/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ fa94f1e1

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	9ae40f2b	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	9ae40f2b	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	9ae40f2b	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	7ac5a4cb	Scott Ullrich	/*
32			pfSense_MODULE: nat
33			*/
34	5b237745	Scott Ullrich
35	6b07c15a	Matthew Grooms	##\|+PRIV
36			##\|*IDENT=page-firewall-nat-portforward-edit
37			##\|*NAME=Firewall: NAT: Port Forward: Edit page
38			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
39			##\|MATCH=firewall_nat_edit.php
40			##\|-PRIV
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("itemid.inc");
44	f6339216	jim-p	require_once("filter.inc");
45	1a03cf69	Scott Ullrich	require("shaper.inc");
46	5b237745	Scott Ullrich
47	59ecde49	Renato Botelho	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
48			$ifdisp = get_configured_interface_with_descr();
49			foreach ($ifdisp as $kif => $kdescr) {
50			$specialsrcdst[] = "{$kif}";
51			$specialsrcdst[] = "{$kif}ip";
52			}
53
54	5b237745	Scott Ullrich	if (!is_array($config['nat']['rule'])) {
55			$config['nat']['rule'] = array();
56			}
57			$a_nat = &$config['nat']['rule'];
58
59			$id = $_GET['id'];
60			if (isset($_POST['id']))
61			$id = $_POST['id'];
62
63	3202763c	Renato Botelho	$after = $_GET['after'];
64
65			if (isset($_POST['after']))
66			$after = $_POST['after'];
67
68	4a991889	Bill Marquette	if (isset($_GET['dup'])) {
69			$id = $_GET['dup'];
70			$after = $_GET['dup'];
71			}
72
73	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
74	33cc1e86	jim-p	if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) )
75			$pconfig['created'] = $a_nat[$id]['created'];
76
77			if ( isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']) )
78			$pconfig['updated'] = $a_nat[$id]['updated'];
79
80	59ecde49	Renato Botelho	$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
81			$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
82			address_to_pconfig($a_nat[$id]['source'], $pconfig['src'],
83			$pconfig['srcmask'], $pconfig['srcnot'],
84			$pconfig['srcbeginport'], $pconfig['srcendport']);
85
86			address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'],
87			$pconfig['dstmask'], $pconfig['dstnot'],
88			$pconfig['dstbeginport'], $pconfig['dstendport']);
89
90	5b237745	Scott Ullrich	$pconfig['proto'] = $a_nat[$id]['protocol'];
91			$pconfig['localip'] = $a_nat[$id]['target'];
92			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
93			$pconfig['descr'] = $a_nat[$id]['descr'];
94			$pconfig['interface'] = $a_nat[$id]['interface'];
95	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
96	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
97	15409667	Erik Fonnesbeck	$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
98	59ecde49	Renato Botelho
99	5b237745	Scott Ullrich	if (!$pconfig['interface'])
100			$pconfig['interface'] = "wan";
101			} else {
102			$pconfig['interface'] = "wan";
103	59ecde49	Renato Botelho	$pconfig['src'] = "any";
104			$pconfig['srcbeginport'] = "any";
105			$pconfig['srcendport'] = "any";
106	5b237745	Scott Ullrich	}
107
108	a6713b32	Bill Marquette	if (isset($_GET['dup']))
109			unset($id);
110
111	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
112	59ecde49	Renato Botelho	* cannot think he is slick and perform a XSS attack on the unwilling
113	ef2a753c	Scott Ullrich	*/
114	b45babae	Evgeny Yurchenko	unset($input_errors);
115	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
116			$temp = $value;
117			$newpost = htmlentities($temp);
118	59ecde49	Renato Botelho	if($newpost <> $temp)
119	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
120	ef2a753c	Scott Ullrich	}
121
122	5b237745	Scott Ullrich	if ($_POST) {
123
124	59ecde49	Renato Botelho	if(strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") {
125			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
126	90f90934	Cristian Feldman	$_POST['srcbeginport'] = trim($_POST['srcbeginport_cust']);
127	59ecde49	Renato Botelho	if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
128	90f90934	Cristian Feldman	$_POST['srcendport'] = trim($_POST['srcendport_cust']);
129	59ecde49	Renato Botelho
130			if ($_POST['srcbeginport'] == "any") {
131			$_POST['srcbeginport'] = 0;
132			$_POST['srcendport'] = 0;
133			} else {
134			if (!$_POST['srcendport'])
135			$_POST['srcendport'] = $_POST['srcbeginport'];
136			}
137			if ($_POST['srcendport'] == "any")
138			$_POST['srcendport'] = $_POST['srcbeginport'];
139
140			if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
141	90f90934	Cristian Feldman	$_POST['dstbeginport'] = trim($_POST['dstbeginport_cust']);
142	59ecde49	Renato Botelho	if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
143	90f90934	Cristian Feldman	$_POST['dstendport'] = trim($_POST['dstendport_cust']);
144	59ecde49	Renato Botelho
145			if ($_POST['dstbeginport'] == "any") {
146			$_POST['dstbeginport'] = 0;
147			$_POST['dstendport'] = 0;
148			} else {
149			if (!$_POST['dstendport'])
150			$_POST['dstendport'] = $_POST['dstbeginport'];
151			}
152			if ($_POST['dstendport'] == "any")
153			$_POST['dstendport'] = $_POST['dstbeginport'];
154
155			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
156	90f90934	Cristian Feldman	$_POST['localbeginport'] = trim($_POST['localbeginport_cust']);
157	9ae40f2b	Scott Ullrich
158	59ecde49	Renato Botelho	/* Make beginning port end port if not defined and endport is */
159			if (!$_POST['srcbeginport'] && $_POST['srcendport'])
160			$_POST['srcbeginport'] = $_POST['srcendport'];
