/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ e078c882

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: filter
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-rules-edit
39			##\|*NAME=Firewall: Rules: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
41			##\|MATCH=firewall_rules_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	1a03cf69	Scott Ullrich	require("filter.inc");
46			require("shaper.inc");
47	5b237745	Scott Ullrich
48	e5e5ba51	Vinicius Coque	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
49	3331a640	Ermal Lu?i	$ifdisp = get_configured_interface_with_descr();
50	679d21bb	Ermal Lu?i	foreach ($ifdisp as $kif => $kdescr) {
51	3331a640	Ermal Lu?i	$specialsrcdst[] = "{$kif}";
52			$specialsrcdst[] = "{$kif}ip";
53	679d21bb	Ermal Lu?i	}
54	5b237745	Scott Ullrich
55			if (!is_array($config['filter']['rule'])) {
56			$config['filter']['rule'] = array();
57			}
58			filter_rules_sort();
59			$a_filter = &$config['filter']['rule'];
60
61			$id = $_GET['id'];
62			if (is_numeric($_POST['id']))
63			$id = $_POST['id'];
64	5ba18897	Scott Ullrich
65	5b237745	Scott Ullrich	$after = $_GET['after'];
66
67			if (isset($_POST['after']))
68			$after = $_POST['after'];
69
70			if (isset($_GET['dup'])) {
71			$id = $_GET['dup'];
72			$after = $_GET['dup'];
73			}
74
75			if (isset($id) && $a_filter[$id]) {
76			$pconfig['interface'] = $a_filter[$id]['interface'];
77	5ba18897	Scott Ullrich
78	b9e28d57	unknown	if (isset($a_filter[$id]['id']))
79			$pconfig['ruleid'] = $a_filter[$id]['id'];
80
81	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
82			$pconfig['type'] = "pass";
83			else
84			$pconfig['type'] = $a_filter[$id]['type'];
85	5ba18897	Scott Ullrich
86	4633edc2	Ermal Luçi	if (isset($a_filter[$id]['floating']) \|\| $if == "FloatingRules") {
87	661aed33	Ermal Luçi	$pconfig['floating'] = $a_filter[$id]['floating'];
88			if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
89			$pconfig['interface'] = $a_filter[$id]['interface'];
90			}
91
92			if (isset($a_filter['floating']))
93			$pconfig['floating'] = "yes";
94
95			if (isset($a_filter[$id]['direction']))
96			$pconfig['direction'] = $a_filter[$id]['direction'];
97
98	1306c7dd	Seth Mos	if (isset($a_filter[$id]['ipprotocol']))
99			$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
100
101	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
102			$pconfig['proto'] = $a_filter[$id]['protocol'];
103			else
104			$pconfig['proto'] = "any";
105	5ba18897	Scott Ullrich
106	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
107			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
108	5ba18897	Scott Ullrich
109	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
110			$pconfig['srcmask'], $pconfig['srcnot'],
111			$pconfig['srcbeginport'], $pconfig['srcendport']);
112	5ba18897	Scott Ullrich
113	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
114			$pconfig['os'] = $a_filter[$id]['os'];
115	e33c8694	Bill Marquette
116	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
117			$pconfig['dstmask'], $pconfig['dstnot'],
118			$pconfig['dstbeginport'], $pconfig['dstendport']);
119
120	c5fc1b2e	Ermal Luçi	if ($a_filter[$id]['dscp'] <> "")
121			$pconfig['dscp'] = $a_filter[$id]['dscp'];
122
123	5b237745	Scott Ullrich	$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
124			$pconfig['log'] = isset($a_filter[$id]['log']);
125			$pconfig['descr'] = $a_filter[$id]['descr'];
126	8c84fe43	Scott Ullrich
127	b8ed2a11	Ermal	if (isset($a_filter[$id]['tcpflags_any']))
128			$pconfig['tcpflags_any'] = true;
129			else {
130			if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
131			$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1'];
132			if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
133			$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2'];
134			}
135
136	5c1f5584	Ermal Luçi	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
137	661aed33	Ermal Luçi	$pconfig['tag'] = $a_filter[$id]['tag'];
138	b6494651	Ermal Lu?i	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "")
139	661aed33	Ermal Luçi	$pconfig['tagged'] = $a_filter[$id]['tagged'];
140			if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick'])
141			$pconfig['quick'] = $a_filter[$id]['quick'];
142	775ccea3	Ermal Luci	if (isset($a_filter[$id]['allowopts']))
143			$pconfig['allowopts'] = true;
144	19757916	Ermal Lu?i	if (isset($a_filter[$id]['disablereplyto']))
145			$pconfig['disablereplyto'] = true;
146	661aed33	Ermal Luçi
147	ed08ef3e	Scott Ullrich	/* advanced */
148	a56b2fa0	pierrepomes	$pconfig['max'] = $a_filter[$id]['max'];
149	f1c49ff4	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
150	26dd6a54	pierrepomes	$pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn'];
151	f1c49ff4	Scott Ullrich	$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
152			$pconfig['statetype'] = $a_filter[$id]['statetype'];
153	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
154	8c84fe43	Scott Ullrich
155	f1c49ff4	Scott Ullrich	/* advanced - nosync */
156	8c84fe43	Scott Ullrich	$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
157	10f21e70	Scott Ullrich
158	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
159			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
160			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
161	5ba18897	Scott Ullrich
162	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
163	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
164	615b27bc	Scott Dale
165	197bfe96	Ermal Luçi	/* Shaper support */
166			$pconfig['defaultqueue'] = $a_filter[$id]['defaultqueue'];
167			$pconfig['ackqueue'] = $a_filter[$id]['ackqueue'];
168	a5fd67e1	Ermal Luçi	$pconfig['dnpipe'] = $a_filter[$id]['dnpipe'];
169			$pconfig['pdnpipe'] = $a_filter[$id]['pdnpipe'];
170	7e50413c	Ermal Luçi	$pconfig['l7container'] = $a_filter[$id]['l7container'];
171	197bfe96	Ermal Luçi
172	615b27bc	Scott Dale	//schedule support
173			$pconfig['sched'] = $a_filter[$id]['sched'];
174	35c9cd44	Erik Fonnesbeck	if (!isset($_GET['dup']))
175			$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
176	c98ddde2	Bill Marquette
177	5b237745	Scott Ullrich	} else {
178			/* defaults */
179	a23d7248	Scott Ullrich	if ($_GET['if'])
180			$pconfig['interface'] = $_GET['if'];
181	e5e5ba51	Vinicius Coque	$pconfig['type'] = "pass";
182			$pconfig['src'] = "any";
183			$pconfig['dst'] = "any";
184	5b237745	Scott Ullrich	}
185	72320b88	Ermal Luçi	/* Allow the FlotingRules to work */
186			$if = $pconfig['interface'];
187	5b237745	Scott Ullrich
188			if (isset($_GET['dup']))
189			unset($id);
190
191			if ($_POST) {
192	99bdb17e	Seth Mos	unset($input_errors);
193	87f0be87	Chris Buechler
194	48a27d4f	Erik Fonnesbeck	if( isset($a_filter[$id]['associated-rule-id']) ) {
195			$_POST['proto'] = $pconfig['proto'];
196			if ($pconfig['proto'] == "icmp")
197			$_POST['icmptype'] = $pconfig['icmptype'];
198			}
199
200	87f0be87	Chris Buechler	if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
201	11d2c529	Rafael Lucas	$input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP.");
202	28f9e493	Scott Ullrich
203	a391d0ab	Ermal	if ($_POST['type'] == "match" && $_POST['defaultqueue'] == "none")
204			$input_errors[] = gettext("Queue type rules only work with queues.");
205
206	99bdb17e	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "")) {
207			foreach($config['gateways']['gateway_group'] as $gw_group) {
208			if($gw_group['name'] == $_POST['gateway']) {
209			$af = explode("\|", $gw_group['item'][0]);
210			$ip = lookup_gateway_ip_by_name($af[0]);
211			if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6($ip))) {
212			$input_errors[] = gettext("You can not assign a IPv4 gateway group on IPv6 Address Family rule");
213			}
214			if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4($ip))) {
215			$input_errors[] = gettext("You can not assign a IPv6 gateway group on IPv4 Address Family rule");
216			}
217			}
218			}
219			}
220	9dfd60db	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "") && (is_ipaddr(lookup_gateway_ip_by_name($_POST['gateway'])))) {
221	99bdb17e	Seth Mos	if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) {
222			$input_errors[] = gettext("You can not assign the IPv4 Gateway to a IPv6 Filter rule");
223			}
224			if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) {
225			$input_errors[] = gettext("You can not assign the IPv6 Gateway to a IPv4 Filter rule");
226			}
227			}
228
229
230	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
231			$_POST['srcbeginport'] = 0;
232			$_POST['srcendport'] = 0;
233			$_POST['dstbeginport'] = 0;
234			$_POST['dstendport'] = 0;
235			} else {
236	5ba18897	Scott Ullrich
237	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
238			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
239			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
240			$_POST['srcendport'] = $_POST['srcendport_cust'];
241	5ba18897	Scott Ullrich
242	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
