/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ d4ea38c5

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	29aef6c4	Jim Thompson	Copyright (C) 2013-2014 Electric Sheep Fencing, LP
11
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	9ae40f2b	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	9ae40f2b	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	9ae40f2b	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: nat
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-nat-portforward-edit
39			##\|*NAME=Firewall: NAT: Port Forward: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
41			##\|MATCH=firewall_nat_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	483e6de8	Scott Ullrich	require_once("itemid.inc");
46	f6339216	jim-p	require_once("filter.inc");
47	1a03cf69	Scott Ullrich	require("shaper.inc");
48	5b237745	Scott Ullrich
49	62424bdb	Renato Botelho	$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat.php');
50
51	b7988b29	jim-p	$specialsrcdst = explode(" ", "any (self) pptp pppoe l2tp openvpn");
52	59ecde49	Renato Botelho	$ifdisp = get_configured_interface_with_descr();
53			foreach ($ifdisp as $kif => $kdescr) {
54			$specialsrcdst[] = "{$kif}";
55			$specialsrcdst[] = "{$kif}ip";
56			}
57
58	5b237745	Scott Ullrich	if (!is_array($config['nat']['rule'])) {
59			$config['nat']['rule'] = array();
60			}
61			$a_nat = &$config['nat']['rule'];
62
63	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
64			$id = $_GET['id'];
65			if (isset($_POST['id']) && is_numericint($_POST['id']))
66	5b237745	Scott Ullrich	$id = $_POST['id'];
67
68	2f7f1190	Renato Botelho	if (is_numericint($_GET['after']) \|\| $_GET['after'] == "-1")
69	e41ec584	Renato Botelho	$after = $_GET['after'];
70	2f7f1190	Renato Botelho	if (isset($_POST['after']) && (is_numericint($_POST['after']) \|\| $_POST['after'] == "-1"))
71	3202763c	Renato Botelho	$after = $_POST['after'];
72
73	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
74	4a991889	Bill Marquette	$id = $_GET['dup'];
75			$after = $_GET['dup'];
76			}
77
78	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
79	33cc1e86	jim-p	if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) )
80			$pconfig['created'] = $a_nat[$id]['created'];
81
82			if ( isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']) )
83			$pconfig['updated'] = $a_nat[$id]['updated'];
84
85	59ecde49	Renato Botelho	$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
86			$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
87			address_to_pconfig($a_nat[$id]['source'], $pconfig['src'],
88			$pconfig['srcmask'], $pconfig['srcnot'],
89			$pconfig['srcbeginport'], $pconfig['srcendport']);
90
91			address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'],
92			$pconfig['dstmask'], $pconfig['dstnot'],
93			$pconfig['dstbeginport'], $pconfig['dstendport']);
94
95	5b237745	Scott Ullrich	$pconfig['proto'] = $a_nat[$id]['protocol'];
96			$pconfig['localip'] = $a_nat[$id]['target'];
97			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
98			$pconfig['descr'] = $a_nat[$id]['descr'];
99			$pconfig['interface'] = $a_nat[$id]['interface'];
100	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
101	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
102	15409667	Erik Fonnesbeck	$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
103	59ecde49	Renato Botelho
104	5b237745	Scott Ullrich	if (!$pconfig['interface'])
105			$pconfig['interface'] = "wan";
106			} else {
107			$pconfig['interface'] = "wan";
108	59ecde49	Renato Botelho	$pconfig['src'] = "any";
109			$pconfig['srcbeginport'] = "any";
110			$pconfig['srcendport'] = "any";
111	5b237745	Scott Ullrich	}
112
113	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup']))
114	a6713b32	Bill Marquette	unset($id);
115
116	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
117	59ecde49	Renato Botelho	* cannot think he is slick and perform a XSS attack on the unwilling
118	ef2a753c	Scott Ullrich	*/
119	b45babae	Evgeny Yurchenko	unset($input_errors);
120	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
121			$temp = $value;
122			$newpost = htmlentities($temp);
123	59ecde49	Renato Botelho	if($newpost <> $temp)
124	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
125	ef2a753c	Scott Ullrich	}
126
127	5b237745	Scott Ullrich	if ($_POST) {
128
129	59ecde49	Renato Botelho	if(strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") {
130			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
131	90f90934	Cristian Feldman	$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
132	59ecde49	Renato Botelho	if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
133	90f90934	Cristian Feldman	$_POST['srcendport'] = trim($_POST['srcendport_cust']);
134	59ecde49	Renato Botelho
135			if ($_POST['srcbeginport'] == "any") {
136			$_POST['srcbeginport'] = 0;
137			$_POST['srcendport'] = 0;
138			} else {
139			if (!$_POST['srcendport'])
140			$_POST['srcendport'] = $_POST['srcbeginport'];
141			}
142			if ($_POST['srcendport'] == "any")
143			$_POST['srcendport'] = $_POST['srcbeginport'];
144
145			if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
146	90f90934	Cristian Feldman	$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
147	59ecde49	Renato Botelho	if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
148	90f90934	Cristian Feldman	$_POST['dstendport'] = trim($_POST['dstendport_cust']);
