Double-click to edit, click to select, multi-delete and drag to re-order now supported on:

	firewall-nat.php
	firewall-nat-out.php
	firewall_nat-1to1.php
	firewall_rules.php

1 files changed, 115 insertions, 50 deletions

diff --git a/src/usr/local/www/firewall_rules.php b/src/usr/local/www/firewall_rules.php
index f3b4b00..87703f1 100644
--- a/src/usr/local/www/firewall_rules.php
+++ b/src/usr/local/www/firewall_rules.php
@@ -4,56 +4,56 @@
 	firewall_rules.php
 */
 /* ====================================================================
- *  Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved. 
- *  Copyright (c)  2004 Scott Ullrich
- *  Copyright (c)  2003-2004 Manuel Kasper <mk@neon1.net>
+ *	Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.
+ *	Copyright (c)  2004 Scott Ullrich
+ *	Copyright (c)  2003-2004 Manuel Kasper <mk@neon1.net>
  *	Originally part of pfSense (https://www.pfsense.org)
  *
- *  Redistribution and use in source and binary forms, with or without modification, 
- *  are permitted provided that the following conditions are met: 
+ *	Redistribution and use in source and binary forms, with or without modification,
+ *	are permitted provided that the following conditions are met:
  *
- *  1. Redistributions of source code must retain the above copyright notice,
- *      this list of conditions and the following disclaimer.
+ *	1. Redistributions of source code must retain the above copyright notice,
+ *		this list of conditions and the following disclaimer.
  *
- *  2. Redistributions in binary form must reproduce the above copyright
- *      notice, this list of conditions and the following disclaimer in
- *      the documentation and/or other materials provided with the
- *      distribution. 
+ *	2. Redistributions in binary form must reproduce the above copyright
+ *		notice, this list of conditions and the following disclaimer in
+ *		the documentation and/or other materials provided with the
+ *		distribution.
  *
- *  3. All advertising materials mentioning features or use of this software 
- *      must display the following acknowledgment:
- *      "This product includes software developed by the pfSense Project
- *       for use in the pfSense software distribution. (http://www.pfsense.org/). 
+ *	3. All advertising materials mentioning features or use of this software
+ *		must display the following acknowledgment:
+ *		"This product includes software developed by the pfSense Project
+ *		 for use in the pfSense software distribution. (http://www.pfsense.org/).
  *
- *  4. The names "pfSense" and "pfSense Project" must not be used to
- *       endorse or promote products derived from this software without
- *       prior written permission. For written permission, please contact
- *       coreteam@pfsense.org.
+ *	4. The names "pfSense" and "pfSense Project" must not be used to
+ *		 endorse or promote products derived from this software without
+ *		 prior written permission. For written permission, please contact
+ *		 coreteam@pfsense.org.
  *
- *  5. Products derived from this software may not be called "pfSense"
- *      nor may "pfSense" appear in their names without prior written
- *      permission of the Electric Sheep Fencing, LLC.
+ *	5. Products derived from this software may not be called "pfSense"
+ *		nor may "pfSense" appear in their names without prior written
+ *		permission of the Electric Sheep Fencing, LLC.
  *
- *  6. Redistributions of any form whatsoever must retain the following
- *      acknowledgment:
+ *	6. Redistributions of any form whatsoever must retain the following
+ *		acknowledgment:
  *
- *  "This product includes software developed by the pfSense Project
- *  for use in the pfSense software distribution (http://www.pfsense.org/).
+ *	"This product includes software developed by the pfSense Project
+ *	for use in the pfSense software distribution (http://www.pfsense.org/).
   *
- *  THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
- *  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
- *  ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- *  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- *  OF THE POSSIBILITY OF SUCH DAMAGE.
+ *	THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
+ *	EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ *	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
+ *	ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ *	NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ *	LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ *	HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ *	STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ *	OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- *  ====================================================================
+ *	====================================================================
  *
  */
 /*
@@ -177,6 +177,7 @@ if ($_POST) {
 	}
 }
 
+
 if ($_GET['act'] == "del") {
 	if ($a_filter[$_GET['id']]) {
 		if (!empty($a_filter[$_GET['id']]['associated-rule-id'])) {
@@ -186,6 +187,7 @@ if ($_GET['act'] == "del") {
 		if (write_config()) {
 			mark_subsystem_dirty('filter');
 		}
+
 		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
@@ -196,7 +198,27 @@ if ($_REQUEST['savemsg']) {
 	$savemsg = htmlentities($_REQUEST['savemsg']);
 }
 
