diff options
author | Phil Davis <phil.davis@inf.org> | 2015-05-11 18:55:44 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2015-05-11 18:55:44 +0545 |
commit | 603d3c16fd1bc1f5f7fd77ede899043dfadbef6a (patch) | |
tree | 9f28918df17f94913414f06064738a9e9becf34b /usr/local | |
parent | efd081de20c993d2c5bb991835ca25d5b7b06e3c (diff) | |
download | pfsense-603d3c16fd1bc1f5f7fd77ede899043dfadbef6a.zip pfsense-603d3c16fd1bc1f5f7fd77ede899043dfadbef6a.tar.gz |
Code style Firewall Rules
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/firewall_rules.php | 689 | ||||
-rw-r--r-- | usr/local/www/firewall_rules_edit.php | 899 |
2 files changed, 907 insertions, 681 deletions
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index c05b001..4f2856e 100644 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -53,14 +53,17 @@ $shortcut_section = "firewall"; function delete_nat_association($id) { global $config; - if (!$id || !is_array($config['nat']['rule'])) + if (!$id || !is_array($config['nat']['rule'])) { return; + } $a_nat = &$config['nat']['rule']; - foreach ($a_nat as &$natent) - if ($natent['associated-rule-id'] == $id) + foreach ($a_nat as &$natent) { + if ($natent['associated-rule-id'] == $id) { $natent['associated-rule-id'] = ''; + } + } } if (!is_array($config['filter']['rule'])) { @@ -70,54 +73,70 @@ filter_rules_sort(); $a_filter = &$config['filter']['rule']; $if = $_GET['if']; -if ($_POST['if']) +if ($_POST['if']) { $if = $_POST['if']; +} $ifdescs = get_configured_interface_with_descr(); /* add group interfaces */ -if (is_array($config['ifgroups']['ifgroupentry'])) - foreach($config['ifgroups']['ifgroupentry'] as $ifgen) - if (have_ruleint_access($ifgen['ifname'])) +if (is_array($config['ifgroups']['ifgroupentry'])) { + foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) { + if (have_ruleint_access($ifgen['ifname'])) { $iflist[$ifgen['ifname']] = $ifgen['ifname']; + } + } +} -foreach ($ifdescs as $ifent => $ifdesc) - if(have_ruleint_access($ifent)) +foreach ($ifdescs as $ifent => $ifdesc) { + if (have_ruleint_access($ifent)) { $iflist[$ifent] = $ifdesc; + } +} -if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) +if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { $iflist['l2tp'] = "L2TP VPN"; + } +} -if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) +if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { $iflist['pptp'] = "PPTP VPN"; + } +} if (is_array($config['pppoes']['pppoe'])) { - foreach ($config['pppoes']['pppoe'] as $pppoes) - if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe")) + foreach ($config['pppoes']['pppoe'] as $pppoes) { + if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe")) { $iflist['pppoe'] = "PPPoE Server"; + } + } } /* add ipsec interfaces */ -if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) +if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (have_ruleint_access("enc0")) { $iflist["enc0"] = "IPsec"; + } +} /* add openvpn/tun interfaces */ -if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) +if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $iflist["openvpn"] = "OpenVPN"; +} pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/interfaces_override"); if (!$if || !isset($iflist[$if])) { - if ("any" == $if) + if ("any" == $if) { $if = "FloatingRules"; - else if ("FloatingRules" != $if) { - if (isset($iflist['wan'])) + } else if ("FloatingRules" != $if) { + if (isset($iflist['wan'])) { $if = "wan"; - else + } else { $if = "FloatingRules"; + } } } @@ -143,16 +162,18 @@ if ($_GET['act'] == "del") { delete_nat_association($a_filter[$_GET['id']]['associated-rule-id']); } unset($a_filter[$_GET['id']]); - if (write_config()) + if (write_config()) { mark_subsystem_dirty('filter'); + } header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } // Handle save msg if defined -if($_REQUEST['savemsg']) +if ($_REQUEST['savemsg']) { $savemsg = htmlentities($_REQUEST['savemsg']); +} if (isset($_POST['del_x'])) { /* delete selected rules */ @@ -161,19 +182,22 @@ if (isset($_POST['del_x'])) { delete_nat_association($a_filter[$rulei]['associated-rule-id']); unset($a_filter[$rulei]); } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('filter'); + } header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } else if ($_GET['act'] == "toggle") { if ($a_filter[$_GET['id']]) { - if(isset($a_filter[$_GET['id']]['disabled'])) + if (isset($a_filter[$_GET['id']]['disabled'])) { unset($a_filter[$_GET['id']]['disabled']); - else + } else { $a_filter[$_GET['id']]['disabled'] = true; - if (write_config()) + } + if (write_config()) { mark_subsystem_dirty('filter'); + } header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } @@ -193,31 +217,37 @@ if (isset($_POST['del_x'])) { /* copy all rules < $movebtn and not selected */ for ($i = 0; $i < $movebtn; $i++) { - if (!in_array($i, $_POST['rule'])) + if (!in_array($i, $_POST['rule'])) { $a_filter_new[] = $a_filter[$i]; + } } /* copy all selected rules */ for ($i = 0; $i < count($a_filter); $i++) { - if ($i == $movebtn) + if ($i == $movebtn) { continue; - if (in_array($i, $_POST['rule'])) + } + if (in_array($i, $_POST['rule'])) { $a_filter_new[] = $a_filter[$i]; + } } /* copy $movebtn rule */ - if ($movebtn < count($a_filter)) + if ($movebtn < count($a_filter)) { $a_filter_new[] = $a_filter[$movebtn]; + } /* copy all rules > $movebtn and not selected */ for ($i = $movebtn+1; $i < count($a_filter); $i++) { - if (!in_array($i, $_POST['rule'])) + if (!in_array($i, $_POST['rule'])) { $a_filter_new[] = $a_filter[$i]; + } } $a_filter = $a_filter_new; - if (write_config()) + if (write_config()) { mark_subsystem_dirty('filter'); + } header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } @@ -248,16 +278,20 @@ include("head.inc"); <?php /* active tabs */ $tab_array = array(); - if ("FloatingRules" == $if) + if ("FloatingRules" == $if) { $active = true; - else + } else { $active = false; + } $tab_array[] = array(gettext("Floating"), $active, "firewall_rules.php?if=FloatingRules"); - $tabscounter = 0; $i = 0; foreach ($iflist as $ifent => $ifname) { - if ($ifent == $if) + $tabscounter = 0; + $i = 0; + foreach ($iflist as $ifent => $ifname) { + if ($ifent == $if) { $active = true; - else + } else { $active = false; + } $tab_array[] = array($ifname, $active, "firewall_rules.php?if={$ifent}"); } display_top_tabs($tab_array); @@ -270,190 +304,203 @@ include("head.inc"); pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/before_first_tr"); ?> <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="5%" class="list"> </td> - <td width="3%" class="listhdrr"><?=gettext("ID");?></td> - <?php - pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tablehead"); - ?> - <td width="6%" class="listhdrr"><?=gettext("Proto");?></td> - <td width="12%" class="listhdrr"><?=gettext("Source");?></td> - <td width="6%" class="listhdrr"><?=gettext("Port");?></td> - <td width="12%" class="listhdrr"><?=gettext("Destination");?></td> - <td width="6%" class="listhdrr"><?=gettext("Port");?></td> - <td width="5%" class="listhdrr"><?=gettext("Gateway");?></td> - <td width="8%" class="listhdrr"><?=gettext("Queue");?></td> - <td width="5%" class="listhdrr"><?=gettext("Schedule");?></td> - <?php - pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_desc_tablehead"); - ?> - <td width="19%" class="listhdr"><?=gettext("Description");?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="delete selected rules"> - <tr> - <?php - $nrules = 0; - for ($i = 0; isset($a_filter[$i]); $i++) { - $filterent = $a_filter[$i]; - if ($filterent['interface'] != $if && !isset($filterent['floating'])) - continue; - if (isset($filterent['floating']) && "FloatingRules" != $if) - continue; - $nrules++; - } - ?> - <td> - <?php if ($nrules == 0): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?gettext("delete selected rules"); ?>" border="0" alt="delete" /><?php else: ?> - <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" style="width:17;height:17" title="<?=gettext("delete selected rules");?>" onclick="return confirm('<?=gettext('Do you really want to delete the selected rules?');?>')" /> - <?php endif; ?> - </td> - <td align="center" valign="middle"><a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>&after=-1"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> + <td width="3%" class="list"> </td> + <td width="5%" class="list"> </td> + <td width="3%" class="listhdrr"><?=gettext("ID");?></td> + <?php + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tablehead"); + ?> + <td width="6%" class="listhdrr"><?=gettext("Proto");?></td> + <td width="12%" class="listhdrr"><?=gettext("Source");?></td> + <td width="6%" class="listhdrr"><?=gettext("Port");?></td> + <td width="12%" class="listhdrr"><?=gettext("Destination");?></td> + <td width="6%" class="listhdrr"><?=gettext("Port");?></td> + <td width="5%" class="listhdrr"><?=gettext("Gateway");?></td> + <td width="8%" class="listhdrr"><?=gettext("Queue");?></td> + <td width="5%" class="listhdrr"><?=gettext("Schedule");?></td> + <?php + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_desc_tablehead"); + ?> + <td width="19%" class="listhdr"><?=gettext("Description");?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="delete selected rules"> + <tr> + <?php + $nrules = 0; + for ($i = 0; isset($a_filter[$i]); $i++) { + $filterent = $a_filter[$i]; + if ($filterent['interface'] != $if && !isset($filterent['floating'])) { + continue; + } + if (isset($filterent['floating']) && "FloatingRules" != $if) { + continue; + } + $nrules++; + } + ?> + <td> + <?php if ($nrules == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?gettext("delete selected rules"); ?>" border="0" alt="delete" /><?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" style="width:17;height:17" title="<?=gettext("delete selected rules");?>" onclick="return confirm('<?=gettext('Do you really want to delete the selected rules?');?>')" /> + <?php endif; ?> + </td> + <td align="center" valign="middle"> + <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>&after=-1"> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" width="17" height="17" border="0" alt="add" /> + </a> + </td> + </tr> + </table> + </td> </tr> <?php // Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1. if (!isset($config['system']['webgui']['noantilockout']) && - (((count($config['interfaces']) > 1) && ($if == 'lan')) - || ((count($config['interfaces']) == 1) && ($if == 'wan')))): + (((count($config['interfaces']) > 1) && ($if == 'lan')) || + ((count($config['interfaces']) == 1) && ($if == 'wan')))): $alports = implode('<br />', filter_get_antilockout_ports(true)); ?> <tr valign="top" id="antilockout"> - <td class="list"> </td> - <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" border="0" alt="pass" /></td> - <td class="listlr" style="background-color: #E0E0E0"> </td> - <?php - pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tr_antilockout"); - ?> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0"><?=$iflist[$if];?> Address</td> - <td class="listr" style="background-color: #E0E0E0"><?= $alports ?></td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0"> </td> - <td class="listbg"><?=gettext("Anti-Lockout Rule");?></td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="move rules before"> - <tr> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule");?>" alt="move" /></td> - <td><a href="system_advanced_admin.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule");?