/** * @return Form_Group */ static function createDirect($id = 'form1') { $form = new Form_Group($id); $form->add(self::GROUP, 'userinfo', array(array(QForm::ELEMENT, 'username', array('_ui' => 'textbox', 'maxlength' => 15)), array(QForm::ELEMENT, 'password', array('_ui' => 'password', 'maxlength' => 20)))); $form->add(QForm::GROUP, 'profile')->add(QForm::ELEMENT, 'address', array('_ui' => 'textbox', 'maxlength' => 80))->add(QForm::ELEMENT, 'postcode', array('_ui' => 'textbox', 'maxlength' => 6)); return $form; }
public function addPassword(Form_Input $input) { $group = new Form_Group($input->getTitle()); if ($input->getValue() != "") { $input->setValue(DMYPWD); } $input->setType("password"); $group->add($input); $confirm = clone $input; $confirm->setName($confirm->getName() . "_confirm"); $confirm->setHelp("Confirm"); $group->add($confirm); $this->add($group); return $input; }
public function addInput(Form_Input $input) { $group = new Form_Group($input->getTitle()); $group->add($input); $this->add($group); return $input; }
$section->addInput(new Form_Input('auth_algs', null, 'hidden', '1')); } $section->addInput(new Form_Select('wpa_pairwise', 'WPA Pairwise', isset($pconfig['wpa_pairwise']) ? $pconfig['wpa_pairwise'] : 'CCMP', ['CCMP TKIP' => 'Both', 'CCMP' => 'AES (recommended)', 'TKIP' => 'TKIP'])); $section->addInput(new Form_Input('wpa_group_rekey', 'WPA Pre-Shared Key', 'number', $pconfig['wpa_group_rekey'] ? $pconfig['wpa_group_rekey'] : "60", ['min' => '1', 'max' => 9999]))->setHelp('Specified in seconds. Allowed values are 1-9999. Must be shorter than Master Key Regeneration time'); $section->addInput(new Form_Input('wpa_gmk_rekey', 'Master Key Regeneration', 'number', $pconfig['wpa_gmk_rekey'] ? $pconfig['wpa_gmk_rekey'] : "3600", ['min' => '1', 'max' => 9999]))->setHelp('Specified in seconds. Allowed values are 1-9999. Must be longer than Key Rotation time'); $section->addInput(new Form_Checkbox('wpa_strict_rekey', 'Strict Key Regeneration', 'Force the AP to rekey whenever a client disassociates', $pconfig['wpa_strict_rekey'], 'yes')); $form->add($section); $section = new Form_Section('802.1x RADIUS options'); $section->addInput(new Form_Checkbox('ieee8021x', 'IEEE802.1X', 'Enable 802.1X authentication', $pconfig['ieee8021x'], 'yes'))->setHelp('This option requires that the "Enable WPA box" is checked'); $group = new Form_Group('Primary 802.1X server'); $group->add(new Form_IpAddress('auth_server_addr', 'IP Address', $pconfig['auth_server_addr']))->setHelp('IP address. (Commonly a Radius server (FreeRadius, Internet Authentication Services, etc.)'); $group->add(new Form_Input('auth_server_port', 'Port', 'number', $pconfig['auth_server_port']))->setHelp('Server port. Leave blank for the default port 1812'); $group->add(new Form_Input('auth_server_shared_secret', 'Shared secret', 'number', $pconfig['auth_server_shared_secret']))->setHelp('Shared secret'); $section->add($group); $group = new Form_Group('Secondary 802.1X server'); $group->add(new Form_IpAddress('auth_server_addr2', 'IP Address', $pconfig['auth_server_addr2']))->setHelp('IP address. (Commonly a Radius server (FreeRadius, Internet Authentication Services, etc.)'); $group->add(new Form_Input('auth_server_port2', 'Port', 'number', $pconfig['auth_server_port2']))->setHelp('Server port. Leave blank for the default port 1812'); $group->add(new Form_Input('auth_server_shared_secret2', 'Shared secret', 'number', $pconfig['auth_server_shared_secret2']))->setHelp('Shared secret'); $section->add($group); $section->addInput(new Form_Checkbox('rsn_preauth', 'Authentication Roaming Preauth', null, $pconfig['rsn_preauth'], 'yes')); $form->add($section); } $section = new Form_Section('Private networks'); $section->addInput(new Form_Checkbox('blockpriv', 'Block private networks', '', $pconfig['blockpriv'], 'yes'))->setHelp('Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) ' . ' as well as loopback addresses (127/8). You should generally leave this option turned on, unless your WAN network ' . 'lies in such a private address space, too.'); $section->addInput(new Form_Checkbox('blockbogons', 'Block bogon networks', '', $pconfig['blockbogons'], 'yes'))->setHelp('Blocks traffic from reserved IP addresses (but not RFC 1918) or not yet assigned by IANA. Bogons are prefixes that should ' . 'never appear in the Internet routing table, and so should not appear as the source address in any packets you receive.' . '<br />' . 'Note: The update frequency can be changed under System->Advanced Firewall/NAT settings'); $form->add($section); $form->addGlobal(new Form_Input('if', null, 'hidden', $if)); if ($wancfg['if'] == $a_ppps[$pppid]['if']) { $form->addGlobal(new Form_Input('ppp_port', null, 'hidden', $pconfig['port'])); } $form->addGlobal(new Form_Input('ptpid', null, 'hidden', $pconfig['ptpid']));
function createDestinationServerInputGroup($value = null) { $group = new Form_Group('Destination server'); $group->add(new Form_IpAddress('server', 'Destination server', $value))->setWidth(4)->setHelp('This is the IPv6 address of the server to which DHCPv6 requests are relayed.')->setIsRepeated(); $group->enableDuplication(null, true); // Buttons are in-line with the input return $group; }
$section->addInput(new Form_Textarea('cert', 'Certificate data', $pconfig['cert']))->setHelp('Paste a certificate in X.509 PEM format here.'); $section->addInput(new Form_Textarea('key', 'Certificate Private Key (optional)', $pconfig['key']))->setHelp('Paste the private key for the above certificate here. This is ' . 'optional in most cases, but is required when generating a ' . 'Certificate Revocation List (CRL).'); $section->addInput(new Form_Input('serial', 'Serial for next certificate', 'number', $pconfig['serial']))->setHelp('Enter a decimal number to be used as the serial number for the next ' . 'certificate to be created using this CA.'); $form->add($section); $section = new Form_Section('Internal Certificate Authority'); $section->addClass('toggle-internal', 'toggle-intermediate', 'collapse'); $allCas = array(); foreach ($a_ca as $ca) { if (!$ca['prv']) { continue; } $allCas[$ca['refid']] = $ca['descr']; } $group = new Form_Group('Signing Certificate Authority'); $group->addClass('toggle-intermediate', 'collapse'); $group->add(new Form_Select('caref', null, $pconfig['caref'], $allCas)); $section->add($group); $section->addInput(new Form_Select('keylen', 'Key length (bits)', $pconfig['keylen'], array_combine($ca_keylens, $ca_keylens))); $section->addInput(new Form_Select('digest_alg', 'Digest Algorithm', $pconfig['digest_alg'], array_combine($openssl_digest_algs, $openssl_digest_algs)))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 ' . 'when possible.'); $section->addInput(new Form_Input('lifetime', 'Lifetime (days)', 'number', $pconfig['lifetime'])); $section->addInput(new Form_Select('dn_country', 'Country Code', $pconfig['dn_country'], $dn_cc)); $section->addInput(new Form_Input('dn_state', 'State or Province', 'text', $pconfig['dn_state'], ['placeholder' => 'e.g. Texas'])); $section->addInput(new Form_Input('dn_city', 'City', 'text', $pconfig['dn_city'], ['placeholder' => 'e.g. Austin'])); $section->addInput(new Form_Input('dn_organization', 'Organization', 'text', $pconfig['dn_organization'], ['placeholder' => 'e.g. My Company Inc'])); $section->addInput(new Form_Input('dn_organizationalunit', 'Organizational Unit', 'text', $pconfig['dn_organizationalunit'], ['placeholder' => 'e.g. My Department Name (optional)'])); $section->addInput(new Form_Input('dn_email', 'Email Address', 'email', $pconfig['dn_email'], ['placeholder' => 'e.g. admin@mycompany.com'])); $section->addInput(new Form_Input('dn_commonname', 'Common Name', 'text', $pconfig['dn_commonname'], ['placeholder' => 'e.g. internal-ca'])); $form->add($section); print $form; $internal_ca_count = 0; foreach ($a_ca as $ca) {
