diff options
71 files changed, 3443 insertions, 2549 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index c1a9ba5..83fd02c 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -564,6 +564,8 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { if(!function_exists("ldap_connect")) return; + $ous = array(); + if ($authcfg) { if (strstr($authcfg['ldap_urltype'], "Standard")) $ldapproto = "ldap"; @@ -585,8 +587,6 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { } else return false; - $ous = array(); - /* first check if there is even an LDAP server populated */ if(!$ldapserver) { log_error("ERROR! ldap_get_user_ous() backed selected with no LDAP authentication server defined."); @@ -629,8 +629,8 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { else $ldapfunc = "ldap_search"; - $search = $ldapfunc($ldap, $ldapbasedn, $ldapfilter); - $info = ldap_get_entries($ldap, $search); + $search = @$ldapfunc($ldap, $ldapbasedn, $ldapfilter); + $info = @ldap_get_entries($ldap, $search); if (is_array($info)) { foreach ($info as $inf) { @@ -743,8 +743,8 @@ function ldap_get_groups($username, $authcfg) { else $ldapfunc = "ldap_search"; - $search = $ldapfunc($ldap, $ldapdn, $ldapfilter, array($ldapgroupattribute)); - $info = ldap_get_entries($ldap, $search); + $search = @$ldapfunc($ldap, $ldapdn, $ldapfilter, array($ldapgroupattribute)); + $info = @ldap_get_entries($ldap, $search); $countem = $info["count"]; @@ -876,9 +876,9 @@ function ldap_backed($username, $passwd, $authcfg) { $ldapfunc = "ldap_search"; /* Support legacy auth container specification. */ if (stristr($ldac_split, "DC=")) - $search = $ldapfunc($ldap,$ldac_split,$ldapfilter); + $search = @$ldapfunc($ldap,$ldac_split,$ldapfilter); else - $search = $ldapfunc($ldap,"{$ldac_split},{$ldapbasedn}",$ldapfilter); + $search = @$ldapfunc($ldap,"{$ldac_split},{$ldapbasedn}",$ldapfilter); if (!$search) { log_error("Search resulted in error: " . ldap_error($ldap)); continue; @@ -1106,13 +1106,17 @@ function session_auth() { return false; /* If session timeout isn't set, we don't mark sessions stale */ - if (empty($config['system']['webgui']['session_timeout'])) { + if (!isset($config['system']['webgui']['session_timeout'])) { /* Default to 4 hour timeout if one is not set */ if ($_SESSION['last_access'] < (time() - 14400)) { $_GET['logout'] = true; $_SESSION['Logout'] = true; } else $_SESSION['last_access'] = time(); + } else if (intval($config['system']['webgui']['session_timeout']) == 0) { + /* only update if it wasn't ajax */ + if (!isAjax()) + $_SESSION['last_access'] = time(); } else { /* Check for stale session */ if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) { diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e8a7631..5dc5cd5 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -34,9 +34,10 @@ POSSIBILITY OF SUCH DAMAGE. pfSense_BUILDER_BINARIES: /sbin/sysctl /sbin/kldload /usr/sbin/tcpdump /sbin/pfctl /bin/rm - pfSense_BUILDER_BINARIES: /usr/sbin/inetd + pfSense_BUILDER_BINARIES: /usr/sbin/inetd pfSense_MODULE: filter */ + /* DISABLE_PHP_LINT_CHECKING */ /* include all configuration functions */ @@ -55,20 +56,20 @@ $filterdns = ""; function flowtable_configure() { global $config, $g; - + return; // Figure out how many flows we should reserve // sized 2x larger than the number of unique connection destinations. - if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) + if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) $maxstates = $config['system']['maximumstates']; else - $maxstates = "150000"; + $maxstates = "150000"; // nmbflows cpu count * ($maxstates * 2) $cpus = trim(`/sbin/sysctl kern.smp.cpus | /usr/bin/cut -d' ' -f2`); $nmbflows = ($cpus*($maxstates*2)); // Is flowtable enabled? if($config['system']['flowtable']) $flowtable_enable = 1; - else + else $flowtable_enable = 0; // Flowtable currently only works on 8.0 if(get_freebsd_version() == "8") { @@ -76,13 +77,13 @@ function flowtable_configure() { mwexec("/sbin/sysctl net.inet.flowtable.nmbflows={$config['system']['maximumstates']}"); mwexec("/sbin/sysctl net.inet.ip.output_flowtable_size={$nmbflows}"); } - mwexec("/sbin/sysctl net.inet.flowtable.enable={$flowtable_enable}"); - } + mwexec("/sbin/sysctl net.inet.flowtable.enable={$flowtable_enable}"); + } } function filter_load_ipfw() { global $config; - + if(!is_module_loaded("ipfw.ko")) { mute_kernel_msgs(); mwexec("/sbin/kldload ipfw"); @@ -99,7 +100,7 @@ function filter_load_ipfw() { */ mwexec("/sbin/sysctl net.inet.ip.pfil.outbound=\"pf\""); } - + /* Set ipfw state limit */ if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) { /* Set ipfw states to user defined maximum states in Advanced menu. */ @@ -148,7 +149,7 @@ function delete_states_for_down_gateways() { /* reload filter sync */ function filter_configure_sync() { - global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList, $GatewayGroupsList; + global $config, $g, $after_filter_configure_run, $FilterIflist; global $time_based_rules, $filterdns; /* Use config lock to not allow recursion and config changes during this run. */ @@ -170,27 +171,24 @@ function filter_configure_sync() { if($g['booting'] == true) echo "Configuring firewall"; - /* Lookup Gateways to be used in filter rules once */ - $GatewaysList = return_gateways_array(); - $GatewayGroupsList = return_gateway_groups_array(); - /* generate aliases */ - if($g['booting'] == true) + if($g['booting'] == true) echo "."; update_filter_reload_status("Creating aliases"); $aliases = filter_generate_aliases(); - /* generate nat rules */ - if($g['booting'] == true) + $gateways = filter_generate_gateways(); + if($g['booting'] == true) echo "."; update_filter_reload_status("Generating NAT rules"); + /* generate nat rules */ $natrules = filter_nat_rules_generate(); - /* generate pfctl rules */ - if($g['booting'] == true) + if($g['booting'] == true) echo "."; update_filter_reload_status("Generating filter rules"); + /* generate pfctl rules */ $pfrules = filter_rules_generate(); /* generate altq, limiter */ - if($g['booting'] == true) + if($g['booting'] == true) echo "."; update_filter_reload_status("Generating ALTQ queues"); $altq_queues = filter_generate_altq_queues(); @@ -220,29 +218,30 @@ function filter_configure_sync() { $rules = ""; $rules .= "{$aliases} \n"; + $rules .= "{$gateways} \n"; update_filter_reload_status("Setting up logging information"); $rules .= filter_setup_logging_interfaces(); - if($config['system']['optimization'] <> "") { + if($config['system']['optimization'] <> "") { $rules .= "set optimization {$config['system']['optimization']}\n"; if($config['system']['optimization'] == "conservative") { $rules .= "set timeout { udp.first 300, udp.single 150, udp.multiple 900 }\n"; } - } else { + } else { $rules .= "set optimization normal\n"; } if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) { /* User defined maximum states in Advanced menu. */ $rules .= "set limit states {$config['system']['maximumstates']}\n"; } else { - $max_states = pfsense_default_state_size(); - $rules .= "set limit states {$max_states}\n"; + $max_states = pfsense_default_state_size(); + $rules .= "set limit states {$max_states}\n"; } - $rules .= discover_pkg_rules("pfearly"); - + //$rules .= discover_pkg_rules("pfearly"); + // Configure flowtable support if enabled. flowtable_configure(); - + $rules .= "\n"; $rules .= "set skip on pfsync0\n"; $rules .= "\n"; @@ -254,8 +253,8 @@ function filter_configure_sync() { $rules .= "{$altq_queues}\n"; $rules .= "{$natrules}\n"; $rules .= "{$pfrules}\n"; - - $rules .= discover_pkg_rules("pflate"); + + $rules .= discover_pkg_rules("filter"); if(!file_put_contents("{$g['tmp_path']}/rules.debug", $rules, LOCK_EX)) { log_error("WARNING: Could not write new rules!"); @@ -263,7 +262,7 @@ function filter_configure_sync() { return; } - /* + /* * XXX: This are not being used for now so just comment them out. $rules = "1"; // force to be diff from oldrules $oldrules = "2"; // force to be diff from rules @@ -284,7 +283,7 @@ function filter_configure_sync() { echo "pfctl done at $mt\n"; } /* check for a error while loading the rules file. if an error has occured - * then output the contents of the error to the caller + * then output the contents of the error to the caller */ if($rules_loading <> 0) { $rules_error = exec_command("/sbin/pfctl -f {$g['tmp_path']}/rules.debug"); @@ -320,7 +319,7 @@ function filter_configure_sync() { fclose($filterdnsfd); } killbypid("{$g['tmp_path']}/filterdns.pid"); - /* + /* * FilterDNS has three debugging levels. The default choosen is 1. * Availabe are level 2 and greater then 2. */ @@ -331,17 +330,17 @@ function filter_configure_sync() { $fda = fopen("{$g['tmp_path']}/commands.txt", "w"); if($fda) { if($after_filter_configure_run) - foreach($after_filter_configure_run as $afcr) - fwrite($fda, $afcr . "\n"); + foreach($after_filter_configure_run as $afcr) + fwrite($fda, $afcr . "\n"); /* - * we need a way to let a user run a shell cmd after each - * filter_configure() call. run this xml command after - * each change. - */ - if($config['system']['afterfilterchangeshellcmd'] <> "") - fwrite($fda, $config['system']['afterfilterchangeshellcmd'] . "\n"); + * we need a way to let a user run a shell cmd after each + * filter_configure() call. run this xml command after + * each change. + */ + if($config['system']['afterfilterchangeshellcmd'] <> "") + fwrite($fda, $config['system']['afterfilterchangeshellcmd'] . "\n"); - fclose($fda); + fclose($fda); } unlock($filterlck); @@ -383,7 +382,7 @@ function filter_generate_scrubing() { $scrubrules = ""; /* disable scrub option */ foreach ($FilterIflist as $scrubif => $scrubcfg) { - if(isset($scrubcfg['virtual'])) + if(isset($scrubcfg['virtual'])) continue; /* set up MSS clamping */ if($scrubcfg['mtu'] <> "" && is_numeric($scrubcfg['mtu']) && $scrubcfg['if'] != "pppoe" && $scrubcfg['if'] != "pptp") @@ -409,7 +408,7 @@ function filter_generate_scrubing() { function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting) { global $aliastable, $filterdns; - + $addresses = split(" ", $alias); $finallist = ""; $builtlist = ""; @@ -446,10 +445,10 @@ function filter_expand_alias($alias_name) global $config; if(isset($config['aliases']['alias'])) { - foreach ($config['aliases']['alias'] as $aliased) { + foreach ($config['aliases']['alias'] as $aliased) { if($aliased['name'] == $alias_name) { $aliasnesting = array(); - $aliasaddrnesting = array(); + $aliasaddrnesting = array(); return filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); } } @@ -494,7 +493,7 @@ function filter_generate_aliases() { $aliases .= "table <{$aliased['name']}> persist\n"; else $aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n"; - + $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; } else if($aliased['type'] == "openvpn") { $openvpncfg = array(); @@ -515,7 +514,7 @@ function filter_generate_aliases() { } } $aliases .= "table <{$aliased['name']}> { {$newaddress}{$extralias} } \n"; - $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; + $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; } elseif($aliased['type'] == "urltable") { $urlfn = alias_expand_urltable($aliased['name']); if ($urlfn) { @@ -531,6 +530,69 @@ function filter_generate_aliases() { return $result; } +function filter_generate_gateways() { + global $config, $g; + + $rules = "# Gateways\n"; + + update_filter_reload_status("Creating gateway group item..."); + + /* Lookup Gateways to be used in filter rules once */ + $GatewaysList = return_gateways_array(); + $GatewayGroupsList = return_gateway_groups_array(); + + if (is_array($GatewaysList)) { + foreach ($GatewaysList as $gwname => $gateway) { + $int = $gateway['interface']; + $gwip = $gateway['gateway']; + $route = ""; + if (!is_ipaddr($gwip)) + $gwip = get_interface_gateway($gateway['friendlyiface']); + if (is_ipaddr($gwip) && !empty($int)) + $route = "route-to ( {$int} {$gwip} )"; + $rules .= "GW{$gwname} = \" {$route} \"\n"; + } + } + + if (is_array($GatewayGroupsList)) { + foreach ($GatewayGroupsList as $gateway => $members) { + $route = ""; + if (count($members) > 0) { + $foundlb = 0; + $routeto = ""; + foreach($members as $idx => $member) { + $int = $member['int']; + $gatewayip = $member['gwip']; + if (($int <> "") && is_ipaddr($gatewayip)) { + if ($g['debug']) + log_error("Setting up route with {$gatewayip} om $int"); + if ($member['weight'] > 1) { + $routeto .= str_repeat("( {$int} {$gatewayip} ) ", $member['weight']); + } else + $routeto .= "( {$int} {$gatewayip} ) "; + $foundlb = 1; + } else + log_error("An error occurred while trying to find the interface got $gatewayip . The rule has not been added."); + } + $route = ""; + if ($foundlb > 0) { + $route = " route-to { {$routeto} } "; + if ($idx > 1) { + $route .= " round-robin "; + if (isset($config['system']['lb_use_sticky'])) + $route .= " sticky-address "; + } + } + } + $rules .= "GW{$gateway} = \" {$route} \"\n"; + } + } + + $rules .= "\n"; + + return $rules; +} + /* returns space separated list of vpn subnets */ function filter_get_vpns_list() { global $config; @@ -624,7 +686,7 @@ function filter_generate_optcfg_array() { $oic['bridge'] = link_interface_to_bridge($if); $FilterIflist[$if] = $oic; } - + if($config['pptpd']['mode'] == "server" || $config['pptpd']['mode'] == "redir") { $oic = array(); $oic['if'] = 'pptp'; @@ -652,7 +714,7 @@ function filter_generate_optcfg_array() { $oic['mode'] = $config['l2tp']['mode']; $oic['virtual'] = true; $FilterIflist['l2tp'] = $oic; - } + } if($config['pppoe']['mode'] == "server") { $oic = array(); $oic['if'] = 'pppoe'; @@ -710,7 +772,7 @@ function filter_flush_state_table() { return mwexec("/sbin/pfctl -F state"); } -function filter_generate_reflection($rule, $extport, &$starting_localhost_port, &$reflection_txt) { +function filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, &$starting_localhost_port, &$reflection_txt) { global $FilterIflist, $config; // Initialize natrules holder string @@ -739,18 +801,19 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port, update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); - if($extport[1]) - $range_end = ($extport[1]); + if($dstport[1]) + $range_end = ($dstport[1]); else - $range_end = ($extport[0]); + $range_end = ($dstport[0]); $range_end++; + /* TODO: support multiple ip's in an alias. */ - if (is_alias($rule['external-address'])) - $extaddr = filter_expand_alias($rule['external-address']); - else if(is_ipaddr($rule['external-address'])) - $extaddr = $rule['external-address']; + if (is_alias($rule['destination']['address'])) + $dstaddr = filter_expand_alias($rule['destination']['address']); + else if(is_ipaddr($rule['destination']['address'])) + $dstaddr = $rule['destination']['address']; else if (is_ipaddr($FilterIflist[$rule['interface']]['ip'])) - $extaddr = $FilterIflist[$rule['interface']]['ip']; + $dstaddr = $FilterIflist[$rule['interface']]['ip']; else return "\n"; @@ -765,8 +828,8 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port, if($rule['local-port']) $lrange_start = $rule['local-port']; - if($range_end - $extport[0] > 500) { - $range_end = $extport[0]+1; + if($range_end - $dstport[0] > 500) { + $range_end = $dstport[0]+1; log_error("Not installing nat reflection rules for a port range > 500"); /* only install reflection rules for < 19991 items */ } else if($starting_localhost_port < 19991) { @@ -783,21 +846,21 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port, } $inetdport = $starting_localhost_port; - if(($range_end - 1) > $extport[0]) { + if(($range_end - 1) > $dstport[0]) { $rflctrange = "{$starting_localhost_port}"; - $delta = $range_end - $extport[0] - 1; + $delta = $range_end - $dstport[0] - 1; if(($starting_localhost_port + $delta) > 19990) { - log_error("Installing partial nat reflection rules. Maximum 1,000 reached."); - $delta = 19990 - $starting_localhost_port; - } + log_error("Installing partial nat reflection rules. Maximum 1,000 reached."); + $delta = 19990 - $starting_localhost_port; + } $starting_localhost_port = $starting_localhost_port + $delta; $rflctrange .= ":{$starting_localhost_port}"; - $rflctintrange = "{$extport[0]}:{$range_end}"; + $rflctintrange = "{$dstport[0]}:{$range_end}"; if($rflctnorange) $toadd_array = range($loc_pt, $loc_pt + $delta); } else { $rflctrange = $starting_localhost_port; - $rflctintrange = $extport[0]; + $rflctintrange = $dstport[0]; if($rflctnorange) $toadd_array = array($loc_pt); $starting_localhost_port++; @@ -811,7 +874,8 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port, $reflection_txt[] = "{$inetdport}\tdgram\tudp\tnowait/0\tnobody\t/usr/bin/nc\tnc -u -w {$reflectiontimeout} {$target} {$tda}\n"; $inetdport++; } - $natrules .= "rdr on {$rdr_if_list} proto {$protocol} from any to {$extaddr} port {$rflctintrange} tag PFREFLECT -> 127.0.0.1 port {$rflctrange}\n"; + $natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT" . + ($nordr == "" ? " -> 127.0.0.1 port {$rflctrange}" : "") . "\n"; break; case "tcp": case "udp": @@ -827,7 +891,8 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port, $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"; $inetdport++; } - $natrules .= "rdr on {$rdr_if_list} proto {$protocol} from any to {$extaddr} port {$rflctintrange} tag PFREFLECT -> 127.0.0.1 port {$rflctrange}\n"; + $natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT" . + ($nordr == "" ? " -> 127.0.0.1 port {$rflctrange}" : "") . "\n"; break; } } @@ -852,7 +917,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " else $tgt = "($if)"; } - /* Add the protocol, if defined */ + /* Add the protocol, if defined */ if (!empty($proto) && $proto != "any") $protocol = " proto {$proto}"; else @@ -879,7 +944,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " if(!$natport) $staticnatport_txt = " port 1024:65535"; // set source port range else - $staticnatport_txt = ""; + $staticnatport_txt = ""; /* Allow for negating NAT entries */ if($nonat) { $nat = "no nat"; @@ -902,7 +967,7 @@ function filter_nat_rules_generate() { global $config, $g, $after_filter_configure_run, $FilterIflist; $natrules = "nat-anchor \"natearly/*\"\n"; - + $natrules .= "nat-anchor \"natrules/*\"\n\n"; update_filter_reload_status("Creating 1:1 rules..."); @@ -915,7 +980,7 @@ function filter_nat_rules_generate() { $sn = $natent['subnet']; if(!$natent['interface']) $natif = "wan"; - else + else $natif = $natent['interface']; $natif = $FilterIflist[$natif]['if']; if($natif) @@ -936,7 +1001,7 @@ function filter_nat_rules_generate() { $dst = $obent['destination']['address']; if(!$obent['interface']) $natif = "wan"; - else + else $natif = $obent['interface']; if (!isset($FilterIflist[$natif])) @@ -965,7 +1030,7 @@ function filter_nat_rules_generate() { foreach ($config['staticroutes']['route'] as $route) { $netip = explode("/", $route['network']); if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { + foreach($config['gateways']['gateway_item'] as $gateway) { if($route['gateway'] == $gateway['name']) { $gatewayip = $gateway['gateway']; $interfacegw = $gateway['interface']; @@ -1018,7 +1083,7 @@ function filter_nat_rules_generate() { } } /* add openvpn interfaces */ - if(is_array($config['openvpn']['openvpn-server'])) { + if(is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { if (!empty($ovpnsrv['tunnel_network'])) { $numberofnathosts++; @@ -1026,7 +1091,7 @@ function filter_nat_rules_generate() { } } } - if(is_array($config['openvpn']['openvpn-client'])) { + if(is_array($config['openvpn']['openvpn-client'])) { foreach ($config['openvpn']['openvpn-client'] as $ovpnsrv) { if (!empty($ovpnsrv['tunnel_network'])) { $numberofnathosts++; @@ -1038,7 +1103,7 @@ function filter_nat_rules_generate() { if($numberofnathosts > 4) { $natrules .= "table <tonatsubnets> { {$tonathosts} }\n"; $macroortable = "<tonatsubnets>"; - } else if($numberofnathosts > 0) { + } else if($numberofnathosts > 0) { $natrules .= "tonatsubnets = \"{ {$tonathosts} }\"\n"; $macroortable = "\$tonatsubnets"; } @@ -1056,7 +1121,7 @@ function filter_nat_rules_generate() { "{$macroortable}", null, "", null, $target, null, isset($ifcfg['nonat'])); $natrules .= "\n"; } - } + } endif; } @@ -1081,7 +1146,7 @@ function filter_nat_rules_generate() { $direct_networks_list = filter_get_direct_networks_list(); if($vpns_list) $natrules .= "table <vpns> { $vpns_list }\n"; - if($direct_networks_list) + if($direct_networks_list) $natrules .= "table <direct_networks> { $direct_networks_list }\n"; /* DIAG: add ipv6 NAT, if requested */ @@ -1097,7 +1162,7 @@ function filter_nat_rules_generate() { // Open inetd.conf write handle $inetd_fd = fopen("/var/etc/inetd.conf","w"); /* add tftp protocol helper */ - fwrite($inetd_fd, "tftp-proxy\tdgram\tudp\twait\t\troot\t/usr/local/sbin/tftp-proxy\ttftp-proxy -v\n"); + fwrite($inetd_fd, "tftp-proxy\tdgram\tudp\twait\t\troot\t/usr/libexec/tftp-proxy\ttftp-proxy -v\n"); if(isset($config['nat']['rule'])) { if(!isset($config['system']['disablenatreflection'])) { @@ -1107,101 +1172,91 @@ function filter_nat_rules_generate() { $natrules .= "# NAT Inbound Redirects\n"; foreach ($config['nat']['rule'] as $rule) { update_filter_reload_status("Creating NAT rule {$rule['descr']}"); + + if(isset($rule['disabled'])) + continue; + + if (strtolower($rule['protocol']) == "tcp/udp") + $protocol = "{ tcp udp }"; + else + $protocol = strtolower($rule['protocol']); + /* if item is an alias, expand */ - $extport = ""; - $extport[0] = alias_expand($rule['external-port']); - if(!$extport[0]) - $extport = explode("-", $rule['external-port']); + $srcport = ""; + $srcport[0] = alias_expand($rule['source']['port']); + if(!$srcport[0]) + $srcport = explode("-", $rule['source']['port']); + + /* if item is an alias, expand */ + $dstport = ""; + $dstport[0] = alias_expand($rule['destination']['port']); + if(!$dstport[0]) + $dstport = explode("-", $rule['destination']['port']); + /* if item is an alias, expand */ $localport = alias_expand($rule['local-port']); - if(!$localport) + if(!$localport || $rule['destination']['port'] == $rule['local-port']) { $localport = ""; - else + } else { + if(($dstport[1]) && ($dstport[0] != $dstport[1])) { + $localendport = $localport + ($dstport[1] - $dstport[0]); + + $localport .= ":$localendport"; + } + $localport = " port {$localport}"; + } + $target = alias_expand($rule['target']); if(!$target) { $natrules .= "# Unresolvable alias {$rule['target']}\n"; continue; /* unresolvable alias */ } + if($rule['associated-rule-id'] == "pass") - $rdrpass = "pass"; + $rdrpass = "pass "; else - $rdrpass = ""; + $rdrpass = ""; if(!$rule['interface']) - $natif = "wan"; - else - $natif = $rule['interface']; + $natif = "wan"; + else + $natif = $rule['interface']; if (!isset($FilterIflist[$natif])) continue; - $extaddr = alias_expand($rule['external-address']); - if($rule['external-address'] == "any") - $extaddr = "any"; - if(!$extaddr) - $extaddr = $FilterIflist[$natif]['ip']; + $srcaddr = filter_generate_address($rule, 'source', true); + $dstaddr = filter_generate_address($rule, 'destination', true); + + if(!$dstaddr) + $dstaddr = $FilterIflist[$natif]['ip']; + $natif = $FilterIflist[$natif]['if']; - if($extaddr <> "") { + if (isset($rule['nordr'])) + $nordr = "no "; + else + $nordr = ""; + + if($srcaddr <> "" && $dstaddr <> "") { /* is rule a port range? */ - if((!$extport[1]) || ($extport[0] == $extport[1])) { - - switch ($rule['protocol']) { - case "tcp/udp": - if($natif) { - if($rule['external-port'] <> $rule['local-port']) - $natrules .= "{$nordr} rdr {$rdrpass} on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]} -> {$target}{$localport}"; - else - $natrules .= "{$nordr} rdr {$rdrpass} on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]} -> {$target}"; - } - break; - case "udp": - case "tcp": - if($extport[0]) - if($natif) { - if($rule['external-port'] <> $rule['local-port']) - $natrules .= "rdr {$rdrpass} on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]} -> {$target}{$localport}"; - else - $natrules .= "rdr {$rdrpass} on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]} -> {$target}"; - } - else - if($natif) - $natrules .= "rdr {$rdrpass} on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}{$localport}"; - break; - default: - $natrules .= "rdr {$rdrpass} on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}"; - break; - } - } else { - switch ($rule['protocol']) { - case "tcp/udp": - if($natif) - $natrules .= "{$nordr} rdr {$rdrpass} on $natif proto { tcp udp } from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target}{$localport}:*"; - break; - case "udp": - case "tcp": - if($natif) - $natrules .= "{$nordr} rdr {$rdrpass} on $natif proto {$rule['protocol']} from any to {$extaddr} port {$extport[0]}:{$extport[1]} -> {$target}{$localport}:*"; - break; - default: - if($natif) - $natrules .= "{$nordr} rdr {$rdrpass} on $natif proto {$rule['protocol']} from any to {$extaddr} -> {$target}"; - } - } + if($natif) + $natrules .= "{$nordr}rdr {$rdrpass}on {$natif} proto {$protocol} from {$srcaddr} to {$dstaddr}" . ($nordr == "" ? " -> {$target}{$localport}" : ""); + /* Does this rule redirect back to a internal host? */ - if($extaddr == "any" && !interface_has_gateway($rule['interface'])) { + if($dstaddr == "any" && !interface_has_gateway($rule['interface'])) { $rule_interface_ip = find_interface_ip($natif); $rule_interface_subnet = find_interface_subnet($natif); $rule_subnet = gen_subnet($rule_interface_ip, $rule_interface_subnet); $natrules .= "\n"; $natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n"; - $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$extport[0]} -> ({$natif})\n"; + $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n"; } - $natrules .= filter_generate_reflection($rule, $extport, $starting_localhost_port, $reflection_rules); + $natrules .= filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, $starting_localhost_port, $reflection_rules); $natrules .= "\n"; foreach ($reflection_rules as $txtline) - fwrite($inetd_fd, $txtline); + fwrite($inetd_fd, $txtline); } } } @@ -1219,12 +1274,12 @@ function filter_nat_rules_generate() { else if($pptpdcfg['mode'] == "redir") $pptpdtarget = $pptpdcfg['redir']; if($pptpdcfg['mode'] == "redir" && is_array($FilterIflist['wan'])) { - /* + /* * NB: ermal -- the rdr rule below is commented out now that we have a solution - * for PPTP passthrough. This unbreaks other GRE traffic passing - * through pfSense. + * for PPTP passthrough. This unbreaks other GRE traffic passing + * through pfSense. * After some more testing this will be removed compeletely. - */ + */ $natrules .= <<<EOD # PPTP @@ -1259,97 +1314,101 @@ function filter_generate_user_rule_arr($rule) { return $ret; } -function filter_generate_address(& $rule, $target = "source") { +function filter_generate_address(& $rule, $target = "source", $isnat = false) { global $FilterIflist; $src = ""; if(isset($rule[$target]['any'])) { - $src = "any"; - } else if($rule[$target]['network']) { - if(strstr($rule[$target]['network'], "opt")) { - $optmatch = ""; + $src = "any"; + } else if($rule[$target]['network']) { + if(strstr($rule[$target]['network'], "opt")) { + $optmatch = ""; $matches = ""; if(preg_match("/opt([0-9]*)/", $rule[$target]['network'], $optmatch)) { - $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ip']; - if(!is_ipaddr($opt_ip)) - return ""; - $src = $opt_ip . "/" . - $FilterIflist["opt{$optmatch[1]}"]['sn']; - /* check for opt$NUMip here */ - } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { - $src = $FilterIflist["opt{$matches[1]}"]['ip']; + $opt_ip = $FilterIflist["opt{$optmatch[1]}"]['ip']; + if(!is_ipaddr($opt_ip)) + return ""; + $src = $opt_ip . "/" . + $FilterIflist["opt{$optmatch[1]}"]['sn']; + /* check for opt$NUMip here */ + } else if(preg_match("/opt([0-9]*)ip/", $rule[$target]['network'], $matches)) { + $src = $FilterIflist["opt{$matches[1]}"]['ip']; if(!is_ipaddr($src)) return ""; - } + } if(isset($rule[$target]['not'])) $src = " !{$src}"; - } else { - switch ($rule[$target]['network']) { - case 'wan': - $wansa = $FilterIflist['wan']['sa']; - $wansn = $FilterIflist['wan']['sn']; - $src = "{$wansa}/{$wansn}"; - break; - case 'wanip': - $src = $FilterIflist["wan"]['ip']; - break; - case 'lanip': - $src = $FilterIflist["lan"]['ip']; - break; - case 'lan': - $lansa = $FilterIflist['lan']['sa']; - $lansn = $FilterIflist['lan']['sn']; - $src = "{$lansa}/{$lansn}"; - break; - case 'pptp': - $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']); - $pptpsn = $FilterIflist['pptp']['sn']; - $src = "{$pptpsa}/{$pptpsn}"; - break; - case 'pppoe': - $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); - $pppoesn = $FilterIflist['pppoe']['sn']; - $src = "{$pppoesa}/{$pppoesn}"; - break; - } - if(isset($rule[$target]['not'])) $src = "!{$src}"; - } + } else { + switch ($rule[$target]['network']) { + case 'wan': + $wansa = $FilterIflist['wan']['sa']; + $wansn = $FilterIflist['wan']['sn']; + $src = "{$wansa}/{$wansn}"; + break; + case 'wanip': + $src = $FilterIflist["wan"]['ip']; + break; + case 'lanip': + $src = $FilterIflist["lan"]['ip']; + break; + case 'lan': + $lansa = $FilterIflist['lan']['sa']; + $lansn = $FilterIflist['lan']['sn']; + $src = "{$lansa}/{$lansn}"; + break; + case 'pptp': + $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']); + $pptpsn = $FilterIflist['pptp']['sn']; + $src = "{$pptpsa}/{$pptpsn}"; + break; + case 'pppoe': + $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); + $pppoesn = $FilterIflist['pppoe']['sn']; + $src = "{$pppoesa}/{$pppoesn}"; + break; + } + if(isset($rule[$target]['not'])) $src = "!{$src}"; + } } else if($rule[$target]['address']) { - $expsrc = alias_expand($rule[$target]['address']); - if(isset($rule[$target]['not'])) - $not = "!"; - else - $not = ""; + $expsrc = alias_expand($rule[$target]['address']); + if(isset($rule[$target]['not'])) + $not = "!"; + else + $not = ""; $src = " {$not} {$expsrc}"; - } + } if(in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) { - if($rule[$target]['port']) { - $srcport = explode("-", $rule[$target]['port']); + if($rule[$target]['port']) { + $srcport = explode("-", $rule[$target]['port']); $srcporta = alias_expand($srcport[0]); if(!$srcporta) log_error("filter_generate_address: {$srcport[0]} is not a valid source port."); - else if((!