From 83980f9f1dc78affd1c45ead233be5da636db92b Mon Sep 17 00:00:00 2001 From: ptaylor Date: Tue, 7 Feb 2006 13:43:56 +0000 Subject: [PATCH] Fixes pear.inc, which had the $id line outside of a comment. Adds User and Group Manager features and dynamic menus. These features allow for sub-administration of portions of Monowall. git-svn-id: https://svn.m0n0.ch/wall/trunk@51 e36fee2c-cc09-0410-a7cc-ebac5c6737de --- webgui/auth.inc | 132 +- webgui/diag_ipsec_sad.php | 264 ++-- webgui/diag_ipsec_spd.php | 296 ++--- webgui/diag_logs.php | 196 +-- webgui/diag_logs_dhcp.php | 196 +-- webgui/diag_logs_filter.php | 584 ++++----- webgui/diag_logs_portal.php | 186 +-- webgui/diag_logs_settings.php | 428 +++---- webgui/diag_logs_vpn.php | 214 ++-- webgui/diag_ping.php | 320 ++--- webgui/diag_traceroute.php | 248 ++-- webgui/exec.php | 582 ++++----- webgui/exec_raw.php | 76 +- webgui/firewall_nat.php | 326 ++--- webgui/firewall_nat_1to1.php | 282 ++-- webgui/firewall_nat_out.php | 356 +++--- webgui/firewall_nat_server.php | 272 ++-- webgui/firewall_shaper.php | 520 ++++---- webgui/firewall_shaper_magic.php | 826 ++++++------ webgui/firewall_shaper_pipes.php | 340 ++--- webgui/firewall_shaper_queues.php | 286 ++--- webgui/services_captiveportal.php | 1138 ++++++++--------- webgui/services_captiveportal_filemanager.php | 336 ++--- webgui/services_captiveportal_ip.php | 292 ++--- webgui/services_captiveportal_mac.php | 254 ++-- webgui/services_captiveportal_users.php | 226 ++-- webgui/system_groupmanager.php | 630 ++++----- webgui/system_usermanager.php | 650 +++++----- webgui/vpn_ipsec.php | 368 +++--- webgui/vpn_ipsec_ca.php | 192 +-- webgui/vpn_ipsec_keys.php | 200 +-- webgui/vpn_ipsec_mobile.php | 768 +++++------ webgui/vpn_pptp.php | 598 ++++----- webgui/vpn_pptp_users.php | 236 ++-- 34 files changed, 6409 insertions(+), 6409 deletions(-) diff --git a/webgui/auth.inc b/webgui/auth.inc index 26a4831..7cda0a1 100644 --- a/webgui/auth.inc +++ b/webgui/auth.inc @@ -1,67 +1,67 @@ -. - All rights reserved. - Copyright (C) 2003-2006 Manuel Kasper . - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -// Once here, the user has authenticated with the web server. -// Now, we give them access only to the appropriate pages for their group. -if (!($_SERVER['REMOTE_USER'] === $config['system']['username'])) { - $allowed[] = ''; - if (isset($config['system']['groups'][$config['system']['users'][$_SERVER['REMOTE_USER']]['group']]['pages'])) { - $allowed = &$config['system']['groups'][$config['system']['users'][$_SERVER['REMOTE_USER']]['group']]['pages']; - } - - // If the user is attempting to hit the default page, set it to specifically look for /index.php. - // Without this, any user would have access to the index page. - if ($_SERVER['PHP_SELF'] == '/') - $_SERVER['PHP_SELF'] = '/index.php'; - - // Strip the leading / from the currently requested PHP page - if (!in_array(basename($_SERVER['PHP_SELF']),$allowed)) { - // The currently logged in user is not allowed to access the page - // they are attempting to go to. Redirect them to an allowed page. - - if (in_array("index.php",$allowed)) { - header("Location: /index.php"); - exit; - } - else { - header("HTTP/1.0 401 Unauthorized"); - header("Status: 401 Unauthorized"); - - echo "401 Unauthorized

401 Unauthorized

Authorization required."; - exit; - } - } -} - - - +. + All rights reserved. + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +// Once here, the user has authenticated with the web server. +// Now, we give them access only to the appropriate pages for their group. +if (!($_SERVER['REMOTE_USER'] === $config['system']['username'])) { + $allowed[] = ''; + if (isset($config['system']['groups'][$config['system']['users'][$_SERVER['REMOTE_USER']]['group']]['pages'])) { + $allowed = &$config['system']['groups'][$config['system']['users'][$_SERVER['REMOTE_USER']]['group']]['pages']; + } + + // If the user is attempting to hit the default page, set it to specifically look for /index.php. + // Without this, any user would have access to the index page. + if ($_SERVER['PHP_SELF'] == '/') + $_SERVER['PHP_SELF'] = '/index.php'; + + // Strip the leading / from the currently requested PHP page + if (!in_array(basename($_SERVER['PHP_SELF']),$allowed)) { + // The currently logged in user is not allowed to access the page + // they are attempting to go to. Redirect them to an allowed page. + + if (in_array("index.php",$allowed)) { + header("Location: /index.php"); + exit; + } + else { + header("HTTP/1.0 401 Unauthorized"); + header("Status: 401 Unauthorized"); + + echo "401 Unauthorized

401 Unauthorized

Authorization required."; + exit; + } + } +} + + + ?> \ No newline at end of file diff --git a/webgui/diag_ipsec_sad.php b/webgui/diag_ipsec_sad.php index ae2b401..cf40131 100644 --- a/webgui/diag_ipsec_sad.php +++ b/webgui/diag_ipsec_sad.php @@ -1,132 +1,132 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "IPsec"); - -require("guiconfig.inc"); -?> - - - - -
-
    - 'diag_ipsec_sad.php', - 'SPD' => 'diag_ipsec_spd.php'); - dynamic_tab_menu($tabs); -?> -
-
- /dev/null 2>&1", "w"); - if ($fd) { - fwrite($fd, "delete {$_GET['src']} {$_GET['dst']} {$_GET['proto']} {$_GET['spi']} ;\n"); - pclose($fd); - sleep(1); - } -} - -/* query SAD */ -$fd = @popen("/usr/sbin/setkey -D", "r"); -$sad = array(); -if ($fd) { - while (!feof($fd)) { - $line = chop(fgets($fd)); - if (!$line) - continue; - if ($line == "No SAD entries.") - break; - if ($line[0] != "\t") { - if (is_array($cursa)) - $sad[] = $cursa; - $cursa = array(); - list($cursa['src'],$cursa['dst']) = explode(" ", $line); - $i = 0; - } else { - $linea = explode(" ", trim($line)); - if ($i == 1) { - $cursa['proto'] = $linea[0]; - $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1); - } else if ($i == 2) { - $cursa['ealgo'] = $linea[1]; - } else if ($i == 3) { - $cursa['aalgo'] = $linea[1]; - } - } - $i++; - } - if (is_array($cursa) && count($cursa)) - $sad[] = $cursa; - pclose($fd); -} -if (count($sad)): -?> - - - - - - - - - - - - - - - - - - - - - - -
SourceDestinationProtocolSPIEnc. alg.Auth. alg.
- - -
- -

No IPsec security associations.

- -
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "IPsec"); + +require("guiconfig.inc"); +?> + + + + +
+
    + 'diag_ipsec_sad.php', + 'SPD' => 'diag_ipsec_spd.php'); + dynamic_tab_menu($tabs); +?> +
+
+ /dev/null 2>&1", "w"); + if ($fd) { + fwrite($fd, "delete {$_GET['src']} {$_GET['dst']} {$_GET['proto']} {$_GET['spi']} ;\n"); + pclose($fd); + sleep(1); + } +} + +/* query SAD */ +$fd = @popen("/usr/sbin/setkey -D", "r"); +$sad = array(); +if ($fd) { + while (!feof($fd)) { + $line = chop(fgets($fd)); + if (!$line) + continue; + if ($line == "No SAD entries.") + break; + if ($line[0] != "\t") { + if (is_array($cursa)) + $sad[] = $cursa; + $cursa = array(); + list($cursa['src'],$cursa['dst']) = explode(" ", $line); + $i = 0; + } else { + $linea = explode(" ", trim($line)); + if ($i == 1) { + $cursa['proto'] = $linea[0]; + $cursa['spi'] = substr($linea[2], strpos($linea[2], "x")+1, -1); + } else if ($i == 2) { + $cursa['ealgo'] = $linea[1]; + } else if ($i == 3) { + $cursa['aalgo'] = $linea[1]; + } + } + $i++; + } + if (is_array($cursa) && count($cursa)) + $sad[] = $cursa; + pclose($fd); +} +if (count($sad)): +?> + + + + + + + + + + + + + + + + + + + + + + +
SourceDestinationProtocolSPIEnc. alg.Auth. alg.
+ + +
+ +

No IPsec security associations.

+ +
+ diff --git a/webgui/diag_ipsec_spd.php b/webgui/diag_ipsec_spd.php index 6056625..f386ed8 100644 --- a/webgui/diag_ipsec_spd.php +++ b/webgui/diag_ipsec_spd.php @@ -1,148 +1,148 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "IPsec"); - -require("guiconfig.inc"); -?> - - - - -
-
    - 'diag_ipsec_sad.php', - 'SPD' => 'diag_ipsec_spd.php'); - dynamic_tab_menu($tabs); -?> -
-
- /dev/null 2>&1", "w"); - if ($fd) { - fwrite($fd, "spddelete {$_GET['src']} {$_GET['dst']} any -P {$_GET['dir']} ;\n"); - pclose($fd); - sleep(1); - } -} - -/* query SAD */ -$fd = @popen("/usr/sbin/setkey -DP", "r"); -$spd = array(); -if ($fd) { - while (!feof($fd)) { - $line = chop(fgets($fd)); - if (!$line) - continue; - if ($line == "No SPD entries.") - break; - if ($line[0] != "\t") { - if (is_array($cursp)) - $spd[] = $cursp; - $cursp = array(); - $linea = explode(" ", $line); - $cursp['src'] = substr($linea[0], 0, strpos($linea[0], "[")); - $cursp['dst'] = substr($linea[1], 0, strpos($linea[1], "[")); - $i = 0; - } else if (is_array($cursp)) { - $linea = explode(" ", trim($line)); - if ($i == 1) { - if ($linea[1] == "none") /* don't show default anti-lockout rule */ - unset($cursp); - else - $cursp['dir'] = $linea[0]; - } else if ($i == 2) { - $upperspec = explode("/", $linea[0]); - $cursp['proto'] = $upperspec[0]; - list($cursp['ep_src'], $cursp['ep_dst']) = explode("-", $upperspec[2]); - } - } - $i++; - } - if (is_array($cursp) && count($cursp)) - $spd[] = $cursp; - pclose($fd); -} -if (count($spd)): -?> - - - - - - - - - - - - - - - - - - - - -
SourceDestinationDirectionProtocolTunnel endpoints
-
- 		- - -
-
- - - - - - - - - - - - -
incoming (as seen by firewall)
outgoing (as seen by firewall)
- -

No IPsec security policies.

- -
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "IPsec"); + +require("guiconfig.inc"); +?> + + + + +
+
    + 'diag_ipsec_sad.php', + 'SPD' => 'diag_ipsec_spd.php'); + dynamic_tab_menu($tabs); +?> +
+
+ /dev/null 2>&1", "w"); + if ($fd) { + fwrite($fd, "spddelete {$_GET['src']} {$_GET['dst']} any -P {$_GET['dir']} ;\n"); + pclose($fd); + sleep(1); + } +} + +/* query SAD */ +$fd = @popen("/usr/sbin/setkey -DP", "r"); +$spd = array(); +if ($fd) { + while (!feof($fd)) { + $line = chop(fgets($fd)); + if (!$line) + continue; + if ($line == "No SPD entries.") + break; + if ($line[0] != "\t") { + if (is_array($cursp)) + $spd[] = $cursp; + $cursp = array(); + $linea = explode(" ", $line); + $cursp['src'] = substr($linea[0], 0, strpos($linea[0], "[")); + $cursp['dst'] = substr($linea[1], 0, strpos($linea[1], "[")); + $i = 0; + } else if (is_array($cursp)) { + $linea = explode(" ", trim($line)); + if ($i == 1) { + if ($linea[1] == "none") /* don't show default anti-lockout rule */ + unset($cursp); + else + $cursp['dir'] = $linea[0]; + } else if ($i == 2) { + $upperspec = explode("/", $linea[0]); + $cursp['proto'] = $upperspec[0]; + list($cursp['ep_src'], $cursp['ep_dst']) = explode("-", $upperspec[2]); + } + } + $i++; + } + if (is_array($cursp) && count($cursp)) + $spd[] = $cursp; + pclose($fd); +} +if (count($spd)): +?> + + + + + + + + + + + + + + + + + + + + +
SourceDestinationDirectionProtocolTunnel endpoints
-
+ 		+ + +
+
+ + + + + + + + + + + + +
incoming (as seen by firewall)
outgoing (as seen by firewall)
+ +

No IPsec security policies.

+ +
+ diff --git a/webgui/diag_logs.php b/webgui/diag_logs.php index 5577649..0012b95 100644 --- a/webgui/diag_logs.php +++ b/webgui/diag_logs.php @@ -1,98 +1,98 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs.php"); - exit; -} - -function dump_clog($logfile, $tail, $withorig = true) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - echo "\n"; - - if ($withorig) { - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; - } else { - echo "" . htmlspecialchars($logent[5]) . "\n"; - } - echo "\n"; - } -} - -?> - - - - - - -
-
    - 'diag_logs.php', - 'Firewall' => 'diag_logs_filter.php', - 'DHCP' => 'diag_logs_dhcp.php', - 'Captive portal' => 'diag_logs_portal.php', - 'PPTP VPN' => 'diag_logs_vpn.php', - 'Settings' => 'diag_logs_settings.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - -
- Last system log entries
-
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 262144 /var/log/system.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs.php"); + exit; +} + +function dump_clog($logfile, $tail, $withorig = true) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + + if ($withorig) { + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; + } else { + echo "" . htmlspecialchars($logent[5]) . "\n"; + } + echo "\n"; + } +} + +?> + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + +
+ Last system log entries
+
+ +
+
+ diff --git a/webgui/diag_logs_dhcp.php b/webgui/diag_logs_dhcp.php index 31b0af8..63f0abc 100644 --- a/webgui/diag_logs_dhcp.php +++ b/webgui/diag_logs_dhcp.php @@ -1,98 +1,98 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 32768 /var/log/dhcpd.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs_dhcp.php"); - exit; -} - -function dump_clog($logfile, $tail, $withorig = true) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - echo "\n"; - - if ($withorig) { - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; - } else { - echo "" . htmlspecialchars($logent[5]) . "\n"; - } - echo "\n"; - } -} - -?> - - - - - - -
-
    - 'diag_logs.php', - 'Firewall' => 'diag_logs_filter.php', - 'DHCP' => 'diag_logs_dhcp.php', - 'Captive portal' => 'diag_logs_portal.php', - 'PPTP VPN' => 'diag_logs_vpn.php', - 'Settings' => 'diag_logs_settings.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - -
- Last DHCP service log entries
-
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 32768 /var/log/dhcpd.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs_dhcp.php"); + exit; +} + +function dump_clog($logfile, $tail, $withorig = true) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + + if ($withorig) { + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; + } else { + echo "" . htmlspecialchars($logent[5]) . "\n"; + } + echo "\n"; + } +} + +?> + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + +
+ Last DHCP service log entries
+
+ +
+
+ diff --git a/webgui/diag_logs_filter.php b/webgui/diag_logs_filter.php index 6c40e0a..7b8f7d9 100644 --- a/webgui/diag_logs_filter.php +++ b/webgui/diag_logs_filter.php @@ -1,292 +1,292 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPv6 IGMP any"); - -$nentries = $config['syslog']['nentries']; -$resolve = isset($config['syslog']['resolve']); - -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 262144 /var/log/filter.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs_filter.php"); - exit; -} - - -if (isset($_GET['act']) && preg_match("/^[pb]+$/", $_GET['act'])) { - $action = $_GET['act']; - $ifstring .= "&act=$action"; - $srcstring .= "&act=$action"; - $dststring .= "&act=$action"; - $prstring .= "&act=$action"; -} - -if (isset($_GET['if']) && ($_GET['if'] != "")) { - $iface = $_GET['if']; - $actstring .= "&if=$iface"; - $srcstring .= "&if=$iface"; - $dststring .= "&if=$iface"; - $prstring .= "&if=$iface"; -} - -if (isset($_GET['pr']) && in_array($_GET['pr'], $protocols)) { - $proto = $_GET['pr']; - $actstring .= "&pr=$proto"; - $ifstring .= "&pr=$proto"; - $srcstring .= "&pr=$proto"; - $dststring .= "&pr=$proto"; -} - -if (isset($_GET['sp']) && (is_numeric($_GET['sp']))) { - $srcport = $_GET['sp']; - $actstring .= "&sp=$srcport"; - $ifstring .= "&sp=$srcport"; - $dststring .= "&sp=$srcport"; - $prstring .= "&sp=$srcport"; -} - -if (isset($_GET['dp']) && (is_numeric($_GET['dp']))) { - $dstport = $_GET['dp']; - $actstring .= "&dp=$dstport"; - $ifstring .= "&dp=$dstport"; - $srcstring .= "&dp=$dstport"; - $prstring .= "&dp=$dstport"; -} - - -function dump_clog($logfile, $tail, $withorig = true) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - echo "\n"; - - if ($withorig) { - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; - } else { - echo "" . htmlspecialchars($logent[5]) . "\n"; - } - echo "\n"; - } -} - -function conv_clog($logfile, $tail) { - global $g, $config, $iface, $action, $proto, $srcport, $dstport; - - /* make interface/port table */ - $iftable = array(); - $iftable[$config['interfaces']['lan']['if']] = "LAN"; - $iftable[get_real_wan_interface()] = "WAN"; - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) - $iftable[$config['interfaces']['opt' . $i]['if']] = $config['interfaces']['opt' . $i]['descr']; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - $filterlog = array(); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - $ipfa = explode(" ", $logent[5]); - - $flent = array(); - $i = 0; - $flent['time'] = $ipfa[$i]; - $i++; - if (substr($ipfa[$i], -1) == "x") { - $flent['count'] = substr($ipfa[$i], 0, -1); - $i++; - } - - if ($iftable[$ipfa[$i]]) - $flent['interface'] = $iftable[$ipfa[$i]]; - else if (strpos($ipfa[$i], "ng") !== false) - $flent['interface'] = "PPTP"; - else - $flent['interface'] = $ipfa[$i]; - - if (isset($iface)) { - if ($iface != $flent['interface']) - continue; - } - - $i += 2; - if (!isset($action) || strstr($action, $ipfa[$i])) - $flent['act'] = $ipfa[$i]; - else - continue; - $i++; - list($flent['src'], $flent['srcport']) = format_ipf_ip($ipfa[$i],$srcport); - if (!isset($flent['src'])) - continue; - $i += 2; - list($flent['dst'], $flent['dstport']) = format_ipf_ip($ipfa[$i],$dstport); - if (!isset($flent['dst'])) - continue; - $i += 2; - $protocol = strtoupper($ipfa[$i]); - if (!isset($proto) || ($proto == $protocol)) - $flent['proto'] = $protocol; - else - continue; - if ($protocol == "ICMP") { - $i += 5; - $flent['dst'] = $flent['dst'] . ", type " . $ipfa[$i]; - } - $filterlog[] = $flent; - } - - return $filterlog; -} - -function format_ipf_ip($ipfip,$uport) { - global $resolve; - - list($ip,$port) = explode(",", $ipfip); - if ($resolve) { - if (!$port) - return array(gethostbyaddr($ip), ""); - if ($uport == "" || ($uport == $port)) - return array(gethostbyaddr($ip) . ", port " . $port, $port); - return; - } - - if (!$port) - return array($ip, ""); - if ($uport == "" || ($uport == $port)) - return array($ip . ", port " . $port, $port); - return; -} -?> - - - - - - - -
-
    - 'diag_logs.php', - 'Firewall' => 'diag_logs_filter.php', - 'DHCP' => 'diag_logs_dhcp.php', - 'Captive portal' => 'diag_logs_portal.php', - 'PPTP VPN' => 'diag_logs_vpn.php', - 'Settings' => 'diag_logs_settings.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - '; - $ifstring .= '" style="color:black" title="click to select interface">'; - $srcstring .= '" style="color:black" title="click to select source port">'; - $dststring .= '" style="color:black" title="click to select destination port">'; - $prstring .= '" style="color:black" title="click to select protocol">'; - ?> - - - - - - - -
- Last firewall log entries
ActTimeIfSourceDestinationProto
- - " width="11" height="11" align="absmiddle" border="0" title="click to select action"> - - - - - -
Note:
- There are many possibilities to filter this log. - Just click on the accept () or - deny symbol () to filter for - accepted or denied IP packets. Do the same for the desired - interface, source/destination port or protocol. To deselect - a selected filter entry, click on the column description above. - To reset all filter entries and reload the firewall logs page, - click on the "Firewall" tab below "Diagnostics: Logs". -
- - - - - - -
- Last firewall log entries
- -
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPv6 IGMP any"); + +$nentries = $config['syslog']['nentries']; +$resolve = isset($config['syslog']['resolve']); + +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 262144 /var/log/filter.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs_filter.php"); + exit; +} + + +if (isset($_GET['act']) && preg_match("/^[pb]+$/", $_GET['act'])) { + $action = $_GET['act']; + $ifstring .= "&act=$action"; + $srcstring .= "&act=$action"; + $dststring .= "&act=$action"; + $prstring .= "&act=$action"; +} + +if (isset($_GET['if']) && ($_GET['if'] != "")) { + $iface = $_GET['if']; + $actstring .= "&if=$iface"; + $srcstring .= "&if=$iface"; + $dststring .= "&if=$iface"; + $prstring .= "&if=$iface"; +} + +if (isset($_GET['pr']) && in_array($_GET['pr'], $protocols)) { + $proto = $_GET['pr']; + $actstring .= "&pr=$proto"; + $ifstring .= "&pr=$proto"; + $srcstring .= "&pr=$proto"; + $dststring .= "&pr=$proto"; +} + +if (isset($_GET['sp']) && (is_numeric($_GET['sp']))) { + $srcport = $_GET['sp']; + $actstring .= "&sp=$srcport"; + $ifstring .= "&sp=$srcport"; + $dststring .= "&sp=$srcport"; + $prstring .= "&sp=$srcport"; +} + +if (isset($_GET['dp']) && (is_numeric($_GET['dp']))) { + $dstport = $_GET['dp']; + $actstring .= "&dp=$dstport"; + $ifstring .= "&dp=$dstport"; + $srcstring .= "&dp=$dstport"; + $prstring .= "&dp=$dstport"; +} + + +function dump_clog($logfile, $tail, $withorig = true) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + + if ($withorig) { + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . "\n"; + } else { + echo "" . htmlspecialchars($logent[5]) . "\n"; + } + echo "\n"; + } +} + +function conv_clog($logfile, $tail) { + global $g, $config, $iface, $action, $proto, $srcport, $dstport; + + /* make interface/port table */ + $iftable = array(); + $iftable[$config['interfaces']['lan']['if']] = "LAN"; + $iftable[get_real_wan_interface()] = "WAN"; + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $iftable[$config['interfaces']['opt' . $i]['if']] = $config['interfaces']['opt' . $i]['descr']; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + $filterlog = array(); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + $ipfa = explode(" ", $logent[5]); + + $flent = array(); + $i = 0; + $flent['time'] = $ipfa[$i]; + $i++; + if (substr($ipfa[$i], -1) == "x") { + $flent['count'] = substr($ipfa[$i], 0, -1); + $i++; + } + + if ($iftable[$ipfa[$i]]) + $flent['interface'] = $iftable[$ipfa[$i]]; + else if (strpos($ipfa[$i], "ng") !== false) + $flent['interface'] = "PPTP"; + else + $flent['interface'] = $ipfa[$i]; + + if (isset($iface)) { + if ($iface != $flent['interface']) + continue; + } + + $i += 2; + if (!isset($action) || strstr($action, $ipfa[$i])) + $flent['act'] = $ipfa[$i]; + else + continue; + $i++; + list($flent['src'], $flent['srcport']) = format_ipf_ip($ipfa[$i],$srcport); + if (!isset($flent['src'])) + continue; + $i += 2; + list($flent['dst'], $flent['dstport']) = format_ipf_ip($ipfa[$i],$dstport); + if (!isset($flent['dst'])) + continue; + $i += 2; + $protocol = strtoupper($ipfa[$i]); + if (!isset($proto) || ($proto == $protocol)) + $flent['proto'] = $protocol; + else + continue; + if ($protocol == "ICMP") { + $i += 5; + $flent['dst'] = $flent['dst'] . ", type " . $ipfa[$i]; + } + $filterlog[] = $flent; + } + + return $filterlog; +} + +function format_ipf_ip($ipfip,$uport) { + global $resolve; + + list($ip,$port) = explode(",", $ipfip); + if ($resolve) { + if (!$port) + return array(gethostbyaddr($ip), ""); + if ($uport == "" || ($uport == $port)) + return array(gethostbyaddr($ip) . ", port " . $port, $port); + return; + } + + if (!$port) + return array($ip, ""); + if ($uport == "" || ($uport == $port)) + return array($ip . ", port " . $port, $port); + return; +} +?> + + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + '; + $ifstring .= '" style="color:black" title="click to select interface">'; + $srcstring .= '" style="color:black" title="click to select source port">'; + $dststring .= '" style="color:black" title="click to select destination port">'; + $prstring .= '" style="color:black" title="click to select protocol">'; + ?> + + + + + + + +
+ Last firewall log entries
ActTimeIfSourceDestinationProto
+ + " width="11" height="11" align="absmiddle" border="0" title="click to select action"> + + + + + +
Note:
+ There are many possibilities to filter this log. + Just click on the accept () or + deny symbol () to filter for + accepted or denied IP packets. Do the same for the desired + interface, source/destination port or protocol. To deselect + a selected filter entry, click on the column description above. + To reset all filter entries and reload the firewall logs page, + click on the "Firewall" tab below "Diagnostics: Logs". +
+ + + + + + +
+ Last firewall log entries
+ +
+ +
+
+ diff --git a/webgui/diag_logs_portal.php b/webgui/diag_logs_portal.php index fc70dbb..1c984e9 100644 --- a/webgui/diag_logs_portal.php +++ b/webgui/diag_logs_portal.php @@ -1,93 +1,93 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 32768 /var/log/portalauth.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs_portal.php"); - exit; -} - -function dump_clog($logfile, $tail) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - echo "\n"; - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - echo "" . htmlspecialchars($logent[5]) . "\n"; - echo "\n"; - } -} - -?> - - - - - - -
-
    - 'diag_logs.php', - 'Firewall' => 'diag_logs_filter.php', - 'DHCP' => 'diag_logs_dhcp.php', - 'Captive portal' => 'diag_logs_portal.php', - 'PPTP VPN' => 'diag_logs_vpn.php', - 'Settings' => 'diag_logs_settings.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - -
- Last captive portal log entries
-
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 32768 /var/log/portalauth.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs_portal.php"); + exit; +} + +function dump_clog($logfile, $tail) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + echo "\n"; + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + echo "" . htmlspecialchars($logent[5]) . "\n"; + echo "\n"; + } +} + +?> + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + +
+ Last captive portal log entries
+
+ +
+
+ diff --git a/webgui/diag_logs_settings.php b/webgui/diag_logs_settings.php index 254b9a0..b526a4b 100644 --- a/webgui/diag_logs_settings.php +++ b/webgui/diag_logs_settings.php @@ -1,214 +1,214 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$pconfig['reverse'] = isset($config['syslog']['reverse']); -$pconfig['nentries'] = $config['syslog']['nentries']; -$pconfig['remoteserver'] = $config['syslog']['remoteserver']; -$pconfig['filter'] = isset($config['syslog']['filter']); -$pconfig['dhcp'] = isset($config['syslog']['dhcp']); -$pconfig['portalauth'] = isset($config['syslog']['portalauth']); -$pconfig['vpn'] = isset($config['syslog']['vpn']); -$pconfig['system'] = isset($config['syslog']['system']); -$pconfig['enable'] = isset($config['syslog']['enable']); -$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); -$pconfig['rawfilter'] = isset($config['syslog']['rawfilter']); -$pconfig['resolve'] = isset($config['syslog']['resolve']); - -if (!$pconfig['nentries']) - $pconfig['nentries'] = 50; - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable'] && !is_ipaddr($_POST['remoteserver'])) { - $input_errors[] = "A valid IP address must be specified."; - } - if (($_POST['nentries'] < 5) || ($_POST['nentries'] > 1000)) { - $input_errors[] = "Number of log entries to show must be between 5 and 1000."; - } - - if (!$input_errors) { - $config['syslog']['reverse'] = $_POST['reverse'] ? true : false; - $config['syslog']['nentries'] = (int)$_POST['nentries']; - $config['syslog']['remoteserver'] = $_POST['remoteserver']; - $config['syslog']['filter'] = $_POST['filter'] ? true : false; - $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; - $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; - $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; - $config['syslog']['system'] = $_POST['system'] ? true : false; - $config['syslog']['enable'] = $_POST['enable'] ? true : false; - $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); - $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; - $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false; - $config['syslog']['resolve'] = $_POST['resolve'] ? true : false; - - write_config(); - - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval = system_syslogd_start(); - if ($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) - $retval |= filter_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - } -} - -?> - - -
- - - - - - - -
-
    - 'diag_logs.php', - 'Firewall' => 'diag_logs_filter.php', - 'DHCP' => 'diag_logs_dhcp.php', - 'Captive portal' => 'diag_logs_portal.php', - 'PPTP VPN' => 'diag_logs_vpn.php', - 'Settings' => 'diag_logs_settings.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  > - Show log entries in reverse order (newest entries - on top)
 Number of log entries to - show: -
  > - Log packets blocked by the default rule
- Hint: packets that are blocked by the - implicit default block rule will not be logged anymore - if you uncheck this option. Per-rule logging options are not affected.
  > - Show raw filter logs
- Hint: If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information.
  > - Resolve IP addresses to hostnames
- Hint: If this is checked, IP addresses in firewall logs are resolved to real hostnames where possible.
- Warning: This can cause a huge delay in loading the firewall log page!
  onClick="enable_change(false)"> - Enable syslog'ing to remote syslog server
Remote syslog - server -
- IP address of remote syslog server

