/src/usr/local/www/firewall_aliases.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/firewall_aliases.php @ c6575378

1	5b237745	Scott Ullrich	<?php
2			/*
3	aaec5634	Renato Botelho	* firewall_aliases.php
4	9da2cf1c	Stephen Beaver	*
5	aaec5634	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	2a2396a6	Renato Botelho	* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7	aaec5634	Renato Botelho	* All rights reserved.
8	fd9ebcd5	Stephen Beaver	*
9	aaec5634	Renato Botelho	* originally based on m0n0wall (http://m0n0.ch/wall)
10			* Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
11			* All rights reserved.
12	fd9ebcd5	Stephen Beaver	*
13	aaec5634	Renato Botelho	* Redistribution and use in source and binary forms, with or without
14			* modification, are permitted provided that the following conditions are met:
15	fd9ebcd5	Stephen Beaver	*
16	aaec5634	Renato Botelho	* 1. Redistributions of source code must retain the above copyright notice,
17			* this list of conditions and the following disclaimer.
18	fd9ebcd5	Stephen Beaver	*
19	aaec5634	Renato Botelho	* 2. Redistributions in binary form must reproduce the above copyright
20			* notice, this list of conditions and the following disclaimer in
21			* the documentation and/or other materials provided with the
22			* distribution.
23	fd9ebcd5	Stephen Beaver	*
24	aaec5634	Renato Botelho	* 3. All advertising materials mentioning features or use of this software
25			* must display the following acknowledgment:
26			* "This product includes software developed by the pfSense Project
27			* for use in the pfSense® software distribution. (http://www.pfsense.org/).
28	fd9ebcd5	Stephen Beaver	*
29	aaec5634	Renato Botelho	* 4. The names "pfSense" and "pfSense Project" must not be used to
30			* endorse or promote products derived from this software without
31			* prior written permission. For written permission, please contact
32			* coreteam@pfsense.org.
33	fd9ebcd5	Stephen Beaver	*
34	aaec5634	Renato Botelho	* 5. Products derived from this software may not be called "pfSense"
35			* nor may "pfSense" appear in their names without prior written
36			* permission of the Electric Sheep Fencing, LLC.
37	fd9ebcd5	Stephen Beaver	*
38	aaec5634	Renato Botelho	* 6. Redistributions of any form whatsoever must retain the following
39			* acknowledgment:
40	919d91f9	Phil Davis	*
41	aaec5634	Renato Botelho	* "This product includes software developed by the pfSense Project
42			* for use in the pfSense software distribution (http://www.pfsense.org/).
43	fd9ebcd5	Stephen Beaver	*
44	aaec5634	Renato Botelho	* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55			* OF THE POSSIBILITY OF SUCH DAMAGE.
56	fd9ebcd5	Stephen Beaver	*/
57	5b237745	Scott Ullrich
58	6b07c15a	Matthew Grooms	##\|+PRIV
59			##\|*IDENT=page-firewall-aliases
60	5230f468	jim-p	##\|*NAME=Firewall: Aliases
61	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'Firewall: Aliases' page.
62			##\|MATCH=firewall_aliases.php
63			##\|-PRIV
64
65	aceaf18c	Phil Davis	require_once("guiconfig.inc");
66	7a927e67	Scott Ullrich	require_once("functions.inc");
67			require_once("filter.inc");
68			require_once("shaper.inc");
69	5b237745	Scott Ullrich
70	95a40ac0	Phil Davis	if (!is_array($config['aliases']['alias'])) {
71	5b237745	Scott Ullrich	$config['aliases']['alias'] = array();
72	95a40ac0	Phil Davis	}
73	5b237745	Scott Ullrich	$a_aliases = &$config['aliases']['alias'];
74
75	6c07db48	Phil Davis	$tab = ($_REQUEST['tab'] == "" ? "ip" : preg_replace("/\W/", "", $_REQUEST['tab']));
76	5b237745	Scott Ullrich
77	ac7f1763	Renato Botelho	if ($_POST) {
78	5b237745	Scott Ullrich
79			if ($_POST['apply']) {
80			$retval = 0;
81	920b3bb0	Scott Ullrich
82			/* reload all components that use aliases */
83			$retval = filter_configure();
84
85	95a40ac0	Phil Davis	if (stristr($retval, "error") <> true) {
86	14726356	Sjon Hortensius	$savemsg = get_std_save_message($retval);
87	3db367fb	Phil Davis	$class = "success";
88	95a40ac0	Phil Davis	} else {
89	14726356	Sjon Hortensius	$savemsg = $retval;
90	3db367fb	Phil Davis	$class = "danger";