$srcport[1]) || ($srcport[0] == $srcport[1])) { + else if((!$srcport[1]) || ($srcport[0] == $srcport[1])) { $src .= " port {$srcporta} "; - } else if(($srcport[0] == 1) && ($srcport[1] == 65535)) { - /* no need for a port statement here */ - } else if(is_port($srcporta) && $srcport[1] == 65535) { - $src .= " port >= {$srcporta} "; - } else if($srcport[0] == 1) { - $src .= " port <= {$srcport[1]} "; - } else { - $srcport[0]--; - $srcport[1]++; - $src .= " port {$srcport[0]} >< {$srcport[1]} "; - } - } - } + } else if(($srcport[0] == 1) && ($srcport[1] == 65535)) { + /* no need for a port statement here */ + } else if ($isnat) { + $src .= " port {$srcport[0]}:{$srcport[1]}"; + } else { + if(is_port($srcporta) && $srcport[1] == 65535) { + $src .= " port >= {$srcporta} "; + } else if($srcport[0] == 1) { + $src .= " port <= {$srcport[1]} "; + } else { + $srcport[0]--; + $srcport[1]++; + $src .= " port {$srcport[0]} >< {$srcport[1]} "; + } + } + } + } return $src; } function filter_generate_user_rule($rule) { - global $config, $g, $FilterIflist, $GatewaysList, $GatewayGroupsList; + global $config, $g, $FilterIflist; global $layer7_rules_list; if(isset($config['system']['developerspew'])) { @@ -1370,7 +1429,7 @@ function filter_generate_user_rule($rule) { $interfaces = explode(",", $rule['interface']); $ifliste = ""; foreach ($interfaces as $iface) { - if(array_key_exists($iface, $FilterIflist)) + if(array_key_exists($iface, $FilterIflist)) $ifliste .= " " . $FilterIflist[$iface]['if'] . " "; } if($ifliste <> "") @@ -1388,7 +1447,7 @@ function filter_generate_user_rule($rule) { $ifcfg = $FilterIflist[$rule['interface']]; if($pptpdcfg['mode'] != "server") { if(($rule['source']['network'] == "pptp") || - ($rule['destination']['network'] == "pptp")) + ($rule['destination']['network'] == "pptp")) return "# source network or destination network == pptp on " . $rule['descr']; } @@ -1409,7 +1468,7 @@ function filter_generate_user_rule($rule) { } if($type == "reject") { $aline['type'] = "block return "; - } else + } else $aline['type'] = $type . " "; if(isset($rule['floating']) && $rule['floating'] == "yes") { if($rule['direction'] != "any") @@ -1439,59 +1498,8 @@ function filter_generate_user_rule($rule) { } /* if user has selected a custom gateway, lets work with it */ else if($rule['gateway'] <> "") { - $foundlb = 0; - $routeto = " route-to { "; - update_filter_reload_status("Creating gateway group item..."); - if(is_array($GatewayGroupsList[$rule['gateway']])) { - $gateway = $rule['gateway']; - $members = $GatewayGroupsList[$rule['gateway']]; - $member_count = count($members); - foreach($members as $member) { - $int = $member['int']; - $gatewayip = $member['gwip']; - if(($int <> "") && is_ipaddr($gatewayip)) { - if($g['debug']) - log_error("Setting up route with {$gatewayip} om $int"); - if($foundlb == 1) - $routeto .= ", "; - $routeto .= "( {$int} {$gatewayip} ) "; - $foundlb = 1; - } else { - log_error("An error occurred while trying to find the interface got $gatewayip . The rule has not been added."); - } - } - /* If we want failover just use route-to else round-robin */ - if($member_count == 1) { - $routeto .= "} "; - } else { - $routeto .= "} round-robin "; - if(isset($config['system']['lb_use_sticky'])) - $routeto .= " sticky-address "; - } - } /* Add the load balanced gateways */ - if($foundlb == 1) - $aline['route'] = $routeto; - - /* we're not using load balancing, just setup gateway */ - else if($foundlb == 0) { - $gateway = $rule['gateway']; - if(!is_ipaddr($gateway)) { - $gwip = $GatewaysList[$gateway]['gateway']; - if($GatewaysList[$gateway]['interface']) - $int = $GatewaysList[$gateway]['interface']; - else - $int = ""; - } else { - $gwip = $gateway; - $int = guess_interface_from_ip($gwip); - } - if((is_ipaddr($gwip)) && ($int <> "")) { - $aline['route'] = " route-to ( {$int} {$gwip} ) "; - } else { - log_error("Could not find gateway ({$rule['gateway']}) for rule {$rule['descr']} - {$rule['interface']}."); - } - } + $aline['route'] = " \$GW{$rule['gateway']} "; } if(isset($rule['protocol'])) { @@ -1506,7 +1514,7 @@ function filter_generate_user_rule($rule) { $aline['prot'] = " proto tcp "; } update_filter_reload_status("Creating rule {$rule['descr']}"); - + /* source address */ $src = filter_generate_address($rule, "source"); if(empty($src) || ($src == "/")) { @@ -1581,7 +1589,7 @@ function filter_generate_user_rule($rule) { if($noadvoptions == false || $l7_present) if( isset($rule['source-track']) and $rule['source-track'] <> "" or - isset($rule['max']) and $rule['max'] <> "" or + isset($rule['max']) and $rule['max'] <> "" or isset($rule['max-src-nodes']) and $rule['max-src-nodes'] <> "" or isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "" or isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "" or @@ -1602,14 +1610,16 @@ function filter_generate_user_rule($rule) { $aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " "; if(isset($rule['statetimeout']) and $rule['statetimeout'] <> "") $aline['flags'] .= "tcp.established " . $rule['statetimeout'] . " "; - if(isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "" - and isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "") { + if(isset($rule['max-src-conn-rate']) + and $rule['max-src-conn-rate'] <> "" + and isset($rule['max-src-conn-rates']) + and $rule['max-src-conn-rates'] <> "") { $aline['flags'] .= "max-src-conn-rate " . $rule['max-src-conn-rate'] . " "; $aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global "; } - if(!empty($aline['divert'])) + if(!empty($aline['divert'])) $aline['flags'] .= "max-packets 5 "; - + $aline['flags'] .= " ) "; } } @@ -1638,22 +1648,22 @@ function filter_generate_user_rule($rule) { } /* is a time based rule schedule attached? */ - if(!empty($rule['sched']) && !empty($config['schedules'])) { + if(!empty($rule['sched']) && !empty($config['schedules'])) { $aline['schedlabel'] = ""; - foreach ($config['schedules']['schedule'] as $sched) { - if($sched['name'] == $rule['sched']) { - if(!filter_get_time_based_rule_status($sched)) { + foreach ($config['schedules']['schedule'] as $sched) { + if($sched['name'] == $rule['sched']) { + if(!filter_get_time_based_rule_status($sched)) { if(!isset($config['system']['schedule_states'])) - mwexec("/sbin/pfctl -y {$sched['schedlabel']}"); - return "# schedule finished - {$rule['descr']}"; - } else if($g['debug']) - log_error("[TDR DEBUG] status true -- rule type '$type'"); + mwexec("/sbin/pfctl -y {$sched['schedlabel']}"); + return "# schedule finished - {$rule['descr']}"; + } else if($g['debug']) + log_error("[TDR DEBUG] status true -- rule type '$type'"); $aline['schedlabel'] = " schedule \"{$sched['schedlabel']}\" "; - break; - } - } - } + break; + } + } + } $line = ""; /* exception(s) to a user rules can go here. */ @@ -1674,14 +1684,14 @@ function filter_generate_user_rule($rule) { $aline['reply'] . $aline['route'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] . $aline['divert'] . $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'] . $aline['schedlabel']; - + return $line; } function filter_rules_generate() { global $config, $g, $FilterIflist, $time_based_rules; - + update_filter_reload_status("Creating default rules"); if(isset($config['system']['developerspew'])) { $mt = microtime(); @@ -1691,32 +1701,32 @@ function filter_rules_generate() { $pptpdcfg = $config['pptpd']; $pppoecfg = $config['pppoe']; - $ipfrules .= discover_pkg_rules("filter"); + //$ipfrules .= discover_pkg_rules("filter"); /* if captive portal is enabled, ensure that access to this port * is allowed on a locked down interface */ if(isset($config['captiveportal']['enable'])) { $cpinterfaces = explode(",", $config['captiveportal']['interface']); - $cpiflist = array(); + $cpiflist = array(); $cpiplist = array(); - foreach ($cpinterfaces as $cpifgrp) { - if(!isset($FilterIflist[$cpifgrp])) - continue; - $tmpif = get_real_interface($cpifgrp); - if(!empty($tmpif)) { - $cpiflist[] = "{$tmpif}"; - $cpipm = get_interface_ip($cpifgrp); - if(is_ipaddr($cpipm)) - $cpiplist[] = $cpipm; - } - } - if (count($cpiplist) > 0 && count($cpiflist) > 0) { - $cpinterface = implode(" ", $cpiflist); - $cpaddresses = implode(" ", $cpiplist); - $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; - $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from { {$cpaddresses} } port { 8000 8001 } to any keep state(sloppy)\n"; - } + foreach ($cpinterfaces as $cpifgrp) { + if(!isset($FilterIflist[$cpifgrp])) + continue; + $tmpif = get_real_interface($cpifgrp); + if(!empty($tmpif)) { + $cpiflist[] = "{$tmpif}"; + $cpipm = get_interface_ip($cpifgrp); + if(is_ipaddr($cpipm)) + $cpiplist[] = $cpipm; + } + } + if (count($cpiplist) > 0 && count($cpiflist) > 0) { + $cpinterface = implode(" ", $cpiflist); + $cpaddresses = implode(" ", $cpiplist); + $ipfrules .= "pass in quick on { {$cpinterface} } proto tcp from any to { {$cpaddresses} } port { 8000 8001 } keep state(sloppy)\n"; + $ipfrules .= "pass out quick on { {$cpinterface} } proto tcp from { {$cpaddresses} } port { 8000 8001 } to any keep state(sloppy)\n"; + } } /* relayd */ $ipfrules .= "anchor \"relayd/*\"\n"; @@ -1741,14 +1751,14 @@ block quick proto { tcp, udp } from any to any port = 0 EOD; - if(!isset($config['system']['ipv6allow'])) { - $ipfrules .= "# Block all IPv6\n"; - $ipfrules .= "block in quick inet6 all\n"; - $ipfrules .= "block out quick inet6 all\n"; - } + if(!isset($config['system']['ipv6allow'])) { + $ipfrules .= "# Block all IPv6\n"; + $ipfrules .= "block in quick inet6 all\n"; + $ipfrules .= "block out quick inet6 all\n"; + } + + $ipfrules .= <<<EOD - $ipfrules .= <<<EOD - # snort2c block quick from <snort2c> to any label "Block snort2c hosts" block quick from any to <snort2c> label "Block snort2c hosts" @@ -1767,15 +1777,15 @@ EOD; $ipfrules .= filter_process_carp_rules(); - $ipfrules .= "\n# SSH lockout\n"; - if(is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port'])) { - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port "; - $ipfrules .= $config['system']['ssh']['port']; - $ipfrules .= " label \"sshlockout\"\n"; - } else { + $ipfrules .= "\n# SSH lockout\n"; + if(is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port'])) { + $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port "; + $ipfrules .= $config['system']['ssh']['port']; + $ipfrules .= " label \"sshlockout\"\n"; + } else { if($config['system']['ssh']['port'] <> "") $sshport = $config['system']['ssh']['port']; - else + else $sshport = 22; $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port {$sshport} label \"sshlockout\"\n"; } @@ -1818,7 +1828,7 @@ EOD; if(isset($config['interfaces'][$on]['blockpriv'])) { if($isbridged == false) { $ipfrules .= <<<EOD -# block anything from private networks on interfaces with the option set +# block anything from private networks on interfaces with the option set antispoof for \${$oc['descr']} block in $log quick on \${$oc['descr']} from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block in $log quick on \${$oc['descr']} from 127.0.0.0/8 to any label "block private networks from wan block 127/8" @@ -1870,7 +1880,7 @@ EOD; break; } } - /* + /* * NB: The loopback rules are needed here since the antispoof would take precedence then. * If you ever add the 'quick' keyword to the antispoof rules above move the looback * rules before them. @@ -1897,12 +1907,12 @@ EOD; continue; $gw = get_interface_gateway($ifdescr); if (is_ipaddr($gw) && is_ipaddr($ifcfg['ip'])) - $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to any keep state allow-opts label \"let out anything from firewall host itself\"\n"; + $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n"; } /* add ipsec interfaces */ - if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) + if(isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) $ipfrules .= <<<EOD pass out on \$IPsec all keep state label "IPsec internal host to host" @@ -1910,7 +1920,7 @@ EOD; /* pass traffic between statically routed subnets and the subnet on the * interface in question to avoid problems with complicated routing - * topologies + * topologies */ if(isset($config['filter']['bypassstaticroutes']) && is_array($config['staticroutes']['route']) && count($config['staticroutes']['route'])) { $ipfrules .= "anchor \"staticrouted\" \n"; @@ -1939,7 +1949,7 @@ EOD; if(!isset($config['system']['webgui']['noantilockout'])) { if(count($config['interfaces']) > 1 && !empty($FilterIflist['lan']['if'])) { /* if antilockout is enabled, LAN exists and has - * an IP and subnet mask assigned + * an IP and subnet mask assigned */ $lanif = $FilterIflist["lan"]['if']; $ipfrules .= <<<EOD @@ -1958,7 +1968,7 @@ pass in quick on {$wanif} from any to ({$wanif}) keep state label "anti-lockout EOD; } - } + } /* PPTPd enabled? */ if($pptpdcfg['mode'] && ($pptpdcfg['mode'] != "off")) { if($pptpdcfg['mode'] == "server") @@ -1995,7 +2005,7 @@ EOD; /* Pre-cache all our rules so we only have to generate them once */ $rule_arr1 = array(); $rule_arr2 = array(); - /* + /* * NB: Floating rules need to be written before regular once. */ foreach ($config['filter']['rule'] as $rule) { @@ -2006,7 +2016,7 @@ EOD; } else { $rule_arr2[] = filter_generate_user_rule_arr($rule); } - if($rule['sched']) + if($rule['sched']) $time_based_rules = true; } } @@ -2026,7 +2036,7 @@ EOD; update_filter_reload_status("Creating IPsec rules..."); $ipfrules .= filter_generate_ipsec_rules(); - $ipfrules .= <<<EOD + $ipfrules .= <<<EOD # package manager late specific hook anchor "packagelate" @@ -2038,7 +2048,7 @@ anchor "limitingesr" anchor "miniupnpd" EOD; - + return $ipfrules; } @@ -2068,50 +2078,51 @@ function tdr_install_cron($should_install) { * none ******/ function filter_tdr_install_cron($should_install) { - global $config, $g; + global $config, $g; - if($g['booting']==true) - return; + if($g['booting']==true) + return; - $is_installed = false; + $is_installed = false; - if(!$config['cron']['item']) - return; + if(!$config['cron']['item']) + return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "filter_configure_sync")) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "0,15,30,45"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/etc/rc.filter_configure_sync"; - $config['cron']['item'][] = $cron_item; - write_config("Installed 15 minute filter reload for Time Based Rules"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - } - configure_cron(); - } - break; - } + $x=0; + foreach($config['cron']['item'] as $item) { + if(strstr($item['command'], "filter_configure_sync")) { + $is_installed = true; + break; + } + $x++; + } + + switch($should_install) { + case true: + if(!$is_installed) { + $cron_item = array(); + $cron_item['minute'] = "0,15,30,45"; + $cron_item['hour'] = "*"; + $cron_item['mday'] = "*"; + $cron_item['month'] = "*"; + $cron_item['wday'] = "*"; + $cron_item['who'] = "root"; + $cron_item['command'] = "/etc/rc.filter_configure_sync"; + $config['cron']['item'][] = $cron_item; + write_config("Installed 15 minute filter reload for Time Based Rules"); + configure_cron(); + } + break; + case false: + if($is_installed == true) { + if($x > 0) { + unset($config['cron']['item'][$x]); + write_config(); + } + configure_cron(); + } + break; + } } /****f* filter/filter_get_time_based_rule_status @@ -2141,132 +2152,132 @@ function filter_tdr_install_cron($should_install) { </schedules> */ function filter_get_time_based_rule_status($schedule) { - $should_add_rule = false; - /* no schedule? rule should be installed */ - if(empty($schedule)) - return true; - /* - * iterate through time blocks and determine - * if the rule should be installed or not. - */ - foreach($schedule['timerange'] as $timeday) { - if($timeday['month']) - $month = $timeday['month']; - else - $week = ""; - if($timeday['day']) - $day = $timeday['day']; - else - $day = ""; - if($timeday['hour']) - $hour = $timeday['hour']; - else - $hour = ""; - if($timeday['position']) - $position = $timeday['position']; - else - $position = ""; - if($timeday['desc']) - $desc = $timeday['desc']; - else - $desc = ""; - if($month) { - $monthstatus = filter_tdr_month($month); - } else { - $monthstatus = true; - } - if($day) { - $daystatus = filter_tdr_day($day); - } else { - $daystatus = true; - } - if($hour) { - $hourstatus = filter_tdr_hour($hour); - } else { - $hourstatus = true; - } - if($position) { - $positionstatus = filter_tdr_position($position); - } else { - $positionstatus = true; - } - - if($monthstatus == true && $daystatus == true && $positionstatus == true && $hourstatus == true) + $should_add_rule = false; + /* no schedule? rule should be installed */ + if(empty($schedule)) + return true; + /* + * iterate through time blocks and determine + * if the rule should be installed or not. + */ + foreach($schedule['timerange'] as $timeday) { + if($timeday['month']) + $month = $timeday['month']; + else + $week = ""; + if($timeday['day']) + $day = $timeday['day']; + else + $day = ""; + if($timeday['hour']) + $hour = $timeday['hour']; + else + $hour = ""; + if($timeday['position']) + $position = $timeday['position']; + else + $position = ""; + if($timeday['desc']) + $desc = $timeday['desc']; + else + $desc = ""; + if($month) { + $monthstatus = filter_tdr_month($month); + } else { + $monthstatus = true; + } + if($day) { + $daystatus = filter_tdr_day($day); + } else { + $daystatus = true; + } + if($hour) { + $hourstatus = filter_tdr_hour($hour); + } else { + $hourstatus = true; + } + if($position) { + $positionstatus = filter_tdr_position($position); + } else { + $positionstatus = true; + } + + if($monthstatus == true && $daystatus == true && $positionstatus == true && $hourstatus == true) $should_add_rule = true; - } + } - return $should_add_rule; + return $should_add_rule; } function filter_tdr_day($schedule) { global $g; - /* - * Calculate day of month. - * IE: 29th of may - */ - $weekday = date("w"); - if($weekday == 0) - $weekday = 7; - $date = date("d"); - $defined_days = split(",", $schedule); + /* + * Calculate day of month. + * IE: 29th of may + */ + $weekday = date("w"); + if($weekday == 0) + $weekday = 7; + $date = date("d"); + $defined_days = split(",", $schedule); if($g['debug']) - log_error("[TDR DEBUG] filter_tdr_day($schedule)"); - foreach($defined_days as $dd) { - if($date == $dd) - return true; - } - return false; + log_error("[TDR DEBUG] filter_tdr_day($schedule)"); + foreach($defined_days as $dd) { + if($date == $dd) + return true; + } + return false; } function filter_tdr_hour($schedule) { global $g; - /* $schedule should be a string such as 16:00-19:00 */ - $tmp = split("-", $schedule); - $starting_time = strtotime($tmp[0]); - $ending_time = strtotime($tmp[1]); - $now = strtotime("now"); + /* $schedule should be a string such as 16:00-19:00 */ + $tmp = split("-", $schedule); + $starting_time = strtotime($tmp[0]); + $ending_time = strtotime($tmp[1]); + $now = strtotime("now"); if($g['debug']) - log_error("[TDR DEBUG] S: $starting_time E: $ending_time N: $now"); - if($now >= $starting_time and $now <= $ending_time) - return true; - return false; + log_error("[TDR DEBUG] S: $starting_time E: $ending_time N: $now"); + if($now >= $starting_time and $now <= $ending_time) + return true; + return false; } function filter_tdr_position($schedule) { global $g; - /* - * Calculate possition, ie: day of week. - * Sunday = 7, Monday = 1, Tuesday = 2 - * Weds = 3, Thursday = 4, Friday = 5, - * Saturday = 6 - * ... - */ - $weekday = date("w"); + /* + * Calculate possition, ie: day of week. + * Sunday = 7, Monday = 1, Tuesday = 2 + * Weds = 3, Thursday = 4, Friday = 5, + * Saturday = 6 + * ... + */ + $weekday = date("w"); if($g['debug']) - log_error("[TDR DEBUG] filter_tdr_position($schedule) $weekday"); - if($weekday == 0) - $weekday = 7; - $schedule_days = split(",", $schedule); - foreach($schedule_days as $day) { - if($day == $weekday) - return true; - } - return false; + log_error("[TDR DEBUG] filter_tdr_position($schedule) $weekday"); + if($weekday == 0) + $weekday = 7; + $schedule_days = split(",", $schedule); + foreach($schedule_days as $day) { + if($day == $weekday) + return true; + } + return false; } function filter_tdr_month($schedule) { global $g; - /* - * Calculate month - */ - $todays_month = date("n"); - $months = split(",", $schedule); + /* + * Calculate month + */ + $todays_month = date("n"); + $months = split(",", $schedule); if($g['debug']) - log_error("[TDR DEBUG] filter_tdr_month($schedule)"); - foreach($months as $month) { - if($month == $todays_month) - return true; - } - return false; + log_error("[TDR DEBUG] filter_tdr_month($schedule)"); + foreach($months as $month) { + if($month == $todays_month) + return true; + } + return false; } function filter_setup_logging_interfaces() { @@ -2277,13 +2288,13 @@ function filter_setup_logging_interfaces() { } $rules = ""; foreach ($FilterIflist as $ifdescr => $ifcfg) { - /* + /* * XXX: This should be cleared out after a discussion - * between pf(4) devs is cleared out. This breaks + * between pf(4) devs is cleared out. This breaks * compatibility with OpenBSD. - */ + */ if(isset($ifcfg['virtual'])) - continue; + continue; $rules .= "set loginterface {$ifcfg['if']}\n"; } return $rules; @@ -2297,7 +2308,7 @@ function filter_process_carp_nat_rules() { echo "filter_process_carp_nat_rules() being called $mt\n"; } $lines = ""; - if(isset($config['installedpackages']['carp']['config']) && + if(isset($config['installedpackages']['carp']['config']) && is_array($config['installedpackages']['carp']['config'])) { foreach($config['installedpackages']['carp']['config'] as $carp) { $ip = $carp['ipaddress']; @@ -2336,7 +2347,7 @@ function filter_process_carp_rules() { /* Generate IPSEC Filter Items */ function filter_generate_ipsec_rules() { - global $config, $g, $FilterIflist, $GatewaysList; + global $config, $g, $FilterIflist; if(isset($config['system']['developerspew'])) { $mt = microtime(); @@ -2350,8 +2361,8 @@ function filter_generate_ipsec_rules() { else exec("/sbin/sysctl net.inet.ipcomp.ipcomp_enable=0"); - if(isset($config['ipsec']['enable']) && - is_array($config['ipsec']['phase1'])) { + if(isset($config['ipsec']['enable']) && + is_array($config['ipsec']['phase1'])) { /* step through all phase1 entries */ foreach ($config['ipsec']['phase1'] as $ph1ent) { if(isset ($ph1ent['disabled'])) @@ -2403,7 +2414,7 @@ function filter_generate_ipsec_rules() { if(!is_ipaddr($gateway) || empty($interface)) { $route_to = " "; $reply_to = " "; - } else { + } else { $route_to = " route-to ( $interface $gateway ) "; $reply_to = " reply-to ( $interface $gateway ) "; } @@ -2446,11 +2457,11 @@ EOD; function discover_pkg_rules($ruletype) { global $config, $g; - if(!is_dir("/usr/local/pkg")) + if(!is_dir("/usr/local/pkg")) return ""; $files = split("\n", trim(`ls /usr/local/pkg/*.inc`)); foreach($files as $pkg_inc) { - if($pkg_inc == "ls: No match.") + if($pkg_inc == "ls: No match.") continue; update_filter_reload_status("Checking for {$ruletype} PF hooks in package {$pkg_inc}"); require_once($pkg_inc); @@ -2472,4 +2483,5 @@ function discover_pkg_rules($ruletype) { return $rules; } -?>
\ No newline at end of file +// vim: ts=4 sw=4 noexpandtab +?> diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index 76548d0..86d50f9 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -88,7 +88,7 @@ $g = array( "disablehelpmenu" => false, "disablehelpicon" => false, "debug" => false, - "latest_config" => "6.1", + "latest_config" => "6.2", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "105", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index 3d95678..3506869 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -60,8 +60,8 @@ function setup_gateways_monitor() { # pfSense apinger configuration file. Automatically Generated! ## User and group the pinger should run as -user "nobody" -group "nobody" +user "root" +group "wheel" ## Mailer to use (default: "/usr/lib/sendmail -t") #mailer "/var/qmail/bin/qmail-inject" @@ -299,7 +299,7 @@ function return_gateways_array($disabled = false) { $gateway['gateway'] = get_interface_gateway($ifname, $gateway['dynamic']); $gateway['interface'] = get_real_interface($ifname); $gateway['friendlyiface'] = $ifname; - $gateway['name'] = "{$ifname}"; + $gateway['name'] = "{$friendly}"; $gateway['attribute'] = "system"; /* Loopback dummy for dynamic interfaces without a IP */ @@ -309,10 +309,12 @@ function return_gateways_array($disabled = false) { /* automatically skip known static and dynamic gateways we have a array entry for */ foreach($gateways_arr as $gateway_item) { - if($gateway_item['gateway'] == $gateway['gateway'] && ($ifname == $gateway_item['friendlyiface'])) - continue 2; - if(($gateway_item['gateway'] == "dynamic") && ($ifname == $gateway_item['friendlyiface'])) - continue 2; + if ($ifname == $gateway_item['friendlyiface'] || $friendly == $gateway_item['name']) { + if ($gateway_item['gateway'] == $gateway['gateway']) + continue 2; + if ($gateway_item['gateway'] == "dynamic") + continue 2; + } } /* retrieve a proper monitor IP? */ @@ -403,22 +405,21 @@ function return_gateway_groups_array() { /* we do not really foreach the tiers as we stop after the first tier */ foreach($tiers as $tiernr => $tier) { /* process all gateways in this tier */ - $member_count = count($tier); foreach($tier as $tiernr => $member) { /* determine interface gateway */ - foreach($gateways_arr as $name => $gateway) { - if($gateway['name'] == $member) { - $int = $gateway['interface']; - if(is_ipaddr($gateway['gateway'])) - $gatewayip = $gateway['gateway']; - else - $gatewayip = lookup_gateway_ip_by_name($gateway['gateway']); - break; - } + if (isset($gateways_arr[$member])) { + $gateway = $gateways_arr[$member]; + $int = $gateway['interface']; + $gatewayip = ""; + if(is_ipaddr($gateway['gateway'])) + $gatewayip = $gateway['gateway']; + else if ($int <> "") + $gatewayip = get_interface_gateway($gateway['friendlyiface']); } if (($int <> "") && is_ipaddr($gatewayip)) { $gateway_groups_array[$group['name']][$tiernr]['int'] = "$int"; $gateway_groups_array[$group['name']][$tiernr]['gwip'] = "$gatewayip"; + $gateway_groups_array[$group['name']][$tiernr]['weight'] = isset($gateway['weight']) ? $gateway['weight'] : 1; } } /* we should have the 1st available tier now, exit stage left */ @@ -498,19 +499,6 @@ function lookup_gateway_interface_by_name($name) { function get_interface_gateway($interface, &$dynamic = false) { global $config, $g; - $iflist = get_configured_interface_with_descr(); - /* - * XXX: BUG: This is silly at first, but we may be called with the interface - * descr for no apparent reason!!! - * Probably one of those silly strtoupper() legacy stuff! - */ - foreach ($iflist as $ifent => $ifdesc) { - if ($ifent == $interface || $ifdesc == $interface) { - $interface = $ifent; - break; - } - } - $gw = NULL; $gwcfg = $config['interfaces'][$interface]; diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 9044d48..94c5311 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -2199,7 +2199,7 @@ EOD; } $mpdconf .= <<<EOD - set ipcp yes vjcomp + set ipcp no vjcomp set ipcp ranges 0.0.0.0/0 0.0.0.0/0 create link static {$interface}L1 pppoe set link disable incoming @@ -2801,16 +2801,11 @@ function link_interface_to_vlans($int, $action = "") { if (empty($int)) return; - $real_if = get_real_interface($int); if (is_array($config['vlans']['vlan'])) { foreach ($config['vlans']['vlan'] as $vlan) { - if ($real_if == $vlan['if']) { + if ($int == $vlan['if']) { if ($action == "update") { - foreach ($config['interfaces'] as $ifname => $ifcfg) { - if ($ifcfg['if'] == $vlan['vlanif']) - interface_vlan_configure($vlan); - interface_configure($ifname); - } + interfaces_bring_up($int); } else if ($action == "") return $vlan; } @@ -3045,7 +3040,6 @@ function get_wireless_modes($interface) { if(is_interface_wireless($wlif)) { $cloned_interface = get_real_interface($interface); - $wi = 1; $chan_list = "/sbin/ifconfig {$cloned_interface} list chan"; $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; $format_list = "/usr/bin/awk '{print \$5 \" \" \$6 \",\" \$1}'"; @@ -3084,6 +3078,30 @@ function get_wireless_modes($interface) { return($wireless_modes); } +/* return channel numbers, frequency, max txpower, and max regulation txpower */ +function get_wireless_channel_info($interface) { + $wireless_channels = array(); + + $wlif = interface_translate_type_to_real($interface); + + if(is_interface_wireless($wlif)) { + $cloned_interface = get_real_interface($interface); + $chan_list = "/sbin/ifconfig {$cloned_interface} list txpower"; + $stack_list = "/usr/bin/awk -F\"Channel \" '{ gsub(/\\*/, \" \"); print \$2 \"\\\n\" \$3 }'"; + $format_list = "/usr/bin/awk '{print \$1 \",\" \$3 \" \" \$4 \",\" \$5 \",\" \$7}'"; + + $interface_channels = ""; + exec("$chan_list | $stack_list | sort -u | $format_list 2>&1", $interface_channels); + + foreach ($interface_channels as $channel_line) { + $channel_line = explode(",", $channel_line); + if(!isset($wireless_channels[$channel_line[0]])) + $wireless_channels[$channel_line[0]] = $channel_line; + } + } + return($wireless_channels); +} + /****f* interfaces/get_interface_mtu * NAME * get_interface_mtu - Return the mtu of an interface diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index b96afad..66a81fc 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -266,7 +266,7 @@ function openvpn_reconfigure($mode,& $settings) { if (empty($settings)) return; - if ($settings['disable']) + if (isset($settings['disable'])) return; /* @@ -340,8 +340,7 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "down /etc/rc.filter_configure\n"; if (!empty($iface_ip)) { - if ($mode == "server" || ($mode == "client" && !empty($settings['local_port']))) - $conf .= "local {$iface_ip}\n"; + $conf .= "local {$iface_ip}\n"; } // server specific settings @@ -441,13 +440,16 @@ function openvpn_reconfigure($mode,& $settings) { } // The port we'll listen at - // If local_port is used, bing the management port + // If local_port is used, bind the management port if ($settings['local_port']) { $conf .= "lport {$settings['local_port']}\n"; $conf .= "management 127.0.0.1 {$settings['local_port']}\n"; } - else + + // If there is no bind option at all (ip and/or port), add "nobind" directive + if ((empty($iface_ip)) && (!