161			if (!$_POST['dstbeginport'] && $_POST['dstendport'])
162			$_POST['dstbeginport'] = $_POST['dstendport'];
163			} else {
164			$_POST['srcbeginport'] = 0;
165			$_POST['srcendport'] = 0;
166			$_POST['dstbeginport'] = 0;
167			$_POST['dstendport'] = 0;
168			}
169
170			if (is_specialnet($_POST['srctype'])) {
171			$_POST['src'] = $_POST['srctype'];
172			$_POST['srcmask'] = 0;
173			} else if ($_POST['srctype'] == "single") {
174			$_POST['srcmask'] = 32;
175			}
176			if (is_specialnet($_POST['dsttype'])) {
177			$_POST['dst'] = $_POST['dsttype'];
178			$_POST['dstmask'] = 0;
179			} else if ($_POST['dsttype'] == "single") {
180			$_POST['dstmask'] = 32;
181			} else if (is_ipaddr($_POST['dsttype'])) {
182			$_POST['dst'] = $_POST['dsttype'];
183			$_POST['dstmask'] = 32;
184			$_POST['dsttype'] = "single";
185			}
186	9ae40f2b	Scott Ullrich
187	5b237745	Scott Ullrich	$pconfig = $_POST;
188
189			/* input validation */
190	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
191	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto dstbeginport dstendport");
192			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"));
193	b66f7667	Scott Ullrich	} else {
194	6fa73745	Erik Fonnesbeck	$reqdfields = explode(" ", "interface proto");
195			$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"));
196	b66f7667	Scott Ullrich	}
197	9ae40f2b	Scott Ullrich
198	59ecde49	Renato Botelho	if ($_POST['srctype'] == "single" \|\| $_POST['srctype'] == "network") {
199			$reqdfields[] = "src";
200	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Source address");
201	59ecde49	Renato Botelho	}
202			if ($_POST['dsttype'] == "single" \|\| $_POST['dsttype'] == "network") {
203			$reqdfields[] = "dst";
204	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Destination address");
205	59ecde49	Renato Botelho	}
206	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr'])) {
207			$reqdfields[] = "localip";
208			$reqdfieldsn[] = gettext("Redirect target IP");
209			}
210	59ecde49	Renato Botelho
211	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
212	9ae40f2b	Scott Ullrich
213	59ecde49	Renato Botelho	if (!$_POST['srcbeginport']) {
214			$_POST['srcbeginport'] = 0;
215			$_POST['srcendport'] = 0;
216			}
217			if (!$_POST['dstbeginport']) {
218			$_POST['dstbeginport'] = 0;
219			$_POST['dstendport'] = 0;
220			}
221
222	90f90934	Cristian Feldman	if ($_POST['src'])
223			$_POST['src'] = trim($_POST['src']);
224			if ($_POST['dst'])
225			$_POST['dst'] = trim($_POST['dst']);
226			if ($_POST['localip'])
227			$_POST['localip'] = trim($_POST['localip']);
228
229	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
230			$input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $_POST['localip']);
231	5b237745	Scott Ullrich	}
232	9ae40f2b	Scott Ullrich
233	59ecde49	Renato Botelho	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
234	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
235	59ecde49	Renato Botelho	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
236	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
237	59ecde49	Renato Botelho	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
238	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
239	59ecde49	Renato Botelho	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
240	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
241	59ecde49	Renato Botelho
242	6e557fac	jim-p	if ((strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") && (!isset($_POST['nordr']) && !is_portoralias($_POST['localbeginport']))) {
243	d750dd6f	Phil Davis	$input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
244	59ecde49	Renato Botelho	}
245	9ae40f2b	Scott Ullrich
246	59ecde49	Renato Botelho	/* if user enters an alias and selects "network" then disallow. */
247			if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) )
248			\|\| ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) {
249	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
250	59ecde49	Renato Botelho	}
251	b66f7667	Scott Ullrich
252	59ecde49	Renato Botelho	if (!is_specialnet($_POST['srctype'])) {
253			if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
254	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
255	b66f7667	Scott Ullrich	}
256	59ecde49	Renato Botelho	if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
257	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid source bit count must be specified.");
258	b66f7667	Scott Ullrich	}
259	59ecde49	Renato Botelho	}
260			if (!is_specialnet($_POST['dsttype'])) {
261			if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
262	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
263	b66f7667	Scott Ullrich	}
264	59ecde49	Renato Botelho	if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
265	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid destination bit count must be specified.");
266	b66f7667	Scott Ullrich	}
267	59ecde49	Renato Botelho	}
268
269			if ($_POST['srcbeginport'] > $_POST['srcendport']) {
270			/* swap */
271			$tmp = $_POST['srcendport'];
272			$_POST['srcendport'] = $_POST['srcbeginport'];
273			$_POST['srcbeginport'] = $tmp;
274			}
275			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
276			/* swap */
277			$tmp = $_POST['dstendport'];
278			$_POST['dstendport'] = $_POST['dstbeginport'];
279			$_POST['dstbeginport'] = $tmp;
280			}
281	ea0805c1	Scott Ullrich
282	59ecde49	Renato Botelho	if (!$input_errors) {
283	6fa73745	Erik Fonnesbeck	if (!isset($_POST['nordr']) && ($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
284	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
285	5b237745	Scott Ullrich	}
