summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local/www')
-rw-r--r--usr/local/www/firewall_nat.php394
-rw-r--r--usr/local/www/firewall_nat_1to1.php49
-rw-r--r--usr/local/www/firewall_nat_1to1_edit.php119
-rw-r--r--usr/local/www/firewall_nat_edit.php609
-rw-r--r--usr/local/www/firewall_nat_npt.php175
-rw-r--r--usr/local/www/firewall_nat_npt_edit.php285
-rw-r--r--usr/local/www/firewall_nat_out.php153
-rw-r--r--usr/local/www/firewall_nat_out_edit.php170
8 files changed, 1095 insertions, 859 deletions
diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php
index adbb948..2fba0b7 100644
--- a/usr/local/www/firewall_nat.php
+++ b/usr/local/www/firewall_nat.php
@@ -48,14 +48,16 @@ require_once("filter.inc");
require_once("shaper.inc");
require_once("itemid.inc");
-if (!is_array($config['nat']['rule']))
+if (!is_array($config['nat']['rule'])) {
$config['nat']['rule'] = array();
+}
$a_nat = &$config['nat']['rule'];
/* if a custom message has been passed along, lets process it */
-if ($_GET['savemsg'])
+if ($_GET['savemsg']) {
$savemsg = $_GET['savemsg'];
+}
if ($_POST) {
@@ -89,8 +91,9 @@ if ($_GET['act'] == "del") {
if (write_config()) {
mark_subsystem_dirty('natconf');
- if ($want_dirty_filter)
+ if ($want_dirty_filter) {
mark_subsystem_dirty('filter');
+ }
}
header("Location: firewall_nat.php");
exit;
@@ -98,66 +101,73 @@ if ($_GET['act'] == "del") {
}
if (isset($_POST['del_x'])) {
- /* delete selected rules */
- if (is_array($_POST['rule']) && count($_POST['rule'])) {
- foreach ($_POST['rule'] as $rulei) {
+ /* delete selected rules */
+ if (is_array($_POST['rule']) && count($_POST['rule'])) {
+ foreach ($_POST['rule'] as $rulei) {
$target = $rule['target'];
// Check for filter rule associations
if (isset($a_nat[$rulei]['associated-rule-id'])){
delete_id($a_nat[$rulei]['associated-rule-id'], $config['filter']['rule']);
-
+
mark_subsystem_dirty('filter');
}
- unset($a_nat[$rulei]);
- }
- if (write_config())
+ unset($a_nat[$rulei]);
+ }
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat.php");
exit;
}
} else {
- /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
- unset($movebtn);
- foreach ($_POST as $pn => $pd) {
- if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
- $movebtn = $matches[1];
- break;
- }
- }
- /* move selected rules before this rule */
- if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
- $a_nat_new = array();
-
- /* copy all rules < $movebtn and not selected */
- for ($i = 0; $i < $movebtn; $i++) {
- if (!in_array($i, $_POST['rule']))
- $a_nat_new[] = $a_nat[$i];
- }
-
- /* copy all selected rules */
- for ($i = 0; $i < count($a_nat); $i++) {
- if ($i == $movebtn)
- continue;
- if (in_array($i, $_POST['rule']))
- $a_nat_new[] = $a_nat[$i];
- }
-
- /* copy $movebtn rule */
- if ($movebtn < count($a_nat))
- $a_nat_new[] = $a_nat[$movebtn];
-
- /* copy all rules > $movebtn and not selected */
- for ($i = $movebtn+1; $i < count($a_nat); $i++) {
- if (!in_array($i, $_POST['rule']))
- $a_nat_new[] = $a_nat[$i];
- }
- $a_nat = $a_nat_new;
- if (write_config())
- mark_subsystem_dirty('natconf');
- header("Location: firewall_nat.php");
- exit;
- }
+ /* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
+ unset($movebtn);
+ foreach ($_POST as $pn => $pd) {
+ if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
+ $movebtn = $matches[1];
+ break;
+ }
+ }
+ /* move selected rules before this rule */
+ if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
+ $a_nat_new = array();
+
+ /* copy all rules < $movebtn and not selected */
+ for ($i = 0; $i < $movebtn; $i++) {
+ if (!in_array($i, $_POST['rule'])) {
+ $a_nat_new[] = $a_nat[$i];
+ }
+ }
+
+ /* copy all selected rules */
+ for ($i = 0; $i < count($a_nat); $i++) {
+ if ($i == $movebtn) {
+ continue;
+ }
+ if (in_array($i, $_POST['rule'])) {
+ $a_nat_new[] = $a_nat[$i];
+ }
+ }
+
+ /* copy $movebtn rule */
+ if ($movebtn < count($a_nat)) {
+ $a_nat_new[] = $a_nat[$movebtn];
+ }
+
+ /* copy all rules > $movebtn and not selected */
+ for ($i = $movebtn+1; $i < count($a_nat); $i++) {
+ if (!in_array($i, $_POST['rule'])) {
+ $a_nat_new[] = $a_nat[$i];
+ }
+ }
+ $a_nat = $a_nat_new;
+ if (write_config()) {
+ mark_subsystem_dirty('natconf');
+ }
+ header("Location: firewall_nat.php");
+ exit;
+ }
}
$closehead = false;
@@ -181,7 +191,7 @@ echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></
<?php print_info_box_np(gettext("The NAT configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br />
<?php endif; ?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat">
- <tr><td>
+ <tr><td>
<?php
$tab_array = array();
$tab_array[] = array(gettext("Port Forward"), true, "firewall_nat.php");
@@ -190,41 +200,42 @@ echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></
$tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php");
display_top_tabs($tab_array);
?>
- </td></tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
- <tr id="frheader">
- <td width="3%" class="list">&nbsp;</td>
- <td width="3%" class="list">&nbsp;</td>
- <td width="5%" class="listhdrr"><?=gettext("If");?></td>
- <td width="5%" class="listhdrr"><?=gettext("Proto");?></td>
- <td width="11%" class="listhdrr nowrap"><?=gettext("Src. addr");?></td>
- <td width="11%" class="listhdrr nowrap"><?=gettext("Src. ports");?></td>
- <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. addr");?></td>
- <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. ports");?></td>
- <td width="11%" class="listhdrr nowrap"><?=gettext("NAT IP");?></td>
- <td width="11%" class="listhdrr nowrap"><?=gettext("NAT Ports");?></td>
- <td width="11%" class="listhdr"><?=gettext("Description");?></td>
- <td width="5%" class="list">
- <table border="0" cellspacing="0" cellpadding="1" summary="list">
- <tr>
- <td width="17">
- <?php if (count($a_nat) == 0): ?>
- <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
- <?php else: ?>
- <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" />
- <?php endif; ?>
- </td>
- <td><a href="firewall_nat_edit.php?after=-1"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $nnats = $i = 0; foreach ($a_nat as $natent): ?>
- <?php
-
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
+ <tr id="frheader">
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="3%" class="list">&nbsp;</td>
+ <td width="5%" class="listhdrr"><?=gettext("If");?></td>
+ <td width="5%" class="listhdrr"><?=gettext("Proto");?></td>
+ <td width="11%" class="listhdrr nowrap"><?=gettext("Src. addr");?></td>
+ <td width="11%" class="listhdrr nowrap"><?=gettext("Src. ports");?></td>
+ <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. addr");?></td>
+ <td width="11%" class="listhdrr nowrap"><?=gettext("Dest. ports");?></td>
+ <td width="11%" class="listhdrr nowrap"><?=gettext("NAT IP");?></td>
+ <td width="11%" class="listhdrr nowrap"><?=gettext("NAT Ports");?></td>
+ <td width="11%" class="listhdr"><?=gettext("Description");?></td>
+ <td width="5%" class="list">
+ <table border="0" cellspacing="0" cellpadding="1" summary="list">
+ <tr>
+ <td width="17">
+ <?php if (count($a_nat) == 0): ?>
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
+ <?php else: ?>
+ <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" />
+ <?php endif; ?>
+ </td>
+ <td><a href="firewall_nat_edit.php?after=-1"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php
+ $nnats = $i = 0;
+ foreach ($a_nat as $natent):
+
//build Alias popup box
$span_end = "</U></span>";
@@ -248,59 +259,62 @@ echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></
$alias_target_span_end = $alias_popup["dst_end"];
$alias_local_port_span_end = $alias_popup["dstport_end"];
- if (isset($natent['disabled']))
+ if (isset($natent['disabled'])) {
$textss = "<span class=\"gray\">";
- else
+ } else {
$textss = "<span>";
+ }
$textse = "</span>";
-
+
/* if user does not have access to edit an interface skip on to the next record */
- if(!have_natpfruleint_access($natent['interface']))
+ if (!have_natpfruleint_access($natent['interface'])) {
continue;
+ }
?>
- <tr valign="top" id="fr<?=$nnats;?>">
- <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td>
- <td class="listt" align="center">
- <?php if($natent['associated-rule-id'] == "pass"): ?>
- <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="<?=gettext("All traffic matching this NAT entry is passed"); ?>" border="0" alt="pass" />
+ <tr valign="top" id="fr<?=$nnats;?>">
+ <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td>
+ <td class="listt" align="center">
+ <?php if ($natent['associated-rule-id'] == "pass"): ?>
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="<?=gettext("All traffic matching this NAT entry is passed"); ?>" border="0" alt="pass" />
<?php elseif (!empty($natent['associated-rule-id'])): ?>
- <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="<?=gettext("Firewall rule ID"); ?> <?=htmlspecialchars($nnatid); ?> <?=gettext("is managed with this rule"); ?>" border="0" alt="change" />
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="<?=gettext("Firewall rule ID"); ?> <?=htmlspecialchars($nnatid); ?> <?=gettext("is managed with this rule"); ?>" border="0" alt="change" />
<?php endif; ?>
- </td>
- <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
- <?=$textss;?>
- <?php
- if (!$natent['interface'])
- echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
- else
- echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
- ?>
- <?=$textse;?>
- </td>
-
- <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
- <?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?>
- </td>
-
- <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
- <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?>
- </td>
- <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
- <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?>
- </td>
-
- <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
- <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?>
- </td>
- <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
- <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?>
- </td>
-
- <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
- <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?>
- </td>
- <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ </td>
+ <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ <?=$textss;?>
+ <?php
+ if (!$natent['interface']) {
+ echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
+ } else {
+ echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
+ }
+ ?>
+ <?=$textse;?>
+ </td>
+
+ <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ <?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?>
+ </td>
+
+ <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?>
+ </td>
+ <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?>
+ </td>
+
+ <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?>
+ </td>
+ <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?>
+ </td>
+
+ <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?>
+ </td>
+ <td class="listr" onclick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
<?php
$localport = $natent['local-port'];
@@ -311,67 +325,71 @@ echo "<script type=\"text/javascript\" src=\"/javascript/domTT/fadomatic.js\"></
$localport .= '-' . $localendport;
}
?>
- <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?>
- </td>
-
- <td class="listbg" onclick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
- <?=$textss;?><?=htmlspecialchars($natent['descr']);?>&nbsp;<?=$textse;?>
- </td>
- <td valign="middle" class="list nowrap">
- <table border="0" cellspacing="0" cellpadding="1" summary="move">
- <tr>
- <td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected rules before this rule");?>" height="17" type="image" width="17" border="0" /></td>
- <td><a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>"></a></td>
- </tr>
- <tr>
- <td align="center" valign="middle"><a href="firewall_nat.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule");?>" alt="delete" /></a></td>
- <td><a href="firewall_nat_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new NAT based on this one");?>" width="17" height="17" border="0" alt="add" /></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; $nnats++; endforeach; ?>
- <tr>
- <td class="list" colspan="8"></td>
- <td>&nbsp;</td>
- <td>&nbsp;</td>
- <td>&nbsp;</td>
- <td class="list nowrap" valign="middle">
- <table border="0" cellspacing="0" cellpadding="1" summary="move">
