/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ 70ec6cc2

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	9ae40f2b	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	9ae40f2b	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	9ae40f2b	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	7ac5a4cb	Scott Ullrich	/*
32			pfSense_MODULE: nat
33			*/
34	5b237745	Scott Ullrich
35	6b07c15a	Matthew Grooms	##\|+PRIV
36			##\|*IDENT=page-firewall-nat-portforward-edit
37			##\|*NAME=Firewall: NAT: Port Forward: Edit page
38			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
39			##\|MATCH=firewall_nat_edit.php
40			##\|-PRIV
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("itemid.inc");
44	1a03cf69	Scott Ullrich	require("filter.inc");
45			require("shaper.inc");
46	5b237745	Scott Ullrich
47	59ecde49	Renato Botelho	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
48			$ifdisp = get_configured_interface_with_descr();
49			foreach ($ifdisp as $kif => $kdescr) {
50			$specialsrcdst[] = "{$kif}";
51			$specialsrcdst[] = "{$kif}ip";
52			}
53
54	5b237745	Scott Ullrich	if (!is_array($config['nat']['rule'])) {
55			$config['nat']['rule'] = array();
56			}
57			$a_nat = &$config['nat']['rule'];
58
59			$id = $_GET['id'];
60			if (isset($_POST['id']))
61			$id = $_POST['id'];
62
63	4a991889	Bill Marquette	if (isset($_GET['dup'])) {
64			$id = $_GET['dup'];
65			$after = $_GET['dup'];
66			}
67
68	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
69	59ecde49	Renato Botelho	$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
70			$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
71
72			address_to_pconfig($a_nat[$id]['source'], $pconfig['src'],
73			$pconfig['srcmask'], $pconfig['srcnot'],
74			$pconfig['srcbeginport'], $pconfig['srcendport']);
75
76			address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'],
77			$pconfig['dstmask'], $pconfig['dstnot'],
78			$pconfig['dstbeginport'], $pconfig['dstendport']);
79
80	5b237745	Scott Ullrich	$pconfig['proto'] = $a_nat[$id]['protocol'];
81			$pconfig['localip'] = $a_nat[$id]['target'];
82			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
83			$pconfig['descr'] = $a_nat[$id]['descr'];
84			$pconfig['interface'] = $a_nat[$id]['interface'];
85	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
86	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
87	15409667	Erik Fonnesbeck	$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
88	59ecde49	Renato Botelho
89	5b237745	Scott Ullrich	if (!$pconfig['interface'])
90			$pconfig['interface'] = "wan";
91			} else {
92			$pconfig['interface'] = "wan";
93	59ecde49	Renato Botelho	$pconfig['src'] = "any";
94			$pconfig['srcbeginport'] = "any";
95			$pconfig['srcendport'] = "any";
96	5b237745	Scott Ullrich	}
97
98	a6713b32	Bill Marquette	if (isset($_GET['dup']))
99			unset($id);
100
101	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
102	59ecde49	Renato Botelho	* cannot think he is slick and perform a XSS attack on the unwilling
103	ef2a753c	Scott Ullrich	*/
104	b45babae	Evgeny Yurchenko	unset($input_errors);
105	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
106			$temp = $value;
107			$newpost = htmlentities($temp);
108	59ecde49	Renato Botelho	if($newpost <> $temp)
109	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
110	ef2a753c	Scott Ullrich	}
111
112	5b237745	Scott Ullrich	if ($_POST) {
113
114	59ecde49	Renato Botelho	if(strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") {
115			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
116			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
117			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
118			$_POST['srcendport'] = $_POST['srcendport_cust'];
119
120			if ($_POST['srcbeginport'] == "any") {
121			$_POST['srcbeginport'] = 0;
122			$_POST['srcendport'] = 0;
123			} else {
124			if (!$_POST['srcendport'])
125			$_POST['srcendport'] = $_POST['srcbeginport'];
126			}
127			if ($_POST['srcendport'] == "any")
128			$_POST['srcendport'] = $_POST['srcbeginport'];
129
130			if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
131			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
132			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
133			$_POST['dstendport'] = $_POST['dstendport_cust'];
134
135			if ($_POST['dstbeginport'] == "any") {
136			$_POST['dstbeginport'] = 0;
137			$_POST['dstendport'] = 0;
138			} else {
139			if (!$_POST['dstendport'])
140			$_POST['dstendport'] = $_POST['dstbeginport'];
141			}
142			if ($_POST['dstendport'] == "any")
143			$_POST['dstendport'] = $_POST['dstbeginport'];
144
145			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
146			$_POST['localbeginport'] = $_POST['localbeginport_cust'];
147	9ae40f2b	Scott Ullrich
148	59ecde49	Renato Botelho	/* Make beginning port end port if not defined and endport is */
