/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ bdde98fc

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	9ae40f2b	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	9ae40f2b	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	9ae40f2b	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	7ac5a4cb	Scott Ullrich	/*
32			pfSense_MODULE: nat
33			*/
34	5b237745	Scott Ullrich
35	6b07c15a	Matthew Grooms	##\|+PRIV
36			##\|*IDENT=page-firewall-nat-portforward-edit
37			##\|*NAME=Firewall: NAT: Port Forward: Edit page
38			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
39			##\|MATCH=firewall_nat_edit.php
40			##\|-PRIV
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("itemid.inc");
44	b6239962	jim-p	require_once("filter.inc");
45	1a03cf69	Scott Ullrich	require("shaper.inc");
46	5b237745	Scott Ullrich
47	59ecde49	Renato Botelho	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
48			$ifdisp = get_configured_interface_with_descr();
49			foreach ($ifdisp as $kif => $kdescr) {
50			$specialsrcdst[] = "{$kif}";
51			$specialsrcdst[] = "{$kif}ip";
52			}
53
54	5b237745	Scott Ullrich	if (!is_array($config['nat']['rule'])) {
55			$config['nat']['rule'] = array();
56			}
57			$a_nat = &$config['nat']['rule'];
58
59	0e6cf71b	Renato Botelho	if (is_numericint($_GET['id']))
60			$id = $_GET['id'];
61			if (isset($_POST['id']) && is_numericint($_POST['id']))
62	5b237745	Scott Ullrich	$id = $_POST['id'];
63
64	2ae50326	Renato Botelho	if (is_numericint($_GET['after']) \|\| $_GET['after'] == "-1")
65	0e6cf71b	Renato Botelho	$after = $_GET['after'];
66	2ae50326	Renato Botelho	if (isset($_POST['after']) && (is_numericint($_POST['after']) \|\| $_POST['after'] == "-1"))
67	3202763c	Renato Botelho	$after = $_POST['after'];
68
69	0e6cf71b	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
70	4a991889	Bill Marquette	$id = $_GET['dup'];
71			$after = $_GET['dup'];
72			}
73
74	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
75	33cc1e86	jim-p	if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) )
76			$pconfig['created'] = $a_nat[$id]['created'];
77
78			if ( isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']) )
79			$pconfig['updated'] = $a_nat[$id]['updated'];
80
81	59ecde49	Renato Botelho	$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
82			$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
83			address_to_pconfig($a_nat[$id]['source'], $pconfig['src'],
84			$pconfig['srcmask'], $pconfig['srcnot'],
85			$pconfig['srcbeginport'], $pconfig['srcendport']);
86
87			address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'],
88			$pconfig['dstmask'], $pconfig['dstnot'],
89			$pconfig['dstbeginport'], $pconfig['dstendport']);
90
91	5b237745	Scott Ullrich	$pconfig['proto'] = $a_nat[$id]['protocol'];
92			$pconfig['localip'] = $a_nat[$id]['target'];
93			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
94			$pconfig['descr'] = $a_nat[$id]['descr'];
95			$pconfig['interface'] = $a_nat[$id]['interface'];
96	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
97	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
98	15409667	Erik Fonnesbeck	$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
99	59ecde49	Renato Botelho
100	5b237745	Scott Ullrich	if (!$pconfig['interface'])
101			$pconfig['interface'] = "wan";
102			} else {
103			$pconfig['interface'] = "wan";
104	59ecde49	Renato Botelho	$pconfig['src'] = "any";
105			$pconfig['srcbeginport'] = "any";
106			$pconfig['srcendport'] = "any";
107	5b237745	Scott Ullrich	}
108
109	0e6cf71b	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
110	a6713b32	Bill Marquette	unset($id);
111
112	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
113	59ecde49	Renato Botelho	* cannot think he is slick and perform a XSS attack on the unwilling
114	ef2a753c	Scott Ullrich	*/
115	b45babae	Evgeny Yurchenko	unset($input_errors);
116	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
117			$temp = $value;
118			$newpost = htmlentities($temp);
119	59ecde49	Renato Botelho	if($newpost <> $temp)
120	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
121	ef2a753c	Scott Ullrich	}
122
123	5b237745	Scott Ullrich	if ($_POST) {
124
125	59ecde49	Renato Botelho	if(strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") {
126			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
127	90f90934	Cristian Feldman	$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
128	59ecde49	Renato Botelho	if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
129	90f90934	Cristian Feldman	$_POST['srcendport'] = trim($_POST['srcendport_cust']);
130	59ecde49	Renato Botelho
131			if ($_POST['srcbeginport'] == "any") {
132			$_POST['srcbeginport'] = 0;
133			$_POST['srcendport'] = 0;
134			} else {
135			if (!$_POST['srcendport'])
136			$_POST['srcendport'] = $_POST['srcbeginport'];
137			}
138			if ($_POST['srcendport'] == "any")
139			$_POST['srcendport'] = $_POST['srcbeginport'];
140
141			if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
142	90f90934	Cristian Feldman	$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
143	59ecde49	Renato Botelho	if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
144	90f90934	Cristian Feldman	$_POST['dstendport'] = trim($_POST['dstendport_cust']);
145	59ecde49	Renato Botelho
146			if ($_POST['dstbeginport'] == "any") {
147			$_POST['dstbeginport'] = 0;
148			$_POST['dstendport'] = 0;
149			} else {
150			if (!$_POST['dstendport'])
151			$_POST['dstendport'] = $_POST['dstbeginport'];
152			}
153			if ($_POST['dstendport'] == "any")
154			$_POST['dstendport'] = $_POST['dstbeginport'];
155
156			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