- <tr>
- <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17;border:0" title="<?=gettext("move selected rules to end");?>" /><?php endif; ?></td>
- </tr>
- <tr>
- <td width="17">
- <?php if (count($a_nat) == 0): ?>
- <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
- <?php else: ?>
- <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" />
- <?php endif; ?>
- </td>
- <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <tr><td>&nbsp;</td></tr>
- <tr>
- <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" alt="pass" /></td>
- <td colspan="3"><?=gettext("pass"); ?></td>
- </tr>
- <tr>
- <td width="14"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="11" height="11" alt="chain" /></td>
- <td colspan="3"><?=gettext("linked rule");?></td>
- </tr>
- </table>
- </div>
- </td>
- </tr>
+ <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?>
+ </td>
+
+ <td class="listbg" onclick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';">
+ <?=$textss;?><?=htmlspecialchars($natent['descr']);?>&nbsp;<?=$textse;?>
+ </td>
+ <td valign="middle" class="list nowrap">
+ <table border="0" cellspacing="0" cellpadding="1" summary="move">
+ <tr>
+ <td><input onmouseover="fr_insline(<?=$nnats;?>, true)" onmouseout="fr_insline(<?=$nnats;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected rules before this rule");?>" height="17" type="image" width="17" border="0" /></td>
+ <td><a href="firewall_nat_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>"></a></td>
+ </tr>
+ <tr>
+ <td align="center" valign="middle"><a href="firewall_nat.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule");?>" alt="delete" /></a></td>
+ <td><a href="firewall_nat_edit.php?dup=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new NAT based on this one");?>" width="17" height="17" border="0" alt="add" /></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php
+ $i++;
+ $nnats++;
+ endforeach;
+ ?>
+ <tr>
+ <td class="list" colspan="8"></td>
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+ <td class="list nowrap" valign="middle">
+ <table border="0" cellspacing="0" cellpadding="1" summary="move">
+ <tr>
+ <td><?php if ($nnats == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" style="width:17;height:17;border:0" title="<?=gettext("move selected rules to end");?>" /><?php endif; ?></td>
+ </tr>
+ <tr>
+ <td width="17">
+ <?php if (count($a_nat) == 0): ?>
+ <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0" alt="delete" />
+ <?php else: ?>
+ <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules"); ?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected rules?");?>')" />
+ <?php endif; ?>
+ </td>
+ <td><a href="firewall_nat_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr><td>&nbsp;</td></tr>
+ <tr>
+ <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11" alt="pass" /></td>
+ <td colspan="3"><?=gettext("pass"); ?></td>
+ </tr>
+ <tr>
+ <td width="14"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="11" height="11" alt="chain" /></td>
+ <td colspan="3"><?=gettext("linked rule");?></td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
</table>
<?php
if ($pkg['tabs'] <> "") {
- echo "</td></tr></table>";
+ echo "</td></tr></table>";
}
?>
diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php
index 56adc69..fea2dd4 100644
--- a/usr/local/www/firewall_nat_1to1.php
+++ b/usr/local/www/firewall_nat_1to1.php
@@ -46,8 +46,9 @@ require_once("functions.inc");
require_once("filter.inc");
require_once("shaper.inc");
-if (!is_array($config['nat']['onetoone']))
+if (!is_array($config['nat']['onetoone'])) {
$config['nat']['onetoone'] = array();
+}
$a_1to1 = &$config['nat']['onetoone'];
@@ -69,8 +70,9 @@ if ($_POST) {
if ($_GET['act'] == "del") {
if ($a_1to1[$_GET['id']]) {
unset($a_1to1[$_GET['id']]);
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_1to1.php");
exit;
}
@@ -82,20 +84,23 @@ if (isset($_POST['del_x'])) {
foreach ($_POST['rule'] as $rulei) {
unset($a_1to1[$rulei]);
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_1to1.php");
exit;
}
} else if ($_GET['act'] == "toggle") {
if ($a_1to1[$_GET['id']]) {
- if(isset($a_1to1[$_GET['id']]['disabled']))
+ if (isset($a_1to1[$_GET['id']]['disabled'])) {
unset($a_1to1[$_GET['id']]['disabled']);
- else
+ } else {
$a_1to1[$_GET['id']]['disabled'] = true;
- if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule"))
+ }
+ if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule")) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_1to1.php");
exit;
}
@@ -114,32 +119,39 @@ if (isset($_POST['del_x'])) {
/* copy all rules < $movebtn and not selected */
for ($i = 0; $i < $movebtn; $i++) {
- if (!in_array($i, $_POST['rule']))
+ if (!in_array($i, $_POST['rule'])) {
$a_1to1_new[] = $a_1to1[$i];
+ }
}
/* copy all selected rules */
for ($i = 0; $i < count($a_1to1); $i++) {
- if ($i == $movebtn)
+ if ($i == $movebtn) {
continue;
- if (in_array($i, $_POST['rule']))
+ }
+ if (in_array($i, $_POST['rule'])) {
$a_1to1_new[] = $a_1to1[$i];
+ }
}
/* copy $movebtn rule */
- if ($movebtn < count($a_1to1))
+ if ($movebtn < count($a_1to1)) {
$a_1to1_new[] = $a_1to1[$movebtn];
+ }
/* copy all rules > $movebtn and not selected */
for ($i = $movebtn+1; $i < count($a_1to1); $i++) {
- if (!in_array($i, $_POST['rule']))
+ if (!in_array($i, $_POST['rule'])) {
$a_1to1_new[] = $a_1to1[$i];
+ }
}
- if (count($a_1to1_new) > 0)
+ if (count($a_1to1_new) > 0) {
$a_1to1 = $a_1to1_new;
+ }
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_1to1.php");
exit;
}
@@ -154,12 +166,14 @@ include("head.inc");
<form action="firewall_nat_1to1.php" method="post">
<script type="text/javascript" src="/javascript/row_toggle.js"></script>
<?php
-if ($savemsg)
+if ($savemsg) {
print_info_box($savemsg);
-if (is_subsystem_dirty('natconf'))
+}
+if (is_subsystem_dirty('natconf')) {
print_info_box_np(gettext("The NAT configuration has been changed.") .
"<br />" .
gettext("You must apply the changes in order for them to take effect."));
+}
?>
<br />
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat 1to1">
@@ -222,10 +236,11 @@ if (is_subsystem_dirty('natconf'))
<td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_1to1_edit.php?id=<?=$i;?>';">
<?php
echo $textss;
- if (!$natent['interface'])
+ if (!$natent['interface']) {
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
- else
+ } else {
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
+ }
echo $textse;
?>
</td>
diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php
index 783e4bf..5964c5d 100644
--- a/usr/local/www/firewall_nat_1to1_edit.php
+++ b/usr/local/www/firewall_nat_1to1_edit.php
@@ -55,21 +55,25 @@ foreach ($ifdisp as $kif => $kdescr) {
$specialsrcdst[] = "{$kif}ip";
}
-if (!is_array($config['nat']['onetoone']))
+if (!is_array($config['nat']['onetoone'])) {
$config['nat']['onetoone'] = array();
+}
$a_1to1 = &$config['nat']['onetoone'];
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
$after = $_GET['after'];
-if (isset($_POST['after']))
+if (isset($_POST['after'])) {
$after = $_POST['after'];
+}
-if (isset($_GET['dup'])) {
+if (isset($_GET['dup'])) {
$id = $_GET['dup'];
$after = $_GET['dup'];
}
@@ -86,30 +90,34 @@ if (isset($id) && $a_1to1[$id]) {
$pconfig['dstbeginport'], $pconfig['dstendport']);
$pconfig['interface'] = $a_1to1[$id]['interface'];
- if (!$pconfig['interface'])
+ if (!$pconfig['interface']) {
$pconfig['interface'] = "wan";
+ }
$pconfig['external'] = $a_1to1[$id]['external'];
$pconfig['descr'] = $a_1to1[$id]['descr'];
$pconfig['natreflection'] = $a_1to1[$id]['natreflection'];
-} else
+} else {
$pconfig['interface'] = "wan";
+}
-if (isset($_GET['dup']))
+if (isset($_GET['dup'])) {
unset($id);
+}
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- /* run through $_POST items encoding HTML entties so that the user
+ /* run through $_POST items encoding HTML entities so that the user
* cannot think he is slick and perform a XSS attack on the unwilling
*/
foreach ($_POST as $key => $value) {
$temp = str_replace(">", "", $value);
$newpost = htmlentities($temp);
- if($newpost <> $temp)
+ if ($newpost <> $temp) {
$input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp);
+ }
}
/* input validation */
@@ -126,12 +134,15 @@ if ($_POST) {
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
- if ($_POST['external'])
+ if ($_POST['external']) {
$_POST['external'] = trim($_POST['external']);
- if ($_POST['src'])
+ }
+ if ($_POST['src']) {
$_POST['src'] = trim($_POST['src']);
- if ($_POST['dst'])
+ }
+ if ($_POST['dst']) {
$_POST['dst'] = trim($_POST['dst']);
+ }
if (is_specialnet($_POST['srctype'])) {
$_POST['src'] = $_POST['srctype'];
@@ -151,12 +162,14 @@ if ($_POST) {
}
/* For external, user can enter only ip's */
- if (($_POST['external'] && !is_ipaddr($_POST['external'])))
+ if (($_POST['external'] && !is_ipaddr($_POST['external']))) {
$input_errors[] = gettext("A valid external subnet must be specified.");
+ }
/* For dst, if user enters an alias and selects "network" then disallow. */
- if ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) )
+ if ($_POST['dsttype'] == "network" && is_alias($_POST['dst'])) {
$input_errors[] = gettext("You must specify single host or alias for alias entries.");
+ }
/* For src, user can enter only ip's or networks */
if (!is_specialnet($_POST['srctype'])) {
@@ -180,8 +193,9 @@ if ($_POST) {
/* check for overlaps with other 1:1 */
foreach ($a_1to1 as $natent) {
- if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent))
+ if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) {
continue;
+ }
if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) {
//$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet.";
@@ -203,22 +217,25 @@ if ($_POST) {
pconfig_to_address($natent['destination'], $_POST['dst'],
$_POST['dstmask'], $_POST['dstnot']);
- if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable")
+ if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") {
$natent['natreflection'] = $_POST['natreflection'];
- else
+ } else {
unset($natent['natreflection']);
+ }
- if (isset($id) && $a_1to1[$id])
+ if (isset($id) && $a_1to1[$id]) {
$a_1to1[$id] = $natent;
- else {
- if (is_numeric($after))
+ } else {
+ if (is_numeric($after)) {
array_splice($a_1to1, $after+1, 0, array($natent));
- else
+ } else {
$a_1to1[] = $natent;
+ }
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_1to1.php");
exit;
}
@@ -275,8 +292,9 @@ function typesel_change() {
<?php
include("fbegin.inc");
-if ($input_errors)
+if ($input_errors) {
print_input_errors($input_errors);
+}
?>
<form action="firewall_nat_1to1_edit.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat 1to1 edit">
@@ -296,29 +314,39 @@ if ($input_errors)
<td width="78%" class="vtable">
<select name="interface" class="formselect">
<?php
- foreach ($ifdisp as $if => $ifdesc)
- if(have_ruleint_access($if))
+ foreach ($ifdisp as $if => $ifdesc) {
+ if (have_ruleint_access($if)) {
$interfaces[$if] = $ifdesc;
+ }
+ }
- if ($config['l2tp']['mode'] == "server")
- if(have_ruleint_access("l2tp"))
+ if ($config['l2tp']['mode'] == "server") {
+ if (have_ruleint_access("l2tp")) {
$interfaces['l2tp'] = "L2TP VPN";
+ }
+ }
- if ($config['pptpd']['mode'] == "server")
- if(have_ruleint_access("pptp"))
+ if ($config['pptpd']['mode'] == "server") {
+ if (have_ruleint_access("pptp")) {
$interfaces['pptp'] = "PPTP VPN";
+ }
+ }
- if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
+ if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
$interfaces['pppoe'] = "PPPoE Server";
+ }
/* add ipsec interfaces */
- if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
- if(have_ruleint_access("enc0"))
+ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) {
+ if (have_ruleint_access("enc0")) {
$interfaces["enc0"] = "IPsec";
+ }
+ }
/* add openvpn/tun interfaces */
- if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
+ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
$interfaces["openvpn"] = "OpenVPN";
+ }
foreach ($interfaces as $iface => $ifacename):
?>
@@ -329,8 +357,9 @@ if ($input_errors)
endforeach;
?>
</select><br />
- <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br />
- <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td>
+ <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br />
+ <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span>
+ </td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("External subnet IP"); ?></td>
@@ -367,23 +396,23 @@ if ($input_errors)
