/usr/local/www/firewall_shaper_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_shaper_edit.php @ a9808a38

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2	5412cd45	Scott Ullrich	<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5	3ffab555	Scott Ullrich	firewall_shaper_edit.php
6			part of m0n0wall (http://m0n0.ch/wall)
7	5412cd45	Scott Ullrich
8	3ffab555	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
9			All rights reserved.
10	5412cd45	Scott Ullrich
11	3ffab555	Scott Ullrich	Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13	5412cd45	Scott Ullrich
14	3ffab555	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16	5412cd45	Scott Ullrich
17	3ffab555	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20	5412cd45	Scott Ullrich
21	3ffab555	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31	5b237745	Scott Ullrich	*/
32
33			require("guiconfig.inc");
34
35			if (!is_array($config['shaper']['rule'])) {
36			$config['shaper']['rule'] = array();
37			}
38			$a_shaper = &$config['shaper']['rule'];
39
40			$specialsrcdst = explode(" ", "any lan pptp");
41
42			$id = $_GET['id'];
43			if (isset($_POST['id']))
44			$id = $_POST['id'];
45	5412cd45	Scott Ullrich
46	5b237745	Scott Ullrich	$after = $_GET['after'];
47			if (isset($_POST['after']))
48			$after = $_POST['after'];
49	5412cd45	Scott Ullrich
50	5b237745	Scott Ullrich	if (isset($_GET['dup'])) {
51			$id = $_GET['dup'];
52			$after = $_GET['dup'];
53			}
54	5412cd45	Scott Ullrich
55	5b237745	Scott Ullrich	if (isset($id) && $a_shaper[$id]) {
56			$pconfig['interface'] = $a_shaper[$id]['interface'];
57	5412cd45	Scott Ullrich
58	5b237745	Scott Ullrich	if (isset($a_shaper[$id]['protocol']))
59			$pconfig['proto'] = $a_shaper[$id]['protocol'];
60			else
61			$pconfig['proto'] = "any";
62	5412cd45	Scott Ullrich
63	5b237745	Scott Ullrich	address_to_pconfig($a_shaper[$id]['source'], $pconfig['src'],
64			$pconfig['srcmask'], $pconfig['srcnot'],
65			$pconfig['srcbeginport'], $pconfig['srcendport']);
66	5412cd45	Scott Ullrich
67	5b237745	Scott Ullrich	address_to_pconfig($a_shaper[$id]['destination'], $pconfig['dst'],
68			$pconfig['dstmask'], $pconfig['dstnot'],
69			$pconfig['dstbeginport'], $pconfig['dstendport']);
70	5412cd45	Scott Ullrich
71	92b753f8	Bill Marquette	$pconfig['inqueue'] = $a_shaper[$id]['inqueue'];
72			$pconfig['outqueue'] = $a_shaper[$id]['outqueue'];
73	5412cd45	Scott Ullrich
74	5b237745	Scott Ullrich	$pconfig['direction'] = $a_shaper[$id]['direction'];
75			$pconfig['iptos'] = $a_shaper[$id]['iptos'];
76			$pconfig['tcpflags'] = $a_shaper[$id]['tcpflags'];
77			$pconfig['descr'] = $a_shaper[$id]['descr'];
78			$pconfig['disabled'] = isset($a_shaper[$id]['disabled']);
79	5412cd45	Scott Ullrich
80	5b237745	Scott Ullrich	if ($pconfig['srcbeginport'] == 0) {
81			$pconfig['srcbeginport'] = "any";
82			$pconfig['srcendport'] = "any";
83			}
84			if ($pconfig['dstbeginport'] == 0) {
85			$pconfig['dstbeginport'] = "any";
86			$pconfig['dstendport'] = "any";
87			}
88	5412cd45	Scott Ullrich
89	5b237745	Scott Ullrich	} else {
90			/* defaults */
91			$pconfig['src'] = "any";
92			$pconfig['dst'] = "any";
93			}
94
95			if (isset($_GET['dup']))
96			unset($id);
97
98			if ($_POST) {
99
100			if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "any")) {
101			$_POST['srcbeginport'] = 0;
102			$_POST['srcendport'] = 0;
103			$_POST['dstbeginport'] = 0;
104			$_POST['dstendport'] = 0;
105			} else {
106	5412cd45	Scott Ullrich
107	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
108			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
109			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
110			$_POST['srcendport'] = $_POST['srcendport_cust'];
111	5412cd45	Scott Ullrich
112	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
113			$_POST['srcbeginport'] = 0;
114			$_POST['srcendport'] = 0;
115	5412cd45	Scott Ullrich	} else {
116	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
117			$_POST['srcendport'] = $_POST['srcbeginport'];
118			}
119			if ($_POST['srcendport'] == "any")
120			$_POST['srcendport'] = $_POST['srcbeginport'];
121	5412cd45	Scott Ullrich
122	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
123			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
124			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
125			$_POST['dstendport'] = $_POST['dstendport_cust'];
126	5412cd45	Scott Ullrich
127	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
128			$_POST['dstbeginport'] = 0;
129			$_POST['dstendport'] = 0;
130	5412cd45	Scott Ullrich	} else {
131	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
132			$_POST['dstendport'] = $_POST['dstbeginport'];
133			}
134			if ($_POST['dstendport'] == "any")
135	5412cd45	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
136	5b237745	Scott Ullrich	}
137	5412cd45	Scott Ullrich
138	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
139			$_POST['src'] = $_POST['srctype'];
140			$_POST['srcmask'] = 0;
141			} else if ($_POST['srctype'] == "single") {
142			$_POST['srcmask'] = 32;
143			}
144			if (is_specialnet($_POST['dsttype'])) {
145			$_POST['dst'] = $_POST['dsttype'];
146			$_POST['dstmask'] = 0;
147			} else if ($_POST['dsttype'] == "single") {
148			$_POST['dstmask'] = 32;
149			}
150	5412cd45	Scott Ullrich
151	5b237745	Scott Ullrich	$intos = array();
152			foreach ($iptos as $tos) {
153			if ($_POST['iptos_' . $tos] == "on")
154			$intos[] = $tos;
155			else if ($_POST['iptos_' . $tos] == "off")
156			$intos[] = "!" . $tos;
157			}
158			$_POST['iptos'] = join(",", $intos);
159	5412cd45	Scott Ullrich
160	5b237745	Scott Ullrich	$intcpflags = array();
161			foreach ($tcpflags as $tcpflag) {
162			if ($_POST['tcpflags_' . $tcpflag] == "on")
163			$intcpflags[] = $tcpflag;
164			else if ($_POST['tcpflags_' . $tcpflag] == "off")
165			$intcpflags[] = "!" . $tcpflag;
166			}
167			$_POST['tcpflags'] = join(",", $intcpflags);
168	5412cd45	Scott Ullrich
169	5b237745	Scott Ullrich	unset($input_errors);
170			$pconfig = $_POST;
171
172			/* input validation */
173	92b753f8	Bill Marquette	$reqdfields = explode(" ", "inqueue outqueue proto src dst");
174			$reqdfieldsn = explode(",", "Inbound Queue,Outbound Queue,Protocol,Source,Destination");
175	5412cd45	Scott Ullrich
176	5b237745	Scott Ullrich	if (!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) {
177			$reqdfields[] = "srcmask";
178			$reqdfieldsn[] = "Source bit count";
179			}
180			if (!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) {
181			$reqdfields[] = "dstmask";
182			$reqdfieldsn[] = "Destination bit count";
183			}
184	5412cd45	Scott Ullrich
185	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
186	5412cd45	Scott Ullrich
187	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
188			$_POST['srcbeginport'] = 0;
189			$_POST['srcendport'] = 0;
190			}
191			if (!$_POST['dstbeginport']) {
192			$_POST['dstbeginport'] = 0;
193			$_POST['dstendport'] = 0;
194			}
195	5412cd45	Scott Ullrich
196	79e8a215	Scott Ullrich	if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) {
197			$input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
198	5b237745	Scott Ullrich	}
199	79e8a215	Scott Ullrich	if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) {
200			$input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
201	5b237745	Scott Ullrich	}
202	79e8a215	Scott Ullrich	if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) {
203			$input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
204	5b237745	Scott Ullrich	}
205	79e8a215	Scott Ullrich	if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) {
206			$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
207	5b237745	Scott Ullrich	}
208	5412cd45	Scott Ullrich
209	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
210			if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
211			$input_errors[] = "A valid source IP address or alias must be specified.";
212			}
