--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ index.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("globals.inc");
+require("util.inc");
+require("config.inc");
+require("radius_authentication.inc") ;
+require("radius_accounting.inc") ;
+
+header("Expires: 0");
+header("Cache-Control: no-store, no-cache, must-revalidate");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+$orig_host = $_ENV['HTTP_HOST'];
+$orig_request = $_ENV['CAPTIVE_REQPATH'];
+$lockfile = "{$g['varrun_path']}/captiveportal.lock";
+$clientip = $_ENV['REMOTE_ADDR'];
+
+/* find MAC address for client */
+if ($clientip) {
+ $clientmac = arp_get_mac_by_ip($clientip);
+ if (!$clientmac) {
+ /* unable to find MAC address - shouldn't happen! - bail out */
+ exit;
+ }
+}
+
+if (portal_mac_fixed($clientmac)) {
+ /* punch hole in ipfw for pass thru mac addresses */
+ portal_allow($clientip, $clientmac,"unauthenticated") ;
+
+} else if ($_POST['accept'] && file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+
+ /* authenticate against radius server */
+
+ $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db","r");
+ if($fd) {
+ $line = trim(fgets($fd));
+ if($line)
+ list($radiusip,$radiusport,$radiuskey) = explode(",",$line) ;
+ }
+ fclose($fd) ;
+
+ if($_POST['auth_user'] && $_POST['auth_pass']) {
+ $auth_val = RADIUS_AUTHENTICATION($_POST['auth_user'],
+ $_POST['auth_pass'],
+ $radiusip,$radiusport,
+ $radiuskey) ;
+ if ($auth_val == 2) {
+ portal_allow($clientip, $clientmac,$_POST['auth_user']) ;
+ if(isset($config['captiveportal']['radacct_enable'])) {
+ $auth_val = RADIUS_ACCOUNTING_START($_POST['auth_user'],
+ $radiusip,$radiusport,
+ $radiuskey) ;
+ }
+ } else {
+ readfile("{$g['varetc_path']}/captiveportal-error.html");
+ }
+ } else {
+ readfile("{$g['varetc_path']}/captiveportal-error.html");
+ }
+
+} else if ($_POST['accept'] && $clientip) {
+ portal_allow($clientip, $clientmac,"unauthenticated") ;
+} else if ($_POST['logout_id'] && ($clientmac == $_POST['logout_id']) ) {
+ disconnect_client($_POST['logout_id']) ;
+ echo <<<EOD
+<HTML>
+<HEAD><TITLE>Disconnecting...</TITLE></HEAD>
+<BODY BGCOLOR="#435370">
+<SPAN STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">
+<B>You've been disconnected.</B>
+</SPAN>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+setTimeout('window.close();',5000) ;
+-->
+</SCRIPT>
+</BODY>
+</HTML>
+
+EOD;
+} else {
+ /* display captive portal page */
+ readfile("{$g['varetc_path']}/captiveportal.html");
+}
+
+exit;
+
+function portal_mac_fixed($clientmac) {
+ global $g ;
+
+ /* open captive portal mac db */
+ if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) {
+ $fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db","r") ;
+ if (!$fd) {
+ return FALSE;
+ }
+ while (!feof($fd)) {
+ $mac = trim(fgets($fd)) ;
+ if(strcasecmp($clientmac, $mac) == 0) {
+ fclose($fd) ;
+ return TRUE ;
+ }
+ }
+ fclose($fd) ;
+ }
+ return FALSE ;
+}
+
+function portal_allow($clientip,$clientmac,$clientuser) {
+
+ global $orig_host, $orig_request, $g, $config;
+
+ /* user has accepted AUP - let him in */
+ portal_lock();
+
+ /* get next ipfw rule number */
+ if (file_exists("{$g['vardb_path']}/captiveportal.nextrule"))
+ $ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule"));
+ if (!$ruleno)
+ $ruleno = 10000; /* first rule number */
+
+ $saved_ruleno = $ruleno ;
+
+ /* add ipfw rules for layer 3 */
+ exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from $clientip to any in");
+ exec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to $clientip out");
+
+ /* add ipfw rules for layer 2 */
+ $l2ruleno = $ruleno + 10000;
+ exec("/sbin/ipfw add $l2ruleno set 3 deny all from $clientip to any not MAC any $clientmac layer2 in");
+ exec("/sbin/ipfw add $l2ruleno set 3 deny all from any to $clientip not MAC $clientmac any layer2 out");
+
+ /* read in passthru mac database */
+
+ $cpdb = array() ;
+
+ $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r");
+ if ($fd) {
+ while (!feof($fd)) {
+ $line = trim(fgets($fd)) ;
+ if($line) {
+ $cpdb[] = explode(",",$line);
+ }
+ }
+ fclose($fd) ;
+ }
+
+ /* find entry and delete it */
+
+ for ($i = 0; $i < count($cpdb); $i++) {
+ if(!strcasecmp($cpdb[$i][3],$clientmac)) {
+ if(isset($config['captiveportal']['radacct_enable']) &&
+ file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+ $cpdb[$i][4], // username
+ $cpdb[$i][0], // start time
+ $config['captiveportal']['radiusip'],
+ $config['captiveportal']['radiusport'],
+ $config['captiveportal']['radiuskey'] ) ;
+ }
+ mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
+ unset($cpdb[$i]) ;
+ break;
+ }
+ }
+
+ /* rewrite information to database */
+ $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w");
+ if ($fd) {
+ foreach ($cpdb as $cpent) {
+ fwrite($fd, join(",", $cpent) . "\n");
+ }
+ /* write in this new entry for clientmac */
+ fwrite($fd, time().",{$ruleno},{$clientip},{$clientmac},{$clientuser}\n") ;
+ fclose($fd);
+ }
+
+ /* write next rule number */
+ $fd = @fopen("{$g['vardb_path']}/captiveportal.nextrule", "w");
+ if ($fd) {
+ $ruleno++;
+ if ($ruleno > 19899)
+ $ruleno = 10000; /* wrap around */
+ fwrite($fd, $ruleno);
+ fclose($fd);
+ }
+
+ portal_unlock();
+
+ /* redirect user to desired destination */
+ if(isset($config['captiveportal']['logoutwin_enable'])) {
+ echo <<<EOD
+<HTML>
+<HEAD><TITLE>Redirecting...</TITLE></HEAD>
+<BODY>
+<SPAN STYLE="font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">
+<B>Redirecting to <A HREF="http://{$orig_host}{$orig_request}">http://{$orig_host}{$orig_request}</A>...</B>
+</SPAN>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+LogoutWin = window.open('', 'Logout', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=256,height=64');
+if (LogoutWin) {
+ LogoutWin.document.write('<HTML>');
+ LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ;
+ LogoutWin.document.write('<BODY BGCOLOR="#435370">');
+ LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
+ LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
+ LogoutWin.document.write('<FORM METHOD="POST" ACTION="http://{$config['interfaces']['lan']['ipaddr']}:8000/index.php">');
+ LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="{$clientmac}">');
+ LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
+ LogoutWin.document.write('</FORM>');
+ LogoutWin.document.write('</DIV></BODY>');
+ LogoutWin.document.write('</HTML>');
+ LogoutWin.document.close();
+}
+
+document.location.href="http://{$orig_host}{$orig_request}";
+-->
+</SCRIPT>
+</BODY>
+</HTML>
+
+EOD;
+ } else {
+ header("Location: http://" . $orig_host . $orig_request);
+ }
+}
+
+/* lock captive portal information, decide that the lock file is stale after
+ 10 seconds */
+function portal_lock() {
+
+ global $lockfile;
+
+ $n = 0;
+ while ($n < 10) {
+ /* open the lock file in append mode to avoid race condition */
+ if ($fd = @fopen($lockfile, "x")) {
+ /* succeeded */
+ fclose($fd);
+ return;
+ } else {
+ /* file locked, wait and try again */
+ sleep(1);
+ $n++;
+ }
+ }
+}
+
+/* unlock captive portal information file */
+function portal_unlock() {
+
+ global $lockfile;
+
+ if (file_exists($lockfile))
+ unlink($lockfile);
+}
+
+/* remove a single client by mac address
+ by Dinesh Nair Thu Jul 29 18:46:38 MYT 2004
+ */
+function disconnect_client($macaddr) {
+
+ global $g, $config;
+
+ portal_lock();
+
+ /* read database */
+ $cpdb = array() ;
+ $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r");
+ if ($fd) {
+ while (!feof($fd)) {
+ $line = trim(fgets($fd)) ;
+ if($line) {
+ $cpdb[] = explode(",",$line);
+ }
+ }
+ fclose($fd) ;
+ }
+
+ /* find entry */
+ for ($i = 0; $i < count($cpdb); $i++) {
+ if ($cpdb[$i][3] == $macaddr) {
+ /* this client needs to be deleted - remove ipfw rules */
+ if(isset($config['captiveportal']['radacct_enable']) &&
+ file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+ $cpdb[$i][4], // username
+ $cpdb[$i][0], // start time
+ $config['captiveportal']['radiusip'],
+ $config['captiveportal']['radiusport'],
+ $config['captiveportal']['radiuskey'] ) ;
+ }
+ mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
+ unset($cpdb[$i]);
+ break;
+ }
+ }
+
+ /* rewrite information to database */
+ $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w");
+ if ($fd) {
+ foreach ($cpdb as $cpent) {
+ fwrite($fd, join(",", $cpent) . "\n");
+ }
+ }
+
+ portal_unlock();
+}
+?>
--- /dev/null
+<?php
+/*
+ radius_accounting.inc
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+function RADIUS_ACCOUNTING_START($username,$radiusip,$radiusport,$radiuskey) {
+ $sharedsecret=$radiuskey ;
+ # $debug = 1 ;
+\r
+ $radiusport=getservbyname("radacct","udp");
+
+ exec("/bin/hostname", $nasHostname) ;
+ if(!$nasHostname[0])
+ $nasHostname[0] = "quewall" ;
+
+ $fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
+ if(!$fd)
+ return 1 ; /* error return */
+
+ /* set 5 second timeout on socket i/o */
+ stream_set_timeout($fd, 5) ;
+
+ if ($debug)
+ echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
+
+ $thisidentifier=rand()%256;
+ $sessionid = $username."-".$nasHostname[0] ;
+
+ $length=4+ // header
+ 16+ // auth code
+ 6+ // service type
+ 2+strlen($username)+ // username
+ 2+strlen($nasHostname[0])+ // nasIdentifier
+ 6+ // nasPort
+ 6+ // nasPortType
+ 6+ // Acct Status Type
+ 6+ // Acct RADIUS Authenticated
+ 2+strlen($sessionid); // Acct SessionID
+
+ // v v v v v v v v v 1 v
+ // Line # 1 2 3 4 5 6 7 8 9 0 E
+ $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*",
+ 4,$thisidentifier,$length/256,$length%256, // header
+ 0,0,0,0, // authcode
+ 6,6,0,0,0,1, // service type
+ 1,2+strlen($username),$username, // username
+ 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier
+ 5,6,0,0,0,0, // nasPort
+ 61,6,0,0,0,15, // nasPortType = Ethernet
+ 40,6,0,0,0,1, // Acct Status Type = Start
+ 45,6,0,0,0,1, // Acct RADIUS Authenticated
+ 44,2+strlen($sessionid),$sessionid // Acct Session ID
+ );
+
+ /* Generate Accounting Request Authenticator */
+ $RA = md5($data.$radiuskey) ;
+
+ // v v v v v v v v v 1 v
+ // Line # 1 2 3 4 5 6 7 8 9 0 E
+ $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*",
+ 4,$thisidentifier,$length/256,$length%256, // header
+ $RA, // authcode
+ 6,6,0,0,0,1, // service type
+ 1,2+strlen($username),$username, // username
+ 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier
+ 5,6,0,0,0,0, // nasPort
+ 61,6,0,0,0,15, // nasPortType = Ethernet
+ 40,6,0,0,0,1, // Acct Status Type = Start
+ 45,6,0,0,0,1, // Acct RADIUS Authenticated
+ 44,2+strlen($sessionid),$sessionid // Acct Session ID
+ );
+
+ if($debug) {
+ echo "username is $username with len " . strlen($username) ."\n" ;
+ echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;
+ }
+
+ $ret = fwrite($fd,$data) ;
+ if( !$ret || ($ret != $length) )
+ return 1; /* error return */
+
+ if ($debug)
+ echo "<br>writing $length bytes<hr>\n";
+
+ $readdata = fgets($fd,2) ; /* read 1 byte */
+ $status = socket_get_status($fd) ;
+ fclose($fd) ;
+
+ if($status['timed_out'])
+ $retvalue = 1 ;
+ else
+ $retvalue = ord($readdata) ;
+
+ return $retvalue ;
+ // 5 -> Accounting-Response
+ // See RFC2866 for this.
+}
+
+function RADIUS_ACCOUNTING_STOP($ruleno,$username,$start_time,$radiusip,$radiusport,$radiuskey) {
+ $sharedsecret=$radiuskey ;
+ # $debug = 1 ;
+\r
+ $radiusport=getservbyname("radacct","udp");
+
+ exec("/bin/hostname", $nasHostname) ;
+ if(!$nasHostname[0])
+ $nasHostname[0] = "quewall" ;
+
+ $input_pkts = $input_bytes = $output_pkts = $output_bytes = 0 ;
+
+ exec("/sbin/ipfw show {$ruleno}", $ipfw) ;
+ preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[0], $matches) ;
+ $output_pkts = $matches[2] ;
+ $output_bytes = $matches[3] ;
+
+ unset($matches) ;
+ preg_match("/(\d+)\s+(\d+)\s+(\d+)\s+skipto/", $ipfw[1], $matches) ;
+ $input_pkts = $matches[2] ;
+ $input_bytes = $matches[3] ;
+
+ $fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
+ if(!$fd)
+ return 1 ; /* error return */
+
+ /* set 5 second timeout on socket i/o */
+ stream_set_timeout($fd, 5) ;
+
+ if ($debug)
+ echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
+
+ $thisidentifier=rand()%256;
+ $sessionid = $username."-".$nasHostname[0] ;
+
+ $length=4+ // header
+ 16+ // auth code
+ 6+ // service type
+ 2+strlen($username)+ // username
+ 2+strlen($nasHostname[0])+ // nasIdentifier
+ 6+ // nasPort
+ 6+ // nasPortType
+ 6+ // Acct Status Type
+ 6+ // Acct RADIUS Authenticated
+ 2+strlen($sessionid)+ // Acct SessionID
+ 6+ // Acct terminate
+ 6+ // Session time
+ 6+ // input bytes
+ 6+ // input packets
+ 6+ // output bytes
+ 6; // output packets
+
+ // v v v v v v v v v 1 1 1 1 1 1 1 v
+ // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E
+ $data=pack("CCCCNNNNCCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCN",
+ 4,$thisidentifier,$length/256,$length%256, // header
+ 0,0,0,0, // authcode
+ 6,6,0,0,0,1, // service type
+ 1,2+strlen($username),$username, // username
+ 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier
+ 5,6,0,0,0,0, // nasPort
+ 61,6,0,0,0,15, // nasPortType = Ethernet
+ 40,6,0,0,0,2, // Acct Status Type = Stop
+ 45,6,0,0,0,1, // Acct RADIUS Authenticated
+ 44,2+strlen($sessionid),$sessionid, // Acct Session ID
+ 49,6,1, // Acct Terminate = User Request
+ 46,6,time() - $start_time, // Session Time
+ 42,6,$input_bytes, // Input Octets
+ 47,6,$input_pkts, // Input Packets
+ 43,6,$output_bytes, // Output Octets
+ 48,6,$output_pkts // Output Packets
+ );
+
+ /* Generate Accounting Request Authenticator */
+ $RA = md5($data.$radiuskey) ;
+
+ // v v v v v v v v v 1 1 1 1 1 1 1 v
+ // Line # 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 E
+ $data=pack("CCCCH*CCCCCCCCa*CCa*CCCCCCCCCCCCCCCCCCCCCCCCCCa*CCNCCNCCNCCNCCNCCN",
+ 4,$thisidentifier,$length/256,$length%256, // header
+ $RA, // authcode
+ 6,6,0,0,0,1, // service type
+ 1,2+strlen($username),$username, // username
+ 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier
+ 5,6,0,0,0,0, // nasPort
+ 61,6,0,0,0,15, // nasPortType = Ethernet
+ 40,6,0,0,0,2, // Acct Status Type = Stop
+ 45,6,0,0,0,1, // Acct RADIUS Authenticated
+ 44,2+strlen($sessionid),$sessionid, // Acct Session ID
+ 49,6,1, // Acct Terminate = User Request
+ 46,6,time() - $start_time, // Session Time
+ 42,6,$input_bytes, // Input Octets
+ 47,6,$input_pkts, // Input Packets
+ 43,6,$output_bytes, // Output Octets
+ 48,6,$output_pkts // Output Packets
+ );
+
+ if($debug) {
+ echo "username is $username with len " . strlen($username) ."\n" ;
+ echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;
+ }
+
+ $ret = fwrite($fd,$data) ;
+ if( !$ret || ($ret != $length) )
+ return 1; /* error return */
+
+ if ($debug)
+ echo "<br>writing $length bytes<hr>\n";
+
+ $readdata = fgets($fd,2) ; /* read 1 byte */
+ $status = socket_get_status($fd) ;
+ fclose($fd) ;
+
+ if($status['timed_out'])
+ $retvalue = 1 ;
+ else
+ $retvalue = ord($readdata) ;
+
+ return $retvalue ;
+ // 5 -> Accounting-Response
+ // See RFC2866 for this.
+}
+?>
--- /dev/null
+<?php
+ //
+ // $Id: radius_authentication.inc,v 1.3 2002/01/23 23:21:20 mavetju Exp $
+ //
+ // radius authentication v1.0 by Edwin Groothuis (edwin@mavetju.org)
+ //
+ // If you didn't get this file via http://www.mavetju.org, please
+ // check for the availability of newer versions.
+ //
+ // See LICENSE for distribution issues. If this file isn't in
+ // the distribution, please inform me about it.
+ //
+ // If you want to use this script, fill in the configuration in
+ // radius_authentication.conf and call the function
+ // RADIUS_AUTHENTICATION() with the username and password
+ // provided by the user. If it returns a 2, the authentication
+ // was successfull!
+
+ // If you want to use this, make sure that you have raw sockets
+ // enabled during compile-time: "./configure --enable-sockets".
+
+ // This version has been modified by Dinesh Nair <dinesh@alphaque.com>
+ // for use in the m0n0wall distribution http://m0n0.ch/wall/
+ //
+ // Changes include moving from raw sockets to fsockopen
+ // and the removal of dependency on external conf file
+ // An existing bug which resulted in a malformed RADIUS packet
+ // was also fixed and patches submitted to Edwin. This bug would
+ // have caused authentication to fail on every access.
+
+function RADIUS_AUTHENTICATION($username,$password,$radiusip,$radiusport,$radiuskey) {
+ $sharedsecret=$radiuskey ;
+ # $debug = 1 ;
+
+ if(!$radiusport)
+ $radiusport=0 ;
+
+ // check your /etc/services. Some radius servers
+ // listen on port 1812, some on 1645.
+ if ($radiusport==0)
+ $radiusport=getservbyname("radius","udp");
+
+ exec("/bin/hostname", $nasHostname) ;
+ if(!$nasHostname[0])
+ $nasHostname[0] = "m0n0wall" ;
+
+ $fd = @fsockopen("udp://$radiusip",$radiusport,$errno,$errstr,3) ;
+ if(!$fd)
+ return 1 ; /* error return */
+
+ /* set 5 second timeout on socket i/o */
+ stream_set_timeout($fd, 5) ;
+
+ if ($debug)
+ echo "<br>radius-port: $radiusport<br>radius-host: $radiusip<br>username: $username<hr>\n";
+
+ $RA=pack("CCCCCCCCCCCCCCCC", // auth code
+ 1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255,
+ 1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255,
+ 1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255,
+ 1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255);
+
+ $encryptedpassword=Encrypt($password,$sharedsecret,$RA);
+
+ $length=4+ // header
+ 16+ // auth code
+ 6+ // service type
+ 2+strlen($username)+ // username
+ 2+strlen($encryptedpassword)+ // userpassword
+ 2+strlen($nasHostname[0])+ // nasIdentifier
+ 6+ // nasPort
+ 6; // nasPortType
+
+ $thisidentifier=rand()%256;
+ // v v v v v v v v v
+ // Line # 1 2 3 4 5 6 7 8 E
+ $data=pack("CCCCa*CCCCCCCCa*CCa*CCa*CCCCCCCCCCCC",
+ 1,$thisidentifier,$length/256,$length%256, // header
+ $RA, // authcode
+ 6,6,0,0,0,1, // service type
+ 1,2+strlen($username),$username, // username
+ 2,2+strlen($encryptedpassword),$encryptedpassword, // userpassword
+ 32,2+strlen($nasHostname[0]),$nasHostname[0], // nasIdentifier
+ 5,6,0,0,0,0, // nasPort
+ 61,6,0,0,0,15 // nasPortType = Ethernet
+ );
+
+ if($debug) {
+ echo "username is $username with len " . strlen($username) ."\n" ;
+ echo "encryptedpassword is $encryptedpassword with len " . strlen($encryptedpassword) ."\n" ;
+ echo "nasHostname is {$nasHostname[0]} with len " . strlen($nasHostname[0]) ."\n" ;
+ }
+
+ $ret = fwrite($fd,$data) ;
+ if( !$ret || ($ret != $length) )
+ return 1; /* error return */
+
+ if ($debug)
+ echo "<br>writing $length bytes<hr>\n";
+
+ $readdata = fgets($fd,2) ; /* read 1 byte */
+ $status = socket_get_status($fd) ;
+ fclose($fd) ;
+
+ if($status['timed_out'])
+ $retvalue = 1 ;
+ else
+ $retvalue = ord($readdata) ;
+
+ return $retvalue ;
+ // 2 -> Access-Accept
+ // 3 -> Access-Reject
+ // See RFC2865 for this.
+}
+
+function Encrypt($password,$key,$RA) {
+ global $debug;
+
+ $keyRA=$key.$RA;
+
+ if ($debug)
+ echo "<br>key: $key<br>password: $password<hr>\n";
+
+ $md5checksum=md5($keyRA);
+ $output="";
+
+ for ($i=0;$i<=15;$i++) {
+ if (2*$i>strlen($md5checksum)) $m=0; else $m=hexdec(substr($md5checksum,2*$i,2));
+ if ($i>strlen($keyRA)) $k=0; else $k=ord(substr($keyRA,$i,1));
+ if ($i>strlen($password)) $p=0; else $p=ord(substr($password,$i,1));
+ $c=$m^$p;
+ $output.=chr($c);
+ }
+ return $output;
+}
+?>
-->
</webgui>
<!-- <disableconsolemenu/> -->
+ <!-- <disablefirmwarecheck/> -->
<!-- <shellcmd></shellcmd> -->
</system>
<interfaces>
</lan>
<wan>
<if>sis1</if>
+ <mtu></mtu>
<ipaddr>dhcp</ipaddr>
- <!-- *or* ipv4-address *or* 'pppoe' *or* 'pptp' -->
+ <!-- *or* ipv4-address *or* 'pppoe' *or* 'pptp' *or* 'bigpond' -->
<subnet></subnet>
<gateway></gateway>
<blockpriv/>
</opt[n]>
-->
</interfaces>
+ <!--
+ <vlans>
+ <vlan>
+ <tag></tag>
+ <if></if>
+ <descr></descr>
+ </vlan>
+ </vlans>
+ -->
<staticroutes>
<!--
<route>
<subnet></subnet>
<remote></remote>
</pptp>
+ <bigpond>
+ <username></username>
+ <password></password>
+ <authserver></authserver>
+ <authdomain></authdomain>
+ <minheartbeatinterval></minheartbeatinterval>
+ </bigpond>
<dyndns>
<!-- <enable/> -->
<type>dyndns</type>
<nologdefaultblock/>
-->
</syslog>
+ <!--
+ <captiveportal>
+ <enable/>
+ <interface>lan|opt[n]</interface>
+ <idletimeout>minutes</idletimeout>
+ <timeout>minutes</timeout>
+ <page>
+ <htmltext></htmltext>
+ <errtext></errtext>
+ </page>
+ <radiusip></radiusip>
+ <radiusport></radiusport>
+ <radiuskey></radiuskey>
+ </captiveportal>
+ -->
<nat>
<!--
<rule>
+ <interface></interface>
<external-address></external-address>
<protocol></protocol>
<external-port></external-port>
-->
<!--
<onetoone>
+ <interface></interface>
<external>xxx.xxx.xxx.xxx</external>
<internal>xxx.xxx.xxx.xxx</internal>
<subnet></subnet>
<advancedoutbound>
<enable/>
<rule>
+ <interface></interface>
<source>
<network>xxx.xxx.xxx.xxx/xx</network>
</source>
<!-- <enable/> -->
<!-- rule syntax:
<rule>
+ <disabled/>
<descr></descr>
<targetpipe>number (zero based)</targetpipe>
</destination>
<iplen>from[-to]</iplen>
+ <iptos>(!)lowdelay,throughput,reliability,mincost,congestion</iptos>
<tcpflags>(!)fin,syn,rst,psh,ack,urg</tcpflags>
</rule>
<pipe>
</proxyarpnet>
-->
</proxyarp>
+ <wol>
+ <!--
+ <wolentry>
+ <interface>lan|opt[n]</interface>
+ <mac>xx:xx:xx:xx:xx:xx</mac>
+ <descr></descr>
+ </wolentry>
+ -->
+ </wol>
</m0n0wall>
--- /dev/null
+<?php
+/*
+ captiveportal.inc
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/* include all configuration functions */
+require_once("functions.inc");
+require_once("radius_accounting.inc") ;
+
+function captiveportal_configure() {
+ global $config, $g;
+
+ if (isset($config['captiveportal']['enable']) &&
+ (($config['captiveportal']['interface'] == "lan") ||
+ isset($config['interfaces'][$config['captiveportal']['interface']]['enable']))) {
+
+ if ($g['booting'])
+ echo "Starting captive portal... ";
+
+ /* kill any running mini_httpd */
+ killbypid("{$g['varrun_path']}/mini_httpd.cp.pid");
+
+ /* kill any running minicron */
+ killbypid("{$g['varrun_path']}/minicron.pid");
+
+ /* generate ipfw rules */
+ $cprules = captiveportal_rules_generate();
+
+ /* make sure ipfw is loaded */
+ mwexec("/sbin/kldload ipfw");
+
+ /* stop accounting on all clients */
+ captiveportal_radius_stop_all() ;
+
+ /* remove old information */
+ unlink_if_exists("{$g['vardb_path']}/captiveportal.nextrule");
+ unlink_if_exists("{$g['vardb_path']}/captiveportal.db");
+ unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db");
+ unlink_if_exists("{$g['vardb_path']}/captiveportal_ip.db");
+ unlink_if_exists("{$g['vardb_path']}/captiveportal_radius.db");
+
+ /* write portal page */
+ if ($config['captiveportal']['page']['htmltext'])
+ $htmltext = base64_decode($config['captiveportal']['page']['htmltext']);
+ else {
+ /* example/template page */
+ $htmltext = <<<EOD
+<html>
+<head>
+<title>m0n0wall captive portal</title>
+</head>
+<body>
+<h2>m0n0wall captive portal</h2>
+<p>This is the default captive portal page. Please upload your own custom HTML file on the <em>Services: Captive portal</em> screen in the m0n0wall webGUI.</p>
+<form method="post" action="">
+ <input name="accept" type="submit" value="Continue">
+</form>
+</body>
+</html>
+
+EOD;
+ }
+
+ $fd = @fopen("{$g['varetc_path']}/captiveportal.html", "w");
+ if ($fd) {
+ fwrite($fd, $htmltext);
+ fclose($fd);
+ }
+
+ /* write error page */
+ if ($config['captiveportal']['page']['errtext'])
+ $errtext = base64_decode($config['captiveportal']['page']['errtext']);
+ else {
+ /* example page */
+ $errtext = <<<EOD
+<html>
+<head>
+<title>Authentication error</title>
+</head>
+<body>
+<font color="#cc0000"><h2>Authentication error</h2></font>
+<b>
+Username and/or password invalid.
+<br><br>
+<a href="javascript:history.back()">Go back</a>
+</b>
+</body>
+</html>
+
+EOD;
+ }
+
+ $fd = @fopen("{$g['varetc_path']}/captiveportal-error.html", "w");
+ if ($fd) {
+ fwrite($fd, $errtext);
+ fclose($fd);
+ }
+
+ /* load rules */
+ mwexec("/sbin/ipfw -f delete set 1");
+ mwexec("/sbin/ipfw -f delete set 2");
+ mwexec("/sbin/ipfw -f delete set 3");
+
+ /* XXX - seems like ipfw cannot accept rules directly on stdin,
+ so we have to write them to a temporary file first */
+ $fd = @fopen("{$g['tmp_path']}/ipfw.cp.rules", "w");
+ if (!$fd) {
+ printf("Cannot open ipfw.cp.rules in captiveportal_configure()\n");
+ return 1;
+ }
+
+ fwrite($fd, $cprules);
+ fclose($fd);
+
+ mwexec("/sbin/ipfw {$g['tmp_path']}/ipfw.cp.rules");
+
+ unlink("{$g['tmp_path']}/ipfw.cp.rules");
+
+ /* filter on layer2 as well so we can check MAC addresses */
+ mwexec("/sbin/sysctl net.link.ether.ipfw=1");
+
+ chdir($g['captiveportal_path']);
+
+ /* start web server */
+ mwexec("/usr/local/sbin/mini_httpd -a -M 0 -u root -maxproc 16" .
+ " -p 8000 -i {$g['varrun_path']}/mini_httpd.cp.pid");
+
+ /* start pruning process (interval = 60 seconds) */
+ mwexec("/usr/local/bin/minicron 60 {$g['varrun_path']}/minicron.pid " .