149			if (!$_POST['srcbeginport'] && $_POST['srcendport'])
150			$_POST['srcbeginport'] = $_POST['srcendport'];
151			if (!$_POST['dstbeginport'] && $_POST['dstendport'])
152			$_POST['dstbeginport'] = $_POST['dstendport'];
153			} else {
154			$_POST['srcbeginport'] = 0;
155			$_POST['srcendport'] = 0;
156			$_POST['dstbeginport'] = 0;
157			$_POST['dstendport'] = 0;
158			}
159
160			if (is_specialnet($_POST['srctype'])) {
161			$_POST['src'] = $_POST['srctype'];
162			$_POST['srcmask'] = 0;
163			} else if ($_POST['srctype'] == "single") {
164			$_POST['srcmask'] = 32;
165			}
166			if (is_specialnet($_POST['dsttype'])) {
167			$_POST['dst'] = $_POST['dsttype'];
168			$_POST['dstmask'] = 0;
169			} else if ($_POST['dsttype'] == "single") {
170			$_POST['dstmask'] = 32;
171			} else if (is_ipaddr($_POST['dsttype'])) {
172			$_POST['dst'] = $_POST['dsttype'];
173			$_POST['dstmask'] = 32;
174			$_POST['dsttype'] = "single";
175			}
176	9ae40f2b	Scott Ullrich
177	5b237745	Scott Ullrich	$pconfig = $_POST;
178
179			/* input validation */
180	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
181	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto dstbeginport dstendport");
182			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));
183	b66f7667	Scott Ullrich	} else {
184	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto");
185			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"));
186	b66f7667	Scott Ullrich	}
187	9ae40f2b	Scott Ullrich
188	59ecde49	Renato Botelho	if ($_POST['srctype'] == "single" \|\| $_POST['srctype'] == "network") {
189			$reqdfields[] = "src";
190	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Source address");
191	59ecde49	Renato Botelho	}
192			if ($_POST['dsttype'] == "single" \|\| $_POST['dsttype'] == "network") {
193			$reqdfields[] = "dst";
194	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Destination address");
195	59ecde49	Renato Botelho	}
196	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr'])) {
197			$reqdfields[] = "localip";
198			$reqdfieldsn[] = gettext("Redirect target IP");
199			}
200	59ecde49	Renato Botelho
201	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
202	9ae40f2b	Scott Ullrich
203	59ecde49	Renato Botelho	if (!$_POST['srcbeginport']) {
204			$_POST['srcbeginport'] = 0;
205			$_POST['srcendport'] = 0;
206			}
207			if (!$_POST['dstbeginport']) {
208			$_POST['dstbeginport'] = 0;
209			$_POST['dstendport'] = 0;
210			}
211
212	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
213			$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);
214	5b237745	Scott Ullrich	}
215	9ae40f2b	Scott Ullrich
216	59ecde49	Renato Botelho	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
217	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
218	59ecde49	Renato Botelho	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
219	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
220	59ecde49	Renato Botelho	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
221	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
222	59ecde49	Renato Botelho	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
223	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
224	59ecde49	Renato Botelho
225	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && $_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {
226	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid local port. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
227	59ecde49	Renato Botelho	}
228	9ae40f2b	Scott Ullrich
229	59ecde49	Renato Botelho	/* if user enters an alias and selects "network" then disallow. */
230			if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) )
231			\|\| ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) {
232	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
233	59ecde49	Renato Botelho	}
234	b66f7667	Scott Ullrich
235	59ecde49	Renato Botelho	if (!is_specialnet($_POST['srctype'])) {
236			if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
237	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
238	b66f7667	Scott Ullrich	}
239	59ecde49	Renato Botelho	if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
240	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid source bit count must be specified.");
241	b66f7667	Scott Ullrich	}
242	59ecde49	Renato Botelho	}
243			if (!is_specialnet($_POST['dsttype'])) {
244			if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
245	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
246	b66f7667	Scott Ullrich	}
247	59ecde49	Renato Botelho	if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
248	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid destination bit count must be specified.");
249	b66f7667	Scott Ullrich	}
250	59ecde49	Renato Botelho	}
251
252			if ($_POST['srcbeginport'] > $_POST['srcendport']) {
