diff options
-rw-r--r-- | etc/inc/config.lib.inc | 59 | ||||
-rw-r--r-- | etc/inc/easyrule.inc | 5 | ||||
-rw-r--r-- | etc/inc/gwlb.inc | 10 | ||||
-rw-r--r-- | etc/inc/interfaces.inc | 20 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 6 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 42 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out.php | 185 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_out_edit.php | 40 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 40 | ||||
-rw-r--r-- | usr/local/www/wizards/openvpn_wizard.inc | 2 | ||||
-rw-r--r-- | usr/local/www/wizards/traffic_shaper_wizard.inc | 11 | ||||
-rwxr-xr-x | usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc | 8 | ||||
-rwxr-xr-x | usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc | 9 | ||||
-rw-r--r-- | usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc | 11 |
14 files changed, 306 insertions, 142 deletions
diff --git a/etc/inc/config.lib.inc b/etc/inc/config.lib.inc index d6e48e5..bbd6fec 100644 --- a/etc/inc/config.lib.inc +++ b/etc/inc/config.lib.inc @@ -509,35 +509,13 @@ function write_config($desc="Unknown", $backup = true) { } } - if (empty($_SESSION["Username"])) { - if (empty($_ENV['USER']) || $_ENV['USER'] == "root") - $username = "(system)"; - else - $username = $_ENV['USER']; - } else - $username = $_SESSION["Username"]; - - if (!empty($_SERVER['REMOTE_ADDR'])) - $username .= '@' . $_SERVER['REMOTE_ADDR']; - if (!isset($argc)) session_commit(); if($backup) backup_config(); - if (!is_array($config['revision'])) - $config['revision'] = array(); - - if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ - $config['revision']['time'] = time(); - - /* Log the running script so it's not entirely unlogged what changed */ - if ($desc == "Unknown") - $desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); - - $config['revision']['description'] = "{$username}: " . $desc; - $config['revision']['username'] = $username; + $config['revision'] = make_config_revision_entry($desc); conf_mount_rw(); $lockkey = lock('config', LOCK_EX); @@ -894,4 +872,39 @@ function set_device_perms() { } } +function get_config_user() { + if (empty($_SESSION["Username"])) { + if (empty($_ENV['USER']) || $_ENV['USER'] == "root") + $username = "(system)"; + else + $username = $_ENV['USER']; + } else + $username = $_SESSION["Username"]; + + if (!empty($_SERVER['REMOTE_ADDR'])) + $username .= '@' . $_SERVER['REMOTE_ADDR']; + + return $username; +} + +function make_config_revision_entry($desc = null, $override_user = null) { + if (empty($override_user)) + $username = get_config_user(); + else + $username = $override_user; + + $revision = array(); + + if (time() > mktime(0, 0, 0, 9, 1, 2004)) /* make sure the clock settings are plausible */ + $revision['time'] = time(); + + /* Log the running script so it's not entirely unlogged what changed */ + if ($desc == "Unknown") + $desc = sprintf(gettext("%s made unknown change"), $_SERVER['SCRIPT_NAME']); + if (!empty($desc)) + $revision['description'] = "{$username}: " . $desc; + $revision['username'] = $username; + return $revision; +} + ?> diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index d7bbcf9..86e2294 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -115,6 +115,7 @@ function easyrule_block_rule_create($int = 'wan', $ipproto = "inet") { $filterent['source']['address'] = $blockaliasname . strtoupper($int); $filterent['destination']['any'] = ''; $filterent['descr'] = gettext("Easy Rule: Blocked from Firewall Log View"); + $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule")); array_splice($a_filter, 0, 0, array($filterent)); @@ -271,6 +272,9 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp if ($proto == "icmp") $filterent['icmptype'] = 'echoreq'; + if (strtolower($proto) == "icmp6") + $filterent['protocol'] = "icmp"; + if (is_subnet($srchost)) { list($srchost, $srcmask) = explode("/", $srchost); } elseif (is_specialnet($srchost)) { @@ -294,6 +298,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp pconfig_to_address($filterent['source'], $srchost, $srcmask); pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport); + $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule")); $a_filter[] = $filterent; write_config($filterent['descr']); diff --git a/etc/inc/gwlb.inc b/etc/inc/gwlb.inc index ce4c317..13cde22 100644 --- a/etc/inc/gwlb.inc +++ b/etc/inc/gwlb.inc @@ -53,7 +53,7 @@ function setup_gateways_monitor() { if (!is_array($gateways_arr)) { log_error("No gateways to monitor. Apinger will not be run."); killbypid("{$g['varrun_path']}/apinger.pid"); - @unlink("{$g['tmp_path']}/apinger.status"); + @unlink("{$g['varrun_path']}/apinger.status"); return; } @@ -78,7 +78,7 @@ pid_file "{$g['varrun_path']}/apinger.pid" status { ## File where the status information should be written to - file "{$g['tmp_path']}/apinger.status" + file "{$g['varrun_path']}/apinger.status" ## Interval between file updates ## when 0 or not set, file is written only when SIGUSR1 is received interval 5s @@ -267,7 +267,7 @@ EOD; @chown("{$g['vardb_path']}/rrd", "nobody"); /* start a new apinger process */ - @unlink("{$g['tmp_path']}/apinger.status"); + @unlink("{$g['varrun_path']}/apinger.status"); sleep(1); mwexec_bg("/usr/local/sbin/apinger -c {$g['varetc_path']}/apinger.conf"); @@ -279,8 +279,8 @@ function return_gateways_status($byname = false) { global $config, $g; $apingerstatus = array(); - if (file_exists("{$g['tmp_path']}/apinger.status")) { - $apingerstatus = file("{$g['tmp_path']}/apinger.status"); + if (file_exists("{$g['varrun_path']}/apinger.status")) { + $apingerstatus = file("{$g['varrun_path']}/apinger.status"); } $status = array(); diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index e01ae08..df04bfb 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -3089,6 +3089,9 @@ function interface_track6_configure($interface = "lan", $wancfg) { /* always configure a link-local of fe80::1:1 on the track6 interfaces */ $realif = get_real_interface($interface); + $linklocal = find_interface_ipv6_ll($realif); + if (!empty($linklocal)) + mwexec("/sbin/ifconfig {$realif} inet6 {$linklocal} delete"); mwexec("/sbin/ifconfig {$realif} inet6 fe80::1:1%{$realif}"); $trackcfg = $config['interfaces'][$wancfg['track6-interface']]; @@ -3319,23 +3322,10 @@ function interface_6rd_configure($interface = "wan", $wancfg) { $rd6prefixlen = $rd6prefix[1]; $rd6prefix = Net_IPv6::uncompress($rd6prefix[0]); - /* we need the hex form of the broker IPv4 address */ - $hexbrv4 = return_hex_ipv4($wancfg['gateway-6rd']); - /* binary presentation of the prefix for all 128 bits. */ $rd6prefixbin = convert_ipv6_to_128bit($rd6prefix); /* just save the left prefix length bits */ - $rd6brprefixbin = substr($rd6prefixbin, 0, $rd6prefixlen); - /* if the prefix length is not 32 bits we need to shave bits off from the left of the v4 address. */ - $rd6brprefixbin .= substr(sprintf("%032b", hexdec($hexbrv4)), $wancfg['prefix-6rd-v4plen'], 32); - /* fill out the rest with 0's */ - $rd6brprefixbin = str_pad($rd6brprefixbin, 128, "0", STR_PAD_RIGHT); - - /* convert the 128 bits for the broker address back into a valid IPv6 address */ - $rd6brgw = convert_128bit_to_ipv6($rd6brprefixbin); - - /* just save the left prefix length bits */ $rd6prefixbin = substr($rd6prefixbin, 0, $rd6prefixlen); /* if the prefix length is not 32 bits we need to shave bits off from the left of the v4 address. */ $rd6prefixbin .= substr(sprintf("%032b", hexdec($hexwanv4)), $wancfg['prefix-6rd-v4plen'], 32); @@ -3345,6 +3335,8 @@ function interface_6rd_configure($interface = "wan", $wancfg) { /* convert the 128 bits for the broker address back into a valid IPv6 address */ $rd6prefix = convert_128bit_to_ipv6($rd6prefixbin); + $rd6brgw = "{$rd6prefix}{$wancfg['gateway-6rd']}"; + /* XXX: need to extend to support variable prefix size for v4 */ if (!is_module_loaded("if_stf")) mwexec("/sbin/kldload if_stf.ko"); @@ -3355,6 +3347,8 @@ function interface_6rd_configure($interface = "wan", $wancfg) { pfSense_interface_rename($tmpstfiface, $stfiface); pfSense_interface_flags($stfiface, IFF_LINK2); mwexec("/sbin/ifconfig {$stfiface} inet6 {$rd6prefix}/{$rd6prefixlen}"); + if ($wancfg['prefix-6rd-v4plen'] > 0 && $wancfg['prefix-6rd-v4plen'] < 32) + mwexec("/sbin/ifconfig {$stfiface} stfv4net {$ip4address}/{$wancfg['prefix-6rd-v4plen']}"); if ($g['debug']) log_error("Created 6rd interface {$stfiface} {$rd6prefix}/{$rd6prefixlen}"); diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index c5cce67..f172b58 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2531,11 +2531,7 @@ function return_hex_ipv4($ipv4) { /* we need the hex form of the interface IPv4 address */ $ip4arr = explode(".", $ipv4); - $hexwanv4 = ""; - foreach($ip4arr as $octet) - $hexwanv4 .