/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ cbeed539

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: filter
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-rules-edit
39			##\|*NAME=Firewall: Rules: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
41			##\|MATCH=firewall_rules_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	1a03cf69	Scott Ullrich	require("filter.inc");
46			require("shaper.inc");
47	5b237745	Scott Ullrich
48	e5e5ba51	Vinicius Coque	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
49	3331a640	Ermal Lu?i	$ifdisp = get_configured_interface_with_descr();
50	679d21bb	Ermal Lu?i	foreach ($ifdisp as $kif => $kdescr) {
51	3331a640	Ermal Lu?i	$specialsrcdst[] = "{$kif}";
52			$specialsrcdst[] = "{$kif}ip";
53	679d21bb	Ermal Lu?i	}
54	5b237745	Scott Ullrich
55			if (!is_array($config['filter']['rule'])) {
56			$config['filter']['rule'] = array();
57			}
58			filter_rules_sort();
59			$a_filter = &$config['filter']['rule'];
60
61			$id = $_GET['id'];
62			if (is_numeric($_POST['id']))
63			$id = $_POST['id'];
64	5ba18897	Scott Ullrich
65	5b237745	Scott Ullrich	$after = $_GET['after'];
66
67			if (isset($_POST['after']))
68			$after = $_POST['after'];
69
70			if (isset($_GET['dup'])) {
71			$id = $_GET['dup'];
72			$after = $_GET['dup'];
73			}
74
75			if (isset($id) && $a_filter[$id]) {
76			$pconfig['interface'] = $a_filter[$id]['interface'];
77	5ba18897	Scott Ullrich
78	b9e28d57	unknown	if (isset($a_filter[$id]['id']))
79			$pconfig['ruleid'] = $a_filter[$id]['id'];
80
81	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
82			$pconfig['type'] = "pass";
83			else
84			$pconfig['type'] = $a_filter[$id]['type'];
85	5ba18897	Scott Ullrich
86	4633edc2	Ermal Luçi	if (isset($a_filter[$id]['floating']) \|\| $if == "FloatingRules") {
87	661aed33	Ermal Luçi	$pconfig['floating'] = $a_filter[$id]['floating'];
88			if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
89			$pconfig['interface'] = $a_filter[$id]['interface'];
90			}
91
92			if (isset($a_filter['floating']))
93			$pconfig['floating'] = "yes";
94
95			if (isset($a_filter[$id]['direction']))
96			$pconfig['direction'] = $a_filter[$id]['direction'];
97
98	1306c7dd	Seth Mos	if (isset($a_filter[$id]['ipprotocol']))
99			$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
100
101	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
102			$pconfig['proto'] = $a_filter[$id]['protocol'];
103			else
104			$pconfig['proto'] = "any";
105	5ba18897	Scott Ullrich
106	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
107			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
108	5ba18897	Scott Ullrich
109	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
110			$pconfig['srcmask'], $pconfig['srcnot'],
111			$pconfig['srcbeginport'], $pconfig['srcendport']);
112	5ba18897	Scott Ullrich
113	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
114			$pconfig['os'] = $a_filter[$id]['os'];
115	e33c8694	Bill Marquette
116	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
117			$pconfig['dstmask'], $pconfig['dstnot'],
118			$pconfig['dstbeginport'], $pconfig['dstendport']);
119
120	c5fc1b2e	Ermal Luçi	if ($a_filter[$id]['dscp'] <> "")
121			$pconfig['dscp'] = $a_filter[$id]['dscp'];
122
123	5b237745	Scott Ullrich	$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
124			$pconfig['log'] = isset($a_filter[$id]['log']);
125			$pconfig['descr'] = $a_filter[$id]['descr'];
126	8c84fe43	Scott Ullrich
127	b8ed2a11	Ermal	if (isset($a_filter[$id]['tcpflags_any']))
128			$pconfig['tcpflags_any'] = true;
129			else {
130			if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
131			$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1'];
132			if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
133			$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2'];
134			}
135
136	5c1f5584	Ermal Luçi	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
137	661aed33	Ermal Luçi	$pconfig['tag'] = $a_filter[$id]['tag'];
138	b6494651	Ermal Lu?i	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "")
139	661aed33	Ermal Luçi	$pconfig['tagged'] = $a_filter[$id]['tagged'];
140			if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick'])
141			$pconfig['quick'] = $a_filter[$id]['quick'];
142	775ccea3	Ermal Luci	if (isset($a_filter[$id]['allowopts']))
143			$pconfig['allowopts'] = true;
144	19757916	Ermal Lu?i	if (isset($a_filter[$id]['disablereplyto']))
145			$pconfig['disablereplyto'] = true;
146	661aed33	Ermal Luçi
147	ed08ef3e	Scott Ullrich	/* advanced */
148	a56b2fa0	pierrepomes	$pconfig['max'] = $a_filter[$id]['max'];
149	f1c49ff4	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
150	26dd6a54	pierrepomes	$pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn'];
151	f1c49ff4	Scott Ullrich	$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
152			$pconfig['statetype'] = $a_filter[$id]['statetype'];
153	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
154	8c84fe43	Scott Ullrich
155	f1c49ff4	Scott Ullrich	/* advanced - nosync */
156	8c84fe43	Scott Ullrich	$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
157	10f21e70	Scott Ullrich
158	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
159			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
160			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
161	5ba18897	Scott Ullrich
162	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
163	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
164	615b27bc	Scott Dale
165	197bfe96	Ermal Luçi	/* Shaper support */
166			$pconfig['defaultqueue'] = $a_filter[$id]['defaultqueue'];
167			$pconfig['ackqueue'] = $a_filter[$id]['ackqueue'];
168	a5fd67e1	Ermal Luçi	$pconfig['dnpipe'] = $a_filter[$id]['dnpipe'];
169			$pconfig['pdnpipe'] = $a_filter[$id]['pdnpipe'];
170	7e50413c	Ermal Luçi	$pconfig['l7container'] = $a_filter[$id]['l7container'];
171	197bfe96	Ermal Luçi
172	615b27bc	Scott Dale	//schedule support
173			$pconfig['sched'] = $a_filter[$id]['sched'];
174	1346306c	Ermal	$pconfig['vlanprio'] = $a_filter[$id]['vlanprio'];
175			$pconfig['vlanprioset'] = $a_filter[$id]['vlanprioset'];
176	35c9cd44	Erik Fonnesbeck	if (!isset($_GET['dup']))
177			$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
178	c98ddde2	Bill Marquette
179	5b237745	Scott Ullrich	} else {
180			/* defaults */
181	a23d7248	Scott Ullrich	if ($_GET['if'])
182			$pconfig['interface'] = $_GET['if'];
183	e5e5ba51	Vinicius Coque	$pconfig['type'] = "pass";
184			$pconfig['src'] = "any";
185			$pconfig['dst'] = "any";
186	5b237745	Scott Ullrich	}
187	a133c803	Phil Davis	/* Allow the FloatingRules to work */
188	72320b88	Ermal Luçi	$if = $pconfig['interface'];
189	5b237745	Scott Ullrich
190			if (isset($_GET['dup']))
191			unset($id);
192
193	85a236e9	Ermal	read_altq_config(); /* XXX: */
194			$qlist =& get_unique_queue_list();
195			read_dummynet_config(); /* XXX: */
196			$dnqlist =& get_unique_dnqueue_list();
197			read_layer7_config();
198			$l7clist =& get_l7_unique_list();
199
200	5b237745	Scott Ullrich	if ($_POST) {
201	99bdb17e	Seth Mos	unset($input_errors);
202	87f0be87	Chris Buechler
203	48a27d4f	Erik Fonnesbeck	if( isset($a_filter[$id]['associated-rule-id']) ) {
204			$_POST['proto'] = $pconfig['proto'];
205			if ($pconfig['proto'] == "icmp")
206			$_POST['icmptype'] = $pconfig['icmptype'];
207			}
208
209	99bdb17e	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "")) {
210	ee8c34f4	smos	$a_gatewaygroups = return_gateway_groups_array();
211	a133c803	Phil Davis	if(is_array($config['gateways']['gateway_group'])) {
212			foreach($config['gateways']['gateway_group'] as $gw_group) {
213			if($gw_group['name'] == $_POST['gateway']) {
214			$family = $a_gatewaygroups[$_POST['gateway']]['ipprotocol'];
215			if($_POST['ipprotocol'] == $family) {
216			continue;
217			}
218			if(($_POST['ipprotocol'] == "inet46") && ($_POST['ipprotocol'] != $family)) {
219			$input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6");
220			}
221			if(($_POST['ipprotocol'] == "inet6") && ($_POST['ipprotocol'] != $family)) {
222			$input_errors[] = gettext("You can not assign a IPv4 gateway group on IPv6 Address Family rule");
223			}
224			if(($_POST['ipprotocol'] == "inet") && ($_POST['ipprotocol'] != $family)) {
225			$input_errors[] = gettext("You can not assign a IPv6 gateway group on IPv4 Address Family rule");
226			}
227	99bdb17e	Seth Mos	}
228			}
229			}
230			}
231	9dfd60db	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "") && (is_ipaddr(lookup_gateway_ip_by_name($_POST['gateway'])))) {
232	05a4cebd	smos	if(($_POST['ipprotocol'] == "inet46") && ($_POST['gateway'] <> "")) {
233			$input_errors[] = gettext("You can not assign a gateway to a rule that applies to IPv4 and IPv6");
234			}
235	99bdb17e	Seth Mos	if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) {
236			$input_errors[] = gettext("You can not assign the IPv4 Gateway to a IPv6 Filter rule");
237			}
238			if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) {
239			$input_errors[] = gettext("You can not assign the IPv6 Gateway to a IPv4 Filter rule");
240			}
241			}
242
243	05a4cebd	smos	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp") && ($_POST['proto'] != "icmp")) {
244			if($_POST['ipprotocol'] == "inet46")
245			$input_errors[] = gettext("You can not assign a protocol other then ICMP, TCP, UDP or TCP/UDP to a rule that applies to IPv4 and IPv6");
246			}
247			if (($_POST['proto'] == "icmp") && ($_POST['icmptype'] <> "")){
248			if($_POST['ipprotocol'] == "inet46")
249			$input_errors[] = gettext("You can not assign a ICMP type to a rule that applies to IPv4 and IPv6");
250			}
251
252	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
253			$_POST['srcbeginport'] = 0;
254			$_POST['srcendport'] = 0;
