/usr/local/www/firewall_nat_edit.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/firewall_nat_edit.php @ fde4a93d

1	9ae40f2b	Scott Ullrich	<?php
2	b46bfcf5	Bill Marquette	/* $Id$ */
3	5b237745	Scott Ullrich	/*
4			firewall_nat_edit.php
5			part of m0n0wall (http://m0n0.ch/wall)
6	9ae40f2b	Scott Ullrich
7	5b237745	Scott Ullrich	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
8			All rights reserved.
9	9ae40f2b	Scott Ullrich
10	5b237745	Scott Ullrich	Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12	9ae40f2b	Scott Ullrich
13	5b237745	Scott Ullrich	1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15	9ae40f2b	Scott Ullrich
16	5b237745	Scott Ullrich	2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19	9ae40f2b	Scott Ullrich
20	5b237745	Scott Ullrich	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	7ac5a4cb	Scott Ullrich	/*
32			pfSense_MODULE: nat
33			*/
34	5b237745	Scott Ullrich
35	6b07c15a	Matthew Grooms	##\|+PRIV
36			##\|*IDENT=page-firewall-nat-portforward-edit
37			##\|*NAME=Firewall: NAT: Port Forward: Edit page
38			##\|*DESCR=Allow access to the 'Firewall: NAT: Port Forward: Edit' page.
39			##\|MATCH=firewall_nat_edit.php
40			##\|-PRIV
41
42	5b237745	Scott Ullrich	require("guiconfig.inc");
43	483e6de8	Scott Ullrich	require_once("itemid.inc");
44	1a03cf69	Scott Ullrich	require("filter.inc");
45			require("shaper.inc");
46	5b237745	Scott Ullrich
47	59ecde49	Renato Botelho	$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
48			$ifdisp = get_configured_interface_with_descr();
49			foreach ($ifdisp as $kif => $kdescr) {
50			$specialsrcdst[] = "{$kif}";
51			$specialsrcdst[] = "{$kif}ip";
52			}
53
54	5b237745	Scott Ullrich	if (!is_array($config['nat']['rule'])) {
55			$config['nat']['rule'] = array();
56			}
57			$a_nat = &$config['nat']['rule'];
58
59			$id = $_GET['id'];
60			if (isset($_POST['id']))
61			$id = $_POST['id'];
62
63	4a991889	Bill Marquette	if (isset($_GET['dup'])) {
64			$id = $_GET['dup'];
65			$after = $_GET['dup'];
66			}
67
68	5b237745	Scott Ullrich	if (isset($id) && $a_nat[$id]) {
69	59ecde49	Renato Botelho	$pconfig['disabled'] = isset($a_nat[$id]['disabled']);
70			$pconfig['nordr'] = isset($a_nat[$id]['nordr']);
71
72			address_to_pconfig($a_nat[$id]['source'], $pconfig['src'],
73			$pconfig['srcmask'], $pconfig['srcnot'],
74			$pconfig['srcbeginport'], $pconfig['srcendport']);
75
76			address_to_pconfig($a_nat[$id]['destination'], $pconfig['dst'],
77			$pconfig['dstmask'], $pconfig['dstnot'],
78			$pconfig['dstbeginport'], $pconfig['dstendport']);
79
80	5b237745	Scott Ullrich	$pconfig['proto'] = $a_nat[$id]['protocol'];
81			$pconfig['localip'] = $a_nat[$id]['target'];
82			$pconfig['localbeginport'] = $a_nat[$id]['local-port'];
83			$pconfig['descr'] = $a_nat[$id]['descr'];
84			$pconfig['interface'] = $a_nat[$id]['interface'];
85	9b16b834	Ermal Lu?i	$pconfig['associated-rule-id'] = $a_nat[$id]['associated-rule-id'];
86	ea0805c1	Scott Ullrich	$pconfig['nosync'] = isset($a_nat[$id]['nosync']);
87	15409667	Erik Fonnesbeck	$pconfig['natreflection'] = $a_nat[$id]['natreflection'];
88	59ecde49	Renato Botelho
89	5b237745	Scott Ullrich	if (!$pconfig['interface'])
90			$pconfig['interface'] = "wan";
91			} else {
92			$pconfig['interface'] = "wan";
93	59ecde49	Renato Botelho	$pconfig['src'] = "any";
94			$pconfig['srcbeginport'] = "any";
95			$pconfig['srcendport'] = "any";
96	5b237745	Scott Ullrich	}
97
98	a6713b32	Bill Marquette	if (isset($_GET['dup']))
99			unset($id);
100
101	ef2a753c	Scott Ullrich	/* run through $_POST items encoding HTML entties so that the user
102	59ecde49	Renato Botelho	* cannot think he is slick and perform a XSS attack on the unwilling
103	ef2a753c	Scott Ullrich	*/
104	21eff66f	Scott Ullrich	foreach ($_POST as $key => $value) {
105			$temp = $value;
106			$newpost = htmlentities($temp);
107	59ecde49	Renato Botelho	if($newpost <> $temp)
108	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $temp);
109	ef2a753c	Scott Ullrich	}
110
111	5b237745	Scott Ullrich	if ($_POST) {
112
113	59ecde49	Renato Botelho	if(strtoupper($_POST['proto']) == "TCP" \|\| strtoupper($_POST['proto']) == "UDP" \|\| strtoupper($_POST['proto']) == "TCP/UDP") {
114			if ($_POST['srcbeginport_cust'] && !$_POST['srcbeginport'])
115			$_POST['srcbeginport'] = $_POST['srcbeginport_cust'];
116			if ($_POST['srcendport_cust'] && !$_POST['srcendport'])
