Revision bd00203a
Added by | src/etc/inc/globals.inc | ||
|---|---|---|
| 267 | 267 |
* User-accessible read-only aliases reserved for system use. |
| 268 | 268 |
* |
| 269 | 269 |
* Entries must have the name as the key. Each entry must have a name, |
| 270 |
* type, description, and address. Possible values are:
|
|
| 270 |
* type, and description. Possible values are:
|
|
| 271 | 271 |
* - name: Same value as the key; used for compatibility with other functions. |
| 272 |
* - url: Only required for URL* types. |
|
| 272 |
* - url: A URL string for URL* types. Alternatively it may be a file path. |
|
| 273 |
* If a file path is given, the alias is assumed to be processed |
|
| 274 |
* separately such as with rc.update_bogons.sh. |
|
| 273 | 275 |
* - type: The alias type. |
| 274 | 276 |
* - descr: A string value. |
| 275 | 277 |
* - address: A string of space-separated values; may be defined |
| ... | ... | |
| 284 | 286 |
'name' => 'bogons', |
| 285 | 287 |
'type' => 'urltable', |
| 286 | 288 |
'url' => '/etc/bogons', |
| 287 |
'descr' => 'IPv4 Bogons',
|
|
| 289 |
'descr' => 'IPv4 bogons',
|
|
| 288 | 290 |
'address' => '', |
| 289 | 291 |
'detail' => '' |
| 290 | 292 |
], |
| ... | ... | |
| 292 | 294 |
'name' => 'bogonsv6', |
| 293 | 295 |
'type' => 'urltable', |
| 294 | 296 |
'url' => '/etc/bogonsv6', |
| 295 |
'descr' => 'IPv6 Bogons',
|
|
| 297 |
'descr' => 'IPv6 bogons.',
|
|
| 296 | 298 |
'address' => '', |
| 297 | 299 |
'detail' => '' |
| 298 | 300 |
], |
| 299 | 301 |
'sshguard' => [ |
| 300 | 302 |
'name' => 'sshguard', |
| 301 | 303 |
'type' => 'host', |
| 302 |
'descr' => 'Hosts blocklisted by SSH login protection',
|
|
| 304 |
'descr' => 'Hosts blocked by SSH login protection.',
|
|
| 303 | 305 |
'address' => '', |
| 304 | 306 |
'detail' => '' |
| 305 | 307 |
], |
| 306 | 308 |
'snort2c' => [ |
| 307 | 309 |
'name' => 'snort2c', |
| 308 | 310 |
'type' => 'host', |
| 309 |
'descr' => 'Hosts blocked by IDS', |
|
| 311 |
'descr' => 'Hosts blocked by IDS.',
|
|
| 310 | 312 |
'address' => '', |
| 311 | 313 |
'detail' => '' |
| 312 | 314 |
], |
| 313 | 315 |
'virusprot' => [ |
| 314 | 316 |
'name' => 'virusprot', |
| 315 | 317 |
'type' => 'host', |
| 316 |
'descr' => 'Hosts blocked due to connection restrictions', |
|
| 318 |
'descr' => 'Hosts blocked due to connection restrictions.',
|
|
| 317 | 319 |
'address' => '', |
| 318 | 320 |
'detail' => '' |
| 319 | 321 |
], |
| 320 | 322 |
'vpn_networks' => [ |
| 321 | 323 |
'name' => 'vpn_networks', |
| 322 | 324 |
'type' => 'network', |
| 323 |
'descr' => 'Networks for IPsec, OpenVPN, and PPPoE', |
|
| 325 |
'descr' => 'Networks for IPsec, OpenVPN, and PPPoE.',
|
|
| 324 | 326 |
'address' => '', |
| 325 | 327 |
'detail' => '' |
| 326 | 328 |
], |
| 327 | 329 |
'negate_networks' => [ |
| 328 | 330 |
'name' => 'negate_networks', |
| 329 | 331 |
'type' => 'network', |
| 330 |
'descr' => 'Networks to negate with policy routing rules', |
|
| 332 |
'descr' => 'Networks to negate with policy routing rules.',
|
|
| 331 | 333 |
'address' => '', |
| 332 | 334 |
'detail' => '' |
| 333 | 335 |
], |
| 334 | 336 |
'tonatsubnets' => [ |
| 335 | 337 |
'name' => 'tonatsubnets', |
| 336 | 338 |
'type' => 'network', |
| 337 |
'descr' => 'Automatically NAT\'ed networks', |
|
| 339 |
'descr' => 'Automatically NAT\'ed networks.',
|
|
| 338 | 340 |
'address' => '', |
| 339 | 341 |
'detail' => '' |
| 340 | 342 |
], |
| src/etc/inc/util.inc | ||
|---|---|---|
| 2185 | 2185 |
global $aliastable; |
| 2186 | 2186 |
|
| 2187 | 2187 |
$aliastable = array(); |
| 2188 |
$aliases = config_get_path('aliases/alias', []);
|
|
| 2189 |
|
|
| 2190 |
// Reserved aliases take precedence. |
|
| 2191 |
$reserved_alias = get_reserved_table_names(); |
|
| 2192 |
if (!empty($reserved_alias)) {
|
|
| 2193 |
foreach ($aliases as $id => $info) {
|
|
| 2194 |
if (!isset($reserved_alias[$info['name']])) {
|
|
| 2195 |
continue; |
|
| 2196 |
} |
|
| 2197 |
$aliases[$id] = $reserved_alias[$info['name']]; |
|
| 2198 |
unset($reserved_alias[$info['name']]); |
|
| 2199 |
} |
|
| 2200 |
|
|
| 2201 |
if (!empty($reserved_alias)) {
|
|
| 2202 |
$aliases = array_merge($aliases, array_values($reserved_alias)); |
|
| 2203 |
} |
|
| 2204 |
} |
|
| 2188 | 2205 |
|
| 2189 |
foreach (config_get_path('aliases/alias', []) as $alias) {
|
|
| 2206 |
foreach ($aliases as $alias) {
|
|
| 2190 | 2207 |
if (!is_array($alias) || empty($alias)) {
|
| 2191 | 2208 |
continue; |
| 2192 | 2209 |
} |
| ... | ... | |
| 2230 | 2247 |
// Reserved aliases take precedence. |
| 2231 | 2248 |
$reserved_alias = get_reserved_table_names($name); |
| 2232 | 2249 |
if (!empty($reserved_alias)) {
|
| 2233 |
foreach ($aliases as $id => $info) {
|
|
| 2234 |
if (isset($reserved_alias[$info['name']])) {
|
|
| 2235 |
$aliases[$id] = $reserved_alias[$info['name']]; |
|
| 2236 |
unset($reserved_alias[$info['name']]); |
|
| 2237 |
} |
|
| 2238 |
} |
|
| 2239 |
$aliases = array_merge($aliases, array_values($reserved_alias)); |
|
| 2250 |
return $reserved_alias[array_key_first($reserved_alias)]['type']; |
|
| 2240 | 2251 |
} |
| 2241 | 2252 |
|
| 2242 | 2253 |
foreach ($aliases as $alias) {
|
| ... | ... | |
| 2262 | 2273 |
$urltable_filename = $urltable_prefix . $name . ".txt"; |
| 2263 | 2274 |
|
| 2264 | 2275 |
$aliases = config_get_path('aliases/alias', []);
|
| 2265 |
$aliastable_with_system_aliases = $aliastable; |
|
| 2266 |
$is_system_alias = false; |
|
| 2267 | 2276 |
|
| 2268 | 2277 |
// Reserved aliases take precedence. |
| 2269 | 2278 |
$reserved_alias = get_reserved_table_names($name); |
| 2270 | 2279 |
if (!empty($reserved_alias)) {
|
| 2271 |
$is_system_alias = true; |
|
| 2272 |
$aliastable_with_system_aliases = array_merge($aliastable_with_system_aliases, $reserved_alias); |
|
| 2280 |
if (!in_array($reserved_alias[array_key_first($reserved_alias)]['type'], ['url', 'url_ports', 'urltable', "urltable_ports"])) {
|
|
| 2281 |
if (in_array($reserved_alias[array_key_first($reserved_alias)]['type'], ['port'])) {
|
|
| 2282 |
return "\${$name}";
|
|
| 2283 |
} else {
|
|
| 2284 |
return "<{$name}>";
|
|
| 2285 |
} |
|
| 2286 |
} |
|
| 2287 |
|
|
| 2288 |
// Handle URL* type system aliases that specify a file path. |
|
| 2289 |
if (!empty($reserved_alias[array_key_first($reserved_alias)]['url']) && !is_URL($reserved_alias[array_key_first($reserved_alias)]['url'])) {
|
|
| 2290 |
$urltable_filename = $reserved_alias[array_key_first($reserved_alias)]['url']; |
|
| 2291 |
if (file_exists($urltable_filename) && !empty(trim(file_get_contents($urltable_filename)))) {
|
|
| 2292 |
if (in_array($reserved_alias[array_key_first($reserved_alias)]['type'], ['url_ports', 'urltable_ports'])) {
|
|
| 2293 |
// pf does not support port tables - use a macro instead. |
|
| 2294 |
return "\${$name}";
|
|
| 2295 |
} else {
|
|
| 2296 |
return "<{$name}>";
|
|
| 2297 |
} |
|
| 2298 |
} else {
|
|
| 2299 |
return null; |
|
| 2300 |
} |
|
| 2301 |
} |
|
| 2302 |
|
|
| 2303 |
// Replace user alias with system alias. |
|
| 2273 | 2304 |
foreach ($aliases as $id => $info) {
