public function addInput(Form_Input $input)
{
$group = new Form_Group($input->getTitle());
$group->add($input);
$this->add($group);
return $input;
}
public function addPassword(Form_Input $input)
{
$group = new Form_Group($input->getTitle());
if ($input->getValue() != "") {
$input->setValue(DMYPWD);
}
$input->setType("password");
$group->add($input);
$confirm = clone $input;
$confirm->setName($confirm->getName() . "_confirm");
$confirm->setHelp("Confirm");
$group->add($confirm);
$this->add($group);
return $input;
}
} else {
$section->addInput(new Form_Input('auth_algs', null, 'hidden', '1'));
}
$section->addInput(new Form_Select('wpa_pairwise', 'WPA Pairwise', isset($pconfig['wpa_pairwise']) ? $pconfig['wpa_pairwise'] : 'CCMP', ['CCMP TKIP' => 'Both', 'CCMP' => 'AES (recommended)', 'TKIP' => 'TKIP']));
$section->addInput(new Form_Input('wpa_group_rekey', 'WPA Pre-Shared Key', 'number', $pconfig['wpa_group_rekey'] ? $pconfig['wpa_group_rekey'] : "60", ['min' => '1', 'max' => 9999]))->setHelp('Specified in seconds. Allowed values are 1-9999. Must be shorter than Master Key Regeneration time');
$section->addInput(new Form_Input('wpa_gmk_rekey', 'Master Key Regeneration', 'number', $pconfig['wpa_gmk_rekey'] ? $pconfig['wpa_gmk_rekey'] : "3600", ['min' => '1', 'max' => 9999]))->setHelp('Specified in seconds. Allowed values are 1-9999. Must be longer than Key Rotation time');
$section->addInput(new Form_Checkbox('wpa_strict_rekey', 'Strict Key Regeneration', 'Force the AP to rekey whenever a client disassociates', $pconfig['wpa_strict_rekey'], 'yes'));
$form->add($section);
$section = new Form_Section('802.1x RADIUS options');
$section->addInput(new Form_Checkbox('ieee8021x', 'IEEE802.1X', 'Enable 802.1X authentication', $pconfig['ieee8021x'], 'yes'))->setHelp('This option requires that the "Enable WPA box" is checked');
$group = new Form_Group('Primary 802.1X server');
$group->add(new Form_IpAddress('auth_server_addr', 'IP Address', $pconfig['auth_server_addr']))->setHelp('IP address. (Commonly a Radius server (FreeRadius, Internet Authentication Services, etc.)');
$group->add(new Form_Input('auth_server_port', 'Port', 'number', $pconfig['auth_server_port']))->setHelp('Server port. Leave blank for the default port 1812');
$group->add(new Form_Input('auth_server_shared_secret', 'Shared secret', 'number', $pconfig['auth_server_shared_secret']))->setHelp('Shared secret');
$section->add($group);
$group = new Form_Group('Secondary 802.1X server');
$group->add(new Form_IpAddress('auth_server_addr2', 'IP Address', $pconfig['auth_server_addr2']))->setHelp('IP address. (Commonly a Radius server (FreeRadius, Internet Authentication Services, etc.)');
$group->add(new Form_Input('auth_server_port2', 'Port', 'number', $pconfig['auth_server_port2']))->setHelp('Server port. Leave blank for the default port 1812');
$group->add(new Form_Input('auth_server_shared_secret2', 'Shared secret', 'number', $pconfig['auth_server_shared_secret2']))->setHelp('Shared secret');
$section->add($group);
$section->addInput(new Form_Checkbox('rsn_preauth', 'Authentication Roaming Preauth', null, $pconfig['rsn_preauth'], 'yes'));
$form->add($section);
}
$section = new Form_Section('Private networks');
$section->addInput(new Form_Checkbox('blockpriv', 'Block private networks', '', $pconfig['blockpriv'], 'yes'))->setHelp('Blocks traffic from IP addresses that are reserved for private networks per RFC 1918 (10/8, 172.16/12, 192.168/16) ' . ' as well as loopback addresses (127/8). You should generally leave this option turned on, unless your WAN network ' . 'lies in such a private address space, too.');
$section->addInput(new Form_Checkbox('blockbogons', 'Block bogon networks', '', $pconfig['blockbogons'], 'yes'))->setHelp('Blocks traffic from reserved IP addresses (but not RFC 1918) or not yet assigned by IANA. Bogons are prefixes that should ' . 'never appear in the Internet routing table, and so should not appear as the source address in any packets you receive.' . '<br />' . 'Note: The update frequency can be changed under System->Advanced Firewall/NAT settings');
$form->add($section);
$form->addGlobal(new Form_Input('if', null, 'hidden', $if));
if ($wancfg['if'] == $a_ppps[$pppid]['if']) {
$form->addGlobal(new Form_Input('ppp_port', null, 'hidden', $pconfig['port']));
}
function createDestinationServerInputGroup($value = null)
{
$group = new Form_Group('Destination server');
$group->add(new Form_IpAddress('server', 'Destination server', $value))->setWidth(4)->setHelp('This is the IPv6 address of the server to which DHCPv6 requests are relayed.')->setIsRepeated();
$group->enableDuplication(null, true);
// Buttons are in-line with the input
return $group;
}
$section = new Form_Section('Existing Certificate Authority');
$section->addClass('toggle-existing collapse');
$section->addInput(new Form_Textarea('cert', 'Certificate data', $pconfig['cert']))->setHelp('Paste a certificate in X.509 PEM format here.');
$section->addInput(new Form_Textarea('key', 'Certificate Private Key (optional)', $pconfig['key']))->setHelp('Paste the private key for the above certificate here. This is ' . 'optional in most cases, but is required when generating a ' . 'Certificate Revocation List (CRL).');
$section->addInput(new Form_Input('serial', 'Serial for next certificate', 'number', $pconfig['serial']))->setHelp('Enter a decimal number to be used as the serial number for the next ' . 'certificate to be created using this CA.');
$form->add($section);
$section = new Form_Section('Internal Certificate Authority');
$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
$allCas = array();
foreach ($a_ca as $ca) {
if (!$ca['prv']) {
continue;
}
$allCas[$ca['refid']] = $ca['descr'];
}
$group = new Form_Group('Signing Certificate Authority');
$group->addClass('toggle-intermediate', 'collapse');
$group->add(new Form_Select('caref', null, $pconfig['caref'], $allCas));
$section->add($group);
$section->addInput(new Form_Select('keylen', 'Key length (bits)', $pconfig['keylen'], array_combine($ca_keylens, $ca_keylens)));
$section->addInput(new Form_Select('digest_alg', 'Digest Algorithm', $pconfig['digest_alg'], array_combine($openssl_digest_algs, $openssl_digest_algs)))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 ' . 'when possible.');
$section->addInput(new Form_Input('lifetime', 'Lifetime (days)', 'number', $pconfig['lifetime']));
$section->addInput(new Form_Select('dn_country', 'Country Code', $pconfig['dn_country'], $dn_cc));
$section->addInput(new Form_Input('dn_state', 'State or Province', 'text', $pconfig['dn_state'], ['placeholder' => 'e.g. Texas']));
$section->addInput(new Form_Input('dn_city', 'City', 'text', $pconfig['dn_city'], ['placeholder' => 'e.g. Austin']));
$section->addInput(new Form_Input('dn_organization', 'Organization', 'text', $pconfig['dn_organization'], ['placeholder' => 'e.g. My Company Inc']));
$section->addInput(new Form_Input('dn_organizationalunit', 'Organizational Unit', 'text', $pconfig['dn_organizationalunit'], ['placeholder' => 'e.g. My Department Name (optional)']));
$section->addInput(new Form_Input('dn_email', 'Email Address', 'email', $pconfig['dn_email'], ['placeholder' => 'e.g. admin@mycompany.com']));
$section->addInput(new Form_Input('dn_commonname', 'Common Name', 'text', $pconfig['dn_commonname'], ['placeholder' => 'e.g. internal-ca']));
$form->add($section);
print $form;
}
$form = new Form();
$section = new Form_Section('Edit Virtual IP');
$group = new Form_Group('Type');
$group->add(new Form_Checkbox('mode', null, 'IP Alias', $pconfig['mode'] == "ipalias", 'ipalias'))->displayAsRadio();
$group->add(new Form_Checkbox('mode', null, 'CARP', $pconfig['mode'] == "carp", 'carp'))->displayAsRadio();
$group->add(new Form_Checkbox('mode', null, 'Proxy ARP', $pconfig['mode'] == "proxyarp", 'proxyarp'))->displayAsRadio();
$group->add(new Form_Checkbox('mode', null, 'Other', $pconfig['mode'] == "other", 'other'))->displayAsRadio();
$section->add($group);
$section->addInput(new Form_Select('interface', 'Interface', $pconfig['interface'], build_if_list()));
