Project

General

Profile

Download (32.7 KB) Statistics
| Branch: | Tag: | Revision:
1
#!/usr/local/bin/php
2
<?php
3
/* $Id$ */
4
/*
5
	firewall_shaper_edit.php
6
	part of m0n0wall (http://m0n0.ch/wall)
7

    
8
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
9
	All rights reserved.
10

    
11
	Redistribution and use in source and binary forms, with or without
12
	modification, are permitted provided that the following conditions are met:
13

    
14
	1. Redistributions of source code must retain the above copyright notice,
15
	   this list of conditions and the following disclaimer.
16

    
17
	2. Redistributions in binary form must reproduce the above copyright
18
	   notice, this list of conditions and the following disclaimer in the
19
	   documentation and/or other materials provided with the distribution.
20

    
21
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30
	POSSIBILITY OF SUCH DAMAGE.
31
*/
32

    
33
require("guiconfig.inc");
34

    
35
if (!is_array($config['shaper']['rule'])) {
36
	$config['shaper']['rule'] = array();
37
}
38
$a_shaper = &$config['shaper']['rule'];
39

    
40
$specialsrcdst = explode(" ", "any lan pptp");
41

    
42
$id = $_GET['id'];
43
if (isset($_POST['id']))
44
	$id = $_POST['id'];
45

    
46
$after = $_GET['after'];
47
if (isset($_POST['after']))
48
	$after = $_POST['after'];
49

    
50
if (isset($_GET['dup'])) {
51
	$id = $_GET['dup'];
52
	$after = $_GET['dup'];
53
}
54

    
55
if (isset($id) && $a_shaper[$id]) {
56
	$pconfig['interface'] = $a_shaper[$id]['interface'];
57

    
58
	if (isset($a_shaper[$id]['protocol']))
59
		$pconfig['proto'] = $a_shaper[$id]['protocol'];
60
	else
61
		$pconfig['proto'] = "any";
62

    
63
	address_to_pconfig($a_shaper[$id]['source'], $pconfig['src'],
64
		$pconfig['srcmask'], $pconfig['srcnot'],
65
		$pconfig['srcbeginport'], $pconfig['srcendport']);
66

    
67
	address_to_pconfig($a_shaper[$id]['destination'], $pconfig['dst'],
68
		$pconfig['dstmask'], $pconfig['dstnot'],
69
		$pconfig['dstbeginport'], $pconfig['dstendport']);
70

    
71
	$pconfig['inqueue'] = $a_shaper[$id]['inqueue'];
72
	$pconfig['outqueue'] = $a_shaper[$id]['outqueue'];
73

    
74
	$pconfig['direction'] = $a_shaper[$id]['direction'];
75
	$pconfig['iptos'] = $a_shaper[$id]['iptos'];
76
	$pconfig['tcpflags'] = $a_shaper[$id]['tcpflags'];
77
	$pconfig['descr'] = $a_shaper[$id]['descr'];
78
	$pconfig['disabled'] = isset($a_shaper[$id]['disabled']);
79

    
80
	if ($pconfig['srcbeginport'] == 0) {
81
		$pconfig['srcbeginport'] = "any";
82
		$pconfig['srcendport'] = "any";
83
	}
84
	if ($pconfig['dstbeginport'] == 0) {
85
		$pconfig['dstbeginport'] = "any";
86
		$pconfig['dstendport'] = "any";
87
	}
88

    
89
} else {
90
	/* defaults */
91
	$pconfig['src'] = "any";
92
	$pconfig['dst'] = "any";
93
}
94

    
95
if (isset($_GET['dup']))
96
	unset($id);
97

    
98
if ($_POST) {
99

    
100
	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "any")) {
101
		$_POST['srcbeginport'] = 0;
102
		$_POST['srcendport'] = 0;
103
		$_POST['dstbeginport'] = 0;
104
		$_POST['dstendport'] = 0;
105
	} else {
106

    
107
		if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
108
			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
109
		if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
110
			$_POST['srcendport'] = $_POST['srcendport_cust'];
111

    
112
		if ($_POST['srcbeginport'] == "any") {
113
			$_POST['srcbeginport'] = 0;
114
			$_POST['srcendport'] = 0;
115
		} else {
116
			if (!$_POST['srcendport'])
117
				$_POST['srcendport'] = $_POST['srcbeginport'];
118
		}
119
		if ($_POST['srcendport'] == "any")
120
			$_POST['srcendport'] = $_POST['srcbeginport'];
121