>" width="17" height="17" border="0" alt="edit" /></a></td> - </tr> - <tr> - <td align="center" valign="middle"></td> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="<?=gettext("add a new rule based on this one");?>" width="17" height="17" border="0" alt="add" /></td> - </tr> - </table> - </td> + <td class="list"> </td> + <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" border="0" alt="pass" /></td> + <td class="listlr" style="background-color: #E0E0E0"> </td> + <?php + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tr_antilockout"); + ?> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0"><?=$iflist[$if];?> Address</td> + <td class="listr" style="background-color: #E0E0E0"><?= $alports ?></td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0"> </td> + <td class="listbg"><?=gettext("Anti-Lockout Rule");?></td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="move rules before"> + <tr> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule");?>" alt="move" /></td> + <td><a href="system_advanced_admin.php"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule");?>" width="17" height="17" border="0" alt="edit" /></a></td> + </tr> + <tr> + <td align="center" valign="middle"></td> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="<?=gettext("add a new rule based on this one");?>" width="17" height="17" border="0" alt="add" /></td> + </tr> + </table> + </td> </tr> <?php endif; ?> <?php if (isset($config['interfaces'][$if]['blockpriv'])): ?> <tr valign="top" id="frrfc1918"> - <td class="list"> </td> - <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0" alt="block" /></td> - <td class="listlr" style="background-color: #E0E0E0"> </td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0"><?=gettext("RFC 1918 networks");?></td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0"> </td> - <td class="listbg"><?=gettext("Block private networks");?></td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="move rules before"> - <tr> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule");?>" alt="edit" /></td> - <td><a href="interfaces.php?if=<?=htmlspecialchars($if)?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule");?>" width="17" height="17" border="0" alt="edit" /></a></td> - </tr> - <tr> - <td align="center" valign="middle"></td> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="<?=gettext("add a new rule based on this one");?>" width="17" height="17" border="0" alt="add" /></td> - </tr> - </table> - </td> + <td class="list"> </td> + <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0" alt="block" /></td> + <td class="listlr" style="background-color: #E0E0E0"> </td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0"><?=gettext("RFC 1918 networks");?></td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0"> </td> + <td class="listbg"><?=gettext("Block private networks");?></td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="move rules before"> + <tr> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule");?>" alt="edit" /></td> + <td><a href="interfaces.php?if=<?=htmlspecialchars($if)?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule");?>" width="17" height="17" border="0" alt="edit" /></a></td> + </tr> + <tr> + <td align="center" valign="middle"></td> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="<?=gettext("add a new rule based on this one");?>" width="17" height="17" border="0" alt="add" /></td> + </tr> + </table> + </td> </tr> <?php endif; ?> <?php if (isset($config['interfaces'][$if]['blockbogons'])): ?> <tr valign="top" id="frrfc1918"> - <td class="list"> </td> - <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0" alt="block" /></td> - <td class="listlr" style="background-color: #E0E0E0"> </td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0"><?=gettext("Reserved/not assigned by IANA");?></td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listr" style="background-color: #E0E0E0">*</td> - <td class="listbg"><?=gettext("Block bogon networks");?></td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="move rules before"> - <tr> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule");?>" alt="move" /></td> - <td><a href="interfaces.php?if=<?=htmlspecialchars($if)?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule");?>" width="17" height="17" border="0" alt=" edit" /></a></td> - </tr> - <tr> - <td align="center" valign="middle"></td> - <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="<?=gettext("add a new rule based on this one");?>" width="17" height="17" border="0" alt="add" /></td> - </tr> - </table> - </td> + <td class="list"> </td> + <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0" alt="block" /></td> + <td class="listlr" style="background-color: #E0E0E0"> </td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0"><?=gettext("Reserved/not assigned by IANA");?></td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listr" style="background-color: #E0E0E0">*</td> + <td class="listbg"><?=gettext("Block bogon networks");?></td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="move rules before"> + <tr> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule");?>" alt="move" /></td> + <td><a href="interfaces.php?if=<?=htmlspecialchars($if)?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule");?>" width="17" height="17" border="0" alt=" edit" /></a></td> + </tr> + <tr> + <td align="center" valign="middle"></td> + <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="<?=gettext("add a new rule based on this one");?>" width="17" height="17" border="0" alt="add" /></td> + </tr> + </table> + </td> </tr> <?php endif; ?> <tbody> -<?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++): - pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/row_start"); - $filterent = $a_filter[$i]; - if ($filterent['interface'] != $if && !isset($filterent['floating'])) - continue; - if (isset($filterent['floating']) && "FloatingRules" != $if) - continue; - $isadvset = firewall_check_for_advanced_options($filterent); - if($isadvset) - $advanced_set = "<img src=\"./themes/{$g['theme']}/images/icons/icon_advanced.gif\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\" alt=\"avanced\" />"; - else - $advanced_set = ""; +<?php + $nrules = 0; + for ($i = 0; isset($a_filter[$i]); $i++): + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/row_start"); + $filterent = $a_filter[$i]; + if ($filterent['interface'] != $if && !isset($filterent['floating'])) { + continue; + } + if (isset($filterent['floating']) && "FloatingRules" != $if) { + continue; + } + $isadvset = firewall_check_for_advanced_options($filterent); + if ($isadvset) { + $advanced_set = "<img src=\"./themes/{$g['theme']}/images/icons/icon_advanced.gif\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\" alt=\"avanced\" />"; + } else { + $advanced_set = ""; + } ?> <tr valign="top" id="fr<?=$nrules;?>"> - <td class="listt"> - <input type="checkbox" id="frc<?=$nrules;?>" name="rule[]" value="<?=$i;?>" onclick="fr_bgcolor('<?=$nrules;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /> - <?php echo $advanced_set; ?> - </td> - <td class="listt" align="center"> - <?php - if ($filterent['type'] == "block") - $iconfn = "block"; - else if ($filterent['type'] == "reject") - $iconfn = "reject"; - else if ($filterent['type'] == "match") - $iconfn = "match"; - else - $iconfn = "pass"; - if (isset($filterent['disabled'])) { - $textss = "<span class=\"gray\">"; - $textse = "</span>"; - $iconfn .= "_d"; - } else { - $textss = $textse = ""; - } - ?> - <a href="?if=<?=htmlspecialchars($if);?>&act=toggle&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="11" height="11" border="0" title="<?=gettext("click to toggle enabled/disabled status");?>" alt="icon" /></a> - <?php - if (isset($filterent['log'])): - $iconfnlog = "log_s"; - if (isset($filterent['disabled'])) - $iconfnlog .= "_d"; - ?> - <br /><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfnlog;?>.gif" width="11" height="15" border="0" alt="icon" /> + <td class="listt"> + <input type="checkbox" id="frc<?=$nrules;?>" name="rule[]" value="<?=$i;?>" onclick="fr_bgcolor('<?=$nrules;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /> + <?php echo $advanced_set; ?> + </td> + <td class="listt" align="center"> + <?php + if ($filterent['type'] == "block") { + $iconfn = "block"; + } else if ($filterent['type'] == "reject") { + $iconfn = "reject"; + } else if ($filterent['type'] == "match") { + $iconfn = "match"; + } else { + $iconfn = "pass"; + } + if (isset($filterent['disabled'])) { + $textss = "<span class=\"gray\">"; + $textse = "</span>"; + $iconfn .= "_d"; + } else { + $textss = $textse = ""; + } + ?> + <a href="?if=<?=htmlspecialchars($if);?>&act=toggle&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="11" height="11" border="0" title="<?=gettext("click to toggle enabled/disabled status");?>" alt="icon" /></a> +<?php + if (isset($filterent['log'])): + $iconfnlog = "log_s"; + if (isset($filterent['disabled'])) { + $iconfnlog .= "_d"; + } +?> + <br /><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfnlog;?>.gif" width="11" height="15" border="0" alt="icon" /> <?php endif; ?> - </td> + </td> <?php //build Alias popup box @@ -483,17 +530,16 @@ include("head.inc"); $schedstatus = false; $dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun')); $monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December')); - if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])) { - foreach ($a_schedules as $schedule) - { - if ($schedule['name'] == $filterent['sched'] ){ + if ($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])) { + foreach ($a_schedules as $schedule) { + if ($schedule['name'] == $filterent['sched']) { $schedstatus = filter_get_time_based_rule_status($schedule); - foreach($schedule['timerange'] as $timerange) { + foreach ($schedule['timerange'] as $timerange) { $tempFriendlyTime = ""; $tempID = ""; $firstprint = false; - if ($timerange){ + if ($timerange) { $dayFriendly = ""; $tempFriendlyTime = ""; @@ -504,18 +550,17 @@ include("head.inc"); $starttime = substr ($temptimerange, 0, $temptimeseparator); $stoptime = substr ($temptimerange, $temptimeseparator+1); - if ($timerange['month']){ + if ($timerange['month']) { $tempmontharray = explode(",", $timerange['month']); $tempdayarray = explode(",",$timerange['day']); $arraycounter = 0; $firstDayFound = false; $firstPrint = false; - foreach ($tempmontharray as $monthtmp){ + foreach ($tempmontharray as $monthtmp) { $month = $tempmontharray[$arraycounter]; $day = $tempdayarray[$arraycounter]; - if (!$firstDayFound) - { + if (!$firstDayFound) { $firstDay = $day; $firstmonth = $month; $firstDayFound = true; @@ -524,22 +569,22 @@ include("head.inc"); $currentDay = $day; $nextDay = $tempdayarray[$arraycounter+1]; $currentDay++; - if (($currentDay != $nextDay) || ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])){ - if ($firstPrint) + if (($currentDay != $nextDay) || ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])) { + if ($firstPrint) { $dayFriendly .= ", "; + } $currentDay--; - if ($currentDay != $firstDay) + if ($currentDay != $firstDay) { $dayFriendly .= $monthArray[$firstmonth-1] . " " . $firstDay . " - " . $currentDay ; - else + } else { $dayFriendly .= $monthArray[$month-1] . " " . $day; + } $firstDayFound = false; $firstPrint = true; } $arraycounter++; } - } - else - { + } else { $tempdayFriendly = $timerange['position']; $firstDayFound = false; $tempFriendlyDayArray = explode(",", $tempdayFriendly); @@ -547,10 +592,9 @@ include("head.inc"); $firstDay = ""; $nextDay = ""; $counter = 0; - foreach ($tempFriendlyDayArray as $day){ - if ($day != ""){ - if (!