Project

General

Profile

Download (14.2 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
 * firewall_nat.php
4
 *
5
 * part of pfSense (https://www.pfsense.org)
6
 * Copyright (c) 2004-2013 BSD Perimeter
7
 * Copyright (c) 2013-2016 Electric Sheep Fencing
8
 * Copyright (c) 2014-2023 Rubicon Communications, LLC (Netgate)
9
 * All rights reserved.
10
 *
11
 * originally based on m0n0wall (http://m0n0.ch/wall)
12
 * Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
13
 * All rights reserved.
14
 *
15
 * Licensed under the Apache License, Version 2.0 (the "License");
16
 * you may not use this file except in compliance with the License.
17
 * You may obtain a copy of the License at
18
 *
19
 * http://www.apache.org/licenses/LICENSE-2.0
20
 *
21
 * Unless required by applicable law or agreed to in writing, software
22
 * distributed under the License is distributed on an "AS IS" BASIS,
23
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
24
 * See the License for the specific language governing permissions and
25
 * limitations under the License.
26
 */
27

    
28
##|+PRIV
29
##|*IDENT=page-firewall-nat-portforward
30
##|*NAME=Firewall: NAT: Port Forward
31
##|*DESCR=Allow access to the 'Firewall: NAT: Port Forward' page.
32
##|*MATCH=firewall_nat.php*
33
##|-PRIV
34

    
35
require_once("guiconfig.inc");
36
require_once("util.inc");
37
require_once("functions.inc");
38
require_once("filter.inc");
39
require_once("shaper.inc");
40
require_once("itemid.inc");
41
require_once("firewall_nat.inc");
42

    
43
init_config_arr(array('nat', 'rule'));
44
$a_nat = &$config['nat']['rule'];
45

    
46
// Process $_POST/$_REQUEST =======================================================================
47
if ($_REQUEST['savemsg']) {
48
	$savemsg = $_REQUEST['savemsg'];
49
}
50

    
51
if (array_key_exists('order-store', $_REQUEST) && have_natpfruleint_access($natent['interface'])) {
52
	reorderNATrules($_POST);
53
} else if ($_POST['apply'] && have_natpfruleint_access($natent['interface'])) {
54
	$retval = applyNATrules();
55
} else if (($_POST['act'] == "del" || isset($_POST['del_x'])) && have_natpfruleint_access($natent['interface'])) {
56
	if ($a_nat[$_POST['id']] || (is_array($_POST['rule']) && count($_POST['rule']))) {
57
		deleteNATrule($_POST);
58
	}
59
} elseif (($_POST['act'] == "toggle" || isset($_POST['toggle_x'])) && have_natpfruleint_access($natent['interface'])) {
60
	if ($a_nat[$_POST['id']] || (is_array($_POST['rule']) && count($_POST['rule']))) {
61
		toggleNATrule($_POST);
62
	}
63
}
64

    
65
// Construct the page =============================================================================
66
$pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("Port Forward"));
67
$pglinks = array("", "@self", "@self");
68
include("head.inc");
69

    
70
if ($_POST['apply']) {
71
	print_apply_result_box($retval);
72
}
73

    
74
if (is_subsystem_dirty('natconf') && have_natpfruleint_access($natent['interface'])) {
75
	print_apply_box(gettext('The NAT configuration has been changed.') . '<br />' .
76
					gettext('The changes must be applied for them to take effect.'));
77
}
78

    
79
$tab_array = array();
80
$tab_array[] = array(gettext("Port Forward"), true, "firewall_nat.php");
81
$tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php");
82
$tab_array[] = array(gettext("Outbound"), false, "firewall_nat_out.php");
83
$tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php");
84
display_top_tabs($tab_array);
85

    
86
$columns_in_table = 13;
87
?>
88
<!-- Allow table to scroll when dragging outside of the display window -->
89
<style>
90
.table-responsive {
91
    clear: both;
92
    overflow-x: visible;
93
    margin-bottom: 0px;
94
}
95
</style>
96

