From 603d3c16fd1bc1f5f7fd77ede899043dfadbef6a Mon Sep 17 00:00:00 2001
From: Phil Davis <phil.davis@inf.org>
Date: Mon, 11 May 2015 18:55:44 +0545
Subject: Code style Firewall Rules

---
 usr/local/www/firewall_rules_edit.php | 899 ++++++++++++++++++++--------------
 1 file changed, 535 insertions(+), 364 deletions(-)

(limited to 'usr/local/www/firewall_rules_edit.php')

diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 03c6912..9d610ea 100644
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -66,8 +66,9 @@ function is_aoadv_used($rule_config) {
 	    ($rule_config['max-src-states'] != "") ||
 	    ($rule_config['max-src-conn-rate'] != "") ||
 	    ($rule_config['max-src-conn-rates'] != "") ||
-	    ($rule_config['statetimeout'] != ""))
+	    ($rule_config['statetimeout'] != "")) {
 		return true;
+	}
 	return false;
 }
 
@@ -107,98 +108,121 @@ if (!is_array($config['filter']['rule'])) {
 filter_rules_sort();
 $a_filter = &$config['filter']['rule'];
 
-if (is_numericint($_GET['id']))
+if (is_numericint($_GET['id'])) {
 	$id = $_GET['id'];
-if (isset($_POST['id']) && is_numericint($_POST['id']))
+}
+if (isset($_POST['id']) && is_numericint($_POST['id'])) {
 	$id = $_POST['id'];
+}
 
-if (is_numericint($_GET['after']) || $_GET['after'] == "-1")
+if (is_numericint($_GET['after']) || $_GET['after'] == "-1") {
 	$after = $_GET['after'];
-if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1"))
+}
+if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) {
 	$after = $_POST['after'];
+}
 
 if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
-        $id = $_GET['dup'];
-        $after = $_GET['dup'];
+	$id = $_GET['dup'];
+	$after = $_GET['dup'];
 }
 
 if (isset($id) && $a_filter[$id]) {
 	$pconfig['interface'] = $a_filter[$id]['interface'];
 
-	if (isset($a_filter[$id]['id']))
+	if (isset($a_filter[$id]['id'])) {
 		$pconfig['ruleid'] = $a_filter[$id]['id'];
+	}
 
-	if ( isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']) )
+	if (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])) {
 		$pconfig['created'] = $a_filter[$id]['created'];
+	}
 
-	if ( isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated']) )
+	if (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]['updated'])) {
 		$pconfig['updated'] = $a_filter[$id]['updated'];
+	}
 
-	if (!isset($a_filter[$id]['type']))
+	if (!isset($a_filter[$id]['type'])) {
 		$pconfig['type'] = "pass";
-	else
+	} else {
 		$pconfig['type'] = $a_filter[$id]['type'];
+	}
 
 	if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") {
 		$pconfig['floating'] = $a_filter[$id]['floating'];
-		if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
+		if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "") {
 			$pconfig['interface'] = $a_filter[$id]['interface'];
+		}
 	}
 
-	if (isset($a_filter['floating']))
+	if (isset($a_filter['floating'])) {
 		$pconfig['floating'] = "yes";
+	}
 
-	if (isset($a_filter[$id]['direction']))
+	if (isset($a_filter[$id]['direction'])) {
 		$pconfig['direction'] = $a_filter[$id]['direction'];
+	}
 
-	if (isset($a_filter[$id]['ipprotocol']))
+	if (isset($a_filter[$id]['ipprotocol'])) {
 		$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
+	}
 
-	if (isset($a_filter[$id]['protocol']))
+	if (isset($a_filter[$id]['protocol'])) {
 		$pconfig['proto'] = $a_filter[$id]['protocol'];
-	else
+	} else {
 		$pconfig['proto'] = "any";
+	}
 
-	if ($a_filter[$id]['protocol'] == "icmp")
+	if ($a_filter[$id]['protocol'] == "icmp") {
 		$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
+	}
 
 	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
 		$pconfig['srcmask'], $pconfig['srcnot'],
 		$pconfig['srcbeginport'], $pconfig['srcendport']);
 
-	if($a_filter[$id]['os'] <> "")
+	if ($a_filter[$id]['os'] <> "") {
 		$pconfig['os'] = $a_filter[$id]['os'];
+	}
 
 	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
 		$pconfig['dstmask'], $pconfig['dstnot'],
 		$pconfig['dstbeginport'], $pconfig['dstendport']);
 
-	if ($a_filter[$id]['dscp'] <> "")
+	if ($a_filter[$id]['dscp'] <> "") {
 		$pconfig['dscp'] = $a_filter[$id]['dscp'];
+	}
 
 	$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
 	$pconfig['log'] = isset($a_filter[$id]['log']);
 	$pconfig['descr'] = $a_filter[$id]['descr'];
 
-	if (isset($a_filter[$id]['tcpflags_any']))
+	if (isset($a_filter[$id]['tcpflags_any'])) {
 		$pconfig['tcpflags_any'] = true;
-	else {
-		if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
+	} else {
+		if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "") {
 			$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1'];
-		if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
+		}
+		if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "") {
 			$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2'];
+		}
 	}
 
-	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
+	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "") {
 		$pconfig['tag'] = $a_filter[$id]['tag'];
-	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "")
+	}
+	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "") {
 		$pconfig['tagged'] = $a_filter[$id]['tagged'];
-	if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick'])
+	}
+	if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick']) {
 		$pconfig['quick'] = $a_filter[$id]['quick'];
-	if (isset($a_filter[$id]['allowopts']))
+	}
+	if (isset($a_filter[$id]['allowopts'])) {
 		$pconfig['allowopts'] = true;
-	if (isset($a_filter[$id]['disablereplyto']))
+	}
+	if (isset($a_filter[$id]['disablereplyto'])) {
 		$pconfig['disablereplyto'] = true;
+	}
 
 	/* advanced */
 	$pconfig['max'] = $a_filter[$id]['max'];
@@ -230,15 +254,17 @@ if (isset($id) && $a_filter[$id]) {
 	$pconfig['sched'] = (($a_filter[$id]['sched'] == "none") ? '' : $a_filter[$id]['sched']);
 	$pconfig['vlanprio'] = (($a_filter[$id]['vlanprio'] == "none") ? '' : $a_filter[$id]['vlanprio']);
 	$pconfig['vlanprioset'] = (($a_filter[$id]['vlanprioset'] == "none") ? '' : $a_filter[$id]['vlanprioset']);
-	if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
+	if (!isset($_GET['dup']) || !is_numericint($_GET['dup'])) {
 		$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
+	}
 
 	$pconfig['tracker'] = $a_filter[$id]['tracker'];
 
 } else {
 	/* defaults */
-	if ($_GET['if'])
+	if ($_GET['if']) {
 		$pconfig['interface'] = $_GET['if'];
+	}
 	$pconfig['type'] = "pass";
 	$pconfig['src'] = "any";
 	$pconfig['dst'] = "any";
@@ -246,8 +272,9 @@ if (isset($id) && $a_filter[$id]) {
 /* Allow the FloatingRules to work */
 $if = $pconfig['interface'];
 
-if (isset($_GET['dup']) && is_numericint($_GET['dup']))
+if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
 	unset($id);
+}
 
 read_altq_config(); /* XXX: */
 $qlist =& get_unique_queue_list();
@@ -260,27 +287,28 @@ $a_gatewaygroups = return_gateway_groups_array();
 if ($_POST) {
 	unset($input_errors);
 
-	if( isset($a_filter[$id]['associated-rule-id']) ) {
+	if (isset($a_filter[$id]['associated-rule-id'])) {
 		$_POST['proto'] = $pconfig['proto'];
-		if ($pconfig['proto'] == "icmp")
+		if ($pconfig['proto'] == "icmp") {
 			$_POST['icmptype'] = $pconfig['icmptype'];
+		}
 	}
 