117			$_POST['srcendport'] = $_POST['srcendport_cust'];
118
119			if ($_POST['srcbeginport'] == "any") {
120			$_POST['srcbeginport'] = 0;
121			$_POST['srcendport'] = 0;
122			} else {
123			if (!$_POST['srcendport'])
124			$_POST['srcendport'] = $_POST['srcbeginport'];
125			}
126			if ($_POST['srcendport'] == "any")
127			$_POST['srcendport'] = $_POST['srcbeginport'];
128
129			if ($_POST['dstbeginport_cust'] && !$_POST['dstbeginport'])
130			$_POST['dstbeginport'] = $_POST['dstbeginport_cust'];
131			if ($_POST['dstendport_cust'] && !$_POST['dstendport'])
132			$_POST['dstendport'] = $_POST['dstendport_cust'];
133
134			if ($_POST['dstbeginport'] == "any") {
135			$_POST['dstbeginport'] = 0;
136			$_POST['dstendport'] = 0;
137			} else {
138			if (!$_POST['dstendport'])
139			$_POST['dstendport'] = $_POST['dstbeginport'];
140			}
141			if ($_POST['dstendport'] == "any")
142			$_POST['dstendport'] = $_POST['dstbeginport'];
143
144			if ($_POST['localbeginport_cust'] && !$_POST['localbeginport'])
145			$_POST['localbeginport'] = $_POST['localbeginport_cust'];
146	9ae40f2b	Scott Ullrich
147	59ecde49	Renato Botelho	/* Make beginning port end port if not defined and endport is */
148			if (!$_POST['srcbeginport'] && $_POST['srcendport'])
149			$_POST['srcbeginport'] = $_POST['srcendport'];
150			if (!$_POST['dstbeginport'] && $_POST['dstendport'])
151			$_POST['dstbeginport'] = $_POST['dstendport'];
152			} else {
153			$_POST['srcbeginport'] = 0;
154			$_POST['srcendport'] = 0;
155			$_POST['dstbeginport'] = 0;
156			$_POST['dstendport'] = 0;
157			}
158
159			if (is_specialnet($_POST['srctype'])) {
160			$_POST['src'] = $_POST['srctype'];
161			$_POST['srcmask'] = 0;
162			} else if ($_POST['srctype'] == "single") {
163			$_POST['srcmask'] = 32;
164			}
165			if (is_specialnet($_POST['dsttype'])) {
166			$_POST['dst'] = $_POST['dsttype'];
167			$_POST['dstmask'] = 0;
168			} else if ($_POST['dsttype'] == "single") {
169			$_POST['dstmask'] = 32;
170			} else if (is_ipaddr($_POST['dsttype'])) {
171			$_POST['dst'] = $_POST['dsttype'];
172			$_POST['dstmask'] = 32;
173			$_POST['dsttype'] = "single";
174			}
175	9ae40f2b	Scott Ullrich
176	5b237745	Scott Ullrich	unset($input_errors);
177			$pconfig = $_POST;
178
179			/* input validation */
180	aa3400b8	Scott Ullrich	if(strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
181	59ecde49	Renato Botelho	$reqdfields = explode(" ", "interface proto dstbeginport dstendport localip");
182	ba1a0433	Renato Botelho	$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to"),gettext("NAT IP"));
183	b66f7667	Scott Ullrich	} else {
184			$reqdfields = explode(" ", "interface proto localip");
185	ba1a0433	Renato Botelho	$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("NAT IP"));
186	b66f7667	Scott Ullrich	}
187	9ae40f2b	Scott Ullrich
188	59ecde49	Renato Botelho	if ($_POST['srctype'] == "single" \|\| $_POST['srctype'] == "network") {
189			$reqdfields[] = "src";
190	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Source address");
191	59ecde49	Renato Botelho	}
192			if ($_POST['dsttype'] == "single" \|\| $_POST['dsttype'] == "network") {
193			$reqdfields[] = "dst";
194	6cac9bda	Carlos Eduardo Ramos	$reqdfieldsn[] = gettext("Destination address");
195	59ecde49	Renato Botelho	}
196
197	5b237745	Scott Ullrich	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
198	9ae40f2b	Scott Ullrich
199	59ecde49	Renato Botelho	if (!$_POST['srcbeginport']) {
200			$_POST['srcbeginport'] = 0;
201			$_POST['srcendport'] = 0;
202			}
203			if (!$_POST['dstbeginport']) {
204			$_POST['dstbeginport'] = 0;
205			$_POST['dstendport'] = 0;
206			}
207
208	5b237745	Scott Ullrich	if (($_POST['localip'] && !is_ipaddroralias($_POST['localip']))) {
209	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("\"%s\" is not valid NAT IP address or host alias."), $_POST['localip']);
210	5b237745	Scott Ullrich	}
211	9ae40f2b	Scott Ullrich
212	59ecde49	Renato Botelho	if ($_POST['srcbeginport'] && !is_portoralias($_POST['srcbeginport']))
213	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcbeginport']);
214	59ecde49	Renato Botelho	if ($_POST['srcendport'] && !is_portoralias($_POST['srcendport']))
215	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $_POST['srcendport']);
216	59ecde49	Renato Botelho	if ($_POST['dstbeginport'] && !is_portoralias($_POST['dstbeginport']))
