Project

General

Profile

Download (24.6 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
	firewall_rules.php
4
*/
5
/* ====================================================================
6
 *	Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.
7
 *
8
 *	Some or all of this file is based on the m0n0wall project which is
9
 *	Copyright (c)  2004 Manuel Kasper (BSD 2 clause)
10
 *
11
 *	Redistribution and use in source and binary forms, with or without modification,
12
 *	are permitted provided that the following conditions are met:
13
 *
14
 *	1. Redistributions of source code must retain the above copyright notice,
15
 *		this list of conditions and the following disclaimer.
16
 *
17
 *	2. Redistributions in binary form must reproduce the above copyright
18
 *		notice, this list of conditions and the following disclaimer in
19
 *		the documentation and/or other materials provided with the
20
 *		distribution.
21
 *
22
 *	3. All advertising materials mentioning features or use of this software
23
 *		must display the following acknowledgment:
24
 *		"This product includes software developed by the pfSense Project
25
 *		 for use in the pfSense software distribution. (http://www.pfsense.org/).
26
 *
27
 *	4. The names "pfSense" and "pfSense Project" must not be used to
28
 *		 endorse or promote products derived from this software without
29
 *		 prior written permission. For written permission, please contact
30
 *		 coreteam@pfsense.org.
31
 *
32
 *	5. Products derived from this software may not be called "pfSense"
33
 *		nor may "pfSense" appear in their names without prior written
34
 *		permission of the Electric Sheep Fencing, LLC.
35
 *
36
 *	6. Redistributions of any form whatsoever must retain the following
37
 *		acknowledgment:
38
 *
39
 *	"This product includes software developed by the pfSense Project
40
 *	for use in the pfSense software distribution (http://www.pfsense.org/).
41
 *
42
 *	THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
43
 *	EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44
 *	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
45
 *	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
46
 *	ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
47
 *	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
48
 *	NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
49
 *	LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50
 *	HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
51
 *	STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
52
 *	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53
 *	OF THE POSSIBILITY OF SUCH DAMAGE.
54
 *
55
 *	====================================================================
56
 *
57
 */
58
/*
59
	pfSense_MODULE: filter
60
*/
61

    
62
##|+PRIV
63
##|*IDENT=page-firewall-rules
64
##|*NAME=Firewall: Rules
65
##|*DESCR=Allow access to the 'Firewall: Rules' page.
66
##|*MATCH=firewall_rules.php*
67
##|-PRIV
68

    
69
require("guiconfig.inc");
70
require_once("functions.inc");
71
require_once("filter.inc");
72
require_once("ipsec.inc");
73
require_once("shaper.inc");
74

    
75
$pgtitle = array(gettext("Firewall"), gettext("Rules"));
76
$shortcut_section = "firewall";
77

    
78
function delete_nat_association($id) {
79
	global $config;
80

    
81
	if (!$id || !is_array($config['nat']['rule'])) {
82
		return;
83
	}
84

    
85
	$a_nat = &$config['nat']['rule'];
86

    
87
	foreach ($a_nat as &$natent) {
88
		if ($natent['associated-rule-id'] == $id) {
89
			$natent['associated-rule-id'] = '';
90
		}
91
	}
92
}
93

    
94
if (!is_array($config['filter']['rule'])) {
95
	$config['filter']['rule'] = array();
96
}
97

    
98
filter_rules_sort();
99
$a_filter = &$config['filter']['rule'];
100

    
101
$if = $_GET['if'];
102

    
103
if ($_POST['if']) {
104
	$if = $_POST['if'];
105
}
106

    
107
$ifdescs = get_configured_interface_with_descr();
108

    
109
/* add group interfaces */
110
if (is_array($config['ifgroups']['ifgroupentry'])) {
111
	foreach ($config['ifgroups']['ifgroupentry'] as $ifgen) {
112
		if (have_ruleint_access($ifgen['ifname'])) {
113
			$iflist[$ifgen['ifname']] = $ifgen['ifname'];
114
		}
115
	}
116
}
117

    
118
foreach ($ifdescs as $ifent => $ifdesc) {
119
	if (have_ruleint_access($ifent)) {
120
		$iflist[$ifent] = $ifdesc;
121
	}
122
}
123