213			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
214			$input_errors[] = "A valid source bit count must be specified.";
215			}
216			}
217			if (!is_specialnet($_POST['dsttype'])) {
218			if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
219			$input_errors[] = "A valid destination IP address or alias must be specified.";
220			}
221			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
222			$input_errors[] = "A valid destination bit count must be specified.";
223			}
224			}
225	5412cd45	Scott Ullrich
226	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
227			/* swap */
228			$tmp = $_POST['srcendport'];
229			$_POST['srcendport'] = $_POST['srcbeginport'];
230			$_POST['srcbeginport'] = $tmp;
231			}
232			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
233			/* swap */
234			$tmp = $_POST['dstendport'];
235			$_POST['dstendport'] = $_POST['dstbeginport'];
236			$_POST['dstbeginport'] = $tmp;
237			}
238	5412cd45	Scott Ullrich
239	5b237745	Scott Ullrich	if (!$input_errors) {
240			$shaperent = array();
241			$shaperent['interface'] = $_POST['interface'];
242	5412cd45	Scott Ullrich
243	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
244			$shaperent['protocol'] = $_POST['proto'];
245			else
246			unset($shaperent['protocol']);
247	5412cd45	Scott Ullrich
248	5b237745	Scott Ullrich	pconfig_to_address($shaperent['source'], $_POST['src'],
249			$_POST['srcmask'], $_POST['srcnot'],
250			$_POST['srcbeginport'], $_POST['srcendport']);
251	5412cd45	Scott Ullrich
252	5b237745	Scott Ullrich	pconfig_to_address($shaperent['destination'], $_POST['dst'],
253			$_POST['dstmask'], $_POST['dstnot'],
254			$_POST['dstbeginport'], $_POST['dstendport']);
255	5412cd45	Scott Ullrich
256	5b237745	Scott Ullrich	$shaperent['direction'] = $_POST['direction'];
257			$shaperent['iptos'] = $_POST['iptos'];
258			$shaperent['tcpflags'] = $_POST['tcpflags'];
259			$shaperent['descr'] = $_POST['descr'];
260			$shaperent['disabled'] = $_POST['disabled'] ? true : false;
261	5412cd45	Scott Ullrich
262	92b753f8	Bill Marquette	$shaperent['inqueue'] = $_POST['inqueue'];
263			$shaperent['outqueue'] = $_POST['outqueue'];
264	5412cd45	Scott Ullrich
265	5b237745	Scott Ullrich	if (isset($id) && $a_shaper[$id])
266			$a_shaper[$id] = $shaperent;
267			else {
268			if (is_numeric($after))
269			array_splice($a_shaper, $after+1, 0, array($shaperent));
270			else
271			$a_shaper[] = $shaperent;
272			}
273	5412cd45	Scott Ullrich
274	5b237745	Scott Ullrich	write_config();
275			touch($d_shaperconfdirty_path);
276	5412cd45	Scott Ullrich
277	5b237745	Scott Ullrich	header("Location: firewall_shaper.php");
278			exit;
279			}
280			}
281	da7ae7ef	Bill Marquette
282	c44f1bd5	Bill Marquette	$pgtitle = "Firewall: Shaper: Rules: Edit";
283	a1357fe0	Bill Marquette	$closehead = false;
284	da7ae7ef	Bill Marquette	include("head.inc");
285	5b237745	Scott Ullrich	?>
286	da7ae7ef	Bill Marquette
287	5b237745	Scott Ullrich	<script language="JavaScript">
288			<!--
289			var portsenabled = 1;
290
291			function ext_change() {
292			if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) {
293			document.iform.srcbeginport_cust.disabled = 0;
294			} else {
295			document.iform.srcbeginport_cust.value = "";
296			document.iform.srcbeginport_cust.disabled = 1;
297			}
298			if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) {
299			document.iform.srcendport_cust.disabled = 0;
300			} else {
301			document.iform.srcendport_cust.value = "";
302			document.iform.srcendport_cust.disabled = 1;
303			}
304			if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled) {
305			document.iform.dstbeginport_cust.disabled = 0;
306			} else {
307			document.iform.dstbeginport_cust.value = "";
308			document.iform.dstbeginport_cust.disabled = 1;
309			}
310			if ((document.iform.dstendport.selectedIndex == 0) && portsenabled) {
311			document.iform.dstendport_cust.disabled = 0;
312			} else {
313			document.iform.dstendport_cust.value = "";
