}
$ruleValues[$ifent] = $ifdesc . ' net';
$ruleValues[$ifent . 'ip'] = $ifdesc . ' address';
}
$group->add(new Form_Select($type . 'type', $name . ' Type', $type == 'src' ? $pconfig['src'] : $pconfig['dst'], $ruleValues));
$group->add(new Form_IpAddress($type, $name . ' Address', $pconfig[$type]))->addMask($type . 'mask', $pconfig[$type . 'mask'])->setPattern('[0-9, a-z, A-Z and .');
$section->add($group);
if ($type == 'src') {
$section->addInput(new Form_Button('btnsrcadv', 'Show advanced'))->removeClass('btn-primary');
}
$portValues = ['' => '(other)', 'any' => 'any'];
foreach ($wkports as $port => $portName) {
$portValues[$port] = $portName . ' (' . $port . ')';
}
$group = new Form_Group($name . ' port range');
$group->addClass($type . 'portrange');
$group->add(new Form_Select($type . 'beginport', $name . ' port begin', $pconfig[$type . 'beginport'], $portValues))->setHelp('From');
$group->add(new Form_Input($type . 'beginport_cust', null, 'text', isset($portValues[$pconfig[$type . 'beginport']]) ? null : $pconfig[$type . 'beginport']))->setHelp('Custom');
$group->add(new Form_Select($type . 'endport', $name . ' port end', $pconfig[$type . 'endport'], $portValues))->setHelp('To');
$group->add(new Form_Input($type . 'endport_cust', null, 'text', isset($portValues[$pconfig[$type . 'endport']]) ? null : $pconfig[$type . 'endport']))->setHelp('Custom');
if ($type == 'src') {
$group->setHelp('Specify the source port or port range for this rule. This is ' . 'usually random and almost never equal to the destination port range (and ' . 'should usually be <b>any</b>). You can leave the "To" field ' . 'empty if you only want to filter a single port.');
} else {
$group->setHelp('Specify the destination port or port range for this rule. ' . 'You can leave the "To" field empty if you only want to filter a ' . 'single port.');
}
$group->addClass($type == 'src' ? 'srcprtr' : 'dstprtr');
$section->add($group);
$form->add($section);
}
$section = new Form_Section('Extra options');
$section->addInput(new Form_Checkbox('log', 'Log', 'Log packets that are handled by this rule', $pconfig['log']))->setHelp('Hint: the firewall has limited local log space. Don\'t turn on logging ' . 'for everything. If you want to do a lot of logging, consider using a remote ' . 'syslog server (see the <a href="diag_logs_settings.php">Diagnostics: System logs: ' . 'Settings</a> page).');
$section->addInput(new Form_Checkbox('ntp_server_enable', 'NTP Servers', 'Provide an NTP server list to clients', $pconfig['ntp_server_enable']))->toggles('.ntpservers');
$group = new Form_Group(null);
$group->addClass('ntpservers');
$group->add(new Form_Input('ntp_server1', null, 'text', $pconfig['ntp_server1']))->setHelp('Server 1');
$group->add(new Form_Input('ntp_server2', null, 'text', $pconfig['ntp_server2']))->setHelp('Server 2');
$section->add($group);
// NTP servers - For this section we need to use Javascript hiding since there
// are nested toggles
$section->addInput(new Form_Checkbox('netbios_enable', 'NetBIOS Options', 'Enable NetBIOS over TCP/IP', $pconfig['netbios_enable']))->setHelp('If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled. ');
$section->addInput(new Form_Select('netbios_ntype', 'Node Type', $pconfig['netbios_ntype'], $netbios_nodetypes))->setHelp('Possible options: b-node (broadcasts), p-node (point-to-point name queries to a WINS server), m-node (broadcast then query name server), ' . 'and h-node (query name server, then broadcast). ');
$section->addInput(new Form_Input('netbios_scope', null, 'text', $pconfig['netbios_scope']))->setHelp('A NetBIOS Scope ID provides an extended naming service for NetBIOS over TCP/IP. ' . 'The NetBIOS scope ID isolates NetBIOS traffic on a single network to only those nodes with the same NetBIOS scope ID. ');
$section->addInput(new Form_Checkbox('wins_server_enable', 'WINS servers', 'Provide a WINS server list to clients', $pconfig['wins_server_enable']));
$group = new Form_Group(null);
$group->add(new Form_Input('wins_server1', null, 'text', $pconfig['wins_server1']))->setHelp('Server 1');
$group->add(new Form_Input('wins_server2', null, 'text', $pconfig['wins_server2']))->setHelp('Server 2');
$group->addClass('winsservers');
$section->add($group);
$section->addInput(new Form_Textarea('custom_options', 'Advanced', $pconfig['custom_options']))->setHelp('Enter any additional options you would like to add for this client specific override, separated by a semicolon. ' . '<br />' . 'EXAMPLE: push "route 10.0.0.0 255.255.255.0"; ');
// The hidden fields
$section->addInput(new Form_Input('act', null, 'hidden', $act));
if (isset($id) && $a_csc[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$form->add($section);
print $form;
?>
<script type="text/javascript">
//<![CDATA[
events.push(function() {
display_top_tabs($tab_array);
$form = new Form();
$section = new Form_Section('Start IPsec in debug mode based on sections selected');
foreach ($ipsec_log_cats as $cat => $desc) {
$section->addInput(new Form_Select($cat, $desc, $pconfig[$cat], $ipsec_log_sevs))->setWidth(2);
}
$section->addInput(new Form_StaticText('', ''))->setHelp('Launches IPsec in debug mode so that more verbose logs will be generated to aid in troubleshooting.');
$form->add($section);
$section = new Form_Section('IPsec Advanced Settings');
$section->addInput(new Form_Select('uniqueids', 'Configure Unique IDs as', $pconfig['uniqueids'], $ipsec_idhandling))->setHelp('Whether a particular participant ID should be kept unique, with any new IKE_SA using an ID ' . 'deemed to replace all old ones using that ID. Participant IDs normally are unique, so a new ' . 'IKE_SA using the same ID is almost invariably intended to replace an old one. ' . 'The difference between <b>no</b> and <b>never</b> is that the old IKE_SAs will be replaced when receiving an ' . 'INITIAL_CONTACT notify if the option is no but will ignore these notifies if <b>never</b> is configured. ' . 'The daemon also accepts the value <b>keep</b> to reject ' . 'new IKE_SA setups and keep the duplicate established earlier. Defaults to Yes.');
$section->addInput(new Form_Checkbox('compression', 'IP Compression', 'Enable IPCompression', $pconfig['compression']))->setHelp('IPComp compression of content is proposed on the connection.');
$section->addInput(new Form_Checkbox('enableinterfacesuse', 'Strict interface binding', 'Enable strict interface binding', $pconfig['enableinterfacesuse']))->setHelp('Enable strongSwan\'s interfaces_use option to bind specific interfaces only. This option is known to break IPsec with dynamic IP interfaces. This is not recommended at this time.');
$section->addInput(new Form_Checkbox('acceptunencryptedmainmode', 'Unencrypted payloads in IKEv1 Main Mode', 'Accept unencrypted ID and HASH payloads in IKEv1 Main Mode', $pconfig['acceptunencryptedmainmode']))->setHelp('Some implementations send the third Main Mode message unencrypted, probably to find the PSKs for the specified ID for authentication.' . 'This is very similar to Aggressive Mode, and has the same security implications: ' . 'A passive attacker can sniff the negotiated Identity, and start brute forcing the PSK using the HASH payload.' . 'It is recommended to keep this option to no, unless you know exactly what the implications are and require compatibility to such devices (for example, some SonicWall boxes).');
$section->addInput(new Form_Checkbox('maxmss_enable', 'Enable Maximum MSS', 'Enable MSS clamping on VPN traffic', $pconfig['maxmss_enable']))->toggles('.toggle-maxmss', 'collapse');