$firstDayFound) - { + foreach ($tempFriendlyDayArray as $day) { + if ($day != "") { + if (!$firstDayFound) { $firstDay = $tempFriendlyDayArray[$counter]; $firstDayFound = true; } @@ -558,14 +602,16 @@ include("head.inc"); //get next day $nextDay = $tempFriendlyDayArray[$counter+1]; $currentDay++; - if ($currentDay != $nextDay){ - if ($firstprint) + if ($currentDay != $nextDay) { + if ($firstprint) { $dayFriendly .= ", "; + } $currentDay--; - if ($currentDay != $firstDay) + if ($currentDay != $firstDay) { $dayFriendly .= $dayArray[$firstDay-1] . " - " . $dayArray[$currentDay-1]; - else + } else { $dayFriendly .= $dayArray[$firstDay-1]; + } $firstDayFound = false; $firstprint = true; } @@ -598,26 +644,27 @@ include("head.inc"); } $printicon = true; } else if ($filterent['sched']) { - if ($iconfn == "block" || $iconfn == "reject") + if ($iconfn == "block" || $iconfn == "reject") { $image = "icon_block_d"; - else + } else { $image = "icon_block"; + } $alttext = gettext("This rule is not currently active because its period has expired"); $printicon = true; } } ?> - <td class="listlr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?><?php if (isset($filterent['id'])) echo $filterent['id']." "; else echo " "; ?><?=$textse;?> - </td> + <td class="listlr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?><?php if (isset($filterent['id'])) echo $filterent['id']." "; else echo " "; ?><?=$textse;?> + </td> <?php pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tr"); ?> - <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?> + <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?> <?php if (isset($filterent['ipprotocol'])) { - switch($filterent['ipprotocol']) { + switch ($filterent['ipprotocol']) { case "inet": echo "IPv4 "; break; @@ -635,32 +682,34 @@ include("head.inc"); echo strtoupper($filterent['protocol']); if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) { echo ' <span style="cursor: help;" title="ICMP type: ' . - ( $filterent['ipprotocol'] == "inet6" ? $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']] ) . + ($filterent['ipprotocol'] == "inet6" ? $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']]) . '"><u>'; echo $filterent['icmptype']; echo '</u></span>'; } - } else echo "*"; + } else { + echo "*"; + } ?> - <?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['source']['port'])); ?><?php echo $alias_src_port_span_end;?><?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['destination'])); ?><?php echo $alias_dst_span_end;?><?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['destination']['port'])); ?><?php echo $alias_dst_port_span_end;?><?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?><?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])) echo htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr']); else echo htmlspecialchars(pprint_port($filterent['gateway'])); ?><?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?> + <?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['source']['port'])); ?><?php echo $alias_src_port_span_end;?><?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['destination'])); ?><?php echo $alias_dst_span_end;?><?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['destination']['port'])); ?><?php echo $alias_dst_port_span_end;?><?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?><?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])) echo htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr']); else echo htmlspecialchars(pprint_port($filterent['gateway'])); ?><?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?> <?php if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) { $desc = $filterent['ackqueue'] ; @@ -670,85 +719,92 @@ include("head.inc"); } else if (isset($filterent['defaultqueue'])) { $desc = $filterent['defaultqueue']; echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>"; - } else + } else { echo gettext("none"); + } ?> - <?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"><font color="black"> - <?php if ($printicon) { ?><img src="./themes/<?= $g['theme']; ?>/images/icons/<?php echo $image; ?>.gif" title="<?php echo $alttext;?>" border="0" alt="icon" /><?php } ?><?=$textss;?><?php echo $schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?> <?php echo $schedule_span_end; ?><?=$textse;?> - </font></td> + <?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <font color="black"> + <?php if ($printicon) { ?><img src="./themes/<?= $g['theme']; ?>/images/icons/<?php echo $image; ?>.gif" title="<?php echo $alttext;?>" border="0" alt="icon" /><?php } ?><?=$textss;?><?php echo $schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?> <?php echo $schedule_span_end; ?><?=$textse;?> + </font> + </td> <?php pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_descr_tr"); ?> - <td class="listbg descr" onclick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> - <?=$textss;?><?=htmlspecialchars($filterent['descr']);?> <?=$textse;?> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="move before"> - <tr> - <td><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17" title="<?=gettext("move selected rules before this rule"); ?>" onmouseover="fr_insline(<?=$nrules;?>, true)" onmouseout="fr_insline(<?=$nrules;?>, false)" /></td> - <td><a href="firewall_rules_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule"); ?>" width="17" height="17" border="0" alt="edit" /></a></td> - </tr> - <tr> - <td align="center" valign="middle"><a href="firewall_rules.php?act=del&if=<?=htmlspecialchars($if);?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>" onclick="return confirm('Do you really want to delete this rule?')" alt="delete" /></a></td> - <td><a href="firewall_rules_edit.php?dup=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new rule based on this one"); ?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> + <td class="listbg descr" onclick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"> + <?=$textss;?><?=htmlspecialchars($filterent['descr']);?> <?=$textse;?> + </td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="move before"> + <tr> + <td><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17" title="<?=gettext("move selected rules before this rule"); ?>" onmouseover="fr_insline(<?=$nrules;?>, true)" onmouseout="fr_insline(<?=$nrules;?>, false)" /></td> + <td><a href="firewall_rules_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule"); ?>" width="17" height="17" border="0" alt="edit" /></a></td> + </tr> + <tr> + <td align="center" valign="middle"><a href="firewall_rules.php?act=del&if=<?=htmlspecialchars($if);?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>" onclick="return confirm('Do you really want to delete this rule?')" alt="delete" /></a></td> + <td><a href="firewall_rules_edit.php?dup=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new rule based on this one"); ?>" width="17" height="17" border="0" alt="add" /></a></td> + </tr> + </table> + </td> </tr> <?php $nrules++; endfor; ?> - <tr><td></td></tr></tbody> + <tr><td></td></tr> + </tbody> <?php if ($nrules == 0): ?> <tr> - <td class="listt"></td> - <td class="listt"></td> - <td class="listlr" colspan="10" align="center" valign="middle"> - <span class="gray"> + <td class="listt"></td> + <td class="listt"></td> + <td class="listlr" colspan="10" align="center" valign="middle"> + <span class="gray"> <?php if ($_REQUEST['if'] == "FloatingRules"): ?> - <?=gettext("No floating rules are currently defined."); ?><br /><br /> + <?=gettext("No floating rules are currently defined."); ?><br /><br /> <?php else: ?> - <?=gettext("No rules are currently defined for this interface"); ?><br /> - <?=gettext("All incoming connections on this interface will be blocked until you add pass rules."); ?><br /><br /> + <?=gettext("No rules are currently defined for this interface"); ?><br /> + <?=gettext("All incoming connections on this interface will be blocked until you add pass rules."); ?><br /><br /> <?php endif; ?> - <?=gettext("Click the"); ?> <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" border="0" width="17" height="17" align="middle" alt="add" /></a><?=gettext(" button to add a new rule.");?></span> - </td> + <?=gettext("Click the"); ?> <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" border="0" width="17" height="17" align="middle" alt="add" /></a><?=gettext(" button to add a new rule.");?></span> + </td> </tr> <?php endif; ?> <tr id="fr<?=$nrules;?>"> - <td class="list"></td> - <td class="list"></td> + <td class="list"></td> + <td class="list"></td> <?php pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tr_belowtable"); ?> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> </td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="move rules"> - <tr> - <td> - <?php if ($nrules == 0): ?><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end");?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17" title="<?=gettext("move selected rules to end");?>" onmouseover="fr_insline(<?=$nrules;?>, true)" onmouseout="fr_insline(<?=$nrules;?>, false)" /><?php endif; ?></td> - <td></td> - </tr> - <tr> - <td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="move rules"> + <tr> + <td> + <?php if ($nrules == 0): ?><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end");?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17" title="<?=gettext("move selected rules to end");?>" onmouseover="fr_insline(<?=$nrules;?>, true)" onmouseout="fr_insline(<?=$nrules;?>, false)" /><?php endif; ?> + </td> + <td></td> + </tr> + <tr> + <td> <?php if ($nrules == 0): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" /><?php else: ?> - <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" style="width:17;height:17" title="<?=gettext("delete selected rules");?>" onclick="return confirm('<?=gettext('Do you really want to delete the selected rules?');?>')" /> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" /><?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" style="width:17;height:17" title="<?=gettext("delete selected rules");?>" onclick="return confirm('<?=gettext('Do you really want to delete the selected rules?');?>')" /> <?php endif; ?> - </td> - <td><a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> + </td> + <td> + <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" width="17" height="17" border="0" alt="add" /></a> + </td> + </tr> + </table> + </td> </tr> </table> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0" summary="icons"> @@ -807,12 +863,11 @@ include("head.inc"); </li> <?php endif; ?> </ul> - </td> + </td> </tr> </table> </div> - </td> - </tr> + </td></tr> </table> <input type="hidden" name="if" value="<?=htmlspecialchars($if);?