149	59ecde49	Renato Botelho
150			if ($_POST['dstbeginport'] == "any") {
151			$_POST['dstbeginport'] = 0;
152			$_POST['dstendport'] = 0;
153			} else {
154			if (!$_POST['dstendport'])
155			$_POST['dstendport'] = $_POST['dstbeginport'];
156			}
157			if ($_POST['dstendport'] == "any")
158			$_POST['dstendport'] = $_POST['dstbeginport'];
159
160			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
161	90f90934	Cristian Feldman	$_POST['localbeginport'] = trim($_POST['localbeginport_cust']);
162	9ae40f2b	Scott Ullrich
163	59ecde49	Renato Botelho	/* Make beginning port end port if not defined and endport is */
164			if (!$_POST['srcbeginport'] && $_POST['srcendport'])
165			$_POST['srcbeginport'] = $_POST['srcendport'];
166			if (!$_POST['dstbeginport'] && $_POST['dstendport'])
167			$_POST['dstbeginport'] = $_POST['dstendport'];
168			} else {
169			$_POST['srcbeginport'] = 0;
170			$_POST['srcendport'] = 0;
171			$_POST['dstbeginport'] = 0;
172			$_POST['dstendport'] = 0;
173			}
174
175			if (is_specialnet($_POST['srctype'])) {
176			$_POST['src'] = $_POST['srctype'];
177			$_POST['srcmask'] = 0;
178			} else if ($_POST['srctype'] == "single") {
179			$_POST['srcmask'] = 32;
180			}
181			if (is_specialnet($_POST['dsttype'])) {
182			$_POST['dst'] = $_POST['dsttype'];
183			$_POST['dstmask'] = 0;
184			} else if ($_POST['dsttype'] == "single") {
185			$_POST['dstmask'] = 32;
186			} else if (is_ipaddr($_POST['dsttype'])) {
187			$_POST['dst'] = $_POST['dsttype'];
188			$_POST['dstmask'] = 32;
189			$_POST['dsttype'] = "single";
190			}
191	9ae40f2b	Scott Ullrich
192	5b237745	Scott Ullrich	$pconfig = $_POST;
193
194			/* input validation */
195	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
196	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto dstbeginport dstendport");
197			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));
198	b66f7667	Scott Ullrich	} else {
199	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto");
200			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"));
201	b66f7667	Scott Ullrich	}
202	9ae40f2b	Scott Ullrich
203	59ecde49	Renato Botelho	if ($_POST['srctype'] == "single" \|\| $_POST['srctype'] == "network") {
204			$reqdfields[] = "src";
205	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Source address");
206	59ecde49	Renato Botelho	}
207			if ($_POST['dsttype'] == "single" \|\| $_POST['dsttype'] == "network") {
208			$reqdfields[] = "dst";
209	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Destination address");
210	59ecde49	Renato Botelho	}
211	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr'])) {
212			$reqdfields[] = "localip";
213			$reqdfieldsn[] = gettext("Redirect target IP");
214			}
215	59ecde49	Renato Botelho
216	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
217	9ae40f2b	Scott Ullrich
218	59ecde49	Renato Botelho	if (!$_POST['srcbeginport']) {
219			$_POST['srcbeginport'] = 0;
220			$_POST['srcendport'] = 0;
221			}
222			if (!$_POST['dstbeginport']) {
223			$_POST['dstbeginport'] = 0;
224			$_POST['dstendport'] = 0;
225			}
226
227	90f90934	Cristian Feldman	if ($_POST['src'])
228			$_POST['src'] = trim($_POST['src']);
229			if ($_POST['dst'])
230			$_POST['dst'] = trim($_POST['dst']);
231			if ($_POST['localip'])
232			$_POST['localip'] = trim($_POST['localip']);
233
234	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
235			$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);
236	5b237745	Scott Ullrich	}
237	9ae40f2b	Scott Ullrich
238	59ecde49	Renato Botelho	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
239	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
240	59ecde49	Renato Botelho	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
241	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
242	59ecde49	Renato Botelho	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
243	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
244	59ecde49	Renato Botelho	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
245	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
246	59ecde49	Renato Botelho
247	6e557fac	jim-p	if ((strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) {
248	d750dd6f	Phil Davis	$input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
249	59ecde49	Renato Botelho	}
250	9ae40f2b	Scott Ullrich
251	59ecde49	Renato Botelho	/* if user enters an alias and selects "network" then disallow. */
252			if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) )
253			\|\| ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) {
254	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
255	59ecde49	Renato Botelho	}
256	b66f7667	Scott Ullrich
257	59ecde49	Renato Botelho	if (!is_specialnet($_POST['srctype'])) {
258			if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
259	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
260	b66f7667	Scott Ullrich	}
261	59ecde49	Renato Botelho	if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
262	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid source bit count must be specified.");
263	b66f7667	Scott Ullrich	}
264	59ecde49	Renato Botelho	}
265			if (!is_specialnet($_POST['dsttype'])) {
266			if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
267	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
268	b66f7667	Scott Ullrich	}
269	59ecde49	Renato Botelho	if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
