Revision f193cf92
Added by Simon Cornelius P. Umacob over 16 years ago
| usr/local/www/firewall_rules_edit.php | ||
|---|---|---|
| 40 | 40 |
|
| 41 | 41 |
|
| 42 | 42 |
require("guiconfig.inc");
|
| 43 |
require_once("IPv6.inc");
|
|
| 43 | 44 |
|
| 44 | 45 |
$specialsrcdst = explode(" ", "any wanip lanip lan pptp pppoe");
|
| 45 | 46 |
|
| ... | ... | |
| 91 | 92 |
if ($a_filter[$id]['protocol'] == "icmp") |
| 92 | 93 |
$pconfig['icmptype'] = $a_filter[$id]['icmptype']; |
| 93 | 94 |
|
| 95 |
if ($a_filter[$id]['protocol'] == "icmp6") |
|
| 96 |
$pconfig['icmp6type'] = $a_filter[$id]['icmp6type']; |
|
| 97 |
|
|
| 94 | 98 |
address_to_pconfig($a_filter[$id]['source'], $pconfig['src'], |
| 95 | 99 |
$pconfig['srcmask'], $pconfig['srcnot'], |
| 96 | 100 |
$pconfig['srcbeginport'], $pconfig['srcendport']); |
| ... | ... | |
| 156 | 160 |
unset($id); |
| 157 | 161 |
|
| 158 | 162 |
if ($_POST) {
|
| 159 |
|
|
| 160 |
if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp")
|
|
| 161 |
$input_errors[] = "Reject type rules only works when the protocol is set to TCP.";
|
|
| 163 |
if ($_POST['type'] == "reject" && !($_POST['proto'] == "tcp" || $_POST['proto'] == "tcp6")) {
|
|
| 164 |
$input_errors[] = "Reject type rules only works when the protocol is set to TCP or TCP6.";
|
|
| 165 |
}
|
|
| 162 | 166 |
|
| 163 | 167 |
if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) {
|
| 164 | 168 |
$_POST['srcbeginport'] = 0; |
| ... | ... | |
| 282 | 286 |
|
| 283 | 287 |
if (!is_specialnet($_POST['srctype'])) {
|
| 284 | 288 |
if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
|
| 285 |
$input_errors[] = "A valid source IP address or alias must be specified."; |
|
| 289 |
$input_errors[] = "A valid source IPv4/IPv6 address or alias must be specified.";
|
|
| 286 | 290 |
} |
| 287 | 291 |
if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
|
| 288 | 292 |
$input_errors[] = "A valid source bit count must be specified."; |
| ... | ... | |
| 290 | 294 |
} |
| 291 | 295 |
if (!is_specialnet($_POST['dsttype'])) {
|
| 292 | 296 |
if (($_POST['dst'] && !is_ipaddroranyalias($_POST['dst']))) {
|
| 293 |
$input_errors[] = "A valid destination IP address or alias must be specified."; |
|
| 297 |
$input_errors[] = "A valid destination IPv4/IPv6 address or alias must be specified.";
|
|
| 294 | 298 |
} |
| 295 | 299 |
if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
|
| 296 | 300 |
$input_errors[] = "A valid destination bit count must be specified."; |
| ... | ... | |
| 386 | 390 |
else |
| 387 | 391 |
unset($filterent['icmptype']); |
| 388 | 392 |
|
| 393 |
if ($_POST['proto'] == "icmp6" && $_POST['icmp6type']) |
|
| 394 |
$filterent['icmp6type'] = $_POST['icmp6type']; |
|
| 395 |
else |
|
| 396 |
unset($filterent['icmp6type']); |
|
| 397 |
|
|
| 389 | 398 |
pconfig_to_address($filterent['source'], $_POST['src'], |
| 390 | 399 |
$_POST['srcmask'], $_POST['srcnot'], |
| 391 | 400 |
$_POST['srcbeginport'], $_POST['srcendport']); |
| ... | ... | |
| 460 | 469 |
|
| 461 | 470 |
?> |
| 462 | 471 |
|
| 472 |
<script type="text/javascript" src="javascript/NetUtils.js"></script> |
|
| 473 |
|
|
| 463 | 474 |
</head> |
| 464 | 475 |
|
| 465 | 476 |
<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> |
| ... | ... | |
| 569 | 580 |
<td width="78%" class="vtable"> |
| 570 | 581 |
<select name="proto" class="formselect" onchange="proto_change()"> |
| 571 | 582 |
<?php |
| 572 |
$protocols = explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IGMP any carp pfsync");
|
|
| 583 |
$protocols = explode(" ", "TCP UDP TCP/UDP ICMP TCP6 UDP6 TCP6/UDP6 ICMP6 ESP AH GRE IGMP any carp pfsync");
|
|
| 573 | 584 |
foreach ($protocols as $proto): ?> |
| 574 | 585 |
<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option> |
| 575 | 586 |
<?php endforeach; ?> |
| ... | ... | |
| 611 | 622 |
<span class="vexpl">If you selected ICMP for the protocol above, you may specify an ICMP type here.</span> |
| 612 | 623 |
</td> |
| 613 | 624 |
</tr> |
| 625 |
<tr id="icmp6box" name="icmp6box"> |
|
| 626 |
<td valign="top" class="vncell">ICMP6 type</td> |
|
| 627 |
<td class="vtable"> |
|
| 628 |
<select name="icmp6type" class="formselect"> |
|
| 629 |
<?php |
|
| 630 |
$icmp6types = array( |
|
| 631 |
"unreach" => "Destination unreachable", |
|
| 632 |
"toobig" => "Packet too big", |
|
| 633 |
"timex" => "Time exceeded", |
|
| 634 |
"parampro" => "Invalid IPv6 header", |
|
| 635 |
"echoreq" => "Echo service request", |
|
| 636 |
"echorep" => "Echo service reply", |
|
| 637 |
"groupqry" => "Group membership query", |
|
| 638 |
"listqry" => "Multicast listener query", |
|
| 639 |
"grouprep" => "Group membership report", |
|
| 640 |
"listenrep" => "Multicast listener report", |
|
| 641 |
"groupterm" => "Group membership termination", |
|
| 642 |
"listendone" => "Multicast listerner done", |
|
| 643 |
"routersol" => "Router solicitation", |
|
| 644 |
"routeradv" => "Router advertisement", |
|
| 645 |
"neighbrsol" => "Neighbor solicitation", |
|
| 646 |
"neighbradv" => "Neighbor advertisement", |
|
| 647 |
"redir" => "Shorter route exists", |
|
| 648 |
"routrrenum" => "Route renumbering", |
|
| 649 |
"fqdnreq" => "FQDN query", |
|
| 650 |
"niqry" => "Node information query", |
|
| 651 |
"wrureq" => "Who-are-you request", |
|
| 652 |
"fqdnrep" => "FQDN reply", |
|
| 653 |
"nirep" => "Node information reply", |
|
| 654 |
"wrurep" => "Who-are-you reply", |
|
| 655 |
"mtraceresp" => "mtrace response", |
|
| 656 |
"mtrace" => "mtrace messages" |
|
| 657 |
); |
|
| 658 |
?> |
|
| 659 |
|
|
| 660 |
<?php foreach ($icmp6types as $icmp6type => $descr): ?> |
|
| 661 |
<option value="<?=$icmp6type;?>" <?php if ($icmp6type == $pconfig['icmp6type']) echo "selected"; ?>><?=htmlspecialchars($descr);?></option> |
|
| 662 |
<?php endforeach; ?> |
|
| 663 |
|
|
| 664 |
</select> |
|
| 665 |
<br /> |
|
| 666 |
<span class="vexpl">If you selected ICMP6 for the protocol above, you may specify an ICMP6 type here.</span> |
|
| 667 |
</td> |
|
| 668 |
</tr> |
|
| 614 | 669 |
<tr> |
| 615 | 670 |
<td width="22%" valign="top" class="vncellreq">Source</td> |
| 616 | 671 |
<td width="78%" class="vtable"> |
| ... | ... | |
| 625 | 680 |
<td>Type: </td> |
| 626 | 681 |
<td> |
| 627 | 682 |
<select name="srctype" class="formselect" onChange="typesel_change()"> |
