/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ 29af4f6f

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: filter
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-rules-edit
39			##\|*NAME=Firewall: Rules: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
41			##\|MATCH=firewall_rules_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	1a03cf69	Scott Ullrich	require("filter.inc");
46			require("shaper.inc");
47	5b237745	Scott Ullrich
48	e5e5ba51	Vinicius Coque	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
49	3331a640	Ermal Lu?i	$ifdisp = get_configured_interface_with_descr();
50	679d21bb	Ermal Lu?i	foreach ($ifdisp as $kif => $kdescr) {
51	3331a640	Ermal Lu?i	$specialsrcdst[] = "{$kif}";
52			$specialsrcdst[] = "{$kif}ip";
53	679d21bb	Ermal Lu?i	}
54	5b237745	Scott Ullrich
55			if (!is_array($config['filter']['rule'])) {
56			$config['filter']['rule'] = array();
57			}
58			filter_rules_sort();
59			$a_filter = &$config['filter']['rule'];
60
61			$id = $_GET['id'];
62			if (is_numeric($_POST['id']))
63			$id = $_POST['id'];
64	5ba18897	Scott Ullrich
65	5b237745	Scott Ullrich	$after = $_GET['after'];
66
67			if (isset($_POST['after']))
68			$after = $_POST['after'];
69
70			if (isset($_GET['dup'])) {
71			$id = $_GET['dup'];
72			$after = $_GET['dup'];
73			}
74
75			if (isset($id) && $a_filter[$id]) {
76			$pconfig['interface'] = $a_filter[$id]['interface'];
77	5ba18897	Scott Ullrich
78	b9e28d57	unknown	if (isset($a_filter[$id]['id']))
79			$pconfig['ruleid'] = $a_filter[$id]['id'];
80
81	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
82			$pconfig['type'] = "pass";
83			else
84			$pconfig['type'] = $a_filter[$id]['type'];
85	5ba18897	Scott Ullrich
86	4633edc2	Ermal Luçi	if (isset($a_filter[$id]['floating']) \|\| $if == "FloatingRules") {
87	661aed33	Ermal Luçi	$pconfig['floating'] = $a_filter[$id]['floating'];
88			if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
89			$pconfig['interface'] = $a_filter[$id]['interface'];
90			}
91
92			if (isset($a_filter['floating']))
93			$pconfig['floating'] = "yes";
94
95			if (isset($a_filter[$id]['direction']))
96			$pconfig['direction'] = $a_filter[$id]['direction'];
97
98	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
99			$pconfig['proto'] = $a_filter[$id]['protocol'];
100			else
101			$pconfig['proto'] = "any";
102	5ba18897	Scott Ullrich
103	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
104			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
105	5ba18897	Scott Ullrich
106	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
107			$pconfig['srcmask'], $pconfig['srcnot'],
108			$pconfig['srcbeginport'], $pconfig['srcendport']);
109	5ba18897	Scott Ullrich
110	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
111			$pconfig['os'] = $a_filter[$id]['os'];
112	e33c8694	Bill Marquette
113	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
114			$pconfig['dstmask'], $pconfig['dstnot'],
115			$pconfig['dstbeginport'], $pconfig['dstendport']);
116
117	c5fc1b2e	Ermal Luçi	if ($a_filter[$id]['dscp'] <> "")
118			$pconfig['dscp'] = $a_filter[$id]['dscp'];
119
120	5b237745	Scott Ullrich	$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
121			$pconfig['log'] = isset($a_filter[$id]['log']);
122			$pconfig['descr'] = $a_filter[$id]['descr'];
123	8c84fe43	Scott Ullrich
124	b8ed2a11	Ermal	if (isset($a_filter[$id]['tcpflags_any']))
125			$pconfig['tcpflags_any'] = true;
126			else {
127			if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
128			$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1'];
129			if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
130			$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2'];
131			}
132
133	5c1f5584	Ermal Luçi	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
134	661aed33	Ermal Luçi	$pconfig['tag'] = $a_filter[$id]['tag'];
135	b6494651	Ermal Lu?i	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "")
136	661aed33	Ermal Luçi	$pconfig['tagged'] = $a_filter[$id]['tagged'];
137			if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick'])
138			$pconfig['quick'] = $a_filter[$id]['quick'];
139	775ccea3	Ermal Luci	if (isset($a_filter[$id]['allowopts']))
140			$pconfig['allowopts'] = true;
141	19757916	Ermal Lu?i	if (isset($a_filter[$id]['disablereplyto']))
142			$pconfig['disablereplyto'] = true;
143	661aed33	Ermal Luçi
144	ed08ef3e	Scott Ullrich	/* advanced */
145	a56b2fa0	pierrepomes	$pconfig['max'] = $a_filter[$id]['max'];
146	f1c49ff4	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
147	26dd6a54	pierrepomes	$pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn'];
148	f1c49ff4	Scott Ullrich	$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
149			$pconfig['statetype'] = $a_filter[$id]['statetype'];
150	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
151	8c84fe43	Scott Ullrich
152	f1c49ff4	Scott Ullrich	/* advanced - nosync */
153	8c84fe43	Scott Ullrich	$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
154	10f21e70	Scott Ullrich
155	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
156			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
157			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
158	5ba18897	Scott Ullrich
159	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
160	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
161	615b27bc	Scott Dale
162	197bfe96	Ermal Luçi	/* Shaper support */
163			$pconfig['defaultqueue'] = $a_filter[$id]['defaultqueue'];
164			$pconfig['ackqueue'] = $a_filter[$id]['ackqueue'];
165	a5fd67e1	Ermal Luçi	$pconfig['dnpipe'] = $a_filter[$id]['dnpipe'];
166			$pconfig['pdnpipe'] = $a_filter[$id]['pdnpipe'];
167	7e50413c	Ermal Luçi	$pconfig['l7container'] = $a_filter[$id]['l7container'];
168	197bfe96	Ermal Luçi
169	615b27bc	Scott Dale	//schedule support
170			$pconfig['sched'] = $a_filter[$id]['sched'];
171	35c9cd44	Erik Fonnesbeck	if (!isset($_GET['dup']))
172			$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
173	c98ddde2	Bill Marquette
174	5b237745	Scott Ullrich	} else {
175			/* defaults */
176	a23d7248	Scott Ullrich	if ($_GET['if'])
177			$pconfig['interface'] = $_GET['if'];
178	e5e5ba51	Vinicius Coque	$pconfig['type'] = "pass";
179			$pconfig['src'] = "any";
180			$pconfig['dst'] = "any";
181	5b237745	Scott Ullrich	}
182	72320b88	Ermal Luçi	/* Allow the FlotingRules to work */
183			$if = $pconfig['interface'];
184	5b237745	Scott Ullrich
185			if (isset($_GET['dup']))
186			unset($id);
187
188			if ($_POST) {
189	87f0be87	Chris Buechler
190	48a27d4f	Erik Fonnesbeck	if( isset($a_filter[$id]['associated-rule-id']) ) {
191			$_POST['proto'] = $pconfig['proto'];
192			if ($pconfig['proto'] == "icmp")
193			$_POST['icmptype'] = $pconfig['icmptype'];
194			}
195
196	87f0be87	Chris Buechler	if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
197	11d2c529	Rafael Lucas	$input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP.");
198	28f9e493	Scott Ullrich
199	a391d0ab	Ermal	if ($_POST['type'] == "match" && $_POST['defaultqueue'] == "none")
200			$input_errors[] = gettext("Queue type rules only work with queues.");
201
202	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
203			$_POST['srcbeginport'] = 0;
204			$_POST['srcendport'] = 0;
205			$_POST['dstbeginport'] = 0;
206			$_POST['dstendport'] = 0;
207			} else {
208	5ba18897	Scott Ullrich
209	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
210			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
211			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
212			$_POST['srcendport'] = $_POST['srcendport_cust'];
213	5ba18897	Scott Ullrich
214	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
215			$_POST['srcbeginport'] = 0;
216			$_POST['srcendport'] = 0;
217	5ba18897	Scott Ullrich	} else {
218	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
219			$_POST['srcendport'] = $_POST['srcbeginport'];
220			}
221			if ($_POST['srcendport'] == "any")
222			$_POST['srcendport'] = $_POST['srcbeginport'];
223	5ba18897	Scott Ullrich
224	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
