diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-11-18 15:26:51 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-11-18 15:26:51 -0200 |
commit | 6f61fea64122fb306a89347ea9ca7a4f203c8cd8 (patch) | |
tree | d6ce9a9bcb7a53e1d230e2d4d2fa5ca4c16ea2dd /usr/local/www/firewall_nat_out.php | |
parent | e47914184a889eb91ed336c8874cf1edfa13da8e (diff) | |
download | pfsense-6f61fea64122fb306a89347ea9ca7a4f203c8cd8.zip pfsense-6f61fea64122fb306a89347ea9ca7a4f203c8cd8.tar.gz |
Use the same code to automatically create outbound NAT rules when mode change to manual, ticket #2416
Diffstat (limited to 'usr/local/www/firewall_nat_out.php')
-rwxr-xr-x | usr/local/www/firewall_nat_out.php | 135 |
1 files changed, 13 insertions, 122 deletions
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index b8afe30..439bd81 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -46,6 +46,8 @@ require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); +global $FilterIflist; + if (!is_array($config['nat']['outbound'])) $config['nat']['outbound'] = array(); @@ -84,130 +86,20 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { * lets automatically create entries * for all of the interfaces to make life easier on the pip-o-chap */ - $ifdescrs = get_configured_interface_with_descr(); - - foreach($ifdescrs as $if => $ifdesc) { - if (!interface_has_gateway($if)) - continue; - foreach ($ifdescrs as $if2 => $ifdesc2) { - if (interface_has_gateway($if2)) - continue; - - $osipaddr = get_interface_ip($if2); - $ossubnet = get_interface_subnet($if2); - if (!is_ipaddr($osipaddr) || empty($ossubnet)) - continue; - $osn = gen_subnet($osipaddr, $ossubnet); - - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['dstport'] = "500"; - $natent['descr'] = sprintf(gettext('Auto created rule for ISAKMP - %1$s to %2$s'),$ifdesc2,$ifdesc); - $natent['target'] = ""; - $natent['interface'] = $if; - $natent['destination']['any'] = true; - $natent['staticnatport'] = true; - $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); - $a_out[] = $natent; - - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = sprintf(gettext('Auto created rule for %1$s to %2$s'),$ifdesc2,$ifdesc); - $natent['target'] = ""; - $natent['interface'] = $if; - $natent['destination']['any'] = true; - $natent['natport'] = ""; + if(empty($FilterIflist)) + filter_generate_optcfg_array(); + $tonathosts = filter_nat_rules_automatic_tonathosts(true); + $automatic_rules = filter_nat_rules_outbound_automatic(""); + + foreach ($tonathosts as $tonathost) { + foreach ($automatic_rules as $natent) { + $natent['source']['network'] = $tonathost['subnet']; + $natent['descr'] .= sprintf(gettext(' - %1$s to %2$s'), + $tonathost['descr'], + convert_real_interface_to_friendly_descr($natent['interface'])); $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); $a_out[] = $natent; } - /* Localhost */ - $natent = array(); - $natent['source']['network'] = "127.0.0.0/8"; - $natent['dstport'] = ""; - $natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc); - $natent['target'] = ""; - $natent['interface'] = $if; - $natent['destination']['any'] = true; - $natent['staticnatport'] = false; - $natent['natport'] = "1024:65535"; - $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); - $a_out[] = $natent; - /* PPTP subnet */ - if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) { - $pptp_size = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units']; - $pptptopip = $pptp_size - 1; - $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$pptptopip)); - foreach ($pptp_subnets as $pptpsn) { - $natent = array(); - $natent['source']['network'] = $pptpsn; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for PPTP server"); - $natent['target'] = ""; - $natent['interface'] = $if; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); - $a_out[] = $natent; - } - } - /* PPPoE subnet */ - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { - foreach ($config['pppoes']['pppoe'] as $pppoes) { - if (($pppoes['mode'] == "server") && is_ipaddr($pppoes['localip'])) { - if($pppoes['pppoe_subnet'] <> "") - $ossubnet = $pppoes['pppoe_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($pppoes['localip'], $ossubnet); - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for PPPoE server"); - $natent['target'] = ""; - $natent['interface'] = $if; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); - $a_out[] = $natent; - } - } - } - /* L2TP subnet */ - if($config['l2tp']['mode'] == "server") { - if (is_ipaddr($config['l2tp']['localip'])) { - if($config['l2tp']['l2tp_subnet'] <> "") - $ossubnet = $config['l2tp']['l2tp_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($config['l2tp']['localip'], $ossubnet); - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for L2TP server"); - $natent['target'] = ""; - $natent['interface'] = $if; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); - $a_out[] = $natent; - } - } - /* add openvpn interfaces */ - if($config['openvpn']['openvpn-server']) { - foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { - $natent = array(); - $natent['source']['network'] = $ovpnsrv['tunnel_network']; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for OpenVPN server"); - $natent['target'] = ""; - $natent['interface'] = $if; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); - $a_out[] = $natent; - } - } } $savemsg = gettext("Default rules for each interface have been created."); } @@ -585,7 +477,6 @@ if (is_subsystem_dirty('natconf')) </tr> <?php if ($mode == "automatic" || $mode == "hybrid"): - global $FilterIflist; if(empty($FilterIflist)) filter_generate_optcfg_array(); $automatic_rules = filter_nat_rules_outbound_automatic(implode(" ", filter_nat_rules_automatic_tonathosts())); |