/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ 3a343d73

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	9ae40f2b	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	9ae40f2b	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	9ae40f2b	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	7ac5a4cb	Scott Ullrich	/*
32			pfSense_MODULE: nat
33			*/
34	5b237745	Scott Ullrich
35	6b07c15a	Matthew Grooms	##\|+PRIV
36			##\|*IDENT=page-firewall-nat-portforward-edit
37			##\|*NAME=Firewall: NAT: Port Forward: Edit page
38			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
39			##\|MATCH=firewall_nat_edit.php
40			##\|-PRIV
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("itemid.inc");
44	1a03cf69	Scott Ullrich	require("filter.inc");
45			require("shaper.inc");
46	5b237745	Scott Ullrich
47	59ecde49	Renato Botelho	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
48			$ifdisp = get_configured_interface_with_descr();
49			foreach ($ifdisp as $kif => $kdescr) {
50			$specialsrcdst[] = "{$kif}";
51			$specialsrcdst[] = "{$kif}ip";
52			}
53
54	5b237745	Scott Ullrich	if (!is_array($config['nat']['rule'])) {
55			$config['nat']['rule'] = array();
56			}
57			$a_nat = &$config['nat']['rule'];
58
59			$id = $_GET['id'];
60			if (isset($_POST['id']))
61			$id = $_POST['id'];
62
63	4a991889	Bill Marquette	if (isset($_GET['dup'])) {
64			$id = $_GET['dup'];
65			$after = $_GET['dup'];
66			}
67
68	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
69	59ecde49	Renato Botelho	$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
70			$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
71
72			address_to_pconfig($a_nat[$id]['source'], $pconfig['src'],
73			$pconfig['srcmask'], $pconfig['srcnot'],
74			$pconfig['srcbeginport'], $pconfig['srcendport']);
75
76			address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'],
77			$pconfig['dstmask'], $pconfig['dstnot'],
78			$pconfig['dstbeginport'], $pconfig['dstendport']);
79
80	5b237745	Scott Ullrich	$pconfig['proto'] = $a_nat[$id]['protocol'];
81			$pconfig['localip'] = $a_nat[$id]['target'];
82			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
83			$pconfig['descr'] = $a_nat[$id]['descr'];
84			$pconfig['interface'] = $a_nat[$id]['interface'];
85	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
86	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
87	15409667	Erik Fonnesbeck	$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
88	59ecde49	Renato Botelho
89	5b237745	Scott Ullrich	if (!$pconfig['interface'])
90			$pconfig['interface'] = "wan";
91			} else {
92			$pconfig['interface'] = "wan";
93	59ecde49	Renato Botelho	$pconfig['src'] = "any";
94			$pconfig['srcbeginport'] = "any";
95			$pconfig['srcendport'] = "any";
96	5b237745	Scott Ullrich	}
97
98	a6713b32	Bill Marquette	if (isset($_GET['dup']))
99			unset($id);
100
101	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
102	59ecde49	Renato Botelho	* cannot think he is slick and perform a XSS attack on the unwilling
103	ef2a753c	Scott Ullrich	*/
104	b45babae	Evgeny Yurchenko	unset($input_errors);
105	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
106			$temp = $value;
107			$newpost = htmlentities($temp);
108	59ecde49	Renato Botelho	if($newpost <> $temp)
109	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
110	ef2a753c	Scott Ullrich	}
111
112	5b237745	Scott Ullrich	if ($_POST) {
113
114	59ecde49	Renato Botelho	if(strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") {
115			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
116	90f90934	Cristian Feldman	$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
117	59ecde49	Renato Botelho	if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
118	90f90934	Cristian Feldman	$_POST['srcendport'] = trim($_POST['srcendport_cust']);
119	59ecde49	Renato Botelho
120			if ($_POST['srcbeginport'] == "any") {
121			$_POST['srcbeginport'] = 0;
122			$_POST['srcendport'] = 0;
123			} else {
124			if (!$_POST['srcendport'])
125			$_POST['srcendport'] = $_POST['srcbeginport'];
126			}
127			if ($_POST['srcendport'] == "any")
128			$_POST['srcendport'] = $_POST['srcbeginport'];
129
130			if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
131	90f90934	Cristian Feldman	$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
132	59ecde49	Renato Botelho	if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
133	90f90934	Cristian Feldman	$_POST['dstendport'] = trim($_POST['dstendport_cust']);
134	59ecde49	Renato Botelho
135			if ($_POST['dstbeginport'] == "any") {
136			$_POST['dstbeginport'] = 0;
137			$_POST['dstendport'] = 0;
138			} else {
139			if (!$_POST['dstendport'])
140			$_POST['dstendport'] = $_POST['dstbeginport'];
141			}
142			if ($_POST['dstendport'] == "any")
143			$_POST['dstendport'] = $_POST['dstbeginport'];
144
145			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
