release/src/router/www/advanced-firewall.asp

   1 <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0//EN'>
   2 <!--
   3         Tomato GUI
   4         Copyright (C) 2006-2010 Jonathan Zarate
   5         http://www.polarcloud.com/tomato/
   6
   7         Tomato VLAN GUI
   8         Copyright (C) 2011 Augusto Bott
   9         http://code.google.com/p/tomato-sdhc-vlan/
  10
  11         For use with Tomato Firmware only.
  12         No part of this file may be used without permission.
  13 -->
  14 <html>
  15 <head>
  16 <meta http-equiv='content-type' content='text/html;charset=utf-8'>
  17 <meta name='robots' content='noindex,nofollow'>
  18 <title>[<% ident(); %>] Advanced: Firewall</title>
  19 <link rel='stylesheet' type='text/css' href='tomato.css'>
  20 <% css(); %>
  21 <script type='text/javascript' src='tomato.js'></script>
  22
  23 <!-- / / / -->
  24
  25 <script type='text/javascript' src='debug.js'></script>
  26
  27 <script type='text/javascript'>
  28
  29 //      <% nvram("block_wan,block_wan_limit,block_wan_limit_icmp,block_wan_limit_tr,nf_loopback,ne_syncookies,DSCP_fix_enable,multicast_pass,multicast_lan,multicast_lan1,multicast_lan2,multicast_lan3,lan_ifname,lan1_ifname,lan2_ifname,lan3_ifname,udpxy_enable,udpxy_stats,udpxy_clients,udpxy_port,ne_snat"); %>
  30
  31 function verifyFields(focused, quiet)
  32 {
  33 /* ICMP */
  34         E('_f_icmp_limit').disabled = !E('_f_icmp').checked;
  35         E('_f_icmp_limit_icmp').disabled = (!E('_f_icmp').checked || !E('_f_icmp_limit').checked);
  36         E('_f_icmp_limit_traceroute').disabled = (!E('_f_icmp').checked || !E('_f_icmp_limit').checked);
  37
  38         var enable_mcast = E('_f_multicast').checked;
  39         E('_f_multicast_lan').disabled = ((!enable_mcast) || (nvram.lan_ifname.length < 1));
  40         E('_f_multicast_lan1').disabled = ((!enable_mcast) || (nvram.lan1_ifname.length < 1));
  41         E('_f_multicast_lan2').disabled = ((!enable_mcast) || (nvram.lan2_ifname.length < 1));
  42         E('_f_multicast_lan3').disabled = ((!enable_mcast) || (nvram.lan3_ifname.length < 1));
  43         if(nvram.lan_ifname.length < 1)
  44                 E('_f_multicast_lan').checked = false;
  45         if(nvram.lan1_ifname.length < 1)
  46                 E('_f_multicast_lan1').checked = false;
  47         if(nvram.lan2_ifname.length < 1)
  48                 E('_f_multicast_lan2').checked = false;
  49         if(nvram.lan3_ifname.length < 1)
  50                 E('_f_multicast_lan3').checked = false;
  51
  52         if ((enable_mcast) && (!E('_f_multicast_lan').checked) && (!E('_f_multicast_lan1').checked) && (!E('_f_multicast_lan2').checked) && (!E('_f_multicast_lan3').checked)) {
  53                 ferror.set('_f_multicast', 'IGMPproxy must be enabled in least one LAN bridge', quiet);
  54                 return 0;
  55         } else {
  56                 ferror.clear('_f_multicast');
  57         }
  58
  59         E('_f_udpxy_stats').disabled = !E('_f_udpxy_enable').checked;
  60         E('_f_udpxy_clients').disabled = !E('_f_udpxy_enable').checked;
  61         E('_f_udpxy_port').disabled = !E('_f_udpxy_enable').checked;
  62
  63         return 1;
  64 }
  65
  66 function save()
  67 {
  68         var fom;
  69
  70         if (!verifyFields(null, 0)) return;
  71
  72         fom = E('_fom');
  73         fom.block_wan.value = E('_f_icmp').checked ? 0 : 1;
  74         fom.block_wan_limit.value = E('_f_icmp_limit').checked? 1 : 0;
  75         fom.block_wan_limit_icmp.value = E('_f_icmp_limit_icmp').value;
  76         fom.block_wan_limit_tr.value = E('_f_icmp_limit_traceroute').value;
  77
  78         fom.ne_syncookies.value = E('_f_syncookies').checked ? 1 : 0;
  79         fom.DSCP_fix_enable.value = E('_f_DSCP_fix_enable').checked ? 1 : 0;
  80         fom.multicast_pass.value = E('_f_multicast').checked ? 1 : 0;
  81         fom.multicast_lan.value = E('_f_multicast_lan').checked ? 1 : 0;
  82         fom.multicast_lan1.value = E('_f_multicast_lan1').checked ? 1 : 0;
  83         fom.multicast_lan2.value = E('_f_multicast_lan2').checked ? 1 : 0;
  84         fom.multicast_lan3.value = E('_f_multicast_lan3').checked ? 1 : 0;
  85         fom.udpxy_enable.value = E('_f_udpxy_enable').checked ? 1 : 0;
  86         fom.udpxy_stats.value = E('_f_udpxy_stats').checked ? 1 : 0;
  87         fom.udpxy_clients.value = E('_f_udpxy_clients').value;
  88         fom.udpxy_port.value = E('_f_udpxy_port').value;
  89         form.submit(fom, 1);
  90 }
  91 </script>
  92
  93 </head>
  94 <body>
  95 <form id='_fom' method='post' action='tomato.cgi'>
  96 <table id='container' cellspacing=0>
