conn['bytes_recv'];?> - </td> - </tr> - - <?php endforeach; ?> - <tr> - <td colspan="6" class="list" height="12"></td> </tr> - </table> <?php endforeach; ?> diff --git a/usr/local/www/status_queues.php b/usr/local/www/status_queues.php index ac2f78b..d18ae08 100755 --- a/usr/local/www/status_queues.php +++ b/usr/local/www/status_queues.php @@ -169,7 +169,7 @@ if(!is_array($config['shaper']['queue']) && count($config['shaper']['queue']) < <p> <strong><span class="red">Note:</span></strong><strong><br></strong> Queue graphs take 5 seconds to sample data.<br> - You can configure the Traffic Shaper <a href="firewall_shaper.php?reset=true">here</a>. + You can configure the Traffic Shaper <a href="/firewall_shaper_wizards.php">here</a>. </p> </form> <?php include("fend.inc"); ?> diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index daaf627..1a13f4e 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -212,7 +212,7 @@ include("fbegin.inc"); <p> <div id="boxarea"> -<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> +<table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td> <table width="100%" border="0" cellpadding="6" cellspacing="0"> diff --git a/usr/local/www/status_slbd_pool.php b/usr/local/www/status_slbd_pool.php index fb9d615..93332b8 100755 --- a/usr/local/www/status_slbd_pool.php +++ b/usr/local/www/status_slbd_pool.php @@ -57,6 +57,7 @@ include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<script src="/javascript/sorttable.js"></script> <?php include("fbegin.inc"); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabnavtbl"> @@ -71,10 +72,10 @@ include("head.inc"); <tr> <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont sortable" name="sortabletable" id="sortabletable"> <tr> <td width="10%" class="listhdrr">Name</td> - <td width="10%" class="listhdrr">Type</td> + <td width="10%" class="listhdrr">Type</td> <td width="10%" class="listhdrr">Gateways</td> <td width="30%" class="listhdrr">Status</td> <td width="30%" class="listhdr">Description</td> diff --git a/usr/local/www/status_slbd_vs.php b/usr/local/www/status_slbd_vs.php index e888860..b8f78cc 100755 --- a/usr/local/www/status_slbd_vs.php +++ b/usr/local/www/status_slbd_vs.php @@ -124,10 +124,10 @@ include("head.inc"); <tr> <td> <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="10%" class="listhdrr">Name</td> - <td width="10%" class="listhdrr">Port</td> + <td width="10%" class="listhdrr">Port</td> <td width="10%" class="listhdrr">Servers</td> <td width="30%" class="listhdrr">Status</td> <td width="30%" class="listhdr">Description</td> diff --git a/usr/local/www/status_upnp.php b/usr/local/www/status_upnp.php index cbf848f..d2be0c2 100644 --- a/usr/local/www/status_upnp.php +++ b/usr/local/www/status_upnp.php @@ -71,14 +71,14 @@ if(!$config['installedpackages']['miniupnpd']['config'][0]['iface_array'] || <tr> <td class="tabcont" > <form action="status_upnp.php" method="post"> - <b><input type="submit" name="clear" id="clear" value="Clear" /></b> + <input type="submit" name="clear" id="clear" value="Clear" /> all currently connected sessions. </form> </td> </tr> <tr> <td class="tabcont" > - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> + <table width="100%" border="0" cellpadding="0" cellspacing="0" class="tabcont"> + <tr> <td width="10%" class="listhdrr"><?=gettext("Port")?></td> <td width="10%" class="listhdrr"><?=gettext("Protocol")?></td> <td width="20%" class="listhdrr"><?=gettext("Internal IP")?