diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-06-21 21:06:47 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-06-21 21:06:47 +0000 |
commit | 6847d0ede45fd06e4055b7644aa9cb64f2db9a48 (patch) | |
tree | a23aeb13883ca08eac486f86dba8ac82ac7357a3 /usr/local/www | |
parent | 08230f3637c6fd5b9c68f3f1ad75a378549a4a26 (diff) | |
download | pfsense-6847d0ede45fd06e4055b7644aa9cb64f2db9a48.zip pfsense-6847d0ede45fd06e4055b7644aa9cb64f2db9a48.tar.gz |
Add TCP Flags menu to firewall rules edit screen
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 9e1520e..116efc8 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -82,6 +82,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['dstbeginport'], $pconfig['dstendport']); $pconfig['disabled'] = isset($a_filter[$id]['disabled']); + $pconfig['tcpflags'] = $a_filter[$id]['tcpflags']; $pconfig['log'] = isset($a_filter[$id]['log']); $pconfig['descr'] = $a_filter[$id]['descr']; @@ -111,6 +112,15 @@ if (isset($_GET['dup'])) unset($id); if ($_POST) { + + $intcpflags = array(); + foreach ($tcpflags as $tcpflag) { + if ($_POST['tcpflags_' . $tcpflag] == "on") + $intcpflags[] = $tcpflag; + else if ($_POST['tcpflags_' . $tcpflag] == "off") + $intcpflags[] = "!" . $tcpflag; + } + $_POST['tcpflags'] = join(",", $intcpflags); if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { $_POST['srcbeginport'] = 0; @@ -288,6 +298,8 @@ if ($_POST) { $filterent['gateway'] = $_POST['gateway']; } + $filterent['tcpflags'] = $_POST['tcpflags']; + if (isset($id) && $a_filter[$id]) $a_filter[$id] = $filterent; else { @@ -296,7 +308,7 @@ if ($_POST) { else $a_filter[] = $filterent; } - + write_config(); touch($d_filterconfdirty_path); @@ -809,6 +821,28 @@ Hint: the difference between block and reject is that with reject, a packet (TCP </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">TCP flags</td> + <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0"> + <?php + $inflags = explode(",", $pconfig['tcpflags']); + foreach ($tcpflags as $tcpflag): $dontcare = true; ?> + <tr> + <td width="40" nowrap><strong> + <?=strtoupper($tcpflag);?> + </strong></td> + <td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="on" <?php if (array_search($tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>> + set </td> + <td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="off" <?php if (array_search("!" . $tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>> + cleared </td> + <td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="" <?php if ($dontcare) echo "checked";?>> + don't care</td> + </tr> + <?php endforeach; ?> + </table> + <span class="vexpl">Use this to choose TCP flags that must + be set or cleared for this rule to match.</span></td> + </tr> + <tr> <td width="22%" valign="top"> </td> <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()"> |