    
97
<form action="firewall_nat.php" method="post" name="iform">
98
	<div class="panel panel-default">
99
		<div class="panel-heading"><h2 class="panel-title"><?=gettext('Rules')?></h2></div>
100
		<div class="panel-body table-responsive">
101
			<table id="ruletable" class="table table-striped table-hover table-condensed">
102
				<thead>
103
					<tr>
104
						<th style="padding-left:10px;">  <input type="checkbox" id="selectAll" name="selectAll" /></th>
105
						<th><!-- Icon --></th>
106
						<th><!-- Rule type --></th>
107
						<th><?=gettext("Interface")?></th>
108
						<th><?=gettext("Protocol")?></th>
109
						<th><?=gettext("Source Address")?></th>
110
						<th><?=gettext("Source Ports")?></th>
111
						<th><?=gettext("Dest. Address")?></th>
112
						<th><?=gettext("Dest. Ports")?></th>
113
						<th><?=gettext("NAT IP")?></th>
114
						<th><?=gettext("NAT Ports")?></th>
115
						<th><?=gettext("Description")?></th>
116
						<th><?=gettext("Actions")?></th>
117
					</tr>
118
				</thead>
119
				<tbody class='user-entries'>
120
<?php
121

    
122
$nnats = $i = 0;
123
$separators = $config['nat']['separator'];
124

    
125
// Get a list of separator rows and use it to call the display separator function only for rows which there are separator(s).
126
// More efficient than looping through the list of separators on every row.
127
$seprows = separator_rows($separators);
128

    
129
foreach ($a_nat as $natent):
130

    
131
	// Display separator(s) for section beginning at rule n
132
	if ($seprows[$nnats]) {
133
		display_separator($separators, $nnats, $columns_in_table);
134
	}
135

    
136
	$localport = $natent['local-port'];
137

    
138
	list($dstbeginport, $dstendport) = explode("-", $natent['destination']['port']);
139

    
140
	if ($dstendport && is_port($localport)) {
141
		$localendport = $natent['local-port'] + $dstendport - $dstbeginport;
142
		$localport	 .= '-' . $localendport;
143
	}
144

    
145
	$alias = rule_columns_with_alias(
146
		$natent['source']['address'],
147
		pprint_port($natent['source']['port']),
148
		$natent['destination']['address'],
149
		pprint_port($natent['destination']['port']),
150
		$natent['target'],
151
		$localport
152
	);
153

    
154
	if (isset($natent['disabled'])) {
155
		$iconfn = "pass_d";
156
		$trclass = 'class="disabled"';
157
	} else {
158
		$iconfn = "pass";
159
		$trclass = '';
160
	}
161

    
162
	$specialnets = get_specialnet();
163
	if (array_key_exists($natent['target'], $specialnets)) {
164
		$natent['target'] = $specialnets[$natent['target']];
165
	}
166
?>
167

    
168
					<tr id="fr<?=$nnats;?>" <?=$trclass?> onClick="fr_toggle(<?=$nnats;?>)" ondblclick="document.location='firewall_nat_edit.php?id=<?=$i;?>';">
169
						<td >
170
<?php	if (have_natpfruleint_access($natent['interface'])): ?>
171
							<input type="checkbox" id="frc<?=$nnats;?>" onClick="fr_toggle(<?=$nnats;?>)" name="rule[]" value="<?=$i;?>"/>
172
<?php	endif; ?>
173
						</td>
174
						<td>
175
<?php	if (have_natpfruleint_access($natent['interface'])): ?>
176
							<a href="?act=toggle&amp;id=<?=$i?>" usepost>
177
								<i class="fa fa-check" title="<?=gettext("click to toggle enabled/disabled status")?>"></i>
178
							</a>
179
<?php	endif; ?>
180
<?php 	if (isset($natent['nordr'])) { ?>
181
								&nbsp;<i class="fa fa-hand-stop-o text-danger" title="<?=gettext("Negated: This rule excludes NAT from a later rule")?>"></i>
182
<?php 	} ?>
183
						</td>
184
						<td>
185
<?php
186
	if ($natent['associated-rule-id'] == "pass"):
187
?>
188
							<i class="fa fa-play" title="<?=gettext("All traffic matching this NAT entry is passed")?>"></i>
189
<?php
190
	elseif (!empty($natent['associated-rule-id'])):
191
?>
192
							<i class="fa fa-random" title="<?=sprintf(gettext("Firewall rule ID %s is managed by this rule"), htmlspecialchars($natent['associated-rule-id']))?>"></i>
193
<?php
194
	endif;
195
?>
196
						</td>
197
						<td>
198
							<?=$textss?>
199
<?php
200
	if (!$natent['interface']) {
201
		echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan"));
202
	} else {
203
		echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface']));
204
	}
205
?>
206
							<?=$textse?>
207
						</td>
208

