/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ 3d72df58

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: filter
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-rules-edit
39			##\|*NAME=Firewall: Rules: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
41			##\|MATCH=firewall_rules_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	1a03cf69	Scott Ullrich	require("filter.inc");
46			require("shaper.inc");
47	5b237745	Scott Ullrich
48	e5e5ba51	Vinicius Coque	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
49	3331a640	Ermal Lu?i	$ifdisp = get_configured_interface_with_descr();
50	679d21bb	Ermal Lu?i	foreach ($ifdisp as $kif => $kdescr) {
51	3331a640	Ermal Lu?i	$specialsrcdst[] = "{$kif}";
52			$specialsrcdst[] = "{$kif}ip";
53	679d21bb	Ermal Lu?i	}
54	5b237745	Scott Ullrich
55			if (!is_array($config['filter']['rule'])) {
56			$config['filter']['rule'] = array();
57			}
58			filter_rules_sort();
59			$a_filter = &$config['filter']['rule'];
60
61			$id = $_GET['id'];
62			if (is_numeric($_POST['id']))
63			$id = $_POST['id'];
64	5ba18897	Scott Ullrich
65	5b237745	Scott Ullrich	$after = $_GET['after'];
66
67			if (isset($_POST['after']))
68			$after = $_POST['after'];
69
70			if (isset($_GET['dup'])) {
71			$id = $_GET['dup'];
72			$after = $_GET['dup'];
73			}
74
75			if (isset($id) && $a_filter[$id]) {
76			$pconfig['interface'] = $a_filter[$id]['interface'];
77	5ba18897	Scott Ullrich
78	b9e28d57	unknown	if (isset($a_filter[$id]['id']))
79			$pconfig['ruleid'] = $a_filter[$id]['id'];
80
81	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
82			$pconfig['type'] = "pass";
83			else
84			$pconfig['type'] = $a_filter[$id]['type'];
85	5ba18897	Scott Ullrich
86	4633edc2	Ermal Luçi	if (isset($a_filter[$id]['floating']) \|\| $if == "FloatingRules") {
87	661aed33	Ermal Luçi	$pconfig['floating'] = $a_filter[$id]['floating'];
88			if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
89			$pconfig['interface'] = $a_filter[$id]['interface'];
90			}
91
92			if (isset($a_filter['floating']))
93			$pconfig['floating'] = "yes";
94
95			if (isset($a_filter[$id]['direction']))
96			$pconfig['direction'] = $a_filter[$id]['direction'];
97
98	1306c7dd	Seth Mos	if (isset($a_filter[$id]['ipprotocol']))
99			$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
100
101	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
102			$pconfig['proto'] = $a_filter[$id]['protocol'];
103			else
104			$pconfig['proto'] = "any";
105	5ba18897	Scott Ullrich
106	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
107			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
108	5ba18897	Scott Ullrich
109	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
110			$pconfig['srcmask'], $pconfig['srcnot'],
111			$pconfig['srcbeginport'], $pconfig['srcendport']);
112	5ba18897	Scott Ullrich
113	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
114			$pconfig['os'] = $a_filter[$id]['os'];
115	e33c8694	Bill Marquette
116	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
117			$pconfig['dstmask'], $pconfig['dstnot'],
118			$pconfig['dstbeginport'], $pconfig['dstendport']);
119
120	c5fc1b2e	Ermal Luçi	if ($a_filter[$id]['dscp'] <> "")
121			$pconfig['dscp'] = $a_filter[$id]['dscp'];
122
123	5b237745	Scott Ullrich	$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
124			$pconfig['log'] = isset($a_filter[$id]['log']);
125			$pconfig['descr'] = $a_filter[$id]['descr'];
126	8c84fe43	Scott Ullrich
127	b8ed2a11	Ermal	if (isset($a_filter[$id]['tcpflags_any']))
128			$pconfig['tcpflags_any'] = true;
129			else {
130			if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
131			$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1'];
132			if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
133			$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2'];
134			}
135
136	5c1f5584	Ermal Luçi	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
137	661aed33	Ermal Luçi	$pconfig['tag'] = $a_filter[$id]['tag'];
138	b6494651	Ermal Lu?i	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "")
139	661aed33	Ermal Luçi	$pconfig['tagged'] = $a_filter[$id]['tagged'];
140			if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick'])
141			$pconfig['quick'] = $a_filter[$id]['quick'];
142	775ccea3	Ermal Luci	if (isset($a_filter[$id]['allowopts']))
143			$pconfig['allowopts'] = true;
144	19757916	Ermal Lu?i	if (isset($a_filter[$id]['disablereplyto']))
145			$pconfig['disablereplyto'] = true;
146	661aed33	Ermal Luçi
147	ed08ef3e	Scott Ullrich	/* advanced */
148	a56b2fa0	pierrepomes	$pconfig['max'] = $a_filter[$id]['max'];
149	f1c49ff4	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
150	26dd6a54	pierrepomes	$pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn'];
151	f1c49ff4	Scott Ullrich	$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
152			$pconfig['statetype'] = $a_filter[$id]['statetype'];
153	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
154	8c84fe43	Scott Ullrich
155	f1c49ff4	Scott Ullrich	/* advanced - nosync */
156	8c84fe43	Scott Ullrich	$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
157	10f21e70	Scott Ullrich
158	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
159			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
160			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
161	5ba18897	Scott Ullrich
162	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
163	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
164	615b27bc	Scott Dale
165	197bfe96	Ermal Luçi	/* Shaper support */
166			$pconfig['defaultqueue'] = $a_filter[$id]['defaultqueue'];
167			$pconfig['ackqueue'] = $a_filter[$id]['ackqueue'];
168	a5fd67e1	Ermal Luçi	$pconfig['dnpipe'] = $a_filter[$id]['dnpipe'];
169			$pconfig['pdnpipe'] = $a_filter[$id]['pdnpipe'];
170	7e50413c	Ermal Luçi	$pconfig['l7container'] = $a_filter[$id]['l7container'];
171	197bfe96	Ermal Luçi
172	615b27bc	Scott Dale	//schedule support
173			$pconfig['sched'] = $a_filter[$id]['sched'];
174	1346306c	Ermal	$pconfig['vlanprio'] = $a_filter[$id]['vlanprio'];
175			$pconfig['vlanprioset'] = $a_filter[$id]['vlanprioset'];
176	35c9cd44	Erik Fonnesbeck	if (!isset($_GET['dup']))
177			$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
178	c98ddde2	Bill Marquette
179	5b237745	Scott Ullrich	} else {
180			/* defaults */
181	a23d7248	Scott Ullrich	if ($_GET['if'])
182			$pconfig['interface'] = $_GET['if'];
183	e5e5ba51	Vinicius Coque	$pconfig['type'] = "pass";
184			$pconfig['src'] = "any";
185			$pconfig['dst'] = "any";
186	5b237745	Scott Ullrich	}
187	a133c803	Phil Davis	/* Allow the FloatingRules to work */
188	72320b88	Ermal Luçi	$if = $pconfig['interface'];
189	5b237745	Scott Ullrich
190			if (isset($_GET['dup']))
191			unset($id);
192
193	85a236e9	Ermal	read_altq_config(); /* XXX: */
194			$qlist =& get_unique_queue_list();
195			read_dummynet_config(); /* XXX: */
196			$dnqlist =& get_unique_dnqueue_list();
197			read_layer7_config();
198			$l7clist =& get_l7_unique_list();
199
200	5b237745	Scott Ullrich	if ($_POST) {
201	99bdb17e	Seth Mos	unset($input_errors);
202	87f0be87	Chris Buechler
203	48a27d4f	Erik Fonnesbeck	if( isset($a_filter[$id]['associated-rule-id']) ) {
204			$_POST['proto'] = $pconfig['proto'];
205			if ($pconfig['proto'] == "icmp")
206			$_POST['icmptype'] = $pconfig['icmptype'];
207			}
208
209	99bdb17e	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "")) {
210	ee8c34f4	smos	$a_gatewaygroups = return_gateway_groups_array();
211	a133c803	Phil Davis	if(is_array($config['gateways']['gateway_group'])) {
212			foreach($config['gateways']['gateway_group'] as $gw_group) {
213			if($gw_group['name'] == $_POST['gateway']) {
214			$family = $a_gatewaygroups[$_POST['gateway']]['ipprotocol'];
215			if($_POST['ipprotocol'] == $family) {
216			continue;
217			}
218			if(($_POST['ipprotocol'] == "inet46") && ($_POST['ipprotocol'] != $family)) {
219			$input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6");
220			}
221			if(($_POST['ipprotocol'] == "inet6") && ($_POST['ipprotocol'] != $family)) {
222			$input_errors[] = gettext("You can not assign a IPv4 gateway group on IPv6 Address Family rule");
223			}
224			if(($_POST['ipprotocol'] == "inet") && ($_POST['ipprotocol'] != $family)) {
225			$input_errors[] = gettext("You can not assign a IPv6 gateway group on IPv4 Address Family rule");
226			}
227	99bdb17e	Seth Mos	}
228			}
229			}
230			}
231	9dfd60db	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "") && (is_ipaddr(lookup_gateway_ip_by_name($_POST['gateway'])))) {
232	05a4cebd	smos	if(($_POST['ipprotocol'] == "inet46") && ($_POST['gateway'] <> "")) {
233			$input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6");
234			}
235	99bdb17e	Seth Mos	if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) {
236			$input_errors[] = gettext("You can not assign the IPv4 Gateway to a IPv6 Filter rule");
237			}
238			if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) {
239			$input_errors[] = gettext("You can not assign the IPv6 Gateway to a IPv4 Filter rule");
240			}
241			}
242
243	05a4cebd	smos	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp") && ($_POST['proto'] != "icmp")) {
244			if($_POST['ipprotocol'] == "inet46")
245			$input_errors[] = gettext("You can not assign a protocol other then ICMP, TCP, UDP or TCP/UDP to a rule that applies to IPv4 and IPv6");
246			}
247			if (($_POST['proto'] == "icmp") && ($_POST['icmptype'] <> "")){
248			if($_POST['ipprotocol'] == "inet46")
249			$input_errors[] = gettext("You can not assign a ICMP type to a rule that applies to IPv4 and IPv6");
250			}
251
252	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
253			$_POST['srcbeginport'] = 0;
254			$_POST['srcendport'] = 0;
255			$_POST['dstbeginport'] = 0;
