/usr/local/www/firewall_rules.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules.php @ 377e3872

1	b2ffe419	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	37e2071c	Scott Ullrich	firewall_rules.php
5	c7281770	Chris Buechler	part of pfSense (https://www.pfsense.org)
6	56dda8e0	Renato Botelho	Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
8	b2ffe419	Scott Ullrich
9	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
10			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
11	37e2071c	Scott Ullrich	All rights reserved.
12	b2ffe419	Scott Ullrich
13	37e2071c	Scott Ullrich	Redistribution and use in source and binary forms, with or without
14			modification, are permitted provided that the following conditions are met:
15	b2ffe419	Scott Ullrich
16	37e2071c	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
17			this list of conditions and the following disclaimer.
18	b2ffe419	Scott Ullrich
19	37e2071c	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
20			notice, this list of conditions and the following disclaimer in the
21			documentation and/or other materials provided with the distribution.
22	b2ffe419	Scott Ullrich
23	37e2071c	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
27			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32			POSSIBILITY OF SUCH DAMAGE.
33	5b237745	Scott Ullrich	*/
34	7ac5a4cb	Scott Ullrich	/*
35			pfSense_MODULE: filter
36			*/
37	5b237745	Scott Ullrich
38	6b07c15a	Matthew Grooms	##\|+PRIV
39			##\|*IDENT=page-firewall-rules
40			##\|*NAME=Firewall: Rules page
41			##\|*DESCR=Allow access to the 'Firewall: Rules' page.
42			##\|MATCH=firewall_rules.php
43			##\|-PRIV
44
45	5b237745	Scott Ullrich	require("guiconfig.inc");
46	7a927e67	Scott Ullrich	require_once("functions.inc");
47			require_once("filter.inc");
48			require_once("shaper.inc");
49	5b237745	Scott Ullrich
50	7a808e01	Carlos Eduardo Ramos	$pgtitle = array(gettext("Firewall"),gettext("Rules"));
51	b32dd0a6	jim-p	$shortcut_section = "firewall";
52	7a808e01	Carlos Eduardo Ramos
53	00c82782	Renato Botelho	function delete_nat_association($id) {
54			global $config;
55
56			if (!$id \|\| !is_array($config['nat']['rule']))
57	673d29c0	Renato Botelho	return;
58
59	00c82782	Renato Botelho	$a_nat = &$config['nat']['rule'];
60
61			foreach ($a_nat as &$natent)
62			if ($natent['associated-rule-id'] == $id)
63			$natent['associated-rule-id'] = '';
64	673d29c0	Renato Botelho	}
65
66	5b237745	Scott Ullrich	if (!is_array($config['filter']['rule'])) {
67			$config['filter']['rule'] = array();
68			}
69			filter_rules_sort();
70			$a_filter = &$config['filter']['rule'];
71
72	07bd3f83	Scott Ullrich	$if = $_GET['if'];
73			if ($_POST['if'])
74			$if = $_POST['if'];
75	b2ffe419	Scott Ullrich
76	cbe3ea96	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
77	07bd3f83	Scott Ullrich
78	90ba56ad	Scott Ullrich	/* add group interfaces */
79			if (is_array($config['ifgroups']['ifgroupentry']))
80			foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
81			if (have_ruleint_access($ifgen['ifname']))
82			$iflist[$ifgen['ifname']] = $ifgen['ifname'];
83
84	aef4dc74	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
85	56dda8e0	Renato Botelho	if(have_ruleint_access($ifent))
86	aef4dc74	Ermal Luçi	$iflist[$ifent] = $ifdesc;
87	88bcd1d2	Scott Dale
88	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
89	56dda8e0	Renato Botelho	if(have_ruleint_access("l2tp"))
90			$iflist['l2tp'] = "L2TP VPN";
91	617f8d25	Ermal Lu?i
92	07bd3f83	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
93	56dda8e0	Renato Botelho	if(have_ruleint_access("pptp"))
94	d81c2ad1	Scott Ullrich	$iflist['pptp'] = "PPTP VPN";
95	50e0d2a1	Scott Ullrich
96	b0899ee4	Ermal	if (is_array($config['pppoes']['pppoe'])) {