    
122
		if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
123
			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
124
		if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
125
			$_POST['dstendport'] = $_POST['dstendport_cust'];
126

    
127
		if ($_POST['dstbeginport'] == "any") {
128
			$_POST['dstbeginport'] = 0;
129
			$_POST['dstendport'] = 0;
130
		} else {
131
			if (!$_POST['dstendport'])
132
				$_POST['dstendport'] = $_POST['dstbeginport'];
133
		}
134
		if ($_POST['dstendport'] == "any")
135
			$_POST['dstendport'] = $_POST['dstbeginport'];
136
	}
137

    
138
	if (is_specialnet($_POST['srctype'])) {
139
		$_POST['src'] = $_POST['srctype'];
140
		$_POST['srcmask'] = 0;
141
	} else if ($_POST['srctype'] == "single") {
142
		$_POST['srcmask'] = 32;
143
	}
144
	if (is_specialnet($_POST['dsttype'])) {
145
		$_POST['dst'] = $_POST['dsttype'];
146
		$_POST['dstmask'] = 0;
147
	}  else if ($_POST['dsttype'] == "single") {
148
		$_POST['dstmask'] = 32;
149
	}
150

    
151
	$intos = array();
152
	foreach ($iptos as $tos) {
153
		if ($_POST['iptos_' . $tos] == "on")
154
			$intos[] = $tos;
155
		else if ($_POST['iptos_' . $tos] == "off")
156
			$intos[] = "!" . $tos;
157
	}
158
	$_POST['iptos'] = join(",", $intos);
159

    
160
	$intcpflags = array();
161
	foreach ($tcpflags as $tcpflag) {
162
		if ($_POST['tcpflags_' . $tcpflag] == "on")
163
			$intcpflags[] = $tcpflag;
164
		else if ($_POST['tcpflags_' . $tcpflag] == "off")
165
			$intcpflags[] = "!" . $tcpflag;
166
	}
167
	$_POST['tcpflags'] = join(",", $intcpflags);
168

    
169
	unset($input_errors);
170
	$pconfig = $_POST;
171

    
172
	/* input validation */
173
	$reqdfields = explode(" ", "inqueue outqueue proto src dst");
174
	$reqdfieldsn = explode(",", "Inbound Queue,Outbound Queue,Protocol,Source,Destination");
175

    
176
	if (!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) {
177
		$reqdfields[] = "srcmask";
178
		$reqdfieldsn[] = "Source bit count";
179
	}
180
	if (!(is_specialnet($_POST['dsttype']) || ($_POST['dsttype'] == "single"))) {
181
		$reqdfields[] = "dstmask";
182
		$reqdfieldsn[] = "Destination bit count";
183
	}
184

    
185
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
186

    
187
	if (!$_POST['srcbeginport']) {
188
		$_POST['srcbeginport'] = 0;
189
		$_POST['srcendport'] = 0;
190
	}
191
	if (!$_POST['dstbeginport']) {
192
		$_POST['dstbeginport'] = 0;
193
		$_POST['dstendport'] = 0;
194
	}
195

    
196
	if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) {
197
		$input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
198
	}
199
	if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) {
200
		$input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
201
	}
202
	if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) {
203
		$input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
204
	}
205
	if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) {
206
		$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
207
	}
208

    
209
	if (!is_specialnet($_POST['srctype'])) {
210
		if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
211
			$input_errors[] = "A valid source IP address or alias must be specified.";
212
		}
213
		if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
214
			$input_errors[] = "A valid source bit count must be specified.";
215
		}
216
	}
217
	if (!is_specialnet($_POST['dsttype'])) {
218
		if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
219
			$input_errors[] = "A valid destination IP address or alias must be specified.";
220
		}
221
		if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
222
			$input_errors[] = "A valid destination bit count must be specified.";
223
		}
224
	}
225

    
226
	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
227
		/* swap */
228
		$tmp = $_POST['srcendport'];
229
		$_POST['srcendport'] = $_POST['srcbeginport'];
230
		$_POST['srcbeginport'] = $tmp;
231
	}
232
	if ($_POST['dstbeginport'] > $_POST['dstendport']) {
233
		/* swap */
234
		$tmp = $_POST['dstendport'];
235
		$_POST['dstendport'] = $_POST['dstbeginport'];
236
		$_POST['dstbeginport'] = $tmp;
237
	}
238