270	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid destination bit count must be specified.");
271	b66f7667	Scott Ullrich	}
272	59ecde49	Renato Botelho	}
273
274			if ($_POST['srcbeginport'] > $_POST['srcendport']) {
275			/* swap */
276			$tmp = $_POST['srcendport'];
277			$_POST['srcendport'] = $_POST['srcbeginport'];
278			$_POST['srcbeginport'] = $tmp;
279			}
280			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
281			/* swap */
282			$tmp = $_POST['dstendport'];
283			$_POST['dstendport'] = $_POST['dstbeginport'];
284			$_POST['dstbeginport'] = $tmp;
285			}
286	ea0805c1	Scott Ullrich
287	59ecde49	Renato Botelho	if (!$input_errors) {
288	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
289	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
290	5b237745	Scott Ullrich	}
291	9ae40f2b	Scott Ullrich
292	5b237745	Scott Ullrich	/* check for overlaps */
293			foreach ($a_nat as $natent) {
294			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
295			continue;
296			if ($natent['interface'] != $_POST['interface'])
297			continue;
298	59ecde49	Renato Botelho	if ($natent['destination']['address'] != $_POST['dst'])
299	5b237745	Scott Ullrich	continue;
300	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
301			continue;
302	ea0805c1	Scott Ullrich
303	59ecde49	Renato Botelho	list($begp,$endp) = explode("-", $natent['destination']['port']);
304	5b237745	Scott Ullrich	if (!$endp)
305			$endp = $begp;
306	ea0805c1	Scott Ullrich
307	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
308			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
309	ea0805c1	Scott Ullrich
310	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
311	5b237745	Scott Ullrich	break;
312			}
313			}
314
315	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
316			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation");
317
318	5b237745	Scott Ullrich	if (!$input_errors) {
319			$natent = array();
320	9ae40f2b	Scott Ullrich
321	59ecde49	Renato Botelho	$natent['disabled'] = isset($_POST['disabled']) ? true:false;
322			$natent['nordr'] = isset($_POST['nordr']) ? true:false;
323
324	6fa73745	Erik Fonnesbeck	if ($natent['nordr']) {
325			$_POST['associated-rule-id'] = '';
326			$_POST['filter-rule-association'] = '';
327			}
328
329	59ecde49	Renato Botelho	pconfig_to_address($natent['source'], $_POST['src'],
330			$_POST['srcmask'], $_POST['srcnot'],
331			$_POST['srcbeginport'], $_POST['srcendport']);
332
333			pconfig_to_address($natent['destination'], $_POST['dst'],
334			$_POST['dstmask'], $_POST['dstnot'],
335			$_POST['dstbeginport'], $_POST['dstendport']);
336
337			$natent['protocol'] = $_POST['proto'];
338	9ae40f2b	Scott Ullrich
339	6fa73745	Erik Fonnesbeck	if (!$natent['nordr']) {
340			$natent['target'] = $_POST['localip'];
341			$natent['local-port'] = $_POST['localbeginport'];
342			}
343	5b237745	Scott Ullrich	$natent['interface'] = $_POST['interface'];
344			$natent['descr'] = $_POST['descr'];
345	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
346	59ecde49	Renato Botelho
347	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
348	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
349	9ae40f2b	Scott Ullrich
350	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
351			$natent['nosync'] = true;
352			else
353			unset($natent['nosync']);
354
355	40fa6dde	Erik Fonnesbeck	if ($_POST['natreflection'] == "enable" \|\| $_POST['natreflection'] == "purenat" \|\| $_POST['natreflection'] == "disable")
356	15409667	Erik Fonnesbeck	$natent['natreflection'] = $_POST['natreflection'];
357			else
358			unset($natent['natreflection']);
359
360	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
361	f83fa942	Ermal	if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) \|\| $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) {
362	473d0ff0	pierrepomes	// Delete the previous rule
363	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
364	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
365			}
366
367	5335abae	unknown	$need_filter_rule = false;
368			// Updating a rule with a filter rule associated
369	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id']))
370	5335abae	unknown	$need_filter_rule = true;
371	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
372	9b16b834	Ermal Lu?i	if( $natent['associated-rule-id']=='new' ) {
373	473d0ff0	pierrepomes	$need_filter_rule = true;
374	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
375	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
376			}
377	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
378	473d0ff0	pierrepomes	else if( isset($_POST['filter-rule-association']) &&
379			($_POST['filter-rule-association']=='add-associated' \|\|
380	5335abae	unknown	$_POST['filter-rule-association']=='add-unassociated') )
381			$need_filter_rule = true;
382
383	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
384	9ae40f2b	Scott Ullrich
385	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
386	9ae40f2b	Scott Ullrich	$filterent = array();
387	9b16b834	Ermal Lu?i	unset($filterentid);
388	473d0ff0	pierrepomes	// If a rule already exists, load it
389	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
390			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
391	752c6ca8	jim-p	if ($filterentid === false)
392	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'];
393	59345b3c	Renato Botelho	else
