/usr/local/www/firewall_rules_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules_edit.php @ e12c63db

1	5ba18897	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	bdb7d6e7	Scott Ullrich	firewall_rules_edit.php
5	e4cabb75	Scott Ullrich	part of pfSense (http://www.pfsense.com)
6			Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	5ba18897	Scott Ullrich
8	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
9	bdb7d6e7	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10			All rights reserved.
11	5ba18897	Scott Ullrich
12	bdb7d6e7	Scott Ullrich	Redistribution and use in source and binary forms, with or without
13			modification, are permitted provided that the following conditions are met:
14	5ba18897	Scott Ullrich
15	bdb7d6e7	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
16			this list of conditions and the following disclaimer.
17	5ba18897	Scott Ullrich
18	bdb7d6e7	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
19			notice, this list of conditions and the following disclaimer in the
20			documentation and/or other materials provided with the distribution.
21	5ba18897	Scott Ullrich
22	bdb7d6e7	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31			POSSIBILITY OF SUCH DAMAGE.
32	5b237745	Scott Ullrich	*/
33	7ac5a4cb	Scott Ullrich	/*
34			pfSense_MODULE: filter
35			*/
36	5b237745	Scott Ullrich
37	6b07c15a	Matthew Grooms	##\|+PRIV
38			##\|*IDENT=page-firewall-rules-edit
39			##\|*NAME=Firewall: Rules: Edit page
40			##\|*DESCR=Allow access to the 'Firewall: Rules: Edit' page.
41			##\|MATCH=firewall_rules_edit.php
42			##\|-PRIV
43
44	5b237745	Scott Ullrich	require("guiconfig.inc");
45	1a03cf69	Scott Ullrich	require("filter.inc");
46			require("shaper.inc");
47	5b237745	Scott Ullrich
48	e5e5ba51	Vinicius Coque	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
49	3331a640	Ermal Lu?i	$ifdisp = get_configured_interface_with_descr();
50	679d21bb	Ermal Lu?i	foreach ($ifdisp as $kif => $kdescr) {
51	3331a640	Ermal Lu?i	$specialsrcdst[] = "{$kif}";
52			$specialsrcdst[] = "{$kif}ip";
53	679d21bb	Ermal Lu?i	}
54	5b237745	Scott Ullrich
55			if (!is_array($config['filter']['rule'])) {
56			$config['filter']['rule'] = array();
57			}
58			filter_rules_sort();
59			$a_filter = &$config['filter']['rule'];
60
61			$id = $_GET['id'];
62			if (is_numeric($_POST['id']))
63			$id = $_POST['id'];
64	5ba18897	Scott Ullrich
65	5b237745	Scott Ullrich	$after = $_GET['after'];
66
67			if (isset($_POST['after']))
68			$after = $_POST['after'];
69
70			if (isset($_GET['dup'])) {
71			$id = $_GET['dup'];
72			$after = $_GET['dup'];
73			}
74
75			if (isset($id) && $a_filter[$id]) {
76			$pconfig['interface'] = $a_filter[$id]['interface'];
77	5ba18897	Scott Ullrich
78	b9e28d57	unknown	if (isset($a_filter[$id]['id']))
79			$pconfig['ruleid'] = $a_filter[$id]['id'];
80
81	5b237745	Scott Ullrich	if (!isset($a_filter[$id]['type']))
82			$pconfig['type'] = "pass";
83			else
84			$pconfig['type'] = $a_filter[$id]['type'];
85	5ba18897	Scott Ullrich
86	4633edc2	Ermal Luçi	if (isset($a_filter[$id]['floating']) \|\| $if == "FloatingRules") {
87	661aed33	Ermal Luçi	$pconfig['floating'] = $a_filter[$id]['floating'];
88			if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
89			$pconfig['interface'] = $a_filter[$id]['interface'];
90			}
91
92			if (isset($a_filter['floating']))
93			$pconfig['floating'] = "yes";
94
95			if (isset($a_filter[$id]['direction']))
96			$pconfig['direction'] = $a_filter[$id]['direction'];
97
98	1306c7dd	Seth Mos	if (isset($a_filter[$id]['ipprotocol']))
99			$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
100
101	5b237745	Scott Ullrich	if (isset($a_filter[$id]['protocol']))
102			$pconfig['proto'] = $a_filter[$id]['protocol'];
103			else
104			$pconfig['proto'] = "any";
105	5ba18897	Scott Ullrich
106	5b237745	Scott Ullrich	if ($a_filter[$id]['protocol'] == "icmp")
107			$pconfig['icmptype'] = $a_filter[$id]['icmptype'];
108	5ba18897	Scott Ullrich
109	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['source'], $pconfig['src'],
110			$pconfig['srcmask'], $pconfig['srcnot'],
111			$pconfig['srcbeginport'], $pconfig['srcendport']);
112	5ba18897	Scott Ullrich
113	8be60f21	Scott Ullrich	if($a_filter[$id]['os'] <> "")
114			$pconfig['os'] = $a_filter[$id]['os'];
115	e33c8694	Bill Marquette
116	5b237745	Scott Ullrich	address_to_pconfig($a_filter[$id]['destination'], $pconfig['dst'],
117			$pconfig['dstmask'], $pconfig['dstnot'],
118			$pconfig['dstbeginport'], $pconfig['dstendport']);
119
120	c5fc1b2e	Ermal Luçi	if ($a_filter[$id]['dscp'] <> "")
121			$pconfig['dscp'] = $a_filter[$id]['dscp'];
122
123	5b237745	Scott Ullrich	$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
124			$pconfig['log'] = isset($a_filter[$id]['log']);
125			$pconfig['descr'] = $a_filter[$id]['descr'];
126	8c84fe43	Scott Ullrich
127	b8ed2a11	Ermal	if (isset($a_filter[$id]['tcpflags_any']))
128			$pconfig['tcpflags_any'] = true;
129			else {
130			if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
131			$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1'];
132			if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
133			$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2'];
134			}
135
136	5c1f5584	Ermal Luçi	if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
137	661aed33	Ermal Luçi	$pconfig['tag'] = $a_filter[$id]['tag'];
138	b6494651	Ermal Lu?i	if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "")
139	661aed33	Ermal Luçi	$pconfig['tagged'] = $a_filter[$id]['tagged'];
140			if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick'])
141			$pconfig['quick'] = $a_filter[$id]['quick'];
142	775ccea3	Ermal Luci	if (isset($a_filter[$id]['allowopts']))
143			$pconfig['allowopts'] = true;
144	19757916	Ermal Lu?i	if (isset($a_filter[$id]['disablereplyto']))
145			$pconfig['disablereplyto'] = true;
146	661aed33	Ermal Luçi
147	ed08ef3e	Scott Ullrich	/* advanced */
148	a56b2fa0	pierrepomes	$pconfig['max'] = $a_filter[$id]['max'];
149	f1c49ff4	Scott Ullrich	$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
150	26dd6a54	pierrepomes	$pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn'];
151	f1c49ff4	Scott Ullrich	$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
152			$pconfig['statetype'] = $a_filter[$id]['statetype'];
153	5ba18897	Scott Ullrich	$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
154	8c84fe43	Scott Ullrich
155	f1c49ff4	Scott Ullrich	/* advanced - nosync */
156	8c84fe43	Scott Ullrich	$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
157	10f21e70	Scott Ullrich
158	ed08ef3e	Scott Ullrich	/* advanced - new connection per second banning*/
159			$pconfig['max-src-conn-rate'] = $a_filter[$id]['max-src-conn-rate'];
160			$pconfig['max-src-conn-rates'] = $a_filter[$id]['max-src-conn-rates'];
161	5ba18897	Scott Ullrich
162	e5980370	Scott Ullrich	/* Multi-WAN next-hop support */
163	c98ddde2	Bill Marquette	$pconfig['gateway'] = $a_filter[$id]['gateway'];
164	615b27bc	Scott Dale
165	197bfe96	Ermal Luçi	/* Shaper support */
166			$pconfig['defaultqueue'] = $a_filter[$id]['defaultqueue'];
167			$pconfig['ackqueue'] = $a_filter[$id]['ackqueue'];
168	a5fd67e1	Ermal Luçi	$pconfig['dnpipe'] = $a_filter[$id]['dnpipe'];
169			$pconfig['pdnpipe'] = $a_filter[$id]['pdnpipe'];
170	7e50413c	Ermal Luçi	$pconfig['l7container'] = $a_filter[$id]['l7container'];
171	197bfe96	Ermal Luçi
172	615b27bc	Scott Dale	//schedule support
173			$pconfig['sched'] = $a_filter[$id]['sched'];
174	35c9cd44	Erik Fonnesbeck	if (!isset($_GET['dup']))
175			$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
176	c98ddde2	Bill Marquette
177	5b237745	Scott Ullrich	} else {
178			/* defaults */
179	a23d7248	Scott Ullrich	if ($_GET['if'])
180			$pconfig['interface'] = $_GET['if'];
181	e5e5ba51	Vinicius Coque	$pconfig['type'] = "pass";
182			$pconfig['src'] = "any";
183			$pconfig['dst'] = "any";
184	5b237745	Scott Ullrich	}
185	72320b88	Ermal Luçi	/* Allow the FlotingRules to work */
186			$if = $pconfig['interface'];
187	5b237745	Scott Ullrich
188			if (isset($_GET['dup']))
189			unset($id);
190
191			if ($_POST) {
192	99bdb17e	Seth Mos	unset($input_errors);
193	87f0be87	Chris Buechler
194	48a27d4f	Erik Fonnesbeck	if( isset($a_filter[$id]['associated-rule-id']) ) {
195			$_POST['proto'] = $pconfig['proto'];
196			if ($pconfig['proto'] == "icmp")
197			$_POST['icmptype'] = $pconfig['icmptype'];
198			}
199
200	87f0be87	Chris Buechler	if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
201	11d2c529	Rafael Lucas	$input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP.");
202	28f9e493	Scott Ullrich
203	a391d0ab	Ermal	if ($_POST['type'] == "match" && $_POST['defaultqueue'] == "none")
204			$input_errors[] = gettext("Queue type rules only work with queues.");
205
206	99bdb17e	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "")) {
207			foreach($config['gateways']['gateway_group'] as $gw_group) {
208			if($gw_group['name'] == $_POST['gateway']) {
209			$af = explode("\|", $gw_group['item'][0]);
210			$ip = lookup_gateway_ip_by_name($af[0]);
211			if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6($ip))) {
212			$input_errors[] = gettext("You can not assign a IPv4 gateway group on IPv6 Address Family rule");
213			}
214			if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4($ip))) {
215			$input_errors[] = gettext("You can not assign a IPv6 gateway group on IPv4 Address Family rule");
216			}
217			}
218			}
219			}
220	9dfd60db	Seth Mos	if (($_POST['ipprotocol'] <> "") && ($_POST['gateway'] <> "") && (is_ipaddr(lookup_gateway_ip_by_name($_POST['gateway'])))) {
221	99bdb17e	Seth Mos	if(($_POST['ipprotocol'] == "inet6") && (!is_ipaddrv6(lookup_gateway_ip_by_name($_POST['gateway'])))) {
222			$input_errors[] = gettext("You can not assign the IPv4 Gateway to a IPv6 Filter rule");
223			}
224			if(($_POST['ipprotocol'] == "inet") && (!is_ipaddrv4(lookup_gateway_ip_by_name($_POST['gateway'])))) {
225			$input_errors[] = gettext("You can not assign the IPv6 Gateway to a IPv4 Filter rule");
226			}
