From aaa4813103fe74c3e1922db6f3b1b2b7fde137e8 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Mon, 21 Nov 2016 20:20:58 +0100 Subject: [PATCH] (firewall) add maximum fragements, closes https://github.com/opnsense/core/issues/1246 --- src/etc/inc/filter.inc | 3 +++ src/www/system_advanced_firewall.php | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 72973749d..0255fc2ec 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -471,6 +471,9 @@ function filter_configure_sync($verbose = false) $limitrules .= "set limit states {$max_states}\n"; $limitrules .= "set limit src-nodes {$max_states}\n"; } + if (!empty($config['system']['maximumfrags'])) { + $limitrules .= "set limit frags {$config['system']['maximumfrags']}\n"; + } if (isset($config['system']['lb_use_sticky']) && is_numeric($config['system']['srctrack']) && ($config['system']['srctrack'] > 0)) { $limitrules .= "set timeout src.track {$config['system']['srctrack']}\n"; diff --git a/src/www/system_advanced_firewall.php b/src/www/system_advanced_firewall.php index 03dfd5145..1e8775061 100644 --- a/src/www/system_advanced_firewall.php +++ b/src/www/system_advanced_firewall.php @@ -45,6 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $pconfig['disablefilter'] = !empty($config['system']['disablefilter']); $pconfig['optimization'] = isset($config['system']['optimization']) ? $config['system']['optimization'] : "normal"; $pconfig['maximumstates'] = isset($config['system']['maximumstates']) ? $config['system']['maximumstates'] : null; + $pconfig['maximumfrags'] = isset($config['system']['maximumfrags']) ? $config['system']['maximumfrags'] : null; $pconfig['adaptivestart'] = isset($config['system']['adaptivestart']) ? $config['system']['adaptivestart'] : null; $pconfig['adaptiveend'] = isset($config['system']['adaptiveend']) ? $config['system']['adaptiveend'] : null; $pconfig['aliasesresolveinterval'] = isset($config['system']['aliasesresolveinterval']) ? $config['system']['aliasesresolveinterval'] : null; @@ -83,6 +84,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (!empty($pconfig['maximumstates']) && !is_numericint($pconfig['maximumstates'])) { $input_errors[] = gettext("The Firewall Maximum States value must be an integer."); } + if (!empty($pconfig['maximumfrags']) && !is_numericint($pconfig['maximumfrags'])) { + $input_errors[] = gettext("The Firewall Maximum Frags value must be an integer."); + } if (!empty($pconfig['aliasesresolveinterval']) && !is_numericint($pconfig['aliasesresolveinterval'])) { $input_errors[] = gettext("The Aliases Hostname Resolve Interval value must be an integer."); } @@ -160,6 +164,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $config['system']['optimization'] = $pconfig['optimization']; $config['system']['maximumstates'] = $pconfig['maximumstates']; + $config['system']['maximumfrags'] = $pconfig['maximumfrags']; $config['system']['aliasesresolveinterval'] = $pconfig['aliasesresolveinterval']; $config['system']['maximumtableentries'] = $pconfig['maximumtableentries']; @@ -483,6 +488,17 @@ include("head.inc"); + + + + + + +