/usr/local/www/firewall_shaper_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_shaper_edit.php @ e260bd6f

1	5b237745	Scott Ullrich	#!/usr/local/bin/php
2	5412cd45	Scott Ullrich	<?php
3	b46bfcf5	Bill Marquette	/* $Id$ */
4	5b237745	Scott Ullrich	/*
5	3ffab555	Scott Ullrich	firewall_shaper_edit.php
6			part of m0n0wall (http://m0n0.ch/wall)
7	5412cd45	Scott Ullrich
8	3ffab555	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
9			All rights reserved.
10	5412cd45	Scott Ullrich
11	3ffab555	Scott Ullrich	Redistribution and use in source and binary forms, with or without
12			modification, are permitted provided that the following conditions are met:
13	5412cd45	Scott Ullrich
14	3ffab555	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
15			this list of conditions and the following disclaimer.
16	5412cd45	Scott Ullrich
17	3ffab555	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
18			notice, this list of conditions and the following disclaimer in the
19			documentation and/or other materials provided with the distribution.
20	5412cd45	Scott Ullrich
21	3ffab555	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
22			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
23			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
25			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30			POSSIBILITY OF SUCH DAMAGE.
31	5b237745	Scott Ullrich	*/
32
33			require("guiconfig.inc");
34
35			if (!is_array($config['shaper']['rule'])) {
36			$config['shaper']['rule'] = array();
37			}
38			$a_shaper = &$config['shaper']['rule'];
39
40	b3e7dc67	Scott Ullrich	/* redirect to wizard if shaper isn't already configured */
41			if(isset($config['shaper']['enable'])) {
42			$pconfig['enable'] = TRUE;
43			} else {
44			Header("Location: wizard.php?xml=traffic_shaper_wizard.xml");
45			}
46
47	5b237745	Scott Ullrich	$specialsrcdst = explode(" ", "any lan pptp");
48
49			$id = $_GET['id'];
50			if (isset($_POST['id']))
51			$id = $_POST['id'];
52	5412cd45	Scott Ullrich
53	5b237745	Scott Ullrich	$after = $_GET['after'];
54			if (isset($_POST['after']))
55			$after = $_POST['after'];
56	5412cd45	Scott Ullrich
57	5b237745	Scott Ullrich	if (isset($_GET['dup'])) {
58			$id = $_GET['dup'];
59			$after = $_GET['dup'];
60			}
61	5412cd45	Scott Ullrich
62	5b237745	Scott Ullrich	if (isset($id) && $a_shaper[$id]) {
63			$pconfig['interface'] = $a_shaper[$id]['interface'];
64	5412cd45	Scott Ullrich
65	5b237745	Scott Ullrich	if (isset($a_shaper[$id]['protocol']))
66			$pconfig['proto'] = $a_shaper[$id]['protocol'];
67			else
68			$pconfig['proto'] = "any";
69	5412cd45	Scott Ullrich
70	5b237745	Scott Ullrich	address_to_pconfig($a_shaper[$id]['source'], $pconfig['src'],
71			$pconfig['srcmask'], $pconfig['srcnot'],
72			$pconfig['srcbeginport'], $pconfig['srcendport']);
73	5412cd45	Scott Ullrich
74	5b237745	Scott Ullrich	address_to_pconfig($a_shaper[$id]['destination'], $pconfig['dst'],
75			$pconfig['dstmask'], $pconfig['dstnot'],
76			$pconfig['dstbeginport'], $pconfig['dstendport']);
77	5412cd45	Scott Ullrich
78	92b753f8	Bill Marquette	$pconfig['inqueue'] = $a_shaper[$id]['inqueue'];
79			$pconfig['outqueue'] = $a_shaper[$id]['outqueue'];
80	5412cd45	Scott Ullrich
81	5b237745	Scott Ullrich	$pconfig['direction'] = $a_shaper[$id]['direction'];
82			$pconfig['iptos'] = $a_shaper[$id]['iptos'];
83			$pconfig['tcpflags'] = $a_shaper[$id]['tcpflags'];
84			$pconfig['descr'] = $a_shaper[$id]['descr'];
85			$pconfig['disabled'] = isset($a_shaper[$id]['disabled']);
86	5412cd45	Scott Ullrich
87	5b237745	Scott Ullrich	if ($pconfig['srcbeginport'] == 0) {
88			$pconfig['srcbeginport'] = "any";
89			$pconfig['srcendport'] = "any";
90			}
91			if ($pconfig['dstbeginport'] == 0) {
92			$pconfig['dstbeginport'] = "any";
93			$pconfig['dstendport'] = "any";
94			}
95	5412cd45	Scott Ullrich
96	5b237745	Scott Ullrich	} else {
97			/* defaults */
98			$pconfig['src'] = "any";
99			$pconfig['dst'] = "any";
100			}
101
102			if (isset($_GET['dup']))
103			unset($id);
104
105			if ($_POST) {
106
107			if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "any")) {
108			$_POST['srcbeginport'] = 0;
109			$_POST['srcendport'] = 0;
110			$_POST['dstbeginport'] = 0;
