From 5b237745003431d487de361ca0980a467ee2f5d5 Mon Sep 17 00:00:00 2001
From: Scott Ullrich Diagnostics: Backup/restore Diagnostics: Factory defaults Diagnostics: DHCP leases
+ No leases file found. Is the DHCP server active? Diagnostics: IPsec Diagnostics: IPsec No IPsec security policies. Diagnostics: System logs Diagnostics: System logs Diagnostics: System logs Diagnostics: System logs Diagnostics: System logs Diagnostics: Ping Diagnostics: Reset state =$Title ?>
+" . $ulmsg . " =$Title ?>
+
+ Note: this function is unsupported. Use it
+on your own risk!
+
+
+
+";
+ $fspane = "";
+ } else {
+ $fspans = $fspane = "";
+ }
+ echo "IP address
+ MAC address
+ Hostname
+ Start
+ End
+ \n";
+ echo " \n";
+ }
+}
+?>
+{$fspans}{$data['ip']}{$fspane} \n";
+ echo "{$fspans}{$data['mac']}{$fspane} \n";
+ echo "{$fspans}{$data['hostname']}{$fspane} \n";
+ echo "{$fspans}{$data['start']}{$fspane} \n";
+ echo "{$fspans}{$data['end']}{$fspane} \n";
+ echo "
+
+
+
+
diff --git a/usr/local/www/diag_logs.php b/usr/local/www/diag_logs.php
new file mode 100755
index 0000000..fe4d41a
--- /dev/null
+++ b/usr/local/www/diag_logs.php
@@ -0,0 +1,102 @@
+#!/usr/local/bin/php
+.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$nentries = $config['syslog']['nentries'];
+if (!$nentries)
+ $nentries = 50;
+
+if ($_POST['clear']) {
+ exec("/usr/sbin/clog -i -s 262144 /var/log/system.log");
+}
+
+function dump_clog($logfile, $tail, $withorig = true) {
+ global $g, $config;
+
+ $sor = isset($config['syslog']['reverse']) ? "-r" : "";
+
+ exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
+
+ foreach ($logarr as $logent) {
+ $logent = preg_split("/\s+/", $logent, 6);
+ echo "
+
+
+
+
+ /dev/null 2>&1", "w");
+ if ($fd) {
+ fwrite($fd, "spddelete {$_GET['src']} {$_GET['dst']} any -P {$_GET['dir']} ;\n");
+ pclose($fd);
+ sleep(1);
+ }
+}
+
+/* query SAD */
+$fd = @popen("/usr/sbin/setkey -DP", "r");
+$spd = array();
+if ($fd) {
+ while (!feof($fd)) {
+ $line = chop(fgets($fd));
+ if (!$line)
+ continue;
+ if ($line == "No SPD entries.")
+ break;
+ if ($line[0] != "\t") {
+ if (is_array($cursp))
+ $spd[] = $cursp;
+ $cursp = array();
+ $linea = explode(" ", $line);
+ $cursp['src'] = substr($linea[0], 0, strpos($linea[0], "["));
+ $cursp['dst'] = substr($linea[1], 0, strpos($linea[1], "["));
+ $i = 0;
+ } else if (is_array($cursp)) {
+ $linea = explode(" ", trim($line));
+ if ($i == 1) {
+ if ($linea[1] == "none") /* don't show default anti-lockout rule */
+ unset($cursp);
+ else
+ $cursp['dir'] = $linea[0];
+ } else if ($i == 2) {
+ $upperspec = explode("/", $linea[0]);
+ $cursp['proto'] = $upperspec[0];
+ list($cursp['ep_src'], $cursp['ep_dst']) = explode("-", $upperspec[2]);
+ }
+ }
+ $i++;
+ }
+ if (is_array($cursp) && count($cursp))
+ $spd[] = $cursp;
+ pclose($fd);
+}
+if (count($spd)):
+?>
+
+
+
+
+
+ Source
+ Destination
+ Direction
+ Protocol
+ Tunnel endpoints
+
+
+
+
+=htmlspecialchars($sp['src']);?>
+ =htmlspecialchars($sp['dst']);?>
+
+ =htmlspecialchars(strtoupper($sp['proto']));?>
+ =htmlspecialchars($sp['ep_src']);?> -
+
+ =htmlspecialchars($sp['ep_dst']);?>
+
+
+
+
+
+
+
+
+
+
+
+ incoming (as seen by firewall)
+
+
+
+
+
+
+ outgoing (as seen by firewall)
+ \n";
+
+ if ($withorig) {
+ echo " \n";
+ }
+}
+
+?>
+
+
+
+" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . " \n";
+ echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . " \n";
+ } else {
+ echo "" . htmlspecialchars($logent[5]) . " \n";
+ }
+ echo "
+
+
+
+
diff --git a/usr/local/www/diag_logs_dhcp.php b/usr/local/www/diag_logs_dhcp.php
new file mode 100755
index 0000000..ba13ee3
--- /dev/null
+++ b/usr/local/www/diag_logs_dhcp.php
@@ -0,0 +1,103 @@
+#!/usr/local/bin/php
+.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$nentries = $config['syslog']['nentries'];
+if (!$nentries)
+ $nentries = 50;
+
+if ($_POST['clear']) {
+ exec("/usr/sbin/clog -i -s 32768 /var/log/dhcpd.log");
+}
+
+function dump_clog($logfile, $tail, $withorig = true) {
+ global $g, $config;
+
+ $sor = isset($config['syslog']['reverse']) ? "-r" : "";
+
+ exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
+
+ foreach ($logarr as $logent) {
+ $logent = preg_split("/\s+/", $logent, 6);
+ echo "
+
+
+
+
+
+
+
+
+
+
+
+
+ Last =$nentries;?> system log entries
+
+ \n";
+
+ if ($withorig) {
+ echo " \n";
+ }
+}
+
+?>
+
+
+
+" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . " \n";
+ echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . " \n";
+ } else {
+ echo "" . htmlspecialchars($logent[5]) . " \n";
+ }
+ echo "
+
+
+
+
+
diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php
new file mode 100755
index 0000000..fece0ac
--- /dev/null
+++ b/usr/local/www/diag_logs_filter.php
@@ -0,0 +1,190 @@
+#!/usr/local/bin/php
+.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$nentries = $config['syslog']['nentries'];
+if (!$nentries)
+ $nentries = 50;
+
+if ($_POST['clear']) {
+ exec("/usr/sbin/clog -i -s 262144 /var/log/filter.log");
+}
+
+function dump_clog($logfile, $tail, $withorig = true) {
+ global $g, $config;
+
+ $sor = isset($config['syslog']['reverse']) ? "-r" : "";
+
+ exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
+
+ foreach ($logarr as $logent) {
+ $logent = preg_split("/\s+/", $logent, 6);
+ echo "
+
+
+
+
+
+
+
+
+
+
+
+
+ Last =$nentries;?> DHCP service log entries
+
+ \n";
+
+ if ($withorig) {
+ echo " \n";
+ }
+}
+
+function conv_clog($logfile, $tail) {
+ global $g, $config;
+
+ /* make interface/port table */
+ $iftable = array();
+ $iftable[$config['interfaces']['lan']['if']] = "LAN";
+ $iftable[get_real_wan_interface()] = "WAN";
+ for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++)
+ $iftable[$config['interfaces']['opt' . $i]['if']] = $config['interfaces']['opt' . $i]['descr'];
+
+ $sor = isset($config['syslog']['reverse']) ? "-r" : "";
+
+ exec("/usr/sbin/clog " . $logfile . " | tail {$sor} -n " . $tail, $logarr);
+
+ $filterlog = array();
+
+ foreach ($logarr as $logent) {
+ $logent = preg_split("/\s+/", $logent, 6);
+ $ipfa = explode(" ", $logent[5]);
+
+ $flent = array();
+ $i = 0;
+ $flent['time'] = $ipfa[$i];
+ $i++;
+ if (substr($ipfa[$i], -1) == "x") {
+ $flent['count'] = substr($ipfa[$i], 0, -1);
+ $i++;
+ }
+ if ($iftable[$ipfa[$i]])
+ $flent['interface'] = $iftable[$ipfa[$i]];
+ else
+ $flent['interface'] = $ipfa[$i];
+ $i += 2;
+ $flent['act'] = $ipfa[$i];
+ $i++;
+ $flent['src'] = format_ipf_ip($ipfa[$i]);
+ $i += 2;
+ $flent['dst'] = format_ipf_ip($ipfa[$i]);
+ $i += 2;
+ $flent['proto'] = strtoupper($ipfa[$i]);
+
+ $filterlog[] = $flent;
+ }
+
+ return $filterlog;
+}
+
+function format_ipf_ip($ipfip) {
+ list($ip,$port) = explode(",", $ipfip);
+ if (!$port)
+ return $ip;
+
+ return $ip . ", port " . $port;
+}
+
+?>
+
+
+
+" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . " \n";
+ echo "" . htmlspecialchars($logent[4] . " " . $logent[5]) . " \n";
+ } else {
+ echo "" . htmlspecialchars($logent[5]) . " \n";
+ }
+ echo "
+
+
+
+
diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php
new file mode 100755
index 0000000..7868c56
--- /dev/null
+++ b/usr/local/www/diag_logs_settings.php
@@ -0,0 +1,202 @@
+#!/usr/local/bin/php
+.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+$pconfig['reverse'] = isset($config['syslog']['reverse']);
+$pconfig['nentries'] = $config['syslog']['nentries'];
+$pconfig['remoteserver'] = $config['syslog']['remoteserver'];
+$pconfig['filter'] = isset($config['syslog']['filter']);
+$pconfig['dhcp'] = isset($config['syslog']['dhcp']);
+$pconfig['vpn'] = isset($config['syslog']['vpn']);
+$pconfig['system'] = isset($config['syslog']['system']);
+$pconfig['enable'] = isset($config['syslog']['enable']);
+$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']);
+$pconfig['rawfilter'] = isset($config['syslog']['rawfilter']);
+
+if (!$pconfig['nentries'])
+ $pconfig['nentries'] = 50;
+
+if ($_POST) {
+
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+ if ($_POST['enable'] && !is_ipaddr($_POST['remoteserver'])) {
+ $input_errors[] = "A valid IP address must be specified.";
+ }
+ if (($_POST['nentries'] < 5) || ($_POST['nentries'] > 1000)) {
+ $input_errors[] = "Number of log entries to show must be between 5 and 1000.";
+ }
+
+ if (!$input_errors) {
+ $config['syslog']['reverse'] = $_POST['reverse'] ? true : false;
+ $config['syslog']['nentries'] = (int)$_POST['nentries'];
+ $config['syslog']['remoteserver'] = $_POST['remoteserver'];
+ $config['syslog']['filter'] = $_POST['filter'] ? true : false;
+ $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false;
+ $config['syslog']['vpn'] = $_POST['vpn'] ? true : false;
+ $config['syslog']['system'] = $_POST['system'] ? true : false;
+ $config['syslog']['enable'] = $_POST['enable'] ? true : false;
+ $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']);
+ $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true;
+ $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false;
+
+ write_config();
+
+ $retval = 0;
+ if (!file_exists($d_sysrebootreqd_path)) {
+ config_lock();
+ $retval = system_syslogd_start();
+ if ($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock']))
+ $retval |= filter_configure();
+ config_unlock();
+ }
+ $savemsg = get_std_save_message($retval);
+ }
+}
+
+?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Last =$nentries;?> firewall log entries
+
+
+ Act
+ Time
+ If
+ Source
+ Destination
+ Proto
+
+
+
+
+
+
+ =htmlspecialchars($filterent['time']);?>
+ =htmlspecialchars($filterent['interface']);?>
+ =htmlspecialchars($filterent['src']);?>
+ =htmlspecialchars($filterent['dst']);?>
+ =htmlspecialchars($filterent['proto']);?>
+
+
+
+
+
+
+
+ Last =$nentries;?> firewall log entries
+
+ \n";
+ echo " \n";
+ }
+}
+
+?>
+
+
+
+" . htmlspecialchars(join(" ", array_slice($logent, 0, 3))) . " \n";
+
+ if ($llent[0] == "login")
+ echo "\n";
+ else
+ echo " \n";
+
+ echo " " . htmlspecialchars($llent[3]) . " \n";
+ echo "" . htmlspecialchars($llent[2]) . " \n";
+ echo "
+
+
+
+
diff --git a/usr/local/www/diag_ping.php b/usr/local/www/diag_ping.php
new file mode 100755
index 0000000..33ad4ac
--- /dev/null
+++ b/usr/local/www/diag_ping.php
@@ -0,0 +1,113 @@
+#!/usr/local/bin/php
+.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+define('MAX_COUNT', 10);
+define('DEFAULT_COUNT', 3);
+
+if ($_POST) {
+ unset($input_errors);
+ unset($do_ping);
+
+ /* input validation */
+ $reqdfields = explode(" ", "host count");
+ $reqdfieldsn = explode(",", "Host,Count");
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (($_POST['count'] < 1) || ($_POST['count'] > MAX_COUNT)) {
+ $input_errors[] = "Count must be between 1 and {MAX_COUNT}";
+ }
+
+ if (!$input_errors) {
+ $do_ping = true;
+ $host = preg_replace ("/[^A-Za-z0-9.]/","",$_POST['host']);
+ $count = $_POST['count'];
+
+ }
+}
+if (!isset($do_ping)) {
+ $do_ping = false;
+ $host = '';
+ $count = DEFAULT_COUNT;
+}
+?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Last =$nentries;?> firewall log entries
+
+
+
+ Time
+ Action
+ User
+ IP address
+
+
+ |
+
|
+ ||
+
|
+
|
+ ||
pfSense is © 2004 by Scott Ullrich. All Rights Reserved.
+ pfSense is originally based on m0n0wall which is © 2002-2004 by Manuel Kasper. + All rights reserved. [view license] |
+
Firewall: Aliases
+ +Note:
+ Aliases act as placeholders for real IP addresses
+ and can be used to minimize the number of changes that have to
+ be made if a host or network address changes. You can enter the
+ name of an alias instead of an IP address in all address fields
+ that have a blue background. The alias will be resolved to its
+ current address according to the list below. If an alias cannot
+ be resolved (e.g. because you deleted it), the corresponding element
+ (e.g. filter/NAT/shaper rule) will be considered invalid and skipped.
Firewall: Aliases: Edit alias
+ + + + + + diff --git a/usr/local/www/firewall_nat.php b/usr/local/www/firewall_nat.php new file mode 100755 index 0000000..1708ef8 --- /dev/null +++ b/usr/local/www/firewall_nat.php @@ -0,0 +1,171 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['nat']['rule'])) { + $config['nat']['rule'] = array(); +} +nat_rules_sort(); +$a_nat = &$config['nat']['rule']; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_nat[$_GET['id']]) { + unset($a_nat[$_GET['id']]); + write_config(); + touch($d_natconfdirty_path); + header("Location: firewall_nat.php"); + exit; + } +} +?> + + + +Firewall: NAT
+ + + + diff --git a/usr/local/www/firewall_nat_1to1.php b/usr/local/www/firewall_nat_1to1.php new file mode 100755 index 0000000..f4d2e20 --- /dev/null +++ b/usr/local/www/firewall_nat_1to1.php @@ -0,0 +1,145 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['nat']['onetoone'])) { + $config['nat']['onetoone'] = array(); +} +$a_1to1 = &$config['nat']['onetoone']; +nat_1to1_rules_sort(); + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_1to1[$_GET['id']]) { + unset($a_1to1[$_GET['id']]); + write_config(); + touch($d_natconfdirty_path); + header("Location: firewall_nat_1to1.php"); + exit; + } +} +?> + + + +Firewall: NAT
+ + + + diff --git a/usr/local/www/firewall_nat_1to1_edit.php b/usr/local/www/firewall_nat_1to1_edit.php new file mode 100755 index 0000000..7361c92 --- /dev/null +++ b/usr/local/www/firewall_nat_1to1_edit.php @@ -0,0 +1,216 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['nat']['onetoone'])) { + $config['nat']['onetoone'] = array(); +} +nat_1to1_rules_sort(); +$a_1to1 = &$config['nat']['onetoone']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_1to1[$id]) { + $pconfig['external'] = $a_1to1[$id]['external']; + $pconfig['internal'] = $a_1to1[$id]['internal']; + $pconfig['interface'] = $a_1to1[$id]['interface']; + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; + if (!$a_1to1[$id]['subnet']) + $pconfig['subnet'] = 32; + else + $pconfig['subnet'] = $a_1to1[$id]['subnet']; + $pconfig['descr'] = $a_1to1[$id]['descr']; +} else { + $pconfig['subnet'] = 32; + $pconfig['interface'] = "wan"; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "interface external internal"); + $reqdfieldsn = explode(",", "Interface,External subnet,Internal subnet"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['external'] && !is_ipaddr($_POST['external']))) { + $input_errors[] = "A valid external subnet must be specified."; + } + if (($_POST['internal'] && !is_ipaddr($_POST['internal']))) { + $input_errors[] = "A valid internal subnet must be specified."; + } + + if (is_ipaddr($config['interfaces']['wan']['ipaddr'])) { + if (check_subnets_overlap($_POST['external'], $_POST['subnet'], + $config['interfaces']['wan']['ipaddr'], 32)) + $input_errors[] = "The WAN IP address may not be used in a 1:1 rule."; + } + + /* check for overlaps with other 1:1 */ + foreach ($a_1to1 as $natent) { + if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent)) + continue; + + if (check_subnets_overlap($_POST['external'], $_POST['subnet'], $natent['external'], $natent['subnet'])) { + $input_errors[] = "Another 1:1 rule overlaps with the specified external subnet."; + break; + } else if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) { + $input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet."; + break; + } + } + + /* check for overlaps with server NAT */ + if (is_array($config['nat']['servernat'])) { + foreach ($config['nat']['servernat'] as $natent) { + if (check_subnets_overlap($_POST['external'], $_POST['subnet'], + $natent['ipaddr'], 32)) { + $input_errors[] = "A server NAT entry overlaps with the specified external subnet."; + break; + } + } + } + + /* check for overlaps with advanced outbound NAT */ + if (is_array($config['nat']['advancedoutbound']['rule'])) { + foreach ($config['nat']['advancedoutbound']['rule'] as $natent) { + if ($natent['target'] && + check_subnets_overlap($_POST['external'], $_POST['subnet'], $natent['target'], 32)) { + $input_errors[] = "An advanced outbound NAT entry overlaps with the specified external subnet."; + break; + } + } + } + + if (!$input_errors) { + $natent = array(); + $natent['external'] = $_POST['external']; + $natent['internal'] = $_POST['internal']; + $natent['subnet'] = $_POST['subnet']; + $natent['descr'] = $_POST['descr']; + $natent['interface'] = $_POST['interface']; + + if (isset($id) && $a_1to1[$id]) + $a_1to1[$id] = $natent; + else + $a_1to1[] = $natent; + + touch($d_natconfdirty_path); + + write_config(); + + header("Location: firewall_nat_1to1.php"); + exit; + } +} +?> + + + +Firewall: NAT: Edit 1:1
+ + + + + diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php new file mode 100755 index 0000000..d80865f --- /dev/null +++ b/usr/local/www/firewall_nat_edit.php @@ -0,0 +1,365 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['nat']['rule'])) { + $config['nat']['rule'] = array(); +} +nat_rules_sort(); +$a_nat = &$config['nat']['rule']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_nat[$id]) { + $pconfig['extaddr'] = $a_nat[$id]['external-address']; + $pconfig['proto'] = $a_nat[$id]['protocol']; + list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']); + $pconfig['localip'] = $a_nat[$id]['target']; + $pconfig['localbeginport'] = $a_nat[$id]['local-port']; + $pconfig['descr'] = $a_nat[$id]['descr']; + $pconfig['interface'] = $a_nat[$id]['interface']; + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; +} else { + $pconfig['interface'] = "wan"; +} + +if ($_POST) { + + if ($_POST['beginport_cust'] && !$_POST['beginport']) + $_POST['beginport'] = $_POST['beginport_cust']; + if ($_POST['endport_cust'] && !$_POST['endport']) + $_POST['endport'] = $_POST['endport_cust']; + if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) + $_POST['localbeginport'] = $_POST['localbeginport_cust']; + + if (!$_POST['endport']) + $_POST['endport'] = $_POST['beginport']; + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "interface proto beginport localip localbeginport"); + $reqdfieldsn = explode(",", "Interface,Protocol,Start port,NAT IP,Local port"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['beginport'] && !is_port($_POST['beginport']))) { + $input_errors[] = "The start port must be an integer between 1 and 65535."; + } + if (($_POST['endport'] && !is_port($_POST['endport']))) { + $input_errors[] = "The end port must be an integer between 1 and 65535."; + } + if (($_POST['localbeginport'] && !is_port($_POST['localbeginport']))) { + $input_errors[] = "The local port must be an integer between 1 and 65535."; + } + if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) { + $input_errors[] = "A valid NAT IP address or host alias must be specified."; + } + + if ($_POST['beginport'] > $_POST['endport']) { + /* swap */ + $tmp = $_POST['endport']; + $_POST['endport'] = $_POST['beginport']; + $_POST['beginport'] = $tmp; + } + + if (!$input_errors) { + if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535) + $input_errors[] = "The target port range must lie between 1 and 65535."; + } + + /* check for overlaps */ + foreach ($a_nat as $natent) { + if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) + continue; + if ($natent['interface'] != $_POST['interface']) + continue; + if ($natent['external-address'] != $_POST['extaddr']) + continue; + + list($begp,$endp) = explode("-", $natent['external-port']); + if (!$endp) + $endp = $begp; + + if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) + || (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) { + + $input_errors[] = "The external port range overlaps with an existing entry."; + break; + } + } + + if (!$input_errors) { + $natent = array(); + if ($_POST['extaddr']) + $natent['external-address'] = $_POST['extaddr']; + $natent['protocol'] = $_POST['proto']; + + if ($_POST['beginport'] == $_POST['endport']) + $natent['external-port'] = $_POST['beginport']; + else + $natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport']; + + $natent['target'] = $_POST['localip']; + $natent['local-port'] = $_POST['localbeginport']; + $natent['interface'] = $_POST['interface']; + $natent['descr'] = $_POST['descr']; + + if (isset($id) && $a_nat[$id]) + $a_nat[$id] = $natent; + else + $a_nat[] = $natent; + + touch($d_natconfdirty_path); + + if ($_POST['autoadd']) { + /* auto-generate a matching firewall rule */ + $filterent = array(); + $filterent['interface'] = $_POST['interface']; + $filterent['protocol'] = $_POST['proto']; + $filterent['source']['any'] = ""; + $filterent['destination']['address'] = $_POST['localip']; + + $dstpfrom = $_POST['localbeginport']; + $dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport']; + + if ($dstpfrom == $dstpto) + $filterent['destination']['port'] = $dstpfrom; + else + $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto; + + $filterent['descr'] = "NAT " . $_POST['descr']; + + $config['filter']['rule'][] = $filterent; + + touch($d_filterconfdirty_path); + } + + write_config(); + + header("Location: firewall_nat.php"); + exit; + } +} +?> + + + +Firewall: NAT: Edit
+ + + + + + diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php new file mode 100755 index 0000000..978f3b3 --- /dev/null +++ b/usr/local/www/firewall_nat_out.php @@ -0,0 +1,184 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['nat']['advancedoutbound']['rule'])) + $config['nat']['advancedoutbound']['rule'] = array(); + +$a_out = &$config['nat']['advancedoutbound']['rule']; +nat_out_rules_sort(); + +if ($_POST) { + + $pconfig = $_POST; + + $config['nat']['advancedoutbound']['enable'] = ($_POST['enable']) ? true : false; + write_config(); + + $retval = 0; + + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + } +} + +if ($_GET['act'] == "del") { + if ($a_out[$_GET['id']]) { + unset($a_out[$_GET['id']]); + write_config(); + touch($d_natconfdirty_path); + header("Location: firewall_nat_out.php"); + exit; + } +} +?> + + + +Firewall: NAT
+ + + + diff --git a/usr/local/www/firewall_nat_out_edit.php b/usr/local/www/firewall_nat_out_edit.php new file mode 100755 index 0000000..723de78 --- /dev/null +++ b/usr/local/www/firewall_nat_out_edit.php @@ -0,0 +1,311 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['nat']['advancedoutbound']['rule'])) + $config['nat']['advancedoutbound']['rule'] = array(); + +$a_out = &$config['nat']['advancedoutbound']['rule']; +nat_out_rules_sort(); + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +function network_to_pconfig($adr, &$padr, &$pmask, &$pnot) { + + if (isset($adr['any'])) + $padr = "any"; + else if ($adr['network']) { + list($padr, $pmask) = explode("/", $adr['network']); + if (!$pmask) + $pmask = 32; + } + + if (isset($adr['not'])) + $pnot = 1; + else + $pnot = 0; +} + +if (isset($id) && $a_out[$id]) { + list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']); + network_to_pconfig($a_out[$id]['destination'], $pconfig['destination'], + $pconfig['destination_subnet'], $pconfig['destination_not']); + $pconfig['target'] = $a_out[$id]['target']; + $pconfig['interface'] = $a_out[$id]['interface']; + if (!$pconfig['interface']) + $pconfig['interface'] = "wan"; + $pconfig['descr'] = $a_out[$id]['descr']; +} else { + $pconfig['source_subnet'] = 24; + $pconfig['destination'] = "any"; + $pconfig['destination_subnet'] = 24; + $pconfig['interface'] = "wan"; +} + +if ($_POST) { + + if ($_POST['destination_type'] == "any") { + $_POST['destination'] = "any"; + $_POST['destination_subnet'] = 24; + } + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "interface source source_subnet destination destination_subnet"); + $reqdfieldsn = explode(",", "Interface,Source,Source bit count,Destination,Destination bit count"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ($_POST['source'] && !is_ipaddr($_POST['source'])) { + $input_errors[] = "A valid source must be specified."; + } + if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { + $input_errors[] = "A valid source bit count must be specified."; + } + if ($_POST['destination_type'] != "any") { + if ($_POST['destination'] && !is_ipaddr($_POST['destination'])) { + $input_errors[] = "A valid destination must be specified."; + } + if ($_POST['destination_subnet'] && !is_numericint($_POST['destination_subnet'])) { + $input_errors[] = "A valid destination bit count must be specified."; + } + } + if ($_POST['target'] && !is_ipaddr($_POST['target'])) { + $input_errors[] = "A valid target IP address must be specified."; + } + + /* check for existing entries */ + $osn = gen_subnet($_POST['source'], $_POST['source_subnet']) . "/" . $_POST['source_subnet']; + if ($_POST['destination_type'] == "any") + $ext = "any"; + else + $ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" + . $_POST['destination_subnet']; + + if ($_POST['target']) { + /* check for clashes with 1:1 NAT (Server NAT is OK) */ + if (is_array($config['nat']['onetoone'])) { + foreach ($config['nat']['onetoone'] as $natent) { + if (check_subnets_overlap($_POST['target'], 32, $natent['external'], $natent['subnet'])) { + $input_errors[] = "A 1:1 NAT mapping overlaps with the specified target IP address."; + break; + } + } + } + } + + foreach ($a_out as $natent) { + if (isset($id) && ($a_out[$id]) && ($a_out[$id] === $natent)) + continue; + + if (!$natent['interface']) + $natent['interface'] == "wan"; + + if (($natent['interface'] == $_POST['interface']) && ($natent['source']['network'] == $osn)) { + if (isset($natent['destination']['not']) == isset($_POST['destination_not'])) { + if ((isset($natent['destination']['any']) && ($ext == "any")) || + ($natent['destination']['network'] == $ext)) { + $input_errors[] = "There is already an outbound NAT rule with the specified settings."; + break; + } + } + } + } + + if (!$input_errors) { + $natent = array(); + $natent['source']['network'] = $osn; + $natent['descr'] = $_POST['descr']; + $natent['target'] = $_POST['target']; + $natent['interface'] = $_POST['interface']; + + if ($ext == "any") + $natent['destination']['any'] = true; + else + $natent['destination']['network'] = $ext; + + if (isset($_POST['destination_not']) && $ext != "any") + $natent['destination']['not'] = true; + + if (isset($id) && $a_out[$id]) + $a_out[$id] = $natent; + else + $a_out[] = $natent; + + touch($d_natconfdirty_path); + + write_config(); + + header("Location: firewall_nat_out.php"); + exit; + } +} +?> + + + +Firewall: NAT: Edit outbound mapping
+ + + + + + diff --git a/usr/local/www/firewall_nat_server.php b/usr/local/www/firewall_nat_server.php new file mode 100755 index 0000000..11f44b6 --- /dev/null +++ b/usr/local/www/firewall_nat_server.php @@ -0,0 +1,143 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['nat']['servernat'])) { + $config['nat']['servernat'] = array(); +} +$a_snat = &$config['nat']['servernat']; +nat_server_rules_sort(); + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval |= filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_snat[$_GET['id']]) { + /* make sure no inbound NAT mappings reference this entry */ + if (is_array($config['nat']['rule'])) { + foreach ($config['nat']['rule'] as $rule) { + if ($rule['external-address'] == $a_snat[$_GET['id']]['ipaddr']) { + $input_errors[] = "This entry cannot be deleted because it is still referenced by at least one inbound NAT mapping."; + break; + } + } + } + + if (!$input_errors) { + unset($a_snat[$_GET['id']]); + write_config(); + touch($d_natconfdirty_path); + header("Location: firewall_nat_server.php"); + exit; + } + } +} +?> + + + +Firewall: NAT
+ + + + diff --git a/usr/local/www/firewall_nat_server_edit.php b/usr/local/www/firewall_nat_server_edit.php new file mode 100755 index 0000000..4ed1f2d --- /dev/null +++ b/usr/local/www/firewall_nat_server_edit.php @@ -0,0 +1,153 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['nat']['servernat'])) { + $config['nat']['servernat'] = array(); +} +nat_server_rules_sort(); +$a_snat = &$config['nat']['servernat']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_snat[$id]) { + $pconfig['ipaddr'] = $a_snat[$id]['ipaddr']; + $pconfig['descr'] = $a_snat[$id]['descr']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "ipaddr"); + $reqdfieldsn = explode(",", "External IP address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { + $input_errors[] = "A valid external IP address must be specified."; + } + + if ($_POST['ipaddr'] == $config['interfaces']['wan']['ipaddr']) + $input_errors[] = "The WAN IP address may not be used in a Server NAT entry."; + + /* check for overlaps with other server NAT */ + foreach ($a_snat as $natent) { + if (isset($id) && ($a_snat[$id]) && ($a_snat[$id] === $natent)) + continue; + + if ($_POST['ipaddr'] == $natent['ipaddr']) { + $input_errors[] = "There is already a server NAT entry for the specified external IP address."; + break; + } + } + + /* check for overlaps with 1:1 NAT */ + if (is_array($config['nat']['onetoone'])) { + foreach ($config['nat']['onetoone'] as $natent) { + if (check_subnets_overlap($_POST['ipaddr'], 32, $natent['external'], $natent['subnet'])) { + $input_errors[] = "A 1:1 NAT mapping overlaps with the specified external IP address."; + break; + } + } + } + + if (!$input_errors) { + $natent = array(); + $natent['ipaddr'] = $_POST['ipaddr']; + $natent['descr'] = $_POST['descr']; + + if (isset($id) && $a_snat[$id]) { + /* modify all inbound NAT rules with this address */ + for ($i = 0; isset($config['nat']['rule'][$i]); $i++) { + if ($config['nat']['rule'][$i]['external-address'] == $a_snat[$id]['ipaddr']) + $config['nat']['rule'][$i]['external-address'] = $natent['ipaddr']; + } + $a_snat[$id] = $natent; + } else + $a_snat[] = $natent; + + touch($d_natconfdirty_path); + + write_config(); + + header("Location: firewall_nat_server.php"); + exit; + } +} +?> + + + +Firewall: NAT: Edit Server NAT
+ + + + + diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php new file mode 100755 index 0000000..cd3424c --- /dev/null +++ b/usr/local/www/firewall_rules.php @@ -0,0 +1,268 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['filter']['rule'])) { + $config['filter']['rule'] = array(); +} +filter_rules_sort(); +$a_filter = &$config['filter']['rule']; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = filter_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_natconfdirty_path)) + unlink($d_natconfdirty_path); + if (file_exists($d_filterconfdirty_path)) + unlink($d_filterconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_filter[$_GET['id']]) { + unset($a_filter[$_GET['id']]); + write_config(); + touch($d_filterconfdirty_path); + header("Location: firewall_rules.php"); + exit; + } +} else if ($_GET['act'] == "down") { + if ($a_filter[$_GET['id']] && $a_filter[$_GET['id']+1]) { + $tmp = $a_filter[$_GET['id']+1]; + $a_filter[$_GET['id']+1] = $a_filter[$_GET['id']]; + $a_filter[$_GET['id']] = $tmp; + write_config(); + touch($d_filterconfdirty_path); + header("Location: firewall_rules.php"); + exit; + } +} else if ($_GET['act'] == "up") { + if (($_GET['id'] > 0) && $a_filter[$_GET['id']]) { + $tmp = $a_filter[$_GET['id']-1]; + $a_filter[$_GET['id']-1] = $a_filter[$_GET['id']]; + $a_filter[$_GET['id']] = $tmp; + write_config(); + touch($d_filterconfdirty_path); + header("Location: firewall_rules.php"); + exit; + } +} else if ($_GET['act'] == "toggle") { + if ($a_filter[$_GET['id']]) { + $a_filter[$_GET['id']]['disabled'] = !isset($a_filter[$_GET['id']]['disabled']); + write_config(); + touch($d_filterconfdirty_path); + header("Location: firewall_rules.php"); + exit; + } +} + +?> + + + +Firewall: Rules
+ + + + diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php new file mode 100755 index 0000000..620ea6e --- /dev/null +++ b/usr/local/www/firewall_rules_edit.php @@ -0,0 +1,773 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$specialsrcdst = explode(" ", "any lan pptp"); + +if (!is_array($config['filter']['rule'])) { + $config['filter']['rule'] = array(); +} +filter_rules_sort(); +$a_filter = &$config['filter']['rule']; + +$id = $_GET['id']; +if (is_numeric($_POST['id'])) + $id = $_POST['id']; + +$after = $_GET['after']; + +if (isset($_POST['after'])) + $after = $_POST['after']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +function is_specialnet($net) { + global $specialsrcdst; + + if (in_array($net, $specialsrcdst) || strstr($net, "opt")) + return true; + else + return false; +} + +function address_to_pconfig($adr, &$padr, &$pmask, &$pnot, &$pbeginport, &$pendport) { + + if (isset($adr['any'])) + $padr = "any"; + else if ($adr['network']) + $padr = $adr['network']; + else if ($adr['address']) { + list($padr, $pmask) = explode("/", $adr['address']); + if (!$pmask) + $pmask = 32; + } + + if (isset($adr['not'])) + $pnot = 1; + else + $pnot = 0; + + if ($adr['port']) { + list($pbeginport, $pendport) = explode("-", $adr['port']); + if (!$pendport) + $pendport = $pbeginport; + } else { + $pbeginport = "any"; + $pendport = "any"; + } +} + +function pconfig_to_address(&$adr, $padr, $pmask, $pnot, $pbeginport, $pendport) { + + $adr = array(); + + if ($padr == "any") + $adr['any'] = true; + else if (is_specialnet($padr)) + $adr['network'] = $padr; + else { + $adr['address'] = $padr; + if ($pmask != 32) + $adr['address'] .= "/" . $pmask; + } + + $adr['not'] = $pnot ? true : false; + + if (($pbeginport != 0) && ($pbeginport != "any")) { + if ($pbeginport != $pendport) + $adr['port'] = $pbeginport . "-" . $pendport; + else + $adr['port'] = $pbeginport; + } +} + +if (isset($id) && $a_filter[$id]) { + $pconfig['interface'] = $a_filter[$id]['interface']; + + if (!isset($a_filter[$id]['type'])) + $pconfig['type'] = "pass"; + else + $pconfig['type'] = $a_filter[$id]['type']; + + if (isset($a_filter[$id]['protocol'])) + $pconfig['proto'] = $a_filter[$id]['protocol']; + else + $pconfig['proto'] = "any"; + + if ($a_filter[$id]['protocol'] == "icmp") + $pconfig['icmptype'] = $a_filter[$id]['icmptype']; + + address_to_pconfig($a_filter[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + + $pconfig['disabled'] = isset($a_filter[$id]['disabled']); + $pconfig['log'] = isset($a_filter[$id]['log']); + $pconfig['frags'] = isset($a_filter[$id]['frags']); + $pconfig['descr'] = $a_filter[$id]['descr']; + +} else { + /* defaults */ + $pconfig['type'] = "pass"; + $pconfig['src'] = "any"; + $pconfig['dst'] = "any"; +} + +if (isset($_GET['dup'])) + unset($id); + +if ($_POST) { + + if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } else { + + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + $_POST['srcbeginport'] = $_POST['srcbeginport_cust']; + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcendport_cust']; + + if ($_POST['srcbeginport'] == "any") { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } else { + if (!$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcbeginport']; + } + if ($_POST['srcendport'] == "any") + $_POST['srcendport'] = $_POST['srcbeginport']; + + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + $_POST['dstbeginport'] = $_POST['dstbeginport_cust']; + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstendport_cust']; + + if ($_POST['dstbeginport'] == "any") { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } else { + if (!$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstbeginport']; + } + if ($_POST['dstendport'] == "any") + $_POST['dstendport'] = $_POST['dstbeginport']; + } + + if (is_specialnet($_POST['srctype'])) { + $_POST['src'] = $_POST['srctype']; + $_POST['srcmask'] = 0; + } else if ($_POST['srctype'] == "single") { + $_POST['srcmask'] = 32; + } + if (is_specialnet($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 0; + } else if ($_POST['dsttype'] == "single") { + $_POST['dstmask'] = 32; + } + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "type interface proto src dst"); + $reqdfieldsn = explode(",", "Type,Interface,Protocol,Source,Destination"); + + if (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) { + $reqdfields[] = "srcmask"; + $reqdfieldsn[] = "Source bit count"; + } + if (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) { + $reqdfields[] = "dstmask"; + $reqdfieldsn[] = "Destination bit count"; + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (!$_POST['srcbeginport']) { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } + if (!$_POST['dstbeginport']) { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } + + if (($_POST['srcbeginport'] && !is_port($_POST['srcbeginport']))) { + $input_errors[] = "The start source port must be an integer between 1 and 65535."; + } + if (($_POST['srcendport'] && !is_port($_POST['srcendport']))) { + $input_errors[] = "The end source port must be an integer between 1 and 65535."; + } + if (($_POST['dstbeginport'] && !is_port($_POST['dstbeginport']))) { + $input_errors[] = "The start destination port must be an integer between 1 and 65535."; + } + if (($_POST['dstendport'] && !is_port($_POST['dstendport']))) { + $input_errors[] = "The end destination port must be an integer between 1 and 65535."; + } + + if (!is_specialnet($_POST['srctype'])) { + if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) { + $input_errors[] = "A valid source IP address or alias must be specified."; + } + if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { + $input_errors[] = "A valid source bit count must be specified."; + } + } + if (!is_specialnet($_POST['dsttype'])) { + if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) { + $input_errors[] = "A valid destination IP address or alias must be specified."; + } + if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { + $input_errors[] = "A valid destination bit count must be specified."; + } + } + + if ($_POST['srcbeginport'] > $_POST['srcendport']) { + /* swap */ + $tmp = $_POST['srcendport']; + $_POST['srcendport'] = $_POST['srcbeginport']; + $_POST['srcbeginport'] = $tmp; + } + if ($_POST['dstbeginport'] > $_POST['dstendport']) { + /* swap */ + $tmp = $_POST['dstendport']; + $_POST['dstendport'] = $_POST['dstbeginport']; + $_POST['dstbeginport'] = $tmp; + } + + if (!$input_errors) { + $filterent = array(); + $filterent['type'] = $_POST['type']; + $filterent['interface'] = $_POST['interface']; + + if ($_POST['proto'] != "any") + $filterent['protocol'] = $_POST['proto']; + else + unset($filterent['protocol']); + + if ($_POST['proto'] == "icmp" && $_POST['icmptype']) + $filterent['icmptype'] = $_POST['icmptype']; + else + unset($filterent['icmptype']); + + pconfig_to_address($filterent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); + + pconfig_to_address($filterent['destination'], $_POST['dst'], + $_POST['dstmask'], $_POST['dstnot'], + $_POST['dstbeginport'], $_POST['dstendport']); + + $filterent['disabled'] = $_POST['disabled'] ? true : false; + $filterent['log'] = $_POST['log'] ? true : false; + $filterent['frags'] = $_POST['frags'] ? true : false; + $filterent['descr'] = $_POST['descr']; + + if (isset($id) && $a_filter[$id]) + $a_filter[$id] = $filterent; + else { + if (is_numeric($after)) + array_splice($a_filter, $after+1, 0, array($filterent)); + else + $a_filter[] = $filterent; + } + + /* ALTQ */ + $filterent['direction'] = $_POST['direction']; + $filterent['queue'] = $_POST['queue']; + + write_config(); + touch($d_filterconfdirty_path); + + header("Location: firewall_rules.php"); + exit; + } +} +?> + + + +Firewall: Rules: Edit
+ + + + + + diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php new file mode 100755 index 0000000..242c3ed --- /dev/null +++ b/usr/local/www/firewall_shaper.php @@ -0,0 +1,269 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['pfqueueing']['rule'])) { + $config['pfqueueing']['rule'] = array(); +} +if (!is_array($config['pfqueueing']['pipe'])) { + $config['pfqueueing']['pipe'] = array(); +} +if (!is_array($config['pfqueueing']['queue'])) { + $config['pfqueueing']['queue'] = array(); +} +$a_shaper = &$config['pfqueueing']['rule']; +$a_pipe = &$config['pfqueueing']['pipe']; +$a_queue = &$config['pfqueueing']['queue']; + +$pconfig['enable'] = isset($config['pfqueueing']['enable']); + +if ($_POST) { + + if ($_POST['submit']) { + $pconfig = $_POST; + $config['pfqueueing']['enable'] = $_POST['enable'] ? true : false; + write_config(); + } + + if ($_POST['apply'] || $_POST['submit']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = shaper_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_shaperconfdirty_path)) + unlink($d_shaperconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_shaper[$_GET['id']]) { + unset($a_shaper[$_GET['id']]); + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper.php"); + exit; + } +} else if ($_GET['act'] == "down") { + if ($a_shaper[$_GET['id']] && $a_shaper[$_GET['id']+1]) { + $tmp = $a_shaper[$_GET['id']+1]; + $a_shaper[$_GET['id']+1] = $a_shaper[$_GET['id']]; + $a_shaper[$_GET['id']] = $tmp; + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper.php"); + exit; + } +} else if ($_GET['act'] == "up") { + if (($_GET['id'] > 0) && $a_shaper[$_GET['id']]) { + $tmp = $a_shaper[$_GET['id']-1]; + $a_shaper[$_GET['id']-1] = $a_shaper[$_GET['id']]; + $a_shaper[$_GET['id']] = $tmp; + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper.php"); + exit; + } +} else if ($_GET['act'] == "toggle") { + if ($a_shaper[$_GET['id']]) { + $a_shaper[$_GET['id']]['disabled'] = !isset($a_shaper[$_GET['id']]['disabled']); + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper.php"); + exit; + } +} +?> + + + +Firewall: Traffic shaper
