/usr/local/www/firewall_shaper_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_shaper_edit.php @ 1b71134e

1	5412cd45	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	3ffab555	Scott Ullrich	firewall_shaper_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	5412cd45	Scott Ullrich
7	3ffab555	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	5412cd45	Scott Ullrich
10	3ffab555	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	5412cd45	Scott Ullrich
13	3ffab555	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	5412cd45	Scott Ullrich
16	3ffab555	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	5412cd45	Scott Ullrich
20	3ffab555	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30	5b237745	Scott Ullrich	*/
31
32			require("guiconfig.inc");
33
34			if (!is_array($config['shaper']['rule'])) {
35			$config['shaper']['rule'] = array();
36			}
37			$a_shaper = &$config['shaper']['rule'];
38
39	b3e7dc67	Scott Ullrich	/* redirect to wizard if shaper isn't already configured */
40			if(isset($config['shaper']['enable'])) {
41	75d5cf4f	Scott Ullrich	$pconfig['enable'] = TRUE;
42	b3e7dc67	Scott Ullrich	} else {
43	75d5cf4f	Scott Ullrich	if(!is_array($config['shaper']['queue']))
44			Header("Location: wizard.php?xml=traffic_shaper_wizard.xml");
45	b3e7dc67	Scott Ullrich	}
46
47	8b4be0b2	Scott Ullrich	$specialsrcdst = explode(" ", "any wanip lanip lan pptp");
48	5b237745	Scott Ullrich
49			$id = $_GET['id'];
50			if (isset($_POST['id']))
51			$id = $_POST['id'];
52	5412cd45	Scott Ullrich
53	5b237745	Scott Ullrich	$after = $_GET['after'];
54			if (isset($_POST['after']))
55			$after = $_POST['after'];
56	5412cd45	Scott Ullrich
57	5b237745	Scott Ullrich	if (isset($_GET['dup'])) {
58			$id = $_GET['dup'];
59			$after = $_GET['dup'];
60			}
61	5412cd45	Scott Ullrich
62	5b237745	Scott Ullrich	if (isset($id) && $a_shaper[$id]) {
63	e295675f	Scott Ullrich	$pconfig['in-interface'] = $a_shaper[$id]['in-interface'];
64			$pconfig['out-interface'] = $a_shaper[$id]['out-interface'];
65	5412cd45	Scott Ullrich
66	5b237745	Scott Ullrich	if (isset($a_shaper[$id]['protocol']))
67			$pconfig['proto'] = $a_shaper[$id]['protocol'];
68			else
69			$pconfig['proto'] = "any";
70	5412cd45	Scott Ullrich
71	5b237745	Scott Ullrich	address_to_pconfig($a_shaper[$id]['source'], $pconfig['src'],
72			$pconfig['srcmask'], $pconfig['srcnot'],
73			$pconfig['srcbeginport'], $pconfig['srcendport']);
74	5412cd45	Scott Ullrich
75	5b237745	Scott Ullrich	address_to_pconfig($a_shaper[$id]['destination'], $pconfig['dst'],
76			$pconfig['dstmask'], $pconfig['dstnot'],
77			$pconfig['dstbeginport'], $pconfig['dstendport']);
78	5412cd45	Scott Ullrich
79	92b753f8	Bill Marquette	$pconfig['inqueue'] = $a_shaper[$id]['inqueue'];
80			$pconfig['outqueue'] = $a_shaper[$id]['outqueue'];
81	5412cd45	Scott Ullrich
82	5b237745	Scott Ullrich	$pconfig['direction'] = $a_shaper[$id]['direction'];
83			$pconfig['iptos'] = $a_shaper[$id]['iptos'];
84			$pconfig['tcpflags'] = $a_shaper[$id]['tcpflags'];
85			$pconfig['descr'] = $a_shaper[$id]['descr'];
86			$pconfig['disabled'] = isset($a_shaper[$id]['disabled']);
87	5412cd45	Scott Ullrich
88	5b237745	Scott Ullrich	if ($pconfig['srcbeginport'] == 0) {
89			$pconfig['srcbeginport'] = "any";
90			$pconfig['srcendport'] = "any";
91			}
92			if ($pconfig['dstbeginport'] == 0) {
93			$pconfig['dstbeginport'] = "any";
94			$pconfig['dstendport'] = "any";
95			}
96	5412cd45	Scott Ullrich
97	5b237745	Scott Ullrich	} else {
98			/* defaults */
99			$pconfig['src'] = "any";
100			$pconfig['dst'] = "any";
101			}
102
103			if (isset($_GET['dup']))
104			unset($id);
105
106			if ($_POST) {
107
108			if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "any")) {
109			$_POST['srcbeginport'] = 0;
110			$_POST['srcendport'] = 0;
111			$_POST['dstbeginport'] = 0;
112			$_POST['dstendport'] = 0;
113			} else {
114	5412cd45	Scott Ullrich
115	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
116			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
117			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
118			$_POST['srcendport'] = $_POST['srcendport_cust'];
119	5412cd45	Scott Ullrich
120	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