253			/* swap */
254			$tmp = $_POST['srcendport'];
255			$_POST['srcendport'] = $_POST['srcbeginport'];
256			$_POST['srcbeginport'] = $tmp;
257			}
258			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
259			/* swap */
260			$tmp = $_POST['dstendport'];
261			$_POST['dstendport'] = $_POST['dstbeginport'];
262			$_POST['dstbeginport'] = $tmp;
263			}
264	ea0805c1	Scott Ullrich
265	59ecde49	Renato Botelho	if (!$input_errors) {
266	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
267	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
268	5b237745	Scott Ullrich	}
269	9ae40f2b	Scott Ullrich
270	5b237745	Scott Ullrich	/* check for overlaps */
271			foreach ($a_nat as $natent) {
272			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
273			continue;
274			if ($natent['interface'] != $_POST['interface'])
275			continue;
276	59ecde49	Renato Botelho	if ($natent['destination']['address'] != $_POST['dst'])
277	5b237745	Scott Ullrich	continue;
278	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
279			continue;
280	ea0805c1	Scott Ullrich
281	59ecde49	Renato Botelho	list($begp,$endp) = explode("-", $natent['destination']['port']);
282	5b237745	Scott Ullrich	if (!$endp)
283			$endp = $begp;
284	ea0805c1	Scott Ullrich
285	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
286			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
287	ea0805c1	Scott Ullrich
288	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
289	5b237745	Scott Ullrich	break;
290			}
291			}
292
293	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
294			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation");
295
296	5b237745	Scott Ullrich	if (!$input_errors) {
297			$natent = array();
298	9ae40f2b	Scott Ullrich
299	59ecde49	Renato Botelho	$natent['disabled'] = isset($_POST['disabled']) ? true:false;
300			$natent['nordr'] = isset($_POST['nordr']) ? true:false;
301
302	6fa73745	Erik Fonnesbeck	if ($natent['nordr']) {
303			$_POST['associated-rule-id'] = '';
304			$_POST['filter-rule-association'] = '';
305			}
306
307	59ecde49	Renato Botelho	pconfig_to_address($natent['source'], $_POST['src'],
308			$_POST['srcmask'], $_POST['srcnot'],
309			$_POST['srcbeginport'], $_POST['srcendport']);
310
311			pconfig_to_address($natent['destination'], $_POST['dst'],
312			$_POST['dstmask'], $_POST['dstnot'],
313			$_POST['dstbeginport'], $_POST['dstendport']);
314
315			$natent['protocol'] = $_POST['proto'];
316	9ae40f2b	Scott Ullrich
317	6fa73745	Erik Fonnesbeck	if (!$natent['nordr']) {
318			$natent['target'] = $_POST['localip'];
319			$natent['local-port'] = $_POST['localbeginport'];
320			}
321	5b237745	Scott Ullrich	$natent['interface'] = $_POST['interface'];
322			$natent['descr'] = $_POST['descr'];
323	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
324	59ecde49	Renato Botelho
325	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
326	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
327	9ae40f2b	Scott Ullrich
328	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
329			$natent['nosync'] = true;
330			else
331			unset($natent['nosync']);
332
333	15409667	Erik Fonnesbeck	if ($_POST['natreflection'] == "enable" \|\| $_POST['natreflection'] == "disable")
334			$natent['natreflection'] = $_POST['natreflection'];
335			else
336			unset($natent['natreflection']);
337
338	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
339	f83fa942	Ermal	if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) \|\| $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) {
340	473d0ff0	pierrepomes	// Delete the previous rule
341	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
342	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
343			}
344
345	5335abae	unknown	$need_filter_rule = false;
346			// Updating a rule with a filter rule associated
347	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id']))
348	5335abae	unknown	$need_filter_rule = true;
349	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
350	9b16b834	Ermal Lu?i	if( $natent['associated-rule-id']=='new' ) {
351	473d0ff0	pierrepomes	$need_filter_rule = true;
352	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
353	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
354			}
355	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
356	473d0ff0	pierrepomes	else if( isset($_POST['filter-rule-association']) &&
357			($_POST['filter-rule-association']=='add-associated' \|\|
358	5335abae	unknown	$_POST['filter-rule-association']=='add-unassociated') )
359			$need_filter_rule = true;
360
361	473d0ff0	pierrepomes	// Determine NAT entry ID now, we need it for the firewall rule
362			if (isset($id) && $a_nat[$id])
363			$a_nat[$id] = $natent;
364			else {
365			if (is_numeric($after))
366			$id = $after + 1;
367			else
368			$id = count($a_nat);
369			}
370	5335abae	unknown