+ + + + diff --git a/usr/local/www/firewall_shaper_edit.php b/usr/local/www/firewall_shaper_edit.php new file mode 100755 index 0000000..5b0e249 --- /dev/null +++ b/usr/local/www/firewall_shaper_edit.php @@ -0,0 +1,776 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['shaper']['rule'])) { + $config['shaper']['rule'] = array(); +} +$a_shaper = &$config['shaper']['rule']; + +$specialsrcdst = explode(" ", "any lan pptp"); + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +$after = $_GET['after']; +if (isset($_POST['after'])) + $after = $_POST['after']; + +if (isset($_GET['dup'])) { + $id = $_GET['dup']; + $after = $_GET['dup']; +} + +function is_specialnet($net) { + global $specialsrcdst; + + if (in_array($net, $specialsrcdst) || strstr($net, "opt")) + return true; + else + return false; +} + +function address_to_pconfig($adr, &$padr, &$pmask, &$pnot, &$pbeginport, &$pendport) { + + if (isset($adr['any'])) + $padr = "any"; + else if ($adr['network']) + $padr = $adr['network']; + else if ($adr['address']) { + list($padr, $pmask) = explode("/", $adr['address']); + if (!$pmask) + $pmask = 32; + } + + if (isset($adr['not'])) + $pnot = 1; + else + $pnot = 0; + + if ($adr['port']) { + list($pbeginport, $pendport) = explode("-", $adr['port']); + if (!$pendport) + $pendport = $pbeginport; + } else { + $pbeginport = "any"; + $pendport = "any"; + } +} + +function pconfig_to_address(&$adr, $padr, $pmask, $pnot, $pbeginport, $pendport) { + + $adr = array(); + + if ($padr == "any") + $adr['any'] = true; + else if (is_specialnet($padr)) + $adr['network'] = $padr; + else { + $adr['address'] = $padr; + if ($pmask != 32) + $adr['address'] .= "/" . $pmask; + } + + $adr['not'] = $pnot ? true : false; + + if (($pbeginport != 0) && ($pbeginport != "any")) { + if ($pbeginport != $pendport) + $adr['port'] = $pbeginport . "-" . $pendport; + else + $adr['port'] = $pbeginport; + } +} + +if (isset($id) && $a_shaper[$id]) { + $pconfig['interface'] = $a_shaper[$id]['interface']; + + if (isset($a_shaper[$id]['protocol'])) + $pconfig['proto'] = $a_shaper[$id]['protocol']; + else + $pconfig['proto'] = "any"; + + address_to_pconfig($a_shaper[$id]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); + + address_to_pconfig($a_shaper[$id]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + + if (isset($a_shaper[$id]['targetpipe'])) { + $pconfig['target'] = "targetpipe:" . $a_shaper[$id]['targetpipe']; + } else if (isset($a_shaper[$id]['targetqueue'])) { + $pconfig['target'] = "targetqueue:" . $a_shaper[$id]['targetqueue']; + } + + $pconfig['direction'] = $a_shaper[$id]['direction']; + $pconfig['iptos'] = $a_shaper[$id]['iptos']; + $pconfig['iplen'] = $a_shaper[$id]['iplen']; + $pconfig['tcpflags'] = $a_shaper[$id]['tcpflags']; + $pconfig['descr'] = $a_shaper[$id]['descr']; + $pconfig['disabled'] = isset($a_shaper[$id]['disabled']); + + if ($pconfig['srcbeginport'] == 0) { + $pconfig['srcbeginport'] = "any"; + $pconfig['srcendport'] = "any"; + } + if ($pconfig['dstbeginport'] == 0) { + $pconfig['dstbeginport'] = "any"; + $pconfig['dstendport'] = "any"; + } + +} else { + /* defaults */ + $pconfig['src'] = "any"; + $pconfig['dst'] = "any"; +} + +if (isset($_GET['dup'])) + unset($id); + +if ($_POST) { + + if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "any")) { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } else { + + if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) + $_POST['srcbeginport'] = $_POST['srcbeginport_cust']; + if ($_POST['srcendport_cust'] && !$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcendport_cust']; + + if ($_POST['srcbeginport'] == "any") { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } else { + if (!$_POST['srcendport']) + $_POST['srcendport'] = $_POST['srcbeginport']; + } + if ($_POST['srcendport'] == "any") + $_POST['srcendport'] = $_POST['srcbeginport']; + + if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) + $_POST['dstbeginport'] = $_POST['dstbeginport_cust']; + if ($_POST['dstendport_cust'] && !$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstendport_cust']; + + if ($_POST['dstbeginport'] == "any") { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } else { + if (!$_POST['dstendport']) + $_POST['dstendport'] = $_POST['dstbeginport']; + } + if ($_POST['dstendport'] == "any") + $_POST['dstendport'] = $_POST['dstbeginport']; + } + + if (is_specialnet($_POST['srctype'])) { + $_POST['src'] = $_POST['srctype']; + $_POST['srcmask'] = 0; + } else if ($_POST['srctype'] == "single") { + $_POST['srcmask'] = 32; + } + if (is_specialnet($_POST['dsttype'])) { + $_POST['dst'] = $_POST['dsttype']; + $_POST['dstmask'] = 0; + } else if ($_POST['dsttype'] == "single") { + $_POST['dstmask'] = 32; + } + + $intos = array(); + foreach ($iptos as $tos) { + if ($_POST['iptos_' . $tos] == "on") + $intos[] = $tos; + else if ($_POST['iptos_' . $tos] == "off") + $intos[] = "!" . $tos; + } + $_POST['iptos'] = join(",", $intos); + + $intcpflags = array(); + foreach ($tcpflags as $tcpflag) { + if ($_POST['tcpflags_' . $tcpflag] == "on") + $intcpflags[] = $tcpflag; + else if ($_POST['tcpflags_' . $tcpflag] == "off") + $intcpflags[] = "!" . $tcpflag; + } + $_POST['tcpflags'] = join(",", $intcpflags); + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "target proto src dst"); + $reqdfieldsn = explode(",", "Target,Protocol,Source,Destination"); + + if (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) { + $reqdfields[] = "srcmask"; + $reqdfieldsn[] = "Source bit count"; + } + if (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) { + $reqdfields[] = "dstmask"; + $reqdfieldsn[] = "Destination bit count"; + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (!$_POST['srcbeginport']) { + $_POST['srcbeginport'] = 0; + $_POST['srcendport'] = 0; + } + if (!$_POST['dstbeginport']) { + $_POST['dstbeginport'] = 0; + $_POST['dstendport'] = 0; + } + + if (($_POST['srcbeginport'] && !is_port($_POST['srcbeginport']))) { + $input_errors[] = "The start source port must be an integer between 1 and 65535."; + } + if (($_POST['srcendport'] && !is_port($_POST['srcendport']))) { + $input_errors[] = "The end source port must be an integer between 1 and 65535."; + } + if (($_POST['dstbeginport'] && !is_port($_POST['dstbeginport']))) { + $input_errors[] = "The start destination port must be an integer between 1 and 65535."; + } + if (($_POST['dstendport'] && !is_port($_POST['dstendport']))) { + $input_errors[] = "The end destination port must be an integer between 1 and 65535."; + } + + if (!is_specialnet($_POST['srctype'])) { + if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) { + $input_errors[] = "A valid source IP address or alias must be specified."; + } + if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { + $input_errors[] = "A valid source bit count must be specified."; + } + } + if (!is_specialnet($_POST['dsttype'])) { + if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) { + $input_errors[] = "A valid destination IP address or alias must be specified."; + } + if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { + $input_errors[] = "A valid destination bit count must be specified."; + } + } + + if ($_POST['srcbeginport'] > $_POST['srcendport']) { + /* swap */ + $tmp = $_POST['srcendport']; + $_POST['srcendport'] = $_POST['srcbeginport']; + $_POST['srcbeginport'] = $tmp; + } + if ($_POST['dstbeginport'] > $_POST['dstendport']) { + /* swap */ + $tmp = $_POST['dstendport']; + $_POST['dstendport'] = $_POST['dstbeginport']; + $_POST['dstbeginport'] = $tmp; + } + + if (($_POST['iplen'] && !preg_match("/^(\d+)(-(\d+))?$/", $_POST['iplen']))) { + $input_errors[] = "The IP packet length must be an integer or a range (from-to)."; + } + + if (!$input_errors) { + $shaperent = array(); + $shaperent['interface'] = $_POST['interface']; + + if ($_POST['proto'] != "any") + $shaperent['protocol'] = $_POST['proto']; + else + unset($shaperent['protocol']); + + pconfig_to_address($shaperent['source'], $_POST['src'], + $_POST['srcmask'], $_POST['srcnot'], + $_POST['srcbeginport'], $_POST['srcendport']); + + pconfig_to_address($shaperent['destination'], $_POST['dst'], + $_POST['dstmask'], $_POST['dstnot'], + $_POST['dstbeginport'], $_POST['dstendport']); + + $shaperent['direction'] = $_POST['direction']; + $shaperent['iplen'] = $_POST['iplen']; + $shaperent['iptos'] = $_POST['iptos']; + $shaperent['tcpflags'] = $_POST['tcpflags']; + $shaperent['descr'] = $_POST['descr']; + $shaperent['disabled'] = $_POST['disabled'] ? true : false; + + list($targettype,$target) = explode(":", $_POST['target']); + $shaperent[$targettype] = $target; + + if (isset($id) && $a_shaper[$id]) + $a_shaper[$id] = $shaperent; + else { + if (is_numeric($after)) + array_splice($a_shaper, $after+1, 0, array($shaperent)); + else + $a_shaper[] = $shaperent; + } + + write_config(); + touch($d_shaperconfdirty_path); + + header("Location: firewall_shaper.php"); + exit; + } +} +?> + + + +Firewall: Traffic shaper: Edit rule
+ + 0)): ?> + + + +You need to create a pipe or queue before you can add a new rule.
+ + + + diff --git a/usr/local/www/firewall_shaper_queues.php b/usr/local/www/firewall_shaper_queues.php new file mode 100755 index 0000000..fa60240 --- /dev/null +++ b/usr/local/www/firewall_shaper_queues.php @@ -0,0 +1,141 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['pfqueueing']['pipe'])) { + $config['pfqueueing']['pipe'] = array(); +} +if (!is_array($config['pfqueueing']['queue'])) { + $config['pfqueueing']['queue'] = array(); +} +$a_queues = &$config['pfqueueing']['queue']; +$a_pipe = &$config['pfqueueing']['pipe']; + +if ($_GET['act'] == "del") { + if ($a_queues[$_GET['id']]) { + /* check that no rule references this queue */ + if (is_array($config['pfqueueing']['rule'])) { + foreach ($config['pfqueueing']['rule'] as $rule) { + if (isset($rule['targetqueue']) && ($rule['targetqueue'] == $_GET['id'])) { + $input_errors[] = "This queue cannot be deleted because it is still referenced by a rule."; + break; + } + } + } + + if (!$input_errors) { + unset($a_queues[$_GET['id']]); + + /* renumber all rules */ + if (is_array($config['pfqueueing']['rule'])) { + for ($i = 0; isset($config['pfqueueing']['rule'][$i]); $i++) { + $currule = &$config['pfqueueing']['rule'][$i]; + if (isset($currule['targetqueue']) && ($currule['targetqueue'] > $_GET['id'])) + $currule['targetqueue']--; + } + } + + write_config(); + touch($d_shaperconfdirty_path); + header("Location: firewall_shaper_queues.php"); + exit; + } + } +} +?> + + + +Firewall: Traffic shaper Queues
+ + + + diff --git a/usr/local/www/firewall_shaper_queues_edit.php b/usr/local/www/firewall_shaper_queues_edit.php new file mode 100755 index 0000000..15e0920 --- /dev/null +++ b/usr/local/www/firewall_shaper_queues_edit.php @@ -0,0 +1,187 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$a_queues = &$config['pfqueueing']['queue']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_queues[$id]) { + $pconfig['bandwidth'] = $a_queues[$id]['bandwidth'] . $a_queues[$id]['bandwidthtype']; + $pconfig['priority'] = $a_queues[$id]['priority']; + $pconfig['mask'] = $a_queues[$id]['mask']; + $pconfig['name'] = $a_queues[$id]['name']; + $pconfig['options'] = $a_queues[$id]['options']; + $pconfig['bandwidth'] = $a_queues[$id]['bandwidth']; + $pconfig['bandwidthtype'] = $a_queues[$id]['bandwidthtype']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "priority"); + $reqdfieldsn = explode(",", "Priority"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ($_POST['priority'] && (!is_numericint($_POST['priority']) + || ($_POST['priority'] < 1) || ($_POST['priority'] > 100))) { + $input_errors[] = "The priority must be an integer between 1 and 100."; + } + + if (!$input_errors) { + $queue = array(); + + $queue['schedulertype'] = $_POST['scheduler']; + $queue['bandwidth'] = $_POST['bandwidth']; + $queue['priority'] = $_POST['priority']; + $queue['name'] = $_POST['name']; + + $scheduleroptions=""; + if($_POST['red'] == "on") + $scheduleroptions .= "red "; + + if($_POST['ecn'] == "on") + $scheduleroptions .= "ecn "; + + if($_POST['default'] == "on") + $scheduleroptions .= "default"; + + $queue['options'] = $scheduleroptions; + + if (isset($id) && $a_queues[$id]) + $a_queues[$id] = $queue; + else + $a_queues[] = $queue; + + write_config(); + touch($d_shaperconfdirty_path); + + header("Location: firewall_shaper_queues.php"); + exit; + } +} +?> + + + +Firewall: Traffic shaper: Edit queue
+ + + + + diff --git a/usr/local/www/graph.php b/usr/local/www/graph.php new file mode 100755 index 0000000..7fac8f3 --- /dev/null +++ b/usr/local/www/graph.php @@ -0,0 +1,325 @@ +#!/usr/local/bin/php -f + and Manuel Kasper\n"; + echo " | ";
+
+ echo " The following input errors were detected:
|
\n"; + echo " | "; + echo $msg; + echo " |
"; + print_info_box_np($msg); + echo "
"; +} + +function format_bytes($bytes) { + if ($bytes >= 1073741824) { + return sprintf("%.2f GB", $bytes/1073741824); + } else if ($bytes >= 1048576) { + return sprintf("%.2f MB", $bytes/1048576); + } else if ($bytes >= 1024) { + return sprintf("%.0f KB", $bytes/1024); + } else { + return sprintf("%d bytes", $bytes); + } +} + +function get_std_save_message($ok) { + global $d_sysrebootreqd_path; + + if ($ok == 0) { + if (file_exists($d_sysrebootreqd_path)) + return "The changes have been saved. You must reboot your firewall for changes to take effect."; + else + return "The changes have been applied successfully."; + } else { + return "ERROR: the changes could not be applied (error code $ok)."; + } +} + +function pprint_address($adr) { + global $specialnets; + + if (isset($adr['any'])) { + $padr = "*"; + } else if ($adr['network']) { + $padr = $specialnets[$adr['network']]; + } else { + $padr = $adr['address']; + } + + if (isset($adr['not'])) + $padr = "! " . $padr; + + return $padr; +} + +function pprint_port($port) { + global $wkports; + + $pport = ""; + + if (!$port) + echo "*"; + else { + $srcport = explode("-", $port); + if ((!$srcport[1]) || ($srcport[0] == $srcport[1])) { + $pport = $srcport[0]; + if ($wkports[$srcport[0]]) { + $pport .= " (" . $wkports[$srcport[0]] . ")"; + } + } else + $pport .= $srcport[0] . " - " . $srcport[1]; + } + + return $pport; +} + +/* sort by interface only, retain the original order of rules that apply to + the same interface */ +function filter_rules_sort() { + global $g, $config; + + /* mark each rule with the sequence number (to retain the order while sorting) */ + for ($i = 0; isset($config['filter']['rule'][$i]); $i++) + $config['filter']['rule'][$i]['seq'] = $i; + + function filtercmp($a, $b) { + if ($a['interface'] == $b['interface']) + return $a['seq'] - $b['seq']; + else + return -strcmp($a['interface'], $b['interface']); + } + + usort($config['filter']['rule'], "filtercmp"); + + /* strip the sequence numbers again */ + for ($i = 0; isset($config['filter']['rule'][$i]); $i++) + unset($config['filter']['rule'][$i]['seq']); +} + +function nat_rules_sort() { + global $g, $config; + + function natcmp($a, $b) { + if ($a['external-address'] == $b['external-address']) { + if ($a['protocol'] == $b['protocol']) { + if ($a['external-port'] == $b['external-port']) { + return 0; + } else { + return ($a['external-port'] - $b['external-port']); + } + } else { + return strcmp($a['protocol'], $b['protocol']); + } + } else if (!$a['external-address']) + return 1; + else if (!$b['external-address']) + return -1; + else + return ipcmp($a['external-address'], $b['external-address']); + } + + usort($config['nat']['rule'], "natcmp"); +} + +function nat_1to1_rules_sort() { + global $g, $config; + + function nat1to1cmp($a, $b) { + return ipcmp($a['external'], $b['external']); + } + + usort($config['nat']['onetoone'], "nat1to1cmp"); +} + +function nat_server_rules_sort() { + global $g, $config; + + function natservercmp($a, $b) { + return ipcmp($a['ipaddr'], $b['ipaddr']); + } + + usort($config['nat']['servernat'], "natservercmp"); +} + +function nat_out_rules_sort() { + global $g, $config; + + function natoutcmp($a, $b) { + return strcmp($a['source']['network'], $b['source']['network']); + } + + usort($config['nat']['advancedoutbound']['rule'], "natoutcmp"); +} + +function pptpd_users_sort() { + global $g, $config; + + function usercmp($a, $b) { + return strcasecmp($a['name'], $b['name']); + } + + usort($config['pptpd']['user'], "usercmp"); +} + +function staticroutes_sort() { + global $g, $config; + + function staticroutecmp($a, $b) { + return strcmp($a['network'], $b['network']); + } + + usort($config['staticroutes']['route'], "staticroutecmp"); +} + +function hosts_sort() { + global $g, $config; + + function hostcmp($a, $b) { + return strcasecmp($a['host'], $b['host']); + } + + usort($config['dnsmasq']['hosts'], "hostcmp"); +} + +function staticmaps_sort($if) { + global $g, $config; + + function staticmapcmp($a, $b) { + return ipcmp($a['ipaddr'], $b['ipaddr']); + } + + usort($config['dhcpd'][$if]['staticmap'], "staticmapcmp"); +} + +function aliases_sort() { + global $g, $config; + + function aliascmp($a, $b) { + return strcmp($a['name'], $b['name']); + } + + usort($config['aliases']['alias'], "aliascmp"); +} + +function ipsec_mobilekey_sort() { + global $g, $config; + + function mobilekeycmp($a, $b) { + return strcmp($a['ident'][0], $b['ident'][0]); + } + + usort($config['ipsec']['mobilekey'], "mobilekeycmp"); +} + +function proxyarp_sort() { + global $g, $config; + + function proxyarpcmp($a, $b) { + if (isset($a['network'])) + list($ast,$asn) = explode("/", $a['network']); + else if (isset($a['range'])) { + $ast = $a['range']['from']; + $asn = 32; + } + if (isset($b['network'])) + list($bst,$bsn) = explode("/", $b['network']); + else if (isset($b['range'])) { + $bst = $b['range']['from']; + $bsn = 32; + } + if (ipcmp($ast, $bst) == 0) + return ($asn - $bsn); + else + return ipcmp($ast, $bst); + } + + usort($config['proxyarp']['proxyarpnet'], "proxyarpcmp"); +} + +function passthrumacs_sort() { + global $g, $config; + + function passthrumacscmp($a, $b) { + return strcmp($a['mac'], $b['mac']); + } + + usort($config['captiveportal']['passthrumac'],"passthrumacscmp"); +} + +function allowedips_sort() { + global $g, $config; + + function allowedipscmp($a, $b) { + return strcmp($a['ip'], $b['ip']); + } + + usort($config['captiveportal']['allowedip'],"allowedipscmp"); +} + +function wol_sort() { + global $g, $config; + + function wolcmp($a, $b) { + return strcmp($a['descr'], $b['descr']); + } + + usort($config['wol']['wolentry'], "wolcmp"); +} + +function gentitle($pgname) { + global $config; + return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname; +} + +?> diff --git a/usr/local/www/ifstats.cgi b/usr/local/www/ifstats.cgi new file mode 100755 index 0000000..944e95e Binary files /dev/null and b/usr/local/www/ifstats.cgi differ diff --git a/usr/local/www/index.php b/usr/local/www/index.php new file mode 100755 index 0000000..ecaef0c --- /dev/null +++ b/usr/local/www/index.php @@ -0,0 +1,180 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +/* find out whether there's hardware encryption (hifn) */ +unset($hwcrypto); +$fd = @fopen("{$g['varlog_path']}/dmesg.boot", "r"); +if ($fd) { + while (!feof($fd)) { + $dmesgl = fgets($fd); + if (preg_match("/^hifn.: (.*?),/", $dmesgl, $matches)) { + $hwcrypto = $matches[1]; + break; + } + } + fclose($fd); +} + +?> + + + ++ | |
+ | |
System information | +|
Name | ++ + | +
Version | +
+
+ + built on + + |
+
Platform | ++ =htmlspecialchars($g['platform']);?> + | +
Hardware crypto | ++ =htmlspecialchars($hwcrypto);?> + | +
Uptime | ++ 60) + $uptime += 30; + $updays = (int)($uptime / 86400); + $uptime %= 86400; + $uphours = (int)($uptime / 3600); + $uptime %= 3600; + $upmins = (int)($uptime / 60); + + $uptimestr = ""; + if ($updays > 1) + $uptimestr .= "$updays days, "; + else if ($updays > 0) + $uptimestr .= "1 day, "; + $uptimestr .= sprintf("%02d:%02d", $uphours, $upmins); + echo htmlspecialchars($uptimestr); + ?> + | +
Last config change | ++ =htmlspecialchars(date("D M j G:i:s T Y", $config['lastchange']));?> + | +
CPU usage | ++"; +echo ""; +echo ""; +echo " "; +echo $cpuUsage . "%"; +?> + | +
Memory usage | ++"; +echo ""; +echo ""; +echo " "; +echo $memUsage . "%"; +?> + | +
Interfaces: WAN
+ + + + + + + diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php new file mode 100755 index 0000000..0f57d30 --- /dev/null +++ b/usr/local/www/interfaces_assign.php @@ -0,0 +1,265 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +/* + In this file, "port" refers to the physical port name, + while "interface" refers to LAN, WAN, or OPTn. +*/ + +/* get list without VLAN interfaces */ +$portlist = get_interface_list(); + +/* add VLAN interfaces */ +if (is_array($config['vlans']['vlan']) && count($config['vlans']['vlan'])) { + $i = 0; + foreach ($config['vlans']['vlan'] as $vlan) { + $portlist['vlan' . $i] = $vlan; + $portlist['vlan' . $i]['isvlan'] = true; + $i++; + } +} + +if ($_POST) { + + unset($input_errors); + + /* input validation */ + + /* Build a list of the port names so we can see how the interfaces map */ + $portifmap = array(); + foreach ($portlist as $portname => $portinfo) + $portifmap[$portname] = array(); + + /* Go through the list of ports selected by the user, + build a list of port-to-interface mappings in portifmap */ + foreach ($_POST as $ifname => $ifport) { + if (($ifname == 'lan') || ($ifname == 'wan') || (substr($ifname, 0, 3) == 'opt')) + $portifmap[$ifport][] = strtoupper($ifname); + } + + /* Deliver error message for any port with more than one assignment */ + foreach ($portifmap as $portname => $ifnames) { + if (count($ifnames) > 1) { + $errstr = "Port " . $portname . + " was assigned to " . count($ifnames) . + " interfaces:"; + + foreach ($portifmap[$portname] as $ifn) + $errstr .= " " . $ifn; + + $input_errors[] = $errstr; + } + } + + + if (!$input_errors) { + /* No errors detected, so update the config */ + foreach ($_POST as $ifname => $ifport) { + + if (($ifname == 'lan') || ($ifname == 'wan') || + (substr($ifname, 0, 3) == 'opt')) { + + if (!is_array($ifport)) { + $config['interfaces'][$ifname]['if'] = $ifport; + + /* check for wireless interfaces, set or clear ['wireless'] */ + if (preg_match("/^(wi|awi|an)/", $ifport)) { + if (!is_array($config['interfaces'][$ifname]['wireless'])) + $config['interfaces'][$ifname]['wireless'] = array(); + } else { + unset($config['interfaces'][$ifname]['wireless']); + } + + /* make sure there is a name for OPTn */ + if (substr($ifname, 0, 3) == 'opt') { + if (!isset($config['interfaces'][$ifname]['descr'])) + $config['interfaces'][$ifname]['descr'] = strtoupper($ifname); + } + } + } + } + + write_config(); + touch($d_sysrebootreqd_path); + } +} + +if ($_GET['act'] == "del") { + $id = $_GET['id']; + + unset($config['interfaces'][$id]); /* delete the specified OPTn */ + + /* shift down other OPTn interfaces to get rid of holes */ + $i = substr($id, 3); /* the number of the OPTn port being deleted */ + $i++; + + /* look at the following OPTn ports */ + while (is_array($config['interfaces']['opt' . $i])) { + $config['interfaces']['opt' . ($i - 1)] = + $config['interfaces']['opt' . $i]; + + if ($config['interfaces']['opt' . ($i - 1)]['descr'] == "OPT" . $i) + $config['interfaces']['opt' . ($i - 1)]['descr'] = "OPT" . ($i - 1); + + unset($config['interfaces']['opt' . $i]); + $i++; + } + + write_config(); + touch($d_sysrebootreqd_path); + header("Location: interfaces_assign.php"); + exit; +} + +if ($_GET['act'] == "add") { + /* find next free optional interface number */ + $i = 1; + while (is_array($config['interfaces']['opt' . $i])) + $i++; + + $newifname = 'opt' . $i; + $config['interfaces'][$newifname] = array(); + $config['interfaces'][$newifname]['descr'] = "OPT" . $i; + + /* Find an unused port for this interface */ + foreach ($portlist as $portname => $portinfo) { + $portused = false; + foreach ($config['interfaces'] as $ifname => $ifdata) { + if ($ifdata['if'] == $portname) { + $portused = true; + break; + } + } + if (!$portused) { + $config['interfaces'][$newifname]['if'] = $portname; + if (preg_match("/^(wi|awi|an)/", $portname)) + $config['interfaces'][$newifname]['wireless'] = array(); + break; + } + } + + write_config(); + touch($d_sysrebootreqd_path); + header("Location: interfaces_assign.php"); + exit; +} + +?> + + + +Interfaces: Assign network ports
+ + + + + + diff --git a/usr/local/www/interfaces_lan.php b/usr/local/www/interfaces_lan.php new file mode 100755 index 0000000..66af153 --- /dev/null +++ b/usr/local/www/interfaces_lan.php @@ -0,0 +1,173 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$lancfg = &$config['interfaces']['lan']; +$optcfg = &$config['interfaces']['lan']; +$pconfig['ipaddr'] = $config['interfaces']['lan']['ipaddr']; +$pconfig['subnet'] = $config['interfaces']['lan']['subnet']; + +/* Wireless interface? */ +if (isset($optcfg['wireless'])) { + require("interfaces_wlan.inc"); + wireless_config_init(); +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "ipaddr subnet"); + $reqdfieldsn = explode(",", "IP address,Subnet bit count"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { + $input_errors[] = "A valid IP address must be specified."; + } + if (($_POST['subnet'] && !is_numeric($_POST['subnet']))) { + $input_errors[] = "A valid subnet bit count must be specified."; + } + + /* Wireless interface? */ + if (isset($optcfg['wireless'])) { + $wi_input_errors = wireless_config_post(); + if ($wi_input_errors) { + $input_errors = array_merge($input_errors, $wi_input_errors); + } + } + + if (!$input_errors) { + $config['interfaces']['lan']['ipaddr'] = $_POST['ipaddr']; + $config['interfaces']['lan']['subnet'] = $_POST['subnet']; + + $dhcpd_was_enabled = 0; + if (isset($config['dhcpd']['enable'])) { + unset($config['dhcpd']['enable']); + $dhcpd_was_enabled = 1; + } + + write_config(); + touch($d_sysrebootreqd_path); + + $savemsg = get_std_save_message(0); + + if ($dhcpd_was_enabled) + $savemsg .= "Interfaces: LAN
+ + + + + + diff --git a/usr/local/www/interfaces_opt.php b/usr/local/www/interfaces_opt.php new file mode 100755 index 0000000..fffc17b --- /dev/null +++ b/usr/local/www/interfaces_opt.php @@ -0,0 +1,276 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +unset($index); +if ($_GET['index']) + $index = $_GET['index']; +else if ($_POST['index']) + $index = $_POST['index']; + +if (!$index) + exit; + +$optcfg = &$config['interfaces']['opt' . $index]; +$pconfig['descr'] = $optcfg['descr']; +$pconfig['bridge'] = $optcfg['bridge']; +$pconfig['ipaddr'] = $optcfg['ipaddr']; +$pconfig['subnet'] = $optcfg['subnet']; +$pconfig['enable'] = isset($optcfg['enable']); + +/* Wireless interface? */ +if (isset($optcfg['wireless'])) { + require("interfaces_wlan.inc"); + wireless_config_init(); +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable']) { + + /* description unique? */ + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + if ($i != $index) { + if ($config['interfaces']['opt' . $i]['descr'] == $_POST['descr']) { + $input_errors[] = "An interface with the specified description already exists."; + } + } + } + + if ($_POST['bridge']) { + /* double bridging? */ + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + if ($i != $index) { + if ($config['interfaces']['opt' . $i]['bridge'] == $_POST['bridge']) { + $input_errors[] = "Optional interface {$i} " . + "({$config['interfaces']['opt' . $i]['descr']}) is already bridged to " . + "the specified interface."; + } else if ($config['interfaces']['opt' . $i]['bridge'] == "opt{$index}") { + $input_errors[] = "Optional interface {$i} " . + "({$config['interfaces']['opt' . $i]['descr']}) is already bridged to " . + "this interface."; + } + } + } + if ($config['interfaces'][$_POST['bridge']]['bridge']) { + $input_errors[] = "The specified interface is already bridged to " . + "another interface."; + } + /* captive portal on? */ + if (isset($config['captiveportal']['enable'])) { + $input_errors[] = "Interfaces cannot be bridged while the captive portal is enabled."; + } + } else { + $reqdfields = explode(" ", "descr ipaddr subnet"); + $reqdfieldsn = explode(",", "Description,IP address,Subnet bit count"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { + $input_errors[] = "A valid IP address must be specified."; + } + if (($_POST['subnet'] && !is_numeric($_POST['subnet']))) { + $input_errors[] = "A valid subnet bit count must be specified."; + } + } + } + + /* Wireless interface? */ + if (isset($optcfg['wireless'])) { + $wi_input_errors = wireless_config_post(); + if ($wi_input_errors) { + $input_errors = array_merge($input_errors, $wi_input_errors); + } + } + + if (!$input_errors) { + $optcfg['descr'] = $_POST['descr']; + $optcfg['ipaddr'] = $_POST['ipaddr']; + $optcfg['subnet'] = $_POST['subnet']; + $optcfg['bridge'] = $_POST['bridge']; + $optcfg['enable'] = $_POST['enable'] ? true : false; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = interfaces_optional_configure(); + + /* is this the captive portal interface? */ + if (isset($config['captiveportal']['enable']) && + ($config['captiveportal']['interface'] == ('opt' . $index))) { + captiveportal_configure(); + } + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + + +Interfaces: Optional =$index;?> (=htmlspecialchars($optcfg['descr']);?>)
+ + + + + + +Optional =$index;?> has been disabled because there is no OPT=$index;?> interface.
+ + + + diff --git a/usr/local/www/interfaces_vlan.php b/usr/local/www/interfaces_vlan.php new file mode 100755 index 0000000..f724ef3 --- /dev/null +++ b/usr/local/www/interfaces_vlan.php @@ -0,0 +1,149 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['vlans']['vlan'])) + $config['vlans']['vlan'] = array(); + +$a_vlans = &$config['vlans']['vlan'] ; + +function vlan_inuse($num) { + global $config, $g; + + if ($config['interfaces']['lan']['if'] == "vlan{$num}") + return true; + if ($config['interfaces']['wan']['if'] == "vlan{$num}") + return true; + + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + if ($config['interfaces']['opt' . $i]['if'] == "vlan{$num}") + return true; + } + + return false; +} + +function renumber_vlan($if, $delvlan) { + if (!preg_match("/^vlan/", $if)) + return $if; + + $vlan = substr($if, 4); + if ($vlan > $delvlan) + return "vlan" . ($vlan - 1); + else + return $if; +} + +if ($_GET['act'] == "del") { + /* check if still in use */ + if (vlan_inuse($_GET['id'])) { + $input_errors[] = "This VLAN cannot be deleted because it is still being used as an interface."; + } else { + unset($a_vlans[$_GET['id']]); + + /* renumber all interfaces that use VLANs */ + $config['interfaces']['lan']['if'] = renumber_vlan($config['interfaces']['lan']['if'], $_GET['id']); + $config['interfaces']['wan']['if'] = renumber_vlan($config['interfaces']['wan']['if'], $_GET['id']); + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $config['interfaces']['opt' . $i]['if'] = renumber_vlan($config['interfaces']['opt' . $i]['if'], $_GET['id']); + + write_config(); + touch($d_sysrebootreqd_path); + header("Location: interfaces_vlan.php"); + exit; + } +} + +?> + + + +Interfaces: Assign network ports: VLANs
+ + ++ | +||||||||||||||||
+
|
+
Interfaces: Assign network ports: VLANs: Edit
+ + + + + diff --git a/usr/local/www/interfaces_wan.php b/usr/local/www/interfaces_wan.php new file mode 100755 index 0000000..b4cc30b --- /dev/null +++ b/usr/local/www/interfaces_wan.php @@ -0,0 +1,630 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$wancfg = &$config['interfaces']['wan']; +$optcfg = &$config['interfaces']['wan']; + +$pconfig['username'] = $config['pppoe']['username']; +$pconfig['password'] = $config['pppoe']['password']; +$pconfig['provider'] = $config['pppoe']['provider']; +$pconfig['pppoe_dialondemand'] = $config['pppoe']['ondemand']; +$pconfig['pppoe_idletimeout'] = $config['pppoe']['timeout']; + +$pconfig['pptp_username'] = $config['pptp']['username']; +$pconfig['pptp_password'] = $config['pptp']['password']; +$pconfig['pptp_local'] = $config['pptp']['local']; +$pconfig['pptp_subnet'] = $config['pptp']['subnet']; +$pconfig['pptp_remote'] = $config['pptp']['remote']; +$pconfig['pptp_dialondemand'] = $config['pptp']['ondemand']; +$pconfig['pptp_idletimeout'] = $config['pptp']['timeout']; + +$pconfig['bigpond_username'] = $config['bigpond']['username']; +$pconfig['bigpond_password'] = $config['bigpond']['password']; +$pconfig['bigpond_authserver'] = $config['bigpond']['authserver']; +$pconfig['bigpond_authdomain'] = $config['bigpond']['authdomain']; +$pconfig['bigpond_minheartbeatinterval'] = $config['bigpond']['minheartbeatinterval']; + +$pconfig['dhcphostname'] = $wancfg['dhcphostname']; + +if ($wancfg['ipaddr'] == "dhcp") { + $pconfig['type'] = "DHCP"; +} else if ($wancfg['ipaddr'] == "pppoe") { + $pconfig['type'] = "PPPoE"; +} else if ($wancfg['ipaddr'] == "pptp") { + $pconfig['type'] = "PPTP"; +} else if ($wancfg['ipaddr'] == "bigpond") { + $pconfig['type'] = "BigPond"; +} else { + $pconfig['type'] = "Static"; + $pconfig['ipaddr'] = $wancfg['ipaddr']; + $pconfig['subnet'] = $wancfg['subnet']; + $pconfig['gateway'] = $wancfg['gateway']; +} + +$pconfig['blockpriv'] = isset($wancfg['blockpriv']); +$pconfig['spoofmac'] = $wancfg['spoofmac']; +$pconfig['mtu'] = $wancfg['mtu']; + +/* Wireless interface? */ +if (isset($optcfg['wireless'])) { + require("interfaces_wlan.inc"); + wireless_config_init(); +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['type'] == "Static") { + $reqdfields = explode(" ", "ipaddr subnet gateway"); + $reqdfieldsn = explode(",", "IP address,Subnet bit count,Gateway"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + } else if ($_POST['type'] == "PPPoE") { + if ($_POST['pppoe_dialondemand']) { + $reqdfields = explode(" ", "username password pppoe_dialondemand pppoe_idletimeout"); + $reqdfieldsn = explode(",", "PPPoE username,PPPoE password,Dial on demand,Idle timeout value"); + } else { + $reqdfields = explode(" ", "username password"); + $reqdfieldsn = explode(",", "PPPoE username,PPPoE password"); + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + } else if ($_POST['type'] == "PPTP") { + if ($_POST['pptp_dialondemand']) { + $reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote pptp_dialondemand pptp_idletimeout"); + $reqdfieldsn = explode(",", "PPTP username,PPTP password,PPTP local IP address,PPTP subnet,PPTP remote IP address,Dial on demand,Idle timeout value"); + } else { + $reqdfields = explode(" ", "pptp_username pptp_password pptp_local pptp_subnet pptp_remote"); + $reqdfieldsn = explode(",", "PPTP username,PPTP password,PPTP local IP address,PPTP subnet,PPTP remote IP address"); + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + } else if ($_POST['type'] == "BigPond") { + $reqdfields = explode(" ", "bigpond_username bigpond_password"); + $reqdfieldsn = explode(",", "BigPond username,BigPond password"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + } + + if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { + $input_errors[] = "A valid IP address must be specified."; + } + if (($_POST['subnet'] && !is_numeric($_POST['subnet']))) { + $input_errors[] = "A valid subnet bit count must be specified."; + } + if (($_POST['gateway'] && !is_ipaddr($_POST['gateway']))) { + $input_errors[] = "A valid gateway must be specified."; + } + if (($_POST['provider'] && !is_domain($_POST['provider']))) { + $input_errors[] = "The service name contains invalid characters."; + } + if ($_POST['pppoe_idletimeout'] && !is_numericint($_POST['pppoe_idletimeout'])) { + $input_errors[] = "The idle timeout value must be an integer."; + } + if (($_POST['pptp_local'] && !is_ipaddr($_POST['pptp_local']))) { + $input_errors[] = "A valid PPTP local IP address must be specified."; + } + if (($_POST['pptp_subnet'] && !is_numeric($_POST['pptp_subnet']))) { + $input_errors[] = "A valid PPTP subnet bit count must be specified."; + } + if (($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote']))) { + $input_errors[] = "A valid PPTP remote IP address must be specified."; + } + if ($_POST['pptp_idletimeout'] && !is_numericint($_POST['pptp_idletimeout'])) { + $input_errors[] = "The idle timeout value must be an integer."; + } + if (($_POST['bigpond_authserver'] && !is_domain($_POST['bigpond_authserver']))) { + $input_errors[] = "The authentication server name contains invalid characters."; + } + if (($_POST['bigpond_authdomain'] && !is_domain($_POST['bigpond_authdomain']))) { + $input_errors[] = "The authentication domain name contains invalid characters."; + } + if ($_POST['bigpond_minheartbeatinterval'] && !is_numericint($_POST['bigpond_minheartbeatinterval'])) { + $input_errors[] = "The minimum heartbeat interval must be an integer."; + } + if (($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac']))) { + $input_errors[] = "A valid MAC address must be specified."; + } + if ($_POST['mtu'] && (($_POST['mtu'] < 576) || ($_POST['mtu'] > 1500))) { + $input_errors[] = "The MTU must be between 576 and 1500 bytes."; + } + + /* Wireless interface? */ + if (isset($optcfg['wireless'])) { + $wi_input_errors = wireless_config_post(); + if ($wi_input_errors) { + $input_errors = array_merge($input_errors, $wi_input_errors); + } + } + + if (!$input_errors) { + + unset($wancfg['ipaddr']); + unset($wancfg['subnet']); + unset($wancfg['gateway']); + unset($wancfg['dhcphostname']); + unset($config['pppoe']['username']); + unset($config['pppoe']['password']); + unset($config['pppoe']['provider']); + unset($config['pppoe']['ondemand']); + unset($config['pppoe']['timeout']); + unset($config['pptp']['username']); + unset($config['pptp']['password']); + unset($config['pptp']['local']); + unset($config['pptp']['subnet']); + unset($config['pptp']['remote']); + unset($config['pptp']['ondemand']); + unset($config['pptp']['timeout']); + unset($config['bigpond']['username']); + unset($config['bigpond']['password']); + unset($config['bigpond']['authserver']); + unset($config['bigpond']['authdomain']); + unset($config['bigpond']['minheartbeatinterval']); + + if ($_POST['type'] == "Static") { + $wancfg['ipaddr'] = $_POST['ipaddr']; + $wancfg['subnet'] = $_POST['subnet']; + $wancfg['gateway'] = $_POST['gateway']; + } else if ($_POST['type'] == "DHCP") { + $wancfg['ipaddr'] = "dhcp"; + $wancfg['dhcphostname'] = $_POST['dhcphostname']; + } else if ($_POST['type'] == "PPPoE") { + $wancfg['ipaddr'] = "pppoe"; + $config['pppoe']['username'] = $_POST['username']; + $config['pppoe']['password'] = $_POST['password']; + $config['pppoe']['provider'] = $_POST['provider']; + $config['pppoe']['ondemand'] = $_POST['pppoe_dialondemand']; + $config['pppoe']['timeout'] = $_POST['pppoe_idletimeout']; + } else if ($_POST['type'] == "PPTP") { + $wancfg['ipaddr'] = "pptp"; + $config['pptp']['username'] = $_POST['pptp_username']; + $config['pptp']['password'] = $_POST['pptp_password']; + $config['pptp']['local'] = $_POST['pptp_local']; + $config['pptp']['subnet'] = $_POST['pptp_subnet']; + $config['pptp']['remote'] = $_POST['pptp_remote']; + $config['pptp']['ondemand'] = $_POST['pptp_dialondemand']; + $config['pptp']['timeout'] = $_POST['pptp_idletimeout']; + } else if ($_POST['type'] == "BigPond") { + $wancfg['ipaddr'] = "bigpond"; + $config['bigpond']['username'] = $_POST['bigpond_username']; + $config['bigpond']['password'] = $_POST['bigpond_password']; + $config['bigpond']['authserver'] = $_POST['bigpond_authserver']; + $config['bigpond']['authdomain'] = $_POST['bigpond_authdomain']; + $config['bigpond']['minheartbeatinterval'] = $_POST['bigpond_minheartbeatinterval']; + } + + $wancfg['blockpriv'] = $_POST['blockpriv'] ? true : false; + $wancfg['spoofmac'] = $_POST['spoofmac']; + $wancfg['mtu'] = $_POST['mtu']; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = interfaces_wan_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + + +Interfaces: WAN
+ + + + + + + diff --git a/usr/local/www/interfaces_wlan.inc b/usr/local/www/interfaces_wlan.inc new file mode 100755 index 0000000..8861ce6 --- /dev/null +++ b/usr/local/www/interfaces_wlan.inc @@ -0,0 +1,182 @@ +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function wireless_config_init() { + global $optcfg, $pconfig; + + $pconfig['mode'] = $optcfg['wireless']['mode']; + $pconfig['ssid'] = $optcfg['wireless']['ssid']; + $pconfig['stationname'] = $optcfg['wireless']['stationname']; + $pconfig['channel'] = $optcfg['wireless']['channel']; + $pconfig['wep_enable'] = isset($optcfg['wireless']['wep']['enable']); + + if (is_array($optcfg['wireless']['wep']['key'])) { + $i = 1; + foreach ($optcfg['wireless']['wep']['key'] as $wepkey) { + $pconfig['key' . $i] = $wepkey['value']; + if (isset($wepkey['txkey'])) + $pconfig['txkey'] = $i; + $i++; + } + if (!isset($wepkey['txkey'])) + $pconfig['txkey'] = 1; + } +} + +function wireless_config_post() { + global $optcfg, $pconfig; + + unset($input_errors); + + /* input validation */ + if ($_POST['enable']) { + $reqdfields = explode(" ", "mode ssid channel"); + $reqdfieldsn = explode(",", "Mode,SSID,Channel"); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (!$input_errors) { + /* bridge check (hostap only!) */ + if ($pconfig['bridge'] && ($pconfig['mode'] != "hostap")) + $input_errors[] = "Bridging a wireless interface is only possible in hostap mode."; + } + } + + if (!$input_errors) { + + $optcfg['wireless']['mode'] = $_POST['mode']; + $optcfg['wireless']['ssid'] = $_POST['ssid']; + $optcfg['wireless']['stationname'] = $_POST['stationname']; + $optcfg['wireless']['channel'] = $_POST['channel']; + $optcfg['wireless']['wep']['enable'] = $_POST['wep_enable'] ? true : false; + + $optcfg['wireless']['wep']['key'] = array(); + for ($i = 1; $i <= 4; $i++) { + if ($_POST['key' . $i]) { + $newkey = array(); + $newkey['value'] = $_POST['key' . $i]; + if ($_POST['txkey'] == $i) + $newkey['txkey'] = true; + $optcfg['wireless']['wep']['key'][] = $newkey; + } + } + } + + return $input_errors; +} + +function wireless_config_print() { + global $optcfg, $pconfig; +?> ++ | + | TX key | +
Key 1: | ++ | > + | +
Key 2: | ++ | > | +
Key 3: | ++ | > | +
Key 4: | ++ | > | +
License
+m0n0wall is Copyright © 2002-2004 by Manuel Kasper
+ (mk@neon1.net).
