|
1
|
#!/usr/local/bin/php
|
|
2
|
<?php
|
|
3
|
/*
|
|
4
|
firewall_rules_edit.php
|
|
5
|
Copyright (C) 2004 Scott Ullrich
|
|
6
|
All rights reserved.
|
|
7
|
|
|
8
|
originally part of m0n0wall (http://m0n0.ch/wall)
|
|
9
|
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
|
|
10
|
All rights reserved.
|
|
11
|
|
|
12
|
Redistribution and use in source and binary forms, with or without
|
|
13
|
modification, are permitted provided that the following conditions are met:
|
|
14
|
|
|
15
|
1. Redistributions of source code must retain the above copyright notice,
|
|
16
|
this list of conditions and the following disclaimer.
|
|
17
|
|
|
18
|
2. Redistributions in binary form must reproduce the above copyright
|
|
19
|
notice, this list of conditions and the following disclaimer in the
|
|
20
|
documentation and/or other materials provided with the distribution.
|
|
21
|
|
|
22
|
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
23
|
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
24
|
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
25
|
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
|
|
26
|
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
27
|
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
28
|
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
29
|
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
30
|
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
31
|
POSSIBILITY OF SUCH DAMAGE.
|
|
32
|
*/
|
|
33
|
|
|
34
|
require("guiconfig.inc");
|
|
35
|
|
|
36
|
$specialsrcdst = explode(" ", "any lan pptp");
|
|
37
|
|
|
38
|
if (!is_array($config['filter']['rule'])) {
|
|
39
|
$config['filter']['rule'] = array();
|
|
40
|
}
|
|
41
|
filter_rules_sort();
|
|
42
|
$a_filter = &$config['filter']['rule'];
|
|
43
|
|
|
44
|
$id = $_GET['id'];
|
|
45
|
if (is_numeric($_POST['id']))
|
|
46
|
$id = $_POST['id'];
|
|
47
|
|
|
48
|
$after = $_GET['after'];
|
|
49
|
|
|
50
|
if (isset($_POST['after']))
|
|
51
|
$after = $_POST['after'];
|
|
52
|
|
|
53
|
if (isset($_GET['dup'])) {
|
|
54
|
$id = $_GET['dup'];
|
|
55
|
$after = $_GET['dup'];
|
|
56
|
}
|
|
57
|
|
|
58
|
function is_specialnet($net) {
|
|
59
|
global $specialsrcdst;
|
|
60
|
|
|
61
|
if (in_array($net, $specialsrcdst) || strstr($net, "opt"))
|
|
62
|
return true;
|
|
63
|
else
|
|
64
|
return false;
|
|
65
|
}
|
|
66
|
|
|
67
|
function address_to_pconfig($adr, &$padr, &$pmask, &$pnot, &$pbeginport, &$pendport) {
|
|
68
|
|
|
69
|
if (isset($adr['any']))
|
|
70
|
$padr = "any";
|
|
71
|
else if ($adr['network'])
|
|
72
|
$padr = $adr['network'];
|
|
73
|
else if ($adr['address']) {
|
|
74
|
list($padr, $pmask) = explode("/", $adr['address']);
|
|
75
|
if (!$pmask)
|
|
76
|
$pmask = 32;
|
|
77
|
}
|
|
78
|
|
|
79
|
if (isset($adr['not']))
|
|
80
|
$pnot = 1;
|
|
81
|
else
|
|
82
|
$pnot = 0;
|
|
83
|
|
|
84
|
if ($adr['port']) {
|
|
85
|
list($pbeginport, $pendport) = explode("-", $adr['port']);
|
|
86
|
if (!$pendport)
|
|
87
|
$pendport = $pbeginport;
|
|
88
|
} else {
|
|
89
|
$pbeginport = "any";
|
|
90
|
$pendport = "any";
|
|
91
|
}
|
|
92
|
}
|
|
93
|
|
|
94
|
function pconfig_to_address(&$adr, $padr, $pmask, $pnot, $pbeginport, $pendport) {
|
|
95
|
|
|
96
|
$adr = array();
|
|
97
|
|
|
98
|
if ($padr == "any")
|
|
99
|
$adr['any'] = true;
|
|
100
|
else if (is_specialnet($padr))
|
|
101
|
$adr['network'] = $padr;
|
|
102
|
else {
|
|
103
|
$adr['address'] = $padr;
|
|
104
|
if ($pmask != 32)
|
|
105
|
$adr['address'] .= "/" . $pmask;
|
|
106
|
}
|
|
107
|
|
|
108
|
$adr['not'] = $pnot ? true : false;
|
|
109
|
|
|
110
|
if (($pbeginport != 0) && ($pbeginport != "any")) {
|
|
111
|
if ($pbeginport != $pendport)
|
|
112
|
$adr['port'] = $pbeginport . "-" . $pendport;
|
|
113
|
else
|
|
114
|
$adr['port'] = $pbeginport;
|
|
115
|
}
|
|
116
|
}
|
|
117
|
|
|
118
|
if (isset($id) && $a_filter[$id]) {
|
|
119
|
$pconfig['interface'] = $a_filter[$id]['interface'];
|
|
120
|
$pconfig['statetype'] = $a_filter[$id]['statetype'];
|
|
121
|
|
|
122
|
if (!isset($a_filter[$id]['type']))
|
|
123
|
$pconfig['type'] = "pass";
|
|
124
|
else
|
|
125
|
$pconfig['type'] = $a_filter[$id]['type'];
|
|
126
|
|
|
127
|
$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
|
|
128
|
$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
|
|
129
|
|
|
130
|