- > - system events
- > - firewall events
- > - DHCP service events
- > - Captive portal
- > - PPTP VPN events
  -
 Note:
- syslog sends UDP datagrams to port 514 on the specified - remote syslog server. Be sure to set syslogd on the - remote server to accept syslog messages from m0n0wall. -
-
-
- - +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$pconfig['reverse'] = isset($config['syslog']['reverse']); +$pconfig['nentries'] = $config['syslog']['nentries']; +$pconfig['remoteserver'] = $config['syslog']['remoteserver']; +$pconfig['filter'] = isset($config['syslog']['filter']); +$pconfig['dhcp'] = isset($config['syslog']['dhcp']); +$pconfig['portalauth'] = isset($config['syslog']['portalauth']); +$pconfig['vpn'] = isset($config['syslog']['vpn']); +$pconfig['system'] = isset($config['syslog']['system']); +$pconfig['enable'] = isset($config['syslog']['enable']); +$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); +$pconfig['rawfilter'] = isset($config['syslog']['rawfilter']); +$pconfig['resolve'] = isset($config['syslog']['resolve']); + +if (!$pconfig['nentries']) + $pconfig['nentries'] = 50; + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable'] && !is_ipaddr($_POST['remoteserver'])) { + $input_errors[] = "A valid IP address must be specified."; + } + if (($_POST['nentries'] < 5) || ($_POST['nentries'] > 1000)) { + $input_errors[] = "Number of log entries to show must be between 5 and 1000."; + } + + if (!$input_errors) { + $config['syslog']['reverse'] = $_POST['reverse'] ? true : false; + $config['syslog']['nentries'] = (int)$_POST['nentries']; + $config['syslog']['remoteserver'] = $_POST['remoteserver']; + $config['syslog']['filter'] = $_POST['filter'] ? true : false; + $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; + $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; + $config['syslog']['vpn'] = $_POST['vpn'] ? true : false; + $config['syslog']['system'] = $_POST['system'] ? true : false; + $config['syslog']['enable'] = $_POST['enable'] ? true : false; + $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); + $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; + $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false; + $config['syslog']['resolve'] = $_POST['resolve'] ? true : false; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = system_syslogd_start(); + if ($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} + +?> + + +
+ + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  > + Show log entries in reverse order (newest entries + on top)
 Number of log entries to + show: +
  > + Log packets blocked by the default rule
+ Hint: packets that are blocked by the + implicit default block rule will not be logged anymore + if you uncheck this option. Per-rule logging options are not affected.
  > + Show raw filter logs
+ Hint: If this is checked, filter logs are shown as generated by the packet filter, without any formatting. This will reveal more detailed information.
  > + Resolve IP addresses to hostnames
+ Hint: If this is checked, IP addresses in firewall logs are resolved to real hostnames where possible.
+ Warning: This can cause a huge delay in loading the firewall log page!
  onClick="enable_change(false)"> + Enable syslog'ing to remote syslog server
Remote syslog + server +
+ IP address of remote syslog server

+ > + system events
+ > + firewall events
+ > + DHCP service events
+ > + Captive portal
+ > + PPTP VPN events
  +
 Note:
+ syslog sends UDP datagrams to port 514 on the specified + remote syslog server. Be sure to set syslogd on the + remote server to accept syslog messages from m0n0wall. +
+
+
+ + diff --git a/webgui/diag_logs_vpn.php b/webgui/diag_logs_vpn.php index 569efe8..9eaf6cb 100644 --- a/webgui/diag_logs_vpn.php +++ b/webgui/diag_logs_vpn.php @@ -1,107 +1,107 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Logs"); -require("guiconfig.inc"); - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; - -if ($_POST['clear']) { - exec("/usr/sbin/clog -i -s 65536 /var/log/vpn.log"); - /* redirect to avoid reposting form data on refresh */ - header("Location: diag_logs_vpn.php"); - exit; -} - -function dump_clog($logfile, $tail) { - global $g, $config; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); - - foreach ($logarr as $logent) { - $logent = preg_split("/\s+/", $logent, 6); - $llent = explode(",", $logent[5]); - - echo "\n"; - echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; - - if ($llent[0] == "login") - echo "\n"; - else - echo "\n"; - - echo "" . htmlspecialchars($llent[3]) . "\n"; - echo "" . htmlspecialchars($llent[2]) . " \n"; - echo "\n"; - } -} - -?> - - - - - - -
-
    - 'diag_logs.php', - 'Firewall' => 'diag_logs_filter.php', - 'DHCP' => 'diag_logs_dhcp.php', - 'Captive portal' => 'diag_logs_portal.php', - 'PPTP VPN' => 'diag_logs_vpn.php', - 'Settings' => 'diag_logs_settings.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - -
- Last PPTP VPN log entries
TimeActionUserIP address
-
- -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Logs"); +require("guiconfig.inc"); + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("/usr/sbin/clog -i -s 65536 /var/log/vpn.log"); + /* redirect to avoid reposting form data on refresh */ + header("Location: diag_logs_vpn.php"); + exit; +} + +function dump_clog($logfile, $tail) { + global $g, $config; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr); + + foreach ($logarr as $logent) { + $logent = preg_split("/\s+/", $logent, 6); + $llent = explode(",", $logent[5]); + + echo "\n"; + echo "" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . "\n"; + + if ($llent[0] == "login") + echo "\n"; + else + echo "\n"; + + echo "" . htmlspecialchars($llent[3]) . "\n"; + echo "" . htmlspecialchars($llent[2]) . " \n"; + echo "\n"; + } +} + +?> + + + + + + +
+
    + 'diag_logs.php', + 'Firewall' => 'diag_logs_filter.php', + 'DHCP' => 'diag_logs_dhcp.php', + 'Captive portal' => 'diag_logs_portal.php', + 'PPTP VPN' => 'diag_logs_vpn.php', + 'Settings' => 'diag_logs_settings.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + +
+ Last PPTP VPN log entries
TimeActionUserIP address
+
+ +
+
+ diff --git a/webgui/diag_ping.php b/webgui/diag_ping.php index 8729074..e387007 100644 --- a/webgui/diag_ping.php +++ b/webgui/diag_ping.php @@ -1,160 +1,160 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Ping"); -require("guiconfig.inc"); - -define('MAX_COUNT', 10); -define('DEFAULT_COUNT', 3); - -if ($_POST) { - unset($input_errors); - unset($do_ping); - - /* input validation */ - $reqdfields = explode(" ", "host count"); - $reqdfieldsn = explode(",", "Host,Count"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (($_POST['count'] < 1) || ($_POST['count'] > MAX_COUNT)) { - $input_errors[] = "Count must be between 1 and {MAX_COUNT}"; - } - - if (!$input_errors) { - $do_ping = true; - $host = $_POST['host']; - $interface = $_POST['interface']; - $count = $_POST['count']; - } -} -if (!isset($do_ping)) { - $do_ping = false; - $host = ''; - $count = DEFAULT_COUNT; -} - -function get_interface_addr($ifdescr) { - - global $config, $g; - - /* find out interface name */ - if ($ifdescr == "wan") - $if = get_real_wan_interface(); - else - $if = $config['interfaces'][$ifdescr]['if']; - - /* try to determine IP address and netmask with ifconfig */ - unset($ifconfiginfo); - exec("/sbin/ifconfig " . $if, $ifconfiginfo); - - foreach ($ifconfiginfo as $ici) { - if (preg_match("/inet (\S+)/", $ici, $matches)) { - return $matches[1]; - } - } - - return false; -} -?> - - - - -
-
    - 'diag_ping.php', - 'Traceroute' => 'diag_traceroute.php'); - dynamic_tab_menu($tabs); -?> -
-
- -
- - - - - - - - - - - - - - - - - - - - -
Host -
Interface - -
Count -
  - -
- Ping output:
"); - echo('
');
-					ob_end_flush();
-					$ifaddr = get_interface_addr($interface);
-					if ($ifaddr)
-						system("/sbin/ping -S$ifaddr -c$count " . escapeshellarg($host));
-					else
-						system("/sbin/ping -c$count " . escapeshellarg($host));
-					echo('
'); - } - ?> -
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Ping"); +require("guiconfig.inc"); + +define('MAX_COUNT', 10); +define('DEFAULT_COUNT', 3); + +if ($_POST) { + unset($input_errors); + unset($do_ping); + + /* input validation */ + $reqdfields = explode(" ", "host count"); + $reqdfieldsn = explode(",", "Host,Count"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['count'] < 1) || ($_POST['count'] > MAX_COUNT)) { + $input_errors[] = "Count must be between 1 and {MAX_COUNT}"; + } + + if (!$input_errors) { + $do_ping = true; + $host = $_POST['host']; + $interface = $_POST['interface']; + $count = $_POST['count']; + } +} +if (!isset($do_ping)) { + $do_ping = false; + $host = ''; + $count = DEFAULT_COUNT; +} + +function get_interface_addr($ifdescr) { + + global $config, $g; + + /* find out interface name */ + if ($ifdescr == "wan") + $if = get_real_wan_interface(); + else + $if = $config['interfaces'][$ifdescr]['if']; + + /* try to determine IP address and netmask with ifconfig */ + unset($ifconfiginfo); + exec("/sbin/ifconfig " . $if, $ifconfiginfo); + + foreach ($ifconfiginfo as $ici) { + if (preg_match("/inet (\S+)/", $ici, $matches)) { + return $matches[1]; + } + } + + return false; +} +?> + + + + +
+
    + 'diag_ping.php', + 'Traceroute' => 'diag_traceroute.php'); + dynamic_tab_menu($tabs); +?> +
+
+ +
+ + + + + + + + + + + + + + + + + + + + +
Host +
Interface + +
Count +
  + +
+ Ping output:
"); + echo('
');
+					ob_end_flush();
+					$ifaddr = get_interface_addr($interface);
+					if ($ifaddr)
+						system("/sbin/ping -S$ifaddr -c$count " . escapeshellarg($host));
+					else
+						system("/sbin/ping -c$count " . escapeshellarg($host));
+					echo('
'); + } + ?> +
+
+
+ diff --git a/webgui/diag_traceroute.php b/webgui/diag_traceroute.php index 524bdbc..a265c4a 100644 --- a/webgui/diag_traceroute.php +++ b/webgui/diag_traceroute.php @@ -1,124 +1,124 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Diagnostics", "Traceroute"); -require("guiconfig.inc"); - - -define('MAX_TTL', 64); -define('DEFAULT_TTL', 18); - -if ($_POST) { - unset($input_errors); - unset($do_traceroute); - - /* input validation */ - $reqdfields = explode(" ", "host ttl"); - $reqdfieldsn = explode(",", "Host,ttl"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (($_POST['ttl'] < 1) || ($_POST['ttl'] > MAX_TTL)) { - $input_errors[] = "Maximum number of hops must be between 1 and {MAX_TTL}"; - } - - if (!$input_errors) { - $do_traceroute = true; - $host = $_POST['host']; - $ttl = $_POST['ttl']; - $resolve = $_POST['resolve']; - } -} -if (!isset($do_traceroute)) { - $do_traceroute = false; - $host = ''; - $ttl = DEFAULT_TTL; - $resolve = false; -} -?> - - - - -
-
    - 'diag_ping.php', - 'Traceroute' => 'diag_traceroute.php'); - dynamic_tab_menu($tabs); -?> -
-
- -
- - - - - - - - - - - - - - - - - - - - -
Host -
Maximum number of hops -
  > - Resolve IP addresses to hostnames
-
  - -
-

Note: Traceroute may take a while to complete. You may hit the Stop button on your browser at any time to see the progress of failed traceroutes.

- Traceroute output:
"); - echo('

');
-					ob_end_flush();
-					system("/usr/sbin/traceroute " . ($resolve ? "" : "-n ") . "-w 2 -m " . escapeshellarg($ttl) . " " . escapeshellarg($host));
-					echo('
'); - } - ?> -
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Diagnostics", "Traceroute"); +require("guiconfig.inc"); + + +define('MAX_TTL', 64); +define('DEFAULT_TTL', 18); + +if ($_POST) { + unset($input_errors); + unset($do_traceroute); + + /* input validation */ + $reqdfields = explode(" ", "host ttl"); + $reqdfieldsn = explode(",", "Host,ttl"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['ttl'] < 1) || ($_POST['ttl'] > MAX_TTL)) { + $input_errors[] = "Maximum number of hops must be between 1 and {MAX_TTL}"; + } + + if (!$input_errors) { + $do_traceroute = true; + $host = $_POST['host']; + $ttl = $_POST['ttl']; + $resolve = $_POST['resolve']; + } +} +if (!isset($do_traceroute)) { + $do_traceroute = false; + $host = ''; + $ttl = DEFAULT_TTL; + $resolve = false; +} +?> + + + + +
+
    + 'diag_ping.php', + 'Traceroute' => 'diag_traceroute.php'); + dynamic_tab_menu($tabs); +?> +
+
+ +
+ + + + + + + + + + + + + + + + + + + + +
Host +
Maximum number of hops +
  > + Resolve IP addresses to hostnames
+
  + +
+

Note: Traceroute may take a while to complete. You may hit the Stop button on your browser at any time to see the progress of failed traceroutes.

+ Traceroute output:
"); + echo('

');
+					ob_end_flush();
+					system("/usr/sbin/traceroute " . ($resolve ? "" : "-n ") . "-w 2 -m " . escapeshellarg($ttl) . " " . escapeshellarg($host));
+					echo('
'); + } + ?> +
+
+
+ diff --git a/webgui/exec.php b/webgui/exec.php index 6ff8e4b..3f6673a 100644 --- a/webgui/exec.php +++ b/webgui/exec.php @@ -1,291 +1,291 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -require("guiconfig.inc"); - -if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) { - session_cache_limiter('public'); - $fd = fopen($_POST['dlPath'], "rb"); - header("Content-Type: application/octet-stream"); - header("Content-Length: " . filesize($_POST['dlPath'])); - header("Content-Disposition: attachment; filename=\"" . - trim(htmlentities(basename($_POST['dlPath']))) . "\""); - - fpassthru($fd); - exit; -} else if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { - move_uploaded_file($_FILES['ulfile']['tmp_name'], "/tmp/" . $_FILES['ulfile']['name']); - $ulmsg = "Uploaded file to /tmp/" . htmlentities($_FILES['ulfile']['name']); - unset($_POST['txtCommand']); -} -?> - - - -) -*/ - -// Function: is Blank -// Returns true or false depending on blankness of argument. - -function isBlank( $arg ) { return ereg( "^\s*$", $arg ); } - - -// Function: Puts -// Put string, Ruby-style. - -function puts( $arg ) { echo "$arg\n"; } - - -// "Constants". - -$Version = ''; -$ScriptName = $HTTP_SERVER_VARS['SCRIPT_NAME']; -$Title = 'm0n0wall: execute command'; - -// Get year. - -$arrDT = localtime(); -$intYear = $arrDT[5] + 1900; - -?> - -<?=$Title ?> - - - - -> -

- -

Note: this function is unsupported. Use it -on your own risk!

