From 6847d0ede45fd06e4055b7644aa9cb64f2db9a48 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 21 Jun 2005 21:06:47 +0000 Subject: Add TCP Flags menu to firewall rules edit screen --- usr/local/www/firewall_rules_edit.php | 36 ++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 9e1520e..116efc8 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -82,6 +82,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['dstbeginport'], $pconfig['dstendport']); $pconfig['disabled'] = isset($a_filter[$id]['disabled']); + $pconfig['tcpflags'] = $a_filter[$id]['tcpflags']; $pconfig['log'] = isset($a_filter[$id]['log']); $pconfig['descr'] = $a_filter[$id]['descr']; @@ -111,6 +112,15 @@ if (isset($_GET['dup'])) unset($id); if ($_POST) { + + $intcpflags = array(); + foreach ($tcpflags as $tcpflag) { + if ($_POST['tcpflags_' . $tcpflag] == "on") + $intcpflags[] = $tcpflag; + else if ($_POST['tcpflags_' . $tcpflag] == "off") + $intcpflags[] = "!" . $tcpflag; + } + $_POST['tcpflags'] = join(",", $intcpflags); if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { $_POST['srcbeginport'] = 0; @@ -288,6 +298,8 @@ if ($_POST) { $filterent['gateway'] = $_POST['gateway']; } + $filterent['tcpflags'] = $_POST['tcpflags']; + if (isset($id) && $a_filter[$id]) $a_filter[$id] = $filterent; else { @@ -296,7 +308,7 @@ if ($_POST) { else $a_filter[] = $filterent; } - + write_config(); touch($d_filterconfdirty_path); @@ -809,6 +821,28 @@ Hint: the difference between block and reject is that with reject, a packet (TCP + TCP flags + + + + + + + + + +
+ + > + set    > + cleared    > + don't care
+ Use this to choose TCP flags that must + be set or cleared for this rule to match. + +   -- cgit v1.1