diff options
-rw-r--r-- | usr/local/www/firewall_nat.php | 394 | ||||
-rw-r--r-- | usr/local/www/firewall_nat_1to1.php | 49 | ||||
-rw-r--r-- | usr/local/www/firewall_nat_1to1_edit.php | 119 | ||||
-rw-r--r-- | usr/local/www/firewall_nat_edit.php | 609 | ||||
-rw-r--r-- | usr/local/www/firewall_nat_npt.php | 175 | ||||
-rw-r--r-- | usr/local/www/firewall_nat_npt_edit.php | 285 | ||||
-rw-r--r-- | usr/local/www/firewall_nat_out.php | 153 | ||||
-rw-r--r-- | usr/local/www/firewall_nat_out_edit.php | 170 |
8 files changed, 1095 insertions, 859 deletions
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index adbb948..2fba0b7 100644 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -48,14 +48,16 @@ require_once("filter.inc"); require_once("shaper.inc"); require_once("itemid.inc"); -if (!is_array($config['nat']['rule'])) +if (!is_array($config['nat']['rule'])) { $config['nat']['rule'] = array(); +} $a_nat = &$config['nat']['rule']; /* if a custom message has been passed along, lets process it */ -if ($_GET['savemsg']) +if ($_GET['savemsg']) { $savemsg = $_GET['savemsg']; +} if ($_POST) { @@ -89,8 +91,9 @@ if ($_GET['act'] == "del") { if (write_config()) { mark_subsystem_dirty('natconf'); - if ($want_dirty_filter) + if ($want_dirty_filter) { mark_subsystem_dirty('filter'); + } } header("Location: firewall_nat.php"); exit; @@ -98,66 +101,73 @@ if ($_GET['act'] == "del") { } if (isset($_POST['del_x'])) { - /* delete selected rules */ - if (is_array($_POST['rule']) && count($_POST['rule'])) { - foreach ($_POST['rule'] as $rulei) { + /* delete selected rules */ + if (is_array($_POST['rule']) && count($_POST['rule'])) { + foreach ($_POST['rule'] as $rulei) { $target = $rule['target']; // Check for filter rule associations if (isset($a_nat[$rulei]['associated-rule-id'])){ delete_id($a_nat[$rulei]['associated-rule-id'], $config['filter']['rule']); - + mark_subsystem_dirty('filter'); } - unset($a_nat[$rulei]); - } - if (write_config()) + unset($a_nat[$rulei]); + } + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat.php"); exit; } } else { - /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ - unset($movebtn); - foreach ($_POST as $pn => $pd) { - if (preg_match("/move_(\d+)_x/", $pn, $matches)) { - $movebtn = $matches[1]; - break; - } - } - /* move selected rules before this rule */ - if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) { - $a_nat_new = array(); - - /* copy all rules < $movebtn and not selected */ - for ($i = 0; $i < $movebtn; $i++) { - if (!in_array($i, $_POST['rule'])) - $a_nat_new[] = $a_nat[$i]; - } - - /* copy all selected rules */ - for ($i = 0; $i < count($a_nat); $i++) { - if ($i == $movebtn) - continue; - if (in_array($i, $_POST['rule'])) - $a_nat_new[] = $a_nat[$i]; - } - - /* copy $movebtn rule */ - if ($movebtn < count($a_nat)) - $a_nat_new[] = $a_nat[$movebtn]; - - /* copy all rules > $movebtn and not selected */ - for ($i = $movebtn+1; $i < count($a_nat); $i++) { - if (!in_array($i, $_POST['rule'])) - $a_nat_new[] = $a_nat[$i]; - } - $a_nat = $a_nat_new; - if (write_config()) - mark_subsystem_dirty('natconf'); - header("Location: firewall_nat.php"); - exit; - } + /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */ + unset($movebtn); + foreach ($_POST as $pn => $pd) { + if (preg_match("/move_(\d+)_x/", $pn, $matches)) { + $movebtn = $matches[1]; + break; + } + } + /* move selected rules before this rule */ + if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) { + $a_nat_new = array(); + + /* copy all rules < $movebtn and not selected */ + for ($i = 0; $i < $movebtn; $i++) { + if (!in_array($i, $_POST['rule'])) { + $a_nat_new[] = $a_nat[$i]; + } + } + + /* copy all selected rules */ + for ($i = 0; $i < count($a_nat); $i++) { + if ($i == $movebtn) { + continue; + } + if (in_array($i, $_POST['rule'])) { + $a_nat_new[] = $a_nat[$i]; + } + } + + /* copy $movebtn rule */ + if ($movebtn < count($a_nat)) { + $a_nat_new[] = $a_nat[$movebtn]; + } + + /* copy all rules > $movebtn and not selected */ + for ($i = $movebtn+1; $i < count($a_nat); $i++) { + if (!in_array($i, $_POST['rule'])) { + $a_nat_new[] = $a_nat[$i]; + } + } + $a_nat = $a_nat_new; + if (write_config()) { + mark_subsystem_dirty('natconf'); + } + header("Location: firewall_nat.php"); + exit; + } } $closehead = false; @@ -181,7 +191,7 @@ echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></ <?php print_info_box_np(gettext("The NAT configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br /> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat"> - <tr><td> + <tr><td> <?php $tab_array = array(); $tab_array[] = array(gettext("Port Forward"), true, "firewall_nat.php"); @@ -190,41 +200,42 @@ echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></ $tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php"); display_top_tabs($tab_array); ?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> - <tr id="frheader"> - <td width="3%" class="list"> </td> - <td width="3%" class="list"> </td> - <td width="5%" class="listhdrr"><?=gettext("If");?></td> - <td width="5%" class="listhdrr"><?=gettext("Proto");?></td> - <td width="11%" class="listhdrr nowrap"><?=gettext("Src. addr");?></td> - <td width="11%" class="listhdrr nowrap"><?=gettext("Src. ports");?></td> - <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. addr");?></td> - <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. ports");?></td> - <td width="11%" class="listhdrr nowrap"><?=gettext("NAT IP");?></td> - <td width="11%" class="listhdrr nowrap"><?=gettext("NAT Ports");?></td> - <td width="11%" class="listhdr"><?=gettext("Description");?></td> - <td width="5%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="list"> - <tr> - <td width="17"> - <?php if (count($a_nat) == 0): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" /> - <?php else: ?> - <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" /> - <?php endif; ?> - </td> - <td><a href="firewall_nat_edit.php?after=-1"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?> - <?php - + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> + <tr id="frheader"> + <td width="3%" class="list"> </td> + <td width="3%" class="list"> </td> + <td width="5%" class="listhdrr"><?=gettext("If");?></td> + <td width="5%" class="listhdrr"><?=gettext("Proto");?></td> + <td width="11%" class="listhdrr nowrap"><?=gettext("Src. addr");?></td> + <td width="11%" class="listhdrr nowrap"><?=gettext("Src. ports");?></td> + <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. addr");?></td> + <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. ports");?></td> + <td width="11%" class="listhdrr nowrap"><?=gettext("NAT IP");?></td> + <td width="11%" class="listhdrr nowrap"><?=gettext("NAT Ports");?></td> + <td width="11%" class="listhdr"><?=gettext("Description");?></td> + <td width="5%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="list"> + <tr> + <td width="17"> + <?php if (count($a_nat) == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" /> + <?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" /> + <?php endif; ?> + </td> + <td><a href="firewall_nat_edit.php?after=-1"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> + <?php + $nnats = $i = 0; + foreach ($a_nat as $natent): + //build Alias popup box $span_end = "</U></span>"; @@ -248,59 +259,62 @@ echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></ $alias_target_span_end = $alias_popup["dst_end"]; $alias_local_port_span_end = $alias_popup["dstport_end"]; - if (isset($natent['disabled'])) + if (isset($natent['disabled'])) { $textss = "<span class=\"gray\">"; - else + } else { $textss = "<span>"; + } $textse = "</span>"; - + /* if user does not have access to edit an interface skip on to the next record */ - if(!have_natpfruleint_access($natent['interface'])) + if (!have_natpfruleint_access($natent['interface'])) { continue; + } ?> - <tr valign="top" id="fr<?=$nnats;?>"> - <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> - <td class="listt" align="center"> - <?php if($natent['associated-rule-id'] == "pass"): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="<?=gettext("All traffic matching this NAT entry is passed"); ?>" border="0" alt="pass" /> + <tr valign="top" id="fr<?=$nnats;?>"> + <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> + <td class="listt" align="center"> + <?php if ($natent['associated-rule-id'] == "pass"): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="<?=gettext("All traffic matching this NAT entry is passed"); ?>" border="0" alt="pass" /> <?php elseif (!empty($natent['associated-rule-id'])): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="<?=gettext("Firewall rule ID"); ?> <?=htmlspecialchars($nnatid); ?> <?=gettext("is managed with this rule"); ?>" border="0" alt="change" /> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="<?=gettext("Firewall rule ID"); ?> <?=htmlspecialchars($nnatid); ?> <?=gettext("is managed with this rule"); ?>" border="0" alt="change" /> <?php endif; ?> - </td> - <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=$textss;?> - <?php - if (!$natent['interface']) - echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); - else - echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); - ?> - <?=$textse;?> - </td> - - <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?> - </td> - - <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?> - </td> - - <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?> - </td> - - <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?> - </td> - <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + </td> + <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?> + <?php + if (!$natent['interface']) { + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); + } else { + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); + } + ?> + <?=$textse;?> + </td> + + <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?> + </td> + + <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?> + </td> + + <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?> + </td> + + <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?> + </td> + <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> <?php $localport = $natent['local-port']; @@ -311,67 +325,71 @@ echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></ $localport .= '-' . $localendport; } ?> - <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?> - </td> - - <td class="listbg" onclick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=$textss;?><?=htmlspecialchars($natent['descr']);?> <?=$textse;?> - </td> - <td valign="middle" class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="move"> - <tr> - <td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected rules before this rule");?>" height="17" type="image" width="17" border="0" /></td> - <td><a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>"></a></td> - </tr> - <tr> - <td align="center" valign="middle"><a href="firewall_nat.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule");?>" alt="delete" /></a></td> - <td><a href="firewall_nat_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new NAT based on this one");?>" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; $nnats++; endforeach; ?> - <tr> - <td class="list" colspan="8"></td> - <td> </td> - <td> </td> - <td> </td> - <td class="list nowrap" valign="middle"> - <table border="0" cellspacing="0" cellpadding="1" summary="move"> - <tr> - <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17;border:0" title="<?=gettext("move selected rules to end");?>" /><?php endif; ?></td> - </tr> - <tr> - <td width="17"> - <?php if (count($a_nat) == 0): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" /> - <?php else: ?> - <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" /> - <?php endif; ?> - </td> - <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <tr><td> </td></tr> - <tr> - <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" alt="pass" /></td> - <td colspan="3"><?=gettext("pass"); ?></td> - </tr> - <tr> - <td width="14"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="11" height="11" alt="chain" /></td> - <td colspan="3"><?=gettext("linked rule");?></td> - </tr> - </table> - </div> - </td> - </tr> + <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?> + </td> + + <td class="listbg" onclick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?=htmlspecialchars($natent['descr']);?> <?=$textse;?> + </td> + <td valign="middle" class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="move"> + <tr> + <td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected rules before this rule");?>" height="17" type="image" width="17" border="0" /></td> + <td><a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>"></a></td> + </tr> + <tr> + <td align="center" valign="middle"><a href="firewall_nat.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule");?>" alt="delete" /></a></td> + <td><a href="firewall_nat_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new NAT based on this one");?>" width="17" height="17" border="0" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> + <?php + $i++; + $nnats++; + endforeach; + ?> + <tr> + <td class="list" colspan="8"></td> + <td> </td> + <td> </td> + <td> </td> + <td class="list nowrap" valign="middle"> + <table border="0" cellspacing="0" cellpadding="1" summary="move"> + <tr> + <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17;border:0" title="<?=gettext("move selected rules to end");?>" /><?php endif; ?></td> + </tr> + <tr> + <td width="17"> + <?php if (count($a_nat) == 0): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" /> + <?php else: ?> + <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" /> + <?php endif; ?> + </td> + <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> + <tr><td> </td></tr> + <tr> + <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" alt="pass" /></td> + <td colspan="3"><?=gettext("pass"); ?></td> + </tr> + <tr> + <td width="14"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="11" height="11" alt="chain" /></td> + <td colspan="3"><?=gettext("linked rule");?></td> + </tr> + </table> + </div> + </td> + </tr> </table> <?php if ($pkg['tabs'] <> "") { - echo "</td></tr></table>"; + echo "</td></tr></table>"; } ?> diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index 56adc69..fea2dd4 100644 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -46,8 +46,9 @@ require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); -if (!is_array($config['nat']['onetoone'])) +if (!is_array($config['nat']['onetoone'])) { $config['nat']['onetoone'] = array(); +} $a_1to1 = &$config['nat']['onetoone']; @@ -69,8 +70,9 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_1to1[$_GET['id']]) { unset($a_1to1[$_GET['id']]); - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_1to1.php"); exit; } @@ -82,20 +84,23 @@ if (isset($_POST['del_x'])) { foreach ($_POST['rule'] as $rulei) { unset($a_1to1[$rulei]); } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_1to1.php"); exit; } } else if ($_GET['act'] == "toggle") { if ($a_1to1[$_GET['id']]) { - if(isset($a_1to1[$_GET['id']]['disabled'])) + if (isset($a_1to1[$_GET['id']]['disabled'])) { unset($a_1to1[$_GET['id']]['disabled']); - else + } else { $a_1to1[$_GET['id']]['disabled'] = true; - if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule")) + } + if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule")) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_1to1.php"); exit; } @@ -114,32 +119,39 @@ if (isset($_POST['del_x'])) { /* copy all rules < $movebtn and not selected */ for ($i = 0; $i < $movebtn; $i++) { - if (!in_array($i, $_POST['rule'])) + if (!in_array($i, $_POST['rule'])) { $a_1to1_new[] = $a_1to1[$i]; + } } /* copy all selected rules */ for ($i = 0; $i < count($a_1to1); $i++) { - if ($i == $movebtn) + if ($i == $movebtn) { continue; - if (in_array($i, $_POST['rule'])) + } + if (in_array($i, $_POST['rule'])) { $a_1to1_new[] = $a_1to1[$i]; + } } /* copy $movebtn rule */ - if ($movebtn < count($a_1to1)) + if ($movebtn < count($a_1to1)) { $a_1to1_new[] = $a_1to1[$movebtn]; + } /* copy all rules > $movebtn and not selected */ for ($i = $movebtn+1; $i < count($a_1to1); $i++) { - if (!in_array($i, $_POST['rule'])) + if (!in_array($i, $_POST['rule'])) { $a_1to1_new[] = $a_1to1[$i]; + } } - if (count($a_1to1_new) > 0) + if (count($a_1to1_new) > 0) { $a_1to1 = $a_1to1_new; + } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_1to1.php"); exit; } @@ -154,12 +166,14 @@ include("head.inc"); <form action="firewall_nat_1to1.php" method="post"> <script type="text/javascript" src="/javascript/row_toggle.js"></script> <?php -if ($savemsg) +if ($savemsg) { print_info_box($savemsg); -if (is_subsystem_dirty('natconf')) +} +if (is_subsystem_dirty('natconf')) { print_info_box_np(gettext("The NAT configuration has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect.")); +} ?> <br /> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat 1to1"> @@ -222,10 +236,11 @@ if (is_subsystem_dirty('natconf')) <td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';"> <?php echo $textss; - if (!$natent['interface']) + if (!$natent['interface']) { echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); - else + } else { echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); + } echo $textse; ?> </td> diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 783e4bf..5964c5d 100644 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -55,21 +55,25 @@ foreach ($ifdisp as $kif => $kdescr) { $specialsrcdst[] = "{$kif}ip"; } -if (!is_array($config['nat']['onetoone'])) +if (!is_array($config['nat']['onetoone'])) { $config['nat']['onetoone'] = array(); +} $a_1to1 = &$config['nat']['onetoone']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} $after = $_GET['after']; -if (isset($_POST['after'])) +if (isset($_POST['after'])) { $after = $_POST['after']; +} -if (isset($_GET['dup'])) { +if (isset($_GET['dup'])) { $id = $_GET['dup']; $after = $_GET['dup']; } @@ -86,30 +90,34 @@ if (isset($id) && $a_1to1[$id]) { $pconfig['dstbeginport'], $pconfig['dstendport']); $pconfig['interface'] = $a_1to1[$id]['interface']; - if (!$pconfig['interface']) + if (!$pconfig['interface']) { $pconfig['interface'] = "wan"; + } $pconfig['external'] = $a_1to1[$id]['external']; $pconfig['descr'] = $a_1to1[$id]['descr']; $pconfig['natreflection'] = $a_1to1[$id]['natreflection']; -} else +} else { $pconfig['interface'] = "wan"; +} -if (isset($_GET['dup'])) +if (isset($_GET['dup'])) { unset($id); +} if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user + /* run through $_POST items encoding HTML entities so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { $temp = str_replace(">", "", $value); $newpost = htmlentities($temp); - if($newpost <> $temp) + if ($newpost <> $temp) { $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } } /* input validation */ @@ -126,12 +134,15 @@ if ($_POST) { do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if ($_POST['external']) + if ($_POST['external']) { $_POST['external'] = trim($_POST['external']); - if ($_POST['src']) + } + if ($_POST['src']) { $_POST['src'] = trim($_POST['src']); - if ($_POST['dst']) + } + if ($_POST['dst']) { $_POST['dst'] = trim($_POST['dst']); + } if (is_specialnet($_POST['srctype'])) { $_POST['src'] = $_POST['srctype']; @@ -151,12 +162,14 @@ if ($_POST) { } /* For external, user can enter only ip's */ - if (($_POST['external'] && !is_ipaddr($_POST['external']))) + if (($_POST['external'] && !is_ipaddr($_POST['external']))) { $input_errors[] = gettext("A valid external subnet must be specified."); + } /* For dst, if user enters an alias and selects "network" then disallow. */ - if ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) + if ($_POST['dsttype'] == "network" && is_alias($_POST['dst'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); + } /* For src, user can enter only ip's or networks */ if (!is_specialnet($_POST['srctype'])) { @@ -180,8 +193,9 @@ if ($_POST) { /* check for overlaps with other 1:1 */ foreach ($a_1to1 as $natent) { - if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) + if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) { continue; + } if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) { //$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet."; @@ -203,22 +217,25 @@ if ($_POST) { pconfig_to_address($natent['destination'], $_POST['dst'], $_POST['dstmask'], $_POST['dstnot']); - if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") { $natent['natreflection'] = $_POST['natreflection']; - else + } else { unset($natent['natreflection']); + } - if (isset($id) && $a_1to1[$id]) + if (isset($id) && $a_1to1[$id]) { $a_1to1[$id] = $natent; - else { - if (is_numeric($after)) + } else { + if (is_numeric($after)) { array_splice($a_1to1, $after+1, 0, array($natent)); - else + } else { $a_1to1[] = $natent; + } } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_1to1.php"); exit; } @@ -275,8 +292,9 @@ function typesel_change() { <?php include("fbegin.inc"); -if ($input_errors) +if ($input_errors) { print_input_errors($input_errors); +} ?> <form action="firewall_nat_1to1_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat 1to1 edit"> @@ -296,29 +314,39 @@ if ($input_errors) <td width="78%" class="vtable"> <select name="interface" class="formselect"> <?php - foreach ($ifdisp as $if => $ifdesc) - if(have_ruleint_access($if)) + foreach ($ifdisp as $if => $ifdesc) { + if (have_ruleint_access($if)) { $interfaces[$if] = $ifdesc; + } + } - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) + if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { $interfaces['l2tp'] = "L2TP VPN"; + } + } - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { $interfaces['pptp'] = "PPTP VPN"; + } + } - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { $interfaces['pppoe'] = "PPPoE Server"; + } /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (have_ruleint_access("enc0")) { $interfaces["enc0"] = "IPsec"; + } + } /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $interfaces["openvpn"] = "OpenVPN"; + } foreach ($interfaces as $iface => $ifacename): ?> @@ -329,8 +357,9 @@ if ($input_errors) endforeach; ?