371	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
372	9ae40f2b	Scott Ullrich
373	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
374	9ae40f2b	Scott Ullrich	$filterent = array();
375	9b16b834	Ermal Lu?i	unset($filterentid);
376	473d0ff0	pierrepomes	// If a rule already exists, load it
377	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
378			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
379	59345b3c	Renato Botelho	if ($filterentid == false)
380	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'];
381	59345b3c	Renato Botelho	else
382	9b16b834	Ermal Lu?i	$filterent =& $config['filter']['rule'][$filterentid];
383	59345b3c	Renato Botelho	}
384			pconfig_to_address($filterent['source'], $_POST['src'],
385			$_POST['srcmask'], $_POST['srcnot'],
386			$_POST['srcbeginport'], $_POST['srcendport']);
387	473d0ff0	pierrepomes
388			// Update interface, protocol and destination
389	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
390			$filterent['protocol'] = $_POST['proto'];
391			$filterent['destination']['address'] = $_POST['localip'];
392	9ae40f2b	Scott Ullrich
393	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
394	59ecde49	Renato Botelho	$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
395	9ae40f2b	Scott Ullrich
396	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
397			$filterent['destination']['port'] = $dstpfrom;
398			else
399			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
400	9ae40f2b	Scott Ullrich
401	06246e5b	Seth Mos	/*
402			* Our firewall filter description may be no longer than
403			* 63 characters, so don't let it be.
404			*/
405	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
406	9ae40f2b	Scott Ullrich
407	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
408			if( $_POST['filter-rule-association']=='add-associated' ) {
409	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
410	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
411			}
412	9ae40f2b	Scott Ullrich
413	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
414	5b237745	Scott Ullrich	}
415	9ae40f2b	Scott Ullrich
416	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
417			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config");
418
419	473d0ff0	pierrepomes	// Update the NAT entry now
420	b9e28d57	unknown	if (isset($id) && $a_nat[$id])
421			$a_nat[$id] = $natent;
422			else {
423			if (is_numeric($after))
424			array_splice($a_nat, $after+1, 0, array($natent));
425			else
426			$a_nat[] = $natent;
427			}
428
429			mark_subsystem_dirty('natconf');
430
431	5b237745	Scott Ullrich	write_config();
432	9ae40f2b	Scott Ullrich
433	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
434			exit;
435			}
436			}
437	da7ae7ef	Bill Marquette
438	ba1a0433	Renato Botelho	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit"));
439	da7ae7ef	Bill Marquette	include("head.inc");
440
441	5b237745	Scott Ullrich	?>
442	f4a8f48f	Scott Ullrich	<link rel="stylesheet" href="/pfCenter/javascript/chosen/chosen.css" />
443			</head>
444	da7ae7ef	Bill Marquette
445	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
446	f4a8f48f	Scott Ullrich	<script src="/pfCenter/javascript/chosen/chosen.proto.js" type="text/javascript"></script>
447
448	4ce8ac00	Erik Kristensen	<?php
449			include("fbegin.inc"); ?>
450	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
451			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
452			<table width="100%" border="0" cellpadding="6" cellspacing="0">
453	2a6cb2d6	Scott Ullrich	<tr>
454	6cac9bda	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
455	59ecde49	Renato Botelho	</tr>
456	2ea00c3e	Scott Ullrich	<?php
457			// Allow extending of the firewall edit page and include custom input validation
458			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly");
459			?>
460	59ecde49	Renato Botelho	<tr>
461	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
462	59ecde49	Renato Botelho	<td width="78%" class="vtable">
463			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
464	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("Disable this rule"); ?></strong><br />
465			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
466	59ecde49	Renato Botelho	</td>
467			</tr>
468			<tr>
469	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
470	59ecde49	Renato Botelho	<td width="78%" class="vtable">
471	44374c0a	Erik Fonnesbeck	<input type="checkbox" name="nordr" id="nordr" onClick="nordr_change();" <?php if($pconfig['nordr']) echo "CHECKED"; ?>>
472	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
473			<br><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
474	59ecde49	Renato Botelho	</td>
475			</tr>
476			<tr>
477	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
478	5b237745	Scott Ullrich	<td width="78%" class="vtable">