243			$_POST['srcbeginport'] = 0;
244			$_POST['srcendport'] = 0;
245	5ba18897	Scott Ullrich	} else {
246	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
247			$_POST['srcendport'] = $_POST['srcbeginport'];
248			}
249			if ($_POST['srcendport'] == "any")
250			$_POST['srcendport'] = $_POST['srcbeginport'];
251	5ba18897	Scott Ullrich
252	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
253			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
254			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
255			$_POST['dstendport'] = $_POST['dstendport_cust'];
256	5ba18897	Scott Ullrich
257	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
258			$_POST['dstbeginport'] = 0;
259			$_POST['dstendport'] = 0;
260	5ba18897	Scott Ullrich	} else {
261	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
262			$_POST['dstendport'] = $_POST['dstbeginport'];
263			}
264			if ($_POST['dstendport'] == "any")
265	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
266	5b237745	Scott Ullrich	}
267	5ba18897	Scott Ullrich
268	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
269			$_POST['src'] = $_POST['srctype'];
270			$_POST['srcmask'] = 0;
271			} else if ($_POST['srctype'] == "single") {
272			$_POST['srcmask'] = 32;
273			}
274			if (is_specialnet($_POST['dsttype'])) {
275			$_POST['dst'] = $_POST['dsttype'];
276			$_POST['dstmask'] = 0;
277			} else if ($_POST['dsttype'] == "single") {
278			$_POST['dstmask'] = 32;
279			}
280	5ba18897	Scott Ullrich
281	5b237745	Scott Ullrich	$pconfig = $_POST;
282
283			/* input validation */
284	1122a892	Erik Fonnesbeck	$reqdfields = explode(" ", "type proto");
285			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
286	48a27d4f	Erik Fonnesbeck	$reqdfields[] = "src";
287			$reqdfields[] = "dst";
288	1122a892	Erik Fonnesbeck	}
289			$reqdfieldsn = explode(",", "Type,Protocol");
290			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
291			$reqdfieldsn[] = "Source";
292	473d0ff0	pierrepomes	$reqdfieldsn[] = "Destination";
293	1122a892	Erik Fonnesbeck	}
294	5b237745	Scott Ullrich
295	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
296	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
297	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid with protocol tcp."),$_POST['statetype']);
298	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
299	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
300	452ade89	Bill Marquette	}
301	10f7933f	Chris Buechler
302	1122a892	Erik Fonnesbeck	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
303			(!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) ) {
304	5b237745	Scott Ullrich	$reqdfields[] = "srcmask";
305			$reqdfieldsn[] = "Source bit count";
306			}
307	9b16b834	Ermal Lu?i	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
308	473d0ff0	pierrepomes	(!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) ) {
309	5b237745	Scott Ullrich	$reqdfields[] = "dstmask";
310	11d2c529	Rafael Lucas	$reqdfieldsn[] = gettext("Destination bit count");
311	5b237745	Scott Ullrich	}
312	5ba18897	Scott Ullrich
313	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
314	5ba18897	Scott Ullrich
315	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
316			$_POST['srcbeginport'] = 0;
317			$_POST['srcendport'] = 0;
318			}
319			if (!$_POST['dstbeginport']) {
320			$_POST['dstbeginport'] = 0;
321			$_POST['dstendport'] = 0;
322			}
323	5ba18897	Scott Ullrich
324	9b45f821	Ermal Lu?i	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
325	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
326	9b45f821	Ermal Lu?i	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
327	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
328	9b45f821	Ermal Lu?i	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
329	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
330	9b45f821	Ermal Lu?i	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
331	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
332	5909b520	Evgeny Yurchenko	if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust'])
333			if (is_alias($_POST['srcendport_cust']))
334			$input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field';
335			if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
336			if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust'])
337			$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields';
338			if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) \|\|
339			((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
340			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field';
341			}
342			if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust'])
343			if (is_alias($_POST['dstendport_cust']))
344			$input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field';
345			if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
346			if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust'])
347			$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields';
348			if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) \|\|
349			((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
350			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field';
351			}
352	5ba18897	Scott Ullrich
353	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
354			if($_POST['srctype'] == "network") {
355			if(is_alias($_POST['src']))
356	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
357	0e5ddcd9	Scott Ullrich	}
358			if($_POST['dsttype'] == "network") {
359			if(is_alias($_POST['dst']))
360	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
361	0e5ddcd9	Scott Ullrich	}
362
363	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
364	1e578a7f	Ermal Lu?i	if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
365	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."),$_POST['src']);
366	5b237745	Scott Ullrich	}
367			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
368	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid source bit count must be specified.");
369	5b237745	Scott Ullrich	}
370			}
371			if (!is_specialnet($_POST['dsttype'])) {
372	1e578a7f	Ermal Lu?i	if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
373	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."),$_POST['dst']);
374	5b237745	Scott Ullrich	}
375			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
376	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid destination bit count must be specified.");
377	5b237745	Scott Ullrich	}
378			}
379	8c591d01	Seth Mos	if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) {
380	270a2576	Seth Mos	if(!validate_address_family($_POST['src'], $_POST['dst']))
381			$input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']);
382	4108dee8	Seth Mos	if((is_ipaddrv6($_POST['src']) \|\| is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet"))
383			$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
384			if((is_ipaddrv4($_POST['src']) \|\| is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6"))
385			$input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
386	270a2576	Seth Mos	}
387	5ba18897	Scott Ullrich
388	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
389			/* swap */
390			$tmp = $_POST['srcendport'];
391			$_POST['srcendport'] = $_POST['srcbeginport'];
392			$_POST['srcbeginport'] = $tmp;
393			}
394			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
395			/* swap */
396			$tmp = $_POST['dstendport'];
397			$_POST['dstendport'] = $_POST['dstbeginport'];
398			$_POST['dstbeginport'] = $tmp;
399			}
400	e33c8694	Bill Marquette	if ($_POST['os'])
401			if( $_POST['proto'] != "tcp" )
402	11d2c529	Rafael Lucas	$input_errors[] = gettext("OS detection is only valid with protocol tcp.");
403	5b237745	Scott Ullrich
404	197bfe96	Ermal Luçi	if ($_POST['ackqueue'] && $_POST['ackqueue'] != "none") {
405			if ($_POST['defaultqueue'] == "none" )
406	11d2c529	Rafael Lucas	$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
407	197bfe96	Ermal Luçi	else if ($_POST['ackqueue'] == $_POST['defaultqueue'])
408	11d2c529	Rafael Lucas	$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
409	197bfe96	Ermal Luçi	}
410	6735d092	Ermal	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
411	02d7e4a4	Ermal	$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
412	622bd5e7	Ermal	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
413	37d202a3	Ermal	$input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction.");
414	a5fd67e1	Ermal Luçi	if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") {
415			if ($_POST['dnpipe'] == "none" )
416	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
417	a5fd67e1	Ermal Luçi	else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
418	11d2c529	Rafael Lucas	$input_errors[] = gettext("In and Out Queue cannot be the same.");
419	a5fd67e1	Ermal Luçi	else if ($pdnpipe[0] == "?" && $dnpipe[0] <> "?")
420	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
421			else if ($dnpipe[0] == "?" && $pdnpipe[0] <> "?")
422			$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
423	a5fd67e1	Ermal Luçi	}
424	b9e28d57	unknown	if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
425	11d2c529	Rafael Lucas	$input_errors[] = gettext('ID must be an integer');
426	7e50413c	Ermal Luçi	if($_POST['l7container'] && $_POST['l7container'] != "none") {
427			if(!($_POST['proto'] == "tcp" \|\| $_POST['proto'] == "udp" \|\| $_POST['proto'] == "tcp/udp"))
428	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols");
429	3b184ca5	Ermal Lu?i	if ($_POST['type'] <> "pass")
430	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
431	7e50413c	Ermal Luçi	}
432	197bfe96	Ermal Luçi
433	b8ed2a11	Ermal	if (!$_POST['tcpflags_any']) {
434			$settcpflags = array();
435			$outoftcpflags = array();
436			foreach ($tcpflags as $tcpflag) {
437			if ($_POST['tcpflags1_' . $tcpflag] == "on")
438			$settcpflags[] = $tcpflag;
439			if ($_POST['tcpflags2_' . $tcpflag] == "on")
440			$outoftcpflags[] = $tcpflag;
441			}
442			if (empty($outoftcpflags) && !empty($settcpflags))
443	11d2c529	Rafael Lucas	$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
444	b8ed2a11	Ermal	}
445
446	d65962a7	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
447			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation");
448
449	5b237745	Scott Ullrich	if (!$input_errors) {
450			$filterent = array();
451	b9e28d57	unknown	$filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:'';
452	5b237745	Scott Ullrich	$filterent['type'] = $_POST['type'];
453	661aed33	Ermal Luçi	if (isset($_POST['interface'] ))
454			$filterent['interface'] = $_POST['interface'];
455
456	1306c7dd	Seth Mos	if (isset($_POST['ipprotocol'] ))
457			$filterent['ipprotocol'] = $_POST['ipprotocol'];
458
459	b8ed2a11	Ermal	if ($_POST['tcpflags_any']) {
460			$filterent['tcpflags_any'] = true;
461			} else {
462			$settcpflags = array();
463			$outoftcpflags = array();
464			foreach ($tcpflags as $tcpflag) {
465			if ($_POST['tcpflags1_' . $tcpflag] == "on")
466			$settcpflags[] = $tcpflag;
467			if ($_POST['tcpflags2_' . $tcpflag] == "on")
468			$outoftcpflags[] = $tcpflag;
469			}
470			if (!empty($outoftcpflags)) {
471			$filterent['tcpflags2'] = join(",", $outoftcpflags);
472			if (!empty($settcpflags))
473			$filterent['tcpflags1'] = join(",", $settcpflags);
474			}
475			}
476
477	fd9ba7c0	Ermal	if (isset($_POST['tag']))
478			$filterent['tag'] = $_POST['tag'];
479			if (isset($_POST['tagged']))
480			$filterent['tagged'] = $_POST['tagged'];
481	661aed33	Ermal Luçi	if ($if == "FloatingRules" \|\| isset($_POST['floating'])) {
482			$filterent['direction'] = $_POST['direction'];
483			if (isset($_POST['quick']) && $_POST['quick'] <> "")
484			$filterent['quick'] = $_POST['quick'];
485			$filterent['floating'] = "yes";
486			if (isset($_POST['interface']) && count($_POST['interface']) > 0) {
487	f1602cc4	sullrich	$filterent['interface'] = implode(",", $_POST['interface']);
488	661aed33	Ermal Luçi	}
489			}
490	d59874c1	Scott Ullrich
491	bdb7d6e7	Scott Ullrich	/* Advanced options */
492	775ccea3	Ermal Luci	if ($_POST['allowopts'] == "yes")
493			$filterent['allowopts'] = true;
494			else
495			unset($filterent['allowopts']);
496	19757916	Ermal Lu?i	if ($_POST['disablereplyto'] == "yes")
497			$filterent['disablereplyto'] = true;
498			else
499			unset($filterent['disablereplyto']);
500	a56b2fa0	pierrepomes	$filterent['max'] = $_POST['max'];
501	bdb7d6e7	Scott Ullrich	$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
502	26dd6a54	pierrepomes	$filterent['max-src-conn'] = $_POST['max-src-conn'];
503	bdb7d6e7	Scott Ullrich	$filterent['max-src-states'] = $_POST['max-src-states'];
504	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
505	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
506	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
507	10f21e70	Scott Ullrich
508			/* Nosync directive - do not xmlrpc sync this item */
509	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
510	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
511			else
512			unset($filterent['nosync']);
513
514	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
515			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
516			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
517			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
518			} else {
519			unset($filterent['max-src-conn-rate']);
520			unset($filterent['max-src-conn-rates']);
521			}
522	5ba18897	Scott Ullrich
523	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
524			$filterent['protocol'] = $_POST['proto'];
525			else
526			unset($filterent['protocol']);
527	5ba18897	Scott Ullrich
528	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
529			$filterent['icmptype'] = $_POST['icmptype'];
530			else
531			unset($filterent['icmptype']);
532	5ba18897	Scott Ullrich
533	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
534			$_POST['srcmask'], $_POST['srcnot'],
535			$_POST['srcbeginport'], $_POST['srcendport']);
536	5ba18897	Scott Ullrich
537	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
538			$_POST['dstmask'], $_POST['dstnot'],
539			$_POST['dstbeginport'], $_POST['dstendport']);
540	5ba18897	Scott Ullrich
541	f1602cc4	sullrich	if ($_POST['disabled'])
542			$filterent['disabled'] = true;
543			else
544			unset($filterent['disabled']);
545
546	c5fc1b2e	Ermal Luçi	if ($_POST['dscp'])
547			$filterent['dscp'] = $_POST['dscp'];
548
549	f1602cc4	sullrich	if ($_POST['log'])
550			$filterent['log'] = true;
551			else
552			unset($filterent['log']);
553	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
554	5ba18897	Scott Ullrich
555	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
556			$filterent['gateway'] = $_POST['gateway'];
557			}
558	197bfe96	Ermal Luçi
559			if (isset($_POST['defaultqueue']) && $_POST['defaultqueue'] != "none") {
560			$filterent['defaultqueue'] = $_POST['defaultqueue'];
561			if (isset($_POST['ackqueue']) && $_POST['ackqueue'] != "none")
562			$filterent['ackqueue'] = $_POST['ackqueue'];
563			}
564	c98ddde2	Bill Marquette
565	a5fd67e1	Ermal Luçi	if (isset($_POST['dnpipe']) && $_POST['dnpipe'] != "none") {
566			$filterent['dnpipe'] = $_POST['dnpipe'];
567			if (isset($_POST['pdnpipe']) && $_POST['pdnpipe'] != "none")
568			$filterent['pdnpipe'] = $_POST['pdnpipe'];
569			}
570
571	7e50413c	Ermal Luçi	if (isset($_POST['l7container']) && $_POST['l7container'] != "none") {
572			$filterent['l7container'] = $_POST['l7container'];
573			}
574
575	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
576			$filterent['sched'] = $_POST['sched'];
577			}
578
579	1122a892	Erik Fonnesbeck	// If we have an associated nat rule, make sure the source and destination doesn't change
580	9b16b834	Ermal Lu?i	if( isset($a_filter[$id]['associated-rule-id']) ) {
581	0bfd0f79	Erik Fonnesbeck	$filterent['interface'] = $a_filter[$id]['interface'];
582	48a27d4f	Erik Fonnesbeck	if (isset($a_filter[$id]['protocol']))
583			$filterent['protocol'] = $a_filter[$id]['protocol'];
584			else if (isset($filterent['protocol']))
585			unset($filterent['protocol']);
586			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype'])
587			$filterent['icmptype'] = $a_filter[$id]['icmptype'];
588			else if (isset($filterent['icmptype']))
589			unset($filterent['icmptype']);
590	1306c7dd	Seth Mos
591	1122a892	Erik Fonnesbeck	$filterent['source'] = $a_filter[$id]['source'];
592	473d0ff0	pierrepomes	$filterent['destination'] = $a_filter[$id]['destination'];
593	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
594	473d0ff0	pierrepomes	}
595
596	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
597			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
598
599	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
600			$a_filter[$id] = $filterent;
601			else {
602			if (is_numeric($after))
603			array_splice($a_filter, $after+1, 0, array($filterent));
604			else
605			$a_filter[] = $filterent;
606			}
607	f4e2a352	Scott Ullrich
608	ea57ccb8	Erik Fonnesbeck	filter_rules_sort();
609	d65962a7	Scott Ullrich
610	5b237745	Scott Ullrich	write_config();
611	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
612	5ba18897	Scott Ullrich
613	661aed33	Ermal Luçi	if (isset($_POST['floating']))
614			header("Location: firewall_rules.php?if=FloatingRules");
615			else
616			header("Location: firewall_rules.php?if=" . $_POST['interface']);
617	5b237745	Scott Ullrich	exit;
618			}
619	c60824d2	Scott Ullrich	}
620
621	37c53a0d	Ermal Lu?i	read_altq_config(); /* XXX: */
622			$qlist =& get_unique_queue_list();
623			read_dummynet_config(); /* XXX: */