 	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "")) {
-		if(is_array($config['gateways']['gateway_group'])) {
-			foreach($config['gateways']['gateway_group'] as $gw_group) {
-				if($gw_group['name'] == $_POST['gateway']) {
+		if (is_array($config['gateways']['gateway_group'])) {
+			foreach ($config['gateways']['gateway_group'] as $gw_group) {
+				if ($gw_group['name'] == $_POST['gateway']) {
 					$family = $a_gatewaygroups[$_POST['gateway']]['ipprotocol'];
-					if($_POST['ipprotocol'] == $family) {
+					if ($_POST['ipprotocol'] == $family) {
 						continue;
 					}
-					if(($_POST['ipprotocol'] == "inet46") && ($_POST['ipprotocol'] != $family)) {
+					if (($_POST['ipprotocol'] == "inet46") && ($_POST['ipprotocol'] != $family)) {
 						$input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6");
 					}
-					if(($_POST['ipprotocol'] == "inet6") && ($_POST['ipprotocol'] != $family)) {
+					if (($_POST['ipprotocol'] == "inet6") && ($_POST['ipprotocol'] != $family)) {
 						$input_errors[] = gettext("You can not assign an IPv4 gateway group on IPv6 Address Family rule");
 					}
-					if(($_POST['ipprotocol'] == "inet") && ($_POST['ipprotocol'] != $family)) {
+					if (($_POST['ipprotocol'] == "inet") && ($_POST['ipprotocol'] != $family)) {
 						$input_errors[] = gettext("You can not assign an IPv6 gateway group on IPv4 Address Family rule");
 					}
 				}
@@ -288,19 +316,20 @@ if ($_POST) {
 		}
 	}
 	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "") && (is_ipaddr(lookup_gateway_ip_by_name($_POST['gateway'])))) {
-		if(($_POST['ipprotocol'] == "inet46") && ($_POST['gateway'] <> "")) {
+		if (($_POST['ipprotocol'] == "inet46") && ($_POST['gateway'] <> "")) {
 			$input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6");
 		}
-		if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) {
+		if (($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) {
 			$input_errors[] = gettext("You can not assign an IPv4 Gateway to an IPv6 Filter rule");
 		}
-		if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) {
+		if (($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) {
 			$input_errors[] = gettext("You can not assign an IPv6 Gateway to an IPv4 Filter rule");
 		}
 	}
-	if (($_POST['proto'] == "icmp") && ($_POST['icmptype'] <> "")){
-		if($_POST['ipprotocol'] == "inet46")
+	if (($_POST['proto'] == "icmp") && ($_POST['icmptype'] <> "")) {
+		if ($_POST['ipprotocol'] == "inet46") {
 			$input_errors[] =  gettext("You can not assign a ICMP type to a rule that applies to IPv4 and IPv6");
+		}
 	}
 
 	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
@@ -309,83 +338,95 @@ if ($_POST) {
 		$_POST['dstbeginport'] = 0;
 		$_POST['dstendport'] = 0;
 	} else {
-		if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
+		if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) {
 			$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
-		if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
+		}
+		if ($_POST['srcendport_cust'] && !$_POST['srcendport']) {
 			$_POST['srcendport'] = trim($_POST['srcendport_cust']);
+		}
 		if ($_POST['srcbeginport'] == "any") {
 			$_POST['srcbeginport'] = 0;
 			$_POST['srcendport'] = 0;
 		} else {
-			if (!$_POST['srcendport'])
+			if (!$_POST['srcendport']) {
 				$_POST['srcendport'] = $_POST['srcbeginport'];
+			}
 		}
-		if ($_POST['srcendport'] == "any")
+		if ($_POST['srcendport'] == "any") {
 			$_POST['srcendport'] = $_POST['srcbeginport'];
+		}
 
-		if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
+		if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) {
 			$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
-		if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
+		}
+		if ($_POST['dstendport_cust'] && !$_POST['dstendport']) {
 			$_POST['dstendport'] = trim($_POST['dstendport_cust']);
+		}
 
 		if ($_POST['dstbeginport'] == "any") {
 			$_POST['dstbeginport'] = 0;
 			$_POST['dstendport'] = 0;
 		} else {
-			if (!$_POST['dstendport'])
+			if (!$_POST['dstendport']) {
 				$_POST['dstendport'] = $_POST['dstbeginport'];
+			}
 		}
-		if ($_POST['dstendport'] == "any")
+		if ($_POST['dstendport'] == "any") {
 			$_POST['dstendport'] = $_POST['dstbeginport'];
+		}
 	}
 
 	if (is_specialnet($_POST['srctype'])) {
 		$_POST['src'] = $_POST['srctype'];
 		$_POST['srcmask'] = 0;
 	} else if ($_POST['srctype'] == "single") {
-		if (is_ipaddrv6($_POST['src']))
+		if (is_ipaddrv6($_POST['src'])) {
 			$_POST['srcmask'] = 128;
-		else
+		} else {
 			$_POST['srcmask'] = 32;
+		}
 	}
 	if (is_specialnet($_POST['dsttype'])) {
 		$_POST['dst'] = $_POST['dsttype'];
 		$_POST['dstmask'] = 0;
 	}  else if ($_POST['dsttype'] == "single") {
-		if (is_ipaddrv6($_POST['dst']))
+		if (is_ipaddrv6($_POST['dst'])) {
 			$_POST['dstmask'] = 128;
-		else
+		} else {
 			$_POST['dstmask'] = 32;
+		}
 	}
 
 	$pconfig = $_POST;
 
 	/* input validation */
 	$reqdfields = explode(" ", "type proto");
-	if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
+	if (isset($a_filter[$id]['associated-rule-id'])===false) {
 		$reqdfields[] = "src";
 		$reqdfields[] = "dst";
 	}
 	$reqdfieldsn = explode(",", "Type,Protocol");
-	if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
+	if (isset($a_filter[$id]['associated-rule-id'])===false) {
 		$reqdfieldsn[] = "Source";
 		$reqdfieldsn[] = "Destination";
 	}
 
-	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
-		if( $_POST['proto'] != "tcp" )
+	if ($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
+		if ($_POST['proto'] != "tcp") {
 			$input_errors[] = sprintf(gettext("%s is only valid with protocol TCP."),$_POST['statetype']);
-		if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
+		}
+		if (($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != "")) {
 			$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
+		}
 	}
 
-	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
-	(!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) ) {
+	if (isset($a_filter[$id]['associated-rule-id'])===false &&
+	    (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single")))) {
 		$reqdfields[] = "srcmask";
 		$reqdfieldsn[] = "Source bit count";
 	}
-	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
-	(!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) ) {
+	if (isset($a_filter[$id]['associated-rule-id'])===false &&
+	    (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single")))) {
 		$reqdfields[] = "dstmask";
 		$reqdfieldsn[] = gettext("Destination bit count");
 	}
@@ -401,48 +442,64 @@ if ($_POST) {
 		$_POST['dstendport'] = 0;
 	}
 
-	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
+	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) {
 		$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
-	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
+	}
+	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) {
 			$input_errors[] = sprintf(gettext("%s  is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
-	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
+	}
+	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) {
 			$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
-	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
+	}
+	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) {
 			$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
-	if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust'])
-		if (is_alias($_POST['srcendport_cust']))
+	}
+	if (!$_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) {
+		if (is_alias($_POST['srcendport_cust'])) {
 			$input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field';
-	if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
-		if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust'])
+		}
+	}
+	if ($_POST['srcbeginport_cust'] && $_POST['srcendport_cust']) {
+		if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust']) {
 			$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields';
+		}
 		if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) ||
-		    ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
+		    ((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust']))) {
 			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field';
+		}
 	}
-	if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust'])
-		if (is_alias($_POST['dstendport_cust']))
+	if (!$_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) {
+		if (is_alias($_POST['dstendport_cust'])) {
 			$input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field';
-	if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
-		if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust'])
+		}
+	}
+	if ($_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) {
+		if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust']) {
 			$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields';
+		}
 		if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) ||
-		    ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
+		    ((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust']))) {
 			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field';
+		}
 	}
 
-	if ($_POST['src'])
+	if ($_POST['src']) {
 		$_POST['src'] = trim($_POST['src']);
-	if ($_POST['dst'])
+	}
+	if ($_POST['dst']) {
 		$_POST['dst'] = trim($_POST['dst']);
+	}
 