> </select><br /> - <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br /> - <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td> + <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br /> + <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span> + </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("External subnet IP"); ?></td> @@ -367,23 +396,23 @@ if ($input_errors) </option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option> <?php - if(have_ruleint_access("pptp")): + if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option> <?php endif; - if(have_ruleint_access("pppoe")): + if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option> <?php endif; - if(have_ruleint_access("l2tp")): + if (have_ruleint_access("l2tp")): ?> <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> <?php endif; foreach ($ifdisp as $ifent => $ifdesc): - if(have_ruleint_access($ifent)): + if (have_ruleint_access($ifent)): ?> <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>> <?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?> @@ -406,7 +435,7 @@ if ($input_errors) <?php for ($i = 31; $i > 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> <?php endfor; ?> @@ -442,21 +471,21 @@ if ($input_errors) <?=gettext("Network"); ?> </option> <?php - if(have_ruleint_access("pptp")): + if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>> <?=gettext("PPTP clients"); ?> </option> <?php endif; - if(have_ruleint_access("pppoe")): + if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>> <?=gettext("PPPoE clients"); ?> </option> <?php endif; - if(have_ruleint_access("l2tp")): + if (have_ruleint_access("l2tp")): ?> <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>> <?=gettext("L2TP clients"); ?> @@ -465,7 +494,7 @@ if ($input_errors) endif; foreach ($ifdisp as $if => $ifdesc): - if(have_ruleint_access($if)): + if (have_ruleint_access($if)): ?> <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?> diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index d8f04d2..4488e2f 100644 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -60,27 +60,33 @@ if (!is_array($config['nat']['rule'])) { } $a_nat = &$config['nat']['rule']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (is_numericint($_GET['after']) || $_GET['after'] == "-1") +if (is_numericint($_GET['after']) || $_GET['after'] == "-1") { $after = $_GET['after']; -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) +} +if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { $after = $_POST['after']; +} if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_nat[$id]) { - if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) ) + if (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])) { $pconfig['created'] = $a_nat[$id]['created']; + } - if ( isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']) ) + if (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])) { $pconfig['updated'] = $a_nat[$id]['updated']; + } $pconfig['disabled'] = isset($a_nat[$id]['disabled']); $pconfig['nordr'] = isset($a_nat[$id]['nordr']); @@ -101,8 +107,9 @@ if (isset($id) && $a_nat[$id]) { $pconfig['nosync'] = isset($a_nat[$id]['nosync']); $pconfig['natreflection'] = $a_nat[$id]['natreflection']; - if (!$pconfig['interface']) + if (!$pconfig['interface']) { $pconfig['interface'] = "wan"; + } } else { $pconfig['interface'] = "wan"; $pconfig['src'] = "any"; @@ -110,61 +117,74 @@ if (isset($id) && $a_nat[$id]) { $pconfig['srcendport'] = "any"; } -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); +} -/* run through $_POST items encoding HTML entties so that the user +/* run through $_POST items encoding HTML entities so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ unset($input_errors); foreach ($_POST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); - if($newpost <> $temp) + if ($newpost <> $temp) { $input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp); + } } if ($_POST) { - if(strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") { - if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + if (strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") { + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) { $_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']); - if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + } + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) { $_POST['srcendport'] = trim($_POST['srcendport_cust']); + } if ($_POST['srcbeginport'] == "any") { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; } else { - if (!$_POST['srcendport']) + if (!$_POST['srcendport']) { $_POST['srcendport'] = $_POST['srcbeginport']; + } } - if ($_POST['srcendport'] == "any") + if ($_POST['srcendport'] == "any") { $_POST['srcendport'] = $_POST['srcbeginport']; + } - if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) { $_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']); - if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + } + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) { $_POST['dstendport'] = trim($_POST['dstendport_cust']); + } if ($_POST['dstbeginport'] == "any") { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } else { - if (!$_POST['dstendport']) + if (!$_POST['dstendport']) { $_POST['dstendport'] = $_POST['dstbeginport']; + } } - if ($_POST['dstendport'] == "any") + if ($_POST['dstendport'] == "any") { $_POST['dstendport'] = $_POST['dstbeginport']; + } - if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) + if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) { $_POST['localbeginport'] = trim($_POST['localbeginport_cust']); + } /* Make beginning port end port if not defined and endport is */ - if (!$_POST['srcbeginport'] && $_POST['srcendport']) + if (!$_POST['srcbeginport'] && $_POST['srcendport']) { $_POST['srcbeginport'] = $_POST['srcendport']; - if (!$_POST['dstbeginport'] && $_POST['dstendport']) + } + if (!$_POST['dstbeginport'] && $_POST['dstendport']) { $_POST['dstbeginport'] = $_POST['dstendport']; + } } else { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; @@ -192,7 +212,7 @@ if ($_POST) { $pconfig = $_POST; /* input validation */ - if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { + if (strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { $reqdfields = explode(" ", "interface proto dstbeginport dstendport"); $reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to")); } else { @@ -224,33 +244,40 @@ if ($_POST) { $_POST['dstendport'] = 0; } - if ($_POST['src']) + if ($_POST['src']) { $_POST['src'] = trim($_POST['src']); - if ($_POST['dst']) + } + if ($_POST['dst']) { $_POST['dst'] = trim($_POST['dst']); - if ($_POST['localip']) + } + if ($_POST['localip']) { $_POST['localip'] = trim($_POST['localip']); + } if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']); } - if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) + if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']); - if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) + } + if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']); - if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) + } + if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']); - if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) + } + if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']); + } if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) { $input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']); } /* if user enters an alias and selects "network" then disallow. */ - if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) ) - || ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) { + if (($_POST['srctype'] == "network" && is_alias($_POST['src']) ) || + ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) )) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); } @@ -285,34 +312,39 @@ if ($_POST) { } if (!$input_errors) { - if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) + if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) { $input_errors[] = gettext("The target port range must be an integer between 1 and 65535."); + } } /* check for overlaps */ foreach ($a_nat as $natent) { - if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) { continue; - if ($natent['interface'] != $_POST['interface']) + } + if ($natent['interface'] != $_POST['interface']) { continue; - if ($natent['destination']['address'] != $_POST['dst']) + } + if ($natent['destination']['address'] != $_POST['dst']) { continue; - if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) + } + if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) { continue; + } list($begp,$endp) = explode("-", $natent['destination']['port']); - if (!$endp) + if (!$endp) { $endp = $begp; + } - if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) - || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { - + if (!((($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) || + (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { $input_errors[] = gettext("The destination port range overlaps with an existing entry."); break; } } - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation"); if (!$input_errors) { @@ -344,21 +376,24 @@ if ($_POST) { $natent['descr'] = $_POST['descr']; $natent['associated-rule-id'] = $_POST['associated-rule-id']; - if($_POST['filter-rule-association'] == "pass") + if ($_POST['filter-rule-association'] == "pass") { $natent['associated-rule-id'] = "pass"; + } - if($_POST['nosync'] == "yes") + if ($_POST['nosync'] == "yes") { $natent['nosync'] = true; - else + } else { unset($natent['nosync']); + } - if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "purenat" || $_POST['natreflection'] == "disable") + if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "purenat" || $_POST['natreflection'] == "disable") { $natent['natreflection'] = $_POST['natreflection']; - else + } else { unset($natent['natreflection']); + } // If we used to have an associated filter rule, but no-longer should have one - if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { + if (!empty($a_nat[$id]) && (empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'])) { // Delete the previous rule delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']); mark_subsystem_dirty('filter'); @@ -366,19 +401,21 @@ if ($_POST) { $need_filter_rule = false; // Updating a rule with a filter rule associated - if (!empty($natent['associated-rule-id'])) + if (!empty($natent['associated-rule-id'])) { $need_filter_rule = true; + } // Create a rule or if we want to create a new one - if( $natent['associated-rule-id']=='new' ) { + if ($natent['associated-rule-id']=='new') { $need_filter_rule = true; unset( $natent['associated-rule-id'] ); $_POST['filter-rule-association']='add-associated'; } // If creating a new rule, where we want to add the filter rule, associated or not - else if( isset($_POST['filter-rule-association']) && - ($_POST['filter-rule-association']=='add-associated' || - $_POST['filter-rule-association']=='add-unassociated') ) + else if (isset($_POST['filter-rule-association']) && + ($_POST['filter-rule-association']=='add-associated' || + $_POST['filter-rule-association']=='add-unassociated')) { $need_filter_rule = true; + } if ($need_filter_rule == true) { @@ -388,10 +425,11 @@ if ($_POST) { // If a rule already exists, load it if (!empty($natent['associated-rule-id'])) { $filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']); - if ($filterentid === false) + if ($filterentid === false) { $filterent['associated-rule-id'] = $natent['associated-rule-id']; - else + } else { $filterent =& $config['filter']['rule'][$filterentid]; + } } pconfig_to_address($filterent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot'], @@ -405,10 +443,11 @@ if ($_POST) { $dstpfrom = $_POST['localbeginport']; $dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport']; - if ($dstpfrom == $dstpto) + if ($dstpfrom == $dstpto) { $filterent['destination']['port'] = $dstpfrom; - else + } else { $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto; + } /* * Our firewall filter description may be no longer than @@ -417,7 +456,7 @@ if ($_POST) { $filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62); // If this is a new rule, create an ID and add the rule - if( $_POST['filter-rule-association']=='add-associated' ) { + if ($_POST['filter-rule-association']=='add-associated') { $filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id(); $filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward")); $config['filter']['rule'][] = $filterent; @@ -426,27 +465,30 @@ if ($_POST) { mark_subsystem_dirty('filter'); } - if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) ) + if (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])) { $natent['created'] = $a_nat[$id]['created']; + } $natent['updated'] = make_config_revision_entry(); - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config"); // Update the NAT entry now - if (isset($id) && $a_nat[$id]) + if (isset($id) && $a_nat[$id]) { $a_nat[$id] = $natent; - else { + } else { $natent['created'] = make_config_revision_entry(); - if (is_numeric($after)) + if (is_numeric($after)) { array_splice($a_nat, $after+1, 0, array($natent)); - else + } else { $a_nat[] = $natent; + } } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat.php"); exit; @@ -466,13 +508,13 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td> - </tr> +<form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td> + </tr> <?php - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly"); ?> <tr> @@ -483,67 +525,82 @@ include("fbegin.inc"); ?> <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span> </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td> - <td width="78%" class="vtable"> - <input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if($pconfig['nordr']) echo "checked=\"checked\""; ?> /> - <span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?> - <br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span> - </td> - </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> - <td width="78%" class="vtable"> - <select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();"> - <?php - - $iflist = get_configured_interface_with_descr(false, true); - // Allow extending of the firewall edit interfaces - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit"); - foreach ($iflist as $if => $ifdesc) - if(have_ruleint_access($if)) - $interfaces[$if] = $ifdesc; - - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) - $interfaces['l2tp'] = "L2TP VPN"; - - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) - $interfaces['pptp'] = "PPTP VPN"; - - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) - $interfaces['pppoe'] = "PPPoE Server"; - - /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) - $interfaces["enc0"] = "IPsec"; - - /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) - $interfaces["openvpn"] = "OpenVPN"; - - foreach ($interfaces as $iface => $ifacename): ?> + <td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td> + <td width="78%" class="vtable"> + <input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if ($pconfig['nordr']) echo "checked=\"checked\""; ?> /> + <span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?> + <br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> + <td width="78%" class="vtable"> + <select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();"> + <?php + $iflist = get_configured_interface_with_descr(false, true); + // Allow extending of the firewall edit interfaces + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit"); + foreach ($iflist as $if => $ifdesc) { + if (have_ruleint_access($if)) { + $interfaces[$if] = $ifdesc; + } + } + + if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { + $interfaces['l2tp'] = "L2TP VPN"; + } + } + + if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { + $interfaces['pptp'] = "PPTP VPN"; + } + } + + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { + $interfaces['pppoe'] = "PPPoE Server"; + } + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (have_ruleint_access("enc0")) { + $interfaces["enc0"] = "IPsec"; + } + } + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { + $interfaces["openvpn"] = "OpenVPN"; + } + + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>> - <?=htmlspecialchars($ifacename);?> + <?=htmlspecialchars($ifacename);?> </option> - <?php endforeach; ?> - </select><br /> - <span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br /> - <?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td> - <td width="78%" class="vtable"> - <select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();"> - <?php $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF"); foreach ($protocols as $proto): ?> - <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option> - <?php endforeach; ?> - </select> <br /> <span class="vexpl"><?=gettext("Choose which IP protocol " . - "this rule should match."); ?><br /> - <?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em> <?=gettext("here."); ?></span></td> - </tr> + <?php endforeach; ?> + </select><br /> + <span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br /> + <?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td> + <td width="78%" class="vtable"> + <select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();"> + <?php + $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF"); + foreach ($protocols as $proto): ?> + <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option> + <?php endforeach; ?> + </select> + <br /> + <span class="vexpl"><?=gettext("Choose which IP protocol this rule should match."); ?><br /> + <?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em> <?=gettext("here."); ?> + </span> + </td> + </tr> <tr id="showadvancedboxsrc" name="showadvancedboxsrc"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td> <td width="78%" class="vtable"> @@ -569,24 +626,27 @@ include("fbegin.inc"); ?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option> <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option> - <?php if(have_ruleint_access("pptp")): ?> + <?php if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option> <?php endif; ?> - <?php if(have_ruleint_access("pppoe")): ?> + <?php if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option> <?php endif; ?> - <?php if(have_ruleint_access("l2tp")): ?> - <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> - <?php endif; ?> + <?php if (have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> + <?php endif; ?> <?php - foreach ($ifdisp as $ifent => $ifdesc): ?> - <?php if(have_ruleint_access($ifent)): ?> + foreach ($ifdisp as $ifent => $ifdesc): + if (have_ruleint_access($ifent)): +?> <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option> <option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>> <?=$ifdesc?> <?=gettext("address");?> </option> - <?php endif; ?> -<?php endforeach; ?> +<?php + endif; + endforeach; +?> </select> </td> </tr> @@ -653,35 +713,38 @@ include("fbegin.inc"); ?> <td><?=gettext("Type:"); ?> </td> <td> <select name="dsttype" class="formselect" onchange="typesel_change()"> -<?php - $sel = is_specialnet($pconfig['dst']); ?> + <?php $sel = is_specialnet($pconfig['dst']); ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option> <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option> <option value="(self)" <?PHP if ($pconfig['dst'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option> - <?php if(have_ruleint_access("pptp")): ?> + <?php if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option> <?php endif; ?> - <?php if(have_ruleint_access("pppoe")): ?> + <?php if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option> <?php endif; ?> - <?php if(have_ruleint_access("l2tp")): ?> - <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> - <?php endif; ?> + <?php if (have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option> + <?php endif; ?> -<?php foreach ($ifdisp as $if => $ifdesc): ?> - <?php if(have_ruleint_access($if)): ?> +<?php foreach ($ifdisp as $if => $ifdesc): + if (have_ruleint_access($if)): +?> <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option> <option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>> <?=$ifdesc;?> <?=gettext("address");?> </option> - <?php endif; ?> -<?php endforeach; ?> +<?php + endif; + endforeach; +?> <?php if (is_array($config['virtualip']['vip'])): foreach ($config['virtualip']['vip'] as $sn): - if (isset($sn['noexpand'])) + if (isset($sn['noexpand'])) { continue; + } if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); @@ -756,113 +819,125 @@ include("fbegin.inc"); ?> </span> </td> </tr> - <tr name="localiptable" id="localiptable"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td> - <td width="78%" class="vtable"> - <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" /> - <br /> <span class="vexpl"><?=gettext("Enter the internal IP address of " . - "the server on which you want to map the ports."); ?><br /> - <?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td> - </tr> - <tr name="lprtr" id="lprtr"> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td> - <td width="78%" class="vtable"> - <select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();"> - <option value="">(<?=gettext("other"); ?>)</option> - <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> - <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) { + <tr name="localiptable" id="localiptable"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td> + <td width="78%" class="vtable"> + <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" /> + <br /> + <span class="vexpl"><?=gettext("Enter the internal IP address of the server on which you want to map the ports."); ?> + <br /> + <?=gettext("e.g."); ?> + <em>192.168.1.12</em> + </span> + </td> + </tr> + <tr name="lprtr" id="lprtr"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td> + <td width="78%" class="vtable"> + <select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();"> + <option value="">(<?=gettext("other"); ?>)</option> + <?php + $bfound = 0; + foreach ($wkports as $wkport => $wkportdesc): + ?> + <option value="<?=$wkport;?>" + <?php if ($wkport == $pconfig['localbeginport']) { echo "selected=\"selected\""; $bfound = 1; }?>> - <?=htmlspecialchars($wkportdesc);?> - </option> - <?php endforeach; ?