$section->addInput(new Form_Select('type', 'Address type', !$pconfig['range'] && $pconfig['subnet_bits'] == 32 || !isset($pconfig['subnet']) ? 'single' : 'network', array('single' => 'Single address', 'network' => 'Network')))->addClass('typesel');
$section->addInput(new Form_IpAddress('subnet', 'Address(es)', $pconfig['subnet']))->addMask('subnet_bits', $pconfig['subnet_bits'])->setHelp('<span id="address_note"></span>');
$section->addInput(new Form_Checkbox('noexpand', 'Expansion', 'Disable expansion of this entry into IPs on NAT lists (e.g. 192.168.1.0/24 expands to 256 entries.) ', isset($pconfig['noexpand'])));
$section->addInput(new Form_Input('password', 'Virtual IP Password', 'password', $pconfig['password']))->setHelp('Enter the VHID group password.');
$section->addInput(new Form_Select('vhid', 'VHID Group', $pconfig['vhid'], array_combine(range(1, 255, 1), range(1, 255, 1))))->setHelp('Enter the VHID group that the machines will share');
$group = new Form_Group('Advertising frequency');
$group->add(new Form_Select('advbase', 'Base', $pconfig['advbase'], array_combine(range(1, 254, 1), range(1, 254, 1))))->setHelp('Base');
$group->add(new Form_Select('advskew', 'Skew', $pconfig['advskew'], array_combine(range(0, 254, 1), range(0, 254, 1))))->setHelp('Skew');
$group->setHelp('The frequency that this machine will advertise. 0 means usually master. Otherwise the lowest combination of both values in the cluster determines the master.');
$section->add($group);
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference (not parsed).');
if (isset($id) && $a_vip[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$section->addInput(new Form_Input('uniqid', null, 'hidden', $pconfig['uniqid']));
$form->add($section);
print $form;
?>
<div id="infoblock">
<?php
$section->addInput(new Form_Checkbox('decrypt', 'Encryption', 'Configuration file is encrypted.', false));
$section->addInput(new Form_Input('decrypt_password', null, 'password', null, ['placeholder' => 'Password']));
$section->addInput(new Form_Input('decrypt_passconf', null, 'password', null, ['placeholder' => 'Confirm password']));
$group = new Form_Group('');
$group->add(new Form_Button('Submit', 'Restore configuration'))->setHelp('The firewall will reboot after restoring the configuration.')->removeClass('btn-primary')->addClass('btn-danger');
$section->add($group);
$form->add($section);
if ($config['installedpackages']['package'] != "" || is_subsystem_dirty("packagelock")) {
$section = new Form_Section('Package functions');
if ($config['installedpackages']['package'] != "") {
$group = new Form_Group('');
$group->add(new Form_Button('Submit', 'Reinstall packages'))->setHelp('Click this button to reinstall all system packages. This may take a while.')->removeClass('btn-primary')->addClass('btn-warning');
$section->add($group);
}
if (is_subsystem_dirty("packagelock")) {
$group = new Form_Group('');
$group->add(new Form_Button('Submit', 'Clear Package Lock'))->setHelp('Click this button to clear the package lock if a package fails to reinstall properly after an upgrade.')->removeClass('btn-primary')->addClass('btn-warning');
$section->add($group);
}
$form->add($section);
}
print $form;
?>
<script type="text/javascript">
//<![CDATA[
events.push(function(){
//---------- "Standard" show/hide functions ---------------------------------------------------
// Hides all elements of the specified class. This will usually be a section or group
function hideClass(s_class, hide) {
if(hide)
$section->addInput(new Form_StaticText('Additional BOOTP/DHCP Options', $btnadv));
$section = new Form_Section('Additional BOOTP/DHCP Options');
$section->addClass('adnlopts');
$section->addInput(new Form_StaticText(null, '<div class="alert alert-info"> ' . gettext('Enter the DHCP option number and the value for each item you would like to include in the DHCP lease information.') . ' ' . sprintf(gettext('For a list of available options please visit this %1$s URL%2$s'), '<a href="http://www.iana.org/assignments/bootp-dhcp-parameters/" target="_blank">', '</a></div>')));
if (!$pconfig['numberoptions']) {
$pconfig['numberoptions']['item'] = array(array('number' => '', 'type' => 'text', 'value' => ''));
}
$customitemtypes = array('text' => gettext('Text'), 'string' => gettext('String'), 'boolean' => gettext('Boolean'), 'unsigned integer 8' => gettext('Unsigned 8-bit integer'), 'unsigned integer 16' => gettext('Unsigned 16-bit integer'), 'unsigned integer 32' => gettext('Unsigned 32-bit integer'), 'signed integer 8' => gettext('Signed 8-bit integer'), 'signed integer 16' => gettext('Signed 16-bit integer'), 'signed integer 32' => gettext('Signed 32-bit integer'), 'ip-address' => gettext('IP address or host'));
$numrows = count($item) - 1;
$counter = 0;
$numrows = count($pconfig['numberoptions']['item']) - 1;
foreach ($pconfig['numberoptions']['item'] as $item) {
$number = $item['number'];
$itemtype = $item['type'];
$value = base64_decode($item['value']);
$group = new Form_Group($counter == 0 ? 'Option' : null);
$group->addClass('repeatable');
$group->add(new Form_Input('number' . $counter, null, 'text', $number))->setHelp($numrows == $counter ? 'Number' : null);
$group->add(new Form_Select('itemtype' . $counter, null, $itemtype, $customitemtypes))->setWidth(3)->setHelp($numrows == $counter ? 'Type' : null);
$group->add(new Form_Input('value' . $counter, null, 'text', $value))->setHelp($numrows == $counter ? 'Value' : null);
$group->add(new Form_Button('deleterow' . $counter, 'Delete'))->removeClass('btn-primary')->addClass('btn-warning');
$section->add($group);
$counter++;
}
$section->addInput(new Form_Button('addrow', 'Add'))->removeClass('btn-primary')->addClass('btn-success');
$form->add($section);
if ($pconfig['netboot']) {
$sectate = COLLAPSIBLE | SEC_OPEN;
} else {
$sectate = COLLAPSIBLE | SEC_CLOSED;
}
if ($gw == "") {
continue;
}
$gateways[$gwname] = $gw['name'] . (empty($gw['gateway']) ? '' : ' - ' . $gateway_addr_str);
}
foreach ((array) $a_gatewaygroups as $gwg_name => $gwg_data) {
if (empty($pconfig['ipprotocol']) || $pconfig['ipprotocol'] == $gwg_data['ipprotocol']) {
$gateways[$gwg_name] = $gwg_name;
}
}
$section->addInput(new Form_Select('gateway', 'Gateway', $pconfig['gateway'], $gateways))->setHelp('Leave as \'default\' to use the system routing table. Or choose a ' . 'gateway to utilize policy based routing.');
$group = new Form_Group('In / Out pipe');
$group->add(new Form_Select('dnpipe', 'DNpipe', $pconfig['dnpipe'], array('' => 'none') + array_keys($dnqlist)));
$group->add(new Form_Select('pdnpipe', 'PDNpipe', $pconfig['pdnpipe'], array('' => 'none') + array_keys($dnqlist)));
$section->add($group)->setHelp('Choose the Out queue/Virtual interface only if ' . 'you have also selected In. The Out selection is applied to traffic leaving ' . 'the interface where the rule is created, In is applied to traffic coming ' . 'into the chosen interface.<br />If you are creating a floating rule, if the ' . 'direction is In then the same rules apply, if the direction is out the ' . 'selections are reverted Out is for incoming and In is for outgoing.');
$group = new Form_Group('Ackqueue / Queue');
$list = array('' => 'none');
if (!is_array($qlist)) {
$qlist = array();
}
foreach ($qlist as $q => $qkey) {
if (isset($ifdisp[$q])) {
$list[$q] = $ifdisp[$q];
} else {
$list[$q] = $q;
}
}
$group->add(new Form_Select('ackqueue', 'Ackqueue', $pconfig['ackqueue'], $list));
$group->add(new Form_Select('defaultqueue', 'Default Queue', $pconfig['defaultqueue'], $list));
$section->add($group)->setHelp('Choose the Acknowledge Queue only if you have ' . 'selected Queue.');
$section->addInput(new Form_Select('l7container', 'Layer7', $pconfig['l7container'], array_keys($l7clist)))->setHelp('Choose a Layer7 container to apply application protocol inspection ' . 'rules. These are valid for TCP and UDP protocols only.');
$section->addInput(new Form_Input('decrypt_password', 'Password', 'password', null, ['placeholder' => 'Password']));
$group = new Form_Group('');
// Note: ID attribute of each element created is to be unique. Not being used, suppressing it.
