/src/usr/local/www/firewall_rules.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/firewall_rules.php @ 6c452777

1	b2ffe419	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	37e2071c	Scott Ullrich	firewall_rules.php
5	5b237745	Scott Ullrich	*/
6	fd9ebcd5	Stephen Beaver	/* ====================================================================
7	6cb366de	Stephen Beaver	* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
8			* Copyright (c) 2004 Scott Ullrich
9			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>
10	fd9ebcd5	Stephen Beaver	* Originally part of pfSense (https://www.pfsense.org)
11			*
12	6cb366de	Stephen Beaver	* Redistribution and use in source and binary forms, with or without modification,
13			* are permitted provided that the following conditions are met:
14	fd9ebcd5	Stephen Beaver	*
15	6cb366de	Stephen Beaver	* 1. Redistributions of source code must retain the above copyright notice,
16			* this list of conditions and the following disclaimer.
17	fd9ebcd5	Stephen Beaver	*
18	6cb366de	Stephen Beaver	* 2. Redistributions in binary form must reproduce the above copyright
19			* notice, this list of conditions and the following disclaimer in
20			* the documentation and/or other materials provided with the
21			* distribution.
22	fd9ebcd5	Stephen Beaver	*
23	6cb366de	Stephen Beaver	* 3. All advertising materials mentioning features or use of this software
24			* must display the following acknowledgment:
25			* "This product includes software developed by the pfSense Project
26			* for use in the pfSense software distribution. (http://www.pfsense.org/).
27	fd9ebcd5	Stephen Beaver	*
28	6cb366de	Stephen Beaver	* 4. The names "pfSense" and "pfSense Project" must not be used to
29			* endorse or promote products derived from this software without
30			* prior written permission. For written permission, please contact
31			* coreteam@pfsense.org.
32	fd9ebcd5	Stephen Beaver	*
33	6cb366de	Stephen Beaver	* 5. Products derived from this software may not be called "pfSense"
34			* nor may "pfSense" appear in their names without prior written
35			* permission of the Electric Sheep Fencing, LLC.
36	fd9ebcd5	Stephen Beaver	*
37	6cb366de	Stephen Beaver	* 6. Redistributions of any form whatsoever must retain the following
38			* acknowledgment:
39	fd9ebcd5	Stephen Beaver	*
40	6cb366de	Stephen Beaver	* "This product includes software developed by the pfSense Project
41			* for use in the pfSense software distribution (http://www.pfsense.org/).
42	fd9ebcd5	Stephen Beaver	*
43	6cb366de	Stephen Beaver	* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
44			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
46			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
47			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
48			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
49			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
50			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
51			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
52			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
53			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
54			* OF THE POSSIBILITY OF SUCH DAMAGE.
55	fd9ebcd5	Stephen Beaver	*
56	6cb366de	Stephen Beaver	* ====================================================================
57	fd9ebcd5	Stephen Beaver	*
58			*/
59	7ac5a4cb	Scott Ullrich	/*
60	c821a6cd	Stephen Beaver	pfSense_MODULE: filter
61	7ac5a4cb	Scott Ullrich	*/
62	5b237745	Scott Ullrich
63	6b07c15a	Matthew Grooms	##\|+PRIV
64			##\|*IDENT=page-firewall-rules
65			##\|*NAME=Firewall: Rules page
66			##\|*DESCR=Allow access to the 'Firewall: Rules' page.
