diff options
Diffstat (limited to 'src/usr/local/www/firewall_rules.php')
-rw-r--r-- | src/usr/local/www/firewall_rules.php | 165 |
1 files changed, 115 insertions, 50 deletions
diff --git a/src/usr/local/www/firewall_rules.php b/src/usr/local/www/firewall_rules.php index f3b4b00..87703f1 100644 --- a/src/usr/local/www/firewall_rules.php +++ b/src/usr/local/www/firewall_rules.php @@ -4,56 +4,56 @@ firewall_rules.php */ /* ==================================================================== - * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. - * Copyright (c) 2004 Scott Ullrich - * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net> + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004 Scott Ullrich + * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net> * Originally part of pfSense (https://www.pfsense.org) * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgment: - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution. (http://www.pfsense.org/). + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). * - * 4. The names "pfSense" and "pfSense Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * coreteam@pfsense.org. + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. * - * 5. Products derived from this software may not be called "pfSense" - * nor may "pfSense" appear in their names without prior written - * permission of the Electric Sheep Fencing, LLC. + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: * - * "This product includes software developed by the pfSense Project - * for use in the pfSense software distribution (http://www.pfsense.org/). + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). * - * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. * - * ==================================================================== + * ==================================================================== * */ /* @@ -177,6 +177,7 @@ if ($_POST) { } } + if ($_GET['act'] == "del") { if ($a_filter[$_GET['id']]) { if (!empty($a_filter[$_GET['id']]['associated-rule-id'])) { @@ -186,6 +187,7 @@ if ($_GET['act'] == "del") { if (write_config()) { mark_subsystem_dirty('filter'); } + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } @@ -196,7 +198,27 @@ if ($_REQUEST['savemsg']) { $savemsg = htmlentities($_REQUEST['savemsg']); } -if ($_GET['act'] == "toggle") { +if (isset($_POST['del_x'])) { + /* delete selected rules */ + $deleted = false; + + if (is_array($_POST['rule']) && count($_POST['rule'])) { + foreach ($_POST['rule'] as $rulei) { + delete_nat_association($a_filter[$rulei]['associated-rule-id']); + unset($a_filter[$rulei]); + $deleted = true; + } + + if($deleted) { + if (write_config()) { + mark_subsystem_dirty('filter'); + } + } + + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); + exit; + } +} else if ($_GET['act'] == "toggle") { if ($a_filter[$_GET['id']]) { if (isset($a_filter[$_GET['id']]['disabled'])) { unset($a_filter[$_GET['id']]['disabled']); @@ -206,10 +228,11 @@ if ($_GET['act'] == "toggle") { if (write_config()) { mark_subsystem_dirty('filter'); } + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } -} else { +} else if($_POST['order-store']) { /* update rule order, POST[rule] is an array of ordered IDs */ if (is_array($_POST['rule']) && !empty($_POST['rule'])) { $a_filter_new = array(); @@ -222,6 +245,7 @@ if ($_GET['act'] == "toggle") { if (write_config()) { mark_subsystem_dirty('filter'); } + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } @@ -251,6 +275,7 @@ display_top_tabs($tab_array); <table class="table table-striped table-hover table-condensed"> <thead> <tr> + <th><!-- checkbox --></th> <th><!-- status icons --></th> <th><?=gettext("Proto");?></th> <th><?=gettext("Source");?