diff options
Diffstat (limited to 'usr')
56 files changed, 2392 insertions, 1848 deletions
diff --git a/usr/local/captiveportal/index.php b/usr/local/captiveportal/index.php index f02814e..7d51fc3 100755 --- a/usr/local/captiveportal/index.php +++ b/usr/local/captiveportal/index.php @@ -337,7 +337,7 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($passthrumacadd && $portalmac == NULL) { $mac = array(); $mac['mac'] = $clientmac; - $mac['descr'] = "Auto added mac passthrough with user {$username}"; + $mac['descr'] = "Auto added pass-through MAC for user {$username}"; if (!empty($bw_up)) $mac['bw_up'] = $bw_up; if (!empty($bw_down)) diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 3eeae34..3734b0b 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -3,6 +3,7 @@ if [ -f /tmp/$1up ] && [ -f /conf/$1.log ]; then seconds=$((`date -j +%s` - `/usr/bin/stat -f %m /tmp/$1up`)) /usr/local/sbin/ppp-log-uptime.sh $seconds $1 & fi +/sbin/pfctl -b $3 # delete the node just in case mpd cannot do that /usr/sbin/ngctl shutdown $1: /bin/rm -f /var/etc/nameserver_$1 diff --git a/usr/local/www/diag_backup.php b/usr/local/www/diag_backup.php index 64273fc..1ff119e 100755 --- a/usr/local/www/diag_backup.php +++ b/usr/local/www/diag_backup.php @@ -340,8 +340,11 @@ if ($_POST) { update_alias_names_upon_change('filter', 'rule', 'source', 'address', $newname, $origname); update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $newname, $origname); // NAT Rules + update_alias_names_upon_change('nat', 'rule', 'source', 'address', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'source', 'port', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $newname, $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $newname, $origname); update_alias_names_upon_change('nat', 'rule', 'target', '', $newname, $origname); - update_alias_names_upon_change('nat', 'rule', 'external-port', '', $newname, $origname); update_alias_names_upon_change('nat', 'rule', 'local-port', '', $newname, $origname); // Alias in an alias update_alias_names_upon_change('aliases', 'alias', 'address', '', $newname, $origname); diff --git a/usr/local/www/diag_nanobsd.php b/usr/local/www/diag_nanobsd.php index 307b66e..3e9bed1 100755 --- a/usr/local/www/diag_nanobsd.php +++ b/usr/local/www/diag_nanobsd.php @@ -49,42 +49,11 @@ require_once("config.inc"); $pgtitle = array("Diagnostics","NanoBSD"); include("head.inc"); -function detect_slice_info() { - global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; - global $GLABEL_SLIZE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; - global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE; - - $BOOT_DEVICE=trim(`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`); - $REAL_BOOT_DEVICE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/{$BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`); - $BOOT_DRIVE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1`); - - // Detect which slice is active and set information. - if(strstr($REAL_BOOT_DEVICE, "s1")) { - $SLICE="2"; - $OLDSLICE="1"; - $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; - $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; - $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; - $GLABEL_SLICE="pfsense1"; - $UFS_ID="1"; - $OLD_UFS_ID="0"; - $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; - - } else { - $SLICE="1"; - $OLDSLICE="2"; - $TOFLASH="{$BOOT_DRIVE}s{$SLICE}"; - $COMPLETE_PATH="{$BOOT_DRIVE}s{$SLICE}a"; - $COMPLETE_BOOT_PATH="{$BOOT_DRIVE}s{$OLDSLICE}"; - $GLABEL_SLICE="pfsense0"; - $UFS_ID="0"; - $OLD_UFS_ID="1"; - $BOOTFLASH="{$BOOT_DRIVE}s{$OLDSLICE}"; - } -} - // Survey slice info -detect_slice_info(); +global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; +global $GLABEL_SLICE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; +global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE, $ACTIVE_SLICE; +nanobsd_detect_slice_info(); ?> @@ -95,7 +64,7 @@ detect_slice_info(); <?php -$NANOBSD_SIZE = strtoupper(file_get_contents("/etc/nanosize.txt")); +$NANOBSD_SIZE = nanobsd_get_size(); if($_POST['bootslice']) { echo <<<EOF @@ -105,51 +74,14 @@ if($_POST['bootslice']) { <p/> </div> EOF; - for ($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } - ob_implicit_flush(1); - if(strstr($_POST['bootslice'], "s2")) { - $ASLICE="2"; - $AOLDSLICE="1"; - $ATOFLASH="{$BOOT_DRIVE}s{$ASLICE}"; - $ACOMPLETE_PATH="{$BOOT_DRIVE}s{$ASLICE}a"; - $AGLABEL_SLICE="pfsense1"; - $AUFS_ID="1"; - $AOLD_UFS_ID="0"; - $ABOOTFLASH="{$BOOT_DRIVE}s{$AOLDSLICE}"; - } else { - $ASLICE="1"; - $AOLDSLICE="2"; - $ATOFLASH="{$BOOT_DRIVE}s{$ASLICE}"; - $ACOMPLETE_PATH="{$BOOT_DRIVE}s{$ASLICE}a"; - $AGLABEL_SLICE="pfsense0"; - $AUFS_ID="0"; - $AOLD_UFS_ID="1"; - $ABOOTFLASH="{$BOOT_DRIVE}s{$AOLDSLICE}"; - } - conf_mount_rw(); - exec("sysctl kern.geom.debugflags=16"); - exec("gpart set -a active -i {$ASLICE} {$BOOT_DRIVE}"); - exec("/usr/sbin/boot0cfg -s {$ASLICE} -v /dev/{$BOOT_DRIVE}"); - exec("/sbin/tunefs -L ${AGLABEL_SLICE} /dev/$ACOMPLETE_PATH"); - exec("/bin/mkdir /tmp/{$AGLABEL_SLICE}"); - exec("/sbin/fsck_ufs -y /dev/{$ACOMPLETE_PATH}"); - exec("/sbin/mount /dev/ufs/{$AGLABEL_SLICE} /tmp/{$AGLABEL_SLICE}"); - $fstab = <<<EOF -/dev/ufs/{$AGLABEL_SLICE} / ufs ro 1 1 -/dev/ufs/cf /cf ufs ro 1 1 -EOF; - file_put_contents("/tmp/{$AGLABEL_SLICE}/etc/fstab", $fstab); - exec("/sbin/umount /tmp/{$AGLABEL_SLICE}"); - exec("/sbin/sysctl kern.geom.debugflags=0"); - conf_mount_ro(); - $savemsg = "The boot slice has been set to {$BOOT_DRIVE} {$AGLABEL_SLICE}"; + nanobsd_switch_boot_slice(); + $savemsg = "The boot slice has been set to " . nanobsd_get_active_slice(); // Survey slice info - detect_slice_info(); + nanobsd_detect_slice_info(); } if($_POST['destslice']) { - echo <<<EOF <div id="loading"> <img src="/themes/metallic/images/misc/loader.gif"> @@ -157,27 +89,13 @@ echo <<<EOF <p/> </div> EOF; - for ($i = 0; $i < ob_get_level(); $i++) { ob_end_flush(); } - ob_implicit_flush(1); - exec("/sbin/sysctl kern.geom.debugflags=16"); - exec("/bin/dd if=/dev/zero of=/dev/{$TOFLASH} bs=1m count=1"); - exec("/bin/dd if=/dev/{$BOOTFLASH} of=/dev/{$TOFLASH} bs=64k"); - exec("/sbin/tunefs -L {$GLABEL_SLICE} /dev/{$COMPLETE_PATH}"); - exec("/bin/mkdir /tmp/{$GLABEL_SLICE}"); - exec("/sbin/fsck_ufs -y /dev/{$COMPLETE_PATH}"); - exec("/sbin/mount /dev/ufs/{$GLABEL_SLICE} /tmp/{$GLABEL_SLICE}"); - exec("/bin/cp /etc/fstab /tmp/{$GLABEL_SLICE}/etc/fstab"); - $status = exec("sed -i \"\" \"s/pfsense{$OLD_UFS_ID}/pfsense{$UFS_ID}/g\" /tmp/{$GLABEL_SLICE}/etc/fstab"); - if($status) { - exec("/sbin/umount /tmp/{$GLABEL_SLICE}"); - $savemsg = "There was an error while duplicating the slice. Operation aborted."; - } else { + if(nanobsd_clone_slice($_POST['destslice'])) { $savemsg = "The slice has been duplicated.<p/>If you would like to boot from this newly duplicated slice please set it using the bootup information area."; - exec("/sbin/umount /tmp/{$GLABEL_SLICE}"); + } else { + $savemsg = "There was an error while duplicating the slice. Operation aborted."; } - exec("/sbin/sysctl kern.geom.debugflags=0"); // Re-Survey slice info - detect_slice_info(); + nanobsd_detect_slice_info(); } if ($savemsg) @@ -215,23 +133,14 @@ if ($savemsg) <td width="22%" valign="top" class="vncell">Bootup</td> <td width="78%" class="vtable"> <form action="diag_nanobsd.php" method="post" name="iform"> - Bootup slice: - <select name='bootslice'> - <option value='<?php echo $BOOTFLASH; ?>'> - <?php echo $BOOTFLASH; ?> - </option> - <option value='<?php echo $TOFLASH; ?>'> - <?php echo "{$TOFLASH}"; ?> - </option> - </select> + Bootup slice is currently: <?php echo $ACTIVE_SLICE; ?> + <br/><br/>This will switch the bootup slice to the alternate slice. <br/> - This will set the bootup slice. + <input type='hidden' name='bootslice' value='switch'> + <input type='submit' value='Switch Slice'></form> </td> </tr> <tr> - <td valign="top" class=""> </td><td><br/><input type='submit' value='Set bootup'></form></td> - </tr> - <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> diff --git a/usr/local/www/diag_ping.php b/usr/local/www/diag_ping.php index 4d82e06..b5658f5 100755 --- a/usr/local/www/diag_ping.php +++ b/usr/local/www/diag_ping.php @@ -136,7 +136,6 @@ include("head.inc"); ?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <span class="vexpl"><strong>Note: </strong></span> Multi-wan is not supported from this utility currently. </td> </tr> </table> diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php index 957c91c..37a5464 100755 --- a/usr/local/www/exec.php +++ b/usr/local/www/exec.php @@ -47,8 +47,13 @@ if (($_POST['submit'] == "Download") && file_exists($_POST['dlPath'])) { header("Content-Length: " . filesize($_POST['dlPath'])); header("Content-Disposition: attachment; filename=\"" . trim(htmlentities(basename($_POST['dlPath']))) . "\""); - header("Pragma: private"); - header("Cache-Control: private, must-revalidate"); + if (isset($_SERVER['HTTPS'])) { + header('Pragma: '); + header('Cache-Control: '); + } else { + header("Pragma: private"); + header("Cache-Control: private, must-revalidate"); + } fpassthru($fd); exit; diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php index d5a6a5f..bc210a1 100755 --- a/usr/local/www/firewall_aliases.php +++ b/usr/local/www/firewall_aliases.php @@ -87,22 +87,22 @@ if ($_GET['act'] == "del") { if($is_alias_referenced == false) { if(is_array($config['filter']['rule'])) { foreach($config['filter']['rule'] as $rule) { - if($rule['source']['address'] == $alias_name) { + if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['destination']['address'] == $alias_name) { + if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['source']['port'] == $alias_name) { + if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['destination']['port'] == $alias_name) { + if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; @@ -113,22 +113,32 @@ if ($_GET['act'] == "del") { if($is_alias_referenced == false) { if(is_array($config['nat']['rule'])) { foreach($config['nat']['rule'] as $rule) { - if($rule['target'] == $alias_name) { + if($rule['source']['address'] && $rule['source']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['external-address'] == $alias_name) { + if($rule['source']['port'] && $rule['source']['port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['external-port'] == $alias_name) { + if($rule['destination']['address'] && $rule['destination']['address'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; } - if($rule['local-port'] == $alias_name) { + if($rule['destination']['port'] && $rule['destination']['port'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } + if($rule['target'] && $rule['target'] == $alias_name) { + $is_alias_referenced = true; + $referenced_by = $rule['descr']; + break; + } + if($rule['local-port'] && $rule['local-port'] == $alias_name) { $is_alias_referenced = true; $referenced_by = $rule['descr']; break; diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 9c8025d..dca3d12 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -295,8 +295,11 @@ if ($_POST) { update_alias_names_upon_change('filter', 'rule', 'source', 'address', $_POST['name'], $origname); update_alias_names_upon_change('filter', 'rule', 'destination', 'address', $_POST['name'], $origname); // NAT Rules + update_alias_names_upon_change('nat', 'rule', 'source', 'address', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'source', 'port', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'address', $_POST['name'], $origname); + update_alias_names_upon_change('nat', 'rule', 'destination', 'port', $_POST['name'], $origname); update_alias_names_upon_change('nat', 'rule', 'target', '', $_POST['name'], $origname); - update_alias_names_upon_change('nat', 'rule', 'external-port', '', $_POST['name'], $origname); update_alias_names_upon_change('nat', 'rule', 'local-port', '' , $_POST['name'], $origname); // Alias in an alias update_alias_names_upon_change('aliases', 'alias', 'address', '' , $_POST['name'], $origname); diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php index 696248f..0c9229b 100755 --- a/usr/local/www/firewall_nat.php +++ b/usr/local/www/firewall_nat.php @@ -185,10 +185,13 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <td width="3%" class="list"> </td> <td width="5%" class="listhdrr">If</td> <td width="5%" class="listhdrr">Proto</td> - <td width="20%" class="listhdrr">Ext. port range</td> - <td width="20%" class="listhdrr">NAT IP</td> - <td width="20%" class="listhdrr">Int. port range</td> - <td width="20%" class="listhdr">Description</td> + <td width="11%" class="listhdrr">Src. addr</td> + <td width="11%" class="listhdrr">Src. ports</td> + <td width="11%" class="listhdrr">Dest. addr</td> + <td width="11%" class="listhdrr">Dest. ports</td> + <td width="11%" class="listhdrr">NAT IP</td> + <td width="11%" class="listhdrr">NAT Ports</td> + <td width="11%" class="listhdr">Description</td> <td width="5%" class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> @@ -202,26 +205,26 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <?php //build Alias popup box - $span_begin = ""; - $span_end = ""; - $alias_src_port_span_begin = ""; - $alias_dst_span_begin = ""; - $alias_dst_port_span_begin = ""; - - list($beginport, $endport) = split("-", $natent['external-port']); - - $alias_popup = rule_popup("",$beginport,$natent['target'],$natent['local-port']); $span_end = "</U></span>"; - - + + $alias_popup = rule_popup($natent['source']['address'], pprint_port($natent['source']['port']), $natent['destination']['address'], pprint_port($natent['destination']['port'])); + + $alias_src_span_begin = $alias_popup["src"]; $alias_src_port_span_begin = $alias_popup["srcport"]; - - $alias_dst_span_begin = $alias_popup["dst"]; - + $alias_dst_span_begin = $alias_popup["dst"]; $alias_dst_port_span_begin = $alias_popup["dstport"]; - - + $alias_popup = rule_popup("","",$natent['target'], pprint_port($natent['local-port'])); + + $alias_target_span_begin = $alias_popup["dst"]; + $alias_local_port_span_begin = $alias_popup["dstport"]; + + if (isset($natent['disabled'])) + $textss = "<span class=\"gray\">"; + else + $textss = "<span>"; + + $textse = "</span>"; /* if user does not have access to edit an interface skip on to the next record */ if(!have_natpfruleint_access($natent['interface'])) @@ -230,14 +233,14 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <tr valign="top" id="fr<?=$nnats;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> <td class="listt" align="center"> - <?php if(!empty($natent['associated-rule-id'])): ?> - <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="Firewall rule ID <?=htmlspecialchars($nnatid); ?> is managed with this rule" border="0"> - <?php endif; ?> <?php if($natent['associated-rule-id'] == "pass"): ?> <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" title="All traffic matching this NAT entry is passed" border="0"> + <?php elseif (!empty($natent['associated-rule-id'])): ?> + <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_chain.png" width="17" height="17" title="Firewall rule ID <?=htmlspecialchars($nnatid); ?> is managed with this rule" border="0"> <?php endif; ?> </td> <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?> <?php if (!$natent['interface'] || ($natent['interface'] == "wan")) echo "WAN"; @@ -246,49 +249,46 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript else echo strtoupper($config['interfaces'][$natent['interface']]['descr']); ?> + <?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=strtoupper($natent['protocol']);?> + <?=$textss;?><?=strtoupper($natent['protocol']);?><?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php - list($beginport, $endport) = split("-", $natent['external-port']); - if ((!$endport) || ($beginport == $endport)) { - echo $alias_src_port_span_begin; - echo $beginport; - if ($wkports[$beginport]) - echo " (" . $wkports[$beginport] . ")"; - else - echo " "; - echo $span_end; - } else - echo $beginport . " - " . $endport; - ?> + <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?> </td> <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php echo $alias_dst_span_begin;?><?=$natent['target'];?><?php echo $span_end;?> - <?php if ($natent['external-address']) - echo "<br>(ext.: " . $natent['external-address'] . ")"; - else - echo "<br>(ext.: " . find_interface_ip(convert_friendly_interface_to_real_interface_name($natent['interface'])) . ")"; - ?> + <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['source']['port']));?><?php echo $alias_src_port_span_end;?><?=$textse;?> </td> + + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($natent['destination']));?><?php echo $alias_dst_span_end;?><?=$textse;?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($natent['destination']['port']));?><?php echo $alias_dst_port_span_end;?><?=$textse;?> + </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?php if ((!$endport) || ($beginport == $endport)) { - echo $alias_dst_port_span_begin; - echo $natent['local-port']; - if ($wkports[$natent['local-port']]) - echo " (" . $wkports[$natent['local-port']] . ")"; - else - echo " "; - echo $span_end; - } else - echo $natent['local-port'] . " - " . - ($natent['local-port']+$endport-$beginport); - ?> + <?=$textss;?><?php echo $alias_target_span_begin;?><?php echo htmlspecialchars($natent['target']);?><?php echo $alias_target_span_end;?><?=$textse;?> </td> + <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> + <?php + $localport = $natent['local-port']; + + list($dstbeginport, $dstendport) = split("-", $natent['destination']['port']); + + if ($dstendport) { + $localendport = $natent['local-port'] + $dstendport - $dstbeginport; + $localport .= '-' . $localendport; + } + ?> + <?=$textss;?><?php echo $alias_local_port_span_begin;?><?php echo htmlspecialchars(pprint_port($localport));?><?php echo $alias_local_port_span_end;?><?=$textse;?> + </td> + <td class="listbg" onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$nnats;?>';"> - <?=htmlspecialchars($natent['descr']);?> + <?=$textss;?><?=htmlspecialchars($natent['descr']);?> <?=$textse;?> </td> <td valign="middle" class="list" nowrap> <table border="0" cellspacing="0" cellpadding="1"> @@ -304,6 +304,9 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <?php $i++; $nnats++; endforeach; ?> <tr> <td class="list" colspan="8"></td> + <td> </td> + <td> </td> + <td> </td> <td class="list" valign="middle" nowrap> <table border="0" cellspacing="0" cellpadding="1"> <tr> diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php index d44ced8..52a1268 100755 --- a/usr/local/www/firewall_nat_1to1.php +++ b/usr/local/www/firewall_nat_1to1.php @@ -158,7 +158,9 @@ include("head.inc"); <tr> <td colspan="4"> <p><span class="vexpl"><span class="red"><strong>Note:<br> - </strong></span>Depending on the way your WAN connection is setup, you may also need a <a href="firewall_virtual_ip.php">Virtual IP</a>.</span></p> + </strong></span>Depending on the way your WAN connection is setup, you may also need a <a href="firewall_virtual_ip.php">Virtual IP</a>.<br/> + If you add a 1:1 NAT entry for any of the interface IPs on this system, it will make this system inaccessible on that IP address. i.e. if + you use your WAN IP address, any services on this system (IPsec, OpenVPN server, etc.) using the WAN IP address will no longer function.</span></p> </td> <tr> </table> diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php index 62c4c33..d7ed094 100755 --- a/usr/local/www/firewall_nat_1to1_edit.php +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -100,12 +100,6 @@ if ($_POST) { $input_errors[] = "A valid internal subnet must be specified."; } - if (is_ipaddr($config['interfaces']['wan']['ipaddr'])) { - if (check_subnets_overlap($_POST['external'], $_POST['subnet'], - get_interface_ip("wan"), 32)) - $input_errors[] = "The WAN IP address may not be used in a 1:1 rule."; - } - /* check for overlaps with other 1:1 */ foreach ($a_1to1 as $natent) { if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) @@ -120,17 +114,6 @@ if ($_POST) { } } - /* check for overlaps with advanced outbound NAT */ - if (is_array($config['nat']['advancedoutbound']['rule'])) { - foreach ($config['nat']['advancedoutbound']['rule'] as $natent) { - if ($natent['target'] && - check_subnets_overlap($_POST['external'], $_POST['subnet'], $natent['target'], 32)) { - $input_errors[] = "An advanced outbound NAT entry overlaps with the specified external subnet."; - break; - } - } - } - if (!