diff options
| author | Phil Davis <phil.davis@world.inf.org> | 2013-07-22 03:43:40 -0700 |
|---|---|---|
| committer | Phil Davis <phil.davis@world.inf.org> | 2013-07-22 03:43:40 -0700 |
| commit | 69364ab81230d1b37feb39d7f6d7ddd0aeb2169f (patch) | |
| tree | 718e2b753a7956a1ff6811709f63a3c891cddc21 /usr/local/www/firewall_rules_edit.php | |
| parent | eac9f72b9d5b48542114740f59c3577bc5012945 (diff) | |
| download | pfsense-69364ab81230d1b37feb39d7f6d7ddd0aeb2169f.zip pfsense-69364ab81230d1b37feb39d7f6d7ddd0aeb2169f.tar.gz | |
Validate firewall rule advanced options requirements
Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules.
Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html
Bug report #3098
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index a2a7e0e..ae80660 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -472,6 +472,51 @@ if ($_POST) { $input_errors[] = gettext("You can only select a layer7 container for Pass type rules."); } + if ($_POST['proto'] <> "tcp") { + if (!empty($_POST['max'])) + $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for TCP protocol."); + if (!empty($_POST['max-src-nodes'])) + $input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for TCP protocol."); + if (!empty($_POST['max-src-conn'])) + $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for TCP protocol."); + if (!empty($_POST['max-src-states'])) + $input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for TCP protocol."); + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + $input_errors[] = gettext("You can only specify the maximum new connections / per second(s) (advanced option) for TCP protocol."); + if (!empty($_POST['statetimeout'])) + $input_errors[] = gettext("You can only specify the state timeout (advanced option) for TCP protocol."); + } + + if ($_POST['type'] <> "pass") { + if (!empty($_POST['max'])) + $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for Pass type rules."); + if (!empty($_POST['max-src-nodes'])) + $input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for Pass type rules."); + if (!empty($_POST['max-src-conn'])) + $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for Pass type rules."); + if (!empty($_POST['max-src-states'])) + $input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for Pass type rules."); + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + $input_errors[] = gettext("You can only specify the maximum new connections / per second(s) (advanced option) for Pass type rules."); + if (!empty($_POST['statetimeout'])) + $input_errors[] = gettext("You can only specify the state timeout (advanced option) for Pass type rules."); + } + + if (($_POST['statetype'] == "none") && (empty($_POST['l7container']))) { + if (!empty($_POST['max'])) + $input_errors[] = gettext("You cannot specify the maximum state entries (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['max-src-nodes'])) + $input_errors[] = gettext("You cannot specify the maximum number of unique source hosts (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['max-src-conn'])) + $input_errors[] = gettext("You cannot specify the maximum number of established connections per host (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['max-src-states'])) + $input_errors[] = gettext("You cannot specify the maximum state entries per host (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + $input_errors[] = gettext("You cannot specify the maximum new connections / per second(s) (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['statetimeout'])) + $input_errors[] = gettext("You cannot specify the state timeout (advanced option) if statetype is none and no L7 container is selected."); + } + if (!$_POST['tcpflags_any']) { $settcpflags = array(); $outoftcpflags = array(); |