67			##\|MATCH=firewall_rules.php
68			##\|-PRIV
69
70	5b237745	Scott Ullrich	require("guiconfig.inc");
71	7a927e67	Scott Ullrich	require_once("functions.inc");
72			require_once("filter.inc");
73			require_once("shaper.inc");
74	5b237745	Scott Ullrich
75	6c07db48	Phil Davis	$pgtitle = array(gettext("Firewall"), gettext("Rules"));
76	b32dd0a6	jim-p	$shortcut_section = "firewall";
77	7a808e01	Carlos Eduardo Ramos
78	00c82782	Renato Botelho	function delete_nat_association($id) {
79			global $config;
80
81	603d3c16	Phil Davis	if (!$id \|\| !is_array($config['nat']['rule'])) {
82	673d29c0	Renato Botelho	return;
83	603d3c16	Phil Davis	}
84	673d29c0	Renato Botelho
85	00c82782	Renato Botelho	$a_nat = &$config['nat']['rule'];
86
87	603d3c16	Phil Davis	foreach ($a_nat as &$natent) {
88			if ($natent['associated-rule-id'] == $id) {
89	00c82782	Renato Botelho	$natent['associated-rule-id'] = '';
90	603d3c16	Phil Davis	}
91			}
92	673d29c0	Renato Botelho	}
93
94	5b237745	Scott Ullrich	if (!is_array($config['filter']['rule'])) {
95			$config['filter']['rule'] = array();
96			}
97	c821a6cd	Stephen Beaver
98	5b237745	Scott Ullrich	filter_rules_sort();
99			$a_filter = &$config['filter']['rule'];
100
101	07bd3f83	Scott Ullrich	$if = $_GET['if'];
102	603d3c16	Phil Davis	if ($_POST['if']) {
103	07bd3f83	Scott Ullrich	$if = $_POST['if'];
104	603d3c16	Phil Davis	}
105	b2ffe419	Scott Ullrich
106	cbe3ea96	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
107	07bd3f83	Scott Ullrich
108	90ba56ad	Scott Ullrich	/* add group interfaces */
109	603d3c16	Phil Davis	if (is_array($config['ifgroups']['ifgroupentry'])) {
110			foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) {
111			if (have_ruleint_access($ifgen['ifname'])) {
112	90ba56ad	Scott Ullrich	$iflist[$ifgen['ifname']] = $ifgen['ifname'];
113	603d3c16	Phil Davis	}
114			}
115			}
116	90ba56ad	Scott Ullrich
117	603d3c16	Phil Davis	foreach ($ifdescs as $ifent => $ifdesc) {
118			if (have_ruleint_access($ifent)) {
119	aef4dc74	Ermal Luçi	$iflist[$ifent] = $ifdesc;
120	603d3c16	Phil Davis	}
121			}
122	88bcd1d2	Scott Dale
123	603d3c16	Phil Davis	if ($config['l2tp']['mode'] == "server") {
124			if (have_ruleint_access("l2tp")) {
125	56dda8e0	Renato Botelho	$iflist['l2tp'] = "L2TP VPN";
126	603d3c16	Phil Davis	}
127			}
128	617f8d25	Ermal Lu?i
129	b0899ee4	Ermal	if (is_array($config['pppoes']['pppoe'])) {
130	603d3c16	Phil Davis	foreach ($config['pppoes']['pppoe'] as $pppoes) {
131			if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe")) {
132	b0899ee4	Ermal	$iflist['pppoe'] = "PPPoE Server";
133	603d3c16	Phil Davis	}
134			}
135	b0899ee4	Ermal	}
136	0c554ff6	Scott Ullrich
137	88bcd1d2	Scott Dale	/* add ipsec interfaces */
138	603d3c16	Phil Davis	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable'])) {
139			if (have_ruleint_access("enc0")) {
140	0f266b2e	Chris Buechler	$iflist["enc0"] = "IPsec";
141	603d3c16	Phil Davis	}
142			}
143	07bd3f83	Scott Ullrich
144	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
145	6c07db48	Phil Davis	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"]) {
146	56dda8e0	Renato Botelho	$iflist["openvpn"] = "OpenVPN";
147	603d3c16	Phil Davis	}
148	bfb60ac8	Ermal Luçi
149	92125c97	Ermal Luçi	if (!$if \|\| !isset($iflist[$if])) {
150	603d3c16	Phil Davis	if ("any" == $if) {
151	56dda8e0	Renato Botelho	$if = "FloatingRules";
152	603d3c16	Phil Davis	} else if ("FloatingRules" != $if) {
153			if (isset($iflist['wan'])) {
154	0416d9a0	Darren Embry	$if = "wan";
155	603d3c16	Phil Davis	} else {
156	0416d9a0	Darren Embry	$if = "FloatingRules";
157	603d3c16	Phil Davis	}
158	0416d9a0	Darren Embry	}
159	92125c97	Ermal Luçi	}
160	07bd3f83	Scott Ullrich
161	5b237745	Scott Ullrich	if ($_POST) {
162			$pconfig = $_POST;
163
164			if ($_POST['apply']) {
165	37e2071c	Scott Ullrich	$retval = 0;
166	9a7e416c	Scott Ullrich	$retval = filter_configure();
167
168	a368a026	Ermal Lu?i	clear_subsystem_dirty('filter');
169	a985eac2	Scott Ullrich
170	e6f34d22	Phil Davis	$savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background.<br />You can also %s monitor %s the reload progress"), "<a href='status_filter_reload.php'>", "</a>");
171	5b237745	Scott Ullrich	}
172			}
173
174	6cb366de	Stephen Beaver
175	d97c50cd	Bill Marquette	if ($_GET['act'] == "del") {
176	673d29c0	Renato Botelho	if ($a_filter[$_GET['id']]) {
177			if (!empty($a_filter[$_GET['id']]['associated-rule-id'])) {
