diff options
author | Simon Cornelius P. Umacob <simoncpu@gmail.com> | 2009-01-20 15:52:39 +0800 |
---|---|---|
committer | Simon Cornelius P. Umacob <simoncpu@gmail.com> | 2009-01-20 15:52:39 +0800 |
commit | f193cf92b2c925a2f3f71a713d766efd1e4d81e0 (patch) | |
tree | c02f02076434ddf76d0892a06a66ad0969cbe70e /usr/local/www/firewall_rules_edit.php | |
parent | 1f9f2a95b7b42cf33e730535092e56e214fdb848 (diff) | |
download | pfsense-f193cf92b2c925a2f3f71a713d766efd1e4d81e0.zip pfsense-f193cf92b2c925a2f3f71a713d766efd1e4d81e0.tar.gz |
Merge IPv6 changes
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 123 |
1 files changed, 109 insertions, 14 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 37af21d..0883d62 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -40,6 +40,7 @@ require("guiconfig.inc"); +require_once("IPv6.inc"); $specialsrcdst = explode(" ", "any wanip lanip lan pptp pppoe"); @@ -91,6 +92,9 @@ if (isset($id) && $a_filter[$id]) { if ($a_filter[$id]['protocol'] == "icmp") $pconfig['icmptype'] = $a_filter[$id]['icmptype']; + if ($a_filter[$id]['protocol'] == "icmp6") + $pconfig['icmp6type'] = $a_filter[$id]['icmp6type']; + address_to_pconfig($a_filter[$id]['source'], $pconfig['src'], $pconfig['srcmask'], $pconfig['srcnot'], $pconfig['srcbeginport'], $pconfig['srcendport']); @@ -156,9 +160,9 @@ if (isset($_GET['dup'])) unset($id); if ($_POST) { - - if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp") - $input_errors[] = "Reject type rules only works when the protocol is set to TCP."; + if ($_POST['type'] == "reject" && !($_POST['proto'] == "tcp" || $_POST['proto'] == "tcp6")) { + $input_errors[] = "Reject type rules only works when the protocol is set to TCP or TCP6."; + } if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { $_POST['srcbeginport'] = 0; @@ -282,7 +286,7 @@ if ($_POST) { if (!is_specialnet($_POST['srctype'])) { if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) { - $input_errors[] = "A valid source IP address or alias must be specified."; + $input_errors[] = "A valid source IPv4/IPv6 address or alias must be specified."; } if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { $input_errors[] = "A valid source bit count must be specified."; @@ -290,7 +294,7 @@ if ($_POST) { } if (!is_specialnet($_POST['dsttype'])) { if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) { - $input_errors[] = "A valid destination IP address or alias must be specified."; + $input_errors[] = "A valid destination IPv4/IPv6 address or alias must be specified."; } if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { $input_errors[] = "A valid destination bit count must be specified."; @@ -386,6 +390,11 @@ if ($_POST) { else unset($filterent['icmptype']); + if ($_POST['proto'] == "icmp6" && $_POST['icmp6type']) + $filterent['icmp6type'] = $_POST['icmp6type']; + else + unset($filterent['icmp6type']); + pconfig_to_address($filterent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot'], $_POST['srcbeginport'], $_POST['srcendport']); @@ -460,6 +469,8 @@ include("head.inc"); ?> +<script type="text/javascript" src="javascript/NetUtils.js"></script> + </head> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> @@ -569,7 +580,7 @@ include("head.inc"); <td width="78%" class="vtable"> <select name="proto" class="formselect" onchange="proto_change()"> <?php - $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP any carp pfsync"); + $protocols = explode(" ", "TCP UDP TCP/UDP ICMP TCP6 UDP6 TCP6/UDP6 ICMP6 ESP AH GRE IGMP any carp pfsync"); foreach ($protocols as $proto): ?> <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option> <?php endforeach; ?> @@ -611,6 +622,50 @@ include("head.inc"); <span class="vexpl">If you selected ICMP for the protocol above, you may specify an ICMP type here.