256			$_POST['dstendport'] = 0;
257			} else {
258			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
259	90f90934	Cristian Feldman	$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
260	5b237745	Scott Ullrich	if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
261	90f90934	Cristian Feldman	$_POST['srcendport'] = trim($_POST['srcendport_cust']);
262	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
263			$_POST['srcbeginport'] = 0;
264			$_POST['srcendport'] = 0;
265	5ba18897	Scott Ullrich	} else {
266	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
267			$_POST['srcendport'] = $_POST['srcbeginport'];
268			}
269			if ($_POST['srcendport'] == "any")
270			$_POST['srcendport'] = $_POST['srcbeginport'];
271	5ba18897	Scott Ullrich
272	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
273	90f90934	Cristian Feldman	$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
274	5b237745	Scott Ullrich	if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
275	90f90934	Cristian Feldman	$_POST['dstendport'] = trim($_POST['dstendport_cust']);
276	5ba18897	Scott Ullrich
277	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
278			$_POST['dstbeginport'] = 0;
279			$_POST['dstendport'] = 0;
280	5ba18897	Scott Ullrich	} else {
281	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
282			$_POST['dstendport'] = $_POST['dstbeginport'];
283			}
284			if ($_POST['dstendport'] == "any")
285	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
286	5b237745	Scott Ullrich	}
287	5ba18897	Scott Ullrich
288	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
289			$_POST['src'] = $_POST['srctype'];
290			$_POST['srcmask'] = 0;
291			} else if ($_POST['srctype'] == "single") {
292			$_POST['srcmask'] = 32;
293			}
294			if (is_specialnet($_POST['dsttype'])) {
295			$_POST['dst'] = $_POST['dsttype'];
296			$_POST['dstmask'] = 0;
297			} else if ($_POST['dsttype'] == "single") {
298			$_POST['dstmask'] = 32;
299			}
300	5ba18897	Scott Ullrich
301	5b237745	Scott Ullrich	$pconfig = $_POST;
302
303			/* input validation */
304	1122a892	Erik Fonnesbeck	$reqdfields = explode(" ", "type proto");
305			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
306	48a27d4f	Erik Fonnesbeck	$reqdfields[] = "src";
307			$reqdfields[] = "dst";
308	1122a892	Erik Fonnesbeck	}
309			$reqdfieldsn = explode(",", "Type,Protocol");
310			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
311			$reqdfieldsn[] = "Source";
312	473d0ff0	pierrepomes	$reqdfieldsn[] = "Destination";
313	1122a892	Erik Fonnesbeck	}
314	5b237745	Scott Ullrich
315	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
316	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
317	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid with protocol tcp."),$_POST['statetype']);
318	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
319	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
320	452ade89	Bill Marquette	}
321	10f7933f	Chris Buechler
322	1122a892	Erik Fonnesbeck	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
323			(!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) ) {
324	5b237745	Scott Ullrich	$reqdfields[] = "srcmask";
325			$reqdfieldsn[] = "Source bit count";
326			}
327	9b16b834	Ermal Lu?i	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
328	473d0ff0	pierrepomes	(!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) ) {
329	5b237745	Scott Ullrich	$reqdfields[] = "dstmask";
330	11d2c529	Rafael Lucas	$reqdfieldsn[] = gettext("Destination bit count");
331	5b237745	Scott Ullrich	}
332	5ba18897	Scott Ullrich
333	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
334	5ba18897	Scott Ullrich
335	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
336			$_POST['srcbeginport'] = 0;
337			$_POST['srcendport'] = 0;
338			}
339			if (!$_POST['dstbeginport']) {
340			$_POST['dstbeginport'] = 0;
341			$_POST['dstendport'] = 0;
342			}
343	5ba18897	Scott Ullrich
344	9b45f821	Ermal Lu?i	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
345	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
346	90f90934	Cristian Feldman	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
347			$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
348			if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
349			$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
350			if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
351			$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
352	5909b520	Evgeny Yurchenko	if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust'])
353			if (is_alias($_POST['srcendport_cust']))
354			$input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field';
355			if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
356			if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust'])
357			$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields';
358			if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) \|\|
359			((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
360			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field';
361			}
362			if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust'])
363			if (is_alias($_POST['dstendport_cust']))
364			$input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field';
365			if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
366			if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust'])
367			$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields';
368			if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) \|\|
369			((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
370			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field';
371			}
372	5ba18897	Scott Ullrich
373	90f90934	Cristian Feldman	if ($_POST['src'])
374			$_POST['src'] = trim($_POST['src']);
375			if ($_POST['dst'])
376			$_POST['dst'] = trim($_POST['dst']);
377
378	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
379			if($_POST['srctype'] == "network") {
380			if(is_alias($_POST['src']))
381	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
382	0e5ddcd9	Scott Ullrich	}
383			if($_POST['dsttype'] == "network") {
384			if(is_alias($_POST['dst']))
385	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
386	0e5ddcd9	Scott Ullrich	}
387
388	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
389	1e578a7f	Ermal Lu?i	if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
390	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."),$_POST['src']);
391	5b237745	Scott Ullrich	}
392			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
393	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid source bit count must be specified.");
394	5b237745	Scott Ullrich	}
395			}
396			if (!is_specialnet($_POST['dsttype'])) {
397	1e578a7f	Ermal Lu?i	if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
398	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."),$_POST['dst']);
399	5b237745	Scott Ullrich	}
400			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
401	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid destination bit count must be specified.");
402	5b237745	Scott Ullrich	}
403			}
404	8c591d01	Seth Mos	if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) {
405	270a2576	Seth Mos	if(!validate_address_family($_POST['src'], $_POST['dst']))
406			$input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']);
407	4108dee8	Seth Mos	if((is_ipaddrv6($_POST['src']) \|\| is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet"))
408			$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
409			if((is_ipaddrv4($_POST['src']) \|\| is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6"))
410			$input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
411	05a4cebd	smos	if((is_ipaddr($_POST['src']) \|\| is_ipaddr($_POST['dst'])) && ($_POST['ipprotocol'] == "inet46"))
412			$input_errors[] = gettext("You can not use a IPv4 or IPv6 address in combined IPv4 + IPv6 rules.");
413
414	270a2576	Seth Mos	}
415	5ba18897	Scott Ullrich
416	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
417			/* swap */
418			$tmp = $_POST['srcendport'];
419			$_POST['srcendport'] = $_POST['srcbeginport'];
420			$_POST['srcbeginport'] = $tmp;
421			}
422			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
423			/* swap */
424			$tmp = $_POST['dstendport'];
425			$_POST['dstendport'] = $_POST['dstbeginport'];
426			$_POST['dstbeginport'] = $tmp;
427			}
428	e33c8694	Bill Marquette	if ($_POST['os'])
429			if( $_POST['proto'] != "tcp" )
430	11d2c529	Rafael Lucas	$input_errors[] = gettext("OS detection is only valid with protocol tcp.");
431	5b237745	Scott Ullrich
432	197bfe96	Ermal Luçi	if ($_POST['ackqueue'] && $_POST['ackqueue'] != "none") {
433			if ($_POST['defaultqueue'] == "none" )
434	11d2c529	Rafael Lucas	$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
435	197bfe96	Ermal Luçi	else if ($_POST['ackqueue'] == $_POST['defaultqueue'])
436	11d2c529	Rafael Lucas	$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
437	197bfe96	Ermal Luçi	}
438	6735d092	Ermal	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
439	02d7e4a4	Ermal	$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
440	622bd5e7	Ermal	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
441	37d202a3	Ermal	$input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction.");
442	a5fd67e1	Ermal Luçi	if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") {
443			if ($_POST['dnpipe'] == "none" )
444	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
445	a5fd67e1	Ermal Luçi	else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
446	11d2c529	Rafael Lucas	$input_errors[] = gettext("In and Out Queue cannot be the same.");
447	85a236e9	Ermal	else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?")
