$tab_array[] = array(gettext("OpenVPN"), false, "status_logs.php?logfile=openvpn");
$tab_array[] = array(gettext("NTP"), false, "status_logs.php?logfile=ntpd");
$tab_array[] = array(gettext("Settings"), true, "status_logs_settings.php");
display_top_tabs($tab_array);
$form = new Form();
$section = new Form_Section('General Logging Options');
$section->addInput(new Form_Checkbox('reverse', 'Forward/Reverse Display', 'Show log entries in reverse order (newest entries on top)', $pconfig['reverse']));
$section->addInput(new Form_Input('nentries', 'GUI Log Entries', 'text', $pconfig['nentries'], ['placeholder' => '']))->setHelp('This is only the number of log entries displayed in the GUI. It does not affect how many entries are contained in the actual log files.');
$section->addInput(new Form_Input('logfilesize', 'Log file size (Bytes)', 'text', $pconfig['logfilesize'], ['placeholder' => 'Bytes']))->setHelp($logfilesizeHelp);
$section->addInput(new Form_Checkbox('logdefaultblock', 'Log firewall default blocks', 'Log packets matched from the default block rules in the ruleset', $pconfig['logdefaultblock']))->setHelp('Log packets that are <strong>blocked</strong> by the implicit default block rule. - Per-rule logging options are still respected.');
$section->addInput(new Form_Checkbox('logdefaultpass', null, 'Log packets matched from the default pass rules put in the ruleset', $pconfig['logdefaultpass']))->setHelp('Log packets that are <strong>allowed</strong> by the implicit default pass rule. - Per-rule logging options are still respected. ');
$section->addInput(new Form_Checkbox('logbogons', null, 'Log packets blocked by \'Block Bogon Networks\' rules', $pconfig['logbogons']));
$section->addInput(new Form_Checkbox('logprivatenets', null, 'Log packets blocked by \'Block Private Networks\' rules', $pconfig['logprivatenets']));
$section->addInput(new Form_Checkbox('lognginx', 'Web Server Log', 'Log errors from the web server process', $pconfig['lognginx']))->setHelp('If this is checked, errors from the web server process for the GUI or Captive Portal will appear in the main system log.');
$section->addInput(new Form_Checkbox('rawfilter', 'Raw Logs', 'Show raw filter logs', $pconfig['rawfilter']))->setHelp(gettext('If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information, but it is more difficult to read.'));
$section->addINput(new Form_Checkbox('igmpxverbose', 'IGMP Proxy', 'Enable verbose logging (Default is terse logging)', $pconfig['igmpxverbose']));
$section->addInput(new Form_Select('filterdescriptions', 'Where to show rule descriptions', !isset($pconfig['filterdescriptions']) ? '0' : $pconfig['filterdescriptions'], array('0' => gettext('Dont load descriptions'), '1' => gettext('Display as column'), '2' => gettext('Display as second row'))))->setHelp('Show the applied rule description below or in the firewall log rows.' . '<br />' . 'Displaying rule descriptions for all lines in the log might affect performance with large rule sets.');
$section->addInput(new Form_Checkbox('disablelocallogging', 'Local Logging', $g['platform'] == $g['product_name'] ? "Disable writing log files to the local disk" : "Disable writing log files to the local RAM disk", $pconfig['disablelocallogging']));
$section->addInput(new Form_Button('resetlogs', 'Reset Log Files', null, 'fa-trash'))->addClass('btn-danger btn-sm')->setHelp('Clears all local log files and reinitializes them as empty logs. This also restarts the DHCP daemon. Use the Save button first if any setting changes have been made.');
$form->add($section);
$section = new Form_Section('Remote Logging Options');
$section->addClass('toggle-remote');
$section->addInput(new Form_Checkbox('enable', 'Enable Remote Logging', 'Send log messages to remote syslog server', $pconfig['enable']));
$section->addInput(new Form_Select('sourceip', 'Source Address', link_interface_to_bridge($pconfig['sourceip']) ? null : $pconfig['sourceip'], ["" => gettext("Default (any)")] + get_possible_traffic_source_addresses(false)))->setHelp($remoteloghelp);
$section->addInput(new Form_Select('ipproto', 'IP Protocol', $ipproto, array('ipv4' => 'IPv4', 'ipv6' => 'IPv6')))->setHelp('This option is only used when a non-default address is chosen as the source above. ' . 'This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.');
