lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 00:24:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: migrate ip options that require the firewall

Browse Source
This commit is contained in:
Franco Fichtner 2016-04-07 22:34:26 +02:00
parent daa479b419
commit aeb8d52ed7
2 changed files with 73 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
src/www/system_advanced_firewall.php
View File

@ -40,9 +40,11 @@ function default_table_entries_size()
return $current;
}
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
$pconfig['ipv6allow'] = isset($config['system']['ipv6allow']);
$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
$pconfig['ipv6nat_ipaddr'] = isset($config['diag']['ipv6nat']['ipaddr']) ? $config['diag']['ipv6nat']['ipaddr']:"" ;
$pconfig['disablefilter'] = !empty($config['system']['disablefilter']);
$pconfig['scrubnodf'] = !empty($config['system']['scrubnodf']);
$pconfig['scrubrnid'] = !empty($config['system']['scrubrnid']);
@ -75,6 +77,24 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors = array();
/* input validation */
if (!empty($pconfig['ipv6nat_enable']) && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
$input_errors[] = gettext("You must specify an IP address to NAT IPv6 packets.");
}
if (!empty($pconfig['ipv6nat_enable'])) {
$config['diag']['ipv6nat'] = array();
$config['diag']['ipv6nat']['enable'] = true;
$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
} elseif (isset($config['diag']['ipv6nat'])) {
unset($config['diag']['ipv6nat']);
}
if (!empty($pconfig['ipv6allow'])) {
$config['system']['ipv6allow'] = true;
} elseif (isset($config['system']['ipv6allow'])) {
unset($config['system']['ipv6allow']);
}
if ((empty($pconfig['adaptivestart']) && !empty($pconfig['adaptiveend'])) || (!empty($pconfig['adaptivestart']) && empty($pconfig['adaptiveend']))) {
$input_errors[] = gettext("The Firewall Adaptive values must be set together.");
}
@ -230,6 +250,23 @@ include("head.inc");
<body>
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[
function enable_change(enable_over) {
if (document.iform.ipv6nat_enable.checked || enable_over) {
document.iform.ipv6nat_ipaddr.disabled = 0;
} else {
document.iform.ipv6nat_ipaddr.disabled = 1;
}
}
$( document ).ready(function() {
enable_change(false);
});
//]]>
</script>
<!-- row -->
<section class="page-content-main">
<div class="container-fluid">
@ -246,6 +283,39 @@ include("head.inc");
<div class="content-box tab-content table-responsive">
<form action="system_advanced_firewall.php" method="post" name="iform" id="iform">
<table class="table table-striped ">
<tr>
<td width="22%"><strong><?=gettext("IPv6 Options");?></strong></td>
<td width="78%" align="right">
<small><?=gettext("full help"); ?> </small>
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i>
</td>
</tr>
<tr>
<td><a id="help_for_ipv6allow" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Allow IPv6"); ?></td>
<td>
<input name="ipv6allow" type="checkbox" value="yes" <?= !empty($pconfig['ipv6allow']) ? "checked=\"checked\"" :"";?> onclick="enable_change(false)" />
<strong><?=gettext("Allow IPv6"); ?></strong>
<div class="hidden" for="help_for_ipv6allow">
<?=gettext("All IPv6 traffic will be blocked by the firewall unless this box is checked."); ?><br />
<?=gettext("NOTE: This does not disable any IPv6 features on the firewall, it only blocks traffic."); ?><br />
</div>
</td>
</tr>
<tr>
<td><a id="help_for_ipv6nat_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IPv6 over IPv4 Tunneling"); ?></td>
<td>
<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?=!empty($pconfig['ipv6nat_enable']) ? "checked=\"checked\"" : "";?> onclick="enable_change(false)" />
<strong><?=gettext("Enable IPv4 NAT encapsulation of IPv6 packets"); ?></strong><br />
<div class="hidden" for="help_for_ipv6nat_enable">
<?=gettext("This provides an RFC 2893 compatibility mechanism ".
"that can be used to tunneling IPv6 packets over IPv4 ".
"routing infrastructures. If enabled, don't forget to ".
"add a firewall rule to permit IPv6 packets."); ?>
</div>
<?=gettext("IP address"); ?>&nbsp;:&nbsp;
<input name="ipv6nat_ipaddr" type="text" class="formfld unknown" id="ipv6nat_ipaddr" size="20" value="<?=$pconfig['ipv6nat_ipaddr'];?>" />
</td>
</tr>
<tr>
<td width="22%"><strong><?=gettext("Firewall Advanced");?></strong></td>
<td width="78%" align="right">

