/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ 6215694a

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: filter
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-rules-edit
39			##\|*NAME=Firewall: Rules: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
41			##\|MATCH=firewall_rules_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	1a03cf69	Scott Ullrich	require("filter.inc");
46			require("shaper.inc");
47	5b237745	Scott Ullrich
48	e5e5ba51	Vinicius Coque	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
49	3331a640	Ermal Lu?i	$ifdisp = get_configured_interface_with_descr();
50	679d21bb	Ermal Lu?i	foreach ($ifdisp as $kif => $kdescr) {
51	3331a640	Ermal Lu?i	$specialsrcdst[] = "{$kif}";
52			$specialsrcdst[] = "{$kif}ip";
53	679d21bb	Ermal Lu?i	}
54	5b237745	Scott Ullrich
55			if (!is_array($config['filter']['rule'])) {
56			$config['filter']['rule'] = array();
57			}
58			filter_rules_sort();
59			$a_filter = &$config['filter']['rule'];
60
61			$id = $_GET['id'];
62			if (is_numeric($_POST['id']))
63			$id = $_POST['id'];
64	5ba18897	Scott Ullrich
65	5b237745	Scott Ullrich	$after = $_GET['after'];
66
67			if (isset($_POST['after']))
68			$after = $_POST['after'];
69
70			if (isset($_GET['dup'])) {
71			$id = $_GET['dup'];
72			$after = $_GET['dup'];
73			}
74
75			if (isset($id) && $a_filter[$id]) {
76			$pconfig['interface'] = $a_filter[$id]['interface'];
77	5ba18897	Scott Ullrich
78	b9e28d57	unknown	if (isset($a_filter[$id]['id']))
79			$pconfig['ruleid'] = $a_filter[$id]['id'];
80
81	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
82			$pconfig['type'] = "pass";
83			else
84			$pconfig['type'] = $a_filter[$id]['type'];
85	5ba18897	Scott Ullrich
86	4633edc2	Ermal Luçi	if (isset($a_filter[$id]['floating']) \|\| $if == "FloatingRules") {
87	661aed33	Ermal Luçi	$pconfig['floating'] = $a_filter[$id]['floating'];
88			if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
89			$pconfig['interface'] = $a_filter[$id]['interface'];
90			}
91
92			if (isset($a_filter['floating']))
93			$pconfig['floating'] = "yes";
94
95			if (isset($a_filter[$id]['direction']))
96			$pconfig['direction'] = $a_filter[$id]['direction'];
97
98	1306c7dd	Seth Mos	if (isset($a_filter[$id]['ipprotocol']))
99			$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
100
101	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
102			$pconfig['proto'] = $a_filter[$id]['protocol'];
103			else
104			$pconfig['proto'] = "any";
105	5ba18897	Scott Ullrich
106	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
107			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
108	5ba18897	Scott Ullrich
109	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
110			$pconfig['srcmask'], $pconfig['srcnot'],
111			$pconfig['srcbeginport'], $pconfig['srcendport']);
112	5ba18897	Scott Ullrich
113	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
114			$pconfig['os'] = $a_filter[$id]['os'];
115	e33c8694	Bill Marquette
116	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
117			$pconfig['dstmask'], $pconfig['dstnot'],
118			$pconfig['dstbeginport'], $pconfig['dstendport']);
119
120	c5fc1b2e	Ermal Luçi	if ($a_filter[$id]['dscp'] <> "")
121			$pconfig['dscp'] = $a_filter[$id]['dscp'];
122
123	5b237745	Scott Ullrich	$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
124			$pconfig['log'] = isset($a_filter[$id]['log']);
125			$pconfig['descr'] = $a_filter[$id]['descr'];
126	8c84fe43	Scott Ullrich
127	b8ed2a11	Ermal	if (isset($a_filter[$id]['tcpflags_any']))
128			$pconfig['tcpflags_any'] = true;
129			else {
130			if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
131			$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1'];
132			if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
133			$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2'];
134			}
135
136	5c1f5584	Ermal Luçi	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
137	661aed33	Ermal Luçi	$pconfig['tag'] = $a_filter[$id]['tag'];
138	b6494651	Ermal Lu?i	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "")
139	661aed33	Ermal Luçi	$pconfig['tagged'] = $a_filter[$id]['tagged'];
140			if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick'])
141			$pconfig['quick'] = $a_filter[$id]['quick'];
142	775ccea3	Ermal Luci	if (isset($a_filter[$id]['allowopts']))
143			$pconfig['allowopts'] = true;
144	19757916	Ermal Lu?i	if (isset($a_filter[$id]['disablereplyto']))
145			$pconfig['disablereplyto'] = true;
146	661aed33	Ermal Luçi
147	ed08ef3e	Scott Ullrich	/* advanced */
148	a56b2fa0	pierrepomes	$pconfig['max'] = $a_filter[$id]['max'];
149	f1c49ff4	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
150	26dd6a54	pierrepomes	$pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn'];
151	f1c49ff4	Scott Ullrich	$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
152			$pconfig['statetype'] = $a_filter[$id]['statetype'];
153	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
154	8c84fe43	Scott Ullrich
155	f1c49ff4	Scott Ullrich	/* advanced - nosync */
156	8c84fe43	Scott Ullrich	$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
157	10f21e70	Scott Ullrich
158	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
159			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
160			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
161	5ba18897	Scott Ullrich
162	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
163	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
164	615b27bc	Scott Dale
165	197bfe96	Ermal Luçi	/* Shaper support */
166			$pconfig['defaultqueue'] = $a_filter[$id]['defaultqueue'];
167			$pconfig['ackqueue'] = $a_filter[$id]['ackqueue'];
168	a5fd67e1	Ermal Luçi	$pconfig['dnpipe'] = $a_filter[$id]['dnpipe'];
169			$pconfig['pdnpipe'] = $a_filter[$id]['pdnpipe'];
170	7e50413c	Ermal Luçi	$pconfig['l7container'] = $a_filter[$id]['l7container'];
171	197bfe96	Ermal Luçi
172	615b27bc	Scott Dale	//schedule support
173			$pconfig['sched'] = $a_filter[$id]['sched'];
174	35c9cd44	Erik Fonnesbeck	if (!isset($_GET['dup']))
175			$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
176	c98ddde2	Bill Marquette
177	5b237745	Scott Ullrich	} else {
178			/* defaults */
179	a23d7248	Scott Ullrich	if ($_GET['if'])
180			$pconfig['interface'] = $_GET['if'];
181	e5e5ba51	Vinicius Coque	$pconfig['type'] = "pass";
182			$pconfig['src'] = "any";
183			$pconfig['dst'] = "any";
184	5b237745	Scott Ullrich	}
185	72320b88	Ermal Luçi	/* Allow the FlotingRules to work */
186			$if = $pconfig['interface'];
187	5b237745	Scott Ullrich
188			if (isset($_GET['dup']))
189			unset($id);
190
191			if ($_POST) {
192	99bdb17e	Seth Mos	unset($input_errors);
193	87f0be87	Chris Buechler
194	48a27d4f	Erik Fonnesbeck	if( isset($a_filter[$id]['associated-rule-id']) ) {
195			$_POST['proto'] = $pconfig['proto'];
196			if ($pconfig['proto'] == "icmp")
197			$_POST['icmptype'] = $pconfig['icmptype'];
198			}
199
200	87f0be87	Chris Buechler	if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
201	11d2c529	Rafael Lucas	$input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP.");
202	28f9e493	Scott Ullrich
203	a391d0ab	Ermal	if ($_POST['type'] == "match" && $_POST['defaultqueue'] == "none")
204			$input_errors[] = gettext("Queue type rules only work with queues.");
205
206	99bdb17e	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "")) {
207			foreach($config['gateways']['gateway_group'] as $gw_group) {
208			if($gw_group['name'] == $_POST['gateway']) {
209			$af = explode("\|", $gw_group['item'][0]);
210			$ip = lookup_gateway_ip_by_name($af[0]);
211			if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6($ip))) {
212			$input_errors[] = gettext("You can not assign a IPv4 gateway group on IPv6 Address Family rule");
213			}
214			if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4($ip))) {
215			$input_errors[] = gettext("You can not assign a IPv6 gateway group on IPv4 Address Family rule");
216			}
217			}
218			}
219			}
220	9dfd60db	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "") && (is_ipaddr(lookup_gateway_ip_by_name($_POST['gateway'])))) {
221	99bdb17e	Seth Mos	if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) {
222			$input_errors[] = gettext("You can not assign the IPv4 Gateway to a IPv6 Filter rule");
223			}
224			if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) {
225			$input_errors[] = gettext("You can not assign the IPv6 Gateway to a IPv4 Filter rule");
226			}
227			}
228
229
230	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
231			$_POST['srcbeginport'] = 0;
232			$_POST['srcendport'] = 0;
233			$_POST['dstbeginport'] = 0;
234			$_POST['dstendport'] = 0;
235			} else {
236	5ba18897	Scott Ullrich
237	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
238			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
239			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
240			$_POST['srcendport'] = $_POST['srcendport_cust'];
241	5ba18897	Scott Ullrich
242	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