|
| 2274 |
if (isset($reserved_alias[$info['name']])) {
|
|
| 2275 |
$aliases[$id] = $reserved_alias[$info['name']]; |
|
| 2276 |
unset($reserved_alias[$info['name']]); |
|
| 2305 |
if (!isset($reserved_alias[$info['name']])) {
|
|
| 2306 |
continue; |
|
| 2277 | 2307 |
} |
| 2308 |
$aliases[$id] = $reserved_alias[$info['name']]; |
|
| 2309 |
unset($reserved_alias[$info['name']]); |
|
| 2310 |
break; |
|
| 2311 |
} |
|
| 2312 |
if (!empty($reserved_alias)) {
|
|
| 2313 |
$aliases = array_merge($aliases, array_values($reserved_alias)); |
|
| 2278 | 2314 |
} |
| 2279 |
$aliases = array_merge($aliases, array_values($reserved_alias)); |
|
| 2280 | 2315 |
} |
| 2281 | 2316 |
|
| 2282 |
if (isset($aliastable_with_system_aliases[$name])) {
|
|
| 2317 |
if (isset($aliastable[$name])) {
|
|
| 2283 | 2318 |
// alias names cannot be strictly numeric. redmine #4289 |
| 2284 | 2319 |
if (is_numericint($name)) {
|
| 2285 | 2320 |
return null; |
| ... | ... | |
| 2291 | 2326 |
*/ |
| 2292 | 2327 |
foreach ($aliases as $alias) {
|
| 2293 | 2328 |
if ($alias['name'] == $name) {
|
| 2294 |
$file_path = ($is_system_alias ? $alias['url'] : $urltable_filename); |
|
| 2295 | 2329 |
if (in_array($alias['type'], ['url', 'url_ports', 'urltable', "urltable_ports"])) {
|
| 2296 |
if (file_exists($file_path) && !empty(trim(file_get_contents($file_path)))) {
|
|
| 2330 |
if (is_URL($alias['url']) && file_exists($urltable_filename) && !empty(trim(file_get_contents($urltable_filename)))) {
|
|
| 2297 | 2331 |
return "\${$name}";
|
| 2298 | 2332 |
} elseif (is_array($alias['aliasurl'])) {
|
| 2299 | 2333 |
foreach ($alias['aliasurl'] as $aliasurl) {
|
| ... | ... | |
| 2333 | 2367 |
$aliases = config_get_path('aliases/alias', []);
|
| 2334 | 2368 |
|
| 2335 | 2369 |
// Reserved aliases take precedence. |
| 2336 |
$reserved_alias = get_reserved_table_names($name); |
|
| 2370 |
$reserved_alias = get_reserved_table_names($name, 'urltable');
|
|
| 2337 | 2371 |
if (!empty($reserved_alias)) {
|
| 2372 |
// Handle URL* type system aliases that specify a file path. |
|
| 2373 |
if (!empty($reserved_alias[array_key_first($reserved_alias)]['url']) && !is_URL($reserved_alias[array_key_first($reserved_alias)]['url'])) {
|
|
| 2374 |
$urltable_filename = $reserved_alias[array_key_first($reserved_alias)]['url']; |
|
| 2375 |
if (file_exists($urltable_filename)) {
|
|
| 2376 |
return $urltable_filename; |
|
| 2377 |
} else {
|
|
| 2378 |
return null; |
|
| 2379 |
} |
|
| 2380 |
} |
|
| 2381 |
|
|
| 2382 |
// Replace user alias with system alias. |
|
| 2338 | 2383 |
foreach ($aliases as $id => $info) {
|
| 2339 |
if (isset($reserved_alias[$info['name']])) {
|
|
| 2340 |
$aliases[$id] = $reserved_alias[$info['name']]; |
|
| 2341 |
unset($reserved_alias[$info['name']]); |
|
| 2384 |
if (!isset($reserved_alias[$info['name']])) {
|
|
| 2385 |
continue; |
|
| 2342 | 2386 |
} |
| 2387 |
$aliases[$id] = $reserved_alias[$info['name']]; |
|
| 2388 |
unset($reserved_alias[$info['name']]); |
|
| 2389 |
break; |
|
| 2390 |
} |
|
| 2391 |
if (!empty($reserved_alias)) {
|
|
| 2392 |
$aliases = array_merge($aliases, array_values($reserved_alias)); |
|
| 2343 | 2393 |
} |
| 2344 |
$aliases = array_merge($aliases, array_values($reserved_alias)); |
|
| 2345 | 2394 |
} |
| 2346 | 2395 |
|
| 2347 | 2396 |
foreach ($aliases as $alias) {
|
| src/usr/local/www/firewall_nat.php | ||
|---|---|---|
| 219 | 219 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'], $rdr_srctype_flags)))?>
|
| 220 | 220 |
</a> |