394	9b16b834	Ermal Lu?i	$filterent =& $config['filter']['rule'][$filterentid];
395	59345b3c	Renato Botelho	}
396			pconfig_to_address($filterent['source'], $_POST['src'],
397			$_POST['srcmask'], $_POST['srcnot'],
398			$_POST['srcbeginport'], $_POST['srcendport']);
399	473d0ff0	pierrepomes
400			// Update interface, protocol and destination
401	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
402			$filterent['protocol'] = $_POST['proto'];
403			$filterent['destination']['address'] = $_POST['localip'];
404	9ae40f2b	Scott Ullrich
405	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
406	59ecde49	Renato Botelho	$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
407	9ae40f2b	Scott Ullrich
408	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
409			$filterent['destination']['port'] = $dstpfrom;
410			else
411			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
412	9ae40f2b	Scott Ullrich
413	06246e5b	Seth Mos	/*
414			* Our firewall filter description may be no longer than
415			* 63 characters, so don't let it be.
416			*/
417	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
418	9ae40f2b	Scott Ullrich
419	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
420			if( $_POST['filter-rule-association']=='add-associated' ) {
421	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
422	ba1d9714	jim-p	$filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward"));
423	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
424			}
425	9ae40f2b	Scott Ullrich
426	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
427	5b237745	Scott Ullrich	}
428	9ae40f2b	Scott Ullrich
429	33cc1e86	jim-p	if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) )
430			$natent['created'] = $a_nat[$id]['created'];
431
432			$natent['updated'] = make_config_revision_entry();
433
434	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
435			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config");
436
437	473d0ff0	pierrepomes	// Update the NAT entry now
438	b9e28d57	unknown	if (isset($id) && $a_nat[$id])
439			$a_nat[$id] = $natent;
440			else {
441	33cc1e86	jim-p	$natent['created'] = make_config_revision_entry();
442	b9e28d57	unknown	if (is_numeric($after))
443			array_splice($a_nat, $after+1, 0, array($natent));
444			else
445			$a_nat[] = $natent;
446			}
447
448	3a343d73	jim-p	if (write_config())
449			mark_subsystem_dirty('natconf');
450	9ae40f2b	Scott Ullrich
451	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
452			exit;
453			}
454			}
455	da7ae7ef	Bill Marquette
456	4e51740a	Colin Fleming	$closehead = false;
457	ba1a0433	Renato Botelho	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit"));
458	da7ae7ef	Bill Marquette	include("head.inc");
459
460	5b237745	Scott Ullrich	?>
461	4e51740a	Colin Fleming	<link type="text/css" rel="stylesheet" href="/javascript/chosen/chosen.css" />
462	4bb99603	Scott Ullrich	</head>
463	da7ae7ef	Bill Marquette
464	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
465	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
466	4ce8ac00	Erik Kristensen	<?php
467			include("fbegin.inc"); ?>
468	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
469			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
470	4e51740a	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit">
471	2a6cb2d6	Scott Ullrich	<tr>
472	6cac9bda	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
473	59ecde49	Renato Botelho	</tr>
474	2ea00c3e	Scott Ullrich	<?php
475			// Allow extending of the firewall edit page and include custom input validation
476			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly");
477			?>
478	59ecde49	Renato Botelho	<tr>
479	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
480	59ecde49	Renato Botelho	<td width="78%" class="vtable">
481	4e51740a	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
482	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("Disable this rule"); ?></strong><br />
483			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
484	59ecde49	Renato Botelho	</td>
485			</tr>
486			<tr>
487	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
488	59ecde49	Renato Botelho	<td width="78%" class="vtable">
489	4e51740a	Colin Fleming	<input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if($pconfig['nordr']) echo "checked=\"checked\""; ?> />
490	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
491	8cd558b6	ayvis	<br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
492	59ecde49	Renato Botelho	</td>
493			</tr>
494			<tr>
495	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
496	5b237745	Scott Ullrich	<td width="78%" class="vtable">
497	4e51740a	Colin Fleming	<select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
498	5b237745	Scott Ullrich	<?php
499	59ecde49	Renato Botelho
500	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
501	920d1d01	Scott Ullrich	// Allow extending of the firewall edit interfaces
502	40b83796	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
503	59ecde49	Renato Botelho	foreach ($iflist as $if => $ifdesc)
504			if(have_ruleint_access($if))
505	cbe3ea96	Ermal Luçi	$interfaces[$if] = $ifdesc;
506	59ecde49	Renato Botelho
507	f6018115	Erik Fonnesbeck	if ($config['l2tp']['mode'] == "server")
508			if(have_ruleint_access("l2tp"))
509			$interfaces['l2tp'] = "L2TP VPN";
510
511	40b56dc1	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