+ All rights reserved.
Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED "AS IS'' AND ANY EXPRESS
+ OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+ SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
+ OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ OF THE
+ POSSIBILITY OF SUCH DAMAGE.
The following persons have contributed code to m0n0wall:
+Bob Zoller (bob@kludgebox.com)
+ Diagnostics: Ping
+ function; WLAN channel auto-select; DNS forwarder
+
+ Michael Mee (mikemee2002@pobox.com)
+ Timezone and NTP
+ client support
+
+ Magne Andreassen (magne.andreassen@bluezone.no)
+ Remote syslog'ing;
+ some code bits for DHCP server on optional interfaces
+
+ Rob Whyte (rob@g-labs.com)
+ Idea/code bits
+ for encrypted webGUI passwords; minimalized SNMP agent
+
+ Petr Verner (verner@ipps.cz)
+ Advanced outbound
+ NAT: destination selection
+
+ Bruce A. Mah (bmah@acm.org)
+ Filtering bridge
+ patches
+
+ Jim McBeath (monowall@j.jimmc.org)
+ Filter rule patches
+ (ordering, block/pass, disabled); better status page;
+ webGUI assign network ports page
+
+ Chris Olive (chris@technologEase.com)
+ enhanced "execute
+ command" page
+
+ Pauline Middelink (middelink@polyware.nl)
+ DHCP client: send hostname patch
+
+ Björn Pålsson (bjorn@networksab.com)
+ DHCP lease list page
+
+ Peter Allgeyer (allgeyer@web.de)
+ "reject" type filter rules; dial-on-demand
+
+ Thierry Lechat (dev@lechat.org)
+ SVG-based traffic grapher
+
+ Steven Honson (steven@honson.org)
+ per-user IP address assignments for PPTP VPN
+
+ Kurt Inge Smådal (kurt@emsp.no)
+ NAT on optional interfaces
+
+ Dinesh Nair (dinesh@alphaque.com)
+ captive portal: pass-through MAC/IP addresses, RADIUS authentication & accounting;
+ HTTP server concurrency limit
+
+ Justin Ellison (justin@techadvise.com)
+ traffic shaper TOS matching; magic shaper; DHCP deny unknown clients;
+ IPsec user FQDNs; DHCP relay
+
+ Fred Wright (fw@well.com)
+ ipfilter window scaling fix; ipnat ICMP checksum adjustment fix; IPsec dead SA fixes
+
+ Michael Hanselmann (m0n0@hansmi.ch)
+ IDE hard disk standby
+
+ Audun Larsen (larsen@xqus.com)
+ CPU/memory usage display
+
+ Peter Curran (peter@closeconsultants.com)
+ OpenVPN support
m0n0wall is based upon/includes various free software packages,
+ listed below.
+ The author of m0n0wall would like to thank the authors of these
+ software packages for their efforts.
FreeBSD (http://www.freebsd.org)
+ Copyright © 1994-2003 FreeBSD, Inc. All rights reserved.
+
+ This product includes PHP, freely available from http://www.php.net.
+ Copyright © 1999 - 2003 The PHP Group. All rights reserved.
+
+ mini_httpd (http://www.acme.com/software/mini_httpd)
+ Copyright © 1999, 2000 by Jef Poskanzer <jef@acme.com>.
+ All rights reserved.
+
+ ISC DHCP server (http://www.isc.org/products/DHCP)
+ Copyright © 1996-2003 Internet Software Consortium. All rights
+ reserved.
+
+ ipfilter (http://www.ipfilter.org)
+ Copyright © 1993-2002 by Darren Reed.
+
+ MPD - Multi-link PPP daemon for FreeBSD (http://www.dellroad.org/mpd)
+ Copyright © 2003-2004, Archie L. Cobbs, Michael Bretterklieber, Alexander Motin
+All rights reserved.
+
+ ez-ipupdate (http://www.gusnet.cx/proj/ez-ipupdate)
+ Copyright © 1998-2001 Angus Mackay. All rights reserved.
+
+ Circular log support for FreeBSD syslogd (http://software.wwwi.com/syslogd)
+ Copyright © 2001 Jeff Wheelhouse (jdw@wwwi.com)
+
+ Dnsmasq - a DNS forwarder for NAT firewalls (http://www.thekelleys.org.uk)
+ Copyright © 2000-2003 Simon Kelley.
+
+ Racoon (http://www.kame.net/racoon)
+ Copyright © 1995-2002 WIDE Project. All rights reserved.
+
+ msntp (http://www.hpcf.cam.ac.uk/export)
+ Copyright © 1996, 1997, 2000 N.M. Maclaren, University of Cambridge.
+ All rights reserved.
+
+ UCD-SNMP (http://www.ece.ucdavis.edu/ucd-snmp)
+ Copyright © 1989, 1991, 1992 by Carnegie Mellon University.
+ Copyright © 1996, 1998-2000 The Regents of the University of
+ California. All rights reserved.
+ Copyright © 2001-2002, Network Associates Technology, Inc.
+ All rights reserved.
+ Portions of this code are copyright © 2001-2002, Cambridge
+ Broadband Ltd. All rights reserved.
+
+ choparp (http://choparp.sourceforge.net)
+ Copyright © 1997 Takamichi Tateoka (tree@mma.club.uec.ac.jp)
+ Copyright
+© 2002 Thomas Quinot (thomas@cuivre.fr.eu.org)
+
+ BPALogin (http://bpalogin.sourceforge.net) - lightweight portable BIDS2 login client
+ Copyright © 2001-3 Shane Hyde, and others.
+
+ php-radius (http://www.mavetju.org/programming/php.php)
+ Copyright 2000, 2001, 2002 by Edwin Groothuis. All rights reserved.
+ This product includes software developed by Edwin Groothuis.
+
+ wol (http://ahh.sourceforge.net/wol)
+ Copyright © 2000,2001,2002,2003,2004 Thomas Krennwallner <krennwallner@aon.at>
+
+
+
diff --git a/usr/local/www/logobig.jpg b/usr/local/www/logobig.jpg
new file mode 100755
index 0000000..d3143e7
Binary files /dev/null and b/usr/local/www/logobig.jpg differ
diff --git a/usr/local/www/reboot.php b/usr/local/www/reboot.php
new file mode 100755
index 0000000..0dbd6d1
--- /dev/null
+++ b/usr/local/www/reboot.php
@@ -0,0 +1,66 @@
+#!/usr/local/bin/php
+.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+
+if ($_POST) {
+ if ($_POST['Submit'] != " No ") {
+ system_reboot();
+ $rebootmsg = "The system is rebooting now. This may take one minute.";
+ } else {
+ header("Location: index.php");
+ exit;
+ }
+}
+?>
+
+
+
Reboot system
+ + + + + + diff --git a/usr/local/www/services_captiveportal.php b/usr/local/www/services_captiveportal.php new file mode 100755 index 0000000..99fb152 --- /dev/null +++ b/usr/local/www/services_captiveportal.php @@ -0,0 +1,396 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['captiveportal'])) { + $config['captiveportal'] = array(); + $config['captiveportal']['page'] = array(); + $config['captiveportal']['timeout'] = 60; +} + +if ($_GET['act'] == "viewhtml") { + echo base64_decode($config['captiveportal']['page']['htmltext']); + exit; +} else if ($_GET['act'] == "viewerrhtml") { + echo base64_decode($config['captiveportal']['page']['errtext']); + exit; +} + +$pconfig['cinterface'] = $config['captiveportal']['interface']; +$pconfig['timeout'] = $config['captiveportal']['timeout']; +$pconfig['idletimeout'] = $config['captiveportal']['idletimeout']; +$pconfig['enable'] = isset($config['captiveportal']['enable']); +$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']); +$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']); +$pconfig['httpsname'] = $config['captiveportal']['httpsname']; +$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']); +$pconfig['key'] = base64_decode($config['captiveportal']['private-key']); +$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']); +$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']); +$pconfig['redirurl'] = $config['captiveportal']['redirurl']; +$pconfig['radiusip'] = $config['captiveportal']['radiusip']; +$pconfig['radiusport'] = $config['captiveportal']['radiusport']; +$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport']; +$pconfig['radiuskey'] = $config['captiveportal']['radiuskey']; + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable']) { + $reqdfields = explode(" ", "cinterface"); + $reqdfieldsn = explode(",", "Interface"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + /* make sure no interfaces are bridged */ + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $coptif = &$config['interfaces']['opt' . $i]; + if (isset($coptif['enable']) && $coptif['bridge']) { + $input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged."; + break; + } + } + + if ($_POST['httpslogin_enable']) { + if (!$_POST['cert'] || !$_POST['key']) { + $input_errors[] = "Certificate and key must be specified for HTTPS login."; + } else { + if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) + $input_errors[] = "This certificate does not appear to be valid."; + if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY")) + $input_errors[] = "This key does not appear to be valid."; + } + + if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) { + $input_errors[] = "The HTTPS server name must be specified for HTTPS login."; + } + } + } + + if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) { + $input_errors[] = "The timeout must be at least 1 minute."; + } + if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) { + $input_errors[] = "The idle timeout must be at least 1 minute."; + } + if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) { + $input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]"; + } + if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) { + $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; + } + if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) { + $input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]"; + } + + if (!$input_errors) { + $config['captiveportal']['interface'] = $_POST['cinterface']; + $config['captiveportal']['timeout'] = $_POST['timeout']; + $config['captiveportal']['idletimeout'] = $_POST['idletimeout']; + $config['captiveportal']['enable'] = $_POST['enable'] ? true : false; + $config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false; + $config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false; + $config['captiveportal']['httpsname'] = $_POST['httpsname']; + $config['captiveportal']['certificate'] = base64_encode($_POST['cert']); + $config['captiveportal']['private-key'] = base64_encode($_POST['key']); + $config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false; + $config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false; + $config['captiveportal']['redirurl'] = $_POST['redirurl']; + $config['captiveportal']['radiusip'] = $_POST['radiusip']; + $config['captiveportal']['radiusport'] = $_POST['radiusport']; + $config['captiveportal']['radiusacctport'] = $_POST['radiusacctport']; + $config['captiveportal']['radiuskey'] = $_POST['radiuskey']; + + /* file upload? */ + if (is_uploaded_file($_FILES['htmlfile']['tmp_name'])) + $config['captiveportal']['page']['htmltext'] = base64_encode(file_get_contents($_FILES['htmlfile']['tmp_name'])); + if (is_uploaded_file($_FILES['errfile']['tmp_name'])) + $config['captiveportal']['page']['errtext'] = base64_encode(file_get_contents($_FILES['errfile']['tmp_name'])); + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = captiveportal_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + + +Services: Captive portal
+ + + + + + + diff --git a/usr/local/www/services_captiveportal_ip.php b/usr/local/www/services_captiveportal_ip.php new file mode 100755 index 0000000..b3d406a --- /dev/null +++ b/usr/local/www/services_captiveportal_ip.php @@ -0,0 +1,152 @@ +#!/usr/local/bin/php + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['captiveportal']['allowedip'])) + $config['captiveportal']['allowedip'] = array(); + +allowedips_sort(); +$a_allowedips = &$config['captiveportal']['allowedip'] ; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + $retval = captiveportal_allowedip_configure(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_allowedipsdirty_path)) { + config_lock(); + unlink($d_allowedipsdirty_path); + config_unlock(); + } + } + } +} + +if ($_GET['act'] == "del") { + if ($a_allowedips[$_GET['id']]) { + unset($a_allowedips[$_GET['id']]); + write_config(); + touch($d_allowedipsdirty_path); + header("Location: services_captiveportal_ip.php"); + exit; + } +} +?> + + + +Services: Captive portal: Allowed IP addresses
+ + + + diff --git a/usr/local/www/services_captiveportal_ip_edit.php b/usr/local/www/services_captiveportal_ip_edit.php new file mode 100755 index 0000000..4b1cecf --- /dev/null +++ b/usr/local/www/services_captiveportal_ip_edit.php @@ -0,0 +1,152 @@ +#!/usr/local/bin/php + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['captiveportal']['allowedip'])) + $config['captiveportal']['allowedip'] = array(); + +allowedips_sort(); +$a_allowedips = &$config['captiveportal']['allowedip']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_allowedips[$id]) { + $pconfig['ip'] = $a_allowedips[$id]['ip']; + $pconfig['descr'] = $a_allowedips[$id]['descr']; + $pconfig['dir'] = $a_allowedips[$id]['dir']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "ip dir"); + $reqdfieldsn = explode(",", "Allowed IP address,Direction"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { + $input_errors[] = "A valid IP address must be specified. [".$_POST['ip']."]"; + } + + foreach ($a_allowedips as $ipent) { + if (isset($id) && ($a_allowedips[$id]) && ($a_allowedips[$id] === $ipent)) + continue; + + if (($ipent['dir'] == $_POST['dir']) && ($ipent['ip'] == $_POST['ip'])){ + $input_errors[] = "[" . $_POST['ip'] . "] already allowed." ; + break ; + } + } + + if (!$input_errors) { + $ip = array(); + $ip['ip'] = $_POST['ip']; + $ip['descr'] = $_POST['descr']; + $ip['dir'] = $_POST['dir']; + + if (isset($id) && $a_allowedips[$id]) + $a_allowedips[$id] = $ip; + else + $a_allowedips[] = $ip; + + write_config(); + + touch($d_allowedipsdirty_path) ; + + header("Location: services_captiveportal_ip.php"); + exit; + } +} +?> + + + +Services: Captive portal: Edit allowed IP address
+ + + + + diff --git a/usr/local/www/services_captiveportal_mac.php b/usr/local/www/services_captiveportal_mac.php new file mode 100755 index 0000000..d38c58c --- /dev/null +++ b/usr/local/www/services_captiveportal_mac.php @@ -0,0 +1,133 @@ +#!/usr/local/bin/php + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['captiveportal']['passthrumac'])) + $config['captiveportal']['passthrumac'] = array(); + +passthrumacs_sort(); +$a_passthrumacs = &$config['captiveportal']['passthrumac'] ; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + $retval = captiveportal_passthrumac_configure(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_passthrumacsdirty_path)) { + config_lock(); + unlink($d_passthrumacsdirty_path); + config_unlock(); + } + } + } +} + +if ($_GET['act'] == "del") { + if ($a_passthrumacs[$_GET['id']]) { + unset($a_passthrumacs[$_GET['id']]); + write_config(); + touch($d_passthrumacsdirty_path); + header("Location: services_captiveportal_mac.php"); + exit; + } +} +?> + + + +Services: Captive portal: Pass-through MAC addresses
+ + + + diff --git a/usr/local/www/services_captiveportal_mac_edit.php b/usr/local/www/services_captiveportal_mac_edit.php new file mode 100755 index 0000000..f763bac --- /dev/null +++ b/usr/local/www/services_captiveportal_mac_edit.php @@ -0,0 +1,134 @@ +#!/usr/local/bin/php + + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['captiveportal']['passthrumac'])) + $config['captiveportal']['passthrumac'] = array(); + +passthrumacs_sort(); +$a_passthrumacs = &$config['captiveportal']['passthrumac']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_passthrumacs[$id]) { + $pconfig['mac'] = $a_passthrumacs[$id]['mac']; + $pconfig['descr'] = $a_passthrumacs[$id]['descr']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "mac"); + $reqdfieldsn = explode(",", "MAC address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['mac'] && !is_macaddr($_POST['mac']))) { + $input_errors[] = "A valid MAC address must be specified. [".$_POST['mac']."]"; + } + + foreach ($a_passthrumacs as $macent) { + if (isset($id) && ($a_passthrumacs[$id]) && ($a_passthrumacs[$id] === $macent)) + continue; + + if ($macent['mac'] == $_POST['mac']){ + $input_errors[] = "[" . $_POST['mac'] . "] already allowed." ; + break; + } + } + + if (!$input_errors) { + $mac = array(); + $mac['mac'] = $_POST['mac']; + $mac['descr'] = $_POST['descr']; + + if (isset($id) && $a_passthrumacs[$id]) + $a_passthrumacs[$id] = $mac; + else + $a_passthrumacs[] = $mac; + + write_config(); + + touch($d_passthrumacsdirty_path) ; + + header("Location: services_captiveportal_mac.php"); + exit; + } +} +?> + + + +Services: Captive portal: Edit pass-through MAC address
+ + + + + diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php new file mode 100755 index 0000000..5b35b6a --- /dev/null +++ b/usr/local/www/services_dhcp.php @@ -0,0 +1,337 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$if = $_GET['if']; +if ($_POST['if']) + $if = $_POST['if']; + +$iflist = array("lan" => "LAN"); + +for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $oc = $config['interfaces']['opt' . $i]; + + if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) { + $iflist['opt' . $i] = $oc['descr']; + } +} + +if (!$if || !isset($iflist[$if])) + $if = "lan"; + +$pconfig['range_from'] = $config['dhcpd'][$if]['range']['from']; +$pconfig['range_to'] = $config['dhcpd'][$if]['range']['to']; +$pconfig['deftime'] = $config['dhcpd'][$if]['defaultleasetime']; +$pconfig['maxtime'] = $config['dhcpd'][$if]['maxleasetime']; +list($pconfig['wins1'],$pconfig['wins2']) = $config['dhcpd'][$if]['winsserver']; +$pconfig['enable'] = isset($config['dhcpd'][$if]['enable']); +$pconfig['denyunknown'] = isset($config['dhcpd'][$if]['denyunknown']); + +$ifcfg = $config['interfaces'][$if]; + +if (!is_array($config['dhcpd'][$if]['staticmap'])) { + $config['dhcpd'][$if]['staticmap'] = array(); +} +staticmaps_sort($if); +$a_maps = &$config['dhcpd'][$if]['staticmap']; + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable']) { + $reqdfields = explode(" ", "range_from range_to"); + $reqdfieldsn = explode(",", "Range begin,Range end"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['range_from'] && !is_ipaddr($_POST['range_from']))) { + $input_errors[] = "A valid range must be specified."; + } + if (($_POST['range_to'] && !is_ipaddr($_POST['range_to']))) { + $input_errors[] = "A valid range must be specified."; + } + if (($_POST['wins1'] && !is_ipaddr($_POST['wins1'])) || ($_POST['wins2'] && !is_ipaddr($_POST['wins2']))) { + $input_errors[] = "A valid IP address must be specified for the primary/secondary WINS server."; + } + if ($_POST['deftime'] && (!is_numeric($_POST['deftime']) || ($_POST['deftime'] < 60))) { + $input_errors[] = "The default lease time must be at least 60 seconds."; + } + if ($_POST['maxtime'] && (!is_numeric($_POST['maxtime']) || ($_POST['maxtime'] < 60) || ($_POST['maxtime'] <= $_POST['deftime']))) { + $input_errors[] = "The maximum lease time must be at least 60 seconds and higher than the default lease time."; + } + + if (!$input_errors) { + /* make sure the range lies within the current subnet */ + $subnet_start = (ip2long($ifcfg['ipaddr']) & gen_subnet_mask_long($ifcfg['subnet'])); + $subnet_end = (ip2long($ifcfg['ipaddr']) | (~gen_subnet_mask_long($ifcfg['subnet']))); + + if ((ip2long($_POST['range_from']) < $subnet_start) || (ip2long($_POST['range_from']) > $subnet_end) || + (ip2long($_POST['range_to']) < $subnet_start) || (ip2long($_POST['range_to']) > $subnet_end)) { + $input_errors[] = "The specified range lies outside of the current subnet."; + } + + if (ip2long($_POST['range_from']) > ip2long($_POST['range_to'])) + $input_errors[] = "The range is invalid (first element higher than second element)."; + + /* make sure that the DHCP Relay isn't enabled on this interface */ + if (isset($config['dhcrelay'][$if]['enable'])) + $input_errors[] = "You must disable the DHCP relay on the {$iflist[$if]} interface before enabling the DHCP server."; + } + } + + if (!$input_errors) { + $config['dhcpd'][$if]['range']['from'] = $_POST['range_from']; + $config['dhcpd'][$if]['range']['to'] = $_POST['range_to']; + $config['dhcpd'][$if]['defaultleasetime'] = $_POST['deftime']; + $config['dhcpd'][$if]['maxleasetime'] = $_POST['maxtime']; + $config['dhcpd'][$if]['enable'] = $_POST['enable'] ? true : false; + $config['dhcpd'][$if]['denyunknown'] = $_POST['denyunknown'] ? true : false; + + unset($config['dhcpd'][$if]['winsserver']); + if ($_POST['wins1']) + $config['dhcpd'][$if]['winsserver'][] = $_POST['wins1']; + if ($_POST['wins2']) + $config['dhcpd'][$if]['winsserver'][] = $_POST['wins2']; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = services_dhcpd_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_staticmapsdirty_path)) + unlink($d_staticmapsdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_maps[$_GET['id']]) { + unset($a_maps[$_GET['id']]); + write_config(); + touch($d_staticmapsdirty_path); + header("Location: services_dhcp.php?if={$if}"); + exit; + } +} +?> + + + +Services: DHCP server