243			$_POST['srcbeginport'] = 0;
244			$_POST['srcendport'] = 0;
245	5ba18897	Scott Ullrich	} else {
246	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
247			$_POST['srcendport'] = $_POST['srcbeginport'];
248			}
249			if ($_POST['srcendport'] == "any")
250			$_POST['srcendport'] = $_POST['srcbeginport'];
251	5ba18897	Scott Ullrich
252	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
253			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
254			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
255			$_POST['dstendport'] = $_POST['dstendport_cust'];
256	5ba18897	Scott Ullrich
257	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
258			$_POST['dstbeginport'] = 0;
259			$_POST['dstendport'] = 0;
260	5ba18897	Scott Ullrich	} else {
261	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
262			$_POST['dstendport'] = $_POST['dstbeginport'];
263			}
264			if ($_POST['dstendport'] == "any")
265	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
266	5b237745	Scott Ullrich	}
267	5ba18897	Scott Ullrich
268	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
269			$_POST['src'] = $_POST['srctype'];
270			$_POST['srcmask'] = 0;
271			} else if ($_POST['srctype'] == "single") {
272			$_POST['srcmask'] = 32;
273			}
274			if (is_specialnet($_POST['dsttype'])) {
275			$_POST['dst'] = $_POST['dsttype'];
276			$_POST['dstmask'] = 0;
277			} else if ($_POST['dsttype'] == "single") {
278			$_POST['dstmask'] = 32;
279			}
280	5ba18897	Scott Ullrich
281	5b237745	Scott Ullrich	$pconfig = $_POST;
282
283			/* input validation */
284	1122a892	Erik Fonnesbeck	$reqdfields = explode(" ", "type proto");
285			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
286	48a27d4f	Erik Fonnesbeck	$reqdfields[] = "src";
287			$reqdfields[] = "dst";
288	1122a892	Erik Fonnesbeck	}
289			$reqdfieldsn = explode(",", "Type,Protocol");
290			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
291			$reqdfieldsn[] = "Source";
292	473d0ff0	pierrepomes	$reqdfieldsn[] = "Destination";
293	1122a892	Erik Fonnesbeck	}
294	5b237745	Scott Ullrich
295	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
296	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
297	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid with protocol tcp."),$_POST['statetype']);
298	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
299	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
300	452ade89	Bill Marquette	}
301	10f7933f	Chris Buechler
302	1122a892	Erik Fonnesbeck	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
303			(!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) ) {
304	5b237745	Scott Ullrich	$reqdfields[] = "srcmask";
305			$reqdfieldsn[] = "Source bit count";
306			}
307	9b16b834	Ermal Lu?i	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
308	473d0ff0	pierrepomes	(!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) ) {
309	5b237745	Scott Ullrich	$reqdfields[] = "dstmask";
310	11d2c529	Rafael Lucas	$reqdfieldsn[] = gettext("Destination bit count");
311	5b237745	Scott Ullrich	}
312	5ba18897	Scott Ullrich
313	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
314	5ba18897	Scott Ullrich
315	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
316			$_POST['srcbeginport'] = 0;
317			$_POST['srcendport'] = 0;
318			}
319			if (!$_POST['dstbeginport']) {
320			$_POST['dstbeginport'] = 0;
321			$_POST['dstendport'] = 0;
322			}
323	5ba18897	Scott Ullrich
324	9b45f821	Ermal Lu?i	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
325	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
326	9b45f821	Ermal Lu?i	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
327	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
328	9b45f821	Ermal Lu?i	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
329	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
330	9b45f821	Ermal Lu?i	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
331	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
332	5909b520	Evgeny Yurchenko	if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust'])
333			if (is_alias($_POST['srcendport_cust']))
334			$input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field';
335			if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
336			if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust'])
337			$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields';
338			if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) \|\|
339			((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
340			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field';
341			}
342			if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust'])
343			if (is_alias($_POST['dstendport_cust']))
344			$input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field';
345			if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
346			if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust'])
347			$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields';
348			if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) \|\|
349			((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
350			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field';
351			}
352	5ba18897	Scott Ullrich
353	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
354			if($_POST['srctype'] == "network") {
355			if(is_alias($_POST['src']))
356	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
357	0e5ddcd9	Scott Ullrich	}
358			if($_POST['dsttype'] == "network") {
359			if(is_alias($_POST['dst']))
360	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
361	0e5ddcd9	Scott Ullrich	}
362
363	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
364	1e578a7f	Ermal Lu?i	if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
365	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."),$_POST['src']);
366	5b237745	Scott Ullrich	}
367			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
368	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid source bit count must be specified.");
369	5b237745	Scott Ullrich	}
370			}
371			if (!is_specialnet($_POST['dsttype'])) {
372	1e578a7f	Ermal Lu?i	if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
373	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."),$_POST['dst']);
374	5b237745	Scott Ullrich	}
375			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
376	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid destination bit count must be specified.");
377	5b237745	Scott Ullrich	}
378			}
379	8c591d01	Seth Mos	if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) {
380	270a2576	Seth Mos	if(!validate_address_family($_POST['src'], $_POST['dst']))
381			$input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']);
382	4108dee8	Seth Mos	if((is_ipaddrv6($_POST['src']) \|\| is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet"))
383			$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
384			if((is_ipaddrv4($_POST['src']) \|\| is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6"))
385			$input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
386	270a2576	Seth Mos	}
387	5ba18897	Scott Ullrich
388	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
389			/* swap */
390			$tmp = $_POST['srcendport'];
391			$_POST['srcendport'] = $_POST['srcbeginport'];
392			$_POST['srcbeginport'] = $tmp;
393			}
394			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
395			/* swap */
396			$tmp = $_POST['dstendport'];
397			$_POST['dstendport'] = $_POST['dstbeginport'];
398			$_POST['dstbeginport'] = $tmp;
399			}
400	e33c8694	Bill Marquette	if ($_POST['os'])
401			if( $_POST['proto'] != "tcp" )
402	11d2c529	Rafael Lucas	$input_errors[] = gettext("OS detection is only valid with protocol tcp.");
403	5b237745	Scott Ullrich
404	197bfe96	Ermal Luçi	if ($_POST['ackqueue'] && $_POST['ackqueue'] != "none") {
405			if ($_POST['defaultqueue'] == "none" )
406	11d2c529	Rafael Lucas	$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
407	197bfe96	Ermal Luçi	else if ($_POST['ackqueue'] == $_POST['defaultqueue'])
408	11d2c529	Rafael Lucas	$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
409	197bfe96	Ermal Luçi	}
410	6735d092	Ermal	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
411	02d7e4a4	Ermal	$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
412	622bd5e7	Ermal	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
413	37d202a3	Ermal	$input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction.");
414	a5fd67e1	Ermal Luçi	if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") {
415			if ($_POST['dnpipe'] == "none" )
416	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
417	a5fd67e1	Ermal Luçi	else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
418	11d2c529	Rafael Lucas	$input_errors[] = gettext("In and Out Queue cannot be the same.");
419	a5fd67e1	Ermal Luçi	else if ($pdnpipe[0] == "?" && $dnpipe[0] <> "?")
420	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
421			else if ($dnpipe[0] == "?" && $pdnpipe[0] <> "?")
