/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ 67b0902f

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	9ae40f2b	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	9ae40f2b	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	9ae40f2b	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	7ac5a4cb	Scott Ullrich	/*
32			pfSense_MODULE: nat
33			*/
34	5b237745	Scott Ullrich
35	6b07c15a	Matthew Grooms	##\|+PRIV
36			##\|*IDENT=page-firewall-nat-portforward-edit
37			##\|*NAME=Firewall: NAT: Port Forward: Edit page
38			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
39			##\|MATCH=firewall_nat_edit.php
40			##\|-PRIV
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("itemid.inc");
44	1a03cf69	Scott Ullrich	require("filter.inc");
45			require("shaper.inc");
46	5b237745	Scott Ullrich
47			if (!is_array($config['nat']['rule'])) {
48			$config['nat']['rule'] = array();
49			}
50			$a_nat = &$config['nat']['rule'];
51
52			$id = $_GET['id'];
53			if (isset($_POST['id']))
54			$id = $_POST['id'];
55
56	4a991889	Bill Marquette	if (isset($_GET['dup'])) {
57			$id = $_GET['dup'];
58			$after = $_GET['dup'];
59			}
60
61	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
62			$pconfig['extaddr'] = $a_nat[$id]['external-address'];
63			$pconfig['proto'] = $a_nat[$id]['protocol'];
64			list($pconfig['beginport'],$pconfig['endport']) = explode("-", $a_nat[$id]['external-port']);
65	21f88b49	sullrich	if(!$pconfig['endport'])
66			$pconfig['endport'] = $pconfig['beginport'];
67	5b237745	Scott Ullrich	$pconfig['localip'] = $a_nat[$id]['target'];
68			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
69			$pconfig['descr'] = $a_nat[$id]['descr'];
70			$pconfig['interface'] = $a_nat[$id]['interface'];
71	b9e28d57	unknown	$pconfig['associated-filter-rule-id'] = $a_nat[$id]['associated-filter-rule-id'];
72	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
73	5b237745	Scott Ullrich	if (!$pconfig['interface'])
74			$pconfig['interface'] = "wan";
75			} else {
76			$pconfig['interface'] = "wan";
77			}
78
79	a6713b32	Bill Marquette	if (isset($_GET['dup']))
80			unset($id);
81
82	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
83			* cannot think he is slick and perform a XSS attack on the unwilling
84			*/
85	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
86			$temp = $value;
87			$newpost = htmlentities($temp);
88			if($newpost <> $temp)
89	f320386c	Scott Ullrich	$input_errors[] = "Invalid characters detected ($temp). Please remove invalid characters and save again.";
90	ef2a753c	Scott Ullrich	}
91
92	5b237745	Scott Ullrich	if ($_POST) {
93
94			if ($_POST['beginport_cust'] && !$_POST['beginport'])
95			$_POST['beginport'] = $_POST['beginport_cust'];
96			if ($_POST['endport_cust'] && !$_POST['endport'])
97			$_POST['endport'] = $_POST['endport_cust'];
98			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
99			$_POST['localbeginport'] = $_POST['localbeginport_cust'];
100	9ae40f2b	Scott Ullrich
101	5b237745	Scott Ullrich	if (!$_POST['endport'])
102			$_POST['endport'] = $_POST['beginport'];
103	aa3400b8	Scott Ullrich	/* Make beginning port end port if not defined and endport is */
104			if (!$_POST['beginport'] && $_POST['endport'])
105			$_POST['beginport'] = $_POST['endport'];
106	9ae40f2b	Scott Ullrich
107	5b237745	Scott Ullrich	unset($input_errors);
108			$pconfig = $_POST;
109
110			/* input validation */
111	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
112	92442757	Scott Ullrich	$reqdfields = explode(" ", "interface proto beginport endport localip localbeginport");
113	221c77a6	Scott Ullrich	$reqdfieldsn = explode(",", "Interface,Protocol,External port from,External port to,NAT IP,Local port");
114	b66f7667	Scott Ullrich	} else {
115			$reqdfields = explode(" ", "interface proto localip");
116	ea0805c1	Scott Ullrich	$reqdfieldsn = explode(",", "Interface,Protocol,NAT IP");
117	b66f7667	Scott Ullrich	}
118	9ae40f2b	Scott Ullrich
119	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
120	9ae40f2b	Scott Ullrich
121	5b237745	Scott Ullrich	if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
122	5eb817bc	Bill Marquette	$input_errors[] = "\"{$_POST['localip']}\" is not valid NAT IP address or host alias.";
123	5b237745	Scott Ullrich	}
124	9ae40f2b	Scott Ullrich
125	b66f7667	Scott Ullrich	/* only validate the ports if the protocol is TCP, UDP or TCP/UDP */
126	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
127	9ae40f2b	Scott Ullrich
128	1e578a7f	Ermal Lu?i	if ($_POST['beginport'] && !is_portoralias($_POST['beginport'])) {
