diff options
author | Phil Davis <phil.davis@world.inf.org> | 2013-07-22 03:49:17 -0700 |
---|---|---|
committer | Phil Davis <phil.davis@world.inf.org> | 2013-07-22 03:49:17 -0700 |
commit | 1101a89122778218e7f4536d0a97ec1a1ca72f0a (patch) | |
tree | f6c40a710bd0d5fd8803993835fd10c5b529f6ca /usr/local/www/firewall_rules_edit.php | |
parent | 33e2fb05ffcd8aa8c66eb2f14a6e0669a122407f (diff) | |
download | pfsense-1101a89122778218e7f4536d0a97ec1a1ca72f0a.zip pfsense-1101a89122778218e7f4536d0a97ec1a1ca72f0a.tar.gz |
Validate firewall rule advanced options requirements
Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules.
Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html
Bug report #3098
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 25b3e9d..13e7b2a 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -472,6 +472,51 @@ if ($_POST) { $input_errors[] = gettext("You can only select a layer7 container for Pass type rules."); } + if ($_POST['proto'] <> "tcp") { + if (!empty($_POST['max'])) + $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for TCP protocol."); + if (!empty($_POST['max-src-nodes'])) + $input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for TCP protocol."); + if (!empty($_POST['max-src-conn'])) + $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for TCP protocol."); + if (!empty($_POST['max-src-states'])) + $input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for TCP protocol."); + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + $input_errors[] = gettext("You can only specify the maximum new connections / per second(s) (advanced option) for TCP protocol."); + if (!empty($_POST['statetimeout'])) + $input_errors[] = gettext("You can only specify the state timeout (advanced option) for TCP protocol."); + } + + if ($_POST['type'] <> "pass") { + if (!empty($_POST['max'])) + $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for Pass type rules."); + if (!empty($_POST['max-src-nodes'])) + $input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for Pass type rules."); + if (!empty($_POST['max-src-conn'])) + $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for Pass type rules."); + if (!empty($_POST['max-src-states'])) + $input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for Pass type rules."); + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + $input_errors[] = gettext("You can only specify the maximum new connections / per second(s) (advanced option) for Pass type rules."); + if (!empty($_POST['statetimeout'])) + $input_errors[] = gettext("You can only specify the state timeout (advanced option) for Pass type rules."); + } + + if (($_POST['statetype'] == "none") && (empty($_POST['l7container']))) { + if (!empty($_POST['max'])) + $input_errors[] = gettext("You cannot specify the maximum state entries (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['max-src-nodes'])) + $input_errors[] = gettext("You cannot specify the maximum number of unique source hosts (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['max-src-conn'])) + $input_errors[] = gettext("You cannot specify the maximum number of established connections per host (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['max-src-states'])) + $input_errors[] = gettext("You cannot specify the maximum state entries per host (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + $input_errors[] = gettext("You cannot specify the maximum new connections / per second(s) (advanced option) if statetype is none and no L7 container is selected."); + if (!empty($_POST['statetimeout'])) + $input_errors[] = gettext("You cannot specify the state timeout (advanced option) if statetype is none and no L7 container is selected."); + } + if (!$_POST['tcpflags_any']) { $settcpflags = array(); $outoftcpflags = array(); |