/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ 4e41f518

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33
34			require("guiconfig.inc");
35
36	e825920f	Scott Ullrich	$specialsrcdst = explode(" ", "any wanip lanip lan pptp pppoe");
37	5b237745	Scott Ullrich
38			if (!is_array($config['filter']['rule'])) {
39			$config['filter']['rule'] = array();
40			}
41			filter_rules_sort();
42			$a_filter = &$config['filter']['rule'];
43
44			$id = $_GET['id'];
45			if (is_numeric($_POST['id']))
46			$id = $_POST['id'];
47	5ba18897	Scott Ullrich
48	5b237745	Scott Ullrich	$after = $_GET['after'];
49
50			if (isset($_POST['after']))
51			$after = $_POST['after'];
52
53			if (isset($_GET['dup'])) {
54			$id = $_GET['dup'];
55			$after = $_GET['dup'];
56			}
57
58			if (isset($id) && $a_filter[$id]) {
59			$pconfig['interface'] = $a_filter[$id]['interface'];
60	5ba18897	Scott Ullrich
61	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
62			$pconfig['type'] = "pass";
63			else
64			$pconfig['type'] = $a_filter[$id]['type'];
65	5ba18897	Scott Ullrich
66	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
67			$pconfig['proto'] = $a_filter[$id]['protocol'];
68			else
69			$pconfig['proto'] = "any";
70	5ba18897	Scott Ullrich
71	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
72			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
73	5ba18897	Scott Ullrich
74	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
75			$pconfig['srcmask'], $pconfig['srcnot'],
76			$pconfig['srcbeginport'], $pconfig['srcendport']);
77	5ba18897	Scott Ullrich
78	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
79			$pconfig['os'] = $a_filter[$id]['os'];
80	e33c8694	Bill Marquette
81	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
82			$pconfig['dstmask'], $pconfig['dstnot'],
83			$pconfig['dstbeginport'], $pconfig['dstendport']);
84
85			$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
86			$pconfig['log'] = isset($a_filter[$id]['log']);
87			$pconfig['descr'] = $a_filter[$id]['descr'];
88	8c84fe43	Scott Ullrich
89	ed08ef3e	Scott Ullrich	/* advanced */
90	fa9af164	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
91			$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
92			$pconfig['statetype'] = $a_filter[$id]['statetype'];
93	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
94	8c84fe43	Scott Ullrich
95			$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
96	10f21e70	Scott Ullrich
97	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
98			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
99			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
100	5ba18897	Scott Ullrich
101	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
102	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
103	615b27bc	Scott Dale
104			//schedule support
105			$pconfig['sched'] = $a_filter[$id]['sched'];
106	c98ddde2	Bill Marquette
107	5b237745	Scott Ullrich	} else {
108			/* defaults */
109	a23d7248	Scott Ullrich	if ($_GET['if'])
110			$pconfig['interface'] = $_GET['if'];
111	5b237745	Scott Ullrich	$pconfig['type'] = "pass";
112			$pconfig['src'] = "any";
113			$pconfig['dst'] = "any";
114			}
115
116			if (isset($_GET['dup']))
117			unset($id);
118
119			if ($_POST) {
120
121	28f9e493	Scott Ullrich	if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
122			$input_errors[] = "Reject type rules only works when the protocol is set to TCP.";
123
124	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
125			$_POST['srcbeginport'] = 0;
126			$_POST['srcendport'] = 0;
127			$_POST['dstbeginport'] = 0;
128			$_POST['dstendport'] = 0;
129			} else {
130	5ba18897	Scott Ullrich
131	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
132			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
133			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
134			$_POST['srcendport'] = $_POST['srcendport_cust'];
135	5ba18897	Scott Ullrich
136	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
137			$_POST['srcbeginport'] = 0;
138			$_POST['srcendport'] = 0;
139	5ba18897	Scott Ullrich	} else {
140	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
141			$_POST['srcendport'] = $_POST['srcbeginport'];
142			}
143			if ($_POST['srcendport'] == "any")
144			$_POST['srcendport'] = $_POST['srcbeginport'];
145	5ba18897	Scott Ullrich
146	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
147			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
148			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
149			$_POST['dstendport'] = $_POST['dstendport_cust'];
150	5ba18897	Scott Ullrich
151	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
