function dhcpv6_apply_changes($dhcpdv6_enable_changed)
{
$retval = 0;
$retvaldhcp = 0;
$retvaldns = 0;
/* Stop DHCPv6 so we can cleanup leases */
killbypid("{$g['dhcpd_chroot_path']}{$g['varrun_path']}/dhcpdv6.pid");
// dhcp_clean_leases();
/* dnsmasq_configure calls dhcpd_configure */
/* no need to restart dhcpd twice */
if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) {
$retvaldns = services_dnsmasq_configure();
if ($retvaldns == 0) {
clear_subsystem_dirty('hosts');
clear_subsystem_dirty('staticmaps');
}
} else {
if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) {
$retvaldns = services_unbound_configure();
if ($retvaldns == 0) {
clear_subsystem_dirty('unbound');
clear_subsystem_dirty('staticmaps');
}
} else {
$retvaldhcp = services_dhcpd_configure();
if ($retvaldhcp == 0) {
clear_subsystem_dirty('staticmaps');
}
}
}
if ($dhcpdv6_enable_changed) {
$retvalfc = filter_configure();
}
if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) {
$retval = 1;
}
return get_std_save_message($retval);
}
}
if (is_array($config['pppoes']['pppoe'])) {
foreach ($config['pppoes']['pppoe'] as $pppoe) {
if ($pppoe['pppoeid'] == $pppoeid) {
vpn_pppoe_configure($pppoe);
break;
}
}
}
}
@unlink('/tmp/.vpn_pppoe.apply');
}
$retval = 0;
$retval |= filter_configure();
$savemsg = get_std_save_message($retval);
clear_subsystem_dirty('vpnpppoe');
}
}
if ($_GET['act'] == "del") {
if ($a_pppoes[$_GET['id']]) {
killbypid("/var/run/pppoe{$a_pppoes[$_GET['id']]['pppoeid']}-vpn.pid");
mwexecf('/bin/rm -r %s', "/var/etc/pppoe{$a_pppoes[$_GET['id']]['pppoeid']}");
unset($a_pppoes[$_GET['id']]);
write_config();
header("Location: vpn_pppoe.php");
exit;
}
}
$pgtitle = array(gettext("VPN"), gettext("PPPoE"));
$shortcut_section = "pppoes";
include "head.inc";
require_once "shaper.inc";
require_once "vslb.inc";
if (!is_array($config['load_balancer']['virtual_server'])) {
$config['load_balancer']['virtual_server'] = array();
}
$a_vs =& $config['load_balancer']['virtual_server'];
if ($_POST) {
$pconfig = $_POST;
if ($_POST['apply']) {
$retval = 0;
$retval |= filter_configure();
$retval |= relayd_configure();
$savemsg = get_std_save_message($retval);
/* Wipe out old relayd anchors no longer in use. */
cleanup_lb_marked();
clear_subsystem_dirty('loadbalancer');
}
}
if ($_GET['act'] == "del") {
if (array_key_exists($_GET['id'], $a_vs)) {
if (!$input_errors) {
cleanup_lb_mark_anchor($a_vs[$_GET['id']]['name']);
unset($a_vs[$_GET['id']]);
write_config();
mark_subsystem_dirty('loadbalancer');
header("Location: load_balancer_virtual_server.php");
exit;
}
}
}
/* Index lbpool array for easy hyperlinking */
interface_bring_down($ifapply, true, $ifcfgo);
if (isset($config['dhcpd'][$ifapply]['enable']) || isset($config['dhcpdv6'][$ifapply]['enable'])) {
services_dhcpd_configure();
}
}
}
}
/* restart snmp so that it binds to correct address */
services_snmpd_configure();
/* sync filter configuration */
setup_gateways_monitor();
clear_subsystem_dirty('interfaces');
filter_configure();
enable_rrd_graphing();
if (is_subsystem_dirty('staticroutes') && system_routing_configure() == 0) {
clear_subsystem_dirty('staticroutes');
}
}
@unlink("{$g['tmp_path']}/.interfaces.apply");
header("Location: interfaces.php?if={$if}");
exit;
} else {
if ($_POST && $_POST['enable'] != "yes") {
unset($wancfg['enable']);
if (isset($wancfg['wireless'])) {
interface_sync_wireless_clones($wancfg, false);
}
write_config("Interface {$_POST['descr']}({$if}) is now disabled.");
mark_subsystem_dirty('interfaces');
if (file_exists("{$g['tmp_path']}/.interfaces.apply")) {