448	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
449	85a236e9	Ermal	else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?")
450	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
451	fbc75dd5	Ermal	if ($_POST['direction'] == "out" && empty($_POST['gateway']))
452			$input_errors[] = gettext("Please select a gateway, normaly the interface selected gateway, so the limiters work correctly");
453	a5fd67e1	Ermal Luçi	}
454	b9e28d57	unknown	if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
455	11d2c529	Rafael Lucas	$input_errors[] = gettext('ID must be an integer');
456	7e50413c	Ermal Luçi	if($_POST['l7container'] && $_POST['l7container'] != "none") {
457			if(!($_POST['proto'] == "tcp" \|\| $_POST['proto'] == "udp" \|\| $_POST['proto'] == "tcp/udp"))
458	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols");
459	3b184ca5	Ermal Lu?i	if ($_POST['type'] <> "pass")
460	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
461	7e50413c	Ermal Luçi	}
462	197bfe96	Ermal Luçi
463	b8ed2a11	Ermal	if (!$_POST['tcpflags_any']) {
464			$settcpflags = array();
465			$outoftcpflags = array();
466			foreach ($tcpflags as $tcpflag) {
467			if ($_POST['tcpflags1_' . $tcpflag] == "on")
468			$settcpflags[] = $tcpflag;
469			if ($_POST['tcpflags2_' . $tcpflag] == "on")
470			$outoftcpflags[] = $tcpflag;
471			}
472			if (empty($outoftcpflags) && !empty($settcpflags))
473	11d2c529	Rafael Lucas	$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
474	b8ed2a11	Ermal	}
475
476	d65962a7	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
477			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation");
478
479	5b237745	Scott Ullrich	if (!$input_errors) {
480			$filterent = array();
481	b9e28d57	unknown	$filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:'';
482	5b237745	Scott Ullrich	$filterent['type'] = $_POST['type'];
483	661aed33	Ermal Luçi	if (isset($_POST['interface'] ))
484			$filterent['interface'] = $_POST['interface'];
485
486	1306c7dd	Seth Mos	if (isset($_POST['ipprotocol'] ))
487			$filterent['ipprotocol'] = $_POST['ipprotocol'];
488
489	b8ed2a11	Ermal	if ($_POST['tcpflags_any']) {
490			$filterent['tcpflags_any'] = true;
491			} else {
492			$settcpflags = array();
493			$outoftcpflags = array();
494			foreach ($tcpflags as $tcpflag) {
495			if ($_POST['tcpflags1_' . $tcpflag] == "on")
496			$settcpflags[] = $tcpflag;
497			if ($_POST['tcpflags2_' . $tcpflag] == "on")
498			$outoftcpflags[] = $tcpflag;
499			}
500			if (!empty($outoftcpflags)) {
501			$filterent['tcpflags2'] = join(",", $outoftcpflags);
502			if (!empty($settcpflags))
503			$filterent['tcpflags1'] = join(",", $settcpflags);
504			}
505			}
506
507	fd9ba7c0	Ermal	if (isset($_POST['tag']))
508			$filterent['tag'] = $_POST['tag'];
509			if (isset($_POST['tagged']))
510			$filterent['tagged'] = $_POST['tagged'];
511	661aed33	Ermal Luçi	if ($if == "FloatingRules" \|\| isset($_POST['floating'])) {
512			$filterent['direction'] = $_POST['direction'];
513			if (isset($_POST['quick']) && $_POST['quick'] <> "")
514			$filterent['quick'] = $_POST['quick'];
515			$filterent['floating'] = "yes";
516			if (isset($_POST['interface']) && count($_POST['interface']) > 0) {
517	f1602cc4	sullrich	$filterent['interface'] = implode(",", $_POST['interface']);
518	661aed33	Ermal Luçi	}
519			}
520	d59874c1	Scott Ullrich
521	bdb7d6e7	Scott Ullrich	/* Advanced options */
522	775ccea3	Ermal Luci	if ($_POST['allowopts'] == "yes")
523			$filterent['allowopts'] = true;
524			else
525			unset($filterent['allowopts']);
526	19757916	Ermal Lu?i	if ($_POST['disablereplyto'] == "yes")
527			$filterent['disablereplyto'] = true;
528			else
529			unset($filterent['disablereplyto']);
530	a56b2fa0	pierrepomes	$filterent['max'] = $_POST['max'];
531	bdb7d6e7	Scott Ullrich	$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
532	26dd6a54	pierrepomes	$filterent['max-src-conn'] = $_POST['max-src-conn'];
533	bdb7d6e7	Scott Ullrich	$filterent['max-src-states'] = $_POST['max-src-states'];
534	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
535	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
536	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
537	10f21e70	Scott Ullrich
538			/* Nosync directive - do not xmlrpc sync this item */
539	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
540	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
541			else
542			unset($filterent['nosync']);
543
544	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
545			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
546			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
547			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
548			} else {
549			unset($filterent['max-src-conn-rate']);
550			unset($filterent['max-src-conn-rates']);
551			}
552	5ba18897	Scott Ullrich
553	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
554			$filterent['protocol'] = $_POST['proto'];
555			else
556			unset($filterent['protocol']);
557	5ba18897	Scott Ullrich
558	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
559			$filterent['icmptype'] = $_POST['icmptype'];
560			else
561			unset($filterent['icmptype']);
562	5ba18897	Scott Ullrich
563	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
564			$_POST['srcmask'], $_POST['srcnot'],
565			$_POST['srcbeginport'], $_POST['srcendport']);
566	5ba18897	Scott Ullrich
567	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
568			$_POST['dstmask'], $_POST['dstnot'],
569			$_POST['dstbeginport'], $_POST['dstendport']);
570	5ba18897	Scott Ullrich
571	f1602cc4	sullrich	if ($_POST['disabled'])
572			$filterent['disabled'] = true;
573			else
574			unset($filterent['disabled']);
575
576	c5fc1b2e	Ermal Luçi	if ($_POST['dscp'])
577			$filterent['dscp'] = $_POST['dscp'];
578
579	f1602cc4	sullrich	if ($_POST['log'])
580			$filterent['log'] = true;
581			else
582			unset($filterent['log']);
583	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
584	5ba18897	Scott Ullrich
585	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
586			$filterent['gateway'] = $_POST['gateway'];
587			}
588	197bfe96	Ermal Luçi
589			if (isset($_POST['defaultqueue']) && $_POST['defaultqueue'] != "none") {
590			$filterent['defaultqueue'] = $_POST['defaultqueue'];
591			if (isset($_POST['ackqueue']) && $_POST['ackqueue'] != "none")
592			$filterent['ackqueue'] = $_POST['ackqueue'];
593			}
594	c98ddde2	Bill Marquette
595	a5fd67e1	Ermal Luçi	if (isset($_POST['dnpipe']) && $_POST['dnpipe'] != "none") {
596			$filterent['dnpipe'] = $_POST['dnpipe'];
597			if (isset($_POST['pdnpipe']) && $_POST['pdnpipe'] != "none")
598			$filterent['pdnpipe'] = $_POST['pdnpipe'];
599			}
600
601	7e50413c	Ermal Luçi	if (isset($_POST['l7container']) && $_POST['l7container'] != "none") {
602			$filterent['l7container'] = $_POST['l7container'];
603			}
604
605	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
606			$filterent['sched'] = $_POST['sched'];
607			}
608
609	1346306c	Ermal	if ($_POST['vlanprio'] != "") {
610			$filterent['vlanprio'] = $_POST['vlanprio'];
611			}
612			if ($_POST['vlanprioset'] != "") {
613			$filterent['vlanprioset'] = $_POST['vlanprioset'];
614			}
615
616	1122a892	Erik Fonnesbeck	// If we have an associated nat rule, make sure the source and destination doesn't change
617	9b16b834	Ermal Lu?i	if( isset($a_filter[$id]['associated-rule-id']) ) {
618	0bfd0f79	Erik Fonnesbeck	$filterent['interface'] = $a_filter[$id]['interface'];
619	48a27d4f	Erik Fonnesbeck	if (isset($a_filter[$id]['protocol']))
620			$filterent['protocol'] = $a_filter[$id]['protocol'];
621			else if (isset($filterent['protocol']))
622			unset($filterent['protocol']);
623			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype'])
624			$filterent['icmptype'] = $a_filter[$id]['icmptype'];
625			else if (isset($filterent['icmptype']))
626			unset($filterent['icmptype']);
627	1306c7dd	Seth Mos
628	1122a892	Erik Fonnesbeck	$filterent['source'] = $a_filter[$id]['source'];
629	473d0ff0	pierrepomes	$filterent['destination'] = $a_filter[$id]['destination'];
630	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
631	473d0ff0	pierrepomes	}
632
633	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
634			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
635
636	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
637			$a_filter[$id] = $filterent;
638			else {
639			if (is_numeric($after))
640			array_splice($a_filter, $after+1, 0, array($filterent));
641			else
642			$a_filter[] = $filterent;
643			}
644	f4e2a352	Scott Ullrich
645	ea57ccb8	Erik Fonnesbeck	filter_rules_sort();
646	d65962a7	Scott Ullrich
647	3a343d73	jim-p	if (write_config())
648	bec92ab9	jim-p	mark_subsystem_dirty('filter');
649	5ba18897	Scott Ullrich
650	661aed33	Ermal Luçi	if (isset($_POST['floating']))
651			header("Location: firewall_rules.php?if=FloatingRules");
652			else
653	bb33a337	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
654	5b237745	Scott Ullrich	exit;
655			}