91	95a40ac0	Phil Davis	}
92			if ($retval == 0) {
93	a368a026	Ermal Lu?i	clear_subsystem_dirty('aliases');
94	95a40ac0	Phil Davis	}
95	5b237745	Scott Ullrich	}
96			}
97
98			if ($_GET['act'] == "del") {
99			if ($a_aliases[$_GET['id']]) {
100	58c32a28	Scott Ullrich	/* make sure rule is not being referenced by any nat or filter rules */
101			$is_alias_referenced = false;
102			$referenced_by = false;
103			$alias_name = $a_aliases[$_GET['id']]['name'];
104	c769f983	Erik Fonnesbeck	// Firewall rules
105			find_alias_reference(array('filter', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
106			find_alias_reference(array('filter', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
107			find_alias_reference(array('filter', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by);
108			find_alias_reference(array('filter', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by);
109			// NAT Rules
110			find_alias_reference(array('nat', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
111			find_alias_reference(array('nat', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by);
112			find_alias_reference(array('nat', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
113			find_alias_reference(array('nat', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by);
114			find_alias_reference(array('nat', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by);
115			find_alias_reference(array('nat', 'rule'), array('local-port'), $alias_name, $is_alias_referenced, $referenced_by);
116	b43b7613	Erik Fonnesbeck	// NAT 1:1 Rules
117			//find_alias_reference(array('nat', 'onetoone'), array('external'), $alias_name, $is_alias_referenced, $referenced_by);
118			//find_alias_reference(array('nat', 'onetoone'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
119			find_alias_reference(array('nat', 'onetoone'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
120			// NAT Outbound Rules
121	682b8f12	Phil Davis	find_alias_reference(array('nat', 'outbound', 'rule'), array('source', 'network'), $alias_name, $is_alias_referenced, $referenced_by);
122			find_alias_reference(array('nat', 'outbound', 'rule'), array('sourceport'), $alias_name, $is_alias_referenced, $referenced_by);
123			find_alias_reference(array('nat', 'outbound', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by);
124			find_alias_reference(array('nat', 'outbound', 'rule'), array('dstport'), $alias_name, $is_alias_referenced, $referenced_by);
125			find_alias_reference(array('nat', 'outbound', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by);
126	c769f983	Erik Fonnesbeck	// Alias in an alias
127			find_alias_reference(array('aliases', 'alias'), array('address'), $alias_name, $is_alias_referenced, $referenced_by);
128	3df59bab	Darren Embry	// Load Balancer
129	e6f34d22	Phil Davis	find_alias_reference(array('load_balancer', 'lbpool'), array('port'), $alias_name, $is_alias_referenced, $referenced_by);
130	3df59bab	Darren Embry	find_alias_reference(array('load_balancer', 'virtual_server'), array('port'), $alias_name, $is_alias_referenced, $referenced_by);
131	a161bfb8	Renato Botelho	// Static routes
132			find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by);
133	95a40ac0	Phil Davis	if ($is_alias_referenced == true) {
134	8545adde	k-paulius	$savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s."), htmlspecialchars($referenced_by));
135	3db367fb	Phil Davis	$class = "danger";
136	58c32a28	Scott Ullrich	} else {
137	99a05a0a	Chris Buechler	if (preg_match("/urltable/i", $a_aliases[$_GET['id']]['type'])) {
138			// this is a URL table type alias, delete its file as well
139			unlink_if_exists("/var/db/aliastables/" . $a_aliases[$_GET['id']]['name'] . ".txt");
140			}
141	58c32a28	Scott Ullrich	unset($a_aliases[$_GET['id']]);
142	3a343d73	jim-p	if (write_config()) {
143			filter_configure();
144			mark_subsystem_dirty('aliases');
145			}
146	ac7f1763	Renato Botelho	header("Location: firewall_aliases.php?tab=" . $tab);
147	58c32a28	Scott Ullrich	exit;
148			}
149	5b237745	Scott Ullrich	}
150			}
151	b63695db	Scott Ullrich