+ "/etc/rc.prunecaptiveportal");
+
+ /* generate passthru mac database */
+ captiveportal_passthrumac_configure() ;
+ /* create allowed ip database and insert ipfw rules to make it so */
+ captiveportal_allowedip_configure() ;
+
+ /* generate radius server database */
+ if($config['captiveportal']['radiusip']) {
+ $radiusip = $config['captiveportal']['radiusip'] ;
+
+ if($config['captiveportal']['radiusport'])
+ $radiusport = $config['captiveportal']['radiusport'] ;
+
+ if($config['captiveportal']['radiuskey'])
+ $radiuskey = $config['captiveportal']['radiuskey'] ;
+
+ $fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w");
+ if (!$fd) {
+ printf("Error: cannot open radius DB file in captiveportal_configure().\n");
+ return 1;
+ } else {
+ fwrite($fd,$radiusip . "," . $radiusport . "," . $radiuskey) ;
+ }
+ fclose($fd) ;
+ }
+
+
+ if ($g['booting'])
+ echo "done\n";
+
+ } else {
+ killbypid("{$g['varrun_path']}/mini_httpd.cp.pid");
+ killbypid("{$g['varrun_path']}/minicron.pid");
+ captiveportal_radius_stop_all() ;
+ mwexec("/sbin/sysctl net.link.ether.ipfw=0");
+ if (!isset($config['shaper']['enable'])) {
+ /* unload ipfw */
+ mwexec("/sbin/kldunload ipfw");
+ } else {
+ /* shaper is on - just remove our rules */
+ mwexec("/sbin/ipfw -f delete set 1");
+ mwexec("/sbin/ipfw -f delete set 2");
+ mwexec("/sbin/ipfw -f delete set 3");
+ }
+ }
+
+ return 0;
+}
+
+function captiveportal_rules_generate() {
+ global $config, $g;
+
+ $cpifn = $config['captiveportal']['interface'];
+ $cpif = $config['interfaces'][$cpifn]['if'];
+ $cpip = $config['interfaces'][$cpifn]['ipaddr'];
+
+ /* note: the captive portal daemon inserts all pass rules for authenticated
+ clients as skipto 50000 rules to make traffic shaping work */
+
+ $cprules = "";
+
+ /* captive portal on LAN interface? */
+ if ($cpifn == "lan") {
+ /* add anti-lockout rules */
+ $cprules .= <<<EOD
+add 500 set 1 pass all from $cpip to any out via $cpif
+add 501 set 1 pass all from any to $cpip in via $cpif
+
+EOD;
+ }
+
+ $cprules .= <<<EOD
+# skip to traffic shaper if not on captive portal interface
+add 1000 set 1 skipto 50000 all from any to any not layer2 not via $cpif
+# pass all layer2 traffic on other interfaces
+add 1001 set 1 pass layer2 not via $cpif
+
+# layer 2: pass ARP
+add 1100 set 1 pass layer2 mac-type arp
+# layer 2: block anything else non-IP
+add 1101 set 1 deny layer2 not mac-type ip
+# layer 2: check if MAC addresses of authenticated clients are correct
+add 1102 set 1 skipto 20000 layer2
+
+# allow access to our DHCP server (which needs to be able to ping clients as well)
+add 1200 set 1 pass udp from any 68 to 255.255.255.255 67 in
+add 1201 set 1 pass udp from any 68 to $cpip 67 in
+add 1202 set 1 pass udp from $cpip 67 to any 68 out
+add 1203 set 1 pass icmp from $cpip to any out icmptype 8
+add 1204 set 1 pass icmp from any to $cpip in icmptype 0
+
+# allow access to our DNS forwarder
+add 1300 set 1 pass udp from any to $cpip 53 in
+add 1301 set 1 pass udp from $cpip 53 to any out
+
+# ... 10000-19899: rules per authenticated client go here...
+
+# redirect non-authenticated clients to captive portal
+add 19900 set 1 fwd 127.0.0.1,8000 tcp from any to any 80 in
+# let the responses from the captive portal web server back out
+add 19901 set 1 pass tcp from any 80 to any out
+# block everything else
+add 19902 set 1 deny all from any to any
+
+# ... 20000-29899: layer2 block rules per authenticated client go here...
+
+# pass everything else on layer2
+add 29900 set 1 pass all from any to any layer2
+
+EOD;
+
+ return $cprules;
+}
+
+/* remove clients that have been around for longer than the specified amount of time */
+/* db file structure: timestamp,ipfw_rule_no,clientip,clientmac */
+function captiveportal_prune_old() {
+
+ global $g, $config;
+
+ /* check for expired entries */
+ if ($config['captiveportal']['timeout'])
+ $timeout = $config['captiveportal']['timeout'] * 60;
+ else
+ $timeout = 0;
+
+ if ($config['captiveportal']['idletimeout'])
+ $idletimeout = $config['captiveportal']['idletimeout'] * 60;
+ else
+ $idletimeout = 0;
+
+ if (!$timeout && !$idletimeout)
+ return;
+
+ captiveportal_lock();
+
+ /* read database */
+ $cpdb = captiveportal_read_db();
+
+ for ($i = 0; $i < count($cpdb); $i++) {
+
+ $timedout = false;
+
+ /* hard timeout? */
+ if ($timeout) {
+ if ((time() - $cpdb[$i][0]) >= $timeout)
+ $timedout = true;
+ }
+
+ /* if an idle timeout is specified, get last activity timestamp from ipfw */
+ if (!$timedout && $idletimeout) {
+ $lastact = captiveportal_get_last_activity($cpdb[$i][1]);
+ if ($lastact && ((time() - $lastact) >= $idletimeout))
+ $timedout = true;
+ }
+
+ if ($timedout) {
+ /* this client needs to be deleted - remove ipfw rules */
+ if(isset($config['captiveportal']['radacct_enable']) &&
+ file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+ $cpdb[$i][4], // username
+ $cpdb[$i][0], // start time
+ $config['captiveportal']['radiusip'],
+ $config['captiveportal']['radiusport'],
+ $config['captiveportal']['radiuskey'] ) ;
+ }
+ mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
+ unset($cpdb[$i]);
+ }
+ }
+
+ /* write database */
+ captiveportal_write_db($cpdb);
+
+ captiveportal_unlock();
+}
+
+/* remove a single client by ipfw rule number */
+function captiveportal_disconnect_client($id) {
+
+ global $g, $config;
+
+ captiveportal_lock();
+
+ /* read database */
+ $cpdb = captiveportal_read_db();
+
+ /* find entry */
+ for ($i = 0; $i < count($cpdb); $i++) {
+ if ($cpdb[$i][1] == $id) {
+ /* this client needs to be deleted - remove ipfw rules */
+ if(isset($config['captiveportal']['radacct_enable']) &&
+ file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+ $cpdb[$i][4], // username
+ $cpdb[$i][0], // start time
+ $config['captiveportal']['radiusip'],
+ $config['captiveportal']['radiusport'],
+ $config['captiveportal']['radiuskey'] ) ;
+ }
+ mwexec("/sbin/ipfw delete " . $cpdb[$i][1] . " " . ($cpdb[$i][1]+10000));
+ unset($cpdb[$i]);
+ break;
+ }
+ }
+
+ /* write database */
+ captiveportal_write_db($cpdb);
+
+ captiveportal_unlock();
+}
+
+/* send RADIUS acct stop for all current clients */
+function captiveportal_radius_stop_all() {
+ global $g, $config ;
+
+ if(!isset($config['captiveportal']['radacct_enable']) ||
+ !file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
+ return ;
+ }
+
+ captiveportal_lock() ;
+ $cpdb = captiveportal_read_db() ;
+ for ($i = 0; $i < count($cpdb); $i++) {
+ RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
+ $cpdb[$i][4], // username
+ $cpdb[$i][0], // start time
+ $config['captiveportal']['radiusip'],
+ $config['captiveportal']['radiusport'],
+ $config['captiveportal']['radiuskey'] ) ;
+ }
+ captiveportal_unlock() ;
+}
+
+function captiveportal_passthrumac_configure() {
+ global $config, $g;
+
+ /* clear out passthru macs, if necessary */
+ if (file_exists("{$g['vardb_path']}/captiveportal_mac.db")) {
+ unlink("{$g['vardb_path']}/captiveportal_mac.db");
+ }
+
+ if (is_array($config['captiveportal']['passthrumac'])) {
+
+ $fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db", "w");
+ if (!$fd) {
+ printf("Error: cannot open passthru mac DB file in captiveportal_passthrumac_configure().\n");
+ return 1;
+ }
+
+ foreach ($config['captiveportal']['passthrumac'] as $macent) {
+ /* record passthru mac so it can be recognized and let thru */
+ fwrite($fd, $macent['mac'] . "\n");
+ }
+
+ fclose($fd);
+ }
+
+ return 0;
+}
+
+function captiveportal_allowedip_configure() {
+ global $config, $g;
+
+ captiveportal_lock() ;
+
+ /* clear out existing allowed ips, if necessary */
+ if (file_exists("{$g['vardb_path']}/captiveportal_ip.db")) {
+ $fd = @fopen("{$g['vardb_path']}/captiveportal_ip.db", "r");
+ if ($fd) {
+ while (!feof($fd)) {
+ $line = trim(fgets($fd));
+ if($line) {
+ list($ip,$rule) = explode(",",$line);
+ mwexec("/sbin/ipfw delete $rule") ;
+ }
+ }
+ }
+ fclose($fd) ;
+ unlink("{$g['vardb_path']}/captiveportal_ip.db");
+ }
+
+ /* get next ipfw rule number */
+ if (file_exists("{$g['vardb_path']}/captiveportal.nextrule"))
+ $ruleno = trim(file_get_contents("{$g['vardb_path']}/captiveportal.nextrule"));
+ if (!$ruleno)
+ $ruleno = 10000; /* first rule number */
+
+ if (is_array($config['captiveportal']['allowedip'])) {
+
+ $fd = @fopen("{$g['vardb_path']}/captiveportal_ip.db", "w");
+ if (!$fd) {
+ printf("Error: cannot open allowed ip DB file in captiveportal_allowedip_configure().\n");
+ captiveportal_unlock() ;
+ return 1;
+ }
+
+ foreach ($config['captiveportal']['allowedip'] as $ipent) {
+ /* record allowed ip so it can be recognized and removed later */
+ fwrite($fd, $ipent['ip'] . "," . $ruleno ."\n");
+ /* insert ipfw rule to allow ip thru */
+ if($ipent['dir'] == "from") {
+ mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from ".$ipent['ip']." to any in") ;
+ mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to ".$ipent['ip']." out") ;
+ } else {
+ mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from any to ".$ipent['ip']." in") ;
+ mwexec("/sbin/ipfw add $ruleno set 2 skipto 50000 ip from ".$ipent['ip']." to any out") ;
+ }
+ $ruleno++ ;
+ if ($ruleno > 19899)
+ $ruleno = 10000;
+ }
+
+ fclose($fd);
+
+ /* write next rule number */
+ $fd = @fopen("{$g['vardb_path']}/captiveportal.nextrule", "w");
+ if ($fd) {
+ fwrite($fd, $ruleno);
+ fclose($fd);
+ }
+ }
+
+ captiveportal_unlock() ;
+ return 0;
+}
+
+/* get last activity timestamp given ipfw rule number */
+function captiveportal_get_last_activity($ruleno) {
+
+ exec("/sbin/ipfw -T list {$ruleno} 2>/dev/null", $ipfwoutput);
+
+ /* in */
+ if ($ipfwoutput[0]) {
+ $ri = explode(" ", $ipfwoutput[0]);
+ if ($ri[1])
+ return $ri[1];
+ }
+
+ return 0;
+}
+
+/* read captive portal DB into array */
+function captiveportal_read_db() {
+
+ global $g;
+
+ $cpdb = array();
+ $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r");
+ if ($fd) {
+ while (!feof($fd)) {
+ $line = trim(fgets($fd));
+ if ($line) {
+ $cpdb[] = explode(",", $line);
+ }
+ }
+ fclose($fd);
+ }
+ return $cpdb;
+}
+
+/* write captive portal DB */
+function captiveportal_write_db($cpdb) {
+
+ global $g;
+
+ $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w");
+ if ($fd) {
+ foreach ($cpdb as $cpent) {
+ fwrite($fd, join(",", $cpent) . "\n");
+ }
+ fclose($fd);
+ }
+}
+
+/* lock captive portal information, decide that the lock file is stale after
+ 10 seconds */
+function captiveportal_lock() {
+
+ global $g;
+
+ $lockfile = "{$g['varrun_path']}/captiveportal.lock";
+
+ $n = 0;
+ while ($n < 10) {
+ /* open the lock file in append mode to avoid race condition */
+ if ($fd = @fopen($lockfile, "x")) {
+ /* succeeded */
+ fclose($fd);
+ return;
+ } else {
+ /* file locked, wait and try again */
+ sleep(1);
+ $n++;
+ }
+ }
+}
+
+/* unlock configuration file */
+function captiveportal_unlock() {
+
+ global $g;
+
+ $lockfile = "{$g['varrun_path']}/captiveportal.lock";
+
+ if (file_exists($lockfile))
+ unlink($lockfile);
+}
+
+?>
$cfgdevice = $cfgpartition = "fd0";
$cfgfstype = "msdos";
} else {
- /* probe ad0...ad3 until we find the one with config.xml */
- for ($cfgn = 0; $cfgn <= 3; $cfgn++) {
- if (mwexec("/sbin/mount -r /dev/ad{$cfgn}a {$g['cf_path']}") == 0) {
+ /* probe kernel known disks until we find one with config.xml */
+ $disks = explode(" ", trim(preg_replace("/kern.disks: /", "", exec("/sbin/sysctl kern.disks"))));
+ foreach ($disks as $mountdisk) {
+ /* skip mfs mounted filesystems */
+ if (strstr($mountdisk, "md"))
+ continue;
+ if (mwexec("/sbin/mount -r /dev/{$mountdisk}a {$g['cf_path']}") == 0) {
if (file_exists("{$g['cf_conf_path']}/config.xml")) {
/* found it */
- $cfgdevice = "ad" . $cfgn;
+ $cfgdevice = $mountdisk;
$cfgpartition = $cfgdevice . "a";
$cfgfstype = "ufs";
echo "Found configuration on $cfgdevice.\n";
*******************************************************************************
-* FATAL ERROR *
-* The device that contains the configuration file (config.xml) could not be *
-* found. m0n0wall cannot continue booting. *
+* FATAL ERROR *
+* The device that contains the configuration file (config.xml) could not be *
+* found. m0n0wall cannot continue booting. *
*******************************************************************************
*******************************************************************************
-* WARNING! *
+* WARNING! *
* The current configuration has been created with a newer version of m0n0wall *
-* than this one! This can lead to serious misbehavior and even security *
-* holes! You are urged to either upgrade to a newer version of m0n0wall or *
-* revert to the default configuration immediately! *
+* than this one! This can lead to serious misbehavior and even security *
+* holes! You are urged to either upgrade to a newer version of m0n0wall or *
+* revert to the default configuration immediately! *
*******************************************************************************
fwrite($fd, $ipfrules);
pclose($fd);
+ /* set up MSS clamping */
+ $wanif = get_real_wan_interface();
+
+ if ($config['interfaces']['wan']['mtu'])
+ $mssclamp = $config['interfaces']['wan']['mtu'] - 40;
+ else if ($config['interfaces']['wan']['ipaddr'] == "pppoe")
+ $mssclamp = 1452;
+ else
+ $mssclamp = 0;
+
+ mwexec("/sbin/sysctl net.inet.ipf.fr_mssif={$wanif}");
+ mwexec("/sbin/sysctl net.inet.ipf.fr_mssclamp={$mssclamp}");
+
if ($g['booting'])
echo "done\n";
return mwexec("/sbin/ipf -FS");
}
-function filter_nat_rules_generate_if($if, $src, $dst, $target, $mssclamp) {
+function filter_nat_rules_generate_if($if, $src, $dst, $target) {
if ($target)
$tgt = $target . "/32";
$tgt = "0/32";
$natrule = <<<EOD
-map $if $src $dst -> {$tgt} proxy port ftp ftp/tcp $mssclamp
-map $if $src $dst -> {$tgt} portmap tcp/udp auto $mssclamp
-map $if $src $dst -> {$tgt} $mssclamp
+map $if $src $dst -> {$tgt} proxy port ftp ftp/tcp
+map $if $src $dst -> {$tgt} portmap tcp/udp auto
+map $if $src $dst -> {$tgt}
EOD;
$pptpdcfg = $config['pptpd'];
$wanif = get_real_wan_interface();
- if ($wancfg['mtu'])
- $mssclamp = "mssclamp " . ($wancfg['mtu'] - 40);
- else if ($wancfg['ipaddr'] == "pppoe")
- $mssclamp = "mssclamp 1452";
- else
- $mssclamp = "";
-
$lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
$natrules = "";
$sn = 32;
else
$sn = $natent['subnet'];
- $natrules .= "bimap {$wanif} {$natent['internal']}/{$sn} -> {$natent['external']}/{$sn}\n";
+
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ $natif = $wanif;
+ else
+ $natif = $config['interfaces'][$natent['interface']]['if'];
+
+ $natrules .= "bimap {$natif} {$natent['internal']}/{$sn} -> {$natent['external']}/{$sn}\n";
}
}
}
$src .= $obent['source']['network'];
- $natrules .= filter_nat_rules_generate_if($wanif, $src, $dst,
- $obent['target'], $mssclamp);
+ if (!$obent['interface'] || ($obent['interface'] == "wan"))
+ $natif = $wanif;
+ else
+ $natif = $config['interfaces'][$obent['interface']]['if'];
+
+ $natrules .= filter_nat_rules_generate_if($natif, $src, $dst,
+ $obent['target']);
}
}
} else {
/* standard outbound rules (one for each interface) */
$natrules .= filter_nat_rules_generate_if($wanif,
- $lansa . "/" . $lancfg['subnet'], "", null, $mssclamp);
+ $lansa . "/" . $lancfg['subnet'], "", null);
/* optional interfaces */
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$optcfg = $config['interfaces']['opt' . $i];
- if (isset($optcfg['enable'])) {
+ if (isset($optcfg['enable']) && !$optcfg['bridge']) {
$optsa = gen_subnet($optcfg['ipaddr'], $optcfg['subnet']);
$natrules .= filter_nat_rules_generate_if($wanif,
- $optsa . "/" . $optcfg['subnet'], "", null, $mssclamp);
+ $optsa . "/" . $optcfg['subnet'], "", null);
+ }
+ }
+
+ /* PPTP subnet */
+ if ($pptpdcfg['mode'] == "server") {
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ $pptpdcfg['remoteip'] . "/" . $g['pptp_subnet'], "", null);
+ }
+
+ /* static routes */
+ if (is_array($config['staticroutes']['route'])) {
+ foreach ($config['staticroutes']['route'] as $route) {
+ $natrules .= filter_nat_rules_generate_if($wanif,
+ $route['network'], "", null);
}
}
}
else
$extaddr = "0/0";
+ if (!$rule['interface'] || ($rule['interface'] == "wan"))
+ $natif = $wanif;
+ else
+ $natif = $config['interfaces'][$rule['interface']]['if'];
+
if ((!$extport[1]) || ($extport[0] == $extport[1])) {
$natrules .=
- "rdr $wanif {$extaddr} port {$extport[0]} -> {$target} " .
+ "rdr $natif {$extaddr} port {$extport[0]} -> {$target} " .
"port {$rule['local-port']} {$rule['protocol']}";
} else {
$natrules .=
- "rdr $wanif {$extaddr} port {$extport[0]}-{$extport[1]} " .
+ "rdr $natif {$extaddr} port {$extport[0]}-{$extport[1]} " .
"-> {$target} " .
"port {$rule['local-port']} {$rule['protocol']}";
}
-
- $natrules .= " {$mssclamp}";
$natrules .= "\n";
}
# PPTP
rdr $wanif 0/0 port 0 -> $pptpdtarget port 0 gre
-rdr $wanif 0/0 port 1723 -> $pptpdtarget port 1723 tcp {$mssclamp}
+rdr $wanif 0/0 port 1723 -> $pptpdtarget port 1723 tcp
EOD;
}
$oic['if'] = $oc['if'];
if ($oc['bridge']) {
- $oic['ip'] = $config['interfaces'][$oc['bridge']]['ipaddr'];
- $oic['sn'] = $config['interfaces'][$oc['bridge']]['subnet'];
+ if (!strstr($oc['bridge'], "opt") ||
+ isset($config['interfaces'][$oc['bridge']]['enable'])) {
+ if (is_ipaddr($config['interfaces'][$oc['bridge']]['ipaddr'])) {
+ $oic['ip'] = $config['interfaces'][$oc['bridge']]['ipaddr'];
+ $oic['sn'] = $config['interfaces'][$oc['bridge']]['subnet'];
+ $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
+ }
+ }
$oic['bridge'] = 1;
} else {
$oic['ip'] = $oc['ipaddr'];
$oic['sn'] = $oc['subnet'];
+ $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
}
- $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
$optcfg['opt' . $i] = $oic;
$ifgroups['opt' . $i] = ($i * 100) + 200;
}
/* allow access to DHCP server on optional interfaces */
foreach ($optcfg as $on => $oc) {
- if (isset($config['dhcpd'][$on]['enable'])) {
+ if (isset($config['dhcpd'][$on]['enable']) && (!$oc['bridge'])) {
$ipfrules .= <<<EOD
# allow access to DHCP server on {$on}
EOD;
}
}
+
+ /* pass traffic between statically routed subnets and the subnet on the
+ interface in question to avoid problems with complicated routing
+ topologies */
+ if (is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) {
+ foreach ($config['staticroutes']['route'] as $route) {
+ unset($sa);
+
+ if ($route['interface'] == "lan") {
+ $sa = $lansa;
+ $sn = $lansn;
+ $if = $lanif;
+ } else if (strstr($route['interface'], "opt")) {
+ $oc = $optcfg[$route['interface']];
+ if ($oc['ip']) {
+ $sa = $oc['sa'];
+ $sn = $oc['sn'];
+ $if = $oc['if'];
+ }
+ }
+
+ if ($sa) {
+ $ipfrules .= <<<EOD
+pass in quick on {$if} from {$sa}/{$sn} to {$route['network']}
+pass in quick on {$if} from {$route['network']} to {$sa}/{$sn}
+pass out quick on {$if} from {$sa}/{$sn} to {$route['network']}
+pass out quick on {$if} from {$route['network']} to {$sa}/{$sn}
+
+EOD;
+ }
+ }
+ }
$ipfrules .= <<<EOD
/* OPT spoof check */
foreach ($optcfg as $on => $oc) {
- $ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'], $oc['sn'], $log);
+ if ($oc['ip'])
+ $ipfrules .= filter_rules_spoofcheck_generate($on, $oc['if'], $oc['sa'], $oc['sn'], $log);
}
/* block private networks on WAN? */
$ipfrules .= filter_rules_ipsec_generate($lanif, $lanip);
foreach ($optcfg as $on => $oc) {
- $ipfrules .= filter_rules_ipsec_generate($oc['if'], $oc['ip']);
+ if ($oc['ip'])
+ $ipfrules .= filter_rules_ipsec_generate($oc['if'], $oc['ip']);
}
}
pass in quick proto gre from any to $pptpdtarget keep state group 200
pass in quick proto tcp from any to $pptpdtarget port = 1723 keep state group 200
+EOD;
+ }
+
+ /* BigPond client enabled? */
+ if ($wancfg['ipaddr'] == "bigpond") {
+
+ $ipfrules .= <<<EOD
+
+# BigPond heartbeat rules
+pass in quick proto udp from any to any port = 5050 keep state group 200
+
EOD;
}
/* does the rule deal with a PPTP interface? */
if ($rule['interface'] == "pptp") {
- if ($pptpdcfg['mode'] != "server")
+ if ($pptpdcfg['mode'] != "server") {
+ $i++;
continue;
+ }
$nif = $g['n_pptp_units'];
$ispptp = true;
} else {
if (strstr($rule['interface'], "opt")) {
- if (!array_key_exists($rule['interface'], $optcfg))
+ if (!array_key_exists($rule['interface'], $optcfg)) {
+ $i++;
continue;
+ }
}
$nif = 1;
if ($pptpdcfg['mode'] != "server") {
if (($rule['source']['network'] == "pptp") ||
- ($rule['destination']['network'] == "pptp"))
+ ($rule['destination']['network'] == "pptp")) {
+ $i++;
continue;
+ }
}
if ($rule['source']['network'] && strstr($rule['source']['network'], "opt")) {
- if (!array_key_exists($rule['source']['network'], $optcfg))
+ if (!array_key_exists($rule['source']['network'], $optcfg)) {
+ $i++;
continue;
+ }
}
if ($rule['destination']['network'] && strstr($rule['destination']['network'], "opt")) {
- if (!array_key_exists($rule['destination']['network'], $optcfg))
+ if (!array_key_exists($rule['destination']['network'], $optcfg)) {
+ $i++;
continue;
+ }
}
/* check for unresolvable aliases */
- if ($rule['source']['address'] && !alias_expand($rule['source']['address']))
+ if ($rule['source']['address'] && !alias_expand($rule['source']['address'])) {
+ $i++;
continue;
- if ($rule['destination']['address'] && !alias_expand($rule['destination']['address']))
+ }
+ if ($rule['destination']['address'] && !alias_expand($rule['destination']['address'])) {
+ $i++;
continue;
+ }
for ($iif = 0; $iif < $nif; $iif++) {
$src = alias_expand($rule['source']['address']);
}
- if (!$src) {
- printf("No source address found in rule $i\n");
+ if (!$src || ($src == "/")) {
+ //printf("No source address found in rule $i\n");
break;
}
$dst = alias_expand($rule['destination']['address']);
}
- if (!$dst) {
- printf("No destination address found in rule $i\n");
+ if (!$dst || ($dst == "/")) {
+ //printf("No destination address found in rule $i\n");
break;
}
require_once("filter.inc");
require_once("shaper.inc");
require_once("vpn.inc");
+require_once("captiveportal.inc");
?>
"varrun_path" => "/var/run",
"varetc_path" => "/var/etc",
"vardb_path" => "/var/db",
+ "varlog_path" => "/var/log",
"etc_path" => "/etc",
"tmp_path" => "/tmp",
"conf_path" => "/conf",
"cf_path" => "/cf",
"cf_conf_path" => "/cf/conf",
"www_path" => "/usr/local/www",
+ "captiveportal_path" => "/usr/local/captiveportal",
"xml_rootobj" => "m0n0wall",
"pppoe_interface" => "ng0",
"n_pptp_units" => 16,
return 0;
}
+function interfaces_vlan_configure() {
+ global $config, $g;
+
+ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
+
+ /* load the VLAN module */
+ mwexec("/sbin/kldload if_vlan");
+
+ /* devices with native VLAN support */
+ $vlan_native_supp = explode(" ", "bge em gx nge ti txp");
+
+ /* devices with long frame support */
+ $vlan_long_supp = explode(" ", "dc fxp sis ste tl tx xl");
+
+ $i = 0;
+
+ foreach ($config['vlans']['vlan'] as $vlan) {
+
+ $cmd = "/sbin/ifconfig vlan{$i} create vlan " .
+ escapeshellarg($vlan['tag']) . " vlandev " .
+ escapeshellarg($vlan['if']);
+
+ /* get driver name */
+ for ($j = 0; $j < strlen($vlan['if']); $j++) {
+ if ($vlan['if'][$j] >= '0' && $vlan['if'][$j] <= '9')
+ break;
+ }
+ $drvname = substr($vlan['if'], 0, $j);
+
+ if (in_array($drvname, $vlan_native_supp))
+ $cmd .= " link0";
+ else if (in_array($drvname, $vlan_long_supp))
+ $cmd .= " mtu 1500";
+
+ mwexec($cmd);
+ $i++;
+ }
+ }
+
+ return 0;
+}
+
function interfaces_lan_configure() {
global $config, $g;
if (file_exists("{$g['varetc_path']}/mpd.links")) {
unlink("{$g['varetc_path']}/mpd.links");
}
+ /* remove ipsec.wanip, if it exists */
+ if (file_exists("{$g['vardb_path']}/ipsec.wanip")) {
+ unlink("{$g['vardb_path']}/ipsec.wanip");
+ }
+ /* remove bigpond.wanip, if it exists */
+ if (file_exists("{$g['vardb_path']}/bigpond.wanip")) {
+ unlink("{$g['vardb_path']}/bigpond.wanip");
+ }
}
/* remove all addresses first */
interfaces_wan_pptp_configure();
break;
+ case 'bigpond':
+ /* just configure DHCP for now; fire up bpalogin when we've got the lease */
+ interfaces_wan_dhcp_configure();
+ break;
+
default:
mwexec("/sbin/ifconfig " . escapeshellarg($wancfg['if']) . " " .