656	c60824d2	Scott Ullrich	}
657
658	11d2c529	Rafael Lucas	$pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit"));
659	b32dd0a6	jim-p	$shortcut_section = "firewall";
660	3cceb5d5	jim-p
661	a1357fe0	Bill Marquette	$closehead = false;
662	8ab3e9ed	Erik Kristensen
663			$page_filename = "firewall_rules_edit.php";
664	da7ae7ef	Bill Marquette	include("head.inc");
665	c60824d2	Scott Ullrich
666	5b237745	Scott Ullrich	?>
667	4bb99603	Scott Ullrich	<link rel="stylesheet" href="/javascript/chosen/chosen.css" />
668	5b237745	Scott Ullrich	</head>
669
670			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
671	f51d5d57	Darren Embry	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
672	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
673	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
674	48fc39a3	Scott Ullrich	<?php pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_input_errors"); ?>
675	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
676	8ab3e9ed	Erik Kristensen
677			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
678	6eac9b90	Scott Ullrich	<input type='hidden' name="ruleid" value="<?=(isset($pconfig['ruleid'])&&$pconfig['ruleid']>0)?htmlspecialchars($pconfig['ruleid']):''?>">
679
680	8ab3e9ed	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
681	e091cb45	Scott Ullrich	<tr>
682	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td>
683	e091cb45	Scott Ullrich	</tr>
684	b4b7bda6	Scott Ullrich	<?php
685			// Allow extending of the firewall edit page and include custom input validation
686			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
687			?>
688	8ab3e9ed	Erik Kristensen	<tr>
689	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
690	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
691	b5c78501	Seth Mos	<select name="type" class="formselect">
692	e5e5ba51	Vinicius Coque	<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
693	8ab3e9ed	Erik Kristensen	<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
694			<?=htmlspecialchars($type);?>
695			</option>
696			<?php endforeach; ?>
697	a391d0ab	Ermal	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
698	84464c9a	Ermal	<option value="match" <?php if ("match" == strtolower($pconfig['type'])) echo "selected"; ?>>Match</option>
699	a391d0ab	Ermal	<?php endif; ?>
700	8c84fe43	Scott Ullrich	</select>
701	8ab3e9ed	Erik Kristensen	<br/>
702			<span class="vexpl">
703	11d2c529	Rafael Lucas	<?=gettext("Choose what to do with packets that match the criteria specified below.");?> <br/>
704			<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
705	8ab3e9ed	Erik Kristensen	</span>
706			</td>
707			</tr>
708			<tr>
709	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
710	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
711			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
712	11d2c529	Rafael Lucas	<strong><?=gettext("Disable this rule");?></strong><br />
713			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list.");?></span>
714	8ab3e9ed	Erik Kristensen	</td>
715			</tr>
716	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
717			<tr>
718	f1602cc4	sullrich	<td width="22%" valign="top" class="vncellreq">
719			<?=gettext("Quick");?>
720			</td>
721			<td width="78%" class="vtable">
722			<input name="quick" type="checkbox" id="quick" value="yes" <?php if ($pconfig['quick']) echo "checked=\"checked\""; ?> />
723			<strong><?=gettext("Apply the action immediately on match.");?></strong><br />
724			<span class="vexpl"><?=gettext("Set this option if you need to apply this action to traffic that matches this rule immediately.");?></span>
725			</td>
726			</tr>
727	e73b001e	Renato Botelho	<?php endif; ?>
728	48a27d4f	Erik Fonnesbeck	<?php $edit_disabled = ""; ?>
729			<?php if( isset($pconfig['associated-rule-id']) ): ?>
730			<tr>
731			<td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td>
732			<td width="78%" class="vtable">
733	e4b9d53b	Warren Baker	<span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("This is associated to a NAT rule.");?><br />
734	48a27d4f	Erik Fonnesbeck	<?=gettext("You cannot edit the interface, protocol, source, or destination of associated filter rules.");?><br />
735			<br />
736			<?php
737			$edit_disabled = "disabled";
738			if (is_array($config['nat']['rule'])) {
739			foreach( $config['nat']['rule'] as $index => $nat_rule ) {
740			if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
741			echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br>";
742			break;
743			}
744			}
745			}
746			echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' >";
747			if (!empty($pconfig['interface']))
748			echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' >";
749			?>
750			<script type="text/javascript">
751			editenabled = 0;
752			</script>
753			</td>
754			</tr>
755	ee9933b6	Renato Botelho	<?php endif; ?>
756	8ab3e9ed	Erik Kristensen	<tr>
757	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
758	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
759	48a27d4f	Erik Fonnesbeck	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
760	4bb99603	Scott Ullrich	<select name="interface[]" title="Select interfaces..." multiple style="width:350px;" class="chzn-select" tabindex="2" <?=$edit_disabled;?>>
761	ee9933b6	Renato Botelho	<?php else: ?>
762	48a27d4f	Erik Fonnesbeck	<select name="interface" class="formselect" <?=$edit_disabled;?>>
763	8ab3e9ed	Erik Kristensen	<?php
764	661aed33	Ermal Luçi	endif;
765	a7782099	Ermal Lu?i	/* add group interfaces */
766	f1602cc4	sullrich	if (is_array($config['ifgroups']['ifgroupentry']))
767	a7782099	Ermal Lu?i	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
768			if (have_ruleint_access($ifgen['ifname']))
769			$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
770	b7391125	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
771	0040bcfa	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
772			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
773	5335811d	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
774	0040bcfa	Scott Ullrich	if(have_ruleint_access($ifent))
775	f1602cc4	sullrich	$interfaces[$ifent] = $ifdesc;
776	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
777	f1602cc4	sullrich	if(have_ruleint_access("l2tp"))
778			$interfaces['l2tp'] = "L2TP VPN";
779	b6742927	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
780			if(have_ruleint_access("pptp"))
781			$interfaces['pptp'] = "PPTP VPN";
782
783	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
784			$interfaces['pppoe'] = "PPPoE VPN";
785	b6742927	Scott Ullrich	/* add ipsec interfaces */
786	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
787	b6742927	Scott Ullrich	if(have_ruleint_access("enc0"))
788	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
789	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
790	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
791	d030c9de	Erik Fonnesbeck	$interfaces["openvpn"] = "OpenVPN";
792	43fd29df	Erik Fonnesbeck	if (is_array($pconfig['interface']))
793			$pconfig['interface'] = implode(",", $pconfig['interface']);
794	d030c9de	Erik Fonnesbeck	$selected_interfaces = explode(",", $pconfig['interface']);
795	8ab3e9ed	Erik Kristensen	foreach ($interfaces as $iface => $ifacename): ?>
796	74aff49c	Renato Botelho	<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 \|\| in_array($iface, $selected_interfaces) )) echo "selected"; ?>><?=$ifacename?></option>
797	8ab3e9ed	Erik Kristensen	<?php endforeach; ?>
798	8c84fe43	Scott Ullrich	</select>
799	8ab3e9ed	Erik Kristensen	<br />
800	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose on which interface packets must come in to match this rule.");?></span>
801	8ab3e9ed	Erik Kristensen	</td>
802			</tr>
803	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
804	f1602cc4	sullrich	<tr>
805			<td width="22%" valign="top" class="vncellreq">
806			<?=gettext("Direction");?>
807			</td>
808			<td width="78%" class="vtable">
809			<select name="direction" class="formselect">
810	e5e5ba51	Vinicius Coque	<?php $directions = array('any','in','out');
811	f1602cc4	sullrich	foreach ($directions as $direction): ?>
812			<option value="<?=$direction;?>"
813			<?php if ($direction == $pconfig['direction']): ?>
814			selected="selected"
815			<?php endif; ?>
816			><?=$direction;?></option>
817			<?php endforeach; ?>
818			</select>
819			<input type="hidden" id="floating" name="floating" value="floating">
820			</td>
821			<tr>
822	661aed33	Ermal Luçi	<?php endif; ?>
823	1306c7dd	Seth Mos	<tr>
824			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
825			<td width="78%" class="vtable">
826			<select name="ipprotocol" class="formselect">
827	05a4cebd	smos	<?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6' );
828	1306c7dd	Seth Mos	foreach ($ipproto as $proto => $name): ?>
829			<option value="<?=$proto;?>"
830			<?php if ($proto == $pconfig['ipprotocol']): ?>
831			selected="selected"