$group->add(new Form_Button('Submit', 'Restore Configuration', null, 'fa-undo'))->setHelp('The firewall will reboot after restoring the configuration.')->addClass('btn-danger restore')->setAttribute('id');
$section->add($group);
$form->add($section);
if ($config['installedpackages']['package'] != "" || is_subsystem_dirty("packagelock")) {
$section = new Form_Section('Package Functions');
if ($config['installedpackages']['package'] != "") {
$group = new Form_Group('');
// Note: ID attribute of each element created is to be unique. Not being used, suppressing it.
$group->add(new Form_Button('Submit', 'Reinstall Packages', null, 'fa-retweet'))->setHelp('Click this button to reinstall all system packages. This may take a while.')->addClass('btn-success')->setAttribute('id');
$section->add($group);
}
if (is_subsystem_dirty("packagelock")) {
$group = new Form_Group('');
// Note: ID attribute of each element created is to be unique. Not being used, suppressing it.
$group->add(new Form_Button('Submit', 'Clear Package Lock', null, 'fa-wrench'))->setHelp('Click this button to clear the package lock if a package fails to reinstall properly after an upgrade.')->addClass('btn-warning')->setAttribute('id');
$section->add($group);
}
$form->add($section);
}
print $form;
?>
<script type="text/javascript">
//<![CDATA[
events.push(function() {
// ------- Show/hide sections based on checkbox settings --------------------------------------
function hideSections(hide) {
$tab_array[3] = array(gettext("Advanced Settings"), true, "vpn_ipsec_settings.php");
display_top_tabs($tab_array);
$form = new Form();
$section = new Form_Section('Start IPsec in debug mode based on sections selected');
foreach ($ipsec_log_cats as $cat => $desc) {
$section->addInput(new Form_Select($cat, $desc, $pconfig[$cat], $ipsec_log_sevs))->setWidth(2);
}
$section->addInput(new Form_StaticText('', ''))->setHelp('Launches IPsec in debug mode so that more verbose logs will be generated to aid in troubleshooting.');
$form->add($section);
$section = new Form_Section('IPsec Advanced Settings');
$section->addInput(new Form_Select('uniqueids', 'Configure Unique IDs as', $pconfig['uniqueids'], $ipsec_idhandling))->setHelp('Whether a particular participant ID should be kept unique, with any new IKE_SA using an ID ' . 'deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new ' . 'IKE_SA using the same ID is almost invariably intended to replace an old one. ' . 'The difference between <b>no</b> and <b>never</b> is that the old IKE_SAs will be replaced when receiving an ' . 'INITIAL_CONTACT notify if the option is no but will ignore these notifies if <b>never</b> is configured. ' . 'The daemon also accepts the value <b>keep</b> to reject ' . 'new IKE_SA setups and keep the duplicate established earlier. Defaults to Yes.');
$section->addInput(new Form_Checkbox('compression', 'IP Compression', 'Enable IPCompression', $pconfig['compression']))->setHelp('IPComp compression of content is proposed on the connection.');
$section->addInput(new Form_Checkbox('enableinterfacesuse', 'Strict interface binding', 'Enable strict interface binding', $pconfig['enableinterfacesuse']))->setHelp('Enable strongSwan\'s interfaces_use option to bind specific interfaces only. This option is known to break IPsec with dynamic IP interfaces. This is not recommended at this time.');
$section->addInput(new Form_Checkbox('acceptunencryptedmainmode', 'Unencrypted payloads in IKEv1 Main Mode', 'Accept unencrypted ID and HASH payloads in IKEv1 Main Mode', $pconfig['acceptunencryptedmainmode']))->setHelp('Some implementations send the third Main Mode message unencrypted, probably to find the PSKs for the specified ID for authentication.' . 'This is very similar to Aggressive Mode, and has the same security implications: ' . 'A passive attacker can sniff the negotiated Identity, and start brute forcing the PSK using the HASH payload.' . 'It is recommended to keep this option to no, unless you know exactly what the implications are and require compatibility to such devices (for example, some SonicWall boxes).');
$section->addInput(new Form_Checkbox('maxmss_enable', 'Enable Maximum MSS', 'Enable MSS clamping on VPN traffic', $pconfig['maxmss_enable']))->toggles('.toggle-maxmss', 'collapse');
$group = new Form_Group('Maximum MSS');
$group->addClass('toggle-maxmss collapse');
if (!empty($pconfig['maxmss_enable'])) {
$group->addClass('in');
}
$group->add(new Form_Input('maxmss', 'Maximum MSS', 'text', $pconfig['maxmss'] ? $pconfig['maxmss'] : '1400'))->setHelp('Enable MSS clamping on TCP flows over VPN. ' . 'This helps overcome problems with PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. ');
$section->add($group);
$section->addInput(new Form_Checkbox('unityplugin', 'Disable Cisco Extensions', 'Disable Unity Plugin', $pconfig['unityplugin']))->setHelp('Disable Unity Plugin which provides Cisco Extension support as Split-Include, Split-Exclude, Split-Dns, ...');
$section->addInput(new Form_Checkbox('strictcrlpolicy', 'Strict CRL Checking', 'Enable strict Certificate Revocation List checking', $pconfig['strictcrlpolicy']))->setHelp('Check this to require availability of a fresh CRL for peer authentication based on RSA signatures to succeed.');
$section->addInput(new Form_Checkbox('makebeforebreak', 'Make before Break', 'Initiate IKEv2 reauthentication with a make-before-break', $pconfig['makebeforebreak']))->setHelp('instead of a break-before-make scheme. Make-before-break uses overlapping IKE and CHILD_SA during reauthentication ' . 'by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps ' . 'during reauthentication, but requires support for overlapping SAs by the peer');
$section->addInput(new Form_Checkbox('autoexcludelanaddress', 'Auto-exclude LAN address', 'Enable bypass for LAN interface IP', !$pconfig['noshuntlaninterfaces']))->setHelp('Exclude traffic from LAN subnet to LAN IP address from IPsec.');
$form->add($section);
print $form;
?>
<?php
$section = new Form_Section('Graph settings');
$group = new Form_Group('Options');
$group->add(new Form_Select('option', 'Graphs', $curoption, build_options()))->setHelp('Graph');
$group->add(new Form_Select('style', 'Style', $curstyle, $styles))->setHelp('Style');
$group->add(new Form_Select('period', 'Period', $curperiod, $periods))->setHelp('Period');
if ($curcat == 'custom') {
$group->setHelp('Any changes to these option may not take affect until the next auto-refresh.');
}
$section->add($group);
if ($curcat == 'custom') {
$section->addInput(new Form_Input('cat', null, 'hidden', 'custom'));
$tz = date_default_timezone_get();
$tz_msg = gettext("Enter date and/or time. Current timezone:") . " {$tz}";
$start_fmt = strftime("%m/%d/%Y %H:%M:%S", $start);
$end_fmt = strftime("%m/%d/%Y %H:%M:%S", $end);
$group = new Form_Group('');
$group->add(new Form_Input('start', 'Start', 'datetime', $start_fmt))->setHelp('Start');
$group->add(new Form_Input('end', 'End', 'datetime', $end_fmt))->setHelp('End');
if ($curcat != 'custom') {
$group->setHelp('Any changes to these option may not take affect until the next auto-refresh');
}
$section->add($group);
$form->add($section);
print $form;
$curdatabase = $curoption;
$graph = "custom-{$curdatabase}";
if (in_array($curdatabase, $custom_databases)) {
$id = "{$graph}-{$curoption}-{$curdatabase}";
$id = preg_replace('/\\./', '_', $id);
?>
<div class="panel panel-default">
}
// Get the MAC address
$ip = $_SERVER['REMOTE_ADDR'];
$mymac = `/usr/sbin/arp -an | grep '('{$ip}')' | head -n 1 | cut -d" " -f4`;
$mymac = str_replace("\n", "", $mymac);
include "head.inc";
if ($input_errors) {
print_input_errors($input_errors);
}
$form = new Form();
$section = new Form_Section('Edit MAC Address Rules');
$section->addInput(new Form_Select('action', 'Action', strtolower($pconfig['action']), array('pass' => gettext('Pass'), 'block' => gettext('Block'))))->setHelp('Choose what to do with packets coming from this MAC address.');
$macaddress = new Form_Input('mac', 'MAC Address', 'text', $pconfig['mac'], ['placeholder' => 'xx:xx:xx:xx:xx:xx']);
$btnmymac = new Form_Button('btnmymac', 'Copy My MAC', null, 'fa-clone');
$btnmymac->setAttribute('type', 'button')->removeClass('btn-primary')->addClass('btn-success btn-sm');
$group = new Form_Group('MAC Address');
$group->add($macaddress);
$group->add($btnmymac);
$group->setHelp('6 hex octets separated by colons');
$section->add($group);
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('A description may be entered here for administrative reference (not parsed)');
$section->addInput(new Form_Input('bw_up', 'Bandwidth up', 'text', $pconfig['bw_up']))->setHelp('Enter an upload limit to be enforced on this MAC in Kbit/s');
