diff options
Diffstat (limited to 'usr/local')
| -rwxr-xr-x | usr/local/sbin/pfSsh.php | 2 | ||||
| -rw-r--r-- | usr/local/www/diag_backup.php | 8 | ||||
| -rwxr-xr-x | usr/local/www/diag_dump_states.php | 12 | ||||
| -rw-r--r-- | usr/local/www/diag_logs_filter.php | 4 | ||||
| -rw-r--r-- | usr/local/www/index.php | 2 | ||||
| -rw-r--r-- | usr/local/www/interfaces.php | 107 | ||||
| -rw-r--r-- | usr/local/www/services_unbound.php | 4 | ||||
| -rw-r--r-- | usr/local/www/services_unbound_acls.php | 8 | ||||
| -rw-r--r-- | usr/local/www/services_unbound_advanced.php | 55 | ||||
| -rw-r--r-- | usr/local/www/status_interfaces.php | 9 | ||||
| -rw-r--r-- | usr/local/www/system_advanced_admin.php | 4 | ||||
| -rwxr-xr-x | usr/local/www/system_firmware_auto.php | 2 | ||||
| -rw-r--r-- | usr/local/www/system_routes_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec.php | 5 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 5 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_settings.php | 58 | ||||
| -rw-r--r-- | usr/local/www/widgets/widgets/ipsec.widget.php | 25 |
17 files changed, 239 insertions, 73 deletions
diff --git a/usr/local/sbin/pfSsh.php b/usr/local/sbin/pfSsh.php index 33cd2fc..6700c1c 100755 --- a/usr/local/sbin/pfSsh.php +++ b/usr/local/sbin/pfSsh.php @@ -4,14 +4,12 @@ require_once("globals.inc"); echo "Starting the {$g['product_name']} developer shell"; -$g['booting'] = true; require_once("functions.inc"); echo "."; require_once("config.inc"); echo "."; require_once("util.inc"); echo "."; -$g['booting'] = false; $shell_cmds = array("alias", "alloc", "bg", "bind", "bindkey", "break", "breaksw", "builtins", "case", "cd", "chdir", "command", "complete", "continue", "default", diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index d71a3b2..741dd66 100644 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -411,6 +411,14 @@ if ($_POST) { if(file_exists("{$g['tmp_path']}/config.cache")) unlink("{$g['tmp_path']}/config.cache"); $config = parse_config(true); + if (file_exists("/boot/loader.conf")) { + $loaderconf = file_get_contents("/boot/loader.conf"); + if (strpos($loaderconf, "comconsole")) { + $config['system']['enableserial'] = true; + write_config("Restore serial console enabling in configuration."); + } + unset($loaderconf); + } /* extract out rrd items, unset from $config when done */ if($config['rrddata']) { restore_rrddata(); diff --git a/usr/local/www/diag_dump_states.php b/usr/local/www/diag_dump_states.php index 4e1891f..de11a90 100755 --- a/usr/local/www/diag_dump_states.php +++ b/usr/local/www/diag_dump_states.php @@ -46,8 +46,8 @@ require_once("interfaces.inc"); /* handle AJAX operations */ if(isset($_POST['action']) && $_POST['action'] == "remove") { if (isset($_POST['srcip']) && isset($_POST['dstip']) && is_ipaddr($_POST['srcip']) && is_ipaddr($_POST['dstip'])) { - $retval = mwexec("/sbin/pfctl -k " . escapeshellarg($_POST['srcip']) . " -k " . escapeshellarg($_POST['dstip'])); - echo htmlentities("|{$_POST['srcip']}|{$_POST['dstip']}|{$retval}|"); + $retval = pfSense_kill_states($_POST['srcip'], $_POST['dstip']); + echo htmlentities("|{$_POST['srcip']}|{$_POST['dstip']}|0|"); } else { echo gettext("invalid input"); } @@ -56,16 +56,16 @@ if(isset($_POST['action']) && $_POST['action'] == "remove") { if (isset($_POST['filter']) && isset($_POST['killfilter'])) { if (is_ipaddr($_POST['filter'])) { - $tokill = escapeshellarg($_POST['filter'] . "/32"); + $tokill = $_POST['filter'] . "/32"; } elseif (is_subnet($_POST['filter'])) { - $tokill = escapeshellarg($_POST['filter']); + $tokill = $_POST['filter']; } else { // Invalid filter $tokill = ""; } if (!empty($tokill)) { - $retval = mwexec("/sbin/pfctl -k {$tokill} -k 0/0"); - $retval = mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$tokill}"); + $retval = pfSense_kill_states($tokill); + $retval = pfSense_kill_states("0.0.0.0/0", $tokill); } } diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php index eb2050b..f903983 100644 --- a/usr/local/www/diag_logs_filter.php +++ b/usr/local/www/diag_logs_filter.php @@ -368,13 +368,13 @@ include("head.inc"); ?