255			$_POST['dstbeginport'] = 0;
256			$_POST['dstendport'] = 0;
257			} else {
258			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
259	90f90934	Cristian Feldman	$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
260	5b237745	Scott Ullrich	if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
261	90f90934	Cristian Feldman	$_POST['srcendport'] = trim($_POST['srcendport_cust']);
262	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
263			$_POST['srcbeginport'] = 0;
264			$_POST['srcendport'] = 0;
265	5ba18897	Scott Ullrich	} else {
266	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
267			$_POST['srcendport'] = $_POST['srcbeginport'];
268			}
269			if ($_POST['srcendport'] == "any")
270			$_POST['srcendport'] = $_POST['srcbeginport'];
271	5ba18897	Scott Ullrich
272	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
273	90f90934	Cristian Feldman	$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
274	5b237745	Scott Ullrich	if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
275	90f90934	Cristian Feldman	$_POST['dstendport'] = trim($_POST['dstendport_cust']);
276	5ba18897	Scott Ullrich
277	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
278			$_POST['dstbeginport'] = 0;
279			$_POST['dstendport'] = 0;
280	5ba18897	Scott Ullrich	} else {
281	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
282			$_POST['dstendport'] = $_POST['dstbeginport'];
283			}
284			if ($_POST['dstendport'] == "any")
285	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
286	5b237745	Scott Ullrich	}
287	5ba18897	Scott Ullrich
288	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
289			$_POST['src'] = $_POST['srctype'];
290			$_POST['srcmask'] = 0;
291			} else if ($_POST['srctype'] == "single") {
292			$_POST['srcmask'] = 32;
293			}
294			if (is_specialnet($_POST['dsttype'])) {
295			$_POST['dst'] = $_POST['dsttype'];
296			$_POST['dstmask'] = 0;
297			} else if ($_POST['dsttype'] == "single") {
298			$_POST['dstmask'] = 32;
299			}
300	5ba18897	Scott Ullrich
301	5b237745	Scott Ullrich	$pconfig = $_POST;
302
303			/* input validation */
304	1122a892	Erik Fonnesbeck	$reqdfields = explode(" ", "type proto");
305			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
306	48a27d4f	Erik Fonnesbeck	$reqdfields[] = "src";
307			$reqdfields[] = "dst";
308	1122a892	Erik Fonnesbeck	}
309			$reqdfieldsn = explode(",", "Type,Protocol");
310			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
311			$reqdfieldsn[] = "Source";
312	473d0ff0	pierrepomes	$reqdfieldsn[] = "Destination";
313	1122a892	Erik Fonnesbeck	}
314	5b237745	Scott Ullrich
315	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
316	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
317	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid with protocol tcp."),$_POST['statetype']);
318	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
319	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
320	452ade89	Bill Marquette	}
321	10f7933f	Chris Buechler
322	1122a892	Erik Fonnesbeck	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
323			(!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) ) {
324	5b237745	Scott Ullrich	$reqdfields[] = "srcmask";
325			$reqdfieldsn[] = "Source bit count";
326			}
327	9b16b834	Ermal Lu?i	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
328	473d0ff0	pierrepomes	(!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) ) {
329	5b237745	Scott Ullrich	$reqdfields[] = "dstmask";
330	11d2c529	Rafael Lucas	$reqdfieldsn[] = gettext("Destination bit count");
331	5b237745	Scott Ullrich	}
332	5ba18897	Scott Ullrich
333	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
334	5ba18897	Scott Ullrich
335	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
336			$_POST['srcbeginport'] = 0;
337			$_POST['srcendport'] = 0;
338			}
339			if (!$_POST['dstbeginport']) {
340			$_POST['dstbeginport'] = 0;
341			$_POST['dstendport'] = 0;
342			}
343	5ba18897	Scott Ullrich
344	9b45f821	Ermal Lu?i	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
345	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
346	90f90934	Cristian Feldman	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
347			$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
348			if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
349			$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
350			if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
351			$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
352	5909b520	Evgeny Yurchenko	if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust'])
353			if (is_alias($_POST['srcendport_cust']))
354			$input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field';
355			if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
356			if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust'])
357			$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields';
358			if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) \|\|
359			((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
360			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field';
361			}
362			if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust'])
363			if (is_alias($_POST['dstendport_cust']))
364			$input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field';
365			if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
366			if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust'])
367			$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields';
368			if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) \|\|
369			((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
370			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field';
371			}
372	5ba18897	Scott Ullrich
373	90f90934	Cristian Feldman	if ($_POST['src'])
374			$_POST['src'] = trim($_POST['src']);
375			if ($_POST['dst'])
376			$_POST['dst'] = trim($_POST['dst']);
377
378	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
379			if($_POST['srctype'] == "network") {
380			if(is_alias($_POST['src']))
381	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
382	0e5ddcd9	Scott Ullrich	}
383			if($_POST['dsttype'] == "network") {
384			if(is_alias($_POST['dst']))
385	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
386	0e5ddcd9	Scott Ullrich	}
387
388	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
389	1e578a7f	Ermal Lu?i	if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
390	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."),$_POST['src']);
391	5b237745	Scott Ullrich	}
392			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
393	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid source bit count must be specified.");
394	5b237745	Scott Ullrich	}
395			}
396			if (!is_specialnet($_POST['dsttype'])) {
397	1e578a7f	Ermal Lu?i	if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
398	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."),$_POST['dst']);
399	5b237745	Scott Ullrich	}
400			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
401	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid destination bit count must be specified.");
402	5b237745	Scott Ullrich	}
403			}
404	8c591d01	Seth Mos	if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) {
405	270a2576	Seth Mos	if(!validate_address_family($_POST['src'], $_POST['dst']))
406			$input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']);
407	4108dee8	Seth Mos	if((is_ipaddrv6($_POST['src']) \|\| is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet"))
408			$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
409			if((is_ipaddrv4($_POST['src']) \|\| is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6"))
410			$input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
411	05a4cebd	smos	if((is_ipaddr($_POST['src']) \|\| is_ipaddr($_POST['dst'])) && ($_POST['ipprotocol'] == "inet46"))
412			$input_errors[] = gettext("You can not use a IPv4 or IPv6 address in combined IPv4 + IPv6 rules.");
413
414	270a2576	Seth Mos	}
415	5ba18897	Scott Ullrich
416	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
417			/* swap */
418			$tmp = $_POST['srcendport'];
419			$_POST['srcendport'] = $_POST['srcbeginport'];
420			$_POST['srcbeginport'] = $tmp;
421			}
422			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
423			/* swap */
424			$tmp = $_POST['dstendport'];
425			$_POST['dstendport'] = $_POST['dstbeginport'];
426			$_POST['dstbeginport'] = $tmp;
427			}
428	e33c8694	Bill Marquette	if ($_POST['os'])
429			if( $_POST['proto'] != "tcp" )
430	11d2c529	Rafael Lucas	$input_errors[] = gettext("OS detection is only valid with protocol tcp.");
431	5b237745	Scott Ullrich
432	197bfe96	Ermal Luçi	if ($_POST['ackqueue'] && $_POST['ackqueue'] != "none") {
433			if ($_POST['defaultqueue'] == "none" )
434	11d2c529	Rafael Lucas	$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
435	197bfe96	Ermal Luçi	else if ($_POST['ackqueue'] == $_POST['defaultqueue'])
436	11d2c529	Rafael Lucas	$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
437	197bfe96	Ermal Luçi	}
438	6735d092	Ermal	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
439	02d7e4a4	Ermal	$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
440	622bd5e7	Ermal	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
441	37d202a3	Ermal	$input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction.");
442	a5fd67e1	Ermal Luçi	if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") {
443			if ($_POST['dnpipe'] == "none" )
444	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
445	a5fd67e1	Ermal Luçi	else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
446	11d2c529	Rafael Lucas	$input_errors[] = gettext("In and Out Queue cannot be the same.");
447	85a236e9	Ermal	else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?")