$section->addInput(new Form_Input('bw_down', 'Bandwidth down', 'text', $pconfig['bw_down']))->setHelp('Enter a download limit to be enforced on this MAC in Kbit/s');
$section->addInput(new Form_Input('zone', null, 'hidden', $cpzone));
if (isset($id) && $a_passthrumacs[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
if (isset($pconfig['username']) && $pconfig['username']) {
$section->addInput(new Form_Input('username', null, 'hidden', $pconfig['username']));
}
$form->add($section);
$numrows = count($item) - 1;
$usernames = $pconfig['username'];
//DEBUG
//$usernames = 'sbeaver:TXlQYXNzd2Q=:192.168.1.1 smith:TXlQYXNzd2Q=:192.168.2.1 sjones:TXlQYXNzd2Q=:192.168.3.1 salpha:TXlQYXNzd2Q=:192.168.4.1';
if ($usernames == "") {
$usernames = '::';
}
if ($usernames != "") {
$item = explode(" ", $usernames);
$numrows = count($item) - 1;
foreach ($item as $ww) {
$wws = explode(":", $ww);
$user = $wws[0];
$passwd = base64_decode($wws[1]);
$ip = $wws[2];
$group = new Form_Group($counter == 0 ? 'User table' : null);
$group->addClass('repeatable');
$group->add(new Form_Input('username' . $counter, null, 'text', $user))->setHelp($numrows == $counter ? 'User name' : null);
$group->add(new Form_Input('password' . $counter, null, 'password', $passwd))->setHelp($numrows == $counter ? 'Password' : null);
$group->add(new Form_IpAddress('ip' . $counter, null, $ip))->setHelp($numrows == $counter ? 'IP Address' : null);
$group->add(new Form_Button('deleterow' . $counter, 'Delete'))->removeClass('btn-primary')->addClass('btn-warning');
$section->add($group);
$counter++;
}
}
$btnaddrow = new Form_Button('addrow', 'Add user');
$btnaddrow->removeClass('btn-primary')->addClass('btn-success');
$section->addInput(new Form_StaticText(null, ' ' . $btnaddrow));
// Hidden fields
if (isset($id)) {
$section->addInput(new Form_Input('id', null, 'hidden', htmlspecialchars($id, ENT_QUOTES | ENT_HTML401)));
$group->add(new Form_Input('dns_server4', null, 'text', $pconfig['dns_server4']))->setHelp('Server 4');
$section->add($group);
// NTP servers
$section->addInput(new Form_Checkbox('ntp_server_enable', 'NTP Servers', 'Provide an NTP server list to clients', $pconfig['ntp_server_enable']))->toggles('.ntpservers');
$group = new Form_Group(null);
$group->addClass('ntpservers');
$group->add(new Form_Input('ntp_server1', null, 'text', $pconfig['ntp_server1']))->setHelp('Server 1');
$group->add(new Form_Input('ntp_server2', null, 'text', $pconfig['ntp_server2']))->setHelp('Server 2');
$section->add($group);
// NTP servers - For this section we need to use Javascript hiding since there
// are nested toggles
$section->addInput(new Form_Checkbox('netbios_enable', 'NetBIOS Options', 'Enable NetBIOS over TCP/IP', $pconfig['netbios_enable']))->setHelp('If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled. ');
$section->addInput(new Form_Select('netbios_ntype', 'Node Type', $pconfig['netbios_ntype'], $netbios_nodetypes))->setHelp('Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), ' . 'and h-node (query name server, then broadcast). ');
$section->addInput(new Form_Input('netbios_scope', null, 'text', $pconfig['netbios_scope']))->setHelp('A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. ' . 'The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. ');
$section->addInput(new Form_Checkbox('wins_server_enable', 'WINS servers', 'Provide a WINS server list to clients', $pconfig['wins_server_enable']));
$group = new Form_Group(null);
$group->add(new Form_Input('wins_server1', null, 'text', $pconfig['wins_server1']))->setHelp('Server 1');
$group->add(new Form_Input('wins_server2', null, 'text', $pconfig['wins_server2']))->setHelp('Server 2');
$group->addClass('winsservers');
$section->add($group);
$section->addInput(new Form_Textarea('custom_options', 'Advanced', $pconfig['custom_options']))->setHelp('Enter any additional options you would like to add for this client specific override, separated by a semicolon. ' . '<br />' . 'EXAMPLE: push "route 10.0.0.0 255.255.255.0"; ');
// The hidden fields
$section->addInput(new Form_Input('act', null, 'hidden', $act));
if (isset($id) && $a_csc[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$form->add($section);
print $form;
?>
<script type="text/javascript">
display_top_tabs($tab_array, true);
if ($act == "new" || $act == "edit") {
$form = new Form();
$section = new Form_Section('New Access List');
$section->addInput(new Form_Input('aclid', null, 'hidden', $id));
$section->addInput(new Form_Input('act', null, 'hidden', $act));
$section->addInput(new Form_Input('aclname', 'Access List name', 'text', $pconfig['aclname']))->setHelp('Provide an Access List name.');
$section->addInput(new Form_Select('aclaction', 'Action', strtolower($pconfig['aclaction']), array('allow' => 'Allow', 'deny' => 'Deny', 'refuse' => 'Refuse', 'allow snoop' => 'Allow Snoop')))->setHelp($actionHelp);
$section->addInput(new Form_Input('description', 'Description', 'text', $pconfig['description']))->setHelp('You may enter a description here for your reference.');
$numrows = count($networkacl) - 1;
$counter = 0;
foreach ($networkacl as $item) {
$network = $item['acl_network'];
$cidr = $item['mask'];
$description = $item['description'];
$group = new Form_Group($counter == 0 ? 'Networks' : '');
$group->add(new Form_IpAddress('acl_network' . $counter, null, $network))->addMask('mask' . $counter, $cidr)->setWidth(4)->setHelp($counter == $numrows ? 'Network/mask' : null);
$group->add(new Form_Input('description' . $counter, null, 'text', $description))->setHelp($counter == $numrows ? 'Description' : null);
$group->add(new Form_Button('deleterow' . $counter, 'Delete'))->removeClass('btn-primary')->addClass('btn-warning');
$group->addClass('repeatable');
$section->add($group);
$counter++;
}
$form->addGlobal(new Form_Button('addrow', 'Add network'))->removeClass('btn-primary')->addClass('btn-success');
$form->add($section);
print $form;
} else {
// NOT 'edit' or 'add'
?>
<div class="panel panel-default">
<div class="panel-heading"><h2 class="panel-title"><?php
$tab_array[] = array(htmlspecialchars(gettext("Firewall & NAT")), true, "system_advanced_firewall.php");
$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
display_top_tabs($tab_array);
?>
<div id="container"><?php
$form = new Form();
$section = new Form_Section('Firewall Advanced');
$section->addInput(new Form_Checkbox('scrubnodf', 'IP Do-Not-Fragment compatibility', 'Clear invalid DF bits instead of dropping the packets', isset($config['system']['scrubnodf'])))->setHelp('This allows for communications with hosts that generate fragmented ' . 'packets with the don\'t fragment (DF) bit set. Linux NFS is known to do this. ' . 'This will cause the filter to not drop such packets but instead clear the don\'t ' . 'fragment bit.');
$section->addInput(new Form_Checkbox('scrubrnid', 'IP Random id generation', 'Insert a stronger ID into IP header of packets passing through the filter.', isset($config['system']['scrubrnid'])))->setHelp('Replaces the IP identification field of packets with random values to ' . 'compensate for operating systems that use predictable values. This option only ' . 'applies to packets that are not fragmented after the optional packet ' . 'reassembly.');
$section->addInput($input = new Form_Select('optimization', 'Firewall Optimization Options', $config['system']['optimization'], array('normal' => 'Normal', 'high-latency' => gettext('High-latency'), 'aggressive' => gettext('Aggressive'), 'conservative' => gettext('Conservative'))))->setHelp('Select the type of state table optimization to use');
$section->addInput(new Form_Checkbox('disablefilter', 'Disable Firewall', 'Disable all packet filtering.', isset($config['system']['disablefilter'])))->setHelp('Note: This converts %s into a routing only platform!<br/>' . 'Note: This will also turn off NAT! To only disable NAT, ' . 'and not firewall rules, visit the <a href="firewall_nat_out.php">Outbound ' . 'NAT</a> page.', [$g["product_name"]]);
$section->addInput(new Form_Checkbox('disablescrub', 'Disable Firewall Scrub', 'Disables the PF scrubbing option which can sometimes interfere with NFS traffic.', isset($config['system']['disablescrub'])));
$group = new Form_Group('Firewall Adaptive Timeouts');
$group->add(new Form_Input('adaptivestart', 'Adaptive start', 'number', $pconfig['adaptivestart'], ['min' => 1]))->setHelp('When the number of state entries exceeds this value, adaptive ' . 'scaling begins. All timeout values are scaled linearly with factor ' . '(adaptive.end - number of states) / (adaptive.end - adaptive.start).');
