/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ d98a2e6a

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
11	29aef6c4	Jim Thompson
12	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	9ae40f2b	Scott Ullrich
15	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	9ae40f2b	Scott Ullrich
18	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	9ae40f2b	Scott Ullrich
22	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32			*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: nat
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-nat-portforward-edit
39			##\|*NAME=Firewall: NAT: Port Forward: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
41			##\|MATCH=firewall_nat_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	483e6de8	Scott Ullrich	require_once("itemid.inc");
46	f6339216	jim-p	require_once("filter.inc");
47	1a03cf69	Scott Ullrich	require("shaper.inc");
48	5b237745	Scott Ullrich
49	62424bdb	Renato Botelho	$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat.php');
50
51	b7988b29	jim-p	$specialsrcdst = explode(" ", "any (self) pptp pppoe l2tp openvpn");
52	59ecde49	Renato Botelho	$ifdisp = get_configured_interface_with_descr();
53			foreach ($ifdisp as $kif => $kdescr) {
54			$specialsrcdst[] = "{$kif}";
55			$specialsrcdst[] = "{$kif}ip";
56			}
57
58	5b237745	Scott Ullrich	if (!is_array($config['nat']['rule'])) {
59			$config['nat']['rule'] = array();
60			}
61			$a_nat = &$config['nat']['rule'];
62
63	37ba954d	Phil Davis	if (is_numericint($_GET['id'])) {
64	e41ec584	Renato Botelho	$id = $_GET['id'];
65	37ba954d	Phil Davis	}
66			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
67	5b237745	Scott Ullrich	$id = $_POST['id'];
68	37ba954d	Phil Davis	}
69	5b237745	Scott Ullrich
70	37ba954d	Phil Davis	if (is_numericint($_GET['after']) \|\| $_GET['after'] == "-1") {
71	e41ec584	Renato Botelho	$after = $_GET['after'];
72	37ba954d	Phil Davis	}
73			if (isset($_POST['after']) && (is_numericint($_POST['after']) \|\| $_POST['after'] == "-1")) {
74	3202763c	Renato Botelho	$after = $_POST['after'];
75	37ba954d	Phil Davis	}
76	3202763c	Renato Botelho
77	e41ec584	Renato Botelho	if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
78	37ba954d	Phil Davis	$id = $_GET['dup'];
79			$after = $_GET['dup'];
80	4a991889	Bill Marquette	}
81
82	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
83	37ba954d	Phil Davis	if (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])) {
84	33cc1e86	jim-p	$pconfig['created'] = $a_nat[$id]['created'];
85	37ba954d	Phil Davis	}
86	33cc1e86	jim-p
87	37ba954d	Phil Davis	if (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated'])) {
88	33cc1e86	jim-p	$pconfig['updated'] = $a_nat[$id]['updated'];
89	37ba954d	Phil Davis	}
90	33cc1e86	jim-p
91	59ecde49	Renato Botelho	$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
92			$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
93			address_to_pconfig($a_nat[$id]['source'], $pconfig['src'],
94			$pconfig['srcmask'], $pconfig['srcnot'],
95			$pconfig['srcbeginport'], $pconfig['srcendport']);
96
97			address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'],
98			$pconfig['dstmask'], $pconfig['dstnot'],
99			$pconfig['dstbeginport'], $pconfig['dstendport']);
100
101	5b237745	Scott Ullrich	$pconfig['proto'] = $a_nat[$id]['protocol'];
102			$pconfig['localip'] = $a_nat[$id]['target'];
103			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
104			$pconfig['descr'] = $a_nat[$id]['descr'];
105			$pconfig['interface'] = $a_nat[$id]['interface'];
106	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
107	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
108	15409667	Erik Fonnesbeck	$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
109	59ecde49	Renato Botelho
110	37ba954d	Phil Davis	if (!$pconfig['interface']) {
111	5b237745	Scott Ullrich	$pconfig['interface'] = "wan";
112	37ba954d	Phil Davis	}
113	5b237745	Scott Ullrich	} else {
114			$pconfig['interface'] = "wan";
115	59ecde49	Renato Botelho	$pconfig['src'] = "any";
116			$pconfig['srcbeginport'] = "any";
117			$pconfig['srcendport'] = "any";
118	5b237745	Scott Ullrich	}
119
120	37ba954d	Phil Davis	if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
121	a6713b32	Bill Marquette	unset($id);
122	37ba954d	Phil Davis	}
123	a6713b32	Bill Marquette
124	37ba954d	Phil Davis	/* run through $_POST items encoding HTML entities so that the user
125	59ecde49	Renato Botelho	* cannot think he is slick and perform a XSS attack on the unwilling
126	ef2a753c	Scott Ullrich	*/
127	b45babae	Evgeny Yurchenko	unset($input_errors);
128	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
129			$temp = $value;
130			$newpost = htmlentities($temp);
131	37ba954d	Phil Davis	if ($newpost <> $temp) {
132	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
133	37ba954d	Phil Davis	}
134	ef2a753c	Scott Ullrich	}
135
136	5b237745	Scott Ullrich	if ($_POST) {