$form = new Form(); $section = new Form_Section('Edit Virtual IP'); $group = new Form_Group('Type'); $group->add(new Form_Checkbox('mode', null, 'IP Alias', $pconfig['mode'] == "ipalias", 'ipalias'))->displayAsRadio(); $group->add(new Form_Checkbox('mode', null, 'CARP', $pconfig['mode'] == "carp", 'carp'))->displayAsRadio(); $group->add(new Form_Checkbox('mode', null, 'Proxy ARP', $pconfig['mode'] == "proxyarp", 'proxyarp'))->displayAsRadio(); $group->add(new Form_Checkbox('mode', null, 'Other', $pconfig['mode'] == "other", 'other'))->displayAsRadio(); $section->add($group); $section->addInput(new Form_Select('interface', 'Interface', $pconfig['interface'], build_if_list())); $section->addInput(new Form_Select('type', 'Address type', !$pconfig['range'] && $pconfig['subnet_bits'] == 32 || !isset($pconfig['subnet']) ? 'single' : 'network', array('single' => 'Single address', 'network' => 'Network')))->addClass('typesel'); $section->addInput(new Form_IpAddress('subnet', 'Address(es)', $pconfig['subnet']))->addMask('subnet_bits', $pconfig['subnet_bits'])->setHelp('<span id="address_note"></span>'); $section->addInput(new Form_Checkbox('noexpand', 'Expansion', 'Disable expansion of this entry into IPs on NAT lists (e.g. 192.168.1.0/24 expands to 256 entries.) ', isset($pconfig['noexpand']))); $section->addInput(new Form_Input('password', 'Virtual IP Password', 'password', $pconfig['password']))->setHelp('Enter the VHID group password.'); $section->addInput(new Form_Select('vhid', 'VHID Group', $pconfig['vhid'], array_combine(range(1, 255, 1), range(1, 255, 1))))->setHelp('Enter the VHID group that the machines will share'); $group = new Form_Group('Advertising frequency'); $group->add(new Form_Select('advbase', 'Base', $pconfig['advbase'], array_combine(range(1, 254, 1), range(1, 254, 1))))->setHelp('Base'); $group->add(new Form_Select('advskew', 'Skew', $pconfig['advskew'], array_combine(range(0, 254, 1), range(0, 254, 1))))->setHelp('Skew'); $group->setHelp('The frequency that this machine will advertise. 0 means usually master. Otherwise the lowest combination of both values in the cluster determines the master.'); $section->add($group); $section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference (not parsed).'); if (isset($id) && $a_vip[$id]) { $section->addInput(new Form_Input('id', null, 'hidden', $id)); } $section->addInput(new Form_Input('uniqid', null, 'hidden', $pconfig['uniqid'])); $form->add($section); print $form; ?> <div id="infoblock"> <?php echo print_info_box(gettext("Proxy ARP and Other type Virtual IPs cannot be bound to by anything running on the firewall, such as IPsec, OpenVPN, etc. Use a CARP or IP Alias type address for these types.") . '<br />' . sprintf(gettext("For more information on CARP and the above values, visit the OpenBSD %s"), '<a href="http://www.openbsd.org/faq/pf/carp.html">CARP FAQ</a>.'), info);
$section->addInput(new Form_Input('decrypt_password', null, 'password', null, ['placeholder' => 'Password'])); $section->addInput(new Form_Input('decrypt_passconf', null, 'password', null, ['placeholder' => 'Confirm password'])); $group = new Form_Group(''); $group->add(new Form_Button('Submit', 'Restore configuration'))->setHelp('The firewall will reboot after restoring the configuration.')->removeClass('btn-primary')->addClass('btn-danger'); $section->add($group); $form->add($section); if ($config['installedpackages']['package'] != "" || is_subsystem_dirty("packagelock")) { $section = new Form_Section('Package functions'); if ($config['installedpackages']['package'] != "") { $group = new Form_Group(''); $group->add(new Form_Button('Submit', 'Reinstall packages'))->setHelp('Click this button to reinstall all system packages. This may take a while.')->removeClass('btn-primary')->addClass('btn-warning'); $section->add($group); } if (is_subsystem_dirty("packagelock")) { $group = new Form_Group(''); $group->add(new Form_Button('Submit', 'Clear Package Lock'))->setHelp('Click this button to clear the package lock if a package fails to reinstall properly after an upgrade.')->removeClass('btn-primary')->addClass('btn-warning'); $section->add($group); } $form->add($section); } print $form; ?> <script type="text/javascript"> //<![CDATA[ events.push(function(){ //---------- "Standard" show/hide functions --------------------------------------------------- // Hides all elements of the specified class. This will usually be a section or group function hideClass(s_class, hide) { if(hide) $('.' + s_class).hide();
$section->addClass('adnlopts'); $section->addInput(new Form_StaticText(null, '<div class="alert alert-info"> ' . gettext('Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information.') . ' ' . sprintf(gettext('For a list of available options please visit this %1$s URL%2$s'), '<a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank">', '</a></div>'))); if (!$pconfig['numberoptions']) { $pconfig['numberoptions']['item'] = array(array('number' => '', 'type' => 'text', 'value' => '')); } $customitemtypes = array('text' => gettext('Text'), 'string' => gettext('String'), 'boolean' => gettext('Boolean'), 'unsigned integer 8' => gettext('Unsigned 8-bit integer'), 'unsigned integer 16' => gettext('Unsigned 16-bit integer'), 'unsigned integer 32' => gettext('Unsigned 32-bit integer'), 'signed integer 8' => gettext('Signed 8-bit integer'), 'signed integer 16' => gettext('Signed 16-bit integer'), 'signed integer 32' => gettext('Signed 32-bit integer'), 'ip-address' => gettext('IP address or host')); $numrows = count($item) - 1; $counter = 0; $numrows = count($pconfig['numberoptions']['item']) - 1; foreach ($pconfig['numberoptions']['item'] as $item) { $number = $item['number']; $itemtype = $item['type']; $value = base64_decode($item['value']); $group = new Form_Group($counter == 0 ? 'Option' : null); $group->addClass('repeatable'); $group->add(new Form_Input('number' . $counter, null, 'text', $number))->setHelp($numrows == $counter ? 'Number' : null); $group->add(new Form_Select('itemtype' . $counter, null, $itemtype, $customitemtypes))->setWidth(3)->setHelp($numrows == $counter ? 'Type' : null); $group->add(new Form_Input('value' . $counter, null, 'text', $value))->setHelp($numrows == $counter ? 'Value' : null); $group->add(new Form_Button('deleterow' . $counter, 'Delete'))->removeClass('btn-primary')->addClass('btn-warning'); $section->add($group); $counter++; } $section->addInput(new Form_Button('addrow', 'Add'))->removeClass('btn-primary')->addClass('btn-success'); $form->add($section); if ($pconfig['netboot']) { $sectate = COLLAPSIBLE | SEC_OPEN; } else { $sectate = COLLAPSIBLE | SEC_CLOSED; } $section = new Form_Section("Network Booting", nwkbootsec, $sectate); $section->addInput(new Form_Checkbox('netboot', 'Enable', 'Enables network booting', $pconfig['netboot']));
// Note: ID attribute of each element created is to be unique. Not being used, suppressing it. $group->add(new Form_Button('Submit', 'Restore Configuration', null, 'fa-undo'))->setHelp('The firewall will reboot after restoring the configuration.')->addClass('btn-danger restore')->setAttribute('id'); $section->add($group); $form->add($section); if ($config['installedpackages']['package'] != "" || is_subsystem_dirty("packagelock")) { $section = new Form_Section('Package Functions'); if ($config['installedpackages']['package'] != "") { $group = new Form_Group(''); // Note: ID attribute of each element created is to be unique. Not being used, suppressing it. $group->add(new Form_Button('Submit', 'Reinstall Packages', null, 'fa-retweet'))->setHelp('Click this button to reinstall all system packages. This may take a while.')->addClass('btn-success')->setAttribute('id'); $section->add($group); } if (is_subsystem_dirty("packagelock")) { $group = new Form_Group(''); // Note: ID attribute of each element created is to be unique. Not being used, suppressing it. $group->add(new Form_Button('Submit', 'Clear Package Lock', null, 'fa-wrench'))->setHelp('Click this button to clear the package lock if a package fails to reinstall properly after an upgrade.')->addClass('btn-warning')->setAttribute('id'); $section->add($group); } $form->add($section); } print $form; ?> <script type="text/javascript"> //<![CDATA[ events.push(function() { // ------- Show/hide sections based on checkbox settings -------------------------------------- function hideSections(hide) { hidePasswords(); }