129	b66f7667	Scott Ullrich	$input_errors[] = "The start port must be an integer between 1 and 65535.";
130			}
131
132	1e578a7f	Ermal Lu?i	if ($_POST['endport'] && !is_portoralias($_POST['endport'])) {
133	b66f7667	Scott Ullrich	$input_errors[] = "The end port must be an integer between 1 and 65535.";
134			}
135
136	1e578a7f	Ermal Lu?i	if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {
137	b66f7667	Scott Ullrich	$input_errors[] = "The local port must be an integer between 1 and 65535.";
138			}
139
140			if ($_POST['beginport'] > $_POST['endport']) {
141			/* swap */
142			$tmp = $_POST['endport'];
143			$_POST['endport'] = $_POST['beginport'];
144			$_POST['beginport'] = $tmp;
145			}
146
147			if (!$input_errors) {
148			if (($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport']) > 65535)
149			$input_errors[] = "The target port range must be an integer between 1 and 65535.";
150			}
151	ea0805c1	Scott Ullrich
152	5b237745	Scott Ullrich	}
153	9ae40f2b	Scott Ullrich
154	5b237745	Scott Ullrich	/* check for overlaps */
155			foreach ($a_nat as $natent) {
156			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
157			continue;
158			if ($natent['interface'] != $_POST['interface'])
159			continue;
160			if ($natent['external-address'] != $_POST['extaddr'])
161			continue;
162	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
163			continue;
164	ea0805c1	Scott Ullrich
165	5b237745	Scott Ullrich	list($begp,$endp) = explode("-", $natent['external-port']);
166			if (!$endp)
167			$endp = $begp;
168	ea0805c1	Scott Ullrich
169	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
170			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
171	ea0805c1	Scott Ullrich
172	5b237745	Scott Ullrich	$input_errors[] = "The external port range overlaps with an existing entry.";
173			break;
174			}
175			}
176
177			if (!$input_errors) {
178			$natent = array();
179			if ($_POST['extaddr'])
180			$natent['external-address'] = $_POST['extaddr'];
181			$natent['protocol'] = $_POST['proto'];
182	9ae40f2b	Scott Ullrich
183	5b237745	Scott Ullrich	if ($_POST['beginport'] == $_POST['endport'])
184			$natent['external-port'] = $_POST['beginport'];
185			else
186			$natent['external-port'] = $_POST['beginport'] . "-" . $_POST['endport'];
187	9ae40f2b	Scott Ullrich
188	5b237745	Scott Ullrich	$natent['target'] = $_POST['localip'];
189			$natent['local-port'] = $_POST['localbeginport'];
190			$natent['interface'] = $_POST['interface'];
191			$natent['descr'] = $_POST['descr'];
192	b9e28d57	unknown	$natent['associated-filter-rule-id'] = $_POST['associated-filter-rule-id'];
193	297ed624	unknown
194	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
195	297ed624	unknown	$natent['associated-filter-rule-id'] = "pass";
196	9ae40f2b	Scott Ullrich
197	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
198			$natent['nosync'] = true;
199			else
200			unset($natent['nosync']);
201
202	5335abae	unknown	$need_filter_rule = false;
203			// Updating a rule with a filter rule associated
204			if( $natent['associated-filter-rule-id']>0 )
205			$need_filter_rule = true;
206			// If creating a new rule, where we want to add the filter rule, associated or not
207			else if( isset($_POST['filter-rule-association']) &&
208			($_POST['filter-rule-association']=='add-associated' \|\|
209			$_POST['filter-rule-association']=='add-unassociated') )
210			$need_filter_rule = true;
211
212			if ($need_filter_rule) {
213
214	b9e28d57	unknown	// If we had a previous rule associated with this NAT rule, delete that
215			if( $natent['associated-filter-rule-id'] > 0 )
216			delete_id($natent['associated-filter-rule-id'], $config['filter']['rule']);
217	9ae40f2b	Scott Ullrich
218	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
219	9ae40f2b	Scott Ullrich	$filterent = array();
220	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
221			$filterent['protocol'] = $_POST['proto'];
222			$filterent['source']['any'] = "";
223			$filterent['destination']['address'] = $_POST['localip'];
224	9ae40f2b	Scott Ullrich
225	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
226			$dstpto = $dstpfrom + $_POST['endport'] - $_POST['beginport'];
227	9ae40f2b	Scott Ullrich
228	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
229			$filterent['destination']['port'] = $dstpfrom;
230			else
231			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
232	9ae40f2b	Scott Ullrich
233	5b237745	Scott Ullrich	$filterent['descr'] = "NAT " . $_POST['descr'];
234	06246e5b	Seth Mos	/*
235			* Our firewall filter description may be no longer than
236			* 63 characters, so don't let it be.
237			*/
238	33b755d1	Chris Buechler	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 59);
239	9ae40f2b	Scott Ullrich
240	b9e28d57	unknown	// If we had a previous rule association, update this rule with that ID so we don't lose association
241			if ($natent['associated-filter-rule-id'] > 0)
242			$filterent['id'] = $natent['associated-filter-rule-id'];
243	5335abae	unknown	// If we wanted this rule to be associated, make sure the NAT entry is updated with the same ID
244			else if($_POST['filter-rule-association']=='add-associated')
245	b9e28d57	unknown	$natent['associated-filter-rule-id'] = $filterent['id'] = get_next_id($config['filter']['rule']);
246
247	5b237745	Scott Ullrich	$config['filter']['rule'][] = $filterent;
248	9ae40f2b	Scott Ullrich
249	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
250	5b237745	Scott Ullrich	}
251	9ae40f2b	Scott Ullrich
252	b9e28d57	unknown	// Update NAT entry after creating/updating the firewall rule, so we have it's rule ID if one was created
253			if (isset($id) && $a_nat[$id])
254			$a_nat[$id] = $natent;
255			else {
256			if (is_numeric($after))
257			array_splice($a_nat, $after+1, 0, array($natent));
258			else
259			$a_nat[] = $natent;
260			}
261
262			mark_subsystem_dirty('natconf');
263
264	5b237745	Scott Ullrich	write_config();
265	9ae40f2b	Scott Ullrich
266	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
267			exit;
268			}
269			}
270	da7ae7ef	Bill Marquette
271	d88c6a9f	Scott Ullrich	$pgtitle = array("Firewall","NAT","Port Forward: Edit");
272	da7ae7ef	Bill Marquette	include("head.inc");
273
274	5b237745	Scott Ullrich	?>
275	da7ae7ef	Bill Marquette
276	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
277	4ce8ac00	Erik Kristensen	<?php
278			include("fbegin.inc"); ?>
279	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
280			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
281			<table width="100%" border="0" cellpadding="6" cellspacing="0">
282	2a6cb2d6	Scott Ullrich	<tr>
283			<td colspan="2" valign="top" class="listtopic">Edit NAT entry</td>
284			</tr>
285			<tr>
286	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
287			<td width="78%" class="vtable">
288	b5c78501	Seth Mos	<select name="interface" class="formselect">
289	5b237745	Scott Ullrich	<?php
290	40b56dc1	Scott Ullrich
291	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
292			foreach ($iflist as $if => $ifdesc)
293			if(have_ruleint_access($if))
294			$interfaces[$if] = $ifdesc;
295	40b56dc1	Scott Ullrich
296			if ($config['pptpd']['mode'] == "server")
297			if(have_ruleint_access("pptp"))
298			$interfaces['pptp'] = "PPTP VPN";
299
300			if ($config['pppoe']['mode'] == "server")
301			if(have_ruleint_access("pppoe"))
302			$interfaces['pppoe'] = "PPPoE VPN";
303
304			/* add ipsec interfaces */
305			if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['mobileclients']['enable']))
306			if(have_ruleint_access("enc0"))
307	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
308	40b56dc1	Scott Ullrich
309	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
310			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
311			<?=htmlspecialchars($ifacename);?>
312			</option>
313			<?php endforeach; ?>
314			</select><br>
315			<span class="vexpl">Choose which interface this rule applies to.<br>
316			Hint: in most cases, you'll want to use WAN here.</span></td>
317			</tr>
318	9ae40f2b	Scott Ullrich	<tr>
319	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">External address</td>
320	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
321	b5c78501	Seth Mos	<select name="extaddr" class="formselect">
322	4ce8ac00	Erik Kristensen	<option value="" <?php if (!$pconfig['extaddr']) echo "selected"; ?>>Interface address</option>
323			<?php if (is_array($config['virtualip']['vip'])):
324			foreach ($config['virtualip']['vip'] as $sn): ?>
325			<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['extaddr']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
326			<?php endforeach;
327			endif; ?>
328			<option value="any" <?php if($pconfig['extaddr'] == "any") echo "selected"; ?>>any</option>
329			</select>
330			<br />
331	5b237745	Scott Ullrich	<span class="vexpl">
332			If you want this rule to apply to another IP address than the IP address of the interface chosen above,
333	1425e067	Bill Marquette	select it here (you need to define <a href="firewall_virtual_ip.php">Virtual IP</a> addresses on the first). Also note that if you are trying to redirect connections on the LAN select the "any" option.</span></td>
334	5b237745	Scott Ullrich	</tr>
335	9ae40f2b	Scott Ullrich	<tr>
336	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
337	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
338	b5c78501	Seth Mos	<select name="proto" class="formselect" onChange="proto_change(); check_for_aliases();">