+ + + + + diff --git a/usr/local/www/services_dhcp_edit.php b/usr/local/www/services_dhcp_edit.php new file mode 100755 index 0000000..80f64a9 --- /dev/null +++ b/usr/local/www/services_dhcp_edit.php @@ -0,0 +1,176 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$if = $_GET['if']; +if ($_POST['if']) + $if = $_POST['if']; + +if (!$if) { + header("Location: services_dhcp.php"); + exit; +} + +if (!is_array($config['dhcpd'][$if]['staticmap'])) { + $config['dhcpd'][$if]['staticmap'] = array(); +} +staticmaps_sort($if); +$a_maps = &$config['dhcpd'][$if]['staticmap']; +$ifcfg = &$config['interfaces'][$if]; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_maps[$id]) { + $pconfig['mac'] = $a_maps[$id]['mac']; + $pconfig['ipaddr'] = $a_maps[$id]['ipaddr']; + $pconfig['descr'] = $a_maps[$id]['descr']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "mac"); + $reqdfieldsn = explode(",", "MAC address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['ipaddr'] && !is_ipaddr($_POST['ipaddr']))) { + $input_errors[] = "A valid IP address must be specified."; + } + if (($_POST['mac'] && !is_macaddr($_POST['mac']))) { + $input_errors[] = "A valid MAC address must be specified."; + } + + /* check for overlaps */ + foreach ($a_maps as $mapent) { + if (isset($id) && ($a_maps[$id]) && ($a_maps[$id] === $mapent)) + continue; + + if (($mapent['mac'] == $_POST['mac']) || ($_POST['ipaddr'] && (ip2long($mapent['ipaddr']) == ip2long($_POST['ipaddr'])))) { + $input_errors[] = "This IP or MAC address already exists."; + break; + } + } + + /* make sure it's not within the dynamic subnet */ + if ($_POST['ipaddr']) { + $dynsubnet_start = ip2long($config['dhcpd'][$if]['range']['from']); + $dynsubnet_end = ip2long($config['dhcpd'][$if]['range']['to']); + $lansubnet_start = (ip2long($ifcfg['ipaddr']) & gen_subnet_mask_long($ifcfg['subnet'])); + $lansubnet_end = (ip2long($ifcfg['ipaddr']) | (~gen_subnet_mask_long($ifcfg['subnet']))); + + if ((ip2long($_POST['ipaddr']) >= $dynsubnet_start) && + (ip2long($_POST['ipaddr']) <= $dynsubnet_end)) { + $input_errors[] = "Static IP addresses may not lie within the dynamic client range."; + } + if ((ip2long($_POST['ipaddr']) < $lansubnet_start) || + (ip2long($_POST['ipaddr']) > $lansubnet_end)) { + $input_errors[] = "The IP address must lie in the {$ifcfg['descr']} subnet."; + } + } + + if (!$input_errors) { + $mapent = array(); + $mapent['mac'] = $_POST['mac']; + $mapent['ipaddr'] = $_POST['ipaddr']; + $mapent['descr'] = $_POST['descr']; + + if (isset($id) && $a_maps[$id]) + $a_maps[$id] = $mapent; + else + $a_maps[] = $mapent; + + touch($d_staticmapsdirty_path); + + write_config(); + + header("Location: services_dhcp.php?if={$if}"); + exit; + } +} +?> + + + +Services: DHCP: Edit static mapping
+ + + + + diff --git a/usr/local/www/services_dhcp_relay.php b/usr/local/www/services_dhcp_relay.php new file mode 100755 index 0000000..674077c --- /dev/null +++ b/usr/local/www/services_dhcp_relay.php @@ -0,0 +1,229 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +function get_wan_dhcp_server() { + global $config, $g; + $dhclientfn = $g['vardb_path'] . "/dhclient.leases"; + $leases = file($dhclientfn); + /* Start at the end, work backwards finding the latest lease for the WAN */ + for ($i = (count($leases)-1); $i >= 0; $i--) { + if ($leases[$i] == "}") { + unset($iface); + unset($dhcpserver); + } elseif (strstr($leases[$i],"interface")) { + preg_match("/\s+interface \"(\w+)\";/",$leases[$i],$iface); + } elseif (strstr($leases[$i],"dhcp-server-identifier")) { + preg_match("/\s+dhcp-server-identifier (\d+\.\d+\.\d+\.\d+);/",$leases[$i],$dhcpserver); + } + if ($iface == $config['interfaces']['wan'] && isset($dhcpserver)) { + break; + } + } + return $dhcpserver[1]; +} + + +require("guiconfig.inc"); + +$if = $_GET['if']; +if ($_POST['if']) + $if = $_POST['if']; + +$iflist = array("lan" => "LAN"); + +for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) { + $oc = $config['interfaces']['opt' . $i]; + + if (isset($oc['enable']) && $oc['if'] && (!$oc['bridge'])) { + $iflist['opt' . $i] = $oc['descr']; + } +} + +if (!$if || !isset($iflist[$if])) + $if = "lan"; + +$pconfig['enable'] = isset($config['dhcrelay'][$if]['enable']); +$pconfig['server'] = $config['dhcrelay']['server']; +$pconfig['proxydhcp'] = isset($config['dhcrelay']['proxydhcp']); +$pconfig['agentoption'] = isset($config['dhcrelay']['agentoption']); + +$ifcfg = $config['interfaces'][$if]; + + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable']) { + if (isset($_POST['proxydhcp'])) + $_POST['server'] = get_wan_dhcp_server(); + $reqdfields = explode(" ", "server"); + $reqdfieldsn = explode(",", "Destination Server"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['server'] && !is_ipaddr($_POST['server']))) + $input_errors[] = "A valid Destination Server IP address must be specified."; + + if (!$input_errors) { + /* make sure that the DHCP server isn't enabled on this interface */ + if (isset($config['dhcpd'][$if]['enable'])) + $input_errors[] = "You must disable the DHCP server on the {$iflist[$if]} interface before enabling the DHCP Relay."; + /* make sure that the DHCP server isn't running on any of the implied interfaces */ + foreach ($config['interfaces'] as $ifname => $ifcfg) { + $subnet = $ifcfg['ipaddr'] . "/" . $ifcfg['subnet']; + if (ip_in_subnet($_POST['server'],$subnet)) + $destif = $ifname; + } + if (!isset($destif)) + $destif = "wan"; + if (isset($config['dhcpd'][$destif]['enable'])) + $input_errors[] = "You must disable the DHCP server on the {$destif} interface before enabling the DHCP Relay."; + + /* if proxydhcp is selected, make sure DHCP is enabled on WAN */ + if (isset($config['dhcrelay']['proxydhcp']) && $config['interfaces']['wan']['ipaddr'] != "dhcp") + $input_errors[] = "You must have DHCP active on the WAN interface before enabling the DHCP proxy option."; + } + } + + if (!$input_errors) { + $config['dhcrelay']['agentoption'] = $_POST['agentoption'] ? true : false; + $config['dhcrelay']['proxydhcp'] = $_POST['proxydhcp'] ? true : false; + $config['dhcrelay']['server'] = $_POST['server']; + $config['dhcrelay'][$if]['enable'] = $_POST['enable'] ? true : false; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = services_dhcrelay_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + } +} + +?> + + + +Services: DHCP relay
+ + + + + diff --git a/usr/local/www/services_dnsmasq.php b/usr/local/www/services_dnsmasq.php new file mode 100755 index 0000000..c69bb85 --- /dev/null +++ b/usr/local/www/services_dnsmasq.php @@ -0,0 +1,168 @@ +#!/usr/local/bin/php + and Manuel KasperServices: DNS forwarder
+ + + + diff --git a/usr/local/www/services_dnsmasq_edit.php b/usr/local/www/services_dnsmasq_edit.php new file mode 100755 index 0000000..810a415 --- /dev/null +++ b/usr/local/www/services_dnsmasq_edit.php @@ -0,0 +1,160 @@ +#!/usr/local/bin/php + and Manuel KasperServices: DNS forwarder: Edit host
+ + + + + diff --git a/usr/local/www/services_dyndns.php b/usr/local/www/services_dyndns.php new file mode 100755 index 0000000..e4864e6 --- /dev/null +++ b/usr/local/www/services_dyndns.php @@ -0,0 +1,197 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$pconfig['username'] = $config['dyndns']['username']; +$pconfig['password'] = $config['dyndns']['password']; +$pconfig['host'] = $config['dyndns']['host']; +$pconfig['mx'] = $config['dyndns']['mx']; +$pconfig['type'] = $config['dyndns']['type']; +$pconfig['enable'] = isset($config['dyndns']['enable']); +$pconfig['wildcard'] = isset($config['dyndns']['wildcard']); + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable']) { + $reqdfields = explode(" ", "host username password type"); + $reqdfieldsn = explode(",", "Hostname,Username,Password,Service type"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + } + + if (($_POST['host'] && !is_domain($_POST['host']))) { + $input_errors[] = "The host name contains invalid characters."; + } + if (($_POST['mx'] && !is_domain($_POST['mx']))) { + $input_errors[] = "The MX contains invalid characters."; + } + if (($_POST['username'] && !is_dyndns_username($_POST['username']))) { + $input_errors[] = "The username contains invalid characters."; + } + + if (!$input_errors) { + $config['dyndns']['type'] = $_POST['type']; + $config['dyndns']['username'] = $_POST['username']; + $config['dyndns']['password'] = $_POST['password']; + $config['dyndns']['host'] = $_POST['host']; + $config['dyndns']['mx'] = $_POST['mx']; + $config['dyndns']['wildcard'] = $_POST['wildcard'] ? true : false; + $config['dyndns']['enable'] = $_POST['enable'] ? true : false; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + /* nuke the cache file */ + config_lock(); + services_dyndns_reset(); + $retval = services_dyndns_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + + +Services: Dynamic DNS client
+ + + + + + + diff --git a/usr/local/www/services_proxyarp.php b/usr/local/www/services_proxyarp.php new file mode 100755 index 0000000..ecb7315 --- /dev/null +++ b/usr/local/www/services_proxyarp.php @@ -0,0 +1,124 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['proxyarp']['proxyarpnet'])) { + $config['proxyarp']['proxyarpnet'] = array(); +} +proxyarp_sort(); +$a_proxyarp = &$config['proxyarp']['proxyarpnet']; + +if ($_POST) { + $pconfig = $_POST; + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = services_proxyarp_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + + if ($retval == 0) { + if (file_exists($d_proxyarpdirty_path)) + unlink($d_proxyarpdirty_path); + } +} + +if ($_GET['act'] == "del") { + if ($a_proxyarp[$_GET['id']]) { + unset($a_proxyarp[$_GET['id']]); + write_config(); + touch($d_proxyarpdirty_path); + header("Location: services_proxyarp.php"); + exit; + } +} +?> + + + +Services: Proxy ARP
+ +Note:
+ Proxy ARP can be used if you need m0n0wall to send ARP
+ replies on the WAN interface for other IP addresses than its own WAN
+ IP address (e.g. for 1:1, advanced outbound or server NAT). It is not
+ necessary if you have a subnet routed to you or if you use PPPoE/PPTP, and it only works if
+ the WAN interface is configured with a static IP address or DHCP.
Services: Proxy ARP: Edit
+ + + + + + diff --git a/usr/local/www/services_snmp.php b/usr/local/www/services_snmp.php new file mode 100755 index 0000000..e7c4464 --- /dev/null +++ b/usr/local/www/services_snmp.php @@ -0,0 +1,145 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['snmpd'])) { + $config['snmpd'] = array(); + $config['snmpd']['rocommunity'] = "public"; +} + +$pconfig['syslocation'] = $config['snmpd']['syslocation']; +$pconfig['syscontact'] = $config['snmpd']['syscontact']; +$pconfig['rocommunity'] = $config['snmpd']['rocommunity']; +$pconfig['enable'] = isset($config['snmpd']['enable']); + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['enable']) { + $reqdfields = explode(" ", "rocommunity"); + $reqdfieldsn = explode(",", "Community"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + } + + if (!$input_errors) { + $config['snmpd']['syslocation'] = $_POST['syslocation']; + $config['snmpd']['syscontact'] = $_POST['syscontact']; + $config['snmpd']['rocommunity'] = $_POST['rocommunity']; + $config['snmpd']['enable'] = $_POST['enable'] ? true : false; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = services_snmpd_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + + +Services: SNMP
+ + + + + + + diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php new file mode 100755 index 0000000..1ee5946 --- /dev/null +++ b/usr/local/www/services_wol.php @@ -0,0 +1,162 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['wol']['wolentry'])) { + $config['wol']['wolentry'] = array(); +} +wol_sort(); +$a_wol = &$config['wol']['wolentry']; + +if ($_POST || $_GET['mac']) { + unset($input_errors); + + if ($_GET['mac']) { + $mac = $_GET['mac']; + $if = $_GET['if']; + } else { + $mac = $_POST['mac_input']; + $if = $_POST['interface']; + } + + /* input validation */ + if (!$mac || !is_macaddr($mac)) + $input_errors[] = "A valid MAC address must be specified."; + if (!$if) + $input_errors[] = "A valid interface must be specified."; + + if (!$input_errors) { + /* determine broadcast address */ + $bcip = gen_subnet_max($config['interfaces'][$if]['ipaddr'], + $config['interfaces'][$if]['subnet']); + + mwexec("/usr/local/bin/wol -i {$bcip} {$mac}"); + $savemsg = "Sent magic packet to {$mac}."; + } +} + +if ($_GET['act'] == "del") { + if ($a_wol[$_GET['id']]) { + unset($a_wol[$_GET['id']]); + write_config(); + header("Location: services_wol.php"); + exit; + } +} +?> + + + +Services: Wake on LAN
+ + + + + + diff --git a/usr/local/www/services_wol_edit.php b/usr/local/www/services_wol_edit.php new file mode 100755 index 0000000..1d483f7 --- /dev/null +++ b/usr/local/www/services_wol_edit.php @@ -0,0 +1,143 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['wol']['wolentry'])) { + $config['wol']['wolentry'] = array(); +} +wol_sort(); +$a_wol = &$config['wol']['wolentry']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_wol[$id]) { + $pconfig['interface'] = $a_wol[$id]['interface']; + $pconfig['mac'] = $a_wol[$id]['mac']; + $pconfig['descr'] = $a_wol[$id]['descr']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "interface mac"); + $reqdfieldsn = explode(",", "Interface,MAC address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['mac'] && !is_macaddr($_POST['mac']))) { + $input_errors[] = "A valid MAC address must be specified."; + } + + if (!$input_errors) { + $wolent = array(); + $wolent['interface'] = $_POST['interface']; + $wolent['mac'] = $_POST['mac']; + $wolent['descr'] = $_POST['descr']; + + if (isset($id) && $a_wol[$id]) + $a_wol[$id] = $wolent; + else + $a_wol[] = $wolent; + + write_config(); + + header("Location: services_wol.php"); + exit; + } +} +?> + + + +Services: Wake on LAN: Edit entry
+ + + + + diff --git a/usr/local/www/status.php b/usr/local/www/status.php new file mode 100755 index 0000000..0b54797 --- /dev/null +++ b/usr/local/www/status.php @@ -0,0 +1,150 @@ +#!/usr/local/bin/php + Nov 2003 + * + * (modified for m0n0wall by Manuel Kasper\n"; + echo "\n"; + echo "
" . $title . " |
"; /* no newline after pre */ + + if ($command == "dumpconfigxml") { + $fd = @fopen("/conf/config.xml", "r"); + if ($fd) { + while (!feof($fd)) { + $line = fgets($fd); + /* remove password tag contents */ + $line = preg_replace("/ |
This status page includes the following information:\n"; + echo "
=$pageTitle;?>
+=$currentDate;?>
+
Note: make sure to remove any sensitive information
+(passwords, maybe also IP addresses) before posting
+information from this page in public places (like mailing lists)!
+Passwords in config.xml have been automatically removed.
+
+
+
+
+
+
+
diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php
new file mode 100755
index 0000000..80f2eff
--- /dev/null
+++ b/usr/local/www/status_captiveportal.php
@@ -0,0 +1,128 @@
+#!/usr/local/bin/php
+.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require("guiconfig.inc");
+?>
+
+
+
Status: Captive portal
+ +IP address | +MAC address | + +Session start | +Last activity | + +Session start | + ++ |
=$cpent[2];?> | +=$cpent[3];?> | +=htmlspecialchars(date("m/d/Y H:i:s", $cpent[0]));?> | + ++ + | + | +
+
+ + + + diff --git a/usr/local/www/status_graph.php b/usr/local/www/status_graph.php new file mode 100755 index 0000000..15330fd --- /dev/null +++ b/usr/local/www/status_graph.php @@ -0,0 +1,80 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$curif = "wan"; +if ($_GET['if']) + $curif = $_GET['if']; + +if ($curif == "wan") + $ifnum = get_real_wan_interface(); +else + $ifnum = $config['interfaces'][$curif]['if']; +?> + + + +Status: Traffic graph
+ 'WAN', 'lan' => 'LAN'); + +for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + $ifdescrs['opt' . $j] = $config['interfaces']['opt' . $j]['descr']; +} +?> + +Note: the Adobe SVG viewer is required to view the graph. + + + diff --git a/usr/local/www/status_interfaces.php b/usr/local/www/status_interfaces.php new file mode 100755 index 0000000..480312b --- /dev/null +++ b/usr/local/www/status_interfaces.php @@ -0,0 +1,283 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +function get_interface_info($ifdescr) { + + global $config, $g; + + $ifinfo = array(); + + /* find out interface name */ + if ($ifdescr == "wan") + $ifinfo['if'] = get_real_wan_interface(); + else + $ifinfo['if'] = $config['interfaces'][$ifdescr]['if']; + + /* run netstat to determine link info */ + unset($linkinfo); + exec("/usr/bin/netstat -I " . $ifinfo['if'] . " -nWb -f link", $linkinfo); + $linkinfo = preg_split("/\s+/", $linkinfo[1]); + if (preg_match("/\*$/", $linkinfo[0])) { + $ifinfo['status'] = "down"; + } else { + $ifinfo['status'] = "up"; + } + + if (($ifinfo['if'] != $g['pppoe_interface']) && (!strstr($ifinfo['if'],'tun'))) { + $ifinfo['macaddr'] = $linkinfo[3]; + $ifinfo['inpkts'] = $linkinfo[4]; + $ifinfo['inerrs'] = $linkinfo[5]; + $ifinfo['inbytes'] = $linkinfo[6]; + $ifinfo['outpkts'] = $linkinfo[7]; + $ifinfo['outerrs'] = $linkinfo[8]; + $ifinfo['outbytes'] = $linkinfo[9]; + $ifinfo['collisions'] = $linkinfo[10]; + } else { + $ifinfo['inpkts'] = $linkinfo[3]; + $ifinfo['inbytes'] = $linkinfo[5]; + $ifinfo['outpkts'] = $linkinfo[6]; + $ifinfo['outbytes'] = $linkinfo[8]; + } + + if ($ifinfo['status'] == "up") { + /* run netstat to determine inet info */ + unset($inetinfo); + exec("/usr/bin/netstat -I " . $ifinfo['if'] . " -nWb -f inet", $inetinfo); + $inetinfo = preg_split("/\s+/", $inetinfo[1]); + + $ifinfo['ipaddr'] = $inetinfo[3]; + + if ($ifdescr == "wan") { + /* run netstat to determine the default gateway */ + unset($netstatrninfo); + exec("/usr/bin/netstat -rnf inet", $netstatrninfo); + + foreach ($netstatrninfo as $nsr) { + if (preg_match("/^default\s*(\S+)/", $nsr, $matches)) { + $ifinfo['gateway'] = $matches[1]; + } + } + } + + /* try to determine netmask and media with ifconfig */ + unset($ifconfiginfo); + exec("/sbin/ifconfig " . $ifinfo['if'], $ifconfiginfo); + + foreach ($ifconfiginfo as $ici) { + if (preg_match("/netmask (\S+)/", $ici, $matches) && !$ifinfo['subnet']) { + if (preg_match("/^0x/", $matches[1])) { + $ifinfo['subnet'] = long2ip(hexdec($matches[1])); + } + } + if (!isset($config['interfaces'][$ifdescr]['wireless'])) { + /* don't list media/speed for wireless cards, as it always + displays 2 Mbps even though clients can connect at 11 Mbps */ + if (preg_match("/media: .*? \((.*?)\)/", $ici, $matches)) { + $ifinfo['media'] = $matches[1]; + } else if (preg_match("/media: Ethernet (.*)/", $ici, $matches)) { + $ifinfo['media'] = $matches[1]; + } + } + if (preg_match("/status: (.*)$/", $ici, $matches)) { + if ($matches[1] != "active") + $ifinfo['status'] = $matches[1]; + } + if (preg_match("/channel (\S*)/", $ici, $matches)) { + $ifinfo['channel'] = $matches[1]; + } + if (preg_match("/ssid (\S*)/", $ici, $matches)) { + $ifinfo['ssid'] = $matches[1]; + } + } + + /* PPPoE only: get media from underlying ethernet interface */ + if (($ifdescr == "wan") && ($config['interfaces']['wan']['ipaddr'] == "pppoe")) { + unset($ifconfiginfo); + exec("/sbin/ifconfig " . $config['interfaces']['wan']['if'], $ifconfiginfo); + + foreach ($ifconfiginfo as $ici) { + if (preg_match("/media: .*? \((.*?)\)/", $ici, $matches)) { + $ifinfo['media'] = $matches[1]; + } else if (preg_match("/ether (.*)/", $ici, $matches)) { + $ifinfo['macaddr'] = $matches[1]; + } + } + + /* get pppoe link status for dial on demand */ + unset($ifconfiginfo); + exec("/sbin/ifconfig " . $ifinfo['if'], $ifconfiginfo); + + $ifinfo['pppoelink'] = "up"; + + foreach ($ifconfiginfo as $ici) { + if (strpos($ici, 'LINK0') !== false) + $ifinfo['pppoelink'] = "down"; + } + } + + /* get ppptp link status for dial on demand */ + if (($ifdescr == "wan") && ($config['interfaces']['wan']['ipaddr'] == "pptp")) { + + unset($ifconfiginfo); + exec("/sbin/ifconfig " . $ifinfo['if'], $ifconfiginfo); + + $ifinfo['pptplink'] = "up"; + + foreach ($ifconfiginfo as $ici) { + if (strpos($ici, 'LINK0') !== false) + $ifinfo['pptplink'] = "down"; + } + } + } + + return $ifinfo; +} + +?> + + +
+Status: Interfaces
++ | |||||||
+ =htmlspecialchars($ifname);?> + interface | +|||||||
Status | ++ =htmlspecialchars($ifinfo['status']);?> + | +||||||
PPPoE | ++ =htmlspecialchars($ifinfo['pppoelink']);?> + | +||||||
PPTP | ++ =htmlspecialchars($ifinfo['pptplink']);?> + | +||||||
MAC address | ++ =htmlspecialchars($ifinfo['macaddr']);?> + | +||||||
IP address | ++ =htmlspecialchars($ifinfo['ipaddr']);?> + | +||||||
Subnet mask | ++ =htmlspecialchars($ifinfo['subnet']);?> + | +||||||
Gateway | ++ =htmlspecialchars($ifinfo['gateway']);?> + | +||||||
Media | ++ =htmlspecialchars($ifinfo['media']);?> + | +||||||
Channel | ++ =htmlspecialchars($ifinfo['channel']);?> + | +||||||
SSID | ++ =htmlspecialchars($ifinfo['ssid']);?> + | +||||||
In/out packets | ++ =htmlspecialchars($ifinfo['inpkts'] . "/" . $ifinfo['outpkts'] . " (" . + format_bytes($ifinfo['inbytes']) . "/" . format_bytes($ifinfo['outbytes']) . ")");?> + | +||||||
In/out errors | ++ =htmlspecialchars($ifinfo['inerrs'] . "/" . $ifinfo['outerrs']);?> + | +||||||
Collisions | ++ =htmlspecialchars($ifinfo['collisions']);?> + | +
Status: Wireless
+ 0): ?> ++ | |||||||||||
+ =htmlspecialchars($ifname);?> interface (SSID "=htmlspecialchars($config['interfaces'][$ifdescr]['wireless']['ssid']);?>") | +|||||||||||
Signal strength + cache | +
+
|
+ ||||||||||
Associated stations + | +
+
|
+
No supported wireless interfaces were found for status display.
