diff options
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
-rw-r--r-- | usr/local/www/firewall_rules_edit.php | 899 |
1 files changed, 535 insertions, 364 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 03c6912..9d610ea 100644 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -66,8 +66,9 @@ function is_aoadv_used($rule_config) { ($rule_config['max-src-states'] != "") || ($rule_config['max-src-conn-rate'] != "") || ($rule_config['max-src-conn-rates'] != "") || - ($rule_config['statetimeout'] != "")) + ($rule_config['statetimeout'] != "")) { return true; + } return false; } @@ -107,98 +108,121 @@ if (!is_array($config['filter']['rule'])) { filter_rules_sort(); $a_filter = &$config['filter']['rule']; -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (is_numericint($_GET['after']) || $_GET['after'] == "-1") +if (is_numericint($_GET['after']) || $_GET['after'] == "-1") { $after = $_GET['after']; -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) +} +if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { $after = $_POST['after']; +} if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; + $id = $_GET['dup']; + $after = $_GET['dup']; } if (isset($id) && $a_filter[$id]) { $pconfig['interface'] = $a_filter[$id]['interface']; - if (isset($a_filter[$id]['id'])) + if (isset($a_filter[$id]['id'])) { $pconfig['ruleid'] = $a_filter[$id]['id']; + } - if ( isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']) ) + if (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])) { $pconfig['created'] = $a_filter[$id]['created']; + } - if ( isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated']) ) + if (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated'])) { $pconfig['updated'] = $a_filter[$id]['updated']; + } - if (!isset($a_filter[$id]['type'])) + if (!isset($a_filter[$id]['type'])) { $pconfig['type'] = "pass"; - else + } else { $pconfig['type'] = $a_filter[$id]['type']; + } if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") { $pconfig['floating'] = $a_filter[$id]['floating']; - if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "") + if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "") { $pconfig['interface'] = $a_filter[$id]['interface']; + } } - if (isset($a_filter['floating'])) + if (isset($a_filter['floating'])) { $pconfig['floating'] = "yes"; + } - if (isset($a_filter[$id]['direction'])) + if (isset($a_filter[$id]['direction'])) { $pconfig['direction'] = $a_filter[$id]['direction']; + } - if (isset($a_filter[$id]['ipprotocol'])) + if (isset($a_filter[$id]['ipprotocol'])) { $pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol']; + } - if (isset($a_filter[$id]['protocol'])) + if (isset($a_filter[$id]['protocol'])) { $pconfig['proto'] = $a_filter[$id]['protocol']; - else + } else { $pconfig['proto'] = "any"; + } - if ($a_filter[$id]['protocol'] == "icmp") + if ($a_filter[$id]['protocol'] == "icmp") { $pconfig['icmptype'] = $a_filter[$id]['icmptype']; + } address_to_pconfig($a_filter[$id]['source'], $pconfig['src'], $pconfig['srcmask'], $pconfig['srcnot'], $pconfig['srcbeginport'], $pconfig['srcendport']); - if($a_filter[$id]['os'] <> "") + if ($a_filter[$id]['os'] <> "") { $pconfig['os'] = $a_filter[$id]['os']; + } address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'], $pconfig['dstmask'], $pconfig['dstnot'], $pconfig['dstbeginport'], $pconfig['dstendport']); - if ($a_filter[$id]['dscp'] <> "") + if ($a_filter[$id]['dscp'] <> "") { $pconfig['dscp'] = $a_filter[$id]['dscp']; + } $pconfig['disabled'] = isset($a_filter[$id]['disabled']); $pconfig['log'] = isset($a_filter[$id]['log']); $pconfig['descr'] = $a_filter[$id]['descr']; - if (isset($a_filter[$id]['tcpflags_any'])) + if (isset($a_filter[$id]['tcpflags_any'])) { $pconfig['tcpflags_any'] = true; - else { - if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "") + } else { + if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "") { $pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1']; - if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "") + } + if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "") { $pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2']; + } } - if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "") + if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "") { $pconfig['tag'] = $a_filter[$id]['tag']; - if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "") + } + if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "") { $pconfig['tagged'] = $a_filter[$id]['tagged']; - if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick']) + } + if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick']) { $pconfig['quick'] = $a_filter[$id]['quick']; - if (isset($a_filter[$id]['allowopts'])) + } + if (isset($a_filter[$id]['allowopts'])) { $pconfig['allowopts'] = true; - if (isset($a_filter[$id]['disablereplyto'])) + } + if (isset($a_filter[$id]['disablereplyto'])) { $pconfig['disablereplyto'] = true; + } /* advanced */ $pconfig['max'] = $a_filter[$id]['max']; @@ -230,15 +254,17 @@ if (isset($id) && $a_filter[$id]) { $pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']); $pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']); $pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']); - if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) + if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) { $pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; + } $pconfig['tracker'] = $a_filter[$id]['tracker']; } else { /* defaults */ - if ($_GET['if']) + if ($_GET['if']) { $pconfig['interface'] = $_GET['if']; + } $pconfig['type'] = "pass"; $pconfig['src'] = "any"; $pconfig['dst'] = "any"; @@ -246,8 +272,9 @@ if (isset($id) && $a_filter[$id]) { /* Allow the FloatingRules to work */ $if = $pconfig['interface']; -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) +if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); +} read_altq_config(); /* XXX: */ $qlist =& get_unique_queue_list(); @@ -260,27 +287,28 @@ $a_gatewaygroups = return_gateway_groups_array(); if ($_POST) { unset($input_errors); - if( isset($a_filter[$id]['associated-rule-id']) ) { + if (isset($a_filter[$id]['associated-rule-id'])) { $_POST['proto'] = $pconfig['proto']; - if ($pconfig['proto'] == "icmp") + if ($pconfig['proto'] == "icmp") { $_POST['icmptype'] = $pconfig['icmptype']; + } } if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "")) { - if(is_array($config['gateways']['gateway_group'])) { - foreach($config['gateways']['gateway_group'] as $gw_group) { - if($gw_group['name'] == $_POST['gateway']) { + if (is_array($config['gateways']['gateway_group'])) { + foreach ($config['gateways']['gateway_group'] as $gw_group) { + if ($gw_group['name'] == $_POST['gateway']) { $family = $a_gatewaygroups[$_POST['gateway']]['ipprotocol']; - if($_POST['ipprotocol'] == $family) { + if ($_POST['ipprotocol'] == $family) { continue; } - if(($_POST['ipprotocol'] == "inet46") && ($_POST['ipprotocol'] != $family)) { + if (($_POST['ipprotocol'] == "inet46") && ($_POST['ipprotocol'] != $family)) { $input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6"); } - if(($_POST['ipprotocol'] == "inet6") && ($_POST['ipprotocol'] != $family)) { + if (($_POST['ipprotocol'] == "inet6") && ($_POST['ipprotocol'] != $family)) { $input_errors[] = gettext("You can not assign an IPv4 gateway group on IPv6 Address Family rule"); } - if(($_POST['ipprotocol'] == "inet") && ($_POST['ipprotocol'] != $family)) { + if (($_POST['ipprotocol'] == "inet") && ($_POST['ipprotocol'] != $family)) { $input_errors[] = gettext("You can not assign an IPv6 gateway group on IPv4 Address Family rule"); } } @@ -288,19 +316,20 @@ if ($_POST) { } } if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "") && (is_ipaddr(lookup_gateway_ip_by_name($_POST['gateway'])))) { - if(($_POST['ipprotocol'] == "inet46") && ($_POST['gateway'] <> "")) { + if (($_POST['ipprotocol'] == "inet46") && ($_POST['gateway'] <> "")) { $input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6"); } - if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) { + if (($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) { $input_errors[] = gettext("You can not assign an IPv4 Gateway to an IPv6 Filter rule"); } - if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) { + if (($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) { $input_errors[] = gettext("You can not assign an IPv6 Gateway to an IPv4 Filter rule"); } } - if (($_POST['proto'] == "icmp") && ($_POST['icmptype'] <> "")){ - if($_POST['ipprotocol'] == "inet46") + if (($_POST['proto'] == "icmp") && ($_POST['icmptype'] <> "")) { + if ($_POST['ipprotocol'] == "inet46") { $input_errors[] = gettext("You can not assign a ICMP type to a rule that applies to IPv4 and IPv6"); + } } if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { @@ -309,83 +338,95 @@ if ($_POST) { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } else { - if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) { $_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']); - if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + } + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) { $_POST['srcendport'] = trim($_POST['srcendport_cust']); + } if ($_POST['srcbeginport'] == "any") { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; } else { - if (!$_POST['srcendport']) + if (!$_POST['srcendport']) { $_POST['srcendport'] = $_POST['srcbeginport']; + } } - if ($_POST['srcendport'] == "any") + if ($_POST['srcendport'] == "any") { $_POST['srcendport'] = $_POST['srcbeginport']; + } - if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) { $_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']); - if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + } + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) { $_POST['dstendport'] = trim($_POST['dstendport_cust']); + } if ($_POST['dstbeginport'] == "any") { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } else { - if (!$_POST['dstendport']) + if (!$_POST['dstendport']) { $_POST['dstendport'] = $_POST['dstbeginport']; + } } - if ($_POST['dstendport'] == "any") + if ($_POST['dstendport'] == "any") { $_POST['dstendport'] = $_POST['dstbeginport']; + } } if (is_specialnet($_POST['srctype'])) { $_POST['src'] = $_POST['srctype']; $_POST['srcmask'] = 0; } else if ($_POST['srctype'] == "single") { - if (is_ipaddrv6($_POST['src'])) + if (is_ipaddrv6($_POST['src'])) { $_POST['srcmask'] = 128; - else + } else { $_POST['srcmask'] = 32; + } } if (is_specialnet($_POST['dsttype'])) { $_POST['dst'] = $_POST['dsttype']; $_POST['dstmask'] = 0; } else if ($_POST['dsttype'] == "single") { - if (is_ipaddrv6($_POST['dst'])) + if (is_ipaddrv6($_POST['dst'])) { $_POST['dstmask'] = 128; - else + } else { $_POST['dstmask'] = 32; + } } $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "type proto"); - if ( isset($a_filter[$id]['associated-rule-id'])===false ) { + if (isset($a_filter[$id]['associated-rule-id'])===false) { $reqdfields[] = "src"; $reqdfields[] = "dst"; } $reqdfieldsn = explode(",", "Type,Protocol"); - if ( isset($a_filter[$id]['associated-rule-id'])===false ) { + if (isset($a_filter[$id]['associated-rule-id'])===false) { $reqdfieldsn[] = "Source"; $reqdfieldsn[] = "Destination"; } - if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") { - if( $_POST['proto'] != "tcp" ) + if ($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") { + if ($_POST['proto'] != "tcp") { $input_errors[] = sprintf(gettext("%s is only valid with protocol TCP."),$_POST['statetype']); - if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != "")) + } + if (($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != "")) { $input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']); + } } - if ( isset($a_filter[$id]['associated-rule-id'])===false && - (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) ) { + if (isset($a_filter[$id]['associated-rule-id'])===false && + (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single")))) { $reqdfields[] = "srcmask"; $reqdfieldsn[] = "Source bit count"; } - if ( isset($a_filter[$id]['associated-rule-id'])===false && - (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) ) { + if (isset($a_filter[$id]['associated-rule-id'])===false && + (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single")))) { $reqdfields[] = "dstmask"; $reqdfieldsn[] = gettext("Destination bit count"); } @@ -401,48 +442,64 @@ if ($_POST) { $_POST['dstendport'] = 0; } - if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) + if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']); - if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) + } + if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']); - if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) + } + if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) { $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']); - if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) + } + if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) { $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']); - if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) - if (is_alias($_POST['srcendport_cust'])) + } + if (!$_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) { + if (is_alias($_POST['srcendport_cust'])) { $input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field'; - if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){ - if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust']) + } + } + if ($_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) { + if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust']) { $input_errors[] = 'The same port alias must be used in Source port range from: and to: fields'; + } if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) || - ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust']))) + ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust']))) { $input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field'; + } } - if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) - if (is_alias($_POST['dstendport_cust'])) + if (!