/usr/local/www/firewall_rules.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules.php @ 127b93cf

1	b2ffe419	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	37e2071c	Scott Ullrich	firewall_rules.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	b2ffe419	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10	37e2071c	Scott Ullrich	All rights reserved.
11	b2ffe419	Scott Ullrich
12	37e2071c	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	b2ffe419	Scott Ullrich
15	37e2071c	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	b2ffe419	Scott Ullrich
18	37e2071c	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	b2ffe419	Scott Ullrich
22	37e2071c	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: filter
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-rules
39			##\|*NAME=Firewall: Rules page
40			##\|*DESCR=Allow access to the 'Firewall: Rules' page.
41			##\|MATCH=firewall_rules.php
42			##\|-PRIV
43
44	37e2071c	Scott Ullrich	$pgtitle = array("Firewall", "Rules");
45	5b237745	Scott Ullrich	require("guiconfig.inc");
46	7a927e67	Scott Ullrich	require_once("functions.inc");
47			require_once("filter.inc");
48			require_once("shaper.inc");
49	5b237745	Scott Ullrich
50	f1c49ff4	Scott Ullrich	function check_for_advaned_options(&$item) {
51			$item_set = "";
52			if($item['max-src-nodes'])
53			$item_set .= "max-src-nodes {$item['max-src-nodes']} ";
54	26dd6a54	pierrepomes	if($item['max-src-conn'])
55			$item_set .= "max-src-conn {$item['max-src-conn']} ";
56	f1c49ff4	Scott Ullrich	if($item['max-src-states'])
57			$item_set .= "max-src-states {$item['max-src-states']} ";
58			if($item['statetype'] != "keep state" && $item['statetype'] != "")
59			$item_set .= "statetype {$item['statetype']} {$item['statetype']}";
60			if($item['statetimeout'])
61			$item_set .= "statetimeout {$item['statetimeout']}";
62			if($item['nosync'])
63			$item_set .= "nosync ";
64			if($item['max-src-conn-rate'])
65			$item_set .= "max-src-conn-rate {$item['max-src-conn-rate']} ";
66			if($item['max-src-conn-rates'])
67			$item_set .= "max-src-conn-rates {$item['max-src-conn-rates']} ";
68			return $item_set;
69			}
70
71	5b237745	Scott Ullrich	if (!is_array($config['filter']['rule'])) {
72			$config['filter']['rule'] = array();
73			}
74			filter_rules_sort();
75			$a_filter = &$config['filter']['rule'];
76
77	07bd3f83	Scott Ullrich	$if = $_GET['if'];
78			if ($_POST['if'])
79			$if = $_POST['if'];
80	b2ffe419	Scott Ullrich
81	cbe3ea96	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
82	07bd3f83	Scott Ullrich
83	90ba56ad	Scott Ullrich	/* add group interfaces */
84			if (is_array($config['ifgroups']['ifgroupentry']))
85			foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
86			if (have_ruleint_access($ifgen['ifname']))
87			$iflist[$ifgen['ifname']] = $ifgen['ifname'];
88
89	aef4dc74	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
90			if(have_ruleint_access($ifent))
91			$iflist[$ifent] = $ifdesc;
92	88bcd1d2	Scott Dale
93	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
94			if(have_ruleint_access("l2tp"))
95			$iflist['l2tp'] = "L2TP VPN";
96
97	07bd3f83	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
98	d81c2ad1	Scott Ullrich	if(have_ruleint_access("pptp"))
99			$iflist['pptp'] = "PPTP VPN";
100	50e0d2a1	Scott Ullrich
101	0e1e0183	Scott Ullrich	if ($config['pppoe']['mode'] == "server")
102	d81c2ad1	Scott Ullrich	if(have_ruleint_access("pppoe"))
103			$iflist['pppoe'] = "PPPoE VPN";
104	0c554ff6	Scott Ullrich
105	88bcd1d2	Scott Dale	/* add ipsec interfaces */
106	d81c2ad1	Scott Ullrich	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['mobileclients']['enable']))
107			if(have_ruleint_access("enc0"))
108	0f266b2e	Chris Buechler	$iflist["enc0"] = "IPsec";
109	07bd3f83	Scott Ullrich
110	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
111	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
112			$iflist["openvpn"] = "OpenVPN";
113	bfb60ac8	Ermal Luçi
114	92125c97	Ermal Luçi	if (!$if \|\| !isset($iflist[$if])) {
115			if ("any" == $if)
