Project

General

Profile

« Previous | Next » 

Revision bd40781a

Added by Seth Mos over 14 years ago

add a ipprotocol variable to the easy add rules

View differences:

etc/inc/easyrule.inc
46 46 
	if ($config['pptpd']['mode'] == "server")
47 47 
		$iflist['pptp'] = "PPTP VPN";
48 48 

  		




  49
  
  
    
	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))


  		




  
  49
  
    
	if ($config['pppoe']['mode'] == "server")


  		




  50
  50
  
    
		$iflist['pppoe'] = "PPPoE VPN";


  		




  51
  51
  
    

  		




  52
  52
  
    
	if ($config['l2tp']['mode'] == "server")


  		




  ......




  229
  229
  
    
	}


  		




  230
  230
  
    
}


  		




  231
  231
  
    

  		




  232
  
  
    
function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport) {


  		




  
  232
  
    
function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipproto) {


  		




  233
  233
  
    
	global $config;


  		




  234
  234
  
    

  		




  235
  235
  
    
	/* No rules, start a new array */


  		




  ......




  244
  244
  
    
	$filterent = array();


  		




  245
  245
  
    
	$filterent['type'] = 'pass';


  		




  246
  246
  
    
	$filterent['interface'] = $int;


  		




  
  247
  
    
	$filterent['ipprotocol'] = $ipproto;


  		




  247
  248
  
    
	$filterent['descr'] = "Easy Rule: Passed from Firewall Log View";


  		




  248
  249
  
    

  		




  249
  250
  
    
	if ($proto != "any")


  		




  ......




  271
  272
  
    
	}


  		




  272
  273
  
    
}


  		




  273
  274
  
    

  		




  274
  
  
    
function easyrule_parse_block($int, $src) {


  		




  
  275
  
    
function easyrule_parse_block($int, $src, $ipproto) {


  		




  
  276
  
    
	$filterent['ipprotocol'] = $ipproto;


  		




  275
  277
  
    
	if (!empty($src) && !empty($int)) {


  		




  276
  278
  
    
		if (!is_ipaddr($src)) {


  		




  277
  279
  
    
			return "Tried to block invalid IP: " . htmlspecialchars($src);


  		




  ......




  290
  292
  
    
	}


  		




  291
  293
  
    
	return "Unknown block error.";


  		




  292
  294
  
    
}


  		




  293
  
  
    
function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0) {


  		




  
  295
  
    
function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = inet) {


  		




  294
  296
  
    
	/* Check for valid int, srchost, dsthost, dstport, and proto */


  		




  295
  297
  
    
	global $protocols_with_ports;


  		




  296
  298
  
    

  		




  ......




  319
  321
  
    
			$dstport = 0;


  		




  320
  322
  
    
		}


  		




  321
  323
  
    
		/* Should have valid input... */


  		




  322
  
  
    
		if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport)) {


  		




  
  324
  
    
		if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) {


  		




  323
  325
  
    
			return "Successfully added pass rule!";


  		




  324
  326
  
    
		} else {


  		




  325
  327
  
    
			return "Failed to add pass rule.";


  		




  ......




  330
  332
  
    
	return "Unknown pass error.";


  		




  331
  333
  
    
}


  		




  332
  334
  
    

  		




  333
  
  
    
?>


  		




  
  335
  
    
?>


  		












  

    
      usr/local/www/diag_logs_filter.php
    
  





  150
  150
  
    
			  <?php


  		




  151
  151
  
    
			  $int = strtolower($filterent['interface']);


  		




  152
  152
  
    
			  $proto = strtolower($filterent['proto']);


  		




  
  153
  
    
			  if(is_ipaddrv6($filterent['srcip']))


  		




  
  154
  
    
				$ipproto = "inet6";


  		




  153
  155
  
    

  		




  154
  156
  
    
			  $srcstr = $filterent['srcip'] . get_port_with_service($filterent['srcport'], $proto);


  		




  155
  157
  
    
			  $dststr = $filterent['dstip'] . get_port_with_service($filterent['dstport'], $proto);


  		




  156
  158
  
    
			  ?>


  		




  157
  159
  
    
			  <td class="listr" nowrap>


  		




  158
  160
  
    
				<a href="diag_dns.php?host=<?php echo $filterent['srcip']; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_log.gif"></a>


  		




  159
  
  
    
				<a href="easyrule.php?<?php echo "action=block&int={$int}&src={$filterent['srcip']}"; ?>" title="<?=gettext("Easy Rule: Add to Block List");?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.")?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_block_add.gif"></a>


  		




  
  161
  
    
				<a href="easyrule.php?<?php echo "action=block&int={$int}&src={$filterent['srcip']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Add to Block List");?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.")?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_block_add.gif"></a>


  		




  160
  162
  
    
				<?php echo $srcstr;?>


  		




  161
  163
  
    
			  </td>


  		




  162
  164
  
    
			  <td class="listr" nowrap>


  		




  163
  165
  
    
				<a href="diag_dns.php?host=<?php echo $filterent['dstip']; ?>" title="<?=gettext("Reverse Resolve with DNS");?>"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_log.gif"></a>


  		




  164
  
  
    
				<a href="easyrule.php?<?php echo "action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic");?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.");?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass_add.gif"></a>


  		




  
  166
  
    
				<a href="easyrule.php?<?php echo "action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic");?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")."\n\n".gettext("Easy Rule is still experimental.")."\n".gettext("Continue at risk of your own peril.")."\n".gettext("Backups are also nice.");?>')"><img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_pass_add.gif"></a>


  		




  165
  167
  
    
				<?php echo $dststr;?>


  		




  166
  168
  
    
			  </td>


  		




  167
  169
  
    
			  <?php


  		












  

    
      usr/local/www/easyrule.php
    
  





  45
  45
  
    
	switch ($_GET['action']) {


  		




  46
  46
  
    
		case 'block':


  		




  47
  47
  
    
			/* Check that we have a valid host */


  		




  48
  
  
    
			easyrule_parse_block($_GET['int'], $_GET['src']);


  		




  
  48
  
    
			easyrule_parse_block($_GET['int'], $_GET['src'], $_GET['ipproto']);


  		




  49
  49
  
    
			break;


  		




  50
  50
  
    
		case 'pass':


  		




  51
  
  
    
			easyrule_parse_pass($_GET['int'], $_GET['proto'], $_GET['src'], $_GET['dst'], $_GET['dstport']);


  		




  
  51
  
    
			easyrule_parse_pass($_GET['int'], $_GET['proto'], $_GET['src'], $_GET['dst'], $_GET['dstport'], $_GET['ipproto']);


  		




  52
  52
  
    
			break;


  		




  53
  53
  
    
	}


  		




  54
  54
  
    
}


  		












Also available in:  Unified diff