$group = new Form_Group('Maximum MSS');
$group->addClass('toggle-maxmss collapse');
if (!empty($pconfig['maxmss_enable'])) {
$group->addClass('in');
}
$group->add(new Form_Input('maxmss', 'Maximum MSS', 'text', $pconfig['maxmss'] ? $pconfig['maxmss'] : '1400'))->setHelp('Enable MSS clamping on TCP flows over VPN. ' . 'This helps overcome problems with PMTUD on IPsec VPN links. If left blank, the default value is 1400 bytes. ');
$section->add($group);
$section->addInput(new Form_Checkbox('unityplugin', 'Disable Cisco Extensions', 'Disable Unity Plugin', $pconfig['unityplugin']))->setHelp('Disable Unity Plugin which provides Cisco Extension support as Split-Include, Split-Exclude, Split-Dns, ...');
$section->addInput(new Form_Checkbox('strictcrlpolicy', 'Strict CRL Checking', 'Enable strict Certificate Revocation List checking', $pconfig['strictcrlpolicy']))->setHelp('Check this to require availability of a fresh CRL for peer authentication based on RSA signatures to succeed.');
$section->addInput(new Form_Checkbox('makebeforebreak', 'Make before Break', 'Initiate IKEv2 reauthentication with a make-before-break', $pconfig['makebeforebreak']))->setHelp('instead of a break-before-make scheme. Make-before-break uses overlapping IKE and CHILD_SA during reauthentication ' . 'by first recreating all new SAs before deleting the old ones. This behavior can be beneficial to avoid connectivity gaps ' . 'during reauthentication, but requires support for overlapping SAs by the peer');
$section->addInput(new Form_Checkbox('autoexcludelanaddress', 'Auto-exclude LAN address', 'Enable bypass for LAN interface IP', !$pconfig['noshuntlaninterfaces']))->setHelp('Exclude traffic from LAN subnet to LAN IP address from IPsec.');
$form->add($section);
print $form;
?>
<?php
include "foot.inc";
}
$section->addInput(new Form_Checkbox('wins_server_enable', 'WINS Servers', 'Provide a WINS server list to clients', $pconfig['wins_server_enable']))->toggles('.toggle-wins_server_enable');
for ($i = 1; $i <= 2; $i++) {
$group = new Form_Group('Server #' . $i);
$group->addClass('toggle-wins_server_enable collapse');
if (!empty($pconfig['wins_server_enable'])) {
$group->addClass('in');
}
$group->add(new Form_Input('wins_server' . $i, 'Server #' . $i, 'text', htmlspecialchars($pconfig['wins_server' . $i]), array('size' => 20)));
$section->add($group);
}
$section->addInput(new Form_Checkbox('pfs_group_enable', 'Phase2 PFS Group', 'Provide the Phase2 PFS group to clients ( overrides all mobile phase2 settings )', $pconfig['pfs_group_enable']))->toggles('.toggle-pfs_group');
$group = new Form_Group('Group');
$group->addClass('toggle-pfs_group collapse');
if (!empty($pconfig['pfs_group_enable'])) {
$group->addClass('in');
}
$group->add(new Form_Select('pfs_group', 'Group', $pconfig['pfs_group'], $p2_pfskeygroups))->setWidth(2);
$section->add($group);
$section->addInput(new Form_Checkbox('login_banner_enable', 'Login Banner', 'Provide a login banner to clients', $pconfig['login_banner_enable']))->toggles('.toggle-login_banner');
$group = new Form_Group('');
$group->addClass('toggle-login_banner collapse');
if (!empty($pconfig['login_banner_enable'])) {
$group->addClass('in');
}
// TODO: should be a textarea
$group->add(new Form_Input('login_banner', '', 'text', htmlspecialchars($pconfig['login_banner'])));
$section->add($group);
$form->add($section);
print $form;
include "foot.inc";
$section->addInput(new Form_Checkbox('gpsflag4', null, 'Obscure location in timestamp (default: unobscured).', $pconfig['flag4']));
$section->addInput(new Form_Checkbox('gpssubsec', null, 'Log the sub-second fraction of the received time stamp (default: Not logged).', $pconfig['subsec']))->setHelp('Enabling this will rapidly fill the log, but is useful for tuning Fudge time 2.');
$section->addInput(new Form_Input('gpsrefid', 'Clock ID', 'text', $pconfig['refid'], ['placeholder' => '1 to 4 characters']))->setHelp('This may be used to change the GPS Clock ID (default: GPS).');
// Statistics logging section
$btnadvgps = new Form_Button('btnadvgps', 'Advanced');
$btnadvgps->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('GPS Initialization', $btnadvgps . ' ' . 'Show GPS Initialization commands'));
$section->addInput(new Form_Textarea('gpsinitcmd', null, $pconfig['initcmd']))->setHelp('Commands entered here will be sent to the GPS during initialization. Please read and understand your GPS documentation before making any changes here');
$group = new Form_Group('NMEA Checksum Calculator');
$group->add(new Form_Input('nmeastring', null));
$btncalc = new Form_Button('btncalc', 'Calculate');
$btncalc->removeClass('btn-primary')->addClass('btn-success btn-sm');
$group->add($btncalc);
$group->add(new Form_Input('result', null, 'text', null, ['placeholder' => 'Result']));
$group->setHelp('Enter the text between "$" and "*" of a NMEA command string:');
$group->addClass('calculator');
$section->add($group);
$form->add($section);
print $form;
?>
<script>
//<![CDATA[
events.push(function(){
function NMEAChecksum(cmd) {
// Compute the checksum by XORing all the character values in the string.
var checksum = 0;
for(var i = 0; i < cmd.length; i++) {
checksum = checksum ^ cmd.charCodeAt(i);
$section->addInput(new Form_Input('ramaxrtradvinterval', 'Maximum RA interval', 'number', $pconfig['ramaxrtradvinterval'], ['min' => 4, 'max' => 1800]))->setHelp('The maximum time allowed between sending unsolicited multicast router advertisements in seconds.');
$section->addInput(new Form_Input('raadvdefaultlifetime', 'Router lifetime', 'number', $pconfig['raadvdefaultlifetime'], ['min' => 1, 'max' => 9000]))->setHelp('The lifetime associated with the default router in seconds.');
$section->addInput(new Form_StaticText('RA Subnets', $subnets_help));
if (empty($pconfig['subnets'])) {
$pconfig['subnets'] = array('0' => '/128');
}
$counter = 0;
$numrows = count($pconfig['subnets']) - 1;
foreach ($pconfig['subnets'] as $subnet) {
$address_name = "subnet_address" . $counter;
$bits_name = "subnet_bits" . $counter;
list($address, $subnet) = explode("/", $subnet);
$group = new Form_Group($counter == 0 ? 'Subnets' : '');
$group->add(new Form_IpAddress($address_name, null, $address))->addMask($bits_name, $subnet);
$group->add(new Form_Button('deleterow' . $counter, 'Delete', null, 'fa-trash'))->removeClass('btn-primary')->addClass('btn-warning');
$group->addClass('repeatable');
$section->add($group);
$counter++;
}
$section->addInput(new Form_Button('addrow', 'Add', null, 'fa-plus'))->addClass('btn-success');
$form->add($section);
$section = new Form_Section('DNS Configuration');
for ($idx = 1; $idx <= 3; $idx++) {
$section->addInput(new Form_IpAddress('radns' . $idx, 'Server ' . $idx, $pconfig['radns' . $idx]))->setPattern('[a-zA-Z0-9_.:]+')->setHelp($idx < 3 ? '' : 'Leave blank to use the system default DNS servers - this interface\'s IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the General page');
}
$section->addInput(new Form_Input('radomainsearchlist', 'Domain search list', 'text', $pconfig['radomainsearchlist']))->setHelp('The RA server can optionally provide a domain search list. Use the semicolon character as separator.');
$section->addInput(new Form_Checkbox('rasamednsasdhcp6', 'Settings', 'Use same settings as DHCPv6 server', $pconfig['rasamednsasdhcp6']));
$section->addInput(new Form_Input('if', null, 'hidden', $if));
$form->add($section);