116	15160475	Ermal Luçi	$if = "FloatingRules";
117	92125c97	Ermal Luçi	else if ("FloatingRules" != $if)
118			$if = "wan";
119			}
120	07bd3f83	Scott Ullrich
121	5b237745	Scott Ullrich	if ($_POST) {
122
123			$pconfig = $_POST;
124
125			if ($_POST['apply']) {
126	37e2071c	Scott Ullrich	$retval = 0;
127	9a7e416c	Scott Ullrich	$retval = filter_configure();
128
129	a368a026	Ermal Lu?i	clear_subsystem_dirty('filter');
130	a985eac2	Scott Ullrich
131	4739bd06	Scott Ullrich	$savemsg = "The settings have been applied. The firewall rules are now reloading in the background. You can also <a href='status_filter_reload.php'>monitor</a> the reload progress.";
132	5b237745	Scott Ullrich	}
133			}
134
135	d97c50cd	Bill Marquette	if ($_GET['act'] == "del") {
136			if ($a_filter[$_GET['id']]) {
137			unset($a_filter[$_GET['id']]);
138			write_config();
139	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
140	d97c50cd	Bill Marquette	header("Location: firewall_rules.php?if={$if}");
141			exit;
142			}
143			}
144
145	07bd3f83	Scott Ullrich	if (isset($_POST['del_x'])) {
146			/* delete selected rules */
147			if (is_array($_POST['rule']) && count($_POST['rule'])) {
148			foreach ($_POST['rule'] as $rulei) {
149			unset($a_filter[$rulei]);
150			}
151	5b237745	Scott Ullrich	write_config();
152	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
153	07bd3f83	Scott Ullrich	header("Location: firewall_rules.php?if={$if}");
154	5b237745	Scott Ullrich	exit;
155			}
156	07bd3f83	Scott Ullrich	} else if ($_GET['act'] == "toggle") {
157			if ($a_filter[$_GET['id']]) {
158	f53b85a3	Scott Ullrich	if(isset($a_filter[$_GET['id']]['disabled']))
159	734edbdf	Bill Marquette	unset($a_filter[$_GET['id']]['disabled']);
160			else
161			$a_filter[$_GET['id']]['disabled'] = true;
162	5b237745	Scott Ullrich	write_config();
163	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
164	07bd3f83	Scott Ullrich	header("Location: firewall_rules.php?if={$if}");
165	5b237745	Scott Ullrich	exit;
166			}
167	07bd3f83	Scott Ullrich	} else {
168	b2ffe419	Scott Ullrich	/* yuck - IE won't send value attributes for image buttons, while Mozilla does -
169	37e2071c	Scott Ullrich	so we use .x/.y to fine move button clicks instead... */
170	07bd3f83	Scott Ullrich	unset($movebtn);
171			foreach ($_POST as $pn => $pd) {
172			if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
173			$movebtn = $matches[1];
174			break;
175			}
176	5b237745	Scott Ullrich	}
177	07bd3f83	Scott Ullrich	/* move selected rules before this rule */
178			if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
179			$a_filter_new = array();
180	b2ffe419	Scott Ullrich
181	07bd3f83	Scott Ullrich	/* copy all rules < $movebtn and not selected */
182			for ($i = 0; $i < $movebtn; $i++) {
183			if (!in_array($i, $_POST['rule']))
184			$a_filter_new[] = $a_filter[$i];
185			}
186	b2ffe419	Scott Ullrich
187	07bd3f83	Scott Ullrich	/* copy all selected rules */
188			for ($i = 0; $i < count($a_filter); $i++) {
189			if ($i == $movebtn)
190			continue;
191			if (in_array($i, $_POST['rule']))
192			$a_filter_new[] = $a_filter[$i];
193			}
194	b2ffe419	Scott Ullrich
195	07bd3f83	Scott Ullrich	/* copy $movebtn rule */
196			if ($movebtn < count($a_filter))
197			$a_filter_new[] = $a_filter[$movebtn];
198	b2ffe419	Scott Ullrich
199	07bd3f83	Scott Ullrich	/* copy all rules > $movebtn and not selected */
200			for ($i = $movebtn+1; $i < count($a_filter); $i++) {
201			if (!in_array($i, $_POST['rule']))
202			$a_filter_new[] = $a_filter[$i];
203			}
204	b2ffe419	Scott Ullrich
205	07bd3f83	Scott Ullrich	$a_filter = $a_filter_new;
206	5b237745	Scott Ullrich	write_config();
207	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
208	07bd3f83	Scott Ullrich	header("Location: firewall_rules.php?if={$if}");
209	5b237745	Scott Ullrich	exit;
210			}
211			}
212	3a54b6ca	Scott Dale	$closehead = false;
213	5b237745	Scott Ullrich
214	9a25487b	Scott Ullrich	include("head.inc");
215
216	3a54b6ca	Scott Dale	echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domLib.js\"></script>";
