Project

General

Profile

Download (30.6 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/* $Id$ */
3
/*
4
	firewall_rules.php
5
	part of pfSense (http://www.pfsense.com)
6
        Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7

    
8
	originally part of m0n0wall (http://m0n0.ch/wall)
9
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10
	All rights reserved.
11

    
12
	Redistribution and use in source and binary forms, with or without
13
	modification, are permitted provided that the following conditions are met:
14

    
15
	1. Redistributions of source code must retain the above copyright notice,
16
	   this list of conditions and the following disclaimer.
17

    
18
	2. Redistributions in binary form must reproduce the above copyright
19
	   notice, this list of conditions and the following disclaimer in the
20
	   documentation and/or other materials provided with the distribution.
21

    
22
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31
	POSSIBILITY OF SUCH DAMAGE.
32
*/
33

    
34
##|+PRIV
35
##|*IDENT=page-firewall-rules
36
##|*NAME=Firewall: Rules page
37
##|*DESCR=Allow access to the 'Firewall: Rules' page.
38
##|*MATCH=firewall_rules.php*
39
##|-PRIV
40

    
41

    
42
$pgtitle = array("Firewall", "Rules");
43
require("guiconfig.inc");
44

    
45
function check_for_advaned_options(&$item) {
46
	$item_set = "";
47
	if($item['max-src-nodes'])
48
		$item_set .= "max-src-nodes {$item['max-src-nodes']} ";
49
	if($item['max-src-states'])
50
		$item_set .= "max-src-states {$item['max-src-states']} ";
51
	if($item['statetype'] != "keep state" && $item['statetype'] != "")
52
		$item_set .= "statetype {$item['statetype']} {$item['statetype']}";
53
	if($item['statetimeout'])
54
		$item_set .= "statetimeout {$item['statetimeout']}";
55
	if($item['nosync'])
56
		$item_set .= "nosync ";
57
	if($item['max-src-conn-rate'])
58
		$item_set .= "max-src-conn-rate {$item['max-src-conn-rate']} ";
59
	if($item['max-src-conn-rates'])
60
		$item_set .= "max-src-conn-rates {$item['max-src-conn-rates']} ";
61
	return $item_set;
62
}
63

    
64
if (!is_array($config['filter']['rule'])) {
65
	$config['filter']['rule'] = array();
66
}
67
filter_rules_sort();
68
$a_filter = &$config['filter']['rule'];
69

    
70
$if = $_GET['if'];
71
if ($_POST['if'])
72
	$if = $_POST['if'];
73

    
74
$ifdescs = get_configured_interface_with_descr();
75

    
76
/* add group interfaces */
77
if (is_array($config['ifgroups']['ifgroupentry']))
78
	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
79
		if (have_ruleint_access($ifgen['ifname']))
80
			$iflist[$ifgen['ifname']] = $ifgen['ifname'];
81

    
82
foreach ($ifdescs as $ifent => $ifdesc)
83
	if(have_ruleint_access($ifent)) 
84
		$iflist[$ifent] = $ifdesc;
85

    
86
if ($config['l2tp']['mode'] == "server")
87
        if(have_ruleint_access("l2tp"))
88
                $iflist['l2tp'] = "L2TP VPN";
89

    
90
if ($config['pptpd']['mode'] == "server")
91
	if(have_ruleint_access("pptp")) 
92
		$iflist['pptp'] = "PPTP VPN";
93

    
94
if ($config['pppoe']['mode'] == "server")
95
	if(have_ruleint_access("pppoe")) 
96
		$iflist['pppoe'] = "PPPoE VPN";
97

    
98
/* add ipsec interfaces */
99
if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable']))
100
	if(have_ruleint_access("enc0")) 
101
		$iflist["enc0"] = "IPsec";
102

    
103
/* add openvpn/tun interfaces */
104
if  ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
105
   	$iflist["openvpn"] = "OpenVPN";
106

    
107
if (!$if || !isset($iflist[$if])) {
108
	if ("any" == $if)
109
                $if = "FloatingRules";
110
        else if ("FloatingRules" != $if)
111
                $if = "wan";
112
}
113

    
114
if ($_POST) {
115

    
116
	$pconfig = $_POST;
117

    
118
	if ($_POST['apply']) {
119
		$retval = 0;
120
		$retval = filter_configure();
121

    
122
		clear_subsystem_dirty('filter');
123

    
124
		$savemsg = "The settings have been applied.  The firewall rules are now reloading in the background.  You can also <a href='status_filter_reload.php'>monitor</a> the reload progress.";
125
	}
126
}
127

    
128
if ($_GET['act'] == "del") {
129
        if ($a_filter[$_GET['id']]) {
130
                unset($a_filter[$_GET['id']]);
131
                write_config();
132
		mark_subsystem_dirty('filter');
133
                header("Location: firewall_rules.php?if={$if}");
134
                exit;
135
        }
136
}
137

    
138
if (isset($_POST['del_x'])) {
139
	/* delete selected rules */
140
	if (is_array($_POST['rule']) && count($_POST['rule'])) {
141
		foreach ($_POST['rule'] as $rulei) {
142
			unset($a_filter[$rulei]);
143
		}
144
		write_config();
145
		mark_subsystem_dirty('filter');
146
		header("Location: firewall_rules.php?if={$if}");
147
		exit;
148
	}
149
} else if ($_GET['act'] == "toggle") {
150
	if ($a_filter[$_GET['id']]) {
151
                if(isset($a_filter[$_GET['id']]['disabled']))
152
                        unset($a_filter[$_GET['id']]['disabled']);
153
                else
154
                        $a_filter[$_GET['id']]['disabled'] = true;
155
		write_config();
156
		mark_subsystem_dirty('filter');
157
		header("Location: firewall_rules.php?if={$if}");
158
		exit;
159
	}
160
} else {
161
	/* yuck - IE won't send value attributes for image buttons, while Mozilla does -
162
	   so we use .x/.y to fine move button clicks instead... */
163
	unset($movebtn);
164
	foreach ($_POST as $pn => $pd) {
165
		if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
166
			$movebtn = $matches[1];
167
			break;
168
		}
169
	}
170
	/* move selected rules before this rule */
171
	if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
172
		$a_filter_new = array();
173

    
174
		/* copy all rules < $movebtn and not selected */
175
		for ($i = 0; $i < $movebtn; $i++) {
176
			if (!in_array($i, $_POST['rule']))
177
				$a_filter_new[] = $a_filter[$i];
178
		}
179

    
180
		/* copy all selected rules */
181
		for ($i = 0; $i < count($a_filter); $i++) {
182
			if ($i == $movebtn)
183
				continue;
184
			if (in_array($i, $_POST['rule']))
185
				$a_filter_new[] = $a_filter[$i];
186
		}
187

    
188
		/* copy $movebtn rule */
189
		if ($movebtn < count($a_filter))
190
			$a_filter_new[] = $a_filter[$movebtn];
191

    
192
		/* copy all rules > $movebtn and not selected */
193
		for ($i = $movebtn+1; $i < count($a_filter); $i++) {
194
			if (!in_array($i, $_POST['rule']))
195
				$a_filter_new[] = $a_filter[$i];
196
		}
197

    
198
		$a_filter = $a_filter_new;
199
		write_config();
200
		mark_subsystem_dirty('filter');
201
		header("Location: firewall_rules.php?if={$if}");
202
		exit;
203
	}
204
}
205
$closehead = false;
206

    
207
include("head.inc");
208

    
209
echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domLib.js\"></script>";
210
echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domTT.js\"></script>";
211
echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/behaviour.js\"></script>";
212
echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/fadomatic.js\"></script>";
213
?>
214
</head>
215

    
216
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
217
<?php include("fbegin.inc"); ?>
218
<form action="firewall_rules.php" method="post">
219
<script type="text/javascript" language="javascript" src="/javascript/row_toggle.js">
220
</script>
221
<?php if ($savemsg) print_info_box($savemsg); ?>
222
<?php if (is_subsystem_dirty('filter')): ?><p>
223
<?php print_info_box_np("The firewall rule configuration has been changed.<br>You must apply the changes in order for them to take effect.");?><br>
224
<?php endif; ?>
225
<table width="100%" border="0" cellpadding="0" cellspacing="0">
226
  <tr><td class="tabnavtbl">
227
  <?php
228
	/* active tabs */
229
	$tab_array = array();
230
       if ("FloatingRules" == $if)
231
                        $active = true;
232
                else
233
                        $active = false;
234
        $tab_array[] = array("Floating", $active, "firewall_rules.php?if=FloatingRules");
235
	$tabscounter = 0; $i = 0; foreach ($iflist as $ifent => $ifname) {
236
		if ($ifent == $if)
237
			$active = true;
238
		else
239
			$active = false;
240
		$tab_array[] = array($ifname, $active, "firewall_rules.php?if={$ifent}");
241
	}
242
	display_top_tabs($tab_array);
243
  ?>
244
  </td></tr>
245
  <tr>
246
    <td>
247
	<div id="mainarea">
248
              <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
249
                <tr id="frheader">
250
                  <td width="3%" class="list">&nbsp;</td>
251
                  <td width="5%" class="list">&nbsp;</td>
252
                  <td width="6%" class="listhdrr">Proto</td>
253
                  <td width="15%" class="listhdrr">Source</td>
254
                  <td width="7%" class="listhdrr">Port</td>
255
                  <td width="15%" class="listhdrr">Destination</td>
256
                  <td width="7%" class="listhdrr">Port</td>
257
		  <td width="5%" class="listhdrr">Gateway</td>
258
		  <td width="10%" class="listhdrr">Queue</td>
259
		  <td width="5%" class="listhdrr">Schedule</td>
260
                  <td width="22%" class="listhdr">Description</td>
261
                  <td width="10%" class="list">
262
			<table border="0" cellspacing="0" cellpadding="1">
263
			   <tr>
264
				<?php
265
					$nrules = 0;
266
					for ($i = 0; isset($a_filter[$i]); $i++) {
267
						$filterent = $a_filter[$i];
268
						if ($filterent['interface'] != $if && !isset($filterent['floating']))
269
							continue;
270
						if (isset($filterent['floating']) && "FloatingRules" != $if)
271
							continue;
272
						$nrules++;
273
					}
274
				?>
275
				<td>
276
				<?php if ($nrules == 0): ?>
277
				<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?>
278
				<input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected rules" onclick="return confirm('Do you really want to delete the selected rules?')"><?php endif; ?>
279
				</td>
280
				<td align="center" valign="middle"><a href="firewall_rules_edit.php?if=<?=$if;?>&after=-1"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add new rule" width="17" height="17" border="0"></a></td>
281
			   </tr>
282
			</table>
283
		  </td>
284
		</tr>
285
<?php if (isset($config['interfaces'][$if]['blockpriv'])): ?>
286
                <tr valign="top" id="frrfc1918">
287
                  <td width="3%" class="list">&nbsp;</td>
288
                  <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0"></td>
289
                  <td class="listlr" style="background-color: #e0e0e0">*</td>
290
                  <td class="listr" style="background-color: #e0e0e0">RFC 1918 networks</td>
291
                  <td class="listr" style="background-color: #e0e0e0">*</td>
292
                  <td class="listr" style="background-color: #e0e0e0">*</td>
293
                  <td class="listr" style="background-color: #e0e0e0">*</td>
294
                  <td class="listr" style="background-color: #e0e0e0">*</td>
295
		<td class="listr" style="background-color: #e0e0e0">*</td>
296
	 		 <td class="listr" style="background-color: #e0e0e0"></td>
297
                  <td class="listbg">Block private networks</td>
298
                  <td valign="middle" nowrap class="list">
299
				    <table border="0" cellspacing="0" cellpadding="1">
300
					<tr>
301
					  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules before this rule"></td>
302
					  <td><a href="interfaces.php#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
303
					</tr>
304
					<tr>
305
					  <td align="center" valign="middle"></td>
306
					  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="add a new rule based on this one" width="17" height="17" border="0"></td>
307
					</tr>
308
					</table>
309
				  </td>
310
				</tr>
311
<?php endif; ?>
312
<?php if (isset($config['interfaces'][$if]['blockbogons'])): ?>
313
                <tr valign="top" id="frrfc1918">
314
                  <td width="3%" class="list">&nbsp;</td>
315
                  <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0"></td>
316
                  <td class="listlr" style="background-color: #e0e0e0">*</td>
317
                  <td class="listr" style="background-color: #e0e0e0">Reserved/not assigned by IANA</td>
318
                  <td class="listr" style="background-color: #e0e0e0">*</td>
319
                  <td class="listr" style="background-color: #e0e0e0">*</td>
320
                  <td class="listr" style="background-color: #e0e0e0">*</td>
321
				  <td class="listr" style="background-color: #e0e0e0">*</td>
322
				   <td class="listr" style="background-color: #e0e0e0">*</td>
323
		  <td class="listr" style="background-color: #e0e0e0">*</td>
324
                  <td class="listbg">Block bogon networks</td>
325
                  <td valign="middle" nowrap class="list">
326
				    <table border="0" cellspacing="0" cellpadding="1">
327
					<tr>
328
					  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules before this rule"></td>
329
					  <td><a href="interfaces.php#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
330
					</tr>
331
					<tr>
332
					  <td align="center" valign="middle"></td>
333
					  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="add a new rule based on this one" width="17" height="17" border="0"></td>
334
					</tr>
335
					</table>
336
				  </td>
337
				</tr>
338
<?php endif; ?>
339
				<?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++):
340
					$filterent = $a_filter[$i];
341
					if ($filterent['interface'] != $if && !isset($filterent['floating']))
342
						continue;
343
					if (isset($filterent['floating']) && "FloatingRules" != $if)
344
						continue;
345
					$isadvset = check_for_advaned_options($filterent);
346
					if($isadvset)
347
						$advanced_set = "<img src=\"./themes/{$g['theme']}/images/icons/icon_advanced.gif\" title=\"advanced settings set: $isadvset\" border=\"0\">";
348
					else 
349
						$advanced_set = ""
350
				?>
351
                <tr valign="top" id="fr<?=$nrules;?>">
352
                  <td class="listt">
353
					<input type="checkbox" id="frc<?=$nrules;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nrules;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;">
354
					<?php echo $advanced_set; ?>
355
				  </td>
356
                  <td class="listt" align="center">
357
				  <?php if ($filterent['type'] == "block")
358
				  			$iconfn = "block";
359
						else if ($filterent['type'] == "reject") {
360
							if ($filterent['protocol'] == "tcp" || $filterent['protocol'] == "udp" || $filterent['protocol'] == "tcp/udp")
361
								$iconfn = "reject";
362
							else
363
								$iconfn = "block";
364
						} else
365
							$iconfn = "pass";
366
						if (isset($filterent['disabled'])) {
367
							$textss = "<span class=\"gray\">";
368
							$textse = "</span>";
369
							$iconfn .= "_d";
370
						} else {
371
							$textss = $textse = "";
372
						}
373
				  ?>
374
				  <a href="?if=<?=$if;?>&act=toggle&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="11" height="11" border="0" title="click to toggle enabled/disabled status"></a>
375
				  <?php if (isset($filterent['log'])):
376
							$iconfnlog = "log_s";
377
						if (isset($filterent['disabled']))
378
							$iconfnlog .= "_d";
379
				  	?>
380
				  <br><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfnlog;?>.gif" width="11" height="15" border="0">
381
				  <?php endif; ?>
382
				  </td>
383
				<?php
384
				
385
				//build Alias popup box
386
				$span_end = "";
387
				$alias_src_span_begin = "";
388
				$alias_src_port_span_begin = "";
389
				$alias_dst_span_begin = "";
390
				$alias_dst_port_span_begin = "";
391
				
392
				$alias_popup = rule_popup($filterent['source']['address'],pprint_port($filterent['source']['port']),$filterent['destination']['address'],pprint_port($filterent['destination']['port']));
393
				$span_end = "</U></span>";
394
					
395
				$alias_src_span_begin = $alias_popup["src"];
396
				 									
397
				$alias_src_port_span_begin = $alias_popup["srcport"];
398
													
399
				$alias_dst_span_begin = $alias_popup["dst"];
400
														
401
				$alias_dst_port_span_begin = $alias_popup["dstport"];
402
					
403
				//build Schedule popup box
404
				$a_schedules = &$config['schedules']['schedule'];
405
				$schedule_span_begin = "";
406
				$schedule_span_end = "";
407
				$sched_caption = "";
408
				$sched_content = "";
409
				$schedstatus = false;
410
				$dayArray = array ('Mon','Tues','Wed','Thur','Fri','Sat','Sun');
411
				$monthArray = array ('January','February','March','April','May','June','July','August','September','October','November','December');
412
				if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])){
413
					foreach ($a_schedules as $schedule)
414
					{
415
						if ($schedule['name'] == $filterent['sched'] ){
416
							$schedstatus = filter_get_time_based_rule_status($schedule);
417
							
418
							foreach($schedule['timerange'] as $timerange) {
419
								$tempFriendlyTime = "";
420
								$tempID = "";
421
								$firstprint = false;
422
								if ($timerange){
423
									$dayFriendly = "";
424
									$tempFriendlyTime = "";							
425
										
426
									//get hours
427
									$temptimerange = $timerange['hour'];
428
									$temptimeseparator = strrpos($temptimerange, "-");
429
									
430
									$starttime = substr ($temptimerange, 0, $temptimeseparator); 
431
									$stoptime = substr ($temptimerange, $temptimeseparator+1); 
432
										
433
									if ($timerange['month']){
434
										$tempmontharray = explode(",", $timerange['month']);
435
										$tempdayarray = explode(",",$timerange['day']);
436
										$arraycounter = 0;
437
										$firstDayFound = false;
438
										$firstPrint = false;
439
										foreach ($tempmontharray as $monthtmp){
440
											$month = $tempmontharray[$arraycounter];
441
											$day = $tempdayarray[$arraycounter];
442
											
443
											if (!$firstDayFound)
444
											{
445
												$firstDay = $day;
446
												$firstmonth = $month;
447
												$firstDayFound = true;
448
											}
449
												
450
											$currentDay = $day;
451
											$nextDay = $tempdayarray[$arraycounter+1];
452
											$currentDay++;
453
											if (($currentDay != $nextDay) || ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])){
454
												if ($firstPrint)
455
													$dayFriendly .= ", ";
456
												$currentDay--;
457
												if ($currentDay != $firstDay)
458
													$dayFriendly .= $monthArray[$firstmonth-1] . " " . $firstDay . " - " . $currentDay ;
459
												else
460
													$dayFriendly .=  $monthArray[$month-1] . " " . $day;
461
												$firstDayFound = false;	
462
												$firstPrint = true;
463
											}													
464
											$arraycounter++;	
465
										}
466
									}
467
									else
468
									{
469
										$tempdayFriendly = $timerange['position'];
470
										$firstDayFound = false;
471
										$tempFriendlyDayArray = explode(",", $tempdayFriendly);								
472
										$currentDay = "";
473
										$firstDay = "";
474
										$nextDay = "";
475
										$counter = 0;													
476
										foreach ($tempFriendlyDayArray as $day){
477
											if ($day != ""){
478
												if (!$firstDayFound)
479
												{
480
													$firstDay = $tempFriendlyDayArray[$counter];
481
													$firstDayFound = true;
482
												}
483
												$currentDay =$tempFriendlyDayArray[$counter];
484
												//get next day
485
												$nextDay = $tempFriendlyDayArray[$counter+1];
486
												$currentDay++;					
487
												if ($currentDay != $nextDay){
488
													if ($firstprint)
489
														$dayFriendly .= ", ";
490
													$currentDay--;
491
													if ($currentDay != $firstDay)
492
														$dayFriendly .= $dayArray[$firstDay-1] . " - " . $dayArray[$currentDay-1];
493
													else
494
														$dayFriendly .= $dayArray[$firstDay-1];
495
													$firstDayFound = false;	
496
													$firstprint = true;			
497
												}
498
												$counter++;
499
											}
500
										}
501
									}		
502
									$timeFriendly = $starttime . " - " . $stoptime;
503
									$description = $timerange['rangedescr'];
504
									$sched_content .= $dayFriendly . "; " . $timeFriendly . "<br>";
505
								}
506
							}
507
							$sched_caption = $schedule['descr'];
508
							$schedule_span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$sched_caption</h1><p>$sched_content</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>";
509
							$schedule_span_end = "</U></span>";
510
						}
511
					}
512
				}
513
				$printicon = false;
514
				$alttext = "";
515
				$image = "";
516
				if (!isset($filterent['disabled'])){
517
					 if ($schedstatus) 
518
					 { 
519
					 	if ($iconfn == "block" || $iconfn == "reject")
520
					 	{
521
					 		$image = "icon_block";
522
					 		$alttext = "Traffic matching this rule is currently being denied";
523
					 	}
524
					 	else
525
					 	{
526
					 		$image = "icon_pass";
527
					 		$alttext = "Traffic matching this rule is currently being allowed";
528
					 	}
529
					 	$printicon = true;
530
					  }
531
					  else if ($filterent['sched'])
532
					  { 
533
					 	if ($iconfn == "block" || $iconfn == "reject")
534
					 	{
535
					 		$image = "icon_block_d";
536
					 		$alttext = "Traffic matching this rule is currently being allowed";
537
					 	}
538
					 	else
539
					 	{
540
					 		$image = "icon_block";
541
					 		$alttext = "Traffic matching this rule is currently being denied";
542
					 	}
543
					 	$printicon = true;				  	
544
					  }
545
				}
546
				?>
547
                  <td class="listlr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
548
                    <?=$textss;?><?php if (isset($filterent['protocol'])) echo strtoupper($filterent['protocol']); else echo "*"; ?><?=$textse;?>
549
                  </td>
550
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
551
				    <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?>
552
                  </td>
553
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
554
                    <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['source']['port'])); ?><?php echo $alias_src_port_span_end;?><?=$textse;?>
555
                  </td>
556
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
557
				    <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['destination'])); ?><?php echo $alias_dst_span_end;?><?=$textse;?>
558
                  </td>
559
	              <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
560
                    <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['destination']['port'])); ?><?php echo $alias_dst_port_span_end;?><?=$textse;?>
561
                  </td>
562
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
563
                    <?=$textss;?><?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])) echo htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr']); else  echo htmlspecialchars(pprint_port($filterent['gateway'])); ?><?=$textse;?>
564
                  </td>
565
<td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"><?=$textss;?>
566
                          <?php
567
							if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) {
568
								$desc = $filterent['ackqueue'] ;
569
							    echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&action=show\">{$desc}</a>";
570
								$desc = $filterent['defaultqueue'];
571
							    echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
572
							} else if (isset($filterent['defaultqueue'])) {
573
								$desc = $filterent['defaultqueue'];
574
							    echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>"; }
575
							else echo "none";
576
						  ?><?=$textse;?>
577
                        </td>
578
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"><font color="black">
579
                    <?php if ($printicon) { ?><img src="./themes/<?= $g['theme']; ?>/images/icons/<?php echo $image; ?>.gif" title="<?php echo $alttext;?>" border="0"><?php } ?>&nbsp;<?=$textss;?><?php echo $schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?><?php echo $schedule_span_end; ?><?=$textse;?>
580
                  </td>
581
                  <td class="listbg" onClick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';" class="descr">
582
                    <?=$textss;?><?=htmlspecialchars($filterent['descr']);?>&nbsp;<?=$textse;?>
583
                  </td>
584
                  <td valign="middle" nowrap class="list">
585
				    <table border="0" cellspacing="0" cellpadding="1">
586
					<tr>
587
					  <td><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected rules before this rule" onMouseOver="fr_insline(<?=$nrules;?>, true)" onMouseOut="fr_insline(<?=$nrules;?>, false)"></td>
588
					  <td><a href="firewall_rules_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit rule" width="17" height="17" border="0"></a></td>
589
					</tr>
590
					<tr>
591
					  <td align="center" valign="middle"><a href="firewall_rules.php?act=del&if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="delete rule" onclick="return confirm('Do you really want to delete this rule?')"></a></td>
592
					  <td><a href="firewall_rules_edit.php?dup=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add a new rule based on this one" width="17" height="17" border="0"></a></td>
593
					</tr>
594
					</table>
595
				  </td>
596
				</tr>
597
			  <?php $nrules++; endfor; ?>
598
			  <?php if ($nrules == 0): ?>
599
              <td class="listt"></td>
600
			  <td class="listt"></td>
601
			  <td class="listlr" colspan="9" align="center" valign="middle">
602
			  <span class="gray">
603
			  No rules are currently defined for this interface.<br>
604
			  All incoming connections on this interface will be blocked until you add pass rules.<br><br>
605
			  Click the <a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add new rule" border="0" width="17" height="17" align="absmiddle"></a> button to add a new rule.</span>
606
			  </td>
607
			  <?php endif; ?>
608
                <tr id="fr<?=$nrules;?>">
609
                  <td class="list"></td>
610
                  <td class="list"></td>
611
                  <td class="list">&nbsp;</td>
612
                  <td class="list">&nbsp;</td>
613
                  <td class="list">&nbsp;</td>
614
		  <td class="list">&nbsp;</td>
615
		  <td class="list">&nbsp;</td>
616
                  <td class="list">&nbsp;</td>
617
                  <td class="list">&nbsp;</td>
618
                  <td class="list">&nbsp;</td>
619
                  <td class="list">&nbsp;</td>
620
                  <td class="list">
621
				    <table border="0" cellspacing="0" cellpadding="1">
622
					<tr>
623
				      <td>
624
					  <?php if ($nrules == 0): ?><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="move selected rules to end" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="move selected rules to end" onMouseOver="fr_insline(<?=$nrules;?>, true)" onMouseOut="fr_insline(<?=$nrules;?>, false)"><?php endif; ?></td>
625
					  <td></td>
626
				    </tr>
627
					<tr>
628
					  <td>
629
					  <?php if ($nrules == 0): ?>
630
					  <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="delete selected rules" border="0"><?php else: ?>
631
					  <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="delete selected rules" onclick="return confirm('Do you really want to delete the selected rules?')"><?php endif; ?>
632
					  </td>
633
			                  <td><a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add new rule" width="17" height="17" border="0"></a></td>
634
					</tr>
635
				    </table>
636
				  </td>
637
				</tr>
638
              </table>
639
	      <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
640
                <tr>
641
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11"></td>
642
                  <td>pass</td>
643
                  <td width="14"></td>
644
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
645
                  <td>block</td>
646
                  <td width="14"></td>
647
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_reject.gif" width="11" height="11"></td>
648
                  <td>reject</td>
649
                  <td width="14"></td>
650
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_log.gif" width="11" height="11"></td>
651
                  <td>log</td>
652
                </tr>
653
                <tr>
654
                  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass_d.gif" width="11" height="11"></td>
655
                  <td nowrap>pass (disabled)</td>
656
                  <td>&nbsp;</td>
657
                  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
658
                  <td nowrap>block (disabled)</td>
659
                  <td>&nbsp;</td>
660
                  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_reject_d.gif" width="11" height="11"></td>
661
                  <td nowrap>reject (disabled)</td>
662
                  <td>&nbsp;</td>
663
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_log_d.gif" width="11" height="11"></td>
664
                  <td nowrap>log (disabled)</td>
665
                </tr>
666
		<tr>
667
		  <td colspan="10">
668
  <p>
669
  <strong><span class="red">Hint:<br>
670
  </span></strong>Rules are evaluated on a first-match basis (i.e.
671
  the action of the first rule to match a packet will be executed).
672
  This means that if you use block rules, you'll have to pay attention
673
  to the rule order. Everything that isn't explicitly passed is blocked
674
  by default.</p>
675
		 </td>
676
	        </tr>
677
              </table>
678
	</div>
679
    </td>
680
  </tr>
681
</table>
682
  <input type="hidden" name="if" value="<?=$if;?>">
683
</form>
684
<?php include("fend.inc"); ?>
685
</body>
686
</html>
(56-56/217)