></td> diff --git a/usr/local/www/system_advanced_misc.php b/usr/local/www/system_advanced_misc.php index 132cc01..6fbfd4f 100644 --- a/usr/local/www/system_advanced_misc.php +++ b/usr/local/www/system_advanced_misc.php @@ -48,6 +48,7 @@ $pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']); $pconfig['preferoldsa_enable'] = isset($config['ipsec']['preferoldsa']); $pconfig['powerd_enable'] = isset($config['system']['powerd_enable']); $pconfig['glxsb_enable'] = isset($config['system']['glxsb_enable']); +$pconfig['schedule_states'] = isset($config['system']['schedule_states']); if ($_POST) { @@ -70,9 +71,25 @@ if ($_POST) { else unset($config['system']['lb_use_sticky']); - $config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false; - $config['system']['powerd_enable'] = $_POST['powerd_enable'] ? true : false; - $config['system']['glxsb_enable'] = $_POST['glxsb_enable'] ? true : false; + if($_POST['preferoldsa_enable'] == "yes") + $config['system']['preferoldsa'] = true; + else + unset($config['system']['preferoldsa']); + + if($_POST['powerd_enable'] == "yes") + $config['system']['powerd_enable'] = true; + else + unset($config['system']['powerd_enable']); + + if($_POST['glxsb_enable'] == "yes") + $config['system']['glxsb_enable'] = true; + else + unset($config['system']['glxsb_enable']); + + if($_POST['schedule_states'] == "yes") + $config['system']['schedule_states'] = true; + else + unset($config['system']['schedule_states']); write_config(); @@ -210,6 +227,21 @@ include("head.inc"); option to always prefer old SAs over new ones. </td> </tr> + <tr> + <td colspan="2" class="list" height="12"> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Schedules</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Schedule States</td> + <td width="78%" class="vtable"> + <input name="schedule_states" type="checkbox" id="schedule_states" value="yes" <?php if ($pconfig['schedule_states']) echo "checked"; ?> /> + <br /> + By default schedules clear the states of existing connections when expiry time has come. + This option allows to override this setting by not clearing states for existing connections. + </td> + </tr> <tr> <td colspan="2" class="list" height="12"> </td> </tr> diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php index b4ad6e9..7eeb2f6 100755 --- a/usr/local/www/system_firmware_auto.php +++ b/usr/local/www/system_firmware_auto.php @@ -130,23 +130,31 @@ if($current_installed_pfsense_version <> $latest_version) if($needs_system_upgrade == true) { update_status("Downloading updates ..."); - $status = download_file_with_progress_bar("{$updater_url}/latest.tgz", "/tmp/latest.tgz", "read_body_firmware"); - $status = download_file_with_progress_bar("{$updater_url}/latest.tgz.sha256", "/tmp/latest.tgz.sha256"); + conf_mount_rw(); + $status = download_file_with_progress_bar("{$updater_url}/latest.tgz", "{$g['upload_path']}/latest.tgz", "read_body_firmware"); + $status = download_file_with_progress_bar("{$updater_url}/latest.tgz.sha256", "{$g['upload_path']}/latest.tgz.sha256"); + conf_mount_ro(); update_output_window("{$g['product_name']} download complete."); } /* launch external upgrade helper */ -$external_upgrade_helper_text = "/etc/rc.firmware pfSenseupgrade "; +$external_upgrade_helper_text = "/etc/rc.firmware "; + +if($g['platform'] == "nanobsd") + $external_upgrade_helper_text .= "pfSenseNanoBSDupgrade "; +else + $external_upgrade_helper_text .= "pfSenseupgrade "; + if($needs_system_upgrade == true) - $external_upgrade_helper_text .= "/tmp/latest.tgz"; + $external_upgrade_helper_text .= "{$g['upload_path']}/latest.tgz"; -$downloaded_latest_tgz_sha256 = str_replace("\n", "", `sha256 /tmp/latest.tgz | awk '{ print $4 }'`); -$upgrade_latest_tgz_sha256 = str_replace("\n", "", `cat /tmp/latest.tgz.sha256 | awk '{ print $4 }'`); +$downloaded_latest_tgz_sha256 = str_replace("\n", "", `sha256 -q {$g['upload_path']}/latest.tgz`); +$upgrade_latest_tgz_sha256 = str_replace("\n", "", `cat {$g['upload_path']}/latest.tgz.sha256 | awk '{ print $4 }'`); $sigchk = 0; if(!isset($curcfg['alturl']['enable'])) - $sigchk = verify_digital_signature("/tmp/latest.tgz"); + $sigchk = verify_digital_signature("{$g['upload_path']}/latest.tgz"); if ($sigchk == 1) $sig_warning = "The digital signature on this image is invalid."; @@ -155,10 +163,14 @@ else if ($sigchk == 2) else if (($sigchk == 3) || ($sigchk == 4)) $sig_warning = "There has been an error verifying the signature on this