146	90f90934	Cristian Feldman	$_POST['localbeginport'] = trim($_POST['localbeginport_cust']);
147	9ae40f2b	Scott Ullrich
148	59ecde49	Renato Botelho	/* Make beginning port end port if not defined and endport is */
149			if (!$_POST['srcbeginport'] && $_POST['srcendport'])
150			$_POST['srcbeginport'] = $_POST['srcendport'];
151			if (!$_POST['dstbeginport'] && $_POST['dstendport'])
152			$_POST['dstbeginport'] = $_POST['dstendport'];
153			} else {
154			$_POST['srcbeginport'] = 0;
155			$_POST['srcendport'] = 0;
156			$_POST['dstbeginport'] = 0;
157			$_POST['dstendport'] = 0;
158			}
159
160			if (is_specialnet($_POST['srctype'])) {
161			$_POST['src'] = $_POST['srctype'];
162			$_POST['srcmask'] = 0;
163			} else if ($_POST['srctype'] == "single") {
164			$_POST['srcmask'] = 32;
165			}
166			if (is_specialnet($_POST['dsttype'])) {
167			$_POST['dst'] = $_POST['dsttype'];
168			$_POST['dstmask'] = 0;
169			} else if ($_POST['dsttype'] == "single") {
170			$_POST['dstmask'] = 32;
171			} else if (is_ipaddr($_POST['dsttype'])) {
172			$_POST['dst'] = $_POST['dsttype'];
173			$_POST['dstmask'] = 32;
174			$_POST['dsttype'] = "single";
175			}
176	9ae40f2b	Scott Ullrich
177	5b237745	Scott Ullrich	$pconfig = $_POST;
178
179			/* input validation */
180	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
181	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto dstbeginport dstendport");
182			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));
183	b66f7667	Scott Ullrich	} else {
184	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto");
185			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"));
186	b66f7667	Scott Ullrich	}
187	9ae40f2b	Scott Ullrich
188	59ecde49	Renato Botelho	if ($_POST['srctype'] == "single" \|\| $_POST['srctype'] == "network") {
189			$reqdfields[] = "src";
190	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Source address");
191	59ecde49	Renato Botelho	}
192			if ($_POST['dsttype'] == "single" \|\| $_POST['dsttype'] == "network") {
193			$reqdfields[] = "dst";
194	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Destination address");
195	59ecde49	Renato Botelho	}
196	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr'])) {
197			$reqdfields[] = "localip";
198			$reqdfieldsn[] = gettext("Redirect target IP");
199			}
200	59ecde49	Renato Botelho
201	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
202	9ae40f2b	Scott Ullrich
203	59ecde49	Renato Botelho	if (!$_POST['srcbeginport']) {
204			$_POST['srcbeginport'] = 0;
205			$_POST['srcendport'] = 0;
206			}
207			if (!$_POST['dstbeginport']) {
208			$_POST['dstbeginport'] = 0;
209			$_POST['dstendport'] = 0;
210			}
211
212	90f90934	Cristian Feldman	if ($_POST['src'])
213			$_POST['src'] = trim($_POST['src']);
214			if ($_POST['dst'])
215			$_POST['dst'] = trim($_POST['dst']);
216			if ($_POST['localip'])
217			$_POST['localip'] = trim($_POST['localip']);
218
219	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
220			$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);
221	5b237745	Scott Ullrich	}
222	9ae40f2b	Scott Ullrich
223	59ecde49	Renato Botelho	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
224	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
225	59ecde49	Renato Botelho	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
226	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
227	59ecde49	Renato Botelho	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
228	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
229	59ecde49	Renato Botelho	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
230	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
231	59ecde49	Renato Botelho
232	6ab59b35	Ermal	if (!isset($_POST['nordr']) && $_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {
233	8bb88a62	Chris Buechler	$input_errors[] = sprintf(gettext("A valid local port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
234	59ecde49	Renato Botelho	}
235	9ae40f2b	Scott Ullrich
236	59ecde49	Renato Botelho	/* if user enters an alias and selects "network" then disallow. */
237			if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) )
238			\|\| ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) {
239	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
240	59ecde49	Renato Botelho	}
241	b66f7667	Scott Ullrich
242	59ecde49	Renato Botelho	if (!is_specialnet($_POST['srctype'])) {
243			if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
244	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
245	b66f7667	Scott Ullrich	}
246	59ecde49	Renato Botelho	if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
247	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid source bit count must be specified.");
248	b66f7667	Scott Ullrich	}
249	59ecde49	Renato Botelho	}
250			if (!is_specialnet($_POST['dsttype'])) {
251			if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
252	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