$_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) { + if (is_alias($_POST['dstendport_cust'])) { $input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field'; - if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){ - if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust']) + } + } + if ($_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) { + if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust']) { $input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields'; + } if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) || - ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust']))) + ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust']))) { $input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field'; + } } - if ($_POST['src']) + if ($_POST['src']) { $_POST['src'] = trim($_POST['src']); - if ($_POST['dst']) + } + if ($_POST['dst']) { $_POST['dst'] = trim($_POST['dst']); + } /* if user enters an alias and selects "network" then disallow. */ - if($_POST['srctype'] == "network") { - if(is_alias($_POST['src'])) + if ($_POST['srctype'] == "network") { + if (is_alias($_POST['src'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); + } } - if($_POST['dsttype'] == "network") { - if(is_alias($_POST['dst'])) + if ($_POST['dsttype'] == "network") { + if (is_alias($_POST['dst'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); + } } if (!is_specialnet($_POST['srctype'])) { @@ -461,17 +518,21 @@ if ($_POST) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } - if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) { - if(!validate_address_family($_POST['src'], $_POST['dst'])) + if ((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) { + if (!validate_address_family($_POST['src'], $_POST['dst'])) { $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']); - if((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet")) + } + if ((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet")) { $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules."); - if((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6")) + } + if ((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6")) { $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules."); + } } - if((is_ipaddr($_POST['src']) || is_ipaddr($_POST['dst'])) && ($_POST['ipprotocol'] == "inet46")) + if ((is_ipaddr($_POST['src']) || is_ipaddr($_POST['dst'])) && ($_POST['ipprotocol'] == "inet46")) { $input_errors[] = gettext("You can not use a IPv4 or IPv6 address in combined IPv4 + IPv6 rules."); + } if ($_POST['srcbeginport'] > $_POST['srcendport']) { /* swap */ @@ -486,115 +547,150 @@ if ($_POST) { $_POST['dstbeginport'] = $tmp; } if ($_POST['os']) { - if( $_POST['proto'] != "tcp" ) + if ($_POST['proto'] != "tcp") { $input_errors[] = gettext("OS detection is only valid with protocol TCP."); - if (!in_array($_POST['os'], $ostypes)) + } + if (!in_array($_POST['os'], $ostypes)) { $input_errors[] = gettext("Invalid OS detection selection. Please select a valid OS."); + } } if ($_POST['ackqueue'] != "") { - if ($_POST['defaultqueue'] == "" ) + if ($_POST['defaultqueue'] == "") { $input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too."); - else if ($_POST['ackqueue'] == $_POST['defaultqueue']) + } else if ($_POST['ackqueue'] == $_POST['defaultqueue']) { $input_errors[] = gettext("Acknowledge queue and Queue cannot be the same."); + } } - if (isset($_POST['floating']) && $_POST['pdnpipe'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) + if (isset($_POST['floating']) && $_POST['pdnpipe'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) { $input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction."); - if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) + } + if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) { $input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction."); + } if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "") { - if ($_POST['dnpipe'] == "" ) + if ($_POST['dnpipe'] == "") { $input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too."); - else if ($_POST['pdnpipe'] == $_POST['dnpipe']) + } else if ($_POST['pdnpipe'] == $_POST['dnpipe']) { $input_errors[] = gettext("In and Out Queue cannot be the same."); - else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?") + } else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?") { $input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. Both must be from the same type."); - else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?") + } else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?") { $input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. Both must be from the same type."); - if ($_POST['direction'] == "out" && empty($_POST['gateway'])) + } + if ($_POST['direction'] == "out" && empty($_POST['gateway'])) { $input_errors[] = gettext("Please select a gateway, normally the interface selected gateway, so the limiters work correctly"); + } } - if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid'])) + if (!empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid'])) { $input_errors[] = gettext('ID must be an integer'); - if($_POST['l7container'] && $_POST['l7container'] != "") { - if(!($_POST['proto'] == "tcp" || $_POST['proto'] == "udp" || $_POST['proto'] == "tcp/udp")) + } + if ($_POST['l7container'] && $_POST['l7container'] != "") { + if (!($_POST['proto'] == "tcp" || $_POST['proto'] == "udp" || $_POST['proto'] == "tcp/udp")) { $input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols"); - if ($_POST['type'] <> "pass") + } + if ($_POST['type'] <> "pass") { $input_errors[] = gettext("You can only select a layer7 container for Pass type rules."); + } } if (!in_array($_POST['proto'], array("tcp","tcp/udp"))) { - if (!empty($_POST['max-src-conn'])) + if (!empty($_POST['max-src-conn'])) { $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for TCP protocol."); - if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + } + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) { $input_errors[] = gettext("You can only specify the maximum new connections per host / per second(s) (advanced option) for TCP protocol."); - if (!empty($_POST['statetimeout'])) + } + if (!empty($_POST['statetimeout'])) { $input_errors[] = gettext("You can only specify the state timeout (advanced option) for TCP protocol."); + } } if ($_POST['type'] <> "pass") { - if (!empty($_POST['max'])) + if (!empty($_POST['max'])) { $input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for Pass type rules."); - if (!empty($_POST['max-src-nodes'])) + } + if (!empty($_POST['max-src-nodes'])) { $input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for Pass type rules."); - if (!empty($_POST['max-src-conn'])) + } + if (!empty($_POST['max-src-conn'])) { $input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for Pass type rules."); - if (!empty($_POST['max-src-states'])) + } + if (!empty($_POST['max-src-states'])) { $input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for Pass type rules."); - if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + } + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) { $input_errors[] = gettext("You can only specify the maximum new connections per host / per second(s) (advanced option) for Pass type rules."); - if (!empty($_POST['statetimeout'])) + } + if (!empty($_POST['statetimeout'])) { $input_errors[] = gettext("You can only specify the state timeout (advanced option) for Pass type rules."); + } } if (($_POST['statetype'] == "none") && (empty($_POST['l7container']))) { - if (!empty($_POST['max'])) + if (!empty($_POST['max'])) { $input_errors[] = gettext("You cannot specify the maximum state entries (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['max-src-nodes'])) + } + if (!empty($_POST['max-src-nodes'])) { $input_errors[] = gettext("You cannot specify the maximum number of unique source hosts (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['max-src-conn'])) + } + if (!empty($_POST['max-src-conn'])) { $input_errors[] = gettext("You cannot specify the maximum number of established connections per host (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['max-src-states'])) + } + if (!empty($_POST['max-src-states'])) { $input_errors[] = gettext("You cannot specify the maximum state entries per host (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) + } + if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) { $input_errors[] = gettext("You cannot specify the maximum new connections per host / per second(s) (advanced option) if statetype is none and no L7 container is selected."); - if (!empty($_POST['statetimeout'])) + } + if (!empty($_POST['statetimeout'])) { $input_errors[] = gettext("You cannot specify the state timeout (advanced option) if statetype is none and no L7 container is selected."); + } } - if (($_POST['max'] != "") && !is_posnumericint($_POST['max'])) + if (($_POST['max'] != "") && !is_posnumericint($_POST['max'])) { $input_errors[] = gettext("Maximum state entries (advanced option) must be a positive integer"); + } - if (($_POST['max-src-nodes'] != "") && !is_posnumericint($_POST['max-src-nodes'])) + if (($_POST['max-src-nodes'] != "") && !is_posnumericint($_POST['max-src-nodes'])) { $input_errors[] = gettext("Maximum number of unique source hosts (advanced option) must be a positive integer"); + } - if (($_POST['max-src-conn'] != "") && !is_posnumericint($_POST['max-src-conn'])) + if (($_POST['max-src-conn'] != "") && !is_posnumericint($_POST['max-src-conn'])) { $input_errors[] = gettext("Maximum number of established connections per host (advanced option) must be a positive integer"); + } - if (($_POST['max-src-states'] != "") && !is_posnumericint($_POST['max-src-states'])) + if (($_POST['max-src-states'] != "") && !is_posnumericint($_POST['max-src-states'])) { $input_errors[] = gettext("Maximum state entries per host (advanced option) must be a positive integer"); + } - if (($_POST['max-src-conn-rate'] != "") && !is_posnumericint($_POST['max-src-conn-rate'])) + if (($_POST['max-src-conn-rate'] != "") && !is_posnumericint($_POST['max-src-conn-rate'])) { $input_errors[] = gettext("Maximum new connections per host / per second(s) (advanced option) must be a positive integer"); + } - if (($_POST['statetimeout'] != "") && !is_posnumericint($_POST['statetimeout'])) + if (($_POST['statetimeout'] != "") && !is_posnumericint($_POST['statetimeout'])) { $input_errors[] = gettext("State timeout (advanced option) must be a positive integer"); + } - if ((($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] == "")) || - (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> ""))) + if ((($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] == "")) || + (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> ""))) { $input_errors[] = gettext("Both maximum new connections per host and the interval (per second(s)) must be specified"); + } if (!$_POST['tcpflags_any']) { $settcpflags = array(); $outoftcpflags = array(); foreach ($tcpflags as $tcpflag) { - if ($_POST['tcpflags1_' . $tcpflag] == "on") + if ($_POST['tcpflags1_' . $tcpflag] == "on") { $settcpflags[] = $tcpflag; - if ($_POST['tcpflags2_' . $tcpflag] == "on") + } + if ($_POST['tcpflags2_' . $tcpflag] == "on") { $outoftcpflags[] = $tcpflag; + } } - if (empty($outoftcpflags) && !empty($settcpflags)) + if (empty($outoftcpflags) && !empty($settcpflags)) { $input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well."); + } } // Allow extending of the firewall edit page and include custom input validation @@ -607,11 +703,13 @@ if ($_POST) { $filterent['tracker'] = empty($_POST['tracker']) ? (int)microtime(true) : $_POST['tracker']; $filterent['type'] = $_POST['type']; - if (isset($_POST['interface'] )) + if (isset($_POST['interface'])) { $filterent['interface'] = $_POST['interface']; + } - if (isset($_POST['ipprotocol'] )) + if (isset($_POST['ipprotocol'])) { $filterent['ipprotocol'] = $_POST['ipprotocol']; + } if ($_POST['tcpflags_any']) { $filterent['tcpflags_any'] = true; @@ -619,26 +717,32 @@ if ($_POST) { $settcpflags = array(); $outoftcpflags = array(); foreach ($tcpflags as $tcpflag) { - if ($_POST['tcpflags1_' . $tcpflag] == "on") + if ($_POST['tcpflags1_' . $tcpflag] == "on") { $settcpflags[] = $tcpflag; - if ($_POST['tcpflags2_' . $tcpflag] == "on") + } + if ($_POST['tcpflags2_' . $tcpflag] == "on") { $outoftcpflags[] = $tcpflag; + } } if (!empty($outoftcpflags)) { $filterent['tcpflags2'] = join(",", $outoftcpflags); - if (!empty($settcpflags)) + if (!empty($settcpflags)) { $filterent['tcpflags1'] = join(",", $settcpflags); + } } } - if (isset($_POST['tag'])) + if (isset($_POST['tag'])) { $filterent['tag'] = $_POST['tag']; - if (isset($_POST['tagged'])) + } + if (isset($_POST['tagged'])) { $filterent['tagged'] = $_POST['tagged']; + } if ($if == "FloatingRules" || isset($_POST['floating'])) { $filterent['direction'] = $_POST['direction']; - if (isset($_POST['quick']) && $_POST['quick'] <> "") + if (isset($_POST['quick']) && $_POST['quick'] <> "") { $filterent['quick'] = $_POST['quick']; + } $filterent['floating'] = "yes"; if (isset($_POST['interface']) && count($_POST['interface']) > 0) { $filterent['interface'] = implode(",", $_POST['interface']); @@ -646,14 +750,16 @@ if ($_POST) { } /* Advanced options */ - if ($_POST['allowopts'] == "yes") + if ($_POST['allowopts'] == "yes") { $filterent['allowopts'] = true; - else + } else { unset($filterent['allowopts']); - if ($_POST['disablereplyto'] == "yes") + } + if ($_POST['disablereplyto'] == "yes") { $filterent['disablereplyto'] = true; - else + } else { unset($filterent['disablereplyto']); + } $filterent['max'] = $_POST['max']; $filterent['max-src-nodes'] = $_POST['max-src-nodes']; $filterent['max-src-conn'] = $_POST['max-src-conn']; @@ -661,19 +767,21 @@ if ($_POST) { $filterent['statetimeout'] = $_POST['statetimeout']; $filterent['statetype'] = $_POST['statetype']; $filterent['os'] = $_POST['os']; - if($_POST['nopfsync'] <> "") + if ($_POST['nopfsync'] <> "") { $filterent['nopfsync'] = true; - else + } else { unset($filterent['nopfsync']); + } /* Nosync directive - do not xmlrpc sync this item */ - if($_POST['nosync'] <> "") + if ($_POST['nosync'] <> "") { $filterent['nosync'] = true; - else + } else { unset($filterent['nosync']); + } /* unless both values are provided, unset the values - ticket #650 */ - if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") { + if ($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") { $filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate']; $filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates']; } else { @@ -681,20 +789,23 @@ if ($_POST) { unset($filterent['max-src-conn-rates']); } - if ($_POST['proto'] != "any") + if ($_POST['proto'] != "any") { $filterent['protocol'] = $_POST['proto']; - else + } else { unset($filterent['protocol']); + } if ($_POST['proto'] == "icmp") { - if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type']) + if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type']) { $filterent['icmptype'] = $_POST['icmp6type']; - else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype']) + } else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype']) { $filterent['icmptype'] = $_POST['icmptype']; - else + } else { unset($filterent['icmptype']); - } else + } + } else { unset($filterent['icmptype']); + } pconfig_to_address($filterent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot'], @@ -704,18 +815,21 @@ if ($_POST) { $_POST['dstmask'], $_POST['dstnot'], $_POST['dstbeginport'], $_POST['dstendport']); - if ($_POST['disabled']) + if ($_POST['disabled']) { $filterent['disabled'] = true; - else + } else { unset($filterent['disabled']); + } - if ($_POST['dscp']) + if ($_POST['dscp']) { $filterent['dscp'] = $_POST['dscp']; + } - if ($_POST['log']) + if ($_POST['log']) { $filterent['log'] = true; - else + } else { unset($filterent['log']); + } strncpy($filterent['descr'], $_POST['descr'], 52); if ($_POST['gateway'] != "") { @@ -724,14 +838,16 @@ if ($_POST) { if ($_POST['defaultqueue'] != "") { $filterent['defaultqueue'] = $_POST['defaultqueue']; - if ($_POST['ackqueue'] != "") + if ($_POST['ackqueue'] != "") { $filterent['ackqueue'] = $_POST['ackqueue']; + } } if ($_POST['dnpipe'] != "") { $filterent['dnpipe'] = $_POST['dnpipe']; - if ($_POST['pdnpipe'] != "") + if ($_POST['pdnpipe'] != "") { $filterent['pdnpipe'] = $_POST['pdnpipe']; + } } if ($_POST['l7container'] != "") { @@ -750,49 +866,55 @@ if ($_POST) { } // If we have an associated nat rule, make sure the source and destination doesn't change - if( isset($a_filter[$id]['associated-rule-id']) ) { + if (isset($a_filter[$id]['associated-rule-id'])) { $filterent['interface'] = $a_filter[$id]['interface']; - if (isset($a_filter[$id]['protocol'])) + if (isset($a_filter[$id]['protocol'])) { $filterent['protocol'] = $a_filter[$id]['protocol']; - else if (isset($filterent['protocol'])) + } else if (isset($filterent['protocol'])) { unset($filterent['protocol']); - if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype']) + } + if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype']) { $filterent['icmptype'] = $a_filter[$id]['icmptype']; - else if (isset($filterent['icmptype'])) + } else if (isset($filterent['icmptype'])) { unset($filterent['icmptype']); + } $filterent['source'] = $a_filter[$id]['source']; $filterent['destination'] = $a_filter[$id]['destination']; $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } - if ( isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']) ) + if (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])) { $filterent['created'] = $a_filter[$id]['created']; + } $filterent['updated'] = make_config_revision_entry(); // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); - if (isset($id) && $a_filter[$id]) + if (isset($id) && $a_filter[$id]) { $a_filter[$id] = $filterent; - else { + } else { $filterent['created'] = make_config_revision_entry(); - if (is_numeric($after)) + if (is_numeric($after)) { array_splice($a_filter, $after+1, 0, array($filterent)); - else + } else { $a_filter[] = $filterent; + } } filter_rules_sort(); - if (write_config()) + if (write_config()) { mark_subsystem_dirty('filter'); + } - if (isset($_POST['floating'])) + if (isset($_POST['floating'])) { header("Location: firewall_rules.php?if=FloatingRules"); - else + } else { header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface'])); + } exit; } } @@ -868,7 +990,7 @@ include("head.inc"); </tr> <?php endif; ?> <?php $edit_disabled = ""; ?> -<?php if( isset($pconfig['associated-rule-id']) ): ?> +<?php if (isset($pconfig['associated-rule-id'])): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td> <td width="78%" class="vtable"> @@ -878,16 +1000,17 @@ include("head.inc"); <?php $edit_disabled = "disabled"; if (is_array($config['nat']['rule'])) { - foreach( $config['nat']['rule'] as $index => $nat_rule ) { - if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) { + foreach ($config['nat']['rule'] as $index => $nat_rule) { + if (isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id']) { echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br />"; break; } } } echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' />"; - if (!empty($pconfig['interface'])) + if (!empty($pconfig['interface'])) { echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' />"; + } ?> <script type="text/javascript"> //<![CDATA[ @@ -905,38 +1028,52 @@ include("head.inc"); <?php else: ?> <select name="interface" class="formselect" <?=$edit_disabled;?>> <?php endif; - /* add group interfaces */ - if (is_array($config['ifgroups']['ifgroupentry'])) - foreach($config['ifgroups']['ifgroupentry'] as $ifgen) - if (have_ruleint_access($ifgen['ifname'])) - $interfaces[$ifgen['ifname']] = $ifgen['ifname']; - $ifdescs = get_configured_interface_with_descr(); - // Allow extending of the firewall edit page and include custom input validation - pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit"); - foreach ($ifdescs as $ifent => $ifdesc) - if(have_ruleint_access($ifent)) - $interfaces[$ifent] = $ifdesc; - if ($config['l2tp']['mode'] == "server") - if(have_ruleint_access("l2tp")) + /* add group interfaces */ + if (is_array($config['ifgroups']['ifgroupentry'])) { + foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) { + if (have_ruleint_access($ifgen['ifname'])) { + $interfaces[$ifgen['ifname']] = $ifgen['ifname']; + } + } + } + $ifdescs = get_configured_interface_with_descr(); + // Allow extending of the firewall edit page and include custom input validation + pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit"); + foreach ($ifdescs as $ifent => $ifdesc) { + if (have_ruleint_access($ifent)) { + $interfaces[$ifent] = $ifdesc; + } + } + if ($config['l2tp']['mode'] == "server") { + if (have_ruleint_access("l2tp")) { $interfaces['l2tp'] = "L2TP VPN"; - if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + } + } + if ($config['pptpd']['mode'] == "server") { + if (have_ruleint_access("pptp")) { $interfaces['pptp'] = "PPTP VPN"; + } + } - if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) { $interfaces['pppoe'] = "PPPoE Server"; + } /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - if(have_ruleint_access("enc0")) + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) { + if (have_ruleint_access("enc0")) { $interfaces["enc0"] = "IPsec"; + } + } /* add openvpn/tun interfaces */ - if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) { $interfaces["openvpn"] = "OpenVPN"; - if (is_array($pconfig['interface'])) + } + if (is_array($pconfig['interface'])) { $pconfig['interface'] = implode(",", $pconfig['interface']); + } $selected_interfaces = explode(",", $pconfig['interface']); foreach ($interfaces as $iface => $ifacename): ?> - <option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 || in_array($iface, $selected_interfaces) )) echo "selected=\"selected\""; ?>><?=$ifacename?></option> + <option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && (strcasecmp($pconfig['interface'], $iface) == 0 || in_array($iface, $selected_interfaces))) echo "selected=\"selected\""; ?>><?=$ifacename?></option> <?php endforeach; ?> </select> <br /> @@ -954,7 +1091,7 @@ include("head.inc"); </td> <td width="78%" class="vtable"> <select name="direction" class="formselect"> - <?php $directions = array('any','in','out'); + <?php $directions = array('any','in','out'); foreach ($directions as $direction): ?> <option value="<?=$direction;?>" <?php if ($direction == $pconfig['direction']): ?> @@ -971,9 +1108,11 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td> <td width="78%" class="vtable"> <select name="ipprotocol" class="formselect" onchange="proto_change()"> - <?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6' ); - foreach ($ipproto as $proto => $name): ?> - <option value="<?=$proto;?>" + <?php + $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6'); + foreach ($ipproto as $proto => $name): + ?> + <option value="<?=$proto;?>" <?php if ($proto == $pconfig['ipprotocol']): ?