From a23d72487189307f63465c7150f6ca3a0cb027b3 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sun, 5 Dec 2004 19:56:11 +0000 Subject: Merge in m0n0wall 1.2b3 changes. --- usr/local/www/firewall_rules_edit.php | 8 +- usr/local/www/gui.css | 23 +++- usr/local/www/interfaces.php | 224 +++++++++++++++++----------------- usr/local/www/interfaces_opt.php | 13 +- usr/local/www/interfaces_wan.php | 224 +++++++++++++++++----------------- 5 files changed, 252 insertions(+), 240 deletions(-) (limited to 'usr/local') diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 9f21b71..21186eb 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -151,6 +151,8 @@ if (isset($id) && $a_filter[$id]) { } else { /* defaults */ + if ($_GET['if']) + $pconfig['interface'] = $_GET['if']; $pconfig['type'] = "pass"; $pconfig['src'] = "any"; $pconfig['dst'] = "any"; @@ -340,7 +342,7 @@ if ($_POST) { write_config(); touch($d_filterconfdirty_path); - header("Location: firewall_rules.php"); + header("Location: firewall_rules.php?if=" . $_POST['interface']); exit; } } @@ -650,8 +652,8 @@ function dst_rep_change() { -
Specify the port or port range for - the source of the packet for this rule.
+ Specify the port or port range for + the source of the packet for this rule. This is usually not equal to the destination port range (and is often "any").
Hint: you can leave the 'to' field empty if you only want to filter a single port diff --git a/usr/local/www/gui.css b/usr/local/www/gui.css index 0c51fe6..b29e281 100755 --- a/usr/local/www/gui.css +++ b/usr/local/www/gui.css @@ -43,6 +43,11 @@ form { font-size: 13px; font-weight: bold; } +.formbtns { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 10px; + font-weight: bold; +} .vvcell { background-color: #FFFFC6; } @@ -125,7 +130,7 @@ a { border-right: 1px solid #999999; border-bottom: 1px solid #999999; font-size: 11px; - padding-right: 16px; + padding-right: 6px; padding-left: 6px; padding-top: 4px; padding-bottom: 4px; @@ -183,7 +188,7 @@ a { border-bottom: 1px solid #999999; border-left: 1px solid #999999; font-size: 11px; - padding-right: 16px; + padding-right: 6px; padding-left: 6px; padding-top: 4px; padding-bottom: 4px; @@ -206,7 +211,6 @@ a { .listt { font-size: 11px; padding-top: 5px; - padding-left: 4px; } .listhdrrns { background-color: #BBBBBB; @@ -240,6 +244,19 @@ a { padding-top: 5px; padding-bottom: 5px; } +.optsect_t { + border-right: 1px solid #999999; + background-color: #435370; + padding-right: 6px; + padding-left: 6px; + padding-top: 2px; + padding-bottom: 2px; +} +.optsect_s { + font-size: 11px; + color: #FFFFFF; + font-weight: bold; +} ul#tabnav { font-size: 11px; font-weight: bold; diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 076650d..36498d1 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1,22 +1,22 @@ #!/usr/local/bin/php -. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -37,11 +37,7 @@ $optcfg = &$config['interfaces']['wan']; $pconfig['username'] = $config['pppoe']['username']; $pconfig['password'] = $config['pppoe']['password']; $pconfig['provider'] = $config['pppoe']['provider']; - -$pconfig['bandwidth'] = $config['bandwidth']; -$pconfig['bandwidthtype'] = $config['bandwidthtype']; - -$pconfig['pppoe_dialondemand'] = $config['pppoe']['ondemand']; +$pconfig['pppoe_dialondemand'] = isset($config['pppoe']['ondemand']); $pconfig['pppoe_idletimeout'] = $config['pppoe']['timeout']; $pconfig['pptp_username'] = $config['pptp']['username']; @@ -49,7 +45,7 @@ $pconfig['pptp_password'] = $config['pptp']['password']; $pconfig['pptp_local'] = $config['pptp']['local']; $pconfig['pptp_subnet'] = $config['pptp']['subnet']; $pconfig['pptp_remote'] = $config['pptp']['remote']; -$pconfig['pptp_dialondemand'] = $config['pptp']['ondemand']; +$pconfig['pptp_dialondemand'] = isset($config['pptp']['ondemand']); $pconfig['pptp_idletimeout'] = $config['pptp']['timeout']; $pconfig['bigpond_username'] = $config['bigpond']['username']; @@ -73,14 +69,12 @@ if ($wancfg['ipaddr'] == "dhcp") { $pconfig['ipaddr'] = $wancfg['ipaddr']; $pconfig['subnet'] = $wancfg['subnet']; $pconfig['gateway'] = $wancfg['gateway']; + $pconfig['pointtopoint'] = $wancfg['pointtopoint']; } $pconfig['blockpriv'] = isset($wancfg['blockpriv']); $pconfig['spoofmac'] = $wancfg['spoofmac']; $pconfig['mtu'] = $wancfg['mtu']; -$pconfig['bandwidth'] = $wancfg['bandwidth']; -$pconfig['bandwidthtype'] = $wancfg['bandwidthtype']; -$pconfig['schedulertype'] = $wancfg['schedulertype']; /* Wireless