Skip to content

O
OpnSense
Commit 6c49287a authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

system settings: weave in awesome feedback 

Submitted by: Curt Dox
parent c12bd9a3
Hide whitespace changes
Inline Side-by-side
Showing with 80 additions and 44 deletions
src/etc/config.xml.sample
View file @ 6c49287a
......@@ -35,6 +35,48 @@
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr><![CDATA[
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
]]></descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr><![CDATA[
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
]]></descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr><![CDATA[
Redirect attacks are the purposeful mass issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. To defend against this type of attack both the sending and
accepting of redirect should be disabled.
]]></descr>
<tunable>net.inet.icmp.redirect</tunable>
<value>default</value>
</item>
<item>
<descr><![CDATA[
This option enables the NIC to drop all inbound ICMP redirect packets without returning a response.
]]></descr>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>default</value>
</item>
<item>
<descr><![CDATA[
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
]]></descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
......
src/www/system_advanced_admin.php
View file @ 6c49287a
......@@ -373,13 +373,20 @@ endif; ?>
}
?>
</select>
<br />
<span class="vexpl">
<?=sprintf(
gettext('The %sSSL certificate manager%s can be used to ' .
'create or import certificates if required.'),
'<a href="/system_certmanager.php">', '</a>'
);?>
</span>
</td>
</tr>
<tr>
<td valign="top" class="vncell"><?=gettext("TCP port"); ?></td>
<td class="vtable">
<input name="webguiport" type="text" class="formfld unknown" id="webguiport" size="5" value="<?=htmlspecialchars($config['system']['webgui']['port']);?>" />
<br />
<span class="vexpl">
<?=gettext("Enter a custom port number for the webConfigurator " .
"above if you want to override the default (80 for HTTP, 443 " .
......@@ -391,7 +398,6 @@ endif; ?>
<td valign="top" class="vncell"><?=gettext("Max Processes"); ?></td>
<td class="vtable">
<input name="max_procs" type="text" class="formfld unknown" id="max_procs" size="5" value="<?=htmlspecialchars($pconfig['max_procs']);?>" />
<br />
<span class="vexpl">
<?=gettext("Enter the number of webConfigurator processes you " .
"want to run. This defaults to 2. Increasing this will allow more " .
......@@ -482,7 +488,6 @@ endif; ?>
<td width="22%" valign="top" class="vncell"><?=gettext("Alternate Hostnames"); ?></td>
<td width="78%" class="vtable">
<input name="althostnames" type="text" class="formfld unknown" id="althostnames" size="75" value="<?=htmlspecialchars($pconfig['althostnames']);?>"/>
<br />
<strong><?=gettext("Alternate Hostnames for DNS Rebinding and HTTP_REFERER Checks"); ?></strong>
<br />
<?php echo gettext("Here you can specify alternate hostnames by which the router may be queried, to " .
......
src/www/system_advanced_firewall.php
View file @ 6c49287a
......@@ -354,11 +354,12 @@ include("head.inc");
} ?> />
<strong><?=gettext("Disable all packet filtering.");?></strong>
<br />
<span class="vexpl"><?php printf(gettext("Note: This converts %s into a routing only platform!"), $g['product_name']);?><br />
<?=gettext("Note: This will also turn off NAT!");?>
<br /><?=gettext("If you only want to disable NAT, and not firewall rules, visit the");
?> <a href="firewall_nat_out.php"><?=gettext("Outbound NAT");
?></a> <?=gettext("page");?>.
<span class="vexpl"><?php printf(gettext("Warning: This converts %s into a routing only platform!"), $g['product_name']);?><br />
<?=gettext("Warning: This will also turn off NAT!");?><br />
<?=sprintf(
gettext('If you only want to disable NAT, and not firewall rules, visit the %sOutbound NAT%s page.'),
'<a href="/firewall_nat_out.php">', '</a>'
)?>
</span>
</td>
</tr>
......
src/www/system_advanced_misc.php
View file @ 6c49287a
......@@ -312,8 +312,16 @@ include("head.inc");
<th colspan="2" valign="top" class="listtopic"><?=gettext("Load Balancing"); ?></th>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Load Balancing"); ?></td>
<td width="22%" valign="top" class="vncell"></td>
<td width="78%" class="vtable">
<input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?php if ($pconfig['gw_switch_default']) {
echo "checked=\"checked\"";
} ?> />
<strong><?=gettext("Allow default gateway switching"); ?></strong><br />
<?=gettext("If the link where the default gateway resides fails " .
"switch the default gateway to another available one."); ?>
<br />
<br />
<input name="lb_use_sticky" type="checkbox" id="lb_use_sticky" value="yes" <?php if ($pconfig['lb_use_sticky']) {
echo "checked=\"checked\"";
} ?> onclick="sticky_checked(this)" />
......@@ -326,6 +334,7 @@ include("head.inc");
"the sticky connection. Further connections from that host " .
"will be redirected to the next web server in the round " .
"robin. Changing this option will restart the Load Balancing service."); ?>
<br />
<br />
<input name="srctrack" id="srctrack" type="text" value="<?php if ($pconfig['srctrack'] <> "") {
echo $pconfig['srctrack'];
......@@ -335,28 +344,16 @@ include("head.inc");
} ?>" class="formfld unknown" <?php if ($pconfig['lb_use_sticky'] == false) {
echo "disabled=\"disabled\"";
} ?> />
<br />
<?=gettext("Set the source tracking timeout for sticky connections. " .
"By default this is 0, so source tracking is removed as soon as the state expires. " .
