diff options
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 1257de3..1cb3b69 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -146,6 +146,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['log'] = isset($a_filter[$id]['log']); $pconfig['frags'] = isset($a_filter[$id]['frags']); $pconfig['descr'] = $a_filter[$id]['descr']; + $pconfig['statetype'] = $a_filter[$id]['statetype']; } else { @@ -327,6 +328,8 @@ if ($_POST) { $filterent['max-src-nodes'] = $_POST['max-src-nodes']; $filterent['max-src-states'] = $_POST['max-src-states']; + $filterent['statetype'] = $_POST['statetype']; + write_config(); touch($d_filterconfdirty_path); @@ -787,6 +790,24 @@ Hint: the difference between block and reject is that with reject, a packet (TCP </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">State Type</td> + <td width="78%" class="vtable"> + <select name"statetype"> + <option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>>keep state</option> + <option value="modulate state" <?php if($pconfig['statetype'] == "modulate state") echo "selected"; ?>>modulate state</option> + <option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>>synproxy state</option> + <option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>>none</option> + </select><br>HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state. + <p><strong> + <table> + <tr><td><li>keep state</li></td><td>works with TCP, UDP, and ICMP.</td></tr> + <tr><td><li>modulate state</li></td><td>works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs) for packets matching this rule.</li></td></tr> + <tr><td><li>synproxy state</li></td><td>proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.</td></tr> + <tr><td><li>none</li></td><td>do not use state mechanisms to keep track. this is only useful if your doing advanced queueing in certain situations. please check the faq.</td></tr> + </strong> + </td> + </tr> <tr> <td width="22%" valign="top"> </td> |