Project

General

Profile

Download (35 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/* $Id$ */
3
/*
4
	firewall_rules.php
5
	part of pfSense (http://www.pfsense.com)
6
        Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7

    
8
	originally part of m0n0wall (http://m0n0.ch/wall)
9
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10
	All rights reserved.
11

    
12
	Redistribution and use in source and binary forms, with or without
13
	modification, are permitted provided that the following conditions are met:
14

    
15
	1. Redistributions of source code must retain the above copyright notice,
16
	   this list of conditions and the following disclaimer.
17

    
18
	2. Redistributions in binary form must reproduce the above copyright
19
	   notice, this list of conditions and the following disclaimer in the
20
	   documentation and/or other materials provided with the distribution.
21

    
22
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31
	POSSIBILITY OF SUCH DAMAGE.
32
*/
33
/*
34
	pfSense_MODULE:	filter
35
*/
36

    
37
##|+PRIV
38
##|*IDENT=page-firewall-rules
39
##|*NAME=Firewall: Rules page
40
##|*DESCR=Allow access to the 'Firewall: Rules' page.
41
##|*MATCH=firewall_rules.php*
42
##|-PRIV
43

    
44
$statusurl = "status_filter_reload.php";
45
$logurl = "diag_logs_filter.php";
46

    
47
require("guiconfig.inc");
48
require_once("functions.inc");
49
require_once("filter.inc");
50
require_once("shaper.inc");
51

    
52
$pgtitle = array(gettext("Firewall"),gettext("Rules"));
53

    
54
function delete_nat_association($id) {
55
	global $config;
56

    
57
	if (!$id || !is_array($config['nat']['rule']))
58
		return;
59

    
60
	$a_nat = &$config['nat']['rule'];
61

    
62
	foreach ($a_nat as &$natent)
63
		if ($natent['associated-rule-id'] == $id)
64
			$natent['associated-rule-id'] = '';
65
}
66

    
67
if (!is_array($config['filter']['rule'])) {
68
	$config['filter']['rule'] = array();
69
}
70
filter_rules_sort();
71
$a_filter = &$config['filter']['rule'];
72

    
73
$if = $_GET['if'];
74
if ($_POST['if'])
75
	$if = $_POST['if'];
76

    
77
$ifdescs = get_configured_interface_with_descr();
78

    
79
// Drag and drop reordering
80
if($_REQUEST['dragdroporder']) {
81
	// First create a new ruleset array and tmp arrays
82
	$a_filter_unorder = array();
83
	$a_filter_order = array();
84
	$a_filter_order_tmp = array();
85
	// Pointer to id of item being reordered
86
	$found = 0;
87
	$drag_order = $_REQUEST['dragtable'];
88
	// Next traverse through rules building a new order for interface
89
	for ($i = 0; isset($a_filter[$i]); $i++) {
90
		if($a_filter[$i]['interface'] <> $_REQUEST['if']) 
91
			$a_filter_unorder[] = $a_filter[$i];
92
		else 
93
			$a_filter_order_tmp[] = $a_filter[$i];
94
	}
95
	// Reorder rules with the posted order
96
	for ($i = 0; $i<count($drag_order); $i++) 
97
		$a_filter_order[] = $a_filter_order_tmp[$drag_order[$i]];
98
	unset($config['filter']['rule']);
99
	// Overwrite filter rules with newly created items
100
	$config['filter']['rule'] = $a_filter_order;
101
	foreach($a_filter_unorder as $aa) 
102
		$config['filter']['rule'][] = $aa;
103
	// Write configuration
104
	$config = write_config("Drag and drop firewall rules ordering update.");
105
	// Redirect back to page
106
	mark_subsystem_dirty('filter');
107
	$undo = array();
108
	foreach($_REQUEST['dragtable'] as $dt) 
109
		$undo[] = "";
110
	$counter = 0;
111
	foreach($_REQUEST['dragtable'] as $dt) {
112
		$undo[$dt] = $counter;
113
		$counter++;
114
	}
115
	foreach($undo as $dt) 
116
		$undotxt .= "&dragtable[]={$dt}";
117
	Header("Location: firewall_rules.php?if=" . $_REQUEST['if'] . "&undodrag=true" . $undotxt);
118
	exit;
119
}
120

    
121
/* add group interfaces */
122
if (is_array($config['ifgroups']['ifgroupentry']))
123
	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
124
		if (have_ruleint_access($ifgen['ifname']))
125
			$iflist[$ifgen['ifname']] = $ifgen['ifname'];
126