> selected="selected" <?php endif; ?> @@ -1044,37 +1183,43 @@ include("head.inc"); <td> <select <?=$edit_disabled;?> name="srctype" class="formselect" onchange="typesel_change()"> <?php - $sel = is_specialnet($pconfig['src']); ?> + $sel = is_specialnet($pconfig['src']); +?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any");?></option> <option value="single" - <?php if (!$sel && - ((is_ipaddrv6($pconfig['src']) && $pconfig['srcmask'] == 128) || - (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] == 32) || is_alias($pconfig['src']))) - { echo "selected=\"selected\""; $sel = 1; } - ?> + <?php + if (!$sel && + ((is_ipaddrv6($pconfig['src']) && $pconfig['srcmask'] == 128) || + (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] == 32) || is_alias($pconfig['src']))) { + echo "selected=\"selected\""; $sel = 1; + } + ?> > <?=gettext("Single host or alias");?></option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network");?></option> - <?PHP if (isset($a_filter[$id]['floating']) || $if == "FloatingRules"): ?> - <option value="(self)" <?PHP if ($pconfig['src'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option> - <?PHP endif;?> - <?php if(have_ruleint_access("pptp")): ?> - <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option> + <?php if (isset($a_filter[$id]['floating']) || $if == "FloatingRules"): ?> + <option value="(self)" <?php if ($pconfig['src'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option> + <?php endif;?> + <?php if (have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option> <?php endif; ?> - <?php if(have_ruleint_access("pppoe")): ?> - <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option> + <?php if (have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option> <?php endif; ?> - <?php if(have_ruleint_access("l2tp")): ?> - <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option> + <?php if (have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option> <?php endif; ?> <?php - foreach ($ifdisp as $ifent => $ifdesc): ?> - <?php if(have_ruleint_access($ifent)): ?> + foreach ($ifdisp as $ifent => $ifdesc): +?> + <?php if (have_ruleint_access($ifent)): ?> <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net");?></option> <option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>> <?=$ifdesc?> <?=gettext("address");?> </option> <?php endif; ?> -<?php endforeach; ?> +<?php + endforeach; +?> </select> </td> </tr> @@ -1092,7 +1237,7 @@ include("head.inc"); </table> <div id="showadvancedboxspr"> <p> - <input <?=$edit_disabled;?> type="button" onclick="show_source_port_range()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source port range");?> + <input <?=$edit_disabled;?> type="button" onclick="show_source_port_range()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source port range");?> </p> </div> </td> @@ -1137,10 +1282,10 @@ include("head.inc"); <td width="78%" class="vtable"> <input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> /> <strong><?=gettext("not");?></strong> - <br /> + <br /> <?=gettext("Use this option to invert the sense of the match.");?> - <br /> - <br /> + <br /> + <br /> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td><?=gettext("Type:");?> </td> @@ -1150,26 +1295,28 @@ include("head.inc"); $sel = is_specialnet($pconfig['dst']); ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any");?></option> <option value="single" - <?php if (!$sel && + <?php + if (!$sel && ((is_ipaddrv6($pconfig['dst']) && $pconfig['dstmask'] == 128) || - (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] == 32) || is_alias($pconfig['dst']))) - { echo "selected=\"selected\""; $sel = 1; } + (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] == 32) || is_alias($pconfig['dst']))) { + echo "selected=\"selected\""; $sel = 1; + } ?> ><?=gettext("Single host or alias");?></option> <option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network");?></option> <option value="(self)" <?PHP if ($pconfig['dst'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option> - <?php if(have_ruleint_access("pptp")): ?> + <?php if (have_ruleint_access("pptp")): ?> <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option> <?php endif; ?> - <?php if(have_ruleint_access("pppoe")): ?> + <?php if (have_ruleint_access("pppoe")): ?> <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option> <?php endif; ?> - <?php if(have_ruleint_access("l2tp")): ?> + <?php if (have_ruleint_access("l2tp")): ?> <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option> <?php endif; ?> <?php foreach ($ifdisp as $if => $ifdesc): ?> - <?php if(have_ruleint_access($if)): ?> + <?php if (have_ruleint_access($if)): ?> <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net");?></option> <option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>> <?=$ifdesc;?> <?=gettext("address");?> @@ -1185,9 +1332,7 @@ include("head.inc"); <input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" /> / <select <?=$edit_disabled;?> name="dstmask" class="formselect ipv4v6" id="dstmask"> -<?php - for ($i = 127; $i > 0; -$i--): ?> +<?php for ($i = 127; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> <?php endfor; ?> </select> @@ -1223,7 +1368,7 @@ $i--): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars("{$wkportdesc} ({$wkport})");?></option> <?php endforeach; ?> </select> - <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" /> + <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" /> </td> </tr> </table> @@ -1282,12 +1427,9 @@ $i--): ?> <?=gettext("OS Type:");?> <select name="os" id="os" class="formselect"> <option value="" <?php if (empty($pconfig['os'])) echo "selected=\"selected\""; ?>>Any</option> -<?php - foreach ($ostypes as $ostype): ?> +<?php foreach ($ostypes as $ostype): ?> <option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($ostype);?></option> -<?php - endforeach; -?> +<?php endforeach; ?> </select> <br /> <?=gettext("Note: this only works for TCP rules. General OS choice matches all subtypes.");?> @@ -1303,8 +1445,8 @@ $i--): ?> <div id="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>> <select name="dscp" id="dscp"> <option value=""></option> - <?php foreach($firewall_rules_dscp_types as $frdt): ?> - <option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " selected=\"selected\""; ?>><?=$frdt?></option> + <?php foreach ($firewall_rules_dscp_types as $frdt): ?> + <option value="<?=$frdt?>"<?php if ($pconfig['dscp'] == $frdt) echo " selected=\"selected\""; ?>><?=$frdt?></option> <?php endforeach; ?> </select> </div> @@ -1317,10 +1459,10 @@ $i--): ?> <input type="button" onclick="show_aodiv();" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> </div> <div id="aodivmain" <?php if (!is_aoadv_used($pconfig)) echo "style='display:none'"; ?>> - <input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked=\"checked\""; ?> /> + <input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if ($pconfig['allowopts'] == true) echo " checked=\"checked\""; ?> /> <br /><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?> </span><p> - <input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked=\"checked\""; ?> /> + <input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if ($pconfig['disablereplyto'] == true) echo " checked=\"checked\""; ?> /> <br /><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?> </span></p><p> <input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>" /> @@ -1335,10 +1477,11 @@ $i--): ?