> <td class="listMRr nowrap"> <img onclick="javascript:resolve_with_ajax('<?php echo "{$filterent['srcip']}"; ?>');" title="<?=gettext("Click to resolve");?>" class="ICON-<?= $src_htmlclass; ?>" border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_log.gif" alt="Icon Reverse Resolve with DNS"/> - <a href="easyrule.php?<?php echo "action=block&int={$int}&src={$filterent['srcip']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Add to Block List");?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.")?>')"> + <a href="easyrule.php?<?php echo "action=block&int={$int}&src={$filterent['srcip']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Add to Block List");?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")?>')"> <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_block_add.gif" alt="Icon Easy Rule: Add to Block List" /></a> <?php echo $srcstr . '<span class="RESOLVE-' . $src_htmlclass . '"></span>';?> </td> <td class="listMRr nowrap"> <img onclick="javascript:resolve_with_ajax('<?php echo "{$filterent['dstip']}"; ?>');" title="<?=gettext("Click to resolve");?>" class="ICON-<?= $dst_htmlclass; ?>" border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_log.gif" alt="Icon Reverse Resolve with DNS"/> - <a href="easyrule.php?<?php echo "action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic");?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.");?>')"> + <a href="easyrule.php?<?php echo "action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic");?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")?>')"> <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass_add.gif" alt="Icon Easy Rule: Pass this traffic" /></a> <?php echo $dststr . '<span class="RESOLVE-' . $dst_htmlclass . '"></span>';?> </td> diff --git a/usr/local/www/index.php b/usr/local/www/index.php index f9cbff8..57aee4a 100644 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -51,8 +51,8 @@ ob_start(null, "1000"); ## Load Essential Includes -require_once('functions.inc'); require_once('guiconfig.inc'); +require_once('functions.inc'); require_once('notices.inc'); require_once("pkg-utils.inc"); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index c044ea7..b79da65 100644 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -716,6 +716,8 @@ if ($_POST['apply']) { if (($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac']))) $input_errors[] = gettext("A valid MAC address must be specified."); if ($_POST['mtu']) { + if (!is_numericint($_POST['mtu'])) + $input_errors[] = "MTU must be an integer."; if (substr($wancfg['if'], 0, 3) == 'gif') { $min_mtu = 1280; $max_mtu = 8192; @@ -725,7 +727,7 @@ if ($_POST['apply']) { } if ($_POST['mtu'] < $min_mtu || $_POST['mtu'] > $max_mtu) - $input_errors[] = sprintf(gettext("The MTU must be from %d to %d bytes."), $min_mtu, $max_mtu); + $input_errors[] = sprintf(gettext("The MTU must be between %d and %d bytes."), $min_mtu, $max_mtu); unset($min_mtu, $max_mtu); @@ -751,12 +753,13 @@ if ($_POST['apply']) { continue; if (isset($ifdata['mtu']) && $ifdata['mtu'] > $_POST['mtu']) - $input_errors[] = sprintf(gettext("Interface %s (VLAN) has MTU set to a bigger value"), $ifdata['descr']); + $input_errors[] = sprintf(gettext("Interface %s (VLAN) has MTU set to a larger value"), $ifdata['descr']); } } } - if ($_POST['mss'] && ($_POST['mss'] < 576)) - $input_errors[] = gettext("The MSS must be greater than 576 bytes."); + if ($_POST['mss'] <> '') + if (!is_numericint($_POST['mss']) || ($_POST['mss'] < 576 || $_POST['mss'] > 65535)) + $input_errors[] = gettext("The MSS must be an integer between 576 and 65535 bytes."); /* Wireless interface? */ if (isset($wancfg['wireless'])) { $reqdfields = array("mode"); @@ -1064,40 +1067,68 @@ if ($_POST['apply']) { if($_POST['dhcp6usev4iface'] == "yes") $wancfg['dhcp6usev4iface'] = true; - $wancfg['adv_dhcp6_interface_statement_send_options'] = $_POST['adv_dhcp6_interface_statement_send_options']; - $wancfg['adv_dhcp6_interface_statement_request_options'] = $_POST['adv_dhcp6_interface_statement_request_options']; - $wancfg['adv_dhcp6_interface_statement_information_only_enable'] = $_POST['adv_dhcp6_interface_statement_information_only_enable']; - $wancfg['adv_dhcp6_interface_statement_script'] = $_POST['adv_dhcp6_interface_statement_script']; - - $wancfg['adv_dhcp6_id_assoc_statement_address_enable'] = $_POST['adv_dhcp6_id_assoc_statement_address_enable']; - $wancfg['adv_dhcp6_id_assoc_statement_address'] = $_POST['adv_dhcp6_id_assoc_statement_address']; - $wancfg['adv_dhcp6_id_assoc_statement_address_id'] = $_POST['adv_dhcp6_id_assoc_statement_address_id']; - $wancfg['adv_dhcp6_id_assoc_statement_address_pltime'] = $_POST['adv_dhcp6_id_assoc_statement_address_pltime']; - $wancfg['adv_dhcp6_id_assoc_statement_address_vltime'] = $_POST['adv_dhcp6_id_assoc_statement_address_vltime']; - - $wancfg['adv_dhcp6_id_assoc_statement_prefix_enable'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_enable']; - $wancfg['adv_dhcp6_id_assoc_statement_prefix'] = $_POST['adv_dhcp6_id_assoc_statement_prefix']; - $wancfg['adv_dhcp6_id_assoc_statement_prefix_id'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_id']; - $wancfg['adv_dhcp6_id_assoc_statement_prefix_pltime'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_pltime']; - $wancfg['adv_dhcp6_id_assoc_statement_prefix_vltime'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_vltime']; - - $wancfg['adv_dhcp6_prefix_interface_statement_sla_id'] = $_POST['adv_dhcp6_prefix_interface_statement_sla_id']; - $wancfg['adv_dhcp6_prefix_interface_statement_sla_len'] = $_POST['adv_dhcp6_prefix_interface_statement_sla_len']; - - $wancfg['adv_dhcp6_authentication_statement_authname'] = $_POST['adv_dhcp6_authentication_statement_authname']; - $wancfg['adv_dhcp6_authentication_statement_protocol'] = $_POST['adv_dhcp6_authentication_statement_protocol']; - $wancfg['adv_dhcp6_authentication_statement_algorithm'] = $_POST['adv_dhcp6_authentication_statement_algorithm']; - $wancfg['adv_dhcp6_authentication_statement_rdm'] = $_POST['adv_dhcp6_authentication_statement_rdm']; - - $wancfg['adv_dhcp6_key_info_statement_keyname'] = $_POST['adv_dhcp6_key_info_statement_keyname']; - $wancfg['adv_dhcp6_key_info_statement_realm'] = $_POST['adv_dhcp6_key_info_statement_realm']; - $wancfg['adv_dhcp6_key_info_statement_keyid'] = $_POST['adv_dhcp6_key_info_statement_keyid']; - $wancfg['adv_dhcp6_key_info_statement_secret'] = $_POST['adv_dhcp6_key_info_statement_secret']; - $wancfg['adv_dhcp6_key_info_statement_expire'] = $_POST['adv_dhcp6_key_info_statement_expire']; - - $wancfg['adv_dhcp6_config_advanced'] = $_POST['adv_dhcp6_config_advanced']; - $wancfg['adv_dhcp6_config_file_override'] = $_POST['adv_dhcp6_config_file_override']; - $wancfg['adv_dhcp6_config_file_override_path'] = $_POST['adv_dhcp6_config_file_override_path']; + if (!empty($_POST['adv_dhcp6_interface_statement_send_options'])) + $wancfg['adv_dhcp6_interface_statement_send_options'] = $_POST['adv_dhcp6_interface_statement_send_options']; + if (!empty($_POST['adv_dhcp6_interface_statement_request_options'])) + $wancfg['adv_dhcp6_interface_statement_request_options'] = $_POST['adv_dhcp6_interface_statement_request_options']; + if (isset($_POST['adv_dhcp6_interface_statement_information_only_enable'])) + $wancfg['adv_dhcp6_interface_statement_information_only_enable'] = $_POST['adv_dhcp6_interface_statement_information_only_enable']; + if (!empty($_POST['adv_dhcp6_interface_statement_script'])) + $wancfg['adv_dhcp6_interface_statement_script'] = $_POST['adv_dhcp6_interface_statement_script']; + + if (isset($_POST['adv_dhcp6_id_assoc_statement_address_enable'])) + $wancfg['adv_dhcp6_id_assoc_statement_address_enable'] = $_POST['adv_dhcp6_id_assoc_statement_address_enable']; + if (!empty($_POST['adv_dhcp6_id_assoc_statement_address'])) + $wancfg['adv_dhcp6_id_assoc_statement_address'] = $_POST['adv_dhcp6_id_assoc_statement_address']; + if (!empty($_POST['adv_dhcp6_id_assoc_statement_address_id'])) + $wancfg['adv_dhcp6_id_assoc_statement_address_id'] = $_POST['adv_dhcp6_id_assoc_statement_address_id']; + if (!empty($_POST['adv_dhcp6_id_assoc_statement_address_pltime'])) + $wancfg['adv_dhcp6_id_assoc_statement_address_pltime'] = $_POST['adv_dhcp6_id_assoc_statement_address_pltime']; + if (!empty($_POST['adv_dhcp6_id_assoc_statement_address_vltime'])) + $wancfg['adv_dhcp6_id_assoc_statement_address_vltime'] = $_POST['adv_dhcp6_id_assoc_statement_address_vltime']; + + if (isset($_POST['adv_dhcp6_id_assoc_statement_prefix_enable'])) + $wancfg['adv_dhcp6_id_assoc_statement_prefix_enable'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_enable']; + if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix'])) + $wancfg['adv_dhcp6_id_assoc_statement_prefix'] = $_POST['adv_dhcp6_id_assoc_statement_prefix']; + if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix_id'])) + $wancfg['adv_dhcp6_id_assoc_statement_prefix_id'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_id']; + if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix_pltime'])) + $wancfg['adv_dhcp6_id_assoc_statement_prefix_pltime'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_pltime']; + if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix_vltime'])) + $wancfg['adv_dhcp6_id_assoc_statement_prefix_vltime'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_vltime']; + + if (!empty($_POST['adv_dhcp6_prefix_interface_statement_sla_id'])) + $wancfg['adv_dhcp6_prefix_interface_statement_sla_id'] = $_POST['adv_dhcp6_prefix_interface_statement_sla_id']; + if (!empty($_POST['adv_dhcp6_prefix_interface_statement_sla_len'])) + $wancfg['adv_dhcp6_prefix_interface_statement_sla_len'] = $_POST['adv_dhcp6_prefix_interface_statement_sla_len']; + + if (!empty($_POST['adv_dhcp6_authentication_statement_authname'])) + $wancfg['adv_dhcp6_authentication_statement_authname'] = $_POST['adv_dhcp6_authentication_statement_authname']; + if (!empty($_POST['adv_dhcp6_authentication_statement_protocol'])) + $wancfg['adv_dhcp6_authentication_statement_protocol'] = $_POST['adv_dhcp6_authentication_statement_protocol']; + if (!empty($_POST['adv_dhcp6_authentication_statement_algorithm'])) + $wancfg['adv_dhcp6_authentication_statement_algorithm'] = $_POST['adv_dhcp6_authentication_statement_algorithm']; + if (!empty($_POST['adv_dhcp6_authentication_statement_rdm'])) + $wancfg['adv_dhcp6_authentication_statement_rdm'] = $_POST['adv_dhcp6_authentication_statement_rdm']; + + if (!empty($_POST['adv_dhcp6_key_info_statement_keyname'])) + $wancfg['adv_dhcp6_key_info_statement_keyname'] = $_POST['adv_dhcp6_key_info_statement_keyname']; + if (!empty($_POST['adv_dhcp6_key_info_statement_realm'])) + $wancfg['adv_dhcp6_key_info_statement_realm'] = $_POST['adv_dhcp6_key_info_statement_realm']; + if (!empty($_POST['adv_dhcp6_key_info_statement_keyid'])) + $wancfg['adv_dhcp6_key_info_statement_keyid'] = $_POST['adv_dhcp6_key_info_statement_keyid']; + if (!empty($_POST['adv_dhcp6_key_info_statement_secret'])) + $wancfg['adv_dhcp6_key_info_statement_secret'] = $_POST['adv_dhcp6_key_info_statement_secret']; + if (!empty($_POST['adv_dhcp6_key_info_statement_expire'])) + $wancfg['adv_dhcp6_key_info_statement_expire'] = $_POST['adv_dhcp6_key_info_statement_expire']; + + if (!empty($_POST['adv_dhcp6_config_advanced'])) + $wancfg['adv_dhcp6_config_advanced'] = $_POST['adv_dhcp6_config_advanced']; + if (!empty($_POST['adv_dhcp6_config_file_override'])) + $wancfg['adv_dhcp6_config_file_override'] = $_POST['adv_dhcp6_config_file_override']; + if (!empty($_POST['adv_dhcp6_config_file_override_path'])) + $wancfg['adv_dhcp6_config_file_override_path'] = $_POST['adv_dhcp6_config_file_override_path']; if($gateway_item) { $a_gateways[] = $gateway_item; diff --git a/usr/local/www/services_unbound.php b/usr/local/www/services_unbound.php index af7b649..ed99061 100644 --- a/usr/local/www/services_unbound.php +++ b/usr/local/www/services_unbound.php @@ -115,6 +115,8 @@ if ($_POST) { if (empty($_POST['active_interface'])) { $input_errors[] = "One or more Network Interfaces must be selected for binding."; + } else if (!isset($config['system']['dnslocalhost']) && (!in_array("lo0", $_POST['active_interface']) && !in_array("all", $_POST['active_interface']))) { + $input_errors[] = "This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces."; } if (empty($_POST['outgoing_interface'])) { @@ -276,7 +278,7 @@ function show_advanced_dns() { <?