if (isset($a_filter[$id]['protocol']))
|
|
131
|
$pconfig['proto'] = $a_filter[$id]['protocol'];
|
|
132
|
else
|
|
133
|
$pconfig['proto'] = "any";
|
|
134
|
|
|
135
|
if ($a_filter[$id]['protocol'] == "icmp")
|
|
136
|
$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
|
|
137
|
|
|
138
|
address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
|
|
139
|
$pconfig['srcmask'], $pconfig['srcnot'],
|
|
140
|
$pconfig['srcbeginport'], $pconfig['srcendport']);
|
|
141
|
|
|
142
|
address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
|
|
143
|
$pconfig['dstmask'], $pconfig['dstnot'],
|
|
144
|
$pconfig['dstbeginport'], $pconfig['dstendport']);
|
|
145
|
|
|
146
|
$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
|
|
147
|
$pconfig['log'] = isset($a_filter[$id]['log']);
|
|
148
|
$pconfig['frags'] = isset($a_filter[$id]['frags']);
|
|
149
|
$pconfig['descr'] = $a_filter[$id]['descr'];
|
|
150
|
|
|
151
|
|
|
152
|
} else {
|
|
153
|
/* defaults */
|
|
154
|
if ($_GET['if'])
|
|
155
|
$pconfig['interface'] = $_GET['if'];
|
|
156
|
$pconfig['type'] = "pass";
|
|
157
|
$pconfig['src'] = "any";
|
|
158
|
$pconfig['dst'] = "any";
|
|
159
|
}
|
|
160
|
|
|
161
|
if (isset($_GET['dup']))
|
|
162
|
unset($id);
|
|
163
|
|
|
164
|
if ($_POST) {
|
|
165
|
|
|
166
|
if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
|
|
167
|
$_POST['srcbeginport'] = 0;
|
|
168
|
$_POST['srcendport'] = 0;
|
|
169
|
$_POST['dstbeginport'] = 0;
|
|
170
|
$_POST['dstendport'] = 0;
|
|
171
|
} else {
|
|
172
|
|
|
173
|
if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
|
|
174
|
$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
|
|
175
|
|
|
176
|
if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
|
|
177
|
$_POST['srcendport'] = $_POST['srcendport_cust'];
|
|
178
|
|
|
179
|
if ($_POST['srcbeginport'] == "any") {
|
|
180
|
$_POST['srcbeginport'] = 0;
|
|
181
|
$_POST['srcendport'] = 0;
|
|
182
|
} else {
|
|
183
|
if (!$_POST['srcendport'])
|
|
184
|
$_POST['srcendport'] = $_POST['srcbeginport'];
|
|
185
|
}
|
|
186
|
if ($_POST['srcendport'] == "any")
|
|
187
|
$_POST['srcendport'] = $_POST['srcbeginport'];
|
|
188
|
|
|
189
|
if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
|
|
190
|
$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
|
|
191
|
|
|
192
|
if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
|
|
193
|
$_POST['dstendport'] = $_POST['dstendport_cust'];
|
|
194
|
|
|
195
|
if ($_POST['dstbeginport'] == "any") {
|
|
196
|
$_POST['dstbeginport'] = 0;
|
|
197
|
$_POST['dstendport'] = 0;
|
|
198
|
} else {
|
|
199
|
if (!$_POST['dstendport'])
|
|
200
|
$_POST['dstendport'] = $_POST['dstbeginport'];
|
|
201
|
}
|
|
202
|
|
|
203
|
if ($_POST['dstendport'] == "any")
|
|
204
|
$_POST['dstendport'] = $_POST['dstbeginport'];
|
|
205
|
}
|
|
206
|
|
|
207
|
if (is_specialnet($_POST['srctype'])) {
|
|
208
|
$_POST['src'] = $_POST['srctype'];
|
|
209
|
$_POST['srcmask'] = 0;
|
|
210
|
} else if ($_POST['srctype'] == "single") {
|
|
211
|
$_POST['srcmask'] = 32;
|
|
212
|
}
|
|
213
|
if (is_specialnet($_POST['dsttype'])) {
|
|
214
|
$_POST['dst'] = $_POST['dsttype'];
|
|
215
|
$_POST['dstmask'] = 0;
|
|
216
|
} else if ($_POST['dsttype'] == "single") {
|
|
217
|
$_POST['dstmask'] = 32;
|
|
218
|
}
|
|
219
|
|
|
220
|
unset($input_errors);
|
|
221
|
$pconfig = $_POST;
|
|
222
|
|
|
223
|
/* input validation */
|
|
224
|
$reqdfields = explode(" ", "type interface proto src dst");
|
|
225
|
$reqdfieldsn = explode(",", "Type,Interface,Protocol,Source,Destination");
|
|
226
|
|
|
227
|
if (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) {
|
|
228
|
$reqdfields[] = "srcmask";
|
|
229
|
$reqdfieldsn[] = "Source bit count";
|
|
230
|
}
|
|
231
|
if (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) {
|
|
232
|
$reqdfields[] = "dstmask";
|
|
233
|
$reqdfieldsn[] = "Destination bit count";
|
|
234
|
}
|
|
235
|
|
|
236
|
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
|
|
237
|
|
|
238
|
if (!$_POST['srcbeginport']) {
|
|
239
|
$_POST['srcbeginport'] = 0;
|
|
240
|
$_POST['srcendport'] = 0;
|
|
241
|
}
|
|
242
|
if (!$_POST['dstbeginport']) {
|
|
243
|
$_POST['dstbeginport'] = 0;
|
|
244
|
$_POST['dstendport'] = 0;
|
|
245
|
}
|
|
246
|
|
|
247
|
if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state")
|
|
248
|