137
138	37ba954d	Phil Davis	if (strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") {
139			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport']) {
140	90f90934	Cristian Feldman	$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
141	37ba954d	Phil Davis	}
142			if ($_POST['srcendport_cust'] && !$_POST['srcendport']) {
143	90f90934	Cristian Feldman	$_POST['srcendport'] = trim($_POST['srcendport_cust']);
144	37ba954d	Phil Davis	}
145	59ecde49	Renato Botelho
146			if ($_POST['srcbeginport'] == "any") {
147			$_POST['srcbeginport'] = 0;
148			$_POST['srcendport'] = 0;
149			} else {
150	37ba954d	Phil Davis	if (!$_POST['srcendport']) {
151	59ecde49	Renato Botelho	$_POST['srcendport'] = $_POST['srcbeginport'];
152	37ba954d	Phil Davis	}
153	59ecde49	Renato Botelho	}
154	37ba954d	Phil Davis	if ($_POST['srcendport'] == "any") {
155	59ecde49	Renato Botelho	$_POST['srcendport'] = $_POST['srcbeginport'];
156	37ba954d	Phil Davis	}
157	59ecde49	Renato Botelho
158	37ba954d	Phil Davis	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport']) {
159	90f90934	Cristian Feldman	$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
160	37ba954d	Phil Davis	}
161			if ($_POST['dstendport_cust'] && !$_POST['dstendport']) {
162	90f90934	Cristian Feldman	$_POST['dstendport'] = trim($_POST['dstendport_cust']);
163	37ba954d	Phil Davis	}
164	59ecde49	Renato Botelho
165			if ($_POST['dstbeginport'] == "any") {
166			$_POST['dstbeginport'] = 0;
167			$_POST['dstendport'] = 0;
168			} else {
169	37ba954d	Phil Davis	if (!$_POST['dstendport']) {
170	59ecde49	Renato Botelho	$_POST['dstendport'] = $_POST['dstbeginport'];
171	37ba954d	Phil Davis	}
172	59ecde49	Renato Botelho	}
173	37ba954d	Phil Davis	if ($_POST['dstendport'] == "any") {
174	59ecde49	Renato Botelho	$_POST['dstendport'] = $_POST['dstbeginport'];
175	37ba954d	Phil Davis	}
176	59ecde49	Renato Botelho
177	37ba954d	Phil Davis	if ($_POST['localbeginport_cust'] && !$_POST['localbeginport']) {
178	90f90934	Cristian Feldman	$_POST['localbeginport'] = trim($_POST['localbeginport_cust']);
179	37ba954d	Phil Davis	}
180	9ae40f2b	Scott Ullrich
181	59ecde49	Renato Botelho	/* Make beginning port end port if not defined and endport is */
182	37ba954d	Phil Davis	if (!$_POST['srcbeginport'] && $_POST['srcendport']) {
183	59ecde49	Renato Botelho	$_POST['srcbeginport'] = $_POST['srcendport'];
184	37ba954d	Phil Davis	}
185			if (!$_POST['dstbeginport'] && $_POST['dstendport']) {
186	59ecde49	Renato Botelho	$_POST['dstbeginport'] = $_POST['dstendport'];
187	37ba954d	Phil Davis	}
188	59ecde49	Renato Botelho	} else {
189			$_POST['srcbeginport'] = 0;
190			$_POST['srcendport'] = 0;
191			$_POST['dstbeginport'] = 0;
192			$_POST['dstendport'] = 0;
193			}
194
195			if (is_specialnet($_POST['srctype'])) {
196			$_POST['src'] = $_POST['srctype'];
197			$_POST['srcmask'] = 0;
198			} else if ($_POST['srctype'] == "single") {
199			$_POST['srcmask'] = 32;
200			}
201			if (is_specialnet($_POST['dsttype'])) {
202			$_POST['dst'] = $_POST['dsttype'];
203			$_POST['dstmask'] = 0;
204			} else if ($_POST['dsttype'] == "single") {
205			$_POST['dstmask'] = 32;
206			} else if (is_ipaddr($_POST['dsttype'])) {
207			$_POST['dst'] = $_POST['dsttype'];
208			$_POST['dstmask'] = 32;
209			$_POST['dsttype'] = "single";
210			}
211	9ae40f2b	Scott Ullrich
212	5b237745	Scott Ullrich	$pconfig = $_POST;
213
214			/* input validation */
215	37ba954d	Phil Davis	if (strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
216	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto dstbeginport dstendport");
217			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));
218	b66f7667	Scott Ullrich	} else {
219	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto");
220			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"));
221	b66f7667	Scott Ullrich	}
222	9ae40f2b	Scott Ullrich
223	59ecde49	Renato Botelho	if ($_POST['srctype'] == "single" \|\| $_POST['srctype'] == "network") {
224			$reqdfields[] = "src";
225	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Source address");
226	59ecde49	Renato Botelho	}
227			if ($_POST['dsttype'] == "single" \|\| $_POST['dsttype'] == "network") {
228			$reqdfields[] = "dst";
229	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Destination address");
230	59ecde49	Renato Botelho	}
231	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr'])) {
232			$reqdfields[] = "localip";
233			$reqdfieldsn[] = gettext("Redirect target IP");
234			}
235	59ecde49	Renato Botelho
236	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
237	9ae40f2b	Scott Ullrich
238	59ecde49	Renato Botelho	if (!$_POST['srcbeginport']) {
239			$_POST['srcbeginport'] = 0;
240			$_POST['srcendport'] = 0;
241			}
242			if (!$_POST['dstbeginport']) {
243			$_POST['dstbeginport'] = 0;
244			$_POST['dstendport'] = 0;
245			}
246
247	37ba954d	Phil Davis	if ($_POST['src']) {