> <input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>" /><br /><?=gettext(" Maximum state entries per host");?></p><p> <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>" /> / <select name="max-src-conn-rates" id="max-src-conn-rates"> - <option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected=\"selected\""; ?>></option> -<?php for($x=1; $x<255; $x++) { - if($x == $pconfig['max-src-conn-rates']) $selected = " selected=\"selected\""; else $selected = ""; - echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n"; + <option value=""<?php if (intval($pconfig['max-src-conn-rates']) < 1) echo " selected=\"selected\""; ?>></option> +<?php for ($x=1; $x<255; $x++) { + if ($x == $pconfig['max-src-conn-rates']) $selected = " selected=\"selected\""; else $selected = ""; { + echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n"; + } } ?> </select><br /> <?=gettext("Maximum new connections per host / per second(s) (TCP only)");?> @@ -1353,41 +1496,43 @@ $i--): ?> <tr id="tcpflags"> <td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td> <td width="78%" class="vtable"> - <div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] || $pconfig['tcpflags1'] || $pconfig['tcpflags2']) echo "style='display:none'"; ?>> - <input type="button" onclick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> - </div> - <div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>> - <div id="tcpheader" align="center"> - <table border="0" cellspacing="0" cellpadding="0"> - <?php - $setflags = explode(",", $pconfig['tcpflags1']); - $outofflags = explode(",", $pconfig['tcpflags2']); - $header = "<td width='40' class='nowrap'></td>"; - $tcpflags1 = "<td width='40' class='nowrap'>set</td>"; - $tcpflags2 = "<td width='40' class='nowrap'>out of</td>"; - foreach ($tcpflags as $tcpflag) { - $header .= "<td width='40' class='nowrap'><strong>" . strtoupper($tcpflag) . "</strong></td>\n"; - $tcpflags1 .= "<td width='40' class='nowrap'> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' "; - if (array_search($tcpflag, $setflags) !== false) - $tcpflags1 .= "checked=\"checked\""; - $tcpflags1 .= " /></td>\n"; - $tcpflags2 .= "<td width='40' class='nowrap'> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' "; - if (array_search($tcpflag, $outofflags) !== false) - $tcpflags2 .= "checked=\"checked\""; - $tcpflags2 .= " /></td>\n"; - } - echo "<tr id='tcpheader'>{$header}</tr>\n"; - echo "<tr id='tcpflags1'>{$tcpflags1}</tr>\n"; - echo "<tr id='tcpflags2'>{$tcpflags2}</tr>\n"; - ?> - </table> - </div> - <br /><center> - <input onclick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Any flags.");?></strong><br /></center> - <br /> - <span class="vexpl"><?=gettext("Use this to choose TCP flags that must ". - "be set or cleared for this rule to match.");?></span> - </div> + <div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] || $pconfig['tcpflags1'] || $pconfig['tcpflags2']) echo "style='display:none'"; ?>> + <input type="button" onclick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> + </div> + <div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>> + <div id="tcpheader" align="center"> + <table border="0" cellspacing="0" cellpadding="0"> + <?php + $setflags = explode(",", $pconfig['tcpflags1']); + $outofflags = explode(",", $pconfig['tcpflags2']); + $header = "<td width='40' class='nowrap'></td>"; + $tcpflags1 = "<td width='40' class='nowrap'>set</td>"; + $tcpflags2 = "<td width='40' class='nowrap'>out of</td>"; + foreach ($tcpflags as $tcpflag) { + $header .= "<td width='40' class='nowrap'><strong>" . strtoupper($tcpflag) . "</strong></td>\n"; + $tcpflags1 .= "<td width='40' class='nowrap'> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' "; + if (array_search($tcpflag, $setflags) !== false) { + $tcpflags1 .= "checked=\"checked\""; + } + $tcpflags1 .= " /></td>\n"; + $tcpflags2 .= "<td width='40' class='nowrap'> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' "; + if (array_search($tcpflag, $outofflags) !== false) { + $tcpflags2 .= "checked=\"checked\""; + } + $tcpflags2 .= " /></td>\n"; + } + echo "<tr id='tcpheader'>{$header}</tr>\n"; + echo "<tr id='tcpflags1'>{$tcpflags1}</tr>\n"; + echo "<tr id='tcpflags2'>{$tcpflags2}</tr>\n"; + ?> + </table> + </div> + <br /><center> + <input onclick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Any flags.");?></strong><br /></center> + <br /> + <span class="vexpl"><?=gettext("Use this to choose TCP flags that must ". + "be set or cleared for this rule to match.");?></span> + </div> </td> </tr> <tr> @@ -1403,10 +1548,10 @@ $i--): ?> <?=gettext("Hint: This prevents states created by this rule to be sync'ed over pfsync.");?><br /> </span><br /> <select name="statetype"> - <option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected=\"selected\""; ?>><?=gettext("keep state");?></option> - <option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected=\"selected\""; ?>><?=gettext("sloppy state");?></option> - <option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected=\"selected\""; ?>><?=gettext("synproxy state");?></option> - <option value="none"<?php if($pconfig['statetype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none");?></option> + <option value="keep state" <?php if (!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected=\"selected\""; ?>><?=gettext("keep state");?></option> + <option value="sloppy state" <?php if ($pconfig['statetype'] == "sloppy state") echo "selected=\"selected\""; ?>><?=gettext("sloppy state");?></option> + <option value="synproxy state"<?php if ($pconfig['statetype'] == "synproxy state") echo "selected=\"selected\""; ?>><?=gettext("synproxy state");?></option> + <option value="none"<?php if ($pconfig['statetype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none");?></option> </select><br /> <span class="vexpl"> <?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?> @@ -1427,7 +1572,7 @@ $i--): ?> <input type="button" onclick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> </div> <div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>> - <input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> + <input type="checkbox" name="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br /> <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?> </div> </td> @@ -1442,27 +1587,31 @@ $i--): ?> <?php $vlanprio = array("none", "be", "bk", "ee", "ca", "vi", "vo", "ic", "nc"); ?> <?php $opts = ""; - foreach($vlanprio as $vprio) { - if ($vprio == $pconfig['vlanprio']) + foreach ($vlanprio as $vprio) { + if ($vprio == $pconfig['vlanprio']) { $selected = " selected=\"selected\""; - else + } else { $selected = ""; - if ($vprio == "none") + } + if ($vprio == "none") { $opts .= "<option value=\"\">{$vprio}</option>\n"; - else + } else { $opts .= "<option value=\"{$vprio}\" {$selected}>" . strtoupper($vprio) . "</option>\n"; + } } $optsset = ""; - foreach($vlanprio as $vprioset) { - if ($vprioset == $pconfig['vlanprioset']) + foreach ($vlanprio as $vprioset) { + if ($vprioset == $pconfig['vlanprioset']) { $selected = " selected=\"selected\""; - else + } else { $selected = ""; - if ($vprioset == "none") + } + if ($vprioset == "none") { $optsset .= "<option value=\"\">{$vprioset}</option>\n"; - else + } else { $optsset .= "<option value=\"{$vprioset}\" {$selected}>" . strtoupper($vprioset) . "</option>\n"; + } } ?> <select name='vlanprio'> @@ -1480,10 +1629,11 @@ $i--): ?