if( $_POST['proto'] == "udp" or $_POST['proto'] == "tcp/udp" or $_POST['proto'] == "icmp")
|
|
249
|
$input_errors[] = "You cannot select udp or icmp when using modulate state or synproxy state.";
|
|
250
|
|
|
251
|
if (($_POST['srcbeginport'] && !is_port($_POST['srcbeginport'])))
|
|
252
|
$input_errors[] = "The start source port must be an integer between 1 and 65535.";
|
|
253
|
|
|
254
|
if (($_POST['srcendport'] && !is_port($_POST['srcendport'])))
|
|
255
|
$input_errors[] = "The end source port must be an integer between 1 and 65535.";
|
|
256
|
|
|
257
|
if (($_POST['dstbeginport'] && !is_port($_POST['dstbeginport'])))
|
|
258
|
$input_errors[] = "The start destination port must be an integer between 1 and 65535.";
|
|
259
|
|
|
260
|
if (($_POST['dstendport'] && !is_port($_POST['dstendport'])))
|
|
261
|
$input_errors[] = "The end destination port must be an integer between 1 and 65535.";
|
|
262
|
|
|
263
|
|
|
264
|
if (!is_specialnet($_POST['srctype'])) {
|
|
265
|
if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
|
|
266
|
$input_errors[] = "A valid source IP address or alias must be specified.";
|
|
267
|
}
|
|
268
|
if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
|
|
269
|
$input_errors[] = "A valid source bit count must be specified.";
|
|
270
|
}
|
|
271
|
}
|
|
272
|
if (!is_specialnet($_POST['dsttype'])) {
|
|
273
|
if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
|
|
274
|
$input_errors[] = "A valid destination IP address or alias must be specified.";
|
|
275
|
}
|
|
276
|
if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
|
|
277
|
$input_errors[] = "A valid destination bit count must be specified.";
|
|
278
|
}
|
|
279
|
}
|
|
280
|
|
|
281
|
if ($_POST['srcbeginport'] > $_POST['srcendport']) {
|
|
282
|
/* swap */
|
|
283
|
$tmp = $_POST['srcendport'];
|
|
284
|
$_POST['srcendport'] = $_POST['srcbeginport'];
|
|
285
|
$_POST['srcbeginport'] = $tmp;
|
|
286
|
}
|
|
287
|
if ($_POST['dstbeginport'] > $_POST['dstendport']) {
|
|
288
|
/* swap */
|
|
289
|
$tmp = $_POST['dstendport'];
|
|
290
|
$_POST['dstendport'] = $_POST['dstbeginport'];
|
|
291
|
$_POST['dstbeginport'] = $tmp;
|
|
292
|
}
|
|
293
|
|
|
294
|
if (!$input_errors) {
|
|
295
|
$filterent = array();
|
|
296
|
$filterent['type'] = $_POST['type'];
|
|
297
|
$filterent['interface'] = $_POST['interface'];
|
|
298
|
$filterent['creategif'] = $_POST['creategif'];
|
|
299
|
|
|
300
|
$filterent['statetype'] = $_POST['statetype'];
|
|
301
|
|
|
302
|
if ($_POST['proto'] != "any")
|
|
303
|
$filterent['protocol'] = $_POST['proto'];
|
|
304
|
else
|
|
305
|
unset($filterent['protocol']);
|
|
306
|
|
|
307
|
if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
|
|
308
|
$filterent['icmptype'] = $_POST['icmptype'];
|
|
309
|
else
|
|
310
|
unset($filterent['icmptype']);
|
|
311
|
|
|
312
|
pconfig_to_address($filterent['source'], $_POST['src'],
|
|
313
|
$_POST['srcmask'], $_POST['srcnot'],
|
|
314
|
$_POST['srcbeginport'], $_POST['srcendport']);
|
|
315
|
|
|
316
|
pconfig_to_address($filterent['destination'], $_POST['dst'],
|
|
317
|
$_POST['dstmask'], $_POST['dstnot'],
|
|
318
|
$_POST['dstbeginport'], $_POST['dstendport']);
|
|
319
|
|
|
320
|
$filterent['disabled'] = $_POST['disabled'] ? true : false;
|
|
321
|
$filterent['log'] = $_POST['log'] ? true : false;
|
|
322
|
$filterent['frags'] = $_POST['frags'] ? true : false;
|
|
323
|
$filterent['descr'] = $_POST['descr'];
|
|
324
|
|
|
325
|
/* ALTQ */
|
|
326
|
$filterent['direction'] = $_POST['direction'];
|
|
327
|
$filterent['queue'] = $_POST['queue'];
|
|
328
|
|
|
329
|
/* Advanced options */
|
|
330
|
$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
|
|
331
|
$filterent['max-src-states'] = $_POST['max-src-states'];
|
|
332
|
|
|
333
|
if (isset($id) && $a_filter[$id])
|
|
334
|
$a_filter[$id] = $filterent;
|
|
335
|
else {
|
|
336
|
if (is_numeric($after))
|
|
337
|
array_splice($a_filter, $after+1, 0, array($filterent));
|
|
338
|
else
|
|
339
|
$a_filter[] = $filterent;
|
|
340
|
}
|
|
341
|
|
|
342
|
write_config();
|
|
343
|
touch($d_filterconfdirty_path);
|
|
344
|
|
|
345
|
header("Location: firewall_rules.php?if=" . $_POST['interface']);
|
|
346
|
exit;
|
|
347
|
}
|
|
348
|
}
|
|
349
|
?>
|
|
350
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
351
|
<html>
|
|
352
|
<head>
|
|
353
|