157	90f90934	Cristian Feldman	$_POST['localbeginport'] = trim($_POST['localbeginport_cust']);
158	9ae40f2b	Scott Ullrich
159	59ecde49	Renato Botelho	/* Make beginning port end port if not defined and endport is */
160			if (!$_POST['srcbeginport'] && $_POST['srcendport'])
161			$_POST['srcbeginport'] = $_POST['srcendport'];
162			if (!$_POST['dstbeginport'] && $_POST['dstendport'])
163			$_POST['dstbeginport'] = $_POST['dstendport'];
164			} else {
165			$_POST['srcbeginport'] = 0;
166			$_POST['srcendport'] = 0;
167			$_POST['dstbeginport'] = 0;
168			$_POST['dstendport'] = 0;
169			}
170
171			if (is_specialnet($_POST['srctype'])) {
172			$_POST['src'] = $_POST['srctype'];
173			$_POST['srcmask'] = 0;
174			} else if ($_POST['srctype'] == "single") {
175			$_POST['srcmask'] = 32;
176			}
177			if (is_specialnet($_POST['dsttype'])) {
178			$_POST['dst'] = $_POST['dsttype'];
179			$_POST['dstmask'] = 0;
180			} else if ($_POST['dsttype'] == "single") {
181			$_POST['dstmask'] = 32;
182			} else if (is_ipaddr($_POST['dsttype'])) {
183			$_POST['dst'] = $_POST['dsttype'];
184			$_POST['dstmask'] = 32;
185			$_POST['dsttype'] = "single";
186			}
187	9ae40f2b	Scott Ullrich
188	5b237745	Scott Ullrich	$pconfig = $_POST;
189
190			/* input validation */
191	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
192	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto dstbeginport dstendport");
193			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));
194	b66f7667	Scott Ullrich	} else {
195	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto");
196			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"));
197	b66f7667	Scott Ullrich	}
198	9ae40f2b	Scott Ullrich
199	59ecde49	Renato Botelho	if ($_POST['srctype'] == "single" \|\| $_POST['srctype'] == "network") {
200			$reqdfields[] = "src";
201	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Source address");
202	59ecde49	Renato Botelho	}
203			if ($_POST['dsttype'] == "single" \|\| $_POST['dsttype'] == "network") {
204			$reqdfields[] = "dst";
205	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Destination address");
206	59ecde49	Renato Botelho	}
207	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr'])) {
208			$reqdfields[] = "localip";
209			$reqdfieldsn[] = gettext("Redirect target IP");
210			}
211	59ecde49	Renato Botelho
212	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
213	9ae40f2b	Scott Ullrich
214	59ecde49	Renato Botelho	if (!$_POST['srcbeginport']) {
215			$_POST['srcbeginport'] = 0;
216			$_POST['srcendport'] = 0;
217			}
218			if (!$_POST['dstbeginport']) {
219			$_POST['dstbeginport'] = 0;
220			$_POST['dstendport'] = 0;
221			}
222
223	90f90934	Cristian Feldman	if ($_POST['src'])
224			$_POST['src'] = trim($_POST['src']);
225			if ($_POST['dst'])
226			$_POST['dst'] = trim($_POST['dst']);
227			if ($_POST['localip'])
228			$_POST['localip'] = trim($_POST['localip']);
229
230	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
231			$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);
232	5b237745	Scott Ullrich	}
233	9ae40f2b	Scott Ullrich
234	59ecde49	Renato Botelho	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
235	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
236	59ecde49	Renato Botelho	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
237	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
238	59ecde49	Renato Botelho	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
239	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
240	59ecde49	Renato Botelho	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
241	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
242	59ecde49	Renato Botelho
243	6e557fac	jim-p	if ((strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) {
244	4d4a9bc7	Phil Davis	$input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
245	59ecde49	Renato Botelho	}
246	9ae40f2b	Scott Ullrich
247	59ecde49	Renato Botelho	/* if user enters an alias and selects "network" then disallow. */
248			if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) )
249			\|\| ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) {
250	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
251	59ecde49	Renato Botelho	}
252	b66f7667	Scott Ullrich
253	59ecde49	Renato Botelho	if (!is_specialnet($_POST['srctype'])) {
254			if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
255	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
256	b66f7667	Scott Ullrich	}
257	59ecde49	Renato Botelho	if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
258	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid source bit count must be specified.");
259	b66f7667	Scott Ullrich	}
260	59ecde49	Renato Botelho	}
261			if (!is_specialnet($_POST['dsttype'])) {
262			if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
263	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
264	b66f7667	Scott Ullrich	}
265	59ecde49	Renato Botelho	if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
266	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid destination bit count must be specified.");
267	b66f7667	Scott Ullrich	}
268	59ecde49	Renato Botelho	}
269
270			if ($_POST['srcbeginport'] > $_POST['srcendport']) {
271			/* swap */
272			$tmp = $_POST['srcendport'];
273			$_POST['srcendport'] = $_POST['srcbeginport'];
274			$_POST['srcbeginport'] = $tmp;
275			}
276			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
277			/* swap */
278			$tmp = $_POST['dstendport'];
279			$_POST['dstendport'] = $_POST['dstbeginport'];
280			$_POST['dstbeginport'] = $tmp;
281			}
282	ea0805c1	Scott Ullrich
283	59ecde49	Renato Botelho	if (!$input_errors) {
284	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
