summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2007-12-03 05:02:56 +0000
committerScott Ullrich <sullrich@pfsense.org>2007-12-03 05:02:56 +0000
commit40b56dc18bb2fcfa7b1f67a9885a25636ce915cb (patch)
treec267157ce064c148408ed610802e096daccd5d2f
parent0397013a4044fd591079a007fb0cf126c5d85cd6 (diff)
downloadpfsense-40b56dc18bb2fcfa7b1f67a9885a25636ce915cb.zip
pfsense-40b56dc18bb2fcfa7b1f67a9885a25636ce915cb.tar.gz
Add multi user firewall nat port forward capabilities.
-rwxr-xr-xusr/local/www/firewall_nat.php5
-rwxr-xr-xusr/local/www/firewall_nat_edit.php42
-rw-r--r--usr/local/www/system_groupmanager.php19
3 files changed, 62 insertions, 4 deletions
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php
index 53cf508..6991283 100755
--- a/usr/local/www/firewall_nat.php
+++ b/usr/local/www/firewall_nat.php
@@ -182,6 +182,11 @@ include("head.inc");
</td>
</tr>
<?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
+ <?php
+ /* if user does not have access to edit an interface skip on to the next record */
+ if(!have_natpfruleint_access($natent['interface']))
+ continue;
+ ?>
<tr valign="top" id="fr<?=$nnats;?>">
<td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td>
<td class="listt" align="center"></td>
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 5268976..c840029 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -61,6 +61,19 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['interface'] = "wan";
}
+if($id) {
+ $if = $a_nat[$id]['interface'];
+ $security_url = "firewall_nat_edit.php?if=". strtolower($if);
+ if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
+ if(!in_array($security_url, $allowed)) {
+ // User does not have access
+ // echo "displaying error {$security_url}"; print_r($allowed);
+ echo display_error_form("401", "Unauthorized. You do not have access to edit nat rules on the interface {$if}");
+ exit;
+ }
+ }
+}
+
if (isset($_GET['dup']))
unset($id);
@@ -271,10 +284,31 @@ include("fbegin.inc"); ?>
<td width="78%" class="vtable">
<select name="interface" class="formselect">
<?php
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
- }
+
+ $interfaces = array();
+
+ if(have_ruleint_access("lan"))
+ $interfaces['lan'] = "LAN";
+ if(have_ruleint_access("wan"))
+ $interfaces['wan'] = "WAN";
+
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ if(have_ruleint_access("opt{$i}"))
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+
+ if ($config['pptpd']['mode'] == "server")
+ if(have_ruleint_access("pptp"))
+ $interfaces['pptp'] = "PPTP VPN";
+
+ if ($config['pppoe']['mode'] == "server")
+ if(have_ruleint_access("pppoe"))
+ $interfaces['pppoe'] = "PPPoE VPN";
+
+ /* add ipsec interfaces */
+ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable']))
+ if(have_ruleint_access("enc0"))
+ $interfaces["enc0"] = "IPSEC";
+
foreach ($interfaces as $iface => $ifacename): ?>
<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
<?=htmlspecialchars($ifacename);?>
diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php
index 7d74efe..3d81bf1 100644
--- a/usr/local/www/system_groupmanager.php
+++ b/usr/local/www/system_groupmanager.php
@@ -126,6 +126,8 @@ function getAdminPageList() {
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
$iflist['opt' . $i] = strtolower($config['interfaces']['opt' . $i]['descr']);
}
+
+ // Firewall Rules
foreach ($iflist as $ifent => $ifname) {
$entryname = "firewall_rules.php?if={$ifname}";
$tmp[$entryname] = ("Firewall: Rules: " . strtoupper($ifname));
@@ -143,6 +145,23 @@ function getAdminPageList() {
$entryname = "firewall_rules_edit.php?if=pppoe";
$tmp[$entryname] = "Firewall: Rules: Edit: PPPoE";
+ // NAT Items
+ foreach ($iflist as $ifent => $ifname) {
+ $entryname = "firewall_nat.php?if={$ifname}";
+ $tmp[$entryname] = ("Firewall: NAT: Port Forward " . strtoupper($ifname));
+ $entryname = "firewall_nat_edit.php?if={$ifname}";
+ $tmp[$entryname] = ("Firewall: NAT: Port Forward: Edit: " . strtoupper($ifname));
+ }
+ /* additional nat tab entries */
+ $entryname = "firewall_nat_edit.php?if=enc0";
+ $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: IPSEC";
+
+ $entryname = "firewall_nat_edit.php?if=pptp";
+ $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPTP";
+
+ $entryname = "firewall_nat_edit.php?if=pppoe";
+ $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPPoE";
+
asort($tmp);
return $tmp;
}
OpenPOWER on IntegriCloud