225			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
226			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
227			$_POST['dstendport'] = $_POST['dstendport_cust'];
228	5ba18897	Scott Ullrich
229	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
230			$_POST['dstbeginport'] = 0;
231			$_POST['dstendport'] = 0;
232	5ba18897	Scott Ullrich	} else {
233	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
234			$_POST['dstendport'] = $_POST['dstbeginport'];
235			}
236			if ($_POST['dstendport'] == "any")
237	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
238	5b237745	Scott Ullrich	}
239	5ba18897	Scott Ullrich
240	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
241			$_POST['src'] = $_POST['srctype'];
242			$_POST['srcmask'] = 0;
243			} else if ($_POST['srctype'] == "single") {
244			$_POST['srcmask'] = 32;
245			}
246			if (is_specialnet($_POST['dsttype'])) {
247			$_POST['dst'] = $_POST['dsttype'];
248			$_POST['dstmask'] = 0;
249			} else if ($_POST['dsttype'] == "single") {
250			$_POST['dstmask'] = 32;
251			}
252	5ba18897	Scott Ullrich
253	5b237745	Scott Ullrich	unset($input_errors);
254			$pconfig = $_POST;
255
256			/* input validation */
257	1122a892	Erik Fonnesbeck	$reqdfields = explode(" ", "type proto");
258			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
259	48a27d4f	Erik Fonnesbeck	$reqdfields[] = "src";
260			$reqdfields[] = "dst";
261	1122a892	Erik Fonnesbeck	}
262			$reqdfieldsn = explode(",", "Type,Protocol");
263			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
264			$reqdfieldsn[] = "Source";
265	473d0ff0	pierrepomes	$reqdfieldsn[] = "Destination";
266	1122a892	Erik Fonnesbeck	}
267	5b237745	Scott Ullrich
268	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
269	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
270	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid with protocol tcp."),$_POST['statetype']);
271	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
272	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
273	452ade89	Bill Marquette	}
274	10f7933f	Chris Buechler
275	1122a892	Erik Fonnesbeck	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
276			(!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) ) {
277	5b237745	Scott Ullrich	$reqdfields[] = "srcmask";
278			$reqdfieldsn[] = "Source bit count";
279			}
280	9b16b834	Ermal Lu?i	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
281	473d0ff0	pierrepomes	(!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) ) {
282	5b237745	Scott Ullrich	$reqdfields[] = "dstmask";
283	11d2c529	Rafael Lucas	$reqdfieldsn[] = gettext("Destination bit count");
284	5b237745	Scott Ullrich	}
285	5ba18897	Scott Ullrich
286	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
287	5ba18897	Scott Ullrich
288	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
289			$_POST['srcbeginport'] = 0;
290			$_POST['srcendport'] = 0;
291			}
292			if (!$_POST['dstbeginport']) {
293			$_POST['dstbeginport'] = 0;
294			$_POST['dstendport'] = 0;
295			}
296	5ba18897	Scott Ullrich
297	9b45f821	Ermal Lu?i	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
298	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
299	9b45f821	Ermal Lu?i	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
300	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
301	9b45f821	Ermal Lu?i	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
302	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
303	9b45f821	Ermal Lu?i	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
304	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
305	cfceda6d	Evgeny Yurchenko	if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust'])
306			if (is_alias($_POST['srcendport_cust']))
307			$input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field';
308			if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
309			if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust'])
310			$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields';
311			if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) \|\|
312			((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
313			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field';
314			}
315			if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust'])
316			if (is_alias($_POST['dstendport_cust']))
317			$input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field';
318			if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
319			if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust'])
320			$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields';
321			if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) \|\|
322			((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
323			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field';
324			}
325	5ba18897	Scott Ullrich
326	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
327			if($_POST['srctype'] == "network") {
328			if(is_alias($_POST['src']))
329	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
330	0e5ddcd9	Scott Ullrich	}
331			if($_POST['dsttype'] == "network") {
332			if(is_alias($_POST['dst']))
333	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
334	0e5ddcd9	Scott Ullrich	}
335
336	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
337	1e578a7f	Ermal Lu?i	if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
338	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."),$_POST['src']);
339	5b237745	Scott Ullrich	}
340			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
341	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid source bit count must be specified.");
342	5b237745	Scott Ullrich	}
343			}
344			if (!is_specialnet($_POST['dsttype'])) {
345	1e578a7f	Ermal Lu?i	if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
346	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."),$_POST['dst']);
347	5b237745	Scott Ullrich	}
348			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
349	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid destination bit count must be specified.");
350	5b237745	Scott Ullrich	}
351			}
352	5ba18897	Scott Ullrich
353	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
354			/* swap */
355			$tmp = $_POST['srcendport'];
356			$_POST['srcendport'] = $_POST['srcbeginport'];
357			$_POST['srcbeginport'] = $tmp;
358			}
359			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
360			/* swap */
361			$tmp = $_POST['dstendport'];
362			$_POST['dstendport'] = $_POST['dstbeginport'];
363			$_POST['dstbeginport'] = $tmp;
364			}
365	e33c8694	Bill Marquette	if ($_POST['os'])
366			if( $_POST['proto'] != "tcp" )
367	11d2c529	Rafael Lucas	$input_errors[] = gettext("OS detection is only valid with protocol tcp.");
368	5b237745	Scott Ullrich
369	197bfe96	Ermal Luçi	if ($_POST['ackqueue'] && $_POST['ackqueue'] != "none") {
370			if ($_POST['defaultqueue'] == "none" )
371	11d2c529	Rafael Lucas	$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
372	197bfe96	Ermal Luçi	else if ($_POST['ackqueue'] == $_POST['defaultqueue'])
373	11d2c529	Rafael Lucas	$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
374	197bfe96	Ermal Luçi	}
375	6735d092	Ermal	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
376	02d7e4a4	Ermal	$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
377	622bd5e7	Ermal	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
378	37d202a3	Ermal	$input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction.");
379	a5fd67e1	Ermal Luçi	if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") {
380			if ($_POST['dnpipe'] == "none" )
381	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
382	a5fd67e1	Ermal Luçi	else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
383	11d2c529	Rafael Lucas	$input_errors[] = gettext("In and Out Queue cannot be the same.");
384	a5fd67e1	Ermal Luçi	else if ($pdnpipe[0] == "?" && $dnpipe[0] <> "?")
385	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
386			else if ($dnpipe[0] == "?" && $pdnpipe[0] <> "?")