image."; -if (!verify_gzip_file("/tmp/latest.tgz")) { +if (!verify_gzip_file("{$g['upload_path']}/latest.tgz")) { update_status("The image file is corrupt."); update_output_window("Update cannot continue"); - unlink("{$g['upload_path']}/latest.tgz"); + if (file_exists("{$g['upload_path']}/latest.tgz")) { + conf_mount_rw(); + unlink("{$g['upload_path']}/latest.tgz"); + conf_mount_ro(); + } require("fend.inc"); exit; } @@ -166,7 +178,11 @@ if (!verify_gzip_file("/tmp/latest.tgz")) { if ($sigchk) { update_status($sig_warning); update_output_window("Update cannot continue"); - unlink("{$g['upload_path']}/latest.tgz"); + if (file_exists("{$g['upload_path']}/latest.tgz")) { + conf_mount_rw(); + unlink("{$g['upload_path']}/latest.tgz"); + conf_mount_ro(); + } require("fend.inc"); exit; } diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 6f0711f..66ac916 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -137,7 +137,7 @@ if ($_POST) { $gateway['descr'] = $_POST['descr']; $gateway['monitor'] = $_POST['monitor']; - if ($_POST['defaultgw'] == "yes") { + if ($_POST['defaultgw'] == "yes" or $_POST['defaultgw'] == "on") { $i = 0; foreach($a_gateways as $gw) { unset($config['gateways'][$i]['defaultgw']); diff --git a/usr/local/www/themes/metallic/all.css b/usr/local/www/themes/metallic/all.css index e9e610d..06f5b4d 100644 --- a/usr/local/www/themes/metallic/all.css +++ b/usr/local/www/themes/metallic/all.css @@ -1211,8 +1211,10 @@ div#log span.log-protocol-mini-header { /* Sortable tables */ table.sortable thead { - background-color:#eee; - color:#666666; - font-weight: bold; cursor: default; + background-color: #EEEEEE; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; } diff --git a/usr/local/www/themes/metallic/images/icons/icon_advanced.gif b/usr/local/www/themes/metallic/images/icons/icon_advanced.gif Binary files differnew file mode 100644 index 0000000..3ede1ff --- /dev/null +++ b/usr/local/www/themes/metallic/images/icons/icon_advanced.gif diff --git a/usr/local/www/themes/metallic/images/icons/icon_advanced_s.gif b/usr/local/www/themes/metallic/images/icons/icon_advanced_s.gif Binary files differnew file mode 100644 index 0000000..b233549 --- /dev/null +++ b/usr/local/www/themes/metallic/images/icons/icon_advanced_s.gif diff --git a/usr/local/www/themes/nervecenter/all.css b/usr/local/www/themes/nervecenter/all.css index c4568a8..3babfed 100644 --- a/usr/local/www/themes/nervecenter/all.css +++ b/usr/local/www/themes/nervecenter/all.css @@ -1243,8 +1243,10 @@ div#log span.log-protocol-mini-header { /* Sortable tables */ table.sortable thead { - background-color:#eee; - color:#666666; - font-weight: bold; cursor: default; + background-color: #EEEEEE; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; } diff --git a/usr/local/www/themes/nervecenter/images/icons/icon_advanced.gif b/usr/local/www/themes/nervecenter/images/icons/icon_advanced.gif Binary files differnew file mode 100644 index 0000000..3ede1ff --- /dev/null +++ b/usr/local/www/themes/nervecenter/images/icons/icon_advanced.gif diff --git a/usr/local/www/themes/nervecenter/images/icons/icon_advanced_s.gif b/usr/local/www/themes/nervecenter/images/icons/icon_advanced_s.gif Binary files differnew file mode 100644 index 0000000..b233549 --- /dev/null +++ b/usr/local/www/themes/nervecenter/images/icons/icon_advanced_s.gif diff --git a/usr/local/www/themes/pfsense-dropdown/all.css b/usr/local/www/themes/pfsense-dropdown/all.css index 6868ef5..1891f07 100644 --- a/usr/local/www/themes/pfsense-dropdown/all.css +++ b/usr/local/www/themes/pfsense-dropdown/all.css @@ -953,10 +953,12 @@ div#log span.log-protocol-mini-header { /* Sortable tables */ table.sortable thead { - background-color:#eee; - color:#666666; - font-weight: bold; cursor: default; + background-color: #EEEEEE; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; } #graph { diff --git a/usr/local/www/themes/pfsense-dropdown/images/icons/icon_advanced.gif