286	9ae40f2b	Scott Ullrich
287	5b237745	Scott Ullrich	/* check for overlaps */
288			foreach ($a_nat as $natent) {
289			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
290			continue;
291			if ($natent['interface'] != $_POST['interface'])
292			continue;
293	59ecde49	Renato Botelho	if ($natent['destination']['address'] != $_POST['dst'])
294	5b237745	Scott Ullrich	continue;
295	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
296			continue;
297	ea0805c1	Scott Ullrich
298	59ecde49	Renato Botelho	list($begp,$endp) = explode("-", $natent['destination']['port']);
299	5b237745	Scott Ullrich	if (!$endp)
300			$endp = $begp;
301	ea0805c1	Scott Ullrich
302	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
303			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
304	ea0805c1	Scott Ullrich
305	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
306	5b237745	Scott Ullrich	break;
307			}
308			}
309
310	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
311			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/input_validation");
312
313	5b237745	Scott Ullrich	if (!$input_errors) {
314			$natent = array();
315	9ae40f2b	Scott Ullrich
316	59ecde49	Renato Botelho	$natent['disabled'] = isset($_POST['disabled']) ? true:false;
317			$natent['nordr'] = isset($_POST['nordr']) ? true:false;
318
319	6fa73745	Erik Fonnesbeck	if ($natent['nordr']) {
320			$_POST['associated-rule-id'] = '';
321			$_POST['filter-rule-association'] = '';
322			}
323
324	59ecde49	Renato Botelho	pconfig_to_address($natent['source'], $_POST['src'],
325			$_POST['srcmask'], $_POST['srcnot'],
326			$_POST['srcbeginport'], $_POST['srcendport']);
327
328			pconfig_to_address($natent['destination'], $_POST['dst'],
329			$_POST['dstmask'], $_POST['dstnot'],
330			$_POST['dstbeginport'], $_POST['dstendport']);
331
332			$natent['protocol'] = $_POST['proto'];
333	9ae40f2b	Scott Ullrich
334	6fa73745	Erik Fonnesbeck	if (!$natent['nordr']) {
335			$natent['target'] = $_POST['localip'];
336			$natent['local-port'] = $_POST['localbeginport'];
337			}
338	5b237745	Scott Ullrich	$natent['interface'] = $_POST['interface'];
339			$natent['descr'] = $_POST['descr'];
340	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
341	59ecde49	Renato Botelho
342	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
343	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
344	9ae40f2b	Scott Ullrich
345	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
346			$natent['nosync'] = true;
347			else
348			unset($natent['nosync']);
349
350	40fa6dde	Erik Fonnesbeck	if ($_POST['natreflection'] == "enable" \|\| $_POST['natreflection'] == "purenat" \|\| $_POST['natreflection'] == "disable")
351	15409667	Erik Fonnesbeck	$natent['natreflection'] = $_POST['natreflection'];
352			else
353			unset($natent['natreflection']);
354
355	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
356	f83fa942	Ermal	if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) \|\| $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) {
357	473d0ff0	pierrepomes	// Delete the previous rule
358	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
359	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
360			}
361
362	5335abae	unknown	$need_filter_rule = false;
363			// Updating a rule with a filter rule associated
364	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id']))
365	5335abae	unknown	$need_filter_rule = true;
366	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
367	9b16b834	Ermal Lu?i	if( $natent['associated-rule-id']=='new' ) {
368	473d0ff0	pierrepomes	$need_filter_rule = true;
369	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
370	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
371			}
372	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
373	473d0ff0	pierrepomes	else if( isset($_POST['filter-rule-association']) &&
374			($_POST['filter-rule-association']=='add-associated' \|\|
375	5335abae	unknown	$_POST['filter-rule-association']=='add-unassociated') )
376			$need_filter_rule = true;
377
378	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
379	9ae40f2b	Scott Ullrich
380	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
381	9ae40f2b	Scott Ullrich	$filterent = array();
382	9b16b834	Ermal Lu?i	unset($filterentid);
383	473d0ff0	pierrepomes	// If a rule already exists, load it
384	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
385			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
386	752c6ca8	jim-p	if ($filterentid === false)
387	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'];
388	59345b3c	Renato Botelho	else
389	9b16b834	Ermal Lu?i	$filterent =& $config['filter']['rule'][$filterentid];
390	59345b3c	Renato Botelho	}
391			pconfig_to_address($filterent['source'], $_POST['src'],
392			$_POST['srcmask'], $_POST['srcnot'],
393			$_POST['srcbeginport'], $_POST['srcendport']);
394	473d0ff0	pierrepomes
395			// Update interface, protocol and destination
396	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
397			$filterent['protocol'] = $_POST['proto'];
398			$filterent['destination']['address'] = $_POST['localip'];
399	9ae40f2b	Scott Ullrich
400	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
401	59ecde49	Renato Botelho	$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
402	9ae40f2b	Scott Ullrich
403	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
404			$filterent['destination']['port'] = $dstpfrom;
405			else
406			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
407	9ae40f2b	Scott Ullrich
408	06246e5b	Seth Mos	/*
409			* Our firewall filter description may be no longer than
410			* 63 characters, so don't let it be.
