summaryrefslogtreecommitdiffstats
path: root/src/usr/local/www/firewall_rules_edit.php
Commit message (Collapse)AuthorAgeFilesLines
* Make consistent rule information sectionPhil Davis2017-06-211-22/+2
| | | | | (cherry picked from commit f0dc8b688c2b7d973bc18769579ee8cc6d3d2dad) (cherry picked from commit 4c4504b1e785396d92be853072a9c557c55b3c4a)
* Add underscores to is_port* function namesPhil Davis2017-03-271-4/+4
| | | | (cherry picked from commit 593e9fe32d2959cd823fe5da55714ccfb9a0e958)
* Do not enforce a max limit on state timeout when editing a firewall rule. ↵jim-p2017-03-061-1/+1
| | | | Fixes #7356
* Adjust fix for ticket #7294 for 2.3.x, it used a setHelp change that was ↵jim-p2017-03-031-3/+4
| | | | only valid on 2.4.
* Fix 7294 keep full rule descriptionPhil Davis2017-03-021-2/+5
| | | | | Signed-off-by: Phil Davis <phil.davis@inf.org> (cherry picked from commit 680e15baef76a9c598d52d3f2b9ab498077336a8)
* Fix #7300 provide default value for ipprotocol for old rulesPhil Davis2017-02-261-0/+2
|
* Breadcrumb linksPhil Davis2017-02-111-0/+9
| | | | (cherry picked from commit edcd75357f0e93b124159314d3306197d5312e6c)
* Revise setHelpText to accommodate required fieldsSteve Beaver2017-02-101-5/+0
|
* Required fields for firewall*.phpPhil Davis2017-01-301-7/+7
| | | | (cherry picked from commit 8a1b5c561f93611b711eb4e7b58ccb4990577d8e)
* firewall_rules_edit stop Floating field displayingPhil Davis2017-01-041-1/+1
| | | | | | Seems to fix https://redmine.pfsense.org/issues/7057 But I have not looked underneath the hood - just copied the way other hidden fields are done in that code. (cherry picked from commit 76895c7f1d77c8e17913a3ddf87636fc4d50058d)
* Fix #7059 Set expected icmptypes formatPhil Davis2017-01-021-0/+6
| | | | | icmptype is a comma-separated list in the config. When attempting to save, the array in $_POST['icmptype'] needs to be put into this format in $pconfig in case there are input errors and the user-entered data need to be re-displayed for correction. (cherry picked from commit 23057964d81019e8ed3adc944c77ca8a1a9c178f)
* Remove redundant gettext() in firewall_rules_editPhil Davis2017-01-021-2/+2
| | | | | The 'helpmsg' here is already translated with gettext() when the 'helpmsg' array entries are set up, so IMHO there is no need to attempt translation again. (cherry picked from commit cffe1271c962ac9159c43fd214c735ceb4b5e1b8)
* firewall_rules_edit whitespacePhil Davis2017-01-021-7/+7
| | | | (cherry picked from commit da391430080cb0e1b2054c6f676c9c678164f957)
* capitalise "Any"stilez2016-12-301-1/+1
| | | | (cherry picked from commit b1cff5815344220340a218938cd7f3df64687203)
* "Any" moved to top of list in new blank rulesstilez2016-12-301-1/+2
| | | | | | | @jim-p wanted this split out from PR 3159 as it wasn't related to that PR. Puts "any" at the logical place people look for it (top of list not 2/3 down it at random) while ensuring that for new rules default is tcp and extra ports etc fields are visible. (cherry picked from commit e9b3d2c3bfc3e91ac59901ca28d0620f7bb7b50f)
* Remove and replace white spacesstilez2016-12-301-4/+4
| | | | | Safari doesn't seem to have editing issues (or else they very quickly fixed it). Removed all white spaces and re-entered, hopefully this fixes any incorrect extraneous characters that existed? If not you'll have to let me know where exactly they are. (cherry picked from commit d4b2ebaeb2fa2dcc635d061891aa858f8c16d407)
* Put back "any" in same place it came from in dropdownstilez2016-12-301-1/+1
| | | | (cherry picked from commit 43a0cf73f2c2f951b9a1c5e777551de1b82c25f2)
* revert protocol order change (unrelated to PR)stilez2016-12-301-2/+1
| | | | | Will pu in separate PR afterwards as requested (cherry picked from commit 86554b5aecb1d219e2f72c97b14de8b5fef495aa)
* Data sanitation - check IP protocol in form datastilez2016-12-301-0/+4
| | | | | Code doesn't seem to check that IP protocol is valid (IPv4/6/4+6) or report via $input_errors[] if not. Simple fix. Only spotted recently. Should be fixed whatever else? (cherry picked from commit 202e23a81613c5810679e9b119ad4cc53977dbea)
* Alternate fix for jim-p's point that seems to resolve everything neatlystilez2016-12-301-0/+1