    
239
	if (!$input_errors) {
240
		$shaperent = array();
241
		$shaperent['interface'] = $_POST['interface'];
242

    
243
		if ($_POST['proto'] != "any")
244
			$shaperent['protocol'] = $_POST['proto'];
245
		else
246
			unset($shaperent['protocol']);
247

    
248
		pconfig_to_address($shaperent['source'], $_POST['src'],
249
			$_POST['srcmask'], $_POST['srcnot'],
250
			$_POST['srcbeginport'], $_POST['srcendport']);
251

    
252
		pconfig_to_address($shaperent['destination'], $_POST['dst'],
253
			$_POST['dstmask'], $_POST['dstnot'],
254
			$_POST['dstbeginport'], $_POST['dstendport']);
255

    
256
		$shaperent['direction'] = $_POST['direction'];
257
		$shaperent['iptos'] = $_POST['iptos'];
258
		$shaperent['tcpflags'] = $_POST['tcpflags'];
259
		$shaperent['descr'] = $_POST['descr'];
260
		$shaperent['disabled'] = $_POST['disabled'] ? true : false;
261

    
262
		$shaperent['inqueue'] = $_POST['inqueue'];
263
		$shaperent['outqueue'] = $_POST['outqueue'];
264

    
265
		if (isset($id) && $a_shaper[$id])
266
			$a_shaper[$id] = $shaperent;
267
		else {
268
			if (is_numeric($after))
269
				array_splice($a_shaper, $after+1, 0, array($shaperent));
270
			else
271
				$a_shaper[] = $shaperent;
272
		}
273

    
274
		write_config();
275
		touch($d_shaperconfdirty_path);
276

    
277
		header("Location: firewall_shaper.php");
278
		exit;
279
	}
280
}
281

    
282
$pgtitle = "Firewall: Shaper: Edit rule";
283
include("head.inc");
284
?>
285

    
286
<script language="JavaScript">
287
<!--
288
var portsenabled = 1;
289

    
290
function ext_change() {
291
	if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) {
292
		document.iform.srcbeginport_cust.disabled = 0;
293
	} else {
294
		document.iform.srcbeginport_cust.value = "";
295
		document.iform.srcbeginport_cust.disabled = 1;
296
	}
297
	if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) {
298
		document.iform.srcendport_cust.disabled = 0;
299
	} else {
300
		document.iform.srcendport_cust.value = "";
301
		document.iform.srcendport_cust.disabled = 1;
302
	}
303
	if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled) {
304
		document.iform.dstbeginport_cust.disabled = 0;
305
	} else {
306
		document.iform.dstbeginport_cust.value = "";
307
		document.iform.dstbeginport_cust.disabled = 1;
308
	}
309
	if ((document.iform.dstendport.selectedIndex == 0) && portsenabled) {
310
		document.iform.dstendport_cust.disabled = 0;
311
	} else {
312
		document.iform.dstendport_cust.value = "";
313
		document.iform.dstendport_cust.disabled = 1;
314
	}
315

    
316
	if (!portsenabled) {
317
		document.iform.srcbeginport.disabled = 1;
318
		document.iform.srcendport.disabled = 1;
319
		document.iform.dstbeginport.disabled = 1;
320
		document.iform.dstendport.disabled = 1;
321
	} else {
322
		document.iform.srcbeginport.disabled = 0;
323
		document.iform.srcendport.disabled = 0;
324
		document.iform.dstbeginport.disabled = 0;
325
		document.iform.dstendport.disabled = 0;
326
	}
327
}
328

    
329
function typesel_change() {
330
	switch (document.iform.srctype.selectedIndex) {
331
		case 1:	/* single */
332
			document.iform.src.disabled = 0;
333
			document.iform.srcmask.value = "";
334
			document.iform.srcmask.disabled = 1;
335
			break;
336
		case 2:	/* network */
337
			document.iform.src.disabled = 0;
338
			document.iform.srcmask.disabled = 0;
339
			break;
340
		default:
341
			document.iform.src.value = "";
342
			document.iform.src.disabled = 1;
343
			document.iform.srcmask.value = "";
344
			document.iform.srcmask.disabled = 1;
345
			break;
346
	}
347
	switch (document.iform.dsttype.selectedIndex) {
348
		case 1:	/* single */
349
			document.iform.dst.disabled = 0;
350
			document.iform.dstmask.value = "";
351
			document.iform.dstmask.disabled = 1;
352
			break;
353
		case 2:	/* network */
354
			document.iform.dst.disabled = 0;
355
			document.iform.dstmask.disabled = 0;
356
			break;
357
		default:
358
			document.iform.dst.value = "";
359
			document.iform.dst.disabled = 1;
360
			document.iform.dstmask.value = "";
361
			document.iform.dstmask.disabled = 1;
362
			break;
363
	}
364
}
365