    
124
if ($config['l2tp']['mode'] == "server") {
125
	if (have_ruleint_access("l2tp")) {
126
		$iflist['l2tp'] = "L2TP VPN";
127
	}
128
}
129

    
130
if (is_array($config['pppoes']['pppoe'])) {
131
	foreach ($config['pppoes']['pppoe'] as $pppoes) {
132
		if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe")) {
133
			$iflist['pppoe'] = "PPPoE Server";
134
		}
135
	}
136
}
137

    
138
/* add ipsec interfaces */
139
if (ipsec_enabled() && have_ruleint_access("enc0"))
140
	$iflist["enc0"] = "IPsec";
141

    
142
/* add openvpn/tun interfaces */
143
if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) {
144
	$iflist["openvpn"] = "OpenVPN";
145
}
146

    
147
if (!$if || !isset($iflist[$if])) {
148
	if ("any" == $if) {
149
		$if = "FloatingRules";
150
	} else if ("FloatingRules" != $if) {
151
		if (isset($iflist['wan'])) {
152
			$if = "wan";
153
		} else {
154
			$if = "FloatingRules";
155
		}
156
	}
157
}
158

    
159
if ($_POST) {
160
	$pconfig = $_POST;
161

    
162
	if ($_POST['apply']) {
163
		$retval = 0;
164
		$retval = filter_configure();
165

    
166
		clear_subsystem_dirty('filter');
167

    
168
		$savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background.<br />You can also %s monitor %s the reload progress"),
169
									"<a href='status_filter_reload.php'>", "</a>");
170
	}
171
}
172

    
173
if ($_GET['act'] == "del") {
174
	if ($a_filter[$_GET['id']]) {
175
		if (!empty($a_filter[$_GET['id']]['associated-rule-id'])) {
176
			delete_nat_association($a_filter[$_GET['id']]['associated-rule-id']);
177
		}
178
		unset($a_filter[$_GET['id']]);
179
		if (write_config()) {
180
			mark_subsystem_dirty('filter');
181
		}
182

    
183
		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
184
		exit;
185
	}
186
}
187

    
188
// Handle save msg if defined
189
if ($_REQUEST['savemsg']) {
190
	$savemsg = htmlentities($_REQUEST['savemsg']);
191
}
192

    
193
if (isset($_POST['del_x'])) {
194
	/* delete selected rules */
195
	$deleted = false;
196

    
197
	if (is_array($_POST['rule']) && count($_POST['rule'])) {
198
		foreach ($_POST['rule'] as $rulei) {
199
			delete_nat_association($a_filter[$rulei]['associated-rule-id']);
200
			unset($a_filter[$rulei]);
201
			$deleted = true;
202
		}
203

    
204
		if($deleted) {
205
			if (write_config()) {
206
				mark_subsystem_dirty('filter');
207
			}
208
		}
209

    
210
		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
211
		exit;
212
	}
213
} else if ($_GET['act'] == "toggle") {
214
	if ($a_filter[$_GET['id']]) {
215
		if (isset($a_filter[$_GET['id']]['disabled'])) {
216
			unset($a_filter[$_GET['id']]['disabled']);
217
		} else {
218
			$a_filter[$_GET['id']]['disabled'] = true;
219
		}
220
		if (write_config()) {
221
			mark_subsystem_dirty('filter');
222
		}
223

    
224
		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
225
		exit;
226
	}
227
} else if($_POST['order-store']) {
228
	/* update rule order, POST[rule] is an array of ordered IDs */
229
	if (is_array($_POST['rule']) && !empty($_POST['rule'])) {
230
		$a_filter_new = array();
231

    
232
		// if a rule is not in POST[rule], it has been deleted by the user
233
		foreach ($_POST['rule'] as $id)
234
			$a_filter_new[] = $a_filter[$id];
235

    
236
		$a_filter = $a_filter_new;
237
		if (write_config()) {
238
			mark_subsystem_dirty('filter');
239
		}
240

    
241
		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
242
		exit;
243
	}
244
}
245

