diff options
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/diag_backup.php | 5 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases.php | 26 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 5 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat.php | 115 | ||||
-rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 571 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 75 | ||||
-rwxr-xr-x | usr/local/www/firewall_virtual_ip.php | 4 | ||||
-rwxr-xr-x | usr/local/www/firewall_virtual_ip_edit.php | 4 | ||||
-rw-r--r-- | usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js | 174 | ||||
-rw-r--r-- | usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js | 49 |
10 files changed, 712 insertions, 316 deletions
diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 64273fc..1ff119e 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -340,8 +340,11 @@ if ($_POST) { update_alias_names_upon_change('filter', 'rule', 'source', 'address', $newname, $origname); update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $newname, $origname); // NAT Rules + update_alias_names_upon_change('nat', 'rule', 'source', 'address', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'source', 'port', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $newname, $origname); update_alias_names_upon_change('nat', 'rule', 'target', '', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'external-port', '', $newname, $origname); update_alias_names_upon_change('nat', 'rule', 'local-port', '', $newname, $origname); // Alias in an alias update_alias_names_upon_change('aliases', 'alias', 'address', '', $newname, $origname); diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index d5a6a5f..bc210a1 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -87,22 +87,22 @@ if ($_GET['act'] == "del") { if($is_alias_referenced == false) { if(is_array($config['filter']['rule'])) { foreach($config['filter']['rule'] as $rule) { - if($rule['source']['address'] == $alias_name) { + if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['destination']['address'] == $alias_name) { + if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['source']['port'] == $alias_name) { + if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['destination']['port'] == $alias_name) { + if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; @@ -113,22 +113,32 @@ if ($_GET['act'] == "del") { if($is_alias_referenced == false) { if(is_array($config['nat']['rule'])) { foreach($config['nat']['rule'] as $rule) { - if($rule['target'] == $alias_name) { + if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['external-address'] == $alias_name) { + if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['external-port'] == $alias_name) { + if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['local-port'] == $alias_name) { + if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } + if($rule['target'] && $rule['target'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } + if($rule['local-port'] && $rule['local-port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 9c8025d..dca3d12 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -295,8 +295,11 @@ if ($_POST) { update_alias_names_upon_change('filter', 'rule', 'source', 'address', $_POST['name'], $origname); update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $_POST['name'], $origname); // NAT Rules + update_alias_names_upon_change('nat', 'rule', 'source', 'address', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'source', 'port', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $_POST['name'], $origname); update_alias_names_upon_change('nat', 'rule', 'target', '', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'external-port', '', $_POST['name'], $origname); update_alias_names_upon_change('nat', 'rule', 'local-port', '' , $_POST['name'], $origname); // Alias in an alias update_alias_names_upon_change('aliases', 'alias', 'address', '' , $_POST['name'], $origname); diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 696248f..0c9229b 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -185,10 +185,13 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td width="3%" class="list"> </td> <td width="5%" class="listhdrr">If</td> <td width="5%" class="listhdrr">Proto</td> - <td width="20%" class="listhdrr">Ext. port range</td> - <td width="20%" class="listhdrr">NAT IP</td> - <td width="20%" class="listhdrr">Int. port range</td> - <td width="20%" class="listhdr">Description</td> + <td width="11%" class="listhdrr">Src. addr</td> + <td width="11%" class="listhdrr">Src. ports</td> + <td width="11%" class="listhdrr">Dest. addr</td> + <td width="11%" class="listhdrr">Dest. ports</td> + <td width="11%" class="listhdrr">NAT IP</td> + <td width="11%" class="listhdrr">NAT Ports</td> + <td width="11%" class="listhdr">Description</td> <td width="5%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> @@ -202,26 +205,26 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <?php //build Alias popup box - $span_begin = ""; - $span_end = ""; - $alias_src_port_span_begin = ""; - $alias_dst_span_begin = ""; - $alias_dst_port_span_begin = ""; - - list($beginport, $endport) = split("-", $natent['external-port']); - - $alias_popup = rule_popup("",$beginport,$natent['target'],$natent['local-port']); $span_end = "</U></span>"; - - + + $alias_popup = rule_popup($natent['source']['address'], pprint_port($natent['source']['port']), $natent['destination']['address'], pprint_port($natent['destination']['port'])); + + $alias_src_span_begin = $alias_popup["src"]; $alias_src_port_span_begin = $alias_popup["srcport"]; - - $alias_dst_span_begin = $alias_popup["dst"]; - + $alias_dst_span_begin = $alias_popup["dst"]; $alias_dst_port_span_begin = $alias_popup["dstport"]; - - + $alias_popup = rule_popup("","",$natent['target'], pprint_port($natent['local-port'])); + + $alias_target_span_begin = $alias_popup["dst"]; + $alias_local_port_span_begin = $alias_popup["dstport"]; + + if (isset($natent['disabled'])) + $textss = "<span class=\"gray\">"; + else + $textss = "<span>"; + + $textse = "</span>"; /* if user does not have access to edit an interface skip on to the next record */ if(!have_natpfruleint_access($natent['interface'])) @@ -230,14 +233,14 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <tr valign="top" id="fr<?