/usr/local/www/firewall_rules.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_rules.php @ e41d7a1c

1	b2ffe419	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4	37e2071c	Scott Ullrich	firewall_rules.php
5	c7281770	Chris Buechler	part of pfSense (https://www.pfsense.org)
6	56dda8e0	Renato Botelho	Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
7	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
8	b2ffe419	Scott Ullrich
9	e4cabb75	Scott Ullrich	originally part of m0n0wall (http://m0n0.ch/wall)
10			Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
11	37e2071c	Scott Ullrich	All rights reserved.
12	b2ffe419	Scott Ullrich
13	37e2071c	Scott Ullrich	Redistribution and use in source and binary forms, with or without
14			modification, are permitted provided that the following conditions are met:
15	b2ffe419	Scott Ullrich
16	37e2071c	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
17			this list of conditions and the following disclaimer.
18	b2ffe419	Scott Ullrich
19	37e2071c	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
20			notice, this list of conditions and the following disclaimer in the
21			documentation and/or other materials provided with the distribution.
22	b2ffe419	Scott Ullrich
23	37e2071c	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
26			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
27			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32			POSSIBILITY OF SUCH DAMAGE.
33	5b237745	Scott Ullrich	*/
34	7ac5a4cb	Scott Ullrich	/*
35			pfSense_MODULE: filter
36			*/
37	5b237745	Scott Ullrich
38	6b07c15a	Matthew Grooms	##\|+PRIV
39			##\|*IDENT=page-firewall-rules
40			##\|*NAME=Firewall: Rules page
41			##\|*DESCR=Allow access to the 'Firewall: Rules' page.
42			##\|MATCH=firewall_rules.php
43			##\|-PRIV
44
45	5b237745	Scott Ullrich	require("guiconfig.inc");
46	7a927e67	Scott Ullrich	require_once("functions.inc");
47			require_once("filter.inc");
48			require_once("shaper.inc");
49	5b237745	Scott Ullrich
50	7a808e01	Carlos Eduardo Ramos	$pgtitle = array(gettext("Firewall"),gettext("Rules"));
51	b32dd0a6	jim-p	$shortcut_section = "firewall";
52	7a808e01	Carlos Eduardo Ramos
53	00c82782	Renato Botelho	function delete_nat_association($id) {
54			global $config;
55
56			if (!$id \|\| !is_array($config['nat']['rule']))
57	673d29c0	Renato Botelho	return;
58
59	00c82782	Renato Botelho	$a_nat = &$config['nat']['rule'];
60
61			foreach ($a_nat as &$natent)
62			if ($natent['associated-rule-id'] == $id)
63			$natent['associated-rule-id'] = '';
64	673d29c0	Renato Botelho	}
65
66	5b237745	Scott Ullrich	if (!is_array($config['filter']['rule'])) {
67			$config['filter']['rule'] = array();
68			}
69			filter_rules_sort();
70			$a_filter = &$config['filter']['rule'];
71
72	07bd3f83	Scott Ullrich	$if = $_GET['if'];
73			if ($_POST['if'])
74			$if = $_POST['if'];
75	b2ffe419	Scott Ullrich
76	cbe3ea96	Ermal Luçi	$ifdescs = get_configured_interface_with_descr();
77	07bd3f83	Scott Ullrich
78	90ba56ad	Scott Ullrich	/* add group interfaces */
79			if (is_array($config['ifgroups']['ifgroupentry']))
80			foreach($config['ifgroups']['ifgroupentry'] as $ifgen)
81			if (have_ruleint_access($ifgen['ifname']))
82			$iflist[$ifgen['ifname']] = $ifgen['ifname'];
83
84	aef4dc74	Ermal Luçi	foreach ($ifdescs as $ifent => $ifdesc)
85	56dda8e0	Renato Botelho	if(have_ruleint_access($ifent))
86	aef4dc74	Ermal Luçi	$iflist[$ifent] = $ifdesc;
87	88bcd1d2	Scott Dale
88	617f8d25	Ermal Lu?i	if ($config['l2tp']['mode'] == "server")
89	56dda8e0	Renato Botelho	if(have_ruleint_access("l2tp"))
90			$iflist['l2tp'] = "L2TP VPN";
91	617f8d25	Ermal Lu?i
92	07bd3f83	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
93	56dda8e0	Renato Botelho	if(have_ruleint_access("pptp"))
94	d81c2ad1	Scott Ullrich	$iflist['pptp'] = "PPTP VPN";
