/src/etc/inc/easyrule.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/easyrule.inc @ 39d2f39d

1	c0b6fdde	jim-p	<?php
2			/*
3	ce77a9c4	Phil Davis	easyrule.inc
4	c0b6fdde	jim-p
5	09221bc3	Renato Botelho	part of pfSense (https://www.pfsense.org)
6	998f77a8	jim-p	Originally Sponsored By Anathematic @ pfSense Forums
7	09221bc3	Renato Botelho	Copyright (c) 2009-2010 Electric Sheep Fencing, LLC. All rights reserved.
8	c0b6fdde	jim-p
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13	09221bc3	Renato Botelho	this list of conditions and the following disclaimer.
14	c0b6fdde	jim-p
15			2. Redistributions in binary form must reproduce the above copyright
16	09221bc3	Renato Botelho	notice, this list of conditions and the following disclaimer in
17			the documentation and/or other materials provided with the
18			distribution.
19
20			3. All advertising materials mentioning features or use of this software
21			must display the following acknowledgment:
22			"This product includes software developed by the pfSense Project
23			for use in the pfSense® software distribution. (http://www.pfsense.org/).
24
25			4. The names "pfSense" and "pfSense Project" must not be used to
26			endorse or promote products derived from this software without
27			prior written permission. For written permission, please contact
28			coreteam@pfsense.org.
29
30			5. Products derived from this software may not be called "pfSense"
31			nor may "pfSense" appear in their names without prior written
32			permission of the Electric Sheep Fencing, LLC.
33
34			6. Redistributions of any form whatsoever must retain the following
35			acknowledgment:
36
37			"This product includes software developed by the pfSense Project
38			for use in the pfSense software distribution (http://www.pfsense.org/).
39
40			THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			OF THE POSSIBILITY OF SUCH DAMAGE.
52	c0b6fdde	jim-p	*/
53
54			$blockaliasname = 'EasyRuleBlockHosts';
55	865ff9b4	jim-p	$protocols_with_ports = array('tcp', 'udp');
56			require_once("functions.inc");
57			require_once("util.inc");
58	1d85e963	Renato Botelho	require_once("ipsec.inc");
59	865ff9b4	jim-p	require_once("config.inc");
60	4d828a9a	Ermal Lu?i
61	c0b6fdde	jim-p	function easyrule_find_rule_interface($int) {
62			global $config;
63			/* Borrowed from firewall_rules.php */
64	4d828a9a	Ermal Lu?i	$iflist = get_configured_interface_with_descr(false, true);
65	dadad8b3	jim-p
66	1e0b1727	Phil Davis	if ($config['pppoe']['mode'] == "server") {
67	d3d23754	Chris Buechler	$iflist['pppoe'] = "PPPoE Server";
68	1e0b1727	Phil Davis	}
69	dadad8b3	jim-p
70	1e0b1727	Phil Davis	if ($config['l2tp']['mode'] == "server") {
71			$iflist['l2tp'] = "L2TP VPN";
72			}
73	4d828a9a	Ermal Lu?i
74	c0b6fdde	jim-p	/* add ipsec interfaces */
75	4e322e2c	Phil Davis	if (ipsec_enabled()) {
76	c0b6fdde	jim-p	$iflist["enc0"] = "IPSEC";
77	4e322e2c	Phil Davis	}
78	dadad8b3	jim-p
79	1e0b1727	Phil Davis	if (isset($iflist[$int])) {
80	c0b6fdde	jim-p	return $int;