97			foreach ($config['pppoes']['pppoe'] as $pppoes)
98			if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe"))
99			$iflist['pppoe'] = "PPPoE Server";
100			}
101	0c554ff6	Scott Ullrich
102	88bcd1d2	Scott Dale	/* add ipsec interfaces */
103	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
104	56dda8e0	Renato Botelho	if(have_ruleint_access("enc0"))
105	0f266b2e	Chris Buechler	$iflist["enc0"] = "IPsec";
106	07bd3f83	Scott Ullrich
107	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
108	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
109	56dda8e0	Renato Botelho	$iflist["openvpn"] = "OpenVPN";
110	bfb60ac8	Ermal Luçi
111	4a6cf823	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/interfaces_override");
112
113	92125c97	Ermal Luçi	if (!$if \|\| !isset($iflist[$if])) {
114			if ("any" == $if)
115	56dda8e0	Renato Botelho	$if = "FloatingRules";
116			else if ("FloatingRules" != $if) {
117	0416d9a0	Darren Embry	if (isset($iflist['wan']))
118			$if = "wan";
119			else
120			$if = "FloatingRules";
121			}
122	92125c97	Ermal Luçi	}
123	07bd3f83	Scott Ullrich
124	5b237745	Scott Ullrich	if ($_POST) {
125
126			$pconfig = $_POST;
127
128			if ($_POST['apply']) {
129	37e2071c	Scott Ullrich	$retval = 0;
130	9a7e416c	Scott Ullrich	$retval = filter_configure();
131
132	a368a026	Ermal Lu?i	clear_subsystem_dirty('filter');
133	a985eac2	Scott Ullrich
134	1a700ea6	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/apply");
135
136	8cd558b6	ayvis	$savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background.<br />You can also %s monitor %s the reload progress"),"<a href='status_filter_reload.php'>","</a>");
137	5b237745	Scott Ullrich	}
138			}
139
140	d97c50cd	Bill Marquette	if ($_GET['act'] == "del") {
141	673d29c0	Renato Botelho	if ($a_filter[$_GET['id']]) {
142			if (!empty($a_filter[$_GET['id']]['associated-rule-id'])) {
143	00c82782	Renato Botelho	delete_nat_association($a_filter[$_GET['id']]['associated-rule-id']);
144	673d29c0	Renato Botelho	}
145			unset($a_filter[$_GET['id']]);
146	3a343d73	jim-p	if (write_config())
147	bec92ab9	jim-p	mark_subsystem_dirty('filter');
148	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
149	673d29c0	Renato Botelho	exit;
150			}
151	d97c50cd	Bill Marquette	}
152
153	32c58070	Scott Ullrich	// Handle save msg if defined
154	56dda8e0	Renato Botelho	if($_REQUEST['savemsg'])
155	32c58070	Scott Ullrich	$savemsg = htmlentities($_REQUEST['savemsg']);
156
157	07bd3f83	Scott Ullrich	if (isset($_POST['del_x'])) {
158			/* delete selected rules */
159			if (is_array($_POST['rule']) && count($_POST['rule'])) {
160			foreach ($_POST['rule'] as $rulei) {
161	00c82782	Renato Botelho	delete_nat_association($a_filter[$rulei]['associated-rule-id']);
162	07bd3f83	Scott Ullrich	unset($a_filter[$rulei]);
163			}
164	3a343d73	jim-p	if (write_config())
165	bec92ab9	jim-p	mark_subsystem_dirty('filter');
166	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
167	5b237745	Scott Ullrich	exit;
168			}
169	07bd3f83	Scott Ullrich	} else if ($_GET['act'] == "toggle") {
170			if ($a_filter[$_GET['id']]) {
171	56dda8e0	Renato Botelho	if(isset($a_filter[$_GET['id']]['disabled']))
172			unset($a_filter[$_GET['id']]['disabled']);
173			else
174			$a_filter[$_GET['id']]['disabled'] = true;
175	3a343d73	jim-p	if (write_config())
176	bec92ab9	jim-p	mark_subsystem_dirty('filter');
177	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
178	5b237745	Scott Ullrich	exit;
179			}
180	07bd3f83	Scott Ullrich	} else {
181	b2ffe419	Scott Ullrich	/* yuck - IE won't send value attributes for image buttons, while Mozilla does -
182	37e2071c	Scott Ullrich	so we use .x/.y to fine move button clicks instead... */