95	50e0d2a1	Scott Ullrich
96	b0899ee4	Ermal	if (is_array($config['pppoes']['pppoe'])) {
97			foreach ($config['pppoes']['pppoe'] as $pppoes)
98			if (($pppoes['mode'] == 'server') && have_ruleint_access("pppoe"))
99			$iflist['pppoe'] = "PPPoE Server";
100			}
101	0c554ff6	Scott Ullrich
102	88bcd1d2	Scott Dale	/* add ipsec interfaces */
103	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
104	56dda8e0	Renato Botelho	if(have_ruleint_access("enc0"))
105	0f266b2e	Chris Buechler	$iflist["enc0"] = "IPsec";
106	07bd3f83	Scott Ullrich
107	bfb60ac8	Ermal Luçi	/* add openvpn/tun interfaces */
108	d799787e	Matthew Grooms	if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
109	56dda8e0	Renato Botelho	$iflist["openvpn"] = "OpenVPN";
110	bfb60ac8	Ermal Luçi
111	4a6cf823	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/interfaces_override");
112
113	92125c97	Ermal Luçi	if (!$if \|\| !isset($iflist[$if])) {
114			if ("any" == $if)
115	56dda8e0	Renato Botelho	$if = "FloatingRules";
116			else if ("FloatingRules" != $if) {
117	0416d9a0	Darren Embry	if (isset($iflist['wan']))
118			$if = "wan";
119			else
120			$if = "FloatingRules";
121			}
122	92125c97	Ermal Luçi	}
123	07bd3f83	Scott Ullrich
124	5b237745	Scott Ullrich	if ($_POST) {
125
126			$pconfig = $_POST;
127
128			if ($_POST['apply']) {
129	37e2071c	Scott Ullrich	$retval = 0;
130	9a7e416c	Scott Ullrich	$retval = filter_configure();
131
132	a368a026	Ermal Lu?i	clear_subsystem_dirty('filter');
133	a985eac2	Scott Ullrich
134	1a700ea6	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/apply");
135
136	8cd558b6	ayvis	$savemsg = sprintf(gettext("The settings have been applied. The firewall rules are now reloading in the background.<br />You can also %s monitor %s the reload progress"),"<a href='status_filter_reload.php'>","</a>");
137	5b237745	Scott Ullrich	}
138			}
139
140	d97c50cd	Bill Marquette	if ($_GET['act'] == "del") {
141	673d29c0	Renato Botelho	if ($a_filter[$_GET['id']]) {
142			if (!empty($a_filter[$_GET['id']]['associated-rule-id'])) {
143	00c82782	Renato Botelho	delete_nat_association($a_filter[$_GET['id']]['associated-rule-id']);
144	673d29c0	Renato Botelho	}
145			unset($a_filter[$_GET['id']]);
146	3a343d73	jim-p	if (write_config())
147	bec92ab9	jim-p	mark_subsystem_dirty('filter');
148	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
149	673d29c0	Renato Botelho	exit;
150			}
151	d97c50cd	Bill Marquette	}
152
153	32c58070	Scott Ullrich	// Handle save msg if defined
154	56dda8e0	Renato Botelho	if($_REQUEST['savemsg'])
155	32c58070	Scott Ullrich	$savemsg = htmlentities($_REQUEST['savemsg']);
156
157	07bd3f83	Scott Ullrich	if (isset($_POST['del_x'])) {
158			/* delete selected rules */
159			if (is_array($_POST['rule']) && count($_POST['rule'])) {
160			foreach ($_POST['rule'] as $rulei) {
161	00c82782	Renato Botelho	delete_nat_association($a_filter[$rulei]['associated-rule-id']);
162	07bd3f83	Scott Ullrich	unset($a_filter[$rulei]);
163			}
164	3a343d73	jim-p	if (write_config())
165	bec92ab9	jim-p	mark_subsystem_dirty('filter');
166	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
167	5b237745	Scott Ullrich	exit;
168			}
169	07bd3f83	Scott Ullrich	} else if ($_GET['act'] == "toggle") {
170			if ($a_filter[$_GET['id']]) {
171	56dda8e0	Renato Botelho	if(isset($a_filter[$_GET['id']]['disabled']))
172			unset($a_filter[$_GET['id']]['disabled']);
173			else
174			$a_filter[$_GET['id']]['disabled'] = true;
175	3a343d73	jim-p	if (write_config())
176	bec92ab9	jim-p	mark_subsystem_dirty('filter');
177	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
178	5b237745	Scott Ullrich	exit;
179			}
180	07bd3f83	Scott Ullrich	} else {
181	b2ffe419	Scott Ullrich	/* yuck - IE won't send value attributes for image buttons, while Mozilla does -
182	37e2071c	Scott Ullrich	so we use .x/.y to fine move button clicks instead... */
183	07bd3f83	Scott Ullrich	unset($movebtn);
184			foreach ($_POST as $pn => $pd) {
185			if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
186			$movebtn = $matches[1];
187			break;
188			}
189	5b237745	Scott Ullrich	}
190	07bd3f83	Scott Ullrich	/* move selected rules before this rule */
191			if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
192			$a_filter_new = array();
193	b2ffe419	Scott Ullrich
194	07bd3f83	Scott Ullrich	/* copy all rules < $movebtn and not selected */
195			for ($i = 0; $i < $movebtn; $i++) {
196			if (!in_array($i, $_POST['rule']))
197			$a_filter_new[] = $a_filter[$i];
198			}
199	b2ffe419	Scott Ullrich
200	07bd3f83	Scott Ullrich	/* copy all selected rules */
201			for ($i = 0; $i < count($a_filter); $i++) {
202			if ($i == $movebtn)
203			continue;
204			if (in_array($i, $_POST['rule']))
205			$a_filter_new[] = $a_filter[$i];
206			}
207	b2ffe419	Scott Ullrich
208	07bd3f83	Scott Ullrich	/* copy $movebtn rule */
209			if ($movebtn < count($a_filter))
210			$a_filter_new[] = $a_filter[$movebtn];
211	b2ffe419	Scott Ullrich
212	07bd3f83	Scott Ullrich	/* copy all rules > $movebtn and not selected */
213			for ($i = $movebtn+1; $i < count($a_filter); $i++) {
214			if (!in_array($i, $_POST['rule']))
215			$a_filter_new[] = $a_filter[$i];
216			}
217	b2ffe419	Scott Ullrich
218	07bd3f83	Scott Ullrich	$a_filter = $a_filter_new;
219	3a343d73	jim-p	if (write_config())
220	bec92ab9	jim-p	mark_subsystem_dirty('filter');
221	e653b6e1	jim-p	header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
222	5b237745	Scott Ullrich	exit;
223			}
224			}
225
226	9a25487b	Scott Ullrich	include("head.inc");
227	3b2c83b8	Sjon Hortensius	$nrules = 0;
228
229			?>
230			<?php if ($savemsg) print_info_box($savemsg);?>
231	a368a026	Ermal Lu?i	<?php if (is_subsystem_dirty('filter')): ?><p>
232	c678ca65	jim-p	<?php print_info_box_np(gettext("The firewall rule configuration has been changed.") . "<br />" . gettext("You must apply the changes in order for them to take effect."), "apply", "", true); ?>
233	8cd558b6	ayvis	<br />
234	5b237745	Scott Ullrich	<?php endif; ?>
235	3a4ca65e	Scott Ullrich	<?php
236			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/before_table");
237			?>
238	3b2c83b8	Sjon Hortensius
239			<?php
240			/* active tabs */
241			$tab_array = array(array(gettext("Floating"), ("FloatingRules" == $if), "firewall_rules.php?if=FloatingRules"));
242
243			foreach ($iflist as $ifent => $ifname) {
244			$tab_array[] = array($ifname, ($ifent == $if), "firewall_rules.php?if={$ifent}");
245			}
246
247			display_top_tabs($tab_array);
248			?>
249	06966500	Sander van Leeuwen	<div class="table-responsive">
250	89f64f0f	Sander van Leeuwen	<table class="table table-striped table-hover">
251	3b2c83b8	Sjon Hortensius	<?php
252			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/before_first_tr");
253			?>
254			<thead>
255			<tr>
256			<th colspan="2"></th>
257			<th><?=gettext("ID");?></th>
258			<?php
259			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tablehead");
260			?>
261			<th><?=gettext("Proto");?></th>
262			<th><?=gettext("Source");?></th>
263			<th><?=gettext("Port");?></th>
264			<th><?=gettext("Destination");?></th>
265			<th><?=gettext("Port");?></th>
266			<th><?=gettext("Gateway");?></th>
267			<th><?=gettext("Queue");?></th>
268			<th><?=gettext("Schedule");?></th>
269			<?php
270			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_desc_tablehead");
271			?>
272			<th><?=gettext("Description");?></th>
273	06966500	Sander van Leeuwen	<th></th>
274	3b2c83b8	Sjon Hortensius	</tr>
275			</thead>
276			<tbody>
277			<?php // Show the anti-lockout rule if it's enabled, and we are on LAN with an if count > 1, or WAN with an if count of 1.