=gettext("Interface IPs used by the DNS Resolver for responding to queries from clients. If an interface has both IPv4 and IPv6 IPs, both are used. Queries to other interface IPs not selected below are discarded. The default behavior is to respond to queries on every available IPv4 and IPv6 address.");?> <br /><br /> <select id="active_interface" name="active_interface[]" multiple="multiple" size="<?php echo $size; ?>"> - <option value="" <?php if (empty($pconfig['active_interface']) || empty($pconfig['active_interface'][0])) echo 'selected="selected"'; ?>>All</option> + <option value="all" <?php if (empty($pconfig['active_interface']) || empty($pconfig['active_interface'][0]) || in_array("all", $pconfig['active_interface'], true)) echo 'selected="selected"'; ?>>All</option> <?php foreach ($interface_addresses as $laddr): $selected = ""; diff --git a/usr/local/www/services_unbound_acls.php b/usr/local/www/services_unbound_acls.php index bc01e1c..1c81949 100644 --- a/usr/local/www/services_unbound_acls.php +++ b/usr/local/www/services_unbound_acls.php @@ -92,21 +92,21 @@ if ($_POST) { $networkacl[$x]['mask'] = $pconfig["mask{$x}"]; $networkacl[$x]['description'] = $pconfig["description{$x}"]; if (!is_ipaddr($networkacl[$x]['acl_network'])) { - $input_errors[] = gettext("You must enter a valid network IP address for {$networkacl[$x]['acl_network']}."); + $input_errors[] = gettext("You must enter a valid IP address for each row under Networks."); } if (is_ipaddr($networkacl[$x]['acl_network'])) { if (!is_subnet($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) { - $input_errors[] = gettext("You must enter a valid IPv4 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); + $input_errors[] = gettext("You must enter a valid IPv4 netmask for each IPv4 row under Networks."); } } else if (function_exists("is_ipaddrv6")) { if (!is_ipaddrv6($networkacl[$x]['acl_network'])) { $input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}."); } else if (!is_subnetv6($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) { - $input_errors[] = gettext("You must enter a valid IPv6 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); + $input_errors[] = gettext("You must enter a valid IPv6 netmask for each IPv6 row under Networks."); } } else { - $input_errors[] = gettext("You must enter a valid IPv4 address for {$networkacl[$x]['acl_network']}."); + $input_errors[] = gettext("You must enter a valid IP address for each row under Networks."); } } else if (isset($networkacl[$x])) { unset($networkacl[$x]); diff --git a/usr/local/www/services_unbound_advanced.php b/usr/local/www/services_unbound_advanced.php index a6392e8..5d9a6f6 100644 --- a/usr/local/www/services_unbound_advanced.php +++ b/usr/local/www/services_unbound_advanced.php @@ -79,7 +79,12 @@ $pconfig['infra_cache_numhosts'] = isset($config['unbound']['infra_cache_numhost $pconfig['unwanted_reply_threshold'] = isset($config['unbound']['unwanted_reply_threshold']) ? $config['unbound']['unwanted_reply_threshold'] : 'disabled'; $pconfig['log_verbosity'] = isset($config['unbound']['log_verbosity']) ? $config['unbound']['log_verbosity'] : "1"; +if (isset($config['unbound']['disable_auto_added_access_control'])) { + $pconfig['disable_auto_added_access_control'] = true; +} + if ($_POST) { + unset($input_errors); $pconfig = $_POST; if ($_POST['apply']) { @@ -89,6 +94,45 @@ if ($_POST) { clear_subsystem_dirty('unbound'); } } else { + if (isset($_POST['msgcachesize']) && !in_array($_POST['msgcachesize'], array('4', '10', '20', '50', '100', '250', '512'), true)) { + $input_errors[] = "A valid value for Message Cache Size must be specified."; + } + if (isset($_POST['outgoing_num_tcp']) && !in_array($_POST['outgoing_num_tcp'], array('0', '10', '20', '30', '40', '50'), true)) { + $input_errors[] = "A valid value must be specified for Outgoing TCP Buffers."; + } + if (isset($_POST['outgoing_num_tcp']) && !in_array($_POST['incoming_num_tcp'], array('0', '10', '20', '30', '40', '50'), true)) { + $input_errors[] = "A valid value must be specified for Incoming TCP Buffers."; + } + if (isset($_POST['edns_buffer_size']) && !in_array($_POST['edns_buffer_size'], array('512', '1480', '4096'), true)) { + $input_errors[] = "A valid value must be specified for EDNS Buffer Size."; + } + if (isset($_POST['num_queries_per_thread']) && !in_array($_POST['num_queries_per_thread'], array('512', '1024', '2048'), true)) { + $input_errors[] = "A valid value must be specified for Number of queries per thread."; + } + if (isset($_POST['jostle_timeout']) && !in_array($_POST['jostle_timeout'], array('100', '200', '500', '1000'), true)) { + $input_errors[] = "A valid value must be specified for Jostle Timeout."; + } + if (isset($_POST['cache_max_ttl']) && (!is_numericint($_POST['cache_max_ttl']) || ($_POST['cache_max_ttl'] < 0))) { + $input_errors[] = "'Maximum TTL for RRsets and messages' must be a positive integer."; + } + if (isset($_POST['cache_min_ttl']) && (!is_numericint($_POST['cache_min_ttl']) || ($_POST['cache_min_ttl'] < 0))) { + $input_errors[] = "'Minimum TTL for RRsets and messages' must be a positive integer."; + } + if (isset($_POST['infra_host_ttl']) && !in_array($_POST['infra_host_ttl'], array('60', '120', '300', '600', '900'), true)) { + $input_errors[] = "A valid value must be specified for TTL for Host cache entries."; + } + if (isset($_POST['infra_lame_ttl']) && !in_array($_POST['infra_lame_ttl'], array('60', '120', '300', '600', '900'), true)) { + $input_errors[] = "A valid value must be specified for TTL for lame delegation."; + } + if (isset($_POST['infra_cache_numhosts']) && !in_array($_POST['infra_cache_numhosts'], array('1000', '5000', '10000', '20000', '50000'), true)) { + $input_errors[] = "A valid value must be specified for Number of Hosts to cache."; + } + if (isset($_POST['unwanted_reply_threshold']) && !in_array($_POST['unwanted_reply_threshold'], array('disabled', '5000000', '10000000', '20000000', '40000000', '50000000'), true)) { + $input_errors[] = "A valid value must be specified for Unwanted Reply Threshold."; + } + if (isset($_POST['log_verbosity']) && !in_array($_POST['log_verbosity'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Log level verbosity."; + } if (isset($_POST['hideidentity'])) { $config['unbound']['hideidentity'] = true; } else { @@ -132,6 +176,11 @@ if ($_POST) { $config['unbound']['infra_cache_numhosts'] = $_POST['infra_cache_numhosts']; $config['unbound']['unwanted_reply_threshold'] = $_POST['unwanted_reply_threshold']; $config['unbound']['log_verbosity'] = $_POST['log_verbosity']; + if (isset($_POST['disable_auto_added_access_control'])) { + $config['unbound']['disable_auto_added_access_control'] = true; + } else { + unset($config['unbound']['disable_auto_added_access_control']); + } write_config("DNS Resolver configured."); mark_subsystem_dirty('unbound'); @@ -404,7 +453,11 @@ include_once("head.inc"); </td> </tr> <tr> - <td colspan="2"> </td> + <td width="22%" valign="top" class="vncell"><?=gettext("Disable auto-added access control");?></td> + <td width="78%" class="vtable"> + <input name="disable_auto_added_access_control" type="checkbox" id="disable_auto_added_access_control" value="yes" <?php if (isset($pconfig['disable_auto_added_access_control'])) echo "checked=\"checked\"";?> /> + <?=gettext("Check this box to disable the automatically-added access control entries. By default, IPv4 and IPv6 networks residing on internal interfaces of this system are permitted. Allowed networks must be manually configured on the Access Lists tab if the auto-added entries are disabled.");?