// Group collapses/appears based on 'enable' checkbox above
$group = new Form_Group('Remote log servers');
$group->addClass('remotelogging');
$group->add(new Form_Input('remoteserver', 'Server 1', 'text', $pconfig['remoteserver'], ['placeholder' => 'IP[:port]']));
$group->add(new Form_Input('remoteserver2', 'Server 2', 'text', $pconfig['remoteserver2'], ['placeholder' => 'IP[:port]']));
$group->add(new Form_Input('remoteserver3', 'Server 3', 'text', $pconfig['remoteserver3'], ['placeholder' => 'IP[:port]']));
<div id="container"><?php
$form = new Form();
$section = new Form_Section('Firewall Advanced');
$section->addInput(new Form_Checkbox('scrubnodf', 'IP Do-Not-Fragment compatibility', 'Clear invalid DF bits instead of dropping the packets', isset($config['system']['scrubnodf'])))->setHelp('This allows for communications with hosts that generate fragmented ' . 'packets with the don\'t fragment (DF) bit set. Linux NFS is known to do this. ' . 'This will cause the filter to not drop such packets but instead clear the don\'t ' . 'fragment bit.');
$section->addInput(new Form_Checkbox('scrubrnid', 'IP Random id generation', 'Insert a stronger ID into IP header of packets passing through the filter.', isset($config['system']['scrubrnid'])))->setHelp('Replaces the IP identification field of packets with random values to ' . 'compensate for operating systems that use predictable values. This option only ' . 'applies to packets that are not fragmented after the optional packet ' . 'reassembly.');
$section->addInput($input = new Form_Select('optimization', 'Firewall Optimization Options', $config['system']['optimization'], array('normal' => 'Normal', 'high-latency' => 'High-latency', 'aggressive' => 'Aggressive', 'conservative' => 'Conservative')))->setHelp('Select the type of state table optimization to use');
$section->addInput(new Form_Checkbox('disablefilter', 'Disable Firewall', 'Disable all packet filtering.', isset($config['system']['disablefilter'])))->setHelp('Note: This converts %s into a routing only platform!<br/>' . 'Note: This will also turn off NAT! If you only want to disable NAT, ' . 'and not firewall rules, visit the <a href="firewall_nat_out.php">Outbound ' . 'NAT</a> page.', [$g["product_name"]]);
$section->addInput(new Form_Checkbox('disablescrub', 'Disable Firewall Scrub', 'Disables the PF scrubbing option which can sometimes interfere with NFS and PPTP traffic.', isset($config['system']['disablescrub'])));
$group = new Form_Group('Firewall Adaptive Timeouts');
$group->add(new Form_Input('adaptivestart', 'Adaptive start', 'number', $pconfig['adaptivestart'], ['min' => 1]))->setHelp('When the number of state entries exceeds this value, adaptive ' . 'scaling begins. All timeout values are scaled linearly with factor ' . '(adaptive.end - number of states) / (adaptive.end - adaptive.start).');
$group->add(new Form_Input('adaptiveend', 'Adaptive end', 'number', $pconfig['adaptiveend'], ['min' => 1]))->setHelp('When reaching this number of state entries, all timeout values ' . 'become zero, effectively purging all state entries immediately. This ' . 'value is used to define the scale factor, it should not actually be ' . 'reached (set a lower state limit, see below).');
$group->setHelp('Timeouts for states can be scaled adaptively as the number of ' . 'state table entries grows. Leave blank for the default (0)');
$section->add($group);
$section->addInput(new Form_Input('maximumstates', 'Firewall Maximum States', 'number', $pconfig['maximumstates'], ['min' => 1, 'placeholder' => pfsense_default_state_size()]))->setHelp('Maximum number of connections to hold in the firewall state table. ' . '<br/>Note: Leave this blank for the default. On your system the default ' . 'size is: %d', [pfsense_default_state_size()]);
$section->addInput(new Form_Input('maximumtableentries', 'Firewall Maximum Table Entries', 'text', $pconfig['maximumtableentries'], ['placeholder' => pfsense_default_table_entries_size()]))->setHelp('Maximum number of table entries for systems such as aliases, ' . 'sshlockout, snort, etc, combined.<br/>Note: Leave this blank for the ' . 'default. On your system the default size is: %d', [pfsense_default_table_entries_size()]);
$section->addINput(new Form_Input('maximumfrags', 'Firewall Maximum Fragment Entries', 'text', $pconfig['maximumfrags']))->setHelp('Maximum number of packet fragments to hold for reassembly by scrub rules. Leave this blank for the default (5000)');