248	90f90934	Cristian Feldman	$_POST['src'] = trim($_POST['src']);
249	37ba954d	Phil Davis	}
250			if ($_POST['dst']) {
251	90f90934	Cristian Feldman	$_POST['dst'] = trim($_POST['dst']);
252	37ba954d	Phil Davis	}
253			if ($_POST['localip']) {
254	90f90934	Cristian Feldman	$_POST['localip'] = trim($_POST['localip']);
255	37ba954d	Phil Davis	}
256	90f90934	Cristian Feldman
257	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
258			$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);
259	5b237745	Scott Ullrich	}
260	9ae40f2b	Scott Ullrich
261	37ba954d	Phil Davis	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) {
262	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
263	37ba954d	Phil Davis	}
264			if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) {
265	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
266	37ba954d	Phil Davis	}
267			if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) {
268	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
269	37ba954d	Phil Davis	}
270			if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport'])) {
271	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
272	37ba954d	Phil Davis	}
273	59ecde49	Renato Botelho
274	6e557fac	jim-p	if ((strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) {
275	d750dd6f	Phil Davis	$input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
276	59ecde49	Renato Botelho	}
277	9ae40f2b	Scott Ullrich
278	59ecde49	Renato Botelho	/* if user enters an alias and selects "network" then disallow. */
279	37ba954d	Phil Davis	if (($_POST['srctype'] == "network" && is_alias($_POST['src']) ) \|\|
280			($_POST['dsttype'] == "network" && is_alias($_POST['dst']) )) {
281	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
282	59ecde49	Renato Botelho	}
283	b66f7667	Scott Ullrich
284	59ecde49	Renato Botelho	if (!is_specialnet($_POST['srctype'])) {
285			if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
286	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
287	b66f7667	Scott Ullrich	}
288	59ecde49	Renato Botelho	if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
289	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid source bit count must be specified.");
290	b66f7667	Scott Ullrich	}
291	59ecde49	Renato Botelho	}
292			if (!is_specialnet($_POST['dsttype'])) {
293			if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
294	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
295	b66f7667	Scott Ullrich	}
296	59ecde49	Renato Botelho	if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
297	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid destination bit count must be specified.");
298	b66f7667	Scott Ullrich	}
299	59ecde49	Renato Botelho	}
300
301			if ($_POST['srcbeginport'] > $_POST['srcendport']) {
302			/* swap */
303			$tmp = $_POST['srcendport'];
304			$_POST['srcendport'] = $_POST['srcbeginport'];
305			$_POST['srcbeginport'] = $tmp;
306			}
307			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
308			/* swap */
309			$tmp = $_POST['dstendport'];
310			$_POST['dstendport'] = $_POST['dstbeginport'];
311			$_POST['dstbeginport'] = $tmp;
312			}
313	ea0805c1	Scott Ullrich
314	59ecde49	Renato Botelho	if (!$input_errors) {
315	37ba954d	Phil Davis	if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535) {
316	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
317	37ba954d	Phil Davis	}
318	5b237745	Scott Ullrich	}
319	9ae40f2b	Scott Ullrich
320	5b237745	Scott Ullrich	/* check for overlaps */
321			foreach ($a_nat as $natent) {
322	37ba954d	Phil Davis	if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent)) {
323	5b237745	Scott Ullrich	continue;
324	37ba954d	Phil Davis	}
325			if ($natent['interface'] != $_POST['interface']) {
326	5b237745	Scott Ullrich	continue;
327	37ba954d	Phil Davis	}
328			if ($natent['destination']['address'] != $_POST['dst']) {
329	5b237745	Scott Ullrich	continue;
330	37ba954d	Phil Davis	}
331			if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp")) {
332	0cea6311	Scott Ullrich	continue;
333	37ba954d	Phil Davis	}
334	ea0805c1	Scott Ullrich
335	59ecde49	Renato Botelho	list($begp,$endp) = explode("-", $natent['destination']['port']);
336	37ba954d	Phil Davis	if (!$endp) {
337	5b237745	Scott Ullrich	$endp = $begp;
338	37ba954d	Phil Davis	}
339	ea0805c1	Scott Ullrich
340	37ba954d	Phil Davis	if (!((($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp)) \|\|
341			(($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
342	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
343	5b237745	Scott Ullrich	break;
344			}
345			}
346
347	37ba954d	Phil Davis	// Allow extending of the firewall edit page and include custom input validation
348	2ea00c3e	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation");
349
350	5b237745	Scott Ullrich	if (!$input_errors) {
351			$natent = array();
352	9ae40f2b	Scott Ullrich