print $form;
?>
return $list;
}
$section->addInput(new Form_Select('port', "Modem port", $pconfig['port'], build_port_list()));
$section->addInput(new Form_Button('btnadvppp', 'Advanced PPP', isset($pconfig['pppid']) ? 'interfaces_ppps_edit.php?id=' . htmlspecialchars($pconfig['pppid']) : 'interfaces_ppps_edit.php'))->setHelp('Create a new PPP configuration');
$form->add($section);
// PPPoE configuration
$section = new Form_Section('PPPoE Configuration');
$section->addClass('pppoe');
$section->addInput(new Form_Input('pppoe_username', 'Username', 'text', $pconfig['pppoe_username']));
$section->addInput(new Form_Input('pppoe_password', 'Password', 'password', $pconfig['pppoe_password']));
$section->addInput(new Form_Input('provider', 'Service name', 'text', $pconfig['provider']))->setHelp('This field can usually be left empty');
$section->addInput(new Form_Checkbox('pppoe_dialondemand', 'Dial on demand', 'Enable Dial-On-Demand mode ', $pconfig['pppoe_dialondemand'], 'enable'));
$section->addInput(new Form_Input('pppoe_idletimeout', 'Idle timeout', 'number', $pconfig['pppoe_idletimeout'], [min => 0]))->setHelp('If no qualifying outgoing packets are transmitted for the specified number of seconds, the connection is brought down. ' . 'An idle timeout of zero disables this feature.');
$section->addInput(new Form_Select('pppoe-reset-type', 'Periodic reset', $pconfig['pppoe-reset-type'], ['' => 'Disabled', 'custom' => 'Custom', 'preset' => 'Pre-set']))->setHelp('Select a reset timing type');
$group = new Form_Group('Custom reset');
$group->addClass('pppoecustom');
$group->add(new Form_Input('pppoe_resethour', null, 'number', $pconfig['pppoe_resethour'], [min => 0, max => 23]))->setHelp('Hour (0-23)');
$group->add(new Form_Input('pppoe_resetminute', null, 'number', $pconfig['pppoe_resetminute'], [min => 0, max => 59]))->setHelp('Minutes (0-59)');
// ToDo: Need a date-picker here
$group->add(new Form_Input('pppoe_resetdate', null, 'text', $pconfig['pppoe_resetdate']))->setHelp('Specific date (mm/dd/yyyy)');
$group->setHelp('If you leave the date field empty, the reset will be executed each day at the time you specified using the minutes and hour field');
$section->add($group);
$group = new Form_MultiCheckboxGroup('cron based reset');
$group->addClass('pppoepreset');
$group->add(new Form_MultiCheckbox('pppoe_pr_preset_val', null, 'Reset at each month ("0 0 1 * *")', $pconfig['pppoe_monthly'], 'monthly'))->displayAsRadio();
$group->add(new Form_MultiCheckbox('pppoe_pr_preset_val', null, 'Reset at each week ("0 0 * * 0")', $pconfig['pppoe_weekly'], 'weekly'))->displayAsRadio();
$group->add(new Form_MultiCheckbox('pppoe_pr_preset_val', null, 'Reset at each day ("0 0 * * *")', $pconfig['pppoe_daily'], 'daily'))->displayAsRadio();
$group->add(new Form_MultiCheckbox('pppoe_pr_preset_val', null, 'Reset at each hour ("0 * * * *")', $pconfig['pppoe_hourly'], 'hourly'))->displayAsRadio();
$section->add($group);
if (isset($pconfig['pppid'])) {
$section->addInput(new Form_StaticText('Advanced and MLPPP', '<a href="/interfaces_ppps_edit.php?id=' . htmlspecialchars($pconfig['pppid']) . '" class="navlnk">Click here for additional PPPoE configuration options. Save first if you made changes.</a>'));
$group = new Form_Group('Search scope');
$SSF = new Form_Select('ldap_scope', 'Level', $pconfig['ldap_scope'], $ldap_scopes);
$SSB = new Form_Input('ldap_basedn', 'Base DN', 'text', $pconfig['ldap_basedn']);
$section->addInput(new Form_StaticText('Search scope', 'Level ' . $SSF . '<br />' . 'Base DN' . $SSB));
$group = new Form_Group('Authentication containers');
$group->add(new Form_Input('ldapauthcontainers', 'Containers', 'text', $pconfig['ldap_authcn']))->setHelp('Note: Semi-Colon separated. This will be prepended to the search ' . 'base dn above or the full container path can be specified containing a dc= ' . 'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
$group->add(new Form_Button('Select', 'Select a container', null, 'fa-search'))->setAttribute('type', 'button')->addClass('btn-info');
$section->add($group);
$section->addInput(new Form_Checkbox('ldap_extended_enabled', 'Extended query', 'Enable extended query', $pconfig['ldap_extended_enabled']));
$group = new Form_Group('Query');
$group->addClass('extended');
$group->add(new Form_Input('ldap_extended_query', 'Query', 'text', $pconfig['ldap_extended_query']))->setHelp('Example: &(objectClass=inetOrgPerson)(mail=*@example.com)');
$section->add($group);
$section->addInput(new Form_Checkbox('ldap_anon', 'Bind anonymous', 'Use anonymous binds to resolve distinguished names', $pconfig['ldap_anon']));
$group = new Form_Group('Bind credentials');
$group->addClass('ldapanon');
$group->add(new Form_Input('ldap_binddn', 'User DN:', 'text', $pconfig['ldap_binddn']));
$group->add(new Form_Input('ldap_bindpw', 'Password', 'text', $pconfig['ldap_bindpw']));
$section->add($group);
if (!isset($id)) {
$template_list = array();
foreach ($ldap_templates as $option => $template) {
$template_list[$option] = $template['desc'];
}
$section->addInput(new Form_Select('ldap_tmpltype', 'Initial Template', $pconfig['ldap_template'], $template_list));
}
$section->addInput(new Form_Input('ldap_attr_user', 'User naming attribute', 'text', $pconfig['ldap_attr_user']));
$section->addInput(new Form_Input('ldap_attr_group', 'Group naming attribute', 'text', $pconfig['ldap_attr_group']));
$section->addInput(new Form_Input('ldap_attr_member', 'Group member attribute', 'text', $pconfig['ldap_attr_member']));
$section->addInput(new Form_Checkbox('ldap_rfc2307', 'RFC 2307 Groups', 'LDAP Server uses RFC 2307 style group membership', $pconfig['ldap_rfc2307']))->setHelp('RFC 2307 style group membership has members listed on the group ' . 'object rather than using groups listed on user object. Leave unchecked ' . 'for Active Directory style group membership (RFC 2307bis).');
$section->addInput(new Form_Input('ldap_attr_groupobj', 'Group Object Class', 'text', $pconfig['ldap_attr_groupobj'], ['placeholder' => 'posixGroup']))->setHelp('Object class used for groups in RFC2307 mode. ' . 'Typically "posixGroup" or "group".');
}
}
$selected = '0';
$vaddress = '';
foreach ((array) $pconfig['item'] as $item) {
$itemsplit = explode("|", $item);
if ($itemsplit[0] == $gwname) {
$selected = $itemsplit[1];
if (count($itemsplit) >= 3) {
$vaddress = $itemsplit[2];
}
break;
}
}
$group = new Form_Group(null);
$group->addClass($gateway['ipprotocol']);
$group->add(new Form_Input('gwname' . $row, 'Group Name', 'text', $gateway['name']))->setReadonly();
$tr = gettext("Tier");
$group->add(new Form_Select($gwname, 'Tier', $selected, array('0' => 'Never', '1' => $tr . ' 1', '2' => $tr . ' 2', '3' => $tr . ' 3', '4' => $tr . ' 4', '5' => $tr . ' 5')))->addClass('row')->addClass($gateway['ipprotocol']);
$group->add(new Form_Select($gwname . '_vip', 'Virtual IP', $vaddress, build_vip_list($gateway['ipprotocol'])));
$group->add(new Form_Input('description', 'Group Name', 'text', $gateway['descr']))->setWidth(3)->setReadonly();
$section->add($group);
$row++;
}
// e-o-foreach
$group = new Form_Group(null);
$group->add(new Form_StaticText('', ''))->setHelp('Gateway')->setReadonly();
$group->add(new Form_StaticText('', ''))->setHelp('Tier')->setReadonly();
$group->add(new Form_StaticText('', ''))->setHelp('Virtual IP')->setReadonly();
$group->add(new Form_StaticText('', ''))->setWidth(3)->setHelp('Description')->setReadonly();
$section->add($group);