387			$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
388	a5fd67e1	Ermal Luçi	}
389	b9e28d57	unknown	if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
390	11d2c529	Rafael Lucas	$input_errors[] = gettext('ID must be an integer');
391	7e50413c	Ermal Luçi	if($_POST['l7container'] && $_POST['l7container'] != "none") {
392			if(!($_POST['proto'] == "tcp" \|\| $_POST['proto'] == "udp" \|\| $_POST['proto'] == "tcp/udp"))
393	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols");
394	3b184ca5	Ermal Lu?i	if ($_POST['type'] <> "pass")
395	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
396	7e50413c	Ermal Luçi	}
397	197bfe96	Ermal Luçi
398	b8ed2a11	Ermal	if (!$_POST['tcpflags_any']) {
399			$settcpflags = array();
400			$outoftcpflags = array();
401			foreach ($tcpflags as $tcpflag) {
402			if ($_POST['tcpflags1_' . $tcpflag] == "on")
403			$settcpflags[] = $tcpflag;
404			if ($_POST['tcpflags2_' . $tcpflag] == "on")
405			$outoftcpflags[] = $tcpflag;
406			}
407			if (empty($outoftcpflags) && !empty($settcpflags))
408	11d2c529	Rafael Lucas	$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
409	b8ed2a11	Ermal	}
410
411	d65962a7	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
412			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation");
413
414	5b237745	Scott Ullrich	if (!$input_errors) {
415			$filterent = array();
416	b9e28d57	unknown	$filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:'';
417	5b237745	Scott Ullrich	$filterent['type'] = $_POST['type'];
418	661aed33	Ermal Luçi	if (isset($_POST['interface'] ))
419			$filterent['interface'] = $_POST['interface'];
420
421	b8ed2a11	Ermal	if ($_POST['tcpflags_any']) {
422			$filterent['tcpflags_any'] = true;
423			} else {
424			$settcpflags = array();
425			$outoftcpflags = array();
426			foreach ($tcpflags as $tcpflag) {
427			if ($_POST['tcpflags1_' . $tcpflag] == "on")
428			$settcpflags[] = $tcpflag;
429			if ($_POST['tcpflags2_' . $tcpflag] == "on")
430			$outoftcpflags[] = $tcpflag;
431			}
432			if (!empty($outoftcpflags)) {
433			$filterent['tcpflags2'] = join(",", $outoftcpflags);
434			if (!empty($settcpflags))
435			$filterent['tcpflags1'] = join(",", $settcpflags);
436			}
437			}
438
439	fd9ba7c0	Ermal	if (isset($_POST['tag']))
440			$filterent['tag'] = $_POST['tag'];
441			if (isset($_POST['tagged']))
442			$filterent['tagged'] = $_POST['tagged'];
443	661aed33	Ermal Luçi	if ($if == "FloatingRules" \|\| isset($_POST['floating'])) {
444			$filterent['direction'] = $_POST['direction'];
445			if (isset($_POST['quick']) && $_POST['quick'] <> "")
446			$filterent['quick'] = $_POST['quick'];
447			$filterent['floating'] = "yes";
448			if (isset($_POST['interface']) && count($_POST['interface']) > 0) {
449	f1602cc4	sullrich	$filterent['interface'] = implode(",", $_POST['interface']);
450	661aed33	Ermal Luçi	}
451			}
452	d59874c1	Scott Ullrich
453	bdb7d6e7	Scott Ullrich	/* Advanced options */
454	775ccea3	Ermal Luci	if ($_POST['allowopts'] == "yes")
455			$filterent['allowopts'] = true;
456			else
457			unset($filterent['allowopts']);
458	19757916	Ermal Lu?i	if ($_POST['disablereplyto'] == "yes")
459			$filterent['disablereplyto'] = true;
460			else
461			unset($filterent['disablereplyto']);
462	a56b2fa0	pierrepomes	$filterent['max'] = $_POST['max'];
463	bdb7d6e7	Scott Ullrich	$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
464	26dd6a54	pierrepomes	$filterent['max-src-conn'] = $_POST['max-src-conn'];
465	bdb7d6e7	Scott Ullrich	$filterent['max-src-states'] = $_POST['max-src-states'];
466	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
467	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
468	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
469	10f21e70	Scott Ullrich
470			/* Nosync directive - do not xmlrpc sync this item */
471	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
472	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
473			else
474			unset($filterent['nosync']);
475
476	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
477			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
478			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
479			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
480			} else {
481			unset($filterent['max-src-conn-rate']);
482			unset($filterent['max-src-conn-rates']);
483			}
484	5ba18897	Scott Ullrich
485	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
486			$filterent['protocol'] = $_POST['proto'];
487			else
488			unset($filterent['protocol']);
489	5ba18897	Scott Ullrich
490	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
491			$filterent['icmptype'] = $_POST['icmptype'];
492			else
493			unset($filterent['icmptype']);
494	5ba18897	Scott Ullrich
495	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
496			$_POST['srcmask'], $_POST['srcnot'],
497			$_POST['srcbeginport'], $_POST['srcendport']);
498	5ba18897	Scott Ullrich
499	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
500			$_POST['dstmask'], $_POST['dstnot'],
501			$_POST['dstbeginport'], $_POST['dstendport']);
502	5ba18897	Scott Ullrich
503	f1602cc4	sullrich	if ($_POST['disabled'])
504			$filterent['disabled'] = true;
505			else
506			unset($filterent['disabled']);
507
508	c5fc1b2e	Ermal Luçi	if ($_POST['dscp'])
509			$filterent['dscp'] = $_POST['dscp'];
510
511	f1602cc4	sullrich	if ($_POST['log'])
512			$filterent['log'] = true;
513			else
514			unset($filterent['log']);
515	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
516	5ba18897	Scott Ullrich
517	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
518			$filterent['gateway'] = $_POST['gateway'];
519			}
520	197bfe96	Ermal Luçi
521			if (isset($_POST['defaultqueue']) && $_POST['defaultqueue'] != "none") {
522			$filterent['defaultqueue'] = $_POST['defaultqueue'];
523			if (isset($_POST['ackqueue']) && $_POST['ackqueue'] != "none")
524			$filterent['ackqueue'] = $_POST['ackqueue'];
525			}
526	c98ddde2	Bill Marquette
527	a5fd67e1	Ermal Luçi	if (isset($_POST['dnpipe']) && $_POST['dnpipe'] != "none") {
528			$filterent['dnpipe'] = $_POST['dnpipe'];
529			if (isset($_POST['pdnpipe']) && $_POST['pdnpipe'] != "none")
530			$filterent['pdnpipe'] = $_POST['pdnpipe'];
531			}
532
533	7e50413c	Ermal Luçi	if (isset($_POST['l7container']) && $_POST['l7container'] != "none") {
534			$filterent['l7container'] = $_POST['l7container'];
535			}
536
537	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
538			$filterent['sched'] = $_POST['sched'];
539			}
540
541	1122a892	Erik Fonnesbeck	// If we have an associated nat rule, make sure the source and destination doesn't change
542	9b16b834	Ermal Lu?i	if( isset($a_filter[$id]['associated-rule-id']) ) {
543	0bfd0f79	Erik Fonnesbeck	$filterent['interface'] = $a_filter[$id]['interface'];
544	48a27d4f	Erik Fonnesbeck	if (isset($a_filter[$id]['protocol']))
545			$filterent['protocol'] = $a_filter[$id]['protocol'];
546			else if (isset($filterent['protocol']))
547			unset($filterent['protocol']);
548			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype'])
549			$filterent['icmptype'] = $a_filter[$id]['icmptype'];
550			else if (isset($filterent['icmptype']))
551			unset($filterent['icmptype']);
552	1122a892	Erik Fonnesbeck	$filterent['source'] = $a_filter[$id]['source'];
553	473d0ff0	pierrepomes	$filterent['destination'] = $a_filter[$id]['destination'];
554	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
555	473d0ff0	pierrepomes	}
556
557	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
558			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
559
560	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
561			$a_filter[$id] = $filterent;
562			else {
563			if (is_numeric($after))
564			array_splice($a_filter, $after+1, 0, array($filterent));
565			else
566			$a_filter[] = $filterent;
567			}
568	f4e2a352	Scott Ullrich
569	ea57ccb8	Erik Fonnesbeck	filter_rules_sort();
570	d65962a7	Scott Ullrich
571	5b237745	Scott Ullrich	write_config();
572	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
573	5ba18897	Scott Ullrich
574	661aed33	Ermal Luçi	if (isset($_POST['floating']))
575			header("Location: firewall_rules.php?if=FloatingRules");
576			else
577			header("Location: firewall_rules.php?if=" . $_POST['interface']);
578	5b237745	Scott Ullrich	exit;
579			}
580	c60824d2	Scott Ullrich	}
581
582	37c53a0d	Ermal Lu?i	read_altq_config(); /* XXX: */