b/usr/local/www/themes/pfsense-dropdown/images/icons/icon_advanced.gif Binary files differnew file mode 100644 index 0000000..3ede1ff --- /dev/null +++ b/usr/local/www/themes/pfsense-dropdown/images/icons/icon_advanced.gif diff --git a/usr/local/www/themes/pfsense-dropdown/images/icons/icon_advanced_s.gif b/usr/local/www/themes/pfsense-dropdown/images/icons/icon_advanced_s.gif Binary files differnew file mode 100644 index 0000000..b233549 --- /dev/null +++ b/usr/local/www/themes/pfsense-dropdown/images/icons/icon_advanced_s.gif diff --git a/usr/local/www/themes/pfsense/all.css b/usr/local/www/themes/pfsense/all.css index aaa299f..e1b2200 100644 --- a/usr/local/www/themes/pfsense/all.css +++ b/usr/local/www/themes/pfsense/all.css @@ -961,10 +961,12 @@ div#log span.log-protocol-mini-header { /* Sortable tables */ table.sortable thead { - background-color:#eee; - color:#666666; - font-weight: bold; cursor: default; + background-color: #EEEEEE; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; } #graph { diff --git a/usr/local/www/themes/pfsense/images/icons/icon_advanced.gif b/usr/local/www/themes/pfsense/images/icons/icon_advanced.gif Binary files differnew file mode 100644 index 0000000..3ede1ff --- /dev/null +++ b/usr/local/www/themes/pfsense/images/icons/icon_advanced.gif diff --git a/usr/local/www/themes/pfsense/images/icons/icon_advanced_s.gif b/usr/local/www/themes/pfsense/images/icons/icon_advanced_s.gif Binary files differnew file mode 100644 index 0000000..b233549 --- /dev/null +++ b/usr/local/www/themes/pfsense/images/icons/icon_advanced_s.gif diff --git a/usr/local/www/themes/pfsense_ng/all.css b/usr/local/www/themes/pfsense_ng/all.css index deb3f38..78ca6aa 100644 --- a/usr/local/www/themes/pfsense_ng/all.css +++ b/usr/local/www/themes/pfsense_ng/all.css @@ -1340,8 +1340,10 @@ div#log span.log-protocol-mini-header { /* Sortable tables */ table.sortable thead { - background-color:#eee; - color:#666666; - font-weight: bold; cursor: default; + background-color: #EEEEEE; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; } diff --git a/usr/local/www/themes/pfsense_ng/images/icons/icon_advanced.gif b/usr/local/www/themes/pfsense_ng/images/icons/icon_advanced.gif Binary files differnew file mode 100644 index 0000000..3ede1ff --- /dev/null +++ b/usr/local/www/themes/pfsense_ng/images/icons/icon_advanced.gif diff --git a/usr/local/www/themes/pfsense_ng/images/icons/icon_advanced_s.gif b/usr/local/www/themes/pfsense_ng/images/icons/icon_advanced_s.gif Binary files differnew file mode 100644 index 0000000..b233549 --- /dev/null +++ b/usr/local/www/themes/pfsense_ng/images/icons/icon_advanced_s.gif diff --git a/usr/local/www/themes/pfsense_ng/images/icons/icon_chain.png b/usr/local/www/themes/pfsense_ng/images/icons/icon_chain.png Binary files differnew file mode 100644 index 0000000..cd9a7cc --- /dev/null +++ b/usr/local/www/themes/pfsense_ng/images/icons/icon_chain.png diff --git a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php index d479fea..9360d0c 100644 --- a/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php +++ b/usr/local/www/themes/pfsense_ng/rrdcolors.inc.php @@ -1,5 +1,5 @@ <?php -/* $Id: rrdcolors.inc.php,v 1.1.2.4 2008/03/26 17:05:44 smos Exp $ */ +/* $Id$ */ /* rrdcolors.inc.php Part of pfSense @@ -30,10 +30,10 @@ /* This file is included by the RRD graphing page and sets the colors */ -$colortrafficup = "666666"; -$colortrafficdown = "990000"; -$colorpacketsup = "666666"; -$colorpacketsdown = "990000"; +$colortrafficup = array("666666", "CCCCCC"); +$colortrafficdown = array("990000", "CC0000"); +$colorpacketsup = array("666666", "CCCCCC"); +$colorpacketsdown = array("990000", "CC0000"); $colorstates = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colorprocessor = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); $colormemory = array('990000','a83c3c','b36666','bd9090','cccccc','000000'); diff --git a/usr/local/www/themes/the_wall/all.css