253	b66f7667	Scott Ullrich	}
254	59ecde49	Renato Botelho	if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
255	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid destination bit count must be specified.");
256	b66f7667	Scott Ullrich	}
257	59ecde49	Renato Botelho	}
258
259			if ($_POST['srcbeginport'] > $_POST['srcendport']) {
260			/* swap */
261			$tmp = $_POST['srcendport'];
262			$_POST['srcendport'] = $_POST['srcbeginport'];
263			$_POST['srcbeginport'] = $tmp;
264			}
265			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
266			/* swap */
267			$tmp = $_POST['dstendport'];
268			$_POST['dstendport'] = $_POST['dstbeginport'];
269			$_POST['dstbeginport'] = $tmp;
270			}
271	ea0805c1	Scott Ullrich
272	59ecde49	Renato Botelho	if (!$input_errors) {
273	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
274	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
275	5b237745	Scott Ullrich	}
276	9ae40f2b	Scott Ullrich
277	5b237745	Scott Ullrich	/* check for overlaps */
278			foreach ($a_nat as $natent) {
279			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
280			continue;
281			if ($natent['interface'] != $_POST['interface'])
282			continue;
283	59ecde49	Renato Botelho	if ($natent['destination']['address'] != $_POST['dst'])
284	5b237745	Scott Ullrich	continue;
285	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
286			continue;
287	ea0805c1	Scott Ullrich
288	59ecde49	Renato Botelho	list($begp,$endp) = explode("-", $natent['destination']['port']);
289	5b237745	Scott Ullrich	if (!$endp)
290			$endp = $begp;
291	ea0805c1	Scott Ullrich
292	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
293			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
294	ea0805c1	Scott Ullrich
295	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
296	5b237745	Scott Ullrich	break;
297			}
298			}
299
300	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
301			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation");
302
303	5b237745	Scott Ullrich	if (!$input_errors) {
304			$natent = array();
305	9ae40f2b	Scott Ullrich
306	59ecde49	Renato Botelho	$natent['disabled'] = isset($_POST['disabled']) ? true:false;
307			$natent['nordr'] = isset($_POST['nordr']) ? true:false;
308
309	6fa73745	Erik Fonnesbeck	if ($natent['nordr']) {
310			$_POST['associated-rule-id'] = '';
311			$_POST['filter-rule-association'] = '';
312			}
313
314	59ecde49	Renato Botelho	pconfig_to_address($natent['source'], $_POST['src'],
315			$_POST['srcmask'], $_POST['srcnot'],
316			$_POST['srcbeginport'], $_POST['srcendport']);
317
318			pconfig_to_address($natent['destination'], $_POST['dst'],
319			$_POST['dstmask'], $_POST['dstnot'],
320			$_POST['dstbeginport'], $_POST['dstendport']);
321
322			$natent['protocol'] = $_POST['proto'];
323	9ae40f2b	Scott Ullrich
324	6fa73745	Erik Fonnesbeck	if (!$natent['nordr']) {
325			$natent['target'] = $_POST['localip'];
326			$natent['local-port'] = $_POST['localbeginport'];
327			}
328	5b237745	Scott Ullrich	$natent['interface'] = $_POST['interface'];
329			$natent['descr'] = $_POST['descr'];
330	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
331	59ecde49	Renato Botelho
332	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
333	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
334	9ae40f2b	Scott Ullrich
335	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
336			$natent['nosync'] = true;
337			else
338			unset($natent['nosync']);
339
340	40fa6dde	Erik Fonnesbeck	if ($_POST['natreflection'] == "enable" \|\| $_POST['natreflection'] == "purenat" \|\| $_POST['natreflection'] == "disable")
341	15409667	Erik Fonnesbeck	$natent['natreflection'] = $_POST['natreflection'];
342			else
343			unset($natent['natreflection']);
344
345	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
346	f83fa942	Ermal	if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) \|\| $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) {
347	473d0ff0	pierrepomes	// Delete the previous rule
348	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
349	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
350			}
351
352	5335abae	unknown	$need_filter_rule = false;
353			// Updating a rule with a filter rule associated
354	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id']))
355	5335abae	unknown	$need_filter_rule = true;
356	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
357	9b16b834	Ermal Lu?i	if( $natent['associated-rule-id']=='new' ) {
358	473d0ff0	pierrepomes	$need_filter_rule = true;
359	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
360	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
361			}
362	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
363	473d0ff0	pierrepomes	else if( isset($_POST['filter-rule-association']) &&
364			($_POST['filter-rule-association']=='add-associated' \|\|
365	5335abae	unknown	$_POST['filter-rule-association']=='add-unassociated') )