    
366
function proto_change() {
367
	if (document.iform.proto.selectedIndex < 2 || document.iform.proto.selectedIndex == 8) {
368
		portsenabled = 1;
369
	} else {
370
		portsenabled = 0;
371
	}
372

    
373
	ext_change();
374
}
375

    
376
function src_rep_change() {
377
	document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex;
378
}
379
function dst_rep_change() {
380
	document.iform.dstendport.selectedIndex = document.iform.dstbeginport.selectedIndex;
381
}
382
//-->
383
</script>
384
</head>
385

    
386
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
387
<?php include("fbegin.inc"); ?>
388
<p class="pgtitle"><?=$pgtitle?></p>
389
<?php if ($input_errors) print_input_errors($input_errors); ?>
390
<?php if (is_array($config['shaper']['queue']) && (count($config['shaper']['queue']) > 0)): ?>
391
            <form action="firewall_shaper_edit.php" method="post" name="iform" id="iform">
392
              <table width="100%" border="0" cellpadding="6" cellspacing="0">
393
                <tr>
394
                  <td valign="top" class="vncellreq">Target</td>
395
                  <td class="vtable"> <select name="outqueue" class="formfld">
396
                      <?php
397
					  foreach ($config['shaper']['queue'] as $queuei => $queue): ?>
398
                      <option value="<?=$queue['name'];?>" <?php if ($queue['name'] == $pconfig['outqueue']) echo "selected"; ?>>
399
                        <?php
400
					  	echo htmlspecialchars("Outbound Queue " . ($queuei + 1));
401
						if ($queue['name'])
402
							echo htmlspecialchars(" (" . $queue['name'] . ")");
403
			?>
404
                      </option>
405
                      <?php endforeach; ?>
406
                    </select>/<select name="inqueue" class="formfld">
407
                      <?php
408
					  foreach ($config['shaper']['queue'] as $queuei => $queue): ?>
409
                      <option value="<?=$queue['name'];?>" <?php if ($queue['name'] == $pconfig['inqueue']) echo "selected"; ?>>
410
                        <?php
411
					  	echo htmlspecialchars("Inbound Queue " . ($queuei + 1));
412
						if ($queue['name'])
413
							echo htmlspecialchars(" (" . $queue['name'] . ")");
414
			?>
415
                      </option>
416
                      <?php endforeach; ?> <br>
417
                    <span class="vexpl">Choose a queue where packets that
418
                    match this rule should be sent.</span></td>
419
                </tr>
420
                <tr>
421
                  <td valign="top" class="vncellreq">Disabled</td>
422
                  <td class="vtable">
423
                    <input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
424
                    <strong>Disable this rule</strong><br>
425
                    <span class="vexpl">Set this option to disable this rule without removing it from the list.</span></td>
426
                </tr>
427
                <tr>
428
                  <td width="22%" valign="top" class="vncellreq">Interface</td>
429
                  <td width="78%" class="vtable"> <select name="interface" class="formfld">
430
                      <?php $interfaces = array('lan' => 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP');
431
					  for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
432
					  	$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
433
					  }
434
					  foreach ($interfaces as $iface => $ifacename): ?>
435
                      <option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
436
                      <?=htmlspecialchars($ifacename);?>
437
                      </option>
438
                      <?php endforeach; ?>
439
                    </select> <br>
440
                    <span class="vexpl">Choose which interface packets must pass
441
                    through to match this rule.</span></td>
442
                </tr>
443
                <tr>
444
                  <td width="22%" valign="top" class="vncellreq">Protocol</td>
445
                  <td width="78%" class="vtable"> <select name="proto" class="formfld" onchange="proto_change()">
446
                      <?php $protocols = explode(" ", "TCP UDP ICMP ESP AH GRE IPv6 IGMP any"); foreach ($protocols as $proto): ?>
447
                      <option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>>
448
                      <?=htmlspecialchars($proto);?>
449
                      </option>
450
                      <?php endforeach; ?>
451
                    </select> <br> <span class="vexpl">Choose which IP protocol
452
                    this rule should match.<br>
453
                    Hint: in most cases, you should specify <em>TCP</em> &nbsp;here.</span></td>
454
                </tr>
455
                <tr>
456
                  <td width="22%" valign="top" class="vncellreq">Source</td>
457
                  <td width="78%" class="vtable"> <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
458
                    <strong>not</strong><br>
459
                    Use this option to invert the sense of the match.<br> <br>
460
                    <table border="0" cellspacing="0" cellpadding="0">
461
                      <tr>
462
                        <td>Type:&nbsp;&nbsp;</td>
463
                        <td><select name="srctype" class="formfld" onChange="typesel_change()">
464
                            <?php $sel = is_specialnet($pconfig['src']); ?>
465
