/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ 15705bc0

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: filter
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-rules-edit
39			##\|*NAME=Firewall: Rules: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
41			##\|MATCH=firewall_rules_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	1a03cf69	Scott Ullrich	require("filter.inc");
46			require("shaper.inc");
47	5b237745	Scott Ullrich
48	e5e5ba51	Vinicius Coque	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
49	3331a640	Ermal Lu?i	$ifdisp = get_configured_interface_with_descr();
50	679d21bb	Ermal Lu?i	foreach ($ifdisp as $kif => $kdescr) {
51	3331a640	Ermal Lu?i	$specialsrcdst[] = "{$kif}";
52			$specialsrcdst[] = "{$kif}ip";
53	679d21bb	Ermal Lu?i	}
54	5b237745	Scott Ullrich
55			if (!is_array($config['filter']['rule'])) {
56			$config['filter']['rule'] = array();
57			}
58			filter_rules_sort();
59			$a_filter = &$config['filter']['rule'];
60
61			$id = $_GET['id'];
62			if (is_numeric($_POST['id']))
63			$id = $_POST['id'];
64	5ba18897	Scott Ullrich
65	5b237745	Scott Ullrich	$after = $_GET['after'];
66
67			if (isset($_POST['after']))
68			$after = $_POST['after'];
69
70			if (isset($_GET['dup'])) {
71			$id = $_GET['dup'];
72			$after = $_GET['dup'];
73			}
74
75			if (isset($id) && $a_filter[$id]) {
76			$pconfig['interface'] = $a_filter[$id]['interface'];
77	5ba18897	Scott Ullrich
78	b9e28d57	unknown	if (isset($a_filter[$id]['id']))
79			$pconfig['ruleid'] = $a_filter[$id]['id'];
80
81	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
82			$pconfig['type'] = "pass";
83			else
84			$pconfig['type'] = $a_filter[$id]['type'];
85	5ba18897	Scott Ullrich
86	4633edc2	Ermal Luçi	if (isset($a_filter[$id]['floating']) \|\| $if == "FloatingRules") {
87	661aed33	Ermal Luçi	$pconfig['floating'] = $a_filter[$id]['floating'];
88			if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
89			$pconfig['interface'] = $a_filter[$id]['interface'];
90			}
91
92			if (isset($a_filter['floating']))
93			$pconfig['floating'] = "yes";
94
95			if (isset($a_filter[$id]['direction']))
96			$pconfig['direction'] = $a_filter[$id]['direction'];
97
98	1306c7dd	Seth Mos	if (isset($a_filter[$id]['ipprotocol']))
99			$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
100
101	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
102			$pconfig['proto'] = $a_filter[$id]['protocol'];
103			else
104			$pconfig['proto'] = "any";
105	5ba18897	Scott Ullrich
106	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
107			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
108	5ba18897	Scott Ullrich
109	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
110			$pconfig['srcmask'], $pconfig['srcnot'],
111			$pconfig['srcbeginport'], $pconfig['srcendport']);
112	5ba18897	Scott Ullrich
113	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
114			$pconfig['os'] = $a_filter[$id]['os'];
115	e33c8694	Bill Marquette
116	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
117			$pconfig['dstmask'], $pconfig['dstnot'],
118			$pconfig['dstbeginport'], $pconfig['dstendport']);
119
120	c5fc1b2e	Ermal Luçi	if ($a_filter[$id]['dscp'] <> "")
121			$pconfig['dscp'] = $a_filter[$id]['dscp'];
122
123	5b237745	Scott Ullrich	$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
124			$pconfig['log'] = isset($a_filter[$id]['log']);
125			$pconfig['descr'] = $a_filter[$id]['descr'];
126	8c84fe43	Scott Ullrich
127	b8ed2a11	Ermal	if (isset($a_filter[$id]['tcpflags_any']))
128			$pconfig['tcpflags_any'] = true;
129			else {
130			if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
131			$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1'];
132			if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
133			$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2'];
134			}
135
136	5c1f5584	Ermal Luçi	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
137	661aed33	Ermal Luçi	$pconfig['tag'] = $a_filter[$id]['tag'];
138	b6494651	Ermal Lu?i	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "")
139	661aed33	Ermal Luçi	$pconfig['tagged'] = $a_filter[$id]['tagged'];
140			if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick'])
141			$pconfig['quick'] = $a_filter[$id]['quick'];
142	775ccea3	Ermal Luci	if (isset($a_filter[$id]['allowopts']))
143			$pconfig['allowopts'] = true;
144	19757916	Ermal Lu?i	if (isset($a_filter[$id]['disablereplyto']))
145			$pconfig['disablereplyto'] = true;
146	661aed33	Ermal Luçi
147	ed08ef3e	Scott Ullrich	/* advanced */
148	a56b2fa0	pierrepomes	$pconfig['max'] = $a_filter[$id]['max'];
149	f1c49ff4	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
150	26dd6a54	pierrepomes	$pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn'];
151	f1c49ff4	Scott Ullrich	$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
152			$pconfig['statetype'] = $a_filter[$id]['statetype'];
153	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
154	8c84fe43	Scott Ullrich
155	f1c49ff4	Scott Ullrich	/* advanced - nosync */
156	8c84fe43	Scott Ullrich	$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
157	10f21e70	Scott Ullrich
158	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
159			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
160			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
161	5ba18897	Scott Ullrich
162	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
163	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
164	615b27bc	Scott Dale
165	197bfe96	Ermal Luçi	/* Shaper support */
166			$pconfig['defaultqueue'] = $a_filter[$id]['defaultqueue'];
167			$pconfig['ackqueue'] = $a_filter[$id]['ackqueue'];
168	a5fd67e1	Ermal Luçi	$pconfig['dnpipe'] = $a_filter[$id]['dnpipe'];
169			$pconfig['pdnpipe'] = $a_filter[$id]['pdnpipe'];
170	7e50413c	Ermal Luçi	$pconfig['l7container'] = $a_filter[$id]['l7container'];
171	197bfe96	Ermal Luçi
172	615b27bc	Scott Dale	//schedule support
173			$pconfig['sched'] = $a_filter[$id]['sched'];
174	35c9cd44	Erik Fonnesbeck	if (!isset($_GET['dup']))
175			$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
176	c98ddde2	Bill Marquette
177	5b237745	Scott Ullrich	} else {
178			/* defaults */
179	a23d7248	Scott Ullrich	if ($_GET['if'])
180			$pconfig['interface'] = $_GET['if'];
181	e5e5ba51	Vinicius Coque	$pconfig['type'] = "pass";
182			$pconfig['src'] = "any";
183			$pconfig['dst'] = "any";
184	5b237745	Scott Ullrich	}
185	72320b88	Ermal Luçi	/* Allow the FlotingRules to work */
186			$if = $pconfig['interface'];
187	5b237745	Scott Ullrich
188			if (isset($_GET['dup']))
189			unset($id);
190
191			if ($_POST) {
192	87f0be87	Chris Buechler
193	48a27d4f	Erik Fonnesbeck	if( isset($a_filter[$id]['associated-rule-id']) ) {
194			$_POST['proto'] = $pconfig['proto'];
195			if ($pconfig['proto'] == "icmp")
196			$_POST['icmptype'] = $pconfig['icmptype'];
197			}
198
199	87f0be87	Chris Buechler	if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
200	11d2c529	Rafael Lucas	$input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP.");
201	28f9e493	Scott Ullrich
202	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
203			$_POST['srcbeginport'] = 0;
204			$_POST['srcendport'] = 0;
205			$_POST['dstbeginport'] = 0;
206			$_POST['dstendport'] = 0;
207			} else {
208	5ba18897	Scott Ullrich
209	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
210			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
211			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
212			$_POST['srcendport'] = $_POST['srcendport_cust'];
213	5ba18897	Scott Ullrich
214	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
215			$_POST['srcbeginport'] = 0;
216			$_POST['srcendport'] = 0;