<title><?=gentitle("Firewall: Rules: Edit");?></title>
|
|
354
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
|
355
|
<link href="gui.css" rel="stylesheet" type="text/css">
|
|
356
|
<script language="JavaScript">
|
|
357
|
<!--
|
|
358
|
var portsenabled = 1;
|
|
359
|
var goingtofire = 1;
|
|
360
|
function ext_change() {
|
|
361
|
if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) {
|
|
362
|
document.iform.srcbeginport_cust.disabled = 0;
|
|
363
|
} else {
|
|
364
|
document.iform.srcbeginport_cust.value = "";
|
|
365
|
document.iform.srcbeginport_cust.disabled = 1;
|
|
366
|
}
|
|
367
|
if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) {
|
|
368
|
document.iform.srcendport_cust.disabled = 0;
|
|
369
|
} else {
|
|
370
|
document.iform.srcendport_cust.value = "";
|
|
371
|
document.iform.srcendport_cust.disabled = 1;
|
|
372
|
}
|
|
373
|
if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled) {
|
|
374
|
document.iform.dstbeginport_cust.disabled = 0;
|
|
375
|
} else {
|
|
376
|
document.iform.dstbeginport_cust.value = "";
|
|
377
|
document.iform.dstbeginport_cust.disabled = 1;
|
|
378
|
}
|
|
379
|
if ((document.iform.dstendport.selectedIndex == 0) && portsenabled) {
|
|
380
|
document.iform.dstendport_cust.disabled = 0;
|
|
381
|
} else {
|
|
382
|
document.iform.dstendport_cust.value = "";
|
|
383
|
document.iform.dstendport_cust.disabled = 1;
|
|
384
|
}
|
|
385
|
|
|
386
|
if (!portsenabled) {
|
|
387
|
document.iform.srcbeginport.disabled = 1;
|
|
388
|
document.iform.srcendport.disabled = 1;
|
|
389
|
document.iform.dstbeginport.disabled = 1;
|
|
390
|
document.iform.dstendport.disabled = 1;
|
|
391
|
} else {
|
|
392
|
document.iform.srcbeginport.disabled = 0;
|
|
393
|
document.iform.srcendport.disabled = 0;
|
|
394
|
document.iform.dstbeginport.disabled = 0;
|
|
395
|
document.iform.dstendport.disabled = 0;
|
|
396
|
}
|
|
397
|
}
|
|
398
|
|
|
399
|
function typesel_change(dstype) {
|
|
400
|
if(goingtofire != 0) return;
|
|
401
|
goingtofire = 1;
|
|
402
|
switch (document.iform.srctype.selectedIndex) {
|
|
403
|
case 1: /* single */
|
|
404
|
document.iform.src.disabled = 0;
|
|
405
|
document.iform.srcmask.value = "";
|
|
406
|
document.iform.srcmask.disabled = 1;
|
|
407
|
break;
|
|
408
|
case 2: /* network */
|
|
409
|
document.iform.src.disabled = 0;
|
|
410
|
document.iform.srcmask.disabled = 0;
|
|
411
|
break;
|
|
412
|
default:
|
|
413
|
document.iform.src.value = "";
|
|
414
|
document.iform.src.disabled = 1;
|
|
415
|
document.iform.srcmask.value = "";
|
|
416
|
document.iform.srcmask.disabled = 1;
|
|
417
|
break;
|
|
418
|
}
|
|
419
|
switch (document.iform.dsttype.selectedIndex) {
|
|
420
|
case 1: /* single */
|
|
421
|
document.iform.dst.disabled = 0;
|
|
422
|
document.iform.dstmask.value = "";
|
|
423
|
document.iform.dstmask.disabled = 1;
|
|
424
|
break;
|
|
425
|
case 2: /* network */
|
|
426
|
document.iform.dst.disabled = 0;
|
|
427
|
document.iform.dstmask.disabled = 0;
|
|
428
|
break;
|
|
429
|
default:
|
|
430
|
document.iform.dst.value = "";
|
|
431
|
document.iform.dst.disabled = 1;
|
|
432
|
document.iform.dstmask.value = "";
|
|
433
|
document.iform.dstmask.disabled = 1;
|
|
434
|
break;
|
|
435
|
}
|
|
436
|
if(dstype == "src") {
|
|
437
|
var selected = document.iform.srctype.selectedIndex;
|
|
438
|
var selectedtext = document.iform.srctype.options[selected].value;
|
|
439
|
var boxtext = document.iform.srctype.options[selected].text;
|
|
440
|
if(boxtext.indexOf("alias:") != -1) {
|
|
441
|
|
|
442
|
document.iform.src.value = selectedtext;
|
|
443
|
document.iform.srctype.options[1].selected = true;
|
|
444
|
}
|
|
445
|
} else {
|
|
446
|
var selected = document.iform.dsttype.selectedIndex;
|
|
447
|
var selectedtext = document.iform.dsttype.options[selected].value;
|
|
448
|
var boxtext = document.iform.dsttype.options[selected].text;
|
|
449
|
if(boxtext.indexOf("alias:") != -1) {
|
|
450
|
document.iform.dst.value = selectedtext;
|
|
451
|
document.iform.dsttype.options[1].selected = true;
|
|
452
|
}
|
|
453
|
}
|
|
454
|
goingtofire = 0;
|
|
455
|
}
|
|
456
|
|
|
457
|
function proto_change() {
|
|
458
|
if (document.iform.proto.selectedIndex < 3) {
|
|
459
|
portsenabled = 1;
|
|
460
|
} else {
|
|
461
|
portsenabled = 0;
|
|
462
|
}
|
|
463
|
|
|
464
|