    
127
foreach ($ifdescs as $ifent => $ifdesc)
128
	if(have_ruleint_access($ifent)) 
129
		$iflist[$ifent] = $ifdesc;
130

    
131
if ($config['l2tp']['mode'] == "server")
132
        if(have_ruleint_access("l2tp"))
133
                $iflist['l2tp'] = "L2TP VPN";
134

    
135
if ($config['pptpd']['mode'] == "server")
136
	if(have_ruleint_access("pptp")) 
137
		$iflist['pptp'] = "PPTP VPN";
138

    
139
if ($config['pppoe']['mode'] == "server")
140
	if(have_ruleint_access("pppoe")) 
141
		$iflist['pppoe'] = "PPPoE VPN";
142

    
143
/* add ipsec interfaces */
144
if (isset($config['ipsec']['enable']) || isset($config['ipsec']['mobileclients']['enable']))
145
	if(have_ruleint_access("enc0")) 
146
		$iflist["enc0"] = "IPsec";
147

    
148
/* add openvpn/tun interfaces */
149
if  ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
150
   	$iflist["openvpn"] = "OpenVPN";
151

    
152
if (!$if || !isset($iflist[$if])) {
153
	if ("any" == $if)
154
                $if = "FloatingRules";
155
        else if ("FloatingRules" != $if)
156
                $if = "wan";
157
}
158

    
159
if ($_POST) {
160

    
161
	$pconfig = $_POST;
162

    
163
	if ($_POST['apply']) {
164
		$retval = 0;
165
		$retval = filter_configure();
166

    
167
		clear_subsystem_dirty('filter');
168

    
169
		$savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background. You can also %s monitor %s the reload progress"),"<a href='status_filter_reload.php'>","</a>");
170
	}
171
}
172

    
173
if ($_GET['act'] == "del") {
174
	if ($a_filter[$_GET['id']]) {
175
		if (!empty($a_filter[$_GET['id']]['associated-rule-id'])) {
176
			delete_nat_association($a_filter[$_GET['id']]['associated-rule-id']);
177
		}
178
		unset($a_filter[$_GET['id']]);
179
		write_config();
180
		mark_subsystem_dirty('filter');
181
		header("Location: firewall_rules.php?if={$if}");
182
		exit;
183
	}
184
}
185

    
186
// Handle save msg if defined
187
if($_REQUEST['savemsg']) 
188
	$savemsg = htmlentities($_REQUEST['savemsg']);
189

    
190
if (isset($_POST['del_x'])) {
191
	/* delete selected rules */
192
	if (is_array($_POST['rule']) && count($_POST['rule'])) {
193
		foreach ($_POST['rule'] as $rulei) {
194
			delete_nat_association($a_filter[$rulei]['associated-rule-id']);
195
			unset($a_filter[$rulei]);
196
		}
197
		write_config();
198
		mark_subsystem_dirty('filter');
199
		header("Location: firewall_rules.php?if={$if}");
200
		exit;
201
	}
202
} else if ($_GET['act'] == "toggle") {
203
	if ($a_filter[$_GET['id']]) {
204
                if(isset($a_filter[$_GET['id']]['disabled']))
205
                        unset($a_filter[$_GET['id']]['disabled']);
206
                else
207
                        $a_filter[$_GET['id']]['disabled'] = true;
208
		write_config();
209
		mark_subsystem_dirty('filter');
210
		header("Location: firewall_rules.php?if={$if}");
211
		exit;
212
	}
213
} else {
214
	/* yuck - IE won't send value attributes for image buttons, while Mozilla does -
215
	   so we use .x/.y to fine move button clicks instead... */
216
	unset($movebtn);
217
	foreach ($_POST as $pn => $pd) {
218
		if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
219
			$movebtn = $matches[1];
220
			break;
221
		}
222
	}
223
	/* move selected rules before this rule */
224
	if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
225
		$a_filter_new = array();
226

    
227
		/* copy all rules < $movebtn and not selected */
228
		for ($i = 0; $i < $movebtn; $i++) {
229
			if (!in_array($i, $_POST['rule']))
230
				$a_filter_new[] = $a_filter[$i];
231
		}
232

    
233
		/* copy all selected rules */
234
		for ($i = 0; $i < count($a_filter); $i++) {
235
			if ($i == $movebtn)
236
				continue;
237
			if (in_array($i, $_POST['rule']))
238
				$a_filter_new[] = $a_filter[$i];
239
		}
240