$settings['local_port'])) { $conf .= "nobind\n"; + } // The remote server $conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n"; @@ -559,7 +561,7 @@ function openvpn_restart($mode, & $settings) { usleep(250000); } - if ($settings['disable']) + if (isset($settings['disable'])) return; /* start the new process */ @@ -607,7 +609,7 @@ function openvpn_resync_csc(& $settings) { $fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name']; - if ($settings['disable']) { + if (isset($settings['disable'])) { unlink_if_exists($fpath); return; } @@ -704,4 +706,167 @@ function openvpn_resync_all($interface = "") { } +function openvpn_get_active_servers() { + $servers = array(); + global $config; + if (is_array($config['openvpn']['openvpn-server'])) { + foreach ($config['openvpn']['openvpn-server'] as & $settings) { + + $prot = $settings['protocol']; + $port = $settings['local_port']; + + $server = array(); + $server['port'] = $settings['local_port']; + if ($settings['description']) + $server['name'] = "{$settings['description']} {$prot}:{$port}"; + else + $server['name'] = "Server {$prot}:{$port}"; + $server['conns'] = array(); + + $tcpsrv = "tcp://127.0.0.1:{$port}"; + $errval; + $errstr; + + /* open a tcp connection to the management port of each server */ + $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); + if ($fp) { + + /* send our status request */ + fputs($fp, "status 2\n"); + + /* recv all response lines */ + while (!feof($fp)) { + + /* read the next line */ + $line = fgets($fp, 1024); + + /* parse header list line */ + if (strstr($line, "HEADER")) + continue; + + /* parse end of output line */ + if (strstr($line, "END")) + break; + + /* parse client list line */ + if (strstr($line, "CLIENT_LIST")) { + $list = explode(",", $line); + $conn = array(); + $conn['common_name'] = $list[1]; + $conn['remote_host'] = $list[2]; + $conn['virtual_addr'] = $list[3]; + $conn['bytes_recv'] = $list[4]; + $conn['bytes_sent'] = $list[5]; + $conn['connect_time'] = $list[6]; + $server['conns'][] = $conn; + } + } + + /* cleanup */ + fclose($fp); + } else { + $conn = array(); + $conn['common_name'] = "[error]"; + $conn['remote_host'] = "Management Daemon Unreachable"; + $conn['virtual_addr'] = ""; + $conn['bytes_recv'] = 0; + $conn['bytes_sent'] = 0; + $conn['connect_time'] = 0; + $server['conns'][] = $conn; + } + + $servers[] = $server; + } + } + return $servers; +} + +function openvpn_get_active_clients() { + $clients = array(); + global $config; + if (is_array($config['openvpn']['openvpn-client'])) { + foreach ($config['openvpn']['openvpn-client'] as & $settings) { + + $prot = $settings['protocol']; + $port = $settings['local_port']; + + $client = array(); + $client['port'] = $settings['local_port']; + if ($settings['description']) + $client['name'] = "{$settings['description']} {$prot}:{$port}"; + else + $client['name'] = "Client {$prot}:{$port}"; + + $tcpcli = "tcp://127.0.0.1:{$port}"; + $errval; + $errstr; + + $client['status']="down"; + + /* open a tcp connection to the management port of each cli */ + $fp = @stream_socket_client($tcpcli, $errval, $errstr, 1); + if ($fp) { + + /* send our status request */ + fputs($fp, "state 1\n"); + + /* recv all response lines */ + while (!feof($fp)) { + /* read the next line */ + $line = fgets($fp, 1024); + + /* Get the client state */ + if (strstr($line,"CONNECTED")) { + $client['status']="up"; + $list = explode(",", $line); + + $client['connect_time'] = date("D M j G:i:s Y", $list[0]); + $client['virtual_addr'] = $list[3]; + $client['remote_host'] = $list[4]; + } + /* parse end of output line */ + if (strstr($line, "END")) + break; + } + + /* If up, get read/write stats */ + if (strcmp($client['status'], "up") == 0) { + fputs($fp, "status 2\n"); + /* recv all response lines */ + while (!feof($fp)) { + /* read the next line */ + $line = fgets($fp, 1024); + + if (strstr($line,"TCP/UDP read bytes")) { + $list = explode(",", $line); + $client['bytes_recv'] = $list[1]; + } + + if (strstr($line,"TCP/UDP write bytes")) { + $list = explode(",", $line); + $client['bytes_sent'] = $list[1]; + } + + /* parse end of output line */ + if (strstr($line, "END")) + break; + } + } + + fclose($fp); + + } else { + $DisplayNote=true; + $client['remote_host'] = "No Management Daemon"; + $client['virtual_addr'] = "See Note Below"; + $client['bytes_recv'] = 0; + $client['bytes_sent'] = 0; + $client['connect_time'] = 0; + } + + $clients[] = $client; + } + } + return $clients; +} ?> diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 7dd6d74..edb50a5 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -289,9 +289,11 @@ function is_alias_inuse($alias) { /* loop through nat rules looking for alias in use */ if(is_array($config['nat']['rule'])) foreach($config['nat']['rule'] as $rule) { - if($rule['target'] == $alias) + if($rule['target'] && $rule['target'] == $alias) return true; - if($rule['external-address'] == $alias) + if($rule['source']['address'] && $rule['source']['address'] == $alias) + return true; + if($rule['destination']['address'] && $rule['destination']['address'] == $alias) return true; } return false; @@ -1094,9 +1096,9 @@ function setup_serial_port() { foreach($ttys_split as $tty) { if(stristr($tty, "ttyd0") or stristr($tty, "ttyu0")) { if(isset($config['system']['enableserial'])) { - fwrite($fd, "ttyu0 \"/usr/libexec/getty bootupcli\" dialup on secure\n"); + fwrite($fd, "ttyu0 \"/usr/libexec/getty bootupcli\" cons25 on secure\n"); } else { - fwrite($fd, "ttyu0 \"/usr/libexec/getty bootupcli\" dialup off secure\n"); + fwrite($fd, "ttyu0 \"/usr/libexec/getty bootupcli\" cons25 off secure\n"); } } else { fwrite($fd, $tty . "\n"); @@ -1412,25 +1414,6 @@ function get_cpu_speed() { return exec("sysctl hw.clockrate | awk '{ print $2 }'"); } -/* check if the wan interface is up - * Wait for a maximum of 10 seconds - * If the interface is up before then continue - */ -function is_wan_interface_up($interface) { - global $g; - global $config; - $i = 0; - while($i < 10) { - if(get_interface_gateway($interface)) { - return true; - } else { - sleep(1); - } - $i++; - } - return false; -} - function add_hostname_to_watch($hostname) { if(!is_dir("/var/db/dnscache")) { mkdir("/var/db/dnscache"); @@ -1920,5 +1903,141 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) { return -1; } } +function get_real_slice_from_glabel($label) { + $label = escapeshellarg($label); + return trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/{$label} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`); +} +function nanobsd_get_boot_slice() { + return trim(`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`); +} +function nanobsd_get_boot_drive() { + return trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1`); +} +function nanobsd_get_active_slice() { + $boot_drive = nanobsd_get_boot_drive(); + $active = trim(`gpart show $boot_drive | grep '\[active\]' | awk '{print $3;}'`); + + return "{$boot_drive}s{$active}"; +} +function nanobsd_get_size() { + return strtoupper(file_get_contents("/etc/nanosize.txt")); +} +function nanobsd_switch_boot_slice() { + global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; + global $GLABEL_SLICE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; + global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE, $ACTIVE_SLICE; + nanobsd_detect_slice_info(); + + if ($BOOTFLASH == $ACTIVE_SLICE) { + $slice = $TOFLASH; + } else { + $slice = $BOOTFLASH; + } + + for ($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } + ob_implicit_flush(1); + if(strstr($slice, "s2")) { + $ASLICE="2"; + $AOLDSLICE="1"; + $AGLABEL_SLICE="pfsense1"; + $AUFS_ID="1"; + $AOLD_UFS_ID="0"; + } else { + $ASLICE="1"; + $AOLDSLICE="2"; + $AGLABEL_SLICE="pfsense0"; + $AUFS_ID="0"; + $AOLD_UFS_ID="1"; + } + $ATOFLASH="{$BOOT_DRIVE}s{$ASLICE}"; + $ACOMPLETE_PATH="{$BOOT_DRIVE}s{$ASLICE}a"; + $ABOOTFLASH="{$BOOT_DRIVE}s{$AOLDSLICE}"; + conf_mount_rw(); + exec("sysctl kern.geom.debugflags=16"); + exec("gpart set -a active -i {$ASLICE} {$BOOT_DRIVE}"); + exec("/usr/sbin/boot0cfg -s {$ASLICE} -v /dev/{$BOOT_DRIVE}"); + // We can't update these if they are mounted now. + if ($BOOTFLASH != $slice) { + exec("/sbin/tunefs -L ${AGLABEL_SLICE} /dev/$ACOMPLETE_PATH"); + nanobsd_update_fstab($AGLABEL_SLICE, $ACOMPLETE_PATH, $AOLD_UFS_ID, $AUFS_ID); + } + exec("/sbin/sysctl kern.geom.debugflags=0"); + conf_mount_ro(); +} +function nanobsd_clone_slice() { + global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; + global $GLABEL_SLICE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; + global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE, $ACTIVE_SLICE; + nanobsd_detect_slice_info(); + + for ($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } + ob_implicit_flush(1); + exec("/sbin/sysctl kern.geom.debugflags=16"); + exec("/bin/dd if=/dev/zero of=/dev/{$TOFLASH} bs=1m count=1"); + exec("/bin/dd if=/dev/{$BOOTFLASH} of=/dev/{$TOFLASH} bs=64k"); + exec("/sbin/tunefs -L {$GLABEL_SLICE} /dev/{$COMPLETE_PATH}"); + $status = nanobsd_update_fstab($GLABEL_SLICE, $COMPLETE_PATH, $OLD_UFS_ID, $UFS_ID); + exec("/sbin/sysctl kern.geom.debugflags=0"); + if($status) { + return false; + } else { + return true; + } +} +function nanobsd_update_fstab($gslice, $complete_path, $oldufs, $newufs) { + $tmppath = "/tmp/{$gslice}"; + $fstabpath = "/tmp/{$gslice}/etc/fstab"; + + exec("/bin/mkdir {$tmppath}"); + exec("/sbin/fsck_ufs -y /dev/{$complete_path}"); + exec("/sbin/mount /dev/ufs/{$gslice} {$tmppath}"); + exec("/bin/cp /etc/fstab {$fstabpath}"); + + if (!file_exists($fstabpath)) { + $fstab = <<<EOF +/dev/ufs/{$gslice} / ufs ro 1 1 +/dev/ufs/cf /cf ufs ro 1 1 +EOF; + if (file_put_contents($fstabpath, $fstab)) + $status = true; + else + $status = false; + } else { + $status = exec("sed -i \"\" \"s/pfsense{$oldufs}/pfsense{$newufs}/g\" {$fstabpath}"); + } + exec("/sbin/umount {$tmppath}"); + exec("/bin/rmdir {$tmppath}"); + + return $status; +} +function nanobsd_detect_slice_info() { + global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; + global $GLABEL_SLICE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; + global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE, $ACTIVE_SLICE; + $BOOT_DEVICE=nanobsd_get_boot_slice(); + $REAL_BOOT_DEVICE=get_real_slice_from_glabel($BOOT_DEVICE); + $BOOT_DRIVE=nanobsd_get_boot_drive(); + $ACTIVE_SLICE=nanobsd_get_active_slice(); + + // Detect which slice is active and set information. + if(strstr($REAL_BOOT_DEVICE, "s1")) { + $SLICE="2"; + $OLDSLICE="1"; + $GLABEL_SLICE="pfsense1"; + $UFS_ID="1"; + $OLD_UFS_ID="0"; + + } else { + $SLICE="1"; + $OLDSLICE="2"; + $GLABEL_SLICE="pfsense0"; + $UFS_ID="0"; + $OLD_UFS_ID="1"; + } + $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; + $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; + $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; + $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; +} ?> diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index a443c28..f8c187c 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -276,11 +276,13 @@ function get_pkg_depends($pkg_name, $filetype = ".xml", $format = "files", $retu function uninstall_package_from_name($pkg_name) { global $config; $id = get_pkg_id($pkg_name); - $pkg_depends =& $config['installedpackages']['package'][$id]['depends_on_package']; - delete_package($pkg_depends[0], $pkg_name); - if (is_array($pkg_depends)) { - foreach ($pkg_depends as $pkg_depend) - remove_freebsd_package($pkg_depend); + if ($id >= 0) { + $pkg_depends =& $config['installedpackages']['package'][$id]['depends_on_package']; + delete_package($pkg_depends[0], $pkg_name); + if (is_array($pkg_depends)) { + foreach ($pkg_depends as $pkg_depend) + remove_freebsd_package($pkg_depend); + } } delete_package_xml($pkg_name); } diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index b24355a..9a023eb 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -3443,8 +3443,7 @@ class layer7 { } function delete_l7c() { - $l7pid = `"/bin/pgrep -f 'ipfw-classifyd .* -p ". $l7rules->GetRPort() . "'"`; - mwexec("/bin/kill {$l7pid}"); + mwexec("/bin/pkill -f 'ipfw-classifyd .* -p ". $l7rules->GetRPort() . "'", true); unset_l7_object_by_reference($this->GetRName()); cleanup_l7_from_rules($this->GetRName()); } @@ -3902,7 +3901,7 @@ function filter_generate_dummynet_rules() { foreach ($dummynet_pipe_list as $dn) $dn_rules .= $dn->build_rules(); - if (!empty($dnrules)) { + if (!empty($dn_rules)) { file_put_contents("{$g['tmp_path']}/rules.limiter", $dn_rules); mwexec("/sbin/ipfw {$g['tmp_path']}/rules.limiter"); } diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 7a01513..d26b1bb 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -245,51 +245,24 @@ function system_routing_configure() { } /* Enable fast routing, if enabled */ + /* XXX: More checks need to be done for subsystems that are not compatibel with fast routing. */ if(isset($config['staticroutes']['enablefastrouting']) && !isset($config['ipsec']['enable'])) mwexec("/sbin/sysctl net.inet.ip.fastforwarding=1"); - $route_str = exec_command("/usr/bin/netstat -rnf inet"); - - /* clear out old routes, if necessary */ - if (file_exists("{$g['vardb_path']}/routes.db")) { - $fd = fopen("{$g['vardb_path']}/routes.db", "r"); - if (!$fd) { - printf("Error: cannot open routes DB file in system_routing_configure().\n"); - return 1; - } - while (!feof($fd)) { - $oldrt = trim(fgets($fd)); - if (($oldrt) && (stristr($route_str, $oldrt))) - mwexec("/sbin/route delete " . escapeshellarg($oldrt)); - } - fclose($fd); - unlink("{$g['vardb_path']}/routes.db"); - } - - if (false) { - /* if list */ - $iflist = get_configured_interface_list(); - - $dont_remove_route = false; - foreach ($iflist as $ifent => $ifname) { - /* - * XXX: The value of this is really when this function can take - * an interface as parameter. - */ - /* do not process interfaces that will end up with gateways */ - if (interface_has_gateway($ifent) || - $config['interfaces'][$ifent]['ipaddr'] == "carpdev-dhcp") { - $dont_remove_route = true; - break; + $gatewayip = ""; + $interfacegw = ""; + /* tack on all the hard defined gateways as well */ + if (is_array($config['gateways']['gateway_item'])) { + foreach ($config['gateways']['gateway_item'] as $gateway) { + if (isset($gateway['defaultgw'])) { + if ($gateway['gateway'] == "dynamic") + $gateway['gateway'] = get_interface_gateway($gateway['interface']); + $gatewayip = $gateway['gateway']; + $interfacegw = $gateway['interface']; + break; + } } } - - if ($dont_remove_route == false) { - /* remove default route */ - mwexec("/sbin/route delete default", true); - } - } - $dont_add_route = false; /* if OLSRD is enabled, allow WAN to house DHCP. */ if($config['installedpackages']['olsrd']) { @@ -300,33 +273,15 @@ function system_routing_configure() { } } } - if($dont_add_route == false) { - if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if(isset($gateway['defaultgw'])) { - $gatewayip = $gateway['gateway']; - $interfacegw = $gateway['interface']; - /* This handles the case where a dynamic gateway is choosen as default. */ - if (!is_ipaddr($gatewayip)) - $gatewayip = get_interface_gateway($interfacegw); - break; - } - } - if(($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) { - preg_match("/default[ ]+([0-9].*?)[ ]+/i", $route_str, $elements); - if(trim($elements[1]) != "$gatewayip") { - mwexec("/sbin/route delete default " . escapeshellarg($gatewayip), true); - } - mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true); - } - } else { - log_error("SYSTEM: We do not have a gateways array in our XML. Is this configuration damaged?"); - /* adding gateway for 1.2-style configs without the new - gateway setup configured. - Force WAN to be default gateway because that is the - 1.2 behavior. - */ + if (($interfacegw <> "bgpd") && (is_ipaddr($gatewayip))) + mwexec("/sbin/route delete default; /sbin/route add default " . escapeshellarg($gatewayip), true); + else { + /* Adding gateway for 1.2-style configs without the new + * gateway setup configured. + * Force WAN to be default gateway because that is the 1.2 behavior. + */ + log_error("SYSTEM: We do not have a default gateway in our config. Is this configuration damaged?"); if (is_ipaddr($config['interfaces']['wan']['gateway'])) { $gatewayip = $config['interfaces']['wan']['gateway']; mwexec("/sbin/route add default " . escapeshellarg($gatewayip), true); @@ -335,49 +290,40 @@ function system_routing_configure() { } if (is_array($config['staticroutes']['route'])) { - - $fd = fopen("{$g['vardb_path']}/routes.db", "w"); - if (!$fd) { - printf("Error: cannot open routes DB file in system_routing_configure().\n"); - return 1; - } + $route_str = array(); + exec("/usr/bin/netstat -rnf inet | /usr/bin/cut -d \" \" -f 1", $route_str); + $route_str = array_flip($route_str); + $gateways_arr = return_gateways_array(); foreach ($config['staticroutes']['route'] as $rtent) { - unset($gatewayip); - unset($interfacegw); - if(is_array($config['gateways']['gateway_item'])) { - foreach($config['gateways']['gateway_item'] as $gateway) { - if($rtent['gateway'] == $gateway['name']) { - $gatewayip = $gateway['gateway']; - $interfacegw = $gateway['interface']; - /* This handles the case where a dynamic gateway is choosen. */ - if (!is_ipaddr($gatewayip)) - $gatewayip = get_interface_gateway($interfacegw); - break; - } - } - } - if((is_ipaddr($rtent['gateway'])) && empty($gatewayip)) { + $gatewayip = ""; + if (isset($gateways_arr[$rtent['gateway']])) { + $gatewayip = $gateways_arr[$rtent['gateway']]['gateway']; + $interfacegw = get_real_interface($rtent['interface']); + } else if (is_ipaddr($rtent['gateway'])) { $gatewayip = $rtent['gateway']; - $interfacegw = $rtent['interface']; - } - if((isset($rtent['interfacegateway'])) && (! is_ipaddr($gatewayip))) { - mwexec("/sbin/route add " . escapeshellarg($rtent['network']) . - " -iface " . escapeshellarg(convert_friendly_interface_to_real_interface_name($interfacegw))); } else { - mwexec("/sbin/route add " . escapeshellarg($rtent['network']) . + log_error("Static Routes: Gateway ip could not be found for {$rtent['network']}"); + continue; + } + + $action = "add"; + if (isset($route_str[$rtent['network']])) + $action = "change"; + + if (is_ipaddr($gatewayip)) { + mwexec("/sbin/route {$action} " . escapeshellarg($rtent['network']) . " " . escapeshellarg($gatewayip)); + } else if (!empty($interfacegw)) { + mwexec("/sbin/route {$action} " . escapeshellarg($rtent['network']) . + " -iface " . escapeshellarg($interfacegw)); } - /* record route so it can be easily removed later (if necessary) */ - fwrite($fd, $rtent['network'] . "\n"); } - fclose($fd); } return 0; } - function system_routing_enable() { global $config, $g; if(isset($config['system']['developerspew'])) { diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index da8594a..f4d64e8 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -921,9 +921,9 @@ function upgrade_046_to_047() { $ph1ent['myid_type'] = "fqdn"; $ph1ent['myid_data'] = $tunnel['p1']['myident']['fqdn']; } - if (isset($tunnel['p1']['myident']['user_fqdn'])) { + if (isset($tunnel['p1']['myident']['ufqdn'])) { $ph1ent['myid_type'] = "user_fqdn"; - $ph1ent['myid_data'] = $tunnel['p1']['myident']['user_fqdn']; + $ph1ent['myid_data'] = $tunnel['p1']['myident']['ufqdn']; } if (isset($tunnel['p1']['myident']['asn1dn'])) { $ph1ent['myid_type'] = "asn1dn"; @@ -1343,7 +1343,7 @@ function upgrade_051_to_052() { $server['tunnel_network'] = $server['addresspool']; unset($server['addresspool']); if (isset($server['use_lzo'])) { - $server['compress'] = true; + $server['compression'] = "on"; unset($server['use_lzo']); } if ($server['nopool']) @@ -1439,7 +1439,7 @@ function upgrade_051_to_052() { $client['proxy_addr'] = $client['poxy_hostname']; unset($client['proxy_addr']); if (isset($client['use_lzo'])) { - $client['compress'] = true; + $client['compression'] = "on"; unset($client['use_lzo']); } $client['resolve_retry'] = $client['infiniteresolvretry']; @@ -1863,4 +1863,42 @@ function upgrade_060_to_061() { $config['interfaces']['lan']['enable'] = true; } +function upgrade_061_to_062() { + global $config; + + /* Convert NAT port forwarding rules */ + if (is_array($config['nat']['rule'])) { + $a_nat = &$config['nat']['rule']; + + foreach ($a_nat as &$natent) { + $natent['disabled'] = false; + $natent['nordr'] = false; + + $natent['source'] = array( + "not" => false, + "any" => true, + "port" => "" + ); + + $natent['destination'] = array( + "not" => false, + "address" => $natent['external-address'], + "port" => $natent['external-port'] + ); + + if (empty($natent['destination']['address'])) { + $natent['destination']['address'] = $natent['interface'] . 'ip'; + } else if ($natent['destination']['address'] == 'any') { + unset($natent['destination']['address']); + $natent['destination']['any'] = true; + } + + unset($natent['external-address']); + unset($natent['external-port']); + } + + unset($natent); + } +} + ?> diff --git a/etc/phpshellsessions/gitsync b/etc/phpshellsessions/gitsync index 6491851..4176dfe 100644 --- a/etc/phpshellsessions/gitsync +++ b/etc/phpshellsessions/gitsync @@ -48,10 +48,18 @@ if(file_exists("/root/cvssync_backup.tgz")) { $branches = array_merge($branches, $tmp); } +if(is_dir("$CODIR/pfSenseGITREPO/pfSenseGITREPO")) { + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git config remote.origin.url", $output_str, $ret); + if(is_array($output_str) && !empty($output_str[0])) + $GIT_REPO = $output_str[0]; + unset($output_str); +} + if($command_split[2]) { $branch = $command_split[2]; } else { if(!$argv[3]) { + echo "\nCurrent repository is $GIT_REPO\n"; echo "\nPlease select which branch you would like to sync against:\n\n"; foreach($branches as $branchname => $branchdesc) { echo "{$branchname} \t {$branchdesc}\n"; @@ -97,6 +105,21 @@ if(!$found) { } } +$merge_repos = array(); +if(!$command_split[2] && !$argv[3]) { + do { + echo "\nAdd a custom RCS branch URL (HTTP) to merge in or press enter for none.\n\n"; + $merge_repo = readline("> "); + if(!empty($merge_repo)) { + $merge_branch = readline("Merge which branch [master]? "); + if($merge_branch == "") + $merge_repos[] = array('repo' => $merge_repo, 'branch' => 'master'); + else if($merge_branch) + $merge_repos[] = array('repo' => $merge_repo, 'branch' => $merge_branch); + } + } while(!empty($merge_repo)); +} + if($branch == "RESTORE" && $g['platform'] == "pfSense") { if(!file_exists("/root/cvssync_backup.tgz")) { echo "Sorry, we could not find a previous CVSSync backup file.\n"; @@ -125,25 +148,15 @@ exec("mkdir -p /root/pfsense/$branch"); // Git 'er done! if(is_dir("$CODIR/pfSenseGITREPO/pfSenseGITREPO")) { echo "===> Fetching updates...\n"; + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git config remote.origin.url $GIT_REPO"); exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git fetch"); exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git clean -f -f -x -d"); - if($branch == "master") { - $git_cmd = array( - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git reset HEAD --hard", - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git rebase origin" - ); - run_cmds($git_cmd); - } else { - $git_cmd = array( - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git reset HEAD --hard", - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git checkout master", - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git branch -D $branch", - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git fetch", - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git rebase origin", - "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git checkout -b $branch origin/$branch" - ); - run_cmds($git_cmd); - } + $git_cmd = array( + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git branch $branch origin/$branch 2>/dev/null", + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git checkout -f $branch 2>/dev/null", + "cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git reset --hard origin/$branch" + ); + run_cmds($git_cmd); } else { exec("mkdir -p $CODIR/pfSenseGITREPO"); echo "Executing cd $CODIR/pfSenseGITREPO && git clone $GIT_REPO pfSenseGITREPO\n"; @@ -159,6 +172,17 @@ if(is_dir("$CODIR/pfSenseGITREPO/pfSenseGITREPO")) { } } +foreach($merge_repos as $merge_repo) { + echo "===> Merging branch {$merge_repo['branch']} from {$merge_repo['repo']}\n"; + exec("cd $CODIR/pfSenseGITREPO/pfSenseGITREPO && git pull {$merge_repo['repo']} {$merge_repo['branch']}", $output_str, $ret); + unset($output_str); + if($ret <> 0) { + echo "\nMerge failed. Aborting sync.\n\n"; + run_cmds($git_cmd); + exit; + } +} + exec("mkdir -p /tmp/lighttpd/cache/compress/"); // Nuke CVS and pfSense tarballs diff --git a/etc/rc.nanobsd_switch_boot_slice b/etc/rc.nanobsd_switch_boot_slice new file mode 100755 index 0000000..ccbed9c --- /dev/null +++ b/etc/rc.nanobsd_switch_boot_slice @@ -0,0 +1,27 @@ +#!/usr/local/bin/php -q +<?php +require_once("globals.inc"); +require_once("config.inc"); +require_once("pfsense-utils.inc"); + +global $g; +global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; +global $GLABEL_SLICE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; +global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE, $ACTIVE_SLICE; +nanobsd_detect_slice_info(); + +if ($g['platform'] != "nanobsd") { + echo "This script can only be used on NanoBSD (embedded) images.\n"; + exit(1); +} + +echo "Boot slice : {$BOOTFLASH} ({$BOOT_DEVICE})\n"; +echo "Active slice: {$ACTIVE_SLICE}\n\n"; + +echo "Switching active slice..."; +nanobsd_switch_boot_slice(); +echo "Done.\n\n"; +nanobsd_detect_slice_info(); +echo "Boot slice : {$BOOTFLASH} ({$BOOT_DEVICE})\n"; +echo "Active slice: {$ACTIVE_SLICE}\n\n"; +?>
\ No newline at end of file diff --git a/etc/rc.newwanip b/etc/rc.newwanip index 86e3f31..95d44a3 100755 --- a/etc/rc.newwanip +++ b/etc/rc.newwanip @@ -61,12 +61,16 @@ if(empty($argument)) { log_error("rc.newwanip: on (IP address: {$curwanip}) (interface: {$interface}) (real interface: {$interface_real})."); -if($curwanip == "0.0.0.0") { +if($curwanip == "0.0.0.0" || !is_ipaddr($curwanip)) { log_error("rc.newwanip: Failed to update {$interface} IP, restarting..."); interface_configure($interface); exit; } +$oldip = "0.0.0.0"; +if (file_exists("{$g['vardb_path']}/{$interface}_cacheip")) + $oldip = file_get_contents("{$g['vardb_path']}/{$interface}_cacheip"); + /* regenerate resolv.conf if DNS overrides are allowed */ system_resolvconf_generate(true); @@ -75,6 +79,10 @@ services_dnsupdate_process($interface); /* write current WAN IP to file */ file_put_contents("{$g['vardb_path']}/{$interface}_ip", $curwanip); +file_put_contents("{$g['vardb_path']}/{$interface}_cacheip", $curwanip); + +if (is_ipaddr($oldip) && $curwanip == $oldip) + exit; /* signal dyndns update */ file_put_contents("{$g['tmp_path']}/update_dyndns", $interface); @@ -98,7 +106,7 @@ enable_rrd_graphing(); /* restart packages */ mwexec_bg("/usr/local/sbin/ntpdate_sync_once.sh"); mwexec_bg("/etc/rc.start_packages"); -log_error("{$g['product_name']} package system has detected an ip change $old_ip -> $curwanip ... Restarting packages."); +log_error("{$g['product_name']} package system has detected an ip change $oldip -> $curwanip ... Restarting packages."); /* reconfigure our gateway monitor */ setup_gateways_monitor(); diff --git a/etc/rc.update_urltables b/etc/rc.update_urltables index fcb60d3..fcb60d3 100644..100755 --- a/etc/rc.update_urltables +++ b/etc/rc.update_urltables diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index f02814e..7d51fc3 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -337,7 +337,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($passthrumacadd && $portalmac == NULL) { $mac = array(); $mac['mac'] = $clientmac; - $mac['descr'] = "Auto added mac passthrough with user {$username}"; + $mac['descr'] = "Auto added pass-through MAC for user {$username}"; if (!empty($bw_up)) $mac['bw_up'] = $bw_up; if (!empty($bw_down)) diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 3eeae34..3734b0b 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -3,6 +3,7 @@ if [ -f /tmp/$1up ] && [ -f /conf/$1.log ]; then seconds=$((`date -j +%s` - `/usr/bin/stat -f %m /tmp/$1up`)) /usr/local/sbin/ppp-log-uptime.sh $seconds $1 & fi +/sbin/pfctl -b $3 # delete the node just in case mpd cannot do that /usr/sbin/ngctl shutdown $1: /bin/rm -f /var/etc/nameserver_$1 diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 64273fc..1ff119e 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -340,8 +340,11 @@ if ($_POST) { update_alias_names_upon_change('filter', 'rule', 'source', 'address', $newname, $origname); update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $newname, $origname); // NAT Rules + update_alias_names_upon_change('nat', 'rule', 'source', 'address', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'source', 'port', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $newname, $origname); update_alias_names_upon_change('nat', 'rule', 'target', '', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'external-port', '', $newname, $origname); update_alias_names_upon_change('nat', 'rule', 'local-port', '', $newname, $origname); // Alias in an alias update_alias_names_upon_change('aliases', 'alias', 'address', '', $newname, $origname); diff --git a/usr/local/www/diag_nanobsd.php b/usr/local/www/diag_nanobsd.php index 307b66e..3e9bed1 100755 --- a/usr/local/www/diag_nanobsd.php +++ b/usr/local/www/diag_nanobsd.php @@ -49,42 +49,11 @@ require_once("config.inc"); $pgtitle = array("Diagnostics","NanoBSD"); include("head.inc"); -function detect_slice_info() { - global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; - global $GLABEL_SLIZE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; - global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE; - - $BOOT_DEVICE=trim(`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`); - $REAL_BOOT_DEVICE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/{$BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`); - $BOOT_DRIVE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1`); - - // Detect which slice is active and set information. - if(strstr($REAL_BOOT_DEVICE, "s1")) { - $SLICE="2"; - $OLDSLICE="1"; - $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; - $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; - $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; - $GLABEL_SLICE="pfsense1"; - $UFS_ID="1"; - $OLD_UFS_ID="0"; - $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; - - } else { - $SLICE="1"; - $OLDSLICE="2"; - $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; - $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; - $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; - $GLABEL_SLICE="pfsense0"; - $UFS_ID="0"; - $OLD_UFS_ID="1"; - $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; - } -} - // Survey slice info -detect_slice_info(); +global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; +global $GLABEL_SLICE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; +global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE, $ACTIVE_SLICE; +nanobsd_detect_slice_info(); ?