624			$dnqlist =& get_unique_dnqueue_list();
625			read_layer7_config();
626			$l7clist =& get_l7_unique_list();
627
628	11d2c529	Rafael Lucas	$pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit"));
629	3cceb5d5	jim-p	$statusurl = "status_filter_reload.php";
630			$logurl = "diag_logs_filter.php";
631
632	a1357fe0	Bill Marquette	$closehead = false;
633	8ab3e9ed	Erik Kristensen
634			$page_filename = "firewall_rules_edit.php";
635	da7ae7ef	Bill Marquette	include("head.inc");
636	c60824d2	Scott Ullrich
637	5b237745	Scott Ullrich	?>
638	4bb99603	Scott Ullrich	<link rel="stylesheet" href="/javascript/chosen/chosen.css" />
639	5b237745	Scott Ullrich	</head>
640
641			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
642	f51d5d57	Darren Embry	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
643	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
644	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
645	48fc39a3	Scott Ullrich	<?php pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_input_errors"); ?>
646	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
647	8ab3e9ed	Erik Kristensen
648			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
649	6eac9b90	Scott Ullrich	<input type='hidden' name="ruleid" value="<?=(isset($pconfig['ruleid'])&&$pconfig['ruleid']>0)?htmlspecialchars($pconfig['ruleid']):''?>">
650
651	8ab3e9ed	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
652	e091cb45	Scott Ullrich	<tr>
653	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td>
654	e091cb45	Scott Ullrich	</tr>
655	b4b7bda6	Scott Ullrich	<?php
656			// Allow extending of the firewall edit page and include custom input validation
657			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
658			?>
659	8ab3e9ed	Erik Kristensen	<tr>
660	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
661	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
662	b5c78501	Seth Mos	<select name="type" class="formselect">
663	e5e5ba51	Vinicius Coque	<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
664	8ab3e9ed	Erik Kristensen	<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
665			<?=htmlspecialchars($type);?>
666			</option>
667			<?php endforeach; ?>
668	a391d0ab	Ermal	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
669			<option value="match" <?php if ("match" == strtolower($pconfig['type'])) echo "selected"; ?>>Queue</option>
670			<?php endif; ?>
671	8c84fe43	Scott Ullrich	</select>
672	8ab3e9ed	Erik Kristensen	<br/>
673			<span class="vexpl">
674	11d2c529	Rafael Lucas	<?=gettext("Choose what to do with packets that match the criteria specified below.");?> <br/>
675			<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
676	8ab3e9ed	Erik Kristensen	</span>
677			</td>
678			</tr>
679			<tr>
680	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
681	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
682			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
683	11d2c529	Rafael Lucas	<strong><?=gettext("Disable this rule");?></strong><br />
684			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list.");?></span>
685	8ab3e9ed	Erik Kristensen	</td>
686			</tr>
687	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
688			<tr>
689	f1602cc4	sullrich	<td width="22%" valign="top" class="vncellreq">
690			<?=gettext("Quick");?>
691			</td>
692			<td width="78%" class="vtable">
693			<input name="quick" type="checkbox" id="quick" value="yes" <?php if ($pconfig['quick']) echo "checked=\"checked\""; ?> />
694			<strong><?=gettext("Apply the action immediately on match.");?></strong><br />
695			<span class="vexpl"><?=gettext("Set this option if you need to apply this action to traffic that matches this rule immediately.");?></span>
696			</td>
697			</tr>
698	e73b001e	Renato Botelho	<?php endif; ?>
699	48a27d4f	Erik Fonnesbeck	<?php $edit_disabled = ""; ?>
700			<?php if( isset($pconfig['associated-rule-id']) ): ?>
701			<tr>
702			<td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td>
703			<td width="78%" class="vtable">
704	e4b9d53b	Warren Baker	<span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("This is associated to a NAT rule.");?><br />
705	48a27d4f	Erik Fonnesbeck	<?=gettext("You cannot edit the interface, protocol, source, or destination of associated filter rules.");?><br />
706			<br />
707			<?php
708			$edit_disabled = "disabled";
709			if (is_array($config['nat']['rule'])) {
710			foreach( $config['nat']['rule'] as $index => $nat_rule ) {
711			if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
712			echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br>";
713			break;
714			}
715			}
716			}
717			echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' >";
718			if (!empty($pconfig['interface']))
719			echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' >";
720			?>
721			<script type="text/javascript">
722			editenabled = 0;
723			</script>
724			</td>
725			</tr>
726	ee9933b6	Renato Botelho	<?php endif; ?>
727	8ab3e9ed	Erik Kristensen	<tr>
728	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
729	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
730	48a27d4f	Erik Fonnesbeck	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
731	4bb99603	Scott Ullrich	<select name="interface[]" title="Select interfaces..." multiple style="width:350px;" class="chzn-select" tabindex="2" <?=$edit_disabled;?>>
732	ee9933b6	Renato Botelho	<?php else: ?>
733	48a27d4f	Erik Fonnesbeck	<select name="interface" class="formselect" <?=$edit_disabled;?>>
734	8ab3e9ed	Erik Kristensen	<?php
735	661aed33	Ermal Luçi	endif;
736	a7782099	Ermal Lu?i	/* add group interfaces */
737	f1602cc4	sullrich	if (is_array($config['ifgroups']['ifgroupentry']))
738	a7782099	Ermal Lu?i	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
739			if (have_ruleint_access($ifgen['ifname']))
740			$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
741	b7391125	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
742	0040bcfa	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
743			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
744	5335811d	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
745	0040bcfa	Scott Ullrich	if(have_ruleint_access($ifent))
746	f1602cc4	sullrich	$interfaces[$ifent] = $ifdesc;
747	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
748	f1602cc4	sullrich	if(have_ruleint_access("l2tp"))
749			$interfaces['l2tp'] = "L2TP VPN";
750	b6742927	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
751			if(have_ruleint_access("pptp"))
752			$interfaces['pptp'] = "PPTP VPN";
753
754	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
755			$interfaces['pppoe'] = "PPPoE VPN";
756	b6742927	Scott Ullrich	/* add ipsec interfaces */
757	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
758	b6742927	Scott Ullrich	if(have_ruleint_access("enc0"))
759	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
760	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
761	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
762	d030c9de	Erik Fonnesbeck	$interfaces["openvpn"] = "OpenVPN";
763	43fd29df	Erik Fonnesbeck	if (is_array($pconfig['interface']))
764			$pconfig['interface'] = implode(",", $pconfig['interface']);
765	d030c9de	Erik Fonnesbeck	$selected_interfaces = explode(",", $pconfig['interface']);
766	8ab3e9ed	Erik Kristensen	foreach ($interfaces as $iface => $ifacename): ?>
767	74aff49c	Renato Botelho	<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 \|\| in_array($iface, $selected_interfaces) )) echo "selected"; ?>><?=$ifacename?></option>
768	8ab3e9ed	Erik Kristensen	<?php endforeach; ?>
769	8c84fe43	Scott Ullrich	</select>
770	8ab3e9ed	Erik Kristensen	<br />
771	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose on which interface packets must come in to match this rule.");?></span>
772	8ab3e9ed	Erik Kristensen	</td>
773			</tr>
774	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
775	f1602cc4	sullrich	<tr>
776			<td width="22%" valign="top" class="vncellreq">
777			<?=gettext("Direction");?>
778			</td>
779			<td width="78%" class="vtable">
780			<select name="direction" class="formselect">
781	e5e5ba51	Vinicius Coque	<?php $directions = array('any','in','out');
782	f1602cc4	sullrich	foreach ($directions as $direction): ?>
783			<option value="<?=$direction;?>"
784			<?php if ($direction == $pconfig['direction']): ?>
785			selected="selected"
786			<?php endif; ?>
787			><?=$direction;?></option>
788			<?php endforeach; ?>
789			</select>
790			<input type="hidden" id="floating" name="floating" value="floating">
791			</td>
792			<tr>
