Merge IPv6 changes

author: Simon Cornelius P. Umacob <simoncpu@gmail.com> 2009-01-20 15:52:39 +0800
committer: Simon Cornelius P. Umacob <simoncpu@gmail.com> 2009-01-20 15:52:39 +0800
commit: f193cf92b2c925a2f3f71a713d766efd1e4d81e0 (patch)
tree: c02f02076434ddf76d0892a06a66ad0969cbe70e /usr/local/www/firewall_rules_edit.php
parent: 1f9f2a95b7b42cf33e730535092e56e214fdb848 (diff)
download: pfsense-f193cf92b2c925a2f3f71a713d766efd1e4d81e0.zip
pfsense-f193cf92b2c925a2f3f71a713d766efd1e4d81e0.tar.gz
1 files changed, 109 insertions, 14 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 37af21d..0883d62 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -40,6 +40,7 @@
 
 
 require("guiconfig.inc");
+require_once("IPv6.inc");
 
 $specialsrcdst = explode(" ", "any wanip lanip lan pptp pppoe");
 
@@ -91,6 +92,9 @@ if (isset($id) && $a_filter[$id]) {
 	if ($a_filter[$id]['protocol'] == "icmp")
 		$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
 
+	if ($a_filter[$id]['protocol'] == "icmp6")
+		$pconfig['icmp6type'] = $a_filter[$id]['icmp6type'];
+
 	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
 		$pconfig['srcmask'], $pconfig['srcnot'],
 		$pconfig['srcbeginport'], $pconfig['srcendport']);
@@ -156,9 +160,9 @@ if (isset($_GET['dup']))
 	unset($id);
 
 if ($_POST) {
-
-	if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
-		$input_errors[] = "Reject type rules only works when the protocol is set to TCP.";
+	if ($_POST['type'] == "reject" && !($_POST['proto'] == "tcp" || $_POST['proto'] == "tcp6")) {
+		$input_errors[] = "Reject type rules only works when the protocol is set to TCP or TCP6.";
+	}
 
 	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
 		$_POST['srcbeginport'] = 0;
@@ -282,7 +286,7 @@ if ($_POST) {
 
 	if (!is_specialnet($_POST['srctype'])) {
 		if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
-			$input_errors[] = "A valid source IP address or alias must be specified.";
+			$input_errors[] = "A valid source IPv4/IPv6 address or alias must be specified.";
 		}
 		if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
 			$input_errors[] = "A valid source bit count must be specified.";
@@ -290,7 +294,7 @@ if ($_POST) {
 	}
 	if (!is_specialnet($_POST['dsttype'])) {
 		if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
-			$input_errors[] = "A valid destination IP address or alias must be specified.";
+			$input_errors[] = "A valid destination IPv4/IPv6 address or alias must be specified.";
 		}
 		if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
 			$input_errors[] = "A valid destination bit count must be specified.";
@@ -386,6 +390,11 @@ if ($_POST) {
 		else
 			unset($filterent['icmptype']);
 
+		if ($_POST['proto'] == "icmp6" && $_POST['icmp6type'])
+			$filterent['icmp6type'] = $_POST['icmp6type'];
+		else
+			unset($filterent['icmp6type']);
+
 		pconfig_to_address($filterent['source'], $_POST['src'],
 			$_POST['srcmask'], $_POST['srcnot'],
 			$_POST['srcbeginport'], $_POST['srcendport']);
@@ -460,6 +469,8 @@ include("head.inc");
 
 ?>
 
+<script type="text/javascript" src="javascript/NetUtils.js"></script>
+
 </head>
 