$input_errors) { $natent = array(); diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 8b36fb8..127a733 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -44,6 +44,13 @@ require_once("itemid.inc"); require("filter.inc"); require("shaper.inc"); +$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn"); +$ifdisp = get_configured_interface_with_descr(); +foreach ($ifdisp as $kif => $kdescr) { + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; +} + if (!is_array($config['nat']['rule'])) { $config['nat']['rule'] = array(); } @@ -59,96 +66,200 @@ if (isset($_GET['dup'])) { } if (isset($id) && $a_nat[$id]) { - $pconfig['extaddr'] = $a_nat[$id]['external-address']; + $pconfig['disabled'] = isset($a_nat[$id]['disabled']); + $pconfig['nordr'] = isset($a_nat[$id]['nordr']); + + address_to_pconfig($a_nat[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + $pconfig['proto'] = $a_nat[$id]['protocol']; - list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']); - if(!$pconfig['endport']) - $pconfig['endport'] = $pconfig['beginport']; $pconfig['localip'] = $a_nat[$id]['target']; $pconfig['localbeginport'] = $a_nat[$id]['local-port']; $pconfig['descr'] = $a_nat[$id]['descr']; $pconfig['interface'] = $a_nat[$id]['interface']; $pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id']; $pconfig['nosync'] = isset($a_nat[$id]['nosync']); + if (!$pconfig['interface']) $pconfig['interface'] = "wan"; } else { $pconfig['interface'] = "wan"; + $pconfig['src'] = "any"; + $pconfig['srcbeginport'] = "any"; + $pconfig['srcendport'] = "any"; } if (isset($_GET['dup'])) unset($id); /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling + * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { $temp = $value; $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = "Invalid characters detected ($temp). Please remove invalid characters and save again."; + if($newpost <> $temp) + $input_errors[] = "Invalid characters detected ($temp). Please remove invalid characters and save again."; } if ($_POST) { - if ($_POST['beginport_cust'] && !$_POST['beginport']) - $_POST['beginport'] = $_POST['beginport_cust']; - if ($_POST['endport_cust'] && !$_POST['endport']) - $_POST['endport'] = $_POST['endport_cust']; - if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) - $_POST['localbeginport'] = $_POST['localbeginport_cust']; + if(strtoupper($_POST['proto']) == "TCP" || strtoupper($_POST['proto']) == "UDP" || strtoupper($_POST['proto']) == "TCP/UDP") { + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + $_POST['srcbeginport'] = $_POST['srcbeginport_cust']; + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcendport_cust']; + + if ($_POST['srcbeginport'] == "any") { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } else { + if (!$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcbeginport']; + } + if ($_POST['srcendport'] == "any") + $_POST['srcendport'] = $_POST['srcbeginport']; + + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + $_POST['dstbeginport'] = $_POST['dstbeginport_cust']; + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstendport_cust']; + + if ($_POST['dstbeginport'] == "any") { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } else { + if (!$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstbeginport']; + } + if ($_POST['dstendport'] == "any") + $_POST['dstendport'] = $_POST['dstbeginport']; + + if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) + $_POST['localbeginport'] = $_POST['localbeginport_cust']; - if (!$_POST['endport']) - $_POST['endport'] = $_POST['beginport']; - /* Make beginning port end port if not defined and endport is */ - if (!$_POST['beginport'] && $_POST['endport']) - $_POST['beginport'] = $_POST['endport']; + /* Make beginning port end port if not defined and endport is */ + if (!$_POST['srcbeginport'] && $_POST['srcendport']) + $_POST['srcbeginport'] = $_POST['srcendport']; + if (!$_POST['dstbeginport'] && $_POST['dstendport']) + $_POST['dstbeginport'] = $_POST['dstendport']; + } else { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } + + if (is_specialnet($_POST['srctype'])) { + $_POST['src'] = $_POST['srctype']; + $_POST['srcmask'] = 0; + } else if ($_POST['srctype'] == "single") { + $_POST['srcmask'] = 32; + } + if (is_specialnet($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 0; + } else if ($_POST['dsttype'] == "single") { + $_POST['dstmask'] = 32; + } else if (is_ipaddr($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 32; + $_POST['dsttype'] = "single"; + } unset($input_errors); $pconfig = $_POST; /* input validation */ if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { - $reqdfields = explode(" ", "interface proto beginport endport localip localbeginport"); - $reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port"); + $reqdfields = explode(" ", "interface proto dstbeginport dstendport localip"); + $reqdfieldsn = explode(",", "Interface,Protocol,Destination port from,Destination port to,NAT IP"); } else { $reqdfields = explode(" ", "interface proto localip"); $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP"); } + if ($_POST['srctype'] == "single" || $_POST['srctype'] == "network") { + $reqdfields[] = "src"; + $reqdfieldsn[] = "Source address"; + } + if ($_POST['dsttype'] == "single" || $_POST['dsttype'] == "network") { + $reqdfields[] = "dst"; + $reqdfieldsn[] = "Destination address"; + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + if (!$_POST['srcbeginport']) { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } + if (!$_POST['dstbeginport']) { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } + if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { $input_errors[] = "\"{$_POST['localip']}\" is not valid NAT IP address or host alias."; } - /* only validate the ports if the protocol is TCP, UDP or TCP/UDP */ - if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { + if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) + $input_errors[] = "{$_POST['srcbeginport']} is not a valid start source port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) + $input_errors[] = "{$_POST['srcendport']} is not a valid end source port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) + $input_errors[] = "{$_POST['dstbeginport']} is not a valid start destination port. It must be a port alias or integer between 1 and 65535."; + if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) + $input_errors[] = "{$_POST['dstendport']} is not a valid end destination port. It must be a port alias or integer between 1 and 65535."; + + if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) { + $input_errors[] = "{$_POST['localbeginport']} is not a valid local port. It must be a port alias or integer between 1 and 65535."; + } - if ($_POST['beginport'] && !is_portoralias($_POST['beginport'])) { - $input_errors[] = "The start port must be an integer between 1 and 65535."; - } + /* if user enters an alias and selects "network" then disallow. */ + if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) ) + || ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) { + $input_errors[] = "You must specify single host or alias for alias entries."; + } - if ($_POST['endport'] && !is_portoralias($_POST['endport'])) { - $input_errors[] = "The end port must be an integer between 1 and 65535."; + if (!is_specialnet($_POST['srctype'])) { + if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) { + $input_errors[] = "{$_POST['src']} is not a valid source IP address or alias."; } - - if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) { - $input_errors[] = "The local port must be an integer between 1 and 65535."; + if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { + $input_errors[] = "A valid source bit count must be specified."; } - - if ($_POST['beginport'] > $_POST['endport']) { - /* swap */ - $tmp = $_POST['endport']; - $_POST['endport'] = $_POST['beginport']; - $_POST['beginport'] = $tmp; + } + if (!is_specialnet($_POST['dsttype'])) { + if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) { + $input_errors[] = "{$_POST['dst']} is not a valid destination IP address or alias."; } - - if (!$input_errors) { - if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535) - $input_errors[] = "The target port range must be an integer between 1 and 65535."; + if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { + $input_errors[] = "A valid destination bit count must be specified."; } + } + + if ($_POST['srcbeginport'] > $_POST['srcendport']) { + /* swap */ + $tmp = $_POST['srcendport']; + $_POST['srcendport'] = $_POST['srcbeginport']; + $_POST['srcbeginport'] = $tmp; + } + if ($_POST['dstbeginport'] > $_POST['dstendport']) { + /* swap */ + $tmp = $_POST['dstendport']; + $_POST['dstendport'] = $_POST['dstbeginport']; + $_POST['dstbeginport'] = $tmp; + } + if (!$input_errors) { + if (($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) + $input_errors[] = "The target port range must be an integer between 1 and 65535."; } /* check for overlaps */ @@ -157,40 +268,45 @@ if ($_POST) { continue; if ($natent['interface'] != $_POST['interface']) continue; - if ($natent['external-address'] != $_POST['extaddr']) + if ($natent['destination']['address'] != $_POST['dst']) continue; if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) continue; - list($begp,$endp) = explode("-", $natent['external-port']); + list($begp,$endp) = explode("-", $natent['destination']['port']); if (!$endp) $endp = $begp; if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { - $input_errors[] = "The external port range overlaps with an existing entry."; + $input_errors[] = "The destination port range overlaps with an existing entry."; break; } } if (!$input_errors) { $natent = array(); - if ($_POST['extaddr']) - $natent['external-address'] = $_POST['extaddr']; - $natent['protocol'] = $_POST['proto']; - if ($_POST['beginport'] == $_POST['endport']) - $natent['external-port'] = $_POST['beginport']; - else - $natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport']; + $natent['disabled'] = isset($_POST['disabled']) ? true:false; + $natent['nordr'] = isset($_POST['nordr']) ? true:false; + + pconfig_to_address($natent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); + + pconfig_to_address($natent['destination'], $_POST['dst'], + $_POST['dstmask'], $_POST['dstnot'], + $_POST['dstbeginport'], $_POST['dstendport']); + + $natent['protocol'] = $_POST['proto']; $natent['target'] = $_POST['localip']; $natent['local-port'] = $_POST['localbeginport']; $natent['interface'] = $_POST['interface']; $natent['descr'] = $_POST['descr']; $natent['associated-rule-id'] = $_POST['associated-rule-id']; - + if($_POST['filter-rule-association'] == "pass") $natent['associated-rule-id'] = "pass"; @@ -200,7 +316,7 @@ if ($_POST) { unset($natent['nosync']); // If we used to have an associated filter rule, but no-longer should have one - if ($a_nat[$id]>0 && empty($natent['associated-rule-id'])) { + if ($a_nat[$id]>0 && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { // Delete the previous rule delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']); mark_subsystem_dirty('filter'); @@ -241,13 +357,16 @@ if ($_POST) { if (!empty($natent['associated-rule-id'])) { $filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']); if ($filterentid == false) { - $filterent['source']['any'] = ""; + pconfig_to_address($filterent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); $filterent['associated-rule-id'] = $natent['associated-rule-id']; } else $filterent =& $config['filter']['rule'][$filterentid]; } else - // Create the default source entry for new filter entries - $filterent['source']['any'] = ""; + pconfig_to_address($filterent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); // Update interface, protocol and destination $filterent['interface'] = $_POST['interface']; @@ -255,7 +374,7 @@ if ($_POST) { $filterent['destination']['address'] = $_POST['localip']; $dstpfrom = $_POST['localbeginport']; - $dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport']; + $dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport']; if ($dstpfrom == $dstpto) $filterent['destination']['port'] = $dstpfrom; @@ -308,31 +427,47 @@ include("fbegin.inc"); ?> <form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> - <td colspan="2" valign="top" class="listtopic">Edit NAT entry</td> - </tr> - <tr> + <td colspan="2" valign="top" class="listtopic">Edit Redirect entry</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Disabled</td> + <td width="78%" class="vtable"> + <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>> + <strong>Disable this rule</strong><br /> + <span class="vexpl">Set this option to disable this rule without removing it from the list.</span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">No RDR (NOT)</td> + <td width="78%" class="vtable"> + <input type="checkbox" name="nordr"<?php if($pconfig['nordr']) echo " CHECKED"; ?>> + <span class="vexpl">Enabling this option will disable redirection for traffic matching this rule. + <br>Hint: this option is rarely needed, don't use this unless you know what you're doing.</span> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncellreq">Interface</td> <td width="78%" class="vtable"> - <select name="interface" class="formselect"> + <select name="interface" class="formselect" onChange="dst_change(this.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>');typesel_change();"> <?php - + $iflist = get_configured_interface_with_descr(false, true); - foreach ($iflist as $if => $ifdesc) - if(have_ruleint_access($if)) + foreach ($iflist as $if => $ifdesc) + if(have_ruleint_access($if)) $interfaces[$if] = $ifdesc; - + if ($config['pptpd']['mode'] == "server") - if(have_ruleint_access("pptp")) + if(have_ruleint_access("pptp")) $interfaces['pptp'] = "PPTP VPN"; - + if ($config['pppoe']['mode'] == "server") - if(have_ruleint_access("pppoe")) + if(have_ruleint_access("pppoe")) $interfaces['pppoe'] = "PPPoE VPN"; - + /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable'])) - if(have_ruleint_access("enc0")) - $interfaces["enc0"] = "IPsec"; + if(have_ruleint_access("enc0")) + $interfaces["enc0"] = "IPsec"; foreach ($interfaces as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>> @@ -343,33 +478,6 @@ include("fbegin.inc"); ?> <span class="vexpl">Choose which interface this rule applies to.<br> Hint: in most cases, you'll want to use WAN here.</span></td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">External address</td> - <td width="78%" class="vtable"> - <select name="extaddr" class="formselect"> - <option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option> -<?php if (is_array($config['virtualip']['vip'])): - foreach ($config['virtualip']['vip'] as $sn): - if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): - $baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); - for ($i = $sn['subnet_bits']; $i <= 32; $i++): - $baseip = $baseip + 1; - $snip = long2ip($baseip); - ?> - <option value="<?=$snip;?>" <?php if ($snip == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> - <?php endfor; - else: ?> - <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option> - <?php endif; ?> -<?php endforeach; - endif; ?> - <option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option> - </select> - <br /> - <span class="vexpl"> - If you want this rule to apply to another IP address than the IP address of the interface chosen above, - select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). Also note that if you are trying to redirect connections on the LAN select the "any" option.</span></td> - </tr> <tr> <td width="22%" valign="top" class="vncellreq">Protocol</td> <td width="78%" class="vtable"> @@ -381,55 +489,225 @@ include("fbegin.inc"); ?> this rule should match.<br> Hint: in most cases, you should specify <em>TCP</em> here.</span></td> </tr> + <tr id="showadvancedboxsrc" name="showadvancedboxsrc"> + <td width="22%" valign="top" class="vncellreq">Source</td> + <td width="78%" class="vtable"> + <input type="button" onClick="show_source()" value="Advanced"></input> - Show source address and port range</a> + </td> + </tr> + <tr style="display: none;" id="srctable" name="srctable"> + <td width="22%" valign="top" class="vncellreq">Source</td> + <td width="78%" class="vtable"> + <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <strong>not</strong> + <br /> + Use this option to invert the sense of the match. + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>Type: </td> + <td> + <select name="srctype" class="formselect" onChange="typesel_change()"> +<?php + $sel = is_specialnet($pconfig['src']); ?> + <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option> + <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option> + <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> + <?php if(have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>PPTP clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>>L2TP clients</option> + <?php endif; ?> +<?php + foreach ($ifdisp as $ifent => $ifdesc): ?> + <?php if(have_ruleint_access($ifent)): ?> + <option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> subnet</option> + <option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>> + <?=$ifdesc?> address + </option> + <?php endif; ?> +<?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td>Address: </td> + <td> + <input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select name="srcmask" class="formselect" id="srcmask"> +<?php for ($i = 31; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + </td> + </tr> + <tr style="display:none" id="sprtable" name="sprtable"> + <td width="22%" valign="top" class="vncellreq">Source port range</td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>from: </td> + <td> + <select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> + <option value="">(other)</option> + <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> +<?php foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> + </td> + </tr> + <tr> + <td>to:</td> + <td> + <select name="srcendport" class="formselect" onchange="ext_change()"> + <option value="">(other)</option> + <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> +<?php foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> + </td> + </tr> + </table> + <br /> + <span class="vexpl">Specify the source port or port range for this rule. <b>This is almost never equal to the destination port range (and is usually "any")</b>. <br /> Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port</span><br/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq">Destination</td> + <td width="78%" class="vtable"> + <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <strong>not</strong> + <br /> + Use this option to invert the sense of the match. + <br /> + <br /> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>Type: </td> + <td> + <select name="dsttype" class="formselect" onChange="typesel_change()"> +<?php + $sel = is_specialnet($pconfig['dst']); ?> + <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option> + <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option> + <option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> + <?php if(have_ruleint_access("pptp")): ?> + <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>PPTP clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("pppoe")): ?> + <option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option> + <?php endif; ?> + <?php if(have_ruleint_access("l2tp")): ?> + <option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>>L2TP clients</option> + <?php endif; ?> + +<?php foreach ($ifdisp as $if => $ifdesc): ?> + <?php if(have_ruleint_access($if)): ?> + <option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> subnet</option> + <option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>> + <?=$ifdesc;?> address + </option> + <?php endif; ?> +<?php endforeach; ?