Feature #4881 » 54.diff
src/etc/inc/filter.inc | ||
---|---|---|
2165 | 2165 |
if (isset($rule['disabled'])) { |
2166 | 2166 |
continue; |
2167 | 2167 |
} |
2168 |
$rule['ipprotocol'] = 'inet6'; |
|
2168 | 2169 | |
2169 | 2170 |
if (!$rule['interface']) { |
2170 | 2171 |
$natif = "wan"; |
src/usr/local/pfSense/include/www/firewall_nat_npt.inc | ||
---|---|---|
47 | 47 |
$reqdfieldsn = array(gettext("Interface")); |
48 | 48 |
$reqdfields[] = "src"; |
49 | 49 |
$reqdfieldsn[] = gettext("Source prefix"); |
50 |
$reqdfields[] = "dst"; |
|
51 |
$reqdfieldsn[] = gettext("Destination prefix"); |
|
50 |
if (!is_specialnet($post['dsttype'])) { |
|
51 |
$reqdfields[] = "dst"; |
|
52 |
$reqdfieldsn[] = gettext("Destination prefix"); |
|
53 |
} |
|
52 | 54 | |
53 | 55 |
if (!$json) { |
54 | 56 |
do_input_validation($post, $reqdfields, $reqdfieldsn, $input_errors); |
... | ... | |
57 | 59 |
if (!is_ipaddrv6(trim($post['src']))) { |
58 | 60 |
$input_errors[] = gettext("The specified source address is not a valid IPv6 prefix"); |
59 | 61 |
} |
60 |
if (!is_ipaddrv6(trim($post['dst']))) { |
|
62 |
if (!is_ipaddrv6(trim($post['dst'])) && !is_specialnet(trim($post['dsttype']))) {
|
|
61 | 63 |
$input_errors[] = gettext("The specified destination address is not a valid IPv6 prefix"); |
62 | 64 |
} |
63 | 65 |
if (check_subnetsv6_overlap(get_interface_ipv6($post['interface']), 128, trim($post['dst']), $post['dstmask']) && |
64 | 66 |
!$post['dstnot']) { |
65 | 67 |
$input_errors[] = gettext("The specified destination address and interface IPv6 address cannot overlap"); |
66 | 68 |
} |
69 |
if (is_specialnet($post['dsttype'])) { |
|
70 |
$track6ip = get_interface_track6ip($post['dsttype']); |
|
71 |
$post['dstmask'] = $track6ip[1]; |
|
72 |
} |
|
73 |
if (!empty($post['dstmask']) && ($post['srcmask'] != $post['dstmask'])) { |
|
74 |
$input_errors[] = gettext("The specified source prefix size must be equal to the destination prefix size."); |
|
75 |
} |
|
67 | 76 | |
68 | 77 |
if (!$input_errors) { |
69 | 78 |
$natent = array(); |
... | ... | |
75 | 84 |
if ($post['src']) { |
76 | 85 |
$post['src'] = trim($post['src']); |
77 | 86 |
} |
78 |
if ($post['dst']) { |
|
87 |
if (is_specialnet($post['dsttype'])) { |
|
88 |
$post['dst'] = $post['dsttype']; |
|
89 |
$post['dstmask'] = 0; |
|
90 |
} elseif ($post['dst']) { |
|
79 | 91 |
$post['dst'] = trim($post['dst']); |
80 | 92 |
} |
81 | 93 | |
... | ... | |
240 | 252 |
return $retval; |
241 | 253 |
} |
242 | 254 | |
243 |
?> |
|
255 |
?> |
src/usr/local/www/firewall_nat_npt.php | ||
---|---|---|
140 | 140 |
</td> |
141 | 141 |
<td> |
142 | 142 |
<?php |
143 |
echo $textss . pprint_address($natent['destination']) . $textse; |
|
143 |
if (is_array($config['interfaces'][$natent['destination']['network']]) && |
|
144 |
($config['interfaces'][$natent['destination']['network']]['ipaddrv6'] == 'track6')) { |
