From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 [PATCH 4/6] firewall.cgi: Add a checkbox to enable SYN flood protection
Date: Thu, 18 Apr 2024 21:11:42 +0000
Message-ID: <20240418211144.3318938-4-michael.tremer@ipfire.org>
In-Reply-To: <20240418211144.3318938-1-michael.tremer@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5372864220700700621=="
List-Id: <development.lists.ipfire.org>

--===============5372864220700700621==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
 doc/language_issues.de    |  1 +
 doc/language_issues.en    |  1 +
 doc/language_issues.es    |  1 +
 doc/language_issues.fr    |  1 +
 doc/language_issues.it    |  1 +
 doc/language_issues.nl    |  1 +
 doc/language_issues.pl    |  1 +
 doc/language_issues.ru    |  1 +
 doc/language_issues.tr    |  1 +
 doc/language_missings     |  8 ++++++++
 html/cgi-bin/firewall.cgi | 14 ++++++++++++--
 langs/en/cgi-bin/en.pl    |  1 +
 12 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 1ba77c94d..79b21fe24 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -894,6 +894,7 @@ WARNING: untranslated string: enable disable client =3D u=
nknown string
 WARNING: untranslated string: enable disable dyndns =3D unknown string
 WARNING: untranslated string: error message =3D unknown string
 WARNING: untranslated string: error the to date has to be later than the fro=
m date =3D The to date has to be later than the from date!
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp =3D unknown string
 WARNING: untranslated string: fwhost err hostip =3D unknown string
 WARNING: untranslated string: guardian block a host =3D unknown string
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 84bc8cdb0..2541ccf88 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -890,6 +890,7 @@ WARNING: untranslated string: fwdfw rulepos =3D Rule posi=
tion
 WARNING: untranslated string: fwdfw snat =3D Source NAT
 WARNING: untranslated string: fwdfw source =3D Source
 WARNING: untranslated string: fwdfw sourceip =3D Source address (MAC/IP addr=
ess or network):
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwdfw target =3D Destination
 WARNING: untranslated string: fwdfw targetip =3D Destination address (IP add=
ress or network):
 WARNING: untranslated string: fwdfw timeframe =3D Use time constraints
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 25ef7f9c5..4949d9335 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -958,6 +958,7 @@ WARNING: untranslated string: extrahd mounted =3D Mounted
 WARNING: untranslated string: extrahd no mount point given =3D No mount poin=
t given
 WARNING: untranslated string: extrahd not configured =3D Not configured
 WARNING: untranslated string: extrahd not mounted =3D Not mounted
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp =3D unknown string
 WARNING: untranslated string: fwhost err hostip =3D unknown string
 WARNING: untranslated string: guardian block a host =3D unknown string
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 7aafc3053..fb29de25c 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -912,6 +912,7 @@ WARNING: untranslated string: enable disable client =3D u=
nknown string
 WARNING: untranslated string: enable disable dyndns =3D unknown string
 WARNING: untranslated string: error message =3D unknown string
 WARNING: untranslated string: extrahd because it is outside the allowed moun=
t path =3D unknown string
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp =3D unknown string
 WARNING: untranslated string: fwhost err hostip =3D unknown string
 WARNING: untranslated string: guardian block a host =3D unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 7498e2af1..680cc5f4e 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1029,6 +1029,7 @@ WARNING: untranslated string: fwdfw limitconcon =3D Lim=