152			$_POST['dstbeginport'] = 0;
153			$_POST['dstendport'] = 0;
154	5ba18897	Scott Ullrich	} else {
155	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
156			$_POST['dstendport'] = $_POST['dstbeginport'];
157			}
158			if ($_POST['dstendport'] == "any")
159	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
160	5b237745	Scott Ullrich	}
161	5ba18897	Scott Ullrich
162	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
163			$_POST['src'] = $_POST['srctype'];
164			$_POST['srcmask'] = 0;
165			} else if ($_POST['srctype'] == "single") {
166			$_POST['srcmask'] = 32;
167			}
168			if (is_specialnet($_POST['dsttype'])) {
169			$_POST['dst'] = $_POST['dsttype'];
170			$_POST['dstmask'] = 0;
171			} else if ($_POST['dsttype'] == "single") {
172			$_POST['dstmask'] = 32;
173			}
174	5ba18897	Scott Ullrich
175	5b237745	Scott Ullrich	unset($input_errors);
176			$pconfig = $_POST;
177
178			/* input validation */
179			$reqdfields = explode(" ", "type interface proto src dst");
180			$reqdfieldsn = explode(",", "Type,Interface,Protocol,Source,Destination");
181
182	bdb7d6e7	Scott Ullrich
183	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
184	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
185			$input_errors[] = "{$_POST['statetype']} is only valid with protocol tcp.";
186	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
187			$input_errors[] = "{$_POST['statetype']} is only valid if the gateway is set to 'default'.";
188			}
189	bdb7d6e7	Scott Ullrich
190	5ba18897	Scott Ullrich
191	5b237745	Scott Ullrich	if (!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) {
192			$reqdfields[] = "srcmask";
193			$reqdfieldsn[] = "Source bit count";
194			}
195			if (!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) {
196			$reqdfields[] = "dstmask";
197			$reqdfieldsn[] = "Destination bit count";
198			}
199	5ba18897	Scott Ullrich
200	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
201	5ba18897	Scott Ullrich
202	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
203			$_POST['srcbeginport'] = 0;
204			$_POST['srcendport'] = 0;
205			}
206			if (!$_POST['dstbeginport']) {
207			$_POST['dstbeginport'] = 0;
208			$_POST['dstendport'] = 0;
209			}
210	5ba18897	Scott Ullrich
211	19757279	Scott Ullrich	if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) {
212	aba8aace	Scott Ullrich	$input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
213	bdb7d6e7	Scott Ullrich	}
214	19757279	Scott Ullrich	if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) {
215	aba8aace	Scott Ullrich	$input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
216	bdb7d6e7	Scott Ullrich	}
217	19757279	Scott Ullrich	if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) {
218	aba8aace	Scott Ullrich	$input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
219	bdb7d6e7	Scott Ullrich	}
220	19757279	Scott Ullrich	if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) {
221	aba8aace	Scott Ullrich	$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
222	bdb7d6e7	Scott Ullrich	}
223	5ba18897	Scott Ullrich
224	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
225			if($_POST['srctype'] == "network") {
226			if(is_alias($_POST['src']))
227			$input_errors[] = "You must specify single host or alias for alias entries.";
228			}
229			if($_POST['dsttype'] == "network") {
230			if(is_alias($_POST['dst']))
231			$input_errors[] = "You must specify single host or alias for alias entries.";
232			}
233
234	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
235			if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
236			$input_errors[] = "A valid source IP address or alias must be specified.";
237			}
238			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
239			$input_errors[] = "A valid source bit count must be specified.";
240			}
241			}
242			if (!is_specialnet($_POST['dsttype'])) {
243			if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
244			$input_errors[] = "A valid destination IP address or alias must be specified.";
245			}
246			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
247			$input_errors[] = "A valid destination bit count must be specified.";
248			}
249			}
250	5ba18897	Scott Ullrich
251	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
252			/* swap */
253			$tmp = $_POST['srcendport'];
254			$_POST['srcendport'] = $_POST['srcbeginport'];
255			$_POST['srcbeginport'] = $tmp;
256			}
257			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
258			/* swap */
259			$tmp = $_POST['dstendport'];
260			$_POST['dstendport'] = $_POST['dstbeginport'];
261			$_POST['dstbeginport'] = $tmp;
262			}
263	e33c8694	Bill Marquette	if ($_POST['os'])