793	661aed33	Ermal Luçi	<?php endif; ?>
794	1306c7dd	Seth Mos	<tr>
795			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
796			<td width="78%" class="vtable">
797			<select name="ipprotocol" class="formselect">
798			<?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6');
799			foreach ($ipproto as $proto => $name): ?>
800			<option value="<?=$proto;?>"
801			<?php if ($proto == $pconfig['ipprotocol']): ?>
802			selected="selected"
803			<?php endif; ?>
804			><?=$name;?></option>
805			<?php endforeach; ?>
806			</select>
807			<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br />
808			</td>
809			</tr>
810	8ab3e9ed	Erik Kristensen	<tr>
811	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
812	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
813	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()">
814	8ab3e9ed	Erik Kristensen	<?php
815	c6c26178	jim-p	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP OSPF any carp pfsync");
816	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
817			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
818			<?php endforeach; ?>
819			</select>
820			<br />
821	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose which IP protocol this rule should match.");?> <br /> <?=gettext("Hint: in most cases, you should specify ");?><em>TCP</em>  <?=gettext("here.");?></span>
822	8ab3e9ed	Erik Kristensen	</td>
823			</tr>
824	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
825	11d2c529	Rafael Lucas	<td valign="top" class="vncell"><?=gettext("ICMP type");?></td>
826	8ab3e9ed	Erik Kristensen	<td class="vtable">
827	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="icmptype" class="formselect">
828	8ab3e9ed	Erik Kristensen	<?php
829			$icmptypes = array(
830	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
831	a01ce4c7	jim-p	"echoreq" => gettext("Echo request"),
832	abd67a31	Carlos Eduardo Ramos	"echorep" => gettext("Echo reply"),
833			"unreach" => gettext("Destination unreachable"),
834			"squench" => gettext("Source quench"),
835			"redir" => gettext("Redirect"),
836			"althost" => gettext("Alternate Host"),
837			"routeradv" => gettext("Router advertisement"),
838			"routersol" => gettext("Router solicitation"),
839			"timex" => gettext("Time exceeded"),
840			"paramprob" => gettext("Invalid IP header"),
841			"timereq" => gettext("Timestamp"),
842			"timerep" => gettext("Timestamp reply"),
843			"inforeq" => gettext("Information request"),
844			"inforep" => gettext("Information reply"),
845			"maskreq" => gettext("Address mask request"),
846			"maskrep" => gettext("Address mask reply")
847	8ab3e9ed	Erik Kristensen	);
848
849			foreach ($icmptypes as $icmptype => $descr): ?>
850			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
851			<?php endforeach; ?>
852			</select>
853			<br />
854	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span>
855	8ab3e9ed	Erik Kristensen	</td>
856			</tr>
857			<tr>
858	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source");?></td>
859	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
860	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
861	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
862	8ab3e9ed	Erik Kristensen	<br />
863	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
864	8ab3e9ed	Erik Kristensen	<br />
865			<br />
866			<table border="0" cellspacing="0" cellpadding="0">
867			<tr>
868	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
869	8ab3e9ed	Erik Kristensen	<td>
870	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srctype" class="formselect" onChange="typesel_change()">
871	87f0be87	Chris Buechler	<?php
872			$sel = is_specialnet($pconfig['src']); ?>
873	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
874			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
875			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
876	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
877	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
878	99ea4439	Scott Ullrich	<?php endif; ?>
879			<?php if(have_ruleint_access("pppoe")): ?>
880	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
881	99ea4439	Scott Ullrich	<?php endif; ?>
882	8a6bc505	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
883	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
884	8a6bc505	Ermal Lu?i	<?php endif; ?>
885	8ab3e9ed	Erik Kristensen	<?php
886	5335811d	Ermal Luçi	foreach ($ifdisp as $ifent => $ifdesc): ?>
887			<?php if(have_ruleint_access($ifent)): ?>
888	11d2c529	Rafael Lucas	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?><?=gettext(" subnet");?></option>
889	5335811d	Ermal Luçi	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
890	11d2c529	Rafael Lucas	<?=$ifdesc?> <?=gettext("address");?>
891	e30a5970	Scott Ullrich	</option>
892	99ea4439	Scott Ullrich	<?php endif; ?>
893	b7391125	Ermal Luçi	<?php endforeach; ?>
894	8ab3e9ed	Erik Kristensen	</select>
895			</td>
896			</tr>
897			<tr>
898	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
899	8ab3e9ed	Erik Kristensen	<td>
900	979b179d	Darren Embry	<input <?=$edit_disabled;?> autocomplete='off' name="src" type="text" class="formfldalias ipv4v6" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
901			<select <?=$edit_disabled;?> name="srcmask" class="formselect ipv4v6" id="srcmask">
902	15705bc0	Seth Mos	<?php for ($i = 127; $i > 0; $i--): ?>
903	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
904			<?php endfor; ?>
905			</select>
906	bdb7d6e7	Scott Ullrich	</td>
907	8ab3e9ed	Erik Kristensen	</tr>
908			</table>
909	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
910			<p>
911	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> type="button" onClick="show_source_port_range()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source port range");?></a>
912	22abf2ef	Scott Ullrich	</div>
913	8ab3e9ed	Erik Kristensen	</td>
914	e33c8694	Bill Marquette	</tr>
915	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
916	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range");?></td>
917	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
918			<table border="0" cellspacing="0" cellpadding="0">
919			<tr>
920	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
921	8ab3e9ed	Erik Kristensen	<td>
922	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
923	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
924	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
925	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
926			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
927			<?php endforeach; ?>
928	8c84fe43	Scott Ullrich	</select>
929	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
930	8ab3e9ed	Erik Kristensen	</td>
931			</tr>
932			<tr>
933	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
934	8ab3e9ed	Erik Kristensen	<td>
935	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcendport" class="formselect" onchange="ext_change()">
936	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
937	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
938	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
939			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
940			<?php endforeach; ?>
941	8c84fe43	Scott Ullrich	</select>
942	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
943	8ab3e9ed	Erik Kristensen	</td>
944			</tr>
945			</table>
946			<br />
947	87000ded	Erik Fonnesbeck	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule."); ?> <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be"); ?> "<?=gettext("any"); ?>").</b><br /><?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port.");?></span><br/>
948	8ab3e9ed	Erik Kristensen	</td>
949	8c84fe43	Scott Ullrich	</tr>
950	8ab3e9ed	Erik Kristensen	<tr>
951	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination");?></td>
952	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
953	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
954	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
955	8ab3e9ed	Erik Kristensen	<br />
956	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
957	8ab3e9ed	Erik Kristensen	<br />
958			<br />
959			<table border="0" cellspacing="0" cellpadding="0">
960			<tr>
961	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
962	8ab3e9ed	Erik Kristensen	<td>
963	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dsttype" class="formselect" onChange="typesel_change()">
964	87f0be87	Chris Buechler	<?php
965			$sel = is_specialnet($pconfig['dst']); ?>
966	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
967			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