    
241
		/* copy $movebtn rule */
242
		if ($movebtn < count($a_filter))
243
			$a_filter_new[] = $a_filter[$movebtn];
244

    
245
		/* copy all rules > $movebtn and not selected */
246
		for ($i = $movebtn+1; $i < count($a_filter); $i++) {
247
			if (!in_array($i, $_POST['rule']))
248
				$a_filter_new[] = $a_filter[$i];
249
		}
250

    
251
		$a_filter = $a_filter_new;
252
		write_config();
253
		mark_subsystem_dirty('filter');
254
		header("Location: firewall_rules.php?if={$if}");
255
		exit;
256
	}
257
}
258
$closehead = false;
259

    
260
include("head.inc");
261

    
262
echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domLib.js\"></script>";
263
echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domTT.js\"></script>";
264
echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/behaviour.js\"></script>";
265
echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/fadomatic.js\"></script>";
266
?>
267
</head>
268

    
269
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
270
<?php include("fbegin.inc"); ?>
271
<form action="firewall_rules.php" method="post">
272

    
273
<script type="text/javascript" language="javascript" src="/javascript/row_toggle.js">
274
</script>
275
<?php if ($savemsg) print_info_box($savemsg); ?>
276
<?php if (is_subsystem_dirty('filter')): ?><p>
277
<?php
278
if($_REQUEST['undodrag']) {
279
	foreach($_REQUEST['dragtable'] as $dt) 
280
		$dragtable .= "&dragtable[]={$dt}";
281
	print_info_box_np_undo(gettext("The firewall rule configuration has been changed.<br>You must apply the changes in order for them to take effect."), "apply" , gettext("Apply changes") , "firewall_rules.php?if={$_REQUEST['if']}&dragdroporder=true&{$dragtable}");
282
} else {
283
	print_info_box_np(gettext("The firewall rule configuration has been changed.<br>You must apply the changes in order for them to take effect."));
284
}
285
?>
286
<br>
287
<?php endif; ?>
288
<div id="loading" style="visibity:hidden">
289
	<img src="/themes/<?=$g['theme']?>/images/misc/loader.gif"> Loading, please wait...
290
	<p/>&nbsp;
291
</div>
292
<table width="100%" border="0" cellpadding="0" cellspacing="0">
293
  <tr><td class="tabnavtbl">
294
  <?php
295
	/* active tabs */
296
	$tab_array = array();
297
       if ("FloatingRules" == $if)
298
                        $active = true;
299
                else
300
                        $active = false;
301
        $tab_array[] = array(gettext("Floating"), $active, "firewall_rules.php?if=FloatingRules");
302
	$tabscounter = 0; $i = 0; foreach ($iflist as $ifent => $ifname) {
303
		if ($ifent == $if)
304
			$active = true;
305
		else
306
			$active = false;
307
		$tab_array[] = array($ifname, $active, "firewall_rules.php?if={$ifent}");
308
	}
309
	display_top_tabs($tab_array);
310
  ?>
311
  </td></tr>
312
  <tr>
313
    <td>
314
	<div id="mainarea">
315
              <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
316
                <tr id="frheader">
317
                  <td width="3%" class="list">&nbsp;</td>
318
                  <td width="5%" class="list">&nbsp;</td>
319
                  <td width="3%" class="listhdrr"><?=gettext("ID");?></td>
320
                  <td width="6%" class="listhdrr"><?=gettext("Proto");?></td>
321
                  <td width="12%" class="listhdrr"><?=gettext("Source");?></td>
322
                  <td width="6%" class="listhdrr"><?=gettext("Port");?></td>
323
                  <td width="12%" class="listhdrr"><?=gettext("Destination");?></td>
324
                  <td width="6%" class="listhdrr"><?=gettext("Port");?></td>
325
		  <td width="5%" class="listhdrr"><?=gettext("Gateway");?></td>
326
		  <td width="8%" class="listhdrr"><?=gettext("Queue");?></td>
327
		  <td width="5%" class="listhdrr"><?=gettext("Schedule");?></td>
328
                  <td width="19%" class="listhdr"><?=gettext("Description");?></td>
329
                  <td width="10%" class="list">
330
			<table border="0" cellspacing="0" cellpadding="1">
331
			   <tr>
332
				<?php
333
					$nrules = 0;
334
					for ($i = 0; isset($a_filter[$i]); $i++) {
335
						$filterent = $a_filter[$i];
336
						if ($filterent['interface'] != $if && !isset($filterent['floating']))
337
							continue;
338
						if (isset($filterent['floating']) && "FloatingRules" != $if)
339
							continue;
340
						$nrules++;
341
					}
342
				?>
343
				<td>
344
				<?php if ($nrules == 0): ?>
345
				<img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?gettext("delete selected rules"); ?>" border="0"><?php else: ?>
346
				<input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" onclick="return confirm('<?=gettext('Do you really want to delete the selected rules?');?>')"><?php endif; ?>
347
				</td>
348
				<td align="center" valign="middle"><a href="firewall_rules_edit.php?if=<?=$if;?>&after=-1"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" width="17" height="17" border="0"></a></td>
349
			   </tr>
350
			</table>
351
		  </td>
352
		</tr>
353
<?php if (isset($config['interfaces'][$if]['blockpriv'])): ?>
354
                <tr valign="top" id="frrfc1918">
355
                  <td class="list">&nbsp;</td>
356
                  <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0"></td>
357
                  <td class="listlr" style="background-color: #E0E0E0"></td>