422			$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
423	a5fd67e1	Ermal Luçi	}
424	b9e28d57	unknown	if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
425	11d2c529	Rafael Lucas	$input_errors[] = gettext('ID must be an integer');
426	7e50413c	Ermal Luçi	if($_POST['l7container'] && $_POST['l7container'] != "none") {
427			if(!($_POST['proto'] == "tcp" \|\| $_POST['proto'] == "udp" \|\| $_POST['proto'] == "tcp/udp"))
428	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols");
429	3b184ca5	Ermal Lu?i	if ($_POST['type'] <> "pass")
430	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
431	7e50413c	Ermal Luçi	}
432	197bfe96	Ermal Luçi
433	b8ed2a11	Ermal	if (!$_POST['tcpflags_any']) {
434			$settcpflags = array();
435			$outoftcpflags = array();
436			foreach ($tcpflags as $tcpflag) {
437			if ($_POST['tcpflags1_' . $tcpflag] == "on")
438			$settcpflags[] = $tcpflag;
439			if ($_POST['tcpflags2_' . $tcpflag] == "on")
440			$outoftcpflags[] = $tcpflag;
441			}
442			if (empty($outoftcpflags) && !empty($settcpflags))
443	11d2c529	Rafael Lucas	$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
444	b8ed2a11	Ermal	}
445
446	d65962a7	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
447			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation");
448
449	5b237745	Scott Ullrich	if (!$input_errors) {
450			$filterent = array();
451	b9e28d57	unknown	$filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:'';
452	5b237745	Scott Ullrich	$filterent['type'] = $_POST['type'];
453	661aed33	Ermal Luçi	if (isset($_POST['interface'] ))
454			$filterent['interface'] = $_POST['interface'];
455
456	1306c7dd	Seth Mos	if (isset($_POST['ipprotocol'] ))
457			$filterent['ipprotocol'] = $_POST['ipprotocol'];
458
459	b8ed2a11	Ermal	if ($_POST['tcpflags_any']) {
460			$filterent['tcpflags_any'] = true;
461			} else {
462			$settcpflags = array();
463			$outoftcpflags = array();
464			foreach ($tcpflags as $tcpflag) {
465			if ($_POST['tcpflags1_' . $tcpflag] == "on")
466			$settcpflags[] = $tcpflag;
467			if ($_POST['tcpflags2_' . $tcpflag] == "on")
468			$outoftcpflags[] = $tcpflag;
469			}
470			if (!empty($outoftcpflags)) {
471			$filterent['tcpflags2'] = join(",", $outoftcpflags);
472			if (!empty($settcpflags))
473			$filterent['tcpflags1'] = join(",", $settcpflags);
474			}
475			}
476
477	fd9ba7c0	Ermal	if (isset($_POST['tag']))
478			$filterent['tag'] = $_POST['tag'];
479			if (isset($_POST['tagged']))
480			$filterent['tagged'] = $_POST['tagged'];
481	661aed33	Ermal Luçi	if ($if == "FloatingRules" \|\| isset($_POST['floating'])) {
482			$filterent['direction'] = $_POST['direction'];
483			if (isset($_POST['quick']) && $_POST['quick'] <> "")
484			$filterent['quick'] = $_POST['quick'];
485			$filterent['floating'] = "yes";
486			if (isset($_POST['interface']) && count($_POST['interface']) > 0) {
487	f1602cc4	sullrich	$filterent['interface'] = implode(",", $_POST['interface']);
488	661aed33	Ermal Luçi	}
489			}
490	d59874c1	Scott Ullrich
491	bdb7d6e7	Scott Ullrich	/* Advanced options */
492	775ccea3	Ermal Luci	if ($_POST['allowopts'] == "yes")
493			$filterent['allowopts'] = true;
494			else
495			unset($filterent['allowopts']);
496	19757916	Ermal Lu?i	if ($_POST['disablereplyto'] == "yes")
497			$filterent['disablereplyto'] = true;
498			else
499			unset($filterent['disablereplyto']);
500	a56b2fa0	pierrepomes	$filterent['max'] = $_POST['max'];
501	bdb7d6e7	Scott Ullrich	$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
502	26dd6a54	pierrepomes	$filterent['max-src-conn'] = $_POST['max-src-conn'];
503	bdb7d6e7	Scott Ullrich	$filterent['max-src-states'] = $_POST['max-src-states'];
504	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
505	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
506	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
507	10f21e70	Scott Ullrich
508			/* Nosync directive - do not xmlrpc sync this item */
509	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
510	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
511			else
512			unset($filterent['nosync']);
513
514	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
515			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
516			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
517			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
518			} else {
519			unset($filterent['max-src-conn-rate']);
520			unset($filterent['max-src-conn-rates']);
521			}
522	5ba18897	Scott Ullrich
523	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
524			$filterent['protocol'] = $_POST['proto'];
525			else
526			unset($filterent['protocol']);
527	5ba18897	Scott Ullrich
528	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
529			$filterent['icmptype'] = $_POST['icmptype'];
530			else
531			unset($filterent['icmptype']);
532	5ba18897	Scott Ullrich
533	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
534			$_POST['srcmask'], $_POST['srcnot'],
535			$_POST['srcbeginport'], $_POST['srcendport']);
536	5ba18897	Scott Ullrich
537	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
538			$_POST['dstmask'], $_POST['dstnot'],
539			$_POST['dstbeginport'], $_POST['dstendport']);
540	5ba18897	Scott Ullrich
541	f1602cc4	sullrich	if ($_POST['disabled'])
542			$filterent['disabled'] = true;
543			else
544			unset($filterent['disabled']);
545
546	c5fc1b2e	Ermal Luçi	if ($_POST['dscp'])
547			$filterent['dscp'] = $_POST['dscp'];
548
549	f1602cc4	sullrich	if ($_POST['log'])
550			$filterent['log'] = true;
551			else
552			unset($filterent['log']);
553	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
554	5ba18897	Scott Ullrich
555	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
556			$filterent['gateway'] = $_POST['gateway'];
557			}
558	197bfe96	Ermal Luçi
559			if (isset($_POST['defaultqueue']) && $_POST['defaultqueue'] != "none") {
560			$filterent['defaultqueue'] = $_POST['defaultqueue'];
561			if (isset($_POST['ackqueue']) && $_POST['ackqueue'] != "none")
562			$filterent['ackqueue'] = $_POST['ackqueue'];
563			}
564	c98ddde2	Bill Marquette
565	a5fd67e1	Ermal Luçi	if (isset($_POST['dnpipe']) && $_POST['dnpipe'] != "none") {
566			$filterent['dnpipe'] = $_POST['dnpipe'];
567			if (isset($_POST['pdnpipe']) && $_POST['pdnpipe'] != "none")
568			$filterent['pdnpipe'] = $_POST['pdnpipe'];
569			}
570
571	7e50413c	Ermal Luçi	if (isset($_POST['l7container']) && $_POST['l7container'] != "none") {
572			$filterent['l7container'] = $_POST['l7container'];
573			}
574
575	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
576			$filterent['sched'] = $_POST['sched'];
577			}
578
579	1122a892	Erik Fonnesbeck	// If we have an associated nat rule, make sure the source and destination doesn't change
580	9b16b834	Ermal Lu?i	if( isset($a_filter[$id]['associated-rule-id']) ) {
581	0bfd0f79	Erik Fonnesbeck	$filterent['interface'] = $a_filter[$id]['interface'];
582	48a27d4f	Erik Fonnesbeck	if (isset($a_filter[$id]['protocol']))
583			$filterent['protocol'] = $a_filter[$id]['protocol'];
584			else if (isset($filterent['protocol']))
585			unset($filterent['protocol']);
586			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype'])
587			$filterent['icmptype'] = $a_filter[$id]['icmptype'];
588			else if (isset($filterent['icmptype']))
589			unset($filterent['icmptype']);
590	1306c7dd	Seth Mos
591	1122a892	Erik Fonnesbeck	$filterent['source'] = $a_filter[$id]['source'];
592	473d0ff0	pierrepomes	$filterent['destination'] = $a_filter[$id]['destination'];
593	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
594	473d0ff0	pierrepomes	}
595
596	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
597			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
598
599	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
600			$a_filter[$id] = $filterent;
601			else {
602			if (is_numeric($after))
603			array_splice($a_filter, $after+1, 0, array($filterent));
604			else
605			$a_filter[] = $filterent;
606			}
607	f4e2a352	Scott Ullrich
608	ea57ccb8	Erik Fonnesbeck	filter_rules_sort();
609	d65962a7	Scott Ullrich
610	5b237745	Scott Ullrich	write_config();
611	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
612	5ba18897	Scott Ullrich
613	661aed33	Ermal Luçi	if (isset($_POST['floating']))
614			header("Location: firewall_rules.php?if=FloatingRules");
615			else
616			header("Location: firewall_rules.php?if=" . $_POST['interface']);
617	5b237745	Scott Ullrich	exit;
618			}
619	c60824d2	Scott Ullrich	}
620
621	37c53a0d	Ermal Lu?i	read_altq_config(); /* XXX: */
622			$qlist =& get_unique_queue_list();
623			read_dummynet_config(); /* XXX: */
624			$dnqlist =& get_unique_dnqueue_list();
625			read_layer7_config();