> - </select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" /> - <br /> - <span class="vexpl"><?=gettext("Specify the port on the machine with the " . - "IP address entered above. In case of a port range, specify " . - "the beginning port of the range (the end port will be calculated " . - "automatically)."); ?><br /> - <?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here " . - "for your reference (not parsed)."); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td> - <td width="78%" class="vtable"> - <input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> - <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td> - <td width="78%" class="vtable"> - <select name="natreflection" class="formselect"> - <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option> - <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option> - <option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option> - <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option> - </select> - </td> - </tr> - <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> - <tr name="assoctable" id="assoctable"> - <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> - <td width="78%" class="vtable"> - <select name="associated-rule-id"> - <option value=""><?=gettext("None"); ?></option> - <option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option> - <?php - $linkedrule = ""; - if (is_array($config['filter']['rule'])) { - filter_rules_sort(); - foreach ($config['filter']['rule'] as $filter_id => $filter_rule) { - if (isset($filter_rule['associated-rule-id'])) { - echo "<option value=\"{$filter_rule['associated-rule-id']}\""; - if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) { - echo " selected=\"selected\""; - $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br />"; - } - echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n"; - + <?=htmlspecialchars($wkportdesc);?> + </option> + <?php endforeach; ?> + </select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" /> + <br /> + <span class="vexpl"><?=gettext("Specify the port on the machine with the " . + "IP address entered above. In case of a port range, specify " . + "the beginning port of the range (the end port will be calculated " . + "automatically)."); ?><br /> + <?=gettext("Hint: this is usually identical to the 'from' port above"); ?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> + <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td> + <td width="78%" class="vtable"> + <input type="checkbox" value="yes" name="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> + <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td> + <td width="78%" class="vtable"> + <select name="natreflection" class="formselect"> + <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option> + <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option> + <option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option> + <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option> + </select> + </td> + </tr> + <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> + <tr name="assoctable" id="assoctable"> + <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> + <td width="78%" class="vtable"> + <select name="associated-rule-id"> + <option value=""><?=gettext("None"); ?></option> + <option value="pass" <?php if ($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option> + <?php + $linkedrule = ""; + if (is_array($config['filter']['rule'])) { + filter_rules_sort(); + foreach ($config['filter']['rule'] as $filter_id => $filter_rule) { + if (isset($filter_rule['associated-rule-id'])) { + echo "<option value=\"{$filter_rule['associated-rule-id']}\""; + if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) { + echo " selected=\"selected\""; + $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br />"; } - } + echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n"; } - if (isset($pconfig['associated-rule-id'])) - echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n"; - echo "</select>\n"; - echo $linkedrule; - ?> - </td> - </tr> - <?php endif; ?> - <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?> - <tr name="assoctable" id="assoctable"> - <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> - <td width="78%" class="vtable"> - <select name="filter-rule-association" id="filter-rule-association"> - <option value=""><?=gettext("None"); ?></option> - <option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option> - <option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option> - <option value="pass"><?=gettext("Pass"); ?></option> - </select> - <br /><br /><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?> - </td> - </tr><?php endif; ?> + } + } + if (isset($pconfig['associated-rule-id'])) { + echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n"; + } + echo "</select>\n"; + echo $linkedrule; + ?> + </td> + </tr> + <?php endif; ?> + <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?> + <tr name="assoctable" id="assoctable"> + <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td> + <td width="78%" class="vtable"> + <select name="filter-rule-association" id="filter-rule-association"> + <option value=""><?=gettext("None"); ?></option> + <option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option> + <option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option> + <option value="pass"><?=gettext("Pass"); ?></option> + </select> + <br /><br /><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?> + </td> + </tr> + <?php endif; ?> <?php - // Allow extending of the firewall edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate"); + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate"); ?> <?php -$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])); -$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])); + $has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])); + $has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])); ?> - <?php if ($has_created_time || $has_updated_time): ?> + <?php if ($has_created_time || $has_updated_time): ?> <tr> <td> </td> </tr> @@ -885,23 +960,23 @@ $has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['upda </td> </tr> <?php endif; ?> - <?php endif; ?> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <?php if (isset($id) && $a_nat[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" /> - </td> - </tr> - </table> + <?php endif; ?> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + <?php if (isset($id) && $a_nat[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" /> + </td> + </tr> + </table> </form> <script type="text/javascript"> //<![CDATA[ diff --git a/usr/local/www/firewall_nat_npt.php b/usr/local/www/firewall_nat_npt.php index 2a9d2fe..3fcfbf4 100644 --- a/usr/local/www/firewall_nat_npt.php +++ b/usr/local/www/firewall_nat_npt.php @@ -71,8 +71,9 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_npt[$_GET['id']]) { unset($a_npt[$_GET['id']]); - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_npt.php"); exit; } @@ -89,7 +90,8 @@ include("head.inc"); <?php if (is_subsystem_dirty('natconf')): ?> <?php print_info_box_np(gettext("The NAT configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br /> <?php endif; ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat npt"> <tr><td> +<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat npt"> + <tr><td> <?php $tab_array = array(); $tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php"); @@ -98,87 +100,94 @@ include("head.inc"); $tab_array[] = array(gettext("NPt"), true, "firewall_nat_npt.php"); display_top_tabs($tab_array); ?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> - <tr> - <td width="10%" class="listhdrr"><?=gettext("Interface"); ?></td> - <td width="20%" class="listhdrr"><?=gettext("External Prefix"); ?></td> - <td width="15%" class="listhdrr"><?=gettext("Internal prefix"); ?></td> - <td width="30%" class="listhdr"><?=gettext("Description"); ?></td> - <td width="10%" class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - <?php - $textse = "</span>"; - - $i = 0; foreach ($a_npt as $natent): - - if (isset($natent['disabled'])) - $textss = "<span class=\"gray\">"; - else - $textss = "<span>"; ?> - <tr> - <td class="listlr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> - <?php - echo $textss; - if (!$natent['interface']) - echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); - else - echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); - echo $textse; - ?> - </td> - <?php - $source_net = pprint_address($natent['source']); - $source_cidr = strstr($source_net, '/'); - $destination_net = pprint_address($natent['destination']); - $destination_cidr = strstr($destination_net, '/'); - ?> - <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> - <?php echo $textss . $destination_net . $textse; ?> - </td> - <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> - <?php echo $textss . $source_net . $textse; ?> - </td> - <td class="listbg" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> - <?=$textss;?> - <?=htmlspecialchars($natent['descr']);?> - <?=$textse;?> - </td> - <td class="list nowrap"> - <table border="0" cellspacing="0" cellpadding="1" summary="edit"> - <tr> - <td valign="middle"><a href="firewall_nat_npt_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>" alt="edit" /></a></td> - <td valign="middle"><a href="firewall_nat_npt.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>" alt="delete" /></a></td> - </tr> - </table> - </td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="4"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1" summary="add"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>" alt="add" /></a></td> - </tr> - </table> - </td> - </tr> - </table> - </div> - </td> -</tr> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area"> + <tr> + <td width="10%" class="listhdrr"><?=gettext("Interface"); ?></td> + <td width="20%" class="listhdrr"><?=gettext("External Prefix"); ?></td> + <td width="15%" class="listhdrr"><?=gettext("Internal prefix"); ?></td> + <td width="30%" class="listhdr"><?=gettext("Description"); ?></td> + <td width="10%" class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> +<?php + $textse = "</span>"; + + $i = 0; + foreach ($a_npt as $natent): + + if (isset($natent['disabled'])) { + $textss = "<span class=\"gray\">"; + } else { + $textss = "<span>"; + } +?> + <tr> + <td class="listlr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> +<?php + echo $textss; + if (!$natent['interface']) { + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); + } else { + echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); + } + echo $textse; +?> + </td> +<?php + $source_net = pprint_address($natent['source']); + $source_cidr = strstr($source_net, '/'); + $destination_net = pprint_address($natent['destination']); + $destination_cidr = strstr($destination_net, '/'); +?> + <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?php echo $textss . $destination_net . $textse; ?> + </td> + <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?php echo $textss . $source_net . $textse; ?