264			if( $_POST['proto'] != "tcp" )
265			$input_errors[] = "OS detection is only valid with protocol tcp.";
266	5b237745	Scott Ullrich
267			if (!$input_errors) {
268			$filterent = array();
269			$filterent['type'] = $_POST['type'];
270			$filterent['interface'] = $_POST['interface'];
271	d59874c1	Scott Ullrich
272	bdb7d6e7	Scott Ullrich	/* Advanced options */
273			$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
274			$filterent['max-src-states'] = $_POST['max-src-states'];
275	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
276	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
277	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
278	10f21e70	Scott Ullrich
279			/* Nosync directive - do not xmlrpc sync this item */
280	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
281	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
282			else
283			unset($filterent['nosync']);
284
285	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
286			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
287			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
288			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
289			} else {
290			unset($filterent['max-src-conn-rate']);
291			unset($filterent['max-src-conn-rates']);
292			}
293	5ba18897	Scott Ullrich
294	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
295			$filterent['protocol'] = $_POST['proto'];
296			else
297			unset($filterent['protocol']);
298	5ba18897	Scott Ullrich
299	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
300			$filterent['icmptype'] = $_POST['icmptype'];
301			else
302			unset($filterent['icmptype']);
303	5ba18897	Scott Ullrich
304	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
305			$_POST['srcmask'], $_POST['srcnot'],
306			$_POST['srcbeginport'], $_POST['srcendport']);
307	5ba18897	Scott Ullrich
308	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
309			$_POST['dstmask'], $_POST['dstnot'],
310			$_POST['dstbeginport'], $_POST['dstendport']);
311	5ba18897	Scott Ullrich
312	f87f85c3	Bill Marquette	if ($_POST['disabled'])
313			$filterent['disabled'] = true;
314			else
315			unset($filterent['disabled']);
316			if ($_POST['log'])
317			$filterent['log'] = true;
318			else
319			unset($filterent['log']);
320	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
321	5ba18897	Scott Ullrich
322	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
323			$filterent['gateway'] = $_POST['gateway'];
324			}
325
326	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
327			$filterent['sched'] = $_POST['sched'];
328			}
329
330	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
331			$a_filter[$id] = $filterent;
332			else {
333			if (is_numeric($after))
334			array_splice($a_filter, $after+1, 0, array($filterent));
335			else
336			$a_filter[] = $filterent;
337			}
338	f4e2a352	Scott Ullrich
339	5b237745	Scott Ullrich	write_config();
340			touch($d_filterconfdirty_path);
341	5ba18897	Scott Ullrich
342	a23d7248	Scott Ullrich	header("Location: firewall_rules.php?if=" . $_POST['interface']);
343	5b237745	Scott Ullrich	exit;
344			}
345	c60824d2	Scott Ullrich	}
346
347	da7ae7ef	Bill Marquette	$pgtitle = "Firewall: Rules: Edit";
348	a1357fe0	Bill Marquette	$closehead = false;
349	8ab3e9ed	Erik Kristensen
350			$page_filename = "firewall_rules_edit.php";
351	da7ae7ef	Bill Marquette	include("head.inc");
352	c60824d2	Scott Ullrich
353	5b237745	Scott Ullrich	?>
354	da7ae7ef	Bill Marquette
355	5b237745	Scott Ullrich	</head>
356
357			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
358			<?php include("fbegin.inc"); ?>
359	da7ae7ef	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
360	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
361	8ab3e9ed	Erik Kristensen
362			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
363			<table width="100%" border="0" cellpadding="6" cellspacing="0">
364			<tr>
365			<td width="22%" valign="top" class="vncellreq">Action</td>
366			<td width="78%" class="vtable">
367	b5c78501	Seth Mos	<select name="type" class="formselect">
368	8ab3e9ed	Erik Kristensen	<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
369			<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
370			<?=htmlspecialchars($type);?>
371			</option>
372			<?php endforeach; ?>
373	8c84fe43	Scott Ullrich	</select>
374	8ab3e9ed	Erik Kristensen	<br/>
375			<span class="vexpl">
376			Choose what to do with packets that match the criteria specified below. <br/>
377			Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded. Reject only works when the protocol is set to either TCP or UDP (but not "TCP/UDP") below.