968			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
969	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
970	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
971	99ea4439	Scott Ullrich	<?php endif; ?>
972			<?php if(have_ruleint_access("pppoe")): ?>
973	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
974	99ea4439	Scott Ullrich	<?php endif; ?>
975	3331a640	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
976	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
977	3331a640	Ermal Lu?i	<?php endif; ?>
978	b7391125	Ermal Luçi
979			<?php foreach ($ifdisp as $if => $ifdesc): ?>
980			<?php if(have_ruleint_access($if)): ?>
981	11d2c529	Rafael Lucas	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet");?></option>
982	b7391125	Ermal Luçi	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
983	11d2c529	Rafael Lucas	<?=$ifdesc;?> <?=gettext("address");?>
984	cbff71a1	Scott Ullrich	</option>
985	99ea4439	Scott Ullrich	<?php endif; ?>
986	b7391125	Ermal Luçi	<?php endforeach; ?>
987	8ab3e9ed	Erik Kristensen	</select>
988			</td>
989			</tr>
990			<tr>
991	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
992	8ab3e9ed	Erik Kristensen	<td>
993	979b179d	Darren Embry	<input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
994	8ab3e9ed	Erik Kristensen	/
995	979b179d	Darren Embry	<select <?=$edit_disabled;?> name="dstmask" class="formselect ipv4v6" id="dstmask">
996	8ab3e9ed	Erik Kristensen	<?php
997	15705bc0	Seth Mos	for ($i = 127; $i > 0;
998			$i--): ?>
999	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
1000			<?php endfor; ?>
1001			</select>
1002			</td>
1003			</tr>
1004			</table>
1005			</td>
1006			</tr>
1007	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
1008	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range ");?></td>
1009	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1010			<table border="0" cellspacing="0" cellpadding="0">
1011			<tr>
1012	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
1013	8ab3e9ed	Erik Kristensen	<td>
1014	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
1015	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1016	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1017	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1018			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
1019	3deb92f7	Renato Botelho	<?php endforeach; ?>
1020	8ab3e9ed	Erik Kristensen	</select>
1021	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
1022	8ab3e9ed	Erik Kristensen	</td>
1023			</tr>
1024			<tr>
1025	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
1026	8ab3e9ed	Erik Kristensen	<td>
1027	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstendport" class="formselect" onchange="ext_change()">
1028	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1029	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1030	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1031			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
1032			<?php endforeach; ?>
1033	8c84fe43	Scott Ullrich	</select>
1034	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
1035	8ab3e9ed	Erik Kristensen	</td>
1036			</tr>
1037			</table>
1038			<br />
1039			<span class="vexpl">
1040	11d2c529	Rafael Lucas	<?=gettext("Specify the port or port range for the destination of the packet for this rule.");?>
1041	adb633a0	sullrich	<br />
1042	345b9715	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port");?>
1043	8ab3e9ed	Erik Kristensen	</span>
1044			</td>
1045			</tr>
1046			<tr>
1047	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Log");?></td>
1048	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1049			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
1050	11d2c529	Rafael Lucas	<strong><?=gettext("Log packets that are handled by this rule");?></strong>
1051	adb633a0	sullrich	<br />
1052	0fb885bc	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server"); ?> (<?=gettext("see the"); ?> <a href="diag_logs_settings.php"><?=gettext("Diagnostics: System logs: Settings"); ?></a> <?=gettext("page"); ?>).</span>
1053	8ab3e9ed	Erik Kristensen	</td>
1054			</tr>
1055	151eb2a9	sullrich	<tr>
1056	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
1057	151eb2a9	sullrich	<td width="78%" class="vtable">
1058			<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
1059			<br />
1060	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
1061	151eb2a9	sullrich	</td>
1062			</tr>
1063	8e0c3760	Ermal	<?php if (!isset($id) \|\| !($a_filter[$id] && firewall_check_for_advanced_options($a_filter[$id]) <> "")): ?>
1064	151eb2a9	sullrich	<tr>
1065			<td width="22%" valign="top"> </td>
1066			<td width="78%">
1067			<br>
1068	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1069	151eb2a9	sullrich	<?php if (isset($id) && $a_filter[$id]): ?>
1070	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1071	151eb2a9	sullrich	<?php endif; ?>
1072	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1073	151eb2a9	sullrich	</td>
1074			</tr>
1075	8e0c3760	Ermal	<?php endif; ?>
1076	151eb2a9	sullrich	<tr>
1077			<td> </td>
1078			</tr>
1079			<tr>
1080	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced features");?></td>
1081	151eb2a9	sullrich	</tr>
1082	f1602cc4	sullrich	<tr>
1083	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Source OS");?></td>
1084	e265d9f5	sullrich	<td width="78%" class="vtable">
1085	ee9933b6	Renato Botelho	<div id="showadvsourceosbox" <?php if ($pconfig['os']) echo "style='display:none'"; ?>>
1086	157a6919	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_sourceos()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1087	adb633a0	sullrich	</div>
1088	ee9933b6	Renato Botelho	<div id="showsourceosadv" <?php if (empty($pconfig['os'])) echo "style='display:none'"; ?>>
1089	21600ab1	Vinicius Coque	<?=gettext("OS Type:");?>
1090	adb633a0	sullrich	<select name="os" id="os" class="formselect">
1091	f1602cc4	sullrich	<?php
1092	adb633a0	sullrich	$ostypes = array(
1093	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
1094	adb633a0	sullrich	"AIX" => "AIX",
1095			"Linux" => "Linux",
1096			"FreeBSD" => "FreeBSD",
1097			"NetBSD" => "NetBSD",
1098			"OpenBSD" => "OpenBSD",
1099			"Solaris" => "Solaris",
1100			"MacOS" => "MacOS",
1101			"Windows" => "Windows",
1102			"Novell" => "Novell",
1103			"NMAP" => "NMAP"
1104			);
1105			foreach ($ostypes as $ostype => $descr): ?>
1106			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
1107			<?php
1108			endforeach;
1109			?>
1110			</select>
1111			<br />
1112	11d2c529	Rafael Lucas	<?=gettext("Note: this only works for TCP rules");?>
1113	adb633a0	sullrich	</div>
1114	f1602cc4	sullrich	</td>
1115			</tr>
1116	30c4ae8a	sullrich	<tr>
1117	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Diffserv Code Point");?></td>
1118	30c4ae8a	sullrich	<td width="78%" class="vtable">
1119	ee9933b6	Renato Botelho	<div id="dsadv" name="dsadv" <?php if ($pconfig['dscp']) echo "style='display:none'"; ?>>
1120	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_dsdiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1121	30c4ae8a	sullrich	</div>
1122	ee9933b6	Renato Botelho	<div id="dsdivmain" name="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>>
1123	30c4ae8a	sullrich	<select name="dscp" id="dscp">
1124			<option value=""></option>
1125			<?php foreach($firewall_rules_dscp_types as $frdt): ?>
1126			<option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " SELECTED"; ?>><?=$frdt?></option>
1127			<?php endforeach; ?>
1128			</select>
1129			</div>
1130			</td>
1131			</tr>
1132	661aed33	Ermal Luçi	<tr>
1133	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced Options");?></td>
1134	e6db3f58	Ermal Luçi	<td width="78%" class="vtable">
1135			<div id="aoadv" name="aoadv">
1136	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_aodiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1137	e6db3f58	Ermal Luçi	</div>
1138			<div id="aodivmain" name="aodivmain" style="display:none">
1139	f1602cc4	sullrich	<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
1140	a29dc11b	Chris Buechler	<br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
1141	f1602cc4	sullrich	</span><p>
1142	19757916	Ermal Lu?i	<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>>
1143			<br/><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?>
1144			</span><p>
1145	f1602cc4	sullrich	<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>">
1146	345b9715	Carlos Eduardo Ramos	<br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called"); ?> <b><?=gettext("Policy filtering"); ?></b>