    
246
include("head.inc");
247
$nrules = 0;
248

    
249
if ($savemsg)
250
	print_info_box($savemsg, 'success');
251

    
252
if (is_subsystem_dirty('filter'))
253
	print_info_box_np(gettext("The firewall rule configuration has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect."), "apply", "", true);
254

    
255
$tab_array = array(array(gettext("Floating"), ("FloatingRules" == $if), "firewall_rules.php?if=FloatingRules"));
256

    
257
foreach ($iflist as $ifent => $ifname)
258
	$tab_array[] = array($ifname, ($ifent == $if), "firewall_rules.php?if={$ifent}");
259

    
260
display_top_tabs($tab_array);
261

    
262
?>
263
<form method="post">
264
	<div class="panel panel-default">
265
		<div class="panel-heading"><?=gettext("Rules (Drag to change order)")?></div>
266
		<div id="mainarea" class="table-responsive panel-body">
267
			<table name="ruletable" class="table table-hover table-striped table-condensed">
268
				<thead>
269
					<tr>
270
						<th><!-- checkbox --></th>
271
						<th><!-- status icons --></th>
272
						<th><?=gettext("Proto")?></th>
273
						<th><?=gettext("Source")?></th>
274
						<th><?=gettext("Port")?></th>
275
						<th><?=gettext("Destination")?></th>
276
						<th><?=gettext("Port")?></th>
277
						<th><?=gettext("Gateway")?></th>
278
						<th><?=gettext("Queue")?></th>
279
						<th><?=gettext("Schedule")?></th>
280
						<th><?=gettext("Description")?></th>
281
						<th><?=gettext("Actions")?></th>
282
					</tr>
283
				</thead>
284
				<tbody>
285
<?php
286
		// Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1.
287
	if (!isset($config['system']['webgui']['noantilockout']) &&
288
		(((count($config['interfaces']) > 1) && ($if == 'lan')) ||
289
		 ((count($config['interfaces']) == 1) && ($if == 'wan')))):
290
		$alports = implode('<br />', filter_get_antilockout_ports(true));
291
?>
292
					<tr id="antilockout">
293
						<td></td>
294
						<td title="<?=gettext("traffic is passed")?>"><i class="fa fa-check"></i></td>
295
						<td>*</td>
296
						<td>*</td>
297
						<td>*</td>
298
						<td><?=$iflist[$if];?> Address</td>
299
						<td><?=$alports?></td>
300
						<td>*</td>
301
						<td>*</td>
302
						<td></td>
303
						<td><?=gettext("Anti-Lockout Rule");?></td>
304
						<td>
305
							<a href="system_advanced_admin.php" class="fa fa-cog" title="<?=gettext("Settings");?>"></a>
306
						</td>
307
					</tr>
308
<?php endif;?>
309
<?php if (isset($config['interfaces'][$if]['blockpriv'])): ?>
310
					<tr id="frrfc1918">
311
						<td></td>
312
						<td title="<?=gettext("traffic is blocked")?>"><i class="fa fa-times"></i></td>
313
						<td>*</td>
314
						<td><?=gettext("RFC 1918 networks");?></td>
315
						<td>*</td>
316
						<td>*</td>
317
						<td>*</td>
318
						<td>*</td>
319
						<td>*</td>
320
						<td></td>
321
						<td><?=gettext("Block private networks");?></td>
322
						<td>
323
							<a href="interfaces.php?if=<?=htmlspecialchars($if)?>" class="fa fa-cog" title="<?=gettext("Settings");?>"></a>
324
						</td>
325
					</tr>
326
<?php endif;?>
327
<?php if (isset($config['interfaces'][$if]['blockbogons'])): ?>
328
					<tr id="frrfc1918">
329
					<td></td>
330
						<td title="<?=gettext("traffic is blocked")?>"><i class="fa fa-times"></i></td>
331
						<td>*</td>
332
						<td><?=gettext("Reserved/not assigned by IANA");?></td>
333
						<td>*</td>
334
						<td>*</td>
335
						<td>*</td>
336
						<td>*</td>
337
						<td>*</td>
338
						<td></td>
339
						<td><?=gettext("Block bogon networks");?></td>
340
						<td>
341
							<a href="interfaces.php?if=<?=htmlspecialchars($if)?>" class="fa fa-cog" title="<?=gettext("Settings");?>"></a>
342
						</td>
343
					</tr>
344
<?php endif;?>
345
			</tbody>
346

