mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-15 00:54:41 +00:00
firewall: auto-increase table size for IPv6 bogons
While here, kill the $GatewaysList side-effect that is no longer necessary. PR: https://forum.opnsense.org/index.php?topic=7194.0
This commit is contained in:
Franco Fichtner
parent
eaf19276ae
commit
fc0c66e87b
@ -33,10 +33,6 @@
|
||||
|
||||
require_once('filter.lib.inc');
|
||||
|
||||
/* Create a global array to avoid errors on rulesets. */
|
||||
$GatewaysList = array();
|
||||
|
||||
|
||||
function fix_rule_label($descr)
|
||||
{
|
||||
$descr = str_replace('"', '', $descr);
|
||||
@ -144,10 +140,10 @@ function filter_configure()
|
||||
|
||||
function filter_delete_states_for_down_gateways()
|
||||
{
|
||||
global $config, $GatewaysList;
|
||||
|
||||
$any_gateway_down = false;
|
||||
$GatewaysList = return_gateways_array(false, true) + return_gateway_groups_array();
|
||||
$a_gateways = return_gateways_status();
|
||||
$any_gateway_down = false;
|
||||
|
||||
if (is_array($GatewaysList)) {
|
||||
foreach ($GatewaysList as $gwname => $gateway) {
|
||||
if (empty($gateway['monitor'])) {
|
||||
@ -159,13 +155,14 @@ function filter_delete_states_for_down_gateways()
|
||||
} elseif (empty($a_gateways[$gateway['monitor']])) {
|
||||
continue;
|
||||
}
|
||||
$gwstatus =& $a_gateways[$gateway['monitor']];
|
||||
$gwstatus = &$a_gateways[$gateway['monitor']];
|
||||
if (strstr($gwstatus['status'], "down")) {
|
||||
$any_gateway_down = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($any_gateway_down == true) {
|
||||
mwexec("/sbin/pfctl -Fs");
|
||||
}
|
||||
@ -173,11 +170,9 @@ function filter_delete_states_for_down_gateways()
|
||||
|
||||
function filter_configure_sync($verbose = false)
|
||||
{
|
||||
global $config, $GatewaysList;
|
||||
$sched_kill_states = array(); // kill states for schedules
|
||||
global $config;
|
||||
|
||||
// Temporary fill $GatewaysList, the global is still used by some old functions
|
||||
$GatewaysList = return_gateways_array(false, true) + return_gateway_groups_array();
|
||||
$sched_kill_states = array(); // kill states for schedules
|
||||
|
||||
/* Use filter lock to not allow concurrent filter reloads during this run. */
|
||||
$filterlck = lock('filter', LOCK_EX);
|
||||
@ -363,10 +358,15 @@ function filter_configure_sync($verbose = false)
|
||||
flush();
|
||||
}
|
||||
|
||||
$limitrules = "";
|
||||
/* User defined maximum table entries in Advanced menu. */
|
||||
if (!empty($config['system']['maximumtableentries']) && is_numeric($config['system']['maximumtableentries'])) {
|
||||
$limitrules = '';
|
||||
|
||||
if (!empty($config['system']['maximumtableentries'])) {
|
||||
$limitrules .= "set limit table-entries {$config['system']['maximumtableentries']}\n";
|
||||
} elseif (is_bogonsv6_used()) {
|
||||
$max_table_entries = default_table_entries_size();
|
||||
if ($max_table_entries < 500000) {
|
||||
$limitrules .= "set limit table-entries 500000\n";
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($config['system']['rulesetoptimization'])) {
|
||||
@ -390,8 +390,7 @@ function filter_configure_sync($verbose = false)
|
||||
$limitrules .= "set timeout { adaptive.start 0, adaptive.end 0 }\n";
|
||||
}
|
||||
|
||||
if (!empty($config['system']['maximumstates']) && is_numeric($config['system']['maximumstates'])) {
|
||||
/* User defined maximum states in Advanced menu. */
|
||||
if (!empty($config['system']['maximumstates'])) {
|
||||
$limitrules .= "set limit states {$config['system']['maximumstates']}\n";
|
||||
$limitrules .= "set limit src-nodes {$config['system']['maximumstates']}\n";
|
||||
} else {
|
||||
@ -799,17 +798,24 @@ function filter_tdr_month($schedule)
|
||||
|
||||
function filter_setup_logging_interfaces(&$FilterIflist)
|
||||
{
|
||||
global $config;
|
||||
|
||||
$rules = '';
|
||||
|
||||
if (isset($FilterIflist['lan'])) {
|
||||
$rules .= "set loginterface {$FilterIflist['lan']['if']}\n";
|
||||
} elseif (isset($FilterIflist['wan'])) {
|
||||
$rules .= "set loginterface {$FilterIflist['wan']['if']}\n";
|
||||
}
|
||||
|
||||
return $rules;
|
||||
}
|
||||
|
||||
function default_table_entries_size()
|
||||
{
|
||||
$current = `pfctl -sm | grep table-entries | awk '{print $4};'`;
|
||||
|
||||
return $current;
|
||||
}
|
||||
|
||||
function default_state_size()
|
||||
{
|
||||
/* get system memory amount */
|
||||
|
||||
@ -33,12 +33,6 @@ require_once("guiconfig.inc");
|
||||
require_once("filter.inc");
|
||||
require_once("system.inc");
|
||||
|
||||
function default_table_entries_size()
|
||||
{
|
||||
$current = `pfctl -sm | grep table-entries | awk '{print $4};'`;
|
||||
return $current;
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$pconfig = array();
|
||||
$pconfig['ipv6allow'] = isset($config['system']['ipv6allow']);
|
||||
@ -600,7 +594,7 @@ include("head.inc");
|
||||
<td>
|
||||
<input name="maximumtableentries" type="text" id="maximumtableentries" value="<?= html_safe($pconfig['maximumtableentries']) ?>"/>
|
||||
<div class="hidden" data-for="help_for_maximumtableentries">
|
||||
<?=gettext("Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined.");?><br/>
|
||||
<?= gettext('Maximum number of table entries for systems such as aliases, sshlockout, bogons, etc, combined.') ?><br/>
|
||||
<?=gettext("Note: Leave this blank for the default.");?>
|
||||
<?php
|
||||
if (empty($pconfig['maximumtableentries'])) :?>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user