- -" . $ulmsg . "

\n"; ?> -"); - puts("\$ " . htmlspecialchars($_POST['txtCommand'])); - putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); - putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); /* PHP scripts */ - $ph = popen($_POST['txtCommand'], "r" ); - while ($line = fgets($ph)) echo htmlspecialchars($line); - pclose($ph); - puts(""); -} - -?> - -
- - - - - - - - - - - - - - - - - - - - - -
Command:
  - - - - - -
Download: - - -
Upload: - -
-
- - +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require("guiconfig.inc"); + +if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) { + session_cache_limiter('public'); + $fd = fopen($_POST['dlPath'], "rb"); + header("Content-Type: application/octet-stream"); + header("Content-Length: " . filesize($_POST['dlPath'])); + header("Content-Disposition: attachment; filename=\"" . + trim(htmlentities(basename($_POST['dlPath']))) . "\""); + + fpassthru($fd); + exit; +} else if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { + move_uploaded_file($_FILES['ulfile']['tmp_name'], "/tmp/" . $_FILES['ulfile']['name']); + $ulmsg = "Uploaded file to /tmp/" . htmlentities($_FILES['ulfile']['name']); + unset($_POST['txtCommand']); +} +?> + + + +) +*/ + +// Function: is Blank +// Returns true or false depending on blankness of argument. + +function isBlank( $arg ) { return ereg( "^\s*$", $arg ); } + + +// Function: Puts +// Put string, Ruby-style. + +function puts( $arg ) { echo "$arg\n"; } + + +// "Constants". + +$Version = ''; +$ScriptName = $HTTP_SERVER_VARS['SCRIPT_NAME']; +$Title = 'm0n0wall: execute command'; + +// Get year. + +$arrDT = localtime(); +$intYear = $arrDT[5] + 1900; + +?> + +<?=$Title ?> + + + + +> +

+ +

Note: this function is unsupported. Use it +on your own risk!

+ +" . $ulmsg . "

\n"; ?> +"); + puts("\$ " . htmlspecialchars($_POST['txtCommand'])); + putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); + putenv("SCRIPT_FILENAME=" . strtok($_POST['txtCommand'], " ")); /* PHP scripts */ + $ph = popen($_POST['txtCommand'], "r" ); + while ($line = fgets($ph)) echo htmlspecialchars($line); + pclose($ph); + puts(""); +} + +?> + +
+ + + + + + + + + + + + + + + + + + + + + +
Command:
  + + + + + +
Download: + + +
Upload: + +
+
+ + diff --git a/webgui/exec_raw.php b/webgui/exec_raw.php index f27ae71..bce9fd5 100644 --- a/webgui/exec_raw.php +++ b/webgui/exec_raw.php @@ -1,39 +1,39 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -require("guiconfig.inc"); - -header("Content-Type: text/plain"); - -putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); -passthru($_GET['cmd']); - -exit(0); +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require("guiconfig.inc"); + +header("Content-Type: text/plain"); + +putenv("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"); +passthru($_GET['cmd']); + +exit(0); ?> \ No newline at end of file diff --git a/webgui/firewall_nat.php b/webgui/firewall_nat.php index 2dd94e9..b585e6e 100644 --- a/webgui/firewall_nat.php +++ b/webgui/firewall_nat.php @@ -1,163 +1,163 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Firewall", "NAT", "Inbound"); -require("guiconfig.inc"); - -if (!is_array($config['nat']['rule'])) { - $config['nat']['rule'] = array(); -} -nat_rules_sort(); -$a_nat = &$config['nat']['rule']; - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval |= filter_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - - if ($retval == 0) { - if (file_exists($d_natconfdirty_path)) - unlink($d_natconfdirty_path); - if (file_exists($d_filterconfdirty_path)) - unlink($d_filterconfdirty_path); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_nat[$_GET['id']]) { - unset($a_nat[$_GET['id']]); - write_config(); - touch($d_natconfdirty_path); - header("Location: firewall_nat.php"); - exit; - } -} -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'firewall_nat.php', - 'Server NAT' => 'firewall_nat_server.php', - '1:1' => 'firewall_nat_1to1.php', - 'Outbound' => 'firewall_nat_out.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - - - - - -
IfProtoExt. port rangeNAT IPInt. port rangeDescription
- - - - - - - - (ext.: " . $natent['external-address'] . ")"; - ?> - - - -   - -  

- Note:
- It is not possible to access NATed services - using the WAN IP address from within LAN (or an optional - network).
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Firewall", "NAT", "Inbound"); +require("guiconfig.inc"); + +if (!is_array($config['nat']['rule'])) { + $config['nat']['rule'] = array(); +} +nat_rules_sort(); +$a_nat = &$config['nat']['rule']; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_nat[$_GET['id']]) { + unset($a_nat[$_GET['id']]); + write_config(); + touch($d_natconfdirty_path); + header("Location: firewall_nat.php"); + exit; + } +} +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'firewall_nat.php', + 'Server NAT' => 'firewall_nat_server.php', + '1:1' => 'firewall_nat_1to1.php', + 'Outbound' => 'firewall_nat_out.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
IfProtoExt. port rangeNAT IPInt. port rangeDescription
+ + + + + + + + (ext.: " . $natent['external-address'] . ")"; + ?> + + + +   + +  

+ Note:
+ It is not possible to access NATed services + using the WAN IP address from within LAN (or an optional + network).
+
+ diff --git a/webgui/firewall_nat_1to1.php b/webgui/firewall_nat_1to1.php index b148684..e8e2eea 100644 --- a/webgui/firewall_nat_1to1.php +++ b/webgui/firewall_nat_1to1.php @@ -1,141 +1,141 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Firewall", "NAT", "1:1"); -require("guiconfig.inc"); - -if (!is_array($config['nat']['onetoone'])) { - $config['nat']['onetoone'] = array(); -} -$a_1to1 = &$config['nat']['onetoone']; -nat_1to1_rules_sort(); - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval |= filter_configure(); - $retval |= services_proxyarp_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - - if ($retval == 0) { - if (file_exists($d_natconfdirty_path)) - unlink($d_natconfdirty_path); - if (file_exists($d_filterconfdirty_path)) - unlink($d_filterconfdirty_path); - if (file_exists($d_proxyarpdirty_path)) - unlink($d_proxyarpdirty_path); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_1to1[$_GET['id']]) { - unset($a_1to1[$_GET['id']]); - write_config(); - touch($d_natconfdirty_path); - header("Location: firewall_nat_1to1.php"); - exit; - } -} -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'firewall_nat.php', - 'Server NAT' => 'firewall_nat_server.php', - '1:1' => 'firewall_nat_1to1.php', - 'Outbound' => 'firewall_nat_out.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - -
InterfaceExternal IPInternal IPDescription
- - - - - - -   - -  

- Note:
- Depending on the way your WAN connection is setup, you may also need proxy ARP. -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Firewall", "NAT", "1:1"); +require("guiconfig.inc"); + +if (!is_array($config['nat']['onetoone'])) { + $config['nat']['onetoone'] = array(); +} +$a_1to1 = &$config['nat']['onetoone']; +nat_1to1_rules_sort(); + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval |= filter_configure(); + $retval |= services_proxyarp_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + if (file_exists($d_proxyarpdirty_path)) + unlink($d_proxyarpdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_1to1[$_GET['id']]) { + unset($a_1to1[$_GET['id']]); + write_config(); + touch($d_natconfdirty_path); + header("Location: firewall_nat_1to1.php"); + exit; + } +} +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'firewall_nat.php', + 'Server NAT' => 'firewall_nat_server.php', + '1:1' => 'firewall_nat_1to1.php', + 'Outbound' => 'firewall_nat_out.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + +
InterfaceExternal IPInternal IPDescription
+ + + + + + +   + +  

+ Note:
+ Depending on the way your WAN connection is setup, you may also need proxy ARP. +
+
+ diff --git a/webgui/firewall_nat_out.php b/webgui/firewall_nat_out.php index 4b2610c..1d13c10 100644 --- a/webgui/firewall_nat_out.php +++ b/webgui/firewall_nat_out.php @@ -1,178 +1,178 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Firewall", "NAT", "Outbound"); -require("guiconfig.inc"); - -if (!is_array($config['nat']['advancedoutbound']['rule'])) - $config['nat']['advancedoutbound']['rule'] = array(); - -$a_out = &$config['nat']['advancedoutbound']['rule']; -nat_out_rules_sort(); - -if ($_POST) { - - $pconfig = $_POST; - - $config['nat']['advancedoutbound']['enable'] = ($_POST['enable']) ? true : false; - write_config(); - - $retval = 0; - - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval |= filter_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - - if ($retval == 0) { - if (file_exists($d_natconfdirty_path)) - unlink($d_natconfdirty_path); - if (file_exists($d_filterconfdirty_path)) - unlink($d_filterconfdirty_path); - } -} - -if ($_GET['act'] == "del") { - if ($a_out[$_GET['id']]) { - unset($a_out[$_GET['id']]); - write_config(); - touch($d_natconfdirty_path); - header("Location: firewall_nat_out.php"); - exit; - } -} -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'firewall_nat.php', - 'Server NAT' => 'firewall_nat_server.php', - '1:1' => 'firewall_nat_1to1.php', - 'Outbound' => 'firewall_nat_out.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - -
- > - Enable advanced outbound NAT
-

Note:
- If advanced outbound NAT is enabled, no outbound NAT - rules will be automatically generated anymore. Instead, only the mappings - you specify below will be used. With advanced outbound NAT disabled, - a mapping is automatically created for each interface's subnet - (except WAN) and any mappings specified below will be ignored. - If you use target addresses other than the WAN interface's IP address, - then depending on the way your WAN connection is setup, - you may also need proxy ARP.
-
- You may enter your own mappings below.

-
- - - - - - - - - - - - - - - - - - - - - - - -
InterfaceSourceDestinationTargetDescription
- - - - - - - - -   - -  
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Firewall", "NAT", "Outbound"); +require("guiconfig.inc"); + +if (!is_array($config['nat']['advancedoutbound']['rule'])) + $config['nat']['advancedoutbound']['rule'] = array(); + +$a_out = &$config['nat']['advancedoutbound']['rule']; +nat_out_rules_sort(); + +if ($_POST) { + + $pconfig = $_POST; + + $config['nat']['advancedoutbound']['enable'] = ($_POST['enable']) ? true : false; + write_config(); + + $retval = 0; + + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + } +} + +if ($_GET['act'] == "del") { + if ($a_out[$_GET['id']]) { + unset($a_out[$_GET['id']]); + write_config(); + touch($d_natconfdirty_path); + header("Location: firewall_nat_out.php"); + exit; + } +} +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'firewall_nat.php', + 'Server NAT' => 'firewall_nat_server.php', + '1:1' => 'firewall_nat_1to1.php', + 'Outbound' => 'firewall_nat_out.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + +
+ > + Enable advanced outbound NAT
+

Note:
+ If advanced outbound NAT is enabled, no outbound NAT + rules will be automatically generated anymore. Instead, only the mappings + you specify below will be used. With advanced outbound NAT disabled, + a mapping is automatically created for each interface's subnet + (except WAN) and any mappings specified below will be ignored. + If you use target addresses other than the WAN interface's IP address, + then depending on the way your WAN connection is setup, + you may also need proxy ARP.
+
+ You may enter your own mappings below.

+
+ + + + + + + + + + + + + + + + + + + + + + + +
InterfaceSourceDestinationTargetDescription
+ + + + + + + + +   + +  
+
+
+ diff --git a/webgui/firewall_nat_server.php b/webgui/firewall_nat_server.php index da3dbfd..9690476 100644 --- a/webgui/firewall_nat_server.php +++ b/webgui/firewall_nat_server.php @@ -1,136 +1,136 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Firewall", "NAT", "Server NAT"); -require("guiconfig.inc"); - -if (!is_array($config['nat']['servernat'])) { - $config['nat']['servernat'] = array(); -} -$a_snat = &$config['nat']['servernat']; -nat_server_rules_sort(); - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval |= filter_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - - if ($retval == 0) { - if (file_exists($d_natconfdirty_path)) - unlink($d_natconfdirty_path); - if (file_exists($d_filterconfdirty_path)) - unlink($d_filterconfdirty_path); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_snat[$_GET['id']]) { - /* make sure no inbound NAT mappings reference this entry */ - if (is_array($config['nat']['rule'])) { - foreach ($config['nat']['rule'] as $rule) { - if ($rule['external-address'] == $a_snat[$_GET['id']]['ipaddr']) { - $input_errors[] = "This entry cannot be deleted because it is still referenced by at least one inbound NAT mapping."; - break; - } - } - } - - if (!$input_errors) { - unset($a_snat[$_GET['id']]); - write_config(); - touch($d_natconfdirty_path); - header("Location: firewall_nat_server.php"); - exit; - } - } -} -?> - -
- - -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'firewall_nat.php', - 'Server NAT' => 'firewall_nat_server.php', - '1:1' => 'firewall_nat_1to1.php', - 'Outbound' => 'firewall_nat_out.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - -
External IP addressDescription
- - -   - -  

- Note:
- The external IP addresses defined on this page may be used in inbound NAT mappings. Depending on the way your WAN connection is setup, you may also need proxy ARP. -
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Firewall", "NAT", "Server NAT"); +require("guiconfig.inc"); + +if (!is_array($config['nat']['servernat'])) { + $config['nat']['servernat'] = array(); +} +$a_snat = &$config['nat']['servernat']; +nat_server_rules_sort(); + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_snat[$_GET['id']]) { + /* make sure no inbound NAT mappings reference this entry */ + if (is_array($config['nat']['rule'])) { + foreach ($config['nat']['rule'] as $rule) { + if ($rule['external-address'] == $a_snat[$_GET['id']]['ipaddr']) { + $input_errors[] = "This entry cannot be deleted because it is still referenced by at least one inbound NAT mapping."; + break; + } + } + } + + if (!$input_errors) { + unset($a_snat[$_GET['id']]); + write_config(); + touch($d_natconfdirty_path); + header("Location: firewall_nat_server.php"); + exit; + } + } +} +?> + +
+ + +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'firewall_nat.php', + 'Server NAT' => 'firewall_nat_server.php', + '1:1' => 'firewall_nat_1to1.php', + 'Outbound' => 'firewall_nat_out.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + +
External IP addressDescription
+ + +   + +  

+ Note:
+ The external IP addresses defined on this page may be used in inbound NAT mappings. Depending on the way your WAN connection is setup, you may also need proxy ARP. +
+
+ diff --git a/webgui/firewall_shaper.php b/webgui/firewall_shaper.php index 459b576..bc9cd0e 100644 --- a/webgui/firewall_shaper.php +++ b/webgui/firewall_shaper.php @@ -1,260 +1,260 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Firewall", "Traffic shaper", "Rules"); -require("guiconfig.inc"); - -if (!is_array($config['shaper']['rule'])) { - $config['shaper']['rule'] = array(); -} -if (!is_array($config['shaper']['pipe'])) { - $config['shaper']['pipe'] = array(); -} -if (!is_array($config['shaper']['queue'])) { - $config['shaper']['queue'] = array(); -} -$a_shaper = &$config['shaper']['rule']; -$a_pipe = &$config['shaper']['pipe']; -$a_queue = &$config['shaper']['queue']; - -$pconfig['enable'] = isset($config['shaper']['enable']); - -if ($_POST) { - - if ($_POST['submit']) { - $pconfig = $_POST; - $config['shaper']['enable'] = $_POST['enable'] ? true : false; - write_config(); - } - - if ($_POST['apply'] || $_POST['submit']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval = shaper_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - if ($retval == 0) { - if (file_exists($d_shaperconfdirty_path)) - unlink($d_shaperconfdirty_path); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_shaper[$_GET['id']]) { - unset($a_shaper[$_GET['id']]); - write_config(); - touch($d_shaperconfdirty_path); - header("Location: firewall_shaper.php"); - exit; - } -} else if ($_GET['act'] == "down") { - if ($a_shaper[$_GET['id']] && $a_shaper[$_GET['id']+1]) { - $tmp = $a_shaper[$_GET['id']+1]; - $a_shaper[$_GET['id']+1] = $a_shaper[$_GET['id']]; - $a_shaper[$_GET['id']] = $tmp; - write_config(); - touch($d_shaperconfdirty_path); - header("Location: firewall_shaper.php"); - exit; - } -} else if ($_GET['act'] == "up") { - if (($_GET['id'] > 0) && $a_shaper[$_GET['id']]) { - $tmp = $a_shaper[$_GET['id']-1]; - $a_shaper[$_GET['id']-1] = $a_shaper[$_GET['id']]; - $a_shaper[$_GET['id']] = $tmp; - write_config(); - touch($d_shaperconfdirty_path); - header("Location: firewall_shaper.php"); - exit; - } -} else if ($_GET['act'] == "toggle") { - if ($a_shaper[$_GET['id']]) { - $a_shaper[$_GET['id']]['disabled'] = !isset($a_shaper[$_GET['id']]['disabled']); - write_config(); - touch($d_shaperconfdirty_path); - header("Location: firewall_shaper.php"); - exit; - } -} -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'firewall_shaper.php', - 'Pipes' => 'firewall_shaper_pipes.php', - 'Queues' => 'firewall_shaper_queues.php', - 'Magic shaper wizard' => 'firewall_shaper_magic.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - -
- > - Enable traffic shaper
-
-  
- - - - - - - - - - - - - - - - - - - - - - - - - -
IfProtoSourceDestinationTargetDescription
- "; - $textse = ""; - } else { - $textss = $textse = ""; - } - $iflabels = array('lan' => 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP'); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) - $iflabels['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; - echo $textss . htmlspecialchars($iflabels[$shaperent['interface']]); - echo "
"; - echo ""; - if ($shaperent['direction'] != "in") - echo ""; - if ($shaperent['direction'] != "out") - echo ""; - echo "" . $textse;; - ?> - 		- - -
- Port: - - 		-
- Port: - - 		- {$desc}"; - } else if (isset($shaperent['targetqueue'])) { - if ($a_queue[$shaperent['targetqueue']]['descr']) - $desc = htmlspecialchars($a_queue[$shaperent['targetqueue']]['descr']); - else - $desc = "Queue " . ($shaperent['targetqueue']+1); - echo "{$desc}"; - } - ?> - - -   - 0): ?> - - - -
- - - - - - - -
- - - - - - - - - - - - - - - - - - - -
incoming (as seen by firewall)outgoing (as seen by firewall)
incoming (disabled)outgoing (disabled)

- Note:
- the first rule that matches a packet will be executed.
- The following match patterns are not shown in the list above: - IP packet length, TCP flags.
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Firewall", "Traffic shaper", "Rules"); +require("guiconfig.inc"); + +if (!is_array($config['shaper']['rule'])) { + $config['shaper']['rule'] = array(); +} +if (!is_array($config['shaper']['pipe'])) { + $config['shaper']['pipe'] = array(); +} +if (!is_array($config['shaper']['queue'])) { + $config['shaper']['queue'] = array(); +} +$a_shaper = &$config['shaper']['rule']; +$a_pipe = &$config['shaper']['pipe']; +$a_queue = &$config['shaper']['queue']; + +$pconfig['enable'] = isset($config['shaper']['enable']); + +if ($_POST) { + + if ($_POST['submit']) { + $pconfig = $_POST; + $config['shaper']['enable'] = $_POST['enable'] ? true : false; + write_config(); + } + + if ($_POST['apply'] || $_POST['submit']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = shaper_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_shaperconfdirty_path)) + unlink($d_shaperconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_shaper[$_GET['id']]) { + unset($a_shaper[$_GET['id']]); + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper.php"); + exit; + } +} else if ($_GET['act'] == "down") { + if ($a_shaper[$_GET['id']] && $a_shaper[$_GET['id']+1]) { + $tmp = $a_shaper[$_GET['id']+1]; + $a_shaper[$_GET['id']+1] = $a_shaper[$_GET['id']]; + $a_shaper[$_GET['id']] = $tmp; + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper.php"); + exit; + } +} else if ($_GET['act'] == "up") { + if (($_GET['id'] > 0) && $a_shaper[$_GET['id']]) { + $tmp = $a_shaper[$_GET['id']-1]; + $a_shaper[$_GET['id']-1] = $a_shaper[$_GET['id']]; + $a_shaper[$_GET['id']] = $tmp; + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper.php"); + exit; + } +} else if ($_GET['act'] == "toggle") { + if ($a_shaper[$_GET['id']]) { + $a_shaper[$_GET['id']]['disabled'] = !isset($a_shaper[$_GET['id']]['disabled']); + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper.php"); + exit; + } +} +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'firewall_shaper.php', + 'Pipes' => 'firewall_shaper_pipes.php', + 'Queues' => 'firewall_shaper_queues.php', + 'Magic shaper wizard' => 'firewall_shaper_magic.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + +
+ > + Enable traffic shaper
+
+  
+ + + + + + + + + + + + + + + + + + + + + + + + + +
IfProtoSourceDestinationTargetDescription
+ "; + $textse = ""; + } else { + $textss = $textse = ""; + } + $iflabels = array('lan' => 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP'); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) + $iflabels['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; + echo $textss . htmlspecialchars($iflabels[$shaperent['interface']]); + echo "
"; + echo ""; + if ($shaperent['direction'] != "in") + echo ""; + if ($shaperent['direction'] != "out") + echo ""; + echo "" . $textse;; + ?> + 		+ + +
+ Port: + + 		+
+ Port: + + 		+ {$desc}"; + } else if (isset($shaperent['targetqueue'])) { + if ($a_queue[$shaperent['targetqueue']]['descr']) + $desc = htmlspecialchars($a_queue[$shaperent['targetqueue']]['descr']); + else + $desc = "Queue " . ($shaperent['targetqueue']+1); + echo "{$desc}"; + } + ?> + + +   + 0): ?> + + + +
+ + + + + + + +
+ + + + + + + + + + + + + + + + + + + +
incoming (as seen by firewall)outgoing (as seen by firewall)
incoming (disabled)outgoing (disabled)

+ Note:
+ the first rule that matches a packet will be executed.
+ The following match patterns are not shown in the list above: + IP packet length, TCP flags.
+
+ diff --git a/webgui/firewall_shaper_magic.php b/webgui/firewall_shaper_magic.php index 930d169..2a6714d 100644 --- a/webgui/firewall_shaper_magic.php +++ b/webgui/firewall_shaper_magic.php @@ -1,413 +1,413 @@ -#!/usr/local/bin/php - - Copyright (C) 2004 Dinesh Nair - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Firewall", "Traffic shaper", "Magic shaper wizard"); -require("guiconfig.inc"); - -function wipe_magic () { - global $config; - - /* wipe previous */ - $types=array("pipe","queue","rule"); - foreach ($types as $type) { - foreach (array_keys($config['shaper'][$type]) as $num) { - if (substr($config['shaper'][$type][$num]['descr'],0,2) == "m_") { - unset($config['shaper'][$type][$num]); - } - } - } - /* Although we don't delete user-defined rules, it's probably best to - disable the shaper to prevent bad things from happening */ - $config['shaper']['enable'] = FALSE; -} - -function populate_p2p(&$rulei) { - global $config; - - /* To add p2p clients, push Descr,Protocol,Start,End,src/dest/both onto p2plist */ - $p2plist[] = array('BitTorrent','tcp','6881','6999','both'); - $p2plist[] = array('DirectConnect','','412','412','both'); - $p2plist[] = array('DirectFileExpress','','1044','1045','both'); - $p2plist[] = array('FastTrack','','1214','1214','both'); - $p2plist[] = array('CuteMX','','2340','2340','both'); - $p2plist[] = array('iMest','','4329','4329','both'); - $p2plist[] = array('EDonkey2000','','4661','4665','both'); - $p2plist[] = array('SongSpy','','5190','5190','both'); - $p2plist[] = array('HotlineConnect','','5500','5503','both'); - $p2plist[] = array('Gnutella','','6346','6346','both'); - $p2plist[] = array('dcc','','6666','6668','both'); - $p2plist[] = array('Napster','','6699','6701','both'); - $p2plist[] = array('Aimster','','7668','7668','both'); - $p2plist[] = array('BuddyShare','','7788','7788','both'); - $p2plist[] = array('Scour','','8311','8311','both'); - $p2plist[] = array('OpenNap','','8888','8889','both'); - $p2plist[] = array('hotComm','','28864','28865','both'); - - /* Set up/down p2p as lowest weight */ - $direction = array("in","out"); - foreach ($p2plist as $p2pclient) { - foreach ($direction as $dir) { - foreach (array('source','destination') as $srcdest) { - if (($p2pclient[4] == $srcdest) || ($p2pclient[4] == 'both')) { - $config['shaper']['rule'][$rulei]['descr'] = "m_P2P $p2pclient[0]"; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "$dir"; - $config['shaper']['rule'][$rulei]['source']['any'] = 1; - $config['shaper']['rule'][$rulei]['destination']['any'] = 1; - $config['shaper']['rule'][$rulei][$srcdest]['port'] = $p2pclient[2]."-".$p2pclient[3]; - if($p2pclient[1] != '') - $config['shaper']['rule'][$rulei]['protocol'] = $p2pclient[1]; - if ($dir == "out") { - $config['shaper']['rule'][$rulei]['targetqueue'] = 4; - } else { - $config['shaper']['rule'][$rulei]['targetqueue'] = 6; - } - $rulei++; - } - } - } - } -} - -function create_magic ($maxup, $maxdown, $p2plow,$maskq) { - global $config; - - $config['shaper']['enable'] = TRUE; - $pipei = 0; - $queuei = 0; - $rulei = 0; - - /* Create new pipes */ - $config['shaper']['pipe'][$pipei]['descr'] = "m_Total Upload"; - $config['shaper']['pipe'][$pipei]['bandwidth'] = round($maxup * .90); - $pipei++; - $config['shaper']['pipe'][$pipei]['descr'] = "m_Total Download"; - $config['shaper']['pipe'][$pipei]['bandwidth'] = round($maxdown * .95); - $pipei++; - - /* Create new queues */ - $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #1 Upload"; - $config['shaper']['queue'][$queuei]['targetpipe'] = 0; - $config['shaper']['queue'][$queuei]['weight'] = 50; - $queuei++; - $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #2 Upload"; - $config['shaper']['queue'][$queuei]['targetpipe'] = 0; - $config['shaper']['queue'][$queuei]['weight'] = 30; - $queuei++; - $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #3 Upload"; - $config['shaper']['queue'][$queuei]['targetpipe'] = 0; - $config['shaper']['queue'][$queuei]['weight'] = 15; - $queuei++; - $config['shaper']['queue'][$queuei]['descr'] = "m_Bulk Upload"; - $config['shaper']['queue'][$queuei]['targetpipe'] = 0; - $config['shaper']['queue'][$queuei]['weight'] = 4; - $queuei++; - $config['shaper']['queue'][$queuei]['descr'] = "m_Hated Upload"; - $config['shaper']['queue'][$queuei]['targetpipe'] = 0; - $config['shaper']['queue'][$queuei]['weight'] = 1; - $queuei++; - $config['shaper']['queue'][$queuei]['descr'] = "m_Bulk Download"; - $config['shaper']['queue'][$queuei]['targetpipe'] = 1; - $config['shaper']['queue'][$queuei]['weight'] = 30; - $queuei++; - $config['shaper']['queue'][$queuei]['descr'] = "m_Hated Download"; - $config['shaper']['queue'][$queuei]['targetpipe'] = 1; - $config['shaper']['queue'][$queuei]['weight'] = 10; - $queuei++; - $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority Download"; - $config['shaper']['queue'][$queuei]['targetpipe'] = 1; - $config['shaper']['queue'][$queuei]['weight'] = 60; - $queuei++; - if ($maskq) { - for ($i = 0; $i < $queuei; $i++) { - if (stristr($config['shaper']['queue'][$i]['descr'],"upload")) { - $config['shaper']['queue'][$i]['mask'] = 'source'; - } else if (stristr($config['shaper']['queue'][$i]['descr'],"download")) { - $config['shaper']['queue'][$i]['mask'] = 'destination'; - } - } - } - - /* Create new rules */ - if ($p2plow) - populate_p2p($rulei); - - $config['shaper']['rule'][$rulei]['descr'] = "m_TCP ACK Upload"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 2; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "out"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['iplen'] = "0-80"; - $config['shaper']['rule'][$rulei]['protocol'] = "tcp"; - $config['shaper']['rule'][$rulei]['tcpflags'] = "ack"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_Small Pkt Upload"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 0; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "out"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['iplen'] = "0-100"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_Outbound DNS Query"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 0; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "out"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['port'] = 53; - $config['shaper']['rule'][$rulei]['protocol'] = "udp"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_AH Upload"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 0; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "out"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['protocol'] = "ah"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_ESP Upload"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 0; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "out"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['protocol'] = "esp"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_GRE Upload"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 0; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "out"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['protocol'] = "gre"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_ICMP Upload"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 1; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "out"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['protocol'] = "icmp"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_Catch-All Upload"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 3; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "out"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_ICMP Download"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 7; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "in"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['protocol'] = "icmp"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_Small Pkt Download"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 7; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "in"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['iplen'] = "0-100"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_AH Download"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 7; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "in"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['protocol'] = "ah"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_ESP Download"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 7; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "in"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['protocol'] = "esp"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_GRE Download"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 7; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "in"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['protocol'] = "gre"; - $rulei++; - $config['shaper']['rule'][$rulei]['descr'] = "m_Catch-All Download"; - $config['shaper']['rule'][$rulei]['targetqueue'] = 5; - $config['shaper']['rule'][$rulei]['interface'] = "wan"; - $config['shaper']['rule'][$rulei]['direction'] = "in"; - $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; - $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; - $rulei++; -} - -if (!is_array($config['shaper']['rule'])) { - $config['shaper']['rule'] = array(); -} -if (!is_array($config['shaper']['pipe'])) { - $config['shaper']['pipe'] = array(); -} -if (!is_array($config['shaper']['queue'])) { - $config['shaper']['queue'] = array(); -} - -$a_shaper = &$config['shaper']['rule']; -$a_queues = &$config['shaper']['queue']; -$a_pipes = &$config['shaper']['pipe']; - -$pconfig['p2plow'] = isset($config['shaper']['magic']['p2plow']); -$pconfig['maskq'] = isset($config['shaper']['magic']['maskq']); -$pconfig['maxup'] = $config['shaper']['magic']['maxup']; -$pconfig['maxdown'] = $config['shaper']['magic']['maxdown']; - -if ($_POST) { - - if ($_POST['install']) { - unset($input_errors); - $pconfig = $_POST; - $reqdfields = explode(" ", "maxup maxdown"); - $reqdfieldsn = explode(",", "Max. Upload,Max.Download"); - do_input_validation($_POST,$reqdfields, $reqdfieldsn, &$input_errors); - if (($_POST['maxup'] && !is_numericint($_POST['maxup']))) { - $input_errors[] = "The max upload bandwidth must be an integer."; - } - if (($_POST['maxdown'] && !is_numericint($_POST['maxdown']))) { - $input_errors[] = "The max download bandwidth must be an integer."; - } - if (!$input_errors) { - if ($_POST['install']) { - unset ($config['shaper']); - create_magic($_POST['maxup'],$_POST['maxdown'],$_POST['p2plow']?TRUE:FALSE,$_POST['maskq']?TRUE:FALSE); - touch($d_shaperconfdirty_path); - } - $config['shaper']['magic']['p2plow'] = $_POST['p2plow'] ? TRUE : FALSE; - $config['shaper']['magic']['maskq'] = $_POST['maskq'] ? TRUE : FALSE; - $config['shaper']['magic']['maxup'] = $_POST['maxup']; - $config['shaper']['magic']['maxdown'] = $_POST['maxdown']; - write_config(); - } - } - if ($_POST['remove']) { - wipe_magic(); - $note = '

Note: The traffic shaper has been disabled.
All of your user-defined rules/pipes/queues are still intact.
'; - touch($d_shaperconfdirty_path); - write_config(); - } - if ($_POST['apply']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval = shaper_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - if ($retval == 0) { - if (file_exists($d_shaperconfdirty_path)) - unlink($d_shaperconfdirty_path); - } - } -} - -?> - -

- -

-You must apply the changes in order for them to take effect.$note");?>
-

- - - - - - -
-
    - 'firewall_shaper.php', - 'Pipes' => 'firewall_shaper_pipes.php', - 'Queues' => 'firewall_shaper_queues.php', - 'Magic shaper wizard' => 'firewall_shaper_magic.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - -
  - > - Set P2P traffic to lowest priority
  - > - Share bandwidth evenly on LAN
Downstream
- speed 		- - kbps
- Enter the speed of your WAN downstream link here.
Upstream
- speed		 - kbps
- Enter the speed of your WAN upstream link here.
  - -   - -

- All existing traffic shaper rules/pipes/queues will be deleted once "Install/Update" has been pressed! Backup your configuration before proceeding!

- Note:
- By entering your maximum upload and download values and pressing the "Install/Update" button, the magic shaper will do its best to create the optimum shaping rules, queues, and pipes for you. These rules will help ensure that interactive traffic remains acceptable while the upstream bandwidth is being consumed by heavy traffic. -
- - +#!/usr/local/bin/php + + Copyright (C) 2004 Dinesh Nair + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Firewall", "Traffic shaper", "Magic shaper wizard"); +require("guiconfig.inc"); + +function wipe_magic () { + global $config; + + /* wipe previous */ + $types=array("pipe","queue","rule"); + foreach ($types as $type) { + foreach (array_keys($config['shaper'][$type]) as $num) { + if (substr($config['shaper'][$type][$num]['descr'],0,2) == "m_") { + unset($config['shaper'][$type][$num]); + } + } + } + /* Although we don't delete user-defined rules, it's probably best to + disable the shaper to prevent bad things from happening */ + $config['shaper']['enable'] = FALSE; +} + +function populate_p2p(&$rulei) { + global $config; + + /* To add p2p clients, push Descr,Protocol,Start,End,src/dest/both onto p2plist */ + $p2plist[] = array('BitTorrent','tcp','6881','6999','both'); + $p2plist[] = array('DirectConnect','','412','412','both'); + $p2plist[] = array('DirectFileExpress','','1044','1045','both'); + $p2plist[] = array('FastTrack','','1214','1214','both'); + $p2plist[] = array('CuteMX','','2340','2340','both'); + $p2plist[] = array('iMest','','4329','4329','both'); + $p2plist[] = array('EDonkey2000','','4661','4665','both'); + $p2plist[] = array('SongSpy','','5190','5190','both'); + $p2plist[] = array('HotlineConnect','','5500','5503','both'); + $p2plist[] = array('Gnutella','','6346','6346','both'); + $p2plist[] = array('dcc','','6666','6668','both'); + $p2plist[] = array('Napster','','6699','6701','both'); + $p2plist[] = array('Aimster','','7668','7668','both'); + $p2plist[] = array('BuddyShare','','7788','7788','both'); + $p2plist[] = array('Scour','','8311','8311','both'); + $p2plist[] = array('OpenNap','','8888','8889','both'); + $p2plist[] = array('hotComm','','28864','28865','both'); + + /* Set up/down p2p as lowest weight */ + $direction = array("in","out"); + foreach ($p2plist as $p2pclient) { + foreach ($direction as $dir) { + foreach (array('source','destination') as $srcdest) { + if (($p2pclient[4] == $srcdest) || ($p2pclient[4] == 'both')) { + $config['shaper']['rule'][$rulei]['descr'] = "m_P2P $p2pclient[0]"; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "$dir"; + $config['shaper']['rule'][$rulei]['source']['any'] = 1; + $config['shaper']['rule'][$rulei]['destination']['any'] = 1; + $config['shaper']['rule'][$rulei][$srcdest]['port'] = $p2pclient[2]."-".$p2pclient[3]; + if($p2pclient[1] != '') + $config['shaper']['rule'][$rulei]['protocol'] = $p2pclient[1]; + if ($dir == "out") { + $config['shaper']['rule'][$rulei]['targetqueue'] = 4; + } else { + $config['shaper']['rule'][$rulei]['targetqueue'] = 6; + } + $rulei++; + } + } + } + } +} + +function create_magic ($maxup, $maxdown, $p2plow,$maskq) { + global $config; + + $config['shaper']['enable'] = TRUE; + $pipei = 0; + $queuei = 0; + $rulei = 0; + + /* Create new pipes */ + $config['shaper']['pipe'][$pipei]['descr'] = "m_Total Upload"; + $config['shaper']['pipe'][$pipei]['bandwidth'] = round($maxup * .90); + $pipei++; + $config['shaper']['pipe'][$pipei]['descr'] = "m_Total Download"; + $config['shaper']['pipe'][$pipei]['bandwidth'] = round($maxdown * .95); + $pipei++; + + /* Create new queues */ + $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #1 Upload"; + $config['shaper']['queue'][$queuei]['targetpipe'] = 0; + $config['shaper']['queue'][$queuei]['weight'] = 50; + $queuei++; + $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #2 Upload"; + $config['shaper']['queue'][$queuei]['targetpipe'] = 0; + $config['shaper']['queue'][$queuei]['weight'] = 30; + $queuei++; + $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority #3 Upload"; + $config['shaper']['queue'][$queuei]['targetpipe'] = 0; + $config['shaper']['queue'][$queuei]['weight'] = 15; + $queuei++; + $config['shaper']['queue'][$queuei]['descr'] = "m_Bulk Upload"; + $config['shaper']['queue'][$queuei]['targetpipe'] = 0; + $config['shaper']['queue'][$queuei]['weight'] = 4; + $queuei++; + $config['shaper']['queue'][$queuei]['descr'] = "m_Hated Upload"; + $config['shaper']['queue'][$queuei]['targetpipe'] = 0; + $config['shaper']['queue'][$queuei]['weight'] = 1; + $queuei++; + $config['shaper']['queue'][$queuei]['descr'] = "m_Bulk Download"; + $config['shaper']['queue'][$queuei]['targetpipe'] = 1; + $config['shaper']['queue'][$queuei]['weight'] = 30; + $queuei++; + $config['shaper']['queue'][$queuei]['descr'] = "m_Hated Download"; + $config['shaper']['queue'][$queuei]['targetpipe'] = 1; + $config['shaper']['queue'][$queuei]['weight'] = 10; + $queuei++; + $config['shaper']['queue'][$queuei]['descr'] = "m_High Priority Download"; + $config['shaper']['queue'][$queuei]['targetpipe'] = 1; + $config['shaper']['queue'][$queuei]['weight'] = 60; + $queuei++; + if ($maskq) { + for ($i = 0; $i < $queuei; $i++) { + if (stristr($config['shaper']['queue'][$i]['descr'],"upload")) { + $config['shaper']['queue'][$i]['mask'] = 'source'; + } else if (stristr($config['shaper']['queue'][$i]['descr'],"download")) { + $config['shaper']['queue'][$i]['mask'] = 'destination'; + } + } + } + + /* Create new rules */ + if ($p2plow) + populate_p2p($rulei); + + $config['shaper']['rule'][$rulei]['descr'] = "m_TCP ACK Upload"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 2; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "out"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['iplen'] = "0-80"; + $config['shaper']['rule'][$rulei]['protocol'] = "tcp"; + $config['shaper']['rule'][$rulei]['tcpflags'] = "ack"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_Small Pkt Upload"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 0; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "out"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['iplen'] = "0-100"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_Outbound DNS Query"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 0; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "out"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['port'] = 53; + $config['shaper']['rule'][$rulei]['protocol'] = "udp"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_AH Upload"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 0; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "out"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['protocol'] = "ah"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_ESP Upload"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 0; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "out"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['protocol'] = "esp"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_GRE Upload"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 0; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "out"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['protocol'] = "gre"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_ICMP Upload"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 1; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "out"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['protocol'] = "icmp"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_Catch-All Upload"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 3; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "out"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_ICMP Download"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 7; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "in"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['protocol'] = "icmp"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_Small Pkt Download"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 7; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "in"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['iplen'] = "0-100"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_AH Download"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 7; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "in"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['protocol'] = "ah"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_ESP Download"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 7; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "in"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['protocol'] = "esp"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_GRE Download"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 7; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "in"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['protocol'] = "gre"; + $rulei++; + $config['shaper']['rule'][$rulei]['descr'] = "m_Catch-All Download"; + $config['shaper']['rule'][$rulei]['targetqueue'] = 5; + $config['shaper']['rule'][$rulei]['interface'] = "wan"; + $config['shaper']['rule'][$rulei]['direction'] = "in"; + $config['shaper']['rule'][$rulei]['source']['any'] = TRUE; + $config['shaper']['rule'][$rulei]['destination']['any'] = TRUE; + $rulei++; +} + +if (!is_array($config['shaper']['rule'])) { + $config['shaper']['rule'] = array(); +} +if (!is_array($config['shaper']['pipe'])) { + $config['shaper']['pipe'] = array(); +} +if (!is_array($config['shaper']['queue'])) { + $config['shaper']['queue'] = array(); +} + +$a_shaper = &$config['shaper']['rule']; +$a_queues = &$config['shaper']['queue']; +$a_pipes = &$config['shaper']['pipe']; + +$pconfig['p2plow'] = isset($config['shaper']['magic']['p2plow']); +$pconfig['maskq'] = isset($config['shaper']['magic']['maskq']); +$pconfig['maxup'] = $config['shaper']['magic']['maxup']; +$pconfig['maxdown'] = $config['shaper']['magic']['maxdown']; + +if ($_POST) { + + if ($_POST['install']) { + unset($input_errors); + $pconfig = $_POST; + $reqdfields = explode(" ", "maxup maxdown"); + $reqdfieldsn = explode(",", "Max. Upload,Max.Download"); + do_input_validation($_POST,$reqdfields, $reqdfieldsn, &$input_errors); + if (($_POST['maxup'] && !is_numericint($_POST['maxup']))) { + $input_errors[] = "The max upload bandwidth must be an integer."; + } + if (($_POST['maxdown'] && !is_numericint($_POST['maxdown']))) { + $input_errors[] = "The max download bandwidth must be an integer."; + } + if (!$input_errors) { + if ($_POST['install']) { + unset ($config['shaper']); + create_magic($_POST['maxup'],$_POST['maxdown'],$_POST['p2plow']?TRUE:FALSE,$_POST['maskq']?TRUE:FALSE); + touch($d_shaperconfdirty_path); + } + $config['shaper']['magic']['p2plow'] = $_POST['p2plow'] ? TRUE : FALSE; + $config['shaper']['magic']['maskq'] = $_POST['maskq'] ? TRUE : FALSE; + $config['shaper']['magic']['maxup'] = $_POST['maxup']; + $config['shaper']['magic']['maxdown'] = $_POST['maxdown']; + write_config(); + } + } + if ($_POST['remove']) { + wipe_magic(); + $note = '

Note: The traffic shaper has been disabled.
All of your user-defined rules/pipes/queues are still intact.
'; + touch($d_shaperconfdirty_path); + write_config(); + } + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = shaper_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_shaperconfdirty_path)) + unlink($d_shaperconfdirty_path); + } + } +} + +?> + +

+ +

+You must apply the changes in order for them to take effect.$note");?>
+

+ + + + + + +
+
    + 'firewall_shaper.php', + 'Pipes' => 'firewall_shaper_pipes.php', + 'Queues' => 'firewall_shaper_queues.php', + 'Magic shaper wizard' => 'firewall_shaper_magic.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + +
  + > + Set P2P traffic to lowest priority
  + > + Share bandwidth evenly on LAN
Downstream
+ speed 		+ + kbps
+ Enter the speed of your WAN downstream link here.
Upstream
+ speed		 + kbps
+ Enter the speed of your WAN upstream link here.
  + +   + +

+ All existing traffic shaper rules/pipes/queues will be deleted once "Install/Update" has been pressed! Backup your configuration before proceeding!