339	e598eab5	Scott Ullrich	<?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP"); foreach ($protocols as $proto): ?>
340	5b237745	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
341			<?php endforeach; ?>
342	9ae40f2b	Scott Ullrich	</select> <br> <span class="vexpl">Choose which IP protocol
343	5b237745	Scott Ullrich	this rule should match.<br>
344			Hint: in most cases, you should specify <em>TCP</em>  here.</span></td>
345			</tr>
346	9ae40f2b	Scott Ullrich	<tr>
347			<td width="22%" valign="top" class="vncellreq">External port
348	5b237745	Scott Ullrich	range </td>
349	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
350	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
351	9ae40f2b	Scott Ullrich	<tr>
352	5b237745	Scott Ullrich	<td>from:  </td>
353	b5c78501	Seth Mos	<td><select name="beginport" class="formselect" onChange="ext_rep_change(); ext_change(); check_for_aliases();">
354	5b237745	Scott Ullrich	<option value="">(other)</option>
355			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
356			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['beginport']) {
357	0e6998d1	Scott Ullrich	echo "selected";
358			$bfound = 1;
359			}?>>
360	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
361			</option>
362			<?php endforeach; ?>
363	e2705d67	Scott Ullrich	</select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="beginport_cust" id="beginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['beginport']; ?>"></td>
364	5b237745	Scott Ullrich	</tr>
365	9ae40f2b	Scott Ullrich	<tr>
366	5b237745	Scott Ullrich	<td>to:</td>
367	b5c78501	Seth Mos	<td><select name="endport" class="formselect" onChange="ext_change(); check_for_aliases();">
368	5b237745	Scott Ullrich	<option value="">(other)</option>
369			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
370			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['endport']) {
371	0e6998d1	Scott Ullrich	echo "selected";
372			$bfound = 1;
373			}?>>
374	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
375			</option>
376			<?php endforeach; ?>
377	e2705d67	Scott Ullrich	</select> <input onChange="check_for_aliases();" class="formfldalias" autocomplete='off' name="endport_cust" id="endport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['endport']; ?>"></td>
378	5b237745	Scott Ullrich	</tr>
379			</table>
380	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range on
381	5b237745	Scott Ullrich	the firewall's external address for this mapping.<br>
382	9ae40f2b	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
383	5b237745	Scott Ullrich	want to map a single port</span></td>
384			</tr>
385	9ae40f2b	Scott Ullrich	<tr>
386	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">NAT IP</td>
387	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
388	4ce8ac00	Erik Kristensen	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
389	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">Enter the internal IP address of
390	5b237745	Scott Ullrich	the server on which you want to map the ports.<br>
391			e.g. <em>192.168.1.12</em></span></td>
392			</tr>
393	9ae40f2b	Scott Ullrich	<tr>
394	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Local port</td>
395	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
396	b5c78501	Seth Mos	<select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();">
397	5b237745	Scott Ullrich	<option value="">(other)</option>
398			<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
399			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
400	0e6998d1	Scott Ullrich	echo "selected";
401			$bfound = 1;
402			}?>>
403	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
404			</option>
405			<?php endforeach; ?>
406	e2705d67	Scott Ullrich	</select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['localbeginport']; ?>">
407	5b237745	Scott Ullrich	<br>
408	9ae40f2b	Scott Ullrich	<span class="vexpl">Specify the port on the machine with the
409			IP address entered above. In case of a port range, specify
410			the beginning port of the range (the end port will be calculated
411	5b237745	Scott Ullrich	automatically).<br>
412			Hint: this is usually identical to the 'from' port above</span></td>
413			</tr>
414	9ae40f2b	Scott Ullrich	<tr>
415	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
416	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
417	b5c78501	Seth Mos	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
418	9ae40f2b	Scott Ullrich	<br> <span class="vexpl">You may enter a description here
419	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
420	53ea15e0	Scott Ullrich	</tr>
421	d00055f8	Scott Ullrich	<tr>
422			<td width="22%" valign="top" class="vncell">No XMLRPC Sync</td>
423			<td width="78%" class="vtable">
424	3fafce5a	Scott Ullrich	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
425	df593437	Scott Ullrich	HINT: This prevents the rule from automatically syncing to other CARP members.