> + </td> + <td class="listbg" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';"> + <?=$textss;?> + <?=htmlspecialchars($natent['descr']);?> + <?=$textse;?> + </td> + <td class="list nowrap"> + <table border="0" cellspacing="0" cellpadding="1" summary="edit"> + <tr> + <td valign="middle"><a href="firewall_nat_npt_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>" alt="edit" /></a></td> + <td valign="middle"><a href="firewall_nat_npt.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>" alt="delete" /></a></td> + </tr> + </table> + </td> + </tr> +<?php + $i++; + endforeach; +?> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1" summary="add"> + <tr> + <td width="17"></td> + <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>" alt="add" /></a></td> + </tr> + </table> + </td> + </tr> + </table> + </div> + </td> + </tr> </table> </form> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php index a5685e9..2f2531d 100644 --- a/usr/local/www/firewall_nat_npt_edit.php +++ b/usr/local/www/firewall_nat_npt_edit.php @@ -1,23 +1,23 @@ -<?php +<?php /* $Id$ */ /* firewall_nat_npt_edit.php part of pfSense (https://www.pfsense.org) - + Copyright (C) 2013-2015 Electric Sheep Fencing, LP Copyright (C) 2011 Seth Mos <seth.mos@dds.nl>. All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -45,13 +45,13 @@ function natnptcmp($a, $b) { } function nat_npt_rules_sort() { - global $g, $config; - - if (!is_array($config['nat']['npt'])) - return; + global $g, $config; + if (!is_array($config['nat']['npt'])) { + return; + } - usort($config['nat']['npt'], "natnptcmp"); + usort($config['nat']['npt'], "natnptcmp"); } require("guiconfig.inc"); @@ -63,8 +63,8 @@ $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firew $ifdisp = get_configured_interface_with_descr(); foreach ($ifdisp as $kif => $kdescr) { - $specialsrcdst[] = "{$kif}"; - $specialsrcdst[] = "{$kif}ip"; + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; } if (!is_array($config['nat']['npt'])) { @@ -72,45 +72,49 @@ if (!is_array($config['nat']['npt'])) { } $a_npt = &$config['nat']['npt']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} if (isset($id) && $a_npt[$id]) { $pconfig['disabled'] = isset($a_npt[$id]['disabled']); address_to_pconfig($a_npt[$id]['source'], $pconfig['src'], - $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcmask'], $pconfig['srcnot'], $pconfig['srcbeginport'], $pconfig['srcendport']); - address_to_pconfig($a_npt[$id]['destination'], $pconfig['dst'], - $pconfig['dstmask'], $pconfig['dstnot'], + address_to_pconfig($a_npt[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], $pconfig['dstbeginport'], $pconfig['dstendport']); $pconfig['interface'] = $a_npt[$id]['interface']; - if (!$pconfig['interface']) + if (!$pconfig['interface']) { $pconfig['interface'] = "wan"; + } $pconfig['external'] = $a_npt[$id]['external']; $pconfig['descr'] = $a_npt[$id]['descr']; -} else +} else { $pconfig['interface'] = "wan"; +} if ($_POST) { - + unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "interface"); $reqdfieldsn = array(gettext("Interface")); - $reqdfields[] = "src"; - $reqdfieldsn[] = gettext("Source prefix"); - $reqdfields[] = "dst"; - $reqdfieldsn[] = gettext("Destination prefix"); - + $reqdfields[] = "src"; + $reqdfieldsn[] = gettext("Source prefix"); + $reqdfields[] = "dst"; + $reqdfieldsn[] = gettext("Destination prefix"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (!$input_errors) { @@ -120,25 +124,27 @@ if ($_POST) { $natent['descr'] = $_POST['descr']; $natent['interface'] = $_POST['interface']; - if ($_POST['src']) - $_POST['src'] = trim($_POST['src']); - if ($_POST['dst']) - $_POST['dst'] = trim($_POST['dst']); + if ($_POST['src']) { + $_POST['src'] = trim($_POST['src']); + } + if ($_POST['dst']) { + $_POST['dst'] = trim($_POST['dst']); + } - pconfig_to_address($natent['source'], $_POST['src'], - $_POST['srcmask'], $_POST['srcnot']); + pconfig_to_address($natent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot']); - pconfig_to_address($natent['destination'], $_POST['dst'], - $_POST['dstmask'], $_POST['dstnot']); + pconfig_to_address($natent['destination'], $_POST['dst'], $_POST['dstmask'], $_POST['dstnot']); - if (isset($id) && $a_npt[$id]) + if (isset($id) && $a_npt[$id]) { $a_npt[$id] = $natent; - else + } else { $a_npt[] = $natent; + } nat_npt_rules_sort(); - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_npt.php"); exit; @@ -156,133 +162,144 @@ include("head.inc"); <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> - <form action="firewall_nat_npt_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat npt edit"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit NAT NPt entry"); ?></td> - </tr> +<form action="firewall_nat_npt_edit.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat npt edit"> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> - <td width="78%" class="vtable"> - <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("Disable this rule"); ?></strong><br /> - <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span> - </td> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit NAT NPt entry"); ?></td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> - <td width="78%" class="vtable"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> + <td width="78%" class="vtable"> + <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("Disable this rule"); ?></strong><br /> + <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> + <td width="78%" class="vtable"> <select name="interface" class="formselect"> <?php - foreach ($ifdisp as $if => $ifdesc) - if(have_ruleint_access($if)) + foreach ($ifdisp as $if => $ifdesc) { + if (have_ruleint_access($if)) { $interfaces[$if] = $ifdesc; + } + } - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) + if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { $interfaces['l2tp'] = "L2TP VPN"; + } + } - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { $interfaces['pptp'] = "PPTP VPN"; + } + } - if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) + if ($config['pppoe']['mode'] == "server") { + if (have_ruleint_access("pppoe")) { $interfaces['pppoe'] = "PPPoE Server"; + } + } /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) - if(have_ruleint_access("enc0")) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) { + if (have_ruleint_access("enc0")) { $interfaces["enc0"] = "IPsec"; + } + } /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $interfaces["openvpn"] = "OpenVPN"; + } - foreach ($interfaces as $iface => $ifacename): + foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>> <?=htmlspecialchars($ifacename);?> </option> <?php endforeach; ?> </select><br /> - <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br /> - <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td> + <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br /> + <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>. + </span> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Internal IPv6 Prefix"); ?></td> - <td width="78%" class="vtable"> - <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("not"); ?></strong> - <br /> - <?=gettext("Use this option to invert the sense of the match."); ?> - <br /> - <br /> - <table border="0" cellspacing="0" cellpadding="0" summary="internal"> - <tr> - <td><?=gettext("Address:"); ?> </td> - <td> - <input name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" /> / - <select name="srcmask" class="formselect" id="srcmask"> -<?php for ($i = 128; $i > 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> -<?php endfor; ?> - </select> - </td> - </tr> - </table> - <br /> - <span class="vexpl"><?=gettext("Enter the internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. The prefix size specified for the internal IPv6 prefix will be applied to the -external prefix."); -?></span> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Internal IPv6 Prefix"); ?></td> + <td width="78%" class="vtable"> + <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("not"); ?></strong> + <br /> + <?=gettext("Use this option to invert the sense of the match."); ?> + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0" summary="internal"> + <tr> + <td><?=gettext("Address:"); ?> </td> + <td> + <input name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" /> / + <select name="srcmask" class="formselect" id="srcmask"> +<?php for ($i = 128; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + <br /> + <span class="vexpl"><?=gettext("Enter the internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. The prefix size specified for the internal IPv6 prefix will be applied to the external prefix.");?></span> </td> - </tr> + </tr> <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination IPv6 Prefix"); ?></td> - <td width="78%" class="vtable"> - <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> /> - <strong><?=gettext("not"); ?></strong> - <br /> - <?=gettext("Use this option to invert the sense of the match."); ?> - <br /> - <br /> - <table border="0" cellspacing="0" cellpadding="0" summary="destination"> - <tr> - <td><?=gettext("Address:"); ?> </td> - <td> - <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" /> - / - <select name="dstmask" class="formselect" id="dstmask"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination IPv6 Prefix"); ?></td> + <td width="78%" class="vtable"> + <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> /> + <strong><?=gettext("not"); ?></strong> + <br /> + <?=gettext("Use this option to invert the sense of the match."); ?> + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0" summary="destination"> + <tr> + <td><?=gettext("Address:"); ?> </td> + <td> + <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" /> + / + <select name="dstmask" class="formselect" id="dstmask"> <?php - for ($i = 128; $i > 0; $i--): ?> - <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> -<?php endfor; ?> - </select> - </td> - </tr> - </table> - <br /> - <span class="vexpl"><?=gettext("Enter the Global Unicast routable IPv6 prefix here"); ?><br /></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> - <br /> <span class="vexpl"><?=gettext("You may enter a description here " . - "for your reference (not parsed)."); ?></span></td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <?php if (isset($id) && $a_npt[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif; ?> - </td> - </tr> - </table> + for ($i = 128; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + <br /> + <span class="vexpl"><?=gettext("Enter the Global Unicast routable IPv6 prefix here"); ?><br /></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> + <td width="78%" class="vtable"> + <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> + <br /> <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)."); ?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> + <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> + <?php if (isset($id) && $a_npt[$id]): ?> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> + <?php endif; ?> + </td> + </tr> + </table> </form> <?php include("fend.inc"); ?