></th> @@ -268,11 +293,12 @@ display_top_tabs($tab_array); <?php // Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1. if (!isset($config['system']['webgui']['noantilockout']) && - (((count($config['interfaces']) > 1) && ($if == 'lan')) || - ((count($config['interfaces']) == 1) && ($if == 'wan')))): + (((count($config['interfaces']) > 1) && ($if == 'lan')) || + ((count($config['interfaces']) == 1) && ($if == 'wan')))): $alports = implode('<br />', filter_get_antilockout_ports(true)); ?> <tr id="antilockout"> + <td></td> <td title="<?=gettext("traffic is passed")?>"><i class="icon icon-ok"></i></td> <td>*</td> <td>*</td> @@ -290,6 +316,7 @@ display_top_tabs($tab_array); <?php endif;?> <?php if (isset($config['interfaces'][$if]['blockpriv'])): ?> <tr id="frrfc1918"> + <td></td> <td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td> <td>*</td> <td><?=gettext("RFC 1918 networks");?></td> @@ -307,6 +334,7 @@ display_top_tabs($tab_array); <?php endif;?> <?php if (isset($config['interfaces'][$if]['blockbogons'])): ?> <tr id="frrfc1918"> + <td></td> <td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td> <td>*</td> <td><?=gettext("Reserved/not assigned by IANA");?></td> @@ -325,19 +353,23 @@ display_top_tabs($tab_array); </tbody> <tbody class="user-entries"> -<?php for ($i = 0; isset($a_filter[$i]); $i++): +<?php +$nrules = 0; +for ($i = 0; isset($a_filter[$i]); $i++): $filterent = $a_filter[$i]; - + if ($filterent['interface'] != $if && !isset($filterent['floating'])) continue; + if (isset($filterent['floating']) && "FloatingRules" != $if) continue; - - $nrules++; ?> - <tr<?=(isset($filterent['disabled']) ? ' class="disabled"' : '')?>> + <tr id="fr<?=$nrules;?>" onClick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';" <?=(isset($filterent['disabled']) ? ' class="disabled"' : '')?>> + <td > + <input type="checkbox" id="frc<?=$nrules;?>" onClick="fr_toggle(<?=$nrules;?>)" name="rule[]" value="<?=$i;?>"/> + </td> + <td title="<?=gettext("traffic is ").$filterent['type']."ed"?>"> - <input type="hidden" name="rule[]" value="<?=$i?>" /> <?php if ($filterent['type'] == "block") @@ -604,6 +636,7 @@ display_top_tabs($tab_array); </td> </tr> <?php + $nrules++; endfor; ?> </tbody> @@ -626,7 +659,8 @@ display_top_tabs($tab_array); <?php endif;?> <nav class="action-buttons"> - <input type="submit" id="order-store" class="btn btn-sm btn-primary" value="store changes" disabled="disabled" /> + <input type="submit" id="order-store" name="order-store" class="btn btn-sm btn-primary" value="store changes" disabled="disabled" /> + <input name="del_x" type="submit" class="btn btn-danger btn-sm" value="<?=gettext("Delete selected rules"); ?>" /> <a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>" role="button" class="btn btn-sm btn-success"> <?=gettext("add new");?> </a> @@ -662,6 +696,31 @@ else ?> <script> +function fr_toggle(id, prefix) { + if (!prefix) + prefix = 'fr'; + + var checkbox = document.getElementById(prefix + 'c' + id); + checkbox.checked = !checkbox.checked; + fr_bgcolor(id, prefix); +} + +function fr_bgcolor(id, prefix) { + if (!prefix) + prefix = 'fr'; + + var row = document.getElementById(prefix + id); + var checkbox = document.getElementById(prefix + 'c' + id); + var cells = row.getElementsByTagName('td'); + var cellcnt = cells.length; + + for (i = 0; i < cellcnt-1; i++) { + cells[i].style.backgroundColor = checkbox.checked ? "#DDF4FF" : "#FFFFFF"; + } +} +</script> + +<script> events.push(function() { // Make rules sortable $('table tbody.user-entries').sortable({ @@ -671,6 +730,12 @@ events.push(function() { } }); + // Check all of the rule checkboxes so that their values are posted + $('#order-store').click(function () { + $('[id^=frc]').prop('checked', true); + alert(); + }); + // Replace direct delete with quicker front-end action /*FIXME: event ordering $('.btn-danger').on('click', function(e){ |