479	bcbcc2f8	Erik Fonnesbeck	<select name="interface" class="formselect" onChange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
480	5b237745	Scott Ullrich	<?php
481	59ecde49	Renato Botelho
482	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
483	a1dece5e	Scott Ullrich	// Allow extending of the firewall edit interfaces
484	b2f54b5e	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
485	59ecde49	Renato Botelho	foreach ($iflist as $if => $ifdesc)
486			if(have_ruleint_access($if))
487	cbe3ea96	Ermal Luçi	$interfaces[$if] = $ifdesc;
488	59ecde49	Renato Botelho
489	f6018115	Erik Fonnesbeck	if ($config['l2tp']['mode'] == "server")
490			if(have_ruleint_access("l2tp"))
491			$interfaces['l2tp'] = "L2TP VPN";
492
493	40b56dc1	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
494	59ecde49	Renato Botelho	if(have_ruleint_access("pptp"))
495	40b56dc1	Scott Ullrich	$interfaces['pptp'] = "PPTP VPN";
496	59ecde49	Renato Botelho
497	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
498			$interfaces['pppoe'] = "PPPoE VPN";
499	59ecde49	Renato Botelho
500	40b56dc1	Scott Ullrich	/* add ipsec interfaces */
501	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
502	59ecde49	Renato Botelho	if(have_ruleint_access("enc0"))
503			$interfaces["enc0"] = "IPsec";
504	40b56dc1	Scott Ullrich
505	f6018115	Erik Fonnesbeck	/* add openvpn/tun interfaces */
506			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
507			$interfaces["openvpn"] = "OpenVPN";
508
509	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
510			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
511			<?=htmlspecialchars($ifacename);?>
512			</option>
513			<?php endforeach; ?>
514			</select><br>
515	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br>
516			<?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td>
517	5b237745	Scott Ullrich	</tr>
518	9ae40f2b	Scott Ullrich	<tr>
519	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
520	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
521	b5c78501	Seth Mos	<select name="proto" class="formselect" onChange="proto_change(); check_for_aliases();">
522	e598eab5	Scott Ullrich	<?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP"); foreach ($protocols as $proto): ?>
523	5b237745	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
524			<?php endforeach; ?>
525	6cac9bda	Carlos Eduardo Ramos	</select> <br> <span class="vexpl"><?=gettext("Choose which IP protocol " .
526			"this rule should match."); ?><br>
527	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em>  <?=gettext("here."); ?></span></td>
528	5b237745	Scott Ullrich	</tr>
529	59ecde49	Renato Botelho	<tr id="showadvancedboxsrc" name="showadvancedboxsrc">
530	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
531	59ecde49	Renato Botelho	<td width="78%" class="vtable">
532	3a92149b	Carlos Eduardo Ramos	<input type="button" onClick="show_source()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source address and port range"); ?></a>
533	59ecde49	Renato Botelho	</td>
534			</tr>
535			<tr style="display: none;" id="srctable" name="srctable">
536	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
537	59ecde49	Renato Botelho	<td width="78%" class="vtable">
538	ba1a0433	Renato Botelho	<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
539	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
540	59ecde49	Renato Botelho	<br />
541	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
542	59ecde49	Renato Botelho	<br />
543			<br />
544			<table border="0" cellspacing="0" cellpadding="0">
545			<tr>
546	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
547	59ecde49	Renato Botelho	<td>
548			<select name="srctype" class="formselect" onChange="typesel_change()">
549			<?php
550			$sel = is_specialnet($pconfig['src']); ?>
551	6cac9bda	Carlos Eduardo Ramos	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option>
552			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
553			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option>
554	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
555	ba1a0433	Renato Botelho	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option>
556	59ecde49	Renato Botelho	<?php endif; ?>
557			<?php if(have_ruleint_access("pppoe")): ?>
558	ba1a0433	Renato Botelho	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option>
559	59ecde49	Renato Botelho	<?php endif; ?>
560			<?php if(have_ruleint_access("l2tp")): ?>
561	ba1a0433	Renato Botelho	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option>
562	3a92149b	Carlos Eduardo Ramos	<?php endif; ?>
563	59ecde49	Renato Botelho	<?php
564			foreach ($ifdisp as $ifent => $ifdesc): ?>
565			<?php if(have_ruleint_access($ifent)): ?>
566	6cac9bda	Carlos Eduardo Ramos	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option>
567	59ecde49	Renato Botelho	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