> + +<?php if (is_array($config['virtualip']['vip'])): + foreach ($config['virtualip']['vip'] as $sn): + if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): + $baseip = ip2long($sn['subnet']) & ip2long(gen_subnet_mask($sn['subnet_bits'])); + + for ($i = $sn['subnet_bits'] - 1; $i <= 32; $i++): + $snip = long2ip($baseip); +?> + <option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option> + <?php $baseip = $baseip + 1; ?> +<?php endfor; + else: +?> + <option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option> +<?php endif; + endforeach; + endif; +?> + </select> + </td> + </tr> + <tr> + <td>Address: </td> + <td> + <input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + / + <select name="dstmask" class="formselect" id="dstmask"> +<?php + for ($i = 31; $i > 0; $i--): ?> + <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> +<?php endfor; ?> + </select> + </td> + </tr> + </table> + </td> + </tr> + <tr id="dprtr" name="dprtr"> + <td width="22%" valign="top" class="vncellreq">Destination port range </td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="0"> + <tr> + <td>from: </td> + <td> + <select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> + <option value="">(other)</option> +<?php $bfound = 0; + foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> + </td> + </tr> + <tr> + <td>to:</td> + <td> + <select name="dstendport" class="formselect" onchange="ext_change()"> + <option value="">(other)</option> +<?php $bfound = 0; + foreach ($wkports as $wkport => $wkportdesc): ?> + <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> +<?php endforeach; ?> + </select> + <input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> + </td> + </tr> + </table> + <br /> + <span class="vexpl"> + Specify the port or port range for the destination of the packet for this mapping. + <br /> + Hint: you can leave the <em>'to'</em> field empty if you only want to map a single port + </span> + </td> + </tr> <tr> - <td width="22%" valign="top" class="vncellreq">External port - range </td> - <td width="78%" class="vtable"> - <table border="0" cellspacing="0" cellpadding="0"> - <tr> - <td>from: </td> - <td><select name="beginport" class="formselect" onChange="ext_rep_change(); ext_change(); check_for_aliases();"> - <option value="">(other)</option> - <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> - <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) { - echo "selected"; - $bfound = 1; - }?>> - <?=htmlspecialchars($wkportdesc);?> - </option> - <?php endforeach; ?> - </select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="beginport_cust" id="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td> - </tr> - <tr> - <td>to:</td> - <td><select name="endport" class="formselect" onChange="ext_change(); check_for_aliases();"> - <option value="">(other)</option> - <?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?> - <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) { - echo "selected"; - $bfound = 1; - }?>> - <?=htmlspecialchars($wkportdesc);?> - </option> - <?php endforeach; ?> - </select> <input onChange="check_for_aliases();" class="formfldalias" autocomplete='off' name="endport_cust" id="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td> - </tr> - </table> - <br> <span class="vexpl">Specify the port or port range on - the firewall's external address for this mapping.<br> - Hint: you can leave the <em>'to'</em> field empty if you only - want to map a single port</span></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">NAT IP</td> + <td width="22%" valign="top" class="vncellreq">Redirect target IP</td> <td width="78%" class="vtable"> <input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>"> <br> <span class="vexpl">Enter the internal IP address of the server on which you want to map the ports.<br> e.g. <em>192.168.1.12</em></span></td> </tr> - <tr> - <td width="22%" valign="top" class="vncellreq">Local port</td> + <tr name="lprtr" id="lprtr"> + <td width="22%" valign="top" class="vncellreq">Redirect target port</td> <td width="78%" class="vtable"> <select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();"> <option value="">(other)</option> @@ -470,7 +748,7 @@ include("fbegin.inc"); ?> <select name="associated-rule-id"> <option value="">None</option> <option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " SELECTED"; ?>>Pass</option> - <?php + <?php $linkedrule = ""; if (is_array($config['filter']['rule'])) { $filter_id = 0; @@ -482,7 +760,7 @@ include("fbegin.inc"); ?> $linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">View the filter rule</a><br/>"; } echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n"; - + } if ($filter_rule['interface'] == $pconfig['interface']) $filter_id++; @@ -526,6 +804,12 @@ include("fbegin.inc"); ?> <script language="JavaScript"> <!-- ext_change(); + dst_change(document.iform.interface.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>'); + typesel_change(); + proto_change(); + <?php if ($pconfig['srcnot'] || $pconfig['src'] != "any" || $pconfig['srcbeginport'] != "any" || $pconfig['srcendport'] != "any"): ?> + show_source(); + <?php endif; ?> //--> </script> <?php @@ -560,9 +844,13 @@ if($config['aliases']['alias'] <> "") var customarray=new Array(<?php echo $portaliases; ?>); var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray)); - var oTextbox2 = new AutoSuggestControl(document.getElementById("beginport_cust"), new StateSuggestions(customarray)); - var oTextbox3 = new AutoSuggestControl(document.getElementById("endport_cust"), new StateSuggestions(customarray)); - var oTextbox4 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray)); + var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray)); + var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray)); + var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray)); + var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray)); + var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray)); //--> </script> <?php include("fend.inc"); ?> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 90ffe43..c4f21c1 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -134,8 +134,81 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") { $natent['destination']['any'] = true; $natent['natport'] = ""; $a_out[] = $natent; + + /* PPTP subnet */ + if($config['pptpd']['mode'] == "server") { + if (is_ipaddr($config['pptpd']['localip'])) { + if($config['pptpd']['pptp_subnet'] <> "") + $ossubnet = $config['pptpd']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['pptpd']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for PPTP server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* PPPoE subnet */ + if($config['pppoe']['mode'] == "server") { + if (is_ipaddr($config['pppoe']['localip'])) { + if($config['pppoe']['pppoe_subnet'] <> "") + $ossubnet = $config['pppoe']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['pppoe']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for PPPoE server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* L2TP subnet */ + if($config['l2tp']['mode'] == "server") { + if (is_ipaddr($config['l2tp']['localip'])) { + if($config['l2tp']['l2tp_subnet'] <> "") + $ossubnet = $config['l2tp']['pptp_subnet']; + else + $ossubnet = "32"; + $osn = gen_subnet($config['l2tp']['localip'], $osn); + $natent = array(); + $natent['source']['network'] = "{$osn}/{$ossubnet}"; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for L2TP server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } + /* add openvpn interfaces */ + if($config['openvpn']['openvpn-server']) { + foreach ($config['openvpn']['openvpn-server'] as $ovpnsrv) { + $natent = array(); + $natent['source']['network'] = $ovpnsrv['tunnel_network']; + $natent['sourceport'] = ""; + $natent['descr'] = "Auto created rule for OpenVPN server"; + $natent['target'] = ""; + $natent['interface'] = $if2; + $natent['destination']['any'] = true; + $natent['natport'] = ""; + $a_out[] = $natent; + } + } } } + $savemsg = "Default rules for each interface have been created."; } break; diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php index 45db4ba..483aec1 100755 --- a/usr/local/www/firewall_nat_out_edit.php +++ b/usr/local/www/firewall_nat_out_edit.php @@ -169,18 +169,6 @@ if ($_POST) { $ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet']; } - if ($_POST['target']) { - /* check for clashes with 1:1 NAT (NAT Addresses is OK) */ - if (is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $natent) { - if (check_subnets_overlap($_POST['target'], 32, $natent['external'], $natent['subnet'])) { - $input_errors[] = "A 1:1 NAT mapping overlaps with the specified target IP address."; - break; - } - } - } - } - foreach ($a_out as $natent) { if (isset($id) && ($a_out[$id]) && ($a_out[$id] === $natent)) { continue; diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index af0fedb..0edba70 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -327,7 +327,7 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <table border="0" cellspacing="0" cellpadding="1"> <tr> <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules before this rule"></td> - <td><a href="interfaces.php#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + <td><a href="interfaces.php?if=<?=$if?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> </tr> <tr> <td align="center" valign="middle"></td> @@ -355,7 +355,7 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript <table border="0" cellspacing="0" cellpadding="1"> <tr> <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules before this rule"></td> - <td><a href="interfaces.php#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> + <td><a href="interfaces.php?if=<?=$if?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td> </tr> <tr> <td align="center" valign="middle"></td> @@ -557,15 +557,10 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript else if ($filterent['sched']) { if ($iconfn == "block" || $iconfn == "reject") - { $image = "icon_block_d"; - $alttext = "Traffic matching this rule is currently being allowed"; - } else - { $image = "icon_block"; - $alttext = "Traffic matching this rule is currently being denied"; - } + $alttext = "This rule is not currently active because its period has expired"; $printicon = true; } } diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 236a23a..8bd7e49 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -672,7 +672,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq">Source</td> <td width="78%" class="vtable"> - <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> + <?php $edit_disabled=false; ?> + <?php if( isset($pconfig['associated-rule-id']) ): ?> + <span class="red"><strong>NOTE: </strong></span> This is associated to a NAT rule.<br /> + You cannot edit the source and destination of associated filter rules.<br /> + <br /> + <?php + $edit_disabled=true; + if (is_array($config['nat']['rule'])) { + foreach( $config['nat']['rule'] as $index => $nat_rule ) { + if( $nat_rule['associated-rule-id']==$pconfig['associated-rule-id']) { + echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a><br>"; + break; + } + } + } + ?> + <br /> + <script type="text/javascript"> + editenabled = 0; + </script> + <?php endif; ?> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>> <strong>not</strong> <br /> Use this option to invert the sense of the match. @@ -682,7 +703,7 @@ include("head.inc"); <tr> <td>Type: </td> <td> - <select name="srctype" class="formselect" onChange="typesel_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srctype" class="formselect" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['src']); ?> <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option> @@ -712,8 +733,8 @@ include("head.inc"); <tr> <td>Address: </td> <td> - <input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / - <select name="srcmask" class="formselect" id="srcmask"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> / + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcmask" class="formselect" id="srcmask"> <?php for ($i = 31; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option> <?php endfor; ?> @@ -723,7 +744,7 @@ include("head.inc"); </table> <div id="showadvancedboxspr"> <p> - <input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a> </div> </td> </tr> @@ -734,27 +755,27 @@ include("head.inc"); <tr> <td>from: </td> <td> - <select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> </td> </tr> <tr> <td>to:</td> <td> - <select name="srcendport" class="formselect" onchange="ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="srcendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> </td> </tr> </table> @@ -765,27 +786,7 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq">Destination</td> <td width="78%" class="vtable"> - <?php $dst_disabled=false; ?> - <?php if( isset($pconfig['associated-rule-id']) ): ?> - <span class="red"><strong>NOTE: </strong></span> This is associated to a NAT rule.<br /> - You cannot edit the destination of associated filter rules.<br /> - <br /> - <?php - if (is_array($config['nat']['rule'])) { - foreach( $config['nat']['rule'] as $index => $nat_rule ) { - if( $nat_rule['assocaited-rule-id']==$pconfig['associated-rule-id']) - echo "<a href=\"firewall_nat_edit.php?id={$nat_rule[$index]}\">View the NAT rule</a>\n"; - break; - } - } - ?> - <br /> - <?php $dst_disabled=true; ?> - <script type="text/javascript"> - dstenabled = 0; - </script> - <?php endif; ?> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>> <strong>not</strong> <br /> Use this option to invert the sense of the match. @@ -795,7 +796,7 @@ include("head.inc"); <tr> <td>Type: </td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dsttype" class="formselect" onChange="typesel_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dsttype" class="formselect" onChange="typesel_change()"> <?php $sel = is_specialnet($pconfig['dst']); ?> <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option> @@ -825,9 +826,9 @@ include("head.inc"); <tr> <td>Address: </td> <td> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>"> / - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstmask" class="formselect" id="dstmask"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstmask" class="formselect" id="dstmask"> <?php for ($i = 31; $i > 0; $i--): ?> <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option> @@ -845,27 +846,27 @@ include("head.inc"); <tr> <td>from: </td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> </td> </tr> <tr> <td>to:</td> <td> - <select<?php echo ($dst_disabled===true?' DISABLED':''); ?> name="dstendport" class="formselect" onchange="ext_change()"> + <select<?php echo ($edit_disabled===true?' DISABLED':''); ?> name="dstendport" class="formselect" onchange="ext_change()"> <option value="">(other)</option> <option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input<?php echo ($dst_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> + <input<?php echo ($edit_disabled===true?' DISABLED':''); ?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> </td> </tr> </table> diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 2a01c91..873f422 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -94,8 +94,8 @@ if ($_GET['act'] == "del") { /* make sure no inbound NAT mappings reference this entry */ if (is_array($config['nat']['rule'])) { foreach ($config['nat']['rule'] as $rule) { - if($rule['external-address'] <> "") { - if ($rule['external-address'] == $a_vip[$_GET['id']]['subnet']) { + if($rule['destination']['address'] <> "") { + if ($rule['destination']['address'] == $a_vip[$_GET['id']]['subnet']) { $input_errors[] = "This entry cannot be deleted because it is still referenced by at least one NAT mapping."; break; } diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 4b99f3f..415ced4 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -127,16 +127,6 @@ if ($_POST) { } } - /* check for overlaps with 1:1 NAT */ - if (is_array($config['nat']['onetoone'])) { - foreach ($config['nat']['onetoone'] as $natent) { - if (check_subnets_overlap($_POST['subnet'], 32, $natent['external'], $natent['subnet'])) { - $input_errors[] = "A 1:1 NAT mapping overlaps with the specified IP address."; - break; - } - } - } - /* make sure new ip is within the subnet of a valid ip * on one of our interfaces (wan, lan optX) */ @@ -216,8 +206,8 @@ if ($_POST) { interface_vip_bring_down($a_vip[$id]); /* modify all virtual IP rules with this address */ for ($i = 0; isset($config['nat']['rule'][$i]); $i++) { - if ($config['nat']['rule'][$i]['external-address'] == $a_vip[$id]['subnet']) - $config['nat']['rule'][$i]['external-address'] = $vipent['subnet']; + if ($config['nat']['rule'][$i]['destination']['address'] == $a_vip[$id]['subnet']) + $config['nat']['rule'][$i]['destination']['address'] = $vipent['subnet']; } $a_vip[$id] = $vipent; } else @@ -226,7 +216,7 @@ if ($_POST) { mark_subsystem_dirty('vip'); write_config(); - if (!$id) + if (!isset($id)) $id = count($a_vip) - 1; header("Location: firewall_virtual_ip.php?changes=mods&id={$id}"); exit; diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index cb6466f..2164233 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -213,6 +213,7 @@ if (isset($wancfg['wireless'])) { interface_wireless_clone($wlanif, $wancfg); $wlanbaseif = interface_get_wireless_base($wancfg['if']); $wl_modes = get_wireless_modes($if); + $wl_chaninfo = get_wireless_channel_info($if); $wl_regdomain_xml_attr = array(); $wl_regdomain_xml = parse_xml_regdomain($wl_regdomain_xml_attr); $wl_regdomains = &$wl_regdomain_xml['regulatory-domains']['rd']; @@ -1011,7 +1012,7 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" if($gateway['interface'] == $if) { ?> <option value="<?=$gateway['name'];?>" <?php if ($gateway['name'] == $pconfig['gateway']) echo "selected"; ?>> - <?=htmlspecialchars($gateway['name']);?> + <?=htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']);?> </option> <?php } @@ -1339,12 +1340,17 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" if ($pconfig['channel'] == "$wl_channel") { echo "selected "; } - echo "value=\"$wl_channel\">$wl_standard - $wl_channel</option>\n"; + echo "value=\"$wl_channel\">$wl_standard - $wl_channel"; + if(isset($wl_chaninfo[$wl_channel])) + echo " ({$wl_chaninfo[$wl_channel][1]} @ {$wl_chaninfo[$wl_channel][2]} / {$wl_chaninfo[$wl_channel][3]})"; + echo "</option>\n"; } } ?> </select> <br/> + Legend: wireless standards - channel # (frequency @ max TX power / TX power allowed in reg. domain) + <br/> Note: Not all channels may be supported by your card. Auto may override the wireless standard selected above. </td> </tr> @@ -1373,6 +1379,8 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" } ?> </select> + <br/> + Note: Some cards have a default that is not recognized and require changing the regulatory domain to one in this list for the changes to other regulatory settings to work. <br/><br/> Country (listed with country code and regulatory domain)<br/> <select name="regcountry" class="formselect" id="regcountry"> diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index fbba05b..ed80d46 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -260,6 +260,7 @@ if ($_GET['act'] == "del") { $input_errors[] = "The interface is part of a gif tunnel. Please delete the tunnel to continue"; else { unset($config['interfaces'][$id]['enable']); + $realid = get_real_interface($id); interface_bring_down($id); /* down the interface */ unset($config['interfaces'][$id]); /* delete the specified OPTn or LAN*/ @@ -311,7 +312,7 @@ if ($_GET['act'] == "del") { unset($config['dhcpd']['wan']); } - link_interface_to_vlans($id, "update"); + link_interface_to_vlans($realid, "update"); $savemsg = "Interface has been deleted."; } diff --git a/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js b/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js index a2dff4c..9f21c2b 100644 --- a/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js +++ b/usr/local/www/javascript/firewall_nat_edit/firewall_nat_edit.js @@ -1,28 +1,65 @@ <!