426	d00055f8	Scott Ullrich	</td>
427	ea0805c1	Scott Ullrich	</tr>
428	b9e28d57	unknown	<?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
429			<tr>
430	5335abae	unknown	<td width="22%" valign="top" class="vncell">Filter rule association</td>
431	b9e28d57	unknown	<td width="78%" class="vtable">
432			<select name="associated-filter-rule-id">
433	5335abae	unknown	<option value="">None</option>
434	537dff78	Chris Buechler	<option value="pass" <?php if($pconfig['associated-filter-rule-id'] == "pass") echo " SELECTED"; ?>>Pass</option>
435	b9e28d57	unknown	<?php foreach ($config['filter']['rule'] as $filter_rule): ?>
436			<?php if (isset($filter_rule['id']) && $filter_rule['id']>0): ?>
437			<option value="<?php echo $filter_rule['id']; ?>"<?php if($filter_rule['id']==$pconfig['associated-filter-rule-id']) echo " SELECTED"; ?>>
438			<?php echo htmlspecialchars('Rule ' . $filter_rule['id'] . ' - ' . $filter_rule['descr']); ?>
439			</option>
440			<?php endif; ?>
441			<?php endforeach; ?>
442			</select>
443			</td>
444			</tr>
445			<?php endif; ?>
446	53ea15e0	Scott Ullrich	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']))): ?>
447	9ae40f2b	Scott Ullrich	<tr>
448	64716c95	Scott Ullrich	<td width="22%" valign="top" class="vncell">Filter rule association</td>
449	5d2742d5	sullrich	<td width="78%" class="vtable">
450	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
451			<option value="">None</option>
452	8b1f77be	Scott Ullrich	<option value="add-associated" selected="selected">Add associated filter rule</option>
453			<option value="add-unassociated">Add unassociated filter rule</option>
454	5335abae	unknown	<option value="pass">Pass</option>
455			</select>
456			</td>
457	5b237745	Scott Ullrich	</tr><?php endif; ?>
458	147b90b8	Scott Ullrich	<tr>
459			<td width="22%" valign="top"> </td>
460			<td width="78%"> </td>
461			</tr>
462	9ae40f2b	Scott Ullrich	<tr>
463	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
464	9ae40f2b	Scott Ullrich	<td width="78%">
465	fc01e414	Scott Ullrich	<input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
466	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
467	9ae40f2b	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
468	5b237745	Scott Ullrich	<?php endif; ?>
469			</td>
470			</tr>
471			</table>
472			</form>
473			<script language="JavaScript">
474			<!--
475	4ce8ac00	Erik Kristensen	ext_change();
476	5b237745	Scott Ullrich	//-->
477			</script>
478	9ae40f2b	Scott Ullrich	<?php
479			$isfirst = 0;
480			$aliases = "";
481			$addrisfirst = 0;
482			$aliasesaddr = "";
483	b964717d	Scott Ullrich	if($config['aliases']['alias'] <> "")
484			foreach($config['aliases']['alias'] as $alias_name) {
485	b6867d81	Ermal Lu?i	switch ($alias_name['type']) {
486			case "port":
487			if($isfirst == 1) $portaliases .= ",";
488			$portaliases .= "'" . $alias_name['name'] . "'";
489			$isfirst = 1;
490			break;
491			case "host":
492			case "network":
493			case "openvpn":
494			if($addrisfirst == 1) $aliasesaddr .= ",";
495			$aliasesaddr .= "'" . $alias_name['name'] . "'";
496			$addrisfirst = 1;
497			break;
498			default:
499			break;
500	b964717d	Scott Ullrich	}
501	9ae40f2b	Scott Ullrich	}
502			?>
503			<script language="JavaScript">
504			<!--
505	4ce8ac00	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
506	b6867d81	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
507	9eb60dcc	Ermal Lu?i
508			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
509			var oTextbox2 = new AutoSuggestControl(document.getElementById("beginport_cust"), new StateSuggestions(customarray));
510			var oTextbox3 = new AutoSuggestControl(document.getElementById("endport_cust"), new StateSuggestions(customarray));
511			var oTextbox4 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
512	9ae40f2b	Scott Ullrich	//-->
513			</script>
514	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
515			</body>
516			</html>

Project

General

Profile

pfSense