358
                  <td class="listr" style="background-color: #E0E0E0">*</td>
359
                  <td class="listr" style="background-color: #E0E0E0"><?=gettext("RFC 1918 networks");?></td>
360
                  <td class="listr" style="background-color: #E0E0E0">*</td>
361
                  <td class="listr" style="background-color: #E0E0E0">*</td>
362
                  <td class="listr" style="background-color: #E0E0E0">*</td>
363
                  <td class="listr" style="background-color: #E0E0E0">*</td>
364
		<td class="listr" style="background-color: #E0E0E0">*</td>
365
	 		 <td class="listr" style="background-color: #E0E0E0"></td>
366
                  <td class="listbg"><?=gettext("Block private networks");?></td>
367
                  <td valign="middle" nowrap class="list">
368
				    <table border="0" cellspacing="0" cellpadding="1">
369
					<tr>
370
					  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule");?>"></td>
371
					  <td><a href="interfaces.php?if=<?=$if?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule");?>" width="17" height="17" border="0"></a></td>
372
					</tr>
373
					<tr>
374
					  <td align="center" valign="middle"></td>
375
					  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="<?=gettext("add a new rule based on this one");?>" width="17" height="17" border="0"></td>
376
					</tr>
377
					</table>
378
				  </td>
379
				</tr>
380
<?php endif; ?>
381
<?php if (isset($config['interfaces'][$if]['blockbogons'])): ?>
382
                <tr valign="top" id="frrfc1918">
383
                  <td class="list">&nbsp;</td>
384
                  <td class="listt" align="center"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11" border="0"></td>
385
                  <td class="listlr" style="background-color: #E0E0E0"></td>
386
                  <td class="listr" style="background-color: #E0E0E0">*</td>
387
                  <td class="listr" style="background-color: #E0E0E0"><?=gettext("Reserved/not assigned by IANA");?></td>
388
                  <td class="listr" style="background-color: #E0E0E0">*</td>
389
                  <td class="listr" style="background-color: #E0E0E0">*</td>
390
                  <td class="listr" style="background-color: #E0E0E0">*</td>
391
				  <td class="listr" style="background-color: #E0E0E0">*</td>
392
				   <td class="listr" style="background-color: #E0E0E0">*</td>
393
		  <td class="listr" style="background-color: #E0E0E0">*</td>
394
                  <td class="listbg"><?=gettext("Block bogon networks");?></td>
395
                  <td valign="middle" nowrap class="list">
396
				    <table border="0" cellspacing="0" cellpadding="1">
397
					<tr>
398
					  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule");?>"></td>
399
					  <td><a href="interfaces.php?if=<?=$if?>#rfc1918"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule");?>" width="17" height="17" border="0"></a></td>
400
					</tr>
401
					<tr>
402
					  <td align="center" valign="middle"></td>
403
					  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus_d.gif" title="<?=gettext("add a new rule based on this one");?>" width="17" height="17" border="0"></td>
404
					</tr>
405
					</table>
406
				  </td>
407
				</tr>
408
<?php endif; ?>
409
				<tbody id="dragtable" width="100%">
410
				<?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++):
411
					$filterent = $a_filter[$i];
412
					if ($filterent['interface'] != $if && !isset($filterent['floating']))
413
						continue;
414
					if (isset($filterent['floating']) && "FloatingRules" != $if)
415
						continue;
416
					$isadvset = firewall_check_for_advanced_options($filterent);
417
					if($isadvset)
418
						$advanced_set = "<img src=\"./themes/{$g['theme']}/images/icons/icon_advanced.gif\" title=\"" . gettext("advanced settings set") . ": {$isadvset}\" border=\"0\">";
419
					else 
420
						$advanced_set = ""
421
				?>
422
                <tr valign="top" id="fr<?=$nrules;?>">
423
                  <td class="listt">
424
					<input type="checkbox" id="frc<?=$nrules;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nrules;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;">
425
					<?php echo $advanced_set; ?>
426
				  </td>
427
                  <td class="listt" align="center">
428
				  <?php if ($filterent['type'] == "block")
429
				  			$iconfn = "block";
430
						else if ($filterent['type'] == "reject") {
431
							$iconfn = "reject";
432
						} else
433
							$iconfn = "pass";
434
						if (isset($filterent['disabled'])) {
435
							$textss = "<span class=\"gray\">";
436
							$textse = "</span>";
437
							$iconfn .= "_d";
438
						} else {
439
							$textss = $textse = "";
440
						}
441
				  ?>
442
				  <a href="?if=<?=$if;?>&act=toggle&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfn;?>.gif" width="11" height="11" border="0" title="<?=gettext("click to toggle enabled/disabled status");?>"></a>
443
				  <?php if (isset($filterent['log'])):
444
							$iconfnlog = "log_s";
445
						if (isset($filterent['disabled']))
446
							$iconfnlog .= "_d";
447
				  	?>
448
				  <br><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_<?=$iconfnlog;?>.gif" width="11" height="15" border="0">
449
				  <?php endif; ?>
450
				  </td>
451
				<?php
452
				
453
				//build Alias popup box
454
				$span_end = "";
455
				$alias_src_span_begin = "";
456
				$alias_src_port_span_begin = "";
457
				$alias_dst_span_begin = "";
458
				$alias_dst_port_span_begin = "";
459
				
460
				$alias_popup = rule_popup($filterent['source']['address'],pprint_port($filterent['source']['port']),$filterent['destination']['address'],pprint_port($filterent['destination']['port']));
461
				$span_end = "</U></span>";
462
					
463
				$alias_src_span_begin = $alias_popup["src"];
464
				 									
465
				$alias_src_port_span_begin = $alias_popup["srcport"];
466
													
467
				$alias_dst_span_begin = $alias_popup["dst"];
468
														
469
				$alias_dst_port_span_begin = $alias_popup["dstport"];
470
					
471
				//build Schedule popup box
472
				$a_schedules = &$config['schedules']['schedule'];
473
				$schedule_span_begin = "";
474
				$schedule_span_end = "";
475
				$sched_caption_escaped = "";
476
				$sched_content = "";
477
				$schedstatus = false;
478
				$dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun'));
479
				$monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December'));
480
				if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])){
481
					foreach ($a_schedules as $schedule)
482
					{
483
						if ($schedule['name'] == $filterent['sched'] ){
484
							$schedstatus = filter_get_time_based_rule_status($schedule);
485
							
486
							foreach($schedule['timerange'] as $timerange) {
487
								$tempFriendlyTime = "";
488
								$tempID = "";
489
								$firstprint = false;
490
								if ($timerange){
491
									$dayFriendly = "";
492
									$tempFriendlyTime = "";							
493
										
494
									//get hours
495
									$temptimerange = $timerange['hour'];
496
									$temptimeseparator = strrpos($temptimerange, "-");
497
									
498
									$starttime = substr ($temptimerange, 0, $temptimeseparator); 
499
									$stoptime = substr ($temptimerange, $temptimeseparator+1); 
500
										
501
									if ($timerange['month']){
502
										$tempmontharray = explode(",", $timerange['month']);
503
										$tempdayarray = explode(",",$timerange['day']);
504
										$arraycounter = 0;
505
										$firstDayFound = false;
506
										$firstPrint = false;
507
										foreach ($tempmontharray as $monthtmp){
508
											$month = $tempmontharray[$arraycounter];
509
											$day = $tempdayarray[$arraycounter];
510
											