378			</span>
379			</td>
380			</tr>
381			<tr>
382			<td width="22%" valign="top" class="vncellreq">Disabled</td>
383			<td width="78%" class="vtable">
384			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
385			<strong>Disable this rule</strong><br />
386			<span class="vexpl">Set this option to disable this rule without removing it from the list.</span>
387			</td>
388			</tr>
389			<tr>
390			<td width="22%" valign="top" class="vncellreq">Interface</td>
391			<td width="78%" class="vtable">
392	b5c78501	Seth Mos	<select name="interface" class="formselect">
393	8ab3e9ed	Erik Kristensen	<?php
394	0feec714	Scott Ullrich	$interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP', 'pppoe' => 'PPPOE', 'enc0' => 'IPSEC');
395	8ab3e9ed	Erik Kristensen	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
396			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
397			}
398			foreach ($interfaces as $iface => $ifacename): ?>
399			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>><?=htmlspecialchars($ifacename);?></option>
400			<?php endforeach; ?>
401	8c84fe43	Scott Ullrich	</select>
402	8ab3e9ed	Erik Kristensen	<br />
403			<span class="vexpl">Choose on which interface packets must come in to match this rule.</span>
404			</td>
405			</tr>
406			<tr>
407			<td width="22%" valign="top" class="vncellreq">Protocol</td>
408			<td width="78%" class="vtable">
409	b5c78501	Seth Mos	<select name="proto" class="formselect" onchange="proto_change()">
410	8ab3e9ed	Erik Kristensen	<?php
411	773861f6	Scott Ullrich	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP any carp pfsync");
412	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
413			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
414			<?php endforeach; ?>
415			</select>
416			<br />
417			<span class="vexpl">Choose which IP protocol this rule should match. <br /> Hint: in most cases, you should specify <em>TCP</em>  here.</span>
418			</td>
419			</tr>
420	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
421	8ab3e9ed	Erik Kristensen	<td valign="top" class="vncell">ICMP type</td>
422			<td class="vtable">
423	b5c78501	Seth Mos	<select name="icmptype" class="formselect">
424	8ab3e9ed	Erik Kristensen	<?php
425			$icmptypes = array(
426			"" => "any",
427			"echorep" => "Echo reply",
428			"unreach" => "Destination unreachable",
429			"squench" => "Source quench",
430			"redir" => "Redirect",
431			"althost" => "Alternate Host",
432			"echoreq" => "Echo",
433			"routeradv" => "Router advertisement",
434			"routersol" => "Router solicitation",
435			"timex" => "Time exceeded",
436			"paramprob" => "Invalid IP header",
437			"timereq" => "Timestamp",
438			"timerep" => "Timestamp reply",
439			"inforeq" => "Information request",
440			"inforep" => "Information reply",
441			"maskreq" => "Address mask request",
442			"maskrep" => "Address mask reply"
443			);
444
445			foreach ($icmptypes as $icmptype => $descr): ?>
446			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
447			<?php endforeach; ?>
448			</select>
449			<br />
450			<span class="vexpl">If you selected ICMP for the protocol above, you may specify an ICMP type here.</span>
451			</td>
452			</tr>
453			<tr>
454			<td width="22%" valign="top" class="vncellreq">Source</td>
455			<td width="78%" class="vtable">
456			<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
457			<strong>not</strong>
458			<br />
459			Use this option to invert the sense of the match.
460			<br />
461			<br />
462			<table border="0" cellspacing="0" cellpadding="0">
463			<tr>
464			<td>Type:  </td>
465			<td>
466	b5c78501	Seth Mos	<select name="srctype" class="formselect" onChange="typesel_change()">
467	8ab3e9ed	Erik Kristensen	<?php
468			$sel = is_specialnet($pconfig['src']); ?>
469			<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option>
470			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
471			<option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option>
472	76934b05	Scott Ullrich	<option value="wanip" <?php if ($pconfig['src'] == "wanip") { echo "selected"; } ?>>WAN address</option>
473	acb31d29	Scott Ullrich	<option value="lanip" <?php if ($pconfig['src'] == "lanip") { echo "selected"; } ?>>LAN address</option>