217	5ba18897	Scott Ullrich	} else {
218	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
219			$_POST['srcendport'] = $_POST['srcbeginport'];
220			}
221			if ($_POST['srcendport'] == "any")
222			$_POST['srcendport'] = $_POST['srcbeginport'];
223	5ba18897	Scott Ullrich
224	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
225			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
226			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
227			$_POST['dstendport'] = $_POST['dstendport_cust'];
228	5ba18897	Scott Ullrich
229	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
230			$_POST['dstbeginport'] = 0;
231			$_POST['dstendport'] = 0;
232	5ba18897	Scott Ullrich	} else {
233	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
234			$_POST['dstendport'] = $_POST['dstbeginport'];
235			}
236			if ($_POST['dstendport'] == "any")
237	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
238	5b237745	Scott Ullrich	}
239	5ba18897	Scott Ullrich
240	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
241			$_POST['src'] = $_POST['srctype'];
242			$_POST['srcmask'] = 0;
243			} else if ($_POST['srctype'] == "single") {
244			$_POST['srcmask'] = 32;
245			}
246			if (is_specialnet($_POST['dsttype'])) {
247			$_POST['dst'] = $_POST['dsttype'];
248			$_POST['dstmask'] = 0;
249			} else if ($_POST['dsttype'] == "single") {
250			$_POST['dstmask'] = 32;
251			}
252	5ba18897	Scott Ullrich
253	5b237745	Scott Ullrich	unset($input_errors);
254			$pconfig = $_POST;
255
256	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
257			* cannot think he is slick and perform a XSS attack on the unwilling
258			*/
259	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
260	08825acc	smos	$temp = str_replace(">", "", $value);
261
262	661aed33	Ermal Luçi	if (isset($_POST['floating']) && $key == "interface")
263			continue;
264	21eff66f	Scott Ullrich	$newpost = htmlentities($temp);
265	5157927f	Scott Ullrich	if($newpost <> $temp)
266	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp);
267	ef2a753c	Scott Ullrich	}
268
269	5b237745	Scott Ullrich	/* input validation */
270	1122a892	Erik Fonnesbeck	$reqdfields = explode(" ", "type proto");
271			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
272	48a27d4f	Erik Fonnesbeck	$reqdfields[] = "src";
273			$reqdfields[] = "dst";
274	1122a892	Erik Fonnesbeck	}
275			$reqdfieldsn = explode(",", "Type,Protocol");
276			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
277			$reqdfieldsn[] = "Source";
278	473d0ff0	pierrepomes	$reqdfieldsn[] = "Destination";
279	1122a892	Erik Fonnesbeck	}
280	5b237745	Scott Ullrich
281	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
282	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
283	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid with protocol tcp."),$_POST['statetype']);
284	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
285	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
286	452ade89	Bill Marquette	}
287	10f7933f	Chris Buechler
288	1122a892	Erik Fonnesbeck	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
289			(!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) ) {
290	5b237745	Scott Ullrich	$reqdfields[] = "srcmask";
291			$reqdfieldsn[] = "Source bit count";
292			}
293	9b16b834	Ermal Lu?i	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
294	473d0ff0	pierrepomes	(!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) ) {
295	5b237745	Scott Ullrich	$reqdfields[] = "dstmask";
296	11d2c529	Rafael Lucas	$reqdfieldsn[] = gettext("Destination bit count");
297	5b237745	Scott Ullrich	}
298	5ba18897	Scott Ullrich
299	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
300	5ba18897	Scott Ullrich
301	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
302			$_POST['srcbeginport'] = 0;
303			$_POST['srcendport'] = 0;
304			}
305			if (!$_POST['dstbeginport']) {
306			$_POST['dstbeginport'] = 0;
307			$_POST['dstendport'] = 0;
308			}
309	5ba18897	Scott Ullrich
310	9b45f821	Ermal Lu?i	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
311	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
312	9b45f821	Ermal Lu?i	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
313	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
314	9b45f821	Ermal Lu?i	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
315	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
316	9b45f821	Ermal Lu?i	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
317	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
318	5ba18897	Scott Ullrich
319	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
320			if($_POST['srctype'] == "network") {
321			if(is_alias($_POST['src']))
322	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
323	0e5ddcd9	Scott Ullrich	}
324			if($_POST['dsttype'] == "network") {
325			if(is_alias($_POST['dst']))
326	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
327	0e5ddcd9	Scott Ullrich	}
328
329	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
330	1e578a7f	Ermal Lu?i	if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
331	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."),$_POST['src']);
332	5b237745	Scott Ullrich	}
333			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
334	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid source bit count must be specified.");
335	5b237745	Scott Ullrich	}
336			}
337			if (!is_specialnet($_POST['dsttype'])) {
338	1e578a7f	Ermal Lu?i	if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
339	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."),$_POST['dst']);
340	5b237745	Scott Ullrich	}
341			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
342	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid destination bit count must be specified.");
343	5b237745	Scott Ullrich	}
344			}
345	5ba18897	Scott Ullrich
346	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
347			/* swap */
348			$tmp = $_POST['srcendport'];
349			$_POST['srcendport'] = $_POST['srcbeginport'];
350			$_POST['srcbeginport'] = $tmp;
351			}
352			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
353			/* swap */
354			$tmp = $_POST['dstendport'];
355			$_POST['dstendport'] = $_POST['dstbeginport'];
356			$_POST['dstbeginport'] = $tmp;
357			}
358	e33c8694	Bill Marquette	if ($_POST['os'])
359			if( $_POST['proto'] != "tcp" )
360	11d2c529	Rafael Lucas	$input_errors[] = gettext("OS detection is only valid with protocol tcp.");
361	5b237745	Scott Ullrich
362	197bfe96	Ermal Luçi	if ($_POST['ackqueue'] && $_POST['ackqueue'] != "none") {
363			if ($_POST['defaultqueue'] == "none" )
364	11d2c529	Rafael Lucas	$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
365	197bfe96	Ermal Luçi	else if ($_POST['ackqueue'] == $_POST['defaultqueue'])
366	11d2c529	Rafael Lucas	$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
367	197bfe96	Ermal Luçi	}
368	6735d092	Ermal	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
369	02d7e4a4	Ermal	$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
370	622bd5e7	Ermal	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
371	37d202a3	Ermal	$input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction.");
372	a5fd67e1	Ermal Luçi	if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") {
373			if ($_POST['dnpipe'] == "none" )
374	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
375	a5fd67e1	Ermal Luçi	else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
376	11d2c529	Rafael Lucas	$input_errors[] = gettext("In and Out Queue cannot be the same.");
377	a5fd67e1	Ermal Luçi	else if ($pdnpipe[0] == "?" && $dnpipe[0] <> "?")
378	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
379			else if ($dnpipe[0] == "?" && $pdnpipe[0] <> "?")
