/src/etc/inc/easyrule.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/inc/easyrule.inc @ acb0c154

1	c0b6fdde	jim-p	<?php
2			/*
3	ac24dc24	Renato Botelho	* easyrule.inc
4			*
5			* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2009-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f2f85c3	Luiz Otavio O Souza	* Copyright (c) 2014-2022 Rubicon Communications, LLC (Netgate)
9	ac24dc24	Renato Botelho	* Originally Sponsored By Anathematic @ pfSense Forums
10			* All rights reserved.
11			*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	ac24dc24	Renato Botelho	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	ac24dc24	Renato Botelho	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	ac24dc24	Renato Botelho	*/
24	c0b6fdde	jim-p
25			$blockaliasname = 'EasyRuleBlockHosts';
26	865ff9b4	jim-p	$protocols_with_ports = array('tcp', 'udp');
27			require_once("functions.inc");
28			require_once("util.inc");
29	1d85e963	Renato Botelho	require_once("ipsec.inc");
30	865ff9b4	jim-p	require_once("config.inc");
31	4d828a9a	Ermal Lu?i
32	83314732	Viktor G	global $specialsrcdst;
33			$specialsrcdst = explode(" ", "any pppoe l2tp");
34
35	c0b6fdde	jim-p	function easyrule_find_rule_interface($int) {
36			global $config;
37			/* Borrowed from firewall_rules.php */
38	f593f80b	Phil Davis	$iflist = get_configured_interface_with_descr(true);
39	dadad8b3	jim-p
40	83314732	Viktor G	// add group interfaces
41			if (isset($config['ifgroups']['ifgroupentry']) && is_array($config['ifgroups']['ifgroupentry'])) {
42			foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) {
43			$iflist[$ifgen['ifname']] = $ifgen['ifname'];
44			}
45			}
46
47			if (is_pppoe_server_enabled()) {
48			$iflist['pppoe'] = gettext("PPPoE Server");
49	1e0b1727	Phil Davis	}
50	dadad8b3	jim-p
51	1e0b1727	Phil Davis	if ($config['l2tp']['mode'] == "server") {
52	83314732	Viktor G	$iflist['l2tp'] = gettext("L2TP VPN");
53	1e0b1727	Phil Davis	}
54	4d828a9a	Ermal Lu?i
55	c0b6fdde	jim-p	/* add ipsec interfaces */
56	4e322e2c	Phil Davis	if (ipsec_enabled()) {
57	83314732	Viktor G	$iflist["enc0"] = gettext("IPsec");
58			}
59
60			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"]) {
61			$iflist["openvpn"] = gettext("OpenVPN");
62	4e322e2c	Phil Davis	}
63	dadad8b3	jim-p
64	1e0b1727	Phil Davis	if (isset($iflist[$int])) {
65	c0b6fdde	jim-p	return $int;
66	1e0b1727	Phil Davis	}
67	c0b6fdde	jim-p
68			foreach ($iflist as $if => $ifd) {
69	1e0b1727	Phil Davis	if (strtolower($int) == strtolower($ifd)) {
70	c0b6fdde	jim-p	return $if;
71	1e0b1727	Phil Davis	}
72	c0b6fdde	jim-p	}
73	dadad8b3	jim-p
74	1e0b1727	Phil Davis	if (substr($int, 0, 4) == "ovpn") {
75	066afaf1	jim-p	return "openvpn";
76	1e0b1727	Phil Davis	}
77	bd4c337c	jim-p	if (substr($int, 0, 5) == "ipsec") {
78			return "ipsec";
79			}
80	066afaf1	jim-p
81	c0b6fdde	jim-p	return false;
82			}
83
84	4475997e	jim-p	function easyrule_block_rule_exists($int = 'wan', $ipproto = "inet") {
85	c0b6fdde	jim-p	global $blockaliasname, $config;
86			/* No rules, we we know it doesn't exist */
87			if (!is_array($config['filter']['rule'])) {
88			return false;
89			}
90
91			/* Search through the rules for one referencing our alias */
92	28a581b8	jim-p	foreach ($config['filter']['rule'] as $rule) {
93	1e0b1727	Phil Davis	if (!is_array($rule) \|\| !is_array($rule['source'])) {
94	f3704cb2	jim-p	continue;
95	1e0b1727	Phil Davis	}
96	4475997e	jim-p	$checkproto = isset($rule['ipprotocol']) ? $rule['ipprotocol'] : "inet";
97	1e0b1727	Phil Davis	if ($rule['source']['address'] == $blockaliasname . strtoupper($int) && ($rule['interface'] == $int) && ($checkproto == $ipproto)) {
98	c0b6fdde	jim-p	return true;
99	1e0b1727	Phil Davis	}
100	28a581b8	jim-p	}
101	c0b6fdde	jim-p	return false;
102			}
103
104	64eda26c	jim-p	function easyrule_block_rule_create($int = 'wan', $ipproto = "inet") {
105	c0b6fdde	jim-p	global $blockaliasname, $config;
106			/* If the alias doesn't exist, exit.