366			$need_filter_rule = true;
367
368	473d0ff0	pierrepomes	// Determine NAT entry ID now, we need it for the firewall rule
369			if (isset($id) && $a_nat[$id])
370			$a_nat[$id] = $natent;
371			else {
372			if (is_numeric($after))
373			$id = $after + 1;
374			else
375			$id = count($a_nat);
376			}
377	5335abae	unknown
378	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
379	9ae40f2b	Scott Ullrich
380	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
381	9ae40f2b	Scott Ullrich	$filterent = array();
382	9b16b834	Ermal Lu?i	unset($filterentid);
383	473d0ff0	pierrepomes	// If a rule already exists, load it
384	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
385			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
386	59345b3c	Renato Botelho	if ($filterentid == false)
387	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'];
388	59345b3c	Renato Botelho	else
389	9b16b834	Ermal Lu?i	$filterent =& $config['filter']['rule'][$filterentid];
390	59345b3c	Renato Botelho	}
391			pconfig_to_address($filterent['source'], $_POST['src'],
392			$_POST['srcmask'], $_POST['srcnot'],
393			$_POST['srcbeginport'], $_POST['srcendport']);
394	473d0ff0	pierrepomes
395			// Update interface, protocol and destination
396	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
397			$filterent['protocol'] = $_POST['proto'];
398			$filterent['destination']['address'] = $_POST['localip'];
399	9ae40f2b	Scott Ullrich
400	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
401	59ecde49	Renato Botelho	$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
402	9ae40f2b	Scott Ullrich
403	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
404			$filterent['destination']['port'] = $dstpfrom;
405			else
406			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
407	9ae40f2b	Scott Ullrich
408	06246e5b	Seth Mos	/*
409			* Our firewall filter description may be no longer than
410			* 63 characters, so don't let it be.
411			*/
412	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
413	9ae40f2b	Scott Ullrich
414	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
415			if( $_POST['filter-rule-association']=='add-associated' ) {
416	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
417	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
418			}
419	9ae40f2b	Scott Ullrich
420	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
421	5b237745	Scott Ullrich	}
422	9ae40f2b	Scott Ullrich
423	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
424			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config");
425
426	473d0ff0	pierrepomes	// Update the NAT entry now
427	b9e28d57	unknown	if (isset($id) && $a_nat[$id])
428			$a_nat[$id] = $natent;
429			else {
430			if (is_numeric($after))
431			array_splice($a_nat, $after+1, 0, array($natent));
432			else
433			$a_nat[] = $natent;
434			}
435
436	3a343d73	jim-p	if (write_config())
437			mark_subsystem_dirty('natconf');
438	9ae40f2b	Scott Ullrich
439	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
440			exit;
441			}
442			}
443	da7ae7ef	Bill Marquette
444	ba1a0433	Renato Botelho	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit"));
445	da7ae7ef	Bill Marquette	include("head.inc");
446
447	5b237745	Scott Ullrich	?>
448	4bb99603	Scott Ullrich	<link rel="stylesheet" href="/javascript/chosen/chosen.css" />
449			</head>
450	da7ae7ef	Bill Marquette
451	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
452	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
453	4ce8ac00	Erik Kristensen	<?php
454			include("fbegin.inc"); ?>
455	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
456			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
457			<table width="100%" border="0" cellpadding="6" cellspacing="0">
458	2a6cb2d6	Scott Ullrich	<tr>
459	6cac9bda	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
460	59ecde49	Renato Botelho	</tr>
461	2ea00c3e	Scott Ullrich	<?php
462			// Allow extending of the firewall edit page and include custom input validation
463			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly");
464			?>
465	59ecde49	Renato Botelho	<tr>
466	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
467	59ecde49	Renato Botelho	<td width="78%" class="vtable">
468			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
469	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("Disable this rule"); ?></strong><br />
470			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
471	59ecde49	Renato Botelho	</td>
472			</tr>
473			<tr>
474	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
475	59ecde49	Renato Botelho	<td width="78%" class="vtable">
476	44374c0a	Erik Fonnesbeck	<input type="checkbox" name="nordr" id="nordr" onClick="nordr_change();" <?php if($pconfig['nordr']) echo "CHECKED"; ?>>
477	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
478			<br><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