> @@ -95,7 +64,7 @@ detect_slice_info(); <?php -$NANOBSD_SIZE = strtoupper(file_get_contents("/etc/nanosize.txt")); +$NANOBSD_SIZE = nanobsd_get_size(); if($_POST['bootslice']) { echo <<<EOF @@ -105,51 +74,14 @@ if($_POST['bootslice']) { <p/> </div> EOF; - for ($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } - ob_implicit_flush(1); - if(strstr($_POST['bootslice'], "s2")) { - $ASLICE="2"; - $AOLDSLICE="1"; - $ATOFLASH="{$BOOT_DRIVE}s{$ASLICE}"; - $ACOMPLETE_PATH="{$BOOT_DRIVE}s{$ASLICE}a"; - $AGLABEL_SLICE="pfsense1"; - $AUFS_ID="1"; - $AOLD_UFS_ID="0"; - $ABOOTFLASH="{$BOOT_DRIVE}s{$AOLDSLICE}"; - } else { - $ASLICE="1"; - $AOLDSLICE="2"; - $ATOFLASH="{$BOOT_DRIVE}s{$ASLICE}"; - $ACOMPLETE_PATH="{$BOOT_DRIVE}s{$ASLICE}a"; - $AGLABEL_SLICE="pfsense0"; - $AUFS_ID="0"; - $AOLD_UFS_ID="1"; - $ABOOTFLASH="{$BOOT_DRIVE}s{$AOLDSLICE}"; - } - conf_mount_rw(); - exec("sysctl kern.geom.debugflags=16"); - exec("gpart set -a active -i {$ASLICE} {$BOOT_DRIVE}"); - exec("/usr/sbin/boot0cfg -s {$ASLICE} -v /dev/{$BOOT_DRIVE}"); - exec("/sbin/tunefs -L ${AGLABEL_SLICE} /dev/$ACOMPLETE_PATH"); - exec("/bin/mkdir /tmp/{$AGLABEL_SLICE}"); - exec("/sbin/fsck_ufs -y /dev/{$ACOMPLETE_PATH}"); - exec("/sbin/mount /dev/ufs/{$AGLABEL_SLICE} /tmp/{$AGLABEL_SLICE}"); - $fstab = <<<EOF -/dev/ufs/{$AGLABEL_SLICE} / ufs ro 1 1 -/dev/ufs/cf /cf ufs ro 1 1 -EOF; - file_put_contents("/tmp/{$AGLABEL_SLICE}/etc/fstab", $fstab); - exec("/sbin/umount /tmp/{$AGLABEL_SLICE}"); - exec("/sbin/sysctl kern.geom.debugflags=0"); - conf_mount_ro(); - $savemsg = "The boot slice has been set to {$BOOT_DRIVE} {$AGLABEL_SLICE}"; + nanobsd_switch_boot_slice(); + $savemsg = "The boot slice has been set to " . nanobsd_get_active_slice(); // Survey slice info - detect_slice_info(); + nanobsd_detect_slice_info(); } if($_POST['destslice']) { - echo <<<EOF <div id="loading"> <img src="/themes/metallic/images/misc/loader.gif"> @@ -157,27 +89,13 @@ echo <<<EOF <p/> </div> EOF; - for ($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } - ob_implicit_flush(1); - exec("/sbin/sysctl kern.geom.debugflags=16"); - exec("/bin/dd if=/dev/zero of=/dev/{$TOFLASH} bs=1m count=1"); - exec("/bin/dd if=/dev/{$BOOTFLASH} of=/dev/{$TOFLASH} bs=64k"); - exec("/sbin/tunefs -L {$GLABEL_SLICE} /dev/{$COMPLETE_PATH}"); - exec("/bin/mkdir /tmp/{$GLABEL_SLICE}"); - exec("/sbin/fsck_ufs -y /dev/{$COMPLETE_PATH}"); - exec("/sbin/mount /dev/ufs/{$GLABEL_SLICE} /tmp/{$GLABEL_SLICE}"); - exec("/bin/cp /etc/fstab /tmp/{$GLABEL_SLICE}/etc/fstab"); - $status = exec("sed -i \"\" \"s/pfsense{$OLD_UFS_ID}/pfsense{$UFS_ID}/g\" /tmp/{$GLABEL_SLICE}/etc/fstab"); - if($status) { - exec("/sbin/umount /tmp/{$GLABEL_SLICE}"); - $savemsg = "There was an error while duplicating the slice. Operation aborted."; - } else { + if(nanobsd_clone_slice($_POST['destslice'])) { $savemsg = "The slice has been duplicated.<p/>If you would like to boot from this newly duplicated slice please set it using the bootup information area."; - exec("/sbin/umount /tmp/{$GLABEL_SLICE}"); + } else { + $savemsg = "There was an error while duplicating the slice. Operation aborted."; } - exec("/sbin/sysctl kern.geom.debugflags=0"); // Re-Survey slice info - detect_slice_info(); + nanobsd_detect_slice_info(); } if ($savemsg) @@ -215,23 +133,14 @@ if ($savemsg) <td width="22%" valign="top" class="vncell">Bootup</td> <td width="78%" class="vtable"> <form action="diag_nanobsd.php" method="post" name="iform"> - Bootup slice: - <select name='bootslice'> - <option value='<?php echo $BOOTFLASH; ?>'> - <?php echo $BOOTFLASH; ?> - </option> - <option value='<?php echo $TOFLASH; ?>'> - <?php echo "{$TOFLASH}"; ?> - </option> - </select> + Bootup slice is currently: <?php echo $ACTIVE_SLICE; ?> + <br/><br/>This will switch the bootup slice to the alternate slice. <br/> - This will set the bootup slice. + <input type='hidden' name='bootslice' value='switch'> + <input type='submit' value='Switch Slice'></form> </td> </tr> <tr> - <td valign="top" class=""> </td><td><br/><input type='submit' value='Set bootup'></form></td> - </tr> - <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> diff --git a/usr/local/www/diag_ping.php b/usr/local/www/diag_ping.php index 4d82e06..b5658f5 100755 --- a/usr/local/www/diag_ping.php +++ b/usr/local/www/diag_ping.php @@ -136,7 +136,6 @@ include("head.inc"); ?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <span class="vexpl"><strong>Note: </strong></span> Multi-wan is not supported from this utility currently. </td> </tr> </table> diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php index 957c91c..37a5464 100755 --- a/usr/local/www/exec.php +++ b/usr/local/www/exec.php @@ -47,8 +47,13 @@ if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) { header("Content-Length: " . filesize($_POST['dlPath'])); header("Content-Disposition: attachment; filename=\"" . trim(htmlentities(basename($_POST['dlPath']))) . "\""); - header("Pragma: private"); - header("Cache-Control: private, must-revalidate"); + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } fpassthru($fd); exit; diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index d5a6a5f..bc210a1 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -87,22 +87,22 @@ if ($_GET['act'] == "del") { if($is_alias_referenced == false) { if(is_array($config['filter']['rule'])) { foreach($config['filter']['rule'] as $rule) { - if($rule['source']['address'] == $alias_name) { + if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['destination']['address'] == $alias_name) { + if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['source']['port'] == $alias_name) { + if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['destination']['port'] == $alias_name) { + if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; @@ -113,22 +113,32 @@ if ($_GET['act'] == "del") { if($is_alias_referenced == false) { if(is_array($config['nat']['rule'])) { foreach($config['nat']['rule'] as $rule) { - if($rule['target'] == $alias_name) { + if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['external-address'] == $alias_name) { + if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['external-port'] == $alias_name) { + if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['local-port'] == $alias_name) { + if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } + if($rule['target'] && $rule['target'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } + if($rule['local-port'] && $rule['local-port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 9c8025d..dca3d12 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -295,8 +295,11 @@ if ($_POST) { update_alias_names_upon_change('filter', 'rule', 'source', 'address', $_POST['name'], $origname); update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $_POST['name'], $origname); // NAT Rules + update_alias_names_upon_change('nat', 'rule', 'source', 'address', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'source', 'port', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $_POST['name'], $origname); update_alias_names_upon_change('nat', 'rule', 'target', '', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'external-port', '', $_POST['name'], $origname); update_alias_names_upon_change('nat', 'rule', 'local-port', '' , $_POST['name'], $origname); // Alias in an alias update_alias_names_upon_change('aliases', 'alias', 'address', '' , $_POST['name'], $origname); diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 696248f..0c9229b 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -185,10 +185,13 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td width="3%" class="list"> </td> <td width="5%" class="listhdrr">If</td> <td width="5%" class="listhdrr">Proto</td> - <td width="20%" class="listhdrr">Ext. port range</td> - <td width="20%" class="listhdrr">NAT IP</td> - <td width="20%" class="listhdrr">Int. port range</td> - <td width="20%" class="listhdr">Description</td> + <td width="11%" class="listhdrr">Src. addr</td> + <td width="11%" class="listhdrr">Src. ports</td> + <td width="11%" class="listhdrr">Dest. addr</td> + <td width="11%" class="listhdrr">Dest. ports</td> + <td width="11%" class="listhdrr">NAT IP</td> + <td width="11%" class="listhdrr">NAT Ports</td> + <td width="11%" class="listhdr">Description</td> <td width="5%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> @@ -202,26 +205,26 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <?php //build Alias popup box - $span_begin = ""; - $span_end = ""; - $alias_src_port_span_begin = ""; - $alias_dst_span_begin = ""; - $alias_dst_port_span_begin = ""; - - list($beginport, $endport) = split("-", $natent['external-port']); - - $alias_popup = rule_popup("",$beginport,$natent['target'],$natent['local-port']); $span_end = "</U></span>"; - - + + $alias_popup = rule_popup($natent['source']['address'], pprint_port($natent['source']['port']), $natent['destination']['address'], pprint_port($natent['destination']['port'])); + + $alias_src_span_begin = $alias_popup["src"]; $alias_src_port_span_begin = $alias_popup["srcport"]; - - $alias_dst_span_begin = $alias_popup["dst"]; - + $alias_dst_span_begin = $alias_popup["dst"]; $alias_dst_port_span_begin = $alias_popup["dstport"]; - - + $alias_popup = rule_popup("","",$natent['target'], pprint_port($natent['local-port'])); + + $alias_target_span_begin = $alias_popup["dst"]; + $alias_local_port_span_begin = $alias_popup["dstport"]; + + if (isset($natent['disabled'])) + $textss = "<span class=\"gray\">"; + else + $textss = "<span>"; + + $textse = "</span>"; /* if user does not have access to edit an interface skip on to the next record */ if(!have_natpfruleint_access($natent['interface'])) @@ -230,14 +233,14 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <tr valign="top" id="fr<?=$nnats;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> <td class="listt" align="center"> - <?php if(!empty($natent['associated-rule-id'])): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="Firewall rule ID <?=htmlspecialchars($nnatid); ?> is managed with this rule" border="0"> - <?php endif; ?> <?php if($natent['associated-rule-id'] == "pass"): ?> <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="All traffic matching this NAT entry is passed" border="0"> + <?php elseif (!empty($natent['associated-rule-id'])): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="Firewall rule ID <?=htmlspecialchars($nnatid); ?> is managed with this rule" border="0"> <?php endif; ?> </td> <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?> <?php if (!$natent['interface'] || ($natent['interface'] == "wan")) echo "WAN"; @@ -246,49 +249,46 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript else echo strtoupper($config['interfaces'][$natent['interface']]['descr']); ?> + <?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=strtoupper($natent['protocol']);?> + <?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php - list($beginport, $endport) = split("-", $natent['external-port']); - if ((!$endport) || ($beginport == $endport)) { - echo $alias_src_port_span_begin; - echo $beginport; - if ($wkports[$beginport]) - echo " (" . $wkports[$beginport] . ")"; - else - echo " "; - echo $span_end; - } else - echo $beginport . " - " . $endport; - ?> + <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?> </td> <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php echo $alias_dst_span_begin;?><?=$natent['target'];?><?php echo $span_end;?> - <?php if ($natent['external-address']) - echo "<br>(ext.: " . $natent['external-address'] . ")"; - else - echo "<br>(ext.: " . find_interface_ip(convert_friendly_interface_to_real_interface_name($natent['interface'])) . ")"; - ?> + <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?> </td> + + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php if ((!$endport) || ($beginport == $endport)) { - echo $alias_dst_port_span_begin; - echo $natent['local-port']; - if ($wkports[$natent['local-port']]) - echo " (" . $wkports[$natent['local-port']] . ")"; - else - echo " "; - echo $span_end; - } else - echo $natent['local-port'] . " - " . - ($natent['local-port']+$endport-$beginport); - ?> + <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?php + $localport = $natent['local-port']; + + list($dstbeginport, $dstendport) = split("-", $natent['destination']['port']); + + if ($dstendport) { + $localendport = $natent['local-port'] + $dstendport - $dstbeginport; + $localport .= '-' . $localendport; + } + ?> + <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?> + </td> + <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=htmlspecialchars($natent['descr']);?> + <?=$textss;?><?=htmlspecialchars($natent['descr']);?> <?=$textse;?> </td> <td valign="middle" class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> @@ -304,6 +304,9 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <?php $i++; $nnats++; endforeach; ?> <tr> <td class="list" colspan="8"></td> + <td> </td> + <td> </td> + <td> </td> <td class="list" valign="middle" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index d44ced8..52a1268 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -158,7 +158,9 @@ include("head.inc"); <tr> <td colspan="4"> <p><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span>Depending on the way your WAN connection is setup, you may also need a <a href="firewall_virtual_ip.php">Virtual IP</a>.</span></p> + </strong></span>Depending on the way your WAN connection is setup, you may also need a <a href="firewall_virtual_ip.php">Virtual IP</a>.<br/> + If you add a 1:1 NAT entry for any of the interface IPs on this system, it will make this system inaccessible on that IP address. i.e. if + you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) using the WAN IP address will no longer function.</span></p> </td> <tr> </table> diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 62c4c33..d7ed094 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -100,12 +100,6 @@ if ($_POST) { $input_errors[] = "A valid internal subnet must be specified."; } - if (is_ipaddr($config['interfaces']['wan']['ipaddr'])) { - if (check_subnets_overlap($_POST['external'], $_POST['subnet'], - get_interface_ip("wan"), 32)) - $input_errors[] = "The WAN IP address may not be used in a 1:1 rule."; - } - /* check for overlaps with other 1:1 */ foreach ($a_1to1 as $natent) { if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) @@ -120,17 +114,6 @@ if ($_POST) { } } - /* check for overlaps with advanced outbound NAT */ - if (is_array($config['nat']['advancedoutbound']['rule'])) { - foreach ($config['nat']['advancedoutbound']['rule'] as $natent) { - if ($natent['target'] && - check_subnets_overlap($_POST['external'], $_POST['subnet'], $natent['target'], 32)) { - $input_errors[] = "An advanced outbound NAT entry overlaps with the specified external subnet."; - break; - } - } - } - if (!$input_errors) { $natent = array(); diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 8b36fb8..127a733 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -44,6 +44,13 @@ require_once("itemid.inc"); require("filter.inc"); require("shaper.inc"); +$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn"); +$ifdisp = get_configured_interface_with_descr(); +foreach ($ifdisp as $kif => $kdescr) { + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; +} + if (!is_array($config['nat']['rule'])) { $config['nat']['rule'] = array(); } @@ -59,96 +66,200 @@ if (isset($_GET['dup'])) { } if (isset($id) && $a_nat[$id]) { - $pconfig['extaddr'] = $a_nat[$id]['external-address']; + $pconfig['disabled'] = isset($a_nat[$id]['disabled']); + $pconfig['nordr'] = isset($a_nat[$id]['nordr']); + + address_to_pconfig($a_nat[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + $pconfig['proto'] = $a_nat[$id]['protocol']; - list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']); - if(!$pconfig['endport']) - $pconfig['endport'] = $pconfig['beginport']; $pconfig['localip'] = $a_nat[$id]['target']; $pconfig['localbeginport'] = $a_nat[$id]['local-port']; $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id']; $pconfig['nosync'] = isset($a_nat[$id]['nosync']); + if (!$pconfig['interface']) $pconfig['interface'] = "wan"; } else { $pconfig['interface'] = "wan"; + $pconfig['src'] = "any"; + $pconfig['srcbeginport'] = "any"; + $pconfig['srcendport'] = "any"; } if (isset($_GET['dup'])) unset($id); /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling + * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = "Invalid characters detected ($temp). Please remove invalid characters and save again."; + if($newpost <> $temp) + $input_errors[] = "Invalid characters detected ($temp). Please remove invalid characters and save again."; } if ($_POST) { - if ($_POST['beginport_cust'] && !$_POST['beginport']) - $_POST['beginport'] = $_POST['beginport_cust']; - if ($_POST['endport_cust'] && !$_POST['endport']) - $_POST['endport'] = $_POST['endport_cust']; - if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) - $_POST['localbeginport'] = $_POST['localbeginport_cust']; + if(strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") { + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + $_POST['srcbeginport'] = $_POST['srcbeginport_cust']; + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcendport_cust']; + + if ($_POST['srcbeginport'] == "any") { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } else { + if (!$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcbeginport']; + } + if ($_POST['srcendport'] == "any") + $_POST['srcendport'] = $_POST['srcbeginport']; + + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + $_POST['dstbeginport'] = $_POST['dstbeginport_cust']; + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstendport_cust']; + + if ($_POST['dstbeginport'] == "any") { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } else { + if (!$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstbeginport']; + } + if ($_POST['dstendport'] == "any") + $_POST['dstendport'] = $_POST['dstbeginport']; + + if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) + $_POST['localbeginport'] = $_POST['localbeginport_cust']; - if (!$_POST['endport']) - $_POST['endport'] = $_POST['beginport']; - /* Make beginning port end port if not defined and endport is */ - if (!$_POST['beginport'] && $_POST['endport']) - $_POST['beginport'] = $_POST['endport']; + /* Make beginning port end port if not defined and endport is */ + if (!$_POST['srcbeginport'] && $_POST['srcendport']) + $_POST['srcbeginport'] = $_POST['srcendport']; + if (!$_POST['dstbeginport'] && $_POST['dstendport']) + $_POST['dstbeginport'] = $_POST['dstendport']; + } else { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } + + if (is_specialnet($_POST['srctype'])) { + $_POST['src'] = $_POST['srctype']; + $_POST['srcmask'] = 0; + } else if ($_POST['srctype'] == "single") { + $_POST['srcmask'] = 32; + } + if (is_specialnet($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 0; + } else if ($_POST['dsttype'] == "single") { + $_POST['dstmask'] = 32; + } else if (is_ipaddr($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 32; + $_POST['dsttype'] = "single"; + } unset($input_errors); $pconfig = $_POST; /* input validation */ if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { - $reqdfields = explode(" ", "interface proto beginport endport localip localbeginport"); - $reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port"); + $reqdfields = explode(" ", "interface proto dstbeginport dstendport localip"); + $reqdfieldsn = explode(",", "Interface,Protocol,Destination port from,Destination port to,NAT IP"); } else { $reqdfields = explode(" ", "interface proto localip"); $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP"); } + if ($_POST['srctype'] == "single" || $_POST['srctype'] == "network") { + $reqdfields[] = "src"; + $reqdfieldsn[] = "Source address"; + } + if ($_POST['dsttype'] == "single" || $_POST['dsttype'] == "network") { + $reqdfields[] = "dst"; + $reqdfieldsn[] = "Destination address"; + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if (!$_POST['srcbeginport']) { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } + if (!$_POST['dstbeginport']) { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } + if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = "\"{$_POST['localip']}\" is not valid NAT IP address or host alias."; } - /* only validate the ports if the protocol is TCP, UDP or TCP/UDP */ - if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { + if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) + $input_errors[] = "{$_POST['srcbeginport']} is not a valid start source port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) + $input_errors[] = "{$_POST['srcendport']} is not a valid end source port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) + $input_errors[] = "{$_POST['dstbeginport']} is not a valid start destination port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) + $input_errors[] = "{$_POST['dstendport']} is not a valid end destination port. It must be a port alias or integer between 1 and 65535."; + + if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) { + $input_errors[] = "{$_POST['localbeginport']} is not a valid local port. It must be a port alias or integer between 1 and 65535."; + } - if ($_POST['beginport'] && !is_portoralias($_POST['beginport'])) { - $input_errors[] = "The start port must be an integer between 1 and 65535."; - } + /* if user enters an alias and selects "network" then disallow. */ + if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) ) + || ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) { + $input_errors[] = "You must specify single host or alias for alias entries."; + } - if ($_POST['endport'] && !is_portoralias($_POST['endport'])) { - $input_errors[] = "The end port must be an integer between 1 and 65535."; + if (!is_specialnet($_POST['srctype'])) { + if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) { + $input_errors[] = "{$_POST['src']} is not a valid source IP address or alias."; } - - if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) { - $input_errors[] = "The local port must be an integer between 1 and 65535."; + if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { + $input_errors[] = "A valid source bit count must be specified."; } - - if ($_POST['beginport'] > $_POST['endport']) { - /* swap */ - $tmp = $_POST['endport']; - $_POST['endport'] = $_POST['beginport']; - $_POST['beginport'] = $tmp; + } + if (!is_specialnet($_POST['dsttype'])) { + if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) { + $input_errors[] = "{$_POST['dst']} is not a valid destination IP address or alias."; } - - if (!$input_errors) { - if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535) - $input_errors[] = "The target port range must be an integer between 1 and 65535."; + if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { + $input_errors[] = "A valid destination bit count must be specified."; } + } + + if ($_POST['srcbeginport'] > $_POST['srcendport']) { + /* swap */ + $tmp = $_POST['srcendport']; + $_POST['srcendport'] = $_POST['srcbeginport']; + $_POST['srcbeginport'] = $tmp; + } + if ($_POST['dstbeginport'] > $_POST['dstendport']) { + /* swap */ + $tmp = $_POST['dstendport']; + $_POST['dstendport'] = $_POST['dstbeginport']; + $_POST['dstbeginport'] = $tmp; + } + if (!$input_errors) { + if (($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) + $input_errors[] = "The target port range must be an integer between 1 and 65535."; } /* check for overlaps */ @@ -157,40 +268,45 @@ if ($_POST) { continue; if ($natent['interface'] != $_POST['interface']) continue; - if ($natent['external-address'] != $_POST['extaddr']) + if ($natent['destination']['address'] != $_POST['dst']) continue; if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) continue; - list($begp,$endp) = explode("-", $natent['external-port']); + list($begp,$endp) = explode("-", $natent['destination']['port']); if (!$endp) $endp = $begp; if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { - $input_errors[] = "The external port range overlaps with an existing entry."; + $input_errors[] = "The destination port range overlaps with an existing entry."; break; } } if (!$input_errors) { $natent = array(); - if ($_POST['extaddr']) - $natent['external-address'] = $_POST['extaddr']; - $natent['protocol'] = $_POST['proto']; - if ($_POST['beginport'] == $_POST['endport']) - $natent['external-port'] = $_POST['beginport']; - else - $natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport']; + $natent['disabled'] = isset($_POST['disabled']) ? true:false; + $natent['nordr'] = isset($_POST['nordr']) ? true:false; + + pconfig_to_address($natent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); + + pconfig_to_address($natent['destination'], $_POST['dst'], + $_POST['dstmask'], $_POST['dstnot'], + $_POST['dstbeginport'], $_POST['dstendport']); + + $natent['protocol'] = $_POST['proto']; $natent['target'] = $_POST['localip']; $natent['local-port'] = $_POST['localbeginport']; $natent['interface'] = $_POST['interface']; $natent['descr'] = $_POST['descr']; $natent['associated-rule-id'] = $_POST['associated-rule-id']; - + if($_POST['filter-rule-association'] == "pass") $natent['associated-rule-id'] = "pass"; @@ -200,7 +316,7 @@ if ($_POST) { unset($natent['nosync']); // If we used to have an associated filter rule, but no-longer should have one - if ($a_nat[$id]>0 && empty($natent['associated-rule-id'])) { + if ($a_nat[$id]>0 && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { // Delete the previous rule delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']); mark_subsystem_dirty('filter'); @@ -241,13 +357,16 @@ if ($_POST) { if (!empty($natent['associated-rule-id'])) { $filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']); if ($filterentid == false) { - $filterent['source']['any'] = ""; + pconfig_to_address($filterent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); $filterent['associated-rule-id'] = $natent['associated-rule-id']; } else $filterent =& $config['filter']['rule'][$filterentid]; } else - // Create the default source entry for new filter entries - $filterent['source']['any'] = ""; + pconfig_to_address($filterent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); // Update interface, protocol and destination $filterent['interface'] = $_POST['interface']; @@ -255,7 +374,7 @@ if ($_POST) { $filterent['destination']['address'] = $_POST['localip']; $dstpfrom = $_POST['localbeginport']; - $dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport']; + $dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport']; if ($dstpfrom == $dstpto) $filterent['destination']['port'] = $dstpfrom; @@ -308,31 +427,47 @@ include("fbegin.inc"); ?> <form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic">Edit NAT entry</td> - </tr> - <tr> + <td colspan="2" valign="top" class="listtopic">Edit Redirect entry</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Disabled</td> + <td width="78%" class="vtable"> + <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> + <strong>Disable this rule</strong><br /> + <span class="vexpl">Set this option to disable this rule without removing it from the list.</span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">No RDR (NOT)</td> + <td width="78%" class="vtable"> + <input type="checkbox" name="nordr"<?php if($pconfig['nordr']) echo " CHECKED"; ?>> + <span class="vexpl">Enabling this option will disable redirection for traffic matching this rule. + <br>Hint: this option is rarely needed, don't use this unless you know what you're doing.</span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq">Interface</td> <td width="78%" class="vtable"> - <select name="interface" class="formselect"> + <select name="interface" class="formselect" onChange="dst_change(this.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>');typesel_change();"> <?php - + $iflist = get_configured_interface_with_descr(false, true); - foreach ($iflist as $if => $ifdesc) - if(have_ruleint_access($if)) + foreach ($iflist as $if => $ifdesc) + if(have_ruleint_access($if)) $interfaces[$if] = $ifdesc; - + if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - + if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) + if(have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE VPN"; - + /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) - if(have_ruleint_access("enc0")) - $interfaces["enc0"] = "IPsec"; + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> @@ -343,33 +478,6 @@ include("fbegin.inc"); ?> <span class="vexpl">Choose which interface this rule applies to.<br> Hint: in most cases, you'll want to use WAN here.</span></td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">External address</td> - <td width="78%" class="vtable"> - <select name="extaddr" class="formselect"> - <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option> -<?php if (is_array($config['virtualip']['vip'])): - foreach ($config['virtualip']['vip'] as $sn): - if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): - $baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); - for ($i = $sn['subnet_bits']; $i <= 32; $i++): - $baseip = $baseip + 1; - $snip = long2ip($baseip); - ?> - <option value="<?=$snip;?>" <?php if ($snip == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> - <?php endfor; - else: ?