380			$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
381	a5fd67e1	Ermal Luçi	}
382	b9e28d57	unknown	if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
383	11d2c529	Rafael Lucas	$input_errors[] = gettext('ID must be an integer');
384	7e50413c	Ermal Luçi	if($_POST['l7container'] && $_POST['l7container'] != "none") {
385			if(!($_POST['proto'] == "tcp" \|\| $_POST['proto'] == "udp" \|\| $_POST['proto'] == "tcp/udp"))
386	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols");
387	3b184ca5	Ermal Lu?i	if ($_POST['type'] <> "pass")
388	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
389	7e50413c	Ermal Luçi	}
390	197bfe96	Ermal Luçi
391	b8ed2a11	Ermal	if (!$_POST['tcpflags_any']) {
392			$settcpflags = array();
393			$outoftcpflags = array();
394			foreach ($tcpflags as $tcpflag) {
395			if ($_POST['tcpflags1_' . $tcpflag] == "on")
396			$settcpflags[] = $tcpflag;
397			if ($_POST['tcpflags2_' . $tcpflag] == "on")
398			$outoftcpflags[] = $tcpflag;
399			}
400			if (empty($outoftcpflags) && !empty($settcpflags))
401	11d2c529	Rafael Lucas	$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
402	b8ed2a11	Ermal	}
403
404	5b237745	Scott Ullrich	if (!$input_errors) {
405			$filterent = array();
406	b9e28d57	unknown	$filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:'';
407	5b237745	Scott Ullrich	$filterent['type'] = $_POST['type'];
408	661aed33	Ermal Luçi	if (isset($_POST['interface'] ))
409			$filterent['interface'] = $_POST['interface'];
410
411	1306c7dd	Seth Mos	if (isset($_POST['ipprotocol'] ))
412			$filterent['ipprotocol'] = $_POST['ipprotocol'];
413
414	b8ed2a11	Ermal	if ($_POST['tcpflags_any']) {
415			$filterent['tcpflags_any'] = true;
416			} else {
417			$settcpflags = array();
418			$outoftcpflags = array();
419			foreach ($tcpflags as $tcpflag) {
420			if ($_POST['tcpflags1_' . $tcpflag] == "on")
421			$settcpflags[] = $tcpflag;
422			if ($_POST['tcpflags2_' . $tcpflag] == "on")
423			$outoftcpflags[] = $tcpflag;
424			}
425			if (!empty($outoftcpflags)) {
426			$filterent['tcpflags2'] = join(",", $outoftcpflags);
427			if (!empty($settcpflags))
428			$filterent['tcpflags1'] = join(",", $settcpflags);
429			}
430			}
431
432	fd9ba7c0	Ermal	if (isset($_POST['tag']))
433			$filterent['tag'] = $_POST['tag'];
434			if (isset($_POST['tagged']))
435			$filterent['tagged'] = $_POST['tagged'];
436	661aed33	Ermal Luçi	if ($if == "FloatingRules" \|\| isset($_POST['floating'])) {
437			$filterent['direction'] = $_POST['direction'];
438			if (isset($_POST['quick']) && $_POST['quick'] <> "")
439			$filterent['quick'] = $_POST['quick'];
440			$filterent['floating'] = "yes";
441			if (isset($_POST['interface']) && count($_POST['interface']) > 0) {
442	f1602cc4	sullrich	$filterent['interface'] = implode(",", $_POST['interface']);
443	661aed33	Ermal Luçi	}
444			}
445	d59874c1	Scott Ullrich
446	bdb7d6e7	Scott Ullrich	/* Advanced options */
447	775ccea3	Ermal Luci	if ($_POST['allowopts'] == "yes")
448			$filterent['allowopts'] = true;
449			else
450			unset($filterent['allowopts']);
451	19757916	Ermal Lu?i	if ($_POST['disablereplyto'] == "yes")
452			$filterent['disablereplyto'] = true;
453			else
454			unset($filterent['disablereplyto']);
455	a56b2fa0	pierrepomes	$filterent['max'] = $_POST['max'];
456	bdb7d6e7	Scott Ullrich	$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
457	26dd6a54	pierrepomes	$filterent['max-src-conn'] = $_POST['max-src-conn'];
458	bdb7d6e7	Scott Ullrich	$filterent['max-src-states'] = $_POST['max-src-states'];
459	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
460	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
461	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
462	10f21e70	Scott Ullrich
463			/* Nosync directive - do not xmlrpc sync this item */
464	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
465	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
466			else
467			unset($filterent['nosync']);
468
469	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
470			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
471			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
472			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
473			} else {
474			unset($filterent['max-src-conn-rate']);
475			unset($filterent['max-src-conn-rates']);
476			}
477	5ba18897	Scott Ullrich
478	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
479			$filterent['protocol'] = $_POST['proto'];
480			else
481			unset($filterent['protocol']);
482	5ba18897	Scott Ullrich
483	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
484			$filterent['icmptype'] = $_POST['icmptype'];
485			else
486			unset($filterent['icmptype']);
487	5ba18897	Scott Ullrich
488	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
489			$_POST['srcmask'], $_POST['srcnot'],
490			$_POST['srcbeginport'], $_POST['srcendport']);
491	5ba18897	Scott Ullrich
492	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
493			$_POST['dstmask'], $_POST['dstnot'],
494			$_POST['dstbeginport'], $_POST['dstendport']);
495	5ba18897	Scott Ullrich
496	f1602cc4	sullrich	if ($_POST['disabled'])
497			$filterent['disabled'] = true;
498			else
499			unset($filterent['disabled']);
500
501	c5fc1b2e	Ermal Luçi	if ($_POST['dscp'])
502			$filterent['dscp'] = $_POST['dscp'];
503
504	f1602cc4	sullrich	if ($_POST['log'])
505			$filterent['log'] = true;
506			else
507			unset($filterent['log']);
508	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
509	5ba18897	Scott Ullrich
510	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
511			$filterent['gateway'] = $_POST['gateway'];
512			}
513	197bfe96	Ermal Luçi
514			if (isset($_POST['defaultqueue']) && $_POST['defaultqueue'] != "none") {
515			$filterent['defaultqueue'] = $_POST['defaultqueue'];
516			if (isset($_POST['ackqueue']) && $_POST['ackqueue'] != "none")
517			$filterent['ackqueue'] = $_POST['ackqueue'];
518			}
519	c98ddde2	Bill Marquette
520	a5fd67e1	Ermal Luçi	if (isset($_POST['dnpipe']) && $_POST['dnpipe'] != "none") {
521			$filterent['dnpipe'] = $_POST['dnpipe'];
522			if (isset($_POST['pdnpipe']) && $_POST['pdnpipe'] != "none")
523			$filterent['pdnpipe'] = $_POST['pdnpipe'];
524			}
525
526	7e50413c	Ermal Luçi	if (isset($_POST['l7container']) && $_POST['l7container'] != "none") {
527			$filterent['l7container'] = $_POST['l7container'];
528			}
529
530	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
531			$filterent['sched'] = $_POST['sched'];
532			}
533
534	1122a892	Erik Fonnesbeck	// If we have an associated nat rule, make sure the source and destination doesn't change
535	9b16b834	Ermal Lu?i	if( isset($a_filter[$id]['associated-rule-id']) ) {
536	0bfd0f79	Erik Fonnesbeck	$filterent['interface'] = $a_filter[$id]['interface'];
537	48a27d4f	Erik Fonnesbeck	if (isset($a_filter[$id]['protocol']))
538			$filterent['protocol'] = $a_filter[$id]['protocol'];
539			else if (isset($filterent['protocol']))
540			unset($filterent['protocol']);
541			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype'])
542			$filterent['icmptype'] = $a_filter[$id]['icmptype'];
543			else if (isset($filterent['icmptype']))
544			unset($filterent['icmptype']);
545	1306c7dd	Seth Mos
546	1122a892	Erik Fonnesbeck	$filterent['source'] = $a_filter[$id]['source'];
547	473d0ff0	pierrepomes	$filterent['destination'] = $a_filter[$id]['destination'];
548	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
549	473d0ff0	pierrepomes	}
550
551	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
552			$a_filter[$id] = $filterent;
553			else {
554			if (is_numeric($after))
555			array_splice($a_filter, $after+1, 0, array($filterent));
556			else
557			$a_filter[] = $filterent;
558			}
559	f4e2a352	Scott Ullrich
560	ea57ccb8	Erik Fonnesbeck	filter_rules_sort();
561	5b237745	Scott Ullrich	write_config();
562	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
563	5ba18897	Scott Ullrich
564	661aed33	Ermal Luçi	if (isset($_POST['floating']))
565			header("Location: firewall_rules.php?if=FloatingRules");
566			else
567			header("Location: firewall_rules.php?if=" . $_POST['interface']);
568	5b237745	Scott Ullrich	exit;
569			}
570	c60824d2	Scott Ullrich	}
571
572	37c53a0d	Ermal Lu?i	read_altq_config(); /* XXX: */
573			$qlist =& get_unique_queue_list();
574			read_dummynet_config(); /* XXX: */
575			$dnqlist =& get_unique_dnqueue_list();
576			read_layer7_config();
577			$l7clist =& get_l7_unique_list();
578
579	11d2c529	Rafael Lucas	$pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit"));
580	3cceb5d5	jim-p	$statusurl = "status_filter_reload.php";
581			$logurl = "diag_logs_filter.php";
582
583	a1357fe0	Bill Marquette	$closehead = false;
584	8ab3e9ed	Erik Kristensen
585			$page_filename = "firewall_rules_edit.php";
586	da7ae7ef	Bill Marquette	include("head.inc");
587	c60824d2	Scott Ullrich
588	5b237745	Scott Ullrich	?>
589	da7ae7ef	Bill Marquette
590	5b237745	Scott Ullrich	</head>
591
592			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
593			<?php include("fbegin.inc"); ?>
594			<?php if ($input_errors) print_input_errors($input_errors); ?>