| | | | | | | | | | | | | @jim-p commented on the PR that: > This change is unwarranted. The protocol default should remain TCP, it is set that way on purpose (otherwise people get confused by the lack of port options being visible). It's also not relevant to the other changes being made on this PR. An alternate fix for jim-p's point. this only affects creating new rules and I take the point. I found this a much better fix (AFAICS). It seems to resolve all issues neatly. Proposed fix: leave "any" at the top of the list as that's the logical place people almost always look for it if they want it, _but set the default proto to tcp for new rules_ so that ports and other expected items are displayed by default too. After all, the default protocol is only relevant for showing tcp and ports fields, when a new blank rule is created (obvious: if the rule exists it would display the protocol in the existing rule). @jim-p can you try this as a fix, and see if it would be acceptable for resolving your point? (cherry picked from commit 8afd8c0409a9ed246a244e7a1dbdcb2ad627434b)
* Fix the Safari issue mentioned by @gargaJared Dillard2016-12-301-1/+7
| | | | | | | https://github.com/pfsense/pfsense/pull/3139#pullrequestreview-156718 I ended up having to remove the select element and re-create it (along with the options) in order to get around what appears to be a bug in Safari. (cherry picked from commit 9d4da801ebd426db89b515a9d12d3eb389898b62)
* Bugfixesstilez2016-12-301-15/+7
| | | | | | | 1. On creating a new rule, $pconfig['ipprotocol'] is undefined, rather than defaults to what is seen in GUI (IPv4). Form generation logic for the ICMPType list box can't rely on a good value. It was fixed late here and missed when copying changes to Github. Very likely responsible for above issue by @rbgarga . Please confirm if this fixes it for you. On the off-chance that it still doesn't, can you let me know if _editing an existing rule_ works, which will help. 2. Reordering #proto options affects JS logic, because JS uses index() to identify which protocol is selected. Generally I feel this isn't the best practice, if the value is what matters then it's better and easier to review, if the code references the value itself (.val()) not the position in the list which could change (.index()). That said, I should have spotted this anyway. (cherry picked from commit 640462d20b4d06b8ba14b9ce300c218b14998aef)
* Improve icmptype input sanitisingstilez2016-12-301-13/+22
| | | | (cherry picked from commit 0e782e9f576aee02d4e2e5147e24bc5def261355)
* Enhance ICMP type handling in rulesstilez2016-12-301-50/+105
| | | | | See main PR for details (cherry picked from commit 7a4b11b6a495ddc747db5e44f5a62891ef86398c)
* Form_IpAddress add types remove patternsPhil Davis2016-12-271-2/+3
| | | | | | | | | | | | 1) Add alias and host types to Form_IpAddress with the appropriate hover text. 2) Remove the patterns - the UI of those is not so effective anyway, so leave the validation of input to the back end. 3) Update uses of Form_IpAddress to use the appropriate Alias or Host type as needed. 4) Remove explicit setPattern() from those uses of Form_IpAddress. (cherry picked from commit 45541aae63596ea28aa18c84b65946bce6adbffd)
* Fix copy/paste error in variable test.jim-p2016-12-091-2/+2
|
* Keep the rule type selection after input errors on firewall rulePhil Davis2016-11-251-1/+4
| | | | | | | | | | | | | If the user: a) Edit a firewall rule b) Select "single host or alias" c) Enter an invalid IP address that is not an alias d) Press "Save" The error is displayed "1.2.3.999 is not a valid source IP address or alias" But note that the rule type dropdown has changed to "Network". In the case where there is $_POST data, we do not want to try and deduce the srctype or dsttype from the IP address in the src or dst field, because the value of that field could be the very invalid data that the user entered. We want to maintain the value of srctype or dsttype that the user selected and let them correct the error they made in typing the actual IP address. (cherry picked from commit 38ce4a18324aaceb76a976d08d0015bdc5be8bf7)
* Added addrtolower calls to force IPv6 addresses to lower caseSteve Beaver2016-11-221-2/+2
| | | | First of many
* Revert "Fix #6918 Allow aliases with capital letters in rules"Luiz Otavio O Souza2016-11-161-3/+2
| | | | | | This reverts commit 9444a281f051e11d5456cc37b2a3f56fc8a7bc33. (cherry picked from commit 9128641db5c9b6839163948f3f71ad139c7a4625)
* Fix #6918 Allow aliases with capital letters in rulesPhil Davis2016-11-141-2/+3
| | | | | | | | | | Expand the types of Form_IpAddress so that the caller can specify exactly what combination of IPv4, IPv6 address and alias is allowed for the field. Set the appropriate input pattern and hover help text. Only toLowercase() the entered value if it has a ":" in it - i.e. it looks like it is intended to be an IPv6 address (rather than an IPv4 or an alias name).