121			$_POST['srcbeginport'] = 0;
122			$_POST['srcendport'] = 0;
123	5412cd45	Scott Ullrich	} else {
124	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
125			$_POST['srcendport'] = $_POST['srcbeginport'];
126			}
127			if ($_POST['srcendport'] == "any")
128			$_POST['srcendport'] = $_POST['srcbeginport'];
129	5412cd45	Scott Ullrich
130	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
131			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
132			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
133			$_POST['dstendport'] = $_POST['dstendport_cust'];
134	5412cd45	Scott Ullrich
135	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
136			$_POST['dstbeginport'] = 0;
137			$_POST['dstendport'] = 0;
138	5412cd45	Scott Ullrich	} else {
139	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
140			$_POST['dstendport'] = $_POST['dstbeginport'];
141			}
142			if ($_POST['dstendport'] == "any")
143	5412cd45	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
144	5b237745	Scott Ullrich	}
145	5412cd45	Scott Ullrich
146	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
147			$_POST['src'] = $_POST['srctype'];
148			$_POST['srcmask'] = 0;
149			} else if ($_POST['srctype'] == "single") {
150			$_POST['srcmask'] = 32;
151			}
152			if (is_specialnet($_POST['dsttype'])) {
153			$_POST['dst'] = $_POST['dsttype'];
154			$_POST['dstmask'] = 0;
155			} else if ($_POST['dsttype'] == "single") {
156			$_POST['dstmask'] = 32;
157			}
158	5412cd45	Scott Ullrich
159	5b237745	Scott Ullrich	$intos = array();
160			foreach ($iptos as $tos) {
161			if ($_POST['iptos_' . $tos] == "on")
162			$intos[] = $tos;
163			else if ($_POST['iptos_' . $tos] == "off")
164			$intos[] = "!" . $tos;
165			}
166			$_POST['iptos'] = join(",", $intos);
167	5412cd45	Scott Ullrich
168	5b237745	Scott Ullrich	$intcpflags = array();
169			foreach ($tcpflags as $tcpflag) {
170			if ($_POST['tcpflags_' . $tcpflag] == "on")
171			$intcpflags[] = $tcpflag;
172			else if ($_POST['tcpflags_' . $tcpflag] == "off")
173			$intcpflags[] = "!" . $tcpflag;
174			}
175			$_POST['tcpflags'] = join(",", $intcpflags);
176	5412cd45	Scott Ullrich
177	5b237745	Scott Ullrich	unset($input_errors);
178			$pconfig = $_POST;
179
180			/* input validation */
181	92b753f8	Bill Marquette	$reqdfields = explode(" ", "inqueue outqueue proto src dst");
182			$reqdfieldsn = explode(",", "Inbound Queue,Outbound Queue,Protocol,Source,Destination");
183	5412cd45	Scott Ullrich
184	5b237745	Scott Ullrich	if (!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) {
185			$reqdfields[] = "srcmask";
186			$reqdfieldsn[] = "Source bit count";
187			}
188			if (!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) {
189			$reqdfields[] = "dstmask";
190			$reqdfieldsn[] = "Destination bit count";
191			}
192	5412cd45	Scott Ullrich
193	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
194	5412cd45	Scott Ullrich
195	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
196			$_POST['srcbeginport'] = 0;
197			$_POST['srcendport'] = 0;
198			}
199			if (!$_POST['dstbeginport']) {
200			$_POST['dstbeginport'] = 0;
201			$_POST['dstendport'] = 0;
202			}
203	5412cd45	Scott Ullrich
204	79e8a215	Scott Ullrich	if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) {
205			$input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
206	5b237745	Scott Ullrich	}
207	79e8a215	Scott Ullrich	if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) {
208			$input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
209	5b237745	Scott Ullrich	}
210	79e8a215	Scott Ullrich	if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) {
211			$input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
212	5b237745	Scott Ullrich	}
213	79e8a215	Scott Ullrich	if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) {
214			$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
215	5b237745	Scott Ullrich	}
216	5412cd45	Scott Ullrich
217	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
218			if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
219			$input_errors[] = "A valid source IP address or alias must be specified.";
220			}
221			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
222			$input_errors[] = "A valid source bit count must be specified.";