> //build list of schedules $schedules = array(); $schedules[] = "none";//leave none to leave rule enabled all the time - if(is_array($config['schedules']['schedule'])) { + if (is_array($config['schedules']['schedule'])) { foreach ($config['schedules']['schedule'] as $schedule) { - if ($schedule['name'] <> "") + if ($schedule['name'] <> "") { $schedules[] = $schedule['name']; + } } } ?> @@ -1496,8 +1646,8 @@ $i--): ?> <div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>> <select name='sched'> <?php - foreach($schedules as $schedule) { - if($schedule == $pconfig['sched']) { + foreach ($schedules as $schedule) { + if ($schedule == $pconfig['sched']) { $selected = " selected=\"selected\""; } else { $selected = ""; @@ -1527,16 +1677,20 @@ $i--): ?> /* build a list of gateways */ $gateways = return_gateways_array(); // add statically configured gateways to list - foreach($gateways as $gwname => $gw) { - if(($pconfig['ipprotocol'] == "inet46")) + foreach ($gateways as $gwname => $gw) { + if (($pconfig['ipprotocol'] == "inet46")) { continue; - if(($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") || (is_ipaddrv6($gw['gateway'])))) + } + if (($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") || (is_ipaddrv6($gw['gateway'])))) { continue; - if(($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway'])))) + } + if (($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway'])))) { continue; - if($gw == "") + } + if ($gw == "") { continue; - if($gwname == $pconfig['gateway']) { + } + if ($gwname == $pconfig['gateway']) { $selected = " selected=\"selected\""; } else { $selected = ""; @@ -1546,9 +1700,9 @@ $i--): ?> } /* add gateway groups to the list */ if (is_array($a_gatewaygroups)) { - foreach($a_gatewaygroups as $gwg_name => $gwg_data) { - if((empty($pconfig['ipprotocol'])) || ($pconfig['ipprotocol'] == $gwg_data['ipprotocol'])) { - if($pconfig['gateway'] == $gwg_name) { + foreach ($a_gatewaygroups as $gwg_name => $gwg_data) { + if ((empty($pconfig['ipprotocol'])) || ($pconfig['ipprotocol'] == $gwg_data['ipprotocol'])) { + if ($pconfig['gateway'] == $gwg_name) { $selected = " selected=\"selected\""; } else { $selected = ""; @@ -1572,14 +1726,18 @@ $i--): ?> <div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>> <select name="dnpipe"> <?php - if (!is_array($dnqlist)) + if (!is_array($dnqlist)) { $dnqlist = array(); + } echo "<option value=\"\""; - if (!$dnqselected) echo " selected=\"selected\""; + if (!$dnqselected) { + echo " selected=\"selected\""; + } echo " >none</option>"; foreach ($dnqlist as $dnq => $dnqkey) { - if($dnq == "") + if ($dnq == "") { continue; + } echo "<option value=\"$dnq\""; if ($dnq == $pconfig['dnpipe']) { $dnqselected = 1; @@ -1588,16 +1746,19 @@ $i--): ?> echo ">{$dnq}</option>"; } ?> - </select> / - <select name="pdnpipe"> + </select> / + <select name="pdnpipe"> <?php $dnqselected = 0; echo "<option value=\"\""; - if (!$dnqselected) echo " selected=\"selected\""; + if (!$dnqselected) { + echo " selected=\"selected\""; + } echo " >none</option>"; foreach ($dnqlist as $dnq => $dnqkey) { - if($dnq == "") + if ($dnq == "") { continue; + } echo "<option value=\"$dnq\""; if ($dnq == $pconfig['pdnpipe']) { $dnqselected = 1; @@ -1606,9 +1767,9 @@ $i--): ?> echo ">{$dnq}</option>"; } ?> - </select> - <br /> - <span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br />".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br />".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span> + </select> + <br /> + <span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br />".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br />".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span> </div> </td> </tr> @@ -1616,69 +1777,79 @@ $i--): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td> <td width="78%" class="vtable"> - <div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>> - <input type="button" onclick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> - </div> - <div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>> - <select name="ackqueue"> + <div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>> + <input type="button" onclick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> + </div> + <div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>> + <select name="ackqueue"> <?php - if (!is_array($qlist)) + if (!is_array($qlist)) { $qlist = array(); + } echo "<option value=\"\""; - if (!$qselected) echo " selected=\"selected\""; + if (!$qselected) { + echo " selected=\"selected\""; + } echo " >none</option>"; foreach ($qlist as $q => $qkey) { - if($q == "") + if ($q == "") { continue; + } echo "<option value=\"$q\""; if ($q == $pconfig['ackqueue']) { $qselected = 1; echo " selected=\"selected\""; } - if (isset($ifdisp[$q])) + if (isset($ifdisp[$q])) { echo ">{$ifdisp[$q]}</option>"; - else + } else { echo ">{$q}</option>"; + } } ?> - </select> / - <select name="defaultqueue"> + </select> / + <select name="defaultqueue"> <?php $qselected = 0; echo "<option value=\"\""; - if (!$qselected) echo " selected=\"selected\""; + if (!$qselected) { + echo " selected=\"selected\""; + } echo " >none</option>"; foreach ($qlist as $q => $qkey) { - if($q == "") + if ($q == "") { continue; + } echo "<option value=\"$q\""; if ($q == $pconfig['defaultqueue']) { $qselected = 1; echo " selected=\"selected\""; } - if (isset($ifdisp[$q])) + if (isset($ifdisp[$q])) { echo ">{$ifdisp[$q]}</option>"; - else + } else { echo ">{$q}</option>"; + } } ?> - </select> + </select> <br /> <span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span> - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td> - <td width="78%" class="vtable"> - <div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>> - <input type="button" onclick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> - </div> - <div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>> - <select name="l7container"> + </div> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td> + <td width="78%" class="vtable"> + <div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>> + <input type="button" onclick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> + </div> + <div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>> + <select name="l7container"> <?php - if (!is_array($l7clist)) + if (!is_array($l7clist)) { $l7clist = array(); + } echo "<option value=\"\""; echo " >none</option>"; foreach ($l7clist as $l7ckey) { @@ -1689,15 +1860,15 @@ $i--): ?> echo ">{$l7ckey}</option>"; } ?> - </select> - <br /> - <span class="vexpl"> - <?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " . - "These are valid for TCP and UDP protocols only.");?> - </span> - </div> - </td> - </tr> + </select> + <br /> + <span class="vexpl"> + <?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " . + "These are valid for TCP and UDP protocols only.");?> + </span> + </div> + </td> + </tr> <?php // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate"); @@ -1750,7 +1921,7 @@ $has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id] ext_change(); typesel_change(); proto_change(); - <?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") || (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?> + <?php if ((!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") || (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any")): ?> show_source_port_range(); <?php endif; ?> |