832			<?php endif; ?>
833			><?=$name;?></option>
834			<?php endforeach; ?>
835			</select>
836			<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br />
837			</td>
838			</tr>
839	8ab3e9ed	Erik Kristensen	<tr>
840	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
841	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
842	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()">
843	8ab3e9ed	Erik Kristensen	<?php
844	c6c26178	jim-p	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP OSPF any carp pfsync");
845	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
846			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
847			<?php endforeach; ?>
848			</select>
849			<br />
850	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose which IP protocol this rule should match.");?> <br /> <?=gettext("Hint: in most cases, you should specify ");?><em>TCP</em>  <?=gettext("here.");?></span>
851	8ab3e9ed	Erik Kristensen	</td>
852			</tr>
853	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
854	11d2c529	Rafael Lucas	<td valign="top" class="vncell"><?=gettext("ICMP type");?></td>
855	8ab3e9ed	Erik Kristensen	<td class="vtable">
856	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="icmptype" class="formselect">
857	8ab3e9ed	Erik Kristensen	<?php
858			$icmptypes = array(
859	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
860	a01ce4c7	jim-p	"echoreq" => gettext("Echo request"),
861	abd67a31	Carlos Eduardo Ramos	"echorep" => gettext("Echo reply"),
862			"unreach" => gettext("Destination unreachable"),
863			"squench" => gettext("Source quench"),
864			"redir" => gettext("Redirect"),
865			"althost" => gettext("Alternate Host"),
866			"routeradv" => gettext("Router advertisement"),
867			"routersol" => gettext("Router solicitation"),
868			"timex" => gettext("Time exceeded"),
869			"paramprob" => gettext("Invalid IP header"),
870			"timereq" => gettext("Timestamp"),
871			"timerep" => gettext("Timestamp reply"),
872			"inforeq" => gettext("Information request"),
873			"inforep" => gettext("Information reply"),
874			"maskreq" => gettext("Address mask request"),
875			"maskrep" => gettext("Address mask reply")
876	8ab3e9ed	Erik Kristensen	);
877
878			foreach ($icmptypes as $icmptype => $descr): ?>
879			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
880			<?php endforeach; ?>
881			</select>
882			<br />
883	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span>
884	8ab3e9ed	Erik Kristensen	</td>
885			</tr>
886			<tr>
887	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source");?></td>
888	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
889	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
890	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
891	8ab3e9ed	Erik Kristensen	<br />
892	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
893	8ab3e9ed	Erik Kristensen	<br />
894			<br />
895			<table border="0" cellspacing="0" cellpadding="0">
896			<tr>
897	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
898	8ab3e9ed	Erik Kristensen	<td>
899	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srctype" class="formselect" onChange="typesel_change()">
900	87f0be87	Chris Buechler	<?php
901			$sel = is_specialnet($pconfig['src']); ?>
902	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
903	cb2b59b8	Renato Botelho	<option value="single" <?php
904			if (!$sel &&
905			((is_ipaddrv6($pconfig['src']) && ($pconfig['srcmask'] == 128)) \|\|
906			(is_ipaddrv4($pconfig['src']) && ($pconfig['srcmask'] == 32)))
907			) { echo "selected"; $sel = 1; } ?>> <?=gettext("Single host or alias");?></option>
908	11d2c529	Rafael Lucas	<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
909	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
910	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
911	99ea4439	Scott Ullrich	<?php endif; ?>
912			<?php if(have_ruleint_access("pppoe")): ?>
913	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
914	99ea4439	Scott Ullrich	<?php endif; ?>
915	8a6bc505	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
916	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
917	8a6bc505	Ermal Lu?i	<?php endif; ?>
918	8ab3e9ed	Erik Kristensen	<?php
919	5335811d	Ermal Luçi	foreach ($ifdisp as $ifent => $ifdesc): ?>
920			<?php if(have_ruleint_access($ifent)): ?>
921	11d2c529	Rafael Lucas	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?><?=gettext(" subnet");?></option>
922	5335811d	Ermal Luçi	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
923	11d2c529	Rafael Lucas	<?=$ifdesc?> <?=gettext("address");?>
924	e30a5970	Scott Ullrich	</option>
925	99ea4439	Scott Ullrich	<?php endif; ?>
926	b7391125	Ermal Luçi	<?php endforeach; ?>
927	8ab3e9ed	Erik Kristensen	</select>
928			</td>
929			</tr>
930			<tr>
931	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
932	8ab3e9ed	Erik Kristensen	<td>
933	979b179d	Darren Embry	<input <?=$edit_disabled;?> autocomplete='off' name="src" type="text" class="formfldalias ipv4v6" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
934			<select <?=$edit_disabled;?> name="srcmask" class="formselect ipv4v6" id="srcmask">
935	15705bc0	Seth Mos	<?php for ($i = 127; $i > 0; $i--): ?>
936	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
937			<?php endfor; ?>
938			</select>
939	bdb7d6e7	Scott Ullrich	</td>
940	8ab3e9ed	Erik Kristensen	</tr>
941			</table>
942	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
943			<p>
944	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> type="button" onClick="show_source_port_range()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source port range");?></a>
945	22abf2ef	Scott Ullrich	</div>
946	8ab3e9ed	Erik Kristensen	</td>
947	e33c8694	Bill Marquette	</tr>
948	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
949	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range");?></td>
950	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
951			<table border="0" cellspacing="0" cellpadding="0">
952			<tr>
953	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
954	8ab3e9ed	Erik Kristensen	<td>
955	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
956	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
957	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
958	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
959			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
960			<?php endforeach; ?>
961	8c84fe43	Scott Ullrich	</select>
962	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
963	8ab3e9ed	Erik Kristensen	</td>
964			</tr>
965			<tr>
966	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
967	8ab3e9ed	Erik Kristensen	<td>
968	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcendport" class="formselect" onchange="ext_change()">
969	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
970	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
971	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
972			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
973			<?php endforeach; ?>
974	8c84fe43	Scott Ullrich	</select>
975	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
976	8ab3e9ed	Erik Kristensen	</td>
977			</tr>
978			</table>
979			<br />
980	87000ded	Erik Fonnesbeck	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule."); ?> <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be"); ?> "<?=gettext("any"); ?>").</b><br /><?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port.");?></span><br/>
981	8ab3e9ed	Erik Kristensen	</td>
982	8c84fe43	Scott Ullrich	</tr>
983	8ab3e9ed	Erik Kristensen	<tr>
984	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination");?></td>
985	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
986	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
987	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
988	8ab3e9ed	Erik Kristensen	<br />
989	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
990	8ab3e9ed	Erik Kristensen	<br />
991			<br />
992			<table border="0" cellspacing="0" cellpadding="0">
993			<tr>
994	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
995	8ab3e9ed	Erik Kristensen	<td>
996	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dsttype" class="formselect" onChange="typesel_change()">
997	87f0be87	Chris Buechler	<?php
998			$sel = is_specialnet($pconfig['dst']); ?>
999	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
1000			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
1001			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
1002	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
1003	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
1004	99ea4439	Scott Ullrich	<?php endif; ?>
1005			<?php if(have_ruleint_access("pppoe")): ?>
1006	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
1007	99ea4439	Scott Ullrich	<?php endif; ?>
1008	3331a640	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
1009	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
1010	3331a640	Ermal Lu?i	<?php endif; ?>