=$nnats;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> <td class="listt" align="center"> - <?php if(!empty($natent['associated-rule-id'])): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="Firewall rule ID <?=htmlspecialchars($nnatid); ?> is managed with this rule" border="0"> - <?php endif; ?> <?php if($natent['associated-rule-id'] == "pass"): ?> <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="All traffic matching this NAT entry is passed" border="0"> + <?php elseif (!empty($natent['associated-rule-id'])): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="Firewall rule ID <?=htmlspecialchars($nnatid); ?> is managed with this rule" border="0"> <?php endif; ?> </td> <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?> <?php if (!$natent['interface'] || ($natent['interface'] == "wan")) echo "WAN"; @@ -246,49 +249,46 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript else echo strtoupper($config['interfaces'][$natent['interface']]['descr']); ?> + <?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=strtoupper($natent['protocol']);?> + <?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php - list($beginport, $endport) = split("-", $natent['external-port']); - if ((!$endport) || ($beginport == $endport)) { - echo $alias_src_port_span_begin; - echo $beginport; - if ($wkports[$beginport]) - echo " (" . $wkports[$beginport] . ")"; - else - echo " "; - echo $span_end; - } else - echo $beginport . " - " . $endport; - ?> + <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?> </td> <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php echo $alias_dst_span_begin;?><?=$natent['target'];?><?php echo $span_end;?> - <?php if ($natent['external-address']) - echo "<br>(ext.: " . $natent['external-address'] . ")"; - else - echo "<br>(ext.: " . find_interface_ip(convert_friendly_interface_to_real_interface_name($natent['interface'])) . ")"; - ?> + <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?> </td> + + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php if ((!$endport) || ($beginport == $endport)) { - echo $alias_dst_port_span_begin; - echo $natent['local-port']; - if ($wkports[$natent['local-port']]) - echo " (" . $wkports[$natent['local-port']] . ")"; - else - echo " "; - echo $span_end; - } else - echo $natent['local-port'] . " - " . - ($natent['local-port']+$endport-$beginport); - ?> + <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?php + $localport = $natent['local-port']; + + list($dstbeginport, $dstendport) = split("-", $natent['destination']['port']); + + if ($dstendport) { + $localendport = $natent['local-port'] + $dstendport - $dstbeginport; + $localport .= '-' . $localendport; + } + ?> + <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?> + </td> + <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=htmlspecialchars($natent['descr']);?> + <?=$textss;?><?=htmlspecialchars($natent['descr']);?> <?=$textse;?> </td> <td valign="middle" class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> @@ -304,6 +304,9 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <?php $i++; $nnats++; endforeach; ?> <tr> <td class="list" colspan="8"></td> + <td> </td> + <td> </td> + <td> </td> <td class="list" valign="middle" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 8b36fb8..3466ea4 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -44,6 +44,13 @@ require_once("itemid.inc"); require("filter.inc"); require("shaper.inc"); +$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn"); +$ifdisp = get_configured_interface_with_descr(); +foreach ($ifdisp as $kif => $kdescr) { + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; +} + if (!is_array($config['nat']['rule'])) { $config['nat']['rule'] = array(); } @@ -59,96 +66,200 @@ if (isset($_GET['dup'])) { } if (isset($id) && $a_nat[$id]) { - $pconfig['extaddr'] = $a_nat[$id]['external-address']; + $pconfig['disabled'] = isset($a_nat[$id]['disabled']); + $pconfig['nordr'] = isset($a_nat[$id]['nordr']); + + address_to_pconfig($a_nat[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + $pconfig['proto'] = $a_nat[$id]['protocol']; - list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']); - if(!$pconfig['endport']) - $pconfig['endport'] = $pconfig['beginport']; $pconfig['localip'] = $a_nat[$id]['target']; $pconfig['localbeginport'] = $a_nat[$id]['local-port']; $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id']; $pconfig['nosync'] = isset($a_nat[$id]['nosync']); + if (!$pconfig['interface']) $pconfig['interface'] = "wan"; } else { $pconfig['interface'] = "wan"; + $pconfig['src'] = "any"; + $pconfig['srcbeginport'] = "any"; + $pconfig['srcendport'] = "any"; } if (isset($_GET['dup'])) unset($id); /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling + * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = "Invalid characters detected ($temp). Please remove invalid characters and save again."; + if($newpost <> $temp) + $input_errors[] = "Invalid characters detected ($temp). Please remove invalid characters and save again."; } if ($_POST) { - if ($_POST['beginport_cust'] && !$_POST['beginport']) - $_POST['beginport'] = $_POST['beginport_cust']; - if ($_POST['endport_cust'] && !$_POST['endport']) - $_POST['endport'] = $_POST['endport_cust']; - if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) - $_POST['localbeginport'] = $_POST['localbeginport_cust']; + if(strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") { + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + $_POST['srcbeginport'] = $_POST['srcbeginport_cust']; + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcendport_cust']; + + if ($_POST['srcbeginport'] == "any") { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } else { + if (!