217			echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domTT.js\"></script>";
218			echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/behaviour.js\"></script>";
219			echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/fadomatic.js\"></script>";
220	5b237745	Scott Ullrich	?>
221	3a54b6ca	Scott Dale	</head>
222
223	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
224			<?php include("fbegin.inc"); ?>
225			<form action="firewall_rules.php" method="post">
226	625dcc40	Bill Marquette	<script type="text/javascript" language="javascript" src="/javascript/row_toggle.js">
227	fa65a62b	Scott Ullrich	</script>
228	5b237745	Scott Ullrich	<?php if ($savemsg) print_info_box($savemsg); ?>
229	a368a026	Ermal Lu?i	<?php if (is_subsystem_dirty('filter')): ?><p>
230	5b237745	Scott Ullrich	<?php print_info_box_np("The firewall rule configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
231			<?php endif; ?>
232	07bd3f83	Scott Ullrich	<table width="100%" border="0" cellpadding="0" cellspacing="0">
233	37e2071c	Scott Ullrich	<tr><td class="tabnavtbl">
234	0366b748	Scott Ullrich	<?php
235			/* active tabs */
236			$tab_array = array();
237	92125c97	Ermal Luçi	if ("FloatingRules" == $if)
238			$active = true;
239			else
240			$active = false;
241	661aed33	Ermal Luçi	$tab_array[] = array("Floating", $active, "firewall_rules.php?if=FloatingRules");
242	0366b748	Scott Ullrich	$tabscounter = 0; $i = 0; foreach ($iflist as $ifent => $ifname) {
243			if ($ifent == $if)
244			$active = true;
245			else
246			$active = false;
247			$tab_array[] = array($ifname, $active, "firewall_rules.php?if={$ifent}");
248			}
249			display_top_tabs($tab_array);
250			?>
251	07bd3f83	Scott Ullrich	</td></tr>
252	b2ffe419	Scott Ullrich	<tr>
253	d732f186	Bill Marquette	<td>
254			<div id="mainarea">
255			<table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
256	fa65a62b	Scott Ullrich	<tr id="frheader">
257	37e2071c	Scott Ullrich	<td width="3%" class="list"> </td>
258	5b237745	Scott Ullrich	<td width="5%" class="list"> </td>
259	b9e28d57	unknown	<td width="3%" class="listhdrr">ID</td>
260	197bfe96	Ermal Luçi	<td width="6%" class="listhdrr">Proto</td>
261	b9e28d57	unknown	<td width="14%" class="listhdrr">Source</td>
262	197bfe96	Ermal Luçi	<td width="7%" class="listhdrr">Port</td>
263	b9e28d57	unknown	<td width="14%" class="listhdrr">Destination</td>
264	197bfe96	Ermal Luçi	<td width="7%" class="listhdrr">Port</td>
265			<td width="5%" class="listhdrr">Gateway</td>
266	1c7e3ec6	Bill Marquette	<td width="10%" class="listhdrr">Queue</td>
267	197bfe96	Ermal Luçi	<td width="5%" class="listhdrr">Schedule</td>
268	b9e28d57	unknown	<td width="21%" class="listhdr">Description</td>
269	d415d821	Seth Mos	<td width="10%" class="list">
270			<table border="0" cellspacing="0" cellpadding="1">
271			<tr>
272			<?php
273			$nrules = 0;
274			for ($i = 0; isset($a_filter[$i]); $i++) {
275			$filterent = $a_filter[$i];
276	92125c97	Ermal Luçi	if ($filterent['interface'] != $if && !isset($filterent['floating']))
277	f1c49ff4	Scott Ullrich	continue;
278			if (isset($filterent['floating']) && "FloatingRules" != $if)
279	d415d821	Seth Mos	continue;
280			$nrules++;
281			}
282			?>
283			<td>
284			<?php if ($nrules == 0): ?>
285			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?>
286			<input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected rules" onclick="return confirm('Do you really want to delete the selected rules?')"><?php endif; ?>
287			</td>
288			<td align="center" valign="middle"><a href="firewall_rules_edit.php?if=<?=$if;?>&after=-1"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add new rule" width="17" height="17" border="0"></a></td>
289			</tr>
290			</table>
291			</td>
292			</tr>
293	f1f60c92	Ermal Luçi	<?php if (isset($config['interfaces'][$if]['blockpriv'])): ?>
294	d9eeccbd	Scott Ullrich	<tr valign="top" id="frrfc1918">
295	f77830b3	Scott Ullrich	<td width="3%" class="list"> </td>
296			<td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0"></td>
