From d57f6f21b98e5d449d1098faeffedcf99f5431ca Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 29 May 2012 10:46:37 -0400
Subject: Add a knob to tune the maximum number of tables that can be defined,
 the pf default of 1000 is too low for systems with >500 aliases.

---
 usr/local/www/system_advanced_firewall.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'usr')

diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index 6983422..3d3a026 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -55,6 +55,7 @@ $pconfig['scrubrnid'] = $config['system']['scrubrnid'];
 $pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout'];
 $pconfig['optimization'] = $config['filter']['optimization'];
 $pconfig['maximumstates'] = $config['system']['maximumstates'];
+$pconfig['maximumtables'] = $config['system']['maximumtables'];
 $pconfig['maximumtableentries'] = $config['system']['maximumtableentries'];
 $pconfig['disablereplyto'] = isset($config['system']['disablereplyto']);
 $pconfig['disablenegate'] = isset($config['system']['disablenegate']);
@@ -78,6 +79,9 @@ if ($_POST) {
 	if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) {
 		$input_errors[] = gettext("The Firewall Maximum States value must be an integer.");
 	}
+	if ($_POST['maximumtables'] && !is_numericint($_POST['maximumtables'])) {
+		$input_errors[] = gettext("The Firewall Maximum Tables value must be an integer.");
+	}
 	if ($_POST['maximumtableentries'] && !is_numericint($_POST['maximumtableentries'])) {
 		$input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer.");
 	}
@@ -119,6 +123,7 @@ if ($_POST) {
 
 		$config['system']['optimization'] = $_POST['optimization'];
 		$config['system']['maximumstates'] = $_POST['maximumstates'];
+		$config['system']['maximumtables'] = $_POST['maximumtables'];
 		$config['system']['maximumtableentries'] = $_POST['maximumtableentries'];
 
 		if($_POST['disablenatreflection'] == "yes")
@@ -315,6 +320,22 @@ function update_description(itemnum) {
 								</td>
 							</tr>
 							<tr>
+								<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Tables");?></td>
+								<td width="78%" class="vtable">
+									<input name="maximumtables" type="text" id="maximumtables" value="<?php echo $pconfig['maximumtables']; ?>" />
+									<br/>
+									<strong><?=gettext("Maximum number of tables for systems such as aliases, sshlockout, snort, etc, combined.");?></strong>
+									<br/><?php echo gettext("This is the actual number of tables, not the number of entries inside the tables (see below)");?>
+									<br/>
+									<span class="vexpl">
+										<?=gettext("Note:  Leave this blank for the default.");?>
+										<?php if (empty($pconfig['maximumtables'])): ?>
+											<?= gettext("On your system the default size is:");?> <?= pfsense_default_tables_size(); ?>
+										<?php endif; ?>
+									</span>
+								</td>
+							</tr>
+							<tr>
 								<td width="22%" valign="top" class="vncell"><?=gettext("Firewall Maximum Table Entries");?></td>
 								<td width="78%" class="vtable">
 									<input name="maximumtableentries" type="text" id="maximumtableentries" value="<?php echo $pconfig['maximumtableentries']; ?>" />
-- 
cgit v1.1