474	8ab3e9ed	Erik Kristensen	<option value="lan" <?php if ($pconfig['src'] == "lan") { echo "selected"; } ?>>LAN subnet</option>
475			<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>PPTP clients</option>
476	8c84fe43	Scott Ullrich	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option>
477	8ab3e9ed	Erik Kristensen	<?php
478			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
479			<option value="opt<?=$i;?>" <?php if ($pconfig['src'] == "opt" . $i) { echo "selected"; } ?>><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?> subnet</option>
480	e30a5970	Scott Ullrich	<option value="opt<?=$i;?>ip"<?php if ($pconfig['src'] == "opt" . $i . "ip") { echo "selected"; } ?>>
481			<?=$config['interfaces']['opt' . $i]['descr']?> address
482			</option>
483	8ab3e9ed	Erik Kristensen	<?php endfor; ?>
484			</select>
485			</td>
486			</tr>
487			<tr>
488			<td>Address:  </td>
489			<td>
490			<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
491	b5c78501	Seth Mos	<select name="srcmask" class="formselect" id="srcmask">
492	8ab3e9ed	Erik Kristensen	<?php for ($i = 31; $i > 0; $i--): ?>
493			<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
494			<?php endfor; ?>
495			</select>
496	bdb7d6e7	Scott Ullrich	</td>
497	8ab3e9ed	Erik Kristensen	</tr>
498			</table>
499	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
500			<p>
501	be812936	Scott Ullrich	<input type="button" onClick="show_source_port_range()" value="Advanced"></input> - Show source port range</a>
502	22abf2ef	Scott Ullrich	</div>
503	8ab3e9ed	Erik Kristensen	</td>
504	e33c8694	Bill Marquette	</tr>
505	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
506	8ab3e9ed	Erik Kristensen	<td width="22%" valign="top" class="vncellreq">Source port range</td>
507			<td width="78%" class="vtable">
508			<table border="0" cellspacing="0" cellpadding="0">
509			<tr>
510			<td>from:  </td>
511			<td>
512	b5c78501	Seth Mos	<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
513	8ab3e9ed	Erik Kristensen	<option value="">(other)</option>
514			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
515			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
516			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
517			<?php endforeach; ?>
518	8c84fe43	Scott Ullrich	</select>
519	8ab3e9ed	Erik Kristensen	<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>">
520			</td>
521			</tr>
522			<tr>
523			<td>to:</td>
524			<td>
525	b5c78501	Seth Mos	<select name="srcendport" class="formselect" onchange="ext_change()">
526	8ab3e9ed	Erik Kristensen	<option value="">(other)</option>
527			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
528			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
529			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
530			<?php endforeach; ?>
531	8c84fe43	Scott Ullrich	</select>
532	8ab3e9ed	Erik Kristensen	<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>">
533			</td>
534			</tr>
535			</table>
536			<br />
537	5548a077	Scott Ullrich	<span class="vexpl">Specify the port or port range for the source of the packet for this rule. This is usually not equal to the destination port range (and is often "any"). <br /> Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port</span><br/>
538	67199e71	Scott Ullrich	<span class="vexpl"><B>NOTE:</B> You will not need to enter anything here in 99.99999% of the circumstances. If you're unsure, do not enter anything here!</span>
539	8ab3e9ed	Erik Kristensen	</td>
540	8c84fe43	Scott Ullrich	</tr>
541	8ab3e9ed	Erik Kristensen	<tr>
542			<td width="22%" valign="top" class="vncellreq">Source OS</td>
543			<td width="78%" class="vtable">OS Type:
544	b5c78501	Seth Mos	<select name="os" id="os" class="formselect">
545	8ab3e9ed	Erik Kristensen	<?php
546			$ostypes = array(
547			"" => "any",
548			"AIX" => "AIX",
549			"Linux" => "Linux",
550			"FreeBSD" => "FreeBSD",
551			"NetBSD" => "NetBSD",
552			"OpenBSD" => "OpenBSD",
553			"Solaris" => "Solaris",
554			"MacOS" => "MacOS",
555			"Windows" => "Windows",
556	59d62b6c	Scott Ullrich	"Novell" => "Novell",
557			"NMAP" => "NMAP"
558	8ab3e9ed	Erik Kristensen	);