297	b9e28d57	unknown	<td class="listlr" style="background-color: #e0e0e0"></td>
298			<td class="listr" style="background-color: #e0e0e0">*</td>
299	d9eeccbd	Scott Ullrich	<td class="listr" style="background-color: #e0e0e0">RFC 1918 networks</td>
300			<td class="listr" style="background-color: #e0e0e0">*</td>
301			<td class="listr" style="background-color: #e0e0e0">*</td>
302			<td class="listr" style="background-color: #e0e0e0">*</td>
303	40ad834c	Scott Dale	<td class="listr" style="background-color: #e0e0e0">*</td>
304	b45dcff4	Scott Ullrich	<td class="listr" style="background-color: #e0e0e0">*</td>
305	8ff2395b	Scott Ullrich	<td class="listr" style="background-color: #e0e0e0"></td>
306	c3fdc1fd	Scott Ullrich	<td class="listbg">Block private networks</td>
307	d9eeccbd	Scott Ullrich	<td valign="middle" nowrap class="list">
308			<table border="0" cellspacing="0" cellpadding="1">
309			<tr>
310			<td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules before this rule"></td>
311	01eb687d	Ermal Luçi	<td><a href="interfaces.php#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
312	d9eeccbd	Scott Ullrich	</tr>
313			<tr>
314			<td align="center" valign="middle"></td>
315	83b81db7	Scott Ullrich	<td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="add a new rule based on this one" width="17" height="17" border="0"></td>
316	d9eeccbd	Scott Ullrich	</tr>
317			</table>
318			</td>
319			</tr>
320	c20c0f5a	Scott Ullrich	<?php endif; ?>
321	f1f60c92	Ermal Luçi	<?php if (isset($config['interfaces'][$if]['blockbogons'])): ?>
322	c20c0f5a	Scott Ullrich	<tr valign="top" id="frrfc1918">
323			<td width="3%" class="list"> </td>
324			<td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0"></td>
325	b9e28d57	unknown	<td class="listlr" style="background-color: #e0e0e0"></td>
326			<td class="listr" style="background-color: #e0e0e0">*</td>
327	40ad834c	Scott Dale	<td class="listr" style="background-color: #e0e0e0">Reserved/not assigned by IANA</td>
328	c20c0f5a	Scott Ullrich	<td class="listr" style="background-color: #e0e0e0">*</td>
329			<td class="listr" style="background-color: #e0e0e0">*</td>
330			<td class="listr" style="background-color: #e0e0e0">*</td>
331	40ad834c	Scott Dale	<td class="listr" style="background-color: #e0e0e0">*</td>
332			<td class="listr" style="background-color: #e0e0e0">*</td>
333	f1f60c92	Ermal Luçi	<td class="listr" style="background-color: #e0e0e0">*</td>
334	e34ecb20	Chris Buechler	<td class="listbg">Block bogon networks</td>
335	c20c0f5a	Scott Ullrich	<td valign="middle" nowrap class="list">
336			<table border="0" cellspacing="0" cellpadding="1">
337			<tr>
338			<td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules before this rule"></td>
339	01eb687d	Ermal Luçi	<td><a href="interfaces.php#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
340	c20c0f5a	Scott Ullrich	</tr>
341			<tr>
342			<td align="center" valign="middle"></td>
343			<td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="add a new rule based on this one" width="17" height="17" border="0"></td>
344			</tr>
345			</table>
346			</td>
347			</tr>
348			<?php endif; ?>
349	07bd3f83	Scott Ullrich	<?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++):
350			$filterent = $a_filter[$i];
351	92125c97	Ermal Luçi	if ($filterent['interface'] != $if && !isset($filterent['floating']))
352	f1c49ff4	Scott Ullrich	continue;
353			if (isset($filterent['floating']) && "FloatingRules" != $if)
354			continue;
355			$isadvset = check_for_advaned_options($filterent);
356			if($isadvset)
357	9c347273	Scott Ullrich	$advanced_set = "<img src=\"./themes/{$g['theme']}/images/icons/icon_advanced.gif\" title=\"advanced settings set: $isadvset\" border=\"0\">";
358	f1c49ff4	Scott Ullrich	else
359			$advanced_set = ""
360	07bd3f83	Scott Ullrich	?>
361	37e2071c	Scott Ullrich	<tr valign="top" id="fr<?=$nrules;?>">
362	f1c49ff4	Scott Ullrich	<td class="listt">
363			<input type="checkbox" id="frc<?=$nrules;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nrules;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;">
