release/src-rt-6.x.4708/router/www/advanced-firewall.asp

   1 <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0//EN'>
   2 <!--
   3         Tomato GUI
   4         Copyright (C) 2006-2010 Jonathan Zarate
   5         http://www.polarcloud.com/tomato/
   6
   7         Tomato VLAN GUI
   8         Copyright (C) 2011 Augusto Bott
   9         http://code.google.com/p/tomato-sdhc-vlan/
  10
  11         For use with Tomato Firmware only.
  12         No part of this file may be used without permission.
  13 -->
  14 <html>
  15 <head>
  16 <meta http-equiv='content-type' content='text/html;charset=utf-8'>
  17 <meta name='robots' content='noindex,nofollow'>
  18 <title>[<% ident(); %>] Advanced: Firewall</title>
  19 <link rel='stylesheet' type='text/css' href='tomato.css'>
  20 <% css(); %>
  21 <script type='text/javascript' src='tomato.js'></script>
  22
  23 <!-- / / / -->
  24
  25 <script type='text/javascript' src='debug.js'></script>
  26
  27 <script type='text/javascript'>
  28
  29 //      <% nvram("block_wan,block_wan_limit,block_wan_limit_icmp,block_wan_limit_tr,nf_loopback,ne_syncookies,DSCP_fix_enable,ipv6_ipsec,multicast_pass,multicast_lan,multicast_lan1,multicast_lan2,multicast_lan3,lan_ifname,lan1_ifname,lan2_ifname,lan3_ifname,udpxy_enable,udpxy_stats,udpxy_clients,udpxy_port,ne_snat"); %>
  30
  31 function verifyFields(focused, quiet)
  32 {
  33 /* ICMP */
  34         E('_f_icmp_limit').disabled = !E('_f_icmp').checked;
  35         E('_f_icmp_limit_icmp').disabled = (!E('_f_icmp').checked || !E('_f_icmp_limit').checked);
  36         E('_f_icmp_limit_traceroute').disabled = (!E('_f_icmp').checked || !E('_f_icmp_limit').checked);
  37
  38         var enable_mcast = E('_f_multicast').checked;
  39         E('_f_multicast_lan').disabled = ((!enable_mcast) || (nvram.lan_ifname.length < 1));
  40         E('_f_multicast_lan1').disabled = ((!enable_mcast) || (nvram.lan1_ifname.length < 1));
  41         E('_f_multicast_lan2').disabled = ((!enable_mcast) || (nvram.lan2_ifname.length < 1));
  42         E('_f_multicast_lan3').disabled = ((!enable_mcast) || (nvram.lan3_ifname.length < 1));
  43         if(nvram.lan_ifname.length < 1)
  44                 E('_f_multicast_lan').checked = false;
  45         if(nvram.lan1_ifname.length < 1)
  46                 E('_f_multicast_lan1').checked = false;
  47         if(nvram.lan2_ifname.length < 1)
  48                 E('_f_multicast_lan2').checked = false;
  49         if(nvram.lan3_ifname.length < 1)
  50                 E('_f_multicast_lan3').checked = false;
  51
  52         if ((enable_mcast) && (!E('_f_multicast_lan').checked) && (!E('_f_multicast_lan1').checked) && (!E('_f_multicast_lan2').checked) && (!E('_f_multicast_lan3').checked)) {
  53                 ferror.set('_f_multicast', 'IGMPproxy must be enabled in least one LAN bridge', quiet);
  54                 return 0;
  55         } else {
  56                 ferror.clear('_f_multicast');
  57         }
  58
  59         E('_f_udpxy_stats').disabled = !E('_f_udpxy_enable').checked;
  60         E('_f_udpxy_clients').disabled = !E('_f_udpxy_enable').checked;
  61         E('_f_udpxy_port').disabled = !E('_f_udpxy_enable').checked;
  62
