543 |
543 |
// If we used to have an associated filter rule, but no-longer should have one
|
544 |
544 |
if (!empty($a_nat[$id]) && (empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'])) {
|
545 |
545 |
// Delete the previous rule
|
546 |
|
delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
|
|
546 |
delete_id($a_nat[$id]['associated-rule-id']);
|
547 |
547 |
if (!$json) {
|
548 |
548 |
mark_subsystem_dirty('filter');
|
549 |
549 |
}
|
... | ... | |
655 |
655 |
if (isset($natent['associated-rule-id']) &&
|
656 |
656 |
(isset($a_nat[$id]['disabled']) !== isset($natent['disabled']))) {
|
657 |
657 |
// Check for filter rule associations
|
658 |
|
toggle_id($natent['associated-rule-id'],
|
659 |
|
$config['filter']['rule'],
|
660 |
|
!isset($natent['disabled']));
|
|
658 |
toggle_id($natent['associated-rule-id'], !isset($natent['disabled']));
|
661 |
659 |
|
662 |
660 |
if (!$json) {
|
663 |
661 |
mark_subsystem_dirty('filter');
|
... | ... | |
695 |
693 |
}
|
696 |
694 |
|
697 |
695 |
function toggleNATrule($post, $json = false) {
|
698 |
|
global $config;
|
699 |
|
|
700 |
|
init_config_arr(array('nat', 'rule'));
|
701 |
|
$a_nat = &$config['nat']['rule'];
|
702 |
|
init_config_arr(array('nat', 'separator'));
|
703 |
|
$a_separators = &$config['nat']['separator'];
|
704 |
|
|
705 |
|
if (isset($a_nat[$post['id']]['disabled'])) {
|
706 |
|
unset($a_nat[$post['id']]['disabled']);
|
707 |
|
$rule_status = true;
|
708 |
|
} else {
|
709 |
|
$a_nat[$post['id']]['disabled'] = true;
|
710 |
|
$rule_status = false;
|
|
696 |
// Check for single rule
|
|
697 |
if (!(is_array($post['rule']) && count($post['rule']))) {
|
|
698 |
$post['rule'] = array( $post['id'] => $post['id'] );
|
711 |
699 |
}
|
712 |
700 |
|
713 |
|
// Check for filter rule associations
|
714 |
|
if (isset($a_nat[$post['id']]['associated-rule-id'])) {
|
715 |
|
toggle_id($a_nat[$post['id']]['associated-rule-id'],
|
716 |
|
$config['filter']['rule'], $rule_status);
|
717 |
|
unset($rule_status);
|
718 |
|
|
719 |
|
if(!$json) {
|
720 |
|
mark_subsystem_dirty('filter');
|
|
701 |
foreach ($post['rule'] as $rulei) {
|
|
702 |
if (config_path_enabled("nat/rule/{$rulei}", 'disabled')) {
|
|
703 |
config_del_path("nat/rule/{$rulei}/disabled");
|
|
704 |
$rule_status = true;
|
|
705 |
} else {
|
|
706 |
config_set_path("nat/rule/{$rulei}/disabled", true);
|
|
707 |
$rule_status = false;
|
721 |
708 |
}
|
722 |
|
}
|
723 |
709 |
|
724 |
|
if (write_config(gettext("Firewall: NAT: Port forward, enable/disable NAT rule"))) {
|
725 |
|
if (!$json) {
|
726 |
|
mark_subsystem_dirty('natconf');
|
727 |
|
}
|
728 |
|
}
|
|
710 |
// Check for filter rule associations
|
|
711 |
$associated_rule_id = config_get_path("nat/rule/{$rulei}/associated-rule-id");
|
729 |
712 |
|
730 |
|
if(!$json) {
|
731 |
|
header("Location: firewall_nat.php");
|
732 |
|
exit;
|
733 |
|
} else {
|
734 |
|
$a_nat = &$config['nat']['rule'];
|
735 |
|
return isset($a_nat[$post['id']]['disabled']) ? "disabled":"enabled";
|
|
713 |
if ($associated_rule_id != null) {
|
|
714 |
toggle_id($associated_rule_id, $rule_status);
|
|
715 |
unset($rule_status);
|
|
716 |
$want_dirty_filter = true;
|
|
717 |
}
|
736 |
718 |
}
|
737 |
|
}
|
738 |
|
|
739 |
|
function toggleMultipleNATrules($post, $json = false) {
|
740 |
|
global $config;
|
741 |
|
|
742 |
|
init_config_arr(array('nat', 'rule'));
|
743 |
|
$a_nat = &$config['nat']['rule'];
|
744 |
719 |
|
745 |
|
foreach ($post['rule'] as $rulei) {
|
746 |
|
if (isset($a_nat[$rulei]['disabled'])) {
|
747 |
|
unset($a_nat[$rulei]['disabled']);
|
748 |
|
} else {
|
749 |
|
$a_nat[$rulei]['disabled'] = true;
|
750 |
|
}
|
|
720 |
if (count($post['rule']) == 1) {
|
|
721 |
$action = config_path_enabled("nat/rule/{$post['rule'][0]}", "disabled") ? "disabled":"enabled";
|
|
722 |
$write_ret = write_config(gettext("Firewall: NAT: Port forward - {$action} a NAT rule"));
|
|
723 |
} else if (count($post['rule']) > 1) {
|
|
724 |
$write_ret = write_config(gettext("Firewall: NAT: Port forward - enable/disable for selected NAT rules"));