$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcbeginport']; + } + if ($_POST['srcendport'] == "any") + $_POST['srcendport'] = $_POST['srcbeginport']; + + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + $_POST['dstbeginport'] = $_POST['dstbeginport_cust']; + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstendport_cust']; + + if ($_POST['dstbeginport'] == "any") { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } else { + if (!$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstbeginport']; + } + if ($_POST['dstendport'] == "any") + $_POST['dstendport'] = $_POST['dstbeginport']; + + if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) + $_POST['localbeginport'] = $_POST['localbeginport_cust']; - if (!$_POST['endport']) - $_POST['endport'] = $_POST['beginport']; - /* Make beginning port end port if not defined and endport is */ - if (!$_POST['beginport'] && $_POST['endport']) - $_POST['beginport'] = $_POST['endport']; + /* Make beginning port end port if not defined and endport is */ + if (!$_POST['srcbeginport'] && $_POST['srcendport']) + $_POST['srcbeginport'] = $_POST['srcendport']; + if (!$_POST['dstbeginport'] && $_POST['dstendport']) + $_POST['dstbeginport'] = $_POST['dstendport']; + } else { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } + + if (is_specialnet($_POST['srctype'])) { + $_POST['src'] = $_POST['srctype']; + $_POST['srcmask'] = 0; + } else if ($_POST['srctype'] == "single") { + $_POST['srcmask'] = 32; + } + if (is_specialnet($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 0; + } else if ($_POST['dsttype'] == "single") { + $_POST['dstmask'] = 32; + } else if (is_ipaddr($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 32; + $_POST['dsttype'] = "single"; + } unset($input_errors); $pconfig = $_POST; /* input validation */ if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { - $reqdfields = explode(" ", "interface proto beginport endport localip localbeginport"); - $reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port"); + $reqdfields = explode(" ", "interface proto dstbeginport dstendport localip"); + $reqdfieldsn = explode(",", "Interface,Protocol,Destination port from,Destination port to,NAT IP"); } else { $reqdfields = explode(" ", "interface proto localip"); $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP"); } + if ($_POST['srctype'] == "single" || $_POST['srctype'] == "network") { + $reqdfields[] = "src"; + $reqdfieldsn[] = "Source address"; + } + if ($_POST['dsttype'] == "single" || $_POST['dsttype'] == "network") { + $reqdfields[] = "dst"; + $reqdfieldsn[] = "Destination address"; + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if (!$_POST['srcbeginport']) { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } + if (!$_POST['dstbeginport']) { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } + if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = "\"{$_POST['localip']}\" is not valid NAT IP address or host alias."; } - /* only validate the ports if the protocol is TCP, UDP or TCP/UDP */ - if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { + if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) + $input_errors[] = "{$_POST['srcbeginport']} is not a valid start source port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) + $input_errors[] = "{$_POST['srcendport']} is not a valid end source port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) + $input_errors[] = "{$_POST['dstbeginport']} is not a valid start destination port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) + $input_errors[] = "{$_POST['dstendport']} is not a valid end destination port. It must be a port alias or integer between 1 and 65535."; + + if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) { + $input_errors[] = "{$_POST['localbeginport']} is not a valid local port. It must be a port alias or integer between 1 and 65535."; + } - if ($_POST['beginport'] && !is_portoralias($_POST['beginport'])) { - $input_errors[] = "The start port must be an integer between 1 and 65535."; - } + /* if user enters an alias and selects "network" then disallow. */ + if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) ) + || ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) { + $input_errors[] = "You must specify single host or alias for alias entries."; + } - if ($_POST['endport'] && !is_portoralias($_POST['endport'])) { - $input_errors[] = "The end port must be an integer between 1 and 65535."; + if (!is_specialnet($_POST['srctype'])) { + if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) { + $input_errors[] = "{$_POST['src']} is not a valid source IP address or alias."; } - - if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) { - $input_errors[] = "The local port must be an integer between 1 and 65535."; + if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { + $input_errors[] = "A valid source bit count must be specified."; } - - if ($_POST['beginport'] > $_POST['endport']) { - /* swap */ - $tmp = $_POST['endport']; - $_POST['endport'] = $_POST['beginport']; - $_POST['beginport'] = $tmp; + } + if (!is_specialnet($_POST['dsttype'])) { + if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) { + $input_errors[] = "{$_POST['dst']} is not a valid destination IP address or alias."; } - - if (!$input_errors) { - if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535) - $input_errors[] = "The target port range must be an integer between 1 and 65535."; + if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { + $input_errors[] = "A valid destination bit count must be specified."; } + } + + if ($_POST['srcbeginport'] > $_POST['srcendport']) { + /* swap */ + $tmp = $_POST['srcendport']; + $_POST['srcendport'] = $_POST['srcbeginport']; + $_POST['srcbeginport'] = $tmp; + } + if ($_POST['dstbeginport'] > $_POST['dstendport']) { + /* swap */ + $tmp = $_POST['dstendport']; + $_POST['dstendport'] = $_POST['dstbeginport']; + $_POST['dstbeginport'] = $tmp; + } + if (!