285	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
286	5b237745	Scott Ullrich	}
287	9ae40f2b	Scott Ullrich
288	5b237745	Scott Ullrich	/* check for overlaps */
289			foreach ($a_nat as $natent) {
290			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
291			continue;
292			if ($natent['interface'] != $_POST['interface'])
293			continue;
294	59ecde49	Renato Botelho	if ($natent['destination']['address'] != $_POST['dst'])
295	5b237745	Scott Ullrich	continue;
296	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
297			continue;
298	ea0805c1	Scott Ullrich
299	59ecde49	Renato Botelho	list($begp,$endp) = explode("-", $natent['destination']['port']);
300	5b237745	Scott Ullrich	if (!$endp)
301			$endp = $begp;
302	ea0805c1	Scott Ullrich
303	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
304			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
305	ea0805c1	Scott Ullrich
306	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
307	5b237745	Scott Ullrich	break;
308			}
309			}
310
311	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
312			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation");
313
314	5b237745	Scott Ullrich	if (!$input_errors) {
315			$natent = array();
316	9ae40f2b	Scott Ullrich
317	59ecde49	Renato Botelho	$natent['disabled'] = isset($_POST['disabled']) ? true:false;
318			$natent['nordr'] = isset($_POST['nordr']) ? true:false;
319
320	6fa73745	Erik Fonnesbeck	if ($natent['nordr']) {
321			$_POST['associated-rule-id'] = '';
322			$_POST['filter-rule-association'] = '';
323			}
324
325	59ecde49	Renato Botelho	pconfig_to_address($natent['source'], $_POST['src'],
326			$_POST['srcmask'], $_POST['srcnot'],
327			$_POST['srcbeginport'], $_POST['srcendport']);
328
329			pconfig_to_address($natent['destination'], $_POST['dst'],
330			$_POST['dstmask'], $_POST['dstnot'],
331			$_POST['dstbeginport'], $_POST['dstendport']);
332
333			$natent['protocol'] = $_POST['proto'];
334	9ae40f2b	Scott Ullrich
335	6fa73745	Erik Fonnesbeck	if (!$natent['nordr']) {
336			$natent['target'] = $_POST['localip'];
337			$natent['local-port'] = $_POST['localbeginport'];
338			}
339	5b237745	Scott Ullrich	$natent['interface'] = $_POST['interface'];
340			$natent['descr'] = $_POST['descr'];
341	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
342	59ecde49	Renato Botelho
343	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
344	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
345	9ae40f2b	Scott Ullrich
346	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
347			$natent['nosync'] = true;
348			else
349			unset($natent['nosync']);
350
351	40fa6dde	Erik Fonnesbeck	if ($_POST['natreflection'] == "enable" \|\| $_POST['natreflection'] == "purenat" \|\| $_POST['natreflection'] == "disable")
352	15409667	Erik Fonnesbeck	$natent['natreflection'] = $_POST['natreflection'];
353			else
354			unset($natent['natreflection']);
355
356	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
357	f83fa942	Ermal	if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) \|\| $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) {
358	473d0ff0	pierrepomes	// Delete the previous rule
359	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
360	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
361			}
362
363	5335abae	unknown	$need_filter_rule = false;
364			// Updating a rule with a filter rule associated
365	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id']))
366	5335abae	unknown	$need_filter_rule = true;
367	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
368	9b16b834	Ermal Lu?i	if( $natent['associated-rule-id']=='new' ) {
369	473d0ff0	pierrepomes	$need_filter_rule = true;
370	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
371	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
372			}
373	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
374	473d0ff0	pierrepomes	else if( isset($_POST['filter-rule-association']) &&
375			($_POST['filter-rule-association']=='add-associated' \|\|
376	5335abae	unknown	$_POST['filter-rule-association']=='add-unassociated') )
377			$need_filter_rule = true;
378
379	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
380	9ae40f2b	Scott Ullrich
381	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
382	9ae40f2b	Scott Ullrich	$filterent = array();
383	9b16b834	Ermal Lu?i	unset($filterentid);
384	473d0ff0	pierrepomes	// If a rule already exists, load it
385	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
386			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
387	752c6ca8	jim-p	if ($filterentid === false)
388	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'];
389	59345b3c	Renato Botelho	else
390	9b16b834	Ermal Lu?i	$filterent =& $config['filter']['rule'][$filterentid];
391	59345b3c	Renato Botelho	}
392			pconfig_to_address($filterent['source'], $_POST['src'],
393			$_POST['srcmask'], $_POST['srcnot'],
394			$_POST['srcbeginport'], $_POST['srcendport']);
395	473d0ff0	pierrepomes
396			// Update interface, protocol and destination
397	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
398			$filterent['protocol'] = $_POST['proto'];
399			$filterent['destination']['address'] = $_POST['localip'];
400	9ae40f2b	Scott Ullrich
401	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
402	59ecde49	Renato Botelho	$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
403	9ae40f2b	Scott Ullrich
404	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
405			$filterent['destination']['port'] = $dstpfrom;
406			else
407			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
408	9ae40f2b	Scott Ullrich
409	06246e5b	Seth Mos	/*
410			* Our firewall filter description may be no longer than
411			* 63 characters, so don't let it be.