> + </td> </tr> <tr> <td width="22%"></td> diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php index 33b76c1..ec07fd1 100644 --- a/usr/local/www/status_interfaces.php +++ b/usr/local/www/status_interfaces.php @@ -321,7 +321,14 @@ include("head.inc"); ?> </td> </tr> - <?php endif; endif; if ($ifinfo['media']): ?> + <?php endif; endif; if ($ifinfo['mtu']): ?> + <tr> + <td width="22%" class="vncellt"><?=gettext("MTU");?></td> + <td width="78%" class="listr"> + <?=htmlspecialchars($ifinfo['mtu']);?> + </td> + </tr> + <?php endif; if ($ifinfo['media']): ?> <tr> <td width="22%" class="vncellt"><?=gettext("Media");?></td> <td width="78%" class="listr"> diff --git a/usr/local/www/system_advanced_admin.php b/usr/local/www/system_advanced_admin.php index 4dc3ea7..43bc1c7 100644 --- a/usr/local/www/system_advanced_admin.php +++ b/usr/local/www/system_advanced_admin.php @@ -90,7 +90,7 @@ if ($_POST) { $input_errors[] = gettext("You must specify a valid webConfigurator port number"); if ($_POST['max_procs']) - if(!is_numeric($_POST['max_procs']) || ($_POST['max_procs'] < 1) || ($_POST['max_procs'] > 500)) + if(!is_numericint($_POST['max_procs']) || ($_POST['max_procs'] < 1) || ($_POST['max_procs'] > 500)) $input_errors[] = gettext("Max Processes must be a number 1 or greater"); if ($_POST['althostnames']) { @@ -151,7 +151,7 @@ if ($_POST) { else unset($config['system']['enableserial']); - if (is_numeric($_POST['serialspeed'])) + if (is_numericint($_POST['serialspeed'])) $config['system']['serialspeed'] = $_POST['serialspeed']; else unset($config['system']['serialspeed']); diff --git a/usr/local/www/system_firmware_auto.php b/usr/local/www/system_firmware_auto.php index d649397..fae129b 100755 --- a/usr/local/www/system_firmware_auto.php +++ b/usr/local/www/system_firmware_auto.php @@ -73,7 +73,7 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <form action="system_firmware_auto.php" method="post"> -<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firmware auto-check"> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firmware auto-check"> <tr> <td> <?php diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 3abe8c2..84e0f92 100644 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -97,7 +97,7 @@ if ($_POST) { if (($_POST['gateway']) && is_ipaddr($_POST['network'])) { if (!isset($a_gateways[$_POST['gateway']])) $input_errors[] = gettext("A valid gateway must be specified."); - if(!validate_address_family($_POST['network'], lookup_gateway_ip_by_name($_POST['gateway']))) + if(!validate_address_family($_POST['network'], $_POST['gateway'])) $input_errors[] = gettext("The gateway '{$a_gateways[$_POST['gateway']]['gateway']}' is a different Address Family as network '{$_POST['network']}'."); } diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php index 6e68037..f5eb5d5 100644 --- a/usr/local/www/vpn_ipsec.php +++ b/usr/local/www/vpn_ipsec.php @@ -346,7 +346,10 @@ include("head.inc"); </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>"> <?=$spans;?> - <?=$ph1ent['mode'];?> + <?php + if (empty($ph1ent['iketype']) || $ph1ent['iketype'] == "ikev1") + echo "{$ph1ent['mode']}"; + ?> <?=$spane;?> </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>"> diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 856799b..a615fb5 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -329,6 +329,10 @@ if ($_POST) { if (!