278			if (!isset($config['system']['webgui']['noantilockout']) &&
279			(((count($config['interfaces']) > 1) && ($if == 'lan'))
280			\|\| ((count($config['interfaces']) == 1) && ($if == 'wan')))):
281
282			$alports = implode('<br />', filter_get_antilockout_ports(true));
283	56dda8e0	Renato Botelho	?>
284	3b2c83b8	Sjon Hortensius	<tr id="antilockout">
285			<td></td>
286	69b397dd	Sjon Hortensius	<td title="<?=gettext("traffic is passed")?>"><i class="icon icon-ok"></i></td>
287	3b2c83b8	Sjon Hortensius	<td></td>
288			<?php
289			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tr_antilockout");
290			?>
291			<td>*</td>
292			<td>*</td>
293			<td>*</td>
294			<td><?=$iflist[$if];?> Address</td>
295			<td><?=$alports?></td>
296			<td>*</td>
297			<td>*</td>
298			<td></td>
299			<td><?=gettext("Anti-Lockout Rule");?></td>
300			<td>
301	06966500	Sander van Leeuwen	<a href="system_advanced_admin.php" class="btn btn-xs btn-primary">edit</a>
302	3b2c83b8	Sjon Hortensius	</td>
303			</tr>
304			<?php endif;?>
305	03976254	jim-p
306	f1f60c92	Ermal Luçi	<?php if (isset($config['interfaces'][$if]['blockpriv'])): ?>
307	3b2c83b8	Sjon Hortensius	<tr id="frrfc1918">
308			<td></td>
309	69b397dd	Sjon Hortensius	<td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td>
310	3b2c83b8	Sjon Hortensius	<td></td>
311			<td>*</td>
312			<td><?=gettext("RFC 1918 networks");?></td>
313			<td>*</td>
314			<td>*</td>
315			<td>*</td>
316			<td>*</td>
317			<td>*</td>
318			<td></td>
319			<td><?=gettext("Block private networks");?></td>
320			<td>
321	06966500	Sander van Leeuwen	<a href="system_advanced_admin.php" class="btn btn-xs btn-primary" title="<?=gettext("edit rule");?>">edit</a>
322	3b2c83b8	Sjon Hortensius	</td>
323			</tr>
324			<?php endif;?>
325	f1f60c92	Ermal Luçi	<?php if (isset($config['interfaces'][$if]['blockbogons'])): ?>
326	3b2c83b8	Sjon Hortensius	<tr id="frrfc1918">
327			<td></td>
328	69b397dd	Sjon Hortensius	<td title="<?=gettext("traffic is blocked")?>"><i class="icon icon-remove"></i></td>
329	3b2c83b8	Sjon Hortensius	<td></td>
330			<td>*</td>
331			<td><?=gettext("Reserved/not assigned by IANA");?></td>
332			<td>*</td>
333			<td>*</td>
334			<td>*</td>
335			<td>*</td>
336			<td>*</td>
337			<td>*</td>
338			<td><?=gettext("Block bogon networks");?></td>
339			<td>
340	06966500	Sander van Leeuwen	<a href="system_advanced_admin.php" class="btn btn-xs btn-primary">edit</a>
341	3b2c83b8	Sjon Hortensius	</td>
342			</tr>
343			<?php endif;?>
344
345			<?php for ($i = 0; isset($a_filter[$i]); $i++):
346	56dda8e0	Renato Botelho	pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/row_start");
347			$filterent = $a_filter[$i];
348			if ($filterent['interface'] != $if && !isset($filterent['floating']))
349			continue;
350			if (isset($filterent['floating']) && "FloatingRules" != $if)
351			continue;
352	3b2c83b8	Sjon Hortensius
353			$nrules++;
354	56dda8e0	Renato Botelho	?>
355	3b2c83b8	Sjon Hortensius	<tr id="fr<?=$i?>"<?=(isset($filterent['disabled']) ? ' class="disabled"' : '')?>>
356			<td>
357			<input type="checkbox" id="frc<?=$i?>" name="rule[]" value="<?=$i?>" />
358			</td>
359	69b397dd	Sjon Hortensius	<td title="<?=gettext("traffic is ").$filterent['type']."ed"?>">
360	3b2c83b8	Sjon Hortensius	<?php