412			*/
413	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
414	9ae40f2b	Scott Ullrich
415	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
416			if( $_POST['filter-rule-association']=='add-associated' ) {
417	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
418	ba1d9714	jim-p	$filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward"));
419	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
420			}
421	9ae40f2b	Scott Ullrich
422	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
423	5b237745	Scott Ullrich	}
424	9ae40f2b	Scott Ullrich
425	33cc1e86	jim-p	if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) )
426			$natent['created'] = $a_nat[$id]['created'];
427
428			$natent['updated'] = make_config_revision_entry();
429
430	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
431			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config");
432
433	473d0ff0	pierrepomes	// Update the NAT entry now
434	b9e28d57	unknown	if (isset($id) && $a_nat[$id])
435			$a_nat[$id] = $natent;
436			else {
437	33cc1e86	jim-p	$natent['created'] = make_config_revision_entry();
438	b9e28d57	unknown	if (is_numeric($after))
439			array_splice($a_nat, $after+1, 0, array($natent));
440			else
441			$a_nat[] = $natent;
442			}
443
444	3a343d73	jim-p	if (write_config())
445			mark_subsystem_dirty('natconf');
446	9ae40f2b	Scott Ullrich
447	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
448			exit;
449			}
450			}
451	da7ae7ef	Bill Marquette
452	4e51740a	Colin Fleming	$closehead = false;
453	ba1a0433	Renato Botelho	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit"));
454	da7ae7ef	Bill Marquette	include("head.inc");
455
456	5b237745	Scott Ullrich	?>
457	4e51740a	Colin Fleming	<link type="text/css" rel="stylesheet" href="/javascript/chosen/chosen.css" />
458	4bb99603	Scott Ullrich	</head>
459	da7ae7ef	Bill Marquette
460	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
461	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
462	4ce8ac00	Erik Kristensen	<?php
463			include("fbegin.inc"); ?>
464	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
465			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
466	4e51740a	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit">
467	2a6cb2d6	Scott Ullrich	<tr>
468	6cac9bda	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
469	59ecde49	Renato Botelho	</tr>
470	2ea00c3e	Scott Ullrich	<?php
471			// Allow extending of the firewall edit page and include custom input validation
472			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly");
473			?>
474	59ecde49	Renato Botelho	<tr>
475	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
476	59ecde49	Renato Botelho	<td width="78%" class="vtable">
477	4e51740a	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
478	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("Disable this rule"); ?></strong><br />
479			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
480	59ecde49	Renato Botelho	</td>
481			</tr>
482			<tr>
483	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
484	59ecde49	Renato Botelho	<td width="78%" class="vtable">
485	4e51740a	Colin Fleming	<input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if($pconfig['nordr']) echo "checked=\"checked\""; ?> />
486	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
487	4e51740a	Colin Fleming	<br/><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
488	59ecde49	Renato Botelho	</td>
489			</tr>
490			<tr>
491	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
492	5b237745	Scott Ullrich	<td width="78%" class="vtable">
493	4e51740a	Colin Fleming	<select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
494	5b237745	Scott Ullrich	<?php
495	59ecde49	Renato Botelho
496	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
497	920d1d01	Scott Ullrich	// Allow extending of the firewall edit interfaces
498	40b83796	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
499	59ecde49	Renato Botelho	foreach ($iflist as $if => $ifdesc)
500			if(have_ruleint_access($if))
501	cbe3ea96	Ermal Luçi	$interfaces[$if] = $ifdesc;
502	59ecde49	Renato Botelho
503	f6018115	Erik Fonnesbeck	if ($config['l2tp']['mode'] == "server")
504			if(have_ruleint_access("l2tp"))
505			$interfaces['l2tp'] = "L2TP VPN";
506
507	40b56dc1	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
508	59ecde49	Renato Botelho	if(have_ruleint_access("pptp"))
509	40b56dc1	Scott Ullrich	$interfaces['pptp'] = "PPTP VPN";
510	59ecde49	Renato Botelho
511	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
512			$interfaces['pppoe'] = "PPPoE VPN";
513	59ecde49	Renato Botelho
514	40b56dc1	Scott Ullrich	/* add ipsec interfaces */
515	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
516	59ecde49	Renato Botelho	if(have_ruleint_access("enc0"))
517			$interfaces["enc0"] = "IPsec";
518	40b56dc1	Scott Ullrich
519	f6018115	Erik Fonnesbeck	/* add openvpn/tun interfaces */
520			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
521			$interfaces["openvpn"] = "OpenVPN";
522
523	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
524	4e51740a	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
525	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
526			</option>
527			<?php endforeach; ?>
528	4e51740a	Colin Fleming	</select><br/>
529			<span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br/>
530	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td>
531	5b237745	Scott Ullrich	</tr>
532	9ae40f2b	Scott Ullrich	<tr>
533	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