$form->addGlobal(new Form_Input('friendlyiface', null, 'hidden', $pconfig['friendlyiface']));
$section = new Form_Section('Edit Gateway');
$section->addInput(new Form_Checkbox('disabled', 'Disabled', 'Disable this gateway', $pconfig['disabled']))->setHelp('Set this option to disable this gateway without removing it from the ' . 'list.');
$section->addInput(new Form_Select('interface', 'Interface', $pconfig['friendlyiface'], get_configured_interface_with_descr(false, true)))->setHelp('Choose which interface this gateway applies to.');
$section->addInput(new Form_Select('ipprotocol', 'Address Family', $pconfig['ipprotocol'], array("inet" => "IPv4", "inet6" => "IPv6")))->setHelp('Choose the Internet Protocol this gateway uses.');
$section->addInput(new Form_Input('name', 'Name', 'text', $pconfig['name']))->setHelp('Gateway name');
$egw = new Form_Input('gateway', 'Gateway', 'text', $pconfig['dynamic'] ? 'dynamic' : $pconfig['gateway']);
$egw->setHelp('Gateway IP address');
if ($pconfig['dynamic']) {
$egw->setReadonly();
}
$section->addInput($egw);
$section->addInput(new Form_Checkbox('defaultgw', 'Default Gateway', 'This will select the above gateway as the default gateway', $pconfig['defaultgw']));
$section->addInput(new Form_Checkbox('monitor_disable', 'Gateway Monitoring', 'Disable Gateway Monitoring', $pconfig['monitor_disable']))->toggles('.toggle-monitor-ip')->setHelp('This will consider this gateway as always being up');
$group = new Form_Group('Monitor IP');
$group->addClass('toggle-monitor-ip', 'collapse');
if (!$pconfig['monitor_disable']) {
$group->addClass('in');
}
$group->add(new Form_Input('monitor', null, 'text', $pconfig['gateway'] == $pconfig['monitor'] ? '' : $pconfig['monitor']))->setHelp('Enter an alternative address here to be ' . 'used to monitor the link. This is used for the quality RRD graphs as well as the ' . 'load balancer entries. Use this if the gateway does not respond to ICMP echo ' . 'requests (pings).');
$section->add($group);
$section->addInput(new Form_Checkbox('force_down', 'Force state', 'Mark Gateway as Down', $pconfig['force_down']))->setHelp('This will force this gateway to be considered Down');
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference (not parsed).');
// If any of the advanced options are non-default, we will not show the "Advanced" button
// and will display the advanced section
if (!(!empty($pconfig['latencylow']) || !empty($pconfig['latencyhigh']) || !empty($pconfig['losslow']) || !empty($pconfig['losshigh']) || !empty($pconfig['data_payload']) || isset($pconfig['weight']) && $pconfig['weight'] > 1 || isset($pconfig['interval']) && !($pconfig['interval'] == $dpinger_default['interval']) || isset($pconfig['loss_interval']) && !($pconfig['loss_interval'] == $dpinger_default['loss_interval']) || isset($pconfig['time_period']) && !($pconfig['time_period'] == $dpinger_default['time_period']) || isset($pconfig['alert_interval']) && !($pconfig['alert_interval'] == $dpinger_default['alert_interval']) || isset($pconfig['nonlocalgateway']) && $pconfig['nonlocalgateway'])) {
$btnadvanced = new Form_Button('toggle-advanced', 'Advanced options');
$advdflt = true;
$btnadvanced->toggles('.advanced-options')->setAttribute('type', 'button');
$btnadvanced->removeClass('btn-primary')->addClass('btn-default');
$section->addInput(new Form_StaticText(null, $btnadvanced));
$section->addInput(new Form_Checkbox('passthrumacadd', 'Pass-through MAC Auto Entry', 'Enable Pass-through MAC automatic additions', $pconfig['passthrumacadd']))->setHelp(sprintf('When enabled, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will ' . 'never have to authenticate again. To remove the passthrough MAC entry you either have to log in and remove it manually from the ' . '%s or send a POST from another system.' . 'If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.', '<a href="services_captiveportal_mac.php">MAC tab</a>'));
$section->addInput(new Form_Checkbox('passthrumacaddusername', null, 'Enable Pass-through MAC automatic addition with username', $pconfig['passthrumacaddusername']))->setHelp(sprintf('If enabled with the automatically MAC passthrough entry created, the username used during authentication will be saved. ' . 'To remove the passthrough MAC entry you either have to log in and remove it manually from the %s or send a POST from another system.', '<a href="services_captiveportal_mac.php">MAC tab</a>'));
$section->addInput(new Form_Checkbox('peruserbw', 'Per-user bandwidth restriction', 'Enable per-user bandwidth restriction', $pconfig['peruserbw']));
$section->addInput(new Form_Input('bwdefaultdn', 'Default download (Kbit/s)', 'number', $pconfig['bwdefaultdn']));
$section->addInput(new Form_Input('bwdefaultup', 'Default upload (Kbit/s)', 'number', $pconfig['bwdefaultup']))->setHelp('If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. ' . 'RADIUS can override the default settings. Leave empty or set to 0 for no limit.');
$form->add($section);
$section = new Form_Section('Authentication');
$section->addClass('Authentication');
$group = new Form_Group('Authentication method');
$group->add(new Form_Checkbox('auth_method', null, 'No Authentication', $pconfig['auth_method'] == 'none', 'none'))->displayasRadio();
$group->add(new Form_Checkbox('auth_method', null, 'Local User Manager / Vouchers', $pconfig['auth_method'] == 'local', 'local'))->displayasRadio();
$group->add(new Form_Checkbox('auth_method', null, 'RADIUS Authentication', $pconfig['auth_method'] == 'radius', 'radius'))->displayasRadio();
$section->add($group);
$section->addInput(new Form_Checkbox('localauth_priv', null, 'Allow only users/groups with "Captive portal login" privilege set', $pconfig['localauth_priv']));
$group = new Form_Group('RADIUS protocol');
$group->addClass("radiusproto");
$group->add(new Form_Checkbox('radius_protocol', null, 'PAP', $pconfig['radius_protocol'] == 'PAP', 'PAP'))->displayasRadio();
$group->add(new Form_Checkbox('radius_protocol', null, 'CHAP-MD5', $pconfig['radius_protocol'] == 'CHAP_MD5', 'CHAP_MD5'))->displayasRadio();
$group->add(new Form_Checkbox('radius_protocol', null, 'MSCHAPv1', $pconfig['radius_protocol'] == 'MSCHAPv1', 'MSCHAPv1'))->displayasRadio();
$group->add(new Form_Checkbox('radius_protocol', null, 'MSCHAPv2', $pconfig['radius_protocol'] == 'MSCHAPv2', 'MSCHAPv2'))->displayasRadio();
$section->add($group);
$form->add($section);
$section = new Form_Section('Primary Authentication Source');
$section->addClass('Primary');
$group = new Form_Group('Primary RADIUS server');
$group->add(new Form_IpAddress('radiusip', null, $pconfig['radiusip']));
$group->add(new Form_Input('radiusport', null, 'number', $pconfig['radiusport']));
$group->add(new Form_Input('radiuskey', null, 'text', $pconfig['radiuskey']));
$section->add($group);
$group = new Form_Group('Secondary RADIUS server');
$group->add(new Form_IpAddress('radiusip2', null, $pconfig['radiusip2']))->setHelp('IP address of the RADIUS server to authenticate against.');
$section->addInput(new Form_Input('bootfile_url', 'Bootfile URL', 'text', $pconfig['bootfile_url']));
$btnadnl = new Form_Button('btnadnl', 'Advanced');
$btnadnl->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('Additional BOOTP/DHCP Options', $btnadnl . ' ' . 'Aditional BOOTP/DHCP Options'));
$form->add($section);
$title = 'Show Additional BOOTP/DHCP Options';
if ($pconfig['numberoptions']) {
$counter = 0;
$last = count($pconfig['numberoptions']['item']) - 1;
foreach ($pconfig['numberoptions']['item'] as $item) {