escapeshellarg($wancfg['ipaddr'] . "/" . $wancfg['subnet']));
set link mtu 1492
set ipcp yes vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
+ set ipcp enable req-pri-dns
+ set ipcp enable req-sec-dns
open iface
-
+
EOD;
fwrite($fd, $mpdconf);
set link type pppoe
set pppoe iface {$wancfg['if']}
set pppoe service "{$pppoecfg['provider']}"
-
+ set pppoe enable originate
+ set pppoe disable incoming
+
EOD;
fwrite($fd, $mpdconf);
set link accept chap
set ipcp no vjcomp
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
+ set ipcp enable req-pri-dns
+ set ipcp enable req-sec-dns
open
-
+
EOD;
fwrite($fd, $mpdconf);
$mpdconf = <<<EOD
pptp:
set link type pptp
- set pptp mode active
set pptp enable originate outcall
+ set pptp disable windowing
set pptp self {$pptpcfg['local']}
set pptp peer {$pptpcfg['remote']}
-
+
EOD;
fwrite($fd, $mpdconf);
return 0;
}
+function interfaces_wan_bigpond_configure() {
+ global $config, $g;
+
+ $bpcfg = $config['bigpond'];
+
+ $curwanip = get_current_wan_address();
+
+ if (!$curwanip) {
+ /* IP address not configured yet, exit */
+ return 0;
+ }
+
+ /* dhclient told us that the IP address has changed;
+ let's see if that's really true to avoid reloading bpalogin
+ when it's not really necessary (dhclient likes to
+ execute its dhclient-exit-hooks also on renewals)
+ */
+ if (file_exists("{$g['vardb_path']}/bigpond.wanip")) {
+ $oldwanip = chop(file_get_contents("{$g['vardb_path']}/bigpond.wanip"));
+
+ if ($curwanip == $oldwanip)
+ return 0; /* nothing to do */
+ }
+
+ /* write current WAN IP to file */
+ $fd = fopen("{$g['vardb_path']}/bigpond.wanip", "w");
+ if ($fd) {
+ fwrite($fd, $curwanip);
+ fclose($fd);
+ }
+
+ /* kill bpalogin */
+ killbyname("bpalogin");
+
+ /* wait a moment */
+ sleep(1);
+
+ /* get the default domain */
+ $nfd = @fopen("{$g['varetc_path']}/defaultdomain.conf", "r");
+ if ($nfd) {
+ $defaultdomain = trim(fgets($nfd));
+ fclose($nfd);
+ }
+
+ /* generate bpalogin.conf */
+ $fd = fopen("{$g['varetc_path']}/bpalogin.conf", "w");
+ if (!$fd) {
+ printf("Error: cannot open bpalogin.conf in interfaces_wan_bigpond_configure().\n");
+ return 1;
+ }
+
+ if (!$bpcfg['authserver'])
+ $bpcfg['authserver'] = "dce-server";
+ if (!$bpcfg['authdomain'])
+ $bpcfg['authdomain'] = $defaultdomain;
+
+ $bpconf = <<<EOD
+username {$bpcfg['username']}
+password {$bpcfg['password']}
+authserver {$bpcfg['authserver']}
+authdomain {$bpcfg['authdomain']}
+localport 5050
+
+EOD;
+
+ if ($bpcfg['minheartbeatinterval'])
+ $bpconf .= "minheartbeatinterval {$bpcfg['minheartbeatinterval']}\n";
+
+ fwrite($fd, $bpconf);
+ fclose($fd);
+
+ /* fire up bpalogin */
+ mwexec("/usr/local/sbin/bpalogin -c {$g['varetc_path']}/bpalogin.conf");
+
+ return 0;
+}
+
function get_real_wan_interface() {
global $config, $g;
$wancfg = $config['interfaces']['wan'];
- if (in_array($wancfg['ipaddr'], array('pppoe','dhcp','pptp'))) {
+ if (in_array($wancfg['ipaddr'], array('pppoe','dhcp','pptp','bigpond'))) {
/* dynamic WAN IP address, find out which one */
$wanif = get_real_wan_interface();
printf("Error: cannot open dhcpd.conf in services_dhcpd_configure().\n");
return 1;
}
-
- $dnscfg = "";
- if (isset($config['dnsmasq']['enable'])) {
- $dnscfg = "option domain-name-servers " . $config['interfaces']['lan']['ipaddr'] . ";";
- } else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
- $dnscfg = "option domain-name-servers " . join(",", $syscfg['dnsserver']) . ";";
- }
$dhcpdconf = <<<EOD
option domain-name "{$syscfg['domain']}";
-$dnscfg
default-lease-time 7200;
max-lease-time 86400;
authoritative;
$subnet = gen_subnet($ifcfg['ipaddr'], $ifcfg['subnet']);
$subnetmask = gen_subnet_mask($ifcfg['subnet']);
+ $dnscfg = "";
+ if (isset($config['dnsmasq']['enable'])) {
+ $dnscfg = "option domain-name-servers " . $ifcfg['ipaddr'] . ";";
+ } else if (is_array($syscfg['dnsserver']) && ($syscfg['dnsserver'][0])) {
+ $dnscfg = "option domain-name-servers " . join(",", $syscfg['dnsserver']) . ";";
+ }\r
+\r
+ $dhcpdconf .= "subnet $subnet netmask $subnetmask {\n";\r
+ $dhcpdconf .= " pool {\n";\r
+ if (isset($dhcpifconf['denyunknown'])) \r
+ $dhcpdconf .= " deny unknown clients;\n";
+
$dhcpdconf .= <<<EOD
-subnet $subnet netmask $subnetmask {
- range {$dhcpifconf['range']['from']} {$dhcpifconf['range']['to']};
+ range {$dhcpifconf['range']['from']} {$dhcpifconf['range']['to']};
+ }
option routers {$ifcfg['ipaddr']};
+ $dnscfg
EOD;
$dhcpdconf .= <<<EOD
host s_{$dhcpif}_{$i} {
hardware ethernet {$sm['mac']};
- fixed-address {$sm['ipaddr']};
-}
EOD;
+ if ($sm['ipaddr'])
+ $dhcpdconf .= " fixed-address {$sm['ipaddr']};\n";
+
+ $dhcpdconf .= "}\n";
$i++;
}
}
if (is_array($config['proxyarp']) && count($config['proxyarp']) &&
(is_ipaddr($config['interfaces']['wan']['ipaddr']) ||
- ($config['interfaces']['wan']['ipaddr'] == "dhcp"))) {
+ ($config['interfaces']['wan']['ipaddr'] == "dhcp") ||
+ ($config['interfaces']['wan']['ipaddr'] == "bigpond"))) {
$args = $config['interfaces']['wan']['if'] . " auto";
mwexec("/sbin/sysctl net.inet.ip.fw.one_pass=1");
/* load shaper rules */
- mwexec("/sbin/ipfw -f flush");
+ mwexec("/sbin/ipfw -f delete set 4");
mwexec("/sbin/ipfw -f pipe flush");
/* XXX - seems like ipfw cannot accept rules directly on stdin,
echo "done\n";
} else {
- /* unload ipfw and dummynet */
mwexec("/sbin/sysctl net.link.ether.bridge_ipfw=0");
- mwexec("/sbin/kldunload dummynet");
- mwexec("/sbin/kldunload ipfw");
+ if (!isset($config['captiveportal']['enable'])) {
+ /* unload ipfw and dummynet */
+ mwexec("/sbin/kldunload dummynet");
+ mwexec("/sbin/kldunload ipfw");
+ } else {
+ /* captive portal is on - just remove our rules */
+ mwexec("/sbin/ipfw -f delete set 4");
+ mwexec("/sbin/ipfw -f pipe flush");
+ }
}
return 0;
$pptpsn = $g['pptp_subnet'];
}
+ $rulei = 50000;
+
/* add a rule to pass all traffic from/to the firewall,
so the user cannot lock himself out of the webGUI */
- $shaperrules = "add pass all from $lanip to any\n";
- $shaperrules .= "add pass all from any to $lanip\n";
+ $shaperrules = "add $rulei set 4 pass all from $lanip to any\n"; $rulei++;
+ $shaperrules .= "add $rulei set 4 pass all from any to $lanip\n"; $rulei++;
/* generate rules */
if (isset($config['shaper']['rule']))
foreach ($config['shaper']['rule'] as $rule) {
+
+ /* don't include disabled rules */
+ if (isset($rule['disabled'])) {
+ $i++;
+ continue;
+ }
/* does the rule deal with a PPTP interface? */
if ($rule['interface'] == "pptp") {
- if ($pptpdcfg['mode'] != "server")
+ if ($pptpdcfg['mode'] != "server") {
+ $i++;
continue;
+ }
$nif = $g['n_pptp_units'];
$ispptp = true;
} else {
if (strstr($rule['interface'], "opt")) {
- if (!array_key_exists($rule['interface'], $optcfg))
+ if (!array_key_exists($rule['interface'], $optcfg)) {
+ $i++;
continue;
+ }
}
$nif = 1;
if ($pptpdcfg['mode'] != "server") {
if (($rule['source']['network'] == "pptp") ||
- ($rule['destination']['network'] == "pptp"))
+ ($rule['destination']['network'] == "pptp")) {
+ $i++;
continue;
+ }
}
if (strstr($rule['source']['network'], "opt")) {
- if (!array_key_exists($rule['source']['network'], $optcfg))
+ if (!array_key_exists($rule['source']['network'], $optcfg)) {
+ $i++;
continue;
+ }
}
if (strstr($rule['destination']['network'], "opt")) {
- if (!array_key_exists($rule['destination']['network'], $optcfg))
+ if (!array_key_exists($rule['destination']['network'], $optcfg)) {
+ $i++;
continue;
+ }
}
/* check for unresolvable aliases */
- if ($rule['source']['address'] && !alias_expand($rule['source']['address']))
+ if ($rule['source']['address'] && !alias_expand($rule['source']['address'])) {
+ $i++;
continue;
- if ($rule['destination']['address'] && !alias_expand($rule['destination']['address']))
+ }
+ if ($rule['destination']['address'] && !alias_expand($rule['destination']['address'])) {
+ $i++;
continue;
+ }
for ($iif = 0; $iif < $nif; $iif++) {
/* pipe or queue? */
if (isset($rule['targetpipe']) && isset($config['shaper']['pipe'][$rule['targetpipe']])) {
$pipen = $rule['targetpipe'] + 1;
- $line = "add pipe $pipen ";
+ $line = "add $rulei set 4 pipe $pipen "; $rulei++;
} else if (isset($rule['targetqueue']) && isset($config['shaper']['queue'][$rule['targetqueue']])) {
$queuen = $rule['targetqueue'] + 1;
- $line = "add queue $queuen ";
+ $line = "add $rulei set 4 queue $queuen "; $rulei++;
} else {
printf("Neither existing pipe nor queue found in rule $i\n");
break;
$line .= "from $src ";
}
- if (in_array($rule['protocol'], array("tcp","udp"))) {
+ if (!isset($rule['protocol']) || in_array($rule['protocol'], array("tcp","udp"))) {
if ($rule['source']['port']) {
$srcport = explode("-", $rule['source']['port']);
$line .= "to $dst ";
}
- if (in_array($rule['protocol'], array("tcp","udp"))) {
+ if (!isset($rule['protocol']) || in_array($rule['protocol'], array("tcp","udp"))) {
if ($rule['destination']['port']) {
$dstport = explode("-", $rule['destination']['port']);
if ($rule['iplen'])
$line .= "iplen {$rule['iplen']} ";
+ \r
+ if ($rule['iptos']) \r
+ $line .= "iptos {$rule['iptos']} ";
if ($rule['tcpflags'])
$line .= "tcpflags {$rule['tcpflags']} ";
fclose($fd);
$res = mwexec("/usr/local/sbin/mini_httpd -S -E {$g['varetc_path']}/cert.pem" .
- " -c \"**.php\" -u root $portarg" .
+ " -c \"**.php|**.cgi\" -u root -maxproc 16 $portarg" .
" -i {$g['varrun_path']}/mini_httpd.pid");
} else {
- $res = mwexec("/usr/local/sbin/mini_httpd -c \"**.php\" -u root" .
- " $portarg -i {$g['varrun_path']}/mini_httpd.pid");
+ $res = mwexec("/usr/local/sbin/mini_httpd -c \"**.php|**.cgi\" -u root" .
+ " -maxproc 16 $portarg -i {$g['varrun_path']}/mini_httpd.pid");
}
if ($g['booting']) {
function system_reboot() {
global $g;
+ system_reboot_cleanup();
+
mwexec("nohup /etc/rc.reboot > /dev/null 2>&1 &");
}
function system_reboot_sync() {
global $g;
+ system_reboot_cleanup();
+
mwexec("/etc/rc.reboot > /dev/null 2>&1");
}
+function system_reboot_cleanup() {
+ captiveportal_radius_stop_all();
+}
+
function system_do_shell_commands() {
global $config, $g;
}
}
+function system_do_extensions() {
+ global $config, $g;
+
+ if (!is_dir("{$g['etc_path']}/inc/ext"))
+ return;
+
+ $dh = @opendir("{$g['etc_path']}/inc/ext");
+ if ($dh) {
+ while (($extd = readdir($dh)) !== false) {
+ if (($extd === ".") || ($extd === ".."))
+ continue;
+ $rcfile = "{$g['etc_path']}/inc/ext/" . $extd . "/rc";
+ if (file_exists($rcfile))
+ passthru($rcfile);
+ }
+ closedir($dh);
+ }
+}
+
function system_console_configure() {
global $config, $g;
}
}
+function system_dmesg_save() {
+ global $g;
+
+ exec("/sbin/dmesg", $dmesg);
+
+ /* find last copyright line (output from previous boots may be present) */
+ $lastcpline = 0;
+
+ for ($i = 0; $i < count($dmesg); $i++) {
+ if (strstr($dmesg[$i], "Copyright (c) 1992-"))
+ $lastcpline = $i;
+ }
+
+ $fd = fopen("{$g['varlog_path']}/dmesg.boot", "w");
+ if (!$fd) {
+ printf("Error: cannot open dmesg.boot in system_dmesg_save().\n");
+ return 1;
+ }
+
+ for ($i = $lastcpline; $i < count($dmesg); $i++)
+ fwrite($fd, $dmesg[$i] . "\n");
+
+ fclose($fd);
+
+ return 0;
+}
+
?>
return long2ip(ip2long($ipaddr) & gen_subnet_mask_long($bits));
}
-/* return the highest address in the subnet given a host address and a subnet bit count */
+/* return the highest (broadcast) address in the subnet given a host address and a subnet bit count */
function gen_subnet_max($ipaddr, $bits) {
if (!is_ipaddr($ipaddr) || !is_numeric($bits))
return "";
- return long2ip(ip2long($ipaddr) | gen_subnet_mask_long($bits));
+ return long2ip(ip2long($ipaddr) | ~gen_subnet_mask_long($bits));
}
/* returns a subnet mask (long given a bit count) */
return long2ip(gen_subnet_mask_long($bits));
}
+function is_numericint($arg) {
+ return (preg_match("/[^0-9]/", $arg) ? false : true);
+}
+
/* returns true if $ipaddr is a valid dotted IPv4 address */
function is_ipaddr($ipaddr) {
if (!is_string($ipaddr))
return true;
}
-/* returns a list of interfaces with MAC addresses */
+/* returns a list of interfaces with MAC addresses
+ (skips VLAN and other virtual interfaces) */
function get_interface_list() {
global $g;
if (substr($ifname, -1) == "*")
$ifname = substr($ifname, 0, strlen($ifname) - 1);
- if (!preg_match("/^(ppp|sl|gif|faith|lo|ng|tun)/", $ifname)) {
+ if (!preg_match("/^(ppp|sl|gif|faith|lo|ng|tun|vlan)/", $ifname)) {
$iflist[$ifname] = array();
+
$iflist[$ifname]['mac'] = chop($alink[3]);
$iflist[$ifname]['up'] = false;
escapeshellarg($fname));
}
+/* obtain MAC address given an IP address by looking at the ARP table */
+function arp_get_mac_by_ip($ip) {
+ exec("/usr/sbin/arp -n {$ip}", $arpoutput);
+
+ if ($arpoutput[0]) {
+ $arpi = explode(" ", $arpoutput[0]);
+ $macaddr = $arpi[3];
+ if (is_macaddr($macaddr))
+ return $macaddr;
+ else
+ return false;
+ }
+
+ return false;
+}
+
?>
$syscfg = $config['system'];
$ipseccfg = $config['ipsec'];
$lancfg = $config['interfaces']['lan'];
+ $lanip = $lancfg['ipaddr'];
$lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']);
+ $lansn = $lancfg['subnet'];
if ($g['booting']) {
if (!isset($ipseccfg['enable']))
}
$spdconf = "";
+
+ $spdconf .= "spdadd {$lansa}/{$lansn} {$lanip}/32 any -P in none;\n";
+ $spdconf .= "spdadd {$lanip}/32 {$lansa}/{$lansn} any -P out none;\n";
+
foreach ($ipseccfg['tunnel'] as $tunnel) {
if (isset($tunnel['disabled']))
$myident = $tunnel['p1']['myident']['address'];
} else if (isset($tunnel['p1']['myident']['fqdn'])) {
$myidentt = "fqdn";
- $myident = $tunnel['p1']['myident']['fqdn'];
- }
+ $myident = $tunnel['p1']['myident']['fqdn'];\r
+ } else if (isset($tunnel['p1']['myident']['ufqdn'])) {\r
+ $myidentt = "user_fqdn";\r
+ $myident = $tunnel['p1']['myident']['ufqdn'];\r
+ }
$racoonconf .= <<<EOD
remote {$tunnel['remote-gateway']} \{
initial_contact on;
support_proxy on;
proposal_check obey;
+
proposal \{
encryption_algorithm {$tunnel['p1']['encryption-algorithm']};
hash_algorithm {$tunnel['p1']['hash-algorithm']};
} else if (isset($tunnel['p1']['myident']['fqdn'])) {
$myidentt = "fqdn";
$myident = $tunnel['p1']['myident']['fqdn'];
- }
+ } else if (isset($tunnel['p1']['myident']['ufqdn'])) {\r
+ $myidentt = "user_fqdn";\r
+ $myident = $tunnel['p1']['myident']['ufqdn'];\r
+ }
$racoonconf .= <<<EOD
remote anonymous \{
generate_policy on;
support_proxy on;
proposal_check obey;
+
proposal \{
encryption_algorithm {$tunnel['p1']['encryption-algorithm']};
hash_algorithm {$tunnel['p1']['hash-algorithm']};
fwrite($fd, $pskconf);
fclose($fd);
chmod("{$g['varetc_path']}/psk.txt", 0600);
-
+ \r
/* start racoon */
mwexec("/usr/local/sbin/racoon -d -f {$g['varetc_path']}/racoon.conf");
}
EOD;
for ($i = 0; $i < $g['n_pptp_units']; $i++) {
- $mpdconf .= " load pptpc{$i}\n";
+ $mpdconf .= " load pt{$i}\n";
}
for ($i = 0; $i < $g['n_pptp_units']; $i++) {
$mpdconf .= <<<EOD
-pptpc{$i}:
- new -i {$ngif} pptpc{$i} pptpc{$i}
+pt{$i}:
+ new -i {$ngif} pt{$i} pt{$i}
set ipcp ranges {$pptpdcfg['localip']}/32 {$clientip}/32
- load pptp_standard
+ load pts
EOD;
}
$mpdconf .= <<<EOD
-pptp_standard:
+pts:
set iface disable on-demand
set iface enable proxy-arp
+ set iface enable tcpmssfix
set iface idle 1800
set iface up-script /usr/local/sbin/vpn-linkup
set bundle enable multilink
for ($i = 0; $i < $g['n_pptp_units']; $i++) {
$mpdlinks .= <<<EOD
-
-pptpc{$i}:
+
+pt{$i}:
set link type pptp
set pptp enable incoming
set pptp disable originate
+ set pptp disable windowing
set pptp self 127.0.0.1
EOD;
if (is_array($pptpdcfg['user'])) {
foreach ($pptpdcfg['user'] as $user)
- $mpdsecret .= "{$user['name']} \"{$user['password']}\"\n";
+ $mpdsecret .= "{$user['name']} \"{$user['password']}\" {$user['ip']}\n";
}
fwrite($fd, $mpdsecret);
}
} else if ($adr['address']) {
list($sa,$sn) = explode("/", $adr['address']);
- if (!$sn)
+ if (is_null($sn))
$sn = 32;
}
} else {
*/
/* tags that are always to be handled as lists */
-$listtags = explode(" ", "rule user key dnsserver winsserver encryption-algorithm-option hash-algorithm-option hosts tunnel onetoone staticmap route alias pipe queue shellcmd mobilekey servernat proxyarpnet");
+$listtags = explode(" ", "rule user key dnsserver winsserver " .
+ "encryption-algorithm-option hash-algorithm-option hosts tunnel onetoone " .
+ "staticmap route alias pipe queue shellcmd mobilekey servernat " .
+ "proxyarpnet passthrumac allowedip wolentry vlan");
function startElement($parser, $name, $attrs) {
global $depth, $curpath, $config, $havedata, $listtags;
/* convert configuration, if necessary */
convert_config();
+ /* save dmesg output to file */
+ system_dmesg_save();
+
/* set up our timezone */
system_timezone_configure();
/* configure loopback interface */
interfaces_loopback_configure();
+ /* set up VLAN virtual interfaces */
+ interfaces_vlan_configure();
+
/* set up LAN interface */
interfaces_lan_configure();
/* start IPsec tunnels */
vpn_ipsec_configure();
+ /* start the captive portal */
+ captiveportal_configure();
+
+ /* execute the rc scripts of extensions */
+ system_do_extensions();
+
/* run any shell commands specified in config.xml */
system_do_shell_commands();
echo <<<EOD
+Do you want to set up VLANs first?
+If you're not going to use VLANs, or only for optional interfaces, you
+should say no here and use the webGUI to configure VLANs later, if required.
+
+Do you want to set up VLANs now? (y/n)
+EOD;
+
+ if (strcasecmp(chop(fgets($fp)), "y") == 0)
+ vlan_setup();
+
+ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
+
+ echo "\n\nVLAN interfaces:\n\n";
+ $i = 0;
+ foreach ($config['vlans']['vlan'] as $vlan) {
+
+ echo sprintf("% -8s%s\n", "vlan{$i}",
+ "VLAN tag {$vlan['tag']}, interface {$vlan['if']}");
+
+ $iflist['vlan' . $i] = array();
+ $i++;
+ }
+ }
+
+ echo <<<EOD
+
If you don't know the names of your interfaces, you may choose to use
auto-detection. In that case, disconnect all interfaces before you begin,
and reconnect each one when prompted to do so.
return null;
}
+
+ function vlan_setup() {
+ global $iflist, $config, $g, $fp;
+
+ if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
+
+ echo <<<EOD
+
+WARNING: all existing VLANs will be cleared if you proceed!
+
+Do you want to proceed? (y/n)
+EOD;
+
+ if (strcasecmp(chop(fgets($fp)), "y") != 0)
+ return;
+ }
+
+ $config['vlans']['vlan'] = array();
+ echo "\n";
+
+ while (1) {
+ $vlan = array();
+
+ echo "\nEnter the parent interface name for the new VLAN (or nothing if finished): ";
+ $vlan['if'] = chop(fgets($fp));
+
+ if ($vlan['if']) {
+ if (!array_key_exists($vlan['if'], $iflist)) {
+ echo "\nInvalid interface name '{$vlan['if']}'\n";
+ continue;
+ }
+ } else {
+ break;
+ }
+
+ echo "Enter the VLAN tag (1-4094): ";
+ $vlan['tag'] = chop(fgets($fp));
+
+ if (!is_numericint($vlan['tag']) || ($vlan['tag'] < 1) || ($vlan['tag'] > 4094)) {
+ echo "\nInvalid VLAN tag '{$vlan['tag']}'\n";
+ continue;
+ }
+
+ $config['vlans']['vlan'][] = $vlan;
+ }
+ }
?>
/* reconfigure IPsec tunnels */
vpn_ipsec_configure(true);
- /* regenerate resolv.conf if DNS overrides are allowed */
- if (isset($config['system']['dnsallowoverride']))
+ /* regenerate resolv.conf if DNS overrides are allowed or the BigPond
+ client is enabled */
+ if (isset($config['system']['dnsallowoverride']) ||
+ ($config['interfaces']['wan']['ipaddr'] == "bigpond"))
system_resolvconf_generate(true);
+
+ /* fire up the BigPond client, if necessary */
+ if ($config['interfaces']['wan']['ipaddr'] == "bigpond")
+ interfaces_wan_bigpond_configure();
?>
--- /dev/null
+#!/usr/local/bin/php -f
+<?php
+/*
+ rc.prunecaptiveportal
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+ /* parse the configuration and include all functions used below */
+ require_once("config.inc");
+ require_once("functions.inc");
+
+ captiveportal_prune_old();
+?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: Backup/restore</p>
- <?php if ($input_errors) print_input_errors($input_errors); ?>
- <?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
<form action="diag_backup.php" method="post" enctype="multipart/form-data">
+ <?php if ($input_errors) print_input_errors($input_errors); ?>
+ <?php if ($savemsg) print_info_box($savemsg); ?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" class="listtopic">Backup configuration</td>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: Factory defaults</p>
-<?php if ($rebootmsg): echo print_info_box(htmlspecialchars($rebootmsg)); else: ?>
- <form action="diag_defaults.php" method="post">
+<?php if ($rebootmsg): echo print_info_box($rebootmsg); else: ?>
+<form action="diag_defaults.php" method="post">
<p><strong>If you click "Yes", the firewall will be reset
to factory defaults and will reboot immediately. The entire system
configuration will be overwritten. The LAN IP address will be
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: IPsec</p>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">SAD</li>
+ <li class="tabinact"><a href="diag_ipsec_spd.php">SPD</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabact">SAD</td>
- <td nowrap class="tabinact"><a href="diag_ipsec_spd.php" class="tblnk">SPD</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="3" class="tabcont">
+ <td class="tabcont">
<?php
/* delete any SA? */
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: IPsec</p>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="diag_ipsec_sad.php">SAD</a></li>
+ <li class="tabact">SPD</li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="diag_ipsec_sad.php" class="tblnk">SAD</a></td>
- <td nowrap class="tabact">SPD</td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="3" class="tabcont">
+ <td class="tabcont">
<?php
/* delete any SP? */
$cursp['src'] = substr($linea[0], 0, strpos($linea[0], "["));
$cursp['dst'] = substr($linea[1], 0, strpos($linea[1], "["));
$i = 0;
- } else {
+ } else if (is_array($cursp)) {
$linea = explode(" ", trim($line));
if ($i == 1) {
- $cursp['dir'] = $linea[0];
+ if ($linea[1] == "none") /* don't show default anti-lockout rule */
+ unset($cursp);
+ else
+ $cursp['dir'] = $linea[0];
} else if ($i == 2) {
$upperspec = explode("/", $linea[0]);
$cursp['proto'] = $upperspec[0];
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: System logs</p>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">System</li>
+ <li class="tabinact"><a href="diag_logs_filter.php">Firewall</a></li>
+ <li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
+ <li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabact">System</td>
- <td nowrap class="tabinact"><a href="diag_logs_filter.php" class="tblnk">Firewall</a></td>
- <td nowrap class="tabinact"><a href="diag_logs_dhcp.php" class="tblnk">DHCP</a></td>
- <td nowrap class="tabinact"><a href="diag_logs_settings.php" class="tblnk">Settings</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="5" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" class="listtopic">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: System logs</p>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="diag_logs.php">System</a></li>
+ <li class="tabinact"><a href="diag_logs_filter.php">Firewall</a></li>
+ <li class="tabact">DHCP</li>
+ <li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="diag_logs.php" class="tblnk">System</a></td>
- <td nowrap class="tabinact"><a href="diag_logs_filter.php" class="tblnk">Firewall</a></td>
- <td nowrap class="tabact">DHCP</td>
- <td nowrap class="tabinact"><a href="diag_logs_settings.php" class="tblnk">Settings</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="5" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" class="listtopic">
}
}
+function conv_clog($logfile, $tail) {
+ global $g, $config;
+
+ /* make interface/port table */
+ $iftable = array();
+ $iftable[$config['interfaces']['lan']['if']] = "LAN";
+ $iftable[get_real_wan_interface()] = "WAN";
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $iftable[$config['interfaces']['opt' . $i]['if']] = $config['interfaces']['opt' . $i]['descr'];
+
+ $sor = isset($config['syslog']['reverse']) ? "-r" : "";
+
+ exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
+
+ $filterlog = array();
+
+ foreach ($logarr as $logent) {
+ $logent = preg_split("/\s+/", $logent, 6);
+ $ipfa = explode(" ", $logent[5]);
+
+ $flent = array();
+ $i = 0;
+ $flent['time'] = $ipfa[$i];
+ $i++;
+ if (substr($ipfa[$i], -1) == "x") {
+ $flent['count'] = substr($ipfa[$i], 0, -1);
+ $i++;
+ }
+ if ($iftable[$ipfa[$i]])
+ $flent['interface'] = $iftable[$ipfa[$i]];
+ else
+ $flent['interface'] = $ipfa[$i];
+ $i += 2;
+ $flent['act'] = $ipfa[$i];
+ $i++;
+ $flent['src'] = format_ipf_ip($ipfa[$i]);
+ $i += 2;
+ $flent['dst'] = format_ipf_ip($ipfa[$i]);
+ $i += 2;
+ $flent['proto'] = strtoupper($ipfa[$i]);
+
+ $filterlog[] = $flent;
+ }
+
+ return $filterlog;
+}
+
+function format_ipf_ip($ipfip) {
+ list($ip,$port) = explode(",", $ipfip);
+ if (!$port)
+ return $ip;
+
+ return $ip . ", port " . $port;
+}
+
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: System logs</p>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td nowrap class="tabinact"><a href="diag_logs.php" class="tblnk">System</a></td>
- <td nowrap class="tabact">Firewall</td>
- <td nowrap class="tabinact"><a href="diag_logs_dhcp.php" class="tblnk">DHCP</td>
- <td nowrap class="tabinact"><a href="diag_logs_settings.php" class="tblnk">Settings</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="5" class="tabcont">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="diag_logs.php">System</a></li>
+ <li class="tabact">Firewall</li>
+ <li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
+ <li class="tabinact"><a href="diag_logs_settings.php">Settings</a></li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+<?php if (!isset($config['syslog']['rawfilter'])):
+ $filterlog = conv_clog("/var/log/filter.log", $nentries);
+?>
+ <table width="100%" border="0" cellpadding="0" cellspacing="0"><tr>
+ <td colspan="6" class="listtopic">
+ Last <?=$nentries;?> firewall log entries</td>
+ </tr>
+ <tr>
+ <td width="10%" class="listhdrr">Act</td>
+ <td width="20%" class="listhdrr">Time</td>
+ <td width="10%" class="listhdrr">If</td>
+ <td width="20%" class="listhdrr">Source</td>
+ <td width="20%" class="listhdrr">Destination</td>
+ <td width="10%" class="listhdrr">Proto</td>
+ </tr><?php foreach ($filterlog as $filterent): ?>
+ <tr>
+ <td class="listlr" nowrap>
+ <?php if (strstr(strtolower($filterent['act']), "p"))
+ $img = "pass.gif";
+ else
+ $img = "block.gif";
+ ?>
+ <img src="<?=$img;?>" width="11" height="11" align="absmiddle">
+ <?php if ($filterent['count']) echo $filterent['count'];?></td>
+ <td class="listr" nowrap><?=htmlspecialchars($filterent['time']);?></td>
+ <td class="listr" nowrap><?=htmlspecialchars($filterent['interface']);?></td>
+ <td class="listr" nowrap><?=htmlspecialchars($filterent['src']);?></td>
+ <td class="listr" nowrap><?=htmlspecialchars($filterent['dst']);?></td>
+ <td class="listr" nowrap><?=htmlspecialchars($filterent['proto']);?></td>
+ </tr><?php endforeach; ?>
+ </table>
+<?php else: ?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2" class="listtopic">
</tr>
<?php dump_clog("/var/log/filter.log", $nentries, false); ?>
</table>
+<?php endif; ?>
<br><form action="diag_logs_filter.php" method="post">
<input name="clear" type="submit" class="formbtn" value="Clear log">
</form>
$pconfig['system'] = isset($config['syslog']['system']);
$pconfig['enable'] = isset($config['syslog']['enable']);
$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']);
+$pconfig['rawfilter'] = isset($config['syslog']['rawfilter']);
if (!$pconfig['nentries'])
$pconfig['nentries'] = 50;
$config['syslog']['enable'] = $_POST['enable'] ? true : false;
$oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']);
$config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true;
+ $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false;
write_config();
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: System logs</p>
-<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
<form action="diag_logs_settings.php" method="post" name="iform" id="iform">
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="diag_logs.php">System</a></li>
+ <li class="tabinact"><a href="diag_logs_filter.php">Firewall</a></li>
+ <li class="tabinact"><a href="diag_logs_dhcp.php">DHCP</a></li>
+ <li class="tabact">Settings</li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="diag_logs.php" class="tblnk">System</a></td>
- <td nowrap class="tabinact"><a href="diag_logs_filter.php" class="tblnk">Firewall</a></td>
- <td nowrap class="tabinact"><a href="diag_logs_dhcp.php" class="tblnk">DHCP</a></td>
- <td nowrap class="tabact">Settings</td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="5" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vtable"> </td>
implicit default block rule will not be logged anymore
if you uncheck this option. Per-rule logging options are not affected.</td>
</tr>
+ <tr>
+ <td valign="top" class="vtable"> </td>
+ <td class="vtable"> <input name="rawfilter" type="checkbox" id="rawfilter" value="yes" <?php if ($pconfig['rawfilter']) echo "checked"; ?>>
+ <strong>Show raw filter logs</strong><br>
+ Hint: If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information. </td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vtable"> </td>
<td width="78%" class="vtable"> <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Diagnostics: Reset state</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="diag_resetstate.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<?php
if (!isBlank($_POST['txtCommand'])) {
- puts( "<pre>" );
- puts( "\$ " . htmlspecialchars($_POST['txtCommand']) );
+ puts("<pre>");
+ puts("\$ " . htmlspecialchars($_POST['txtCommand']));
putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin");
- $ph = popen( $_POST['txtCommand'], "r" );
- while ($line = fgets( $ph )) echo htmlspecialchars( $line );
- pclose( $ph );
- puts( "</pre>" );
+ putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); /* PHP scripts */
+ $ph = popen($_POST['txtCommand'], "r" );
+ while ($line = fgets($ph)) echo htmlspecialchars($line);
+ pclose($ph);
+ puts("</pre>");
}
?>
if (document.images) {
tri_open = new Image(14,10);
tri_closed = new Image(14,10);
- tri_open.src = "tri_o.gif";
- tri_closed.src = "tri_c.gif";
+ tri_open.src = "/tri_o.gif";
+ tri_closed.src = "/tri_c.gif";
}
}
triel = document.getElementById(tri);
if (tspanel.style.display == 'none') {
tspanel.style.display = '';
- triel.src = "tri_o.gif";
+ triel.src = "/tri_o.gif";
} else {
tspanel.style.display = 'none';
- triel.src = "tri_c.gif";
+ triel.src = "/tri_c.gif";
}
}
-->
</script>
<table width="750" border="0" cellspacing="0" cellpadding="2">
<tr valign="bottom">
- <td width="150" height="65" align="center" valign="middle"> <strong><a href="http://m0n0.ch/wall" target="_blank"><img src="logo.gif" width="150" height="47" border="0"></a></strong></td>
- <td height="65" bgcolor="#435370"><span class="tfrtitle"> webGUI
+ <td width="150" height="65" align="center" valign="middle"> <strong><a href="http://m0n0.ch/wall" target="_blank"><img src="/logo.gif" width="150" height="47" border="0"></a></strong></td>
+ <td height="65" bgcolor="#435370">
+ <table border="0" cellspacing="0" cellpadding="0" width="100%">
+ <tr><td align="left" valign="bottom"><span class="tfrtitle"> webGUI
Configuration</span></td>
+ <td align="right" valign="bottom">
+ <span class="hostname"><?=$config['system']['hostname'] . "." . $config['system']['domain'];?> </span>
+ </td></tr></table>
+ </td>
</tr>
<tr valign="top">
<td width="150" bgcolor="#9D9D9D">
<tr>
<td><span class="navlnk"><font color="#FFFFFF"> <strong>System</strong>
<br>
- <a href="system.php" class="navlnk">General
+ <a href="/system.php" class="navlnk">General
setup</a><br>
- <a href="system_routes.php" class="navlnk">Static
+ <a href="/system_routes.php" class="navlnk">Static
routes</a><br>
- <a href="system_firmware.php" class="navlnk">Firmware</a><br>
- <a href="system_advanced.php" class="navlnk">Advanced</a><br>
+ <a href="/system_firmware.php" class="navlnk">Firmware</a><br>
+ <a href="/system_advanced.php" class="navlnk">Advanced</a><br>
<strong>Interfaces</strong>
<?php if (!isset($config['system']['webgui']['noassigninterfaces'])): ?>
- <a href="interfaces_assign.php" class="navlnks">(assign)</a>
+ <a href="/interfaces_assign.php" class="navlnks">(assign)</a>
<?php endif; ?>
<br>
- <a href="interfaces_lan.php" class="navlnk">LAN</a><br>
- <a href="interfaces_wan.php" class="navlnk">WAN</a><br>
+ <a href="/interfaces_lan.php" class="navlnk">LAN</a><br>
+ <a href="/interfaces_wan.php" class="navlnk">WAN</a><br>
<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
- <a href="interfaces_opt.php?index=<?=$i;?>" class="navlnk"><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?></a><br>
+ <a href="/interfaces_opt.php?index=<?=$i;?>" class="navlnk"><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?></a><br>
<?php endfor; ?>
<strong>Firewall</strong><br>
- <a href="firewall_rules.php" class="navlnk">Rules</a><br>
- <a href="firewall_nat.php" class="navlnk">NAT</a><br>
- <a href="firewall_shaper.php" class="navlnk">Traffic
+ <a href="/firewall_rules.php" class="navlnk">Rules</a><br>
+ <a href="/firewall_nat.php" class="navlnk">NAT</a><br>
+ <a href="/firewall_shaper.php" class="navlnk">Traffic
shaper</a> <br>
- <a href="firewall_aliases.php" class="navlnk">Aliases</a><br>
+ <a href="/firewall_aliases.php" class="navlnk">Aliases</a><br>
<strong>Services</strong><br>
- <a href="services_dnsmasq.php" class="navlnk">DNS forwarder</a><br>
- <a href="services_dyndns.php" class="navlnk">Dynamic
+ <a href="/services_dnsmasq.php" class="navlnk">DNS forwarder</a><br>
+ <a href="/services_dyndns.php" class="navlnk">Dynamic
DNS</a><br>
- <a href="services_dhcp.php" class="navlnk">DHCP</a><br>
- <a href="services_snmp.php" class="navlnk">SNMP</a><br>
- <a href="services_proxyarp.php" class="navlnk">Proxy ARP</a><br>
+ <a href="/services_dhcp.php" class="navlnk">DHCP</a><br>
+ <a href="/services_snmp.php" class="navlnk">SNMP</a><br>
+ <a href="/services_proxyarp.php" class="navlnk">Proxy ARP</a><br>
+ <a href="/services_captiveportal.php" class="navlnk">Captive portal</a><br>
+ <a href="/services_wol.php" class="navlnk">Wake on LAN</a><br>
<strong>VPN</strong><br>
- <a href="vpn_ipsec.php" class="navlnk">IPsec</a><br>
- <a href="vpn_pptp.php" class="navlnk">PPTP</a><br>
- <a href="vpn_pptp_users.php" class="navlnk">Users</a><br>
+ <a href="/vpn_ipsec.php" class="navlnk">IPsec</a><br>
+ <a href="/vpn_pptp.php" class="navlnk">PPTP</a><br>
<strong>Status</strong><br>
- <a href="index.php" class="navlnk">System</a><br>
- <a href="status_interfaces.php" class="navlnk">Interfaces</a><br>
- <a href="status_wireless.php" class="navlnk">Wireless</a><br>
+ <a href="/index.php" class="navlnk">System</a><br>
+ <a href="/status_interfaces.php" class="navlnk">Interfaces</a><br>
+ <a href="/status_graph.php" class="navlnk">Traffic graph</a><br>
+ <a href="/status_wireless.php" class="navlnk">Wireless</a><br>
+ <?php if (isset($config['captiveportal']['enable'])): ?>
+ <a href="/status_captiveportal.php" class="navlnk">Captive portal</a><br>
+ <?php endif; ?>
+<?php
+/* extensions section */
+if (is_dir("{$g['www_path']}/ext")):
+?>
+ <strong>Extensions</strong><br>
+<?php
+$dh = @opendir("{$g['www_path']}/ext");
+if ($dh) {
+ while (($extd = readdir($dh)) !== false) {
+ if (($extd === ".") || ($extd === ".."))