107			* Can't create an empty alias, and we don't know a host */
108	1e0b1727	Phil Davis	if (easyrule_block_alias_getid($int) === false) {
109	c0b6fdde	jim-p	return false;
110	1e0b1727	Phil Davis	}
111	c0b6fdde	jim-p
112			/* If the rule already exists, no need to do it again */
113	1e0b1727	Phil Davis	if (easyrule_block_rule_exists($int, $ipproto)) {
114	c0b6fdde	jim-p	return true;
115	1e0b1727	Phil Davis	}
116	c0b6fdde	jim-p
117	b55d94e8	jim-p	init_config_arr(array('filter', 'rule'));
118	c6c398c6	jim-p	filter_rules_sort();
119	c0b6fdde	jim-p	$a_filter = &$config['filter']['rule'];
120
121			/* Make up a new rule */
122			$filterent = array();
123			$filterent['type'] = 'block';
124	dadad8b3	jim-p	$filterent['interface'] = $int;
125	64eda26c	jim-p	$filterent['ipprotocol'] = $ipproto;
126	c0b6fdde	jim-p	$filterent['source']['address'] = $blockaliasname . strtoupper($int);
127			$filterent['destination']['any'] = '';
128	5bd033a0	Renato Botelho	$filterent['descr'] = gettext("Easy Rule: Blocked from Firewall Log View");
129	1c0083d0	jim-p	$filterent['created'] = make_config_revision_entry(null, "Easy Rule");
130	7c1aa62b	jim-p	$filterent['tracker'] = (int)microtime(true);
131	c0b6fdde	jim-p
132	92272605	NOYB	// Refer to firewall_rules_edit.php separators updating code.
133			// Using same code, variables, and techniques here.
134			$after = -1; // Place rule at top and move all separators.
135			array_splice($a_filter, $after+1, 0, array($filterent));
136
137			$tmpif = $int;
138
139			// Update the separators
140	b55d94e8	jim-p	init_config_arr(array('filter', 'separator', strtolower($tmpif)));
141	92272605	NOYB	$a_separators = &$config['filter']['separator'][strtolower($tmpif)];
142			$ridx = ifridx($tmpif, $after); // get rule index within interface
143			$mvnrows = +1;
144			move_separators($a_separators, $ridx, $mvnrows);
145	c0b6fdde	jim-p
146			return true;
147			}
148
149			function easyrule_block_alias_getid($int = 'wan') {
150			global $blockaliasname, $config;
151	1e0b1727	Phil Davis	if (!is_array($config['aliases'])) {
152	c0b6fdde	jim-p	return false;
153	1e0b1727	Phil Davis	}
154	c0b6fdde	jim-p
155			/* Hunt down an alias with the name we want, return its id */
156	1e0b1727	Phil Davis	foreach ($config['aliases']['alias'] as $aliasid => $alias) {
157			if ($alias['name'] == $blockaliasname . strtoupper($int)) {
158	c0b6fdde	jim-p	return $aliasid;
159	1e0b1727	Phil Davis	}
160			}
161	c0b6fdde	jim-p
162			return false;
163			}
164
165			function easyrule_block_alias_add($host, $int = 'wan') {
166			global $blockaliasname, $config;
167			/* If the host isn't a valid IP address, bail */
168	b4147482	jim-p	$host = trim($host, "[]");
169	1e0b1727	Phil Davis	if (!is_ipaddr($host) && !is_subnet($host)) {
170	c0b6fdde	jim-p	return false;
171	1e0b1727	Phil Davis	}
172	c0b6fdde	jim-p
173	b55d94e8	jim-p	init_config_arr(array('aliases', 'alias'));
174	c0b6fdde	jim-p	$a_aliases = &$config['aliases']['alias'];
175
176			/* Try to get the ID if the alias already exists */
177			$id = easyrule_block_alias_getid($int);
178	1e0b1727	Phil Davis	if ($id === false) {
179	c0b6fdde	jim-p	unset($id);