364			<?php echo $advanced_set; ?>
365			</td>
366	37e2071c	Scott Ullrich	<td class="listt" align="center">
367	5b237745	Scott Ullrich	<?php if ($filterent['type'] == "block")
368			$iconfn = "block";
369			else if ($filterent['type'] == "reject") {
370	950d21d0	Scott Ullrich	if ($filterent['protocol'] == "tcp" \|\| $filterent['protocol'] == "udp" \|\| $filterent['protocol'] == "tcp/udp")
371	5b237745	Scott Ullrich	$iconfn = "reject";
372			else
373			$iconfn = "block";
374			} else
375			$iconfn = "pass";
376			if (isset($filterent['disabled'])) {
377			$textss = "<span class=\"gray\">";
378			$textse = "</span>";
379			$iconfn .= "_d";
380			} else {
381			$textss = $textse = "";
382			}
383			?>
384	677c0869	Erik Kristensen	<a href="?if=<?=$if;?>&act=toggle&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
385	5b237745	Scott Ullrich	<?php if (isset($filterent['log'])):
386	6fecc73b	Scott Dale	$iconfnlog = "log_s";
387	5b237745	Scott Ullrich	if (isset($filterent['disabled']))
388	6fecc73b	Scott Dale	$iconfnlog .= "_d";
389	5b237745	Scott Ullrich	?>
390	6fecc73b	Scott Dale	<br><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfnlog;?>.gif" width="11" height="15" border="0">
391	5b237745	Scott Ullrich	<?php endif; ?>
392			</td>
393	3a54b6ca	Scott Dale	<?php
394	2a9db752	Scott Dale
395	2a113ca9	Scott Dale	//build Alias popup box
396	3a54b6ca	Scott Dale	$span_end = "";
397			$alias_src_span_begin = "";
398			$alias_src_port_span_begin = "";
399			$alias_dst_span_begin = "";
400			$alias_dst_port_span_begin = "";
401
402	2a9db752	Scott Dale	$alias_popup = rule_popup($filterent['source']['address'],pprint_port($filterent['source']['port']),$filterent['destination']['address'],pprint_port($filterent['destination']['port']));
403			$span_end = "</U></span>";
404	3a54b6ca	Scott Dale
405	2a9db752	Scott Dale	$alias_src_span_begin = $alias_popup["src"];
406
407			$alias_src_port_span_begin = $alias_popup["srcport"];
408
409			$alias_dst_span_begin = $alias_popup["dst"];
410
411			$alias_dst_port_span_begin = $alias_popup["dstport"];
412	3a54b6ca	Scott Dale
413	2a113ca9	Scott Dale	//build Schedule popup box
414			$a_schedules = &$config['schedules']['schedule'];
415			$schedule_span_begin = "";
416			$schedule_span_end = "";
417			$sched_caption = "";
418	eace1363	Scott Dale	$sched_content = "";
419	3b907eb1	Scott Dale	$schedstatus = false;
420	2a113ca9	Scott Dale	$dayArray = array ('Mon','Tues','Wed','Thur','Fri','Sat','Sun');
421			$monthArray = array ('January','February','March','April','May','June','July','August','September','October','November','December');
422	8ce97a08	Scott Dale	if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])){
423			foreach ($a_schedules as $schedule)
424			{
425			if ($schedule['name'] == $filterent['sched'] ){
426	60120e37	Ermal Lu?i	$schedstatus = filter_get_time_based_rule_status($schedule);
427	8ce97a08	Scott Dale
428			foreach($schedule['timerange'] as $timerange) {
429			$tempFriendlyTime = "";
430			$tempID = "";
431			$firstprint = false;
432			if ($timerange){
433			$dayFriendly = "";
434			$tempFriendlyTime = "";
435
436			//get hours
437			$temptimerange = $timerange['hour'];
438			$temptimeseparator = strrpos($temptimerange, "-");
439	2a113ca9	Scott Dale
440	8ce97a08	Scott Dale	$starttime = substr ($temptimerange, 0, $temptimeseparator);
441			$stoptime = substr ($temptimerange, $temptimeseparator+1);
442	2a113ca9	Scott Dale
443	8ce97a08	Scott Dale	if ($timerange['month']){
444			$tempmontharray = explode(",", $timerange['month']);
445			$tempdayarray = explode(",",$timerange['day']);
446			$arraycounter = 0;
447			$firstDayFound = false;
448			$firstPrint = false;
449			foreach ($tempmontharray as $monthtmp){
450			$month = $tempmontharray[$arraycounter];
451			$day = $tempdayarray[$arraycounter];
452	2a113ca9	Scott Dale
453			if (!$firstDayFound)
454			{
455	8ce97a08	Scott Dale	$firstDay = $day;
456			$firstmonth = $month;
457	2a113ca9	Scott Dale	$firstDayFound = true;
458			}
459	8ce97a08	Scott Dale