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply"));
} else {
$input_errors[] = gettext("The configuration could not be restored.");
}
}
}
} else {
$input_errors[] = gettext("The configuration could not be restored (file upload error).");
}
}
}
if ($mode == "reinstallpackages") {
header("Location: pkg_mgr_install.php?mode=reinstallall");
exit;
} else {
if ($mode == "clearpackagelock") {
clear_subsystem_dirty('packagelock');
$savemsg = "Package Lock Cleared";
} else {
if ($mode == "restore_ver") {
$input_errors[] = gettext("XXX - this feature may hose your config (do NOT backrev configs!) - billm");
if ($ver2restore != "") {
$conf_file = "{$g['cf_conf_path']}/bak/config-" . strtotime($ver2restore) . ".xml";
if (config_install($conf_file) == 0) {
mark_subsystem_dirty("restore");
} else {
$input_errors[] = gettext("The configuration could not be restored.");
}
} else {
$input_errors[] = gettext("No version selected.");
}
}
} else {
if ($_POST['apply']) {
write_config();
$retval = 0;
$retval = filter_configure();
$savemsg = get_std_save_message($retval);
if (stristr($retval, "error") != true) {
$savemsg = get_std_save_message($retval);
} else {
$savemsg = $retval;
}
/* reset rrd queues */
system("rm -f /var/db/rrd/*queuedrops.rrd");
system("rm -f /var/db/rrd/*queues.rrd");
enable_rrd_graphing();
clear_subsystem_dirty('shaper');
if ($queue) {
$output_form .= $queue->build_form();
$dontshow = false;
} else {
$output_form .= $default_shaper_message;
$dontshow = true;
}
} else {
if ($queue) {
$queue->validate_input($_POST, &$input_errors);
if (!$input_errors) {
$queue->update_altq_queue_data($_POST);
$queue->wconfig();
write_config();
mark_subsystem_dirty('shaper');
require_once "vpn.inc";
if (!isset($config['l2tp']['user'])) {
$config['l2tp']['user'] = array();
}
$a_secret =& $config['l2tp']['user'];
if ($_POST) {
$pconfig = $_POST;
if ($_POST['apply']) {
$retval = 0;
if (!is_subsystem_dirty('rebootreq')) {
$retval = vpn_l2tp_configure();
}
$savemsg = get_std_save_message();
if ($retval == 0) {
if (is_subsystem_dirty('l2tpusers')) {
clear_subsystem_dirty('l2tpusers');
}
}
}
}
if ($_GET['act'] == "del") {
if ($a_secret[$_GET['id']]) {
unset($a_secret[$_GET['id']]);
write_config();
mark_subsystem_dirty('l2tpusers');
header("Location: vpn_l2tp_users.php");
exit;
}
}
include "head.inc";
$main_buttons = array(array('label' => gettext("add user"), 'href' => 'vpn_l2tp_users_edit.php'));
if (isset($_POST['act'])) {
$act = $_POST['act'];
} else {
$act = null;
}
$pconfig = $_POST;
if (isset($id) && $act == "del") {
unset($a_tunable[$id]);
write_config();
mark_subsystem_dirty('sysctl');
header("Location: system_advanced_sysctl.php");
exit;
} else {
if (!empty($pconfig['apply'])) {
system_setup_sysctl();
clear_subsystem_dirty('sysctl');
header("Location: system_advanced_sysctl.php");
exit;
} elseif (!empty($pconfig['Submit'])) {
$tunableent = array();
$tunableent['tunable'] = $pconfig['tunable'];
$tunableent['value'] = $pconfig['value'];
$tunableent['descr'] = $pconfig['descr'];
if (isset($id)) {
$a_tunable[$id] = $tunableent;
} else {
$a_tunable[] = $tunableent;
}
mark_subsystem_dirty('sysctl');
write_config();
header("Location: system_advanced_sysctl.php");
##|-PRIV
require "guiconfig.inc";
require_once "vpn.inc";
if (!is_array($config['pptpd']['user'])) {
$config['pptpd']['user'] = array();
}
$a_secret =& $config['pptpd']['user'];
if ($_POST) {
$pconfig = $_POST;
if ($_POST['apply']) {
$retval = 0;
$retval = vpn_setup();
$savemsg = get_std_save_message($retval);
if ($retval == 0) {
