mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
firewall.cgi: Add a checkbox to enable SYN flood protection
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
@@ -894,6 +894,7 @@ WARNING: untranslated string: enable disable client = unknown string
|
||||
WARNING: untranslated string: enable disable dyndns = unknown string
|
||||
WARNING: untranslated string: error message = unknown string
|
||||
WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwhost cust locationgrp = unknown string
|
||||
WARNING: untranslated string: fwhost err hostip = unknown string
|
||||
WARNING: untranslated string: guardian block a host = unknown string
|
||||
|
||||
@@ -890,6 +890,7 @@ WARNING: untranslated string: fwdfw rulepos = Rule position
|
||||
WARNING: untranslated string: fwdfw snat = Source NAT
|
||||
WARNING: untranslated string: fwdfw source = Source
|
||||
WARNING: untranslated string: fwdfw sourceip = Source address (MAC/IP address or network):
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwdfw target = Destination
|
||||
WARNING: untranslated string: fwdfw targetip = Destination address (IP address or network):
|
||||
WARNING: untranslated string: fwdfw timeframe = Use time constraints
|
||||
|
||||
@@ -958,6 +958,7 @@ WARNING: untranslated string: extrahd mounted = Mounted
|
||||
WARNING: untranslated string: extrahd no mount point given = No mount point given
|
||||
WARNING: untranslated string: extrahd not configured = Not configured
|
||||
WARNING: untranslated string: extrahd not mounted = Not mounted
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwhost cust locationgrp = unknown string
|
||||
WARNING: untranslated string: fwhost err hostip = unknown string
|
||||
WARNING: untranslated string: guardian block a host = unknown string
|
||||
|
||||
@@ -912,6 +912,7 @@ WARNING: untranslated string: enable disable client = unknown string
|
||||
WARNING: untranslated string: enable disable dyndns = unknown string
|
||||
WARNING: untranslated string: error message = unknown string
|
||||
WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwhost cust locationgrp = unknown string
|
||||
WARNING: untranslated string: fwhost err hostip = unknown string
|
||||
WARNING: untranslated string: guardian block a host = unknown string
|
||||
|
||||
@@ -1029,6 +1029,7 @@ WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections p
|
||||
WARNING: untranslated string: fwdfw maxconcon = Max. concurrent connections
|
||||
WARNING: untranslated string: fwdfw numcon = Number of connections
|
||||
WARNING: untranslated string: fwdfw ratelimit = Rate-limit new connections
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwhost addlocationgrp = Add new Location group
|
||||
WARNING: untranslated string: fwhost cust location = Location Groups
|
||||
WARNING: untranslated string: fwhost cust locationgroup = Location Groups
|
||||
|
||||
@@ -1035,6 +1035,7 @@ WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections p
|
||||
WARNING: untranslated string: fwdfw maxconcon = Max. concurrent connections
|
||||
WARNING: untranslated string: fwdfw numcon = Number of connections
|
||||
WARNING: untranslated string: fwdfw ratelimit = Rate-limit new connections
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwhost addlocationgrp = Add new Location group
|
||||
WARNING: untranslated string: fwhost cust location = Location Groups
|
||||
WARNING: untranslated string: fwhost cust locationgroup = Location Groups
|
||||
|
||||
