summaryrefslogtreecommitdiffstats
path: root/usr/local/www/firewall_rules_edit.php
Commit message (Collapse)AuthorAgeFilesLines
* Code spacingPhil Davis2015-06-151-31/+31
| | | | | | | and other random stuff I noticed. I think this finishes messing with code style. The codebase should match the developer style guide closely enough that 99.9% of changes will not feel the need to also massage the formatting.
* Code style Firewall RulesPhil Davis2015-05-111-364/+535
|
* Firewall Rules Edit missing slashPhil Davis2015-05-101-1/+1
| | | | This should be the end of a "tr" here. Browsers seem to be forgiving of this stuff - I don't see any difference in rendering in Firefox before or after this change.
* There is no longer any need to restrict protocols for IPv4+IPv6 rules, the ↵Chris Buechler2015-04-041-5/+0
| | | | appropriate ruleset is generated and problem scenarios that would otherwise break here are prevented by other input validation.
* Add SCTP to protocol list for filtering.jim-p2015-03-311-1/+1
|
* fix up textChris Buechler2015-03-051-2/+2
|
* Use appropriate interface field description when working with floating ↵Chris Buechler2015-02-091-1/+5
| | | | rules, it was confusing and potentially incorrect for floating rule purposes.
* Fix lineup of copyright linesPhil Davis2015-01-011-1/+1
| | | | | and module names and other bits of formatting and typos in header comment sections.
* Welcome 2015Renato Botelho2014-12-311-1/+1
|
* Split ICMP and ICMPv6 types on Firewall RulesRenato Botelho2014-12-111-25/+27
| | | | | | | | | | | - Remove redundant declaration of $icmptypes and move it to a common place (filter.inc) - Add missing ICMP types for v4 - Add ICMPv6 types - Adjust javascripts to show correct options depending of IP Protocol - Hide ICMP type selection when protocol is IPv4+v6 It fixes #3389
* Fix indent and spacesRenato Botelho2014-12-111-5/+7
|
* modify copyright statement to reflect realityJim Thompson2014-11-101-0/+1
|
* fix text, PPPoE Server, not VPNChris Buechler2014-11-061-1/+1
|
* Merge pull request #1323 from derelict-pf/masterRenato Botelho2014-11-051-8/+8
|\
| * s/a/an/ and speling.derelict-pf2014-10-311-7/+7
| |
| * s/then/than/derelict-pf2014-10-311-1/+1
| |
* | Remove almost all calls to history.back() and make Cancel button back to ↵Renato Botelho2014-09-121-2/+6
| | | | | | | | HTTP_REFERER, there are a couple of places I didn't touch on this commit because it requires more work
* | Add (self) keyword for specifying "any IP address on this firewall" as a ↵jim-p2014-05-231-1/+5
| | | | | | | | rule choice.
* | Update SCRIPT tags.Colin Fleming2014-05-191-0/+2
| | | | | | | | Add CDATA sections to SCRIPT tags in various files
* | Unbreak 'add rule on top of the list' allowing after param to be -1Renato Botelho2014-04-291-2/+2
| |
* | Expose all p0f OS types that it supports so that subtypes of various ↵jim-p2014-04-291-17/+31
|/ | | | Operating Systems can be detected
* Merge branch 'master-br' of https://github.com/ayvis/pfsense into ↵Renato Botelho2014-03-171-23/+23
|\ | | | | | | ayvis-master-br
| * xhtml Complianceayvis2014-03-141-23/+23
| | | | | | replaced <br>, <br/> and </br> with <br />
* | standardize on www.pfsense.org and HTTPS, point package URLs toChris Buechler2014-03-141-1/+1
|/ | | | packages.pfsense.org
* Improve checks for params 'id', 'dup' and other similar ones to make sure ↵Renato Botelho2014-03-121-10/+11
| | | | they are numeric integer, also, pass them through htmlspecialchars() before print
* Validate rule Advanced Options numeric entriesPhil Davis2014-03-111-7/+35
| | | | | | | | This makes sure the user puts in ordinary positive integers like "1" and "42" in these advanced options fields. It prevents everything else, including dodgy-looking possibilities like "007" which might actually work OK, but it is safer to allow just plain "7". Note 1: The tests in function is_aoadv_used($rule_config) had to be changed back from using empty() to use $var != "" because if the user enters "0" in one of those fields and presses save, they get an error message, but the Advanced Options block on the GUI is closed (the "0" was considered empty()). That seemed rather confusing - the user would have had to click on the Advanced Options "Advanced" button again to open up that block and see the "0" they had entered. Note 2: I have prohibited 2 things that "pf" allows into the ruleset without generating an error: (max 0) (tcp.established 0) Both of these seem (IMHO) to have no valid use case. They would prevent states from ever happening, and so would effectively be block rules, which could be implemented easily as block rules.