227			}
228
229
230	5b237745	Scott Ullrich	if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
231			$_POST['srcbeginport'] = 0;
232			$_POST['srcendport'] = 0;
233			$_POST['dstbeginport'] = 0;
234			$_POST['dstendport'] = 0;
235			} else {
236	5ba18897	Scott Ullrich
237	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
238			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
239			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
240			$_POST['srcendport'] = $_POST['srcendport_cust'];
241	5ba18897	Scott Ullrich
242	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
243			$_POST['srcbeginport'] = 0;
244			$_POST['srcendport'] = 0;
245	5ba18897	Scott Ullrich	} else {
246	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
247			$_POST['srcendport'] = $_POST['srcbeginport'];
248			}
249			if ($_POST['srcendport'] == "any")
250			$_POST['srcendport'] = $_POST['srcbeginport'];
251	5ba18897	Scott Ullrich
252	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
253			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
254			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
255			$_POST['dstendport'] = $_POST['dstendport_cust'];
256	5ba18897	Scott Ullrich
257	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
258			$_POST['dstbeginport'] = 0;
259			$_POST['dstendport'] = 0;
260	5ba18897	Scott Ullrich	} else {
261	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
262			$_POST['dstendport'] = $_POST['dstbeginport'];
263			}
264			if ($_POST['dstendport'] == "any")
265	5ba18897	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
266	5b237745	Scott Ullrich	}
267	5ba18897	Scott Ullrich
268	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
269			$_POST['src'] = $_POST['srctype'];
270			$_POST['srcmask'] = 0;
271			} else if ($_POST['srctype'] == "single") {
272			$_POST['srcmask'] = 32;
273			}
274			if (is_specialnet($_POST['dsttype'])) {
275			$_POST['dst'] = $_POST['dsttype'];
276			$_POST['dstmask'] = 0;
277			} else if ($_POST['dsttype'] == "single") {
278			$_POST['dstmask'] = 32;
279			}
280	5ba18897	Scott Ullrich
281	5b237745	Scott Ullrich	$pconfig = $_POST;
282
283			/* input validation */
284	1122a892	Erik Fonnesbeck	$reqdfields = explode(" ", "type proto");
285			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
286	48a27d4f	Erik Fonnesbeck	$reqdfields[] = "src";
287			$reqdfields[] = "dst";
288	1122a892	Erik Fonnesbeck	}
289			$reqdfieldsn = explode(",", "Type,Protocol");
290			if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
291			$reqdfieldsn[] = "Source";
292	473d0ff0	pierrepomes	$reqdfieldsn[] = "Destination";
293	1122a892	Erik Fonnesbeck	}
294	5b237745	Scott Ullrich
295	452ade89	Bill Marquette	if($_POST['statetype'] == "modulate state" or $_POST['statetype'] == "synproxy state") {
296	c22767b1	Bill Marquette	if( $_POST['proto'] != "tcp" )
297	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid with protocol tcp."),$_POST['statetype']);
298	452ade89	Bill Marquette	if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != ""))
299	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
300	452ade89	Bill Marquette	}
301	10f7933f	Chris Buechler
302	1122a892	Erik Fonnesbeck	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
303			(!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) ) {
304	5b237745	Scott Ullrich	$reqdfields[] = "srcmask";
305			$reqdfieldsn[] = "Source bit count";
306			}
307	9b16b834	Ermal Lu?i	if ( isset($a_filter[$id]['associated-rule-id'])===false &&
308	473d0ff0	pierrepomes	(!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) ) {
309	5b237745	Scott Ullrich	$reqdfields[] = "dstmask";
310	11d2c529	Rafael Lucas	$reqdfieldsn[] = gettext("Destination bit count");
311	5b237745	Scott Ullrich	}
312	5ba18897	Scott Ullrich
313	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
314	5ba18897	Scott Ullrich
315	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
316			$_POST['srcbeginport'] = 0;
317			$_POST['srcendport'] = 0;
318			}
319			if (!$_POST['dstbeginport']) {
320			$_POST['dstbeginport'] = 0;
321			$_POST['dstendport'] = 0;
322			}
323	5ba18897	Scott Ullrich
324	9b45f821	Ermal Lu?i	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
325	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
326	9b45f821	Ermal Lu?i	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
327	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
328	9b45f821	Ermal Lu?i	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
329	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstbeginport']);
330	9b45f821	Ermal Lu?i	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
331	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."),$_POST['dstendport']);
332	5909b520	Evgeny Yurchenko	if ( !$_POST['srcbeginport_cust'] && $_POST['srcendport_cust'])
333			if (is_alias($_POST['srcendport_cust']))
334			$input_errors[] = 'If you put port alias in Source port range to: field you must put the same port alias in from: field';
335			if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
336			if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust'])
337			$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields';
338			if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) \|\|
339			((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
340			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field';
341			}
342			if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust'])
343			if (is_alias($_POST['dstendport_cust']))
344			$input_errors[] = 'If you put port alias in Destination port range to: field you must put the same port alias in from: field';
345			if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
346			if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust'])
347			$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields';
348			if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) \|\|
349			((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
350			$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field';
351			}
352	5ba18897	Scott Ullrich
353	0e5ddcd9	Scott Ullrich	/* if user enters an alias and selects "network" then disallow. */
354			if($_POST['srctype'] == "network") {
355			if(is_alias($_POST['src']))
356	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
357	0e5ddcd9	Scott Ullrich	}
358			if($_POST['dsttype'] == "network") {
359			if(is_alias($_POST['dst']))
360	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
361	0e5ddcd9	Scott Ullrich	}
362
363	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
364	1e578a7f	Ermal Lu?i	if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
365	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."),$_POST['src']);
366	5b237745	Scott Ullrich	}
367			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
368	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid source bit count must be specified.");
369	5b237745	Scott Ullrich	}
370			}
371			if (!is_specialnet($_POST['dsttype'])) {
372	1e578a7f	Ermal Lu?i	if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
373	11d2c529	Rafael Lucas	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."),$_POST['dst']);
374	5b237745	Scott Ullrich	}
375			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
376	11d2c529	Rafael Lucas	$input_errors[] = gettext("A valid destination bit count must be specified.");
377	5b237745	Scott Ullrich	}
378			}
379	8c591d01	Seth Mos	if((is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst']))) {
380	270a2576	Seth Mos	if(!validate_address_family($_POST['src'], $_POST['dst']))
381			$input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']);
382	4108dee8	Seth Mos	if((is_ipaddrv6($_POST['src']) \|\| is_ipaddrv6($_POST['dst'])) && ($_POST['ipprotocol'] == "inet"))
383			$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
384			if((is_ipaddrv4($_POST['src']) \|\| is_ipaddrv4($_POST['dst'])) && ($_POST['ipprotocol'] == "inet6"))
385			$input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
386	270a2576	Seth Mos	}
387	5ba18897	Scott Ullrich
388	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
389			/* swap */
390			$tmp = $_POST['srcendport'];
391			$_POST['srcendport'] = $_POST['srcbeginport'];
392			$_POST['srcbeginport'] = $tmp;
393			}
394			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
395			/* swap */
396			$tmp = $_POST['dstendport'];
397			$_POST['dstendport'] = $_POST['dstbeginport'];
398			$_POST['dstbeginport'] = $tmp;
399			}
400	e33c8694	Bill Marquette	if ($_POST['os'])
401			if( $_POST['proto'] != "tcp" )
402	11d2c529	Rafael Lucas	$input_errors[] = gettext("OS detection is only valid with protocol tcp.");
403	5b237745	Scott Ullrich
404	197bfe96	Ermal Luçi	if ($_POST['ackqueue'] && $_POST['ackqueue'] != "none") {
405			if ($_POST['defaultqueue'] == "none" )
406	11d2c529	Rafael Lucas	$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
407	197bfe96	Ermal Luçi	else if ($_POST['ackqueue'] == $_POST['defaultqueue'])
408	11d2c529	Rafael Lucas	$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
409	197bfe96	Ermal Luçi	}
410	6735d092	Ermal	if (isset($_POST['floating']) && $_POST['pdnpipe'] != "none" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
411	02d7e4a4	Ermal	$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
412	622bd5e7	Ermal	if (isset($_POST['floating']) && $_POST['gateway'] != "" && (empty($_POST['direction']) \|\| $_POST['direction'] == "any"))
413	37d202a3	Ermal	$input_errors[] = gettext("You can not use gateways in Floating rules without choosing a direction.");
414	a5fd67e1	Ermal Luçi	if ($_POST['pdnpipe'] && $_POST['pdnpipe'] != "none") {
415			if ($_POST['dnpipe'] == "none" )
416	11d2c529	Rafael Lucas	$input_errors[] = gettext("You must select a queue for the In direction before selecting one for Out too.");
417	a5fd67e1	Ermal Luçi	else if ($_POST['pdnpipe'] == $_POST['dnpipe'])
418	11d2c529	Rafael Lucas	$input_errors[] = gettext("In and Out Queue cannot be the same.");
419	a5fd67e1	Ermal Luçi	else if ($pdnpipe[0] == "?" && $dnpipe[0] <> "?")