if (document.iform.proto.selectedIndex == 3) {
|
|
465
|
document.iform.icmptype.disabled = 0;
|
|
466
|
} else {
|
|
467
|
document.iform.icmptype.disabled = 1;
|
|
468
|
}
|
|
469
|
|
|
470
|
ext_change();
|
|
471
|
}
|
|
472
|
|
|
473
|
function src_rep_change() {
|
|
474
|
document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex;
|
|
475
|
}
|
|
476
|
function dst_rep_change() {
|
|
477
|
document.iform.dstendport.selectedIndex = document.iform.dstbeginport.selectedIndex;
|
|
478
|
}
|
|
479
|
//-->
|
|
480
|
</script>
|
|
481
|
</head>
|
|
482
|
|
|
483
|
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
|
|
484
|
<?php include("fbegin.inc"); ?>
|
|
485
|
<p class="pgtitle">Firewall: Rules: Edit</p>
|
|
486
|
<?php if ($input_errors) print_input_errors($input_errors); ?>
|
|
487
|
<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
|
|
488
|
<table width="100%" border="0" cellpadding="6" cellspacing="0">
|
|
489
|
<tr>
|
|
490
|
<td width="22%" valign="top" class="vncellreq">Action</td>
|
|
491
|
<td width="78%" class="vtable">
|
|
492
|
<select name="type" class="formfld">
|
|
493
|
<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
|
|
494
|
<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
|
|
495
|
<?=htmlspecialchars($type);?>
|
|
496
|
</option>
|
|
497
|
<?php endforeach; ?>
|
|
498
|
</select> <br>
|
|
499
|
<span class="vexpl">Choose what to do with packets that match the criteria specified below.<br>
|
|
500
|
Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded. Reject only works when the protocol is set to either TCP or UDP (but not "TCP/UDP") below.</span></td>
|
|
501
|
</tr>
|
|
502
|
<tr>
|
|
503
|
<td width="22%" valign="top" class="vncellreq">Disabled</td>
|
|
504
|
<td width="78%" class="vtable">
|
|
505
|
<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
|
|
506
|
<strong>Disable this rule</strong><br>
|
|
507
|
<span class="vexpl">Set this option to disable this rule without
|
|
508
|
removing it from the list.</span></td>
|
|
509
|
</tr>
|
|
510
|
<tr>
|
|
511
|
<td width="22%" valign="top" class="vncellreq">Interface</td>
|
|
512
|
<td width="78%" class="vtable">
|
|
513
|
<select name="interface" class="formfld">
|
|
514
|
<?php $interfaces = array('wan' => 'WAN', 'lan' => 'LAN', 'pptp' => 'PPTP');
|
|
515
|
for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
|
|
516
|
$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
|
|
517
|
}
|
|
518
|
foreach ($interfaces as $iface => $ifacename): ?>
|
|
519
|
<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
|
|
520
|
<?=htmlspecialchars($ifacename);?>
|
|
521
|
</option>
|
|
522
|
<?php endforeach; ?>
|
|
523
|
</select> <br>
|
|
524
|
<span class="vexpl">Choose on which interface packets must
|
|
525
|
come in to match this rule.</span></td>
|
|
526
|
</tr>
|
|
527
|
<tr>
|
|
528
|
<td width="22%" valign="top" class="vncellreq">Protocol</td>
|
|
529
|
<td width="78%" class="vtable">
|
|
530
|
<select name="proto" class="formfld" onchange="proto_change()">
|
|
531
|
<?php $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPv6 IGMP any"); foreach ($protocols as $proto): ?>
|
|
532
|
<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>>
|
|
533
|
<?=htmlspecialchars($proto);?>
|
|
534
|
</option>
|
|
535
|
<?php endforeach; ?>
|
|
536
|
</select> <br>
|
|
537
|
<span class="vexpl">Choose which IP protocol this rule should
|
|
538
|
match.<br>
|
|
539
|
Hint: in most cases, you should specify <em>TCP</em> here.</span></td>
|
|
540
|
</tr>
|
|
541
|
<tr>
|
|
542
|
<td valign="top" class="vncell">ICMP type</td>
|
|
543
|
<td class="vtable">
|
|
544
|
<select name="icmptype" class="formfld">
|
|
545
|
<?php
|
|
546
|
|
|
547
|
$icmptypes = array(
|
|
548
|
"" => "any",
|
|
549
|
"unreach" => "Destination unreachable",
|
|
550
|
"echo" => "Echo",
|
|
551
|
"echorep" => "Echo reply",
|
|
552
|
"squench" => "Source quench",
|
|
553
|
"redir" => "Redirect",
|
|
554
|
"timex" => "Time exceeded",
|
|
555
|
"paramprob" => "Parameter problem",
|
|
556
|
"timest" => "Timestamp",
|
|
557
|
"timestrep" => "Timestamp reply",
|
|
558
|
"inforeq" => "Information request",
|
|
559
|
"inforep" => "Information reply",
|
|
560
|
"maskreq" => "Address mask request",
|
|
561
|
"maskrep" => "Address mask reply"
|
|
562
|
);
|
|
563
|
|
|
564
|
foreach ($icmptypes as $icmptype => $descr): ?>