>" /> </form> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 03c6912..9d610ea 100644 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -66,8 +66,9 @@ function is_aoadv_used($rule_config) { ($rule_config['max-src-states'] != "") || ($rule_config['max-src-conn-rate'] != "") || ($rule_config['max-src-conn-rates'] != "") || - ($rule_config['statetimeout'] != "")) + ($rule_config['statetimeout'] != "")) { return true; + } return false; } @@ -107,98 +108,121 @@ if (!is_array($config['filter']['rule'])) { filter_rules_sort(); $a_filter = &$config['filter']['rule']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (is_numericint($_GET['after']) || $_GET['after'] == "-1") +if (is_numericint($_GET['after']) || $_GET['after'] == "-1") { $after = $_GET['after']; -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) +} +if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { $after = $_POST['after']; +} if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_filter[$id]) { $pconfig['interface'] = $a_filter[$id]['interface']; - if (isset($a_filter[$id]['id'])) + if (isset($a_filter[$id]['id'])) { $pconfig['ruleid'] = $a_filter[$id]['id']; + } - if ( isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']) ) + if (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])) { $pconfig['created'] = $a_filter[$id]['created']; + } - if ( isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated']) ) + if (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated'])) { $pconfig['updated'] = $a_filter[$id]['updated']; + } - if (!isset($a_filter[$id]['type'])) + if (!isset($a_filter[$id]['type'])) { $pconfig['type'] = "pass"; - else + } else { $pconfig['type'] = $a_filter[$id]['type']; + } if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") { $pconfig['floating'] = $a_filter[$id]['floating']; - if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "") + if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "") { $pconfig['interface'] = $a_filter[$id]['interface']; + } } - if (isset($a_filter['floating'])) + if (isset($a_filter['floating'])) { $pconfig['floating'] = "yes"; + } - if (isset($a_filter[$id]['direction'])) + if (isset($a_filter[$id]['direction'])) { $pconfig['direction'] = $a_filter[$id]['direction']; + } - if (isset($a_filter[$id]['ipprotocol'])) + if (isset($a_filter[$id]['ipprotocol'])) { $pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol']; + } - if (isset($a_filter[$id]['protocol'])) + if (isset($a_filter[$id]['protocol'])) { $pconfig['proto'] = $a_filter[$id]['protocol']; - else + } else { $pconfig['proto'] = "any"; + } - if ($a_filter[$id]['protocol'] == "icmp") + if ($a_filter[$id]['protocol'] == "icmp") { $pconfig['icmptype'] = $a_filter[$id]['icmptype']; + } address_to_pconfig($a_filter[$id]['source'], $pconfig['src'], $pconfig['srcmask'], $pconfig['srcnot'], $pconfig['srcbeginport'], $pconfig['srcendport']); - if($a_filter[$id]['os'] <> "") + if ($a_filter[$id]['os'] <> "") { $pconfig['os'] = $a_filter[$id]['os']; + } address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'], $pconfig['dstmask'], $pconfig['dstnot'], $pconfig['dstbeginport'], $pconfig['dstendport']); - if ($a_filter[$id]['dscp'] <> "") + if ($a_filter[$id]['dscp'] <> "") { $pconfig['dscp'] = $a_filter[$id]['dscp']; + } $pconfig['disabled'] = isset($a_filter[$id]['disabled']); $pconfig['log'] = isset($a_filter[$id]['log']); $pconfig['descr'] = $a_filter[$id]['descr']; - if (isset($a_filter[$id]['tcpflags_any'])) + if (isset($a_filter[$id]['tcpflags_any'])) { $pconfig['tcpflags_any'] = true; - else { - if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "") + } else { + if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "") { $pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1']; - if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "") + } + if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "") { $pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2']; + } } - if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "") + if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "") { $pconfig['tag'] = $a_filter[$id]['tag']; - if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "") + } + if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "") { $pconfig['tagged'] = $a_filter[$id]['tagged']; - if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick']) + } + if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick']) { $pconfig['quick'] = $a_filter[$id]['quick']; - if (isset($a_filter[$id]['allowopts'])) + } + if (isset($a_filter[$id]['allowopts'])) { $pconfig['allowopts'] = true; - if (isset($a_filter[$id]['disablereplyto'])) + } + if (isset($a_filter[$id]['disablereplyto'])) { $pconfig['disablereplyto'] = true; + } /* advanced */ $pconfig['max'] = $a_filter[$id]['max']; @@ -230,15 +254,17 @@ if (isset($id) && $a_filter[$id]) { $pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']); $pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']); $pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']); - if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) { $pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; + } $pconfig['tracker'] = $a_filter[$id]['tracker']; } else { /* defaults */ - if ($_GET['if']) + if ($_GET['if']) { $pconfig['interface'] = $_GET['if']; + } $pconfig['type'] = "pass"; $pconfig['src'] = "any"; $pconfig['dst'] = "any"; @@ -246,8 +272,9 @@ if (isset($id) && $a_filter[$id]) { /* Allow the FloatingRules to work */ $if = $pconfig['interface']; -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); +} read_altq_config(); /* XXX: */ $qlist =& get_unique_queue_list(); @@ -260,27 +287,28 @@ $a_gatewaygroups = return_gateway_groups_array(); if ($_POST) { unset($input_errors); - if( isset($a_filter[$id]['associated-rule-id']) ) { + if (isset($a_filter[$id]['associated-rule-id'])) { $_POST['proto'] = $pconfig['proto']; - if ($pconfig['proto'] == "icmp") + if ($pconfig['proto'] == "icmp") { $_POST['icmptype'] = $pconfig['icmptype']; + } } if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "")) { - if(is_array($config['gateways']['gateway_group'])) { - foreach($config['gateways']['gateway_group'] as $gw_group) { - if($gw_group['name'] == $_POST['gateway']) { + if (is_array($config['gateways']['gateway_group'])) { + foreach ($config['gateways']['gateway_group'] as $gw_group) { + if ($gw_group['name'] == $_POST['gateway']) { $family = $a_gatewaygroups[$_POST['gateway']]['ipprotocol']; - if($_POST['ipprotocol'] == $family) { + if ($_POST['ipprotocol'] == $family) { continue; } - if(($_POST['ipprotocol'] == "inet46") && ($_POST['ipprotocol'] != $family)) { + if (($_POST['ipprotocol'] == "inet46") && ($_POST['ipprotocol'] != $family)) { $input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6"); } - if(($_POST['ipprotocol'] == "inet6") && ($_POST['ipprotocol'] != $family)) { + if (($_POST['ipprotocol'] == "inet6") && ($_POST['ipprotocol'] != $family)) { $input_errors[] = gettext("You can not assign an IPv4 gateway group on IPv6 Address Family rule"); } - if(($_POST['ipprotocol'] == "inet") && ($_POST['ipprotocol'] != $family)) { + if (($_POST['ipprotocol'] == "inet") && ($_POST['ipprotocol'] != $family)) { $input_errors[] = gettext("You can not assign an IPv6 gateway group on IPv4 Address Family rule"); } } @@ -288,19 +316,20 @@ if ($_POST) { } } if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "") && (is_ipaddr(lookup_gateway_ip_by_name($_POST['gateway'])))) { - if(($_POST['ipprotocol'] == "inet46") && ($_POST['gateway'] <> "")) { + if (($_POST['ipprotocol'] == "inet46") && ($_POST['gateway'] <> "")) { $input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6"); } - if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) { + if (($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) { $input_errors[] = gettext("You can not assign an IPv4 Gateway to an IPv6 Filter rule"); } - if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) { + if (($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) { $input_errors[] = gettext("You can not assign an IPv6 Gateway to an IPv4 Filter rule"); } } - if (($_POST['proto'] == "icmp") && ($_POST['icmptype'] <> "")){ - if($_POST['ipprotocol'] == "inet46") + if (($_POST['proto'] == "icmp") && ($_POST['icmptype'] <> "")) { + if ($_POST['ipprotocol'] == "inet46") { $input_errors[] = gettext("You can not assign a ICMP type to a rule that applies to IPv4 and IPv6"); + } } if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { @@ -309,83 +338,95 @@ if ($_POST) { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } else { - if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) { $_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']); - if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + } + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) { $_POST['srcendport'] = trim($_POST['srcendport_cust']); + } if ($_POST['srcbeginport'] == "any") { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; } else { - if (!$_POST['srcendport']) + if (!$_POST['srcendport']) { $_POST['srcendport'] = $_POST['srcbeginport']; + } } - if ($_POST['srcendport'] == "any") + if ($_POST['srcendport'] == "any") { $_POST['srcendport'] = $_POST['srcbeginport']; + } - if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) { $_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']); - if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + } + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) { $_POST['dstendport'] = trim($_POST['dstendport_cust']); + } if ($_POST['dstbeginport'] == "any") { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } else { - if (!$_POST['dstendport']) + if (!$_POST['dstendport']) { $_POST['dstendport'] = $_POST['dstbeginport']; + } } - if ($_POST['dstendport'] == "any") + if ($_POST['dstendport'] == "any") { $_POST['dstendport'] = $_POST['dstbeginport']; + } } if (is_specialnet($_POST['srctype'])) { $_POST['src'] = $_POST['srctype']; $_POST['srcmask'] = 0; } else if ($_POST['srctype'] == "single") { - if (is_ipaddrv6($_POST['src'])) + if (is_ipaddrv6($_POST['src'])) { $_POST['srcmask'] = 128; - else + } else { $_POST['srcmask'] = 32; + } } if (is_specialnet($_POST['dsttype'])) { $_POST['dst'] = $_POST['dsttype']; $_POST['dstmask'] = 0; } else if ($_POST['dsttype'] == "single") { - if (is_ipaddrv6($_POST['dst'])) + if (is_ipaddrv6($_POST['dst'])) { $_POST['dstmask'] = 128; - else + } else { $_POST['dstmask'] = 32; + } } $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "type proto"); - if ( isset($a_filter[$id]['associated-rule-id'])===false ) { + if (isset($a_filter[$id]['associated-rule-id'])===false) { $reqdfields[] = "src"; $reqdfields[] = "dst"; } $reqdfieldsn = explode(",", "Type,Protocol"); - if ( isset($a_filter[$id]['associated-rule-id'])===false ) { + if (isset($a_filter[$id]['associated-rule-id'])===false) { $reqdfieldsn[] = "Source"; $reqdfieldsn[] = "Destination"; } - if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") { - if( $_POST['proto'] != "tcp" ) + if ($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") { + if ($_POST['proto'] != "tcp") { $input_errors[] = sprintf(gettext("%s is only valid with protocol TCP."),$_POST['statetype']); - if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != "")) + } + if (($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != "")) { $input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']); + } } - if ( isset($a_filter[$id]['associated-rule-id'])===false && - (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) ) { + if (isset($a_filter[$id]['associated-rule-id'])===false && + (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single")))) { $reqdfields[] = "srcmask"; $reqdfieldsn[] = "Source bit count"; } - if ( isset($a_filter[$id]['associated-rule-id'])===false && - (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) ) { + if (isset($a_filter[$id]['associated-rule-id'])===false && + (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single")))) { $reqdfields[] = "dstmask"; $reqdfieldsn[] = gettext("Destination bit count"); } @@ -401,48 +442,64 @@ if ($_POST) { $_POST['dstendport'] = 0; } - if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) + if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']); - if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) + } + if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']); - if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) + } + if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']); - if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) + } + if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']); - if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) - if (is_alias($_POST['srcendport_cust'])) + } + if (!