if (is_subsystem_dirty('pptpusers')) {
clear_subsystem_dirty('pptpusers');
}
}
}
}
if ($_GET['act'] == "del") {
if ($a_secret[$_GET['id']]) {
unset($a_secret[$_GET['id']]);
write_config();
mark_subsystem_dirty('pptpusers');
header("Location: vpn_pptp_users.php");
exit;
}
}
$pgtitle = array(gettext("VPN"), gettext("VPN PPTP"), gettext("Users"));
$shortcut_section = "pptps";
mark_subsystem_dirty("restore");
break;
}
}
}
setup_serial_port();
if (is_interface_mismatch() == true) {
touch("/var/run/interface_mismatch_reboot_needed");
clear_subsystem_dirty("restore");
convert_config();
header("Location: interfaces_assign.php");
exit;
}
if (is_interface_vlan_mismatch() == true) {
touch("/var/run/interface_mismatch_reboot_needed");
clear_subsystem_dirty("restore");
convert_config();
header("Location: interfaces_assign.php");
exit;
}
} else {
$input_errors[] = gettext("The configuration could not be restored.");
}
}
}
} else {
$input_errors[] = gettext("The configuration could not be restored (file upload error).");
}
}
} elseif ($mode == "restore_ver") {
$input_errors[] = gettext("XXX - this feature may hose your config (do NOT backrev configs!) - billm");
$natent['iprep_nested_ip'] = $_POST['iprep_nested_ip'];
$natent['iprep_white'] = $_POST['iprep_white'];
$a_nat[$id] = $natent;
write_config("Snort pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}.");
// Update the snort conf file for this interface
$rebuild_rules = false;
conf_mount_rw();
snort_generate_conf($a_nat[$id]);
conf_mount_ro();
// Soft-restart Snort to live-load new variables
snort_reload_config($a_nat[$id]);
$pconfig = $natent;
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('snort_iprep');
} else {
$pconfig = $_POST;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} IP Reputation Preprocessor");
include_once "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
/* Display Alert message */
if ($input_errors) {
print_input_errors($input_errors);
clear_subsystem_dirty('firmware');
} else {
if ($mode == "upgrade") {
if ($_FILES['ulfile']['error']) {
$errortext = "(" . file_upload_error_message($_FILES['ulfile']['error']) . ")";
}
if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) {
/* verify firmware image(s) */
if (file_is_for_platform($_FILES['ulfile']['tmp_name'], $_FILES['ulfile']['name']) == false && !$_POST['sig_override']) {
$input_errors[] = gettext("The uploaded image file is not for this platform.");
} else {
if (!file_exists($_FILES['ulfile']['tmp_name'])) {
/* probably out of memory for the MFS */
$input_errors[] = gettext("Image upload failed (out of memory?)");
mwexec("/etc/rc.firmware disable");
clear_subsystem_dirty('firmware');
} else {
/* move the image so PHP won't delete it */
rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz");
/* check digital signature */
$sigchk = verify_digital_signature("{$g['upload_path']}/firmware.tgz");
if ($sigchk == 1) {
$sig_warning = gettext("The digital signature on this image is invalid.");
} else {
if ($sigchk == 2 && !isset($config['system']['firmware']['allowinvalidsig'])) {
$sig_warning = gettext("This image is not digitally signed.");
} else {
if ($sigchk >= 3) {
$sig_warning = gettext("There has been an error verifying the signature on this image.");
}
}
} elseif ($_POST['apply']) {
/* Save new configuration */
write_config("Suricata pkg: new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the suricata.yaml file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
suricata_generate_yaml($a_rule[$id]);
conf_mount_ro();
$rebuild_rules = false;