|
|
565
|
<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>>
|
|
566
|
<?=htmlspecialchars($descr);?>
|
|
567
|
</option>
|
|
568
|
<?php endforeach; ?>
|
|
569
|
</select>
|
|
570
|
<br>
|
|
571
|
<span class="vexpl">If you selected ICMP for the protocol above, you may specify an ICMP type here.</span></td>
|
|
572
|
</tr>
|
|
573
|
<tr>
|
|
574
|
<td width="22%" valign="top" class="vncellreq">Source</td>
|
|
575
|
<td width="78%" class="vtable">
|
|
576
|
<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
|
|
577
|
<strong>not</strong><br>
|
|
578
|
Use this option to invert the sense of the match.<br>
|
|
579
|
<br>
|
|
580
|
<table border="0" cellspacing="0" cellpadding="0">
|
|
581
|
<tr>
|
|
582
|
<td>Type: </td>
|
|
583
|
<td><select id="srctype" name="srctype" class="formfld" onChange="typesel_change('src');">
|
|
584
|
<?php $sel = is_specialnet($pconfig['src']); ?>
|
|
585
|
<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>
|
|
586
|
any</option>
|
|
587
|
<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
|
|
588
|
Single host or alias</option>
|
|
589
|
<option value="network" <?php if (!$sel) echo "selected"; ?>>
|
|
590
|
Network</option>
|
|
591
|
<option value="lan" <?php if ($pconfig['src'] == "lan") { echo "selected"; } ?>>
|
|
592
|
LAN subnet</option>
|
|
593
|
<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>
|
|
594
|
PPTP clients</option>
|
|
595
|
<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
|
|
596
|
<option value="opt<?=$i;?>" <?php if ($pconfig['src'] == "opt" . $i) { echo "selected"; } ?>>
|
|
597
|
<?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?> subnet</option>
|
|
598
|
<?php endfor; ?>
|
|
599
|
<?php
|
|
600
|
foreach ($config['aliases']['alias'] as $alias) {
|
|
601
|
echo "<option value=\"" . $alias['name'] . "\">alias:" . $alias['name'] . "</option>\n";
|
|
602
|
}
|
|
603
|
?>
|
|
604
|
</select></td>
|
|
605
|
</tr>
|
|
606
|
<tr>
|
|
607
|
<td>Address: </td>
|
|
608
|
<td><input name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>">
|
|
609
|
/
|
|
610
|
<select name="srcmask" class="formfld" id="srcmask">
|
|
611
|
<?php
|
|
612
|
for ($i = 32; $i > 0; $i--) {
|
|
613
|
echo "<option value=\"{$i}\" ";
|
|
614
|
if ($i == $pconfig['subnet']) echo "selected";
|
|
615
|
echo ">" . $i . "</option>";
|
|
616
|
}
|
|
617
|
?>
|
|
618
|
</select>
|
|
619
|
</td>
|
|
620
|
</tr>
|
|
621
|
</table></td>
|
|
622
|
</tr>
|
|
623
|
<tr>
|
|
624
|
<td width="22%" valign="top" class="vncellreq">Source port range
|
|
625
|
</td>
|
|
626
|
<td width="78%" class="vtable">
|
|
627
|
<table border="0" cellspacing="0" cellpadding="0">
|
|
628
|
<tr>
|
|
629
|
<td>from: </td>
|
|
630
|
<td><select name="srcbeginport" class="formfld" onchange="src_rep_change();ext_change()">
|
|
631
|
<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
|
|
632
|
<option value="">(other)</option>
|
|
633
|
<?php foreach ($wkports as $wkport => $wkportdesc): ?>
|
|
634
|
<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) {
|
|
635
|
echo "selected";
|
|
636
|
$bfound = 1;
|
|
637
|
}?>>
|
|
638
|
<?=htmlspecialchars($wkportdesc);?>
|
|
639
|
</option>
|
|
640
|
<?php endforeach; ?>
|
|
641
|
</select> <input name="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"></td>
|
|
642
|
</tr>
|
|
643
|
<tr>
|
|
644
|
<td>to:</td>
|
|
645
|
<td><select name="srcendport" class="formfld" onchange="ext_change()">
|
|
646
|
<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
|
|
647
|
<option value="">(other)</option>
|
|
648
|
<?php foreach ($wkports as $wkport => $wkportdesc): ?>
|
|
649
|
<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) {
|
|
650
|
echo "selected";
|
|
651
|
$bfound = 1;
|
|
652
|
}?>>
|
|
653
|
<?=htmlspecialchars($wkportdesc);?>
|
|
654
|
</option>
|
|
655
|
<?php endforeach; ?>
|
|
656
|
</select> <input name="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"></td>
|
|
657
|
</tr>
|
|
658
|
</table>
|
|
659
|
<span class="vexpl">Specify the port or port range for
|
|
660
|
the source of the packet for this rule. This is usually not equal to the destination port range (and is often "any"). <br>
|
|
661
|
Hint: you can leave the <em>'to'</em> field empty if you only
|
|
662
|
want to filter a single port</span></td>
|
|
663
|
<tr>
|
|
664
|
