release/src/router/www/advanced-firewall.asp

   1 <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0//EN'>
   2 <!--
   3         Tomato GUI
   4         Copyright (C) 2006-2010 Jonathan Zarate
   5         http://www.polarcloud.com/tomato/
   6
   7         Tomato VLAN GUI
   8         Copyright (C) 2011 Augusto Bott
   9         http://code.google.com/p/tomato-sdhc-vlan/
  10
  11         For use with Tomato Firmware only.
  12         No part of this file may be used without permission.
  13 -->
  14 <html>
  15 <head>
  16 <meta http-equiv='content-type' content='text/html;charset=utf-8'>
  17 <meta name='robots' content='noindex,nofollow'>
  18 <title>[<% ident(); %>] Advanced: Firewall</title>
  19 <link rel='stylesheet' type='text/css' href='tomato.css'>
  20 <% css(); %>
  21 <script type='text/javascript' src='tomato.js'></script>
  22
  23 <!-- / / / -->
  24
  25 <script type='text/javascript' src='debug.js'></script>
  26
  27 <script type='text/javascript'>
  28
  29 //      <% nvram("block_wan,block_wan_limit,block_wan_limit_icmp,block_wan_limit_tr,nf_loopback,ne_syncookies,multicast_pass,multicast_lan,multicast_lan1,multicast_lan2,multicast_lan3,lan_ifname,lan1_ifname,lan2_ifname,lan3_ifname,udpxy_enable,udpxy_stats,udpxy_clients,udpxy_port,ne_snat"); %>
  30
  31 function verifyFields(focused, quiet)
  32 {
  33 /* ICMP */
  34         E('_f_icmp_limit').disabled = !E('_f_icmp').checked;
  35         E('_f_icmp_limit_icmp').disabled = (!E('_f_icmp').checked || !E('_f_icmp_limit').checked);
  36         E('_f_icmp_limit_traceroute').disabled = (!E('_f_icmp').checked || !E('_f_icmp_limit').checked);
  37
  38 /* VLAN-BEGIN */
  39         var enable_mcast = E('_f_multicast').checked;
  40         E('_f_multicast_lan').disabled = ((!enable_mcast) || (nvram.lan_ifname.length < 1));
  41         E('_f_multicast_lan1').disabled = ((!enable_mcast) || (nvram.lan1_ifname.length < 1));
  42         E('_f_multicast_lan2').disabled = ((!enable_mcast) || (nvram.lan2_ifname.length < 1));
  43         E('_f_multicast_lan3').disabled = ((!enable_mcast) || (nvram.lan3_ifname.length < 1));
  44         if(nvram.lan_ifname.length < 1)
  45                 E('_f_multicast_lan').checked = false;
  46         if(nvram.lan1_ifname.length < 1)
  47                 E('_f_multicast_lan1').checked = false;
  48         if(nvram.lan2_ifname.length < 1)
  49                 E('_f_multicast_lan2').checked = false;
  50         if(nvram.lan3_ifname.length < 1)
  51                 E('_f_multicast_lan3').checked = false;
  52         if ((enable_mcast) && (!E('_f_multicast_lan').checked) && (!E('_f_multicast_lan1').checked) && (!E('_f_multicast_lan2').checked) && (!E('_f_multicast_lan3').checked)) {
  53                 ferror.set('_f_multicast', 'IGMPproxy must be enabled in least one LAN bridge', quiet);
  54                 return 0;
  55         } else {
  56                 ferror.clear('_f_multicast');
  57         }
  58 /* VLAN-END */
  59         E('_f_udpxy_stats').disabled = !E('_f_udpxy_enable').checked;
  60         E('_f_udpxy_clients').disabled = !E('_f_udpxy_enable').checked;
  61         E('_f_udpxy_port').disabled = !E('_f_udpxy_enable').checked;
  62         return 1;
  63 }
  64
  65 function save()
  66 {
  67         var fom;
  68
  69         if (!verifyFields(null, 0)) return;
  70
  71         fom = E('_fom');
  72         fom.block_wan.value = E('_f_icmp').checked ? 0 : 1;
  73         fom.block_wan_limit.value = E('_f_icmp_limit').checked? 1 : 0;
  74         fom.block_wan_limit_icmp.value = E('_f_icmp_limit_icmp').value;
  75         fom.block_wan_limit_tr.value = E('_f_icmp_limit_traceroute').value;
  76
  77         fom.ne_syncookies.value = E('_f_syncookies').checked ? 1 : 0;
  78         fom.multicast_pass.value = E('_f_multicast').checked ? 1 : 0;
  79 /* VLAN-BEGIN */
  80         fom.multicast_lan.value = E('_f_multicast_lan').checked ? 1 : 0;
  81         fom.multicast_lan1.value = E('_f_multicast_lan1').checked ? 1 : 0;
  82         fom.multicast_lan2.value = E('_f_multicast_lan2').checked ? 1 : 0;
  83         fom.multicast_lan3.value = E('_f_multicast_lan3').checked ? 1 : 0;
  84 /* VLAN-END */
  85         fom.udpxy_enable.value = E('_f_udpxy_enable').checked ? 1 : 0;
  86         fom.udpxy_stats.value = E('_f_udpxy_stats').checked ? 1 : 0;
  87         fom.udpxy_clients.value = E('_f_udpxy_clients').value;
  88         fom.udpxy_port.value = E('_f_udpxy_port').value;
  89         form.submit(fom, 1);
  90 }
  91 </script>
  92
  93 </head>
  94 <body>
  95 <form id='_fom' method='post' action='tomato.cgi'>