568	ba1a0433	Renato Botelho	<?=$ifdesc?> <?=gettext("address");?>
569	59ecde49	Renato Botelho	</option>
570			<?php endif; ?>
571			<?php endforeach; ?>
572			</select>
573			</td>
574			</tr>
575			<tr>
576	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
577	59ecde49	Renato Botelho	<td>
578			<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
579			<select name="srcmask" class="formselect" id="srcmask">
580			<?php for ($i = 31; $i > 0; $i--): ?>
581			<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
582			<?php endfor; ?>
583			</select>
584			</td>
585			</tr>
586			</table>
587			</td>
588			</tr>
589			<tr style="display:none" id="sprtable" name="sprtable">
590	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range"); ?></td>
591	59ecde49	Renato Botelho	<td width="78%" class="vtable">
592			<table border="0" cellspacing="0" cellpadding="0">
593			<tr>
594	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
595	59ecde49	Renato Botelho	<td>
596			<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
597	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
598			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any"); ?></option>
599	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
600			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
601			<?php endforeach; ?>
602			</select>
603	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
604	59ecde49	Renato Botelho	</td>
605			</tr>
606			<tr>
607	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
608	59ecde49	Renato Botelho	<td>
609			<select name="srcendport" class="formselect" onchange="ext_change()">
610	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
611			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any"); ?></option>
612	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
613			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
614			<?php endforeach; ?>
615			</select>
616	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
617	59ecde49	Renato Botelho	</td>
618			</tr>
619			</table>
620			<br />
621	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>.</b> <br /> <?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to filter a single port."); ?></span><br/>
622	59ecde49	Renato Botelho	</td>
623			</tr>
624			<tr>
625	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td>
626	59ecde49	Renato Botelho	<td width="78%" class="vtable">
627			<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
628	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
629	59ecde49	Renato Botelho	<br />
630	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
631	59ecde49	Renato Botelho	<br />
632			<br />
633			<table border="0" cellspacing="0" cellpadding="0">
634			<tr>
635	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
636	59ecde49	Renato Botelho	<td>
637			<select name="dsttype" class="formselect" onChange="typesel_change()">
638			<?php
639			$sel = is_specialnet($pconfig['dst']); ?>
640	6cac9bda	Carlos Eduardo Ramos	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option>
641			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
642			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option>
643	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
644	ba1a0433	Renato Botelho	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option>
645	59ecde49	Renato Botelho	<?php endif; ?>
646			<?php if(have_ruleint_access("pppoe")): ?>
647	ba1a0433	Renato Botelho	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option>
648	59ecde49	Renato Botelho	<?php endif; ?>
649			<?php if(have_ruleint_access("l2tp")): ?>
650	ba1a0433	Renato Botelho	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option>
651	59ecde49	Renato Botelho	<?php endif; ?>
652
653			<?php foreach ($ifdisp as $if => $ifdesc): ?>
654			<?php if(have_ruleint_access($if)): ?>
655	6cac9bda	Carlos Eduardo Ramos	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option>
656	59ecde49	Renato Botelho	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
657	ba1a0433	Renato Botelho	<?=$ifdesc;?> <?=gettext("address");?>
658	59ecde49	Renato Botelho	</option>
659			<?php endif; ?>
660			<?php endforeach; ?>
661
662			<?php if (is_array($config['virtualip']['vip'])):
663			foreach ($config['virtualip']['vip'] as $sn):
664	e2c1d6c5	jim-p	if (isset($sn['noexpand']))
665			continue;
666	59ecde49	Renato Botelho	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
667	08a5d2eb	jim-p	$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
668			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
669			$len = $end - $start;
670			for ($i = 0; $i <= $len; $i++):
671			$snip = long2ip32($start+$i);
672	59ecde49	Renato Botelho	?>
673			<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
674			<?php endfor;
675			else:
676			?>
677			<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
678			<?php endif;
679			endforeach;
680			endif;
681			?>
682			</select>
683			</td>
684			</tr>
685			<tr>
686	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
687	59ecde49	Renato Botelho	<td>
688	43f2eca7	Erik Fonnesbeck	<input autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
689	59ecde49	Renato Botelho	/
690			<select name="dstmask" class="formselect" id="dstmask">
691			<?php
692			for ($i = 31; $i > 0; $i--): ?>
693			<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
694			<?php endfor; ?>
695			</select>
696			</td>
697			</tr>
698			</table>
699			</td>
700			</tr>
701			<tr id="dprtr" name="dprtr">
702	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range"); ?> </td>
703	59ecde49	Renato Botelho	<td width="78%" class="vtable">
704			<table border="0" cellspacing="0" cellpadding="0">
705			<tr>
706	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
707	59ecde49	Renato Botelho	<td>
708			<select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
709	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
710	a457e739	Renato Botelho	<?php $bfound = 0;
711			foreach ($wkports as $wkport => $wkportdesc): ?>
712	59ecde49	Renato Botelho	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
713			<?php endforeach; ?>
714			</select>
715	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
716	59ecde49	Renato Botelho	</td>
717			</tr>
718			<tr>
719	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
720	59ecde49	Renato Botelho	<td>
721			<select name="dstendport" class="formselect" onchange="ext_change()">
722	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
723	a457e739	Renato Botelho	<?php $bfound = 0;
724			foreach ($wkports as $wkport => $wkportdesc): ?>
725	59ecde49	Renato Botelho	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
726			<?php endforeach; ?>
727			</select>
728	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
729	59ecde49	Renato Botelho	</td>
730			</tr>
731			</table>
732			<br />
733			<span class="vexpl">
734	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?>
735	59ecde49	Renato Botelho	<br />
736	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to map a single port"); ?>
737	59ecde49	Renato Botelho	</span>
738			</td>
739			</tr>
740	44374c0a	Erik Fonnesbeck	<tr name="localiptable" id="localiptable">
741	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
742	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
743	4ce8ac00	Erik Kristensen	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
744	6cac9bda	Carlos Eduardo Ramos	<br> <span class="vexpl"><?=gettext("Enter the internal IP address of " .
745	39a3ce91	Carlos Eduardo Ramos	"the server on which you want to map the ports."); ?><br>
746	6cac9bda	Carlos Eduardo Ramos	<?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td>
747	5b237745	Scott Ullrich	</tr>
748	59ecde49	Renato Botelho	<tr name="lprtr" id="lprtr">
749	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
750	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
751	b5c78501	Seth Mos	<select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();">
752	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
753	5b237745	Scott Ullrich	<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
754			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
755	0e6998d1	Scott Ullrich	echo "selected";
756			$bfound = 1;
757			}?>>
758	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
759			</option>
760			<?php endforeach; ?>
761	225a2f0b	Scott Ullrich	</select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>">
762	5b237745	Scott Ullrich	<br>
763	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the port on the machine with the " .
764			"IP address entered above. In case of a port range, specify " .
765			"the beginning port of the range (the end port will be calculated " .
766	39a3ce91	Carlos Eduardo Ramos	"automatically)."); ?><br>
767	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td>
768	5b237745	Scott Ullrich	</tr>
769	9ae40f2b	Scott Ullrich	<tr>
770	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
771	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
772	b5c78501	Seth Mos	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
773	6cac9bda	Carlos Eduardo Ramos	<br> <span class="vexpl"><?=gettext("You may enter a description here " .
774	39a3ce91	Carlos Eduardo Ramos	"for your reference (not parsed)."); ?></span></td>
775	53ea15e0	Scott Ullrich	</tr>
776	d00055f8	Scott Ullrich	<tr>
777	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
778	d00055f8	Scott Ullrich	<td width="78%" class="vtable">
779	ba1a0433	Renato Botelho	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
780	6cac9bda	Carlos Eduardo Ramos	<?=gettext("HINT: This prevents the rule from automatically syncing to other CARP members"); ?>.