display_top_tabs($tab_array); $form = new Form(); $section = new Form_Section('Start IPsec in debug mode based on sections selected'); foreach ($ipsec_log_cats as $cat => $desc) { $section->addInput(new Form_Select($cat, $desc, $pconfig[$cat], $ipsec_log_sevs))->setWidth(2); } $section->addInput(new Form_StaticText('', ''))->setHelp('Launches IPsec in debug mode so that more verbose logs will be generated to aid in troubleshooting.'); $form->add($section); $section = new Form_Section('IPsec Advanced Settings'); $section->addInput(new Form_Select('uniqueids', 'Configure Unique IDs as', $pconfig['uniqueids'], $ipsec_idhandling))->setHelp('Whether a particular participant ID should be kept unique, with any new IKE_SA using an ID ' . 'deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new ' . 'IKE_SA using the same ID is almost invariably intended to replace an old one. ' . 'The difference between <b>no</b> and <b>never</b> is that the old IKE_SAs will be replaced when receiving an ' . 'INITIAL_CONTACT notify if the option is no but will ignore these notifies if <b>never</b> is configured. ' . 'The daemon also accepts the value <b>keep</b> to reject ' . 'new IKE_SA setups and keep the duplicate established earlier. Defaults to Yes.'); $section->addInput(new Form_Checkbox('compression', 'IP Compression', 'Enable IPCompression', $pconfig['compression']))->setHelp('IPComp compression of content is proposed on the connection.'); $section->addInput(new Form_Checkbox('enableinterfacesuse', 'Strict interface binding', 'Enable strict interface binding', $pconfig['enableinterfacesuse']))->setHelp('Enable strongSwan\'s interfaces_use option to bind specific interfaces only. This option is known to break IPsec with dynamic IP interfaces. This is not recommended at this time.'); $section->addInput(new Form_Checkbox('acceptunencryptedmainmode', 'Unencrypted payloads in IKEv1 Main Mode', 'Accept unencrypted ID and HASH payloads in IKEv1 Main Mode', $pconfig['acceptunencryptedmainmode']))->setHelp('Some implementations send the third Main Mode message unencrypted, probably to find the PSKs for the specified ID for authentication.' . 'This is very similar to Aggressive Mode, and has the same security implications: ' . 'A passive attacker can sniff the negotiated Identity, and start brute forcing the PSK using the HASH payload.' . 'It is recommended to keep this option to no, unless you know exactly what the implications are and require compatibility to such devices (for example, some SonicWall boxes).'); $section->addInput(new Form_Checkbox('maxmss_enable', 'Enable Maximum MSS', 'Enable MSS clamping on VPN traffic', $pconfig['maxmss_enable']))->toggles('.toggle-maxmss', 'collapse'); $group = new Form_Group('Maximum MSS'); $group->addClass('toggle-maxmss collapse'); if (!empty($pconfig['maxmss_enable'])) { $group->addClass('in'); } $group->add(new Form_Input('maxmss', 'Maximum MSS', 'text', $pconfig['maxmss'] ? $pconfig['maxmss'] : '1400'))->setHelp('Enable MSS clamping on TCP flows over VPN. ' . 'This helps overcome problems with PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. '); $section->add($group); $section->addInput(new Form_Checkbox('unityplugin', 'Disable Cisco Extensions', 'Disable Unity Plugin', $pconfig['unityplugin']))->setHelp('Disable Unity Plugin which provides Cisco Extension support as Split-Include, Split-Exclude, Split-Dns, ...'); $section->addInput(new Form_Checkbox('strictcrlpolicy', 'Strict CRL Checking', 'Enable strict Certificate Revocation List checking', $pconfig['strictcrlpolicy']))->setHelp('Check this to require availability of a fresh CRL for peer authentication based on RSA signatures to succeed.'); $section->addInput(new Form_Checkbox('makebeforebreak', 'Make before Break', 'Initiate IKEv2 reauthentication with a make-before-break', $pconfig['makebeforebreak']))->setHelp('instead of a break-before-make scheme. Make-before-break uses overlapping IKE and CHILD_SA during reauthentication ' . 'by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps ' . 'during reauthentication, but requires support for overlapping SAs by the peer'); $section->addInput(new Form_Checkbox('autoexcludelanaddress', 'Auto-exclude LAN address', 'Enable bypass for LAN interface IP', !$pconfig['noshuntlaninterfaces']))->setHelp('Exclude traffic from LAN subnet to LAN IP address from IPsec.'); $form->add($section); print $form; ?> <?php include "foot.inc";
$group = new Form_Group('Options'); $group->add(new Form_Select('option', 'Graphs', $curoption, build_options()))->setHelp('Graph'); $group->add(new Form_Select('style', 'Style', $curstyle, $styles))->setHelp('Style'); $group->add(new Form_Select('period', 'Period', $curperiod, $periods))->setHelp('Period'); if ($curcat == 'custom') { $group->setHelp('Any changes to these option may not take affect until the next auto-refresh.'); } $section->add($group); if ($curcat == 'custom') { $section->addInput(new Form_Input('cat', null, 'hidden', 'custom')); $tz = date_default_timezone_get(); $tz_msg = gettext("Enter date and/or time. Current timezone:") . " {$tz}"; $start_fmt = strftime("%m/%d/%Y %H:%M:%S", $start); $end_fmt = strftime("%m/%d/%Y %H:%M:%S", $end); $group = new Form_Group(''); $group->add(new Form_Input('start', 'Start', 'datetime', $start_fmt))->setHelp('Start'); $group->add(new Form_Input('end', 'End', 'datetime', $end_fmt))->setHelp('End'); if ($curcat != 'custom') { $group->setHelp('Any changes to these option may not take affect until the next auto-refresh'); } $section->add($group); $form->add($section); print $form; $curdatabase = $curoption; $graph = "custom-{$curdatabase}"; if (in_array($curdatabase, $custom_databases)) { $id = "{$graph}-{$curoption}-{$curdatabase}"; $id = preg_replace('/\\./', '_', $id); ?> <div class="panel panel-default"> <img align="center" name="<?php
// Get the MAC address $ip = $_SERVER['REMOTE_ADDR']; $mymac = `/usr/sbin/arp -an | grep '('{$ip}')' | head -n 1 | cut -d" " -f4`; $mymac = str_replace("\n", "", $mymac); include "head.inc"; if ($input_errors) { print_input_errors($input_errors); } $form = new Form(); $section = new Form_Section('Edit MAC Address Rules'); $section->addInput(new Form_Select('action', 'Action', strtolower($pconfig['action']), array('pass' => gettext('Pass'), 'block' => gettext('Block'))))->setHelp('Choose what to do with packets coming from this MAC address.'); $macaddress = new Form_Input('mac', 'MAC Address', 'text', $pconfig['mac'], ['placeholder' => 'xx:xx:xx:xx:xx:xx']); $btnmymac = new Form_Button('btnmymac', 'Copy My MAC', null, 'fa-clone'); $btnmymac->setAttribute('type', 'button')->removeClass('btn-primary')->addClass('btn-success btn-sm'); $group = new Form_Group('MAC Address'); $group->add($macaddress); $group->add($btnmymac); $group->setHelp('6 hex octets separated by colons'); $section->add($group); $section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('A description may be entered here for administrative reference (not parsed)'); $section->addInput(new Form_Input('bw_up', 'Bandwidth up', 'text', $pconfig['bw_up']))->setHelp('Enter an upload limit to be enforced on this MAC in Kbit/s'); $section->addInput(new Form_Input('bw_down', 'Bandwidth down', 'text', $pconfig['bw_down']))->setHelp('Enter a download limit to be enforced on this MAC in Kbit/s'); $section->addInput(new Form_Input('zone', null, 'hidden', $cpzone)); if (isset($id) && $a_passthrumacs[$id]) { $section->addInput(new Form_Input('id', null, 'hidden', $id)); } if (isset($pconfig['username']) && $pconfig['username']) { $section->addInput(new Form_Input('username', null, 'hidden', $pconfig['username'])); } $form->add($section); print $form;
//DEBUG //$usernames = 'sbeaver:TXlQYXNzd2Q=:192.168.1.1 smith:TXlQYXNzd2Q=:192.168.2.1 sjones:TXlQYXNzd2Q=:192.168.3.1 salpha:TXlQYXNzd2Q=:192.168.4.1'; if ($usernames == "") { $usernames = '::'; } if ($usernames != "") { $item = explode(" ", $usernames); $numrows = count($item) - 1; foreach ($item as $ww) { $wws = explode(":", $ww); $user = $wws[0]; $passwd = base64_decode($wws[1]); $ip = $wws[2]; $group = new Form_Group($counter == 0 ? 'User table' : null); $group->addClass('repeatable'); $group->add(new Form_Input('username' . $counter, null, 'text', $user))->setHelp($numrows == $counter ? 'User name' : null); $group->add(new Form_Input('password' . $counter, null, 'password', $passwd))->setHelp($numrows == $counter ? 'Password' : null); $group->add(new Form_IpAddress('ip' . $counter, null, $ip))->setHelp($numrows == $counter ? 'IP Address' : null); $group->add(new Form_Button('deleterow' . $counter, 'Delete'))->removeClass('btn-primary')->addClass('btn-warning'); $section->add($group); $counter++; } } $btnaddrow = new Form_Button('addrow', 'Add user'); $btnaddrow->removeClass('btn-primary')->addClass('btn-success'); $section->addInput(new Form_StaticText(null, ' ' . $btnaddrow)); // Hidden fields if (isset($id)) { $section->addInput(new Form_Input('id', null, 'hidden', htmlspecialchars($id, ENT_QUOTES | ENT_HTML401))); } if (isset($pconfig['pppoeid'])) {