81	1e0b1727	Phil Davis	}
82	c0b6fdde	jim-p
83			foreach ($iflist as $if => $ifd) {
84	1e0b1727	Phil Davis	if (strtolower($int) == strtolower($ifd)) {
85	c0b6fdde	jim-p	return $if;
86	1e0b1727	Phil Davis	}
87	c0b6fdde	jim-p	}
88	dadad8b3	jim-p
89	1e0b1727	Phil Davis	if (substr($int, 0, 4) == "ovpn") {
90	066afaf1	jim-p	return "openvpn";
91	1e0b1727	Phil Davis	}
92	066afaf1	jim-p
93	c0b6fdde	jim-p	return false;
94			}
95
96	4475997e	jim-p	function easyrule_block_rule_exists($int = 'wan', $ipproto = "inet") {
97	c0b6fdde	jim-p	global $blockaliasname, $config;
98			/* No rules, we we know it doesn't exist */
99			if (!is_array($config['filter']['rule'])) {
100			return false;
101			}
102
103			/* Search through the rules for one referencing our alias */
104	28a581b8	jim-p	foreach ($config['filter']['rule'] as $rule) {
105	1e0b1727	Phil Davis	if (!is_array($rule) \|\| !is_array($rule['source'])) {
106	f3704cb2	jim-p	continue;
107	1e0b1727	Phil Davis	}
108	4475997e	jim-p	$checkproto = isset($rule['ipprotocol']) ? $rule['ipprotocol'] : "inet";
109	1e0b1727	Phil Davis	if ($rule['source']['address'] == $blockaliasname . strtoupper($int) && ($rule['interface'] == $int) && ($checkproto == $ipproto)) {
110	c0b6fdde	jim-p	return true;
111	1e0b1727	Phil Davis	}
112	28a581b8	jim-p	}
113	c0b6fdde	jim-p	return false;
114			}
115
116	64eda26c	jim-p	function easyrule_block_rule_create($int = 'wan', $ipproto = "inet") {
117	c0b6fdde	jim-p	global $blockaliasname, $config;
118			/* If the alias doesn't exist, exit.
119			* Can't create an empty alias, and we don't know a host */
120	1e0b1727	Phil Davis	if (easyrule_block_alias_getid($int) === false) {
121	c0b6fdde	jim-p	return false;
122	1e0b1727	Phil Davis	}
123	c0b6fdde	jim-p
124			/* If the rule already exists, no need to do it again */
125	1e0b1727	Phil Davis	if (easyrule_block_rule_exists($int, $ipproto)) {
126	c0b6fdde	jim-p	return true;
127	1e0b1727	Phil Davis	}
128	c0b6fdde	jim-p
129			/* No rules, start a new array */
130			if (!is_array($config['filter']['rule'])) {
131			$config['filter']['rule'] = array();
132			}
133
134			filter_rules_sort();
135			$a_filter = &$config['filter']['rule'];
136
137			/* Make up a new rule */
138			$filterent = array();
139			$filterent['type'] = 'block';
140	dadad8b3	jim-p	$filterent['interface'] = $int;
141	64eda26c	jim-p	$filterent['ipprotocol'] = $ipproto;
142	c0b6fdde	jim-p	$filterent['source']['address'] = $blockaliasname . strtoupper($int);
143			$filterent['destination']['any'] = '';
144	5bd033a0	Renato Botelho	$filterent['descr'] = gettext("Easy Rule: Blocked from Firewall Log View");
145	1c0083d0	jim-p	/* Do not translate this, it's considered a username which cannot contain international characters */
146			$filterent['created'] = make_config_revision_entry(null, "Easy Rule");
147	c0b6fdde	jim-p
148	92272605	NOYB	// Refer to firewall_rules_edit.php separators updating code.
149			// Using same code, variables, and techniques here.
150			$after = -1; // Place rule at top and move all separators.
