Skip to content

Commit

Permalink
firewall: move anti-lockout rule to advanced settings #1347
Browse files Browse the repository at this point in the history 
(cherry picked from commit 6ab6267)
(cherry picked from commit 086b91c)
  • Loading branch information
@fichtner
fichtner committed Dec 18, 2017
1 parent 3922cac commit 2478089
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 30 deletions.
35 changes: 5 additions & 30 deletions src/www/system_advanced_admin.php
View file
Expand Up @@ -50,7 +50,6 @@
$pconfig['usevirtualterminal'] = isset($config['system']['usevirtualterminal']);
$pconfig['disableintegratedauth'] = !empty($config['system']['disableintegratedauth']);
$pconfig['sudo_allow_wheel'] = $config['system']['sudo_allow_wheel'];
$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);
$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);
$pconfig['loginautocomplete'] = isset($config['system']['webgui']['loginautocomplete']);
Expand Down Expand Up @@ -150,12 +149,6 @@
unset($config['system']['sudo_allow_wheel']);
}

if ($pconfig['noantilockout'] == "yes") {
$config['system']['webgui']['noantilockout'] = true;
} elseif (isset($config['system']['webgui']['noantilockout'])) {
unset($config['system']['webgui']['noantilockout']);
}

if (is_numeric($pconfig['serialspeed'])) {
$config['system']['serialspeed'] = $pconfig['serialspeed'];
} elseif (isset($config['system']['serialspeed'])) {
Expand Down Expand Up @@ -420,7 +413,7 @@
</td>
</tr>
<tr>
<td><a id="help_for_loginautocomplete" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("WebGUI Login Autocomplete"); ?></td>
<td><a id="help_for_loginautocomplete" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Login Autocomplete"); ?></td>
<td>
<input name="loginautocomplete" type="checkbox" value="yes" <?= empty($pconfig['loginautocomplete']) ? '' : 'checked="checked"' ?> />
<strong><?= gettext('Enable web GUI login autocomplete') ?></strong>
Expand All @@ -432,30 +425,12 @@
</td>
</tr>
<tr>
<td><a id="help_for_quietlogin" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("WebGUI login messages") ?></td>
<td><a id="help_for_quietlogin" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Login Messages") ?></td>
<td>
<input name="quietlogin" type="checkbox" value="yes" <?= empty($pconfig['quietlogin']) ? '' : 'checked="checked"' ?>/>
<strong><?= gettext('Disable logging of web GUI successful logins') ?></strong>
<div class="hidden" for="help_for_quietlogin">
<?=gettext("When this is checked, successful logins to the web GUI " .
"will not be logged.");?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_noantilockout" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Anti-lockout"); ?></td>
<td>
<input name="noantilockout" type="checkbox" value="yes" <?= empty($pconfig['noantilockout']) ? '' : 'checked="checked"' ?>/>
<strong><?= gettext('Disable web GUI anti-lockout rule') ?></strong>
<div class="hidden" for="help_for_noantilockout">
<?= sprintf(gettext("When this is unchecked, access to the web GUI " .
"on the %s interface is always permitted, regardless of the user-defined firewall " .
"rule set. Check this box to disable this automatically added rule, so access " .
"to the web GUI is controlled by the user-defined firewall rules " .
"(ensure you have a firewall rule in place that allows you in, or you will " .
"lock yourself out!)"), count($config['interfaces']) == 1 && !empty($config['interfaces']['wan']['if']) ?
gettext('WAN') : gettext('LAN')) ?>
<em><?= gettext('Hint: the "Set interface(s) IP address" option in the console menu resets this setting as well.'); ?></em>
<?=gettext("When this is checked, successful logins to the web GUI will not be logged.");?>
</div>
</td>
</tr>
Expand Down Expand Up @@ -483,7 +458,7 @@
</td>
</tr>
<tr>
<td><a id="help_for_compression" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("WebGui Compression")?></td>
<td><a id="help_for_compression" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("HTTP Compression")?></td>
<td width="78%">
<select name="compression" class="formselect selectpicker">
<option value="" <?=empty($pconfig['compression'])? 'selected="selected"' : '';?>>
Expand All @@ -500,7 +475,7 @@
</option>
</select>
<div class="hidden" for="help_for_compression">
<?=gettext("Enable compression of webgui pages and dynamic content.");?><br/>
<?=gettext("Enable compression of HTTP pages and dynamic content.");?><br/>
<?=gettext("Transfer less data to the client for an additional cost in processing power.");?>
</div>
</td>
Expand Down
23 changes: 23 additions & 0 deletions src/www/system_advanced_firewall.php
View file
Expand Up @@ -49,6 +49,7 @@ function default_table_entries_size()
$pconfig['maximumfrags'] = isset($config['system']['maximumfrags']) ? $config['system']['maximumfrags'] : null;
$pconfig['adaptivestart'] = isset($config['system']['adaptivestart']) ? $config['system']['adaptivestart'] : null;
$pconfig['adaptiveend'] = isset($config['system']['adaptiveend']) ? $config['system']['adaptiveend'] : null;
$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
$pconfig['aliasesresolveinterval'] = isset($config['system']['aliasesresolveinterval']) ? $config['system']['aliasesresolveinterval'] : null;
$pconfig['checkaliasesurlcert'] = isset($config['system']['checkaliasesurlcert']);
$pconfig['maximumtableentries'] = !empty($config['system']['maximumtableentries']) ? $config['system']['maximumtableentries'] : null ;
Expand Down Expand Up @@ -116,6 +117,12 @@ function default_table_entries_size()
unset($config['system']['lb_use_sticky']);
}

if ($pconfig['noantilockout'] == "yes") {
$config['system']['webgui']['noantilockout'] = true;
} elseif (isset($config['system']['webgui']['noantilockout'])) {
unset($config['system']['webgui']['noantilockout']);
}

if (!empty($pconfig['srctrack'])) {
$config['system']['srctrack'] = $pconfig['srctrack'];
} elseif (isset($config['system']['srctrack'])) {
Expand Down Expand Up @@ -629,6 +636,22 @@ function default_table_entries_size()
</div>
</td>
</tr>
<tr>
<td><a id="help_for_noantilockout" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Disable anti-lockout"); ?></td>
<td>
<input name="noantilockout" type="checkbox" value="yes" <?= empty($pconfig['noantilockout']) ? '' : 'checked="checked"' ?>/>
<strong><?= gettext('Disable administration anti-lockout rule') ?></strong>
<div class="hidden" for="help_for_noantilockout">
<?= sprintf(gettext("When this is unchecked, access to the web GUI or SSH " .
"on the %s interface is always permitted, regardless of the user-defined firewall " .
"rule set. Check this box to disable the automatically added rule, so access " .
"is controlled only by the user-defined firewall rules. Ensure you have a firewall rule " .
"in place that allows you in, or you will lock yourself out."),
count($config['interfaces']) == 1 && !empty($config['interfaces']['wan']['if']) ?
gettext('WAN') : gettext('LAN')) ?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_aliasesresolveinterval" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Aliases Resolve Interval");?></td>
<td>
Expand Down

0 comments on commit 2478089

Please sign in to comment.