178	00c82782	Renato Botelho	delete_nat_association($a_filter[$_GET['id']]['associated-rule-id']);
179	673d29c0	Renato Botelho	}
180			unset($a_filter[$_GET['id']]);
181	603d3c16	Phil Davis	if (write_config()) {
182	bec92ab9	jim-p	mark_subsystem_dirty('filter');
183	603d3c16	Phil Davis	}
184	6cb366de	Stephen Beaver
185	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
186	673d29c0	Renato Botelho	exit;
187			}
188	d97c50cd	Bill Marquette	}
189
190	32c58070	Scott Ullrich	// Handle save msg if defined
191	603d3c16	Phil Davis	if ($_REQUEST['savemsg']) {
192	32c58070	Scott Ullrich	$savemsg = htmlentities($_REQUEST['savemsg']);
193	603d3c16	Phil Davis	}
194	32c58070	Scott Ullrich
195	6cb366de	Stephen Beaver	if (isset($_POST['del_x'])) {
196			/* delete selected rules */
197			$deleted = false;
198
199			if (is_array($_POST['rule']) && count($_POST['rule'])) {
200			foreach ($_POST['rule'] as $rulei) {
201			delete_nat_association($a_filter[$rulei]['associated-rule-id']);
202			unset($a_filter[$rulei]);
203			$deleted = true;
204			}
205
206			if($deleted) {
207			if (write_config()) {
208			mark_subsystem_dirty('filter');
209			}
210			}
211
212			header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
213			exit;
214			}
215			} else if ($_GET['act'] == "toggle") {
216	07bd3f83	Scott Ullrich	if ($a_filter[$_GET['id']]) {
217	603d3c16	Phil Davis	if (isset($a_filter[$_GET['id']]['disabled'])) {
218	56dda8e0	Renato Botelho	unset($a_filter[$_GET['id']]['disabled']);
219	603d3c16	Phil Davis	} else {
220	56dda8e0	Renato Botelho	$a_filter[$_GET['id']]['disabled'] = true;
221	603d3c16	Phil Davis	}
222			if (write_config()) {
223	bec92ab9	jim-p	mark_subsystem_dirty('filter');
224	603d3c16	Phil Davis	}
225	6cb366de	Stephen Beaver
226	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
227	5b237745	Scott Ullrich	exit;
228			}
229	6cb366de	Stephen Beaver	} else if($_POST['order-store']) {
230	ea5665c7	Sjon Hortensius	/* update rule order, POST[rule] is an array of ordered IDs */
231			if (is_array($_POST['rule']) && !empty($_POST['rule'])) {
232	07bd3f83	Scott Ullrich	$a_filter_new = array();
233	b2ffe419	Scott Ullrich
234	ea5665c7	Sjon Hortensius	// if a rule is not in POST[rule], it has been deleted by the user
235			foreach ($_POST['rule'] as $id)
236			$a_filter_new[] = $a_filter[$id];
237	b2ffe419	Scott Ullrich
238	07bd3f83	Scott Ullrich	$a_filter = $a_filter_new;
239	603d3c16	Phil Davis	if (write_config()) {
240	bec92ab9	jim-p	mark_subsystem_dirty('filter');
241	603d3c16	Phil Davis	}
242	6cb366de	Stephen Beaver
243	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
244	5b237745	Scott Ullrich	exit;
245			}
246			}
247
248	9a25487b	Scott Ullrich	include("head.inc");
249	3b2c83b8	Sjon Hortensius	$nrules = 0;
250
251	ea5665c7	Sjon Hortensius	if ($savemsg)
252	42a6bcbd	Stephen Beaver	print_info_box($savemsg, 'success');
253
254	ea5665c7	Sjon Hortensius	if (is_subsystem_dirty('filter'))
255			print_info_box_np(gettext("The firewall rule configuration has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect."), "apply", "", true);
256	3b2c83b8	Sjon Hortensius
257			$tab_array = array(array(gettext("Floating"), ("FloatingRules" == $if), "firewall_rules.php?if=FloatingRules"));
258
259	ea5665c7	Sjon Hortensius	foreach ($iflist as $ifent => $ifname)
260	3b2c83b8	Sjon Hortensius	$tab_array[] = array($ifname, ($ifent == $if), "firewall_rules.php?if={$ifent}");
261
262			display_top_tabs($tab_array);
263	ea5665c7	Sjon Hortensius
264	3b2c83b8	Sjon Hortensius	?>
265	c821a6cd	Stephen Beaver	<form method="post">
266			<div class="panel panel-default">
267			<div class="panel-heading"><?=gettext("Rules (Drag to change order)")?></div>
268			<div id="mainarea" class="table-responsive panel-body">
269			<table class="table table-striped table-hover table-condensed">
270			<thead>
271			<tr>
272	6cb366de	Stephen Beaver	<th><!-- checkbox --></th>
273	c821a6cd	Stephen Beaver	<th><!-- status icons --></th>
274			<th><?=gettext("Proto");?></th>
275			<th><?=gettext("Source");?></th>
276			<th><?=gettext("Port");?></th>
277			<th><?=gettext("Destination");?></th>
278			<th><?=gettext("Port");?></th>
279			<th><?=gettext("Gateway");?></th>
280			<th><?=gettext("Queue");?></th>
281			<th><?=gettext("Schedule");?></th>
282			<th><?=gettext("Description");?></th>
283			<th><!-- buttons --></th>
284			</tr>
285			</thead>
286			<tbody>
287	3b2c83b8	Sjon Hortensius	<?php
288	ea5665c7	Sjon Hortensius	// Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1.