217	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstbeginport']);
218	59ecde49	Renato Botelho	if ($_POST['dstendport'] && !is_portoralias($_POST['dstendport']))
219	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $_POST['dstendport']);
220	59ecde49	Renato Botelho
221			if ($_POST['localbeginport'] && !is_portoralias($_POST['localbeginport'])) {
222	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid local port. It must be a port alias or integer between 1 and 65535."), $_POST['localbeginport']);
223	59ecde49	Renato Botelho	}
224	9ae40f2b	Scott Ullrich
225	59ecde49	Renato Botelho	/* if user enters an alias and selects "network" then disallow. */
226			if( ($_POST['srctype'] == "network" && is_alias($_POST['src']) )
227			\|\| ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) ) ) {
228	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("You must specify single host or alias for alias entries.");
229	59ecde49	Renato Botelho	}
230	b66f7667	Scott Ullrich
231	59ecde49	Renato Botelho	if (!is_specialnet($_POST['srctype'])) {
232			if (($_POST['src'] && !is_ipaddroralias($_POST['src']))) {
233	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
234	b66f7667	Scott Ullrich	}
235	59ecde49	Renato Botelho	if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) {
236	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid source bit count must be specified.");
237	b66f7667	Scott Ullrich	}
238	59ecde49	Renato Botelho	}
239			if (!is_specialnet($_POST['dsttype'])) {
240			if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) {
241	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
242	b66f7667	Scott Ullrich	}
243	59ecde49	Renato Botelho	if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) {
244	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("A valid destination bit count must be specified.");
245	b66f7667	Scott Ullrich	}
246	59ecde49	Renato Botelho	}
247
248			if ($_POST['srcbeginport'] > $_POST['srcendport']) {
249			/* swap */
250			$tmp = $_POST['srcendport'];
251			$_POST['srcendport'] = $_POST['srcbeginport'];
252			$_POST['srcbeginport'] = $tmp;
253			}
254			if ($_POST['dstbeginport'] > $_POST['dstendport']) {
255			/* swap */
256			$tmp = $_POST['dstendport'];
257			$_POST['dstendport'] = $_POST['dstbeginport'];
258			$_POST['dstbeginport'] = $tmp;
259			}
260	ea0805c1	Scott Ullrich
261	59ecde49	Renato Botelho	if (!$input_errors) {
262			if (($_POST['dstendport'] - $_POST['dstbeginport'] + $_POST['localbeginport']) > 65535)
263	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The target port range must be an integer between 1 and 65535.");
264	5b237745	Scott Ullrich	}
265	9ae40f2b	Scott Ullrich
266	5b237745	Scott Ullrich	/* check for overlaps */
267			foreach ($a_nat as $natent) {
268			if (isset($id) && ($a_nat[$id]) && ($a_nat[$id] === $natent))
269			continue;
270			if ($natent['interface'] != $_POST['interface'])
271			continue;
272	59ecde49	Renato Botelho	if ($natent['destination']['address'] != $_POST['dst'])
273	5b237745	Scott Ullrich	continue;
274	0cea6311	Scott Ullrich	if (($natent['proto'] != $_POST['proto']) && ($natent['proto'] != "tcp/udp") && ($_POST['proto'] != "tcp/udp"))
275			continue;
276	ea0805c1	Scott Ullrich
277	59ecde49	Renato Botelho	list($begp,$endp) = explode("-", $natent['destination']['port']);
278	5b237745	Scott Ullrich	if (!$endp)
279			$endp = $begp;
280	ea0805c1	Scott Ullrich
281	5b237745	Scott Ullrich	if (!( (($_POST['beginport'] < $begp) && ($_POST['endport'] < $begp))
282			\|\| (($_POST['beginport'] > $endp) && ($_POST['endport'] > $endp)))) {
283	ea0805c1	Scott Ullrich
284	6cac9bda	Carlos Eduardo Ramos	$input_errors[] = gettext("The destination port range overlaps with an existing entry.");
285	5b237745	Scott Ullrich	break;
286			}
287			}
288
289			if (!$input_errors) {
290			$natent = array();
291	9ae40f2b	Scott Ullrich
292	59ecde49	Renato Botelho	$natent['disabled'] = isset($_POST['disabled']) ? true:false;
293			$natent['nordr'] = isset($_POST['nordr']) ? true:false;
294
295			pconfig_to_address($natent['source'], $_POST['src'],
296			$_POST['srcmask'], $_POST['srcnot'],
297			$_POST['srcbeginport'], $_POST['srcendport']);
298
299			pconfig_to_address($natent['destination'], $_POST['dst'],
300			$_POST['dstmask'], $_POST['dstnot'],
301			$_POST['dstbeginport'], $_POST['dstendport']);
302
303			$natent['protocol'] = $_POST['proto'];