595	8ab3e9ed	Erik Kristensen
596			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
597	6eac9b90	Scott Ullrich	<input type='hidden' name="ruleid" value="<?=(isset($pconfig['ruleid'])&&$pconfig['ruleid']>0)?htmlspecialchars($pconfig['ruleid']):''?>">
598
599	8ab3e9ed	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
600	e091cb45	Scott Ullrich	<tr>
601	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td>
602	e091cb45	Scott Ullrich	</tr>
603	8ab3e9ed	Erik Kristensen	<tr>
604	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
605	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
606	b5c78501	Seth Mos	<select name="type" class="formselect">
607	e5e5ba51	Vinicius Coque	<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
608	8ab3e9ed	Erik Kristensen	<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
609			<?=htmlspecialchars($type);?>
610			</option>
611			<?php endforeach; ?>
612	8c84fe43	Scott Ullrich	</select>
613	8ab3e9ed	Erik Kristensen	<br/>
614			<span class="vexpl">
615	11d2c529	Rafael Lucas	<?=gettext("Choose what to do with packets that match the criteria specified below.");?> <br/>
616			<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
617	8ab3e9ed	Erik Kristensen	</span>
618			</td>
619			</tr>
620			<tr>
621	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
622	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
623			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
624	11d2c529	Rafael Lucas	<strong><?=gettext("Disable this rule");?></strong><br />
625			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list.");?></span>
626	8ab3e9ed	Erik Kristensen	</td>
627			</tr>
628	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
629			<tr>
630	f1602cc4	sullrich	<td width="22%" valign="top" class="vncellreq">
631			<?=gettext("Quick");?>
632			</td>
633			<td width="78%" class="vtable">
634			<input name="quick" type="checkbox" id="quick" value="yes" <?php if ($pconfig['quick']) echo "checked=\"checked\""; ?> />
635			<strong><?=gettext("Apply the action immediately on match.");?></strong><br />
636			<span class="vexpl"><?=gettext("Set this option if you need to apply this action to traffic that matches this rule immediately.");?></span>
637			</td>
638			</tr>
639	e73b001e	Renato Botelho	<?php endif; ?>
640	48a27d4f	Erik Fonnesbeck	<?php $edit_disabled = ""; ?>
641			<?php if( isset($pconfig['associated-rule-id']) ): ?>
642			<tr>
643			<td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td>
644			<td width="78%" class="vtable">
645			<span class="red"><strong><?=gettext("NOTE: ");?></strong></span><?=gettext("This is associated to a NAT rule.");?><br />
646			<?=gettext("You cannot edit the interface, protocol, source, or destination of associated filter rules.");?><br />
647			<br />
648			<?php
649			$edit_disabled = "disabled";
650			if (is_array($config['nat']['rule'])) {
651			foreach( $config['nat']['rule'] as $index => $nat_rule ) {
652			if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
653			echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br>";
654			break;
655			}
656			}
657			}
658			echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' >";
659			if (!empty($pconfig['interface']))
660			echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' >";
661			?>
662			<script type="text/javascript">
663			editenabled = 0;
664			</script>
665			</td>
666			</tr>
667	ee9933b6	Renato Botelho	<?php endif; ?>
668	8ab3e9ed	Erik Kristensen	<tr>
669	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
670	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
671	48a27d4f	Erik Fonnesbeck	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
672			<select name="interface[]" multiple="true" class="formselect" size="3" <?=$edit_disabled;?>>
673	ee9933b6	Renato Botelho	<?php else: ?>
674	48a27d4f	Erik Fonnesbeck	<select name="interface" class="formselect" <?=$edit_disabled;?>>
675	8ab3e9ed	Erik Kristensen	<?php
676	661aed33	Ermal Luçi	endif;
677	a7782099	Ermal Lu?i	/* add group interfaces */
678	f1602cc4	sullrich	if (is_array($config['ifgroups']['ifgroupentry']))
679	a7782099	Ermal Lu?i	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
680			if (have_ruleint_access($ifgen['ifname']))
681			$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
682	b7391125	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
683	5335811d	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
684			if(have_ruleint_access($ifent))
685	f1602cc4	sullrich	$interfaces[$ifent] = $ifdesc;
686	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
687	f1602cc4	sullrich	if(have_ruleint_access("l2tp"))
688			$interfaces['l2tp'] = "L2TP VPN";
689	b6742927	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
690			if(have_ruleint_access("pptp"))
691			$interfaces['pptp'] = "PPTP VPN";
692
693			if ($config['pppoe']['mode'] == "server")
694			if(have_ruleint_access("pppoe"))
695			$interfaces['pppoe'] = "PPPoE VPN";
696			/* add ipsec interfaces */
697			if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['mobileclients']['enable']))
698			if(have_ruleint_access("enc0"))
699	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
700	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
701	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
702	d030c9de	Erik Fonnesbeck	$interfaces["openvpn"] = "OpenVPN";
703			$selected_interfaces = explode(",", $pconfig['interface']);
704	8ab3e9ed	Erik Kristensen	foreach ($interfaces as $iface => $ifacename): ?>
705	74aff49c	Renato Botelho	<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 \|\| in_array($iface, $selected_interfaces) )) echo "selected"; ?>><?=$ifacename?></option>
706	8ab3e9ed	Erik Kristensen	<?php endforeach; ?>
707	8c84fe43	Scott Ullrich	</select>
708	8ab3e9ed	Erik Kristensen	<br />
709	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose on which interface packets must come in to match this rule.");?></span>
710	8ab3e9ed	Erik Kristensen	</td>
711			</tr>
712	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
713	f1602cc4	sullrich	<tr>
714			<td width="22%" valign="top" class="vncellreq">
715			<?=gettext("Direction");?>
716			</td>
717			<td width="78%" class="vtable">
718			<select name="direction" class="formselect">
719	e5e5ba51	Vinicius Coque	<?php $directions = array('any','in','out');
720	f1602cc4	sullrich	foreach ($directions as $direction): ?>
721			<option value="<?=$direction;?>"
722			<?php if ($direction == $pconfig['direction']): ?>
723			selected="selected"
724			<?php endif; ?>
725			><?=$direction;?></option>
726			<?php endforeach; ?>
727			</select>
728			<input type="hidden" id="floating" name="floating" value="floating">
729			</td>
730			<tr>
731	661aed33	Ermal Luçi	<?php endif; ?>
732	1306c7dd	Seth Mos	<tr>
733			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
734			<td width="78%" class="vtable">
735			<select name="ipprotocol" class="formselect">
736			<?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6');
737			foreach ($ipproto as $proto => $name): ?>
738			<option value="<?=$proto;?>"
739			<?php if ($proto == $pconfig['ipprotocol']): ?>
740			selected="selected"
741			<?php endif; ?>
742			><?=$name;?></option>
743			<?php endforeach; ?>
744			</select>
745			<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br />
746			</td>
747			</tr>
748	8ab3e9ed	Erik Kristensen	<tr>
749	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
750	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
751	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()">
752	8ab3e9ed	Erik Kristensen	<?php
753	c6c26178	jim-p	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP OSPF any carp pfsync");
754	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
755			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
756			<?php endforeach; ?>
757			</select>
758			<br />
759	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose which IP protocol this rule should match.");?> <br /> <?=gettext("Hint: in most cases, you should specify ");?><em>TCP</em>  <?=gettext("here.");?></span>
760	8ab3e9ed	Erik Kristensen	</td>
761			</tr>
762	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
763	11d2c529	Rafael Lucas	<td valign="top" class="vncell"><?=gettext("ICMP type");?></td>
764	8ab3e9ed	Erik Kristensen	<td class="vtable">
765	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="icmptype" class="formselect">
766	8ab3e9ed	Erik Kristensen	<?php
767			$icmptypes = array(
768	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
769			"echorep" => gettext("Echo reply"),
770			"unreach" => gettext("Destination unreachable"),
771			"squench" => gettext("Source quench"),
772			"redir" => gettext("Redirect"),
773			"althost" => gettext("Alternate Host"),
774			"echoreq" => gettext("Echo"),
775			"routeradv" => gettext("Router advertisement"),
776			"routersol" => gettext("Router solicitation"),
777			"timex" => gettext("Time exceeded"),
778			"paramprob" => gettext("Invalid IP header"),
779			"timereq" => gettext("Timestamp"),