</option>
<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
<?php
- if(have_ruleint_access("pptp")):
+ if (have_ruleint_access("pptp")):
?>
<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
<?php
endif;
- if(have_ruleint_access("pppoe")):
+ if (have_ruleint_access("pppoe")):
?>
<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
<?php
endif;
- if(have_ruleint_access("l2tp")):
+ if (have_ruleint_access("l2tp")):
?>
<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
<?php
endif;
foreach ($ifdisp as $ifent => $ifdesc):
- if(have_ruleint_access($ifent)):
+ if (have_ruleint_access($ifent)):
?>
<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>>
<?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?>
@@ -406,7 +435,7 @@ if ($input_errors)
<?php
for ($i = 31; $i > 0; $i--):
?>
- <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
<?php
endfor;
?>
@@ -442,21 +471,21 @@ if ($input_errors)
<?=gettext("Network"); ?>
</option>
<?php
- if(have_ruleint_access("pptp")):
+ if (have_ruleint_access("pptp")):
?>
<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>>
<?=gettext("PPTP clients"); ?>
</option>
<?php
endif;
- if(have_ruleint_access("pppoe")):
+ if (have_ruleint_access("pppoe")):
?>
<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>>
<?=gettext("PPPoE clients"); ?>
</option>
<?php
endif;
- if(have_ruleint_access("l2tp")):
+ if (have_ruleint_access("l2tp")):
?>
<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>>
<?=gettext("L2TP clients"); ?>
@@ -465,7 +494,7 @@ if ($input_errors)
endif;
foreach ($ifdisp as $if => $ifdesc):
- if(have_ruleint_access($if)):
+ if (have_ruleint_access($if)):
?>
<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?>
<?=gettext("net"); ?>
diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php
index d8f04d2..4488e2f 100644
--- a/usr/local/www/firewall_nat_edit.php
+++ b/usr/local/www/firewall_nat_edit.php
@@ -60,27 +60,33 @@ if (!is_array($config['nat']['rule'])) {
}
$a_nat = &$config['nat']['rule'];
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
-if (is_numericint($_GET['after']) || $_GET['after'] == "-1")
+if (is_numericint($_GET['after']) || $_GET['after'] == "-1") {
$after = $_GET['after'];
-if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1"))
+}
+if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) {
$after = $_POST['after'];
+}
if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_nat[$id]) {
- if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) )
+ if (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])) {
$pconfig['created'] = $a_nat[$id]['created'];
+ }
- if ( isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']) )
+ if (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])) {
$pconfig['updated'] = $a_nat[$id]['updated'];
+ }
$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
@@ -101,8 +107,9 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
- if (!$pconfig['interface'])
+ if (!$pconfig['interface']) {
$pconfig['interface'] = "wan";
+ }
} else {
$pconfig['interface'] = "wan";
$pconfig['src'] = "any";
@@ -110,61 +117,74 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['srcendport'] = "any";
}
-if (isset($_GET['dup']) && is_numericint($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
unset($id);
+}
-/* run through $_POST items encoding HTML entties so that the user
+/* run through $_POST items encoding HTML entities so that the user
* cannot think he is slick and perform a XSS attack on the unwilling
*/
unset($input_errors);
foreach ($_POST as $key => $value) {
$temp = $value;
$newpost = htmlentities($temp);
- if($newpost <> $temp)
+ if ($newpost <> $temp) {
$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
+ }
}
if ($_POST) {
- if(strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") {
- if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
+ if (strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") {
+ if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) {
$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
- if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
+ }
+ if ($_POST['srcendport_cust'] && !$_POST['srcendport']) {
$_POST['srcendport'] = trim($_POST['srcendport_cust']);
+ }
if ($_POST['srcbeginport'] == "any") {
$_POST['srcbeginport'] = 0;
$_POST['srcendport'] = 0;
} else {
- if (!$_POST['srcendport'])
+ if (!$_POST['srcendport']) {
$_POST['srcendport'] = $_POST['srcbeginport'];
+ }
}
- if ($_POST['srcendport'] == "any")
+ if ($_POST['srcendport'] == "any") {
$_POST['srcendport'] = $_POST['srcbeginport'];
+ }
- if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
+ if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) {
$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
- if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
+ }
+ if ($_POST['dstendport_cust'] && !$_POST['dstendport']) {
$_POST['dstendport'] = trim($_POST['dstendport_cust']);
+ }
if ($_POST['dstbeginport'] == "any") {
$_POST['dstbeginport'] = 0;
$_POST['dstendport'] = 0;
} else {
- if (!$_POST['dstendport'])
+ if (!$_POST['dstendport']) {
$_POST['dstendport'] = $_POST['dstbeginport'];
+ }
}
- if ($_POST['dstendport'] == "any")
+ if ($_POST['dstendport'] == "any") {
$_POST['dstendport'] = $_POST['dstbeginport'];
+ }
- if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
+ if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) {
$_POST['localbeginport'] = trim($_POST['localbeginport_cust']);
+ }
/* Make beginning port end port if not defined and endport is */
- if (!$_POST['srcbeginport'] && $_POST['srcendport'])
+ if (!$_POST['srcbeginport'] && $_POST['srcendport']) {
$_POST['srcbeginport'] = $_POST['srcendport'];
- if (!$_POST['dstbeginport'] && $_POST['dstendport'])
+ }
+ if (!$_POST['dstbeginport'] && $_POST['dstendport']) {
$_POST['dstbeginport'] = $_POST['dstendport'];
+ }
} else {
$_POST['srcbeginport'] = 0;
$_POST['srcendport'] = 0;
@@ -192,7 +212,7 @@ if ($_POST) {
$pconfig = $_POST;
/* input validation */
- if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
+ if (strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
$reqdfields = explode(" ", "interface proto dstbeginport dstendport");
$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));
} else {
@@ -224,33 +244,40 @@ if ($_POST) {
$_POST['dstendport'] = 0;
}
- if ($_POST['src'])
+ if ($_POST['src']) {
$_POST['src'] = trim($_POST['src']);
- if ($_POST['dst'])
+ }
+ if ($_POST['dst']) {
$_POST['dst'] = trim($_POST['dst']);
- if ($_POST['localip'])
+ }
+ if ($_POST['localip']) {
$_POST['localip'] = trim($_POST['localip']);
+ }
if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);
}
- if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
+ if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) {
$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
- if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
+ }
+ if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) {
$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
- if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
+ }
+ if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) {
$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
- if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
+ }
+ if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) {
$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
+ }
if ((strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) {
$input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
}
/* if user enters an alias and selects "network" then disallow. */
- if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) )
- || ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) {
+ if (($_POST['srctype'] == "network" && is_alias($_POST['src']) ) ||
+ ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) )) {
$input_errors[] = gettext("You must specify single host or alias for alias entries.");
}
@@ -285,34 +312,39 @@ if ($_POST) {
}
if (!$input_errors) {
- if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
+ if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) {
$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
+ }
}
/* check for overlaps */
foreach ($a_nat as $natent) {
- if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
+ if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) {
continue;
- if ($natent['interface'] != $_POST['interface'])
+ }
+ if ($natent['interface'] != $_POST['interface']) {
continue;
- if ($natent['destination']['address'] != $_POST['dst'])
+ }
+ if ($natent['destination']['address'] != $_POST['dst']) {
continue;
- if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
+ }
+ if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) {
continue;
+ }
list($begp,$endp) = explode("-", $natent['destination']['port']);
- if (!$endp)
+ if (!$endp) {
$endp = $begp;
+ }
- if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
- || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
-
+ if (!((($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) ||
+ (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
break;
}
}
- // Allow extending of the firewall edit page and include custom input validation
+ // Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation");
if (!$input_errors) {
@@ -344,21 +376,24 @@ if ($_POST) {
$natent['descr'] = $_POST['descr'];
$natent['associated-rule-id'] = $_POST['associated-rule-id'];
- if($_POST['filter-rule-association'] == "pass")
+ if ($_POST['filter-rule-association'] == "pass") {
$natent['associated-rule-id'] = "pass";
+ }
- if($_POST['nosync'] == "yes")
+ if ($_POST['nosync'] == "yes") {
$natent['nosync'] = true;
- else
+ } else {
unset($natent['nosync']);
+ }
- if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "purenat" || $_POST['natreflection'] == "disable")
+ if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "purenat" || $_POST['natreflection'] == "disable") {
$natent['natreflection'] = $_POST['natreflection'];
- else
+ } else {
unset($natent['natreflection']);
+ }
// If we used to have an associated filter rule, but no-longer should have one
- if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) {
+ if (!empty($a_nat[$id]) && (empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'])) {
// Delete the previous rule
delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
mark_subsystem_dirty('filter');
@@ -366,19 +401,21 @@ if ($_POST) {
$need_filter_rule = false;
// Updating a rule with a filter rule associated
- if (!empty($natent['associated-rule-id']))
+ if (!empty($natent['associated-rule-id'])) {
$need_filter_rule = true;
+ }
// Create a rule or if we want to create a new one
- if( $natent['associated-rule-id']=='new' ) {
+ if ($natent['associated-rule-id']=='new') {
$need_filter_rule = true;
unset( $natent['associated-rule-id'] );
$_POST['filter-rule-association']='add-associated';
}
// If creating a new rule, where we want to add the filter rule, associated or not
- else if( isset($_POST['filter-rule-association']) &&
- ($_POST['filter-rule-association']=='add-associated' ||
- $_POST['filter-rule-association']=='add-unassociated') )
+ else if (isset($_POST['filter-rule-association']) &&
+ ($_POST['filter-rule-association']=='add-associated' ||
+ $_POST['filter-rule-association']=='add-unassociated')) {
$need_filter_rule = true;
+ }
if ($need_filter_rule == true) {
@@ -388,10 +425,11 @@ if ($_POST) {
// If a rule already exists, load it
if (!empty($natent['associated-rule-id'])) {
$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
- if ($filterentid === false)
+ if ($filterentid === false) {
$filterent['associated-rule-id'] = $natent['associated-rule-id'];
- else
+ } else {
$filterent =& $config['filter']['rule'][$filterentid];
+ }
}
pconfig_to_address($filterent['source'], $_POST['src'],
$_POST['srcmask'], $_POST['srcnot'],
@@ -405,10 +443,11 @@ if ($_POST) {
$dstpfrom = $_POST['localbeginport'];
$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
- if ($dstpfrom == $dstpto)
+ if ($dstpfrom == $dstpto) {
$filterent['destination']['port'] = $dstpfrom;
- else
+ } else {
$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
+ }
/*
* Our firewall filter description may be no longer than
@@ -417,7 +456,7 @@ if ($_POST) {
$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
// If this is a new rule, create an ID and add the rule
- if( $_POST['filter-rule-association']=='add-associated' ) {
+ if ($_POST['filter-rule-association']=='add-associated') {
