Commit aaa48131 authored by Ad Schellevis's avatar Ad Schellevis

(firewall) add maximum fragements, closes https://github.com/opnsense/core/issues/1246

parent 9ad060f6
......@@ -471,6 +471,9 @@ function filter_configure_sync($verbose = false)
$limitrules .= "set limit states {$max_states}\n";
$limitrules .= "set limit src-nodes {$max_states}\n";
}
if (!empty($config['system']['maximumfrags'])) {
$limitrules .= "set limit frags {$config['system']['maximumfrags']}\n";
}
if (isset($config['system']['lb_use_sticky']) && is_numeric($config['system']['srctrack']) && ($config['system']['srctrack'] > 0)) {
$limitrules .= "set timeout src.track {$config['system']['srctrack']}\n";
......
......@@ -45,6 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['disablefilter'] = !empty($config['system']['disablefilter']);
$pconfig['optimization'] = isset($config['system']['optimization']) ? $config['system']['optimization'] : "normal";
$pconfig['maximumstates'] = isset($config['system']['maximumstates']) ? $config['system']['maximumstates'] : null;
$pconfig['maximumfrags'] = isset($config['system']['maximumfrags']) ? $config['system']['maximumfrags'] : null;
$pconfig['adaptivestart'] = isset($config['system']['adaptivestart']) ? $config['system']['adaptivestart'] : null;
$pconfig['adaptiveend'] = isset($config['system']['adaptiveend']) ? $config['system']['adaptiveend'] : null;
$pconfig['aliasesresolveinterval'] = isset($config['system']['aliasesresolveinterval']) ? $config['system']['aliasesresolveinterval'] : null;
......@@ -83,6 +84,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!empty($pconfig['maximumstates']) && !is_numericint($pconfig['maximumstates'])) {
$input_errors[] = gettext("The Firewall Maximum States value must be an integer.");
}
if (!empty($pconfig['maximumfrags']) && !is_numericint($pconfig['maximumfrags'])) {
$input_errors[] = gettext("The Firewall Maximum Frags value must be an integer.");
}
if (!empty($pconfig['aliasesresolveinterval']) && !is_numericint($pconfig['aliasesresolveinterval'])) {
$input_errors[] = gettext("The Aliases Hostname Resolve Interval value must be an integer.");
}
......@@ -160,6 +164,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$config['system']['optimization'] = $pconfig['optimization'];
$config['system']['maximumstates'] = $pconfig['maximumstates'];
$config['system']['maximumfrags'] = $pconfig['maximumfrags'];
$config['system']['aliasesresolveinterval'] = $pconfig['aliasesresolveinterval'];
$config['system']['maximumtableentries'] = $pconfig['maximumtableentries'];
......@@ -483,6 +488,17 @@ include("head.inc");
</div>
</td>
</tr>
<tr>
<td><a id="help_for_maximumfrags" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Firewall Maximum Fragments");?></td>
<td>
<input name="maximumfrags" type="text" id="maximumfrags" value="<?=$pconfig['maximumfrags'];?>" />
<div class="hidden" for="help_for_maximumfrags">
<strong><?=gettext("Sets the maximum number of entries in the memory pool used for fragment reassembly.");?></strong>
<br />
<?=gettext("Note: Leave this blank for the default.");?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_maximumtableentries" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Firewall Maximum Table Entries");?></td>
<td>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment