/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ 8ea77433

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	9ae40f2b	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	9ae40f2b	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	9ae40f2b	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	7ac5a4cb	Scott Ullrich	/*
32			pfSense_MODULE: nat
33			*/
34	5b237745	Scott Ullrich
35	6b07c15a	Matthew Grooms	##\|+PRIV
36			##\|*IDENT=page-firewall-nat-portforward-edit
37			##\|*NAME=Firewall: NAT: Port Forward: Edit page
38			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
39			##\|MATCH=firewall_nat_edit.php
40			##\|-PRIV
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("itemid.inc");
44	1a03cf69	Scott Ullrich	require("filter.inc");
45			require("shaper.inc");
46	5b237745	Scott Ullrich
47	59ecde49	Renato Botelho	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
48			$ifdisp = get_configured_interface_with_descr();
49			foreach ($ifdisp as $kif => $kdescr) {
50			$specialsrcdst[] = "{$kif}";
51			$specialsrcdst[] = "{$kif}ip";
52			}
53
54	5b237745	Scott Ullrich	if (!is_array($config['nat']['rule'])) {
55			$config['nat']['rule'] = array();
56			}
57			$a_nat = &$config['nat']['rule'];
58
59			$id = $_GET['id'];
60			if (isset($_POST['id']))
61			$id = $_POST['id'];
62
63	4a991889	Bill Marquette	if (isset($_GET['dup'])) {
64			$id = $_GET['dup'];
65			$after = $_GET['dup'];
66			}
67
68	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
69	59ecde49	Renato Botelho	$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
70			$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
71
72			address_to_pconfig($a_nat[$id]['source'], $pconfig['src'],
73			$pconfig['srcmask'], $pconfig['srcnot'],
74			$pconfig['srcbeginport'], $pconfig['srcendport']);
75
76			address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'],
77			$pconfig['dstmask'], $pconfig['dstnot'],
78			$pconfig['dstbeginport'], $pconfig['dstendport']);
79
80	5b237745	Scott Ullrich	$pconfig['proto'] = $a_nat[$id]['protocol'];
81			$pconfig['localip'] = $a_nat[$id]['target'];
82			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
83			$pconfig['descr'] = $a_nat[$id]['descr'];
84			$pconfig['interface'] = $a_nat[$id]['interface'];
85	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
86	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
87	15409667	Erik Fonnesbeck	$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
88	59ecde49	Renato Botelho
89	5b237745	Scott Ullrich	if (!$pconfig['interface'])
90			$pconfig['interface'] = "wan";
91			} else {
92			$pconfig['interface'] = "wan";
93	59ecde49	Renato Botelho	$pconfig['src'] = "any";
94			$pconfig['srcbeginport'] = "any";
95			$pconfig['srcendport'] = "any";
96	5b237745	Scott Ullrich	}
97
98	a6713b32	Bill Marquette	if (isset($_GET['dup']))
99			unset($id);
100
101	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
102	59ecde49	Renato Botelho	* cannot think he is slick and perform a XSS attack on the unwilling
103	ef2a753c	Scott Ullrich	*/
104	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
105			$temp = $value;
106			$newpost = htmlentities($temp);
107	59ecde49	Renato Botelho	if($newpost <> $temp)
108	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
109	ef2a753c	Scott Ullrich	}
110
111	5b237745	Scott Ullrich	if ($_POST) {
112
113	59ecde49	Renato Botelho	if(strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") {
114			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
115			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
116			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
117			$_POST['srcendport'] = $_POST['srcendport_cust'];
118
119			if ($_POST['srcbeginport'] == "any") {
120			$_POST['srcbeginport'] = 0;
121			$_POST['srcendport'] = 0;
122			} else {
123			if (!$_POST['srcendport'])
124			$_POST['srcendport'] = $_POST['srcbeginport'];
125			}
126			if ($_POST['srcendport'] == "any")
127			$_POST['srcendport'] = $_POST['srcbeginport'];
128
129			if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
130			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
131			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
132			$_POST['dstendport'] = $_POST['dstendport_cust'];
133
134			if ($_POST['dstbeginport'] == "any") {
135			$_POST['dstbeginport'] = 0;
136			$_POST['dstendport'] = 0;
137			} else {
138			if (!$_POST['dstendport'])
139			$_POST['dstendport'] = $_POST['dstbeginport'];
140			}
141			if ($_POST['dstendport'] == "any")
142			$_POST['dstendport'] = $_POST['dstbeginport'];
143
144			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
145			$_POST['localbeginport'] = $_POST['localbeginport_cust'];
146	9ae40f2b	Scott Ullrich
147	59ecde49	Renato Botelho	/* Make beginning port end port if not defined and endport is */
148			if (!$_POST['srcbeginport'] && $_POST['srcendport'])
149			$_POST['srcbeginport'] = $_POST['srcendport'];
150			if (!$_POST['dstbeginport'] && $_POST['dstendport'])
151			$_POST['dstbeginport'] = $_POST['dstendport'];
152			} else {
153			$_POST['srcbeginport'] = 0;
154			$_POST['srcendport'] = 0;
155			$_POST['dstbeginport'] = 0;
156			$_POST['dstendport'] = 0;
157			}
158
159			if (is_specialnet($_POST['srctype'])) {
160			$_POST['src'] = $_POST['srctype'];
161			$_POST['srcmask'] = 0;
162			} else if ($_POST['srctype'] == "single") {
163			$_POST['srcmask'] = 32;
164			}
165			if (is_specialnet($_POST['dsttype'])) {
166			$_POST['dst'] = $_POST['dsttype'];
167			$_POST['dstmask'] = 0;
168			} else if ($_POST['dsttype'] == "single") {
169			$_POST['dstmask'] = 32;
170			} else if (is_ipaddr($_POST['dsttype'])) {
171			$_POST['dst'] = $_POST['dsttype'];
172			$_POST['dstmask'] = 32;
173			$_POST['dsttype'] = "single";
174			}
175	9ae40f2b	Scott Ullrich
176	5b237745	Scott Ullrich	unset($input_errors);
177			$pconfig = $_POST;
178
179			/* input validation */
180	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
181	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto dstbeginport dstendport");
182			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));
183	b66f7667	Scott Ullrich	} else {
184	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto");
185			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"));
186	b66f7667	Scott Ullrich	}
187	9ae40f2b	Scott Ullrich
188	59ecde49	Renato Botelho	if ($_POST['srctype'] == "single" \|\| $_POST['srctype'] == "network") {
189			$reqdfields[] = "src";
190	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Source address");
191	59ecde49	Renato Botelho	}
192			if ($_POST['dsttype'] == "single" \|\| $_POST['dsttype'] == "network") {
193			$reqdfields[] = "dst";
194	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Destination address");
195	59ecde49	Renato Botelho	}
196	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr'])) {
197			$reqdfields[] = "localip";
198			$reqdfieldsn[] = gettext("Redirect target IP");
199			}
200	59ecde49	Renato Botelho
201	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
202	9ae40f2b	Scott Ullrich
203	59ecde49	Renato Botelho	if (!$_POST['srcbeginport']) {
204			$_POST['srcbeginport'] = 0;
205			$_POST['srcendport'] = 0;
206			}
207			if (!$_POST['dstbeginport']) {
208			$_POST['dstbeginport'] = 0;
209			$_POST['dstendport'] = 0;
210			}
211
212	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
213			$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);
214	5b237745	Scott Ullrich	}
215	9ae40f2b	Scott Ullrich
216	59ecde49	Renato Botelho	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
217	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
218	59ecde49	Renato Botelho	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
219	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
220	59ecde49	Renato Botelho	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
221	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
222	59ecde49	Renato Botelho	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
223	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
224	59ecde49	Renato Botelho
225	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && $_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {
226	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid local port. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
227	59ecde49	Renato Botelho	}
228	9ae40f2b	Scott Ullrich
229	59ecde49	Renato Botelho	/* if user enters an alias and selects "network" then disallow. */
230			if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) )
231			\|\| ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) {
232	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
233	59ecde49	Renato Botelho	}
234	b66f7667	Scott Ullrich
235	59ecde49	Renato Botelho	if (!is_specialnet($_POST['srctype'])) {
236			if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
237	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
238	b66f7667	Scott Ullrich	}
239	59ecde49	Renato Botelho	if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
240	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid source bit count must be specified.");
241	b66f7667	Scott Ullrich	}
242	59ecde49	Renato Botelho	}
243			if (!is_specialnet($_POST['dsttype'])) {
244			if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
245	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
246	b66f7667	Scott Ullrich	}
247	59ecde49	Renato Botelho	if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
248	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid destination bit count must be specified.");
249	b66f7667	Scott Ullrich	}
250	59ecde49	Renato Botelho	}
251
252			if ($_POST['srcbeginport'] > $_POST['srcendport']) {
253			/* swap */
254			$tmp = $_POST['srcendport'];
255			$_POST['srcendport'] = $_POST['srcbeginport'];
256			$_POST['srcbeginport'] = $tmp;
257			}
258			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
259			/* swap */
260			$tmp = $_POST['dstendport'];
261			$_POST['dstendport'] = $_POST['dstbeginport'];
262			$_POST['dstbeginport'] = $tmp;
263			}
264	ea0805c1	Scott Ullrich
265	59ecde49	Renato Botelho	if (!$input_errors) {
266	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
267	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
268	5b237745	Scott Ullrich	}
269	9ae40f2b	Scott Ullrich
270	5b237745	Scott Ullrich	/* check for overlaps */
271			foreach ($a_nat as $natent) {
272			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
273			continue;
274			if ($natent['interface'] != $_POST['interface'])
275			continue;
276	59ecde49	Renato Botelho	if ($natent['destination']['address'] != $_POST['dst'])
277	5b237745	Scott Ullrich	continue;
278	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
279			continue;
280	ea0805c1	Scott Ullrich
281	59ecde49	Renato Botelho	list($begp,$endp) = explode("-", $natent['destination']['port']);
282	5b237745	Scott Ullrich	if (!$endp)
283			$endp = $begp;
284	ea0805c1	Scott Ullrich
285	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
286			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
287	ea0805c1	Scott Ullrich
288	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
289	5b237745	Scott Ullrich	break;
290			}
291			}
292
293			if (!$input_errors) {
294			$natent = array();
295	9ae40f2b	Scott Ullrich
296	59ecde49	Renato Botelho	$natent['disabled'] = isset($_POST['disabled']) ? true:false;
297			$natent['nordr'] = isset($_POST['nordr']) ? true:false;
298
299	6fa73745	Erik Fonnesbeck	if ($natent['nordr']) {
300			$_POST['associated-rule-id'] = '';
301			$_POST['filter-rule-association'] = '';
302			}
303
304	59ecde49	Renato Botelho	pconfig_to_address($natent['source'], $_POST['src'],
305			$_POST['srcmask'], $_POST['srcnot'],
306			$_POST['srcbeginport'], $_POST['srcendport']);
307
308			pconfig_to_address($natent['destination'], $_POST['dst'],
309			$_POST['dstmask'], $_POST['dstnot'],
310			$_POST['dstbeginport'], $_POST['dstendport']);
311
312			$natent['protocol'] = $_POST['proto'];
313	9ae40f2b	Scott Ullrich
314	6fa73745	Erik Fonnesbeck	if (!$natent['nordr']) {
315			$natent['target'] = $_POST['localip'];
316			$natent['local-port'] = $_POST['localbeginport'];
317			}
318	5b237745	Scott Ullrich	$natent['interface'] = $_POST['interface'];
319			$natent['descr'] = $_POST['descr'];
320	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
321	59ecde49	Renato Botelho
322	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
323	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
324	9ae40f2b	Scott Ullrich
325	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
326			$natent['nosync'] = true;
327			else
328			unset($natent['nosync']);
329
330	15409667	Erik Fonnesbeck	if ($_POST['natreflection'] == "enable" \|\| $_POST['natreflection'] == "disable")
331			$natent['natreflection'] = $_POST['natreflection'];
332			else
333			unset($natent['natreflection']);
334
335	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
336	f83fa942	Ermal	if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) \|\| $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) {
337	473d0ff0	pierrepomes	// Delete the previous rule
338	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
339	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
340			}
341
342	5335abae	unknown	$need_filter_rule = false;
343			// Updating a rule with a filter rule associated
344	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id']))
345	5335abae	unknown	$need_filter_rule = true;
346	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
347	9b16b834	Ermal Lu?i	if( $natent['associated-rule-id']=='new' ) {
348	473d0ff0	pierrepomes	$need_filter_rule = true;
349	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
350	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
351			}
352	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
353	473d0ff0	pierrepomes	else if( isset($_POST['filter-rule-association']) &&
354			($_POST['filter-rule-association']=='add-associated' \|\|
355	5335abae	unknown	$_POST['filter-rule-association']=='add-unassociated') )
356			$need_filter_rule = true;
357
358	473d0ff0	pierrepomes	// Determine NAT entry ID now, we need it for the firewall rule
359			if (isset($id) && $a_nat[$id])
360			$a_nat[$id] = $natent;
361			else {
362			if (is_numeric($after))
363			$id = $after + 1;
364			else
365			$id = count($a_nat);
366			}
367	5335abae	unknown
368	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
369	9ae40f2b	Scott Ullrich
370	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
371	9ae40f2b	Scott Ullrich	$filterent = array();
372	9b16b834	Ermal Lu?i	unset($filterentid);
373	473d0ff0	pierrepomes	// If a rule already exists, load it
374	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
375			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
376	59345b3c	Renato Botelho	if ($filterentid == false)
377	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'];
378	59345b3c	Renato Botelho	else
379	9b16b834	Ermal Lu?i	$filterent =& $config['filter']['rule'][$filterentid];
380	59345b3c	Renato Botelho	}
381			pconfig_to_address($filterent['source'], $_POST['src'],
382			$_POST['srcmask'], $_POST['srcnot'],
383			$_POST['srcbeginport'], $_POST['srcendport']);
384	473d0ff0	pierrepomes
385			// Update interface, protocol and destination
386	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
387			$filterent['protocol'] = $_POST['proto'];
388			$filterent['destination']['address'] = $_POST['localip'];
389	9ae40f2b	Scott Ullrich
390	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
391	59ecde49	Renato Botelho	$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
392	9ae40f2b	Scott Ullrich
393	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
394			$filterent['destination']['port'] = $dstpfrom;
395			else
396			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
397	9ae40f2b	Scott Ullrich
398	06246e5b	Seth Mos	/*
399			* Our firewall filter description may be no longer than
400			* 63 characters, so don't let it be.
401			*/
402	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
403	9ae40f2b	Scott Ullrich
404	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
405			if( $_POST['filter-rule-association']=='add-associated' ) {
406	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
407	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
408			}
409	9ae40f2b	Scott Ullrich
410	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
411	5b237745	Scott Ullrich	}
412	9ae40f2b	Scott Ullrich
413	473d0ff0	pierrepomes	// Update the NAT entry now
414	b9e28d57	unknown	if (isset($id) && $a_nat[$id])
415			$a_nat[$id] = $natent;
416			else {
417			if (is_numeric($after))
418			array_splice($a_nat, $after+1, 0, array($natent));
419			else
420			$a_nat[] = $natent;
421			}
422
423			mark_subsystem_dirty('natconf');
424
425	5b237745	Scott Ullrich	write_config();
426	9ae40f2b	Scott Ullrich
427	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
428			exit;
429			}
430			}
431	da7ae7ef	Bill Marquette
432	ba1a0433	Renato Botelho	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit"));
433	da7ae7ef	Bill Marquette	include("head.inc");
434
435	5b237745	Scott Ullrich	?>
436	da7ae7ef	Bill Marquette
437	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
438	4ce8ac00	Erik Kristensen	<?php
439			include("fbegin.inc"); ?>
440	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
441			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
442			<table width="100%" border="0" cellpadding="6" cellspacing="0">
443	2a6cb2d6	Scott Ullrich	<tr>
444	6cac9bda	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
445	59ecde49	Renato Botelho	</tr>
446			<tr>
447	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
448	59ecde49	Renato Botelho	<td width="78%" class="vtable">
449			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
450	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("Disable this rule"); ?></strong><br />
451			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
452	59ecde49	Renato Botelho	</td>
453			</tr>
454			<tr>
455	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
456	59ecde49	Renato Botelho	<td width="78%" class="vtable">
457	44374c0a	Erik Fonnesbeck	<input type="checkbox" name="nordr" id="nordr" onClick="nordr_change();" <?php if($pconfig['nordr']) echo "CHECKED"; ?>>
458	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
459			<br><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
460	59ecde49	Renato Botelho	</td>
461			</tr>
462			<tr>
463	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
464	5b237745	Scott Ullrich	<td width="78%" class="vtable">
465	bcbcc2f8	Erik Fonnesbeck	<select name="interface" class="formselect" onChange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
466	5b237745	Scott Ullrich	<?php
467	59ecde49	Renato Botelho
468	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
469	59ecde49	Renato Botelho	foreach ($iflist as $if => $ifdesc)
470			if(have_ruleint_access($if))
471	cbe3ea96	Ermal Luçi	$interfaces[$if] = $ifdesc;
472	59ecde49	Renato Botelho
473	f6018115	Erik Fonnesbeck	if ($config['l2tp']['mode'] == "server")
474			if(have_ruleint_access("l2tp"))
475			$interfaces['l2tp'] = "L2TP VPN";
476
477	40b56dc1	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
478	59ecde49	Renato Botelho	if(have_ruleint_access("pptp"))
479	40b56dc1	Scott Ullrich	$interfaces['pptp'] = "PPTP VPN";
480	59ecde49	Renato Botelho
481	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
482			$interfaces['pppoe'] = "PPPoE VPN";
483	59ecde49	Renato Botelho
484	40b56dc1	Scott Ullrich	/* add ipsec interfaces */
485	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
486	59ecde49	Renato Botelho	if(have_ruleint_access("enc0"))
487			$interfaces["enc0"] = "IPsec";
488	40b56dc1	Scott Ullrich
489	f6018115	Erik Fonnesbeck	/* add openvpn/tun interfaces */
490			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
491			$interfaces["openvpn"] = "OpenVPN";
492
493	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
494			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
495			<?=htmlspecialchars($ifacename);?>
496			</option>
497			<?php endforeach; ?>
498			</select><br>
499	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br>
500			<?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td>
501	5b237745	Scott Ullrich	</tr>
502	9ae40f2b	Scott Ullrich	<tr>
503	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
504	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
505	b5c78501	Seth Mos	<select name="proto" class="formselect" onChange="proto_change(); check_for_aliases();">
506	e598eab5	Scott Ullrich	<?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP"); foreach ($protocols as $proto): ?>
507	5b237745	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
508			<?php endforeach; ?>
509	6cac9bda	Carlos Eduardo Ramos	</select> <br> <span class="vexpl"><?=gettext("Choose which IP protocol " .
510			"this rule should match."); ?><br>
511	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em>  <?=gettext("here."); ?></span></td>
512	5b237745	Scott Ullrich	</tr>
513	59ecde49	Renato Botelho	<tr id="showadvancedboxsrc" name="showadvancedboxsrc">
514	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
515	59ecde49	Renato Botelho	<td width="78%" class="vtable">
516	3a92149b	Carlos Eduardo Ramos	<input type="button" onClick="show_source()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source address and port range"); ?></a>
517	59ecde49	Renato Botelho	</td>
518			</tr>
519			<tr style="display: none;" id="srctable" name="srctable">
520	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
521	59ecde49	Renato Botelho	<td width="78%" class="vtable">
522	ba1a0433	Renato Botelho	<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
523	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
524	59ecde49	Renato Botelho	<br />
525	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
526	59ecde49	Renato Botelho	<br />
527			<br />
528			<table border="0" cellspacing="0" cellpadding="0">
529			<tr>
530	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
531	59ecde49	Renato Botelho	<td>
532			<select name="srctype" class="formselect" onChange="typesel_change()">
533			<?php
534			$sel = is_specialnet($pconfig['src']); ?>
535	6cac9bda	Carlos Eduardo Ramos	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option>
536			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
537			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option>
538	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
539	ba1a0433	Renato Botelho	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option>
540	59ecde49	Renato Botelho	<?php endif; ?>
541			<?php if(have_ruleint_access("pppoe")): ?>
542	ba1a0433	Renato Botelho	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option>
543	59ecde49	Renato Botelho	<?php endif; ?>
544			<?php if(have_ruleint_access("l2tp")): ?>
545	ba1a0433	Renato Botelho	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option>
546	3a92149b	Carlos Eduardo Ramos	<?php endif; ?>
547	59ecde49	Renato Botelho	<?php
548			foreach ($ifdisp as $ifent => $ifdesc): ?>
549			<?php if(have_ruleint_access($ifent)): ?>
550	6cac9bda	Carlos Eduardo Ramos	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option>
551	59ecde49	Renato Botelho	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
552	ba1a0433	Renato Botelho	<?=$ifdesc?> <?=gettext("address");?>
553	59ecde49	Renato Botelho	</option>
554			<?php endif; ?>
555			<?php endforeach; ?>
556			</select>
557			</td>
558			</tr>
559			<tr>
560	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
561	59ecde49	Renato Botelho	<td>
562			<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
563			<select name="srcmask" class="formselect" id="srcmask">
564			<?php for ($i = 31; $i > 0; $i--): ?>
565			<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
566			<?php endfor; ?>
567			</select>
568			</td>
569			</tr>
570			</table>
571			</td>
572			</tr>
573			<tr style="display:none" id="sprtable" name="sprtable">
574	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range"); ?></td>
575	59ecde49	Renato Botelho	<td width="78%" class="vtable">
576			<table border="0" cellspacing="0" cellpadding="0">
577			<tr>
578	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
579	59ecde49	Renato Botelho	<td>
580			<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
581	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
582			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any"); ?></option>
583	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
584			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
585			<?php endforeach; ?>
586			</select>
587	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
588	59ecde49	Renato Botelho	</td>
589			</tr>
590			<tr>
591	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
592	59ecde49	Renato Botelho	<td>
593			<select name="srcendport" class="formselect" onchange="ext_change()">
594	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
595			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any"); ?></option>
596	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
597			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
598			<?php endforeach; ?>
599			</select>
600	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
601	59ecde49	Renato Botelho	</td>
602			</tr>
603			</table>
604			<br />
605	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>.</b> <br /> <?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to filter a single port."); ?></span><br/>
606	59ecde49	Renato Botelho	</td>
607			</tr>
608			<tr>
609	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td>
610	59ecde49	Renato Botelho	<td width="78%" class="vtable">
611			<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
612	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
613	59ecde49	Renato Botelho	<br />
614	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
615	59ecde49	Renato Botelho	<br />
616			<br />
617			<table border="0" cellspacing="0" cellpadding="0">
618			<tr>
619	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
620	59ecde49	Renato Botelho	<td>
621			<select name="dsttype" class="formselect" onChange="typesel_change()">
622			<?php
623			$sel = is_specialnet($pconfig['dst']); ?>
624	6cac9bda	Carlos Eduardo Ramos	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option>
625			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
626			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option>
627	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
628	ba1a0433	Renato Botelho	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option>
629	59ecde49	Renato Botelho	<?php endif; ?>
630			<?php if(have_ruleint_access("pppoe")): ?>
631	ba1a0433	Renato Botelho	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option>
632	59ecde49	Renato Botelho	<?php endif; ?>
633			<?php if(have_ruleint_access("l2tp")): ?>
634	ba1a0433	Renato Botelho	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option>
635	59ecde49	Renato Botelho	<?php endif; ?>
636
637			<?php foreach ($ifdisp as $if => $ifdesc): ?>
638			<?php if(have_ruleint_access($if)): ?>
639	6cac9bda	Carlos Eduardo Ramos	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option>
640	59ecde49	Renato Botelho	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
641	ba1a0433	Renato Botelho	<?=$ifdesc;?> <?=gettext("address");?>
642	59ecde49	Renato Botelho	</option>
643			<?php endif; ?>
644			<?php endforeach; ?>
645
646			<?php if (is_array($config['virtualip']['vip'])):
647			foreach ($config['virtualip']['vip'] as $sn):
648	e2c1d6c5	jim-p	if (isset($sn['noexpand']))
649			continue;
650	59ecde49	Renato Botelho	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
651	08a5d2eb	jim-p	$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
652			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
653			$len = $end - $start;
654			for ($i = 0; $i <= $len; $i++):
655			$snip = long2ip32($start+$i);
656	59ecde49	Renato Botelho	?>
657			<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
658			<?php endfor;
659			else:
660			?>
661			<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
662			<?php endif;
663			endforeach;
664			endif;
665			?>
666			</select>
667			</td>
668			</tr>
669			<tr>