$group->add(new Form_Input('adaptiveend', 'Adaptive end', 'number', $pconfig['adaptiveend'], ['min' => 1]))->setHelp('When reaching this number of state entries, all timeout values ' . 'become zero, effectively purging all state entries immediately. This ' . 'value is used to define the scale factor, it should not actually be ' . 'reached (set a lower state limit, see below).');
$group->setHelp('Timeouts for states can be scaled adaptively as the number of ' . 'state table entries grows. Leave blank for the default (0)');
$section->add($group);
$section->addInput(new Form_Input('maximumstates', 'Firewall Maximum States', 'number', $pconfig['maximumstates'], ['min' => 1, 'placeholder' => pfsense_default_state_size()]))->setHelp('Maximum number of connections to hold in the firewall state table. ' . '<br/>Note: Leave this blank for the default. On this system the default ' . 'size is: %d', [pfsense_default_state_size()]);
$section->addInput(new Form_Input('maximumtableentries', 'Firewall Maximum Table Entries', 'text', $pconfig['maximumtableentries'], ['placeholder' => pfsense_default_table_entries_size()]))->setHelp('Maximum number of table entries for systems such as aliases, ' . 'sshlockout, snort, etc, combined.<br/>Note: Leave this blank for the ' . 'default. On this system the default size is: %d', [pfsense_default_table_entries_size()]);
$section->addInput(new Form_Input('maximumfrags', 'Firewall Maximum Fragment Entries', 'text', $pconfig['maximumfrags']))->setHelp('Maximum number of packet fragments to hold for reassembly by scrub rules. Leave this blank for the default (5000)');
$section->addInput(new Form_Checkbox('bypassstaticroutes', 'Static route filtering', 'Bypass firewall rules for traffic on the same interface', $pconfig['bypassstaticroutes']))->setHelp('This option only applies if one or more static routes have been defined. ' . 'If it is enabled, traffic that enters and leaves through the same ' . 'interface will not be checked by the firewall. This may be desirable in some ' . 'situations where multiple subnets are connected to the same interface.');
$section->addInput(new Form_Checkbox('disablevpnrules', 'Disable Auto-added VPN rules', 'Disable all auto-added VPN rules.', isset($config['system']['disablevpnrules'])))->setHelp('Note: This disables automatically added rules for IPsec.');
$section->addInput(new Form_Checkbox('disablereplyto', 'Disable reply-to', 'Disable reply-to on WAN rules', $pconfig['disablereplyto']))->setHelp('With Multi-WAN it is generally desired to ensure traffic leaves the same ' . 'interface it arrives on, hence reply-to is added automatically by default. When ' . 'using bridging, this behavior must be disabled if the WAN gateway IP is ' . 'different from the gateway IP of the hosts behind the bridged interface.');
$section->addInput(new Form_Checkbox('disablenegate', 'Disable Negate rules', 'Disable Negate rule on policy routing rules', $pconfig['disablenegate']))->setHelp('With Multi-WAN it is generally desired to ensure traffic reaches directly ' . 'connected networks and VPN networks when using policy routing. This can be disabled ' . 'for special purposes but it requires manually creating rules for these networks.');
$section->addInput(new Form_Input('aliasesresolveinterval', 'Aliases Hostnames Resolve Interval', 'text', $pconfig['aliasesresolveinterval'], ['placeholder' => '300']))->setHelp('Interval, in seconds, that will be used to resolve hostnames ' . 'configured on aliases. <br/>Note: Leave this blank for the default ' . '(300s).');
$section->addInput(new Form_Checkbox('checkaliasesurlcert', 'Check certificate of aliases URLs', 'Verify HTTPS certificates when downloading alias URLs', $pconfig['checkaliasesurlcert']))->setHelp('Make sure the certificate is valid for all HTTPS addresses on ' . 'aliases. If it\'s not valid or is revoked, do not download it.');
$form->add($section);
$section = new Form_Section('Bogon Networks');
/**
* @dataProvider nestedDataProvider
*/
function testInvalidate($test_failed, $post, $values)
{
$form = Form_Group::createFromConfig();
}
}
if ($savemsg) {
print_info_box($savemsg, $class);
}
$tab_array = array();
$tab_array[] = array(gettext("Admin Access"), false, "system_advanced_admin.php");
$tab_array[] = array(gettext("Firewall & NAT"), false, "system_advanced_firewall.php");
$tab_array[] = array(gettext("Networking"), true, "system_advanced_network.php");
$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
display_top_tabs($tab_array);
$form = new Form();
$section = new Form_Section('IPv6 Options');
$section->addInput(new Form_Checkbox('ipv6allow', 'Allow IPv6', 'All IPv6 traffic will be blocked by the firewall unless this box is checked', $pconfig['ipv6allow']))->setHelp('NOTE: This does not disable any IPv6 features on the firewall, it only ' . 'blocks traffic.');
$group = new Form_Group('IPv6 over IPv4 Tunneling');
$group->add(new Form_Checkbox('ipv6nat_enable', 'IPv6 over IPv4 Tunneling', 'Enable IPv4 NAT encapsulation of IPv6 packets', $pconfig['ipv6nat_enable']))->setHelp('NOTE: This does not disable any IPv6 features on the firewall, it only ' . 'blocks traffic.');
$group->add(new Form_Input('ipv6nat_ipaddr', 'IP address', 'text', $pconfig['ipv6nat_ipaddr']))->setHelp('Enable IPv4 NAT encapsulation of IPv6 packets. <br/>This provides an ' . 'RFC 2893 compatibility mechanism that can be used to tunneling IPv6 packets over ' . 'IPv4 routing infrastructures. If enabled, don"t forget to add a firewall rule to ' . 'permit IPv6 packets.');
$section->add($group);
$section->addInput(new Form_Checkbox('prefer_ipv4', 'Prefer IPv4 over IPv6', 'Prefer to use IPv4 even if IPv6 is available', $pconfig['prefer_ipv4']))->setHelp('By default, if a hostname resolves IPv6 and IPv4 addresses IPv6 will ' . 'be used, if you check this option, IPv4 will be used instead of IPv6.');
$form->add($section);
$section = new Form_Section('Network Interfaces');
$section->addInput(new Form_Checkbox('polling_enable', 'Device polling', 'Enable device polling', $pconfig['polling_enable']))->setHelp('Device polling is a technique that lets the system periodically poll ' . 'network devices for new data instead of relying on interrupts. This prevents ' . 'your webConfigurator, SSH, etc. from being inaccessible due to interrupt floods ' . 'when under extreme load. Generally this is not recommended. Not all NICs support ' . 'polling; see the %s homepage for a list of supported cards', [$g["product_name"]]);
$section->addInput(new Form_Checkbox('disablechecksumoffloading', 'Hardware Checksum Offloading', 'Disable hardware checksum offload', isset($config['system']['disablechecksumoffloading'])))->setHelp('Checking this option will disable hardware checksum offloading.<br/>' . 'Checksum offloading is broken in some hardware, particularly some Realtek cards. ' . 'Rarely, drivers may have problems with checksum offloading and some specific ' . 'NICs.This will take effect after you reboot the machine or re-configure each ' . 'interface.');
$section->addInput(new Form_Checkbox('disablesegmentationoffloading', 'Hardware TCP Segmentation Offloading', 'Disable hardware TCP segmentation offload', isset($config['system']['disablesegmentationoffloading'])))->setHelp('Checking this option will disable hardware TCP segmentation ' . 'offloading (TSO, TSO4, TSO6). This offloading is broken in some hardware ' . 'drivers, and may impact performance with some specific NICs.This will take ' . 'effect after you reboot the machine or re-configure each interface.');
$section->addInput(new Form_Checkbox('disablelargereceiveoffloading', 'Hardware Large Receive Offloading', 'Disable hardware large receive offload', isset($config['system']['disablelargereceiveoffloading'])))->setHelp('Checking this option will disable hardware large receive offloading ' . '(LRO). This offloading is broken in some hardware drivers, and may impact ' . 'performance with some specific NICs.This will take effect after you reboot the ' . 'machine or re-configure each interface.');
$section->addInput(new Form_Checkbox('sharednet', 'ARP Handling', 'Suppress ARP messages', isset($pconfig['sharednet'])))->setHelp('This option will suppress ARP log messages when multiple interfaces ' . 'reside on the same broadcast domain');
if (get_freebsd_version() == 8) {
$section->addInput(new Form_Checkbox('flowtable', 'Enable flowtable support', $pconfig['flowtable']))->setHelp('Enables infrastructure for caching flows as a means of accelerating ' . 'L3 and L2 lookups as well as providing stateful load balancing when used with ' . 'RADIX_MPATH.');
}
$form->add($section);
if ($savemsg) {
print_info_box($savemsg, success);
}
?>
<div id="container">
<?php
$form = new Form();
$section = new Form_Section('System');