183	07bd3f83	Scott Ullrich	unset($movebtn);
184			foreach ($_POST as $pn => $pd) {
185			if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
186			$movebtn = $matches[1];
187			break;
188			}
189	5b237745	Scott Ullrich	}
190	07bd3f83	Scott Ullrich	/* move selected rules before this rule */
191			if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
192			$a_filter_new = array();
193	b2ffe419	Scott Ullrich
194	07bd3f83	Scott Ullrich	/* copy all rules < $movebtn and not selected */
195			for ($i = 0; $i < $movebtn; $i++) {
196			if (!in_array($i, $_POST['rule']))
197			$a_filter_new[] = $a_filter[$i];
198			}
199	b2ffe419	Scott Ullrich
200	07bd3f83	Scott Ullrich	/* copy all selected rules */
201			for ($i = 0; $i < count($a_filter); $i++) {
202			if ($i == $movebtn)
203			continue;
204			if (in_array($i, $_POST['rule']))
205			$a_filter_new[] = $a_filter[$i];
206			}
207	b2ffe419	Scott Ullrich
208	07bd3f83	Scott Ullrich	/* copy $movebtn rule */
209			if ($movebtn < count($a_filter))
210			$a_filter_new[] = $a_filter[$movebtn];
211	b2ffe419	Scott Ullrich
212	07bd3f83	Scott Ullrich	/* copy all rules > $movebtn and not selected */
213			for ($i = $movebtn+1; $i < count($a_filter); $i++) {
214			if (!in_array($i, $_POST['rule']))
215			$a_filter_new[] = $a_filter[$i];
216			}
217	b2ffe419	Scott Ullrich
218	07bd3f83	Scott Ullrich	$a_filter = $a_filter_new;
219	3a343d73	jim-p	if (write_config())
220	bec92ab9	jim-p	mark_subsystem_dirty('filter');
221	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
222	5b237745	Scott Ullrich	exit;
223			}
224			}
225
226	9a25487b	Scott Ullrich	include("head.inc");
227	3b2c83b8	Sjon Hortensius	$nrules = 0;
228
229			?>
230	5b237745	Scott Ullrich	<form action="firewall_rules.php" method="post">
231	6dc83d52	Scott Ullrich
232	3b2c83b8	Sjon Hortensius	<?php if ($savemsg) print_info_box($savemsg);?>
233	a368a026	Ermal Lu?i	<?php if (is_subsystem_dirty('filter')): ?><p>
234	c678ca65	jim-p	<?php print_info_box_np(gettext("The firewall rule configuration has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect."), "apply", "", true); ?>
235	8cd558b6	ayvis	<br />
236	5b237745	Scott Ullrich	<?php endif; ?>
237	3a4ca65e	Scott Ullrich	<?php
238			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/before_table");
239			?>
240	3b2c83b8	Sjon Hortensius
241			<?php
242			/* active tabs */
243			$tab_array = array(array(gettext("Floating"), ("FloatingRules" == $if), "firewall_rules.php?if=FloatingRules"));
244
245			foreach ($iflist as $ifent => $ifname) {
246			$tab_array[] = array($ifname, ($ifent == $if), "firewall_rules.php?if={$ifent}");
247			}
248
249			display_top_tabs($tab_array);
250			?>
251	06966500	Sander van Leeuwen	<div class="table-responsive">
252	89f64f0f	Sander van Leeuwen	<table class="table table-striped table-hover">
253	3b2c83b8	Sjon Hortensius	<?php
254			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/before_first_tr");
255			?>
256			<thead>
257			<tr>
258			<th colspan="2"></th>
259			<th><?=gettext("ID");?></th>
260			<?php
261			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tablehead");
262			?>
263			<th><?=gettext("Proto");?></th>
264			<th><?=gettext("Source");?></th>
265			<th><?=gettext("Port");?></th>
266			<th><?=gettext("Destination");?></th>
267			<th><?=gettext("Port");?></th>
268			<th><?=gettext("Gateway");?></th>
269			<th><?=gettext("Queue");?></th>
270			<th><?=gettext("Schedule");?></th>
271			<?php
272			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_desc_tablehead");
273			?>
274			<th><?=gettext("Description");?></th>
275	06966500	Sander van Leeuwen	<th></th>
276	3b2c83b8	Sjon Hortensius	</tr>
277			</thead>
278			<tbody>
279			<?php // Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1.