    
209
						<td>
210
							<?=$textss?><?=strtoupper($natent['protocol'])?><?=$textse?>
211
						</td>
212

    
213
						<td>
214

    
215

    
216
<?php
217
	if (isset($alias['src'])):
218
?>
219
							<a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true">
220
<?php
221
	endif;
222
?>
223
							<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['source'])))?>
224
<?php
225
	if (isset($alias['src'])):
226
?>
227
							</a>
228
<?php
229
	endif;
230
?>
231
						</td>
232
						<td>
233
<?php
234
	if (isset($alias['srcport'])):
235
?>
236
							<a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true">
237
<?php
238
	endif;
239
?>
240
							<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['source']['port'])))?>
241
<?php
242
	if (isset($alias['srcport'])):
243
?>
244
							</a>
245
<?php
246
	endif;
247
?>
248
						</td>
249

    
250
						<td>
251
<?php
252
	if (isset($alias['dst'])):
253
?>
254
							<a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true">
255
<?php
256
	endif;
257
?>
258
							<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_address($natent['destination'])))?>
259
<?php
260
	if (isset($alias['dst'])):
261
?>
262
							</a>
263
<?php
264
	endif;
265
?>
266
						</td>
267
						<td>
268
<?php
269
	if (isset($alias['dstport'])):
270
?>
271
							<a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true">
272
<?php
273
	endif;
274
?>
275
							<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($natent['destination']['port'])))?>
276
<?php
277
	if (isset($alias['dstport'])):
278
?>
279
							</a>
280
<?php
281
	endif;
282
?>
283
						</td>
284
						<td>
285
<?php
286
	if (isset($alias['target'])):
287
?>
288
							<a href="/firewall_aliases_edit.php?id=<?=$alias['target']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['target'])?>" data-html="true" >
289
<?php
290
	endif;
291
?>
292

    
293
							<?=str_replace('_', '_<wbr>', htmlspecialchars($natent['target']))?>
294
<?php
295
	if (isset($alias['target'])):
296
?>
297
							</a>
298
<?php
299
	endif;
300
?>
301
						</td>
302
						<td>
303
<?php
304
	if (isset($alias['targetport'])):
305
?>
306
							<a href="/firewall_aliases_edit.php?id=<?=$alias['targetport']?>" data-toggle="popover" data-trigger="hover focus" title="<?=gettext('Alias details')?>" data-content="<?=alias_info_popup($alias['targetport'])?>" data-html="true">
307
<?php
308
	endif;
309
?>
310
							<?=str_replace('_', '_<wbr>', htmlspecialchars(pprint_port($localport)))?>
311
<?php
312
	if (isset($alias['targetport'])):
313
?>
314
							</a>
315
<?php
316
	endif;
317
?>
318
						</td>
319

    
320
						<td>
321
							<?=htmlspecialchars($natent['descr'])?>
322
						</td>
323
						<td>
324
<?php	if (have_natpfruleint_access($natent['interface'])): ?>
325
							<a class="fa fa-pencil" title="<?=gettext("Edit rule"); ?>" href="firewall_nat_edit.php?id=<?=$i?>"></a>
326
							<a class="fa fa-clone"	  title="<?=gettext("Add a new NAT based on this one")?>" href="firewall_nat_edit.php?dup=<?=$i?>"></a>
327
							<a class="fa fa-trash"	title="<?=gettext("Delete rule")?>" href="firewall_nat.php?act=del&amp;id=<?=$i?>" usepost></a>
328
<?php	else: ?>
329
							-
330
<?php	endif; ?>
331
						</td>
332
					</tr>
333
<?php
334
	$i++;
335
	$nnats++;
336

    
337
endforeach;
338

    
339
// There can be separator(s) after the last rule listed.
340
if ($seprows[$nnats]) {
341
	display_separator($separators, $nnats, $columns_in_table);
342
}
343
?>
344
				</tbody>
345
			</table>
346
		</div>
347
	</div>
348