| 628 |
<?php |
|
| 629 |
$sel = is_specialnet($pconfig['src']); ?> |
|
| 683 |
<?php |
|
| 684 |
$sel_host = false; |
|
| 685 |
$sel_v4 = false; |
|
| 686 |
$sel_v6 = false; |
|
| 687 |
|
|
| 688 |
$sel = is_specialnet($pconfig['src']); |
|
| 689 |
|
|
| 690 |
if (is_ipaddr($pconfig['src']) && !$sel) {
|
|
| 691 |
if ($pconfig['srcmask'] == 32) {
|
|
| 692 |
$sel_host = true; |
|
| 693 |
} else {
|
|
| 694 |
$sel_v4 = true; |
|
| 695 |
} |
|
| 696 |
} else if (Net_IPv6::checkIPv6($pconfig['src']) && !$sel) {
|
|
| 697 |
if ($pconfig['srcmask'] == 128) {
|
|
| 698 |
$sel_host = true; |
|
| 699 |
} else {
|
|
| 700 |
$sel_v6 = true; |
|
| 701 |
} |
|
| 702 |
} |
|
| 703 |
?> |
|
| 630 | 704 |
<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>>any</option>
|
| 631 |
<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
|
|
| 632 |
<option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> |
|
| 705 |
<option value="single" <?php if ($sel_host) echo "selected"; ?>>Single host or alias</option> |
|
| 706 |
<option value="network" <?php if ($sel_v4) echo "selected"; ?>>IPv4 Network</option> |
|
| 707 |
<option value="network_ipv6" <?php if ($sel_v6) echo "selected"; ?>>IPv6 Network</option> |
|
| 633 | 708 |
<?php if(have_ruleint_access("wan")): ?>
|
| 634 | 709 |
<option value="wanip" <?php if ($pconfig['src'] == "wanip") { echo "selected"; } ?>>WAN address</option>
|
| 635 | 710 |
<?php endif; ?> |
| ... | ... | |
| 753 | 828 |
<td>Type: </td> |
| 754 | 829 |
<td> |
| 755 | 830 |
<select name="dsttype" class="formselect" onChange="typesel_change()"> |
| 756 |
<?php |
|
| 757 |
$sel = is_specialnet($pconfig['dst']); ?> |
|
| 831 |
<?php |
|
| 832 |
$sel_host = false; |
|
| 833 |
$sel_v4 = false; |
|
| 834 |
$sel_v6 = false; |
|
| 835 |
|
|
| 836 |
$sel = is_specialnet($pconfig['src']); |
|
| 837 |
|
|
| 838 |
if (is_ipaddr($pconfig['src']) && !$sel) {
|
|
| 839 |
if ($pconfig['dstmask'] == 32) {
|
|
| 840 |
$sel_host = true; |
|
| 841 |
} else {
|
|
| 842 |
$sel_v4 = true; |
|
| 843 |
} |
|
| 844 |
} else if (Net_IPv6::checkIPv6($pconfig['src']) && !$sel) {
|
|
| 845 |
if ($pconfig['dstmask'] == 128) {
|
|
| 846 |
$sel_host = true; |
|
| 847 |
} else {
|
|
| 848 |
$sel_v6 = true; |
|
| 849 |
} |
|
| 850 |
} |
|
| 851 |
?> |
|
| 758 | 852 |
<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>>any</option>
|
| 759 |
<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>>Single host or alias</option>
|
|
| 760 |
<option value="network" <?php if (!$sel) echo "selected"; ?>>Network</option> |
|
| 853 |
<option value="single" <?php if ($sel_host) echo "selected"; ?>>Single host or alias</option> |
|
| 854 |
<option value="network" <?php if ($sel_v4) echo "selected"; ?>>IPv4 Network</option> |
|
| 855 |
<option value="network_ipv6" <?php if ($sel_v6) echo "selected"; ?>>IPv6 Network</option> |
|
| 761 | 856 |
<?php if(have_ruleint_access("wan")): ?>
|
| 762 | 857 |
<option value="wanip" <?php if ($pconfig['dst'] == "wanip") { echo "selected"; } ?>>WAN address</option>
|
| 763 | 858 |
<?php endif; ?> |
Also available in: Unified diff
Merge IPv6 changes