583			$qlist =& get_unique_queue_list();
584			read_dummynet_config(); /* XXX: */
585			$dnqlist =& get_unique_dnqueue_list();
586			read_layer7_config();
587			$l7clist =& get_l7_unique_list();
588
589	11d2c529	Rafael Lucas	$pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit"));
590	3cceb5d5	jim-p	$statusurl = "status_filter_reload.php";
591			$logurl = "diag_logs_filter.php";
592
593	a1357fe0	Bill Marquette	$closehead = false;
594	8ab3e9ed	Erik Kristensen
595			$page_filename = "firewall_rules_edit.php";
596	da7ae7ef	Bill Marquette	include("head.inc");
597	c60824d2	Scott Ullrich
598	5b237745	Scott Ullrich	?>
599	da7ae7ef	Bill Marquette
600	5b237745	Scott Ullrich	</head>
601
602			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
603			<?php include("fbegin.inc"); ?>
604			<?php if ($input_errors) print_input_errors($input_errors); ?>
605	8ab3e9ed	Erik Kristensen
606			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
607	6eac9b90	Scott Ullrich	<input type='hidden' name="ruleid" value="<?=(isset($pconfig['ruleid'])&&$pconfig['ruleid']>0)?htmlspecialchars($pconfig['ruleid']):''?>">
608
609	8ab3e9ed	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
610	e091cb45	Scott Ullrich	<tr>
611	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td>
612	e091cb45	Scott Ullrich	</tr>
613	d65962a7	Scott Ullrich	<?php
614			// Allow extending of the firewall edit page and include custom input validation
615			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
616			?>
617	8ab3e9ed	Erik Kristensen	<tr>
618	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
619	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
620	b5c78501	Seth Mos	<select name="type" class="formselect">
621	e5e5ba51	Vinicius Coque	<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
622	8ab3e9ed	Erik Kristensen	<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
623			<?=htmlspecialchars($type);?>
624			</option>
625			<?php endforeach; ?>
626	a391d0ab	Ermal	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
627			<option value="match" <?php if ("match" == strtolower($pconfig['type'])) echo "selected"; ?>>Queue</option>
628			<?php endif; ?>
629	8c84fe43	Scott Ullrich	</select>
630	8ab3e9ed	Erik Kristensen	<br/>
631			<span class="vexpl">
632	11d2c529	Rafael Lucas	<?=gettext("Choose what to do with packets that match the criteria specified below.");?> <br/>
633			<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
634	8ab3e9ed	Erik Kristensen	</span>
635			</td>
636			</tr>
637			<tr>
638	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
639	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
640			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
641	11d2c529	Rafael Lucas	<strong><?=gettext("Disable this rule");?></strong><br />
642			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list.");?></span>
643	8ab3e9ed	Erik Kristensen	</td>
644			</tr>
645	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
646			<tr>
647	f1602cc4	sullrich	<td width="22%" valign="top" class="vncellreq">
648			<?=gettext("Quick");?>
649			</td>
650			<td width="78%" class="vtable">
651			<input name="quick" type="checkbox" id="quick" value="yes" <?php if ($pconfig['quick']) echo "checked=\"checked\""; ?> />
652			<strong><?=gettext("Apply the action immediately on match.");?></strong><br />
653			<span class="vexpl"><?=gettext("Set this option if you need to apply this action to traffic that matches this rule immediately.");?></span>
654			</td>
655			</tr>
656	e73b001e	Renato Botelho	<?php endif; ?>
657	48a27d4f	Erik Fonnesbeck	<?php $edit_disabled = ""; ?>
658			<?php if( isset($pconfig['associated-rule-id']) ): ?>
659			<tr>
660			<td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td>
661			<td width="78%" class="vtable">
662	e4b9d53b	Warren Baker	<span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("This is associated to a NAT rule.");?><br />
663	48a27d4f	Erik Fonnesbeck	<?=gettext("You cannot edit the interface, protocol, source, or destination of associated filter rules.");?><br />
664			<br />
665			<?php
666			$edit_disabled = "disabled";
667			if (is_array($config['nat']['rule'])) {
668			foreach( $config['nat']['rule'] as $index => $nat_rule ) {
669			if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
670			echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br>";
671			break;
672			}
673			}
674			}
675			echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' >";
676			if (!empty($pconfig['interface']))
677			echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' >";
678			?>
679			<script type="text/javascript">
680			editenabled = 0;
681			</script>
682			</td>
683			</tr>
684	ee9933b6	Renato Botelho	<?php endif; ?>
685	8ab3e9ed	Erik Kristensen	<tr>
686	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
687	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
688	48a27d4f	Erik Fonnesbeck	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
689			<select name="interface[]" multiple="true" class="formselect" size="3" <?=$edit_disabled;?>>
690	ee9933b6	Renato Botelho	<?php else: ?>
691	48a27d4f	Erik Fonnesbeck	<select name="interface" class="formselect" <?=$edit_disabled;?>>
692	8ab3e9ed	Erik Kristensen	<?php
693	661aed33	Ermal Luçi	endif;
694	a7782099	Ermal Lu?i	/* add group interfaces */
695	f1602cc4	sullrich	if (is_array($config['ifgroups']['ifgroupentry']))
696	a7782099	Ermal Lu?i	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
697			if (have_ruleint_access($ifgen['ifname']))
698			$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
699	b7391125	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
700	29af4f6f	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
701			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
702	5335811d	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
703			if(have_ruleint_access($ifent))
704	f1602cc4	sullrich	$interfaces[$ifent] = $ifdesc;
705	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
706	f1602cc4	sullrich	if(have_ruleint_access("l2tp"))
707			$interfaces['l2tp'] = "L2TP VPN";
708	b6742927	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
709			if(have_ruleint_access("pptp"))
710			$interfaces['pptp'] = "PPTP VPN";
711
712	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
713			$interfaces['pppoe'] = "PPPoE VPN";
714	b6742927	Scott Ullrich	/* add ipsec interfaces */
715	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
716	b6742927	Scott Ullrich	if(have_ruleint_access("enc0"))
717	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
718	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
719	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
720	d030c9de	Erik Fonnesbeck	$interfaces["openvpn"] = "OpenVPN";
721			$selected_interfaces = explode(",", $pconfig['interface']);
722	8ab3e9ed	Erik Kristensen	foreach ($interfaces as $iface => $ifacename): ?>
723	74aff49c	Renato Botelho	<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 \|\| in_array($iface, $selected_interfaces) )) echo "selected"; ?>><?=$ifacename?></option>
724	8ab3e9ed	Erik Kristensen	<?php endforeach; ?>
725	8c84fe43	Scott Ullrich	</select>
726	8ab3e9ed	Erik Kristensen	<br />
727	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose on which interface packets must come in to match this rule.");?></span>
728	8ab3e9ed	Erik Kristensen	</td>
729			</tr>
730	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
731	f1602cc4	sullrich	<tr>
732			<td width="22%" valign="top" class="vncellreq">
733			<?=gettext("Direction");?>
734			</td>
735			<td width="78%" class="vtable">
736			<select name="direction" class="formselect">
737	e5e5ba51	Vinicius Coque	<?php $directions = array('any','in','out');
738	f1602cc4	sullrich	foreach ($directions as $direction): ?>
739			<option value="<?=$direction;?>"
740			<?php if ($direction == $pconfig['direction']): ?>
741			selected="selected"
742			<?php endif; ?>
743			><?=$direction;?></option>
744			<?php endforeach; ?>
745			</select>
746			<input type="hidden" id="floating" name="floating" value="floating">
747			</td>
748			<tr>
749	661aed33	Ermal Luçi	<?php endif; ?>
750	8ab3e9ed	Erik Kristensen	<tr>
751	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
752	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
753	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()">
754	8ab3e9ed	Erik Kristensen	<?php