@@ -1093,6 +1093,7 @@ WARNING: untranslated string: fwdfw rulepos = Rule position
|
||||
WARNING: untranslated string: fwdfw snat = Source NAT
|
||||
WARNING: untranslated string: fwdfw source = Source
|
||||
WARNING: untranslated string: fwdfw sourceip = Source address (MAC/IP address or network):
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwdfw target = Destination
|
||||
WARNING: untranslated string: fwdfw targetip = Destination address (IP address or network):
|
||||
WARNING: untranslated string: fwdfw timeframe = Use time constraints
|
||||
|
||||
@@ -1090,6 +1090,7 @@ WARNING: untranslated string: fwdfw rulepos = Rule position
|
||||
WARNING: untranslated string: fwdfw snat = Source NAT
|
||||
WARNING: untranslated string: fwdfw source = Source
|
||||
WARNING: untranslated string: fwdfw sourceip = Source address (MAC/IP address or network):
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwdfw target = Destination
|
||||
WARNING: untranslated string: fwdfw targetip = Destination address (IP address or network):
|
||||
WARNING: untranslated string: fwdfw timeframe = Use time constraints
|
||||
|
||||
@@ -977,6 +977,7 @@ WARNING: untranslated string: force enable = Forced
|
||||
WARNING: untranslated string: foreshadow = Foreshadow
|
||||
WARNING: untranslated string: fw red = Firewall options for RED interface
|
||||
WARNING: untranslated string: fwdfw all subnets = All subnets
|
||||
WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
|
||||
WARNING: untranslated string: fwhost cust locationgrp = unknown string
|
||||
WARNING: untranslated string: fwhost err hostip = unknown string
|
||||
WARNING: untranslated string: generate ptr = Generate PTR
|
||||
|
||||
@@ -56,6 +56,7 @@
|
||||
< enable
|
||||
< error the to date has to be later than the from date
|
||||
< extrahd because it it outside the allowed mount path
|
||||
< fwdfw syn flood protection
|
||||
< g.dtm
|
||||
< g.lite
|
||||
< hostile networks in
|
||||
@@ -120,6 +121,7 @@
|
||||
< extrahd no mount point given
|
||||
< extrahd not configured
|
||||
< extrahd not mounted
|
||||
< fwdfw syn flood protection
|
||||
< hardware vulnerabilities
|
||||
< hostile networks in
|
||||
< hostile networks out
|
||||
@@ -148,6 +150,7 @@
|
||||
< bewan adsl pci st
|
||||
< bewan adsl usb
|
||||
< extrahd because it it outside the allowed mount path
|
||||
< fwdfw syn flood protection
|
||||
< g.dtm
|
||||
< g.lite
|
||||
< hostile networks total
|
||||
@@ -365,6 +368,7 @@
|
||||
< fwdfw maxconcon
|
||||
< fwdfw numcon
|
||||
< fwdfw ratelimit
|
||||
< fwdfw syn flood protection
|
||||
< fwhost addlocationgrp
|
||||
< fwhost cust location
|
||||
< fwhost cust locationgroup
|
||||
@@ -894,6 +898,7 @@
|
||||
< fwdfw maxconcon
|
||||
< fwdfw numcon
|
||||
< fwdfw ratelimit
|
||||
< fwdfw syn flood protection
|
||||
< fwhost addlocationgrp
|
||||
< fwhost cust location
|
||||
< fwhost cust locationgroup
|
||||
@@ -1613,6 +1618,7 @@
|
||||
< fwdfw source
|
||||
< fwdfw sourceip
|
||||
< fwdfw std network
|
||||
< fwdfw syn flood protection
|
||||
< fwdfw target
|
||||
< fwdfw targetip
|
||||
< fwdfw till
|
||||
@@ -2613,6 +2619,7 @@
|
||||
< fwdfw source
|
||||
< fwdfw sourceip
|
||||
< fwdfw std network
|
||||
< fwdfw syn flood protection
|
||||
< fwdfw target
|
||||
< fwdfw targetip
|
||||
< fwdfw till
|
||||
@@ -3327,6 +3334,7 @@
|
||||
< force enable
|
||||
< foreshadow
|
||||
< fwdfw all subnets
|
||||
< fwdfw syn flood protection
|
||||
< fw red
|
||||
< generate ptr
