/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ 1b71134e

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33
34			require("guiconfig.inc");
35
36	e825920f	Scott Ullrich	$specialsrcdst = explode(" ", "any wanip lanip lan pptp pppoe");
37	5b237745	Scott Ullrich
38			if (!is_array($config['filter']['rule'])) {
39			$config['filter']['rule'] = array();
40			}
41			filter_rules_sort();
42			$a_filter = &$config['filter']['rule'];
43
44			$id = $_GET['id'];
45			if (is_numeric($_POST['id']))
46			$id = $_POST['id'];
47	5ba18897	Scott Ullrich
48	5b237745	Scott Ullrich	$after = $_GET['after'];
49
50			if (isset($_POST['after']))
51			$after = $_POST['after'];
52
53			if (isset($_GET['dup'])) {
54			$id = $_GET['dup'];
55			$after = $_GET['dup'];
56			}
57
58			if (isset($id) && $a_filter[$id]) {
59			$pconfig['interface'] = $a_filter[$id]['interface'];
60	5ba18897	Scott Ullrich
61	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
62			$pconfig['type'] = "pass";
63			else
64			$pconfig['type'] = $a_filter[$id]['type'];
65	5ba18897	Scott Ullrich
66	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
67			$pconfig['proto'] = $a_filter[$id]['protocol'];
68			else
69			$pconfig['proto'] = "any";
70	5ba18897	Scott Ullrich
71	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
72			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
73	5ba18897	Scott Ullrich
74	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
75			$pconfig['srcmask'], $pconfig['srcnot'],
76			$pconfig['srcbeginport'], $pconfig['srcendport']);
77	5ba18897	Scott Ullrich
78	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
79			$pconfig['os'] = $a_filter[$id]['os'];
80	e33c8694	Bill Marquette
81	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
82			$pconfig['dstmask'], $pconfig['dstnot'],
83			$pconfig['dstbeginport'], $pconfig['dstendport']);
84
85			$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
86			$pconfig['log'] = isset($a_filter[$id]['log']);
87			$pconfig['descr'] = $a_filter[$id]['descr'];
88	8c84fe43	Scott Ullrich
89	ed08ef3e	Scott Ullrich	/* advanced */
90	fa9af164	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
91			$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
92			$pconfig['statetype'] = $a_filter[$id]['statetype'];
93	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
94	8c84fe43	Scott Ullrich
95			$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
96	10f21e70	Scott Ullrich
97	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
98			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
99			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
100	5ba18897	Scott Ullrich
101	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
102	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
103	615b27bc	Scott Dale
104			//schedule support
105			$pconfig['sched'] = $a_filter[$id]['sched'];
106	c98ddde2	Bill Marquette
107	5b237745	Scott Ullrich	} else {
108			/* defaults */
109	a23d7248	Scott Ullrich	if ($_GET['if'])
110			$pconfig['interface'] = $_GET['if'];
111	5b237745	Scott Ullrich	$pconfig['type'] = "pass";
112			$pconfig['src'] = "any";
113			$pconfig['dst'] = "any";
114			}
115
116			if (isset($_GET['dup']))
117			unset($id);
118
119			if ($_POST) {
120
121	28f9e493	Scott Ullrich	if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
122			$input_errors[] = "Reject type rules only works when the protocol is set to TCP.";
123
124	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
125			$_POST['srcbeginport'] = 0;
126			$_POST['srcendport'] = 0;
127			$_POST['dstbeginport'] = 0;
128			$_POST['dstendport'] = 0;
129			} else {
130	5ba18897	Scott Ullrich
131	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
132			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
133			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
134			$_POST['srcendport'] = $_POST['srcendport_cust'];
135	5ba18897	Scott Ullrich
136	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
137			$_POST['srcbeginport'] = 0;
138			$_POST['srcendport'] = 0;
139	5ba18897	Scott Ullrich	} else {
140	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
141			$_POST['srcendport'] = $_POST['srcbeginport'];
142			}
143			if ($_POST['srcendport'] == "any")
144			$_POST['srcendport'] = $_POST['srcbeginport'];
145	5ba18897	Scott Ullrich
146	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
147			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
148			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
149			$_POST['dstendport'] = $_POST['dstendport_cust'];
150	5ba18897	Scott Ullrich
151	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
152			$_POST['dstbeginport'] = 0;
153			$_POST['dstendport'] = 0;