353	59ecde49	Renato Botelho	$natent['disabled'] = isset($_POST['disabled']) ? true:false;
354			$natent['nordr'] = isset($_POST['nordr']) ? true:false;
355
356	6fa73745	Erik Fonnesbeck	if ($natent['nordr']) {
357			$_POST['associated-rule-id'] = '';
358			$_POST['filter-rule-association'] = '';
359			}
360
361	59ecde49	Renato Botelho	pconfig_to_address($natent['source'], $_POST['src'],
362			$_POST['srcmask'], $_POST['srcnot'],
363			$_POST['srcbeginport'], $_POST['srcendport']);
364
365			pconfig_to_address($natent['destination'], $_POST['dst'],
366			$_POST['dstmask'], $_POST['dstnot'],
367			$_POST['dstbeginport'], $_POST['dstendport']);
368
369			$natent['protocol'] = $_POST['proto'];
370	9ae40f2b	Scott Ullrich
371	6fa73745	Erik Fonnesbeck	if (!$natent['nordr']) {
372			$natent['target'] = $_POST['localip'];
373			$natent['local-port'] = $_POST['localbeginport'];
374			}
375	5b237745	Scott Ullrich	$natent['interface'] = $_POST['interface'];
376			$natent['descr'] = $_POST['descr'];
377	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
378	59ecde49	Renato Botelho
379	37ba954d	Phil Davis	if ($_POST['filter-rule-association'] == "pass") {
380	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
381	37ba954d	Phil Davis	}
382	9ae40f2b	Scott Ullrich
383	37ba954d	Phil Davis	if ($_POST['nosync'] == "yes") {
384	d00055f8	Scott Ullrich	$natent['nosync'] = true;
385	37ba954d	Phil Davis	} else {
386	d00055f8	Scott Ullrich	unset($natent['nosync']);
387	37ba954d	Phil Davis	}
388	d00055f8	Scott Ullrich
389	37ba954d	Phil Davis	if ($_POST['natreflection'] == "enable" \|\| $_POST['natreflection'] == "purenat" \|\| $_POST['natreflection'] == "disable") {
390	15409667	Erik Fonnesbeck	$natent['natreflection'] = $_POST['natreflection'];
391	37ba954d	Phil Davis	} else {
392	15409667	Erik Fonnesbeck	unset($natent['natreflection']);
393	37ba954d	Phil Davis	}
394	15409667	Erik Fonnesbeck
395	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
396	37ba954d	Phil Davis	if (!empty($a_nat[$id]) && (empty($natent['associated-rule-id']) \|\| $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'])) {
397	473d0ff0	pierrepomes	// Delete the previous rule
398	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
399	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
400			}
401
402	5335abae	unknown	$need_filter_rule = false;
403			// Updating a rule with a filter rule associated
404	37ba954d	Phil Davis	if (!empty($natent['associated-rule-id'])) {
405	5335abae	unknown	$need_filter_rule = true;
406	37ba954d	Phil Davis	}
407	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
408	37ba954d	Phil Davis	if ($natent['associated-rule-id']=='new') {
409	473d0ff0	pierrepomes	$need_filter_rule = true;
410	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
411	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
412			}
413	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
414	37ba954d	Phil Davis	else if (isset($_POST['filter-rule-association']) &&
415			($_POST['filter-rule-association']=='add-associated' \|\|
416			$_POST['filter-rule-association']=='add-unassociated')) {
417	5335abae	unknown	$need_filter_rule = true;
418	37ba954d	Phil Davis	}
419	5335abae	unknown
420	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
421	9ae40f2b	Scott Ullrich
422	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
423	9ae40f2b	Scott Ullrich	$filterent = array();
424	9b16b834	Ermal Lu?i	unset($filterentid);
425	473d0ff0	pierrepomes	// If a rule already exists, load it
426	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
427			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
428	37ba954d	Phil Davis	if ($filterentid === false) {
429	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'];
430	37ba954d	Phil Davis	} else {
431	9b16b834	Ermal Lu?i	$filterent =& $config['filter']['rule'][$filterentid];
432	37ba954d	Phil Davis	}
433	59345b3c	Renato Botelho	}
434			pconfig_to_address($filterent['source'], $_POST['src'],
435			$_POST['srcmask'], $_POST['srcnot'],
436			$_POST['srcbeginport'], $_POST['srcendport']);
437	473d0ff0	pierrepomes
438			// Update interface, protocol and destination
439	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
440			$filterent['protocol'] = $_POST['proto'];
441			$filterent['destination']['address'] = $_POST['localip'];
442	9ae40f2b	Scott Ullrich
443	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
444	59ecde49	Renato Botelho	$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
445	9ae40f2b	Scott Ullrich
446	37ba954d	Phil Davis	if ($dstpfrom == $dstpto) {
447	5b237745	Scott Ullrich	$filterent['destination']['port'] = $dstpfrom;
448	37ba954d	Phil Davis	} else {
449	5b237745	Scott Ullrich	$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
450	37ba954d	Phil Davis	}
451	9ae40f2b	Scott Ullrich
452	06246e5b	Seth Mos	/*
453			* Our firewall filter description may be no longer than
454			* 63 characters, so don't let it be.