289			if (!isset($config['system']['webgui']['noantilockout']) &&
290	6cb366de	Stephen Beaver	(((count($config['interfaces']) > 1) && ($if == 'lan')) \|\|
291			((count($config['interfaces']) == 1) && ($if == 'wan')))):
292	ea5665c7	Sjon Hortensius	$alports = implode('<br />', filter_get_antilockout_ports(true));
293	3b2c83b8	Sjon Hortensius	?>
294	c821a6cd	Stephen Beaver	<tr id="antilockout">
295	6cb366de	Stephen Beaver	<td></td>
296	c821a6cd	Stephen Beaver	<td title="<?=gettext("traffic is passed")?>"><i class="icon icon-ok"></i></td>
297			<td>*</td>
298			<td>*</td>
299			<td>*</td>
300			<td><?=$iflist[$if];?> Address</td>
301			<td><?=$alports?></td>
302			<td>*</td>
303			<td>*</td>
304			<td></td>
305			<td><?=gettext("Anti-Lockout Rule");?></td>
306			<td>
307			<a href="system_advanced_admin.php" class="btn btn-xs btn-primary">edit</a>
308			</td>
309			</tr>
310	3b2c83b8	Sjon Hortensius	<?php endif;?>
311	f1f60c92	Ermal Luçi	<?php if (isset($config['interfaces'][$if]['blockpriv'])): ?>
312	c821a6cd	Stephen Beaver	<tr id="frrfc1918">
313	6cb366de	Stephen Beaver	<td></td>
314	c821a6cd	Stephen Beaver	<td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td>
315			<td>*</td>
316			<td><?=gettext("RFC 1918 networks");?></td>
317			<td>*</td>
318			<td>*</td>
319			<td>*</td>
320			<td>*</td>
321			<td>*</td>
322			<td></td>
323			<td><?=gettext("Block private networks");?></td>
324			<td>
325	6f5a3fea	Stephen Beaver	<a href="interfaces.php?if=<?=htmlspecialchars($if)?>" class="btn btn-xs btn-primary" title="<?=gettext("edit rule");?>">edit</a>
326	c821a6cd	Stephen Beaver	</td>
327			</tr>
328	3b2c83b8	Sjon Hortensius	<?php endif;?>
329	f1f60c92	Ermal Luçi	<?php if (isset($config['interfaces'][$if]['blockbogons'])): ?>
330	c821a6cd	Stephen Beaver	<tr id="frrfc1918">
331	6cb366de	Stephen Beaver	<td></td>
332	c821a6cd	Stephen Beaver	<td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td>
333			<td>*</td>
334			<td><?=gettext("Reserved/not assigned by IANA");?></td>
335			<td>*</td>
336			<td>*</td>
337			<td>*</td>
338			<td>*</td>
339			<td>*</td>
340			<td>*</td>
341			<td><?=gettext("Block bogon networks");?></td>
342			<td>
343	6f5a3fea	Stephen Beaver	<a href="interfaces.php?if=<?=htmlspecialchars($if)?>" class="btn btn-xs btn-primary">edit</a>
344	c821a6cd	Stephen Beaver	</td>
345			</tr>
346	3b2c83b8	Sjon Hortensius	<?php endif;?>
347	c821a6cd	Stephen Beaver	</tbody>
348	3b2c83b8	Sjon Hortensius
349	c821a6cd	Stephen Beaver	<tbody class="user-entries">
350	6cb366de	Stephen Beaver	<?php
351			$nrules = 0;
352			for ($i = 0; isset($a_filter[$i]); $i++):
353	56dda8e0	Renato Botelho	$filterent = $a_filter[$i];
354	6cb366de	Stephen Beaver
355	56dda8e0	Renato Botelho	if ($filterent['interface'] != $if && !isset($filterent['floating']))
356			continue;
357	6cb366de	Stephen Beaver
358	56dda8e0	Renato Botelho	if (isset($filterent['floating']) && "FloatingRules" != $if)
359			continue;
360			?>
361	6cb366de	Stephen Beaver	<tr id="fr<?=$nrules;?>" onClick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';" <?=(isset($filterent['disabled']) ? ' class="disabled"' : '')?>>
362			<td >
363			<input type="checkbox" id="frc<?=$nrules;?>" onClick="fr_toggle(<?=$nrules;?>)" name="rule[]" value="<?=$i;?>"/>
364			</td>
365
366	c821a6cd	Stephen Beaver	<td title="<?=gettext("traffic is ").$filterent['type']."ed"?>">
367	ea5665c7	Sjon Hortensius
368	3b2c83b8	Sjon Hortensius	<?php
369			if ($filterent['type'] == "block")
370			$iconfn = "remove";
371			else if ($filterent['type'] == "reject")
372			$iconfn = "fire";