223			}
224			}
225			if (!is_specialnet($_POST['dsttype'])) {
226			if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
227			$input_errors[] = "A valid destination IP address or alias must be specified.";
228			}
229			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
230			$input_errors[] = "A valid destination bit count must be specified.";
231			}
232			}
233	5412cd45	Scott Ullrich
234	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
235			/* swap */
236			$tmp = $_POST['srcendport'];
237			$_POST['srcendport'] = $_POST['srcbeginport'];
238			$_POST['srcbeginport'] = $tmp;
239			}
240			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
241			/* swap */
242			$tmp = $_POST['dstendport'];
243			$_POST['dstendport'] = $_POST['dstbeginport'];
244			$_POST['dstbeginport'] = $tmp;
245			}
246	5412cd45	Scott Ullrich
247	5b237745	Scott Ullrich	if (!$input_errors) {
248			$shaperent = array();
249	e295675f	Scott Ullrich	$shaperent['in-interface'] = $_POST['in-interface'];
250			$shaperent['out-interface'] = $_POST['out-interface'];
251	5412cd45	Scott Ullrich
252	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
253			$shaperent['protocol'] = $_POST['proto'];
254			else
255			unset($shaperent['protocol']);
256	5412cd45	Scott Ullrich
257	5b237745	Scott Ullrich	pconfig_to_address($shaperent['source'], $_POST['src'],
258			$_POST['srcmask'], $_POST['srcnot'],
259			$_POST['srcbeginport'], $_POST['srcendport']);
260	5412cd45	Scott Ullrich
261	5b237745	Scott Ullrich	pconfig_to_address($shaperent['destination'], $_POST['dst'],
262			$_POST['dstmask'], $_POST['dstnot'],
263			$_POST['dstbeginport'], $_POST['dstendport']);
264	5412cd45	Scott Ullrich
265	5b237745	Scott Ullrich	$shaperent['direction'] = $_POST['direction'];
266			$shaperent['iptos'] = $_POST['iptos'];
267			$shaperent['tcpflags'] = $_POST['tcpflags'];
268			$shaperent['descr'] = $_POST['descr'];
269			$shaperent['disabled'] = $_POST['disabled'] ? true : false;
270	5412cd45	Scott Ullrich
271	92b753f8	Bill Marquette	$shaperent['inqueue'] = $_POST['inqueue'];
272			$shaperent['outqueue'] = $_POST['outqueue'];
273	5412cd45	Scott Ullrich
274	5b237745	Scott Ullrich	if (isset($id) && $a_shaper[$id])
275			$a_shaper[$id] = $shaperent;
276			else {
277			if (is_numeric($after))
278			array_splice($a_shaper, $after+1, 0, array($shaperent));
279			else
280			$a_shaper[] = $shaperent;
281			}
282	5412cd45	Scott Ullrich
283	5b237745	Scott Ullrich	write_config();
284			touch($d_shaperconfdirty_path);
285	5412cd45	Scott Ullrich
286	5b237745	Scott Ullrich	header("Location: firewall_shaper.php");
287			exit;
288			}
289			}
290	da7ae7ef	Bill Marquette
291	c44f1bd5	Bill Marquette	$pgtitle = "Firewall: Shaper: Rules: Edit";
292	a1357fe0	Bill Marquette	$closehead = false;
293	da7ae7ef	Bill Marquette	include("head.inc");
294	5b237745	Scott Ullrich	?>
295	da7ae7ef	Bill Marquette
296	5b237745	Scott Ullrich	<script language="JavaScript">
297			<!--
298			var portsenabled = 1;
299
300			function ext_change() {
301			if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) {
302			document.iform.srcbeginport_cust.disabled = 0;
303			} else {
304			document.iform.srcbeginport_cust.value = "";
305			document.iform.srcbeginport_cust.disabled = 1;
306			}
307			if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) {
308			document.iform.srcendport_cust.disabled = 0;
309			} else {
310			document.iform.srcendport_cust.value = "";
311			document.iform.srcendport_cust.disabled = 1;
312			}
313			if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled) {
314			document.iform.dstbeginport_cust.disabled = 0;
315			} else {
316			document.iform.dstbeginport_cust.value = "";
317			document.iform.dstbeginport_cust.disabled = 1;
318			}
319			if ((document.iform.dstendport.selectedIndex == 0) && portsenabled) {
320			document.iform.dstendport_cust.disabled = 0;
321			} else {
322			document.iform.dstendport_cust.value = "";
323			document.iform.dstendport_cust.disabled = 1;
324			}
325	5412cd45	Scott Ullrich
326	5b237745	Scott Ullrich	if (!portsenabled) {
327			document.iform.srcbeginport.disabled = 1;
328			document.iform.srcendport.disabled = 1;
329			document.iform.dstbeginport.disabled = 1;
330			document.iform.dstendport.disabled = 1;
331			} else {
332			document.iform.srcbeginport.disabled = 0;
333			document.iform.srcendport.disabled = 0;
334			document.iform.dstbeginport.disabled = 0;
335			document.iform.dstendport.disabled = 0;
336			}
337			}
338
339			function typesel_change() {
340			switch (document.iform.srctype.selectedIndex) {
341			case 1: /* single */
342			document.iform.src.disabled = 0;
343			document.iform.srcmask.value = "";
344			document.iform.srcmask.disabled = 1;
345			break;
346			case 2: /* network */
347			document.iform.src.disabled = 0;
348			document.iform.srcmask.disabled = 0;
349			break;
350			default:
351			document.iform.src.value = "";
352			document.iform.src.disabled = 1;
353			document.iform.srcmask.value = "";
354			document.iform.srcmask.disabled = 1;
355			break;
356			}
357			switch (document.iform.dsttype.selectedIndex) {
358			case 1: /* single */
359			document.iform.dst.disabled = 0;
360			document.iform.dstmask.value = "";
361			document.iform.dstmask.disabled = 1;
362			break;
363			case 2: /* network */
364			document.iform.dst.disabled = 0;
365			document.iform.dstmask.disabled = 0;
366			break;
367			default:
368			document.iform.dst.value = "";
369			document.iform.dst.disabled = 1;
370			document.iform.dstmask.value = "";
371			document.iform.dstmask.disabled = 1;
372			break;
373			}
374			}
375
376			function proto_change() {
377			if (document.iform.proto.selectedIndex < 2 \|\| document.iform.proto.selectedIndex == 8) {
378			portsenabled = 1;
379			} else {
380			portsenabled = 0;
381			}
382	5412cd45	Scott Ullrich
383	5b237745	Scott Ullrich	ext_change();
384			}
385
386			function src_rep_change() {
387			document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex;
388			}
389			function dst_rep_change() {
390			document.iform.dstendport.selectedIndex = document.iform.dstbeginport.selectedIndex;
391			}
392			//-->
393			</script>
394			</head>
395
396			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
397			<?php include("fbegin.inc"); ?>
398	da7ae7ef	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
399	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
400	5412cd45	Scott Ullrich	<?php if (is_array($config['shaper']['queue']) && (count($config['shaper']['queue']) > 0)): ?>
401	5b237745	Scott Ullrich	<form action="firewall_shaper_edit.php" method="post" name="iform" id="iform">
402			<table width="100%" border="0" cellpadding="6" cellspacing="0">
403	5412cd45	Scott Ullrich	<tr>
404	5b237745	Scott Ullrich	<td valign="top" class="vncellreq">Target</td>
405	1d819396	Bill Marquette	<td class="vtable"> <select name="outqueue" class="formfld">
406	5412cd45	Scott Ullrich	<?php
407	5b237745	Scott Ullrich	foreach ($config['shaper']['queue'] as $queuei => $queue): ?>
408	1d819396	Bill Marquette	<option value="<?=$queue['name'];?>" <?php if ($queue['name'] == $pconfig['outqueue']) echo "selected"; ?>>
409	72bc087a	Scott Ullrich	<?php
410	1d819396	Bill Marquette	echo htmlspecialchars("Outbound Queue " . ($queuei + 1));
411	5412cd45	Scott Ullrich	if ($queue['name'])
412			echo htmlspecialchars(" (" . $queue['name'] . ")");
413	72bc087a	Scott Ullrich	?>
414	5b237745	Scott Ullrich	</option>
415			<?php endforeach; ?>
416	1d819396	Bill Marquette	</select>/<select name="inqueue" class="formfld">
417	92b753f8	Bill Marquette	<?php
418			foreach ($config['shaper']['queue'] as $queuei => $queue): ?>
419	1d819396	Bill Marquette	<option value="<?=$queue['name'];?>" <?php if ($queue['name'] == $pconfig['inqueue']) echo "selected"; ?>>
420	92b753f8	Bill Marquette	<?php
421	1d819396	Bill Marquette	echo htmlspecialchars("Inbound Queue " . ($queuei + 1));
422	92b753f8	Bill Marquette	if ($queue['name'])
423			echo htmlspecialchars(" (" . $queue['name'] . ")");
424			?>
425			</option>
426			<?php endforeach; ?> <br>
427	54405438	Bill Marquette	<span class="vexpl">Choose a queue where packets that
428	5b237745	Scott Ullrich	match this rule should be sent.</span></td>
429			</tr>
430			<tr>
431			<td valign="top" class="vncellreq">Disabled</td>
432			<td class="vtable">
433			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
434			<strong>Disable this rule</strong><br>
