Skip to content

O
OpnSense
Commit c4f1e3ca authored by Franco Fichtner's avatar Franco Fichtner
Browse files
Options

firewall: migrate ip options that require the firewall 

(cherry picked from commit aeb8d52e)
parent e5edfd54
Show whitespace changes
Inline Side-by-side
Showing with 74 additions and 85 deletions
src/www/system_advanced_firewall.php
View file @ c4f1e3ca
...@@ -40,9 +40,11 @@ function default_table_entries_size() ...@@ -40,9 +40,11 @@ function default_table_entries_size()
return $current; return $current;
} }
if ($_SERVER['REQUEST_METHOD'] === 'GET') { if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array(); $pconfig = array();
$pconfig['ipv6allow'] = isset($config['system']['ipv6allow']);
$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
$pconfig['ipv6nat_ipaddr'] = isset($config['diag']['ipv6nat']['ipaddr']) ? $config['diag']['ipv6nat']['ipaddr']:"" ;
$pconfig['disablefilter'] = !empty($config['system']['disablefilter']); $pconfig['disablefilter'] = !empty($config['system']['disablefilter']);
$pconfig['scrubnodf'] = !empty($config['system']['scrubnodf']); $pconfig['scrubnodf'] = !empty($config['system']['scrubnodf']);
$pconfig['scrubrnid'] = !empty($config['system']['scrubrnid']); $pconfig['scrubrnid'] = !empty($config['system']['scrubrnid']);
...@@ -75,6 +77,24 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -75,6 +77,24 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors = array(); $input_errors = array();
/* input validation */ /* input validation */
if (!empty($pconfig['ipv6nat_enable']) && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
$input_errors[] = gettext("You must specify an IP address to NAT IPv6 packets.");
}
if (!empty($pconfig['ipv6nat_enable'])) {
$config['diag']['ipv6nat'] = array();
$config['diag']['ipv6nat']['enable'] = true;
$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
} elseif (isset($config['diag']['ipv6nat'])) {
unset($config['diag']['ipv6nat']);
}
if (!empty($pconfig['ipv6allow'])) {
$config['system']['ipv6allow'] = true;
} elseif (isset($config['system']['ipv6allow'])) {
unset($config['system']['ipv6allow']);
}
if ((empty($pconfig['adaptivestart']) && !empty($pconfig['adaptiveend'])) || (!empty($pconfig['adaptivestart']) && empty($pconfig['adaptiveend']))) { if ((empty($pconfig['adaptivestart']) && !empty($pconfig['adaptiveend'])) || (!empty($pconfig['adaptivestart']) && empty($pconfig['adaptiveend']))) {
$input_errors[] = gettext("The Firewall Adaptive values must be set together."); $input_errors[] = gettext("The Firewall Adaptive values must be set together.");
} }
...@@ -230,6 +250,23 @@ include("head.inc"); ...@@ -230,6 +250,23 @@ include("head.inc");
<body> <body>
<?php include("fbegin.inc"); ?> <?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[
function enable_change(enable_over) {
if (document.iform.ipv6nat_enable.checked || enable_over) {
document.iform.ipv6nat_ipaddr.disabled = 0;
} else {
document.iform.ipv6nat_ipaddr.disabled = 1;
}
}
$( document ).ready(function() {
enable_change(false);
});
//]]>
</script>
<!-- row --> <!-- row -->
<section class="page-content-main"> <section class="page-content-main">
<div class="container-fluid"> <div class="container-fluid">
...@@ -246,6 +283,39 @@ include("head.inc"); ...@@ -246,6 +283,39 @@ include("head.inc");
<div class="content-box tab-content table-responsive"> <div class="content-box tab-content table-responsive">
<form action="system_advanced_firewall.php" method="post" name="iform" id="iform"> <form action="system_advanced_firewall.php" method="post" name="iform" id="iform">
<table class="table table-striped "> <table class="table table-striped ">
<tr>
<td width="22%"><strong><?=gettext("IPv6 Options");?></strong></td>
<td width="78%" align="right">
<small><?=gettext("full help"); ?> </small>
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i>
</td>
</tr>
<tr>
<td><a id="help_for_ipv6allow" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Allow IPv6"); ?></td>
<td>
<input name="ipv6allow" type="checkbox" value="yes" <?= !empty($pconfig['ipv6allow']) ? "checked=\"checked\"" :"";?> onclick="enable_change(false)" />
<strong><?=gettext("Allow IPv6"); ?></strong>
<div class="hidden" for="help_for_ipv6allow">
<?=gettext("All IPv6 traffic will be blocked by the firewall unless this box is checked."); ?><br />
<?=gettext("NOTE: This does not disable any IPv6 features on the firewall, it only blocks traffic."); ?><br />
</div>
</td>
</tr>
<tr>
<td><a id="help_for_ipv6nat_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IPv6 over IPv4 Tunneling"); ?></td>
<td>
<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?=!empty($pconfig['ipv6nat_enable']) ? "checked=\"checked\"" : "";?> onclick="enable_change(false)" />
<strong><?=gettext("Enable IPv4 NAT encapsulation of IPv6 packets"); ?></strong><br />
<div class="hidden" for="help_for_ipv6nat_enable">
<?=gettext("This provides an RFC 2893 compatibility mechanism ".