373			else if ($filterent['type'] == "match")
374			$iconfn = "filter";
375			else
376			$iconfn = "ok";
377			?>
378	ea5665c7	Sjon Hortensius	<i class="icon icon-<?=$iconfn?>"></i>
379	3b2c83b8	Sjon Hortensius	<?php
380			$isadvset = firewall_check_for_advanced_options($filterent);
381	69b397dd	Sjon Hortensius	if ($isadvset)
382			print '<i class="icon icon-cog" title="'. gettext("advanced setting") .': '. $isadvset .'"></i>';
383	3b2c83b8	Sjon Hortensius
384	69b397dd	Sjon Hortensius	if (isset($filterent['log']))
385	3b2c83b8	Sjon Hortensius	print '<i class="icon icon-tasks" title="'. gettext("traffic is logged") .'"></i>';
386			?>
387	ea5665c7	Sjon Hortensius	</td>
388	3b2c83b8	Sjon Hortensius	<?php
389			$alias = rule_columns_with_alias(
390			$filterent['source']['address'],
391			pprint_port($filterent['source']['port']),
392			$filterent['destination']['address'],
393			pprint_port($filterent['destination']['port'])
394			);
395
396			//build Schedule popup box
397			$a_schedules = &$config['schedules']['schedule'];
398			$schedule_span_begin = "";
399			$schedule_span_end = "";
400			$sched_caption_escaped = "";
401			$sched_content = "";
402			$schedstatus = false;
403	e6f34d22	Phil Davis	$dayArray = array (gettext('Mon'), gettext('Tues'), gettext('Wed'), gettext('Thur'), gettext('Fri'), gettext('Sat'), gettext('Sun'));
404			$monthArray = array (gettext('January'), gettext('February'), gettext('March'), gettext('April'), gettext('May'), gettext('June'), gettext('July'), gettext('August'), gettext('September'), gettext('October'), gettext('November'), gettext('December'));
405	ea5665c7	Sjon Hortensius	if ($config['schedules']['schedule'] != "" && is_array($config['schedules']['schedule'])) {
406	3b2c83b8	Sjon Hortensius	foreach ($a_schedules as $schedule)
407			{
408	e6f34d22	Phil Davis	if ($schedule['name'] == $filterent['sched']) {
409	3b2c83b8	Sjon Hortensius	$schedstatus = filter_get_time_based_rule_status($schedule);
410
411	e6f34d22	Phil Davis	foreach ($schedule['timerange'] as $timerange) {
412	3b2c83b8	Sjon Hortensius	$tempFriendlyTime = "";
413			$tempID = "";
414			$firstprint = false;
415	e6f34d22	Phil Davis	if ($timerange) {
416	3b2c83b8	Sjon Hortensius	$dayFriendly = "";
417			$tempFriendlyTime = "";
418
419			//get hours
420			$temptimerange = $timerange['hour'];
421			$temptimeseparator = strrpos($temptimerange, "-");
422
423			$starttime = substr ($temptimerange, 0, $temptimeseparator);
424			$stoptime = substr ($temptimerange, $temptimeseparator+1);
425
426	e6f34d22	Phil Davis	if ($timerange['month']) {
427	3b2c83b8	Sjon Hortensius	$tempmontharray = explode(",", $timerange['month']);
428	e6f34d22	Phil Davis	$tempdayarray = explode(",", $timerange['day']);
429	3b2c83b8	Sjon Hortensius	$arraycounter = 0;
430			$firstDayFound = false;
431			$firstPrint = false;
432	e6f34d22	Phil Davis	foreach ($tempmontharray as $monthtmp) {
433	3b2c83b8	Sjon Hortensius	$month = $tempmontharray[$arraycounter];
434			$day = $tempdayarray[$arraycounter];
435
436			if (!$firstDayFound)
437	8ce97a08	Scott Dale	{
438	3b2c83b8	Sjon Hortensius	$firstDay = $day;
439			$firstmonth = $month;
440			$firstDayFound = true;
441			}
442
443			$currentDay = $day;
444			$nextDay = $tempdayarray[$arraycounter+1];
445			$currentDay++;
446	e6f34d22	Phil Davis	if (($currentDay != $nextDay) \|\| ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])) {
447	3b2c83b8	Sjon Hortensius	if ($firstPrint)
448			$dayFriendly .= ", ";
449			$currentDay--;
450			if ($currentDay != $firstDay)
451			$dayFriendly .= $monthArray[$firstmonth-1] . " " . $firstDay . " - " . $currentDay ;
