diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-03 05:02:56 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-03 05:02:56 +0000 |
| commit | 40b56dc18bb2fcfa7b1f67a9885a25636ce915cb (patch) | |
| tree | c267157ce064c148408ed610802e096daccd5d2f | |
| parent | 0397013a4044fd591079a007fb0cf126c5d85cd6 (diff) | |
| download | pfsense-40b56dc18bb2fcfa7b1f67a9885a25636ce915cb.zip pfsense-40b56dc18bb2fcfa7b1f67a9885a25636ce915cb.tar.gz | |
Add multi user firewall nat port forward capabilities.
| -rwxr-xr-x | usr/local/www/firewall_nat.php | 5 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 42 | ||||
| -rw-r--r-- | usr/local/www/system_groupmanager.php | 19 |
3 files changed, 62 insertions, 4 deletions
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 53cf508..6991283 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -182,6 +182,11 @@ include("head.inc"); </td> </tr> <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> + <?php + /* if user does not have access to edit an interface skip on to the next record */ + if(!have_natpfruleint_access($natent['interface'])) + continue; + ?> <tr valign="top" id="fr<?=$nnats;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> <td class="listt" align="center"></td> diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 5268976..c840029 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -61,6 +61,19 @@ if (isset($id) && $a_nat[$id]) { $pconfig['interface'] = "wan"; } +if($id) { + $if = $a_nat[$id]['interface']; + $security_url = "firewall_nat_edit.php?if=". strtolower($if); + if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { + if(!in_array($security_url, $allowed)) { + // User does not have access + // echo "displaying error {$security_url}"; print_r($allowed); + echo display_error_form("401", "Unauthorized. You do not have access to edit nat rules on the interface {$if}"); + exit; + } + } +} + if (isset($_GET['dup'])) unset($id); @@ -271,10 +284,31 @@ include("fbegin.inc"); ?> <td width="78%" class="vtable"> <select name="interface" class="formselect"> <?php - $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE'); - for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { - $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; - } + + $interfaces = array(); + + if(have_ruleint_access("lan")) + $interfaces['lan'] = "LAN"; + if(have_ruleint_access("wan")) + $interfaces['wan'] = "WAN"; + + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + if(have_ruleint_access("opt{$i}")) + $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr']; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPSEC"; + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> <?=htmlspecialchars($ifacename);?> diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php index 7d74efe..3d81bf1 100644 --- a/usr/local/www/system_groupmanager.php +++ b/usr/local/www/system_groupmanager.php @@ -126,6 +126,8 @@ function getAdminPageList() { for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { $iflist['opt' . $i] = strtolower($config['interfaces']['opt' . $i]['descr']); } + + // Firewall Rules foreach ($iflist as $ifent => $ifname) { $entryname = "firewall_rules.php?if={$ifname}"; $tmp[$entryname] = ("Firewall: Rules: " . strtoupper($ifname)); @@ -143,6 +145,23 @@ function getAdminPageList() { $entryname = "firewall_rules_edit.php?if=pppoe"; $tmp[$entryname] = "Firewall: Rules: Edit: PPPoE"; + // NAT Items + foreach ($iflist as $ifent => $ifname) { + $entryname = "firewall_nat.php?if={$ifname}"; + $tmp[$entryname] = ("Firewall: NAT: Port Forward " . strtoupper($ifname)); + $entryname = "firewall_nat_edit.php?if={$ifname}"; + $tmp[$entryname] = ("Firewall: NAT: Port Forward: Edit: " . strtoupper($ifname)); + } + /* additional nat tab entries */ + $entryname = "firewall_nat_edit.php?if=enc0"; + $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: IPSEC"; + + $entryname = "firewall_nat_edit.php?if=pptp"; + $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPTP"; + + $entryname = "firewall_nat_edit.php?if=pppoe"; + $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPPoE"; + asort($tmp); return $tmp; } |