> - <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option> - <?php endif; ?> -<?php endforeach; - endif; ?> - <option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option> - </select> - <br /> - <span class="vexpl"> - If you want this rule to apply to another IP address than the IP address of the interface chosen above, - select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). Also note that if you are trying to redirect connections on the LAN select the "any" option.</span></td> - </tr> <tr> <td width="22%" valign="top" class="vncellreq">Protocol</td> <td width="78%" class="vtable"> @@ -381,55 +489,225 @@ include("fbegin.inc"); ?> this rule should match.<br> Hint: in most cases, you should specify <em>TCP</em> here.</span></td> </tr> + <tr id="showadvancedboxsrc" name="showadvancedboxsrc"> + <td width="22%" valign="top" class="vncellreq">Source</td> + <td width="78%" class="vtable"> + <input type="button" onClick="show_source()" value="Advanced"></input> - Show source address and port range</a> + </td> + </tr> + <tr style="display: none;" id="srctable" name="srctable"> + <td width="22%" valign="top" class="vncellreq">Source</td> + <td width="78%" class="vtable"> + <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <strong>not</strong> + <br /> + Use this option to invert the sense of the match. + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>Type: </td> + <td> + <select name="srctype" class="formselect" onChange="typesel_change()"> +<?php + $sel = is_specialnet($pconfig['src']); ?> + <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option> + <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option> + <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> + <?php if(have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>PPTP clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>>L2TP clients</option> + <?php endif; ?> +<?php + foreach ($ifdisp as $ifent => $ifdesc): ?> + <?php if(have_ruleint_access($ifent)): ?> + <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> subnet</option> + <option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>> + <?=$ifdesc?> address + </option> + <?php endif; ?> +<?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td>Address: </td> + <td> + <input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select name="srcmask" class="formselect" id="srcmask"> +<?php for ($i = 31; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + </td> + </tr> + <tr style="display:none" id="sprtable" name="sprtable"> + <td width="22%" valign="top" class="vncellreq">Source port range</td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>from: </td> + <td> + <select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> + <option value="">(other)</option> + <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> +<?php foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> + </td> + </tr> + <tr> + <td>to:</td> + <td> + <select name="srcendport" class="formselect" onchange="ext_change()"> + <option value="">(other)</option> + <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> +<?php foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> + </td> + </tr> + </table> + <br /> + <span class="vexpl">Specify the source port or port range for this rule. <b>This is almost never equal to the destination port range (and is usually "any")</b>. <br /> Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port</span><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Destination</td> + <td width="78%" class="vtable"> + <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <strong>not</strong> + <br /> + Use this option to invert the sense of the match. + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>Type: </td> + <td> + <select name="dsttype" class="formselect" onChange="typesel_change()"> +<?php + $sel = is_specialnet($pconfig['dst']); ?> + <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option> + <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option> + <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> + <?php if(have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>PPTP clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>>L2TP clients</option> + <?php endif; ?> + +<?php foreach ($ifdisp as $if => $ifdesc): ?> + <?php if(have_ruleint_access($if)): ?> + <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> subnet</option> + <option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>> + <?=$ifdesc;?> address + </option> + <?php endif; ?> +<?php endforeach; ?> + +<?php if (is_array($config['virtualip']['vip'])): + foreach ($config['virtualip']['vip'] as $sn): + if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): + $baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); + + for ($i = $sn['subnet_bits'] - 1; $i <= 32; $i++): + $snip = long2ip($baseip); +?> + <option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> + <?php $baseip = $baseip + 1; ?> +<?php endfor; + else: +?> + <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option> +<?php endif; + endforeach; + endif; +?> + </select> + </td> + </tr> + <tr> + <td>Address: </td> + <td> + <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + / + <select name="dstmask" class="formselect" id="dstmask"> +<?php + for ($i = 31; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + </td> + </tr> + <tr id="dprtr" name="dprtr"> + <td width="22%" valign="top" class="vncellreq">Destination port range </td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>from: </td> + <td> + <select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> + <option value="">(other)</option> +<?php $bfound = 0; + foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> + </td> + </tr> + <tr> + <td>to:</td> + <td> + <select name="dstendport" class="formselect" onchange="ext_change()"> + <option value="">(other)</option> +<?php $bfound = 0; + foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> + </td> + </tr> + </table> + <br /> + <span class="vexpl"> + Specify the port or port range for the destination of the packet for this mapping. + <br /> + Hint: you can leave the <em>'to'</em> field empty if you only want to map a single port + </span> + </td> + </tr> <tr> - <td width="22%" valign="top" class="vncellreq">External port - range </td> - <td width="78%" class="vtable"> - <table border="0" cellspacing="0" cellpadding="0"> - <tr> - <td>from: </td> - <td><select name="beginport" class="formselect" onChange="ext_rep_change(); ext_change(); check_for_aliases();"> - <option value="">(other)</option> - <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> - <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) { - echo "selected"; - $bfound = 1; - }?>> - <?=htmlspecialchars($wkportdesc);?> - </option> - <?php endforeach; ?> - </select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="beginport_cust" id="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td> - </tr> - <tr> - <td>to:</td> - <td><select name="endport" class="formselect" onChange="ext_change(); check_for_aliases();"> - <option value="">(other)</option> - <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> - <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) { - echo "selected"; - $bfound = 1; - }?>> - <?=htmlspecialchars($wkportdesc);?> - </option> - <?php endforeach; ?> - </select> <input onChange="check_for_aliases();" class="formfldalias" autocomplete='off' name="endport_cust" id="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td> - </tr> - </table> - <br> <span class="vexpl">Specify the port or port range on - the firewall's external address for this mapping.<br> - Hint: you can leave the <em>'to'</em> field empty if you only - want to map a single port</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">NAT IP</td> + <td width="22%" valign="top" class="vncellreq">Redirect target IP</td> <td width="78%" class="vtable"> <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> <br> <span class="vexpl">Enter the internal IP address of the server on which you want to map the ports.<br> e.g. <em>192.168.1.12</em></span></td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Local port</td> + <tr name="lprtr" id="lprtr"> + <td width="22%" valign="top" class="vncellreq">Redirect target port</td> <td width="78%" class="vtable"> <select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();"> <option value="">(other)</option> @@ -470,7 +748,7 @@ include("fbegin.inc"); ?> <select name="associated-rule-id"> <option value="">None</option> <option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " SELECTED"; ?>>Pass</option> - <?php + <?php $linkedrule = ""; if (is_array($config['filter']['rule'])) { $filter_id = 0; @@ -482,7 +760,7 @@ include("fbegin.inc"); ?> $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">View the filter rule</a><br/>"; } echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n"; - + } if ($filter_rule['interface'] == $pconfig['interface']) $filter_id++; @@ -526,6 +804,12 @@ include("fbegin.inc"); ?> <script language="JavaScript"> <!-- ext_change(); + dst_change(document.iform.interface.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>'); + typesel_change(); + proto_change(); + <?php if ($pconfig['srcnot'] || $pconfig['src'] != "any" || $pconfig['srcbeginport'] != "any" || $pconfig['srcendport'] != "any"): ?> + show_source(); + <?php endif; ?> //--> </script> <?php @@ -560,9 +844,13 @@ if($config['aliases']['alias'] <> "") var customarray=new Array(<?php echo $portaliases; ?>); var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray)); - var oTextbox2 = new AutoSuggestControl(document.getElementById("beginport_cust"), new StateSuggestions(customarray)); - var oTextbox3 = new AutoSuggestControl(document.getElementById("endport_cust"), new StateSuggestions(customarray)); - var oTextbox4 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray)); + var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray)); + var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray)); + var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray)); + var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray)); //--> </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 90ffe43..c4f21c1 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -134,8 +134,81 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $natent['destination']['any'] = true; $natent['natport'] = ""; $a_out[] = $natent; + + /* PPTP subnet */ + if($config['pptpd']['mode'] == "server") { + if (is_ipaddr($config['pptpd']['localip'])) { + if($config['pptpd']['pptp_subnet'] <> "") + $ossubnet = $config['pptpd']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['pptpd']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for PPTP server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* PPPoE subnet */ + if($config['pppoe']['mode'] == "server") { + if (is_ipaddr($config['pppoe']['localip'])) { + if($config['pppoe']['pppoe_subnet'] <> "") + $ossubnet = $config['pppoe']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['pppoe']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for PPPoE server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* L2TP subnet */ + if($config['l2tp']['mode'] == "server") { + if (is_ipaddr($config['l2tp']['localip'])) { + if($config['l2tp']['l2tp_subnet'] <> "") + $ossubnet = $config['l2tp']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['l2tp']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for L2TP server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* add openvpn interfaces */ + if($config['openvpn']['openvpn-server']) { + foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { + $natent = array(); + $natent['source']['network'] = $ovpnsrv['tunnel_network']; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for OpenVPN server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } } } + $savemsg = "Default rules for each interface have been created."; } break; diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 45db4ba..483aec1 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -169,18 +169,6 @@ if ($_POST) { $ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet']; } - if ($_POST['target']) { - /* check for clashes with 1:1 NAT (NAT Addresses is OK) */ - if (is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $natent) { - if (check_subnets_overlap($_POST['target'], 32, $natent['external'], $natent['subnet'])) { - $input_errors[] = "A 1:1 NAT mapping overlaps with the specified target IP address."; - break; - } - } - } - } - foreach ($a_out as $natent) { if (isset($id) && ($a_out[$id]) && ($a_out[$id] === $natent)) { continue; diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index af0fedb..0edba70 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -327,7 +327,7 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <table border="0" cellspacing="0" cellpadding="1"> <tr> <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules before this rule"></td> - <td><a href="interfaces.php#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + <td><a href="interfaces.php?if=<?=$if?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> </tr> <tr> <td align="center" valign="middle"></td> @@ -355,7 +355,7 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <table border="0" cellspacing="0" cellpadding="1"> <tr> <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules before this rule"></td> - <td><a href="interfaces.php#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + <td><a href="interfaces.php?if=<?=$if?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> </tr> <tr> <td align="center" valign="middle"></td> @@ -557,15 +557,10 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript else if ($filterent['sched']) { if ($iconfn == "block" || $iconfn == "reject") - { $image = "icon_block_d"; - $alttext = "Traffic matching this rule is currently being allowed"; - } else - { $image = "icon_block"; - $alttext = "Traffic matching this rule is currently being denied"; - } + $alttext = "This rule is not currently active because its period has expired"; $printicon = true; } } diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 236a23a..8bd7e49 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -672,7 +672,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq">Source</td> <td width="78%" class="vtable"> - <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <?php $edit_disabled=false; ?> + <?php if( isset($pconfig['associated-rule-id']) ): ?> + <span class="red"><strong>NOTE: </strong></span> This is associated to a NAT rule.<br /> + You cannot edit the source and destination of associated filter rules.<br /> + <br /> + <?php + $edit_disabled=true; + if (is_array($config['nat']['rule'])) { + foreach( $config['nat']['rule'] as $index => $nat_rule ) { + if( $nat_rule['associated-rule-id']==$pconfig['associated-rule-id']) { + echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a><br>"; + break; + } + } + } + ?> + <br /> + <script type="text/javascript"> + editenabled = 0; + </script> + <?php endif; ?> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> <strong>not</strong> <br /> Use this option to invert the sense of the match. @@ -682,7 +703,7 @@ include("head.inc"); <tr> <td>Type: </td> <td> - <select name="srctype" class="formselect" onChange="typesel_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srctype" class="formselect" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['src']); ?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option> @@ -712,8 +733,8 @@ include("head.inc"); <tr> <td>Address: </td> <td> - <input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / - <select name="srcmask" class="formselect" id="srcmask"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcmask" class="formselect" id="srcmask"> <?php for ($i = 31; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> <?php endfor; ?> @@ -723,7 +744,7 @@ include("head.inc"); </table> <div id="showadvancedboxspr"> <p> - <input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a> </div> </td> </tr> @@ -734,27 +755,27 @@ include("head.inc"); <tr> <td>from: </td> <td> - <select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> </td> </tr> <tr> <td>to:</td> <td> - <select name="srcendport" class="formselect" onchange="ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> </td> </tr> </table> @@ -765,27 +786,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq">Destination</td> <td width="78%" class="vtable"> - <?php $dst_disabled=false; ?> - <?php if( isset($pconfig['associated-rule-id']) ): ?> - <span class="red"><strong>NOTE: </strong></span> This is associated to a NAT rule.<br /> - You cannot edit the destination of associated filter rules.<br /> - <br /> - <?php - if (is_array($config['nat']['rule'])) { - foreach( $config['nat']['rule'] as $index => $nat_rule ) { - if( $nat_rule['assocaited-rule-id']==$pconfig['associated-rule-id']) - echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a>\n"; - break; - } - } - ?> - <br /> - <?php $dst_disabled=true; ?> - <script type="text/javascript"> - dstenabled = 0; - </script> - <?php endif; ?> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> <strong>not</strong> <br /> Use this option to invert the sense of the match. @@ -795,7 +796,7 @@ include("head.inc"); <tr> <td>Type: </td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dsttype" class="formselect" onChange="typesel_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dsttype" class="formselect" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['dst']); ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option> @@ -825,9 +826,9 @@ include("head.inc"); <tr> <td>Address: </td> <td> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstmask" class="formselect" id="dstmask"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstmask" class="formselect" id="dstmask"> <?php for ($i = 31; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> @@ -845,27 +846,27 @@ include("head.inc"); <tr> <td>from: </td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> </td> </tr> <tr> <td>to:</td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstendport" class="formselect" onchange="ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> </td> </tr> </table> diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 2a01c91..873f422 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -94,8 +94,8 @@ if ($_GET['act'] == "del") { /* make sure no inbound NAT mappings reference this entry */ if (is_array($config['nat']['rule'])) { foreach ($config['nat']['rule'] as $rule) { - if($rule['external-address'] <> "") { - if ($rule['external-address'] == $a_vip[$_GET['id']]['subnet']) { + if($rule['destination']['address'] <> "") { + if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) { $input_errors[] = "This entry cannot be deleted because it is still referenced by at least one NAT mapping."; break; } diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 4b99f3f..415ced4 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -127,16 +127,6 @@ if ($_POST) { } } - /* check for overlaps with 1:1 NAT */ - if (is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $natent) { - if (check_subnets_overlap($_POST['subnet'], 32, $natent['external'], $natent['subnet'])) { - $input_errors[] = "A 1:1 NAT mapping overlaps with the specified IP address."; - break; - } - } - } - /* make sure new ip is within the subnet of a valid ip * on one of our interfaces (wan, lan optX) */ @@ -216,8 +206,8 @@ if ($_POST) { interface_vip_bring_down($a_vip[$id]); /* modify all virtual IP rules with this address */ for ($i = 0; isset($config['nat']['rule'][$i]); $i++) { - if ($config['nat']['rule'][$i]['external-address'] == $a_vip[$id]['subnet']) - $config['nat']['rule'][$i]['external-address'] = $vipent['subnet']; + if ($config['nat']['rule'][$i]['destination']['address'] == $a_vip[$id]['subnet']) + $config['nat']['rule'][$i]['destination']['address'] = $vipent['subnet']; } $a_vip[$id] = $vipent; } else @@ -226,7 +216,7 @@ if ($_POST) { mark_subsystem_dirty('vip'); write_config(); - if (!$id) + if (!isset($id)) $id = count($a_vip) - 1; header("Location: firewall_virtual_ip.php?changes=mods&id={$id}"); exit; diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index cb6466f..2164233 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -213,6 +213,7 @@ if (isset($wancfg['wireless'])) { interface_wireless_clone($wlanif, $wancfg); $wlanbaseif = interface_get_wireless_base($wancfg['if']); $wl_modes = get_wireless_modes($if); + $wl_chaninfo = get_wireless_channel_info($if); $wl_regdomain_xml_attr = array(); $wl_regdomain_xml = parse_xml_regdomain($wl_regdomain_xml_attr); $wl_regdomains = &$wl_regdomain_xml['regulatory-domains']['rd']; @@ -1011,7 +1012,7 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" if($gateway['interface'] == $if) { ?> <option value="<?=$gateway['name'];?>" <?php if ($gateway['name'] == $pconfig['gateway']) echo "selected"; ?>> - <?=htmlspecialchars($gateway['name']);?> + <?=htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']);?> </option> <?php } @@ -1339,12 +1340,17 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" if ($pconfig['channel'] == "$wl_channel") { echo "selected "; } - echo "value=\"$wl_channel\">$wl_standard - $wl_channel</option>\n"; + echo "value=\"$wl_channel\">$wl_standard - $wl_channel"; + if(isset($wl_chaninfo[$wl_channel])) + echo " ({$wl_chaninfo[$wl_channel][1]} @ {$wl_chaninfo[$wl_channel][2]} / {$wl_chaninfo[$wl_channel][3]})"; + echo "</option>\n"; } } ?> </select> <br/> + Legend: wireless standards - channel # (frequency @ max TX power / TX power allowed in reg. domain) + <br/> Note: Not all channels may be supported by your card. Auto may override the wireless standard selected above. </td> </tr> @@ -1373,6 +1379,8 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" } ?> </select> + <br/> + Note: Some cards have a default that is not recognized and require changing the regulatory domain to one in this list for the changes to other regulatory settings to work. <br/><br/> Country (listed with country code and regulatory domain)<br/> <select name="regcountry" class="formselect" id="regcountry"> diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index fbba05b..ed80d46 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -260,6 +260,7 @@ if ($_GET['act'] == "del") { $input_errors[] = "The interface is part of a gif tunnel. Please delete the tunnel to continue"; else { unset($config['interfaces'][$id]['enable']); + $realid = get_real_interface($id); interface_bring_down($id); /* down the interface */ unset($config['interfaces'][$id]); /* delete the specified OPTn or LAN*/ @@ -311,7 +312,7 @@ if ($_GET['act'] == "del") { unset($config['dhcpd']['wan']); } - link_interface_to_vlans($id, "update"); + link_interface_to_vlans($realid, "update"); $savemsg = "Interface has been deleted."; } diff --git a/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js b/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js index a2dff4c..9f21c2b 100644 --- a/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js +++ b/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js @@ -1,28 +1,65 @@ <!-- +var portsenabled = 1; +var dstenabled = 1; +var showsource = 0; + function ext_change() { - if (document.iform.beginport.selectedIndex == 0) { - document.iform.beginport_cust.disabled = 0; + if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) { + document.iform.srcbeginport_cust.disabled = 0; + } else { + document.iform.srcbeginport_cust.value = ""; + document.iform.srcbeginport_cust.disabled = 1; + } + if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) { + document.iform.srcendport_cust.disabled = 0; + } else { + document.iform.srcendport_cust.value = ""; + document.iform.srcendport_cust.disabled = 1; + } + if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && dstenabled) { + document.iform.dstbeginport_cust.disabled = 0; } else { - document.iform.beginport_cust.value = ""; - document.iform.beginport_cust.disabled = 1; + document.iform.dstbeginport_cust.value = ""; + document.iform.dstbeginport_cust.disabled = 1; } - if (document.iform.endport.selectedIndex == 0) { - document.iform.endport_cust.disabled = 0; + if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && dstenabled) { + document.iform.dstendport_cust.disabled = 0; } else { - document.iform.endport_cust.value = ""; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.value = ""; + document.iform.dstendport_cust.disabled = 1; } - if (document.iform.localbeginport.selectedIndex == 0) { + + if ((document.iform.localbeginport.selectedIndex == 0) && portsenabled) { document.iform.localbeginport_cust.disabled = 0; } else { document.iform.localbeginport_cust.value = ""; document.iform.localbeginport_cust.disabled = 1; } + + if (!portsenabled) { + document.iform.srcbeginport.disabled = 1; + document.iform.srcendport.disabled = 1; + document.iform.dstbeginport.disabled = 1; + document.iform.dstendport.disabled = 1; + document.iform.localbeginport_cust.disabled = 1; + } else { + document.iform.srcbeginport.disabled = 0; + document.iform.srcendport.disabled = 0; + document.iform.localbeginport_cust.disabled = 0; + if( dstenabled ) { + document.iform.dstbeginport.disabled = 0; + document.iform.dstendport.disabled = 0; + } + } } -function ext_rep_change() { - document.iform.endport.selectedIndex = document.iform.beginport.selectedIndex; - document.iform.localbeginport.selectedIndex = document.iform.beginport.selectedIndex; +function show_source() { + if(portsenabled) + document.getElementById("sprtable").style.display = ''; + + document.getElementById("srctable").style.display = ''; + document.getElementById("showadvancedboxsrc").style.display = 'none'; + showsource = 1; } function check_for_aliases() { @@ -30,64 +67,119 @@ function check_for_aliases() { * entry of Local port */ for(i=0; i<customarray.length; i++) { - if(document.iform.beginport_cust.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstbeginport_cust.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.beginport.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstbeginport.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.endport_cust.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstendport_cust.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.endport.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstendport.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } + } } function proto_change() { - if(document.iform.proto.selectedIndex > 2) { - document.iform.beginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 1; - document.iform.beginport.disabled = 1; - document.iform.endport.disabled = 1; - document.iform.localbeginport_cust.disabled = 1; - document.iform.localbeginport.disabled = 1; + if (document.iform.proto.selectedIndex < 3) { + portsenabled = 1; } else { - document.iform.beginport_cust.disabled = 0; - document.iform.endport_cust.disabled = 0; - document.iform.beginport.disabled = 0; - document.iform.endport.disabled = 0; - document.iform.localbeginport_cust.disabled = 0; - document.iform.localbeginport.disabled = 0; + portsenabled = 0; + } + + if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { + document.getElementById("sprtable").style.display = showsource == 1 ? '':'none'; + document.getElementById("dprtr").style.display = ''; + document.getElementById("lprtr").style.display = ''; + } else { + document.getElementById("sprtable").style.display = 'none'; + document.getElementById("dprtr").style.display = 'none'; + document.getElementById("lprtr").style.display = 'none'; + } +} + +function typesel_change() { + switch (document.iform.srctype.selectedIndex) { + case 1: /* single */ + document.iform.src.disabled = 0; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + case 2: /* network */ + document.iform.src.disabled = 0; + document.iform.srcmask.disabled = 0; + break; + default: + document.iform.src.value = ""; + document.iform.src.disabled = 1; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + } + if( dstenabled ) + { + switch (document.iform.dsttype.selectedIndex) { + case 1: /* single */ + document.iform.dst.disabled = 0; + document.iform.dstmask.value = ""; + document.iform.dstmask.disabled = 1; + break; + case 2: /* network */ + document.iform.dst.disabled = 0; + document.iform.dstmask.disabled = 0; + break; + default: + document.iform.dst.value = ""; + document.iform.dst.disabled = 1; + document.iform.dstmask.value = ""; + document.iform.dstmask.disabled = 1; + break; + } + } +} + +function src_rep_change() { + document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex; +} + +function dst_rep_change() { + document.iform.dstendport.selectedIndex = document.iform.dstbeginport.selectedIndex; +} + +function dst_change( iface, old_iface, old_dst ) { + if ( ( old_dst == "" ) || ( old_iface.concat("ip") == old_dst ) ) { + document.iform.dsttype.value = iface.concat("ip"); } } //--> diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js index 75bcb62..1b7f33a 100644 --- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js +++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js @@ -1,6 +1,6 @@ <!