"that can be used to tunneling IPv6 packets over IPv4 ".
"routing infrastructures. If enabled, don't forget to ".
"add a firewall rule to permit IPv6 packets."); ?>
</div>
<?=gettext("IP address"); ?>&nbsp;:&nbsp;
<input name="ipv6nat_ipaddr" type="text" class="formfld unknown" id="ipv6nat_ipaddr" size="20" value="<?=$pconfig['ipv6nat_ipaddr'];?>" />
</td>
</tr>
<tr> <tr>
<td width="22%"><strong><?=gettext("Firewall Advanced");?></strong></td> <td width="22%"><strong><?=gettext("Firewall Advanced");?></strong></td>
<td width="78%" align="right"> <td width="78%" align="right">
......
src/www/system_advanced_network.php
View file @ c4f1e3ca
...@@ -35,12 +35,8 @@ require_once("filter.inc"); ...@@ -35,12 +35,8 @@ require_once("filter.inc");
require_once("system.inc"); require_once("system.inc");
require_once("pfsense-utils.inc"); require_once("pfsense-utils.inc");
if ($_SERVER['REQUEST_METHOD'] === 'GET') { if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array(); $pconfig = array();
$pconfig['ipv6allow'] = isset($config['system']['ipv6allow']);
$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']);
$pconfig['ipv6nat_ipaddr'] = isset($config['diag']['ipv6nat']['ipaddr']) ? $config['diag']['ipv6nat']['ipaddr']:"" ;
$pconfig['polling'] = isset($config['system']['polling']); $pconfig['polling'] = isset($config['system']['polling']);
$pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']); $pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']);
$pconfig['disablesegmentationoffloading'] = isset($config['system']['disablesegmentationoffloading']); $pconfig['disablesegmentationoffloading'] = isset($config['system']['disablesegmentationoffloading']);
...@@ -53,25 +49,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -53,25 +49,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['sharednet'] = isset($config['system']['sharednet']); $pconfig['sharednet'] = isset($config['system']['sharednet']);
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST; $pconfig = $_POST;
$input_errors = array();
if (!empty($pconfig['ipv6nat_enable']) && !is_ipaddr($_POST['ipv6nat_ipaddr'])) {
$input_errors[] = gettext("You must specify an IP address to NAT IPv6 packets.");
}
if (!empty($pconfig['ipv6nat_enable'])) {
$config['diag']['ipv6nat'] = array();
$config['diag']['ipv6nat']['enable'] = true;
$config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr'];
} elseif (isset($config['diag']['ipv6nat'])) {
unset($config['diag']['ipv6nat']);
}
if (!empty($pconfig['ipv6allow'])) {
$config['system']['ipv6allow'] = true;
} elseif (isset($config['system']['ipv6allow'])) {
unset($config['system']['ipv6allow']);
}
if (!empty($pconfig['sharednet'])) { if (!empty($pconfig['sharednet'])) {
$config['system']['sharednet'] = true; $config['system']['sharednet'] = true;
...@@ -109,14 +86,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { ...@@ -109,14 +86,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['disablevlanhwfilter']); unset($config['system']['disablevlanhwfilter']);
} }
if (count($input_errors) == 0) {
write_config(); write_config();
setup_polling(); setup_polling();
system_arp_wrong_if(); system_arp_wrong_if();
filter_configure();
header("Location: system_advanced_network.php");
exit;
}
} }