|
||||
< hardware vulnerabilities
|
||||
|
||||
@@ -301,8 +301,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
|
||||
#check if we have an identical rule already
|
||||
if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
|
||||
foreach my $key (sort keys %rulehash){
|
||||
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
|
||||
eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36]"){
|
||||
if ( "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'},$fwdfwsettings{'SYN_FLOOD_PROTECTION'}"
|
||||
eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36],$rulehash{$key}[37]"){
|
||||
$errormessage.=$Lang::tr{'fwdfw err ruleexists'};
|
||||
if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
|
||||
$errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
|
||||
@@ -1624,6 +1624,7 @@ sub newrule
|
||||
$fwdfwsettings{'RATE_LIMIT'} = $hash{$key}[34];
|
||||
$fwdfwsettings{'ratecon'} = $hash{$key}[35];
|
||||
$fwdfwsettings{'RATETIME'} = $hash{$key}[36];
|
||||
$fwdfwsettings{'SYN_FLOOD_PROTECTION'} = $hash{$key}[37];
|
||||
$checked{'grp1'}{$fwdfwsettings{'grp1'}} = 'CHECKED';
|
||||
$checked{'grp2'}{$fwdfwsettings{'grp2'}} = 'CHECKED';
|
||||
$checked{'grp3'}{$fwdfwsettings{'grp3'}} = 'CHECKED';
|
||||
@@ -1631,6 +1632,7 @@ sub newrule
|
||||
$checked{'USESRV'}{$fwdfwsettings{'USESRV'}} = 'CHECKED';
|
||||
$checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} = 'CHECKED';
|
||||
$checked{'LOG'}{$fwdfwsettings{'LOG'}} = 'CHECKED';
|
||||
$checked{'SYN_FLOOD_PROTECTION'}{$fwdfwsettings{'SYN_FLOOD_PROTECTION'}} = 'CHECKED';
|
||||
$checked{'TIME'}{$fwdfwsettings{'TIME'}} = 'CHECKED';
|
||||
$checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} = 'CHECKED';
|
||||
$checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} = 'CHECKED';
|
||||
@@ -2070,6 +2072,12 @@ END
|
||||
</td>
|
||||
<td>$Lang::tr{'fwdfw log rule'}</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<input type='checkbox' name='SYN_FLOOD_PROTECTION' value='ON' $checked{'SYN_FLOOD_PROTECTION'}{'ON'}>
|
||||
</td>
|
||||
<td>$Lang::tr{'fwdfw syn flood protection'}</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td width='1%'>
|
||||
<input type='checkbox' name='TIME' id="USE_TIME_CONSTRAINTS" value='ON' $checked{'TIME'}{'ON'}>
|
||||
@@ -2341,6 +2349,7 @@ sub saverule
|
||||
$$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
|
||||
$$hash{$key}[35] = $fwdfwsettings{'ratecon'};
|
||||
$$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
|
||||
$$hash{$key}[37] = $fwdfwsettings{'SYN_FLOOD_PROTECTION'};
|
||||
&General::writehasharray("$config", $hash);
|
||||
}else{
|
||||
foreach my $key (sort {$a <=> $b} keys %$hash){
|
||||
@@ -2382,6 +2391,7 @@ sub saverule
|
||||
$$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
|
||||
$$hash{$key}[35] = $fwdfwsettings{'ratecon'};
|
||||
$$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
|
||||
$$hash{$key}[37] = $fwdfwsettings{'SYN_FLOOD_PROTECTION'};
|
||||
last;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1246,6 +1246,7 @@
|
||||
'fwdfw source' => 'Source',
|
||||
'fwdfw sourceip' => 'Source address (MAC/IP address or network):',
|
||||
'fwdfw std network' => 'Standard networks:',
|
||||
'fwdfw syn flood protection' => 'Enable SYN Flood Protection (TCP only)',
|
||||
'fwdfw target' => 'Destination',
|
||||
'fwdfw targetip' => 'Destination address (IP address or network):',
|
||||
'fwdfw till' => 'Until:',
|
||||
|
||||
Reference in New Issue
Block a user