-- var portsenabled = 1; -var dstenabled = 1; +var editenabled = 1; function ext_change() { if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) { @@ -15,13 +15,13 @@ function ext_change() { document.iform.srcendport_cust.value = ""; document.iform.srcendport_cust.disabled = 1; } - if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && dstenabled) { + if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && editenabled) { document.iform.dstbeginport_cust.disabled = 0; } else { document.iform.dstbeginport_cust.value = ""; document.iform.dstbeginport_cust.disabled = 1; } - if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && dstenabled) { + if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && editenabled) { document.iform.dstendport_cust.disabled = 0; } else { document.iform.dstendport_cust.value = ""; @@ -36,7 +36,7 @@ function ext_change() { } else { document.iform.srcbeginport.disabled = 0; document.iform.srcendport.disabled = 0; - if( dstenabled ) { + if( editenabled ) { document.iform.dstbeginport.disabled = 0; document.iform.dstendport.disabled = 0; } @@ -49,25 +49,24 @@ function show_source_port_range() { } function typesel_change() { - switch (document.iform.srctype.selectedIndex) { - case 1: /* single */ - document.iform.src.disabled = 0; - document.iform.srcmask.value = ""; - document.iform.srcmask.disabled = 1; - break; - case 2: /* network */ - document.iform.src.disabled = 0; - document.iform.srcmask.disabled = 0; - break; - default: - document.iform.src.value = ""; - document.iform.src.disabled = 1; - document.iform.srcmask.value = ""; - document.iform.srcmask.disabled = 1; - break; - } - if( dstenabled ) - { + if( editenabled ) { + switch (document.iform.srctype.selectedIndex) { + case 1: /* single */ + document.iform.src.disabled = 0; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + case 2: /* network */ + document.iform.src.disabled = 0; + document.iform.srcmask.disabled = 0; + break; + default: + document.iform.src.value = ""; + document.iform.src.disabled = 1; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + } switch (document.iform.dsttype.selectedIndex) { case 1: /* single */ document.iform.dst.disabled = 0; @@ -118,7 +117,9 @@ function proto_change() { if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { document.getElementById("dprtr").style.display = ''; - document.getElementById("showadvancedboxspr").innerHTML='<p><input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>'; + if (editenabled) { + document.getElementById("showadvancedboxspr").innerHTML='<p><input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>'; + } } else { document.getElementById("sprtable").style.display = 'none'; document.getElementById("dprtr").style.display = 'none'; diff --git a/usr/local/www/javascript/row_helper.js b/usr/local/www/javascript/row_helper.js index 8193043..476602b 100755 --- a/usr/local/www/javascript/row_helper.js +++ b/usr/local/www/javascript/row_helper.js @@ -28,6 +28,8 @@ var addRowTo = (function() { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input size='" + rowsize[i] + "' class='formfld unknown' name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'></input> "; } else if(rowtype[i] == 'select') { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select size='1' name='" + rowname[i] + totalrows + "'><option value=\"32\" selected>32</option><option value=\"31\" >31</option><option value=\"30\" >30</option><option value=\"29\" >29</option><option value=\"28\" >28</option><option value=\"27\" >27</option><option value=\"26\" >26</option><option value=\"25\" >25</option><option value=\"24\" >24</option><option value=\"23\" >23</option><option value=\"22\" >22</option><option value=\"21\" >21</option><option value=\"20\" >20</option><option value=\"19\" >19</option><option value=\"18\" >18</option><option value=\"17\" >17</option><option value=\"16\" >16</option><option value=\"15\" >15</option><option value=\"14\" >14</option><option value=\"13\" >13</option><option value=\"12\" >12</option><option value=\"11\" >11</option><option value=\"10\" >10</option><option value=\"9\" >9</option><option value=\"8\" >8</option><option value=\"7\" >7</option><option value=\"6\" >6</option><option value=\"5\" >5</option><option value=\"4\" >4</option><option value=\"3\" >3</option><option value=\"2\" >2</option><option value=\"1\" >1</option></select> "; + } else if(rowtype[i] == 'select_source') { + td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select size='1' name='" + rowname[i] + totalrows + "'><option value=\"32\" selected>32</option><option value=\"31\" >31</option><option value=\"30\" >30</option><option value=\"29\" >29</option><option value=\"28\" >28</option><option value=\"27\" >27</option><option value=\"26\" >26</option><option value=\"25\" >25</option><option value=\"24\" >24</option><option value=\"23\" >23</option><option value=\"22\" >22</option><option value=\"21\" >21</option><option value=\"20\" >20</option><option value=\"19\" >19</option><option value=\"18\" >18</option><option value=\"17\" >17</option><option value=\"16\" >16</option><option value=\"15\" >15</option><option value=\"14\" >14</option><option value=\"13\" >13</option><option value=\"12\" >12</option><option value=\"11\" >11</option><option value=\"10\" >10</option><option value=\"9\" >9</option><option value=\"8\" >8</option><option value=\"7\" >7</option><option value=\"6\" >6</option><option value=\"5\" >5</option><option value=\"4\" >4</option><option value=\"3\" >3</option><option value=\"2\" >2</option><option value=\"1\" >1</option></select> "; } else { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input type='checkbox' name='" + rowname[i] + totalrows + "'></input> "; } diff --git a/usr/local/www/javascript/row_helper_dynamic.js b/usr/local/www/javascript/row_helper_dynamic.js index 778f182..032874c 100755 --- a/usr/local/www/javascript/row_helper_dynamic.js +++ b/usr/local/www/javascript/row_helper_dynamic.js @@ -31,6 +31,8 @@ var addRowTo = (function() { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input size='" + objectSize + "' name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'></input> "; } else if(rowtype[i] == 'select') { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'>" + newrow[i] + "</select> "; + } else if(rowtype[i] == 'select_source') { + td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'>" + newrow[i] + "</select> "; } else if(rowtype[i] == 'checkbox') { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input type='checkbox'name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'></input> "; } else if(rowtype[i] == 'input') { diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 9aeabb9..24651d4 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -2,7 +2,7 @@ /* $Id$ */ /* pkg.php - Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 6c2fbde..65e1e41 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -2,7 +2,7 @@ /* $Id$ */ /* pkg_edit.php - Copyright (C) 2004 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -440,6 +440,40 @@ if ($pkg['tabs'] <> "") { } print("</select>\n<br />\n" . fixup_string($pkga['description']) . "\n"); + } else if($pkga['type'] == "select_source") { + $fieldname = $pkga['fieldname']; + if (isset($pkga['multiple'])) { + $multiple = 'multiple="multiple"'; + $items = explode(',', $value); + $fieldname .= "[]"; + } + else { + $multiple = ''; + $items = array($value); + } + $size = (isset($pkga['size']) ? "size=\"{$pkga['size']}\"" : ''); + $onchange = (isset($pkga['onchange']) ? "onchange=\"{$pkga['onchange']}\"" : ''); + + print("<select id='" . $pkga['fieldname'] . "' $multiple $size $onchange id=\"$fieldname\" name=\"$fieldname\">\n"); + $source_url = $pkga['source']; + eval("\$pkg_source_txt = &$source_url;"); + foreach ($pkg_source_txt as $opt) { + $selected = ''; + if($pkga['source_name']) { + $source_name = $opt[$pkga['source_name']]; + } else { + $source_name = $opt[$pkga['name']]; + } + if($pkga['source_value']) { + $source_value = $opt[$pkga['source_value']]; + } else { + $source_value = $opt[$pkga['value']]; + } + if (in_array($opt['value'], $items)) $selected = 'selected="selected"'; + print("\t<option name=\"{$source_name}\" value=\"{$source_value}\" $selected>{$source_name}</option>\n"); + } + + print("</select>\n<br />\n" . fixup_string($pkga['description']) . "\n"); } else if($pkga['type'] == "vpn_selection") { echo "<select id='" . $pkga['fieldname'] . "' name='" . $vpn['name'] . "'>\n"; foreach ($config['ipsec']['phase1'] as $vpn) { @@ -656,7 +690,7 @@ if($pkg['note'] != "") * ROW Helpers function */ function display_row($trc, $value, $fieldname, $type, $rowhelper, $size) { - global $text; + global $text, $config; echo "<td>\n"; if($type == "input") { echo "<input size='" . $size . "' name='" . $fieldname . $trc . "' id='" . $fieldname . $trc . "' value='" . $value . "'>\n"; @@ -678,6 +712,28 @@ function display_row($trc, $value, $fieldname, $type, $rowhelper, $size) { echo "<option value='" . $rowopt['value'] . "'" . $selected . ">" . $rowopt['name'] . "</option>\n"; } echo "</select>\n"; + } else if($type == "select_source") { + echo "<select id='" . $fieldname . $trc . "' name='" . $fieldname . $trc . "'>\n"; + $source_url = $rowhelper['source']; + eval("\$pkg_source_txt = &$source_url;"); + foreach($pkg_source_txt as $opt) { + $selected = ""; + if($rowhelper['source_name']) { + $source_name = $opt[$rowhelper['source_name']]; + } else { + $source_name = $opt[$rowhelper['name']]; + } + if($rowhelper['source_value']) { + $source_value = $opt[$rowhelper['source_value']]; + } else { + $source_value = $opt[$rowhelper['value']]; + } + if($source_value == $value) + $selected = " SELECTED"; + $text .= "<option value='" . $source_value . "'" . $selected . ">" . $source_name . "</option>"; + echo "<option value='" . $source_value . "'" . $selected . ">" . $source_name . "</option>\n"; + } + echo "</select>\n"; } } @@ -795,4 +851,4 @@ function parse_package_templates() { } } -?> +?>
\ No newline at end of file diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index a0933ed..42ac121 100755 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -2,7 +2,7 @@ /* $Id$ */ /* pkg_mgr.php - Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 36985d9..c22cc8a 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -3,7 +3,8 @@ /* pkg_mgr_install.php part of pfSense (http://www.pfSense.com) - Copyright (C) 2005 Scott Ullrich and Colin Smith + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2005 Colin Smith All rights reserved. Redistribution and use in source and binary forms, with or without @@ -227,4 +228,4 @@ if($fd_log) /* read only fs */ conf_mount_ro(); -?> +?>
\ No newline at end of file diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index 2cc95f5..703cb2f 100755 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -2,7 +2,7 @@ /* $Id$ */ /* pkg_mgr.php - Copyright (C) 2004 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/pkg_mgr_settings.php b/usr/local/www/pkg_mgr_settings.php index 2aa0f28..56e4e6d 100644 --- a/usr/local/www/pkg_mgr_settings.php +++ b/usr/local/www/pkg_mgr_settings.php @@ -4,7 +4,7 @@ pkg_mgr_settings.php part of pfSense Copyright (C) 2009 Jim Pingle <jimp@pfsense.org> - Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2005 Colin Smith Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 99a943f..8f8262c 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -292,7 +292,7 @@ function enable_change(enable_change) { <strong>Enable captive portal </strong></td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq">Interface</td> + <td width="22%" valign="top" class="vncellreq">Interfaces</td> <td width="78%" class="vtable"> <select name="cinterface[]" multiple="true" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface"> <?php @@ -303,7 +303,7 @@ function enable_change(enable_change) { </option> <?php endforeach; ?> </select> <br> - <span class="vexpl">Choose which interface(s) to run the captive portal on.</span></td> + <span class="vexpl">Select the interface(s) to enable for captive portal.</span></td> </tr> <tr> <td valign="top" class="vncell">Maximum concurrent connections</td> @@ -364,12 +364,12 @@ to access after they've authenticated.</td> If this is enabled, RADIUS MAC authentication cannot be used.</td> </tr> <tr> - <td valign="top" class="vncell">MAC passthrough</td> + <td valign="top" class="vncell">Pass-through MAC Auto Entry</td> <td class="vtable"> <input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked"; ?>> - <strong>MAC passthrough authentication</strong><br> - If this option is set, after a user is authenticated a mac passthrough entry will be added. - To remove the passthrough MAC entry you either have to log in and remove it manually from the MAC passthrough tab or send a POST to remove it from some other system. + <strong>Enable Pass-through MAC automatic additions</strong><br> + If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again. + To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it. If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.</td> </tr> <tr> @@ -530,7 +530,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> } ?></select><br> If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and - the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td> + the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td> </tr> </table> </tr> @@ -585,7 +585,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> Paste an RSA private key in PEM format here.</td> </tr> <tr> - <td valign="top" class="vncell">HTTPS intermmediate certificate</td> + <td valign="top" class="vncell">HTTPS intermediate certificate</td> <td class="vtable"> <textarea name="cacert" cols="65" rows="7" id="cacert" class="formpre"><?=htmlspecialchars($pconfig['cacert']);?></textarea> <br> diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 1da30a1..fb8711b 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -102,15 +102,9 @@ include("head.inc"); </td> </tr> <?php $i = 0; foreach ($a_allowedips as $ip): ?> - <tr> + <tr ondblclick="document.location='services_captiveportal_ip_edit.php?id=<?=$i;?>'"> <td class="listlr"> - <?php if($ip['dir'] == "to") - echo "any <img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\">"; - ?> <?=strtolower($ip['ip']);?> - <?php if($ip['dir'] == "from") - echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> any"; - ?> </td> <td class="listbg"> <?=htmlspecialchars($ip['descr']);?> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 977ba9f..45c4e2f 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -78,8 +78,8 @@ if ($_POST) { $pconfig = $_POST; /* input validation */ - $reqdfields = explode(" ", "ip dir"); - $reqdfieldsn = explode(",", "Allowed IP address,Direction"); + $reqdfields = explode(" ", "ip"); + $reqdfieldsn = explode(",", "Allowed IP address"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); @@ -95,7 +95,7 @@ if ($_POST) { if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent)) continue; - if (($ipent['dir'] == $_POST['dir']) && ($ipent['ip'] == $_POST['ip'])){ + if ($ipent['ip'] == $_POST['ip']){ $input_errors[] = "[" . $_POST['ip'] . "] already allowed." ; break ; } @@ -123,12 +123,12 @@ if ($_POST) { $ruleno = captiveportal_get_next_ipfw_ruleno(); if (!empty($ip['bw_up'])) { $pipeno = $ruleno + 20000; - mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100") + mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100"); $bwup = "pipe {$pipeno}"; } if (!empty($ip['bw_down'])) { $pipeno = $ruleno + 20001; - mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100") + mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100"); $bwdown = "pipe {$pipeno}"; } mwexec("/sbin/ipfw table 1 add {$ip['ip']} {$bwup}"); @@ -148,24 +148,6 @@ include("head.inc"); <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> -<?php if (false): ?> - <tr> - <td width="22%" valign="top" class="vncellreq">Direction</td> - <td width="78%" class="vtable"> - <select name="dir" class="formselect"> - <?php - $dirs = explode(" ", "From To") ; - foreach ($dirs as $dir): ?> - <option value="<?=strtolower($dir);?>" <?php if (strtolower($dir) == strtolower($pconfig['dir'])) echo "selected";?> > - <?=htmlspecialchars($dir);?> - </option> - <?php endforeach; ?> - </select> - <br> - <span class="vexpl">Use <em>From</em> to always allow an IP address through the captive portal (without authentication). - Use <em>To</em> to allow access from all clients (even non-authenticated ones) behind the portal to this IP address.</span></td> - </tr> -<?php endif; ?> <tr> <td width="22%" valign="top" class="vncellreq">IP address</td> <td width="78%" class="vtable"> @@ -184,13 +166,13 @@ include("head.inc"); <td width="22%" valign="top" class="vncell">Bandwidth up</td> <td width="78%" class="vtable"> <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>"> - <br> <span class="vexpl">Enter a upload limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a upload limit to be enforced on this IP address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top" class="vncell">Bandwidth down</td> <td width="78%" class="vtable"> <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>"> - <br> <span class="vexpl">Enter a download limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a download limit to be enforced on this IP address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 88ba019..dd5fdfe 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -132,7 +132,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_passthrumacs as $mac): ?> - <tr> + <tr ondblclick="document.location='services_captiveportal_mac_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=strtolower($mac['mac']);?> </td> @@ -151,7 +151,7 @@ include("head.inc"); <td colspan="2" class="list"><span class="vexpl"><span class="red"><strong> Note:<br> </strong></span> - Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.</span></td> + Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.</span></td> <td class="list"> </td> </tr> </table> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index 70049cd..89e2757 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -151,13 +151,13 @@ include("head.inc"); <td width="22%" valign="top" class="vncell">Bandwidth up</td> <td width="78%" class="vtable"> <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>"> - <br> <span class="vexpl">Enter a upload limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a upload limit to be enforced on this MAC address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top" class="vncell">Bandwidth down</td> <td width="78%" class="vtable"> <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>"> - <br> <span class="vexpl">Enter a download limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a download limit to be enforced on this MAC address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php index 2ef71ce..ff2f0ad 100644 --- a/usr/local/www/status_openvpn.php +++ b/usr/local/www/status_openvpn.php @@ -45,7 +45,7 @@ $pgtitle = array("Status", "OpenVPN"); require("guiconfig.inc"); -require_once("vpn.inc"); +require_once("openvpn.inc"); /* Handle AJAX */ if($_GET['action']) { @@ -88,163 +88,9 @@ function kill_client($port, $remipp) { return $killed; } -$servers = array(); -$clients = array(); - -if (is_array($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as & $settings) { - - $prot = $settings['protocol']; - $port = $settings['local_port']; - - $server = array(); - $server['port'] = $settings['local_port']; - if ($settings['description']) - $server['name'] = "{$settings['description']} {$prot}:{$port}"; - else - $server['name'] = "Server {$prot}:{$port}"; - $server['conns'] = array(); - - $tcpsrv = "tcp://127.0.0.1:{$port}"; - $errval; - $errstr; - - /* open a tcp connection to the management port of each server */ - $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); - if ($fp) { - - /* send our status request */ - fputs($fp, "status 2\n"); - - /* recv all response lines */ - while (!feof($fp)) { - - /* read the next line */ - $line = fgets($fp, 1024); - - /* parse header list line */ - if (strstr($line, "HEADER")) - continue; - - /* parse end of output line */ - if (strstr($line, "END")) - break; - - /* parse client list line */ - if (strstr($line, "CLIENT_LIST")) { - $list = explode(",", $line); - $conn = array(); - $conn['common_name'] = $list[1]; - $conn['remote_host'] = $list[2]; - $conn['virtual_addr'] = $list[3]; - $conn['bytes_recv'] = $list[4]; - $conn['bytes_sent'] = $list[5]; - $conn['connect_time'] = $list[6]; - $server['conns'][] = $conn; - } - } - - /* cleanup */ - fclose($fp); - } else { - $conn = array(); - $conn['common_name'] = "[error]"; - $conn['remote_host'] = "Management Daemon Unreachable"; - $conn['virtual_addr'] = ""; - $conn['bytes_recv'] = 0; - $conn['bytes_sent'] = 0; - $conn['connect_time'] = 0; - $server['conns'][] = $conn; - } - - $servers[] = $server; - } -} - - -if (is_array($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as & $settings) { - - $prot = $settings['protocol']; - $port = $settings['local_port']; - - $client = array(); - $client['port'] = $settings['local_port']; - if ($settings['description']) - $client['name'] = "{$settings['description']} {$prot}:{$port}"; - else - $client['name'] = "Client {$prot}:{$port}"; - - $tcpcli = "tcp://127.0.0.1:{$port}"; - $errval; - $errstr; - - $client['status']="down"; - - /* open a tcp connection to the management port of each cli */ - $fp = @stream_socket_client($tcpcli, $errval, $errstr, 1); - if ($fp) { +$servers = openvpn_get_active_servers(); +$clients = openvpn_get_active_clients(); - /* send our status request */ - fputs($fp, "state 1\n"); - - /* recv all response lines */ - while (!feof($fp)) { - /* read the next line */ - $line = fgets($fp, 1024); - - /* Get the client state */ - if (strstr($line,"CONNECTED")) { - $client['status']="up"; - $list = explode(",", $line); - - $client['connect_time'] = date("D M j G:i:s Y", $list[0]); - $client['virtual_addr'] = $list[3]; - $client['remote_host'] = $list[4]; - } - /* parse end of output line */ - if (strstr($line, "END")) - break; - } - - /* If up, get read/write stats */ - if (strcmp($client['status'], "up") == 0) { - fputs($fp, "status 2\n"); - /* recv all response lines */ - while (!feof($fp)) { - /* read the next line */ - $line = fgets($fp, 1024); - - if (strstr($line,"TCP/UDP read bytes")) { - $list = explode(",", $line); - $client['bytes_recv'] = $list[1]; - } - - if (strstr($line,"TCP/UDP write bytes")) { - $list = explode(",", $line); - $client['bytes_sent'] = $list[1]; - } - - /* parse end of output line */ - if (strstr($line, "END")) - break; - } - } - - fclose($fp); - - } else { - $DisplayNote=true; - $client['remote_host'] = "No Management Daemon"; - $client['virtual_addr'] = "See Note Below"; - $client['bytes_recv'] = 0; - $client['bytes_sent'] = 0; - $client['connect_time'] = 0; - } - - $clients[] = $client; - } -} include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>"> diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 7a3cd93..e3d2e1e 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -59,6 +59,7 @@ $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; $pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout']; $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); $pconfig['disablescrub'] = isset($config['system']['disablescrub']); +$pconfig['tftpinterface'] = $config['system']['tftpinterface']; if ($_POST) { @@ -239,7 +240,7 @@ function update_description(itemnum) { <option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>>conservative</option> </select> <br/> - <textarea cols="60" rows="1" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea> + <textarea readonly="yes" cols="60" rows="1" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea> <script language="javascript" type="text/javascript"> update_description(document.forms[0].optimization.selectedIndex); </script> @@ -321,7 +322,7 @@ function update_description(itemnum) { <option value="<?=$ifent;?>" <?php if (stristr($pconfig['tftpinterface'], $ifent)) echo "selected"; ?>><?=gettext($ifdesc);?></option> <?php endforeach; ?> </select> - <strong>Choose the interfaces where you want TFTP proxy help to be enabled.</strong> + <strong>Choose the interfaces where you want TFTP proxy helper to be enabled.</strong> </td> </tr> <tr> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index a91e30f..ca47289 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -345,6 +345,21 @@ function radius_srvcschange(){ } function select_clicked() { + if (document.getElementById("ldap_port").value == '' || + document.getElementById("ldap_host").value == '' || + document.getElementById("ldap_scope").value == '' || + document.getElementById("ldap_basedn").value == '' || + document.getElementById("ldapauthcontainers").value == '') { + alert("Please fill the required values."); + return; + } + if (!document.getElementById("ldap_anon").checked) { + if (document.getElementById("ldap_binddn").value == '' || + document.getElementById("ldap_bindpw").value == '') { + alert("Please fill the bind username/password."); + return; + } + } var url = 'system_usermanager_settings_ldapacpicker.php?'; url += 'port=' + document.getElementById("ldap_port").value; url += '&host=' + document.getElementById("ldap_host").value; diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php index e292402..a7c5e2b 100755 --- a/usr/local/www/system_gateway_groups.php +++ b/usr/local/www/system_gateway_groups.php @@ -61,6 +61,8 @@ if ($_POST) { $retval = system_routing_configure(); $retval |= filter_configure(); + /* reconfigure our gateway monitor */ + setup_gateways_monitor(); $savemsg = get_std_save_message($retval); if ($retval == 0) @@ -71,6 +73,10 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_gateway_groups[$_GET['id']]) { $changedesc .= "removed gateway group {$_GET['id']}"; + foreach ($config['filter']['rule'] as $idx => $rule) { + if ($rule['gateway'] == $a_gateway_groups[$_GET['id']]['name']) + unset($config['filter']['rule'][$idx]['gateway']); + } unset($a_gateway_groups[$_GET['id']]); write_config($changedesc); mark_subsystem_dirty('staticroutes'); diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index 57aaf97..5e5ee11 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -105,10 +105,10 @@ if ($_POST) { /* Build list of items in group with priority */ $pconfig['item'] = array(); - foreach($a_gateways as $gateway) { - if($_POST[$gateway['name']] > 0) { + foreach($a_gateways as $gwname => $gateway) { + if($_POST[$gwname] > 0) { /* we have a priority above 0 (disabled), add item to list */ - $pconfig['item'][] = "{$gateway[name]}|{$_POST[$gateway['name']]}"; + $pconfig['item'][] = "{$gwname}|{$_POST[$gwname]}"; } } @@ -160,27 +160,26 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq">Gateway Priority</td> <td width="78%" class="vtable"> <?php - foreach($a_gateways as $gateway) { + foreach($a_gateways as $gwname => $gateway) { $selected = array(); - $name = $gateway['name']; $interface = $gateway['interface']; foreach((array)$pconfig['item'] as $item) { $itemsplit = explode("|", $item); - if($itemsplit[0] == $name) { + if($itemsplit[0] == $gwname) { $selected[$itemsplit[1]] = "selected"; + break; } else { $selected[0] = "selected"; } - } - echo "<select name='{$name}' class='formfldselect' id='{$name}'>"; + echo "<select name='{$gwname}' class='formfldselect' id='{$gwname}'>"; echo "<option value='0' $selected[0] >Never</option>"; echo "<option value='1' $selected[1] >Tier 1</option>"; echo "<option value='2' $selected[2] >Tier 2</option>"; echo "<option value='3' $selected[3] >Tier 3</option>"; echo "<option value='4' $selected[4] >Tier 4</option>"; echo "<option value='5' $selected[5] >Tier 5</option>"; - echo "</select> <strong>{$name} - {$gateway['descr']}</strong><br/>"; + echo "</select> <strong>{$gateway['name']} - {$gateway['descr']}</strong><br />"; } ?> <br/><span class="vexpl"> @@ -218,7 +217,8 @@ value="<?=htmlspecialchars($pconfig['descr']);?>"> <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" value="Cancel" class="formbtn" onclick="history.back()"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <a href="system_gateway_groups.php"><input type="button" value="Cancel" class="formbtn" ></a> <?php if (isset($id) && $a_gateway_groups[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> diff --git a/usr/local/www/system_gateways.php b/usr/local/www/system_gateways.php index 38df88a..c324569 100755 --- a/usr/local/www/system_gateways.php +++ b/usr/local/www/system_gateways.php @@ -46,9 +46,8 @@ require_once("shaper.inc"); $a_gateways = return_gateways_array(true); $a_gateways_arr = array(); -foreach($a_gateways as $gw) { +foreach ($a_gateways as $gw) $a_gateways_arr[] = $gw; -} $a_gateways = $a_gateways_arr; if (!is_array($config['gateways']['gateway_item'])) @@ -81,15 +80,39 @@ if ($_GET['act'] == "del") { if ($a_gateways[$_GET['id']]) { /* remove the real entry */ $realid = $a_gateways[$_GET['id']]['attribute']; - - if ($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway'] == $a_gateways[$_GET['id']]['name']) - unset($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway']); - $changedesc .= "removed gateway {$realid}"; - unset($a_gateway_item[$realid]); - write_config($changedesc); - mark_subsystem_dirty('staticroutes'); - header("Location: system_gateways.php"); - exit; + $remove = true; + if (is_array($config['gateways']['gateway_group'])) { + foreach ($config['gateways']['gateway_group'] as $group) { + foreach ($group['item'] as $item) { + $items = explode("|", $item); + if ($items[0] == $a_gateways[$_GET['id']]['name']) { + $input_errors[] = "Gateway cannot be deleted because it is in use on Gateway Group '{$group['name']}'"; + $remove = false; + break; + } + + } + } + } + if (is_array($config['staticroutes']['route'])) { + foreach ($config['staticroutes']['route'] as $route) { + if ($route['gateway'] == $a_gateways[$_GET['id']]['name']) { + $input_errors[] = "Gateway cannot be deleted because it is in use on Static Routes '{$route['network']}'"; + $remove = false; + break; + } + } + } + if ($remove == true) { + if ($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway'] == $a_gateways[$_GET['id']]['name']) + unset($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway']); + $changedesc .= "removed gateway {$realid}"; + unset($a_gateway_item[$realid]); + write_config($changedesc); + mark_subsystem_dirty('staticroutes'); + header("Location: system_gateways.php"); + exit; + } } } @@ -101,6 +124,7 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> <form action="system_gateways.php" method="post"> <input type="hidden" name="y1" value="1"> <?php if ($savemsg) print_info_box($savemsg); ?> diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index fe9c4f9..aab9204 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -64,6 +64,7 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_gateways[$id]) { $pconfig['name'] = $a_gateways[$id]['name']; + $pconfig['weight'] = $a_gateways[$id]['weight']; $pconfig['interface'] = $a_gateways[$id]['interface']; $pconfig['friendlyiface'] = $a_gateways[$id]['friendlyiface']; $pconfig['gateway'] = $a_gateways[$id]['gateway']; @@ -146,11 +147,12 @@ if ($_POST) { } if (!