                            <option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>
466
                            any</option>
467
                            <option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
468
                            Single host or alias</option>
469
                            <option value="network" <?php if (!$sel) echo "selected"; ?>>
470
                            Network</option>
471
                            <option value="lan" <?php if ($pconfig['src'] == "lan") { echo "selected"; } ?>>
472
                            LAN subnet</option>
473
                            <option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>
474
                            PPTP clients</option>
475
                            <?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
476
                            <option value="opt<?=$i;?>" <?php if ($pconfig['src'] == "opt" . $i) { echo "selected"; } ?>>
477
                            <?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?>
478
                            subnet</option>
479
                            <?php endfor; ?>
480
                          </select></td>
481
                      </tr>
482
                      <tr>
483
                        <td>Address:&nbsp;&nbsp;</td>
484
                        <td><input autocomplete='off' onblur='actb_removedisp()' onkeypress='return (event.keyCode!=13);'  onkeydown='actb_checkkey(event, this);' onkeyup='actb_tocomplete(this,event,addressarray)' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>">
485
                          /
486
                          <select name="srcmask" class="formfld" id="srcmask">
487
                            <?php for ($i = 31; $i > 0; $i--): ?>
488
                            <option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>>
489
                            <?=$i;?>
490
                            </option>
491
                            <?php endfor; ?>
492
                          </select></td>
493
                      </tr>
494
                    </table></td>
495
                </tr>
496
                <tr>
497
                  <td width="22%" valign="top" class="vncellreq">Source port range
498
                  </td>
499
                  <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
500
                      <tr>
501
                        <td>from:&nbsp;&nbsp;</td>
502
                        <td><select name="srcbeginport" class="formfld" onchange="src_rep_change();ext_change()">
503
                            <option value="">(other)</option>
504
                            <option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
505
                            <?php foreach ($wkports as $wkport => $wkportdesc): ?>
506
                            <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) {
507
																echo "selected";
508
																$bfound = 1;
509
															}?>>
510
                            <?=htmlspecialchars($wkportdesc);?>
511
                            </option>
512
                            <?php endforeach; ?>
513
                          </select> <input autocomplete='off' onblur='actb_removedisp()' onkeypress='return (event.keyCode!=13);'  onkeydown='actb_checkkey(event, this);' onkeyup='actb_tocomplete(this,event,customarray)' class="formfldalias" name="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"></td>
514
                      </tr>
515
                      <tr>
516
                        <td>to:</td>
517
                        <td><select name="srcendport" class="formfld" onchange="ext_change()">
518
                            <option value="">(other)</option>
519
                            <option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
520
                            <?php foreach ($wkports as $wkport => $wkportdesc): ?>
521
                            <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) {
522
																echo "selected";
523
																$bfound = 1;
524
															}?>>
525
                            <?=htmlspecialchars($wkportdesc);?>
526
                            </option>
527
                            <?php endforeach; ?>
528
                          </select> <input autocomplete='off' onblur='actb_removedisp()' onkeypress='return (event.keyCode!=13);'  onkeydown='actb_checkkey(event, this);' onkeyup='actb_tocomplete(this,event,customarray)' class="formfldalias" name="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"></td>
529
                      </tr>
530
                    </table>
531
                    <br> <span class="vexpl">Specify the port or port range for
532
                    the source of the packet for this rule.<br>
533
                    Hint: you can leave the <em>'to'</em> field empty if you only
534
                    want to filter a single port</span></td>
535
                <tr>
536
                  <td width="22%" valign="top" class="vncellreq">Destination</td>
537
                  <td width="78%" class="vtable"> <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
538
                    <strong>not</strong><br>
539
                    Use this option to invert the sense of the match.<br> <br>
540
                    <table border="0" cellspacing="0" cellpadding="0">
541
                      <tr>
542
                        <td>Type:&nbsp;&nbsp;</td>