559
560			foreach ($ostypes as $ostype => $descr): ?>
561			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
562			<?php endforeach; ?>
563			</select>
564			<br />
565			Note: this only works for TCP rules
566			</td>
567	5ba18897	Scott Ullrich	</tr>
568	8ab3e9ed	Erik Kristensen	<tr>
569			<td width="22%" valign="top" class="vncellreq">Destination</td>
570			<td width="78%" class="vtable">
571			<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
572			<strong>not</strong>
573			<br />
574			Use this option to invert the sense of the match.
575			<br />
576			<br />
577			<table border="0" cellspacing="0" cellpadding="0">
578			<tr>
579			<td>Type:  </td>
580			<td>
581	b5c78501	Seth Mos	<select name="dsttype" class="formselect" onChange="typesel_change()">
582	8ab3e9ed	Erik Kristensen	<?php
583			$sel = is_specialnet($pconfig['dst']); ?>
584			<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option>
585			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
586			<option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option>
587	76934b05	Scott Ullrich	<option value="wanip" <?php if ($pconfig['dst'] == "wanip") { echo "selected"; } ?>>WAN address</option>
588	acb31d29	Scott Ullrich	<option value="lanip" <?php if ($pconfig['dst'] == "lanip") { echo "selected"; } ?>>LAN address</option>
589	8ab3e9ed	Erik Kristensen	<option value="lan" <?php if ($pconfig['dst'] == "lan") { echo "selected"; } ?>>LAN subnet</option>
590			<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>PPTP clients</option>
591			<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>>PPPoE clients</option>
592			<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
593			<option value="opt<?=$i;?>" <?php if ($pconfig['dst'] == "opt" . $i) { echo "selected"; } ?>><?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?> subnet</option>
594	369578b1	Scott Ullrich	<option value="opt<?=$i;?>ip"<?php if ($pconfig['dst'] == "opt" . $i . "ip") { echo "selected"; } ?>>
595	cbff71a1	Scott Ullrich	<?=$config['interfaces']['opt' . $i]['descr']?> address
596			</option>
597	8ab3e9ed	Erik Kristensen	<?php endfor; ?>
598			</select>
599			</td>
600			</tr>
601			<tr>
602			<td>Address:  </td>
603			<td>
604			<input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
605			/
606	b5c78501	Seth Mos	<select name="dstmask" class="formselect" id="dstmask">
607	8ab3e9ed	Erik Kristensen	<?php
608			for ($i = 31; $i > 0; $i--): ?>
609			<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
610			<?php endfor; ?>
611			</select>
612			</td>
613			</tr>
614			</table>
615	5ba18897	Scott Ullrich
616	8ab3e9ed	Erik Kristensen	</td>
617			</tr>
618	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
619	8ab3e9ed	Erik Kristensen	<td width="22%" valign="top" class="vncellreq">Destination port range </td>
620			<td width="78%" class="vtable">
621			<table border="0" cellspacing="0" cellpadding="0">
622			<tr>
623			<td>from:  </td>
624			<td>
625	b5c78501	Seth Mos	<select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
626	8ab3e9ed	Erik Kristensen	<option value="">(other)</option>
627			<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
628			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
629			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
630			<?php endforeach; ?>
631			</select>
632			<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>">
633			</td>
634			</tr>
635			<tr>
636			<td>to:</td>
637			<td>
638	b5c78501	Seth Mos	<select name="dstendport" class="formselect" onchange="ext_change()">
639	8ab3e9ed	Erik Kristensen	<option value="">(other)</option>
640			<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
641			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
642			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
643			<?php endforeach; ?>
644	8c84fe43	Scott Ullrich	</select>
645	8ab3e9ed	Erik Kristensen	<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>">
646			</td>
647			</tr>
648			</table>
649			<br />
650			<span class="vexpl">
651			Specify the port or port range for the destination of the packet for this rule.
652			<br />
653			Hint: you can leave the <em>'to'</em> field empty if you only want to filter a single port
654			</span>
655			</td>
656			</tr>
657			<tr>
658			<td width="22%" valign="top" class="vncellreq">Log</td>
659			<td width="78%" class="vtable">
660			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
661			<strong>Log packets that are handled by this rule</strong>
662			<br />
663			<span class="vexpl">Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server (see the <a href="diag_logs_settings.php">Diagnostics: System logs: Settings</a> page).</span>
664			</td>
665			</tr>
666			<tr>
667			<td width="22%" valign="top" class="vncell">Advanced Options</td>
668			<td width="78%" class="vtable">
669	197b2a47	Scott Ullrich	<div id="aoadv" name="aoadv">
670	581a46c8	Scott Ullrich	<input type="button" onClick="show_aodiv();" value="Advanced"> - Show advanced options
671	197b2a47	Scott Ullrich	</div>
672			<div id="aodivmain" name="aodivmain" style="display:none">
673	8ab3e9ed	Erik Kristensen	<input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br> Simultaneous client connection limit<p>
674			<input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br> Maximum state entries per host<p>
675			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> /
676			<select name="max-src-conn-rates" id="max-src-conn-rates">
677			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
678			<?php for($x=1; $x<255; $x++) {
679			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
680			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
681			} ?>
682	47042140	Scott Ullrich	</select><br />
683	8ab3e9ed	Erik Kristensen	Maximum new connections / per second
684	47042140	Scott Ullrich	<p>
685
686			<input name="statetimeout" value="<?php echo $pconfig['statetimeout'] ?>"><br>
687	3906617b	Scott Ullrich	State Timeout in seconds
688	47042140	Scott Ullrich	<p />
689
690	8ab3e9ed	Erik Kristensen	<p><strong>NOTE: Leave these fields blank to disable this feature.</strong>
691	197b2a47	Scott Ullrich	</div>
692	8ab3e9ed	Erik Kristensen	</td>
693			</tr>
694			<tr>
695			<td width="22%" valign="top" class="vncell">State Type</td>
696			<td width="78%" class="vtable">
697	f6970b2f	Scott Ullrich	<div id="showadvstatebox">
698			<input type="button" onClick="show_advanced_state()" value="Advanced"></input> - Show state</a>
699			</div>
700			<div id="showstateadv" style="display:none">
701			<select name="statetype">
702			<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>>keep state</option>
703			<option value="modulate state" <?php if($pconfig['statetype'] == "modulate state") echo "selected"; ?>>modulate state</option>
704			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>>synproxy state</option>
705			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>>none</option>
706			</select><br>HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.