448	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
449	85a236e9	Ermal	else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?")
450	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
451	fbc75dd5	Ermal	if ($_POST['direction'] == "out" && empty($_POST['gateway']))
452			$input_errors[] = gettext("Please select a gateway, normaly the interface selected gateway, so the limiters work correctly");
453	a5fd67e1	Ermal Luçi	}
454	b9e28d57	unknown	if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
455	11d2c529	Rafael Lucas	$input_errors[] = gettext('ID must be an integer');
456	7e50413c	Ermal Luçi	if($_POST['l7container'] && $_POST['l7container'] != "none") {
457			if(!($_POST['proto'] == "tcp" \|\| $_POST['proto'] == "udp" \|\| $_POST['proto'] == "tcp/udp"))
458	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols");
459	3b184ca5	Ermal Lu?i	if ($_POST['type'] <> "pass")
460	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
461	7e50413c	Ermal Luçi	}
462	197bfe96	Ermal Luçi
463	b8ed2a11	Ermal	if (!$_POST['tcpflags_any']) {
464			$settcpflags = array();
465			$outoftcpflags = array();
466			foreach ($tcpflags as $tcpflag) {
467			if ($_POST['tcpflags1_' . $tcpflag] == "on")
468			$settcpflags[] = $tcpflag;
469			if ($_POST['tcpflags2_' . $tcpflag] == "on")
470			$outoftcpflags[] = $tcpflag;
471			}
472			if (empty($outoftcpflags) && !empty($settcpflags))
473	11d2c529	Rafael Lucas	$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
474	b8ed2a11	Ermal	}
475
476	d65962a7	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
477			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation");
478
479	5b237745	Scott Ullrich	if (!$input_errors) {
480			$filterent = array();
481	b9e28d57	unknown	$filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:'';
482	5b237745	Scott Ullrich	$filterent['type'] = $_POST['type'];
483	661aed33	Ermal Luçi	if (isset($_POST['interface'] ))
484			$filterent['interface'] = $_POST['interface'];
485
486	1306c7dd	Seth Mos	if (isset($_POST['ipprotocol'] ))
487			$filterent['ipprotocol'] = $_POST['ipprotocol'];
488
489	b8ed2a11	Ermal	if ($_POST['tcpflags_any']) {
490			$filterent['tcpflags_any'] = true;
491			} else {
492			$settcpflags = array();
493			$outoftcpflags = array();
494			foreach ($tcpflags as $tcpflag) {
495			if ($_POST['tcpflags1_' . $tcpflag] == "on")
496			$settcpflags[] = $tcpflag;
497			if ($_POST['tcpflags2_' . $tcpflag] == "on")
498			$outoftcpflags[] = $tcpflag;
499			}
500			if (!empty($outoftcpflags)) {
501			$filterent['tcpflags2'] = join(",", $outoftcpflags);
502			if (!empty($settcpflags))
503			$filterent['tcpflags1'] = join(",", $settcpflags);
504			}
505			}
506
507	fd9ba7c0	Ermal	if (isset($_POST['tag']))
508			$filterent['tag'] = $_POST['tag'];
509			if (isset($_POST['tagged']))
510			$filterent['tagged'] = $_POST['tagged'];
511	661aed33	Ermal Luçi	if ($if == "FloatingRules" \|\| isset($_POST['floating'])) {
512			$filterent['direction'] = $_POST['direction'];
513			if (isset($_POST['quick']) && $_POST['quick'] <> "")
514			$filterent['quick'] = $_POST['quick'];
515			$filterent['floating'] = "yes";
516			if (isset($_POST['interface']) && count($_POST['interface']) > 0) {
517	f1602cc4	sullrich	$filterent['interface'] = implode(",", $_POST['interface']);
518	661aed33	Ermal Luçi	}
519			}
520	d59874c1	Scott Ullrich
521	bdb7d6e7	Scott Ullrich	/* Advanced options */
522	775ccea3	Ermal Luci	if ($_POST['allowopts'] == "yes")
523			$filterent['allowopts'] = true;
524			else
525			unset($filterent['allowopts']);
526	19757916	Ermal Lu?i	if ($_POST['disablereplyto'] == "yes")
527			$filterent['disablereplyto'] = true;
528			else
529			unset($filterent['disablereplyto']);
530	a56b2fa0	pierrepomes	$filterent['max'] = $_POST['max'];
531	bdb7d6e7	Scott Ullrich	$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
532	26dd6a54	pierrepomes	$filterent['max-src-conn'] = $_POST['max-src-conn'];
533	bdb7d6e7	Scott Ullrich	$filterent['max-src-states'] = $_POST['max-src-states'];
534	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
535	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
536	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
537	10f21e70	Scott Ullrich
538			/* Nosync directive - do not xmlrpc sync this item */
539	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
540	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
541			else
542			unset($filterent['nosync']);
543
544	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
545			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
546			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
547			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
548			} else {
549			unset($filterent['max-src-conn-rate']);
550			unset($filterent['max-src-conn-rates']);
551			}
552	5ba18897	Scott Ullrich
553	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
554			$filterent['protocol'] = $_POST['proto'];
555			else
556			unset($filterent['protocol']);
557	5ba18897	Scott Ullrich
558	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
559			$filterent['icmptype'] = $_POST['icmptype'];
560			else
561			unset($filterent['icmptype']);
562	5ba18897	Scott Ullrich
563	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
564			$_POST['srcmask'], $_POST['srcnot'],
565			$_POST['srcbeginport'], $_POST['srcendport']);
566	5ba18897	Scott Ullrich
567	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
568			$_POST['dstmask'], $_POST['dstnot'],
569			$_POST['dstbeginport'], $_POST['dstendport']);
570	5ba18897	Scott Ullrich
571	f1602cc4	sullrich	if ($_POST['disabled'])
572			$filterent['disabled'] = true;
573			else
574			unset($filterent['disabled']);
575
576	c5fc1b2e	Ermal Luçi	if ($_POST['dscp'])
577			$filterent['dscp'] = $_POST['dscp'];
578
579	f1602cc4	sullrich	if ($_POST['log'])
580			$filterent['log'] = true;
581			else
582			unset($filterent['log']);
583	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
584	5ba18897	Scott Ullrich
585	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
586			$filterent['gateway'] = $_POST['gateway'];
587			}
588	197bfe96	Ermal Luçi
589			if (isset($_POST['defaultqueue']) && $_POST['defaultqueue'] != "none") {
590			$filterent['defaultqueue'] = $_POST['defaultqueue'];
591			if (isset($_POST['ackqueue']) && $_POST['ackqueue'] != "none")
592			$filterent['ackqueue'] = $_POST['ackqueue'];
593			}
594	c98ddde2	Bill Marquette
595	a5fd67e1	Ermal Luçi	if (isset($_POST['dnpipe']) && $_POST['dnpipe'] != "none") {
596			$filterent['dnpipe'] = $_POST['dnpipe'];
597			if (isset($_POST['pdnpipe']) && $_POST['pdnpipe'] != "none")
598			$filterent['pdnpipe'] = $_POST['pdnpipe'];
599			}
600
601	7e50413c	Ermal Luçi	if (isset($_POST['l7container']) && $_POST['l7container'] != "none") {
602			$filterent['l7container'] = $_POST['l7container'];
603			}
604
605	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
606			$filterent['sched'] = $_POST['sched'];
607			}
608
609	1346306c	Ermal	if ($_POST['vlanprio'] != "") {
610			$filterent['vlanprio'] = $_POST['vlanprio'];
611			}
612			if ($_POST['vlanprioset'] != "") {
613			$filterent['vlanprioset'] = $_POST['vlanprioset'];
614			}
615
616	1122a892	Erik Fonnesbeck	// If we have an associated nat rule, make sure the source and destination doesn't change
617	9b16b834	Ermal Lu?i	if( isset($a_filter[$id]['associated-rule-id']) ) {
618	0bfd0f79	Erik Fonnesbeck	$filterent['interface'] = $a_filter[$id]['interface'];
619	48a27d4f	Erik Fonnesbeck	if (isset($a_filter[$id]['protocol']))
620			$filterent['protocol'] = $a_filter[$id]['protocol'];
621			else if (isset($filterent['protocol']))
622			unset($filterent['protocol']);
623			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype'])
624			$filterent['icmptype'] = $a_filter[$id]['icmptype'];
625			else if (isset($filterent['icmptype']))
626			unset($filterent['icmptype']);
627	1306c7dd	Seth Mos
628	1122a892	Erik Fonnesbeck	$filterent['source'] = $a_filter[$id]['source'];
629	473d0ff0	pierrepomes	$filterent['destination'] = $a_filter[$id]['destination'];
630	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
631	473d0ff0	pierrepomes	}
632
633	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
634			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
635
636	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
637			$a_filter[$id] = $filterent;
638			else {
639			if (is_numeric($after))
640			array_splice($a_filter, $after+1, 0, array($filterent));
641			else
642			$a_filter[] = $filterent;
643			}
644	f4e2a352	Scott Ullrich
645	ea57ccb8	Erik Fonnesbeck	filter_rules_sort();
646	d65962a7	Scott Ullrich
647	3a343d73	jim-p	if (write_config())
648	bec92ab9	jim-p	mark_subsystem_dirty('filter');
649	5ba18897	Scott Ullrich
650	661aed33	Ermal Luçi	if (isset($_POST['floating']))
651			header("Location: firewall_rules.php?if=FloatingRules");
652			else
653	bb33a337	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