304	9ae40f2b	Scott Ullrich
305	5b237745	Scott Ullrich	$natent['target'] = $_POST['localip'];
306			$natent['local-port'] = $_POST['localbeginport'];
307			$natent['interface'] = $_POST['interface'];
308			$natent['descr'] = $_POST['descr'];
309	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = $_POST['associated-rule-id'];
310	59ecde49	Renato Botelho
311	f891bf66	Chris Buechler	if($_POST['filter-rule-association'] == "pass")
312	9b16b834	Ermal Lu?i	$natent['associated-rule-id'] = "pass";
313	9ae40f2b	Scott Ullrich
314	d00055f8	Scott Ullrich	if($_POST['nosync'] == "yes")
315			$natent['nosync'] = true;
316			else
317			unset($natent['nosync']);
318
319	15409667	Erik Fonnesbeck	if ($_POST['natreflection'] == "enable" \|\| $_POST['natreflection'] == "disable")
320			$natent['natreflection'] = $_POST['natreflection'];
321			else
322			unset($natent['natreflection']);
323
324	473d0ff0	pierrepomes	// If we used to have an associated filter rule, but no-longer should have one
325	f83fa942	Ermal	if (!empty($a_nat[$id]) && ( empty($natent['associated-rule-id']) \|\| $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) {
326	473d0ff0	pierrepomes	// Delete the previous rule
327	9b16b834	Ermal Lu?i	delete_id($a_nat[$id]['associated-rule-id'], $config['filter']['rule']);
328	473d0ff0	pierrepomes	mark_subsystem_dirty('filter');
329			}
330
331	5335abae	unknown	$need_filter_rule = false;
332			// Updating a rule with a filter rule associated
333	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id']))
334	5335abae	unknown	$need_filter_rule = true;
335	473d0ff0	pierrepomes	// Create a rule or if we want to create a new one
336	9b16b834	Ermal Lu?i	if( $natent['associated-rule-id']=='new' ) {
337	473d0ff0	pierrepomes	$need_filter_rule = true;
338	9b16b834	Ermal Lu?i	unset( $natent['associated-rule-id'] );
339	473d0ff0	pierrepomes	$_POST['filter-rule-association']='add-associated';
340			}
341	5335abae	unknown	// If creating a new rule, where we want to add the filter rule, associated or not
342	473d0ff0	pierrepomes	else if( isset($_POST['filter-rule-association']) &&
343			($_POST['filter-rule-association']=='add-associated' \|\|
344	5335abae	unknown	$_POST['filter-rule-association']=='add-unassociated') )
345			$need_filter_rule = true;
346
347	473d0ff0	pierrepomes	// Determine NAT entry ID now, we need it for the firewall rule
348			if (isset($id) && $a_nat[$id])
349			$a_nat[$id] = $natent;
350			else {
351			if (is_numeric($after))
352			$id = $after + 1;
353			else
354			$id = count($a_nat);
355			}
356	5335abae	unknown
357	9b16b834	Ermal Lu?i	if ($need_filter_rule == true) {
358	9ae40f2b	Scott Ullrich
359	5b237745	Scott Ullrich	/* auto-generate a matching firewall rule */
360	9ae40f2b	Scott Ullrich	$filterent = array();
361	9b16b834	Ermal Lu?i	unset($filterentid);
362	473d0ff0	pierrepomes	// If a rule already exists, load it
363	9b16b834	Ermal Lu?i	if (!empty($natent['associated-rule-id'])) {
364			$filterentid = get_id($natent['associated-rule-id'], $config['filter']['rule']);
365			if ($filterentid == false) {
366	59ecde49	Renato Botelho	pconfig_to_address($filterent['source'], $_POST['src'],
367			$_POST['srcmask'], $_POST['srcnot'],
368			$_POST['srcbeginport'], $_POST['srcendport']);
369	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'];
370			} else
371			$filterent =& $config['filter']['rule'][$filterentid];
372			} else
373	59ecde49	Renato Botelho	pconfig_to_address($filterent['source'], $_POST['src'],
374			$_POST['srcmask'], $_POST['srcnot'],
375			$_POST['srcbeginport'], $_POST['srcendport']);
376	473d0ff0	pierrepomes
377			// Update interface, protocol and destination
378	5b237745	Scott Ullrich	$filterent['interface'] = $_POST['interface'];
379			$filterent['protocol'] = $_POST['proto'];
380			$filterent['destination']['address'] = $_POST['localip'];
381	9ae40f2b	Scott Ullrich
382	5b237745	Scott Ullrich	$dstpfrom = $_POST['localbeginport'];
383	59ecde49	Renato Botelho	$dstpto = $dstpfrom + $_POST['dstendport'] - $_POST['dstbeginport'];
384	9ae40f2b	Scott Ullrich
385	5b237745	Scott Ullrich	if ($dstpfrom == $dstpto)
386			$filterent['destination']['port'] = $dstpfrom;
387			else
388			$filterent['destination']['port'] = $dstpfrom . "-" . $dstpto;
389	9ae40f2b	Scott Ullrich
390	06246e5b	Seth Mos	/*
391			* Our firewall filter description may be no longer than
392			* 63 characters, so don't let it be.