314			document.iform.dstendport_cust.disabled = 1;
315			}
316	5412cd45	Scott Ullrich
317	5b237745	Scott Ullrich	if (!portsenabled) {
318			document.iform.srcbeginport.disabled = 1;
319			document.iform.srcendport.disabled = 1;
320			document.iform.dstbeginport.disabled = 1;
321			document.iform.dstendport.disabled = 1;
322			} else {
323			document.iform.srcbeginport.disabled = 0;
324			document.iform.srcendport.disabled = 0;
325			document.iform.dstbeginport.disabled = 0;
326			document.iform.dstendport.disabled = 0;
327			}
328			}
329
330			function typesel_change() {
331			switch (document.iform.srctype.selectedIndex) {
332			case 1: /* single */
333			document.iform.src.disabled = 0;
334			document.iform.srcmask.value = "";
335			document.iform.srcmask.disabled = 1;
336			break;
337			case 2: /* network */
338			document.iform.src.disabled = 0;
339			document.iform.srcmask.disabled = 0;
340			break;
341			default:
342			document.iform.src.value = "";
343			document.iform.src.disabled = 1;
344			document.iform.srcmask.value = "";
345			document.iform.srcmask.disabled = 1;
346			break;
347			}
348			switch (document.iform.dsttype.selectedIndex) {
349			case 1: /* single */
350			document.iform.dst.disabled = 0;
351			document.iform.dstmask.value = "";
352			document.iform.dstmask.disabled = 1;
353			break;
354			case 2: /* network */
355			document.iform.dst.disabled = 0;
356			document.iform.dstmask.disabled = 0;
357			break;
358			default:
359			document.iform.dst.value = "";
360			document.iform.dst.disabled = 1;
361			document.iform.dstmask.value = "";
362			document.iform.dstmask.disabled = 1;
363			break;
364			}
365			}
366
367			function proto_change() {
368			if (document.iform.proto.selectedIndex < 2 \|\| document.iform.proto.selectedIndex == 8) {
369			portsenabled = 1;
370			} else {
371			portsenabled = 0;
372			}
373	5412cd45	Scott Ullrich
374	5b237745	Scott Ullrich	ext_change();
375			}
376
377			function src_rep_change() {
378			document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex;
379			}
380			function dst_rep_change() {
381			document.iform.dstendport.selectedIndex = document.iform.dstbeginport.selectedIndex;
382			}
383			//-->
384			</script>
385			</head>
386
387			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
388			<?php include("fbegin.inc"); ?>
389	da7ae7ef	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
390	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
391	5412cd45	Scott Ullrich	<?php if (is_array($config['shaper']['queue']) && (count($config['shaper']['queue']) > 0)): ?>
392	5b237745	Scott Ullrich	<form action="firewall_shaper_edit.php" method="post" name="iform" id="iform">
393	ef97ce1b	Bill Marquette	<?display_topbar()?>
394	5b237745	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
395	5412cd45	Scott Ullrich	<tr>
396	5b237745	Scott Ullrich	<td valign="top" class="vncellreq">Target</td>
397	1d819396	Bill Marquette	<td class="vtable"> <select name="outqueue" class="formfld">
398	5412cd45	Scott Ullrich	<?php
399	5b237745	Scott Ullrich	foreach ($config['shaper']['queue'] as $queuei => $queue): ?>
400	1d819396	Bill Marquette	<option value="<?=$queue['name'];?>" <?php if ($queue['name'] == $pconfig['outqueue']) echo "selected"; ?>>
401	72bc087a	Scott Ullrich	<?php
402	1d819396	Bill Marquette	echo htmlspecialchars("Outbound Queue " . ($queuei + 1));
403	5412cd45	Scott Ullrich	if ($queue['name'])
404			echo htmlspecialchars(" (" . $queue['name'] . ")");
405	72bc087a	Scott Ullrich	?>
406	5b237745	Scott Ullrich	</option>
407			<?php endforeach; ?>
408	1d819396	Bill Marquette	</select>/<select name="inqueue" class="formfld">
409	92b753f8	Bill Marquette	<?php
410			foreach ($config['shaper']['queue'] as $queuei => $queue): ?>
411	1d819396	Bill Marquette	<option value="<?=$queue['name'];?>" <?php if ($queue['name'] == $pconfig['inqueue']) echo "selected"; ?>>
412	92b753f8	Bill Marquette	<?php