/* Signal Suricata to "live reload" the rules */
suricata_reload_config($a_rule[$id]);
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('suricata_rules');
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
}
include_once "head.inc";
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} - Rules: {$currentruleset}");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
?>
<form action='/suricata/suricata_rules.php' method='post' name='iform' id='iform'>
<input type='hidden' name='id' id='id' value='<?php
$config['aliases']['alias'] = array();
}
$a_aliases =& $config['aliases']['alias'];
$tab = $_REQUEST['tab'] == "" ? "ip" : preg_replace("/\\W/", "", $_REQUEST['tab']);
if ($_POST) {
if ($_POST['apply']) {
$retval = 0;
/* reload all components that use aliases */
$retval = filter_configure();
if (stristr($retval, "error") != true) {
$savemsg = get_std_save_message($retval);
} else {
$savemsg = $retval;
}
if ($retval == 0) {
clear_subsystem_dirty('aliases');
}
}
}
if ($_GET['act'] == "del") {
if ($a_aliases[$_GET['id']]) {
/* make sure rule is not being referenced by any nat or filter rules */
$is_alias_referenced = false;
$referenced_by = false;
$alias_name = $a_aliases[$_GET['id']]['name'];
// Firewall rules
find_alias_reference(array('filter', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
find_alias_reference(array('filter', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
find_alias_reference(array('filter', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by);
find_alias_reference(array('filter', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by);
// NAT Rules
if ($_POST['apply']) {
/* Save new configuration */
write_config("Snort pkg: save new rules configuration for {$a_rule[$id]['interface']}.");
/*************************************************/
/* Update the snort conf file and rebuild the */
/* rules for this interface. */
/*************************************************/
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($a_rule[$id]);
conf_mount_ro();
$rebuild_rules = false;
/* Soft-restart Snort to live-load new rules */
snort_reload_config($a_rule[$id]);
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('snort_rules');
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
if (snort_is_running($snort_uuid, $if_real)) {
$savemsg = gettext("Snort is 'live-reloading' the new rule set.");
}
}
}
}
include_once "head.inc";
$if_friendly = convert_friendly_interface_to_friendly_descr($a_rule[$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - Rules: {$currentruleset}");
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
interface_proxyarp_configure($a_vip[$vid]['interface']);
break;
case "carp":
interface_carp_configure($a_vip[$vid]);
break;
default:
break;
}
}
}
@unlink('/tmp/.firewall_virtual_ip.apply');
}
$retval = 0;
$retval |= filter_configure();
$savemsg = get_std_save_message($retval);
clear_subsystem_dirty('vip');
}
}
if ($_GET['act'] == "del") {
if ($a_vip[$_GET['id']]) {
/* make sure no inbound NAT mappings reference this entry */
if (is_array($config['nat']['rule'])) {
foreach ($config['nat']['rule'] as $rule) {
if ($rule['destination']['address'] != "") {
if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) {
$input_errors[] = gettext("This entry cannot be deleted because it is still referenced by at least one NAT mapping.");
break;
}
}
}
}
if (!is_array($config['igmpproxy']['igmpentry'])) {
$config['igmpproxy']['igmpentry'] = array();
}
//igmpproxy_sort();
$a_igmpproxy =& $config['igmpproxy']['igmpentry'];
if ($_POST) {
$pconfig = $_POST;