it concurrent connections p
 WARNING: untranslated string: fwdfw maxconcon =3D Max. concurrent connections
 WARNING: untranslated string: fwdfw numcon =3D Number of connections
 WARNING: untranslated string: fwdfw ratelimit =3D Rate-limit new connections
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwhost addlocationgrp =3D Add new Location gro=
up
 WARNING: untranslated string: fwhost cust location =3D Location Groups
 WARNING: untranslated string: fwhost cust locationgroup =3D Location Groups
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 16e69bf27..de9dc112a 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1035,6 +1035,7 @@ WARNING: untranslated string: fwdfw limitconcon =3D Lim=
it concurrent connections p
 WARNING: untranslated string: fwdfw maxconcon =3D Max. concurrent connections
 WARNING: untranslated string: fwdfw numcon =3D Number of connections
 WARNING: untranslated string: fwdfw ratelimit =3D Rate-limit new connections
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwhost addlocationgrp =3D Add new Location gro=
up
 WARNING: untranslated string: fwhost cust location =3D Location Groups
 WARNING: untranslated string: fwhost cust locationgroup =3D Location Groups
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 31c64c164..d52c29f6b 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1093,6 +1093,7 @@ WARNING: untranslated string: fwdfw rulepos =3D Rule po=
sition
 WARNING: untranslated string: fwdfw snat =3D Source NAT
 WARNING: untranslated string: fwdfw source =3D Source
 WARNING: untranslated string: fwdfw sourceip =3D Source address (MAC/IP addr=
ess or network):
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwdfw target =3D Destination
 WARNING: untranslated string: fwdfw targetip =3D Destination address (IP add=
ress or network):
 WARNING: untranslated string: fwdfw timeframe =3D Use time constraints
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 9495d951e..3436c4a6e 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1090,6 +1090,7 @@ WARNING: untranslated string: fwdfw rulepos =3D Rule po=
sition
 WARNING: untranslated string: fwdfw snat =3D Source NAT
 WARNING: untranslated string: fwdfw source =3D Source
 WARNING: untranslated string: fwdfw sourceip =3D Source address (MAC/IP addr=
ess or network):
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwdfw target =3D Destination
 WARNING: untranslated string: fwdfw targetip =3D Destination address (IP add=
ress or network):
 WARNING: untranslated string: fwdfw timeframe =3D Use time constraints
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index a2c134a2a..ca57075b1 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -977,6 +977,7 @@ WARNING: untranslated string: force enable =3D Forced
 WARNING: untranslated string: foreshadow =3D Foreshadow
 WARNING: untranslated string: fw red =3D Firewall options for RED interface
 WARNING: untranslated string: fwdfw all subnets =3D All subnets
+WARNING: untranslated string: fwdfw syn flood protection =3D Enable SYN Floo=
d Protection (TCP only)
 WARNING: untranslated string: fwhost cust locationgrp =3D unknown string
 WARNING: untranslated string: fwhost err hostip =3D unknown string
 WARNING: untranslated string: generate ptr =3D Generate PTR
diff --git a/doc/language_missings b/doc/language_missings
index 44d79f352..a214b8f9a 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -56,6 +56,7 @@
 < enable
 < error the to date has to be later than the from date
 < extrahd because it it outside the allowed mount path
+< fwdfw syn flood protection
 < g.dtm
 < g.lite
 < hostile networks in
@@ -120,6 +121,7 @@
 < extrahd no mount point given
 < extrahd not configured
 < extrahd not mounted
+< fwdfw syn flood protection
 < hardware vulnerabilities
 < hostile networks in
 < hostile networks out