393			*/
394	9b16b834	Ermal Lu?i	$filterent['descr'] = substr("NAT " . $_POST['descr'], 0, 62);
395	9ae40f2b	Scott Ullrich
396	473d0ff0	pierrepomes	// If this is a new rule, create an ID and add the rule
397			if( $_POST['filter-rule-association']=='add-associated' ) {
398	9b16b834	Ermal Lu?i	$filterent['associated-rule-id'] = $natent['associated-rule-id'] = get_unique_id();
399	473d0ff0	pierrepomes	$config['filter']['rule'][] = $filterent;
400			}
401	9ae40f2b	Scott Ullrich
402	a368a026	Ermal Lu?i	mark_subsystem_dirty('filter');
403	5b237745	Scott Ullrich	}
404	9ae40f2b	Scott Ullrich
405	473d0ff0	pierrepomes	// Update the NAT entry now
406	b9e28d57	unknown	if (isset($id) && $a_nat[$id])
407			$a_nat[$id] = $natent;
408			else {
409			if (is_numeric($after))
410			array_splice($a_nat, $after+1, 0, array($natent));
411			else
412			$a_nat[] = $natent;
413			}
414
415			mark_subsystem_dirty('natconf');
416
417	5b237745	Scott Ullrich	write_config();
418	9ae40f2b	Scott Ullrich
419	5b237745	Scott Ullrich	header("Location: firewall_nat.php");
420			exit;
421			}
422			}
423	da7ae7ef	Bill Marquette
424	ba1a0433	Renato Botelho	$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit"));
425	da7ae7ef	Bill Marquette	include("head.inc");
426
427	5b237745	Scott Ullrich	?>
428	da7ae7ef	Bill Marquette
429	5b237745	Scott Ullrich	<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
430	4ce8ac00	Erik Kristensen	<?php
431			include("fbegin.inc"); ?>
432	5b237745	Scott Ullrich	<?php if ($input_errors) print_input_errors($input_errors); ?>
433			<form action="firewall_nat_edit.php" method="post" name="iform" id="iform">
434			<table width="100%" border="0" cellpadding="6" cellspacing="0">
435	2a6cb2d6	Scott Ullrich	<tr>
436	6cac9bda	Carlos Eduardo Ramos	<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Redirect entry"); ?></td>
437	59ecde49	Renato Botelho	</tr>
438			<tr>
439	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td>
440	59ecde49	Renato Botelho	<td width="78%" class="vtable">
441			<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked"; ?>>
442	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("Disable this rule"); ?></strong><br />
443			<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span>
444	59ecde49	Renato Botelho	</td>
445			</tr>
446			<tr>
447	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No RDR (NOT)"); ?></td>
448	59ecde49	Renato Botelho	<td width="78%" class="vtable">
449			<input type="checkbox" name="nordr"<?php if($pconfig['nordr']) echo " CHECKED"; ?>>
450	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?>
451			<br><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?></span>
452	59ecde49	Renato Botelho	</td>
453			</tr>
454			<tr>
455	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td>
456	5b237745	Scott Ullrich	<td width="78%" class="vtable">
457	bcbcc2f8	Erik Fonnesbeck	<select name="interface" class="formselect" onChange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
458	5b237745	Scott Ullrich	<?php
459	59ecde49	Renato Botelho
460	cbe3ea96	Ermal Luçi	$iflist = get_configured_interface_with_descr(false, true);
461	59ecde49	Renato Botelho	foreach ($iflist as $if => $ifdesc)
462			if(have_ruleint_access($if))
463	cbe3ea96	Ermal Luçi	$interfaces[$if] = $ifdesc;
464	59ecde49	Renato Botelho
465	f6018115	Erik Fonnesbeck	if ($config['l2tp']['mode'] == "server")
466			if(have_ruleint_access("l2tp"))
467			$interfaces['l2tp'] = "L2TP VPN";
468
469	40b56dc1	Scott Ullrich	if ($config['pptpd']['mode'] == "server")
470	59ecde49	Renato Botelho	if(have_ruleint_access("pptp"))
471	40b56dc1	Scott Ullrich	$interfaces['pptp'] = "PPTP VPN";
472	59ecde49	Renato Botelho
473	40b56dc1	Scott Ullrich	if ($config['pppoe']['mode'] == "server")
474	59ecde49	Renato Botelho	if(have_ruleint_access("pppoe"))
475	40b56dc1	Scott Ullrich	$interfaces['pppoe'] = "PPPoE VPN";
476	59ecde49	Renato Botelho
477	40b56dc1	Scott Ullrich	/* add ipsec interfaces */
478			if (isset($config['ipsec']['enable']) \|\| isset($config['ipsec']['mobileclients']['enable']))
479	59ecde49	Renato Botelho	if(have_ruleint_access("enc0"))
480			$interfaces["enc0"] = "IPsec";
481	40b56dc1	Scott Ullrich
482	f6018115	Erik Fonnesbeck	/* add openvpn/tun interfaces */
483			if ($config['openvpn']["openvpn-server"] \|\| $config['openvpn']["openvpn-client"])
484			$interfaces["openvpn"] = "OpenVPN";
485
486	5b237745	Scott Ullrich	foreach ($interfaces as $iface => $ifacename): ?>
487			<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected"; ?>>
488			<?=htmlspecialchars($ifacename);?>
489			</option>
490			<?php endforeach; ?>
491			</select><br>
492	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Choose which interface this rule applies to."); ?><br>
493			<?=gettext("Hint: in most cases, you'll want to use WAN here."); ?></span></td>
494	5b237745	Scott Ullrich	</tr>
495	9ae40f2b	Scott Ullrich	<tr>
496	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol"); ?></td>
497	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
498	b5c78501	Seth Mos	<select name="proto" class="formselect" onChange="proto_change(); check_for_aliases();">
499	e598eab5	Scott Ullrich	<?php $protocols = explode(" ", "TCP UDP TCP/UDP GRE ESP"); foreach ($protocols as $proto): ?>
500	5b237745	Scott Ullrich	<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['proto']) echo "selected"; ?>><?=htmlspecialchars($proto);?></option>
501			<?php endforeach; ?>
502	6cac9bda	Carlos Eduardo Ramos	</select> <br> <span class="vexpl"><?=gettext("Choose which IP protocol " .