154	5ba18897	Scott Ullrich	} else {
155	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
156			$_POST['dstendport'] = $_POST['dstbeginport'];
157			}
158			if ($_POST['dstendport'] == "any")
159	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
160	5b237745	Scott Ullrich	}
161	5ba18897	Scott Ullrich
162	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
163			$_POST['src'] = $_POST['srctype'];
164			$_POST['srcmask'] = 0;
165			} else if ($_POST['srctype'] == "single") {
166			$_POST['srcmask'] = 32;
167			}
168			if (is_specialnet($_POST['dsttype'])) {
169			$_POST['dst'] = $_POST['dsttype'];
170			$_POST['dstmask'] = 0;
171			} else if ($_POST['dsttype'] == "single") {
172			$_POST['dstmask'] = 32;
173			}
174	5ba18897	Scott Ullrich
175	5b237745	Scott Ullrich	unset($input_errors);
176			$pconfig = $_POST;
177
178			/* input validation */
179			$reqdfields = explode(" ", "type interface proto src dst");
180			$reqdfieldsn = explode(",", "Type,Interface,Protocol,Source,Destination");
181
182	bdb7d6e7	Scott Ullrich
183	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
184	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
185			$input_errors[] = "{$_POST['statetype']} is only valid with protocol tcp.";
186	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
187			$input_errors[] = "{$_POST['statetype']} is only valid if the gateway is set to 'default'.";
188			}
189	bdb7d6e7	Scott Ullrich
190	5ba18897	Scott Ullrich
191	5b237745	Scott Ullrich	if (!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) {
192			$reqdfields[] = "srcmask";
193			$reqdfieldsn[] = "Source bit count";
194			}
195			if (!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) {
196			$reqdfields[] = "dstmask";
197			$reqdfieldsn[] = "Destination bit count";
198			}
199	5ba18897	Scott Ullrich
200	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
201	5ba18897	Scott Ullrich
202	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
203			$_POST['srcbeginport'] = 0;
204			$_POST['srcendport'] = 0;
205			}
206			if (!$_POST['dstbeginport']) {
207			$_POST['dstbeginport'] = 0;
208			$_POST['dstendport'] = 0;
209			}
210	5ba18897	Scott Ullrich
211	19757279	Scott Ullrich	if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) {
212	aba8aace	Scott Ullrich	$input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
213	bdb7d6e7	Scott Ullrich	}
214	19757279	Scott Ullrich	if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) {
215	aba8aace	Scott Ullrich	$input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
216	bdb7d6e7	Scott Ullrich	}
217	19757279	Scott Ullrich	if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) {
218	aba8aace	Scott Ullrich	$input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
219	bdb7d6e7	Scott Ullrich	}
220	19757279	Scott Ullrich	if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) {
221	aba8aace	Scott Ullrich	$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
222	bdb7d6e7	Scott Ullrich	}
223	5ba18897	Scott Ullrich
224	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
225			if($_POST['srctype'] == "network") {
226			if(is_alias($_POST['src']))
227			$input_errors[] = "You must specify single host or alias for alias entries.";
228			}
229	75e9d40f	Chris Buechler	if($_POST['sched'] && $_POST['gateway'])
230			$input_errors[] = "You cannot specify a gateway with time based rules.";
231
232	0e5ddcd9	Scott Ullrich	if($_POST['dsttype'] == "network") {
233			if(is_alias($_POST['dst']))
234			$input_errors[] = "You must specify single host or alias for alias entries.";
235			}
236
237	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
238			if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
239			$input_errors[] = "A valid source IP address or alias must be specified.";
240			}
241			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
242			$input_errors[] = "A valid source bit count must be specified.";
243			}
244			}
245			if (!is_specialnet($_POST['dsttype'])) {
246			if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
247			$input_errors[] = "A valid destination IP address or alias must be specified.";
248			}
249			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
250			$input_errors[] = "A valid destination bit count must be specified.";
251			}
252			}
253	5ba18897	Scott Ullrich
254	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
255			/* swap */
256			$tmp = $_POST['srcendport'];
257			$_POST['srcendport'] = $_POST['srcbeginport'];
258			$_POST['srcbeginport'] = $tmp;
259			}
260			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
261			/* swap */
262			$tmp = $_POST['dstendport'];
263			$_POST['dstendport'] = $_POST['dstbeginport'];