  96 <table id='container' cellspacing=0>
  97 <tr><td colspan=2 id='header'>
  98         <div class='title'>Tomato</div>
  99         <div class='version'>Version <% version(); %></div>
 100 </td></tr>
 101 <tr id='body'><td id='navi'><script type='text/javascript'>navi()</script></td>
 102 <td id='content'>
 103 <div id='ident'><% ident(); %></div>
 104
 105 <!-- / / / -->
 106
 107 <input type='hidden' name='_nextpage' value='advanced-firewall.asp'>
 108 <input type='hidden' name='_service' value='firewall-restart'>
 109
 110 <input type='hidden' name='block_wan'>
 111 <input type='hidden' name='block_wan_limit'>
 112 <input type='hidden' name='block_wan_limit_icmp'>
 113 <input type='hidden' name='block_wan_limit_tr'>
 114 <input type='hidden' name='ne_syncookies'>
 115 <input type='hidden' name='multicast_pass'>
 116 /* VLAN-BEGIN */
 117 <input type='hidden' name='multicast_lan'>
 118 <input type='hidden' name='multicast_lan1'>
 119 <input type='hidden' name='multicast_lan2'>
 120 <input type='hidden' name='multicast_lan3'>
 121 /* VLAN-END */
 122 <input type='hidden' name='udpxy_enable'>
 123 <input type='hidden' name='udpxy_stats'>
 124 <input type='hidden' name='udpxy_clients'>
 125 <input type='hidden' name='udpxy_port'>
 126
 127 <div class='section-title'>Firewall</div>
 128 <div class='section'>
 129 <script type='text/javascript'>
 130 createFieldTable('', [
 131         { title: 'Respond to ICMP ping', name: 'f_icmp', type: 'checkbox', value: nvram.block_wan == '0' },
 132         { title: 'Limits per second', name: 'f_icmp_limit', type: 'checkbox', value: nvram.block_wan_limit != '0' },
 133         { title: 'ICMP', indent: 2, name: 'f_icmp_limit_icmp', type: 'text', maxlen: 3, size: 3, suffix: ' <small> request per second</small>', value: fixInt(nvram.block_wan_limit_icmp || 1, 1, 300, 5) },
 134         { title: 'Traceroute', indent: 2, name: 'f_icmp_limit_traceroute', type: 'text', maxlen: 3, size: 3, suffix: ' <small> request per second</small>', value: fixInt(nvram.block_wan_limit_tr || 5, 1, 300, 5) },
 135         null,
 136         { title: 'Enable SYN cookies', name: 'f_syncookies', type: 'checkbox', value: nvram.ne_syncookies != '0' }
 137 ]);
 138 </script>
 139 </div>
 140
 141 <!-- / / / -->
 142
 143 <div class='section-title'>NAT</div>
 144 <div class='section'>
 145 <script type='text/javascript'>
 146 createFieldTable('', [
 147         { title: 'NAT loopback', name: 'nf_loopback', type: 'select', options: [[0,'All'],[1,'Forwarded Only'],[2,'Disabled']], value: fixInt(nvram.nf_loopback, 0, 2, 1) },
 148         { title: 'NAT target', name: 'ne_snat', type: 'select', options: [[0,'MASQUERADE'],[1,'SNAT']], value: nvram.ne_snat }
 149 ]);
 150 </script>
 151 </div>
 152
 153 <!-- / / / -->
 154
 155 <div class='section-title'>Multicast</div>
 156 <div class='section'>
 157 <script type='text/javascript'>
 158 createFieldTable('', [
 159         { title: 'Enable IGMPproxy', name: 'f_multicast', type: 'checkbox', value: nvram.multicast_pass == '1' },
 160 /* VLAN-BEGIN */
 161         { title: 'LAN', indent: 2, name: 'f_multicast_lan', type: 'checkbox', value: (nvram.multicast_lan == '1') },
 162         { title: 'LAN1', indent: 2, name: 'f_multicast_lan1', type: 'checkbox', value: (nvram.multicast_lan1 == '1') },
 163         { title: 'LAN2', indent: 2, name: 'f_multicast_lan2', type: 'checkbox', value: (nvram.multicast_lan2 == '1') },
 164         { title: 'LAN3', indent: 2, name: 'f_multicast_lan3', type: 'checkbox', value: (nvram.multicast_lan3 == '1') },
 165 /* VLAN-END */
 166         { title: 'Enable Udpxy', name: 'f_udpxy_enable', type: 'checkbox', value: (nvram.udpxy_enable == '1') },
 167         { title: 'Enable client statistics', indent: 2, name: 'f_udpxy_stats', type: 'checkbox', value: (nvram.udpxy_stats == '1') },
 168         { title: 'Max clients', indent: 2, name: 'f_udpxy_clients', type: 'text', maxlen: 4, size: 6, value: fixInt(nvram.udpxy_clients || 3, 1, 5000, 3) },
 169         { title: 'Udpxy port', indent: 2, name: 'f_udpxy_port', type: 'text', maxlen: 5, size: 7, value: fixPort(nvram.udpxy_port, 4022) }
 170 ]);
 171 </script>
 172 </div>
 173
 174 <!-- / / / -->
 175
 176 </td></tr>
 177 <tr><td id='footer' colspan=2>
 178         <span id='footer-msg'></span>
 179         <input type='button' value='Save' id='save-button' onclick='save()'>
 180         <input type='button' value='Cancel' id='cancel-button' onclick='reloadPage();'>
 181 </td></tr>
 182 </table>
 183 </form>
 184 <script type='text/javascript'>verifyFields(null, 1);</script>
 185 </body>
 186 </html>