= sprintf("%02x", $octet); - - return($hexwanv4); + return (sprintf("%02x%02x%02x%02x", $ip4arr[0], $ip4arr[1], $ip4arr[2], $ip4arr[3])); } function convert_ipv6_to_128bit($ipv6) { diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index f4b4587..6f6d5cf 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -71,9 +71,14 @@ if (isset($_GET['dup'])) { } if (isset($id) && $a_nat[$id]) { + if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) ) + $pconfig['created'] = $a_nat[$id]['created']; + + if ( isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']) ) + $pconfig['updated'] = $a_nat[$id]['updated']; + $pconfig['disabled'] = isset($a_nat[$id]['disabled']); $pconfig['nordr'] = isset($a_nat[$id]['nordr']); - address_to_pconfig($a_nat[$id]['source'], $pconfig['src'], $pconfig['srcmask'], $pconfig['srcnot'], $pconfig['srcbeginport'], $pconfig['srcendport']); @@ -409,12 +414,18 @@ if ($_POST) { // If this is a new rule, create an ID and add the rule if( $_POST['filter-rule-association']=='add-associated' ) { $filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id(); + $filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward")); $config['filter']['rule'][] = $filterent; } mark_subsystem_dirty('filter'); } + if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) ) + $natent['created'] = $a_nat[$id]['created']; + + $natent['updated'] = make_config_revision_entry(); + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config"); @@ -422,6 +433,7 @@ if ($_POST) { if (isset($id) && $a_nat[$id]) $a_nat[$id] = $natent; else { + $natent['created'] = make_config_revision_entry(); if (is_numeric($after)) array_splice($a_nat, $after+1, 0, array($natent)); else @@ -839,6 +851,34 @@ include("fbegin.inc"); ?> // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate"); ?> +<?php +$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])); +$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])); +?> + <?php if ($has_created_time || $has_updated_time): ?> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Rule Information");?></td> + </tr> + <?php if ($has_created_time): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Created");?></td> + <td width="78%" class="vtable"> + <?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['created']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['created']['username'] ?></strong> + </td> + </tr> + <?php endif; ?> + <?php if ($has_updated_time): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Updated");?></td> + <td width="78%" class="vtable"> + <?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['updated']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['updated']['username'] ?></strong> + </td> + </tr> + <?php endif; ?> + <?php endif; ?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> </td> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 5c445ed..f8c2417 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -94,120 +94,127 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $ifdescrs = get_configured_interface_with_descr(); foreach($ifdescrs as $if => $ifdesc) { - if (interface_has_gateway($if)) + if (!interface_has_gateway($if)) continue; - $osipaddr = get_interface_ip($if); - $ossubnet = get_interface_subnet($if); - if (!is_ipaddr($osipaddr) || empty($ossubnet)) - continue; - $osn = gen_subnet($osipaddr, $ossubnet); foreach ($ifdescrs as $if2 => $ifdesc2) { - if (!interface_has_gateway($if2)) + if (interface_has_gateway($if2)) + continue; + + $osipaddr = get_interface_ip($if2); + $ossubnet = get_interface_subnet($if2); + if (!is_ipaddr($osipaddr) || empty($ossubnet)) continue; + $osn = gen_subnet($osipaddr, $ossubnet); $natent = array(); $natent['source']['network'] = "{$osn}/{$ossubnet}"; $natent['dstport'] = "500"; - $natent['descr'] = sprintf(gettext('Auto created rule for ISAKMP - %1$s to %2$s'),$ifdesc,$ifdesc2); + $natent['descr'] = sprintf(gettext('Auto created rule for ISAKMP - %1$s to %2$s'),$ifdesc2,$ifdesc); $natent['target'] = ""; - $natent['interface'] = $if2; + $natent['interface'] = $if; $natent['destination']['any'] = true; $natent['staticnatport'] = true; + $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); $a_out[] = $natent; - + $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = sprintf(gettext('Auto created rule for %1$s to %2$s'),$ifdesc,$ifdesc2); - $natent['target'] = ""; - $natent['interface'] = $if2; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - - $natent = array(); - $natent['source']['network'] = "127.0.0.0/8"; - $natent['dstport'] = ""; - $natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc2); - $natent['target'] = ""; - $natent['interface'] = $if2; - $natent['destination']['any'] = true; - $natent['staticnatport'] = false; - $natent['natport'] = "1024:65535"; - $a_out[] = $natent; - - /* PPTP subnet */ - if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) { - $pptp_size = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units']; - $pptptopip = $pptp_size - 1; - $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$pptptopip)); - foreach ($pptp_subnets as $pptpsn) { - $natent = array(); - $natent['source']['network'] = $pptpsn; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for PPTP server"); - $natent['target'] = ""; - $natent['interface'] = $if2; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - } - } - /* PPPoE subnet */ - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { - foreach ($config['pppoes']['pppoe'] as $pppoes) { - if (($pppoes['mode'] == "server") && is_ipaddr($pppoes['localip'])) { - if($pppoes['pppoe_subnet'] <> "") - $ossubnet = $pppoes['pppoe_subnet']; - else - $ossubnet = "32"; - $osn = gen_subnet($pppoes['localip'], $ossubnet); - $natent = array(); - $natent['source']['network'] = "{$osn}/{$ossubnet}"; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for PPPoE server"); - $natent['target'] = ""; - $natent['interface'] = $if2; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - } - } + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = sprintf(gettext('Auto created rule for %1$s to %2$s'),$ifdesc2,$ifdesc); + $natent['target'] = ""; + $natent['interface'] = $if; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); + $a_out[] = $natent; + } + /* Localhost */ + $natent = array(); + $natent['source']['network'] = "127.0.0.0/8"; + $natent['dstport'] = ""; + $natent['descr'] = sprintf(gettext('Auto created rule for localhost to %1$s'),$ifdesc); + $natent['target'] = ""; + $natent['interface'] = $if; + $natent['destination']['any'] = true; + $natent['staticnatport'] = false; + $natent['natport'] = "1024:65535"; + $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); + $a_out[] = $natent; + /* PPTP subnet */ + if (($config['pptpd']['mode'] == "server") && is_private_ip($config['pptpd']['remoteip'])) { + $pptp_size = empty($config['pptpd']['n_pptp_units']) ? 16 : $config['pptpd']['n_pptp_units']; + $pptptopip = $pptp_size - 1; + $pptp_subnets = ip_range_to_subnet_array($config['pptpd']['remoteip'], long2ip32(ip2long($config['pptpd']['remoteip'])+$pptptopip)); + foreach ($pptp_subnets as $pptpsn) { + $natent = array(); + $natent['source']['network'] = $pptpsn; + $natent['sourceport'] = ""; + $natent['descr'] = gettext("Auto created rule for PPTP server"); + $natent['target'] = ""; + $natent['interface'] = $if; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); + $a_out[] = $natent; } - /* L2TP subnet */ - if($config['l2tp']['mode'] == "server") { - if (is_ipaddr($config['l2tp']['localip'])) { - if($config['l2tp']['l2tp_subnet'] <> "") - $ossubnet = $config['l2tp']['l2tp_subnet']; + } + /* PPPoE subnet */ + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { + foreach ($config['pppoes']['pppoe'] as $pppoes) { + if (($pppoes['mode'] == "server") && is_ipaddr($pppoes['localip'])) { + if($pppoes['pppoe_subnet'] <> "") + $ossubnet = $pppoes['pppoe_subnet']; else $ossubnet = "32"; - $osn = gen_subnet($config['l2tp']['localip'], $ossubnet); + $osn = gen_subnet($pppoes['localip'], $ossubnet); $natent = array(); $natent['source']['network'] = "{$osn}/{$ossubnet}"; $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for L2TP server"); + $natent['descr'] = gettext("Auto created rule for PPPoE server"); $natent['target'] = ""; - $natent['interface'] = $if2; + $natent['interface'] = $if; $natent['destination']['any'] = true; $natent['natport'] = ""; + $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); $a_out[] = $natent; } } - /* add openvpn interfaces */ - if($config['openvpn']['openvpn-server']) { - foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { - $natent = array(); - $natent['source']['network'] = $ovpnsrv['tunnel_network']; - $natent['sourceport'] = ""; - $natent['descr'] = gettext("Auto created rule for OpenVPN server"); - $natent['target'] = ""; - $natent['interface'] = $if2; - $natent['destination']['any'] = true; - $natent['natport'] = ""; - $a_out[] = $natent; - } + } + /* L2TP subnet */ + if($config['l2tp']['mode'] == "server") { + if (is_ipaddr($config['l2tp']['localip'])) { + if($config['l2tp']['l2tp_subnet'] <> "") + $ossubnet = $config['l2tp']['l2tp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['l2tp']['localip'], $ossubnet); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = gettext("Auto created rule for L2TP server"); + $natent['target'] = ""; + $natent['interface'] = $if; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); + $a_out[] = $natent; + } + } + /* add openvpn interfaces */ + if($config['openvpn']['openvpn-server']) { + foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { + $natent = array(); + $natent['source']['network'] = $ovpnsrv['tunnel_network']; + $natent['sourceport'] = ""; + $natent['descr'] = gettext("Auto created rule for OpenVPN server"); + $natent['target'] = ""; + $natent['interface'] = $if; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); + $a_out[] = $natent; } - } + } } $savemsg = gettext("Default rules for each interface have been created."); diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 5552071..479f6f4 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -74,6 +74,12 @@ if (isset($_GET['dup'])) { } if (isset($id) && $a_out[$id]) { + if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) ) + $pconfig['created'] = $a_out[$id]['created']; + + if ( isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated']) ) + $pconfig['updated'] = $a_out[$id]['updated']; + $pconfig['protocol'] = $a_out[$id]['protocol']; list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']); if (!is_numeric($pconfig['source_subnet'])) @@ -294,12 +300,18 @@ if ($_POST) { $natent['destination']['not'] = true; } + if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) ) + $natent['created'] = $a_out[$id]['created']; + + $natent['updated'] = make_config_revision_entry(); + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/pre_write_config"); if (isset($id) && $a_out[$id]) { $a_out[$id] = $natent; } else { + $natent['created'] = make_config_revision_entry(); if (is_numeric($after)) { array_splice($a_out, $after+1, 0, array($natent)); } else { @@ -655,6 +667,34 @@ any)");?></td> "for your reference (not parsed).");?></span></td> </tr> <?php +$has_created_time = (isset($a_out[$id]['created']) && is_array($a_out[$id]['created'])); +$has_updated_time = (isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated'])); +?> + <?php if ($has_created_time || $has_updated_time): ?> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Rule Information");?></td> + </tr> + <?php if ($has_created_time): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Created");?></td> + <td width="78%" class="vtable"> + <?= date(gettext("n/j/y H:i:s"), $a_out[$id]['created']['time']) ?> <?= gettext("by") ?> <strong><?= $a_out[$id]['created']['username'] ?></strong> + </td> + </tr> + <?php endif; ?