+ continue;
+ @include("{$g['www_path']}/ext/" . $extd . "/menu.inc");
+ }
+ closedir($dh);
+}
+endif;
+?>
<?php if (strstr($_SERVER['SCRIPT_FILENAME'], "diag_") || strstr($_SERVER['SCRIPT_FILENAME'], "reboot")): ?>
- <a href="javascript:showhide('diag','tri_diag')"><img src="tri_o.gif" id="tri_diag" width="14" height="10" border="0"></a><strong><a href="javascript:showhide('diag','tri_diag')" class="navlnk">Diagnostics</a></strong><br>
+ <a href="javascript:showhide('diag','tri_diag')"><img src="
/tri_o.gif" id="tri_diag" width="14" height="10" border="0"></a><strong><a href="javascript:showhide('diag','tri_diag')" class="navlnk">Diagnostics</a></strong><br>
<span id="diag">
<?php else: ?>
- <a href="javascript:showhide('diag','tri_diag')"><img src="tri_c.gif" id="tri_diag" width="14" height="10" border="0"></a><strong><a href="javascript:showhide('diag','tri_diag')" class="navlnk">Diagnostics</a></strong><br>
+ <a href="javascript:showhide('diag','tri_diag')"><img src="
/tri_c.gif" id="tri_diag" width="14" height="10" border="0"></a><strong><a href="javascript:showhide('diag','tri_diag')" class="navlnk">Diagnostics</a></strong><br>
<span id="diag" style="display: none">
<?php endif; ?>
- <a href="diag_logs.php" class="navlnk">System
+ <a href="/diag_logs.php" class="navlnk">System
logs</a><br>
- <a href="diag_dhcp_leases.php" class="navlnk">DHCP leases</a><br>
- <a href="diag_ipsec_sad.php" class="navlnk">IPsec</a><br>
- <a href="diag_ping.php" class="navlnk">Ping</a><br>
- <a href="diag_resetstate.php" class="navlnk">Reset
+ <a href="/diag_dhcp_leases.php" class="navlnk">DHCP leases</a><br>
+ <a href="/diag_ipsec_sad.php" class="navlnk">IPsec</a><br>
+ <a href="/diag_ping.php" class="navlnk">Ping</a><br>
+ <a href="/diag_resetstate.php" class="navlnk">Reset
state</a><br>
- <a href="diag_backup.php" class="navlnk">Backup/Restore</a><br>
- <a href="diag_defaults.php" class="navlnk">Factory
+ <a href="/diag_backup.php" class="navlnk">Backup/Restore</a><br>
+ <a href="/diag_defaults.php" class="navlnk">Factory
defaults </a><br>
- <a href="reboot.php" class="navlnk">Reboot
+ <a href="/reboot.php" class="navlnk">Reboot
system</a>
</span>
</font></span>
</td>
</tr></table></td>
<td width="600"><table width="100%" border="0" cellpadding="10" cellspacing="0">
- <tr><td>
\ No newline at end of file
+ <tr><td>
</tr>
<tr align="center" valign="top" bgcolor="#435370">
<td colspan="2" class="cpline">m0n0wall is © 2002-2004 by Manuel Kasper.
- All rights reserved. [<a href="license.php" class="tblnk">view license</a>]</td>
+ All rights reserved. [<a href="/license.php" class="tblnk">view license</a>]</td>
</tr>
</table>
\ No newline at end of file
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: Aliases</p>
<form action="firewall_aliases.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_aliasesdirty_path)): ?><p>
<?php print_info_box_np("The alias list has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: Aliases: Edit alias</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="firewall_aliases_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: NAT</font></p>
<form action="firewall_nat.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_natconfdirty_path)): ?><p>
<?php print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">Inbound</li>
+ <li class="tabinact"><a href="firewall_nat_server.php">Server NAT</a></li>
+ <li class="tabinact"><a href="firewall_nat_1to1.php">1:1</a></li>
+ <li class="tabinact"><a href="firewall_nat_out.php">Outbound</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabact">Inbound</td>
- <td nowrap class="tabinact"><a href="firewall_nat_server.php" class="tblnk">Server NAT</a></td>
- <td nowrap class="tabinact"><a href="firewall_nat_1to1.php" class="tblnk">1:1</a></td>
- <td nowrap class="tabinact"><a href="firewall_nat_out.php" class="tblnk">Outbound</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="5" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
+ <td width="5%" class="listhdrr">If</td>
<td width="5%" class="listhdrr">Proto</td>
<td width="20%" class="listhdrr">Ext. port range</td>
- <td width="20%" class="listhdrr">NAT IP<br>(ext. IP)</td>
+ <td width="20%" class="listhdrr">NAT IP</td>
<td width="20%" class="listhdrr">Int. port range</td>
- <td width="25%" class="listhdr">Description</td>
- <td width="10%" class="list"></td>
+ <td width="20%" class="listhdr">Description</td>
+ <td width="5%" class="list"></td>
</tr>
<?php $i = 0; foreach ($a_nat as $natent): ?>
<tr valign="top">
- <td class="listlr">
+ <td class="listlr">
+ <?php
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ echo "WAN";
+ else
+ echo htmlspecialchars($config['interfaces'][$natent['interface']]['descr']);
+ ?>
+ </td>
+ <td class="listr">
<?=strtoupper($natent['protocol']);?>
</td>
<td class="listr">
<td class="listr">
<?=$natent['target'];?>
<?php if ($natent['external-address'])
- echo "<br>(" . $natent['external-address'] . ")";
+ echo "<br>(ext.: " . $natent['external-address'] . ")";
?>
</td>
<td class="listr">
</tr>
<?php $i++; endforeach; ?>
<tr>
- <td class="list" colspan="5"></td>
+ <td class="list" colspan="6"></td>
<td class="list"> <a href="firewall_nat_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: NAT</p>
<form action="firewall_nat_1to1.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_natconfdirty_path)): ?><p>
<?php print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="firewall_nat.php">Inbound</a></li>
+ <li class="tabinact"><a href="firewall_nat_server.php">Server NAT</a></li>
+ <li class="tabact">1:1</li>
+ <li class="tabinact"><a href="firewall_nat_out.php">Outbound</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="firewall_nat.php" class="tblnk">Inbound</a></td>
- <td nowrap class="tabinact"><a href="firewall_nat_server.php" class="tblnk">Server NAT</a></td>
- <td nowrap class="tabact">1:1</td>
- <td nowrap class="tabinact"><a href="firewall_nat_out.php" class="tblnk">Outbound</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="5" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
+ <td width="10%" class="listhdrr">Interface</td>
<td width="20%" class="listhdrr">External IP</td>
<td width="20%" class="listhdrr">Internal IP</td>
- <td width="50%" class="listhdr">Description</td>
+ <td width="40%" class="listhdr">Description</td>
<td width="10%" class="list"></td>
</tr>
<?php $i = 0; foreach ($a_1to1 as $natent): ?>
<tr>
- <td class="listlr">
+ <td class="listlr">
+ <?php
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ echo "WAN";
+ else
+ echo htmlspecialchars($config['interfaces'][$natent['interface']]['descr']);
+ ?>
+ </td>
+ <td class="listr">
<?php echo $natent['external'];
if ($natent['subnet']) echo "/" . $natent['subnet']; ?>
</td>
</tr>
<?php $i++; endforeach; ?>
<tr>
- <td class="list" colspan="3"></td>
+ <td class="list" colspan="4"></td>
<td class="list"> <a href="firewall_nat_1to1_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
if (isset($id) && $a_1to1[$id]) {
$pconfig['external'] = $a_1to1[$id]['external'];
$pconfig['internal'] = $a_1to1[$id]['internal'];
+ $pconfig['interface'] = $a_1to1[$id]['interface'];
+ if (!$pconfig['interface'])
+ $pconfig['interface'] = "wan";
if (!$a_1to1[$id]['subnet'])
$pconfig['subnet'] = 32;
else
$pconfig['descr'] = $a_1to1[$id]['descr'];
} else {
$pconfig['subnet'] = 32;
+ $pconfig['interface'] = "wan";
}
if ($_POST) {
$pconfig = $_POST;
/* input validation */
- $reqdfields = explode(" ", "external internal");
- $reqdfieldsn = explode(",", "External subnet,Internal subnet");
+ $reqdfields = explode(" ", "interface external internal");
+ $reqdfieldsn = explode(",", "Interface,External subnet,Internal subnet");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
$natent['internal'] = $_POST['internal'];
$natent['subnet'] = $_POST['subnet'];
$natent['descr'] = $_POST['descr'];
+ $natent['interface'] = $_POST['interface'];
if (isset($id) && $a_1to1[$id])
$a_1to1[$id] = $natent;
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: NAT: Edit 1:1</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="firewall_nat_1to1_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld">
+ <?php
+ $interfaces = array('wan' => 'WAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">External subnet</td>
<td width="78%" class="vtable">
$pconfig['localip'] = $a_nat[$id]['target'];
$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
$pconfig['descr'] = $a_nat[$id]['descr'];
+ $pconfig['interface'] = $a_nat[$id]['interface'];
+ if (!$pconfig['interface'])
+ $pconfig['interface'] = "wan";
+} else {
+ $pconfig['interface'] = "wan";
}
if ($_POST) {
$pconfig = $_POST;
/* input validation */
- $reqdfields = explode(" ", "proto beginport localip localbeginport");
- $reqdfieldsn = explode(",", "Protocol,Start port,NAT IP,Local port");
+ $reqdfields = explode(" ", "interface proto beginport localip localbeginport");
+ $reqdfieldsn = explode(",", "Interface,Protocol,Start port,NAT IP,Local port");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
$_POST['beginport'] = $tmp;
}
+ if (!$input_errors) {
+ if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535)
+ $input_errors[] = "The target port range must lie between 1 and 65535.";
+ }
+
/* check for overlaps */
foreach ($a_nat as $natent) {
if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
continue;
+ if ($natent['interface'] != $_POST['interface'])
+ continue;
if ($natent['external-address'] != $_POST['extaddr'])
continue;
$natent['target'] = $_POST['localip'];
$natent['local-port'] = $_POST['localbeginport'];
+ $natent['interface'] = $_POST['interface'];
$natent['descr'] = $_POST['descr'];
if (isset($id) && $a_nat[$id])
if ($_POST['autoadd']) {
/* auto-generate a matching firewall rule */
$filterent = array();
- $filterent['interface'] = "wan";
+ $filterent['interface'] = $_POST['interface'];
$filterent['protocol'] = $_POST['proto'];
$filterent['source']['any'] = "";
$filterent['destination']['address'] = $_POST['localip'];
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: NAT: Edit</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld">
+ <?php
+ $interfaces = array('wan' => 'WAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">External address</td>
<td width="78%" class="vtable">
<select name="extaddr" class="formfld">
- <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>WAN</option>
+ <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option>
<?php
if (is_array($config['nat']['servernat'])):
foreach ($config['nat']['servernat'] as $sn): ?>
<option value="<?=$sn['ipaddr'];?>" <?php if ($sn['ipaddr'] == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$sn['ipaddr']} ({$sn['descr']})");?></option>
<?php endforeach; endif; ?>
- </select><br><span class="vexpl">
- If you want this rule to apply to another IP address than m0n0wall's WAN IP address,
+ </select><br>
+ <span class="vexpl">
+ If you want this rule to apply to another IP address than the IP address of the interface chosen above,
select it here (you need to define IP addresses on the
<a href="firewall_nat_server.php">Server NAT</a> page first).</span></td>
</tr>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: NAT</p>
<form action="firewall_nat_out.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_natconfdirty_path)): ?><p>
<?php print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="firewall_nat.php">Inbound</a></li>
+ <li class="tabinact"><a href="firewall_nat_server.php">Server NAT</a></li>
+ <li class="tabinact"><a href="firewall_nat_1to1.php">1:1</a></li>
+ <li class="tabact">Outbound</li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="firewall_nat.php" class="tblnk">Inbound</a></td>
- <td nowrap class="tabinact"><a href="firewall_nat_server.php" class="tblnk">Server NAT</a></td>
- <td nowrap class="tabinact"><a href="firewall_nat_1to1.php" class="tblnk">1:1</a></td>
- <td nowrap class="tabact">Outbound</td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="5" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td class="vtable"><p>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
+ <td width="10%" class="listhdrr">Interface</td>
<td width="20%" class="listhdrr">Source</td>
<td width="20%" class="listhdrr">Destination</td>
<td width="20%" class="listhdrr">Target</td>
- <td width="30%" class="listhdr">Description</td>
- <td width="10%" class="list"></td>
+ <td width="25%" class="listhdr">Description</td>
+ <td width="5%" class="list"></td>
</tr>
<?php $i = 0; foreach ($a_out as $natent): ?>
<tr>
- <td class="listlr">
+ <td class="listlr">
+ <?php
+ if (!$natent['interface'] || ($natent['interface'] == "wan"))
+ echo "WAN";
+ else
+ echo htmlspecialchars($config['interfaces'][$natent['interface']]['descr']);
+ ?>
+ </td>
+ <td class="listr">
<?=$natent['source']['network'];?>
</td>
<td class="listr">
</tr>
<?php $i++; endforeach; ?>
<tr>
- <td class="list" colspan="4"></td>
+ <td class="list" colspan="5"></td>
<td class="list"> <a href="firewall_nat_out_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
network_to_pconfig($a_out[$id]['destination'], $pconfig['destination'],
$pconfig['destination_subnet'], $pconfig['destination_not']);
$pconfig['target'] = $a_out[$id]['target'];
+ $pconfig['interface'] = $a_out[$id]['interface'];
+ if (!$pconfig['interface'])
+ $pconfig['interface'] = "wan";
$pconfig['descr'] = $a_out[$id]['descr'];
} else {
$pconfig['source_subnet'] = 24;
$pconfig['destination'] = "any";
$pconfig['destination_subnet'] = 24;
+ $pconfig['interface'] = "wan";
}
if ($_POST) {
$pconfig = $_POST;
/* input validation */
- $reqdfields = explode(" ", "source source_subnet destination destination_subnet");
- $reqdfieldsn = explode(",", "Source,Source bit count,Destination,Destination bit count");
+ $reqdfields = explode(" ", "interface source source_subnet destination destination_subnet");
+ $reqdfieldsn = explode(",", "Interface,Source,Source bit count,Destination,Destination bit count");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if (isset($id) && ($a_out[$id]) && ($a_out[$id] === $natent))
continue;
- if ($natent['source']['network'] == $osn) {
- if (isset($natent['destination']['not']) == isset($_POST['destination_not'])) {
- if ((isset($natent['destination']['any']) && ($ext == "any")) ||
- ($natent['destination']['network'] == $ext)) {
- $input_errors[] = "There is already an outbound NAT rule with the specified settings.";
- break;
- }
- }
- }
+ if (!$natent['interface'])
+ $natent['interface'] == "wan";
+
+ if (($natent['interface'] == $_POST['interface']) && ($natent['source']['network'] == $osn)) {
+ if (isset($natent['destination']['not']) == isset($_POST['destination_not'])) {
+ if ((isset($natent['destination']['any']) && ($ext == "any")) ||
+ ($natent['destination']['network'] == $ext)) {
+ $input_errors[] = "There is already an outbound NAT rule with the specified settings.";
+ break;
+ }
+ }
+ }
}
if (!$input_errors) {
$natent['source']['network'] = $osn;
$natent['descr'] = $_POST['descr'];
$natent['target'] = $_POST['target'];
+ $natent['interface'] = $_POST['interface'];
if ($ext == "any")
$natent['destination']['any'] = true;
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: NAT: Edit outbound mapping</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="firewall_nat_out_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formfld">
+ <?php
+ $interfaces = array('wan' => 'WAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select><br>
+ <span class="vexpl">Choose which interface this rule applies to.<br>
+ Hint: in most cases, you'll want to use WAN here.</span></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Source</td>
<td width="78%" class="vtable">
<td class="vtable">
<input name="target" type="text" class="formfld" id="target" size="20" value="<?=htmlspecialchars($pconfig['target']);?>">
<br>
- <span class="vexpl">Packets matching this rule will be mapped to the IP address given here. Leave blank to use the WAN interface's IP address.</span></td>
+ <span class="vexpl">Packets matching this rule will be mapped to the IP address given here. Leave blank to use the selected interface's IP address.</span></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
<p class="pgtitle">Firewall: NAT</p>
<form action="firewall_nat_server.php" method="post">
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_natconfdirty_path)): ?><p>
<?php print_info_box_np("The NAT configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="firewall_nat.php">Inbound</a></li>
+ <li class="tabact">Server NAT</li>
+ <li class="tabinact"><a href="firewall_nat_1to1.php">1:1</a></li>
+ <li class="tabinact"><a href="firewall_nat_out.php">Outbound</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="firewall_nat.php" class="tblnk">Inbound</a></td>
- <td nowrap class="tabact">Server NAT</td>
- <td nowrap class="tabinact"><a href="firewall_nat_1to1.php" class="tblnk">1:1</a></td>
- <td nowrap class="tabinact"><a href="firewall_nat_out.php" class="tblnk">Outbound</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="5" class="tabcont">
+ <td class="tabcont">
<table width="80%" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td width="40%" class="listhdrr">External IP</td>
+ <td width="40%" class="listhdrr">External IP address</td>
<td width="50%" class="listhdr">Description</td>
<td width="10%" class="list"></td>
</tr>
$natent['ipaddr'] = $_POST['ipaddr'];
$natent['descr'] = $_POST['descr'];
- if (isset($id) && $a_snat[$id])
+ if (isset($id) && $a_snat[$id]) {
+ /* modify all inbound NAT rules with this address */
+ for ($i = 0; isset($config['nat']['rule'][$i]); $i++) {
+ if ($config['nat']['rule'][$i]['external-address'] == $a_snat[$id]['ipaddr'])
+ $config['nat']['rule'][$i]['external-address'] = $natent['ipaddr'];
+ }
$a_snat[$id] = $natent;
- else
+ } else
$a_snat[] = $natent;
touch($d_natconfdirty_path);
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: NAT: Edit Server NAT</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="firewall_nat_server_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td width="22%" valign="top" class="vncellreq">External IP</td>
+ <td width="22%" valign="top" class="vncellreq">External IP address</td>
<td width="78%" class="vtable">
<input name="ipaddr" type="text" class="formfld" id="ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipaddr']);?>">
header("Location: firewall_rules.php");
exit;
}
+} else if ($_GET['act'] == "toggle") {
+ if ($a_filter[$_GET['id']]) {
+ $a_filter[$_GET['id']]['disabled'] = !isset($a_filter[$_GET['id']]['disabled']);
+ write_config();
+ touch($d_filterconfdirty_path);
+ header("Location: firewall_rules.php");
+ exit;
+ }
}
?>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: Rules</p>
<form action="firewall_rules.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_filterconfdirty_path)): ?><p>
<?php print_info_box_np("The firewall rule configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
$iconfn = "block";
} else
$iconfn = "pass";
- if (isset($filterent['disabled']))
+ if (isset($filterent['disabled'])) {
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
$iconfn .= "_d";
+ } else {
+ $textss = $textse = "";
+ }
?>
- <img src="<?=$iconfn;?>.gif" width="11" height="11">
+ <a href="?act=toggle&id=<?=$i;?>"><img src="<?=$iconfn;?>.gif" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
<?php if (isset($filterent['log'])):
$iconfn = "log_s";
if (isset($filterent['disabled']))
$iconfn .= "_d";
?>
- <br><img src="<?=$iconfn;?>.gif" width="11" height="15">
+ <br><a href="?act=toggle&id=<?=$i;?>"><img src="<?=$iconfn;?>.gif" width="11" height="15" border="0" title="click to toggle enabled/disabled status"></a>
<?php endif; ?>
</td>
<td class="listlr">
- <?php if (isset($filterent['protocol'])) echo strtoupper($filterent['protocol']); else echo "*"; ?>
+ <?=$textss;?><?php if (isset($filterent['protocol'])) echo strtoupper($filterent['protocol']); else echo "*"; ?><?=$textse;?>
</td>
<td class="listr">
- <?php echo htmlspecialchars(pprint_address($filterent['source'])); ?>
+ <?=$textss;?><?php echo htmlspecialchars(pprint_address($filterent['source'])); ?><?=$textse;?>
</td>
<td class="listr">
- <?php echo htmlspecialchars(pprint_port($filterent['source']['port'])); ?>
+ <?=$textss;?><?php echo htmlspecialchars(pprint_port($filterent['source']['port'])); ?><?=$textse;?>
</td>
<td class="listr">
- <?php echo htmlspecialchars(pprint_address($filterent['destination'])); ?>
+ <?=$textss;?><?php echo htmlspecialchars(pprint_address($filterent['destination'])); ?><?=$textse;?>
</td>
<td class="listr">
- <?php echo htmlspecialchars(pprint_port($filterent['destination']['port'])); ?>
+ <?=$textss;?><?php echo htmlspecialchars(pprint_port($filterent['destination']['port'])); ?><?=$textse;?>
</td>
<td class="listbg">
- <?=htmlspecialchars($filterent['descr']);?>
+ <?=$textss;?><?=htmlspecialchars($filterent['descr']);?> <?=$textse;?>
</td>
<td valign="middle" nowrap class="list">
- <a href="firewall_rules_edit.php?id=<?=$i;?>"><img src="e.gif" alt="edit rule" width="17" height="17" border="0"></a>
+ <a href="firewall_rules_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit rule" width="17" height="17" border="0"></a>
<?php if (($i > 0) && ($a_filter[$i-1]['interface'] == $filterent['interface'])): ?>
- <a href="firewall_rules.php?act=up&id=<?=$i;?>"><img src="up.gif" alt="move up" width="17" height="17" border="0"></a>
+ <a href="firewall_rules.php?act=up&id=<?=$i;?>"><img src="up.gif" title="move up" width="17" height="17" border="0"></a>
<?php else: ?>
<img src="up_d.gif" width="17" height="17" border="0">
<?php endif; ?><br>
- <a href="firewall_rules.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this rule?')"><img src="x.gif" alt="delete rule" width="17" height="17" border="0"></a>
+ <a href="firewall_rules.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this rule?')"><img src="x.gif" title="delete rule" width="17" height="17" border="0"></a>
<?php if ($a_filter[$i+1]['interface'] == $filterent['interface']): ?>
- <a href="firewall_rules.php?act=down&id=<?=$i;?>"><img src="down.gif" alt="move down" width="17" height="17" border="0"></a>
+ <a href="firewall_rules.php?act=down&id=<?=$i;?>"><img src="down.gif" title="move down" width="17" height="17" border="0"></a>
<?php else: ?>
<img src="down_d.gif" width="17" height="17" border="0">
<?php endif; ?>
- <a href="firewall_rules_edit.php?dup=<?=$i;?>"><img src="plus.gif" alt="add a new rule based on this one" width="17" height="17" border="0"></a>
+ <a href="firewall_rules_edit.php?dup=<?=$i;?>"><img src="plus.gif" title="add a new rule based on this one" width="17" height="17" border="0"></a>
</td>
</tr>
<?php endfor; ?>
<tr>
<td class="list" colspan="7"></td>
- <td class="list"> <a href="firewall_rules_edit.php"><img src="plus.gif" alt="add new rule" width="17" height="17" border="0"></a></td>
+ <td class="list"> <a href="firewall_rules_edit.php"><img src="plus.gif" title="add new rule" width="17" height="17" border="0"></a></td>
</tr>
</table>
<table border="0" cellspacing="0" cellpadding="0">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: Rules: Edit</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vncellreq">Protocol</td>
<td width="78%" class="vtable">
<select name="proto" class="formfld" onchange="proto_change()">
- <?php $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPv6 any"); foreach ($protocols as $proto): ?>
+ <?php $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPv6 IGMP any"); foreach ($protocols as $proto): ?>
<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>>
<?=htmlspecialchars($proto);?>
</option>
if (!is_array($config['shaper']['rule'])) {
$config['shaper']['rule'] = array();
}
+if (!is_array($config['shaper']['pipe'])) {
+ $config['shaper']['pipe'] = array();
+}
+if (!is_array($config['shaper']['queue'])) {
+ $config['shaper']['queue'] = array();
+}
$a_shaper = &$config['shaper']['rule'];
+$a_pipe = &$config['shaper']['pipe'];
+$a_queue = &$config['shaper']['queue'];
$pconfig['enable'] = isset($config['shaper']['enable']);
header("Location: firewall_shaper.php");
exit;
}
+} else if ($_GET['act'] == "toggle") {
+ if ($a_shaper[$_GET['id']]) {
+ $a_shaper[$_GET['id']]['disabled'] = !isset($a_shaper[$_GET['id']]['disabled']);
+ write_config();
+ touch($d_shaperconfdirty_path);
+ header("Location: firewall_shaper.php");
+ exit;
+ }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: Traffic shaper</p>
<form action="firewall_shaper.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_shaperconfdirty_path)): ?><p>
<?php print_info_box_np("The traffic shaper configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">Rules</li>
+ <li class="tabinact"><a href="firewall_shaper_pipes.php">Pipes</a></li>
+ <li class="tabinact"><a href="firewall_shaper_queues.php">Queues</a></li>
+ <li class="tabinact"><a href="firewall_shaper_magic.php">Magic shaper wizard</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabact">Rules</td>
- <td nowrap class="tabinact"><a href="firewall_shaper_pipes.php" class="tblnk">Pipes</a></td>
- <td nowrap class="tabinact"><a href="firewall_shaper_queues.php" class="tblnk">Queues</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="4" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td class="vtable"><p>
<tr valign="top">
<td class="listlr">
<?php
+ $dis = "";
+ if (isset($shaperent['disabled'])) {
+ $dis = "_d";
+ $textss = "<span class=\"gray\">";
+ $textse = "</span>";
+ } else {
+ $textss = $textse = "";
+ }
$iflabels = array('lan' => 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP');
for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++)
$iflabels['opt' . $j] = $config['interfaces']['opt' . $j]['descr'];
- echo htmlspecialchars($iflabels[$shaperent['interface']]);
- if ($shaperent['direction'])
- echo "<br><img src=\"{$shaperent['direction']}.gif\" width=\"11\" height=\"11\" style=\"margin-top: 5px\">";
+ echo $textss . htmlspecialchars($iflabels[$shaperent['interface']]);
+ echo "<br>";
+ echo "<a href=\"?act=toggle&id={$i}\">";
+ if ($shaperent['direction'] != "in")
+ echo "<img src=\"out{$dis}.gif\" width=\"11\" height=\"11\" border=\"0\" style=\"margin-top: 5px\" title=\"click to toggle enabled/disabled status\">";
+ if ($shaperent['direction'] != "out")
+ echo "<img src=\"in{$dis}.gif\" width=\"11\" height=\"11\" border=\"0\" style=\"margin-top: 5px\" title=\"click to toggle enabled/disabled status\">";
+ echo "</a>" . $textse;;
?>
</td>
<td class="listr">
- <?php if (isset($shaperent['protocol'])) echo strtoupper($shaperent['protocol']); else echo "*"; ?>
+ <?=$textss;?><?php if (isset($shaperent['protocol'])) echo strtoupper($shaperent['protocol']); else echo "*"; ?><?=$textse;?>
</td>
- <td class="listr"> <?php echo htmlspecialchars(pprint_address($shaperent['source'])); ?>
+ <td class="listr"><?=$textss;?><?php echo htmlspecialchars(pprint_address($shaperent['source'])); ?>
<?php if ($shaperent['source']['port']): ?><br>
Port: <?=htmlspecialchars(pprint_port($shaperent['source']['port'])); ?>
- <?php endif; ?>
+ <?php endif; ?><?=$textse;?>
</td>
- <td class="listr"> <?php echo htmlspecialchars(pprint_address($shaperent['destination'])); ?>
+ <td class="listr"><?=$textss;?><?php echo htmlspecialchars(pprint_address($shaperent['destination'])); ?>
<?php if ($shaperent['destination']['port']): ?><br>
Port: <?=htmlspecialchars(pprint_port($shaperent['destination']['port'])); ?>
- <?php endif; ?>
+ <?php endif; ?><?=$textse;?>
</td>
- <td class="listr">
+ <td class="listr"><?=$textss;?>
<?php
- if (isset($shaperent['targetpipe']))
- echo "<a href=\"firewall_shaper_pipes_edit.php?id={$shaperent['targetpipe']}\">Pipe " .