420	11d2c529	Rafael Lucas	$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
421			else if ($dnpipe[0] == "?" && $pdnpipe[0] <> "?")
422			$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
423	a5fd67e1	Ermal Luçi	}
424	b9e28d57	unknown	if( !empty($_POST['ruleid']) && !ctype_digit($_POST['ruleid']))
425	11d2c529	Rafael Lucas	$input_errors[] = gettext('ID must be an integer');
426	7e50413c	Ermal Luçi	if($_POST['l7container'] && $_POST['l7container'] != "none") {
427			if(!($_POST['proto'] == "tcp" \|\| $_POST['proto'] == "udp" \|\| $_POST['proto'] == "tcp/udp"))
428	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for TCP and/or UDP protocols");
429	3b184ca5	Ermal Lu?i	if ($_POST['type'] <> "pass")
430	11d2c529	Rafael Lucas	$input_errors[] = gettext("You can only select a layer7 container for Pass type rules.");
431	7e50413c	Ermal Luçi	}
432	197bfe96	Ermal Luçi
433	b8ed2a11	Ermal	if (!$_POST['tcpflags_any']) {
434			$settcpflags = array();
435			$outoftcpflags = array();
436			foreach ($tcpflags as $tcpflag) {
437			if ($_POST['tcpflags1_' . $tcpflag] == "on")
438			$settcpflags[] = $tcpflag;
439			if ($_POST['tcpflags2_' . $tcpflag] == "on")
440			$outoftcpflags[] = $tcpflag;
441			}
442			if (empty($outoftcpflags) && !empty($settcpflags))
443	11d2c529	Rafael Lucas	$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
444	b8ed2a11	Ermal	}
445
446	d65962a7	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
447			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation");
448
449	5b237745	Scott Ullrich	if (!$input_errors) {
450			$filterent = array();
451	b9e28d57	unknown	$filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:'';
452	5b237745	Scott Ullrich	$filterent['type'] = $_POST['type'];
453	661aed33	Ermal Luçi	if (isset($_POST['interface'] ))
454			$filterent['interface'] = $_POST['interface'];
455
456	1306c7dd	Seth Mos	if (isset($_POST['ipprotocol'] ))
457			$filterent['ipprotocol'] = $_POST['ipprotocol'];
458
459	b8ed2a11	Ermal	if ($_POST['tcpflags_any']) {
460			$filterent['tcpflags_any'] = true;
461			} else {
462			$settcpflags = array();
463			$outoftcpflags = array();
464			foreach ($tcpflags as $tcpflag) {
465			if ($_POST['tcpflags1_' . $tcpflag] == "on")
466			$settcpflags[] = $tcpflag;
467			if ($_POST['tcpflags2_' . $tcpflag] == "on")
468			$outoftcpflags[] = $tcpflag;
469			}
470			if (!empty($outoftcpflags)) {
471			$filterent['tcpflags2'] = join(",", $outoftcpflags);
472			if (!empty($settcpflags))
473			$filterent['tcpflags1'] = join(",", $settcpflags);
474			}
475			}
476
477	fd9ba7c0	Ermal	if (isset($_POST['tag']))
478			$filterent['tag'] = $_POST['tag'];
479			if (isset($_POST['tagged']))
480			$filterent['tagged'] = $_POST['tagged'];
481	661aed33	Ermal Luçi	if ($if == "FloatingRules" \|\| isset($_POST['floating'])) {
482			$filterent['direction'] = $_POST['direction'];
483			if (isset($_POST['quick']) && $_POST['quick'] <> "")
484			$filterent['quick'] = $_POST['quick'];
485			$filterent['floating'] = "yes";
486			if (isset($_POST['interface']) && count($_POST['interface']) > 0) {
487	f1602cc4	sullrich	$filterent['interface'] = implode(",", $_POST['interface']);
488	661aed33	Ermal Luçi	}
489			}
490	d59874c1	Scott Ullrich
491	bdb7d6e7	Scott Ullrich	/* Advanced options */
492	775ccea3	Ermal Luci	if ($_POST['allowopts'] == "yes")
493			$filterent['allowopts'] = true;
494			else
495			unset($filterent['allowopts']);
496	19757916	Ermal Lu?i	if ($_POST['disablereplyto'] == "yes")
497			$filterent['disablereplyto'] = true;
498			else
499			unset($filterent['disablereplyto']);
500	a56b2fa0	pierrepomes	$filterent['max'] = $_POST['max'];
501	bdb7d6e7	Scott Ullrich	$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
502	26dd6a54	pierrepomes	$filterent['max-src-conn'] = $_POST['max-src-conn'];
503	bdb7d6e7	Scott Ullrich	$filterent['max-src-states'] = $_POST['max-src-states'];
504	5ba18897	Scott Ullrich	$filterent['statetimeout'] = $_POST['statetimeout'];
505	fa9af164	Scott Ullrich	$filterent['statetype'] = $_POST['statetype'];
506	e33c8694	Bill Marquette	$filterent['os'] = $_POST['os'];
507	10f21e70	Scott Ullrich
508			/* Nosync directive - do not xmlrpc sync this item */
509	8c84fe43	Scott Ullrich	if($_POST['nosync'] <> "")
510	10f21e70	Scott Ullrich	$filterent['nosync'] = true;
511			else
512			unset($filterent['nosync']);
513
514	3f00c1dc	Scott Ullrich	/* unless both values are provided, unset the values - ticket #650 */
515			if($_POST['max-src-conn-rate'] <> "" and $_POST['max-src-conn-rates'] <> "") {
516			$filterent['max-src-conn-rate'] = $_POST['max-src-conn-rate'];
517			$filterent['max-src-conn-rates'] = $_POST['max-src-conn-rates'];
518			} else {
519			unset($filterent['max-src-conn-rate']);
520			unset($filterent['max-src-conn-rates']);
521			}
522	5ba18897	Scott Ullrich
523	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
524			$filterent['protocol'] = $_POST['proto'];
525			else
526			unset($filterent['protocol']);
527	5ba18897	Scott Ullrich
528	5b237745	Scott Ullrich	if ($_POST['proto'] == "icmp" && $_POST['icmptype'])
529			$filterent['icmptype'] = $_POST['icmptype'];
530			else
531			unset($filterent['icmptype']);
532	5ba18897	Scott Ullrich
533	5b237745	Scott Ullrich	pconfig_to_address($filterent['source'], $_POST['src'],
534			$_POST['srcmask'], $_POST['srcnot'],
535			$_POST['srcbeginport'], $_POST['srcendport']);
536	5ba18897	Scott Ullrich
537	5b237745	Scott Ullrich	pconfig_to_address($filterent['destination'], $_POST['dst'],
538			$_POST['dstmask'], $_POST['dstnot'],
539			$_POST['dstbeginport'], $_POST['dstendport']);
540	5ba18897	Scott Ullrich
541	f1602cc4	sullrich	if ($_POST['disabled'])
542			$filterent['disabled'] = true;
543			else
544			unset($filterent['disabled']);
545
546	c5fc1b2e	Ermal Luçi	if ($_POST['dscp'])
547			$filterent['dscp'] = $_POST['dscp'];
548
549	f1602cc4	sullrich	if ($_POST['log'])
550			$filterent['log'] = true;
551			else
552			unset($filterent['log']);
553	c68fc1e7	Bill Marquette	strncpy($filterent['descr'], $_POST['descr'], 52);
554	5ba18897	Scott Ullrich
555	c98ddde2	Bill Marquette	if ($_POST['gateway'] != "") {
556			$filterent['gateway'] = $_POST['gateway'];
557			}
558	197bfe96	Ermal Luçi
559			if (isset($_POST['defaultqueue']) && $_POST['defaultqueue'] != "none") {
560			$filterent['defaultqueue'] = $_POST['defaultqueue'];
561			if (isset($_POST['ackqueue']) && $_POST['ackqueue'] != "none")
562			$filterent['ackqueue'] = $_POST['ackqueue'];
563			}
564	c98ddde2	Bill Marquette
565	a5fd67e1	Ermal Luçi	if (isset($_POST['dnpipe']) && $_POST['dnpipe'] != "none") {
566			$filterent['dnpipe'] = $_POST['dnpipe'];
567			if (isset($_POST['pdnpipe']) && $_POST['pdnpipe'] != "none")
568			$filterent['pdnpipe'] = $_POST['pdnpipe'];
569			}
570
571	7e50413c	Ermal Luçi	if (isset($_POST['l7container']) && $_POST['l7container'] != "none") {
572			$filterent['l7container'] = $_POST['l7container'];
573			}
574
575	615b27bc	Scott Dale	if ($_POST['sched'] != "") {
576			$filterent['sched'] = $_POST['sched'];
577			}
578
579	1122a892	Erik Fonnesbeck	// If we have an associated nat rule, make sure the source and destination doesn't change
580	9b16b834	Ermal Lu?i	if( isset($a_filter[$id]['associated-rule-id']) ) {
581	0bfd0f79	Erik Fonnesbeck	$filterent['interface'] = $a_filter[$id]['interface'];
582	48a27d4f	Erik Fonnesbeck	if (isset($a_filter[$id]['protocol']))
583			$filterent['protocol'] = $a_filter[$id]['protocol'];
584			else if (isset($filterent['protocol']))
585			unset($filterent['protocol']);
586			if ($a_filter[$id]['protocol'] == "icmp" && $a_filter[$id]['icmptype'])
587			$filterent['icmptype'] = $a_filter[$id]['icmptype'];
588			else if (isset($filterent['icmptype']))
589			unset($filterent['icmptype']);
590	1306c7dd	Seth Mos
591	1122a892	Erik Fonnesbeck	$filterent['source'] = $a_filter[$id]['source'];
592	473d0ff0	pierrepomes	$filterent['destination'] = $a_filter[$id]['destination'];
593	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
594	473d0ff0	pierrepomes	}
595
596	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
597			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
598
599	5b237745	Scott Ullrich	if (isset($id) && $a_filter[$id])
600			$a_filter[$id] = $filterent;
601			else {
602			if (is_numeric($after))
603			array_splice($a_filter, $after+1, 0, array($filterent));
604			else
605			$a_filter[] = $filterent;
606			}
607	f4e2a352	Scott Ullrich
608	ea57ccb8	Erik Fonnesbeck	filter_rules_sort();
609	d65962a7	Scott Ullrich
610	5b237745	Scott Ullrich	write_config();
611	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
612	5ba18897	Scott Ullrich
613	661aed33	Ermal Luçi	if (isset($_POST['floating']))
614			header("Location: firewall_rules.php?if=FloatingRules");
615			else
616			header("Location: firewall_rules.php?if=" . $_POST['interface']);
617	5b237745	Scott Ullrich	exit;
618			}
619	c60824d2	Scott Ullrich	}
620
621	37c53a0d	Ermal Lu?i	read_altq_config(); /* XXX: */
622			$qlist =& get_unique_queue_list();
623			read_dummynet_config(); /* XXX: */
624			$dnqlist =& get_unique_dnqueue_list();
625			read_layer7_config();
626			$l7clist =& get_l7_unique_list();
627
628	11d2c529	Rafael Lucas	$pgtitle = array(gettext("Firewall"),gettext("Rules"),gettext("Edit"));
