. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ require("guiconfig.inc"); if (!is_array($config['shaper']['rule'])) { $config['shaper']['rule'] = array(); } $a_shaper = &$config['shaper']['rule']; /* redirect to wizard if shaper isn't already configured */ if(isset($config['shaper']['enable'])) { $pconfig['enable'] = TRUE; } else { if(!is_array($config['shaper']['queue'])) Header("Location: wizard.php?xml=traffic_shaper_wizard.xml"); } $specialsrcdst = explode(" ", "any lan pptp"); $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; $after = $_GET['after']; if (isset($_POST['after'])) $after = $_POST['after']; if (isset($_GET['dup'])) { $id = $_GET['dup']; $after = $_GET['dup']; } if (isset($id) && $a_shaper[$id]) { $pconfig['in-interface'] = $a_shaper[$id]['in-interface']; $pconfig['out-interface'] = $a_shaper[$id]['out-interface']; if (isset($a_shaper[$id]['protocol'])) $pconfig['proto'] = $a_shaper[$id]['protocol']; else $pconfig['proto'] = "any"; address_to_pconfig($a_shaper[$id]['source'], $pconfig['src'], $pconfig['srcmask'], $pconfig['srcnot'], $pconfig['srcbeginport'], $pconfig['srcendport']); address_to_pconfig($a_shaper[$id]['destination'], $pconfig['dst'], $pconfig['dstmask'], $pconfig['dstnot'], $pconfig['dstbeginport'], $pconfig['dstendport']); $pconfig['inqueue'] = $a_shaper[$id]['inqueue']; $pconfig['outqueue'] = $a_shaper[$id]['outqueue']; $pconfig['direction'] = $a_shaper[$id]['direction']; $pconfig['iptos'] = $a_shaper[$id]['iptos']; $pconfig['tcpflags'] = $a_shaper[$id]['tcpflags']; $pconfig['descr'] = $a_shaper[$id]['descr']; $pconfig['disabled'] = isset($a_shaper[$id]['disabled']); if ($pconfig['srcbeginport'] == 0) { $pconfig['srcbeginport'] = "any"; $pconfig['srcendport'] = "any"; } if ($pconfig['dstbeginport'] == 0) { $pconfig['dstbeginport'] = "any"; $pconfig['dstendport'] = "any"; } } else { /* defaults */ $pconfig['src'] = "any"; $pconfig['dst'] = "any"; } if (isset($_GET['dup'])) unset($id); if ($_POST) { if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "any")) { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } else { if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) $_POST['srcbeginport'] = $_POST['srcbeginport_cust']; if ($_POST['srcendport_cust'] && !$_POST['srcendport']) $_POST['srcendport'] = $_POST['srcendport_cust']; if ($_POST['srcbeginport'] == "any") { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; } else { if (!$_POST['srcendport']) $_POST['srcendport'] = $_POST['srcbeginport']; } if ($_POST['srcendport'] == "any") $_POST['srcendport'] = $_POST['srcbeginport']; if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) $_POST['dstbeginport'] = $_POST['dstbeginport_cust']; if ($_POST['dstendport_cust'] && !$_POST['dstendport']) $_POST['dstendport'] = $_POST['dstendport_cust']; if ($_POST['dstbeginport'] == "any") { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } else { if (!$_POST['dstendport']) $_POST['dstendport'] = $_POST['dstbeginport']; } if ($_POST['dstendport'] == "any") $_POST['dstendport'] = $_POST['dstbeginport']; } if (is_specialnet($_POST['srctype'])) { $_POST['src'] = $_POST['srctype']; $_POST['srcmask'] = 0; } else if ($_POST['srctype'] == "single") { $_POST['srcmask'] = 32; } if (is_specialnet($_POST['dsttype'])) { $_POST['dst'] = $_POST['dsttype']; $_POST['dstmask'] = 0; } else if ($_POST['dsttype'] == "single") { $_POST['dstmask'] = 32; } $intos = array(); foreach ($iptos as $tos) { if ($_POST['iptos_' . $tos] == "on") $intos[] = $tos; else if ($_POST['iptos_' . $tos] == "off") $intos[] = "!" . $tos; } $_POST['iptos'] = join(",", $intos); $intcpflags = array(); foreach ($tcpflags as $tcpflag) { if ($_POST['tcpflags_' . $tcpflag] == "on") $intcpflags[] = $tcpflag; else if ($_POST['tcpflags_' . $tcpflag] == "off") $intcpflags[] = "!" . $tcpflag; } $_POST['tcpflags'] = join(",", $intcpflags); unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "inqueue outqueue proto src dst"); $reqdfieldsn = explode(",", "Inbound Queue,Outbound Queue,Protocol,Source,Destination"); if (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) { $reqdfields[] = "srcmask"; $reqdfieldsn[] = "Source bit count"; } if (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) { $reqdfields[] = "dstmask"; $reqdfieldsn[] = "Destination bit count"; } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if (!$_POST['srcbeginport']) { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; } if (!