    
347
			<tbody class="user-entries">
348
<?php
349
$nrules = 0;
350
for ($i = 0; isset($a_filter[$i]); $i++):
351
	$filterent = $a_filter[$i];
352

    
353
	if ( ($filterent['interface'] != $if && !isset($filterent['floating'])) || (isset($filterent['floating']) && "FloatingRules" != $if) ) {
354
		$display = 'style="display: none;"';
355
	} else {
356
		$display = "";
357
	}
358
?>
359
					<tr id="fr<?=$nrules;?>" <?=$display?> onClick="fr_toggle(<?=$nrules;?>)" ondblclick="document.location='firewall_rules_edit.php?id=<?=$i;?>';" <?=(isset($filterent['disabled']) ? ' class="disabled"' : '')?>>
360
						<td >
361
							<input type="checkbox" id="frc<?=$nrules;?>" onClick="fr_toggle(<?=$nrules;?>)" name="rule[]" value="<?=$i;?>"/>
362
						</td>
363

    
364
	<?php
365
		if ($filterent['type'] == "block") {
366
			$iconfn = "times";
367
			$title_text = gettext("traffic is blocked");
368
		} else if ($filterent['type'] == "reject") {
369
			$iconfn = "fire";
370
			$title_text = gettext("traffic is rejected");
371
		} else if ($filterent['type'] == "match") {
372
			$iconfn = "filter";
373
			$title_text = gettext("traffic is matched");
374
		} else {
375
			$iconfn = "check";
376
			$title_text = gettext("traffic is passed");
377
		}
378
	?>
379
						<td title="<?=$title_text?>">
380

    
381
							<i class="fa fa-<?=$iconfn?>"></i>
382
	<?php
383
		$isadvset = firewall_check_for_advanced_options($filterent);
384
		if ($isadvset)
385
			print '<i class="fa fa-cog" title="'. gettext("advanced setting") .': '. $isadvset .'"></i>';
386

    
387
		if (isset($filterent['log']))
388
			print '<i class="fa fa-tasks" title="'. gettext("traffic is logged") .'"></i>';
389
	?>
390
						</td>
391
	<?php
392
		$alias = rule_columns_with_alias(
393
			$filterent['source']['address'],
394
			pprint_port($filterent['source']['port']),
395
			$filterent['destination']['address'],
396
			pprint_port($filterent['destination']['port'])
397
		);
398

    
399
		//build Schedule popup box
400
		$a_schedules = &$config['schedules']['schedule'];
401
		$schedule_span_begin = "";
402
		$schedule_span_end = "";
403
		$sched_caption_escaped = "";
404
		$sched_content = "";
405
		$schedstatus = false;
406
		$dayArray = array (gettext('Mon'), gettext('Tues'), gettext('Wed'), gettext('Thur'), gettext('Fri'), gettext('Sat'), gettext('Sun'));
407
		$monthArray = array (gettext('January'), gettext('February'), gettext('March'), gettext('April'), gettext('May'), gettext('June'), gettext('July'), gettext('August'), gettext('September'), gettext('October'), gettext('November'), gettext('December'));
408
		if ($config['schedules']['schedule'] != "" && is_array($config['schedules']['schedule'])) {
409
			foreach ($a_schedules as $schedule)
410
			{
411
				if ($schedule['name'] == $filterent['sched']) {
412
					$schedstatus = filter_get_time_based_rule_status($schedule);
413

    
414
					foreach ($schedule['timerange'] as $timerange) {
415
						$tempFriendlyTime = "";
416
						$tempID = "";
417
						$firstprint = false;
418
						if ($timerange) {
419
							$dayFriendly = "";
420
							$tempFriendlyTime = "";
421

    
422
							//get hours
423
							$temptimerange = $timerange['hour'];
424
							$temptimeseparator = strrpos($temptimerange, "-");
425

    
426
							$starttime = substr ($temptimerange, 0, $temptimeseparator);
427
							$stoptime = substr ($temptimerange, $temptimeseparator+1);
428