$section->add($group); // NTP servers $section->addInput(new Form_Checkbox('ntp_server_enable', 'NTP Servers', 'Provide an NTP server list to clients', $pconfig['ntp_server_enable']))->toggles('.ntpservers'); $group = new Form_Group(null); $group->addClass('ntpservers'); $group->add(new Form_Input('ntp_server1', null, 'text', $pconfig['ntp_server1']))->setHelp('Server 1'); $group->add(new Form_Input('ntp_server2', null, 'text', $pconfig['ntp_server2']))->setHelp('Server 2'); $section->add($group); // NTP servers - For this section we need to use Javascript hiding since there // are nested toggles $section->addInput(new Form_Checkbox('netbios_enable', 'NetBIOS Options', 'Enable NetBIOS over TCP/IP', $pconfig['netbios_enable']))->setHelp('If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled. '); $section->addInput(new Form_Select('netbios_ntype', 'Node Type', $pconfig['netbios_ntype'], $netbios_nodetypes))->setHelp('Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), ' . 'and h-node (query name server, then broadcast). '); $section->addInput(new Form_Input('netbios_scope', null, 'text', $pconfig['netbios_scope']))->setHelp('A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. ' . 'The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. '); $section->addInput(new Form_Checkbox('wins_server_enable', 'WINS servers', 'Provide a WINS server list to clients', $pconfig['wins_server_enable'])); $group = new Form_Group(null); $group->add(new Form_Input('wins_server1', null, 'text', $pconfig['wins_server1']))->setHelp('Server 1'); $group->add(new Form_Input('wins_server2', null, 'text', $pconfig['wins_server2']))->setHelp('Server 2'); $group->addClass('winsservers'); $section->add($group); $section->addInput(new Form_Textarea('custom_options', 'Advanced', $pconfig['custom_options']))->setHelp('Enter any additional options you would like to add for this client specific override, separated by a semicolon. ' . '<br />' . 'EXAMPLE: push "route 10.0.0.0 255.255.255.0"; '); // The hidden fields $section->addInput(new Form_Input('act', null, 'hidden', $act)); if (isset($id) && $a_csc[$id]) { $section->addInput(new Form_Input('id', null, 'hidden', $id)); } $form->add($section); print $form; ?> <script type="text/javascript"> //<![CDATA[
if ($act == "new" || $act == "edit") { $form = new Form(); $section = new Form_Section('New Access List'); $section->addInput(new Form_Input('aclid', null, 'hidden', $id)); $section->addInput(new Form_Input('act', null, 'hidden', $act)); $section->addInput(new Form_Input('aclname', 'Access List name', 'text', $pconfig['aclname']))->setHelp('Provide an Access List name.'); $section->addInput(new Form_Select('aclaction', 'Action', strtolower($pconfig['aclaction']), array('allow' => 'Allow', 'deny' => 'Deny', 'refuse' => 'Refuse', 'allow snoop' => 'Allow Snoop')))->setHelp($actionHelp); $section->addInput(new Form_Input('description', 'Description', 'text', $pconfig['description']))->setHelp('You may enter a description here for your reference.'); $numrows = count($networkacl) - 1; $counter = 0; foreach ($networkacl as $item) { $network = $item['acl_network']; $cidr = $item['mask']; $description = $item['description']; $group = new Form_Group($counter == 0 ? 'Networks' : ''); $group->add(new Form_IpAddress('acl_network' . $counter, null, $network))->addMask('mask' . $counter, $cidr)->setWidth(4)->setHelp($counter == $numrows ? 'Network/mask' : null); $group->add(new Form_Input('description' . $counter, null, 'text', $description))->setHelp($counter == $numrows ? 'Description' : null); $group->add(new Form_Button('deleterow' . $counter, 'Delete'))->removeClass('btn-primary')->addClass('btn-warning'); $group->addClass('repeatable'); $section->add($group); $counter++; } $form->addGlobal(new Form_Button('addrow', 'Add network'))->removeClass('btn-primary')->addClass('btn-success'); $form->add($section); print $form; } else { // NOT 'edit' or 'add' ?> <div class="panel panel-default"> <div class="panel-heading"><h2 class="panel-title"><?php echo gettext('Access Lists to control access to the DNS Resolver');
$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php"); $tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php"); $tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php"); $tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php"); display_top_tabs($tab_array); ?> <div id="container"><?php $form = new Form(); $section = new Form_Section('Firewall Advanced'); $section->addInput(new Form_Checkbox('scrubnodf', 'IP Do-Not-Fragment compatibility', 'Clear invalid DF bits instead of dropping the packets', isset($config['system']['scrubnodf'])))->setHelp('This allows for communications with hosts that generate fragmented ' . 'packets with the don\'t fragment (DF) bit set. Linux NFS is known to do this. ' . 'This will cause the filter to not drop such packets but instead clear the don\'t ' . 'fragment bit.'); $section->addInput(new Form_Checkbox('scrubrnid', 'IP Random id generation', 'Insert a stronger ID into IP header of packets passing through the filter.', isset($config['system']['scrubrnid'])))->setHelp('Replaces the IP identification field of packets with random values to ' . 'compensate for operating systems that use predictable values. This option only ' . 'applies to packets that are not fragmented after the optional packet ' . 'reassembly.'); $section->addInput($input = new Form_Select('optimization', 'Firewall Optimization Options', $config['system']['optimization'], array('normal' => 'Normal', 'high-latency' => gettext('High-latency'), 'aggressive' => gettext('Aggressive'), 'conservative' => gettext('Conservative'))))->setHelp('Select the type of state table optimization to use'); $section->addInput(new Form_Checkbox('disablefilter', 'Disable Firewall', 'Disable all packet filtering.', isset($config['system']['disablefilter'])))->setHelp('Note: This converts %s into a routing only platform!<br/>' . 'Note: This will also turn off NAT! To only disable NAT, ' . 'and not firewall rules, visit the <a href="firewall_nat_out.php">Outbound ' . 'NAT</a> page.', [$g["product_name"]]); $section->addInput(new Form_Checkbox('disablescrub', 'Disable Firewall Scrub', 'Disables the PF scrubbing option which can sometimes interfere with NFS traffic.', isset($config['system']['disablescrub']))); $group = new Form_Group('Firewall Adaptive Timeouts'); $group->add(new Form_Input('adaptivestart', 'Adaptive start', 'number', $pconfig['adaptivestart'], ['min' => 1]))->setHelp('When the number of state entries exceeds this value, adaptive ' . 'scaling begins. All timeout values are scaled linearly with factor ' . '(adaptive.end - number of states) / (adaptive.end - adaptive.start).'); $group->add(new Form_Input('adaptiveend', 'Adaptive end', 'number', $pconfig['adaptiveend'], ['min' => 1]))->setHelp('When reaching this number of state entries, all timeout values ' . 'become zero, effectively purging all state entries immediately. This ' . 'value is used to define the scale factor, it should not actually be ' . 'reached (set a lower state limit, see below).'); $group->setHelp('Timeouts for states can be scaled adaptively as the number of ' . 'state table entries grows. Leave blank for the default (0)'); $section->add($group); $section->addInput(new Form_Input('maximumstates', 'Firewall Maximum States', 'number', $pconfig['maximumstates'], ['min' => 1, 'placeholder' => pfsense_default_state_size()]))->setHelp('Maximum number of connections to hold in the firewall state table. ' . '<br/>Note: Leave this blank for the default. On this system the default ' . 'size is: %d', [pfsense_default_state_size()]); $section->addInput(new Form_Input('maximumtableentries', 'Firewall Maximum Table Entries', 'text', $pconfig['maximumtableentries'], ['placeholder' => pfsense_default_table_entries_size()]))->setHelp('Maximum number of table entries for systems such as aliases, ' . 'sshlockout, snort, etc, combined.<br/>Note: Leave this blank for the ' . 'default. On this system the default size is: %d', [pfsense_default_table_entries_size()]); $section->addInput(new Form_Input('maximumfrags', 'Firewall Maximum Fragment Entries', 'text', $pconfig['maximumfrags']))->setHelp('Maximum number of packet fragments to hold for reassembly by scrub rules. Leave this blank for the default (5000)'); $section->addInput(new Form_Checkbox('bypassstaticroutes', 'Static route filtering', 'Bypass firewall rules for traffic on the same interface', $pconfig['bypassstaticroutes']))->setHelp('This option only applies if one or more static routes have been defined. ' . 