707			<p>
708			<table width="90%">
709			<tr><td width="25%"><ul><li>keep state</li></td><td>works with TCP, UDP, and ICMP.</ul></td></tr>
710			<tr><td width="25%"><ul><li>modulate state</li></td><td>works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs) for packets matching this rule.</li></ul></td></tr>
711			<tr><td width="25%"><ul><li>synproxy state</li></td><td>proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.</ul></td></tr>
712			<tr><td width="25%"><ul><li>none</li></td><td>do not use state mechanisms to keep track. this is only useful if your doing advanced queueing in certain situations. please check the faq.</ul></td></tr>
713			</table>
714			</p>
715			</div>
716	8ab3e9ed	Erik Kristensen	</td>
717			</tr>
718	10f21e70	Scott Ullrich	<tr>
719			<td width="22%" valign="top" class="vncell">No XMLRPC Sync</td>
720			<td width="78%" class="vtable">
721	c32518fa	Scott Ullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
722	782c65b8	Scott Ullrich	HINT: This prevents the rule from automatically syncing to other carp members.
723	10f21e70	Scott Ullrich	</td>
724	8c84fe43	Scott Ullrich	</tr>
725	615b27bc	Scott Dale	<?php
726			//build list of schedules
727			$schedules = array();
728			$schedules[] = "none";//leave none to leave rule enabled all the time
729	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
730			foreach ($config['schedules']['schedule'] as $schedule) {
731			if ($schedule['name'] <> "")
732			$schedules[] = $schedule['name'];
733			}
734			}
735	615b27bc	Scott Dale	?>
736			<tr>
737			<td width="22%" valign="top" class="vncell">Schedule</td>
738			<td width="78%" class="vtable">
739			<select name='sched'>
740			<?php
741			foreach($schedules as $schedule) {
742			if($schedule == $pconfig['sched']) {
743			$selected = " SELECTED";
744			} else {
745			$selected = "";
746			}
747			if ($schedule == "none") {
748			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
749			} else {
750			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
751			}
752			}?>
753			</select>
754	49decb66	Scott Ullrich	<p>Leave as 'none' to leave the rule enabled all the time.</p>
755	4cf2b7fd	Scott Ullrich	<strong>NOTE: schedule logic can be a bit different. Click <a target="_new" href='firewall_rules_schedule_logic.php'>here</a> for more information.</strong>
756	615b27bc	Scott Dale	</td>
757			</tr>
758
759	8ab3e9ed	Erik Kristensen	<?php
760	82628210	Scott Ullrich	/* build a list of gateways */
761			$gateways = array();
762	615b27bc	Scott Dale	$gateways[] = "default"; // default to don't use this feature :)
763	82628210	Scott Ullrich	foreach($config['interfaces'] as $int) {
764			if($int['gateway'] <> "")
765			$gateways[]=$int['gateway'];
766			}
767	8ab3e9ed	Erik Kristensen	?>
768	82628210	Scott Ullrich	<tr>
769	8ab3e9ed	Erik Kristensen	<td width="22%" valign="top" class="vncell">Gateway</td>
770			<td width="78%" class="vtable">
771			<select name='gateway'>
772			<?php
773	82628210	Scott Ullrich	foreach($gateways as $gw) {
774	0581660c	Scott Ullrich	if($gw == "")
775			continue;
776	e6c0da7c	Scott Ullrich	if($gw == $pconfig['gateway']) {
777	82628210	Scott Ullrich	$selected = " SELECTED";
778	e6c0da7c	Scott Ullrich	} else {
779	82628210	Scott Ullrich	$selected = "";
780	e6c0da7c	Scott Ullrich	}
781			if ($gw == "default") {
782	8c84fe43	Scott Ullrich	echo "<option value=\"\" {$selected}>{$gw}</option>\n";