$_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) { + if (is_alias($_POST['srcendport_cust'])) { $input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field'; - if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){ - if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust']) + } + } + if ($_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) { + if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust']) { $input_errors[] = 'The same port alias must be used in Source port range from: and to: fields'; + } if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) || - ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust']))) + ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust']))) { $input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field'; + } } - if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) - if (is_alias($_POST['dstendport_cust'])) + if (!$_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) { + if (is_alias($_POST['dstendport_cust'])) { $input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field'; - if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){ - if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust']) + } + } + if ($_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) { + if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust']) { $input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields'; + } if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) || - ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust']))) + ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust']))) { $input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field'; + } } - if ($_POST['src']) + if ($_POST['src']) { $_POST['src'] = trim($_POST['src']); - if ($_POST['dst']) + } + if ($_POST['dst']) { $_POST['dst'] = trim($_POST['dst']); + } /* if user enters an alias and selects "network" then disallow. */ - if($_POST['srctype'] == "network") { - if(is_alias($_POST['src'])) + if ($_POST['srctype'] == "network") { + if (is_alias($_POST['src'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); + } } - if($_POST['dsttype'] == "network") { - if(is_alias($_POST['dst'])) + if ($_POST['dsttype'] == "network") { + if (is_alias($_POST['dst'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); + } } if (!is_specialnet($_POST['srctype'])) { @@ -461,17 +518,21 @@ if ($_POST) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } - if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) { - if(!validate_address_family($_POST['src'], $_POST['dst'])) + if ((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) { + if (!validate_address_family($_POST['src'], $_POST['dst'])) { $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']); - if((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet")) + } + if ((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet")) { $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules."); - if((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6")) + } + if ((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6")) { $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules."); + } } - if((is_ipaddr($_POST['src']) || is_ipaddr($_POST['dst'])) && ($_POST['ipprotocol'] == "inet46")) + if ((is_ipaddr($_POST['src']) || is_ipaddr($_POST['dst'])) && ($_POST['ipprotocol'] == "inet46")) { $input_errors[] = gettext("You can not use a IPv4 or IPv6 address in combined IPv4 + IPv6 rules."); + } if ($_POST['srcbeginport'] > $_POST['srcendport']) { /* swap */ @@ -486,115 +547,150 @@ if ($_POST) { $_POST['dstbeginport'] = $tmp; } if ($_POST['os']) { - if( $_POST['proto'] != "tcp" ) + if ($_POST['proto'] != "tcp") { $input_errors[] = gettext("OS detection is only valid with protocol TCP."); - if (!in_array($_POST['os'], $ostypes)) + } + if (!in_array($_POST['os'], $ostypes)) { $input_errors[] = gettext("Invalid OS detection selection. Please select a valid OS."); + } } if ($_POST['ackqueue'] != "") { - if ($_POST['defaultqueue'] == "" ) + if ($_POST['defaultqueue'] == "") { $input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too."); - else if ($_POST['ackqueue'] == $_POST['defaultqueue']) + } else if ($_POST['ackqueue'] == $_POST['defaultqueue']) { $input_errors[] = gettext("Acknowledge queue and Queue cannot be the same."); + } } - if (isset($_POST['floating']) && $_POST['pdnpipe'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) + if (isset($_POST['floating']) && $_POST['pdnpipe'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) { $input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction."); - if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) + } + if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) { $input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction."); + } if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "") { - if ($_POST['dnpipe'] == "" ) + if ($_POST['dnpipe'] == "") { $input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too."); - else if ($_POST['pdnpipe'] == $_POST['dnpipe']) + } else if ($_POST['pdnpipe'] == $_POST['dnpipe']) { $input_errors[] = gettext("In and Out Queue cannot be the same."); - else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?") + } else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?") { $input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. Both must be from the same type."); - else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?") + } else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?") { $input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. Both must be from the same type."); - if ($_POST['direction'] == "out" && empty($_POST['gateway'])) + } + if ($_POST['direction'] == "out" && empty($_POST['gateway'])) { $input_errors[] = gettext("Please select a gateway, normally the interface selected gateway, so the limiters work correctly"); + } } - if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid'])) + if (!empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid'])) { $input_errors[] = gettext('ID must be an integer'); - if($_POST['l7container'] && $_POST['l7container'] != "") { - if(!($_POST['proto'] == "tcp" || $_POST['proto'] == "udp" || $_POST['proto'] == "tcp/udp")) + } + if ($_POST['l7container'] && $_POST['l7container'] != "") { + if (!($_POST['proto'] == "tcp" || $_POST['proto'] == "udp" || $_POST['proto'] == "tcp/udp")) { $input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols"); - if ($_POST['type'] <> "pass") + } + if ($_POST['type'] <> "pass") { $input_errors[] = gettext("You can only select a layer7 container for Pass type rules."); + } } if (!in_array($_POST['proto'], array("tcp","tcp/udp"))) { - if (!empty($_POST['max-src-conn'])) + if (!empty($_POST['max-src-conn'])) { $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for TCP protocol."); - if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + } + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) { $input_errors[] = gettext("You can only specify the maximum new connections per host / per second(s) (advanced option) for TCP protocol."); - if (!empty($_POST['statetimeout'])) + } + if (!empty($_POST['statetimeout'])) { $input_errors[] = gettext("You can only specify the state timeout (advanced option) for TCP protocol."); + } } if ($_POST['type'] <> "pass") { - if (!empty($_POST['max'])) + if (!empty($_POST['max'])) { $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for Pass type rules."); - if (!empty($_POST['max-src-nodes'])) + } + if (!empty($_POST['max-src-nodes'])) { $input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for Pass type rules."); - if (!empty($_POST['max-src-conn'])) + } + if (!empty($_POST['max-src-conn'])) { $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for Pass type rules."); - if (!empty($_POST['max-src-states'])) + } + if (!empty($_POST['max-src-states'])) { $input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for Pass type rules."); - if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + } + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) { $input_errors[] = gettext("You can only specify the maximum new connections per host / per second(s) (advanced option) for Pass type rules."); - if (!empty($_POST['statetimeout'])) + } + if (!empty($_POST['statetimeout'])) { $input_errors[] = gettext("You can only specify the state timeout (advanced option) for Pass type rules."); + } } if (($_POST['statetype'] == "none") && (empty($_POST['l7container']))) { - if (!empty($_POST['max'])) + if (!empty($_POST['max'])) { $input_errors[] = gettext("You cannot specify the maximum state entries (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['max-src-nodes'])) + } + if (!empty($_POST['max-src-nodes'])) { $input_errors[] = gettext("You cannot specify the maximum number of unique source hosts (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['max-src-conn'])) + } + if (!empty($_POST['max-src-conn'])) { $input_errors[] = gettext("You cannot specify the maximum number of established connections per host (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['max-src-states'])) + } + if (!empty($_POST['max-src-states'])) { $input_errors[] = gettext("You cannot specify the maximum state entries per host (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + } + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) { $input_errors[] = gettext("You cannot specify the maximum new connections per host / per second(s) (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['statetimeout'])) + } + if (!empty($_POST['statetimeout'])) { $input_errors[] = gettext("You cannot specify the state timeout (advanced option) if statetype is none and no L7 container is selected."); + } } - if (($_POST['max'] != "") && !is_posnumericint($_POST['max'])) + if (($_POST['max'] != "") && !is_posnumericint($_POST['max'])) { $input_errors[] = gettext("Maximum state entries (advanced option) must be a positive integer"); + } - if (($_POST['max-src-nodes'] != "") && !is_posnumericint($_POST['max-src-nodes'])) + if (($_POST['max-src-nodes'] != "") && !is_posnumericint($_POST['max-src-nodes'])) { $input_errors[] = gettext("Maximum number of unique source hosts (advanced option) must be a positive integer"); + } - if (($_POST['max-src-conn'] != "") && !is_posnumericint($_POST['max-src-conn'])) + if (($_POST['max-src-conn'] != "") && !is_posnumericint($_POST['max-src-conn'])) { $input_errors[] = gettext("Maximum number of established connections per host (advanced option) must be a positive integer"); + } - if (($_POST['max-src-states'] != "") && !is_posnumericint($_POST['max-src-states'])) + if (($_POST['max-src-states'] != "") && !is_posnumericint($_POST['max-src-states'])) { $input_errors[] = gettext("Maximum state entries per host (advanced option) must be a positive integer"); + } - if (($_POST['max-src-conn-rate'] != "") && !is_posnumericint($_POST['max-src-conn-rate'])) + if (($_POST['max-src-conn-rate'] != "") && !is_posnumericint($_POST['max-src-conn-rate'])) { $input_errors[] = gettext("Maximum new connections per host / per second(s) (advanced option) must be a positive integer"); + } - if (($_POST['statetimeout'] != "") && !is_posnumericint($_POST['statetimeout'])) + if (($_POST['statetimeout'] != "") && !is_posnumericint($_POST['statetimeout'])) { $input_errors[] = gettext("State timeout (advanced option) must be a positive integer"); + } - if ((($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] == "")) || - (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> ""))) + if ((($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] == "")) || + (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> ""))) { $input_errors[] = gettext("Both maximum new connections per host and the interval (per second(s)) must be specified"); + } if (!