180	1e0b1727	Phil Davis	}
181	c0b6fdde	jim-p
182			$alias = array();
183
184	0c305760	jim-p	if (is_subnet($host)) {
185			list($host, $mask) = explode("/", $host);
186			} elseif (is_specialnet($host)) {
187			$mask = 0;
188	b4147482	jim-p	} elseif (is_ipaddrv6($host)) {
189			$mask = 128;
190	0c305760	jim-p	} else {
191			$mask = 32;
192			}
193
194	c0b6fdde	jim-p	if (isset($id) && $a_aliases[$id]) {
195	e4d8943c	Oliver Welter
196			// Catch case when the list is empty
197			if (empty($a_aliases[$id]['address'])) {
198			$a_address = array();
199			$a_detail = array();
200			} else {
201			$a_address = explode(" ", $a_aliases[$id]['address']);
202
203			/* Make sure this IP isn't already in the list. */
204			if (in_array($host.'/'.$mask, $a_address)) {
205			return true;
206			}
207			$a_detail = explode("\|\|", $a_aliases[$id]['detail']);
208			}
209
210	c0b6fdde	jim-p	/* Since the alias already exists, just add to it. */
211			$alias['name'] = $a_aliases[$id]['name'];
212			$alias['type'] = $a_aliases[$id]['type'];
213			$alias['descr'] = $a_aliases[$id]['descr'];
214
215	e4d8943c	Oliver Welter	$a_address[] = $host.'/'.$mask;
216			$a_detail[] = gettext('Entry added') . ' ' . date('r');
217
218			$alias['address'] = join(" ", $a_address);
219			$alias['detail'] = join("\|\|", $a_detail);
220
221	c0b6fdde	jim-p	} else {
222			/* Create a new alias with all the proper information */
223	1e0b1727	Phil Davis	$alias['name'] = $blockaliasname . strtoupper($int);
224			$alias['type'] = 'network';
225	9d3d8d00	Vinicius Coque	$alias['descr'] = gettext("Hosts blocked from Firewall Log view");
226	c0b6fdde	jim-p
227	0c305760	jim-p	$alias['address'] = $host . '/' . $mask;
228	5bd033a0	Renato Botelho	$alias['detail'] = gettext('Entry added') . ' ' . date('r') . '\|\|';
229	c0b6fdde	jim-p	}
230
231			/* Replace the old alias if needed, otherwise tack it on the end */
232	1e0b1727	Phil Davis	if (isset($id) && $a_aliases[$id]) {
233	c0b6fdde	jim-p	$a_aliases[$id] = $alias;
234	1e0b1727	Phil Davis	} else {
235	c0b6fdde	jim-p	$a_aliases[] = $alias;
236	1e0b1727	Phil Davis	}
237	9bb8d542	Ermal Lu?i
238			// Sort list
239			$a_aliases = msort($a_aliases, "name");
240	c0b6fdde	jim-p
241			return true;
242			}
243
244	015a4824	Viktor G	function easyrule_block_host_add($host, $int = 'wan') {
245	c0b6fdde	jim-p	global $retval;
246			/* Bail if the supplied host is not a valid IP address */
247	b4147482	jim-p	$host = trim($host, "[]");
248	1e0b1727	Phil Davis	if (!is_ipaddr($host) && !is_subnet($host)) {
249	c0b6fdde	jim-p	return false;
250	1e0b1727	Phil Davis	}
251	c0b6fdde	jim-p
252	015a4824	Viktor G	if (is_v6($host)) {
253			$ipproto = 'inet6';
254			} else {
255			$ipproto = 'inet';
256			}
257
258	c0b6fdde	jim-p	/* Flag whether or not we need to reload the filter */
259			$dirty = false;
260
261			/* Attempt to add this host to the alias */
262			if (easyrule_block_alias_add($host, $int)) {
263			$dirty = true;
264			} else {
265			/* Couldn't add the alias, or adding the host failed. */
266			return false;
267			}
268
269			/* Attempt to add the firewall rule if it doesn't exist.