452			else
453	c821a6cd	Stephen Beaver	$dayFriendly .= $monthArray[$month-1] . " " . $day;
454	8ce97a08	Scott Dale	$firstDayFound = false;
455	3b2c83b8	Sjon Hortensius	$firstPrint = true;
456			}
457			$arraycounter++;
458			}
459			}
460			else
461			{
462			$tempdayFriendly = $timerange['position'];
463			$firstDayFound = false;
464			$tempFriendlyDayArray = explode(",", $tempdayFriendly);
465			$currentDay = "";
466			$firstDay = "";
467			$nextDay = "";
468			$counter = 0;
469	e6f34d22	Phil Davis	foreach ($tempFriendlyDayArray as $day) {
470			if ($day != "") {
471	3b2c83b8	Sjon Hortensius	if (!$firstDayFound)
472			{
473			$firstDay = $tempFriendlyDayArray[$counter];
474			$firstDayFound = true;
475	8ce97a08	Scott Dale	}
476	3b2c83b8	Sjon Hortensius	$currentDay =$tempFriendlyDayArray[$counter];
477			//get next day
478			$nextDay = $tempFriendlyDayArray[$counter+1];
479			$currentDay++;
480	e6f34d22	Phil Davis	if ($currentDay != $nextDay) {
481	3b2c83b8	Sjon Hortensius	if ($firstprint)
482			$dayFriendly .= ", ";
483			$currentDay--;
484			if ($currentDay != $firstDay)
485			$dayFriendly .= $dayArray[$firstDay-1] . " - " . $dayArray[$currentDay-1];
486			else
487			$dayFriendly .= $dayArray[$firstDay-1];
488			$firstDayFound = false;
489			$firstprint = true;
490			}
491			$counter++;
492	56dda8e0	Renato Botelho	}
493	8ce97a08	Scott Dale	}
494	2a113ca9	Scott Dale	}
495	3b2c83b8	Sjon Hortensius	$timeFriendly = $starttime . " - " . $stoptime;
496			$description = $timerange['rangedescr'];
497			$sched_content .= $dayFriendly . "; " . $timeFriendly . "<br />";
498	56dda8e0	Renato Botelho	}
499			}
500	ea5665c7	Sjon Hortensius	#FIXME
501	3b2c83b8	Sjon Hortensius	$sched_caption_escaped = str_replace("'", "\'", $schedule['descr']);
502			$schedule_span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>{$sched_caption_escaped}</h1><p>{$sched_content}</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><u>";
503			$schedule_span_end = "</u></span>";
504	616dd997	Scott Dale	}
505	3b2c83b8	Sjon Hortensius	}
506			}
507			$printicon = false;
508			$alttext = "";
509			$image = "";
510			if (!isset($filterent['disabled'])) {
511			if ($schedstatus) {
512			if ($iconfn == "block" \|\| $iconfn == "reject") {
513			$image = "icon_block";
514			$alttext = gettext("Traffic matching this rule is currently being denied");
515	56dda8e0	Renato Botelho	} else {
516	3b2c83b8	Sjon Hortensius	$image = "icon_pass";
517			$alttext = gettext("Traffic matching this rule is currently being allowed");
518	be81b340	Erik Fonnesbeck	}
519	3b2c83b8	Sjon Hortensius	$printicon = true;
520			} else if ($filterent['sched']) {
521			if ($iconfn == "block" \|\| $iconfn == "reject")
522			$image = "icon_block_d";
523			else
524			$image = "icon_block";
525			$alttext = gettext("This rule is not currently active because its period has expired");
526			$printicon = true;
527			}
528			}
529			?>
530	ea5665c7	Sjon Hortensius	<td>
531	3b2c83b8	Sjon Hortensius	<?php
532			if (isset($filterent['ipprotocol'])) {
533	e6f34d22	Phil Davis	switch ($filterent['ipprotocol']) {
534	3b2c83b8	Sjon Hortensius	case "inet":
535			echo "IPv4 ";
536			break;
537			case "inet6":
538			echo "IPv6 ";
539			break;
540			case "inet46":
541			echo "IPv4+6 ";
542			break;
543			}
544			} else {
545			echo "IPv4 ";
546			}
547
548			if (isset($filterent['protocol'])) {
549			echo strtoupper($filterent['protocol']);
550
551			if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) {
552			echo ' <span style="cursor: help;" title="ICMP type: ' .