629	3cceb5d5	jim-p	$statusurl = "status_filter_reload.php";
630			$logurl = "diag_logs_filter.php";
631
632	a1357fe0	Bill Marquette	$closehead = false;
633	8ab3e9ed	Erik Kristensen
634			$page_filename = "firewall_rules_edit.php";
635	da7ae7ef	Bill Marquette	include("head.inc");
636	c60824d2	Scott Ullrich
637	5b237745	Scott Ullrich	?>
638	4bb99603	Scott Ullrich	<link rel="stylesheet" href="/javascript/chosen/chosen.css" />
639	5b237745	Scott Ullrich	</head>
640
641			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
642	f51d5d57	Darren Embry	<script type="text/javascript" src="/javascript/jquery.ipv4v6ify.js"></script>
643	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
644	5b237745	Scott Ullrich	<?php include("fbegin.inc"); ?>
645	48fc39a3	Scott Ullrich	<?php pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_input_errors"); ?>
646	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
647	8ab3e9ed	Erik Kristensen
648			<form action="firewall_rules_edit.php" method="post" name="iform" id="iform">
649	6eac9b90	Scott Ullrich	<input type='hidden' name="ruleid" value="<?=(isset($pconfig['ruleid'])&&$pconfig['ruleid']>0)?htmlspecialchars($pconfig['ruleid']):''?>">
650
651	8ab3e9ed	Erik Kristensen	<table width="100%" border="0" cellpadding="6" cellspacing="0">
652	e091cb45	Scott Ullrich	<tr>
653	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td>
654	e091cb45	Scott Ullrich	</tr>
655	b4b7bda6	Scott Ullrich	<?php
656			// Allow extending of the firewall edit page and include custom input validation
657			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
658			?>
659	8ab3e9ed	Erik Kristensen	<tr>
660	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
661	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
662	b5c78501	Seth Mos	<select name="type" class="formselect">
663	e5e5ba51	Vinicius Coque	<?php $types = explode(" ", "Pass Block Reject"); foreach ($types as $type): ?>
664	8ab3e9ed	Erik Kristensen	<option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['type'])) echo "selected"; ?>>
665			<?=htmlspecialchars($type);?>
666			</option>
667			<?php endforeach; ?>
668	a391d0ab	Ermal	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
669			<option value="match" <?php if ("match" == strtolower($pconfig['type'])) echo "selected"; ?>>Queue</option>
670			<?php endif; ?>
671	8c84fe43	Scott Ullrich	</select>
672	8ab3e9ed	Erik Kristensen	<br/>
673			<span class="vexpl">
674	11d2c529	Rafael Lucas	<?=gettext("Choose what to do with packets that match the criteria specified below.");?> <br/>
675			<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
676	8ab3e9ed	Erik Kristensen	</span>
677			</td>
678			</tr>
679			<tr>
680	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
681	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
682			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
683	11d2c529	Rafael Lucas	<strong><?=gettext("Disable this rule");?></strong><br />
684			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list.");?></span>
685	8ab3e9ed	Erik Kristensen	</td>
686			</tr>
687	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
688			<tr>
689	f1602cc4	sullrich	<td width="22%" valign="top" class="vncellreq">
690			<?=gettext("Quick");?>
691			</td>
692			<td width="78%" class="vtable">
693			<input name="quick" type="checkbox" id="quick" value="yes" <?php if ($pconfig['quick']) echo "checked=\"checked\""; ?> />
694			<strong><?=gettext("Apply the action immediately on match.");?></strong><br />
695			<span class="vexpl"><?=gettext("Set this option if you need to apply this action to traffic that matches this rule immediately.");?></span>
696			</td>
697			</tr>
698	e73b001e	Renato Botelho	<?php endif; ?>
699	48a27d4f	Erik Fonnesbeck	<?php $edit_disabled = ""; ?>
700			<?php if( isset($pconfig['associated-rule-id']) ): ?>
701			<tr>
702			<td width="22%" valign="top" class="vncell"><?=gettext("Associated filter rule");?></td>
703			<td width="78%" class="vtable">
704	e4b9d53b	Warren Baker	<span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("This is associated to a NAT rule.");?><br />
705	48a27d4f	Erik Fonnesbeck	<?=gettext("You cannot edit the interface, protocol, source, or destination of associated filter rules.");?><br />
706			<br />
707			<?php
708			$edit_disabled = "disabled";
709			if (is_array($config['nat']['rule'])) {
710			foreach( $config['nat']['rule'] as $index => $nat_rule ) {
711			if( isset($nat_rule['associated-rule-id']) && $nat_rule['associated-rule-id']==$pconfig['associated-rule-id'] ) {
712			echo "<a href=\"firewall_nat_edit.php?id={$index}\">" . gettext("View the NAT rule") . "</a><br>";
713			break;
714			}
715			}
716			}
717			echo "<input name='associated-rule-id' id='associated-rule-id' type='hidden' value='{$pconfig['associated-rule-id']}' >";
718			if (!empty($pconfig['interface']))
719			echo "<input name='interface' id='interface' type='hidden' value='{$pconfig['interface']}' >";
720			?>
721			<script type="text/javascript">
722			editenabled = 0;
723			</script>
724			</td>
725			</tr>
726	ee9933b6	Renato Botelho	<?php endif; ?>
727	8ab3e9ed	Erik Kristensen	<tr>
728	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
729	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
730	48a27d4f	Erik Fonnesbeck	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
731	4bb99603	Scott Ullrich	<select name="interface[]" title="Select interfaces..." multiple style="width:350px;" class="chzn-select" tabindex="2" <?=$edit_disabled;?>>
732	ee9933b6	Renato Botelho	<?php else: ?>
733	48a27d4f	Erik Fonnesbeck	<select name="interface" class="formselect" <?=$edit_disabled;?>>
734	8ab3e9ed	Erik Kristensen	<?php
735	661aed33	Ermal Luçi	endif;
736	a7782099	Ermal Lu?i	/* add group interfaces */
737	f1602cc4	sullrich	if (is_array($config['ifgroups']['ifgroupentry']))
738	a7782099	Ermal Lu?i	foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
739			if (have_ruleint_access($ifgen['ifname']))
740			$interfaces[$ifgen['ifname']] = $ifgen['ifname'];
741	b7391125	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
742	0040bcfa	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
743			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
744	5335811d	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
745	0040bcfa	Scott Ullrich	if(have_ruleint_access($ifent))
746	f1602cc4	sullrich	$interfaces[$ifent] = $ifdesc;
747	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
748	f1602cc4	sullrich	if(have_ruleint_access("l2tp"))
749			$interfaces['l2tp'] = "L2TP VPN";
750	b6742927	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
751			if(have_ruleint_access("pptp"))
752			$interfaces['pptp'] = "PPTP VPN";
753
754	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
755			$interfaces['pppoe'] = "PPPoE VPN";
756	b6742927	Scott Ullrich	/* add ipsec interfaces */
757	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
758	b6742927	Scott Ullrich	if(have_ruleint_access("enc0"))
759	0f266b2e	Chris Buechler	$interfaces["enc0"] = "IPsec";
760	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
761	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
762	d030c9de	Erik Fonnesbeck	$interfaces["openvpn"] = "OpenVPN";
763			$selected_interfaces = explode(",", $pconfig['interface']);
764	8ab3e9ed	Erik Kristensen	foreach ($interfaces as $iface => $ifacename): ?>
765	74aff49c	Renato Botelho	<option value="<?=$iface;?>" <?php if ($pconfig['interface'] <> "" && ( strcasecmp($pconfig['interface'], $iface) == 0 \|\| in_array($iface, $selected_interfaces) )) echo "selected"; ?>><?=$ifacename?></option>
766	8ab3e9ed	Erik Kristensen	<?php endforeach; ?>
767	8c84fe43	Scott Ullrich	</select>
768	8ab3e9ed	Erik Kristensen	<br />
769	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose on which interface packets must come in to match this rule.");?></span>
770	8ab3e9ed	Erik Kristensen	</td>
771			</tr>
772	661aed33	Ermal Luçi	<?php if ($if == "FloatingRules" \|\| isset($pconfig['floating'])): ?>
773	f1602cc4	sullrich	<tr>
774			<td width="22%" valign="top" class="vncellreq">
775			<?=gettext("Direction");?>
776			</td>
777			<td width="78%" class="vtable">
778			<select name="direction" class="formselect">
779	e5e5ba51	Vinicius Coque	<?php $directions = array('any','in','out');
780	f1602cc4	sullrich	foreach ($directions as $direction): ?>
781			<option value="<?=$direction;?>"
782			<?php if ($direction == $pconfig['direction']): ?>
783			selected="selected"
784			<?php endif; ?>
785			><?=$direction;?></option>
786			<?php endforeach; ?>
787			</select>
788			<input type="hidden" id="floating" name="floating" value="floating">
789			</td>
790			<tr>
791	661aed33	Ermal Luçi	<?php endif; ?>
792	1306c7dd	Seth Mos	<tr>
793			<td width="22%" valign="top" class="vncellreq"><?=gettext("TCP/IP Version");?></td>
794			<td width="78%" class="vtable">
795			<select name="ipprotocol" class="formselect">
796			<?php $ipproto = array('inet' => 'IPv4','inet6' => 'IPv6');
797			foreach ($ipproto as $proto => $name): ?>
798			<option value="<?=$proto;?>"
799			<?php if ($proto == $pconfig['ipprotocol']): ?>
800			selected="selected"
801			<?php endif; ?>
802			><?=$name;?></option>
803			<?php endforeach; ?>
804			</select>
805			<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br />
806			</td>