+ Note:
+ By entering your maximum upload and download values and pressing the "Install/Update" button, the magic shaper will do its best to create the optimum shaping rules, queues, and pipes for you. These rules will help ensure that interactive traffic remains acceptable while the upstream bandwidth is being consumed by heavy traffic. +
+ + diff --git a/webgui/firewall_shaper_pipes.php b/webgui/firewall_shaper_pipes.php index 4369864..f3d32a2 100644 --- a/webgui/firewall_shaper_pipes.php +++ b/webgui/firewall_shaper_pipes.php @@ -1,170 +1,170 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Firewall", "Traffic shaper", "Pipes"); -require("guiconfig.inc"); - -if (!is_array($config['shaper']['pipe'])) { - $config['shaper']['pipe'] = array(); -} -if (!is_array($config['shaper']['queue'])) { - $config['shaper']['queue'] = array(); -} -$a_pipes = &$config['shaper']['pipe']; - -if ($_GET['act'] == "del") { - if ($a_pipes[$_GET['id']]) { - /* check that no rule references this pipe */ - if (is_array($config['shaper']['rule'])) { - foreach ($config['shaper']['rule'] as $rule) { - if (isset($rule['targetpipe']) && ($rule['targetpipe'] == $_GET['id'])) { - $input_errors[] = "This pipe cannot be deleted because it is still referenced by a rule."; - break; - } - } - } - - /* check that no queue references this pipe */ - if (is_array($config['shaper']['queue'])) { - foreach ($config['shaper']['queue'] as $queue) { - if ($queue['targetpipe'] == $_GET['id']) { - $input_errors[] = "This pipe cannot be deleted because it is still referenced by a queue."; - break; - } - } - } - - if (!$input_errors) { - unset($a_pipes[$_GET['id']]); - - /* renumber all rules and queues */ - if (is_array($config['shaper']['rule'])) { - for ($i = 0; isset($config['shaper']['rule'][$i]); $i++) { - $currule = &$config['shaper']['rule'][$i]; - if (isset($currule['targetpipe']) && ($currule['targetpipe'] > $_GET['id'])) - $currule['targetpipe']--; - } - } - if (is_array($config['shaper']['queue'])) { - for ($i = 0; isset($config['shaper']['queue'][$i]); $i++) { - $curqueue = &$config['shaper']['queue'][$i]; - if ($curqueue['targetpipe'] > $_GET['id']) - $curqueue['targetpipe']--; - } - } - - write_config(); - touch($d_shaperconfdirty_path); - header("Location: firewall_shaper_pipes.php"); - exit; - } - } -} -?> - -
- - -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'firewall_shaper.php', - 'Pipes' => 'firewall_shaper_pipes.php', - 'Queues' => 'firewall_shaper_queues.php', - 'Magic shaper wizard' => 'firewall_shaper_magic.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
No.BandwidthDelayPLRQueueMaskDescription
- - - Kbit/s - - - ms - -   - - - -   - - - -   - - - -   - -   -  

- Note: a pipe can - only be deleted if it is not referenced by any rules or queues.
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Firewall", "Traffic shaper", "Pipes"); +require("guiconfig.inc"); + +if (!is_array($config['shaper']['pipe'])) { + $config['shaper']['pipe'] = array(); +} +if (!is_array($config['shaper']['queue'])) { + $config['shaper']['queue'] = array(); +} +$a_pipes = &$config['shaper']['pipe']; + +if ($_GET['act'] == "del") { + if ($a_pipes[$_GET['id']]) { + /* check that no rule references this pipe */ + if (is_array($config['shaper']['rule'])) { + foreach ($config['shaper']['rule'] as $rule) { + if (isset($rule['targetpipe']) && ($rule['targetpipe'] == $_GET['id'])) { + $input_errors[] = "This pipe cannot be deleted because it is still referenced by a rule."; + break; + } + } + } + + /* check that no queue references this pipe */ + if (is_array($config['shaper']['queue'])) { + foreach ($config['shaper']['queue'] as $queue) { + if ($queue['targetpipe'] == $_GET['id']) { + $input_errors[] = "This pipe cannot be deleted because it is still referenced by a queue."; + break; + } + } + } + + if (!$input_errors) { + unset($a_pipes[$_GET['id']]); + + /* renumber all rules and queues */ + if (is_array($config['shaper']['rule'])) { + for ($i = 0; isset($config['shaper']['rule'][$i]); $i++) { + $currule = &$config['shaper']['rule'][$i]; + if (isset($currule['targetpipe']) && ($currule['targetpipe'] > $_GET['id'])) + $currule['targetpipe']--; + } + } + if (is_array($config['shaper']['queue'])) { + for ($i = 0; isset($config['shaper']['queue'][$i]); $i++) { + $curqueue = &$config['shaper']['queue'][$i]; + if ($curqueue['targetpipe'] > $_GET['id']) + $curqueue['targetpipe']--; + } + } + + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper_pipes.php"); + exit; + } + } +} +?> + +
+ + +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'firewall_shaper.php', + 'Pipes' => 'firewall_shaper_pipes.php', + 'Queues' => 'firewall_shaper_queues.php', + 'Magic shaper wizard' => 'firewall_shaper_magic.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
No.BandwidthDelayPLRQueueMaskDescription
+ + + Kbit/s + + + ms + +   + + + +   + + + +   + + + +   + +   +  

+ Note: a pipe can + only be deleted if it is not referenced by any rules or queues.
+
+ diff --git a/webgui/firewall_shaper_queues.php b/webgui/firewall_shaper_queues.php index 057c265..b853e1d 100644 --- a/webgui/firewall_shaper_queues.php +++ b/webgui/firewall_shaper_queues.php @@ -1,143 +1,143 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Firewall", "Traffic shaper", "Queues"); -require("guiconfig.inc"); - -if (!is_array($config['shaper']['pipe'])) { - $config['shaper']['pipe'] = array(); -} -if (!is_array($config['shaper']['queue'])) { - $config['shaper']['queue'] = array(); -} -$a_queues = &$config['shaper']['queue']; -$a_pipe = &$config['shaper']['pipe']; - -if ($_GET['act'] == "del") { - if ($a_queues[$_GET['id']]) { - /* check that no rule references this queue */ - if (is_array($config['shaper']['rule'])) { - foreach ($config['shaper']['rule'] as $rule) { - if (isset($rule['targetqueue']) && ($rule['targetqueue'] == $_GET['id'])) { - $input_errors[] = "This queue cannot be deleted because it is still referenced by a rule."; - break; - } - } - } - - if (!$input_errors) { - unset($a_queues[$_GET['id']]); - - /* renumber all rules */ - if (is_array($config['shaper']['rule'])) { - for ($i = 0; isset($config['shaper']['rule'][$i]); $i++) { - $currule = &$config['shaper']['rule'][$i]; - if (isset($currule['targetqueue']) && ($currule['targetqueue'] > $_GET['id'])) - $currule['targetqueue']--; - } - } - - write_config(); - touch($d_shaperconfdirty_path); - header("Location: firewall_shaper_queues.php"); - exit; - } - } -} -?> - -
- - -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'firewall_shaper.php', - 'Pipes' => 'firewall_shaper_pipes.php', - 'Queues' => 'firewall_shaper_queues.php', - 'Magic shaper wizard' => 'firewall_shaper_magic.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - - - -
No.PipeWeightMaskDescription
- - - - - - - -   - -   -  

- Note: a queue can - only be deleted if it is not referenced by any rules.
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Firewall", "Traffic shaper", "Queues"); +require("guiconfig.inc"); + +if (!is_array($config['shaper']['pipe'])) { + $config['shaper']['pipe'] = array(); +} +if (!is_array($config['shaper']['queue'])) { + $config['shaper']['queue'] = array(); +} +$a_queues = &$config['shaper']['queue']; +$a_pipe = &$config['shaper']['pipe']; + +if ($_GET['act'] == "del") { + if ($a_queues[$_GET['id']]) { + /* check that no rule references this queue */ + if (is_array($config['shaper']['rule'])) { + foreach ($config['shaper']['rule'] as $rule) { + if (isset($rule['targetqueue']) && ($rule['targetqueue'] == $_GET['id'])) { + $input_errors[] = "This queue cannot be deleted because it is still referenced by a rule."; + break; + } + } + } + + if (!$input_errors) { + unset($a_queues[$_GET['id']]); + + /* renumber all rules */ + if (is_array($config['shaper']['rule'])) { + for ($i = 0; isset($config['shaper']['rule'][$i]); $i++) { + $currule = &$config['shaper']['rule'][$i]; + if (isset($currule['targetqueue']) && ($currule['targetqueue'] > $_GET['id'])) + $currule['targetqueue']--; + } + } + + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper_queues.php"); + exit; + } + } +} +?> + +
+ + +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'firewall_shaper.php', + 'Pipes' => 'firewall_shaper_pipes.php', + 'Queues' => 'firewall_shaper_queues.php', + 'Magic shaper wizard' => 'firewall_shaper_magic.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + + + +
No.PipeWeightMaskDescription
+ + + + + + + +   + +   +  

+ Note: a queue can + only be deleted if it is not referenced by any rules.
+
+ diff --git a/webgui/services_captiveportal.php b/webgui/services_captiveportal.php index 7c60c59..5390ff3 100644 --- a/webgui/services_captiveportal.php +++ b/webgui/services_captiveportal.php @@ -1,569 +1,569 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Services", "Captive portal"); -require("guiconfig.inc"); - -if (!is_array($config['captiveportal'])) { - $config['captiveportal'] = array(); - $config['captiveportal']['page'] = array(); - $config['captiveportal']['timeout'] = 60; -} - -if ($_GET['act'] == "viewhtml") { - echo base64_decode($config['captiveportal']['page']['htmltext']); - exit; -} else if ($_GET['act'] == "viewerrhtml") { - echo base64_decode($config['captiveportal']['page']['errtext']); - exit; -} - -$pconfig['cinterface'] = $config['captiveportal']['interface']; -$pconfig['maxproc'] = $config['captiveportal']['maxproc']; -$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip']; -$pconfig['timeout'] = $config['captiveportal']['timeout']; -$pconfig['idletimeout'] = $config['captiveportal']['idletimeout']; -$pconfig['enable'] = isset($config['captiveportal']['enable']); -$pconfig['auth_method'] = $config['captiveportal']['auth_method']; -$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']); -$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']); -$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret']; -$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']); -$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct']; -$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); -$pconfig['httpsname'] = $config['captiveportal']['httpsname']; -$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']); -$pconfig['key'] = base64_decode($config['captiveportal']['private-key']); -$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']); -$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']); -$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']); -$pconfig['redirurl'] = $config['captiveportal']['redirurl']; -$pconfig['radiusip'] = $config['captiveportal']['radiusip']; -$pconfig['radiusip2'] = $config['captiveportal']['radiusip2']; -$pconfig['radiusport'] = $config['captiveportal']['radiusport']; -$pconfig['radiusport2'] = $config['captiveportal']['radiusport2']; -$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport']; -$pconfig['radiuskey'] = $config['captiveportal']['radiuskey']; -$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2']; -$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor']; -$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']); - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['enable']) { - $reqdfields = explode(" ", "cinterface"); - $reqdfieldsn = explode(",", "Interface"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - /* make sure no interfaces are bridged */ - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $coptif = &$config['interfaces']['opt' . $i]; - if (isset($coptif['enable']) && $coptif['bridge']) { - $input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged."; - break; - } - } - - if ($_POST['httpslogin_enable']) { - if (!$_POST['cert'] || !$_POST['key']) { - $input_errors[] = "Certificate and key must be specified for HTTPS login."; - } else { - if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) - $input_errors[] = "This certificate does not appear to be valid."; - if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY")) - $input_errors[] = "This key does not appear to be valid."; - } - - if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) { - $input_errors[] = "The HTTPS server name must be specified for HTTPS login."; - } - } - } - - if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) { - $input_errors[] = "The timeout must be at least 1 minute."; - } - if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { - $input_errors[] = "The idle timeout must be at least 1 minute."; - } - if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { - $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]"; - } - if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) { - $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]"; - } - if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; - } - if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]"; - } - if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { - $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; - } - if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) { - $input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100."; - } - $mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16; - if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) { - $input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum."; - } - - if (!$input_errors) { - $config['captiveportal']['interface'] = $_POST['cinterface']; - $config['captiveportal']['maxproc'] = $_POST['maxproc']; - $config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false; - $config['captiveportal']['timeout'] = $_POST['timeout']; - $config['captiveportal']['idletimeout'] = $_POST['idletimeout']; - $config['captiveportal']['enable'] = $_POST['enable'] ? true : false; - $config['captiveportal']['auth_method'] = $_POST['auth_method']; - $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false; - $config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false; - $config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false; - $config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false; - $config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct']; - $config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false; - $config['captiveportal']['httpsname'] = $_POST['httpsname']; - $config['captiveportal']['certificate'] = base64_encode($_POST['cert']); - $config['captiveportal']['private-key'] = base64_encode($_POST['key']); - $config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; - $config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false; - $config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false; - $config['captiveportal']['redirurl'] = $_POST['redirurl']; - $config['captiveportal']['radiusip'] = $_POST['radiusip']; - $config['captiveportal']['radiusip2'] = $_POST['radiusip2']; - $config['captiveportal']['radiusport'] = $_POST['radiusport']; - $config['captiveportal']['radiusport2'] = $_POST['radiusport2']; - $config['captiveportal']['radiusacctport'] = $_POST['radiusacctport']; - $config['captiveportal']['radiuskey'] = $_POST['radiuskey']; - $config['captiveportal']['radiuskey2'] = $_POST['radiuskey2']; - $config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; - $config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; - - /* file upload? */ - if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) - $config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); - if (is_uploaded_file($_FILES['errfile']['tmp_name'])) - $config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name'])); - - write_config(); - - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval = captiveportal_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - } -} -?> - - - - -
- - - - - -
-
    - 'services_captiveportal.php', - 'Pass-through MAC' => 'services_captiveportal_mac.php', - 'Allowed IP addresses' => 'services_captiveportal_ip.php', - 'Users' => 'services_captiveportal_users.php', - 'File Manager' => 'services_captiveportal_filemanager.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - onClick="enable_change(false)"> - Enable captive portal
Interface -
- Choose which interface to run the captive portal on.
Maximum concurrent connections - - - - - - - -
per client IP address (0 = no limit)
total
-This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in -to the captive portal, but rather how many users can load the portal page or authenticate at the same time! -Default is 4 connections per client IP address, with a total maximum of 16 connections.
Idle timeout - -minutes
-Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.
Hard timeout - - minutes
- Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).
Logout popup window - > - Enable logout popup window
- If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs.
Redirection URL - -
-If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried -to access after they've authenticated.
Concurrent user logins - > - Disable concurrent logins
- If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.
MAC filtering - > - Disable MAC filtering
- If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in. - This is required when the MAC address of the client cannot be determined (usually because there are routers between m0n0wall and the clients).
Authentication - - - - - - - - - - - - - -
> - No authentication
> - Local user manager
> - RADIUS authentication
  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Primary RADIUS server
IP address
- Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.
Port
- Leave this field blank to use the default port (1812).
Shared secret  
- Leave this field blank to not use a RADIUS shared secret (not recommended).
Secondary RADIUS server
IP address
- If you have a second RADIUS server, you can activate it by entering its IP address here.
Port
Shared secret  
Accounting
 > - send RADIUS accounting packets
- If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.
Accounting port
- Leave blank to use the default port (1813).
Reauthentication
 > - Reauthenticate connected users every minute
- If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is - logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.
Accounting updates - > no accounting updates
- > stop/start accounting
- > interim update -
RADIUS MAC authentication
  - >Enable RADIUS MAC authentication
- If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password - entered below to the RADIUS server.
Shared secret
RADIUS options
Session-Timeout>Use RADIUS Session-Timeout attributes
- When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.
Type
- If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and - the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = m0n0wall's WAN IP address.
-
HTTPS login - > - Enable HTTPS login
- If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below.
HTTPS server name -
- This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS.
HTTPS certificate - -
- Paste a signed certificate in X.509 PEM format here.
HTTPS private key - -
- Paste an RSA private key in PEM format here.
Portal page contents -
- - View current page -
-
- - Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$") -with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$". -Include the "auth_user" and "auth_pass" input fields if authentication is enabled, otherwise it will always fail. -Example code for the form:
-
- <form method="post" action="$PORTAL_ACTION$">
-    <input name="auth_user" type="text">
-    <input name="auth_pass" type="password">
-    <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$">
-   <input name="accept" type="submit" value="Continue">
- </form>
Authentication
- error page
- contents		 -
- - View current page -
-
- -The contents of the HTML file that you upload here are displayed when an authentication error occurs. -You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.
  - -
 Note:
- Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work.
-
-
- - +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Services", "Captive portal"); +require("guiconfig.inc"); + +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); + $config['captiveportal']['page'] = array(); + $config['captiveportal']['timeout'] = 60; +} + +if ($_GET['act'] == "viewhtml") { + echo base64_decode($config['captiveportal']['page']['htmltext']); + exit; +} else if ($_GET['act'] == "viewerrhtml") { + echo base64_decode($config['captiveportal']['page']['errtext']); + exit; +} + +$pconfig['cinterface'] = $config['captiveportal']['interface']; +$pconfig['maxproc'] = $config['captiveportal']['maxproc']; +$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip']; +$pconfig['timeout'] = $config['captiveportal']['timeout']; +$pconfig['idletimeout'] = $config['captiveportal']['idletimeout']; +$pconfig['enable'] = isset($config['captiveportal']['enable']); +$pconfig['auth_method'] = $config['captiveportal']['auth_method']; +$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']); +$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']); +$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret']; +$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']); +$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct']; +$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); +$pconfig['httpsname'] = $config['captiveportal']['httpsname']; +$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']); +$pconfig['key'] = base64_decode($config['captiveportal']['private-key']); +$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']); +$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']); +$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']); +$pconfig['redirurl'] = $config['captiveportal']['redirurl']; +$pconfig['radiusip'] = $config['captiveportal']['radiusip']; +$pconfig['radiusip2'] = $config['captiveportal']['radiusip2']; +$pconfig['radiusport'] = $config['captiveportal']['radiusport']; +$pconfig['radiusport2'] = $config['captiveportal']['radiusport2']; +$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport']; +$pconfig['radiuskey'] = $config['captiveportal']['radiuskey']; +$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2']; +$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor']; +$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']); + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable']) { + $reqdfields = explode(" ", "cinterface"); + $reqdfieldsn = explode(",", "Interface"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + /* make sure no interfaces are bridged */ + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $coptif = &$config['interfaces']['opt' . $i]; + if (isset($coptif['enable']) && $coptif['bridge']) { + $input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged."; + break; + } + } + + if ($_POST['httpslogin_enable']) { + if (!$_POST['cert'] || !$_POST['key']) { + $input_errors[] = "Certificate and key must be specified for HTTPS login."; + } else { + if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) + $input_errors[] = "This certificate does not appear to be valid."; + if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY")) + $input_errors[] = "This key does not appear to be valid."; + } + + if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) { + $input_errors[] = "The HTTPS server name must be specified for HTTPS login."; + } + } + } + + if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) { + $input_errors[] = "The timeout must be at least 1 minute."; + } + if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { + $input_errors[] = "The idle timeout must be at least 1 minute."; + } + if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { + $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]"; + } + if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) { + $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]"; + } + if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { + $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; + } + if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) { + $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]"; + } + if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { + $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]"; + } + if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) { + $input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100."; + } + $mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16; + if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) { + $input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum."; + } + + if (!$input_errors) { + $config['captiveportal']['interface'] = $_POST['cinterface']; + $config['captiveportal']['maxproc'] = $_POST['maxproc']; + $config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false; + $config['captiveportal']['timeout'] = $_POST['timeout']; + $config['captiveportal']['idletimeout'] = $_POST['idletimeout']; + $config['captiveportal']['enable'] = $_POST['enable'] ? true : false; + $config['captiveportal']['auth_method'] = $_POST['auth_method']; + $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false; + $config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false; + $config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false; + $config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false; + $config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct']; + $config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false; + $config['captiveportal']['httpsname'] = $_POST['httpsname']; + $config['captiveportal']['certificate'] = base64_encode($_POST['cert']); + $config['captiveportal']['private-key'] = base64_encode($_POST['key']); + $config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; + $config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false; + $config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false; + $config['captiveportal']['redirurl'] = $_POST['redirurl']; + $config['captiveportal']['radiusip'] = $_POST['radiusip']; + $config['captiveportal']['radiusip2'] = $_POST['radiusip2']; + $config['captiveportal']['radiusport'] = $_POST['radiusport']; + $config['captiveportal']['radiusport2'] = $_POST['radiusport2']; + $config['captiveportal']['radiusacctport'] = $_POST['radiusacctport']; + $config['captiveportal']['radiuskey'] = $_POST['radiuskey']; + $config['captiveportal']['radiuskey2'] = $_POST['radiuskey2']; + $config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false; + $config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false; + + /* file upload? */ + if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) + $config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); + if (is_uploaded_file($_FILES['errfile']['tmp_name'])) + $config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name'])); + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = captiveportal_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + + + +
+ + + + + +
+
    + 'services_captiveportal.php', + 'Pass-through MAC' => 'services_captiveportal_mac.php', + 'Allowed IP addresses' => 'services_captiveportal_ip.php', + 'Users' => 'services_captiveportal_users.php', + 'File Manager' => 'services_captiveportal_filemanager.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  + onClick="enable_change(false)"> + Enable captive portal
Interface +
+ Choose which interface to run the captive portal on.
Maximum concurrent connections + + + + + + + +
per client IP address (0 = no limit)
total
+This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in +to the captive portal, but rather how many users can load the portal page or authenticate at the same time! +Default is 4 connections per client IP address, with a total maximum of 16 connections.
Idle timeout + +minutes
+Clients will be disconnected after this amount of inactivity. They may log in again immediately, though. Leave this field blank for no idle timeout.
Hard timeout + + minutes
+ Clients will be disconnected after this amount of time, regardless of activity. They may log in again immediately, though. Leave this field blank for no hard timeout (not recommended unless an idle timeout is set).
Logout popup window + > + Enable logout popup window
+ If enabled, a popup window will appear when clients are allowed through the captive portal. This allows clients to explicitly disconnect themselves before the idle or hard timeout occurs.
Redirection URL + +
+If you provide a URL here, clients will be redirected to that URL instead of the one they initially tried +to access after they've authenticated.
Concurrent user logins + > + Disable concurrent logins
+ If this option is set, only the most recent login per username will be active. Subsequent logins will cause machines previously logged in with the same username to be disconnected.
MAC filtering + > + Disable MAC filtering
+ If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in. + This is required when the MAC address of the client cannot be determined (usually because there are routers between m0n0wall and the clients).
Authentication + + + + + + + + + + + + + +
> + No authentication
> + Local user manager
> + RADIUS authentication
  