534	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
535	4e51740a	Colin Fleming	<select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();">
536	a4d67bd5	Daniel Becker	<?php $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF"); foreach ($protocols as $proto): ?>
537	4e51740a	Colin Fleming	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option>
538	5b237745	Scott Ullrich	<?php endforeach; ?>
539	4e51740a	Colin Fleming	</select> <br/> <span class="vexpl"><?=gettext("Choose which IP protocol " .
540			"this rule should match."); ?><br/>
541	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em>  <?=gettext("here."); ?></span></td>
542	5b237745	Scott Ullrich	</tr>
543	e082672d	N0YB	<tr id="showadvancedboxsrc">
544	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
545	59ecde49	Renato Botelho	<td width="78%" class="vtable">
546	4e51740a	Colin Fleming	<input type="button" onclick="show_source()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source address and port range"); ?>
547	59ecde49	Renato Botelho	</td>
548			</tr>
549	e082672d	N0YB	<tr style="display: none;" id="srctable">
550	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
551	59ecde49	Renato Botelho	<td width="78%" class="vtable">
552	4e51740a	Colin Fleming	<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> />
553	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
554	59ecde49	Renato Botelho	<br />
555	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
556	59ecde49	Renato Botelho	<br />
557			<br />
558	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="type">
559	59ecde49	Renato Botelho	<tr>
560	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
561	59ecde49	Renato Botelho	<td>
562	4e51740a	Colin Fleming	<select name="srctype" class="formselect" onchange="typesel_change()">
563	59ecde49	Renato Botelho	<?php
564			$sel = is_specialnet($pconfig['src']); ?>
565	e082672d	N0YB	<option value="any" <?php if ($pconfig['src'] == "any") { echo " selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
566			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo " selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
567			<option value="network" <?php if (!$sel) echo " selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
568	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
569	e082672d	N0YB	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo " selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
570	59ecde49	Renato Botelho	<?php endif; ?>
571			<?php if(have_ruleint_access("pppoe")): ?>
572	e082672d	N0YB	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo " selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
573	59ecde49	Renato Botelho	<?php endif; ?>
574			<?php if(have_ruleint_access("l2tp")): ?>
575	e082672d	N0YB	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo " selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
576	3a92149b	Carlos Eduardo Ramos	<?php endif; ?>
577	59ecde49	Renato Botelho	<?php
578			foreach ($ifdisp as $ifent => $ifdesc): ?>
579			<?php if(have_ruleint_access($ifent)): ?>
580	e082672d	N0YB	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo " selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
581			<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo " selected=\"selected\""; } ?>>
582	ba1a0433	Renato Botelho	<?=$ifdesc?> <?=gettext("address");?>
583	59ecde49	Renato Botelho	</option>
584			<?php endif; ?>
585			<?php endforeach; ?>
586			</select>
587			</td>
588			</tr>
589			<tr>
590	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
591	59ecde49	Renato Botelho	<td>
592	e082672d	N0YB	<input style="autocomplete:off" name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" /> /
593	59ecde49	Renato Botelho	<select name="srcmask" class="formselect" id="srcmask">
594			<?php for ($i = 31; $i > 0; $i--): ?>
595	e082672d	N0YB	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo " selected=\"selected\""; ?>><?=$i;?></option>
596	59ecde49	Renato Botelho	<?php endfor; ?>
597			</select>
598			</td>
599			</tr>
600			</table>
601			</td>
602			</tr>
603	e082672d	N0YB	<tr style="display:none" id="sprtable">
604	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range"); ?></td>
605	59ecde49	Renato Botelho	<td width="78%" class="vtable">
606	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="source port range">
607	59ecde49	Renato Botelho	<tr>
608	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
609	59ecde49	Renato Botelho	<td>
610			<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
611	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
612	e082672d	N0YB	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo " selected=\"selected\""; $bfound = 1; } ?>><?=gettext("any"); ?></option>
613	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
614	e082672d	N0YB	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo " selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
615	59ecde49	Renato Botelho	<?php endforeach; ?>
616			</select>
617	e082672d	N0YB	<input style="autocomplete:off" class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>" />
618	59ecde49	Renato Botelho	</td>
619			</tr>
620			<tr>
621	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
622	59ecde49	Renato Botelho	<td>
623			<select name="srcendport" class="formselect" onchange="ext_change()">
624	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
625	e082672d	N0YB	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo " selected=\"selected\""; $bfound = 1; } ?>><?=gettext("any"); ?></option>