"Setting this timeout higher will cause the source/destination relationship to persist for longer periods of time."); ?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Load Balancing"); ?></td>
<td width="78%" class="vtable">
<input name="gw_switch_default" type="checkbox" id="gw_switch_default" value="yes" <?php if ($pconfig['gw_switch_default']) {
echo "checked=\"checked\"";
} ?> />
<strong><?=gettext("Allow default gateway switching"); ?></strong><br />
<?=gettext("If the link where the default gateway resides fails " .
"switch the default gateway to another available one."); ?>
</td>
</tr>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Power savings"); ?></th>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("PowerD"); ?></td>
<td width="22%" valign="top" class="vncell"></td>
<td width="78%" class="vtable">
<input name="powerd_enable" type="checkbox" id="powerd_enable" value="yes" <?php if ($pconfig['powerd_enable']) {
echo "checked=\"checked\"";
......@@ -422,7 +419,7 @@ include("head.inc");
<th colspan="2" valign="top" class="listtopic"><?=gettext("Cryptographic Hardware Acceleration"); ?></th>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Cryptographic Hardware"); ?></td>
<td width="22%" valign="top" class="vncell"></td>
<td width="78%" class="vtable">
<select name="crypto_hardware" id="crypto_hardware" class="selectpicker" data-style="btn-default">
<option value=""><?php echo gettext("None"); ?></option>
......@@ -451,7 +448,7 @@ endforeach; ?>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Thermal Sensors"); ?></th>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Thermal Sensors"); ?></td>
<td width="22%" valign="top" class="vncell"></td>
<td width="78%" class="vtable">
<select name="thermal_hardware" id="thermal_hardware" class="selectpicker" data-style="btn-default">
<option value=""><?php echo gettext("None/ACPI"); ?></option>
......@@ -472,24 +469,16 @@ endforeach; ?>
"effect. To unload the selected module, set this option to 'none' and then reboot."); ?>
</td>
</tr>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("IP Security"); ?></th>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">&nbsp;</td>
<td width="78%" class="vtable">
<?=gettext("These settings have moved to <a href=\"vpn_ipsec_settings.php\">VPN &gt; IPsec on the Advanced Settings tab</a>."); ?>
</td>
</tr>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Schedules"); ?></th>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Schedule States"); ?></td>
<td width="22%" valign="top" class="vncell"></td>
<td width="78%" class="vtable">
<input name="schedule_states" type="checkbox" id="schedule_states" value="yes" <?php if ($pconfig['schedule_states']) {
echo "checked=\"checked\"";
} ?> />
<strong><?=gettext("Schedule States"); ?></strong>
<br />
<?=gettext("By default schedules clear the states of existing connections when the expiration time has come. ".
"This option overrides that behavior by not clearing states for existing connections."); ?>
......@@ -499,21 +488,20 @@ endforeach; ?>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Gateway Monitoring"); ?></th>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("State Killing on Gateway Failure"); ?></td>
<td width="22%" valign="top" class="vncell"></td>
<td width="78%" class="vtable">
<input name="kill_states" type="checkbox" id="kill_states" value="yes" <?php if ($pconfig['kill_states']) {
echo "checked=\"checked\"";
} ?> />
</strong><?=gettext("State Killing on Gateway Failure"); ?></strong>
<br />
<?=gettext("The monitoring process will flush states for a gateway that goes down if this box is not checked. Check this box to disable this behavior."); ?>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Skip rules when gateway is down"); ?></td>
<td width="78%" class="vtable">
<br />
<br />
<input name="skip_rules_gw_down" type="checkbox" id="skip_rules_gw_down" value="yes" <?php if ($pconfig['skip_rules_gw_down']) {
echo "checked=\"checked\"";
} ?> />
<strong><?=gettext("Skip rules when gateway is down"); ?></strong>
<br />
<?=gettext("By default, when a rule has a specific gateway set, and this gateway is down, ".
"rule is created and traffic is sent to default gateway.This option overrides that behavior ".
......@@ -537,7 +525,6 @@ endforeach; ?>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Periodic RRD Backup");?></td>
<td width="78%" class="vtable">
<?=gettext("Frequency:");?>
<select name="rrdbackup" class="selectpicker" data-style="btn-default" id="rrdbackup" <?php if ($pconfig['use_mfs_tmpvar'] == false) {
echo "disabled=\"disabled\"";
} ?> >
......@@ -565,7 +552,6 @@ endforeach; ?>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Periodic DHCP Leases Backup");?></td>
<td width="78%" class="vtable">
<?=gettext("Frequency:");?>
<select name="dhcpbackup" class="selectpicker" data-style="btn-default" id="dhcpbackup" <?php if ($pconfig['use_mfs_tmpvar'] == false) {
echo "disabled=\"disabled\"";
} ?> >
......
src/www/system_advanced_notifications.php
View file @ 6c49287a
......@@ -279,10 +279,12 @@ include("head.inc");
<td width="78%" class="vtable">
<input type='checkbox' id='smtpssl' name='smtpssl' <?php if (isset($pconfig['smtpssl'])) {
echo "checked=\"checked\"";
} ?> />Enable SMTP over SSL/TLS<br />
} ?> />
<strong><?=gettext('Enable SMTP over SSL/TLS');?></strong><br />
<input type='checkbox' id='smtptls' name='smtptls' <?php if (isset($pconfig['smtptls'])) {
echo "checked=\"checked\"";
} ?> />Enable STARTTLS<br />
} ?> />
<strong><?=gettext('Enable STARTTLS');?></strong><br />
</td>
</tr>
<tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023