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Primary RADIUS server
IP address
+ Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.
Port
+ Leave this field blank to use the default port (1812).
Shared secret  
+ Leave this field blank to not use a RADIUS shared secret (not recommended).
Secondary RADIUS server
IP address
+ If you have a second RADIUS server, you can activate it by entering its IP address here.
Port
Shared secret  
Accounting
 > + send RADIUS accounting packets
+ If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.
Accounting port
+ Leave blank to use the default port (1813).
Reauthentication
 > + Reauthenticate connected users every minute
+ If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is + logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.
Accounting updates + > no accounting updates
+ > stop/start accounting
+ > interim update +
RADIUS MAC authentication
  + >Enable RADIUS MAC authentication
+ If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password + entered below to the RADIUS server.
Shared secret
RADIUS options
Session-Timeout>Use RADIUS Session-Timeout attributes
+ When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.
Type
+ If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and + the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = m0n0wall's WAN IP address.
+
HTTPS login + > + Enable HTTPS login
+ If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below.
HTTPS server name +
+ This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS.
HTTPS certificate + +
+ Paste a signed certificate in X.509 PEM format here.
HTTPS private key + +
+ Paste an RSA private key in PEM format here.
Portal page contents +
+ + View current page +
+
+ + Upload an HTML file for the portal page here (leave blank to keep the current one). Make sure to include a form (POST to "$PORTAL_ACTION$") +with a submit button (name="accept") and a hidden field with name="redirurl" and value="$PORTAL_REDIRURL$". +Include the "auth_user" and "auth_pass" input fields if authentication is enabled, otherwise it will always fail. +Example code for the form:
+
+ <form method="post" action="$PORTAL_ACTION$">
+    <input name="auth_user" type="text">
+    <input name="auth_pass" type="password">
+    <input name="redirurl" type="hidden" value="$PORTAL_REDIRURL$">
+   <input name="accept" type="submit" value="Continue">
+ </form>
Authentication
+ error page
+ contents		 +
+ + View current page +
+
+ +The contents of the HTML file that you upload here are displayed when an authentication error occurs. +You may include "$PORTAL_MESSAGE$", which will be replaced by the error or reply messages from the RADIUS server, if any.
  + +
 Note:
+ Changing any settings on this page will disconnect all clients! Don't forget to enable the DHCP server on your captive portal interface! Make sure that the default/maximum DHCP lease time is higher than the timeout entered on this page. Also, the DNS forwarder needs to be enabled for DNS lookups by unauthenticated clients to work.
+
+
+ + diff --git a/webgui/services_captiveportal_filemanager.php b/webgui/services_captiveportal_filemanager.php index f6a8f7e..9dd51f4 100644 --- a/webgui/services_captiveportal_filemanager.php +++ b/webgui/services_captiveportal_filemanager.php @@ -1,168 +1,168 @@ -#!/usr/local/bin/php - $g['captiveportal_element_sizelimit']) { - $input_errors[] = "The total size of all files uploaded may not exceed " . - format_bytes($g['captiveportal_element_sizelimit']) . "."; - } - - if (!$input_errors) { - $element = array(); - $element['name'] = $name; - $element['size'] = $size; - $element['content'] = base64_encode(file_get_contents($_FILES['new']['tmp_name'])); - - $a_element[] = $element; - - write_config(); - captiveportal_write_elements(); - header("Location: services_captiveportal_filemanager.php"); - exit; - } - } -} else { - if (($_GET['act'] == "del") && $a_element[$_GET['id']]) { - unset($a_element[$_GET['id']]); - write_config(); - captiveportal_write_elements(); - header("Location: services_captiveportal_filemanager.php"); - exit; - } -} - -?> - -
- - - - - - -
-
    - 'services_captiveportal.php', - 'Pass-through MAC' => 'services_captiveportal_mac.php', - 'Allowed IP addresses' => 'services_captiveportal_ip.php', - 'Users' => 'services_captiveportal_users.php', - 'File Manager' => 'services_captiveportal_filemanager.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - 0): ?> - - - - - - - - - - - - - - - - - - -
NameSize
- -
TOTAL
- - -
- - Note:
- - Any files that you upload here will be made available in the root directory - of the captive portal HTTP(S) server. You may reference them directly from - your portal page HTML code using relative paths. Example: you've uploaded - an image with the name 'test.jpg' using the file manager. Then you can - include it in your portal page like this:

- <img src="test.jpg" width=... height=...> -

- The total size limit for all files is . -
-
- +#!/usr/local/bin/php + $g['captiveportal_element_sizelimit']) { + $input_errors[] = "The total size of all files uploaded may not exceed " . + format_bytes($g['captiveportal_element_sizelimit']) . "."; + } + + if (!$input_errors) { + $element = array(); + $element['name'] = $name; + $element['size'] = $size; + $element['content'] = base64_encode(file_get_contents($_FILES['new']['tmp_name'])); + + $a_element[] = $element; + + write_config(); + captiveportal_write_elements(); + header("Location: services_captiveportal_filemanager.php"); + exit; + } + } +} else { + if (($_GET['act'] == "del") && $a_element[$_GET['id']]) { + unset($a_element[$_GET['id']]); + write_config(); + captiveportal_write_elements(); + header("Location: services_captiveportal_filemanager.php"); + exit; + } +} + +?> + +
+ + + + + + +
+
    + 'services_captiveportal.php', + 'Pass-through MAC' => 'services_captiveportal_mac.php', + 'Allowed IP addresses' => 'services_captiveportal_ip.php', + 'Users' => 'services_captiveportal_users.php', + 'File Manager' => 'services_captiveportal_filemanager.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + 0): ?> + + + + + + + + + + + + + + + + + + +
NameSize
+ +
TOTAL
+ + +
+ + Note:
+ + Any files that you upload here will be made available in the root directory + of the captive portal HTTP(S) server. You may reference them directly from + your portal page HTML code using relative paths. Example: you've uploaded + an image with the name 'test.jpg' using the file manager. Then you can + include it in your portal page like this:

+ <img src="test.jpg" width=... height=...> +

+ The total size limit for all files is . +
+
+ diff --git a/webgui/services_captiveportal_ip.php b/webgui/services_captiveportal_ip.php index ad7a570..0f4120a 100644 --- a/webgui/services_captiveportal_ip.php +++ b/webgui/services_captiveportal_ip.php @@ -1,146 +1,146 @@ -#!/usr/local/bin/php - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Services", "Captive portal", "Allowed IP Addresses"); -require("guiconfig.inc"); - -if (!is_array($config['captiveportal']['allowedip'])) - $config['captiveportal']['allowedip'] = array(); - -allowedips_sort(); -$a_allowedips = &$config['captiveportal']['allowedip'] ; - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - $retval = captiveportal_allowedip_configure(); - } - $savemsg = get_std_save_message($retval); - if ($retval == 0) { - if (file_exists($d_allowedipsdirty_path)) { - config_lock(); - unlink($d_allowedipsdirty_path); - config_unlock(); - } - } - } -} - -if ($_GET['act'] == "del") { - if ($a_allowedips[$_GET['id']]) { - unset($a_allowedips[$_GET['id']]); - write_config(); - touch($d_allowedipsdirty_path); - header("Location: services_captiveportal_ip.php"); - exit; - } -} -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'services_captiveportal.php', - 'Pass-through MAC' => 'services_captiveportal_mac.php', - 'Allowed IP addresses' => 'services_captiveportal_ip.php', - 'Users' => 'services_captiveportal_users.php', - 'File Manager' => 'services_captiveportal_filemanager.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - -
IP addressDescription
- "; - ?> - - any"; - ?> - -   - -  
 

- Note:
- - Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying from addresses, it may be used to always allow pass-through access from a client behind the captive portal.

- - - - - - - - - - - - -
any x.x.x.x All connections to the IP address are allowed
x.x.x.x any    All connections from the IP address are allowed
 
-
-
- +#!/usr/local/bin/php + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Services", "Captive portal", "Allowed IP Addresses"); +require("guiconfig.inc"); + +if (!is_array($config['captiveportal']['allowedip'])) + $config['captiveportal']['allowedip'] = array(); + +allowedips_sort(); +$a_allowedips = &$config['captiveportal']['allowedip'] ; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + $retval = captiveportal_allowedip_configure(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_allowedipsdirty_path)) { + config_lock(); + unlink($d_allowedipsdirty_path); + config_unlock(); + } + } + } +} + +if ($_GET['act'] == "del") { + if ($a_allowedips[$_GET['id']]) { + unset($a_allowedips[$_GET['id']]); + write_config(); + touch($d_allowedipsdirty_path); + header("Location: services_captiveportal_ip.php"); + exit; + } +} +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'services_captiveportal.php', + 'Pass-through MAC' => 'services_captiveportal_mac.php', + 'Allowed IP addresses' => 'services_captiveportal_ip.php', + 'Users' => 'services_captiveportal_users.php', + 'File Manager' => 'services_captiveportal_filemanager.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + +
IP addressDescription
+ "; + ?> + + any"; + ?> + +   + +  
 

+ Note:
+ + Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying from addresses, it may be used to always allow pass-through access from a client behind the captive portal.

+ + + + + + + + + + + + +
any x.x.x.x All connections to the IP address are allowed
x.x.x.x any    All connections from the IP address are allowed
 
+
+
+ diff --git a/webgui/services_captiveportal_mac.php b/webgui/services_captiveportal_mac.php index fe82ab2..2174db1 100644 --- a/webgui/services_captiveportal_mac.php +++ b/webgui/services_captiveportal_mac.php @@ -1,127 +1,127 @@ -#!/usr/local/bin/php - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("Services", "Captive portal", "Pass-through MAC"); -require("guiconfig.inc"); - -if (!is_array($config['captiveportal']['passthrumac'])) - $config['captiveportal']['passthrumac'] = array(); - -passthrumacs_sort(); -$a_passthrumacs = &$config['captiveportal']['passthrumac'] ; - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - $retval = captiveportal_passthrumac_configure(); - } - $savemsg = get_std_save_message($retval); - if ($retval == 0) { - if (file_exists($d_passthrumacsdirty_path)) { - config_lock(); - unlink($d_passthrumacsdirty_path); - config_unlock(); - } - } - } -} - -if ($_GET['act'] == "del") { - if ($a_passthrumacs[$_GET['id']]) { - unset($a_passthrumacs[$_GET['id']]); - write_config(); - touch($d_passthrumacsdirty_path); - header("Location: services_captiveportal_mac.php"); - exit; - } -} -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'services_captiveportal.php', - 'Pass-through MAC' => 'services_captiveportal_mac.php', - 'Allowed IP addresses' => 'services_captiveportal_ip.php', - 'Users' => 'services_captiveportal_users.php', - 'File Manager' => 'services_captiveportal_filemanager.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - -
MAC addressDescription
- - -   - -  
 
- Note:
- - Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.		 
-
-
- +#!/usr/local/bin/php + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("Services", "Captive portal", "Pass-through MAC"); +require("guiconfig.inc"); + +if (!is_array($config['captiveportal']['passthrumac'])) + $config['captiveportal']['passthrumac'] = array(); + +passthrumacs_sort(); +$a_passthrumacs = &$config['captiveportal']['passthrumac'] ; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + $retval = captiveportal_passthrumac_configure(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_passthrumacsdirty_path)) { + config_lock(); + unlink($d_passthrumacsdirty_path); + config_unlock(); + } + } + } +} + +if ($_GET['act'] == "del") { + if ($a_passthrumacs[$_GET['id']]) { + unset($a_passthrumacs[$_GET['id']]); + write_config(); + touch($d_passthrumacsdirty_path); + header("Location: services_captiveportal_mac.php"); + exit; + } +} +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'services_captiveportal.php', + 'Pass-through MAC' => 'services_captiveportal_mac.php', + 'Allowed IP addresses' => 'services_captiveportal_ip.php', + 'Users' => 'services_captiveportal_users.php', + 'File Manager' => 'services_captiveportal_filemanager.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + +
MAC addressDescription
+ + +   + +  
 
+ Note:
+ + Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.		 
+
+
+ diff --git a/webgui/services_captiveportal_users.php b/webgui/services_captiveportal_users.php index de4db34..da9c3da 100644 --- a/webgui/services_captiveportal_users.php +++ b/webgui/services_captiveportal_users.php @@ -1,113 +1,113 @@ -#!/usr/local/bin/php -. - All rights reserved. - Copyright (C) 2005 Pascal Suter . - All rights reserved. - (files was created by Pascal based on the source code of services_captiveportal.php from Manuel) - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ -$pgtitle = array("Services", "Captive portal", "Users"); -require("guiconfig.inc"); - -if (!is_array($config['captiveportal']['user'])) { - $config['captiveportal']['user'] = array(); -} -captiveportal_users_sort(); -$a_user = &$config['captiveportal']['user']; - -if ($_GET['act'] == "del") { - if ($a_user[$_GET['id']]) { - unset($a_user[$_GET['id']]); - write_config(); - header("Location: services_captiveportal_users.php"); - exit; - } -} - -//erase expired accounts -$changed = false; -for ($i = 0; $i < count($a_user); $i++) { - if ($a_user[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($a_user[$i]['expirationdate']))) { - unset($a_user[$i]); - $changed = true; - } -} -if ($changed) { - write_config(); - header("Location: services_captiveportal_users.php"); - exit; -} - -?> - - - - - - -
-
    - 'services_captiveportal.php', - 'Pass-through MAC' => 'services_captiveportal_mac.php', - 'Allowed IP addresses' => 'services_captiveportal_ip.php', - 'Users' => 'services_captiveportal_users.php', - 'File Manager' => 'services_captiveportal_filemanager.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - -
UsernameFull nameExpires
-   - -   - -   - -  
-
- +#!/usr/local/bin/php +. + All rights reserved. + Copyright (C) 2005 Pascal Suter . + All rights reserved. + (files was created by Pascal based on the source code of services_captiveportal.php from Manuel) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$pgtitle = array("Services", "Captive portal", "Users"); +require("guiconfig.inc"); + +if (!is_array($config['captiveportal']['user'])) { + $config['captiveportal']['user'] = array(); +} +captiveportal_users_sort(); +$a_user = &$config['captiveportal']['user']; + +if ($_GET['act'] == "del") { + if ($a_user[$_GET['id']]) { + unset($a_user[$_GET['id']]); + write_config(); + header("Location: services_captiveportal_users.php"); + exit; + } +} + +//erase expired accounts +$changed = false; +for ($i = 0; $i < count($a_user); $i++) { + if ($a_user[$i]['expirationdate'] && (strtotime("-1 day") > strtotime($a_user[$i]['expirationdate']))) { + unset($a_user[$i]); + $changed = true; + } +} +if ($changed) { + write_config(); + header("Location: services_captiveportal_users.php"); + exit; +} + +?> + + + + + + +
+
    + 'services_captiveportal.php', + 'Pass-through MAC' => 'services_captiveportal_mac.php', + 'Allowed IP addresses' => 'services_captiveportal_ip.php', + 'Users' => 'services_captiveportal_users.php', + 'File Manager' => 'services_captiveportal_filemanager.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + +
UsernameFull nameExpires
+   + +   + +   + +  
+
+ diff --git a/webgui/system_groupmanager.php b/webgui/system_groupmanager.php index be5c075..42da0c7 100644 --- a/webgui/system_groupmanager.php +++ b/webgui/system_groupmanager.php @@ -1,316 +1,316 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Copyright (C) 2003-2005 Manuel Kasper . - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - -$pgtitle = array("System", "Group manager"); - -// Returns an array of pages with their descriptions -function getAdminPageList() { - global $g; - - $tmp = Array(); - - if ($dir = opendir($g['www_path'])) { - while($file = readdir($dir)) { - // Make sure the file exists - if($file != "." && $file != ".." && $file[0] != '.') { - // Is this a .php file? - if (fnmatch('*.php',$file)) { - // Read the description out of the file - $contents = file_get_contents($file); - // Looking for a line like: - // $pgtitle = array("System", "Group manager"); - $offset = strpos($contents,'$pgtitle'); - $titlepos = strpos($contents,'(',$offset); - $titleendpos = strpos($contents,')',$titlepos); - if (($offset > 0) && ($titlepos > 0) && ($titleendpos > 0)) { - // Title found, extract it - $title = str_replace(',',':',str_replace(array('"'),'',substr($contents,++$titlepos,($titleendpos - $titlepos)))); - $tmp[$file] = trim($title); - } - else { - $tmp[$file] = ''; - } - - } - } - } - - closedir($dir); - - // Sets Interfaces:Optional page that didn't read in properly with the above method, - // and pages that don't have descriptions. - $tmp['interfaces_opt.php'] = "Interfaces: Optional"; - $tmp['graph.php'] = "Diagnostics: Interface Traffic"; - $tmp['graph_cpu.php'] = "Diagnostics: CPU Utilization"; - $tmp['exec.php'] = "Hidden: Exec"; - $tmp['exec_raw.php'] = "Hidden: Exec Raw"; - $tmp['status.php'] = "Hidden: Detailed Status"; - $tmp['uploadconfig.php'] = "Hidden: Upload Configuration"; - $tmp['index.php'] = "*Landing Page after Login"; - $tmp['system_usermanager.php'] = "*User Password"; - $tmp['diag_logs_settings.php'] = "Diagnostics: Logs: Settings"; - $tmp['diag_logs_vpn.php'] = "Diagnostics: Logs: PPTP VPN"; - $tmp['diag_logs_filter.php'] = "Diagnostics: Logs: Firewall"; - $tmp['diag_logs_portal.php'] = "Diagnostics: Logs: Captive Portal"; - $tmp['diag_logs_dhcp.php'] = "Diagnostics: Logs: DHCP"; - $tmp['diag_logs.php'] = "Diagnostics: Logs: System"; - - - asort($tmp); - return $tmp; - } -} - -?> - - - $user) { - if ($user['group'] == $_GET['groupname']) { - $ok_to_delete = false; - $input_errors[] = "users still exist who are members of this group!"; - break; - } - } - } - - if ($ok_to_delete) { - unset($config['system']['groups'][$_GET['groupname']]); - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg="Group ".$_GET['groupname']." successfully deleted
"; - } -} - -if(isset($_POST['save'])) { - //value-checking - if($_POST['groupname']==""){ - $input_errors[] = "group name must not be empty!"; - } - if($_POST['old_groupname'] != $_POST['groupname']) { - // Either a new group, or one with a group name change - if (isset($config['system']['groups'][$_POST['groupname']])) { - $input_errors[] = "group name can not match an existing group!"; - } - } - - //check groupname: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: groupname can - //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a groupname, config.xml - //could not be parsed anymore! - if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['groupname'])){ - $input_errors[] = "groupname contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; - } - if(!empty($input_errors)){ - //there are illegal inputs --> print out error message and show formula again - //and fill in all recently entered values except passwords - $_GET['act']="new"; - $_POST['old_groupname']=($_POST['old_groupname'] ? $_POST['old_groupname'] : $_POST['groupname']); - $_GET['groupname']=$_POST['old_groupname']; - - $group['description']=$_POST['description']; - - foreach ($pages as $fname => $title) { - $id = str_replace('.php','',$fname); - if ($_POST[$id] == 'yes') { - $group['pages'][] = $fname; - } - } - - } else { - //all values are okay --> saving changes - $_POST['groupname']=trim($_POST['groupname']); - if($_POST['old_groupname']!="" && $_POST['old_groupname']!=$_POST['groupname']){ - //change the groupname (which is used as array-index) - $config['system']['groups'][$_POST['groupname']]=$config['system']['groups'][$_POST['old_groupname']]; - unset($config['system']['groups'][$_POST['old_groupname']]); - - // Group name was changed. Update all users that are members of this group to point to the new groupname. - foreach ($config['system']['users'] as $key => $user) { - if ($user['group'] == $_POST['old_groupname']) - $config['system']['users'][$key]['group'] = $_POST['groupname']; - } - } - $config['system']['groups'][$_POST['groupname']]['description']=trim($_POST['description']); - // Clear pages info and read pages from POST - if (isset($config['system']['groups'][$_POST['groupname']]['pages'])) - unset($config['system']['groups'][$_POST['groupname']]['pages']); - foreach ($pages as $fname => $title) { - $id = str_replace('.php','',$fname); - if ($_POST[$id] == 'yes') { - $config['system']['groups'][$_POST['groupname']]['pages'][] = $fname; - } - } - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg="Group ".$_POST['groupname']." successfully saved
"; - } -} - -?> - - - - - - - -
-
    - 'system_usermanager.php', - 'Groups' => 'system_groupmanager.php'); - dynamic_tab_menu($tabs); - ?> -
-
- -
- - - - - - - - - - - - - - - - - - - -
Group name - -
Description - -
- Group description, for your own information only

 Select that pages that this group may access. Members of this group will be able to perform all actions that
  are possible from each individual web page. Ensure you set access levels appropriately.

-  Note: Pages - marked with an * are strongly recommended for every group. -
- - - - - - - $title) { - $id = str_replace('.php','',$fname); - ?> - - - - - -
 Page DescriptionFilename
- >
-
  - - -
-
- - - - - - - - - $group){ -?> - - - - - - - - - - - - - - -
Group nameDescriptionPages Accessible
-   - -   - - - -  
- Additional webGui admin groups can be added here. Each group can be restricted to specific portions of the webGUI. Individually select the desired web pages each group may access. For example, a troubleshooting group could be created which has access only to selected Status and Diagnostics pages. -
- - -
+#!/usr/local/bin/php +. + All rights reserved. + + Copyright (C) 2003-2005 Manuel Kasper . + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$pgtitle = array("System", "Group manager"); + +// Returns an array of pages with their descriptions +function getAdminPageList() { + global $g; + + $tmp = Array(); + + if ($dir = opendir($g['www_path'])) { + while($file = readdir($dir)) { + // Make sure the file exists + if($file != "." && $file != ".." && $file[0] != '.') { + // Is this a .php file? + if (fnmatch('*.php',$file)) { + // Read the description out of the file + $contents = file_get_contents($file); + // Looking for a line like: + // $pgtitle = array("System", "Group manager"); + $offset = strpos($contents,'$pgtitle'); + $titlepos = strpos($contents,'(',$offset); + $titleendpos = strpos($contents,')',$titlepos); + if (($offset > 0) && ($titlepos > 0) && ($titleendpos > 0)) { + // Title found, extract it + $title = str_replace(',',':',str_replace(array('"'),'',substr($contents,++$titlepos,($titleendpos - $titlepos)))); + $tmp[$file] = trim($title); + } + else { + $tmp[$file] = ''; + } + + } + } + } + + closedir($dir); + + // Sets Interfaces:Optional page that didn't read in properly with the above method, + // and pages that don't have descriptions. + $tmp['interfaces_opt.php'] = "Interfaces: Optional"; + $tmp['graph.php'] = "Diagnostics: Interface Traffic"; + $tmp['graph_cpu.php'] = "Diagnostics: CPU Utilization"; + $tmp['exec.php'] = "Hidden: Exec"; + $tmp['exec_raw.php'] = "Hidden: Exec Raw"; + $tmp['status.php'] = "Hidden: Detailed Status"; + $tmp['uploadconfig.php'] = "Hidden: Upload Configuration"; + $tmp['index.php'] = "*Landing Page after Login"; + $tmp['system_usermanager.php'] = "*User Password"; + $tmp['diag_logs_settings.php'] = "Diagnostics: Logs: Settings"; + $tmp['diag_logs_vpn.php'] = "Diagnostics: Logs: PPTP VPN"; + $tmp['diag_logs_filter.php'] = "Diagnostics: Logs: Firewall"; + $tmp['diag_logs_portal.php'] = "Diagnostics: Logs: Captive Portal"; + $tmp['diag_logs_dhcp.php'] = "Diagnostics: Logs: DHCP"; + $tmp['diag_logs.php'] = "Diagnostics: Logs: System"; + + + asort($tmp); + return $tmp; + } +} + +?> + + + $user) { + if ($user['group'] == $_GET['groupname']) { + $ok_to_delete = false; + $input_errors[] = "users still exist who are members of this group!"; + break; + } + } + } + + if ($ok_to_delete) { + unset($config['system']['groups'][$_GET['groupname']]); + write_config(); + $retval = system_password_configure(); + $savemsg = get_std_save_message($retval); + $savemsg="Group ".$_GET['groupname']." successfully deleted
"; + } +} + +if(isset($_POST['save'])) { + //value-checking + if($_POST['groupname']==""){ + $input_errors[] = "group name must not be empty!"; + } + if($_POST['old_groupname'] != $_POST['groupname']) { + // Either a new group, or one with a group name change + if (isset($config['system']['groups'][$_POST['groupname']])) { + $input_errors[] = "group name can not match an existing group!"; + } + } + + //check groupname: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: groupname can + //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a groupname, config.xml + //could not be parsed anymore! + if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['groupname'])){ + $input_errors[] = "groupname contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; + } + if(!empty($input_errors)){ + //there are illegal inputs --> print out error message and show formula again + //and fill in all recently entered values except passwords + $_GET['act']="new"; + $_POST['old_groupname']=($_POST['old_groupname'] ? $_POST['old_groupname'] : $_POST['groupname']); + $_GET['groupname']=$_POST['old_groupname']; + + $group['description']=$_POST['description']; + + foreach ($pages as $fname => $title) { + $id = str_replace('.php','',$fname); + if ($_POST[$id] == 'yes') { + $group['pages'][] = $fname; + } + } + + } else { + //all values are okay --> saving changes + $_POST['groupname']=trim($_POST['groupname']); + if($_POST['old_groupname']!="" && $_POST['old_groupname']!=$_POST['groupname']){ + //change the groupname (which is used as array-index) + $config['system']['groups'][$_POST['groupname']]=$config['system']['groups'][$_POST['old_groupname']]; + unset($config['system']['groups'][$_POST['old_groupname']]); + + // Group name was changed. Update all users that are members of this group to point to the new groupname. + foreach ($config['system']['users'] as $key => $user) { + if ($user['group'] == $_POST['old_groupname']) + $config['system']['users'][$key]['group'] = $_POST['groupname']; + } + } + $config['system']['groups'][$_POST['groupname']]['description']=trim($_POST['description']); + // Clear pages info and read pages from POST + if (isset($config['system']['groups'][$_POST['groupname']]['pages'])) + unset($config['system']['groups'][$_POST['groupname']]['pages']); + foreach ($pages as $fname => $title) { + $id = str_replace('.php','',$fname); + if ($_POST[$id] == 'yes') { + $config['system']['groups'][$_POST['groupname']]['pages'][] = $fname; + } + } + write_config(); + $retval = system_password_configure(); + $savemsg = get_std_save_message($retval); + $savemsg="Group ".$_POST['groupname']." successfully saved
"; + } +} + +?> + + + + + + + +
+
    + 'system_usermanager.php', + 'Groups' => 'system_groupmanager.php'); + dynamic_tab_menu($tabs); + ?> +
+
+ +
+ + + + + + + + + + + + + + + + + + + +
Group name + +
Description + +
+ Group description, for your own information only

 Select that pages that this group may access. Members of this group will be able to perform all actions that
  are possible from each individual web page. Ensure you set access levels appropriately.