626	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
627	e082672d	N0YB	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo " selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
628	59ecde49	Renato Botelho	<?php endforeach; ?>
629			</select>
630	e082672d	N0YB	<input style="autocomplete:off" class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>" />
631	59ecde49	Renato Botelho	</td>
632			</tr>
633			</table>
634			<br />
635	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>.</b> <br /> <?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to filter a single port."); ?></span><br/>
636	59ecde49	Renato Botelho	</td>
637			</tr>
638			<tr>
639	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td>
640	59ecde49	Renato Botelho	<td width="78%" class="vtable">
641	4e51740a	Colin Fleming	<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> />
642	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
643	59ecde49	Renato Botelho	<br />
644	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
645	59ecde49	Renato Botelho	<br />
646			<br />
647	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="type">
648	59ecde49	Renato Botelho	<tr>
649	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
650	59ecde49	Renato Botelho	<td>
651	4e51740a	Colin Fleming	<select name="dsttype" class="formselect" onchange="typesel_change()">
652	59ecde49	Renato Botelho	<?php
653			$sel = is_specialnet($pconfig['dst']); ?>
654	e082672d	N0YB	<option value="any" <?php if ($pconfig['dst'] == "any") { echo " selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
655			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo " selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
656			<option value="network" <?php if (!$sel) echo " selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
657	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
658	e082672d	N0YB	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo " selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
659	59ecde49	Renato Botelho	<?php endif; ?>
660			<?php if(have_ruleint_access("pppoe")): ?>
661	e082672d	N0YB	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo " selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
662	59ecde49	Renato Botelho	<?php endif; ?>
663			<?php if(have_ruleint_access("l2tp")): ?>
664	e082672d	N0YB	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo " selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
665	59ecde49	Renato Botelho	<?php endif; ?>
666
667			<?php foreach ($ifdisp as $if => $ifdesc): ?>
668			<?php if(have_ruleint_access($if)): ?>
669	e082672d	N0YB	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo " selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
670			<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo " selected=\"selected\""; } ?>>
671	ba1a0433	Renato Botelho	<?=$ifdesc;?> <?=gettext("address");?>
672	59ecde49	Renato Botelho	</option>
673			<?php endif; ?>
674			<?php endforeach; ?>
675
676			<?php if (is_array($config['virtualip']['vip'])):
677			foreach ($config['virtualip']['vip'] as $sn):
678	e2c1d6c5	jim-p	if (isset($sn['noexpand']))
679			continue;
680	59ecde49	Renato Botelho	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
681	08a5d2eb	jim-p	$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
682			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
683			$len = $end - $start;
684			for ($i = 0; $i <= $len; $i++):
685			$snip = long2ip32($start+$i);
686	59ecde49	Renato Botelho	?>
687	e082672d	N0YB	<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo " selected=\"selected\""; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
688	59ecde49	Renato Botelho	<?php endfor;
689			else:
690			?>
691	e082672d	N0YB	<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo " selected=\"selected\""; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
692	59ecde49	Renato Botelho	<?php endif;
693			endforeach;
694			endif;
695			?>
696			</select>
697			</td>
698			</tr>
699			<tr>
700	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
701	59ecde49	Renato Botelho	<td>
702	e082672d	N0YB	<input style="autocomplete:off" name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" />
703	59ecde49	Renato Botelho	/
704			<select name="dstmask" class="formselect" id="dstmask">
705			<?php
706			for ($i = 31; $i > 0; $i--): ?>
707	e082672d	N0YB	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo " selected=\"selected\""; ?>><?=$i;?></option>
708	59ecde49	Renato Botelho	<?php endfor; ?>
709			</select>
710			</td>
711			</tr>
712			</table>
713			</td>
714			</tr>
715	e082672d	N0YB	<tr id="dprtr">
716	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range"); ?> </td>
717	59ecde49	Renato Botelho	<td width="78%" class="vtable">
718	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="destination port range">
719	59ecde49	Renato Botelho	<tr>
720	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
721	59ecde49	Renato Botelho	<td>
722	68c11b29	Renato Botelho	<select name="dstbeginport" id="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
723	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
724	a457e739	Renato Botelho	<?php $bfound = 0;
725			foreach ($wkports as $wkport => $wkportdesc): ?>
726	e082672d	N0YB	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo " selected=\"selected\""; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
727	59ecde49	Renato Botelho	<?php endforeach; ?>
728			</select>