270			* Failing to add the rule isn't necessarily an error, it may
271			* have been modified by the user in some way. Adding to the
272			* Alias is what's important.
273			*/
274	64eda26c	jim-p	if (!easyrule_block_rule_exists($int, $ipproto)) {
275			if (easyrule_block_rule_create($int, $ipproto)) {
276	c0b6fdde	jim-p	$dirty = true;
277			} else {
278			return false;
279			}
280			}
281
282			/* If needed, write the config and reload the filter */
283			if ($dirty) {
284	fddb303a	doktornotor	write_config(sprintf(gettext("Blocked host %s via easy rule"), $host));
285	c0b6fdde	jim-p	$retval = filter_configure();
286	865ff9b4	jim-p	if (!empty($_SERVER['DOCUMENT_ROOT'])) {
287			header("Location: firewall_aliases.php");
288			exit;
289			} else {
290			return true;
291			}
292	c0b6fdde	jim-p	} else {
293			return false;
294			}
295			}
296
297	bd40781a	Seth Mos	function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipproto) {
298	c0b6fdde	jim-p	global $config;
299
300	b55d94e8	jim-p	init_config_arr(array('filter', 'rule'));
301	c6c398c6	jim-p	filter_rules_sort();
302	c0b6fdde	jim-p	$a_filter = &$config['filter']['rule'];
303
304			/* Make up a new rule */
305			$filterent = array();
306			$filterent['type'] = 'pass';
307			$filterent['interface'] = $int;
308	bd40781a	Seth Mos	$filterent['ipprotocol'] = $ipproto;
309	5bd033a0	Renato Botelho	$filterent['descr'] = gettext("Easy Rule: Passed from Firewall Log View");
310	c0b6fdde	jim-p
311	1e0b1727	Phil Davis	if ($proto != "any") {
312	c0b6fdde	jim-p	$filterent['protocol'] = $proto;
313	1e0b1727	Phil Davis	} else {
314	c0b6fdde	jim-p	unset($filterent['protocol']);
315	1e0b1727	Phil Davis	}
316	c0b6fdde	jim-p
317			/* Default to only allow echo requests, since that's what most people want and
318			* it should be a safe choice. */
319	1e0b1727	Phil Davis	if ($proto == "icmp") {
320	c0b6fdde	jim-p	$filterent['icmptype'] = 'echoreq';
321	1e0b1727	Phil Davis	}
322	c0b6fdde	jim-p
323	1e0b1727	Phil Davis	if ((strtolower($proto) == "icmp6") \|\| (strtolower($proto) == "icmpv6")) {
324	daffbc34	jim-p	$filterent['protocol'] = "icmp";
325	1e0b1727	Phil Davis	}
326	daffbc34	jim-p
327	0c305760	jim-p	if (is_subnet($srchost)) {
328			list($srchost, $srcmask) = explode("/", $srchost);
329			} elseif (is_specialnet($srchost)) {
330			$srcmask = 0;
331	aea83400	Thomas Rieschl	} elseif (is_ipaddrv6($srchost)) {
332			$srcmask = 128;
333	0c305760	jim-p	} else {
334			$srcmask = 32;
335			}
336
337			if (is_subnet($dsthost)) {
338			list($dsthost, $dstmask) = explode("/", $dsthost);
339			} elseif (is_specialnet($dsthost)) {
340			$dstmask = 0;
341	aea83400	Thomas Rieschl	} elseif (is_ipaddrv6($dsthost)) {
342			$dstmask = 128;
343	0c305760	jim-p	} else {
344			$dstmask = 32;
345			}
346
347			pconfig_to_address($filterent['source'], $srchost, $srcmask);
348			pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport);
349	c0b6fdde	jim-p
350	7e506f87	jim-p	$filterent['created'] = make_config_revision_entry(null, "Easy Rule");
351	7c1aa62b	jim-p	$filterent['tracker'] = (int)microtime(true);
352	c0b6fdde	jim-p	$a_filter[] = $filterent;
353
354	998f77a8	jim-p	write_config($filterent['descr']);
355	c0b6fdde	jim-p	$retval = filter_configure();
356	865ff9b4	jim-p	if (!empty($_SERVER['DOCUMENT_ROOT'])) {
357			header("Location: firewall_rules.php?if={$int}");
358			exit;
359			} else {
360			return true;
361			}
362			}
363