361			if ($filterent['type'] == "block")
362			$iconfn = "remove";
363			else if ($filterent['type'] == "reject")
364			$iconfn = "fire";
365			else if ($filterent['type'] == "match")
366			$iconfn = "filter";
367			else
368			$iconfn = "ok";
369			?>
370	69b397dd	Sjon Hortensius	<i class="icon icon-<?=$iconfn?>"></i>
371	3b2c83b8	Sjon Hortensius	<?php
372			$isadvset = firewall_check_for_advanced_options($filterent);
373	69b397dd	Sjon Hortensius	if ($isadvset)
374			print '<i class="icon icon-cog" title="'. gettext("advanced setting") .': '. $isadvset .'"></i>';
375	3b2c83b8	Sjon Hortensius
376	69b397dd	Sjon Hortensius	if (isset($filterent['log']))
377	3b2c83b8	Sjon Hortensius	print '<i class="icon icon-tasks" title="'. gettext("traffic is logged") .'"></i>';
378			?>
379			</td>
380			<?php
381			$alias = rule_columns_with_alias(
382			$filterent['source']['address'],
383			pprint_port($filterent['source']['port']),
384			$filterent['destination']['address'],
385			pprint_port($filterent['destination']['port'])
386			);
387
388			//build Schedule popup box
389			$a_schedules = &$config['schedules']['schedule'];
390			$schedule_span_begin = "";
391			$schedule_span_end = "";
392			$sched_caption_escaped = "";
393			$sched_content = "";
394			$schedstatus = false;
395			$dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun'));
396			$monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December'));
397			if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])) {
398			foreach ($a_schedules as $schedule)
399			{
400			if ($schedule['name'] == $filterent['sched'] ){
401			$schedstatus = filter_get_time_based_rule_status($schedule);
402
403			foreach($schedule['timerange'] as $timerange) {
404			$tempFriendlyTime = "";
405			$tempID = "";
406			$firstprint = false;
407			if ($timerange){
408			$dayFriendly = "";
409			$tempFriendlyTime = "";
410
411			//get hours
412			$temptimerange = $timerange['hour'];
413			$temptimeseparator = strrpos($temptimerange, "-");
414
415			$starttime = substr ($temptimerange, 0, $temptimeseparator);
416			$stoptime = substr ($temptimerange, $temptimeseparator+1);
417
418			if ($timerange['month']){
419			$tempmontharray = explode(",", $timerange['month']);
420			$tempdayarray = explode(",",$timerange['day']);
421			$arraycounter = 0;
422			$firstDayFound = false;
423			$firstPrint = false;
424			foreach ($tempmontharray as $monthtmp){
425			$month = $tempmontharray[$arraycounter];
426			$day = $tempdayarray[$arraycounter];
427
428			if (!$firstDayFound)
429	8ce97a08	Scott Dale	{
430	3b2c83b8	Sjon Hortensius	$firstDay = $day;
431			$firstmonth = $month;
432			$firstDayFound = true;
433			}
434
435			$currentDay = $day;
436			$nextDay = $tempdayarray[$arraycounter+1];
437			$currentDay++;
438			if (($currentDay != $nextDay) \|\| ($tempmontharray[$arraycounter] != $tempmontharray[$arraycounter+1])){
439			if ($firstPrint)
440			$dayFriendly .= ", ";
441			$currentDay--;
442			if ($currentDay != $firstDay)
443			$dayFriendly .= $monthArray[$firstmonth-1] . " " . $firstDay . " - " . $currentDay ;
444			else
445			$dayFriendly .= $monthArray[$month-1] . " " . $day;
446	8ce97a08	Scott Dale	$firstDayFound = false;
447	3b2c83b8	Sjon Hortensius	$firstPrint = true;
448			}
449			$arraycounter++;