legacy_html_escape_form_data($pconfig); legacy_html_escape_form_data($pconfig);
...@@ -128,31 +100,11 @@ include("head.inc"); ...@@ -128,31 +100,11 @@ include("head.inc");
<body> <body>
<?php include("fbegin.inc"); ?> <?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[
function enable_change(enable_over) {
if (document.iform.ipv6nat_enable.checked || enable_over) {
document.iform.ipv6nat_ipaddr.disabled = 0;
} else {
document.iform.ipv6nat_ipaddr.disabled = 1;
}
}
$( document ).ready(function() {
enable_change(false);
});
//]]>
</script>
<!-- row --> <!-- row -->
<section class="page-content-main"> <section class="page-content-main">
<div class="container-fluid"> <div class="container-fluid">
<div class="row"> <div class="row">
<?php <?php
if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors);
}
if (isset($savemsg)) { if (isset($savemsg)) {
print_info_box($savemsg); print_info_box($savemsg);
} }
...@@ -161,39 +113,6 @@ include("head.inc"); ...@@ -161,39 +113,6 @@ include("head.inc");
<div class="content-box tab-content table-responsive"> <div class="content-box tab-content table-responsive">
<form action="system_advanced_network.php" method="post" name="iform" id="iform"> <form action="system_advanced_network.php" method="post" name="iform" id="iform">
<table class="table table-striped"> <table class="table table-striped">
<tr>
<td width="22%"><strong><?=gettext("IPv6 Options");?></strong></td>
<td width="78%" align="right">
<small><?=gettext("full help"); ?> </small>
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i>
</td>
</tr>
<tr>
<td><a id="help_for_ipv6allow" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Allow IPv6"); ?></td>
<td>
<input name="ipv6allow" type="checkbox" value="yes" <?= !empty($pconfig['ipv6allow']) ? "checked=\"checked\"" :"";?> onclick="enable_change(false)" />
<strong><?=gettext("Allow IPv6"); ?></strong>
<div class="hidden" for="help_for_ipv6allow">
<?=gettext("All IPv6 traffic will be blocked by the firewall unless this box is checked."); ?><br />
<?=gettext("NOTE: This does not disable any IPv6 features on the firewall, it only blocks traffic."); ?><br />
</div>
</td>
</tr>
<tr>
<td><a id="help_for_ipv6nat_enable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IPv6 over IPv4 Tunneling"); ?></td>
<td>
<input name="ipv6nat_enable" type="checkbox" id="ipv6nat_enable" value="yes" <?=!empty($pconfig['ipv6nat_enable']) ? "checked=\"checked\"" : "";?> onclick="enable_change(false)" />
<strong><?=gettext("Enable IPv4 NAT encapsulation of IPv6 packets"); ?></strong><br />
<div class="hidden" for="help_for_ipv6nat_enable">
<?=gettext("This provides an RFC 2893 compatibility mechanism ".
"that can be used to tunneling IPv6 packets over IPv4 ".
"routing infrastructures. If enabled, don't forget to ".
"add a firewall rule to permit IPv6 packets."); ?>
</div>
<?=gettext("IP address"); ?>&nbsp;:&nbsp;
<input name="ipv6nat_ipaddr" type="text" class="formfld unknown" id="ipv6nat_ipaddr" size="20" value="<?=$pconfig['ipv6nat_ipaddr'];?>" />
</td>
</tr>
<tr> <tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Network Interfaces"); ?></th> <th colspan="2" valign="top" class="listtopic"><?=gettext("Network Interfaces"); ?></th>
</tr> </tr>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023