280			if (!isset($config['system']['webgui']['noantilockout']) &&
281			(((count($config['interfaces']) > 1) && ($if == 'lan'))
282			\|\| ((count($config['interfaces']) == 1) && ($if == 'wan')))):
283
284			$alports = implode('<br />', filter_get_antilockout_ports(true));
285	56dda8e0	Renato Botelho	?>
286	3b2c83b8	Sjon Hortensius	<tr id="antilockout">
287			<td></td>
288	69b397dd	Sjon Hortensius	<td title="<?=gettext("traffic is passed")?>"><i class="icon icon-ok"></i></td>
289	3b2c83b8	Sjon Hortensius	<td></td>
290			<?php
291			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tr_antilockout");
292			?>
293			<td>*</td>
294			<td>*</td>
295			<td>*</td>
296			<td><?=$iflist[$if];?> Address</td>
297			<td><?=$alports?></td>
298			<td>*</td>
299			<td>*</td>
300			<td></td>
301			<td><?=gettext("Anti-Lockout Rule");?></td>
302			<td>
303	06966500	Sander van Leeuwen	<a href="system_advanced_admin.php" class="btn btn-xs btn-primary">edit</a>
304	3b2c83b8	Sjon Hortensius	</td>
305			</tr>
306			<?php endif;?>
307	03976254	jim-p
308	f1f60c92	Ermal Luçi	<?php if (isset($config['interfaces'][$if]['blockpriv'])): ?>
309	3b2c83b8	Sjon Hortensius	<tr id="frrfc1918">
310			<td></td>
311	69b397dd	Sjon Hortensius	<td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td>
312	3b2c83b8	Sjon Hortensius	<td></td>
313			<td>*</td>
314			<td><?=gettext("RFC 1918 networks");?></td>
315			<td>*</td>
316			<td>*</td>
317			<td>*</td>
318			<td>*</td>
319			<td>*</td>
320			<td></td>
321			<td><?=gettext("Block private networks");?></td>
322			<td>
323	06966500	Sander van Leeuwen	<a href="system_advanced_admin.php" class="btn btn-xs btn-primary" title="<?=gettext("edit rule");?>">edit</a>
324	3b2c83b8	Sjon Hortensius	</td>
325			</tr>
326			<?php endif;?>
327	f1f60c92	Ermal Luçi	<?php if (isset($config['interfaces'][$if]['blockbogons'])): ?>
328	3b2c83b8	Sjon Hortensius	<tr id="frrfc1918">
329			<td></td>
330	69b397dd	Sjon Hortensius	<td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td>
331	3b2c83b8	Sjon Hortensius	<td></td>
332			<td>*</td>
333			<td><?=gettext("Reserved/not assigned by IANA");?></td>
334			<td>*</td>
335			<td>*</td>
336			<td>*</td>
337			<td>*</td>
338			<td>*</td>
339			<td>*</td>
340			<td><?=gettext("Block bogon networks");?></td>
341			<td>
342	06966500	Sander van Leeuwen	<a href="system_advanced_admin.php" class="btn btn-xs btn-primary">edit</a>
343	3b2c83b8	Sjon Hortensius	</td>
344			</tr>
345			<?php endif;?>
346
347			<?php for ($i = 0; isset($a_filter[$i]); $i++):
348	56dda8e0	Renato Botelho	pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/row_start");
349			$filterent = $a_filter[$i];
350			if ($filterent['interface'] != $if && !isset($filterent['floating']))
351			continue;
352			if (isset($filterent['floating']) && "FloatingRules" != $if)
353			continue;
354	3b2c83b8	Sjon Hortensius
355			$nrules++;
356	56dda8e0	Renato Botelho	?>
357	3b2c83b8	Sjon Hortensius	<tr id="fr<?=$i?>"<?=(isset($filterent['disabled']) ? ' class="disabled"' : '')?>>
358			<td>
359			<input type="checkbox" id="frc<?=$i?>" name="rule[]" value="<?=$i?>" />
360			</td>
361	69b397dd	Sjon Hortensius	<td title="<?=gettext("traffic is ").$filterent['type']."ed"?>">
362	3b2c83b8	Sjon Hortensius	<?php