<td width="22%" valign="top" class="vncellreq">Destination</td>
|
|
665
|
<td width="78%" class="vtable">
|
|
666
|
<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
|
|
667
|
<strong>not</strong><br>
|
|
668
|
Use this option to invert the sense of the match.<br>
|
|
669
|
<br>
|
|
670
|
<table border="0" cellspacing="0" cellpadding="0">
|
|
671
|
<tr>
|
|
672
|
<td>Type: </td>
|
|
673
|
<td><select id="dsttype" name="dsttype" class="formfld" onChange="typesel_change('dst');">
|
|
674
|
<?php $sel = is_specialnet($pconfig['dst']); ?>
|
|
675
|
<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>
|
|
676
|
any</option>
|
|
677
|
<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
|
|
678
|
Single host or alias</option>
|
|
679
|
<option value="network" <?php if (!$sel) echo "selected"; ?>>
|
|
680
|
Network</option>
|
|
681
|
<option value="lan" <?php if ($pconfig['dst'] == "lan") { echo "selected"; } ?>>
|
|
682
|
LAN subnet</option>
|
|
683
|
<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>
|
|
684
|
PPTP clients</option>
|
|
685
|
<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
|
|
686
|
<option value="opt<?=$i;?>" <?php if ($pconfig['dst'] == "opt" . $i) { echo "selected"; } ?>>
|
|
687
|
<?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?> subnet</option>
|
|
688
|
<?php endfor; ?>
|
|
689
|
<?php
|
|
690
|
foreach ($config['aliases']['alias'] as $alias) {
|
|
691
|
echo "<option value=\"" . $alias['name'] . "\">alias:" . $alias['name'] . "</option>\n";
|
|
692
|
}
|
|
693
|
?>
|
|
694
|
</select></td>
|
|
695
|
</tr>
|
|
696
|
<tr>
|
|
697
|
<td>Address: </td>
|
|
698
|
<td><input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
|
|
699
|
/
|
|
700
|
<select name="dstmask" class="formfld" id="dstmask";>
|
|
701
|
<?php
|
|
702
|
for ($i = 32; $i > 0; $i--) {
|
|
703
|
if($i <> 31) {
|
|
704
|
echo "<option value=\"{$i}\" ";
|
|
705
|
if ($i == $pconfig['subnet']) echo "selected";
|
|
706
|
echo ">" . $i . "</option>";
|
|
707
|
}
|
|
708
|
}
|
|
709
|
?>
|
|
710
|
</select>
|
|
711
|
</td>
|
|
712
|
</tr>
|
|
713
|
</table></td>
|
|
714
|
</tr>
|
|
715
|
<tr>
|
|
716
|
<td width="22%" valign="top" class="vncellreq">Destination port
|
|
717
|
range </td>
|
|
718
|
<td width="78%" class="vtable">
|
|
719
|
<table border="0" cellspacing="0" cellpadding="0">
|
|
720
|
<tr>
|
|
721
|
<td>from: </td>
|
|
722
|
<td><select name="dstbeginport" class="formfld" onchange="dst_rep_change();ext_change()">
|
|
723
|
<option value="">(other)</option>
|
|
724
|
<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
|
|
725
|
<?php foreach ($wkports as $wkport => $wkportdesc): ?>
|
|
726
|
<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) {
|
|
727
|
echo "selected";
|
|
728
|
$bfound = 1;
|
|
729
|
}?>>
|
|
730
|
<?=htmlspecialchars($wkportdesc);?>
|
|
731
|
</option>
|
|
732
|
<?php endforeach; ?>
|
|
733
|
</select> <input name="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"></td>
|
|
734
|
</tr>
|
|
735
|
<tr>
|
|
736
|
<td>to:</td>
|
|
737
|
<td><select name="dstendport" class="formfld" onchange="ext_change()">
|
|
738
|
<option value="">(other)</option>
|
|
739
|
<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
|
|
740
|
<?php foreach ($wkports as $wkport => $wkportdesc): ?>
|
|
741
|
<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) {
|
|
742
|
echo "selected";
|
|
743
|
$bfound = 1;
|
|
744
|
}?>>
|
|
745
|
<?=htmlspecialchars($wkportdesc);?>
|
|
746
|
</option>
|
|
747
|
<?php endforeach; ?>
|
|
748
|
</select> <input name="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"></td>
|
|
749
|
</tr>
|
|
750
|
</table>
|
|
751
|
<br> <span class="vexpl">Specify the port or port range for
|
|
752
|
the destination of the packet for this rule.<br>
|
|
753
|
Hint: you can leave the <em>'to'</em> field empty if you only
|
|
754
|
want to filter a single port</span></td>
|
|
755
|
|
|
756
|
<tr>
|
|
757
|
<td width="22%" valign="top" class="vncellreq">Fragments</td>
|
|
758
|
<td width="78%" class="vtable">
|
|
759
|
<input name="frags" type="checkbox" id="frags" value="yes" <?php if ($pconfig['frags']) echo "checked"; ?>>
|
|
760
|
<strong>Allow fragmented packets</strong><br>
|
|
761
|
<span class="vexpl">Hint: this option puts additional load
|
|
762
|
on the firewall and may make it vulnerable to DoS attacks.