807			</tr>
808	8ab3e9ed	Erik Kristensen	<tr>
809	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
810	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
811	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="proto" class="formselect" onchange="proto_change()">
812	8ab3e9ed	Erik Kristensen	<?php
813	c6c26178	jim-p	$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP OSPF any carp pfsync");
814	8ab3e9ed	Erik Kristensen	foreach ($protocols as $proto): ?>
815			<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
816			<?php endforeach; ?>
817			</select>
818			<br />
819	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose which IP protocol this rule should match.");?> <br /> <?=gettext("Hint: in most cases, you should specify ");?><em>TCP</em>  <?=gettext("here.");?></span>
820	8ab3e9ed	Erik Kristensen	</td>
821			</tr>
822	3de8af0e	Scott Ullrich	<tr id="icmpbox" name="icmpbox">
823	11d2c529	Rafael Lucas	<td valign="top" class="vncell"><?=gettext("ICMP type");?></td>
824	8ab3e9ed	Erik Kristensen	<td class="vtable">
825	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="icmptype" class="formselect">
826	8ab3e9ed	Erik Kristensen	<?php
827			$icmptypes = array(
828	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
829	a01ce4c7	jim-p	"echoreq" => gettext("Echo request"),
830	abd67a31	Carlos Eduardo Ramos	"echorep" => gettext("Echo reply"),
831			"unreach" => gettext("Destination unreachable"),
832			"squench" => gettext("Source quench"),
833			"redir" => gettext("Redirect"),
834			"althost" => gettext("Alternate Host"),
835			"routeradv" => gettext("Router advertisement"),
836			"routersol" => gettext("Router solicitation"),
837			"timex" => gettext("Time exceeded"),
838			"paramprob" => gettext("Invalid IP header"),
839			"timereq" => gettext("Timestamp"),
840			"timerep" => gettext("Timestamp reply"),
841			"inforeq" => gettext("Information request"),
842			"inforep" => gettext("Information reply"),
843			"maskreq" => gettext("Address mask request"),
844			"maskrep" => gettext("Address mask reply")
845	8ab3e9ed	Erik Kristensen	);
846
847			foreach ($icmptypes as $icmptype => $descr): ?>
848			<option value="<?=$icmptype;?>" <?php if ($icmptype == $pconfig['icmptype']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
849			<?php endforeach; ?>
850			</select>
851			<br />
852	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("If you selected ICMP for the protocol above, you may specify an ICMP type here.");?></span>
853	8ab3e9ed	Erik Kristensen	</td>
854			</tr>
855			<tr>
856	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source");?></td>
857	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
858	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
859	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
860	8ab3e9ed	Erik Kristensen	<br />
861	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
862	8ab3e9ed	Erik Kristensen	<br />
863			<br />
864			<table border="0" cellspacing="0" cellpadding="0">
865			<tr>
866	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
867	8ab3e9ed	Erik Kristensen	<td>
868	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srctype" class="formselect" onChange="typesel_change()">
869	87f0be87	Chris Buechler	<?php
870			$sel = is_specialnet($pconfig['src']); ?>
871	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
872			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
873			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
874	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
875	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
876	99ea4439	Scott Ullrich	<?php endif; ?>
877			<?php if(have_ruleint_access("pppoe")): ?>
878	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
879	99ea4439	Scott Ullrich	<?php endif; ?>
880	8a6bc505	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
881	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
882	8a6bc505	Ermal Lu?i	<?php endif; ?>
883	8ab3e9ed	Erik Kristensen	<?php
884	5335811d	Ermal Luçi	foreach ($ifdisp as $ifent => $ifdesc): ?>
885			<?php if(have_ruleint_access($ifent)): ?>
886	11d2c529	Rafael Lucas	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?><?=gettext(" subnet");?></option>
887	5335811d	Ermal Luçi	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
888	11d2c529	Rafael Lucas	<?=$ifdesc?> <?=gettext("address");?>
889	e30a5970	Scott Ullrich	</option>
890	99ea4439	Scott Ullrich	<?php endif; ?>
891	b7391125	Ermal Luçi	<?php endforeach; ?>
892	8ab3e9ed	Erik Kristensen	</select>
893			</td>
894			</tr>
895			<tr>
896	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
897	8ab3e9ed	Erik Kristensen	<td>
898	979b179d	Darren Embry	<input <?=$edit_disabled;?> autocomplete='off' name="src" type="text" class="formfldalias ipv4v6" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
899			<select <?=$edit_disabled;?> name="srcmask" class="formselect ipv4v6" id="srcmask">
900	15705bc0	Seth Mos	<?php for ($i = 127; $i > 0; $i--): ?>
901	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
902			<?php endfor; ?>
903			</select>
904	bdb7d6e7	Scott Ullrich	</td>
905	8ab3e9ed	Erik Kristensen	</tr>
906			</table>
907	22abf2ef	Scott Ullrich	<div id="showadvancedboxspr">
908			<p>
909	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> type="button" onClick="show_source_port_range()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source port range");?></a>
910	22abf2ef	Scott Ullrich	</div>
911	8ab3e9ed	Erik Kristensen	</td>
912	e33c8694	Bill Marquette	</tr>
913	3de8af0e	Scott Ullrich	<tr style="display:none" id="sprtable" name="sprtable">
914	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range");?></td>
915	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
916			<table border="0" cellspacing="0" cellpadding="0">
917			<tr>
918	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
919	8ab3e9ed	Erik Kristensen	<td>
920	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
921	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
922	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
923	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
924			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
925			<?php endforeach; ?>
926	8c84fe43	Scott Ullrich	</select>
927	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>">
928	8ab3e9ed	Erik Kristensen	</td>
929			</tr>
930			<tr>
931	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
932	8ab3e9ed	Erik Kristensen	<td>
933	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="srcendport" class="formselect" onchange="ext_change()">
934	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
935	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
936	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
937			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
938			<?php endforeach; ?>
939	8c84fe43	Scott Ullrich	</select>
940	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>">
941	8ab3e9ed	Erik Kristensen	</td>
942			</tr>
943			</table>
944			<br />
945	87000ded	Erik Fonnesbeck	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule."); ?> <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be"); ?> "<?=gettext("any"); ?>").</b><br /><?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port.");?></span><br/>
946	8ab3e9ed	Erik Kristensen	</td>
947	8c84fe43	Scott Ullrich	</tr>
948	8ab3e9ed	Erik Kristensen	<tr>
949	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination");?></td>
950	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
951	48a27d4f	Erik Fonnesbeck	<input <?=$edit_disabled;?> name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
952	11d2c529	Rafael Lucas	<strong><?=gettext("not");?></strong>
953	8ab3e9ed	Erik Kristensen	<br />
954	11d2c529	Rafael Lucas	<?=gettext("Use this option to invert the sense of the match.");?>
955	8ab3e9ed	Erik Kristensen	<br />
956			<br />
957			<table border="0" cellspacing="0" cellpadding="0">
958			<tr>
959	21600ab1	Vinicius Coque	<td><?=gettext("Type:");?>  </td>
960	8ab3e9ed	Erik Kristensen	<td>
961	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dsttype" class="formselect" onChange="typesel_change()">
962	87f0be87	Chris Buechler	<?php
963			$sel = is_specialnet($pconfig['dst']); ?>
964	11d2c529	Rafael Lucas	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any");?></option>
965			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias");?></option>
966			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network");?></option>
967	99ea4439	Scott Ullrich	<?php if(have_ruleint_access("pptp")): ?>
968	11d2c529	Rafael Lucas	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients");?></option>
969	99ea4439	Scott Ullrich	<?php endif; ?>
970			<?php if(have_ruleint_access("pppoe")): ?>
971	11d2c529	Rafael Lucas	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients");?></option>
972	99ea4439	Scott Ullrich	<?php endif; ?>
973	3331a640	Ermal Lu?i	<?php if(have_ruleint_access("l2tp")): ?>
974	11d2c529	Rafael Lucas	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients");?></option>
975	3331a640	Ermal Lu?i	<?php endif; ?>
976	b7391125	Ermal Luçi
977			<?php foreach ($ifdisp as $if => $ifdesc): ?>
978			<?php if(have_ruleint_access($if)): ?>
979	11d2c529	Rafael Lucas	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet");?></option>