    
429
							if ($timerange['month']) {
430
								$tempmontharray = explode(",", $timerange['month']);
431
								$tempdayarray = explode(",", $timerange['day']);
432
								$arraycounter = 0;
433
								$firstDayFound = false;
434
								$firstPrint = false;
435
								foreach ($tempmontharray as $monthtmp) {
436
									$month = $tempmontharray[$arraycounter];
437
									$day = $tempdayarray[$arraycounter];
438

    
439
									if (!$firstDayFound)
440
									{
441
										$firstDay = $day;
442
										$firstmonth = $month;
443
										$firstDayFound = true;
444
									}
445

    
446
									$currentDay = $day;
447
									$nextDay = $tempdayarray[$arraycounter+1];
448
									$currentDay++;
449
									if (($currentDay != $nextDay) || ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])) {
450
										if ($firstPrint)
451
											$dayFriendly .= ", ";
452
										$currentDay--;
453
										if ($currentDay != $firstDay)
454
											$dayFriendly .= $monthArray[$firstmonth-1] . " " . $firstDay . " - " . $currentDay ;
455
										else
456
											$dayFriendly .=	 $monthArray[$month-1] . " " . $day;
457
										$firstDayFound = false;
458
										$firstPrint = true;
459
									}
460
									$arraycounter++;
461
								}
462
							}
463
							else
464
							{
465
								$tempdayFriendly = $timerange['position'];
466
								$firstDayFound = false;
467
								$tempFriendlyDayArray = explode(",", $tempdayFriendly);
468
								$currentDay = "";
469
								$firstDay = "";
470
								$nextDay = "";
471
								$counter = 0;
472
								foreach ($tempFriendlyDayArray as $day) {
473
									if ($day != "") {
474
										if (!$firstDayFound)
475
										{
476
											$firstDay = $tempFriendlyDayArray[$counter];
477
											$firstDayFound = true;
478
										}
479
										$currentDay =$tempFriendlyDayArray[$counter];
480
										//get next day
481
										$nextDay = $tempFriendlyDayArray[$counter+1];
482
										$currentDay++;
483
										if ($currentDay != $nextDay) {
484
											if ($firstprint)
485
												$dayFriendly .= ", ";
486
											$currentDay--;
487
											if ($currentDay != $firstDay)
488
												$dayFriendly .= $dayArray[$firstDay-1] . " - " . $dayArray[$currentDay-1];
489
											else
490
												$dayFriendly .= $dayArray[$firstDay-1];
491
											$firstDayFound = false;
492
											$firstprint = true;
493
										}
494
										$counter++;
495
									}
496
								}
497
							}
498
							$timeFriendly = $starttime . " - " . $stoptime;
499
							$description = $timerange['rangedescr'];
500
							$sched_content .= $dayFriendly . "; " . $timeFriendly . "<br />";
501
						}
502
					}
503
					#FIXME
504
					$sched_caption_escaped = str_replace("'", "\'", $schedule['descr']);
505
					$schedule_span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>{$sched_caption_escaped}</h1><p>{$sched_content}</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><u>";
506
					$schedule_span_end = "</u></span>";
507
				}
508
			}
509
		}
510
		$printicon = false;
511
		$alttext = "";
512
		$image = "";
513
		if (!isset($filterent['disabled'])) {
514
			if ($schedstatus) {
515
				if ($iconfn == "block" || $iconfn == "reject") {
516
					$image = "times-circle";
517
					$alttext = gettext("Traffic matching this rule is currently being denied");
518
				} else {
519
					$image = "play-circle";
520
					$alttext = gettext("Traffic matching this rule is currently being allowed");
521
				}
522
				$printicon = true;
523
			} else if ($filterent['sched']) {
524
				if ($iconfn == "block" || $iconfn == "reject")
525
					$image = "times-circle";
526
				else
527
					$image = "times-circle";
528
				$alttext = gettext("This rule is not currently active because its period has expired");
529
				$printicon = true;
530
			}
531
		}
532
	?>
533
				<td>
534
	<?php
535
		if (isset($filterent['ipprotocol'])) {
536
			switch ($filterent['ipprotocol']) {
537
				case "inet":
538
					echo "IPv4 ";
539
					break;
540
				case "inet6":
541
					echo "IPv6 ";
542
					break;
543
				case "inet46":
544
					echo "IPv4+6 ";
545
					break;
546
			}
547
		} else {
548
			echo "IPv4 ";
549
		}
550