$retval = 0;
/* reload all components that use igmpproxy */
$retval = services_igmpproxy_configure();
if (stristr($retval, "error") != true) {
$savemsg = get_std_save_message($retval);
} else {
$savemsg = $retval;
}
clear_subsystem_dirty('igmpproxy');
}
if ($_GET['act'] == "del") {
if ($a_igmpproxy[$_GET['id']]) {
unset($a_igmpproxy[$_GET['id']]);
write_config();
mark_subsystem_dirty('igmpproxy');
header("Location: services_igmpproxy.php");
exit;
}
}
$pgtitle = array(gettext("Services"), gettext("IGMP Proxy"));
include "head.inc";
if ($savemsg) {
print_info_box($savemsg, 'success');
}
$actsmbl = array('pass' => '<font color="green" size="4">✔</font> ' . gettext("Pass"), 'block' => '<font color="red" size="4">✘</font> ' . gettext("Block"));
if ($_POST) {
$pconfig = $_POST;
if ($_POST['apply']) {
$retval = 0;
if (is_array($a_cp[$cpzone]['passthrumac'])) {
$cpzoneid = $a_cp[$cpzone]['cpzoneid'];
$rules = captiveportal_passthrumac_configure();
if (!empty($rules)) {
@file_put_contents("{$g['tmp_path']}/passthrumac_gui", $rules);
mwexec("/sbin/ipfw -x {$cpzoneid} {$g['tmp_path']}/passthrumac_gui");
@unlink("{$g['tmp_path']}/passthrumac_gui");
}
$savemsg = get_std_save_message($retval);
if ($retval == 0) {
clear_subsystem_dirty('passthrumac');
}
}
}
if ($_POST['postafterlogin']) {
if (!is_array($a_passthrumacs)) {
echo gettext("No entry exists yet!") . "\n";
exit;
}
if (empty($_POST['zone'])) {
echo gettext("Please set the zone on which the operation should be allowed");
exit;
}
if (!is_array($a_cp[$cpzone]['passthrumac'])) {
$a_cp[$cpzone]['passthrumac'] = array();
}
$rebuild_rules = false;
/* If 'preproc_auto_rule_disable' is off, then clear log file */
if ($natent['preproc_auto_rule_disable'] == 'off') {
unlink_if_exists("{$snortlogdir}/{$disabled_rules_log}");
}
/*******************************************************/
/* Signal Snort to reload Host Attribute Table if one */
/* is configured and saved. */
/*******************************************************/
if ($natent['host_attribute_table'] == "on" && !empty($natent['host_attribute_data'])) {
snort_reload_config($natent, "SIGURG");
}
/* Sync to configured CARP slaves if any are enabled */
snort_sync_on_changes();
// We have saved changes, so clear "dirty" flag
clear_subsystem_dirty('snort_preprocessors');
/* after click go to this page */
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header("Location: snort_preprocessors.php?id={$id}");
exit;
} else {
$pconfig = $_POST;
}
}
if ($_POST['btn_import']) {
if (is_uploaded_file($_FILES['host_attribute_file']['tmp_name'])) {
$data = file_get_contents($_FILES['host_attribute_file']['tmp_name']);
if (write_config()) {
mark_subsystem_dirty('natconf');
}
header("Location: firewall_nat_1to1.php");
exit;
}
}
if ($_POST) {
$pconfig = $_POST;
if ($_POST['apply']) {
$retval = 0;
$retval |= filter_configure();
$savemsg = get_std_save_message($retval);
if ($retval == 0) {
clear_subsystem_dirty('natconf');
clear_subsystem_dirty('filter');
}
}
}
if ($_GET['act'] == "del") {
if ($a_1to1[$_GET['id']]) {
unset($a_1to1[$_GET['id']]);
if (write_config()) {
mark_subsystem_dirty('natconf');
}
header("Location: firewall_nat_1to1.php");
exit;
}
}
if (isset($_POST['del_x'])) {
/* delete selected rules */
}
$a_hosts =& $config['dnsmasq']['hosts'];
$a_domainOverrides =& $config['dnsmasq']['domainoverrides'];
if ($_POST) {
if ($_POST['apply']) {
$retval = 0;
$retval = services_dnsmasq_configure();
$savemsg = get_std_save_message($retval);
// Reload filter (we might need to sync to CARP hosts)
filter_configure();