+ + + + diff --git a/usr/local/www/system.php b/usr/local/www/system.php new file mode 100755 index 0000000..90e9502 --- /dev/null +++ b/usr/local/www/system.php @@ -0,0 +1,260 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$pconfig['hostname'] = $config['system']['hostname']; +$pconfig['domain'] = $config['system']['domain']; +list($pconfig['dns1'],$pconfig['dns2']) = $config['system']['dnsserver']; +$pconfig['dnsallowoverride'] = isset($config['system']['dnsallowoverride']); +$pconfig['username'] = $config['system']['username']; +if (!$pconfig['username']) + $pconfig['username'] = "admin"; +$pconfig['webguiproto'] = $config['system']['webgui']['protocol']; +if (!$pconfig['webguiproto']) + $pconfig['webguiproto'] = "http"; +$pconfig['webguiport'] = $config['system']['webgui']['port']; +$pconfig['timezone'] = $config['system']['timezone']; +$pconfig['timeupdateinterval'] = $config['system']['time-update-interval']; +$pconfig['timeservers'] = $config['system']['timeservers']; + +if (!isset($pconfig['timeupdateinterval'])) + $pconfig['timeupdateinterval'] = 300; +if (!$pconfig['timezone']) + $pconfig['timezone'] = "Etc/UTC"; +if (!$pconfig['timeservers']) + $pconfig['timeservers'] = "pool.ntp.org"; + +function is_timezone($elt) { + return !preg_match("/\/$/", $elt); +} + +exec('/usr/bin/tar -tzf /usr/share/zoneinfo.tgz', $timezonelist); +$timezonelist = array_filter($timezonelist, 'is_timezone'); +sort($timezonelist); + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = split(" ", "hostname domain username"); + $reqdfieldsn = split(",", "Hostname,Domain,Username"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if ($_POST['hostname'] && !is_hostname($_POST['hostname'])) { + $input_errors[] = "The hostname may only contain the characters a-z, 0-9 and '-'."; + } + if ($_POST['domain'] && !is_domain($_POST['domain'])) { + $input_errors[] = "The domain may only contain the characters a-z, 0-9, '-' and '.'."; + } + if (($_POST['dns1'] && !is_ipaddr($_POST['dns1'])) || ($_POST['dns2'] && !is_ipaddr($_POST['dns2']))) { + $input_errors[] = "A valid IP address must be specified for the primary/secondary DNS server."; + } + if ($_POST['username'] && !preg_match("/^[a-zA-Z0-9]*$/", $_POST['username'])) { + $input_errors[] = "The username may only contain the characters a-z, A-Z and 0-9."; + } + if ($_POST['webguiport'] && (!is_numericint($_POST['webguiport']) || + ($_POST['webguiport'] < 1) || ($_POST['webguiport'] > 65535))) { + $input_errors[] = "A valid TCP/IP port must be specified for the webGUI port."; + } + if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) { + $input_errors[] = "The passwords do not match."; + } + + $t = (int)$_POST['timeupdateinterval']; + if (($t < 0) || (($t > 0) && ($t < 6)) || ($t > 1440)) { + $input_errors[] = "The time update interval must be either 0 (disabled) or between 6 and 1440."; + } + foreach (explode(' ', $_POST['timeservers']) as $ts) { + if (!is_domain($ts)) { + $input_errors[] = "A NTP Time Server name may only contain the characters a-z, 0-9, '-' and '.'."; + } + } + + if (!$input_errors) { + $config['system']['hostname'] = strtolower($_POST['hostname']); + $config['system']['domain'] = strtolower($_POST['domain']); + $oldwebguiproto = $config['system']['webgui']['protocol']; + $config['system']['username'] = $_POST['username']; + $config['system']['webgui']['protocol'] = $pconfig['webguiproto']; + $oldwebguiport = $config['system']['webgui']['port']; + $config['system']['webgui']['port'] = $pconfig['webguiport']; + $config['system']['timezone'] = $_POST['timezone']; + $config['system']['timeservers'] = strtolower($_POST['timeservers']); + $config['system']['time-update-interval'] = $_POST['timeupdateinterval']; + + unset($config['system']['dnsserver']); + if ($_POST['dns1']) + $config['system']['dnsserver'][] = $_POST['dns1']; + if ($_POST['dns2']) + $config['system']['dnsserver'][] = $_POST['dns2']; + + $config['system']['dnsallowoverride'] = $_POST['dnsallowoverride'] ? true : false; + + if ($_POST['password']) { + $config['system']['password'] = crypt($_POST['password']); + } + + write_config(); + + if (($oldwebguiproto != $config['system']['webgui']['protocol']) || + ($oldwebguiport != $config['system']['webgui']['port'])) + touch($d_sysrebootreqd_path); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = system_hostname_configure(); + $retval |= system_hosts_generate(); + $retval |= system_resolvconf_generate(); + $retval |= system_password_configure(); + $retval |= services_dnsmasq_configure(); + $retval |= system_timezone_configure(); + $retval |= system_ntp_configure(); + config_unlock(); + } + + $savemsg = get_std_save_message($retval); + } +} +?> + + + +System: General setup
+ + + + + + diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php new file mode 100755 index 0000000..dbc665a --- /dev/null +++ b/usr/local/www/system_advanced.php @@ -0,0 +1,289 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$pconfig['filteringbridge_enable'] = isset($config['bridge']['filteringbridge']); +$pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']); +$pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr']; +$pconfig['cert'] = base64_decode($config['system']['webgui']['certificate']); +$pconfig['key'] = base64_decode($config['system']['webgui']['private-key']); +$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']); +$pconfig['disablefirmwarecheck'] = isset($config['system']['disablefirmwarecheck']); +$pconfig['expanddiags'] = isset($config['system']['webgui']['expanddiags']); +if ($g['platform'] == "generic-pc") + $pconfig['harddiskstandby'] = $config['system']['harddiskstandby']; +$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']); +$pconfig['tcpidletimeout'] = $config['filter']['tcpidletimeout']; + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['ipv6nat_enable'] && !is_ipaddr($_POST['ipv6nat_ipaddr'])) { + $input_errors[] = "You must specify an IP address to NAT IPv6 packets."; + } + if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) { + $input_errors[] = "The TCP idle timeout must be an integer."; + } + if (($_POST['cert'] && !$_POST['key']) || ($_POST['key'] && !$_POST['cert'])) { + $input_errors[] = "Certificate and key must always be specified together."; + } else if ($_POST['cert'] && $_POST['key']) { + if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")) + $input_errors[] = "This certificate does not appear to be valid."; + if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY")) + $input_errors[] = "This key does not appear to be valid."; + } + + if (!$input_errors) { + $config['bridge']['filteringbridge'] = $_POST['filteringbridge_enable'] ? true : false; + $config['diag']['ipv6nat']['enable'] = $_POST['ipv6nat_enable'] ? true : false; + $config['diag']['ipv6nat']['ipaddr'] = $_POST['ipv6nat_ipaddr']; + $oldcert = $config['system']['webgui']['certificate']; + $oldkey = $config['system']['webgui']['private-key']; + $config['system']['webgui']['certificate'] = base64_encode($_POST['cert']); + $config['system']['webgui']['private-key'] = base64_encode($_POST['key']); + $config['system']['disableconsolemenu'] = $_POST['disableconsolemenu'] ? true : false; + $config['system']['disablefirmwarecheck'] = $_POST['disablefirmwarecheck'] ? true : false; + $config['system']['webgui']['expanddiags'] = $_POST['expanddiags'] ? true : false; + if ($g['platform'] == "generic-pc") { + $oldharddiskstandby = $config['system']['harddiskstandby']; + $config['system']['harddiskstandby'] = $_POST['harddiskstandby']; + } + $config['system']['webgui']['noantilockout'] = $_POST['noantilockout'] ? true : false; + $config['filter']['tcpidletimeout'] = $_POST['tcpidletimeout']; + + write_config(); + + if (($config['system']['webgui']['certificate'] != $oldcert) + || ($config['system']['webgui']['private-key'] != $oldkey)) { + touch($d_sysrebootreqd_path); + } else if (($g['platform'] == "generic-pc") && ($config['system']['harddiskstandby'] != $oldharddiskstandby)) { + if (!$config['system']['harddiskstandby']) { + // Reboot needed to deactivate standby due to a stupid ATA-protocol + touch($d_sysrebootreqd_path); + unset($config['system']['harddiskstandby']); + } else { + // No need to set the standby-time if a reboot is needed anyway + system_set_harddisk_standby(); + } + } + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = filter_configure(); + $retval |= interfaces_optional_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + + +System: Advanced functions
+ + +Note: the + options on this page are intended for use by advanced users only, + and there's NO support for them.
+ + + + + diff --git a/usr/local/www/system_firmware.php b/usr/local/www/system_firmware.php new file mode 100755 index 0000000..e008813 --- /dev/null +++ b/usr/local/www/system_firmware.php @@ -0,0 +1,206 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +$d_isfwfile = 1; require("guiconfig.inc"); + +/* checks with m0n0.ch to see if a newer firmware version is available; + returns any HTML message it gets from the server */ +function check_firmware_version() { + global $g; + $post = "platform=" . rawurlencode($g['platform']) . + "&version=" . rawurlencode(trim(file_get_contents("/etc/version"))); + + $rfd = @fsockopen("m0n0.ch", 80, $errno, $errstr, 3); + if ($rfd) { + $hdr = "POST /wall/checkversion.php HTTP/1.0\r\n"; + $hdr .= "Content-Type: application/x-www-form-urlencoded\r\n"; + $hdr .= "User-Agent: m0n0wall-webGUI/1.0\r\n"; + $hdr .= "Host: m0n0.ch\r\n"; + $hdr .= "Content-Length: " . strlen($post) . "\r\n\r\n"; + + fwrite($rfd, $hdr); + fwrite($rfd, $post); + + $inhdr = true; + $resp = ""; + while (!feof($rfd)) { + $line = fgets($rfd); + if ($inhdr) { + if (trim($line) == "") + $inhdr = false; + } else { + $resp .= $line; + } + } + + fclose($rfd); + + return $resp; + } + + return null; +} + +if ($_POST && !file_exists($d_firmwarelock_path)) { + + unset($input_errors); + unset($sig_warning); + + if (stristr($_POST['Submit'], "Enable")) + $mode = "enable"; + else if (stristr($_POST['Submit'], "Disable")) + $mode = "disable"; + else if (stristr($_POST['Submit'], "Upgrade") || $_POST['sig_override']) + $mode = "upgrade"; + else if ($_POST['sig_no']) + unlink("{$g['ftmp_path']}/firmware.img"); + + if ($mode) { + if ($mode == "enable") { + exec_rc_script("/etc/rc.firmware enable"); + touch($d_fwupenabled_path); + } else if ($mode == "disable") { + exec_rc_script("/etc/rc.firmware disable"); + if (file_exists($d_fwupenabled_path)) + unlink($d_fwupenabled_path); + } else if ($mode == "upgrade") { + if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) { + /* verify firmware image(s) */ + if (!stristr($_FILES['ulfile']['name'], $g['platform']) && !$_POST['sig_override']) + $input_errors[] = "The uploaded image file is not for this platfom ({$g['platform']})."; + else if (!file_exists($_FILES['ulfile']['tmp_name'])) { + /* probably out of memory for the MFS */ + $input_errors[] = "Image upload failed (out of memory?)"; + exec_rc_script("/etc/rc.firmware disable"); + if (file_exists($d_fwupenabled_path)) + unlink($d_fwupenabled_path); + } else { + /* move the image so PHP won't delete it */ + rename($_FILES['ulfile']['tmp_name'], "{$g['ftmp_path']}/firmware.img"); + + /* check digital signature */ + $sigchk = verify_digital_signature("{$g['ftmp_path']}/firmware.img"); + + if ($sigchk == 1) + $sig_warning = "The digital signature on this image is invalid."; + else if ($sigchk == 2) + $sig_warning = "This image is not digitally signed."; + else if (($sigchk == 3) || ($sigchk == 4)) + $sig_warning = "There has been an error verifying the signature on this image."; + + if (!verify_gzip_file("{$g['ftmp_path']}/firmware.img")) { + $input_errors[] = "The image file is corrupt."; + unlink("{$g['ftmp_path']}/firmware.img"); + } + } + } + + if (!$input_errors && !file_exists($d_firmwarelock_path) && (!$sig_warning || $_POST['sig_override'])) { + /* fire up the update script in the background */ + touch($d_firmwarelock_path); + exec_rc_script_async("/etc/rc.firmware upgrade {$g['ftmp_path']}/firmware.img"); + + $savemsg = "The firmware is now being installed. The firewall will reboot automatically."; + } + } + } +} else { + if (!isset($config['system']['disablefirmwarecheck'])) + $fwinfo = check_firmware_version(); +} +?> + + + +System: Firmware
+ + + + +Firmware uploading is not supported on this platform.
+ + + + +Click "Enable firmware
+ upload" below, then choose the image file (=$g['platform'];?>-*.img)
+ to be uploaded.
Click "Upgrade firmware"
+ to start the upgrade process.