-- +var portsenabled = 1; +var dstenabled = 1; +var showsource = 0; + function ext_change() { - if (document.iform.beginport.selectedIndex == 0) { - document.iform.beginport_cust.disabled = 0; + if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) { + document.iform.srcbeginport_cust.disabled = 0; + } else { + document.iform.srcbeginport_cust.value = ""; + document.iform.srcbeginport_cust.disabled = 1; + } + if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) { + document.iform.srcendport_cust.disabled = 0; + } else { + document.iform.srcendport_cust.value = ""; + document.iform.srcendport_cust.disabled = 1; + } + if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && dstenabled) { + document.iform.dstbeginport_cust.disabled = 0; } else { - document.iform.beginport_cust.value = ""; - document.iform.beginport_cust.disabled = 1; + document.iform.dstbeginport_cust.value = ""; + document.iform.dstbeginport_cust.disabled = 1; } - if (document.iform.endport.selectedIndex == 0) { - document.iform.endport_cust.disabled = 0; + if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && dstenabled) { + document.iform.dstendport_cust.disabled = 0; } else { - document.iform.endport_cust.value = ""; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.value = ""; + document.iform.dstendport_cust.disabled = 1; } - if (document.iform.localbeginport.selectedIndex == 0) { + + if ((document.iform.localbeginport.selectedIndex == 0) && portsenabled) { document.iform.localbeginport_cust.disabled = 0; } else { document.iform.localbeginport_cust.value = ""; document.iform.localbeginport_cust.disabled = 1; } + + if (!portsenabled) { + document.iform.srcbeginport.disabled = 1; + document.iform.srcendport.disabled = 1; + document.iform.dstbeginport.disabled = 1; + document.iform.dstendport.disabled = 1; + document.iform.localbeginport_cust.disabled = 1; + } else { + document.iform.srcbeginport.disabled = 0; + document.iform.srcendport.disabled = 0; + document.iform.localbeginport_cust.disabled = 0; + if( dstenabled ) { + document.iform.dstbeginport.disabled = 0; + document.iform.dstendport.disabled = 0; + } + } } -function ext_rep_change() { - document.iform.endport.selectedIndex = document.iform.beginport.selectedIndex; - document.iform.localbeginport.selectedIndex = document.iform.beginport.selectedIndex; +function show_source() { + if(portsenabled) + document.getElementById("sprtable").style.display = ''; + + document.getElementById("srctable").style.display = ''; + document.getElementById("showadvancedboxsrc").style.display = 'none'; + showsource = 1; } function check_for_aliases() { @@ -30,64 +67,119 @@ function check_for_aliases() { * entry of Local port */ for(i=0; i<customarray.length; i++) { - if(document.iform.beginport_cust.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstbeginport_cust.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.beginport.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstbeginport.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.endport_cust.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstendport_cust.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } - if(document.iform.endport.value == customarray[i]) { - document.iform.endport_cust.value = customarray[i]; + if(document.iform.dstendport.value == customarray[i]) { + document.iform.dstendport_cust.value = customarray[i]; document.iform.localbeginport_cust.value = customarray[i]; - document.iform.endport_cust.disabled = 1; + document.iform.dstendport_cust.disabled = 1; document.iform.localbeginport.disabled = 1; document.iform.localbeginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 0; + document.iform.dstendport_cust.disabled = 0; document.iform.localbeginport.disabled = 0; document.iform.localbeginport_cust.disabled = 0; } + } } function proto_change() { - if(document.iform.proto.selectedIndex > 2) { - document.iform.beginport_cust.disabled = 1; - document.iform.endport_cust.disabled = 1; - document.iform.beginport.disabled = 1; - document.iform.endport.disabled = 1; - document.iform.localbeginport_cust.disabled = 1; - document.iform.localbeginport.disabled = 1; + if (document.iform.proto.selectedIndex < 3) { + portsenabled = 1; } else { - document.iform.beginport_cust.disabled = 0; - document.iform.endport_cust.disabled = 0; - document.iform.beginport.disabled = 0; - document.iform.endport.disabled = 0; - document.iform.localbeginport_cust.disabled = 0; - document.iform.localbeginport.disabled = 0; + portsenabled = 0; + } + + if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { + document.getElementById("sprtable").style.display = showsource == 1 ? '':'none'; + document.getElementById("dprtr").style.display = ''; + document.getElementById("lprtr").style.display = ''; + } else { + document.getElementById("sprtable").style.display = 'none'; + document.getElementById("dprtr").style.display = 'none'; + document.getElementById("lprtr").style.display = 'none'; + } +} + +function typesel_change() { + switch (document.iform.srctype.selectedIndex) { + case 1: /* single */ + document.iform.src.disabled = 0; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + case 2: /* network */ + document.iform.src.disabled = 0; + document.iform.srcmask.disabled = 0; + break; + default: + document.iform.src.value = ""; + document.iform.src.disabled = 1; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + } + if( dstenabled ) + { + switch (document.iform.dsttype.selectedIndex) { + case 1: /* single */ + document.iform.dst.disabled = 0; + document.iform.dstmask.value = ""; + document.iform.dstmask.disabled = 1; + break; + case 2: /* network */ + document.iform.dst.disabled = 0; + document.iform.dstmask.disabled = 0; + break; + default: + document.iform.dst.value = ""; + document.iform.dst.disabled = 1; + document.iform.dstmask.value = ""; + document.iform.dstmask.disabled = 1; + break; + } + } +} + +function src_rep_change() { + document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex; +} + +function dst_rep_change() { + document.iform.dstendport.selectedIndex = document.iform.dstbeginport.selectedIndex; +} + +function dst_change( iface, old_iface, old_dst ) { + if ( ( old_dst == "" ) || ( old_iface.concat("ip") == old_dst ) ) { + document.iform.dsttype.value = iface.concat("ip"); } } //--> diff --git a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js index 75bcb62..1b7f33a 100644 --- a/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js +++ b/usr/local/www/javascript/firewall_rules_edit/firewall_rules_edit.js @@ -1,6 +1,6 @@ <!-- var portsenabled = 1; -var dstenabled = 1; +var editenabled = 1; function ext_change() { if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) { @@ -15,13 +15,13 @@ function ext_change() { document.iform.srcendport_cust.value = ""; document.iform.srcendport_cust.disabled = 1; } - if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && dstenabled) { + if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled && editenabled) { document.iform.dstbeginport_cust.disabled = 0; } else { document.iform.dstbeginport_cust.value = ""; document.iform.dstbeginport_cust.disabled = 1; } - if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && dstenabled) { + if ((document.iform.dstendport.selectedIndex == 0) && portsenabled && editenabled) { document.iform.dstendport_cust.disabled = 0; } else { document.iform.dstendport_cust.value = ""; @@ -36,7 +36,7 @@ function ext_change() { } else { document.iform.srcbeginport.disabled = 0; document.iform.srcendport.disabled = 0; - if( dstenabled ) { + if( editenabled ) { document.iform.dstbeginport.disabled = 0; document.iform.dstendport.disabled = 0; } @@ -49,25 +49,24 @@ function show_source_port_range() { } function typesel_change() { - switch (document.iform.srctype.selectedIndex) { - case 1: /* single */ - document.iform.src.disabled = 0; - document.iform.srcmask.value = ""; - document.iform.srcmask.disabled = 1; - break; - case 2: /* network */ - document.iform.src.disabled = 0; - document.iform.srcmask.disabled = 0; - break; - default: - document.iform.src.value = ""; - document.iform.src.disabled = 1; - document.iform.srcmask.value = ""; - document.iform.srcmask.disabled = 1; - break; - } - if( dstenabled ) - { + if( editenabled ) { + switch (document.iform.srctype.selectedIndex) { + case 1: /* single */ + document.iform.src.disabled = 0; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + case 2: /* network */ + document.iform.src.disabled = 0; + document.iform.srcmask.disabled = 0; + break; + default: + document.iform.src.value = ""; + document.iform.src.disabled = 1; + document.iform.srcmask.value = ""; + document.iform.srcmask.disabled = 1; + break; + } switch (document.iform.dsttype.selectedIndex) { case 1: /* single */ document.iform.dst.disabled = 0; @@ -118,7 +117,9 @@ function proto_change() { if(document.iform.proto.selectedIndex >= 0 && document.iform.proto.selectedIndex <= 2) { document.getElementById("dprtr").style.display = ''; - document.getElementById("showadvancedboxspr").innerHTML='<p><input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>'; + if (editenabled) { + document.getElementById("showadvancedboxspr").innerHTML='<p><input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>'; + } } else { document.getElementById("sprtable").style.display = 'none'; document.getElementById("dprtr").style.display = 'none'; diff --git a/usr/local/www/javascript/row_helper.js b/usr/local/www/javascript/row_helper.js index 8193043..476602b 100755 --- a/usr/local/www/javascript/row_helper.js +++ b/usr/local/www/javascript/row_helper.js @@ -28,6 +28,8 @@ var addRowTo = (function() { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input size='" + rowsize[i] + "' class='formfld unknown' name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'></input> "; } else if(rowtype[i] == 'select') { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select size='1' name='" + rowname[i] + totalrows + "'><option value=\"32\" selected>32</option><option value=\"31\" >31</option><option value=\"30\" >30</option><option value=\"29\" >29</option><option value=\"28\" >28</option><option value=\"27\" >27</option><option value=\"26\" >26</option><option value=\"25\" >25</option><option value=\"24\" >24</option><option value=\"23\" >23</option><option value=\"22\" >22</option><option value=\"21\" >21</option><option value=\"20\" >20</option><option value=\"19\" >19</option><option value=\"18\" >18</option><option value=\"17\" >17</option><option value=\"16\" >16</option><option value=\"15\" >15</option><option value=\"14\" >14</option><option value=\"13\" >13</option><option value=\"12\" >12</option><option value=\"11\" >11</option><option value=\"10\" >10</option><option value=\"9\" >9</option><option value=\"8\" >8</option><option value=\"7\" >7</option><option value=\"6\" >6</option><option value=\"5\" >5</option><option value=\"4\" >4</option><option value=\"3\" >3</option><option value=\"2\" >2</option><option value=\"1\" >1</option></select> "; + } else if(rowtype[i] == 'select_source') { + td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select size='1' name='" + rowname[i] + totalrows + "'><option value=\"32\" selected>32</option><option value=\"31\" >31</option><option value=\"30\" >30</option><option value=\"29\" >29</option><option value=\"28\" >28</option><option value=\"27\" >27</option><option value=\"26\" >26</option><option value=\"25\" >25</option><option value=\"24\" >24</option><option value=\"23\" >23</option><option value=\"22\" >22</option><option value=\"21\" >21</option><option value=\"20\" >20</option><option value=\"19\" >19</option><option value=\"18\" >18</option><option value=\"17\" >17</option><option value=\"16\" >16</option><option value=\"15\" >15</option><option value=\"14\" >14</option><option value=\"13\" >13</option><option value=\"12\" >12</option><option value=\"11\" >11</option><option value=\"10\" >10</option><option value=\"9\" >9</option><option value=\"8\" >8</option><option value=\"7\" >7</option><option value=\"6\" >6</option><option value=\"5\" >5</option><option value=\"4\" >4</option><option value=\"3\" >3</option><option value=\"2\" >2</option><option value=\"1\" >1</option></select> "; } else { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input type='checkbox' name='" + rowname[i] + totalrows + "'></input> "; } diff --git a/usr/local/www/javascript/row_helper_dynamic.js b/usr/local/www/javascript/row_helper_dynamic.js index 778f182..032874c 100755 --- a/usr/local/www/javascript/row_helper_dynamic.js +++ b/usr/local/www/javascript/row_helper_dynamic.js @@ -31,6 +31,8 @@ var addRowTo = (function() { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input size='" + objectSize + "' name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'></input> "; } else if(rowtype[i] == 'select') { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'>" + newrow[i] + "</select> "; + } else if(rowtype[i] == 'select_source') { + td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><select name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'>" + newrow[i] + "</select> "; } else if(rowtype[i] == 'checkbox') { td.innerHTML="<INPUT type='hidden' value='" + totalrows +"' name='" + rowname[i] + "_row-" + totalrows + "'></input><input type='checkbox'name='" + rowname[i] + totalrows + "' id='" + rowname[i] + totalrows + "'></input> "; } else if(rowtype[i] == 'input') { diff --git a/usr/local/www/pkg.php b/usr/local/www/pkg.php index 9aeabb9..24651d4 100755 --- a/usr/local/www/pkg.php +++ b/usr/local/www/pkg.php @@ -2,7 +2,7 @@ /* $Id$ */ /* pkg.php - Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 6c2fbde..65e1e41 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -2,7 +2,7 @@ /* $Id$ */ /* pkg_edit.php - Copyright (C) 2004 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. Redistribution and use in source and binary forms, with or without @@ -440,6 +440,40 @@ if ($pkg['tabs'] <> "") { } print("</select>\n<br />\n" . fixup_string($pkga['description']) . "\n"); + } else if($pkga['type'] == "select_source") { + $fieldname = $pkga['fieldname']; + if (isset($pkga['multiple'])) { + $multiple = 'multiple="multiple"'; + $items = explode(',', $value); + $fieldname .= "[]"; + } + else { + $multiple = ''; + $items = array($value); + } + $size = (isset($pkga['size']) ? "size=\"{$pkga['size']}\"" : ''); + $onchange = (isset($pkga['onchange']) ? "onchange=\"{$pkga['onchange']}\"" : ''); + + print("<select id='" . $pkga['fieldname'] . "' $multiple $size $onchange id=\"$fieldname\" name=\"$fieldname\">\n"); + $source_url = $pkga['source']; + eval("\$pkg_source_txt = &$source_url;"); + foreach ($pkg_source_txt as $opt) { + $selected = ''; + if($pkga['source_name']) { + $source_name = $opt[$pkga['source_name']]; + } else { + $source_name = $opt[$pkga['name']]; + } + if($pkga['source_value']) { + $source_value = $opt[$pkga['source_value']]; + } else { + $source_value = $opt[$pkga['value']]; + } + if (in_array($opt['value'], $items)) $selected = 'selected="selected"'; + print("\t<option name=\"{$source_name}\" value=\"{$source_value}\" $selected>{$source_name}</option>\n"); + } + + print("</select>\n<br />\n" . fixup_string($pkga['description']) . "\n"); } else if($pkga['type'] == "vpn_selection") { echo "<select id='" . $pkga['fieldname'] . "' name='" . $vpn['name'] . "'>\n"; foreach ($config['ipsec']['phase1'] as $vpn) { @@ -656,7 +690,7 @@ if($pkg['note'] != "") * ROW Helpers function */ function display_row($trc, $value, $fieldname, $type, $rowhelper, $size) { - global $text; + global $text, $config; echo "<td>\n"; if($type == "input") { echo "<input size='" . $size . "' name='" . $fieldname . $trc . "' id='" . $fieldname . $trc . "' value='" . $value . "'>\n"; @@ -678,6 +712,28 @@ function display_row($trc, $value, $fieldname, $type, $rowhelper, $size) { echo "<option value='" . $rowopt['value'] . "'" . $selected . ">" . $rowopt['name'] . "</option>\n"; } echo "</select>\n"; + } else if($type == "select_source") { + echo "<select id='" . $fieldname . $trc . "' name='" . $fieldname . $trc . "'>\n"; + $source_url = $rowhelper['source']; + eval("\$pkg_source_txt = &$source_url;"); + foreach($pkg_source_txt as $opt) { + $selected = ""; + if($rowhelper['source_name']) { + $source_name = $opt[$rowhelper['source_name']]; + } else { + $source_name = $opt[$rowhelper['name']]; + } + if($rowhelper['source_value']) { + $source_value = $opt[$rowhelper['source_value']]; + } else { + $source_value = $opt[$rowhelper['value']]; + } + if($source_value == $value) + $selected = " SELECTED"; + $text .= "<option value='" . $source_value . "'" . $selected . ">" . $source_name . "</option>"; + echo "<option value='" . $source_value . "'" . $selected . ">" . $source_name . "</option>\n"; + } + echo "</select>\n"; } } @@ -795,4 +851,4 @@ function parse_package_templates() { } } -?> +?>
\ No newline at end of file diff --git a/usr/local/www/pkg_mgr.php b/usr/local/www/pkg_mgr.php index a0933ed..42ac121 100755 --- a/usr/local/www/pkg_mgr.php +++ b/usr/local/www/pkg_mgr.php @@ -2,7 +2,7 @@ /* $Id$ */ /* pkg_mgr.php - Copyright (C) 2004, 2005 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 36985d9..c22cc8a 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -3,7 +3,8 @@ /* pkg_mgr_install.php part of pfSense (http://www.pfSense.com) - Copyright (C) 2005 Scott Ullrich and Colin Smith + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2005 Colin Smith All rights reserved. Redistribution and use in source and binary forms, with or without @@ -227,4 +228,4 @@ if($fd_log) /* read only fs */ conf_mount_ro(); -?> +?>