+  Note: Pages + marked with an * are strongly recommended for every group. +
+ + + + + + + $title) { + $id = str_replace('.php','',$fname); + ?> + + + + + +
 Page DescriptionFilename
+ >
+
  + + +
+
+ + + + + + + + + $group){ +?> + + + + + + + + + + + + + + +
Group nameDescriptionPages Accessible
+   + +   + + + +  
+ Additional webGui admin groups can be added here. Each group can be restricted to specific portions of the webGUI. Individually select the desired web pages each group may access. For example, a troubleshooting group could be created which has access only to selected Status and Diagnostics pages. +
+ + +
\ No newline at end of file diff --git a/webgui/system_usermanager.php b/webgui/system_usermanager.php index 6e0b581..b26ee93 100644 --- a/webgui/system_usermanager.php +++ b/webgui/system_usermanager.php @@ -1,325 +1,325 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Copyright (C) 2003-2005 Manuel Kasper . - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - -// The page title for non-admins -$pgtitle = array("System", "User password"); -if ($_SERVER['REMOTE_USER'] === $config['system']['username']) { - $pgtitle = array("System", "User manager"); -} - -?> - -"; - } - - if(isset($_POST['save'])) { - //value-checking - if(trim($_POST['password1'])!="********" && - trim($_POST['password1'])!="" && - trim($_POST['password1'])!=trim($_POST['password2'])){ - //passwords are to be changed but don't match - $input_errors[]="passwords don't match"; - } - if((trim($_POST['password1'])=="" || trim($_POST['password1'])=="********") && - (trim($_POST['password2'])=="" || trim($_POST['password2'])=="********")){ - //assume password should be left as is if a password is set already. - if(!empty($config['system']['users'][$_POST['old_username']]['password'])){ - $_POST['password1']="********"; - $_POST['password2']="********"; - } else { - $input_errors[]="password must not be empty"; - } - } else { - if(trim($_POST['password1'])!=trim($_POST['password2'])){ - //passwords are to be changed or set but don't match - $input_errors[]="passwords don't match"; - } else { - //check password for invalid characters - if(!preg_match('/^[a-zA-Z0-9_\-\.@\~\(\)\&\*\+§?!\$£°\%;:]*$/',$_POST['username'])){ - $input_errors[] = "password contains illegal characters, only letters from A-Z and a-z, _, -, .,@,~,(,),&,*,+,§,?,!,$,£,°,%,;,: and numbers are allowed"; - //test pw: AZaz_-.@~()&*+§?!$£°%;: - } - } - } - if($_POST['username']==""){ - $input_errors[] = "username must not be empty!"; - } - if($_POST['username']==$config['system']['username']) { - $input_errors[] = "username can not match the administrator username!"; - } - if($_POST['old_username'] != $_POST['username']) { - // Either a new user, or one with a username change - if (isset($config['system']['users'][$_POST['username']])) { - $input_errors[] = "username can not match an existing user!"; - } - } - if(!isset($config['system']['groups'][$_POST['group']])) { - $input_errors[] = "group does not exist, please define the group before assigning users."; - } - - //check username: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: username can - //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a username, config.xml - //could not be parsed anymore! - if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['username'])){ - $input_errors[] = "username contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; - } - if(!empty($input_errors)){ - //there are illegal inputs --> print out error message and show formula again - //and fill in all recently entered values except passwords - $_GET['act']="new"; - $_POST['old_username']=($_POST['old_username'] ? $_POST['old_username'] : $_POST['username']); - $_GET['username']=$_POST['old_username']; - - $user['fullname']=$_POST['fullname']; - - } else { - //all values are okay --> saving changes - $_POST['username']=trim($_POST['username']); - if($_POST['old_username']!="" && $_POST['old_username']!=$_POST['username']){ - //change the username (which is used as array-index) - $config['system']['users'][$_POST['username']]=$config['system']['users'][$_POST['old_username']]; - unset($config['system']['users'][$_POST['old_username']]); - } - $config['system']['users'][$_POST['username']]['fullname']=trim($_POST['fullname']); - if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ - $config['system']['users'][$_POST['username']]['password']=crypt(trim($_POST['password1'])); - } - $config['system']['users'][$_POST['username']]['group']=trim($_POST['group']); - // Remove config information from old way of handling sub-admin users. - if (isset($config['system']['users'][$_POST['username']]['pages'])) - unset($config['system']['users'][$_POST['username']]['pages']); - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg="User ".$_POST['username']." successfully saved
"; - } - } - -?> - - - - - - - -
-
    - 'system_usermanager.php', - 'Groups' => 'system_groupmanager.php'); - dynamic_tab_menu($tabs); - ?> -
-
- -
- - - - - - - - - - - - - - - - - - - - - -
Username - -
Password - ">
- "> - (confirmation)
Full name - -
- User's full name, for your own information only
Group Name - -
- The admin group to which this user is assigned.
  - - -
-
- - - - - - - - - $user){ -?> - - - - - - - - - - - - - - -
UsernameFull nameGroup
-   - -   - - - -  
- Additional webGui users can be added here. User permissions are determined by the admin group they are a member of. -
- - -
- saving changes - if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ - $config['system']['users'][$_SERVER['REMOTE_USER']]['password']=crypt(trim($_POST['password1'])); - } - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = "Password successfully changed
"; - } - } - - -?> - - -
- - - - - - - - - - - - -
's Password
Password -
-  (confirmation)
Select a new password
  - -
-
- - - +#!/usr/local/bin/php +. + All rights reserved. + + Copyright (C) 2003-2005 Manuel Kasper . + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +// The page title for non-admins +$pgtitle = array("System", "User password"); +if ($_SERVER['REMOTE_USER'] === $config['system']['username']) { + $pgtitle = array("System", "User manager"); +} + +?> + +"; + } + + if(isset($_POST['save'])) { + //value-checking + if(trim($_POST['password1'])!="********" && + trim($_POST['password1'])!="" && + trim($_POST['password1'])!=trim($_POST['password2'])){ + //passwords are to be changed but don't match + $input_errors[]="passwords don't match"; + } + if((trim($_POST['password1'])=="" || trim($_POST['password1'])=="********") && + (trim($_POST['password2'])=="" || trim($_POST['password2'])=="********")){ + //assume password should be left as is if a password is set already. + if(!empty($config['system']['users'][$_POST['old_username']]['password'])){ + $_POST['password1']="********"; + $_POST['password2']="********"; + } else { + $input_errors[]="password must not be empty"; + } + } else { + if(trim($_POST['password1'])!=trim($_POST['password2'])){ + //passwords are to be changed or set but don't match + $input_errors[]="passwords don't match"; + } else { + //check password for invalid characters + if(!preg_match('/^[a-zA-Z0-9_\-\.@\~\(\)\&\*\+§?!\$£°\%;:]*$/',$_POST['username'])){ + $input_errors[] = "password contains illegal characters, only letters from A-Z and a-z, _, -, .,@,~,(,),&,*,+,§,?,!,$,£,°,%,;,: and numbers are allowed"; + //test pw: AZaz_-.@~()&*+§?!$£°%;: + } + } + } + if($_POST['username']==""){ + $input_errors[] = "username must not be empty!"; + } + if($_POST['username']==$config['system']['username']) { + $input_errors[] = "username can not match the administrator username!"; + } + if($_POST['old_username'] != $_POST['username']) { + // Either a new user, or one with a username change + if (isset($config['system']['users'][$_POST['username']])) { + $input_errors[] = "username can not match an existing user!"; + } + } + if(!isset($config['system']['groups'][$_POST['group']])) { + $input_errors[] = "group does not exist, please define the group before assigning users."; + } + + //check username: only allow letters from A-Z and a-z, _, -, . and numbers from 0-9 (note: username can + //not contain characters which are not allowed in an xml-token. i.e. if you'd use @ in a username, config.xml + //could not be parsed anymore! + if(!preg_match('/^[a-zA-Z0-9_\-\.]*$/',$_POST['username'])){ + $input_errors[] = "username contains illegal characters, only letters from A-Z and a-z, _, -, . and numbers are allowed"; + } + if(!empty($input_errors)){ + //there are illegal inputs --> print out error message and show formula again + //and fill in all recently entered values except passwords + $_GET['act']="new"; + $_POST['old_username']=($_POST['old_username'] ? $_POST['old_username'] : $_POST['username']); + $_GET['username']=$_POST['old_username']; + + $user['fullname']=$_POST['fullname']; + + } else { + //all values are okay --> saving changes + $_POST['username']=trim($_POST['username']); + if($_POST['old_username']!="" && $_POST['old_username']!=$_POST['username']){ + //change the username (which is used as array-index) + $config['system']['users'][$_POST['username']]=$config['system']['users'][$_POST['old_username']]; + unset($config['system']['users'][$_POST['old_username']]); + } + $config['system']['users'][$_POST['username']]['fullname']=trim($_POST['fullname']); + if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ + $config['system']['users'][$_POST['username']]['password']=crypt(trim($_POST['password1'])); + } + $config['system']['users'][$_POST['username']]['group']=trim($_POST['group']); + // Remove config information from old way of handling sub-admin users. + if (isset($config['system']['users'][$_POST['username']]['pages'])) + unset($config['system']['users'][$_POST['username']]['pages']); + write_config(); + $retval = system_password_configure(); + $savemsg = get_std_save_message($retval); + $savemsg="User ".$_POST['username']." successfully saved
"; + } + } + +?> + + + + + + + +
+
    + 'system_usermanager.php', + 'Groups' => 'system_groupmanager.php'); + dynamic_tab_menu($tabs); + ?> +
+
+ +
+ + + + + + + + + + + + + + + + + + + + + +
Username + +
Password + ">
+ "> + (confirmation)
Full name + +
+ User's full name, for your own information only
Group Name + +
+ The admin group to which this user is assigned.
  + + +
+
+ + + + + + + + + $user){ +?> + + + + + + + + + + + + + + +
UsernameFull nameGroup
+   + +   + + + +  
+ Additional webGui users can be added here. User permissions are determined by the admin group they are a member of. +
+ + +
+ saving changes + if(trim($_POST['password1'])!="********" && trim($_POST['password1'])!=""){ + $config['system']['users'][$_SERVER['REMOTE_USER']]['password']=crypt(trim($_POST['password1'])); + } + write_config(); + $retval = system_password_configure(); + $savemsg = get_std_save_message($retval); + $savemsg = "Password successfully changed
"; + } + } + + +?> + + +
+ + + + + + + + + + + + +
's Password
Password +
+  (confirmation)
Select a new password
  + +
+
+ + + diff --git a/webgui/vpn_ipsec.php b/webgui/vpn_ipsec.php index 65739bc..ba4ddca 100644 --- a/webgui/vpn_ipsec.php +++ b/webgui/vpn_ipsec.php @@ -1,184 +1,184 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("VPN", "IPsec", "Tunnels"); -require("guiconfig.inc"); - -if (!is_array($config['ipsec']['tunnel'])) { - $config['ipsec']['tunnel'] = array(); -} -$a_ipsec = &$config['ipsec']['tunnel']; -$wancfg = &$config['interfaces']['wan']; - -$pconfig['enable'] = isset($config['ipsec']['enable']); - -if ($_POST) { - - if ($_POST['apply']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) - $retval = vpn_ipsec_configure(); - $savemsg = get_std_save_message($retval); - if ($retval == 0) { - if (file_exists($d_ipsecconfdirty_path)) - unlink($d_ipsecconfdirty_path); - } - } else if ($_POST['submit']) { - $pconfig = $_POST; - - $config['ipsec']['enable'] = $_POST['enable'] ? true : false; - - write_config(); - - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval = vpn_ipsec_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - if ($retval == 0) { - if (file_exists($d_ipsecconfdirty_path)) - unlink($d_ipsecconfdirty_path); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_ipsec[$_GET['id']]) { - unset($a_ipsec[$_GET['id']]); - write_config(); - touch($d_ipsecconfdirty_path); - header("Location: vpn_ipsec.php"); - exit; - } -} -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'vpn_ipsec.php', - 'Mobile clients' => 'vpn_ipsec_mobile.php', - 'Pre-shared keys' => 'vpn_ipsec_keys.php', - 'CAs' => 'vpn_ipsec_ca.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - -
- > - Enable IPsec
-
-  
- - - - - - - - - - - "; - $spane = ""; - } else { - $spans = $spane = ""; - } - ?> - - - - - - - - - - - - - - -
Local net
- Remote net		Interface
Remote gw		P1 modeP1 Enc. AlgoP1 Hash AlgoDescription
- -
- - 		- 'LAN', 'wan' => 'WAN'); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) - $iflabels['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; - $if = htmlspecialchars($iflabels[$ipsecent['interface']]); - } else - $if = "WAN"; - - echo $if . "
" . $ipsecent['remote-gateway']; - ?> - 		- - - - - - -   - -  
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("VPN", "IPsec", "Tunnels"); +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['tunnel'])) { + $config['ipsec']['tunnel'] = array(); +} +$a_ipsec = &$config['ipsec']['tunnel']; +$wancfg = &$config['interfaces']['wan']; + +$pconfig['enable'] = isset($config['ipsec']['enable']); + +if ($_POST) { + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) + $retval = vpn_ipsec_configure(); + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_ipsecconfdirty_path)) + unlink($d_ipsecconfdirty_path); + } + } else if ($_POST['submit']) { + $pconfig = $_POST; + + $config['ipsec']['enable'] = $_POST['enable'] ? true : false; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = vpn_ipsec_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_ipsecconfdirty_path)) + unlink($d_ipsecconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_ipsec[$_GET['id']]) { + unset($a_ipsec[$_GET['id']]); + write_config(); + touch($d_ipsecconfdirty_path); + header("Location: vpn_ipsec.php"); + exit; + } +} +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'vpn_ipsec.php', + 'Mobile clients' => 'vpn_ipsec_mobile.php', + 'Pre-shared keys' => 'vpn_ipsec_keys.php', + 'CAs' => 'vpn_ipsec_ca.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + +
+ > + Enable IPsec
+
+  
+ + + + + + + + + + + "; + $spane = ""; + } else { + $spans = $spane = ""; + } + ?> + + + + + + + + + + + + + + +
Local net
+ Remote net		Interface
Remote gw		P1 modeP1 Enc. AlgoP1 Hash AlgoDescription
+ +
+ + 		+ 'LAN', 'wan' => 'WAN'); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) + $iflabels['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; + $if = htmlspecialchars($iflabels[$ipsecent['interface']]); + } else + $if = "WAN"; + + echo $if . "
" . $ipsecent['remote-gateway']; + ?> + 		+ + + + + + +   + +  
+
+
+ diff --git a/webgui/vpn_ipsec_ca.php b/webgui/vpn_ipsec_ca.php index 01fded3..2b33863 100644 --- a/webgui/vpn_ipsec_ca.php +++ b/webgui/vpn_ipsec_ca.php @@ -1,96 +1,96 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("VPN", "IPsec", "CAs"); -require("guiconfig.inc"); - -if (!is_array($config['ipsec']['cacert'])) { - $config['ipsec']['cacert'] = array(); -} -ipsec_ca_sort(); -$a_secret = &$config['ipsec']['cacert']; - -if ($_GET['act'] == "del") { - if ($a_secret[$_GET['id']]) { - unset($a_secret[$_GET['id']]); - write_config(); - touch($d_ipsecconfdirty_path); - header("Location: vpn_ipsec_ca.php"); - exit; - } -} - -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'vpn_ipsec.php', - 'Mobile clients' => 'vpn_ipsec_mobile.php', - 'Pre-shared keys' => 'vpn_ipsec_keys.php', - 'CAs' => 'vpn_ipsec_ca.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - -
Identifier
- - -  
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("VPN", "IPsec", "CAs"); +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['cacert'])) { + $config['ipsec']['cacert'] = array(); +} +ipsec_ca_sort(); +$a_secret = &$config['ipsec']['cacert']; + +if ($_GET['act'] == "del") { + if ($a_secret[$_GET['id']]) { + unset($a_secret[$_GET['id']]); + write_config(); + touch($d_ipsecconfdirty_path); + header("Location: vpn_ipsec_ca.php"); + exit; + } +} + +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'vpn_ipsec.php', + 'Mobile clients' => 'vpn_ipsec_mobile.php', + 'Pre-shared keys' => 'vpn_ipsec_keys.php', + 'CAs' => 'vpn_ipsec_ca.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + +
Identifier
+ + +  
+
+
+ diff --git a/webgui/vpn_ipsec_keys.php b/webgui/vpn_ipsec_keys.php index eaae0ae..d6b3cd7 100644 --- a/webgui/vpn_ipsec_keys.php +++ b/webgui/vpn_ipsec_keys.php @@ -1,100 +1,100 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("VPN", "IPsec", "Pre-shared keys"); -require("guiconfig.inc"); - -if (!is_array($config['ipsec']['mobilekey'])) { - $config['ipsec']['mobilekey'] = array(); -} -ipsec_mobilekey_sort(); -$a_secret = &$config['ipsec']['mobilekey']; - -if ($_GET['act'] == "del") { - if ($a_secret[$_GET['id']]) { - unset($a_secret[$_GET['id']]); - write_config(); - touch($d_ipsecconfdirty_path); - header("Location: vpn_ipsec_keys.php"); - exit; - } -} - -?> - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- - - - - - -
-
    - 'vpn_ipsec.php', - 'Mobile clients' => 'vpn_ipsec_mobile.php', - 'Pre-shared keys' => 'vpn_ipsec_keys.php', - 'CAs' => 'vpn_ipsec_ca.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - -
IdentifierPre-shared key
- - - - -  
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("VPN", "IPsec", "Pre-shared keys"); +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['mobilekey'])) { + $config['ipsec']['mobilekey'] = array(); +} +ipsec_mobilekey_sort(); +$a_secret = &$config['ipsec']['mobilekey']; + +if ($_GET['act'] == "del") { + if ($a_secret[$_GET['id']]) { + unset($a_secret[$_GET['id']]); + write_config(); + touch($d_ipsecconfdirty_path); + header("Location: vpn_ipsec_keys.php"); + exit; + } +} + +?> + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ + + + + + +
+
    + 'vpn_ipsec.php', + 'Mobile clients' => 'vpn_ipsec_mobile.php', + 'Pre-shared keys' => 'vpn_ipsec_keys.php', + 'CAs' => 'vpn_ipsec_ca.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + +
IdentifierPre-shared key
+ + + + +  
+
+
+ diff --git a/webgui/vpn_ipsec_mobile.php b/webgui/vpn_ipsec_mobile.php index 173e969..0da79a4 100644 --- a/webgui/vpn_ipsec_mobile.php +++ b/webgui/vpn_ipsec_mobile.php @@ -1,384 +1,384 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("VPN", "IPsec", "Mobile clients"); -require("guiconfig.inc"); - -if (!is_array($config['ipsec']['mobileclients'])) { - $config['ipsec']['mobileclients'] = array(); -} -$a_ipsec = &$config['ipsec']['mobileclients']; - -if (count($a_ipsec) == 0) { - /* defaults */ - $pconfig['p1mode'] = "aggressive"; - $pconfig['p1myidentt'] = "myaddress"; - $pconfig['p1ealgo'] = "3des"; - $pconfig['p1halgo'] = "sha1"; - $pconfig['p1dhgroup'] = "2"; - $pconfig['p1authentication_method'] = "pre_shared_key"; - $pconfig['p2proto'] = "esp"; - $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael"); - $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5"); - $pconfig['p2pfsgroup'] = "0"; -} else { - $pconfig['enable'] = isset($a_ipsec['enable']); - $pconfig['p1mode'] = $a_ipsec['p1']['mode']; - - if (isset($a_ipsec['p1']['myident']['myaddress'])) - $pconfig['p1myidentt'] = 'myaddress'; - else if (isset($a_ipsec['p1']['myident']['address'])) { - $pconfig['p1myidentt'] = 'address'; - $pconfig['p1myident'] = $a_ipsec['p1']['myident']['address']; - } else if (isset($a_ipsec['p1']['myident']['fqdn'])) { - $pconfig['p1myidentt'] = 'fqdn'; - $pconfig['p1myident'] = $a_ipsec['p1']['myident']['fqdn']; - } else if (isset($a_ipsec['p1']['myident']['ufqdn'])) { - $pconfig['p1myidentt'] = 'user_fqdn'; - $pconfig['p1myident'] = $a_ipsec['p1']['myident']['ufqdn']; - } - - $pconfig['p1ealgo'] = $a_ipsec['p1']['encryption-algorithm']; - $pconfig['p1halgo'] = $a_ipsec['p1']['hash-algorithm']; - $pconfig['p1dhgroup'] = $a_ipsec['p1']['dhgroup']; - $pconfig['p1lifetime'] = $a_ipsec['p1']['lifetime']; - $pconfig['p1authentication_method'] = $a_ipsec['p1']['authentication_method']; - $pconfig['p1cert'] = base64_decode($a_ipsec['p1']['cert']); - $pconfig['p1privatekey'] = base64_decode($a_ipsec['p1']['private-key']); - $pconfig['p2proto'] = $a_ipsec['p2']['protocol']; - $pconfig['p2ealgos'] = $a_ipsec['p2']['encryption-algorithm-option']; - $pconfig['p2halgos'] = $a_ipsec['p2']['hash-algorithm-option']; - $pconfig['p2pfsgroup'] = $a_ipsec['p2']['pfsgroup']; - $pconfig['p2lifetime'] = $a_ipsec['p2']['lifetime']; -} - -if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "p2ealgos p2halgos"); - $reqdfieldsn = explode(",", "P2 Encryption Algorithms,P2 Hash Algorithms"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if ($_POST['p1authentication_method']== "rsasig") { - if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE")) - $input_errors[] = "This certificate does not appear to be valid."; - if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY")) - $input_errors[] = "This key does not appear to be valid."; - } - - if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) { - $input_errors[] = "The P1 lifetime must be an integer."; - } - if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) { - $input_errors[] = "The P2 lifetime must be an integer."; - } - if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) { - $input_errors[] = "A valid IP address for 'My identifier' must be specified."; - } - if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) { - $input_errors[] = "A valid domain name for 'My identifier' must be specified."; - } - if ($_POST['p1myidentt'] == "user_fqdn") { - $ufqdn = explode("@",$_POST['p1myident']); - if (!is_domain($ufqdn[1])) - $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified."; - } - - if ($_POST['p1myidentt'] == "myaddress") - $_POST['p1myident'] = ""; - - if (!$input_errors) { - $ipsecent = array(); - $ipsecent['enable'] = $_POST['enable'] ? true : false; - $ipsecent['p1']['mode'] = $_POST['p1mode']; - - $ipsecent['p1']['myident'] = array(); - switch ($_POST['p1myidentt']) { - case 'myaddress': - $ipsecent['p1']['myident']['myaddress'] = true; - break; - case 'address': - $ipsecent['p1']['myident']['address'] = $_POST['p1myident']; - break; - case 'fqdn': - $ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident']; - break; - case 'user_fqdn': - $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident']; - break; - } - - $ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo']; - $ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo']; - $ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup']; - $ipsecent['p1']['lifetime'] = $_POST['p1lifetime']; - $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']); - $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']); - $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method']; - $ipsecent['p2']['protocol'] = $_POST['p2proto']; - $ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos']; - $ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos']; - $ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup']; - $ipsecent['p2']['lifetime'] = $_POST['p2lifetime']; - - $a_ipsec = $ipsecent; - - write_config(); - touch($d_ipsecconfdirty_path); - - header("Location: vpn_ipsec_mobile.php"); - exit; - } -} -?> - - -
- -