364	015a4824	Viktor G	function easyrule_parse_block($int, $src) {
365	865ff9b4	jim-p	if (!empty($src) && !empty($int)) {
366	b4147482	jim-p	$src = trim($src, "[]");
367	0c305760	jim-p	if (!is_ipaddr($src) && !is_subnet($src)) {
368	5bd033a0	Renato Botelho	return gettext("Tried to block invalid IP:") . ' ' . htmlspecialchars($src);
369	865ff9b4	jim-p	}
370			$int = easyrule_find_rule_interface($int);
371			if ($int === false) {
372	5bd033a0	Renato Botelho	return gettext("Invalid interface for block rule:") . ' ' . htmlspecialchars($int);
373	865ff9b4	jim-p	}
374	015a4824	Viktor G	if (easyrule_block_host_add($src, $int)) {
375	5bd033a0	Renato Botelho	return gettext("Host added successfully");
376	865ff9b4	jim-p	} else {
377	5bd033a0	Renato Botelho	return gettext("Failed to create block rule, alias, or add host.");
378	865ff9b4	jim-p	}
379			} else {
380	5bd033a0	Renato Botelho	return gettext("Tried to block but had no host IP or interface");
381	865ff9b4	jim-p	}
382	5bd033a0	Renato Botelho	return gettext("Unknown block error.");
383	865ff9b4	jim-p	}
384	4dedce6d	Oliver Welter
385	015a4824	Viktor G	function easyrule_parse_unblock($int, $host) {
386	4dedce6d	Oliver Welter	global $blockaliasname, $config;
387
388			if (!empty($host) && !empty($int)) {
389			$host = trim($host, "[]");
390			if (!is_ipaddr($host) && !is_subnet($host)) {
391			return gettext("Tried to unblock invalid IP:") . ' ' . htmlspecialchars($host);
392			}
393			$real_int = easyrule_find_rule_interface($int);
394			if ($real_int === false) {
395			return gettext("Invalid interface for block rule:") . ' ' . htmlspecialchars($int);
396			}
397
398			/* Try to get the ID - will fail if there are no rules/alias on this interface */
399			$id = easyrule_block_alias_getid($real_int);
400			if ($id === false \|\| !$config['aliases']['alias'][$id]) {
401			return gettext("No block rules set on interface:") . ' ' . htmlspecialchars($int);
402			}
403
404	b55d94e8	jim-p	init_config_arr(array('aliases', 'alias', $id));
405	4dedce6d	Oliver Welter	$alias = &$config['aliases']['alias'][$id];
406
407			if (is_subnet($host)) {
408			list($host, $mask) = explode("/", $host);
409			} elseif (is_specialnet($host)) {
410			$mask = 0;
411			} elseif (is_ipaddrv6($host)) {
412			$mask = 128;
413			} else {
414			$mask = 32;
415			}
416
417			// Create the expected string representation
418			$unblock = $host.'/'.$mask;
419
420			$a_address = explode(" ", $config['aliases']['alias'][$id]['address']);
421			$a_detail = explode("\|\|", $config['aliases']['alias'][$id]['detail']);
422
423	086cf944	Phil Davis	if (($key = array_search($unblock, $a_address)) !== false) {
424	4dedce6d	Oliver Welter	unset($a_address[$key]);
425			unset($a_detail[$key]);
426			// Write back the result to the config array
427			$config['aliases']['alias'][$id]['address'] = join(" ", $a_address);
428			$config['aliases']['alias'][$id]['detail'] = join("\|\|", $a_detail);
429
430			// Update config
431	fddb303a	doktornotor	write_config(sprintf(gettext("Unblocked host %s via easy rule"), $host));
432	4dedce6d	Oliver Welter	$retval = filter_configure();
433			if (!empty($_SERVER['DOCUMENT_ROOT'])) {
434			header("Location: firewall_aliases.php");
435			exit;
436			} else {
437			return gettext("Host unblocked successfully");
438			}
439			} else {
440	6d364925	Phil Davis	return gettext("Host is not on block list: " . $host);
441	4dedce6d	Oliver Welter	}
442			}