455			*/
456	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
457	9ae40f2b	Scott Ullrich
458	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
459	37ba954d	Phil Davis	if ($_POST['filter-rule-association']=='add-associated') {
460	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
461	ba1d9714	jim-p	$filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward"));
462	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
463			}
464	9ae40f2b	Scott Ullrich
465	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
466	5b237745	Scott Ullrich	}
467	9ae40f2b	Scott Ullrich
468	37ba954d	Phil Davis	if (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created'])) {
469	33cc1e86	jim-p	$natent['created'] = $a_nat[$id]['created'];
470	37ba954d	Phil Davis	}
471	33cc1e86	jim-p
472			$natent['updated'] = make_config_revision_entry();
473
474	37ba954d	Phil Davis	// Allow extending of the firewall edit page and include custom input validation
475	2ea00c3e	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config");
476
477	473d0ff0	pierrepomes	// Update the NAT entry now
478	37ba954d	Phil Davis	if (isset($id) && $a_nat[$id]) {
479	b9e28d57	unknown	$a_nat[$id] = $natent;
480	37ba954d	Phil Davis	} else {
481	33cc1e86	jim-p	$natent['created'] = make_config_revision_entry();
482	37ba954d	Phil Davis	if (is_numeric($after)) {
483	b9e28d57	unknown	array_splice($a_nat, $after+1, 0, array($natent));
484	37ba954d	Phil Davis	} else {
485	b9e28d57	unknown	$a_nat[] = $natent;
486	37ba954d	Phil Davis	}
487	b9e28d57	unknown	}
488
489	37ba954d	Phil Davis	if (write_config()) {
490	3a343d73	jim-p	mark_subsystem_dirty('natconf');
491	37ba954d	Phil Davis	}
492	9ae40f2b	Scott Ullrich
493	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
494			exit;
495			}
496			}
497	da7ae7ef	Bill Marquette
498	4e51740a	Colin Fleming	$closehead = false;
499	ba1a0433	Renato Botelho	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit"));
500	da7ae7ef	Bill Marquette	include("head.inc");
501
502	5b237745	Scott Ullrich	?>
503	4e51740a	Colin Fleming	<link type="text/css" rel="stylesheet" href="/javascript/chosen/chosen.css" />
504	4bb99603	Scott Ullrich	</head>
505	da7ae7ef	Bill Marquette
506	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
507	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
508	4ce8ac00	Erik Kristensen	<?php
509			include("fbegin.inc"); ?>
510	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
511	37ba954d	Phil Davis	<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
512			<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit">
513			<tr>
514			<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
515			</tr>
516	2ea00c3e	Scott Ullrich	<?php
517	37ba954d	Phil Davis	// Allow extending of the firewall edit page and include custom input validation
518	2ea00c3e	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly");
519			?>
520	59ecde49	Renato Botelho	<tr>
521	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
522	59ecde49	Renato Botelho	<td width="78%" class="vtable">
523	4e51740a	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
524	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("Disable this rule"); ?></strong><br />
525			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
526	59ecde49	Renato Botelho	</td>
527			</tr>
528			<tr>
529	37ba954d	Phil Davis	<td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
530			<td width="78%" class="vtable">
531			<input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if ($pconfig['nordr']) echo "checked=\"checked\""; ?> />
532			<span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
533			<br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
534			</td>
535			</tr>
536			<tr>
537			<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
538			<td width="78%" class="vtable">
539			<select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
540			<?php
541			$iflist = get_configured_interface_with_descr(false, true);
542			// Allow extending of the firewall edit interfaces
543			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
544			foreach ($iflist as $if => $ifdesc) {
545			if (have_ruleint_access($if)) {
546			$interfaces[$if] = $ifdesc;
547			}
548			}
549
550			if ($config['l2tp']['mode'] == "server") {
551			if (have_ruleint_access("l2tp")) {
552			$interfaces['l2tp'] = "L2TP VPN";
553			}
554			}
555
556			if ($config['pptpd']['mode'] == "server") {
557			if (have_ruleint_access("pptp")) {
558			$interfaces['pptp'] = "PPTP VPN";
559			}
560			}
561
562			if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) {
563			$interfaces['pppoe'] = "PPPoE Server";
564			}
565
566			/* add ipsec interfaces */
567			if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable'])) {
568			if (have_ruleint_access("enc0")) {
569			$interfaces["enc0"] = "IPsec";
570			}
571			}
572
573			/* add openvpn/tun interfaces */
574			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"]) {
575			$interfaces["openvpn"] = "OpenVPN";
576			}
577
578			foreach ($interfaces as $iface => $ifacename): ?>
579	4e51740a	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
580	37ba954d	Phil Davis	<?=htmlspecialchars($ifacename);?>
581	5b237745	Scott Ullrich	</option>
582	37ba954d	Phil Davis	<?php endforeach; ?>
583			</select><br />
584			<span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br />
585			<?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span>
586			</td>
587			</tr>
588			<tr>
589			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
590			<td width="78%" class="vtable">
591			<select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();">
592			<?php
593			$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF");
594			foreach ($protocols as $proto): ?>
595			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option>
596			<?php endforeach; ?>
597			</select>
598			<br />
599			<span class="vexpl"><?=gettext("Choose which IP protocol this rule should match."); ?><br />
600			<?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em>  <?=gettext("here."); ?>