111			$_POST['dstendport'] = 0;
112			} else {
113	5412cd45	Scott Ullrich
114	5b237745	Scott Ullrich	if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
115			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
116			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
117			$_POST['srcendport'] = $_POST['srcendport_cust'];
118	5412cd45	Scott Ullrich
119	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] == "any") {
120			$_POST['srcbeginport'] = 0;
121			$_POST['srcendport'] = 0;
122	5412cd45	Scott Ullrich	} else {
123	5b237745	Scott Ullrich	if (!$_POST['srcendport'])
124			$_POST['srcendport'] = $_POST['srcbeginport'];
125			}
126			if ($_POST['srcendport'] == "any")
127			$_POST['srcendport'] = $_POST['srcbeginport'];
128	5412cd45	Scott Ullrich
129	5b237745	Scott Ullrich	if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
130			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
131			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
132			$_POST['dstendport'] = $_POST['dstendport_cust'];
133	5412cd45	Scott Ullrich
134	5b237745	Scott Ullrich	if ($_POST['dstbeginport'] == "any") {
135			$_POST['dstbeginport'] = 0;
136			$_POST['dstendport'] = 0;
137	5412cd45	Scott Ullrich	} else {
138	5b237745	Scott Ullrich	if (!$_POST['dstendport'])
139			$_POST['dstendport'] = $_POST['dstbeginport'];
140			}
141			if ($_POST['dstendport'] == "any")
142	5412cd45	Scott Ullrich	$_POST['dstendport'] = $_POST['dstbeginport'];
143	5b237745	Scott Ullrich	}
144	5412cd45	Scott Ullrich
145	5b237745	Scott Ullrich	if (is_specialnet($_POST['srctype'])) {
146			$_POST['src'] = $_POST['srctype'];
147			$_POST['srcmask'] = 0;
148			} else if ($_POST['srctype'] == "single") {
149			$_POST['srcmask'] = 32;
150			}
151			if (is_specialnet($_POST['dsttype'])) {
152			$_POST['dst'] = $_POST['dsttype'];
153			$_POST['dstmask'] = 0;
154			} else if ($_POST['dsttype'] == "single") {
155			$_POST['dstmask'] = 32;
156			}
157	5412cd45	Scott Ullrich
158	5b237745	Scott Ullrich	$intos = array();
159			foreach ($iptos as $tos) {
160			if ($_POST['iptos_' . $tos] == "on")
161			$intos[] = $tos;
162			else if ($_POST['iptos_' . $tos] == "off")
163			$intos[] = "!" . $tos;
164			}
165			$_POST['iptos'] = join(",", $intos);
166	5412cd45	Scott Ullrich
167	5b237745	Scott Ullrich	$intcpflags = array();
168			foreach ($tcpflags as $tcpflag) {
169			if ($_POST['tcpflags_' . $tcpflag] == "on")
170			$intcpflags[] = $tcpflag;
171			else if ($_POST['tcpflags_' . $tcpflag] == "off")
172			$intcpflags[] = "!" . $tcpflag;
173			}
174			$_POST['tcpflags'] = join(",", $intcpflags);
175	5412cd45	Scott Ullrich
176	5b237745	Scott Ullrich	unset($input_errors);
177			$pconfig = $_POST;
178
179			/* input validation */
180	92b753f8	Bill Marquette	$reqdfields = explode(" ", "inqueue outqueue proto src dst");
181			$reqdfieldsn = explode(",", "Inbound Queue,Outbound Queue,Protocol,Source,Destination");
182	5412cd45	Scott Ullrich
183	5b237745	Scott Ullrich	if (!(is_specialnet($_POST['srctype']) \|\| ($_POST['srctype'] == "single"))) {
184			$reqdfields[] = "srcmask";
185			$reqdfieldsn[] = "Source bit count";
186			}
187			if (!(is_specialnet($_POST['dsttype']) \|\| ($_POST['dsttype'] == "single"))) {
188			$reqdfields[] = "dstmask";
189			$reqdfieldsn[] = "Destination bit count";
190			}
191	5412cd45	Scott Ullrich
192	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
193	5412cd45	Scott Ullrich
194	5b237745	Scott Ullrich	if (!$_POST['srcbeginport']) {
195			$_POST['srcbeginport'] = 0;
196			$_POST['srcendport'] = 0;
197			}
198			if (!$_POST['dstbeginport']) {
199			$_POST['dstbeginport'] = 0;
200			$_POST['dstendport'] = 0;
201			}
202	5412cd45	Scott Ullrich
203	79e8a215	Scott Ullrich	if (($_POST['srcbeginport'] && !alias_expand($_POST['srcbeginport']) && !is_port($_POST['srcbeginport']))) {
204			$input_errors[] = "The start source port must be an alias or integer between 1 and 65535.";
205	5b237745	Scott Ullrich	}
206	79e8a215	Scott Ullrich	if (($_POST['srcendport'] && !alias_expand($_POST['srcendport']) && !is_port($_POST['srcendport']))) {
207			$input_errors[] = "The end source port must be an alias or integer between 1 and 65535.";
208	5b237745	Scott Ullrich	}