$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
$filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward"));
$config['filter']['rule'][] = $filterent;
@@ -426,27 +465,30 @@ if ($_POST) {
mark_subsystem_dirty('filter');
}
- if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) )
+ if (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])) {
$natent['created'] = $a_nat[$id]['created'];
+ }
$natent['updated'] = make_config_revision_entry();
- // Allow extending of the firewall edit page and include custom input validation
+ // Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config");
// Update the NAT entry now
- if (isset($id) && $a_nat[$id])
+ if (isset($id) && $a_nat[$id]) {
$a_nat[$id] = $natent;
- else {
+ } else {
$natent['created'] = make_config_revision_entry();
- if (is_numeric($after))
+ if (is_numeric($after)) {
array_splice($a_nat, $after+1, 0, array($natent));
- else
+ } else {
$a_nat[] = $natent;
+ }
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat.php");
exit;
@@ -466,13 +508,13 @@ include("head.inc");
<?php
include("fbegin.inc"); ?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
- <form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
- <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit">
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
- </tr>
+<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
+ </tr>
<?php
- // Allow extending of the firewall edit page and include custom input validation
+ // Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly");
?>
<tr>
@@ -483,67 +525,82 @@ include("fbegin.inc"); ?>
<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
</td>
</tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
- <td width="78%" class="vtable">
- <input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if($pconfig['nordr']) echo "checked=\"checked\""; ?> />
- <span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
- <br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
- </td>
- </tr>
<tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
- <td width="78%" class="vtable">
- <select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
- <?php
-
- $iflist = get_configured_interface_with_descr(false, true);
- // Allow extending of the firewall edit interfaces
- pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
- foreach ($iflist as $if => $ifdesc)
- if(have_ruleint_access($if))
- $interfaces[$if] = $ifdesc;
-
- if ($config['l2tp']['mode'] == "server")
- if(have_ruleint_access("l2tp"))
- $interfaces['l2tp'] = "L2TP VPN";
-
- if ($config['pptpd']['mode'] == "server")
- if(have_ruleint_access("pptp"))
- $interfaces['pptp'] = "PPTP VPN";
-
- if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
- $interfaces['pppoe'] = "PPPoE Server";
-
- /* add ipsec interfaces */
- if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
- if(have_ruleint_access("enc0"))
- $interfaces["enc0"] = "IPsec";
-
- /* add openvpn/tun interfaces */
- if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
- $interfaces["openvpn"] = "OpenVPN";
-
- foreach ($interfaces as $iface => $ifacename): ?>
+ <td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
+ <td width="78%" class="vtable">
+ <input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if ($pconfig['nordr']) echo "checked=\"checked\""; ?> />
+ <span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
+ <br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
+ <?php
+ $iflist = get_configured_interface_with_descr(false, true);
+ // Allow extending of the firewall edit interfaces
+ pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
+ foreach ($iflist as $if => $ifdesc) {
+ if (have_ruleint_access($if)) {
+ $interfaces[$if] = $ifdesc;
+ }
+ }
+
+ if ($config['l2tp']['mode'] == "server") {
+ if (have_ruleint_access("l2tp")) {
+ $interfaces['l2tp'] = "L2TP VPN";
+ }
+ }
+
+ if ($config['pptpd']['mode'] == "server") {
+ if (have_ruleint_access("pptp")) {
+ $interfaces['pptp'] = "PPTP VPN";
+ }
+ }
+
+ if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
+ $interfaces['pppoe'] = "PPPoE Server";
+ }
+
+ /* add ipsec interfaces */
+ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) {
+ if (have_ruleint_access("enc0")) {
+ $interfaces["enc0"] = "IPsec";
+ }
+ }
+
+ /* add openvpn/tun interfaces */
+ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
+ $interfaces["openvpn"] = "OpenVPN";
+ }
+
+ foreach ($interfaces as $iface => $ifacename): ?>
<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
- <?=htmlspecialchars($ifacename);?>
+ <?=htmlspecialchars($ifacename);?>
</option>
- <?php endforeach; ?>
- </select><br />
- <span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br />
- <?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
- <td width="78%" class="vtable">
- <select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();">
- <?php $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF"); foreach ($protocols as $proto): ?>
- <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option>
- <?php endforeach; ?>
- </select> <br /> <span class="vexpl"><?=gettext("Choose which IP protocol " .
- "this rule should match."); ?><br />
- <?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em> &nbsp;<?=gettext("here."); ?></span></td>
- </tr>
+ <?php endforeach; ?>
+ </select><br />
+ <span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br />
+ <?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();">
+ <?php
+ $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF");
+ foreach ($protocols as $proto): ?>
+ <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option>
+ <?php endforeach; ?>
+ </select>
+ <br />
+ <span class="vexpl"><?=gettext("Choose which IP protocol this rule should match."); ?><br />
+ <?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em> &nbsp;<?=gettext("here."); ?>
+ </span>
+ </td>
+ </tr>
<tr id="showadvancedboxsrc" name="showadvancedboxsrc">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
<td width="78%" class="vtable">
@@ -569,24 +626,27 @@ include("fbegin.inc"); ?>
<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
- <?php if(have_ruleint_access("pptp")): ?>
+ <?php if (have_ruleint_access("pptp")): ?>
<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
<?php endif; ?>
- <?php if(have_ruleint_access("pppoe")): ?>
+ <?php if (have_ruleint_access("pppoe")): ?>
<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
<?php endif; ?>
- <?php if(have_ruleint_access("l2tp")): ?>
- <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
- <?php endif; ?>
+ <?php if (have_ruleint_access("l2tp")): ?>
+ <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
+ <?php endif; ?>
<?php
- foreach ($ifdisp as $ifent => $ifdesc): ?>
- <?php if(have_ruleint_access($ifent)): ?>
+ foreach ($ifdisp as $ifent => $ifdesc):
+ if (have_ruleint_access($ifent)):
+?>
<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>>
<?=$ifdesc?> <?=gettext("address");?>
</option>
- <?php endif; ?>
-<?php endforeach; ?>
+<?php
+ endif;
+ endforeach;
+?>
</select>
</td>
</tr>
@@ -653,35 +713,38 @@ include("fbegin.inc"); ?>
<td><?=gettext("Type:"); ?>&nbsp;&nbsp;</td>
<td>
<select name="dsttype" class="formselect" onchange="typesel_change()">
-<?php
- $sel = is_specialnet($pconfig['dst']); ?>
+ <?php $sel = is_specialnet($pconfig['dst']); ?>
<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
<option value="(self)" <?PHP if ($pconfig['dst'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option>
- <?php if(have_ruleint_access("pptp")): ?>
+ <?php if (have_ruleint_access("pptp")): ?>
<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
<?php endif; ?>
- <?php if(have_ruleint_access("pppoe")): ?>
+ <?php if (have_ruleint_access("pppoe")): ?>
<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
<?php endif; ?>
- <?php if(have_ruleint_access("l2tp")): ?>
- <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
- <?php endif; ?>
+ <?php if (have_ruleint_access("l2tp")): ?>
+ <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
+ <?php endif; ?>
-<?php foreach ($ifdisp as $if => $ifdesc): ?>
- <?php if(have_ruleint_access($if)): ?>
+<?php foreach ($ifdisp as $if => $ifdesc):
+ if (have_ruleint_access($if)):
+?>
<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>>
<?=$ifdesc;?> <?=gettext("address");?>
</option>
- <?php endif; ?>
-<?php endforeach; ?>
+<?php
+ endif;
+ endforeach;
+?>
<?php if (is_array($config['virtualip']['vip'])):
foreach ($config['virtualip']['vip'] as $sn):
- if (isset($sn['noexpand']))
+ if (isset($sn['noexpand'])) {
continue;
+ }
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
@@ -756,113 +819,125 @@ include("fbegin.inc"); ?>
</span>
</td>
</tr>
- <tr name="localiptable" id="localiptable">
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
- <td width="78%" class="vtable">
- <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" />
- <br /> <span class="vexpl"><?=gettext("Enter the internal IP address of " .
- "the server on which you want to map the ports."); ?><br />
- <?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td>
- </tr>
- <tr name="lprtr" id="lprtr">
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
- <td width="78%" class="vtable">
- <select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();">
- <option value="">(<?=gettext("other"); ?>)</option>
- <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
- <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
+ <tr name="localiptable" id="localiptable">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
+ <td width="78%" class="vtable">
+ <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" />
+ <br />
+ <span class="vexpl"><?=gettext("Enter the internal IP address of the server on which you want to map the ports."); ?>
+ <br />
+ <?=gettext("e.g."); ?>
+ <em>192.168.1.12</em>
+ </span>
+ </td>
+ </tr>
+ <tr name="lprtr" id="lprtr">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();">
+ <option value="">(<?=gettext("other"); ?>)</option>
+ <?php
+ $bfound = 0;
+ foreach ($wkports as $wkport => $wkportdesc):
+ ?>
+ <option value="<?=$wkport;?>"
+ <?php if ($wkport == $pconfig['localbeginport']) {
echo "selected=\"selected\"";
$bfound = 1;
}?>>
- <?=htmlspecialchars($wkportdesc);?>
- </option>
- <?php endforeach; ?>
- </select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" />
- <br />
- <span class="vexpl"><?=gettext("Specify the port on the machine with the " .
- "IP address entered above. In case of a port range, specify " .
- "the beginning port of the range (the end port will be calculated " .
- "automatically)."); ?><br />
- <?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
- <br /> <span class="vexpl"><?=gettext("You may enter a description here " .
- "for your reference (not parsed)."); ?></span></td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
- <td width="78%" class="vtable">
- <input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
- <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
- <td width="78%" class="vtable">
- <select name="natreflection" class="formselect">
- <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option>
- <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option>
- <option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option>
- <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
- </select>
- </td>
- </tr>
- <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?>
- <tr name="assoctable" id="assoctable">
- <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
- <td width="78%" class="vtable">
- <select name="associated-rule-id">
- <option value=""><?=gettext("None"); ?></option>
- <option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option>
- <?php
- $linkedrule = "";
- if (is_array($config['filter']['rule'])) {
- filter_rules_sort();
- foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
- if (isset($filter_rule['associated-rule-id'])) {
- echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
- if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
- echo " selected=\"selected\"";
- $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br />";
- }
- echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
-
+ <?=htmlspecialchars($wkportdesc);?>
+ </option>
+ <?php endforeach; ?>
+ </select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" />
+ <br />
+ <span class="vexpl"><?=gettext("Specify the port on the machine with the " .