460			$currentDay = $day;
461			$nextDay = $tempdayarray[$arraycounter+1];
462			$currentDay++;
463			if (($currentDay != $nextDay) \|\| ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])){
464			if ($firstPrint)
465	2a113ca9	Scott Dale	$dayFriendly .= ", ";
466			$currentDay--;
467			if ($currentDay != $firstDay)
468	8ce97a08	Scott Dale	$dayFriendly .= $monthArray[$firstmonth-1] . " " . $firstDay . " - " . $currentDay ;
469	2a113ca9	Scott Dale	else
470	8ce97a08	Scott Dale	$dayFriendly .= $monthArray[$month-1] . " " . $day;
471	2a113ca9	Scott Dale	$firstDayFound = false;
472	8ce97a08	Scott Dale	$firstPrint = true;
473			}
474			$arraycounter++;
475	2a113ca9	Scott Dale	}
476			}
477	8ce97a08	Scott Dale	else
478			{
479			$tempdayFriendly = $timerange['position'];
480			$firstDayFound = false;
481			$tempFriendlyDayArray = explode(",", $tempdayFriendly);
482			$currentDay = "";
483			$firstDay = "";
484			$nextDay = "";
485			$counter = 0;
486			foreach ($tempFriendlyDayArray as $day){
487			if ($day != ""){
488			if (!$firstDayFound)
489			{
490			$firstDay = $tempFriendlyDayArray[$counter];
491			$firstDayFound = true;
492			}
493			$currentDay =$tempFriendlyDayArray[$counter];
494			//get next day
495			$nextDay = $tempFriendlyDayArray[$counter+1];
496			$currentDay++;
497			if ($currentDay != $nextDay){
498			if ($firstprint)
499			$dayFriendly .= ", ";
500			$currentDay--;
501			if ($currentDay != $firstDay)
502			$dayFriendly .= $dayArray[$firstDay-1] . " - " . $dayArray[$currentDay-1];
503			else
504			$dayFriendly .= $dayArray[$firstDay-1];
505			$firstDayFound = false;
506			$firstprint = true;
507			}
508			$counter++;
509			}
510			}
511			}
512			$timeFriendly = $starttime . " - " . $stoptime;
513			$description = $timerange['rangedescr'];
514			$sched_content .= $dayFriendly . "; " . $timeFriendly . "<br>";
515			}
516	2a113ca9	Scott Dale	}
517	8ce97a08	Scott Dale	$sched_caption = $schedule['descr'];
518			$schedule_span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$sched_caption</h1><p>$sched_content</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>";
519			$schedule_span_end = "</U></span>";
520	2a113ca9	Scott Dale	}
521			}
522			}
523	6fecc73b	Scott Dale	$printicon = false;
524	616dd997	Scott Dale	$alttext = "";
525			$image = "";
526			if (!isset($filterent['disabled'])){
527			if ($schedstatus)
528			{
529			if ($iconfn == "block" \|\| $iconfn == "reject")
530			{
531	5b552ac7	Scott Dale	$image = "icon_block";
532	616dd997	Scott Dale	$alttext = "Traffic matching this rule is currently being denied";
533			}
534			else
535			{
536	5b552ac7	Scott Dale	$image = "icon_pass";
537	616dd997	Scott Dale	$alttext = "Traffic matching this rule is currently being allowed";
538			}
539			$printicon = true;
540			}
541			else if ($filterent['sched'])
542			{
543			if ($iconfn == "block" \|\| $iconfn == "reject")
544			{
545	5b552ac7	Scott Dale	$image = "icon_block_d";
546	616dd997	Scott Dale	$alttext = "Traffic matching this rule is currently being allowed";
547			}
548			else
549			{
550	5b552ac7	Scott Dale	$image = "icon_block";
551	616dd997	Scott Dale	$alttext = "Traffic matching this rule is currently being denied";
552			}
553			$printicon = true;
554			}
555			}
556	3a54b6ca	Scott Dale	?>
557	98e29097	Bill Marquette	<td class="listlr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
558	b9e28d57	unknown	<?=$textss;?><?php if (isset($filterent['id'])) echo $filterent['id']; else echo ""; ?><?=$textse;?>
559			</td>
560			<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
561	5b237745	Scott Ullrich	<?=$textss;?><?php if (isset($filterent['protocol'])) echo strtoupper($filterent['protocol']); else echo "*"; ?><?=$textse;?>
562			</td>
563	98e29097	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
564	3a54b6ca	Scott Dale	<?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?>
565	5b237745	Scott Ullrich	</td>
566	98e29097	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