\ No newline at end of file diff --git a/usr/local/www/pkg_mgr_installed.php b/usr/local/www/pkg_mgr_installed.php index 2cc95f5..703cb2f 100755 --- a/usr/local/www/pkg_mgr_installed.php +++ b/usr/local/www/pkg_mgr_installed.php @@ -2,7 +2,7 @@ /* $Id$ */ /* pkg_mgr.php - Copyright (C) 2004 Scott Ullrich + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/pkg_mgr_settings.php b/usr/local/www/pkg_mgr_settings.php index 2aa0f28..56e4e6d 100644 --- a/usr/local/www/pkg_mgr_settings.php +++ b/usr/local/www/pkg_mgr_settings.php @@ -4,7 +4,7 @@ pkg_mgr_settings.php part of pfSense Copyright (C) 2009 Jim Pingle <jimp@pfsense.org> - Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2004-2010 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2005 Colin Smith Redistribution and use in source and binary forms, with or without diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php index 99a943f..8f8262c 100755 --- a/usr/local/www/services_captiveportal.php +++ b/usr/local/www/services_captiveportal.php @@ -292,7 +292,7 @@ function enable_change(enable_change) { <strong>Enable captive portal </strong></td> </tr> <tr> - <td width="22%" valign="top" class="vncellreq">Interface</td> + <td width="22%" valign="top" class="vncellreq">Interfaces</td> <td width="78%" class="vtable"> <select name="cinterface[]" multiple="true" size="<?php echo count($config['interfaces']); ?>" class="formselect" id="cinterface"> <?php @@ -303,7 +303,7 @@ function enable_change(enable_change) { </option> <?php endforeach; ?> </select> <br> - <span class="vexpl">Choose which interface(s) to run the captive portal on.</span></td> + <span class="vexpl">Select the interface(s) to enable for captive portal.</span></td> </tr> <tr> <td valign="top" class="vncell">Maximum concurrent connections</td> @@ -364,12 +364,12 @@ to access after they've authenticated.</td> If this is enabled, RADIUS MAC authentication cannot be used.</td> </tr> <tr> - <td valign="top" class="vncell">MAC passthrough</td> + <td valign="top" class="vncell">Pass-through MAC Auto Entry</td> <td class="vtable"> <input name="passthrumacadd" type="checkbox" class="formfld" id="passthrumacadd" value="yes" <?php if ($pconfig['passthrumacadd']) echo "checked"; ?>> - <strong>MAC passthrough authentication</strong><br> - If this option is set, after a user is authenticated a mac passthrough entry will be added. - To remove the passthrough MAC entry you either have to log in and remove it manually from the MAC passthrough tab or send a POST to remove it from some other system. + <strong>Enable Pass-through MAC automatic additions</strong><br> + If this option is set, a MAC passthrough entry is automatically added after the user has successfully authenticated. Users of that MAC address will never have to authenticate again. + To remove the passthrough MAC entry you either have to log in and remove it manually from the <a href="services_captiveportal_mac.php">Pass-through MAC tab</a> or send a POST from another system to remove it. If this is enabled, RADIUS MAC authentication cannot be used. Also, the logout window will not be shown.</td> </tr> <tr> @@ -530,7 +530,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> } ?></select><br> If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and - the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td> + the Called-Station-Id to the client's MAC address. Default behavior is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td> </tr> </table> </tr> @@ -585,7 +585,7 @@ value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td> Paste an RSA private key in PEM format here.</td> </tr> <tr> - <td valign="top" class="vncell">HTTPS intermmediate certificate</td> + <td valign="top" class="vncell">HTTPS intermediate certificate</td> <td class="vtable"> <textarea name="cacert" cols="65" rows="7" id="cacert" class="formpre"><?=htmlspecialchars($pconfig['cacert']);?></textarea> <br> diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php index 1da30a1..fb8711b 100755 --- a/usr/local/www/services_captiveportal_ip.php +++ b/usr/local/www/services_captiveportal_ip.php @@ -102,15 +102,9 @@ include("head.inc"); </td> </tr> <?php $i = 0; foreach ($a_allowedips as $ip): ?> - <tr> + <tr ondblclick="document.location='services_captiveportal_ip_edit.php?id=<?=$i;?>'"> <td class="listlr"> - <?php if($ip['dir'] == "to") - echo "any <img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\">"; - ?> <?=strtolower($ip['ip']);?> - <?php if($ip['dir'] == "from") - echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_in.gif\" width=\"11\" height=\"11\" align=\"absmiddle\"> any"; - ?> </td> <td class="listbg"> <?=htmlspecialchars($ip['descr']);?> diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php index 977ba9f..45c4e2f 100755 --- a/usr/local/www/services_captiveportal_ip_edit.php +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -78,8 +78,8 @@ if ($_POST) { $pconfig = $_POST; /* input validation */ - $reqdfields = explode(" ", "ip dir"); - $reqdfieldsn = explode(",", "Allowed IP address,Direction"); + $reqdfields = explode(" ", "ip"); + $reqdfieldsn = explode(",", "Allowed IP address"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); @@ -95,7 +95,7 @@ if ($_POST) { if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent)) continue; - if (($ipent['dir'] == $_POST['dir']) && ($ipent['ip'] == $_POST['ip'])){ + if ($ipent['ip'] == $_POST['ip']){ $input_errors[] = "[" . $_POST['ip'] . "] already allowed." ; break ; } @@ -123,12 +123,12 @@ if ($_POST) { $ruleno = captiveportal_get_next_ipfw_ruleno(); if (!empty($ip['bw_up'])) { $pipeno = $ruleno + 20000; - mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100") + mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_up']}Kbit/s queue 100"); $bwup = "pipe {$pipeno}"; } if (!empty($ip['bw_down'])) { $pipeno = $ruleno + 20001; - mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100") + mwexec("/sbin/ipfw pipe {$pipeno} config bw {$ip['bw_down']}Kbit/s queue 100"); $bwdown = "pipe {$pipeno}"; } mwexec("/sbin/ipfw table 1 add {$ip['ip']} {$bwup}"); @@ -148,24 +148,6 @@ include("head.inc"); <?php if ($input_errors) print_input_errors($input_errors); ?> <form action="services_captiveportal_ip_edit.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> -<?php if (false): ?> - <tr> - <td width="22%" valign="top" class="vncellreq">Direction</td> - <td width="78%" class="vtable"> - <select name="dir" class="formselect"> - <?php - $dirs = explode(" ", "From To") ; - foreach ($dirs as $dir): ?> - <option value="<?=strtolower($dir);?>" <?php if (strtolower($dir) == strtolower($pconfig['dir'])) echo "selected";?> > - <?=htmlspecialchars($dir);?> - </option> - <?php endforeach; ?> - </select> - <br> - <span class="vexpl">Use <em>From</em> to always allow an IP address through the captive portal (without authentication). - Use <em>To</em> to allow access from all clients (even non-authenticated ones) behind the portal to this IP address.</span></td> - </tr> -<?php endif; ?> <tr> <td width="22%" valign="top" class="vncellreq">IP address</td> <td width="78%" class="vtable"> @@ -184,13 +166,13 @@ include("head.inc"); <td width="22%" valign="top" class="vncell">Bandwidth up</td> <td width="78%" class="vtable"> <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>"> - <br> <span class="vexpl">Enter a upload limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a upload limit to be enforced on this IP address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top" class="vncell">Bandwidth down</td> <td width="78%" class="vtable"> <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>"> - <br> <span class="vexpl">Enter a download limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a download limit to be enforced on this IP address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php index 88ba019..dd5fdfe 100755 --- a/usr/local/www/services_captiveportal_mac.php +++ b/usr/local/www/services_captiveportal_mac.php @@ -132,7 +132,7 @@ include("head.inc"); <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach ($a_passthrumacs as $mac): ?> - <tr> + <tr ondblclick="document.location='services_captiveportal_mac_edit.php?id=<?=$i;?>'"> <td class="listlr"> <?=strtolower($mac['mac']);?> </td> @@ -151,7 +151,7 @@ include("head.inc"); <td colspan="2" class="list"><span class="vexpl"><span class="red"><strong> Note:<br> </strong></span> - Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.</span></td> + Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.</span></td> <td class="list"> </td> </tr> </table> diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php index 70049cd..89e2757 100755 --- a/usr/local/www/services_captiveportal_mac_edit.php +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -151,13 +151,13 @@ include("head.inc"); <td width="22%" valign="top" class="vncell">Bandwidth up</td> <td width="78%" class="vtable"> <input name="bw_up" type="text" class="formfld unknown" id="bw_up" size="10" value="<?=htmlspecialchars($pconfig['bw_up']);?>"> - <br> <span class="vexpl">Enter a upload limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a upload limit to be enforced on this MAC address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top" class="vncell">Bandwidth down</td> <td width="78%" class="vtable"> <input name="bw_down" type="text" class="formfld unknown" id="bw_down" size="10" value="<?=htmlspecialchars($pconfig['bw_down']);?>"> - <br> <span class="vexpl">Enter a download limit to be enforced on this mac-address in Kbit/s</span></td> + <br> <span class="vexpl">Enter a download limit to be enforced on this MAC address in Kbit/s</span></td> </tr> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/status_openvpn.php b/usr/local/www/status_openvpn.php index 2ef71ce..ff2f0ad 100644 --- a/usr/local/www/status_openvpn.php +++ b/usr/local/www/status_openvpn.php @@ -45,7 +45,7 @@ $pgtitle = array("Status", "OpenVPN"); require("guiconfig.inc"); -require_once("vpn.inc"); +require_once("openvpn.inc"); /* Handle AJAX */ if($_GET['action']) { @@ -88,163 +88,9 @@ function kill_client($port, $remipp) { return $killed; } -$servers = array(); -$clients = array(); - -if (is_array($config['openvpn']['openvpn-server'])) { - foreach ($config['openvpn']['openvpn-server'] as & $settings) { - - $prot = $settings['protocol']; - $port = $settings['local_port']; - - $server = array(); - $server['port'] = $settings['local_port']; - if ($settings['description']) - $server['name'] = "{$settings['description']} {$prot}:{$port}"; - else - $server['name'] = "Server {$prot}:{$port}"; - $server['conns'] = array(); - - $tcpsrv = "tcp://127.0.0.1:{$port}"; - $errval; - $errstr; - - /* open a tcp connection to the management port of each server */ - $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); - if ($fp) { - - /* send our status request */ - fputs($fp, "status 2\n"); - - /* recv all response lines */ - while (!feof($fp)) { - - /* read the next line */ - $line = fgets($fp, 1024); - - /* parse header list line */ - if (strstr($line, "HEADER")) - continue; - - /* parse end of output line */ - if (strstr($line, "END")) - break; - - /* parse client list line */ - if (strstr($line, "CLIENT_LIST")) { - $list = explode(",", $line); - $conn = array(); - $conn['common_name'] = $list[1]; - $conn['remote_host'] = $list[2]; - $conn['virtual_addr'] = $list[3]; - $conn['bytes_recv'] = $list[4]; - $conn['bytes_sent'] = $list[5]; - $conn['connect_time'] = $list[6]; - $server['conns'][] = $conn; - } - } - - /* cleanup */ - fclose($fp); - } else { - $conn = array(); - $conn['common_name'] = "[error]"; - $conn['remote_host'] = "Management Daemon Unreachable"; - $conn['virtual_addr'] = ""; - $conn['bytes_recv'] = 0; - $conn['bytes_sent'] = 0; - $conn['connect_time'] = 0; - $server['conns'][] = $conn; - } - - $servers[] = $server; - } -} - - -if (is_array($config['openvpn']['openvpn-client'])) { - foreach ($config['openvpn']['openvpn-client'] as & $settings) { - - $prot = $settings['protocol']; - $port = $settings['local_port']; - - $client = array(); - $client['port'] = $settings['local_port']; - if ($settings['description']) - $client['name'] = "{$settings['description']} {$prot}:{$port}"; - else - $client['name'] = "Client {$prot}:{$port}"; - - $tcpcli = "tcp://127.0.0.1:{$port}"; - $errval; - $errstr; - - $client['status']="down"; - - /* open a tcp connection to the management port of each cli */ - $fp = @stream_socket_client($tcpcli, $errval, $errstr, 1); - if ($fp) { +$servers = openvpn_get_active_servers(); +$clients = openvpn_get_active_clients(); - /* send our status request */ - fputs($fp, "state 1\n"); - - /* recv all response lines */ - while (!feof($fp)) { - /* read the next line */ - $line = fgets($fp, 1024); - - /* Get the client state */ - if (strstr($line,"CONNECTED")) { - $client['status']="up"; - $list = explode(",", $line); - - $client['connect_time'] = date("D M j G:i:s Y", $list[0]); - $client['virtual_addr'] = $list[3]; - $client['remote_host'] = $list[4]; - } - /* parse end of output line */ - if (strstr($line, "END")) - break; - } - - /* If up, get read/write stats */ - if (strcmp($client['status'], "up") == 0) { - fputs($fp, "status 2\n"); - /* recv all response lines */ - while (!feof($fp)) { - /* read the next line */ - $line = fgets($fp, 1024); - - if (strstr($line,"TCP/UDP read bytes")) { - $list = explode(",", $line); - $client['bytes_recv'] = $list[1]; - } - - if (strstr($line,"TCP/UDP write bytes")) { - $list = explode(",", $line); - $client['bytes_sent'] = $list[1]; - } - - /* parse end of output line */ - if (strstr($line, "END")) - break; - } - } - - fclose($fp); - - } else { - $DisplayNote=true; - $client['remote_host'] = "No Management Daemon"; - $client['virtual_addr'] = "See Note Below"; - $client['bytes_recv'] = 0; - $client['bytes_sent'] = 0; - $client['connect_time'] = 0; - } - - $clients[] = $client; - } -} include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>"> diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 7a3cd93..e3d2e1e 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -59,6 +59,7 @@ $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; $pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout']; $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); $pconfig['disablescrub'] = isset($config['system']['disablescrub']); +$pconfig['tftpinterface'] = $config['system']['tftpinterface']; if ($_POST) { @@ -239,7 +240,7 @@ function update_description(itemnum) { <option value="conservative"<?php if($config['system']['optimization']=="conservative") echo " selected"; ?>>conservative</option> </select> <br/> - <textarea cols="60" rows="1" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea> + <textarea readonly="yes" cols="60" rows="1" id="info" name="info"style="padding:5px; border:1px dashed #990000; background-color: #ffffff; color: #000000; font-size: 8pt;"></textarea> <script language="javascript" type="text/javascript"> update_description(document.forms[0].optimization.selectedIndex); </script> @@ -321,7 +322,7 @@ function update_description(itemnum) { <option value="<?=$ifent;?>" <?php if (stristr($pconfig['tftpinterface'], $ifent)) echo "selected"; ?>><?=gettext($ifdesc);?></option> <?php endforeach; ?> </select> - <strong>Choose the interfaces where you want TFTP proxy help to be enabled.</strong> + <strong>Choose the interfaces where you want TFTP proxy helper to be enabled.</strong> </td> </tr> <tr> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index a91e30f..ca47289 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -345,6 +345,21 @@ function radius_srvcschange(){ } function select_clicked() { + if (document.getElementById("ldap_port").value == '' || + document.getElementById("ldap_host").value == '' || + document.getElementById("ldap_scope").value == '' || + document.getElementById("ldap_basedn").value == '' || + document.getElementById("ldapauthcontainers").value == '') { + alert("Please fill the required values."); + return; + } + if (!document.getElementById("ldap_anon").checked) { + if (document.getElementById("ldap_binddn").value == '' || + document.getElementById("ldap_bindpw").value == '') { + alert("Please fill the bind username/password."); + return; + } + } var url = 'system_usermanager_settings_ldapacpicker.php?'; url += 'port=' + document.getElementById("ldap_port").value; url += '&host=' + document.getElementById("ldap_host").value; diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php index e292402..a7c5e2b 100755 --- a/usr/local/www/system_gateway_groups.php +++ b/usr/local/www/system_gateway_groups.php @@ -61,6 +61,8 @@ if ($_POST) { $retval = system_routing_configure(); $retval |= filter_configure(); + /* reconfigure our gateway monitor */ + setup_gateways_monitor(); $savemsg = get_std_save_message($retval); if ($retval == 0) @@ -71,6 +73,10 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_gateway_groups[$_GET['id']]) { $changedesc .= "removed gateway group {$_GET['id']}"; + foreach ($config['filter']['rule'] as $idx => $rule) { + if ($rule['gateway'] == $a_gateway_groups[$_GET['id']]['name']) + unset($config['filter']['rule'][$idx]['gateway']); + } unset($a_gateway_groups[$_GET['id']]); write_config($changedesc); mark_subsystem_dirty('staticroutes'); diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index 57aaf97..5e5ee11 100755 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -105,10 +105,10 @@ if ($_POST) { /* Build list of items in group with priority */ $pconfig['item'] = array(); - foreach($a_gateways as $gateway) { - if($_POST[$gateway['name']] > 0) { + foreach($a_gateways as $gwname => $gateway) { + if($_POST[$gwname] > 0) { /* we have a priority above 0 (disabled), add item to list */ - $pconfig['item'][] = "{$gateway[name]}|{$_POST[$gateway['name']]}"; + $pconfig['item'][] = "{$gwname}|{$_POST[$gwname]}"; } } @@ -160,27 +160,26 @@ include("head.inc"); <td width="22%" valign="top" class="vncellreq">Gateway Priority</td> <td width="78%" class="vtable"> <?php - foreach($a_gateways as $gateway) { + foreach($a_gateways as $gwname => $gateway) { $selected = array(); - $name = $gateway['name']; $interface = $gateway['interface']; foreach((array)$pconfig['item'] as $item) { $itemsplit = explode("|", $item); - if($itemsplit[0] == $name) { + if($itemsplit[0] == $gwname) { $selected[$itemsplit[1]] = "selected"; + break; } else { $selected[0] = "selected"; } - } - echo "<select name='{$name}' class='formfldselect' id='{$name}'>"; + echo "<select name='{$gwname}' class='formfldselect' id='{$gwname}'>"; echo "<option value='0' $selected[0] >Never</option>"; echo "<option value='1' $selected[1] >Tier 1</option>"; echo "<option value='2' $selected[2] >Tier 2</option>"; echo "<option value='3' $selected[3] >Tier 3</option>"; echo "<option value='4' $selected[4] >Tier 4</option>"; echo "<option value='5' $selected[5] >Tier 5</option>"; - echo "</select> <strong>{$name} - {$gateway['descr']}</strong><br/>"; + echo "</select> <strong>{$gateway['name']} - {$gateway['descr']}</strong><br />"; } ?> <br/><span class="vexpl"> @@ -218,7 +217,8 @@ value="<?=htmlspecialchars($pconfig['descr']);?>"> <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" value="Cancel" class="formbtn" onclick="history.back()"> + <input name="Submit" type="submit" class="formbtn" value="Save"> + <a href="system_gateway_groups.php"><input type="button" value="Cancel" class="formbtn" ></a> <?php if (isset($id) && $a_gateway_groups[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>"> <?php endif; ?> diff --git a/usr/local/www/system_gateways.php b/usr/local/www/system_gateways.php index 38df88a..c324569 100755 --- a/usr/local/www/system_gateways.php +++ b/usr/local/www/system_gateways.php @@ -46,9 +46,8 @@ require_once("shaper.inc"); $a_gateways = return_gateways_array(true); $a_gateways_arr = array(); -foreach($a_gateways as $gw) { +foreach ($a_gateways as $gw) $a_gateways_arr[] = $gw; -} $a_gateways = $a_gateways_arr; if (!is_array($config['gateways']['gateway_item'])) @@ -81,15 +80,39 @@ if ($_GET['act'] == "del") { if ($a_gateways[$_GET['id']]) { /* remove the real entry */ $realid = $a_gateways[$_GET['id']]['attribute']; - - if ($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway'] == $a_gateways[$_GET['id']]['name']) - unset($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway']); - $changedesc .= "removed gateway {$realid}"; - unset($a_gateway_item[$realid]); - write_config($changedesc); - mark_subsystem_dirty('staticroutes'); - header("Location: system_gateways.php"); - exit; + $remove = true; + if (is_array($config['gateways']['gateway_group'])) { + foreach ($config['gateways']['gateway_group'] as $group) { + foreach ($group['item'] as $item) { + $items = explode("|", $item); + if ($items[0] == $a_gateways[$_GET['id']]['name']) { + $input_errors[] = "Gateway cannot be deleted because it is in use on Gateway Group '{$group['name']}'"; + $remove = false; + break; + } + + } + } + } + if (is_array($config['staticroutes']['route'])) { + foreach ($config['staticroutes']['route'] as $route) { + if ($route['gateway'] == $a_gateways[$_GET['id']]['name']) { + $input_errors[] = "Gateway cannot be deleted because it is in use on Static Routes '{$route['network']}'"; + $remove = false; + break; + } + } + } + if ($remove == true) { + if ($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway'] == $a_gateways[$_GET['id']]['name']) + unset($config['interfaces'][$a_gateways[$_GET['id']]['friendlyiface']]['gateway']); + $changedesc .= "removed gateway {$realid}"; + unset($a_gateway_item[$realid]); + write_config($changedesc); + mark_subsystem_dirty('staticroutes'); + header("Location: system_gateways.php"); + exit; + } } } @@ -101,6 +124,7 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> +<?php if ($input_errors) print_input_errors($input_errors); ?> <form action="system_gateways.php" method="post"> <input type="hidden" name="y1" value="1"> <?php if ($savemsg) print_info_box($savemsg); ?> diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index fe9c4f9..aab9204 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -64,6 +64,7 @@ if (isset($_GET['dup'])) { if (isset($id) && $a_gateways[$id]) { $pconfig['name'] = $a_gateways[$id]['name']; + $pconfig['weight'] = $a_gateways[$id]['weight']; $pconfig['interface'] = $a_gateways[$id]['interface']; $pconfig['friendlyiface'] = $a_gateways[$id]['friendlyiface']; $pconfig['gateway'] = $a_gateways[$id]['gateway']; @@ -146,11 +147,12 @@ if ($_POST) { } if (!