@@ -148,6 +150,7 @@
 < bewan adsl pci st
 < bewan adsl usb
 < extrahd because it it outside the allowed mount path
+< fwdfw syn flood protection
 < g.dtm
 < g.lite
 < hostile networks total
@@ -365,6 +368,7 @@
 < fwdfw maxconcon
 < fwdfw numcon
 < fwdfw ratelimit
+< fwdfw syn flood protection
 < fwhost addlocationgrp
 < fwhost cust location
 < fwhost cust locationgroup
@@ -894,6 +898,7 @@
 < fwdfw maxconcon
 < fwdfw numcon
 < fwdfw ratelimit
+< fwdfw syn flood protection
 < fwhost addlocationgrp
 < fwhost cust location
 < fwhost cust locationgroup
@@ -1613,6 +1618,7 @@
 < fwdfw source
 < fwdfw sourceip
 < fwdfw std network
+< fwdfw syn flood protection
 < fwdfw target
 < fwdfw targetip
 < fwdfw till
@@ -2613,6 +2619,7 @@
 < fwdfw source
 < fwdfw sourceip
 < fwdfw std network
+< fwdfw syn flood protection
 < fwdfw target
 < fwdfw targetip
 < fwdfw till
@@ -3327,6 +3334,7 @@
 < force enable
 < foreshadow
 < fwdfw all subnets
+< fwdfw syn flood protection
 < fw red
 < generate ptr
 < hardware vulnerabilities
diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi
index 681d42770..226d00838 100644
--- a/html/cgi-bin/firewall.cgi
+++ b/html/cgi-bin/firewall.cgi
@@ -301,8 +301,8 @@ if ($fwdfwsettings{'ACTION'} eq 'saverule')
 	#check if we have an identical rule already
 	if($fwdfwsettings{'oldrulenumber'} eq $fwdfwsettings{'rulepos'}){
 		foreach my $key (sort keys %rulehash){
-			if (   "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsett=
ings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$f=
wdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwset=
tings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfws=
ettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdf=
wsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'rule=
remark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MO=
N'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIM=
E_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{=
'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsetti=
ngs{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport=
'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'conc=
on'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'R=
ATETIME'}"
-				eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$=
key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$k=
ey}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$=
key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehas=
h{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rule=
hash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$r=
ulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27]=
,$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[=
31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$ke=
y}[35],$rulehash{$key}[36]"){
+			if (   "$fwdfwsettings{'RULE_ACTION'},$fwdfwsettings{'ACTIVE'},$fwdfwsett=
ings{'grp1'},$fwdfwsettings{$fwdfwsettings{'grp1'}},$fwdfwsettings{'grp2'},$f=
wdfwsettings{$fwdfwsettings{'grp2'}},$fwdfwsettings{'USE_SRC_PORT'},$fwdfwset=
tings{'PROT'},$fwdfwsettings{'ICMP_TYPES'},$fwdfwsettings{'SRC_PORT'},$fwdfws=
ettings{'USESRV'},$fwdfwsettings{'TGT_PROT'},$fwdfwsettings{'ICMP_TGT'},$fwdf=
wsettings{'grp3'},$fwdfwsettings{$fwdfwsettings{'grp3'}},$fwdfwsettings{'rule=
remark'},$fwdfwsettings{'LOG'},$fwdfwsettings{'TIME'},$fwdfwsettings{'TIME_MO=
N'},$fwdfwsettings{'TIME_TUE'},$fwdfwsettings{'TIME_WED'},$fwdfwsettings{'TIM=
E_THU'},$fwdfwsettings{'TIME_FRI'},$fwdfwsettings{'TIME_SAT'},$fwdfwsettings{=
'TIME_SUN'},$fwdfwsettings{'TIME_FROM'},$fwdfwsettings{'TIME_TO'},$fwdfwsetti=
ngs{'USE_NAT'},$fwdfwsettings{$fwdfwsettings{'nat'}},$fwdfwsettings{'dnatport=
'},$fwdfwsettings{'nat'},$fwdfwsettings{'LIMIT_CON_CON'},$fwdfwsettings{'conc=
on'},$fwdfwsettings{'RATE_LIMIT'},$fwdfwsettings{'ratecon'},$fwdfwsettings{'R=