601			</span>
602			</td>
603			</tr>
604	59ecde49	Renato Botelho	<tr id="showadvancedboxsrc" name="showadvancedboxsrc">
605	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
606	59ecde49	Renato Botelho	<td width="78%" class="vtable">
607	4e51740a	Colin Fleming	<input type="button" onclick="show_source()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source address and port range"); ?>
608	59ecde49	Renato Botelho	</td>
609			</tr>
610			<tr style="display: none;" id="srctable" name="srctable">
611	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
612	59ecde49	Renato Botelho	<td width="78%" class="vtable">
613	4e51740a	Colin Fleming	<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> />
614	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
615	59ecde49	Renato Botelho	<br />
616	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
617	59ecde49	Renato Botelho	<br />
618			<br />
619	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="type">
620	59ecde49	Renato Botelho	<tr>
621	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
622	59ecde49	Renato Botelho	<td>
623	4e51740a	Colin Fleming	<select name="srctype" class="formselect" onchange="typesel_change()">
624	59ecde49	Renato Botelho	<?php
625			$sel = is_specialnet($pconfig['src']); ?>
626	4e51740a	Colin Fleming	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
627			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
628			<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
629	37ba954d	Phil Davis	<?php if (have_ruleint_access("pptp")): ?>
630	4e51740a	Colin Fleming	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
631	59ecde49	Renato Botelho	<?php endif; ?>
632	37ba954d	Phil Davis	<?php if (have_ruleint_access("pppoe")): ?>
633	4e51740a	Colin Fleming	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
634	59ecde49	Renato Botelho	<?php endif; ?>
635	37ba954d	Phil Davis	<?php if (have_ruleint_access("l2tp")): ?>
636			<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
637			<?php endif; ?>
638	59ecde49	Renato Botelho	<?php
639	37ba954d	Phil Davis	foreach ($ifdisp as $ifent => $ifdesc):
640			if (have_ruleint_access($ifent)):
641			?>
642	33b1bc17	Phil Davis	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
643	4e51740a	Colin Fleming	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>>
644	ba1a0433	Renato Botelho	<?=$ifdesc?> <?=gettext("address");?>
645	59ecde49	Renato Botelho	</option>
646	37ba954d	Phil Davis	<?php
647			endif;
648			endforeach;
649			?>
650	59ecde49	Renato Botelho	</select>
651			</td>
652			</tr>
653			<tr>
654	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
655	59ecde49	Renato Botelho	<td>
656	4e51740a	Colin Fleming	<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" /> /
657	59ecde49	Renato Botelho	<select name="srcmask" class="formselect" id="srcmask">
658			<?php for ($i = 31; $i > 0; $i--): ?>
659	4e51740a	Colin Fleming	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
660	59ecde49	Renato Botelho	<?php endfor; ?>
661			</select>
662			</td>
663			</tr>
664			</table>
665			</td>
666			</tr>
667			<tr style="display:none" id="sprtable" name="sprtable">
668	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range"); ?></td>
669	59ecde49	Renato Botelho	<td width="78%" class="vtable">
670	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="source port range">
671	59ecde49	Renato Botelho	<tr>
672	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
673	59ecde49	Renato Botelho	<td>
674			<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
675	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
676	4e51740a	Colin Fleming	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected=\"selected\""; $bfound = 1; } ?>><?=gettext("any"); ?></option>
677	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
678	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
679	59ecde49	Renato Botelho	<?php endforeach; ?>
680			</select>
681	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>" />
682	59ecde49	Renato Botelho	</td>
683			</tr>
684			<tr>
685	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
686	59ecde49	Renato Botelho	<td>
687			<select name="srcendport" class="formselect" onchange="ext_change()">
688	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
689	4e51740a	Colin Fleming	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected=\"selected\""; $bfound = 1; } ?>><?=gettext("any"); ?></option>
690	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
691	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
692	59ecde49	Renato Botelho	<?php endforeach; ?>
693			</select>
694	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>" />
695	59ecde49	Renato Botelho	</td>
696			</tr>
697			</table>
698			<br />
699	8cd558b6	ayvis	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>.</b> <br /> <?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to filter a single port."); ?></span><br />
700	59ecde49	Renato Botelho	</td>
701			</tr>
702			<tr>
703	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td>
704	59ecde49	Renato Botelho	<td width="78%" class="vtable">
705	4e51740a	Colin Fleming	<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> />
706	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
707	59ecde49	Renato Botelho	<br />
708	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
709	59ecde49	Renato Botelho	<br />
710			<br />
711	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="type">
712	59ecde49	Renato Botelho	<tr>
713	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
714	59ecde49	Renato Botelho	<td>
715	4e51740a	Colin Fleming	<select name="dsttype" class="formselect" onchange="typesel_change()">
716	37ba954d	Phil Davis	<?php $sel = is_specialnet($pconfig['dst']); ?>
717	4e51740a	Colin Fleming	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
718			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
719			<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