b/usr/local/www/themes/the_wall/all.css index 039285b..0fe39e2 100644 --- a/usr/local/www/themes/the_wall/all.css +++ b/usr/local/www/themes/the_wall/all.css @@ -1251,8 +1251,10 @@ div#log span.log-protocol-mini-header { /* Sortable tables */ table.sortable thead { - background-color:#eee; - color:#666666; - font-weight: bold; cursor: default; + background-color: #EEEEEE; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; } diff --git a/usr/local/www/themes/the_wall/images/icons/icon_advanced.gif b/usr/local/www/themes/the_wall/images/icons/icon_advanced.gif Binary files differnew file mode 100644 index 0000000..3ede1ff --- /dev/null +++ b/usr/local/www/themes/the_wall/images/icons/icon_advanced.gif diff --git a/usr/local/www/themes/the_wall/images/icons/icon_advanced_s.gif b/usr/local/www/themes/the_wall/images/icons/icon_advanced_s.gif Binary files differnew file mode 100644 index 0000000..b233549 --- /dev/null +++ b/usr/local/www/themes/the_wall/images/icons/icon_advanced_s.gif diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 36dc56e..8654fa0 100755 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -36,7 +36,7 @@ ##|*MATCH=vpn_ipsec.php* ##|-PRIV - +require("functions.inc"); require("guiconfig.inc"); if (!is_array($config['ipsec']['phase1'])) diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index 88815bf..c3f605d 100755 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -34,7 +34,7 @@ ##|*MATCH=vpn_ipsec_mobile.php* ##|-PRIV - +require("functions.inc"); require("guiconfig.inc"); if (!is_array($config['ipsec']['phase1'])) diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 399db37..b1f7a1a 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -36,7 +36,7 @@ ##|*MATCH=vpn_ipsec_phase1.php* ##|-PRIV - +require("functions.inc"); require("guiconfig.inc"); if (!is_array($config['ipsec']['phase1'])) diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index bb54c59..340a638 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -36,7 +36,7 @@ ##|*MATCH=vpn_ipsec_phase2.php* ##|-PRIV - +require("functions.inc"); require("guiconfig.inc"); if (!is_array($config['ipsec']['client'])) diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index c939e50..2b06f97 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -1124,7 +1124,7 @@ function netbios_change() { <?php else: ?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="10%" class="listhdrr">Disabled</td> <td width="10%" class="listhdrr">Protocol</td> @@ -1173,15 +1173,10 @@ function netbios_change() { </a> </td> </tr> - <tr> - <td colspan="4"> - <p> - <?=gettext("Additional OpenVPN servers can be added here.");?> - </p> - </td> - </tr> </table> + <?=gettext("Additional OpenVPN servers can be added here.");?> + <? endif; ?> </td> diff --git a/usr/local/www/widgets/widgets/captive_portal_status.widget.php b/usr/local/www/widgets/widgets/captive_portal_status.widget.php index 0d7468f..1b74d26 100644 --- a/usr/local/www/widgets/widgets/captive_portal_status.widget.php +++ b/usr/local/www/widgets/widgets/captive_portal_status.widget.php @@ -65,7 +65,7 @@ if ($fp) { foreach ($cpcontents as $cpcontent) { $cpent = explode(",", $cpcontent); if ($_GET['showact']) - $cpent[5] = captiveportal_get_last_activity($cpent[1]); + $cpent[5] = captiveportal_get_last_activity($cpent[2]); $cpdb[] = $cpent; } diff --git a/usr/local/www/wizards/traffic_shaper_wizard.xml b/usr/local/www/wizards/traffic_shaper_wizard.xml index f2128cd..cdbf296 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.xml +++ b/usr/local/www/wizards/traffic_shaper_wizard.xml @@ -160,7 +160,7 @@ </field> <field> <name>Address</name> - <type>input</type> + <type>inputalias</type> <description>This allows you to just provide the IP address of the computer(s) to Penalize. NOTE: You can also use a Firewall Alias in this location.</description> <bindstofield>ezshaper->step4->address</bindstofield> <message>IP Address field is non-blank and doesn't look like an IP address.</message> |