511
											if (!$firstDayFound)
512
											{
513
												$firstDay = $day;
514
												$firstmonth = $month;
515
												$firstDayFound = true;
516
											}
517
												
518
											$currentDay = $day;
519
											$nextDay = $tempdayarray[$arraycounter+1];
520
											$currentDay++;
521
											if (($currentDay != $nextDay) || ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])){
522
												if ($firstPrint)
523
													$dayFriendly .= ", ";
524
												$currentDay--;
525
												if ($currentDay != $firstDay)
526
													$dayFriendly .= $monthArray[$firstmonth-1] . " " . $firstDay . " - " . $currentDay ;
527
												else
528
													$dayFriendly .=  $monthArray[$month-1] . " " . $day;
529
												$firstDayFound = false;	
530
												$firstPrint = true;
531
											}													
532
											$arraycounter++;	
533
										}
534
									}
535
									else
536
									{
537
										$tempdayFriendly = $timerange['position'];
538
										$firstDayFound = false;
539
										$tempFriendlyDayArray = explode(",", $tempdayFriendly);								
540
										$currentDay = "";
541
										$firstDay = "";
542
										$nextDay = "";
543
										$counter = 0;													
544
										foreach ($tempFriendlyDayArray as $day){
545
											if ($day != ""){
546
												if (!$firstDayFound)
547
												{
548
													$firstDay = $tempFriendlyDayArray[$counter];
549
													$firstDayFound = true;
550
												}
551
												$currentDay =$tempFriendlyDayArray[$counter];
552
												//get next day
553
												$nextDay = $tempFriendlyDayArray[$counter+1];
554
												$currentDay++;					
555
												if ($currentDay != $nextDay){
556
													if ($firstprint)
557
														$dayFriendly .= ", ";
558
													$currentDay--;
559
													if ($currentDay != $firstDay)
560
														$dayFriendly .= $dayArray[$firstDay-1] . " - " . $dayArray[$currentDay-1];
561
													else
562
														$dayFriendly .= $dayArray[$firstDay-1];
563
													$firstDayFound = false;	
564
													$firstprint = true;			
565
												}
566
												$counter++;
567
											}
568
										}
569
									}		
570
									$timeFriendly = $starttime . " - " . $stoptime;
571
									$description = $timerange['rangedescr'];
572
									$sched_content .= $dayFriendly . "; " . $timeFriendly . "<br>";
573
								}
574
							}
575
							$sched_caption_escaped = str_replace("'", "\'", $schedule['descr']);
576
							$schedule_span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>{$sched_caption_escaped}</h1><p>{$sched_content}</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>";
577
							$schedule_span_end = "</U></span>";
578
						}
579
					}
580
				}
581
				$printicon = false;
582
				$alttext = "";
583
				$image = "";
584
				if (!isset($filterent['disabled'])){
585
					 if ($schedstatus) 
586
					 { 
587
					 	if ($iconfn == "block" || $iconfn == "reject")
588
					 	{
589
					 		$image = "icon_block";
590
					 		$alttext = gettext("Traffic matching this rule is currently being denied");
591
					 	}
592
					 	else
593
					 	{
594
					 		$image = "icon_pass";
595
					 		$alttext = gettext("Traffic matching this rule is currently being allowed");
596
					 	}
597
					 	$printicon = true;
598
					  }
599
					  else if ($filterent['sched'])
600
					  { 
601
					 	if ($iconfn == "block" || $iconfn == "reject")
602
					 		$image = "icon_block_d";
603
					 	else
604
					 		$image = "icon_block";
605
					 	$alttext = gettext("This rule is not currently active because its period has expired");
606
					 	$printicon = true;				  	
607
					  }
608
				}
609
				?>
610
                  <td class="listlr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
611
                    <?=$textss;?><?php if (isset($filterent['id'])) echo $filterent['id']; else echo ""; ?><?=$textse;?>
612
                  </td>
613
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
614
                    <?=$textss;?><?php if (isset($filterent['protocol'])) echo strtoupper($filterent['protocol']); else echo "*"; ?><?=$textse;?>
615
                  </td>
616
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
617
				    <?=$textss;?><?php echo $alias_src_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['source']));?><?php echo $alias_src_span_end;?><?=$textse;?>
618
                  </td>
619
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
620
                    <?=$textss;?><?php echo $alias_src_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['source']['port'])); ?><?php echo $alias_src_port_span_end;?><?=$textse;?>
621
                  </td>
622
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