363			if ($filterent['type'] == "block")
364			$iconfn = "remove";
365			else if ($filterent['type'] == "reject")
366			$iconfn = "fire";
367			else if ($filterent['type'] == "match")
368			$iconfn = "filter";
369			else
370			$iconfn = "ok";
371			?>
372	69b397dd	Sjon Hortensius	<i class="icon icon-<?=$iconfn?>"></i>
373	3b2c83b8	Sjon Hortensius	<?php
374			$isadvset = firewall_check_for_advanced_options($filterent);
375	69b397dd	Sjon Hortensius	if ($isadvset)
376			print '<i class="icon icon-cog" title="'. gettext("advanced setting") .': '. $isadvset .'"></i>';
377	3b2c83b8	Sjon Hortensius
378	69b397dd	Sjon Hortensius	if (isset($filterent['log']))
379	3b2c83b8	Sjon Hortensius	print '<i class="icon icon-tasks" title="'. gettext("traffic is logged") .'"></i>';
380			?>
381			</td>
382			<?php
383			$alias = rule_columns_with_alias(
384			$filterent['source']['address'],
385			pprint_port($filterent['source']['port']),
386			$filterent['destination']['address'],
387			pprint_port($filterent['destination']['port'])
388			);
389
390			//build Schedule popup box
391			$a_schedules = &$config['schedules']['schedule'];
392			$schedule_span_begin = "";
393			$schedule_span_end = "";
394			$sched_caption_escaped = "";
395			$sched_content = "";
396			$schedstatus = false;
397			$dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun'));
398			$monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December'));
399			if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])) {
400			foreach ($a_schedules as $schedule)
401			{
402			if ($schedule['name'] == $filterent['sched'] ){
403			$schedstatus = filter_get_time_based_rule_status($schedule);
404
405			foreach($schedule['timerange'] as $timerange) {
406			$tempFriendlyTime = "";
407			$tempID = "";
408			$firstprint = false;
409			if ($timerange){
410			$dayFriendly = "";
411			$tempFriendlyTime = "";
412
413			//get hours
414			$temptimerange = $timerange['hour'];
415			$temptimeseparator = strrpos($temptimerange, "-");
416
417			$starttime = substr ($temptimerange, 0, $temptimeseparator);
418			$stoptime = substr ($temptimerange, $temptimeseparator+1);
419
420			if ($timerange['month']){
421			$tempmontharray = explode(",", $timerange['month']);
422			$tempdayarray = explode(",",$timerange['day']);
423			$arraycounter = 0;
424			$firstDayFound = false;
425			$firstPrint = false;
426			foreach ($tempmontharray as $monthtmp){
427			$month = $tempmontharray[$arraycounter];
428			$day = $tempdayarray[$arraycounter];
429
430			if (!$firstDayFound)
431	8ce97a08	Scott Dale	{
432	3b2c83b8	Sjon Hortensius	$firstDay = $day;
433			$firstmonth = $month;
434			$firstDayFound = true;
435			}
436
437			$currentDay = $day;
438			$nextDay = $tempdayarray[$arraycounter+1];
439			$currentDay++;
440			if (($currentDay != $nextDay) \|\| ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])){
441			if ($firstPrint)
442			$dayFriendly .= ", ";
443			$currentDay--;
444			if ($currentDay != $firstDay)
445			$dayFriendly .= $monthArray[$firstmonth-1] . " " . $firstDay . " - " . $currentDay ;
446			else
447			$dayFriendly .= $monthArray[$month-1] . " " . $day;
448	8ce97a08	Scott Dale	$firstDayFound = false;
449	3b2c83b8	Sjon Hortensius	$firstPrint = true;
450			}
451			$arraycounter++;