1011	b7391125	Ermal Luçi
1012			<?php foreach ($ifdisp as $if => $ifdesc): ?>
1013			<?php if(have_ruleint_access($if)): ?>
1014	11d2c529	Rafael Lucas	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet");?></option>
1015	b7391125	Ermal Luçi	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
1016	11d2c529	Rafael Lucas	<?=$ifdesc;?> <?=gettext("address");?>
1017	cbff71a1	Scott Ullrich	</option>
1018	99ea4439	Scott Ullrich	<?php endif; ?>
1019	b7391125	Ermal Luçi	<?php endforeach; ?>
1020	8ab3e9ed	Erik Kristensen	</select>
1021			</td>
1022			</tr>
1023			<tr>
1024	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
1025	8ab3e9ed	Erik Kristensen	<td>
1026	979b179d	Darren Embry	<input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
1027	8ab3e9ed	Erik Kristensen	/
1028	979b179d	Darren Embry	<select <?=$edit_disabled;?> name="dstmask" class="formselect ipv4v6" id="dstmask">
1029	8ab3e9ed	Erik Kristensen	<?php
1030	15705bc0	Seth Mos	for ($i = 127; $i > 0;
1031			$i--): ?>
1032	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
1033			<?php endfor; ?>
1034			</select>
1035			</td>
1036			</tr>
1037			</table>
1038			</td>
1039			</tr>
1040	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
1041	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range ");?></td>
1042	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1043			<table border="0" cellspacing="0" cellpadding="0">
1044			<tr>
1045	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
1046	8ab3e9ed	Erik Kristensen	<td>
1047	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
1048	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1049	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1050	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1051			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
1052	3deb92f7	Renato Botelho	<?php endforeach; ?>
1053	8ab3e9ed	Erik Kristensen	</select>
1054	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
1055	8ab3e9ed	Erik Kristensen	</td>
1056			</tr>
1057			<tr>
1058	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
1059	8ab3e9ed	Erik Kristensen	<td>
1060	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstendport" class="formselect" onchange="ext_change()">
1061	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1062	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1063	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1064			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
1065			<?php endforeach; ?>
1066	8c84fe43	Scott Ullrich	</select>
1067	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
1068	8ab3e9ed	Erik Kristensen	</td>
1069			</tr>
1070			</table>
1071			<br />
1072			<span class="vexpl">
1073	11d2c529	Rafael Lucas	<?=gettext("Specify the port or port range for the destination of the packet for this rule.");?>
1074	adb633a0	sullrich	<br />
1075	345b9715	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port");?>
1076	8ab3e9ed	Erik Kristensen	</span>
1077			</td>
1078			</tr>
1079			<tr>
1080	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Log");?></td>
1081	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1082			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
1083	11d2c529	Rafael Lucas	<strong><?=gettext("Log packets that are handled by this rule");?></strong>
1084	adb633a0	sullrich	<br />
1085	0fb885bc	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server"); ?> (<?=gettext("see the"); ?> <a href="diag_logs_settings.php"><?=gettext("Diagnostics: System logs: Settings"); ?></a> <?=gettext("page"); ?>).</span>
1086	8ab3e9ed	Erik Kristensen	</td>
1087			</tr>
1088	151eb2a9	sullrich	<tr>
1089	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
1090	151eb2a9	sullrich	<td width="78%" class="vtable">
1091			<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
1092			<br />
1093	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
1094	151eb2a9	sullrich	</td>
1095			</tr>
1096	8e0c3760	Ermal	<?php if (!isset($id) \|\| !($a_filter[$id] && firewall_check_for_advanced_options($a_filter[$id]) <> "")): ?>
1097	151eb2a9	sullrich	<tr>
1098			<td width="22%" valign="top"> </td>
1099			<td width="78%">
1100			<br>
1101	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1102	151eb2a9	sullrich	<?php if (isset($id) && $a_filter[$id]): ?>
1103	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1104	151eb2a9	sullrich	<?php endif; ?>
1105	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1106	151eb2a9	sullrich	</td>
1107			</tr>
1108	8e0c3760	Ermal	<?php endif; ?>
1109	151eb2a9	sullrich	<tr>
1110			<td> </td>
1111			</tr>
1112			<tr>
1113	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced features");?></td>
1114	151eb2a9	sullrich	</tr>
1115	f1602cc4	sullrich	<tr>
1116	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Source OS");?></td>
1117	e265d9f5	sullrich	<td width="78%" class="vtable">
1118	ee9933b6	Renato Botelho	<div id="showadvsourceosbox" <?php if ($pconfig['os']) echo "style='display:none'"; ?>>
1119	157a6919	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_sourceos()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1120	adb633a0	sullrich	</div>
1121	ee9933b6	Renato Botelho	<div id="showsourceosadv" <?php if (empty($pconfig['os'])) echo "style='display:none'"; ?>>
1122	21600ab1	Vinicius Coque	<?=gettext("OS Type:");?>
1123	adb633a0	sullrich	<select name="os" id="os" class="formselect">
1124	f1602cc4	sullrich	<?php
1125	adb633a0	sullrich	$ostypes = array(
1126	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
1127	adb633a0	sullrich	"AIX" => "AIX",
1128			"Linux" => "Linux",
1129			"FreeBSD" => "FreeBSD",
1130			"NetBSD" => "NetBSD",
1131			"OpenBSD" => "OpenBSD",
1132			"Solaris" => "Solaris",
1133			"MacOS" => "MacOS",
1134			"Windows" => "Windows",
1135			"Novell" => "Novell",
1136			"NMAP" => "NMAP"
1137			);
1138			foreach ($ostypes as $ostype => $descr): ?>
1139			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
1140			<?php
1141			endforeach;
1142			?>
1143			</select>
1144			<br />
1145	11d2c529	Rafael Lucas	<?=gettext("Note: this only works for TCP rules");?>
1146	adb633a0	sullrich	</div>
1147	f1602cc4	sullrich	</td>
1148			</tr>
1149	30c4ae8a	sullrich	<tr>
1150	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Diffserv Code Point");?></td>
1151	30c4ae8a	sullrich	<td width="78%" class="vtable">
1152	ee9933b6	Renato Botelho	<div id="dsadv" name="dsadv" <?php if ($pconfig['dscp']) echo "style='display:none'"; ?>>
1153	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_dsdiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1154	30c4ae8a	sullrich	</div>
1155	ee9933b6	Renato Botelho	<div id="dsdivmain" name="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>>
1156	30c4ae8a	sullrich	<select name="dscp" id="dscp">
1157			<option value=""></option>
1158			<?php foreach($firewall_rules_dscp_types as $frdt): ?>
1159			<option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " SELECTED"; ?>><?=$frdt?></option>
1160			<?php endforeach; ?>
1161			</select>
1162			</div>
1163			</td>
1164			</tr>
1165	661aed33	Ermal Luçi	<tr>
1166	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced Options");?></td>
1167	e6db3f58	Ermal Luçi	<td width="78%" class="vtable">
1168			<div id="aoadv" name="aoadv">
1169	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_aodiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1170	e6db3f58	Ermal Luçi	</div>
1171			<div id="aodivmain" name="aodivmain" style="display:none">
1172	f1602cc4	sullrich	<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
1173	a29dc11b	Chris Buechler	<br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
1174	f1602cc4	sullrich	</span><p>
1175	19757916	Ermal Lu?i	<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>>
1176			<br/><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?>
1177			</span><p>
1178	f1602cc4	sullrich	<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>">
1179	345b9715	Carlos Eduardo Ramos	<br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called"); ?> <b><?=gettext("Policy filtering"); ?></b>
1180	775ccea3	Ermal Luci	</span><p>
1181	f1602cc4	sullrich	<input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>">
1182			<br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?>
1183			</span> <p>
1184	dd5bf424	Scott Ullrich	<input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p>
1185			<input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p>
1186			<input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p>
1187			<input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>"><br><?=gettext(" Maximum state entries per host");?></p><p>
1188			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>"> /
1189	8ab3e9ed	Erik Kristensen	<select name="max-src-conn-rates" id="max-src-conn-rates">
1190			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
1191			<?php for($x=1; $x<255; $x++) {
1192			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