479	59ecde49	Renato Botelho	</td>
480			</tr>
481			<tr>
482	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
483	5b237745	Scott Ullrich	<td width="78%" class="vtable">
484	bcbcc2f8	Erik Fonnesbeck	<select name="interface" class="formselect" onChange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
485	5b237745	Scott Ullrich	<?php
486	59ecde49	Renato Botelho
487	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
488	920d1d01	Scott Ullrich	// Allow extending of the firewall edit interfaces
489	40b83796	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
490	59ecde49	Renato Botelho	foreach ($iflist as $if => $ifdesc)
491			if(have_ruleint_access($if))
492	cbe3ea96	Ermal Luçi	$interfaces[$if] = $ifdesc;
493	59ecde49	Renato Botelho
494	f6018115	Erik Fonnesbeck	if ($config['l2tp']['mode'] == "server")
495			if(have_ruleint_access("l2tp"))
496			$interfaces['l2tp'] = "L2TP VPN";
497
498	40b56dc1	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
499	59ecde49	Renato Botelho	if(have_ruleint_access("pptp"))
500	40b56dc1	Scott Ullrich	$interfaces['pptp'] = "PPTP VPN";
501	59ecde49	Renato Botelho
502	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
503			$interfaces['pppoe'] = "PPPoE VPN";
504	59ecde49	Renato Botelho
505	40b56dc1	Scott Ullrich	/* add ipsec interfaces */
506	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
507	59ecde49	Renato Botelho	if(have_ruleint_access("enc0"))
508			$interfaces["enc0"] = "IPsec";
509	40b56dc1	Scott Ullrich
510	f6018115	Erik Fonnesbeck	/* add openvpn/tun interfaces */
511			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
512			$interfaces["openvpn"] = "OpenVPN";
513
514	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
515			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
516			<?=htmlspecialchars($ifacename);?>
517			</option>
518			<?php endforeach; ?>
519			</select><br>
520	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br>
521			<?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td>
522	5b237745	Scott Ullrich	</tr>
523	9ae40f2b	Scott Ullrich	<tr>
524	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
525	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
526	b5c78501	Seth Mos	<select name="proto" class="formselect" onChange="proto_change(); check_for_aliases();">
527	e598eab5	Scott Ullrich	<?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP"); foreach ($protocols as $proto): ?>
528	5b237745	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
529			<?php endforeach; ?>
530	6cac9bda	Carlos Eduardo Ramos	</select> <br> <span class="vexpl"><?=gettext("Choose which IP protocol " .
531			"this rule should match."); ?><br>
532	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em>  <?=gettext("here."); ?></span></td>
533	5b237745	Scott Ullrich	</tr>
534	59ecde49	Renato Botelho	<tr id="showadvancedboxsrc" name="showadvancedboxsrc">
535	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
536	59ecde49	Renato Botelho	<td width="78%" class="vtable">
537	3a92149b	Carlos Eduardo Ramos	<input type="button" onClick="show_source()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source address and port range"); ?></a>
538	59ecde49	Renato Botelho	</td>
539			</tr>
540			<tr style="display: none;" id="srctable" name="srctable">
541	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
542	59ecde49	Renato Botelho	<td width="78%" class="vtable">
543	ba1a0433	Renato Botelho	<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
544	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
545	59ecde49	Renato Botelho	<br />
546	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
547	59ecde49	Renato Botelho	<br />
548			<br />
549			<table border="0" cellspacing="0" cellpadding="0">
550			<tr>
551	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
552	59ecde49	Renato Botelho	<td>
553			<select name="srctype" class="formselect" onChange="typesel_change()">
554			<?php
555			$sel = is_specialnet($pconfig['src']); ?>
556	6cac9bda	Carlos Eduardo Ramos	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option>
557			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
558			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option>
559	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
560	ba1a0433	Renato Botelho	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option>
561	59ecde49	Renato Botelho	<?php endif; ?>
562			<?php if(have_ruleint_access("pppoe")): ?>
563	ba1a0433	Renato Botelho	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option>
564	59ecde49	Renato Botelho	<?php endif; ?>
565			<?php if(have_ruleint_access("l2tp")): ?>
566	ba1a0433	Renato Botelho	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option>
567	3a92149b	Carlos Eduardo Ramos	<?php endif; ?>
568	59ecde49	Renato Botelho	<?php
569			foreach ($ifdisp as $ifent => $ifdesc): ?>
570			<?php if(have_ruleint_access($ifent)): ?>