980	b7391125	Ermal Luçi	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
981	11d2c529	Rafael Lucas	<?=$ifdesc;?> <?=gettext("address");?>
982	cbff71a1	Scott Ullrich	</option>
983	99ea4439	Scott Ullrich	<?php endif; ?>
984	b7391125	Ermal Luçi	<?php endforeach; ?>
985	8ab3e9ed	Erik Kristensen	</select>
986			</td>
987			</tr>
988			<tr>
989	21600ab1	Vinicius Coque	<td><?=gettext("Address:");?>  </td>
990	8ab3e9ed	Erik Kristensen	<td>
991	979b179d	Darren Embry	<input <?=$edit_disabled;?> autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
992	8ab3e9ed	Erik Kristensen	/
993	979b179d	Darren Embry	<select <?=$edit_disabled;?> name="dstmask" class="formselect ipv4v6" id="dstmask">
994	8ab3e9ed	Erik Kristensen	<?php
995	15705bc0	Seth Mos	for ($i = 127; $i > 0;
996			$i--): ?>
997	8ab3e9ed	Erik Kristensen	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
998			<?php endfor; ?>
999			</select>
1000			</td>
1001			</tr>
1002			</table>
1003			</td>
1004			</tr>
1005	3de8af0e	Scott Ullrich	<tr id="dprtr" name="dprtr">
1006	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range ");?></td>
1007	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1008			<table border="0" cellspacing="0" cellpadding="0">
1009			<tr>
1010	21600ab1	Vinicius Coque	<td><?=gettext("from:");?>  </td>
1011	8ab3e9ed	Erik Kristensen	<td>
1012	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
1013	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1014	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1015	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1016			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
1017	3deb92f7	Renato Botelho	<?php endforeach; ?>
1018	8ab3e9ed	Erik Kristensen	</select>
1019	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>">
1020	8ab3e9ed	Erik Kristensen	</td>
1021			</tr>
1022			<tr>
1023	21600ab1	Vinicius Coque	<td><?=gettext("to:");?></td>
1024	8ab3e9ed	Erik Kristensen	<td>
1025	48a27d4f	Erik Fonnesbeck	<select <?=$edit_disabled;?> name="dstendport" class="formselect" onchange="ext_change()">
1026	abd67a31	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
1027	11d2c529	Rafael Lucas	<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any");?></option>
1028	8ab3e9ed	Erik Kristensen	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
1029			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
1030			<?php endforeach; ?>
1031	8c84fe43	Scott Ullrich	</select>
1032	dd5bf424	Scott Ullrich	<input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>">
1033	8ab3e9ed	Erik Kristensen	</td>
1034			</tr>
1035			</table>
1036			<br />
1037			<span class="vexpl">
1038	11d2c529	Rafael Lucas	<?=gettext("Specify the port or port range for the destination of the packet for this rule.");?>
1039	adb633a0	sullrich	<br />
1040	345b9715	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em><?=gettext("'to'"); ?></em> <?=gettext("field empty if you only want to filter a single port");?>
1041	8ab3e9ed	Erik Kristensen	</span>
1042			</td>
1043			</tr>
1044			<tr>
1045	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncellreq"><?=gettext("Log");?></td>
1046	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1047			<input name="log" type="checkbox" id="log" value="yes" <?php if ($pconfig['log']) echo "checked"; ?>>
1048	11d2c529	Rafael Lucas	<strong><?=gettext("Log packets that are handled by this rule");?></strong>
1049	adb633a0	sullrich	<br />
1050	0fb885bc	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Hint: the firewall has limited local log space. Don't turn on logging for everything. If you want to do a lot of logging, consider using a remote syslog server"); ?> (<?=gettext("see the"); ?> <a href="diag_logs_settings.php"><?=gettext("Diagnostics: System logs: Settings"); ?></a> <?=gettext("page"); ?>).</span>
1051	8ab3e9ed	Erik Kristensen	</td>
1052			</tr>
1053	151eb2a9	sullrich	<tr>
1054	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
1055	151eb2a9	sullrich	<td width="78%" class="vtable">
1056			<input name="descr" type="text" class="formfld unknown" id="descr" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['descr']);?>">
1057			<br />
1058	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span>
1059	151eb2a9	sullrich	</td>
1060			</tr>
1061	8e0c3760	Ermal	<?php if (!isset($id) \|\| !($a_filter[$id] && firewall_check_for_advanced_options($a_filter[$id]) <> "")): ?>
1062	151eb2a9	sullrich	<tr>
1063			<td width="22%" valign="top"> </td>
1064			<td width="78%">
1065			<br>
1066	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1067	151eb2a9	sullrich	<?php if (isset($id) && $a_filter[$id]): ?>
1068	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1069	151eb2a9	sullrich	<?php endif; ?>
1070	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1071	151eb2a9	sullrich	</td>
1072			</tr>
1073	8e0c3760	Ermal	<?php endif; ?>
1074	151eb2a9	sullrich	<tr>
1075			<td> </td>
1076			</tr>
1077			<tr>
1078	11d2c529	Rafael Lucas	<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced features");?></td>
1079	151eb2a9	sullrich	</tr>
1080	f1602cc4	sullrich	<tr>
1081	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Source OS");?></td>
1082	e265d9f5	sullrich	<td width="78%" class="vtable">
1083	ee9933b6	Renato Botelho	<div id="showadvsourceosbox" <?php if ($pconfig['os']) echo "style='display:none'"; ?>>
1084	157a6919	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_sourceos()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1085	adb633a0	sullrich	</div>
1086	ee9933b6	Renato Botelho	<div id="showsourceosadv" <?php if (empty($pconfig['os'])) echo "style='display:none'"; ?>>
1087	21600ab1	Vinicius Coque	<?=gettext("OS Type:");?>
1088	adb633a0	sullrich	<select name="os" id="os" class="formselect">
1089	f1602cc4	sullrich	<?php
1090	adb633a0	sullrich	$ostypes = array(
1091	abd67a31	Carlos Eduardo Ramos	"" => gettext("any"),
1092	adb633a0	sullrich	"AIX" => "AIX",
1093			"Linux" => "Linux",
1094			"FreeBSD" => "FreeBSD",
1095			"NetBSD" => "NetBSD",
1096			"OpenBSD" => "OpenBSD",
1097			"Solaris" => "Solaris",
1098			"MacOS" => "MacOS",
1099			"Windows" => "Windows",
1100			"Novell" => "Novell",
1101			"NMAP" => "NMAP"
1102			);
1103			foreach ($ostypes as $ostype => $descr): ?>
1104			<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option>
1105			<?php
1106			endforeach;
1107			?>
1108			</select>
1109			<br />
1110	11d2c529	Rafael Lucas	<?=gettext("Note: this only works for TCP rules");?>
1111	adb633a0	sullrich	</div>
1112	f1602cc4	sullrich	</td>
1113			</tr>
1114	30c4ae8a	sullrich	<tr>
1115	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Diffserv Code Point");?></td>
1116	30c4ae8a	sullrich	<td width="78%" class="vtable">
1117	ee9933b6	Renato Botelho	<div id="dsadv" name="dsadv" <?php if ($pconfig['dscp']) echo "style='display:none'"; ?>>
1118	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_dsdiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1119	30c4ae8a	sullrich	</div>
1120	ee9933b6	Renato Botelho	<div id="dsdivmain" name="dsdivmain" <?php if (empty($pconfig['dscp'])) echo "style='display:none'"; ?>>
1121	30c4ae8a	sullrich	<select name="dscp" id="dscp">
1122			<option value=""></option>
1123			<?php foreach($firewall_rules_dscp_types as $frdt): ?>
1124			<option value="<?=$frdt?>"<?php if($pconfig['dscp'] == $frdt) echo " SELECTED"; ?>><?=$frdt?></option>
1125			<?php endforeach; ?>
1126			</select>
1127			</div>
1128			</td>
1129			</tr>
1130	661aed33	Ermal Luçi	<tr>
1131	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Advanced Options");?></td>
1132	e6db3f58	Ermal Luçi	<td width="78%" class="vtable">
1133			<div id="aoadv" name="aoadv">
1134	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_aodiv();" value="<?=gettext("Advanced"); ?>"> - <?=gettext("Show advanced option");?>
1135	e6db3f58	Ermal Luçi	</div>
1136			<div id="aodivmain" name="aodivmain" style="display:none">
1137	f1602cc4	sullrich	<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
1138	a29dc11b	Chris Buechler	<br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
1139	f1602cc4	sullrich	</span><p>
1140	19757916	Ermal Lu?i	<input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>>
1141			<br/><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?>
1142			</span><p>
1143	f1602cc4	sullrich	<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>">
1144	345b9715	Carlos Eduardo Ramos	<br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called"); ?> <b><?=gettext("Policy filtering"); ?></b>
1145	775ccea3	Ermal Luci	</span><p>
1146	f1602cc4	sullrich	<input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>">
1147			<br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?>
1148			</span> <p>
1149	dd5bf424	Scott Ullrich	<input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p>
1150			<input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p>
1151			<input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p>
1152			<input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>"><br><?=gettext(" Maximum state entries per host");?></p><p>
1153			<input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>"> /
1154	8ab3e9ed	Erik Kristensen	<select name="max-src-conn-rates" id="max-src-conn-rates">