-if ($_GET['act'] == "toggle") {
+if (isset($_POST['del_x'])) {
+	/* delete selected rules */
+	$deleted = false;
+
+	if (is_array($_POST['rule']) && count($_POST['rule'])) {
+		foreach ($_POST['rule'] as $rulei) {
+			delete_nat_association($a_filter[$rulei]['associated-rule-id']);
+			unset($a_filter[$rulei]);
+			$deleted = true;
+		}
+
+		if($deleted) {
+			if (write_config()) {
+				mark_subsystem_dirty('filter');
+			}
+		}
+
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
+		exit;
+	}
+} else if ($_GET['act'] == "toggle") {
 	if ($a_filter[$_GET['id']]) {
 		if (isset($a_filter[$_GET['id']]['disabled'])) {
 			unset($a_filter[$_GET['id']]['disabled']);
@@ -206,10 +228,11 @@ if ($_GET['act'] == "toggle") {
 		if (write_config()) {
 			mark_subsystem_dirty('filter');
 		}
+
 		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
-} else {
+} else if($_POST['order-store']) {
 	/* update rule order, POST[rule] is an array of ordered IDs */
 	if (is_array($_POST['rule']) && !empty($_POST['rule'])) {
 		$a_filter_new = array();
@@ -222,6 +245,7 @@ if ($_GET['act'] == "toggle") {
 		if (write_config()) {
 			mark_subsystem_dirty('filter');
 		}
+
 		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
@@ -251,6 +275,7 @@ display_top_tabs($tab_array);
 			<table class="table table-striped table-hover table-condensed">
 				<thead>
 					<tr>
+						<th><!-- checkbox --></th>
 						<th><!-- status icons --></th>
 						<th><?=gettext("Proto");?></th>
 						<th><?=gettext("Source");?></th>
@@ -268,11 +293,12 @@ display_top_tabs($tab_array);
 <?php
 		// Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1.
 	if (!isset($config['system']['webgui']['noantilockout']) &&
-	    (((count($config['interfaces']) > 1) && ($if == 'lan')) ||
-	     ((count($config['interfaces']) == 1) && ($if == 'wan')))):
+		(((count($config['interfaces']) > 1) && ($if == 'lan')) ||
+		 ((count($config['interfaces']) == 1) && ($if == 'wan')))):
 		$alports = implode('<br />', filter_get_antilockout_ports(true));
 ?>
 					<tr id="antilockout">
+						<td></td>
 						<td title="<?=gettext("traffic is passed")?>"><i class="icon icon-ok"></i></td>
 						<td>*</td>
 						<td>*</td>
@@ -290,6 +316,7 @@ display_top_tabs($tab_array);
 <?php endif;?>
 <?php if (isset($config['interfaces'][$if]['blockpriv'])): ?>
 					<tr id="frrfc1918">
+						<td></td>
 						<td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td>
 						<td>*</td>
 						<td><?=gettext("RFC 1918 networks");?></td>
@@ -307,6 +334,7 @@ display_top_tabs($tab_array);
 <?php endif;?>
 <?php if (isset($config['interfaces'][$if]['blockbogons'])): ?>
 					<tr id="frrfc1918">
+					<td></td>
 						<td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td>
 						<td>*</td>
 						<td><?=gettext("Reserved/not assigned by IANA");?></td>
@@ -325,19 +353,23 @@ display_top_tabs($tab_array);
 			</tbody>
 
 			<tbody class="user-entries">
-<?php for ($i = 0; isset($a_filter[$i]); $i++):
+<?php
+$nrules = 0;
+for ($i = 0; isset($a_filter[$i]); $i++):
 	$filterent = $a_filter[$i];
-	
+
 	if ($filterent['interface'] != $if && !isset($filterent['floating']))
 		continue;
+
 	if (isset($filterent['floating']) && "FloatingRules" != $if)
 		continue;
-
-	$nrules++;
 ?>
-					<tr<?=(isset($filterent['disabled']) ? ' class="disabled"' : '')?>>
+					<tr id="fr<?=$nrules;?>" onClick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';" <?=(isset($filterent['disabled']) ? ' class="disabled"' : '')?>>
+						<td >
+							<input type="checkbox" id="frc<?=$nrules;?>" onClick="fr_toggle(<?=$nrules;?>)" name="rule[]" value="<?=$i;?>"/>
+						</td>
+
 						<td title="<?=gettext("traffic is ").$filterent['type']."ed"?>">
-							<input type="hidden" name="rule[]" value="<?=$i?>" />
 
 	<?php
 		if ($filterent['type'] == "block")
@@ -604,6 +636,7 @@ display_top_tabs($tab_array);
 						</td>
 					</tr>
 <?php
+		$nrules++;
 		endfor;
 ?>
 				</tbody>
@@ -626,7 +659,8 @@ display_top_tabs($tab_array);
 <?php endif;?>
 
 	<nav class="action-buttons">
-		<input type="submit" id="order-store" class="btn btn-sm btn-primary" value="store changes" disabled="disabled" />
+		<input type="submit" id="order-store" name="order-store" class="btn btn-sm btn-primary" value="store changes" disabled="disabled" />
+		<input name="del_x" type="submit" class="btn btn-danger btn-sm" value="<?=gettext("Delete selected rules"); ?>"	 />
 		<a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>" role="button" class="btn btn-sm btn-success">
 			<?=gettext("add new");?>
 		</a>
@@ -662,6 +696,31 @@ else
 ?>
 
 <script>
+function fr_toggle(id, prefix) {
+	if (!prefix)
+		prefix = 'fr';
+
+	var checkbox = document.getElementById(prefix + 'c' + id);
+	checkbox.checked = !checkbox.checked;
+	fr_bgcolor(id, prefix);
+}
+
+function fr_bgcolor(id, prefix) {
+	if (!prefix)
+		prefix = 'fr';
+
+	var row = document.getElementById(prefix + id);
+	var checkbox = document.getElementById(prefix + 'c' + id);
+	var cells = row.getElementsByTagName('td');
+	var cellcnt = cells.length;
+
+	for (i = 0; i < cellcnt-1; i++) {
+		cells[i].style.backgroundColor = checkbox.checked ? "#DDF4FF" : "#FFFFFF";
+	}
+}
+</script>
+
+<script>
 events.push(function() {
 	// Make rules sortable
 	$('table tbody.user-entries').sortable({
@@ -671,6 +730,12 @@ events.push(function() {
 		}
 	});
 
+	// Check all of the rule checkboxes so that their values are posted
+	$('#order-store').click(function () {
+	   $('[id^=frc]').prop('checked', true);
+	   alert();
+	});
+
 	// Replace direct delete with quicker front-end action
 /*FIXME: event ordering
 	$('.btn-danger').on('click', function(e){