151			array_splice($a_filter, $after+1, 0, array($filterent));
152
153			$tmpif = $int;
154
155			// Update the separators
156			$a_separators = &$config['filter']['separator'][strtolower($tmpif)];
157			$ridx = ifridx($tmpif, $after); // get rule index within interface
158			$mvnrows = +1;
159			move_separators($a_separators, $ridx, $mvnrows);
160	c0b6fdde	jim-p
161			return true;
162			}
163
164			function easyrule_block_alias_getid($int = 'wan') {
165			global $blockaliasname, $config;
166	1e0b1727	Phil Davis	if (!is_array($config['aliases'])) {
167	c0b6fdde	jim-p	return false;
168	1e0b1727	Phil Davis	}
169	c0b6fdde	jim-p
170			/* Hunt down an alias with the name we want, return its id */
171	1e0b1727	Phil Davis	foreach ($config['aliases']['alias'] as $aliasid => $alias) {
172			if ($alias['name'] == $blockaliasname . strtoupper($int)) {
173	c0b6fdde	jim-p	return $aliasid;
174	1e0b1727	Phil Davis	}
175			}
176	c0b6fdde	jim-p
177			return false;
178			}
179
180			function easyrule_block_alias_add($host, $int = 'wan') {
181			global $blockaliasname, $config;
182			/* If the host isn't a valid IP address, bail */
183	b4147482	jim-p	$host = trim($host, "[]");
184	1e0b1727	Phil Davis	if (!is_ipaddr($host) && !is_subnet($host)) {
185	c0b6fdde	jim-p	return false;
186	1e0b1727	Phil Davis	}
187	c0b6fdde	jim-p
188			/* If there are no aliases, start an array */
189	1e0b1727	Phil Davis	if (!is_array($config['aliases']['alias'])) {
190	c0b6fdde	jim-p	$config['aliases']['alias'] = array();
191	1e0b1727	Phil Davis	}
192	c0b6fdde	jim-p
193			$a_aliases = &$config['aliases']['alias'];
194
195			/* Try to get the ID if the alias already exists */
196			$id = easyrule_block_alias_getid($int);
197	1e0b1727	Phil Davis	if ($id === false) {
198	c0b6fdde	jim-p	unset($id);
199	1e0b1727	Phil Davis	}
200	c0b6fdde	jim-p
201			$alias = array();
202
203	0c305760	jim-p	if (is_subnet($host)) {
204			list($host, $mask) = explode("/", $host);
205			} elseif (is_specialnet($host)) {
206			$mask = 0;
207	b4147482	jim-p	} elseif (is_ipaddrv6($host)) {
208			$mask = 128;
209	0c305760	jim-p	} else {
210			$mask = 32;
211			}
212
213	c0b6fdde	jim-p	if (isset($id) && $a_aliases[$id]) {
214	e4d8943c	Oliver Welter
215			// Catch case when the list is empty
216			if (empty($a_aliases[$id]['address'])) {
217			$a_address = array();
218			$a_detail = array();
219			} else {
220			$a_address = explode(" ", $a_aliases[$id]['address']);
221
222			/* Make sure this IP isn't already in the list. */
223			if (in_array($host.'/'.$mask, $a_address)) {
224			return true;
225			}
226			$a_detail = explode("\|\|", $a_aliases[$id]['detail']);
227			}
228
229	c0b6fdde	jim-p	/* Since the alias already exists, just add to it. */
230			$alias['name'] = $a_aliases[$id]['name'];
231			$alias['type'] = $a_aliases[$id]['type'];
232			$alias['descr'] = $a_aliases[$id]['descr'];
233
234	e4d8943c	Oliver Welter	$a_address[] = $host.'/'.$mask;
235			$a_detail[] = gettext('Entry added') . ' ' . date('r');
236
237			$alias['address'] = join(" ", $a_address);
238			$alias['detail'] = join("\|\|", $a_detail);
239
240	c0b6fdde	jim-p	} else {
241			/* Create a new alias with all the proper information */
242	1e0b1727	Phil Davis	$alias['name'] = $blockaliasname . strtoupper($int);
243			$alias['type'] = 'network';
244	9d3d8d00	Vinicius Coque	$alias['descr'] = gettext("Hosts blocked from Firewall Log view");
245	c0b6fdde	jim-p
246	0c305760	jim-p	$alias['address'] = $host . '/' . $mask;
247	5bd033a0	Renato Botelho	$alias['detail'] = gettext('Entry added') . ' ' . date('r') . '\|\|';
248	c0b6fdde	jim-p	}
249
250			/* Replace the old alias if needed, otherwise tack it on the end */
251	1e0b1727	Phil Davis	if (isset($id) && $a_aliases[$id]) {
252	c0b6fdde	jim-p	$a_aliases[$id] = $alias;
253	1e0b1727	Phil Davis	} else {
254	c0b6fdde	jim-p	$a_aliases[] = $alias;
255	1e0b1727	Phil Davis	}
256	9bb8d542	Ermal Lu?i
257			// Sort list
258			$a_aliases = msort($a_aliases, "name");
259	c0b6fdde	jim-p
260			return true;
261			}
262
263	64eda26c	jim-p	function easyrule_block_host_add($host, $int = 'wan', $ipproto = "inet") {
264	c0b6fdde	jim-p	global $retval;
265			/* Bail if the supplied host is not a valid IP address */
266	b4147482	jim-p	$host = trim($host, "[]");
267	1e0b1727	Phil Davis	if (!is_ipaddr($host) && !is_subnet($host)) {
268	c0b6fdde	jim-p	return false;
269	1e0b1727	Phil Davis	}
270	c0b6fdde	jim-p
271			/* Flag whether or not we need to reload the filter */
272			$dirty = false;
273
274			/* Attempt to add this host to the alias */
275			if (easyrule_block_alias_add($host, $int)) {
276			$dirty = true;
277			} else {
278			/* Couldn't add the alias, or adding the host failed. */
279			return false;
280			}
281
282			/* Attempt to add the firewall rule if it doesn't exist.