781	d00055f8	Scott Ullrich	</td>
782	ea0805c1	Scott Ullrich	</tr>
783	15409667	Erik Fonnesbeck	<tr>
784	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
785	15409667	Erik Fonnesbeck	<td width="78%" class="vtable">
786			<select name="natreflection" class="formselect">
787	3a92149b	Carlos Eduardo Ramos	<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>><?=gettext("use system default"); ?></option>
788			<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>><?=gettext("enable"); ?></option>
789			<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>><?=gettext("disable"); ?></option>
790	15409667	Erik Fonnesbeck	</select>
791			</td>
792			</tr>
793	b9e28d57	unknown	<?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
794	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
795	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
796	b9e28d57	unknown	<td width="78%" class="vtable">
797	9b16b834	Ermal Lu?i	<select name="associated-rule-id">
798	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
799	39a3ce91	Carlos Eduardo Ramos	<option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " SELECTED"; ?>><?=gettext("Pass"); ?></option>
800	59ecde49	Renato Botelho	<?php
801	cdf9847b	Ermal Lu?i	$linkedrule = "";
802	9b16b834	Ermal Lu?i	if (is_array($config['filter']['rule'])) {
803	8bb30d23	Erik Fonnesbeck	filter_rules_sort();
804	8ad3503e	Erik Fonnesbeck	foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
805	9b16b834	Ermal Lu?i	if (isset($filter_rule['associated-rule-id'])) {
806			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
807	cdf9847b	Ermal Lu?i	if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
808	9b16b834	Ermal Lu?i	echo " SELECTED";
809	8ad3503e	Erik Fonnesbeck	$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br/>";
810	cdf9847b	Ermal Lu?i	}
811	9b16b834	Ermal Lu?i	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
812	59ecde49	Renato Botelho
813	9b16b834	Ermal Lu?i	}
814			}
815			}
816			if (isset($pconfig['associated-rule-id']))
817	6cac9bda	Carlos Eduardo Ramos	echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
818	9b16b834	Ermal Lu?i	echo "</select>\n";
819	cdf9847b	Ermal Lu?i	echo $linkedrule;
820	9b16b834	Ermal Lu?i	?>
821	b9e28d57	unknown	</td>
822			</tr>
823			<?php endif; ?>
824	53ea15e0	Scott Ullrich	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']))): ?>
825	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
826	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
827	5d2742d5	sullrich	<td width="78%" class="vtable">
828	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
829	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
830			<option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
831			<option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
832	3a92149b	Carlos Eduardo Ramos	<option value="pass"><?=gettext("Pass"); ?></option>
833	5335abae	unknown	</select>
834			</td>
835	5b237745	Scott Ullrich	</tr><?php endif; ?>
836	2ea00c3e	Scott Ullrich	<?php
837			// Allow extending of the firewall edit page and include custom input validation
838			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate");
839			?>
840	147b90b8	Scott Ullrich	<tr>
841			<td width="22%" valign="top"> </td>
842			<td width="78%"> </td>
843			</tr>
844	9ae40f2b	Scott Ullrich	<tr>
845	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
846	9ae40f2b	Scott Ullrich	<td width="78%">
847	6cac9bda	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
848	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
849	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
850	5b237745	Scott Ullrich	<?php endif; ?>
851			</td>
852			</tr>
853			</table>
854			</form>
855			<script language="JavaScript">
856			<!--
857	4ce8ac00	Erik Kristensen	ext_change();
858	dd5bf424	Scott Ullrich	dst_change(document.iform.interface.value,'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>');
859	bcbcc2f8	Erik Fonnesbeck	var iface_old = document.iform.interface.value;
860	59ecde49	Renato Botelho	typesel_change();
861			proto_change();
862	5ab8e250	Erik Fonnesbeck	<?php if ($pconfig['srcnot'] \|\| $pconfig['src'] != "any" \|\| $pconfig['srcbeginport'] != "any" \|\| $pconfig['srcendport'] != "any"): ?>
863			show_source();
864			<?php endif; ?>
865	44374c0a	Erik Fonnesbeck	nordr_change();
866	5b237745	Scott Ullrich	//-->
867			</script>
868	9ae40f2b	Scott Ullrich	<?php
869			$isfirst = 0;
870			$aliases = "";
871			$addrisfirst = 0;
872			$aliasesaddr = "";
873	b964717d	Scott Ullrich	if($config['aliases']['alias'] <> "")
874			foreach($config['aliases']['alias'] as $alias_name) {
875	b6867d81	Ermal Lu?i	switch ($alias_name['type']) {
876			case "port":
877			if($isfirst == 1) $portaliases .= ",";
878			$portaliases .= "'" . $alias_name['name'] . "'";
879			$isfirst = 1;
880			break;
881			case "host":
882			case "network":
883			case "openvpn":
884	c7de8be4	jim-p	case "urltable":
885	b6867d81	Ermal Lu?i	if($addrisfirst == 1) $aliasesaddr .= ",";
886			$aliasesaddr .= "'" . $alias_name['name'] . "'";
887			$addrisfirst = 1;
888			break;
889			default:
890			break;
891	b964717d	Scott Ullrich	}
892	9ae40f2b	Scott Ullrich	}
893			?>
894			<script language="JavaScript">
895			<!--
896	4ce8ac00	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
897	b6867d81	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
898	9eb60dcc	Ermal Lu?i
899			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
900	59ecde49	Renato Botelho	var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
901			var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
902			var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
903			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
904			var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
905			var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
906			var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
907	9ae40f2b	Scott Ullrich	//-->
908			</script>
909	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
910			</body>
911			</html>

Project

General

Profile

pfSense