783	e6c0da7c	Scott Ullrich	} else {
784	bd8d9d92	Bill Marquette	echo "<option value=\"{$gw}\" {$selected}>{$gw}</option>\n";
785	e6c0da7c	Scott Ullrich	}
786			}
787	a68bd38b	Scott Ullrich	if(is_array($config['load_balancer']['lbpool'])) {
788			foreach($config['load_balancer']['lbpool'] as $lb) {
789	0581660c	Scott Ullrich	if($lb['name'] == "")
790			continue;
791	a68bd38b	Scott Ullrich	if($pconfig['gateway'] == $lb['name']) {
792			echo "<option value=\"{$lb['name']}\" SELECTED>{$lb['name']}</option>\n";
793			} else {
794			echo "<option value=\"{$lb['name']}\">{$lb['name']}</option>\n";
795			}
796	8c84fe43	Scott Ullrich	}
797	82628210	Scott Ullrich	}
798	1fda0968	Scott Ullrich	for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
799			if($config['interfaces']['opt' . $i]['ipaddr'] == "dhcp") {
800			$descr = $config['interfaces']['opt' . $i]['descr'];
801	4443d4d6	Scott Ullrich	if ($pconfig['gateway'] == "opt{$i}") {
802			$selected = " SELECTED";
803	1fda0968	Scott Ullrich	} else {
804			$selected = "";
805			}
806	0581660c	Scott Ullrich	if($descr <> "")
807			echo "<option value=\"opt{$i}\" {$selected}>OPT{$i} - {$descr}</option>\n";
808	1fda0968	Scott Ullrich	}
809			}
810	8ab3e9ed	Erik Kristensen	?>
811			</select>
812	58a4eecd	Bill Marquette	<p><strong>Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.</strong></p>
813	8ab3e9ed	Erik Kristensen	</td>
814			</tr>
815	bca8e0ec	Scott Ullrich	<tr>
816			<td width="22%" valign="top" class="vncell">Description</td>
817			<td width="78%" class="vtable">
818	b5c78501	Seth Mos	<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
819	bca8e0ec	Scott Ullrich	<br />
820			<span class="vexpl">You may enter a description here for your reference (not parsed).</span>
821			</td>
822			</tr>
823	8ab3e9ed	Erik Kristensen	<tr>
824			<td width="22%" valign="top"> </td>
825			<td width="78%">
826			<input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
827			<?php if (isset($id) && $a_filter[$id]): ?>
828			<input name="id" type="hidden" value="<?=$id;?>">
829			<?php endif; ?>
830			<input name="after" type="hidden" value="<?=$after;?>">
831			</td>
832	82628210	Scott Ullrich	</tr>
833	8ab3e9ed	Erik Kristensen	</table>
834	5b237745	Scott Ullrich	</form>
835			<script language="JavaScript">
836			<!--
837	8ab3e9ed	Erik Kristensen	ext_change();
838			typesel_change();
839			proto_change();
840	19757279	Scott Ullrich
841			<?php
842	8ab3e9ed	Erik Kristensen	$isfirst = 0;
843			$aliases = "";
844			$addrisfirst = 0;
845			$aliasesaddr = "";
846			if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
847			foreach($config['aliases']['alias'] as $alias_name) {
848			if(!stristr($alias_name['address'], ".")) {
849			if($isfirst == 1) $aliases .= ",";
850			$aliases .= "'" . $alias_name['name'] . "'";
851			$isfirst = 1;
852			} else {
853			if($addrisfirst == 1) $aliasesaddr .= ",";
854			$aliasesaddr .= "'" . $alias_name['name'] . "'";
855			$addrisfirst = 1;
856			}
857	092ac49d	Scott Ullrich	}
858	19757279	Scott Ullrich	?>
859
860	8ab3e9ed	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
861			var customarray=new Array(<?php echo $aliases; ?>);
862	19757279	Scott Ullrich
863	5b237745	Scott Ullrich	//-->
864			</script>
865	8ab3e9ed	Erik Kristensen
866
867	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
868			</body>
869			</html>

Project

General

Profile

pfSense