diff options
author | Phil Davis <phil.davis@inf.org> | 2015-12-14 23:18:15 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2015-12-14 23:18:15 +0545 |
commit | 67c2baf157c50ae1b545f36bcf6afee6cdf6f67c (patch) | |
tree | c429615f87c26b3da9c58c7149d827a893461dbe /src/usr/local/www/firewall_rules_edit.php | |
parent | 935b578b7606b8af6866c3c01e9e7b7f9c58a0d9 (diff) | |
download | pfsense-67c2baf157c50ae1b545f36bcf6afee6cdf6f67c.zip pfsense-67c2baf157c50ae1b545f36bcf6afee6cdf6f67c.tar.gz |
Coe style firewall *
Diffstat (limited to 'src/usr/local/www/firewall_rules_edit.php')
-rw-r--r-- | src/usr/local/www/firewall_rules_edit.php | 152 |
1 files changed, 81 insertions, 71 deletions
diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 0da4ac9..e24d097 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -86,16 +86,16 @@ function is_aoadv_used($rule_config) { // Note that the user could set "tag" or "tagged" to the string "0", which is valid but empty(). // And if the user enters "0" in other fields, we want to present an error message, and keep the Advanced Options section open. if ((isset($rule_config['allowopts'])) || - (isset($rule_config['disablereplyto'])) || - ($rule_config['tag'] != "") || - ($rule_config['tagged'] != "") || - ($rule_config['max'] != "") || - ($rule_config['max-src-nodes'] != "") || - ($rule_config['max-src-conn'] != "") || - ($rule_config['max-src-states'] != "") || - ($rule_config['max-src-conn-rate'] != "") || - ($rule_config['max-src-conn-rates'] != "") || - ($rule_config['statetimeout'] != "")) { + (isset($rule_config['disablereplyto'])) || + ($rule_config['tag'] != "") || + ($rule_config['tagged'] != "") || + ($rule_config['max'] != "") || + ($rule_config['max-src-nodes'] != "") || + ($rule_config['max-src-conn'] != "") || + ($rule_config['max-src-states'] != "") || + ($rule_config['max-src-conn-rate'] != "") || + ($rule_config['max-src-conn-rates'] != "") || + ($rule_config['statetimeout'] != "")) { return true; } @@ -448,12 +448,12 @@ if ($_POST) { } if (isset($a_filter[$id]['associated-rule-id']) === false && - (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single")))) { + (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single")))) { $reqdfields[] = "srcmask"; $reqdfieldsn[] = "Source bit count"; } if (isset($a_filter[$id]['associated-rule-id']) === false && - (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single")))) { + (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single")))) { $reqdfields[] = "dstmask"; $reqdfieldsn[] = gettext("Destination bit count"); } @@ -491,7 +491,7 @@ if ($_POST) { $input_errors[] = 'The same port alias must be used in Source port range from: and to: fields'; } if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust'] != '')) || - ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust'] != '') && is_alias($_POST['srcendport_cust']))) { + ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust'] != '') && is_alias($_POST['srcendport_cust']))) { $input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field'; } } @@ -505,7 +505,7 @@ if ($_POST) { $input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields'; } if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust'] != '')) || - ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust'] != '') && is_alias($_POST['dstendport_cust']))) { + ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust'] != '') && is_alias($_POST['dstendport_cust']))) { $input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field'; } } @@ -692,7 +692,7 @@ if ($_POST) { } if ((($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] == "")) || - (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> ""))) { + (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> ""))) { $input_errors[] = gettext("Both maximum new connections per host and the interval (per second(s)) must be specified"); } @@ -1024,14 +1024,14 @@ $closehead = false; $page_filename = "firewall_rules_edit.php"; include("head.inc"); -if ($input_errors) +if ($input_errors) { print_input_errors($input_errors); +} $form = new Form; $section = new Form_Section('Edit Firewall rule'); -if (isset($id)) -{ +if (isset($id)) { $form->addGlobal(new Form_Input( 'id', 'ID', @@ -1040,8 +1040,7 @@ if (isset($id)) )); } -if (isset($a_filter[$id])) -{ +if (isset($a_filter[$id])) { $form->addGlobal(new Form_Input( 'tracker', 'Tracker', @@ -1073,8 +1072,9 @@ $values = array( 'reject' => 'Reject', ); -if ($if == "FloatingRules" || isset($pconfig['floating'])) +if ($if == "FloatingRules" || isset($pconfig['floating'])) { $values['match'] = 'Match'; +} $section->addInput(new Form_Select( 'type', @@ -1095,8 +1095,7 @@ $section->addInput(new Form_Checkbox( ))->setHelp('Set this option to disable this rule without removing it from the '. 