void OSConfigurator_linux24::processFirewallOptions()
{
Configlet kernel_vars(fw, "linux24", "kernel_vars");
kernel_vars.removeComments();
kernel_vars.collapseEmptyStrings(true);
FWOptions* options = fw->getOptionsObject();
setConfigletMacroForOptionStr(options->getStr("linux24_ip_dynaddr"), &kernel_vars, "linux24_ip_dynaddr");
setConfigletMacroForOptionStr(options->getStr("linux24_rp_filter"), &kernel_vars, "linux24_rp_filter");
setConfigletMacroForOptionStr(options->getStr("linux24_accept_source_route"), &kernel_vars, "linux24_accept_source_route");
setConfigletMacroForOptionStr(options->getStr("linux24_accept_redirects"), &kernel_vars, "linux24_accept_redirects");
setConfigletMacroForOptionStr(options->getStr("linux24_log_martians"), &kernel_vars, "linux24_log_martians");
setConfigletMacroForOptionStr(options->getStr("linux24_icmp_echo_ignore_broadcasts"), &kernel_vars, "linux24_icmp_echo_ignore_broadcasts");
setConfigletMacroForOptionStr(options->getStr("linux24_icmp_echo_ignore_all"), &kernel_vars, "linux24_icmp_echo_ignore_all");
setConfigletMacroForOptionStr(options->getStr("linux24_icmp_ignore_bogus_error_responses"), &kernel_vars, "linux24_icmp_ignore_bogus_error_responses");
setConfigletMacroForOptionStr(options->getStr("linux24_tcp_window_scaling"), &kernel_vars, "linux24_tcp_window_scaling");
setConfigletMacroForOptionStr(options->getStr("linux24_tcp_sack"), &kernel_vars, "linux24_tcp_sack");
setConfigletMacroForOptionStr(options->getStr("linux24_tcp_fack"), &kernel_vars, "linux24_tcp_fack");
setConfigletMacroForOptionStr(options->getStr("linux24_tcp_syncookies"), &kernel_vars, "linux24_tcp_syncookies");
setConfigletMacroForOptionStr(options->getStr("linux24_tcp_ecn"), &kernel_vars, "linux24_tcp_ecn");
setConfigletMacroForOptionStr(options->getStr("linux24_tcp_timestamps"), &kernel_vars, "linux24_tcp_timestamps");
int opt = options->getInt("linux24_tcp_fin_timeout");
setConfigletMacroForOptionInt((opt==0)?-1:opt, &kernel_vars, "linux24_tcp_fin_timeout");
opt = options->getInt("linux24_tcp_keepalive_interval");
setConfigletMacroForOptionInt((opt==0)?-1:opt, &kernel_vars, "linux24_tcp_keepalive_interval");
Configlet conntrack_vars(fw, "linux24", "conntrack");
conntrack_vars.removeComments();
conntrack_vars.collapseEmptyStrings(true);
string version = fw->getStr("version");
bool version_ge_1_4 = XMLTools::version_compare(version, "1.4.0") >= 0;
conntrack_vars.setVariable("iptables_version_ge_1_4", version_ge_1_4);
conntrack_vars.setVariable("iptables_version_lt_1_4", !version_ge_1_4);
// if conntrack_max and conntrack_hashsize are equal to 0, we do
// not add commands from the configlet (so the kernel defaults are
// used). Options above assume -1 is the default. Need to pass -1
// instead of 0 for the conntrack vars
opt = options->getInt("linux24_conntrack_max");
setConfigletMacroForOptionInt(
(opt==0)?-1:opt,
&conntrack_vars, "conntrack_max");
opt = options->getInt("linux24_conntrack_hashsize");
setConfigletMacroForOptionInt(
(opt==0)?-1:opt,
&conntrack_vars, "conntrack_hashsize");
// This option uses three-state control and assumes empty string is the default
setConfigletMacroForOptionStr(
options->getStr("linux24_conntrack_tcp_be_liberal"),
&conntrack_vars, "conntrack_tcp_be_liberal");
output << kernel_vars.expand().toStdString();
output << endl;
output << conntrack_vars.expand().toStdString();
}
vlanOnlyIfaceOptsDialog::vlanOnlyIfaceOptsDialog(QWidget *parent, FWObject *o)
: QDialog(parent)
{
m_dialog = new Ui::vlanOnlyIfaceOptsDialog_q;
m_dialog->setupUi(this);
setWindowModality(Qt::WindowModal);
obj = o;
FWOptions *ifopt = (Interface::cast(obj))->getOptionsObject();
cluster_interface = (Cluster::cast(obj->getParent()) != NULL);
setInterfaceTypes(m_dialog->iface_type, Interface::cast(obj),
ifopt->getStr("type").c_str());
// Using "type" control only for subinterfaces
// and main interfaces of the firewall objects
if (cluster_interface)
{
m_dialog->iface_type->hide();
m_dialog->iface_type_label->hide();
} else
{
m_dialog->iface_type->show();
m_dialog->iface_type_label->show();
}
m_dialog->vlan_id->setValue(ifopt->getInt("vlan_id"));
// special actions for different iface types
// VLAN (8021q)
typeChanged("");
}
bsdIfaceOptsDialog::bsdIfaceOptsDialog(QWidget *parent, FWObject *o)
: QDialog(parent)
{
m_dialog = new Ui::bsdIfaceOptsDialog_q;
m_dialog->setupUi(this);
setWindowModality(Qt::WindowModal);
obj = o;
FWOptions *ifopt = (Interface::cast(obj))->getOptionsObject();
cluster_interface = (Cluster::cast(obj->getParent()) != NULL);
setInterfaceTypes(m_dialog->iface_type, Interface::cast(obj),
ifopt->getStr("type").c_str());
// Using "type" control only for subinterfaces
// and main interfaces of the firewall objects
if (cluster_interface)
{
m_dialog->iface_type->hide();
m_dialog->iface_type_label->hide();
} else
{
m_dialog->iface_type->show();
m_dialog->iface_type_label->show();
}
int mtu = ifopt->getInt("iface_mtu");
if (mtu <=0 )
{
mtu = 1500;
ifopt->setInt("iface_mtu", mtu);
}
data.registerOption(m_dialog->vlan_id, ifopt, "vlan_id");
data.registerOption(m_dialog->iface_configure_mtu, ifopt, "iface_configure_mtu");
data.registerOption(m_dialog->iface_mtu, ifopt, "iface_mtu");
data.registerOption(m_dialog->iface_options, ifopt, "iface_options");
data.registerOption(m_dialog->enable_stp, ifopt, "enable_stp");
data.loadAll();
// special actions for different iface types
// VLAN (8021q)
typeChanged("");
}