626			$l7clist =& get_l7_unique_list();
627
628	11d2c529	Rafael Lucas	$pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit"));
629	3cceb5d5	jim-p	$statusurl = "status_filter_reload.php";
630			$logurl = "diag_logs_filter.php";
631
632	a1357fe0	Bill Marquette	$closehead = false;
633	8ab3e9ed	Erik Kristensen
634			$page_filename = "firewall_rules_edit.php";
635	da7ae7ef	Bill Marquette	include("head.inc");
636	c60824d2	Scott Ullrich
637	5b237745	Scott Ullrich	?>
638	4bb99603	Scott Ullrich	<link rel="stylesheet" href="/javascript/chosen/chosen.css" />
639	5b237745	Scott Ullrich	</head>
640
641			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
642	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
643	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
644	48fc39a3	Scott Ullrich	<?php pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_input_errors"); ?>
645	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
646	8ab3e9ed	Erik Kristensen
647			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
648	6eac9b90	Scott Ullrich	<input type='hidden' name="ruleid" value="<?=(isset($pconfig['ruleid'])&&$pconfig['ruleid']>0)?htmlspecialchars($pconfig['ruleid']):''?>">
649
650	8ab3e9ed	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
651	e091cb45	Scott Ullrich	<tr>
652	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td>
653	e091cb45	Scott Ullrich	</tr>
654	b4b7bda6	Scott Ullrich	<?php
655			// Allow extending of the firewall edit page and include custom input validation
656			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
657			?>
658	8ab3e9ed	Erik Kristensen	<tr>
659	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
660	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
661	b5c78501	Seth Mos	<select name="type" class="formselect">
662	e5e5ba51	Vinicius Coque	<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
663	8ab3e9ed	Erik Kristensen	<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
664			<?=htmlspecialchars($type);?>
665			</option>
666			<?php endforeach; ?>
667	a391d0ab	Ermal	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
668			<option value="match" <?php if ("match" == strtolower($pconfig['type'])) echo "selected"; ?>>Queue</option>
669			<?php endif; ?>
670	8c84fe43	Scott Ullrich	</select>
671	8ab3e9ed	Erik Kristensen	<br/>
672			<span class="vexpl">
673	11d2c529	Rafael Lucas	<?=gettext("Choose what to do with packets that match the criteria specified below.");?> <br/>
674			<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
675	8ab3e9ed	Erik Kristensen	</span>
676			</td>
677			</tr>
678			<tr>
679	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
680	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
681			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
682	11d2c529	Rafael Lucas	<strong><?=gettext("Disable this rule");?></strong><br />
683			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list.");?></span>
684	8ab3e9ed	Erik Kristensen	</td>
685			</tr>
686	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
687			<tr>
688	f1602cc4	sullrich	<td width="22%" valign="top" class="vncellreq">
689			<?=gettext("Quick");?>
690			</td>
691			<td width="78%" class="vtable">
692			<input name="quick" type="checkbox" id="quick" value="yes" <?php if ($pconfig['quick']) echo "checked=\"checked\""; ?> />
693			<strong><?=gettext("Apply the action immediately on match.");?></strong><br />
694			<span class="vexpl"><?=gettext("Set this option if you need to apply this action to traffic that matches this rule immediately.");?></span>
695			</td>
696			</tr>
697	e73b001e	Renato Botelho	<?php endif; ?>
698	48a27d4f	Erik Fonnesbeck	<?php $edit_disabled = ""; ?>
699			<?php if( isset($pconfig['associated-rule-id']) ): ?>
700			<tr>
701			<td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td>
702			<td width="78%" class="vtable">
703	e4b9d53b	Warren Baker	<span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("This is associated to a NAT rule.");?><br />
704	48a27d4f	Erik Fonnesbeck	<?=gettext("You cannot edit the interface, protocol, source, or destination of associated filter rules.");?><br />
705			<br />
706			<?php
707			$edit_disabled = "disabled";
708			if (is_array($config['nat']['rule'])) {
709			foreach( $config['nat']['rule'] as $index => $nat_rule ) {
710			if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
711			echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br>";
712			break;
713			}
714			}
715			}
716			echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' >";
717			if (!empty($pconfig['interface']))
718			echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' >";
719			?>
720			<script type="text/javascript">
721			editenabled = 0;
722			</script>
723			</td>
724			</tr>
725	ee9933b6	Renato Botelho	<?php endif; ?>
726	8ab3e9ed	Erik Kristensen	<tr>
727	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
728	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
729	48a27d4f	Erik Fonnesbeck	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
730	4bb99603	Scott Ullrich	<select name="interface[]" title="Select interfaces..." multiple style="width:350px;" class="chzn-select" tabindex="2" <?=$edit_disabled;?>>
731	ee9933b6	Renato Botelho	<?php else: ?>
732	48a27d4f	Erik Fonnesbeck	<select name="interface" class="formselect" <?=$edit_disabled;?>>
733	8ab3e9ed	Erik Kristensen	<?php
734	661aed33	Ermal Luçi	endif;
735	a7782099	Ermal Lu?i	/* add group interfaces */
736	f1602cc4	sullrich	if (is_array($config['ifgroups']['ifgroupentry']))
737	a7782099	Ermal Lu?i	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
738			if (have_ruleint_access($ifgen['ifname']))
739			$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
740	b7391125	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
741	0040bcfa	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
742			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
743	5335811d	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
744	0040bcfa	Scott Ullrich	if(have_ruleint_access($ifent))
745	f1602cc4	sullrich	$interfaces[$ifent] = $ifdesc;
746	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
747	f1602cc4	sullrich	if(have_ruleint_access("l2tp"))
748			$interfaces['l2tp'] = "L2TP VPN";
749	b6742927	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
750			if(have_ruleint_access("pptp"))
751			$interfaces['pptp'] = "PPTP VPN";
752
753	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
754			$interfaces['pppoe'] = "PPPoE VPN";
755	b6742927	Scott Ullrich	/* add ipsec interfaces */
756	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
757	b6742927	Scott Ullrich	if(have_ruleint_access("enc0"))
758	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
759	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
760	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
761	d030c9de	Erik Fonnesbeck	$interfaces["openvpn"] = "OpenVPN";
762			$selected_interfaces = explode(",", $pconfig['interface']);
763	8ab3e9ed	Erik Kristensen	foreach ($interfaces as $iface => $ifacename): ?>
764	74aff49c	Renato Botelho	<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 \|\| in_array($iface, $selected_interfaces) )) echo "selected"; ?>><?=$ifacename?></option>
765	8ab3e9ed	Erik Kristensen	<?php endforeach; ?>
766	8c84fe43	Scott Ullrich	</select>
767	8ab3e9ed	Erik Kristensen	<br />
768	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose on which interface packets must come in to match this rule.");?></span>
769	8ab3e9ed	Erik Kristensen	</td>
770			</tr>
771	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
772	f1602cc4	sullrich	<tr>
773			<td width="22%" valign="top" class="vncellreq">
774			<?=gettext("Direction");?>
775			</td>
776			<td width="78%" class="vtable">
777			<select name="direction" class="formselect">
778	e5e5ba51	Vinicius Coque	<?php $directions = array('any','in','out');
779	f1602cc4	sullrich	foreach ($directions as $direction): ?>
780			<option value="<?=$direction;?>"
781			<?php if ($direction == $pconfig['direction']): ?>
782			selected="selected"
783			<?php endif; ?>
784			><?=$direction;?></option>
785			<?php endforeach; ?>
786			</select>
787			<input type="hidden" id="floating" name="floating" value="floating">
788			</td>
789			<tr>
790	661aed33	Ermal Luçi	<?php endif; ?>
791	1306c7dd	Seth Mos	<tr>
792			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
793			<td width="78%" class="vtable">
794			<select name="ipprotocol" class="formselect">
795			<?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6');
796			foreach ($ipproto as $proto => $name): ?>
797			<option value="<?=$proto;?>"
798			<?php if ($proto == $pconfig['ipprotocol']): ?>