1147	775ccea3	Ermal Luci	</span><p>
1148	f1602cc4	sullrich	<input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>">
1149			<br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?>
1150			</span> <p>
1151	dd5bf424	Scott Ullrich	<input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p>
1152			<input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p>
1153			<input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p>
1154			<input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>"><br><?=gettext(" Maximum state entries per host");?></p><p>
1155			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>"> /
1156	8ab3e9ed	Erik Kristensen	<select name="max-src-conn-rates" id="max-src-conn-rates">
1157			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
1158			<?php for($x=1; $x<255; $x++) {
1159			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
1160			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
1161			} ?>
1162	47042140	Scott Ullrich	</select><br />
1163	11d2c529	Rafael Lucas	<?=gettext("Maximum new connections / per second(s)");?>
1164	e4d79ab0	Ermal	</p><p>
1165	47042140	Scott Ullrich
1166	dd5bf424	Scott Ullrich	<input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>"><br>
1167	11d2c529	Rafael Lucas	<?=gettext("State Timeout in seconds");?>
1168	e4d79ab0	Ermal	</p>
1169	47042140	Scott Ullrich
1170	e4b9d53b	Warren Baker	<p><strong><?=gettext("Note: Leave fields blank to disable that feature.");?></strong></p>
1171	197b2a47	Scott Ullrich	</div>
1172	8ab3e9ed	Erik Kristensen	</td>
1173			</tr>
1174	b8ed2a11	Ermal	<tr id="tcpflags" name="tcpflags">
1175	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
1176	b8ed2a11	Ermal	<td width="78%" class="vtable">
1177	ee9933b6	Renato Botelho	<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] \|\| $pconfig['tcpflags1'] \|\| $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
1178	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1179	b8ed2a11	Ermal	</div>
1180	ee9933b6	Renato Botelho	<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
1181	b8ed2a11	Ermal	<div id="tcpheader" name="tcpheader">
1182			<center>
1183			<table border="0" cellspacing="0" cellpadding="0">
1184			<?php
1185			$setflags = explode(",", $pconfig['tcpflags1']);
1186			$outofflags = explode(",", $pconfig['tcpflags2']);
1187			$header = "<td width='40' nowrap></td>";
1188			$tcpflags1 = "<td width='40' nowrap>set</td>";
1189			$tcpflags2 = "<td width='40' nowrap>out of</td>";
1190			foreach ($tcpflags as $tcpflag) {
1191			$header .= "<td width='40' nowrap><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
1192			$tcpflags1 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
1193			if (array_search($tcpflag, $setflags) !== false)
1194			$tcpflags1 .= "checked";
1195			$tcpflags1 .= "></td>\n";
1196			$tcpflags2 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
1197			if (array_search($tcpflag, $outofflags) !== false)
1198			$tcpflags2 .= "checked";
1199			$tcpflags2 .= "></td>\n";
1200			}
1201			echo "<tr id='tcpheader' name='tcpheader'>{$header}</tr>\n";
1202			echo "<tr id='tcpflags1' name='tcpflags1'>{$tcpflags1}</tr>\n";
1203			echo "<tr id='tcpflags2' name='tcpflags2'>{$tcpflags2}</tr>\n";
1204			?>
1205			</table>
1206			<center>
1207			</div>
1208			<br/><center>
1209	11d2c529	Rafael Lucas	<input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center>
1210	b8ed2a11	Ermal	<br/>
1211	95938fae	jim-p	<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
1212	11d2c529	Rafael Lucas	"be set or cleared for this rule to match.");?></span>
1213	b8ed2a11	Ermal	</div>
1214			</td>
1215			</tr>
1216	8ab3e9ed	Erik Kristensen	<tr>
1217	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td>
1218	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1219	ee9933b6	Renato Botelho	<div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>>
1220	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_state()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1221	f6970b2f	Scott Ullrich	</div>
1222	ee9933b6	Renato Botelho	<div id="showstateadv" <?php if (empty($pconfig['statetype']) \|\| $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>>
1223	f6970b2f	Scott Ullrich	<select name="statetype">
1224	11d2c529	Rafael Lucas	<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>><?=gettext("keep state");?></option>
1225			<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected"; ?>><?=gettext("sloppy state");?></option>
1226			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>><?=gettext("synproxy state");?></option>
1227			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>><?=gettext("none");?></option>
1228	e4b9d53b	Warren Baker	</select><br><?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
1229	f6970b2f	Scott Ullrich	<p>
1230			<table width="90%">
1231	67300ce5	Ermal	<tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1232			<tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1233			<tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr>
1234			<tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr>
1235	f6970b2f	Scott Ullrich	</table>
1236			</p>
1237			</div>
1238	8ab3e9ed	Erik Kristensen	</td>
1239			</tr>
1240	10f21e70	Scott Ullrich	<tr>
1241	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
1242	10f21e70	Scott Ullrich	<td width="78%" class="vtable">
1243	ee9933b6	Renato Botelho	<div id="showadvnoxmlrpcsyncbox" <?php if ($pconfig['nosync']) echo "style='display:none'"; ?>>
1244	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1245	0239d8ee	sullrich	</div>
1246	ee9933b6	Renato Botelho	<div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>>
1247	0239d8ee	sullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
1248	e4b9d53b	Warren Baker	<?=gettext("Hint: This prevents the rule from automatically syncing to other CARP members.");?>
1249	0239d8ee	sullrich	</div>
1250	10f21e70	Scott Ullrich	</td>
1251	8c84fe43	Scott Ullrich	</tr>
1252	615b27bc	Scott Dale	<?php
1253			//build list of schedules
1254			$schedules = array();
1255			$schedules[] = "none";//leave none to leave rule enabled all the time
1256	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
1257			foreach ($config['schedules']['schedule'] as $schedule) {
1258			if ($schedule['name'] <> "")
1259			$schedules[] = $schedule['name'];
1260			}
1261			}
1262	615b27bc	Scott Dale	?>
1263			<tr>
1264	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Schedule");?></td>
1265	615b27bc	Scott Dale	<td width="78%" class="vtable">
1266	ee9933b6	Renato Botelho	<div id="showadvschedulebox" <?php if (!empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1267	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_schedule()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1268	0239d8ee	sullrich	</div>
1269	ee9933b6	Renato Botelho	<div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1270	0239d8ee	sullrich	<select name='sched'>
1271	615b27bc	Scott Dale	<?php
1272	0239d8ee	sullrich	foreach($schedules as $schedule) {
1273			if($schedule == $pconfig['sched']) {
1274			$selected = " SELECTED";
1275			} else {
1276			$selected = "";
1277			}
1278			if ($schedule == "none") {
1279			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
1280			} else {
1281			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
1282			}
1283	615b27bc	Scott Dale	}
1284	0239d8ee	sullrich	?>
1285			</select>
1286	11d2c529	Rafael Lucas	<p><?=gettext("Leave as 'none' to leave the rule enabled all the time.");?></p>
1287	0239d8ee	sullrich	</div>
1288	615b27bc	Scott Dale	</td>
1289			</tr>
1290	82628210	Scott Ullrich	<tr>
1291	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td>
1292	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1293	ee9933b6	Renato Botelho	<div id="showadvgatewaybox" <?php if (!empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1294	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_gateway()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1295	0239d8ee	sullrich	</div>
1296	ee9933b6	Renato Botelho	<div id="showgatewayadv" <?php if (empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1297	0239d8ee	sullrich	<select name='gateway'>
1298	11d2c529	Rafael Lucas	<option value="" ><?=gettext("default");?></option>
1299	8ab3e9ed	Erik Kristensen	<?php
1300	1b38ac36	Ermal	/* build a list of gateways */
1301			$gateways = return_gateways_array();
1302	106804a2	Chris Buechler	// add statically configured gateways to list
1303	1b38ac36	Ermal	foreach($gateways as $gwname => $gw) {
1304	270a2576	Seth Mos	if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6($gw['gateway']))