452			}
453			}
454			else
455			{
456			$tempdayFriendly = $timerange['position'];
457			$firstDayFound = false;
458			$tempFriendlyDayArray = explode(",", $tempdayFriendly);
459			$currentDay = "";
460			$firstDay = "";
461			$nextDay = "";
462			$counter = 0;
463			foreach ($tempFriendlyDayArray as $day){
464			if ($day != ""){
465			if (!$firstDayFound)
466			{
467			$firstDay = $tempFriendlyDayArray[$counter];
468			$firstDayFound = true;
469	8ce97a08	Scott Dale	}
470	3b2c83b8	Sjon Hortensius	$currentDay =$tempFriendlyDayArray[$counter];
471			//get next day
472			$nextDay = $tempFriendlyDayArray[$counter+1];
473			$currentDay++;
474			if ($currentDay != $nextDay){
475			if ($firstprint)
476			$dayFriendly .= ", ";
477			$currentDay--;
478			if ($currentDay != $firstDay)
479			$dayFriendly .= $dayArray[$firstDay-1] . " - " . $dayArray[$currentDay-1];
480			else
481			$dayFriendly .= $dayArray[$firstDay-1];
482			$firstDayFound = false;
483			$firstprint = true;
484			}
485			$counter++;
486	56dda8e0	Renato Botelho	}
487	8ce97a08	Scott Dale	}
488	2a113ca9	Scott Dale	}
489	3b2c83b8	Sjon Hortensius	$timeFriendly = $starttime . " - " . $stoptime;
490			$description = $timerange['rangedescr'];
491			$sched_content .= $dayFriendly . "; " . $timeFriendly . "<br />";
492	56dda8e0	Renato Botelho	}
493			}
494	3b2c83b8	Sjon Hortensius	$sched_caption_escaped = str_replace("'", "\'", $schedule['descr']);
495			$schedule_span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>{$sched_caption_escaped}</h1><p>{$sched_content}</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><u>";
496			$schedule_span_end = "</u></span>";
497	616dd997	Scott Dale	}
498	3b2c83b8	Sjon Hortensius	}
499			}
500			$printicon = false;
501			$alttext = "";
502			$image = "";
503			if (!isset($filterent['disabled'])) {
504			if ($schedstatus) {
505			if ($iconfn == "block" \|\| $iconfn == "reject") {
506			$image = "icon_block";
507			$alttext = gettext("Traffic matching this rule is currently being denied");
508	56dda8e0	Renato Botelho	} else {
509	3b2c83b8	Sjon Hortensius	$image = "icon_pass";
510			$alttext = gettext("Traffic matching this rule is currently being allowed");
511	be81b340	Erik Fonnesbeck	}
512	3b2c83b8	Sjon Hortensius	$printicon = true;
513			} else if ($filterent['sched']) {
514			if ($iconfn == "block" \|\| $iconfn == "reject")
515			$image = "icon_block_d";
516			else
517			$image = "icon_block";
518			$alttext = gettext("This rule is not currently active because its period has expired");
519			$printicon = true;
520			}
521			}
522			?>
523			<td><?=$filterent['id']?></td>
524			<?php
525			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tr");
526			?>
527			<td>
528			<?php
529			if (isset($filterent['ipprotocol'])) {
530			switch($filterent['ipprotocol']) {
531			case "inet":
532			echo "IPv4 ";
533			break;
534			case "inet6":
535			echo "IPv6 ";
536			break;
537			case "inet46":
538			echo "IPv4+6 ";
539			break;
540			}
541			} else {
542			echo "IPv4 ";
543			}
544
545			if (isset($filterent['protocol'])) {
546			echo strtoupper($filterent['protocol']);
547
548			if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) {
549			echo ' <span style="cursor: help;" title="ICMP type: ' .