'If it is enabled, traffic that enters and leaves through the same ' . 'interface will not be checked by the firewall. This may be desirable in some ' . 'situations where multiple subnets are connected to the same interface.'); $section->addInput(new Form_Checkbox('disablevpnrules', 'Disable Auto-added VPN rules', 'Disable all auto-added VPN rules.', isset($config['system']['disablevpnrules'])))->setHelp('Note: This disables automatically added rules for IPsec.'); $section->addInput(new Form_Checkbox('disablereplyto', 'Disable reply-to', 'Disable reply-to on WAN rules', $pconfig['disablereplyto']))->setHelp('With Multi-WAN it is generally desired to ensure traffic leaves the same ' . 'interface it arrives on, hence reply-to is added automatically by default. When ' . 'using bridging, this behavior must be disabled if the WAN gateway IP is ' . 'different from the gateway IP of the hosts behind the bridged interface.'); $section->addInput(new Form_Checkbox('disablenegate', 'Disable Negate rules', 'Disable Negate rule on policy routing rules', $pconfig['disablenegate']))->setHelp('With Multi-WAN it is generally desired to ensure traffic reaches directly ' . 'connected networks and VPN networks when using policy routing. This can be disabled ' . 'for special purposes but it requires manually creating rules for these networks.'); $section->addInput(new Form_Input('aliasesresolveinterval', 'Aliases Hostnames Resolve Interval', 'text', $pconfig['aliasesresolveinterval'], ['placeholder' => '300']))->setHelp('Interval, in seconds, that will be used to resolve hostnames ' . 'configured on aliases. <br/>Note: Leave this blank for the default ' . '(300s).'); $section->addInput(new Form_Checkbox('checkaliasesurlcert', 'Check certificate of aliases URLs', 'Verify HTTPS certificates when downloading alias URLs', $pconfig['checkaliasesurlcert']))->setHelp('Make sure the certificate is valid for all HTTPS addresses on ' . 'aliases. If it\'s not valid or is revoked, do not download it.'); $form->add($section); $section = new Form_Section('Bogon Networks'); $section->addInput(new Form_Select('bogonsinterval', 'Update Frequency', empty($pconfig['bogonsinterval']) ? 'monthly' : $pconfig['bogonsinterval'], array('monthly' => gettext('Monthly'), 'weekly' => gettext('Weekly'), 'daily' => gettext('Daily'))))->setHelp('The frequency of updating the lists of IP addresses that are ' . 'reserved (but not RFC 1918) or not yet assigned by IANA.');
$group->add(new Form_Select('dnpipe', 'DNpipe', $pconfig['dnpipe'], array('' => 'none') + array_keys($dnqlist))); $group->add(new Form_Select('pdnpipe', 'PDNpipe', $pconfig['pdnpipe'], array('' => 'none') + array_keys($dnqlist))); $section->add($group)->setHelp('Choose the Out queue/Virtual interface only if ' . 'you have also selected In. The Out selection is applied to traffic leaving ' . 'the interface where the rule is created, In is applied to traffic coming ' . 'into the chosen interface.<br />If you are creating a floating rule, if the ' . 'direction is In then the same rules apply, if the direction is out the ' . 'selections are reverted Out is for incoming and In is for outgoing.'); $group = new Form_Group('Ackqueue / Queue'); $list = array('' => 'none'); if (!is_array($qlist)) { $qlist = array(); } foreach ($qlist as $q => $qkey) { if (isset($ifdisp[$q])) { $list[$q] = $ifdisp[$q]; } else { $list[$q] = $q; } } $group->add(new Form_Select('ackqueue', 'Ackqueue', $pconfig['ackqueue'], $list)); $group->add(new Form_Select('defaultqueue', 'Default Queue', $pconfig['defaultqueue'], $list)); $section->add($group)->setHelp('Choose the Acknowledge Queue only if you have ' . 'selected Queue.'); $section->addInput(new Form_Select('l7container', 'Layer7', $pconfig['l7container'], array_keys($l7clist)))->setHelp('Choose a Layer7 container to apply application protocol inspection ' . 'rules. These are valid for TCP and UDP protocols only.'); $has_created_time = isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']); $has_updated_time = isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated']); if ($has_created_time || $has_updated_time) { $form->add($section); $section = new Form_Section('Rule Information'); if ($has_created_time) { $section->addInput(new Form_StaticText('Created', date('n/j/y H:i:s', $a_filter[$id]['created']['time']) . gettext(' by ') . '<b>' . $a_filter[$id]['created']['username'] . '</b>')); } if ($has_updated_time) { $section->addInput(new Form_StaticText('Updated', date('n/j/y H:i:s', $a_filter[$id]['updated']['time']) . gettext(' by ') . '<b>' . $a_filter[$id]['updated']['username'] . '</b>')); } }
if ($savemsg) { print_info_box($savemsg, $class); } $tab_array = array(); $tab_array[] = array(gettext("Admin Access"), false, "system_advanced_admin.php"); $tab_array[] = array(gettext("Firewall & NAT"), false, "system_advanced_firewall.php"); $tab_array[] = array(gettext("Networking"), true, "system_advanced_network.php"); $tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php"); $tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php"); $tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php"); display_top_tabs($tab_array); $form = new Form(); $section = new Form_Section('IPv6 Options'); $section->addInput(new Form_Checkbox('ipv6allow', 'Allow IPv6', 'All IPv6 traffic will be blocked by the firewall unless this box is checked', $pconfig['ipv6allow']))->setHelp('NOTE: This does not disable any IPv6 features on the firewall, it only ' . 'blocks traffic.'); $group = new Form_Group('IPv6 over IPv4 Tunneling'); $group->add(new Form_Checkbox('ipv6nat_enable', 'IPv6 over IPv4 Tunneling', 'Enable IPv4 NAT encapsulation of IPv6 packets', $pconfig['ipv6nat_enable']))->setHelp('NOTE: This does not disable any IPv6 features on the firewall, it only ' . 'blocks traffic.'); $group->add(new Form_Input('ipv6nat_ipaddr', 'IP address', 'text', $pconfig['ipv6nat_ipaddr']))->setHelp('Enable IPv4 NAT encapsulation of IPv6 packets. <br/>This provides an ' . 'RFC 2893 compatibility mechanism that can be used to tunneling IPv6 packets over ' . 'IPv4 routing infrastructures. If enabled, don"t forget to add a firewall rule to ' . 'permit IPv6 packets.'); $section->add($group); $section->addInput(new Form_Checkbox('prefer_ipv4', 'Prefer IPv4 over IPv6', 'Prefer to use IPv4 even if IPv6 is available', $pconfig['prefer_ipv4']))->setHelp('By default, if a hostname resolves IPv6 and IPv4 addresses IPv6 will ' . 'be used, if you check this option, IPv4 will be used instead of IPv6.'); $form->add($section); $section = new Form_Section('Network Interfaces'); $section->addInput(new Form_Checkbox('polling_enable', 'Device polling', 'Enable device polling', $pconfig['polling_enable']))->setHelp('Device polling is a technique that lets the system periodically poll ' . 'network devices for new data instead of relying on interrupts. This prevents ' . 'your webConfigurator, SSH, etc. from being inaccessible due to interrupt floods ' . 'when under extreme load. Generally this is not recommended. Not all NICs support ' . 'polling; see the %s homepage for a list of supported cards', [$g["product_name"]]); $section->addInput(new Form_Checkbox('disablechecksumoffloading', 'Hardware Checksum Offloading', 'Disable hardware checksum offload', isset($config['system']['disablechecksumoffloading'])))->setHelp('Checking this option will disable hardware checksum offloading.<br/>' . 'Checksum offloading is broken in some hardware, particularly some Realtek cards. ' . 'Rarely, drivers may have problems with checksum offloading and some specific ' . 'NICs.This will take effect after you reboot the machine or re-configure each ' . 'interface.'); $section->addInput(new Form_Checkbox('disablesegmentationoffloading', 'Hardware TCP Segmentation Offloading', 'Disable hardware TCP segmentation offload', isset($config['system']['disablesegmentationoffloading'])))->setHelp('Checking this option will disable hardware TCP segmentation ' . 'offloading (TSO, TSO4, TSO6). This offloading is broken in some hardware ' . 'drivers, and may impact performance with some specific NICs.This will take ' . 'effect after you reboot the machine or re-configure each interface.'); $section->addInput(new Form_Checkbox('disablelargereceiveoffloading', 'Hardware Large Receive Offloading', 'Disable hardware large receive offload', isset($config['system']['disablelargereceiveoffloading'])))->setHelp('Checking this option will disable hardware large receive offloading ' . '(LRO). This offloading is broken in some hardware drivers, and may impact ' . 'performance with some specific NICs.This will take effect after you reboot the ' . 'machine or re-configure each interface.'); $section->addInput(new Form_Checkbox('sharednet', 'ARP Handling', 'Suppress ARP messages', isset($pconfig['sharednet'])))->setHelp('This option will suppress ARP log messages when multiple interfaces ' . 'reside on the same broadcast domain'); if (get_freebsd_version() == 8) { $section->addInput(new Form_Checkbox('flowtable', 'Enable flowtable support', $pconfig['flowtable']))->setHelp('Enables infrastructure for caching flows as a means of accelerating ' . 'L3 and L2 lookups as well as providing stateful load balancing when used with ' . 'RADIX_MPATH.'); } $form->add($section); print $form;