780			"timerep" => gettext("Timestamp reply"),
781			"inforeq" => gettext("Information request"),
782			"inforep" => gettext("Information reply"),
783			"maskreq" => gettext("Address mask request"),
784			"maskrep" => gettext("Address mask reply")
785	8ab3e9ed	Erik Kristensen	);
786
787			foreach ($icmptypes as $icmptype => $descr): ?>
788			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
789			<?php endforeach; ?>
790			</select>
791			<br />
792	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span>
793	8ab3e9ed	Erik Kristensen	</td>
794			</tr>
795			<tr>
796	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source");?></td>
797	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
798	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
799	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
800	8ab3e9ed	Erik Kristensen	<br />
801	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
802	8ab3e9ed	Erik Kristensen	<br />
803			<br />
804			<table border="0" cellspacing="0" cellpadding="0">
805			<tr>
806	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
807	8ab3e9ed	Erik Kristensen	<td>
808	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srctype" class="formselect" onChange="typesel_change()">
809	87f0be87	Chris Buechler	<?php
810			$sel = is_specialnet($pconfig['src']); ?>
811	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
812			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
813			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
814	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
815	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
816	99ea4439	Scott Ullrich	<?php endif; ?>
817			<?php if(have_ruleint_access("pppoe")): ?>
818	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
819	99ea4439	Scott Ullrich	<?php endif; ?>
820	8a6bc505	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
821	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
822	8a6bc505	Ermal Lu?i	<?php endif; ?>
823	8ab3e9ed	Erik Kristensen	<?php
824	5335811d	Ermal Luçi	foreach ($ifdisp as $ifent => $ifdesc): ?>
825			<?php if(have_ruleint_access($ifent)): ?>
826	11d2c529	Rafael Lucas	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?><?=gettext(" subnet");?></option>
827	5335811d	Ermal Luçi	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
828	11d2c529	Rafael Lucas	<?=$ifdesc?> <?=gettext("address");?>
829	e30a5970	Scott Ullrich	</option>
830	99ea4439	Scott Ullrich	<?php endif; ?>
831	b7391125	Ermal Luçi	<?php endforeach; ?>
832	8ab3e9ed	Erik Kristensen	</select>
833			</td>
834			</tr>
835			<tr>
836	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
837	8ab3e9ed	Erik Kristensen	<td>
838	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
839			<select <?=$edit_disabled;?> name="srcmask" class="formselect" id="srcmask">
840	15705bc0	Seth Mos	<?php for ($i = 127; $i > 0; $i--): ?>
841	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
842			<?php endfor; ?>
843			</select>
844	bdb7d6e7	Scott Ullrich	</td>
845	8ab3e9ed	Erik Kristensen	</tr>
846			</table>
847	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
848			<p>
849	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> type="button" onClick="show_source_port_range()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source port range");?></a>
850	22abf2ef	Scott Ullrich	</div>
851	8ab3e9ed	Erik Kristensen	</td>
852	e33c8694	Bill Marquette	</tr>
853	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
854	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range");?></td>
855	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
856			<table border="0" cellspacing="0" cellpadding="0">
857			<tr>
858	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
859	8ab3e9ed	Erik Kristensen	<td>
860	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
861	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
862	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
863	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
864			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
865			<?php endforeach; ?>
866	8c84fe43	Scott Ullrich	</select>
867	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
868	8ab3e9ed	Erik Kristensen	</td>
869			</tr>
870			<tr>
871	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
872	8ab3e9ed	Erik Kristensen	<td>
873	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcendport" class="formselect" onchange="ext_change()">
874	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
875	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
876	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
877			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
878			<?php endforeach; ?>
879	8c84fe43	Scott Ullrich	</select>
880	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
881	8ab3e9ed	Erik Kristensen	</td>
882			</tr>
883			</table>
884			<br />
885	87000ded	Erik Fonnesbeck	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule."); ?> <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be"); ?> "<?=gettext("any"); ?>").</b><br /><?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port.");?></span><br/>
886	8ab3e9ed	Erik Kristensen	</td>
887	8c84fe43	Scott Ullrich	</tr>
888	8ab3e9ed	Erik Kristensen	<tr>
889	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination");?></td>
890	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
891	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
892	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
893	8ab3e9ed	Erik Kristensen	<br />
894	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
895	8ab3e9ed	Erik Kristensen	<br />
896			<br />
897			<table border="0" cellspacing="0" cellpadding="0">
898			<tr>
899	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
900	8ab3e9ed	Erik Kristensen	<td>
901	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dsttype" class="formselect" onChange="typesel_change()">
902	87f0be87	Chris Buechler	<?php
903			$sel = is_specialnet($pconfig['dst']); ?>
904	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
905			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
906			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
907	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
908	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
909	99ea4439	Scott Ullrich	<?php endif; ?>
910			<?php if(have_ruleint_access("pppoe")): ?>
911	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
912	99ea4439	Scott Ullrich	<?php endif; ?>
913	3331a640	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
914	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
915	3331a640	Ermal Lu?i	<?php endif; ?>
916	b7391125	Ermal Luçi
917			<?php foreach ($ifdisp as $if => $ifdesc): ?>
918			<?php if(have_ruleint_access($if)): ?>
919	11d2c529	Rafael Lucas	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet");?></option>
920	b7391125	Ermal Luçi	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
921	11d2c529	Rafael Lucas	<?=$ifdesc;?> <?=gettext("address");?>
922	cbff71a1	Scott Ullrich	</option>
923	99ea4439	Scott Ullrich	<?php endif; ?>
924	b7391125	Ermal Luçi	<?php endforeach; ?>
925	8ab3e9ed	Erik Kristensen	</select>
926			</td>
927			</tr>
928			<tr>
929	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
930	8ab3e9ed	Erik Kristensen	<td>
931	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
932	8ab3e9ed	Erik Kristensen	/
933	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstmask" class="formselect" id="dstmask">
934	8ab3e9ed	Erik Kristensen	<?php
935	15705bc0	Seth Mos	for ($i = 127; $i > 0;
936			$i--): ?>
937	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
938			<?php endfor; ?>
939			</select>
940			</td>
941			</tr>
942			</table>
943			</td>
944			</tr>
945	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
946	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range ");?></td>
947	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
948			<table border="0" cellspacing="0" cellpadding="0">
949			<tr>
950	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
951	8ab3e9ed	Erik Kristensen	<td>
952	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
953	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
954	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
955	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
956			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
957	3deb92f7	Renato Botelho	<?php endforeach; ?>
958	8ab3e9ed	Erik Kristensen	</select>
959	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
960	8ab3e9ed	Erik Kristensen	</td>
961			</tr>
962			<tr>
963	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
964	8ab3e9ed	Erik Kristensen	<td>
965	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstendport" class="formselect" onchange="ext_change()">
966	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
967	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
968	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
969			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
970			<?php endforeach; ?>