435			<span class="vexpl">Set this option to disable this rule without removing it from the list.</span></td>
436			</tr>
437	5412cd45	Scott Ullrich	<tr>
438	e295675f	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">In Interface</td>
439			<td width="78%" class="vtable"> <select name="in-interface" class="formfld">
440	5b237745	Scott Ullrich	<?php $interfaces = array('lan' => 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP');
441			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
442			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
443			}
444			foreach ($interfaces as $iface => $ifacename): ?>
445	e295675f	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['in-interface']) echo "selected"; ?>>
446	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
447			</option>
448			<?php endforeach; ?>
449			</select> <br>
450	e295675f	Scott Ullrich	<span class="vexpl">Choose which interface packets must pass in to match this rule.</span></td>
451			</tr>
452			<tr>
453			<td width="22%" valign="top" class="vncellreq">Out Interface</td>
454			<td width="78%" class="vtable"> <select name="out-interface" class="formfld">
455			<?php $interfaces = array('lan' => 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP');
456			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
457			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
458			}
459			foreach ($interfaces as $iface => $ifacename): ?>
460			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['out-interface']) echo "selected"; ?>>
461			<?=htmlspecialchars($ifacename);?>
462			</option>
463			<?php endforeach; ?>
464			</select> <br>
465			<span class="vexpl">Choose which interface packets must pass out to match this rule.</span></td>
466	5b237745	Scott Ullrich	</tr>
467	5412cd45	Scott Ullrich	<tr>
468	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
469			<td width="78%" class="vtable"> <select name="proto" class="formfld" onchange="proto_change()">
470			<?php $protocols = explode(" ", "TCP UDP ICMP ESP AH GRE IPv6 IGMP any"); foreach ($protocols as $proto): ?>
471	5412cd45	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>>
472	5b237745	Scott Ullrich	<?=htmlspecialchars($proto);?>
473			</option>
474			<?php endforeach; ?>
475	5412cd45	Scott Ullrich	</select> <br> <span class="vexpl">Choose which IP protocol
476	5b237745	Scott Ullrich	this rule should match.<br>
477			Hint: in most cases, you should specify <em>TCP</em>  here.</span></td>
478			</tr>
479	5412cd45	Scott Ullrich	<tr>
480	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Source</td>
481	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
482	5b237745	Scott Ullrich	<strong>not</strong><br>
483	5412cd45	Scott Ullrich	Use this option to invert the sense of the match.<br> <br>
484	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
485	5412cd45	Scott Ullrich	<tr>
486	5b237745	Scott Ullrich	<td>Type:  </td>
487			<td><select name="srctype" class="formfld" onChange="typesel_change()">
488			<?php $sel = is_specialnet($pconfig['src']); ?>
489	5412cd45	Scott Ullrich	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>
490	5b237745	Scott Ullrich	any</option>
491	5412cd45	Scott Ullrich	<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
492	5b237745	Scott Ullrich	Single host or alias</option>
493	5412cd45	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
494	5b237745	Scott Ullrich	Network</option>
495	8b4be0b2	Scott Ullrich	<option value="wanip" <?php if ($pconfig['src'] == "wanip") { echo "selected"; } ?>>
496			WAN address</option>
497			<option value="lanip" <?php if ($pconfig['src'] == "lanip") { echo "selected"; } ?>>
498			LAN address</option>
499	5412cd45	Scott Ullrich	<option value="lan" <?php if ($pconfig['src'] == "lan") { echo "selected"; } ?>>
500	5b237745	Scott Ullrich	LAN subnet</option>
501	5412cd45	Scott Ullrich	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>
502	5b237745	Scott Ullrich	PPTP clients</option>
503			<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
504	5412cd45	Scott Ullrich	<option value="opt<?=$i;?>" <?php if ($pconfig['src'] == "opt" . $i) { echo "selected"; } ?>>
505	5b237745	Scott Ullrich	<?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?>