1193			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
1194			} ?>
1195	47042140	Scott Ullrich	</select><br />
1196	11d2c529	Rafael Lucas	<?=gettext("Maximum new connections / per second(s)");?>
1197	e4d79ab0	Ermal	</p><p>
1198	47042140	Scott Ullrich
1199	dd5bf424	Scott Ullrich	<input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>"><br>
1200	11d2c529	Rafael Lucas	<?=gettext("State Timeout in seconds");?>
1201	e4d79ab0	Ermal	</p>
1202	47042140	Scott Ullrich
1203	e4b9d53b	Warren Baker	<p><strong><?=gettext("Note: Leave fields blank to disable that feature.");?></strong></p>
1204	197b2a47	Scott Ullrich	</div>
1205	8ab3e9ed	Erik Kristensen	</td>
1206			</tr>
1207	b8ed2a11	Ermal	<tr id="tcpflags" name="tcpflags">
1208	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
1209	b8ed2a11	Ermal	<td width="78%" class="vtable">
1210	ee9933b6	Renato Botelho	<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] \|\| $pconfig['tcpflags1'] \|\| $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
1211	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1212	b8ed2a11	Ermal	</div>
1213	ee9933b6	Renato Botelho	<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
1214	b8ed2a11	Ermal	<div id="tcpheader" name="tcpheader">
1215			<center>
1216			<table border="0" cellspacing="0" cellpadding="0">
1217			<?php
1218			$setflags = explode(",", $pconfig['tcpflags1']);
1219			$outofflags = explode(",", $pconfig['tcpflags2']);
1220			$header = "<td width='40' nowrap></td>";
1221			$tcpflags1 = "<td width='40' nowrap>set</td>";
1222			$tcpflags2 = "<td width='40' nowrap>out of</td>";
1223			foreach ($tcpflags as $tcpflag) {
1224			$header .= "<td width='40' nowrap><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
1225			$tcpflags1 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
1226			if (array_search($tcpflag, $setflags) !== false)
1227			$tcpflags1 .= "checked";
1228			$tcpflags1 .= "></td>\n";
1229			$tcpflags2 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
1230			if (array_search($tcpflag, $outofflags) !== false)
1231			$tcpflags2 .= "checked";
1232			$tcpflags2 .= "></td>\n";
1233			}
1234			echo "<tr id='tcpheader' name='tcpheader'>{$header}</tr>\n";
1235			echo "<tr id='tcpflags1' name='tcpflags1'>{$tcpflags1}</tr>\n";
1236			echo "<tr id='tcpflags2' name='tcpflags2'>{$tcpflags2}</tr>\n";
1237			?>
1238			</table>
1239			<center>
1240			</div>
1241			<br/><center>
1242	11d2c529	Rafael Lucas	<input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center>
1243	b8ed2a11	Ermal	<br/>
1244	95938fae	jim-p	<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
1245	11d2c529	Rafael Lucas	"be set or cleared for this rule to match.");?></span>
1246	b8ed2a11	Ermal	</div>
1247			</td>
1248			</tr>
1249	8ab3e9ed	Erik Kristensen	<tr>
1250	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td>
1251	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1252	ee9933b6	Renato Botelho	<div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>>
1253	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_state()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1254	f6970b2f	Scott Ullrich	</div>
1255	ee9933b6	Renato Botelho	<div id="showstateadv" <?php if (empty($pconfig['statetype']) \|\| $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>>
1256	f6970b2f	Scott Ullrich	<select name="statetype">
1257	11d2c529	Rafael Lucas	<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>><?=gettext("keep state");?></option>
1258			<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected"; ?>><?=gettext("sloppy state");?></option>
1259			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>><?=gettext("synproxy state");?></option>
1260			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>><?=gettext("none");?></option>
1261	e4b9d53b	Warren Baker	</select><br><?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
1262	f6970b2f	Scott Ullrich	<p>
1263			<table width="90%">
1264	67300ce5	Ermal	<tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1265			<tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1266			<tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr>
1267			<tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr>
1268	f6970b2f	Scott Ullrich	</table>
1269			</p>
1270			</div>
1271	8ab3e9ed	Erik Kristensen	</td>
1272			</tr>
1273	10f21e70	Scott Ullrich	<tr>
1274	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
1275	10f21e70	Scott Ullrich	<td width="78%" class="vtable">
1276	ee9933b6	Renato Botelho	<div id="showadvnoxmlrpcsyncbox" <?php if ($pconfig['nosync']) echo "style='display:none'"; ?>>
1277	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1278	0239d8ee	sullrich	</div>
1279	ee9933b6	Renato Botelho	<div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>>
1280	0239d8ee	sullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
1281	e4b9d53b	Warren Baker	<?=gettext("Hint: This prevents the rule from automatically syncing to other CARP members.");?>
1282	0239d8ee	sullrich	</div>
1283	10f21e70	Scott Ullrich	</td>
1284	8c84fe43	Scott Ullrich	</tr>
1285	1346306c	Ermal	<tr>
1286			<td width="22%" valign="top" class="vncell"><?=gettext("802.1p");?></td>
1287			<td width="78%" class="vtable">
1288			<div id="showadvvlanpriobox" <?php if (!empty($pconfig['vlanprio'])) echo "style='display:none'"; ?>>
1289			<input type="button" onClick="show_advanced_vlanprio()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1290			</div>
1291			<div id="showvlanprioadv" <?php if (empty($pconfig['vlanprio'])) echo "style='display:none'"; ?>>
1292			<?php $vlanprio = array("none", "be", "bk", "ee", "ca", "vi", "vo", "ic", "nc"); ?>
1293			<?php
1294			$opts = "";
1295			foreach($vlanprio as $vprio) {
1296			if ($vprio == $pconfig['vlanprio'])
1297			$selected = " SELECTED";
1298			else
1299			$selected = "";
1300			if ($vprio == "none")
1301			$opts .= "<option value=\"\" {$vprio}>{$vprio}</option>\n";
1302			else
1303			$opts .= "<option value=\"{$vprio}\" {$selected}>" . strtoupper($vprio) . "</option>\n";
1304			}
1305			?>
1306			<select name='vlanprio'>
1307			<?php echo $opts; ?>
1308			</select>
1309			<p><?=gettext("Choose 802.1p priority to match on");?></p>
1310			<select name='vlanprioset'>
1311			<?php echo $opts; ?>
1312			</select>
1313			<p><?=gettext("Choose 802.1p priority to apply");?></p>
1314			</div>
1315			</td>
1316			</tr>
1317	615b27bc	Scott Dale	<?php
1318			//build list of schedules
1319			$schedules = array();
1320			$schedules[] = "none";//leave none to leave rule enabled all the time
1321	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
1322			foreach ($config['schedules']['schedule'] as $schedule) {
1323			if ($schedule['name'] <> "")
1324			$schedules[] = $schedule['name'];
1325			}
1326			}
1327	615b27bc	Scott Dale	?>
1328			<tr>
1329	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Schedule");?></td>
1330	615b27bc	Scott Dale	<td width="78%" class="vtable">
1331	ee9933b6	Renato Botelho	<div id="showadvschedulebox" <?php if (!empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1332	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_schedule()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1333	0239d8ee	sullrich	</div>
1334	ee9933b6	Renato Botelho	<div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1335	0239d8ee	sullrich	<select name='sched'>
1336	615b27bc	Scott Dale	<?php
1337	0239d8ee	sullrich	foreach($schedules as $schedule) {
1338			if($schedule == $pconfig['sched']) {
1339			$selected = " SELECTED";
1340			} else {
1341			$selected = "";
1342			}
1343			if ($schedule == "none") {
1344			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
1345			} else {
1346			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
1347			}
1348	615b27bc	Scott Dale	}
1349	0239d8ee	sullrich	?>
1350			</select>
1351	11d2c529	Rafael Lucas	<p><?=gettext("Leave as 'none' to leave the rule enabled all the time.");?></p>
1352	0239d8ee	sullrich	</div>
1353	615b27bc	Scott Dale	</td>
1354			</tr>
1355	82628210	Scott Ullrich	<tr>
1356	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td>
1357	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1358	ee9933b6	Renato Botelho	<div id="showadvgatewaybox" <?php if (!empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1359	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_gateway()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1360	0239d8ee	sullrich	</div>
1361	ee9933b6	Renato Botelho	<div id="showgatewayadv" <?php if (empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1362	0239d8ee	sullrich	<select name='gateway'>
1363	11d2c529	Rafael Lucas	<option value="" ><?=gettext("default");?></option>
1364	8ab3e9ed	Erik Kristensen	<?php
1365	1b38ac36	Ermal	/* build a list of gateways */
1366			$gateways = return_gateways_array();
1367	106804a2	Chris Buechler	// add statically configured gateways to list
1368	1b38ac36	Ermal	foreach($gateways as $gwname => $gw) {
1369	05a4cebd	smos	if(($pconfig['ipprotocol'] == "inet46"))