1155			<option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option>
1156			<?php for($x=1; $x<255; $x++) {
1157			if($x == $pconfig['max-src-conn-rates']) $selected = " selected"; else $selected = "";
1158			echo "<option value=\"{$x}\"{$selected}>{$x}</option>\n";
1159			} ?>
1160	47042140	Scott Ullrich	</select><br />
1161	11d2c529	Rafael Lucas	<?=gettext("Maximum new connections / per second(s)");?>
1162	e4d79ab0	Ermal	</p><p>
1163	47042140	Scott Ullrich
1164	dd5bf424	Scott Ullrich	<input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>"><br>
1165	11d2c529	Rafael Lucas	<?=gettext("State Timeout in seconds");?>
1166	e4d79ab0	Ermal	</p>
1167	47042140	Scott Ullrich
1168	e4b9d53b	Warren Baker	<p><strong><?=gettext("Note: Leave fields blank to disable that feature.");?></strong></p>
1169	197b2a47	Scott Ullrich	</div>
1170	8ab3e9ed	Erik Kristensen	</td>
1171			</tr>
1172	b8ed2a11	Ermal	<tr id="tcpflags" name="tcpflags">
1173	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
1174	b8ed2a11	Ermal	<td width="78%" class="vtable">
1175	ee9933b6	Renato Botelho	<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] \|\| $pconfig['tcpflags1'] \|\| $pconfig['tcpflags2']) echo "style='display:none'"; ?>>
1176	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1177	b8ed2a11	Ermal	</div>
1178	ee9933b6	Renato Botelho	<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
1179	b8ed2a11	Ermal	<div id="tcpheader" name="tcpheader">
1180			<center>
1181			<table border="0" cellspacing="0" cellpadding="0">
1182			<?php
1183			$setflags = explode(",", $pconfig['tcpflags1']);
1184			$outofflags = explode(",", $pconfig['tcpflags2']);
1185			$header = "<td width='40' nowrap></td>";
1186			$tcpflags1 = "<td width='40' nowrap>set</td>";
1187			$tcpflags2 = "<td width='40' nowrap>out of</td>";
1188			foreach ($tcpflags as $tcpflag) {
1189			$header .= "<td width='40' nowrap><strong>" . strtoupper($tcpflag) . "</strong></td>\n";
1190			$tcpflags1 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags1_{$tcpflag}' value='on' ";
1191			if (array_search($tcpflag, $setflags) !== false)
1192			$tcpflags1 .= "checked";
1193			$tcpflags1 .= "></td>\n";
1194			$tcpflags2 .= "<td width='40' nowrap> <input type='checkbox' name='tcpflags2_{$tcpflag}' value='on' ";
1195			if (array_search($tcpflag, $outofflags) !== false)
1196			$tcpflags2 .= "checked";
1197			$tcpflags2 .= "></td>\n";
1198			}
1199			echo "<tr id='tcpheader' name='tcpheader'>{$header}</tr>\n";
1200			echo "<tr id='tcpflags1' name='tcpflags1'>{$tcpflags1}</tr>\n";
1201			echo "<tr id='tcpflags2' name='tcpflags2'>{$tcpflags2}</tr>\n";
1202			?>
1203			</table>
1204			<center>
1205			</div>
1206			<br/><center>
1207	11d2c529	Rafael Lucas	<input onClick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked"; ?>><strong><?=gettext("Any flags.");?></strong><br/></center>
1208	b8ed2a11	Ermal	<br/>
1209	95938fae	jim-p	<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
1210	11d2c529	Rafael Lucas	"be set or cleared for this rule to match.");?></span>
1211	b8ed2a11	Ermal	</div>
1212			</td>
1213			</tr>
1214	8ab3e9ed	Erik Kristensen	<tr>
1215	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td>
1216	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1217	ee9933b6	Renato Botelho	<div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>>
1218	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_state()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1219	f6970b2f	Scott Ullrich	</div>
1220	ee9933b6	Renato Botelho	<div id="showstateadv" <?php if (empty($pconfig['statetype']) \|\| $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>>
1221	f6970b2f	Scott Ullrich	<select name="statetype">
1222	11d2c529	Rafael Lucas	<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected"; ?>><?=gettext("keep state");?></option>
1223			<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected"; ?>><?=gettext("sloppy state");?></option>
1224			<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected"; ?>><?=gettext("synproxy state");?></option>
1225			<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected"; ?>><?=gettext("none");?></option>
1226	e4b9d53b	Warren Baker	</select><br><?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
1227	f6970b2f	Scott Ullrich	<p>
1228			<table width="90%">
1229	67300ce5	Ermal	<tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1230			<tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
1231			<tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr>
1232			<tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr>
1233	f6970b2f	Scott Ullrich	</table>
1234			</p>
1235			</div>
1236	8ab3e9ed	Erik Kristensen	</td>
1237			</tr>
1238	10f21e70	Scott Ullrich	<tr>
1239	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
1240	10f21e70	Scott Ullrich	<td width="78%" class="vtable">
1241	ee9933b6	Renato Botelho	<div id="showadvnoxmlrpcsyncbox" <?php if ($pconfig['nosync']) echo "style='display:none'"; ?>>
1242	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_noxmlrpc()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1243	0239d8ee	sullrich	</div>
1244	ee9933b6	Renato Botelho	<div id="shownoxmlrpcadv" <?php if (empty($pconfig['nosync'])) echo "style='display:none'"; ?>>
1245	0239d8ee	sullrich	<input type="checkbox" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
1246	e4b9d53b	Warren Baker	<?=gettext("Hint: This prevents the rule from automatically syncing to other CARP members.");?>
1247	0239d8ee	sullrich	</div>
1248	10f21e70	Scott Ullrich	</td>
1249	8c84fe43	Scott Ullrich	</tr>
1250	615b27bc	Scott Dale	<?php
1251			//build list of schedules
1252			$schedules = array();
1253			$schedules[] = "none";//leave none to leave rule enabled all the time
1254	a60fd0cb	Scott Ullrich	if(is_array($config['schedules']['schedule'])) {
1255			foreach ($config['schedules']['schedule'] as $schedule) {
1256			if ($schedule['name'] <> "")
1257			$schedules[] = $schedule['name'];
1258			}
1259			}
1260	615b27bc	Scott Dale	?>
1261			<tr>
1262	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Schedule");?></td>
1263	615b27bc	Scott Dale	<td width="78%" class="vtable">
1264	ee9933b6	Renato Botelho	<div id="showadvschedulebox" <?php if (!empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1265	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_schedule()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1266	0239d8ee	sullrich	</div>
1267	ee9933b6	Renato Botelho	<div id="showscheduleadv" <?php if (empty($pconfig['sched'])) echo "style='display:none'"; ?>>
1268	0239d8ee	sullrich	<select name='sched'>
1269	615b27bc	Scott Dale	<?php
1270	0239d8ee	sullrich	foreach($schedules as $schedule) {
1271			if($schedule == $pconfig['sched']) {
1272			$selected = " SELECTED";
1273			} else {
1274			$selected = "";
1275			}
1276			if ($schedule == "none") {
1277			echo "<option value=\"\" {$selected}>{$schedule}</option>\n";
1278			} else {
1279			echo "<option value=\"{$schedule}\" {$selected}>{$schedule}</option>\n";
1280			}
1281	615b27bc	Scott Dale	}
1282	0239d8ee	sullrich	?>
1283			</select>
1284	11d2c529	Rafael Lucas	<p><?=gettext("Leave as 'none' to leave the rule enabled all the time.");?></p>
1285	0239d8ee	sullrich	</div>
1286	615b27bc	Scott Dale	</td>
1287			</tr>
1288	82628210	Scott Ullrich	<tr>
1289	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Gateway");?></td>
1290	8ab3e9ed	Erik Kristensen	<td width="78%" class="vtable">
1291	ee9933b6	Renato Botelho	<div id="showadvgatewaybox" <?php if (!empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1292	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_gateway()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1293	0239d8ee	sullrich	</div>
1294	ee9933b6	Renato Botelho	<div id="showgatewayadv" <?php if (empty($pconfig['gateway'])) echo "style='display:none'"; ?>>
1295	0239d8ee	sullrich	<select name='gateway'>
1296	11d2c529	Rafael Lucas	<option value="" ><?=gettext("default");?></option>
1297	8ab3e9ed	Erik Kristensen	<?php
1298	1b38ac36	Ermal	/* build a list of gateways */
1299			$gateways = return_gateways_array();
1300	106804a2	Chris Buechler	// add statically configured gateways to list
1301	1b38ac36	Ermal	foreach($gateways as $gwname => $gw) {
1302	270a2576	Seth Mos	if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6($gw['gateway']))
1303			continue;
1304			if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4($gw['gateway']))
1305			continue;
1306	0239d8ee	sullrich	if($gw == "")
1307	0581660c	Scott Ullrich	continue;
1308	1b38ac36	Ermal	if($gwname == $pconfig['gateway']) {
1309	4443d4d6	Scott Ullrich	$selected = " SELECTED";
1310	1fda0968	Scott Ullrich	} else {
1311			$selected = "";
1312			}
1313	1b38ac36	Ermal	echo "<option value=\"{$gwname}\" {$selected}>{$gw['name']} - {$gw['gateway']}</option>\n";
1314	106804a2	Chris Buechler	}
1315	0239d8ee	sullrich	/* add gateway groups to the list */
1316			if (is_array($config['gateways']['gateway_group'])) {
1317			foreach($config['gateways']['gateway_group'] as $gw_group) {
1318	a1c10b7f	Seth Mos	$af = explode("\|", $gw_group['item'][0]);
1319			if(($pconfig['ipprotocol'] == "inet6") && !is_ipaddrv6(lookup_gateway_ip_by_name($af[0])))
1320	270a2576	Seth Mos	continue;
1321	a1c10b7f	Seth Mos	if(($pconfig['ipprotocol'] == "inet") && !is_ipaddrv4(lookup_gateway_ip_by_name($af[0])))