755	c6c26178	jim-p	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP OSPF any carp pfsync");
756	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
757			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
758			<?php endforeach; ?>
759			</select>
760			<br />
761	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose which IP protocol this rule should match.");?> <br /> <?=gettext("Hint: in most cases, you should specify ");?><em>TCP</em>  <?=gettext("here.");?></span>
762	8ab3e9ed	Erik Kristensen	</td>
763			</tr>
764	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
765	11d2c529	Rafael Lucas	<td valign="top" class="vncell"><?=gettext("ICMP type");?></td>
766	8ab3e9ed	Erik Kristensen	<td class="vtable">
767	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="icmptype" class="formselect">
768	8ab3e9ed	Erik Kristensen	<?php
769			$icmptypes = array(
770	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
771	a01ce4c7	jim-p	"echoreq" => gettext("Echo request"),
772	abd67a31	Carlos Eduardo Ramos	"echorep" => gettext("Echo reply"),
773			"unreach" => gettext("Destination unreachable"),
774			"squench" => gettext("Source quench"),
775			"redir" => gettext("Redirect"),
776			"althost" => gettext("Alternate Host"),
777			"routeradv" => gettext("Router advertisement"),
778			"routersol" => gettext("Router solicitation"),
779			"timex" => gettext("Time exceeded"),
780			"paramprob" => gettext("Invalid IP header"),
781			"timereq" => gettext("Timestamp"),
782			"timerep" => gettext("Timestamp reply"),
783			"inforeq" => gettext("Information request"),
784			"inforep" => gettext("Information reply"),
785			"maskreq" => gettext("Address mask request"),
786			"maskrep" => gettext("Address mask reply")
787	8ab3e9ed	Erik Kristensen	);
788
789			foreach ($icmptypes as $icmptype => $descr): ?>
790			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
791			<?php endforeach; ?>
792			</select>
793			<br />
794	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span>
795	8ab3e9ed	Erik Kristensen	</td>
796			</tr>
797			<tr>
798	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source");?></td>
799	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
800	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
801	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
802	8ab3e9ed	Erik Kristensen	<br />
803	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
804	8ab3e9ed	Erik Kristensen	<br />
805			<br />
806			<table border="0" cellspacing="0" cellpadding="0">
807			<tr>
808	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
809	8ab3e9ed	Erik Kristensen	<td>
810	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srctype" class="formselect" onChange="typesel_change()">
811	87f0be87	Chris Buechler	<?php
812			$sel = is_specialnet($pconfig['src']); ?>
813	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
814			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
815			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
816	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
817	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
818	99ea4439	Scott Ullrich	<?php endif; ?>
819			<?php if(have_ruleint_access("pppoe")): ?>
820	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
821	99ea4439	Scott Ullrich	<?php endif; ?>
822	8a6bc505	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
823	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
824	8a6bc505	Ermal Lu?i	<?php endif; ?>
825	8ab3e9ed	Erik Kristensen	<?php
826	5335811d	Ermal Luçi	foreach ($ifdisp as $ifent => $ifdesc): ?>
827			<?php if(have_ruleint_access($ifent)): ?>
828	11d2c529	Rafael Lucas	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?><?=gettext(" subnet");?></option>
829	5335811d	Ermal Luçi	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
830	11d2c529	Rafael Lucas	<?=$ifdesc?> <?=gettext("address");?>
831	e30a5970	Scott Ullrich	</option>
832	99ea4439	Scott Ullrich	<?php endif; ?>
833	b7391125	Ermal Luçi	<?php endforeach; ?>
834	8ab3e9ed	Erik Kristensen	</select>
835			</td>
836			</tr>
837			<tr>
838	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
839	8ab3e9ed	Erik Kristensen	<td>
840	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
841			<select <?=$edit_disabled;?> name="srcmask" class="formselect" id="srcmask">
842	8ab3e9ed	Erik Kristensen	<?php for ($i = 31; $i > 0; $i--): ?>
843			<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
844			<?php endfor; ?>
845			</select>
846	bdb7d6e7	Scott Ullrich	</td>
847	8ab3e9ed	Erik Kristensen	</tr>
848			</table>
849	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
850			<p>
851	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> type="button" onClick="show_source_port_range()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source port range");?></a>
852	22abf2ef	Scott Ullrich	</div>
853	8ab3e9ed	Erik Kristensen	</td>
854	e33c8694	Bill Marquette	</tr>
855	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
856	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range");?></td>
857	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
858			<table border="0" cellspacing="0" cellpadding="0">
859			<tr>
860	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
861	8ab3e9ed	Erik Kristensen	<td>
862	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
863	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
864	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
865	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
866			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
867			<?php endforeach; ?>
868	8c84fe43	Scott Ullrich	</select>
869	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
870	8ab3e9ed	Erik Kristensen	</td>
871			</tr>
872			<tr>
873	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
874	8ab3e9ed	Erik Kristensen	<td>
875	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcendport" class="formselect" onchange="ext_change()">
876	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
877	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
878	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
879			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
880			<?php endforeach; ?>
881	8c84fe43	Scott Ullrich	</select>
882	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
883	8ab3e9ed	Erik Kristensen	</td>
884			</tr>
885			</table>
886			<br />
887	87000ded	Erik Fonnesbeck	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule."); ?> <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be"); ?> "<?=gettext("any"); ?>").</b><br /><?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port.");?></span><br/>
888	8ab3e9ed	Erik Kristensen	</td>
889	8c84fe43	Scott Ullrich	</tr>
890	8ab3e9ed	Erik Kristensen	<tr>
891	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination");?></td>
892	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
893	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
894	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
895	8ab3e9ed	Erik Kristensen	<br />
896	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
897	8ab3e9ed	Erik Kristensen	<br />
898			<br />
899			<table border="0" cellspacing="0" cellpadding="0">
900			<tr>
901	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
902	8ab3e9ed	Erik Kristensen	<td>
903	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dsttype" class="formselect" onChange="typesel_change()">
904	87f0be87	Chris Buechler	<?php
905			$sel = is_specialnet($pconfig['dst']); ?>
906	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
907			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
908			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
909	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
910	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
911	99ea4439	Scott Ullrich	<?php endif; ?>
912			<?php if(have_ruleint_access("pppoe")): ?>
913	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
914	99ea4439	Scott Ullrich	<?php endif; ?>
915	3331a640	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
916	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
917	3331a640	Ermal Lu?i	<?php endif; ?>
918	b7391125	Ermal Luçi
919			<?php foreach ($ifdisp as $if => $ifdesc): ?>
920			<?php if(have_ruleint_access($if)): ?>
921	11d2c529	Rafael Lucas	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet");?></option>
