diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-04-20 18:14:23 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-04-20 18:14:23 +0000 |
| commit | 82d0dfc4609f27e691e29e8a379fe8f43beff328 (patch) | |
| tree | 704e143d4335921b384fabe75ea67318f47551a0 /usr/local/www/firewall_nat_out.php | |
| parent | 89c8e6d646a56ab8dad39327361113b41556d569 (diff) | |
| download | pfsense-82d0dfc4609f27e691e29e8a379fe8f43beff328.zip pfsense-82d0dfc4609f27e691e29e8a379fe8f43beff328.tar.gz | |
MFC 11291
Ticket #893 Also address "bugs/features" in the new XML parser (should be safe to MFC - needs testing before commiting to RELENG_1 though, works in HEAD perfectly)
Diffstat (limited to 'usr/local/www/firewall_nat_out.php')
| -rwxr-xr-x | usr/local/www/firewall_nat_out.php | 123 |
1 files changed, 61 insertions, 62 deletions
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index d3700ef..4320a9d 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -34,19 +34,15 @@ require("guiconfig.inc"); if (!is_array($config['nat']['advancedoutbound']['rule'])) - $config['nat']['advancedoutbound']['rule'] = array(); + $config['nat']['advancedoutbound']['rule'] = array(); $a_out = &$config['nat']['advancedoutbound']['rule']; -if ($_POST) { - $pconfig = $_POST; +if ($_POST['apply']) { + write_config(); - if ($_POST['apply']) { - - write_config(); - - $retval = 0; + $retval = 0; config_lock(); $retval |= filter_configure(); @@ -57,65 +53,61 @@ if ($_POST) { else $savemsg = $retval; - if ($retval == 0) { - if (file_exists($d_natconfdirty_path)) - unlink($d_natconfdirty_path); - if (file_exists($d_filterconfdirty_path)) - unlink($d_filterconfdirty_path); + if ($retval == 0) { + unlink_if_exists($d_natconfdirty_path); + unlink_if_exists($d_filterconfdirty_path); } - } } -if (isset($_POST['save'])) { - $was_enabled = isset($config['nat']['advancedoutbound']['enable']); +if (isset($_POST['save']) && $_POST['save'] == "Save") { /* mutually exclusive settings - if user wants advanced NAT, we don't help with IPSec */ - if ($_POST['ipsecpassthru'] == true) { - $config['nat']['ipsecpassthru']['enable'] = true; - $config['nat']['advancedoutbound']['enable'] = false; - } - if ($_POST['advancedoutbound'] == true) { - $config['nat']['advancedoutbound']['enable'] = true; - $config['nat']['ipsecpassthru']['enable'] = false; - } - if ($_POST['ipsecpassthru'] == false) - $config['nat']['ipsecpassthru']['enable'] = false; - if ($_POST['advancedoutbound'] == false) - $config['nat']['advancedoutbound']['enable'] = false; - if($was_enabled == false and $_POST['advancedoutbound'] <> "") { - /* - * user has enabled advanced outbound nat -- lets automatically create entries - * for all of the interfaces to make life easier on the pip-o-chap - */ - $a_out = &$config['nat']['advancedoutbound']['rule']; - $ifdescrs = array('lan'); - for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) - $ifdescrs[] = "opt" . $j; - foreach($ifdescrs as $if) { - if($if <> "lan" and $if <> "wan") { - /* interface is an optional. is it enabled? */ - if(!isset($config['interfaces'][$if]['enabled'])) { - continue; + switch ($_POST['advancedoripsec']) { + case "ipsecpassthru": + $config['nat']['ipsecpassthru']['enable'] = true; + unset($config['nat']['advancedoutbound']['enable']); + if(count($config['nat']['advancedoutbound']['rule']) == 0) + unset($config['nat']['advancedoutbound']['rule']); + break; + case "advancedoutboundnat": + $was_enabled = isset($config['nat']['advancedoutbound']['enable']); + $config['nat']['advancedoutbound']['enable'] = true; + unset($config['nat']['ipsecpassthru']['enable']); + if($was_enabled == false) { + /* + * user has enabled advanced outbound nat -- lets automatically create entries + * for all of the interfaces to make life easier on the pip-o-chap + */ + $ifdescrs = array('lan'); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) + $ifdescrs[] = "opt" . $j; + foreach($ifdescrs as $if) { + if($if <> "lan" and $if <> "wan") { + /* interface is an optional. is it enabled? */ + if(!isset($config['interfaces'][$if]['enabled'])) { + continue; + } } + $natent = array(); + $osn = gen_subnet($config['interfaces'][$if]['ipaddr'], + $config['interfaces'][$if]['subnet']); + $natent['source']['network'] = $osn . "/" . $config['interfaces'][$if]['subnet']; + $natent['sourceport'] = ""; + $int_description = $config['interfaces'][$if]['descr']; + if($if == "lan") + $int_description = "LAN"; + $natent['descr'] = "Auto created rule for {$int_description}"; + $natent['target'] = ""; + $natent['interface'] = "wan"; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; } - $natent = array(); - $osn = gen_subnet($config['interfaces'][$if]['ipaddr'], - $config['interfaces'][$if]['subnet']); - $natent['source']['network'] = $osn . "/" . $config['interfaces'][$if]['subnet']; - $natent['sourceport'] = ""; - $int_description = $config['interfaces'][$if]['descr']; - if($if == "lan") - $int_description = "LAN"; - $natent['descr'] = "Auto created rule for {$int_description}"; - $natent['target'] = ""; - $natent['interface'] = "wan"; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - } - $savemsg = "Default rules for each interface have been created."; - } + $savemsg = "Default rules for each interface have been created."; + } + break; + } write_config(); touch($d_natconfdirty_path); header("Location: firewall_nat_out.php"); @@ -128,6 +120,9 @@ if (isset($_POST['del_x'])) { foreach ($_POST['rule'] as $rulei) { unset($a_out[$rulei]); } + if (count($a_out) == 0) + unset($config['nat']['advancedoutbound']); + write_config(); touch($d_natconfdirty_path); header("Location: firewall_nat_out.php"); @@ -170,7 +165,11 @@ if (isset($_POST['del_x'])) { if (!in_array($i, $_POST['rule'])) $a_out_new[] = $a_out[$i]; } - $a_out = $a_out_new; + if (count($a_out_new) > 0) + $a_out = $a_out_new; + else + unset($config['nat']['advancedoutbound']); + write_config(); touch($d_natconfdirty_path); header("Location: firewall_nat_out.php"); @@ -208,13 +207,13 @@ include("head.inc"); <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td class="vtable"><p> - <input name="ipsecpassthru" type="checkbox" id="ipsecpassthru" value="yes" onClick="document.iform.advancedoutbound.checked=false" <?php if (isset($config['nat']['ipsecpassthru']['enable'])) echo "checked";?>> + <input name="advancedoripsec" type="radio" id="ipsecpassthru" value="ipsecpassthru" <?php if (isset($config['nat']['ipsecpassthru']['enable'])) echo "checked";?>> <strong>Enable IPSec passthru</strong></p> </td> </tr> <tr> <td class="vtable"><p> - <input name="advancedoutbound" type="checkbox" id="advancedoutbound" value="yes" onClick="document.iform.ipsecpassthru.checked=false" <?php if (isset($config['nat']['advancedoutbound']['enable'])) echo "checked";?>> + <input name="advancedoripsec" type="radio" id="advancedoutbound" value="advancedoutboundnat" <?php if (isset($config['nat']['advancedoutbound']['enable'])) echo "checked";?>> <strong>Enable advanced outbound NAT</strong></p></td> </tr> <tr> |