$_POST['tcpflags_any']) { $settcpflags = array(); $outoftcpflags = array(); foreach ($tcpflags as $tcpflag) { - if ($_POST['tcpflags1_' . $tcpflag] == "on") + if ($_POST['tcpflags1_' . $tcpflag] == "on") { $settcpflags[] = $tcpflag; - if ($_POST['tcpflags2_' . $tcpflag] == "on") + } + if ($_POST['tcpflags2_' . $tcpflag] == "on") { $outoftcpflags[] = $tcpflag; + } } - if (empty($outoftcpflags) && !empty($settcpflags)) + if (empty($outoftcpflags) && !empty($settcpflags)) { $input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well."); + } } // Allow extending of the firewall edit page and include custom input validation @@ -607,11 +703,13 @@ if ($_POST) { $filterent['tracker'] = empty($_POST['tracker']) ? (int)microtime(true) : $_POST['tracker']; $filterent['type'] = $_POST['type']; - if (isset($_POST['interface'] )) + if (isset($_POST['interface'])) { $filterent['interface'] = $_POST['interface']; + } - if (isset($_POST['ipprotocol'] )) + if (isset($_POST['ipprotocol'])) { $filterent['ipprotocol'] = $_POST['ipprotocol']; + } if ($_POST['tcpflags_any']) { $filterent['tcpflags_any'] = true; @@ -619,26 +717,32 @@ if ($_POST) { $settcpflags = array(); $outoftcpflags = array(); foreach ($tcpflags as $tcpflag) { - if ($_POST['tcpflags1_' . $tcpflag] == "on") + if ($_POST['tcpflags1_' . $tcpflag] == "on") { $settcpflags[] = $tcpflag; - if ($_POST['tcpflags2_' . $tcpflag] == "on") + } + if ($_POST['tcpflags2_' . $tcpflag] == "on") { $outoftcpflags[] = $tcpflag; + } } if (!empty($outoftcpflags)) { $filterent['tcpflags2'] = join(",", $outoftcpflags); - if (!empty($settcpflags)) + if (!empty($settcpflags)) { $filterent['tcpflags1'] = join(",", $settcpflags); + } } } - if (isset($_POST['tag'])) + if (isset($_POST['tag'])) { $filterent['tag'] = $_POST['tag']; - if (isset($_POST['tagged'])) + } + if (isset($_POST['tagged'])) { $filterent['tagged'] = $_POST['tagged']; + } if ($if == "FloatingRules" || isset($_POST['floating'])) { $filterent['direction'] = $_POST['direction']; - if (isset($_POST['quick']) && $_POST['quick'] <> "") + if (isset($_POST['quick']) && $_POST['quick'] <> "") { $filterent['quick'] = $_POST['quick']; + } $filterent['floating'] = "yes"; if (isset($_POST['interface']) && count($_POST['interface']) > 0) { $filterent['interface'] = implode(",", $_POST['interface']); @@ -646,14 +750,16 @@ if ($_POST) { } /* Advanced options */ - if ($_POST['allowopts'] == "yes") + if ($_POST['allowopts'] == "yes") { $filterent['allowopts'] = true; - else + } else { unset($filterent['allowopts']); - if ($_POST['disablereplyto'] == "yes") + } + if ($_POST['disablereplyto'] == "yes") { $filterent['disablereplyto'] = true; - else + } else { unset($filterent['disablereplyto']); + } $filterent['max'] = $_POST['max']; $filterent['max-src-nodes'] = $_POST['max-src-nodes']; $filterent['max-src-conn'] = $_POST['max-src-conn']; @@ -661,19 +767,21 @@ if ($_POST) { $filterent['statetimeout'] = $_POST['statetimeout']; $filterent['statetype'] = $_POST['statetype']; $filterent['os'] = $_POST['os']; - if($_POST['nopfsync'] <> "") + if ($_POST['nopfsync'] <> "") { $filterent['nopfsync'] = true; - else + } else { unset($filterent['nopfsync']); + } /* Nosync directive - do not xmlrpc sync this item */ - if($_POST['nosync'] <> "") + if ($_POST['nosync'] <> "") { $filterent['nosync'] = true; - else + } else { unset($filterent['nosync']); + } /* unless both values are provided, unset the values - ticket #650 */ - if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") { + if ($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") { $filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate']; $filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates']; } else { @@ -681,20 +789,23 @@ if ($_POST) { unset($filterent['max-src-conn-rates']); } - if ($_POST['proto'] != "any") + if ($_POST['proto'] != "any") { $filterent['protocol'] = $_POST['proto']; - else + } else { unset($filterent['protocol']); + } if ($_POST['proto'] == "icmp") { - if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type']) + if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type']) { $filterent['icmptype'] = $_POST['icmp6type']; - else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype']) + } else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype']) { $filterent['icmptype'] = $_POST['icmptype']; - else + } else { unset($filterent['icmptype']); - } else + } + } else { unset($filterent['icmptype']); + } pconfig_to_address($filterent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot'], @@ -704,18 +815,21 @@ if ($_POST) { $_POST['dstmask'], $_POST['dstnot'], $_POST['dstbeginport'], $_POST['dstendport']); - if ($_POST['disabled']) + if ($_POST['disabled']) { $filterent['disabled'] = true; - else + } else { unset($filterent['disabled']); + } - if ($_POST['dscp']) + if ($_POST['dscp']) { $filterent['dscp'] = $_POST['dscp']; + } - if ($_POST['log']) + if ($_POST['log']) { $filterent['log'] = true; - else + } else { unset($filterent['log']); + } strncpy($filterent['descr'], $_POST['descr'], 52); if ($_POST['gateway'] != "") { @@ -724,14 +838,16 @@ if ($_POST) { if ($_POST['defaultqueue'] != "") { $filterent['defaultqueue'] = $_POST['defaultqueue']; - if ($_POST['ackqueue'] != "") + if ($_POST['ackqueue'] != "") { $filterent['ackqueue'] = $_POST['ackqueue']; + } } if ($_POST['dnpipe'] != "") { $filterent['dnpipe'] = $_POST['dnpipe']; - if ($_POST['pdnpipe'] != "") + if ($_POST['pdnpipe'] != "") { $filterent['pdnpipe'] = $_POST['pdnpipe']; + } } if ($_POST['l7container'] != "") { @@ -750,49 +866,55 @@ if ($_POST) { } // If we have an associated nat rule, make sure the source and destination doesn't change - if( isset($a_filter[$id]['associated-rule-id']) ) { + if (isset($a_filter[$id]['associated-rule-id'])) { $filterent['interface'] = $a_filter[$id]['interface']; - if (isset($a_filter[$id]['protocol'])) + if (isset($a_filter[$id]['protocol'])) { $filterent['protocol'] = $a_filter[$id]['protocol']; - else if (isset($filterent['protocol'])) + } else if (isset($filterent['protocol'])) { unset($filterent['protocol']); - if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype']) + } + if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype']) { $filterent['icmptype'] = $a_filter[$id]['icmptype']; - else if (isset($filterent['icmptype'])) + } else if (isset($filterent['icmptype'])) { unset($filterent['icmptype']); + } $filterent['source'] = $a_filter[$id]['source']; $filterent['destination'] = $a_filter[$id]['destination']; $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } - if ( isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']) ) + if (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])) { $filterent['created'] = $a_filter[$id]['created']; + } $filterent['updated'] = make_config_revision_entry(); // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); - if (isset($id) && $a_filter[$id]) + if (isset($id) && $a_filter[$id]) { $a_filter[$id] = $filterent; - else { + } else { $filterent['created'] = make_config_revision_entry(); - if (is_numeric($after)) + if (is_numeric($after)) { array_splice($a_filter, $after+1, 0, array($filterent)); - else + } else { $a_filter[] = $filterent; + } } filter_rules_sort(); - if (write_config()) + if (write_config()) { mark_subsystem_dirty('filter'); + } - if (isset($_POST['floating'])) + if (isset($_POST['floating'])) { header("Location: firewall_rules.php?if=FloatingRules"); - else + } else { header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface'])); + } exit; } } @@ -868,7 +990,7 @@ include("head.inc"); </tr> <?php endif; ?> <?php $edit_disabled = ""; ?> -<?php if( isset($pconfig['associated-rule-id']) ): ?> +<?php if (isset($pconfig['associated-rule-id'])): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td> <td width="78%" class="vtable"> @@ -878,16 +1000,17 @@ include("head.inc"); <?php $edit_disabled = "disabled"; if (is_array($config['nat']['rule'])) { - foreach( $config['nat']['rule'] as $index => $nat_rule ) { - if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) { + foreach ($config['nat']['rule'] as $index => $nat_rule) { + if (isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id']) { echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br />"; break; } } } echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' />"; - if (!empty($pconfig['interface'])) + if (!empty($pconfig['interface'])) { echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' />"; + } ?> <script type="text/javascript"> //<![CDATA[ @@ -905,38 +1028,52 @@ include("head.inc"); <?php else: ?> <select name="interface" class="formselect" <?=$edit_disabled;?>> <?php endif; - /* add group interfaces */ - if (is_array($config['ifgroups']['ifgroupentry'])) - foreach($config['ifgroups']['ifgroupentry'] as $ifgen) - if (have_ruleint_access($ifgen['ifname'])) - $interfaces[$ifgen['ifname']] = $ifgen['ifname']; - $ifdescs = get_configured_interface_with_descr(); - // Allow extending of the firewall edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit"); - foreach ($ifdescs as $ifent => $ifdesc) - if(have_ruleint_access($ifent)) - $interfaces[$ifent] = $ifdesc; - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) + /* add group interfaces */ + if (is_array($config['ifgroups']['ifgroupentry'])) { + foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) { + if (have_ruleint_access($ifgen['ifname'])) { + $interfaces[$ifgen['ifname']] = $ifgen['ifname']; + } + } + } + $ifdescs = get_configured_interface_with_descr(); + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit"); + foreach ($ifdescs as $ifent => $ifdesc) { + if (have_ruleint_access($ifent)) { + $interfaces[$ifent] = $ifdesc; + } + } + if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { $interfaces['l2tp'] = "L2TP VPN"; - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + } + } + if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { $interfaces['pptp'] = "PPTP VPN"; + } + } - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { $interfaces['pppoe'] = "PPPoE Server"; + } /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (have_ruleint_access("enc0")) { $interfaces["enc0"] = "IPsec"; + } + } /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $interfaces["openvpn"] = "OpenVPN"; - if (is_array($pconfig['interface'])) + } + if (is_array($pconfig['interface'])) { $pconfig['interface'] = implode(",", $pconfig['interface']); + } $selected_interfaces = explode(",", $pconfig['interface']); foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 || in_array($iface, $selected_interfaces) )) echo "selected=\"selected\""; ?>><?=$ifacename?></option> + <option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && (strcasecmp($pconfig['interface'], $iface) == 0 || in_array($iface, $selected_interfaces))) echo "selected=\"selected\""; ?