512	59ecde49	Renato Botelho	if(have_ruleint_access("pptp"))
513	40b56dc1	Scott Ullrich	$interfaces['pptp'] = "PPTP VPN";
514	59ecde49	Renato Botelho
515	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
516	d3d23754	Chris Buechler	$interfaces['pppoe'] = "PPPoE Server";
517	59ecde49	Renato Botelho
518	40b56dc1	Scott Ullrich	/* add ipsec interfaces */
519	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
520	59ecde49	Renato Botelho	if(have_ruleint_access("enc0"))
521			$interfaces["enc0"] = "IPsec";
522	40b56dc1	Scott Ullrich
523	f6018115	Erik Fonnesbeck	/* add openvpn/tun interfaces */
524			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
525			$interfaces["openvpn"] = "OpenVPN";
526
527	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
528	4e51740a	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
529	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
530			</option>
531			<?php endforeach; ?>
532	8cd558b6	ayvis	</select><br />
533			<span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br />
534	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td>
535	5b237745	Scott Ullrich	</tr>
536	9ae40f2b	Scott Ullrich	<tr>
537	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
538	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
539	4e51740a	Colin Fleming	<select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();">
540	5635eec8	Daniel Becker	<?php $protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF"); foreach ($protocols as $proto): ?>
541	4e51740a	Colin Fleming	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option>
542	5b237745	Scott Ullrich	<?php endforeach; ?>
543	8cd558b6	ayvis	</select> <br /> <span class="vexpl"><?=gettext("Choose which IP protocol " .
544			"this rule should match."); ?><br />
545	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em>  <?=gettext("here."); ?></span></td>
546	5b237745	Scott Ullrich	</tr>
547	59ecde49	Renato Botelho	<tr id="showadvancedboxsrc" name="showadvancedboxsrc">
548	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
549	59ecde49	Renato Botelho	<td width="78%" class="vtable">
550	4e51740a	Colin Fleming	<input type="button" onclick="show_source()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source address and port range"); ?>
551	59ecde49	Renato Botelho	</td>
552			</tr>
553			<tr style="display: none;" id="srctable" name="srctable">
554	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
555	59ecde49	Renato Botelho	<td width="78%" class="vtable">
556	4e51740a	Colin Fleming	<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> />
557	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
558	59ecde49	Renato Botelho	<br />
559	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
560	59ecde49	Renato Botelho	<br />
561			<br />
562	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="type">
563	59ecde49	Renato Botelho	<tr>
564	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
565	59ecde49	Renato Botelho	<td>
566	4e51740a	Colin Fleming	<select name="srctype" class="formselect" onchange="typesel_change()">
567	59ecde49	Renato Botelho	<?php
568			$sel = is_specialnet($pconfig['src']); ?>
569	4e51740a	Colin Fleming	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
570			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
571			<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
572	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
573	4e51740a	Colin Fleming	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
574	59ecde49	Renato Botelho	<?php endif; ?>
575			<?php if(have_ruleint_access("pppoe")): ?>
576	4e51740a	Colin Fleming	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
577	59ecde49	Renato Botelho	<?php endif; ?>
578			<?php if(have_ruleint_access("l2tp")): ?>
579	4e51740a	Colin Fleming	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
580	3a92149b	Carlos Eduardo Ramos	<?php endif; ?>
581	59ecde49	Renato Botelho	<?php
582			foreach ($ifdisp as $ifent => $ifdesc): ?>
583			<?php if(have_ruleint_access($ifent)): ?>
584	33b1bc17	Phil Davis	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
585	4e51740a	Colin Fleming	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>>
586	ba1a0433	Renato Botelho	<?=$ifdesc?> <?=gettext("address");?>
587	59ecde49	Renato Botelho	</option>
588			<?php endif; ?>
589			<?php endforeach; ?>
590			</select>
591			</td>
592			</tr>
593			<tr>
594	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
595	59ecde49	Renato Botelho	<td>
596	4e51740a	Colin Fleming	<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" /> /
597	59ecde49	Renato Botelho	<select name="srcmask" class="formselect" id="srcmask">
598			<?php for ($i = 31; $i > 0; $i--): ?>
599	4e51740a	Colin Fleming	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
600	59ecde49	Renato Botelho	<?php endfor; ?>
601			</select>
602			</td>
603			</tr>
604			</table>
605			</td>
606			</tr>
607			<tr style="display:none" id="sprtable" name="sprtable">
608	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range"); ?></td>
609	59ecde49	Renato Botelho	<td width="78%" class="vtable">
610	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="source port range">
611	59ecde49	Renato Botelho	<tr>
612	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
613	59ecde49	Renato Botelho	<td>
614			<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
615	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