264			$_POST['dstbeginport'] = $tmp;
265			}
266	e33c8694	Bill Marquette	if ($_POST['os'])
267			if( $_POST['proto'] != "tcp" )
268			$input_errors[] = "OS detection is only valid with protocol tcp.";
269	5b237745	Scott Ullrich
270			if (!$input_errors) {
271			$filterent = array();
272			$filterent['type'] = $_POST['type'];
273			$filterent['interface'] = $_POST['interface'];
274	d59874c1	Scott Ullrich
275	bdb7d6e7	Scott Ullrich	/* Advanced options */
276			$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
277			$filterent['max-src-states'] = $_POST['max-src-states'];
278	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
279	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
280	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
281	10f21e70	Scott Ullrich
282			/* Nosync directive - do not xmlrpc sync this item */
283	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
284	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
285			else
286			unset($filterent['nosync']);
287
288	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
289			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
290			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
291			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
292			} else {
293			unset($filterent['max-src-conn-rate']);
294			unset($filterent['max-src-conn-rates']);
295			}
296	5ba18897	Scott Ullrich
297	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
298			$filterent['protocol'] = $_POST['proto'];
299			else
300			unset($filterent['protocol']);
301	5ba18897	Scott Ullrich
302	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
303			$filterent['icmptype'] = $_POST['icmptype'];
304			else
305			unset($filterent['icmptype']);
306	5ba18897	Scott Ullrich
307	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
308			$_POST['srcmask'], $_POST['srcnot'],
309			$_POST['srcbeginport'], $_POST['srcendport']);
310	5ba18897	Scott Ullrich
311	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
312			$_POST['dstmask'], $_POST['dstnot'],
313			$_POST['dstbeginport'], $_POST['dstendport']);
314	5ba18897	Scott Ullrich
315	f87f85c3	Bill Marquette	if ($_POST['disabled'])
316			$filterent['disabled'] = true;
317			else
318			unset($filterent['disabled']);
319			if ($_POST['log'])
320			$filterent['log'] = true;
321			else
322			unset($filterent['log']);
323	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
324	5ba18897	Scott Ullrich
325	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
326			$filterent['gateway'] = $_POST['gateway'];
327			}
328
329	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
330			$filterent['sched'] = $_POST['sched'];
331			}
332
333	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
334			$a_filter[$id] = $filterent;
335			else {
336			if (is_numeric($after))
337			array_splice($a_filter, $after+1, 0, array($filterent));
338			else
339			$a_filter[] = $filterent;
340			}
341	f4e2a352	Scott Ullrich
342	5b237745	Scott Ullrich	write_config();
343			touch($d_filterconfdirty_path);
344	5ba18897	Scott Ullrich
345	a23d7248	Scott Ullrich	header("Location: firewall_rules.php?if=" . $_POST['interface']);
346	5b237745	Scott Ullrich	exit;
347			}
348	c60824d2	Scott Ullrich	}
349
350	da7ae7ef	Bill Marquette	$pgtitle = "Firewall: Rules: Edit";
351	a1357fe0	Bill Marquette	$closehead = false;
352	8ab3e9ed	Erik Kristensen
353			$page_filename = "firewall_rules_edit.php";
354	da7ae7ef	Bill Marquette	include("head.inc");
355	c60824d2	Scott Ullrich
356	5b237745	Scott Ullrich	?>
357	da7ae7ef	Bill Marquette
358	5b237745	Scott Ullrich	</head>
359
360			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
361			<?php include("fbegin.inc"); ?>
362	da7ae7ef	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
363	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
364	8ab3e9ed	Erik Kristensen
365			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
366			<table width="100%" border="0" cellpadding="6" cellspacing="0">
367			<tr>
368			<td width="22%" valign="top" class="vncellreq">Action</td>
369			<td width="78%" class="vtable">
370			<select name="type" class="formfld">
371			<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
372			<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
373			<?=htmlspecialchars($type);?>
374			</option>
375			<?php endforeach; ?>
376	8c84fe43	Scott Ullrich	</select>
377	8ab3e9ed	Erik Kristensen	<br/>
378			<span class="vexpl">
379			Choose what to do with packets that match the criteria specified below. <br/>
380			Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded. Reject only works when the protocol is set to either TCP or UDP (but not "TCP/UDP") below.