$input_errors) { + if (($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) + $input_errors[] = "The target port range must be an integer between 1 and 65535."; } /* check for overlaps */ @@ -157,40 +268,45 @@ if ($_POST) { continue; if ($natent['interface'] != $_POST['interface']) continue; - if ($natent['external-address'] != $_POST['extaddr']) + if ($natent['destination']['address'] != $_POST['dst']) continue; if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) continue; - list($begp,$endp) = explode("-", $natent['external-port']); + list($begp,$endp) = explode("-", $natent['destination']['port']); if (!$endp) $endp = $begp; if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { - $input_errors[] = "The external port range overlaps with an existing entry."; + $input_errors[] = "The destination port range overlaps with an existing entry."; break; } } if (!$input_errors) { $natent = array(); - if ($_POST['extaddr']) - $natent['external-address'] = $_POST['extaddr']; - $natent['protocol'] = $_POST['proto']; - if ($_POST['beginport'] == $_POST['endport']) - $natent['external-port'] = $_POST['beginport']; - else - $natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport']; + $natent['disabled'] = isset($_POST['disabled']) ? true:false; + $natent['nordr'] = isset($_POST['nordr']) ? true:false; + + pconfig_to_address($natent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); + + pconfig_to_address($natent['destination'], $_POST['dst'], + $_POST['dstmask'], $_POST['dstnot'], + $_POST['dstbeginport'], $_POST['dstendport']); + + $natent['protocol'] = $_POST['proto']; $natent['target'] = $_POST['localip']; $natent['local-port'] = $_POST['localbeginport']; $natent['interface'] = $_POST['interface']; $natent['descr'] = $_POST['descr']; $natent['associated-rule-id'] = $_POST['associated-rule-id']; - + if($_POST['filter-rule-association'] == "pass") $natent['associated-rule-id'] = "pass"; @@ -200,7 +316,7 @@ if ($_POST) { unset($natent['nosync']); // If we used to have an associated filter rule, but no-longer should have one - if ($a_nat[$id]>0 && empty($natent['associated-rule-id'])) { + if ($a_nat[$id]>0 && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { // Delete the previous rule delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']); mark_subsystem_dirty('filter'); @@ -241,13 +357,16 @@ if ($_POST) { if (!empty($natent['associated-rule-id'])) { $filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']); if ($filterentid == false) { - $filterent['source']['any'] = ""; + pconfig_to_address($filterent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); $filterent['associated-rule-id'] = $natent['associated-rule-id']; } else $filterent =& $config['filter']['rule'][$filterentid]; } else - // Create the default source entry for new filter entries - $filterent['source']['any'] = ""; + pconfig_to_address($filterent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); // Update interface, protocol and destination $filterent['interface'] = $_POST['interface']; @@ -255,7 +374,7 @@ if ($_POST) { $filterent['destination']['address'] = $_POST['localip']; $dstpfrom = $_POST['localbeginport']; - $dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport']; + $dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport']; if ($dstpfrom == $dstpto) $filterent['destination']['port'] = $dstpfrom; @@ -308,31 +427,47 @@ include("fbegin.inc"); ?> <form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic">Edit NAT entry</td> - </tr> - <tr> + <td colspan="2" valign="top" class="listtopic">Edit Redirect entry</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Disabled</td> + <td width="78%" class="vtable"> + <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> + <strong>Disable this rule</strong><br /> + <span class="vexpl">Set this option to disable this rule without removing it from the list.</span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">No RDR (NOT)</td> + <td width="78%" class="vtable"> + <input type="checkbox" name="nordr"<?php if($pconfig['nordr']) echo " CHECKED"; ?>> + <span class="vexpl">Enabling this option will disable redirection for this entry. + <br>Hint: this option is rarely needed, don't use this unless you know what you're doing.</span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq">Interface</td> <td width="78%" class="vtable"> - <select name="interface" class="formselect"> + <select name="interface" class="formselect" onChange="dst_change(this.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>');typesel_change();"> <?php - + $iflist = get_configured_interface_with_descr(false, true); - foreach ($iflist as $if => $ifdesc) - if(have_ruleint_access($if)) + foreach ($iflist as $if => $ifdesc) + if(have_ruleint_access($if)) $interfaces[$if] = $ifdesc; - + if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - + if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) + if(have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE VPN"; - + /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) - if(have_ruleint_access("enc0")) - $interfaces["enc0"] = "IPsec"; + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> @@ -343,33 +478,6 @@ include("fbegin.inc"); ?> <span class="vexpl">Choose which interface this rule applies to.<br> Hint: in most cases, you'll want to use WAN here.</span></td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">External address</td> - <td width="78%" class="vtable"> - <select name="extaddr" class="formselect"> - <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option> -<?php if (is_array($config['virtualip']['vip'])): - foreach ($config['virtualip']['vip'] as $sn): - if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): - $baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); - for ($i = $sn['subnet_bits']; $i <= 32; $i++): - $baseip = $baseip + 1; - $snip = long2ip($baseip); - ?> - <option value="<?=$snip;?>" <?php if ($snip == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> - <?php endfor; - else: ?> - <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option> - <?php endif; ?> -<?php endforeach; - endif; ?