413	1d819396	Bill Marquette	echo htmlspecialchars("Inbound Queue " . ($queuei + 1));
414	92b753f8	Bill Marquette	if ($queue['name'])
415			echo htmlspecialchars(" (" . $queue['name'] . ")");
416			?>
417			</option>
418			<?php endforeach; ?> <br>
419	54405438	Bill Marquette	<span class="vexpl">Choose a queue where packets that
420	5b237745	Scott Ullrich	match this rule should be sent.</span></td>
421			</tr>
422			<tr>
423			<td valign="top" class="vncellreq">Disabled</td>
424			<td class="vtable">
425			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
426			<strong>Disable this rule</strong><br>
427			<span class="vexpl">Set this option to disable this rule without removing it from the list.</span></td>
428			</tr>
429	5412cd45	Scott Ullrich	<tr>
430	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
431			<td width="78%" class="vtable"> <select name="interface" class="formfld">
432			<?php $interfaces = array('lan' => 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP');
433			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
434			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
435			}
436			foreach ($interfaces as $iface => $ifacename): ?>
437	5412cd45	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
438	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
439			</option>
440			<?php endforeach; ?>
441			</select> <br>
442	5412cd45	Scott Ullrich	<span class="vexpl">Choose which interface packets must pass
443	5b237745	Scott Ullrich	through to match this rule.</span></td>
444			</tr>
445	5412cd45	Scott Ullrich	<tr>
446	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
447			<td width="78%" class="vtable"> <select name="proto" class="formfld" onchange="proto_change()">
448			<?php $protocols = explode(" ", "TCP UDP ICMP ESP AH GRE IPv6 IGMP any"); foreach ($protocols as $proto): ?>
449	5412cd45	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>>
450	5b237745	Scott Ullrich	<?=htmlspecialchars($proto);?>
451			</option>
452			<?php endforeach; ?>
453	5412cd45	Scott Ullrich	</select> <br> <span class="vexpl">Choose which IP protocol
454	5b237745	Scott Ullrich	this rule should match.<br>
455			Hint: in most cases, you should specify <em>TCP</em>  here.</span></td>
456			</tr>
457	5412cd45	Scott Ullrich	<tr>
458	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Source</td>
459	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
460	5b237745	Scott Ullrich	<strong>not</strong><br>
461	5412cd45	Scott Ullrich	Use this option to invert the sense of the match.<br> <br>
462	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
463	5412cd45	Scott Ullrich	<tr>
464	5b237745	Scott Ullrich	<td>Type:  </td>
465			<td><select name="srctype" class="formfld" onChange="typesel_change()">
466			<?php $sel = is_specialnet($pconfig['src']); ?>
467	5412cd45	Scott Ullrich	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>
468	5b237745	Scott Ullrich	any</option>
469	5412cd45	Scott Ullrich	<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
470	5b237745	Scott Ullrich	Single host or alias</option>
471	5412cd45	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
472	5b237745	Scott Ullrich	Network</option>
473	5412cd45	Scott Ullrich	<option value="lan" <?php if ($pconfig['src'] == "lan") { echo "selected"; } ?>>
474	5b237745	Scott Ullrich	LAN subnet</option>
475	5412cd45	Scott Ullrich	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>
476	5b237745	Scott Ullrich	PPTP clients</option>
477			<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
478	5412cd45	Scott Ullrich	<option value="opt<?=$i;?>" <?php if ($pconfig['src'] == "opt" . $i) { echo "selected"; } ?>>
479	5b237745	Scott Ullrich	<?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?>
480			subnet</option>
481			<?php endfor; ?>
482			</select></td>
483			</tr>
484	5412cd45	Scott Ullrich	<tr>
485	5b237745	Scott Ullrich	<td>Address:  </td>
486	7f387ab0	Erik Kristensen	<td><input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>">