$input_errors) { + $reloadif = false; /* if we are processing a system gateway only save the monitorip */ - if(($_POST['attribute'] == "system" && empty($_POST['defaultgw'])) || (empty($_POST['interface']) && empty($_POST['gateway']) && empty($_POST['defaultgw']))) { + if ($_POST['weight'] == 1 && (($_POST['attribute'] == "system" && empty($_POST['defaultgw'])) || (empty($_POST['interface']) && empty($_POST['gateway']) && empty($_POST['defaultgw'])))) { if (is_ipaddr($_POST['monitor'])) { if (empty($_POST['interface'])) - $interface = $pconfig['interface']; + $interface = $pconfig['friendlyiface']; else $interface = $_POST['interface']; $config['interfaces'][$interface]['monitorip'] = $_POST['monitor']; @@ -164,11 +166,16 @@ if ($_POST) { /* Manual gateways are handled differently */ /* rebuild the array with the manual entries only */ - $reloadif = false; $gateway = array(); - $gateway['interface'] = $_POST['interface']; + if ($_POST['attribute'] == "system") { + $gateway['interface'] = $pconfig['friendlyiface']; + $gateway['gateway'] = "dynamic"; + } else { + $gateway['interface'] = $_POST['interface']; + $gateway['gateway'] = $_POST['gateway']; + } $gateway['name'] = $_POST['name']; - $gateway['gateway'] = $_POST['gateway']; + $gateway['weight'] = $_POST['weight']; $gateway['descr'] = $_POST['descr']; if(is_ipaddr($_POST['monitor'])) { $gateway['monitor'] = $_POST['monitor']; @@ -308,6 +315,22 @@ function enable_change(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Weight</td> + <td width="78%" class="vtable"> + <select name='weight' class='formfldselect' id='weight'> + <?php + for ($i = 1; $i < 6; $i++) { + $selected = ""; + if ($pconfig['weight'] == $i) + $selected = "selected"; + echo "<option value='{$i}' {$selected} >{$i}</option>"; + } + ?> + </select> + <strong>Weight for this gateway when used in a Gateway Group.</strong> <br /> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable"> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> diff --git a/usr/local/www/system_routes.php b/usr/local/www/system_routes.php index a9160c5..8786577 100755 --- a/usr/local/www/system_routes.php +++ b/usr/local/www/system_routes.php @@ -47,11 +47,8 @@ require_once("shaper.inc"); if (!is_array($config['staticroutes']['route'])) $config['staticroutes']['route'] = array(); -if (!is_array($config['gateways']['gateway_item'])) - $config['gateways']['gateway_item'] = array(); - $a_routes = &$config['staticroutes']['route']; -$a_gateways = &$config['gateways']['gateway_item']; +$a_gateways = return_gateways_array(true); $changedesc = "Static Routes: "; if ($_POST) { @@ -92,6 +89,7 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_routes[$_GET['id']]) { $changedesc .= "removed route to " . $a_routes[$_GET['id']['route']]; + mwexec("/sbin/route delete " . escapeshellarg($a_routes[$_GET['id']]['network'])); unset($a_routes[$_GET['id']]); write_config($changedesc); mark_subsystem_dirty('staticroutes'); @@ -160,17 +158,12 @@ include("head.inc"); </td> <td class="listr" ondblclick="document.location='system_routes_edit.php?id=<?=$i;?>';"> <?php - echo $route['gateway'] . " "; + echo htmlentities($a_gateways[$route['gateway']]['name']) . " - " . htmlentities($a_gateways[$route['gateway']]['gateway']); ?> </td> <td class="listr" ondblclick="document.location='system_routes_edit.php?id=<?=$i;?>';"> <?php - foreach($a_gateways as $gateway) { - if($gateway['name'] == $route['gateway']) { - echo strtoupper($gateway['interface']) . " "; - } - } - + echo convert_friendly_interface_to_friendly_descr($a_gateways[$route['gateway']]['friendlyiface']) . " "; ?> </td> <td class="listbg" ondblclick="document.location='system_routes_edit.php?id=<?=$i;?>';"> diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 434bbbc..a779009 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -57,11 +57,9 @@ require("guiconfig.inc"); if (!is_array($config['staticroutes']['route'])) $config['staticroutes']['route'] = array(); -if (!is_array($config['gateways']['gateway_item'])) - $config['gateways']['gateway_item'] = array(); $a_routes = &$config['staticroutes']['route']; -$a_gateways = &$config['gateways']['gateway_item']; +$a_gateways = return_gateways_array(true); $id = $_GET['id']; if (isset($_POST['id'])) @@ -99,13 +97,7 @@ if ($_POST) { $input_errors[] = "A valid destination network bit count must be specified."; } if ($_POST['gateway']) { - $match = false; - foreach($a_gateways as $gateway) { - if(in_array($_POST['gateway'], $gateway)) { - $match = true; - } - } - if(!$match) + if (!isset($a_gateways[$_POST['gateway']])) $input_errors[] = "A valid gateway must be specified."; } @@ -174,11 +166,19 @@ include("head.inc"); <td width="78%" class="vtable"> <select name="gateway" id="gateway" class="formselect"> <?php - foreach ($a_gateways as $gateway): ?> - <option value="<?=$gateway['name'];?>" <?php if ($gateway['name'] == $pconfig['gateway']) echo "selected"; ?>> - <?=htmlspecialchars($gateway['name']);?> - </option> - <?php endforeach; ?> + foreach ($a_gateways as $gateway) { + if ($gateway['attribute'] == "system") { + echo "<option value='{$gateway['friendlyiface']}' "; + if ($gateway['friendlyiface'] == $pconfig['gateway']) + echo "selected"; + } else { + echo "<option value='{$gateway['name']}' "; + if ($gateway['name'] == $pconfig['gateway']) + echo "selected"; + } + echo ">" . htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']) . "</option>\n"; + } + ?> </select> <br /> <div id='addgwbox'> Choose which gateway this route applies to or <a OnClick="show_add_gateway();" href="#">add a new one</a>. diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index b2c8209..c961dd4 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -57,7 +57,7 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if($_POST['session_timeout']) { + if(isset($_POST['session_timeout'])) { $timeout = intval($_POST['session_timeout']); if ($timeout != "" && (!is_numeric($timeout) || $timeout <= 0)) $input_errors[] = gettext("Session timeout must be an integer value."); @@ -65,7 +65,7 @@ if ($_POST) { if (!$input_errors) { - if($_POST['session_timeout']) + if(isset($_POST['session_timeout'])) $config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']); else unset($config['system']['webgui']['session_timeout']); @@ -125,7 +125,7 @@ if(!$pconfig['backend']) <td width="78%" class="vtable"> <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> <br /> - <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Leave blank to never expire sessions. NOTE: This is a security risk!");?><br /> + <?=gettext("Time in minutes to expire idle management sessions. The default is 4 hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br /> </td> </tr> <tr> diff --git a/usr/local/www/system_usermanager_settings_ldapacpicker.php b/usr/local/www/system_usermanager_settings_ldapacpicker.php index 6a3d186..40212b1 100644 --- a/usr/local/www/system_usermanager_settings_ldapacpicker.php +++ b/usr/local/www/system_usermanager_settings_ldapacpicker.php @@ -33,7 +33,9 @@ require("guiconfig.inc"); require_once("auth.inc"); + $ous = array(); + if($_GET) { $authcfg = array(); $authcfg['ldap_port'] = $_GET['port']; @@ -47,7 +49,29 @@ if($_GET) { $authcfg['ldap_authcn'] = explode(";", $_GET['authcn']); $ous = ldap_get_user_ous(true, $authcfg); } + ?> +<html> + <head> + <STYLE type="text/css"> + TABLE { + border-width: 1px 1px 1px 1px; + border-spacing: 0px; + border-style: solid solid solid solid; + border-color: gray gray gray gray; + border-collapse: separate; + background-color: collapse; + } + TD { + border-width: 0px 0px 0px 0px; + border-spacing: 0px; + border-style: solid solid solid solid; + border-color: gray gray gray gray; + border-collapse: collapse; + background-color: white; + } + </STYLE> + </head> <script language="JavaScript"> function post_choices() { @@ -61,34 +85,17 @@ function post_choices() { opener.document.forms[0].ldapauthcontainers.value+=document.forms[0].ou[i].value; } } - //this.close(); + window.close(); --> } </script> -<html> - <head> - <STYLE type="text/css"> - TABLE { - border-width: 1px 1px 1px 1px; - border-spacing: 0px; - border-style: solid solid solid solid; - border-color: gray gray gray gray; - border-collapse: separate; - background-color: collapse; - } - TD { - border-width: 0px 0px 0px 0px; - border-spacing: 0px; - border-style: solid solid solid solid; - border-color: gray gray gray gray; - border-collapse: collapse; - background-color: white; - } - </STYLE> - </head> <body link="#000000" vlink="#000000" alink="#000000" > <form method="post" action="system_usermanager_settings_ldapacpicker.php"> +<?php if (empty($ous)): ?> + <p>Sorry, we could not connect to the LDAP server. Please try later.</p> + <input type='button' value='Close' onClick="window.close();"> +<?php else: ?> <b>Please select which containers to Authenticate against:</b> <p/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -96,11 +103,7 @@ function post_choices() { <td class="tabnavtbl"> <table width="100%"> <?php - if(!is_array($ous)) { - echo "Sorry, we could not connect to the LDAP server. Please try later."; - //exit; - } - else if(is_array($ous)) { + if(is_array($ous)) { foreach($ous as $ou) { if(in_array($ou, $authcfg['ldap_authcn'])) $CHECKED=" CHECKED"; @@ -109,7 +112,7 @@ function post_choices() { echo " <tr><td><input type='checkbox' value='{$ou}' id='ou' name='ou[]'{$CHECKED}> {$ou}<br/></td></tr>\n"; } } -?> +?> </table> </td> </tr> @@ -118,7 +121,7 @@ function post_choices() { <p/> <input type='button' value='Save' onClick="post_choices();"> - +<?php endif; ?> + </form> </body> </html> - diff --git a/usr/local/www/themes/code-red/wizard.css b/usr/local/www/themes/code-red/wizard.css index 15fa98e..c0979a8 100755 --- a/usr/local/www/themes/code-red/wizard.css +++ b/usr/local/www/themes/code-red/wizard.css @@ -1,1065 +1,1066 @@ -/* Element CSS Definitions */
-html, body, td, th, input, select {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 0.9em;
-
-}
-
-/* please adjust the bgcolor to be used together with niftycorners! */
-.rtop, .artop {
- background-color: #5f0406;
-}
-
-div.GraphLink {
- position: relative;
-}
-
-span.GraphLinkLine {
- position: absolute;
- background-color: #990000;
- width: 100%;
-}
-
-/* DOM Tooltip CSS definitions */
-div.niceTitle
-{
- background-color: #333333;
- color: #FFFFFF;
- border-bottom: 1px dotted #FFFFFF;
- font-weight: bold;
- font-size: 13px;
- font-family: "Trebuchet MS", sans-serif;
- width: 250px;
- left: 0;
- top: 0;
- padding: 4px;
- position: absolute;
- text-align: left;
- z-index: 20;
- -moz-border-radius: 0 10px 10px 10px;
- filter: progid:DXImageTransform.Microsoft.Alpha(opacity=87);
- -moz-opacity: .87;
- -khtml-opacity: .87;
- opacity: .87;
-}
-div.niceTitle h1
-{
- background: #990000;
- border-bottom: 1px dotted #FFFFFF;
- font-weight: bold;
- font-size: 13px;
- font-family: "Trebuchet MS", sans-serif;
- margin: 3px;
- padding-top: 1px;
- padding-bottom: 1px;
- padding-left: 3px;
- text-align: left;
- left: 0;
- top: 0;
- -moz-border-radius: 0 8px 0 0;
- -moz-opacity: 1;
-}
-div.niceTitle .contents
-{
- margin: 0;
- padding: 0 3px;
- filter: progid:DXImageTransform.Microsoft.Alpha(opacity=100);
- -moz-opacity: 1;
- -khtml-opacity: 1;
- opacity: 1;
-}
-div.niceTitle p
-{
- background: #FFFFFF;
- border: 1px solid #990000;
- color: #000000;
- font-size: 9px;
- padding: 5px;
- margin: 3px;
- text-align: left;
- -moz-opacity: 1;
- -moz-border-radius: 0 0 8px 8px;
-}
-
-body {
- margin: 0px auto;
- background: url('images/logon-background.gif') no-repeat;
- background-position : center 0px;
- background-color: #4a0203;
-}
-
-form {
- margin: 0px;
-}
-a {
- text-decoration: none;
-}
-form input {
- font-size: 1.1em;
-}
-
-iframe {
- z-index: 1;
- border: 1px dashed #990000;
-}
-.iframe {
- background-color: #FFFFFF;
-}
-
-/* ID Based CSS Definitions */
-#wrapper {
- width: 810px;
- margin: 0px auto;
-}
-
-#header {
- background: url('images/header.png') no-repeat;
- background-position: 0px;
- height: 102px;
- width: 810px;
- margin-bottom: 5px;
- z-index: 2;
-}
-#header-left {
- position: relative;
- /* background: url('images/logo.gif') no-repeat; */
- background-position: center;
- height: 65px;
- width: 145px;
- left: 10px;
- float: left;
-}
-#header-left #status-link {
- position: relative;
- top: 10px;
- left: 6px;
-}
-#header-right {
- position: relative;
- /* background: url('images/header.gif') no-repeat; */
- height: 70px;
- color: #fff;
- left: 0px;
- margin-left: 165px;
-}
-#header-right .alert {
- position: relative;
- /* background: url('images/alert.gif') no-repeat; */
- background-position: 4px 2px;
- color: #fff;
- height: 17px;
- width: 500px;
- padding: 4px;
- padding-left: 27px;
- float: left;
-}
-#header-right .container {
- position: relative;
-}
-#header-right .container .left {
- position: relative;
- float: left;
- font-size: 1.3em;
- font-weight: bold;
- top: 15px;
- left: 4px;
- display: none;
-}
-#header-right .container .right {
- position: relative;
- float: right;
- top: 22px;
- padding-right: 4px;
- z-index: 1;
-}
-
-#header-right .container .right #alerts {
- position: relative;
- background: url('images/alert_bgr.png') no-repeat;
- height: 39px;
- width: 431px;
- z-index: 1;
- padding-top: 20px;
- padding-left: 5px;
- margin: 0px;
-}
-#header-right .container .right #hostname {
- position: relative;
- height: 39px;
- width: 431px;
- z-index: 1;
- padding-left: 5px;
- margin: 0px;
- top: 25px;
- left: 230px;
- font-size: 14px;
- color: #cccccc;
- font-weight: bold;
-}
-
-
-
-table#marquee {
- position: relative;
- top: -6px;
- left: -5px;
- border: 0;
- padding: 0;
- margin: 0;
- width: 424px;
- background-color: transparent;
- padding: 2px;
- border: 0px;
-}
-span#marquee-container {
- position: absolute;
- visibility: hidden;
- top: -100px;
- left: -10000px;
-}
-div#marquee-text {
- font-size: 1.18em;
- font-weight: normal;
- font-family: Verdana;
- color: #ffffff;
-}
-table#marquee div#container {
- position: relative;
- overflow: hidden;
- width: 418px;
- height: 20px;
-}
-table#marquee div#container div#scroller {
- position: absolute;
- left: 0px;
- top: 0px;
-}
-
-
-
-
-
-#content {
- position: relative;
- top: -15px;
- left: 0px;
- margin-top: 0px;
- margin-left: 0px;
- padding-top: 0px;
- width: 810px;
- background-color: #ffffff;
-}
-
-#left {
- width: 810px;
- height: 1px;
-}
-#right {
- position: relative;
- top: -10px;
- width: 770px;
- margin-top: 0px;
- margin-left: 5px;
- margin-right: 5px;
- padding-top: 5px;
- padding-left: 10px;
- padding-right: 10px;
- padding-bottom: 20px;
- min-height: 400px;
-}
-
-#footer {
- position: relative;
- background: url('images/footer.png') no-repeat;
- top: -18px;
- left: 0px;
- width: 810px;
- height: 75px;
- color: #ffffff;
- text-align: center;;
- font-size: 0.9em;
- padding-top: 17px;
- margin-bottom: 20px;
- clear: both;
-}
-#footer p {
- padding: 0px;
- margin: 0px;
-}
-
-/* Style the List */
-#navigation {
- /* background: url('images/menu.gif') no-repeat; */
- /* width: 693px; */
- position: relative;
- top: -25px;
- left: 3px;
- width: 810px;
- padding: 0px;
- height: 28px;
- z-index: 3;
-}
-#navigation ul {
- padding: 0;
- margin: 0;
- list-style: none;
- text-align: center;
-}
-#navigation ul#menu {
- padding-top: 3px;
- padding-left: 5px;
-}
-
-/* Style the List Elements */
-#navigation ul li {
- float: left;
- position: relative;
- /* width: 7.5em; */
- width: 8.77em;
-}
-#navigation ul li div {
- font-size: 1em;
- font-weight: bold;
-}
-/* Make the List inside the List Elements */
-/* initially hidden with absolute position */
-#navigation ul li ul {
- display: none;
- position: absolute;
- top: 2em;
- left: -2px;
- width: 9em;
- font-weight: normal;
- background: transparent bottom left no-repeat; /* This is key to making the menu maintain visibility when not on a link */
- /* background-color: #202020;
- background: url("images/menu_footer.gif") no-repeat;
- background-position: bottom;
- */
- padding: 0em 0 0.4em 0;
- padding-top: 0.3em;
-}
-/* to override top and left in browsers other than IE */
-/* which will position to the top right of the containing */
-/* li, rather than bottom left */
-#navigation ul li > ul {
- top: auto;
- left: auto;
- left: -1px !important;
-}
-/* Show initial drop down upon mouse over, but do not show */
-/* nested side drop menus within listed elements */
-#navigation ul li:hover ul {
- display: block;
- cursor: pointer;
-}
-#navigation ul li:hover {
- cursor: pointer;
- cursor: pointer;
-}
-#navigation ul li:hover div {
- text-decoration: none;
-}
-
-#navigation ul li {
- background-color: transparent;
- color: #FFF;
-}
-#navigation ul li ul li {
- border: 1px solid #990000;
- width: 8.8em;
- height: 1.6em;
- line-height: 1.6em;
- background-color: #990000;
- color: #FFF;
-}
-#navigation ul li ul li:hover {
- background-color: #666666;
-}
-
-#navigation li li a {
- display: block;
- padding-left: 10px;
- padding-right: 10px;
-}
-
-#navigation ul li ul li a.navlnk:hover {
- text-decoration: none;
-}
-#navigation ul li.first {
- border-right: 0px;
-}
-#navigation ul li.middle {
- border-right: 0px;
-}
-#navigation ul li.last {
-
-}
-
-#navigation ul li.dropfirst {
- border-bottom: 0px;
-}
-#navigation ul li.dropmiddle {
- border-bottom: 0px;
-}
-#navigation ul li.droplast {
-}
-
-#wzdtabcont {
- float: left;
- background-color: #FFFFFF;
- color: #000000;
- padding: 0;
-}
-
-ul#wzdnav {
- font-size: 0.96em;
- float: left;
- width: 14.5em;
- margin: 0;
- padding-left: 18px;
-}
-
-ul#wzdnav li {
- list-style: none;
- margin: 0;
- padding-bottom: 0.2em;
- padding-left: 0;
-}
-
-ul#wzdnav a {
- display: block;
- padding: 0.3em;
- font-weight: normal;
-}
-
-#wzdnavbold a {
- display: block;
- padding: 0.3em;
- font-weight: bold ! important;
-}
-
-ul#wzdnav a:link {
- color: black;
- background-color: #eee;
-}
-
-ul#wzdnav a:visited {
- color: #666;
- background-color: #eee;
-}
-
-ul#wzdnav a:hover {
- color: black;
- background-color: white;
-}
-
-ul#wzdnav a:active {
- color: white;
- background-color: gray;
-}
-
-#graph {
- position: relative;
- z-index: 10;
-}
-
-#logoutbtn {
- position: absolute;
- left: 95%;
- vertical-align: middle;
-}
-
-
-#graph {
- position: relative;
- z-index: 10;
-}
-
-
-
-/* Class Based CSS Definitions */
-.pgtitle {
- font-size: 18px;
- color: #777777;
- font-weight: bold;
-}
-.tfrtitle {
- font-size: 18px;
- color: #ffffff;
- font-weight: bold;
-}
-.vncell {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- border-bottom: 1px solid #999999;
-}
-.formfld {
- font-size: small;
-}
-.formselect {
- font-size: 1.0em;
-}
-.langopt {
- padding-left: 34px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.saved {
- /* background: url('/themes/nione/images/icons/icon_wzd_saved.png') no-repeat 0 1px #FFFFFF; */
- list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_saved.png') ! important;
-}
-.notsaved {
- /* background: url('/themes/nione/images/icons/icon_wzd_nsaved.png') no-repeat 0 1px #FFFFFF; */
- list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_nsaved.png') ! important;
-}
-.en {
- background: url('/themes/nervecenter/images/icons/icon_flag_en.png') no-repeat 0 1px #FFFFFF;
-}
-.de {
- background: url('/themes/nervecenter/images/icons/icon_flag_de.png') no-repeat 0 1px #FFFFFF;
-}
-.es {
- background: url('/themes/nervecenter/images/icons/icon_flag_es.png') no-repeat 0 1px #FFFFFF;
-}
-.pt_BR {
- background: url('/themes/nervecenter/images/icons/icon_flag_pt_BR.png') no-repeat 0 1px #FFFFFF;
-}
-.host {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_host.png') no-repeat 0 1px #FFFFFF;
-}
-.search {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_search.png') no-repeat 0 1px #FFFFFF;
-}
-.file {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_file.png') no-repeat 0 1px #FFFFFF;
-}
-.mail {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_mail.png') no-repeat 0 1px #FFFFFF;
-}
-.imp {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_imp.png') no-repeat 0 1px #FFFFFF;
-}
-.pwd {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_pwd.png') no-repeat 0 1px #FFFFFF;
-}
-.user {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_user.png') no-repeat 0 1px #FFFFFF ;
-}
-.group {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_group.png') no-repeat 0 1px #FFFFFF;
-}
-.url {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_url.png') no-repeat 0 1px #FFFFFF;
-}
-.time {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_time.png') no-repeat 0 1px #FFFFFF;
-}
-.unknown {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_unknown.png') no-repeat 0 1px #FFFFFF;
-}
-.formfld_cert {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_cert.png') no-repeat 0 1px #FFFFFF;
- padding-left: 28px;
- font-family: Courier New, Courier, monospaced;
- font-size: 11px;
-}
-.formfldalias {
- background-color: #990000;
- color: #FFFFFF;
-}
-.formpre {
- font-family: Courier New, Courier, monospaced;
- font-size: 10px;
-}
-.formbtn {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 13px;
- font-weight: bold;
-}
-.formbtns {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 10px;
- font-weight: bold;
-}
-.vvcell {
- background-color: #FFFFC6;
-}
-.errmsg {
- font-weight: bold;
- color: #CC0000;
-}
-.red {
- color: #CC0000;
-}
-.gray {
- color: #A0A0A0;
-}
-.vexpl {
- font-size: 11px;
-}
-.navlnk {
- color: #FFFFFF;
- text-decoration: none;
- font-size: 13px;
-}
-.navlnks {
- color: #FFFFFF;
- text-decoration: none;
- font-size: 11px;
-}
-.redlnk {
- color: #990000;
- text-decoration: none;
-}
-.tblnk {
- color: #FFFFFF;
- text-decoration: none;
-}
-.vncellreq {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
-}
-.vncellt {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- padding-top: 4px;
- padding-bottom: 4px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
-}
-.vtable {
- border-bottom: 1px solid #999999;
-}
-.vnsepcell {
- background-color: #BBBBBB;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.cpline {
- font-size: 11px;
- color: #FFFFFF;
-}
-.hostname {
- font-size: 11px;
- color: #990000;
- font-weight: bold;
-}
-.vnsepcellr {
- background-color: #BBBBBB;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.listr {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listrpad {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-right: 16px;
- padding-left: 10px;
- padding-top: 8px;
- padding-bottom: 8px;
-}
-.listn {
- font-size: 11px;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listbg {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #990000;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listbggrey {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #999999;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listhdr {
- background-color: #BBBBBB;
- padding-right: 16px;
- padding-left: 6px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.listhdr a {
- color: #000000;
-}
-.listhdrr {
- background-color: #BBBBBB;
- padding-right: 16px;
- padding-left: 6px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.listhdrr a {
- color: #000000;
-}
-.listlr {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- border-left: 1px solid #999999;
- font-size: 11px;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listlrns {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- border-left: 1px solid #999999;
- font-size: 11px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.list {
- font-size: 11px;
- padding-left: 6px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.listt {
- font-size: 11px;
- padding-top: 5px;
-}
-.listhdrrns {
- background-color: #BBBBBB;
- padding-left: 6px;
- padding-top: 5px;
- padding-bottom: 5px;
- padding-right: 6px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.listbgns {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #D9DEE8;
- padding-left: 6px;
- padding-right: 4px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listtopic {
- border-right: 1px solid #999999;
- font-size: 11px;
- background-color: #990000;
- padding-right: 16px;
- padding-left: 6px;
- color: #FFFFFF;
- font-weight: bold;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.optsect_t {
- border-right: 1px solid #999999;
- background-color: #990000;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.optsect_s {
- font-size: 11px;
- color: #FFFFFF;
- font-weight: bold;
-}
-.tabnavtbl {
-}
-
-
-/* MISC CSS Definitions */
-ul#tabnav {
- font-size: 11px;
- font-weight: bold;
- list-style-type: none;
- margin: 0;
- padding: 0;
-}
-ul#tabnav li.tabinact1 {
- float: left;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-ul#tabnav li.tabinact {
- float: left;
- border-left: 1px solid #999999;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-ul#tabnav li.tabinact a {
- float: left;
- display: block;
- text-decoration: none;
- padding: 5px 8px 5px 8px;
- color: #FFFFFF;
-}
-ul#tabnav li.tabinact1 a {
- float: left;
- display: block;
- text-decoration: none;
- padding: 5px 8px 5px 8px;
- color: #FFFFFF;
-}
-ul#tabnav li.tabact {
- float: left;
- background-color: #EEEEEE;
- color: #000000;
- padding: 5px 8px 5px 8px;
- white-space: nowrap;
-}
-.tabcont {
- background-color: #EEEEEE;
- padding-right: 12px;
- padding-left: 12px;
- padding-top: 12px;
- padding-bottom: 12px;
-}
-.tabact {
- float: left;
- background-color: #EEEEEE;
- color: #000000;
- padding: 5px 8px 5px 8px;
- white-space: nowrap;
-}
-.tabinact {
- font-weight: bold;
- float: left;
- border-left: 1px solid #999999;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-.menu {
- background-color: #000000;
- white-space: nowrap;
- padding: 0px 5px 0px 5px;
- width: 100%;
- vertical-align: top;
-}
-
-
-/* Auto Complete Suggestions */
-div.suggestions {
- -moz-box-sizing: border-box;
- /* box-sizing: border-box; */
- border: 1px solid black;
- position: absolute;
- background-color: #990000;
- color: #FFF;
-}
-
-div.suggestions div {
- cursor: default;
- padding: 0px 3px;
- background-color: #990000;
- color: #FFF;
-}
-
-div.suggestions div.current {
- background-color: #3366cc;
- color: #FFF;
-}
-/* End Auto Complete Suggestions */
-
-
-/* Nifty Corners Crap */
-.rtop,.artop{display:block}
-.rtop *,.artop *{display:block;height:1px;overflow:hidden;font-size:1px}
-.artop *{border-style: solid;border-width:0 1px}
-.r1,.rl1,.re1,.rel1{margin-left:5px}
-.r1,.rr1,.re1,.rer1{margin-right:5px}
-.r2,.rl2,.re2,.rel2,.ra1,.ral1{margin-left:3px}
-.r2,.rr2,.re2,.rer2,.ra1,.rar1{margin-right:3px}
-.r3,.rl3,.re3,.rel3,.ra2,.ral2,.rs1,.rsl1,.res1,.resl1{margin-left:2px}
-.r3,.rr3,.re3,.rer3,.ra2,.rar2,.rs1,.rsr1,.res1,.resr1{margin-right:2px}
-.r4,.rl4,.rs2,.rsl2,.re4,.rel4,.ra3,.ral3,.ras1,.rasl1,.res2,.resl2{margin-left:1px}
-.r4,.rr4,.rs2,.rsr2,.re4,.rer4,.ra3,.rar3,.ras1,.rasr1,.res2,.resr2{margin-right:1px}
-.rx1,.rxl1{border-left-width:5px}
-.rx1,.rxr1{border-right-width:5px}
-.rx2,.rxl2{border-left-width:3px}
-.rx2,.rxr2{border-right-width:3px}
-.re2,.rel2,.ra1,.ral1,.rx3,.rxl3,.rxs1,.rxsl1{border-left-width:2px}
-.re2,.rer2,.ra1,.rar1,.rx3,.rxr3,.rxs1,.rxsr1{border-right-width:2px}
-.rxl1,.rxl2,.rxl3,.rxl4,.rxsl1,.rxsl2,.ral1,.ral2,.ral3,.ral4,.rasl1,.rasl2{border-right-width:0}
-.rxr1,.rxr2,.rxr3,.rxr4,.rxsr1,.rxsr2,.rar1,.rar2,.rar3,.rar4,.rasr1,.rasr2{border-left-width:0}
-.r4,.rl4,.rr4,.re4,.rel4,.rer4,.ra4,.rar4,.ral4,.rx4,.rxl4,.rxr4{height:2px}
-.rer1,.rel1,.re1,.res1,.resl1,.resr1{border-width:1px 0 0;height:0px !important;height /**/:1px}
-/* End Nifty Corners Crap */
-
-
-
-/* CSS for Dynamic Log Viewer */
-/* Author: Erik Kristensen */
-div#log div.log-entry {
- clear: both;
-}
-
-div#log div.log-entry span,
-div#log div.log-header span {
- padding: 3px 2px 3px 2px;
- padding-left: 8px;
-}
-
-div#log div.log-entry span.log-action {
- padding-bottom: 6px;
- padding-left: 5px;
- padding-right: 5px;
-}
-
-div#log div.log-header span {
- border-top: 1px solid #999;
- background-color: #bbb;
- font-weight: bold;
- text-align: left;
-}
-
-div#log span.log-action,
-div#log span.log-time,
-div#log span.log-interface,
-div#log span.log-source,
-div#log span.log-destination,
-div#log span.log-protocol {
- float: left;
- text-align: left;
- border-left: 1px solid #999;
- border-bottom: 1px solid #999;
-}
-
-div#log span.log-general {
-
-}
-
-div#log span.log-protocol {
- border-right: 1px solid #999;
-}
-
-div#log span.log-action {
- width: 2em;
- text-align: center;
-}
-
-div#log span.log-time {
- width: 12.5em;
-}
-
-div#log span.log-interface {
- width: 5em;
-}
-
-div#log span.log-source,
-div#log span.log-destination {
- width: 17.6em;
-}
-
-div#log span.log-protocol {
- width: 5.5em;
-}
-/* END CSS FOR DYNAMIC LOG VIEWER */
-
-#login {
- background: #cccccc;
- border: 0px solid #666666;
- margin: 5em auto;
- padding: 0em;
- width: 340px;
-}
-
-#login h1 {
- background: url(images/misc/logon.png) no-repeat top left;
- margin-top: 0;
- display: block;
- text-indent: -1000px;
- height: 50px;
- border-bottom: none;
-}
-
-#login p {
- font-size: 1em;
- font-weight: bold;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login span {
- font-size: 1em;
- font-weight: bold;
- width: 20%;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login p#text {
- font-size: 1em;
- font-weight: normal;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login #username, #password {
- font-size: 1em;
- width: 60%;
- padding: 3px;
- margin: 0em;
-}
-
-#login #submit {
- font-size: 1em;
- font-weight: bold;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
