Skip to content

Commit

Permalink
(firewall, scrub) add option to disable all standard scrubbing
Browse files Browse the repository at this point in the history
  • Loading branch information
@AdSchellevis
AdSchellevis committed Jun 10, 2016
1 parent 8de7020 commit c38a74b
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 23 deletions.
26 changes: 14 additions & 12 deletions src/etc/inc/filter.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -379,20 +379,22 @@ function filter_generate_scrubing(&$FilterIflist)
$scrubrules = '';

/* scrub per interface options */
foreach ($FilterIflist as $scrubif => $scrubcfg) {
if (isset($scrubcfg['virtual']) || empty($scrubcfg['descr'])) {
continue;
} else {
/* set up MSS clamping */
if (!empty($scrubcfg['mss']) && is_numeric($scrubcfg['mss']) &&
!in_array($scrubcfg['if'], array('pppoe', 'pptp', 'l2tp'))) {
$mssclamp = "max-mss " . (intval($scrubcfg['mss'] - 40));
if (empty($config['system']['scrub_interface_disable'])) {
foreach ($FilterIflist as $scrubif => $scrubcfg) {
if (isset($scrubcfg['virtual']) || empty($scrubcfg['descr'])) {
continue;
} else {
$mssclamp = '';
/* set up MSS clamping */
if (!empty($scrubcfg['mss']) && is_numeric($scrubcfg['mss']) &&
!in_array($scrubcfg['if'], array('pppoe', 'pptp', 'l2tp'))) {
$mssclamp = "max-mss " . (intval($scrubcfg['mss'] - 40));
} else {
$mssclamp = '';
}
$scrubnodf = !empty($config['system']['scrubnodf']) ? "no-df" : "";
$scrubrnid = !empty($config['system']['scrubrnid']) ? "random-id" : "";
$scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp}\n";
}
$scrubnodf = !empty($config['system']['scrubnodf']) ? "no-df" : "";
$scrubrnid = !empty($config['system']['scrubrnid']) ? "random-id" : "";
$scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp}\n";
}
}

Expand Down
1 change: 1 addition & 0 deletions src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@
</Schedules>
<Normalization order="200" url="/firewall_scrub.php">
<NormalizationEdit url="/firewall_scrub_edit.php*" visibility="hidden"/>
<Normalization url="/firewall_scrub.php*" visibility="hidden"/>
</Normalization>
<Advanced order="300" url="/system_advanced_firewall.php"/>
</Settings>
Expand Down
53 changes: 42 additions & 11 deletions src/www/firewall_scrub.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,17 @@
$pconfig = array();
$pconfig['scrubnodf'] = !empty($config['system']['scrubnodf']);
$pconfig['scrubrnid'] = !empty($config['system']['scrubrnid']);
$pconfig['scrub_interface_disable'] = !empty($config['system']['scrub_interface_disable']);
if (!empty($_GET['savemsg'])) {
$savemsg = sprintf(
gettext(
'The settings have been applied and the rules are now reloading ' .
'in the background. You can monitor the reload progress %shere%s.'
),
'<a href="status_filter_reload.php">',
'</a>'
);
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
if (isset($pconfig['id']) && isset($a_scrub[$pconfig['id']])) {
Expand All @@ -57,6 +68,11 @@
} elseif (isset($config['system']['scrubrnid'])) {
unset($config['system']['scrubrnid']);
}
if (!empty($pconfig['scrub_interface_disable'])) {
$config['system']['scrub_interface_disable'] = "enabled";
} elseif (isset($config['system']['scrub_interface_disable'])) {
unset($config['system']['scrub_interface_disable']);
}
if (write_config()) {
mark_subsystem_dirty('filter');
}
Expand All @@ -65,14 +81,8 @@
} elseif (isset($pconfig['apply'])) {
filter_configure();
clear_subsystem_dirty('filter');
$savemsg = sprintf(
gettext(
'The settings have been applied and the rules are now reloading ' .
'in the background. You can monitor the reload progress %shere%s.'
),
'<a href="status_filter_reload.php">',
'</a>'
);
header("Location: firewall_scrub.php?savemsg=yes");
exit;
} elseif (isset($pconfig['act']) && $pconfig['act'] == 'del' && isset($id)) {
// delete single item
unset($a_scrub[$id]);
Expand Down Expand Up @@ -191,6 +201,16 @@
$("#iform").submit();
});

$("#scrub_interface_disable").change(function(){
if ($("#scrub_interface_disable:checked").val() == undefined) {
$(".scrub_settings").show();
} else{
$(".scrub_settings").hide();
}
});
$("#scrub_interface_disable").change();


// watch scroll position and set to last known on page load
watchScrollPosition();

Expand Down Expand Up @@ -224,6 +244,17 @@
</thead>
<tbody>
<tr>
<td><a id="help_for_scrub_interface_disable" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Disable interface scrub");?></td>
<td>
<input id="scrub_interface_disable" name="scrub_interface_disable" type="checkbox" value="yes" <?=!empty($pconfig['scrub_interface_disable']) ? "checked=\"checked\"" : "";?> />
<div class="hidden" for="help_for_scrub_interface_disable">
<?=gettext("Disable all default interface scrubing rules,".
" mss clamping will also be disabled when you check this.".
" Detailed settings specified below will still be used.");?>
</div>
</td>
</tr>
<tr class="scrub_settings">
<td><a id="help_for_scrubnodf" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IP Do-Not-Fragment");?></td>
<td>
<input name="scrubnodf" type="checkbox" value="yes" <?=!empty($pconfig['scrubnodf']) ? "checked=\"checked\"" : ""; ?>/>
Expand All @@ -235,7 +266,7 @@
</div>
</td>
</tr>
<tr>
<tr class="scrub_settings">
<td><a id="help_for_scrubrnid" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("IP Random id");?></td>
<td>
<input name="scrubrnid" type="checkbox" value="yes" <?= !empty($pconfig['scrubrnid']) ? "checked=\"checked\"" : "";?> />
Expand Down Expand Up @@ -357,7 +388,7 @@
<td colspan="2" class="hidden-xs hidden-sm"></td>
<td colspan="3"></td>
<td>
<a type="submit" id="move_<?=$i;?>" name="move_<?=$i;?>_x" data-toggle="tooltip" title="<?=gettext("move selected rules to end");?>" class="act_move btn btn-default btn-xs">
<a id="move_<?=$i;?>" name="move_<?=$i;?>_x" data-toggle="tooltip" title="<?=gettext("move selected rules to end");?>" class="act_move btn btn-default btn-xs">
<span class="glyphicon glyphicon-arrow-left"></span>
</a>
<a data-id="x" title="<?=gettext("delete selected rules"); ?>" data-toggle="tooltip" class="act_delete btn btn-default btn-xs">
Expand All @@ -370,7 +401,7 @@
</tr>
<tr class="hidden-xs hidden-sm">
<td><a><i class="fa fa-list"></i></a></td>
<td colspan="6"><?=gettext("Alias (click to view/edit)");?></td>
<td colspan="5"><?=gettext("Alias (click to view/edit)");?></td>
</tr>
</tfoot>
</table>
Expand Down

0 comments on commit c38a74b

Please sign in to comment.