    
349
<?php	if (have_natpfruleint_access($natent['interface'])): ?>
350
	<nav class="action-buttons">
351
		<a href="firewall_nat_edit.php?after=-1" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the top of the list')?>">
352
			<i class="fa fa-level-up icon-embed-btn"></i>
353
			<?=gettext('Add')?>
354
		</a>
355
		<a href="firewall_nat_edit.php" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the end of the list')?>">
356
			<i class="fa fa-level-down icon-embed-btn"></i>
357
			<?=gettext('Add')?>
358
		</a>
359
		<button id="del_x" name="del_x" type="submit" class="btn btn-danger btn-sm" disabled title="<?=gettext('Delete selected rules')?>">
360
			<i class="fa fa-trash icon-embed-btn"></i>
361
			<?=gettext("Delete"); ?>
362
		</button>
363
		<button id="toggle_x" name="toggle_x" type="submit" class="btn btn-primary btn-sm" disabled value="<?=gettext("Toggle selected rules"); ?>" title="<?=gettext('Toggle selected rules')?>">
364
			<i class="fa fa-ban icon-embed-btn"></i>
365
			<?=gettext("Toggle"); ?>
366
		</button>
367
		<button type="submit" id="order-store" name="order-store" class="btn btn-primary btn-sm" disabled title="<?=gettext('Save rule order')?>">
368
			<i class="fa fa-save icon-embed-btn"></i>
369
			<?=gettext("Save")?>
370
		</button>
371
		<button type="submit" id="addsep" name="addsep" class="btn btn-sm btn-warning" title="<?=gettext('Add separator')?>">
372
			<i class="fa fa-plus icon-embed-btn"></i>
373
			<?=gettext("Separator")?>
374
		</button>
375
	</nav>
376
<?php	endif; ?>
377
</form>
378

    
379
<script type="text/javascript">
380
//<![CDATA[
381
//Need to create some variables here so that jquery/pfSenseHelpers.js can read them
382
iface = "<?=strtolower($if)?>";
383
cncltxt = '<?=gettext("Cancel")?>';
384
svtxt = '<?=gettext("Save")?>';
385
svbtnplaceholder = '<?=gettext("Enter a description, Save, then drag to final location.")?>';
386
configsection = "nat";
387
dirty = false;
388

    
389
events.push(function() {
390

    
391
<?php if(!isset($config['system']['webgui']['roworderdragging'])): ?>
392
	// Make rules sortable
393
	$('table tbody.user-entries').sortable({
394
		cursor: 'grabbing',
395
		update: function(event, ui) {
396
			$('#order-store').removeAttr('disabled');
397
			dirty = true;
398
			reindex_rules(ui.item.parent('tbody'));
399
			dirty = true;
400
		}
401
	});
402
<?php endif; ?>
403

    
404
	// Check all of the rule checkboxes so that their values are posted
405
	$('#order-store').click(function () {
406
	   $('[id^=frc]').prop('checked', true);
407

    
408
		// Save the separator bar configuration
409
		save_separators();
410

    
411
		// Suppress the "Do you really want to leave the page" message
412
		saving = true;
413

    
414
	});
415

    
416
	$('[id^=fr]').click(function () {
417
		buttonsmode('frc', ['del_x', 'toggle_x']);
418
	});
419

    
420
	// Globals
421
	saving = false;
422
	dirty = false;
423

    
424
	// provide a warning message if the user tries to change page before saving
425
	// Unfortunately the custom message is not supported in modern browsers, but he user wil lat
426
	// least see a generic warning message
427
	$(window).bind('beforeunload', function(){
428
		if (!saving && dirty) {
429
			return ("<?=gettext('One or more Port Forward rules have been moved but have not yet been saved')?>");
430
		} else {
431
			return undefined;
432
		}
433
	});
434

    
435
	$('#selectAll').click(function() {
436
		var checkedStatus = this.checked;
437
		$('#ruletable tbody tr').find('td:first :checkbox').each(function() {
438
		$(this).prop('checked', checkedStatus);
439
		});
440
		buttonsmode('frc', ['del_x', 'toggle_x']);
441
	});
442
});
443
//]]>
444
</script>
445
<?php
446

    
447
if (count($a_nat) > 0) {
448
?>
449
<!-- Legend -->
450
<div>
451
	<dl class="dl-horizontal responsive">
452
		<dt><?=gettext('Legend')?></dt>					<dd></dd>
453
		<dt><i class="fa fa-play"></i></dt>			<dd><?=gettext('Pass')?></dd>
454
		<dt><i class="fa fa-random"></i></dt>		<dd><?=gettext('Linked rule')?></dd>
455
	</dl>
456
</div>
457

    
458
<?php
459
}
460

    
461
include("foot.inc");
(42-42/228)