443
444			return gettext("Tried to unblock but had no host IP or interface");
445
446			}
447
448			function easyrule_parse_getblock($int = 'wan', $sep = "\n") {
449			global $blockaliasname, $config;
450
451			$real_int = easyrule_find_rule_interface($int);
452			if ($real_int === false) {
453			return gettext("Invalid interface for block rule:") . ' ' . htmlspecialchars($int);
454			}
455
456			/* Try to get the ID - will fail if there are no rules/alias on this interface */
457			$id = easyrule_block_alias_getid($real_int);
458
459			if ($id === false \|\| !$config['aliases']['alias'][$id] \|\| empty($config['aliases']['alias'][$id]['address'])) {
460			return gettext("No block rules set on interface:") . ' ' . htmlspecialchars($int);
461			}
462			return join($sep, explode(" ", $config['aliases']['alias'][$id]['address']));
463
464			}
465
466	64eda26c	jim-p	function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet") {
467	865ff9b4	jim-p	/* Check for valid int, srchost, dsthost, dstport, and proto */
468			global $protocols_with_ports;
469	b4147482	jim-p	$src = trim($src, "[]");
470			$dst = trim($dst, "[]");
471	865ff9b4	jim-p
472			if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) {
473			$int = easyrule_find_rule_interface($int);
474			if ($int === false) {
475	5bd033a0	Renato Botelho	return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int);
476	865ff9b4	jim-p	}
477			if (getprotobyname($proto) == -1) {
478	5bd033a0	Renato Botelho	return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto);
479	865ff9b4	jim-p	}
480	0c305760	jim-p	if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) {
481	5bd033a0	Renato Botelho	return gettext("Tried to pass invalid source IP:") . ' ' . htmlspecialchars($src);
482	865ff9b4	jim-p	}
483	0c305760	jim-p	if (!is_ipaddr($dst) && !is_subnet($dst) && !is_ipaddroralias($dst) && !is_specialnet($dst)) {
484	5bd033a0	Renato Botelho	return gettext("Tried to pass invalid destination IP:") . ' ' . htmlspecialchars($dst);
485	865ff9b4	jim-p	}
486	015a4824	Viktor G	if ((is_v6($src) && is_v4($dst)) \|\| (is_v4($src) && is_v6($dst))) {
487			return gettext("The source IP address family has to match the family of the destination IP address.");
488			}
489			if (is_v6($src)) {
490			$ipproto = 'inet6';
491			} else {
492			$ipproto = 'inet';
493			}
494	865ff9b4	jim-p	if (in_array($proto, $protocols_with_ports)) {
495			if (empty($dstport)) {
496	5bd033a0	Renato Botelho	return gettext("Missing destination port:") . ' ' . htmlspecialchars($dstport);
497	865ff9b4	jim-p	}
498	0c305760	jim-p	if (!is_port($dstport) && ($dstport != "any")) {
499	5bd033a0	Renato Botelho	return gettext("Tried to pass invalid destination port:") . ' ' . htmlspecialchars($dstport);
500	865ff9b4	jim-p	}
501			} else {
502			$dstport = 0;
503			}
504			/* Should have valid input... */
505	bd40781a	Seth Mos	if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) {
506	5bd033a0	Renato Botelho	return gettext("Successfully added pass rule!");
507	865ff9b4	jim-p	} else {
508	5bd033a0	Renato Botelho	return gettext("Failed to add pass rule.");
509	865ff9b4	jim-p	}
510			} else {
511	5bd033a0	Renato Botelho	return gettext("Missing parameters for pass rule.");
512	865ff9b4	jim-p	}
513	5bd033a0	Renato Botelho	return gettext("Unknown pass error.");
514	c0b6fdde	jim-p	}
515	9734b054	Scott Ullrich
516	bd40781a	Seth Mos	?>

Project

General

Profile

pfSense