- ($shaperent['targetpipe']+1) . "</a>";
- else if (isset($shaperent['targetqueue']))
- echo "<a href=\"firewall_shaper_queues_edit.php?id={$shaperent['targetqueue']}\">Queue " .
- ($shaperent['targetqueue']+1) . "</a>";
- ?>
+ if (isset($shaperent['targetpipe'])) {
+ if ($a_pipe[$shaperent['targetpipe']]['descr'])
+ $desc = htmlspecialchars($a_pipe[$shaperent['targetpipe']]['descr']);
+ else
+ $desc = "Pipe " . ($shaperent['targetpipe']+1);
+ echo "<a href=\"firewall_shaper_pipes_edit.php?id={$shaperent['targetpipe']}\">{$desc}</a>";
+ } else if (isset($shaperent['targetqueue'])) {
+ if ($a_queue[$shaperent['targetqueue']]['descr'])
+ $desc = htmlspecialchars($a_queue[$shaperent['targetqueue']]['descr']);
+ else
+ $desc = "Queue " . ($shaperent['targetqueue']+1);
+ echo "<a href=\"firewall_shaper_queues_edit.php?id={$shaperent['targetqueue']}\">{$desc}</a>";
+ }
+ ?><?=$textse;?>
</td>
<td class="listbg">
- <?=htmlspecialchars($shaperent['descr']);?>
+ <?=$textss;?><?=htmlspecialchars($shaperent['descr']);?><?=$textse;?>
</td>
- <td valign="middle" nowrap class="list"> <a href="firewall_shaper_edit.php?id=<?=$i;?>"><img src="e.gif" alt="edit rule" width="17" height="17" border="0"></a>
+ <td valign="middle" nowrap class="list"> <a href="firewall_shaper_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit rule" width="17" height="17" border="0"></a>
<?php if ($i > 0): ?>
- <a href="firewall_shaper.php?act=up&id=<?=$i;?>"><img src="up.gif" alt="move up" width="17" height="17" border="0"></a>
+ <a href="firewall_shaper.php?act=up&id=<?=$i;?>"><img src="up.gif" title="move up" width="17" height="17" border="0"></a>
<?php else: ?>
<img src="up_d.gif" width="17" height="17" border="0">
<?php endif; ?><br>
- <a href="firewall_shaper.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this rule?')"><img src="x.gif" alt="delete rule" width="17" height="17" border="0"></a>
+ <a href="firewall_shaper.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this rule?')"><img src="x.gif" title="delete rule" width="17" height="17" border="0"></a>
<?php if (isset($a_shaper[$i+1])): ?>
- <a href="firewall_shaper.php?act=down&id=<?=$i;?>"><img src="down.gif" alt="move down" width="17" height="17" border="0"></a>
+ <a href="firewall_shaper.php?act=down&id=<?=$i;?>"><img src="down.gif" title="move down" width="17" height="17" border="0"></a>
<?php else: ?>
<img src="down_d.gif" width="17" height="17" border="0">
<?php endif; ?>
- <a href="firewall_shaper_edit.php?dup=<?=$i;?>"><img src="plus.gif" alt="add a new rule based on this one" width="17" height="17" border="0"></a>
+ <a href="firewall_shaper_edit.php?dup=<?=$i;?>"><img src="plus.gif" title="add a new rule based on this one" width="17" height="17" border="0"></a>
</td>
</tr>
<?php $i++; endforeach; ?>
<tr>
<td width="16"><img src="in.gif" width="11" height="11"></td>
<td>incoming (as seen by firewall)</td>
+ <td width="14"></td>
+ <td width="16"><img src="out.gif" width="11" height="11"></td>
+ <td>outgoing (as seen by firewall)</td>
</tr>
<tr>
<td colspan="5" height="4"></td>
</tr>
<tr>
- <td><img src="out.gif" width="11" height="11"></td>
- <td>outgoing (as seen by firewall)</td>
+ <td><img src="in_d.gif" width="11" height="11"></td>
+ <td>incoming (disabled)</td>
+ <td width="14"></td>
+ <td><img src="out_d.gif" width="11" height="11"></td>
+ <td>outgoing (disabled)</td>
</tr>
</table>
<p><span class="red"><strong>Note:</strong></span><strong><br>
</strong>the first rule that matches a packet will be executed.<br>
The following match patterns are not shown in the list above:
- IP packet length, TCP flags.</td></p>
+ IP packet length, TCP flags.</td>
</tr>
</table>
</form>
}
$pconfig['direction'] = $a_shaper[$id]['direction'];
+ $pconfig['iptos'] = $a_shaper[$id]['iptos'];
$pconfig['iplen'] = $a_shaper[$id]['iplen'];
$pconfig['tcpflags'] = $a_shaper[$id]['tcpflags'];
$pconfig['descr'] = $a_shaper[$id]['descr'];
+ $pconfig['disabled'] = isset($a_shaper[$id]['disabled']);
if ($pconfig['srcbeginport'] == 0) {
$pconfig['srcbeginport'] = "any";
if ($_POST) {
- if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
+ if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "any")) {
$_POST['srcbeginport'] = 0;
$_POST['srcendport'] = 0;
$_POST['dstbeginport'] = 0;
$_POST['dstmask'] = 32;
}
+ $intos = array();
+ foreach ($iptos as $tos) {
+ if ($_POST['iptos_' . $tos] == "on")
+ $intos[] = $tos;
+ else if ($_POST['iptos_' . $tos] == "off")
+ $intos[] = "!" . $tos;
+ }
+ $_POST['iptos'] = join(",", $intos);
+
$intcpflags = array();
foreach ($tcpflags as $tcpflag) {
if ($_POST['tcpflags_' . $tcpflag] == "on")
$shaperent['direction'] = $_POST['direction'];
$shaperent['iplen'] = $_POST['iplen'];
+ $shaperent['iptos'] = $_POST['iptos'];
$shaperent['tcpflags'] = $_POST['tcpflags'];
$shaperent['descr'] = $_POST['descr'];
+ $shaperent['disabled'] = $_POST['disabled'] ? true : false;
list($targettype,$target) = explode(":", $_POST['target']);
$shaperent[$targettype] = $target;
}
function proto_change() {
- if (document.iform.proto.selectedIndex < 3) {
+ if (document.iform.proto.selectedIndex < 2 || document.iform.proto.selectedIndex == 8) {
portsenabled = 1;
} else {
portsenabled = 0;
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: Traffic shaper: Edit rule</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<?php if (is_array($config['shaper']['pipe']) && (count($config['shaper']['pipe']) > 0)): ?>
<form action="firewall_shaper_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<span class="vexpl">Choose a pipe or queue where packets that
match this rule should be sent.</span></td>
</tr>
+ <tr>
+ <td valign="top" class="vncellreq">Disabled</td>
+ <td class="vtable">
+ <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
+ <strong>Disable this rule</strong><br>
+ <span class="vexpl">Set this option to disable this rule without removing it from the list.</span></td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Interface</td>
<td width="78%" class="vtable"> <select name="interface" class="formfld">
<tr>
<td width="22%" valign="top" class="vncellreq">Protocol</td>
<td width="78%" class="vtable"> <select name="proto" class="formfld" onchange="proto_change()">
- <?php $protocols = explode(" ", "TCP UDP ICMP ESP AH GRE IPv6 any"); foreach ($protocols as $proto): ?>
+ <?php $protocols = explode(" ", "TCP UDP ICMP ESP AH GRE IPv6 IGMP any"); foreach ($protocols as $proto): ?>
<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>>
<?=htmlspecialchars($proto);?>
</option>
Use this to match only packets travelling in a given direction
on the interface specified above (as seen from the firewall's
perspective). </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">IP Type of Service (TOS)</td>
+ <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
+ <?php
+ $iniptos = explode(",", $pconfig['iptos']);
+ foreach ($iptos as $tos): $dontcare = true; ?>
+ <tr>
+ <td width="80" nowrap><strong>
+ <?echo $tos;?>
+ </strong></td>
+ <td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="on" <?php if (array_search($tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
+ yes </td>
+ <td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="off" <?php if (array_search("!" . $tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
+ no </td>
+ <td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="" <?php if ($dontcare) echo "checked";?>>
+ don't care</td>
+ </tr>
+ <?php endforeach; ?>
+ </table>
+ <span class="vexpl">Use this to match packets according to their IP TOS values.
+ </span></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell">IP packet length</td>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ firewall_shaper_magic.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2004 Justin Ellison <justin@techadvise.com>
+ Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>
+
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+function wipe_magic () {
+ global $config;
+
+ /* wipe previous */
+ $types=array("pipe","queue","rule");
+ foreach ($types as $type) {
+ foreach (array_keys($config['shaper'][$type]) as $num) {
+ if (substr($config['shaper'][$type][$num]['descr'],0,2) == "m_") {
+ unset($config['shaper'][$type][$num]);
+ }
+ }
+ }
+ /* Although we don't delete user-defined rules, it's probably best to
+ disable the shaper to prevent bad things from happening */
+ $config['shaper']['enable'] = FALSE;
+}
+
+function populate_p2p(&$rulei) {
+ global $config;
+
+ /* To add p2p clients, push Descr,Protocol,Start,End onto p2plist */
+ $p2plist[] = array('BitTorrent','tcp','6881','6999','both');
+ $p2plist[] = array('DirectConnect','','412','412','source');
+ $p2plist[] = array('DirectFileExpress','','1044','1045','source');
+ $p2plist[] = array('FastTrack','','1214','1214','source');
+ $p2plist[] = array('CuteMX','','2340','2340','source');
+ $p2plist[] = array('iMest','','4329','4329','source');
+ $p2plist[] = array('EDonkey2000','','4661','4665','source');
+ $p2plist[] = array('SongSpy','','5190','5190','source');
+ $p2plist[] = array('HotlineConnect','','5500','5503','source');
+ $p2plist[] = array('Gnutella','','6346','6346','source');
+ $p2plist[] = array('dcc','','6666','6668','source');
+ $p2plist[] = array('Napster','','6699','6701','source');
+ $p2plist[] = array('Aimster','','7668','7668','source');
+ $p2plist[] = array('BuddyShare','','7788','7788','source');
+ $p2plist[] = array('Scour','','8311','8311','source');
+ $p2plist[] = array('OpenNap','','8888','8889','source');
+ $p2plist[] = array('hotComm','','28864','28865','source');
+
+ /* Set up/down p2p as lowest weight */
+ $direction = array("in","out");
+ foreach ($p2plist as $p2pclient) {
+ foreach ($direction as $dir) {
+ foreach (array('source','destination') as $srcdest) {
+ if (($p2pclient[4] == $srcdest) || ($p2pclient[4] == 'both')) {
+ $config['shaper']['rule'][$rulei]['descr'] = "m_P2P $p2pclient[0]";
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "$dir";
+ $config['shaper']['rule'][$rulei]['source']['any'] = 1;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = 1;
+ $config['shaper']['rule'][$rulei][$srcdest]['port'] = $p2pclient[2]."-".$p2pclient[3];
+ if($p2pclient[1] != '')
+ $config['shaper']['rule'][$rulei]['protocol'] = $p2pclient[1];
+ if ($dir == "out") {
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 4;
+ } else {
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 6;
+ }
+ $rulei++;
+ }
+ }
+ }
+ }
+}
+
+function create_magic ($maxup, $maxdown, $p2plow,$maskq) {
+ global $config;
+
+ $config['shaper']['enable'] = TRUE;
+ $pipei = 0;
+ $queuei = 0;
+ $rulei = 0;
+
+ /* Create new pipes */
+ $config['shaper']['pipe'][$pipei]['descr'] = "m_Total Upload";
+ $config['shaper']['pipe'][$pipei]['bandwidth'] = round($maxup * .90);
+ $pipei++;
+ $config['shaper']['pipe'][$pipei]['descr'] = "m_Total Download";
+ $config['shaper']['pipe'][$pipei]['bandwidth'] = round($maxdown * .95);
+ $pipei++;
+
+ /* Create new queues */
+ $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #1 Upload";
+ $config['shaper']['queue'][$queuei]['targetpipe'] = 0;
+ $config['shaper']['queue'][$queuei]['weight'] = 50;
+ $queuei++;
+ $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #2 Upload";
+ $config['shaper']['queue'][$queuei]['targetpipe'] = 0;
+ $config['shaper']['queue'][$queuei]['weight'] = 30;
+ $queuei++;
+ $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #3 Upload";
+ $config['shaper']['queue'][$queuei]['targetpipe'] = 0;
+ $config['shaper']['queue'][$queuei]['weight'] = 15;
+ $queuei++;
+ $config['shaper']['queue'][$queuei]['descr'] = "m_Bulk Upload";
+ $config['shaper']['queue'][$queuei]['targetpipe'] = 0;
+ $config['shaper']['queue'][$queuei]['weight'] = 4;
+ $queuei++;
+ $config['shaper']['queue'][$queuei]['descr'] = "m_Hated Upload";
+ $config['shaper']['queue'][$queuei]['targetpipe'] = 0;
+ $config['shaper']['queue'][$queuei]['weight'] = 1;
+ $queuei++;
+ $config['shaper']['queue'][$queuei]['descr'] = "m_Bulk Download";
+ $config['shaper']['queue'][$queuei]['targetpipe'] = 1;
+ $config['shaper']['queue'][$queuei]['weight'] = 30;
+ $queuei++;
+ $config['shaper']['queue'][$queuei]['descr'] = "m_Hated Download";
+ $config['shaper']['queue'][$queuei]['targetpipe'] = 1;
+ $config['shaper']['queue'][$queuei]['weight'] = 10;
+ $queuei++;
+ $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority Download";
+ $config['shaper']['queue'][$queuei]['targetpipe'] = 1;
+ $config['shaper']['queue'][$queuei]['weight'] = 60;
+ $queuei++;
+ if ($maskq) {
+ for ($i = 0; $i < $queuei; $i++) {
+ if (stristr($config['shaper']['queue'][$i]['descr'],"upload")) {
+ $config['shaper']['queue'][$i]['mask'] = 'source';
+ } else if (stristr($config['shaper']['queue'][$i]['descr'],"download")) {
+ $config['shaper']['queue'][$i]['mask'] = 'destination';
+ }
+ }
+ }
+
+ /* Create new rules */
+ if ($p2plow)
+ populate_p2p($rulei);
+
+ $config['shaper']['rule'][$rulei]['descr'] = "m_Small Pkt Upload";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 0;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "out";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['iplen'] = "0-100";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_Outbound DNS Query";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 0;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "out";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['port'] = 53;
+ $config['shaper']['rule'][$rulei]['protocol'] = "udp";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_AH Upload";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 0;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "out";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['protocol'] = "ah";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_ESP Upload";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 0;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "out";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['protocol'] = "esp";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_GRE Upload";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 0;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "out";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['protocol'] = "gre";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_ICMP Upload";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 1;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "out";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['protocol'] = "icmp";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_TCP ACK Upload";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 2;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "out";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['iplen'] = "0-80";
+ $config['shaper']['rule'][$rulei]['protocol'] = "tcp";
+ $config['shaper']['rule'][$rulei]['tcpflags'] = "ack";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_Catch-All Upload";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 3;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "out";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_ICMP Download";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 7;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "in";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['protocol'] = "icmp";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_Small Pkt Download";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 7;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "in";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['iplen'] = "0-100";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_AH Download";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 7;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "in";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['protocol'] = "ah";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_ESP Download";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 7;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "in";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['protocol'] = "esp";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_GRE Download";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 7;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "in";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['protocol'] = "gre";
+ $rulei++;
+ $config['shaper']['rule'][$rulei]['descr'] = "m_Catch-All Download";
+ $config['shaper']['rule'][$rulei]['targetqueue'] = 5;
+ $config['shaper']['rule'][$rulei]['interface'] = "wan";
+ $config['shaper']['rule'][$rulei]['direction'] = "in";
+ $config['shaper']['rule'][$rulei]['source']['any'] = TRUE;
+ $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE;
+ $rulei++;
+}
+
+require("guiconfig.inc");
+
+if (!is_array($config['shaper']['rule'])) {
+ $config['shaper']['rule'] = array();
+}
+if (!is_array($config['shaper']['pipe'])) {
+ $config['shaper']['pipe'] = array();
+}
+if (!is_array($config['shaper']['queue'])) {
+ $config['shaper']['queue'] = array();
+}
+
+$a_shaper = &$config['shaper']['rule'];
+$a_queues = &$config['shaper']['queue'];
+$a_pipes = &$config['shaper']['pipe'];
+
+$pconfig['p2plow'] = isset($config['shaper']['magic']['p2plow']);
+$pconfig['maskq'] = isset($config['shaper']['magic']['maskq']);
+$pconfig['maxup'] = $config['shaper']['magic']['maxup'];
+$pconfig['maxdown'] = $config['shaper']['magic']['maxdown'];
+
+if ($_POST) {
+
+ if ($_POST['install']) {
+ unset($input_errors);
+ $pconfig = $_POST;
+ $reqdfields = explode(" ", "maxup maxdown");
+ $reqdfieldsn = explode(",", "Max. Upload,Max.Download");
+ do_input_validation($_POST,$reqdfields, $reqdfieldsn, &$input_errors);
+ if (($_POST['maxup'] && !is_numericint($_POST['maxup']))) {
+ $input_errors[] = "The max upload bandwidth must be an integer.";
+ }
+ if (($_POST['maxdown'] && !is_numericint($_POST['maxdown']))) {
+ $input_errors[] = "The max download bandwidth must be an integer.";
+ }
+ if (!$input_errors) {
+ if ($_POST['install']) {
+ unset ($config['shaper']);
+ create_magic($_POST['maxup'],$_POST['maxdown'],$_POST['p2plow']?TRUE:FALSE,$_POST['maskq']?TRUE:FALSE);
+ touch($d_shaperconfdirty_path);
+ }
+ $config['shaper']['magic']['p2plow'] = $_POST['p2plow'] ? TRUE : FALSE;
+ $config['shaper']['magic']['maskq'] = $_POST['maskq'] ? TRUE : FALSE;
+ $config['shaper']['magic']['maxup'] = $_POST['maxup'];
+ $config['shaper']['magic']['maxdown'] = $_POST['maxdown'];
+ write_config();
+ }
+ }
+ if ($_POST['remove']) {
+ wipe_magic();
+ $note = '<p><span class="red"><strong>Note: The traffic shaper has been disabled.<br>All of your user-defined rules/pipes/queues are still intact.</strong></span><strong><br>';
+ touch($d_shaperconfdirty_path);
+ write_config();
+ }
+ if ($_POST['apply']) {
+ $retval = 0;
+ if (!file_exists($d_sysrebootreqd_path)) {
+ config_lock();
+ $retval = shaper_configure();
+ config_unlock();
+ }
+ $savemsg = get_std_save_message($retval);
+ if ($retval == 0) {
+ if (file_exists($d_shaperconfdirty_path))
+ unlink($d_shaperconfdirty_path);
+ }
+ }
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Firewall: Traffic shaper</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Firewall: Traffic shaper</p>
+<form action="firewall_shaper_magic.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_shaperconfdirty_path)): ?><p>
+<?php print_info_box_np("The traffic shaper configuration has been changed.<br>You must apply the changes in order for them to take effect.$note");?><br>
+<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
+<?php endif; ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="firewall_shaper.php">Rules</a></li>
+ <li class="tabinact"><a href="firewall_shaper_pipes.php">Pipes</a></li>
+ <li class="tabinact"><a href="firewall_shaper_queues.php">Queues</a></li>
+ <li class="tabact">Magic shaper wizard</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vtable"> </td>
+ <td width="78%" class="vtable"><p>
+ <input name="p2plow" type="checkbox" id="p2plow" value="yes" <?php if ($pconfig['p2plow'] == "yes") echo "checked";?>>
+ Set P2P traffic to lowest priority<br>
+ </p></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vtable"> </td>
+ <td width="78%" class="vtable"><p>
+ <input name="maskq" type="checkbox" id="maskq" value="yes" <?php if ($pconfig['maskq'] == "yes") echo "checked";?>>
+ Share bandwidth evenly on LAN<br>
+ </p></td>
+ </tr>
+ <tr valign="top">
+ <td width="22%" class="vncellreq">Downstream<br>
+ speed </td>
+ <td width="78%" class="vtable">
+ <input name="maxdown" type="text" size="10" value="<?php if ($pconfig['maxdown']) echo $pconfig['maxdown']; ?>">
+ kbps<br>
+ Enter the speed of your WAN downstream link here.</td>
+ </tr>
+ <tr valign="top">
+ <td width="22%" class="vncellreq">Upstream<br>
+ speed</td>
+ <td width="78%" class="vtable"><input name="maxup" type="text" size="10" value="<?php if ($pconfig['maxup']) echo $pconfig['maxup']; ?>">
+ kbps<br>
+ Enter the speed of your WAN upstream link here.</td>
+ </tr>
+ <tr>
+ <td width="22%"> </td>
+ <td width="78%"><p>
+ <input name="install" type="submit" class="formbtn" id="install" value="Install/Update">
+
+ <input name="remove" type="submit" class="formbtn" id="remove" value="Remove">
+ </p>
+ <p><span class="red"><strong>All existing traffic shaper <strong>rules</strong>/pipes/queues will be deleted once "Install/Update" has been pressed! Backup your configuration before proceeding! </strong></span></p></td>
+ </tr>
+ </table>
+ <p><span class="vexpl"><span class="red"><strong>Note:</strong></span><strong><br>
+ </strong>By entering your maximum upload and download values and pressing the "Install/Update" button, the magic shaper will do its best to create the optimum shaping rules, queues, and pipes for you. These rules will help ensure that interactive traffic remains acceptable while the upstream bandwidth is being consumed by heavy traffic.</span></p>
+ </td>
+ </tr>
+</table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
<p class="pgtitle">Firewall: Traffic shaper</p>
<form action="firewall_shaper.php" method="post">
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_shaperconfdirty_path)): ?><p>
<?php print_info_box_np("The traffic shaper configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="firewall_shaper.php">Rules</a></li>
+ <li class="tabact">Pipes</li>
+ <li class="tabinact"><a href="firewall_shaper_queues.php">Queues</a></li>
+ <li class="tabinact"><a href="firewall_shaper_magic.php">Magic shaper wizard</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="firewall_shaper.php" class="tblnk">Rules</a></td>
- <td nowrap class="tabact">Pipes</a></td>
- <td nowrap class="tabinact"><a href="firewall_shaper_queues.php" class="tblnk">Queues</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="4" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="10%" class="listhdrr">No.</td>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: Traffic shaper: Edit pipe</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="firewall_shaper_pipes_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
$config['shaper']['queue'] = array();
}
$a_queues = &$config['shaper']['queue'];
+$a_pipe = &$config['shaper']['pipe'];
if ($_GET['act'] == "del") {
if ($a_queues[$_GET['id']]) {
<p class="pgtitle">Firewall: Traffic shaper</p>
<form action="firewall_shaper.php" method="post">
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_shaperconfdirty_path)): ?><p>
<?php print_info_box_np("The traffic shaper configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="firewall_shaper.php">Rules</a></li>
+ <li class="tabinact"><a href="firewall_shaper_pipes.php">Pipes</a></li>
+ <li class="tabact">Queues</li>
+ <li class="tabinact"><a href="firewall_shaper_magic.php">Magic shaper wizard</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="firewall_shaper.php" class="tblnk">Rules</a></td>
- <td nowrap class="tabinact"><a href="firewall_shaper_pipes.php" class="tblnk">Pipes</a></a></td>
- <td nowrap class="tabact">Queues</td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="4" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="10%" class="listhdrr">No.</td>
- <td width="15%" class="listhdrr">Pipe</td>
- <td width="15%" class="listhdrr">Weight</td>
+ <td width="25%" class="listhdrr">Pipe</td>
