From a79a163a55ddbca126d701bfb7d3dc723d927d10 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 2 Jan 2019 20:36:10 +0100 Subject: [PATCH] interfaces: allow OPT1 to carry anti-lockout #3005 When no LAN is present OPT1 can now be configured. To make sure that anti-lockout doesn't shift never again assume that "LAN" can be assigned. The same is already true for "WAN". Some style while here... --- src/etc/inc/console.inc | 5 ++- src/etc/inc/filter.lib.inc | 3 +- src/www/interfaces_assign.php | 79 ++++++++++++++++------------------- 3 files changed, 42 insertions(+), 45 deletions(-) diff --git a/src/etc/inc/console.inc b/src/etc/inc/console.inc index 64085a66b..8b21cd5bf 100644 --- a/src/etc/inc/console.inc +++ b/src/etc/inc/console.inc @@ -221,7 +221,7 @@ EOD; } } while (!$lanif); - $done = 0; + $done = false; while (!$done) { /* optional interfaces */ $optif = array(); @@ -237,7 +237,8 @@ EOD; printf("\nOptional interface %s description found: %s", $io, $config['interfaces']['opt' . $io]['descr']); } - printf("\nEnter the Optional %s interface name or 'a' for auto-detection\n" . + printf("\nEnter the Optional interface %s name or 'a' for auto-detection\n" . + "NOTE: this enables full Firewalling/NAT mode.\n" . "(or nothing if finished): ", $io); if ($interactive) { diff --git a/src/etc/inc/filter.lib.inc b/src/etc/inc/filter.lib.inc index 86a0aafde..e9a755b17 100644 --- a/src/etc/inc/filter.lib.inc +++ b/src/etc/inc/filter.lib.inc @@ -97,6 +97,8 @@ function filter_core_get_antilockout() if (!empty($config['interfaces']['lan']['if'])) { $lockout_if = 'lan'; + } elseif (!empty($config['interfaces']['opt1']['if'])) { + $lockout_if = 'opt1'; } elseif (count(get_configured_interface_with_descr()) == 1 && !empty($config['interfaces']['wan']['if'])) { $lockout_if = 'wan'; } else { @@ -533,5 +535,4 @@ function filter_core_rules_system($fw, $defaults) } } } - } diff --git a/src/www/interfaces_assign.php b/src/www/interfaces_assign.php index df677ad2d..585bea75f 100644 --- a/src/www/interfaces_assign.php +++ b/src/www/interfaces_assign.php @@ -1,32 +1,32 @@ - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ + * Copyright (C) 2014-2015 Deciso B.V. + * Copyright (C) 2004 Jim McBeath + * Copyright (C) 2003-2005 Manuel Kasper + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ require_once("guiconfig.inc"); require_once("filter.inc"); @@ -125,8 +125,7 @@ function list_interfaces() { if ($_SERVER['REQUEST_METHOD'] === 'POST') { $input_errors = array(); if (isset($_POST['add_x']) && isset($_POST['if_add'])) { - // ** Add new ** - // if interface is already used, redirect. + /* if interface is already used redirect */ foreach (legacy_config_get_interfaces() as $ifname => $ifdata) { if ($ifdata['if'] == $_POST['if_add']) { header(url_safe('Location: /interfaces_assign.php')); @@ -135,19 +134,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { } /* find next free optional interface number */ - if(empty($config['interfaces']['lan'])) { - $newifname = 'lan'; - $descr = gettext("LAN"); - } else { - for ($i = 1; $i <= count($config['interfaces']); $i++) { - if (empty($config['interfaces']["opt{$i}"])) { - break; - } + for ($i = 1; $i <= count($config['interfaces']); $i++) { + if (empty($config['interfaces']["opt{$i}"])) { + break; } - $newifname = 'opt' . $i; - $descr = "OPT" . $i; } + $newifname = 'opt' . $i; + $descr = 'OPT' . $i; + $config['interfaces'][$newifname] = array(); $config['interfaces'][$newifname]['descr'] = $descr; $config['interfaces'][$newifname]['if'] = $_POST['if_add']; @@ -168,11 +163,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { $id = $_POST['id']; if (link_interface_to_group($id)) { $input_errors[] = gettext("The interface is part of a group. Please remove it from the group to continue"); - } else if (link_interface_to_bridge($id)) { + } elseif (link_interface_to_bridge($id)) { $input_errors[] = gettext("The interface is part of a bridge. Please remove it from the bridge to continue"); - } else if (link_interface_to_gre($id)) { + } elseif (link_interface_to_gre($id)) { $input_errors[] = gettext("The interface is part of a gre tunnel. Please delete the tunnel to continue"); - } else if (link_interface_to_gif($id)) { + } elseif (link_interface_to_gif($id)) { $input_errors[] = gettext("The interface is part of a gif tunnel. Please delete the tunnel to continue"); } else { // no validation errors, delete entry @@ -207,7 +202,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { * then ensure that we are not running DHCP on the wan which * will make a lot of ISP's unhappy. */ - if(!empty($config['interfaces']['lan']) && !empty($config['dhcpd']['wan']) && !empty($config['dhcpd']['wan']) ) { + if (!empty($config['interfaces']['lan']) && !empty($config['dhcpd']['wan']) && !empty($config['dhcpd']['wan']) ) { unset($config['dhcpd']['wan']); } link_interface_to_vlans($realid);