$group = new Form_Group(null);
$group->add(new Form_Input('number' . $counter, null, 'text', $item['number']))->setHelp($counter == $last ? 'Number' : null);
$group->add(new Form_Input('value' . $counter, null, 'text', $item['value']))->setHelp($counter == $last ? 'Value' : null);
$btn = new Form_Button('btn' . $counter, 'Delete', 'services_dhcpv6.php?if=' . $if . '&act=delopt' . '&id=' . $counter);
$btn->removeClass('btn-primary')->addClass('btn-danger btn-xs adnlopt');
$group->addClass('adnlopt');
$group->add($btn);
$section->add($group);
$counter++;
}
}
$btnaddopt = new Form_Button('btnaddopt', 'Add Option', 'services_dhcpv6.php?if=' . $if . '&act=addopt');
$btnaddopt->removeClass('btn-primary')->addClass('btn-success btn-sm');
$section->addInput($btnaddopt);
$section->addInput(new Form_Input('if', null, 'hidden', $if));
print $form;
print_info_box(gettext('The DNS servers entered in ') . '<a href="system.php">' . gettext(' System: General setup') . '</a>' . gettext(' (or the ') . '<a href="services_dnsmasq.php"/>' . gettext('DNS forwarder') . '</a>, ' . gettext('if enabled) ') . gettext('will be assigned to clients by the DHCP server.') . '<br />' . gettext('The DHCP lease table can be viewed on the ') . '<a href="status_dhcpv6_leases.php">' . gettext('Status: DHCPv6 leases') . '</a>' . gettext(' page.'));
?>
<div class="panel panel-default">
<div class="panel-heading"><h2 class="panel-title">DHCPv6 Static Mappings for this interface.</h2></div>
$group->setHelp('If NAT/BINAT is required on this network specify the address to be translated');
$section->add($group);
$group = new Form_Group('Remote Network');
$group->addClass('opt_remoteid');
$group->add(new Form_Select('remoteid_type', null, $pconfig['remoteid_type'], array('address' => 'Address', 'network' => 'Network')))->setHelp('Type');
$group->add(new Form_IpAddress('remoteid_address', null, $pconfig['remoteid_address']))->setHelp('Address')->addMask(remoteid_netbits, $pconfig['remoteid_netbits'], 128, 0);
$section->add($group);
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference (not parsed).');
$form->add($section);
$section = new Form_Section('Phase 2 proposal (SA/Key Exchange)');
$section->addInput(new Form_Select('proto', 'Protocol', $pconfig['proto'], $p2_protos))->setHelp('ESP is encryption, AH is authentication only.');
$i = 0;
$rows = count($p2_ealgos) - 1;
foreach ($p2_ealgos as $algo => $algodata) {
$group = new Form_Group($i == 0 ? 'Encryption Algorithms' : '');
$group->addClass('encalg');
$group->add(new Form_Checkbox('ealgos[]', null, $algodata['name'], is_array($pconfig['ealgos']) && in_array($algo, $pconfig['ealgos']), $algo))->addClass('multi');
if (is_array($algodata['keysel'])) {
$list = array();
$key_hi = $algodata['keysel']['hi'];
$key_lo = $algodata['keysel']['lo'];
$key_step = $algodata['keysel']['step'];
for ($keylen = $key_hi; $keylen >= $key_lo; $keylen -= $key_step) {
$list[$keylen] = $keylen . ' bits';
}
$group->add(new Form_Select('keylen_' . $algo, null, $keylen == $pconfig["keylen_" . $algo], array_merge(array('auto' => 'Auto'), $list)));
}
if ($i == $rows) {
$group->setHelp('Use 3DES for best compatibility or if you have a hardware crypto accelerator card. Blowfish is usually the fastest in software encryption.');
}
$i++;
$group = new Form_Group('Destination');
$group->add(new Form_Checkbox('dstnot', 'Destination not', 'Invert match.', $pconfig['dstnot']))->setWidth(2);
$group->add(new Form_Select('dsttype', null, dsttype_selected(), build_dsttype_list()))->setHelp('Type');
$group->add(new Form_IpAddress('dst', null, is_specialnet($pconfig['dst']) ? '' : $pconfig['dst']))->setPattern('[.a-zA-Z0-9_]+')->addMask('dstmask', $pconfig['dstmask'], 31)->setHelp('Address/mask');
$section->add($group);
$group = new Form_Group('Destination port range');
$group->addClass('dstportrange');
$group->add(new Form_Select('dstbeginport', null, $pconfig['dstbeginport'], $portlist))->setHelp('From port');
$group->add(new Form_Input('dstbeginport_cust', null, 'text', $pconfig['dstbeginport'], ['min' => '1', 'max' => '65536']))->setHelp('Custom');
$group->add(new Form_Select('dstendport', null, $pconfig['dstendport'], $portlist))->setHelp('To port');
$group->add(new Form_Input('dstendport_cust', null, 'text', $pconfig['dstendport'], ['min' => '1', 'max' => '65536']))->setHelp('Custom');
$group->setHelp('Specify the port or port range for the destination of the packet for this mapping. ' . 'You can leave the \'to\' field empty if you only want to map a single port ');
$section->add($group);
$section->addInput(new Form_IpAddress('localip', 'Redirect target IP', $pconfig['localip']))->setPattern('[.a-zA-Z0-9_]+')->setHelp('Enter the internal IP address of the server on which you want to map the ports.' . '<br />' . 'e.g.: 192.168.1.12');
$group = new Form_Group('Redirect target port');
$group->addClass('lclportrange');
$group->add(new Form_Select('localbeginport', null, $pconfig['localbeginport'], array('' => 'Other') + $wkports))->setHelp('Port');
$group->setHelp('Specify the port on the machine with the IP address entered above. In case of a port range, specify the ' . 'beginning port of the range (the end port will be calculated automatically).' . '<br />' . 'this is usually identical to "From port" above');
$group->add(new Form_Input('localbeginport_cust', null, 'text', $pconfig['localbeginport'], ['min' => '1', 'max' => '65536']))->setHelp('Custom');
$section->add($group);
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('You may enter a description here for your reference (not parsed).');
$section->addInput(new Form_Checkbox('nosync', 'No XMLRPC Sync', 'Do not automatically sync to other CARP members', $pconfig['nosync']))->setHelp('This prevents the rule on Master from automatically syncing to other CARP members. ' . 'This does NOT prevent the rule from being overwritten on Slave.');
$section->addInput(new Form_Select('natreflection', 'NAT reflection', $pconfig['natreflection'], array('default' => 'Use system default', 'enable' => 'Enable (NAT + Proxy)', 'purenat' => 'Enable (Pure NAT)', 'disable' => 'Disable')));
if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))) {
$hlpstr = '';
$rulelist = array('' => 'None', 'pass' => 'Pass');
if (is_array($config['filter']['rule'])) {
filter_rules_sort();
foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
if (isset($filter_rule['associated-rule-id'])) {
$rulelist[$filter_rule['associated-rule-id']] = 'Rule ' . $filter_rule['descr'];
}
$firstDayFound = false;
$firstprint = true;
}
$i++;
}
}
}
$group = new Form_Group('');
$group->add(new Form_Input('tempFriendlyTime' . $counter, null, 'text', $tempFriendlyTime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Day(s)' : '');
$group->add(new Form_Input('starttime' . $counter, null, 'text', $starttime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Start time' : '');
$group->add(new Form_Input('stoptime' . $counter, null, 'text', $stoptime))->setWidth(2)->setReadonly()->setHelp($counter == $maxrows ? 'Stop time' : '');
$group->add(new Form_Input('timedescr' . $counter, null, 'text', $timedescr))->setWidth(2)->setHelp($counter == $maxrows ? 'Description' : '');
$group->add(new Form_Button('Delete' . $counter, 'Delete', null, 'fa-trash'))->setAttribute('type', 'button')->addClass('btn-xs btn-warning');
$group->add(new Form_Input('schedule' . $counter, null, 'hidden', $tempID));
$group->addClass('schedulegrp' . $counter);
$counter++;