+ <td width="5%" class="listhdrr">Weight</td>
<td width="20%" class="listhdrr">Mask</td>
<td width="30%" class="listhdr">Description</td>
<td width="10%" class="list"></td>
<td class="listlr">
<?=($i+1);?></td>
<td class="listr">
- <a href="firewall_shaper_pipes_edit.php?id=<?=$queue['targetpipe'];?>"><?=$queue['targetpipe']+1;?></a></td>
+ <?php
+ if ($a_pipe[$queue['targetpipe']]['descr'])
+ $desc = htmlspecialchars($a_pipe[$queue['targetpipe']]['descr']);
+ else
+ $desc = "Pipe " . ($queue['targetpipe']+1);
+ ?>
+ <a href="firewall_shaper_pipes_edit.php?id=<?=$queue['targetpipe'];?>"><?=$desc;?></a></td>
<td class="listr">
<?=$queue['weight'];?></td>
<td class="listr">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Firewall: Traffic shaper: Edit queue</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<?php if (is_array($config['shaper']['pipe']) && (count($config['shaper']['pipe']) > 0)): ?>
<form action="firewall_shaper_queues_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
--- /dev/null
+#!/usr/local/bin/php -f
+<?php
+/*
+ graph.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2004 T. Lechat <dev@lechat.org> and Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+// VERSION 1.0.4
+
+/********** HTTP GET Based Conf ***********/
+$ifnum=@$_GET["ifnum"]; //BSD / SNMP interface name / number
+$ifname=@$_GET["ifname"]?$_GET["ifname"]:"Interface $ifnum"; //Interface name that will be showed on top right of graph
+
+/********* Other conf *******/
+$scale_type="up"; //Autoscale default setup : "up" = only increase scale; "follow" = increase and decrease scale according to current graphed datas
+$nb_plot=120; //NB plot in graph
+$time_interval=1; //Refresh time Interval
+$first_stage_time_interval=2; //First stage time Intervall
+
+$urldata=@$_SERVER["SCRIPT_NAME"];
+$fetch_link = "ifstats.cgi?$ifnum";
+
+//Style
+$style['bg']="fill:white;stroke:none;stroke-width:0;opacity:1;";
+$style['axis']="fill:black;stroke:black;stroke-width:1;";
+$style['in']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:7;";
+$style['out']="fill:#8092B3; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:7;";
+$style['graph_in']="fill:none;stroke:#435370;stroke-width:1;opacity:0.8;";
+$style['graph_out']="fill:none;stroke:#8092B3;stroke-width:1;opacity:0.8;";
+$style['legend']="fill:black; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4;";
+$style['graphname']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:8;";
+$style['grid_txt']="fill:gray; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:6;";
+$style['grid']="stroke:gray;stroke-width:1;opacity:0.5;";
+$style['switch_unit']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4; text-decoration:underline;";
+$style['switch_scale']="fill:#435370; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4; text-decoration:underline;";
+$style['error']="fill:blue; font-family:Arial; font-size:4;";
+$style['collect_initial']="fill:gray; font-family:Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size:4;";
+
+//Error text if we cannot fetch data : depends on which method is used
+$error_text = "Cannot get data about interface $ifnum";
+
+$height=100; //SVG internal height : do not modify
+$width=200; //SVG internal width : do not modify
+
+/********* Graph DATA **************/
+header("Content-type: image/svg+xml");
+print('<?xml version="1.0" encoding="iso-8859-1"?>' . "\n");?><svg width="100%" height="100%" viewBox="0 0 <?=$width?> <?=$height?>" preserveAspectRatio="none" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" onload="init(evt)">
+<g id="graph" style="visibility:visible">
+ <rect id="bg" x1="0" y1="0" x2="<?=$width?>" y2="<?=$height?>" style="<?=$style['bg']?>"/>
+ <line id="axis_x" x1="0" y1="0" x2="0" y2="<?=$height?>" style="<?=$style['axis']?>"/>
+ <line id="axis_y" x1="0" y1="<?=$height?>" x2="<?=$width?>" y2="<?=$height?>" style="<?=$style['axis']?>"/>
+ <path id="graph_out" d="M0 <?=$height?> L 0 <?=$height?>" style="<?=$style['graph_out']?>"/>
+ <path id="graph_in" d="M0 <?=$height?> L 0 <?=$height?>" style="<?=$style['graph_in']?>"/>
+ <path id="grid" d="M0 <?=$height/4*1?> L <?=$width?> <?=$height/4*1?> M0 <?=$height/4*2?> L <?=$width?> <?=$height/4*2?> M0 <?=$height/4*3?> L <?=$width?> <?=$height/4*3?>" style="<?=$style[grid]?>"/>
+ <text id="grid_txt1" x="<?=$width?>" y="<?=$height/4*1?>" style="<?=$style['grid_txt']?> text-anchor:end"> </text>
+ <text id="grid_txt2" x="<?=$width?>" y="<?=$height/4*2?>" style="<?=$style['grid_txt']?> text-anchor:end"> </text>
+ <text id="grid_txt3" x="<?=$width?>" y="<?=$height/4*3?>" style="<?=$style['grid_txt']?> text-anchor:end"> </text>
+ <text id="graph_in_lbl" x="5" y="8" style="<?=$style['in']?>">In</text>
+ <text id="graph_out_lbl" x="5" y="16" style="<?=$style['out']?> ">Out</text>
+ <text id="graph_in_txt" x="20" y="8" style="<?=$style['in']?>"> </text>
+ <text id="graph_out_txt" x="20" y="16" style="<?=$style['out']?> "> </text>
+ <text id="ifname" x="<?=$width?>" y="8" style="<?=$style['graphname']?> text-anchor:end"><?=$ifname?></text>
+ <text id="switch_unit" x="<?=$width*0.55?>" y="5" style="<?=$style['switch_unit']?>">Switch to bytes/s</text>
+ <text id="switch_scale" x="<?=$width*0.55?>" y="11" style="<?=$style['switch_scale']?>">AutoScale (<?=$scale_type?>)</text>
+ <text id="datetime" x="<?=$width*0.33?>" y="5" style="<?=$style['legend']?>"> </text>
+ <text id="graphlast" x="<?=$width*0.55?>" y="17" style="<?=$style['legend']?>">Graph shows last <?=$time_interval*$nb_plot?> seconds</text>
+ <polygon id="axis_arrow_x" style="<?=$style['axis']?>" points="<?=($width) . "," . ($height)?> <?=($width-2) . "," . ($height-2)?> <?=($width-2) . "," . $height?>"/>
+ <text id="error" x="<?=$width*0.5?>" y="<?=$height*0.5?>" style="visibility:hidden;<?=$style['error']?> text-anchor:middle"><?=$error_text?></text>
+ <text id="collect_initial" x="<?=$width*0.5?>" y="<?=$height*0.5?>" style="visibility:hidden;<?=$style['collect_initial']?> text-anchor:middle">Collecting initial data, please wait...</text>
+</g>
+
+<script type="text/ecmascript"><![CDATA[
+var SVGDoc;
+var last_ifin=0;
+var last_ifout=0;
+var last_ugmt=0;
+var diff_ugmt=0;
+var diff_ifin=0;
+var diff_ifout=0;
+var max = 0;
+plot_in=new Array();
+plot_out=new Array();
+
+var isfirst=1;
+var index_plot=0;
+var step = <?=$width?> / <?=$nb_plot?> ;
+var unit = 'bits';
+var scale_type = '<?=$scale_type?>';
+
+function init(evt) {
+ SVGDoc = evt.getTarget().getOwnerDocument();
+ SVGDoc.getElementById("switch_unit").addEventListener("mousedown", switch_unit, false);
+ SVGDoc.getElementById("switch_scale").addEventListener("mousedown", switch_scale, false);
+
+ go();
+}
+
+function switch_unit(event)
+{
+ SVGDoc.getElementById('switch_unit').getFirstChild().setData('Switch to ' + unit + '/s');
+ if(unit=='bits') unit='bytes';else unit='bits';
+}
+
+function switch_scale(event)
+{
+ if(scale_type=='up') scale_type='follow';else scale_type='up';
+ SVGDoc.getElementById('switch_scale').getFirstChild().setData('AutoScale (' + scale_type + ')');
+}
+
+function go() {
+ getURL('<?=$fetch_link?>',urlcallback);
+}
+
+function urlcallback(obj) {
+ var error = 0;
+ now = new Date();
+
+ //Show datetimelegend
+ var datetime = (now.getMonth()+1) + "/" + now.getDate() + "/" + now.getFullYear() + ' ' +
+ LZ(now.getHours()) + ":" + LZ(now.getMinutes()) + ":" + LZ(now.getSeconds());
+ SVGDoc.getElementById('datetime').getFirstChild().setData(datetime);
+
+ //shift plot to left if nb_plot is already completed
+ var i=0;
+ if(index_plot > <?=$nb_plot?>)
+ {
+ while (i <= <?=$nb_plot?>)
+ {
+ var a=i+1;
+ plot_in[i]=plot_in[a];
+ plot_out[i]=plot_out[a];
+ i=i+1;
+ }
+ index_plot = <?=$nb_plot?>;
+ plot_in[index_plot]=0;
+ plot_out[index_plot]=0;
+ }
+
+ //if Geturl returns something
+ if (obj.success){
+ var t=obj.content.split("|");
+ var ugmt = parseFloat(t[0]);//ugmt is an unixtimestamp style
+ var ifin = parseInt(t[1]);//ifin must be in bytes
+ var ifout = parseInt(t[2]);//ifout must be in bytes
+ var scale;
+
+ if(!isNumber(ifin) || !isNumber(ifout)) {
+ goerror();
+ return;
+ } else {
+ SVGDoc.getElementById("error").getStyle().setProperty ('visibility', 'hidden');
+ }
+
+ diff_ugmt = ugmt - last_ugmt;
+ diff_ifin = ifin - last_ifin;
+ diff_ifout = ifout - last_ifout;
+
+ if (diff_ugmt == 0)
+ diff_ugmt = 1; /* avoid division by zero */
+
+ last_ugmt = ugmt;
+ last_ifin = ifin;
+ last_ifout = ifout;
+
+ if(isfirst) {
+ SVGDoc.getElementById("collect_initial").getStyle().setProperty ('visibility', 'visible');
+ setTimeout('go()',<?=1000*$first_stage_time_interval?>);
+ isfirst=0;
+ return;
+ } else SVGDoc.getElementById("collect_initial").getStyle().setProperty ('visibility', 'hidden');
+
+ plot_in[index_plot] = diff_ifin / diff_ugmt;
+ plot_out[index_plot]= diff_ifout / diff_ugmt;
+
+ SVGDoc.getElementById('graph_in_txt').getFirstChild().setData(formatSpeed(plot_in[index_plot],unit));
+ SVGDoc.getElementById('graph_out_txt').getFirstChild().setData(formatSpeed(plot_out[index_plot],unit));
+
+ /* determine peak for sensible scaling */
+ if (scale_type == 'up') {
+ if (plot_in[index_plot] > max)
+ max = plot_in[index_plot];
+ if (plot_out[index_plot] > max)
+ max = plot_out[index_plot];
+ } else if (scale_type == 'follow') {
+ i = 0;
+ max = 0;
+ while (i <= <?=$nb_plot?>) {
+ if (plot_in[i] > max)
+ max = plot_in[i];
+ if (plot_out[i] > max)
+ max = plot_out[i];
+ i++;
+ }
+ }
+
+ var rmax;
+
+ if (unit == 'bits') {
+ /* round up max, such that
+ 100 kbps -> 200 kbps -> 400 kbps -> 800 kbps -> 1 Mbps -> 2 Mbps -> ... */
+ rmax = 12500;
+ i = 0;
+ while (max > rmax) {
+ i++;
+ if (i && (i % 4 == 0))
+ rmax *= 1.25;
+ else
+ rmax *= 2;
+ }
+ } else {
+ /* round up max, such that
+ 10 KB/s -> 20 KB/s -> 40 KB/s -> 80 KB/s -> 100 KB/s -> 200 KB/s -> 400 KB/s -> 800 KB/s -> 1 MB/s ... */
+ rmax = 10240;
+ i = 0;
+ while (max > rmax) {
+ i++;
+ if (i && (i % 4 == 0))
+ rmax *= 1.25;
+ else
+ rmax *= 2;
+
+ if (i == 8)
+ rmax *= 1.024;
+ }
+ }
+
+ scale = <?=$height?> / rmax;
+
+ /* change labels accordingly */
+ SVGDoc.getElementById('grid_txt1').getFirstChild().setData(formatSpeed(3*rmax/4,unit));
+ SVGDoc.getElementById('grid_txt2').getFirstChild().setData(formatSpeed(2*rmax/4,unit));
+ SVGDoc.getElementById('grid_txt3').getFirstChild().setData(formatSpeed(rmax/4,unit));
+
+ i = 0;
+
+ while (i <= index_plot)
+ {
+ var x = step * i;
+ var y_in= <?=$height?> - (plot_in[i] * scale);
+ var y_out= <?=$height?> - (plot_out[i] * scale);
+ if(i==0) {
+ var path_in = "M" + x + " " + y_in;
+ var path_out = "M" + x + " " + y_out;
+ }
+ else
+ {
+ var path_in = path_in + " L" + x + " " + y_in;
+ var path_out = path_out + " L" + x + " " + y_out;
+ }
+ i = i + 1;
+ }
+
+ index_plot = index_plot+1;
+ SVGDoc.getElementById('graph_in').setAttribute("d", path_in);
+ SVGDoc.getElementById('graph_out').setAttribute("d", path_out);
+
+ setTimeout('go()',<?=1000*$time_interval?>);
+ }
+ else
+ { //In case of Geturl fails
+ goerror();
+ }
+}
+
+function goerror() {
+ SVGDoc.getElementById("error").getStyle().setProperty ('visibility', 'visible');
+ setTimeout('go()',<?=1000*$time_interval?>);
+}
+
+function isNumber(a) {
+ return typeof a == 'number' && isFinite(a);
+}
+
+function formatSpeed(speed,unit){
+ if(unit=='bits') return formatSpeedBits(speed);
+ else if(unit=='bytes') return formatSpeedBytes(speed);
+}
+
+function formatSpeedBits(speed) {
+ // format speed in bits/sec, input: bytes/sec
+ if (speed < 125000)
+ return Math.round(speed / 125) + " Kbps";
+ else if (speed < 125000000)
+ return Math.round(speed / 1250)/100 + " Mbps";
+ else
+ return Math.round(speed / 1250000)/100 + " Gbps"; /* wow! */
+}
+function formatSpeedBytes(speed) {
+ // format speed in bytes/sec, input: bytes/sec
+ if (speed < 1048576)
+ return Math.round(speed / 10.24)/100 + " KB/s";
+ else if (speed < 1073741824)
+ return Math.round(speed / 10485.76)/100 + " MB/s";
+ else
+ return Math.round(speed / 10737418.24)/100 + " GB/s"; /* wow! */
+}
+function LZ(x) {
+ return (x < 0 || x > 9 ? "" : "0") + x
+}
+]]></script>
+</svg>
\ No newline at end of file
font-size: 11px;
color: #FFFFFF;
}
+.hostname {
+ font-size: 11px;
+ color: #FFFFFF;
+}
.vnsepcellr {
background-color: #BBBBBB;
padding-right: 20px;
padding-top: 5px;
padding-bottom: 5px;
}
-.tabinact {
- border-left: 1px solid #999999;
+ul#tabnav {
font-size: 11px;
+ font-weight: bold;
+ list-style-type: none;
+ margin: 0;
+ padding: 0;
+}
+ul#tabnav li.tabinact {
+ float: left;
+ border-left: 1px solid #999999;
background-color: #777777;
- padding-right: 8px;
- padding-left: 8px;
- padding-top: 5px;
- padding-bottom: 5px;
color: #FFFFFF;
- font-weight: bold;
+ padding: 0;
+ white-space: nowrap;
}
-.tabact {
- font-size: 11px;
+ul#tabnav li.tabinact a {
+ float: left;
+ display: block;
+ text-decoration: none;
+ padding: 5px 8px 5px 8px;
+ color: #FFFFFF;
+}
+ul#tabnav li.tabact {
+ float: left;
background-color: #EEEEEE;
- padding-right: 8px;
- padding-left: 8px;
- padding-top: 5px;
- padding-bottom: 5px;
color: #000000;
- font-weight: bold;
+ padding: 5px 8px 5px 8px;
+ white-space: nowrap;
}
.tabcont {
background-color: #EEEEEE;
header("Pragma: no-cache");
}
+/* parse the configuration and include all configuration functions */
+require_once("config.inc");
+require_once("functions.inc");
+
$d_natconfdirty_path = $g['varrun_path'] . "/nat.conf.dirty";
$d_filterconfdirty_path = $g['varrun_path'] . "/filter.conf.dirty";
$d_ipsecconfdirty_path = $g['varrun_path'] . "/ipsec.conf.dirty";
$d_fwupenabled_path = $g['varrun_path'] . "/fwup.enabled";
$d_firmwarelock_path = $g['varrun_path'] . "/firmware.lock";
$d_sysrebootreqd_path = $g['varrun_path'] . "/sysreboot.reqd";
+$d_passthrumacsdirty_path = $g['varrun_path'] . "/passthrumacs.dirty";
+$d_allowedipsdirty_path = $g['varrun_path'] . "/allowedips.dirty";
if (file_exists($d_firmwarelock_path)) {
if (!$d_isfwfile) {
}
}
-/* parse the configuration and include all configuration functions */
-require_once("config.inc");
-require_once("functions.inc");
-
/* some well knows ports */
$wkports = array(21 => "FTP", 22 => "SSH", 23 => "Telnet", 25 => "SMTP", 53 => "DNS", 80 => "HTTP",
110 => "POP3", 143 => "IMAP", 443 => "HTTPS");
+$iptos = array("lowdelay", "throughput", "reliability", "mincost", "congestion");
/* TCP flags */
$tcpflags = array("fin", "syn", "rst", "psh", "ack", "urg");
/* IPsec defines */
$my_identifier_list = array('myaddress' => 'My IP address',
'address' => 'IP address',
- 'fqdn' => 'Domain name');
+ 'fqdn' => 'Domain name',
+ 'user_fqdn' => 'User FQDN');
$p1_ealgos = array('des' => 'DES', '3des' => '3DES', 'blowfish' => 'Blowfish',
'cast128' => 'CAST128');
function print_input_errors($input_errors) {
echo "<p><table border=\"0\" cellspacing=\"0\" cellpadding=\"4\" width=\"100%\">\n";
- echo "<tr><td bgcolor=\"#A12A2A\" width=\"36\" align=\"center\" valign=\"top\"><img src=\"err.gif\" width=\"28\" height=\"32\"></td>\n";
+ echo "<tr><td bgcolor=\"#A12A2A\" width=\"36\" align=\"center\" valign=\"top\"><img src=\"/err.gif\" width=\"28\" height=\"32\"></td>\n";
echo "<td bgcolor=\"#FFD9D1\" style=\"padding-left: 8px; padding-top: 6px\">";
echo "<span class=\"errmsg\"><p>The following input errors were detected:<ul>\n";
function print_info_box_np($msg) {
echo "<table border=\"0\" cellspacing=\"0\" cellpadding=\"4\" width=\"100%\">\n";
- echo "<tr><td bgcolor=\"#687BA4\" align=\"center\" valign=\"top\" width=\"36\"><img src=\"exclam.gif\" width=\"28\" height=\"32\"></td>\n";
+ echo "<tr><td bgcolor=\"#687BA4\" align=\"center\" valign=\"top\" width=\"36\"><img src=\"/exclam.gif\" width=\"28\" height=\"32\"></td>\n";
echo "<td bgcolor=\"#D9DEE8\" style=\"padding-left: 8px\">";
echo $msg;
echo "</td></tr></table>";
if ($ok == 0) {
if (file_exists($d_sysrebootreqd_path))
- return "The changes have been saved. You must reboot your firewall for changes to take effect.";
+ return "The changes have been saved. You must <a href=\"/reboot.php\">reboot</a> your firewall for changes to take effect.";
else
return "The changes have been applied successfully.";
} else {
usort($config['proxyarp']['proxyarpnet'], "proxyarpcmp");
}
-function is_numericint($arg) {
- return (preg_match("/[^0-9]/", $arg) ? false : true);
+function passthrumacs_sort() {
+ global $g, $config;
+
+ function passthrumacscmp($a, $b) {
+ return strcmp($a['mac'], $b['mac']);
+ }
+
+ usort($config['captiveportal']['passthrumac'],"passthrumacscmp");
+}
+
+function allowedips_sort() {
+ global $g, $config;
+
+ function allowedipscmp($a, $b) {
+ return strcmp($a['ip'], $b['ip']);
+ }
+
+ usort($config['captiveportal']['allowedip'],"allowedipscmp");
+}
+
+function wol_sort() {
+ global $g, $config;
+
+ function wolcmp($a, $b) {
+ return strcmp($a['descr'], $b['descr']);
+ }
+
+ usort($config['wol']['wolentry'], "wolcmp");
}
?>
require("guiconfig.inc");
/* find out whether there's hardware encryption (hifn) */
-exec("/sbin/dmesg", $dmesg);
-
unset($hwcrypto);
-foreach ($dmesg as $dmesgl) {
- if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches)) {
- $hwcrypto = $matches[1];
- break;
+$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r");
+if ($fd) {
+ while (!feof($fd)) {
+ $dmesgl = fgets($fd);
+ if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches)) {
+ $hwcrypto = $matches[1];
+ break;
+ }
}
+ fclose($fd);
}
?>
<tr>
<td width="25%" class="vncellt">Uptime</td>
<td width="75%" class="listr">
- <?php exec("/usr/bin/uptime", $uptime);
- $uptimea = explode(",", $uptime[0], 3);
- echo join(",", array($uptimea[0], $uptimea[2])); ?>
+ <?php
+ exec("/sbin/sysctl -n kern.boottime", $boottime);
+ preg_match("/sec = (\d+)/", $boottime[0], $matches);
+ $boottime = $matches[1];
+ $uptime = time() - $boottime;
+
+ if ($uptime > 60)
+ $uptime += 30;
+ $updays = (int)($uptime / 86400);
+ $uptime %= 86400;
+ $uphours = (int)($uptime / 3600);
+ $uptime %= 3600;
+ $upmins = (int)($uptime / 60);
+
+ $uptimestr = "";
+ if ($updays > 1)
+ $uptimestr .= "$updays days, ";
+ else if ($updays > 0)
+ $uptimestr .= "1 day, ";
+ $uptimestr .= sprintf("%02d:%02d", $uphours, $upmins);
+ echo htmlspecialchars($uptimestr);
+ ?>
</td>
</tr>
</table>
while "interface" refers to LAN, WAN, or OPTn.
*/
+/* get list without VLAN interfaces */
$portlist = get_interface_list();
+/* add VLAN interfaces */
+if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) {
+ $i = 0;
+ foreach ($config['vlans']['vlan'] as $vlan) {
+ $portlist['vlan' . $i] = $vlan;
+ $portlist['vlan' . $i]['isvlan'] = true;
+ $i++;
+ }
+}
+
if ($_POST) {
unset($input_errors);
/* Build a list of the port names so we can see how the interfaces map */
$portifmap = array();
foreach ($portlist as $portname => $portinfo)
- $portifmap[] = array($portname => array());
+ $portifmap[$portname] = array();
/* Go through the list of ports selected by the user,
build a list of port-to-interface mappings in portifmap */
" interfaces:";
foreach ($portifmap[$portname] as $ifn)
- $errstr .= " " . $ifn;
+ $errstr .= " " . $ifn;
$input_errors[] = $errstr;
}
write_config();
touch($d_sysrebootreqd_path);
- /* message is set up below based on existence of bootreqd file */
}
}
}
if ($_GET['act'] == "add") {
- $i = 0;
+ /* find next free optional interface number */
+ $i = 1;
+ while (is_array($config['interfaces']['opt' . $i]))
+ $i++;
- while (1) {
- $newifname = 'opt' . ($i+1);
-
- if (!is_array($config['interfaces'][$newifname])) {
- $config['interfaces'][$newifname] = array();
- $config['interfaces'][$newifname]['descr'] = "OPT" . ($i+1);
-
- /* Find an unused port for this interface */
- foreach ($portlist as $portname => $portinfo) {
- $portused = false;
- foreach ($config['interfaces'] as $ifname => $ifdata) {
- if ($ifdata['if'] == $portname) {
- $portused = true;
- break;
- }
- }
- if (!$portused) {
- $config['interfaces'][$newifname]['if'] = $portname;
- if (preg_match("/^(wi|awi|an)/", $portname))
- $config['interfaces'][$newifname]['wireless'] = array();
- break;
- }
+ $newifname = 'opt' . $i;
+ $config['interfaces'][$newifname] = array();
+ $config['interfaces'][$newifname]['descr'] = "OPT" . $i;
+
+ /* Find an unused port for this interface */
+ foreach ($portlist as $portname => $portinfo) {
+ $portused = false;
+ foreach ($config['interfaces'] as $ifname => $ifdata) {
+ if ($ifdata['if'] == $portname) {
+ $portused = true;
+ break;
}
+ }
+ if (!$portused) {
+ $config['interfaces'][$newifname]['if'] = $portname;
+ if (preg_match("/^(wi|awi|an)/", $portname))
+ $config['interfaces'][$newifname]['wireless'] = array();
break;
}
- $i++;
}
write_config();
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if (file_exists($d_sysrebootreqd_path)) print_info_box(get_std_save_message(0)); ?>
<form action="interfaces_assign.php" method="post" name="iform" id="iform">
- <table border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="22%" valign="top" class="vncellreq">Interface assignments</td>
- <td width="78%" class="vtable">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">Interface assignments</li>
+ <li class="tabinact"><a href="interfaces_vlan.php">VLANs</a></li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="listhdrr">Interface</td>
- <td class="listhdrr">Network port</td>
+ <td class="listhdr">Network port</td>
<td class="list"> </td>
</tr>
<?php foreach ($config['interfaces'] as $ifname => $iface): ?>
<select name="<?=$ifname;?>" class="formfld" id="<?=$ifname;?>">
<?php foreach ($portlist as $portname => $portinfo): ?>
<option value="<?=$portname;?>" <?php if ($portname == $iface['if']) echo "selected";?>>
- <?=htmlspecialchars($portname . " (" . $portinfo['mac'] . ")");?>
+ <?php if ($portinfo['isvlan']) {
+ $descr = "VLAN {$portinfo['tag']} on {$portinfo['if']}";
+ if ($portinfo['descr'])
+ $descr .= " (" . $portinfo['descr'] . ")";
+ echo htmlspecialchars($descr);
+ } else
+ echo htmlspecialchars($portname . " (" . $portinfo['mac'] . ")");
+ ?>
</option>
<?php endforeach; ?>
</select>
</td>
<td valign="middle" class="list">
<?php if (($ifname != 'lan') && ($ifname != 'wan')): ?>
- <a href="interfaces_assign.php?act=del&id=<?=$ifname;?>"><img src="x.gif" alt="delete interface" width="17" height="17" border="0"></a>
+ <a href="interfaces_assign.php?act=del&id=<?=$ifname;?>"><img src="x.gif" title="delete interface" width="17" height="17" border="0"></a>
<?php endif; ?>
</td>
</tr>
<tr>
<td class="list" colspan="2"></td>
<td class="list" nowrap><?php if (count($config['interfaces']) < count($portlist)): ?>
- <a href="interfaces_assign.php?act=add"><img src="plus.gif" alt="add interface" width="17" height="17" border="0"></a>
+ <a href="interfaces_assign.php?act=add"><img src="plus.gif" title="add interface" width="17" height="17" border="0"></a>
<?php endif; ?> </td>
</tr>
</table>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%">
<input name="Submit" type="submit" class="formbtn" value="Save">
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top"> </td>
- <td width="78%"> <span class="vexpl"><span class="red"><strong>Warning:<br>
- </strong></span>After you click "Save", you must
- reboot the firewall to make the changes take effect. You may
- also have to do one or more of the following steps before
- you can access your firewall again:
+ <p><span class="vexpl"><strong><span class="red">Warning:</span><br>
+ </strong>After you click "Save", you must reboot the firewall to make the changes take effect. You may also have to do one or more of the following steps before you can access your firewall again: </span></p>
<ul>
- <li>change the IP address of your computer</li>
- <li>renew it's DHCP lease</li>
- <li>access the webGUI with the new IP address</li>
- </ul>
- </span></td>
- </tr>
- </table>
+ <li><span class="vexpl">change the IP address of your computer</span></li>
+ <li><span class="vexpl">renew its DHCP lease</span></li>
+ <li><span class="vexpl">access the webGUI with the new IP address</span></li>
+ </ul></td>
+ </tr>
+</table>
</form>
<?php include("fend.inc"); ?>
</body>
access your firewall again:
<ul>
<li>change the IP address of your computer</li>
- <li>renew it's DHCP lease</li>
+ <li>renew its DHCP lease</li>
<li>access the webGUI with the new IP address</li>
</ul>
</span></td>
$input_errors[] = "The specified interface is already bridged to " .