1322	270a2576	Seth Mos	continue;
1323	0239d8ee	sullrich	if($gw_group['name'] == "")
1324			continue;
1325			if($pconfig['gateway'] == $gw_group['name']) {
1326	270a2576	Seth Mos	$selected = " SELECTED";
1327	0239d8ee	sullrich	} else {
1328	270a2576	Seth Mos	$selected = "";
1329	0239d8ee	sullrich	}
1330	270a2576	Seth Mos	echo "<option value=\"{$gw_group['name']}\" $selected>{$gw_group['name']}</option>\n";
1331	0239d8ee	sullrich	}
1332			}
1333	8ab3e9ed	Erik Kristensen	?>
1334	0239d8ee	sullrich	</select>
1335	e85604b8	Chris Buechler	<p><?=gettext("Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.");?></p>
1336	0239d8ee	sullrich	</div>
1337	8ab3e9ed	Erik Kristensen	</td>
1338			</tr>
1339	a5fd67e1	Ermal Luçi	<tr>
1340	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("In/Out");?></td>
1341	a5fd67e1	Ermal Luçi	<td width="78%" class="vtable">
1342	ee9933b6	Renato Botelho	<div id="showadvinoutbox" <?php if (!empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1343	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_inout()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1344	4c263f57	sullrich	</div>
1345	ee9933b6	Renato Botelho	<div id="showinoutadv" <?php if (empty($pconfig['dnpipe'])) echo "style='display:none'"; ?>>
1346	4c263f57	sullrich	<select name="dnpipe">
1347	a5fd67e1	Ermal Luçi	<?php
1348			if (!is_array($dnqlist))
1349			$dnqlist = array();
1350			echo "<option value=\"none\"";
1351			if (!$dnqselected) echo " SELECTED";
1352			echo " >none</option>";
1353			foreach ($dnqlist as $dnq => $dnqkey) {
1354			if($dnq == "")
1355			continue;
1356			echo "<option value=\"$dnqkey\"";
1357			if ($dnqkey == $pconfig['dnpipe']) {
1358			$dnqselected = 1;
1359			echo " SELECTED";
1360			}
1361			echo ">{$dnq}</option>";
1362			}
1363			?>
1364			</select> /
1365			<select name="pdnpipe">
1366			<?php
1367			$dnqselected = 0;
1368			echo "<option value=\"none\"";
1369			if (!$dnqselected) echo " SELECTED";
1370			echo " >none</option>";
1371			foreach ($dnqlist as $dnq => $dnqkey) {
1372			if($dnq == "")
1373			continue;
1374			echo "<option value=\"$dnqkey\"";
1375			if ($dnqkey == $pconfig['pdnpipe']) {
1376			$dnqselected = 1;
1377			echo " SELECTED";
1378			}
1379			echo ">{$dnq}</option>";
1380			}
1381			?>
1382	4c263f57	sullrich	</select>
1383	a5fd67e1	Ermal Luçi	<br />
1384	bb8f186e	Chris Buechler	<span class="vexpl"><?=gettext("Choose the Out queue/Virtual interface only if you have also selected In.")."<br/>".gettext("The Out selection is applied to traffic leaving the interface where the rule is created, In is applied to traffic coming into the chosen interface.")."<br/>".gettext("If you are creating a floating rule, if the direction is In then the same rules apply, if the direction is out the selections are reverted Out is for incoming and In is for outgoing.");?></span>
1385	4c263f57	sullrich	</div>
1386	a5fd67e1	Ermal Luçi	</td>
1387			</tr>
1388
1389	197bfe96	Ermal Luçi	<tr>
1390	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Ackqueue/Queue");?></td>
1391	197bfe96	Ermal Luçi	<td width="78%" class="vtable">
1392	ee9933b6	Renato Botelho	<div id="showadvackqueuebox" <?php if (!empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1393	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_ackqueue()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1394	0239d8ee	sullrich	</div>
1395	ee9933b6	Renato Botelho	<div id="showackqueueadv" <?php if (empty($pconfig['defaultqueue'])) echo "style='display:none'"; ?>>
1396	0239d8ee	sullrich	<select name="ackqueue">
1397	197bfe96	Ermal Luçi	<?php
1398	0239d8ee	sullrich	if (!is_array($qlist))
1399			$qlist = array();
1400			echo "<option value=\"none\"";
1401			if (!$qselected) echo " SELECTED";
1402			echo " >none</option>";
1403			foreach ($qlist as $q => $qkey) {
1404			if($q == "")
1405			continue;
1406			echo "<option value=\"$q\"";
1407			if ($q == $pconfig['ackqueue']) {
1408			$qselected = 1;
1409			echo " SELECTED";
1410			}
1411	199791f9	Ermal	if (isset($ifdisp[$q]))
1412			echo ">{$ifdisp[$q]}</option>";
1413			else
1414			echo ">{$q}</option>";
1415	197bfe96	Ermal Luçi	}
1416			?>
1417	0239d8ee	sullrich	</select> /
1418			<select name="defaultqueue">
1419	197bfe96	Ermal Luçi	<?php
1420	0239d8ee	sullrich	$qselected = 0;
1421			echo "<option value=\"none\"";
1422			if (!$qselected) echo " SELECTED";
1423			echo " >none</option>";
1424			foreach ($qlist as $q => $qkey) {
1425			if($q == "")
1426			continue;
1427			echo "<option value=\"$q\"";
1428			if ($q == $pconfig['defaultqueue']) {
1429			$qselected = 1;
1430			echo " SELECTED";
1431			}
1432	199791f9	Ermal	if (isset($ifdisp[$q]))
1433			echo ">{$ifdisp[$q]}</option>";
1434			else
1435			echo ">{$q}</option>";
1436	197bfe96	Ermal Luçi	}
1437			?>
1438	0239d8ee	sullrich	</select>
1439			<br />
1440	11d2c529	Rafael Lucas	<span class="vexpl"><?=gettext("Choose the Acknowledge Queue only if you have selected Queue.");?></span>
1441	0239d8ee	sullrich	</td>
1442			</tr>
1443			<tr>
1444	11d2c529	Rafael Lucas	<td width="22%" valign="top" class="vncell"><?=gettext("Layer7");?></td>
1445	0239d8ee	sullrich	<td width="78%" class="vtable">
1446	ee9933b6	Renato Botelho	<div id="showadvlayer7box" <?php if (!empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1447	0fb885bc	Carlos Eduardo Ramos	<input type="button" onClick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
1448	4c263f57	sullrich	</div>
1449	ee9933b6	Renato Botelho	<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>>
1450	0239d8ee	sullrich	<select name="l7container">
1451	7e50413c	Ermal Luçi	<?php
1452	0239d8ee	sullrich	if (!is_array($l7clist))
1453	06e2a55d	thompsa	$l7clist = array();
1454	0239d8ee	sullrich	echo "<option value=\"none\"";
1455			echo " >none</option>";
1456			foreach ($l7clist as $l7ckey) {
1457			echo "<option value=\"{$l7ckey}\"";
1458			if ($l7ckey == $pconfig['l7container']) {
1459			echo " SELECTED";
1460			}
1461			echo ">{$l7ckey}</option>";
1462			}
1463	7e50413c	Ermal Luçi	?>
1464	0239d8ee	sullrich	</select>
1465	7e50413c	Ermal Luçi	<br/>
1466	0239d8ee	sullrich	<span class="vexpl">
1467	4fe84f51	Carlos Eduardo Ramos	<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
1468			"These are valid for TCP and UDP protocols only.");?>
1469	0239d8ee	sullrich	</span>
1470			</div>
1471	7e50413c	Ermal Luçi	</td>
1472			</tr>
1473	d65962a7	Scott Ullrich	<?php
1474			// Allow extending of the firewall edit page and include custom input validation
1475			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate");
1476			?>
1477	8ab3e9ed	Erik Kristensen	<tr>
1478			<td width="22%" valign="top"> </td>
1479			<td width="78%">
1480	151eb2a9	sullrich	<br>
1481	157a6919	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
1482	8ab3e9ed	Erik Kristensen	<?php if (isset($id) && $a_filter[$id]): ?>
1483	225a2f0b	Scott Ullrich	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
1484	8ab3e9ed	Erik Kristensen	<?php endif; ?>
1485	225a2f0b	Scott Ullrich	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
1486	8ab3e9ed	Erik Kristensen	</td>
1487	82628210	Scott Ullrich	</tr>
1488	8ab3e9ed	Erik Kristensen	</table>
1489	5b237745	Scott Ullrich	</form>
1490			<script language="JavaScript">
1491			<!--
1492	8ab3e9ed	Erik Kristensen	ext_change();
1493			typesel_change();
1494			proto_change();
1495	3e74107e	Erik Fonnesbeck	<?php if ( (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != "any") \|\| (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != "any") ): ?>
1496			show_source_port_range();
1497			<?php endif; ?>
1498	19757279	Scott Ullrich
1499			<?php
1500	8ab3e9ed	Erik Kristensen	$isfirst = 0;
1501			$aliases = "";
1502			$addrisfirst = 0;
1503			$aliasesaddr = "";
1504			if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
1505			foreach($config['aliases']['alias'] as $alias_name) {
1506	72cb5baf	Ermal Lu?i	switch ($alias_name['type']) {
1507			case "port":
1508			if($isfirst == 1) $portaliases .= ",";
1509			$portaliases .= "'" . $alias_name['name'] . "'";
1510	8ab3e9ed	Erik Kristensen	$isfirst = 1;
1511	72cb5baf	Ermal Lu?i	break;
1512			case "host":
1513			case "network":
1514			case "openvpn":
1515	c7de8be4	jim-p	case "urltable":
1516	8ab3e9ed	Erik Kristensen	if($addrisfirst == 1) $aliasesaddr .= ",";
1517			$aliasesaddr .= "'" . $alias_name['name'] . "'";
1518			$addrisfirst = 1;
1519	72cb5baf	Ermal Lu?i	break;
1520			default:
1521			break;
1522	8ab3e9ed	Erik Kristensen	}
1523	092ac49d	Scott Ullrich	}
1524	19757279	Scott Ullrich	?>
1525
1526	8ab3e9ed	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
1527	72cb5baf	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
1528	19757279	Scott Ullrich
1529	9eb60dcc	Ermal Lu?i	var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
1530			var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
1531			var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
1532			var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
1533			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
1534			var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
1535	5b237745	Scott Ullrich	//-->
1536			</script>
1537			<?php include("fend.inc"); ?>
1538			</body>
1539	9b45f821	Ermal Lu?i	</html>

Project

General

Profile

pfSense