922	b7391125	Ermal Luçi	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
923	11d2c529	Rafael Lucas	<?=$ifdesc;?> <?=gettext("address");?>
924	cbff71a1	Scott Ullrich	</option>
925	99ea4439	Scott Ullrich	<?php endif; ?>
926	b7391125	Ermal Luçi	<?php endforeach; ?>
927	8ab3e9ed	Erik Kristensen	</select>
928			</td>
929			</tr>
930			<tr>
931	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
932	8ab3e9ed	Erik Kristensen	<td>
933	43f2eca7	Erik Fonnesbeck	<input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
934	8ab3e9ed	Erik Kristensen	/
935	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstmask" class="formselect" id="dstmask">
936	8ab3e9ed	Erik Kristensen	<?php
937			for ($i = 31; $i > 0; $i--): ?>
938			<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
939			<?php endfor; ?>
940			</select>
941			</td>
942			</tr>
943			</table>
944			</td>
945			</tr>
946	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
947	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range ");?></td>
948	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
949			<table border="0" cellspacing="0" cellpadding="0">
950			<tr>
951	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
952	8ab3e9ed	Erik Kristensen	<td>
953	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
954	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
955	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
956	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
957			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
958	3deb92f7	Renato Botelho	<?php endforeach; ?>
959	8ab3e9ed	Erik Kristensen	</select>
960	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
961	8ab3e9ed	Erik Kristensen	</td>
962			</tr>
963			<tr>
964	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
965	8ab3e9ed	Erik Kristensen	<td>
966	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstendport" class="formselect" onchange="ext_change()">
967	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
968	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
969	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
970			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
971			<?php endforeach; ?>
972	8c84fe43	Scott Ullrich	</select>
973	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
974	8ab3e9ed	Erik Kristensen	</td>
975			</tr>
976			</table>
977			<br />
978			<span class="vexpl">
979	11d2c529	Rafael Lucas	<?=gettext("Specify the port or port range for the destination of the packet for this rule.");?>
980	adb633a0	sullrich	<br />
981	345b9715	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port");?>
982	8ab3e9ed	Erik Kristensen	</span>
983			</td>
984			</tr>
985			<tr>
986	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Log");?></td>
987	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
988			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
989	11d2c529	Rafael Lucas	<strong><?=gettext("Log packets that are handled by this rule");?></strong>
990	adb633a0	sullrich	<br />
991	0fb885bc	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server"); ?> (<?=gettext("see the"); ?> <a href="diag_logs_settings.php"><?=gettext("Diagnostics: System logs: Settings"); ?></a> <?=gettext("page"); ?>).</span>
992	8ab3e9ed	Erik Kristensen	</td>
993			</tr>
994	151eb2a9	sullrich	<tr>
995	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
996	151eb2a9	sullrich	<td width="78%" class="vtable">
997			<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
998			<br />
999	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
1000	151eb2a9	sullrich	</td>
1001			</tr>
1002	8e0c3760	Ermal	<?php if (!isset($id) \|\| !($a_filter[$id] && firewall_check_for_advanced_options($a_filter[$id]) <> "")): ?>
1003	151eb2a9	sullrich	<tr>
1004			<td width="22%" valign="top"> </td>
1005			<td width="78%">
1006			<br>
1007	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1008	151eb2a9	sullrich	<?php if (isset($id) && $a_filter[$id]): ?>
1009	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1010	151eb2a9	sullrich	<?php endif; ?>
1011	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1012	151eb2a9	sullrich	</td>
1013			</tr>
1014	8e0c3760	Ermal	<?php endif; ?>
1015	151eb2a9	sullrich	<tr>
1016			<td> </td>
1017			</tr>
1018			<tr>
1019	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced features");?></td>
1020	151eb2a9	sullrich	</tr>
1021	f1602cc4	sullrich	<tr>
1022	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Source OS");?></td>
1023	e265d9f5	sullrich	<td width="78%" class="vtable">
1024	ee9933b6	Renato Botelho	<div id="showadvsourceosbox" <?php if ($pconfig['os']) echo "style='display:none'"; ?>>
1025	157a6919	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_sourceos()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1026	adb633a0	sullrich	</div>
1027	ee9933b6	Renato Botelho	<div id="showsourceosadv" <?php if (empty($pconfig['os'])) echo "style='display:none'"; ?>>
1028	21600ab1	Vinicius Coque	<?=gettext("OS Type:");?>
1029	adb633a0	sullrich	<select name="os" id="os" class="formselect">
1030	f1602cc4	sullrich	<?php
1031	adb633a0	sullrich	$ostypes = array(
1032	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
1033	adb633a0	sullrich	"AIX" => "AIX",
1034			"Linux" => "Linux",
1035			"FreeBSD" => "FreeBSD",
1036			"NetBSD" => "NetBSD",
1037			"OpenBSD" => "OpenBSD",
1038			"Solaris" => "Solaris",
1039			"MacOS" => "MacOS",
1040			"Windows" => "Windows",
1041			"Novell" => "Novell",
1042			"NMAP" => "NMAP"
1043			);
1044			foreach ($ostypes as $ostype => $descr): ?>
1045			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
1046			<?php
1047			endforeach;
1048			?>
1049			</select>
1050			<br />
1051	11d2c529	Rafael Lucas	<?=gettext("Note: this only works for TCP rules");?>
1052	adb633a0	sullrich	</div>
1053	f1602cc4	sullrich	</td>
1054			</tr>
1055	30c4ae8a	sullrich	<tr>
1056	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Diffserv Code Point");?></td>
1057	30c4ae8a	sullrich	<td width="78%" class="vtable">
1058	ee9933b6	Renato Botelho	<div id="dsadv" name="dsadv" <?php if ($pconfig['dscp']) echo "style='display:none'"; ?>>
1059	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_dsdiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1060	30c4ae8a	sullrich	</div>
1061	ee9933b6	Renato Botelho	<div id="dsdivmain" name="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>>
1062	30c4ae8a	sullrich	<select name="dscp" id="dscp">
1063			<option value=""></option>
1064			<?php foreach($firewall_rules_dscp_types as $frdt): ?>
1065			<option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " SELECTED"; ?>><?=$frdt?></option>
1066			<?php endforeach; ?>
1067			</select>
1068			</div>
1069			</td>
1070			</tr>
1071	661aed33	Ermal Luçi	<tr>
1072	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced Options");?></td>
1073	e6db3f58	Ermal Luçi	<td width="78%" class="vtable">
1074			<div id="aoadv" name="aoadv">
1075	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_aodiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1076	e6db3f58	Ermal Luçi	</div>
1077			<div id="aodivmain" name="aodivmain" style="display:none">
1078	f1602cc4	sullrich	<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
1079	a29dc11b	Chris Buechler	<br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
1080	f1602cc4	sullrich	</span><p>
1081	19757916	Ermal Lu?i	<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>>
1082			<br/><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?>
1083			</span><p>
1084	f1602cc4	sullrich	<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>">
1085	345b9715	Carlos Eduardo Ramos	<br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called"); ?> <b><?=gettext("Policy filtering"); ?></b>
1086	775ccea3	Ermal Luci	</span><p>
1087	f1602cc4	sullrich	<input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>">
1088			<br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?>
1089			</span> <p>
1090	dd5bf424	Scott Ullrich	<input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p>
1091			<input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p>
1092			<input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p>
1093			<input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>"><br><?=gettext(" Maximum state entries per host");?></p><p>
1094			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>"> /