/* Update resolv.conf in case the interface bindings exclude localhost. */
system_resolvconf_generate();
/* Start or restart dhcpleases when it's necessary */
system_dhcpleases_configure();
if ($retval == 0) {
clear_subsystem_dirty('hosts');
}
} else {
$pconfig = $_POST;
unset($input_errors);
$config['dnsmasq']['enable'] = $_POST['enable'] ? true : false;
$config['dnsmasq']['regdhcp'] = $_POST['regdhcp'] ? true : false;
$config['dnsmasq']['regdhcpstatic'] = $_POST['regdhcpstatic'] ? true : false;
$config['dnsmasq']['dhcpfirst'] = $_POST['dhcpfirst'] ? true : false;
$config['dnsmasq']['strict_order'] = $_POST['strict_order'] ? true : false;
$config['dnsmasq']['domain_needed'] = $_POST['domain_needed'] ? true : false;
$config['dnsmasq']['no_private_reverse'] = $_POST['no_private_reverse'] ? true : false;
$config['dnsmasq']['custom_options'] = str_replace("\r\n", "\n", $_POST['custom_options']);
$config['dnsmasq']['strictbind'] = $_POST['strictbind'] ? true : false;
if (isset($_POST['enable']) && isset($config['unbound']['enable'])) {
if ($_POST['port'] == $config['unbound']['port']) {
$pconfig['save_passwd'] = true;
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input_errors = array();
$pconfig = $_POST;
if (isset($_POST['create'])) {
// create new phase1 entry
header("Location: vpn_ipsec_phase1.php?mobile=true");
} elseif (isset($_POST['apply'])) {
// apply changes
$retval = 0;
$retval = vpn_ipsec_configure();
$savemsg = get_std_save_message();
if ($retval >= 0) {
if (is_subsystem_dirty('ipsec')) {
clear_subsystem_dirty('ipsec');
}
}
} elseif (isset($_POST['submit'])) {
// save form changes
// input preparations
if (!empty($pconfig['user_source'])) {
$pconfig['user_source'] = implode(",", $pconfig['user_source']);
}
/* input validation */
$reqdfields = explode(" ", "user_source group_source");
$reqdfieldsn = array(gettext("User Authentication Source"), gettext("Group Authentication Source"));
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (!empty($pconfig['pool_address']) && !is_ipaddr($pconfig['pool_address'])) {
$input_errors[] = gettext("A valid IP address for 'Virtual Address Pool Network' must be specified.");
}
$a_acls[$id]['aclname'] = $pconfig['aclname'];
$a_acls[$id]['aclaction'] = $pconfig['aclaction'];
$a_acls[$id]['description'] = $pconfig['description'];
$a_acls[$id]['row'] = array();
foreach ($networkacl as $acl) {
$a_acls[$id]['row'][] = $acl;
}
write_config();
mark_subsystem_dirty("unbound");
//unbound_reconfigure();
}
pfSenseHeader("/services_unbound_acls.php");
exit;
}
if ($pconfig['apply']) {
clear_subsystem_dirty("unbound");
$retval = 0;
$retval = unbound_reconfigure();
$savemsg = get_std_save_message($retval);
}
}
}
$pgtitle = "Services: DNS Resolver: Access Lists";
include "head.inc";
?>
<script type="text/javascript" src="/javascript/row_helper.js">
</script>
<script type="text/javascript">
function mask_field(fieldname, fieldsize, n) {
if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) {
$retvaldns = services_dnsmasq_configure();
if ($retvaldns == 0) {
clear_subsystem_dirty('hosts');
clear_subsystem_dirty('staticmaps');
}
} else {
if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) {
$retvaldns = services_unbound_configure();
if ($retvaldns == 0) {
clear_subsystem_dirty('unbound');
}
} else {
$retvaldhcp = services_dhcpd_configure();
if ($retvaldhcp == 0) {
clear_subsystem_dirty('staticmaps');
}
}
}
if ($dhcpd_enable_changed) {
$retvalfc = filter_configure();
}
if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) {
$retval = 1;
}