$section->addInput(new Form_Checkbox('bypassstaticroutes', 'Static route filtering', 'Bypass firewall rules for traffic on the same interface', $pconfig['bypassstaticroutes']))->setHelp('This option only applies if you have defined one or more static ' . 'routes. If it is enabled, traffic that enters and leaves through the same ' . 'interface will not be checked by the firewall. This may be desirable in some ' . 'situations where multiple subnets are connected to the same interface.');
$section->addInput(new Form_Checkbox('disablevpnrules', 'Disable Auto-added VPN rules', 'Disable all auto-added VPN rules.', isset($config['system']['disablevpnrules'])))->setHelp('<span>Note: This disables automatically added rules for IPsec, ' . 'PPTP.</span>');
$section->addInput(new Form_Checkbox('disablereplyto', 'Disable reply-to', 'Disable reply-to on WAN rules', $pconfig['disablereplyto']))->setHelp('With Multi-WAN you generally want to ensure traffic leaves the same ' . 'interface it arrives on, hence reply-to is added automatically by default. When ' . 'using bridging, you must disable this behavior if the WAN gateway IP is ' . 'different from the gateway IP of the hosts behind the bridged interface.');
$section->addInput(new Form_Checkbox('disablenegate', 'Disable Negate rules', 'Disable Negate rule on policy routing rules', $pconfig['disablenegate']))->setHelp('With Multi-WAN you generally want to ensure traffic reaches directly ' . 'connected networks and VPN networks when using policy routing. You can disable ' . 'this for special purposes but it requires manually creating rules for these ' . 'networks');
$section->addInput(new Form_Input('aliasesresolveinterval', 'Aliases Hostnames Resolve Interval', 'text', $pconfig['aliasesresolveinterval'], ['placeholder' => '300']))->setHelp('Interval, in seconds, that will be used to resolve hostnames ' . 'configured on aliases.. <br/>Note: Leave this blank for the default ' . '(300s).');
$section->addInput(new Form_Checkbox('checkaliasesurlcert', 'Check certificate of aliases URLs', 'Verify HTTPS certificates when downloading alias URLs', $pconfig['checkaliasesurlcert']))->setHelp('Make sure the certificate is valid for all HTTPS addresses on ' . 'aliases. If it\'s not valid or is revoked, do not download it.');
$form->add($section);
$section = new Form_Section('Bogon Networks');
$section->addInput(new Form_Select('bogonsinterval', 'Update Frequency', empty($pconfig['bogonsinterval']) ? 'monthly' : $pconfig['bogonsinterval'], array('monthly' => 'Monthly', 'weekly' => 'Weekly', 'daily' => 'Daily')))->setHelp('The frequency of updating the lists of IP addresses that are ' . 'reserved (but not RFC 1918) or not yet assigned by IANA.');
$form->add($section);
if (count($config['interfaces']) > 1) {
$section = new Form_Section('Network Address Translation');
if (isset($config['system']['disablenatreflection'])) {
$value = 'disable';
} elseif (!isset($config['system']['enablenatreflectionpurenat'])) {
$form->add($section);
$section = new Form_Section('Cryptographic & Thermal Hardware');
$section->addInput(new Form_Select('crypto_hardware', 'Cryptographic Hardware', $pconfig['crypto_hardware'], ['' => gettext('None')] + $crypto_modules))->setHelp('A cryptographic ' . 'accelerator module will use hardware support to speed up some cryptographic ' . 'functions on systems which have the chip. Do not enable this option if you have ' . 'a Hifn cryptographic acceleration card, as this will take precedence and the ' . 'Hifn card will not be used. Acceleration should be automatic for IPsec when ' . 'using a cipher supported by your chip, such as AES-128. OpenVPN should be set ' . 'for AES-128-CBC and have cryptodev enabled for hardware acceleration.If you do ' . 'not have a crypto chip in your system, this option will have no effect. To ' . 'unload the selected module, set this option to "none" and then reboot.');
$section->addInput(new Form_Select('thermal_hardware', 'Thermal Sensors', $pconfig['thermal_hardware'], array('' => 'None/ACPI') + $thermal_hardware_modules))->setHelp('If you have a ' . 'supported CPU, selecting a themal sensor will load the appropriate driver to ' . 'read its temperature. Setting this to "None" will attempt to read the ' . 'temperature from an ACPI-compliant motherboard sensor instead, if one is ' . 'present.If you do not have a supported thermal sensor chip in your system, this ' . 'option will have no effect. To unload the selected module, set this option to ' . '"none" and then reboot.');