971	8c84fe43	Scott Ullrich	</select>
972	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
973	8ab3e9ed	Erik Kristensen	</td>
974			</tr>
975			</table>
976			<br />
977			<span class="vexpl">
978	11d2c529	Rafael Lucas	<?=gettext("Specify the port or port range for the destination of the packet for this rule.");?>
979	adb633a0	sullrich	<br />
980	345b9715	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port");?>
981	8ab3e9ed	Erik Kristensen	</span>
982			</td>
983			</tr>
984			<tr>
985	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Log");?></td>
986	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
987			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
988	11d2c529	Rafael Lucas	<strong><?=gettext("Log packets that are handled by this rule");?></strong>
989	adb633a0	sullrich	<br />
990	0fb885bc	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server"); ?> (<?=gettext("see the"); ?> <a href="diag_logs_settings.php"><?=gettext("Diagnostics: System logs: Settings"); ?></a> <?=gettext("page"); ?>).</span>
991	8ab3e9ed	Erik Kristensen	</td>
992			</tr>
993	151eb2a9	sullrich	<tr>
994	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
995	151eb2a9	sullrich	<td width="78%" class="vtable">
996			<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
997			<br />
998	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
999	151eb2a9	sullrich	</td>
1000			</tr>
1001	8e0c3760	Ermal	<?php if (!isset($id) \|\| !($a_filter[$id] && firewall_check_for_advanced_options($a_filter[$id]) <> "")): ?>
1002	151eb2a9	sullrich	<tr>
1003			<td width="22%" valign="top"> </td>
1004			<td width="78%">
1005			<br>
1006	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1007	151eb2a9	sullrich	<?php if (isset($id) && $a_filter[$id]): ?>
1008	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1009	151eb2a9	sullrich	<?php endif; ?>
1010	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1011	151eb2a9	sullrich	</td>
1012			</tr>
1013	8e0c3760	Ermal	<?php endif; ?>
1014	151eb2a9	sullrich	<tr>
1015			<td> </td>
1016			</tr>
1017			<tr>
1018	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced features");?></td>
1019	151eb2a9	sullrich	</tr>
1020	f1602cc4	sullrich	<tr>
1021	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Source OS");?></td>
1022	e265d9f5	sullrich	<td width="78%" class="vtable">
1023	ee9933b6	Renato Botelho	<div id="showadvsourceosbox" <?php if ($pconfig['os']) echo "style='display:none'"; ?>>
1024	157a6919	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_sourceos()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1025	adb633a0	sullrich	</div>
1026	ee9933b6	Renato Botelho	<div id="showsourceosadv" <?php if (empty($pconfig['os'])) echo "style='display:none'"; ?>>
1027	21600ab1	Vinicius Coque	<?=gettext("OS Type:");?>
1028	adb633a0	sullrich	<select name="os" id="os" class="formselect">
1029	f1602cc4	sullrich	<?php
1030	adb633a0	sullrich	$ostypes = array(
1031	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
1032	adb633a0	sullrich	"AIX" => "AIX",
1033			"Linux" => "Linux",
1034			"FreeBSD" => "FreeBSD",
1035			"NetBSD" => "NetBSD",
1036			"OpenBSD" => "OpenBSD",
1037			"Solaris" => "Solaris",
1038			"MacOS" => "MacOS",
1039			"Windows" => "Windows",
1040			"Novell" => "Novell",
1041			"NMAP" => "NMAP"
1042			);
1043			foreach ($ostypes as $ostype => $descr): ?>
1044			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
1045			<?php
1046			endforeach;
1047			?>
1048			</select>
1049			<br />
1050	11d2c529	Rafael Lucas	<?=gettext("Note: this only works for TCP rules");?>
1051	adb633a0	sullrich	</div>
1052	f1602cc4	sullrich	</td>
1053			</tr>
1054	30c4ae8a	sullrich	<tr>
1055	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Diffserv Code Point");?></td>
1056	30c4ae8a	sullrich	<td width="78%" class="vtable">
1057	ee9933b6	Renato Botelho	<div id="dsadv" name="dsadv" <?php if ($pconfig['dscp']) echo "style='display:none'"; ?>>
1058	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_dsdiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1059	30c4ae8a	sullrich	</div>
1060	ee9933b6	Renato Botelho	<div id="dsdivmain" name="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>>
1061	30c4ae8a	sullrich	<select name="dscp" id="dscp">
1062			<option value=""></option>
1063			<?php foreach($firewall_rules_dscp_types as $frdt): ?>
1064			<option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " SELECTED"; ?>><?=$frdt?></option>
1065			<?php endforeach; ?>
1066			</select>
1067			</div>
1068			</td>
1069			</tr>
1070	661aed33	Ermal Luçi	<tr>
1071	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced Options");?></td>
1072	e6db3f58	Ermal Luçi	<td width="78%" class="vtable">
1073			<div id="aoadv" name="aoadv">
1074	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_aodiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1075	e6db3f58	Ermal Luçi	</div>
1076			<div id="aodivmain" name="aodivmain" style="display:none">
1077	f1602cc4	sullrich	<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
1078	a29dc11b	Chris Buechler	<br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
1079	f1602cc4	sullrich	</span><p>
1080	19757916	Ermal Lu?i	<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>>
1081			<br/><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?>
1082			</span><p>
1083	f1602cc4	sullrich	<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>">
1084	345b9715	Carlos Eduardo Ramos	<br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called"); ?> <b><?=gettext("Policy filtering"); ?></b>
1085	775ccea3	Ermal Luci	</span><p>
1086	f1602cc4	sullrich	<input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>">
1087			<br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?>
1088			</span> <p>
1089	dd5bf424	Scott Ullrich	<input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p>
1090			<input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p>
1091			<input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p>
1092			<input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>"><br><?=gettext(" Maximum state entries per host");?></p><p>
1093			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>"> /
1094	8ab3e9ed	Erik Kristensen	<select name="max-src-conn-rates" id="max-src-conn-rates">
1095			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
1096			<?php for($x=1; $x<255; $x++) {
1097			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
1098			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
1099			} ?>
1100	47042140	Scott Ullrich	</select><br />
1101	11d2c529	Rafael Lucas	<?=gettext("Maximum new connections / per second(s)");?>
1102	e4d79ab0	Ermal	</p><p>
1103	47042140	Scott Ullrich
1104	dd5bf424	Scott Ullrich	<input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>"><br>
1105	11d2c529	Rafael Lucas	<?=gettext("State Timeout in seconds");?>
1106	e4d79ab0	Ermal	</p>
1107	47042140	Scott Ullrich
1108	e4d79ab0	Ermal	<p><strong><?=gettext("NOTE: Leave fields blank to disable that feature.");?></strong></p>
1109	197b2a47	Scott Ullrich	</div>
1110	8ab3e9ed	Erik Kristensen	</td>
1111			</tr>
1112	b8ed2a11	Ermal	<tr id="tcpflags" name="tcpflags">
1113	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
1114	b8ed2a11	Ermal	<td width="78%" class="vtable">
1115	ee9933b6	Renato Botelho	<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] \|\| $pconfig['tcpflags1'] \|\| $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
1116	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1117	b8ed2a11	Ermal	</div>
1118	ee9933b6	Renato Botelho	<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
1119	b8ed2a11	Ermal	<div id="tcpheader" name="tcpheader">
1120			<center>
1121			<table border="0" cellspacing="0" cellpadding="0">
1122			<?php
1123			$setflags = explode(",", $pconfig['tcpflags1']);
1124			$outofflags = explode(",", $pconfig['tcpflags2']);
1125			$header = "<td width='40' nowrap></td>";
1126			$tcpflags1 = "<td width='40' nowrap>set</td>";
1127			$tcpflags2 = "<td width='40' nowrap>out of</td>";
1128			foreach ($tcpflags as $tcpflag) {
1129			$header .= "<td width='40' nowrap><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
1130			$tcpflags1 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
1131			if (array_search($tcpflag, $setflags) !== false)
1132			$tcpflags1 .= "checked";
1133			$tcpflags1 .= "></td>\n";
1134			$tcpflags2 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
1135			if (array_search($tcpflag, $outofflags) !== false)
1136			$tcpflags2 .= "checked";
1137			$tcpflags2 .= "></td>\n";
1138			}
1139			echo "<tr id='tcpheader' name='tcpheader'>{$header}</tr>\n";
1140			echo "<tr id='tcpflags1' name='tcpflags1'>{$tcpflags1}</tr>\n";
1141			echo "<tr id='tcpflags2' name='tcpflags2'>{$tcpflags2}</tr>\n";
1142			?>
1143			</table>
1144			<center>
1145			</div>
1146			<br/><center>
1147	11d2c529	Rafael Lucas	<input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center>
1148	b8ed2a11	Ermal	<br/>
1149	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Use this to choose TCP flags that must".