$section->add($group);
}
}
}
// This is just a marker that the javascript can use to insertBefore() when adding new rows
$section->addInput(new Form_Input('marker', null, 'hidden'))->addClass('noranges');
$form->add($section);
print $form;
?>
<script type="text/javascript">
//<![CDATA[
events.push(function() {
$section->addInput(new Form_Select('protocol', 'Internet Protocol', $pconfig['protocol'], array("inet" => "IPv4", "inet6" => "IPv6")))->setHelp('Select the Internet Protocol family.');
$section->addInput(new Form_Select('interface', 'Interface', $pconfig['interface'], build_interface_list()))->setHelp('Select the interface for the local endpoint of this phase1 entry.');
if (!$pconfig['mobile']) {
$section->addInput(new Form_Input('remotegw', 'Remote Gateway', 'text', $pconfig['remotegw']))->setHelp('Enter the public IP address or host name of the remote gateway.');
}
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('A description may be entered here for administrative reference (not parsed).');
$form->add($section);
$section = new Form_Section('Phase 1 Proposal (Authentication)');
$section->addInput(new Form_Select('authentication_method', 'Authentication Method', $pconfig['authentication_method'], build_auth_method_list()))->setHelp('Must match the setting chosen on the remote side.');
$section->addInput(new Form_Select('mode', 'Negotiation mode', $pconfig['mode'], array("main" => gettext("Main"), "aggressive" => gettext("Aggressive"))))->setHelp('Aggressive is more flexible, but less secure.');
$group = new Form_Group('My identifier');
$group->add(new Form_Select('myid_type', null, $pconfig['myid_type'], build_myid_list()));
$group->add(new Form_Input('myid_data', null, 'text', $pconfig['myid_data']));
$section->add($group);
$group = new Form_Group('Peer identifier');
$group->addClass('peeridgroup');
$group->add(new Form_Select('peerid_type', null, $pconfig['peerid_type'], build_peerid_list()));
$group->add(new Form_Input('peerid_data', null, 'text', $pconfig['peerid_data']));
if ($pconfig['mobile']) {
$group->setHelp('This is known as the "group" setting on some VPN client implementations');
}
$section->add($group);
$section->addInput(new Form_Input('pskey', 'Pre-Shared Key', 'text', $pconfig['pskey']))->setHelp('Enter the Pre-Shared Key string.');
$section->addInput(new Form_Select('certref', 'My Certificate', $pconfig['certref'], build_cert_list()))->setHelp('Select a certificate previously configured in the Certificate Manager.');
$section->addInput(new Form_Select('caref', 'Peer Certificate Authority', $pconfig['caref'], build_ca_list()))->setHelp('Select a certificate authority previously configured in the Certificate Manager.');
$form->add($section);
$section = new Form_Section('Phase 1 Proposal (Algorithms)');
$group = new Form_Group('Encryption Algorithm');
$group->add(new Form_Select('ealgo', null, $pconfig['ealgo']['name'], build_eal_list()));
$group->add(new Form_Select('ealgo_keylen', null, $pconfig['ealgo_keylen'], array()));
$section->add($group);
$group = new Form_Group('Service name');
$group->addClass('pppoe');
$group->add(new Form_Input('provider', null, 'text', $pconfig['provider']));
$group->add(new Form_Checkbox('null_service', null, 'Configure NULL service name', $pconfig['null_service']));
$group->setHelp('This field can usually be left empty. Service name will not be configured if this field is empty. ' . 'Check the "Configure NULL" box to configure a blank Service name.');
$section->add($group);
$section->addInput(new Form_Select('pppoe-reset-type', 'Periodic Reset', $pconfig['pppoe-reset-type'], array('' => gettext('Disabled'), 'custom' => gettext('Custom'), 'preset' => gettext('Pre-set'))))->addClass('pppoe')->setHelp('Select a reset timing type');
$group = new Form_Group('Reset Date/Time');
$group->addClass('pppoe-reset-date');
$group->add(new Form_Input('pppoe_resethour', null, 'text', $pconfig['pppoe_resethour']))->setHelp('Hour');
$group->add(new Form_Input('pppoe_resetminute', null, 'text', $pconfig['pppoe_resetminute']))->setHelp('Minute');
$group->add(new Form_Input('pppoe_resetdate', null, 'text', $pconfig['pppoe_resetdate'], ['placeholder' => 'mm/dd/yyyy']))->setHelp('Specific date');
$group->setHelp('Leaving the date field empty will cause the reset to be executed each day at the time specified in the minutes and hour fields. ');
$section->add($group);
$group = new Form_Group('Reset frequency');
$group->addClass('pppoe-reset-cron');
$group->add(new Form_Checkbox('pppoe_pr_preset_val', null, 'Monthly (0 0 1 * *)', $pconfig['pppoe_monthly'], 'monthly'))->displayAsRadio();
$group->add(new Form_Checkbox('pppoe_pr_preset_val', null, 'Weekly (0 0 * * 0)', $pconfig['pppoe_weekly'], 'weekly'))->displayAsRadio();
$group->add(new Form_Checkbox('pppoe_pr_preset_val', null, 'Daily (0 0 * * *)', $pconfig['pppoe_daily'], 'daily'))->displayAsRadio();
$group->add(new Form_Checkbox('pppoe_pr_preset_val', null, 'Hourly (0 * * * *)', $pconfig['pppoe_hourly'], 'hourly'))->displayAsRadio();
$section->add($group);
$btnadv = new Form_Button('btnadvopts', 'Display Advanced', null, 'fa-cog');
$btnadv->setAttribute('type', 'button')->addClass('btn-info btn-sm');
$section->addInput(new Form_StaticText('Advanced options', $btnadv));
$form->add($section);
$section = new Form_Section('Advanced Configuration');
$section->addClass('adnlopts');
$section->addInput(new Form_Checkbox('ondemand', 'Dial On Demand', 'Enable Dial-on-Demand mode. ', $pconfig['ondemand']))->setHelp('Causes the interface to operate in dial-on-demand mode. Do NOT enable if the link is to remain continuously connected. ' . 'The interface is configured, but the actual connection of the link is delayed until qualifying outgoing traffic is detected.');
$section->addInput(new Form_Input('idletimeout', 'Idle Timeout', 'text', $pconfig['idletimeout']))->setHelp('If no incoming or outgoing packets are transmitted for the entered number of seconds the connection is brought down.' . " " . 'When the idle timeout occurs, if the dial-on-demand option is enabled, mpd goes back into dial-on-demand mode. ' . 'Otherwise, the interface is brought down and all associated routes removed.');
$section->addInput(new Form_Checkbox('vjcomp', 'Compression', 'Disable vjcomp (compression, auto-negotiated by default).', $pconfig['vjcomp']))->setHelp('Disable vjcomp(compression) (auto-negotiated by default).' . '<br />' . 'This option enables Van Jacobson TCP header compression, which saves several bytes per TCP data packet.' . " " . 'This option is almost always required. Compression is not effective for TCP connections with enabled modern extensions like time ' . 'stamping or SACK, which modify TCP options between sequential packets.');
$section->addInput(new Form_Checkbox('tcpmssfix', 'TCPmssFix', 'Disable tcpmssfix (enabled by default).', $pconfig['tcpmssfix']))->setHelp('Causes mpd to adjust incoming and outgoing TCP SYN segments so that the requested maximum segment size is not greater than the amount ' . 'allowed by the interface MTU. This is necessary in many setups to avoid problems caused by routers that drop ICMP Datagram Too Big messages. Without these messages, ' . 'the originating machine sends data, it passes the rogue router then hits a machine that has an MTU that is not big enough for the data. Because the IP Don\'t Fragment option is set, ' . 'this machine sends an ICMP Datagram Too Big message back to the originator and drops the packet. The rogue router drops the ICMP message and the originator never ' . 'gets to discover that it must reduce the fragment size or drop the IP Don\'t Fragment option from its outgoing data.');