1095	8ab3e9ed	Erik Kristensen	<select name="max-src-conn-rates" id="max-src-conn-rates">
1096			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
1097			<?php for($x=1; $x<255; $x++) {
1098			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
1099			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
1100			} ?>
1101	47042140	Scott Ullrich	</select><br />
1102	11d2c529	Rafael Lucas	<?=gettext("Maximum new connections / per second(s)");?>
1103	e4d79ab0	Ermal	</p><p>
1104	47042140	Scott Ullrich
1105	dd5bf424	Scott Ullrich	<input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>"><br>
1106	11d2c529	Rafael Lucas	<?=gettext("State Timeout in seconds");?>
1107	e4d79ab0	Ermal	</p>
1108	47042140	Scott Ullrich
1109	e4b9d53b	Warren Baker	<p><strong><?=gettext("Note: Leave fields blank to disable that feature.");?></strong></p>
1110	197b2a47	Scott Ullrich	</div>
1111	8ab3e9ed	Erik Kristensen	</td>
1112			</tr>
1113	b8ed2a11	Ermal	<tr id="tcpflags" name="tcpflags">
1114	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
1115	b8ed2a11	Ermal	<td width="78%" class="vtable">
1116	ee9933b6	Renato Botelho	<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] \|\| $pconfig['tcpflags1'] \|\| $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
1117	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1118	b8ed2a11	Ermal	</div>
1119	ee9933b6	Renato Botelho	<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
1120	b8ed2a11	Ermal	<div id="tcpheader" name="tcpheader">
1121			<center>
1122			<table border="0" cellspacing="0" cellpadding="0">
1123			<?php
1124			$setflags = explode(",", $pconfig['tcpflags1']);
1125			$outofflags = explode(",", $pconfig['tcpflags2']);
1126			$header = "<td width='40' nowrap></td>";
1127			$tcpflags1 = "<td width='40' nowrap>set</td>";
1128			$tcpflags2 = "<td width='40' nowrap>out of</td>";
1129			foreach ($tcpflags as $tcpflag) {
1130			$header .= "<td width='40' nowrap><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
1131			$tcpflags1 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
1132			if (array_search($tcpflag, $setflags) !== false)
1133			$tcpflags1 .= "checked";
1134			$tcpflags1 .= "></td>\n";
1135			$tcpflags2 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
1136			if (array_search($tcpflag, $outofflags) !== false)
1137			$tcpflags2 .= "checked";
1138			$tcpflags2 .= "></td>\n";
1139			}
1140			echo "<tr id='tcpheader' name='tcpheader'>{$header}</tr>\n";
1141			echo "<tr id='tcpflags1' name='tcpflags1'>{$tcpflags1}</tr>\n";
1142			echo "<tr id='tcpflags2' name='tcpflags2'>{$tcpflags2}</tr>\n";
1143			?>
1144			</table>
1145			<center>
1146			</div>
1147			<br/><center>
1148	11d2c529	Rafael Lucas	<input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center>
1149	b8ed2a11	Ermal	<br/>
1150	95938fae	jim-p	<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
1151	11d2c529	Rafael Lucas	"be set or cleared for this rule to match.");?></span>
1152	b8ed2a11	Ermal	</div>
1153			</td>
1154			</tr>
1155	8ab3e9ed	Erik Kristensen	<tr>
1156	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td>
1157	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1158	ee9933b6	Renato Botelho	<div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>>
1159	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_state()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1160	f6970b2f	Scott Ullrich	</div>
1161	ee9933b6	Renato Botelho	<div id="showstateadv" <?php if (empty($pconfig['statetype']) \|\| $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>>
1162	f6970b2f	Scott Ullrich	<select name="statetype">
1163	11d2c529	Rafael Lucas	<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>><?=gettext("keep state");?></option>
1164			<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected"; ?>><?=gettext("sloppy state");?></option>
1165			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>><?=gettext("synproxy state");?></option>
1166			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>><?=gettext("none");?></option>
1167	e4b9d53b	Warren Baker	</select><br><?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
1168	f6970b2f	Scott Ullrich	<p>
1169			<table width="90%">
1170	67300ce5	Ermal	<tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1171			<tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1172			<tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr>
1173			<tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr>
1174	f6970b2f	Scott Ullrich	</table>
1175			</p>
1176			</div>
1177	8ab3e9ed	Erik Kristensen	</td>
1178			</tr>
1179	10f21e70	Scott Ullrich	<tr>
1180	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
1181	10f21e70	Scott Ullrich	<td width="78%" class="vtable">
1182	ee9933b6	Renato Botelho	<div id="showadvnoxmlrpcsyncbox" <?php if ($pconfig['nosync']) echo "style='display:none'"; ?>>
1183	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1184	0239d8ee	sullrich	</div>
1185	ee9933b6	Renato Botelho	<div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>>
1186	0239d8ee	sullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
1187	e4b9d53b	Warren Baker	<?=gettext("Hint: This prevents the rule from automatically syncing to other CARP members.");?>
1188	0239d8ee	sullrich	</div>
1189	10f21e70	Scott Ullrich	</td>
1190	8c84fe43	Scott Ullrich	</tr>
1191	615b27bc	Scott Dale	<?php
1192			//build list of schedules
1193			$schedules = array();
1194			$schedules[] = "none";//leave none to leave rule enabled all the time
1195	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
1196			foreach ($config['schedules']['schedule'] as $schedule) {
1197			if ($schedule['name'] <> "")
1198			$schedules[] = $schedule['name'];
1199			}
1200			}
1201	615b27bc	Scott Dale	?>
1202			<tr>
1203	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Schedule");?></td>
1204	615b27bc	Scott Dale	<td width="78%" class="vtable">
1205	ee9933b6	Renato Botelho	<div id="showadvschedulebox" <?php if (!empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1206	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_schedule()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1207	0239d8ee	sullrich	</div>
1208	ee9933b6	Renato Botelho	<div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1209	0239d8ee	sullrich	<select name='sched'>
1210	615b27bc	Scott Dale	<?php
1211	0239d8ee	sullrich	foreach($schedules as $schedule) {
1212			if($schedule == $pconfig['sched']) {
1213			$selected = " SELECTED";
1214			} else {
1215			$selected = "";
1216			}
1217			if ($schedule == "none") {
1218			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
1219			} else {
1220			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
1221			}
1222	615b27bc	Scott Dale	}
1223	0239d8ee	sullrich	?>
1224			</select>
1225	11d2c529	Rafael Lucas	<p><?=gettext("Leave as 'none' to leave the rule enabled all the time.");?></p>
1226	0239d8ee	sullrich	</div>
1227	615b27bc	Scott Dale	</td>
1228			</tr>
1229	82628210	Scott Ullrich	<tr>
1230	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td>
1231	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1232	ee9933b6	Renato Botelho	<div id="showadvgatewaybox" <?php if (!empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1233	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_gateway()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1234	0239d8ee	sullrich	</div>
1235	ee9933b6	Renato Botelho	<div id="showgatewayadv" <?php if (empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1236	0239d8ee	sullrich	<select name='gateway'>
1237	11d2c529	Rafael Lucas	<option value="" ><?=gettext("default");?></option>
1238	8ab3e9ed	Erik Kristensen	<?php
1239	1b38ac36	Ermal	/* build a list of gateways */
1240			$gateways = return_gateways_array();
1241	106804a2	Chris Buechler	// add statically configured gateways to list
1242	1b38ac36	Ermal	foreach($gateways as $gwname => $gw) {
1243	0239d8ee	sullrich	if($gw == "")
1244	0581660c	Scott Ullrich	continue;
1245	1b38ac36	Ermal	if($gwname == $pconfig['gateway']) {
1246	4443d4d6	Scott Ullrich	$selected = " SELECTED";
1247	1fda0968	Scott Ullrich	} else {
1248			$selected = "";
1249			}
1250	1b38ac36	Ermal	echo "<option value=\"{$gwname}\" {$selected}>{$gw['name']} - {$gw['gateway']}</option>\n";
1251	106804a2	Chris Buechler	}
1252	0239d8ee	sullrich	/* add gateway groups to the list */
1253			if (is_array($config['gateways']['gateway_group'])) {