-You must apply the changes in order for them to take effect.");?>
-

- -
-
- - - - - -
-
    - 'vpn_ipsec.php', - 'Mobile clients' => 'vpn_ipsec_mobile.php', - 'Pre-shared keys' => 'vpn_ipsec_keys.php', - 'CAs' => 'vpn_ipsec_ca.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - > - Allow mobile clients
Phase 1 proposal - (Authentication)
Negotiation mode -
Aggressive is faster, but - less secure.
My identifier - -
Encryption algorithm -
Must match the setting - chosen on the remote side.
Hash algorithm -
Must match the setting - chosen on the remote side.
DH key group -
1 = 768 bit, 2 = 1024 - bit, 5 = 1536 bit
- Must match the setting chosen on the remote side.
Lifetime - - seconds
Authentication method -
Must match the setting - chosen on the remote side.
Certificate - -
- Paste a certificate in X.509 PEM format here.
Key - -
- Paste an RSA private key in PEM format here.
Phase 2 proposal - (SA/Key Exchange)
Protocol -
ESP is encryption, AH is - authentication only
Encryption algorithms - $algoname): ?> - > - -
- -
- Hint: use 3DES for best compatibility or if you have a hardware - crypto accelerator card. Blowfish is usually the fastest in - software encryption.
Hash algorithms - $algoname): ?> - > - -
- -
PFS key group -
1 = 768 bit, 2 = 1024 - bit, 5 = 1536 bit
Lifetime - - seconds
  - -
-
-
- - +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("VPN", "IPsec", "Mobile clients"); +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['mobileclients'])) { + $config['ipsec']['mobileclients'] = array(); +} +$a_ipsec = &$config['ipsec']['mobileclients']; + +if (count($a_ipsec) == 0) { + /* defaults */ + $pconfig['p1mode'] = "aggressive"; + $pconfig['p1myidentt'] = "myaddress"; + $pconfig['p1ealgo'] = "3des"; + $pconfig['p1halgo'] = "sha1"; + $pconfig['p1dhgroup'] = "2"; + $pconfig['p1authentication_method'] = "pre_shared_key"; + $pconfig['p2proto'] = "esp"; + $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael"); + $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5"); + $pconfig['p2pfsgroup'] = "0"; +} else { + $pconfig['enable'] = isset($a_ipsec['enable']); + $pconfig['p1mode'] = $a_ipsec['p1']['mode']; + + if (isset($a_ipsec['p1']['myident']['myaddress'])) + $pconfig['p1myidentt'] = 'myaddress'; + else if (isset($a_ipsec['p1']['myident']['address'])) { + $pconfig['p1myidentt'] = 'address'; + $pconfig['p1myident'] = $a_ipsec['p1']['myident']['address']; + } else if (isset($a_ipsec['p1']['myident']['fqdn'])) { + $pconfig['p1myidentt'] = 'fqdn'; + $pconfig['p1myident'] = $a_ipsec['p1']['myident']['fqdn']; + } else if (isset($a_ipsec['p1']['myident']['ufqdn'])) { + $pconfig['p1myidentt'] = 'user_fqdn'; + $pconfig['p1myident'] = $a_ipsec['p1']['myident']['ufqdn']; + } + + $pconfig['p1ealgo'] = $a_ipsec['p1']['encryption-algorithm']; + $pconfig['p1halgo'] = $a_ipsec['p1']['hash-algorithm']; + $pconfig['p1dhgroup'] = $a_ipsec['p1']['dhgroup']; + $pconfig['p1lifetime'] = $a_ipsec['p1']['lifetime']; + $pconfig['p1authentication_method'] = $a_ipsec['p1']['authentication_method']; + $pconfig['p1cert'] = base64_decode($a_ipsec['p1']['cert']); + $pconfig['p1privatekey'] = base64_decode($a_ipsec['p1']['private-key']); + $pconfig['p2proto'] = $a_ipsec['p2']['protocol']; + $pconfig['p2ealgos'] = $a_ipsec['p2']['encryption-algorithm-option']; + $pconfig['p2halgos'] = $a_ipsec['p2']['hash-algorithm-option']; + $pconfig['p2pfsgroup'] = $a_ipsec['p2']['pfsgroup']; + $pconfig['p2lifetime'] = $a_ipsec['p2']['lifetime']; +} + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "p2ealgos p2halgos"); + $reqdfieldsn = explode(",", "P2 Encryption Algorithms,P2 Hash Algorithms"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ($_POST['p1authentication_method']== "rsasig") { + if (!strstr($_POST['p1cert'], "BEGIN CERTIFICATE") || !strstr($_POST['p1cert'], "END CERTIFICATE")) + $input_errors[] = "This certificate does not appear to be valid."; + if (!strstr($_POST['p1privatekey'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['p1privatekey'], "END RSA PRIVATE KEY")) + $input_errors[] = "This key does not appear to be valid."; + } + + if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) { + $input_errors[] = "The P1 lifetime must be an integer."; + } + if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) { + $input_errors[] = "The P2 lifetime must be an integer."; + } + if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) { + $input_errors[] = "A valid IP address for 'My identifier' must be specified."; + } + if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) { + $input_errors[] = "A valid domain name for 'My identifier' must be specified."; + } + if ($_POST['p1myidentt'] == "user_fqdn") { + $ufqdn = explode("@",$_POST['p1myident']); + if (!is_domain($ufqdn[1])) + $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified."; + } + + if ($_POST['p1myidentt'] == "myaddress") + $_POST['p1myident'] = ""; + + if (!$input_errors) { + $ipsecent = array(); + $ipsecent['enable'] = $_POST['enable'] ? true : false; + $ipsecent['p1']['mode'] = $_POST['p1mode']; + + $ipsecent['p1']['myident'] = array(); + switch ($_POST['p1myidentt']) { + case 'myaddress': + $ipsecent['p1']['myident']['myaddress'] = true; + break; + case 'address': + $ipsecent['p1']['myident']['address'] = $_POST['p1myident']; + break; + case 'fqdn': + $ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident']; + break; + case 'user_fqdn': + $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident']; + break; + } + + $ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo']; + $ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo']; + $ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup']; + $ipsecent['p1']['lifetime'] = $_POST['p1lifetime']; + $ipsecent['p1']['private-key'] = base64_encode($_POST['p1privatekey']); + $ipsecent['p1']['cert'] = base64_encode($_POST['p1cert']); + $ipsecent['p1']['authentication_method'] = $_POST['p1authentication_method']; + $ipsecent['p2']['protocol'] = $_POST['p2proto']; + $ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos']; + $ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos']; + $ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup']; + $ipsecent['p2']['lifetime'] = $_POST['p2lifetime']; + + $a_ipsec = $ipsecent; + + write_config(); + touch($d_ipsecconfdirty_path); + + header("Location: vpn_ipsec_mobile.php"); + exit; + } +} +?> + + +
+ +

+You must apply the changes in order for them to take effect.");?>
+

+ +
+
+ + + + + +
+
    + 'vpn_ipsec.php', + 'Mobile clients' => 'vpn_ipsec_mobile.php', + 'Pre-shared keys' => 'vpn_ipsec_keys.php', + 'CAs' => 'vpn_ipsec_ca.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  + > + Allow mobile clients
Phase 1 proposal + (Authentication)
Negotiation mode +
Aggressive is faster, but + less secure.
My identifier + +
Encryption algorithm +
Must match the setting + chosen on the remote side.
Hash algorithm +
Must match the setting + chosen on the remote side.
DH key group +
1 = 768 bit, 2 = 1024 + bit, 5 = 1536 bit
+ Must match the setting chosen on the remote side.
Lifetime + + seconds
Authentication method +
Must match the setting + chosen on the remote side.
Certificate + +
+ Paste a certificate in X.509 PEM format here.
Key + +
+ Paste an RSA private key in PEM format here.
Phase 2 proposal + (SA/Key Exchange)
Protocol +
ESP is encryption, AH is + authentication only
Encryption algorithms + $algoname): ?> + > + +
+ +
+ Hint: use 3DES for best compatibility or if you have a hardware + crypto accelerator card. Blowfish is usually the fastest in + software encryption.
Hash algorithms + $algoname): ?> + > + +
+ +
PFS key group +
1 = 768 bit, 2 = 1024 + bit, 5 = 1536 bit
Lifetime + + seconds
  + +
+
+
+ + diff --git a/webgui/vpn_pptp.php b/webgui/vpn_pptp.php index 024b21c..b9e4193 100644 --- a/webgui/vpn_pptp.php +++ b/webgui/vpn_pptp.php @@ -1,299 +1,299 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("VPN", "PPTP", "Configuration"); -require("guiconfig.inc"); - -if (!is_array($config['pptpd']['radius'])) { - $config['pptpd']['radius'] = array(); -} -$pptpcfg = &$config['pptpd']; - -$pconfig['remoteip'] = $pptpcfg['remoteip']; -$pconfig['localip'] = $pptpcfg['localip']; -$pconfig['redir'] = $pptpcfg['redir']; -$pconfig['mode'] = $pptpcfg['mode']; -$pconfig['req128'] = isset($pptpcfg['req128']); -$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']); -$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']); -$pconfig['radiusserver'] = $pptpcfg['radius']['server']; -$pconfig['radiussecret'] = $pptpcfg['radius']['secret']; - -if ($_POST) { - - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - if ($_POST['mode'] == "server") { - $reqdfields = explode(" ", "localip remoteip"); - $reqdfieldsn = explode(",", "Server address,Remote start address"); - - if ($_POST['radiusenable']) { - $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); - $reqdfieldsn = array_merge($reqdfieldsn, - explode(",", "RADIUS server address,RADIUS shared secret")); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { - $input_errors[] = "A valid server address must be specified."; - } - if (($_POST['subnet'] && !is_ipaddr($_POST['remoteip']))) { - $input_errors[] = "A valid remote start address must be specified."; - } - if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { - $input_errors[] = "A valid RADIUS server address must be specified."; - } - - if (!$input_errors) { - $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']); - $subnet_start = ip2long($_POST['remoteip']); - $subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1; - - if ((ip2long($_POST['localip']) >= $subnet_start) && - (ip2long($_POST['localip']) <= $subnet_end)) { - $input_errors[] = "The specified server address lies in the remote subnet."; - } - if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { - $input_errors[] = "The specified server address is equal to the LAN interface address."; - } - } - } else if ($_POST['mode'] == "redir") { - $reqdfields = explode(" ", "redir"); - $reqdfieldsn = explode(",", "PPTP redirection target address"); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) { - $input_errors[] = "A valid target address must be specified."; - } - } - - if (!$input_errors) { - $pptpcfg['remoteip'] = $_POST['remoteip']; - $pptpcfg['redir'] = $_POST['redir']; - $pptpcfg['localip'] = $_POST['localip']; - $pptpcfg['mode'] = $_POST['mode']; - $pptpcfg['req128'] = $_POST['req128'] ? true : false; - $pptpcfg['radius']['enable'] = $_POST['radiusenable'] ? true : false; - $pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false; - $pptpcfg['radius']['server'] = $_POST['radiusserver']; - $pptpcfg['radius']['secret'] = $_POST['radiussecret']; - - write_config(); - - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval = vpn_pptpd_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - } -} -?> - - -
- - - - - - - -
-
    - 'vpn_pptp.php', - 'Users' => 'vpn_pptp_users.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  - > - Off
  -> - Redirect incoming PPTP connections to:
PPTP redirection - -
- Enter the IP address of a host which will accept incoming - PPTP connections.
  -> - Enable PPTP server
Max. concurrent - connections - -
Server address - -
- Enter the IP address the PPTP server should use on its side - for all clients.
Remote address - range - - / - -
- Specify the starting address for the client IP address subnet.
- The PPTP server will assign - - addresses, starting at the address entered above, to clients.
RADIUS - > - Use a RADIUS server for authentication
- When set, all users will be authenticated using - the RADIUS server specified below. The local user database - will not be used.
-
- > - Enable RADIUS accounting
- Sends accounting packets to the RADIUS server.
RADIUS server - -
- Enter the IP address of the RADIUS server.
RADIUS shared secret - -
- Enter the shared secret that will be used to authenticate - to the RADIUS server.
  - > - Require 128-bit encryption
- When set, 128-bit encryption will be accepted. Otherwise, - 40-bit and 56-bit encryption will be accepted, too. Note that - encryption will always be forced on PPTP connections (i.e. - unencrypted connections will not be accepted).
  - -
 Note:
- don't forget to add a firewall rule to permit - traffic from PPTP clients!
-
-
- - +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("VPN", "PPTP", "Configuration"); +require("guiconfig.inc"); + +if (!is_array($config['pptpd']['radius'])) { + $config['pptpd']['radius'] = array(); +} +$pptpcfg = &$config['pptpd']; + +$pconfig['remoteip'] = $pptpcfg['remoteip']; +$pconfig['localip'] = $pptpcfg['localip']; +$pconfig['redir'] = $pptpcfg['redir']; +$pconfig['mode'] = $pptpcfg['mode']; +$pconfig['req128'] = isset($pptpcfg['req128']); +$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']); +$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']); +$pconfig['radiusserver'] = $pptpcfg['radius']['server']; +$pconfig['radiussecret'] = $pptpcfg['radius']['secret']; + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['mode'] == "server") { + $reqdfields = explode(" ", "localip remoteip"); + $reqdfieldsn = explode(",", "Server address,Remote start address"); + + if ($_POST['radiusenable']) { + $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); + $reqdfieldsn = array_merge($reqdfieldsn, + explode(",", "RADIUS server address,RADIUS shared secret")); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { + $input_errors[] = "A valid server address must be specified."; + } + if (($_POST['subnet'] && !is_ipaddr($_POST['remoteip']))) { + $input_errors[] = "A valid remote start address must be specified."; + } + if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { + $input_errors[] = "A valid RADIUS server address must be specified."; + } + + if (!$input_errors) { + $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']); + $subnet_start = ip2long($_POST['remoteip']); + $subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1; + + if ((ip2long($_POST['localip']) >= $subnet_start) && + (ip2long($_POST['localip']) <= $subnet_end)) { + $input_errors[] = "The specified server address lies in the remote subnet."; + } + if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { + $input_errors[] = "The specified server address is equal to the LAN interface address."; + } + } + } else if ($_POST['mode'] == "redir") { + $reqdfields = explode(" ", "redir"); + $reqdfieldsn = explode(",", "PPTP redirection target address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) { + $input_errors[] = "A valid target address must be specified."; + } + } + + if (!$input_errors) { + $pptpcfg['remoteip'] = $_POST['remoteip']; + $pptpcfg['redir'] = $_POST['redir']; + $pptpcfg['localip'] = $_POST['localip']; + $pptpcfg['mode'] = $_POST['mode']; + $pptpcfg['req128'] = $_POST['req128'] ? true : false; + $pptpcfg['radius']['enable'] = $_POST['radiusenable'] ? true : false; + $pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false; + $pptpcfg['radius']['server'] = $_POST['radiusserver']; + $pptpcfg['radius']['secret'] = $_POST['radiussecret']; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = vpn_pptpd_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + +
+ + + + + + + +
+
    + 'vpn_pptp.php', + 'Users' => 'vpn_pptp_users.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
  + > + Off
  +> + Redirect incoming PPTP connections to:
PPTP redirection + +
+ Enter the IP address of a host which will accept incoming + PPTP connections.
  +> + Enable PPTP server
Max. concurrent + connections + +
Server address + +
+ Enter the IP address the PPTP server should use on its side + for all clients.
Remote address + range + + / + +
+ Specify the starting address for the client IP address subnet.
+ The PPTP server will assign + + addresses, starting at the address entered above, to clients.
RADIUS + > + Use a RADIUS server for authentication
+ When set, all users will be authenticated using + the RADIUS server specified below. The local user database + will not be used.
+
+ > + Enable RADIUS accounting
+ Sends accounting packets to the RADIUS server.
RADIUS server + +
+ Enter the IP address of the RADIUS server.
RADIUS shared secret + +
+ Enter the shared secret that will be used to authenticate + to the RADIUS server.
  + > + Require 128-bit encryption
+ When set, 128-bit encryption will be accepted. Otherwise, + 40-bit and 56-bit encryption will be accepted, too. Note that + encryption will always be forced on PPTP connections (i.e. + unencrypted connections will not be accepted).
  + +
 Note:
+ don't forget to add a firewall rule to permit + traffic from PPTP clients!
+
+
+ + diff --git a/webgui/vpn_pptp_users.php b/webgui/vpn_pptp_users.php index 187ed68..647702e 100644 --- a/webgui/vpn_pptp_users.php +++ b/webgui/vpn_pptp_users.php @@ -1,118 +1,118 @@ -#!/usr/local/bin/php -. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -$pgtitle = array("VPN", "PPTP", "Users"); -require("guiconfig.inc"); - -if (!is_array($config['pptpd']['user'])) { - $config['pptpd']['user'] = array(); -} -pptpd_users_sort(); -$a_secret = &$config['pptpd']['user']; - -if ($_POST) { - - $pconfig = $_POST; - - if ($_POST['apply']) { - $retval = 0; - if (!file_exists($d_sysrebootreqd_path)) { - config_lock(); - $retval = vpn_pptpd_configure(); - config_unlock(); - } - $savemsg = get_std_save_message($retval); - if ($retval == 0) { - if (file_exists($d_pptpuserdirty_path)) - unlink($d_pptpuserdirty_path); - } - } -} - -if ($_GET['act'] == "del") { - if ($a_secret[$_GET['id']]) { - unset($a_secret[$_GET['id']]); - write_config(); - touch($d_pptpuserdirty_path); - header("Location: vpn_pptp_users.php"); - exit; - } -} -?> - -
- - -

-You must apply the changes in order for them to take effect.
Warning: this will terminate all current PPTP sessions!");?>
-

- - - - - - -
-
    - 'vpn_pptp.php', - 'Users' => 'vpn_pptp_users.php'); - dynamic_tab_menu($tabs); -?> -
-
- - - - - - - - - - - - - - - - - -
UsernameIP address
- - -   - -  
-
-
- +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$pgtitle = array("VPN", "PPTP", "Users"); +require("guiconfig.inc"); + +if (!is_array($config['pptpd']['user'])) { + $config['pptpd']['user'] = array(); +} +pptpd_users_sort(); +$a_secret = &$config['pptpd']['user']; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = vpn_pptpd_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_pptpuserdirty_path)) + unlink($d_pptpuserdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_secret[$_GET['id']]) { + unset($a_secret[$_GET['id']]); + write_config(); + touch($d_pptpuserdirty_path); + header("Location: vpn_pptp_users.php"); + exit; + } +} +?> + +
+ + +

+You must apply the changes in order for them to take effect.
Warning: this will terminate all current PPTP sessions!");?>
+

+ + + + + + +
+
    + 'vpn_pptp.php', + 'Users' => 'vpn_pptp_users.php'); + dynamic_tab_menu($tabs); +?> +
+
+ + + + + + + + + + + + + + + + + +
UsernameIP address
+ + +   + +  
+
+
+ -- 2.25.1