diff options
| author | Phil Davis <phil.davis@inf.org> | 2015-05-11 12:06:17 +0545 |
|---|---|---|
| committer | Phil Davis <phil.davis@inf.org> | 2015-05-11 12:06:17 +0545 |
| commit | 37ba954df7f60273dbeb6be02c222b57507367de (patch) | |
| tree | 010b33c5a9acc46b43ebd51e1976b0bd31b06f90 /usr/local/www/firewall_nat_edit.php | |
| parent | d0c28e66a81bb06183b09514c6d1aa87e9c4deb0 (diff) | |
| download | pfsense-37ba954df7f60273dbeb6be02c222b57507367de.zip pfsense-37ba954df7f60273dbeb6be02c222b57507367de.tar.gz | |
Code style Firewall NAT
Diffstat (limited to 'usr/local/www/firewall_nat_edit.php')
| -rw-r--r-- | usr/local/www/firewall_nat_edit.php | 609 |
1 files changed, 342 insertions, 267 deletions
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index d8f04d2..4488e2f 100644 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -60,27 +60,33 @@ if (!is_array($config['nat']['rule'])) { } $a_nat = &$config['nat']['rule']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (is_numericint($_GET['after']) || $_GET['after'] == "-1") +if (is_numericint($_GET['after']) || $_GET['after'] == "-1") { $after = $_GET['after']; -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) +} +if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { $after = $_POST['after']; +} if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_nat[$id]) { - if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) ) + if (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])) { $pconfig['created'] = $a_nat[$id]['created']; + } - if ( isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']) ) + if (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])) { $pconfig['updated'] = $a_nat[$id]['updated']; + } $pconfig['disabled'] = isset($a_nat[$id]['disabled']); $pconfig['nordr'] = isset($a_nat[$id]['nordr']); @@ -101,8 +107,9 @@ if (isset($id) && $a_nat[$id]) { $pconfig['nosync'] = isset($a_nat[$id]['nosync']); $pconfig['natreflection'] = $a_nat[$id]['natreflection']; - if (!$pconfig['interface']) + if (!$pconfig['interface']) { $pconfig['interface'] = "wan"; + } } else { $pconfig['interface'] = "wan"; $pconfig['src'] = "any"; @@ -110,61 +117,74 @@ if (isset($id) && $a_nat[$id]) { $pconfig['srcendport'] = "any"; } -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); +} -/* run through $_POST items encoding HTML entties so that the user +/* run through $_POST items encoding HTML entities so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ unset($input_errors); foreach ($_POST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); - if($newpost <> $temp) + if ($newpost <> $temp) { $input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp); + } } if ($_POST) { - if(strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") { - if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + if (strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") { + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) { $_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']); - if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + } + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) { $_POST['srcendport'] = trim($_POST['srcendport_cust']); + } if ($_POST['srcbeginport'] == "any") { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; } else { - if (!$_POST['srcendport']) + if (!$_POST['srcendport']) { $_POST['srcendport'] = $_POST['srcbeginport']; + } } - if ($_POST['srcendport'] == "any") + if ($_POST['srcendport'] == "any") { $_POST['srcendport'] = $_POST['srcbeginport']; + } - if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) { $_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']); - if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + } + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) { $_POST['dstendport'] = trim($_POST['dstendport_cust']); + } if ($_POST['dstbeginport'] == "any") { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } else { - if (!$_POST['dstendport']) + if (!$_POST['dstendport']) { $_POST['dstendport'] = $_POST['dstbeginport']; + } } - if ($_POST['dstendport'] == "any") + if ($_POST['dstendport'] == "any") { $_POST['dstendport'] = $_POST['dstbeginport']; + } - if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) + if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) { $_POST['localbeginport'] = trim($_POST['localbeginport_cust']); + } /* Make beginning port end port if not defined and endport is */ - if (!$_POST['srcbeginport'] && $_POST['srcendport']) + if (!$_POST['srcbeginport'] && $_POST['srcendport']) { $_POST['srcbeginport'] = $_POST['srcendport']; - if (!$_POST['dstbeginport'] && $_POST['dstendport']) + } + if (!$_POST['dstbeginport'] && $_POST['dstendport']) { $_POST['dstbeginport'] = $_POST['dstendport']; + } } else { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; @@ -192,7 +212,7 @@ if ($_POST) { $pconfig = $_POST; /* input validation */ - if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { + if (strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { $reqdfields = explode(" ", "interface proto dstbeginport dstendport"); $reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to")); } else { @@ -224,33 +244,40 @@ if ($_POST) { $_POST['dstendport'] = 0; } - if ($_POST['src']) + if ($_POST['src']) { $_POST['src'] = trim($_POST['src']); - if ($_POST['dst']) + } + if ($_POST['dst']) { $_POST['dst'] = trim($_POST['dst']); - if ($_POST['localip']) + } + if ($_POST['localip']) { $_POST['localip'] = trim($_POST['localip']); + } if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']); } - if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) + if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']); - if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) + } + if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']); - if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) + } + if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']); - if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) + } + if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']); + } if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) { $input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']); } /* if user enters an alias and selects "network" then disallow. */ - if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) ) - || ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) { + if (($_POST['srctype'] == "network" && is_alias($_POST['src']) ) || + ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) )) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); } @@ -285,34 +312,39 @@ if ($_POST) { } if (!$input_errors) { - if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) + if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) { $input_errors[] = gettext("The target port range must be an integer between 1 and 65535."); + } } /* check for overlaps */ foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) { continue; - if ($natent['interface'] != $_POST['interface']) + } + if ($natent['interface'] != $_POST['interface']) { continue; - if ($natent['destination']['address'] != $_POST['dst']) + } + if ($natent['destination']['address'] != $_POST['dst']) { continue; - if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) + } + if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) { continue; + } list($begp,$endp) = explode("-", $natent['destination']['port']); - if (!$endp) + if (!$endp) { $endp = $begp; + } - if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) - || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { - + if (!((($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) || + (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { $input_errors[] = gettext("The destination port range overlaps with an existing entry."); break; } } - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation"); if (!$input_errors) { @@ -344,21 +376,24 @@ if ($_POST) { $natent['descr'] = $_POST['descr']; $natent['associated-rule-id'] = $_POST['associated-rule-id']; - if($_POST['filter-rule-association'] == "pass") + if ($_POST['filter-rule-association'] == "pass") { $natent['associated-rule-id'] = "pass"; + } - if($_POST['nosync'] == "yes") + if ($_POST['nosync'] == "yes") { $natent['nosync'] = true; - else + } else { unset($natent['nosync']); + } - if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "purenat" || $_POST['natreflection'] == "disable") + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "purenat" || $_POST['natreflection'] == "disable") { $natent['natreflection'] = $_POST['natreflection']; - else + } else { unset($natent['natreflection']); + } // If we used to have an associated filter rule, but no-longer should have one - if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { + if (!empty($a_nat[$id]) && (empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'])) { // Delete the previous rule delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']); mark_subsystem_dirty('filter'); @@ -366,19 +401,21 @@ if ($_POST) { $need_filter_rule = false; // Updating a rule with a filter rule associated - if (!empty($natent['associated-rule-id'])) + if (!empty($natent['associated-rule-id'])) { $need_filter_rule = true; + } // Create a rule or if we want to create a new one - if( $natent['associated-rule-id']=='new' ) { + if ($natent['associated-rule-id']=='new') { $need_filter_rule = true; unset( $natent['associated-rule-id'] ); $_POST['filter-rule-association']='add-associated'; } // If creating a new rule, where we want to add the filter rule, associated or not - else if( isset($_POST['filter-rule-association']) && - ($_POST['filter-rule-association']=='add-associated' || - $_POST['filter-rule-association']=='add-unassociated') ) + else if (isset($_POST['filter-rule-association']) && + ($_POST['filter-rule-association']=='add-associated' || + $_POST['filter-rule-association']=='add-unassociated')) { $need_filter_rule = true; + } if ($need_filter_rule == true) { @@ -388,10 +425,11 @@ if ($_POST) { // If a rule already exists, load it if (!empty($natent['associated-rule-id'])) { $filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']); - if ($filterentid === false) + if ($filterentid === false) { $filterent['associated-rule-id'] = $natent['associated-rule-id']; - else + } else { $filterent =& $config['filter']['rule'][$filterentid]; + } } pconfig_to_address($filterent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot'], @@ -405,10 +443,11 @@ if ($_POST) { $dstpfrom = $_POST['localbeginport']; $dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport']; - if ($dstpfrom == $dstpto) + if ($dstpfrom == $dstpto) { $filterent['destination']['port'] = $dstpfrom; - else + } else { $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto; + } /* * Our firewall filter description may be no longer than @@ -417,7 +456,7 @@ if ($_POST) { $filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62); // If this is a new rule, create an ID and add the rule - if( $_POST['filter-rule-association']=='add-associated' ) { + if ($_POST['filter-rule-association']=='add-associated') { $filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id(); $filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward")); $config['filter']['rule'][] = $filterent; @@ -426,27 +465,30 @@ if ($_POST) { mark_subsystem_dirty('filter'); } - if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) ) + if (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])) { $natent['created'] = $a_nat[$id]['created']; + } $natent['updated'] = make_config_revision_entry(); - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config"); // Update the NAT entry now - if (isset($id) && $a_nat[$id]) + if (isset($id) && $a_nat[$id]) { $a_nat[$id] = $natent; - else { + } else { $natent['created'] = make_config_revision_entry(); - if (is_numeric($after)) + if (is_numeric($after)) { array_splice($a_nat, $after+1, 0, array($natent)); - else + } else { $a_nat[] = $natent; + } } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat.php"); exit; @@ -466,13 +508,13 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td> - </tr> +<form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td> + </tr> <?php - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly"); ?> <tr> @@ -483,67 +525,82 @@ include("fbegin.inc"); ?> <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span> </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td> - <td width="78%" class="vtable"> - <input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if($pconfig['nordr']) echo "checked=\"checked\""; ?> /> - <span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?> - <br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span> - </td> - </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> - <td width="78%" class="vtable"> - <select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();"> - <?php - - $iflist = get_configured_interface_with_descr(false, true); - // Allow extending of the firewall edit interfaces - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit"); - foreach ($iflist as $if => $ifdesc) - if(have_ruleint_access($if)) - $interfaces[$if] = $ifdesc; - - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) - $interfaces['l2tp'] = "L2TP VPN"; - - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) - $interfaces['pptp'] = "PPTP VPN"; - - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE Server"; - - /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) - $interfaces["enc0"] = "IPsec"; - - /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) - $interfaces["openvpn"] = "OpenVPN"; - - foreach ($interfaces as $iface => $ifacename): ?> + <td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td> + <td width="78%" class="vtable"> + <input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if ($pconfig['nordr']) echo "checked=\"checked\""; ?> /> + <span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?> + <br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> + <td width="78%" class="vtable"> + <select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();"> + <?php + $iflist = get_configured_interface_with_descr(false, true); + // Allow extending of the firewall edit interfaces + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit"); + foreach ($iflist as $if => $ifdesc) { + if (have_ruleint_access($if)) { + $interfaces[$if] = $ifdesc; + } + } + + if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { + $interfaces['l2tp'] = "L2TP VPN"; + } + } + + if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { + $interfaces['pptp'] = "PPTP VPN"; + } + } + + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { + $interfaces['pppoe'] = "PPPoE Server"; + } + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (have_ruleint_access("enc0")) { + $interfaces["enc0"] = "IPsec"; + } + } + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { + $interfaces["openvpn"] = "OpenVPN"; + } + + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>> - <?=htmlspecialchars($ifacename);?> + <?=htmlspecialchars($ifacename);?> </option> - <?php endforeach; ?> - </select><br /> - <span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br /> - <?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td> - <td width="78%" class="vtable"> - <select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();"> - <?php $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF"); foreach ($protocols as $proto): ?> - <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option> - <?php endforeach; ?> - </select> <br /> <span class="vexpl"><?=gettext("Choose which IP protocol " . - "this rule should match."); ?><br /> - <?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em> <?=gettext("here."); ?></span></td> - </tr> + <?php endforeach; ?> + </select><br /> + <span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br /> + <?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td> + <td width="78%" class="vtable"> + <select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();"> + <?php + $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF"); + foreach ($protocols as $proto): ?> + <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option> + <?php endforeach; ?> + </select> + <br /> + <span class="vexpl"><?=gettext("Choose which IP protocol this rule should match."); ?><br /> + <?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em> <?=gettext("here."); ?