+ "IP address entered above. In case of a port range, specify " .
+ "the beginning port of the range (the end port will be calculated " .
+ "automatically)."); ?><br />
+ <?=gettext("Hint: this is usually identical to the 'from' port above"); ?>
+ </span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
+ <br />
+ <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)."); ?></span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
+ <td width="78%" class="vtable">
+ <input type="checkbox" value="yes" name="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
+ <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="natreflection" class="formselect">
+ <option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option>
+ <option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option>
+ <option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option>
+ <option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
+ </select>
+ </td>
+ </tr>
+ <?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?>
+ <tr name="assoctable" id="assoctable">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="associated-rule-id">
+ <option value=""><?=gettext("None"); ?></option>
+ <option value="pass" <?php if ($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option>
+ <?php
+ $linkedrule = "";
+ if (is_array($config['filter']['rule'])) {
+ filter_rules_sort();
+ foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
+ if (isset($filter_rule['associated-rule-id'])) {
+ echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
+ if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
+ echo " selected=\"selected\"";
+ $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br />";
}
- }
+ echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
}
- if (isset($pconfig['associated-rule-id']))
- echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
- echo "</select>\n";
- echo $linkedrule;
- ?>
- </td>
- </tr>
- <?php endif; ?>
- <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?>
- <tr name="assoctable" id="assoctable">
- <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
- <td width="78%" class="vtable">
- <select name="filter-rule-association" id="filter-rule-association">
- <option value=""><?=gettext("None"); ?></option>
- <option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
- <option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
- <option value="pass"><?=gettext("Pass"); ?></option>
- </select>
- <br /><br /><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?>
- </td>
- </tr><?php endif; ?>
+ }
+ }
+ if (isset($pconfig['associated-rule-id'])) {
+ echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
+ }
+ echo "</select>\n";
+ echo $linkedrule;
+ ?>
+ </td>
+ </tr>
+ <?php endif; ?>
+ <?php if ((!(isset($id) && $a_nat[$id])) || (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?>
+ <tr name="assoctable" id="assoctable">
+ <td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="filter-rule-association" id="filter-rule-association">
+ <option value=""><?=gettext("None"); ?></option>
+ <option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
+ <option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
+ <option value="pass"><?=gettext("Pass"); ?></option>
+ </select>
+ <br /><br /><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?>
+ </td>
+ </tr>
+ <?php endif; ?>
<?php
- // Allow extending of the firewall edit page and include custom input validation
- pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate");
+ // Allow extending of the firewall edit page and include custom input validation
+ pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate");
?>
<?php
-$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']));
-$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']));
+ $has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']));
+ $has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']));
?>
- <?php if ($has_created_time || $has_updated_time): ?>
+ <?php if ($has_created_time || $has_updated_time): ?>
<tr>
<td>&nbsp;</td>
</tr>
@@ -885,23 +960,23 @@ $has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['upda
</td>
</tr>
<?php endif; ?>
- <?php endif; ?>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">&nbsp;</td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
- <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
- <?php if (isset($id) && $a_nat[$id]): ?>
- <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
- <?php endif; ?>
- <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" />
- </td>
- </tr>
- </table>
+ <?php endif; ?>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">&nbsp;</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
+ <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
+ <?php if (isset($id) && $a_nat[$id]): ?>
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
+ <?php endif; ?>
+ <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" />
+ </td>
+ </tr>
+ </table>
</form>
<script type="text/javascript">
//<![CDATA[
diff --git a/usr/local/www/firewall_nat_npt.php b/usr/local/www/firewall_nat_npt.php
index 2a9d2fe..3fcfbf4 100644
--- a/usr/local/www/firewall_nat_npt.php
+++ b/usr/local/www/firewall_nat_npt.php
@@ -71,8 +71,9 @@ if ($_POST) {
if ($_GET['act'] == "del") {
if ($a_npt[$_GET['id']]) {
unset($a_npt[$_GET['id']]);
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_npt.php");
exit;
}
@@ -89,7 +90,8 @@ include("head.inc");
<?php if (is_subsystem_dirty('natconf')): ?>
<?php print_info_box_np(gettext("The NAT configuration has been changed") . ".<br />" . gettext("You must apply the changes in order for them to take effect."));?><br />
<?php endif; ?>
-<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat npt"> <tr><td>
+<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat npt">
+ <tr><td>
<?php
$tab_array = array();
$tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php");
@@ -98,87 +100,94 @@ include("head.inc");
$tab_array[] = array(gettext("NPt"), true, "firewall_nat_npt.php");
display_top_tabs($tab_array);
?>
- </td></tr>
- <tr>
- <td>
- <div id="mainarea">
- <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
- <tr>
- <td width="10%" class="listhdrr"><?=gettext("Interface"); ?></td>
- <td width="20%" class="listhdrr"><?=gettext("External Prefix"); ?></td>
- <td width="15%" class="listhdrr"><?=gettext("Internal prefix"); ?></td>
- <td width="30%" class="listhdr"><?=gettext("Description"); ?></td>
- <td width="10%" class="list">
- <table border="0" cellspacing="0" cellpadding="1" summary="add">
- <tr>
- <td width="17"></td>
- <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>" alt="add" /></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php
- $textse = "</span>";
-
- $i = 0; foreach ($a_npt as $natent):
-
- if (isset($natent['disabled']))
- $textss = "<span class=\"gray\">";
- else
- $textss = "<span>"; ?>
- <tr>
- <td class="listlr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';">
- <?php
- echo $textss;
- if (!$natent['interface'])
- echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
- else
- echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
- echo $textse;
- ?>
- </td>
- <?php
- $source_net = pprint_address($natent['source']);
- $source_cidr = strstr($source_net, '/');
- $destination_net = pprint_address($natent['destination']);
- $destination_cidr = strstr($destination_net, '/');
- ?>
- <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';">
- <?php echo $textss . $destination_net . $textse; ?>
- </td>
- <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';">
- <?php echo $textss . $source_net . $textse; ?>
- </td>
- <td class="listbg" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';">
- <?=$textss;?>
- <?=htmlspecialchars($natent['descr']);?>&nbsp;
- <?=$textse;?>
- </td>
- <td class="list nowrap">
- <table border="0" cellspacing="0" cellpadding="1" summary="edit">
- <tr>
- <td valign="middle"><a href="firewall_nat_npt_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>" alt="edit" /></a></td>
- <td valign="middle"><a href="firewall_nat_npt.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>" alt="delete" /></a></td>
- </tr>
- </table>
- </td>
- </tr>
- <?php $i++; endforeach; ?>
- <tr>
- <td class="list" colspan="4"></td>
- <td class="list">
- <table border="0" cellspacing="0" cellpadding="1" summary="add">
- <tr>
- <td width="17"></td>
- <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>" alt="add" /></a></td>
- </tr>
- </table>
- </td>
- </tr>
- </table>
- </div>
- </td>
-</tr>
+ </td></tr>
+ <tr>
+ <td>
+ <div id="mainarea">
+ <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="main area">
+ <tr>
+ <td width="10%" class="listhdrr"><?=gettext("Interface"); ?></td>
+ <td width="20%" class="listhdrr"><?=gettext("External Prefix"); ?></td>
+ <td width="15%" class="listhdrr"><?=gettext("Internal prefix"); ?></td>
+ <td width="30%" class="listhdr"><?=gettext("Description"); ?></td>
+ <td width="10%" class="list">
+ <table border="0" cellspacing="0" cellpadding="1" summary="add">
+ <tr>
+ <td width="17"></td>
+ <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>" alt="add" /></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+<?php
+ $textse = "</span>";
+
+ $i = 0;
+ foreach ($a_npt as $natent):
+
+ if (isset($natent['disabled'])) {
+ $textss = "<span class=\"gray\">";
+ } else {
+ $textss = "<span>";
+ }
+?>
+ <tr>
+ <td class="listlr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';">
+<?php
+ echo $textss;
+ if (!$natent['interface']) {
+ echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
+ } else {
+ echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
+ }
+ echo $textse;
+?>
+ </td>
+<?php
+ $source_net = pprint_address($natent['source']);
+ $source_cidr = strstr($source_net, '/');
+ $destination_net = pprint_address($natent['destination']);
+ $destination_cidr = strstr($destination_net, '/');
+?>
+ <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';">
+ <?php echo $textss . $destination_net . $textse; ?>
+ </td>
+ <td class="listr" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';">
+ <?php echo $textss . $source_net . $textse; ?>
+ </td>
+ <td class="listbg" ondblclick="document.location='firewall_nat_npt_edit.php?id=<?=$i;?>';">
+ <?=$textss;?>
+ <?=htmlspecialchars($natent['descr']);?>&nbsp;
+ <?=$textse;?>
+ </td>
+ <td class="list nowrap">
+ <table border="0" cellspacing="0" cellpadding="1" summary="edit">
+ <tr>
+ <td valign="middle"><a href="firewall_nat_npt_edit.php?id=<?=$i;?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?=gettext("edit rule"); ?>" alt="edit" /></a></td>
+ <td valign="middle"><a href="firewall_nat_npt.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>" alt="delete" /></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+<?php
+ $i++;
+ endforeach;
+?>
+ <tr>
+ <td class="list" colspan="4"></td>
+ <td class="list">
+ <table border="0" cellspacing="0" cellpadding="1" summary="add">
+ <tr>
+ <td width="17"></td>
+ <td valign="middle"><a href="firewall_nat_npt_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" title="<?=gettext("add rule"); ?>" alt="add" /></a></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
</table>
</form>
<?php include("fend.inc"); ?>
diff --git a/usr/local/www/firewall_nat_npt_edit.php b/usr/local/www/firewall_nat_npt_edit.php
index a5685e9..2f2531d 100644
--- a/usr/local/www/firewall_nat_npt_edit.php
+++ b/usr/local/www/firewall_nat_npt_edit.php
@@ -1,23 +1,23 @@
-<?php
+<?php
/* $Id$ */
/*
firewall_nat_npt_edit.php
part of pfSense (https://www.pfsense.org)
-
+
Copyright (C) 2013-2015 Electric Sheep Fencing, LP
Copyright (C) 2011 Seth Mos <seth.mos@dds.nl>.
All rights reserved.