553	e6f34d22	Phil Davis	($filterent['ipprotocol'] == "inet6" ? $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']]) .
554	3b2c83b8	Sjon Hortensius	'"><u>';
555			echo $filterent['icmptype'];
556			echo '</u></span>';
557			}
558			} else echo "*";
559	e83aaa50	Stephen Beaver
560	3b2c83b8	Sjon Hortensius	?>
561	c821a6cd	Stephen Beaver	</td>
562			<td>
563			<?php if (isset($alias['src'])): ?>
564			<a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true">
565			<?php endif; ?>
566			<?=htmlspecialchars(pprint_address($filterent['source']))?>
567			</td>
568			<td>
569			<?php if (isset($alias['srcport'])): ?>
570			<a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true">
571			<?php endif; ?>
572			<?=htmlspecialchars(pprint_port($filterent['source']['port']))?>
573			</td>
574			<td>
575			<?php if (isset($alias['dst'])): ?>
576	e83aaa50	Stephen Beaver	<a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true">
577	c821a6cd	Stephen Beaver	<?php endif; ?>
578	2754e7e6	Stephen Beaver	<?=htmlspecialchars(pprint_address($filterent['destination']))?>
579	c821a6cd	Stephen Beaver	</td>
580			<td>
581			<?php if (isset($alias['dstport'])): ?>
582			<a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true">
583			<?php endif; ?>
584			<?=htmlspecialchars(pprint_port($filterent['destination']['port']))?>
585			</td>
586			<td>
587			<?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])):?>
588			<?=htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr'])?>
589			<?php else: ?>
590			<?=htmlspecialchars(pprint_port($filterent['gateway']))?>
591			<?php endif; ?>
592			</td>
593			<td>
594			<?php
595			if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) {
596			$desc = $filterent['ackqueue'] ;
597			echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&action=show\">{$desc}</a>";
598			$desc = $filterent['defaultqueue'];
599			echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
600			} else if (isset($filterent['defaultqueue'])) {
601			$desc = $filterent['defaultqueue'];
602			echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
603			} else
604			echo gettext("none");
605			?>
606			</td>
607			<td>
608			<?php if ($printicon) { ?><img src="./themes/<?= $g['theme'];?>/images/icons/<?=$image;?>.gif" title="<?=$alttext;?>" border="0" alt="icon" /><?php } ?>
609			<?=$schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?> <?=$schedule_span_end;?>
610			</td>
611			<td>
612			<?=htmlspecialchars($filterent['descr']);?>
613			</td>
614			<td>
615			<a href="firewall_rules_edit.php?id=<?=$i;?>" class="btn btn-xs btn-primary">edit</a>
616			<a href="firewall_rules_edit.php?dup=<?=$i;?>" class="btn btn-xs btn-default">copy</a>
617			<a href="?act=toggle&if=<?=htmlspecialchars($if);?>&id=<?=$i;?>" class="btn btn-xs btn-warning"><?=(isset($filterent['disabled']) ? 'enable' : 'disable')?></a>
618			<a href="?act=del&if=<?=htmlspecialchars($if);?>&id=<?=$i;?>" class="btn btn-xs btn-danger">delete</a>
619			</td>
620			</tr>
621			<?php
622	6cb366de	Stephen Beaver	$nrules++;
623	c821a6cd	Stephen Beaver	endfor;
624			?>
625			</tbody>
626			</table>
627			</div>
628			</div>
629	3b2c83b8	Sjon Hortensius
630			<?php if ($nrules == 0): ?>
631			<div class="alert alert-warning" role="alert">
632	06966500	Sander van Leeuwen	<p>
633	3b2c83b8	Sjon Hortensius	<?php if ($_REQUEST['if'] == "FloatingRules"): ?>
634			<?=gettext("No floating rules are currently defined.");?>
635			<?php else: ?>
636			<?=gettext("No rules are currently defined for this interface");?><br />
637			<?=gettext("All incoming connections on this interface will be blocked until you add pass rules.");?>
638			<?php endif;?>
639	06966500	Sander van Leeuwen	<?=gettext("Click the button to add a new rule.");?>