283			* Failing to add the rule isn't necessarily an error, it may
284			* have been modified by the user in some way. Adding to the
285			* Alias is what's important.
286			*/
287	64eda26c	jim-p	if (!easyrule_block_rule_exists($int, $ipproto)) {
288			if (easyrule_block_rule_create($int, $ipproto)) {
289	c0b6fdde	jim-p	$dirty = true;
290			} else {
291			return false;
292			}
293			}
294
295			/* If needed, write the config and reload the filter */
296			if ($dirty) {
297			write_config();
298			$retval = filter_configure();
299	865ff9b4	jim-p	if (!empty($_SERVER['DOCUMENT_ROOT'])) {
300			header("Location: firewall_aliases.php");
301			exit;
302			} else {
303			return true;
304			}
305	c0b6fdde	jim-p	} else {
306			return false;
307			}
308			}
309
310	bd40781a	Seth Mos	function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipproto) {
311	c0b6fdde	jim-p	global $config;
312
313			/* No rules, start a new array */
314			if (!is_array($config['filter']['rule'])) {
315			$config['filter']['rule'] = array();
316			}
317
318			filter_rules_sort();
319			$a_filter = &$config['filter']['rule'];
320
321			/* Make up a new rule */
322			$filterent = array();
323			$filterent['type'] = 'pass';
324			$filterent['interface'] = $int;
325	bd40781a	Seth Mos	$filterent['ipprotocol'] = $ipproto;
326	5bd033a0	Renato Botelho	$filterent['descr'] = gettext("Easy Rule: Passed from Firewall Log View");
327	c0b6fdde	jim-p
328	1e0b1727	Phil Davis	if ($proto != "any") {
329	c0b6fdde	jim-p	$filterent['protocol'] = $proto;
330	1e0b1727	Phil Davis	} else {
331	c0b6fdde	jim-p	unset($filterent['protocol']);
332	1e0b1727	Phil Davis	}
333	c0b6fdde	jim-p
334			/* Default to only allow echo requests, since that's what most people want and
335			* it should be a safe choice. */
336	1e0b1727	Phil Davis	if ($proto == "icmp") {
337	c0b6fdde	jim-p	$filterent['icmptype'] = 'echoreq';
338	1e0b1727	Phil Davis	}
339	c0b6fdde	jim-p
340	1e0b1727	Phil Davis	if ((strtolower($proto) == "icmp6") \|\| (strtolower($proto) == "icmpv6")) {
341	daffbc34	jim-p	$filterent['protocol'] = "icmp";
342	1e0b1727	Phil Davis	}
343	daffbc34	jim-p
344	0c305760	jim-p	if (is_subnet($srchost)) {
345			list($srchost, $srcmask) = explode("/", $srchost);
346			} elseif (is_specialnet($srchost)) {
347			$srcmask = 0;
348	aea83400	Thomas Rieschl	} elseif (is_ipaddrv6($srchost)) {
349			$srcmask = 128;
350	0c305760	jim-p	} else {
351			$srcmask = 32;
352			}
353
354			if (is_subnet($dsthost)) {
355			list($dsthost, $dstmask) = explode("/", $dsthost);
356			} elseif (is_specialnet($dsthost)) {
357			$dstmask = 0;
358	aea83400	Thomas Rieschl	} elseif (is_ipaddrv6($dsthost)) {
359			$dstmask = 128;
360	0c305760	jim-p	} else {
361			$dstmask = 32;
362			}
363
364			pconfig_to_address($filterent['source'], $srchost, $srcmask);
365			pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport);
366	c0b6fdde	jim-p
367	7e506f87	jim-p	/* Do not translate this, it's considered a username which cannot contain international characters */
368			$filterent['created'] = make_config_revision_entry(null, "Easy Rule");
369	c0b6fdde	jim-p	$a_filter[] = $filterent;
370
371	998f77a8	jim-p	write_config($filterent['descr']);
372	c0b6fdde	jim-p	$retval = filter_configure();
