lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 03:16:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: shared forwarding is off by default, config option

Browse Source
This commit is contained in:
Franco Fichtner 2017-02-15 08:25:18 +01:00
parent e6dccb60aa
commit 734de5e8a7
3 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/etc/inc/filter.inc
View File

@ -577,7 +577,14 @@ function filter_configure_sync($verbose = false)
return;
}
# If we are not using bogonsv6 then we can remove any bogonsv6 table from the running pf (if the table is not there, the kill is still fine).
/* set shared forwarding according to config option */
set_single_sysctl('net.pf.share_forward', !empty($config['system']['pf_share_forward']) ? '1' : '0');
/*
* If we are not using bogonsv6 then we can remove any
* bogonsv6 table from the running pf (if the table is
* not there, the kill is still fine).
*/
if (!is_bogonsv6_used()) {
$_grbg = exec('/sbin/pfctl -t bogonsv6 -T kill 2>/dev/null');
}

2
src/etc/inc/system.inc
View File

@ -1521,7 +1521,7 @@ function system_kernel_configure($verbose = false)
log_error(sprintf('Loading %s cryptographic accelerator module.', $config['system']['crypto_hardware']));
$mods[] = $config['system']['crypto_hardware'];
}
if (isset($config['system']['cryptodev_enable'])) {
if (!empty($config['system']['cryptodev_enable'])) {
log_error('Loading cryptodev kernel module.');
$mods[] = 'cryptodev';
}

19
src/www/system_advanced_firewall.php
View File

@ -57,6 +57,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['kill_states'] = isset($config['system']['kill_states']);
$pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']);
$pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']);
$pconfig['pf_share_forward'] = isset($config['system']['pf_share_forward']);
$pconfig['srctrack'] = !empty($config['system']['srctrack']) ? $config['system']['srctrack'] : null;
if (!isset($config['system']['disablenatreflection'])) {
$pconfig['natreflection'] = "purenat";
@ -94,6 +95,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer.");
}
if (count($input_errors) == 0) {
if (!empty($pconfig['pf_share_forward'])) {
$config['system']['pf_share_forward'] = true;
} elseif (isset($config['system']['pf_share_forward'])) {
unset($config['system']['pf_share_forward']);
}
if (!empty($pconfig['lb_use_sticky'])) {
$config['system']['lb_use_sticky'] = true;
@ -372,6 +378,19 @@ include("head.inc");
</div>
</td>
</tr>
<tr>
<td><a id="help_for_pf_share_forward" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Shared forwarding');?> </td>
<td>
<input name="pf_share_forward" type="checkbox" id="pf_share_forward" value="yes" <?= !empty($pconfig['pf_share_forward']) ? 'checked="checked"' : '' ?>/>
<strong><?=gettext('Use shared forwarding between filter and traffic shaper / captive portal'); ?></strong><br />
<div class="hidden" for="help_for_pf_share_forward">
<?= gettext('Using policy routing in the filter rules causes packets to skip ' .
'processing for the traffic shaper and captive portal tasks. ' .
'Using this option enables the sharing of such forwarding decisions ' .
'between all components to accomodate complex setups. Use with care.') ?>
</div>
</td>
</tr>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Schedules"); ?></th>
</tr>