543
                        <td><select name="dsttype" class="formfld" onChange="typesel_change()">
544
                            <?php $sel = is_specialnet($pconfig['dst']); ?>
545
                            <option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>
546
                            any</option>
547
                            <option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
548
                            Single host or alias</option>
549
                            <option value="network" <?php if (!$sel) echo "selected"; ?>>
550
                            Network</option>
551
                            <option value="lan" <?php if ($pconfig['dst'] == "lan") { echo "selected"; } ?>>
552
                            LAN subnet</option>
553
                            <option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>
554
                            PPTP clients</option>
555
                            <?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
556
                            <option value="opt<?=$i;?>" <?php if ($pconfig['dst'] == "opt" . $i) { echo "selected"; } ?>>
557
                            <?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?>
558
                            subnet</option>
559
                            <?php endfor; ?>
560
                          </select> </td>
561
                      </tr>
562
                      <tr>
563
                        <td>Address:&nbsp;&nbsp;</td>
564
                        <td><input name="dst" autocomplete='off' onblur='actb_removedisp()' onkeypress='return (event.keyCode!=13);'  onkeydown='actb_checkkey(event, this);' onkeyup='actb_tocomplete(this,event,addressarray)' type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
565
                          /
566
                          <select name="dstmask" class="formfld" id="dstmask">
567
                            <?php for ($i = 31; $i > 0; $i--): ?>
568
                            <option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>>
569
                            <?=$i;?>
570
                            </option>
571
                            <?php endfor; ?>
572
                          </select></td>
573
                      </tr>
574
                    </table></td>
575
                </tr>
576
                <tr>
577
                  <td width="22%" valign="top" class="vncellreq">Destination port
578
                    range </td>
579
                  <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
580
                      <tr>
581
                        <td>from:&nbsp;&nbsp;</td>
582
                        <td><select name="dstbeginport" class="formfld" onchange="dst_rep_change();ext_change()">
583
                            <option value="">(other)</option>
584
                            <option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
585
                            <?php foreach ($wkports as $wkport => $wkportdesc): ?>
586
                            <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) {
587
																echo "selected";
588
																$bfound = 1;
589
															}?>>
590
                            <?=htmlspecialchars($wkportdesc);?>
591
                            </option>
592
                            <?php endforeach; ?>
593
                          </select> <input autocomplete='off' onblur='actb_removedisp()' onkeypress='return (event.keyCode!=13);'  onkeydown='actb_checkkey(event, this);' onkeyup='actb_tocomplete(this,event,customarray)' class="formfldalias" name="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"></td>
594
                      </tr>
595
                      <tr>
596
                        <td>to:</td>
597
                        <td><select name="dstendport" class="formfld" onchange="ext_change()">
598
                            <option value="">(other)</option>
599
                            <option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
600
                            <?php foreach ($wkports as $wkport => $wkportdesc): ?>
601
                            <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) {
602
																echo "selected";
603
																$bfound = 1;
604
															}?>>
605
                            <?=htmlspecialchars($wkportdesc);?>
606
                            </option>
607
                            <?php endforeach; ?>
608
                          </select> <input autocomplete='off' onblur='actb_removedisp()' onkeypress='return (event.keyCode!=13);'  onkeydown='actb_checkkey(event, this);' onkeyup='actb_tocomplete(this,event,customarray)' class="formfldalias" name="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"></td>
609
                      </tr>
610
                    </table>
611
                    <br> <span class="vexpl">Specify the port or port range for
612
                    the destination of the packet for this rule.<br>
613
                    Hint: you can leave the <em>'to'</em> field empty if you only
614
                    want to filter a single port</span></td>
615
                <tr>
616
                  <td valign="top" class="vncell">Direction</td>
617
                  <td class="vtable"> <select name="direction" class="formfld">
618
                      <option value="" <?php if (!$pconfig['direction']) echo "selected"; ?>>any</option>