411			*/
412	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
413	9ae40f2b	Scott Ullrich
414	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
415			if( $_POST['filter-rule-association']=='add-associated' ) {
416	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
417	ba1d9714	jim-p	$filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward"));
418	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
419			}
420	9ae40f2b	Scott Ullrich
421	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
422	5b237745	Scott Ullrich	}
423	9ae40f2b	Scott Ullrich
424	33cc1e86	jim-p	if ( isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']) )
425			$natent['created'] = $a_nat[$id]['created'];
426
427			$natent['updated'] = make_config_revision_entry();
428
429	2ea00c3e	Scott Ullrich	// Allow extending of the firewall edit page and include custom input validation
430			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_write_config");
431
432	473d0ff0	pierrepomes	// Update the NAT entry now
433	b9e28d57	unknown	if (isset($id) && $a_nat[$id])
434			$a_nat[$id] = $natent;
435			else {
436	33cc1e86	jim-p	$natent['created'] = make_config_revision_entry();
437	b9e28d57	unknown	if (is_numeric($after))
438			array_splice($a_nat, $after+1, 0, array($natent));
439			else
440			$a_nat[] = $natent;
441			}
442
443	3a343d73	jim-p	if (write_config())
444			mark_subsystem_dirty('natconf');
445	9ae40f2b	Scott Ullrich
446	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
447			exit;
448			}
449			}
450	da7ae7ef	Bill Marquette
451	4e51740a	Colin Fleming	$closehead = false;
452	ba1a0433	Renato Botelho	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit"));
453	da7ae7ef	Bill Marquette	include("head.inc");
454
455	5b237745	Scott Ullrich	?>
456	4e51740a	Colin Fleming	<link type="text/css" rel="stylesheet" href="/javascript/chosen/chosen.css" />
457	4bb99603	Scott Ullrich	</head>
458	da7ae7ef	Bill Marquette
459	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
460	6134cc8f	Vinicius Coque	<script src="/javascript/chosen/chosen.jquery.js" type="text/javascript"></script>
461	4ce8ac00	Erik Kristensen	<?php
462			include("fbegin.inc"); ?>
463	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
464			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
465	4e51740a	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="firewall nat edit">
466	2a6cb2d6	Scott Ullrich	<tr>
467	6cac9bda	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
468	59ecde49	Renato Botelho	</tr>
469	2ea00c3e	Scott Ullrich	<?php
470			// Allow extending of the firewall edit page and include custom input validation
471			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphpearly");
472			?>
473	59ecde49	Renato Botelho	<tr>
474	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
475	59ecde49	Renato Botelho	<td width="78%" class="vtable">
476	4e51740a	Colin Fleming	<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
477	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("Disable this rule"); ?></strong><br />
478			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
479	59ecde49	Renato Botelho	</td>
480			</tr>
481			<tr>
482	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
483	59ecde49	Renato Botelho	<td width="78%" class="vtable">
484	4e51740a	Colin Fleming	<input type="checkbox" name="nordr" id="nordr" onclick="nordr_change();" <?php if($pconfig['nordr']) echo "checked=\"checked\""; ?> />
485	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
486	4e51740a	Colin Fleming	<br/><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
487	59ecde49	Renato Botelho	</td>
488			</tr>
489			<tr>
490	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
491	5b237745	Scott Ullrich	<td width="78%" class="vtable">
492	4e51740a	Colin Fleming	<select name="interface" class="formselect" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
493	5b237745	Scott Ullrich	<?php
494	59ecde49	Renato Botelho
495	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
496	920d1d01	Scott Ullrich	// Allow extending of the firewall edit interfaces
497	40b83796	Scott Ullrich	pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit");
498	59ecde49	Renato Botelho	foreach ($iflist as $if => $ifdesc)
499			if(have_ruleint_access($if))
500	cbe3ea96	Ermal Luçi	$interfaces[$if] = $ifdesc;
501	59ecde49	Renato Botelho
502	f6018115	Erik Fonnesbeck	if ($config['l2tp']['mode'] == "server")
503			if(have_ruleint_access("l2tp"))
504			$interfaces['l2tp'] = "L2TP VPN";
505
506	40b56dc1	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
507	59ecde49	Renato Botelho	if(have_ruleint_access("pptp"))
508	40b56dc1	Scott Ullrich	$interfaces['pptp'] = "PPTP VPN";
509	59ecde49	Renato Botelho
510	93c2c1e6	jim-p	if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
511			$interfaces['pppoe'] = "PPPoE VPN";
512	59ecde49	Renato Botelho
513	40b56dc1	Scott Ullrich	/* add ipsec interfaces */
514	c6dfd289	jim-p	if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['client']['enable']))
515	59ecde49	Renato Botelho	if(have_ruleint_access("enc0"))
516			$interfaces["enc0"] = "IPsec";
517	40b56dc1	Scott Ullrich
518	f6018115	Erik Fonnesbeck	/* add openvpn/tun interfaces */
519			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
520			$interfaces["openvpn"] = "OpenVPN";
521
522	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
523	4e51740a	Colin Fleming	<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
524	5b237745	Scott Ullrich	<?=htmlspecialchars($ifacename);?>
525			</option>
526			<?php endforeach; ?>
527	4e51740a	Colin Fleming	</select><br/>
528			<span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br/>
529	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td>
530	5b237745	Scott Ullrich	</tr>
531	9ae40f2b	Scott Ullrich	<tr>
532	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
533	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
534	4e51740a	Colin Fleming	<select name="proto" class="formselect" onchange="proto_change(); check_for_aliases();">
535	64307806	jim-p	<?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP ICMP"); foreach ($protocols as $proto): ?>
536	4e51740a	Colin Fleming	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option>
537	5b237745	Scott Ullrich	<?php endforeach; ?>
538	4e51740a	Colin Fleming	</select> <br/> <span class="vexpl"><?=gettext("Choose which IP protocol " .
539			"this rule should match."); ?><br/>
540	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em>  <?=gettext("here."); ?></span></td>
541	5b237745	Scott Ullrich	</tr>
542	59ecde49	Renato Botelho	<tr id="showadvancedboxsrc" name="showadvancedboxsrc">
543	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
544	59ecde49	Renato Botelho	<td width="78%" class="vtable">
545	4e51740a	Colin Fleming	<input type="button" onclick="show_source()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show source address and port range"); ?>
546	59ecde49	Renato Botelho	</td>
547			</tr>
548			<tr style="display: none;" id="srctable" name="srctable">
549	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
550	59ecde49	Renato Botelho	<td width="78%" class="vtable">
551	4e51740a	Colin Fleming	<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> />
552	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
553	59ecde49	Renato Botelho	<br />
554	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
555	59ecde49	Renato Botelho	<br />
556			<br />
557	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="type">
558	59ecde49	Renato Botelho	<tr>
559	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
560	59ecde49	Renato Botelho	<td>
561	4e51740a	Colin Fleming	<select name="srctype" class="formselect" onchange="typesel_change()">
562	59ecde49	Renato Botelho	<?php
563			$sel = is_specialnet($pconfig['src']); ?>
564	4e51740a	Colin Fleming	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
565			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
566			<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
567	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
568	4e51740a	Colin Fleming	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
569	59ecde49	Renato Botelho	<?php endif; ?>
570			<?php if(have_ruleint_access("pppoe")): ?>
571	4e51740a	Colin Fleming	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
572	59ecde49	Renato Botelho	<?php endif; ?>
573			<?php if(have_ruleint_access("l2tp")): ?>
574	4e51740a	Colin Fleming	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
575	3a92149b	Carlos Eduardo Ramos	<?php endif; ?>
576	59ecde49	Renato Botelho	<?php
577			foreach ($ifdisp as $ifent => $ifdesc): ?>
578			<?php if(have_ruleint_access($ifent)): ?>
579	33b1bc17	Phil Davis	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
580	4e51740a	Colin Fleming	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>>
581	ba1a0433	Renato Botelho	<?=$ifdesc?> <?=gettext("address");?>
582	59ecde49	Renato Botelho	</option>
583			<?php endif; ?>
584			<?php endforeach; ?>
585			</select>
586			</td>
587			</tr>
588			<tr>
589	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
590	59ecde49	Renato Botelho	<td>
591	4e51740a	Colin Fleming	<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" /> /
592	59ecde49	Renato Botelho	<select name="srcmask" class="formselect" id="srcmask">
593			<?php for ($i = 31; $i > 0; $i--): ?>
594	4e51740a	Colin Fleming	<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
595	59ecde49	Renato Botelho	<?php endfor; ?>
596			</select>
597			</td>
598			</tr>
599			</table>
600			</td>
601			</tr>
602			<tr style="display:none" id="sprtable" name="sprtable">
603	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range"); ?></td>
604	59ecde49	Renato Botelho	<td width="78%" class="vtable">
605	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="source port range">
606	59ecde49	Renato Botelho	<tr>
607	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
608	59ecde49	Renato Botelho	<td>
609			<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
610	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
611	4e51740a	Colin Fleming	<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected=\"selected\""; $bfound = 1; } ?>><?=gettext("any"); ?></option>
612	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
613	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
614	59ecde49	Renato Botelho	<?php endforeach; ?>
615			</select>
616	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>" />
617	59ecde49	Renato Botelho	</td>
618			</tr>
619			<tr>
620	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
621	59ecde49	Renato Botelho	<td>
622			<select name="srcendport" class="formselect" onchange="ext_change()">
623	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
624	4e51740a	Colin Fleming	<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected=\"selected\""; $bfound = 1; } ?>><?=gettext("any"); ?></option>
625	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
626	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
627	59ecde49	Renato Botelho	<?php endforeach; ?>
628			</select>
629	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>" />
630	59ecde49	Renato Botelho	</td>
631			</tr>
632			</table>
633			<br />
634	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>.</b> <br /> <?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to filter a single port."); ?></span><br/>
635	59ecde49	Renato Botelho	</td>
636			</tr>
637			<tr>
638	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td>
639	59ecde49	Renato Botelho	<td width="78%" class="vtable">