>><?=$ifacename?></option> <?php endforeach; ?> </select> <br /> @@ -954,7 +1091,7 @@ include("head.inc"); </td> <td width="78%" class="vtable"> <select name="direction" class="formselect"> - <?php $directions = array('any','in','out'); + <?php $directions = array('any','in','out'); foreach ($directions as $direction): ?> <option value="<?=$direction;?>" <?php if ($direction == $pconfig['direction']): ?> @@ -971,9 +1108,11 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td> <td width="78%" class="vtable"> <select name="ipprotocol" class="formselect" onchange="proto_change()"> - <?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6' ); - foreach ($ipproto as $proto => $name): ?> - <option value="<?=$proto;?>" + <?php + $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6'); + foreach ($ipproto as $proto => $name): + ?> + <option value="<?=$proto;?>" <?php if ($proto == $pconfig['ipprotocol']): ?> selected="selected" <?php endif; ?> @@ -1044,37 +1183,43 @@ include("head.inc"); <td> <select <?=$edit_disabled;?> name="srctype" class="formselect" onchange="typesel_change()"> <?php - $sel = is_specialnet($pconfig['src']); ?> + $sel = is_specialnet($pconfig['src']); +?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any");?></option> <option value="single" - <?php if (!$sel && - ((is_ipaddrv6($pconfig['src']) && $pconfig['srcmask'] == 128) || - (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] == 32) || is_alias($pconfig['src']))) - { echo "selected=\"selected\""; $sel = 1; } - ?> + <?php + if (!$sel && + ((is_ipaddrv6($pconfig['src']) && $pconfig['srcmask'] == 128) || + (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] == 32) || is_alias($pconfig['src']))) { + echo "selected=\"selected\""; $sel = 1; + } + ?> > <?=gettext("Single host or alias");?></option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network");?></option> - <?PHP if (isset($a_filter[$id]['floating']) || $if == "FloatingRules"): ?> - <option value="(self)" <?PHP if ($pconfig['src'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option> - <?PHP endif;?> - <?php if(have_ruleint_access("pptp")): ?> - <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option> + <?php if (isset($a_filter[$id]['floating']) || $if == "FloatingRules"): ?> + <option value="(self)" <?php if ($pconfig['src'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option> + <?php endif;?> + <?php if (have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option> <?php endif; ?> - <?php if(have_ruleint_access("pppoe")): ?> - <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option> + <?php if (have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option> <?php endif; ?> - <?php if(have_ruleint_access("l2tp")): ?> - <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option> + <?php if (have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option> <?php endif; ?> <?php - foreach ($ifdisp as $ifent => $ifdesc): ?> - <?php if(have_ruleint_access($ifent)): ?> + foreach ($ifdisp as $ifent => $ifdesc): +?> + <?php if (have_ruleint_access($ifent)): ?> <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net");?></option> <option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>> <?=$ifdesc?> <?=gettext("address");?> </option> <?php endif; ?> -<?php endforeach; ?> +<?php + endforeach; +?> </select> </td> </tr> @@ -1092,7 +1237,7 @@ include("head.inc"); </table> <div id="showadvancedboxspr"> <p> - <input <?=$edit_disabled;?> type="button" onclick="show_source_port_range()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source port range");?> + <input <?=$edit_disabled;?> type="button" onclick="show_source_port_range()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source port range");?> </p> </div> </td> @@ -1137,10 +1282,10 @@ include("head.inc"); <td width="78%" class="vtable"> <input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> /> <strong><?=gettext("not");?></strong> - <br /> + <br /> <?=gettext("Use this option to invert the sense of the match.");?> - <br /> - <br /> + <br /> + <br /> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td><?=gettext("Type:");?> </td> @@ -1150,26 +1295,28 @@ include("head.inc"); $sel = is_specialnet($pconfig['dst']); ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any");?></option> <option value="single" - <?php if (!$sel && + <?php + if (!$sel && ((is_ipaddrv6($pconfig['dst']) && $pconfig['dstmask'] == 128) || - (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] == 32) || is_alias($pconfig['dst']))) - { echo "selected=\"selected\""; $sel = 1; } + (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] == 32) || is_alias($pconfig['dst']))) { + echo "selected=\"selected\""; $sel = 1; + } ?> ><?=gettext("Single host or alias");?></option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network");?></option> <option value="(self)" <?PHP if ($pconfig['dst'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option> - <?php if(have_ruleint_access("pptp")): ?> + <?php if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option> <?php endif; ?> - <?php if(have_ruleint_access("pppoe")): ?> + <?php if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option> <?php endif; ?> - <?php if(have_ruleint_access("l2tp")): ?> + <?php if (have_ruleint_access("l2tp")): ?> <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option> <?php endif; ?> <?php foreach ($ifdisp as $if => $ifdesc): ?> - <?php if(have_ruleint_access($if)): ?> + <?php if (have_ruleint_access($if)): ?> <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net");?></option> <option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>> <?=$ifdesc;?> <?=gettext("address");?> @@ -1185,9 +1332,7 @@ include("head.inc"); <input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" /> / <select <?=$edit_disabled;?> name="dstmask" class="formselect ipv4v6" id="dstmask"> -<?php - for ($i = 127; $i > 0; -$i--): ?> +<?php for ($i = 127; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> <?php endfor; ?> </select> @@ -1223,7 +1368,7 @@ $i--): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars("{$wkportdesc} ({$wkport})");?></option> <?php endforeach; ?> </select> - <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" /> + <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" /> </td> </tr> </table> @@ -1282,12 +1427,9 @@ $i--): ?> <?=gettext("OS Type:");?> <select name="os" id="os" class="formselect"> <option value="" <?php if (empty($pconfig['os'])) echo "selected=\"selected\""; ?>>Any</option> -<?php - foreach ($ostypes as $ostype): ?> +<?php foreach ($ostypes as $ostype): ?> <option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($ostype);?></option> -<?php - endforeach; -?> +<?php endforeach; ?> </select> <br /> <?=gettext("Note: this only works for TCP rules. General OS choice matches all subtypes.");?> @@ -1303,8 +1445,8 @@ $i--): ?> <div id="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>> <select name="dscp" id="dscp"> <option value=""></option> - <?php foreach($firewall_rules_dscp_types as $frdt): ?> - <option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " selected=\"selected\""; ?>><?=$frdt?></option> + <?php foreach ($firewall_rules_dscp_types as $frdt): ?> + <option value="<?=$frdt?>"<?php if ($pconfig['dscp'] == $frdt) echo " selected=\"selected\""; ?>><?=$frdt?></option> <?php endforeach; ?> </select> </div> @@ -1317,10 +1459,10 @@ $i--): ?> <input type="button" onclick="show_aodiv();" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> </div> <div id="aodivmain" <?php if (!is_aoadv_used($pconfig)) echo "style='display:none'"; ?>> - <input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked=\"checked\""; ?> /> + <input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if ($pconfig['allowopts'] == true) echo " checked=\"checked\""; ?> /> <br /><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?> </span><p> - <input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked=\"checked\""; ?> /> + <input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if ($pconfig['disablereplyto'] == true) echo " checked=\"checked\""; ?> /> <br /><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?> </span></p><p> <input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>" /> @@ -1335,10 +1477,11 @@ $i--): ?> <input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>" /><br /><?=gettext(" Maximum state entries per host");?></p><p> <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>" /> / <select name="max-src-conn-rates" id="max-src-conn-rates"> - <option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected=\"selected\""; ?>></option> -<?php for($x=1; $x<255; $x++) { - if($x == $pconfig['max-src-conn-rates']) $selected = " selected=\"selected\""; else $selected = ""; - echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n"; + <option value=""<?php if (intval($pconfig['max-src-conn-rates']) < 1) echo " selected=\"selected\""; ?>></option> +<?php for ($x=1; $x<255; $x++) { + if ($x == $pconfig['max-src-conn-rates']) $selected = " selected=\"selected\""; else $selected = ""; { + echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n"; + } } ?> </select><br /> <?=gettext("Maximum new connections per host / per second(s) (TCP only)");?> @@ -1353,41 +1496,43 @@ $i--): ?> <tr id="tcpflags"> <td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td> <td width="78%" class="vtable"> - <div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] || $pconfig['tcpflags1'] || $pconfig['tcpflags2']) echo "style='display:none'"; ?>> - <input type="button" onclick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> - </div> - <div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>> - <div id="tcpheader" align="center"> - <table border="0" cellspacing="0" cellpadding="0"> - <?php - $setflags = explode(",", $pconfig['tcpflags1']); - $outofflags = explode(",", $pconfig['tcpflags2']); - $header = "<td width='40' class='nowrap'></td>"; - $tcpflags1 = "<td width='40' class='nowrap'>set</td>"; - $tcpflags2 = "<td width='40' class='nowrap'>out of</td>"; - foreach ($tcpflags as $tcpflag) { - $header .= "<td width='40' class='nowrap'><strong>" . strtoupper($tcpflag) . "</strong></td>\n"; - $tcpflags1 .= "<td width='40' class='nowrap'> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' "; - if (array_search($tcpflag, $setflags) !== false) - $tcpflags1 .= "checked=\"checked\""; - $tcpflags1 .= " /></td>\n"; - $tcpflags2 .= "<td width='40' class='nowrap'> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' "; - if (array_search($tcpflag, $outofflags) !== false) - $tcpflags2 .= "checked=\"checked\""; - $tcpflags2 .= " /></td>\n"; - } - echo "<tr id='tcpheader'>{$header}</tr>\n"; - echo "<tr id='tcpflags1'>{$tcpflags1}</tr>\n"; - echo "<tr id='tcpflags2'>{$tcpflags2}</tr>\n"; - ?> - </table> - </div> - <br /><center> - <input onclick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Any flags.");?></strong><br /></center> - <br /> - <span class="vexpl"><?=gettext("Use this to choose TCP flags that must ". - "be set or cleared for this rule to match.");?></span> - </div> + <div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] || $pconfig['tcpflags1'] || $pconfig['tcpflags2']) echo "style='display:none'"; ?