506			subnet</option>
507			<?php endfor; ?>
508			</select></td>
509			</tr>
510	5412cd45	Scott Ullrich	<tr>
511	5b237745	Scott Ullrich	<td>Address:  </td>
512	7f387ab0	Erik Kristensen	<td><input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>">
513	5412cd45	Scott Ullrich	/
514	5b237745	Scott Ullrich	<select name="srcmask" class="formfld" id="srcmask">
515			<?php for ($i = 31; $i > 0; $i--): ?>
516	5412cd45	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>>
517	5b237745	Scott Ullrich	<?=$i;?>
518			</option>
519			<?php endfor; ?>
520			</select></td>
521			</tr>
522			</table></td>
523			</tr>
524	5412cd45	Scott Ullrich	<tr>
525			<td width="22%" valign="top" class="vncellreq">Source port range
526	5b237745	Scott Ullrich	</td>
527			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
528	5412cd45	Scott Ullrich	<tr>
529	5b237745	Scott Ullrich	<td>from:  </td>
530			<td><select name="srcbeginport" class="formfld" onchange="src_rep_change();ext_change()">
531			<option value="">(other)</option>
532			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
533			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
534			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) {
535			echo "selected";
536			$bfound = 1;
537	5412cd45	Scott Ullrich	}?>>
538	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
539			</option>
540			<?php endforeach; ?>
541	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"></td>
542	5b237745	Scott Ullrich	</tr>
543	5412cd45	Scott Ullrich	<tr>
544	5b237745	Scott Ullrich	<td>to:</td>
545			<td><select name="srcendport" class="formfld" onchange="ext_change()">
546			<option value="">(other)</option>
547			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
548			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
549			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) {
550			echo "selected";
551			$bfound = 1;
552	5412cd45	Scott Ullrich	}?>>
553	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
554			</option>
555			<?php endforeach; ?>
556	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"></td>
557	5b237745	Scott Ullrich	</tr>
558			</table>
559	5412cd45	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range for
560	5b237745	Scott Ullrich	the source of the packet for this rule.<br>
561	5412cd45	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
562	5b237745	Scott Ullrich	want to filter a single port</span></td>
563	5412cd45	Scott Ullrich	<tr>
564	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Destination</td>
565	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
566	5b237745	Scott Ullrich	<strong>not</strong><br>
567	5412cd45	Scott Ullrich	Use this option to invert the sense of the match.<br> <br>
568	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
569	5412cd45	Scott Ullrich	<tr>
570	5b237745	Scott Ullrich	<td>Type:  </td>
571			<td><select name="dsttype" class="formfld" onChange="typesel_change()">
572			<?php $sel = is_specialnet($pconfig['dst']); ?>
573	5412cd45	Scott Ullrich	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>
574	5b237745	Scott Ullrich	any</option>
575	5412cd45	Scott Ullrich	<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
576	5b237745	Scott Ullrich	Single host or alias</option>
577	5412cd45	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
578	5b237745	Scott Ullrich	Network</option>
579	8b4be0b2	Scott Ullrich	<option value="wanip" <?php if ($pconfig['dst'] == "wanip") { echo "selected"; } ?>>
580			WAN address</option>
581			<option value="lanip" <?php if ($pconfig['dst'] == "lanip") { echo "selected"; } ?>>
582			LAN address</option>
583	5412cd45	Scott Ullrich	<option value="lan" <?php if ($pconfig['dst'] == "lan") { echo "selected"; } ?>>
584	5b237745	Scott Ullrich	LAN subnet</option>
585	5412cd45	Scott Ullrich	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>
586	5b237745	Scott Ullrich	PPTP clients</option>
587			<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
588	5412cd45	Scott Ullrich	<option value="opt<?=$i;?>" <?php if ($pconfig['dst'] == "opt" . $i) { echo "selected"; } ?>>
589	5b237745	Scott Ullrich	<?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?>
590			subnet</option>
591			<?php endfor; ?>
592			</select> </td>
593			</tr>
594	5412cd45	Scott Ullrich	<tr>
595	5b237745	Scott Ullrich	<td>Address:  </td>
596	7f387ab0	Erik Kristensen	<td><input name="dst" autocomplete='off' type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
597	5412cd45	Scott Ullrich	/
598	5b237745	Scott Ullrich	<select name="dstmask" class="formfld" id="dstmask">
599			<?php for ($i = 31; $i > 0; $i--): ?>
600	5412cd45	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>>
601	5b237745	Scott Ullrich	<?=$i;?>
602			</option>
603			<?php endfor; ?>
604			</select></td>
605			</tr>
606			</table></td>
607			</tr>
608	5412cd45	Scott Ullrich	<tr>
609			<td width="22%" valign="top" class="vncellreq">Destination port
610	5b237745	Scott Ullrich	range </td>
611			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
612	5412cd45	Scott Ullrich	<tr>
613	5b237745	Scott Ullrich	<td>from:  </td>
614			<td><select name="dstbeginport" class="formfld" onchange="dst_rep_change();ext_change()">
615			<option value="">(other)</option>
616			<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
617			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
618			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) {
619			echo "selected";
620			$bfound = 1;
621	5412cd45	Scott Ullrich	}?>>
622	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
623			</option>
624			<?php endforeach; ?>
625	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"></td>
626	5b237745	Scott Ullrich	</tr>
627	5412cd45	Scott Ullrich	<tr>
628	5b237745	Scott Ullrich	<td>to:</td>
629			<td><select name="dstendport" class="formfld" onchange="ext_change()">
630			<option value="">(other)</option>
631			<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
632			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
633			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) {
634			echo "selected";
635			$bfound = 1;
636	5412cd45	Scott Ullrich	}?>>
637	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
638			</option>
639			<?php endforeach; ?>
640	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"></td>
641	5b237745	Scott Ullrich	</tr>
642			</table>
643	5412cd45	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range for
644	5b237745	Scott Ullrich	the destination of the packet for this rule.<br>
645	5412cd45	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
646	5b237745	Scott Ullrich	want to filter a single port</span></td>
647	5412cd45	Scott Ullrich	<tr>
648	5b237745	Scott Ullrich	<td valign="top" class="vncell">Direction</td>
649			<td class="vtable"> <select name="direction" class="formfld">
650			<option value="" <?php if (!$pconfig['direction']) echo "selected"; ?>>any</option>
651			<option value="in" <?php if ($pconfig['direction'] == "in") echo "selected"; ?>>in</option>
652			<option value="out" <?php if ($pconfig['direction'] == "out") echo "selected"; ?>>out</option>
653			</select> <br>
654	5412cd45	Scott Ullrich	Use this to match only packets travelling in a given direction
655			on the interface specified above (as seen from the firewall's
656	5b237745	Scott Ullrich	perspective). </td>
657			</tr>
658	5412cd45	Scott Ullrich	<tr>
659	36de9000	Scott Ullrich	<td width="22%" valign="top" class="vncell">IP Type of Service (TOS)</td>
660			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
661	5412cd45	Scott Ullrich	<?php
662	3ffab555	Scott Ullrich	$iniptos = explode(",", $pconfig['iptos']);
663			foreach ($iptos as $tos): $dontcare = true; ?>
664	5412cd45	Scott Ullrich	<tr>
665			<td width="80" nowrap><strong>
666	3ffab555	Scott Ullrich	<?echo $tos;?>
667	36de9000	Scott Ullrich	</strong></td>
668			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="on" <?php if (array_search($tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
669			yes   </td>
670			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="off" <?php if (array_search("!" . $tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
671			no   </td>
672			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="" <?php if ($dontcare) echo "checked";?>>
673			don't care</td>
674			</tr>
675			<?php endforeach; ?>
676			</table>
677			<span class="vexpl">Use this to match packets according to their IP TOS values.