$form->add($section);
$section = new Form_Section('Schedules');
$section->addInput(new Form_Checkbox('schedule_states', 'Schedule States', 'Do not kill connections when schedule expires', $pconfig['schedule_states']))->setHelp('By default, when a schedule expires, connections permitted by that ' . 'schedule are killed. This option overrides that behavior by not clearing states ' . 'for existing connections.');
$form->add($section);
$section = new Form_Section('Gateway Monitoring');
$section->addInput(new Form_Checkbox('kill_states', 'State Killing on Gateway Failure', 'Flush all states when a gateway goes down', $pconfig['kill_states']))->setHelp('The monitoring process will flush all states when a gateway goes down ' . 'if this box is not checked. Check this box to disable this behavior.');
$section->addInput(new Form_Checkbox('skip_rules_gw_down', 'Skip rules when gateway is down', 'Do not create rules when gateway is down', $pconfig['skip_rules_gw_down']))->setHelp('By default, when a rule has a gateway specified and this gateway is ' . 'down, the rule is created omitting the gateway. This option overrides that ' . 'behavior by omitting the entire rule instead.');
$form->add($section);
$section = new Form_Section('RAM Disk Settings (Reboot to Apply Changes)');
$section->addInput(new Form_Checkbox('use_mfs_tmpvar', 'Use RAM Disks', 'Use memory file system for /tmp and /var', $pconfig['use_mfs_tmpvar'] || $g['platform'] != $g['product_name']))->setHelp('Set this if you wish to use /tmp and /var as RAM disks (memory file ' . 'system disks) on a full install rather than use the hard disk. Setting this will ' . 'cause the data in /tmp and /var to be lost at reboot, including log data. RRD ' . 'and DHCP Leases will be retained.');
$section->addInput(new Form_Input('use_mfs_tmp_size', '/tmp RAM Disk Size', 'number', $pconfig['use_mfs_tmp_size'], ['placeholder' => 40]))->setHelp('Set the size, in MB, for the /tmp ' . 'RAM disk. Leave blank for 40MB. Do not set lower than 40.');
$section->addInput(new Form_Input('use_mfs_var_size', '/var RAM Disk Size', 'number', $pconfig['use_mfs_var_size'], ['placeholder' => 60]))->setHelp('Set the size, in MB, for the /var ' . 'RAM disk. Leave blank for 60MB. Do not set lower than 60.');
$section->addInput(new Form_Input('rrdbackup', 'Periodic RRD Backup', 'number', $config['system']['rrdbackup'], ['min' => 1, 'max' => 24, 'placeholder' => 'frequency between 1 and 24 hours']))->setHelp('This will periodically backup the RRD data so ' . 'it can be restored automatically on the next boot. Keep in mind that the more ' . 'frequent the backup, the more writes will happen to your media.');
$section->addInput(new Form_Input('dhcpbackup', 'Periodic DHCP Leases Backup', 'number', $config['system']['dhcpbackup'], ['min' => 1, 'max' => 24, 'placeholder' => 'frequency between 1 and 24 hours']))->setHelp('This will periodically backup the DHCP leases so ' . 'it can be restored automatically on the next boot. Keep in mind that the more ' . 'frequent the backup, the more writes will happen to your media.');
$form->add($section);
if ($g['platform'] == "pfSense") {
$section = new Form_Section('Hardware settings');
$opts = array(0.5, 1, 2, 3, 4, 5, 7.5, 10, 15, 20, 30, 60);
$vals = array(6, 12, 24, 36, 48, 60, 90, 120, 180, 240, 241, 242);
$section->addINput(new Form_Select('harddiskstandby', 'Hard disk standby time', $pconfig['harddiskstandby'], ['' => gettext("Always on")] + array_combine($opts, $vals)))->setHelp("Puts the hard disk into standby mode when the selected number of minutes has elapsed since the last access." . "<br />" . "<strong> Do not set this for CF cards.</strong>");
$form->add($section);
}
$section = new Form_Section('Installation Feedback');
$section->addInput(new Form_Checkbox('do_not_send_host_uuid', 'Host UUID', 'Do NOT send HOST UUID with user agent', $pconfig['do_not_send_host_uuid']))->setHelp('Enable this option to not send HOST UUID to pfSense as part of User-Agent header.');
$form->add($section);
print $form;
include "foot.inc";
