Project

General

Profile

« Previous | Next » 

Revision 69364ab8

Added by Phil Davis almost 12 years ago

Validate firewall rule advanced options requirements

Checks that the user has selected a TCP Pass rule etc when using the state-related advanced options. Validates as per the checks that are applied in filter.inc when generating the actual pf rules.
Forum discussion: http://forum.pfsense.org/index.php/topic,64653.15.html
Bug report #3098

View differences:

usr/local/www/firewall_rules_edit.php
472 472 
			$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
473 473 
	}
474 474 

  		




  
  475
  
    
	if ($_POST['proto'] <> "tcp") {


  		




  
  476
  
    
		if (!empty($_POST['max']))


  		




  
  477
  
    
			$input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for TCP protocol.");


  		




  
  478
  
    
		if (!empty($_POST['max-src-nodes']))


  		




  
  479
  
    
			$input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for TCP protocol.");


  		




  
  480
  
    
		if (!empty($_POST['max-src-conn']))


  		




  
  481
  
    
			$input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for TCP protocol.");


  		




  
  482
  
    
		if (!empty($_POST['max-src-states']))


  		




  
  483
  
    
			$input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for TCP protocol.");


  		




  
  484
  
    
		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates']))


  		




  
  485
  
    
			$input_errors[] = gettext("You can only specify the maximum new connections / per second(s) (advanced option) for TCP protocol.");


  		




  
  486
  
    
		if (!empty($_POST['statetimeout']))


  		




  
  487
  
    
			$input_errors[] = gettext("You can only specify the state timeout (advanced option) for TCP protocol.");


  		




  
  488
  
    
	}


  		




  
  489
  
    

  		




  
  490
  
    
	if ($_POST['type'] <> "pass") {


  		




  
  491
  
    
		if (!empty($_POST['max']))


  		




  
  492
  
    
			$input_errors[] = gettext("You can only specify the maximum state entries (advanced option) for Pass type rules.");


  		




  
  493
  
    
		if (!empty($_POST['max-src-nodes']))


  		




  
  494
  
    
			$input_errors[] = gettext("You can only specify the maximum number of unique source hosts (advanced option) for Pass type rules.");


  		




  
  495
  
    
		if (!empty($_POST['max-src-conn']))


  		




  
  496
  
    
			$input_errors[] = gettext("You can only specify the maximum number of established connections per host (advanced option) for Pass type rules.");


  		




  
  497
  
    
		if (!empty($_POST['max-src-states']))


  		




  
  498
  
    
			$input_errors[] = gettext("You can only specify the maximum state entries per host (advanced option) for Pass type rules.");


  		




  
  499
  
    
		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates']))


  		




  
  500
  
    
			$input_errors[] = gettext("You can only specify the maximum new connections / per second(s) (advanced option) for Pass type rules.");


  		




  
  501
  
    
		if (!empty($_POST['statetimeout']))


  		




  
  502
  
    
			$input_errors[] = gettext("You can only specify the state timeout (advanced option) for Pass type rules.");


  		




  
  503
  
    
	}


  		




  
  504
  
    

  		




  
  505
  
    
	if (($_POST['statetype'] == "none") && (empty($_POST['l7container']))) {


  		




  
  506
  
    
		if (!empty($_POST['max']))


  		




  
  507
  
    
			$input_errors[] = gettext("You cannot specify the maximum state entries (advanced option) if statetype is none and no L7 container is selected.");


  		




  
  508
  
    
		if (!empty($_POST['max-src-nodes']))


  		




  
  509
  
    
			$input_errors[] = gettext("You cannot specify the maximum number of unique source hosts (advanced option) if statetype is none and no L7 container is selected.");


  		




  
  510
  
    
		if (!empty($_POST['max-src-conn']))


  		




  
  511
  
    
			$input_errors[] = gettext("You cannot specify the maximum number of established connections per host (advanced option) if statetype is none and no L7 container is selected.");


  		




  
  512
  
    
		if (!empty($_POST['max-src-states']))


  		




  
  513
  
    
			$input_errors[] = gettext("You cannot specify the maximum state entries per host (advanced option) if statetype is none and no L7 container is selected.");


  		




  
  514
  
    
		if (!empty($_POST['max-src-conn-rate']) || !empty($_POST['max-src-conn-rates']))


  		




  
  515
  
    
			$input_errors[] = gettext("You cannot specify the maximum new connections / per second(s) (advanced option) if statetype is none and no L7 container is selected.");


  		




  
  516
  
    
		if (!empty($_POST['statetimeout']))


  		




  
  517
  
    
			$input_errors[] = gettext("You cannot specify the state timeout (advanced option) if statetype is none and no L7 container is selected.");


  		




  
  518
  
    
	}


  		




  
  519
  
    

  		




  475
  520
  
    
	if (!$_POST['tcpflags_any']) {


  		




  476
  521
  
    
		$settcpflags = array();


  		




  477
  522
  
    
		$outoftcpflags = array();


  		












Also available in:  Unified diff