640			</p>
641	3b2c83b8	Sjon Hortensius	</div>
642			<?php endif;?>
643
644	c821a6cd	Stephen Beaver	<nav class="action-buttons">
645	6cb366de	Stephen Beaver	<input type="submit" id="order-store" name="order-store" class="btn btn-sm btn-primary" value="store changes" disabled="disabled" />
646			<input name="del_x" type="submit" class="btn btn-danger btn-sm" value="<?=gettext("Delete selected rules"); ?>" />
647	c821a6cd	Stephen Beaver	<a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>" role="button" class="btn btn-sm btn-success">
648			<?=gettext("add new");?>
649			</a>
650			</nav>
651			</form>
652			<!-- Legend -->
653			<div>
654			<dl class="dl-horizontal responsive">
655			<dt><?=gettext('Legend')?></dt> <dd></dd>
656			<dt><i class="icon icon-ok"></i></dt> <dd><?=gettext("pass");?></dd>
657			<dt><i class="icon icon-filter"></i></dt> <dd><?=gettext("match");?></dd>
658			<dt><i class="icon icon-remove"></i></dt> <dd><?=gettext("block");?></dd>
659			<dt><i class="icon icon-fire"></i></dt> <dd><?=gettext("reject");?></dd>
660			<dt><i class="icon icon-tasks"></i></dt> <dd> <?=gettext("log");?></dd>
661			<dt><i class="icon icon-cog"></i></dt> <dd> <?=gettext("advanced filter");?></dd>
662			</dl>
663			</div>
664
665			<?php
666			if ("FloatingRules" != $if)
667			print_info_box(gettext("Rules are evaluated on a first-match basis (i.e. " .
668			"the action of the first rule to match a packet will be executed). ") . '<br />' .
669			gettext("This means that if you use block rules, you'll have to pay attention " .
670			"to the rule order. Everything that isn't explicitly passed is blocked " .
671			"by default. "));
672			else
673			print_info_box(gettext("Floating rules are evaluated on a first-match basis (i.e. " .
674			"the action of the first rule to match a packet will be executed) only " .
675			"if the 'quick' option is checked on a rule. Otherwise they will only apply if no " .
676			"other rules match. Pay close attention to the rule order and options " .
677			"chosen. If no rule here matches, the per-interface or default rules are used. "));
678
679			?>
680	ea5665c7	Sjon Hortensius
681	6cb366de	Stephen Beaver	<script>
682			function fr_toggle(id, prefix) {
683			if (!prefix)
684			prefix = 'fr';
685
686			var checkbox = document.getElementById(prefix + 'c' + id);
687			checkbox.checked = !checkbox.checked;
688			fr_bgcolor(id, prefix);
689			}
690
691			function fr_bgcolor(id, prefix) {
692			if (!prefix)
693			prefix = 'fr';
694
695			var row = document.getElementById(prefix + id);
696			var checkbox = document.getElementById(prefix + 'c' + id);
697			var cells = row.getElementsByTagName('td');
698			var cellcnt = cells.length;
699
700			for (i = 0; i < cellcnt-1; i++) {
701			cells[i].style.backgroundColor = checkbox.checked ? "#DDF4FF" : "#FFFFFF";
702			}
703			}
704			</script>
705
706	ea5665c7	Sjon Hortensius	<script>
707			events.push(function() {
708			// Make rules sortable
709			$('table tbody.user-entries').sortable({
710			cursor: 'grabbing',
711			update: function(event, ui) {
712			$('#order-store').removeAttr('disabled');
713			}
714			});
715
716	6cb366de	Stephen Beaver	// Check all of the rule checkboxes so that their values are posted
717			$('#order-store').click(function () {
718			$('[id^=frc]').prop('checked', true);
719			alert();
720			});
721
722	ea5665c7	Sjon Hortensius	// Replace direct delete with quicker front-end action
723			/*FIXME: event ordering
724			$('.btn-danger').on('click', function(e){
725			$(this).parents('tr').remove();
726
727			$('#order-store').removeAttr('disabled');
728			});
729			*/});
730			</script>
731	c9d46a8e	Renato Botelho	<?php include("foot.inc");?>

Project

General

Profile

pfSense