209	79e8a215	Scott Ullrich	if (($_POST['dstbeginport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstbeginport']))) {
210			$input_errors[] = "The start destination port must be an alias or integer between 1 and 65535.";
211	5b237745	Scott Ullrich	}
212	79e8a215	Scott Ullrich	if (($_POST['dstendport'] && !alias_expand($_POST['dstbeginport']) && !is_port($_POST['dstendport']))) {
213			$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
214	5b237745	Scott Ullrich	}
215	5412cd45	Scott Ullrich
216	5b237745	Scott Ullrich	if (!is_specialnet($_POST['srctype'])) {
217			if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
218			$input_errors[] = "A valid source IP address or alias must be specified.";
219			}
220			if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
221			$input_errors[] = "A valid source bit count must be specified.";
222			}
223			}
224			if (!is_specialnet($_POST['dsttype'])) {
225			if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
226			$input_errors[] = "A valid destination IP address or alias must be specified.";
227			}
228			if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
229			$input_errors[] = "A valid destination bit count must be specified.";
230			}
231			}
232	5412cd45	Scott Ullrich
233	5b237745	Scott Ullrich	if ($_POST['srcbeginport'] > $_POST['srcendport']) {
234			/* swap */
235			$tmp = $_POST['srcendport'];
236			$_POST['srcendport'] = $_POST['srcbeginport'];
237			$_POST['srcbeginport'] = $tmp;
238			}
239			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
240			/* swap */
241			$tmp = $_POST['dstendport'];
242			$_POST['dstendport'] = $_POST['dstbeginport'];
243			$_POST['dstbeginport'] = $tmp;
244			}
245	5412cd45	Scott Ullrich
246	5b237745	Scott Ullrich	if (!$input_errors) {
247			$shaperent = array();
248			$shaperent['interface'] = $_POST['interface'];
249	5412cd45	Scott Ullrich
250	5b237745	Scott Ullrich	if ($_POST['proto'] != "any")
251			$shaperent['protocol'] = $_POST['proto'];
252			else
253			unset($shaperent['protocol']);
254	5412cd45	Scott Ullrich
255	5b237745	Scott Ullrich	pconfig_to_address($shaperent['source'], $_POST['src'],
256			$_POST['srcmask'], $_POST['srcnot'],
257			$_POST['srcbeginport'], $_POST['srcendport']);
258	5412cd45	Scott Ullrich
259	5b237745	Scott Ullrich	pconfig_to_address($shaperent['destination'], $_POST['dst'],
260			$_POST['dstmask'], $_POST['dstnot'],
261			$_POST['dstbeginport'], $_POST['dstendport']);
262	5412cd45	Scott Ullrich
263	5b237745	Scott Ullrich	$shaperent['direction'] = $_POST['direction'];
264			$shaperent['iptos'] = $_POST['iptos'];
265			$shaperent['tcpflags'] = $_POST['tcpflags'];
266			$shaperent['descr'] = $_POST['descr'];
267			$shaperent['disabled'] = $_POST['disabled'] ? true : false;
268	5412cd45	Scott Ullrich
269	92b753f8	Bill Marquette	$shaperent['inqueue'] = $_POST['inqueue'];
270			$shaperent['outqueue'] = $_POST['outqueue'];
271	5412cd45	Scott Ullrich
272	5b237745	Scott Ullrich	if (isset($id) && $a_shaper[$id])
273			$a_shaper[$id] = $shaperent;
274			else {
275			if (is_numeric($after))
276			array_splice($a_shaper, $after+1, 0, array($shaperent));
277			else
278			$a_shaper[] = $shaperent;
279			}
280	5412cd45	Scott Ullrich
281	5b237745	Scott Ullrich	write_config();
282			touch($d_shaperconfdirty_path);
283	5412cd45	Scott Ullrich
284	5b237745	Scott Ullrich	header("Location: firewall_shaper.php");
285			exit;
286			}
287			}
288	da7ae7ef	Bill Marquette
289	c44f1bd5	Bill Marquette	$pgtitle = "Firewall: Shaper: Rules: Edit";
290	a1357fe0	Bill Marquette	$closehead = false;
291	da7ae7ef	Bill Marquette	include("head.inc");
292	5b237745	Scott Ullrich	?>
293	da7ae7ef	Bill Marquette
294	5b237745	Scott Ullrich	<script language="JavaScript">
295			<!--
296			var portsenabled = 1;
297
298			function ext_change() {
299			if ((document.iform.srcbeginport.selectedIndex == 0) && portsenabled) {
300			document.iform.srcbeginport_cust.disabled = 0;
301			} else {
302			document.iform.srcbeginport_cust.value = "";
303			document.iform.srcbeginport_cust.disabled = 1;
304			}
305			if ((document.iform.srcendport.selectedIndex == 0) && portsenabled) {
306			document.iform.srcendport_cust.disabled = 0;
307			} else {