> - <option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option> - </select> - <br /> - <span class="vexpl"> - If you want this rule to apply to another IP address than the IP address of the interface chosen above, - select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). Also note that if you are trying to redirect connections on the LAN select the "any" option.</span></td> - </tr> <tr> <td width="22%" valign="top" class="vncellreq">Protocol</td> <td width="78%" class="vtable"> @@ -381,55 +489,223 @@ include("fbegin.inc"); ?> this rule should match.<br> Hint: in most cases, you should specify <em>TCP</em> here.</span></td> </tr> + <tr id="showadvancedboxsrc" name="showadvancedboxsrc"> + <td width="22%" valign="top" class="vncellreq">Source</td> + <td width="78%" class="vtable"> + <input type="button" onClick="show_source()" value="Advanced"></input> - Show source address and port range</a> + </td> + </tr> + <tr style="display: none;" id="srctable" name="srctable"> + <td width="22%" valign="top" class="vncellreq">Source</td> + <td width="78%" class="vtable"> + <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <strong>not</strong> + <br /> + Use this option to invert the sense of the match. + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>Type: </td> + <td> + <select name="srctype" class="formselect" onChange="typesel_change()"> +<?php + $sel = is_specialnet($pconfig['src']); ?> + <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option> + <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option> + <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> + <?php if(have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>PPTP clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>>L2TP clients</option> + <?php endif; ?> +<?php + foreach ($ifdisp as $ifent => $ifdesc): ?> + <?php if(have_ruleint_access($ifent)): ?> + <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> subnet</option> + <option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>> + <?=$ifdesc?> address + </option> + <?php endif; ?> +<?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td>Address: </td> + <td> + <input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select name="srcmask" class="formselect" id="srcmask"> +<?php for ($i = 31; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + </td> + </tr> + <tr style="display:none" id="sprtable" name="sprtable"> + <td width="22%" valign="top" class="vncellreq">Source port range</td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>from: </td> + <td> + <select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> + <option value="">(other)</option> + <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> +<?php foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> + </td> + </tr> + <tr> + <td>to:</td> + <td> + <select name="srcendport" class="formselect" onchange="ext_change()"> + <option value="">(other)</option> + <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> +<?php foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> + </td> + </tr> + </table> + <br /> + <span class="vexpl">Specify the source port or port range for this rule. <b>This is almost never equal to the destination port range (and is usually "any")</b>. <br /> Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port</span><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Destination</td> + <td width="78%" class="vtable"> + <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <strong>not</strong> + <br /> + Use this option to invert the sense of the match. + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>Type: </td> + <td> + <select name="dsttype" class="formselect" onChange="typesel_change()"> +<?php + $sel = is_specialnet($pconfig['dst']); ?> + <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option> + <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option> + <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> + <?php if(have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>PPTP clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>>L2TP clients</option> + <?php endif; ?> + +<?php foreach ($ifdisp as $if => $ifdesc): ?> + <?php if(have_ruleint_access($if)): ?> + <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> subnet</option> + <option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>> + <?=$ifdesc;?> address + </option> + <?php endif; ?> +<?php endforeach; ?> + +<?php if (is_array($config['virtualip']['vip'])): + foreach ($config['virtualip']['vip'] as $sn): + if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): + $baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); + + for ($i = $sn['subnet_bits']; $i <= 32; $i++): + $baseip = $baseip + 1; + $snip = long2ip($baseip); +?> + <option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> +<?php endfor; + else: +?> + <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option> +<?php endif; + endforeach; + endif; +?> + </select> + </td> + </tr> + <tr> + <td>Address: </td> + <td> + <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + / + <select name="dstmask" class="formselect" id="dstmask"> +<?php + for ($i = 31; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + </td> + </tr> + <tr id="dprtr" name="dprtr"> + <td width="22%" valign="top" class="vncellreq">Destination port range </td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>from: </td> + <td> + <select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> + <option value="">(other)</option> +<?php foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> + </td> + </tr> + <tr> + <td>to:</td> + <td> + <select name="dstendport" class="formselect" onchange="ext_change()"> + <option value="">(other)</option> +<?php foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> + </td> + </tr> + </table> + <br /> + <span class="vexpl"> + Specify the port or port range for the destination of the packet for this rule. + <br /> + Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port + </span> + </td> + </tr> <tr> - <td width="22%" valign="top" class="vncellreq">External port - range </td> - <td width="78%" class="vtable"> - <table border="0" cellspacing="0" cellpadding="0"> - <tr> - <td>from: </td> - <td><select name="beginport" class="formselect" onChange="ext_rep_change(); ext_change(); check_for_aliases();"> - <option value="">(other)</option> - <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> - <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) { - echo "selected"; - $bfound = 1; - }?