diff options
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_rules.php | 122 |
1 files changed, 64 insertions, 58 deletions
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 5021169..a8fe5a6 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -1,36 +1,35 @@ #!/usr/local/bin/php <?php /* - firewall_rules.php - Copyright (C) 2004, 2005 Scott Ullrich - All rights reserved. + firewall_rules.php + part of m0n0wall (http://m0n0.ch/wall) - Originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. - All rights reserved. + Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ +$pgtitle = array("Firewall", "Rules"); require("guiconfig.inc"); if (!is_array($config['filter']['rule'])) { @@ -53,23 +52,20 @@ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { } if (!$if || !isset($iflist[$if])) - $if = "lan"; + $if = "wan"; if ($_POST) { $pconfig = $_POST; if ($_POST['apply']) { - $retval = "Reboot is currently required."; + $retval = 0; if (!file_exists($d_sysrebootreqd_path)) { config_lock(); $retval = filter_configure(); config_unlock(); } - if(stristr($retval, "error") <> true) - $savemsg = get_std_save_message($retval); - else - $savemsg = $retval; + $savemsg = get_std_save_message($retval); if ($retval == 0) { if (file_exists($d_natconfdirty_path)) unlink($d_natconfdirty_path); @@ -100,7 +96,7 @@ if (isset($_POST['del_x'])) { } } else { /* yuck - IE won't send value attributes for image buttons, while Mozilla does - - so we use .x/.y to find move button clicks instead... */ + so we use .x/.y to fine move button clicks instead... */ unset($movebtn); foreach ($_POST as $pn => $pd) { if (preg_match("/move_(\d+)_x/", $pn, $matches)) { @@ -152,7 +148,6 @@ if (isset($_POST['del_x'])) { <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="gui.css" rel="stylesheet" type="text/css"> </head> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <p class="pgtitle">Firewall: Rules</p> @@ -172,7 +167,7 @@ function fr_bgcolor(id) { for (i = 2; i <= 6; i++) { cells[i].style.backgroundColor = checkbox.checked ? "#FFFFBB" : "#FFFFFF"; } - cells[7].style.backgroundColor = checkbox.checked ? "#FFFFBB" : "#D9DEE8"; + //cells[7].style.backgroundColor = checkbox.checked ? "#FFFFBB" : "#990000"; } function fr_insline(id, on) { var row = document.getElementById('fr' + id); @@ -187,9 +182,10 @@ function fr_insline(id, on) { for (i = 2; i <= 7; i++) { if (on) { - prevcells[i].style.borderBottom = "3px solid #999999"; + prevcells[i].style.borderBottom = "3px solid #990000"; prevcells[i].style.paddingBottom = (id != 0) ? 2 : 3; } else { + prevcells[i].style.borderBottom = "1px solid #999999"; prevcells[i].style.borderBottomWidth = "1px"; prevcells[i].style.paddingBottom = (id != 0) ? 4 : 5; } @@ -197,9 +193,10 @@ function fr_insline(id, on) { for (i = 2; i <= 7; i++) { if (on) { - cells[i].style.borderTop = "2px solid #999999"; + cells[i].style.borderTop = "2px solid #990000"; cells[i].style.paddingTop = 2; } else { + prevcells[i].style.borderBottom = "1px solid #999999"; cells[i].style.borderTopWidth = 0; cells[i].style.paddingTop = 4; } @@ -207,34 +204,36 @@ function fr_insline(id, on) { } // --> </script> +<form action="firewall_rules.php" method="post"> <?php if ($savemsg) print_info_box($savemsg); ?> <?php if (file_exists($d_filterconfdirty_path)): ?><p> <?php print_info_box_np("The firewall rule configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br> <input name="apply" type="submit" class="formbtn" id="apply" value="Apply changes"></p> <?php endif; ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> + <tr><td class="tabnavtbl"> <ul id="tabnav"> -<?php foreach ($iflist as $ifent => $ifname): +<?php $i = 0; foreach ($iflist as $ifent => $ifname): if ($ifent == $if): ?> <li class="tabact"><?=htmlspecialchars($ifname);?></li> <?php else: ?> - <li class="tabinact"><a href="firewall_rules.php?if=<?=$ifent;?>"><?=htmlspecialchars($ifname);?></a></li> + <li class="<?php if ($i == 0) echo "tabinact1"; else echo "tabinact";?>"><a href="firewall_rules.php?if=<?=$ifent;?>"><?=htmlspecialchars($ifname);?></a></li> <?php endif; ?> -<?php endforeach; ?> +<?php $i++; endforeach; ?> </ul> </td></tr> <tr> <td class="tabcont"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr id="frheader"> + <td width="3%" class="list"> </td> <td width="5%" class="list"> </td> <td width="10%" class="listhdrr">Proto</td> <td width="15%" class="listhdrr">Source</td> <td width="10%" class="listhdrr">Port</td> <td width="15%" class="listhdrr">Destination</td> <td width="10%" class="listhdrr">Port</td> - <td width="25%" class="listhdr">Description</td> + <td width="22%" class="listhdr">Description</td> <td width="10%" class="list"></td> </tr> <?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++): @@ -242,8 +241,9 @@ function fr_insline(id, on) { if ($filterent['interface'] != $if) continue; ?> - <tr valign="top"> - <td class="listt"> + <tr valign="top" id="fr<?=$nrules;?>"> + <td class="listt"><input type="checkbox" id="frc<?