654	5b237745	Scott Ullrich	exit;
655			}
656	c60824d2	Scott Ullrich	}
657
658	11d2c529	Rafael Lucas	$pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit"));
659	b32dd0a6	jim-p	$shortcut_section = "firewall";
660	3cceb5d5	jim-p
661	a1357fe0	Bill Marquette	$closehead = false;
662	8ab3e9ed	Erik Kristensen
663			$page_filename = "firewall_rules_edit.php";
664	da7ae7ef	Bill Marquette	include("head.inc");
665	c60824d2	Scott Ullrich
666	5b237745	Scott Ullrich	?>
667	4bb99603	Scott Ullrich	<link rel="stylesheet" href="/javascript/chosen/chosen.css" />
668	5b237745	Scott Ullrich	</head>
669
670			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
671	f51d5d57	Darren Embry	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
672	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
673	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
674	48fc39a3	Scott Ullrich	<?php pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_input_errors"); ?>
675	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
676	8ab3e9ed	Erik Kristensen
677			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
678	6eac9b90	Scott Ullrich	<input type='hidden' name="ruleid" value="<?=(isset($pconfig['ruleid'])&&$pconfig['ruleid']>0)?htmlspecialchars($pconfig['ruleid']):''?>">
679
680	8ab3e9ed	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
681	e091cb45	Scott Ullrich	<tr>
682	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td>
683	e091cb45	Scott Ullrich	</tr>
684	b4b7bda6	Scott Ullrich	<?php
685			// Allow extending of the firewall edit page and include custom input validation
686			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
687			?>
688	8ab3e9ed	Erik Kristensen	<tr>
689	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
690	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
691	b5c78501	Seth Mos	<select name="type" class="formselect">
692	e5e5ba51	Vinicius Coque	<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
693	8ab3e9ed	Erik Kristensen	<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
694			<?=htmlspecialchars($type);?>
695			</option>
696			<?php endforeach; ?>
697	a391d0ab	Ermal	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
698	84464c9a	Ermal	<option value="match" <?php if ("match" == strtolower($pconfig['type'])) echo "selected"; ?>>Match</option>
699	a391d0ab	Ermal	<?php endif; ?>
700	8c84fe43	Scott Ullrich	</select>
701	8ab3e9ed	Erik Kristensen	<br/>
702			<span class="vexpl">
703	11d2c529	Rafael Lucas	<?=gettext("Choose what to do with packets that match the criteria specified below.");?> <br/>
704			<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
705	8ab3e9ed	Erik Kristensen	</span>
706			</td>
707			</tr>
708			<tr>
709	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
710	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
711			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
712	11d2c529	Rafael Lucas	<strong><?=gettext("Disable this rule");?></strong><br />
713			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list.");?></span>
714	8ab3e9ed	Erik Kristensen	</td>
715			</tr>
716	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
717			<tr>
718	f1602cc4	sullrich	<td width="22%" valign="top" class="vncellreq">
719			<?=gettext("Quick");?>
720			</td>
721			<td width="78%" class="vtable">
722			<input name="quick" type="checkbox" id="quick" value="yes" <?php if ($pconfig['quick']) echo "checked=\"checked\""; ?> />
723			<strong><?=gettext("Apply the action immediately on match.");?></strong><br />
724			<span class="vexpl"><?=gettext("Set this option if you need to apply this action to traffic that matches this rule immediately.");?></span>
725			</td>
726			</tr>
727	e73b001e	Renato Botelho	<?php endif; ?>
728	48a27d4f	Erik Fonnesbeck	<?php $edit_disabled = ""; ?>
729			<?php if( isset($pconfig['associated-rule-id']) ): ?>
730			<tr>
731			<td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td>
732			<td width="78%" class="vtable">
733	e4b9d53b	Warren Baker	<span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("This is associated to a NAT rule.");?><br />
734	48a27d4f	Erik Fonnesbeck	<?=gettext("You cannot edit the interface, protocol, source, or destination of associated filter rules.");?><br />
735			<br />
736			<?php
737			$edit_disabled = "disabled";
738			if (is_array($config['nat']['rule'])) {
739			foreach( $config['nat']['rule'] as $index => $nat_rule ) {
740			if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
741			echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br>";
742			break;
743			}
744			}
745			}
746			echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' >";
747			if (!empty($pconfig['interface']))
748			echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' >";
749			?>
750			<script type="text/javascript">
751			editenabled = 0;
752			</script>
753			</td>
754			</tr>
755	ee9933b6	Renato Botelho	<?php endif; ?>
756	8ab3e9ed	Erik Kristensen	<tr>
757	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
758	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
759	48a27d4f	Erik Fonnesbeck	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
760	4bb99603	Scott Ullrich	<select name="interface[]" title="Select interfaces..." multiple style="width:350px;" class="chzn-select" tabindex="2" <?=$edit_disabled;?>>
761	ee9933b6	Renato Botelho	<?php else: ?>
762	48a27d4f	Erik Fonnesbeck	<select name="interface" class="formselect" <?=$edit_disabled;?>>
763	8ab3e9ed	Erik Kristensen	<?php
764	661aed33	Ermal Luçi	endif;
765	a7782099	Ermal Lu?i	/* add group interfaces */
766	f1602cc4	sullrich	if (is_array($config['ifgroups']['ifgroupentry']))
767	a7782099	Ermal Lu?i	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
768			if (have_ruleint_access($ifgen['ifname']))
769			$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
770	b7391125	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
771	0040bcfa	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
772			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
773	5335811d	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
774	0040bcfa	Scott Ullrich	if(have_ruleint_access($ifent))
775	f1602cc4	sullrich	$interfaces[$ifent] = $ifdesc;
776	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
777	f1602cc4	sullrich	if(have_ruleint_access("l2tp"))
778			$interfaces['l2tp'] = "L2TP VPN";
779	b6742927	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
780			if(have_ruleint_access("pptp"))
781			$interfaces['pptp'] = "PPTP VPN";
782
783	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
784			$interfaces['pppoe'] = "PPPoE VPN";
785	b6742927	Scott Ullrich	/* add ipsec interfaces */
786	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
787	b6742927	Scott Ullrich	if(have_ruleint_access("enc0"))
788	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
789	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
790	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
791	d030c9de	Erik Fonnesbeck	$interfaces["openvpn"] = "OpenVPN";
792	43fd29df	Erik Fonnesbeck	if (is_array($pconfig['interface']))
793			$pconfig['interface'] = implode(",", $pconfig['interface']);
794	d030c9de	Erik Fonnesbeck	$selected_interfaces = explode(",", $pconfig['interface']);
795	8ab3e9ed	Erik Kristensen	foreach ($interfaces as $iface => $ifacename): ?>
796	74aff49c	Renato Botelho	<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 \|\| in_array($iface, $selected_interfaces) )) echo "selected"; ?>><?=$ifacename?></option>
797	8ab3e9ed	Erik Kristensen	<?php endforeach; ?>
798	8c84fe43	Scott Ullrich	</select>
799	8ab3e9ed	Erik Kristensen	<br />
800	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose on which interface packets must come in to match this rule.");?></span>
801	8ab3e9ed	Erik Kristensen	</td>
802			</tr>
803	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
804	f1602cc4	sullrich	<tr>
805			<td width="22%" valign="top" class="vncellreq">
806			<?=gettext("Direction");?>
807			</td>
808			<td width="78%" class="vtable">
809			<select name="direction" class="formselect">
810	e5e5ba51	Vinicius Coque	<?php $directions = array('any','in','out');
811	f1602cc4	sullrich	foreach ($directions as $direction): ?>
812			<option value="<?=$direction;?>"
813			<?php if ($direction == $pconfig['direction']): ?>
814			selected="selected"
815			<?php endif; ?>
816			><?=$direction;?></option>
817			<?php endforeach; ?>
818			</select>
819			<input type="hidden" id="floating" name="floating" value="floating">
820			</td>
821			<tr>
822	661aed33	Ermal Luçi	<?php endif; ?>
823	1306c7dd	Seth Mos	<tr>
824			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
825			<td width="78%" class="vtable">
826			<select name="ipprotocol" class="formselect">
827	05a4cebd	smos	<?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6' );
828	1306c7dd	Seth Mos	foreach ($ipproto as $proto => $name): ?>