373	865ff9b4	jim-p	if (!empty($_SERVER['DOCUMENT_ROOT'])) {
374			header("Location: firewall_rules.php?if={$int}");
375			exit;
376			} else {
377			return true;
378			}
379			}
380
381	64eda26c	jim-p	function easyrule_parse_block($int, $src, $ipproto = "inet") {
382	865ff9b4	jim-p	if (!empty($src) && !empty($int)) {
383	b4147482	jim-p	$src = trim($src, "[]");
384	0c305760	jim-p	if (!is_ipaddr($src) && !is_subnet($src)) {
385	5bd033a0	Renato Botelho	return gettext("Tried to block invalid IP:") . ' ' . htmlspecialchars($src);
386	865ff9b4	jim-p	}
387			$int = easyrule_find_rule_interface($int);
388			if ($int === false) {
389	5bd033a0	Renato Botelho	return gettext("Invalid interface for block rule:") . ' ' . htmlspecialchars($int);
390	865ff9b4	jim-p	}
391	64eda26c	jim-p	if (easyrule_block_host_add($src, $int, $ipproto)) {
392	5bd033a0	Renato Botelho	return gettext("Host added successfully");
393	865ff9b4	jim-p	} else {
394	5bd033a0	Renato Botelho	return gettext("Failed to create block rule, alias, or add host.");
395	865ff9b4	jim-p	}
396			} else {
397	5bd033a0	Renato Botelho	return gettext("Tried to block but had no host IP or interface");
398	865ff9b4	jim-p	}
399	5bd033a0	Renato Botelho	return gettext("Unknown block error.");
400	865ff9b4	jim-p	}
401	4dedce6d	Oliver Welter
402			function easyrule_parse_unblock($int, $host, $ipproto = "inet") {
403			global $blockaliasname, $config;
404
405			if (!empty($host) && !empty($int)) {
406			$host = trim($host, "[]");
407			if (!is_ipaddr($host) && !is_subnet($host)) {
408			return gettext("Tried to unblock invalid IP:") . ' ' . htmlspecialchars($host);
409			}
410			$real_int = easyrule_find_rule_interface($int);
411			if ($real_int === false) {
412			return gettext("Invalid interface for block rule:") . ' ' . htmlspecialchars($int);
413			}
414
415			/* Try to get the ID - will fail if there are no rules/alias on this interface */
416			$id = easyrule_block_alias_getid($real_int);
417			if ($id === false \|\| !$config['aliases']['alias'][$id]) {
418			return gettext("No block rules set on interface:") . ' ' . htmlspecialchars($int);
419			}
420
421			$alias = &$config['aliases']['alias'][$id];
422
423			if (is_subnet($host)) {
424			list($host, $mask) = explode("/", $host);
425			} elseif (is_specialnet($host)) {
426			$mask = 0;
427			} elseif (is_ipaddrv6($host)) {
428			$mask = 128;
429			} else {
430			$mask = 32;
431			}
432
433			// Create the expected string representation
434			$unblock = $host.'/'.$mask;
435
436			$a_address = explode(" ", $config['aliases']['alias'][$id]['address']);
437			$a_detail = explode("\|\|", $config['aliases']['alias'][$id]['detail']);
438
439	086cf944	Phil Davis	if (($key = array_search($unblock, $a_address)) !== false) {
440	4dedce6d	Oliver Welter	unset($a_address[$key]);
441			unset($a_detail[$key]);
442			// Write back the result to the config array
443			$config['aliases']['alias'][$id]['address'] = join(" ", $a_address);
444			$config['aliases']['alias'][$id]['detail'] = join("\|\|", $a_detail);
445
446			// Update config
447			write_config();
448			$retval = filter_configure();
449			if (!empty($_SERVER['DOCUMENT_ROOT'])) {
450			header("Location: firewall_aliases.php");
451			exit;
452			} else {
453			return gettext("Host unblocked successfully");