308			document.iform.srcendport_cust.value = "";
309			document.iform.srcendport_cust.disabled = 1;
310			}
311			if ((document.iform.dstbeginport.selectedIndex == 0) && portsenabled) {
312			document.iform.dstbeginport_cust.disabled = 0;
313			} else {
314			document.iform.dstbeginport_cust.value = "";
315			document.iform.dstbeginport_cust.disabled = 1;
316			}
317			if ((document.iform.dstendport.selectedIndex == 0) && portsenabled) {
318			document.iform.dstendport_cust.disabled = 0;
319			} else {
320			document.iform.dstendport_cust.value = "";
321			document.iform.dstendport_cust.disabled = 1;
322			}
323	5412cd45	Scott Ullrich
324	5b237745	Scott Ullrich	if (!portsenabled) {
325			document.iform.srcbeginport.disabled = 1;
326			document.iform.srcendport.disabled = 1;
327			document.iform.dstbeginport.disabled = 1;
328			document.iform.dstendport.disabled = 1;
329			} else {
330			document.iform.srcbeginport.disabled = 0;
331			document.iform.srcendport.disabled = 0;
332			document.iform.dstbeginport.disabled = 0;
333			document.iform.dstendport.disabled = 0;
334			}
335			}
336
337			function typesel_change() {
338			switch (document.iform.srctype.selectedIndex) {
339			case 1: /* single */
340			document.iform.src.disabled = 0;
341			document.iform.srcmask.value = "";
342			document.iform.srcmask.disabled = 1;
343			break;
344			case 2: /* network */
345			document.iform.src.disabled = 0;
346			document.iform.srcmask.disabled = 0;
347			break;
348			default:
349			document.iform.src.value = "";
350			document.iform.src.disabled = 1;
351			document.iform.srcmask.value = "";
352			document.iform.srcmask.disabled = 1;
353			break;
354			}
355			switch (document.iform.dsttype.selectedIndex) {
356			case 1: /* single */
357			document.iform.dst.disabled = 0;
358			document.iform.dstmask.value = "";
359			document.iform.dstmask.disabled = 1;
360			break;
361			case 2: /* network */
362			document.iform.dst.disabled = 0;
363			document.iform.dstmask.disabled = 0;
364			break;
365			default:
366			document.iform.dst.value = "";
367			document.iform.dst.disabled = 1;
368			document.iform.dstmask.value = "";
369			document.iform.dstmask.disabled = 1;
370			break;
371			}
372			}
373
374			function proto_change() {
375			if (document.iform.proto.selectedIndex < 2 \|\| document.iform.proto.selectedIndex == 8) {
376			portsenabled = 1;
377			} else {
378			portsenabled = 0;
379			}
380	5412cd45	Scott Ullrich
381	5b237745	Scott Ullrich	ext_change();
382			}
383
384			function src_rep_change() {
385			document.iform.srcendport.selectedIndex = document.iform.srcbeginport.selectedIndex;
386			}
387			function dst_rep_change() {
388			document.iform.dstendport.selectedIndex = document.iform.dstbeginport.selectedIndex;
389			}
390			//-->
391			</script>
392			</head>
393
394			<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
395			<?php include("fbegin.inc"); ?>
396	da7ae7ef	Bill Marquette	<p class="pgtitle"><?=$pgtitle?></p>
397	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
398	5412cd45	Scott Ullrich	<?php if (is_array($config['shaper']['queue']) && (count($config['shaper']['queue']) > 0)): ?>
399	5b237745	Scott Ullrich	<form action="firewall_shaper_edit.php" method="post" name="iform" id="iform">
400	ef97ce1b	Bill Marquette	<?display_topbar()?>
401	5b237745	Scott Ullrich	<table width="100%" border="0" cellpadding="6" cellspacing="0">
402	5412cd45	Scott Ullrich	<tr>
403	5b237745	Scott Ullrich	<td valign="top" class="vncellreq">Target</td>
404	1d819396	Bill Marquette	<td class="vtable"> <select name="outqueue" class="formfld">
405	5412cd45	Scott Ullrich	<?php
406	5b237745	Scott Ullrich	foreach ($config['shaper']['queue'] as $queuei => $queue): ?>
407	1d819396	Bill Marquette	<option value="<?=$queue['name'];?>" <?php if ($queue['name'] == $pconfig['outqueue']) echo "selected"; ?>>
408	72bc087a	Scott Ullrich	<?php
409	1d819396	Bill Marquette	echo htmlspecialchars("Outbound Queue " . ($queuei + 1));
410	5412cd45	Scott Ullrich	if ($queue['name'])
411			echo htmlspecialchars(" (" . $queue['name'] . ")");
412	72bc087a	Scott Ullrich	?>
413	5b237745	Scott Ullrich	</option>
414			<?php endforeach; ?>