623
				    <?=$textss;?><?php echo $alias_dst_span_begin;?><?php echo htmlspecialchars(pprint_address($filterent['destination'])); ?><?php echo $alias_dst_span_end;?><?=$textse;?>
624
                  </td>
625
	              <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
626
                    <?=$textss;?><?php echo $alias_dst_port_span_begin;?><?php echo htmlspecialchars(pprint_port($filterent['destination']['port'])); ?><?php echo $alias_dst_port_span_end;?><?=$textse;?>
627
                  </td>
628
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';">
629
                    <?=$textss;?><?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])) echo htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr']); else  echo htmlspecialchars(pprint_port($filterent['gateway'])); ?><?=$textse;?>
630
                  </td>
631
				  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"><?=$textss;?>
632
                          <?php
633
							if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) {
634
								$desc = $filterent['ackqueue'] ;
635
							    echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&action=show\">{$desc}</a>";
636
								$desc = $filterent['defaultqueue'];
637
							    echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
638
							} else if (isset($filterent['defaultqueue'])) {
639
								$desc = $filterent['defaultqueue'];
640
							    echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>"; }
641
							else echo gettext("none");
642
						  ?><?=$textse;?>
643
                        </td>
644
                  <td class="listr" onClick="fr_toggle(<?=$nrules;?>)" id="frd<?=$nrules;?>" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';"><font color="black">
645
                    <?php if ($printicon) { ?><img src="./themes/<?= $g['theme']; ?>/images/icons/<?php echo $image; ?>.gif" title="<?php echo $alttext;?>" border="0"><?php } ?>&nbsp;<?=$textss;?><?php echo $schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?><?php echo $schedule_span_end; ?><?=$textse;?>
646
                  </td>
647
                  <td class="listbg" onClick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';" class="descr">
648
                    <?=$textss;?><?=htmlspecialchars($filterent['descr']);?>&nbsp;<?=$textse;?>
649
                  </td>
650
                  <td valign="middle" nowrap class="list">
651
				    <table border="0" cellspacing="0" cellpadding="1">
652
					<tr>
653
					  <td><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="<?=gettext("move selected rules before this rule"); ?>" onMouseOver="fr_insline(<?=$nrules;?>, true)" onMouseOut="fr_insline(<?=$nrules;?>, false)"></td>
654
					  <td><a href="firewall_rules_edit.php?id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="<?=gettext("edit rule"); ?>" width="17" height="17" border="0"></a></td>
655
					</tr>
656
					<tr>
657
					  <td align="center" valign="middle"><a href="firewall_rules.php?act=del&if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("delete rule"); ?>" onclick="return confirm('Do you really want to delete this rule?')"></a></td>
658
					  <td><a href="firewall_rules_edit.php?dup=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add a new rule based on this one"); ?>" width="17" height="17" border="0"></a></td>
659
					</tr>
660
					</table>
661
				  </td>
662
				</tr>
663
			  <?php $nrules++; endfor; ?>
664
			  </tbody>
665
			  <?php if ($nrules == 0): ?>
666
              <td class="listt"></td>
667
			  <td class="listt"></td>
668
			  <td class="listlr" colspan="10" align="center" valign="middle">
669
			  <span class="gray">
670
			  <?=gettext("No rules are currently defined for this interface"); ?><br>
671
			  <?=gettext("All incoming connections on this interface will be blocked until you add pass rules."); ?><br><br>
672
			  <?=gettext("Click the"); ?> <a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" border="0" width="17" height="17" align="absmiddle"></a><?=gettext(" button to add a new rule.");?></span>
673
			  </td>
674
			  <?php endif; ?>
675
                <tr id="fr<?=$nrules;?>">
676
                  <td class="list"></td>
677
                  <td class="list"></td>
678
                  <td class="list">&nbsp;</td>
679
                  <td class="list">&nbsp;</td>
680
                  <td class="list">&nbsp;</td>
681
                  <td class="list">&nbsp;</td>
682
		  <td class="list">&nbsp;</td>
683
		  <td class="list">&nbsp;</td>
684
                  <td class="list">&nbsp;</td>
685
                  <td class="list">&nbsp;</td>
686
                  <td class="list">&nbsp;</td>
687
                  <td class="list">&nbsp;</td>
688
                  <td class="list">
689