</span> </td> </tr> + <tr id="icmp6box" name="icmp6box"> + <td valign="top" class="vncell">ICMP6 type</td> + <td class="vtable"> + <select name="icmp6type" class="formselect"> +<?php + $icmp6types = array( + "unreach" => "Destination unreachable", + "toobig" => "Packet too big", + "timex" => "Time exceeded", + "parampro" => "Invalid IPv6 header", + "echoreq" => "Echo service request", + "echorep" => "Echo service reply", + "groupqry" => "Group membership query", + "listqry" => "Multicast listener query", + "grouprep" => "Group membership report", + "listenrep" => "Multicast listener report", + "groupterm" => "Group membership termination", + "listendone" => "Multicast listerner done", + "routersol" => "Router solicitation", + "routeradv" => "Router advertisement", + "neighbrsol" => "Neighbor solicitation", + "neighbradv" => "Neighbor advertisement", + "redir" => "Shorter route exists", + "routrrenum" => "Route renumbering", + "fqdnreq" => "FQDN query", + "niqry" => "Node information query", + "wrureq" => "Who-are-you request", + "fqdnrep" => "FQDN reply", + "nirep" => "Node information reply", + "wrurep" => "Who-are-you reply", + "mtraceresp" => "mtrace response", + "mtrace" => "mtrace messages" + ); +?> + + <?php foreach ($icmp6types as $icmp6type => $descr): ?> + <option value="<?=$icmp6type;?>" <?php if ($icmp6type == $pconfig['icmp6type']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option> + <?php endforeach; ?> + + </select> + <br /> + <span class="vexpl">If you selected ICMP6 for the protocol above, you may specify an ICMP6 type here.</span> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq">Source</td> <td width="78%" class="vtable"> @@ -625,11 +680,31 @@ include("head.inc"); <td>Type: </td> <td> <select name="srctype" class="formselect" onChange="typesel_change()"> -<?php - $sel = is_specialnet($pconfig['src']); ?> + <?php + $sel_host = false; + $sel_v4 = false; + $sel_v6 = false; + + $sel = is_specialnet($pconfig['src']); + + if (is_ipaddr($pconfig['src']) && !$sel) { + if ($pconfig['srcmask'] == 32) { + $sel_host = true; + } else { + $sel_v4 = true; + } + } else if (Net_IPv6::checkIPv6($pconfig['src']) && !$sel) { + if ($pconfig['srcmask'] == 128) { + $sel_host = true; + } else { + $sel_v6 = true; + } + } + ?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option> - <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option> - <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> + <option value="single" <?php if ($sel_host) echo "selected"; ?>>Single host or alias</option> + <option value="network" <?php if ($sel_v4) echo "selected"; ?>>IPv4 Network</option> + <option value="network_ipv6" <?php if ($sel_v6) echo "selected"; ?>>IPv6 Network</option> <?php if(have_ruleint_access("wan")): ?> <option value="wanip" <?php if ($pconfig['src'] == "wanip") { echo "selected"; } ?>>WAN address</option> <?php endif; ?> @@ -753,11 +828,31 @@ include("head.inc"); <td>Type: </td> <td> <select name="dsttype" class="formselect" onChange="typesel_change()"> -<?php - $sel = is_specialnet($pconfig['dst']); ?> + <?php + $sel_host = false; + $sel_v4 = false; + $sel_v6 = false; + + $sel = is_specialnet($pconfig['src']); + + if (is_ipaddr($pconfig['src']) && !$sel) { + if ($pconfig['dstmask'] == 32) { + $sel_host = true; + } else { + $sel_v4 = true; + } + } else if (Net_IPv6::checkIPv6($pconfig['src']) && !$sel) { + if ($pconfig['dstmask'] == 128) { + $sel_host = true; + } else { + $sel_v6 = true; + } + } + ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option> - <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option> - <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> + <option value="single" <?php if ($sel_host) echo "selected"; ?>>Single host or alias</option> + <option value="network" <?php if ($sel_v4) echo "selected"; ?>>IPv4 Network</option> + <option value="network_ipv6" <?php if ($sel_v6) echo "selected"; ?>>IPv6 Network</option> <?php if(have_ruleint_access("wan")): ?> <option value="wanip" <?php if ($pconfig['dst'] == "wanip") { echo "selected"; } ?>>WAN address</option> <?php endif; ?> |