diff options
author | Renato Botelho <renato@netgate.com> | 2016-09-15 09:44:45 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-09-15 09:44:45 -0300 |
commit | 2e8d34a6da6de60f6423c5587f5df33b059c849a (patch) | |
tree | 1de932ef9b9d678f690a1414dc8c3b3b6aea93ca | |
parent | a03162c874c4e52e6cae52c2eefce87118fd90d2 (diff) | |
parent | 6a9d1bfc5c90011af10a1704231340a42fa9f51d (diff) | |
download | pfsense-2e8d34a6da6de60f6423c5587f5df33b059c849a.zip pfsense-2e8d34a6da6de60f6423c5587f5df33b059c849a.tar.gz |
Merge pull request #2782 from fredronnv/master
-rw-r--r-- | src/etc/inc/filter.inc | 5 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_out_edit.php | 32 |
2 files changed, 37 insertions, 0 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index bac2033..5408ae6 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -2035,6 +2035,11 @@ function filter_nat_rules_generate() { $obtarget = ($obent['target'] == "other-subnet") ? $obent['targetip'] . '/' . $obent['targetip_subnet']: $obent['target']; $poolopts = (is_subnet($obtarget) || is_alias($obtarget)) ? $obent['poolopts'] : ""; + /* pool option source-hash allows specification of an optional source-hash key */ + if ($poolopts == "source-hash" && !empty($obent['source_hash_key'])) { + $poolopts = "source-hash ".$obent['source_hash_key']; + } + $natrules .= filter_nat_rules_generate_if($obent['interface'], $src, $obent['sourceport'], diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index 59ce4fa..31c8be9 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -97,6 +97,7 @@ if (isset($id) && $a_out[$id]) { $pconfig['targetip'] = $a_out[$id]['targetip']; $pconfig['targetip_subnet'] = $a_out[$id]['targetip_subnet']; $pconfig['poolopts'] = $a_out[$id]['poolopts']; + $pconfig['source_hash_key'] = $a_out[$id]['source_hash_key']; $pconfig['interface'] = $a_out[$id]['interface']; if (!$pconfig['interface']) { @@ -227,6 +228,7 @@ if ($_POST) { /* Verify Pool Options */ $poolopts = ""; + $source_hash_key = ""; if ($_POST['poolopts']) { if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet")) { $poolopts = $_POST['poolopts']; @@ -237,6 +239,18 @@ if ($_POST) { $input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias."); } } + /* If specified, verify valid source-hash key or generate a valid key using md5 */ + if ($_POST['source_hash_key']) { + if (substr($_POST['source_hash_key'],0,2) == "0x") { + if (ctype_xdigit(substr($_POST['source_hash_key'],2)) && strlen($_POST['source_hash_key']) == 34) { + $source_hash_key = $_POST['source_hash_key']; + } else { + $input_errors[] = gettext("Incorrect format for source-hash key, \"0x\" must be followed by exactly 32 hexadecimal characters."); + } + } else { + $source_hash_key = "0x".md5($_POST['source_hash_key']); + } + } } /* if user has selected any as source, set it here */ @@ -279,6 +293,7 @@ if ($_POST) { $natent['targetip_subnet'] = (!isset($_POST['nonat'])) ? $_POST['targetip_subnet'] : ""; $natent['interface'] = $_POST['interface']; $natent['poolopts'] = $poolopts; + $natent['source_hash_key'] = $source_hash_key; /* static-port */ if (isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) { @@ -571,6 +586,13 @@ $section->addInput(new Form_Select( '<li>' . 'Sticky Address: The Sticky Address option can be used with the Random and Round Robin pool types to ensure that a particular source address is always mapped to the same translation address.' . '</li>' . '</ul><span class="help-block">'); +$section->addInput(new Form_Input( + 'source_hash_key', + 'Source Hash Key', + 'text', + $pconfig['source_hash_key'] +))->setHelp('The key that is fed to the hashing algorithm in hex format, preceeded by "0x", or any string. A non-hex string is hashed using md5 to a hexadecimal key. Defaults to a randomly generated value.')->setWidth(10)->addClass('othersubnet'); + $group = new Form_Group('Port'); $group->addClass('natportgrp'); @@ -721,10 +743,16 @@ events.push(function() { } else if ($('#target option:selected').text().trim().substring(0,5) == "Other") { hideInput('poolopts', false); hideGroupClass('othersubnet', false); + if ($('#poolopts option:selected').text().trim().substring(0,6) == "Source") { + hideInput('source_hash_key', false); + }else { + hideInput('source_hash_key', true); + } } else { $('#poolopts').prop('selectedIndex',0); hideInput('poolopts', true); hideGroupClass('othersubnet', true); + hideInput('source_hash_key', true); $('#targetip').val(''); $('#targetip_subnet').val('0'); } @@ -755,6 +783,10 @@ events.push(function() { poolopts_change(); }); + $('#poolopts').on('change', function() { + poolopts_change(); + }); + // Set initial states staticportchange(); sourcesel_change(); |