summaryrefslogtreecommitdiffstats
path: root/usr/local/www/firewall_nat_edit.php
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2007-12-03 05:02:56 +0000
committerScott Ullrich <sullrich@pfsense.org>2007-12-03 05:02:56 +0000
commit40b56dc18bb2fcfa7b1f67a9885a25636ce915cb (patch)
treec267157ce064c148408ed610802e096daccd5d2f /usr/local/www/firewall_nat_edit.php
parent0397013a4044fd591079a007fb0cf126c5d85cd6 (diff)
downloadpfsense-40b56dc18bb2fcfa7b1f67a9885a25636ce915cb.zip
pfsense-40b56dc18bb2fcfa7b1f67a9885a25636ce915cb.tar.gz
Add multi user firewall nat port forward capabilities.
Diffstat (limited to 'usr/local/www/firewall_nat_edit.php')
-rwxr-xr-xusr/local/www/firewall_nat_edit.php42
1 files changed, 38 insertions, 4 deletions
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index 5268976..c840029 100755
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -61,6 +61,19 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['interface'] = "wan";
}
+if($id) {
+ $if = $a_nat[$id]['interface'];
+ $security_url = "firewall_nat_edit.php?if=". strtolower($if);
+ if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
+ if(!in_array($security_url, $allowed)) {
+ // User does not have access
+ // echo "displaying error {$security_url}"; print_r($allowed);
+ echo display_error_form("401", "Unauthorized. You do not have access to edit nat rules on the interface {$if}");
+ exit;
+ }
+ }
+}
+
if (isset($_GET['dup']))
unset($id);
@@ -271,10 +284,31 @@ include("fbegin.inc"); ?>
<td width="78%" class="vtable">
<select name="interface" class="formselect">
<?php
- $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE');
- for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
- $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
- }
+
+ $interfaces = array();
+
+ if(have_ruleint_access("lan"))
+ $interfaces['lan'] = "LAN";
+ if(have_ruleint_access("wan"))
+ $interfaces['wan'] = "WAN";
+
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ if(have_ruleint_access("opt{$i}"))
+ $interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
+
+ if ($config['pptpd']['mode'] == "server")
+ if(have_ruleint_access("pptp"))
+ $interfaces['pptp'] = "PPTP VPN";
+
+ if ($config['pppoe']['mode'] == "server")
+ if(have_ruleint_access("pppoe"))
+ $interfaces['pppoe'] = "PPPoE VPN";
+
+ /* add ipsec interfaces */
+ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable']))
+ if(have_ruleint_access("enc0"))
+ $interfaces["enc0"] = "IPSEC";
+
foreach ($interfaces as $iface => $ifacename): ?>
<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
<?=htmlspecialchars($ifacename);?>
OpenPOWER on IntegriCloud