415	1d819396	Bill Marquette	</select>/<select name="inqueue" class="formfld">
416	92b753f8	Bill Marquette	<?php
417			foreach ($config['shaper']['queue'] as $queuei => $queue): ?>
418	1d819396	Bill Marquette	<option value="<?=$queue['name'];?>" <?php if ($queue['name'] == $pconfig['inqueue']) echo "selected"; ?>>
419	92b753f8	Bill Marquette	<?php
420	1d819396	Bill Marquette	echo htmlspecialchars("Inbound Queue " . ($queuei + 1));
421	92b753f8	Bill Marquette	if ($queue['name'])
422			echo htmlspecialchars(" (" . $queue['name'] . ")");
423			?>
424			</option>
425			<?php endforeach; ?> <br>
426	54405438	Bill Marquette	<span class="vexpl">Choose a queue where packets that
427	5b237745	Scott Ullrich	match this rule should be sent.</span></td>
428			</tr>
429			<tr>
430			<td valign="top" class="vncellreq">Disabled</td>
431			<td class="vtable">
432			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
433			<strong>Disable this rule</strong><br>
434			<span class="vexpl">Set this option to disable this rule without removing it from the list.</span></td>
435			</tr>
436	5412cd45	Scott Ullrich	<tr>
437	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Interface</td>
438			<td width="78%" class="vtable"> <select name="interface" class="formfld">
439			<?php $interfaces = array('lan' => 'LAN', 'wan' => 'WAN', 'pptp' => 'PPTP');
440			for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) {
441			$interfaces['opt' . $i] = $config['interfaces']['opt' . $i]['descr'];
442			}
443			foreach ($interfaces as $iface => $ifacename): ?>
444	5412cd45	Scott Ullrich	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
445	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
446			</option>
447			<?php endforeach; ?>
448			</select> <br>
449	5412cd45	Scott Ullrich	<span class="vexpl">Choose which interface packets must pass
450	5b237745	Scott Ullrich	through to match this rule.</span></td>
451			</tr>
452	5412cd45	Scott Ullrich	<tr>
453	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Protocol</td>
454			<td width="78%" class="vtable"> <select name="proto" class="formfld" onchange="proto_change()">
455			<?php $protocols = explode(" ", "TCP UDP ICMP ESP AH GRE IPv6 IGMP any"); foreach ($protocols as $proto): ?>
456	5412cd45	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>>
457	5b237745	Scott Ullrich	<?=htmlspecialchars($proto);?>
458			</option>
459			<?php endforeach; ?>
460	5412cd45	Scott Ullrich	</select> <br> <span class="vexpl">Choose which IP protocol
461	5b237745	Scott Ullrich	this rule should match.<br>
462			Hint: in most cases, you should specify <em>TCP</em>  here.</span></td>
463			</tr>
464	5412cd45	Scott Ullrich	<tr>
465	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Source</td>
466	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
467	5b237745	Scott Ullrich	<strong>not</strong><br>
468	5412cd45	Scott Ullrich	Use this option to invert the sense of the match.<br> <br>
469	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
470	5412cd45	Scott Ullrich	<tr>
471	5b237745	Scott Ullrich	<td>Type:  </td>
472			<td><select name="srctype" class="formfld" onChange="typesel_change()">
473			<?php $sel = is_specialnet($pconfig['src']); ?>
474	5412cd45	Scott Ullrich	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>
475	5b237745	Scott Ullrich	any</option>
476	5412cd45	Scott Ullrich	<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
477	5b237745	Scott Ullrich	Single host or alias</option>
478	5412cd45	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
479	5b237745	Scott Ullrich	Network</option>
480	5412cd45	Scott Ullrich	<option value="lan" <?php if ($pconfig['src'] == "lan") { echo "selected"; } ?>>
481	5b237745	Scott Ullrich	LAN subnet</option>
482	5412cd45	Scott Ullrich	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>>
483	5b237745	Scott Ullrich	PPTP clients</option>
484			<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
485	5412cd45	Scott Ullrich	<option value="opt<?=$i;?>" <?php if ($pconfig['src'] == "opt" . $i) { echo "selected"; } ?>>
486	5b237745	Scott Ullrich	<?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?>
487			subnet</option>
488			<?php endfor; ?>
489			</select></td>
490			</tr>