$section->addInput(new Form_Checkbox('logbogons', null, 'Log packets blocked by \'Block Bogon Networks\' rules', $pconfig['logbogons']));
$section->addInput(new Form_Checkbox('logprivatenets', null, 'Log packets blocked by \'Block Private Networks\' rules', $pconfig['logprivatenets']));
$section->addInput(new Form_Checkbox('loglighttpd', 'Web Server Log', 'Log errors from the web server process', $pconfig['loglighttpd']))->setHelp('If this is checked, errors from the lighttpd web server process for the GUI or Captive Portal will appear in the main system log');
$section->addInput(new Form_Checkbox('rawfilter', 'Raw Logs', 'Show raw filter logs)', $pconfig['rawfilter']))->setHelp(gettext('If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information, but it is more difficult to read'));
$section->addInput(new Form_Select('filterdescriptions', 'Where to show rule descriptions', !isset($pconfig['filterdescriptions']) ? '0' : $pconfig['filterdescriptions'], array('0' => 'Dont load descriptions', '1' => 'Display as column', '2' => 'Display as second row')))->setHelp('Show the applied rule description below or in the firewall log rows' . '<br />' . 'Displaying rule descriptions for all lines in the log might affect performance with large rule sets');
$section->addInput(new Form_Checkbox('disablelocallogging', 'Local Logging', $g['platform'] == $g['product_name'] ? "Disable writing log files to the local disk" : "Disable writing log files to the local RAM disk", $pconfig['disablelocallogging']));
$section->addInput(new Form_Button('resetlogs', 'Reset Log Files'))->addClass('btn-danger btn-xs')->setHelp('Clears all local log files and reinitializes them as empty logs. This also restarts the DHCP daemon. Use the Save button first if you have made any setting changes.');
$form->add($section);
$section = new Form_Section('Remote Logging Options');
$section->addClass('toggle-remote');
$section->addInput(new Form_Checkbox('enable', 'Enable Remote Logging', 'Send log messages to remote syslog server', $pconfig['enable']));
$section->addInput(new Form_Select('sourceip', 'Source Address', link_interface_to_bridge($pconfig['sourceip']) ? null : $pconfig['sourceip'], ["" => gettext("Default (any)")] + get_possible_traffic_source_addresses(false)))->setHelp($remoteloghelp);
$section->addInput(new Form_Select('ipproto', 'IP Protocol', $ipproto, array('ipv4' => 'IPv4', 'ipv6' => 'IPv6')))->setHelp('This option is only used when a non-default address is chosen as the source above. ' . 'This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried.');
// Group collapses/appears based on 'enable' checkbox above
$group = new Form_Group('Remote log servers');
$group->addClass('remotelogging');
$group->add(new Form_Input('remoteserver', 'Server 1', 'text', $pconfig['remoteserver'], ['placeholder' => 'IP[:port]']));
$group->add(new Form_Input('remoteserver2', 'Server 2', 'text', $pconfig['remoteserver2'], ['placeholder' => 'IP[:port]']));
$group->add(new Form_Input('remoteserver3', 'Server 3', 'text', $pconfig['remoteserver3'], ['placeholder' => 'IP[:port]']));
$section->add($group);
$group = new Form_MultiCheckboxGroup('Remote Syslog Contents');
$group->addClass('remotelogging');
$group->add(new Form_MultiCheckbox('logall', null, 'Everything', $pconfig['logall']));
$group->add(new Form_MultiCheckbox('system', null, 'System Events', $pconfig['system']));
$group->add(new Form_MultiCheckbox('filter', null, 'Firewall Events', $pconfig['filter']));
$group->add(new Form_MultiCheckbox('dhcp', null, 'DHCP service events', $pconfig['dhcp']));
$group->add(new Form_MultiCheckbox('portalauth', null, 'Portal Auth events', $pconfig['portalauth']));
$group->add(new Form_MultiCheckbox('vpn', null, 'VPN (PPTP, IPsec, OpenVPN) events', $pconfig['vpn']));
$group->add(new Form_MultiCheckbox('apinger', null, 'Gateway Monitor events', $pconfig['apinger']));
$group->add(new Form_MultiCheckbox('relayd', null, 'Server Load Balancer events', $pconfig['relayd']));
$group->add(new Form_MultiCheckbox('hostapd', null, 'Wireless events', $pconfig['hostapd']));
$section->addClass('toggle-existing collapse');
$section->addInput(new Form_Textarea('cert', 'Certificate data', $pconfig['cert']))->setHelp('Paste a certificate in X.509 PEM format here.');
$section->addInput(new Form_Textarea('key', 'Certificate Private Key (optional)', $pconfig['key']))->setHelp('Paste the private key for the above certificate here. This is ' . 'optional in most cases, but is required when generating a ' . 'Certificate Revocation List (CRL).');
$section->addInput(new Form_Input('serial', 'Serial for next certificate', 'number', $pconfig['serial']))->setHelp('Enter a decimal number to be used as the serial number for the next ' . 'certificate to be created using this CA.');
$form->add($section);
$section = new Form_Section('Internal Certificate Authority');
$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
$allCas = array();
foreach ($a_ca as $ca) {
if (!$ca['prv']) {
continue;
}
$allCas[$ca['refid']] = $ca['descr'];
}
$group = new Form_Group('Signing Certificate Authority');
$group->addClass('toggle-intermediate', 'collapse');
$group->add(new Form_Select('caref', null, $pconfig['caref'], $allCas));
$section->add($group);
$section->addInput(new Form_Select('keylen', 'Key length (bits)', $pconfig['keylen'], array_combine($ca_keylens, $ca_keylens)));
$section->addInput(new Form_Select('digest_alg', 'Digest Algorithm', $pconfig['digest_alg'], array_combine($openssl_digest_algs, $openssl_digest_algs)))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 ' . 'when possible.');
$section->addInput(new Form_Input('lifetime', 'Lifetime (days)', 'number', $pconfig['lifetime']));
$section->addInput(new Form_Select('dn_country', 'Country Code', $pconfig['dn_country'], $dn_cc));
$section->addInput(new Form_Input('dn_state', 'State or Province', 'text', $pconfig['dn_state'], ['placeholder' => 'e.g. Texas']));
$section->addInput(new Form_Input('dn_city', 'City', 'text', $pconfig['dn_city'], ['placeholder' => 'e.g. Austin']));
$section->addInput(new Form_Input('dn_organization', 'Organization', 'text', $pconfig['dn_organization'], ['placeholder' => 'e.g. My Company Inc']));
$section->addInput(new Form_Input('dn_organizationalunit', 'Organizational Unit', 'text', $pconfig['dn_organizationalunit'], ['placeholder' => 'e.g. My Department Name (optional)']));
$section->addInput(new Form_Input('dn_email', 'Email Address', 'email', $pconfig['dn_email'], ['placeholder' => 'e.g. admin@mycompany.com']));
$section->addInput(new Form_Input('dn_commonname', 'Common Name', 'text', $pconfig['dn_commonname'], ['placeholder' => 'e.g. internal-ca']));
$form->add($section);
print $form;
$internal_ca_count = 0;
$group->add(new Form_Input('sourceport', null, 'text', $pconfig['sourceport']))->setHelp('Port')->setWidth('2');
$section->add($group);
$group = new Form_Group('Destination');
$group->add(new Form_Select('destination_type', null, $pconfig['destination'] == "any" ? "any" : "network", array('any' => gettext('Any'), 'network' => gettext('Network'))))->setHelp('Type')->setWidth('3');
$group->add(new Form_IpAddress('destination', null, $pconfig['destination'] == "any" ? "" : $pconfig['destination']))->addMask('destination_subnet', $pconfig['destination_subnet'])->setHelp('Destination network for the outbound NAT mapping.')->setPattern('[a-zA-Z0-9\\_\\.\\:]+');