 <body link="#0000CC" vlink="#0000CC" alink="#0000CC">
@@ -569,7 +580,7 @@ include("head.inc");
 			<td width="78%" class="vtable">
 				<select name="proto" class="formselect" onchange="proto_change()">
 <?php
-				$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP any carp pfsync");
+				$protocols = explode(" ", "TCP UDP TCP/UDP ICMP TCP6 UDP6 TCP6/UDP6 ICMP6 ESP AH GRE IGMP any carp pfsync");
 				foreach ($protocols as $proto): ?>
 					<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
 <?php 			endforeach; ?>
@@ -611,6 +622,50 @@ include("head.inc");
 			<span class="vexpl">If you selected ICMP for the protocol above, you may specify an ICMP type here.</span>
 		</td>
 		</tr>
+		<tr id="icmp6box" name="icmp6box">
+			<td valign="top" class="vncell">ICMP6 type</td>
+			<td class="vtable">
+				<select name="icmp6type" class="formselect">
+<?php
+				$icmp6types = array(
+					"unreach"	=>	"Destination unreachable",
+					"toobig"	=>	"Packet too big",
+					"timex"		=>	"Time exceeded",
+					"parampro"	=>	"Invalid IPv6 header",
+					"echoreq"	=>	"Echo service request",
+					"echorep"	=>	"Echo service reply",
+					"groupqry"	=>	"Group membership query",
+					"listqry"	=>	"Multicast listener query",
+					"grouprep"	=>	"Group membership report",
+					"listenrep"	=>	"Multicast listener report",
+					"groupterm"	=>	"Group membership termination",
+					"listendone"	=>	"Multicast listerner done",
+					"routersol"	=>	"Router solicitation",
+					"routeradv"	=>	"Router advertisement",
+					"neighbrsol"	=>	"Neighbor solicitation",
+					"neighbradv"	=>	"Neighbor advertisement",
+					"redir"		=>	"Shorter route exists",
+					"routrrenum"	=>	"Route renumbering",
+					"fqdnreq"	=>	"FQDN query",
+					"niqry"		=>	"Node information query",
+					"wrureq"	=>	"Who-are-you request",
+					"fqdnrep"	=>	"FQDN reply",
+					"nirep"		=>	"Node information reply",
+					"wrurep"	=>	"Who-are-you reply",
+					"mtraceresp"	=>	"mtrace response",
+					"mtrace"	=>	"mtrace messages"
+				);
+?>
+
+				<?php foreach ($icmp6types as $icmp6type => $descr): ?>
+					<option value="<?=$icmp6type;?>" <?php if ($icmp6type == $pconfig['icmp6type']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
+				<?php endforeach; ?>
+
+				</select>
+				<br />
+				<span class="vexpl">If you selected ICMP6 for the protocol above, you may specify an ICMP6 type here.</span>
+			</td>
+		</tr>
 		<tr>
 			<td width="22%" valign="top" class="vncellreq">Source</td>
 			<td width="78%" class="vtable">
@@ -625,11 +680,31 @@ include("head.inc");
 						<td>Type:&nbsp;&nbsp;</td>
 						<td>
 							<select name="srctype" class="formselect" onChange="typesel_change()">
-<?php
-								$sel = is_specialnet($pconfig['src']); ?>
+							<?php
+								$sel_host = false;
+								$sel_v4 = false;
+								$sel_v6 = false;
+
+								$sel = is_specialnet($pconfig['src']);
+
+								if (is_ipaddr($pconfig['src']) && !$sel) {
+									if ($pconfig['srcmask'] == 32) {
+										$sel_host = true;
+									} else {
+										$sel_v4 = true;
+									}
+								} else if (Net_IPv6::checkIPv6($pconfig['src']) && !$sel) {
+									if ($pconfig['srcmask'] == 128) {
+										$sel_host = true;
+									} else {
+										$sel_v6 = true;
+									}
+								}
+							?>
 								<option value="any"     <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option>
-								<option value="single"  <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
-								<option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option>
+								<option value="single"  <?php if ($sel_host) echo "selected"; ?>>Single host or alias</option>
+								<option value="network" <?php if ($sel_v4) echo "selected"; ?>>IPv4 Network</option>
+								<option value="network_ipv6" <?php if ($sel_v6) echo "selected"; ?>>IPv6 Network</option>
 								<?php if(have_ruleint_access("wan")): ?>
 								<option value="wanip" 	<?php if ($pconfig['src'] == "wanip") { echo "selected"; } ?>>WAN address</option>
 								<?php endif; ?>
@@ -753,11 +828,31 @@ include("head.inc");
 						<td>Type:&nbsp;&nbsp;</td>
 						<td>
 							<select name="dsttype" class="formselect" onChange="typesel_change()">
-<?php
-								$sel = is_specialnet($pconfig['dst']); ?>
+							<?php
+								$sel_host = false;
+								$sel_v4 = false;
+								$sel_v6 = false;
+
+								$sel = is_specialnet($pconfig['src']);
+
+								if (is_ipaddr($pconfig['src']) && !$sel) {
+									if ($pconfig['dstmask'] == 32) {
+										$sel_host = true;
+									} else {
+										$sel_v4 = true;
+									}
+								} else if (Net_IPv6::checkIPv6($pconfig['src']) && !$sel) {
+									if ($pconfig['dstmask'] == 128) {
+										$sel_host = true;
+									} else {
+										$sel_v6 = true;
+									}
+								}
+							?>
 								<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option>
-								<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
-								<option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option>
+								<option value="single" <?php if ($sel_host) echo "selected"; ?>>Single host or alias</option>
+								<option value="network" <?php if ($sel_v4) echo "selected"; ?>>IPv4 Network</option>
+								<option value="network_ipv6" <?php if ($sel_v6) echo "selected"; ?>>IPv6 Network</option>
 								<?php if(have_ruleint_access("wan")): ?>
 								<option value="wanip" <?php if ($pconfig['dst'] == "wanip") { echo "selected"; } ?>>WAN address</option>
 								<?php endif; ?>
author	Simon Cornelius P. Umacob <simoncpu@gmail.com>	2009-01-20 15:52:39 +0800
committer	Simon Cornelius P. Umacob <simoncpu@gmail.com>	2009-01-20 15:52:39 +0800
commit	f193cf92b2c925a2f3f71a713d766efd1e4d81e0 (patch)
tree	c02f02076434ddf76d0892a06a66ad0969cbe70e /usr/local/www/firewall_rules_edit.php
parent	1f9f2a95b7b42cf33e730535092e56e214fdb848 (diff)
download	pfsense-f193cf92b2c925a2f3f71a713d766efd1e4d81e0.zip pfsense-f193cf92b2c925a2f3f71a713d766efd1e4d81e0.tar.gz