"another interface.";
}
+ /* captive portal on? */
+ if (isset($config['captiveportal']['enable'])) {
+ $input_errors[] = "Interfaces cannot be bridged while the captive portal is enabled.";
+ }
} else {
$reqdfields = explode(" ", "descr ipaddr subnet");
$reqdfieldsn = explode(",", "Description,IP address,Subnet bit count");
if (!file_exists($d_sysrebootreqd_path)) {
config_lock();
$retval = interfaces_optional_configure();
+
+ /* is this the captive portal interface? */
+ if (isset($config['captiveportal']['enable']) &&
+ ($config['captiveportal']['interface'] == ('opt' . $index))) {
+ captiveportal_configure();
+ }
config_unlock();
}
$savemsg = get_std_save_message($retval);
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Interfaces: Optional <?=$index;?> (<?=htmlspecialchars($optcfg['descr']);?>)</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if ($optcfg['if']): ?>
<form action="interfaces_opt.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ interfaces_vlan.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['vlans']['vlan']))
+ $config['vlans']['vlan'] = array();
+
+$a_vlans = &$config['vlans']['vlan'] ;
+
+function vlan_inuse($num) {
+ global $config, $g;
+
+ if ($config['interfaces']['lan']['if'] == "vlan{$num}")
+ return true;
+ if ($config['interfaces']['wan']['if'] == "vlan{$num}")
+ return true;
+
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ if ($config['interfaces']['opt' . $i]['if'] == "vlan{$num}")
+ return true;
+ }
+
+ return false;
+}
+
+function renumber_vlan($if, $delvlan) {
+ if (!preg_match("/^vlan/", $if))
+ return $if;
+
+ $vlan = substr($if, 4);
+ if ($vlan > $delvlan)
+ return "vlan" . ($vlan - 1);
+ else
+ return $if;
+}
+
+if ($_GET['act'] == "del") {
+ /* check if still in use */
+ if (vlan_inuse($_GET['id'])) {
+ $input_errors[] = "This VLAN cannot be deleted because it is still being used as an interface.";
+ } else {
+ unset($a_vlans[$_GET['id']]);
+
+ /* renumber all interfaces that use VLANs */
+ $config['interfaces']['lan']['if'] = renumber_vlan($config['interfaces']['lan']['if'], $_GET['id']);
+ $config['interfaces']['wan']['if'] = renumber_vlan($config['interfaces']['wan']['if'], $_GET['id']);
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $config['interfaces']['opt' . $i]['if'] = renumber_vlan($config['interfaces']['opt' . $i]['if'], $_GET['id']);
+
+ write_config();
+ touch($d_sysrebootreqd_path);
+ header("Location: interfaces_vlan.php");
+ exit;
+ }
+}
+
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Interfaces: Assign network ports: VLANs</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Interfaces: Assign network ports: VLANs</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if (file_exists($d_sysrebootreqd_path)) print_info_box(get_std_save_message(0)); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="interfaces_assign.php">Interface assignments</a></li>
+ <li class="tabact">VLANs</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="20%" class="listhdrr">Interface</td>
+ <td width="20%" class="listhdrr">VLAN tag</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_vlans as $vlan): ?>
+ <tr>
+ <td class="listlr">
+ <?=htmlspecialchars($vlan['if']);?>
+ </td>
+ <td class="listr">
+ <?=htmlspecialchars($vlan['tag']);?>
+ </td>
+ <td class="listbg">
+ <?=htmlspecialchars($vlan['descr']);?>
+ </td>
+ <td valign="middle" nowrap class="list"> <a href="interfaces_vlan_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
+ <a href="interfaces_vlan.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this VLAN?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"> </td>
+ <td class="list"> <a href="interfaces_vlan_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <tr>
+ <td colspan="3" class="list"><p class="vexpl"><span class="red"><strong>
+ Note:<br>
+ </strong></span>
+ Not all drivers/NICs support 802.1Q VLAN tagging properly. On cards that do not explicitly support it, VLAN tagging will still work, but the reduced MTU may cause problems. See the m0n0wall homepage for information on supported cards. </p>
+ </td>
+ <td class="list"> </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ interfaces_vlan_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['vlans']['vlan']))
+ $config['vlans']['vlan'] = array();
+
+$a_vlans = &$config['vlans']['vlan'];
+
+$portlist = get_interface_list();
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($id) && $a_vlans[$id]) {
+ $pconfig['if'] = $a_vlans[$id]['if'];
+ $pconfig['tag'] = $a_vlans[$id]['tag'];
+ $pconfig['descr'] = $a_vlans[$id]['descr'];
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "if tag");
+ $reqdfieldsn = explode(",", "Parent interface,VLAN tag");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if ($_POST['tag'] && (!is_numericint($_POST['tag']) || ($_POST['tag'] < '1') || ($_POST['tag'] > '4094'))) {
+ $input_errors[] = "The VLAN tag must be an integer between 1 and 4094.";
+ }
+
+ foreach ($a_vlans as $vlan) {
+ if (isset($id) && ($a_vlans[$id]) && ($a_vlans[$id] === $vlan))
+ continue;
+
+ if (($vlan['if'] == $_POST['if']) && ($vlan['tag'] == $_POST['tag'])) {
+ $input_errors[] = "A VLAN with the tag {$vlan['tag']} is already defined on this interface.";
+ break;
+ }
+ }
+
+ if (!$input_errors) {
+ $vlan = array();
+ $vlan['if'] = $_POST['if'];
+ $vlan['tag'] = $_POST['tag'];
+ $vlan['descr'] = $_POST['descr'];
+
+ if (isset($id) && $a_vlans[$id])
+ $a_vlans[$id] = $vlan;
+ else
+ $a_vlans[] = $vlan;
+
+ write_config();
+ touch($d_sysrebootreqd_path);
+ header("Location: interfaces_vlan.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Interfaces: Assign network ports: VLANs: Edit</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Interfaces: Assign network ports: VLANs: Edit</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+ <form action="interfaces_vlan_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Parent interface</td>
+ <td width="78%" class="vtable">
+ <select name="if" class="formfld">
+ <?php
+ foreach ($portlist as $ifn => $ifinfo): ?>
+ <option value="<?=$ifn;?>" <?php if ($ifn == $pconfig['if']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifn . " (" . $ifinfo['mac'] . ")");?>
+ </option>
+ <?php endforeach; ?>
+ </select></td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq">VLAN tag </td>
+ <td class="vtable">
+ <input name="tag" type="text" class="formfld" id="tag" size="6" value="<?=htmlspecialchars($pconfig['tag']);?>">
+ <br>
+ <span class="vexpl">802.1Q VLAN tag (between 1 and 4094) </span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br> <span class="vexpl">You may enter a description here
+ for your reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_vlans[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
$pconfig['pptp_subnet'] = $config['pptp']['subnet'];
$pconfig['pptp_remote'] = $config['pptp']['remote'];
+$pconfig['bigpond_username'] = $config['bigpond']['username'];
+$pconfig['bigpond_password'] = $config['bigpond']['password'];
+$pconfig['bigpond_authserver'] = $config['bigpond']['authserver'];
+$pconfig['bigpond_authdomain'] = $config['bigpond']['authdomain'];
+$pconfig['bigpond_minheartbeatinterval'] = $config['bigpond']['minheartbeatinterval'];
+
$pconfig['dhcphostname'] = $wancfg['dhcphostname'];
if ($wancfg['ipaddr'] == "dhcp") {
$pconfig['type'] = "PPPoE";
} else if ($wancfg['ipaddr'] == "pptp") {
$pconfig['type'] = "PPTP";
+} else if ($wancfg['ipaddr'] == "bigpond") {
+ $pconfig['type'] = "BigPond";
} else {
$pconfig['type'] = "Static";
$pconfig['ipaddr'] = $wancfg['ipaddr'];
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
} else if ($_POST['type'] == "PPPoE") {
$reqdfields = explode(" ", "username password");
- $reqdfieldsn = explode(",", "PPPoE Username,PPPoE Password");
+ $reqdfieldsn = explode(",", "PPPoE username,PPPoE password");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
} else if ($_POST['type'] == "PPTP") {
$reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote");
- $reqdfieldsn = explode(",", "PPTP Username,PPTP Password,PPTP local IP address,PPTP subnet,PPTP remote IP address");
+ $reqdfieldsn = explode(",", "PPTP username,PPTP password,PPTP local IP address,PPTP subnet,PPTP remote IP address");
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+ } else if ($_POST['type'] == "BigPond") {
+ $reqdfields = explode(" ", "bigpond_username bigpond_password");
+ $reqdfieldsn = explode(",", "BigPond username,BigPond password");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
}
if (($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote']))) {
$input_errors[] = "A valid PPTP remote IP address must be specified.";
}
+ if (($_POST['bigpond_authserver'] && !is_domain($_POST['bigpond_authserver']))) {
+ $input_errors[] = "The authentication server name contains invalid characters.";
+ }
+ if (($_POST['bigpond_authdomain'] && !is_domain($_POST['bigpond_authdomain']))) {
+ $input_errors[] = "The authentication domain name contains invalid characters.";
+ }
+ if ($_POST['bigpond_minheartbeatinterval'] && !is_numericint($_POST['bigpond_minheartbeatinterval'])) {
+ $input_errors[] = "The minimum heartbeat interval must be an integer.";
+ }
if (($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac']))) {
$input_errors[] = "A valid MAC address must be specified.";
}
unset($config['pptp']['local']);
unset($config['pptp']['subnet']);
unset($config['pptp']['remote']);
+ unset($config['bigpond']['username']);
+ unset($config['bigpond']['password']);
+ unset($config['bigpond']['authserver']);
+ unset($config['bigpond']['authdomain']);
+ unset($config['bigpond']['minheartbeatinterval']);
if ($_POST['type'] == "Static") {
$wancfg['ipaddr'] = $_POST['ipaddr'];
$config['pptp']['local'] = $_POST['pptp_local'];
$config['pptp']['subnet'] = $_POST['pptp_subnet'];
$config['pptp']['remote'] = $_POST['pptp_remote'];
+ } else if ($_POST['type'] == "BigPond") {
+ $wancfg['ipaddr'] = "bigpond";
+ $config['bigpond']['username'] = $_POST['bigpond_username'];
+ $config['bigpond']['password'] = $_POST['bigpond_password'];
+ $config['bigpond']['authserver'] = $_POST['bigpond_authserver'];
+ $config['bigpond']['authdomain'] = $_POST['bigpond_authdomain'];
+ $config['bigpond']['minheartbeatinterval'] = $_POST['bigpond_minheartbeatinterval'];
}
$wancfg['blockpriv'] = $_POST['blockpriv'] ? true : false;
document.iform.pptp_local.disabled = 1;
document.iform.pptp_subnet.disabled = 1;
document.iform.pptp_remote.disabled = 1;
+ document.iform.bigpond_username.disabled = 1;
+ document.iform.bigpond_password.disabled = 1;
+ document.iform.bigpond_authserver.disabled = 1;
+ document.iform.bigpond_authdomain.disabled = 1;
+ document.iform.bigpond_minheartbeatinterval.disabled = 1;
document.iform.dhcphostname.disabled = 1;
break;
case 1:
document.iform.pptp_local.disabled = 1;
document.iform.pptp_subnet.disabled = 1;
document.iform.pptp_remote.disabled = 1;
+ document.iform.bigpond_username.disabled = 1;
+ document.iform.bigpond_password.disabled = 1;
+ document.iform.bigpond_authserver.disabled = 1;
+ document.iform.bigpond_authdomain.disabled = 1;
+ document.iform.bigpond_minheartbeatinterval.disabled = 1;
document.iform.dhcphostname.disabled = 0;
break;
case 2:
document.iform.pptp_local.disabled = 1;
document.iform.pptp_subnet.disabled = 1;
document.iform.pptp_remote.disabled = 1;
+ document.iform.bigpond_username.disabled = 1;
+ document.iform.bigpond_password.disabled = 1;
+ document.iform.bigpond_authserver.disabled = 1;
+ document.iform.bigpond_authdomain.disabled = 1;
+ document.iform.bigpond_minheartbeatinterval.disabled = 1;
document.iform.dhcphostname.disabled = 1;
break;
case 3:
document.iform.pptp_local.disabled = 0;
document.iform.pptp_subnet.disabled = 0;
document.iform.pptp_remote.disabled = 0;
+ document.iform.bigpond_username.disabled = 1;
+ document.iform.bigpond_password.disabled = 1;
+ document.iform.bigpond_authserver.disabled = 1;
+ document.iform.bigpond_authdomain.disabled = 1;
+ document.iform.bigpond_minheartbeatinterval.disabled = 1;
+ document.iform.dhcphostname.disabled = 1;
+ break;
+ case 4:
+ document.iform.username.disabled = 1;
+ document.iform.password.disabled = 1;
+ document.iform.provider.disabled = 1;
+ document.iform.ipaddr.disabled = 1;
+ document.iform.subnet.disabled = 1;
+ document.iform.gateway.disabled = 1;
+ document.iform.pptp_username.disabled = 1;
+ document.iform.pptp_password.disabled = 1;
+ document.iform.pptp_local.disabled = 1;
+ document.iform.pptp_subnet.disabled = 1;
+ document.iform.pptp_remote.disabled = 1;
+ document.iform.bigpond_username.disabled = 0;
+ document.iform.bigpond_password.disabled = 0;
+ document.iform.bigpond_authserver.disabled = 0;
+ document.iform.bigpond_authdomain.disabled = 0;
+ document.iform.bigpond_minheartbeatinterval.disabled = 0;
document.iform.dhcphostname.disabled = 1;
break;
}
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Interfaces: WAN</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="interfaces_wan.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td valign="middle"><strong>Type</strong></td>
<td> <select name="type" class="formfld" id="type" onchange="type_change()">
- <?php $opts = split(" ", "Static DHCP PPPoE PPTP");
+ <?php $opts = split(" ", "Static DHCP PPPoE PPTP BigPond");
foreach ($opts as $opt): ?>
<option <?php if ($opt == $pconfig['type']) echo "selected";?>>
<?=htmlspecialchars($opt);?>
<td width="100" valign="top" class="vncellreq">Remote IP address</td>
<td class="vtable"> <input name="pptp_remote" type="text" class="formfld" id="pptp_remote" size="20" value="<?=htmlspecialchars($pconfig['pptp_remote']);?>">
</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" height="16"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="vnsepcell">BigPond Cable configuration</td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq">Username</td>
+ <td class="vtable"><input name="bigpond_username" type="text" class="formfld" id="bigpond_username" size="20" value="<?=htmlspecialchars($pconfig['bigpond_username']);?>">
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncellreq">Password</td>
+ <td class="vtable"><input name="bigpond_password" type="text" class="formfld" id="bigpond_password" size="20" value="<?=htmlspecialchars($pconfig['bigpond_password']);?>">
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Authentication server</td>
+ <td class="vtable"><input name="bigpond_authserver" type="text" class="formfld" id="bigpond_authserver" size="20" value="<?=htmlspecialchars($pconfig['bigpond_authserver']);?>">
+ <br>
+ <span class="vexpl">If this field is left empty, the default ("dce-server") is used. </span></td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Authentication domain</td>
+ <td class="vtable"><input name="bigpond_authdomain" type="text" class="formfld" id="bigpond_authdomain" size="20" value="<?=htmlspecialchars($pconfig['bigpond_authdomain']);?>">
+ <br>
+ <span class="vexpl">If this field is left empty, the domain name assigned via DHCP will be used.<br>
+ <br>
+ Note: the BigPond client implicitly sets the "Allow DNS server list to be overridden by DHCP/PPP on WAN" on the System: General setup page. </span></td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Min. heartbeat interval</td>
+ <td class="vtable">
+ <input name="bigpond_minheartbeatinterval" type="text" class="formfld" id="bigpond_minheartbeatinterval" size="8" value="<?=htmlspecialchars($pconfig['bigpond_minheartbeatinterval']);?>">
+ seconds<br>
+ Setting this to a sensible value (e.g. 60 seconds) can protect against DoS attacks. </td>
</tr>
<?php /* Wireless interface? */
if (isset($optcfg['wireless']))
<em><font color="#666666">DHCP lease list page</font></em><br>
<br>
Peter Allgeyer (<a href="mailto:allgeyer@web.de">allgeyer@web.de</a>)<br>
- <em><font color="#666666">"reject" type filter rules</font></em></p>
+ <em><font color="#666666">"reject" type filter rules</font></em><br>
+ <br>
+ Thierry Lechat (<a href="mailto:dev@lechat.org">dev@lechat.org</a>)<br>
+ <em><font color="#666666">SVG-based traffic grapher</font></em><br>
+ <br>
+ Steven Honson (<a href="mailto:steven@honson.org">steven@honson.org</a>)<br>
+ <em><font color="#666666">per-user IP address assignments for PPTP VPN</font></em><br>
+ <br>
+ Kurt Inge Smådal (<a href="mailto:kurt@emsp.no">kurt@emsp.no</a>)<br>
+ <em><font color="#666666">NAT on optional interfaces</font></em><br>
+ <br>
+ Dinesh Nair (<a href="mailto:dinesh@alphaque.com">dinesh@alphaque.com</a>)<br>
+ <em><font color="#666666">captive portal: pass-through MAC/IP addresses, RADIUS authentication & accounting;<br>
+ <em><font color="#666666"></font></em>HTTP server concurrency limit</font></em><br>
+ <br>
+ Justin Ellison (<a href="mailto:justin@techadvise.com">justin@techadvise.com</a>)<br>
+ <em><font color="#666666">traffic shaper TOS matching; magic shaper; DHCP deny unknown clients;<br>
+ IPsec user FQDNs</font></em><br>
+ <br>
+ Fred Wright (<a href="mailto:fw@well.com">fw@well.com</a>)<br>
+ <em><font color="#666666">ipfilter window scaling fix; ipnat ICMP checksum adjustment fix </font></em></p>
<hr size="1">
<p>m0n0wall is based upon/includes various free software packages,
listed below.<br>
Copyright © 1993-2002 by Darren Reed.<br>
<br>
MPD - Multi-link PPP daemon for FreeBSD (<a href="http://www.dellroad.org/mpd" target="_blank">http://www.dellroad.org/mpd</a>)<br>
- Copyright © 1995-1999 Whistle Communications, Inc. All rights
- reserved. <br>
+ Copyright © 2003-2004, Archie L. Cobbs, Michael Bretterklieber, Alexander Motin<br>
+All rights reserved.<br>
<br>
ez-ipupdate (<a href="http://www.gusnet.cx/proj/ez-ipupdate/" target="_blank">http://www.gusnet.cx/proj/ez-ipupdate</a>)<br>
Copyright © 1998-2001 Angus Mackay. All rights reserved.<br>
choparp (<a href="http://choparp.sourceforge.net/" target="_blank">http://choparp.sourceforge.net</a>)<br>
Copyright © 1997 Takamichi Tateoka (tree@mma.club.uec.ac.jp)<br>
Copyright
-© 2002 Thomas Quinot (thomas@cuivre.fr.eu.org)
-<?php include("fend.inc"); ?>
+© 2002 Thomas Quinot (thomas@cuivre.fr.eu.org)<br>
+ <br>
+ BPALogin (<a href="http://bpalogin.sourceforge.net/" target="_blank">http://bpalogin.sourceforge.net</a>) - lightweight portable BIDS2 login client<br>
+ Copyright © 2001-3 Shane Hyde, and others.<br>
+ <br>
+ php-radius (<a href="http://www.mavetju.org/programming/php.php" target="_blank">http://www.mavetju.org/programming/php.php</a>)<br>
+ Copyright 2000, 2001, 2002 by Edwin Groothuis. All rights reserved.<br>
+ This product includes software developed by Edwin Groothuis.<br>
+ <br>
+ wol (<a href="http://ahh.sourceforge.net/wol" target="_blank">http://ahh.sourceforge.net/wol</a>)<br>
+ Copyright © 2000,2001,2002,2003,2004 Thomas Krennwallner <krennwallner@aon.at>
+ <?php include("fend.inc"); ?>
</body>
</html>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Reboot system</p>
-<?php if ($rebootmsg): echo print_info_box(htmlspecialchars($rebootmsg)); else: ?>
+<?php if ($rebootmsg): echo print_info_box($rebootmsg); else: ?>
<form action="reboot.php" method="post">
<p><strong>Are you sure you want to reboot the system?</strong></p>
<p>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ services_captiveportal.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['captiveportal'])) {
+ $config['captiveportal'] = array();
+ $config['captiveportal']['page'] = array();
+ $config['captiveportal']['timeout'] = 60;
+}
+
+if ($_GET['act'] == "viewhtml") {
+ echo base64_decode($config['captiveportal']['page']['htmltext']);
+ exit;
+} else if ($_GET['act'] == "viewerrhtml") {
+ echo base64_decode($config['captiveportal']['page']['errtext']);
+ exit;
+}
+
+$pconfig['cinterface'] = $config['captiveportal']['interface'];
+$pconfig['timeout'] = $config['captiveportal']['timeout'];
+$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
+$pconfig['enable'] = isset($config['captiveportal']['enable']);
+$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
+$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
+$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
+$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
+$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ if ($_POST['enable']) {
+ $reqdfields = explode(" ", "cinterface");
+ $reqdfieldsn = explode(",", "Interface");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ /* make sure no interfaces are bridged */
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ $coptif = &$config['interfaces']['opt' . $i];
+ if (isset($coptif['enable']) && $coptif['bridge']) {
+ $input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged.";
+ break;
+ }
+ }
+ }
+
+ if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) {
+ $input_errors[] = "The timeout must be at least 1 minute.";
+ }
+ if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) {
+ $input_errors[] = "The idle timeout must be at least 1 minute.";
+ }
+ if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
+ $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
+ }
+ if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
+ $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
+ }
+
+ if (!$input_errors) {
+ $config['captiveportal']['interface'] = $_POST['cinterface'];
+ $config['captiveportal']['timeout'] = $_POST['timeout'];
+ $config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
+ $config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
+ $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
+ $config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
+ $config['captiveportal']['radiusip'] = $_POST['radiusip'];
+ $config['captiveportal']['radiusport'] = $_POST['radiusport'];
+ $config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
+
+ /* file upload? */
+ if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
+ $config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name']));
+ if (is_uploaded_file($_FILES['errfile']['tmp_name']))
+ $config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name']));
+
+ write_config();
+
+ $retval = 0;
+ if (!file_exists($d_sysrebootreqd_path)) {
+ config_lock();
+ $retval = captiveportal_configure();
+ config_unlock();
+ }
+ $savemsg = get_std_save_message($retval);
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Services: Captive portal</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+<script language="JavaScript">
+<!--
+function radacct_change() {
+ if (document.iform.radacct_enable.checked) {
+ document.iform.logoutwin_enable.checked = 1;
+ }
+}
+
+function enable_change(enable_change) {
+ if (document.iform.enable.checked || enable_change) {
+ document.iform.cinterface.disabled = 0;
+ document.iform.idletimeout.disabled = 0;
+ document.iform.timeout.disabled = 0;
+ document.iform.radiusip.disabled = 0;
+ document.iform.radiusport.disabled = 0;
+ document.iform.radiuskey.disabled = 0;
+ document.iform.radacct_enable.disabled = 0;
+ document.iform.logoutwin_enable.disabled = 0;
+ document.iform.htmlfile.disabled = 0;
+ document.iform.errfile.disabled = 0;
+ } else {
+ document.iform.cinterface.disabled = 1;
+ document.iform.idletimeout.disabled = 1;
+ document.iform.timeout.disabled = 1;
+ document.iform.radiusip.disabled = 1;
+ document.iform.radiusport.disabled = 1;
+ document.iform.radiuskey.disabled = 1;
+ document.iform.radacct_enable.disabled = 1;
+ document.iform.logoutwin_enable.disabled = 1;
+ document.iform.htmlfile.disabled = 1;
+ document.iform.errfile.disabled = 1;
+ }
+ if (enable_change && document.iform.radacct_enable.checked) {
+ document.iform.logoutwin_enable.checked = 1;
+ }
+}
+//-->
+</script>
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Services: Captive portal</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">Captive portal</li>
+ <li class="tabinact"><a href="services_captiveportal_mac.php">Pass-through MAC</a></li>
+ <li class="tabinact"><a href="services_captiveportal_ip.php">Allowed IP addresses</a></li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vtable"> </td>
+ <td width="78%" class="vtable">
+ <input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
+ <strong>Enable captive portal </strong></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+ <select name="cinterface" class="formfld" id="cinterface">
+ <?php $interfaces = array('lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ if (isset($config['interfaces']['opt' . $i]['enable']))
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['cinterface']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br>
+ <span class="vexpl">Choose which interface to run the captive portal on.</span></td>
+ </tr>
+ <tr>
+ <td valign="top" class="vncell">Idle timeout</td>
+ <td class="vtable">
+ <input name="idletimeout" type="text" class="formfld" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
+minutes<br>
+Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Hard timeout</td>
+ <td width="78%" class="vtable">
+ <input name="timeout" type="text" class="formfld" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
+ minutes<br>
+ Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Logout popup window</td>
+ <td width="78%" class="vtable">
+ <input name="logoutwin_enable" type="checkbox" class="formfld" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
+ <br>
+ If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs. When RADIUS accounting is enabled, this option is implied.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">RADIUS server</td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td>IP address:</td>
+ <td><input name="radiusip" type="text" class="formfld" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"></td>
+ </tr><tr>
+ <td>Port:</td>
+ <td><input name="radiusport" type="text" class="formfld" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"></td>
+ </tr><tr>
+ <td>Shared secret: </td>
+ <td><input name="radiuskey" type="text" class="formfld" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"> </td>
+ </tr><tr>
+ <td>RADIUS accounting: </td>
+ <td><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" <?php if($pconfig['radacct_enable']) echo "checked"; ?> onClick="radacct_change()"></td>
+ </tr></table>
+ <br>
+ Enter the IP address and port of the RADIUS server which users of the captive portal have to authenticate against. Leave blank to disable RADIUS authentication. Leave port number blank to use the default port (1812). Leave the RADIUS shared secret blank to not use a RADIUS shared secret. RADIUS accounting packets will also be sent to port 1813 of the RADIUS server if RADIUS accounting is enabled.
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Portal page contents</td>
+ <td width="78%" class="vtable">
+ <input type="file" name="htmlfile" class="formfld" id="htmlfile"><br>
+ <?php if ($config['captiveportal']['page']['htmltext']): ?>
+ <a href="?act=viewhtml" target="_blank">View current page</a>
+ <br>
+ <br>
+ <?php endif; ?>
+ Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to the page itself)
+with a submit button (name="accept"). Include the "auth_user" and "auth_pass" input elements if RADIUS authentication is enabled. If RADIUS is enabled and no "auth_user" is present, authentication will always fail. If RADIUS is not enabled, you can omit both these input elements.
+Example code for the button:<br>
+ <br><tt><form method="post" action=""><br>
+ <input name="accept" type="submit" value="Continue"><br>
+ <input name="auth_user" type="text"><br>
+ <input name="auth_pass" type="password"><br>
+ </form></tt> </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Authentication<br>
+ error page<br>
+ contents</td>
+ <td class="vtable">
+ <input name="errfile" type="file" class="formfld" id="errfile"><br>
+ <?php if ($config['captiveportal']['page']['errtext']): ?>
+ <a href="?act=viewerrhtml" target="_blank">View current page</a>
+ <br>
+ <br>
+ <?php endif; ?>
+The contents of the HTML file that you upload here are displayed when a RADIUS authentication error occurs.</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)">
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span>Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work. </span></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<script language="JavaScript">
+<!--
+enable_change(false);
+//-->
+</script>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ services_captiveportal_ip.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['captiveportal']['allowedip']))
+ $config['captiveportal']['allowedip'] = array();
+
+allowedips_sort();
+$a_allowedips = &$config['captiveportal']['allowedip'] ;
+
+if ($_POST) {
+
+ $pconfig = $_POST;
+
+ if ($_POST['apply']) {
+ $retval = 0;
+ if (!file_exists($d_sysrebootreqd_path)) {
+ $retval = captiveportal_allowedip_configure();
+ }
+ $savemsg = get_std_save_message($retval);
+ if ($retval == 0) {
+ if (file_exists($d_allowedipsdirty_path)) {
+ config_lock();
+ unlink($d_allowedipsdirty_path);
+ config_unlock();
+ }
+ }
+ }
+}
+
+if ($_GET['act'] == "del") {
+ if ($a_allowedips[$_GET['id']]) {
+ unset($a_allowedips[$_GET['id']]);
+ write_config();
+ touch($d_allowedipsdirty_path);
+ header("Location: services_captiveportal_ip.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Services: Captive portal: Allowed IP addresses</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Services: Captive portal: Allowed IP addresses</p>
+<form action="services_captiveportal_ip.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_allowedipsdirty_path)): ?><p>
+<?php print_info_box_np("The captive portal IP address configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
+<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
+<?php endif; ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="services_captiveportal.php">Captive portal</a></li>
+ <li class="tabinact"><a href="services_captiveportal_mac.php">Pass-through MAC</a></li>
+ <li class="tabact">Allowed IP addresses</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="30%" class="listhdrr">IP address</td>
+ <td width="60%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_allowedips as $ip): ?>
+ <tr>
+ <td class="listlr">
+ <?php if($ip['dir'] == "to")
+ echo "any <img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\">";
+ ?>
+ <?=strtolower($ip['ip']);?>
+ <?php if($ip['dir'] == "from")
+ echo "<img src=\"in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> any";
+ ?>
+ </td>
+ <td class="listbg">
+ <?=htmlspecialchars($ip['descr']);?>
+ </td>
+ <td valign="middle" nowrap class="list"> <a href="services_captiveportal_ip_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
+ <a href="services_captiveportal_ip.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this address?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="2"> </td>
+ <td class="list"> <a href="services_captiveportal_ip_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list"><p class="vexpl"><span class="red"><strong>
+ Note:<br>
+ </strong></span>
+ Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying <em>from</em> addresses, it may be used to always allow pass-through access from a client behind the captive portal.</p>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td><span class="vexpl">any <img src="in.gif" width="11" height="11" align="absmiddle"> x.x.x.x </span></td>
+ <td><span class="vexpl">All connections <strong>to</strong> the IP address are allowed</span></td>
+ </tr>
+ <tr>
+ <td colspan="5" height="4"></td>
+ </tr>
+ <tr>
+ <td>x.x.x.x <span class="vexpl"><img src="in.gif" width="11" height="11" align="absmiddle"></span> any </td>
+ <td><span class="vexpl">All connections <strong>from</strong> the IP address are allowed </span></td>
+ </tr>
+ </table></td>
+ <td class="list"> </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ services_captiveportal_ip_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['captiveportal']['allowedip']))
+ $config['captiveportal']['allowedip'] = array();
+
+allowedips_sort();
+$a_allowedips = &$config['captiveportal']['allowedip'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($id) && $a_allowedips[$id]) {
+ $pconfig['ip'] = $a_allowedips[$id]['ip'];
+ $pconfig['descr'] = $a_allowedips[$id]['descr'];
+ $pconfig['dir'] = $a_allowedips[$id]['dir'];
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "ip dir");
+ $reqdfieldsn = explode(",", "Allowed IP address,Direction");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) {
+ $input_errors[] = "A valid IP address must be specified. [".$_POST['ip']."]";
+ }
+
+ foreach ($a_allowedips as $ipent) {
+ if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent))
+ continue;
+
+ if (($ipent['dir'] == $_POST['dir']) && ($ipent['ip'] == $_POST['ip'])){
+ $input_errors[] = "[" . $_POST['ip'] . "] already allowed." ;
+ break ;
+ }
+ }
+
+ if (!$input_errors) {
+ $ip = array();
+ $ip['ip'] = $_POST['ip'];
+ $ip['descr'] = $_POST['descr'];
+ $ip['dir'] = $_POST['dir'];
+
+ if (isset($id) && $a_allowedips[$id])
+ $a_allowedips[$id] = $ip;
+ else
+ $a_allowedips[] = $ip;
+
+ write_config();
+
+ touch($d_allowedipsdirty_path) ;
+
+ header("Location: services_captiveportal_ip.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Services: Captive portal: Edit allowed IP address</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Services: Captive portal: Edit allowed IP address</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+ <form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Direction</td>
+ <td width="78%" class="vtable">
+ <select name="dir" class="formfld">
+ <?php
+ $dirs = explode(" ", "From To") ;
+ foreach ($dirs as $dir): ?>
+ <option value="<?=strtolower($dir);?>" <?php if (strtolower($dir) == strtolower($pconfig['dir'])) echo "selected";?> >
+ <?=htmlspecialchars($dir);?>
+ </option>
+ <?php endforeach; ?>
+ </select>
+ <br>
+ <span class="vexpl">Use <em>From</em> to always allow an IP address through the captive portal (without authentication).