799			selected="selected"
800			<?php endif; ?>
801			><?=$name;?></option>
802			<?php endforeach; ?>
803			</select>
804			<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br />
805			</td>
806			</tr>
807	8ab3e9ed	Erik Kristensen	<tr>
808	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
809	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
810	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()">
811	8ab3e9ed	Erik Kristensen	<?php
812	c6c26178	jim-p	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP OSPF any carp pfsync");
813	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
814			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
815			<?php endforeach; ?>
816			</select>
817			<br />
818	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose which IP protocol this rule should match.");?> <br /> <?=gettext("Hint: in most cases, you should specify ");?><em>TCP</em>  <?=gettext("here.");?></span>
819	8ab3e9ed	Erik Kristensen	</td>
820			</tr>
821	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
822	11d2c529	Rafael Lucas	<td valign="top" class="vncell"><?=gettext("ICMP type");?></td>
823	8ab3e9ed	Erik Kristensen	<td class="vtable">
824	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="icmptype" class="formselect">
825	8ab3e9ed	Erik Kristensen	<?php
826			$icmptypes = array(
827	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
828	a01ce4c7	jim-p	"echoreq" => gettext("Echo request"),
829	abd67a31	Carlos Eduardo Ramos	"echorep" => gettext("Echo reply"),
830			"unreach" => gettext("Destination unreachable"),
831			"squench" => gettext("Source quench"),
832			"redir" => gettext("Redirect"),
833			"althost" => gettext("Alternate Host"),
834			"routeradv" => gettext("Router advertisement"),
835			"routersol" => gettext("Router solicitation"),
836			"timex" => gettext("Time exceeded"),
837			"paramprob" => gettext("Invalid IP header"),
838			"timereq" => gettext("Timestamp"),
839			"timerep" => gettext("Timestamp reply"),
840			"inforeq" => gettext("Information request"),
841			"inforep" => gettext("Information reply"),
842			"maskreq" => gettext("Address mask request"),
843			"maskrep" => gettext("Address mask reply")
844	8ab3e9ed	Erik Kristensen	);
845
846			foreach ($icmptypes as $icmptype => $descr): ?>
847			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
848			<?php endforeach; ?>
849			</select>
850			<br />
851	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span>
852	8ab3e9ed	Erik Kristensen	</td>
853			</tr>
854			<tr>
855	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source");?></td>
856	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
857	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
858	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
859	8ab3e9ed	Erik Kristensen	<br />
860	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
861	8ab3e9ed	Erik Kristensen	<br />
862			<br />
863			<table border="0" cellspacing="0" cellpadding="0">
864			<tr>
865	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
866	8ab3e9ed	Erik Kristensen	<td>
867	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srctype" class="formselect" onChange="typesel_change()">
868	87f0be87	Chris Buechler	<?php
869			$sel = is_specialnet($pconfig['src']); ?>
870	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
871			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
872			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
873	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
874	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
875	99ea4439	Scott Ullrich	<?php endif; ?>
876			<?php if(have_ruleint_access("pppoe")): ?>
877	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
878	99ea4439	Scott Ullrich	<?php endif; ?>
879	8a6bc505	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
880	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
881	8a6bc505	Ermal Lu?i	<?php endif; ?>
882	8ab3e9ed	Erik Kristensen	<?php
883	5335811d	Ermal Luçi	foreach ($ifdisp as $ifent => $ifdesc): ?>
884			<?php if(have_ruleint_access($ifent)): ?>
885	11d2c529	Rafael Lucas	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?><?=gettext(" subnet");?></option>
886	5335811d	Ermal Luçi	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
887	11d2c529	Rafael Lucas	<?=$ifdesc?> <?=gettext("address");?>
888	e30a5970	Scott Ullrich	</option>
889	99ea4439	Scott Ullrich	<?php endif; ?>
890	b7391125	Ermal Luçi	<?php endforeach; ?>
891	8ab3e9ed	Erik Kristensen	</select>
892			</td>
893			</tr>
894			<tr>
895	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
896	8ab3e9ed	Erik Kristensen	<td>
897	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
898			<select <?=$edit_disabled;?> name="srcmask" class="formselect" id="srcmask">
899	15705bc0	Seth Mos	<?php for ($i = 127; $i > 0; $i--): ?>
900	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
901			<?php endfor; ?>
902			</select>
903	bdb7d6e7	Scott Ullrich	</td>
904	8ab3e9ed	Erik Kristensen	</tr>
905			</table>
906	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
907			<p>
908	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> type="button" onClick="show_source_port_range()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source port range");?></a>
909	22abf2ef	Scott Ullrich	</div>
910	8ab3e9ed	Erik Kristensen	</td>
911	e33c8694	Bill Marquette	</tr>
912	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
913	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range");?></td>
914	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
915			<table border="0" cellspacing="0" cellpadding="0">
916			<tr>
917	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
918	8ab3e9ed	Erik Kristensen	<td>
919	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
920	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
921	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
922	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
923			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
924			<?php endforeach; ?>
925	8c84fe43	Scott Ullrich	</select>
926	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
927	8ab3e9ed	Erik Kristensen	</td>
928			</tr>
929			<tr>
930	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
931	8ab3e9ed	Erik Kristensen	<td>
932	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcendport" class="formselect" onchange="ext_change()">
933	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
934	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
935	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
936			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
937			<?php endforeach; ?>
938	8c84fe43	Scott Ullrich	</select>
939	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
940	8ab3e9ed	Erik Kristensen	</td>
941			</tr>
942			</table>
943			<br />
944	87000ded	Erik Fonnesbeck	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule."); ?> <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be"); ?> "<?=gettext("any"); ?>").</b><br /><?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port.");?></span><br/>
945	8ab3e9ed	Erik Kristensen	</td>
946	8c84fe43	Scott Ullrich	</tr>
947	8ab3e9ed	Erik Kristensen	<tr>
948	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination");?></td>
949	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
950	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
951	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
952	8ab3e9ed	Erik Kristensen	<br />
953	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
954	8ab3e9ed	Erik Kristensen	<br />
955			<br />
956			<table border="0" cellspacing="0" cellpadding="0">
957			<tr>
958	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
959	8ab3e9ed	Erik Kristensen	<td>
960	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dsttype" class="formselect" onChange="typesel_change()">
961	87f0be87	Chris Buechler	<?php
962			$sel = is_specialnet($pconfig['dst']); ?>
963	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
964			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
965			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
966	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
967	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
968	99ea4439	Scott Ullrich	<?php endif; ?>
969			<?php if(have_ruleint_access("pppoe")): ?>
970	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
971	99ea4439	Scott Ullrich	<?php endif; ?>
972	3331a640	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
973	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
974	3331a640	Ermal Lu?i	<?php endif; ?>
975	b7391125	Ermal Luçi
976			<?php foreach ($ifdisp as $if => $ifdesc): ?>