450			}
451			}
452			else
453			{
454			$tempdayFriendly = $timerange['position'];
455			$firstDayFound = false;
456			$tempFriendlyDayArray = explode(",", $tempdayFriendly);
457			$currentDay = "";
458			$firstDay = "";
459			$nextDay = "";
460			$counter = 0;
461			foreach ($tempFriendlyDayArray as $day){
462			if ($day != ""){
463			if (!$firstDayFound)
464			{
465			$firstDay = $tempFriendlyDayArray[$counter];
466			$firstDayFound = true;
467	8ce97a08	Scott Dale	}
468	3b2c83b8	Sjon Hortensius	$currentDay =$tempFriendlyDayArray[$counter];
469			//get next day
470			$nextDay = $tempFriendlyDayArray[$counter+1];
471			$currentDay++;
472			if ($currentDay != $nextDay){
473			if ($firstprint)
474			$dayFriendly .= ", ";
475			$currentDay--;
476			if ($currentDay != $firstDay)
477			$dayFriendly .= $dayArray[$firstDay-1] . " - " . $dayArray[$currentDay-1];
478			else
479			$dayFriendly .= $dayArray[$firstDay-1];
480			$firstDayFound = false;
481			$firstprint = true;
482			}
483			$counter++;
484	56dda8e0	Renato Botelho	}
485	8ce97a08	Scott Dale	}
486	2a113ca9	Scott Dale	}
487	3b2c83b8	Sjon Hortensius	$timeFriendly = $starttime . " - " . $stoptime;
488			$description = $timerange['rangedescr'];
489			$sched_content .= $dayFriendly . "; " . $timeFriendly . "<br />";
490	56dda8e0	Renato Botelho	}
491			}
492	3b2c83b8	Sjon Hortensius	$sched_caption_escaped = str_replace("'", "\'", $schedule['descr']);
493			$schedule_span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>{$sched_caption_escaped}</h1><p>{$sched_content}</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><u>";
494			$schedule_span_end = "</u></span>";
495	616dd997	Scott Dale	}
496	3b2c83b8	Sjon Hortensius	}
497			}
498			$printicon = false;
499			$alttext = "";
500			$image = "";
501			if (!isset($filterent['disabled'])) {
502			if ($schedstatus) {
503			if ($iconfn == "block" \|\| $iconfn == "reject") {
504			$image = "icon_block";
505			$alttext = gettext("Traffic matching this rule is currently being denied");
506	56dda8e0	Renato Botelho	} else {
507	3b2c83b8	Sjon Hortensius	$image = "icon_pass";
508			$alttext = gettext("Traffic matching this rule is currently being allowed");
509	be81b340	Erik Fonnesbeck	}
510	3b2c83b8	Sjon Hortensius	$printicon = true;
511			} else if ($filterent['sched']) {
512			if ($iconfn == "block" \|\| $iconfn == "reject")
513			$image = "icon_block_d";
514			else
515			$image = "icon_block";
516			$alttext = gettext("This rule is not currently active because its period has expired");
517			$printicon = true;
518			}
519			}
520			?>
521			<td><?=$filterent['id']?></td>
522			<?php
523			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_id_tr");
524			?>
525			<td>
526			<?php
527			if (isset($filterent['ipprotocol'])) {
528			switch($filterent['ipprotocol']) {
529			case "inet":
530			echo "IPv4 ";
531			break;
532			case "inet6":
533			echo "IPv6 ";
534			break;
535			case "inet46":
536			echo "IPv4+6 ";
537			break;
538			}
539			} else {
540			echo "IPv4 ";
541			}
542
543			if (isset($filterent['protocol'])) {
544			echo strtoupper($filterent['protocol']);
545
546			if (strtoupper($filterent['protocol']) == "ICMP" && !empty($filterent['icmptype'])) {
547			echo ' <span style="cursor: help;" title="ICMP type: ' .