System: Static routes
+ + + + diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php new file mode 100755 index 0000000..826a5f1 --- /dev/null +++ b/usr/local/www/system_routes_edit.php @@ -0,0 +1,176 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['staticroutes']['route'])) + $config['staticroutes']['route'] = array(); + +staticroutes_sort(); +$a_routes = &$config['staticroutes']['route']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_routes[$id]) { + $pconfig['interface'] = $a_routes[$id]['interface']; + list($pconfig['network'],$pconfig['network_subnet']) = + explode('/', $a_routes[$id]['network']); + $pconfig['gateway'] = $a_routes[$id]['gateway']; + $pconfig['descr'] = $a_routes[$id]['descr']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "interface network network_subnet gateway"); + $reqdfieldsn = explode(",", "Interface,Destination network,Destination network bit count,Gateway"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['network'] && !is_ipaddr($_POST['network']))) { + $input_errors[] = "A valid destination network must be specified."; + } + if (($_POST['network_subnet'] && !is_numeric($_POST['network_subnet']))) { + $input_errors[] = "A valid destination network bit count must be specified."; + } + if (($_POST['gateway'] && !is_ipaddr($_POST['gateway']))) { + $input_errors[] = "A valid gateway IP address must be specified."; + } + + /* check for overlaps */ + $osn = gen_subnet($_POST['network'], $_POST['network_subnet']) . "/" . $_POST['network_subnet']; + foreach ($a_routes as $route) { + if (isset($id) && ($a_routes[$id]) && ($a_routes[$id] === $route)) + continue; + + if ($route['network'] == $osn) { + $input_errors[] = "A route to this destination network already exists."; + break; + } + } + + if (!$input_errors) { + $route = array(); + $route['interface'] = $_POST['interface']; + $route['network'] = $osn; + $route['gateway'] = $_POST['gateway']; + $route['descr'] = $_POST['descr']; + + if (isset($id) && $a_routes[$id]) + $a_routes[$id] = $route; + else + $a_routes[] = $route; + + touch($d_staticroutesdirty_path); + + write_config(); + + header("Location: system_routes.php"); + exit; + } +} +?> + + + +System: Static routes: Edit route
+ + + + + diff --git a/usr/local/www/vpn_ipsec.php b/usr/local/www/vpn_ipsec.php new file mode 100755 index 0000000..cea915a --- /dev/null +++ b/usr/local/www/vpn_ipsec.php @@ -0,0 +1,192 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['tunnel'])) { + $config['ipsec']['tunnel'] = array(); +} +$a_ipsec = &$config['ipsec']['tunnel']; +$wancfg = &$config['interfaces']['wan']; + +$pconfig['enable'] = isset($config['ipsec']['enable']); + +if ($_POST) { + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) + $retval = vpn_ipsec_configure(); + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_ipsecconfdirty_path)) + unlink($d_ipsecconfdirty_path); + } + } else if ($_POST['submit']) { + $pconfig = $_POST; + + $config['ipsec']['enable'] = $_POST['enable'] ? true : false; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = vpn_ipsec_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_ipsecconfdirty_path)) + unlink($d_ipsecconfdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_ipsec[$_GET['id']]) { + unset($a_ipsec[$_GET['id']]); + write_config(); + touch($d_ipsecconfdirty_path); + header("Location: vpn_ipsec.php"); + exit; + } +} +?> + + + +VPN: IPsec
+ + + + diff --git a/usr/local/www/vpn_ipsec_edit.php b/usr/local/www/vpn_ipsec_edit.php new file mode 100755 index 0000000..f0fafde --- /dev/null +++ b/usr/local/www/vpn_ipsec_edit.php @@ -0,0 +1,527 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['tunnel'])) { + $config['ipsec']['tunnel'] = array(); +} +$a_ipsec = &$config['ipsec']['tunnel']; + +$specialsrcdst = explode(" ", "lan"); + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +function is_specialnet($net) { + global $specialsrcdst; + + if (in_array($net, $specialsrcdst)) + return true; + else + return false; +} + +function address_to_pconfig($adr, &$padr, &$pmask) { + + if ($adr['network']) + $padr = $adr['network']; + else if ($adr['address']) { + list($padr, $pmask) = explode("/", $adr['address']); + if (is_null($pmask)) + $pmask = 32; + } +} + +function pconfig_to_address(&$adr, $padr, $pmask) { + + $adr = array(); + + if (is_specialnet($padr)) + $adr['network'] = $padr; + else { + $adr['address'] = $padr; + if ($pmask != 32) + $adr['address'] .= "/" . $pmask; + } +} + +if (isset($id) && $a_ipsec[$id]) { + $pconfig['disabled'] = isset($a_ipsec[$id]['disabled']); + $pconfig['auto'] = isset($a_ipsec[$id]['auto']); + + if (!isset($a_ipsec[$id]['local-subnet'])) + $pconfig['localnet'] = "lan"; + else + address_to_pconfig($a_ipsec[$id]['local-subnet'], $pconfig['localnet'], $pconfig['localnetmask']); + + if ($a_ipsec[$id]['interface']) + $pconfig['interface'] = $a_ipsec[$id]['interface']; + else + $pconfig['interface'] = "wan"; + + list($pconfig['remotenet'],$pconfig['remotebits']) = explode("/", $a_ipsec[$id]['remote-subnet']); + $pconfig['remotegw'] = $a_ipsec[$id]['remote-gateway']; + $pconfig['p1mode'] = $a_ipsec[$id]['p1']['mode']; + + if (isset($a_ipsec[$id]['p1']['myident']['myaddress'])) + $pconfig['p1myidentt'] = 'myaddress'; + else if (isset($a_ipsec[$id]['p1']['myident']['address'])) { + $pconfig['p1myidentt'] = 'address'; + $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['address']; + } else if (isset($a_ipsec[$id]['p1']['myident']['fqdn'])) { + $pconfig['p1myidentt'] = 'fqdn'; + $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['fqdn']; + } else if (isset($a_ipsec[$id]['p1']['myident']['ufqdn'])) { + $pconfig['p1myidentt'] = 'user_fqdn'; + $pconfig['p1myident'] = $a_ipsec[$id]['p1']['myident']['ufqdn']; + } + + $pconfig['p1ealgo'] = $a_ipsec[$id]['p1']['encryption-algorithm']; + $pconfig['p1halgo'] = $a_ipsec[$id]['p1']['hash-algorithm']; + $pconfig['p1dhgroup'] = $a_ipsec[$id]['p1']['dhgroup']; + $pconfig['p1lifetime'] = $a_ipsec[$id]['p1']['lifetime']; + $pconfig['p1pskey'] = $a_ipsec[$id]['p1']['pre-shared-key']; + $pconfig['p2proto'] = $a_ipsec[$id]['p2']['protocol']; + $pconfig['p2ealgos'] = $a_ipsec[$id]['p2']['encryption-algorithm-option']; + $pconfig['p2halgos'] = $a_ipsec[$id]['p2']['hash-algorithm-option']; + $pconfig['p2pfsgroup'] = $a_ipsec[$id]['p2']['pfsgroup']; + $pconfig['p2lifetime'] = $a_ipsec[$id]['p2']['lifetime']; + $pconfig['descr'] = $a_ipsec[$id]['descr']; + +} else { + /* defaults */ + $pconfig['interface'] = "wan"; + $pconfig['localnet'] = "lan"; + $pconfig['p1mode'] = "aggressive"; + $pconfig['p1myidentt'] = "myaddress"; + $pconfig['p1ealgo'] = "3des"; + $pconfig['p1halgo'] = "sha1"; + $pconfig['p1dhgroup'] = "2"; + $pconfig['p2proto'] = "esp"; + $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael"); + $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5"); + $pconfig['p2pfsgroup'] = "0"; +} + +if ($_POST) { + if (is_specialnet($_POST['localnettype'])) { + $_POST['localnet'] = $_POST['localnettype']; + $_POST['localnetmask'] = 0; + } else if ($_POST['localnettype'] == "single") { + $_POST['localnetmask'] = 32; + } + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "localnet remotenet remotebits remotegw p1pskey p2ealgos p2halgos"); + $reqdfieldsn = explode(",", "Local network,Remote network,Remote network bits,Remote gateway,Pre-Shared Key,P2 Encryption Algorithms,P2 Hash Algorithms"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (!is_specialnet($_POST['localnettype'])) { + if (($_POST['localnet'] && !is_ipaddr($_POST['localnet']))) { + $input_errors[] = "A valid local network IP address must be specified."; + } + if (($_POST['localnetmask'] && !is_numeric($_POST['localnetmask']))) { + $input_errors[] = "A valid local network bit count must be specified."; + } + } + if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) { + $input_errors[] = "The P1 lifetime must be an integer."; + } + if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) { + $input_errors[] = "The P2 lifetime must be an integer."; + } + if ($_POST['remotebits'] && (!is_numeric($_POST['remotebits']) || ($_POST['remotebits'] <= 0) || ($_POST['remotebits'] > 32))) { + $input_errors[] = "The remote network bits are invalid."; + } + if (($_POST['remotenet'] && !is_ipaddr($_POST['remotenet']))) { + $input_errors[] = "A valid remote network address must be specified."; + } + if (($_POST['remotegw'] && !is_ipaddr($_POST['remotegw']))) { + $input_errors[] = "A valid remote gateway address must be specified."; + } + if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) { + $input_errors[] = "A valid IP address for 'My identifier' must be specified."; + } + if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) { + $input_errors[] = "A valid domain name for 'My identifier' must be specified."; + } + if ($_POST['p1myidentt'] == "user_fqdn") { + $ufqdn = explode("@",$_POST['p1myident']); + if (!is_domain($ufqdn[1])) + $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified."; + } + + if ($_POST['p1myidentt'] == "myaddress") + $_POST['p1myident'] = ""; + + if (!$input_errors) { + $ipsecent['disabled'] = $_POST['disabled'] ? true : false; + $ipsecent['auto'] = $_POST['auto'] ? true : false; + $ipsecent['interface'] = $pconfig['interface']; + pconfig_to_address($ipsecent['local-subnet'], $_POST['localnet'], $_POST['localnetmask']); + $ipsecent['remote-subnet'] = $_POST['remotenet'] . "/" . $_POST['remotebits']; + $ipsecent['remote-gateway'] = $_POST['remotegw']; + $ipsecent['p1']['mode'] = $_POST['p1mode']; + + $ipsecent['p1']['myident'] = array(); + switch ($_POST['p1myidentt']) { + case 'myaddress': + $ipsecent['p1']['myident']['myaddress'] = true; + break; + case 'address': + $ipsecent['p1']['myident']['address'] = $_POST['p1myident']; + break; + case 'fqdn': + $ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident']; + break; + case 'user_fqdn': + $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident']; + break; + } + + $ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo']; + $ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo']; + $ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup']; + $ipsecent['p1']['lifetime'] = $_POST['p1lifetime']; + $ipsecent['p1']['pre-shared-key'] = $_POST['p1pskey']; + $ipsecent['p2']['protocol'] = $_POST['p2proto']; + $ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos']; + $ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos']; + $ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup']; + $ipsecent['p2']['lifetime'] = $_POST['p2lifetime']; + $ipsecent['descr'] = $_POST['descr']; + + if (isset($id) && $a_ipsec[$id]) + $a_ipsec[$id] = $ipsecent; + else + $a_ipsec[] = $ipsecent; + + write_config(); + touch($d_ipsecconfdirty_path); + + header("Location: vpn_ipsec.php"); + exit; + } +} +?> + + + +VPN: IPsec: Edit tunnel
+ + + + + + diff --git a/usr/local/www/vpn_ipsec_keys.php b/usr/local/www/vpn_ipsec_keys.php new file mode 100755 index 0000000..f0a9330 --- /dev/null +++ b/usr/local/www/vpn_ipsec_keys.php @@ -0,0 +1,107 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['mobilekey'])) { + $config['ipsec']['mobilekey'] = array(); +} +ipsec_mobilekey_sort(); +$a_secret = &$config['ipsec']['mobilekey']; + +if ($_GET['act'] == "del") { + if ($a_secret[$_GET['id']]) { + unset($a_secret[$_GET['id']]); + write_config(); + touch($d_ipsecconfdirty_path); + header("Location: vpn_ipsec_keys.php"); + exit; + } +} + +?> + + + +VPN: IPsec
+ + + + diff --git a/usr/local/www/vpn_ipsec_keys_edit.php b/usr/local/www/vpn_ipsec_keys_edit.php new file mode 100755 index 0000000..8fe589e --- /dev/null +++ b/usr/local/www/vpn_ipsec_keys_edit.php @@ -0,0 +1,135 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['mobilekey'])) { + $config['ipsec']['mobilekey'] = array(); +} +ipsec_mobilekey_sort(); +$a_secret = &$config['ipsec']['mobilekey']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_secret[$id]) { + $pconfig['ident'] = $a_secret[$id]['ident']; + $pconfig['psk'] = $a_secret[$id]['pre-shared-key']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "ident psk"); + $reqdfieldsn = explode(",", "Identifier,Pre-shared key"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9@\.\-]/", $_POST['ident'])) + $input_errors[] = "The identifier contains invalid characters."; + + if (!$input_errors && !(isset($id) && $a_secret[$id])) { + /* make sure there are no dupes */ + foreach ($a_secret as $secretent) { + if ($secretent['ident'] == $_POST['ident']) { + $input_errors[] = "Another entry with the same identifier already exists."; + break; + } + } + } + + if (!$input_errors) { + + if (isset($id) && $a_secret[$id]) + $secretent = $a_secret[$id]; + + $secretent['ident'] = $_POST['ident']; + $secretent['pre-shared-key'] = $_POST['psk']; + + if (isset($id) && $a_secret[$id]) + $a_secret[$id] = $secretent; + else + $a_secret[] = $secretent; + + write_config(); + touch($d_ipsecconfdirty_path); + + header("Location: vpn_ipsec_keys.php"); + exit; + } +} +?> + + + +VPN: IPsec: Edit pre-shared key
+ + + + + diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php new file mode 100755 index 0000000..3031a45 --- /dev/null +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -0,0 +1,330 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['ipsec']['mobileclients'])) { + $config['ipsec']['mobileclients'] = array(); +} +$a_ipsec = &$config['ipsec']['mobileclients']; + +if (count($a_ipsec) == 0) { + /* defaults */ + $pconfig['p1mode'] = "aggressive"; + $pconfig['p1myidentt'] = "myaddress"; + $pconfig['p1ealgo'] = "3des"; + $pconfig['p1halgo'] = "sha1"; + $pconfig['p1dhgroup'] = "2"; + $pconfig['p2proto'] = "esp"; + $pconfig['p2ealgos'] = explode(",", "3des,blowfish,cast128,rijndael"); + $pconfig['p2halgos'] = explode(",", "hmac_sha1,hmac_md5"); + $pconfig['p2pfsgroup'] = "0"; +} else { + $pconfig['enable'] = isset($a_ipsec['enable']); + $pconfig['p1mode'] = $a_ipsec['p1']['mode']; + + if (isset($a_ipsec['p1']['myident']['myaddress'])) + $pconfig['p1myidentt'] = 'myaddress'; + else if (isset($a_ipsec['p1']['myident']['address'])) { + $pconfig['p1myidentt'] = 'address'; + $pconfig['p1myident'] = $a_ipsec['p1']['myident']['address']; + } else if (isset($a_ipsec['p1']['myident']['fqdn'])) { + $pconfig['p1myidentt'] = 'fqdn'; + $pconfig['p1myident'] = $a_ipsec['p1']['myident']['fqdn']; + } else if (isset($a_ipsec['p1']['myident']['ufqdn'])) { + $pconfig['p1myidentt'] = 'user_fqdn'; + $pconfig['p1myident'] = $a_ipsec['p1']['myident']['ufqdn']; + } + + $pconfig['p1ealgo'] = $a_ipsec['p1']['encryption-algorithm']; + $pconfig['p1halgo'] = $a_ipsec['p1']['hash-algorithm']; + $pconfig['p1dhgroup'] = $a_ipsec['p1']['dhgroup']; + $pconfig['p1lifetime'] = $a_ipsec['p1']['lifetime']; + $pconfig['p2proto'] = $a_ipsec['p2']['protocol']; + $pconfig['p2ealgos'] = $a_ipsec['p2']['encryption-algorithm-option']; + $pconfig['p2halgos'] = $a_ipsec['p2']['hash-algorithm-option']; + $pconfig['p2pfsgroup'] = $a_ipsec['p2']['pfsgroup']; + $pconfig['p2lifetime'] = $a_ipsec['p2']['lifetime']; +} + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = explode(" ", "p2ealgos p2halgos"); + $reqdfieldsn = explode(",", "P2 Encryption Algorithms,P2 Hash Algorithms"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['p1lifetime'] && !is_numeric($_POST['p1lifetime']))) { + $input_errors[] = "The P1 lifetime must be an integer."; + } + if (($_POST['p2lifetime'] && !is_numeric($_POST['p2lifetime']))) { + $input_errors[] = "The P2 lifetime must be an integer."; + } + if ((($_POST['p1myidentt'] == "address") && !is_ipaddr($_POST['p1myident']))) { + $input_errors[] = "A valid IP address for 'My identifier' must be specified."; + } + if ((($_POST['p1myidentt'] == "fqdn") && !is_domain($_POST['p1myident']))) { + $input_errors[] = "A valid domain name for 'My identifier' must be specified."; + } + if ($_POST['p1myidentt'] == "user_fqdn") { + $ufqdn = explode("@",$_POST['p1myident']); + if (!is_domain($ufqdn[1])) + $input_errors[] = "A valid User FQDN in the form of user@my.domain.com for 'My identifier' must be specified."; + } + + if ($_POST['p1myidentt'] == "myaddress") + $_POST['p1myident'] = ""; + + if (!$input_errors) { + $ipsecent = array(); + $ipsecent['enable'] = $_POST['enable'] ? true : false; + $ipsecent['p1']['mode'] = $_POST['p1mode']; + + $ipsecent['p1']['myident'] = array(); + switch ($_POST['p1myidentt']) { + case 'myaddress': + $ipsecent['p1']['myident']['myaddress'] = true; + break; + case 'address': + $ipsecent['p1']['myident']['address'] = $_POST['p1myident']; + break; + case 'fqdn': + $ipsecent['p1']['myident']['fqdn'] = $_POST['p1myident']; + break; + case 'user_fqdn': + $ipsecent['p1']['myident']['ufqdn'] = $_POST['p1myident']; + break; + } + + $ipsecent['p1']['encryption-algorithm'] = $_POST['p1ealgo']; + $ipsecent['p1']['hash-algorithm'] = $_POST['p1halgo']; + $ipsecent['p1']['dhgroup'] = $_POST['p1dhgroup']; + $ipsecent['p1']['lifetime'] = $_POST['p1lifetime']; + $ipsecent['p2']['protocol'] = $_POST['p2proto']; + $ipsecent['p2']['encryption-algorithm-option'] = $_POST['p2ealgos']; + $ipsecent['p2']['hash-algorithm-option'] = $_POST['p2halgos']; + $ipsecent['p2']['pfsgroup'] = $_POST['p2pfsgroup']; + $ipsecent['p2']['lifetime'] = $_POST['p2lifetime']; + + $a_ipsec = $ipsecent; + + write_config(); + touch($d_ipsecconfdirty_path); + + header("Location: vpn_ipsec_mobile.php"); + exit; + } +} +?> + + + +VPN: IPsec
+ + + + + diff --git a/usr/local/www/vpn_openvpn.php b/usr/local/www/vpn_openvpn.php new file mode 100755 index 0000000..6fd3e1e --- /dev/null +++ b/usr/local/www/vpn_openvpn.php @@ -0,0 +1,366 @@ +#!/usr/local/bin/php + + + + +VPN: OpenVPN
+ + + + + + + diff --git a/usr/local/www/vpn_openvpn_cli.php b/usr/local/www/vpn_openvpn_cli.php new file mode 100755 index 0000000..3bd3d93 --- /dev/null +++ b/usr/local/www/vpn_openvpn_cli.php @@ -0,0 +1,148 @@ +#!/usr/local/bin/php + + + + +VPN: OpenVPN
+ + + + + + diff --git a/usr/local/www/vpn_openvpn_cli_edit.php b/usr/local/www/vpn_openvpn_cli_edit.php new file mode 100755 index 0000000..4c27709 --- /dev/null +++ b/usr/local/www/vpn_openvpn_cli_edit.php @@ -0,0 +1,353 @@ +#!/usr/local/bin/php + + + + +VPN: OpenVPN: Edit client
+ + + + + + + diff --git a/usr/local/www/vpn_pptp.php b/usr/local/www/vpn_pptp.php new file mode 100755 index 0000000..b796639 --- /dev/null +++ b/usr/local/www/vpn_pptp.php @@ -0,0 +1,309 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['pptpd']['radius'])) { + $config['pptpd']['radius'] = array(); +} +$pptpcfg = &$config['pptpd']; + +$pconfig['remoteip'] = $pptpcfg['remoteip']; +$pconfig['localip'] = $pptpcfg['localip']; +$pconfig['redir'] = $pptpcfg['redir']; +$pconfig['mode'] = $pptpcfg['mode']; +$pconfig['req128'] = isset($pptpcfg['req128']); +$pconfig['radiusenable'] = isset($pptpcfg['radius']['enable']); +$pconfig['radacct_enable'] = isset($pptpcfg['radius']['accounting']); +$pconfig['radiusserver'] = $pptpcfg['radius']['server']; +$pconfig['radiussecret'] = $pptpcfg['radius']['secret']; + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if ($_POST['mode'] == "server") { + $reqdfields = explode(" ", "localip remoteip"); + $reqdfieldsn = explode(",", "Server address,Remote start address"); + + if ($_POST['radiusenable']) { + $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); + $reqdfieldsn = array_merge($reqdfieldsn, + explode(",", "RADIUS server address,RADIUS shared secret")); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['localip'] && !is_ipaddr($_POST['localip']))) { + $input_errors[] = "A valid server address must be specified."; + } + if (($_POST['subnet'] && !is_ipaddr($_POST['remoteip']))) { + $input_errors[] = "A valid remote start address must be specified."; + } + if (($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver']))) { + $input_errors[] = "A valid RADIUS server address must be specified."; + } + + if (!$input_errors) { + $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $g['pptp_subnet']); + $subnet_start = ip2long($_POST['remoteip']); + $subnet_end = ip2long($_POST['remoteip']) + $g['n_pptp_units'] - 1; + + if ((ip2long($_POST['localip']) >= $subnet_start) && + (ip2long($_POST['localip']) <= $subnet_end)) { + $input_errors[] = "The specified server address lies in the remote subnet."; + } + if ($_POST['localip'] == $config['interfaces']['lan']['ipaddr']) { + $input_errors[] = "The specified server address is equal to the LAN interface address."; + } + } + } else if ($_POST['mode'] == "redir") { + $reqdfields = explode(" ", "redir"); + $reqdfieldsn = explode(",", "PPTP redirection target address"); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (($_POST['redir'] && !is_ipaddr($_POST['redir']))) { + $input_errors[] = "A valid target address must be specified."; + } + } + + if (!$input_errors) { + $pptpcfg['remoteip'] = $_POST['remoteip']; + $pptpcfg['redir'] = $_POST['redir']; + $pptpcfg['localip'] = $_POST['localip']; + $pptpcfg['mode'] = $_POST['mode']; + $pptpcfg['req128'] = $_POST['req128'] ? true : false; + $pptpcfg['radius']['enable'] = $_POST['radiusenable'] ? true : false; + $pptpcfg['radius']['accounting'] = $_POST['radacct_enable'] ? true : false; + $pptpcfg['radius']['server'] = $_POST['radiusserver']; + $pptpcfg['radius']['secret'] = $_POST['radiussecret']; + + write_config(); + + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = vpn_pptpd_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + } +} +?> + + +VPN: PPTP
+ + + + + diff --git a/usr/local/www/vpn_pptp_users.php b/usr/local/www/vpn_pptp_users.php new file mode 100755 index 0000000..0122734 --- /dev/null +++ b/usr/local/www/vpn_pptp_users.php @@ -0,0 +1,126 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['pptpd']['user'])) { + $config['pptpd']['user'] = array(); +} +pptpd_users_sort(); +$a_secret = &$config['pptpd']['user']; + +if ($_POST) { + + $pconfig = $_POST; + + if ($_POST['apply']) { + $retval = 0; + if (!file_exists($d_sysrebootreqd_path)) { + config_lock(); + $retval = vpn_pptpd_configure(); + config_unlock(); + } + $savemsg = get_std_save_message($retval); + if ($retval == 0) { + if (file_exists($d_pptpuserdirty_path)) + unlink($d_pptpuserdirty_path); + } + } +} + +if ($_GET['act'] == "del") { + if ($a_secret[$_GET['id']]) { + unset($a_secret[$_GET['id']]); + write_config(); + touch($d_pptpuserdirty_path); + header("Location: vpn_pptp_users.php"); + exit; + } +} +?> + + + +VPN: PPTP: Users
+ + + + diff --git a/usr/local/www/vpn_pptp_users_edit.php b/usr/local/www/vpn_pptp_users_edit.php new file mode 100755 index 0000000..1b681ee --- /dev/null +++ b/usr/local/www/vpn_pptp_users_edit.php @@ -0,0 +1,159 @@ +#!/usr/local/bin/php +. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +if (!is_array($config['pptpd']['user'])) { + $config['pptpd']['user'] = array(); +} +pptpd_users_sort(); +$a_secret = &$config['pptpd']['user']; + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (isset($id) && $a_secret[$id]) { + $pconfig['username'] = $a_secret[$id]['name']; + $pconfig['ip'] = $a_secret[$id]['ip']; +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if (isset($id) && ($a_secret[$id])) { + $reqdfields = explode(" ", "username"); + $reqdfieldsn = explode(",", "Username"); + } else { + $reqdfields = explode(" ", "username password"); + $reqdfieldsn = explode(",", "Username,Password"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['username'])) + $input_errors[] = "The username contains invalid characters."; + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['password'])) + $input_errors[] = "The password contains invalid characters."; + + if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) { + $input_errors[] = "The passwords do not match."; + } + if (($_POST['ip'] && !is_ipaddr($_POST['ip']))) { + $input_errors[] = "The IP address entered is not valid."; + } + + if (!$input_errors && !(isset($id) && $a_secret[$id])) { + /* make sure there are no dupes */ + foreach ($a_secret as $secretent) { + if ($secretent['name'] == $_POST['username']) { + $input_errors[] = "Another entry with the same username already exists."; + break; + } + } + } + + if (!$input_errors) { + + if (isset($id) && $a_secret[$id]) + $secretent = $a_secret[$id]; + + $secretent['name'] = $_POST['username']; + $secretent['ip'] = $_POST['ip']; + + if ($_POST['password']) + $secretent['password'] = $_POST['password']; + + if (isset($id) && $a_secret[$id]) + $a_secret[$id] = $secretent; + else + $a_secret[] = $secretent; + + write_config(); + touch($d_pptpuserdirty_path); + + header("Location: vpn_pptp_users.php"); + exit; + } +} +?> + + + +VPN: PPTP: Users: Edit
+ + + + + -- cgit v1.1