| 221 | 221 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['source']['network'], $system_alias_specialnet)): ?> |
| 222 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['source']['network']) . '__NETWORK')?>" data-html="true">
|
|
| 222 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtoupper($natent['source']['network']) . '__NETWORK', true)?>" data-html="true">
|
|
| 223 | 223 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'], $rdr_srctype_flags)))?>
|
| 224 | 224 |
</a> |
| 225 | 225 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['source']['address'], $system_aliases_hosts)): ?> |
| 226 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['source']['address']))?>" data-html="true">
|
|
| 226 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['source']['address']), true)?>" data-html="true">
|
|
| 227 | 227 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'])))?>
|
| 228 | 228 |
</a> |
| 229 | 229 |
<?php else: ?> |
| ... | ... | |
| 236 | 236 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['source']['port'])))?>
|
| 237 | 237 |
</a> |
| 238 | 238 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['source']['port'], $system_aliases_ports)): ?> |
| 239 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($natent['source']['port']))?>" data-html="true">
|
|
| 239 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['source']['port']), true)?>" data-html="true">
|
|
| 240 | 240 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['source']['port'])))?>
|
| 241 | 241 |
</a> |
| 242 | 242 |
<?php else: ?> |
| ... | ... | |
| 250 | 250 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'], $rdr_dsttype_flags)))?>
|
| 251 | 251 |
</a> |
| 252 | 252 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['destination']['network'], $system_alias_specialnet)): ?> |
| 253 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['destination']['network']) . '__NETWORK')?>" data-html="true">
|
|
| 253 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtoupper($natent['destination']['network']) . '__NETWORK', true)?>" data-html="true">
|
|
| 254 | 254 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'], $rdr_dsttype_flags)))?>
|
| 255 | 255 |
</a> |
| 256 | 256 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['destination']['address'], $system_aliases_hosts)): ?> |
| 257 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['destination']['address']))?>" data-html="true">
|
|
| 257 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['destination']['address']), true)?>" data-html="true">
|
|
| 258 | 258 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'])))?>
|
| 259 | 259 |
</a> |
| 260 | 260 |
<?php else: ?> |
| ... | ... | |
| 267 | 267 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['destination']['port'])))?>
|
| 268 | 268 |
</a> |
| 269 | 269 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['destination']['port'], $system_aliases_ports)): ?> |
| 270 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($natent['destination']['port']))?>" data-html="true">
|
|
| 270 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['destination']['port']), true)?>" data-html="true">
|
|
| 271 | 271 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['destination']['port'])))?>
|
| 272 | 272 |
</a> |
| 273 | 273 |
<?php else: ?> |
| ... | ... | |
| 280 | 280 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address(['network' => $natent['target']], $rdr_lcltype_flags)))?>
|
| 281 | 281 |
</a> |