152	c769f983	Erik Fonnesbeck	function find_alias_reference($section, $field, $origname, &$is_alias_referenced, &$referenced_by) {
153			global $config;
154	95a40ac0	Phil Davis	if (!$origname \|\| $is_alias_referenced) {
155	c769f983	Erik Fonnesbeck	return;
156	95a40ac0	Phil Davis	}
157	c769f983	Erik Fonnesbeck
158			$sectionref = &$config;
159	95a40ac0	Phil Davis	foreach ($section as $sectionname) {
160			if (is_array($sectionref) && isset($sectionref[$sectionname])) {
161	c769f983	Erik Fonnesbeck	$sectionref = &$sectionref[$sectionname];
162	95a40ac0	Phil Davis	} else {
163	c769f983	Erik Fonnesbeck	return;
164	95a40ac0	Phil Davis	}
165	c769f983	Erik Fonnesbeck	}
166
167	95a40ac0	Phil Davis	if (is_array($sectionref)) {
168			foreach ($sectionref as $itemkey => $item) {
169	c769f983	Erik Fonnesbeck	$fieldfound = true;
170			$fieldref = &$sectionref[$itemkey];
171	95a40ac0	Phil Davis	foreach ($field as $fieldname) {
172			if (is_array($fieldref) && isset($fieldref[$fieldname])) {
173	c769f983	Erik Fonnesbeck	$fieldref = &$fieldref[$fieldname];
174	95a40ac0	Phil Davis	} else {
175	c769f983	Erik Fonnesbeck	$fieldfound = false;
176			break;
177			}
178			}
179	95a40ac0	Phil Davis	if ($fieldfound && $fieldref == $origname) {
180	c769f983	Erik Fonnesbeck	$is_alias_referenced = true;
181	95a40ac0	Phil Davis	if (is_array($item)) {
182	c769f983	Erik Fonnesbeck	$referenced_by = $item['descr'];
183	95a40ac0	Phil Davis	}
184	c769f983	Erik Fonnesbeck	break;
185			}
186			}
187			}
188			}
189
190	e1515be9	Stephen Beaver	$tab_array = array();
191			$tab_array[] = array(gettext("IP"), ($tab == "ip" ? true : ($tab == "host" ? true : ($tab == "network" ? true : false))), "/firewall_aliases.php?tab=ip");
192			$tab_array[] = array(gettext("Ports"), ($tab == "port"? true : false), "/firewall_aliases.php?tab=port");
193			$tab_array[] = array(gettext("URLs"), ($tab == "url"? true : false), "/firewall_aliases.php?tab=url");
194			$tab_array[] = array(gettext("All"), ($tab == "all"? true : false), "/firewall_aliases.php?tab=all");
195
196			foreach ($tab_array as $dtab) {
197	67c2baf1	Phil Davis	if ($dtab[1] == true) {
198	e1515be9	Stephen Beaver	$bctab = $dtab[0];
199			break;
200			}
201			}
202
203			$pgtitle = array(gettext("Firewall"), gettext("Aliases"), $bctab);
204	d71fc5d3	jim-p	$shortcut_section = "aliases";
205
206	b63695db	Scott Ullrich	include("head.inc");
207
208	67c2baf1	Phil Davis	if ($savemsg) {
209	3db367fb	Phil Davis	print_info_box($savemsg, $class);
210	67c2baf1	Phil Davis	}
211	6cb366de	Stephen Beaver
212	67c2baf1	Phil Davis	if (is_subsystem_dirty('aliases')) {
213	5c87b716	Stephen Beaver	print_apply_box(gettext("The alias list has been changed.") . "<br />" . gettext("The changes must be applied for them to take effect."));
214	67c2baf1	Phil Davis	}
215	14726356	Sjon Hortensius
216			display_top_tabs($tab_array);
217
218	5b237745	Scott Ullrich	?>
219	b40fb789	Colin Fleming
220			<div class="panel panel-default">
221	7d95365e	Phil Davis	<div class="panel-heading"><h2 class="panel-title"><?=sprintf(gettext('Firewall Aliases %s'), $bctab)?></h2></div>
222	b40fb789	Colin Fleming	<div class="panel-body">
223
224	0ce45fdf	Sander van Leeuwen	<div class="table-responsive">
225	250061b0	Stephen Beaver	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
226	14726356	Sjon Hortensius	<thead>
227			<tr>
228	0ce45fdf	Sander van Leeuwen	<th><?=gettext("Name")?></th>
229			<th><?=gettext("Values")?></th>
230			<th><?=gettext("Description")?></th>
231	af5e730b	Stephen Beaver	<th><?=gettext("Actions")?></th>
232	14726356	Sjon Hortensius	</tr>
233			</thead>
234			<tbody>
235			<?php
236			asort($a_aliases);
237	e6f34d22	Phil Davis	foreach ($a_aliases as $i => $alias):
238	14726356	Sjon Hortensius	unset ($show_alias);
239	e6f34d22	Phil Davis	switch ($tab) {
240	14726356	Sjon Hortensius	case "all":
241			$show_alias= true;
242			break;
243			case "ip":
244			case "host":
245			case "network":
246	67c2baf1	Phil Davis	if (preg_match("/(host\|network)/", $alias["type"])) {
247	14726356	Sjon Hortensius	$show_alias= true;
248	67c2baf1	Phil Davis	}