|
145 |
$track6ip = get_interface_track6ip($natent['destination']['network']); |
|
146 |
$pdsubnet = gen_subnetv6($track6ip[0], $track6ip[1]); |
|
147 |
$dst = "{$config['interfaces'][$natent['destination']['network']]['descr']} ({$pdsubnet}/{$track6ip[1]})"; |
|
148 |
} else { |
|
149 |
$dst = pprint_address($natent['destination']); |
|
150 |
} |
|
151 |
echo $textss . $dst . $textse; |
|
144 | 152 |
?> |
145 | 153 |
</td> |
146 | 154 |
<td> |
src/usr/local/www/firewall_nat_npt_edit.php | ||
---|---|---|
80 | 80 |
$pglinks = array("", "firewall_nat.php", "firewall_nat_npt.php", "@self"); |
81 | 81 |
include("head.inc"); |
82 | 82 | |
83 |
function dsttype_selected() { |
|
84 |
global $pconfig; |
|
85 | ||
86 |
if ($pconfig['dsttype']) { |
|
87 |
// The rule type came from the $_POST array, after input errors, so keep it. |
|
88 |
return $pconfig['dsttype']; |
|
89 |
} |
|
90 | ||
91 |
$sel = is_specialnet($pconfig['dst']); |
|
92 | ||
93 |
if (!$sel) { |
|
94 |
return('network'); |
|
95 |
} |
|
96 | ||
97 |
return($pconfig['dst']); |
|
98 |
} |
|
99 | ||
100 |
function build_dsttype_list() { |
|
101 |
global $pconfig, $config; |
|
102 | ||
103 |
$sel = is_specialnet($pconfig['dst']); |
|
104 |
$list = array('network' => gettext('Prefix')); |
|
105 | ||
106 |
foreach (get_configured_interface_with_descr() as $if => $ifdesc) { |
|
107 |
if (($config['interfaces'][$if]['ipaddrv6'] == 'track6') && |
|
108 |
get_interface_track6ip($if)) { |
|
109 |
$track6ip = get_interface_track6ip($if); |
|
110 |
$pdsubnet = gen_subnetv6($track6ip[0], $track6ip[1]); |
|
111 |
$sntext .= " ({$pdsubnet}/{$track6ip[1]})"; |
|
112 |
$list[$if] = $ifdesc . $sntext; |
|
113 |
} |
|
114 |
} |
|
115 | ||
116 |
return($list); |
|
117 |
} |
|
118 | ||
83 | 119 |
if ($input_errors) { |
84 | 120 |
print_input_errors($input_errors); |
85 | 121 |
} |
... | ... | |
103 | 139 |
))->setHelp('Choose which interface this rule applies to.%s' . |
104 | 140 |
'Hint: Typically the "WAN" is used here.', '<br />'); |
105 | 141 | |
106 |
$section->addInput(new Form_Checkbox( |
|
142 |
$group = new Form_Group('*Source IPv6 prefix'); |
|
143 | ||
144 |
$group->add(new Form_Checkbox( |
|
107 | 145 |
'srcnot', |
108 | 146 |
'Internal IPv6 prefix', |
109 | 147 |
'Not', |
110 | 148 |
$pconfig['srcnot'] |
111 |
))->setHelp('Use this option to invert the sense of the match. '); |
|
149 |
))->setHelp('Invert the sense of the match.')->setWidth(2); |
|
150 | ||
151 |
$group->add(new Form_StaticText( |
|
152 |
null, |
|
153 |
null |
|
154 |
))->setWidth(3); |
|
112 | 155 | |
113 |
$section->addInput(new Form_IpAddress(
|
|
156 |
$group->add(new Form_IpAddress(
|
|
114 | 157 |
'src', |
115 |
'*Address',
|
|
158 |
'*Source prefix',
|
|
116 | 159 |
$pconfig['src'], |
117 | 160 |
'V6' |
118 |
))->addMask('srcmask', $pconfig['srcmask'])->setHelp('Internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. ' . |