977			<?php if(have_ruleint_access($if)): ?>
978	11d2c529	Rafael Lucas	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet");?></option>
979	b7391125	Ermal Luçi	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
980	11d2c529	Rafael Lucas	<?=$ifdesc;?> <?=gettext("address");?>
981	cbff71a1	Scott Ullrich	</option>
982	99ea4439	Scott Ullrich	<?php endif; ?>
983	b7391125	Ermal Luçi	<?php endforeach; ?>
984	8ab3e9ed	Erik Kristensen	</select>
985			</td>
986			</tr>
987			<tr>
988	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
989	8ab3e9ed	Erik Kristensen	<td>
990	43f2eca7	Erik Fonnesbeck	<input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
991	8ab3e9ed	Erik Kristensen	/
992	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstmask" class="formselect" id="dstmask">
993	8ab3e9ed	Erik Kristensen	<?php
994	15705bc0	Seth Mos	for ($i = 127; $i > 0;
995			$i--): ?>
996	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
997			<?php endfor; ?>
998			</select>
999			</td>
1000			</tr>
1001			</table>
1002			</td>
1003			</tr>
1004	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
1005	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range ");?></td>
1006	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1007			<table border="0" cellspacing="0" cellpadding="0">
1008			<tr>
1009	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
1010	8ab3e9ed	Erik Kristensen	<td>
1011	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
1012	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1013	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1014	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1015			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
1016	3deb92f7	Renato Botelho	<?php endforeach; ?>
1017	8ab3e9ed	Erik Kristensen	</select>
1018	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
1019	8ab3e9ed	Erik Kristensen	</td>
1020			</tr>
1021			<tr>
1022	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
1023	8ab3e9ed	Erik Kristensen	<td>
1024	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstendport" class="formselect" onchange="ext_change()">
1025	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1026	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1027	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1028			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
1029			<?php endforeach; ?>
1030	8c84fe43	Scott Ullrich	</select>
1031	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
1032	8ab3e9ed	Erik Kristensen	</td>
1033			</tr>
1034			</table>
1035			<br />
1036			<span class="vexpl">
1037	11d2c529	Rafael Lucas	<?=gettext("Specify the port or port range for the destination of the packet for this rule.");?>
1038	adb633a0	sullrich	<br />
1039	345b9715	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port");?>
1040	8ab3e9ed	Erik Kristensen	</span>
1041			</td>
1042			</tr>
1043			<tr>
1044	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Log");?></td>
1045	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1046			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
1047	11d2c529	Rafael Lucas	<strong><?=gettext("Log packets that are handled by this rule");?></strong>
1048	adb633a0	sullrich	<br />
1049	0fb885bc	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server"); ?> (<?=gettext("see the"); ?> <a href="diag_logs_settings.php"><?=gettext("Diagnostics: System logs: Settings"); ?></a> <?=gettext("page"); ?>).</span>
1050	8ab3e9ed	Erik Kristensen	</td>
1051			</tr>
1052	151eb2a9	sullrich	<tr>
1053	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
1054	151eb2a9	sullrich	<td width="78%" class="vtable">
1055			<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
1056			<br />
1057	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
1058	151eb2a9	sullrich	</td>
1059			</tr>
1060	8e0c3760	Ermal	<?php if (!isset($id) \|\| !($a_filter[$id] && firewall_check_for_advanced_options($a_filter[$id]) <> "")): ?>
1061	151eb2a9	sullrich	<tr>
1062			<td width="22%" valign="top"> </td>
1063			<td width="78%">
1064			<br>
1065	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1066	151eb2a9	sullrich	<?php if (isset($id) && $a_filter[$id]): ?>
1067	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1068	151eb2a9	sullrich	<?php endif; ?>
1069	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1070	151eb2a9	sullrich	</td>
1071			</tr>
1072	8e0c3760	Ermal	<?php endif; ?>
1073	151eb2a9	sullrich	<tr>
1074			<td> </td>
1075			</tr>
1076			<tr>
1077	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced features");?></td>
1078	151eb2a9	sullrich	</tr>
1079	f1602cc4	sullrich	<tr>
1080	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Source OS");?></td>
1081	e265d9f5	sullrich	<td width="78%" class="vtable">
1082	ee9933b6	Renato Botelho	<div id="showadvsourceosbox" <?php if ($pconfig['os']) echo "style='display:none'"; ?>>
1083	157a6919	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_sourceos()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1084	adb633a0	sullrich	</div>
1085	ee9933b6	Renato Botelho	<div id="showsourceosadv" <?php if (empty($pconfig['os'])) echo "style='display:none'"; ?>>
1086	21600ab1	Vinicius Coque	<?=gettext("OS Type:");?>
1087	adb633a0	sullrich	<select name="os" id="os" class="formselect">
1088	f1602cc4	sullrich	<?php
1089	adb633a0	sullrich	$ostypes = array(
1090	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
1091	adb633a0	sullrich	"AIX" => "AIX",
1092			"Linux" => "Linux",
1093			"FreeBSD" => "FreeBSD",
1094			"NetBSD" => "NetBSD",
1095			"OpenBSD" => "OpenBSD",
1096			"Solaris" => "Solaris",
1097			"MacOS" => "MacOS",
1098			"Windows" => "Windows",
1099			"Novell" => "Novell",
1100			"NMAP" => "NMAP"
1101			);
1102			foreach ($ostypes as $ostype => $descr): ?>
1103			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
1104			<?php
1105			endforeach;
1106			?>
1107			</select>
1108			<br />
1109	11d2c529	Rafael Lucas	<?=gettext("Note: this only works for TCP rules");?>
1110	adb633a0	sullrich	</div>
1111	f1602cc4	sullrich	</td>
1112			</tr>
1113	30c4ae8a	sullrich	<tr>
1114	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Diffserv Code Point");?></td>
1115	30c4ae8a	sullrich	<td width="78%" class="vtable">
1116	ee9933b6	Renato Botelho	<div id="dsadv" name="dsadv" <?php if ($pconfig['dscp']) echo "style='display:none'"; ?>>
1117	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_dsdiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1118	30c4ae8a	sullrich	</div>
1119	ee9933b6	Renato Botelho	<div id="dsdivmain" name="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>>
1120	30c4ae8a	sullrich	<select name="dscp" id="dscp">
1121			<option value=""></option>
1122			<?php foreach($firewall_rules_dscp_types as $frdt): ?>
1123			<option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " SELECTED"; ?>><?=$frdt?></option>
1124			<?php endforeach; ?>
1125			</select>
1126			</div>
1127			</td>
1128			</tr>
1129	661aed33	Ermal Luçi	<tr>
1130	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced Options");?></td>
1131	e6db3f58	Ermal Luçi	<td width="78%" class="vtable">
1132			<div id="aoadv" name="aoadv">
1133	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_aodiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1134	e6db3f58	Ermal Luçi	</div>
1135			<div id="aodivmain" name="aodivmain" style="display:none">
1136	f1602cc4	sullrich	<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
1137	a29dc11b	Chris Buechler	<br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
1138	f1602cc4	sullrich	</span><p>
1139	19757916	Ermal Lu?i	<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>>
1140			<br/><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?>
1141			</span><p>
1142	f1602cc4	sullrich	<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>">
1143	345b9715	Carlos Eduardo Ramos	<br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called"); ?> <b><?=gettext("Policy filtering"); ?></b>
1144	775ccea3	Ermal Luci	</span><p>
1145	f1602cc4	sullrich	<input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>">
1146			<br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?>
1147			</span> <p>
1148	dd5bf424	Scott Ullrich	<input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p>
1149			<input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p>
1150			<input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p>
1151			<input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>"><br><?=gettext(" Maximum state entries per host");?></p><p>
1152			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>"> /
1153	8ab3e9ed	Erik Kristensen	<select name="max-src-conn-rates" id="max-src-conn-rates">