$input_errors) { + $reloadif = false; /* if we are processing a system gateway only save the monitorip */ - if(($_POST['attribute'] == "system" && empty($_POST['defaultgw'])) || (empty($_POST['interface']) && empty($_POST['gateway']) && empty($_POST['defaultgw']))) { + if ($_POST['weight'] == 1 && (($_POST['attribute'] == "system" && empty($_POST['defaultgw'])) || (empty($_POST['interface']) && empty($_POST['gateway']) && empty($_POST['defaultgw'])))) { if (is_ipaddr($_POST['monitor'])) { if (empty($_POST['interface'])) - $interface = $pconfig['interface']; + $interface = $pconfig['friendlyiface']; else $interface = $_POST['interface']; $config['interfaces'][$interface]['monitorip'] = $_POST['monitor']; @@ -164,11 +166,16 @@ if ($_POST) { /* Manual gateways are handled differently */ /* rebuild the array with the manual entries only */ - $reloadif = false; $gateway = array(); - $gateway['interface'] = $_POST['interface']; + if ($_POST['attribute'] == "system") { + $gateway['interface'] = $pconfig['friendlyiface']; + $gateway['gateway'] = "dynamic"; + } else { + $gateway['interface'] = $_POST['interface']; + $gateway['gateway'] = $_POST['gateway']; + } $gateway['name'] = $_POST['name']; - $gateway['gateway'] = $_POST['gateway']; + $gateway['weight'] = $_POST['weight']; $gateway['descr'] = $_POST['descr']; if(is_ipaddr($_POST['monitor'])) { $gateway['monitor'] = $_POST['monitor']; @@ -308,6 +315,22 @@ function enable_change(obj) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Weight</td> + <td width="78%" class="vtable"> + <select name='weight' class='formfldselect' id='weight'> + <?php + for ($i = 1; $i < 6; $i++) { + $selected = ""; + if ($pconfig['weight'] == $i) + $selected = "selected"; + echo "<option value='{$i}' {$selected} >{$i}</option>"; + } + ?> + </select> + <strong>Weight for this gateway when used in a Gateway Group.</strong> <br /> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable"> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>"> diff --git a/usr/local/www/system_routes.php b/usr/local/www/system_routes.php index a9160c5..8786577 100755 --- a/usr/local/www/system_routes.php +++ b/usr/local/www/system_routes.php @@ -47,11 +47,8 @@ require_once("shaper.inc"); if (!is_array($config['staticroutes']['route'])) $config['staticroutes']['route'] = array(); -if (!is_array($config['gateways']['gateway_item'])) - $config['gateways']['gateway_item'] = array(); - $a_routes = &$config['staticroutes']['route']; -$a_gateways = &$config['gateways']['gateway_item']; +$a_gateways = return_gateways_array(true); $changedesc = "Static Routes: "; if ($_POST) { @@ -92,6 +89,7 @@ if ($_POST) { if ($_GET['act'] == "del") { if ($a_routes[$_GET['id']]) { $changedesc .= "removed route to " . $a_routes[$_GET['id']['route']]; + mwexec("/sbin/route delete " . escapeshellarg($a_routes[$_GET['id']]['network'])); unset($a_routes[$_GET['id']]); write_config($changedesc); mark_subsystem_dirty('staticroutes'); @@ -160,17 +158,12 @@ include("head.inc"); </td> <td class="listr" ondblclick="document.location='system_routes_edit.php?id=<?=$i;?>';"> <?php - echo $route['gateway'] . " "; + echo htmlentities($a_gateways[$route['gateway']]['name']) . " - " . htmlentities($a_gateways[$route['gateway']]['gateway']); ?> </td> <td class="listr" ondblclick="document.location='system_routes_edit.php?id=<?=$i;?>';"> <?php - foreach($a_gateways as $gateway) { - if($gateway['name'] == $route['gateway']) { - echo strtoupper($gateway['interface']) . " "; - } - } - + echo convert_friendly_interface_to_friendly_descr($a_gateways[$route['gateway']]['friendlyiface']) . " "; ?> </td> <td class="listbg" ondblclick="document.location='system_routes_edit.php?id=<?=$i;?>';"> diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index 434bbbc..a779009 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -57,11 +57,9 @@ require("guiconfig.inc"); if (!is_array($config['staticroutes']['route'])) $config['staticroutes']['route'] = array(); -if (!is_array($config['gateways']['gateway_item'])) - $config['gateways']['gateway_item'] = array(); $a_routes = &$config['staticroutes']['route']; -$a_gateways = &$config['gateways']['gateway_item']; +$a_gateways = return_gateways_array(true); $id = $_GET['id']; if (isset($_POST['id'])) @@ -99,13 +97,7 @@ if ($_POST) { $input_errors[] = "A valid destination network bit count must be specified."; } if ($_POST['gateway']) { - $match = false; - foreach($a_gateways as $gateway) { - if(in_array($_POST['gateway'], $gateway)) { - $match = true; - } - } - if(!$match) + if (!isset($a_gateways[$_POST['gateway']])) $input_errors[] = "A valid gateway must be specified."; } @@ -174,11 +166,19 @@ include("head.inc"); <td width="78%" class="vtable"> <select name="gateway" id="gateway" class="formselect"> <?php - foreach ($a_gateways as $gateway): ?> - <option value="<?=$gateway['name'];?>" <?php if ($gateway['name'] == $pconfig['gateway']) echo "selected"; ?>> - <?=htmlspecialchars($gateway['name']);?> - </option> - <?php endforeach; ?> + foreach ($a_gateways as $gateway) { + if ($gateway['attribute'] == "system") { + echo "<option value='{$gateway['friendlyiface']}' "; + if ($gateway['friendlyiface'] == $pconfig['gateway']) + echo "selected"; + } else { + echo "<option value='{$gateway['name']}' "; + if ($gateway['name'] == $pconfig['gateway']) + echo "selected"; + } + echo ">" . htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']) . "</option>\n"; + } + ?> </select> <br /> <div id='addgwbox'> Choose which gateway this route applies to or <a OnClick="show_add_gateway();" href="#">add a new one</a>. diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index b2c8209..c961dd4 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -57,7 +57,7 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if($_POST['session_timeout']) { + if(isset($_POST['session_timeout'])) { $timeout = intval($_POST['session_timeout']); if ($timeout != "" && (!is_numeric($timeout) || $timeout <= 0)) $input_errors[] = gettext("Session timeout must be an integer value."); @@ -65,7 +65,7 @@ if ($_POST) { if (!$input_errors) { - if($_POST['session_timeout']) + if(isset($_POST['session_timeout'])) $config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']); else unset($config['system']['webgui']['session_timeout']); @@ -125,7 +125,7 @@ if(!$pconfig['backend']) <td width="78%" class="vtable"> <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> <br /> - <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Leave blank to never expire sessions. NOTE: This is a security risk!");?><br /> + <?=gettext("Time in minutes to expire idle management sessions. The default is 4 hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br /> </td> </tr> <tr> diff --git a/usr/local/www/system_usermanager_settings_ldapacpicker.php b/usr/local/www/system_usermanager_settings_ldapacpicker.php index 6a3d186..40212b1 100644 --- a/usr/local/www/system_usermanager_settings_ldapacpicker.php +++ b/usr/local/www/system_usermanager_settings_ldapacpicker.php @@ -33,7 +33,9 @@ require("guiconfig.inc"); require_once("auth.inc"); + $ous = array(); + if($_GET) { $authcfg = array(); $authcfg['ldap_port'] = $_GET['port']; @@ -47,7 +49,29 @@ if($_GET) { $authcfg['ldap_authcn'] = explode(";", $_GET['authcn']); $ous = ldap_get_user_ous(true, $authcfg); } + ?> +<html> + <head> + <STYLE type="text/css"> + TABLE { + border-width: 1px 1px 1px 1px; + border-spacing: 0px; + border-style: solid solid solid solid; + border-color: gray gray gray gray; + border-collapse: separate; + background-color: collapse; + } + TD { + border-width: 0px 0px 0px 0px; + border-spacing: 0px; + border-style: solid solid solid solid; + border-color: gray gray gray gray; + border-collapse: collapse; + background-color: white; + } + </STYLE> + </head> <script language="JavaScript"> function post_choices() { @@ -61,34 +85,17 @@ function post_choices() { opener.document.forms[0].ldapauthcontainers.value+=document.forms[0].ou[i].value; } } - //this.close(); + window.close(); --> } </script> -<html> - <head> - <STYLE type="text/css"> - TABLE { - border-width: 1px 1px 1px 1px; - border-spacing: 0px; - border-style: solid solid solid solid; - border-color: gray gray gray gray; - border-collapse: separate; - background-color: collapse; - } - TD { - border-width: 0px 0px 0px 0px; - border-spacing: 0px; - border-style: solid solid solid solid; - border-color: gray gray gray gray; - border-collapse: collapse; - background-color: white; - } - </STYLE> - </head> <body link="#000000" vlink="#000000" alink="#000000" > <form method="post" action="system_usermanager_settings_ldapacpicker.php"> +<?php if (empty($ous)): ?> + <p>Sorry, we could not connect to the LDAP server. Please try later.</p> + <input type='button' value='Close' onClick="window.close();"> +<?php else: ?> <b>Please select which containers to Authenticate against:</b> <p/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -96,11 +103,7 @@ function post_choices() { <td class="tabnavtbl"> <table width="100%"> <?php - if(!is_array($ous)) { - echo "Sorry, we could not connect to the LDAP server. Please try later."; - //exit; - } - else if(is_array($ous)) { + if(is_array($ous)) { foreach($ous as $ou) { if(in_array($ou, $authcfg['ldap_authcn'])) $CHECKED=" CHECKED"; @@ -109,7 +112,7 @@ function post_choices() { echo " <tr><td><input type='checkbox' value='{$ou}' id='ou' name='ou[]'{$CHECKED}> {$ou}<br/></td></tr>\n"; } } -?> +?> </table> </td> </tr> @@ -118,7 +121,7 @@ function post_choices() { <p/> <input type='button' value='Save' onClick="post_choices();"> - +<?php endif; ?> + </form> </body> </html> - diff --git a/usr/local/www/themes/code-red/wizard.css b/usr/local/www/themes/code-red/wizard.css index 15fa98e..c0979a8 100755 --- a/usr/local/www/themes/code-red/wizard.css +++ b/usr/local/www/themes/code-red/wizard.css @@ -1,1065 +1,1066 @@ -/* Element CSS Definitions */
-html, body, td, th, input, select {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 0.9em;
-
-}
-
-/* please adjust the bgcolor to be used together with niftycorners! */
-.rtop, .artop {
- background-color: #5f0406;
-}
-
-div.GraphLink {
- position: relative;
-}
-
-span.GraphLinkLine {
- position: absolute;
- background-color: #990000;
- width: 100%;
-}
-
-/* DOM Tooltip CSS definitions */
-div.niceTitle
-{
- background-color: #333333;
- color: #FFFFFF;
- border-bottom: 1px dotted #FFFFFF;
- font-weight: bold;
- font-size: 13px;
- font-family: "Trebuchet MS", sans-serif;
- width: 250px;
- left: 0;
- top: 0;
- padding: 4px;
- position: absolute;
- text-align: left;
- z-index: 20;
- -moz-border-radius: 0 10px 10px 10px;
- filter: progid:DXImageTransform.Microsoft.Alpha(opacity=87);
- -moz-opacity: .87;
- -khtml-opacity: .87;
- opacity: .87;
-}
-div.niceTitle h1
-{
- background: #990000;
- border-bottom: 1px dotted #FFFFFF;
- font-weight: bold;
- font-size: 13px;
- font-family: "Trebuchet MS", sans-serif;
- margin: 3px;
- padding-top: 1px;
- padding-bottom: 1px;
- padding-left: 3px;
- text-align: left;
- left: 0;
- top: 0;
- -moz-border-radius: 0 8px 0 0;
- -moz-opacity: 1;
-}
-div.niceTitle .contents
-{
- margin: 0;
- padding: 0 3px;
- filter: progid:DXImageTransform.Microsoft.Alpha(opacity=100);
- -moz-opacity: 1;
- -khtml-opacity: 1;
- opacity: 1;
-}
-div.niceTitle p
-{
- background: #FFFFFF;
- border: 1px solid #990000;
- color: #000000;
- font-size: 9px;
- padding: 5px;
- margin: 3px;
- text-align: left;
- -moz-opacity: 1;
- -moz-border-radius: 0 0 8px 8px;
-}
-
-body {
- margin: 0px auto;
- background: url('images/logon-background.gif') no-repeat;
- background-position : center 0px;
- background-color: #4a0203;
-}
-
-form {
- margin: 0px;
-}
-a {
- text-decoration: none;
-}
-form input {
- font-size: 1.1em;
-}
-
-iframe {
- z-index: 1;
- border: 1px dashed #990000;
-}
-.iframe {
- background-color: #FFFFFF;
-}
-
-/* ID Based CSS Definitions */
-#wrapper {
- width: 810px;
- margin: 0px auto;
-}
-
-#header {
- background: url('images/header.png') no-repeat;
- background-position: 0px;
- height: 102px;
- width: 810px;
- margin-bottom: 5px;
- z-index: 2;
-}
-#header-left {
- position: relative;
- /* background: url('images/logo.gif') no-repeat; */
- background-position: center;
- height: 65px;
- width: 145px;
- left: 10px;
- float: left;
-}
-#header-left #status-link {
- position: relative;
- top: 10px;
- left: 6px;
-}
-#header-right {
- position: relative;
- /* background: url('images/header.gif') no-repeat; */
- height: 70px;
- color: #fff;
- left: 0px;
- margin-left: 165px;
-}
-#header-right .alert {
- position: relative;
- /* background: url('images/alert.gif') no-repeat; */
- background-position: 4px 2px;
- color: #fff;
- height: 17px;
- width: 500px;
- padding: 4px;
- padding-left: 27px;
- float: left;
-}
-#header-right .container {
- position: relative;
-}
-#header-right .container .left {
- position: relative;
- float: left;
- font-size: 1.3em;
- font-weight: bold;
- top: 15px;
- left: 4px;
- display: none;
-}
-#header-right .container .right {
- position: relative;
- float: right;
- top: 22px;
- padding-right: 4px;
- z-index: 1;
-}
-
-#header-right .container .right #alerts {
- position: relative;
- background: url('images/alert_bgr.png') no-repeat;
- height: 39px;
- width: 431px;
- z-index: 1;
- padding-top: 20px;
- padding-left: 5px;
- margin: 0px;
-}
-#header-right .container .right #hostname {
- position: relative;
- height: 39px;
- width: 431px;
- z-index: 1;
- padding-left: 5px;
- margin: 0px;
- top: 25px;
- left: 230px;
- font-size: 14px;
- color: #cccccc;
- font-weight: bold;
-}
-
-
-
-table#marquee {
- position: relative;
- top: -6px;
- left: -5px;
- border: 0;
- padding: 0;
- margin: 0;
- width: 424px;
- background-color: transparent;
- padding: 2px;
- border: 0px;
-}
-span#marquee-container {
- position: absolute;
- visibility: hidden;
- top: -100px;
- left: -10000px;
-}
-div#marquee-text {
- font-size: 1.18em;
- font-weight: normal;
- font-family: Verdana;
- color: #ffffff;
-}
-table#marquee div#container {
- position: relative;
- overflow: hidden;
- width: 418px;
- height: 20px;
-}
-table#marquee div#container div#scroller {
- position: absolute;
- left: 0px;
- top: 0px;
-}
-
-
-
-
-
-#content {
- position: relative;
- top: -15px;
- left: 0px;
- margin-top: 0px;
- margin-left: 0px;
- padding-top: 0px;
- width: 810px;
- background-color: #ffffff;
-}
-
-#left {
- width: 810px;
- height: 1px;
-}
-#right {
- position: relative;
- top: -10px;
- width: 770px;
- margin-top: 0px;
- margin-left: 5px;
- margin-right: 5px;
- padding-top: 5px;
- padding-left: 10px;
- padding-right: 10px;
- padding-bottom: 20px;
- min-height: 400px;
-}
-
-#footer {
- position: relative;
- background: url('images/footer.png') no-repeat;
- top: -18px;
- left: 0px;
- width: 810px;
- height: 75px;
- color: #ffffff;
- text-align: center;;
- font-size: 0.9em;
- padding-top: 17px;
- margin-bottom: 20px;
- clear: both;
-}
-#footer p {
- padding: 0px;
- margin: 0px;
-}
-
-/* Style the List */
-#navigation {
- /* background: url('images/menu.gif') no-repeat; */
- /* width: 693px; */
- position: relative;
- top: -25px;
- left: 3px;
- width: 810px;
- padding: 0px;
- height: 28px;
- z-index: 3;
-}
-#navigation ul {
- padding: 0;
- margin: 0;
- list-style: none;
- text-align: center;
-}
-#navigation ul#menu {
- padding-top: 3px;
- padding-left: 5px;
-}
-
-/* Style the List Elements */
-#navigation ul li {
- float: left;
- position: relative;
- /* width: 7.5em; */
- width: 8.77em;
-}
-#navigation ul li div {
- font-size: 1em;
- font-weight: bold;
-}
-/* Make the List inside the List Elements */
-/* initially hidden with absolute position */
-#navigation ul li ul {
- display: none;
- position: absolute;
- top: 2em;
- left: -2px;
- width: 9em;
- font-weight: normal;
- background: transparent bottom left no-repeat; /* This is key to making the menu maintain visibility when not on a link */
- /* background-color: #202020;
- background: url("images/menu_footer.gif") no-repeat;
- background-position: bottom;
- */
- padding: 0em 0 0.4em 0;
- padding-top: 0.3em;
-}
-/* to override top and left in browsers other than IE */
-/* which will position to the top right of the containing */
-/* li, rather than bottom left */
-#navigation ul li > ul {
- top: auto;
- left: auto;
- left: -1px !important;
-}
-/* Show initial drop down upon mouse over, but do not show */
-/* nested side drop menus within listed elements */
-#navigation ul li:hover ul {
- display: block;
- cursor: pointer;
-}
-#navigation ul li:hover {
- cursor: pointer;
- cursor: pointer;
-}
-#navigation ul li:hover div {
- text-decoration: none;
-}
-
-#navigation ul li {
- background-color: transparent;
- color: #FFF;
-}
-#navigation ul li ul li {
- border: 1px solid #990000;
- width: 8.8em;
- height: 1.6em;
- line-height: 1.6em;
- background-color: #990000;
- color: #FFF;
-}
-#navigation ul li ul li:hover {
- background-color: #666666;
-}
-
-#navigation li li a {
- display: block;
- padding-left: 10px;
- padding-right: 10px;
-}
-
-#navigation ul li ul li a.navlnk:hover {
- text-decoration: none;
-}
-#navigation ul li.first {
- border-right: 0px;
-}
-#navigation ul li.middle {
- border-right: 0px;
-}
-#navigation ul li.last {
-
-}
-
-#navigation ul li.dropfirst {
- border-bottom: 0px;
-}
-#navigation ul li.dropmiddle {
- border-bottom: 0px;
-}
-#navigation ul li.droplast {
-}
-
-#wzdtabcont {
- float: left;
- background-color: #FFFFFF;
- color: #000000;
- padding: 0;
-}
-
-ul#wzdnav {
- font-size: 0.96em;
- float: left;
- width: 14.5em;
- margin: 0;
- padding-left: 18px;
-}
-
-ul#wzdnav li {
- list-style: none;
- margin: 0;
- padding-bottom: 0.2em;
- padding-left: 0;
-}
-
-ul#wzdnav a {
- display: block;
- padding: 0.3em;
- font-weight: normal;
-}
-
-#wzdnavbold a {
- display: block;
- padding: 0.3em;
- font-weight: bold ! important;
-}
-
-ul#wzdnav a:link {
- color: black;
- background-color: #eee;
-}
-
-ul#wzdnav a:visited {
- color: #666;
- background-color: #eee;
-}
-
-ul#wzdnav a:hover {
- color: black;
- background-color: white;
-}
-
-ul#wzdnav a:active {
- color: white;
- background-color: gray;
-}
-
-#graph {
- position: relative;
- z-index: 10;
-}
-
-#logoutbtn {
- position: absolute;
- left: 95%;
- vertical-align: middle;
-}
-
-
-#graph {
- position: relative;
- z-index: 10;
-}
-
-
-
-/* Class Based CSS Definitions */
-.pgtitle {
- font-size: 18px;
- color: #777777;
- font-weight: bold;
-}
-.tfrtitle {
- font-size: 18px;
- color: #ffffff;
- font-weight: bold;
-}
-.vncell {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- border-bottom: 1px solid #999999;
-}
-.formfld {
- font-size: small;
-}
-.formselect {
- font-size: 1.0em;
-}
-.langopt {
- padding-left: 34px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.saved {
- /* background: url('/themes/nione/images/icons/icon_wzd_saved.png') no-repeat 0 1px #FFFFFF; */
- list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_saved.png') ! important;
-}
-.notsaved {
- /* background: url('/themes/nione/images/icons/icon_wzd_nsaved.png') no-repeat 0 1px #FFFFFF; */
- list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_nsaved.png') ! important;
-}
-.en {
- background: url('/themes/nervecenter/images/icons/icon_flag_en.png') no-repeat 0 1px #FFFFFF;
-}
-.de {
- background: url('/themes/nervecenter/images/icons/icon_flag_de.png') no-repeat 0 1px #FFFFFF;
-}
-.es {
- background: url('/themes/nervecenter/images/icons/icon_flag_es.png') no-repeat 0 1px #FFFFFF;
-}
-.pt_BR {
- background: url('/themes/nervecenter/images/icons/icon_flag_pt_BR.png') no-repeat 0 1px #FFFFFF;
-}
-.host {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_host.png') no-repeat 0 1px #FFFFFF;
-}
-.search {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_search.png') no-repeat 0 1px #FFFFFF;
-}
-.file {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_file.png') no-repeat 0 1px #FFFFFF;
-}
-.mail {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_mail.png') no-repeat 0 1px #FFFFFF;
-}
-.imp {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_imp.png') no-repeat 0 1px #FFFFFF;
-}
-.pwd {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_pwd.png') no-repeat 0 1px #FFFFFF;
-}
-.user {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_user.png') no-repeat 0 1px #FFFFFF ;
-}
-.group {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_group.png') no-repeat 0 1px #FFFFFF;
-}
-.url {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_url.png') no-repeat 0 1px #FFFFFF;
-}
-.time {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_time.png') no-repeat 0 1px #FFFFFF;
-}
-.unknown {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_unknown.png') no-repeat 0 1px #FFFFFF;
-}
-.formfld_cert {
- background: url('/themes/nervecenter/images/icons/icon_frmfld_cert.png') no-repeat 0 1px #FFFFFF;
- padding-left: 28px;
- font-family: Courier New, Courier, monospaced;
- font-size: 11px;
-}