829			<option value="<?=$proto;?>"
830			<?php if ($proto == $pconfig['ipprotocol']): ?>
831			selected="selected"
832			<?php endif; ?>
833			><?=$name;?></option>
834			<?php endforeach; ?>
835			</select>
836			<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br />
837			</td>
838			</tr>
839	8ab3e9ed	Erik Kristensen	<tr>
840	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
841	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
842	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()">
843	8ab3e9ed	Erik Kristensen	<?php
844	c6c26178	jim-p	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP OSPF any carp pfsync");
845	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
846			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
847			<?php endforeach; ?>
848			</select>
849			<br />
850	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose which IP protocol this rule should match.");?> <br /> <?=gettext("Hint: in most cases, you should specify ");?><em>TCP</em>  <?=gettext("here.");?></span>
851	8ab3e9ed	Erik Kristensen	</td>
852			</tr>
853	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
854	11d2c529	Rafael Lucas	<td valign="top" class="vncell"><?=gettext("ICMP type");?></td>
855	8ab3e9ed	Erik Kristensen	<td class="vtable">
856	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="icmptype" class="formselect">
857	8ab3e9ed	Erik Kristensen	<?php
858			$icmptypes = array(
859	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
860	a01ce4c7	jim-p	"echoreq" => gettext("Echo request"),
861	abd67a31	Carlos Eduardo Ramos	"echorep" => gettext("Echo reply"),
862			"unreach" => gettext("Destination unreachable"),
863			"squench" => gettext("Source quench"),
864			"redir" => gettext("Redirect"),
865			"althost" => gettext("Alternate Host"),
866			"routeradv" => gettext("Router advertisement"),
867			"routersol" => gettext("Router solicitation"),
868			"timex" => gettext("Time exceeded"),
869			"paramprob" => gettext("Invalid IP header"),
870			"timereq" => gettext("Timestamp"),
871			"timerep" => gettext("Timestamp reply"),
872			"inforeq" => gettext("Information request"),
873			"inforep" => gettext("Information reply"),
874			"maskreq" => gettext("Address mask request"),
875			"maskrep" => gettext("Address mask reply")
876	8ab3e9ed	Erik Kristensen	);
877
878			foreach ($icmptypes as $icmptype => $descr): ?>
879			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
880			<?php endforeach; ?>
881			</select>
882			<br />
883	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span>
884	8ab3e9ed	Erik Kristensen	</td>
885			</tr>
886			<tr>
887	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source");?></td>
888	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
889	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
890	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
891	8ab3e9ed	Erik Kristensen	<br />
892	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
893	8ab3e9ed	Erik Kristensen	<br />
894			<br />
895			<table border="0" cellspacing="0" cellpadding="0">
896			<tr>
897	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
898	8ab3e9ed	Erik Kristensen	<td>
899	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srctype" class="formselect" onChange="typesel_change()">
900	87f0be87	Chris Buechler	<?php
901			$sel = is_specialnet($pconfig['src']); ?>
902	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
903			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
904			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
905	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
906	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
907	99ea4439	Scott Ullrich	<?php endif; ?>
908			<?php if(have_ruleint_access("pppoe")): ?>
909	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
910	99ea4439	Scott Ullrich	<?php endif; ?>
911	8a6bc505	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
912	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
913	8a6bc505	Ermal Lu?i	<?php endif; ?>
914	8ab3e9ed	Erik Kristensen	<?php
915	5335811d	Ermal Luçi	foreach ($ifdisp as $ifent => $ifdesc): ?>
916			<?php if(have_ruleint_access($ifent)): ?>
917	11d2c529	Rafael Lucas	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?><?=gettext(" subnet");?></option>
918	5335811d	Ermal Luçi	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
919	11d2c529	Rafael Lucas	<?=$ifdesc?> <?=gettext("address");?>
920	e30a5970	Scott Ullrich	</option>
921	99ea4439	Scott Ullrich	<?php endif; ?>
922	b7391125	Ermal Luçi	<?php endforeach; ?>
923	8ab3e9ed	Erik Kristensen	</select>
924			</td>
925			</tr>
926			<tr>
927	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
928	8ab3e9ed	Erik Kristensen	<td>
929	979b179d	Darren Embry	<input <?=$edit_disabled;?> autocomplete='off' name="src" type="text" class="formfldalias ipv4v6" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
930			<select <?=$edit_disabled;?> name="srcmask" class="formselect ipv4v6" id="srcmask">
931	15705bc0	Seth Mos	<?php for ($i = 127; $i > 0; $i--): ?>
932	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
933			<?php endfor; ?>
934			</select>
935	bdb7d6e7	Scott Ullrich	</td>
936	8ab3e9ed	Erik Kristensen	</tr>
937			</table>
938	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
939			<p>
940	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> type="button" onClick="show_source_port_range()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source port range");?></a>
941	22abf2ef	Scott Ullrich	</div>
942	8ab3e9ed	Erik Kristensen	</td>
943	e33c8694	Bill Marquette	</tr>
944	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
945	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range");?></td>
946	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
947			<table border="0" cellspacing="0" cellpadding="0">
948			<tr>
949	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
950	8ab3e9ed	Erik Kristensen	<td>
951	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
952	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
953	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
954	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
955			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
956			<?php endforeach; ?>
957	8c84fe43	Scott Ullrich	</select>
958	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
959	8ab3e9ed	Erik Kristensen	</td>
960			</tr>
961			<tr>
962	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
963	8ab3e9ed	Erik Kristensen	<td>
964	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcendport" class="formselect" onchange="ext_change()">
965	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
966	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
967	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
968			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
969			<?php endforeach; ?>
970	8c84fe43	Scott Ullrich	</select>
971	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
972	8ab3e9ed	Erik Kristensen	</td>
973			</tr>
974			</table>
975			<br />
976	87000ded	Erik Fonnesbeck	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule."); ?> <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be"); ?> "<?=gettext("any"); ?>").</b><br /><?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port.");?></span><br/>
977	8ab3e9ed	Erik Kristensen	</td>
978	8c84fe43	Scott Ullrich	</tr>
979	8ab3e9ed	Erik Kristensen	<tr>
980	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination");?></td>
981	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
982	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
983	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
984	8ab3e9ed	Erik Kristensen	<br />
985	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
986	8ab3e9ed	Erik Kristensen	<br />
987			<br />
988			<table border="0" cellspacing="0" cellpadding="0">
989			<tr>
990	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
991	8ab3e9ed	Erik Kristensen	<td>
992	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dsttype" class="formselect" onChange="typesel_change()">
993	87f0be87	Chris Buechler	<?php
994			$sel = is_specialnet($pconfig['dst']); ?>
995	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
996			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
997			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
998	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
999	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
1000	99ea4439	Scott Ullrich	<?php endif; ?>
1001			<?php if(have_ruleint_access("pppoe")): ?>
1002	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
1003	99ea4439	Scott Ullrich	<?php endif; ?>
1004	3331a640	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
1005	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
1006	3331a640	Ermal Lu?i	<?php endif; ?>
1007	b7391125	Ermal Luçi
1008			<?php foreach ($ifdisp as $if => $ifdesc): ?>