+ Use <em>To</em> to allow access from all clients (even non-authenticated ones) behind the portal to this IP address.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">IP address</td>
+ <td width="78%" class="vtable">
+ <input name="ip" type="text" class="formfld" id="ip" size="17" value="<?=htmlspecialchars($pconfig['ip']);?>">
+ <br>
+ <span class="vexpl">IP address</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br> <span class="vexpl">You may enter a description here
+ for your reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_allowedips[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ services_captiveportal_mac.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['captiveportal']['passthrumac']))
+ $config['captiveportal']['passthrumac'] = array();
+
+passthrumacs_sort();
+$a_passthrumacs = &$config['captiveportal']['passthrumac'] ;
+
+if ($_POST) {
+
+ $pconfig = $_POST;
+
+ if ($_POST['apply']) {
+ $retval = 0;
+ if (!file_exists($d_sysrebootreqd_path)) {
+ $retval = captiveportal_passthrumac_configure();
+ }
+ $savemsg = get_std_save_message($retval);
+ if ($retval == 0) {
+ if (file_exists($d_passthrumacsdirty_path)) {
+ config_lock();
+ unlink($d_passthrumacsdirty_path);
+ config_unlock();
+ }
+ }
+ }
+}
+
+if ($_GET['act'] == "del") {
+ if ($a_passthrumacs[$_GET['id']]) {
+ unset($a_passthrumacs[$_GET['id']]);
+ write_config();
+ touch($d_passthrumacsdirty_path);
+ header("Location: services_captiveportal_mac.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Services: Captive portal: Pass-through MAC addresses</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Services: Captive portal: Pass-through MAC addresses</p>
+<form action="services_captiveportal_mac.php" method="post">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<?php if (file_exists($d_passthrumacsdirty_path)): ?><p>
+<?php print_info_box_np("The captive portal MAC address configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
+<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
+<?php endif; ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="services_captiveportal.php">Captive portal</a></li>
+ <li class="tabact">Pass-through MAC</li>
+ <li class="tabinact"><a href="services_captiveportal_ip.php">Allowed IP addresses</a></li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="30%" class="listhdrr">MAC address</td>
+ <td width="60%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_passthrumacs as $mac): ?>
+ <tr>
+ <td class="listlr">
+ <?=strtolower($mac['mac']);?>
+ </td>
+ <td class="listbg">
+ <?=htmlspecialchars($mac['descr']);?>
+ </td>
+ <td valign="middle" nowrap class="list"> <a href="services_captiveportal_mac_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
+ <a href="services_captiveportal_mac.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this host?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="2"> </td>
+ <td class="list"> <a href="services_captiveportal_mac_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <tr>
+ <td colspan="2" class="list"><span class="vexpl"><span class="red"><strong>
+ Note:<br>
+ </strong></span>
+ Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.</span></td>
+ <td class="list"> </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ services_captiveportal_mac_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2004 Dinesh Nair <dinesh@alphaque.com>
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['captiveportal']['passthrumac']))
+ $config['captiveportal']['passthrumac'] = array();
+
+passthrumacs_sort();
+$a_passthrumacs = &$config['captiveportal']['passthrumac'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($id) && $a_passthrumacs[$id]) {
+ $pconfig['mac'] = $a_passthrumacs[$id]['mac'];
+ $pconfig['descr'] = $a_passthrumacs[$id]['descr'];
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "mac");
+ $reqdfieldsn = explode(",", "MAC address");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (($_POST['mac'] && !is_macaddr($_POST['mac']))) {
+ $input_errors[] = "A valid MAC address must be specified. [".$_POST['mac']."]";
+ }
+
+ foreach ($a_passthrumacs as $macent) {
+ if (isset($id) && ($a_passthrumacs[$id]) && ($a_passthrumacs[$id] === $macent))
+ continue;
+
+ if ($macent['mac'] == $_POST['mac']){
+ $input_errors[] = "[" . $_POST['mac'] . "] already allowed." ;
+ break;
+ }
+ }
+
+ if (!$input_errors) {
+ $mac = array();
+ $mac['mac'] = $_POST['mac'];
+ $mac['descr'] = $_POST['descr'];
+
+ if (isset($id) && $a_passthrumacs[$id])
+ $a_passthrumacs[$id] = $mac;
+ else
+ $a_passthrumacs[] = $mac;
+
+ write_config();
+
+ touch($d_passthrumacsdirty_path) ;
+
+ header("Location: services_captiveportal_mac.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Services: Captive portal: Edit pass-through MAC address</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Services: Captive portal: Edit pass-through MAC address</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+ <form action="services_captiveportal_mac_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">MAC address</td>
+ <td width="78%" class="vtable">
+ <input name="mac" type="text" class="formfld" id="mac" size="17" value="<?=htmlspecialchars($pconfig['mac']);?>">
+ <br>
+ <span class="vexpl">MAC address (6 hex octets separated by colons)</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br> <span class="vexpl">You may enter a description here
+ for your reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_passthrumacs[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
$pconfig['maxtime'] = $config['dhcpd'][$if]['maxleasetime'];
list($pconfig['wins1'],$pconfig['wins2']) = $config['dhcpd'][$if]['winsserver'];
$pconfig['enable'] = isset($config['dhcpd'][$if]['enable']);
+$pconfig['denyunknown'] = isset($config['dhcpd'][$if]['denyunknown']);
$ifcfg = $config['interfaces'][$if];
$config['dhcpd'][$if]['defaultleasetime'] = $_POST['deftime'];
$config['dhcpd'][$if]['maxleasetime'] = $_POST['maxtime'];
$config['dhcpd'][$if]['enable'] = $_POST['enable'] ? true : false;
+ $config['dhcpd'][$if]['denyunknown'] = $_POST['denyunknown'] ? true : false;
unset($config['dhcpd'][$if]['winsserver']);
if ($_POST['wins1'])
<p class="pgtitle">Services: DHCP</p>
<form action="services_dhcp.php" method="post" name="iform" id="iform">
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_staticmapsdirty_path)): ?><p>
<?php print_info_box_np("The static mapping configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
-<?php $i = 1; foreach ($iflist as $ifent => $ifname):
+ <tr><td>
+ <ul id="tabnav">
+<?php foreach ($iflist as $ifent => $ifname):
if ($ifent == $if): ?>
- <td nowrap class="tabact"><?=htmlspecialchars($ifname);?></td>
+ <li class="tabact"><?=htmlspecialchars($ifname);?></li>
<?php else: ?>
- <td nowrap class="tabinact"><a href="services_dhcp.php?if=<?=$ifent;?>" class="tblnk"><?=htmlspecialchars($ifname);?></a></td>
+ <li class="tabinact"><a href="services_dhcp.php?if=<?=$ifent;?>"><?=htmlspecialchars($ifname);?></a></li>
<?php endif; ?>
-<?php $i++; endforeach; ?>
- <td width="100%"> </td>
- </tr>
+<?php endforeach; ?>
+ </ul>
+ </td></tr>
<tr>
- <td colspan="<?=$i;?>" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vtable"> </td>
<?=htmlspecialchars($iflist[$if]);?>
interface</strong></td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vtable"> </td>
+ <td width="78%" class="vtable">
+<input name="denyunknown" type="checkbox" value="yes" <?php if ($pconfig['denyunknown']) echo "checked"; ?>>
+ <strong>Deny unknown clients</strong><br>
+ If this is checked, only the clients defined below will get DHCP leases from this server. </td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">Subnet</td>
<td width="78%" class="vtable">
<br>
The DHCP lease table can be viewed on the <a href="diag_dhcp_leases.php">Diagnostics:
DHCP leases</a> page.<br>
- <br>
- You may enter static mappings between IP and MAC addresses
- below. </span></p></td>
+ </span></p></td>
</tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
- <td width="20%" class="listhdrr">IP address</td>
<td width="35%" class="listhdrr">MAC address </td>
- <td width="35%" class="listhdrr">Description</td>
+ <td width="20%" class="listhdrr">IP address</td>
+ <td width="35%" class="listhdr">Description</td>
<td width="10%" class="list"></td>
</tr>
<?php $i = 0; foreach ($a_maps as $mapent): ?>
<tr>
<td class="listlr">
- <?=htmlspecialchars($mapent['ipaddr']);?>
+ <?=htmlspecialchars($mapent['mac']);?>
</td>
<td class="listr">
- <?=htmlspecialchars($mapent['mac']);?>
+ <?=htmlspecialchars($mapent['ipaddr']);?>
</td>
<td class="listbg">
<?=htmlspecialchars($mapent['descr']);?>
$pconfig = $_POST;
/* input validation */
- $reqdfields = explode(" ", "mac ipaddr");
- $reqdfieldsn = explode(",", "MAC address,IP address");
+ $reqdfields = explode(" ", "mac");
+ $reqdfieldsn = explode(",", "MAC address");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if (isset($id) && ($a_maps[$id]) && ($a_maps[$id] === $mapent))
continue;
- if (($mapent['mac'] == $_POST['mac']) || (ip2long($mapent['ipaddr']) == ip2long($_POST['ipaddr']))) {
+ if (($mapent['mac'] == $_POST['mac']) || ($_POST['ipaddr'] && (ip2long($mapent['ipaddr']) == ip2long($_POST['ipaddr'])))) {
$input_errors[] = "This IP or MAC address already exists.";
break;
}
}
/* make sure it's not within the dynamic subnet */
- $dynsubnet_start = ip2long($config['dhcpd'][$if]['range']['from']);
- $dynsubnet_end = ip2long($config['dhcpd'][$if]['range']['to']);
- $lansubnet_start = (ip2long($ifcfg['ipaddr']) & gen_subnet_mask_long($ifcfg['subnet']));
- $lansubnet_end = (ip2long($ifcfg['ipaddr']) | (~gen_subnet_mask_long($ifcfg['subnet'])));
-
- if ((ip2long($_POST['ipaddr']) >= $dynsubnet_start) &&
- (ip2long($_POST['ipaddr']) <= $dynsubnet_end)) {
- $input_errors[] = "Static IP addresses may not lie within the dynamic client range.";
- }
- if ((ip2long($_POST['ipaddr']) < $lansubnet_start) ||
- (ip2long($_POST['ipaddr']) > $lansubnet_end)) {
- $input_errors[] = "The IP address must lie in the {$ifcfg['descr']} subnet.";
+ if ($_POST['ipaddr']) {
+ $dynsubnet_start = ip2long($config['dhcpd'][$if]['range']['from']);
+ $dynsubnet_end = ip2long($config['dhcpd'][$if]['range']['to']);
+ $lansubnet_start = (ip2long($ifcfg['ipaddr']) & gen_subnet_mask_long($ifcfg['subnet']));
+ $lansubnet_end = (ip2long($ifcfg['ipaddr']) | (~gen_subnet_mask_long($ifcfg['subnet'])));
+
+ if ((ip2long($_POST['ipaddr']) >= $dynsubnet_start) &&
+ (ip2long($_POST['ipaddr']) <= $dynsubnet_end)) {
+ $input_errors[] = "Static IP addresses may not lie within the dynamic client range.";
+ }
+ if ((ip2long($_POST['ipaddr']) < $lansubnet_start) ||
+ (ip2long($_POST['ipaddr']) > $lansubnet_end)) {
+ $input_errors[] = "The IP address must lie in the {$ifcfg['descr']} subnet.";
+ }
}
if (!$input_errors) {
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Services: DHCP: Edit static mapping</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="services_dhcp_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
- <tr>
- <td width="22%" valign="top" class="vncellreq">IP address</td>
- <td width="78%" class="vtable">
- <input name="ipaddr" type="text" class="formfld" id="ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipaddr']);?>">
- </td>
- </tr>
<tr>
<td width="22%" valign="top" class="vncellreq">MAC address</td>
<td width="78%" class="vtable">
<span class="vexpl">Enter a MAC address in the following format:
xx:xx:xx:xx:xx:xx</span></td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">IP address</td>
+ <td width="78%" class="vtable">
+ <input name="ipaddr" type="text" class="formfld" id="ipaddr" size="20" value="<?=htmlspecialchars($pconfig['ipaddr']);?>">
+ <br>
+ If no IP address is given, one will be dynamically allocated from the pool.</td>
+ </tr>
<tr>
<td width="22%" valign="top" class="vncell">Description</td>
<td width="78%" class="vtable">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Services: DNS forwarder</p>
<form action="services_dnsmasq.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_hostsdirty_path)): ?><p>
<?php print_info_box_np("The DNS forwarder configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<td width="20%" class="listhdrr">Host</td>
<td width="25%" class="listhdrr">Domain</td>
<td width="20%" class="listhdrr">IP</td>
- <td width="25%" class="listhdrr">Description</td>
+ <td width="25%" class="listhdr">Description</td>
<td width="10%" class="list"></td>
</tr>
<?php $i = 0; foreach ($a_hosts as $hostent): ?>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Services: DNS forwarder: Edit host</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="services_dnsmasq_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Services: Dynamic DNS client</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="services_dyndns.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Services: Proxy ARP</p>
<form action="services_proxyarp.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_proxyarpdirty_path)): ?><p>
<?php print_info_box_np("The proxy ARP configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="40%" class="listhdrr">Network</td>
- <td width="50%" class="listhdrr">Description</td>
+ <td width="50%" class="listhdr">Description</td>
<td width="10%" class="list"></td>
</tr>
<?php $i = 0; foreach ($a_proxyarp as $arpent): ?>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Services: Proxy ARP: Edit</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="services_proxyarp_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">Services: SNMP</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="services_snmp.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ services_wol.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['wol']['wolentry'])) {
+ $config['wol']['wolentry'] = array();
+}
+wol_sort();
+$a_wol = &$config['wol']['wolentry'];
+
+if ($_POST || $_GET['mac']) {
+ unset($input_errors);
+
+ if ($_GET['mac']) {
+ $mac = $_GET['mac'];
+ $if = $_GET['if'];
+ } else {
+ $mac = $_POST['mac_input'];
+ $if = $_POST['interface'];
+ }
+
+ /* input validation */
+ if (!$mac || !is_macaddr($mac))
+ $input_errors[] = "A valid MAC address must be specified.";
+ if (!$if)
+ $input_errors[] = "A valid interface must be specified.";
+
+ if (!$input_errors) {
+ /* determine broadcast address */
+ $bcip = gen_subnet_max($config['interfaces'][$if]['ipaddr'],
+ $config['interfaces'][$if]['subnet']);
+
+ mwexec("/usr/local/bin/wol -i {$bcip} {$mac}");
+ $savemsg = "Sent magic packet to {$mac}.";
+ }
+}
+
+if ($_GET['act'] == "del") {
+ if ($a_wol[$_GET['id']]) {
+ unset($a_wol[$_GET['id']]);
+ write_config();
+ header("Location: services_wol.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Services: Wake on LAN</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Services: Wake on LAN</font></p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+ <form action="services_wol.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+<select name="interface" class="formfld">
+ <?php $interfaces = array('lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ if (isset($config['interfaces']['opt' . $i]['enable']) &&
+ !$config['interfaces']['opt' . $i]['bridge'])
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $if) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br>
+ <span class="vexpl">Choose which interface the host to be woken up is connected to.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">MAC address</td>
+ <td width="78%" class="vtable">
+ <input name="mac_input" type="text" class="formfld" id="mac_input" size="20" value="<?=htmlspecialchars($mac);?>">
+ <br>
+ Enter a MAC address <span class="vexpl"> in the following format: xx:xx:xx:xx:xx:xx</span></td></tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Send">
+ </td>
+ </tr>
+ </table>
+ <span class="vexpl"><span class="red"><strong>Note:<br>
+ </strong></span>This service can be used to wake up (power on) computers by sending special "Magic Packets". The NIC in the computer that is to be woken up must support Wake on LAN and has to be configured properly (WOL cable, BIOS settings). </span><br>
+ <br>
+ You may store MAC addresses below for your convenience.
+Click the MAC address to wake up a computer. <br>
+
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="15%" class="listhdrr">Interface</td>
+ <td width="25%" class="listhdrr">MAC address</td>
+ <td width="50%" class="listhdr">Description</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php $i = 0; foreach ($a_wol as $wolent): ?>
+ <tr>
+ <td class="listlr">
+ <?php if ($wolent['interface'] == "lan")
+ echo "LAN";
+ else
+ echo $config['interfaces'][$wolent['interface']]['descr'];
+ ?>
+ </td>
+ <td class="listr">
+ <a href="?mac=<?=$wolent['mac'];?>&if=<?=$wolent['interface'];?>"><?=strtolower($wolent['mac']);?></a>
+ </td>
+ <td class="listbg">
+ <?=htmlspecialchars($wolent['descr']);?>
+ </td>
+ <td valign="middle" nowrap class="list"> <a href="services_wol_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
+ <a href="services_wol.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this entry?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ <?php $i++; endforeach; ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list"> <a href="services_wol_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ services_wol_edit.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if (!is_array($config['wol']['wolentry'])) {
+ $config['wol']['wolentry'] = array();
+}
+wol_sort();
+$a_wol = &$config['wol']['wolentry'];
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (isset($id) && $a_wol[$id]) {
+ $pconfig['interface'] = $a_wol[$id]['interface'];
+ $pconfig['mac'] = $a_wol[$id]['mac'];
+ $pconfig['descr'] = $a_wol[$id]['descr'];
+}
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ $reqdfields = explode(" ", "interface mac");
+ $reqdfieldsn = explode(",", "Interface,MAC address");
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (($_POST['mac'] && !is_macaddr($_POST['mac']))) {
+ $input_errors[] = "A valid MAC address must be specified.";
+ }
+
+ if (!$input_errors) {
+ $wolent = array();
+ $wolent['interface'] = $_POST['interface'];
+ $wolent['mac'] = $_POST['mac'];
+ $wolent['descr'] = $_POST['descr'];
+
+ if (isset($id) && $a_wol[$id])
+ $a_wol[$id] = $wolent;
+ else
+ $a_wol[] = $wolent;
+
+ write_config();
+
+ header("Location: services_wol.php");
+ exit;
+ }
+}
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Services: Wake on LAN: Edit entry</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Services: Wake on LAN: Edit entry</p>
+<?php if ($input_errors) print_input_errors($input_errors); ?>
+ <form action="services_wol_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">Interface</td>
+ <td width="78%" class="vtable">
+<select name="interface" class="formfld">
+ <?php $interfaces = array('lan' => 'LAN');
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
+ if (isset($config['interfaces']['opt' . $i]['enable']) &&
+ !$config['interfaces']['opt' . $i]['bridge'])
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+ }
+ foreach ($interfaces as $iface => $ifacename): ?>
+ <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
+ <?=htmlspecialchars($ifacename);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <br>
+ <span class="vexpl">Choose which interface this host is connected to.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq">MAC address</td>
+ <td width="78%" class="vtable">
+ <input name="mac" type="text" class="formfld" id="mac" size="20" value="<?=htmlspecialchars($pconfig['mac']);?>">
+ <br>
+ <span class="vexpl">Enter a MAC address in the following format:
+ xx:xx:xx:xx:xx:xx<em></em></span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Description</td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
+ <br> <span class="vexpl">You may enter a description here
+ for your reference (not parsed).</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top"> </td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="Save">
+ <?php if (isset($id) && $a_wol[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>">
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+</form>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ status_captiveportal.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Status: Captive portal</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Status: Captive portal</p>
+<?php
+
+if ($_GET['act'] == "del") {
+ captiveportal_disconnect_client($_GET['id']);
+}
+
+flush();
+
+function clientcmp($a, $b) {
+ global $order;
+ return strcmp($a[$order], $b[$order]);
+}
+
+$cpdb = array();
+captiveportal_lock();
+$fp = @fopen("{$g['vardb_path']}/captiveportal.db","r");
+
+if ($fp) {
+ while (!feof($fp)) {
+ $line = trim(fgets($fp));
+ if ($line) {
+ $cpent = explode(",", $line);
+ if ($_GET['showact'])
+ $cpent[4] = captiveportal_get_last_activity($cpent[1]);
+ $cpdb[] = $cpent;
+ }
+ }
+
+ fclose($fp);
+
+ if ($_GET['order']) {
+ if ($_GET['order'] == "ip")
+ $order = 2;
+ else if ($_GET['order'] == "mac")
+ $order = 3;
+ else if ($_GET['order'] == "lastact")
+ $order = 4;
+ else
+ $order = 0;
+ usort($cpdb, "clientcmp");
+ }
+}
+captiveportal_unlock();
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="listhdrr"><a href="?order=ip&showact=<?=$_GET['showact'];?>">IP address</a></td>
+ <td class="listhdrr"><a href="?order=mac&showact=<?=$_GET['showact'];?>">MAC address</a></td>
+ <?php if ($_GET['showact']): ?>
+ <td class="listhdrr"><a href="?order=start&showact=<?=$_GET['showact'];?>">Session start</a></td>
+ <td class="listhdr"><a href="?order=lastact&showact=<?=$_GET['showact'];?>">Last activity</a></td>
+ <?php else: ?>
+ <td class="listhdr"><a href="?order=start&showact=<?=$_GET['showact'];?>">Session start</a></td>
+ <?php endif; ?>
+ <td class="list"></td>
+ </tr>
+<?php foreach ($cpdb as $cpent): ?>
+ <tr>
+ <td class="listlr"><?=$cpent[2];?></td>
+ <td class="listr"><?=$cpent[3];?></td>
+ <td class="listr"><?=htmlspecialchars(date("m/d/Y H:i:s", $cpent[0]));?></td>
+ <?php if ($_GET['showact']): ?>
+ <td class="listr"><?php if ($cpent[4]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[4]));?></td>
+ <?php endif; ?>
+ <td valign="middle" class="list" nowrap>
+ <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('Do you really want to disconnect this client?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
+ </tr>
+<?php endforeach; ?>
+</table>
+<p>
+<form action="status_captiveportal.php" method="GET">
+<input type="hidden" name="order" value="<?=$_GET['order'];?>">
+<?php if ($_GET['showact']): ?>
+<input type="hidden" name="showact" value="0">
+<input type="submit" class="formbtn" value="Don't show last activity">
+<?php else: ?>
+<input type="hidden" name="showact" value="1">
+<input type="submit" class="formbtn" value="Show last activity">
+<?php endif; ?>
+</form>
+</p>
+<?php include("fend.inc"); ?>
+</body>
+</html>
--- /dev/null
+#!/usr/local/bin/php
+<?php
+/*
+ status_graph.php
+ part of m0n0wall (http://m0n0.ch/wall)
+
+ Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$curif = "wan";
+if ($_GET['if'])
+ $curif = $_GET['if'];
+
+if ($curif == "wan")
+ $ifnum = get_real_wan_interface();
+else
+ $ifnum = $config['interfaces'][$curif]['if'];
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>m0n0wall webGUI - Status: Traffic graph</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link href="gui.css" rel="stylesheet" type="text/css">
+</head>
+
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+<?php include("fbegin.inc"); ?>
+<p class="pgtitle">Status: Traffic graph</p>
+<?php
+$ifdescrs = array('wan' => 'WAN', 'lan' => 'LAN');
+
+for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr'];
+}
+?>
+<form name="form1" action="" method="get" style="padding-bottom: 10px; margin-bottom: 14px; border-bottom: 1px solid #999999">
+Interface:
+<select name="if" class="formfld" onchange="document.form1.submit()">
+<?php
+foreach ($ifdescrs as $ifn => $ifd) {
+ echo "<option value=\"$ifn\"";
+ if ($ifn == $curif) echo " selected";
+ echo ">" . htmlspecialchars($ifd) . "</option>\n";
+}
+?>
+</select>
+</form>
+<div align="center">
+<embed src="graph.php?ifnum=<?=$ifnum;?>&ifname=<?=rawurlencode($ifdescrs[$curif]);?>" type="image/svg+xml"
+ width="550" height="275" pluginspage="http://www.adobe.com/svg/viewer/install/auto" />
+</div>
+<p><span class="red"><strong>Note:</strong></span> the <a href="http://www.adobe.com/svg/viewer/install/" target="_blank">Adobe SVG viewer</a> is required to view the graph.
+<?php include("fend.inc"); ?>
+</body>
+</html>
if ($ifinfo['if'] != $g['pppoe_interface']) {
$ifinfo['macaddr'] = $linkinfo[3];
$ifinfo['inpkts'] = $linkinfo[4];
+ $ifinfo['inerrs'] = $linkinfo[5];
$ifinfo['inbytes'] = $linkinfo[6];
$ifinfo['outpkts'] = $linkinfo[7];
+ $ifinfo['outerrs'] = $linkinfo[8];
$ifinfo['outbytes'] = $linkinfo[9];
+ $ifinfo['collisions'] = $linkinfo[10];
} else {
$ifinfo['inpkts'] = $linkinfo[3];
$ifinfo['inbytes'] = $linkinfo[5];
displays 2 Mbps even though clients can connect at 11 Mbps */
if (preg_match("/media: .*? \((.*?)\)/", $ici, $matches)) {
$ifinfo['media'] = $matches[1];
+ } else if (preg_match("/media: Ethernet (.*)/", $ici, $matches)) {
+ $ifinfo['media'] = $matches[1];
}
}
if (preg_match("/status: (.*)$/", $ici, $matches)) {
<?=htmlspecialchars($ifinfo['inpkts'] . "/" . $ifinfo['outpkts'] . " (" .
format_bytes($ifinfo['inbytes']) . "/" . format_bytes($ifinfo['outbytes']) . ")");?>
</td>
+ </tr><?php if (isset($ifinfo['inerrs'])): ?>
+ <tr>
+ <td width="22%" class="listhdrr">In/out errors</td>
+ <td width="78%" class="listr">
+ <?=htmlspecialchars($ifinfo['inerrs'] . "/" . $ifinfo['outerrs']);?>
+ </td>
+ </tr><?php endif; ?><?php if (isset($ifinfo['collisions'])): ?>
+ <tr>
+ <td width="22%" class="listhdrr">Collisions</td>
+ <td width="78%" class="listr">
+ <?=htmlspecialchars($ifinfo['collisions']);?>
+ </td>
</tr><?php endif; ?>
+ <?php endif; ?>
<?php $i++; endforeach; ?>
</table>
<?php include("fend.inc"); ?>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">System: General setup</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<form action="system.php" method="post">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
the DHCP service, DNS forwarder and for PPTP VPN clients<br>
<br>
<input name="dnsallowoverride" type="checkbox" id="dnsallowoverride" value="yes" <?php if ($pconfig['dnsallowoverride'] == "yes") echo "checked"; ?>>
- <strong>Allow DNS server list to be overridden by DHCP
+ <strong>Allow DNS server list to be overridden by DHCP/PPP
on WAN</strong><br>
If this option is set, m0n0wall will use DNS servers assigned
- by a DHCP server on WAN for its own purposes (including
+ by a DHCP/PPP server on WAN for its own purposes (including
the DNS forwarder). They will not be assigned to DHCP and
PPTP VPN clients, though.</span></p></td>
</tr>
$pconfig['cert'] = base64_decode($config['system']['webgui']['certificate']);
$pconfig['key'] = base64_decode($config['system']['webgui']['private-key']);
$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
+$pconfig['disablefirmwarecheck'] = isset($config['system']['disablefirmwarecheck']);
if ($_POST) {
$config['system']['webgui']['certificate'] = base64_encode($_POST['cert']);
$config['system']['webgui']['private-key'] = base64_encode($_POST['key']);
$config['system']['disableconsolemenu'] = $_POST['disableconsolemenu'] ? true : false;
+ $config['system']['disablefirmwarecheck'] = $_POST['disablefirmwarecheck'] ? true : false;
write_config();
<?php include("fbegin.inc"); ?>
<p class="pgtitle">System: Advanced functions</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
- <?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+ <?php if ($savemsg) print_info_box($savemsg); ?>
<p><span class="vexpl"><span class="red"><strong>Note: </strong></span>the
options on this page are intended for use by advanced users only,
and there's <strong>NO</strong> support for them.</span></p>
<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked"; ?>>
<strong>Disable console menu</strong><span class="vexpl"><br>
Changes to this option will take effect after a reboot.</span></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vtable"> </td>
+ <td width="78%" class="vtable">
+ <input name="disablefirmwarecheck" type="checkbox" id="disablefirmwarecheck" value="yes" <?php if ($pconfig['disablefirmwarecheck']) echo "checked"; ?>>
+ <strong>Disable firmware version check</strong><span class="vexpl"><br>
+ This will cause m0n0wall not to check for newer firmware versions when the <a href="system_firmware.php">System: Firmware</a> page is viewed.</span></td>
</tr>
<tr>
<td width="22%" valign="top"> </td>
/* verify firmware image(s) */
if (!stristr($_FILES['ulfile']['name'], $g['platform']) && !$_POST['sig_override'])
$input_errors[] = "The uploaded image file is not for this platfom ({$g['platform']}).";
- else {
+ else if (!file_exists($_FILES['ulfile']['tmp_name'])) {
+ /* probably out of memory for the MFS */
+ $input_errors[] = "Image upload failed (out of memory?)";
+ exec_rc_script("/etc/rc.firmware disable");
+ if (file_exists($d_fwupenabled_path))
+ unlink($d_fwupenabled_path);
+ } else {
/* move the image so PHP won't delete it */
rename($_FILES['ulfile']['tmp_name'], "{$g['ftmp_path']}/firmware.img");
}
}
} else {
- $fwinfo = check_firmware_version();
+ if (!isset($config['system']['disablefirmwarecheck']))
+ $fwinfo = check_firmware_version();
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">System: Firmware</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if ($fwinfo) echo $fwinfo; ?>
<?php if (!in_array($g['platform'], $fwupplatforms)): ?>
<p><strong>Firmware uploading is not supported on this platform.</strong></p>
<form action="system_firmware.php" method="post">
<?php
$sig_warning = "<strong>" . $sig_warning . "</strong><br>This means that the image you uploaded " .
- "is not an official supported image and may lead to unexpected behavior or security " .
+ "is not an official/supported image and may lead to unexpected behavior or security " .
"compromises. Only install images that come from sources that you trust, and make sure ".
"that the image has not been tampered with.<br><br>".
"Do you want to install this image anyway (on your own risk)?";
<?php include("fbegin.inc"); ?>
<p class="pgtitle">System: Static routes</p>
<form action="system_routes.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_staticroutesdirty_path)): ?><p>
<?php print_info_box_np("The static route configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">System: Static routes: Edit route</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="system_routes_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">VPN: IPsec</p>
<form action="vpn_ipsec.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
<?php print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">Tunnels</li>
+ <li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabact">Tunnels</td>
- <td nowrap class="tabinact"><a href="vpn_ipsec_mobile.php" class="tblnk">Mobile clients</a></td>
- <td nowrap class="tabinact"><a href="vpn_ipsec_keys.php" class="tblnk">Pre-shared keys</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="4" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td class="vtable"><p><span class="vexpl"> </span>
$padr = $adr['network'];
else if ($adr['address']) {
list($padr, $pmask) = explode("/", $adr['address']);
- if (!$pmask)
+ if (is_null($pmask))
$pmask = 32;
}
}
} else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) {
$pconfig['p1myidentt'] = 'fqdn';
$pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn'];
- }
+ } else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) {
+ $pconfig['p1myidentt'] = 'user_fqdn';
+ $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn'];
+ }
$pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm'];
$pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm'];
if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
}
+ if ($_POST['p1myidentt'] == "user_fqdn") {
+ $ufqdn = explode("@",$_POST['p1myident']);
+ if (!is_domain($ufqdn[1]))
+ $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
+ }
if ($_POST['p1myidentt'] == "myaddress")
$_POST['p1myident'] = "";
case 'fqdn':
$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
break;
+ case 'user_fqdn':
+ $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
+ break;
}
$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
<?php include("fbegin.inc"); ?>
<p class="pgtitle">VPN: IPsec: Edit tunnel</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="vpn_ipsec_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) echo htmlspecialchars($pconfig['localnet']);?>">
/
<select name="localnetmask" class="formfld" id="localnetmask">
- <?php for ($i = 31; $i > 0; $i--): ?>
+ <?php for ($i = 31; $i >= 0; $i--): ?>
<option value="<?=$i;?>" <?php if ($i == $pconfig['localnetmask']) echo "selected"; ?>>
<?=$i;?>
</option>
<?php include("fbegin.inc"); ?>
<p class="pgtitle">VPN: IPsec</p>
<form action="vpn_ipsec.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (file_exists($d_ipsecconfdirty_path)): ?><p>
<?php print_info_box_np("The IPsec tunnel configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li>
+ <li class="tabinact"><a href="vpn_ipsec_mobile.php">Mobile clients</a></li>
+ <li class="tabact">Pre-shared keys</li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="vpn_ipsec.php" class="tblnk">Tunnels</a></td>
- <td nowrap class="tabinact"><a href="vpn_ipsec_mobile.php" class="tblnk">Mobile clients</a></td>
- <td nowrap class="tabact">Pre-shared keys</td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="4" class="tabcont">
+ <td class="tabcont">
<table width="80%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="listhdrr">Identifier</td>
} else if (isset($a_ipsec['p1']['myident']['fqdn'])) {
$pconfig['p1myidentt'] = 'fqdn';
$pconfig['p1myident'] = $a_ipsec['p1']['myident']['fqdn'];
- }
+ } else if (isset($a_ipsec['p1']['myident']['ufqdn'])) {
+ $pconfig['p1myidentt'] = 'user_fqdn';
+ $pconfig['p1myident'] = $a_ipsec['p1']['myident']['ufqdn'];
+ }
$pconfig['p1ealgo'] = $a_ipsec['p1']['encryption-algorithm'];
$pconfig['p1halgo'] = $a_ipsec['p1']['hash-algorithm'];
if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) {
$input_errors[] = "A valid domain name for 'My identifier' must be specified.";
}
+ if ($_POST['p1myidentt'] == "user_fqdn") {
+ $ufqdn = explode("@",$_POST['p1myident']);
+ if (!is_domain($ufqdn[1]))
+ $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified.";
+ }
if ($_POST['p1myidentt'] == "myaddress")
$_POST['p1myident'] = "";
case 'fqdn':
$ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident'];
break;
+ case 'user_fqdn':
+ $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident'];
+ break;
}
$ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo'];
</form>
<form action="vpn_ipsec_mobile.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="vpn_ipsec.php">Tunnels</a></li>
+ <li class="tabact">Mobile clients</li>
+ <li class="tabinact"><a href="vpn_ipsec_keys.php">Pre-shared keys</a></li>
+ </ul>
+ </td></tr>
<tr>
- <td nowrap class="tabinact"><a href="vpn_ipsec.php" class="tblnk">Tunnels</a></td>
- <td nowrap class="tabact">Mobile clients</td>
- <td nowrap class="tabinact"><a href="vpn_ipsec_keys.php" class="tblnk">Pre-shared keys</a></td>
- <td width="100%"> </td>
- </tr>
- <tr>
- <td colspan="4" class="tabcont">
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top"> </td>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php include("fbegin.inc"); ?>
<p class="pgtitle">VPN: PPTP</p>
+<form action="vpn_pptp.php" method="post" name="iform" id="iform">
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
- <form action="vpn_pptp.php" method="post" name="iform" id="iform">
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabact">Configuration</li>
+ <li class="tabinact"><a href="vpn_pptp_users.php">Users</a></li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<td width="22%" valign="top" class="vtable"> </td>
traffic from PPTP clients!</span></td>
</tr>
</table>
+ </td>
+ </tr>
+</table>
</form>
<script language="JavaScript">
<!--
<?php include("fbegin.inc"); ?>
<p class="pgtitle">VPN: PPTP: Users</p>
<form action="vpn_pptp_users.php" method="post">
-<?php if ($savemsg) print_info_box(htmlspecialchars($savemsg)); ?>
+<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if (isset($config['pptpd']['radius']['enable']))
- print_info_box(htmlspecialchars("Warning: RADIUS is enabled. The local user database will not be used.")); ?>
+ print_info_box("Warning: RADIUS is enabled. The local user database will not be used."); ?>
<?php if (file_exists($d_pptpuserdirty_path)): ?><p>
<?php print_info_box_np("The PPTP user list has been modified.<br>You must apply the changes in order for them to take effect.<br><b>Warning: this will terminate all current PPTP sessions!</b>");?><br>
<input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p>
<?php endif; ?>
- <table width="50%" border="0" cellpadding="0" cellspacing="0">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr><td>
+ <ul id="tabnav">
+ <li class="tabinact"><a href="vpn_pptp.php">Configuration</a></li>
+ <li class="tabact">Users</li>
+ </ul>
+ </td></tr>
+ <tr>
+ <td colspan="3" class="tabcont">
+ <table width="80%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="listhdrr">Username</td>
+ <td class="listhdr">IP address</td>
<td class="list"></td>
</tr>
<?php $i = 0; foreach ($a_secret as $secretent): ?>
<td class="listlr">
<?=htmlspecialchars($secretent['name']);?>
</td>
+ <td class="listr">
+ <?=htmlspecialchars($secretent['ip']);?>
+ </td>
<td class="list" nowrap> <a href="vpn_pptp_users_edit.php?id=<?=$i;?>"><img src="e.gif" width="17" height="17" border="0"></a>
<a href="vpn_pptp_users.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this user?')"><img src="x.gif" width="17" height="17" border="0"></a></td>
</tr>
<?php $i++; endforeach; ?>
<tr>
- <td class="list"></td>
+ <td class="list" colspan="2"></td>
<td class="list"> <a href="vpn_pptp_users_edit.php"><img src="plus.gif" width="17" height="17" border="0"></a></td>
</tr>
</table>
- </form>
+ </td>
+ </tr>
+</table>
+</form>
<?php include("fend.inc"); ?>
</body>
</html>
if (isset($id) && $a_secret[$id]) {
$pconfig['username'] = $a_secret[$id]['name'];
+ $pconfig['ip'] = $a_secret[$id]['ip'];
}
if ($_POST) {
if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) {
$input_errors[] = "The passwords do not match.";
}
+ if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) {
+ $input_errors[] = "The IP address entered is not valid.";
+ }
if (!$input_errors && !(isset($id) && $a_secret[$id])) {
/* make sure there are no dupes */
$secretent = $a_secret[$id];
$secretent['name'] = $_POST['username'];
+ $secretent['ip'] = $_POST['ip'];
if ($_POST['password'])
$secretent['password'] = $_POST['password'];
<?php include("fbegin.inc"); ?>
<p class="pgtitle">VPN: PPTP: Users: Edit</p>
<?php if ($input_errors) print_input_errors($input_errors); ?>
-<?php if ($savemsg) echo htmlspecialchars($savemsg); ?>
<form action="vpn_pptp_users_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
<span class="vexpl">If you want to change the users' password,
enter it here twice.</span><?php endif; ?></td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">IP address</td>
+ <td width="78%" class="vtable">
+ <input name="ip" type="text" class="formfld" id="ip" size="20" value="<?=htmlspecialchars($pconfig['ip']);?>">
+ <br><span class="vexpl">If you want the user to be assigned a specific IP address, enter it here.</span></td>
+ </tr>
<tr>
<td width="22%" valign="top"> </td>
<td width="78%">
projects / m0n0chwall.git / commitdiff