-.formfldalias {
- background-color: #990000;
- color: #FFFFFF;
-}
-.formpre {
- font-family: Courier New, Courier, monospaced;
- font-size: 10px;
-}
-.formbtn {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 13px;
- font-weight: bold;
-}
-.formbtns {
- font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
- font-size: 10px;
- font-weight: bold;
-}
-.vvcell {
- background-color: #FFFFC6;
-}
-.errmsg {
- font-weight: bold;
- color: #CC0000;
-}
-.red {
- color: #CC0000;
-}
-.gray {
- color: #A0A0A0;
-}
-.vexpl {
- font-size: 11px;
-}
-.navlnk {
- color: #FFFFFF;
- text-decoration: none;
- font-size: 13px;
-}
-.navlnks {
- color: #FFFFFF;
- text-decoration: none;
- font-size: 11px;
-}
-.redlnk {
- color: #990000;
- text-decoration: none;
-}
-.tblnk {
- color: #FFFFFF;
- text-decoration: none;
-}
-.vncellreq {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
-}
-.vncellt {
- background-color: #DDDDDD;
- padding-right: 20px;
- padding-left: 8px;
- padding-top: 4px;
- padding-bottom: 4px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
-}
-.vtable {
- border-bottom: 1px solid #999999;
-}
-.vnsepcell {
- background-color: #BBBBBB;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.cpline {
- font-size: 11px;
- color: #FFFFFF;
-}
-.hostname {
- font-size: 11px;
- color: #990000;
- font-weight: bold;
-}
-.vnsepcellr {
- background-color: #BBBBBB;
- padding-right: 20px;
- padding-left: 8px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.listr {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listrpad {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-right: 16px;
- padding-left: 10px;
- padding-top: 8px;
- padding-bottom: 8px;
-}
-.listn {
- font-size: 11px;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listbg {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #990000;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listbggrey {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #999999;
- padding-right: 16px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listhdr {
- background-color: #BBBBBB;
- padding-right: 16px;
- padding-left: 6px;
- font-weight: bold;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.listhdr a {
- color: #000000;
-}
-.listhdrr {
- background-color: #BBBBBB;
- padding-right: 16px;
- padding-left: 6px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.listhdrr a {
- color: #000000;
-}
-.listlr {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- border-left: 1px solid #999999;
- font-size: 11px;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listlrns {
- background-color: #FFFFFF;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- border-left: 1px solid #999999;
- font-size: 11px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.list {
- font-size: 11px;
- padding-left: 6px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.listt {
- font-size: 11px;
- padding-top: 5px;
-}
-.listhdrrns {
- background-color: #BBBBBB;
- padding-left: 6px;
- padding-top: 5px;
- padding-bottom: 5px;
- padding-right: 6px;
- font-weight: bold;
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
-}
-.listbgns {
- border-right: 1px solid #999999;
- border-bottom: 1px solid #999999;
- font-size: 11px;
- background-color: #D9DEE8;
- padding-left: 6px;
- padding-right: 4px;
- padding-top: 4px;
- padding-bottom: 4px;
-}
-.listtopic {
- border-right: 1px solid #999999;
- font-size: 11px;
- background-color: #990000;
- padding-right: 16px;
- padding-left: 6px;
- color: #FFFFFF;
- font-weight: bold;
- padding-top: 5px;
- padding-bottom: 5px;
-}
-.optsect_t {
- border-right: 1px solid #999999;
- background-color: #990000;
- padding-right: 6px;
- padding-left: 6px;
- padding-top: 2px;
- padding-bottom: 2px;
-}
-.optsect_s {
- font-size: 11px;
- color: #FFFFFF;
- font-weight: bold;
-}
-.tabnavtbl {
-}
-
-
-/* MISC CSS Definitions */
-ul#tabnav {
- font-size: 11px;
- font-weight: bold;
- list-style-type: none;
- margin: 0;
- padding: 0;
-}
-ul#tabnav li.tabinact1 {
- float: left;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-ul#tabnav li.tabinact {
- float: left;
- border-left: 1px solid #999999;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-ul#tabnav li.tabinact a {
- float: left;
- display: block;
- text-decoration: none;
- padding: 5px 8px 5px 8px;
- color: #FFFFFF;
-}
-ul#tabnav li.tabinact1 a {
- float: left;
- display: block;
- text-decoration: none;
- padding: 5px 8px 5px 8px;
- color: #FFFFFF;
-}
-ul#tabnav li.tabact {
- float: left;
- background-color: #EEEEEE;
- color: #000000;
- padding: 5px 8px 5px 8px;
- white-space: nowrap;
-}
-.tabcont {
- background-color: #EEEEEE;
- padding-right: 12px;
- padding-left: 12px;
- padding-top: 12px;
- padding-bottom: 12px;
-}
-.tabact {
- float: left;
- background-color: #EEEEEE;
- color: #000000;
- padding: 5px 8px 5px 8px;
- white-space: nowrap;
-}
-.tabinact {
- font-weight: bold;
- float: left;
- border-left: 1px solid #999999;
- background-color: #777777;
- color: #FFFFFF;
- padding: 0;
- white-space: nowrap;
-}
-.menu {
- background-color: #000000;
- white-space: nowrap;
- padding: 0px 5px 0px 5px;
- width: 100%;
- vertical-align: top;
-}
-
-
-/* Auto Complete Suggestions */
-div.suggestions {
- -moz-box-sizing: border-box;
- /* box-sizing: border-box; */
- border: 1px solid black;
- position: absolute;
- background-color: #990000;
- color: #FFF;
-}
-
-div.suggestions div {
- cursor: default;
- padding: 0px 3px;
- background-color: #990000;
- color: #FFF;
-}
-
-div.suggestions div.current {
- background-color: #3366cc;
- color: #FFF;
-}
-/* End Auto Complete Suggestions */
-
-
-/* Nifty Corners Crap */
-.rtop,.artop{display:block}
-.rtop *,.artop *{display:block;height:1px;overflow:hidden;font-size:1px}
-.artop *{border-style: solid;border-width:0 1px}
-.r1,.rl1,.re1,.rel1{margin-left:5px}
-.r1,.rr1,.re1,.rer1{margin-right:5px}
-.r2,.rl2,.re2,.rel2,.ra1,.ral1{margin-left:3px}
-.r2,.rr2,.re2,.rer2,.ra1,.rar1{margin-right:3px}
-.r3,.rl3,.re3,.rel3,.ra2,.ral2,.rs1,.rsl1,.res1,.resl1{margin-left:2px}
-.r3,.rr3,.re3,.rer3,.ra2,.rar2,.rs1,.rsr1,.res1,.resr1{margin-right:2px}
-.r4,.rl4,.rs2,.rsl2,.re4,.rel4,.ra3,.ral3,.ras1,.rasl1,.res2,.resl2{margin-left:1px}
-.r4,.rr4,.rs2,.rsr2,.re4,.rer4,.ra3,.rar3,.ras1,.rasr1,.res2,.resr2{margin-right:1px}
-.rx1,.rxl1{border-left-width:5px}
-.rx1,.rxr1{border-right-width:5px}
-.rx2,.rxl2{border-left-width:3px}
-.rx2,.rxr2{border-right-width:3px}
-.re2,.rel2,.ra1,.ral1,.rx3,.rxl3,.rxs1,.rxsl1{border-left-width:2px}
-.re2,.rer2,.ra1,.rar1,.rx3,.rxr3,.rxs1,.rxsr1{border-right-width:2px}
-.rxl1,.rxl2,.rxl3,.rxl4,.rxsl1,.rxsl2,.ral1,.ral2,.ral3,.ral4,.rasl1,.rasl2{border-right-width:0}
-.rxr1,.rxr2,.rxr3,.rxr4,.rxsr1,.rxsr2,.rar1,.rar2,.rar3,.rar4,.rasr1,.rasr2{border-left-width:0}
-.r4,.rl4,.rr4,.re4,.rel4,.rer4,.ra4,.rar4,.ral4,.rx4,.rxl4,.rxr4{height:2px}
-.rer1,.rel1,.re1,.res1,.resl1,.resr1{border-width:1px 0 0;height:0px !important;height /**/:1px}
-/* End Nifty Corners Crap */
-
-
-
-/* CSS for Dynamic Log Viewer */
-/* Author: Erik Kristensen */
-div#log div.log-entry {
- clear: both;
-}
-
-div#log div.log-entry span,
-div#log div.log-header span {
- padding: 3px 2px 3px 2px;
- padding-left: 8px;
-}
-
-div#log div.log-entry span.log-action {
- padding-bottom: 6px;
- padding-left: 5px;
- padding-right: 5px;
-}
-
-div#log div.log-header span {
- border-top: 1px solid #999;
- background-color: #bbb;
- font-weight: bold;
- text-align: left;
-}
-
-div#log span.log-action,
-div#log span.log-time,
-div#log span.log-interface,
-div#log span.log-source,
-div#log span.log-destination,
-div#log span.log-protocol {
- float: left;
- text-align: left;
- border-left: 1px solid #999;
- border-bottom: 1px solid #999;
-}
-
-div#log span.log-general {
-
-}
-
-div#log span.log-protocol {
- border-right: 1px solid #999;
-}
-
-div#log span.log-action {
- width: 2em;
- text-align: center;
-}
-
-div#log span.log-time {
- width: 12.5em;
-}
-
-div#log span.log-interface {
- width: 5em;
-}
-
-div#log span.log-source,
-div#log span.log-destination {
- width: 17.6em;
-}
-
-div#log span.log-protocol {
- width: 5.5em;
-}
-/* END CSS FOR DYNAMIC LOG VIEWER */
-
-#login {
- background: #cccccc;
- border: 0px solid #666666;
- margin: 5em auto;
- padding: 0em;
- width: 340px;
-}
-
-#login h1 {
- background: url(images/misc/logon.png) no-repeat top left;
- margin-top: 0;
- display: block;
- text-indent: -1000px;
- height: 50px;
- border-bottom: none;
-}
-
-#login p {
- font-size: 1em;
- font-weight: bold;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login span {
- font-size: 1em;
- font-weight: bold;
- width: 20%;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login p#text {
- font-size: 1em;
- font-weight: normal;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
-
-#login #username, #password {
- font-size: 1em;
- width: 60%;
- padding: 3px;
- margin: 0em;
-}
-
-#login #submit {
- font-size: 1em;
- font-weight: bold;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
-}
+/* Element CSS Definitions */ +html, body, td, th, input, select { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 0.9em; + +} + +/* please adjust the bgcolor to be used together with niftycorners! */ +.rtop, .artop { + background-color: #5f0406; +} + +div.GraphLink { + position: relative; +} + +span.GraphLinkLine { + position: absolute; + background-color: #990000; + width: 100%; +} + +/* DOM Tooltip CSS definitions */ +div.niceTitle +{ + background-color: #333333; + color: #FFFFFF; + border-bottom: 1px dotted #FFFFFF; + font-weight: bold; + font-size: 13px; + font-family: "Trebuchet MS", sans-serif; + width: 250px; + left: 0; + top: 0; + padding: 4px; + position: absolute; + text-align: left; + z-index: 20; + -moz-border-radius: 0 10px 10px 10px; + filter: progid:DXImageTransform.Microsoft.Alpha(opacity=87); + -moz-opacity: .87; + -khtml-opacity: .87; + opacity: .87; +} +div.niceTitle h1 +{ + background: #990000; + border-bottom: 1px dotted #FFFFFF; + font-weight: bold; + font-size: 13px; + font-family: "Trebuchet MS", sans-serif; + margin: 3px; + padding-top: 1px; + padding-bottom: 1px; + padding-left: 3px; + text-align: left; + left: 0; + top: 0; + -moz-border-radius: 0 8px 0 0; + -moz-opacity: 1; +} +div.niceTitle .contents +{ + margin: 0; + padding: 0 3px; + filter: progid:DXImageTransform.Microsoft.Alpha(opacity=100); + -moz-opacity: 1; + -khtml-opacity: 1; + opacity: 1; +} +div.niceTitle p +{ + background: #FFFFFF; + border: 1px solid #990000; + color: #000000; + font-size: 9px; + padding: 5px; + margin: 3px; + text-align: left; + -moz-opacity: 1; + -moz-border-radius: 0 0 8px 8px; +} + +body { + margin: 0px auto; + background: url('images/logon-background.gif') no-repeat; + background-position : center 0px; + background-color: #4a0203; +} + +form { + margin: 0px; +} +a { + text-decoration: none; +} +form input { + font-size: 1.1em; +} + +iframe { + z-index: 1; + border: 1px dashed #990000; +} +.iframe { + background-color: #FFFFFF; +} + +/* ID Based CSS Definitions */ +#wrapper { + width: 810px; + margin: 0px auto; +} + +#header { + background: url('images/header.png') no-repeat; + background-position: 0px; + height: 102px; + width: 810px; + margin-bottom: 5px; + z-index: 2; +} +#header-left { + position: relative; + /* background: url('images/logo.gif') no-repeat; */ + background-position: center; + height: 65px; + width: 145px; + left: 10px; + float: left; +} +#header-left #status-link { + position: relative; + top: 10px; + left: 6px; +} +#header-right { + position: relative; + /* background: url('images/header.gif') no-repeat; */ + height: 70px; + color: #fff; + left: 0px; + margin-left: 165px; +} +#header-right .alert { + position: relative; + /* background: url('images/alert.gif') no-repeat; */ + background-position: 4px 2px; + color: #fff; + height: 17px; + width: 500px; + padding: 4px; + padding-left: 27px; + float: left; +} +#header-right .container { + position: relative; +} +#header-right .container .left { + position: relative; + float: left; + font-size: 1.3em; + font-weight: bold; + top: 15px; + left: 4px; + display: none; +} +#header-right .container .right { + position: relative; + float: right; + top: 22px; + padding-right: 4px; + z-index: 1; +} + +#header-right .container .right #alerts { + position: relative; + background: url('images/alert_bgr.png') no-repeat; + height: 39px; + width: 431px; + z-index: 1; + padding-top: 20px; + padding-left: 5px; + margin: 0px; +} +#header-right .container .right #hostname { + position: relative; + height: 39px; + width: 431px; + z-index: 1; + padding-left: 5px; + margin: 0px; + top: 25px; + left: 230px; + font-size: 14px; + color: #cccccc; + font-weight: bold; +} + + + +table#marquee { + position: relative; + top: -6px; + left: -5px; + border: 0; + padding: 0; + margin: 0; + width: 424px; + background-color: transparent; + padding: 2px; + border: 0px; +} +span#marquee-container { + position: absolute; + visibility: hidden; + top: -100px; + left: -10000px; +} +div#marquee-text { + font-size: 1.18em; + font-weight: normal; + font-family: Verdana; + color: #ffffff; +} +table#marquee div#container { + position: relative; + overflow: hidden; + width: 418px; + height: 20px; +} +table#marquee div#container div#scroller { + position: absolute; + left: 0px; + top: 0px; +} + + + + + +#content { + position: relative; + top: -15px; + left: 0px; + margin-top: 0px; + margin-left: 0px; + padding-top: 0px; + width: 810px; + background-color: #ffffff; +} + +#left { + width: 810px; + height: 1px; +} +#right { + position: relative; + top: -10px; + width: 770px; + margin-top: 0px; + margin-left: 5px; + margin-right: 5px; + padding-top: 5px; + padding-left: 10px; + padding-right: 10px; + padding-bottom: 20px; + min-height: 400px; +} + +#footer { + position: relative; + background: url('images/footer.png') no-repeat; + top: -18px; + left: 0px; + width: 810px; + height: 75px; + color: #ffffff; + text-align: center;; + font-size: 0.9em; + padding-top: 17px; + margin-bottom: 20px; + clear: both; +} +#footer p { + padding: 0px; + margin: 0px; +} + +/* Style the List */ +#navigation { + /* background: url('images/menu.gif') no-repeat; */ + /* width: 693px; */ + position: relative; + top: -25px; + left: 3px; + width: 810px; + padding: 0px; + height: 28px; + z-index: 3; +} +#navigation ul { + padding: 0; + margin: 0; + list-style: none; + text-align: center; +} +#navigation ul#menu { + padding-top: 3px; + padding-left: 5px; +} + +/* Style the List Elements */ +#navigation ul li { + float: left; + position: relative; + /* width: 7.5em; */ + width: 8.77em; +} +#navigation ul li div { + font-size: 1em; + font-weight: bold; +} +/* Make the List inside the List Elements */ +/* initially hidden with absolute position */ +#navigation ul li ul { + display: none; + position: absolute; + top: 2em; + left: -2px; + width: 9em; + font-weight: normal; + background: transparent bottom left no-repeat; /* This is key to making the menu maintain visibility when not on a link */ + /* background-color: #202020; + background: url("images/menu_footer.gif") no-repeat; + background-position: bottom; + */ + padding: 0em 0 0.4em 0; + padding-top: 0.3em; +} +/* to override top and left in browsers other than IE */ +/* which will position to the top right of the containing */ +/* li, rather than bottom left */ +#navigation ul li > ul { + top: auto; + left: auto; + left: -1px !important; +} +/* Show initial drop down upon mouse over, but do not show */ +/* nested side drop menus within listed elements */ +#navigation ul li:hover ul { + display: block; + cursor: pointer; +} +#navigation ul li:hover { + cursor: pointer; + cursor: pointer; +} +#navigation ul li:hover div { + text-decoration: none; +} + +#navigation ul li { + background-color: transparent; + color: #FFF; +} +#navigation ul li ul li { + border: 1px solid #990000; + width: 8.8em; + height: 1.6em; + line-height: 1.6em; + background-color: #990000; + color: #FFF; +} +#navigation ul li ul li:hover { + background-color: #666666; +} + +#navigation li li a { + display: block; + padding-left: 10px; + padding-right: 10px; +} + +#navigation ul li ul li a.navlnk:hover { + text-decoration: none; +} +#navigation ul li.first { + border-right: 0px; +} +#navigation ul li.middle { + border-right: 0px; +} +#navigation ul li.last { + +} + +#navigation ul li.dropfirst { + border-bottom: 0px; +} +#navigation ul li.dropmiddle { + border-bottom: 0px; +} +#navigation ul li.droplast { +} + +#wzdtabcont { + float: left; + background-color: #FFFFFF; + color: #000000; + padding: 0; +} + +ul#wzdnav { + font-size: 0.96em; + float: left; + width: 14.5em; + margin: 0; + padding-left: 18px; +} + +ul#wzdnav li { + list-style: none; + margin: 0; + padding-bottom: 0.2em; + padding-left: 0; +} + +ul#wzdnav a { + display: block; + padding: 0.3em; + font-weight: normal; +} + +#wzdnavbold a { + display: block; + padding: 0.3em; + font-weight: bold ! important; +} + +ul#wzdnav a:link { + color: black; + background-color: #eee; +} + +ul#wzdnav a:visited { + color: #666; + background-color: #eee; +} + +ul#wzdnav a:hover { + color: black; + background-color: white; +} + +ul#wzdnav a:active { + color: white; + background-color: gray; +} + +#graph { + position: relative; + z-index: 10; +} + +#logoutbtn { + position: absolute; + left: 95%; + vertical-align: middle; +} + + +#graph { + position: relative; + z-index: 10; +} + + + +/* Class Based CSS Definitions */ +.pgtitle { + font-size: 18px; + color: #777777; + font-weight: bold; +} +.tfrtitle { + font-size: 18px; + color: #ffffff; + font-weight: bold; +} +.vncell { + background-color: #DDDDDD; + padding-right: 20px; + padding-left: 8px; + border-bottom: 1px solid #999999; +} +.formfld { + padding-left: 19px; + font-size: small; +} +.formselect { + font-size: 1.0em; +} +.langopt { + padding-left: 34px; + padding-top: 2px; + padding-bottom: 2px; +} +.saved { + /* background: url('/themes/nione/images/icons/icon_wzd_saved.png') no-repeat 0 1px #FFFFFF; */ + list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_saved.png') ! important; +} +.notsaved { + /* background: url('/themes/nione/images/icons/icon_wzd_nsaved.png') no-repeat 0 1px #FFFFFF; */ + list-style-image: url('/themes/nervecenter/images/icons/icon_wzd_nsaved.png') ! important; +} +.en { + background: url('/themes/nervecenter/images/icons/icon_flag_en.png') no-repeat 0 1px #FFFFFF; +} +.de { + background: url('/themes/nervecenter/images/icons/icon_flag_de.png') no-repeat 0 1px #FFFFFF; +} +.es { + background: url('/themes/nervecenter/images/icons/icon_flag_es.png') no-repeat 0 1px #FFFFFF; +} +.pt_BR { + background: url('/themes/nervecenter/images/icons/icon_flag_pt_BR.png') no-repeat 0 1px #FFFFFF; +} +.host { + background: url('/themes/nervecenter/images/icons/icon_frmfld_host.png') no-repeat 0 1px #FFFFFF; +} +.search { + background: url('/themes/nervecenter/images/icons/icon_frmfld_search.png') no-repeat 0 1px #FFFFFF; +} +.file { + background: url('/themes/nervecenter/images/icons/icon_frmfld_file.png') no-repeat 0 1px #FFFFFF; +} +.mail { + background: url('/themes/nervecenter/images/icons/icon_frmfld_mail.png') no-repeat 0 1px #FFFFFF; +} +.imp { + background: url('/themes/nervecenter/images/icons/icon_frmfld_imp.png') no-repeat 0 1px #FFFFFF; +} +.pwd { + background: url('/themes/nervecenter/images/icons/icon_frmfld_pwd.png') no-repeat 0 1px #FFFFFF; +} +.user { + background: url('/themes/nervecenter/images/icons/icon_frmfld_user.png') no-repeat 0 1px #FFFFFF ; +} +.group { + background: url('/themes/nervecenter/images/icons/icon_frmfld_group.png') no-repeat 0 1px #FFFFFF; +} +.url { + background: url('/themes/nervecenter/images/icons/icon_frmfld_url.png') no-repeat 0 1px #FFFFFF; +} +.time { + background: url('/themes/nervecenter/images/icons/icon_frmfld_time.png') no-repeat 0 1px #FFFFFF; +} +.unknown { + background: url('/themes/nervecenter/images/icons/icon_frmfld_unknown.png') no-repeat 0 1px #FFFFFF; +} +.formfld_cert { + background: url('/themes/nervecenter/images/icons/icon_frmfld_cert.png') no-repeat 0 1px #FFFFFF; + padding-left: 28px; + font-family: Courier New, Courier, monospaced; + font-size: 11px; +} +.formfldalias { + background-color: #990000; + color: #FFFFFF; +} +.formpre { + font-family: Courier New, Courier, monospaced; + font-size: 