85
src/www/system_advanced_network.php
View File

@ -35,12 +35,8 @@ require_once("filter.inc");
require_once("system.inc");
require_once("pfsense-utils.inc");
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
$pconfig['ipv6allow'] = isset($config['system']['ipv6allow']);
$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
$pconfig['ipv6nat_ipaddr'] = isset($config['diag']['ipv6nat']['ipaddr']) ? $config['diag']['ipv6nat']['ipaddr']:"" ;
$pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']);
$pconfig['disablesegmentationoffloading'] = isset($config['system']['disablesegmentationoffloading']);
$pconfig['disablelargereceiveoffloading'] = isset($config['system']['disablelargereceiveoffloading']);
@ -52,25 +48,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['sharednet'] = isset($config['system']['sharednet']);
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
$input_errors = array();
if (!empty($pconfig['ipv6nat_enable']) && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
$input_errors[] = gettext("You must specify an IP address to NAT IPv6 packets.");
}
if (!empty($pconfig['ipv6nat_enable'])) {
$config['diag']['ipv6nat'] = array();
$config['diag']['ipv6nat']['enable'] = true;
$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
} elseif (isset($config['diag']['ipv6nat'])) {
unset($config['diag']['ipv6nat']);
}
if (!empty($pconfig['ipv6allow'])) {
$config['system']['ipv6allow'] = true;
} elseif (isset($config['system']['ipv6allow'])) {
unset($config['system']['ipv6allow']);
}
if (!empty($pconfig['sharednet'])) {
$config['system']['sharednet'] = true;
@ -102,13 +79,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['disablevlanhwfilter']);
}
if (count($input_errors) == 0) {
write_config();
system_arp_wrong_if();
filter_configure();
header("Location: system_advanced_network.php");
exit;
}
write_config();
system_arp_wrong_if();
}
legacy_html_escape_form_data($pconfig);
@ -120,31 +92,11 @@ include("head.inc");
<body>
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[
function enable_change(enable_over) {
if (document.iform.ipv6nat_enable.checked || enable_over) {
document.iform.ipv6nat_ipaddr.disabled = 0;
} else {
document.iform.ipv6nat_ipaddr.disabled = 1;
}
}
$( document ).ready(function() {
enable_change(false);
});
//]]>
</script>
<!-- row -->
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php
if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors);
}
if (isset($savemsg)) {
print_info_box($savemsg);
}
@ -153,39 +105,6 @@ include("head.inc");
<div class="content-box tab-content table-responsive">
<form action="system_advanced_network.php" method="post" name="iform" id="iform">
<table class="table table-striped">
<tr>
<td width="22%"><strong><?=gettext("IPv6 Options");?></strong></td>
<td width="78%" align="right">
<small><?=gettext("full help"); ?> </small>
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i>
</td>
</tr>
<tr>
<td><a id="help_for_ipv6allow" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Allow IPv6"); ?></td>
<td>
<input name="ipv6allow" type="checkbox" value="yes" <?= !empty($pconfig['ipv6allow']) ? "checked=\"checked\"" :"";?> onclick="enable_change(false)" />
<strong><?=gettext("Allow IPv6"); ?></strong>
<div class="hidden" for="help_for_ipv6allow">
<?=gettext("All IPv6 traffic will be blocked by the firewall unless this box is checked."); ?><br />
<?=gettext("NOTE: This does not disable any IPv6 features on the firewall, it only blocks traffic."); ?><br />
</div>
</td>
</tr>
<tr>
<td><a id="help_for_ipv6nat_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IPv6 over IPv4 Tunneling"); ?></td>
<td>
<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?=!empty($pconfig['ipv6nat_enable']) ? "checked=\"checked\"" : "";?> onclick="enable_change(false)" />
<strong><?=gettext("Enable IPv4 NAT encapsulation of IPv6 packets"); ?></strong><br />
<div class="hidden" for="help_for_ipv6nat_enable">
<?=gettext("This provides an RFC 2893 compatibility mechanism ".
"that can be used to tunneling IPv6 packets over IPv4 ".
"routing infrastructures. If enabled, don't forget to ".
"add a firewall rule to permit IPv6 packets."); ?>
</div>
<?=gettext("IP address"); ?>&nbsp;:&nbsp;
<input name="ipv6nat_ipaddr" type="text" class="formfld unknown" id="ipv6nat_ipaddr" size="20" value="<?=$pconfig['ipv6nat_ipaddr'];?>" />
</td>
</tr>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Network Interfaces"); ?></th>
</tr>