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
-
+
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
-
+
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
@@ -45,13 +45,13 @@ function natnptcmp($a, $b) {
}
function nat_npt_rules_sort() {
- global $g, $config;
-
- if (!is_array($config['nat']['npt']))
- return;
+ global $g, $config;
+ if (!is_array($config['nat']['npt'])) {
+ return;
+ }
- usort($config['nat']['npt'], "natnptcmp");
+ usort($config['nat']['npt'], "natnptcmp");
}
require("guiconfig.inc");
@@ -63,8 +63,8 @@ $referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firew
$ifdisp = get_configured_interface_with_descr();
foreach ($ifdisp as $kif => $kdescr) {
- $specialsrcdst[] = "{$kif}";
- $specialsrcdst[] = "{$kif}ip";
+ $specialsrcdst[] = "{$kif}";
+ $specialsrcdst[] = "{$kif}ip";
}
if (!is_array($config['nat']['npt'])) {
@@ -72,45 +72,49 @@ if (!is_array($config['nat']['npt'])) {
}
$a_npt = &$config['nat']['npt'];
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
if (isset($id) && $a_npt[$id]) {
$pconfig['disabled'] = isset($a_npt[$id]['disabled']);
address_to_pconfig($a_npt[$id]['source'], $pconfig['src'],
- $pconfig['srcmask'], $pconfig['srcnot'],
+ $pconfig['srcmask'], $pconfig['srcnot'],
$pconfig['srcbeginport'], $pconfig['srcendport']);
- address_to_pconfig($a_npt[$id]['destination'], $pconfig['dst'],
- $pconfig['dstmask'], $pconfig['dstnot'],
+ address_to_pconfig($a_npt[$id]['destination'], $pconfig['dst'],
+ $pconfig['dstmask'], $pconfig['dstnot'],
$pconfig['dstbeginport'], $pconfig['dstendport']);
$pconfig['interface'] = $a_npt[$id]['interface'];
- if (!$pconfig['interface'])
+ if (!$pconfig['interface']) {
$pconfig['interface'] = "wan";
+ }
$pconfig['external'] = $a_npt[$id]['external'];
$pconfig['descr'] = $a_npt[$id]['descr'];
-} else
+} else {
$pconfig['interface'] = "wan";
+}
if ($_POST) {
-
+
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "interface");
$reqdfieldsn = array(gettext("Interface"));
- $reqdfields[] = "src";
- $reqdfieldsn[] = gettext("Source prefix");
- $reqdfields[] = "dst";
- $reqdfieldsn[] = gettext("Destination prefix");
-
+ $reqdfields[] = "src";
+ $reqdfieldsn[] = gettext("Source prefix");
+ $reqdfields[] = "dst";
+ $reqdfieldsn[] = gettext("Destination prefix");
+
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
if (!$input_errors) {
@@ -120,25 +124,27 @@ if ($_POST) {
$natent['descr'] = $_POST['descr'];
$natent['interface'] = $_POST['interface'];
- if ($_POST['src'])
- $_POST['src'] = trim($_POST['src']);
- if ($_POST['dst'])
- $_POST['dst'] = trim($_POST['dst']);
+ if ($_POST['src']) {
+ $_POST['src'] = trim($_POST['src']);
+ }
+ if ($_POST['dst']) {
+ $_POST['dst'] = trim($_POST['dst']);
+ }
- pconfig_to_address($natent['source'], $_POST['src'],
- $_POST['srcmask'], $_POST['srcnot']);
+ pconfig_to_address($natent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot']);
- pconfig_to_address($natent['destination'], $_POST['dst'],
- $_POST['dstmask'], $_POST['dstnot']);
+ pconfig_to_address($natent['destination'], $_POST['dst'], $_POST['dstmask'], $_POST['dstnot']);
- if (isset($id) && $a_npt[$id])
+ if (isset($id) && $a_npt[$id]) {
$a_npt[$id] = $natent;
- else
+ } else {
$a_npt[] = $natent;
+ }
nat_npt_rules_sort();
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_npt.php");
exit;
@@ -156,133 +162,144 @@ include("head.inc");
<?php include("fbegin.inc"); ?>
<?php if ($input_errors) print_input_errors($input_errors); ?>
- <form action="firewall_nat_npt_edit.php" method="post" name="iform" id="iform">
- <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat npt edit">
- <tr>
- <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit NAT NPt entry"); ?></td>
- </tr>
+<form action="firewall_nat_npt_edit.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat npt edit">
<tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
- <td width="78%" class="vtable">
- <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
- <strong><?=gettext("Disable this rule"); ?></strong><br />
- <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
- </td>
+ <td colspan="2" valign="top" class="listtopic"><?=gettext("Edit NAT NPt entry"); ?></td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
- <td width="78%" class="vtable">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
+ <strong><?=gettext("Disable this rule"); ?></strong><br />
+ <span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
+ <td width="78%" class="vtable">
<select name="interface" class="formselect">
<?php
- foreach ($ifdisp as $if => $ifdesc)
- if(have_ruleint_access($if))
+ foreach ($ifdisp as $if => $ifdesc) {
+ if (have_ruleint_access($if)) {
$interfaces[$if] = $ifdesc;
+ }
+ }
- if ($config['l2tp']['mode'] == "server")
- if(have_ruleint_access("l2tp"))
+ if ($config['l2tp']['mode'] == "server") {
+ if (have_ruleint_access("l2tp")) {
$interfaces['l2tp'] = "L2TP VPN";
+ }
+ }
- if ($config['pptpd']['mode'] == "server")
- if(have_ruleint_access("pptp"))
+ if ($config['pptpd']['mode'] == "server") {
+ if (have_ruleint_access("pptp")) {
$interfaces['pptp'] = "PPTP VPN";
+ }
+ }
- if ($config['pppoe']['mode'] == "server")
- if(have_ruleint_access("pppoe"))
+ if ($config['pppoe']['mode'] == "server") {
+ if (have_ruleint_access("pppoe")) {
$interfaces['pppoe'] = "PPPoE Server";
+ }
+ }
/* add ipsec interfaces */
- if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable']))
- if(have_ruleint_access("enc0"))
+ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) {
+ if (have_ruleint_access("enc0")) {
$interfaces["enc0"] = "IPsec";
+ }
+ }
/* add openvpn/tun interfaces */
- if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
+ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
$interfaces["openvpn"] = "OpenVPN";
+ }
- foreach ($interfaces as $iface => $ifacename):
+ foreach ($interfaces as $iface => $ifacename):
?>
<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
<?=htmlspecialchars($ifacename);?>
</option>
<?php endforeach; ?>
</select><br />
- <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br />
- <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td>
+ <span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br />
+ <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.
+ </span>
+ </td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Internal IPv6 Prefix"); ?></td>
- <td width="78%" class="vtable">
- <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> />
- <strong><?=gettext("not"); ?></strong>
- <br />
- <?=gettext("Use this option to invert the sense of the match."); ?>
- <br />
- <br />
- <table border="0" cellspacing="0" cellpadding="0" summary="internal">
- <tr>
- <td><?=gettext("Address:"); ?>&nbsp;&nbsp;</td>
- <td>
- <input name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" /> /
- <select name="srcmask" class="formselect" id="srcmask">
-<?php for ($i = 128; $i > 0; $i--): ?>
- <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
-<?php endfor; ?>
- </select>
- </td>
- </tr>
- </table>
- <br />
- <span class="vexpl"><?=gettext("Enter the internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. The prefix size specified for the internal IPv6 prefix will be applied to the
-external prefix.");
-?></span>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Internal IPv6 Prefix"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> />
+ <strong><?=gettext("not"); ?></strong>
+ <br />
+ <?=gettext("Use this option to invert the sense of the match."); ?>
+ <br />
+ <br />
+ <table border="0" cellspacing="0" cellpadding="0" summary="internal">
+ <tr>
+ <td><?=gettext("Address:"); ?>&nbsp;&nbsp;</td>
+ <td>
+ <input name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" /> /
+ <select name="srcmask" class="formselect" id="srcmask">
+<?php for ($i = 128; $i > 0; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
+<?php endfor; ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ <br />
+ <span class="vexpl"><?=gettext("Enter the internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. The prefix size specified for the internal IPv6 prefix will be applied to the external prefix.");?></span>
</td>
- </tr>
+ </tr>
<tr>
- <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination IPv6 Prefix"); ?></td>
- <td width="78%" class="vtable">
- <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> />
- <strong><?=gettext("not"); ?></strong>
- <br />
- <?=gettext("Use this option to invert the sense of the match."); ?>
- <br />
- <br />
- <table border="0" cellspacing="0" cellpadding="0" summary="destination">
- <tr>
- <td><?=gettext("Address:"); ?>&nbsp;&nbsp;</td>
- <td>
- <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" />
- /
- <select name="dstmask" class="formselect" id="dstmask">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Destination IPv6 Prefix"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> />
+ <strong><?=gettext("not"); ?></strong>
+ <br />
+ <?=gettext("Use this option to invert the sense of the match."); ?>
+ <br />
+ <br />
+ <table border="0" cellspacing="0" cellpadding="0" summary="destination">
+ <tr>
+ <td><?=gettext("Address:"); ?>&nbsp;&nbsp;</td>
+ <td>
+ <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" />
+ /
+ <select name="dstmask" class="formselect" id="dstmask">
<?php
- for ($i = 128; $i > 0; $i--): ?>
- <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
-<?php endfor; ?>
- </select>
- </td>
- </tr>
- </table>
- <br />
- <span class="vexpl"><?=gettext("Enter the Global Unicast routable IPv6 prefix here"); ?><br /></span>
- </td>
- </tr>
- <tr>
- <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
- <td width="78%" class="vtable">
- <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
- <br /> <span class="vexpl"><?=gettext("You may enter a description here " .