print_info_box($savemsg, success); } ?> <div id="container"> <?php $form = new Form(); $section = new Form_Section('System'); $section->addInput(new Form_Input('hostname', 'Hostname', 'text', $pconfig['hostname'], ['placeholder' => 'pfSense']))->setHelp('Name of the firewall host, without domain part'); $section->addInput(new Form_Input('domain', 'Domain', 'text', $pconfig['domain'], ['placeholder' => 'mycorp.com, home, office, private, etc.']))->setHelp('Do not use \'local\' as a domain name. It will cause local ' . 'hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve ' . 'local hosts not running mDNS.'); $form->add($section); $section = new Form_Section('DNS server settings'); for ($i = 1; $i < 5; $i++) { // if (!isset($pconfig['dns'.$i])) // continue; $group = new Form_Group('DNS Server ' . $i); $group->add(new Form_Input('dns' . $i, 'DNS Server', 'text', $pconfig['dns' . $i]))->setHelp($i == 4 ? 'Address' : null); $help = "Enter IP addresses to be used by the system for DNS resolution. " . "These are also used for the DHCP service, DNS forwarder and for PPTP VPN clients."; if ($multiwan) { $options = array('none' => 'none'); foreach ($arr_gateways as $gwname => $gwitem) { if (is_ipaddrv4(lookup_gateway_ip_by_name($pconfig[$dnsgw])) && is_ipaddrv6($gwitem['gateway'])) { continue; } if (is_ipaddrv6(lookup_gateway_ip_by_name($pconfig[$dnsgw])) && is_ipaddrv4($gwitem['gateway'])) { continue; } $options[$gwname] = $gwname . ' - ' . $gwitem['friendlyiface'] . ' - ' . $gwitem['gateway']; } $group->add(new Form_Select('dns' . $i . 'gw', null, $pconfig['dns' . $i . 'gw'], $options))->setHelp($i == 4 ? 'Gateway' : null); $help .= '<br/>' . "In addition, optionally select the gateway for each DNS server. " . "When using multiple WAN connections there should be at least one unique DNS server per gateway."; }
$optionlist = array(); $iflist = get_configured_interface_with_descr(); foreach ($iflist as $ifnam => $ifdescr) { $optionlist[$ifnam] = $ifdescr; } $section->addInput(new Form_Select('interface', 'Interface', $pconfig['interface'], $optionlist)); $section->addInput(new Form_Input('host', 'Hostname', 'text', $pconfig['host']))->setHelp('Fully qualified hostname of the host to be updated'); $section->addInput(new Form_Input('ttl', 'TTL (seconds)', 'number', $pconfig['ttl'])); $section->addInput(new Form_Input('keyname', 'Key name', 'text', $pconfig['keyname']))->setHelp('This must match the setting on the DNS server.'); $group = new Form_Group('Key Type'); $group->add(new Form_Checkbox('keytype', 'Key Type', 'Zone', $pconfig['keytype'] == 'zone', 'zone'))->displayAsRadio(); $group->add(new Form_Checkbox('keytype', 'Key Type', 'Host', $pconfig['keytype'] == 'host', 'host'))->displayAsRadio(); $group->add(new Form_Checkbox('keytype', 'Key Type', 'User', $pconfig['keytype'] == 'user', 'user'))->displayAsRadio(); $section->add($group); $section->addInput(new Form_Input('keydata', 'Key', 'text', $pconfig['keydata']))->setHelp('Paste an HMAC-MD5 key here.'); $section->addInput(new Form_Input('server', 'Server', 'text', $pconfig['server'])); $section->addInput(new Form_Checkbox('usetcp', 'Protocol', 'Use TCP instead of UDP', $pconfig['usetcp'])); $section->addInput(new Form_Checkbox('usepublicip', 'Use public IP', 'If the interface IP is private, attempt to fetch and use the public IP instead.', $pconfig['usepublicip'])); $group = new Form_Group('Record Type'); $group->add(new Form_Checkbox('recordtype', 'Record Type', 'A (IPv4)', $pconfig['recordtype'] == 'A', 'A'))->displayAsRadio(); $group->add(new Form_Checkbox('recordtype', 'Record Type', 'AAAA (IPv6)', $pconfig['recordtype'] == 'AAAA', 'AAAA'))->displayAsRadio(); $group->add(new Form_Checkbox('recordtype', 'Record Type', 'Both', $pconfig['recordtype'] == 'both', 'both'))->displayAsRadio(); $section->add($group); $section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference (not parsed).'); if (isset($id) && $a_rfc2136[$id]) { $section->addInput(new Form_Input('id', null, 'hidden', $id)); } $form->add($section); print $form; print_info_box(sprintf('You must configure a DNS server in %sSystem: ' . 'General setup %sor allow the DNS server list to be overridden ' . 'by DHCP/PPP on WAN for dynamic DNS updates to work.', '<a href="system.php">', '</a>')); include "foot.inc";
} $currentDay--; if ($currentDay != $firstDay) { $tempFriendlyTime .= $dayArray[$firstDay - 1] . " - " . $dayArray[$currentDay - 1]; } else { $tempFriendlyTime .= $dayArray[$firstDay - 1]; } $firstDayFound = false; $firstprint = true; } $i++; } } } $group = new Form_Group(''); $group->add(new Form_Input('tempFriendlyTime' . $counter, null, 'text', $tempFriendlyTime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Day(s)' : ''); $group->add(new Form_Input('starttime' . $counter, null, 'text', $starttime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Start time' : ''); $group->add(new Form_Input('stoptime' . $counter, null, 'text', $stoptime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Stop time' : ''); $group->add(new Form_Input('timedescr' . $counter, null, 'text', $timedescr))->setWidth(2)->setHelp($counter == $maxrows ? 'Description' : ''); $group->add(new Form_Button('Delete' . $counter, 'Delete', null, 'fa-trash'))->setAttribute('type', 'button')->addClass('btn-xs btn-warning'); $group->add(new Form_Input('schedule' . $counter, null, 'hidden', $tempID)); $group->addClass('schedulegrp' . $counter); $counter++; $section->add($group); } } } // This is just a marker that the javascript can use to insertBefore() when adding new rows $section->addInput(new Form_Input('marker', null, 'hidden'))->addClass('noranges'); $form->add($section); print $form;
$section->addInput(new Form_Input('rapreferredlifetime', 'Default preferred lifetime', 'text', $pconfig['rapreferredlifetime']))->setHelp('Seconds. The length of time in seconds (relative to the time the packet is sent) that addresses generated from the prefix via stateless address autoconfiguration remain preferred.' . ' <br />' . 'The default is 14400 seconds.'); $section->addInput(new Form_Input('raminrtradvinterval', 'Minimum RA interval', 'number', $pconfig['raminrtradvinterval'], ['min' => 3, 'max' => 1350]))->setHelp('The minimum time allowed between sending unsolicited multicast router advertisements in seconds.'); $section->addInput(new Form_Input('ramaxrtradvinterval', 'Maximum RA interval', 'number', $pconfig['ramaxrtradvinterval'], ['min' => 4, 'max' => 1800]))->setHelp('The maximum time allowed between sending unsolicited multicast router advertisements in seconds.'); $section->addInput(new Form_Input('raadvdefaultlifetime', 'Router lifetime', 'number', $pconfig['raadvdefaultlifetime'], ['min' => 1, 'max' => 9000]))->setHelp('The lifetime associated with the default router in seconds.'); $section->addInput(new Form_StaticText('RA Subnets', $subnets_help)); if (empty($pconfig['subnets'])) { $pconfig['subnets'] = array('0' => '/128'); } $counter = 0; $numrows = count($pconfig['subnets']) - 1; foreach ($pconfig['subnets'] as $subnet) { $address_name = "subnet_address" . $counter; $bits_name = "subnet_bits" . $counter; list($address, $subnet) = explode("/", $subnet); $group = new Form_Group($counter == 0 ? 'Subnets' : ''); $group->add(new Form_IpAddress($address_name, null, $address))->addMask($bits_name, $subnet); $group->add(new Form_Button('deleterow' . $counter, 'Delete', null, 'fa-trash'))->removeClass('btn-primary')->addClass('btn-warning'); $group->addClass('repeatable'); $section->add($group); $counter++; } $section->addInput(new Form_Button('addrow', 'Add', null, 'fa-plus'))->addClass('btn-success'); $form->add($section); $section = new Form_Section('DNS Configuration'); for ($idx = 1; $idx <= 3; $idx++) { $section->addInput(new Form_IpAddress('radns' . $idx, 'Server ' . $idx, $pconfig['radns' . $idx]))->setPattern('[a-zA-Z0-9_.:]+')->setHelp($idx < 3 ? '' : 'Leave blank to use the system default DNS servers - this interface\'s IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the General page'); } $section->addInput(new Form_Input('radomainsearchlist', 'Domain search list', 'text', $pconfig['radomainsearchlist']))->setHelp('The RA server can optionally provide a domain search list. Use the semicolon character as separator.'); $section->addInput(new Form_Checkbox('rasamednsasdhcp6', 'Settings', 'Use same settings as DHCPv6 server', $pconfig['rasamednsasdhcp6'])); $section->addInput(new Form_Input('if', null, 'hidden', $if)); $form->add($section);