|
119 |
'The prefix size specified for the internal IPv6 prefix will be applied to the external prefix.'); |
|
161 |
))->addMask('srcmask', $pconfig['srcmask'], 128, 1, false); |
|
120 | 162 | |
121 |
$section->addInput(new Form_Checkbox( |
|
163 |
$group->setHelp('Internal (LAN) ULA IPv6 Prefix for the Network Prefix translation. ' . |
|
164 |
'The prefix size specified for the internal IPv6 prefix will be applied to the external prefix.'); |
|
165 | ||
166 |
$section->add($group); |
|
167 | ||
168 |
$group = new Form_Group('*Destination IPv6 prefix'); |
|
169 | ||
170 |
$group->add(new Form_Checkbox( |
|
122 | 171 |
'dstnot', |
123 |
'Destination IPv6 prefix',
|
|
172 |
null,
|
|
124 | 173 |
'Not', |
125 | 174 |
$pconfig['dstnot'] |
126 |
))->setHelp('Use this option to invert the sense of the match. ');
|
|
175 |
))->setHelp('Invert the sense of the match.')->setWidth(2);
|
|
127 | 176 | |
128 |
$section->addInput(new Form_IpAddress( |
|
177 |
$group->add(new Form_Select( |
|
178 |
'dsttype', |
|
179 |
null, |
|
180 |
dsttype_selected(), |
|
181 |
build_dsttype_list() |
|
182 |
))->setHelp('Type')->setWidth(3); |
|
183 | ||
184 |
$group->add(new Form_IpAddress( |
|
129 | 185 |
'dst', |
130 |
'*Address',
|
|
186 |
'*Destination prefix',
|
|
131 | 187 |
$pconfig['dst'], |
132 | 188 |
'V6' |
133 |
))->addMask('dstmask', $pconfig['dstmask'])->setHelp('Global Unicast routable IPv6 prefix'); |
|
189 |
))->addMask('dstmask', $pconfig['dstmask'], 128, 1, false); |
|
190 | ||
191 |
$group->setHelp('Global Unicast routable IPv6 prefix'); |
|
192 | ||
193 |
$section->add($group); |
|
134 | 194 | |
135 | 195 |
$section->addInput(new Form_Input( |
136 | 196 |
'descr', |
... | ... | |
150 | 210 | |
151 | 211 |
$form->add($section); |
152 | 212 |
print($form); |
213 |
?> |
|
214 | ||
215 |
<script type="text/javascript"> |
|
216 |
//<![CDATA[ |
|
217 |
events.push(function() { |
|
218 | ||
219 |
function typesel_change() { |
|
220 |
switch ($('#dsttype').find(":selected").index()) { |
|
221 |
case 0: // prefix |
|
222 |
disableInput('dst', false); |
|
223 |
disableInput('dstmask', false); |
|
224 |
break; |
|
225 |
default: |
|
226 |
$('#dst').val(''); |
|
227 |
disableInput('dst', true); |
|
228 |
$('#dstmask').val(''); |
|
229 |
disableInput('dstmask', true); |
|
230 |
break; |
|
231 |
} |
|
232 |
} |
|
233 | ||
234 |
// ---------- Click checkbox handlers --------------------------------------------------------- |
|
235 | ||
236 |
$('#dsttype').change(function () { |
|
237 |
typesel_change(); |
|
238 |
}); |
|
239 | ||
240 |
// ---------- On initial page load ------------------------------------------------------------ |
|
241 | ||
242 |
typesel_change(); |
|
243 | ||
244 |
}); |
|
245 |
//]]> |
|
246 |
</script> |
|
153 | 247 | |
154 |
include("foot.inc"); |
|
248 |
<?php include("foot.inc"); |