- "for your reference (not parsed)."); ?></span></td>
- </tr>
- <tr>
- <td width="22%" valign="top">&nbsp;</td>
- <td width="78%">
- <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
- <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
- <?php if (isset($id) && $a_npt[$id]): ?>
- <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
- <?php endif; ?>
- </td>
- </tr>
- </table>
+ for ($i = 128; $i > 0; $i--): ?>
+ <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
+<?php endfor; ?>
+ </select>
+ </td>
+ </tr>
+ </table>
+ <br />
+ <span class="vexpl"><?=gettext("Enter the Global Unicast routable IPv6 prefix here"); ?><br /></span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
+ <br /> <span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)."); ?></span>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
+ <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
+ <?php if (isset($id) && $a_npt[$id]): ?>
+ <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
</form>
<?php include("fend.inc"); ?>
</body>
diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php
index 96d7a7b..1e942d2 100644
--- a/usr/local/www/firewall_nat_out.php
+++ b/usr/local/www/firewall_nat_out.php
@@ -50,16 +50,19 @@ require_once("shaper.inc");
global $FilterIflist;
global $GatewaysList;
-if (!is_array($config['nat']['outbound']))
+if (!is_array($config['nat']['outbound'])) {
$config['nat']['outbound'] = array();
+}
-if (!is_array($config['nat']['outbound']['rule']))
+if (!is_array($config['nat']['outbound']['rule'])) {
$config['nat']['outbound']['rule'] = array();
+}
$a_out = &$config['nat']['outbound']['rule'];
-if (!isset($config['nat']['outbound']['mode']))
+if (!isset($config['nat']['outbound']['mode'])) {
$config['nat']['outbound']['mode'] = "automatic";
+}
$mode = $config['nat']['outbound']['mode'];
@@ -67,10 +70,11 @@ if ($_POST['apply']) {
$retval = 0;
$retval |= filter_configure();
- if(stristr($retval, "error") <> true)
- $savemsg = get_std_save_message($retval);
- else
+ if (stristr($retval, "error") <> true) {
+ $savemsg = get_std_save_message($retval);
+ } else {
$savemsg = $retval;
+ }
if ($retval == 0) {
clear_subsystem_dirty('natconf');
@@ -86,10 +90,12 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
* lets automatically create entries
* for all of the interfaces to make life easier on the pip-o-chap
*/
- if(empty($FilterIflist))
+ if (empty($FilterIflist)) {
filter_generate_optcfg_array();
- if(empty($GatewaysList))
+ }
+ if (empty($GatewaysList)) {
filter_generate_gateways();
+ }
$tonathosts = filter_nat_rules_automatic_tonathosts(true);
$automatic_rules = filter_nat_rules_outbound_automatic("");
@@ -101,7 +107,7 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
convert_real_interface_to_friendly_descr($natent['interface']));
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
- /* Try to detect already auto created rules and avoid duplicate them */
+ /* Try to detect already auto created rules and avoid duplicating them */
$found = false;
foreach ($a_out as $rule) {
if ($rule['interface'] == $natent['interface'] &&
@@ -114,8 +120,9 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
}
}
- if ($found === false)
+ if ($found === false) {
$a_out[] = $natent;
+ }
}
}
$savemsg = gettext("Default rules for each interface have been created.");
@@ -124,8 +131,9 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
$config['nat']['outbound']['mode'] = $_POST['mode'];
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_out.php");
exit;
}
@@ -133,8 +141,9 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
if ($_GET['act'] == "del") {
if ($a_out[$_GET['id']]) {
unset($a_out[$_GET['id']]);
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_out.php");
exit;
}
@@ -146,20 +155,23 @@ if (isset($_POST['del_x'])) {
foreach ($_POST['rule'] as $rulei) {
unset($a_out[$rulei]);
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_out.php");
exit;
}
} else if ($_GET['act'] == "toggle") {
if ($a_out[$_GET['id']]) {
- if(isset($a_out[$_GET['id']]['disabled']))
+ if (isset($a_out[$_GET['id']]['disabled'])) {
unset($a_out[$_GET['id']]['disabled']);
- else
+ } else {
$a_out[$_GET['id']]['disabled'] = true;
- if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule"))
+ }
+ if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule")) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_out.php");
exit;
}
@@ -178,32 +190,39 @@ if (isset($_POST['del_x'])) {
/* copy all rules < $movebtn and not selected */
for ($i = 0; $i < $movebtn; $i++) {
- if (!in_array($i, $_POST['rule']))
+ if (!in_array($i, $_POST['rule'])) {
$a_out_new[] = $a_out[$i];
+ }
}
/* copy all selected rules */
for ($i = 0; $i < count($a_out); $i++) {
- if ($i == $movebtn)
+ if ($i == $movebtn) {
continue;
- if (in_array($i, $_POST['rule']))
+ }
+ if (in_array($i, $_POST['rule'])) {
$a_out_new[] = $a_out[$i];
+ }
}
/* copy $movebtn rule */
- if ($movebtn < count($a_out))
+ if ($movebtn < count($a_out)) {
$a_out_new[] = $a_out[$movebtn];
+ }
/* copy all rules > $movebtn and not selected */
for ($i = $movebtn+1; $i < count($a_out); $i++) {
- if (!in_array($i, $_POST['rule']))
+ if (!in_array($i, $_POST['rule'])) {
$a_out_new[] = $a_out[$i];
+ }
}
- if (count($a_out_new) > 0)
+ if (count($a_out_new) > 0) {
$a_out = $a_out_new;
+ }
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_out.php");
exit;
}
@@ -218,10 +237,12 @@ include("head.inc");
<form action="firewall_nat_out.php" method="post" name="iform">
<script type="text/javascript" src="/javascript/row_toggle.js"></script>
<?php
-if ($savemsg)
+if ($savemsg) {
print_info_box($savemsg);
-if (is_subsystem_dirty('natconf'))
+}
+if (is_subsystem_dirty('natconf')) {
print_info_box_np(gettext("The NAT configuration has been changed.")."<br />".gettext("You must apply the changes in order for them to take effect."));
+}
?>
<br />
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firewall nat outbound">
@@ -369,7 +390,7 @@ if (is_subsystem_dirty('natconf'))
title="<?=gettext("click to toggle enabled/disabled status");?>" alt="icon" />
</a>
<?php
- endif;
+ endif;
?>
</td>
<td class="listlr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
@@ -377,28 +398,30 @@ if (is_subsystem_dirty('natconf'))
&nbsp;
</td>
<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
- <?PHP $natent['source']['network'] = ($natent['source']['network'] == "(self)") ? "This Firewall" : $natent['source']['network']; ?>
+ <?php $natent['source']['network'] = ($natent['source']['network'] == "(self)") ? "This Firewall" : $natent['source']['network']; ?>
<?php echo $textss . $alias_src_span_begin . $natent['source']['network'] . $alias_src_span_end . $textse;?>
</td>
<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
<?php
echo $textss;
echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
- if (!$natent['sourceport'])
+ if (!$natent['sourceport']) {
echo "*";
- else
+ } else {
echo $alias_src_port_span_begin . $natent['sourceport'] . $alias_src_port_span_end;
+ }
echo $textse;
?>
</td>
<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
<?php
echo $textss;
- if (isset($natent['destination']['any']))
+ if (isset($natent['destination']['any'])) {
echo "*";
- else {
- if (isset($natent['destination']['not']))
+ } else {
+ if (isset($natent['destination']['not'])) {
echo "!&nbsp;";
+ }
echo $alias_dst_span_begin . $natent['destination']['address'] . $alias_dst_span_end;
}
echo $textse;
@@ -408,44 +431,48 @@ if (is_subsystem_dirty('natconf'))
<?php
echo $textss;
echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
- if (!$natent['dstport'])
+ if (!$natent['dstport']) {
echo "*";
- else
+ } else {
echo $alias_dst_port_span_begin . $natent['dstport'] . $alias_dst_port_span_end;
+ }
echo $textse;
?>
</td>
<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
<?php
echo $textss;
- if (isset($natent['nonat']))
+ if (isset($natent['nonat'])) {
echo '<I>NO NAT</I>';
- elseif (!$natent['target'])
+ } elseif (!$natent['target']) {
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
- elseif ($natent['target'] == "other-subnet")
+ } elseif ($natent['target'] == "other-subnet") {
echo $natent['targetip'] . '/' . $natent['targetip_subnet'];
- else
+ } else {
echo $natent['target'];
+ }
echo $textse;
?>
</td>
<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
<?php
echo $textss;
- if (!$natent['natport'])
+ if (!$natent['natport']) {
echo "*";
- else
+ } else {
echo $natent['natport'];
+ }
echo $textse;
?>
</td>
<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';" align="center">
<?php
echo $textss;
- if(isset($natent['staticnatport']))
+ if (isset($natent['staticnatport'])) {
echo gettext("YES");
- else
+ } else {
echo gettext("NO");
+ }
echo $textse;
?>
</td>
@@ -525,10 +552,12 @@ if (is_subsystem_dirty('natconf'))
</tr>
<?php
if ($mode == "automatic" || $mode == "hybrid"):
- if(empty($FilterIflist))
+ if (empty($FilterIflist)) {
filter_generate_optcfg_array();
- if(empty($GatewaysList))
+ }
+ if (empty($GatewaysList)) {
filter_generate_gateways();
+ }
$automatic_rules = filter_nat_rules_outbound_automatic(implode(" ", filter_nat_rules_automatic_tonathosts()));
unset($FilterIflist, $GatewaysList);
?>
@@ -566,19 +595,21 @@ if (is_subsystem_dirty('natconf'))
<td class="listr" style="background-color: #E0E0E0">
<?php
echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
- if (!$natent['sourceport'])
+ if (!$natent['sourceport']) {
echo "*";
- else
+ } else {
echo $natent['sourceport'];
+ }
?>
</td>
<td class="listr" style="background-color: #E0E0E0">
<?php
- if (isset($natent['destination']['any']))
+ if (isset($natent['destination']['any'])) {
echo "*";
- else {
- if (isset($natent['destination']['not']))
+ } else {
+ if (isset($natent['destination']['not'])) {
echo "!&nbsp;";
+ }
echo $natent['destination']['address'];
}
?>
@@ -586,38 +617,42 @@ if (is_subsystem_dirty('natconf'))
<td class="listr" style="background-color: #E0E0E0">
<?php
echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
- if (!$natent['dstport'])
+ if (!$natent['dstport']) {
echo "*";
- else
+ } else {
echo $natent['dstport'];
+ }
?>
</td>
<td class="listr" style="background-color: #E0E0E0">
<?php
- if (isset($natent['nonat']))
+ if (isset($natent['nonat'])) {
echo '<I>NO NAT</I>';
- elseif (!$natent['target'])
+ } elseif (!$natent['target']) {
echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
- elseif ($natent['target'] == "other-subnet")
+ } elseif ($natent['target'] == "other-subnet") {
echo $natent['targetip'] . '/' . $natent['targetip_subnet'];
- else
+ } else {
echo $natent['target'];
+ }
?>
</td>
<td class="listr" style="background-color: #E0E0E0">
<?php
- if (!$natent['natport'])
+ if (!$natent['natport']) {
echo "*";
- else
+ } else {
echo $natent['natport'];
+ }
?>
</td>
<td class="listr" style="background-color: #E0E0E0">
<?php
- if(isset($natent['staticnatport']))
+ if (isset($natent['staticnatport'])) {
echo gettext("YES");
- else
+ } else {
echo gettext("NO");
+ }
?>
</td>
<td class="listbg">
diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php
index 2162695..d646e68 100644
--- a/usr/local/www/firewall_nat_out_edit.php
+++ b/usr/local/www/firewall_nat_out_edit.php
@@ -48,8 +48,9 @@ require("shaper.inc");
$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat_out.php');
-if (!is_array($config['nat']['outbound']))
+if (!is_array($config['nat']['outbound'])) {
$config['nat']['outbound'] = array();
+}
if (!is_array($config['nat']['outbound']['rule'])) {
$config['nat']['outbound']['rule'] = array();
@@ -57,36 +58,44 @@ if (!is_array($config['nat']['outbound']['rule'])) {
$a_out = &$config['nat']['outbound']['rule'];
-if (!is_array($config['aliases']['alias']))
+if (!is_array($config['aliases']['alias'])) {
$config['aliases']['alias'] = array();
+}
$a_aliases = &$config['aliases']['alias'];
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
+}
-if (is_numericint($_GET['after']) || $_GET['after'] == "-1")
+if (is_numericint($_GET['after']) || $_GET['after'] == "-1") {
$after = $_GET['after'];
-if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1"))
+}
+if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) {
$after = $_POST['after'];
+}
if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
- $id = $_GET['dup'];
- $after = $_GET['dup'];
+ $id = $_GET['dup'];
+ $after = $_GET['dup'];
}