$input_errors) { $ph1ent['ikeid'] = $pconfig['ikeid']; $ph1ent['iketype'] = $pconfig['iketype']; + if ($pconfig['iketype'] != 'ikev1') + unset($ph1ent['mode']); + else + $ph1ent['mode'] = $pconfig['mode']; $ph1ent['disabled'] = $pconfig['disabled'] ? true : false; $ph1ent['interface'] = $pconfig['interface']; /* if the remote gateway changed and the interface is not WAN then remove route */ @@ -344,7 +348,6 @@ if ($_POST) { else $ph1ent['remote-gateway'] = $pconfig['remotegw']; - $ph1ent['mode'] = $pconfig['mode']; $ph1ent['protocol'] = $pconfig['protocol']; $ph1ent['myid_type'] = $pconfig['myid_type']; diff --git a/usr/local/www/vpn_ipsec_settings.php b/usr/local/www/vpn_ipsec_settings.php index 216825d..c753048 100644 --- a/usr/local/www/vpn_ipsec_settings.php +++ b/usr/local/www/vpn_ipsec_settings.php @@ -55,7 +55,63 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - + + if (!in_array($pconfig['ipsec_dmn'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Daemon debug."; + } + if (!in_array($pconfig['ipsec_mgr'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for SA Manager debug."; + } + if (!in_array($pconfig['ipsec_ike'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IKE SA debug."; + } + if (!in_array($pconfig['ipsec_chd'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IKE Child SA debug."; + } + if (!in_array($pconfig['ipsec_job'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Job Processing debug."; + } + if (!in_array($pconfig['ipsec_cfg'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Configuration backend debug."; + } + if (!in_array($pconfig['ipsec_knl'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Kernel Interface debug."; + } + if (!in_array($pconfig['ipsec_net'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Networking debug."; + } + if (!in_array($pconfig['ipsec_asn'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for ASN Encoding debug."; + } + if (!in_array($pconfig['ipsec_enc'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Message encoding debug."; + } + if (!in_array($pconfig['ipsec_imc'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Integrity checker debug."; + } + if (!in_array($pconfig['ipsec_imv'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Integrity Verifier debug."; + } + if (!in_array($pconfig['ipsec_pts'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for Platform Trust Service debug."; + } + if (!in_array($pconfig['ipsec_tls'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for TLS Handler debug."; + } + if (!in_array($pconfig['ipsec_esp'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for IPsec Traffic debug."; + } + if (!in_array($pconfig['ipsec_lib'], array('0', '1', '2', '3', '4', '5'), true)) { + $input_errors[] = "A valid value must be specified for StrongSwan Lib debug."; + } + if (isset($pconfig['maxmss'])) { + if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] <> '') { + $input_errors[] = "An integer must be specified for Maximum MSS."; + } + if ($pconfig['maxmss'] <> '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) + $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS"; + } + if (!$input_errors) { if($_POST['preferoldsa_enable'] == "yes") diff --git a/usr/local/www/widgets/widgets/ipsec.widget.php b/usr/local/www/widgets/widgets/ipsec.widget.php index dcedf59..e510005 100644 --- a/usr/local/www/widgets/widgets/ipsec.widget.php +++ b/usr/local/www/widgets/widgets/ipsec.widget.php @@ -63,18 +63,23 @@ if (isset($config['ipsec']['phase1'])){?> ipsec_lookup_phase1($ph2ent,$ph1ent); if (!isset($ph1ent['disabled']) && !isset($ph2ent['disabled'])) { - if (is_array($ipsec_status['query']) && is_array($ipsec_status['query']['ikesalist']) && - is_array($ipsec_status['query']['ikesalist']['ikesa']) && - ipsec_phase1_status($ipsec_status['query']['ikesalist']['ikesa'], $ph1ent['ikeid'])) { - /* tunnel is up */ - $iconfn = "true"; - $activecounter++; - } else { - /* tunnel is down */ - $iconfn = "false"; - $inactivecounter++; + is_array($ipsec_status['query']['ikesalist']['ikesa'])) { + foreach ($ipsec_status['query']['ikesalist']['ikesa'] as $ikeid => $ikesa) { + if ($ph1ent['ikeid'] == substr($ikesa['peerconfig'], 3)) { + $ikeid = $ikesa['id']; + if (ipsec_phase1_status($ipsec_status['query']['ikesalist']['ikesa'], $ikeid)) { + /* tunnel is up */ + $iconfn = "true"; + $activecounter++; + } else { + /* tunnel is down */ + $iconfn = "false"; + $inactivecounter++; + } + } + } } $ipsec_detail_array[] = array('src' => convert_friendly_interface_to_friendly_descr($ph1ent['interface']), |