503			"this rule should match."); ?><br>
504	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em>  <?=gettext("here."); ?></span></td>
505	5b237745	Scott Ullrich	</tr>
506	59ecde49	Renato Botelho	<tr id="showadvancedboxsrc" name="showadvancedboxsrc">
507	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
508	59ecde49	Renato Botelho	<td width="78%" class="vtable">
509	3a92149b	Carlos Eduardo Ramos	<input type="button" onClick="show_source()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show source address and port range"); ?></a>
510	59ecde49	Renato Botelho	</td>
511			</tr>
512			<tr style="display: none;" id="srctable" name="srctable">
513	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source"); ?></td>
514	59ecde49	Renato Botelho	<td width="78%" class="vtable">
515	ba1a0433	Renato Botelho	<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked"; ?>>
516	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
517	59ecde49	Renato Botelho	<br />
518	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
519	59ecde49	Renato Botelho	<br />
520			<br />
521			<table border="0" cellspacing="0" cellpadding="0">
522			<tr>
523	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
524	59ecde49	Renato Botelho	<td>
525			<select name="srctype" class="formselect" onChange="typesel_change()">
526			<?php
527			$sel = is_specialnet($pconfig['src']); ?>
528	6cac9bda	Carlos Eduardo Ramos	<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option>
529			<option value="single" <?php if (($pconfig['srcmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
530			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option>
531	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
532	ba1a0433	Renato Botelho	<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option>
533	59ecde49	Renato Botelho	<?php endif; ?>
534			<?php if(have_ruleint_access("pppoe")): ?>
535	ba1a0433	Renato Botelho	<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option>
536	59ecde49	Renato Botelho	<?php endif; ?>
537			<?php if(have_ruleint_access("l2tp")): ?>
538	ba1a0433	Renato Botelho	<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option>
539	3a92149b	Carlos Eduardo Ramos	<?php endif; ?>
540	59ecde49	Renato Botelho	<?php
541			foreach ($ifdisp as $ifent => $ifdesc): ?>
542			<?php if(have_ruleint_access($ifent)): ?>
543	6cac9bda	Carlos Eduardo Ramos	<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option>
544	59ecde49	Renato Botelho	<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected"; } ?>>
545	ba1a0433	Renato Botelho	<?=$ifdesc?> <?=gettext("address");?>
546	59ecde49	Renato Botelho	</option>
547			<?php endif; ?>
548			<?php endforeach; ?>
549			</select>
550			</td>
551			</tr>
552			<tr>
553	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
554	59ecde49	Renato Botelho	<td>
555			<input autocomplete='off' name="src" type="text" class="formfldalias" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>"> /
556			<select name="srcmask" class="formselect" id="srcmask">
557			<?php for ($i = 31; $i > 0; $i--): ?>
558			<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected"; ?>><?=$i;?></option>
559			<?php endfor; ?>
560			</select>
561			</td>
562			</tr>
563			</table>
564			</td>
565			</tr>
566			<tr style="display:none" id="sprtable" name="sprtable">
567	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Source port range"); ?></td>
568	59ecde49	Renato Botelho	<td width="78%" class="vtable">
569			<table border="0" cellspacing="0" cellpadding="0">
570			<tr>
571	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
572	59ecde49	Renato Botelho	<td>
573			<select name="srcbeginport" class="formselect" onchange="src_rep_change();ext_change()">
574	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
575			<option value="any" <?php $bfound = 0; if ($pconfig['srcbeginport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any"); ?></option>
576	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
577			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
578			<?php endforeach; ?>
579			</select>
580			<input autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>">
581			</td>
582			</tr>
583			<tr>
584	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
585	59ecde49	Renato Botelho	<td>
586			<select name="srcendport" class="formselect" onchange="ext_change()">
587	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
588			<option value="any" <?php $bfound = 0; if ($pconfig['srcendport'] == "any") { echo "selected"; $bfound = 1; } ?>><?=gettext("any"); ?></option>
589	59ecde49	Renato Botelho	<?php foreach ($wkports as $wkport => $wkportdesc): ?>
590			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
591			<?php endforeach; ?>
592			</select>
593			<input autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>">
594			</td>
595			</tr>
596			</table>
597			<br />
598	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>.</b> <br /> <?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to filter a single port."); ?></span><br/>
599	59ecde49	Renato Botelho	</td>
600			</tr>
601			<tr>
602	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td>
603	59ecde49	Renato Botelho	<td width="78%" class="vtable">
604			<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked"; ?>>
605	6cac9bda	Carlos Eduardo Ramos	<strong><?=gettext("not"); ?></strong>
606	59ecde49	Renato Botelho	<br />
607	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Use this option to invert the sense of the match."); ?>
608	59ecde49	Renato Botelho	<br />
609			<br />
610			<table border="0" cellspacing="0" cellpadding="0">
611			<tr>
612	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Type:"); ?>  </td>
613	59ecde49	Renato Botelho	<td>
614			<select name="dsttype" class="formselect" onChange="typesel_change()">
615			<?php
616			$sel = is_specialnet($pconfig['dst']); ?>
617	6cac9bda	Carlos Eduardo Ramos	<option value="any" <?php if ($pconfig['dst'] == "any") { echo "selected"; } ?>><?=gettext("any"); ?></option>
618			<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected"; $sel = 1; } ?>><?=gettext("Single host or alias"); ?></option>
619			<option value="network" <?php if (!$sel) echo "selected"; ?>><?=gettext("Network"); ?></option>
620	59ecde49	Renato Botelho	<?php if(have_ruleint_access("pptp")): ?>
621	ba1a0433	Renato Botelho	<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected"; } ?>><?=gettext("PPTP clients"); ?></option>
622	59ecde49	Renato Botelho	<?php endif; ?>
623			<?php if(have_ruleint_access("pppoe")): ?>
624	ba1a0433	Renato Botelho	<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected"; } ?>><?=gettext("PPPoE clients"); ?></option>