> + </span> + </td> + </tr> <tr id="showadvancedboxsrc" name="showadvancedboxsrc"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td> <td width="78%" class="vtable"> @@ -569,24 +626,27 @@ include("fbegin.inc"); ?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option> <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option> - <?php if(have_ruleint_access("pptp")): ?> + <?php if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option> <?php endif; ?> - <?php if(have_ruleint_access("pppoe")): ?> + <?php if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option> <?php endif; ?> - <?php if(have_ruleint_access("l2tp")): ?> - <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> - <?php endif; ?> + <?php if (have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> + <?php endif; ?> <?php - foreach ($ifdisp as $ifent => $ifdesc): ?> - <?php if(have_ruleint_access($ifent)): ?> + foreach ($ifdisp as $ifent => $ifdesc): + if (have_ruleint_access($ifent)): +?> <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option> <option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>> <?=$ifdesc?> <?=gettext("address");?> </option> - <?php endif; ?> -<?php endforeach; ?> +<?php + endif; + endforeach; +?> </select> </td> </tr> @@ -653,35 +713,38 @@ include("fbegin.inc"); ?> <td><?=gettext("Type:"); ?> </td> <td> <select name="dsttype" class="formselect" onchange="typesel_change()"> -<?php - $sel = is_specialnet($pconfig['dst']); ?> + <?php $sel = is_specialnet($pconfig['dst']); ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option> <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option> <option value="(self)" <?PHP if ($pconfig['dst'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option> - <?php if(have_ruleint_access("pptp")): ?> + <?php if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option> <?php endif; ?> - <?php if(have_ruleint_access("pppoe")): ?> + <?php if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option> <?php endif; ?> - <?php if(have_ruleint_access("l2tp")): ?> - <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> - <?php endif; ?> + <?php if (have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> + <?php endif; ?> -<?php foreach ($ifdisp as $if => $ifdesc): ?> - <?php if(have_ruleint_access($if)): ?> +<?php foreach ($ifdisp as $if => $ifdesc): + if (have_ruleint_access($if)): +?> <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option> <option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>> <?=$ifdesc;?> <?=gettext("address");?> </option> - <?php endif; ?> -<?php endforeach; ?> +<?php + endif; + endforeach; +?> <?php if (is_array($config['virtualip']['vip'])): foreach ($config['virtualip']['vip'] as $sn): - if (isset($sn['noexpand'])) + if (isset($sn['noexpand'])) { continue; + } if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); @@ -756,113 +819,125 @@ include("fbegin.inc"); ?> </span> </td> </tr> - <tr name="localiptable" id="localiptable"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td> - <td width="78%" class="vtable"> - <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" /> - <br /> <span class="vexpl"><?=gettext("Enter the internal IP address of " . - "the server on which you want to map the ports."); ?><br /> - <?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td> - </tr> - <tr name="lprtr" id="lprtr"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td> - <td width="78%" class="vtable"> - <select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();"> - <option value="">(<?=gettext("other"); ?>)</option> - <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> - <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) { + <tr name="localiptable" id="localiptable"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td> + <td width="78%" class="vtable"> + <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter the internal IP address of the server on which you want to map the ports."); ?> + <br /> + <?=gettext("e.g."); ?> + <em>192.168.1.12</em> + </span> + </td> + </tr> + <tr name="lprtr" id="lprtr"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td> + <td width="78%" class="vtable"> + <select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();"> + <option value="">(<?=gettext("other"); ?>)</option> + <?php + $bfound = 0; + foreach ($wkports as $wkport => $wkportdesc): + ?> + <option value="<?=$wkport;?>" + <?php if ($wkport == $pconfig['localbeginport']) { echo "selected=\"selected\""; $bfound = 1; }?>> - <?=htmlspecialchars($wkportdesc);?> - </option> - <?php endforeach; ?> - </select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" /> - <br /> - <span class="vexpl"><?=gettext("Specify the port on the machine with the " . - "IP address entered above. In case of a port range, specify " . - "the beginning port of the range (the end port will be calculated " . - "automatically)."); ?><br /> - <?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here " . - "for your reference (not parsed)."); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td> - <td width="78%" class="vtable"> - <input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> - <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td> - <td width="78%" class="vtable"> - <select name="natreflection" class="formselect"> - <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option> - <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option> - <option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option> - <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option> - </select> - </td> - </tr> - <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> - <tr name="assoctable" id="assoctable"> - <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> - <td width="78%" class="vtable"> - <select name="associated-rule-id"> - <option value=""><?