diff options
| author | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-04-19 15:51:17 -0300 |
|---|---|---|
| committer | Vinicius Coque <vinicius.coque@bluepex.com> | 2010-04-19 15:51:17 -0300 |
| commit | 383654fc0bff10c18890678defcfbc270aea843a (patch) | |
| tree | 795f147adf6277fd366a125feed1e0d6216c8186 | |
| parent | 6d346c17543ae4250876bd2900e643553bd4f2fa (diff) | |
| download | pfsense-383654fc0bff10c18890678defcfbc270aea843a.zip pfsense-383654fc0bff10c18890678defcfbc270aea843a.tar.gz | |
Block source edit on associated firewall rules
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 75 | ||||
| -rw-r--r-- | usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js | 49 |
2 files changed, 63 insertions, 61 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index e88ac6a..99f9c63 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -672,7 +672,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq">Source</td> <td width="78%" class="vtable"> - <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <?php $edit_disabled=false; ?> + <?php if( isset($pconfig['associated-rule-id']) ): ?> + <span class="red"><strong>NOTE: </strong></span> This is associated to a NAT rule.<br /> + You cannot edit the source and destination of associated filter rules.<br /> + <br /> + <?php + $edit_disabled=true; + if (is_array($config['nat']['rule'])) { + foreach( $config['nat']['rule'] as $index => $nat_rule ) { + if( $nat_rule['associated-rule-id']==$pconfig['associated-rule-id']) { + echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a><br>"; + break; + } + } + } + ?> + <br /> + <script type="text/javascript"> + editenabled = 0; + </script> + <?php endif; ?> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> <strong>not</strong> <br /> Use this option to invert the sense of the match. @@ -682,7 +703,7 @@ include("head.inc"); <tr> <td>Type: </td> <td> - <select name="srctype" class="formselect" onChange="typesel_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srctype" class="formselect" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['src']); ?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option> @@ -712,8 +733,8 @@ include("head.inc"); <tr> <td>Address: </td> <td> - <input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / - <select name="srcmask" class="formselect" id="srcmask"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcmask" class="formselect" id="srcmask"> <?php for ($i = 31; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> <?php endfor; ?> @@ -723,7 +744,7 @@ include("head.inc"); </table> <div id="showadvancedboxspr"> <p> - <input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a> </div> </td> </tr> @@ -734,27 +755,27 @@ include("head.inc"); <tr> <td>from: </td> <td> - <select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> </td> </tr> <tr> <td>to:</td> <td> - <select name="srcendport" class="formselect" onchange="ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> </td> </tr> </table> @@ -765,27 +786,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq">Destination</td> <td width="78%" class="vtable"> - <?php $dst_disabled=false; ?> - <?php if( isset($pconfig['associated-rule-id']) ): ?> - <span class="red"><strong>NOTE: </strong></span> This is associated to a NAT rule.<br /> - You cannot edit the destination of associated filter rules.<br /> - <br /> - <?php - if (is_array($config['nat']['rule'])) { - foreach( $config['nat']['rule'] as $index => $nat_rule ) { - if( $nat_rule['assocaited-rule-id']==$pconfig['associated-rule-id']) - echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a>\n"; - break; - } - } - ?> - <br /> - <?php $dst_disabled=true; ?> - <script type="text/javascript"> - dstenabled = 0; - </script> - <?php endif; ?> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> <strong>not</strong> <br /> Use this option to invert the sense of the match. @@ -795,7 +796,7 @@ include("head.inc"); <tr> <td>Type: </td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dsttype" class="formselect" onChange="typesel_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dsttype" class="formselect" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['dst']); ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option> @@ -825,9 +826,9 @@ include("head.inc"); <tr> <td>Address: </td> <td> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstmask" class="formselect" id="dstmask"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstmask" class="formselect" id="dstmask"> <?php for ($i = 31; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> @@ -845,27 +846,27 @@ include("head.inc"); <tr> <td>from: </td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> </td> </tr> <tr> <td>to:</td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstendport" class="formselect" onchange="ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> </td> </tr> </table> diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js index 75bcb62..1b7f33a 100644 --- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js +++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js @@ -1,6 +1,6 @@ <!-- var portsenabled = 1; -var dstenabled = 1; +var editenabled = 1; function ext_change() { if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) { @@ -15,13 +15,13 @@ function ext_change() { document.iform.srcendport_cust.value = ""; document.iform.srcendport_cust.disabled = 1; } - if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && dstenabled) { + if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && editenabled) { document.iform.dstbeginport_cust.disabled = 0; } else { document.iform.dstbeginport_cust.value = ""; document.iform.dstbeginport_cust.disabled = 1; } - if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && dstenabled) { + if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && editenabled) { document.iform.dstendport_cust.disabled = 0; } else { document.iform.dstendport_cust.value = ""; @@ -36,7 +36,7 @@ function ext_change() { } else { document.iform.srcbeginport.disabled = 0; document.iform.srcendport.disabled = 0; - if( dstenabled ) { + if( editenabled ) { document.iform.dstbeginport.disabled = 0; document.iform.dstendport.disabled = 0; } @@ -49,25 +49,24 @@ function show_source_port_range() { } function typesel_change() { - switch (document.iform.srctype.selectedIndex) { - case 1: /* single */ - document.iform.src.disabled = 0; - document.iform.srcmask.value = ""; - document.iform.srcmask.disabled = 1; - break; - case 2: /* network */ - document.iform.src.disabled = 0; - document.iform.srcmask.disabled = 0; - break; - default: - document.iform.src.value = ""; - document.iform.src.disabled = 1; - document.iform.srcmask.value = ""; - document.iform.srcmask.disabled = 1; - break; - } - if( dstenabled ) - { + if( editenabled ) { + switch (document.iform.srctype.selectedIndex) { + case 1: /* single */ + document.iform.src.disabled = 0; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + case 2: /* network */ + document.iform.src.disabled = 0; + document.iform.srcmask.disabled = 0; + break; + default: + document.iform.src.value = ""; + document.iform.src.disabled = 1; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + } switch (document.iform.dsttype.selectedIndex) { case 1: /* single */ document.iform.dst.disabled = 0; @@ -118,7 +117,9 @@ function proto_change() { if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { document.getElementById("dprtr").style.display = ''; - document.getElementById("showadvancedboxspr").innerHTML='<p><input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>'; + if (editenabled) { + document.getElementById("showadvancedboxspr").innerHTML='<p><input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>'; + } } else { document.getElementById("sprtable").style.display = 'none'; document.getElementById("dprtr").style.display = 'none'; |