ATETIME'},$fwdfwsettings{'SYN_FLOOD_PROTECTION'}"
+				eq "$rulehash{$key}[0],$rulehash{$key}[2],$rulehash{$key}[3],$rulehash{$=
key}[4],$rulehash{$key}[5],$rulehash{$key}[6],$rulehash{$key}[7],$rulehash{$k=
ey}[8],$rulehash{$key}[9],$rulehash{$key}[10],$rulehash{$key}[11],$rulehash{$=
key}[12],$rulehash{$key}[13],$rulehash{$key}[14],$rulehash{$key}[15],$rulehas=
h{$key}[16],$rulehash{$key}[17],$rulehash{$key}[18],$rulehash{$key}[19],$rule=
hash{$key}[20],$rulehash{$key}[21],$rulehash{$key}[22],$rulehash{$key}[23],$r=
ulehash{$key}[24],$rulehash{$key}[25],$rulehash{$key}[26],$rulehash{$key}[27]=
,$rulehash{$key}[28],$rulehash{$key}[29],$rulehash{$key}[30],$rulehash{$key}[=
31],$rulehash{$key}[32],$rulehash{$key}[33],$rulehash{$key}[34],$rulehash{$ke=
y}[35],$rulehash{$key}[36],$rulehash{$key}[37]"){
 					$errormessage.=3D$Lang::tr{'fwdfw err ruleexists'};
 					if($fwdfwsettings{'oldruleremark'} ne $fwdfwsettings{'ruleremark'} && $=
fwdfwsettings{'updatefwrule'} eq 'on' && $fwdfwsettings{'ruleremark'} ne '' &=
& !&validremark($fwdfwsettings{'ruleremark'})){
 						$errormessage=3D$Lang::tr{'fwdfw err remark'}."<br>";
@@ -1624,6 +1624,7 @@ sub newrule
 				$fwdfwsettings{'RATE_LIMIT'}			=3D $hash{$key}[34];
 				$fwdfwsettings{'ratecon'}				=3D $hash{$key}[35];
 				$fwdfwsettings{'RATETIME'}				=3D $hash{$key}[36];
+				$fwdfwsettings{'SYN_FLOOD_PROTECTION'}			=3D $hash{$key}[37];
 				$checked{'grp1'}{$fwdfwsettings{'grp1'}} 				=3D 'CHECKED';
 				$checked{'grp2'}{$fwdfwsettings{'grp2'}} 				=3D 'CHECKED';
 				$checked{'grp3'}{$fwdfwsettings{'grp3'}} 				=3D 'CHECKED';
@@ -1631,6 +1632,7 @@ sub newrule
 				$checked{'USESRV'}{$fwdfwsettings{'USESRV'}} 			=3D 'CHECKED';
 				$checked{'ACTIVE'}{$fwdfwsettings{'ACTIVE'}} 			=3D 'CHECKED';
 				$checked{'LOG'}{$fwdfwsettings{'LOG'}} 					=3D 'CHECKED';
+				$checked{'SYN_FLOOD_PROTECTION'}{$fwdfwsettings{'SYN_FLOOD_PROTECTION'}}=
 		=3D 'CHECKED';
 				$checked{'TIME'}{$fwdfwsettings{'TIME'}} 				=3D 'CHECKED';
 				$checked{'TIME_MON'}{$fwdfwsettings{'TIME_MON'}} 		=3D 'CHECKED';
 				$checked{'TIME_TUE'}{$fwdfwsettings{'TIME_TUE'}} 		=3D 'CHECKED';
@@ -2070,6 +2072,12 @@ END
 				</td>
 				<td>$Lang::tr{'fwdfw log rule'}</td>
 			</tr>
+			<tr>
+				<td>
+					<input type=3D'checkbox' name=3D'SYN_FLOOD_PROTECTION' value=3D'ON' $ch=
ecked{'SYN_FLOOD_PROTECTION'}{'ON'}>
+				</td>
+				<td>$Lang::tr{'fwdfw syn flood protection'}</td>
+			</tr>
 			<tr>
 				<td width=3D'1%'>
 					<input type=3D'checkbox' name=3D'TIME' id=3D"USE_TIME_CONSTRAINTS" valu=
e=3D'ON' $checked{'TIME'}{'ON'}>
@@ -2341,6 +2349,7 @@ sub saverule
 			$$hash{$key}[34] =3D $fwdfwsettings{'RATE_LIMIT'};
 			$$hash{$key}[35] =3D $fwdfwsettings{'ratecon'};
 			$$hash{$key}[36] =3D $fwdfwsettings{'RATETIME'};
+			$$hash{$key}[37] =3D $fwdfwsettings{'SYN_FLOOD_PROTECTION'};
 			&General::writehasharray("$config", $hash);
 		}else{
 			foreach my $key (sort {$a <=3D> $b} keys %$hash){
@@ -2382,6 +2391,7 @@ sub saverule
 					$$hash{$key}[34] =3D $fwdfwsettings{'RATE_LIMIT'};
 					$$hash{$key}[35] =3D $fwdfwsettings{'ratecon'};
 					$$hash{$key}[36] =3D $fwdfwsettings{'RATETIME'};
+					$$hash{$key}[37] =3D $fwdfwsettings{'SYN_FLOOD_PROTECTION'};
 					last;
 				}
 			}
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index ee3a6c5aa..6e3a01555 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1246,6 +1246,7 @@
 'fwdfw source' =3D> 'Source',
 'fwdfw sourceip' =3D> 'Source address (MAC/IP address or network):',
 'fwdfw std network' =3D> 'Standard networks:',
+'fwdfw syn flood protection' =3D> 'Enable SYN Flood Protection (TCP only)',
 'fwdfw target' =3D> 'Destination',
 'fwdfw targetip' =3D> 'Destination address (IP address or network):',
 'fwdfw till' =3D> 'Until:',
--=20
2.39.2


--===============5372864220700700621==--