				    <table border="0" cellspacing="0" cellpadding="1">
690
					<tr>
691
				      <td>
692
					  <?php if ($nrules == 0): ?><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected rules to end");?>" border="0"><?php else: ?><input name="move_<?=$i;?>" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="<?=gettext("move selected rules to end");?>" onMouseOver="fr_insline(<?=$nrules;?>, true)" onMouseOut="fr_insline(<?=$nrules;?>, false)"><?php endif; ?></td>
693
					  <td></td>
694
				    </tr>
695
					<tr>
696
					  <td>
697
					  <?php if ($nrules == 0): ?>
698
					  <img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x_d.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" border="0"><?php else: ?>
699
					  <input name="del" type="image" src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" title="<?=gettext("delete selected rules");?>" onclick="return confirm('<?=gettext('Do you really want to delete the selected rules?');?>')"><?php endif; ?>
700
					  </td>
701
			                  <td><a href="firewall_rules_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="<?=gettext("add new rule");?>" width="17" height="17" border="0"></a></td>
702
					</tr>
703
				    </table>
704
				  </td>
705
				</tr>
706
              </table>
707
	      <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0">
708
                <tr>
709
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass.gif" width="11" height="11"></td>
710
                  <td><?=gettext("pass");?></td>
711
                  <td width="14"></td>
712
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block.gif" width="11" height="11"></td>
713
                  <td><?=gettext("block");?></td>
714
                  <td width="14"></td>
715
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_reject.gif" width="11" height="11"></td>
716
                  <td><?=gettext("reject");?></td>
717
                  <td width="14"></td>
718
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_log.gif" width="11" height="11"></td>
719
                  <td><?=gettext("log");?></td>
720
                </tr>
721
                <tr>
722
                  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_pass_d.gif" width="11" height="11"></td>
723
                  <td nowrap><?=gettext("pass (disabled)");?></td>
724
                  <td>&nbsp;</td>
725
                  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_block_d.gif" width="11" height="11"></td>
726
                  <td nowrap><?=gettext("block (disabled)");?></td>
727
                  <td>&nbsp;</td>
728
                  <td><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_reject_d.gif" width="11" height="11"></td>
729
                  <td nowrap><?=gettext("reject (disabled)");?></td>
730
                  <td>&nbsp;</td>
731
                  <td width="16"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_log_d.gif" width="11" height="11"></td>
732
                  <td nowrap><?=gettext("log (disabled)");?></td>
733
                </tr>
734
		<tr>
735
		  <td colspan="10">
736
  &nbsp;<p/>
737
  <strong>
738
	<span class="red"><?=gettext("Hint:");?></span>
739
  </strong><br>
740
	<ul>
741
  <li><?=gettext("Rules are evaluated on a first-match basis (i.e. " .
742
  "the action of the first rule to match a packet will be executed). " .
743
  "This means that if you use block rules, you'll have to pay attention " .
744
  "to the rule order. Everything that isn't explicitly passed is blocked " .
745
  "by default. ");?>
746
</li>
747
<li>
748
  <?=gettext("You may drag and drop rules using your mouse to reorder the rule ordering.");?>
749
</li>
750
</ul>
751
		 </td>
752
	        </tr>
753
              </table>
754
	</div>
755
    </td>
756
  </tr>
757
</table>
758
  <input type="hidden" name="if" value="<?=$if;?>">
759
  <script type="text/javascript">
760
	var number_of_rules = <?=$nrules?>;
761
<?php $nrules = 0; for ($i = 0; isset($a_filter[$i]); $i++): ?>
762
	Sortable.create("dragtable", { 
763
		tag:"tr", 
764
		format:"fr([0-9999999])",
765
		containment:["dragtable"], 
766
		onChange:function(affected) {
767
			document.body.style.cursor = 'move';
768
		},
769
		onUpdate:function(container) { 
770
			document.body.style.cursor = 'move';
771
			updateOrder(Sortable.serialize('dragtable', 'tr'));
772
		} 
773
	});
774
<?php endfor; ?>
775
	function updateOrder(order) {
776
		if(document.getElementById("redboxtable"))
777
			$('redboxtable').hide();
778
		$('loading').show();
779
		document.body.style.cursor = 'wait';
780
		document.location = 'firewall_rules.php?if=<?=$if?>&dragdroporder=true&' + Sortable.serialize('dragtable', 'tr');
781
		return;
782
	}
783
	$('loading').hide();
784
  </script>
785
</form>
786
<?php include("fend.inc"); ?>
787
</body>
788
</html>
(56-56/220)