567	3a54b6ca	Scott Dale	<?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['source']['port'])); ?><?php echo $alias_src_port_span_end;?><?=$textse;?>
568	5b237745	Scott Ullrich	</td>
569	98e29097	Bill Marquette	<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
570	3a54b6ca	Scott Dale	<?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['destination'])); ?><?php echo $alias_dst_span_end;?><?=$textse;?>
571	5b237745	Scott Ullrich	</td>
572	3a54b6ca	Scott Dale	<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
573			<?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['destination']['port'])); ?><?php echo $alias_dst_port_span_end;?><?=$textse;?>
574	5b237745	Scott Ullrich	</td>
575	b504c2f8	Scott Ullrich	<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
576	e9832b41	Bill Marquette	<?=$textss;?><?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])) echo htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr']); else echo htmlspecialchars(pprint_port($filterent['gateway'])); ?><?=$textse;?>
577	b504c2f8	Scott Ullrich	</td>
578	197bfe96	Ermal Luçi	<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"><?=$textss;?>
579			<?php
580			if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) {
581			$desc = $filterent['ackqueue'] ;
582			echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&action=show\">{$desc}</a>";
583			$desc = $filterent['defaultqueue'];
584			echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
585			} else if (isset($filterent['defaultqueue'])) {
586			$desc = $filterent['defaultqueue'];
587			echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>"; }
588			else echo "none";
589			?><?=$textse;?>
590			</td>
591	3595b631	Scott Dale	<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"><font color="black">
592	d3bcf522	Scott Dale	<?php if ($printicon) { ?><img src="./themes/<?= $g['theme']; ?>/images/icons/<?php echo $image; ?>.gif" title="<?php echo $alttext;?>" border="0"><?php } ?> <?=$textss;?><?php echo $schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?><?php echo $schedule_span_end; ?><?=$textse;?>
593	7738faa8	Scott Ullrich	</td>
594	c2a6f323	Scott Ullrich	<td class="listbg" onClick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';" class="descr">
595	07bd3f83	Scott Ullrich	<?=$textss;?><?=htmlspecialchars($filterent['descr']);?> <?=$textse;?>
596	5b237745	Scott Ullrich	</td>
597			<td valign="middle" nowrap class="list">
598	07bd3f83	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="1">
599			<tr>
600	677c0869	Erik Kristensen	<td><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected rules before this rule" onMouseOver="fr_insline(<?=$nrules;?>, true)" onMouseOut="fr_insline(<?=$nrules;?>, false)"></td>
601			<td><a href="firewall_rules_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
602	07bd3f83	Scott Ullrich	</tr>
603			<tr>
604	1cfed9db	Scott Ullrich	<td align="center" valign="middle"><a href="firewall_rules.php?act=del&if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete rule" onclick="return confirm('Do you really want to delete this rule?')"></a></td>
605	677c0869	Erik Kristensen	<td><a href="firewall_rules_edit.php?dup=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new rule based on this one" width="17" height="17" border="0"></a></td>
606	07bd3f83	Scott Ullrich	</tr>
607			</table>
608	5b237745	Scott Ullrich	</td>
609			</tr>
610	07bd3f83	Scott Ullrich	<?php $nrules++; endfor; ?>
611			<?php if ($nrules == 0): ?>
612	37e2071c	Scott Ullrich	<td class="listt"></td>
613	07bd3f83	Scott Ullrich	<td class="listt"></td>
614	d5a1008d	Scott Ullrich	<td class="listlr" colspan="10" align="center" valign="middle">
615	07bd3f83	Scott Ullrich	<span class="gray">
616			No rules are currently defined for this interface.<br>
617			All incoming connections on this interface will be blocked until you add pass rules.<br><br>
618	677c0869	Erik Kristensen	Click the <a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add new rule" border="0" width="17" height="17" align="absmiddle"></a> button to add a new rule.</span>