720	b7988b29	jim-p	<option value="(self)" <?PHP if ($pconfig['dst'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option>
721	37ba954d	Phil Davis	<?php if (have_ruleint_access("pptp")): ?>
722	4e51740a	Colin Fleming	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
723	59ecde49	Renato Botelho	<?php endif; ?>
724	37ba954d	Phil Davis	<?php if (have_ruleint_access("pppoe")): ?>
725	4e51740a	Colin Fleming	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
726	59ecde49	Renato Botelho	<?php endif; ?>
727	37ba954d	Phil Davis	<?php if (have_ruleint_access("l2tp")): ?>
728			<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
729			<?php endif; ?>
730	59ecde49	Renato Botelho
731	37ba954d	Phil Davis	<?php foreach ($ifdisp as $if => $ifdesc):
732			if (have_ruleint_access($if)):
733			?>
734	33b1bc17	Phil Davis	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
735	4e51740a	Colin Fleming	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>>
736	ba1a0433	Renato Botelho	<?=$ifdesc;?> <?=gettext("address");?>
737	59ecde49	Renato Botelho	</option>
738	37ba954d	Phil Davis	<?php
739			endif;
740			endforeach;
741			?>
742	59ecde49	Renato Botelho
743			<?php if (is_array($config['virtualip']['vip'])):
744			foreach ($config['virtualip']['vip'] as $sn):
745	37ba954d	Phil Davis	if (isset($sn['noexpand'])) {
746	e2c1d6c5	jim-p	continue;
747	37ba954d	Phil Davis	}
748	59ecde49	Renato Botelho	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
749	08a5d2eb	jim-p	$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
750			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
751			$len = $end - $start;
752			for ($i = 0; $i <= $len; $i++):
753			$snip = long2ip32($start+$i);
754	59ecde49	Renato Botelho	?>
755	4e51740a	Colin Fleming	<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected=\"selected\""; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
756	59ecde49	Renato Botelho	<?php endfor;
757			else:
758			?>
759	4e51740a	Colin Fleming	<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected=\"selected\""; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
760	59ecde49	Renato Botelho	<?php endif;
761			endforeach;
762			endif;
763			?>
764			</select>
765			</td>
766			</tr>
767			<tr>
768	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
769	59ecde49	Renato Botelho	<td>
770	4e51740a	Colin Fleming	<input autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" />
771	59ecde49	Renato Botelho	/
772			<select name="dstmask" class="formselect" id="dstmask">
773			<?php
774			for ($i = 31; $i > 0; $i--): ?>
775	4e51740a	Colin Fleming	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
776	59ecde49	Renato Botelho	<?php endfor; ?>
777			</select>
778			</td>
779			</tr>
780			</table>
781			</td>
782			</tr>
783			<tr id="dprtr" name="dprtr">
784	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range"); ?> </td>
785	59ecde49	Renato Botelho	<td width="78%" class="vtable">
786	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="destination port range">
787	59ecde49	Renato Botelho	<tr>
788	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
789	59ecde49	Renato Botelho	<td>
790	7fa503d8	Renato Botelho	<select name="dstbeginport" id="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
791	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
792	a457e739	Renato Botelho	<?php $bfound = 0;
793			foreach ($wkports as $wkport => $wkportdesc): ?>
794	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected=\"selected\""; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
795	59ecde49	Renato Botelho	<?php endforeach; ?>
796			</select>
797	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>" />
798	59ecde49	Renato Botelho	</td>
799			</tr>
800			<tr>
801	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
802	59ecde49	Renato Botelho	<td>
803	7fa503d8	Renato Botelho	<select name="dstendport" id="dstendport" class="formselect" onchange="ext_change()">
804	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
805	a457e739	Renato Botelho	<?php $bfound = 0;
806			foreach ($wkports as $wkport => $wkportdesc): ?>
807	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
808	59ecde49	Renato Botelho	<?php endforeach; ?>
809			</select>
810	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" />
811	59ecde49	Renato Botelho	</td>
812			</tr>
813			</table>
814			<br />
815			<span class="vexpl">
816	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?>
817	59ecde49	Renato Botelho	<br />
818	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to map a single port"); ?>
819	59ecde49	Renato Botelho	</span>
820			</td>
821			</tr>
822	37ba954d	Phil Davis	<tr name="localiptable" id="localiptable">
823			<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
824			<td width="78%" class="vtable">
825			<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" />
826			<br />
827			<span class="vexpl"><?=gettext("Enter the internal IP address of the server on which you want to map the ports."); ?>
828			<br />
829			<?=gettext("e.g."); ?>
830			<em>192.168.1.12</em>
831			</span>
832			</td>
833			</tr>
834			<tr name="lprtr" id="lprtr">
835			<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
836			<td width="78%" class="vtable">
837			<select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();">
838			<option value="">(<?=gettext("other"); ?>)</option>
839			<?php
840			$bfound = 0;
841			foreach ($wkports as $wkport => $wkportdesc):
842			?>
843			<option value="<?=$wkport;?>"
844			<?php if ($wkport == $pconfig['localbeginport']) {
845	4e51740a	Colin Fleming	echo "selected=\"selected\"";
846	0e6998d1	Scott Ullrich	$bfound = 1;
847			}?>>
848	37ba954d	Phil Davis	<?=htmlspecialchars($wkportdesc);?>
849			</option>
850			<?php endforeach; ?>
851			</select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" />
852			<br />
853			<span class="vexpl"><?=gettext("Specify the port on the machine with the " .
854			"IP address entered above. In case of a port range, specify " .
855			"the beginning port of the range (the end port will be calculated " .