381			</span>
382			</td>
383			</tr>
384			<tr>
385			<td width="22%" valign="top" class="vncellreq">Disabled</td>
386			<td width="78%" class="vtable">
387			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
388			<strong>Disable this rule</strong><br />
389			<span class="vexpl">Set this option to disable this rule without removing it from the list.</span>
390			</td>
391			</tr>
392			<tr>
393			<td width="22%" valign="top" class="vncellreq">Interface</td>
394			<td width="78%" class="vtable">
395			<select name="interface" class="formfld">
396			<?php
397	0feec714	Scott Ullrich	$interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE', 'enc0' => 'IPSEC');
398	8ab3e9ed	Erik Kristensen	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
399			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
400			}
401			foreach ($interfaces as $iface => $ifacename): ?>
402			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?></option>
403			<?php endforeach; ?>
404	8c84fe43	Scott Ullrich	</select>
405	8ab3e9ed	Erik Kristensen	<br />
406			<span class="vexpl">Choose on which interface packets must come in to match this rule.</span>
407			</td>
408			</tr>
409			<tr>
410			<td width="22%" valign="top" class="vncellreq">Protocol</td>
411			<td width="78%" class="vtable">
412			<select name="proto" class="formfld" onchange="proto_change()">
413			<?php
414	3f351350	Scott Ullrich	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP any carp pfsync");
415	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
416			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
417			<?php endforeach; ?>
418			</select>
419			<br />
420			<span class="vexpl">Choose which IP protocol this rule should match. <br /> Hint: in most cases, you should specify <em>TCP</em>  here.</span>
421			</td>
422			</tr>
423	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
424	8ab3e9ed	Erik Kristensen	<td valign="top" class="vncell">ICMP type</td>
425			<td class="vtable">
426			<select name="icmptype" class="formfld">
427			<?php
428			$icmptypes = array(
429			"" => "any",
430			"echorep" => "Echo reply",
431			"unreach" => "Destination unreachable",
432			"squench" => "Source quench",
433			"redir" => "Redirect",
434			"althost" => "Alternate Host",
435			"echoreq" => "Echo",
436			"routeradv" => "Router advertisement",
437			"routersol" => "Router solicitation",
438			"timex" => "Time exceeded",
439			"paramprob" => "Invalid IP header",
440			"timereq" => "Timestamp",
441			"timerep" => "Timestamp reply",
442			"inforeq" => "Information request",
443			"inforep" => "Information reply",
444			"maskreq" => "Address mask request",
445			"maskrep" => "Address mask reply"
446			);
447
448			foreach ($icmptypes as $icmptype => $descr): ?>
449			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
450			<?php endforeach; ?>
451			</select>
452			<br />
453			<span class="vexpl">If you selected ICMP for the protocol above, you may specify an ICMP type here.</span>