454			}
455			} else {
456	6d364925	Phil Davis	return gettext("Host is not on block list: " . $host);
457	4dedce6d	Oliver Welter	}
458			}
459
460			return gettext("Tried to unblock but had no host IP or interface");
461
462			}
463
464			function easyrule_parse_getblock($int = 'wan', $sep = "\n") {
465			global $blockaliasname, $config;
466
467			$real_int = easyrule_find_rule_interface($int);
468			if ($real_int === false) {
469			return gettext("Invalid interface for block rule:") . ' ' . htmlspecialchars($int);
470			}
471
472			/* Try to get the ID - will fail if there are no rules/alias on this interface */
473			$id = easyrule_block_alias_getid($real_int);
474
475			if ($id === false \|\| !$config['aliases']['alias'][$id] \|\| empty($config['aliases']['alias'][$id]['address'])) {
476			return gettext("No block rules set on interface:") . ' ' . htmlspecialchars($int);
477			}
478			return join($sep, explode(" ", $config['aliases']['alias'][$id]['address']));
479
480			}
481
482	64eda26c	jim-p	function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet") {
483	865ff9b4	jim-p	/* Check for valid int, srchost, dsthost, dstport, and proto */
484			global $protocols_with_ports;
485	b4147482	jim-p	$src = trim($src, "[]");
486			$dst = trim($dst, "[]");
487	865ff9b4	jim-p
488			if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) {
489			$int = easyrule_find_rule_interface($int);
490			if ($int === false) {
491	5bd033a0	Renato Botelho	return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int);
492	865ff9b4	jim-p	}
493			if (getprotobyname($proto) == -1) {
494	5bd033a0	Renato Botelho	return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto);
495	865ff9b4	jim-p	}
496	0c305760	jim-p	if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) {
497	5bd033a0	Renato Botelho	return gettext("Tried to pass invalid source IP:") . ' ' . htmlspecialchars($src);
498	865ff9b4	jim-p	}
499	0c305760	jim-p	if (!is_ipaddr($dst) && !is_subnet($dst) && !is_ipaddroralias($dst) && !is_specialnet($dst)) {
500	5bd033a0	Renato Botelho	return gettext("Tried to pass invalid destination IP:") . ' ' . htmlspecialchars($dst);
501	865ff9b4	jim-p	}
502			if (in_array($proto, $protocols_with_ports)) {
503			if (empty($dstport)) {
504	5bd033a0	Renato Botelho	return gettext("Missing destination port:") . ' ' . htmlspecialchars($dstport);
505	865ff9b4	jim-p	}
506	0c305760	jim-p	if (!is_port($dstport) && ($dstport != "any")) {
507	5bd033a0	Renato Botelho	return gettext("Tried to pass invalid destination port:") . ' ' . htmlspecialchars($dstport);
508	865ff9b4	jim-p	}
509			} else {
510			$dstport = 0;
511			}
512			/* Should have valid input... */
513	bd40781a	Seth Mos	if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) {
514	5bd033a0	Renato Botelho	return gettext("Successfully added pass rule!");
515	865ff9b4	jim-p	} else {
516	5bd033a0	Renato Botelho	return gettext("Failed to add pass rule.");
517	865ff9b4	jim-p	}
518			} else {
519	5bd033a0	Renato Botelho	return gettext("Missing parameters for pass rule.");
520	865ff9b4	jim-p	}
521	5bd033a0	Renato Botelho	return gettext("Unknown pass error.");
522	c0b6fdde	jim-p	}
523	9734b054	Scott Ullrich
524	bd40781a	Seth Mos	?>

Project

General

Profile

pfSense