diff options
Diffstat (limited to 'src/usr/local/www/firewall_nat_npt_edit.php')
-rw-r--r-- | src/usr/local/www/firewall_nat_npt_edit.php | 285 |
1 files changed, 285 insertions, 0 deletions
diff --git a/src/usr/local/www/firewall_nat_npt_edit.php b/src/usr/local/www/firewall_nat_npt_edit.php new file mode 100644 index 0000000..7e385e5 --- /dev/null +++ b/src/usr/local/www/firewall_nat_npt_edit.php @@ -0,0 +1,285 @@ +<?php +/* $Id$ */ +/* + firewall_nat_npt_edit.php +*/ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2011 Seth Mos <seth.mos@dds.nl> + * part of pfSense (https://www.pfsense.org) + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ +/* + pfSense_MODULE: nat +*/ + +##|+PRIV +##|*IDENT=page-firewall-nat-npt-edit +##|*NAME=Firewall: NAT: NPt: Edit page +##|*DESCR=Allow access to the 'Firewall: NAT: NPt: Edit' page. +##|*MATCH=firewall_nat_npt_edit.php* +##|-PRIV + +function natnptcmp($a, $b) { + return ipcmp($a['external'], $b['external']); +} + +function nat_npt_rules_sort() { + global $g, $config; + + if (!is_array($config['nat']['npt'])) { + return; + } + + usort($config['nat']['npt'], "natnptcmp"); +} + +require("guiconfig.inc"); +require_once("interfaces.inc"); +require_once("filter.inc"); +require("shaper.inc"); + +$ifdisp = get_configured_interface_with_descr(); + +foreach ($ifdisp as $kif => $kdescr) { + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; +} + +if (!is_array($config['nat']['npt'])) + $config['nat']['npt'] = array(); + +$a_npt = &$config['nat']['npt']; + +if (is_numericint($_GET['id'])) { + $id = $_GET['id']; +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { + $id = $_POST['id']; +} + +if (isset($id) && $a_npt[$id]) { + $pconfig['disabled'] = isset($a_npt[$id]['disabled']); + + address_to_pconfig($a_npt[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_npt[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + + $pconfig['interface'] = $a_npt[$id]['interface']; + if (!$pconfig['interface']) { + $pconfig['interface'] = "wan"; + } + + $pconfig['external'] = $a_npt[$id]['external']; + $pconfig['descr'] = $a_npt[$id]['descr']; +} else { + $pconfig['interface'] = "wan"; +} + + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "interface"); + $reqdfieldsn = array(gettext("Interface")); + $reqdfields[] = "src"; + $reqdfieldsn[] = gettext("Source prefix"); + $reqdfields[] = "dst"; + $reqdfieldsn[] = gettext("Destination prefix"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if (!$input_errors) { + $natent = array(); + + $natent['disabled'] = isset($_POST['disabled']) ? true:false; + $natent['descr'] = $_POST['descr']; + $natent['interface'] = $_POST['interface']; + + if ($_POST['src']) { + $_POST['src'] = trim($_POST['src']); + } + if ($_POST['dst']) { + $_POST['dst'] = trim($_POST['dst']); + } + + pconfig_to_address($natent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot']); + + pconfig_to_address($natent['destination'], $_POST['dst'], $_POST['dstmask'], $_POST['dstnot']); + + if (isset($id) && $a_npt[$id]) { + $a_npt[$id] = $natent; + } else { + $a_npt[] = $natent; + } + nat_npt_rules_sort(); + + if (write_config()) { + mark_subsystem_dirty('natconf'); + } + + header("Location: firewall_nat_npt.php"); + exit; + } +} + +function build_if_list() { + global $ifdisp; + + foreach ($ifdisp as $if => $ifdesc) { + if(have_ruleint_access($if)) + $interfaces[$if] = $ifdesc; + } + + if ($config['l2tp']['mode'] == "server") + if(have_ruleint_access("l2tp")) + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + if(have_ruleint_access("pptp")) + $interfaces['pptp'] = "PPTP VPN"; + + if ($config['pppoe']['mode'] == "server") + if(have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE Server"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) { + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; + } + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + + return($interfaces); +} + +$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("NPt"),gettext("Edit")); +include("head.inc"); + +if ($input_errors) + print_input_errors($input_errors); + +require('classes/Form.class.php'); + +$form = new Form(); + +$section = new Form_Section('Edit NAT NPt entry'); + +$section->addInput(new Form_Checkbox( + 'disabled', + 'Disabled', + 'Disable this rule', + $pconfig['disabled'] +)); + +$section->addInput(new Form_Select( + 'interface', + 'Interface', + $pconfig['interface'], + build_if_list() +))->setHelp('Choose which interface this rule applies to.' . '<br />' . + 'Hint: in most cases, you\'ll want to use "WAN" here.'); + +$section->addInput(new Form_Checkbox( + 'srcnot', + 'Internal IPv6 prefix', + 'Not', + $pconfig['srcnot'] +))->setHelp('Use this option to invert the sense of the match. '); + +$section->addInput(new Form_IpAddress( + 'src', + 'Address', + $pconfig['src'] +))->addMask('srcmask', $pconfig['srcmask'])->setHelp('Internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. ' . + 'The prefix size specified for the internal IPv6 prefix will be applied to the external prefix.'); + +$section->addInput(new Form_Checkbox( + 'dstnot', + 'Destination IPv6 prefix', + 'Not', + $pconfig['dstnot'] +))->setHelp('Use this option to invert the sense of the match. '); + +$section->addInput(new Form_IpAddress( + 'dst', + 'Address', + $pconfig['dst'] +))->addMask('dstmask', $pconfig['dstmask'])->setHelp('Global Unicast routable IPv6 prefix'); + +$section->addInput(new Form_Input( + 'descr', + 'Description', + 'text', + $pconfig['descr'] +))->setHelp('You may enter a description here for your reference (not parsed).'); + +if (isset($id) && $a_npt[$id]) { + $section->addInput(new Form_Input( + 'id', + null, + 'hidden', + $id + )); +} + +$form->add($section); +print($form); + +include("foot.inc");
\ No newline at end of file |