>> - <?=htmlspecialchars($wkportdesc);?> - </option> - <?php endforeach; ?> - </select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="beginport_cust" id="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td> - </tr> - <tr> - <td>to:</td> - <td><select name="endport" class="formselect" onChange="ext_change(); check_for_aliases();"> - <option value="">(other)</option> - <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> - <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) { - echo "selected"; - $bfound = 1; - }?>> - <?=htmlspecialchars($wkportdesc);?> - </option> - <?php endforeach; ?> - </select> <input onChange="check_for_aliases();" class="formfldalias" autocomplete='off' name="endport_cust" id="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td> - </tr> - </table> - <br> <span class="vexpl">Specify the port or port range on - the firewall's external address for this mapping.<br> - Hint: you can leave the <em>'to'</em> field empty if you only - want to map a single port</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">NAT IP</td> + <td width="22%" valign="top" class="vncellreq">Redirect target IP</td> <td width="78%" class="vtable"> <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> <br> <span class="vexpl">Enter the internal IP address of the server on which you want to map the ports.<br> e.g. <em>192.168.1.12</em></span></td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Local port</td> + <tr name="lprtr" id="lprtr"> + <td width="22%" valign="top" class="vncellreq">Redirect target port</td> <td width="78%" class="vtable"> <select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();"> <option value="">(other)</option> @@ -470,7 +746,7 @@ include("fbegin.inc"); ?> <select name="associated-rule-id"> <option value="">None</option> <option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " SELECTED"; ?>>Pass</option> - <?php + <?php $linkedrule = ""; if (is_array($config['filter']['rule'])) { $filter_id = 0; @@ -482,7 +758,7 @@ include("fbegin.inc"); ?> $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">View the filter rule</a><br/>"; } echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n"; - + } if ($filter_rule['interface'] == $pconfig['interface']) $filter_id++; @@ -526,6 +802,9 @@ include("fbegin.inc"); ?> <script language="JavaScript"> <!-- ext_change(); + dst_change(document.iform.interface.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>'); + typesel_change(); + proto_change(); //--> </script> <?php @@ -560,9 +839,13 @@ if($config['aliases']['alias'] <> "") var customarray=new Array(<?php echo $portaliases; ?>); var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray)); - var oTextbox2 = new AutoSuggestControl(document.getElementById("beginport_cust"), new StateSuggestions(customarray)); - var oTextbox3 = new AutoSuggestControl(document.getElementById("endport_cust"), new StateSuggestions(customarray)); - var oTextbox4 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray)); + var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray)); + var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray)); + var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray)); + var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray)); //--> </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 236a23a..5bbfadb 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -672,7 +672,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq">Source</td> <td width="78%" class="vtable"> - <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <?php $edit_disabled=false; ?> + <?php if( isset($pconfig['associated-rule-id']) ): ?> + <span class="red"><strong>NOTE: </strong></span> This is associated to a NAT rule.<br /> + You cannot edit the source and destination of associated filter rules.<br /> + <br /> + <?php + $edit_disabled=true; + if (is_array($config['nat']['rule'])) { + foreach( $config['nat']['rule'] as $index => $nat_rule ) { + if( $nat_rule['associated-rule-id']==$pconfig['associated-rule-id']) { + echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a><br>"; + break; + } + } + } + ?> + <br /> + <script type="text/javascript"> + editenabled = 0; + </script> + <?php endif; ?> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> <strong>not</strong> <br /> Use this option to invert the sense of the match. @@ -682,7 +703,7 @@ include("head.inc"); <tr> <td>Type: </td> <td> - <select name="srctype" class="formselect" onChange="typesel_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srctype" class="formselect" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['src']); ?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option> @@ -712,8 +733,8 @@ include("head.inc"); <tr> <td>Address: </td> <td> - <input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / - <select name="srcmask" class="formselect" id="srcmask"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcmask" class="formselect" id="srcmask"> <?php for ($i = 31; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> <?php endfor; ?> @@ -723,7 +744,7 @@ include("head.inc"); </table> <div id="showadvancedboxspr"> <p> - <input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a> </div> </td> </tr> @@ -734,27 +755,27 @@ include("head.inc"); <tr> <td>from: </td> <td> - <select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> </td> </tr> <tr> <td>to:</td> <td> - <select name="srcendport" class="formselect" onchange="ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> </td> </tr> </table> @@ -765,27 +786,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq">Destination</td> <td width="78%" class="vtable"> - <?php $dst_disabled=false; ?