1150			"be set or cleared for this rule to match.");?></span>
1151	b8ed2a11	Ermal	</div>
1152			</td>
1153			</tr>
1154	8ab3e9ed	Erik Kristensen	<tr>
1155	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td>
1156	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1157	ee9933b6	Renato Botelho	<div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>>
1158	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_state()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1159	f6970b2f	Scott Ullrich	</div>
1160	ee9933b6	Renato Botelho	<div id="showstateadv" <?php if (empty($pconfig['statetype']) \|\| $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>>
1161	f6970b2f	Scott Ullrich	<select name="statetype">
1162	11d2c529	Rafael Lucas	<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>><?=gettext("keep state");?></option>
1163			<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected"; ?>><?=gettext("sloppy state");?></option>
1164			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>><?=gettext("synproxy state");?></option>
1165			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>><?=gettext("none");?></option>
1166			</select><br><?=gettext("HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
1167	f6970b2f	Scott Ullrich	<p>
1168			<table width="90%">
1169	67300ce5	Ermal	<tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1170			<tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1171			<tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr>
1172			<tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr>
1173	f6970b2f	Scott Ullrich	</table>
1174			</p>
1175			</div>
1176	8ab3e9ed	Erik Kristensen	</td>
1177			</tr>
1178	10f21e70	Scott Ullrich	<tr>
1179	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
1180	10f21e70	Scott Ullrich	<td width="78%" class="vtable">
1181	ee9933b6	Renato Botelho	<div id="showadvnoxmlrpcsyncbox" <?php if ($pconfig['nosync']) echo "style='display:none'"; ?>>
1182	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1183	0239d8ee	sullrich	</div>
1184	ee9933b6	Renato Botelho	<div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>>
1185	0239d8ee	sullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
1186	11d2c529	Rafael Lucas	<?=gettext("HINT: This prevents the rule from automatically syncing to other CARP members.");?>
1187	0239d8ee	sullrich	</div>
1188	10f21e70	Scott Ullrich	</td>
1189	8c84fe43	Scott Ullrich	</tr>
1190	615b27bc	Scott Dale	<?php
1191			//build list of schedules
1192			$schedules = array();
1193			$schedules[] = "none";//leave none to leave rule enabled all the time
1194	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
1195			foreach ($config['schedules']['schedule'] as $schedule) {
1196			if ($schedule['name'] <> "")
1197			$schedules[] = $schedule['name'];
1198			}
1199			}
1200	615b27bc	Scott Dale	?>
1201			<tr>
1202	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Schedule");?></td>
1203	615b27bc	Scott Dale	<td width="78%" class="vtable">
1204	ee9933b6	Renato Botelho	<div id="showadvschedulebox" <?php if (!empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1205	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_schedule()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1206	0239d8ee	sullrich	</div>
1207	ee9933b6	Renato Botelho	<div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1208	0239d8ee	sullrich	<select name='sched'>
1209	615b27bc	Scott Dale	<?php
1210	0239d8ee	sullrich	foreach($schedules as $schedule) {
1211			if($schedule == $pconfig['sched']) {
1212			$selected = " SELECTED";
1213			} else {
1214			$selected = "";
1215			}
1216			if ($schedule == "none") {
1217			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
1218			} else {
1219			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
1220			}
1221	615b27bc	Scott Dale	}
1222	0239d8ee	sullrich	?>
1223			</select>
1224	11d2c529	Rafael Lucas	<p><?=gettext("Leave as 'none' to leave the rule enabled all the time.");?></p>
1225	0239d8ee	sullrich	</div>
1226	615b27bc	Scott Dale	</td>
1227			</tr>
1228	82628210	Scott Ullrich	<tr>
1229	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td>
1230	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1231	ee9933b6	Renato Botelho	<div id="showadvgatewaybox" <?php if (!empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1232	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_gateway()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1233	0239d8ee	sullrich	</div>
1234	ee9933b6	Renato Botelho	<div id="showgatewayadv" <?php if (empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1235	0239d8ee	sullrich	<select name='gateway'>
1236	11d2c529	Rafael Lucas	<option value="" ><?=gettext("default");?></option>
1237	8ab3e9ed	Erik Kristensen	<?php
1238	1b38ac36	Ermal	/* build a list of gateways */
1239			$gateways = return_gateways_array();
1240	106804a2	Chris Buechler	// add statically configured gateways to list
1241	1b38ac36	Ermal	foreach($gateways as $gwname => $gw) {
1242	0239d8ee	sullrich	if($gw == "")
1243	0581660c	Scott Ullrich	continue;
1244	1b38ac36	Ermal	if($gwname == $pconfig['gateway']) {
1245	4443d4d6	Scott Ullrich	$selected = " SELECTED";
1246	1fda0968	Scott Ullrich	} else {
1247			$selected = "";
1248			}
1249	1b38ac36	Ermal	echo "<option value=\"{$gwname}\" {$selected}>{$gw['name']} - {$gw['gateway']}</option>\n";
1250	106804a2	Chris Buechler	}
1251	0239d8ee	sullrich	/* add gateway groups to the list */
1252			if (is_array($config['gateways']['gateway_group'])) {
1253			foreach($config['gateways']['gateway_group'] as $gw_group) {
1254			if($gw_group['name'] == "")
1255			continue;
1256			if($pconfig['gateway'] == $gw_group['name']) {
1257			echo "<option value=\"{$gw_group['name']}\" SELECTED>{$gw_group['name']}</option>\n";
1258			} else {
1259			echo "<option value=\"{$gw_group['name']}\">{$gw_group['name']}</option>\n";
1260			}
1261			}
1262			}
1263	8ab3e9ed	Erik Kristensen	?>
1264	0239d8ee	sullrich	</select>
1265	e85604b8	Chris Buechler	<p><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></p>
1266	0239d8ee	sullrich	</div>
1267	8ab3e9ed	Erik Kristensen	</td>
1268			</tr>
1269	a5fd67e1	Ermal Luçi	<tr>
1270	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("In/Out");?></td>
1271	a5fd67e1	Ermal Luçi	<td width="78%" class="vtable">
1272	ee9933b6	Renato Botelho	<div id="showadvinoutbox" <?php if (!empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1273	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_inout()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1274	4c263f57	sullrich	</div>
1275	ee9933b6	Renato Botelho	<div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1276	4c263f57	sullrich	<select name="dnpipe">
1277	a5fd67e1	Ermal Luçi	<?php
1278			if (!is_array($dnqlist))
1279			$dnqlist = array();
1280			echo "<option value=\"none\"";
1281			if (!$dnqselected) echo " SELECTED";
1282			echo " >none</option>";