|
|
763
|
In most cases, it is not needed. Try enabling it if you have
|
|
764
|
troubles connecting to certain sites.</span></td>
|
|
765
|
</tr>
|
|
766
|
<tr>
|
|
767
|
<td width="22%" valign="top" class="vncellreq">Log</td>
|
|
768
|
<td width="78%" class="vtable">
|
|
769
|
<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
|
|
770
|
<strong>Log packets that are handled by this rule</strong><br>
|
|
771
|
<span class="vexpl">Hint: the firewall has limited local log
|
|
772
|
space. Don't turn on logging for everything. If you want to
|
|
773
|
do a lot of logging, consider using a remote syslog server
|
|
774
|
(see the <a href="diag_logs_settings.php">Diagnostics: System
|
|
775
|
logs: Settings</a> page).</span></td>
|
|
776
|
</tr>
|
|
777
|
<tr>
|
|
778
|
<td width="22%" valign="top" class="vncell">Description</td>
|
|
779
|
<td width="78%" class="vtable">
|
|
780
|
<input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
|
|
781
|
<br> <span class="vexpl">You may enter a description here
|
|
782
|
for your reference (not parsed).</span></td>
|
|
783
|
</tr>
|
|
784
|
|
|
785
|
|
|
786
|
<tr>
|
|
787
|
<td width="22%" valign="top" class="vncell">Traffic Queuing / Shaping</td>
|
|
788
|
<td width="78%" class="vtable">
|
|
789
|
Direction: <select name="direction">
|
|
790
|
<?php if($pconfig['direction'] <> "")
|
|
791
|
echo "<option value=\"" . htmlspecialchars($pconfig['direction']) . "\">" . htmlspecialchars($pconfig['direction']) . "</option>";
|
|
792
|
?>
|
|
793
|
<option value="">DONT CARE</option>
|
|
794
|
<option value="in">IN</option>
|
|
795
|
<option value="out">OUT</option>
|
|
796
|
</select>
|
|
797
|
<br> <span class="vexpl">If you need fine grained control on direction, select an option here.
|
|
798
|
<p><span class="vexpl"><input type="checkbox" name="autocreatequeue"> Automatically create a new queue for this rule.</span>
|
|
799
|
</td>
|
|
800
|
</tr>
|
|
801
|
|
|
802
|
<tr>
|
|
803
|
<td width="22%" valign="top" class="vncell">Advanced Options</td>
|
|
804
|
<td width="78%" class="vtable">
|
|
805
|
<input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br> Simultaneous client connection limit<p>
|
|
806
|
<input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br> Maximum state entries per host<br>
|
|
807
|
<p><strong>NOTE: Leave these fields blank to disable this feature.</strong>
|
|
808
|
</td>
|
|
809
|
</tr>
|
|
810
|
|
|
811
|
<tr>
|
|
812
|
<td width="22%" valign="top" class="vncell">State Type</td>
|
|
813
|
<td width="78%" class="vtable">
|
|
814
|
<select name="statetype">
|
|
815
|
<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>>keep state</option>
|
|
816
|
<option value="modulate state" <?php if($pconfig['statetype'] == "modulate state") echo "selected"; ?>>modulate state</option>
|
|
817
|
<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>>synproxy state</option>
|
|
818
|
<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>>none</option>
|
|
819
|
</select><br>HINT: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.
|
|
820
|
<p><strong>
|
|
821
|
<table>
|
|
822
|
<tr><td><li>keep state</li></td><td>works with TCP, UDP, and ICMP.</td></tr>
|
|
823
|
<tr><td><li>modulate state</li></td><td>works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs) for packets matching this rule.</li></td></tr>
|
|
824
|
<tr><td><li>synproxy state</li></td><td>proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.</td></tr>
|
|
825
|
<tr><td><li>none</li></td><td>do not use state mechanisms to keep track. this is only useful if your doing advanced queueing in certain situations. please check the faq.</td></tr>
|
|
826
|
</strong>
|
|
827
|
</td>
|
|
828
|
</tr>
|
|
829
|
|
|
830
|
<tr>
|
|
831
|
<td width="22%" valign="top"> </td>
|
|
832
|
<td width="78%">
|
|
833
|
<input name="Submit" type="submit" class="formbtn" value="Save">
|
|
834
|
<?php if (isset($id) && $a_filter[$id]): ?>
|
|
835
|
<input name="id" type="hidden" value="<?=$id;?>">
|
|
836
|
<?php endif; ?>
|
|
837
|
<input name="after" type="hidden" value="<?=$after;?>">
|
|
838
|
</td>
|
|
839
|
</tr>
|
|
840
|
|
|
841
|
</table>
|
|
842
|
</form>
|
|
843
|
<script language="JavaScript">
|
|
844
|
<!--
|
|
845
|
ext_change();
|
|
846
|
typesel_change();
|
|
847
|
proto_change();
|
|
848
|
goingtofire = 0;
|
|
849
|
//-->
|
|
850
|
</script>
|
|
851
|
<?php include("fend.inc"); ?>
|
|
852
|
</body>
|
|
853
|
</html>
|