625	59ecde49	Renato Botelho	<?php endif; ?>
626			<?php if(have_ruleint_access("l2tp")): ?>
627	ba1a0433	Renato Botelho	<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected"; } ?>><?=gettext("L2TP clients"); ?></option>
628	59ecde49	Renato Botelho	<?php endif; ?>
629
630			<?php foreach ($ifdisp as $if => $ifdesc): ?>
631			<?php if(have_ruleint_access($if)): ?>
632	6cac9bda	Carlos Eduardo Ramos	<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected"; } ?>><?=htmlspecialchars($ifdesc);?> <?=gettext("subnet"); ?></option>
633	59ecde49	Renato Botelho	<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected"; } ?>>
634	ba1a0433	Renato Botelho	<?=$ifdesc;?> <?=gettext("address");?>
635	59ecde49	Renato Botelho	</option>
636			<?php endif; ?>
637			<?php endforeach; ?>
638
639			<?php if (is_array($config['virtualip']['vip'])):
640			foreach ($config['virtualip']['vip'] as $sn):
641			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
642	08a5d2eb	jim-p	$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
643			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
644			$len = $end - $start;
645			for ($i = 0; $i <= $len; $i++):
646			$snip = long2ip32($start+$i);
647	59ecde49	Renato Botelho	?>
648			<option value="<?=$snip;?>" <?php if ($snip == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$snip} ({$sn['descr']})");?></option>
649			<?php endfor;
650			else:
651			?>
652			<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['dst']) echo "selected"; ?>><?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?></option>
653			<?php endif;
654			endforeach;
655			endif;
656			?>
657			</select>
658			</td>
659			</tr>
660			<tr>
661	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("Address:"); ?>  </td>
662	59ecde49	Renato Botelho	<td>
663			<input name="dst" type="text" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>">
664			/
665			<select name="dstmask" class="formselect" id="dstmask">
666			<?php
667			for ($i = 31; $i > 0; $i--): ?>
668			<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected"; ?>><?=$i;?></option>
669			<?php endfor; ?>
670			</select>
671			</td>
672			</tr>
673			</table>
674			</td>
675			</tr>
676			<tr id="dprtr" name="dprtr">
677	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination port range"); ?> </td>
678	59ecde49	Renato Botelho	<td width="78%" class="vtable">
679			<table border="0" cellspacing="0" cellpadding="0">
680			<tr>
681	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("from:"); ?>  </td>
682	59ecde49	Renato Botelho	<td>
683			<select name="dstbeginport" class="formselect" onchange="dst_rep_change();ext_change()">
684	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
685	a457e739	Renato Botelho	<?php $bfound = 0;
686			foreach ($wkports as $wkport => $wkportdesc): ?>
687	59ecde49	Renato Botelho	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option>
688			<?php endforeach; ?>
689			</select>
690			<input autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>">
691			</td>
692			</tr>
693			<tr>
694	39a3ce91	Carlos Eduardo Ramos	<td><?=gettext("to:"); ?></td>
695	59ecde49	Renato Botelho	<td>
696			<select name="dstendport" class="formselect" onchange="ext_change()">
697	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
698	a457e739	Renato Botelho	<?php $bfound = 0;
699			foreach ($wkports as $wkport => $wkportdesc): ?>
700	59ecde49	Renato Botelho	<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option>
701			<?php endforeach; ?>
702			</select>
703			<input autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>">
704			</td>
705			</tr>
706			</table>
707			<br />
708			<span class="vexpl">
709	39a3ce91	Carlos Eduardo Ramos	<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?>
710	59ecde49	Renato Botelho	<br />
711	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: you can leave the"); ?> <em>'<?=gettext("to"); ?>'</em> <?=gettext("field empty if you only want to map a single port"); ?>
712	59ecde49	Renato Botelho	</span>
713			</td>
714			</tr>
715	9ae40f2b	Scott Ullrich	<tr>
716	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target IP"); ?></td>
717	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
718	4ce8ac00	Erik Kristensen	<input autocomplete='off' name="localip" type="text" class="formfldalias" id="localip" size="20" value="<?=htmlspecialchars($pconfig['localip']);?>">
719	6cac9bda	Carlos Eduardo Ramos	<br> <span class="vexpl"><?=gettext("Enter the internal IP address of " .
720	39a3ce91	Carlos Eduardo Ramos	"the server on which you want to map the ports."); ?><br>
721	6cac9bda	Carlos Eduardo Ramos	<?=gettext("e.g."); ?> <em>192.168.1.12</em></span></td>
722	5b237745	Scott Ullrich	</tr>
723	59ecde49	Renato Botelho	<tr name="lprtr" id="lprtr">
724	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncellreq"><?=gettext("Redirect target port"); ?></td>
725	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
726	b5c78501	Seth Mos	<select name="localbeginport" class="formselect" onChange="ext_change();check_for_aliases();">
727	6cac9bda	Carlos Eduardo Ramos	<option value="">(<?=gettext("other"); ?>)</option>
728	5b237745	Scott Ullrich	<?php $bfound = 0; foreach ($wkports as $wkport => $wkportdesc): ?>
729			<option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['localbeginport']) {
730	0e6998d1	Scott Ullrich	echo "selected";
731			$bfound = 1;
732			}?>>
733	5b237745	Scott Ullrich	<?=htmlspecialchars($wkportdesc);?>
734			</option>
735			<?php endforeach; ?>
736	e2705d67	Scott Ullrich	</select> <input onChange="check_for_aliases();" autocomplete='off' class="formfldalias" name="localbeginport_cust" id="localbeginport_cust" type="text" size="5" value="<?php if (!$bfound) echo $pconfig['localbeginport']; ?>">
737	5b237745	Scott Ullrich	<br>
738	6cac9bda	Carlos Eduardo Ramos	<span class="vexpl"><?=gettext("Specify the port on the machine with the " .
739			"IP address entered above. In case of a port range, specify " .
740			"the beginning port of the range (the end port will be calculated " .
741	39a3ce91	Carlos Eduardo Ramos	"automatically)."); ?><br>
742	6cac9bda	Carlos Eduardo Ramos	<?=gettext("Hint: this is usually identical to the 'from' port above"); ?></span></td>
743	5b237745	Scott Ullrich	</tr>
744	9ae40f2b	Scott Ullrich	<tr>
745	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
746	9ae40f2b	Scott Ullrich	<td width="78%" class="vtable">
747	b5c78501	Seth Mos	<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>">
748	6cac9bda	Carlos Eduardo Ramos	<br> <span class="vexpl"><?=gettext("You may enter a description here " .