$_POST['dstbeginport']) { $_POST['dstbeginport'] = 0; $_POST['dstendport'] = 0; } if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) { $input_errors[] = "The start source port must be an alias or integer between 1 and 65535."; } if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) { $input_errors[] = "The end source port must be an alias or integer between 1 and 65535."; } if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) { $input_errors[] = "The start destination port must be an alias or integer between 1 and 65535."; } if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) { $input_errors[] = "The end destination port must be an alias or integer between 1 and 65535."; } if (!is_specialnet($_POST['srctype'])) { if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) { $input_errors[] = "A valid source IP address or alias must be specified."; } if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { $input_errors[] = "A valid source bit count must be specified."; } } if (!is_specialnet($_POST['dsttype'])) { if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) { $input_errors[] = "A valid destination IP address or alias must be specified."; } if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { $input_errors[] = "A valid destination bit count must be specified."; } } if ($_POST['srcbeginport'] > $_POST['srcendport']) { /* swap */ $tmp = $_POST['srcendport']; $_POST['srcendport'] = $_POST['srcbeginport']; $_POST['srcbeginport'] = $tmp; } if ($_POST['dstbeginport'] > $_POST['dstendport']) { /* swap */ $tmp = $_POST['dstendport']; $_POST['dstendport'] = $_POST['dstbeginport']; $_POST['dstbeginport'] = $tmp; } if (!$input_errors) { $shaperent = array(); $shaperent['in-interface'] = $_POST['in-interface']; $shaperent['out-interface'] = $_POST['out-interface']; if ($_POST['proto'] != "any") $shaperent['protocol'] = $_POST['proto']; else unset($shaperent['protocol']); pconfig_to_address($shaperent['source'], $_POST['src'], $_POST['srcmask'], $_POST['srcnot'], $_POST['srcbeginport'], $_POST['srcendport']); pconfig_to_address($shaperent['destination'], $_POST['dst'], $_POST['dstmask'], $_POST['dstnot'], $_POST['dstbeginport'], $_POST['dstendport']); $shaperent['direction'] = $_POST['direction']; $shaperent['iptos'] = $_POST['iptos']; $shaperent['tcpflags'] = $_POST['tcpflags']; $shaperent['descr'] = $_POST['descr']; $shaperent['disabled'] = $_POST['disabled'] ? true : false; $shaperent['inqueue'] = $_POST['inqueue']; $shaperent['outqueue'] = $_POST['outqueue']; if (isset($id) && $a_shaper[$id]) $a_shaper[$id] = $shaperent; else { if (is_numeric($after)) array_splice($a_shaper, $after+1, 0, array($shaperent)); else $a_shaper[] = $shaperent; } write_config(); touch($d_shaperconfdirty_path); header("Location: firewall_shaper.php"); exit; } } $pgtitle = "Firewall: Shaper: Rules: Edit"; $closehead = false; include("head.inc"); ?>

0)): ?>
Target /
Disabled > Disable this rule
Set this option to disable this rule without removing it from the list.
In Interface
Choose which interface packets must pass in to match this rule.
Out Interface
Choose which interface packets must pass out to match this rule.
Protocol
Choose which IP protocol this rule should match.
Hint: in most cases, you should specify TCP  here.
Source > not
Use this option to invert the sense of the match.

Type:  
Address:   /
Source port range
from:  
to:

Specify the port or port range for the source of the packet for this rule.
Hint: you can leave the 'to' field empty if you only want to filter a single port
Destination > not
Use this option to invert the sense of the match.

Type:  
Address:   /
Destination port range
from:  
to:

Specify the port or port range for the destination of the packet for this rule.
Hint: you can leave the 'to' field empty if you only want to filter a single port
Direction
Use this to match only packets travelling in a given direction on the interface specified above (as seen from the firewall's perspective).
IP Type of Service (TOS)
> yes    > no    > don't care
Use this to match packets according to their IP TOS values.
TCP flags
> set    > cleared    > don't care
Use this to choose TCP flags that must be set or cleared for this rule to match.
Description
You may enter a description here for your reference (not parsed).
 

You need to create a queue before you can add a new rule.