summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jim@pingle.org>2010-03-11 12:58:01 -0500
committerjim-p <jim@pingle.org>2010-03-11 13:03:51 -0500
commit998f77a81fd256a78f21e2af9a91be9bac1eb35e (patch)
treeeeb82c2af750998e6cd881d35d17d0dabf612487
parentcd6a4b1d3329c5789d4e27b9a8a6b3bdcedbbd0e (diff)
downloadpfsense-998f77a81fd256a78f21e2af9a91be9bac1eb35e.zip
pfsense-998f77a81fd256a78f21e2af9a91be9bac1eb35e.tar.gz
Fix EasyRule port check so it is only tested when the protocol is TCP or UDP. Resolves #412
While I'm here, make EasyRule put a description in when writing the config so it shows up properly in the config history.
-rw-r--r--etc/inc/easyrule.inc6
-rw-r--r--usr/local/www/easyrule.php24
2 files changed, 16 insertions, 14 deletions
diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc
index 2b17ed5..2aa4357 100644
--- a/etc/inc/easyrule.inc
+++ b/etc/inc/easyrule.inc
@@ -2,8 +2,8 @@
/*
easyrule.inc.php
- Copyright (C) 2009 Jim Pingle (jpingle@gmail.com)
- Sponsored By Anathematic @ pfSense Forums
+ Copyright (C) 2009-2010 Jim Pingle (jpingle@gmail.com)
+ Originally Sponsored By Anathematic @ pfSense Forums
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -251,7 +251,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport) {
$a_filter[] = $filterent;
- write_config();
+ write_config($filterent['descr']);
$retval = filter_configure();
header("Location: firewall_rules.php?if={$int}");
exit;
diff --git a/usr/local/www/easyrule.php b/usr/local/www/easyrule.php
index 8c860da..69420d8 100644
--- a/usr/local/www/easyrule.php
+++ b/usr/local/www/easyrule.php
@@ -2,8 +2,8 @@
/*
easyrule.php
- Copyright (C) 2009 Jim Pingle (jpingle@gmail.com)
- Sponsored By Anathematic @ pfSense Forums
+ Copyright (C) 2009-2010 Jim Pingle (jpingle@gmail.com)
+ Originally Sponsored By Anathematic @ pfSense Forums
All rights reserved.
Redistribution and use in source and binary forms, with or without
@@ -40,6 +40,7 @@ require_once("shaper.inc");
$retval = 0;
$message = "";
$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
+$protocols_with_ports = array('tcp', 'udp');
if ($_GET && isset($_GET['action'])) {
switch ($_GET['action']) {
@@ -85,17 +86,18 @@ if ($_GET && isset($_GET['action'])) {
$message .= "Tried to pass invalid destination IP: " . htmlspecialchars($_GET['dst']) . "<br/>";
break;
}
- if (($_GET['proto'] != 'icmp') && !isset($_GET['dstport'])) {
- $message .= "Missing destination port: " . htmlspecialchars($_GET['dstport']) . "<br/>";
- break;
- }
- if ($_GET['proto'] == 'icmp') {
+ if (in_array($_GET['proto'], $protocols_with_ports)) {
+ if (!isset($_GET['dstport'])) {
+ $message .= "Missing destination port: " . htmlspecialchars($_GET['dstport']) . "<br/>";
+ break;
+ }
+ if (!is_port($_GET['dstport'])) {
+ $message .= "Tried to pass invalid destination port: " . htmlspecialchars($_GET['dstport']) . "<br/>";
+ break;
+ }
+ } else {
$_GET['dstport'] = 0;
}
- if (!is_numeric($_GET['dstport']) || ($_GET['dstport'] < 0) || ($_GET['dstport'] > 65536)) {
- $message .= "Tried to pass invalid destination port: " . htmlspecialchars($_GET['dstport']) . "<br/>";
- break;
- }
/* Should have valid input... */
if (easyrule_pass_rule_add($_GET['int'], $_GET['proto'], $_GET['src'], $_GET['dst'], $_GET['dstport'])) {
/* Shouldn't get here, the function should redirect. */
OpenPOWER on IntegriCloud