487	5412cd45	Scott Ullrich	/
488	5b237745	Scott Ullrich	<select name="srcmask" class="formfld" id="srcmask">
489			<?php for ($i = 31; $i > 0; $i--): ?>
490	5412cd45	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>>
491	5b237745	Scott Ullrich	<?=$i;?>
492			</option>
493			<?php endfor; ?>
494			</select></td>
495			</tr>
496			</table></td>
497			</tr>
498	5412cd45	Scott Ullrich	<tr>
499			<td width="22%" valign="top" class="vncellreq">Source port range
500	5b237745	Scott Ullrich	</td>
501			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
502	5412cd45	Scott Ullrich	<tr>
503	5b237745	Scott Ullrich	<td>from:  </td>
504			<td><select name="srcbeginport" class="formfld" onchange="src_rep_change();ext_change()">
505			<option value="">(other)</option>
506			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
507			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
508			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) {
509			echo "selected";
510			$bfound = 1;
511	5412cd45	Scott Ullrich	}?>>
512	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
513			</option>
514			<?php endforeach; ?>
515	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"></td>
516	5b237745	Scott Ullrich	</tr>
517	5412cd45	Scott Ullrich	<tr>
518	5b237745	Scott Ullrich	<td>to:</td>
519			<td><select name="srcendport" class="formfld" onchange="ext_change()">
520			<option value="">(other)</option>
521			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
522			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
523			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) {
524			echo "selected";
525			$bfound = 1;
526	5412cd45	Scott Ullrich	}?>>
527	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
528			</option>
529			<?php endforeach; ?>
530	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"></td>
531	5b237745	Scott Ullrich	</tr>
532			</table>
533	5412cd45	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range for
534	5b237745	Scott Ullrich	the source of the packet for this rule.<br>
535	5412cd45	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
536	5b237745	Scott Ullrich	want to filter a single port</span></td>
537	5412cd45	Scott Ullrich	<tr>
538	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Destination</td>
539	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
540	5b237745	Scott Ullrich	<strong>not</strong><br>
541	5412cd45	Scott Ullrich	Use this option to invert the sense of the match.<br> <br>
542	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
543	5412cd45	Scott Ullrich	<tr>
544	5b237745	Scott Ullrich	<td>Type:  </td>
545			<td><select name="dsttype" class="formfld" onChange="typesel_change()">
546			<?php $sel = is_specialnet($pconfig['dst']); ?>
547	5412cd45	Scott Ullrich	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>
548	5b237745	Scott Ullrich	any</option>
549	5412cd45	Scott Ullrich	<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
550	5b237745	Scott Ullrich	Single host or alias</option>
551	5412cd45	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
552	5b237745	Scott Ullrich	Network</option>
553	5412cd45	Scott Ullrich	<option value="lan" <?php if ($pconfig['dst'] == "lan") { echo "selected"; } ?>>
554	5b237745	Scott Ullrich	LAN subnet</option>
555	5412cd45	Scott Ullrich	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>
556	5b237745	Scott Ullrich	PPTP clients</option>
557			<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
558	5412cd45	Scott Ullrich	<option value="opt<?=$i;?>" <?php if ($pconfig['dst'] == "opt" . $i) { echo "selected"; } ?>>
559	5b237745	Scott Ullrich	<?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?>
560			subnet</option>
561			<?php endfor; ?>
562			</select> </td>
563			</tr>
564	5412cd45	Scott Ullrich	<tr>
565	5b237745	Scott Ullrich	<td>Address:  </td>
566	7f387ab0	Erik Kristensen	<td><input name="dst" autocomplete='off' type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
567	5412cd45	Scott Ullrich	/