729	e082672d	N0YB	<input style="autocomplete:off" class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>" />
730	59ecde49	Renato Botelho	</td>
731			</tr>
732			<tr>
733	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
734	59ecde49	Renato Botelho	<td>
735	68c11b29	Renato Botelho	<select name="dstendport" id="dstendport" class="formselect" onchange="ext_change()">
736	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
737	a457e739	Renato Botelho	<?php $bfound = 0;
738			foreach ($wkports as $wkport => $wkportdesc): ?>
739	e082672d	N0YB	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo " selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
740	59ecde49	Renato Botelho	<?php endforeach; ?>
741			</select>
742	e082672d	N0YB	<input style="autocomplete:off" class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" />
743	59ecde49	Renato Botelho	</td>
744			</tr>
745			</table>
746			<br />
747			<span class="vexpl">
748	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?>
749	59ecde49	Renato Botelho	<br />
750	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to map a single port"); ?>
751	59ecde49	Renato Botelho	</span>
752			</td>
753			</tr>
754	e082672d	N0YB	<tr id="localiptable">
755	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
756	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
757	e082672d	N0YB	<input style="autocomplete:off" name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" />
758	4e51740a	Colin Fleming	<br/> <span class="vexpl"><?=gettext("Enter the internal IP address of " .
759			"the server on which you want to map the ports."); ?><br/>
760	6cac9bda	Carlos Eduardo Ramos	<?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td>
761	5b237745	Scott Ullrich	</tr>
762	e082672d	N0YB	<tr id="lprtr">
763	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
764	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
765	68c11b29	Renato Botelho	<select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();">
766	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
767	5b237745	Scott Ullrich	<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
768			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
769	e082672d	N0YB	echo " selected=\"selected\"";
770	0e6998d1	Scott Ullrich	$bfound = 1;
771			}?>>
772	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
773			</option>
774			<?php endforeach; ?>
775	e082672d	N0YB	</select> <input onchange="check_for_aliases();" style="autocomplete:off" class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" />
776	4e51740a	Colin Fleming	<br/>
777	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the port on the machine with the " .
778			"IP address entered above. In case of a port range, specify " .
779			"the beginning port of the range (the end port will be calculated " .
780	4e51740a	Colin Fleming	"automatically)."); ?><br/>
781	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td>
782	5b237745	Scott Ullrich	</tr>
783	9ae40f2b	Scott Ullrich	<tr>
784	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
785	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
786	4e51740a	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
787			<br/> <span class="vexpl"><?=gettext("You may enter a description here " .
788	39a3ce91	Carlos Eduardo Ramos	"for your reference (not parsed)."); ?></span></td>
789	53ea15e0	Scott Ullrich	</tr>
790	d00055f8	Scott Ullrich	<tr>
791	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
792	d00055f8	Scott Ullrich	<td width="78%" class="vtable">
793	4e51740a	Colin Fleming	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br/>
794	72711980	Renato Botelho	<?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
795	d00055f8	Scott Ullrich	</td>
796	ea0805c1	Scott Ullrich	</tr>
797	15409667	Erik Fonnesbeck	<tr>
798	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
799	15409667	Erik Fonnesbeck	<td width="78%" class="vtable">
800			<select name="natreflection" class="formselect">
801	e082672d	N0YB	<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo " selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option>
802			<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo " selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option>
803			<option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo " selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option>
804			<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo " selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
805	15409667	Erik Fonnesbeck	</select>
806			</td>
807			</tr>
808	0e6cf71b	Renato Botelho	<?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))): ?>
809	e082672d	N0YB	<tr id="assoctable">
810	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
811	b9e28d57	unknown	<td width="78%" class="vtable">
812	9b16b834	Ermal Lu?i	<select name="associated-rule-id">
813	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
814	4e51740a	Colin Fleming	<option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option>
815	59ecde49	Renato Botelho	<?php
816	cdf9847b	Ermal Lu?i	$linkedrule = "";
817	9b16b834	Ermal Lu?i	if (is_array($config['filter']['rule'])) {
818	8bb30d23	Erik Fonnesbeck	filter_rules_sort();
819	8ad3503e	Erik Fonnesbeck	foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
820	9b16b834	Ermal Lu?i	if (isset($filter_rule['associated-rule-id'])) {
821			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
822	cdf9847b	Ermal Lu?i	if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
823	4e51740a	Colin Fleming	echo " selected=\"selected\"";