> + <?php if ($has_updated_time): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Updated");?></td> + <td width="78%" class="vtable"> + <?= date(gettext("n/j/y H:i:s"), $a_out[$id]['updated']['time']) ?> <?= gettext("by") ?> <strong><?= $a_out[$id]['updated']['username'] ?></strong> + </td> + </tr> + <?php endif; ?> + <?php endif; ?> +<?php // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/htmlphplate"); ?> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index b205c46..b3e3c5e 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -78,6 +78,12 @@ if (isset($id) && $a_filter[$id]) { if (isset($a_filter[$id]['id'])) $pconfig['ruleid'] = $a_filter[$id]['id']; + if ( isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']) ) + $pconfig['created'] = $a_filter[$id]['created']; + + if ( isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated']) ) + $pconfig['updated'] = $a_filter[$id]['updated']; + if (!isset($a_filter[$id]['type'])) $pconfig['type'] = "pass"; else @@ -636,12 +642,18 @@ if ($_POST) { $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } + if ( isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']) ) + $filterent['created'] = $a_filter[$id]['created']; + + $filterent['updated'] = make_config_revision_entry(); + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); if (isset($id) && $a_filter[$id]) $a_filter[$id] = $filterent; else { + $filterent['created'] = make_config_revision_entry(); if (is_numeric($after)) array_splice($a_filter, $after+1, 0, array($filterent)); else @@ -1559,6 +1571,34 @@ $i--): ?> // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate"); ?> +<?php +$has_created_time = (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])); +$has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated'])); +?> + <?php if ($has_created_time || $has_updated_time): ?> + <tr> + <td> </td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Rule Information");?></td> + </tr> + <?php if ($has_created_time): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Created");?></td> + <td width="78%" class="vtable"> + <?= date(gettext("n/j/y H:i:s"), $a_filter[$id]['created']['time']) ?> <?= gettext("by") ?> <strong><?= $a_filter[$id]['created']['username'] ?></strong> + </td> + </tr> + <?php endif; ?> + <?php if ($has_updated_time): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Updated");?></td> + <td width="78%" class="vtable"> + <?= date(gettext("n/j/y H:i:s"), $a_filter[$id]['updated']['time']) ?> <?= gettext("by") ?> <strong><?= $a_filter[$id]['updated']['username'] ?></strong> + </td> + </tr> + <?php endif; ?> + <?php endif; ?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index 86dec52..0637639 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -611,6 +611,7 @@ function step12_submitphpaction() { $rule['protocol'] = strtolower($server['protocol']); $rule['type'] = "pass"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("OpenVPN Wizard")); $config['filter']['rule'][] = $rule; } if (isset($pconfig['step11']['ovpnallow'])) { @@ -625,6 +626,7 @@ function step12_submitphpaction() { //$rule['protocol'] = $server['protocol']; $rule['type'] = "pass"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("OpenVPN Wizard")); $config['filter']['rule'][] = $rule; } diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index d13a5a7..71bcea0 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -1349,6 +1349,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } @@ -1369,6 +1370,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; $rule = array(); @@ -1382,6 +1384,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ @@ -1397,6 +1400,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } else { @@ -1415,6 +1419,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $voip[2]."-".$voip[3]; if($voip[1] != '') $rule['protocol'] = $voip[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1438,6 +1443,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $p2pclient[2]."-".$p2pclient[3]; if($p2pclient[1] != '') $rule['protocol'] = $p2pclient[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1464,6 +1470,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $Gameclient[2]."