* Clarify source port warning when editing a firewall rule.jim-p2016-10-131-4/+4
|
* lowercasing and sprintf of setHelpstilez2016-10-121-2/+1
| | | | (cherry picked from commit 705679339705657832422f5fdc336b5e39d48b79)
* label src/dst incorrect - fixed (minor)stilez2016-10-121-1/+1
| | | | (cherry picked from commit a309ffa5cc1e8682bb083f9288f73f43a2a9c282)
* UI improvement - src port button label and src port help msgsstilez2016-10-121-18/+12
| | | | | | | | | 1. Rename "srcportadv" to "srcporttoggle" - not ideal to have 2 fields both labelled "advanced options". This presentation probably works nicer 2. Self-explanatory show/hide button itself doesn't need a label. (If srcports are shown, they will have a label as usual) 2. Move explanatory text about src port normally being un-needed to below src port, and simplify main help msgs. Mainly GUI text/labels improvement (cherry picked from commit d99ceeac154627d2cfce94b51f1fd7d56fa44f9b)
* Move copyright from ESF to NetgateRenato Botelho2016-09-061-1/+1
|
* Input boxes with setPattern validation should not contain escape characters ↵PiBa-NL2016-09-021-1/+1
| | | | | | as they are already properly considered 'lists of characters' even when not escaped. (cherry picked from commit 8ea3fd0569ac2b1681de5ba3fbc2a2cc20981ad6)
* Review license / copyright on all files (final round)Renato Botelho2016-07-151-43/+42
|
* Always use require_oncePhil Davis2016-06-271-2/+2
| | | | | | | | | The usage of require() and require_once() throughout the system is inconsistent, and "bugs" come up now and then when the order of "requires" is a bit different and some require() happens after the include file is already included/required. It seems to me that there is no harm at all in always using require_once().
* Firewall / Rules / Edit - URL (IP) AliasNOYB2016-05-241-1/+1
| | | | Make alias type URL (IP) available for selection in firewall rules.
* Firewall - Punctuation Clean UpNOYB2016-04-201-6/+6
| | | | | | Some punctuation clean up. (cherry picked from commit 4a75d129df0c6eee2540d885c951e9ae72a0ed5e)
* Fix validation of v4 in v6 rules and vice versa. Ticket #6211Chris Buechler2016-04-201-6/+6
|
* Convert status_services and widget to POSTStephen Beaver2016-04-181-2/+2
|
* Remove redundant if check.Chris Buechler2016-04-161-1/+1
|
* Deprecate references to modulate state. Remove rule allowing TCP 1723 ↵Chris Buechler2016-04-061-3/+3
| | | | inbound when PPTP client is in use, as that's unnecessary.
* Merge pull request #2809 from NOYB/Firewall_/_Rules_-_Remove_PersonalizationsStephen Beaver2016-04-041-54/+54
| | | | (cherry picked from commit 1cde3afb4c048f66ffd670c373a14d3d3cfa2a71)
* Fix display of gateway IP address and gateway/group descriptions in ↵jim-p2016-03-231-2/+2
| | | | firewall_rules_edit.php.
* possible typoheper2016-03-211-1/+1
|
* Reengineer Form_Button setAttributePhil Davis2016-03-201-7/+2
| | | | | | As per what was done for https://github.com/pfsense/pfsense/pull/2765 - do it to the rest of them. Seems to work OK.
* Redmine #5994 Fix test for default source port fieldsPhil Davis2016-03-181-1/+2
| | | Fixes the problem reported by @jimp where the Advanced button for the source port fields would show "Hide Advanced" when creating a new rule from scratch. Now when creating a new rule, it starts off as "Display Advanced" (with the source port fields hidden.
* Redmine #5994 standardize firewall rule advanced buttonPhil Davis2016-03-171-24/+42
|
OpenPOWER on IntegriCloud