824	8ad3503e	Erik Fonnesbeck	$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br/>";
825	cdf9847b	Ermal Lu?i	}
826	9b16b834	Ermal Lu?i	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
827	59ecde49	Renato Botelho
828	9b16b834	Ermal Lu?i	}
829			}
830			}
831			if (isset($pconfig['associated-rule-id']))
832	6cac9bda	Carlos Eduardo Ramos	echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
833	9b16b834	Ermal Lu?i	echo "</select>\n";
834	cdf9847b	Ermal Lu?i	echo $linkedrule;
835	9b16b834	Ermal Lu?i	?>
836	b9e28d57	unknown	</td>
837			</tr>
838			<?php endif; ?>
839	0e6cf71b	Renato Botelho	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?>
840	e082672d	N0YB	<tr id="assoctable">
841	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
842	5d2742d5	sullrich	<td width="78%" class="vtable">
843	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
844	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
845			<option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
846			<option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
847	3a92149b	Carlos Eduardo Ramos	<option value="pass"><?=gettext("Pass"); ?></option>
848	5335abae	unknown	</select>
849	88996fbe	jim-p	<br/><br/><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?>
850	5335abae	unknown	</td>
851	5b237745	Scott Ullrich	</tr><?php endif; ?>
852	2ea00c3e	Scott Ullrich	<?php
853			// Allow extending of the firewall edit page and include custom input validation
854			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate");
855			?>
856	33cc1e86	jim-p	<?php
857			$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']));
858			$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']));
859			?>
860			<?php if ($has_created_time \|\| $has_updated_time): ?>
861			<tr>
862			<td> </td>
863			</tr>
864			<tr>
865			<td colspan="2" valign="top" class="listtopic"><?=gettext("Rule Information");?></td>
866			</tr>
867			<?php if ($has_created_time): ?>
868			<tr>
869			<td width="22%" valign="top" class="vncell"><?=gettext("Created");?></td>
870			<td width="78%" class="vtable">
871			<?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['created']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['created']['username'] ?></strong>
872			</td>
873			</tr>
874			<?php endif; ?>
875			<?php if ($has_updated_time): ?>
876			<tr>
877			<td width="22%" valign="top" class="vncell"><?=gettext("Updated");?></td>
878			<td width="78%" class="vtable">
879			<?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['updated']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['updated']['username'] ?></strong>
880			</td>
881			</tr>
882			<?php endif; ?>
883			<?php endif; ?>
884	147b90b8	Scott Ullrich	<tr>
885			<td width="22%" valign="top"> </td>
886			<td width="78%"> </td>
887			</tr>
888	9ae40f2b	Scott Ullrich	<tr>
889	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
890	9ae40f2b	Scott Ullrich	<td width="78%">
891	4e51740a	Colin Fleming	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
892	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
893	4e51740a	Colin Fleming	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
894	5b237745	Scott Ullrich	<?php endif; ?>
895	4e51740a	Colin Fleming	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" />
896	5b237745	Scott Ullrich	</td>
897			</tr>
898			</table>
899			</form>
900	4e51740a	Colin Fleming	<script type="text/javascript">
901	e082672d	N0YB	//<![CDATA[
902			var autocomplete_off = ['src', 'srcbeginport_cust', 'srcendport_cust', 'dst', 'dstbeginport_cust', 'dstendport_cust', 'localip', 'localbeginport_cust'];
903			for (var i = 0; i < autocomplete_off.length; i++) {
904			var node = document.getElementById(autocomplete_off[i]);
905			node.setAttribute("autocomplete",node.style.autocomplete);
906			}
907			//]]>
908			</script>
909			<script type="text/javascript">
910	4e51740a	Colin Fleming	//<![CDATA[
911	4ce8ac00	Erik Kristensen	ext_change();
912	dd5bf424	Scott Ullrich	dst_change(document.iform.interface.value,'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>');
913	bcbcc2f8	Erik Fonnesbeck	var iface_old = document.iform.interface.value;
914	59ecde49	Renato Botelho	typesel_change();
915			proto_change();
916	5ab8e250	Erik Fonnesbeck	<?php if ($pconfig['srcnot'] \|\| $pconfig['src'] != "any" \|\| $pconfig['srcbeginport'] != "any" \|\| $pconfig['srcendport'] != "any"): ?>
917			show_source();
918			<?php endif; ?>
919	44374c0a	Erik Fonnesbeck	nordr_change();
920	4e51740a	Colin Fleming	//]]>
921	5b237745	Scott Ullrich	</script>
922	4e51740a	Colin Fleming	<script type="text/javascript">
923	4dfd930e	Darren Embry	//<![CDATA[
924			var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
925			var customarray = <?= json_encode(get_alias_list("port")) ?>;
926	9eb60dcc	Ermal Lu?i
927			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
928	59ecde49	Renato Botelho	var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
929			var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
930			var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
931			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
932			var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
933			var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
934			var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
935	4dfd930e	Darren Embry	//]]>
936	9ae40f2b	Scott Ullrich	</script>
937	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
938			</body>
939			</html>

Project

General

Profile

pfSense