550			( $filterent['ipprotocol'] == "inet6" ? $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']] ) .
551			'"><u>';
552			echo $filterent['icmptype'];
553			echo '</u></span>';
554			}
555			} else echo "*";
556			?>
557			</td>
558			<td>
559			<?php if (isset($alias['src'])): ?>
560			<a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true">
561			<?php endif; ?>
562			<?=htmlspecialchars(pprint_address($filterent['source']))?>
563			<?php if (isset($alias['src'])): ?>
564			<i class='icon icon-pencil'></i></a>
565			<?php endif; ?>
566			</td>
567			<td>
568			<?php if (isset($alias['srcport'])): ?>
569			<a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true">
570			<?php endif; ?>
571			<?=htmlspecialchars(pprint_port($filterent['source']['port']))?>
572			<?php if (isset($alias['srcport'])): ?>
573			<i class='icon icon-pencil'></i></a>
574			<?php endif; ?>
575			</td>
576			<td>
577			<?php if (isset($alias['dst'])): ?>
578			<a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true">
579			<?php endif; ?>
580			<?=htmlspecialchars(pprint_address($filterent['destination']['address']))?>
581			<?php if (isset($alias['dst'])): ?>
582			<i class='icon icon-pencil'></i></a>
583			<?php endif; ?>
584			</td>
585			<td>
586			<?php if (isset($alias['dstport'])): ?>
587			<a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true">
588			<?php endif; ?>
589			<?=htmlspecialchars(pprint_port($filterent['destination']['port']))?>
590			<?php if (isset($alias['dstport'])): ?>
591			<i class='icon icon-pencil'></i></a>
592			<?php endif; ?>
593			</td>
594			<td>
595			<?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])):?>
596			<?=htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr'])?>
597			<?php else: ?>
598			<?=htmlspecialchars(pprint_port($filterent['gateway']))?><a>
599			<?php endif; ?>
600			</td>
601			<td>
602			<?php
603			if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) {
604			$desc = $filterent['ackqueue'] ;
605			echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&action=show\">{$desc}</a>";
606			$desc = $filterent['defaultqueue'];
607			echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
608			} else if (isset($filterent['defaultqueue'])) {
609			$desc = $filterent['defaultqueue'];
610			echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
611			} else
612			echo gettext("none");
613			?>
614			</td>
615			<td>
616			<?php if ($printicon) { ?><img src="./themes/<?= $g['theme'];?>/images/icons/<?=$image;?>.gif" title="<?=$alttext;?>" border="0" alt="icon" /><?php } ?>
617			<?=$schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?> <?=$schedule_span_end;?>
618			</td>
619			<?php
620			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_descr_tr");
621			?>
622			<td>
623			<?=htmlspecialchars($filterent['descr']);?>
624			</td>
625			<td>
626	06966500	Sander van Leeuwen	<a href="firewall_rules_edit.php?id=<?=$i;?>" class="btn btn-xs btn-primary">edit</a>
627			<a href="firewall_rules_edit.php?dup=<?=$i;?>" class="btn btn-xs btn-default">copy</a>
628			<a href="?act=toggle&if=<?=htmlspecialchars($if);?>&id=<?=$i;?>" class="btn btn-xs btn-warning"><?=(isset($filterent['disabled']) ? 'enable' : 'disable')?></a>