548			( $filterent['ipprotocol'] == "inet6" ? $icmp6types[$filterent['icmptype']] : $icmptypes[$filterent['icmptype']] ) .
549			'"><u>';
550			echo $filterent['icmptype'];
551			echo '</u></span>';
552			}
553			} else echo "*";
554			?>
555			</td>
556			<td>
557			<?php if (isset($alias['src'])): ?>
558			<a href="/firewall_aliases_edit.php?id=<?=$alias['src']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['src'])?>" data-html="true">
559			<?php endif; ?>
560			<?=htmlspecialchars(pprint_address($filterent['source']))?>
561			<?php if (isset($alias['src'])): ?>
562			<i class='icon icon-pencil'></i></a>
563			<?php endif; ?>
564			</td>
565			<td>
566			<?php if (isset($alias['srcport'])): ?>
567			<a href="/firewall_aliases_edit.php?id=<?=$alias['srcport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['srcport'])?>" data-html="true">
568			<?php endif; ?>
569			<?=htmlspecialchars(pprint_port($filterent['source']['port']))?>
570			<?php if (isset($alias['srcport'])): ?>
571			<i class='icon icon-pencil'></i></a>
572			<?php endif; ?>
573			</td>
574			<td>
575			<?php if (isset($alias['dst'])): ?>
576			<a href="/firewall_aliases_edit.php?id=<?=$alias['dst']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true">
577			<?php endif; ?>
578			<?=htmlspecialchars(pprint_address($filterent['destination']['address']))?>
579			<?php if (isset($alias['dst'])): ?>
580			<i class='icon icon-pencil'></i></a>
581			<?php endif; ?>
582			</td>
583			<td>
584			<?php if (isset($alias['dstport'])): ?>
585			<a href="/firewall_aliases_edit.php?id=<?=$alias['dstport']?>" data-toggle="popover" data-trigger="hover focus" title="Alias details" data-content="<?=alias_info_popup($alias['dstport'])?>" data-html="true">
586			<?php endif; ?>
587			<?=htmlspecialchars(pprint_port($filterent['destination']['port']))?>
588			<?php if (isset($alias['dstport'])): ?>
589			<i class='icon icon-pencil'></i></a>
590			<?php endif; ?>
591			</td>
592			<td>
593			<?php if (isset($config['interfaces'][$filterent['gateway']]['descr'])):?>
594			<?=htmlspecialchars($config['interfaces'][$filterent['gateway']]['descr'])?>
595			<?php else: ?>
596			<?=htmlspecialchars(pprint_port($filterent['gateway']))?><a>
597			<?php endif; ?>
598			</td>
599			<td>
600			<?php
601			if (isset($filterent['ackqueue']) && isset($filterent['defaultqueue'])) {
602			$desc = $filterent['ackqueue'] ;
603			echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['ackqueue']}&action=show\">{$desc}</a>";
604			$desc = $filterent['defaultqueue'];
605			echo "/<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
606			} else if (isset($filterent['defaultqueue'])) {
607			$desc = $filterent['defaultqueue'];
608			echo "<a href=\"firewall_shaper_queues.php?queue={$filterent['defaultqueue']}&action=show\">{$desc}</a>";
609			} else
610			echo gettext("none");
611			?>
612			</td>
613			<td>
614			<?php if ($printicon) { ?><img src="./themes/<?= $g['theme'];?>/images/icons/<?=$image;?>.gif" title="<?=$alttext;?>" border="0" alt="icon" /><?php } ?>
615			<?=$schedule_span_begin;?><?=htmlspecialchars($filterent['sched']);?> <?=$schedule_span_end;?>
616			</td>
617			<?php
618			pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_descr_tr");
619			?>
620			<td>
621			<?=htmlspecialchars($filterent['descr']);?>
622			</td>
623			<td>