 	/* if user enters an alias and selects "network" then disallow. */
-	if($_POST['srctype'] == "network") {
-		if(is_alias($_POST['src']))
+	if ($_POST['srctype'] == "network") {
+		if (is_alias($_POST['src'])) {
 			$input_errors[] = gettext("You must specify single host or alias for alias entries.");
+		}
 	}
-	if($_POST['dsttype'] == "network") {
-		if(is_alias($_POST['dst']))
+	if ($_POST['dsttype'] == "network") {
+		if (is_alias($_POST['dst'])) {
 			$input_errors[] = gettext("You must specify single host or alias for alias entries.");
+		}
 	}
 
 	if (!is_specialnet($_POST['srctype'])) {
@@ -461,17 +518,21 @@ if ($_POST) {
 			$input_errors[] = gettext("A valid destination bit count must be specified.");
 		}
 	}
-	if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) {
-		if(!validate_address_family($_POST['src'], $_POST['dst']))
+	if ((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) {
+		if (!validate_address_family($_POST['src'], $_POST['dst'])) {
 			$input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']);
-		if((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet"))
+		}
+		if ((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet")) {
 			$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
-		if((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6"))
+		}
+		if ((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6")) {
 			$input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
+		}
 	}
 
-	if((is_ipaddr($_POST['src']) || is_ipaddr($_POST['dst'])) && ($_POST['ipprotocol'] == "inet46"))
+	if ((is_ipaddr($_POST['src']) || is_ipaddr($_POST['dst'])) && ($_POST['ipprotocol'] == "inet46")) {
 		$input_errors[] = gettext("You can not use a IPv4 or IPv6 address in combined IPv4 + IPv6 rules.");
+	}
 
 	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
 		/* swap */
@@ -486,115 +547,150 @@ if ($_POST) {
 		$_POST['dstbeginport'] = $tmp;
 	}
 	if ($_POST['os']) {
-		if( $_POST['proto'] != "tcp" )
+		if ($_POST['proto'] != "tcp") {
 			$input_errors[] = gettext("OS detection is only valid with protocol TCP.");
-		if (!in_array($_POST['os'], $ostypes))
+		}
+		if (!in_array($_POST['os'], $ostypes)) {
 			$input_errors[] = gettext("Invalid OS detection selection. Please select a valid OS.");
+		}
 	}
 
 	if ($_POST['ackqueue'] != "") {
-		if ($_POST['defaultqueue'] == "" )
+		if ($_POST['defaultqueue'] == "") {
 			$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
-		else if ($_POST['ackqueue'] == $_POST['defaultqueue'])
+		} else if ($_POST['ackqueue'] == $_POST['defaultqueue']) {
 			$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
+		}
 	}
-	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any"))
+	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) {
 		$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
-	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any"))
+	}
+	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) {
 		$input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction.");
+	}
 	if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "") {
-		if ($_POST['dnpipe'] == "" )
+		if ($_POST['dnpipe'] == "") {
 			$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
-		else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
+		} else if ($_POST['pdnpipe'] == $_POST['dnpipe']) {
 			$input_errors[] = gettext("In and Out Queue cannot be the same.");
-		else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?")
+		} else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?") {
 			$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. Both must be from the same type.");
-		else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?")
+		} else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?") {
 			$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. Both must be from the same type.");
-		if ($_POST['direction'] == "out" && empty($_POST['gateway']))
+		}
+		if ($_POST['direction'] == "out" && empty($_POST['gateway'])) {
 			$input_errors[] = gettext("Please select a gateway, normally the interface selected gateway, so the limiters work correctly");
+		}
 	}
-	if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
+	if (!empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid'])) {
 		$input_errors[] = gettext('ID must be an integer');
-	if($_POST['l7container'] && $_POST['l7container'] != "") {
-		if(!($_POST['proto'] == "tcp" || $_POST['proto'] == "udp" || $_POST['proto'] == "tcp/udp"))
+	}
+	if ($_POST['l7container'] && $_POST['l7container'] != "") {
+		if (!($_POST['proto'] == "tcp" || $_POST['proto'] == "udp" || $_POST['proto'] == "tcp/udp")) {
 			$input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols");
-		if ($_POST['type'] <> "pass")
+		}
+		if ($_POST['type'] <> "pass") {
 			$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
+		}
 	}
 
 	if (!in_array($_POST['proto'], array("tcp","tcp/udp"))) {
-		if (!empty($_POST['max-src-conn']))
+		if (!empty($_POST['max-src-conn'])) {
 			$input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for TCP protocol.");
-		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates']))
+		}
+		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) {
 			$input_errors[] = gettext("You can only specify the maximum new connections per host / per second(s) (advanced option) for TCP protocol.");
-		if (!empty($_POST['statetimeout']))
+		}
+		if (!empty($_POST['statetimeout'])) {
 			$input_errors[] = gettext("You can only specify the state timeout (advanced option) for TCP protocol.");
+		}
 	}
 
 	if ($_POST['type'] <> "pass") {
-		if (!empty($_POST['max']))
+		if (!empty($_POST['max'])) {
 			$input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for Pass type rules.");
-		if (!empty($_POST['max-src-nodes']))
+		}
+		if (!empty($_POST['max-src-nodes'])) {
 			$input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for Pass type rules.");
-		if (!empty($_POST['max-src-conn']))
+		}
+		if (!empty($_POST['max-src-conn'])) {
 			$input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for Pass type rules.");
-		if (!empty($_POST['max-src-states']))
+		}
+		if (!empty($_POST['max-src-states'])) {
 			$input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for Pass type rules.");
-		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates']))
+		}
+		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) {
 			$input_errors[] = gettext("You can only specify the maximum new connections per host / per second(s) (advanced option) for Pass type rules.");
-		if (!empty($_POST['statetimeout']))
+		}
+		if (!empty($_POST['statetimeout'])) {
 			$input_errors[] = gettext("You can only specify the state timeout (advanced option) for Pass type rules.");
+		}
 	}
 
 	if (($_POST['statetype'] == "none") && (empty($_POST['l7container']))) {
-		if (!empty($_POST['max']))
+		if (!empty($_POST['max'])) {
 			$input_errors[] = gettext("You cannot specify the maximum state entries (advanced option) if statetype is none and no L7 container is selected.");
-		if (!empty($_POST['max-src-nodes']))
+		}
+		if (!empty($_POST['max-src-nodes'])) {
 			$input_errors[] = gettext("You cannot specify the maximum number of unique source hosts (advanced option) if statetype is none and no L7 container is selected.");
-		if (!empty($_POST['max-src-conn']))
+		}
+		if (!empty($_POST['max-src-conn'])) {
 			$input_errors[] = gettext("You cannot specify the maximum number of established connections per host (advanced option) if statetype is none and no L7 container is selected.");
-		if (!empty($_POST['max-src-states']))
+		}
+		if (!empty($_POST['max-src-states'])) {
 			$input_errors[] = gettext("You cannot specify the maximum state entries per host (advanced option) if statetype is none and no L7 container is selected.");
-		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates']))
+		}
+		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates'])) {
 			$input_errors[] = gettext("You cannot specify the maximum new connections per host / per second(s) (advanced option) if statetype is none and no L7 container is selected.");
-		if (!empty($_POST['statetimeout']))
+		}
+		if (!empty($_POST['statetimeout'])) {
 			$input_errors[] = gettext("You cannot specify the state timeout (advanced option) if statetype is none and no L7 container is selected.");
+		}
 	}
 
-	if (($_POST['max'] != "") && !is_posnumericint($_POST['max']))
+	if (($_POST['max'] != "") && !is_posnumericint($_POST['max'])) {
 		$input_errors[] = gettext("Maximum state entries (advanced option) must be a positive integer");
+	}
 
-	if (($_POST['max-src-nodes'] != "") && !is_posnumericint($_POST['max-src-nodes']))
+	if (($_POST['max-src-nodes'] != "") && !is_posnumericint($_POST['max-src-nodes'])) {
 		$input_errors[] = gettext("Maximum number of unique source hosts (advanced option) must be a positive integer");
+	}
 