571	6cac9bda	Carlos Eduardo Ramos	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option>
572	59ecde49	Renato Botelho	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
573	ba1a0433	Renato Botelho	<?=$ifdesc?> <?=gettext("address");?>
574	59ecde49	Renato Botelho	</option>
575			<?php endif; ?>
576			<?php endforeach; ?>
577			</select>
578			</td>
579			</tr>
580			<tr>
581	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
582	59ecde49	Renato Botelho	<td>
583			<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
584			<select name="srcmask" class="formselect" id="srcmask">
585			<?php for ($i = 31; $i > 0; $i--): ?>
586			<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
587			<?php endfor; ?>
588			</select>
589			</td>
590			</tr>
591			</table>
592			</td>
593			</tr>
594			<tr style="display:none" id="sprtable" name="sprtable">
595	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range"); ?></td>
596	59ecde49	Renato Botelho	<td width="78%" class="vtable">
597			<table border="0" cellspacing="0" cellpadding="0">
598			<tr>
599	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
600	59ecde49	Renato Botelho	<td>
601			<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
602	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
603			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any"); ?></option>
604	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
605			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
606			<?php endforeach; ?>
607			</select>
608	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
609	59ecde49	Renato Botelho	</td>
610			</tr>
611			<tr>
612	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
613	59ecde49	Renato Botelho	<td>
614			<select name="srcendport" class="formselect" onchange="ext_change()">
615	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
616			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any"); ?></option>
617	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
618			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
619			<?php endforeach; ?>
620			</select>
621	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
622	59ecde49	Renato Botelho	</td>
623			</tr>
624			</table>
625			<br />
626	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>.</b> <br /> <?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to filter a single port."); ?></span><br/>
627	59ecde49	Renato Botelho	</td>
628			</tr>
629			<tr>
630	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td>
631	59ecde49	Renato Botelho	<td width="78%" class="vtable">
632			<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
633	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
634	59ecde49	Renato Botelho	<br />
635	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
636	59ecde49	Renato Botelho	<br />
637			<br />
638			<table border="0" cellspacing="0" cellpadding="0">
639			<tr>
640	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
641	59ecde49	Renato Botelho	<td>
642			<select name="dsttype" class="formselect" onChange="typesel_change()">
643			<?php
644			$sel = is_specialnet($pconfig['dst']); ?>
645	6cac9bda	Carlos Eduardo Ramos	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option>
646			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
647			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option>
648	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
649	ba1a0433	Renato Botelho	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option>
650	59ecde49	Renato Botelho	<?php endif; ?>
651			<?php if(have_ruleint_access("pppoe")): ?>
652	ba1a0433	Renato Botelho	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option>
653	59ecde49	Renato Botelho	<?php endif; ?>
654			<?php if(have_ruleint_access("l2tp")): ?>
655	ba1a0433	Renato Botelho	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option>
656	59ecde49	Renato Botelho	<?php endif; ?>
657
658			<?php foreach ($ifdisp as $if => $ifdesc): ?>
659			<?php if(have_ruleint_access($if)): ?>
660	6cac9bda	Carlos Eduardo Ramos	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option>
661	59ecde49	Renato Botelho	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
662	ba1a0433	Renato Botelho	<?=$ifdesc;?> <?=gettext("address");?>
663	59ecde49	Renato Botelho	</option>
664			<?php endif; ?>
665			<?php endforeach; ?>
666
667			<?php if (is_array($config['virtualip']['vip'])):
668			foreach ($config['virtualip']['vip'] as $sn):
669	e2c1d6c5	jim-p	if (isset($sn['noexpand']))
670			continue;
671	59ecde49	Renato Botelho	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
672	08a5d2eb	jim-p	$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
673			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
674			$len = $end - $start;
675			for ($i = 0; $i <= $len; $i++):
676			$snip = long2ip32($start+$i);
677	59ecde49	Renato Botelho	?>
678			<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
679			<?php endfor;