1154			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
1155			<?php for($x=1; $x<255; $x++) {
1156			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
1157			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
1158			} ?>
1159	47042140	Scott Ullrich	</select><br />
1160	11d2c529	Rafael Lucas	<?=gettext("Maximum new connections / per second(s)");?>
1161	e4d79ab0	Ermal	</p><p>
1162	47042140	Scott Ullrich
1163	dd5bf424	Scott Ullrich	<input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>"><br>
1164	11d2c529	Rafael Lucas	<?=gettext("State Timeout in seconds");?>
1165	e4d79ab0	Ermal	</p>
1166	47042140	Scott Ullrich
1167	e4b9d53b	Warren Baker	<p><strong><?=gettext("Note: Leave fields blank to disable that feature.");?></strong></p>
1168	197b2a47	Scott Ullrich	</div>
1169	8ab3e9ed	Erik Kristensen	</td>
1170			</tr>
1171	b8ed2a11	Ermal	<tr id="tcpflags" name="tcpflags">
1172	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
1173	b8ed2a11	Ermal	<td width="78%" class="vtable">
1174	ee9933b6	Renato Botelho	<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] \|\| $pconfig['tcpflags1'] \|\| $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
1175	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1176	b8ed2a11	Ermal	</div>
1177	ee9933b6	Renato Botelho	<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
1178	b8ed2a11	Ermal	<div id="tcpheader" name="tcpheader">
1179			<center>
1180			<table border="0" cellspacing="0" cellpadding="0">
1181			<?php
1182			$setflags = explode(",", $pconfig['tcpflags1']);
1183			$outofflags = explode(",", $pconfig['tcpflags2']);
1184			$header = "<td width='40' nowrap></td>";
1185			$tcpflags1 = "<td width='40' nowrap>set</td>";
1186			$tcpflags2 = "<td width='40' nowrap>out of</td>";
1187			foreach ($tcpflags as $tcpflag) {
1188			$header .= "<td width='40' nowrap><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
1189			$tcpflags1 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
1190			if (array_search($tcpflag, $setflags) !== false)
1191			$tcpflags1 .= "checked";
1192			$tcpflags1 .= "></td>\n";
1193			$tcpflags2 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
1194			if (array_search($tcpflag, $outofflags) !== false)
1195			$tcpflags2 .= "checked";
1196			$tcpflags2 .= "></td>\n";
1197			}
1198			echo "<tr id='tcpheader' name='tcpheader'>{$header}</tr>\n";
1199			echo "<tr id='tcpflags1' name='tcpflags1'>{$tcpflags1}</tr>\n";
1200			echo "<tr id='tcpflags2' name='tcpflags2'>{$tcpflags2}</tr>\n";
1201			?>
1202			</table>
1203			<center>
1204			</div>
1205			<br/><center>
1206	11d2c529	Rafael Lucas	<input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center>
1207	b8ed2a11	Ermal	<br/>
1208	95938fae	jim-p	<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
1209	11d2c529	Rafael Lucas	"be set or cleared for this rule to match.");?></span>
1210	b8ed2a11	Ermal	</div>
1211			</td>
1212			</tr>
1213	8ab3e9ed	Erik Kristensen	<tr>
1214	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td>
1215	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1216	ee9933b6	Renato Botelho	<div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>>
1217	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_state()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1218	f6970b2f	Scott Ullrich	</div>
1219	ee9933b6	Renato Botelho	<div id="showstateadv" <?php if (empty($pconfig['statetype']) \|\| $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>>
1220	f6970b2f	Scott Ullrich	<select name="statetype">
1221	11d2c529	Rafael Lucas	<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>><?=gettext("keep state");?></option>
1222			<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected"; ?>><?=gettext("sloppy state");?></option>
1223			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>><?=gettext("synproxy state");?></option>
1224			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>><?=gettext("none");?></option>
1225	e4b9d53b	Warren Baker	</select><br><?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
1226	f6970b2f	Scott Ullrich	<p>
1227			<table width="90%">
1228	67300ce5	Ermal	<tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1229			<tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1230			<tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr>
1231			<tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr>
1232	f6970b2f	Scott Ullrich	</table>
1233			</p>
1234			</div>
1235	8ab3e9ed	Erik Kristensen	</td>
1236			</tr>
1237	10f21e70	Scott Ullrich	<tr>
1238	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
1239	10f21e70	Scott Ullrich	<td width="78%" class="vtable">
1240	ee9933b6	Renato Botelho	<div id="showadvnoxmlrpcsyncbox" <?php if ($pconfig['nosync']) echo "style='display:none'"; ?>>
1241	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1242	0239d8ee	sullrich	</div>
1243	ee9933b6	Renato Botelho	<div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>>
1244	0239d8ee	sullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
1245	e4b9d53b	Warren Baker	<?=gettext("Hint: This prevents the rule from automatically syncing to other CARP members.");?>
1246	0239d8ee	sullrich	</div>
1247	10f21e70	Scott Ullrich	</td>
1248	8c84fe43	Scott Ullrich	</tr>
1249	615b27bc	Scott Dale	<?php
1250			//build list of schedules
1251			$schedules = array();
1252			$schedules[] = "none";//leave none to leave rule enabled all the time
1253	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
1254			foreach ($config['schedules']['schedule'] as $schedule) {
1255			if ($schedule['name'] <> "")
1256			$schedules[] = $schedule['name'];
1257			}
1258			}
1259	615b27bc	Scott Dale	?>
1260			<tr>
1261	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Schedule");?></td>
1262	615b27bc	Scott Dale	<td width="78%" class="vtable">
1263	ee9933b6	Renato Botelho	<div id="showadvschedulebox" <?php if (!empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1264	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_schedule()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1265	0239d8ee	sullrich	</div>
1266	ee9933b6	Renato Botelho	<div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1267	0239d8ee	sullrich	<select name='sched'>
1268	615b27bc	Scott Dale	<?php
1269	0239d8ee	sullrich	foreach($schedules as $schedule) {
1270			if($schedule == $pconfig['sched']) {
1271			$selected = " SELECTED";
1272			} else {
1273			$selected = "";
1274			}
1275			if ($schedule == "none") {
1276			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
1277			} else {
1278			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
1279			}
1280	615b27bc	Scott Dale	}
1281	0239d8ee	sullrich	?>
1282			</select>
1283	11d2c529	Rafael Lucas	<p><?=gettext("Leave as 'none' to leave the rule enabled all the time.");?></p>
1284	0239d8ee	sullrich	</div>
1285	615b27bc	Scott Dale	</td>
1286			</tr>
1287	82628210	Scott Ullrich	<tr>
1288	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td>
1289	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1290	ee9933b6	Renato Botelho	<div id="showadvgatewaybox" <?php if (!empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1291	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_gateway()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1292	0239d8ee	sullrich	</div>
1293	ee9933b6	Renato Botelho	<div id="showgatewayadv" <?php if (empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1294	0239d8ee	sullrich	<select name='gateway'>
1295	11d2c529	Rafael Lucas	<option value="" ><?=gettext("default");?></option>
1296	8ab3e9ed	Erik Kristensen	<?php
1297	1b38ac36	Ermal	/* build a list of gateways */
1298			$gateways = return_gateways_array();
1299	106804a2	Chris Buechler	// add statically configured gateways to list
1300	1b38ac36	Ermal	foreach($gateways as $gwname => $gw) {
1301	270a2576	Seth Mos	if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6($gw['gateway']))
1302			continue;
1303			if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4($gw['gateway']))
1304			continue;
1305	0239d8ee	sullrich	if($gw == "")
1306	0581660c	Scott Ullrich	continue;
1307	1b38ac36	Ermal	if($gwname == $pconfig['gateway']) {
1308	4443d4d6	Scott Ullrich	$selected = " SELECTED";
1309	1fda0968	Scott Ullrich	} else {
1310			$selected = "";
1311			}
1312	1b38ac36	Ermal	echo "<option value=\"{$gwname}\" {$selected}>{$gw['name']} - {$gw['gateway']}</option>\n";
1313	106804a2	Chris Buechler	}
1314	0239d8ee	sullrich	/* add gateway groups to the list */
1315			if (is_array($config['gateways']['gateway_group'])) {
1316			foreach($config['gateways']['gateway_group'] as $gw_group) {
1317	a1c10b7f	Seth Mos	$af = explode("\|", $gw_group['item'][0]);