-	if (($_POST['max-src-conn'] != "") && !is_posnumericint($_POST['max-src-conn']))
+	if (($_POST['max-src-conn'] != "") && !is_posnumericint($_POST['max-src-conn'])) {
 		$input_errors[] = gettext("Maximum number of established connections per host (advanced option) must be a positive integer");
+	}
 
-	if (($_POST['max-src-states'] != "") && !is_posnumericint($_POST['max-src-states']))
+	if (($_POST['max-src-states'] != "") && !is_posnumericint($_POST['max-src-states'])) {
 		$input_errors[] = gettext("Maximum state entries per host (advanced option) must be a positive integer");
+	}
 
-	if (($_POST['max-src-conn-rate'] != "") && !is_posnumericint($_POST['max-src-conn-rate']))
+	if (($_POST['max-src-conn-rate'] != "") && !is_posnumericint($_POST['max-src-conn-rate'])) {
 		$input_errors[] = gettext("Maximum new connections per host / per second(s) (advanced option) must be a positive integer");
+	}
 
-	if (($_POST['statetimeout'] != "") && !is_posnumericint($_POST['statetimeout']))
+	if (($_POST['statetimeout'] != "") && !is_posnumericint($_POST['statetimeout'])) {
 		$input_errors[] = gettext("State timeout (advanced option) must be a positive integer");
+	}
 
-	if ((($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] == "")) || 
-	    (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> "")))
+	if ((($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] == "")) ||
+	    (($_POST['max-src-conn-rate'] == "" and $_POST['max-src-conn-rates'] <> ""))) {
 		$input_errors[] = gettext("Both maximum new connections per host and the interval (per second(s)) must be specified");
+	}
 
 	if (!$_POST['tcpflags_any']) {
 		$settcpflags = array();
 		$outoftcpflags = array();
 		foreach ($tcpflags as $tcpflag) {
-			if ($_POST['tcpflags1_' . $tcpflag] == "on")
+			if ($_POST['tcpflags1_' . $tcpflag] == "on") {
 				$settcpflags[] = $tcpflag;
-			if ($_POST['tcpflags2_' . $tcpflag] == "on")
+			}
+			if ($_POST['tcpflags2_' . $tcpflag] == "on") {
 				$outoftcpflags[] = $tcpflag;
+			}
 		}
-		if (empty($outoftcpflags) && !empty($settcpflags))
+		if (empty($outoftcpflags) && !empty($settcpflags)) {
 			$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
+		}
 	}
 
 	// Allow extending of the firewall edit page and include custom input validation
@@ -607,11 +703,13 @@ if ($_POST) {
 		$filterent['tracker'] = empty($_POST['tracker']) ? (int)microtime(true) : $_POST['tracker'];
 
 		$filterent['type'] = $_POST['type'];
-		if (isset($_POST['interface'] ))
+		if (isset($_POST['interface'])) {
 			$filterent['interface'] = $_POST['interface'];
+		}
 
-		if (isset($_POST['ipprotocol'] ))
+		if (isset($_POST['ipprotocol'])) {
 			$filterent['ipprotocol'] = $_POST['ipprotocol'];
+		}
 
 		if ($_POST['tcpflags_any']) {
 			$filterent['tcpflags_any'] = true;
@@ -619,26 +717,32 @@ if ($_POST) {
 			$settcpflags = array();
 			$outoftcpflags = array();
 			foreach ($tcpflags as $tcpflag) {
-				if ($_POST['tcpflags1_' . $tcpflag] == "on")
+				if ($_POST['tcpflags1_' . $tcpflag] == "on") {
 					$settcpflags[] = $tcpflag;
-				if ($_POST['tcpflags2_' . $tcpflag] == "on")
+				}
+				if ($_POST['tcpflags2_' . $tcpflag] == "on") {
 					$outoftcpflags[] = $tcpflag;
+				}
 			}
 			if (!empty($outoftcpflags)) {
 				$filterent['tcpflags2'] = join(",", $outoftcpflags);
-				if (!empty($settcpflags))
+				if (!empty($settcpflags)) {
 					$filterent['tcpflags1'] = join(",", $settcpflags);
+				}
 			}
 		}
 
-		if (isset($_POST['tag']))
+		if (isset($_POST['tag'])) {
 			$filterent['tag'] = $_POST['tag'];
-		if (isset($_POST['tagged']))
+		}
+		if (isset($_POST['tagged'])) {
 			$filterent['tagged'] = $_POST['tagged'];
+		}
 		if ($if == "FloatingRules" || isset($_POST['floating'])) {
 			$filterent['direction'] = $_POST['direction'];
-			if (isset($_POST['quick']) && $_POST['quick'] <> "")
+			if (isset($_POST['quick']) && $_POST['quick'] <> "") {
 				$filterent['quick'] = $_POST['quick'];
+			}
 			$filterent['floating'] = "yes";
 			if (isset($_POST['interface']) && count($_POST['interface']) > 0)  {
 				$filterent['interface'] = implode(",", $_POST['interface']);
@@ -646,14 +750,16 @@ if ($_POST) {
 		}
 
 		/* Advanced options */
-		if ($_POST['allowopts'] == "yes")
+		if ($_POST['allowopts'] == "yes") {
 			$filterent['allowopts'] = true;
-		else
+		} else {
 			unset($filterent['allowopts']);
-		if ($_POST['disablereplyto'] == "yes")
+		}
+		if ($_POST['disablereplyto'] == "yes") {
 			$filterent['disablereplyto'] = true;
-		else
+		} else {
 			unset($filterent['disablereplyto']);
+		}
 		$filterent['max'] = $_POST['max'];
 		$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
 		$filterent['max-src-conn'] = $_POST['max-src-conn'];
@@ -661,19 +767,21 @@ if ($_POST) {
 		$filterent['statetimeout'] = $_POST['statetimeout'];
 		$filterent['statetype'] = $_POST['statetype'];
 		$filterent['os'] = $_POST['os'];
-		if($_POST['nopfsync'] <> "")
+		if ($_POST['nopfsync'] <> "") {
 			$filterent['nopfsync'] = true;
-		else
+		} else {
 			unset($filterent['nopfsync']);
+		}
 
 		/* Nosync directive - do not xmlrpc sync this item */
-		if($_POST['nosync'] <> "")
+		if ($_POST['nosync'] <> "") {
 			$filterent['nosync'] = true;
-		else
+		} else {
 			unset($filterent['nosync']);
+		}
 
 		/* unless both values are provided, unset the values - ticket #650 */
-		if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
+		if ($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
 			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
 			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
 		} else {
@@ -681,20 +789,23 @@ if ($_POST) {
 			unset($filterent['max-src-conn-rates']);
 		}
 
-		if ($_POST['proto'] != "any")
+		if ($_POST['proto'] != "any") {
 			$filterent['protocol'] = $_POST['proto'];
-		else
+		} else {
 			unset($filterent['protocol']);
+		}
 
 		if ($_POST['proto'] == "icmp") {
-			if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type'])
+			if ($filterent['ipprotocol'] == 'inet6' && $_POST['icmp6type']) {
 				$filterent['icmptype'] = $_POST['icmp6type'];
-			else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype'])
+			} else if ($filterent['ipprotocol'] != 'inet6' && $_POST['icmptype']) {
 				$filterent['icmptype'] = $_POST['icmptype'];
-			else
+			} else {
 				unset($filterent['icmptype']);
-		} else
+			}
+		} else {
 			unset($filterent['icmptype']);
+		}
 
 		pconfig_to_address($filterent['source'], $_POST['src'],
 			$_POST['srcmask'], $_POST['srcnot'],
@@ -704,18 +815,21 @@ if ($_POST) {
 			$_POST['dstmask'], $_POST['dstnot'],
 			$_POST['dstbeginport'], $_POST['dstendport']);
 
-		if ($_POST['disabled'])
+		if ($_POST['disabled']) {
 			$filterent['disabled'] = true;
-		else
+		} else {
 			unset($filterent['disabled']);
+		}
 