| 282 | 282 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['target'], $system_aliases_hosts)): ?> |
| 283 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($natent['target']))?>" data-html="true">
|
|
| 283 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['target']), true)?>" data-html="true">
|
|
| 284 | 284 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address(['address' => $natent['target']])))?>
|
| 285 | 285 |
</a> |
| 286 | 286 |
<?php else: ?> |
| ... | ... | |
| 293 | 293 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($localport)))?>
|
| 294 | 294 |
</a> |
| 295 | 295 |
<?php elseif ($show_system_alias_popup && array_key_exists($localport, $system_aliases_ports)): ?> |
| 296 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($localport))?>" data-html="true">
|
|
| 296 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($localport), true)?>" data-html="true">
|
|
| 297 | 297 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($localport)))?>
|
| 298 | 298 |
</a> |
| 299 | 299 |
<?php else: ?> |
| src/usr/local/www/firewall_nat_1to1.php | ||
|---|---|---|
| 162 | 162 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'], $binat_srctype_flags)))?>
|
| 163 | 163 |
</a> |
| 164 | 164 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['source']['network'], $system_alias_specialnet)): ?> |
| 165 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['source']['network']) . '__NETWORK')?>" data-html="true">
|
|
| 165 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtoupper($natent['source']['network']) . '__NETWORK', true)?>" data-html="true">
|
|
| 166 | 166 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'], $binat_srctype_flags)))?>
|
| 167 | 167 |
</a> |
| 168 | 168 |
<?php else: ?> |
| ... | ... | |
| 175 | 175 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'], $binat_dsttype_flags)))?>
|
| 176 | 176 |
</a> |
| 177 | 177 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['destination']['network'], $system_alias_specialnet)): ?> |
| 178 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['destination']['network']) . '__NETWORK')?>" data-html="true">
|
|
| 178 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtoupper($natent['destination']['network']) . '__NETWORK', true)?>" data-html="true">
|
|
| 179 | 179 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'], $binat_dsttype_flags)))?>
|
| 180 | 180 |
</a> |
| 181 | 181 |
<?php else: ?> |
| src/usr/local/www/firewall_nat_out.php | ||
|---|---|---|
| 233 | 233 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'], $nat_srctype_flags)))?>
|
| 234 | 234 |
</a> |
| 235 | 235 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['source']['network'], $system_alias_specialnet)): ?> |
| 236 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['source']['network']) . '__NETWORK')?>" data-html="true">
|
|
| 236 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtoupper($natent['source']['network']) . '__NETWORK', true)?>" data-html="true">
|
|
| 237 | 237 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'], $nat_srctype_flags)))?>
|
| 238 | 238 |
</a> |
| 239 | 239 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['source']['network'], $system_aliases_hosts)): ?> |
| 240 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['source']['network']))?>" data-html="true">
|
|
| 240 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['source']['network']), true)?>" data-html="true">
|
|
| 241 | 241 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'])))?>