|
751 |
725 |
}
|
752 |
726 |
|
753 |
|
if (write_config(gettext("Firewall: NAT: Port forward, enable/disable multiple NAT rule"))) {
|
754 |
|
if ($json) {
|
755 |
|
filter_configure();
|
756 |
|
} else {
|
|
727 |
if ($write_ret) {
|
|
728 |
if (!$json) {
|
757 |
729 |
mark_subsystem_dirty('natconf');
|
|
730 |
if ($want_dirty_filter) {
|
|
731 |
mark_subsystem_dirty('filter');
|
|
732 |
}
|
758 |
733 |
header("Location: firewall_nat.php");
|
759 |
734 |
exit;
|
|
735 |
} else {
|
|
736 |
if (isset($post['id'])) {
|
|
737 |
return $action;
|
|
738 |
} else {
|
|
739 |
filter_configure();
|
|
740 |
}
|
760 |
741 |
}
|
761 |
742 |
}
|
762 |
743 |
}
|
763 |
744 |
|
764 |
|
function deleteMultipleNATrules($post, $json = false) {
|
|
745 |
function deleteNATrule($post, $json = false) {
|
765 |
746 |
global $config;
|
766 |
747 |
|
767 |
|
init_config_arr(array('nat', 'rule'));
|
768 |
|
$a_nat = &$config['nat']['rule'];
|
769 |
748 |
init_config_arr(array('nat', 'separator'));
|
770 |
749 |
$a_separators = &$config['nat']['separator'];
|
771 |
750 |
|
|
751 |
// Check for single rule
|
|
752 |
if (!(is_array($post['rule']) && count($post['rule']))) {
|
|
753 |
$post['rule'] = array( $post['id'] => $post['id'] );
|
|
754 |
}
|
|
755 |
|
772 |
756 |
$num_deleted = 0;
|
773 |
757 |
|
774 |
758 |
foreach ($post['rule'] as $rulei) {
|
775 |
|
// Check for filter rule associations
|
776 |
|
if (isset($a_nat[$rulei]['associated-rule-id'])) {
|
777 |
|
delete_id($a_nat[$rulei]['associated-rule-id'], $config['filter']['rule']);
|
778 |
|
if (!$json) {
|
779 |
|
mark_subsystem_dirty('filter');
|
780 |
|
}
|
|
759 |
$associated_rule_id = config_get_path("nat/rule/{$rulei}/associated-rule-id");
|
|
760 |
|
|
761 |
if ($associated_rule_id != null) {
|
|
762 |
delete_id($associated_rule_id);
|
|
763 |
$want_dirty_filter = true;
|
781 |
764 |
}
|
782 |
765 |
|
783 |
|
unset($a_nat[$rulei]);
|
|
766 |
config_del_path("/nat/rule/{$rulei}");
|
784 |
767 |
|
785 |
768 |
// Update the separators
|
786 |
769 |
// As rules are deleted, $ridx has to be decremented or separator position will break
|
... | ... | |
797 |
780 |
}
|
798 |
781 |
|
799 |
782 |
if ($num_deleted) {
|
800 |
|
if (write_config("NAT: Rule deleted")) {
|
|
783 |
if ($num_deleted == 1) {
|
|
784 |
$write_ret = write_config("Firewall: NAT: Port forward - rule deleted");
|
|
785 |
} else {
|
|
786 |
$write_ret = write_config("Firewall: NAT: Port forward - Multiple rules deleted");
|
|
787 |
}
|
|
788 |
|
|
789 |
if ($write_ret) {
|
801 |
790 |
if ($json) {
|
802 |
791 |
filter_configure();
|
803 |
792 |
} else {
|
804 |
793 |
mark_subsystem_dirty('natconf');
|
805 |
|
}
|
806 |
|
}
|
807 |
|
}
|
808 |
|
|
809 |
|
if(!$json) {
|
810 |
|
header("Location: firewall_nat.php");
|
811 |
|
exit;
|
812 |
|
}
|
813 |
|
}
|
814 |
|
|
815 |
|
function deleteNATrule($post, $json = false) {
|
816 |
|
global $config;
|
817 |
|
|
818 |
|
init_config_arr(array('nat', 'rule'));
|
819 |
|
$a_nat = &$config['nat']['rule'];
|
820 |
|
init_config_arr(array('nat', 'separator'));
|
821 |
|
$a_separators = &$config['nat']['separator'];
|
822 |
|
|
823 |
|
if (isset($a_nat[$post['id']]['associated-rule-id'])) {
|
824 |
|
delete_id($a_nat[$post['id']]['associated-rule-id'], $config['filter']['rule']);
|
825 |
|
$want_dirty_filter = true;
|
826 |
|
}
|
827 |
|
|
828 |
|
unset($a_nat[$post['id']]);
|
829 |
|
|
830 |
|
// Update the separators
|
831 |
|
$ridx = $post['id'];
|
832 |
|
$mvnrows = -1;
|
833 |
|
move_separators($a_separators, $ridx, $mvnrows);
|
834 |
|
|
835 |
|
if (write_config("NAT: Rule deleted")) {
|
836 |
|
if ($json) {
|
837 |
|
filter_configure();
|
838 |
|
} else {
|
839 |
|
mark_subsystem_dirty('natconf');
|
840 |
|
if ($want_dirty_filter) {
|
841 |
|
mark_subsystem_dirty('filter');
|
|
794 |
if ($want_dirty_filter) {
|
|
795 |
mark_subsystem_dirty('filter');
|
|
796 |
}
|
842 |
797 |
}
|
843 |
798 |
}
|
844 |
799 |
}
|
Rewrite functions for toggle & delete NAT. Fixes #13545