454			</td>
455			</tr>
456			<tr>
457			<td width="22%" valign="top" class="vncellreq">Source</td>
458			<td width="78%" class="vtable">
459			<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
460			<strong>not</strong>
461			<br />
462			Use this option to invert the sense of the match.
463			<br />
464			<br />
465			<table border="0" cellspacing="0" cellpadding="0">
466			<tr>
467			<td>Type:  </td>
468			<td>
469			<select name="srctype" class="formfld" onChange="typesel_change()">
470			<?php
471			$sel = is_specialnet($pconfig['src']); ?>
472			<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option>
473			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
474			<option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option>
475	76934b05	Scott Ullrich	<option value="wanip" <?php if ($pconfig['src'] == "wanip") { echo "selected"; } ?>>WAN address</option>
476	acb31d29	Scott Ullrich	<option value="lanip" <?php if ($pconfig['src'] == "lanip") { echo "selected"; } ?>>LAN address</option>
477	8ab3e9ed	Erik Kristensen	<option value="lan" <?php if ($pconfig['src'] == "lan") { echo "selected"; } ?>>LAN subnet</option>
478			<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>PPTP clients</option>
479	8c84fe43	Scott Ullrich	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option>
480	8ab3e9ed	Erik Kristensen	<?php
481			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
482			<option value="opt<?=$i;?>" <?php if ($pconfig['src'] == "opt" . $i) { echo "selected"; } ?>><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?> subnet</option>
483	e30a5970	Scott Ullrich	<option value="opt<?=$i;?>ip"<?php if ($pconfig['src'] == "opt" . $i . "ip") { echo "selected"; } ?>>
484			<?=$config['interfaces']['opt' . $i]['descr']?> address
485			</option>
486	8ab3e9ed	Erik Kristensen	<?php endfor; ?>
487			</select>
488			</td>
489			</tr>
490			<tr>
491			<td>Address:  </td>
492			<td>
493			<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
494			<select name="srcmask" class="formfld" id="srcmask">
495			<?php for ($i = 31; $i > 0; $i--): ?>
496			<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
497			<?php endfor; ?>
498			</select>
499	bdb7d6e7	Scott Ullrich	</td>
500	8ab3e9ed	Erik Kristensen	</tr>
501			</table>
502	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
503			<p>
504	be812936	Scott Ullrich	<input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>
505	22abf2ef	Scott Ullrich	</div>
506	8ab3e9ed	Erik Kristensen	</td>
507	e33c8694	Bill Marquette	</tr>
508	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
509	8ab3e9ed	Erik Kristensen	<td width="22%" valign="top" class="vncellreq">Source port range</td>
510			<td width="78%" class="vtable">
511			<table border="0" cellspacing="0" cellpadding="0">
512			<tr>
513			<td>from:  </td>
514			<td>
515			<select name="srcbeginport" class="formfld" onchange="src_rep_change();ext_change()">
516			<option value="">(other)</option>
517			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
518			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
519			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
520			<?php endforeach; ?>
521	8c84fe43	Scott Ullrich	</select>
522	8ab3e9ed	Erik Kristensen	<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>">
523			</td>
524			</tr>
525			<tr>
526			<td>to:</td>
527			<td>
528			<select name="srcendport" class="formfld" onchange="ext_change()">
529			<option value="">(other)</option>
530			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
531			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
532			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
533			<?php endforeach; ?>
534	8c84fe43	Scott Ullrich	</select>
535	8ab3e9ed	Erik Kristensen	<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>">
536			</td>
537			</tr>
538			</table>
539			<br />
540	5548a077	Scott Ullrich	<span class="vexpl">Specify the port or port range for the source of the packet for this rule. This is usually not equal to the destination port range (and is often "any"). <br /> Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port</span><br/>
541	67199e71	Scott Ullrich	<span class="vexpl"><B>NOTE:</B> You will not need to enter anything here in 99.99999% of the circumstances. If you're unsure, do not enter anything here!</span>
542	8ab3e9ed	Erik Kristensen	</td>
543	8c84fe43	Scott Ullrich	</tr>
544	8ab3e9ed	Erik Kristensen	<tr>
545	6f878f1b	Chris Buechler	<td width="22%" valign="top" class="vncell">Source OS</td>
546	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">OS Type:
547			<select name="os" id="os" class="formfld">
548			<?php
549			$ostypes = array(
550			"" => "any",
551			"AIX" => "AIX",
552			"Linux" => "Linux",
553			"FreeBSD" => "FreeBSD",
554			"NetBSD" => "NetBSD",
555			"OpenBSD" => "OpenBSD",
556			"Solaris" => "Solaris",
557			"MacOS" => "MacOS",
558			"Windows" => "Windows",
559	59d62b6c	Scott Ullrich	"Novell" => "Novell",
560			"NMAP" => "NMAP"
561	8ab3e9ed	Erik Kristensen	);