$pconfig['address_subnet'] = ''; $pconfig['detail'] = ''; } $counter = 0; $addresses = explode(" ", $pconfig['address']); $details = explode("||", $pconfig['detail']); while ($counter < count($addresses)) { if ($pconfig['type'] != "host" && is_subnet($addresses[$counter])) { list($address, $address_subnet) = explode("/", $addresses[$counter]); } else { $address = $addresses[$counter]; $address_subnet = ""; } $group = new Form_Group($counter == 0 ? $label_str[$tab] : ''); $group->addClass('repeatable'); $group->add(new Form_IpAddress('address' . $counter, 'Address', $address))->addMask('address_subnet' . $counter, $address_subnet)->setWidth(4)->setPattern('[0-9, a-z, A-Z and .'); $group->add(new Form_Input('detail' . $counter, 'Description', 'text', $details[$counter]))->setWidth(4); $group->add(new Form_Button('deleterow' . $counter, 'Delete'))->removeClass('btn-primary')->addClass('btn-warning'); $section->add($group); $counter++; } $form->addGlobal(new Form_Button('addrow', $btn_str[$tab]))->removeClass('btn-primary')->addClass('btn-success addbtn'); $form->add($section); print $form; ?> <script> //<![CDATA[ events.push(function(){ var disable_subnets;
} $css = array_merge($pfscss, $betacss, $usrcss); foreach ($css as $file) { $file = basename($file); $csslist[$file] = pathinfo($file, PATHINFO_FILENAME); } } if (!isset($pconfig['webguicss']) || !isset($csslist[$pconfig['webguicss']])) { $pconfig['webguicss'] = "pfSense.css"; } $section = new Form_Section('webConfigurator'); $section->addInput(new Form_Select('webguicss', 'Theme', $pconfig['webguicss'], $csslist))->setHelp(sprintf(gettext('Choose an alternative css file (if installed) to change the appearance of the webConfigurator. css files are located in /usr/local/www/css/%s'), '<span id="csstxt"></span>')); $section->addInput(new Form_Select('webguifixedmenu', 'Top Navigation', $pconfig['webguifixedmenu'], ["" => gettext("Scrolls with page"), "fixed" => gettext("Fixed (Remains visible at top of page)")]))->setHelp("The fixed option is intended for large screens only."); $section->addInput(new Form_Input('dashboardcolumns', 'Dashboard Columns', 'number', $pconfig['dashboardcolumns'], [min => 1, max => 4])); $group = new Form_Group('Associated Panels Show/Hide'); $group->add(new Form_Checkbox('dashboardavailablewidgetspanel', null, 'Available Widgets', $pconfig['dashboardavailablewidgetspanel']))->setHelp('Show the Available Widgets panel on the Dashboard.'); $group->add(new Form_Checkbox('systemlogsfilterpanel', null, 'Log Filter', $pconfig['systemlogsfilterpanel']))->setHelp('Show the Log Filter panel in System Logs.'); $group->add(new Form_Checkbox('systemlogsmanagelogpanel', null, 'Manage Log', $pconfig['systemlogsmanagelogpanel']))->setHelp('Show the Manage Log panel in System Logs.'); $group->add(new Form_Checkbox('statusmonitoringsettingspanel', null, 'Monitoring Settings', $pconfig['statusmonitoringsettingspanel']))->setHelp('Show the Settings panel in Status Monitoring.'); $group->setHelp('These options allow certain panels to be automatically hidden on page load. A control is provided in the title bar to un-hide the panel.'); $section->add($group); $section->addInput(new Form_Checkbox('webguileftcolumnhyper', 'Left Column Labels', 'Active', $pconfig['webguileftcolumnhyper']))->setHelp('If selected, clicking a label in the left column will select/toggle the first item of the group.'); $form->add($section); print $form; $csswarning = sprintf(gettext("%sUser-created themes are unsupported, use at your own risk."), "<br />"); ?> </div> <script> //<![CDATA[ events.push(function() {
$systemGroups = array(); $usersGroups = array(); foreach ($config['system']['user'] as $user) { if (is_array($pconfig['members']) && in_array($user['uid'], $pconfig['members'])) { $usersGroups[$user['uid']] = $user['name']; // Add it to the user's list } else { $systemGroups[$user['uid']] = $user['name']; // Add it to the 'not a member of' list } } $group->add(new Form_Select('notmembers', null, array_combine((array) $pconfig['groups'], (array) $pconfig['groups']), $systemGroups, true))->setHelp('Not members'); $group->add(new Form_Select('members', null, array_combine((array) $pconfig['groups'], (array) $pconfig['groups']), $usersGroups, true))->setHelp('Members'); $section->add($group); $group = new Form_Group(''); $group->add(new Form_Button('movetoenabled', 'Move to "Members" >'))->removeClass('btn-primary')->addClass('btn-default btn-sm'); $group->add(new Form_Button('movetodisabled', '< Move to "Not members'))->removeClass('btn-primary')->addClass('btn-default btn-sm'); $group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items'); $section->add($group); } if ($_GET['act'] != "new") { $section = new Form_Section('Assigned Privileges'); $section->addInput(new Form_StaticText(null, build_priv_table())); $form->add($section); } print $form; ?> <script type="text/javascript"> //<![CDATA[ events.push(function() {
print_info_box($savemsg, 'success'); } $tab_array = array(); $tab_array[] = array(gettext("Admin Access"), true, "system_advanced_admin.php"); $tab_array[] = array(gettext("Firewall / NAT"), false, "system_advanced_firewall.php"); $tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php"); $tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php"); $tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php"); $tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php"); display_top_tabs($tab_array); ?> <div id="container"><?php $form = new Form(); $section = new Form_Section('WebConfigurator'); $group = new Form_Group('Protocol'); $group->add(new Form_Checkbox('webguiproto', 'Protocol', 'HTTP', $pconfig['webguiproto'] == 'http', 'http'))->displayAsRadio(); $group->add(new Form_Checkbox('webguiproto', 'Protocol', 'HTTPS', $pconfig['webguiproto'] == 'https', 'https'))->displayAsRadio(); $group->setHelp($certs_available ? '' : 'No Certificates have been defined. You must ' . '<a href="system_certmanager.php">' . gettext("Create or Import") . '</a> ' . 'a Certificate before SSL can be enabled.'); $section->add($group); $values = array(); foreach ($a_cert as $cert) { $values[$cert['refid']] = $cert['descr']; } $section->addInput($input = new Form_Select('ssl-certref', 'SSL Certificate', $pconfig['ssl-certref'], $values)); $section->addInput(new Form_Input('webguiport', 'TCP port', 'number', $config['system']['webgui']['port'], ['min' => 1, 'max' => 65535]))->setHelp('Enter a custom port number for the webConfigurator ' . 'above if you want to override the default (80 for HTTP, 443 ' . 'for HTTPS). Changes will take effect immediately after save.'); $section->addInput(new Form_Input('max_procs', 'Max Processes', 'number', $pconfig['max_procs']))->setHelp('Enter the number of webConfigurator processes you ' . 'want to run. This defaults to 2. Increasing this will allow more ' . 'users/browsers to access the GUI concurrently.'); $section->addInput(new Form_Checkbox('disablehttpredirect', 'WebGUI redirect', 'Disable webConfigurator redirect rule', $pconfig['disablehttpredirect']))->setHelp('When this is unchecked, access to the webConfigurator ' . 'is always permitted even on port 80, regardless of the listening port configured. ' . 'Check this box to disable this automatically added redirect rule.'); $section->addInput(new Form_Checkbox('loginautocomplete', 'WebGUI Login Autocomplete', 'Enable webConfigurator login autocomplete', $pconfig['loginautocomplete']))->setHelp('When this is checked, login credentials for the webConfigurator may ' . 'be saved by the browser. While convenient, some security standards require this ' . 'to be disabled. Check this box to enable autocomplete on the login form so that ' . 'browsers will prompt to save credentials (NOTE: Some browsers do not respect ' . 'this option).'); $section->addInput(new Form_Checkbox('quietlogin', 'WebGUI login messages', 'Disable logging of webConfigurator successful logins', $pconfig['quietlogin']))->setHelp('When this is checked, successful logins to the webConfigurator will ' . 'not be logged.'); if ($config['interfaces']['lan']) { $lockout_interface = "LAN";