670	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
671	59ecde49	Renato Botelho	<td>
672	43f2eca7	Erik Fonnesbeck	<input autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
673	59ecde49	Renato Botelho	/
674			<select name="dstmask" class="formselect" id="dstmask">
675			<?php
676			for ($i = 31; $i > 0; $i--): ?>
677			<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
678			<?php endfor; ?>
679			</select>
680			</td>
681			</tr>
682			</table>
683			</td>
684			</tr>
685			<tr id="dprtr" name="dprtr">
686	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range"); ?> </td>
687	59ecde49	Renato Botelho	<td width="78%" class="vtable">
688			<table border="0" cellspacing="0" cellpadding="0">
689			<tr>
690	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
691	59ecde49	Renato Botelho	<td>
692			<select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
693	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
694	a457e739	Renato Botelho	<?php $bfound = 0;
695			foreach ($wkports as $wkport => $wkportdesc): ?>
696	59ecde49	Renato Botelho	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
697			<?php endforeach; ?>
698			</select>
699	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
700	59ecde49	Renato Botelho	</td>
701			</tr>
702			<tr>
703	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
704	59ecde49	Renato Botelho	<td>
705			<select name="dstendport" class="formselect" onchange="ext_change()">
706	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
707	a457e739	Renato Botelho	<?php $bfound = 0;
708			foreach ($wkports as $wkport => $wkportdesc): ?>
709	59ecde49	Renato Botelho	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
710			<?php endforeach; ?>
711			</select>
712	225a2f0b	Scott Ullrich	<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
713	59ecde49	Renato Botelho	</td>
714			</tr>
715			</table>
716			<br />
717			<span class="vexpl">
718	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?>
719	59ecde49	Renato Botelho	<br />
720	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to map a single port"); ?>
721	59ecde49	Renato Botelho	</span>
722			</td>
723			</tr>
724	44374c0a	Erik Fonnesbeck	<tr name="localiptable" id="localiptable">
725	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
726	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
727	4ce8ac00	Erik Kristensen	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
728	6cac9bda	Carlos Eduardo Ramos	<br> <span class="vexpl"><?=gettext("Enter the internal IP address of " .
729	39a3ce91	Carlos Eduardo Ramos	"the server on which you want to map the ports."); ?><br>
730	6cac9bda	Carlos Eduardo Ramos	<?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td>
731	5b237745	Scott Ullrich	</tr>
732	59ecde49	Renato Botelho	<tr name="lprtr" id="lprtr">
733	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
734	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
735	b5c78501	Seth Mos	<select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();">
736	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
737	5b237745	Scott Ullrich	<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
738			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
739	0e6998d1	Scott Ullrich	echo "selected";
740			$bfound = 1;
741			}?>>
742	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
743			</option>
744			<?php endforeach; ?>
745	225a2f0b	Scott Ullrich	</select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>">
746	5b237745	Scott Ullrich	<br>
747	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the port on the machine with the " .
748			"IP address entered above. In case of a port range, specify " .
749			"the beginning port of the range (the end port will be calculated " .
750	39a3ce91	Carlos Eduardo Ramos	"automatically)."); ?><br>
751	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td>
752	5b237745	Scott Ullrich	</tr>
753	9ae40f2b	Scott Ullrich	<tr>
754	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
755	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
756	b5c78501	Seth Mos	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
757	6cac9bda	Carlos Eduardo Ramos	<br> <span class="vexpl"><?=gettext("You may enter a description here " .
758	39a3ce91	Carlos Eduardo Ramos	"for your reference (not parsed)."); ?></span></td>
759	53ea15e0	Scott Ullrich	</tr>
760	d00055f8	Scott Ullrich	<tr>
761	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
762	d00055f8	Scott Ullrich	<td width="78%" class="vtable">
763	ba1a0433	Renato Botelho	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
764	6cac9bda	Carlos Eduardo Ramos	<?=gettext("HINT: This prevents the rule from automatically syncing to other CARP members"); ?>.