    
551
		if (isset($filterent['protocol'])) {
552
			echo strtoupper($filterent['protocol']);
553

    
554
			if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) {
555
				echo ' <span style="cursor: help;" title="ICMP type: ' .
556
					($filterent['ipprotocol'] == "inet6" ? $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']]) .
557
					'"><u>';
558
				echo $filterent['icmptype'];
559
				echo '</u></span>';
560
			}
561
		} else echo "*";
562

    
563
	?>
564
						</td>
565
						<td>
566
							<?php if (isset($alias['src'])): ?>
567
								<a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true">
568
							<?php endif; ?>
569
							<?=htmlspecialchars(pprint_address($filterent['source']))?>
570
						</td>
571
						<td>
572
							<?php if (isset($alias['srcport'])): ?>
573
								<a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true">
574
							<?php endif; ?>
575
							<?=htmlspecialchars(pprint_port($filterent['source']['port']))?>
576
						</td>
577
						<td>
578
							<?php if (isset($alias['dst'])): ?>
579
								<a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dst'])?>" data-html="true">
580
							<?php endif; ?>
581
							<?=htmlspecialchars(pprint_address($filterent['destination']))?>
582
						</td>
583
						<td>
584
							<?php if (isset($alias['dstport'])): ?>
585
								<a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true">
586
							<?php endif; ?>
587
							<?=htmlspecialchars(pprint_port($filterent['destination']['port']))?>
588
						</td>
589
						<td>
590
							<?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])):?>
591
								<?=htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr'])?>
592
							<?php else: ?>
593
								<?=htmlspecialchars(pprint_port($filterent['gateway']))?>
594
							<?php endif; ?>
595
						</td>
596
						<td>
597
							<?php
598
								if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) {
599
									$desc = $filterent['ackqueue'] ;
600
									echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&amp;action=show\">{$desc}</a>";
601
									$desc = $filterent['defaultqueue'];
602
									echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&amp;action=show\">{$desc}</a>";
603
								} else if (isset($filterent['defaultqueue'])) {
604
									$desc = $filterent['defaultqueue'];
605
									echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&amp;action=show\">{$desc}</a>";
606
								} else
607
									echo gettext("none");
608
							?>
609
						</td>
610
						<td>
611
							<?php if ($printicon) { ?>
612
								<i class="fa fa-<?=$image;?>" title="<?=$alttext;?>" alt="icon" />
613
							<?php } ?>
614
							<?=$schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?>&nbsp;<?=$schedule_span_end;?>
615
						</td>
616
						<td>
617
							<?=htmlspecialchars($filterent['descr']);?>
618
						</td>
619
						<td>
620
						<!-- <?=(isset($filterent['disabled']) ? 'enable' : 'disable')?> -->
621
							<a href="firewall_rules_edit.php?id=<?=$i;?>" class="fa fa-pencil" title="<?=gettext('Edit')?>"></a>
622
							<a href="firewall_rules_edit.php?dup=<?=$i;?>" class="fa fa-clone" title="<?=gettext('Copy')?>"></a>
623
<?php if (isset($filterent['disabled'])) {
624
?>
625
							<a href="?act=toggle&amp;if=<?=htmlspecialchars($if);?>&amp;id=<?=$i;?>" class="fa fa-check-square-o" title="<?=gettext('Enable')?>"></a>
626
<?php } else {
627
?>
628
							<a href="?act=toggle&amp;if=<?=htmlspecialchars($if);?>&amp;id=<?=$i;?>" class="fa fa-ban" title="<?=gettext('Disable')?>"></a>
629
<?php }
630
?>
631
							<a href="?act=del&amp;if=<?=htmlspecialchars($if);?>&amp;id=<?=$i;?>" class="fa fa-trash" title="<?=gettext('Delete')?>"></a>
632
						</td>
633
					</tr>
634
<?php
635
		$nrules++;
636
		endfor;
637
?>
638
				</tbody>
639
			</table>
640
		</div>
641
	</div>
642