|
| 242 | 242 |
</a> |
| 243 | 243 |
<?php else: ?> |
| ... | ... | |
| 256 | 256 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['sourceport'])))?>
|
| 257 | 257 |
</a> |
| 258 | 258 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['sourceport'], $system_aliases_ports)): ?> |
| 259 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($natent['sourceport']))?>" data-html="true">
|
|
| 259 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['sourceport']), true)?>" data-html="true">
|
|
| 260 | 260 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['sourceport'])))?>
|
| 261 | 261 |
</a> |
| 262 | 262 |
<?php else: ?> |
| ... | ... | |
| 270 | 270 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'], $nat_dsttype_flags)))?>
|
| 271 | 271 |
</a> |
| 272 | 272 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['destination']['network'], $system_alias_specialnet)): ?> |
| 273 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['destination']['network']) . '__NETWORK')?>" data-html="true">
|
|
| 273 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtoupper($natent['destination']['network']) . '__NETWORK', true)?>" data-html="true">
|
|
| 274 | 274 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'], $nat_dsttype_flags)))?>
|
| 275 | 275 |
</a> |
| 276 | 276 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['destination']['network'], $system_aliases_hosts)): ?> |
| 277 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($natent['destination']['network']))?>" data-html="true">
|
|
| 277 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['destination']['network']), true)?>" data-html="true">
|
|
| 278 | 278 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'])))?>
|
| 279 | 279 |
</a> |
| 280 | 280 |
<?php else: ?> |
| ... | ... | |
| 293 | 293 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['dstport'])))?>
|
| 294 | 294 |
</a> |
| 295 | 295 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['dstport'], $system_aliases_ports)): ?> |
| 296 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($natent['dstport']))?>" data-html="true">
|
|
| 296 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['dstport']), true)?>" data-html="true">
|
|
| 297 | 297 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['dstport'])))?>
|
| 298 | 298 |
</a> |
| 299 | 299 |
<?php else: ?> |
| ... | ... | |
| 308 | 308 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address(['network' => $natent['target']], $nat_tgttype_flags)))?>
|
| 309 | 309 |
</a> |
| 310 | 310 |
<?php elseif ($show_system_alias_popup && array_key_exists($natent['target'], $system_aliases_hosts)): ?> |
| 311 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($natent['target']))?>" data-html="true">
|
|
| 311 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($natent['target']), true)?>" data-html="true">
|
|
| 312 | 312 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address(['address' => $natent['target']])))?>
|
| 313 | 313 |
</a> |
| 314 | 314 |
<?php elseif (empty($natent['target_subnet'])): ?> |
| src/usr/local/www/firewall_rules.php | ||
|---|---|---|
| 890 | 890 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($filterent['source'])))?>
|
| 891 | 891 |
</a> |
| 892 | 892 |
<?php elseif ($show_system_alias_popup && array_key_exists($filterent['source']['network'], $system_alias_specialnet)): ?> |
| 893 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($filterent['source']['network']) . '__NETWORK')?>" data-html="true">