1318			if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6(lookup_gateway_ip_by_name($af[0])))
1319	270a2576	Seth Mos	continue;
1320	a1c10b7f	Seth Mos	if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4(lookup_gateway_ip_by_name($af[0])))
1321	270a2576	Seth Mos	continue;
1322	0239d8ee	sullrich	if($gw_group['name'] == "")
1323			continue;
1324			if($pconfig['gateway'] == $gw_group['name']) {
1325	270a2576	Seth Mos	$selected = " SELECTED";
1326	0239d8ee	sullrich	} else {
1327	270a2576	Seth Mos	$selected = "";
1328	0239d8ee	sullrich	}
1329	270a2576	Seth Mos	echo "<option value=\"{$gw_group['name']}\" $selected>{$gw_group['name']}</option>\n";
1330	0239d8ee	sullrich	}
1331			}
1332	8ab3e9ed	Erik Kristensen	?>
1333	0239d8ee	sullrich	</select>
1334	e85604b8	Chris Buechler	<p><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></p>
1335	0239d8ee	sullrich	</div>
1336	8ab3e9ed	Erik Kristensen	</td>
1337			</tr>
1338	a5fd67e1	Ermal Luçi	<tr>
1339	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("In/Out");?></td>
1340	a5fd67e1	Ermal Luçi	<td width="78%" class="vtable">
1341	ee9933b6	Renato Botelho	<div id="showadvinoutbox" <?php if (!empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1342	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_inout()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1343	4c263f57	sullrich	</div>
1344	ee9933b6	Renato Botelho	<div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1345	4c263f57	sullrich	<select name="dnpipe">
1346	a5fd67e1	Ermal Luçi	<?php
1347			if (!is_array($dnqlist))
1348			$dnqlist = array();
1349			echo "<option value=\"none\"";
1350			if (!$dnqselected) echo " SELECTED";
1351			echo " >none</option>";
1352			foreach ($dnqlist as $dnq => $dnqkey) {
1353			if($dnq == "")
1354			continue;
1355			echo "<option value=\"$dnqkey\"";
1356			if ($dnqkey == $pconfig['dnpipe']) {
1357			$dnqselected = 1;
1358			echo " SELECTED";
1359			}
1360			echo ">{$dnq}</option>";
1361			}
1362			?>
1363			</select> /
1364			<select name="pdnpipe">
1365			<?php
1366			$dnqselected = 0;
1367			echo "<option value=\"none\"";
1368			if (!$dnqselected) echo " SELECTED";
1369			echo " >none</option>";
1370			foreach ($dnqlist as $dnq => $dnqkey) {
1371			if($dnq == "")
1372			continue;
1373			echo "<option value=\"$dnqkey\"";
1374			if ($dnqkey == $pconfig['pdnpipe']) {
1375			$dnqselected = 1;
1376			echo " SELECTED";
1377			}
1378			echo ">{$dnq}</option>";
1379			}
1380			?>
1381	4c263f57	sullrich	</select>
1382	a5fd67e1	Ermal Luçi	<br />
1383	bb8f186e	Chris Buechler	<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br/>".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br/>".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span>
1384	4c263f57	sullrich	</div>
1385	a5fd67e1	Ermal Luçi	</td>
1386			</tr>
1387
1388	197bfe96	Ermal Luçi	<tr>
1389	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td>
1390	197bfe96	Ermal Luçi	<td width="78%" class="vtable">
1391	ee9933b6	Renato Botelho	<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1392	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1393	0239d8ee	sullrich	</div>
1394	ee9933b6	Renato Botelho	<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1395	0239d8ee	sullrich	<select name="ackqueue">
1396	197bfe96	Ermal Luçi	<?php
1397	0239d8ee	sullrich	if (!is_array($qlist))
1398			$qlist = array();
1399			echo "<option value=\"none\"";
1400			if (!$qselected) echo " SELECTED";
1401			echo " >none</option>";
1402			foreach ($qlist as $q => $qkey) {
1403			if($q == "")
1404			continue;
1405			echo "<option value=\"$q\"";
1406			if ($q == $pconfig['ackqueue']) {
1407			$qselected = 1;
1408			echo " SELECTED";
1409			}
1410	199791f9	Ermal	if (isset($ifdisp[$q]))
1411			echo ">{$ifdisp[$q]}</option>";
1412			else
1413			echo ">{$q}</option>";
1414	197bfe96	Ermal Luçi	}
1415			?>
1416	0239d8ee	sullrich	</select> /
1417			<select name="defaultqueue">
1418	197bfe96	Ermal Luçi	<?php
1419	0239d8ee	sullrich	$qselected = 0;
1420			echo "<option value=\"none\"";
1421			if (!$qselected) echo " SELECTED";
1422			echo " >none</option>";
1423			foreach ($qlist as $q => $qkey) {
1424			if($q == "")
1425			continue;
1426			echo "<option value=\"$q\"";
1427			if ($q == $pconfig['defaultqueue']) {
1428			$qselected = 1;
1429			echo " SELECTED";
1430			}
1431	199791f9	Ermal	if (isset($ifdisp[$q]))
1432			echo ">{$ifdisp[$q]}</option>";
1433			else
1434			echo ">{$q}</option>";
1435	197bfe96	Ermal Luçi	}
1436			?>
1437	0239d8ee	sullrich	</select>
1438			<br />
1439	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span>
1440	0239d8ee	sullrich	</td>
1441			</tr>
1442			<tr>
1443	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
1444	0239d8ee	sullrich	<td width="78%" class="vtable">
1445	ee9933b6	Renato Botelho	<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1446	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1447	4c263f57	sullrich	</div>
1448	ee9933b6	Renato Botelho	<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1449	0239d8ee	sullrich	<select name="l7container">
1450	7e50413c	Ermal Luçi	<?php
1451	0239d8ee	sullrich	if (!is_array($l7clist))
1452	06e2a55d	thompsa	$l7clist = array();
1453	0239d8ee	sullrich	echo "<option value=\"none\"";
1454			echo " >none</option>";
1455			foreach ($l7clist as $l7ckey) {
1456			echo "<option value=\"{$l7ckey}\"";
1457			if ($l7ckey == $pconfig['l7container']) {
1458			echo " SELECTED";
1459			}
1460			echo ">{$l7ckey}</option>";
1461			}
1462	7e50413c	Ermal Luçi	?>
1463	0239d8ee	sullrich	</select>
1464	7e50413c	Ermal Luçi	<br/>
1465	0239d8ee	sullrich	<span class="vexpl">
1466	4fe84f51	Carlos Eduardo Ramos	<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
1467			"These are valid for TCP and UDP protocols only.");?>
1468	0239d8ee	sullrich	</span>
1469			</div>
1470	7e50413c	Ermal Luçi	</td>
1471			</tr>
1472	d65962a7	Scott Ullrich	<?php
1473			// Allow extending of the firewall edit page and include custom input validation
1474			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate");
1475			?>
1476	8ab3e9ed	Erik Kristensen	<tr>
1477			<td width="22%" valign="top"> </td>
1478			<td width="78%">
1479	151eb2a9	sullrich	<br>
1480	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1481	8ab3e9ed	Erik Kristensen	<?php if (isset($id) && $a_filter[$id]): ?>
1482	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1483	8ab3e9ed	Erik Kristensen	<?php endif; ?>
1484	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1485	8ab3e9ed	Erik Kristensen	</td>
1486	82628210	Scott Ullrich	</tr>
1487	8ab3e9ed	Erik Kristensen	</table>
1488	5b237745	Scott Ullrich	</form>
1489			<script language="JavaScript">
1490			<!--
1491	8ab3e9ed	Erik Kristensen	ext_change();
1492			typesel_change();
1493			proto_change();
1494	3e74107e	Erik Fonnesbeck	<?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") \|\| (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?>
1495			show_source_port_range();
1496			<?php endif; ?>
1497	19757279	Scott Ullrich
1498			<?php
1499	8ab3e9ed	Erik Kristensen	$isfirst = 0;
1500			$aliases = "";
1501			$addrisfirst = 0;
1502			$aliasesaddr = "";
1503			if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
1504			foreach($config['aliases']['alias'] as $alias_name) {
1505	72cb5baf	Ermal Lu?i	switch ($alias_name['type']) {
1506			case "port":
1507			if($isfirst == 1) $portaliases .= ",";
1508			$portaliases .= "'" . $alias_name['name'] . "'";
1509	8ab3e9ed	Erik Kristensen	$isfirst = 1;
1510	72cb5baf	Ermal Lu?i	break;
1511			case "host":
1512			case "network":
1513			case "openvpn":
1514	c7de8be4	jim-p	case "urltable":
1515	8ab3e9ed	Erik Kristensen	if($addrisfirst == 1) $aliasesaddr .= ",";
1516			$aliasesaddr .= "'" . $alias_name['name'] . "'";
1517			$addrisfirst = 1;
1518	72cb5baf	Ermal Lu?i	break;
1519			default:
1520			break;
1521	8ab3e9ed	Erik Kristensen	}
1522	092ac49d	Scott Ullrich	}
1523	19757279	Scott Ullrich	?>
1524
1525	8ab3e9ed	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
1526	72cb5baf	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
1527	19757279	Scott Ullrich
1528	9eb60dcc	Ermal Lu?i	var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
1529			var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
1530			var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
1531			var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
1532			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
1533			var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
1534	5b237745	Scott Ullrich	//-->
1535			</script>
1536			<?php include("fend.inc"); ?>
1537			</body>
1538	9b45f821	Ermal Lu?i	</html>

Project

General

Profile

pfSense