616	4e51740a	Colin Fleming	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected=\"selected\""; $bfound = 1; } ?>><?=gettext("any"); ?></option>
617	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
618	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
619	59ecde49	Renato Botelho	<?php endforeach; ?>
620			</select>
621	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>" />
622	59ecde49	Renato Botelho	</td>
623			</tr>
624			<tr>
625	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
626	59ecde49	Renato Botelho	<td>
627			<select name="srcendport" class="formselect" onchange="ext_change()">
628	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
629	4e51740a	Colin Fleming	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected=\"selected\""; $bfound = 1; } ?>><?=gettext("any"); ?></option>
630	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
631	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
632	59ecde49	Renato Botelho	<?php endforeach; ?>
633			</select>
634	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>" />
635	59ecde49	Renato Botelho	</td>
636			</tr>
637			</table>
638			<br />
639	8cd558b6	ayvis	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>.</b> <br /> <?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to filter a single port."); ?></span><br />
640	59ecde49	Renato Botelho	</td>
641			</tr>
642			<tr>
643	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td>
644	59ecde49	Renato Botelho	<td width="78%" class="vtable">
645	4e51740a	Colin Fleming	<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> />
646	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
647	59ecde49	Renato Botelho	<br />
648	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
649	59ecde49	Renato Botelho	<br />
650			<br />
651	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="type">
652	59ecde49	Renato Botelho	<tr>
653	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
654	59ecde49	Renato Botelho	<td>
655	4e51740a	Colin Fleming	<select name="dsttype" class="formselect" onchange="typesel_change()">
656	59ecde49	Renato Botelho	<?php
657			$sel = is_specialnet($pconfig['dst']); ?>
658	4e51740a	Colin Fleming	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
659			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
660			<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
661	b7988b29	jim-p	<option value="(self)" <?PHP if ($pconfig['dst'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option>
662	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
663	4e51740a	Colin Fleming	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
664	59ecde49	Renato Botelho	<?php endif; ?>
665			<?php if(have_ruleint_access("pppoe")): ?>
666	4e51740a	Colin Fleming	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
667	59ecde49	Renato Botelho	<?php endif; ?>
668			<?php if(have_ruleint_access("l2tp")): ?>
669	4e51740a	Colin Fleming	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
670	59ecde49	Renato Botelho	<?php endif; ?>
671
672			<?php foreach ($ifdisp as $if => $ifdesc): ?>
673			<?php if(have_ruleint_access($if)): ?>
674	33b1bc17	Phil Davis	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
675	4e51740a	Colin Fleming	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>>
676	ba1a0433	Renato Botelho	<?=$ifdesc;?> <?=gettext("address");?>
677	59ecde49	Renato Botelho	</option>
678			<?php endif; ?>
679			<?php endforeach; ?>
680
681			<?php if (is_array($config['virtualip']['vip'])):
682			foreach ($config['virtualip']['vip'] as $sn):
683	e2c1d6c5	jim-p	if (isset($sn['noexpand']))
684			continue;
685	59ecde49	Renato Botelho	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
686	08a5d2eb	jim-p	$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
687			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
688			$len = $end - $start;
689			for ($i = 0; $i <= $len; $i++):
690			$snip = long2ip32($start+$i);
691	59ecde49	Renato Botelho	?>
692	4e51740a	Colin Fleming	<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected=\"selected\""; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
693	59ecde49	Renato Botelho	<?php endfor;
694			else:
695			?>
696	4e51740a	Colin Fleming	<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected=\"selected\""; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
697	59ecde49	Renato Botelho	<?php endif;
698			endforeach;
699			endif;
700			?>
701			</select>
702			</td>
703			</tr>
704			<tr>
705	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
706	59ecde49	Renato Botelho	<td>
707	4e51740a	Colin Fleming	<input autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" />
708	59ecde49	Renato Botelho	/
709			<select name="dstmask" class="formselect" id="dstmask">
710			<?php
711			for ($i = 31; $i > 0; $i--): ?>
712	4e51740a	Colin Fleming	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
713	59ecde49	Renato Botelho	<?php endfor; ?>
714			</select>
715			</td>
716			</tr>
717			</table>
718			</td>
719			</tr>
720			<tr id="dprtr" name="dprtr">
721	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range"); ?> </td>
722	59ecde49	Renato Botelho	<td width="78%" class="vtable">
723	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="destination port range">
724	59ecde49	Renato Botelho	<tr>
725	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