'list.'); -if ($if == "FloatingRules" || isset($pconfig['floating'])) -{ +if ($if == "FloatingRules" || isset($pconfig['floating'])) { $section->addInput(new Form_Checkbox( 'quick', 'Quick', @@ -1108,13 +1107,12 @@ if ($if == "FloatingRules" || isset($pconfig['floating'])) $edit_disabled = isset($pconfig['associated-rule-id']); -if ($edit_disabled) -{ +if ($edit_disabled) { $extra = ''; - foreach ($config['nat']['rule'] as $index => $nat_rule) - { - if ($nat_rule['associated-rule-id'] === $pconfig['associated-rule-id']) + foreach ($config['nat']['rule'] as $index => $nat_rule) { + if ($nat_rule['associated-rule-id'] === $pconfig['associated-rule-id']) { $extra = '<br/><a href="firewall_nat_edit.php?id='. $index .'">'. gettext('View the NAT rule') .'</a>'; + } } $section->addInput(new Form_StaticText( @@ -1133,8 +1131,7 @@ if ($edit_disabled) $pconfig['associated-rule-id'] )); - if (!empty($pconfig['interface'])) - { + if (!empty($pconfig['interface'])) { $form->addGlobal(new Form_Input( 'interface', null, @@ -1269,17 +1266,20 @@ foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) { $ruleValues['(self)'] = "This firewall (self)"; } - if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") + if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") { $ruleValues['(self)'] = 'This Firewall (self)'; - if (have_ruleint_access("pppoe")) + } + if (have_ruleint_access("pppoe")) { $ruleValues['pppoe'] = 'PPPoE clients'; - if (have_ruleint_access("l2tp")) + } + if (have_ruleint_access("l2tp")) { $ruleValues['l2tp'] = 'L2TP clients'; + } - foreach ($ifdisp as $ifent => $ifdesc) - { - if (!have_ruleint_access($ifent)) + foreach ($ifdisp as $ifent => $ifdesc) { + if (!have_ruleint_access($ifent)) { continue; + } $ruleValues[$ifent] = $ifdesc.' net'; $ruleValues[$ifent.'ip'] = $ifdesc.' address'; @@ -1309,8 +1309,9 @@ foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) { $portValues = ['' => '(other)', 'any' => 'any']; - foreach ($wkports as $port => $portName) + foreach ($wkports as $port => $portName) { $portValues[$port] = $portName.' ('. $port .')'; + } $group = new Form_Group($name .' port range'); @@ -1387,7 +1388,7 @@ $btnadvanced = new Form_Button( $btnadvanced->removeClass('btn-primary')->addClass('btn-default'); -if(!$adv_open) { +if (!$adv_open) { $section->addInput(new Form_StaticText( null, $btnadvanced @@ -1543,10 +1544,10 @@ $section->addInput(new Form_Select( ))->setHelp('Choose 802.1p priority to apply'); $schedules = array(); -foreach ((array)$config['schedules']['schedule'] as $schedule) -{ - if ($schedule['name'] != "") +foreach ((array)$config['schedules']['schedule'] as $schedule) { + if ($schedule['name'] != "") { $schedules[] = $schedule['name']; + } } $section->addInput(new Form_Select( @@ -1557,24 +1558,27 @@ $section->addInput(new Form_Select( ))->setHelp('Leave as \'none\' to leave the rule enabled all the time'); $gateways = array("" => 'default'); -foreach (return_gateways_array() as $gwname => $gw) -{ - if (($pconfig['ipprotocol'] == "inet46")) +foreach (return_gateways_array() as $gwname => $gw) { + if (($pconfig['ipprotocol'] == "inet46")) { continue; - if (($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") || (is_ipaddrv6($gw['gateway'])))) + } + if (($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") || (is_ipaddrv6($gw['gateway'])))) { continue; - if (($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway'])))) + } + if (($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway'])))) { continue; - if ($gw == "") + } + if ($gw == "") { continue; + } $gateways[ $gwname ] = $gw['name'] . (empty($gw['gateway'])? '' : ' - '. $gateway_addr_str); } -foreach ((array)$a_gatewaygroups as $gwg_name => $gwg_data) -{ - if ((empty($pconfig['ipprotocol'])) || ($pconfig['ipprotocol'] == $gwg_data['ipprotocol'])) +foreach ((array)$a_gatewaygroups as $gwg_name => $gwg_data) { + if ((empty($pconfig['ipprotocol'])) || ($pconfig['ipprotocol'] == $gwg_data['ipprotocol'])) { $gateways[ $gwg_name ] = $gwg_name; + } } $section->addInput(new Form_Select( @@ -1612,14 +1616,16 @@ $section->add($group)->setHelp('Choose the Out queue/Virtual interface only if ' $group = new Form_Group('Ackqueue / Queue'); $list = array('' => 'none'); -if(!is_array($qlist)) +if (!is_array($qlist)) { $qlist = array(); +} foreach ($qlist as $q => $qkey) { - if (isset($ifdisp[$q])) + if (isset($ifdisp[$q])) { $list[$q] = $ifdisp[$q]; - else + } else { $list[$q] = $q; + } } $group->add(new Form_Select( @@ -1644,21 +1650,18 @@ $has_created_time = (isset($a_filter[$id]['created']) && is_array($a_filter[$id] $has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated'])); -if ($has_created_time || $has_updated_time) -{ +if ($has_created_time || $has_updated_time) { $form->add($section); $section = new Form_Section('Rule Information'); - if ($has_created_time) - { + if ($has_created_time) { $section->addInput(new Form_StaticText( 'Created', date('n/j/y H:i:s', $a_filter[$id]['created']['time']) . gettext(' by ') .'<b>'. $a_filter[$id]['created']['username'] .'</b>' )); } - if ($has_updated_time) - { + if ($has_updated_time) { $section->addInput(new Form_StaticText( 'Updated', date('n/j/y H:i:s', $a_filter[$id]['updated']['time']) . gettext(' by ') .'<b>'. $a_filter[$id]['updated']['username'] .'</b>' @@ -1672,7 +1675,7 @@ echo $form; <script type="text/javascript"> //<![CDATA[ -events.push(function(){ +events.push(function() { var portsenabled = 1; var editenabled = 1; @@ -1683,8 +1686,9 @@ events.push(function(){ if (($('#srcbeginport').find(":selected").index() == 0) && portsenabled && editenabled) { disableInput('srcbeginport_cust', false); } else { - if (editenabled) + if (editenabled) { $('#srcbeginport_cust').val(""); + } disableInput('srcbeginport_cust', true); } @@ -1692,8 +1696,9 @@ events.push(function(){ if (($('#srcendport').find(":selected").index() == 0) && portsenabled && editenabled) { disableInput('srcendport_cust', false); } else { - if (editenabled) + if (editenabled) { $('#srcendport_cust').val(""); + } disableInput('srcendport_cust', true); } @@ -1701,8 +1706,9 @@ events.push(function(){ if (($('#dstbeginport').find(":selected").index() == 0) && portsenabled && editenabled) { disableInput('dstbeginport_cust', false); } else { - if (editenabled) + if (editenabled) { $('#dstbeginport_cust').val(""); + } disableInput('dstbeginport_cust', true); } @@ -1710,8 +1716,9 @@ events.push(function(){ if (($('#dstendport').find(":selected").index() == 0) && portsenabled && editenabled) { disableInput('dstendport_cust', false); } else { - if (editenabled) + if (editenabled) { $('#dstendport_cust').val(""); + } disableInput('dstendport_cust', true); } @@ -1900,15 +1907,17 @@ events.push(function(){ $('#toggle-advanced').click(function() { optionsvisible = 1; hideClass('advanced-options', false); - if ($('#tcpflags_any').prop('checked')) + if ($('#tcpflags_any').prop('checked')) { $('.table-flags').addClass('hidden'); + } }); $('#tcpflags_any').click(function () { - if (this.checked) + if (this.checked) { $('.table-flags').addClass('hidden'); - else + } else { $('.table-flags').removeClass('hidden'); + } }); // Change help text based on the selector value @@ -1919,14 +1928,15 @@ events.push(function(){ function setOptText(target, val) { var dispstr = '<span class="text-success">'; - if (val == 'keep state') + if (val == 'keep state') { dispstr += 'Keep: works with all IP protocols'; - else if (val == 'sloppy state') + } else if (val == 'sloppy state') { dispstr += 'Sloppy: works with all IP protocols'; - else if (val == 'synproxy state') + } else if (val == 'synproxy state') { dispstr += 'Synproxy: proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined'; - else if (val == 'none') + } else if (val == 'none') { dispstr += 'None: Do not use state mechanisms to keep track. This is only useful if you\'re doing advanced queueing in certain situations'; + } dispstr += '</span>'; setHelpText(target, dispstr); |