856			"automatically)."); ?><br />
857			<?=gettext("Hint: this is usually identical to the 'from' port above"); ?>
858			</span>
859			</td>
860			</tr>
861			<tr>
862			<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
863			<td width="78%" class="vtable">
864			<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
865			<br />
866			<span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed)."); ?></span>
867			</td>
868			</tr>
869			<tr>
870			<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
871			<td width="78%" class="vtable">
872			<input type="checkbox" value="yes" name="nosync"<?php if ($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
873			<?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
874			</td>
875			</tr>
876			<tr>
877			<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
878			<td width="78%" class="vtable">
879			<select name="natreflection" class="formselect">
880			<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option>
881			<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option>
882			<option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option>
883			<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
884			</select>
885			</td>
886			</tr>
887			<?php if (isset($id) && $a_nat[$id] && (!isset($_GET['dup']) \|\| !is_numericint($_GET['dup']))): ?>
888			<tr name="assoctable" id="assoctable">
889			<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
890			<td width="78%" class="vtable">
891			<select name="associated-rule-id">
892			<option value=""><?=gettext("None"); ?></option>
893			<option value="pass" <?php if ($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option>
894			<?php
895			$linkedrule = "";
896			if (is_array($config['filter']['rule'])) {
897			filter_rules_sort();
898			foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
899			if (isset($filter_rule['associated-rule-id'])) {
900			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
901			if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
902			echo " selected=\"selected\"";
903			$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br />";
904	9b16b834	Ermal Lu?i	}
905	37ba954d	Phil Davis	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
906	9b16b834	Ermal Lu?i	}
907	37ba954d	Phil Davis	}
908			}
909			if (isset($pconfig['associated-rule-id'])) {
910			echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
911			}
912			echo "</select>\n";
913			echo $linkedrule;
914			?>
915			</td>
916			</tr>
917			<?php endif; ?>
918			<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']) && is_numericint($_GET['dup']))): ?>
919			<tr name="assoctable" id="assoctable">
920			<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
921			<td width="78%" class="vtable">
922			<select name="filter-rule-association" id="filter-rule-association">
923			<option value=""><?=gettext("None"); ?></option>
924			<option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
925			<option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
926			<option value="pass"><?=gettext("Pass"); ?></option>
927			</select>
928			<br /><br /><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?>
929			</td>
930			</tr>
931			<?php endif; ?>
932	2ea00c3e	Scott Ullrich	<?php
933	37ba954d	Phil Davis	// Allow extending of the firewall edit page and include custom input validation
934			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate");
935	2ea00c3e	Scott Ullrich	?>
936	33cc1e86	jim-p	<?php
937	37ba954d	Phil Davis	$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']));
938			$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']));
939	33cc1e86	jim-p	?>
940	37ba954d	Phil Davis	<?php if ($has_created_time \|\| $has_updated_time): ?>
941	33cc1e86	jim-p	<tr>
942			<td> </td>
943			</tr>
944			<tr>
945			<td colspan="2" valign="top" class="listtopic"><?=gettext("Rule Information");?></td>
946			</tr>
947			<?php if ($has_created_time): ?>
948			<tr>
949			<td width="22%" valign="top" class="vncell"><?=gettext("Created");?></td>
950			<td width="78%" class="vtable">
951			<?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['created']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['created']['username'] ?></strong>
952			</td>
953			</tr>
954			<?php endif; ?>
955			<?php if ($has_updated_time): ?>
956			<tr>
957			<td width="22%" valign="top" class="vncell"><?=gettext("Updated");?></td>
958			<td width="78%" class="vtable">
959			<?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['updated']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['updated']['username'] ?></strong>
960			</td>
961			</tr>
962			<?php endif; ?>
963	37ba954d	Phil Davis	<?php endif; ?>
964			<tr>
965			<td width="22%" valign="top"> </td>
966			<td width="78%"> </td>
967			</tr>
968			<tr>
969			<td width="22%" valign="top"> </td>
970			<td width="78%">
971			<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
972			<input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
973			<?php if (isset($id) && $a_nat[$id]): ?>
974			<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
975			<?php endif; ?>
976			<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" />
977			</td>
978			</tr>
979			</table>
980	5b237745	Scott Ullrich	</form>
981	4e51740a	Colin Fleming	<script type="text/javascript">
982			//<![CDATA[
983	4ce8ac00	Erik Kristensen	ext_change();
984	dd5bf424	Scott Ullrich	dst_change(document.iform.interface.value,'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>');
985	bcbcc2f8	Erik Fonnesbeck	var iface_old = document.iform.interface.value;
986	59ecde49	Renato Botelho	typesel_change();
987			proto_change();
988	5ab8e250	Erik Fonnesbeck	<?php if ($pconfig['srcnot'] \|\| $pconfig['src'] != "any" \|\| $pconfig['srcbeginport'] != "any" \|\| $pconfig['srcendport'] != "any"): ?>
989			show_source();
990			<?php endif; ?>
991	44374c0a	Erik Fonnesbeck	nordr_change();
992	4e51740a	Colin Fleming	//]]>
993	5b237745	Scott Ullrich	</script>
994	4e51740a	Colin Fleming	<script type="text/javascript">
995	4dfd930e	Darren Embry	//<![CDATA[
996			var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
997	dd042c51	Renato Botelho	var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>;
998	9eb60dcc	Ermal Lu?i
999			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
1000	59ecde49	Renato Botelho	var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
1001			var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
1002			var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
1003			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
1004			var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
1005			var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
1006			var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
1007	4dfd930e	Darren Embry	//]]>
1008	9ae40f2b	Scott Ullrich	</script>
1009	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
1010			</body>
1011			</html>

Project

General

Profile

pfSense