624	06966500	Sander van Leeuwen	<a href="firewall_rules_edit.php?id=<?=$i;?>" class="btn btn-xs btn-primary">edit</a>
625			<a href="firewall_rules_edit.php?dup=<?=$i;?>" class="btn btn-xs btn-default">copy</a>
626			<a href="?act=toggle&if=<?=htmlspecialchars($if);?>&id=<?=$i;?>" class="btn btn-xs btn-warning"><?=(isset($filterent['disabled']) ? 'enable' : 'disable')?></a>
627			<a href="?act=del&if=<?=htmlspecialchars($if);?>&id=<?=$i;?>" class="btn btn-xs btn-danger">delete</a>
628	56dda8e0	Renato Botelho	</td>
629			</tr>
630	3b2c83b8	Sjon Hortensius	<?php endfor;?>
631			</tbody>
632	d732f186	Bill Marquette	</table>
633	06966500	Sander van Leeuwen	</div>
634	3b2c83b8	Sjon Hortensius
635			<?php if ($nrules == 0): ?>
636			<div class="alert alert-warning" role="alert">
637	06966500	Sander van Leeuwen	<p>
638	3b2c83b8	Sjon Hortensius	<?php if ($_REQUEST['if'] == "FloatingRules"): ?>
639			<?=gettext("No floating rules are currently defined.");?>
640			<?php else: ?>
641			<?=gettext("No rules are currently defined for this interface");?><br />
642			<?=gettext("All incoming connections on this interface will be blocked until you add pass rules.");?>
643			<?php endif;?>
644	06966500	Sander van Leeuwen	<?=gettext("Click the button to add a new rule.");?>
645			</p>
646	3b2c83b8	Sjon Hortensius	</div>
647			<?php endif;?>
648
649	94404d94	Sander van Leeuwen	<nav class="action-buttons">
650			<a href="firewall_rules_edit.php?if=<?=htmlspecialchars($if);?>" role="button" class="btn btn-success">
651			<?=gettext("add new");?>
652			</a>
653	3b2c83b8	Sjon Hortensius	<?php if ($i > 0): ?>
654			<a href="#" role="button" class="btn btn-danger">
655	80169aa8	Sjon Hortensius	<?=gettext("delete selected");?>
656	3b2c83b8	Sjon Hortensius	</a>
657			<?php endif;?>
658	94404d94	Sander van Leeuwen	</nav>
659	3b2c83b8	Sjon Hortensius
660			<h2>Legend</h2>
661			<ul>
662			<li><i class="icon icon-ok"></i> <?=gettext("pass");?></li>
663			<li><i class="icon icon-filter"></i> <?=gettext("match");?></li>
664			<li><i class="icon icon-remove"></i> <?=gettext("block");?></li>
665			<li><i class="icon icon-fire"></i> <?=gettext("reject");?></li>
666			<li><i class="icon icon-tasks"></i> <?=gettext("log");?></li>
667			<li><i class="icon icon-cog"></i> <?=gettext("advanced filter");?></li>
668			</ul>
669
670			<p>
671			<?php if ("FloatingRules" != $if): ?>
672			<?=gettext("Rules are evaluated on a first-match basis (i.e. " .
673			"the action of the first rule to match a packet will be executed). " .
674			"This means that if you use block rules, you'll have to pay attention " .
675			"to the rule order. Everything that isn't explicitly passed is blocked " .
676			"by default. ");?>
677			<?php else: ?>
678			<?=gettext("Floating rules are evaluated on a first-match basis (i.e. " .
679			"the action of the first rule to match a packet will be executed) only " .
680			"if the 'quick' option is checked on a rule. Otherwise they will only apply if no " .
681			"other rules match. Pay close attention to the rule order and options " .
682			"chosen. If no rule here matches, the per-interface or default rules are used. ");?>
683			<?php endif;?>
684			</p>
685			<input type="hidden" name="if" value="<?=htmlspecialchars($if);?>" />
686	41ea4cf3	Sjon Hortensius	<?php include("foot.inc");?>

Project

General

Profile

pfSense