568	5b237745	Scott Ullrich	<select name="dstmask" class="formfld" id="dstmask">
569			<?php for ($i = 31; $i > 0; $i--): ?>
570	5412cd45	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>>
571	5b237745	Scott Ullrich	<?=$i;?>
572			</option>
573			<?php endfor; ?>
574			</select></td>
575			</tr>
576			</table></td>
577			</tr>
578	5412cd45	Scott Ullrich	<tr>
579			<td width="22%" valign="top" class="vncellreq">Destination port
580	5b237745	Scott Ullrich	range </td>
581			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
582	5412cd45	Scott Ullrich	<tr>
583	5b237745	Scott Ullrich	<td>from:  </td>
584			<td><select name="dstbeginport" class="formfld" onchange="dst_rep_change();ext_change()">
585			<option value="">(other)</option>
586			<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
587			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
588			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) {
589			echo "selected";
590			$bfound = 1;
591	5412cd45	Scott Ullrich	}?>>
592	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
593			</option>
594			<?php endforeach; ?>
595	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"></td>
596	5b237745	Scott Ullrich	</tr>
597	5412cd45	Scott Ullrich	<tr>
598	5b237745	Scott Ullrich	<td>to:</td>
599			<td><select name="dstendport" class="formfld" onchange="ext_change()">
600			<option value="">(other)</option>
601			<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
602			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
603			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) {
604			echo "selected";
605			$bfound = 1;
606	5412cd45	Scott Ullrich	}?>>
607	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
608			</option>
609			<?php endforeach; ?>
610	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"></td>
611	5b237745	Scott Ullrich	</tr>
612			</table>
613	5412cd45	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range for
614	5b237745	Scott Ullrich	the destination of the packet for this rule.<br>
615	5412cd45	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
616	5b237745	Scott Ullrich	want to filter a single port</span></td>
617	5412cd45	Scott Ullrich	<tr>
618	5b237745	Scott Ullrich	<td valign="top" class="vncell">Direction</td>
619			<td class="vtable"> <select name="direction" class="formfld">
620			<option value="" <?php if (!$pconfig['direction']) echo "selected"; ?>>any</option>
621			<option value="in" <?php if ($pconfig['direction'] == "in") echo "selected"; ?>>in</option>
622			<option value="out" <?php if ($pconfig['direction'] == "out") echo "selected"; ?>>out</option>
623			</select> <br>
624	5412cd45	Scott Ullrich	Use this to match only packets travelling in a given direction
625			on the interface specified above (as seen from the firewall's
626	5b237745	Scott Ullrich	perspective). </td>
627			</tr>
628	5412cd45	Scott Ullrich	<tr>
629	36de9000	Scott Ullrich	<td width="22%" valign="top" class="vncell">IP Type of Service (TOS)</td>
630			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
631	5412cd45	Scott Ullrich	<?php
632	3ffab555	Scott Ullrich	$iniptos = explode(",", $pconfig['iptos']);
633			foreach ($iptos as $tos): $dontcare = true; ?>
634	5412cd45	Scott Ullrich	<tr>
635			<td width="80" nowrap><strong>
636	3ffab555	Scott Ullrich	<?echo $tos;?>
637	36de9000	Scott Ullrich	</strong></td>
638			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="on" <?php if (array_search($tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
639			yes   </td>
640			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="off" <?php if (array_search("!" . $tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
641			no   </td>
642			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="" <?php if ($dontcare) echo "checked";?>>
643			don't care</td>
644			</tr>
645			<?php endforeach; ?>
646			</table>
647			<span class="vexpl">Use this to match packets according to their IP TOS values.
