summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--etc/inc/filter.inc5
-rwxr-xr-xusr/local/www/firewall_nat_out.php2
-rwxr-xr-xusr/local/www/firewall_nat_out_edit.php38
3 files changed, 41 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index ee63e43..07cc80f 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1241,7 +1241,8 @@ function filter_nat_rules_generate() {
else
$natif = $obent['interface'];
- $poolopts = (is_subnet($obent['target']) || is_alias($obent['target'])) ? $obent['poolopts'] : "";
+ $obtarget = ($obent['target'] == "other-subnet") ? $obent['targetip'] . '/' . $obent['targetip_subnet']: $obent['target'];
+ $poolopts = (is_subnet($obtarget) || is_alias($obtarget)) ? $obent['poolopts'] : "";
if (!isset($FilterIflist[$natif]))
continue;
@@ -1251,7 +1252,7 @@ function filter_nat_rules_generate() {
$obent['sourceport'],
$dst,
$obent['dstport'],
- $obent['target'],
+ $obtarget,
$obent['natport'],
isset($obent['nonat']),
isset($obent['staticnatport']),
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php
index bf72f2c..e27d55e 100755
--- a/usr/local/www/firewall_nat_out.php
+++ b/usr/local/www/firewall_nat_out.php
@@ -392,6 +392,8 @@ include("head.inc");
<?php
if (!$natent['target'])
echo "*";
+ elseif ($natent['target'] == "other-subnet")
+ echo $natent['targetip'] . '/' . $natent['targetip_subnet'];
else
echo $natent['target'];
?>
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index 7734d9e..f03bded 100755
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -79,6 +79,8 @@ if (isset($id) && $a_out[$id]) {
$pconfig['dstport'] = $a_out[$id]['dstport'];
$pconfig['natport'] = $a_out[$id]['natport'];
$pconfig['target'] = $a_out[$id]['target'];
+ $pconfig['targetip'] = $a_out[$id]['targetip'];
+ $pconfig['targetip_subnet'] = $a_out[$id]['targetip_subnet'];
$pconfig['poolopts'] = $a_out[$id]['poolopts'];
$pconfig['interface'] = $a_out[$id]['interface'];
if (!$pconfig['interface']) {
@@ -154,14 +156,23 @@ if ($_POST) {
}
}
- if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat'])) {
+ if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) {
$input_errors[] = gettext("A valid target IP address must be specified.");
}
+ if ($_POST['target'] == "other-subnet") {
+ if (!is_ipaddr($_POST['targetip'])) {
+ $input_errors[] = gettext("A valid target IP must be specified when using the 'Other Subnet' type.");
+ }
+ if (!is_numericint($_POST['targetip_subnet'])) {
+ $input_errors[] = gettext("A valid target bit count must be specified when using the 'Other Subnet' type.");
+ }
+ }
+
/* Verify Pool Options */
$poolopts = "";
if ($_POST['poolopts']) {
- if (is_subnet($_POST['target']))
+ if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet"))
$poolopts = $_POST['poolopts'];
elseif (is_alias($_POST['target'])) {
if (substr($_POST['poolopts'], 0, 11) == "round-robin")
@@ -201,6 +212,8 @@ if ($_POST) {
$natent['sourceport'] = ($protocol_uses_ports) ? $_POST['sourceport'] : "";
$natent['descr'] = $_POST['descr'];
$natent['target'] = (!isset($_POST['nonat'])) ? $_POST['target'] : "";
+ $natent['targetip'] = (!isset($_POST['nonat'])) ? $_POST['targetip'] : "";
+ $natent['targetip_subnet'] = (!isset($_POST['nonat'])) ? $_POST['targetip_subnet'] : "";
$natent['interface'] = $_POST['interface'];
$natent['poolopts'] = $poolopts;
@@ -342,11 +355,19 @@ function proto_change() {
function poolopts_change() {
if ($('target').options[$('target').selectedIndex].text.substring(0,4) == "Host") {
$('poolopts_tr').style.display = '';
+ $('target_network').style.display = 'none';
} else if ($('target').options[$('target').selectedIndex].text.substring(0,6) == "Subnet") {
$('poolopts_tr').style.display = '';
+ $('target_network').style.display = 'none';
+ } else if ($('target').options[$('target').selectedIndex].text.substring(0,5) == "Other") {
+ $('poolopts_tr').style.display = '';
+ $('target_network').style.display = '';
} else {
$('poolopts').selectedIndex = 0;
$('poolopts_tr').style.display = 'none';
+ $('target_network').style.display = 'none';
+ $('targetip').value = '';
+ $('targetip_subnet').value = '0';
}
}
//-->
@@ -521,10 +542,23 @@ any)");?></td>
continue; ?>
<option value="<?=$alias['name'];?>" <?php if ($alias['name'] == $pconfig['target']) echo "selected"; ?>><?=htmlspecialchars("Host Alias: {$alias['name']} ({$alias['descr']})");?></option>
<?php endforeach; ?>
+ <option value="other-subnet"<?php if($pconfig['target'] == "other-subnet") echo " selected"; ?>><?=gettext("Other Subnet (Enter Below)");?></option>
<option value=""<?php if($pconfig['target'] == "any") echo " selected"; ?>><?=gettext("any");?></option>
</select>
</td>
</tr>
+
+ <tr id="target_network">
+ <td><?=gettext("Other Subnet:");?>&nbsp;&nbsp;</td>
+ <td>
+ <input name="targetip" type="text" class="formfld unknown" id="targetip" size="20" value="<?=htmlspecialchars($pconfig['targetip']);?>">/<select name="targetip_subnet" class="formfld" id="targetip_subnet">
+<?php for ($i = 32; $i >= 0; $i--): ?>
+ <option value="<?=$i;?>"<?php if ($i == $pconfig['targetip_subnet']) echo " selected"; ?>><?=$i;?></option>
+<?php endfor; ?>
+ </select>
+ </td>
+ </tr>
+
<tr><td>&nbsp;</td><td>
<span class="vexpl"><?=gettext("Packets matching this rule will be mapped to the IP address given here.");?><br>
<?=gettext("If you want this rule to apply to another IP address than the IP address of the interface chosen above, ".
OpenPOWER on IntegriCloud