  63         return 1;
  64 }
  65
  66 function save()
  67 {
  68         var fom;
  69
  70         if (!verifyFields(null, 0)) return;
  71
  72         fom = E('_fom');
  73         fom.block_wan.value = E('_f_icmp').checked ? 0 : 1;
  74         fom.block_wan_limit.value = E('_f_icmp_limit').checked? 1 : 0;
  75         fom.block_wan_limit_icmp.value = E('_f_icmp_limit_icmp').value;
  76         fom.block_wan_limit_tr.value = E('_f_icmp_limit_traceroute').value;
  77
  78         fom.ne_syncookies.value = E('_f_syncookies').checked ? 1 : 0;
  79         fom.DSCP_fix_enable.value = E('_f_DSCP_fix_enable').checked ? 1 : 0;
  80         fom.ipv6_ipsec.value = E('_f_ipv6_ipsec').checked ? 1 : 0;
  81         fom.multicast_pass.value = E('_f_multicast').checked ? 1 : 0;
  82         fom.multicast_lan.value = E('_f_multicast_lan').checked ? 1 : 0;
  83         fom.multicast_lan1.value = E('_f_multicast_lan1').checked ? 1 : 0;
  84         fom.multicast_lan2.value = E('_f_multicast_lan2').checked ? 1 : 0;
  85         fom.multicast_lan3.value = E('_f_multicast_lan3').checked ? 1 : 0;
  86         fom.udpxy_enable.value = E('_f_udpxy_enable').checked ? 1 : 0;
  87         fom.udpxy_stats.value = E('_f_udpxy_stats').checked ? 1 : 0;
  88         fom.udpxy_clients.value = E('_f_udpxy_clients').value;
  89         fom.udpxy_port.value = E('_f_udpxy_port').value;
  90         form.submit(fom, 1);
  91 }
  92 </script>
  93
  94 </head>
  95 <body>
  96 <form id='_fom' method='post' action='tomato.cgi'>
  97 <table id='container' cellspacing=0>
  98 <tr><td colspan=2 id='header'>
  99         <div class='title'>Tomato</div>
 100         <div class='version'>Version <% version(); %></div>
 101 </td></tr>
 102 <tr id='body'><td id='navi'><script type='text/javascript'>navi()</script></td>
 103 <td id='content'>
 104 <div id='ident'><% ident(); %></div>
 105
 106 <!-- / / / -->
 107
 108 <input type='hidden' name='_nextpage' value='advanced-firewall.asp'>
 109 <input type='hidden' name='_service' value='firewall-restart'>
 110
 111 <input type='hidden' name='block_wan'>
 112 <input type='hidden' name='block_wan_limit'>
 113 <input type='hidden' name='block_wan_limit_icmp'>
 114 <input type='hidden' name='block_wan_limit_tr'>
 115 <input type='hidden' name='ne_syncookies'>
 116 <input type='hidden' name='DSCP_fix_enable'>
 117 <input type='hidden' name='ipv6_ipsec'>
 118 <input type='hidden' name='multicast_pass'>
 119 <input type='hidden' name='multicast_lan'>
 120 <input type='hidden' name='multicast_lan1'>
 121 <input type='hidden' name='multicast_lan2'>
 122 <input type='hidden' name='multicast_lan3'>
 123 <input type='hidden' name='udpxy_enable'>
 124 <input type='hidden' name='udpxy_stats'>
 125 <input type='hidden' name='udpxy_clients'>
 126 <input type='hidden' name='udpxy_port'>
 127
 128 <div class='section-title'>Firewall</div>
 129 <div class='section'>
 130 <script type='text/javascript'>
 131 createFieldTable('', [
 132         { title: 'Respond to ICMP ping', name: 'f_icmp', type: 'checkbox', value: nvram.block_wan == '0' },
 133         { title: 'Limits per second', name: 'f_icmp_limit', type: 'checkbox', value: nvram.block_wan_limit != '0' },