562
563			foreach ($ostypes as $ostype => $descr): ?>
564			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
565			<?php endforeach; ?>
566			</select>
567			<br />
568			Note: this only works for TCP rules
569			</td>
570	5ba18897	Scott Ullrich	</tr>
571	8ab3e9ed	Erik Kristensen	<tr>
572			<td width="22%" valign="top" class="vncellreq">Destination</td>
573			<td width="78%" class="vtable">
574			<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
575			<strong>not</strong>
576			<br />
577			Use this option to invert the sense of the match.
578			<br />
579			<br />
580			<table border="0" cellspacing="0" cellpadding="0">
581			<tr>
582			<td>Type:  </td>
583			<td>
584			<select name="dsttype" class="formfld" onChange="typesel_change()">
585			<?php
586			$sel = is_specialnet($pconfig['dst']); ?>
587			<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option>
588			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
589			<option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option>
590	76934b05	Scott Ullrich	<option value="wanip" <?php if ($pconfig['dst'] == "wanip") { echo "selected"; } ?>>WAN address</option>
591	acb31d29	Scott Ullrich	<option value="lanip" <?php if ($pconfig['dst'] == "lanip") { echo "selected"; } ?>>LAN address</option>
592	8ab3e9ed	Erik Kristensen	<option value="lan" <?php if ($pconfig['dst'] == "lan") { echo "selected"; } ?>>LAN subnet</option>
593			<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>PPTP clients</option>
594			<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option>
595			<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
596			<option value="opt<?=$i;?>" <?php if ($pconfig['dst'] == "opt" . $i) { echo "selected"; } ?>><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?> subnet</option>
597	369578b1	Scott Ullrich	<option value="opt<?=$i;?>ip"<?php if ($pconfig['dst'] == "opt" . $i . "ip") { echo "selected"; } ?>>
598	cbff71a1	Scott Ullrich	<?=$config['interfaces']['opt' . $i]['descr']?> address
599			</option>
600	8ab3e9ed	Erik Kristensen	<?php endfor; ?>
601			</select>
602			</td>
603			</tr>
604			<tr>
605			<td>Address:  </td>
606			<td>
607			<input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
608			/
609			<select name="dstmask" class="formfld" id="dstmask">
610			<?php
611			for ($i = 31; $i > 0; $i--): ?>
612			<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
613			<?php endfor; ?>
614			</select>
615			</td>
616			</tr>
617			</table>
618	5ba18897	Scott Ullrich
619	8ab3e9ed	Erik Kristensen	</td>
620			</tr>
621	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
622	8ab3e9ed	Erik Kristensen	<td width="22%" valign="top" class="vncellreq">Destination port range </td>
623			<td width="78%" class="vtable">
624			<table border="0" cellspacing="0" cellpadding="0">
625			<tr>
626			<td>from:  </td>
627			<td>
628			<select name="dstbeginport" class="formfld" onchange="dst_rep_change();ext_change()">
629			<option value="">(other)</option>
630			<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
631			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
632			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
633			<?php endforeach; ?>
634			</select>
635			<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>">
636			</td>
637			</tr>
638			<tr>
639			<td>to:</td>
640			<td>
641			<select name="dstendport" class="formfld" onchange="ext_change()">
642			<option value="">(other)</option>
643			<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
644			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
645			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
646			<?php endforeach; ?>
647	8c84fe43	Scott Ullrich	</select>
648	8ab3e9ed	Erik Kristensen	<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>">
649			</td>
650			</tr>
651			</table>
652			<br />
653			<span class="vexpl">
654			Specify the port or port range for the destination of the packet for this rule.
655			<br />
656			Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port
657			</span>
658			</td>
659			</tr>
660			<tr>
661			<td width="22%" valign="top" class="vncellreq">Log</td>
662			<td width="78%" class="vtable">
663			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
664			<strong>Log packets that are handled by this rule</strong>
665			<br />
666			<span class="vexpl">Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server (see the <a href="diag_logs_settings.php">Diagnostics: System logs: Settings</a> page).</span>
667			</td>
668			</tr>
669			<tr>
670			<td width="22%" valign="top" class="vncell">Advanced Options</td>
671			<td width="78%" class="vtable">
672	197b2a47	Scott Ullrich	<div id="aoadv" name="aoadv">
673	581a46c8	Scott Ullrich	<input type="button" onClick="show_aodiv();" value="Advanced"> - Show advanced options
674	197b2a47	Scott Ullrich	</div>
675			<div id="aodivmain" name="aodivmain" style="display:none">
676	8ab3e9ed	Erik Kristensen	<input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br> Simultaneous client connection limit<p>
677			<input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br> Maximum state entries per host<p>
678			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> /
679			<select name="max-src-conn-rates" id="max-src-conn-rates">
680			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
681			<?php for($x=1; $x<255; $x++) {
682			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
683			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
684			} ?>
685	47042140	Scott Ullrich	</select><br />
686	8ab3e9ed	Erik Kristensen	Maximum new connections / per second
687	47042140	Scott Ullrich	<p>
688
689			<input name="statetimeout" value="<?php echo $pconfig['statetimeout'] ?>"><br>
690	3906617b	Scott Ullrich	State Timeout in seconds
691	47042140	Scott Ullrich	<p />
692
693	8ab3e9ed	Erik Kristensen	<p><strong>NOTE: Leave these fields blank to disable this feature.</strong>
694	197b2a47	Scott Ullrich	</div>
695	8ab3e9ed	Erik Kristensen	</td>
696			</tr>
697			<tr>
698			<td width="22%" valign="top" class="vncell">State Type</td>
699			<td width="78%" class="vtable">
700	f6970b2f	Scott Ullrich	<div id="showadvstatebox">
701			<input type="button" onClick="show_advanced_state()" value="Advanced"></input> - Show state</a>
702			</div>
703			<div id="showstateadv" style="display:none">
704			<select name="statetype">
705			<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>>keep state</option>
706			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>>synproxy state</option>
707			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>>none</option>
708			</select><br>HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.