1009			<?php if(have_ruleint_access($if)): ?>
1010	11d2c529	Rafael Lucas	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet");?></option>
1011	b7391125	Ermal Luçi	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
1012	11d2c529	Rafael Lucas	<?=$ifdesc;?> <?=gettext("address");?>
1013	cbff71a1	Scott Ullrich	</option>
1014	99ea4439	Scott Ullrich	<?php endif; ?>
1015	b7391125	Ermal Luçi	<?php endforeach; ?>
1016	8ab3e9ed	Erik Kristensen	</select>
1017			</td>
1018			</tr>
1019			<tr>
1020	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
1021	8ab3e9ed	Erik Kristensen	<td>
1022	979b179d	Darren Embry	<input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
1023	8ab3e9ed	Erik Kristensen	/
1024	979b179d	Darren Embry	<select <?=$edit_disabled;?> name="dstmask" class="formselect ipv4v6" id="dstmask">
1025	8ab3e9ed	Erik Kristensen	<?php
1026	15705bc0	Seth Mos	for ($i = 127; $i > 0;
1027			$i--): ?>
1028	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
1029			<?php endfor; ?>
1030			</select>
1031			</td>
1032			</tr>
1033			</table>
1034			</td>
1035			</tr>
1036	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
1037	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range ");?></td>
1038	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1039			<table border="0" cellspacing="0" cellpadding="0">
1040			<tr>
1041	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
1042	8ab3e9ed	Erik Kristensen	<td>
1043	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
1044	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1045	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1046	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1047			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
1048	3deb92f7	Renato Botelho	<?php endforeach; ?>
1049	8ab3e9ed	Erik Kristensen	</select>
1050	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
1051	8ab3e9ed	Erik Kristensen	</td>
1052			</tr>
1053			<tr>
1054	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
1055	8ab3e9ed	Erik Kristensen	<td>
1056	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstendport" class="formselect" onchange="ext_change()">
1057	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1058	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1059	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1060			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
1061			<?php endforeach; ?>
1062	8c84fe43	Scott Ullrich	</select>
1063	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
1064	8ab3e9ed	Erik Kristensen	</td>
1065			</tr>
1066			</table>
1067			<br />
1068			<span class="vexpl">
1069	11d2c529	Rafael Lucas	<?=gettext("Specify the port or port range for the destination of the packet for this rule.");?>
1070	adb633a0	sullrich	<br />
1071	345b9715	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port");?>
1072	8ab3e9ed	Erik Kristensen	</span>
1073			</td>
1074			</tr>
1075			<tr>
1076	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Log");?></td>
1077	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1078			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
1079	11d2c529	Rafael Lucas	<strong><?=gettext("Log packets that are handled by this rule");?></strong>
1080	adb633a0	sullrich	<br />
1081	0fb885bc	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server"); ?> (<?=gettext("see the"); ?> <a href="diag_logs_settings.php"><?=gettext("Diagnostics: System logs: Settings"); ?></a> <?=gettext("page"); ?>).</span>
1082	8ab3e9ed	Erik Kristensen	</td>
1083			</tr>
1084	151eb2a9	sullrich	<tr>
1085	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
1086	151eb2a9	sullrich	<td width="78%" class="vtable">
1087			<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
1088			<br />
1089	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
1090	151eb2a9	sullrich	</td>
1091			</tr>
1092	8e0c3760	Ermal	<?php if (!isset($id) \|\| !($a_filter[$id] && firewall_check_for_advanced_options($a_filter[$id]) <> "")): ?>
1093	151eb2a9	sullrich	<tr>
1094			<td width="22%" valign="top"> </td>
1095			<td width="78%">
1096			<br>
1097	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1098	151eb2a9	sullrich	<?php if (isset($id) && $a_filter[$id]): ?>
1099	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1100	151eb2a9	sullrich	<?php endif; ?>
1101	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1102	151eb2a9	sullrich	</td>
1103			</tr>
1104	8e0c3760	Ermal	<?php endif; ?>
1105	151eb2a9	sullrich	<tr>
1106			<td> </td>
1107			</tr>
1108			<tr>
1109	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced features");?></td>
1110	151eb2a9	sullrich	</tr>
1111	f1602cc4	sullrich	<tr>
1112	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Source OS");?></td>
1113	e265d9f5	sullrich	<td width="78%" class="vtable">
1114	ee9933b6	Renato Botelho	<div id="showadvsourceosbox" <?php if ($pconfig['os']) echo "style='display:none'"; ?>>
1115	157a6919	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_sourceos()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1116	adb633a0	sullrich	</div>
1117	ee9933b6	Renato Botelho	<div id="showsourceosadv" <?php if (empty($pconfig['os'])) echo "style='display:none'"; ?>>
1118	21600ab1	Vinicius Coque	<?=gettext("OS Type:");?>
1119	adb633a0	sullrich	<select name="os" id="os" class="formselect">
1120	f1602cc4	sullrich	<?php
1121	adb633a0	sullrich	$ostypes = array(
1122	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
1123	adb633a0	sullrich	"AIX" => "AIX",
1124			"Linux" => "Linux",
1125			"FreeBSD" => "FreeBSD",
1126			"NetBSD" => "NetBSD",
1127			"OpenBSD" => "OpenBSD",
1128			"Solaris" => "Solaris",
1129			"MacOS" => "MacOS",
1130			"Windows" => "Windows",
1131			"Novell" => "Novell",
1132			"NMAP" => "NMAP"
1133			);
1134			foreach ($ostypes as $ostype => $descr): ?>
1135			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
1136			<?php
1137			endforeach;
1138			?>
1139			</select>
1140			<br />
1141	11d2c529	Rafael Lucas	<?=gettext("Note: this only works for TCP rules");?>
1142	adb633a0	sullrich	</div>
1143	f1602cc4	sullrich	</td>
1144			</tr>
1145	30c4ae8a	sullrich	<tr>
1146	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Diffserv Code Point");?></td>
1147	30c4ae8a	sullrich	<td width="78%" class="vtable">
1148	ee9933b6	Renato Botelho	<div id="dsadv" name="dsadv" <?php if ($pconfig['dscp']) echo "style='display:none'"; ?>>
1149	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_dsdiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1150	30c4ae8a	sullrich	</div>
1151	ee9933b6	Renato Botelho	<div id="dsdivmain" name="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>>
1152	30c4ae8a	sullrich	<select name="dscp" id="dscp">
1153			<option value=""></option>
1154			<?php foreach($firewall_rules_dscp_types as $frdt): ?>
1155			<option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " SELECTED"; ?>><?=$frdt?></option>
1156			<?php endforeach; ?>
1157			</select>
1158			</div>
1159			</td>
1160			</tr>
1161	661aed33	Ermal Luçi	<tr>
1162	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced Options");?></td>
1163	e6db3f58	Ermal Luçi	<td width="78%" class="vtable">
1164			<div id="aoadv" name="aoadv">
1165	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_aodiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1166	e6db3f58	Ermal Luçi	</div>
1167			<div id="aodivmain" name="aodivmain" style="display:none">
1168	f1602cc4	sullrich	<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
1169	a29dc11b	Chris Buechler	<br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
1170	f1602cc4	sullrich	</span><p>
1171	19757916	Ermal Lu?i	<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>>
1172			<br/><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?>
1173			</span><p>
1174	f1602cc4	sullrich	<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>">
1175	345b9715	Carlos Eduardo Ramos	<br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called"); ?> <b><?=gettext("Policy filtering"); ?></b>
1176	775ccea3	Ermal Luci	</span><p>
1177	f1602cc4	sullrich	<input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>">
1178			<br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?>
1179			</span> <p>
1180	dd5bf424	Scott Ullrich	<input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p>
1181			<input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p>
1182			<input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p>
1183			<input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>"><br><?=gettext(" Maximum state entries per host");?></p><p>
1184			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>"> /
1185	8ab3e9ed	Erik Kristensen	<select name="max-src-conn-rates" id="max-src-conn-rates">
1186			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
1187			<?php for($x=1; $x<255; $x++) {
1188			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