=gettext("None"); ?></option> - <option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option> - <?php - $linkedrule = ""; - if (is_array($config['filter']['rule'])) { - filter_rules_sort(); - foreach ($config['filter']['rule'] as $filter_id => $filter_rule) { - if (isset($filter_rule['associated-rule-id'])) { - echo "<option value=\"{$filter_rule['associated-rule-id']}\""; - if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) { - echo " selected=\"selected\""; - $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br />"; - } - echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n"; - + <?=htmlspecialchars($wkportdesc);?> + </option> + <?php endforeach; ?> + </select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" /> + <br /> + <span class="vexpl"><?=gettext("Specify the port on the machine with the " . + "IP address entered above. In case of a port range, specify " . + "the beginning port of the range (the end port will be calculated " . + "automatically)."); ?><br /> + <?=gettext("Hint: this is usually identical to the 'from' port above"); ?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> + <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td> + <td width="78%" class="vtable"> + <input type="checkbox" value="yes" name="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> + <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td> + <td width="78%" class="vtable"> + <select name="natreflection" class="formselect"> + <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option> + <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option> + <option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option> + <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option> + </select> + </td> + </tr> + <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> + <tr name="assoctable" id="assoctable"> + <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> + <td width="78%" class="vtable"> + <select name="associated-rule-id"> + <option value=""><?=gettext("None"); ?></option> + <option value="pass" <?php if ($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option> + <?php + $linkedrule = ""; + if (is_array($config['filter']['rule'])) { + filter_rules_sort(); + foreach ($config['filter']['rule'] as $filter_id => $filter_rule) { + if (isset($filter_rule['associated-rule-id'])) { + echo "<option value=\"{$filter_rule['associated-rule-id']}\""; + if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) { + echo " selected=\"selected\""; + $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br />"; } - } + echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n"; } - if (isset($pconfig['associated-rule-id'])) - echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n"; - echo "</select>\n"; - echo $linkedrule; - ?> - </td> - </tr> - <?php endif; ?> - <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?> - <tr name="assoctable" id="assoctable"> - <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> - <td width="78%" class="vtable"> - <select name="filter-rule-association" id="filter-rule-association"> - <option value=""><?=gettext("None"); ?></option> - <option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option> - <option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option> - <option value="pass"><?=gettext("Pass"); ?></option> - </select> - <br /><br /><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?> - </td> - </tr><?php endif; ?> + } + } + if (isset($pconfig['associated-rule-id'])) { + echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n"; + } + echo "</select>\n"; + echo $linkedrule; + ?> + </td> + </tr> + <?php endif; ?> + <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?> + <tr name="assoctable" id="assoctable"> + <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> + <td width="78%" class="vtable"> + <select name="filter-rule-association" id="filter-rule-association"> + <option value=""><?=gettext("None"); ?></option> + <option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option> + <option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option> + <option value="pass"><?=gettext("Pass"); ?></option> + </select> + <br /><br /><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?> + </td> + </tr> + <?php endif; ?> <?php - // Allow extending of the firewall edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate"); + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate"); ?> <?php -$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])); -$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])); + $has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])); + $has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])); ?> - <?php if ($has_created_time || $has_updated_time): ?> + <?php if ($has_created_time || $has_updated_time): ?> <tr> <td> </td> </tr> @@ -885,23 +960,23 @@ $has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['upda </td> </tr> <?php endif; ?> - <?php endif; ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" /> - </td> - </tr> - </table> + <?php endif; ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" /> + </td> + </tr> + </table> </form> <script type="text/javascript"> //<