640	4e51740a	Colin Fleming	<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> />
641	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
642	59ecde49	Renato Botelho	<br />
643	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
644	59ecde49	Renato Botelho	<br />
645			<br />
646	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="type">
647	59ecde49	Renato Botelho	<tr>
648	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
649	59ecde49	Renato Botelho	<td>
650	4e51740a	Colin Fleming	<select name="dsttype" class="formselect" onchange="typesel_change()">
651	59ecde49	Renato Botelho	<?php
652			$sel = is_specialnet($pconfig['dst']); ?>
653	4e51740a	Colin Fleming	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
654			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
655			<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
656	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
657	4e51740a	Colin Fleming	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
658	59ecde49	Renato Botelho	<?php endif; ?>
659			<?php if(have_ruleint_access("pppoe")): ?>
660	4e51740a	Colin Fleming	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
661	59ecde49	Renato Botelho	<?php endif; ?>
662			<?php if(have_ruleint_access("l2tp")): ?>
663	4e51740a	Colin Fleming	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
664	59ecde49	Renato Botelho	<?php endif; ?>
665
666			<?php foreach ($ifdisp as $if => $ifdesc): ?>
667			<?php if(have_ruleint_access($if)): ?>
668	33b1bc17	Phil Davis	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?></option>
669	4e51740a	Colin Fleming	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>>
670	ba1a0433	Renato Botelho	<?=$ifdesc;?> <?=gettext("address");?>
671	59ecde49	Renato Botelho	</option>
672			<?php endif; ?>
673			<?php endforeach; ?>
674
675			<?php if (is_array($config['virtualip']['vip'])):
676			foreach ($config['virtualip']['vip'] as $sn):
677	e2c1d6c5	jim-p	if (isset($sn['noexpand']))
678			continue;
679	59ecde49	Renato Botelho	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
680	08a5d2eb	jim-p	$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
681			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
682			$len = $end - $start;
683			for ($i = 0; $i <= $len; $i++):
684			$snip = long2ip32($start+$i);
685	59ecde49	Renato Botelho	?>
686	4e51740a	Colin Fleming	<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected=\"selected\""; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
687	59ecde49	Renato Botelho	<?php endfor;
688			else:
689			?>
690	4e51740a	Colin Fleming	<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected=\"selected\""; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
691	59ecde49	Renato Botelho	<?php endif;
692			endforeach;
693			endif;
694			?>
695			</select>
696			</td>
697			</tr>
698			<tr>
699	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
700	59ecde49	Renato Botelho	<td>
701	4e51740a	Colin Fleming	<input autocomplete='off' name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" />
702	59ecde49	Renato Botelho	/
703			<select name="dstmask" class="formselect" id="dstmask">
704			<?php
705			for ($i = 31; $i > 0; $i--): ?>
706	4e51740a	Colin Fleming	<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option>
707	59ecde49	Renato Botelho	<?php endfor; ?>
708			</select>
709			</td>
710			</tr>
711			</table>
712			</td>
713			</tr>
714			<tr id="dprtr" name="dprtr">
715	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range"); ?> </td>
716	59ecde49	Renato Botelho	<td width="78%" class="vtable">
717	4e51740a	Colin Fleming	<table border="0" cellspacing="0" cellpadding="0" summary="destination port range">
718	59ecde49	Renato Botelho	<tr>
719	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
720	59ecde49	Renato Botelho	<td>
721	7fa503d8	Renato Botelho	<select name="dstbeginport" id="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
722	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
723	a457e739	Renato Botelho	<?php $bfound = 0;
724			foreach ($wkports as $wkport => $wkportdesc): ?>
725	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected=\"selected\""; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
726	59ecde49	Renato Botelho	<?php endforeach; ?>
727			</select>
728	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>" />
729	59ecde49	Renato Botelho	</td>
730			</tr>
731			<tr>
732	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
733	59ecde49	Renato Botelho	<td>
734	7fa503d8	Renato Botelho	<select name="dstendport" id="dstendport" class="formselect" onchange="ext_change()">
735	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
736	a457e739	Renato Botelho	<?php $bfound = 0;
737			foreach ($wkports as $wkport => $wkportdesc): ?>
738	4e51740a	Colin Fleming	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected=\"selected\""; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
739	59ecde49	Renato Botelho	<?php endforeach; ?>
740			</select>
741	4e51740a	Colin Fleming	<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>" />
742	59ecde49	Renato Botelho	</td>
743			</tr>
744			</table>
745			<br />
746			<span class="vexpl">
747	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?>
748	59ecde49	Renato Botelho	<br />
749	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to map a single port"); ?>
750	59ecde49	Renato Botelho	</span>
751			</td>
752			</tr>
753	44374c0a	Erik Fonnesbeck	<tr name="localiptable" id="localiptable">
754	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
755	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
756	4e51740a	Colin Fleming	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>" />
757			<br/> <span class="vexpl"><?=gettext("Enter the internal IP address of " .