1254			foreach($config['gateways']['gateway_group'] as $gw_group) {
1255			if($gw_group['name'] == "")
1256			continue;
1257			if($pconfig['gateway'] == $gw_group['name']) {
1258			echo "<option value=\"{$gw_group['name']}\" SELECTED>{$gw_group['name']}</option>\n";
1259			} else {
1260			echo "<option value=\"{$gw_group['name']}\">{$gw_group['name']}</option>\n";
1261			}
1262			}
1263			}
1264	8ab3e9ed	Erik Kristensen	?>
1265	0239d8ee	sullrich	</select>
1266	e85604b8	Chris Buechler	<p><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></p>
1267	0239d8ee	sullrich	</div>
1268	8ab3e9ed	Erik Kristensen	</td>
1269			</tr>
1270	a5fd67e1	Ermal Luçi	<tr>
1271	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("In/Out");?></td>
1272	a5fd67e1	Ermal Luçi	<td width="78%" class="vtable">
1273	ee9933b6	Renato Botelho	<div id="showadvinoutbox" <?php if (!empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1274	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_inout()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1275	4c263f57	sullrich	</div>
1276	ee9933b6	Renato Botelho	<div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1277	4c263f57	sullrich	<select name="dnpipe">
1278	a5fd67e1	Ermal Luçi	<?php
1279			if (!is_array($dnqlist))
1280			$dnqlist = array();
1281			echo "<option value=\"none\"";
1282			if (!$dnqselected) echo " SELECTED";
1283			echo " >none</option>";
1284			foreach ($dnqlist as $dnq => $dnqkey) {
1285			if($dnq == "")
1286			continue;
1287			echo "<option value=\"$dnqkey\"";
1288			if ($dnqkey == $pconfig['dnpipe']) {
1289			$dnqselected = 1;
1290			echo " SELECTED";
1291			}
1292			echo ">{$dnq}</option>";
1293			}
1294			?>
1295			</select> /
1296			<select name="pdnpipe">
1297			<?php
1298			$dnqselected = 0;
1299			echo "<option value=\"none\"";
1300			if (!$dnqselected) echo " SELECTED";
1301			echo " >none</option>";
1302			foreach ($dnqlist as $dnq => $dnqkey) {
1303			if($dnq == "")
1304			continue;
1305			echo "<option value=\"$dnqkey\"";
1306			if ($dnqkey == $pconfig['pdnpipe']) {
1307			$dnqselected = 1;
1308			echo " SELECTED";
1309			}
1310			echo ">{$dnq}</option>";
1311			}
1312			?>
1313	4c263f57	sullrich	</select>
1314	a5fd67e1	Ermal Luçi	<br />
1315	bb8f186e	Chris Buechler	<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br/>".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br/>".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span>
1316	4c263f57	sullrich	</div>
1317	a5fd67e1	Ermal Luçi	</td>
1318			</tr>
1319
1320	197bfe96	Ermal Luçi	<tr>
1321	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td>
1322	197bfe96	Ermal Luçi	<td width="78%" class="vtable">
1323	ee9933b6	Renato Botelho	<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1324	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1325	0239d8ee	sullrich	</div>
1326	ee9933b6	Renato Botelho	<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1327	0239d8ee	sullrich	<select name="ackqueue">
1328	197bfe96	Ermal Luçi	<?php
1329	0239d8ee	sullrich	if (!is_array($qlist))
1330			$qlist = array();
1331			echo "<option value=\"none\"";
1332			if (!$qselected) echo " SELECTED";
1333			echo " >none</option>";
1334			foreach ($qlist as $q => $qkey) {
1335			if($q == "")
1336			continue;
1337			echo "<option value=\"$q\"";
1338			if ($q == $pconfig['ackqueue']) {
1339			$qselected = 1;
1340			echo " SELECTED";
1341			}
1342	199791f9	Ermal	if (isset($ifdisp[$q]))
1343			echo ">{$ifdisp[$q]}</option>";
1344			else
1345			echo ">{$q}</option>";
1346	197bfe96	Ermal Luçi	}
1347			?>
1348	0239d8ee	sullrich	</select> /
1349			<select name="defaultqueue">
1350	197bfe96	Ermal Luçi	<?php
1351	0239d8ee	sullrich	$qselected = 0;
1352			echo "<option value=\"none\"";
1353			if (!$qselected) echo " SELECTED";
1354			echo " >none</option>";
1355			foreach ($qlist as $q => $qkey) {
1356			if($q == "")
1357			continue;
1358			echo "<option value=\"$q\"";
1359			if ($q == $pconfig['defaultqueue']) {
1360			$qselected = 1;
1361			echo " SELECTED";
1362			}
1363	199791f9	Ermal	if (isset($ifdisp[$q]))
1364			echo ">{$ifdisp[$q]}</option>";
1365			else
1366			echo ">{$q}</option>";
1367	197bfe96	Ermal Luçi	}
1368			?>
1369	0239d8ee	sullrich	</select>
1370			<br />
1371	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span>
1372	0239d8ee	sullrich	</td>
1373			</tr>
1374			<tr>
1375	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
1376	0239d8ee	sullrich	<td width="78%" class="vtable">
1377	ee9933b6	Renato Botelho	<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1378	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1379	4c263f57	sullrich	</div>
1380	ee9933b6	Renato Botelho	<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1381	0239d8ee	sullrich	<select name="l7container">
1382	7e50413c	Ermal Luçi	<?php
1383	0239d8ee	sullrich	if (!is_array($l7clist))
1384	06e2a55d	thompsa	$l7clist = array();
1385	0239d8ee	sullrich	echo "<option value=\"none\"";
1386			echo " >none</option>";
1387			foreach ($l7clist as $l7ckey) {
1388			echo "<option value=\"{$l7ckey}\"";
1389			if ($l7ckey == $pconfig['l7container']) {
1390			echo " SELECTED";
1391			}
1392			echo ">{$l7ckey}</option>";
1393			}
1394	7e50413c	Ermal Luçi	?>
1395	0239d8ee	sullrich	</select>
1396	7e50413c	Ermal Luçi	<br/>
1397	0239d8ee	sullrich	<span class="vexpl">
1398	4fe84f51	Carlos Eduardo Ramos	<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
1399			"These are valid for TCP and UDP protocols only.");?>
1400	0239d8ee	sullrich	</span>
1401			</div>
1402	7e50413c	Ermal Luçi	</td>
1403			</tr>
1404	d65962a7	Scott Ullrich	<?php
1405			// Allow extending of the firewall edit page and include custom input validation
1406			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate");
1407			?>
1408	8ab3e9ed	Erik Kristensen	<tr>
1409			<td width="22%" valign="top"> </td>
1410			<td width="78%">
1411	151eb2a9	sullrich	<br>
1412	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1413	8ab3e9ed	Erik Kristensen	<?php if (isset($id) && $a_filter[$id]): ?>
1414	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1415	8ab3e9ed	Erik Kristensen	<?php endif; ?>
1416	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1417	8ab3e9ed	Erik Kristensen	</td>
1418	82628210	Scott Ullrich	</tr>
1419	8ab3e9ed	Erik Kristensen	</table>
1420	5b237745	Scott Ullrich	</form>
1421			<script language="JavaScript">
1422			<!--
1423	8ab3e9ed	Erik Kristensen	ext_change();
1424			typesel_change();
1425			proto_change();
1426	3e74107e	Erik Fonnesbeck	<?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") \|\| (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?>
1427			show_source_port_range();
1428			<?php endif; ?>
1429	19757279	Scott Ullrich
1430			<?php
1431	8ab3e9ed	Erik Kristensen	$isfirst = 0;
1432			$aliases = "";
1433			$addrisfirst = 0;
1434			$aliasesaddr = "";
1435			if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
1436			foreach($config['aliases']['alias'] as $alias_name) {
1437	72cb5baf	Ermal Lu?i	switch ($alias_name['type']) {
1438			case "port":
1439			if($isfirst == 1) $portaliases .= ",";
1440			$portaliases .= "'" . $alias_name['name'] . "'";
1441	8ab3e9ed	Erik Kristensen	$isfirst = 1;
1442	72cb5baf	Ermal Lu?i	break;
1443			case "host":
1444			case "network":
1445			case "openvpn":
1446	c7de8be4	jim-p	case "urltable":
1447	8ab3e9ed	Erik Kristensen	if($addrisfirst == 1) $aliasesaddr .= ",";
1448			$aliasesaddr .= "'" . $alias_name['name'] . "'";
1449			$addrisfirst = 1;
1450	72cb5baf	Ermal Lu?i	break;
1451			default:
1452			break;
1453	8ab3e9ed	Erik Kristensen	}
1454	092ac49d	Scott Ullrich	}
1455	19757279	Scott Ullrich	?>
1456
1457	8ab3e9ed	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
1458	72cb5baf	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
1459	19757279	Scott Ullrich
1460	9eb60dcc	Ermal Lu?i	var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
1461			var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
1462			var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
1463			var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
1464			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
1465			var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
1466	5b237745	Scott Ullrich	//-->
1467			</script>
1468			<?php include("fend.inc"); ?>
1469			</body>
1470	9b45f821	Ermal Lu?i	</html>

Project

General

Profile

pfSense