-		if ($_POST['dscp'])
+		if ($_POST['dscp']) {
 			$filterent['dscp'] = $_POST['dscp'];
+		}
 
-		if ($_POST['log'])
+		if ($_POST['log']) {
 			$filterent['log'] = true;
-		else
+		} else {
 			unset($filterent['log']);
+		}
 		strncpy($filterent['descr'], $_POST['descr'], 52);
 
 		if ($_POST['gateway'] != "") {
@@ -724,14 +838,16 @@ if ($_POST) {
 
 		if ($_POST['defaultqueue'] != "") {
 			$filterent['defaultqueue'] = $_POST['defaultqueue'];
-			if ($_POST['ackqueue'] != "")
+			if ($_POST['ackqueue'] != "") {
 				$filterent['ackqueue'] = $_POST['ackqueue'];
+			}
 		}
 
 		if ($_POST['dnpipe'] != "") {
 			$filterent['dnpipe'] = $_POST['dnpipe'];
-			if ($_POST['pdnpipe'] != "")
+			if ($_POST['pdnpipe'] != "") {
 				$filterent['pdnpipe'] = $_POST['pdnpipe'];
+			}
 		}
 
 		if ($_POST['l7container'] != "") {
@@ -750,49 +866,55 @@ if ($_POST) {
 		}
 
 		// If we have an associated nat rule, make sure the source and destination doesn't change
-		if( isset($a_filter[$id]['associated-rule-id']) ) {
+		if (isset($a_filter[$id]['associated-rule-id'])) {
 			$filterent['interface'] = $a_filter[$id]['interface'];
-			if (isset($a_filter[$id]['protocol']))
+			if (isset($a_filter[$id]['protocol'])) {
 				$filterent['protocol'] = $a_filter[$id]['protocol'];
-			else if (isset($filterent['protocol']))
+			} else if (isset($filterent['protocol'])) {
 				unset($filterent['protocol']);
-			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype'])
+			}
+			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype']) {
 				$filterent['icmptype'] = $a_filter[$id]['icmptype'];
-			else if (isset($filterent['icmptype']))
+			} else if (isset($filterent['icmptype'])) {
 				unset($filterent['icmptype']);
+			}
 
 			$filterent['source'] = $a_filter[$id]['source'];
 			$filterent['destination'] = $a_filter[$id]['destination'];
 			$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
 		}
 
-		if ( isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created']) )
+		if (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])) {
 			$filterent['created'] = $a_filter[$id]['created'];
+		}
 
 		$filterent['updated'] = make_config_revision_entry();
 
 		// Allow extending of the firewall edit page and include custom input validation
 		pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
 
-		if (isset($id) && $a_filter[$id])
+		if (isset($id) && $a_filter[$id]) {
 			$a_filter[$id] = $filterent;
-		else {
+		} else {
 			$filterent['created'] = make_config_revision_entry();
-			if (is_numeric($after))
+			if (is_numeric($after)) {
 				array_splice($a_filter, $after+1, 0, array($filterent));
-			else
+			} else {
 				$a_filter[] = $filterent;
+			}
 		}
 
 		filter_rules_sort();
 
-		if (write_config())
+		if (write_config()) {
 			mark_subsystem_dirty('filter');
+		}
 
-		if (isset($_POST['floating']))
+		if (isset($_POST['floating'])) {
 			header("Location: firewall_rules.php?if=FloatingRules");
-		else
+		} else {
 			header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
+		}
 		exit;
 	}
 }
@@ -868,7 +990,7 @@ include("head.inc");
 		</tr>
 <?php endif; ?>
 <?php $edit_disabled = ""; ?>
-<?php if( isset($pconfig['associated-rule-id']) ): ?>
+<?php if (isset($pconfig['associated-rule-id'])): ?>
 		<tr>
 			<td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td>
 			<td width="78%" class="vtable">
@@ -878,16 +1000,17 @@ include("head.inc");
 				<?php
 					$edit_disabled = "disabled";
 					if (is_array($config['nat']['rule'])) {
-						foreach( $config['nat']['rule'] as $index => $nat_rule ) {
-							if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
+						foreach ($config['nat']['rule'] as $index => $nat_rule) {
+							if (isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
 								echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br />";
 								break;
 							}
 						}
 					}
 					echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' />";
-					if (!empty($pconfig['interface']))
+					if (!empty($pconfig['interface'])) {
 						echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' />";
+					}
 				?>
 				<script type="text/javascript">
 				//<![CDATA[
@@ -905,38 +1028,52 @@ include("head.inc");
 <?php else: ?>
 				<select name="interface" class="formselect" <?=$edit_disabled;?>>
 <?php endif;
-				/* add group interfaces */
-				if (is_array($config['ifgroups']['ifgroupentry']))
-					foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
-						if (have_ruleint_access($ifgen['ifname']))
-							$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
-				$ifdescs = get_configured_interface_with_descr();
-				// Allow extending of the firewall edit page and include custom input validation
-				pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
-				foreach ($ifdescs as $ifent => $ifdesc)
-					if(have_ruleint_access($ifent))
-							$interfaces[$ifent] = $ifdesc;
-					if ($config['l2tp']['mode'] == "server")
-						if(have_ruleint_access("l2tp"))
+					/* add group interfaces */
+					if (is_array($config['ifgroups']['ifgroupentry'])) {
+						foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) {
+							if (have_ruleint_access($ifgen['ifname'])) {
+								$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
+							}
+						}
+					}
+					$ifdescs = get_configured_interface_with_descr();
+					// Allow extending of the firewall edit page and include custom input validation
+					pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
+					foreach ($ifdescs as $ifent => $ifdesc) {
+						if (have_ruleint_access($ifent)) {
+								$interfaces[$ifent] = $ifdesc;
+						}
+					}
+					if ($config['l2tp']['mode'] == "server") {
+						if (have_ruleint_access("l2tp")) {
 							$interfaces['l2tp'] = "L2TP VPN";
-					if ($config['pptpd']['mode'] == "server")
-						if(have_ruleint_access("pptp"))
+						}
+					}
+					if ($config['pptpd']['mode'] == "server") {
+						if (have_ruleint_access("pptp")) {
 							$interfaces['pptp'] = "PPTP VPN";
+						}
+					}
 