619
                      <option value="in" <?php if ($pconfig['direction'] == "in") echo "selected"; ?>>in</option>
620
                      <option value="out" <?php if ($pconfig['direction'] == "out") echo "selected"; ?>>out</option>
621
                    </select> <br>
622
                    Use this to match only packets travelling in a given direction
623
                    on the interface specified above (as seen from the firewall's
624
                    perspective). </td>
625
                </tr>
626
				<tr>
627
                  <td width="22%" valign="top" class="vncell">IP Type of Service (TOS)</td>
628
                  <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
629
                      <?php
630
				  $iniptos = explode(",", $pconfig['iptos']);
631
				  foreach ($iptos as $tos): $dontcare = true; ?>
632
                      <tr>
633
                        <td width="80" nowrap><strong>
634
			  <?echo $tos;?>
635
                          </strong></td>
636
                        <td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="on" <?php if (array_search($tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
637
                          yes&nbsp;&nbsp;&nbsp;</td>
638
                        <td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="off" <?php if (array_search("!" . $tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
639
                          no&nbsp;&nbsp;&nbsp;</td>
640
                        <td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="" <?php if ($dontcare) echo "checked";?>>
641
                          don't care</td>
642
                      </tr>
643
                      <?php endforeach; ?>
644
                    </table>
645
                    <span class="vexpl">Use this to match packets according to their IP TOS values.
646
                    </span></td>
647
                </tr>
648
                <tr>
649
                  <td width="22%" valign="top" class="vncell">TCP flags</td>
650
                  <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
651
                      <?php
652
				  $inflags = explode(",", $pconfig['tcpflags']);
653
				  foreach ($tcpflags as $tcpflag): $dontcare = true; ?>
654
                      <tr>
655
                        <td width="40" nowrap><strong>
656
                          <?=strtoupper($tcpflag);?>
657
                          </strong></td>
658
                        <td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="on" <?php if (array_search($tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>>
659
                          set&nbsp;&nbsp;&nbsp;</td>
660
                        <td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="off" <?php if (array_search("!" . $tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>>
661
                          cleared&nbsp;&nbsp;&nbsp;</td>
662
                        <td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="" <?php if ($dontcare) echo "checked";?>>
663
                          don't care</td>
664
                      </tr>
665
                      <?php endforeach; ?>
666
                    </table>
667
                    <span class="vexpl">Use this to choose TCP flags that must
668
                    be set or cleared for this rule to match.</span></td>
669
                </tr>
670
                <tr>
671
                  <td width="22%" valign="top" class="vncell">Description</td>
672
                  <td width="78%" class="vtable"> <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
673
                    <br> <span class="vexpl">You may enter a description here
674
                    for your reference (not parsed).</span></td>
675
                </tr>
676
                <tr>
677
                  <td width="22%" valign="top">&nbsp;</td>
678
                  <td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
679
                    <?php if (isset($id) && $a_shaper[$id]): ?>
680
                    <input name="id" type="hidden" value="<?=$id;?>">
681
                    <?php endif; ?>
682
					<input name="after" type="hidden" value="<?=$after;?>">
683
                  </td>
684
                </tr>
685
              </table>
686
</form>
687
<script language="JavaScript">
688
<!--
689
ext_change();
690
typesel_change();
691
proto_change();
692
-->
693
</script>
694
<?php else: ?>
695
<p><strong>You need to create a queue before you can add a new rule.</strong></p>
696
<?php endif; ?>
697
<?php
698
$isfirst = 0;
699
$aliases = "";
700
$addrisfirst = 0;
701
$aliasesaddr = "";
702
if(is_array($config['aliases']['alias'])) {
703
	foreach($config['aliases']['alias'] as $alias_name) {
704
		if(!stristr($alias_name['address'], ".")) {
705
			if($isfirst == 1) $aliases .= ",";
706
			$aliases .= "'" . $alias_name['name'] . "'";
707
			$isfirst = 1;
708
		} else {
709
			if($addrisfirst == 1) $aliasesaddr .= ",";
710
			$aliasesaddr .= "'" . $alias_name['name'] . "'";
711
			$addrisfirst = 1;
712
		}
713
	}
714
}
715
?>
716

    
717
<script language="JavaScript">
718
<!--
719
var addressarray=new Array(<?php echo $aliasesaddr; ?>);
720
var customarray=new Array(<?php echo $aliases; ?>);
721
//-->
722
</script>
723
<script type="text/javascript" language="javascript" src="auto_complete_helper.js">
724
</script>
725
<?php include("fend.inc"); ?>
726
</body>
727
</html>
(40-40/127)