1283			foreach ($dnqlist as $dnq => $dnqkey) {
1284			if($dnq == "")
1285			continue;
1286			echo "<option value=\"$dnqkey\"";
1287			if ($dnqkey == $pconfig['dnpipe']) {
1288			$dnqselected = 1;
1289			echo " SELECTED";
1290			}
1291			echo ">{$dnq}</option>";
1292			}
1293			?>
1294			</select> /
1295			<select name="pdnpipe">
1296			<?php
1297			$dnqselected = 0;
1298			echo "<option value=\"none\"";
1299			if (!$dnqselected) echo " SELECTED";
1300			echo " >none</option>";
1301			foreach ($dnqlist as $dnq => $dnqkey) {
1302			if($dnq == "")
1303			continue;
1304			echo "<option value=\"$dnqkey\"";
1305			if ($dnqkey == $pconfig['pdnpipe']) {
1306			$dnqselected = 1;
1307			echo " SELECTED";
1308			}
1309			echo ">{$dnq}</option>";
1310			}
1311			?>
1312	4c263f57	sullrich	</select>
1313	a5fd67e1	Ermal Luçi	<br />
1314	456d0175	Vinicius Coque	<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have selected In too.")."<br/>".gettext("The Out selection is applied to traffic going out the interface the rule is created, In is the incoming one.")."<br/>".gettext("If you are creating a rule on the Floating tab if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing and if you do not select any direction use only the In since the Out selection does not make sense in there to prevent oddities.");?></span>
1315	4c263f57	sullrich	</div>
1316	a5fd67e1	Ermal Luçi	</td>
1317			</tr>
1318
1319	197bfe96	Ermal Luçi	<tr>
1320	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td>
1321	197bfe96	Ermal Luçi	<td width="78%" class="vtable">
1322	ee9933b6	Renato Botelho	<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1323	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1324	0239d8ee	sullrich	</div>
1325	ee9933b6	Renato Botelho	<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1326	0239d8ee	sullrich	<select name="ackqueue">
1327	197bfe96	Ermal Luçi	<?php
1328	0239d8ee	sullrich	if (!is_array($qlist))
1329			$qlist = array();
1330			echo "<option value=\"none\"";
1331			if (!$qselected) echo " SELECTED";
1332			echo " >none</option>";
1333			foreach ($qlist as $q => $qkey) {
1334			if($q == "")
1335			continue;
1336			echo "<option value=\"$q\"";
1337			if ($q == $pconfig['ackqueue']) {
1338			$qselected = 1;
1339			echo " SELECTED";
1340			}
1341			echo ">{$q}</option>";
1342	197bfe96	Ermal Luçi	}
1343			?>
1344	0239d8ee	sullrich	</select> /
1345			<select name="defaultqueue">
1346	197bfe96	Ermal Luçi	<?php
1347	0239d8ee	sullrich	$qselected = 0;
1348			echo "<option value=\"none\"";
1349			if (!$qselected) echo " SELECTED";
1350			echo " >none</option>";
1351			foreach ($qlist as $q => $qkey) {
1352			if($q == "")
1353			continue;
1354			echo "<option value=\"$q\"";
1355			if ($q == $pconfig['defaultqueue']) {
1356			$qselected = 1;
1357			echo " SELECTED";
1358			}
1359			echo ">{$q}</option>";
1360	197bfe96	Ermal Luçi	}
1361			?>
1362	0239d8ee	sullrich	</select>
1363			<br />
1364	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span>
1365	0239d8ee	sullrich	</td>
1366			</tr>
1367			<tr>
1368	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
1369	0239d8ee	sullrich	<td width="78%" class="vtable">
1370	ee9933b6	Renato Botelho	<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1371	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1372	4c263f57	sullrich	</div>
1373	ee9933b6	Renato Botelho	<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1374	0239d8ee	sullrich	<select name="l7container">
1375	7e50413c	Ermal Luçi	<?php
1376	0239d8ee	sullrich	if (!is_array($l7clist))
1377	06e2a55d	thompsa	$l7clist = array();
1378	0239d8ee	sullrich	echo "<option value=\"none\"";
1379			echo " >none</option>";
1380			foreach ($l7clist as $l7ckey) {
1381			echo "<option value=\"{$l7ckey}\"";
1382			if ($l7ckey == $pconfig['l7container']) {
1383			echo " SELECTED";
1384			}
1385			echo ">{$l7ckey}</option>";
1386			}
1387	7e50413c	Ermal Luçi	?>
1388	0239d8ee	sullrich	</select>
1389	7e50413c	Ermal Luçi	<br/>
1390	0239d8ee	sullrich	<span class="vexpl">
1391	4fe84f51	Carlos Eduardo Ramos	<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
1392			"These are valid for TCP and UDP protocols only.");?>
1393	0239d8ee	sullrich	</span>
1394			</div>
1395	7e50413c	Ermal Luçi	</td>
1396			</tr>
1397	8ab3e9ed	Erik Kristensen	<tr>
1398			<td width="22%" valign="top"> </td>
1399			<td width="78%">
1400	151eb2a9	sullrich	<br>
1401	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1402	8ab3e9ed	Erik Kristensen	<?php if (isset($id) && $a_filter[$id]): ?>
1403	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1404	8ab3e9ed	Erik Kristensen	<?php endif; ?>
1405	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1406	8ab3e9ed	Erik Kristensen	</td>
1407	82628210	Scott Ullrich	</tr>
1408	8ab3e9ed	Erik Kristensen	</table>
1409	5b237745	Scott Ullrich	</form>
1410			<script language="JavaScript">
1411			<!--
1412	8ab3e9ed	Erik Kristensen	ext_change();
1413			typesel_change();
1414			proto_change();
1415	3e74107e	Erik Fonnesbeck	<?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") \|\| (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?>
1416			show_source_port_range();
1417			<?php endif; ?>
1418	19757279	Scott Ullrich
1419			<?php
1420	8ab3e9ed	Erik Kristensen	$isfirst = 0;
1421			$aliases = "";
1422			$addrisfirst = 0;
1423			$aliasesaddr = "";
1424			if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
1425			foreach($config['aliases']['alias'] as $alias_name) {
1426	72cb5baf	Ermal Lu?i	switch ($alias_name['type']) {
1427			case "port":
1428			if($isfirst == 1) $portaliases .= ",";
1429			$portaliases .= "'" . $alias_name['name'] . "'";
1430	8ab3e9ed	Erik Kristensen	$isfirst = 1;
1431	72cb5baf	Ermal Lu?i	break;
1432			case "host":
1433			case "network":
1434			case "openvpn":
1435	c7de8be4	jim-p	case "urltable":
1436	8ab3e9ed	Erik Kristensen	if($addrisfirst == 1) $aliasesaddr .= ",";
1437			$aliasesaddr .= "'" . $alias_name['name'] . "'";
1438			$addrisfirst = 1;
1439	72cb5baf	Ermal Lu?i	break;
1440			default:
1441			break;
1442	8ab3e9ed	Erik Kristensen	}
1443	092ac49d	Scott Ullrich	}
1444	19757279	Scott Ullrich	?>
1445
1446	8ab3e9ed	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
1447	72cb5baf	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
1448	19757279	Scott Ullrich
1449	9eb60dcc	Ermal Lu?i	var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
1450			var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
1451			var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
1452			var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
1453			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
1454			var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
1455	5b237745	Scott Ullrich	//-->
1456			</script>
1457			<?php include("fend.inc"); ?>
1458			</body>
1459	9b45f821	Ermal Lu?i	</html>

Project

General

Profile

pfSense