> - <?php if( isset($pconfig['associated-rule-id']) ): ?> - <span class="red"><strong>NOTE: </strong></span> This is associated to a NAT rule.<br /> - You cannot edit the destination of associated filter rules.<br /> - <br /> - <?php - if (is_array($config['nat']['rule'])) { - foreach( $config['nat']['rule'] as $index => $nat_rule ) { - if( $nat_rule['assocaited-rule-id']==$pconfig['associated-rule-id']) - echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a>\n"; - break; - } - } - ?> - <br /> - <?php $dst_disabled=true; ?> - <script type="text/javascript"> - dstenabled = 0; - </script> - <?php endif; ?> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> <strong>not</strong> <br /> Use this option to invert the sense of the match. @@ -795,7 +796,7 @@ include("head.inc"); <tr> <td>Type: </td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dsttype" class="formselect" onChange="typesel_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dsttype" class="formselect" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['dst']); ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option> @@ -825,9 +826,9 @@ include("head.inc"); <tr> <td>Address: </td> <td> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstmask" class="formselect" id="dstmask"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstmask" class="formselect" id="dstmask"> <?php for ($i = 31; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> @@ -845,27 +846,27 @@ include("head.inc"); <tr> <td>from: </td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> </td> </tr> <tr> <td>to:</td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstendport" class="formselect" onchange="ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> </td> </tr> </table> diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 2a01c91..873f422 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -94,8 +94,8 @@ if ($_GET['act'] == "del") { /* make sure no inbound NAT mappings reference this entry */ if (is_array($config['nat']['rule'])) { foreach ($config['nat']['rule'] as $rule) { - if($rule['external-address'] <> "") { - if ($rule['external-address'] == $a_vip[$_GET['id']]['subnet']) { + if($rule['destination']['address'] <> "") { + if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) { $input_errors[] = "This entry cannot be deleted because it is still referenced by at least one NAT mapping."; break; } diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 3fbe754..415ced4 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -206,8 +206,8 @@ if ($_POST) { interface_vip_bring_down($a_vip[$id]); /* modify all virtual IP rules with this address */ for ($i = 0; isset($config['nat']['rule'][$i]); $i++) { - if ($config['nat']['rule'][$i]['external-address'] == $a_vip[$id]['subnet']) - $config['nat']['rule'][$i]['external-address'] = $vipent['subnet']; + if ($config['nat']['rule'][$i]['destination']['address'] == $a_vip[$id]['subnet']) + $config['nat']['rule'][$i]['destination']['address'] = $vipent['subnet']; } $a_vip[$id] = $vipent; } else diff --git a/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js b/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js index a2dff4c..9f21c2b 100644 --- a/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js +++ b/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js @@ -1,28 +1,65 @@ <!-- +var portsenabled = 1; +var dstenabled = 1; +var showsource = 0; + function ext_change() { - if (document.iform.beginport.selectedIndex == 0) { - document.iform.beginport_cust.disabled = 0; + if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) { + document.iform.srcbeginport_cust.disabled = 0; + } else { + document.iform.srcbeginport_cust.value = ""; + document.iform.srcbeginport_cust.disabled = 1; + } + if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) { + document.iform.srcendport_cust.disabled = 0; + } else { + document.iform.srcendport_cust.value = ""; + document.iform.srcendport_cust.disabled = 1; + } + if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && dstenabled) { + document.iform.dstbeginport_cust.disabled = 0; } else { - document.iform.beginport_cust.value = ""; - document.iform.beginport_cust.disabled = 1; + document.iform.dstbeginport_cust.value = ""; + document.iform.dstbeginport_cust.disabled = 1; } - if (document.iform.endport.selectedIndex == 0) { - document.iform.endport_cust.disabled = 0; + if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && dstenabled) { + document.iform.dstendport_cust.disabled = 0; } else { - document.iform.endport_cust.value = ""; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.value = ""; + document.iform.dstendport_cust.disabled = 1; } - if (document.iform.localbeginport.selectedIndex == 0) { + + if ((document.iform.localbeginport.selectedIndex == 0) && portsenabled) { document.iform.localbeginport_cust.disabled = 0; } else { document.iform.localbeginport_cust.value = ""; document.iform.localbeginport_cust.disabled = 1; } + + if (!portsenabled) { + document.iform.srcbeginport.disabled = 1; + document.iform.srcendport.disabled = 1; + document.iform.dstbeginport.disabled = 1; + document.iform.dstendport.disabled = 1; + document.iform.localbeginport_cust.disabled = 1; + } else { + document.iform.srcbeginport.disabled = 0; + document.iform.srcendport.disabled = 0; + document.iform.localbeginport_cust.disabled = 0; + if( dstenabled ) { + document.iform.dstbeginport.disabled = 0; + document.iform.dstendport.disabled = 0; + } + } } -function ext_rep_change() { - document.iform.endport.selectedIndex = document.iform.beginport.selectedIndex; - document.iform.localbeginport.selectedIndex = document.iform.beginport.selectedIndex; +function show_source() { + if(portsenabled) + document.getElementById("sprtable").style.display = ''; + + document.getElementById("srctable").style.display = ''; + document.getElementById("showadvancedboxsrc").style.display = 'none'; + showsource = 1; } function check_for_aliases() { @@ -30,64 +67,119 @@ function check_for_aliases() { * entry of Local port */ for(i=0; i<customarray.length; i++) { - if(document.iform.beginport_cust.