1370			continue;
1371	889cbaef	Phil Davis	if(($pconfig['ipprotocol'] == "inet6") && !(($gw['ipprotocol'] == "inet6") \|\| (is_ipaddrv6($gw['gateway']))))
1372	270a2576	Seth Mos	continue;
1373	889cbaef	Phil Davis	if(($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") \|\| (is_ipaddrv4($gw['gateway']))))
1374	270a2576	Seth Mos	continue;
1375	0239d8ee	sullrich	if($gw == "")
1376	0581660c	Scott Ullrich	continue;
1377	1b38ac36	Ermal	if($gwname == $pconfig['gateway']) {
1378	4443d4d6	Scott Ullrich	$selected = " SELECTED";
1379	1fda0968	Scott Ullrich	} else {
1380			$selected = "";
1381			}
1382	1b38ac36	Ermal	echo "<option value=\"{$gwname}\" {$selected}>{$gw['name']} - {$gw['gateway']}</option>\n";
1383	106804a2	Chris Buechler	}
1384	0239d8ee	sullrich	/* add gateway groups to the list */
1385			if (is_array($config['gateways']['gateway_group'])) {
1386			foreach($config['gateways']['gateway_group'] as $gw_group) {
1387	a1c10b7f	Seth Mos	$af = explode("\|", $gw_group['item'][0]);
1388	05a4cebd	smos	if(($pconfig['ipprotocol'] == "inet46"))
1389			continue;
1390	a1c10b7f	Seth Mos	if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6(lookup_gateway_ip_by_name($af[0])))
1391	270a2576	Seth Mos	continue;
1392	a1c10b7f	Seth Mos	if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4(lookup_gateway_ip_by_name($af[0])))
1393	270a2576	Seth Mos	continue;
1394	0239d8ee	sullrich	if($gw_group['name'] == "")
1395			continue;
1396			if($pconfig['gateway'] == $gw_group['name']) {
1397	270a2576	Seth Mos	$selected = " SELECTED";
1398	0239d8ee	sullrich	} else {
1399	270a2576	Seth Mos	$selected = "";
1400	0239d8ee	sullrich	}
1401	270a2576	Seth Mos	echo "<option value=\"{$gw_group['name']}\" $selected>{$gw_group['name']}</option>\n";
1402	0239d8ee	sullrich	}
1403			}
1404	8ab3e9ed	Erik Kristensen	?>
1405	0239d8ee	sullrich	</select>
1406	e85604b8	Chris Buechler	<p><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></p>
1407	0239d8ee	sullrich	</div>
1408	8ab3e9ed	Erik Kristensen	</td>
1409			</tr>
1410	a5fd67e1	Ermal Luçi	<tr>
1411	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("In/Out");?></td>
1412	a5fd67e1	Ermal Luçi	<td width="78%" class="vtable">
1413	ee9933b6	Renato Botelho	<div id="showadvinoutbox" <?php if (!empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1414	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_inout()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1415	4c263f57	sullrich	</div>
1416	ee9933b6	Renato Botelho	<div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1417	4c263f57	sullrich	<select name="dnpipe">
1418	a5fd67e1	Ermal Luçi	<?php
1419			if (!is_array($dnqlist))
1420			$dnqlist = array();
1421			echo "<option value=\"none\"";
1422			if (!$dnqselected) echo " SELECTED";
1423			echo " >none</option>";
1424			foreach ($dnqlist as $dnq => $dnqkey) {
1425			if($dnq == "")
1426			continue;
1427	85a236e9	Ermal	echo "<option value=\"$dnq\"";
1428			if ($dnq == $pconfig['dnpipe']) {
1429	a5fd67e1	Ermal Luçi	$dnqselected = 1;
1430			echo " SELECTED";
1431			}
1432			echo ">{$dnq}</option>";
1433			}
1434			?>
1435			</select> /
1436			<select name="pdnpipe">
1437			<?php
1438			$dnqselected = 0;
1439			echo "<option value=\"none\"";
1440			if (!$dnqselected) echo " SELECTED";
1441			echo " >none</option>";
1442			foreach ($dnqlist as $dnq => $dnqkey) {
1443			if($dnq == "")
1444			continue;
1445	85a236e9	Ermal	echo "<option value=\"$dnq\"";
1446			if ($dnq == $pconfig['pdnpipe']) {
1447	a5fd67e1	Ermal Luçi	$dnqselected = 1;
1448			echo " SELECTED";
1449			}
1450			echo ">{$dnq}</option>";
1451			}
1452			?>
1453	4c263f57	sullrich	</select>
1454	a5fd67e1	Ermal Luçi	<br />
1455	bb8f186e	Chris Buechler	<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br/>".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br/>".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span>
1456	4c263f57	sullrich	</div>
1457	a5fd67e1	Ermal Luçi	</td>
1458			</tr>
1459
1460	197bfe96	Ermal Luçi	<tr>
1461	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td>
1462	197bfe96	Ermal Luçi	<td width="78%" class="vtable">
1463	ee9933b6	Renato Botelho	<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1464	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1465	0239d8ee	sullrich	</div>
1466	ee9933b6	Renato Botelho	<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1467	0239d8ee	sullrich	<select name="ackqueue">
1468	197bfe96	Ermal Luçi	<?php
1469	0239d8ee	sullrich	if (!is_array($qlist))
1470			$qlist = array();
1471			echo "<option value=\"none\"";
1472			if (!$qselected) echo " SELECTED";
1473			echo " >none</option>";
1474			foreach ($qlist as $q => $qkey) {
1475			if($q == "")
1476			continue;
1477			echo "<option value=\"$q\"";
1478			if ($q == $pconfig['ackqueue']) {
1479			$qselected = 1;
1480			echo " SELECTED";
1481			}
1482	199791f9	Ermal	if (isset($ifdisp[$q]))
1483			echo ">{$ifdisp[$q]}</option>";
1484			else
1485			echo ">{$q}</option>";
1486	197bfe96	Ermal Luçi	}
1487			?>
1488	0239d8ee	sullrich	</select> /
1489			<select name="defaultqueue">
1490	197bfe96	Ermal Luçi	<?php
1491	0239d8ee	sullrich	$qselected = 0;
1492			echo "<option value=\"none\"";
1493			if (!$qselected) echo " SELECTED";
1494			echo " >none</option>";
1495			foreach ($qlist as $q => $qkey) {
1496			if($q == "")
1497			continue;
1498			echo "<option value=\"$q\"";
1499			if ($q == $pconfig['defaultqueue']) {
1500			$qselected = 1;
1501			echo " SELECTED";
1502			}
1503	199791f9	Ermal	if (isset($ifdisp[$q]))
1504			echo ">{$ifdisp[$q]}</option>";
1505			else
1506			echo ">{$q}</option>";
1507	197bfe96	Ermal Luçi	}
1508			?>
1509	0239d8ee	sullrich	</select>
1510			<br />
1511	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span>
1512	0239d8ee	sullrich	</td>
1513			</tr>
1514			<tr>
1515	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
1516	0239d8ee	sullrich	<td width="78%" class="vtable">
1517	ee9933b6	Renato Botelho	<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1518	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1519	4c263f57	sullrich	</div>
1520	ee9933b6	Renato Botelho	<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1521	0239d8ee	sullrich	<select name="l7container">
1522	7e50413c	Ermal Luçi	<?php
1523	0239d8ee	sullrich	if (!is_array($l7clist))
1524	06e2a55d	thompsa	$l7clist = array();
1525	0239d8ee	sullrich	echo "<option value=\"none\"";
1526			echo " >none</option>";
1527			foreach ($l7clist as $l7ckey) {
1528			echo "<option value=\"{$l7ckey}\"";
1529			if ($l7ckey == $pconfig['l7container']) {
1530			echo " SELECTED";
1531			}
1532			echo ">{$l7ckey}</option>";
1533			}
1534	7e50413c	Ermal Luçi	?>
1535	0239d8ee	sullrich	</select>
1536	7e50413c	Ermal Luçi	<br/>
1537	0239d8ee	sullrich	<span class="vexpl">
1538	4fe84f51	Carlos Eduardo Ramos	<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
1539			"These are valid for TCP and UDP protocols only.");?>
1540	0239d8ee	sullrich	</span>
1541			</div>
1542	7e50413c	Ermal Luçi	</td>
1543			</tr>
1544	d65962a7	Scott Ullrich	<?php
1545			// Allow extending of the firewall edit page and include custom input validation
1546			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate");
1547			?>
1548	8ab3e9ed	Erik Kristensen	<tr>
1549			<td width="22%" valign="top"> </td>
1550			<td width="78%">
1551	151eb2a9	sullrich	<br>
1552	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1553	8ab3e9ed	Erik Kristensen	<?php if (isset($id) && $a_filter[$id]): ?>
1554	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1555	8ab3e9ed	Erik Kristensen	<?php endif; ?>
1556	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1557	8ab3e9ed	Erik Kristensen	</td>
1558	82628210	Scott Ullrich	</tr>
1559	8ab3e9ed	Erik Kristensen	</table>
1560	5b237745	Scott Ullrich	</form>
1561			<script language="JavaScript">
1562	4dfd930e	Darren Embry	//<![CDATA[
1563	8ab3e9ed	Erik Kristensen	ext_change();
1564			typesel_change();
1565			proto_change();
1566	3e74107e	Erik Fonnesbeck	<?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") \|\| (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?>
1567			show_source_port_range();
1568			<?php endif; ?>
1569	19757279	Scott Ullrich
1570	4dfd930e	Darren Embry	var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
1571			var customarray = <?= json_encode(get_alias_list("port")) ?>;
1572	19757279	Scott Ullrich
1573	9eb60dcc	Ermal Lu?i	var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
1574			var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
1575			var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
1576			var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
1577			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
1578			var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
1579	4dfd930e	Darren Embry	//]]>
1580	5b237745	Scott Ullrich	</script>
1581			<?php include("fend.inc"); ?>
1582			</body>
1583	9b45f821	Ermal Lu?i	</html>

Project

General

Profile

pfSense