249	14726356	Sjon Hortensius	break;
250			case "url":
251	67c2baf1	Phil Davis	if (preg_match("/(url)/i", $alias["type"])) {
252	14726356	Sjon Hortensius	$show_alias= true;
253	67c2baf1	Phil Davis	}
254	14726356	Sjon Hortensius	break;
255			case "port":
256	67c2baf1	Phil Davis	if ($alias["type"] == "port") {
257	14726356	Sjon Hortensius	$show_alias= true;
258	67c2baf1	Phil Davis	}
259	14726356	Sjon Hortensius	break;
260			}
261			if ($show_alias):
262			?>
263			<tr>
264	f9a2b76d	Stephen Beaver	<td ondblclick="document.location='firewall_aliases_edit.php?id=<?=$i;?>';">
265	14726356	Sjon Hortensius	<?=htmlspecialchars($alias['name'])?>
266			</td>
267	f9a2b76d	Stephen Beaver	<td ondblclick="document.location='firewall_aliases_edit.php?id=<?=$i;?>';">
268	14726356	Sjon Hortensius	<?php
269			if ($alias["url"]) {
270			echo $alias["url"] . "<br />";
271			} else {
272	e6f34d22	Phil Davis	if (is_array($alias["aliasurl"])) {
273	14726356	Sjon Hortensius	$aliasurls = implode(", ", array_slice($alias["aliasurl"], 0, 10));
274			echo $aliasurls;
275	e6f34d22	Phil Davis	if (count($aliasurls) > 10) {
276	14726356	Sjon Hortensius	echo "…<br />";
277			}
278			echo "<br />\n";
279			}
280			$tmpaddr = explode(" ", $alias['address']);
281			$addresses = implode(", ", array_slice($tmpaddr, 0, 10));
282			echo $addresses;
283	e6f34d22	Phil Davis	if (count($tmpaddr) > 10) {
284	14726356	Sjon Hortensius	echo '…';
285			}
286			}
287			?>
288			</td>
289	f9a2b76d	Stephen Beaver	<td ondblclick="document.location='firewall_aliases_edit.php?id=<?=$i;?>';">
290	14726356	Sjon Hortensius	<?=htmlspecialchars($alias['descr'])?>
291			</td>
292			<td>
293	5932fc6a	heper	<a class="fa fa-pencil" title="<?=gettext("Edit alias"); ?>" href="firewall_aliases_edit.php?id=<?=$i?>"></a>
294	0619c9db	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete alias")?>" href="?act=del&tab=<?=$tab?>&id=<?=$i?>"></a>
295	df4957e4	Stephen Beaver	</td>
296			</tr>
297	14726356	Sjon Hortensius	<?php endif?>
298			<?php endforeach?>
299			</tbody>
300			</table>
301	0ce45fdf	Sander van Leeuwen	</div>
302	5b237745	Scott Ullrich
303	ac950976	Colin Fleming	</div>
304			</div>
305	b40fb789	Colin Fleming
306	c10cb196	Stephen Beaver	<nav class="action-buttons">
307	df4957e4	Stephen Beaver	<a href="firewall_aliases_edit.php?tab=<?=$tab?>" role="button" class="btn btn-success btn-sm">
308	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
309	df4957e4	Stephen Beaver	<?=gettext("Add");?>
310	11486640	Sjon Hortensius	</a>
311	9461d208	Phil Davis	<?php
312			if (($tab == "ip") \|\| ($tab == "port") \|\| ($tab == "all")):
313			?>
314			<a href="firewall_aliases_import.php?tab=<?=$tab?>" role="button" class="btn btn-primary btn-sm">
315	c933c798	jim-p	<i class="fa fa-upload icon-embed-btn"></i>
316	df4957e4	Stephen Beaver	<?=gettext("Import");?>
317	11486640	Sjon Hortensius	</a>
318	9461d208	Phil Davis	<?php
319			endif
320			?>
321	11486640	Sjon Hortensius	</nav>
322	0f89c125	marcelloc
323	df4957e4	Stephen Beaver	<!-- Information section. Icon ID must be "showinfo" and the information <div> ID must be "infoblock".
324			That way jQuery (in pfenseHelpers.js) will automatically take care of the display. -->
325			<div>
326	35681930	Stephen Beaver	<div class="infoblock">
327	f6aebbcc	NewEraCracker	<?php print_info_box(gettext('Aliases act as placeholders for real hosts, networks or ports. They can be used to minimize the number ' .
328	df4957e4	Stephen Beaver	'of changes that have to be made if a host, network or port changes. <br />' .
329	5c87b716	Stephen Beaver	'The name of an alias can be entered instead of the host, network or port where indicated. The alias will be resolved according to the list above.' . '<br />' .
330			'If an alias cannot be resolved (e.g. because it was deleted), the corresponding element (e.g. filter/NAT/shaper rule) will be considered invalid and skipped.'), 'info', false); ?>
331	df4957e4	Stephen Beaver	</div>
332			</div>
333	0f89c125	marcelloc
334	df4957e4	Stephen Beaver	<?php
335	5932fc6a	heper	include("foot.inc");

Project

General

Profile

pfSense