765	d00055f8	Scott Ullrich	</td>
766	ea0805c1	Scott Ullrich	</tr>
767	15409667	Erik Fonnesbeck	<tr>
768	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
769	15409667	Erik Fonnesbeck	<td width="78%" class="vtable">
770			<select name="natreflection" class="formselect">
771	3a92149b	Carlos Eduardo Ramos	<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>><?=gettext("use system default"); ?></option>
772			<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>><?=gettext("enable"); ?></option>
773			<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>><?=gettext("disable"); ?></option>
774	15409667	Erik Fonnesbeck	</select>
775			</td>
776			</tr>
777	b9e28d57	unknown	<?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
778	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
779	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
780	b9e28d57	unknown	<td width="78%" class="vtable">
781	9b16b834	Ermal Lu?i	<select name="associated-rule-id">
782	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
783	39a3ce91	Carlos Eduardo Ramos	<option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " SELECTED"; ?>><?=gettext("Pass"); ?></option>
784	59ecde49	Renato Botelho	<?php
785	cdf9847b	Ermal Lu?i	$linkedrule = "";
786	9b16b834	Ermal Lu?i	if (is_array($config['filter']['rule'])) {
787	8bb30d23	Erik Fonnesbeck	filter_rules_sort();
788	8ad3503e	Erik Fonnesbeck	foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
789	9b16b834	Ermal Lu?i	if (isset($filter_rule['associated-rule-id'])) {
790			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
791	cdf9847b	Ermal Lu?i	if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
792	9b16b834	Ermal Lu?i	echo " SELECTED";
793	8ad3503e	Erik Fonnesbeck	$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br/>";
794	cdf9847b	Ermal Lu?i	}
795	9b16b834	Ermal Lu?i	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
796	59ecde49	Renato Botelho
797	9b16b834	Ermal Lu?i	}
798			}
799			}
800			if (isset($pconfig['associated-rule-id']))
801	6cac9bda	Carlos Eduardo Ramos	echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
802	9b16b834	Ermal Lu?i	echo "</select>\n";
803	cdf9847b	Ermal Lu?i	echo $linkedrule;
804	9b16b834	Ermal Lu?i	?>
805	b9e28d57	unknown	</td>
806			</tr>
807			<?php endif; ?>
808	53ea15e0	Scott Ullrich	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']))): ?>
809	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
810	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
811	5d2742d5	sullrich	<td width="78%" class="vtable">
812	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
813	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
814			<option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
815			<option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
816	3a92149b	Carlos Eduardo Ramos	<option value="pass"><?=gettext("Pass"); ?></option>
817	5335abae	unknown	</select>
818			</td>
819	5b237745	Scott Ullrich	</tr><?php endif; ?>
820	147b90b8	Scott Ullrich	<tr>
821			<td width="22%" valign="top"> </td>
822			<td width="78%"> </td>
823			</tr>
824	9ae40f2b	Scott Ullrich	<tr>
825	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
826	9ae40f2b	Scott Ullrich	<td width="78%">
827	6cac9bda	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
828	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
829	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
830	5b237745	Scott Ullrich	<?php endif; ?>
831			</td>
832			</tr>
833			</table>
834			</form>
835			<script language="JavaScript">
836			<!--
837	4ce8ac00	Erik Kristensen	ext_change();
838	dd5bf424	Scott Ullrich	dst_change(document.iform.interface.value,'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>');
839	bcbcc2f8	Erik Fonnesbeck	var iface_old = document.iform.interface.value;
840	59ecde49	Renato Botelho	typesel_change();
841			proto_change();
842	5ab8e250	Erik Fonnesbeck	<?php if ($pconfig['srcnot'] \|\| $pconfig['src'] != "any" \|\| $pconfig['srcbeginport'] != "any" \|\| $pconfig['srcendport'] != "any"): ?>
843			show_source();
844			<?php endif; ?>
845	44374c0a	Erik Fonnesbeck	nordr_change();
846	5b237745	Scott Ullrich	//-->
847			</script>
848	9ae40f2b	Scott Ullrich	<?php
849			$isfirst = 0;
850			$aliases = "";
851			$addrisfirst = 0;
852			$aliasesaddr = "";
853	b964717d	Scott Ullrich	if($config['aliases']['alias'] <> "")
854			foreach($config['aliases']['alias'] as $alias_name) {
855	b6867d81	Ermal Lu?i	switch ($alias_name['type']) {
856			case "port":
857			if($isfirst == 1) $portaliases .= ",";
858			$portaliases .= "'" . $alias_name['name'] . "'";
859			$isfirst = 1;
860			break;
861			case "host":
862			case "network":
863			case "openvpn":
864	c7de8be4	jim-p	case "urltable":
865	b6867d81	Ermal Lu?i	if($addrisfirst == 1) $aliasesaddr .= ",";
866			$aliasesaddr .= "'" . $alias_name['name'] . "'";
867			$addrisfirst = 1;
868			break;
869			default:
870			break;
871	b964717d	Scott Ullrich	}
872	9ae40f2b	Scott Ullrich	}
873			?>
874			<script language="JavaScript">
875			<!--
876	4ce8ac00	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
877	b6867d81	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
878	9eb60dcc	Ermal Lu?i
879			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
880	59ecde49	Renato Botelho	var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
881			var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
882			var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
883			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
884			var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
885			var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
886			var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
887	9ae40f2b	Scott Ullrich	//-->
888			</script>
889	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
890			</body>
891			</html>

Project

General

Profile

pfSense