 134         { title: 'ICMP', indent: 2, name: 'f_icmp_limit_icmp', type: 'text', maxlen: 3, size: 3, suffix: ' <small>requests per second</small>', value: fixInt(nvram.block_wan_limit_icmp || 1, 1, 300, 5) },
 135         { title: 'Traceroute', indent: 2, name: 'f_icmp_limit_traceroute', type: 'text', maxlen: 3, size: 3, suffix: ' <small>requests per second</small>', value: fixInt(nvram.block_wan_limit_tr || 5, 1, 300, 5) },
 136         null,
 137         { title: 'Enable SYN cookies', name: 'f_syncookies', type: 'checkbox', value: nvram.ne_syncookies != '0' },
 138         { title: 'Enable DSCP Fix', name: 'f_DSCP_fix_enable', type: 'checkbox', value: nvram.DSCP_fix_enable != '0', suffix: ' <small>(set DSCP to 0 for all WAN packets; primarily for Comcast)</small>' },
 139         { title: 'IPv6 IPSec Passthrough', name: 'f_ipv6_ipsec', type: 'checkbox', value: nvram.ipv6_ipsec != '0' }
 140 ]);
 141 </script>
 142 </div>
 143
 144 <div class='section-title'>NAT</div>
 145 <div class='section'>
 146 <script type='text/javascript'>
 147 createFieldTable('', [
 148         { title: 'NAT loopback', name: 'nf_loopback', type: 'select', options: [[0,'All'],[1,'Forwarded Only'],[2,'Disabled']], value: fixInt(nvram.nf_loopback, 0, 2, 1) },
 149         { title: 'NAT target', name: 'ne_snat', type: 'select', options: [[0,'MASQUERADE'],[1,'SNAT']], value: nvram.ne_snat }
 150 ]);
 151 </script>
 152 </div>
 153
 154 <div class='section-title'>Multicast</div>
 155 <div class='section'>
 156 <script type='text/javascript'>
 157 createFieldTable('', [
 158         { title: 'Enable IGMPproxy', name: 'f_multicast', type: 'checkbox', value: nvram.multicast_pass == '1' },
 159         { title: 'LAN', indent: 2, name: 'f_multicast_lan', type: 'checkbox', value: (nvram.multicast_lan == '1') },
 160         { title: 'LAN1', indent: 2, name: 'f_multicast_lan1', type: 'checkbox', value: (nvram.multicast_lan1 == '1') },
 161         { title: 'LAN2', indent: 2, name: 'f_multicast_lan2', type: 'checkbox', value: (nvram.multicast_lan2 == '1') },
 162         { title: 'LAN3', indent: 2, name: 'f_multicast_lan3', type: 'checkbox', value: (nvram.multicast_lan3 == '1') },
 163         null,
 164         { title: 'Enable Udpxy', name: 'f_udpxy_enable', type: 'checkbox', value: (nvram.udpxy_enable == '1') },
 165         { title: 'Enable client statistics', indent: 2, name: 'f_udpxy_stats', type: 'checkbox', value: (nvram.udpxy_stats == '1') },
 166         { title: 'Max clients', indent: 2, name: 'f_udpxy_clients', type: 'text', maxlen: 4, size: 6, value: fixInt(nvram.udpxy_clients || 3, 1, 5000, 3) },
 167         { title: 'Udpxy port', indent: 2, name: 'f_udpxy_port', type: 'text', maxlen: 5, size: 7, value: fixPort(nvram.udpxy_port, 4022) }
 168
 169 ]);
 170 </script>
 171 </div>
 172
 173 <!-- / / / -->
 174
 175 </td></tr>
 176 <tr><td id='footer' colspan=2>
 177         <span id='footer-msg'></span>
 178         <input type='button' value='Save' id='save-button' onclick='save()'>
 179         <input type='button' value='Cancel' id='cancel-button' onclick='reloadPage();'>
 180 </td></tr>
 181 </table>
 182 </form>
 183 <script type='text/javascript'>verifyFields(null, 1);</script>
 184 </body>
 185 </html>