diff options
-rw-r--r-- | etc/inc/filter.inc | 61 | ||||
-rw-r--r-- | usr/local/www/firewall_rules.php | 24 | ||||
-rw-r--r-- | usr/local/www/firewall_rules_edit.php | 52 | ||||
-rw-r--r-- | usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js | 14 |
4 files changed, 104 insertions, 47 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 2c04067..e65ca64 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -57,6 +57,67 @@ $filterdns = array(); /* Used for aliases and interface macros */ $aliases = ""; +/* ICMP v4 types */ +$icmptypes = array( + "" => gettext("any"), + "echoreq" => gettext("Echo request"), + "echorep" => gettext("Echo reply"), + "unreach" => gettext("Destination unreachable"), + "squench" => gettext("Source quench"), + "redir" => gettext("Redirect"), + "althost" => gettext("Alternate Host"), + "routeradv" => gettext("Router advertisement"), + "routersol" => gettext("Router solicitation"), + "timex" => gettext("Time exceeded"), + "paramprob" => gettext("Invalid IP header"), + "timereq" => gettext("Timestamp"), + "timerep" => gettext("Timestamp reply"), + "inforeq" => gettext("Information request"), + "inforep" => gettext("Information reply"), + "maskreq" => gettext("Address mask request"), + "maskrep" => gettext("Address mask reply"), + "trace" => gettext("Traceroute"), + "dataconv" => gettext("Datagram conversion error"), + "mobredir" => gettext("Mobile host redirect"), + "ipv6-where" => gettext("IPv6 where-are-you"), + "ipv6-here" => gettext("IPv6 I-am-here"), + "mobregreq" => gettext("Mobile registration request"), + "mobregrep" => gettext("Mobile registration reply"), + "skip" => gettext("SKIP"), + "photuris" => gettext("Photuris") +); + +/* ICMP v6 types */ +$icmp6types = array( + "" => gettext("any"), + "unreach" => gettext("Destination unreachable"), + "toobig" => gettext("Packet too big"), + "timex" => gettext("Time exceeded"), + "paramprob" => gettext("Parameter problem"), + "echoreq" => gettext("Echo request"), + "echorep" => gettext("Echo reply"), + "groupqry" => gettext("Group membership query"), + "listqry" => gettext("Multicast listener query"), + "grouprep" => gettext("Group membership report"), + "listenrep" => gettext("Multicast listener report"), + "groupterm" => gettext("Group membership termination"), + "listendone" => gettext("Multicast listener done"), + "routersol" => gettext("Router solicitation"), + "routeradv" => gettext("Router advertisement"), + "neighbrsol" => gettext("Neighbor solicitation"), + "neighbradv" => gettext("Neighbor advertisement"), + "redir" => gettext("Redirect"), + "routrrenum" => gettext("Router renumbering"), + "wrureq" => gettext("Who are you request"), + "wrurep" => gettext("Who are you reply"), + "fqdnreq" => gettext("FQDN query"), + "fqdnrep" => gettext("FQDN reply"), + "niqry" => gettext("Node information request"), + "nirep" => gettext("Node information reply"), + "mtraceresp" => gettext("mtrace resp"), + "mtrace" => gettext("mtrace messages") +); + global $tracker; $tracker = 1000000000; diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index fe98195..250ce64 100644 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -123,26 +123,6 @@ if($_REQUEST['dragdroporder']) { exit; } -$icmptypes = array( - "" => gettext("any"), - "echoreq" => gettext("Echo request"), - "echorep" => gettext("Echo reply"), - "unreach" => gettext("Destination unreachable"), - "squench" => gettext("Source quench"), - "redir" => gettext("Redirect"), - "althost" => gettext("Alternate Host"), - "routeradv" => gettext("Router advertisement"), - "routersol" => gettext("Router solicitation"), - "timex" => gettext("Time exceeded"), - "paramprob" => gettext("Invalid IP header"), - "timereq" => gettext("Timestamp"), - "timerep" => gettext("Timestamp reply"), - "inforeq" => gettext("Information request"), - "inforep" => gettext("Information reply"), - "maskreq" => gettext("Address mask request"), - "maskrep" => gettext("Address mask reply") -); - /* add group interfaces */ if (is_array($config['ifgroups']['ifgroupentry'])) foreach($config['ifgroups']['ifgroupentry'] as $ifgen) @@ -714,7 +694,9 @@ if($_REQUEST['undodrag']) { if (isset($filterent['protocol'])) { echo strtoupper($filterent['protocol']); if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) { - echo ' <span style="cursor: help;" title="ICMP type: ' . $icmptypes[$filterent['icmptype']] . '"><u>'; + echo ' <span style="cursor: help;" title="ICMP type: ' . + ( $filterent['ipprotocol'] == "inet6" ? $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']] ) . + '"><u>'; echo $filterent['icmptype']; echo '</u></span>'; } diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 1b81349..ae12d96 100644 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -691,9 +691,14 @@ if ($_POST) { else unset($filterent['protocol']); - if ($_POST['proto'] == "icmp" && $_POST['icmptype']) - $filterent['icmptype'] = $_POST['icmptype']; - else + if ($_POST['proto'] == "icmp") { + if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type']) + $filterent['icmptype'] = $_POST['icmp6type']; + else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype']) + $filterent['icmptype'] = $_POST['icmptype']; + else + unset($filterent['icmptype']); + } else unset($filterent['icmptype']); pconfig_to_address($filterent['source'], $_POST['src'], @@ -966,7 +971,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td> <td width="78%" class="vtable"> - <select name="ipprotocol" class="formselect"> + <select name="ipprotocol" class="formselect" onchange="proto_change()"> <?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6' ); foreach ($ipproto as $proto => $name): ?> <option value="<?=$proto;?>" @@ -998,27 +1003,24 @@ include("head.inc"); <td class="vtable"> <select <?=$edit_disabled;?> name="icmptype" class="formselect"> <?php - $icmptypes = array( - "" => gettext("any"), - "echoreq" => gettext("Echo request"), - "echorep" => gettext("Echo reply"), - "unreach" => gettext("Destination unreachable"), - "squench" => gettext("Source quench"), - "redir" => gettext("Redirect"), - "althost" => gettext("Alternate Host"), - "routeradv" => gettext("Router advertisement"), - "routersol" => gettext("Router solicitation"), - "timex" => gettext("Time exceeded"), - "paramprob" => gettext("Invalid IP header"), - "timereq" => gettext("Timestamp"), - "timerep" => gettext("Timestamp reply"), - "inforeq" => gettext("Information request"), - "inforep" => gettext("Information reply"), - "maskreq" => gettext("Address mask request"), - "maskrep" => gettext("Address mask reply") - ); - - foreach ($icmptypes as $icmptype => $descr): ?> + foreach ($icmptypes as $icmptype => $descr): +?> + <option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($descr);?></option> +<?php + endforeach; +?> + </select> + <br /> + <span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span> + </td> + </tr> + <tr id="icmp6box"> + <td valign="top" class="vncell"><?=gettext("ICMPv6 type");?></td> + <td class="vtable"> + <select <?=$edit_disabled;?> name="icmp6type" class="formselect"> +<?php + foreach ($icmp6types as $icmptype => $descr): +?> <option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($descr);?></option> <?php endforeach; diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js index f8d714d..de1ff0c 100644 --- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js +++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js @@ -111,16 +111,28 @@ function proto_change() { if (document.iform.proto.selectedIndex == 3) { document.iform.icmptype.disabled = 0; + document.iform.icmp6type.disabled = 0; } else { document.iform.icmptype.disabled = 1; + document.iform.icmp6type.disabled = 1; } ext_change(); if(document.iform.proto.selectedIndex == 3 || document.iform.proto.selectedIndex == 4) { - document.getElementById("icmpbox").style.display = ''; + if(document.iform.ipprotocol.selectedIndex == 0) { // IPv4 + document.getElementById("icmpbox").style.display = ''; + document.getElementById("icmp6box").style.display = 'none'; + } else if(document.iform.ipprotocol.selectedIndex == 1) { // IPv6 + document.getElementById("icmpbox").style.display = 'none'; + document.getElementById("icmp6box").style.display = ''; + } else { // IPv4 + IPv6 + document.getElementById("icmpbox").style.display = 'none'; + document.getElementById("icmp6box").style.display = 'none'; + } } else { document.getElementById("icmpbox").style.display = 'none'; + document.getElementById("icmp6box").style.display = 'none'; } if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { |