Revision 1b8b0963
Added by Marcos M about 2 years ago
| src/etc/inc/filter.inc | ||
|---|---|---|
| 1990 | 1990 |
$natent['interface'] = $if; |
| 1991 | 1991 |
$natent['source']['network'] = $src; |
| 1992 | 1992 |
$natent['dstport'] = "500"; |
| 1993 |
$natent['target'] = ""; |
|
| 1993 |
$natent['target_type'] = "";
|
|
| 1994 | 1994 |
$natent['destination']['any'] = true; |
| 1995 | 1995 |
$natent['staticnatport'] = true; |
| 1996 | 1996 |
$natent['descr'] = gettext('Auto created rule for ISAKMP');
|
| ... | ... | |
| 2000 | 2000 |
$natent['interface'] = $if; |
| 2001 | 2001 |
$natent['source']['network'] = $src; |
| 2002 | 2002 |
$natent['sourceport'] = ""; |
| 2003 |
$natent['target'] = ""; |
|
| 2003 |
$natent['target_type'] = "";
|
|
| 2004 | 2004 |
$natent['destination']['any'] = true; |
| 2005 | 2005 |
$natent['natport'] = ""; |
| 2006 | 2006 |
$natent['descr'] = gettext('Auto created rule');
|
| ... | ... | |
| 2439 | 2439 |
continue; |
| 2440 | 2440 |
} |
| 2441 | 2441 |
|
| 2442 |
$obtarget = $obent['target'] . (!is_alias($obent['target'] && !empty($obent['target_subnet'])) ? '/' . $obent['target_subnet'] : '');
|
|
| 2442 |
$obtarget = ($obent['target_type'] == "network") ? $obent['target'] . '/' . $obent['target_subnet']: $obent['target_type'];
|
|
| 2443 | 2443 |
$poolopts = (is_subnet($obtarget) || is_alias($obtarget)) ? $obent['poolopts'] : ""; |
| 2444 | 2444 |
|
| 2445 | 2445 |
/* pool option source-hash allows specification of an optional source-hash key */ |
| ... | ... | |
| 2500 | 2500 |
$a_out['sourceport'], |
| 2501 | 2501 |
$a_out['destination']['address'], |
| 2502 | 2502 |
$a_out['dstport'], |
| 2503 |
$a_out['target'], |
|
| 2503 |
$a_out['target_type'],
|
|
| 2504 | 2504 |
$a_out['natport'], |
| 2505 | 2505 |
isset($a_out['nonat']), |
| 2506 | 2506 |
isset($a_out['staticnatport'])); |
| src/etc/inc/upgrade_config.inc | ||
|---|---|---|
| 6791 | 6791 |
foreach ($obn_rules as & $obent) {
|
| 6792 | 6792 |
if (empty($obent['target'])) {
|
| 6793 | 6793 |
// migrate interface address selection |
| 6794 |
$obent['target'] = $obent['interface'] . 'ip'; |
|
| 6794 |
$obent['target_type'] = $obent['interface'] . 'ip'; |
|
| 6795 |
$obent['target'] = ''; |
|
| 6796 |
$obent['target_subnet'] = ''; |
|
| 6797 |
} elseif (str_contains($obent['target'], ':') || |
|
| 6798 |
str_contains($obent['target'], '.')) {
|
|
| 6799 |
// migrate VIPs |
|
| 6800 |
if (get_specialnet($obent['target'])) {
|
|
| 6801 |
$obent['target_type'] = $obent['target']; |
|
| 6802 |
$obent['target'] = ''; |
|
| 6803 |
} else {
|
|
| 6804 |
$obent['target_type'] = ''; |
|
| 6805 |
} |
|
| 6795 | 6806 |
$obent['target_subnet'] = ''; |
| 6796 | 6807 |
} elseif ($obent['target'] == 'other-subnet') {
|
| 6797 | 6808 |
// migrate custom subnets |
| 6809 |
$obent['target_type'] = 'network'; |
|
| 6798 | 6810 |
$obent['target'] = $obent['targetip']; |
| 6799 | 6811 |
$obent['target_subnet'] = $obent['targetip_subnet']; |
| 6800 | 6812 |
} else {
|
| 6801 |
// migrate VIPs and aliases |
|
| 6813 |
// migrate aliases |
|
| 6814 |
$obent['target_type'] = 'network'; |
|
| 6802 | 6815 |
$obent['target_subnet'] = ''; |
| 6803 | 6816 |
} |
| 6804 | 6817 |
foreach (['targetip', 'targetip_subnet'] as $old) {
|
| src/usr/local/pfSense/include/www/firewall_nat_out.inc | ||
|---|---|---|
| 73 | 73 |
if ($rule['interface'] == $natent['interface'] && |
| 74 | 74 |
$rule['source']['network'] == $natent['source']['network'] && |
| 75 | 75 |
$rule['dstport'] == $natent['dstport'] && |
| 76 |
$rule['target'] == $natent['target'] &&
|
|
| 76 |
$rule['target_type'] == $natent['target_type'] &&
|
|
| 77 | 77 |
$rule['descr'] == $natent['descr']) {
|
| 78 | 78 |
$found = true; |
| 79 | 79 |
break; |
| ... | ... | |
| 285 | 285 |
$natent['source']['network'] = $osn; |
| 286 | 286 |
$natent['sourceport'] = ($protocol_uses_ports) ? $post['sourceport'] : ""; |
| 287 | 287 |
$natent['descr'] = $post['descr']; |
| 288 |
if (isset($post['nonat'])) {
|
|
| 289 |
$natent['target'] = ''; |
|
| 290 |
} elseif ($post['target_type'] == 'network') {
|
|
| 291 |
$natent['target'] = $post['target']; |
|
| 292 |
} else {
|
|
| 293 |
$natent['target'] = $post['target_type']; |
|
| 294 |
} |
|
| 288 |
$natent['target_type'] = (!isset($post['nonat'])) ? $post['target_type'] : ""; |
|
| 289 |
$natent['target'] = (!isset($post['nonat'])) ? $post['target'] : ""; |
|
| 295 | 290 |
$natent['target_subnet'] = (!isset($post['nonat'])) ? $post['target_subnet'] : ""; |
| 296 | 291 |
$natent['interface'] = $post['interface']; |
| 297 | 292 |
$natent['poolopts'] = $poolopts; |
| ... | ... | |
| 407 | 402 |
|
| 408 | 403 |
$pconfig['ipprotocol'] = $a_out[$id]['ipprotocol']; |
| 409 | 404 |
$pconfig['protocol'] = $a_out[$id]['protocol']; |
| 410 |
|
|
| 411 |
$pconfig['source_type'] = 'any'; |
|
| 412 |
$pconfig['source'] = ''; |
|
| 413 |
$pconfig['source_subnet'] = ''; |
|
| 414 |
if (!empty($a_out[$id]['source']['network'])) {
|
|
| 415 |
if (get_specialnet($a_out[$id]['source']['network'])) {
|
|
| 416 |
$pconfig['source_type'] = $pconfig['source']; |
|
| 417 |
} else {
|
|
| 418 |
$pconfig['source_type'] = 'network'; |
|
| 419 |
list($pconfig['source'], $pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']);
|
|
| 420 |
} |
|
| 405 |
list($pconfig['source'], $pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']);
|
|
| 406 |
if (!is_numeric($pconfig['source_subnet'])) {
|
|
| 407 |
$pconfig['source_subnet'] = 32; |
|
| 421 | 408 |
} |
| 422 | 409 |
$pconfig['sourceport'] = $a_out[$id]['sourceport']; |
| 423 |
|
|
| 424 |
$pconfig['destination_type'] = 'any'; |
|
| 425 |
$pconfig['destination'] = ''; |
|
| 426 |
$pconfig['destination_subnet'] = ''; |
|
| 427 |
if (!empty($a_out[$id]['destination']['address'])) {
|
|
| 428 |
if (get_specialnet($a_out[$id]['destination']['address'])) {
|
|
| 429 |
$pconfig['destination_type'] = $pconfig['destination']; |
|
| 430 |
} else {
|
|
| 431 |
$pconfig['destination_type'] = 'network'; |
|
| 432 |
list($pconfig['destination'], $pconfig['destination_subnet']) = explode('/', $a_out[$id]['destination']['address']);
|
|
| 433 |
} |
|
| 434 |
} |
|
| 410 |
address_to_pconfig($a_out[$id]['destination'], $pconfig['destination'], |
|
| 411 |
$pconfig['destination_subnet'], $pconfig['destination_not'], |
|
| 412 |
$none, $none); |
|
| 413 |
|
|
| 435 | 414 |
$pconfig['dstport'] = $a_out[$id]['dstport']; |
| 436 |
$pconfig['destination_not'] = (isset($a_out[$id]['destination']['not'])) ? 1 : 0; |
|
| 437 |
|
|
| 438 | 415 |
$pconfig['natport'] = $a_out[$id]['natport']; |
| 416 |
$pconfig['target'] = $a_out[$id]['target']; |
|
| 439 | 417 |
$pconfig['target_subnet'] = $a_out[$id]['target_subnet']; |
| 440 | 418 |
$pconfig['poolopts'] = $a_out[$id]['poolopts']; |
| 441 | 419 |
$pconfig['source_hash_key'] = $a_out[$id]['source_hash_key']; |
| ... | ... | |
| 444 | 422 |
if (!$pconfig['interface']) {
|
| 445 | 423 |
$pconfig['interface'] = "wan"; |
| 446 | 424 |
} |
| 447 |
$pconfig['target'] = $a_out[$id]['target']; |
|
| 448 |
if (empty($pconfig['target'])) {
|
|
| 449 |
$pconfig['target_type'] = $pconfig['interface'] . 'ip'; |
|
| 450 |
} else {
|
|
| 451 |
$pconfig['target_type'] = (get_specialnet($pconfig['target'])) ? $pconfig['target'] : 'network'; |
|
| 452 |
} |
|
| 425 |
$pconfig['target_type'] = empty($a_out[$id]['target_type']) ? $pconfig['interface'] . 'ip' : $a_out[$id]['target_type']; |
|
| 453 | 426 |
$pconfig['descr'] = $a_out[$id]['descr']; |
| 454 | 427 |
$pconfig['nonat'] = $a_out[$id]['nonat']; |
| 455 | 428 |
$pconfig['disabled'] = isset($a_out[$id]['disabled']); |
| 456 | 429 |
$pconfig['staticnatport'] = isset($a_out[$id]['staticnatport']); |
| 457 | 430 |
$pconfig['nosync'] = isset($a_out[$id]['nosync']); |
| 458 | 431 |
} else {
|
| 459 |
$pconfig['source_type'] = 'any'; |
|
| 460 |
$pconfig['source'] = ''; |
|
| 461 |
$pconfig['source_subnet'] = ''; |
|
| 462 |
$pconfig['destination_type'] = 'any'; |
|
| 463 |
$pconfig['destination'] = ''; |
|
| 464 |
$pconfig['destination_subnet'] = ''; |
|
| 465 |
$pconfig['interface'] = 'wan'; |
|
| 466 |
$pconfig['target'] = $pconfig['interface'] . 'ip'; |
|
| 432 |
$pconfig['source_subnet'] = 24; |
|
| 433 |
$pconfig['destination'] = "any"; |
|
| 434 |
$pconfig['destination_subnet'] = 24; |
|
| 435 |
$pconfig['interface'] = "wan"; |
|
| 436 |
$pconfig['target_type'] = $pconfig['interface'] . 'ip'; |
|
| 467 | 437 |
} |
| 468 | 438 |
|
| 469 | 439 |
return $json ? json_encode($pconfig):$pconfig; |
| src/usr/local/www/firewall_nat_out.php | ||
|---|---|---|
| 320 | 320 |
<?php |
| 321 | 321 |
if (isset($natent['nonat'])) {
|
| 322 | 322 |
echo '<I>NO NAT</I>'; |
| 323 |
} elseif (array_key_exists($natent['target'], $specialnet)) {
|
|
| 324 |
echo htmlspecialchars($specialnet[$natent['target']]); |
|
| 323 |
} elseif ($natent['target_type'] != "network" && array_key_exists($natent['target_type'], $specialnet)) {
|
|
| 324 |
echo htmlspecialchars($specialnet[$natent['target_type']]);
|
|
| 325 | 325 |
} elseif (!empty($natent['target'])) {
|
| 326 | 326 |
if (isset($alias['target'])): |
| 327 | 327 |
?> |
| ... | ... | |
| 329 | 329 |
<?php |
| 330 | 330 |
endif; |
| 331 | 331 |
?> |
| 332 |
<?=str_replace('_', '_<wbr>', htmlspecialchars($natent['target'] . ((!isset($alias['target']) && !empty($natent['target_subnet'])) ? '/' . $natent['target_subnet'] : '')))?>
|
|
| 332 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['target']))) . (!empty($natent['target_subnet'] && !isset($alias['target'])) ? '/' . $natent['target_subnet'] : '')?>
|
|
| 333 | 333 |
<?php |
| 334 | 334 |
if (isset($alias['target'])): |
| 335 | 335 |
?> |
| ... | ... | |
| 476 | 476 |
<?php |
| 477 | 477 |
if (isset($natent['nonat'])) {
|
| 478 | 478 |
echo 'NO NAT'; |
| 479 |
} elseif (array_key_exists($natent['target'], $specialnet)) {
|
|
| 480 |
echo htmlspecialchars($specialnet[$natent['target']]); |
|
| 479 |
} elseif ($natent['target_type'] != "network" && array_key_exists($natent['target_type'], $specialnet)) {
|
|
| 480 |
echo htmlspecialchars($specialnet[$natent['target_type']]);
|
|
| 481 | 481 |
} elseif (!empty($natent['target'])) {
|
| 482 | 482 |
echo $natent['target'] . (!empty($natent['target_subnet']) ? '/' . $natent['target_subnet'] : ''); |
| 483 | 483 |
} |
| src/usr/local/www/firewall_nat_out_edit.php | ||
|---|---|---|
| 126 | 126 |
$group->add(new Form_Select( |
| 127 | 127 |
'source_type', |
| 128 | 128 |
null, |
| 129 |
$pconfig['source_type'],
|
|
| 129 |
(($pconfig['source'] == "any") || ($pconfig['source'] == "(self)")) ? $pconfig['source'] : "network",
|
|
| 130 | 130 |
get_specialnet('', [SPECIALNET_ANY, SPECIALNET_SELF, SPECIALNET_NETAL])
|
| 131 | 131 |
))->setHelp('Type')->setWidth('3');
|
| 132 | 132 |
|
| ... | ... | |
| 151 | 151 |
$group->add(new Form_Select( |
| 152 | 152 |
'destination_type', |
| 153 | 153 |
null, |
| 154 |
$pconfig['destination_type'],
|
|
| 154 |
$pconfig['destination'] == "any" ? "any":"network",
|
|
| 155 | 155 |
get_specialnet('', [SPECIALNET_ANY, SPECIALNET_NETAL])
|
| 156 | 156 |
))->setHelp('Type')->setWidth('3');
|
| 157 | 157 |
|
| 158 | 158 |
$group->add(new Form_IpAddress( |
| 159 | 159 |
'destination', |
| 160 | 160 |
null, |
| 161 |
$pconfig['destination'], |
|
| 161 |
$pconfig['destination'] == "any" ? "":$pconfig['destination'],
|
|
| 162 | 162 |
'ALIASV4V6' |
| 163 | 163 |
))->addMask('destination_subnet', $pconfig['destination_subnet'])->setHelp('Destination network for the outbound NAT mapping.');
|
| 164 | 164 |
|
Also available in: Unified diff
Revert "Refactor outbound NAT target config field"
This reverts commit 5557bc594916a5a6ff51ac8ed319a6ad436d3475.