interface? */ if (isset($optcfg['wireless'])) { @@ -121,7 +115,7 @@ if ($_POST) { $reqdfieldsn = explode(",", "BigPond username,BigPond password"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); } - + if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { $input_errors[] = "A valid IP address must be specified."; } @@ -131,10 +125,13 @@ if ($_POST) { if (($_POST['gateway'] && !is_ipaddr($_POST['gateway']))) { $input_errors[] = "A valid gateway must be specified."; } + if (($_POST['pointtopoint'] && !is_ipaddr($_POST['pointtopoint']))) { + $input_errors[] = "A valid point-to-point IP address must be specified."; + } if (($_POST['provider'] && !is_domain($_POST['provider']))) { $input_errors[] = "The service name contains invalid characters."; } - if ($_POST['pppoe_idletimeout'] && !is_numericint($_POST['pppoe_idletimeout'])) { + if (($_POST['pppoe_idletimeout'] != "") && !is_numericint($_POST['pppoe_idletimeout'])) { $input_errors[] = "The idle timeout value must be an integer."; } if (($_POST['pptp_local'] && !is_ipaddr($_POST['pptp_local']))) { @@ -146,7 +143,7 @@ if ($_POST) { if (($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote']))) { $input_errors[] = "A valid PPTP remote IP address must be specified."; } - if ($_POST['pptp_idletimeout'] && !is_numericint($_POST['pptp_idletimeout'])) { + if (($_POST['pptp_idletimeout'] != "") && !is_numericint($_POST['pptp_idletimeout'])) { $input_errors[] = "The idle timeout value must be an integer."; } if (($_POST['bigpond_authserver'] && !is_domain($_POST['bigpond_authserver']))) { @@ -164,7 +161,7 @@ if ($_POST) { if ($_POST['mtu'] && (($_POST['mtu'] < 576) || ($_POST['mtu'] > 1500))) { $input_errors[] = "The MTU must be between 576 and 1500 bytes."; } - + /* Wireless interface? */ if (isset($optcfg['wireless'])) { $wi_input_errors = wireless_config_post(); @@ -174,13 +171,11 @@ if ($_POST) { } if (!$input_errors) { - + unset($wancfg['ipaddr']); unset($wancfg['subnet']); unset($wancfg['gateway']); - unset($wancfg['bandwidth']); - unset($wancfg['bandwidthtype']); - unset($wancfg['schedulertype']); + unset($wancfg['pointtopoint']); unset($wancfg['dhcphostname']); unset($config['pppoe']['username']); unset($config['pppoe']['password']); @@ -199,14 +194,13 @@ if ($_POST) { unset($config['bigpond']['authserver']); unset($config['bigpond']['authdomain']); unset($config['bigpond']['minheartbeatinterval']); - - $wancfg['bandwidth'] = $_POST['bandwidth']; - $wancfg['bandwidthtype'] = $_POST['bandwidthtype']; - + if ($_POST['type'] == "Static") { $wancfg['ipaddr'] = $_POST['ipaddr']; $wancfg['subnet'] = $_POST['subnet']; $wancfg['gateway'] = $_POST['gateway']; + if (isset($wancfg['ispointtopoint'])) + $wancfg['pointtopoint'] = $_POST['pointtopoint']; } else if ($_POST['type'] == "DHCP") { $wancfg['ipaddr'] = "dhcp"; $wancfg['dhcphostname'] = $_POST['dhcphostname']; @@ -215,7 +209,7 @@ if ($_POST) { $config['pppoe']['username'] = $_POST['username']; $config['pppoe']['password'] = $_POST['password']; $config['pppoe']['provider'] = $_POST['provider']; - $config['pppoe']['ondemand'] = $_POST['pppoe_dialondemand']; + $config['pppoe']['ondemand'] = $_POST['pppoe_dialondemand'] ? true : false; $config['pppoe']['timeout'] = $_POST['pppoe_idletimeout']; } else if ($_POST['type'] == "PPTP") { $wancfg['ipaddr'] = "pptp"; @@ -224,7 +218,7 @@ if ($_POST) { $config['pptp']['local'] = $_POST['pptp_local']; $config['pptp']['subnet'] = $_POST['pptp_subnet']; $config['pptp']['remote'] = $_POST['pptp_remote']; - $config['pptp']['ondemand'] = $_POST['pptp_dialondemand']; + $config['pptp']['ondemand'] = $_POST['pptp_dialondemand'] ? true : false; $config['pptp']['timeout'] = $_POST['pptp_idletimeout']; } else if ($_POST['type'] == "BigPond") { $wancfg['ipaddr'] = "bigpond"; @@ -234,13 +228,13 @@ if ($_POST) { $config['bigpond']['authdomain'] = $_POST['bigpond_authdomain']; $config['bigpond']['minheartbeatinterval'] = $_POST['bigpond_minheartbeatinterval']; } - $wancfg['schedulertype'] = $_POST['schedulertype']; + $wancfg['blockpriv'] = $_POST['blockpriv'] ? true : false; $wancfg['spoofmac'] = $_POST['spoofmac']; $wancfg['mtu'] = $_POST['mtu']; - + write_config(); - + $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { config_lock(); @@ -410,73 +404,83 @@ function type_change(enable_change,enable_change_pptp) { -