491	5412cd45	Scott Ullrich	<tr>
492	5b237745	Scott Ullrich	<td>Address:  </td>
493	7f387ab0	Erik Kristensen	<td><input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>">
494	5412cd45	Scott Ullrich	/
495	5b237745	Scott Ullrich	<select name="srcmask" class="formfld" id="srcmask">
496			<?php for ($i = 31; $i > 0; $i--): ?>
497	5412cd45	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>>
498	5b237745	Scott Ullrich	<?=$i;?>
499			</option>
500			<?php endfor; ?>
501			</select></td>
502			</tr>
503			</table></td>
504			</tr>
505	5412cd45	Scott Ullrich	<tr>
506			<td width="22%" valign="top" class="vncellreq">Source port range
507	5b237745	Scott Ullrich	</td>
508			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
509	5412cd45	Scott Ullrich	<tr>
510	5b237745	Scott Ullrich	<td>from:  </td>
511			<td><select name="srcbeginport" class="formfld" onchange="src_rep_change();ext_change()">
512			<option value="">(other)</option>
513			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
514			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
515			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) {
516			echo "selected";
517			$bfound = 1;
518	5412cd45	Scott Ullrich	}?>>
519	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
520			</option>
521			<?php endforeach; ?>
522	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"></td>
523	5b237745	Scott Ullrich	</tr>
524	5412cd45	Scott Ullrich	<tr>
525	5b237745	Scott Ullrich	<td>to:</td>
526			<td><select name="srcendport" class="formfld" onchange="ext_change()">
527			<option value="">(other)</option>
528			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
529			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
530			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) {
531			echo "selected";
532			$bfound = 1;
533	5412cd45	Scott Ullrich	}?>>
534	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
535			</option>
536			<?php endforeach; ?>
537	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"></td>
538	5b237745	Scott Ullrich	</tr>
539			</table>
540	5412cd45	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range for
541	5b237745	Scott Ullrich	the source of the packet for this rule.<br>
542	5412cd45	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
543	5b237745	Scott Ullrich	want to filter a single port</span></td>
544	5412cd45	Scott Ullrich	<tr>
545	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncellreq">Destination</td>
546	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
547	5b237745	Scott Ullrich	<strong>not</strong><br>
548	5412cd45	Scott Ullrich	Use this option to invert the sense of the match.<br> <br>
549	5b237745	Scott Ullrich	<table border="0" cellspacing="0" cellpadding="0">
550	5412cd45	Scott Ullrich	<tr>
551	5b237745	Scott Ullrich	<td>Type:  </td>
552			<td><select name="dsttype" class="formfld" onChange="typesel_change()">
553			<?php $sel = is_specialnet($pconfig['dst']); ?>
554	5412cd45	Scott Ullrich	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>
555	5b237745	Scott Ullrich	any</option>
556	5412cd45	Scott Ullrich	<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>
557	5b237745	Scott Ullrich	Single host or alias</option>
558	5412cd45	Scott Ullrich	<option value="network" <?php if (!$sel) echo "selected"; ?>>
559	5b237745	Scott Ullrich	Network</option>
560	5412cd45	Scott Ullrich	<option value="lan" <?php if ($pconfig['dst'] == "lan") { echo "selected"; } ?>>
561	5b237745	Scott Ullrich	LAN subnet</option>
562	5412cd45	Scott Ullrich	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>>
563	5b237745	Scott Ullrich	PPTP clients</option>
564			<?php for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++): ?>
565	5412cd45	Scott Ullrich	<option value="opt<?=$i;?>" <?php if ($pconfig['dst'] == "opt" . $i) { echo "selected"; } ?>>
566	5b237745	Scott Ullrich	<?=htmlspecialchars($config['interfaces']['opt' . $i]['descr']);?>
567			subnet</option>
568			<?php endfor; ?>
569			</select> </td>
570			</tr>
571	5412cd45	Scott Ullrich	<tr>
572	5b237745	Scott Ullrich	<td>Address:  </td>
573	7f387ab0	Erik Kristensen	<td><input name="dst" autocomplete='off' type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