-					if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
+					if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
 						$interfaces['pppoe'] = "PPPoE Server";
+					}
 					/* add ipsec interfaces */
-					if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
-						if(have_ruleint_access("enc0"))
+					if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) {
+						if (have_ruleint_access("enc0")) {
 							$interfaces["enc0"] = "IPsec";
+						}
+					}
 					/* add openvpn/tun interfaces */
-					if  ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
+					if  ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
 						$interfaces["openvpn"] = "OpenVPN";
-					if (is_array($pconfig['interface']))
+					}
+					if (is_array($pconfig['interface'])) {
 						$pconfig['interface'] = implode(",", $pconfig['interface']);
+					}
 					$selected_interfaces = explode(",", $pconfig['interface']);
 					foreach ($interfaces as $iface => $ifacename): ?>
-						<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 || in_array($iface, $selected_interfaces) )) echo "selected=\"selected\""; ?>><?=$ifacename?></option>
+						<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && (strcasecmp($pconfig['interface'], $iface) == 0 || in_array($iface, $selected_interfaces))) echo "selected=\"selected\""; ?>><?=$ifacename?></option>
 <?php 				endforeach; ?>
 				</select>
 				<br />
@@ -954,7 +1091,7 @@ include("head.inc");
 			</td>
 			<td width="78%" class="vtable">
 				<select name="direction" class="formselect">
-					<?php      $directions = array('any','in','out');
+				<?php $directions = array('any','in','out');
 				foreach ($directions as $direction): ?>
 				<option value="<?=$direction;?>"
 					<?php if ($direction == $pconfig['direction']): ?>
@@ -971,9 +1108,11 @@ include("head.inc");
 			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
 			<td width="78%" class="vtable">
 				<select name="ipprotocol" class="formselect" onchange="proto_change()">
-					<?php      $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6' );
-				foreach ($ipproto as $proto => $name): ?>
-				<option value="<?=$proto;?>"
+				<?php
+				$ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6');
+				foreach ($ipproto as $proto => $name):
+				?>
+					<option value="<?=$proto;?>"
 					<?php if ($proto == $pconfig['ipprotocol']): ?>
 						selected="selected"
 					<?php endif; ?>
@@ -1044,37 +1183,43 @@ include("head.inc");
 						<td>
 							<select <?=$edit_disabled;?> name="srctype" class="formselect" onchange="typesel_change()">
 <?php
-								$sel = is_specialnet($pconfig['src']); ?>
+								$sel = is_specialnet($pconfig['src']);
+?>
 								<option value="any"     <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any");?></option>
 								<option value="single"
-						<?php  if (!$sel &&
-							    ((is_ipaddrv6($pconfig['src']) && $pconfig['srcmask'] == 128) ||
-							    (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] == 32) || is_alias($pconfig['src'])))
-								{ echo "selected=\"selected\""; $sel = 1; }
-						?>
+								<?php
+									if (!$sel &&
+										((is_ipaddrv6($pconfig['src']) && $pconfig['srcmask'] == 128) ||
+										 (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] == 32) || is_alias($pconfig['src']))) {
+										echo "selected=\"selected\""; $sel = 1;
+									}
+								?>
 								> <?=gettext("Single host or alias");?></option>
 								<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network");?></option>
-								<?PHP	if (isset($a_filter[$id]['floating']) || $if == "FloatingRules"): ?>
-								<option value="(self)" <?PHP if ($pconfig['src'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option>
-								<?PHP endif;?>
-								<?php if(have_ruleint_access("pptp")): ?>
-								<option value="pptp"    <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option>
+								<?php if (isset($a_filter[$id]['floating']) || $if == "FloatingRules"): ?>
+								<option value="(self)" <?php if ($pconfig['src'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option>
+								<?php endif;?>
+								<?php if (have_ruleint_access("pptp")): ?>
+								<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option>
 								<?php endif; ?>
-								<?php if(have_ruleint_access("pppoe")): ?>
-								<option value="pppoe"   <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option>
+								<?php if (have_ruleint_access("pppoe")): ?>
+								<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option>
 								<?php endif; ?>
-								<?php if(have_ruleint_access("l2tp")): ?>
-								<option value="l2tp"   <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option>
+								<?php if (have_ruleint_access("l2tp")): ?>
+								<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option>
 								<?php endif; ?>
 <?php
-								foreach ($ifdisp as $ifent => $ifdesc): ?>
-								<?php if(have_ruleint_access($ifent)): ?>
+								foreach ($ifdisp as $ifent => $ifdesc):
+?>
+								<?php if (have_ruleint_access($ifent)): ?>
 									<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net");?></option>
 									<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] ==  $ifent . "ip") { echo "selected=\"selected\""; } ?>>
 										<?=$ifdesc?> <?=gettext("address");?>
 									</option>
 								<?php endif; ?>
-<?php 							endforeach; ?>
+<?php
+								endforeach;
+?>
 							</select>
 						</td>
 					</tr>
@@ -1092,7 +1237,7 @@ include("head.inc");
 				</table>
 				<div id="showadvancedboxspr">
 					<p>
-					<input <?=$edit_disabled;?> type="button" onclick="show_source_port_range()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source port range");?>
+						<input <?=$edit_disabled;?> type="button" onclick="show_source_port_range()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source port range");?>
 					</p>
 				</div>
 			</td>
@@ -1137,10 +1282,10 @@ include("head.inc");
 			<td width="78%" class="vtable">
 				<input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> />
 				<strong><?=gettext("not");?></strong>
-					<br />
+				<br />
 				<?=gettext("Use this option to invert the sense of the match.");?>
-					<br />
-					<br />
+				<br />
+				<br />
 				<table border="0" cellspacing="0" cellpadding="0">
 					<tr>
 						<td><?=gettext("Type:");?>&nbsp;&nbsp;</td>
@@ -1150,26 +1295,28 @@ include("head.inc");
 								$sel = is_specialnet($pconfig['dst']); ?>
 								<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any");?></option>
 								<option value="single"
-								<?php  if (!$sel &&
+								<?php
+									if (!$sel &&
 									    ((is_ipaddrv6($pconfig['dst']) && $pconfig['dstmask'] == 128) ||
-									    (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] == 32) || is_alias($pconfig['dst'])))
-										{ echo "selected=\"selected\""; $sel = 1; }
+									     (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] == 32) || is_alias($pconfig['dst']))) {
+										echo "selected=\"selected\""; $sel = 1;
+									}
 								?>
 								><?=gettext("Single host or alias");?></option>
 								<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network");?></option>
 								<option value="(self)" <?PHP if ($pconfig['dst'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option>
-								<?php if(have_ruleint_access("pptp")): ?>
+								<?php if (have_ruleint_access("pptp")): ?>
 								<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients");?></option>
 								<?php endif; ?>
-								<?php if(have_ruleint_access("pppoe")): ?>
+								<?php if (have_ruleint_access("pppoe")): ?>
 								<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option>
 								<?php endif; ?>
-								<?php if(have_ruleint_access("l2tp")): ?>
+								<?php if (have_ruleint_access("l2tp")): ?>
 								<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option>
 								<?php endif; ?>
 