758			"the server on which you want to map the ports."); ?><br/>
759	6cac9bda	Carlos Eduardo Ramos	<?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td>
760	5b237745	Scott Ullrich	</tr>
761	59ecde49	Renato Botelho	<tr name="lprtr" id="lprtr">
762	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
763	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
764	7fa503d8	Renato Botelho	<select name="localbeginport" id="localbeginport" class="formselect" onchange="ext_change();check_for_aliases();">
765	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
766	5b237745	Scott Ullrich	<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
767			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
768	4e51740a	Colin Fleming	echo "selected=\"selected\"";
769	0e6998d1	Scott Ullrich	$bfound = 1;
770			}?>>
771	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
772			</option>
773			<?php endforeach; ?>
774	4e51740a	Colin Fleming	</select> <input onchange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo htmlspecialchars($pconfig['localbeginport']); ?>" />
775			<br/>
776	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the port on the machine with the " .
777			"IP address entered above. In case of a port range, specify " .
778			"the beginning port of the range (the end port will be calculated " .
779	4e51740a	Colin Fleming	"automatically)."); ?><br/>
780	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td>
781	5b237745	Scott Ullrich	</tr>
782	9ae40f2b	Scott Ullrich	<tr>
783	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
784	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
785	4e51740a	Colin Fleming	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
786			<br/> <span class="vexpl"><?=gettext("You may enter a description here " .
787	39a3ce91	Carlos Eduardo Ramos	"for your reference (not parsed)."); ?></span></td>
788	53ea15e0	Scott Ullrich	</tr>
789	d00055f8	Scott Ullrich	<tr>
790	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
791	d00055f8	Scott Ullrich	<td width="78%" class="vtable">
792	4e51740a	Colin Fleming	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br/>
793	72711980	Renato Botelho	<?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
794	d00055f8	Scott Ullrich	</td>
795	ea0805c1	Scott Ullrich	</tr>
796	15409667	Erik Fonnesbeck	<tr>
797	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
798	15409667	Erik Fonnesbeck	<td width="78%" class="vtable">
799			<select name="natreflection" class="formselect">
800	4e51740a	Colin Fleming	<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>><?=gettext("Use system default"); ?></option>
801			<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option>
802			<option value="purenat" <?php if ($pconfig['natreflection'] == "purenat") echo "selected=\"selected\""; ?>><?=gettext("Enable (Pure NAT)"); ?></option>
803			<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>><?=gettext("Disable"); ?></option>
804	15409667	Erik Fonnesbeck	</select>
805			</td>
806			</tr>
807	b9e28d57	unknown	<?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
808	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
809	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
810	b9e28d57	unknown	<td width="78%" class="vtable">
811	9b16b834	Ermal Lu?i	<select name="associated-rule-id">
812	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
813	4e51740a	Colin Fleming	<option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " selected=\"selected\""; ?>><?=gettext("Pass"); ?></option>
814	59ecde49	Renato Botelho	<?php
815	cdf9847b	Ermal Lu?i	$linkedrule = "";
816	9b16b834	Ermal Lu?i	if (is_array($config['filter']['rule'])) {
817	8bb30d23	Erik Fonnesbeck	filter_rules_sort();
818	8ad3503e	Erik Fonnesbeck	foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
819	9b16b834	Ermal Lu?i	if (isset($filter_rule['associated-rule-id'])) {
820			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
821	cdf9847b	Ermal Lu?i	if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
822	4e51740a	Colin Fleming	echo " selected=\"selected\"";
823	8ad3503e	Erik Fonnesbeck	$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br/>";
824	cdf9847b	Ermal Lu?i	}
825	9b16b834	Ermal Lu?i	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
826	59ecde49	Renato Botelho
827	9b16b834	Ermal Lu?i	}
828			}
829			}
830			if (isset($pconfig['associated-rule-id']))
831	6cac9bda	Carlos Eduardo Ramos	echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
832	9b16b834	Ermal Lu?i	echo "</select>\n";
833	cdf9847b	Ermal Lu?i	echo $linkedrule;
834	9b16b834	Ermal Lu?i	?>
835	b9e28d57	unknown	</td>
836			</tr>
837			<?php endif; ?>
838	53ea15e0	Scott Ullrich	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']))): ?>
839	44374c0a	Erik Fonnesbeck	<tr name="assoctable" id="assoctable">
840	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
841	5d2742d5	sullrich	<td width="78%" class="vtable">
842	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
843	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
844			<option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
845			<option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
846	3a92149b	Carlos Eduardo Ramos	<option value="pass"><?=gettext("Pass"); ?></option>
847	5335abae	unknown	</select>
848	88996fbe	jim-p	<br/><br/><?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?>
849	5335abae	unknown	</td>
850	5b237745	Scott Ullrich	</tr><?php endif; ?>
851	2ea00c3e	Scott Ullrich	<?php
852			// Allow extending of the firewall edit page and include custom input validation
853			pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/htmlphplate");
854			?>
855	33cc1e86	jim-p	<?php
856			$has_created_time = (isset($a_nat[$id]['created']) && is_array($a_nat[$id]['created']));
857			$has_updated_time = (isset($a_nat[$id]['updated']) && is_array($a_nat[$id]['updated']));
858			?>
859			<?php if ($has_created_time \|\| $has_updated_time): ?>
860			<tr>
861			<td> </td>
862			</tr>
863			<tr>
864			<td colspan="2" valign="top" class="listtopic"><?=gettext("Rule Information");?></td>
865			</tr>
866			<?php if ($has_created_time): ?>
867			<tr>
868			<td width="22%" valign="top" class="vncell"><?=gettext("Created");?></td>
869			<td width="78%" class="vtable">
870			<?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['created']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['created']['username'] ?></strong>
871			</td>
872			</tr>
873			<?php endif; ?>
874			<?php if ($has_updated_time): ?>
875			<tr>
876			<td width="22%" valign="top" class="vncell"><?=gettext("Updated");?></td>
877			<td width="78%" class="vtable">
878			<?= date(gettext("n/j/y H:i:s"), $a_nat[$id]['updated']['time']) ?> <?= gettext("by") ?> <strong><?= $a_nat[$id]['updated']['username'] ?></strong>
879			</td>
880			</tr>
881			<?php endif; ?>
882			<?php endif; ?>
883	147b90b8	Scott Ullrich	<tr>
884			<td width="22%" valign="top"> </td>
885			<td width="78%"> </td>
886			</tr>
887	9ae40f2b	Scott Ullrich	<tr>
888	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
889	9ae40f2b	Scott Ullrich	<td width="78%">
890	4e51740a	Colin Fleming	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()" />
891	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
892	4e51740a	Colin Fleming	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
893	5b237745	Scott Ullrich	<?php endif; ?>
894	4e51740a	Colin Fleming	<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" />
895	5b237745	Scott Ullrich	</td>
896			</tr>
897			</table>
898			</form>
899	4e51740a	Colin Fleming	<script type="text/javascript">
900			//<![CDATA[
901	4ce8ac00	Erik Kristensen	ext_change();
902	dd5bf424	Scott Ullrich	dst_change(document.iform.interface.value,'<?=htmlspecialchars($pconfig['interface'])?>','<?=htmlspecialchars($pconfig['dst'])?>');
903	bcbcc2f8	Erik Fonnesbeck	var iface_old = document.iform.interface.value;
904	59ecde49	Renato Botelho	typesel_change();
905			proto_change();
906	5ab8e250	Erik Fonnesbeck	<?php if ($pconfig['srcnot'] \|\| $pconfig['src'] != "any" \|\| $pconfig['srcbeginport'] != "any" \|\| $pconfig['srcendport'] != "any"): ?>
907			show_source();
908			<?php endif; ?>
909	44374c0a	Erik Fonnesbeck	nordr_change();
910	4e51740a	Colin Fleming	//]]>
911	5b237745	Scott Ullrich	</script>
912	4e51740a	Colin Fleming	<script type="text/javascript">
913	4dfd930e	Darren Embry	//<![CDATA[
914			var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
915	dd042c51	Renato Botelho	var customarray = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>;
916	9eb60dcc	Ermal Lu?i
917			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
918	59ecde49	Renato Botelho	var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
919			var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
920			var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
921			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
922			var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
923			var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
924			var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
925	4dfd930e	Darren Embry	//]]>
926	9ae40f2b	Scott Ullrich	</script>
927	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
928			</body>
929			</html>

Project

General

Profile

pfSense