574	5412cd45	Scott Ullrich	/
575	5b237745	Scott Ullrich	<select name="dstmask" class="formfld" id="dstmask">
576			<?php for ($i = 31; $i > 0; $i--): ?>
577	5412cd45	Scott Ullrich	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>>
578	5b237745	Scott Ullrich	<?=$i;?>
579			</option>
580			<?php endfor; ?>
581			</select></td>
582			</tr>
583			</table></td>
584			</tr>
585	5412cd45	Scott Ullrich	<tr>
586			<td width="22%" valign="top" class="vncellreq">Destination port
587	5b237745	Scott Ullrich	range </td>
588			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
589	5412cd45	Scott Ullrich	<tr>
590	5b237745	Scott Ullrich	<td>from:  </td>
591			<td><select name="dstbeginport" class="formfld" onchange="dst_rep_change();ext_change()">
592			<option value="">(other)</option>
593			<option value="any" <?php $bfound = 0; if ($pconfig['dstbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
594			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
595			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) {
596			echo "selected";
597			$bfound = 1;
598	5412cd45	Scott Ullrich	}?>>
599	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
600			</option>
601			<?php endforeach; ?>
602	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"></td>
603	5b237745	Scott Ullrich	</tr>
604	5412cd45	Scott Ullrich	<tr>
605	5b237745	Scott Ullrich	<td>to:</td>
606			<td><select name="dstendport" class="formfld" onchange="ext_change()">
607			<option value="">(other)</option>
608			<option value="any" <?php $bfound = 0; if ($pconfig['dstendport'] == "any") { echo "selected"; $bfound = 1; } ?>>any</option>
609			<?php foreach ($wkports as $wkport => $wkportdesc): ?>
610			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) {
611			echo "selected";
612			$bfound = 1;
613	5412cd45	Scott Ullrich	}?>>
614	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
615			</option>
616			<?php endforeach; ?>
617	7f387ab0	Erik Kristensen	</select> <input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"></td>
618	5b237745	Scott Ullrich	</tr>
619			</table>
620	5412cd45	Scott Ullrich	<br> <span class="vexpl">Specify the port or port range for
621	5b237745	Scott Ullrich	the destination of the packet for this rule.<br>
622	5412cd45	Scott Ullrich	Hint: you can leave the <em>'to'</em> field empty if you only
623	5b237745	Scott Ullrich	want to filter a single port</span></td>
624	5412cd45	Scott Ullrich	<tr>
625	5b237745	Scott Ullrich	<td valign="top" class="vncell">Direction</td>
626			<td class="vtable"> <select name="direction" class="formfld">
627			<option value="" <?php if (!$pconfig['direction']) echo "selected"; ?>>any</option>
628			<option value="in" <?php if ($pconfig['direction'] == "in") echo "selected"; ?>>in</option>
629			<option value="out" <?php if ($pconfig['direction'] == "out") echo "selected"; ?>>out</option>
630			</select> <br>
631	5412cd45	Scott Ullrich	Use this to match only packets travelling in a given direction
632			on the interface specified above (as seen from the firewall's
633	5b237745	Scott Ullrich	perspective). </td>
634			</tr>
635	5412cd45	Scott Ullrich	<tr>
636	36de9000	Scott Ullrich	<td width="22%" valign="top" class="vncell">IP Type of Service (TOS)</td>
637			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
638	5412cd45	Scott Ullrich	<?php
639	3ffab555	Scott Ullrich	$iniptos = explode(",", $pconfig['iptos']);
640			foreach ($iptos as $tos): $dontcare = true; ?>
641	5412cd45	Scott Ullrich	<tr>
642			<td width="80" nowrap><strong>
643	3ffab555	Scott Ullrich	<?echo $tos;?>
644	36de9000	Scott Ullrich	</strong></td>
645			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="on" <?php if (array_search($tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
646			yes   </td>
647			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="off" <?php if (array_search("!" . $tos, $iniptos) !== false) { echo "checked"; $dontcare = false; }?>>
648			no   </td>
649			<td nowrap> <input type="radio" name="iptos_<?=$tos;?>" value="" <?php if ($dontcare) echo "checked";?>>
650			don't care</td>
651			</tr>
652			<?php endforeach; ?>
653			</table>
654			<span class="vexpl">Use this to match packets according to their IP TOS values.