-".$Gameclient[3]; if($Gameclient[1] != '') $rule['protocol'] = $Gameclient[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1516,8 +1523,8 @@ function apply_all_choosen_items() { } if($otherclient[1] != '') $rule['protocol'] = $otherclient[1]; - - $config['filter']['rule'][] = $rule; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); + $config['filter']['rule'][] = $rule; } } } diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index 2cc43e2..a5a73e1 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -1413,6 +1413,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1432,6 +1433,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; $rule = array(); @@ -1445,6 +1447,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { @@ -1461,6 +1464,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } else { @@ -1479,6 +1483,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $voip[2]."-".$voip[3]; if($voip[1] != '') $rule['protocol'] = $voip[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1502,6 +1507,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $p2pclient[2]."-".$p2pclient[3]; if($p2pclient[1] != '') $rule['protocol'] = $p2pclient[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1580,7 +1586,7 @@ function apply_all_choosen_items() { } if($otherclient[1] != '') $rule['protocol'] = $otherclient[1]; - + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index 707463d..8a1c8c6 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -1469,6 +1469,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } @@ -1489,6 +1490,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; $rule = array(); @@ -1502,6 +1504,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { @@ -1518,6 +1521,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } else { @@ -1536,6 +1540,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $voip[2]."-".$voip[3]; if($voip[1] != '') $rule['protocol'] = $voip[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1559,6 +1564,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $p2pclient[2]."-".$p2pclient[3]; if($p2pclient[1] != '') $rule['protocol'] = $p2pclient[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1585,6 +1591,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $Gameclient[2]."-".$Gameclient[3]; if($Gameclient[1] != '') $rule['protocol'] = $Gameclient[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1637,7 +1644,7 @@ function apply_all_choosen_items() { } if($otherclient[1] != '') $rule['protocol'] = $otherclient[1]; - + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index 95a4d94..8f53d60 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -1210,6 +1210,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } @@ -1230,6 +1231,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; $rule = array(); @@ -1243,6 +1245,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { @@ -1259,6 +1262,7 @@ function apply_all_choosen_items() { $rule['floating'] = "yes"; $rule['wizard'] = "yes"; $rule['enabled'] = "on"; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } else { @@ -1277,6 +1281,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $voip[2]."-".$voip[3]; if($voip[1] != '') $rule['protocol'] = $voip[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1300,6 +1305,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $p2pclient[2]."-".$p2pclient[3]; if($p2pclient[1] != '') $rule['protocol'] = $p2pclient[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1326,6 +1332,7 @@ function apply_all_choosen_items() { $rule['destination']['port'] = $Gameclient[2]."-".$Gameclient[3]; if($Gameclient[1] != '') $rule['protocol'] = $Gameclient[1]; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); $config['filter']['rule'][] = $rule; } } @@ -1378,8 +1385,8 @@ function apply_all_choosen_items() { } if($otherclient[1] != '') $rule['protocol'] = $otherclient[1]; - - $config['filter']['rule'][] = $rule; + $rule['created'] = make_config_revision_entry(null, gettext("Traffic Shaper Wizard")); + $config['filter']['rule'][] = $rule; } } } |