$section->addInput(new Form_Input('hostname', 'Hostname', 'text', $pconfig['hostname'], ['placeholder' => 'pfSense']))->setHelp('Name of the firewall host, without domain part');
$section->addInput(new Form_Input('domain', 'Domain', 'text', $pconfig['domain'], ['placeholder' => 'mycorp.com, home, office, private, etc.']))->setHelp('Do not use \'local\' as a domain name. It will cause local ' . 'hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve ' . 'local hosts not running mDNS.');
$form->add($section);
$section = new Form_Section('DNS server settings');
for ($i = 1; $i < 5; $i++) {
// if (!isset($pconfig['dns'.$i]))
// continue;
$group = new Form_Group('DNS Server ' . $i);
$group->add(new Form_Input('dns' . $i, 'DNS Server', 'text', $pconfig['dns' . $i]))->setHelp($i == 4 ? 'Address' : null);
$help = "Enter IP addresses to be used by the system for DNS resolution. " . "These are also used for the DHCP service, DNS forwarder and for PPTP VPN clients.";
if ($multiwan) {
$options = array('none' => 'none');
foreach ($arr_gateways as $gwname => $gwitem) {
if (is_ipaddrv4(lookup_gateway_ip_by_name($pconfig[$dnsgw])) && is_ipaddrv6($gwitem['gateway'])) {
continue;
}
if (is_ipaddrv6(lookup_gateway_ip_by_name($pconfig[$dnsgw])) && is_ipaddrv4($gwitem['gateway'])) {
continue;
}
$options[$gwname] = $gwname . ' - ' . $gwitem['friendlyiface'] . ' - ' . $gwitem['gateway'];
}
$group->add(new Form_Select('dns' . $i . 'gw', null, $pconfig['dns' . $i . 'gw'], $options))->setHelp($i == 4 ? 'Gateway' : null);
$help .= '<br/>' . "In addition, optionally select the gateway for each DNS server. " . "When using multiple WAN connections there should be at least one unique DNS server per gateway.";
$optionlist = array();
$iflist = get_configured_interface_with_descr();
foreach ($iflist as $ifnam => $ifdescr) {
$optionlist[$ifnam] = $ifdescr;
}
$section->addInput(new Form_Select('interface', 'Interface', $pconfig['interface'], $optionlist));
$section->addInput(new Form_Input('host', 'Hostname', 'text', $pconfig['host']))->setHelp('Fully qualified hostname of the host to be updated');
$section->addInput(new Form_Input('ttl', 'TTL (seconds)', 'number', $pconfig['ttl']));
$section->addInput(new Form_Input('keyname', 'Key name', 'text', $pconfig['keyname']))->setHelp('This must match the setting on the DNS server.');
$group = new Form_Group('Key Type');
$group->add(new Form_Checkbox('keytype', 'Key Type', 'Zone', $pconfig['keytype'] == 'zone', 'zone'))->displayAsRadio();
$group->add(new Form_Checkbox('keytype', 'Key Type', 'Host', $pconfig['keytype'] == 'host', 'host'))->displayAsRadio();
$group->add(new Form_Checkbox('keytype', 'Key Type', 'User', $pconfig['keytype'] == 'user', 'user'))->displayAsRadio();
$section->add($group);
$section->addInput(new Form_Input('keydata', 'Key', 'text', $pconfig['keydata']))->setHelp('Paste an HMAC-MD5 key here.');
$section->addInput(new Form_Input('server', 'Server', 'text', $pconfig['server']));
$section->addInput(new Form_Checkbox('usetcp', 'Protocol', 'Use TCP instead of UDP', $pconfig['usetcp']));
$section->addInput(new Form_Checkbox('usepublicip', 'Use public IP', 'If the interface IP is private, attempt to fetch and use the public IP instead.', $pconfig['usepublicip']));
$group = new Form_Group('Record Type');
$group->add(new Form_Checkbox('recordtype', 'Record Type', 'A (IPv4)', $pconfig['recordtype'] == 'A', 'A'))->displayAsRadio();
$group->add(new Form_Checkbox('recordtype', 'Record Type', 'AAAA (IPv6)', $pconfig['recordtype'] == 'AAAA', 'AAAA'))->displayAsRadio();
$group->add(new Form_Checkbox('recordtype', 'Record Type', 'Both', $pconfig['recordtype'] == 'both', 'both'))->displayAsRadio();
$section->add($group);
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference (not parsed).');
if (isset($id) && $a_rfc2136[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$form->add($section);
print $form;
print_info_box(sprintf('You must configure a DNS server in %sSystem: ' . 'General setup %sor allow the DNS server list to be overridden ' . 'by DHCP/PPP on WAN for dynamic DNS updates to work.', '<a href="system.php">', '</a>'));
include "foot.inc";
$tempFriendlyTime .= ", ";
}
$currentDay--;
if ($currentDay != $firstDay) {
$tempFriendlyTime .= $dayArray[$firstDay - 1] . " - " . $dayArray[$currentDay - 1];
} else {
$tempFriendlyTime .= $dayArray[$firstDay - 1];
}
$firstDayFound = false;
$firstprint = true;
}
$i++;
}
}
}
$group = new Form_Group('');
$group->add(new Form_Input('tempFriendlyTime' . $counter, null, 'text', $tempFriendlyTime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Day(s)' : '');
$group->add(new Form_Input('starttime' . $counter, null, 'text', $starttime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Start time' : '');
$group->add(new Form_Input('stoptime' . $counter, null, 'text', $stoptime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Stop time' : '');
$group->add(new Form_Input('timedescr' . $counter, null, 'text', $timedescr))->setWidth(2)->setHelp($counter == $maxrows ? 'Description' : '');
$group->add(new Form_Button('Delete' . $counter, 'Delete', null, 'fa-trash'))->setAttribute('type', 'button')->addClass('btn-xs btn-warning');
$group->add(new Form_Input('schedule' . $counter, null, 'hidden', $tempID));
$group->addClass('schedulegrp' . $counter);
$counter++;
$section->add($group);
}
}
}
// This is just a marker that the javascript can use to insertBefore() when adding new rows
$section->addInput(new Form_Input('marker', null, 'hidden'))->addClass('noranges');
$form->add($section);
$section->addInput(new Form_Input('ravalidlifetime', 'Default valid lifetime', 'number', $pconfig['ravalidlifetime'], ['min' => 1, 'max' => 655350]))->setHelp('The length of time in seconds (relative to the time the packet is sent) that the prefix is valid for the purpose of on-link determination.' . ' <br />' . 'The default is 86400 seconds.');
$section->addInput(new Form_Input('rapreferredlifetime', 'Default preferred lifetime', 'text', $pconfig['rapreferredlifetime']))->setHelp('Seconds. The length of time in seconds (relative to the time the packet is sent) that addresses generated from the prefix via stateless address autoconfiguration remain preferred.' . ' <br />' . 'The default is 14400 seconds.');
$section->addInput(new Form_Input('raminrtradvinterval', 'Minimum RA interval', 'number', $pconfig['raminrtradvinterval'], ['min' => 3, 'max' => 1350]))->setHelp('The minimum time allowed between sending unsolicited multicast router advertisements in seconds.');
$section->addInput(new Form_Input('ramaxrtradvinterval', 'Maximum RA interval', 'number', $pconfig['ramaxrtradvinterval'], ['min' => 4, 'max' => 1800]))->setHelp('The maximum time allowed between sending unsolicited multicast router advertisements in seconds.');
$section->addInput(new Form_Input('raadvdefaultlifetime', 'Router lifetime', 'number', $pconfig['raadvdefaultlifetime'], ['min' => 1, 'max' => 9000]))->setHelp('The lifetime associated with the default router in seconds.');
$section->addInput(new Form_StaticText('RA Subnets', $subnets_help));
if (empty($pconfig['subnets'])) {
$pconfig['subnets'] = array('0' => '/128');
}
$counter = 0;
$numrows = count($pconfig['subnets']) - 1;
foreach ($pconfig['subnets'] as $subnet) {
$address_name = "subnet_address" . $counter;
$bits_name = "subnet_bits" . $counter;
list($address, $subnet) = explode("/", $subnet);
$group = new Form_Group($counter == 0 ? 'Subnets' : '');
$group->add(new Form_IpAddress($address_name, null, $address))->addMask($bits_name, $subnet);
$group->add(new Form_Button('deleterow' . $counter, 'Delete', null, 'fa-trash'))->removeClass('btn-primary')->addClass('btn-warning');
$group->addClass('repeatable');
$section->add($group);
$counter++;
}
$section->addInput(new Form_Button('addrow', 'Add', null, 'fa-plus'))->addClass('btn-success');
$form->add($section);
$section = new Form_Section('DNS Configuration');
for ($idx = 1; $idx <= 3; $idx++) {
$section->addInput(new Form_IpAddress('radns' . $idx, 'Server ' . $idx, $pconfig['radns' . $idx]))->setPattern('[a-zA-Z0-9_.:]+')->setHelp($idx < 3 ? '' : 'Leave blank to use the system default DNS servers - this interface\'s IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the General page');
}
$section->addInput(new Form_Input('radomainsearchlist', 'Domain search list', 'text', $pconfig['radomainsearchlist']))->setHelp('The RA server can optionally provide a domain search list. Use the semicolon character as separator.');
$section->addInput(new Form_Checkbox('rasamednsasdhcp6', 'Settings', 'Use same settings as DHCPv6 server', $pconfig['rasamednsasdhcp6']));
$section->addInput(new Form_Input('if', null, 'hidden', $if));