680			else:
681			?>
682			<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
683			<?php endif;
684			endforeach;
685			endif;
686			?>
687			</select>
688			</td>
689			</tr>
690			<tr>
691	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
692	59ecde49	Renato Botelho	<td>
693	43f2eca7	Erik Fonnesbeck	<input autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
694	59ecde49	Renato Botelho	/
695			<select name="dstmask" class="formselect" id="dstmask">
696			<?php
697			for ($i = 31; $i > 0; $i--): ?>
698			<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
699			<?php endfor; ?>
700			</select>
701			</td>
702			</tr>
703			</table>
704			</td>
705			</tr>
706			<tr id="dprtr" name="dprtr">
707	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range"); ?> </td>
708	59ecde49	Renato Botelho	<td width="78%" class="vtable">
709			<table border="0" cellspacing="0" cellpadding="0">
710			<tr>
711	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
712	59ecde49	Renato Botelho	<td>
713			<select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
714	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
715	a457e739	Renato Botelho	<?php $bfound = 0;
716			foreach ($wkports as $wkport => $wkportdesc): ?>
717	59ecde49	Renato Botelho	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
718			<?php endforeach; ?>
719			</select>
720	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
721	59ecde49	Renato Botelho	</td>
722			</tr>
723			<tr>
724	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
725	59ecde49	Renato Botelho	<td>
726			<select name="dstendport" class="formselect" onchange="ext_change()">
727	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
728	a457e739	Renato Botelho	<?php $bfound = 0;
729			foreach ($wkports as $wkport => $wkportdesc): ?>
730	59ecde49	Renato Botelho	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
731			<?php endforeach; ?>
732			</select>
733	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
734	59ecde49	Renato Botelho	</td>
735			</tr>
736			</table>
737			<br />
738			<span class="vexpl">
739	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?>
740	59ecde49	Renato Botelho	<br />
741	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to map a single port"); ?>
742	59ecde49	Renato Botelho	</span>
743			</td>
744			</tr>
745	44374c0a	Erik Fonnesbeck	<tr name="localiptable" id="localiptable">
746	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
747	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
748	4ce8ac00	Erik Kristensen	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
749	6cac9bda	Carlos Eduardo Ramos	<br> <span class="vexpl"><?=gettext("Enter the internal IP address of " .
750	39a3ce91	Carlos Eduardo Ramos	"the server on which you want to map the ports."); ?><br>
751	6cac9bda	Carlos Eduardo Ramos	<?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td>
752	5b237745	Scott Ullrich	</tr>
753	59ecde49	Renato Botelho	<tr name="lprtr" id="lprtr">
754	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
755	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
756	b5c78501	Seth Mos	<select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();">
757	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
758	5b237745	Scott Ullrich	<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
759			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
760	0e6998d1	Scott Ullrich	echo "selected";
761			$bfound = 1;
762			}?>>
763	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
764			</option>
765			<?php endforeach; ?>
766	225a2f0b	Scott Ullrich	</select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>">
767	5b237745	Scott Ullrich	<br>
768	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the port on the machine with the " .
769			"IP address entered above. In case of a port range, specify " .
770			"the beginning port of the range (the end port will be calculated " .
771	39a3ce91	Carlos Eduardo Ramos	"automatically)."); ?><br>
772	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td>
773	5b237745	Scott Ullrich	</tr>
774	9ae40f2b	Scott Ullrich	<tr>
775	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
776	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
777	b5c78501	Seth Mos	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
778	6cac9bda	Carlos Eduardo Ramos	<br> <span class="vexpl"><?=gettext("You may enter a description here " .
779	39a3ce91	Carlos Eduardo Ramos	"for your reference (not parsed)."); ?></span></td>
780	53ea15e0	Scott Ullrich	</tr>
781	d00055f8	Scott Ullrich	<tr>
782	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
783	d00055f8	Scott Ullrich	<td width="78%" class="vtable">
784	ba1a0433	Renato Botelho	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
785	6cac9bda	Carlos Eduardo Ramos	<?=gettext("HINT: This prevents the rule from automatically syncing to other CARP members"); ?>.