|
|
| 893 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtoupper($filterent['source']['network']) . '__NETWORK', true)?>" data-html="true">
|
|
| 894 | 894 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($filterent['source'], $filter_srcdsttype_flags)))?>
|
| 895 | 895 |
</a> |
| 896 | 896 |
<?php elseif ($show_system_alias_popup && array_key_exists($filterent['source']['address'], $system_aliases_hosts)): ?> |
| 897 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($filterent['source']['address']))?>" data-html="true">
|
|
| 897 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($filterent['source']['address']), true)?>" data-html="true">
|
|
| 898 | 898 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($filterent['source'])))?>
|
| 899 | 899 |
</a> |
| 900 | 900 |
<?php else: ?> |
| ... | ... | |
| 907 | 907 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($filterent['source']['port'])))?>
|
| 908 | 908 |
</a> |
| 909 | 909 |
<?php elseif ($show_system_alias_popup && array_key_exists($filterent['source']['port'], $system_aliases_ports)): ?> |
| 910 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($filterent['source']['port']))?>" data-html="true">
|
|
| 910 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($filterent['source']['port']), true)?>" data-html="true">
|
|
| 911 | 911 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($filterent['source']['port'])))?>
|
| 912 | 912 |
</a> |
| 913 | 913 |
<?php else: ?> |
| ... | ... | |
| 920 | 920 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($filterent['destination'])))?>
|
| 921 | 921 |
</a> |
| 922 | 922 |
<?php elseif ($show_system_alias_popup && array_key_exists($filterent['destination']['network'], $system_alias_specialnet)): ?> |
| 923 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($filterent['destination']['network']) . '__NETWORK')?>" data-html="true">
|
|
| 923 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtoupper($filterent['destination']['network']) . '__NETWORK', true)?>" data-html="true">
|
|
| 924 | 924 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($filterent['destination'], $filter_srcdsttype_flags)))?>
|
| 925 | 925 |
</a> |
| 926 | 926 |
<?php elseif ($show_system_alias_popup && array_key_exists($filterent['destination']['address'], $system_aliases_hosts)): ?> |
| 927 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtoupper($filterent['destination']['network']))?>" data-html="true">
|
|
| 927 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($filterent['destination']['address']), true)?>" data-html="true">
|
|
| 928 | 928 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($filterent['destination'])))?>
|
| 929 | 929 |
</a> |
| 930 | 930 |
<?php else: ?> |
| ... | ... | |
| 937 | 937 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($filterent['destination']['port'])))?>
|
| 938 | 938 |
</a> |
| 939 | 939 |
<?php elseif ($show_system_alias_popup && array_key_exists($filterent['destination']['port'], $system_aliases_ports)): ?> |
| 940 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=system_alias_info_popup(strtolower($filterent['destination']['port']))?>" data-html="true">
|
|
| 940 |
<a data-toggle="popover" data-trigger="hover focus" title="<?=gettext('System alias details')?>" data-content="<?=alias_info_popup(strtolower($filterent['destination']['port']), true)?>" data-html="true">
|
|
| 941 | 941 |
<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($filterent['destination']['port'])))?>
|