709			<p>
710			<table width="90%">
711	1422da65	Chris Buechler	<tr><td width="25%"><ul><li>keep state</li></td><td>Works with all IP protocols.</ul></td></tr>
712	fa495e94	Chris Buechler	<tr><td width="25%"><ul><li>synproxy state</li></td><td>Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.</ul></td></tr>
713			<tr><td width="25%"><ul><li>none</li></td><td>do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.</ul></td></tr>
714	f6970b2f	Scott Ullrich	</table>
715			</p>
716			</div>
717	8ab3e9ed	Erik Kristensen	</td>
718			</tr>
719	10f21e70	Scott Ullrich	<tr>
720			<td width="22%" valign="top" class="vncell">No XMLRPC Sync</td>
721			<td width="78%" class="vtable">
722	c32518fa	Scott Ullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
723	f64bae3d	Chris Buechler	HINT: This prevents the rule from automatically syncing to other CARP members.
724	10f21e70	Scott Ullrich	</td>
725	8c84fe43	Scott Ullrich	</tr>
726	615b27bc	Scott Dale	<?php
727			//build list of schedules
728			$schedules = array();
729			$schedules[] = "none";//leave none to leave rule enabled all the time
730	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
731			foreach ($config['schedules']['schedule'] as $schedule) {
732			if ($schedule['name'] <> "")
733			$schedules[] = $schedule['name'];
734			}
735			}
736	615b27bc	Scott Dale	?>
737			<tr>
738			<td width="22%" valign="top" class="vncell">Schedule</td>
739			<td width="78%" class="vtable">
740			<select name='sched'>
741			<?php
742			foreach($schedules as $schedule) {
743			if($schedule == $pconfig['sched']) {
744			$selected = " SELECTED";
745			} else {
746			$selected = "";
747			}
748			if ($schedule == "none") {
749			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
750			} else {
751			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
752			}
753			}?>
754			</select>
755	099ab77e	Scott Ullrich	<p>Leave as 'none' to leave the rule enabled all the time.</p>
756	7f7ad501	Scott Ullrich	<strong>NOTE: schedule logic can be a bit different. Click <a target="_new" href='firewall_rules_schedule_logic.php'>here</a> for more information.</strong>
757	615b27bc	Scott Dale	</td>
758			</tr>
759
760	8ab3e9ed	Erik Kristensen	<?php
761	82628210	Scott Ullrich	/* build a list of gateways */
762			$gateways = array();
763	615b27bc	Scott Dale	$gateways[] = "default"; // default to don't use this feature :)
764	82628210	Scott Ullrich	foreach($config['interfaces'] as $int) {
765			if($int['gateway'] <> "")
766			$gateways[]=$int['gateway'];
767			}
768	8ab3e9ed	Erik Kristensen	?>
769	82628210	Scott Ullrich	<tr>
770	8ab3e9ed	Erik Kristensen	<td width="22%" valign="top" class="vncell">Gateway</td>
771			<td width="78%" class="vtable">
772			<select name='gateway'>
773			<?php
774	82628210	Scott Ullrich	foreach($gateways as $gw) {
775	0581660c	Scott Ullrich	if($gw == "")
776			continue;
777	e6c0da7c	Scott Ullrich	if($gw == $pconfig['gateway']) {
778	82628210	Scott Ullrich	$selected = " SELECTED";
779	e6c0da7c	Scott Ullrich	} else {
780	82628210	Scott Ullrich	$selected = "";
781	e6c0da7c	Scott Ullrich	}
782			if ($gw == "default") {
783	8c84fe43	Scott Ullrich	echo "<option value=\"\" {$selected}>{$gw}</option>\n";
784	e6c0da7c	Scott Ullrich	} else {
785	bd8d9d92	Bill Marquette	echo "<option value=\"{$gw}\" {$selected}>{$gw}</option>\n";