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstbeginport_cust.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.beginport.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstbeginport.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.endport_cust.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstendport_cust.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.endport.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstendport.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } + } } function proto_change() { - if(document.iform.proto.selectedIndex > 2) { - document.iform.beginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 1; - document.iform.beginport.disabled = 1; - document.iform.endport.disabled = 1; - document.iform.localbeginport_cust.disabled = 1; - document.iform.localbeginport.disabled = 1; + if (document.iform.proto.selectedIndex < 3) { + portsenabled = 1; } else { - document.iform.beginport_cust.disabled = 0; - document.iform.endport_cust.disabled = 0; - document.iform.beginport.disabled = 0; - document.iform.endport.disabled = 0; - document.iform.localbeginport_cust.disabled = 0; - document.iform.localbeginport.disabled = 0; + portsenabled = 0; + } + + if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { + document.getElementById("sprtable").style.display = showsource == 1 ? '':'none'; + document.getElementById("dprtr").style.display = ''; + document.getElementById("lprtr").style.display = ''; + } else { + document.getElementById("sprtable").style.display = 'none'; + document.getElementById("dprtr").style.display = 'none'; + document.getElementById("lprtr").style.display = 'none'; + } +} + +function typesel_change() { + switch (document.iform.srctype.selectedIndex) { + case 1: /* single */ + document.iform.src.disabled = 0; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + case 2: /* network */ + document.iform.src.disabled = 0; + document.iform.srcmask.disabled = 0; + break; + default: + document.iform.src.value = ""; + document.iform.src.disabled = 1; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + } + if( dstenabled ) + { + switch (document.iform.dsttype.selectedIndex) { + case 1: /* single */ + document.iform.dst.disabled = 0; + document.iform.dstmask.value = ""; + document.iform.dstmask.disabled = 1; + break; + case 2: /* network */ + document.iform.dst.disabled = 0; + document.iform.dstmask.disabled = 0; + break; + default: + document.iform.dst.value = ""; + document.iform.dst.disabled = 1; + document.iform.dstmask.value = ""; + document.iform.dstmask.disabled = 1; + break; + } + } +} + +function src_rep_change() { + document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex; +} + +function dst_rep_change() { + document.iform.dstendport.selectedIndex = document.iform.dstbeginport.selectedIndex; +} + +function dst_change( iface, old_iface, old_dst ) { + if ( ( old_dst == "" ) || ( old_iface.concat("ip") == old_dst ) ) { + document.iform.dsttype.value = iface.concat("ip"); } } //--> diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js index 75bcb62..1b7f33a 100644 --- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js +++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js @@ -1,6 +1,6 @@ <!-- var portsenabled = 1; -var dstenabled = 1; +var editenabled = 1; function ext_change() { if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) { @@ -15,13 +15,13 @@ function ext_change() { document.iform.srcendport_cust.value = ""; document.iform.srcendport_cust.disabled = 1; } - if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && dstenabled) { + if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && editenabled) { document.iform.dstbeginport_cust.disabled = 0; } else { document.iform.dstbeginport_cust.value = ""; document.iform.dstbeginport_cust.disabled = 1; } - if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && dstenabled) { + if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && editenabled) { document.iform.dstendport_cust.disabled = 0; } else { document.iform.dstendport_cust.value = ""; @@ -36,7 +36,7 @@ function ext_change() { } else { document.iform.srcbeginport.disabled = 0; document.iform.srcendport.disabled = 0; - if( dstenabled ) { + if( editenabled ) { document.iform.dstbeginport.disabled = 0; document.iform.dstendport.disabled = 0; } @@ -49,25 +49,24 @@ function show_source_port_range() { } function typesel_change() { - switch (document.iform.srctype.selectedIndex) { - case 1: /* single */ - document.iform.src.disabled = 0; - document.iform.srcmask.value = ""; - document.iform.srcmask.disabled = 1; - break; - case 2: /* network */ - document.iform.src.disabled = 0; - document.iform.srcmask.disabled = 0; - break; - default: - document.iform.src.value = ""; - document.iform.src.disabled = 1; - document.iform.srcmask.value = ""; - document.iform.srcmask.disabled = 1; - break; - } - if( dstenabled ) - { + if( editenabled ) { + switch (document.iform.srctype.selectedIndex) { + case 1: /* single */ + document.iform.src.disabled = 0; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + case 2: /* network */ + document.iform.src.disabled = 0; + document.iform.srcmask.disabled = 0; + break; + default: + document.iform.src.value = ""; + document.iform.src.disabled = 1; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + } switch (document.iform.dsttype.selectedIndex) { case 1: /* single */ document.iform.dst.disabled = 0; @@ -118,7 +117,9 @@ function proto_change() { if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { document.getElementById("dprtr").style.display = ''; - document.getElementById("showadvancedboxspr").innerHTML='<p><input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>'; + if (editenabled) { + document.getElementById("showadvancedboxspr").innerHTML='<p><input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>'; + } } else { document.getElementById("sprtable").style.display = 'none'; document.getElementById("dprtr").style.display = 'none'; |