diff options
| author | jim-p <jim@pingle.org> | 2010-03-11 12:58:01 -0500 |
|---|---|---|
| committer | jim-p <jim@pingle.org> | 2010-03-11 13:03:51 -0500 |
| commit | 998f77a81fd256a78f21e2af9a91be9bac1eb35e (patch) | |
| tree | eeb82c2af750998e6cd881d35d17d0dabf612487 | |
| parent | cd6a4b1d3329c5789d4e27b9a8a6b3bdcedbbd0e (diff) | |
| download | pfsense-998f77a81fd256a78f21e2af9a91be9bac1eb35e.zip pfsense-998f77a81fd256a78f21e2af9a91be9bac1eb35e.tar.gz | |
Fix EasyRule port check so it is only tested when the protocol is TCP or UDP. Resolves #412
While I'm here, make EasyRule put a description in when writing the config so it shows up properly in the config history.
| -rw-r--r-- | etc/inc/easyrule.inc | 6 | ||||
| -rw-r--r-- | usr/local/www/easyrule.php | 24 |
2 files changed, 16 insertions, 14 deletions
diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 2b17ed5..2aa4357 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -2,8 +2,8 @@ /* easyrule.inc.php - Copyright (C) 2009 Jim Pingle (jpingle@gmail.com) - Sponsored By Anathematic @ pfSense Forums + Copyright (C) 2009-2010 Jim Pingle (jpingle@gmail.com) + Originally Sponsored By Anathematic @ pfSense Forums All rights reserved. Redistribution and use in source and binary forms, with or without @@ -251,7 +251,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport) { $a_filter[] = $filterent; - write_config(); + write_config($filterent['descr']); $retval = filter_configure(); header("Location: firewall_rules.php?if={$int}"); exit; diff --git a/usr/local/www/easyrule.php b/usr/local/www/easyrule.php index 8c860da..69420d8 100644 --- a/usr/local/www/easyrule.php +++ b/usr/local/www/easyrule.php @@ -2,8 +2,8 @@ /* easyrule.php - Copyright (C) 2009 Jim Pingle (jpingle@gmail.com) - Sponsored By Anathematic @ pfSense Forums + Copyright (C) 2009-2010 Jim Pingle (jpingle@gmail.com) + Originally Sponsored By Anathematic @ pfSense Forums All rights reserved. Redistribution and use in source and binary forms, with or without @@ -40,6 +40,7 @@ require_once("shaper.inc"); $retval = 0; $message = ""; $specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn"); +$protocols_with_ports = array('tcp', 'udp'); if ($_GET && isset($_GET['action'])) { switch ($_GET['action']) { @@ -85,17 +86,18 @@ if ($_GET && isset($_GET['action'])) { $message .= "Tried to pass invalid destination IP: " . htmlspecialchars($_GET['dst']) . "<br/>"; break; } - if (($_GET['proto'] != 'icmp') && !isset($_GET['dstport'])) { - $message .= "Missing destination port: " . htmlspecialchars($_GET['dstport']) . "<br/>"; - break; - } - if ($_GET['proto'] == 'icmp') { + if (in_array($_GET['proto'], $protocols_with_ports)) { + if (!isset($_GET['dstport'])) { + $message .= "Missing destination port: " . htmlspecialchars($_GET['dstport']) . "<br/>"; + break; + } + if (!is_port($_GET['dstport'])) { + $message .= "Tried to pass invalid destination port: " . htmlspecialchars($_GET['dstport']) . "<br/>"; + break; + } + } else { $_GET['dstport'] = 0; } - if (!is_numeric($_GET['dstport']) || ($_GET['dstport'] < 0) || ($_GET['dstport'] > 65536)) { - $message .= "Tried to pass invalid destination port: " . htmlspecialchars($_GET['dstport']) . "<br/>"; - break; - } /* Should have valid input... */ if (easyrule_pass_rule_add($_GET['int'], $_GET['proto'], $_GET['src'], $_GET['dst'], $_GET['dstport'])) { /* Shouldn't get here, the function should redirect. */ |