Interfaces: WAN

- + - + - - + + - + - - + - - + - - + + - + - + + + + + - - + @@ -514,46 +518,42 @@ function type_change(enable_change,enable_change_pptp) {
The bandwidth setting will define the speed of the interface for traffic shaping. - - - - - - + + - + - + - - + + - + - - + - - + - - + - @@ -564,42 +564,42 @@ function type_change(enable_change,enable_change_pptp) { seconds
If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature. - + - - + + - + - - + - - + - + - - + - @@ -610,29 +610,29 @@ function type_change(enable_change,enable_change_pptp) { seconds
If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. An idle timeout of zero disables this feature. - + - - + + - + - - + - - + - + - - - + - + - - + -

Type

General configuration
General configuration
MAC address	+	- This field can be used to modify ("spoof") the MAC + This field can be used to modify ("spoof") the MAC address of the WAN interface (may be required with some cable connections) - Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx + Enter a MAC address in the following format: xx:xx:xx:xx:xx:xx or leave blank
MTU	+	- If you enter a value in this field, then MSS clamping for - TCP connections to the value entered above minus 40 (TCP/IP - header size) will be in effect. If you leave this field blank, - an MTU of 1492 bytes for PPPoE and 1500 bytes for all other + If you enter a value in this field, then MSS clamping for + TCP connections to the value entered above minus 40 (TCP/IP + header size) will be in effect. If you leave this field blank, + an MTU of 1492 bytes for PPPoE and 1500 bytes for all other connection types will be assumed.

Static IP configuration
Static IP configuration
IP address	- / + /
Point-to-point IP address	+ +
Gateway	+


DHCP client configuration
DHCP client configuration
Hostname	- The value in this field is sent as the DHCP client identifier - and hostname when requesting a DHCP lease. Some ISPs may require + The value in this field is sent as the DHCP client identifier + and hostname when requesting a DHCP lease. Some ISPs may require this (for client identification).

PPPoE configuration
PPPoE configuration
Username	+
Password	+
Service name	- Hint: this field can usually be left +	+ Hint: this field can usually be left empty
Dial on demand	onClick="enable_change(false)" > +	onClick="enable_change(false)" > Enable Dial-On-Demand mode This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.

PPTP configuration
PPTP configuration
Username	+
Password	+
Local IP address	- / + /
Remote IP address	+
Dial on demand	onClick="enable_change_pptp(false)" > +	onClick="enable_change_pptp(false)" > Enable Dial-On-Demand mode This option causes the interface to operate in dial-on-demand mode, allowing you to have a virtual full time connection. The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.

BigPond Cable configuration
BigPond Cable configuration
Username	+
Password	+
Authentication server	If this field is left empty, the default ("dce-server") is used.
Authentication domain	@@ -647,30 +647,28 @@ function type_change(enable_change,enable_change_pptp) { seconds Setting this to a sensible value (e.g. 60 seconds) can protect against DoS attacks.

	> +	> Block private networks - When set, this option blocks traffic from IP addresses that + When set, this option blocks traffic from IP addresses that are reserved for private - networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as + networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses - (127/8). You should generally leave this option turned on, + (127/8). You should generally leave this option turned on, unless your WAN network lies in such a private address space, too.
	+

diff --git a/usr/local/www/interfaces_opt.php b/usr/local/www/interfaces_opt.php index 3c8f560..c2f4226 100755 --- a/usr/local/www/interfaces_opt.php +++ b/usr/local/www/interfaces_opt.php @@ -159,13 +159,10 @@ if ($_POST) {