if ($pconfig['address'] == "") {
$pconfig['address'] = '';
$pconfig['address_subnet'] = '';
$pconfig['detail'] = '';
}
$counter = 0;
$addresses = explode(" ", $pconfig['address']);
$details = explode("||", $pconfig['detail']);
while ($counter < count($addresses)) {
if ($pconfig['type'] != "host" && is_subnet($addresses[$counter])) {
list($address, $address_subnet) = explode("/", $addresses[$counter]);
} else {
$address = $addresses[$counter];
$address_subnet = "";
}
$group = new Form_Group($counter == 0 ? $label_str[$tab] : '');
$group->addClass('repeatable');
$group->add(new Form_IpAddress('address' . $counter, 'Address', $address))->addMask('address_subnet' . $counter, $address_subnet)->setWidth(4)->setPattern('[0-9, a-z, A-Z and .');
$group->add(new Form_Input('detail' . $counter, 'Description', 'text', $details[$counter]))->setWidth(4);
$group->add(new Form_Button('deleterow' . $counter, 'Delete'))->removeClass('btn-primary')->addClass('btn-warning');
$section->add($group);
$counter++;
}
$form->addGlobal(new Form_Button('addrow', $btn_str[$tab]))->removeClass('btn-primary')->addClass('btn-success addbtn');
$form->add($section);
print $form;
?>
<script>
//<![CDATA[
events.push(function(){
}
}
$css = array_merge($pfscss, $betacss, $usrcss);
foreach ($css as $file) {
$file = basename($file);
$csslist[$file] = pathinfo($file, PATHINFO_FILENAME);
}
}
if (!isset($pconfig['webguicss']) || !isset($csslist[$pconfig['webguicss']])) {
$pconfig['webguicss'] = "pfSense.css";
}
$section = new Form_Section('webConfigurator');
$section->addInput(new Form_Select('webguicss', 'Theme', $pconfig['webguicss'], $csslist))->setHelp(sprintf(gettext('Choose an alternative css file (if installed) to change the appearance of the webConfigurator. css files are located in /usr/local/www/css/%s'), '<span id="csstxt"></span>'));
$section->addInput(new Form_Select('webguifixedmenu', 'Top Navigation', $pconfig['webguifixedmenu'], ["" => gettext("Scrolls with page"), "fixed" => gettext("Fixed (Remains visible at top of page)")]))->setHelp("The fixed option is intended for large screens only.");
$section->addInput(new Form_Input('dashboardcolumns', 'Dashboard Columns', 'number', $pconfig['dashboardcolumns'], [min => 1, max => 4]));
$group = new Form_Group('Associated Panels Show/Hide');
$group->add(new Form_Checkbox('dashboardavailablewidgetspanel', null, 'Available Widgets', $pconfig['dashboardavailablewidgetspanel']))->setHelp('Show the Available Widgets panel on the Dashboard.');
$group->add(new Form_Checkbox('systemlogsfilterpanel', null, 'Log Filter', $pconfig['systemlogsfilterpanel']))->setHelp('Show the Log Filter panel in System Logs.');
$group->add(new Form_Checkbox('systemlogsmanagelogpanel', null, 'Manage Log', $pconfig['systemlogsmanagelogpanel']))->setHelp('Show the Manage Log panel in System Logs.');
$group->add(new Form_Checkbox('statusmonitoringsettingspanel', null, 'Monitoring Settings', $pconfig['statusmonitoringsettingspanel']))->setHelp('Show the Settings panel in Status Monitoring.');
$group->setHelp('These options allow certain panels to be automatically hidden on page load. A control is provided in the title bar to un-hide the panel.');
$section->add($group);
$section->addInput(new Form_Checkbox('webguileftcolumnhyper', 'Left Column Labels', 'Active', $pconfig['webguileftcolumnhyper']))->setHelp('If selected, clicking a label in the left column will select/toggle the first item of the group.');
$form->add($section);
print $form;
$csswarning = sprintf(gettext("%sUser-created themes are unsupported, use at your own risk."), "<br />");
?>
</div>
<script>
//<![CDATA[
// those which this user is a member of
$systemGroups = array();
$usersGroups = array();
foreach ($config['system']['user'] as $user) {
if (is_array($pconfig['members']) && in_array($user['uid'], $pconfig['members'])) {
$usersGroups[$user['uid']] = $user['name'];
// Add it to the user's list
} else {
$systemGroups[$user['uid']] = $user['name'];
// Add it to the 'not a member of' list
}
}
$group->add(new Form_Select('notmembers', null, array_combine((array) $pconfig['groups'], (array) $pconfig['groups']), $systemGroups, true))->setHelp('Not members');
$group->add(new Form_Select('members', null, array_combine((array) $pconfig['groups'], (array) $pconfig['groups']), $usersGroups, true))->setHelp('Members');
$section->add($group);
$group = new Form_Group('');
$group->add(new Form_Button('movetoenabled', 'Move to "Members" >'))->removeClass('btn-primary')->addClass('btn-default btn-sm');
$group->add(new Form_Button('movetodisabled', '< Move to "Not members'))->removeClass('btn-primary')->addClass('btn-default btn-sm');
$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
$section->add($group);
}
if ($_GET['act'] != "new") {
$section = new Form_Section('Assigned Privileges');
$section->addInput(new Form_StaticText(null, build_priv_table()));
$form->add($section);
}
print $form;
?>
<script type="text/javascript">
//<![CDATA[
events.push(function() {
if ($savemsg) {
print_info_box($savemsg, 'success');
}
$tab_array = array();
$tab_array[] = array(gettext("Admin Access"), true, "system_advanced_admin.php");
$tab_array[] = array(gettext("Firewall / NAT"), false, "system_advanced_firewall.php");
$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
display_top_tabs($tab_array);
?>
<div id="container"><?php
$form = new Form();
$section = new Form_Section('WebConfigurator');
$group = new Form_Group('Protocol');
$group->add(new Form_Checkbox('webguiproto', 'Protocol', 'HTTP', $pconfig['webguiproto'] == 'http', 'http'))->displayAsRadio();
$group->add(new Form_Checkbox('webguiproto', 'Protocol', 'HTTPS', $pconfig['webguiproto'] == 'https', 'https'))->displayAsRadio();
$group->setHelp($certs_available ? '' : 'No Certificates have been defined. You must ' . '<a href="system_certmanager.php">' . gettext("Create or Import") . '</a> ' . 'a Certificate before SSL can be enabled.');
$section->add($group);
$values = array();
foreach ($a_cert as $cert) {
$values[$cert['refid']] = $cert['descr'];
}
$section->addInput($input = new Form_Select('ssl-certref', 'SSL Certificate', $pconfig['ssl-certref'], $values));
$section->addInput(new Form_Input('webguiport', 'TCP port', 'number', $config['system']['webgui']['port'], ['min' => 1, 'max' => 65535]))->setHelp('Enter a custom port number for the webConfigurator ' . 'above if you want to override the default (80 for HTTP, 443 ' . 'for HTTPS). Changes will take effect immediately after save.');
$section->addInput(new Form_Input('max_procs', 'Max Processes', 'number', $pconfig['max_procs']))->setHelp('Enter the number of webConfigurator processes you ' . 'want to run. This defaults to 2. Increasing this will allow more ' . 'users/browsers to access the GUI concurrently.');
$section->addInput(new Form_Checkbox('disablehttpredirect', 'WebGUI redirect', 'Disable webConfigurator redirect rule', $pconfig['disablehttpredirect']))->setHelp('When this is unchecked, access to the webConfigurator ' . 'is always permitted even on port 80, regardless of the listening port configured. ' . 'Check this box to disable this automatically added redirect rule.');
$section->addInput(new Form_Checkbox('loginautocomplete', 'WebGUI Login Autocomplete', 'Enable webConfigurator login autocomplete', $pconfig['loginautocomplete']))->setHelp('When this is checked, login credentials for the webConfigurator may ' . 'be saved by the browser. While convenient, some security standards require this ' . 'to be disabled. Check this box to enable autocomplete on the login form so that ' . 'browsers will prompt to save credentials (NOTE: Some browsers do not respect ' . 'this option).');
$section->addInput(new Form_Checkbox('quietlogin', 'WebGUI login messages', 'Disable logging of webConfigurator successful logins', $pconfig['quietlogin']))->setHelp('When this is checked, successful logins to the webConfigurator will ' . 'not be logged.');
if ($config['interfaces']['lan']) {
}
}
break;
case "rowhelper":
$rowhelpername = "row";
$rowcounter = 0;
$trc = 0;
//Use assigned $a_pkg or create an empty array to enter loop
if (isset($a_pkg[$id][$rowhelpername])) {
$saved_rows = $a_pkg[$id][$rowhelpername];
} else {
$saved_rows[] = array();
}
$numrows = count($saved_rows) - 1;
foreach ($saved_rows as $row) {
$group = new Form_Group($rowcounter == 0 ? $pkga['fielddescr'] : null);
$group->addClass('repeatable');
foreach ($pkga['rowhelper']['rowhelperfield'] as $rowhelper) {
unset($value);
$width = null;
if ($rowhelper['value'] != "") {
$value = $rowhelper['value'];
}
$fieldname = $rowhelper['fieldname'];
$fielddescr = $rowhelper['fielddescr'];
// if user is editing a record, load in the data.