$savemsg = get_std_save_message();
}
if ($act == "delpool") {
if ($a_pools[$_GET['id']]) {
unset($a_pools[$_GET['id']]);
write_config();
$pconfig = $_POST;
if ($_POST['apply']) {
$retval = 0;
$retval = system_routing_configure();
send_multiple_events(array("service reload dyndnsall", "service reload ipsecdns", "filter reload"));
/* reconfigure our gateway monitor */
setup_gateways_monitor();
$savemsg = get_std_save_message($retval);
if ($retval == 0) {
clear_subsystem_dirty('staticroutes');
}
foreach ($a_gateway_groups as $gateway_group) {
$gw_subsystem = 'gwgroup.' . $gateway_group['name'];
if (is_subsystem_dirty($gw_subsystem)) {
openvpn_resync_gwgroup($gateway_group['name']);
clear_subsystem_dirty($gw_subsystem);
}
}
}
}
if ($_GET['act'] == "del") {
if ($a_gateway_groups[$_GET['id']]) {
$changedesc .= sprintf(gettext("removed gateway group %s"), $_GET['id']);
foreach ($config['filter']['rule'] as $idx => $rule) {
if ($rule['gateway'] == $a_gateway_groups[$_GET['id']]['name']) {
unset($config['filter']['rule'][$idx]['gateway']);
}
}
unset($a_gateway_groups[$_GET['id']]);
write_config($changedesc);
mark_subsystem_dirty('staticroutes');
if (empty($a_unboundcfg['outgoing_interface'])) {
$pconfig['outgoing_interface'] = array();
} else {
$pconfig['outgoing_interface'] = explode(",", $a_unboundcfg['outgoing_interface']);
}
if (empty($a_unboundcfg['system_domain_local_zone_type'])) {
$pconfig['system_domain_local_zone_type'] = "transparent";
} else {
$pconfig['system_domain_local_zone_type'] = $a_unboundcfg['system_domain_local_zone_type'];
}
if ($_POST) {
if ($_POST['apply']) {
$retval = services_unbound_configure();
$savemsg = get_std_save_message($retval);
if ($retval == 0) {
clear_subsystem_dirty('unbound');
}
/* Update resolv.conf in case the interface bindings exclude localhost. */
system_resolvconf_generate();
/* Start or restart dhcpleases when it's necessary */
system_dhcpleases_configure();
} else {
$pconfig = $_POST;
unset($input_errors);
if (isset($pconfig['enable']) && isset($config['dnsmasq']['enable'])) {
if ($pconfig['port'] == $config['dnsmasq']['port']) {
$input_errors[] = gettext("The DNS Forwarder is enabled using this port. Choose a non-conflicting port, or disable the DNS Forwarder.");
}
}
if (empty($pconfig['active_interface'])) {
$input_errors[] = gettext("One or more Network Interfaces must be selected for binding.");
// If no errors write to conf
if (!$input_errors) {
$a_nat[$id]['enable_iprep'] = $_POST['enable_iprep'] ? 'on' : 'off';
$a_nat[$id]['host_memcap'] = str_replace(",", "", $_POST['host_memcap']);
$a_nat[$id]['host_hash_size'] = str_replace(",", "", $_POST['host_hash_size']);
$a_nat[$id]['host_prealloc'] = str_replace(",", "", $_POST['host_prealloc']);
write_config("Suricata pkg: modified IP REPUTATION preprocessor settings for {$a_nat[$id]['interface']}.");
// Update the suricata conf file for this interface
$rebuild_rules = false;
conf_mount_rw();
suricata_generate_yaml($a_nat[$id]);
conf_mount_ro();
// Soft-restart Suricata to live-load new variables
suricata_reload_config($a_nat[$id]);
// We have saved changes and done a soft restart, so clear "dirty" flag
clear_subsystem_dirty('suricata_iprep');
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($a_nat[$id]['interface']);
$pgtitle = gettext("Suricata: Interface {$if_friendly} IP Reputation Preprocessor");
include_once "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
?>
<form action="suricata_ip_reputation.php" method="post" name="iform" id="iform" >
<input name="id" type="hidden" value="<?php
echo $id;