629			<a href="?act=del&if=<?=htmlspecialchars($if);?>&id=<?=$i;?>" class="btn btn-xs btn-danger">delete</a>
630	56dda8e0	Renato Botelho	</td>
631			</tr>
632	3b2c83b8	Sjon Hortensius	<?php endfor;?>
633			</tbody>
634	d732f186	Bill Marquette	</table>
635	06966500	Sander van Leeuwen	</div>
636	3b2c83b8	Sjon Hortensius
637			<?php if ($nrules == 0): ?>
638			<div class="alert alert-warning" role="alert">
639	06966500	Sander van Leeuwen	<p>
640	3b2c83b8	Sjon Hortensius	<?php if ($_REQUEST['if'] == "FloatingRules"): ?>
641			<?=gettext("No floating rules are currently defined.");?>
642			<?php else: ?>
643			<?=gettext("No rules are currently defined for this interface");?><br />
644			<?=gettext("All incoming connections on this interface will be blocked until you add pass rules.");?>
645			<?php endif;?>
646	06966500	Sander van Leeuwen	<?=gettext("Click the button to add a new rule.");?>
647			</p>
648	3b2c83b8	Sjon Hortensius	</div>
649			<?php endif;?>
650
651	94404d94	Sander van Leeuwen	<nav class="action-buttons">
652			<a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>" role="button" class="btn btn-success">
653			<?=gettext("add new");?>
654			</a>
655	3b2c83b8	Sjon Hortensius	<?php if ($i > 0): ?>
656			<a href="#" role="button" class="btn btn-danger">
657	80169aa8	Sjon Hortensius	<?=gettext("delete selected");?>
658	3b2c83b8	Sjon Hortensius	</a>
659			<!-- onclick="return confirm('<?=gettext('Do you really want to delete the selected rules?');?>')" />-->
660			<?php endif;?>
661	94404d94	Sander van Leeuwen	</nav>
662	3b2c83b8	Sjon Hortensius
663			<h2>Legend</h2>
664			<ul>
665			<li><i class="icon icon-ok"></i> <?=gettext("pass");?></li>
666			<li><i class="icon icon-filter"></i> <?=gettext("match");?></li>
667			<li><i class="icon icon-remove"></i> <?=gettext("block");?></li>
668			<li><i class="icon icon-fire"></i> <?=gettext("reject");?></li>
669			<li><i class="icon icon-tasks"></i> <?=gettext("log");?></li>
670			<li><i class="icon icon-cog"></i> <?=gettext("advanced filter");?></li>
671			</ul>
672
673			<p>
674			<?php if ("FloatingRules" != $if): ?>
675			<?=gettext("Rules are evaluated on a first-match basis (i.e. " .
676			"the action of the first rule to match a packet will be executed). " .
677			"This means that if you use block rules, you'll have to pay attention " .
678			"to the rule order. Everything that isn't explicitly passed is blocked " .
679			"by default. ");?>
680			<?php else: ?>
681			<?=gettext("Floating rules are evaluated on a first-match basis (i.e. " .
682			"the action of the first rule to match a packet will be executed) only " .
683			"if the 'quick' option is checked on a rule. Otherwise they will only apply if no " .
684			"other rules match. Pay close attention to the rule order and options " .
685			"chosen. If no rule here matches, the per-interface or default rules are used. ");?>
686			<?php endif;?>
687			</p>
688			<input type="hidden" name="if" value="<?=htmlspecialchars($if);?>" />
689	07bd3f83	Scott Ullrich	</form>
690	41ea4cf3	Sjon Hortensius	<?php include("foot.inc");?>

Project

General

Profile

pfSense