1189			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
1190			} ?>
1191	47042140	Scott Ullrich	</select><br />
1192	11d2c529	Rafael Lucas	<?=gettext("Maximum new connections / per second(s)");?>
1193	e4d79ab0	Ermal	</p><p>
1194	47042140	Scott Ullrich
1195	dd5bf424	Scott Ullrich	<input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>"><br>
1196	11d2c529	Rafael Lucas	<?=gettext("State Timeout in seconds");?>
1197	e4d79ab0	Ermal	</p>
1198	47042140	Scott Ullrich
1199	e4b9d53b	Warren Baker	<p><strong><?=gettext("Note: Leave fields blank to disable that feature.");?></strong></p>
1200	197b2a47	Scott Ullrich	</div>
1201	8ab3e9ed	Erik Kristensen	</td>
1202			</tr>
1203	b8ed2a11	Ermal	<tr id="tcpflags" name="tcpflags">
1204	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
1205	b8ed2a11	Ermal	<td width="78%" class="vtable">
1206	ee9933b6	Renato Botelho	<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] \|\| $pconfig['tcpflags1'] \|\| $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
1207	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1208	b8ed2a11	Ermal	</div>
1209	ee9933b6	Renato Botelho	<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
1210	b8ed2a11	Ermal	<div id="tcpheader" name="tcpheader">
1211			<center>
1212			<table border="0" cellspacing="0" cellpadding="0">
1213			<?php
1214			$setflags = explode(",", $pconfig['tcpflags1']);
1215			$outofflags = explode(",", $pconfig['tcpflags2']);
1216			$header = "<td width='40' nowrap></td>";
1217			$tcpflags1 = "<td width='40' nowrap>set</td>";
1218			$tcpflags2 = "<td width='40' nowrap>out of</td>";
1219			foreach ($tcpflags as $tcpflag) {
1220			$header .= "<td width='40' nowrap><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
1221			$tcpflags1 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
1222			if (array_search($tcpflag, $setflags) !== false)
1223			$tcpflags1 .= "checked";
1224			$tcpflags1 .= "></td>\n";
1225			$tcpflags2 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
1226			if (array_search($tcpflag, $outofflags) !== false)
1227			$tcpflags2 .= "checked";
1228			$tcpflags2 .= "></td>\n";
1229			}
1230			echo "<tr id='tcpheader' name='tcpheader'>{$header}</tr>\n";
1231			echo "<tr id='tcpflags1' name='tcpflags1'>{$tcpflags1}</tr>\n";
1232			echo "<tr id='tcpflags2' name='tcpflags2'>{$tcpflags2}</tr>\n";
1233			?>
1234			</table>
1235			<center>
1236			</div>
1237			<br/><center>
1238	11d2c529	Rafael Lucas	<input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center>
1239	b8ed2a11	Ermal	<br/>
1240	95938fae	jim-p	<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
1241	11d2c529	Rafael Lucas	"be set or cleared for this rule to match.");?></span>
1242	b8ed2a11	Ermal	</div>
1243			</td>
1244			</tr>
1245	8ab3e9ed	Erik Kristensen	<tr>
1246	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td>
1247	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1248	ee9933b6	Renato Botelho	<div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>>
1249	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_state()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1250	f6970b2f	Scott Ullrich	</div>
1251	ee9933b6	Renato Botelho	<div id="showstateadv" <?php if (empty($pconfig['statetype']) \|\| $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>>
1252	f6970b2f	Scott Ullrich	<select name="statetype">
1253	11d2c529	Rafael Lucas	<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>><?=gettext("keep state");?></option>
1254			<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected"; ?>><?=gettext("sloppy state");?></option>
1255			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>><?=gettext("synproxy state");?></option>
1256			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>><?=gettext("none");?></option>
1257	e4b9d53b	Warren Baker	</select><br><?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
1258	f6970b2f	Scott Ullrich	<p>
1259			<table width="90%">
1260	67300ce5	Ermal	<tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1261			<tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1262			<tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr>
1263			<tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr>
1264	f6970b2f	Scott Ullrich	</table>
1265			</p>
1266			</div>
1267	8ab3e9ed	Erik Kristensen	</td>
1268			</tr>
1269	10f21e70	Scott Ullrich	<tr>
1270	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
1271	10f21e70	Scott Ullrich	<td width="78%" class="vtable">
1272	ee9933b6	Renato Botelho	<div id="showadvnoxmlrpcsyncbox" <?php if ($pconfig['nosync']) echo "style='display:none'"; ?>>
1273	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1274	0239d8ee	sullrich	</div>
1275	ee9933b6	Renato Botelho	<div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>>
1276	0239d8ee	sullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
1277	e4b9d53b	Warren Baker	<?=gettext("Hint: This prevents the rule from automatically syncing to other CARP members.");?>
1278	0239d8ee	sullrich	</div>
1279	10f21e70	Scott Ullrich	</td>
1280	8c84fe43	Scott Ullrich	</tr>
1281	1346306c	Ermal	<tr>
1282			<td width="22%" valign="top" class="vncell"><?=gettext("802.1p");?></td>
1283			<td width="78%" class="vtable">
1284			<div id="showadvvlanpriobox" <?php if (!empty($pconfig['vlanprio'])) echo "style='display:none'"; ?>>
1285			<input type="button" onClick="show_advanced_vlanprio()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1286			</div>
1287			<div id="showvlanprioadv" <?php if (empty($pconfig['vlanprio'])) echo "style='display:none'"; ?>>
1288			<?php $vlanprio = array("none", "be", "bk", "ee", "ca", "vi", "vo", "ic", "nc"); ?>
1289			<?php
1290			$opts = "";
1291			foreach($vlanprio as $vprio) {
1292			if ($vprio == $pconfig['vlanprio'])
1293			$selected = " SELECTED";
1294			else
1295			$selected = "";
1296			if ($vprio == "none")
1297			$opts .= "<option value=\"\" {$vprio}>{$vprio}</option>\n";
1298			else
1299			$opts .= "<option value=\"{$vprio}\" {$selected}>" . strtoupper($vprio) . "</option>\n";
1300			}
1301			?>
1302			<select name='vlanprio'>
1303			<?php echo $opts; ?>
1304			</select>
1305			<p><?=gettext("Choose 802.1p priority to match on");?></p>
1306			<select name='vlanprioset'>
1307			<?php echo $opts; ?>
1308			</select>
1309			<p><?=gettext("Choose 802.1p priority to apply");?></p>
1310			</div>
1311			</td>
1312			</tr>
1313	615b27bc	Scott Dale	<?php
1314			//build list of schedules
1315			$schedules = array();
1316			$schedules[] = "none";//leave none to leave rule enabled all the time
1317	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
1318			foreach ($config['schedules']['schedule'] as $schedule) {
1319			if ($schedule['name'] <> "")
1320			$schedules[] = $schedule['name'];
1321			}
1322			}
1323	615b27bc	Scott Dale	?>
1324			<tr>
1325	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Schedule");?></td>
1326	615b27bc	Scott Dale	<td width="78%" class="vtable">
1327	ee9933b6	Renato Botelho	<div id="showadvschedulebox" <?php if (!empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1328	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_schedule()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1329	0239d8ee	sullrich	</div>
1330	ee9933b6	Renato Botelho	<div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1331	0239d8ee	sullrich	<select name='sched'>
1332	615b27bc	Scott Dale	<?php
1333	0239d8ee	sullrich	foreach($schedules as $schedule) {
1334			if($schedule == $pconfig['sched']) {
1335			$selected = " SELECTED";
1336			} else {
1337			$selected = "";
1338			}
1339			if ($schedule == "none") {
1340			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
1341			} else {
1342			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
1343			}
1344	615b27bc	Scott Dale	}
1345	0239d8ee	sullrich	?>
1346			</select>
1347	11d2c529	Rafael Lucas	<p><?=gettext("Leave as 'none' to leave the rule enabled all the time.");?></p>
1348	0239d8ee	sullrich	</div>
1349	615b27bc	Scott Dale	</td>
1350			</tr>
1351	82628210	Scott Ullrich	<tr>
1352	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td>
1353	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1354	ee9933b6	Renato Botelho	<div id="showadvgatewaybox" <?php if (!empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1355	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_gateway()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1356	0239d8ee	sullrich	</div>
1357	ee9933b6	Renato Botelho	<div id="showgatewayadv" <?php if (empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1358	0239d8ee	sullrich	<select name='gateway'>
1359	11d2c529	Rafael Lucas	<option value="" ><?=gettext("default");?></option>
1360	8ab3e9ed	Erik Kristensen	<?php
1361	1b38ac36	Ermal	/* build a list of gateways */
1362			$gateways = return_gateways_array();
1363	106804a2	Chris Buechler	// add statically configured gateways to list
1364	1b38ac36	Ermal	foreach($gateways as $gwname => $gw) {