 <?php 							foreach ($ifdisp as $if => $ifdesc): ?>
-								<?php if(have_ruleint_access($if)): ?>
+								<?php if (have_ruleint_access($if)): ?>
 									<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net");?></option>
 									<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>>
 										<?=$ifdesc;?> <?=gettext("address");?>
@@ -1185,9 +1332,7 @@ include("head.inc");
 							<input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" />
 							/
 							<select <?=$edit_disabled;?> name="dstmask" class="formselect ipv4v6" id="dstmask">
-<?php
-							for ($i = 127; $i > 0;
-$i--): ?>
+<?php						for ($i = 127; $i > 0; $i--): ?>
 								<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
 <?php						endfor; ?>
 							</select>
@@ -1223,7 +1368,7 @@ $i--): ?>
 									<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars("{$wkportdesc} ({$wkport})");?></option>
 <?php 							endforeach; ?>
 							</select>
-								<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" />
+							<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" />
 						</td>
 					</tr>
 				</table>
@@ -1282,12 +1427,9 @@ $i--): ?>
 					<?=gettext("OS Type:");?>&nbsp;
 					<select name="os" id="os" class="formselect">
 						<option value="" <?php if (empty($pconfig['os'])) echo "selected=\"selected\""; ?>>Any</option>
-<?php
-						foreach ($ostypes as $ostype): ?>
+<?php					foreach ($ostypes as $ostype): ?>
 							<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($ostype);?></option>
-<?php
-					endforeach;
-?>
+<?php					endforeach; ?>
 					</select>
 					<br />
 					<?=gettext("Note: this only works for TCP rules. General OS choice matches all subtypes.");?>
@@ -1303,8 +1445,8 @@ $i--): ?>
 				<div id="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>>
 					<select name="dscp" id="dscp">
 						<option value=""></option>
-						<?php foreach($firewall_rules_dscp_types as $frdt): ?>
-							<option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " selected=\"selected\""; ?>><?=$frdt?></option>
+						<?php foreach ($firewall_rules_dscp_types as $frdt): ?>
+							<option value="<?=$frdt?>"<?php if ($pconfig['dscp'] == $frdt) echo " selected=\"selected\""; ?>><?=$frdt?></option>
 						<?php endforeach; ?>
 					</select>
 				</div>
@@ -1317,10 +1459,10 @@ $i--): ?>
 				<input type="button" onclick="show_aodiv();" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
 			</div>
 			<div id="aodivmain" <?php if (!is_aoadv_used($pconfig)) echo "style='display:none'"; ?>>
-				<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked=\"checked\""; ?> />
+				<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if ($pconfig['allowopts'] == true) echo " checked=\"checked\""; ?> />
 				<br /><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
 				</span><p>
-				<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked=\"checked\""; ?> />
+				<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if ($pconfig['disablereplyto'] == true) echo " checked=\"checked\""; ?> />
 				<br /><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?>
 				</span></p><p>
 				<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>" />
@@ -1335,10 +1477,11 @@ $i--): ?>
 				<input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>" /><br /><?=gettext(" Maximum state entries per host");?></p><p>
 				<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>" /> /
 				<select name="max-src-conn-rates" id="max-src-conn-rates">
-					<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected=\"selected\""; ?>></option>
-<?php				for($x=1; $x<255; $x++) {
-						if($x == $pconfig['max-src-conn-rates']) $selected = " selected=\"selected\""; else $selected = "";
-						echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
+					<option value=""<?php if (intval($pconfig['max-src-conn-rates']) < 1) echo " selected=\"selected\""; ?>></option>
+<?php				for ($x=1; $x<255; $x++) {
+						if ($x == $pconfig['max-src-conn-rates']) $selected = " selected=\"selected\""; else $selected = ""; {
+							echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
+						}
 					} ?>
 				</select><br />
 				<?=gettext("Maximum new connections per host / per second(s) (TCP only)");?>
@@ -1353,41 +1496,43 @@ $i--): ?>
 		<tr id="tcpflags">
 			<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
 			<td width="78%" class="vtable">
-			<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] || $pconfig['tcpflags1'] || $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
-				<input type="button" onclick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
-			</div>
-			<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
-			<div id="tcpheader" align="center">
-			<table border="0" cellspacing="0" cellpadding="0">
-			<?php
-				$setflags = explode(",", $pconfig['tcpflags1']);
-				$outofflags = explode(",", $pconfig['tcpflags2']);
-				$header = "<td width='40' class='nowrap'></td>";
-				$tcpflags1 = "<td width='40' class='nowrap'>set</td>";
-				$tcpflags2 = "<td width='40' class='nowrap'>out of</td>";
-				foreach ($tcpflags as $tcpflag) {
-					$header .= "<td  width='40' class='nowrap'><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
-					$tcpflags1 .= "<td  width='40' class='nowrap'> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
-					if (array_search($tcpflag, $setflags) !== false)
-						$tcpflags1 .= "checked=\"checked\"";
-					$tcpflags1 .= " /></td>\n";
-					$tcpflags2 .= "<td  width='40' class='nowrap'> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
-					if (array_search($tcpflag, $outofflags) !== false)
-						$tcpflags2 .= "checked=\"checked\"";
-					$tcpflags2 .= " /></td>\n";
-				}
-				echo "<tr id='tcpheader'>{$header}</tr>\n";
-				echo "<tr id='tcpflags1'>{$tcpflags1}</tr>\n";
-				echo "<tr id='tcpflags2'>{$tcpflags2}</tr>\n";
-			?>
-			</table>
-			</div>
-			<br /><center>
-			<input onclick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Any flags.");?></strong><br /></center>
-			<br />
-			<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
-			"be set or cleared for this rule to match.");?></span>
-			</div>
+				<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] || $pconfig['tcpflags1'] || $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
+					<input type="button" onclick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
+				</div>
+				<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
+					<div id="tcpheader" align="center">
+						<table border="0" cellspacing="0" cellpadding="0">
+						<?php
+							$setflags = explode(",", $pconfig['tcpflags1']);
+							$outofflags = explode(",", $pconfig['tcpflags2']);
+							$header = "<td width='40' class='nowrap'></td>";
+							$tcpflags1 = "<td width='40' class='nowrap'>set</td>";
+							$tcpflags2 = "<td width='40' class='nowrap'>out of</td>";
+							foreach ($tcpflags as $tcpflag) {
+								$header .= "<td  width='40' class='nowrap'><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
+								$tcpflags1 .= "<td  width='40' class='nowrap'> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
+								if (array_search($tcpflag, $setflags) !== false) {
+									$tcpflags1 .= "checked=\"checked\"";
+								}
+								$tcpflags1 .= " /></td>\n";
+								$tcpflags2 .= "<td  width='40' class='nowrap'> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
+								if (array_search($tcpflag, $outofflags) !== false) {
+									$tcpflags2 .= "checked=\"checked\"";
+								}
+								$tcpflags2 .= " /></td>\n";
+							}
+							echo "<tr id='tcpheader'>{$header}</tr>\n";
+							echo "<tr id='tcpflags1'>{$tcpflags1}</tr>\n";
+							echo "<tr id='tcpflags2'>{$tcpflags2}</tr>\n";
+						?>
+						</table>
+					</div>
+					<br /><center>
+					<input onclick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Any flags.");?></strong><br /></center>
+					<br />
+					<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
+					"be set or cleared for this rule to match.");?></span>
+				</div>
 			</td>
 		</tr>
 		<tr>
@@ -1403,10 +1548,10 @@ $i--): ?>
 						<?=gettext("Hint: This prevents states created by this rule to be sync'ed over pfsync.");?><br />
 					</span><br />
 					<select name="statetype">
-						<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected=\"selected\""; ?>><?=gettext("keep state");?></option>
-						<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected=\"selected\""; ?>><?=gettext("sloppy state");?></option>
-						<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state")  echo "selected=\"selected\""; ?>><?=gettext("synproxy state");?></option>
-						<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none");?></option>
+						<option value="keep state" <?php if (!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected=\"selected\""; ?>><?=gettext("keep state");?></option>
+						<option value="sloppy state" <?php if ($pconfig['statetype'] == "sloppy state") echo "selected=\"selected\""; ?>><?=gettext("sloppy state");?></option>
+						<option value="synproxy state"<?php if ($pconfig['statetype'] == "synproxy state")  echo "selected=\"selected\""; ?>><?=gettext("synproxy state");?></option>
+						<option value="none"<?php if ($pconfig['statetype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none");?></option>
 					</select><br />
 					<span class="vexpl">
 						<?=gettext("Hint: Select which type of state tracking mechanism you would like to use.  If in doubt, use keep state.");?>
@@ -1427,7 +1572,7 @@ $i--): ?>
 					<input type="button" onclick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
 				</div>
 				<div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>>
-					<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
+					<input type="checkbox" name="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
 					<?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
 				</div>
 			</td>
@@ -1442,27 +1587,31 @@ $i--): ?>
 					<?php $vlanprio = array("none", "be", "bk", "ee", "ca", "vi", "vo", "ic", "nc"); ?>
 <?php
 					$opts = "";
-					foreach($vlanprio as $vprio) {
-						if ($vprio == $pconfig['vlanprio'])
+					foreach ($vlanprio as $vprio) {
+						if ($vprio == $pconfig['vlanprio']) {
 							$selected = " selected=\"selected\"";
-						else
+						} else {
 							$selected = "";
-						if ($vprio == "none")
+						}
+						if ($vprio == "none") {
 							$opts .= "<option value=\"\">{$vprio}</option>\n";
-						else
+						} else {
 							$opts .= "<option value=\"{$vprio}\" {$selected}>" . strtoupper($vprio) . "</option>\n";
+						}
 					}
 