} else { if ($pkga['size']) { $size = $pkga['size']; } else { $size = "8"; } } if ($rowhelper['width']) { $width = $rowhelper['width']; } display_row($rowcounter, $value, $fieldname, $type, $rowhelper, $numrows == $rowcounter ? $fielddescr : null, $width); $text = ""; $trc++; } // Delete row button $group->add(new Form_Button('deleterow' . $rowcounter, 'Delete', null, 'fa-trash'))->removeClass('btn-primary')->addClass('btn-warning btn-sm'); $rowcounter++; $section->add($group); } // Add row button $section->addInput(new Form_Button('addrow', 'Add'))->removeClass('btn-primary')->addClass('btn-success'); break; } if ($pkga['combinefields'] == "end") { $group->add(new Form_StaticText(null, null)); if ($advanced) { $advanced->add($group); } else { $section->add($group); } $grouping = false;
$section->addInput(new Form_Input('domainsearchlist', 'Domain search list', 'text', $pconfig['domainsearchlist']))->setHelp('The DHCP server can optionally provide a domain search list. Use the semicolon character as separator'); $section->addInput(new Form_Input('deftime', 'Default lease time (Seconds)', 'text', $pconfig['deftime']))->setHelp('Used for clients that do not ask for a specific expiration time. The default is 7200 seconds.'); $section->addInput(new Form_Input('maxtime', 'Maximum lease time (Seconds)', 'text', $pconfig['maxtime']))->setHelp('This is the maximum lease time for clients that ask for a specific expiration time. The default is 86400 seconds.'); $btndyndns = new Form_Button('btndyndns', 'Advanced'); $btndyndns->removeClass('btn-primary')->addClass('btn-default btn-sm'); $section->addInput(new Form_StaticText('Dynamic DNS', $btndyndns . ' ' . 'Show dynamic DNS settings')); $section->addInput(new Form_Checkbox('ddnsupdate', 'DHCP Registration', 'Enable registration of DHCP client names in DNS.', $pconfig['ddnsupdate'])); $section->addInput(new Form_Input('ddnsdomain', 'DDNS Domain', 'text', $pconfig['ddnsdomain']))->setHelp('Leave blank to disable dynamic DNS registration. Enter the dynamic DNS domain which will be used to register client names in the DNS server.'); $section->addInput(new Form_IpAddress('ddnsdomainprimary', 'DDNS Server IP', $pconfig['ddnsdomainprimary']))->setHelp('Enter the primary domain name server IP address for the dynamic domain name.'); $section->addInput(new Form_Input('ddnsdomainkeyname', 'DDNS Domain Key name', 'text', $pconfig['ddnsdomainkeyname']))->setHelp('Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.'); $section->addInput(new Form_Input('ddnsdomainkey', 'DDNS Domain Key secret', 'text', $pconfig['ddnsdomainkey']))->setHelp('Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.'); $btnntp = new Form_Button('btnntp', 'Advanced'); $btnntp->removeClass('btn-primary')->addClass('btn-default btn-sm'); $section->addInput(new Form_StaticText('NTP servers', $btnntp . ' ' . 'Show NTP Configuration')); $group = new Form_Group('NTP Servers'); $group->add(new Form_Input('ntp1', 'NTP Server 1', 'text', $pconfig['ntp1'], ['placeholder' => 'NTP 1'])); $group->add(new Form_Input('ntp2', 'NTP Server 2', 'text', $pconfig['ntp2'], ['placeholder' => 'NTP 2'])); $group->addClass('ntpclass'); $section->add($group); $btntftp = new Form_Button('btntftp', 'Advanced'); $btntftp->removeClass('btn-primary')->addClass('btn-default btn-sm'); $section->addInput(new Form_StaticText('TFTP servers', $btntftp . ' ' . 'Show TFTP Configuration')); $section->addInput(new Form_Input('tftp', 'TFTP Server', 'text', $pconfig['tftp']))->setHelp('Leave blank to disable. Enter a full hostname or IP for the TFTP server.'); $form->add($section); print $form; ?> <script type="text/javascript"> //<![CDATA[ events.push(function() {
$section->addInput(new Form_StaticText('Advanced options', $btnadv)); $form->add($section); $section = new Form_Section('Advanced Configuration'); $section->addClass('adnlopts'); $section->addInput(new Form_Checkbox('ondemand', 'Dial On Demand', 'Enable Dial-on-Demand mode. ', $pconfig['ondemand']))->setHelp('Causes the interface to operate in dial-on-demand mode. Do NOT enable if the link is to remain continuously connected. ' . 'The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.'); $section->addInput(new Form_Input('idletimeout', 'Idle Timeout', 'text', $pconfig['idletimeout']))->setHelp('If no incoming or outgoing packets are transmitted for the entered number of seconds the connection is brought down.' . " " . 'When the idle timeout occurs, if the dial-on-demand option is enabled, mpd goes back into dial-on-demand mode. ' . 'Otherwise, the interface is brought down and all associated routes removed.'); $section->addInput(new Form_Checkbox('vjcomp', 'Compression', 'Disable vjcomp (compression, auto-negotiated by default).', $pconfig['vjcomp']))->setHelp('Disable vjcomp(compression) (auto-negotiated by default).' . '<br />' . 'This option enables Van Jacobson TCP header compression, which saves several bytes per TCP data packet.' . " " . 'This option is almost always required. Compression is not effective for TCP connections with enabled modern extensions like time ' . 'stamping or SACK, which modify TCP options between sequential packets.'); $section->addInput(new Form_Checkbox('tcpmssfix', 'TCPmssFix', 'Disable tcpmssfix (enabled by default).', $pconfig['tcpmssfix']))->setHelp('Causes mpd to adjust incoming and outgoing TCP SYN segments so that the requested maximum segment size is not greater than the amount ' . 'allowed by the interface MTU. This is necessary in many setups to avoid problems caused by routers that drop ICMP Datagram Too Big messages. Without these messages, ' . 'the originating machine sends data, it passes the rogue router then hits a machine that has an MTU that is not big enough for the data. Because the IP Don\'t Fragment option is set, ' . 'this machine sends an ICMP Datagram Too Big message back to the originator and drops the packet. The rogue router drops the ICMP message and the originator never ' . 'gets to discover that it must reduce the fragment size or drop the IP Don\'t Fragment option from its outgoing data.'); $section->addInput(new Form_Checkbox('shortseq', 'ShortSeq', 'Disable shortseq (auto-negotiated by default).', $pconfig['shortseq']))->setHelp('This option is only meaningful if multi-link PPP is negotiated. It proscribes shorter multi-link fragment headers, saving two bytes on every frame. ' . 'It is not necessary to disable this for connections that are not multi-link.'); $section->addInput(new Form_Checkbox('acfcomp', 'ACFComp', 'Disable ACF compression (auto-negotiated by default)', $pconfig['acfcomp']))->setHelp('Address and control field compression. This option only applies to asynchronous link types. It saves two bytes per frame.'); $section->addInput(new Form_Checkbox('protocomp', 'ProtoComp', 'Disable Protocol compression (auto-negotiated by default)', $pconfig['protocomp']))->setHelp('Protocol field compression. This option saves one byte per frame for most frames.'); // Display the Link parameters. We will hide this by default, then un-hide the selected ones on clicking 'Advanced' $j = 0; foreach ($linklist['list'] as $ifnm => $nm) { $group = new Form_Group('Link Parameters (' . $ifnm . ')'); $group->add(new Form_Input('bandwidth' . $ifnm, null, 'text', $pconfig['bandwidth'][$ifnm]))->setHelp('Bandwidth'); $group->add(new Form_Input('mtu' . $ifnm, null, 'text', $pconfig['mtu'][$ifnm]))->setHelp('MTU'); $group->add(new Form_Input('mru' . $ifnm, null, 'text', $pconfig['mru'][$ifnm]))->setHelp('MRU'); $group->add(new Form_Input('mrru' . $ifnm, null, 'text', $pconfig['mrru'][$ifnm]))->setHelp('MRRU'); $j++; $section->add($group); $group->addClass('localip sec-advanced')->addClass('linkparam' . $ifnm); } $linkparamhelp = new Form_StaticText(null, '<span id="linkparamhelp">' . $linkparamstr . '</span>'); $section->addInput($linkparamhelp); $form->add($section); $form->addGlobal(new Form_Input('ptpid', null, 'hidden', $pconfig['ptpid'])); if (isset($id) && $a_ppps[$id]) { $form->addGlobal(new Form_Input('id', null, 'hidden', $id)); } print $form;