726	59ecde49	Renato Botelho	<td>
727	7fa503d8	Renato Botelho	<select name="dstbeginport" id="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
728	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
729	a457e739	Renato Botelho	<?php $bfound = 0;
730			foreach ($wkports as $wkport => $wkportdesc): ?>
731	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected=\"selected\""; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
732	59ecde49	Renato Botelho	<?php endforeach; ?>
733			</select>
734	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>" />
735	59ecde49	Renato Botelho	</td>
736			</tr>
737			<tr>
738	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
739	59ecde49	Renato Botelho	<td>
740	7fa503d8	Renato Botelho	<select name="dstendport" id="dstendport" class="formselect" onchange="ext_change()">
741	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
742	a457e739	Renato Botelho	<?php $bfound = 0;
743			foreach ($wkports as $wkport => $wkportdesc): ?>
744	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
745	59ecde49	Renato Botelho	<?php endforeach; ?>
746			</select>
747	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" />
748	59ecde49	Renato Botelho	</td>
749			</tr>
750			</table>
751			<br />
752			<span class="vexpl">
753	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?>
754	59ecde49	Renato Botelho	<br />
755	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to map a single port"); ?>
756	59ecde49	Renato Botelho	</span>
757			</td>
758			</tr>
759	44374c0a	Erik Fonnesbeck	<tr name="localiptable" id="localiptable">
760	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
761	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
762	4e51740a	Colin Fleming	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" />
763	8cd558b6	ayvis	<br /> <span class="vexpl"><?=gettext("Enter the internal IP address of " .
764			"the server on which you want to map the ports."); ?><br />
765	6cac9bda	Carlos Eduardo Ramos	<?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td>
766	5b237745	Scott Ullrich	</tr>
767	59ecde49	Renato Botelho	<tr name="lprtr" id="lprtr">
768	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
769	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
770	7fa503d8	Renato Botelho	<select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();">
771	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
772	5b237745	Scott Ullrich	<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
773			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
774	4e51740a	Colin Fleming	echo "selected=\"selected\"";
775	0e6998d1	Scott Ullrich	$bfound = 1;
776			}?>>
777	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
778			</option>
779			<?php endforeach; ?>
780	4e51740a	Colin Fleming	</select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" />
781	8cd558b6	ayvis	<br />
782	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the port on the machine with the " .
783			"IP address entered above. In case of a port range, specify " .
784			"the beginning port of the range (the end port will be calculated " .
785	8cd558b6	ayvis	"automatically)."); ?><br />
786	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td>
787	5b237745	Scott Ullrich	</tr>
788	9ae40f2b	Scott Ullrich	<tr>
789	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
790	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
791	4e51740a	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
792	8cd558b6	ayvis	<br /> <span class="vexpl"><?=gettext("You may enter a description here " .
793	39a3ce91	Carlos Eduardo Ramos	"for your reference (not parsed)."); ?></span></td>
794	53ea15e0	Scott Ullrich	</tr>
795	d00055f8	Scott Ullrich	<tr>
796	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
797	d00055f8	Scott Ullrich	<td width="78%" class="vtable">
798	8cd558b6	ayvis	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
799	72711980	Renato Botelho	<?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
800	d00055f8	Scott Ullrich	</td>
801	ea0805c1	Scott Ullrich	</tr>
802	15409667	Erik Fonnesbeck	<tr>
803	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
804	15409667	Erik Fonnesbeck	<td width="78%" class="vtable">
805			<select name="natreflection" class="formselect">
806	4e51740a	Colin Fleming	<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option>
807			<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option>
808			<option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option>
809			<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
810	15409667	Erik Fonnesbeck	</select>
811			</td>
812			</tr>
813	e41ec584	Renato Botelho	<?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))): ?>
814	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
815	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
816	b9e28d57	unknown	<td width="78%" class="vtable">
817	9b16b834	Ermal Lu?i	<select name="associated-rule-id">
818	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
819	4e51740a	Colin Fleming	<option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option>
820	59ecde49	Renato Botelho	<?php
821	cdf9847b	Ermal Lu?i	$linkedrule = "";
822	9b16b834	Ermal Lu?i	if (is_array($config['filter']['rule'])) {
823	8bb30d23	Erik Fonnesbeck	filter_rules_sort();
824	8ad3503e	Erik Fonnesbeck	foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