 					$optsset = "";
-					foreach($vlanprio as $vprioset) {
-						if ($vprioset == $pconfig['vlanprioset'])
+					foreach ($vlanprio as $vprioset) {
+						if ($vprioset == $pconfig['vlanprioset']) {
 							$selected = " selected=\"selected\"";
-						else
+						} else {
 							$selected = "";
-						if ($vprioset == "none")
+						}
+						if ($vprioset == "none") {
 							$optsset .= "<option value=\"\">{$vprioset}</option>\n";
-						else
+						} else {
 							$optsset .= "<option value=\"{$vprioset}\" {$selected}>" . strtoupper($vprioset) . "</option>\n";
+						}
 					}
 ?>
 					<select name='vlanprio'>
@@ -1480,10 +1629,11 @@ $i--): ?>
 			//build list of schedules
 			$schedules = array();
 			$schedules[] = "none";//leave none to leave rule enabled all the time
-			if(is_array($config['schedules']['schedule'])) {
+			if (is_array($config['schedules']['schedule'])) {
 				foreach ($config['schedules']['schedule'] as $schedule) {
-					if ($schedule['name'] <> "")
+					if ($schedule['name'] <> "") {
 						$schedules[] = $schedule['name'];
+					}
 				}
 			}
 		?>
@@ -1496,8 +1646,8 @@ $i--): ?>
 				<div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>>
 					<select name='sched'>
 <?php
-					foreach($schedules as $schedule) {
-						if($schedule == $pconfig['sched']) {
+					foreach ($schedules as $schedule) {
+						if ($schedule == $pconfig['sched']) {
 							$selected = " selected=\"selected\"";
 						} else {
 							$selected = "";
@@ -1527,16 +1677,20 @@ $i--): ?>
 					/* build a list of gateways */
 					$gateways = return_gateways_array();
 					// add statically configured gateways to list
-					foreach($gateways as $gwname => $gw) {
-						if(($pconfig['ipprotocol'] == "inet46"))
+					foreach ($gateways as $gwname => $gw) {
+						if (($pconfig['ipprotocol'] == "inet46")) {
 							continue;
-						if(($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") || (is_ipaddrv6($gw['gateway']))))
+						}
+						if (($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") || (is_ipaddrv6($gw['gateway'])))) {
 							continue;
-						if(($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway']))))
+						}
+						if (($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway'])))) {
 							continue;
-						if($gw == "")
+						}
+						if ($gw == "") {
 							continue;
-						if($gwname == $pconfig['gateway']) {
+						}
+						if ($gwname == $pconfig['gateway']) {
 							$selected = " selected=\"selected\"";
 						} else {
 							$selected = "";
@@ -1546,9 +1700,9 @@ $i--): ?>
 					}
 					/* add gateway groups to the list */
 					if (is_array($a_gatewaygroups)) {
-						foreach($a_gatewaygroups as $gwg_name => $gwg_data) {
-							if((empty($pconfig['ipprotocol'])) || ($pconfig['ipprotocol'] == $gwg_data['ipprotocol'])) {
-								if($pconfig['gateway'] == $gwg_name) {
+						foreach ($a_gatewaygroups as $gwg_name => $gwg_data) {
+							if ((empty($pconfig['ipprotocol'])) || ($pconfig['ipprotocol'] == $gwg_data['ipprotocol'])) {
+								if ($pconfig['gateway'] == $gwg_name) {
 									$selected = " selected=\"selected\"";
 								} else {
 									$selected = "";
@@ -1572,14 +1726,18 @@ $i--): ?>
 				<div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
 					<select name="dnpipe">
 <?php
-		if (!is_array($dnqlist))
+		if (!is_array($dnqlist)) {
 			$dnqlist = array();
+		}
 		echo "<option value=\"\"";
-		if (!$dnqselected) echo " selected=\"selected\"";
+		if (!$dnqselected) {
+			echo " selected=\"selected\"";
+		}
 		echo " >none</option>";
 		foreach ($dnqlist as $dnq => $dnqkey) {
-			if($dnq == "")
+			if ($dnq == "") {
 				continue;
+			}
 			echo "<option value=\"$dnq\"";
 			if ($dnq == $pconfig['dnpipe']) {
 				$dnqselected = 1;
@@ -1588,16 +1746,19 @@ $i--): ?>
 			echo ">{$dnq}</option>";
 		}
 ?>
-			</select> /
-			<select name="pdnpipe">
+					</select> /
+					<select name="pdnpipe">
 <?php
 		$dnqselected = 0;
 		echo "<option value=\"\"";
-		if (!$dnqselected) echo " selected=\"selected\"";
+		if (!$dnqselected) {
+			echo " selected=\"selected\"";
+		}
 		echo " >none</option>";
 		foreach ($dnqlist as $dnq => $dnqkey) {
-			if($dnq == "")
+			if ($dnq == "") {
 				continue;
+			}
 			echo "<option value=\"$dnq\"";
 			if ($dnq == $pconfig['pdnpipe']) {
 				$dnqselected = 1;
@@ -1606,9 +1767,9 @@ $i--): ?>
 			echo ">{$dnq}</option>";
 		}
 ?>
-				</select>
-				<br />
-				<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br />".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br />".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span>
+					</select>
+					<br />
+					<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br />".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br />".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span>
 				</div>
 			</td>
 		</tr>
@@ -1616,69 +1777,79 @@ $i--): ?>
 		<tr>
 			<td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td>
 			<td width="78%" class="vtable">
-			<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
-				<input type="button" onclick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
-			</div>
-			<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
-				<select name="ackqueue">
+				<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
+					<input type="button" onclick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
+				</div>
+				<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
+					<select name="ackqueue">
 <?php
-			if (!is_array($qlist))
+			if (!is_array($qlist)) {
 				$qlist = array();
+			}
 			echo "<option value=\"\"";
-			if (!$qselected) echo " selected=\"selected\"";
+			if (!$qselected) {
+				echo " selected=\"selected\"";
+			}
 			echo " >none</option>";
 			foreach ($qlist as $q => $qkey) {
-				if($q == "")
+				if ($q == "") {
 					continue;
+				}
 				echo "<option value=\"$q\"";
 				if ($q == $pconfig['ackqueue']) {
 					$qselected = 1;
 					echo " selected=\"selected\"";
 				}
-				if (isset($ifdisp[$q]))
+				if (isset($ifdisp[$q])) {
 					echo ">{$ifdisp[$q]}</option>";
-				else
+				} else {
 					echo ">{$q}</option>";
+				}
 			}
 ?>
-				</select> /
-				<select name="defaultqueue">
+					</select> /
+					<select name="defaultqueue">
 <?php
 			$qselected = 0;
 			echo "<option value=\"\"";
-			if (!$qselected) echo " selected=\"selected\"";
+			if (!$qselected) {
+				echo " selected=\"selected\"";
+			}
 			echo " >none</option>";
 			foreach ($qlist as $q => $qkey) {
-				if($q == "")
+				if ($q == "") {
 					continue;
+				}
 				echo "<option value=\"$q\"";
 				if ($q == $pconfig['defaultqueue']) {
 					$qselected = 1;
 					echo " selected=\"selected\"";
 				}
-				if (isset($ifdisp[$q]))
+				if (isset($ifdisp[$q])) {
 					echo ">{$ifdisp[$q]}</option>";
-				else
+				} else {
 					echo ">{$q}</option>";
+				}
 			}
 ?>
-				</select>
+					</select>
 					<br />
 					<span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span>
-					</div>
-				</td>
-			</tr>
-			<tr>
-				<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
-				<td width="78%" class="vtable">
-					<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
-						<input type="button" onclick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
-					</div>
-					<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
-						<select name="l7container">
+				</div>
+			</td>
+		</tr>
+		<tr>
+			<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
+			<td width="78%" class="vtable">
+				<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
+					<input type="button" onclick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
+				</div>
+				<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
+					<select name="l7container">
 <?php
-						if (!is_array($l7clist))
+						if (!is_array($l7clist)) {
 							$l7clist = array();
+						}
 						echo "<option value=\"\"";
 						echo " >none</option>";
 						foreach ($l7clist as $l7ckey) {
@@ -1689,15 +1860,15 @@ $i--): ?>
 							echo ">{$l7ckey}</option>";
 						}
 ?>
-						</select>
-						<br />
-						<span class="vexpl">
-							<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
-							"These are valid for TCP and UDP protocols only.");?>
-						</span>
-					</div>
-				</td>
-			</tr>
+					</select>
+					<br />
+					<span class="vexpl">
+						<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
+						"These are valid for TCP and UDP protocols only.");?>
+					</span>
+				</div>
+			</td>
+		</tr>
 <?php
 		// Allow extending of the firewall edit page and include custom input validation
 		pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate");
@@ -1750,7 +1921,7 @@ $has_updated_time = (isset($a_filter[$id]['updated']) && is_array($a_filter[$id]
 	ext_change();
 	typesel_change();
 	proto_change();
-	<?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") || (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?>
+	<?php if ((!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") || (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any")): ?>
 	show_source_port_range();
 	<?php endif; ?>
 
-- 
cgit v1.1