> </body> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 96d7a7b..1e942d2 100644 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -50,16 +50,19 @@ require_once("shaper.inc"); global $FilterIflist; global $GatewaysList; -if (!is_array($config['nat']['outbound'])) +if (!is_array($config['nat']['outbound'])) { $config['nat']['outbound'] = array(); +} -if (!is_array($config['nat']['outbound']['rule'])) +if (!is_array($config['nat']['outbound']['rule'])) { $config['nat']['outbound']['rule'] = array(); +} $a_out = &$config['nat']['outbound']['rule']; -if (!isset($config['nat']['outbound']['mode'])) +if (!isset($config['nat']['outbound']['mode'])) { $config['nat']['outbound']['mode'] = "automatic"; +} $mode = $config['nat']['outbound']['mode']; @@ -67,10 +70,11 @@ if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); - if(stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); - else + if (stristr($retval, "error") <> true) { + $savemsg = get_std_save_message($retval); + } else { $savemsg = $retval; + } if ($retval == 0) { clear_subsystem_dirty('natconf'); @@ -86,10 +90,12 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { * lets automatically create entries * for all of the interfaces to make life easier on the pip-o-chap */ - if(empty($FilterIflist)) + if (empty($FilterIflist)) { filter_generate_optcfg_array(); - if(empty($GatewaysList)) + } + if (empty($GatewaysList)) { filter_generate_gateways(); + } $tonathosts = filter_nat_rules_automatic_tonathosts(true); $automatic_rules = filter_nat_rules_outbound_automatic(""); @@ -101,7 +107,7 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { convert_real_interface_to_friendly_descr($natent['interface'])); $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); - /* Try to detect already auto created rules and avoid duplicate them */ + /* Try to detect already auto created rules and avoid duplicating them */ $found = false; foreach ($a_out as $rule) { if ($rule['interface'] == $natent['interface'] && @@ -114,8 +120,9 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { } } - if ($found === false) + if ($found === false) { $a_out[] = $natent; + } } } $savemsg = gettext("Default rules for each interface have been created."); @@ -124,8 +131,9 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $config['nat']['outbound']['mode'] = $_POST['mode']; - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_out.php"); exit; } @@ -133,8 +141,9 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { if ($_GET['act'] == "del") { if ($a_out[$_GET['id']]) { unset($a_out[$_GET['id']]); - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_out.php"); exit; } @@ -146,20 +155,23 @@ if (isset($_POST['del_x'])) { foreach ($_POST['rule'] as $rulei) { unset($a_out[$rulei]); } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_out.php"); exit; } } else if ($_GET['act'] == "toggle") { if ($a_out[$_GET['id']]) { - if(isset($a_out[$_GET['id']]['disabled'])) + if (isset($a_out[$_GET['id']]['disabled'])) { unset($a_out[$_GET['id']]['disabled']); - else + } else { $a_out[$_GET['id']]['disabled'] = true; - if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule")) + } + if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule")) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_out.php"); exit; } @@ -178,32 +190,39 @@ if (isset($_POST['del_x'])) { /* copy all rules < $movebtn and not selected */ for ($i = 0; $i < $movebtn; $i++) { - if (!in_array($i, $_POST['rule'])) + if (!in_array($i, $_POST['rule'])) { $a_out_new[] = $a_out[$i]; + } } /* copy all selected rules */ for ($i = 0; $i < count($a_out); $i++) { - if ($i == $movebtn) + if ($i == $movebtn) { continue; - if (in_array($i, $_POST['rule'])) + } + if (in_array($i, $_POST['rule'])) { $a_out_new[] = $a_out[$i]; + } } /* copy $movebtn rule */ - if ($movebtn < count($a_out)) + if ($movebtn < count($a_out)) { $a_out_new[] = $a_out[$movebtn]; + } /* copy all rules > $movebtn and not selected */ for ($i = $movebtn+1; $i < count($a_out); $i++) { - if (!in_array($i, $_POST['rule'])) + if (!in_array($i, $_POST['rule'])) { $a_out_new[] = $a_out[$i]; + } } - if (count($a_out_new) > 0) + if (count($a_out_new) > 0) { $a_out = $a_out_new; + } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_out.php"); exit; } @@ -218,10 +237,12 @@ include("head.inc"); <form action="firewall_nat_out.php" method="post" name="iform"> <script type="text/javascript" src="/javascript/row_toggle.js"></script> <?php -if ($savemsg) +if ($savemsg) { print_info_box($savemsg); -if (is_subsystem_dirty('natconf')) +} +if (is_subsystem_dirty('natconf')) { print_info_box_np(gettext("The NAT configuration has been changed.")."<br />".gettext("You must apply the changes in order for them to take effect.")); +} ?> <br /> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat outbound"> @@ -369,7 +390,7 @@ if (is_subsystem_dirty('natconf')) title="<?=gettext("click to toggle enabled/disabled status");?>" alt="icon" /> </a> <?php - endif; + endif; ?> </td> <td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';"> @@ -377,28 +398,30 @@ if (is_subsystem_dirty('natconf')) </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';"> - <?PHP $natent['source']['network'] = ($natent['source']['network'] == "(self)") ? "This Firewall" : $natent['source']['network']; ?> + <?php $natent['source']['network'] = ($natent['source']['network'] == "(self)") ? "This Firewall" : $natent['source']['network']; ?> <?php echo $textss . $alias_src_span_begin . $natent['source']['network'] . $alias_src_span_end . $textse;?> </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';"> <?php echo $textss; echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ; - if (!$natent['sourceport']) + if (!$natent['sourceport']) { echo "*"; - else + } else { echo $alias_src_port_span_begin . $natent['sourceport'] . $alias_src_port_span_end; + } echo $textse; ?> </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';"> <?php echo $textss; - if (isset($natent['destination']['any'])) + if (isset($natent['destination']['any'])) { echo "*"; - else { - if (isset($natent['destination']['not'])) + } else { + if (isset($natent['destination']['not'])) { echo "! "; + } echo $alias_dst_span_begin . $natent['destination']['address'] . $alias_dst_span_end; } echo $textse; @@ -408,44 +431,48 @@ if (is_subsystem_dirty('natconf')) <?php echo $textss; echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ; - if (!$natent['dstport']) + if (!$natent['dstport']) { echo "*"; - else + } else { echo $alias_dst_port_span_begin . $natent['dstport'] . $alias_dst_port_span_end; + } echo $textse; ?> </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';"> <?php echo $textss; - if (isset($natent['nonat'])) + if (isset($natent['nonat'])) { echo '<I>NO NAT</I>'; - elseif (!$natent['target']) + } elseif (!$natent['target']) { echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address"; - elseif ($natent['target'] == "other-subnet") + } elseif ($natent['target'] == "other-subnet") { echo $natent['targetip'] . '/' . $natent['targetip_subnet']; - else + } else { echo $natent['target']; + } echo $textse; ?> </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';"> <?php echo $textss; - if (!$natent['natport']) + if (!$natent['natport']) { echo "*"; - else + } else { echo $natent['natport']; + } echo $textse; ?> </td> <td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';" align="center"> <?php echo $textss; - if(isset($natent['staticnatport'])) + if (isset($natent['staticnatport'])) { echo gettext("YES"); - else + } else { echo gettext("NO"); + } echo $textse; ?> </td> @@ -525,10 +552,12 @@ if (is_subsystem_dirty('natconf')) </tr> <?php if ($mode == "automatic" || $mode == "hybrid"): - if(empty($FilterIflist)) + if (empty($FilterIflist)) { filter_generate_optcfg_array(); - if(empty($GatewaysList)) + } + if (empty($GatewaysList)) { filter_generate_gateways(); + } $automatic_rules = filter_nat_rules_outbound_automatic(implode(" ", filter_nat_rules_automatic_tonathosts())); unset($FilterIflist, $GatewaysList); ?> @@ -566,19 +595,21 @@ if (is_subsystem_dirty('natconf')) <td class="listr" style="background-color: #E0E0E0"> <?php echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ; - if (!$natent['sourceport']) + if (!$natent['sourceport']) { echo "*"; - else + } else { echo $natent['sourceport']; + } ?> </td> <td class="listr" style="background-color: #E0E0E0"> <?php - if (isset($natent['destination']['any'])) + if (isset($natent['destination']['any'])) { echo "*"; - else { - if (isset($natent['destination']['not'])) + } else { + if (isset($natent['destination']['not'])) { echo "! "; + } echo $natent['destination']['address']; } ?> @@ -586,38 +617,42 @@ if (is_subsystem_dirty('natconf')) <td class="listr" style="background-color: #E0E0E0"> <?php echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ; - if (!$natent['dstport']) + if (!$natent['dstport']) { echo "*"; - else + } else { echo $natent['dstport']; + } ?> </td> <td class="listr" style="background-color: #E0E0E0"> <?php - if (isset($natent['nonat'])) + if (isset($natent['nonat'])) { echo '<I>NO NAT</I>'; - elseif (!$natent['target']) + } elseif (!$natent['target']) { echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address"; - elseif ($natent['target'] == "other-subnet") + } elseif ($natent['target'] == "other-subnet") { echo $natent['targetip'] . '/' . $natent['targetip_subnet']; - else + } else { echo $natent['target']; + } ?> </td> <td class="listr" style="background-color: #E0E0E0"> <?php - if (!$natent['natport']) + if (!$natent['natport']) { echo "*"; - else + } else { echo $natent['natport']; + } ?> </td> <td class="listr" style="background-color: #E0E0E0"> <?php - if(isset($natent['staticnatport'])) + if (isset($natent['staticnatport'])) { echo gettext("YES"); - else + } else { echo gettext("NO"); + } ?