diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-12-08 15:40:08 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-12-08 15:40:28 +0000 |
commit | 1ddb870bc83df15bf2322c9b28d196106e518101 (patch) | |
tree | 843ca88886c9b4ebc8ff29267d437a5609106f65 /usr | |
parent | 070a82a9df5054f2b6c8a30a3143645bf903b500 (diff) | |
download | pfsense-1ddb870bc83df15bf2322c9b28d196106e518101.zip pfsense-1ddb870bc83df15bf2322c9b28d196106e518101.tar.gz |
Ticket #140 Fix Outbound edit page to really show errors. Propperly generate rules when switching from/to AON.
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_nat_out.php | 63 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 26 |
2 files changed, 57 insertions, 32 deletions
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 62aee10..55a8469 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -83,11 +83,8 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { unset($config['nat']['advancedoutbound']['rule']); break; case "advancedoutboundnat": - $was_enabled = isset($config['nat']['advancedoutbound']['enable']); - $config['nat']['advancedoutbound']['enable'] = true; - if (isset($config['nat']['ipsecpassthru']['enable'])) - unset($config['nat']['ipsecpassthru']['enable']); - if($was_enabled == false) { + if (!isset($config['nat']['advancedoutbound']['enable'])) { + $config['nat']['advancedoutbound']['enable'] = true; /* * user has enabled advanced outbound nat -- lets automatically create entries * for all of the interfaces to make life easier on the pip-o-chap @@ -97,22 +94,56 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { foreach($ifdescrs as $if => $ifdesc) { if (interface_has_gateway($if)) continue; - if($ifdesc == "wan") - continue; - $natent = array(); $osipaddr = get_interface_ip($if); $ossubnet = get_interface_subnet($if); if (!is_ipaddr($osipaddr) || empty($ossubnet)) continue; $osn = gen_subnet($osipaddr, $ossubnet); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = "Auto created rule for {$ifdesc}"; - $natent['target'] = ""; - $natent['interface'] = "wan"; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; + foreach ($ifdescrs as $if2 => $ifdesc2) { + if (!interface_has_gateway($if2)) + continue; + /* XXX: Not yet. + $natent = array(); + $natent['nonat'] = true; + $natent['source']['network'] = "any"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto nonat TFTP proxy created rule for {$ifdesc2}"; + $natent['target'] = "tftp"; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + */ + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = "500"; + $natent['descr'] = "Auto NAT-T created rule for {$ifdesc2}"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = "500"; + $a_out[] = $natent; + + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = "5060"; + $natent['descr'] = "Auto NAT-T created rule for {$ifdesc2}"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = "5060"; + $a_out[] = $natent; + + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for {$ifdesc2}"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } } $savemsg = "Default rules for each interface have been created."; } diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 0cbd44a..8083a3c 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -62,7 +62,8 @@ if (isset($_POST['id'])) { if (isset($_GET['dup'])) { $id = $_GET['dup']; $after = $_GET['dup']; -} +} else + unset($after); if (isset($id) && $a_out[$id]) { list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']); @@ -111,13 +112,13 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if($_POST['sourceport'] <> "" and !is_numericint($_POST['sourceport'])) + if($_POST['sourceport'] <> "" && !is_port($_POST['sourceport'])) $input_errors[] = "You must supply either a valid port for the source port entry."; - if($_POST['dstport'] <> "" and !is_numericint($_POST['dstport'])) + if($_POST['dstport'] <> "" and !is_port($_POST['dstport'])) $input_errors[] = "You must supply either a valid port for the destination port entry."; - if($_POST['natport'] <> "" and !is_numericint($_POST['natport'])) + if($_POST['natport'] <> "" and !is_port($_POST['natport'])) $input_errors[] = "You must supply either a valid port for the nat port entry."; if ($_POST['source_type'] != "any") { @@ -148,13 +149,6 @@ if ($_POST) { if ($_POST['nonat'] && $_POST['staticnatport']) { $input_errors[] = "Static port cannot be used with No NAT."; } - if ($_POST['dstport'] && !is_numericint($_POST['dstport'])) { - $input_errors[] = "A valid destination port must be specified."; - } - - if ($_POST['natport'] && !is_numericint($_POST['natport'])) { - $input_errors[] = "A valid NAT port must be specified."; - } if ($_POST['target'] && !is_ipaddr($_POST['target'])) { $input_errors[] = "A valid target IP address must be specified."; @@ -262,12 +256,12 @@ if ($_POST) { $a_out[] = $natent; } } - } - mark_subsystem_dirty('natconf'); - write_config(); - header("Location: firewall_nat_out.php"); - exit; + mark_subsystem_dirty('natconf'); + write_config(); + header("Location: firewall_nat_out.php"); + exit; + } } $pgtitle = array("Firewall","NAT","Outbound","Edit"); |