if (isset($id) && $a_pkg[$id]) {
$value = $row[$fieldname];
}
$type = $rowhelper['type'];
if ($type == "input" || $type == "password" || $type == "textarea") {
$section->addInput(new Form_Input('domain', 'Domain name', 'text', $pconfig['domain']))->setHelp('The default is to use the domain name of this system as the default domain name provided by DHCP. You may specify an alternate domain name here. ');
$section->addInput(new Form_Input('domainsearchlist', 'Domain search list', 'text', $pconfig['domainsearchlist']))->setHelp('The DHCP server can optionally provide a domain search list. Use the semicolon character as separator');
$section->addInput(new Form_Input('deftime', 'Default lease time (Seconds)', 'text', $pconfig['deftime']))->setHelp('Used for clients that do not ask for a specific expiration time. The default is 7200 seconds.');
$section->addInput(new Form_Input('maxtime', 'Maximum lease time (Seconds)', 'text', $pconfig['maxtime']))->setHelp('This is the maximum lease time for clients that ask for a specific expiration time. The default is 86400 seconds.');
$btndyndns = new Form_Button('btndyndns', 'Advanced');
$btndyndns->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('Dynamic DNS', $btndyndns . ' ' . 'Show dynamic DNS settings'));
$section->addInput(new Form_Checkbox('ddnsupdate', 'DHCP Registration', 'Enable registration of DHCP client names in DNS.', $pconfig['ddnsupdate']));
$section->addInput(new Form_Input('ddnsdomain', 'DDNS Domain', 'text', $pconfig['ddnsdomain']))->setHelp('Leave blank to disable dynamic DNS registration. Enter the dynamic DNS domain which will be used to register client names in the DNS server.');
$section->addInput(new Form_IpAddress('ddnsdomainprimary', 'DDNS Server IP', $pconfig['ddnsdomainprimary']))->setHelp('Enter the primary domain name server IP address for the dynamic domain name.');
$section->addInput(new Form_Input('ddnsdomainkeyname', 'DDNS Domain Key name', 'text', $pconfig['ddnsdomainkeyname']))->setHelp('Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.');
$section->addInput(new Form_Input('ddnsdomainkey', 'DDNS Domain Key secret', 'text', $pconfig['ddnsdomainkey']))->setHelp('Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.');
$btnntp = new Form_Button('btnntp', 'Advanced');
$btnntp->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('NTP servers', $btnntp . ' ' . 'Show NTP Configuration'));
$group = new Form_Group('NTP Servers');
$group->add(new Form_Input('ntp1', 'NTP Server 1', 'text', $pconfig['ntp1'], ['placeholder' => 'NTP 1']));
$group->add(new Form_Input('ntp2', 'NTP Server 2', 'text', $pconfig['ntp2'], ['placeholder' => 'NTP 2']));
$group->addClass('ntpclass');
$section->add($group);
$btntftp = new Form_Button('btntftp', 'Advanced');
$btntftp->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('TFTP servers', $btntftp . ' ' . 'Show TFTP Configuration'));
$section->addInput(new Form_Input('tftp', 'TFTP Server', 'text', $pconfig['tftp']))->setHelp('Leave blank to disable. Enter a full hostname or IP for the TFTP server.');
$form->add($section);
print $form;
?>
<script type="text/javascript">
//<![CDATA[
events.push(function() {
$btnadv->setAttribute('type', 'button')->addClass('btn-info btn-sm');
$section->addInput(new Form_StaticText('Advanced options', $btnadv));
$form->add($section);
$section = new Form_Section('Advanced Configuration');
$section->addClass('adnlopts');
$section->addInput(new Form_Checkbox('ondemand', 'Dial On Demand', 'Enable Dial-on-Demand mode. ', $pconfig['ondemand']))->setHelp('Causes the interface to operate in dial-on-demand mode. Do NOT enable if the link is to remain continuously connected. ' . 'The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.');
$section->addInput(new Form_Input('idletimeout', 'Idle Timeout', 'text', $pconfig['idletimeout']))->setHelp('If no incoming or outgoing packets are transmitted for the entered number of seconds the connection is brought down.' . " " . 'When the idle timeout occurs, if the dial-on-demand option is enabled, mpd goes back into dial-on-demand mode. ' . 'Otherwise, the interface is brought down and all associated routes removed.');
$section->addInput(new Form_Checkbox('vjcomp', 'Compression', 'Disable vjcomp (compression, auto-negotiated by default).', $pconfig['vjcomp']))->setHelp('Disable vjcomp(compression) (auto-negotiated by default).' . '<br />' . 'This option enables Van Jacobson TCP header compression, which saves several bytes per TCP data packet.' . " " . 'This option is almost always required. Compression is not effective for TCP connections with enabled modern extensions like time ' . 'stamping or SACK, which modify TCP options between sequential packets.');
$section->addInput(new Form_Checkbox('tcpmssfix', 'TCPmssFix', 'Disable tcpmssfix (enabled by default).', $pconfig['tcpmssfix']))->setHelp('Causes mpd to adjust incoming and outgoing TCP SYN segments so that the requested maximum segment size is not greater than the amount ' . 'allowed by the interface MTU. This is necessary in many setups to avoid problems caused by routers that drop ICMP Datagram Too Big messages. Without these messages, ' . 'the originating machine sends data, it passes the rogue router then hits a machine that has an MTU that is not big enough for the data. Because the IP Don\'t Fragment option is set, ' . 'this machine sends an ICMP Datagram Too Big message back to the originator and drops the packet. The rogue router drops the ICMP message and the originator never ' . 'gets to discover that it must reduce the fragment size or drop the IP Don\'t Fragment option from its outgoing data.');
$section->addInput(new Form_Checkbox('shortseq', 'ShortSeq', 'Disable shortseq (auto-negotiated by default).', $pconfig['shortseq']))->setHelp('This option is only meaningful if multi-link PPP is negotiated. It proscribes shorter multi-link fragment headers, saving two bytes on every frame. ' . 'It is not necessary to disable this for connections that are not multi-link.');
$section->addInput(new Form_Checkbox('acfcomp', 'ACFComp', 'Disable ACF compression (auto-negotiated by default)', $pconfig['acfcomp']))->setHelp('Address and control field compression. This option only applies to asynchronous link types. It saves two bytes per frame.');
$section->addInput(new Form_Checkbox('protocomp', 'ProtoComp', 'Disable Protocol compression (auto-negotiated by default)', $pconfig['protocomp']))->setHelp('Protocol field compression. This option saves one byte per frame for most frames.');
// Display the Link parameters. We will hide this by default, then un-hide the selected ones on clicking 'Advanced'
$j = 0;
foreach ($linklist['list'] as $ifnm => $nm) {
$group = new Form_Group('Link Parameters (' . $ifnm . ')');
$group->add(new Form_Input('bandwidth' . $ifnm, null, 'text', $pconfig['bandwidth'][$ifnm]))->setHelp('Bandwidth');
$group->add(new Form_Input('mtu' . $ifnm, null, 'text', $pconfig['mtu'][$ifnm]))->setHelp('MTU');
$group->add(new Form_Input('mru' . $ifnm, null, 'text', $pconfig['mru'][$ifnm]))->setHelp('MRU');
$group->add(new Form_Input('mrru' . $ifnm, null, 'text', $pconfig['mrru'][$ifnm]))->setHelp('MRRU');
$j++;
$section->add($group);
$group->addClass('localip sec-advanced')->addClass('linkparam' . $ifnm);
}
$linkparamhelp = new Form_StaticText(null, '<span id="linkparamhelp">' . $linkparamstr . '</span>');
$section->addInput($linkparamhelp);
$form->add($section);
$form->addGlobal(new Form_Input('ptpid', null, 'hidden', $pconfig['ptpid']));
if (isset($id) && $a_ppps[$id]) {
$form->addGlobal(new Form_Input('id', null, 'hidden', $id));
}