619	07bd3f83	Scott Ullrich	</td>
620			<?php endif; ?>
621	37e2071c	Scott Ullrich	<tr id="fr<?=$nrules;?>">
622			<td class="list"></td>
623			<td class="list"></td>
624			<td class="list"> </td>
625			<td class="list"> </td>
626			<td class="list"> </td>
627	b9e28d57	unknown	<td class="list"> </td>
628	1c7e3ec6	Bill Marquette	<td class="list"> </td>
629			<td class="list"> </td>
630			<td class="list"> </td>
631	37e2071c	Scott Ullrich	<td class="list"> </td>
632			<td class="list"> </td>
633			<td class="list"> </td>
634	07bd3f83	Scott Ullrich	<td class="list">
635			<table border="0" cellspacing="0" cellpadding="1">
636			<tr>
637			<td>
638	677c0869	Erik Kristensen	<?php if ($nrules == 0): ?><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected rules to end" onMouseOver="fr_insline(<?=$nrules;?>, true)" onMouseOut="fr_insline(<?=$nrules;?>, false)"><?php endif; ?></td>
639	37e2071c	Scott Ullrich	<td></td>
640	07bd3f83	Scott Ullrich	</tr>
641			<tr>
642	3086d0f8	Scott Ullrich	<td>
643			<?php if ($nrules == 0): ?>
644			<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?>
645			<input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected rules" onclick="return confirm('Do you really want to delete the selected rules?')"><?php endif; ?>
646			</td>
647	d415d821	Seth Mos	<td><a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add new rule" width="17" height="17" border="0"></a></td>
648	07bd3f83	Scott Ullrich	</tr>
649			</table>
650			</td>
651	5b237745	Scott Ullrich	</tr>
652			</table>
653	d732f186	Bill Marquette	<table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
654	b2ffe419	Scott Ullrich	<tr>
655	677c0869	Erik Kristensen	<td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11"></td>
656	5b237745	Scott Ullrich	<td>pass</td>
657			<td width="14"></td>
658	677c0869	Erik Kristensen	<td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
659	5b237745	Scott Ullrich	<td>block</td>
660			<td width="14"></td>
661	677c0869	Erik Kristensen	<td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_reject.gif" width="11" height="11"></td>
662	5b237745	Scott Ullrich	<td>reject</td>
663			<td width="14"></td>
664	677c0869	Erik Kristensen	<td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_log.gif" width="11" height="11"></td>
665	5b237745	Scott Ullrich	<td>log</td>
666			</tr>
667	b2ffe419	Scott Ullrich	<tr>
668	677c0869	Erik Kristensen	<td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass_d.gif" width="11" height="11"></td>
669	d732f186	Bill Marquette	<td nowrap>pass (disabled)</td>
670			<td> </td>
671	677c0869	Erik Kristensen	<td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
672	d732f186	Bill Marquette	<td nowrap>block (disabled)</td>
673			<td> </td>
674	677c0869	Erik Kristensen	<td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_reject_d.gif" width="11" height="11"></td>
675	d732f186	Bill Marquette	<td nowrap>reject (disabled)</td>
676			<td> </td>
677	677c0869	Erik Kristensen	<td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_log_d.gif" width="11" height="11"></td>
678	d732f186	Bill Marquette	<td nowrap>log (disabled)</td>
679	5b237745	Scott Ullrich	</tr>
680	d732f186	Bill Marquette	<tr>
681	05860c07	Scott Ullrich	<td colspan="10">
682	07bd3f83	Scott Ullrich	<p>
683			<strong><span class="red">Hint:<br>
684	37e2071c	Scott Ullrich	</span></strong>Rules are evaluated on a first-match basis (i.e.
685	b2ffe419	Scott Ullrich	the action of the first rule to match a packet will be executed).
686			This means that if you use block rules, you'll have to pay attention
687			to the rule order. Everything that isn't explicitly passed is blocked
688	07bd3f83	Scott Ullrich	by default.</p>
689	d732f186	Bill Marquette	</td>
690			</tr>
691			</table>
692			</div>
693			</td>
694			</tr>
695			</table>
696	37e2071c	Scott Ullrich	<input type="hidden" name="if" value="<?=$if;?>">
697	07bd3f83	Scott Ullrich	</form>
698	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
699	af4aa061	Scott Ullrich	</body>
700			</html>

Project

General

Profile

pfSense