diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-12-11 19:47:05 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-12-11 19:50:00 -0200 |
commit | fcc96054a0935a2eb4aa380ccf0fc8c44987715f (patch) | |
tree | 4e39547cd9d82b6de4116772b1f7d236f250ffa7 /usr/local | |
parent | c03ed2fb58c365e7e98bfc2912e5436896f0b3ce (diff) | |
download | pfsense-fcc96054a0935a2eb4aa380ccf0fc8c44987715f.zip pfsense-fcc96054a0935a2eb4aa380ccf0fc8c44987715f.tar.gz |
Split ICMP and ICMPv6 types on Firewall Rules
- Remove redundant declaration of $icmptypes and move it to a common
place (filter.inc)
- Add missing ICMP types for v4
- Add ICMPv6 types
- Adjust javascripts to show correct options depending of IP Protocol
- Hide ICMP type selection when protocol is IPv4+v6
It fixes #3389
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/firewall_rules.php | 24 | ||||
-rw-r--r-- | usr/local/www/firewall_rules_edit.php | 52 | ||||
-rw-r--r-- | usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js | 14 |
3 files changed, 43 insertions, 47 deletions
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index fe98195..250ce64 100644 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -123,26 +123,6 @@ if($_REQUEST['dragdroporder']) { exit; } -$icmptypes = array( - "" => gettext("any"), - "echoreq" => gettext("Echo request"), - "echorep" => gettext("Echo reply"), - "unreach" => gettext("Destination unreachable"), - "squench" => gettext("Source quench"), - "redir" => gettext("Redirect"), - "althost" => gettext("Alternate Host"), - "routeradv" => gettext("Router advertisement"), - "routersol" => gettext("Router solicitation"), - "timex" => gettext("Time exceeded"), - "paramprob" => gettext("Invalid IP header"), - "timereq" => gettext("Timestamp"), - "timerep" => gettext("Timestamp reply"), - "inforeq" => gettext("Information request"), - "inforep" => gettext("Information reply"), - "maskreq" => gettext("Address mask request"), - "maskrep" => gettext("Address mask reply") -); - /* add group interfaces */ if (is_array($config['ifgroups']['ifgroupentry'])) foreach($config['ifgroups']['ifgroupentry'] as $ifgen) @@ -714,7 +694,9 @@ if($_REQUEST['undodrag']) { if (isset($filterent['protocol'])) { echo strtoupper($filterent['protocol']); if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) { - echo ' <span style="cursor: help;" title="ICMP type: ' . $icmptypes[$filterent['icmptype']] . '"><u>'; + echo ' <span style="cursor: help;" title="ICMP type: ' . + ( $filterent['ipprotocol'] == "inet6" ? $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']] ) . + '"><u>'; echo $filterent['icmptype']; echo '</u></span>'; } diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 1b81349..ae12d96 100644 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -691,9 +691,14 @@ if ($_POST) { else unset($filterent['protocol']); - if ($_POST['proto'] == "icmp" && $_POST['icmptype']) - $filterent['icmptype'] = $_POST['icmptype']; - else + if ($_POST['proto'] == "icmp") { + if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type']) + $filterent['icmptype'] = $_POST['icmp6type']; + else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype']) + $filterent['icmptype'] = $_POST['icmptype']; + else + unset($filterent['icmptype']); + } else unset($filterent['icmptype']); pconfig_to_address($filterent['source'], $_POST['src'], @@ -966,7 +971,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td> <td width="78%" class="vtable"> - <select name="ipprotocol" class="formselect"> + <select name="ipprotocol" class="formselect" onchange="proto_change()"> <?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6' ); foreach ($ipproto as $proto => $name): ?> <option value="<?=$proto;?>" @@ -998,27 +1003,24 @@ include("head.inc"); <td class="vtable"> <select <?=$edit_disabled;?> name="icmptype" class="formselect"> <?php - $icmptypes = array( - "" => gettext("any"), - "echoreq" => gettext("Echo request"), - "echorep" => gettext("Echo reply"), - "unreach" => gettext("Destination unreachable"), - "squench" => gettext("Source quench"), - "redir" => gettext("Redirect"), - "althost" => gettext("Alternate Host"), - "routeradv" => gettext("Router advertisement"), - "routersol" => gettext("Router solicitation"), - "timex" => gettext("Time exceeded"), - "paramprob" => gettext("Invalid IP header"), - "timereq" => gettext("Timestamp"), - "timerep" => gettext("Timestamp reply"), - "inforeq" => gettext("Information request"), - "inforep" => gettext("Information reply"), - "maskreq" => gettext("Address mask request"), - "maskrep" => gettext("Address mask reply") - ); - - foreach ($icmptypes as $icmptype => $descr): ?> + foreach ($icmptypes as $icmptype => $descr): +?> + <option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($descr);?></option> +<?php + endforeach; +?> + </select> + <br /> + <span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span> + </td> + </tr> + <tr id="icmp6box"> + <td valign="top" class="vncell"><?=gettext("ICMPv6 type");?></td> + <td class="vtable"> + <select <?=$edit_disabled;?> name="icmp6type" class="formselect"> +<?php + foreach ($icmp6types as $icmptype => $descr): +?> <option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($descr);?></option> <?php endforeach; diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js index f8d714d..de1ff0c 100644 --- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js +++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js @@ -111,16 +111,28 @@ function proto_change() { if (document.iform.proto.selectedIndex == 3) { document.iform.icmptype.disabled = 0; + document.iform.icmp6type.disabled = 0; } else { document.iform.icmptype.disabled = 1; + document.iform.icmp6type.disabled = 1; } ext_change(); if(document.iform.proto.selectedIndex == 3 || document.iform.proto.selectedIndex == 4) { - document.getElementById("icmpbox").style.display = ''; + if(document.iform.ipprotocol.selectedIndex == 0) { // IPv4 + document.getElementById("icmpbox").style.display = ''; + document.getElementById("icmp6box").style.display = 'none'; + } else if(document.iform.ipprotocol.selectedIndex == 1) { // IPv6 + document.getElementById("icmpbox").style.display = 'none'; + document.getElementById("icmp6box").style.display = ''; + } else { // IPv4 + IPv6 + document.getElementById("icmpbox").style.display = 'none'; + document.getElementById("icmp6box").style.display = 'none'; + } } else { document.getElementById("icmpbox").style.display = 'none'; + document.getElementById("icmp6box").style.display = 'none'; } if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { |