Revision f8fee2ce
Added by Renato Botelho over 12 years ago
| usr/local/www/firewall_rules_edit.php | ||
|---|---|---|
| 3 | 3 |
/* |
| 4 | 4 |
firewall_rules_edit.php |
| 5 | 5 |
part of pfSense (http://www.pfsense.com) |
| 6 |
Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
|
|
| 6 |
Copyright (C) 2005 Scott Ullrich (sullrich@gmail.com)
|
|
| 7 | 7 |
|
| 8 | 8 |
originally part of m0n0wall (http://m0n0.ch/wall) |
| 9 | 9 |
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. |
| ... | ... | |
| 91 | 91 |
|
| 92 | 92 |
if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") {
|
| 93 | 93 |
$pconfig['floating'] = $a_filter[$id]['floating']; |
| 94 |
if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "")
|
|
| 94 |
if (isset($a_filter[$id]['interface']) && $a_filter[$id]['interface'] <> "") |
|
| 95 | 95 |
$pconfig['interface'] = $a_filter[$id]['interface']; |
| 96 | 96 |
} |
| 97 |
|
|
| 98 |
if (isset($a_filter['floating']))
|
|
| 97 |
|
|
| 98 |
if (isset($a_filter['floating'])) |
|
| 99 | 99 |
$pconfig['floating'] = "yes"; |
| 100 | 100 |
|
| 101 | 101 |
if (isset($a_filter[$id]['direction'])) |
| 102 |
$pconfig['direction'] = $a_filter[$id]['direction'];
|
|
| 102 |
$pconfig['direction'] = $a_filter[$id]['direction'];
|
|
| 103 | 103 |
|
| 104 | 104 |
if (isset($a_filter[$id]['ipprotocol'])) |
| 105 |
$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
|
|
| 105 |
$pconfig['ipprotocol'] = $a_filter[$id]['ipprotocol'];
|
|
| 106 | 106 |
|
| 107 | 107 |
if (isset($a_filter[$id]['protocol'])) |
| 108 | 108 |
$pconfig['proto'] = $a_filter[$id]['protocol']; |
| ... | ... | |
| 133 | 133 |
if (isset($a_filter[$id]['tcpflags_any'])) |
| 134 | 134 |
$pconfig['tcpflags_any'] = true; |
| 135 | 135 |
else {
|
| 136 |
if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "")
|
|
| 136 |
if (isset($a_filter[$id]['tcpflags1']) && $a_filter[$id]['tcpflags1'] <> "") |
|
| 137 | 137 |
$pconfig['tcpflags1'] = $a_filter[$id]['tcpflags1']; |
| 138 |
if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "")
|
|
| 138 |
if (isset($a_filter[$id]['tcpflags2']) && $a_filter[$id]['tcpflags2'] <> "") |
|
| 139 | 139 |
$pconfig['tcpflags2'] = $a_filter[$id]['tcpflags2']; |
| 140 | 140 |
} |
| 141 | 141 |
|
| 142 |
if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "")
|
|
| 142 |
if (isset($a_filter[$id]['tag']) && $a_filter[$id]['tag'] <> "") |
|
| 143 | 143 |
$pconfig['tag'] = $a_filter[$id]['tag']; |
| 144 | 144 |
if (isset($a_filter[$id]['tagged']) && $a_filter[$id]['tagged'] <> "") |
| 145 |
$pconfig['tagged'] = $a_filter[$id]['tagged'];
|
|
| 145 |
$pconfig['tagged'] = $a_filter[$id]['tagged'];
|
|
| 146 | 146 |
if (isset($a_filter[$id]['quick']) && $a_filter[$id]['quick']) |
| 147 | 147 |
$pconfig['quick'] = $a_filter[$id]['quick']; |
| 148 | 148 |
if (isset($a_filter[$id]['allowopts'])) |
| ... | ... | |
| 167 | 167 |
|
| 168 | 168 |
/* Multi-WAN next-hop support */ |
| 169 | 169 |
$pconfig['gateway'] = $a_filter[$id]['gateway']; |
| 170 |
|
|
| 170 |
|
|
| 171 | 171 |
/* Shaper support */ |
| 172 | 172 |
$pconfig['defaultqueue'] = (($a_filter[$id]['ackqueue'] == "none") ? '' : $a_filter[$id]['defaultqueue']); |
| 173 | 173 |
$pconfig['ackqueue'] = (($a_filter[$id]['ackqueue'] == "none") ? '' : $a_filter[$id]['ackqueue']); |
| ... | ... | |
| 330 | 330 |
if(($_POST['statetype'] == "synproxy state") && ($_POST['gateway'] != "")) |
| 331 | 331 |
$input_errors[] = sprintf(gettext("%s is only valid if the gateway is set to 'default'."),$_POST['statetype']);
|
| 332 | 332 |
} |
| 333 |
|
|
| 333 |
|
|
| 334 | 334 |
if ( isset($a_filter[$id]['associated-rule-id'])===false && |
| 335 | 335 |
(!(is_specialnet($_POST['srctype']) || ($_POST['srctype'] == "single"))) ) {
|
| 336 | 336 |
$reqdfields[] = "srcmask"; |
| ... | ... | |
| 354 | 354 |
} |
| 355 | 355 |
|
| 356 | 356 |
if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport'])) |
| 357 |
$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
|
|
| 357 |
$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcbeginposrt']);
|
|
| 358 | 358 |
if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport'])) |
| 359 | 359 |
$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."),$_POST['srcendport']);
|
| 360 | 360 |
if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport'])) |
| ... | ... | |
| 367 | 367 |
if ( $_POST['srcbeginport_cust'] && $_POST['srcendport_cust']){
|
| 368 | 368 |
if (is_alias($_POST['srcendport_cust']) && is_alias($_POST['srcendport_cust']) && $_POST['srcbeginport_cust'] != $_POST['srcendport_cust']) |
| 369 | 369 |
$input_errors[] = 'The same port alias must be used in Source port range from: and to: fields'; |
| 370 |
if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) ||
|
|
| 371 |
((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust'])))
|
|
| 370 |
if ((is_alias($_POST['srcbeginport_cust']) && (!is_alias($_POST['srcendport_cust']) && $_POST['srcendport_cust']!='')) || |
|
| 371 |
((!is_alias($_POST['srcbeginport_cust']) && $_POST['srcbeginport_cust']!='') && is_alias($_POST['srcendport_cust']))) |
|
| 372 | 372 |
$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Source port range from: and to: field'; |
| 373 | 373 |
} |
| 374 | 374 |
if ( !$_POST['dstbeginport_cust'] && $_POST['dstendport_cust']) |
| ... | ... | |
| 377 | 377 |
if ( $_POST['dstbeginport_cust'] && $_POST['dstendport_cust']){
|
| 378 | 378 |
if (is_alias($_POST['dstendport_cust']) && is_alias($_POST['dstendport_cust']) && $_POST['dstbeginport_cust'] != $_POST['dstendport_cust']) |
| 379 | 379 |
$input_errors[] = 'The same port alias must be used in Destination port range from: and to: fields'; |
| 380 |
if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) ||
|
|
| 381 |
((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust'])))
|
|
| 380 |
if ((is_alias($_POST['dstbeginport_cust']) && (!is_alias($_POST['dstendport_cust']) && $_POST['dstendport_cust']!='')) || |
|
| 381 |
((!is_alias($_POST['dstbeginport_cust']) && $_POST['dstbeginport_cust']!='') && is_alias($_POST['dstendport_cust']))) |
|
| 382 | 382 |
$input_errors[] = 'You cannot specify numbers and port aliases at the same time in Destination port range from: and to: field'; |
| 383 | 383 |
} |
| 384 | 384 |
|
| ... | ... | |
| 445 | 445 |
if ($_POST['defaultqueue'] == "" ) |
| 446 | 446 |
$input_errors[] = gettext("You have to select a queue when you select an acknowledge queue too.");
|
| 447 | 447 |
else if ($_POST['ackqueue'] == $_POST['defaultqueue']) |
| 448 |
$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
|
|
| 448 |
$input_errors[] = gettext("Acknowledge queue and Queue cannot be the same.");
|
|
| 449 | 449 |
} |
| 450 | 450 |
if (isset($_POST['floating']) && $_POST['pdnpipe'] != "" && (empty($_POST['direction']) || $_POST['direction'] == "any")) |
| 451 | 451 |
$input_errors[] = gettext("You can not use limiters in Floating rules without choosing a direction.");
|
| ... | ... | |
| 458 | 458 |
$input_errors[] = gettext("In and Out Queue cannot be the same.");
|
| 459 | 459 |
else if ($dnqlist[$_POST['pdnpipe']][0] == "?" && $dnqlist[$_POST['dnpipe']][0] <> "?") |
| 460 | 460 |
$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
|
| 461 |
else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?")
|
|
| 461 |
else if ($dnqlist[$_POST['dnpipe']][0] == "?" && $dnqlist[$_POST['pdnpipe']][0] <> "?") |
|
| 462 | 462 |
$input_errors[] = gettext("You cannot select one queue and one virtual interface for IN and Out. both must be from the same type.");
|
| 463 | 463 |
if ($_POST['direction'] == "out" && empty($_POST['gateway'])) |
| 464 | 464 |
$input_errors[] = gettext("Please select a gateway, normaly the interface selected gateway, so the limiters work correctly");
|
| ... | ... | |
| 485 | 485 |
$input_errors[] = gettext("If you specify TCP flags that should be set you should specify out of which flags as well.");
|
| 486 | 486 |
} |
| 487 | 487 |
|
| 488 |
// Allow extending of the firewall edit page and include custom input validation
|
|
| 488 |
// Allow extending of the firewall edit page and include custom input validation |
|
| 489 | 489 |
pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/input_validation");
|
| 490 | 490 |
|
| 491 | 491 |
if (!$input_errors) {
|
| ... | ... | |
| 597 | 597 |
if ($_POST['gateway'] != "") {
|
| 598 | 598 |
$filterent['gateway'] = $_POST['gateway']; |
| 599 | 599 |
} |
| 600 |
|
|
| 600 |
|
|
| 601 | 601 |
if ($_POST['defaultqueue'] != "") {
|
| 602 | 602 |
$filterent['defaultqueue'] = $_POST['defaultqueue']; |
| 603 | 603 |
if ($_POST['ackqueue'] != "") |
| ... | ... | |
| 613 | 613 |
if ($_POST['l7container'] != "") {
|
| 614 | 614 |
$filterent['l7container'] = $_POST['l7container']; |
| 615 | 615 |
} |
| 616 |
|
|
| 616 |
|
|
| 617 | 617 |
if ($_POST['sched'] != "") {
|
| 618 | 618 |
$filterent['sched'] = $_POST['sched']; |
| 619 | 619 |
} |
| ... | ... | |
| 647 | 647 |
|
| 648 | 648 |
$filterent['updated'] = make_config_revision_entry(); |
| 649 | 649 |
|
| 650 |
// Allow extending of the firewall edit page and include custom input validation
|
|
| 650 |
// Allow extending of the firewall edit page and include custom input validation |
|
| 651 | 651 |
pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
|
| 652 | 652 |
|
| 653 | 653 |
if (isset($id) && $a_filter[$id]) |
| ... | ... | |
| 698 | 698 |
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall rules edit"> |
| 699 | 699 |
<tr> |
| 700 | 700 |
<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Firewall rule");?></td>
|
| 701 |
</tr>
|
|
| 701 |
</tr> |
|
| 702 | 702 |
<?php |
| 703 |
// Allow extending of the firewall edit page and include custom input validation
|
|
| 703 |
// Allow extending of the firewall edit page and include custom input validation |
|
| 704 | 704 |
pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
|
| 705 | 705 |
?> |
| 706 |
<tr>
|
|
| 706 |
<tr>
|
|
| 707 | 707 |
<td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td>
|
| 708 | 708 |
<td width="78%" class="vtable"> |
| 709 | 709 |
<select name="type" class="formselect"> |
| ... | ... | |
| 719 | 719 |
<br/> |
| 720 | 720 |
<span class="vexpl"> |
| 721 | 721 |
<?=gettext("Choose what to do with packets that match the criteria specified below.");?> <br/>
|
| 722 |
<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
|
|
| 722 |
<?=gettext("Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.");?>
|
|
| 723 | 723 |
</span> |
| 724 | 724 |
</td> |
| 725 | 725 |
</tr> |
| ... | ... | |
| 778 | 778 |
<select name="interface[]" title="Select interfaces..." multiple="multiple" style="width:350px;" class="chzn-select" tabindex="2" <?=$edit_disabled;?>> |
| 779 | 779 |
<?php else: ?> |
| 780 | 780 |
<select name="interface" class="formselect" <?=$edit_disabled;?>> |
| 781 |
<?php |
|
| 782 |
endif; |
|
| 781 |
<?php endif; |
|
| 783 | 782 |
/* add group interfaces */ |
| 784 | 783 |
if (is_array($config['ifgroups']['ifgroupentry'])) |
| 785 | 784 |
foreach($config['ifgroups']['ifgroupentry'] as $ifgen) |
| 786 | 785 |
if (have_ruleint_access($ifgen['ifname'])) |
| 787 | 786 |
$interfaces[$ifgen['ifname']] = $ifgen['ifname']; |
| 788 | 787 |
$ifdescs = get_configured_interface_with_descr(); |
| 789 |
// Allow extending of the firewall edit page and include custom input validation
|
|
| 788 |
// Allow extending of the firewall edit page and include custom input validation |
|
| 790 | 789 |
pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_interfaces_edit");
|
| 791 | 790 |
foreach ($ifdescs as $ifent => $ifdesc) |
| 792 | 791 |
if(have_ruleint_access($ifent)) |
| ... | ... | |
| 795 | 794 |
if(have_ruleint_access("l2tp"))
|
| 796 | 795 |
$interfaces['l2tp'] = "L2TP VPN"; |
| 797 | 796 |
if ($config['pptpd']['mode'] == "server") |
| 798 |
if(have_ruleint_access("pptp"))
|
|
| 797 |
if(have_ruleint_access("pptp"))
|
|
| 799 | 798 |
$interfaces['pptp'] = "PPTP VPN"; |
| 800 |
|
|
| 799 |
|
|
| 801 | 800 |
if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
|
| 802 | 801 |
$interfaces['pppoe'] = "PPPoE VPN"; |
| 803 | 802 |
/* add ipsec interfaces */ |
| 804 | 803 |
if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) |
| 805 |
if(have_ruleint_access("enc0"))
|
|
| 804 |
if(have_ruleint_access("enc0"))
|
|
| 806 | 805 |
$interfaces["enc0"] = "IPsec"; |
| 807 | 806 |
/* add openvpn/tun interfaces */ |
| 808 | 807 |
if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) |
| ... | ... | |
| 829 | 828 |
foreach ($directions as $direction): ?> |
| 830 | 829 |
<option value="<?=$direction;?>" |
| 831 | 830 |
<?php if ($direction == $pconfig['direction']): ?> |
| 832 |
selected="selected"
|
|
| 831 |
selected="selected" |
|
| 833 | 832 |
<?php endif; ?> |
| 834 | 833 |
><?=$direction;?></option> |
| 835 |
<?php endforeach; ?>
|
|
| 834 |
<?php endforeach; ?> |
|
| 836 | 835 |
</select> |
| 837 | 836 |
<input type="hidden" id="floating" name="floating" value="floating" /> |
| 838 | 837 |
</td> |
| ... | ... | |
| 846 | 845 |
foreach ($ipproto as $proto => $name): ?> |
| 847 | 846 |
<option value="<?=$proto;?>" |
| 848 | 847 |
<?php if ($proto == $pconfig['ipprotocol']): ?> |
| 849 |
selected="selected"
|
|
| 848 |
selected="selected" |
|
| 850 | 849 |
<?php endif; ?> |
| 851 | 850 |
><?=$name;?></option> |
| 852 |
<?php endforeach; ?>
|
|
| 851 |
<?php endforeach; ?> |
|
| 853 | 852 |
</select> |
| 854 | 853 |
<strong><?=gettext("Select the Internet Protocol version this rule applies to");?></strong><br />
|
| 855 | 854 |
</td> |
| ... | ... | |
| 922 | 921 |
<?php if (!$sel && |
| 923 | 922 |
((is_ipaddrv6($pconfig['src']) && $pconfig['srcmask'] == 128) || |
| 924 | 923 |
(is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] == 32) || is_alias($pconfig['src']))) |
| 925 |
{ echo "selected=\"selected\""; $sel = 1; }
|
|
| 924 |
{ echo "selected=\"selected\""; $sel = 1; }
|
|
| 926 | 925 |
?> |
| 927 | 926 |
> <?=gettext("Single host or alias");?></option>
|
| 928 | 927 |
<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network");?></option>
|
| ... | ... | |
| 931 | 930 |
<?php endif; ?> |
| 932 | 931 |
<?php if(have_ruleint_access("pppoe")): ?>
|
| 933 | 932 |
<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option>
|
| 934 |
<?php endif; ?>
|
|
| 935 |
<?php if(have_ruleint_access("l2tp")): ?>
|
|
| 936 |
<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option>
|
|
| 937 |
<?php endif; ?>
|
|
| 933 |
<?php endif; ?> |
|
| 934 |
<?php if(have_ruleint_access("l2tp")): ?>
|
|
| 935 |
<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option>
|
|
| 936 |
<?php endif; ?>
|
|
| 938 | 937 |
<?php |
| 939 | 938 |
foreach ($ifdisp as $ifent => $ifdesc): ?> |
| 940 | 939 |
<?php if(have_ruleint_access($ifent)): ?> |
| ... | ... | |
| 1031 | 1030 |
<?php endif; ?> |
| 1032 | 1031 |
<?php if(have_ruleint_access("pppoe")): ?>
|
| 1033 | 1032 |
<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients");?></option>
|
| 1034 |
<?php endif; ?>
|
|
| 1033 |
<?php endif; ?> |
|
| 1035 | 1034 |
<?php if(have_ruleint_access("l2tp")): ?>
|
| 1036 |
<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option>
|
|
| 1037 |
<?php endif; ?>
|
|
| 1035 |
<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients");?></option>
|
|
| 1036 |
<?php endif; ?>
|
|
| 1038 | 1037 |
|
| 1039 | 1038 |
<?php foreach ($ifdisp as $if => $ifdesc): ?> |
| 1040 | 1039 |
<?php if(have_ruleint_access($if)): ?> |
| ... | ... | |
| 1054 | 1053 |
/ |
| 1055 | 1054 |
<select <?=$edit_disabled;?> name="dstmask" class="formselect ipv4v6" id="dstmask"> |
| 1056 | 1055 |
<?php |
| 1057 |
for ($i = 127; $i > 0;
|
|
| 1056 |
for ($i = 127; $i > 0; |
|
| 1058 | 1057 |
$i--): ?> |
| 1059 | 1058 |
<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> |
| 1060 | 1059 |
<?php endfor; ?> |
| ... | ... | |
| 1138 | 1137 |
</tr> |
| 1139 | 1138 |
<tr> |
| 1140 | 1139 |
<td colspan="2" valign="top" class="listtopic"><?=gettext("Advanced features");?></td>
|
| 1141 |
</tr>
|
|
| 1140 |
</tr> |
|
| 1142 | 1141 |
<tr> |
| 1143 | 1142 |
<td width="22%" valign="top" class="vncell"><?=gettext("Source OS");?></td>
|
| 1144 | 1143 |
<td width="78%" class="vtable"> |
| ... | ... | |
| 1150 | 1149 |
<select name="os" id="os" class="formselect"> |
| 1151 | 1150 |
<?php |
| 1152 | 1151 |
$ostypes = array( |
| 1153 |
"" => gettext("any"),
|
|
| 1152 |
"" => gettext("any"),
|
|
| 1154 | 1153 |
"AIX" => "AIX", |
| 1155 | 1154 |
"Linux" => "Linux", |
| 1156 | 1155 |
"FreeBSD" => "FreeBSD", |
| ... | ... | |
| 1161 | 1160 |
"Windows" => "Windows", |
| 1162 | 1161 |
"Novell" => "Novell", |
| 1163 | 1162 |
"NMAP" => "NMAP" |
| 1164 |
);
|
|
| 1163 |
);
|
|
| 1165 | 1164 |
foreach ($ostypes as $ostype => $descr): ?> |
| 1166 | 1165 |
<option value="<?=$ostype;?>" <?php if ($ostype == $pconfig['os']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($descr);?></option> |
| 1167 | 1166 |
<?php |
| 1168 |
endforeach;
|
|
| 1167 |
endforeach; |
|
| 1169 | 1168 |
?> |
| 1170 | 1169 |
</select> |
| 1171 | 1170 |
<br /> |
| ... | ... | |
| 1226 | 1225 |
<?=gettext("State Timeout in seconds");?>
|
| 1227 | 1226 |
</p> |
| 1228 | 1227 |
<p><strong><?=gettext("Note: Leave fields blank to disable that feature.");?></strong></p>
|
| 1229 |
</div>
|
|
| 1228 |
</div> |
|
| 1230 | 1229 |
</td> |
| 1231 | 1230 |
</tr> |
| 1232 |
<tr id="tcpflags">
|
|
| 1231 |
<tr id="tcpflags"> |
|
| 1233 | 1232 |
<td width="22%" valign="top" class="vncell"><?=gettext("TCP flags");?></td>
|
| 1234 | 1233 |
<td width="78%" class="vtable"> |
| 1235 | 1234 |
<div id="showtcpflagsbox" <?php if ($pconfig['tcpflags_any'] || $pconfig['tcpflags1'] || $pconfig['tcpflags2']) echo "style='display:none'"; ?>> |
| 1236 |
<input type="button" onclick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
|
|
| 1237 |
</div>
|
|
| 1238 |
<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
|
|
| 1235 |
<input type="button" onclick="show_advanced_tcpflags()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
|
|
| 1236 |
</div>
|
|
| 1237 |
<div id="showtcpflagsadv" <?php if (empty($pconfig['tcpflags_any']) && empty($pconfig['tcpflags1']) && empty($pconfig['tcpflags2'])) echo "style='display:none'"; ?>>
|
|
| 1239 | 1238 |
<div id="tcpheader" align="center"> |
| 1240 | 1239 |
<table border="0" cellspacing="0" cellpadding="0"> |
| 1241 |
<?php
|
|
| 1240 |
<?php |
|
| 1242 | 1241 |
$setflags = explode(",", $pconfig['tcpflags1']);
|
| 1243 | 1242 |
$outofflags = explode(",", $pconfig['tcpflags2']);
|
| 1244 | 1243 |
$header = "<td width='40' class='nowrap'></td>"; |
| ... | ... | |
| 1264 | 1263 |
<br/><center> |
| 1265 | 1264 |
<input onclick='tcpflags_anyclick(this);' type='checkbox' name='tcpflags_any' value='on' <?php if ($pconfig['tcpflags_any']) echo "checked=\"checked\""; ?> /><strong><?=gettext("Any flags.");?></strong><br/></center>
|
| 1266 | 1265 |
<br/> |
| 1267 |
<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
|
|
| 1266 |
<span class="vexpl"><?=gettext("Use this to choose TCP flags that must ".
|
|
| 1268 | 1267 |
"be set or cleared for this rule to match.");?></span> |
| 1269 | 1268 |
</div> |
| 1270 | 1269 |
</td> |
| ... | ... | |
| 1288 | 1287 |
<tr><td width="25%"><ul><li><?=gettext("synproxy state");?></li></ul></td><td><?=gettext("Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.");?></td></tr>
|
| 1289 | 1288 |
<tr><td width="25%"><ul><li><?=gettext("none");?></li></ul></td><td><?=gettext("Do not use state mechanisms to keep track. This is only useful if you're doing advanced queueing in certain situations. Please check the documentation.");?></td></tr>
|
| 1290 | 1289 |
</table> |
| 1291 |
</div>
|
|
| 1290 |
</div>
|
|
| 1292 | 1291 |
</td> |
| 1293 | 1292 |
</tr> |
| 1294 | 1293 |
<tr> |
| ... | ... | |
| 1405 | 1404 |
continue; |
| 1406 | 1405 |
if(($pconfig['ipprotocol'] == "inet") && !(($gw['ipprotocol'] == "inet") || (is_ipaddrv4($gw['gateway'])))) |
| 1407 | 1406 |
continue; |
| 1408 |
if($gw == "")
|
|
| 1407 |
if($gw == "") |
|
| 1409 | 1408 |
continue; |
| 1410 | 1409 |
if($gwname == $pconfig['gateway']) {
|
| 1411 | 1410 |
$selected = " selected=\"selected\""; |
| ... | ... | |
| 1462 | 1461 |
$dnqselected = 1; |
| 1463 | 1462 |
echo " selected=\"selected\""; |
| 1464 | 1463 |
} |
| 1465 |
echo ">{$dnq}</option>";
|
|
| 1464 |
echo ">{$dnq}</option>";
|
|
| 1466 | 1465 |
} |
| 1467 | 1466 |
?> |
| 1468 |
</select> /
|
|
| 1467 |
</select> / |
|
| 1469 | 1468 |
<select name="pdnpipe"> |
| 1470 | 1469 |
<?php |
| 1471 | 1470 |
$dnqselected = 0; |
| ... | ... | |
| 1480 | 1479 |
$dnqselected = 1; |
| 1481 | 1480 |
echo " selected=\"selected\""; |
| 1482 | 1481 |
} |
| 1483 |
echo ">{$dnq}</option>";
|
|
| 1482 |
echo ">{$dnq}</option>";
|
|
| 1484 | 1483 |
} |
| 1485 | 1484 |
?> |
| 1486 | 1485 |
</select> |
| ... | ... | |
| 1515 | 1514 |
if (isset($ifdisp[$q])) |
| 1516 | 1515 |
echo ">{$ifdisp[$q]}</option>";
|
| 1517 | 1516 |
else |
| 1518 |
echo ">{$q}</option>";
|
|
| 1517 |
echo ">{$q}</option>";
|
|
| 1519 | 1518 |
} |
| 1520 | 1519 |
?> |
| 1521 |
</select> /
|
|
| 1520 |
</select> / |
|
| 1522 | 1521 |
<select name="defaultqueue"> |
| 1523 | 1522 |
<?php |
| 1524 | 1523 |
$qselected = 0; |
| ... | ... | |
| 1536 | 1535 |
if (isset($ifdisp[$q])) |
| 1537 | 1536 |
echo ">{$ifdisp[$q]}</option>";
|
| 1538 | 1537 |
else |
| 1539 |
echo ">{$q}</option>";
|
|
| 1538 |
echo ">{$q}</option>";
|
|
| 1540 | 1539 |
} |
| 1541 | 1540 |
?> |
| 1542 | 1541 |
</select> |
| ... | ... | |
| 1552 | 1551 |
<input type="button" onclick="show_advanced_layer7()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
|
| 1553 | 1552 |
</div> |
| 1554 | 1553 |
<div id="showlayer7adv" <?php if (empty($pconfig['l7container'])) echo "style='display:none'"; ?>> |
| 1555 |
<select name="l7container"> |
|
| 1554 |
<select name="l7container">
|
|
| 1556 | 1555 |
<?php |
| 1557 |
if (!is_array($l7clist)) |
|
| 1558 |
$l7clist = array(); |
|
| 1559 |
echo "<option value=\"\""; |
|
| 1560 |
echo " >none</option>"; |
|
| 1561 |
foreach ($l7clist as $l7ckey) {
|
|
| 1562 |
echo "<option value=\"{$l7ckey}\"";
|
|
| 1563 |
if ($l7ckey == $pconfig['l7container']) {
|
|
| 1564 |
echo " selected=\"selected\""; |
|
| 1556 |
if (!is_array($l7clist)) |
|
| 1557 |
$l7clist = array(); |
|
| 1558 |
echo "<option value=\"\""; |
|
| 1559 |
echo " >none</option>"; |
|
| 1560 |
foreach ($l7clist as $l7ckey) {
|
|
| 1561 |
echo "<option value=\"{$l7ckey}\"";
|
|
| 1562 |
if ($l7ckey == $pconfig['l7container']) {
|
|
| 1563 |
echo " selected=\"selected\""; |
|
| 1564 |
} |
|
| 1565 |
echo ">{$l7ckey}</option>";
|
|
| 1565 | 1566 |
} |
| 1566 |
echo ">{$l7ckey}</option>";
|
|
| 1567 |
} |
|
| 1568 | 1567 |
?> |
| 1569 |
</select>
|
|
| 1570 |
<br/> |
|
| 1571 |
<span class="vexpl"> |
|
| 1572 |
<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
|
|
| 1573 |
"These are valid for TCP and UDP protocols only.");?> |
|
| 1574 |
</span> |
|
| 1575 |
</div>
|
|
| 1576 |
</td> |
|
| 1577 |
</tr> |
|
| 1568 |
</select>
|
|
| 1569 |
<br/>
|
|
| 1570 |
<span class="vexpl">
|
|
| 1571 |
<?=gettext("Choose a Layer7 container to apply application protocol inspection rules. " .
|
|
| 1572 |
"These are valid for TCP and UDP protocols only.");?>
|
|
| 1573 |
</span>
|
|
| 1574 |
</div>
|
|
| 1575 |
</td>
|
|
| 1576 |
</tr>
|
|
| 1578 | 1577 |
<?php |
| 1579 |
// Allow extending of the firewall edit page and include custom input validation
|
|
| 1578 |
// Allow extending of the firewall edit page and include custom input validation |
|
| 1580 | 1579 |
pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphplate");
|
| 1581 | 1580 |
?> |
| 1582 | 1581 |
<?php |
| ... | ... | |
| 1633 | 1632 |
var customarray = <?= json_encode(get_alias_list("port")) ?>;
|
| 1634 | 1633 |
|
| 1635 | 1634 |
var oTextbox1 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
|
| 1636 |
var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
|
|
| 1637 |
var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
|
|
| 1638 |
var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
|
|
| 1639 |
var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
|
|
| 1640 |
var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
|
|
| 1635 |
var oTextbox2 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
|
|
| 1636 |
var oTextbox3 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
|
|
| 1637 |
var oTextbox4 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
|
|
| 1638 |
var oTextbox5 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
|
|
| 1639 |
var oTextbox6 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
|
|
| 1641 | 1640 |
//]]> |
| 1642 | 1641 |
</script> |
| 1643 | 1642 |
<?php include("fend.inc"); ?>
|
Also available in: Unified diff
Fix whitespace and indent