$group->add(new Form_Input('dstport', null, 'text', $pconfig['dstport']))->setHelp('Port')->setWidth('2');
$section->add($group);
$section->addInput(new Form_Checkbox('destination_not', null, 'Not', $pconfig['destination_not']))->setHelp('Invert the sense of the destination match.');
$form->add($section);
$section = new Form_Section('Translation');
$section->addClass('translation');
$section->addInput(new Form_Select('target', 'Address', $pconfig['target'], build_target_list()));
$section->addInput(new Form_IpAddress('targetip', 'Other subnet', $pconfig['targetip']))->addMask('targetip_subnet', $pconfig['targetip_subnet'])->addClass('othersubnet')->setHelp('Packets matching this rule will be mapped to the IP address given here.' . '<br />' . 'To apply this rule to a different IP address than the IP address of the interface chosen above, ' . 'select it here (' . '<a href="firewall_virtual_ip.php">' . gettext("Virtual IP") . '</a> ' . 'addresses need to be defined on the interface first)');
$section->addInput(new Form_Select('poolopts', 'Pool options', $pconfig['poolopts'], array('' => gettext('Default'), 'round-robin' => gettext('Round Robin'), 'round-robin sticky-address' => gettext('Round Robin with Sticky Address'), 'random' => gettext('Random'), 'random sticky-address' => gettext('Random with Sticky Address'), 'source-hash' => gettext('Source hash'), 'bitmask' => gettext('Bit mask'))))->setHelp('Only Round Robin types work with Host Aliases. Any type can be used with a Subnet.' . '<br />' . '</span><ul class="help-block">' . '<li>' . 'Round Robin: Loops through the translation addresses.' . '</li>' . '<li>' . 'Random: Selects an address from the translation address pool at random.' . '</li>' . '<li>' . 'Source Hash: Uses a hash of the source address to determine the translation address, ensuring that the redirection address is always the same for a given source.' . '</li>' . '<li>' . 'Bitmask: Applies the subnet mask and keeps the last portion identical; 10.0.1.50 -> x.x.x.50.' . '</li>' . '<li>' . 'Sticky Address: The Sticky Address option can be used with the Random and Round Robin pool types to ensure that a particular source address is always mapped to the same translation address.' . '</li>' . '</ul><span class="help-block">');
$group = new Form_Group('Port');
$group->addClass('natportgrp');
$group->add(new Form_Input('natport', null, 'text', $pconfig['natport']))->setHelp('Enter the source port or range for the outbound NAT mapping.');
$group->add(new Form_Checkbox('staticnatport', null, 'Static port', $pconfig['staticnatport']));
$section->add($group);
$form->add($section);
$section = new Form_Section('Misc');
$section->addInput(new Form_Checkbox('nosync', 'No XMLRPC Sync', null, $pconfig['nosync'], 'yes'))->setHelp('Prevents the rule on Master from automatically syncing to other CARP members. ' . 'This does NOT prevent the rule from being overwritten on Slave.');
$section->addInput(new Form_Input('descr', 'Description', 'text', $pconfig['descr']))->setHelp('A description may be entered here for administrative reference (not parsed).');
if (isset($id) && $a_out[$id]) {
$section->addInput(new Form_Input('id', null, 'hidden', $id));
}
$section->addInput(new Form_Input('after', null, 'hidden', $after));
$form->add($section);
$has_created_time = isset($a_out[$id]['created']) && is_array($a_out[$id]['created']);
$has_updated_time = isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated']);
if ($has_created_time || $has_updated_time) {
$section->addInput(new Form_Input('maxtime', 'Maximum lease time (Seconds)', 'text', $pconfig['maxtime']))->setHelp('This is the maximum lease time for clients that ask for a specific expiration time. The default is 86400 seconds.');
$btndyndns = new Form_Button('btndyndns', 'Advanced');
$btndyndns->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('Dynamic DNS', $btndyndns . ' ' . 'Show dynamic DNS settings'));
$section->addInput(new Form_Checkbox('ddnsupdate', 'DHCP Registration', 'Enable registration of DHCP client names in DNS.', $pconfig['ddnsupdate']));
$section->addInput(new Form_Input('ddnsdomain', 'DDNS Domain', 'text', $pconfig['ddnsdomain']))->setHelp('Leave blank to disable dynamic DNS registration. Enter the dynamic DNS domain which will be used to register client names in the DNS server.');
$section->addInput(new Form_IpAddress('ddnsdomainprimary', 'DDNS Server IP', $pconfig['ddnsdomainprimary']))->setHelp('Enter the primary domain name server IP address for the dynamic domain name.');
$section->addInput(new Form_Input('ddnsdomainkeyname', 'DDNS Domain Key name', 'text', $pconfig['ddnsdomainkeyname']))->setHelp('Enter the dynamic DNS domain key name which will be used to register client names in the DNS server.');
$section->addInput(new Form_Input('ddnsdomainkey', 'DDNS Domain Key secret', 'text', $pconfig['ddnsdomainkey']))->setHelp('Enter the dynamic DNS domain key secret which will be used to register client names in the DNS server.');
$btnntp = new Form_Button('btnntp', 'Advanced');
$btnntp->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('NTP servers', $btnntp . ' ' . 'Show NTP Configuration'));
$group = new Form_Group('NTP Servers');
$group->add(new Form_Input('ntp1', 'NTP Server 1', 'text', $pconfig['ntp1'], ['placeholder' => 'NTP 1']));
$group->add(new Form_Input('ntp2', 'NTP Server 2', 'text', $pconfig['ntp2'], ['placeholder' => 'NTP 2']));
$group->addClass('ntpclass');
$section->add($group);
$btntftp = new Form_Button('btntftp', 'Advanced');
$btntftp->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('TFTP servers', $btntftp . ' ' . 'Show TFTP Configuration'));
$section->addInput(new Form_Input('tftp', 'TFTP Server', 'text', $pconfig['tftp']))->setHelp('Leave blank to disable. Enter a full hostname or IP for the TFTP server.');
$form->add($section);
print $form;
?>
<script type="text/javascript">
//<![CDATA[
events.push(function() {
function hideDDNS(hide) {
hideCheckbox('ddnsupdate', hide);
$btnadnl = new Form_Button('btnadnl', 'Advanced');
$btnadnl->removeClass('btn-primary')->addClass('btn-default btn-sm');
$section->addInput(new Form_StaticText('Additional BOOTP/DHCP Options', $btnadnl . ' ' . 'Additional BOOTP/DHCP Options'));
$form->add($section);
$title = 'Show Additional BOOTP/DHCP Options';
if (!$pconfig['numberoptions']) {
$noopts = true;
$pconfig['numberoptions']['item'] = array(0 => array('number' => "", 'value' => ""));
} else {
$noopts = false;
}
$counter = 0;
$last = count($pconfig['numberoptions']['item']) - 1;
foreach ($pconfig['numberoptions']['item'] as $item) {
$group = new Form_Group(null);
$group->addClass('repeatable');
$group->addClass('adnloptions');
$group->add(new Form_Input('number' . $counter, null, 'text', $item['number']))->setHelp($counter == $last ? 'Number' : null);
$group->add(new Form_Input('value' . $counter, null, 'text', base64_decode($item['value'])))->setHelp($counter == $last ? 'Value' : null);
$btn = new Form_Button('deleterow' . $counter, 'Delete');
$btn->removeClass('btn-primary')->addClass('btn-warning');
$group->add($btn);
$section->add($group);
$counter++;
}
$btnaddopt = new Form_Button('addrowt', 'Add Option');
$btnaddopt->removeClass('btn-primary')->addClass('btn-success btn-sm')->addClass('adnloptions');
$section->addInput($btnaddopt);
$section->addInput(new Form_Input('if', null, 'hidden', $if));
print $form;
?>