if (isset($id) && $a_out[$id]) {
- if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) )
+ if (isset($a_out[$id]['created']) && is_array($a_out[$id]['created'])) {
$pconfig['created'] = $a_out[$id]['created'];
+ }
- if ( isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated']) )
+ if (isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated'])) {
$pconfig['updated'] = $a_out[$id]['updated'];
+ }
$pconfig['protocol'] = $a_out[$id]['protocol'];
list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']);
- if (!is_numeric($pconfig['source_subnet']))
+ if (!is_numeric($pconfig['source_subnet'])) {
$pconfig['source_subnet'] = 32;
+ }
$pconfig['sourceport'] = $a_out[$id]['sourceport'];
address_to_pconfig($a_out[$id]['destination'], $pconfig['destination'],
$pconfig['destination_subnet'], $pconfig['destination_not'],
@@ -113,8 +122,9 @@ if (isset($id) && $a_out[$id]) {
$pconfig['interface'] = "wan";
}
-if (isset($_GET['dup']) && is_numericint($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
unset($id);
+}
if ($_POST) {
if ($_POST['destination_type'] == "any") {
@@ -131,14 +141,15 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- /* run through $_POST items encoding HTML entties so that the user
+ /* run through $_POST items encoding HTML entitles so that the user
* cannot think he is slick and perform a XSS attack on the unwilling
*/
foreach ($_POST as $key => $value) {
$temp = str_replace(">", "", $value);
$newpost = htmlentities($temp);
- if($newpost <> $temp)
+ if ($newpost <> $temp) {
$input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp);
+ }
}
/* input validation */
@@ -149,27 +160,36 @@ if ($_POST) {
$protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp"));
- if ($_POST['source'])
+ if ($_POST['source']) {
$_POST['source'] = trim($_POST['source']);
- if ($_POST['destination'])
+ }
+ if ($_POST['destination']) {
$_POST['destination'] = trim($_POST['destination']);
- if ($_POST['targetip'])
+ }
+ if ($_POST['targetip']) {
$_POST['targetip'] = trim($_POST['targetip']);
- if ($_POST['sourceport'])
+ }
+ if ($_POST['sourceport']) {
$_POST['sourceport'] = trim($_POST['sourceport']);
- if ($_POST['dstport'])
+ }
+ if ($_POST['dstport']) {
$_POST['dstport'] = trim($_POST['dstport']);
- if ($_POST['natport'])
+ }
+ if ($_POST['natport']) {
$_POST['natport'] = trim($_POST['natport']);
+ }
- if($protocol_uses_ports && $_POST['sourceport'] <> "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport'])))
+ if ($protocol_uses_ports && $_POST['sourceport'] <> "" && !(is_portoralias($_POST['sourceport']) || is_portrange($_POST['sourceport']))) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry.");
+ }
- if($protocol_uses_ports && $_POST['dstport'] <> "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport'])))
+ if ($protocol_uses_ports && $_POST['dstport'] <> "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry.");
+ }
- if($protocol_uses_ports && $_POST['natport'] <> "" && !is_port($_POST['natport']) && !isset($_POST['nonat']))
+ if ($protocol_uses_ports && $_POST['natport'] <> "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) {
$input_errors[] = gettext("You must supply a valid port for the NAT port entry.");
+ }
if (($_POST['source_type'] != "any") && ($_POST['source_type'] != "(self)")) {
if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] <> "any") {
@@ -209,22 +229,23 @@ if ($_POST) {
/* Verify Pool Options */
$poolopts = "";
if ($_POST['poolopts']) {
- if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet"))
+ if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet")) {
$poolopts = $_POST['poolopts'];
- elseif (is_alias($_POST['target'])) {
- if (substr($_POST['poolopts'], 0, 11) == "round-robin")
+ } elseif (is_alias($_POST['target'])) {
+ if (substr($_POST['poolopts'], 0, 11) == "round-robin") {
$poolopts = $_POST['poolopts'];
- else
+ } else {
$input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias.");
+ }
}
}
/* if user has selected any as source, set it here */
- if($_POST['source_type'] == "any") {
+ if ($_POST['source_type'] == "any") {
$osn = "any";
- } else if($_POST['source_type'] == "(self)") {
+ } else if ($_POST['source_type'] == "(self)") {
$osn = "(self)";
- } else if(is_alias($_POST['source'])) {
+ } else if (is_alias($_POST['source'])) {
$osn = $_POST['source'];
} else {
$osn = gen_subnet($_POST['source'], $_POST['source_subnet']) . "/" . $_POST['source_subnet'];
@@ -233,7 +254,7 @@ if ($_POST) {
/* check for existing entries */
if ($_POST['destination_type'] == "any") {
$ext = "any";
- } else if(is_alias($_POST['destination'])) {
+ } else if (is_alias($_POST['destination'])) {
$ext = $_POST['destination'];
} else {
$ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet'];
@@ -249,11 +270,11 @@ if ($_POST) {
}
}
- // Allow extending of the firewall edit page and include custom input validation
+ // Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/input_validation");
if (!$input_errors) {
- $natent = array();
+ $natent = array();
$natent['source']['network'] = $osn;
$natent['sourceport'] = ($protocol_uses_ports) ? $_POST['sourceport'] : "";
$natent['descr'] = $_POST['descr'];
@@ -264,47 +285,48 @@ if ($_POST) {
$natent['poolopts'] = $poolopts;
/* static-port */
- if(isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) {
+ if (isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) {
$natent['staticnatport'] = true;
} else {
unset($natent['staticnatport']);
}
-
- if(isset($_POST['disabled'])) {
+
+ if (isset($_POST['disabled'])) {
$natent['disabled'] = true;
} else {
unset($natent['disabled']);
}
/* if user has selected not nat, set it here */
- if(isset($_POST['nonat'])) {
+ if (isset($_POST['nonat'])) {
$natent['nonat'] = true;
} else {
unset($natent['nonat']);
}
- if ($_POST['protocol'] && $_POST['protocol'] != "any")
+ if ($_POST['protocol'] && $_POST['protocol'] != "any") {
$natent['protocol'] = $_POST['protocol'];
- else
+ } else {
unset($natent['protocol']);
+ }
- if ($ext == "any") {
+ if ($ext == "any") {
$natent['destination']['any'] = true;
} else {
$natent['destination']['address'] = $ext;
}
- if($_POST['natport'] != "" && $protocol_uses_ports && !isset($_POST['nonat'])) {
- $natent['natport'] = $_POST['natport'];
+ if ($_POST['natport'] != "" && $protocol_uses_ports && !isset($_POST['nonat'])) {
+ $natent['natport'] = $_POST['natport'];
} else {
unset($natent['natport']);
}
- if($_POST['dstport'] != "" && $protocol_uses_ports) {
+ if ($_POST['dstport'] != "" && $protocol_uses_ports) {
$natent['dstport'] = $_POST['dstport'];
} else {
unset($natent['dstport']);
}
- if($_POST['nosync'] == "yes") {
+ if ($_POST['nosync'] == "yes") {
$natent['nosync'] = true;
} else {
unset($natent['nosync']);
@@ -314,12 +336,13 @@ if ($_POST) {
$natent['destination']['not'] = true;
}
- if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) )
+ if (isset($a_out[$id]['created']) && is_array($a_out[$id]['created'])) {
$natent['created'] = $a_out[$id]['created'];
+ }
$natent['updated'] = make_config_revision_entry();
- // Allow extending of the firewall edit page and include custom input validation
+ // Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/pre_write_config");
if (isset($id) && $a_out[$id]) {
@@ -333,8 +356,9 @@ if ($_POST) {
}
}
- if (write_config())
+ if (write_config()) {
mark_subsystem_dirty('natconf');
+ }
header("Location: firewall_nat_out.php");
exit;
}
@@ -352,7 +376,7 @@ include("head.inc");
//<![CDATA[
var portsenabled = 1;
function staticportchange() {
- if(document.iform.staticnatport.checked) {
+ if (document.iform.staticnatport.checked) {
document.iform.natport.value = "";
document.iform.natport.disabled = 1;
} else {
@@ -446,7 +470,7 @@ function poolopts_change() {
<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Advanced Outbound NAT entry");?></td>
</tr>
<?php
- // Allow extending of the firewall edit page and include custom input validation
+ // Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
?>
<tr>
@@ -460,7 +484,7 @@ function poolopts_change() {
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Do not NAT");?></td>
<td width="78%" class="vtable">
- <input type="checkbox" name="nonat" id="nonat" onclick="nonat_change();" <?php if(isset($pconfig['nonat'])) echo " checked=\"checked\""; ?> />
+ <input type="checkbox" name="nonat" id="nonat" onclick="nonat_change();" <?php if (isset($pconfig['nonat'])) echo " checked=\"checked\""; ?> />
<span class="vexpl"><?=gettext("Enabling this option will disable NAT for traffic matching this rule and stop processing Outbound NAT rules.");?>
<br /><?=gettext("Hint: in most cases, you won't use this option.");?></span>
</td>
@@ -471,29 +495,39 @@ function poolopts_change() {
<select name="interface" class="formselect">
<?php
$iflist = get_configured_interface_with_descr(false, true);
- foreach ($iflist as $if => $ifdesc)
- if(have_ruleint_access($if))
+ foreach ($iflist as $if => $ifdesc) {
+ if (have_ruleint_access($if)) {
$interfaces[$if] = $ifdesc;
+ }
+ }
- if ($config['l2tp']['mode'] == "server")
- if(have_ruleint_access("l2tp"))
+ if ($config['l2tp']['mode'] == "server") {
+ if (have_ruleint_access("l2tp")) {
$interfaces['l2tp'] = "L2TP VPN";
+ }
+ }
- if ($config['pptpd']['mode'] == "server")
- if(have_ruleint_access("pptp"))
+ if ($config['pptpd']['mode'] == "server") {
+ if (have_ruleint_access("pptp")) {
$interfaces['pptp'] = "PPTP VPN";
+ }
+ }
- if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
+ if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
$interfaces['pppoe'] = "PPPoE Server";
+ }
/* add ipsec interfaces */
- if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
- if(have_ruleint_access("enc0"))
+ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) {
+ if (have_ruleint_access("enc0")) {
$interfaces["enc0"] = "IPsec";
+ }
+ }
/* add openvpn/tun interfaces */
- if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
+ if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
$interfaces["openvpn"] = "OpenVPN";
+ }
foreach ($interfaces as $iface => $ifacename):
?>
@@ -640,8 +674,9 @@ function poolopts_change() {
<?php
if (is_array($config['virtualip']['vip'])):
foreach ($config['virtualip']['vip'] as $sn):
- if (isset($sn['noexpand']))
+ if (isset($sn['noexpand'])) {
continue;
+ }
if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
@@ -671,8 +706,9 @@ function poolopts_change() {
endforeach;
endif;
foreach ($a_aliases as $alias):
- if ($alias['type'] != "host")
+ if ($alias['type'] != "host") {
continue;
+ }
?>
<option value="<?=$alias['name'];?>" <?php if ($alias['name'] == $pconfig['target']) echo "selected=\"selected\""; ?>>
<?=htmlspecialchars("Host Alias: {$alias['name']} ({$alias['descr']})");?>
@@ -680,7 +716,7 @@ function poolopts_change() {
<?php
endforeach;
?>
- <option value="other-subnet"<?php if($pconfig['target'] == "other-subnet") echo " selected=\"selected\""; ?>>
+ <option value="other-subnet"<?php if ($pconfig['target'] == "other-subnet") echo " selected=\"selected\""; ?>>
<?=gettext("Other Subnet (Enter Below)");?>
</option>
</select>
@@ -765,7 +801,9 @@ function poolopts_change() {
</tr>
<tr name="tportstatic_tr" id="tportstatic_tr">
<td><?=gettext("Static-port:");?>&nbsp;&nbsp;</td>
- <td><input onchange="staticportchange();" name="staticnatport" type="checkbox" class="formfld" id="staticnatport" size="5"<?php if($pconfig['staticnatport']) echo " checked=\"checked\"";?> /></td>
+ <td>
+ <input onchange="staticportchange();" name="staticnatport" type="checkbox" class="formfld" id="staticnatport" size="5"<?php if ($pconfig['staticnatport']) echo " checked=\"checked\"";?> />
+ </td>
</tr>
</table>
</td>
@@ -773,7 +811,7 @@ function poolopts_change() {
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
<td width="78%" class="vtable">
- <input value="yes" name="nosync" type="checkbox" class="formfld" id="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
+ <input value="yes" name="nosync" type="checkbox" class="formfld" id="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
<?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
</td>
</tr>
@@ -819,7 +857,7 @@ function poolopts_change() {
<?php
endif;
endif;
- // Allow extending of the firewall edit page and include custom input validation
+ // Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/htmlphplate");
?>
<tr>
OpenPOWER on IntegriCloud