diff options
| author | Phil Davis <phil.davis@inf.org> | 2016-07-07 16:27:41 +0930 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-07-08 12:30:28 -0300 |
| commit | 9461d2081360b2a6d57fbaa08f579a4625ce3f3c (patch) | |
| tree | 542951def31f1b422a4e49c49b288c2a8ebf0ba8 /src | |
| parent | 1f9c2cb696f493aaaa3512f29c080b7e422b24f2 (diff) | |
| download | pfsense-9461d2081360b2a6d57fbaa08f579a4625ce3f3c.zip pfsense-9461d2081360b2a6d57fbaa08f579a4625ce3f3c.tar.gz | |
Fix #6582 Allow import of ports
This change does:
1) Allow bulk import of a port alias. That happens when the Import
button is pressed from the Ports tab of the firewall_aliases screen.
2) Allow bulk import of an IP alias, automatically determine if the
imported data fits a host or network alias type. That happens when the
Import button is pressed from the IP tab of the firewall_aliases screen.
3) When Import is pressed from the "All" tab of the firewall_aliases
screen, make an IP alias.
4) Do not display the Import button when on the URL tab of the
firewall_aliases screen.
(cherry picked from commit e4c784bfeb5d9bad4c65c421cefb767af0b164dd)
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr/local/www/firewall_aliases.php | 8 | ||||
| -rwxr-xr-x | src/usr/local/www/firewall_aliases_import.php | 102 |
2 files changed, 85 insertions, 25 deletions
diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php index b6be2ff..bdf508a 100644 --- a/src/usr/local/www/firewall_aliases.php +++ b/src/usr/local/www/firewall_aliases.php @@ -309,10 +309,16 @@ display_top_tabs($tab_array); <i class="fa fa-plus icon-embed-btn"></i> <?=gettext("Add");?> </a> - <a href="firewall_aliases_import.php" role="button" class="btn btn-primary btn-sm"> +<?php +if (($tab == "ip") || ($tab == "port") || ($tab == "all")): +?> + <a href="firewall_aliases_import.php?tab=<?=$tab?>" role="button" class="btn btn-primary btn-sm"> <i class="fa fa-upload icon-embed-btn"></i> <?=gettext("Import");?> </a> +<?php +endif +?> </nav> <!-- Information section. Icon ID must be "showinfo" and the information <div> ID must be "infoblock". diff --git a/src/usr/local/www/firewall_aliases_import.php b/src/usr/local/www/firewall_aliases_import.php index 202a98f..025e608 100755 --- a/src/usr/local/www/firewall_aliases_import.php +++ b/src/usr/local/www/firewall_aliases_import.php @@ -83,6 +83,11 @@ if (is_array($config['load_balancer']['lbpool'])) { $reserved_ifs = get_configured_interface_list(false, true); $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names); +$tab = $_REQUEST['tab']; +if (empty($tab)) { + $tab = 'ip'; +} + if (!is_array($config['aliases']['alias'])) { $config['aliases']['alias'] = array(); } @@ -125,26 +130,51 @@ if ($_POST['aliasimport'] != "") { $imported_descs = array(); $desc_len_err_found = false; $desc_fmt_err_found = false; + if ($tab == "port") { + $alias_type = $tab; + } else { + $alias_type = "host"; + } + foreach ($tocheck as $impline) { $implinea = explode(" ", trim($impline), 2); $impip = $implinea[0]; $impdesc = trim($implinea[1]); if (strlen($impdesc) < 200) { if ((strpos($impdesc, "||") === false) && (substr($impdesc, 0, 1) != "|") && (substr($impdesc, -1, 1) != "|")) { - $iprange_type = is_iprange($impip); - if ($iprange_type == 4) { - list($startip, $endip) = explode('-', $impip); - $rangesubnets = ip_range_to_subnet_array($startip, $endip); - $imported_ips = array_merge($imported_ips, $rangesubnets); - $rangedescs = array_fill(0, count($rangesubnets), $impdesc); - $imported_descs = array_merge($imported_descs, $rangedescs); - } else if ($iprange_type == 6) { - $input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $impip); - } else if (!is_ipaddr($impip) && !is_subnet($impip) && !is_hostname($impip) && !empty($impip)) { - $input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $impip); - } elseif (!empty($impip)) { - $imported_ips[] = $impip; - $imported_descs[] = $impdesc; + if ($tab == "port") { + // Port alias + if (!empty($impip)) { + if (is_port($impip) || is_portrange($impip)) { + $imported_ips[] = $impip; + $imported_descs[] = $impdesc; + } else { + $input_errors[] = sprintf(gettext("%s is not a valid port or port range."), $impip); + } + } + } else { + // IP alias - host or network + $iprange_type = is_iprange($impip); + if ($iprange_type == 4) { + list($startip, $endip) = explode('-', $impip); + $rangesubnets = ip_range_to_subnet_array($startip, $endip); + $imported_ips = array_merge($imported_ips, $rangesubnets); + $rangedescs = array_fill(0, count($rangesubnets), $impdesc); + $imported_descs = array_merge($imported_descs, $rangedescs); + } else if ($iprange_type == 6) { + $input_errors[] = sprintf(gettext('IPv6 address ranges are not supported (%s)'), $impip); + } else { + $is_subnet = is_subnet($impip); + if (!is_ipaddr($impip) && !$is_subnet && !is_hostname($impip) && !empty($impip)) { + $input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $impip); + } elseif (!empty($impip)) { + if ($is_subnet) { + $alias_type = "network"; + } + $imported_ips[] = $impip; + $imported_descs[] = $impdesc; + } + } } } else { if (!$desc_fmt_err_found) { @@ -169,7 +199,7 @@ if ($_POST['aliasimport'] != "") { $alias['address'] = implode(" ", $imported_ips); $alias['detail'] = implode("||", $imported_descs); $alias['name'] = $_POST['name']; - $alias['type'] = "network"; + $alias['type'] = $alias_type; $alias['descr'] = $_POST['descr']; unset($imported_ips, $imported_descs); $a_aliases[] = $alias; @@ -180,7 +210,12 @@ if ($_POST['aliasimport'] != "") { if (write_config()) { mark_subsystem_dirty('aliases'); } - pfSenseHeader("firewall_aliases.php"); + + if (!empty($tab)) { + header("Location: firewall_aliases.php?tab=" . htmlspecialchars ($tab)); + } else { + header("Location: firewall_aliases.php"); + } exit; } @@ -193,7 +228,32 @@ if ($input_errors) { } $form = new Form; -$section = new Form_Section('Alias Details'); +$form->addGlobal(new Form_Input( + 'tab', + null, + 'hidden', + $tab +)); + +if ($tab == "port") { + $sectiontext = gettext('Port Alias Details'); + $helptext = gettext('Paste in the ports to import separated by a carriage return. ' . + 'The list may contain port numbers, port ranges, blank lines (ignored) and ' . + 'an optional description after each port. e.g.:</span>' . + '<ul><li>22</li><li>1234:1250</li><li>443 HTTPS port</li><li>4000:4099 Description of a port range</li>' . + '</ul><span class="help-block">'); +} else { + $sectiontext = gettext('IP Alias Details'); + $helptext = gettext('Paste in the aliases to ' . + 'import separated by a carriage return. Common examples are lists of IPs, ' . + 'networks, blacklists, etc. The list may contain IP addresses, with or without ' . + 'CIDR prefix, IP ranges, blank lines (ignored) and an optional description after ' . + 'each IP. e.g.:</span><ul><li>172.16.1.2</li><li>172.16.0.0/24</li><li>10.11.12.100-' . + '10.11.12.200</li><li>192.168.1.254 Home router</li><li>10.20.0.0/16 Office ' . + 'network</li><li>10.40.1.10-10.40.1.19 Managed switches</li></ul><span class="help-block">'); +} + +$section = new Form_Section($sectiontext); $section->addInput(new Form_Input( 'name', @@ -214,13 +274,7 @@ $section->addInput(new Form_Textarea( 'aliasimport', 'Aliases to import', $_POST["aliasimport"] -))->setHelp('Paste in the aliases to '. - 'import separated by a carriage return. Common examples are lists of IPs, '. - 'networks, blacklists, etc. The list may contain IP addresses, with or without '. - 'CIDR prefix, IP ranges, blank lines (ignored) and an optional description after '. - 'each IP. e.g.:</span><ul><li>172.16.1.2</li><li>172.16.0.0/24</li><li>10.11.12.100-'. - '10.11.12.200</li><li>192.168.1.254 Home router</li><li>10.20.0.0/16 Office '. - 'network</li><li>10.40.1.10-10.40.1.19 Managed switches</li></ul><span class="help-block">'); +))->setHelp($helptext); $form->add($section); print $form; |