678			</span></td>
679	5b237745	Scott Ullrich	</tr>
680	5412cd45	Scott Ullrich	<tr>
681	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">TCP flags</td>
682			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
683	5412cd45	Scott Ullrich	<?php
684	5b237745	Scott Ullrich	$inflags = explode(",", $pconfig['tcpflags']);
685			foreach ($tcpflags as $tcpflag): $dontcare = true; ?>
686	5412cd45	Scott Ullrich	<tr>
687			<td width="40" nowrap><strong>
688	5b237745	Scott Ullrich	<?=strtoupper($tcpflag);?>
689			</strong></td>
690			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="on" <?php if (array_search($tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>>
691			set   </td>
692			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="off" <?php if (array_search("!" . $tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>>
693			cleared   </td>
694			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="" <?php if ($dontcare) echo "checked";?>>
695			don't care</td>
696			</tr>
697			<?php endforeach; ?>
698			</table>
699	5412cd45	Scott Ullrich	<span class="vexpl">Use this to choose TCP flags that must
700	5b237745	Scott Ullrich	be set or cleared for this rule to match.</span></td>
701			</tr>
702	5412cd45	Scott Ullrich	<tr>
703	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
704	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
705			<br> <span class="vexpl">You may enter a description here
706	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
707			</tr>
708	5412cd45	Scott Ullrich	<tr>
709	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
710	fc01e414	Scott Ullrich	<td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
711	5b237745	Scott Ullrich	<?php if (isset($id) && $a_shaper[$id]): ?>
712			<input name="id" type="hidden" value="<?=$id;?>">
713			<?php endif; ?>
714			<input name="after" type="hidden" value="<?=$after;?>">
715			</td>
716			</tr>
717			</table>
718			</form>
719			<script language="JavaScript">
720			<!--
721			ext_change();
722			typesel_change();
723			proto_change();
724	79e8a215	Scott Ullrich	-->
725	5b237745	Scott Ullrich	</script>
726	12bcdc89	Scott Ullrich	<?php else: ?>
727	71c2518c	Scott Ullrich	<p><strong>You need to create a queue before you can add a new rule.</strong></p>
728	12bcdc89	Scott Ullrich	<?php endif; ?>
729	79e8a215	Scott Ullrich	<?php
730			$isfirst = 0;
731			$aliases = "";
732			$addrisfirst = 0;
733			$aliasesaddr = "";
734	b7141335	Scott Ullrich	if(is_array($config['aliases']['alias'])) {
735			foreach($config['aliases']['alias'] as $alias_name) {
736			if(!stristr($alias_name['address'], ".")) {
737			if($isfirst == 1) $aliases .= ",";
738			$aliases .= "'" . $alias_name['name'] . "'";
739			$isfirst = 1;
740			} else {
741			if($addrisfirst == 1) $aliasesaddr .= ",";
742			$aliasesaddr .= "'" . $alias_name['name'] . "'";
743			$addrisfirst = 1;
744			}
745	79e8a215	Scott Ullrich	}
746			}
747			?>
748
749			<script language="JavaScript">
750			<!--
751	7f387ab0	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
752			var customarray=new Array(<?php echo $aliases; ?>);
753	79e8a215	Scott Ullrich	//-->
754			</script>
755	7f387ab0	Erik Kristensen
756	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
757			</body>
758			</html>

Project

General

Profile

pfSense