1365	05a4cebd	smos	if(($pconfig['ipprotocol'] == "inet46"))
1366			continue;
1367	270a2576	Seth Mos	if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6($gw['gateway']))
1368			continue;
1369			if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4($gw['gateway']))
1370			continue;
1371	0239d8ee	sullrich	if($gw == "")
1372	0581660c	Scott Ullrich	continue;
1373	1b38ac36	Ermal	if($gwname == $pconfig['gateway']) {
1374	4443d4d6	Scott Ullrich	$selected = " SELECTED";
1375	1fda0968	Scott Ullrich	} else {
1376			$selected = "";
1377			}
1378	1b38ac36	Ermal	echo "<option value=\"{$gwname}\" {$selected}>{$gw['name']} - {$gw['gateway']}</option>\n";
1379	106804a2	Chris Buechler	}
1380	0239d8ee	sullrich	/* add gateway groups to the list */
1381			if (is_array($config['gateways']['gateway_group'])) {
1382			foreach($config['gateways']['gateway_group'] as $gw_group) {
1383	a1c10b7f	Seth Mos	$af = explode("\|", $gw_group['item'][0]);
1384	05a4cebd	smos	if(($pconfig['ipprotocol'] == "inet46"))
1385			continue;
1386	a1c10b7f	Seth Mos	if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6(lookup_gateway_ip_by_name($af[0])))
1387	270a2576	Seth Mos	continue;
1388	a1c10b7f	Seth Mos	if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4(lookup_gateway_ip_by_name($af[0])))
1389	270a2576	Seth Mos	continue;
1390	0239d8ee	sullrich	if($gw_group['name'] == "")
1391			continue;
1392			if($pconfig['gateway'] == $gw_group['name']) {
1393	270a2576	Seth Mos	$selected = " SELECTED";
1394	0239d8ee	sullrich	} else {
1395	270a2576	Seth Mos	$selected = "";
1396	0239d8ee	sullrich	}
1397	270a2576	Seth Mos	echo "<option value=\"{$gw_group['name']}\" $selected>{$gw_group['name']}</option>\n";
1398	0239d8ee	sullrich	}
1399			}
1400	8ab3e9ed	Erik Kristensen	?>
1401	0239d8ee	sullrich	</select>
1402	e85604b8	Chris Buechler	<p><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></p>
1403	0239d8ee	sullrich	</div>
1404	8ab3e9ed	Erik Kristensen	</td>
1405			</tr>
1406	a5fd67e1	Ermal Luçi	<tr>
1407	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("In/Out");?></td>
1408	a5fd67e1	Ermal Luçi	<td width="78%" class="vtable">
1409	ee9933b6	Renato Botelho	<div id="showadvinoutbox" <?php if (!empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1410	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_inout()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1411	4c263f57	sullrich	</div>
1412	ee9933b6	Renato Botelho	<div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1413	4c263f57	sullrich	<select name="dnpipe">
1414	a5fd67e1	Ermal Luçi	<?php
1415			if (!is_array($dnqlist))
1416			$dnqlist = array();
1417			echo "<option value=\"none\"";
1418			if (!$dnqselected) echo " SELECTED";
1419			echo " >none</option>";
1420			foreach ($dnqlist as $dnq => $dnqkey) {
1421			if($dnq == "")
1422			continue;
1423	85a236e9	Ermal	echo "<option value=\"$dnq\"";
1424			if ($dnq == $pconfig['dnpipe']) {
1425	a5fd67e1	Ermal Luçi	$dnqselected = 1;
1426			echo " SELECTED";
1427			}
1428			echo ">{$dnq}</option>";
1429			}
1430			?>
1431			</select> /
1432			<select name="pdnpipe">
1433			<?php
1434			$dnqselected = 0;
1435			echo "<option value=\"none\"";
1436			if (!$dnqselected) echo " SELECTED";
1437			echo " >none</option>";
1438			foreach ($dnqlist as $dnq => $dnqkey) {
1439			if($dnq == "")
1440			continue;
1441	85a236e9	Ermal	echo "<option value=\"$dnq\"";
1442			if ($dnq == $pconfig['pdnpipe']) {
1443	a5fd67e1	Ermal Luçi	$dnqselected = 1;
1444			echo " SELECTED";
1445			}
1446			echo ">{$dnq}</option>";
1447			}
1448			?>
1449	4c263f57	sullrich	</select>
1450	a5fd67e1	Ermal Luçi	<br />
1451	bb8f186e	Chris Buechler	<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br/>".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br/>".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span>
1452	4c263f57	sullrich	</div>
1453	a5fd67e1	Ermal Luçi	</td>
1454			</tr>
1455
1456	197bfe96	Ermal Luçi	<tr>
1457	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td>
1458	197bfe96	Ermal Luçi	<td width="78%" class="vtable">
1459	ee9933b6	Renato Botelho	<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1460	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1461	0239d8ee	sullrich	</div>
1462	ee9933b6	Renato Botelho	<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1463	0239d8ee	sullrich	<select name="ackqueue">
1464	197bfe96	Ermal Luçi	<?php
1465	0239d8ee	sullrich	if (!is_array($qlist))
1466			$qlist = array();
1467			echo "<option value=\"none\"";
1468			if (!$qselected) echo " SELECTED";
1469			echo " >none</option>";
1470			foreach ($qlist as $q => $qkey) {
1471			if($q == "")
1472			continue;
1473			echo "<option value=\"$q\"";
1474			if ($q == $pconfig['ackqueue']) {
1475			$qselected = 1;
1476			echo " SELECTED";
1477			}
1478	199791f9	Ermal	if (isset($ifdisp[$q]))
1479			echo ">{$ifdisp[$q]}</option>";
1480			else
1481			echo ">{$q}</option>";
1482	197bfe96	Ermal Luçi	}
1483			?>
1484	0239d8ee	sullrich	</select> /
1485			<select name="defaultqueue">
1486	197bfe96	Ermal Luçi	<?php
1487	0239d8ee	sullrich	$qselected = 0;
1488			echo "<option value=\"none\"";
1489			if (!$qselected) echo " SELECTED";
1490			echo " >none</option>";
1491			foreach ($qlist as $q => $qkey) {
1492			if($q == "")
1493			continue;
1494			echo "<option value=\"$q\"";
1495			if ($q == $pconfig['defaultqueue']) {
1496			$qselected = 1;
1497			echo " SELECTED";
1498			}
1499	199791f9	Ermal	if (isset($ifdisp[$q]))
1500			echo ">{$ifdisp[$q]}</option>";
1501			else
1502			echo ">{$q}</option>";
1503	197bfe96	Ermal Luçi	}
1504			?>
1505	0239d8ee	sullrich	</select>
1506			<br />
1507	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span>
1508	0239d8ee	sullrich	</td>
1509			</tr>
1510			<tr>
1511	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
1512	0239d8ee	sullrich	<td width="78%" class="vtable">
1513	ee9933b6	Renato Botelho	<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1514	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1515	4c263f57	sullrich	</div>
1516	ee9933b6	Renato Botelho	<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1517	0239d8ee	sullrich	<select name="l7container">
1518	7e50413c	Ermal Luçi	<?php
1519	0239d8ee	sullrich	if (!is_array($l7clist))
1520	06e2a55d	thompsa	$l7clist = array();
1521	0239d8ee	sullrich	echo "<option value=\"none\"";
1522			echo " >none</option>";
1523			foreach ($l7clist as $l7ckey) {
1524			echo "<option value=\"{$l7ckey}\"";
1525			if ($l7ckey == $pconfig['l7container']) {
1526			echo " SELECTED";
1527			}
1528			echo ">{$l7ckey}</option>";
1529			}
1530	7e50413c	Ermal Luçi	?>
1531	0239d8ee	sullrich	</select>
1532	7e50413c	Ermal Luçi	<br/>
1533	0239d8ee	sullrich	<span class="vexpl">
1534	4fe84f51	Carlos Eduardo Ramos	<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
1535			"These are valid for TCP and UDP protocols only.");?>
1536	0239d8ee	sullrich	</span>
1537			</div>
1538	7e50413c	Ermal Luçi	</td>
1539			</tr>
1540	d65962a7	Scott Ullrich	<?php
1541			// Allow extending of the firewall edit page and include custom input validation
1542			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate");
1543			?>
1544	8ab3e9ed	Erik Kristensen	<tr>
1545			<td width="22%" valign="top"> </td>
1546			<td width="78%">
1547	151eb2a9	sullrich	<br>
1548	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1549	8ab3e9ed	Erik Kristensen	<?php if (isset($id) && $a_filter[$id]): ?>
1550	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1551	8ab3e9ed	Erik Kristensen	<?php endif; ?>
1552	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1553	8ab3e9ed	Erik Kristensen	</td>
1554	82628210	Scott Ullrich	</tr>
1555	8ab3e9ed	Erik Kristensen	</table>
1556	5b237745	Scott Ullrich	</form>
1557			<script language="JavaScript">
1558	4dfd930e	Darren Embry	//<![CDATA[
1559	8ab3e9ed	Erik Kristensen	ext_change();
1560			typesel_change();
1561			proto_change();
1562	3e74107e	Erik Fonnesbeck	<?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") \|\| (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?>
1563			show_source_port_range();
1564			<?php endif; ?>
1565	19757279	Scott Ullrich
1566	4dfd930e	Darren Embry	var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
1567			var customarray = <?= json_encode(get_alias_list("port")) ?>;
1568	19757279	Scott Ullrich
1569	9eb60dcc	Ermal Lu?i	var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
1570			var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
1571			var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
1572			var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
1573			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
1574			var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
1575	4dfd930e	Darren Embry	//]]>
1576	5b237745	Scott Ullrich	</script>
1577			<?php include("fend.inc"); ?>
1578			</body>
1579	9b45f821	Ermal Lu?i	</html>

Project

General

Profile

pfSense