> </td> <td class="listbg"> diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 2162695..d646e68 100644 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -48,8 +48,9 @@ require("shaper.inc"); $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat_out.php'); -if (!is_array($config['nat']['outbound'])) +if (!is_array($config['nat']['outbound'])) { $config['nat']['outbound'] = array(); +} if (!is_array($config['nat']['outbound']['rule'])) { $config['nat']['outbound']['rule'] = array(); @@ -57,36 +58,44 @@ if (!is_array($config['nat']['outbound']['rule'])) { $a_out = &$config['nat']['outbound']['rule']; -if (!is_array($config['aliases']['alias'])) +if (!is_array($config['aliases']['alias'])) { $config['aliases']['alias'] = array(); +} $a_aliases = &$config['aliases']['alias']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (is_numericint($_GET['after']) || $_GET['after'] == "-1") +if (is_numericint($_GET['after']) || $_GET['after'] == "-1") { $after = $_GET['after']; -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) +} +if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { $after = $_POST['after']; +} if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_out[$id]) { - if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) ) + if (isset($a_out[$id]['created']) && is_array($a_out[$id]['created'])) { $pconfig['created'] = $a_out[$id]['created']; + } - if ( isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated']) ) + if (isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated'])) { $pconfig['updated'] = $a_out[$id]['updated']; + } $pconfig['protocol'] = $a_out[$id]['protocol']; list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']); - if (!is_numeric($pconfig['source_subnet'])) + if (!is_numeric($pconfig['source_subnet'])) { $pconfig['source_subnet'] = 32; + } $pconfig['sourceport'] = $a_out[$id]['sourceport']; address_to_pconfig($a_out[$id]['destination'], $pconfig['destination'], $pconfig['destination_subnet'], $pconfig['destination_not'], @@ -113,8 +122,9 @@ if (isset($id) && $a_out[$id]) { $pconfig['interface'] = "wan"; } -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); +} if ($_POST) { if ($_POST['destination_type'] == "any") { @@ -131,14 +141,15 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user + /* run through $_POST items encoding HTML entitles so that the user * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { $temp = str_replace(">", "", $value); $newpost = htmlentities($temp); - if($newpost <> $temp) + if ($newpost <> $temp) { $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); + } } /* input validation */ @@ -149,27 +160,36 @@ if ($_POST) { $protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp")); - if ($_POST['source']) + if ($_POST['source']) { $_POST['source'] = trim($_POST['source']); - if ($_POST['destination']) + } + if ($_POST['destination']) { $_POST['destination'] = trim($_POST['destination']); - if ($_POST['targetip']) + } + if ($_POST['targetip']) { $_POST['targetip'] = trim($_POST['targetip']); - if ($_POST['sourceport']) + } + if ($_POST['sourceport']) { $_POST['sourceport'] = trim($_POST['sourceport']); - if ($_POST['dstport']) + } + if ($_POST['dstport']) { $_POST['dstport'] = trim($_POST['dstport']); - if ($_POST['natport']) + } + if ($_POST['natport']) { $_POST['natport'] = trim($_POST['natport']); + } - if($protocol_uses_ports && $_POST['sourceport'] <> "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport']))) + if ($protocol_uses_ports && $_POST['sourceport'] <> "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport']))) { $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); + } - if($protocol_uses_ports && $_POST['dstport'] <> "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) + if ($protocol_uses_ports && $_POST['dstport'] <> "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); + } - if($protocol_uses_ports && $_POST['natport'] <> "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) + if ($protocol_uses_ports && $_POST['natport'] <> "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); + } if (($_POST['source_type'] != "any") && ($_POST['source_type'] != "(self)")) { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] <> "any") { @@ -209,22 +229,23 @@ if ($_POST) { /* Verify Pool Options */ $poolopts = ""; if ($_POST['poolopts']) { - if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet")) + if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet")) { $poolopts = $_POST['poolopts']; - elseif (is_alias($_POST['target'])) { - if (substr($_POST['poolopts'], 0, 11) == "round-robin") + } elseif (is_alias($_POST['target'])) { + if (substr($_POST['poolopts'], 0, 11) == "round-robin") { $poolopts = $_POST['poolopts']; - else + } else { $input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias."); + } } } /* if user has selected any as source, set it here */ - if($_POST['source_type'] == "any") { + if ($_POST['source_type'] == "any") { $osn = "any"; - } else if($_POST['source_type'] == "(self)") { + } else if ($_POST['source_type'] == "(self)") { $osn = "(self)"; - } else if(is_alias($_POST['source'])) { + } else if (is_alias($_POST['source'])) { $osn = $_POST['source']; } else { $osn = gen_subnet($_POST['source'], $_POST['source_subnet']) . "/" . $_POST['source_subnet']; @@ -233,7 +254,7 @@ if ($_POST) { /* check for existing entries */ if ($_POST['destination_type'] == "any") { $ext = "any"; - } else if(is_alias($_POST['destination'])) { + } else if (is_alias($_POST['destination'])) { $ext = $_POST['destination']; } else { $ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet']; @@ -249,11 +270,11 @@ if ($_POST) { } } - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/input_validation"); if (!$input_errors) { - $natent = array(); + $natent = array(); $natent['source']['network'] = $osn; $natent['sourceport'] = ($protocol_uses_ports) ? $_POST['sourceport'] : ""; $natent['descr'] = $_POST['descr']; @@ -264,47 +285,48 @@ if ($_POST) { $natent['poolopts'] = $poolopts; /* static-port */ - if(isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) { + if (isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) { $natent['staticnatport'] = true; } else { unset($natent['staticnatport']); } - - if(isset($_POST['disabled'])) { + + if (isset($_POST['disabled'])) { $natent['disabled'] = true; } else { unset($natent['disabled']); } /* if user has selected not nat, set it here */ - if(isset($_POST['nonat'])) { + if (isset($_POST['nonat'])) { $natent['nonat'] = true; } else { unset($natent['nonat']); } - if ($_POST['protocol'] && $_POST['protocol'] != "any") + if ($_POST['protocol'] && $_POST['protocol'] != "any") { $natent['protocol'] = $_POST['protocol']; - else + } else { unset($natent['protocol']); + } - if ($ext == "any") { + if ($ext == "any") { $natent['destination']['any'] = true; } else { $natent['destination']['address'] = $ext; } - if($_POST['natport'] != "" && $protocol_uses_ports && !isset($_POST['nonat'])) { - $natent['natport'] = $_POST['natport']; + if ($_POST['natport'] != "" && $protocol_uses_ports && !isset($_POST['nonat'])) { + $natent['natport'] = $_POST['natport']; } else { unset($natent['natport']); } - if($_POST['dstport'] != "" && $protocol_uses_ports) { + if ($_POST['dstport'] != "" && $protocol_uses_ports) { $natent['dstport'] = $_POST['dstport']; } else { unset($natent['dstport']); } - if($_POST['nosync'] == "yes") { + if ($_POST['nosync'] == "yes") { $natent['nosync'] = true; } else { unset($natent['nosync']); @@ -314,12 +336,13 @@ if ($_POST) { $natent['destination']['not'] = true; } - if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) ) + if (isset($a_out[$id]['created']) && is_array($a_out[$id]['created'])) { $natent['created'] = $a_out[$id]['created']; + } $natent['updated'] = make_config_revision_entry(); - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/pre_write_config"); if (isset($id) && $a_out[$id]) { @@ -333,8 +356,9 @@ if ($_POST) { } } - if (write_config()) + if (write_config()) { mark_subsystem_dirty('natconf'); + } header("Location: firewall_nat_out.php"); exit; } @@ -352,7 +376,7 @@ include("head.inc"); //<![CDATA[ var portsenabled = 1; function staticportchange() { - if(document.iform.staticnatport.checked) { + if (document.iform.staticnatport.checked) { document.iform.natport.value = ""; document.iform.natport.disabled = 1; } else { @@ -446,7 +470,7 @@ function poolopts_change() { <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Advanced Outbound NAT entry");?></td> </tr> <?php - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly"); ?> <tr> @@ -460,7 +484,7 @@ function poolopts_change() { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Do not NAT");?></td> <td width="78%" class="vtable"> - <input type="checkbox" name="nonat" id="nonat" onclick="nonat_change();" <?php if(isset($pconfig['nonat'])) echo " checked=\"checked\""; ?> /> + <input type="checkbox" name="nonat" id="nonat" onclick="nonat_change();" <?php if (isset($pconfig['nonat'])) echo " checked=\"checked\""; ?> /> <span class="vexpl"><?=gettext("Enabling this option will disable NAT for traffic matching this rule and stop processing Outbound NAT rules.");?> <br /><?=gettext("Hint: in most cases, you won't use this option.");?></span> </td> @@ -471,29 +495,39 @@ function poolopts_change() { <select name="interface" class="formselect"> <?php $iflist = get_configured_interface_with_descr(false, true); - foreach ($iflist as $if => $ifdesc) - if(have_ruleint_access($if)) + foreach ($iflist as $if => $ifdesc) { + if (have_ruleint_access($if)) { $interfaces[$if] = $ifdesc; + } + } - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) + if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { $interfaces['l2tp'] = "L2TP VPN"; + } + } - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { $interfaces['pptp'] = "PPTP VPN"; + } + } - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { $interfaces['pppoe'] = "PPPoE Server"; + } /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (have_ruleint_access("enc0")) { $interfaces["enc0"] = "IPsec"; + } + } /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $interfaces["openvpn"] = "OpenVPN"; + } foreach ($interfaces as $iface => $ifacename): ?> @@ -640,8 +674,9 @@ function poolopts_change() { <?php if (is_array($config['virtualip']['vip'])): foreach ($config['virtualip']['vip'] as $sn): - if (isset($sn['noexpand'])) + if (isset($sn['noexpand'])) { continue; + } if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); @@ -671,8 +706,9 @@ function poolopts_change() { endforeach; endif; foreach ($a_aliases as $alias): - if ($alias['type'] != "host") + if ($alias['type'] != "host") { continue; + } ?> <option value="<?=$alias['name'];?>" <?php if ($alias['name'] == $pconfig['target']) echo "selected=\"selected\""; ?>> <?=htmlspecialchars("Host Alias: {$alias['name']} ({$alias['descr']})");?> @@ -680,7 +716,7 @@ function poolopts_change() { <?php endforeach; ?> - <option value="other-subnet"<?php if($pconfig['target'] == "other-subnet") echo " selected=\"selected\""; ?>> + <option value="other-subnet"<?php if ($pconfig['target'] == "other-subnet") echo " selected=\"selected\""; ?>> <?=gettext("Other Subnet (Enter Below)");?> </option> </select> @@ -765,7 +801,9 @@ function poolopts_change() { </tr> <tr name="tportstatic_tr" id="tportstatic_tr"> <td><?=gettext("Static-port:");?> </td> - <td><input onchange="staticportchange();" name="staticnatport" type="checkbox" class="formfld" id="staticnatport" size="5"<?php if($pconfig['staticnatport']) echo " checked=\"checked\"";?> /></td> + <td> + <input onchange="staticportchange();" name="staticnatport" type="checkbox" class="formfld" id="staticnatport" size="5"<?php if ($pconfig['staticnatport']) echo " checked=\"checked\"";?> /> + </td> </tr> </table> </td> @@ -773,7 +811,7 @@ function poolopts_change() { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td> <td width="78%" class="vtable"> - <input value="yes" name="nosync" type="checkbox" class="formfld" id="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> + <input value="yes" name="nosync" type="checkbox" class="formfld" id="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?> </td> </tr> @@ -819,7 +857,7 @@ function poolopts_change() { <?php endif; endif; - // Allow extending of the firewall edit page and include custom input validation + // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/htmlphplate"); ?> <tr> |