    
643
<?php if ($nrules == 0): ?>
644
	<div class="alert alert-warning" role="alert">
645
		<p>
646
		<?php if ($_REQUEST['if'] == "FloatingRules"): ?>
647
			<?=gettext("No floating rules are currently defined.");?>
648
		<?php else: ?>
649
			<?=gettext("No rules are currently defined for this interface");?><br />
650
			<?=gettext("All incoming connections on this interface will be blocked until you add pass rules.");?>
651
		<?php endif;?>
652
			<?=gettext("Click the button to add a new rule.");?>
653
		</p>
654
	</div>
655
<?php endif;?>
656

    
657
	<nav class="action-buttons">
658
		<a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>&amp;after=-1" role="button" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the top of the list')?>">
659
			<i class="fa fa-level-up icon-embed-btn"></i>
660
			<?=gettext("Add");?>
661
		</a>
662
		<a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>" role="button" class="btn btn-sm btn-success" title="<?=gettext('Add rule to the end of the list')?>">
663
			<i class="fa fa-level-down icon-embed-btn"></i>
664
			<?=gettext("Add");?>
665
		</a>
666
		<button name="del_x" type="submit" class="btn btn-danger btn-sm" value="<?=gettext("Delete selected rules"); ?>" title="<?=gettext('Delete selected rules')?>">
667
			<i class="fa fa-trash icon-embed-btn"></i>
668
			<?=gettext("Delete"); ?>
669
		</button>
670
		<button type="submit" id="order-store" name="order-store" class="btn btn-sm btn-primary" value="store changes" disabled="disabled" title="<?=gettext('Save rule order')?>">
671
			<i class="fa fa-save icon-embed-btn"></i>
672
			<?=gettext("Save")?>
673
		</button>
674
	</nav>
675
</form>
676

    
677
<div id="infoblock">
678
	<div class="alert alert-info clearfix" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button><div class="pull-left">
679
		<dl class="dl-horizontal responsive">
680
		<!-- Legend -->
681
			<dt><?=gettext('Legend')?></dt>				<dd></dd>
682
			<dt><i class="fa fa-check"></i></dt>		<dd><?=gettext("Pass");?></dd>
683
			<dt><i class="fa fa-filter"></i></dt>	<dd><?=gettext("Match");?></dd>
684
			<dt><i class="fa fa-times"></i></dt>	<dd><?=gettext("Block");?></dd>
685
			<dt><i class="fa fa-fire"></i></dt>		<dd><?=gettext("Reject");?></dd>
686
			<dt><i class="fa fa-tasks"></i></dt>	<dd> <?=gettext("Log");?></dd>
687
			<dt><i class="fa fa-cog"></i></dt>		<dd> <?=gettext("Advanced filter");?></dd>
688
		</dl>
689

    
690
<?php
691
	if ("FloatingRules" != $if)
692
		print(gettext("Rules are evaluated on a first-match basis (i.e. " .
693
			"the action of the first rule to match a packet will be executed). ") . '<br />' .
694
			gettext("This means that if you use block rules, you'll have to pay attention " .
695
			"to the rule order. Everything that isn't explicitly passed is blocked " .
696
			"by default. "));
697
	else
698
		print(gettext("Floating rules are evaluated on a first-match basis (i.e. " .
699
			"the action of the first rule to match a packet will be executed) only " .
700
			"if the 'quick' option is checked on a rule. Otherwise they will only match if no " .
701
			"other rules match. Pay close attention to the rule order and options " .
702
			"chosen. If no rule here matches, the per-interface or default rules are used. "));
703
?>
704
	</div>
705
</div>
706

    
707
<script>
708
events.push(function() {
709

    
710
	// Make rules sortable
711
	$('table tbody.user-entries').sortable({
712
		cursor: 'grabbing',
713
		update: function(event, ui) {
714
			$('#order-store').removeAttr('disabled');
715
		}
716
	});
717

    
718
	// Check all of the rule checkboxes so that their values are posted
719
	$('#order-store').click(function () {
720
	   $('[id^=frc]').prop('checked', true);
721
	});
722
});
723
</script>
724

    
725
<?php include("foot.inc");?>
(59-59/228)