648			</span></td>
649	5b237745	Scott Ullrich	</tr>
650	5412cd45	Scott Ullrich	<tr>
651	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">TCP flags</td>
652			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
653	5412cd45	Scott Ullrich	<?php
654	5b237745	Scott Ullrich	$inflags = explode(",", $pconfig['tcpflags']);
655			foreach ($tcpflags as $tcpflag): $dontcare = true; ?>
656	5412cd45	Scott Ullrich	<tr>
657			<td width="40" nowrap><strong>
658	5b237745	Scott Ullrich	<?=strtoupper($tcpflag);?>
659			</strong></td>
660			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="on" <?php if (array_search($tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>>
661			set   </td>
662			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="off" <?php if (array_search("!" . $tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>>
663			cleared   </td>
664			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="" <?php if ($dontcare) echo "checked";?>>
665			don't care</td>
666			</tr>
667			<?php endforeach; ?>
668			</table>
669	5412cd45	Scott Ullrich	<span class="vexpl">Use this to choose TCP flags that must
670	5b237745	Scott Ullrich	be set or cleared for this rule to match.</span></td>
671			</tr>
672	5412cd45	Scott Ullrich	<tr>
673	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
674	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
675			<br> <span class="vexpl">You may enter a description here
676	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
677			</tr>
678	5412cd45	Scott Ullrich	<tr>
679	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
680	fc01e414	Scott Ullrich	<td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
681	5b237745	Scott Ullrich	<?php if (isset($id) && $a_shaper[$id]): ?>
682			<input name="id" type="hidden" value="<?=$id;?>">
683			<?php endif; ?>
684			<input name="after" type="hidden" value="<?=$after;?>">
685			</td>
686			</tr>
687			</table>
688			</form>
689			<script language="JavaScript">
690			<!--
691			ext_change();
692			typesel_change();
693			proto_change();
694	79e8a215	Scott Ullrich	-->
695	5b237745	Scott Ullrich	</script>
696	12bcdc89	Scott Ullrich	<?php else: ?>
697	71c2518c	Scott Ullrich	<p><strong>You need to create a queue before you can add a new rule.</strong></p>
698	12bcdc89	Scott Ullrich	<?php endif; ?>
699	79e8a215	Scott Ullrich	<?php
700			$isfirst = 0;
701			$aliases = "";
702			$addrisfirst = 0;
703			$aliasesaddr = "";
704	b7141335	Scott Ullrich	if(is_array($config['aliases']['alias'])) {
705			foreach($config['aliases']['alias'] as $alias_name) {
706			if(!stristr($alias_name['address'], ".")) {
707			if($isfirst == 1) $aliases .= ",";
708			$aliases .= "'" . $alias_name['name'] . "'";
709			$isfirst = 1;
710			} else {
711			if($addrisfirst == 1) $aliasesaddr .= ",";
712			$aliasesaddr .= "'" . $alias_name['name'] . "'";
713			$addrisfirst = 1;
714			}
715	79e8a215	Scott Ullrich	}
716			}
717			?>
718
719			<script language="JavaScript">
720			<!--
721	7f387ab0	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
722			var customarray=new Array(<?php echo $aliases; ?>);
723	79e8a215	Scott Ullrich	//-->
724			</script>
725	7f387ab0	Erik Kristensen
726	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
727			</body>
728			</html>

Project

General

Profile

pfSense