825	9b16b834	Ermal Lu?i	if (isset($filter_rule['associated-rule-id'])) {
826			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
827	cdf9847b	Ermal Lu?i	if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
828	4e51740a	Colin Fleming	echo " selected=\"selected\"";
829	8cd558b6	ayvis	$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br />";
830	cdf9847b	Ermal Lu?i	}
831	9b16b834	Ermal Lu?i	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
832	59ecde49	Renato Botelho
833	9b16b834	Ermal Lu?i	}
834			}
835			}
836			if (isset($pconfig['associated-rule-id']))
837	6cac9bda	Carlos Eduardo Ramos	echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
838	9b16b834	Ermal Lu?i	echo "</select>\n";
839	cdf9847b	Ermal Lu?i	echo $linkedrule;
840	9b16b834	Ermal Lu?i	?>
841	b9e28d57	unknown	</td>
842			</tr>
843			<?php endif; ?>
844	e41ec584	Renato Botelho	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?>
845	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
846	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
847	5d2742d5	sullrich	<td width="78%" class="vtable">
848	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
849	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
850			<option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
851			<option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
852	3a92149b	Carlos Eduardo Ramos	<option value="pass"><?=gettext("Pass"); ?></option>
853	5335abae	unknown	</select>
854	8cd558b6	ayvis	<br /><br /><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?>
855	5335abae	unknown	</td>
856	5b237745	Scott Ullrich	</tr><?php endif; ?>
857	2ea00c3e	Scott Ullrich	<?php
858			// Allow extending of the firewall edit page and include custom input validation
859			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate");
860			?>
861	33cc1e86	jim-p	<?php
862			$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']));
863			$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']));
864			?>
865			<?php if ($has_created_time \|\| $has_updated_time): ?>
866			<tr>
867			<td> </td>
868			</tr>
869			<tr>
870			<td colspan="2" valign="top" class="listtopic"><?=gettext("Rule Information");?></td>
871			</tr>
872			<?php if ($has_created_time): ?>
873			<tr>
874			<td width="22%" valign="top" class="vncell"><?=gettext("Created");?></td>
875			<td width="78%" class="vtable">
876			<?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['created']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['created']['username'] ?></strong>
877			</td>
878			</tr>
879			<?php endif; ?>
880			<?php if ($has_updated_time): ?>
881			<tr>
882			<td width="22%" valign="top" class="vncell"><?=gettext("Updated");?></td>
883			<td width="78%" class="vtable">
884			<?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['updated']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['updated']['username'] ?></strong>
885			</td>
886			</tr>
887			<?php endif; ?>
888			<?php endif; ?>
889	147b90b8	Scott Ullrich	<tr>
890			<td width="22%" valign="top"> </td>
891			<td width="78%"> </td>
892			</tr>
893	9ae40f2b	Scott Ullrich	<tr>
894	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
895	9ae40f2b	Scott Ullrich	<td width="78%">
896	62424bdb	Renato Botelho	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
897			<input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
898	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
899	4e51740a	Colin Fleming	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
900	5b237745	Scott Ullrich	<?php endif; ?>
901	4e51740a	Colin Fleming	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" />
902	5b237745	Scott Ullrich	</td>
903			</tr>
904			</table>
905			</form>
906	4e51740a	Colin Fleming	<script type="text/javascript">
907			//<![CDATA[
908	4ce8ac00	Erik Kristensen	ext_change();
909	dd5bf424	Scott Ullrich	dst_change(document.iform.interface.value,'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>');
910	bcbcc2f8	Erik Fonnesbeck	var iface_old = document.iform.interface.value;
911	59ecde49	Renato Botelho	typesel_change();
912			proto_change();
913	5ab8e250	Erik Fonnesbeck	<?php if ($pconfig['srcnot'] \|\| $pconfig['src'] != "any" \|\| $pconfig['srcbeginport'] != "any" \|\| $pconfig['srcendport'] != "any"): ?>
914			show_source();
915			<?php endif; ?>
916	44374c0a	Erik Fonnesbeck	nordr_change();
917	4e51740a	Colin Fleming	//]]>
918	5b237745	Scott Ullrich	</script>
919	4e51740a	Colin Fleming	<script type="text/javascript">
920	4dfd930e	Darren Embry	//<![CDATA[
921			var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
922	dd042c51	Renato Botelho	var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>;
923	9eb60dcc	Ermal Lu?i
924			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
925	59ecde49	Renato Botelho	var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
926			var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
927			var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
928			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
929			var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
930			var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
931			var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
932	4dfd930e	Darren Embry	//]]>
933	9ae40f2b	Scott Ullrich	</script>
934	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
935			</body>
936			</html>

Project

General

Profile

pfSense