firewall.cgi: Add a checkbox to enable SYN flood protection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 1ba77c94d2a298266bbc2fa2608caad360aa8545..79b21fe24d6d00c02b3060c0fc273e981cc32b12 100644 (file)
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -894,6 +894,7 @@ WARNING: untranslated string: enable disable client = unknown string
 WARNING: untranslated string: enable disable dyndns = unknown string
 WARNING: untranslated string: error message = unknown string
 WARNING: untranslated string: error the to date has to be later than the from date = The to date has to be later than the from date!
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: guardian block a host = unknown string

diff --git a/doc/language_issues.en b/doc/language_issues.en
index 84bc8cdb08a297d797ab03b50629ed917ac7dfbd..2541ccf88b731cf20292d3d5085ff86373b210a7 100644 (file)
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -890,6 +890,7 @@ WARNING: untranslated string: fwdfw rulepos = Rule position
 WARNING: untranslated string: fwdfw snat = Source NAT
 WARNING: untranslated string: fwdfw source = Source
 WARNING: untranslated string: fwdfw sourceip = Source address (MAC/IP address or network):
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwdfw target = Destination
 WARNING: untranslated string: fwdfw targetip = Destination address (IP address or network):
 WARNING: untranslated string: fwdfw timeframe = Use time constraints

diff --git a/doc/language_issues.es b/doc/language_issues.es
index 25ef7f9c57448e14c095cdfef0dd41b22ff1a38b..4949d9335bcb39a2110df7b550a35705d884e176 100644 (file)
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -958,6 +958,7 @@ WARNING: untranslated string: extrahd mounted = Mounted
 WARNING: untranslated string: extrahd no mount point given = No mount point given
 WARNING: untranslated string: extrahd not configured = Not configured
 WARNING: untranslated string: extrahd not mounted = Not mounted
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: guardian block a host = unknown string

diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 7aafc3053e16de59450349ba539cf57dc7448928..fb29de25cb2a44d59a2f19d0d8b6bf1953201404 100644 (file)
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -912,6 +912,7 @@ WARNING: untranslated string: enable disable client = unknown string
 WARNING: untranslated string: enable disable dyndns = unknown string
 WARNING: untranslated string: error message = unknown string
 WARNING: untranslated string: extrahd because it is outside the allowed mount path = unknown string
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: guardian block a host = unknown string

diff --git a/doc/language_issues.it b/doc/language_issues.it
index 7498e2af18f85eb3ee0966a5d08d701294a45c2a..680cc5f4e348acb6375b97198762a254cbdacc13 100644 (file)
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1029,6 +1029,7 @@ WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections p
 WARNING: untranslated string: fwdfw maxconcon = Max. concurrent connections
 WARNING: untranslated string: fwdfw numcon = Number of connections
 WARNING: untranslated string: fwdfw ratelimit = Rate-limit new connections
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost addlocationgrp = Add new Location group
 WARNING: untranslated string: fwhost cust location = Location Groups
 WARNING: untranslated string: fwhost cust locationgroup = Location Groups

diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 16e69bf270eb8400d5bcea16cb0a67972afeaa4a..de9dc112aa2d38133087ba985565afc01e2ba472 100644 (file)
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1035,6 +1035,7 @@ WARNING: untranslated string: fwdfw limitconcon = Limit concurrent connections p
 WARNING: untranslated string: fwdfw maxconcon = Max. concurrent connections
 WARNING: untranslated string: fwdfw numcon = Number of connections
 WARNING: untranslated string: fwdfw ratelimit = Rate-limit new connections
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost addlocationgrp = Add new Location group
 WARNING: untranslated string: fwhost cust location = Location Groups
 WARNING: untranslated string: fwhost cust locationgroup = Location Groups

diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 31c64c16453bf69822f7a0742bcf267860756130..d52c29f6b0a4aa802291fd0134625a22cf02fbde 100644 (file)
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1093,6 +1093,7 @@ WARNING: untranslated string: fwdfw rulepos = Rule position
 WARNING: untranslated string: fwdfw snat = Source NAT
 WARNING: untranslated string: fwdfw source = Source
 WARNING: untranslated string: fwdfw sourceip = Source address (MAC/IP address or network):
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwdfw target = Destination
 WARNING: untranslated string: fwdfw targetip = Destination address (IP address or network):
 WARNING: untranslated string: fwdfw timeframe = Use time constraints

diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 9495d951eb11950ad2f84f02e376f8491c4d2d64..3436c4a6ee40cb1372e1c4098b148a3dcf3c71bc 100644 (file)
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1090,6 +1090,7 @@ WARNING: untranslated string: fwdfw rulepos = Rule position
 WARNING: untranslated string: fwdfw snat = Source NAT
 WARNING: untranslated string: fwdfw source = Source
 WARNING: untranslated string: fwdfw sourceip = Source address (MAC/IP address or network):
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwdfw target = Destination
 WARNING: untranslated string: fwdfw targetip = Destination address (IP address or network):
 WARNING: untranslated string: fwdfw timeframe = Use time constraints

diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index a2c134a2ac25bb0ba678038088732afe59251f28..ca57075b16879cd3a59d0e4c57c460a6cc38355d 100644 (file)
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -977,6 +977,7 @@ WARNING: untranslated string: force enable = Forced
 WARNING: untranslated string: foreshadow = Foreshadow
 WARNING: untranslated string: fw red = Firewall options for RED interface
 WARNING: untranslated string: fwdfw all subnets = All subnets
+WARNING: untranslated string: fwdfw syn flood protection = Enable SYN Flood Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp = unknown string
 WARNING: untranslated string: fwhost err hostip = unknown string
 WARNING: untranslated string: generate ptr = Generate PTR

diff --git a/doc/language_missings b/doc/language_missings
index 44d79f352a04539177b4e438832d2fa2f4145e72..a214b8f9a38480c262094774de93b79f8165e0e1 100644 (file)
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -56,6 +56,7 @@
 < enable
 < error the to date has to be later than the from date
 < extrahd because it it outside the allowed mount path
+< fwdfw syn flood protection
 < g.dtm
 < g.lite
 < hostile networks in
@@ -120,6 +121,7 @@
 < extrahd no mount point given
 < extrahd not configured
 < extrahd not mounted
+< fwdfw syn flood protection
 < hardware vulnerabilities
 < hostile networks in
 < hostile networks out
@@ -148,6 +150,7 @@
 < bewan adsl pci st
 < bewan adsl usb
 < extrahd because it it outside the allowed mount path
+< fwdfw syn flood protection
 < g.dtm
 < g.lite
 < hostile networks total
@@ -365,6 +368,7 @@
 < fwdfw maxconcon
 < fwdfw numcon
 < fwdfw ratelimit
+< fwdfw syn flood protection
 < fwhost addlocationgrp
 < fwhost cust location
 < fwhost cust locationgroup
@@ -894,6 +898,7 @@
 < fwdfw maxconcon
 < fwdfw numcon
 < fwdfw ratelimit
+< fwdfw syn flood protection
 < fwhost addlocationgrp
 < fwhost cust location
 < fwhost cust locationgroup
@@ -1613,6 +1618,7 @@
 < fwdfw source
 < fwdfw sourceip
 < fwdfw std network
+< fwdfw syn flood protection
 < fwdfw target
 < fwdfw targetip
 < fwdfw till
@@ -2613,6 +2619,7 @@
 < fwdfw source
 < fwdfw sourceip
 < fwdfw std network
+< fwdfw syn flood protection
 < fwdfw target
 < fwdfw targetip
 < fwdfw till
@@ -3327,6 +3334,7 @@
 < force enable
 < foreshadow
 < fwdfw all subnets
+< fwdfw syn flood protection
 < fw red
 < generate ptr
 < hardware vulnerabilities

diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 681d4277004d60a9b32a596467df150e6b1e1589..226d00838ff4ea6a4d5811da31ffed4704339dfc 100644 (file)
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -301,8 +301,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
        #check if we have an identical rule already
        if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
                foreach my $key (sort keys %rulehash){
-                       if (   "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'}"
-                               eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36]"){
+                       if (   "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsettings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$fwdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwsettings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfwsettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdfwsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'ruleremark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MON'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIME_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsettings{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'concon'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'RATETIME'},$fwdfwsettings{'SYN_FLOOD_PROTECTION'}"
+                               eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$key}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehash{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rulehash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$rulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27],$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$key}[35],$rulehash{$key}[36],$rulehash{$key}[37]"){
                                        $errormessage.=$Lang::tr{'fwdfw err ruleexists'};
                                        if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' && !&validremark($fwdfwsettings{'ruleremark'})){
                                                $errormessage=$Lang::tr{'fwdfw err remark'}."<br>";
@@ -1624,6 +1624,7 @@ sub newrule
                                $fwdfwsettings{'RATE_LIMIT'}                    = $hash{$key}[34];
                                $fwdfwsettings{'ratecon'}                               = $hash{$key}[35];
                                $fwdfwsettings{'RATETIME'}                              = $hash{$key}[36];
+                               $fwdfwsettings{'SYN_FLOOD_PROTECTION'}                  = $hash{$key}[37];
                                $checked{'grp1'}{$fwdfwsettings{'grp1'}}                                = 'CHECKED';
                                $checked{'grp2'}{$fwdfwsettings{'grp2'}}                                = 'CHECKED';
                                $checked{'grp3'}{$fwdfwsettings{'grp3'}}                                = 'CHECKED';
@@ -1631,6 +1632,7 @@ sub newrule
                                $checked{'USESRV'}{$fwdfwsettings{'USESRV'}}                    = 'CHECKED';
                                $checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}}                    = 'CHECKED';
                                $checked{'LOG'}{$fwdfwsettings{'LOG'}}                                  = 'CHECKED';
+                               $checked{'SYN_FLOOD_PROTECTION'}{$fwdfwsettings{'SYN_FLOOD_PROTECTION'}}                = 'CHECKED';
                                $checked{'TIME'}{$fwdfwsettings{'TIME'}}                                = 'CHECKED';
                                $checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}}                = 'CHECKED';
                                $checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}}                = 'CHECKED';
@@ -2070,6 +2072,12 @@ END
                                </td>
                                <td>$Lang::tr{'fwdfw log rule'}</td>
                        </tr>
+                       <tr>
+                               <td>
+                                       <input type='checkbox' name='SYN_FLOOD_PROTECTION' value='ON' $checked{'SYN_FLOOD_PROTECTION'}{'ON'}>
+                               </td>
+                               <td>$Lang::tr{'fwdfw syn flood protection'}</td>
+                       </tr>
                        <tr>
                                <td width='1%'>
                                        <input type='checkbox' name='TIME' id="USE_TIME_CONSTRAINTS" value='ON' $checked{'TIME'}{'ON'}>
@@ -2341,6 +2349,7 @@ sub saverule
                        $$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
                        $$hash{$key}[35] = $fwdfwsettings{'ratecon'};
                        $$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
+                       $$hash{$key}[37] = $fwdfwsettings{'SYN_FLOOD_PROTECTION'};
                        &General::writehasharray("$config", $hash);
                }else{
                        foreach my $key (sort {$a <=> $b} keys %$hash){
@@ -2382,6 +2391,7 @@ sub saverule
                                        $$hash{$key}[34] = $fwdfwsettings{'RATE_LIMIT'};
                                        $$hash{$key}[35] = $fwdfwsettings{'ratecon'};
                                        $$hash{$key}[36] = $fwdfwsettings{'RATETIME'};
+                                       $$hash{$key}[37] = $fwdfwsettings{'SYN_FLOOD_PROTECTION'};
                                        last;
                                }
                        }

diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 1df6bf48d0a1842502d820ac36b6afa84149985f..a9fb3a6f764b16dd9cffc3cdcd643d16e46d5907 100644 (file)
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1246,6 +1246,7 @@
 'fwdfw source' => 'Source',
 'fwdfw sourceip' => 'Source address (MAC/IP address or network):',
 'fwdfw std network' => 'Standard networks:',
+'fwdfw syn flood protection' => 'Enable SYN Flood Protection (TCP only)',
 'fwdfw target' => 'Destination',
 'fwdfw targetip' => 'Destination address (IP address or network):',
 'fwdfw till' => 'Until:',