655			</span></td>
656	5b237745	Scott Ullrich	</tr>
657	5412cd45	Scott Ullrich	<tr>
658	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">TCP flags</td>
659			<td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="0">
660	5412cd45	Scott Ullrich	<?php
661	5b237745	Scott Ullrich	$inflags = explode(",", $pconfig['tcpflags']);
662			foreach ($tcpflags as $tcpflag): $dontcare = true; ?>
663	5412cd45	Scott Ullrich	<tr>
664			<td width="40" nowrap><strong>
665	5b237745	Scott Ullrich	<?=strtoupper($tcpflag);?>
666			</strong></td>
667			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="on" <?php if (array_search($tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>>
668			set   </td>
669			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="off" <?php if (array_search("!" . $tcpflag, $inflags) !== false) { echo "checked"; $dontcare = false; }?>>
670			cleared   </td>
671			<td nowrap> <input type="radio" name="tcpflags_<?=$tcpflag;?>" value="" <?php if ($dontcare) echo "checked";?>>
672			don't care</td>
673			</tr>
674			<?php endforeach; ?>
675			</table>
676	5412cd45	Scott Ullrich	<span class="vexpl">Use this to choose TCP flags that must
677	5b237745	Scott Ullrich	be set or cleared for this rule to match.</span></td>
678			</tr>
679	5412cd45	Scott Ullrich	<tr>
680	5b237745	Scott Ullrich	<td width="22%" valign="top" class="vncell">Description</td>
681	5412cd45	Scott Ullrich	<td width="78%" class="vtable"> <input name="descr" type="text" class="formfld" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
682			<br> <span class="vexpl">You may enter a description here
683	5b237745	Scott Ullrich	for your reference (not parsed).</span></td>
684			</tr>
685	5412cd45	Scott Ullrich	<tr>
686	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
687	fc01e414	Scott Ullrich	<td width="78%"> <input name="Submit" type="submit" class="formbtn" value="Save"> <input type="button" class="formbtn" value="Cancel" onclick="history.back()">
688	5b237745	Scott Ullrich	<?php if (isset($id) && $a_shaper[$id]): ?>
689			<input name="id" type="hidden" value="<?=$id;?>">
690			<?php endif; ?>
691			<input name="after" type="hidden" value="<?=$after;?>">
692			</td>
693			</tr>
694			</table>
695			</form>
696			<script language="JavaScript">
697			<!--
698			ext_change();
699			typesel_change();
700			proto_change();
701	79e8a215	Scott Ullrich	-->
702	5b237745	Scott Ullrich	</script>
703	12bcdc89	Scott Ullrich	<?php else: ?>
704	71c2518c	Scott Ullrich	<p><strong>You need to create a queue before you can add a new rule.</strong></p>
705	12bcdc89	Scott Ullrich	<?php endif; ?>
706	79e8a215	Scott Ullrich	<?php
707			$isfirst = 0;
708			$aliases = "";
709			$addrisfirst = 0;
710			$aliasesaddr = "";
711	b7141335	Scott Ullrich	if(is_array($config['aliases']['alias'])) {
712			foreach($config['aliases']['alias'] as $alias_name) {
713			if(!stristr($alias_name['address'], ".")) {
714			if($isfirst == 1) $aliases .= ",";
715			$aliases .= "'" . $alias_name['name'] . "'";
716			$isfirst = 1;
717			} else {
718			if($addrisfirst == 1) $aliasesaddr .= ",";
719			$aliasesaddr .= "'" . $alias_name['name'] . "'";
720			$addrisfirst = 1;
721			}
722	79e8a215	Scott Ullrich	}
723			}
724			?>
725
726			<script language="JavaScript">
727			<!--
728	7f387ab0	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
729			var customarray=new Array(<?php echo $aliases; ?>);
730	79e8a215	Scott Ullrich	//-->
731			</script>
732	7f387ab0	Erik Kristensen
733	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
734			</body>
735			</html>

Project

General

Profile

pfSense