786	d00055f8	Scott Ullrich	</td>
787	ea0805c1	Scott Ullrich	</tr>
788	15409667	Erik Fonnesbeck	<tr>
789	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
790	15409667	Erik Fonnesbeck	<td width="78%" class="vtable">
791			<select name="natreflection" class="formselect">
792	40fa6dde	Erik Fonnesbeck	<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected"; ?>><?=gettext("Use system default"); ?></option>
793			<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option>
794			<option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected"; ?>><?=gettext("Enable (Pure NAT)"); ?></option>
795			<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>><?=gettext("Disable"); ?></option>
796	15409667	Erik Fonnesbeck	</select>
797			</td>
798			</tr>
799	b9e28d57	unknown	<?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
800	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
801	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
802	b9e28d57	unknown	<td width="78%" class="vtable">
803	9b16b834	Ermal Lu?i	<select name="associated-rule-id">
804	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
805	39a3ce91	Carlos Eduardo Ramos	<option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " SELECTED"; ?>><?=gettext("Pass"); ?></option>
806	59ecde49	Renato Botelho	<?php
807	cdf9847b	Ermal Lu?i	$linkedrule = "";
808	9b16b834	Ermal Lu?i	if (is_array($config['filter']['rule'])) {
809	8bb30d23	Erik Fonnesbeck	filter_rules_sort();
810	8ad3503e	Erik Fonnesbeck	foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
811	9b16b834	Ermal Lu?i	if (isset($filter_rule['associated-rule-id'])) {
812			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
813	cdf9847b	Ermal Lu?i	if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
814	9b16b834	Ermal Lu?i	echo " SELECTED";
815	8ad3503e	Erik Fonnesbeck	$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br/>";
816	cdf9847b	Ermal Lu?i	}
817	9b16b834	Ermal Lu?i	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
818	59ecde49	Renato Botelho
819	9b16b834	Ermal Lu?i	}
820			}
821			}
822			if (isset($pconfig['associated-rule-id']))
823	6cac9bda	Carlos Eduardo Ramos	echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
824	9b16b834	Ermal Lu?i	echo "</select>\n";
825	cdf9847b	Ermal Lu?i	echo $linkedrule;
826	9b16b834	Ermal Lu?i	?>
827	b9e28d57	unknown	</td>
828			</tr>
829			<?php endif; ?>
830	53ea15e0	Scott Ullrich	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']))): ?>
831	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
832	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
833	5d2742d5	sullrich	<td width="78%" class="vtable">
834	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
835	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
836			<option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
837			<option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
838	3a92149b	Carlos Eduardo Ramos	<option value="pass"><?=gettext("Pass"); ?></option>
839	5335abae	unknown	</select>
840			</td>
841	5b237745	Scott Ullrich	</tr><?php endif; ?>
842	2ea00c3e	Scott Ullrich	<?php
843			// Allow extending of the firewall edit page and include custom input validation
844			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate");
845			?>
846	147b90b8	Scott Ullrich	<tr>
847			<td width="22%" valign="top"> </td>
848			<td width="78%"> </td>
849			</tr>
850	9ae40f2b	Scott Ullrich	<tr>
851	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
852	9ae40f2b	Scott Ullrich	<td width="78%">
853	6cac9bda	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
854	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
855	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
856	5b237745	Scott Ullrich	<?php endif; ?>
857			</td>
858			</tr>
859			</table>
860			</form>
861			<script language="JavaScript">
862			<!--
863	4ce8ac00	Erik Kristensen	ext_change();
864	dd5bf424	Scott Ullrich	dst_change(document.iform.interface.value,'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>');
865	bcbcc2f8	Erik Fonnesbeck	var iface_old = document.iform.interface.value;
866	59ecde49	Renato Botelho	typesel_change();
867			proto_change();
868	5ab8e250	Erik Fonnesbeck	<?php if ($pconfig['srcnot'] \|\| $pconfig['src'] != "any" \|\| $pconfig['srcbeginport'] != "any" \|\| $pconfig['srcendport'] != "any"): ?>
869			show_source();
870			<?php endif; ?>
871	44374c0a	Erik Fonnesbeck	nordr_change();
872	5b237745	Scott Ullrich	//-->
873			</script>
874	9ae40f2b	Scott Ullrich	<script language="JavaScript">
875	4dfd930e	Darren Embry	//<![CDATA[
876			var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
877			var customarray = <?= json_encode(get_alias_list("port")) ?>;
878	9eb60dcc	Ermal Lu?i
879			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
880	59ecde49	Renato Botelho	var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
881			var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
882			var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
883			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
884			var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
885			var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
886			var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
887	4dfd930e	Darren Embry	//]]>
888	9ae40f2b	Scott Ullrich	</script>
889	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
890			</body>
891			</html>

Project

General

Profile

pfSense