  97 <tr><td colspan=2 id='header'>
  98         <div class='title'>Tomato</div>
  99         <div class='version'>Version <% version(); %></div>
 100 </td></tr>
 101 <tr id='body'><td id='navi'><script type='text/javascript'>navi()</script></td>
 102 <td id='content'>
 103 <div id='ident'><% ident(); %></div>
 104
 105 <!-- / / / -->
 106
 107 <input type='hidden' name='_nextpage' value='advanced-firewall.asp'>
 108 <input type='hidden' name='_service' value='firewall-restart'>
 109
 110 <input type='hidden' name='block_wan'>
 111 <input type='hidden' name='block_wan_limit'>
 112 <input type='hidden' name='block_wan_limit_icmp'>
 113 <input type='hidden' name='block_wan_limit_tr'>
 114 <input type='hidden' name='ne_syncookies'>
 115 <input type='hidden' name='DSCP_fix_enable'>
 116 <input type='hidden' name='multicast_pass'>
 117 <input type='hidden' name='multicast_lan'>
 118 <input type='hidden' name='multicast_lan1'>
 119 <input type='hidden' name='multicast_lan2'>
 120 <input type='hidden' name='multicast_lan3'>
 121 <input type='hidden' name='udpxy_enable'>
 122 <input type='hidden' name='udpxy_stats'>
 123 <input type='hidden' name='udpxy_clients'>
 124 <input type='hidden' name='udpxy_port'>
 125
 126 <div class='section-title'>Firewall</div>
 127 <div class='section'>
 128 <script type='text/javascript'>
 129 createFieldTable('', [
 130         { title: 'Respond to ICMP ping', name: 'f_icmp', type: 'checkbox', value: nvram.block_wan == '0' },
 131         { title: 'Limits per second', name: 'f_icmp_limit', type: 'checkbox', value: nvram.block_wan_limit != '0' },
 132         { title: 'ICMP', indent: 2, name: 'f_icmp_limit_icmp', type: 'text', maxlen: 3, size: 3, suffix: ' <small> request per second</small>', value: fixInt(nvram.block_wan_limit_icmp || 1, 1, 300, 5) },
 133         { title: 'Traceroute', indent: 2, name: 'f_icmp_limit_traceroute', type: 'text', maxlen: 3, size: 3, suffix: ' <small> request per second</small>', value: fixInt(nvram.block_wan_limit_tr || 5, 1, 300, 5) },
 134         null,
 135         { title: 'Enable SYN cookies', name: 'f_syncookies', type: 'checkbox', value: nvram.ne_syncookies != '0' },
 136         { title: 'Enable DSCP Fix', name: 'f_DSCP_fix_enable', type: 'checkbox', value: nvram.DSCP_fix_enable != '0', suffix: ' <small>Fixes Comcast incorrect DSCP</small>' }
 137 ]);
 138 </script>
 139 </div>
 140
 141 <div class='section-title'>NAT</div>
 142 <div class='section'>
 143 <script type='text/javascript'>
 144 createFieldTable('', [
 145         { title: 'NAT loopback', name: 'nf_loopback', type: 'select', options: [[0,'All'],[1,'Forwarded Only'],[2,'Disabled']], value: fixInt(nvram.nf_loopback, 0, 2, 1) },
 146         { title: 'NAT target', name: 'ne_snat', type: 'select', options: [[0,'MASQUERADE'],[1,'SNAT']], value: nvram.ne_snat }
 147 ]);
 148 </script>
 149 </div>
 150
 151 <div class='section-title'>Multicast</div>
 152 <div class='section'>
 153 <script type='text/javascript'>
 154 createFieldTable('', [
 155         { title: 'Enable IGMPproxy', name: 'f_multicast', type: 'checkbox', value: nvram.multicast_pass == '1' },
 156         { title: 'LAN', indent: 2, name: 'f_multicast_lan', type: 'checkbox', value: (nvram.multicast_lan == '1') },
 157         { title: 'LAN1', indent: 2, name: 'f_multicast_lan1', type: 'checkbox', value: (nvram.multicast_lan1 == '1') },
 158         { title: 'LAN2', indent: 2, name: 'f_multicast_lan2', type: 'checkbox', value: (nvram.multicast_lan2 == '1') },
 159         { title: 'LAN3', indent: 2, name: 'f_multicast_lan3', type: 'checkbox', value: (nvram.multicast_lan3 == '1') },
 160         null,
 161         { title: 'Enable Udpxy', name: 'f_udpxy_enable', type: 'checkbox', value: (nvram.udpxy_enable == '1') },
 162         { title: 'Enable client statistics', indent: 2, name: 'f_udpxy_stats', type: 'checkbox', value: (nvram.udpxy_stats == '1') },
 163         { title: 'Max clients', indent: 2, name: 'f_udpxy_clients', type: 'text', maxlen: 4, size: 6, value: fixInt(nvram.udpxy_clients || 3, 1, 5000, 3) },
 164         { title: 'Udpxy port', indent: 2, name: 'f_udpxy_port', type: 'text', maxlen: 5, size: 7, value: fixPort(nvram.udpxy_port, 4022) }
 165
 166 ]);
 167 </script>
 168 </div>
 169
 170 <!-- / / / -->
 171
 172 </td></tr>
 173 <tr><td id='footer' colspan=2>
 174         <span id='footer-msg'></span>
 175         <input type='button' value='Save' id='save-button' onclick='save()'>
 176         <input type='button' value='Cancel' id='cancel-button' onclick='reloadPage();'>
 177 </td></tr>
 178 </table>
 179 </form>
 180 <script type='text/javascript'>verifyFields(null, 1);</script>
 181 </body>
 182 </html>