786	e6c0da7c	Scott Ullrich	}
787			}
788	a68bd38b	Scott Ullrich	if(is_array($config['load_balancer']['lbpool'])) {
789			foreach($config['load_balancer']['lbpool'] as $lb) {
790	0581660c	Scott Ullrich	if($lb['name'] == "")
791			continue;
792	a68bd38b	Scott Ullrich	if($pconfig['gateway'] == $lb['name']) {
793			echo "<option value=\"{$lb['name']}\" SELECTED>{$lb['name']}</option>\n";
794			} else {
795			echo "<option value=\"{$lb['name']}\">{$lb['name']}</option>\n";
796			}
797	8c84fe43	Scott Ullrich	}
798	82628210	Scott Ullrich	}
799	1fda0968	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
800			if($config['interfaces']['opt' . $i]['ipaddr'] == "dhcp") {
801			$descr = $config['interfaces']['opt' . $i]['descr'];
802	4443d4d6	Scott Ullrich	if ($pconfig['gateway'] == "opt{$i}") {
803			$selected = " SELECTED";
804	1fda0968	Scott Ullrich	} else {
805			$selected = "";
806			}
807	0581660c	Scott Ullrich	if($descr <> "")
808			echo "<option value=\"opt{$i}\" {$selected}>OPT{$i} - {$descr}</option>\n";
809	1fda0968	Scott Ullrich	}
810			}
811	8ab3e9ed	Erik Kristensen	?>
812			</select>
813	58a4eecd	Bill Marquette	<p><strong>Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.</strong></p>
814	8ab3e9ed	Erik Kristensen	</td>
815			</tr>
816	bca8e0ec	Scott Ullrich	<tr>
817			<td width="22%" valign="top" class="vncell">Description</td>
818			<td width="78%" class="vtable">
819			<input name="descr" type="text" class="formfld" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
820			<br />
821			<span class="vexpl">You may enter a description here for your reference (not parsed).</span>
822			</td>
823			</tr>
824	8ab3e9ed	Erik Kristensen	<tr>
825			<td width="22%" valign="top"> </td>
826			<td width="78%">
827			<input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
828			<?php if (isset($id) && $a_filter[$id]): ?>
829			<input name="id" type="hidden" value="<?=$id;?>">
830			<?php endif; ?>
831			<input name="after" type="hidden" value="<?=$after;?>">
832			</td>
833	82628210	Scott Ullrich	</tr>
834	8ab3e9ed	Erik Kristensen	</table>
835	5b237745	Scott Ullrich	</form>
836			<script language="JavaScript">
837			<!--
838	8ab3e9ed	Erik Kristensen	ext_change();
839			typesel_change();
840			proto_change();
841	19757279	Scott Ullrich
842			<?php
843	8ab3e9ed	Erik Kristensen	$isfirst = 0;
844			$aliases = "";
845			$addrisfirst = 0;
846			$aliasesaddr = "";
847			if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
848			foreach($config['aliases']['alias'] as $alias_name) {
849			if(!stristr($alias_name['address'], ".")) {
850			if($isfirst == 1) $aliases .= ",";
851			$aliases .= "'" . $alias_name['name'] . "'";
852			$isfirst = 1;
853			} else {
854			if($addrisfirst == 1) $aliasesaddr .= ",";
855			$aliasesaddr .= "'" . $alias_name['name'] . "'";
856			$addrisfirst = 1;
857			}
858	092ac49d	Scott Ullrich	}
859	19757279	Scott Ullrich	?>
860
861	8ab3e9ed	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
862			var customarray=new Array(<?php echo $aliases; ?>);
863	19757279	Scott Ullrich
864	5b237745	Scott Ullrich	//-->
865			</script>
866	8ab3e9ed	Erik Kristensen
867
868	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
869			</body>
870			</html>

Project

General

Profile

pfSense