* Merge pull request #997 from phil-davis/masterRenato Botelho2014-03-071-2/+19
|\ | | | | Make Firewall Rules Advanced Options open if used
| * Refine check for existence of rule advanced optionsPhil Davis2014-03-061-9/+10
| |
| * Make Firewall Rules Advanced Options open if usedPhil Davis2014-03-041-2/+18
| | | | | | | | Currently, if there are some settings defined in Firewall Rules Edit, Advanced Features, Advanced Options, the Advanced Options section is left minimized when the Firewall Edit screen is displayed. This makes it easy for a user to not notice that there are some Advanced Options settings. This change makes the Advanced Options section be displayed if any of the settings are defined, in the same way it is done for all the other Advanced Features sections.
* | Merge pull request #984 from phil-davis/masterRenato Botelho2014-03-041-18/+12
|\ \ | |/ | | Return GWG IP protocol (version) when no gateway IP
| * Tidy up GWG dropdown selection testsPhil Davis2014-02-281-11/+7
| | | | | | Tested this making a new rule, and editing existing IPv4, IPv6 and IPv4+Ipv6 rules, and switching the IP version on an existing rule. Seems to work!
| * Tidy "gateway name - IP" in dropdown listPhil Davis2014-02-281-1/+2
| | | | | | While I notice this also, for a plain gateway, the current IP address is also listed in the dropdown list text, like "WAN_DHCP - 10.42.11.1". If there is no IP address currently, it might say "WAN_DHCP - dynamic". But for some DHCP gateways that have not had any non-default manual settings done, it can say "OPT1_DHCP -". This gets rid of the silly-looking "-"
| * Use return_gateway_groups_array() to build correct GWG listPhil Davis2014-02-271-10/+7
| | | | | | Now return_gateway_groups_array() always returns at least the IP version 'ipprotocol' of each GWG, even if all its members are down at present. It is better to use this to check what IP version the GWG is. The previous check was using the IP address of the first member of the GWG to deduce 'ipprotocol'. That would fail if the WAN was DHCP and was down.
* | Validate if src OR dst have IP address set when protocol is IPv4+v6. Fixes #3499Renato Botelho2014-03-031-3/+3
|/
* Port dropdowns: Put port no. after descripstilez2014-02-251-4/+4
| | | | | At the moment, even if a port number is entered, it's re-displayed only as a port name when editing. Users who don't have port names -> numbers lookup memorised can't easily confirm when editing a rule, that the port is as intended. Then, when they return to firewall_rules.php the same rules have ports displayed as numbers not names (inconsistent). This small UI edit changes the port dropdowns from just the name "NetBIOS-NS" to "NetBIOS-NS (137)" and shows the very well known port number, for ease of use.
* Update firewall_rules_edit.phpWild Stray2014-02-221-1/+1
| | | PIM protocol for firewall rules.
* Change string to "Maximum new connections per host / per second(s)"Daniel Aleksandersen2014-02-131-4/+4
| | | | | | | Clarifying the setting's meaning. As suggested by forum member "Senser" on https://forum.pfsense.org/index.php/topic,65472.msg356024.html#msg356024
* Standardise LAN net displayPhil Davis2014-02-071-2/+2
| | | On the main firewall rules multi-rule display it shows "LAN net" "WAN net" etc. But on the edit screen it shows "LAN subnet" "WAN subnet" etc. Make the edit screen have the same text as the main screen - this has ben a source of enough little questions/queries on the forum.
* added input hidden with tracker valuebruno2014-01-161-4/+6
|
* Generate a tracker id for the filter rules for now. Maybe for nat rules as well?Ermal2013-12-311-0/+4
|
* Add an option to set no-sync on rules to keep states from being synced via ↵Renato Botelho2013-11-121-3/+16
| | | | pfsync. Fix #2501
* Remove call-time pass by reference for do_input_validation, helps ticket #2565Renato Botelho2013-09-121-1/+1
|
* s/require/require_once/g for filter.inc to avoid redeclaration errors in ↵jim-p2013-08-281-1/+1
| | | | some rare cases.
* Relax advanced options firewall rules testsPhil Davis2013-08-141-12/+3
| | | | Various advanced options are now possible for any protocol since https://github.com/pfsense/pfsense/commit/653bde345e8f960de5bc745fe74e64d8ef3fd2d3 So allow these through the front-end GUI validation also.
* Allow advanced options state-related parameters to be used for TCP, UDP and ICMPPhil Davis2013-07-241-13/+16
| | | Allows the state-related parameters to be specified for UDP and ICMP as well as TCP. Discussed in forum http://forum.pfsense.org/index.php/topic,64653.0.html
* Validate firewall rule advanced options requirementsPhil Davis2013-07-221-0/+45
| | | | | Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules. Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html Bug report #3098
* Implement URL Table aliases for ports instead of IP addressesRenato Botelho2013-07-081-1/+1
|
* Add support for protocol 41 in rules. Fixes #3007.Daniel Becker2013-07-071-1/+1
|
* Add a new alias type, URLs containing PortsRenato Botelho2013-07-041-1/+1
|
* Fix whitespace and indentRenato Botelho2013-04-231-91/+90
|
OpenPOWER on IntegriCloud