1305			continue;
1306			if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4($gw['gateway']))
1307			continue;
1308	0239d8ee	sullrich	if($gw == "")
1309	0581660c	Scott Ullrich	continue;
1310	1b38ac36	Ermal	if($gwname == $pconfig['gateway']) {
1311	4443d4d6	Scott Ullrich	$selected = " SELECTED";
1312	1fda0968	Scott Ullrich	} else {
1313			$selected = "";
1314			}
1315	1b38ac36	Ermal	echo "<option value=\"{$gwname}\" {$selected}>{$gw['name']} - {$gw['gateway']}</option>\n";
1316	106804a2	Chris Buechler	}
1317	0239d8ee	sullrich	/* add gateway groups to the list */
1318			if (is_array($config['gateways']['gateway_group'])) {
1319			foreach($config['gateways']['gateway_group'] as $gw_group) {
1320	a1c10b7f	Seth Mos	$af = explode("\|", $gw_group['item'][0]);
1321			if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6(lookup_gateway_ip_by_name($af[0])))
1322	270a2576	Seth Mos	continue;
1323	a1c10b7f	Seth Mos	if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4(lookup_gateway_ip_by_name($af[0])))
1324	270a2576	Seth Mos	continue;
1325	0239d8ee	sullrich	if($gw_group['name'] == "")
1326			continue;
1327			if($pconfig['gateway'] == $gw_group['name']) {
1328	270a2576	Seth Mos	$selected = " SELECTED";
1329	0239d8ee	sullrich	} else {
1330	270a2576	Seth Mos	$selected = "";
1331	0239d8ee	sullrich	}
1332	270a2576	Seth Mos	echo "<option value=\"{$gw_group['name']}\" $selected>{$gw_group['name']}</option>\n";
1333	0239d8ee	sullrich	}
1334			}
1335	8ab3e9ed	Erik Kristensen	?>
1336	0239d8ee	sullrich	</select>
1337	e85604b8	Chris Buechler	<p><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></p>
1338	0239d8ee	sullrich	</div>
1339	8ab3e9ed	Erik Kristensen	</td>
1340			</tr>
1341	a5fd67e1	Ermal Luçi	<tr>
1342	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("In/Out");?></td>
1343	a5fd67e1	Ermal Luçi	<td width="78%" class="vtable">
1344	ee9933b6	Renato Botelho	<div id="showadvinoutbox" <?php if (!empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1345	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_inout()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1346	4c263f57	sullrich	</div>
1347	ee9933b6	Renato Botelho	<div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1348	4c263f57	sullrich	<select name="dnpipe">
1349	a5fd67e1	Ermal Luçi	<?php
1350			if (!is_array($dnqlist))
1351			$dnqlist = array();
1352			echo "<option value=\"none\"";
1353			if (!$dnqselected) echo " SELECTED";
1354			echo " >none</option>";
1355			foreach ($dnqlist as $dnq => $dnqkey) {
1356			if($dnq == "")
1357			continue;
1358			echo "<option value=\"$dnqkey\"";
1359			if ($dnqkey == $pconfig['dnpipe']) {
1360			$dnqselected = 1;
1361			echo " SELECTED";
1362			}
1363			echo ">{$dnq}</option>";
1364			}
1365			?>
1366			</select> /
1367			<select name="pdnpipe">
1368			<?php
1369			$dnqselected = 0;
1370			echo "<option value=\"none\"";
1371			if (!$dnqselected) echo " SELECTED";
1372			echo " >none</option>";
1373			foreach ($dnqlist as $dnq => $dnqkey) {
1374			if($dnq == "")
1375			continue;
1376			echo "<option value=\"$dnqkey\"";
1377			if ($dnqkey == $pconfig['pdnpipe']) {
1378			$dnqselected = 1;
1379			echo " SELECTED";
1380			}
1381			echo ">{$dnq}</option>";
1382			}
1383			?>
1384	4c263f57	sullrich	</select>
1385	a5fd67e1	Ermal Luçi	<br />
1386	bb8f186e	Chris Buechler	<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br/>".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br/>".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span>
1387	4c263f57	sullrich	</div>
1388	a5fd67e1	Ermal Luçi	</td>
1389			</tr>
1390
1391	197bfe96	Ermal Luçi	<tr>
1392	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td>
1393	197bfe96	Ermal Luçi	<td width="78%" class="vtable">
1394	ee9933b6	Renato Botelho	<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1395	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1396	0239d8ee	sullrich	</div>
1397	ee9933b6	Renato Botelho	<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1398	0239d8ee	sullrich	<select name="ackqueue">
1399	197bfe96	Ermal Luçi	<?php
1400	0239d8ee	sullrich	if (!is_array($qlist))
1401			$qlist = array();
1402			echo "<option value=\"none\"";
1403			if (!$qselected) echo " SELECTED";
1404			echo " >none</option>";
1405			foreach ($qlist as $q => $qkey) {
1406			if($q == "")
1407			continue;
1408			echo "<option value=\"$q\"";
1409			if ($q == $pconfig['ackqueue']) {
1410			$qselected = 1;
1411			echo " SELECTED";
1412			}
1413	199791f9	Ermal	if (isset($ifdisp[$q]))
1414			echo ">{$ifdisp[$q]}</option>";
1415			else
1416			echo ">{$q}</option>";
1417	197bfe96	Ermal Luçi	}
1418			?>
1419	0239d8ee	sullrich	</select> /
1420			<select name="defaultqueue">
1421	197bfe96	Ermal Luçi	<?php
1422	0239d8ee	sullrich	$qselected = 0;
1423			echo "<option value=\"none\"";
1424			if (!$qselected) echo " SELECTED";
1425			echo " >none</option>";
1426			foreach ($qlist as $q => $qkey) {
1427			if($q == "")
1428			continue;
1429			echo "<option value=\"$q\"";
1430			if ($q == $pconfig['defaultqueue']) {
1431			$qselected = 1;
1432			echo " SELECTED";
1433			}
1434	199791f9	Ermal	if (isset($ifdisp[$q]))
1435			echo ">{$ifdisp[$q]}</option>";
1436			else
1437			echo ">{$q}</option>";
1438	197bfe96	Ermal Luçi	}
1439			?>
1440	0239d8ee	sullrich	</select>
1441			<br />
1442	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span>
1443	0239d8ee	sullrich	</td>
1444			</tr>
1445			<tr>
1446	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
1447	0239d8ee	sullrich	<td width="78%" class="vtable">
1448	ee9933b6	Renato Botelho	<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1449	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1450	4c263f57	sullrich	</div>
1451	ee9933b6	Renato Botelho	<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1452	0239d8ee	sullrich	<select name="l7container">
1453	7e50413c	Ermal Luçi	<?php
1454	0239d8ee	sullrich	if (!is_array($l7clist))
1455	06e2a55d	thompsa	$l7clist = array();
1456	0239d8ee	sullrich	echo "<option value=\"none\"";
1457			echo " >none</option>";
1458			foreach ($l7clist as $l7ckey) {
1459			echo "<option value=\"{$l7ckey}\"";
1460			if ($l7ckey == $pconfig['l7container']) {
1461			echo " SELECTED";
1462			}
1463			echo ">{$l7ckey}</option>";
1464			}
1465	7e50413c	Ermal Luçi	?>
1466	0239d8ee	sullrich	</select>
1467	7e50413c	Ermal Luçi	<br/>
1468	0239d8ee	sullrich	<span class="vexpl">
1469	4fe84f51	Carlos Eduardo Ramos	<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
1470			"These are valid for TCP and UDP protocols only.");?>
1471	0239d8ee	sullrich	</span>
1472			</div>
1473	7e50413c	Ermal Luçi	</td>
1474			</tr>
1475	d65962a7	Scott Ullrich	<?php
1476			// Allow extending of the firewall edit page and include custom input validation
1477			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate");
1478			?>
1479	8ab3e9ed	Erik Kristensen	<tr>
1480			<td width="22%" valign="top"> </td>
1481			<td width="78%">
1482	151eb2a9	sullrich	<br>
1483	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1484	8ab3e9ed	Erik Kristensen	<?php if (isset($id) && $a_filter[$id]): ?>
1485	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1486	8ab3e9ed	Erik Kristensen	<?php endif; ?>
1487	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1488	8ab3e9ed	Erik Kristensen	</td>
1489	82628210	Scott Ullrich	</tr>
1490	8ab3e9ed	Erik Kristensen	</table>
1491	5b237745	Scott Ullrich	</form>
1492			<script language="JavaScript">
1493	4dfd930e	Darren Embry	//<![CDATA[
1494	8ab3e9ed	Erik Kristensen	ext_change();
1495			typesel_change();
1496			proto_change();
1497	3e74107e	Erik Fonnesbeck	<?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") \|\| (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?>
1498			show_source_port_range();
1499			<?php endif; ?>
1500	19757279	Scott Ullrich
1501	4dfd930e	Darren Embry	var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
1502			var customarray = <?= json_encode(get_alias_list("port")) ?>;
1503	19757279	Scott Ullrich
1504	9eb60dcc	Ermal Lu?i	var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
1505			var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
1506			var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
1507			var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
1508			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
1509			var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
1510	4dfd930e	Darren Embry	//]]>
1511	5b237745	Scott Ullrich	</script>
1512			<?php include("fend.inc"); ?>
1513			</body>
1514	9b45f821	Ermal Lu?i	</html>

Project

General

Profile

pfSense