| 942 | 942 |
</a> |
| 943 | 943 |
<?php else: ?> |
| src/usr/local/www/guiconfig.inc | ||
|---|---|---|
| 917 | 917 |
} |
| 918 | 918 |
} |
| 919 | 919 |
|
| 920 |
function system_alias_info_popup($name) {
|
|
| 920 |
function system_alias_info_popup($name, $description = null) {
|
|
| 921 | 921 |
if (empty($name)) {
|
| 922 | 922 |
return ''; |
| 923 | 923 |
} |
| ... | ... | |
| 931 | 931 |
$alias_items[] = htmlspecialchars(trim($address)); |
| 932 | 932 |
} |
| 933 | 933 |
|
| 934 |
$content = '<h5>' . htmlspecialchars($alias) . '</h5>';
|
|
| 934 |
$content = '<h5>' . ($description ?? htmlspecialchars($name)) . '</h5>';
|
|
| 935 | 935 |
if (empty($alias_items)) {
|
| 936 | 936 |
return $content; |
| 937 | 937 |
} |
| ... | ... | |
| 940 | 940 |
return $content; |
| 941 | 941 |
} |
| 942 | 942 |
|
| 943 |
function alias_info_popup($alias_id) {
|
|
| 943 |
function alias_info_popup($alias_id, $is_system_alias = false) {
|
|
| 944 | 944 |
global $user_settings; |
| 945 | 945 |
|
| 946 |
$alias = config_get_path("aliases/alias/{$alias_id}");
|
|
| 947 |
if (!is_array($alias)) {
|
|
| 948 |
return; |
|
| 946 |
$alias = null; |
|
| 947 |
|
|
| 948 |
if ($is_system_alias) {
|
|
| 949 |
// Reserved aliases take precedence. |
|
| 950 |
$reserved_alias = get_reserved_table_names($alias_id); |
|
| 951 |
if (empty($reserved_alias)) {
|
|
| 952 |
return system_alias_info_popup($alias_id); |
|
| 953 |
} elseif (in_array($reserved_alias[array_key_first($reserved_alias)]['type'], ['network', 'host']) && empty($reserved_alias[array_key_first($reserved_alias)]['address'])) {
|
|
| 954 |
return system_alias_info_popup($alias_id, $reserved_alias[array_key_first($reserved_alias)]['descr']); |
|
| 955 |
} |
|
| 956 |
$alias = $reserved_alias[array_key_first($reserved_alias)]; |
|
| 957 |
} else {
|
|
| 958 |
$alias = config_get_path("aliases/alias/{$alias_id}");
|
|
| 959 |
} |
|
| 960 |
|
|
| 961 |
if (!isset($alias)) {
|
|
| 962 |
return ''; |
|
| 949 | 963 |
} |
| 950 | 964 |
|
| 951 | 965 |
$maxlength = 60; |
| ... | ... | |
| 956 | 970 |
$alias['descr'] = substr($alias['descr'], 0, $maxlength) . '…'; |
| 957 | 971 |
} |
| 958 | 972 |
|
| 959 |
$content .= $alias['descr'];
|
|
| 973 |
return htmlspecialchars($alias['descr']);
|
|
| 960 | 974 |
} else if ($alias['url']) {
|
| 961 | 975 |
// TODO: Change it when pf supports tables with ports |
| 962 | 976 |
if ($alias['type'] == "urltable") {
|
| ... | ... | |
| 974 | 988 |
$content .= '<i>'. gettext("listing only first 10k items") .'</i>';
|
| 975 | 989 |
} |
| 976 | 990 |
} else {
|
| 991 |
if (empty($alias['address'])) {
|
|
| 992 |
if (strlen($alias['descr']) >= $maxlength) {
|
|
| 993 |
$alias['descr'] = substr($alias['descr'], 0, $maxlength) . '…'; |
|
| 994 |
} |
|
| 995 |
return htmlspecialchars($alias['descr']); |
|
| 996 |
} |
|
| 977 | 997 |
$alias_addresses = explode (" ", $alias['address']);
|
| 978 | 998 |
$alias_details = explode ("||", $alias['detail']);
|
| 979 | 999 |
$idx = 0; |
Also available in: Unified diff
Fix rule generation and display for system aliases
This is a followup to 52e512c0555d9f5a91732907e524364358d3f70c
- Update system alias comments and descriptions.
- Improve reserved aliases processing.
- Use alias_info_popup() code when possible for system aliases.
- Handle system port aliases correctly.
- Show the description for dynamically generated system aliases when
the content cannot be determined. Since pf does not support port
tables, dynamic system port aliases always show the description.