=$nrules;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nrules;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> + <td class="listt" align="center"> <?php if ($filterent['type'] == "block") $iconfn = "block"; else if ($filterent['type'] == "reject") { @@ -270,32 +270,32 @@ function fr_insline(id, on) { <br><img src="<?=$iconfn;?>.gif" width="11" height="15" border="0"> <?php endif; ?> </td> - <td class="listlr"> + <td class="listlr" onClick="fr_toggle(<?=$nrules;?>)"> <?=$textss;?><?php if (isset($filterent['protocol'])) echo strtoupper($filterent['protocol']); else echo "*"; ?><?=$textse;?> </td> - <td class="listr"> + <td class="listr" onClick="fr_toggle(<?=$nrules;?>)"> <?=$textss;?><?php echo htmlspecialchars(pprint_address($filterent['source'])); ?><?=$textse;?> </td> - <td class="listr"> + <td class="listr" onClick="fr_toggle(<?=$nrules;?>)"> <?=$textss;?><?php echo htmlspecialchars(pprint_port($filterent['source']['port'])); ?><?=$textse;?> </td> - <td class="listr"> + <td class="listr" onClick="fr_toggle(<?=$nrules;?>)"> <?=$textss;?><?php echo htmlspecialchars(pprint_address($filterent['destination'])); ?><?=$textse;?> </td> - <td class="listr"> + <td class="listr" onClick="fr_toggle(<?=$nrules;?>)"> <?=$textss;?><?php echo htmlspecialchars(pprint_port($filterent['destination']['port'])); ?><?=$textse;?> </td> - <td class="listbg"><font color="#FFFFFF"> + <td class="listbg" onClick="fr_toggle(<?=$nrules;?>)" bcolor="#990000"><font color="white"> <?=$textss;?><?=htmlspecialchars($filterent['descr']);?> <?=$textse;?> </td> <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> + <td><input name="move_<?=$i;?>" type="image" src="left.gif" width="17" height="17" title="move selected rules before this rule" onMouseOver="fr_insline(<?=$nrules;?>, true)" onMouseOut="fr_insline(<?=$nrules;?>, false)"></td> <td><a href="firewall_rules_edit.php?id=<?=$i;?>"><img src="e.gif" title="edit rule" width="17" height="17" border="0"></a></td> - <td align="center" valign="middle"><input type="checkbox" name="rule[]" value="<?=$i;?>" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> </tr> <tr> - <td><input onMouseOver="fr_insline(0, true)" onMouseOut="fr_insline(0, false)" name="move_<?=$i;?>" type="image" src="left.gif" width="17" height="17" title="move selected rules before this rule"></td> + <td align="center" valign="middle"></td> <td><a href="firewall_rules_edit.php?dup=<?=$i;?>"><img src="plus.gif" title="add a new rule based on this one" width="17" height="17" border="0"></a></td> </tr> </table> @@ -303,6 +303,7 @@ function fr_insline(id, on) { </tr> <?php $nrules++; endfor; ?> <?php if ($nrules == 0): ?> + <td class="listt"></td> <td class="listt"></td> <td class="listlr" colspan="6" align="center" valign="middle"> <span class="gray"> @@ -311,18 +312,25 @@ function fr_insline(id, on) { Click the <a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="plus.gif" title="add new rule" border="0" width="17" height="17" align="absmiddle"></a> button to add a new rule.</span> </td> <?php endif; ?> - <tr> - <td class="list" colspan="7"></td> + <tr id="fr<?=$nrules;?>"> + <td class="list"></td> + <td class="list"></td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> + <td class="list"> </td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> <td> - <?php if ($nrules == 0): ?><img src="left_d.gif" width="17" height="17" title="move selected rules to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="left.gif" width="17" height="17" title="move selected rules to end"><?php endif; ?></td> - <td><a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="plus.gif" title="add new rule" width="17" height="17" border="0"></a></td> + <?php if ($nrules == 0): ?><img src="left_d.gif" width="17" height="17" title="move selected rules to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="left.gif" width="17" height="17" title="move selected rules to end" onMouseOver="fr_insline(<?=$nrules;?>, true)" onMouseOut="fr_insline(<?=$nrules;?>, false)"><?php endif; ?></td> + <td></td> </tr> <tr> <td><?php if ($nrules == 0): ?><img src="x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?><input name="del" type="image" src="x.gif" width="17" height="17" title="delete selected rules" onclick="return confirm('Do you really want to delete the selected rules?')"><?php endif; ?></td> - <td></td> + <td><a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="plus.gif" title="add new rule" width="17" height="17" border="0"></a></td> </tr> </table> </td> @@ -364,13 +372,11 @@ function fr_insline(id, on) { </table> <p> <strong><span class="red">Hint:<br> - </span></strong>rules are evaluated on a first-match basis (i.e. + </span></strong>Rules are evaluated on a first-match basis (i.e. the action of the first rule to match a packet will be executed). This means that if you use block rules, you'll have to pay attention to the rule order. Everything that isn't explicitly passed is blocked by default.</p> -<input type="hidden" name="if" value="<?=$if;?>"> + <input type="hidden" name="if" value="<?=$if;?>"> </form> <?php include("fend.inc"); ?> -</body> -</html> |