>> + <input type="button" onclick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> + </div> + <div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>> + <div id="tcpheader" align="center"> + <table border="0" cellspacing="0" cellpadding="0"> + <?php + $setflags = explode(",", $pconfig['tcpflags1']); + $outofflags = explode(",", $pconfig['tcpflags2']); + $header = "<td width='40' class='nowrap'></td>"; + $tcpflags1 = "<td width='40' class='nowrap'>set</td>"; + $tcpflags2 = "<td width='40' class='nowrap'>out of</td>"; + foreach ($tcpflags as $tcpflag) { + $header .= "<td width='40' class='nowrap'><strong>" . strtoupper($tcpflag) . "</strong></td>\n"; + $tcpflags1 .= "<td width='40' class='nowrap'> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' "; + if (array_search($tcpflag, $setflags) !== false) { + $tcpflags1 .= "checked=\"checked\""; + } + $tcpflags1 .= " /></td>\n"; + $tcpflags2 .= "<td width='40' class='nowrap'> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' "; + if (array_search($tcpflag, $outofflags) !== false) { + $tcpflags2 .= "checked=\"checked\""; + } + $tcpflags2 .= " /></td>\n"; + } + echo "<tr id='tcpheader'>{$header}</tr>\n"; + echo "<tr id='tcpflags1'>{$tcpflags1}</tr>\n"; + echo "<tr id='tcpflags2'>{$tcpflags2}</tr>\n"; + ?> + </table> + </div> + <br /><center> + <input onclick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Any flags.");?></strong><br /></center> + <br /> + <span class="vexpl"><?=gettext("Use this to choose TCP flags that must ". + "be set or cleared for this rule to match.");?></span> + </div> </td> </tr> <tr> @@ -1403,10 +1548,10 @@ $i--): ?> <?=gettext("Hint: This prevents states created by this rule to be sync'ed over pfsync.");?><br /> </span><br /> <select name="statetype"> - <option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected=\"selected\""; ?>><?=gettext("keep state");?></option> - <option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected=\"selected\""; ?>><?=gettext("sloppy state");?></option> - <option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected=\"selected\""; ?>><?=gettext("synproxy state");?></option> - <option value="none"<?php if($pconfig['statetype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none");?></option> + <option value="keep state" <?php if (!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected=\"selected\""; ?>><?=gettext("keep state");?></option> + <option value="sloppy state" <?php if ($pconfig['statetype'] == "sloppy state") echo "selected=\"selected\""; ?>><?=gettext("sloppy state");?></option> + <option value="synproxy state"<?php if ($pconfig['statetype'] == "synproxy state") echo "selected=\"selected\""; ?>><?=gettext("synproxy state");?></option> + <option value="none"<?php if ($pconfig['statetype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none");?></option> </select><br /> <span class="vexpl"> <?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?> @@ -1427,7 +1572,7 @@ $i--): ?> <input type="button" onclick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> </div> <div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>> - <input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> + <input type="checkbox" name="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?> </div> </td> @@ -1442,27 +1587,31 @@ $i--): ?> <?php $vlanprio = array("none", "be", "bk", "ee", "ca", "vi", "vo", "ic", "nc"); ?> <?php $opts = ""; - foreach($vlanprio as $vprio) { - if ($vprio == $pconfig['vlanprio']) + foreach ($vlanprio as $vprio) { + if ($vprio == $pconfig['vlanprio']) { $selected = " selected=\"selected\""; - else + } else { $selected = ""; - if ($vprio == "none") + } + if ($vprio == "none") { $opts .= "<option value=\"\">{$vprio}</option>\n"; - else + } else { $opts .= "<option value=\"{$vprio}\" {$selected}>" . strtoupper($vprio) . "</option>\n"; + } } $optsset = ""; - foreach($vlanprio as $vprioset) { - if ($vprioset == $pconfig['vlanprioset']) + foreach ($vlanprio as $vprioset) { + if ($vprioset == $pconfig['vlanprioset']) { $selected = " selected=\"selected\""; - else + } else { $selected = ""; - if ($vprioset == "none") + } + if ($vprioset == "none") { $optsset .= "<option value=\"\">{$vprioset}</option>\n"; - else + } else { $optsset .= "<option value=\"{$vprioset}\" {$selected}>" . strtoupper($vprioset) . "</option>\n"; + } } ?> <select name='vlanprio'> @@ -1480,10 +1629,11 @@ $i--): ?> //build list of schedules $schedules = array(); $schedules[] = "none";//leave none to leave rule enabled all the time - if(is_array($config['schedules']['schedule'])) { + if (is_array($config['schedules']['schedule'])) { foreach ($config['schedules']['schedule'] as $schedule) { - if ($schedule['name'] <> "") + if ($schedule['name'] <> "") { $schedules[] = $schedule['name']; + } } } ?> @@ -1496,8 +1646,8 @@ $i--): ?> <div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>> <select name='sched'> <?php - foreach($schedules as $schedule) { - if($schedule == $pconfig['sched']) { + foreach ($schedules as $schedule) { + if ($schedule == $pconfig['sched']) { $selected = " selected=\"selected\""; } else { $selected = ""; @@ -1527,16 +1677,20 @@ $i--): ?> /* build a list of gateways */ $gateways = return_gateways_array(); // add statically configured gateways to list - foreach($gateways as $gwname => $gw) { - if(($pconfig['ipprotocol'] == "inet46")) + foreach ($gateways as $gwname => $gw) { + if (($pconfig['ipprotocol'] == "inet46")) { continue; - if(($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") || (is_ipaddrv6($gw['gateway'])))) + } + if (($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") || (is_ipaddrv6($gw['gateway'])))) { continue; - if(($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway'])))) + } + if (($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway'])))) { continue; - if($gw == "") + } + if ($gw == "") { continue; - if($gwname == $pconfig['gateway']) { + } + if ($gwname == $pconfig['gateway']) { $selected = " selected=\"selected\""; } else { $selected = ""; @@ -1546,9 +1700,9 @@ $i--): ?> } /* add gateway groups to the list */ if (is_array($a_gatewaygroups)) { - foreach($a_gatewaygroups as $gwg_name => $gwg_data) { - if((empty($pconfig['ipprotocol'])) || ($pconfig['ipprotocol'] == $gwg_data['ipprotocol'])) { - if($pconfig['gateway'] == $gwg_name) { + foreach ($a_gatewaygroups as $gwg_name => $gwg_data) { + if ((empty($pconfig['ipprotocol'])) || ($pconfig['ipprotocol'] == $gwg_data['ipprotocol'])) { + if ($pconfig['gateway'] == $gwg_name) { $selected = " selected=\"selected\""; } else { $selected = ""; @@ -1572,14 +1726,18 @@ $i--): ?> <div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>> <select name="dnpipe"> <?php - if (!is_array($dnqlist)) + if (!is_array($dnqlist)) { $dnqlist = array(); + } echo "<option value=\"\""; - if (!$dnqselected) echo " selected=\"selected\""; + if (!$dnqselected) { + echo " selected=\"selected\""; + } echo " >none</option>"; foreach ($dnqlist as $dnq => $dnqkey) { - if($dnq == "") + if ($dnq == "") { continue; + } echo "<option value=\"$dnq\""; if ($dnq == $pconfig['dnpipe']) { $dnqselected = 1; @@ -1588,16 +1746,19 @@ $i--): ?> echo ">{$dnq}</option>"; } ?> - </select> / - <select name="pdnpipe"> + </select> / + <select name="pdnpipe"> <?php $dnqselected = 0; echo "<option value=\"\""; - if (!$dnqselected) echo " selected=\"selected\""; + if (!$dnqselected) { + echo " selected=\"selected\""; + } echo " >none</option>"; foreach ($dnqlist as $dnq => $dnqkey) { - if($dnq == "") + if ($dnq == "") { continue; + } echo "<option value=\"$dnq\""; if ($dnq == $pconfig['pdnpipe']) { $dnqselected = 1; @@ -1606,9 +1767,9 @@ $i--): ?> echo ">{$dnq}</option>"; } ?> - </select> - <br /> - <span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br />".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br />".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span> + </select> + <br /> + <span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br />".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br />".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span> </div> </td> </tr> @@ -1616,69 +1777,79 @@ $i--): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td> <td width="78%" class="vtable"> - <div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>> - <input type="button" onclick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> - </div> - <div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>> - <select name="ackqueue"> + <div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>> + <input type="button" onclick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> + </div> + <div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>> + <select name="ackqueue"> <?php - if (!is_array($qlist)) + if (!is_array($qlist)) { $qlist = array(); + } echo "<option value=\"\""; - if (!$qselected) echo " selected=\"selected\""; + if (!$qselected) { + echo " selected=\"selected\""; + } echo " >none</option>"; foreach ($qlist as $q => $qkey) { - if($q == "") + if ($q == "") { continue; + } echo "<option value=\"$q\""; if ($q == $pconfig['ackqueue']) { $qselected = 1; echo " selected=\"selected\""; } - if (isset($ifdisp[$q])) + if (isset($ifdisp[$q])) { echo ">{$ifdisp[$q]}</option>"; - else + } else { echo ">{$q}</option>"; + } } ?> - </select> / - <select name="defaultqueue"> + </select> / + <select name="defaultqueue"> <?php $qselected = 0; echo "<option value=\"\""; - if (!$qselected) echo " selected=\"selected\""; + if (!$qselected) { + echo " selected=\"selected\""; + } echo " >none</option>"; foreach ($qlist as $q => $qkey) { - if($q == "") + if ($q == "") { continue; + } echo "<option value=\"$q\""; if ($q == $pconfig['defaultqueue']) { $qselected = 1; echo " selected=\"selected\""; } - if (isset($ifdisp[$q])) + if (isset($ifdisp[$q])) { echo ">{$ifdisp[$q]}</option>"; - else + } else { echo ">{$q}</option>"; + } } ?> - </select> + </select> <br /> <span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td> - <td width="78%" class="vtable"> - <div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>> - <input type="button" onclick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> - </div> - <div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>> - <select name="l7container"> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td> + <td width="78%" class="vtable"> + <div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>> + <input type="button" onclick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> + </div> + <div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>> + <select name="l7container"> <?php - if (!is_array($l7clist)) + if (!is_array($l7clist)) { $l7clist = array(); + } echo "<option value=\"\""; echo " >none</option>"; foreach ($l7clist as $l7ckey) { @@ -1689,15 +1860,15 @@ $i--): ?> echo ">{$l7ckey}</option>"; } ?> - </select> - <br /> - <span class="vexpl"> - <?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " . - "These are valid for TCP and UDP protocols only.");?> - </span> - </div> - </td> - </tr> + </select> + <br /> + <span class="vexpl"> + <?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " . + "These are valid for TCP and UDP protocols only.");?> + </span> + </div> + </td> + </tr> <?php // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate"); @@ -1750,7 +1921,7 @@ $has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id] ext_change(); typesel_change(); proto_change(); - <?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") || (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?> + <?php if ((!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") || (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any")): ?> show_source_port_range(); <?php endif; ?> |