10px; +} +.formbtn { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 13px; + font-weight: bold; +} +.formbtns { + font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; + font-size: 10px; + font-weight: bold; +} +.vvcell { + background-color: #FFFFC6; +} +.errmsg { + font-weight: bold; + color: #CC0000; +} +.red { + color: #CC0000; +} +.gray { + color: #A0A0A0; +} +.vexpl { + font-size: 11px; +} +.navlnk { + color: #FFFFFF; + text-decoration: none; + font-size: 13px; +} +.navlnks { + color: #FFFFFF; + text-decoration: none; + font-size: 11px; +} +.redlnk { + color: #990000; + text-decoration: none; +} +.tblnk { + color: #FFFFFF; + text-decoration: none; +} +.vncellreq { + background-color: #DDDDDD; + padding-right: 20px; + padding-left: 8px; + font-weight: bold; + border-bottom: 1px solid #999999; +} +.vncellt { + background-color: #DDDDDD; + padding-right: 20px; + padding-left: 8px; + padding-top: 4px; + padding-bottom: 4px; + font-weight: bold; + border-bottom: 1px solid #999999; +} +.vtable { + border-bottom: 1px solid #999999; +} +.vnsepcell { + background-color: #BBBBBB; + padding-right: 20px; + padding-left: 8px; + font-weight: bold; + border-bottom: 1px solid #999999; + font-size: 11px; +} +.cpline { + font-size: 11px; + color: #FFFFFF; +} +.hostname { + font-size: 11px; + color: #990000; + font-weight: bold; +} +.vnsepcellr { + background-color: #BBBBBB; + padding-right: 20px; + padding-left: 8px; + font-weight: bold; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; +} +.listr { + background-color: #FFFFFF; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-right: 6px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listrpad { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-right: 16px; + padding-left: 10px; + padding-top: 8px; + padding-bottom: 8px; +} +.listn { + font-size: 11px; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listbg { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + background-color: #990000; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listbggrey { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + background-color: #999999; + padding-right: 16px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listhdr { + background-color: #BBBBBB; + padding-right: 16px; + padding-left: 6px; + font-weight: bold; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-top: 5px; + padding-bottom: 5px; +} +.listhdr a { + color: #000000; +} +.listhdrr { + background-color: #BBBBBB; + padding-right: 16px; + padding-left: 6px; + font-weight: bold; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + padding-top: 5px; + padding-bottom: 5px; +} +.listhdrr a { + color: #000000; +} +.listlr { + background-color: #FFFFFF; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + border-left: 1px solid #999999; + font-size: 11px; + padding-right: 6px; + padding-left: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +.listlrns { + background-color: #FFFFFF; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + border-left: 1px solid #999999; + font-size: 11px; + padding-top: 4px; + padding-bottom: 4px; +} +.list { + font-size: 11px; + padding-left: 6px; + padding-top: 2px; + padding-bottom: 2px; +} +.listt { + font-size: 11px; + padding-top: 5px; +} +.listhdrrns { + background-color: #BBBBBB; + padding-left: 6px; + padding-top: 5px; + padding-bottom: 5px; + padding-right: 6px; + font-weight: bold; + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; +} +.listbgns { + border-right: 1px solid #999999; + border-bottom: 1px solid #999999; + font-size: 11px; + background-color: #D9DEE8; + padding-left: 6px; + padding-right: 4px; + padding-top: 4px; + padding-bottom: 4px; +} +.listtopic { + border-right: 1px solid #999999; + font-size: 11px; + background-color: #990000; + padding-right: 16px; + padding-left: 6px; + color: #FFFFFF; + font-weight: bold; + padding-top: 5px; + padding-bottom: 5px; +} +.optsect_t { + border-right: 1px solid #999999; + background-color: #990000; + padding-right: 6px; + padding-left: 6px; + padding-top: 2px; + padding-bottom: 2px; +} +.optsect_s { + font-size: 11px; + color: #FFFFFF; + font-weight: bold; +} +.tabnavtbl { +} + + +/* MISC CSS Definitions */ +ul#tabnav { + font-size: 11px; + font-weight: bold; + list-style-type: none; + margin: 0; + padding: 0; +} +ul#tabnav li.tabinact1 { + float: left; + background-color: #777777; + color: #FFFFFF; + padding: 0; + white-space: nowrap; +} +ul#tabnav li.tabinact { + float: left; + border-left: 1px solid #999999; + background-color: #777777; + color: #FFFFFF; + padding: 0; + white-space: nowrap; +} +ul#tabnav li.tabinact a { + float: left; + display: block; + text-decoration: none; + padding: 5px 8px 5px 8px; + color: #FFFFFF; +} +ul#tabnav li.tabinact1 a { + float: left; + display: block; + text-decoration: none; + padding: 5px 8px 5px 8px; + color: #FFFFFF; +} +ul#tabnav li.tabact { + float: left; + background-color: #EEEEEE; + color: #000000; + padding: 5px 8px 5px 8px; + white-space: nowrap; +} +.tabcont { + background-color: #EEEEEE; + padding-right: 12px; + padding-left: 12px; + padding-top: 12px; + padding-bottom: 12px; +} +.tabact { + float: left; + background-color: #EEEEEE; + color: #000000; + padding: 5px 8px 5px 8px; + white-space: nowrap; +} +.tabinact { + font-weight: bold; + float: left; + border-left: 1px solid #999999; + background-color: #777777; + color: #FFFFFF; + padding: 0; + white-space: nowrap; +} +.menu { + background-color: #000000; + white-space: nowrap; + padding: 0px 5px 0px 5px; + width: 100%; + vertical-align: top; +} + + +/* Auto Complete Suggestions */ +div.suggestions { + -moz-box-sizing: border-box; + /* box-sizing: border-box; */ + border: 1px solid black; + position: absolute; + background-color: #990000; + color: #FFF; +} + +div.suggestions div { + cursor: default; + padding: 0px 3px; + background-color: #990000; + color: #FFF; +} + +div.suggestions div.current { + background-color: #3366cc; + color: #FFF; +} +/* End Auto Complete Suggestions */ + + +/* Nifty Corners Crap */ +.rtop,.artop{display:block} +.rtop *,.artop *{display:block;height:1px;overflow:hidden;font-size:1px} +.artop *{border-style: solid;border-width:0 1px} +.r1,.rl1,.re1,.rel1{margin-left:5px} +.r1,.rr1,.re1,.rer1{margin-right:5px} +.r2,.rl2,.re2,.rel2,.ra1,.ral1{margin-left:3px} +.r2,.rr2,.re2,.rer2,.ra1,.rar1{margin-right:3px} +.r3,.rl3,.re3,.rel3,.ra2,.ral2,.rs1,.rsl1,.res1,.resl1{margin-left:2px} +.r3,.rr3,.re3,.rer3,.ra2,.rar2,.rs1,.rsr1,.res1,.resr1{margin-right:2px} +.r4,.rl4,.rs2,.rsl2,.re4,.rel4,.ra3,.ral3,.ras1,.rasl1,.res2,.resl2{margin-left:1px} +.r4,.rr4,.rs2,.rsr2,.re4,.rer4,.ra3,.rar3,.ras1,.rasr1,.res2,.resr2{margin-right:1px} +.rx1,.rxl1{border-left-width:5px} +.rx1,.rxr1{border-right-width:5px} +.rx2,.rxl2{border-left-width:3px} +.rx2,.rxr2{border-right-width:3px} +.re2,.rel2,.ra1,.ral1,.rx3,.rxl3,.rxs1,.rxsl1{border-left-width:2px} +.re2,.rer2,.ra1,.rar1,.rx3,.rxr3,.rxs1,.rxsr1{border-right-width:2px} +.rxl1,.rxl2,.rxl3,.rxl4,.rxsl1,.rxsl2,.ral1,.ral2,.ral3,.ral4,.rasl1,.rasl2{border-right-width:0} +.rxr1,.rxr2,.rxr3,.rxr4,.rxsr1,.rxsr2,.rar1,.rar2,.rar3,.rar4,.rasr1,.rasr2{border-left-width:0} +.r4,.rl4,.rr4,.re4,.rel4,.rer4,.ra4,.rar4,.ral4,.rx4,.rxl4,.rxr4{height:2px} +.rer1,.rel1,.re1,.res1,.resl1,.resr1{border-width:1px 0 0;height:0px !important;height /**/:1px} +/* End Nifty Corners Crap */ + + + +/* CSS for Dynamic Log Viewer */ +/* Author: Erik Kristensen */ +div#log div.log-entry { + clear: both; +} + +div#log div.log-entry span, +div#log div.log-header span { + padding: 3px 2px 3px 2px; + padding-left: 8px; +} + +div#log div.log-entry span.log-action { + padding-bottom: 6px; + padding-left: 5px; + padding-right: 5px; +} + +div#log div.log-header span { + border-top: 1px solid #999; + background-color: #bbb; + font-weight: bold; + text-align: left; +} + +div#log span.log-action, +div#log span.log-time, +div#log span.log-interface, +div#log span.log-source, +div#log span.log-destination, +div#log span.log-protocol { + float: left; + text-align: left; + border-left: 1px solid #999; + border-bottom: 1px solid #999; +} + +div#log span.log-general { + +} + +div#log span.log-protocol { + border-right: 1px solid #999; +} + +div#log span.log-action { + width: 2em; + text-align: center; +} + +div#log span.log-time { + width: 12.5em; +} + +div#log span.log-interface { + width: 5em; +} + +div#log span.log-source, +div#log span.log-destination { + width: 17.6em; +} + +div#log span.log-protocol { + width: 5.5em; +} +/* END CSS FOR DYNAMIC LOG VIEWER */ + +#login { + background: #cccccc; + border: 0px solid #666666; + margin: 5em auto; + padding: 0em; + width: 340px; +} + +#login h1 { + background: url(images/misc/logon.png) no-repeat top left; + margin-top: 0; + display: block; + text-indent: -1000px; + height: 50px; + border-bottom: none; +} + +#login p { + font-size: 1em; + font-weight: bold; + padding: 3px; + margin: 0em; + text-indent: 10px; +} + +#login span { + font-size: 1em; + font-weight: bold; + width: 20%; + padding: 3px; + margin: 0em; + text-indent: 10px; +} + +#login p#text { + font-size: 1em; + font-weight: normal; + padding: 3px; + margin: 0em; + text-indent: 10px; +} + +#login #username, #password { + font-size: 1em; + width: 60%; + padding: 3px; + margin: 0em; +} + +#login #submit { + font-size: 1em; + font-weight: bold; + padding: 3px; + margin: 0em; + text-indent: 10px; +} diff --git a/usr/local/www/themes/nervecenter/wizard.css b/usr/local/www/themes/nervecenter/wizard.css index b3a6ccb..4e0d048 100644 --- a/usr/local/www/themes/nervecenter/wizard.css +++ b/usr/local/www/themes/nervecenter/wizard.css @@ -487,6 +487,7 @@ ul#wzdnav a:active { border-bottom: 1px solid #999999; } .formfld { + padding-left: 19px; font-size: small; } .formselect { diff --git a/usr/local/www/themes/pfsense_ng/wizard.css b/usr/local/www/themes/pfsense_ng/wizard.css index b3a6ccb..4e0d048 100644 --- a/usr/local/www/themes/pfsense_ng/wizard.css +++ b/usr/local/www/themes/pfsense_ng/wizard.css @@ -487,6 +487,7 @@ ul#wzdnav a:active { border-bottom: 1px solid #999999; } .formfld { + padding-left: 19px; font-size: small; } .formselect { diff --git a/usr/local/www/themes/the_wall/wizard.css b/usr/local/www/themes/the_wall/wizard.css index b3a6ccb..4e0d048 100644 --- a/usr/local/www/themes/the_wall/wizard.css +++ b/usr/local/www/themes/the_wall/wizard.css @@ -487,6 +487,7 @@ ul#wzdnav a:active { border-bottom: 1px solid #999999; } .formfld { + padding-left: 19px; font-size: small; } .formselect { diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index fdf4af4..4f0d59d 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -112,6 +112,7 @@ if($_GET['act']=="edit"){ $pconfig['passtos'] = $a_server[$id]['passtos']; $pconfig['client2client'] = $a_server[$id]['client2client']; + $pconfig['dynamic_ip'] = $a_server[$id]['dynamic_ip']; $pconfig['pool_enable'] = $a_server[$id]['pool_enable']; $pconfig['dns_domain'] = $a_server[$id]['dns_domain']; @@ -299,6 +300,7 @@ if ($_POST) { $server['passtos'] = $pconfig['passtos']; $server['client2client'] = $pconfig['client2client']; + $server['dynamic_ip'] = $pconfig['dynamic_ip']; $server['pool_enable'] = $pconfig['pool_enable']; if ($pconfig['dns_domain_enable']) @@ -906,6 +908,24 @@ function netbios_change() { <td colspan="2" valign="top" class="listtopic">Client Settings</td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Dynamic IP</td> + <td width="78%" class="vtable"> + <table border="0" cellpadding="2" cellspacing="0"> + <tr> + <td> + <?php set_checked($pconfig['dynamic_ip'],$chk); ?> + <input name="dynamic_ip" type="checkbox" id="dynamic_ip" value="yes" <?=$chk;?>"> + </td> + <td> + <span class="vexpl"> + Allow connected clients to retain their connections if their IP address changes.<br> + </span> + </td> + </tr> + </table> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell">Address Pool</td> <td width="78%" class="vtable"> <table border="0" cellpadding="2" cellspacing="0"> diff --git a/usr/local/www/widgets/include/openvpn.inc b/usr/local/www/widgets/include/openvpn.inc new file mode 100644 index 0000000..075d0e5 --- /dev/null +++ b/usr/local/www/widgets/include/openvpn.inc @@ -0,0 +1,4 @@ +<?php +$openvpn_title = "OpenVPN"; +$openvpn_title_link = "status_openvpn.php"; +?>
\ No newline at end of file diff --git a/usr/local/www/widgets/widgets/openvpn.widget.php b/usr/local/www/widgets/widgets/openvpn.widget.php new file mode 100644 index 0000000..c17c144 --- /dev/null +++ b/usr/local/www/widgets/widgets/openvpn.widget.php @@ -0,0 +1,193 @@ +<?php +require_once("openvpn.inc"); + +/* Handle AJAX */ +if($_GET['action']) { + if($_GET['action'] == "kill") { + $port = $_GET['port']; + $remipp = $_GET['remipp']; + if (!empty($port) and !empty($remipp)) { + $retval = kill_client($port, $remipp); + echo htmlentities("|{$port}|{$remipp}|{$retval}|"); + } else { + echo "invalid input"; + } + exit; + } +} + + +function kill_client($port, $remipp) { + $tcpsrv = "tcp://127.0.0.1:{$port}"; + $errval; + $errstr; + + /* open a tcp connection to the management port of each server */ + $fp = @stream_socket_client($tcpsrv, $errval, $errstr, 1); + $killed = -1; + if ($fp) { + fputs($fp, "kill {$remipp}\n"); + while (!feof($fp)) { + $line = fgets($fp, 1024); + /* parse header list line */ + if (strpos($line, "INFO:")) + continue; + if (strpos($line, "UCCESS")) { + $killed = 0; + } + break; + } + fclose($fp); + } + return $killed; +} + +$servers = openvpn_get_active_servers(); +$clients = openvpn_get_active_clients(); +?> + +<script src="/javascript/sorttable.js" type="text/javascript"></script> +<br/> +<form action="status_openvpn.php" method="get" name="iform"> +<script type="text/javascript"> + function killClient(mport, remipp) { + var busy = function(icon) { + icon.onclick = ""; + icon.src = icon.src.replace("\.gif", "_d.gif"); + icon.style.cursor = "wait"; + } + + $A(document.getElementsByName("i:" + mport + ":" + remipp)).each(busy); + + new Ajax.Request( + "<?=$_SERVER['SCRIPT_NAME'];?>" + + "?action=kill&port=" + mport + "&remipp=" + remipp, + { method: "get", onComplete: killComplete } + ); + } + + function killComplete(req) { + var values = req.responseText.split("|"); + if(values[3] != "0") { + alert('<?=gettext("An error occurred.");?>' + ' (' + values[3] + ')'); + return; + } + + $A(document.getElementsByName("r:" + values[1] + ":" + values[2])).each( + function(row) { Effect.Fade(row, { duration: 1.0 }); } + ); + } +</script> + +<?php foreach ($servers as $server): ?> + +<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic"> + Client connections for <?=$server['name'];?> + </td> + </tr> + <tr> + <td> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Name/Time</td> + <td class="listhdrr">Real/Virtual IP</td> + </tr> + <?php foreach ($server['conns'] as $conn): ?> + <tr name='<?php echo "r:{$server['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$conn['common_name'];?> + </td> + <td class="listr"> + <?=$conn['remote_host'];?> + </td> + <td class='list' rowspan="2"> + <img src='/themes/<?php echo $g['theme']; ?>/images/icons/icon_x.gif' height='17' width='17' border='0' + onclick="killClient('<?php echo $server['port']; ?>', '<?php echo $conn['remote_host']; ?>');" style='cursor:pointer;' + name='<?php echo "i:{$server['port']}:{$conn['remote_host']}"; ?>' + title='Kill client connection from <?php echo $conn['remote_host']; ?>' alt='' /> + </td> + </tr> + <tr name='<?php echo "r:{$server['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$conn['connect_time'];?> + </td> + <td class="listr"> + <?=$conn['virtual_addr'];?> + </td> + </tr> + + <?php endforeach; ?> + <tr> + <td colspan="6" class="list" height="12"></td> + </tr> + + </table> + </td> + </tr> +</table> + +<?php endforeach; ?> +<br/> + + +<?php if (!empty($clients)) { ?> +<table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic"> + OpenVPN client instances statistics + </td> + </tr> + <tr> + <table style="padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px" class="tabcont sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr">Name/Time</td> + <td class="listhdrr">Remote/Virtual IP</td> + </tr> + +<?php foreach ($clients as $client): ?> + <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$client['name'];?> + </td> + <td class="listr"> + <?=$client['remote_host'];?> + </td> + <td rowspan="2" align="center"> + <?php + if ($client['status'] == "up") { + /* tunnel is up */ + $iconfn = "interface_up"; + } else { + /* tunnel is down */ + $iconfn = "interface_down"; + } + echo "<img src ='/themes/{$g['theme']}/images/icons/icon_{$iconfn}.gif'>"; + ?> + </td> + </tr> + <tr name='<?php echo "r:{$client['port']}:{$conn['remote_host']}"; ?>'> + <td class="listlr"> + <?=$client['connect_time'];?> + </td> + <td class="listr"> + <?=$client['virtual_addr'];?> + </td> + </tr> +<?php endforeach; ?> + </table> + </tr> +</table> + +<?php +} + +if ($DisplayNote) { + echo "<br/><b>NOTE:</b> You need to bind each OpenVPN client to enable its management daemon: use 'Local port' setting in the OpenVPN client screen"; +} + +if ((empty($clients)) && (empty($servers))) { + echo "No OpenVPN instance defined"; +} +?>
\ No newline at end of file diff --git a/usr/local/www/widgets/widgets/system_information.widget.php b/usr/local/www/widgets/widgets/system_information.widget.php index 9e58f1b..c9a6b65 100644 --- a/usr/local/www/widgets/widgets/system_information.widget.php +++ b/usr/local/www/widgets/widgets/system_information.widget.php @@ -95,12 +95,20 @@ $curcfg = $config['system']['firmware']; <?php endif; ?> <?php if ($g['platform'] == "nanobsd"): ?> <? - $BOOT_DEVICE=trim(`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`); - $REAL_BOOT_DEVICE=trim(`/sbin/glabel list | /usr/bin/grep -B2 ufs/{$BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`); + global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH; + global $GLABEL_SLICE, $UFS_ID, $OLD_UFS_ID, $BOOTFLASH; + global $BOOT_DEVICE, $REAL_BOOT_DEVICE, $BOOT_DRIVE, $ACTIVE_SLICE; + nanobsd_detect_slice_info(); ?> <tr> <td width="25%" class="vncellt">NanoBSD Boot Slice</td> - <td width="75%" class="listr"><?=htmlspecialchars($BOOT_DEVICE);?> / <?=htmlspecialchars($REAL_BOOT_DEVICE);?></td> + <td width="75%" class="listr"> + <?=htmlspecialchars($BOOT_DEVICE);?> / <?=htmlspecialchars($BOOTFLASH);?> + <?php if ($BOOTFLASH != $ACTIVE_SLICE): ?> + <br/><br/>Next Boot:<br/> + <?=htmlspecialchars($GLABEL_SLICE);?> / <?=htmlspecialchars($ACTIVE_SLICE);?> + <?php endif; ?> + </td> </tr> <?php endif; ?> <tr> diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index eea1a85..41189e1 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -271,10 +271,12 @@ function step9_submitphpaction() { $certnames = array(); $certcns = array(); - foreach($config['system']['cert'] as $cert) { - $certnames[] = $cert['name']; - $certinfo = cert_get_subject_hash($cert['crt']); - $certcns[] = $certinfo["CN"]; + if (is_array($config['system']['cert'])) { + foreach($config['system']['cert'] as $cert) { + $certnames[] = $cert['name']; + $certinfo = cert_get_subject_hash($cert['crt']); + $certcns[] = $certinfo["CN"]; + } } if (empty($_POST['name']) || empty($_POST['keylength']) || empty($_POST['lifetime']) || @@ -538,6 +540,8 @@ function step12_submitphpaction() { $server['passtos'] = $pconfig['step10']['tos']; if (isset($pconfig['step10']['interclient'])) $server['client2client'] = $pconfig['step10']['interclient']; + if (isset($pconfig['step10']['dynip'])) + $server['dynamic_ip'] = $pconfig['step10']['dynip']; if (isset($pconfig['step10']['addrpool'])) $server['pool_enable'] = $pconfig['step10']['addrpool']; if (isset($pconfig['step10']['defaultdomain'])) diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index 2bc6db1..bba38c8 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -757,6 +757,14 @@ <name>Client Settings</name> </field> <field> + <displayname>Dynamic IP</displayname> + <name>dynip</name> + <type>checkbox</type> + <value>on</value> + <description>Allow connected clients to retain their connections if their IP address changes.</description> + <bindstofield>ovpnserver->step10->dynip</bindstofield> + </field> + <field> <displayname>Address Pool</displayname> <name>addrpool</name> <type>checkbox</type> |