+/* Element CSS Definitions */ +html, body, td, th, input, select { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 0.9em; + +} + +/* please adjust the bgcolor to be used together with niftycorners! */ +.rtop, .artop { + background-color: #5f0406; +} + +div.GraphLink { + position: relative; +} + +span.GraphLinkLine { + position: absolute; + background-color: #990000; + width: 100%; +} + +/* DOM Tooltip CSS definitions */ +div.niceTitle +{ + background-color: #333333; + color: #FFFFFF; + border-bottom: 1px dotted #FFFFFF; + font-weight: bold; + font-size: 13px; + font-family: "Trebuchet MS", sans-serif; + width: 250px; + left: 0; + top: 0; + padding: 4px; + position: absolute; + text-align: left; + z-index: 20; + -moz-border-radius: 0 10px 10px 10px; + filter: progid:DXImageTransform.Microsoft.Alpha(opacity=87); + -moz-opacity: .87; + -khtml-opacity: .87; + opacity: .87; +} +div.niceTitle h1 +{ + background: #990000; + border-bottom: 1px dotted #FFFFFF; + font-weight: bold; + font-size: 13px; + font-family: "Trebuchet MS", sans-serif; + margin: 3px; + padding-top: 1px; + padding-bottom: 1px; + padding-left: 3px; + text-align: left; + left: 0; + top: 0; + -moz-border-radius: 0 8px 0 0; + -moz-opacity: 1; +} +div.niceTitle .contents +{ + margin: 0; + padding: 0 3px; + filter: progid:DXImageTransform.Microsoft.Alpha(opacity=100); + -moz-opacity: 1; + -khtml-opacity: 1; + opacity: 1; +} +div.niceTitle p +{ + background: #FFFFFF; + border: 1px solid #990000; + color: #000000; + font-size: 9px; + padding: 5px; + margin: 3px; + text-align: left; + -moz-opacity: 1; + -moz-border-radius: 0 0 8px 8px; +} + +body { + margin: 0px auto; + background: url('images/logon-background.gif') no-repeat; + background-position : center 0px; + background-color: #4a0203; +} + +form { + margin: 0px; +} +a { + text-decoration: none; +} +form input { + font-size: 1.1em; +} + +iframe { + z-index: 1; + border: 1px dashed #990000; +} +.iframe { + background-color: #FFFFFF; +} + +/* ID Based CSS Definitions */ +#wrapper { + width: 810px; + margin: 0px auto; +} + +#header { + background: url('images/header.png') no-repeat; + background-position: 0px; + height: 102px; + width: 810px; + margin-bottom: 5px; + z-index: 2; +} +#header-left { + position: relative; + /* background: url('images/logo.gif') no-repeat; */ + background-position: center; + height: 65px; + width: 145px; + left: 10px; + float: left; +} +#header-left #status-link { + position: relative; + top: 10px; + left: 6px; +} +#header-right { + position: relative; + /* background: url('images/header.gif') no-repeat; */ + height: 70px; + color: #fff; + left: 0px; + margin-left: 165px; +} +#header-right .alert { + position: relative; + /* background: url('images/alert.gif') no-repeat; */ + background-position: 4px 2px; + color: #fff; + height: 17px; + width: 500px; + padding: 4px; + padding-left: 27px; + float: left; +} +#header-right .container { + position: relative; +} +#header-right .container .left { + position: relative; + float: left; + font-size: 1.3em; + font-weight: bold; + top: 15px; + left: 4px; + display: none; +} +#header-right .container .right { + position: relative; + float: right; + top: 22px; + padding-right: 4px; + z-index: 1; +} + +#header-right .container .right #alerts { + position: relative; + background: url('images/alert_bgr.png') no-repeat; + height: 39px; + width: 431px; + z-index: 1; + padding-top: 20px; + padding-left: 5px; + margin: 0px; +} +#header-right .container .right #hostname { + position: relative; + height: 39px; + width: 431px; + z-index: 1; + padding-left: 5px; + margin: 0px; + top: 25px; + left: 230px; + font-size: 14px; + color: #cccccc; + font-weight: bold; +} + + + +table#marquee { + position: relative; + top: -6px; + left: -5px; + border: 0; + padding: 0; + margin: 0; + width: 424px; + background-color: transparent; + padding: 2px; + border: 0px; +} +span#marquee-container { + position: absolute; + visibility: hidden; + top: -100px; + left: -10000px; +} +div#marquee-text { + font-size: 1.18em; + font-weight: normal; + font-family: Verdana; + color: #ffffff; +} +table#marquee div#container { + position: relative; + overflow: hidden; + width: 418px; + height: 20px; +} +table#marquee div#container div#scroller { + position: absolute; + left: 0px; + top: 0px; +} + + + + + +#content { + position: relative; + top: -15px; + left: 0px; + margin-top: 0px; + margin-left: 0px; + padding-top: 0px; + width: 810px; + background-color: #ffffff; +} + +#left { + width: 810px; + height: 1px; +} +#right { + position: relative; + top: -10px; + width: 770px; + margin-top: 0px; + margin-left: 5px; + margin-right: 5px; + padding-top: 5px; + padding-left: 10px; + padding-right: 10px; + padding-bottom: 20px; + min-height: 400px; +} + +#footer { + position: relative; + background: url('images/footer.png') no-repeat; + top: -18px; + left: 0px; + width: 810px; + height: 75px; + color: #ffffff; + text-align: center;; + font-size: 0.9em; + padding-top: 17px; + margin-bottom: 20px; + clear: both; +} +#footer p { + padding: 0px; + margin: 0px; +} + +/* Style the List */ +#navigation { + /* background: url('images/menu.gif') no-repeat; */ + /* width: 693px; */ + position: relative; + top: -25px; + left: 3px; + width: 810px; + padding: 0px; + height: 28px; + z-index: 3; +} +#navigation ul { + padding: 0; + margin: 0; + list-style: none; + text-align: center; +} +#navigation ul#menu { + padding-top: 3px; + padding-left: 5px; +} + +/* Style the List Elements */ +#navigation ul li { + float: left; + position: relative; + /* width: 7.5em; */ + width: 8.77em; +} +#navigation ul li div { + font-size: 1em; + font-weight: bold; +} +/* Make the List inside the List Elements */ +/* initially hidden with absolute position */ +#navigation ul li ul { + display: none; + position: absolute; + top: 2em; + left: -2px; + width: 9em; + font-weight: normal; + background: transparent bottom left no-repeat; /* This is key to making the menu maintain visibility when not on a link */ + /* background-color: #202020; + background: url("images/menu_footer.gif") no-repeat; + background-position: bottom; + */ + padding: 0em 0 0.4em 0; + padding-top: 0.3em; +} +/* to override top and left in browsers other than IE */ +/* which will position to the top right of the containing */ +/* li, rather than bottom left */ +#navigation ul li > ul { + top: auto; + left: auto; + left: -1px !important; +} +/* Show initial drop down upon mouse over, but do not show */ +/* nested side drop menus within listed elements */ +#navigation ul li:hover ul { + display: block; + cursor: pointer; +} +#navigation ul li:hover { + cursor: pointer; + cursor: pointer; +} +#navigation ul li:hover div { + text-decoration: none; +} + +#navigation ul li { + background-color: transparent; + color: #FFF; +} +#navigation ul li ul li { + border: 1px solid #990000; + width: 8.8em; + height: 1.6em; + line-height: 1.6em; + background-color: #990000; + color: #FFF; +} +#navigation ul li ul li:hover { + background-color: #666666; +} + +#navigation li li a { + display: block; + padding-left: 10px; + padding-right: 10px; +} + +#navigation ul li ul li a.navlnk:hover { + text-decoration: none; +} +#navigation ul li.first { + border-right: 0px; +} +#navigation ul li.middle { + border-right: 0px; +} +#navigation ul li.last { + +} + +#navigation ul li.dropfirst { + border-bottom: 0px; +} +#navigation ul li.dropmiddle { + border-bottom: 0px; +} +#navigation ul li.droplast { +} + +#wzdtabcont { + float: left; + background-color: #FFFFFF; + color: #000000; + padding: 0; +} + +ul#wzdnav { + font-size: 0.96em; + float: left; + width: 14.5em; + margin: 0; + padding-left: 18px; +} + +ul#wzdnav li { + list-style: none; + margin: 0; + padding-bottom: 0.2em; + padding-left: 0; +} + +ul#wzdnav a { + display: block; + padding: 0.3em; + font-weight: normal; +} + +#wzdnavbold a { + display: block; + padding: 0.3em; + font-weight: bold ! important; +} + +ul#wzdnav a:link { + color: black; + background-color: #eee; +} + +ul#wzdnav a:visited { + color: #666; + background-color: #eee; +} + +ul#wzdnav a:hover { + color: black; + background-color: white; +} + +ul#wzdnav a:active { + color: white; + background-color: gray; +} + +#graph { + position: relative; + z-index: 10; +} + +#logoutbtn { + position: absolute; + left: 95%; + vertical-align: middle; +} + + +#graph { + position: relative; + z-index: 10; +} + + + +/* Class Based CSS Definitions */ +.pgtitle { + font-size: 18px; + color: #777777; + font-weight: bold; +} +.tfrtitle { + font-size: 18px; + color: #ffffff; + font-weight: bold; +} +.vncell { + background-color: #DDDDDD; + padding-right: 20px; + padding-left: 8px; + border-bottom: 1px solid #999999; +} +.formfld { + padding-left: 19px; + font-size: small; +} +.formselect { + font-size: 1.0em; +} +.langopt { + padding-left: 34px; + padding-top: 2px; + padding-bottom: 2px; +} +.saved { + /* background: url('/themes/nione/images/icons/icon_wzd_saved.png') no-repeat 0 1px #FFFFFF; */ + list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_saved.png') ! important; +} +.notsaved { + /* background: url('/themes/nione/images/icons/icon_wzd_nsaved.png') no-repeat 0 1px #FFFFFF; */ + list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_nsaved.png') ! important; +} +.en { + background: url('/themes/nervecenter/images/icons/icon_flag_en.png') no-repeat 0 1px #FFFFFF; +} +.de { + background: url('/themes/nervecenter/images/icons/icon_flag_de.png') no-repeat 0 1px #FFFFFF; +} +.es { + background: url('/themes/nervecenter/images/icons/icon_flag_es.png') no-repeat 0 1px #FFFFFF; +} +.pt_BR { + background: url('/themes/nervecenter/images/icons/icon_flag_pt_BR.png') no-repeat 0 1px #FFFFFF; +} +.host { + background: url('/themes/nervecenter/images/icons/icon_frmfld_host.png') no-repeat 0 1px #FFFFFF; +} +.search { + background: url('/themes/nervecenter/images/icons/icon_frmfld_search.png') no-repeat 0 1px #FFFFFF; +} +.file { + background: url('/themes/nervecenter/images/icons/icon_frmfld_file.png') no-repeat 0 1px #FFFFFF; +} +.mail { + background: url('/themes/nervecenter/images/icons/icon_frmfld_mail.png') no-repeat 0 1px #FFFFFF; +} +.imp { + background: url('/themes/nervecenter/images/icons/icon_frmfld_imp.png') no-repeat 0 1px #FFFFFF; +} +.pwd { + background: url('/themes/nervecenter/images/icons/icon_frmfld_pwd.png') no-repeat 0 1px #FFFFFF; +} +.user { + background: url('/themes/nervecenter/images/icons/icon_frmfld_user.png') no-repeat 0 1px #FFFFFF ; +} +.group { + background: url('/themes/nervecenter/images/icons/icon_frmfld_group.png') no-repeat 0 1px #FFFFFF; +} +.url { + background: url('/themes/nervecenter/images/icons/icon_frmfld_url.png') no-repeat 0 1px #FFFFFF; +} +.time { + background: url('/themes/nervecenter/images/icons/icon_frmfld_time.png') no-repeat 0 1px #FFFFFF; +} +.unknown { + background: url('/themes/nervecenter/images/icons/icon_frmfld_unknown.png') no-repeat 0 1px #FFFFFF; +} +.formfld_cert { + background: url('/themes/nervecenter/images/icons/icon_frmfld_cert.png') no-repeat 0 1px #FFFFFF; + padding-left: 28px; + font-family: Courier New, Courier, monospaced; + font-size: 11px; +} +.formfldalias { + background-color: #990000; + color: #FFFFFF; +} +.formpre { + font-family: Courier New, Courier, monospaced; + font-size: 10px; +} +.formbtn { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 13px; + font-weight: bold; +} +.formbtns { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 10px; + font-weight: bold; +} +.vvcell { + background-color: #FFFFC6; +} +.errmsg { + font-weight: bold; + color: #CC0000; +} +.red { + color: #CC0000; +} +.gray { + color: #A0A0A0; +} +.vexpl { + font-size: 11px; +} +.navlnk { + color: #FFFFFF; + text-decoration: none; + font-size: 13px; +} +.navlnks { + color: #FFFFFF; + text-decoration: none; + font-size: 11px; +} +.redlnk { + color: #990000; + text-decoration: none; +} +.tblnk { + color: #FFFFFF; + text-decoration: none; +} +.vncellreq { + background-color: #DDDDDD; + padding-right: 20px; + padding-left: 8px; + font-weight: bold; + border-bottom: 1px solid #999999; +} +.vncellt { + background-color: #DDDDDD; + padding-right: 20px; + padding-left: 8px; + padding-top: 4px; + padding-bottom: 4px; + font-weight: bold; + border-bottom: 1px solid #999999; +} +.vtable { + border-bottom: 1px solid #999999; +} +.vnsepcell { + background-color: #BBBBBB; + padding-right: 20px; + padding-left: 8px; + font-weight: bold; + border-bottom: 1px solid #999999; + font-size: 11px; +} +.cpline { + font-size: 11px; + color: #FFFFFF; +} +.hostname { + font-size: 11px; + color: #990000; + font-weight: bold; +} +.vnsepcellr { + background-color: #BBBBBB; + padding-right: 20px; + padding-left: 8px; + font-weight: bold; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; +} +.listr { + background-color: #FFFFFF; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-right: 6px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listrpad { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-right: 16px; + padding-left: 10px; + padding-top: 8px; + padding-bottom: 8px; +} +.listn { + font-size: 11px; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listbg { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + background-color: #990000; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listbggrey { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + background-color: #999999; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listhdr { + background-color: #BBBBBB; + padding-right: 16px; + padding-left: 6px; + font-weight: bold; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-top: 5px; + padding-bottom: 5px; +} +.listhdr a { + color: #000000; +} +.listhdrr { + background-color: #BBBBBB; + padding-right: 16px; + padding-left: 6px; + font-weight: bold; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-top: 5px; + padding-bottom: 5px; +} +.listhdrr a { + color: #000000; +} +.listlr { + background-color: #FFFFFF; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + border-left: 1px solid #999999; + font-size: 11px; + padding-right: 6px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listlrns { + background-color: #FFFFFF; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + border-left: 1px solid #999999; + font-size: 11px; + padding-top: 4px; + padding-bottom: 4px; +} +.list { + font-size: 11px; + padding-left: 6px; + padding-top: 2px; + padding-bottom: 2px; +} +.listt { + font-size: 11px; + padding-top: 5px; +} +.listhdrrns { + background-color: #BBBBBB; + padding-left: 6px; + padding-top: 5px; + padding-bottom: 5px; + padding-right: 6px; + font-weight: bold; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; +} +.listbgns { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + background-color: #D9DEE8; + padding-left: 6px; + padding-right: 4px; + padding-top: 4px; + padding-bottom: 4px; +} +.listtopic { + border-right: 1px solid #999999; + font-size: 11px; + background-color: #990000; + padding-right: 16px; + padding-left: 6px; + color: #FFFFFF; + font-weight: bold; + padding-top: 5px; + padding-bottom: 5px; +} +.optsect_t { + border-right: 1px solid #999999; + background-color: #990000; + padding-right: 6px; + padding-left: 6px; + padding-top: 2px; + padding-bottom: 2px; +} +.optsect_s { + font-size: 11px; + color: #FFFFFF; + font-weight: bold; +} +.tabnavtbl { +} + + +/* MISC CSS Definitions */ +ul#tabnav { + font-size: 11px; + font-weight: bold; + list-style-type: none; + margin: 0; + padding: 0; +} +ul#tabnav li.tabinact1 { + float: left; + background-color: #777777; + color: #FFFFFF; + padding: 0; + white-space: nowrap; +} +ul#tabnav li.tabinact { + float: left; + border-left: 1px solid #999999; + background-color: #777777; + color: #FFFFFF; + padding: 0; + white-space: nowrap; +} +ul#tabnav li.tabinact a { + float: left; + display: block; + text-decoration: none; + padding: 5px 8px 5px 8px; + color: #FFFFFF; +} +ul#tabnav li.tabinact1 a { + float: left; + display: block; + text-decoration: none; + padding: 5px 8px 5px 8px; + color: #FFFFFF; +} +ul#tabnav li.tabact { + float: left; + background-color: #EEEEEE; + color: #000000; + padding: 5px 8px 5px 8px; + white-space: nowrap; +} +.tabcont { + background-color: #EEEEEE; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; +} +.tabact { + float: left; + background-color: #EEEEEE; + color: #000000; + padding: 5px 8px 5px 8px; + white-space: nowrap; +} +.tabinact { + font-weight: bold; + float: left; + border-left: 1px solid #999999; + background-color: #777777; + color: #FFFFFF; + padding: 0; + white-space: nowrap; +} +.menu { + background-color: #000000; + white-space: nowrap; + padding: 0px 5px 0px 5px; + width: 100%; + vertical-align: top; +} + + +/* Auto Complete Suggestions */ +div.suggestions { + -moz-box-sizing: border-box; + /* box-sizing: border-box; */ + border: 1px solid black; + position: absolute; + background-color: #990000; + color: #FFF; +} + +div.suggestions div { + cursor: default; + padding: 0px 3px; + background-color: #990000; + color: #FFF; +} + +div.suggestions div.current { + background-color: #3366cc; + color: #FFF; +} +/* End Auto Complete Suggestions */ + + +/* Nifty Corners Crap */ +.rtop,.artop{display:block} +.rtop *,.artop *{display:block;height:1px;overflow:hidden;font-size:1px} +.artop *{border-style: solid;border-width:0 1px} +.r1,.rl1,.re1,.rel1{margin-left:5px} +.r1,.rr1,.re1,.rer1{margin-right:5px} +.r2,.rl2,.re2,.rel2,.ra1,.ral1{margin-left:3px} +.r2,.rr2,.re2,.rer2,.ra1,.rar1{margin-right:3px} +.r3,.rl3,.re3,.rel3,.ra2,.ral2,.rs1,.rsl1,.res1,.resl1{margin-left:2px} +.r3,.rr3,.re3,.rer3,.ra2,.rar2,.rs1,.rsr1,.res1,.resr1{margin-right:2px} +.r4,.rl4,.rs2,.rsl2,.re4,.rel4,.ra3,.ral3,.ras1,.rasl1,.res2,.resl2{margin-left:1px} +.r4,.rr4,.rs2,.rsr2,.re4,.rer4,.ra3,.rar3,.ras1,.rasr1,.res2,.resr2{margin-right:1px} +.rx1,.rxl1{border-left-width:5px} +.rx1,.rxr1{border-right-width:5px} +.rx2,.rxl2{border-left-width:3px} +.rx2,.rxr2{border-right-width:3px} +.re2,.rel2,.ra1,.ral1,.rx3,.rxl3,.rxs1,.rxsl1{border-left-width:2px} +.re2,.rer2,.ra1,.rar1,.rx3,.rxr3,.rxs1,.rxsr1{border-right-width:2px} +.rxl1,.rxl2,.rxl3,.rxl4,.rxsl1,.rxsl2,.ral1,.ral2,.ral3,.ral4,.rasl1,.rasl2{border-right-width:0} +.rxr1,.rxr2,.rxr3,.rxr4,.rxsr1,.rxsr2,.rar1,.rar2,.rar3,.rar4,.rasr1,.rasr2{border-left-width:0} +.r4,.rl4,.rr4,.re4,.rel4,.rer4,.ra4,.rar4,.ral4,.rx4,.rxl4,.rxr4{height:2px} +.rer1,.rel1,.re1,.res1,.resl1,.resr1{border-width:1px 0 0;height:0px !important;height /**/:1px} +/* End Nifty Corners Crap */ + + + +/* CSS for Dynamic Log Viewer */ +/* Author: Erik Kristensen */ +div#log div.log-entry { + clear: both; +} + +div#log div.log-entry span, +div#log div.log-header span { + padding: 3px 2px 3px 2px; + padding-left: 8px; +} + +div#log div.log-entry span.log-action { + padding-bottom: 6px; + padding-left: 5px; + padding-right: 5px; +} + +div#log div.log-header span { + border-top: 1px solid #999; + background-color: #bbb; + font-weight: bold; + text-align: left; +} + +div#log span.log-action, +div#log span.log-time, +div#log span.log-interface, +div#log span.log-source, +div#log span.log-destination, +div#log span.log-protocol { + float: left; + text-align: left; + border-left: 1px solid #999; + border-bottom: 1px solid #999; +} + +div#log span.log-general { + +} + +div#log span.log-protocol { + border-right: 1px solid #999; +} + +div#log span.log-action { + width: 2em; + text-align: center; +} + +div#log span.log-time { + width: 12.5em; +} + +div#log span.log-interface { + width: 5em; +} + +div#log span.log-source, +div#log span.log-destination { + width: 17.6em; +} + +div#log span.log-protocol { + width: 5.5em; +} +/* END CSS FOR DYNAMIC LOG VIEWER */ + +#login { + background: #cccccc; + border: 0px solid #666666; + margin: 5em auto; + padding: 0em; + width: 340px; +} + +#login h1 { + background: url(images/misc/logon.png) no-repeat top left; + margin-top: 0; + display: block; + text-indent: -1000px; + height: 50px; + border-bottom: none; +} + +#login p { + font-size: 1em; + font-weight: bold; + padding: 3px; + margin: 0em; + text-indent: 10px; +} + +#login span { + font-size: 1em; + font-weight: bold; + width: 20%; + padding: 3px; + margin: 0em; + text-indent: 10px; +} + +#login p#text { + font-size: 1em; + font-weight: normal; + padding: 3px; + margin: 0em; + text-indent: 10px; +} + +#login #username, #password { + font-size: 1em; + width: 60%; + padding: 3px; + margin: 0em; +} + +#login #submit { + font-size: 1em; + font-weight: bold; + padding: 3px; + margin: 0em; + text-indent: 10px; +} diff --git a/usr/local/www/themes/nervecenter/wizard.css b/usr/local/www/themes/nervecenter/wizard.css index b3a6ccb..4e0d048 100644 --- a/usr/local/www/themes/nervecenter/wizard.css +++ b/usr/local/www/themes/nervecenter/wizard.css @@ -487,6 +487,7 @@ ul#wzdnav a:active { border-bottom: 1px solid #999999; } .formfld { + padding-left: 19px; font-size: small; } .formselect { diff --git a/usr/local/www/themes/pfsense_ng/wizard.css b/usr/local/www/themes/pfsense_ng/wizard.css index b3a6ccb..4e0d048 100644 --- a/usr/local/www/themes/pfsense_ng/wizard.css +++ b/usr/local/www/themes/pfsense_ng/wizard.css @@ -487,6 +487,7 @@ ul#wzdnav a:active { border-bottom: 1px solid #999999; } .formfld { + padding-left: 19px; font-size: small; } .formselect { diff --git a/usr/local/www/themes/the_wall/wizard.css b/usr/local/www/themes/the_wall/wizard.css index b3a6ccb..4e0d048 100644 --- a/usr/local/www/themes/the_wall/wizard.css +++ b/usr/local/www/themes/the_wall/wizard.css @@ -487,6 +487,7 @@ ul#wzdnav a:active { border-bottom: 1px solid #999999; } .formfld { + padding-left: 19px; font-size: small; } .formselect { diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index fdf4af4..4f0d59d 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -112,6 +112,7 @@ if($_GET['act']=="edit"){ $pconfig['passtos'] = $a_server[$id]['passtos']; $pconfig['client2client'] = $a_server[$id]['client2client']; + $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip']; $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; @@ -299,6 +300,7 @@ if ($_POST) { $server['passtos'] = $pconfig['passtos']; $server['client2client'] = $pconfig['client2client']; + $server['dynamic_ip'] = $pconfig['dynamic_ip']; $server['pool_enable'] = $pconfig['pool_enable']; if ($pconfig['dns_domain_enable']) @@ -906,6 +908,24 @@ function netbios_change() { <td colspan="2" valign="top" class="listtopic">Client Settings</td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Dynamic IP</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td> + <?php set_checked($pconfig['dynamic_ip'],$chk); ?> + <input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?>"> + </td> + <td> + <span class="vexpl"> + Allow connected clients to retain their connections if their IP address changes.<br> + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Address Pool</td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0"> diff --git a/usr/local/www/widgets/include/openvpn.inc b/usr/local/www/widgets/include/openvpn.inc new file mode 100644 index 0000000..075d0e5 --- /dev/null +++ b/usr/local/www/widgets/include/openvpn.inc @@ -0,0 +1,4 @@ +<?php +$openvpn_title = "OpenVPN"; +$openvpn_title_link = "status_openvpn.php"; +?>
\ No newline at end of file diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php new file mode 100644 index 0000000..c17c144 --- /dev/null +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -0,0 +1,193 @@ +<?php +require_once("openvpn.inc"); + +/* Handle AJAX */ +if($_GET['action']) { + if($_GET['action'] == "kill") { + $port = $_GET['port']; + $remipp = $_GET['remipp']; + if (!empty($port) and !empty($remipp)) { + $retval = kill_client($port, $remipp); + echo htmlentities("|{$port}|{$remipp}|{$retval}|"); + } else { + echo "invalid input"; + } + exit; + } +} + + +function kill_client($port, $remipp) { + $tcpsrv = "tcp://127.0.0.1:{$port}"; + $errval; + $errstr; + + /* open a tcp connection to the management port of each server */ + $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); + $killed = -1; + if ($fp) { + fputs($fp, "kill {$remipp}\n"); + while (!feof($fp)) { + $line = fgets($fp, 1024); + /* parse header list line */ + if (strpos($line, "INFO:")) + continue; + if (strpos($line, "UCCESS")) { + $killed = 0; + } + break; + } + fclose($fp); + } + return $killed; +} + +$servers = openvpn_get_active_servers(); +$clients = openvpn_get_active_clients(); +?> + +<script src="/javascript/sorttable.js" type="text/javascript"></script> +<br/> +<form action="status_openvpn.php" method="get" name="iform"> +<script type="text/javascript"> + function killClient(mport, remipp) { + var busy = function(icon) { + icon.onclick = ""; + icon.src = icon.src.replace("\.gif", "_d.gif"); + icon.style.cursor = "wait"; + } + + $A(document.getElementsByName("i:" + mport + ":" + remipp)).each(busy); + + new Ajax.Request( + "<?=$_SERVER['SCRIPT_NAME'];?>" + + "?action=kill&port=" + mport + "&remipp=" + remipp, + { method: "get", onComplete: killComplete } + ); + } + + function killComplete(req) { + var values = req.responseText.split("|"); + if(values[3] != "0") { + alert('<?=gettext("An error occurred.");?>' + ' (' + values[3] + ')'); + return; + } + + $A(document.getElementsByName("r:" + values[1] + ":" + values[2])).each( + function(row) { Effect.Fade(row, { duration: 1.0 }); } + ); + } +</script> + +<?php foreach ($servers as $server): ?> + +<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic"> + Client connections for <?=$server['name'];?> + </td> + </tr> + <tr> + <td> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Name/Time</td> + <td class="listhdrr">Real/Virtual IP</td> + </tr> + <?php foreach ($server['conns'] as $conn): ?> + <tr name='<?php echo "r:{$server['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$conn['common_name'];?> + </td> + <td class="listr"> + <?=$conn['remote_host'];?> + </td> + <td class='list' rowspan="2"> + <img src='/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif' height='17' width='17' border='0' + onclick="killClient('<?php echo $server['port']; ?>', '<?php echo $conn['remote_host']; ?>');" style='cursor:pointer;' + name='<?php echo "i:{$server['port']}:{$conn['remote_host']}"; ?>' + title='Kill client connection from <?php echo $conn['remote_host']; ?>' alt='' /> + </td> + </tr> + <tr name='<?php echo "r:{$server['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$conn['connect_time'];?> + </td> + <td class="listr"> + <?=$conn['virtual_addr'];?> + </td> + </tr> + + <?php endforeach; ?> + <tr> + <td colspan="6" class="list" height="12"></td> + </tr> + + </table> + </td> + </tr> +</table> + +<?php endforeach; ?> +<br/> + + +<?php if (!empty($clients)) { ?> +<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic"> + OpenVPN client instances statistics + </td> + </tr> + <tr> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Name/Time</td> + <td class="listhdrr">Remote/Virtual IP</td> + </tr> + +<?php foreach ($clients as $client): ?> + <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$client['name'];?> + </td> + <td class="listr"> + <?=$client['remote_host'];?> + </td> + <td rowspan="2" align="center"> + <?php + if ($client['status'] == "up") { + /* tunnel is up */ + $iconfn = "interface_up"; + } else { + /* tunnel is down */ + $iconfn = "interface_down"; + } + echo "<img src ='/themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'>"; + ?> + </td> + </tr> + <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$client['connect_time'];?> + </td> + <td class="listr"> + <?=$client['virtual_addr'];?> + </td> + </tr> +<?php endforeach; ?> + </table> + </tr> +</table> + +<?php +} + +if ($DisplayNote) { + echo "<br/><b>NOTE:</b> You need to bind each OpenVPN client to enable its management daemon: use 'Local port' setting in the OpenVPN client screen"; +} + +if ((empty($clients)) && (empty($servers))) { + echo "No OpenVPN instance defined"; +} +?>
\ No newline at end of file diff --git a/usr/local/www/widgets/widgets/system_information.widget.php b/usr/local/www/widgets/widgets/system_information.widget.php index 9e58f1b..c9a6b65 100644 --- a/usr/local/www/widgets/widgets/system_information.widget.php +++ b/usr/local/www/widgets/widgets/system_information.widget.php @@ -95,12 +95,20 @@ $curcfg = $config['system']['firmware']; <?php endif; ?> <?php if ($g['platform'] == "nanobsd"): ?> <? - $BOOT_DEVICE=trim(`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`); - $REAL_BOOT_DEVICE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/{$BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`); + global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; + global $GLABEL_SLICE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; + global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE, $ACTIVE_SLICE; + nanobsd_detect_slice_info(); ?> <tr> <td width="25%" class="vncellt">NanoBSD Boot Slice</td> - <td width="75%" class="listr"><?=htmlspecialchars($BOOT_DEVICE);?> / <?=htmlspecialchars($REAL_BOOT_DEVICE);?></td> + <td width="75%" class="listr"> + <?=htmlspecialchars($BOOT_DEVICE);?> / <?=htmlspecialchars($BOOTFLASH);?> + <?php if ($BOOTFLASH != $ACTIVE_SLICE): ?> + <br/><br/>Next Boot:<br/> + <?=htmlspecialchars($GLABEL_SLICE);?> / <?=htmlspecialchars($ACTIVE_SLICE);?> + <?php endif; ?> + </td> </tr> <?php endif; ?> <tr> diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index eea1a85..41189e1 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -271,10 +271,12 @@ function step9_submitphpaction() { $certnames = array(); $certcns = array(); - foreach($config['system']['cert'] as $cert) { - $certnames[] = $cert['name']; - $certinfo = cert_get_subject_hash($cert['crt']); - $certcns[] = $certinfo["CN"]; + if (is_array($config['system']['cert'])) { + foreach($config['system']['cert'] as $cert) { + $certnames[] = $cert['name']; + $certinfo = cert_get_subject_hash($cert['crt']); + $certcns[] = $certinfo["CN"]; + } } if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || @@ -538,6 +540,8 @@ function step12_submitphpaction() { $server['passtos'] = $pconfig['step10']['tos']; if (isset($pconfig['step10']['interclient'])) $server['client2client'] = $pconfig['step10']['interclient']; + if (isset($pconfig['step10']['dynip'])) + $server['dynamic_ip'] = $pconfig['step10']['dynip']; if (isset($pconfig['step10']['addrpool'])) $server['pool_enable'] = $pconfig['step10']['addrpool']; if (isset($pconfig['step10']['defaultdomain'])) diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index 2bc6db1..bba38c8 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -757,6 +757,14 @@ <name>Client Settings</name> </field> <field> + <displayname>Dynamic IP</displayname> + <name>dynip</name> + <type>checkbox</type> + <value>on</value> + <description>Allow connected clients to retain their connections if their IP address changes.</description> + <bindstofield>ovpnserver->step10->dynip</bindstofield> + </field> + <field> <displayname>Address Pool</displayname> <name>addrpool</name> <type>checkbox</type> |