749	39a3ce91	Carlos Eduardo Ramos	"for your reference (not parsed)."); ?></span></td>
750	53ea15e0	Scott Ullrich	</tr>
751	d00055f8	Scott Ullrich	<tr>
752	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync"); ?></td>
753	d00055f8	Scott Ullrich	<td width="78%" class="vtable">
754	ba1a0433	Renato Botelho	<input type="checkbox" value="yes" name="nosync"<?php if($pconfig['nosync']) echo " CHECKED"; ?>><br>
755	6cac9bda	Carlos Eduardo Ramos	<?=gettext("HINT: This prevents the rule from automatically syncing to other CARP members"); ?>.
756	d00055f8	Scott Ullrich	</td>
757	ea0805c1	Scott Ullrich	</tr>
758	15409667	Erik Fonnesbeck	<tr>
759	3a92149b	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td>
760	15409667	Erik Fonnesbeck	<td width="78%" class="vtable">
761			<select name="natreflection" class="formselect">
762	3a92149b	Carlos Eduardo Ramos	<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected"; ?>><?=gettext("use system default"); ?></option>
763			<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected"; ?>><?=gettext("enable"); ?></option>
764			<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected"; ?>><?=gettext("disable"); ?></option>
765	15409667	Erik Fonnesbeck	</select>
766			</td>
767			</tr>
768	b9e28d57	unknown	<?php if (isset($id) && $a_nat[$id] && !isset($_GET['dup'])): ?>
769			<tr>
770	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
771	b9e28d57	unknown	<td width="78%" class="vtable">
772	9b16b834	Ermal Lu?i	<select name="associated-rule-id">
773	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
774	39a3ce91	Carlos Eduardo Ramos	<option value="pass" <?php if($pconfig['associated-rule-id'] == "pass") echo " SELECTED"; ?>><?=gettext("Pass"); ?></option>
775	59ecde49	Renato Botelho	<?php
776	cdf9847b	Ermal Lu?i	$linkedrule = "";
777	9b16b834	Ermal Lu?i	if (is_array($config['filter']['rule'])) {
778	8bb30d23	Erik Fonnesbeck	filter_rules_sort();
779	8ad3503e	Erik Fonnesbeck	foreach ($config['filter']['rule'] as $filter_id => $filter_rule) {
780	9b16b834	Ermal Lu?i	if (isset($filter_rule['associated-rule-id'])) {
781			echo "<option value=\"{$filter_rule['associated-rule-id']}\"";
782	cdf9847b	Ermal Lu?i	if ($filter_rule['associated-rule-id']==$pconfig['associated-rule-id']) {
783	9b16b834	Ermal Lu?i	echo " SELECTED";
784	8ad3503e	Erik Fonnesbeck	$linkedrule = "<br /><a href=\"firewall_rules_edit.php?id={$filter_id}\">" . gettext("View the filter rule") . "</a><br/>";
785	cdf9847b	Ermal Lu?i	}
786	9b16b834	Ermal Lu?i	echo ">". htmlspecialchars('Rule ' . $filter_rule['descr']) . "</option>\n";
787	59ecde49	Renato Botelho
788	9b16b834	Ermal Lu?i	}
789			}
790			}
791			if (isset($pconfig['associated-rule-id']))
792	6cac9bda	Carlos Eduardo Ramos	echo "<option value=\"new\">" . gettext("Create new associated filter rule") . "</option>\n";
793	9b16b834	Ermal Lu?i	echo "</select>\n";
794	cdf9847b	Ermal Lu?i	echo $linkedrule;
795	9b16b834	Ermal Lu?i	?>
796	b9e28d57	unknown	</td>
797			</tr>
798			<?php endif; ?>
799	53ea15e0	Scott Ullrich	<?php if ((!(isset($id) && $a_nat[$id])) \|\| (isset($_GET['dup']))): ?>
800	9ae40f2b	Scott Ullrich	<tr>
801	6cac9bda	Carlos Eduardo Ramos	<td width="22%" valign="top" class="vncell"><?=gettext("Filter rule association"); ?></td>
802	5d2742d5	sullrich	<td width="78%" class="vtable">
803	5335abae	unknown	<select name="filter-rule-association" id="filter-rule-association">
804	6cac9bda	Carlos Eduardo Ramos	<option value=""><?=gettext("None"); ?></option>
805			<option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option>
806			<option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option>
807	3a92149b	Carlos Eduardo Ramos	<option value="pass"><?=gettext("Pass"); ?></option>
808	5335abae	unknown	</select>
809			</td>
810	5b237745	Scott Ullrich	</tr><?php endif; ?>
811	147b90b8	Scott Ullrich	<tr>
812			<td width="22%" valign="top"> </td>
813			<td width="78%"> </td>
814			</tr>
815	9ae40f2b	Scott Ullrich	<tr>
816	5b237745	Scott Ullrich	<td width="22%" valign="top"> </td>
817	9ae40f2b	Scott Ullrich	<td width="78%">
818	6cac9bda	Carlos Eduardo Ramos	<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
819	5b237745	Scott Ullrich	<?php if (isset($id) && $a_nat[$id]): ?>
820	9ae40f2b	Scott Ullrich	<input name="id" type="hidden" value="<?=$id;?>">
821	5b237745	Scott Ullrich	<?php endif; ?>
822			</td>
823			</tr>
824			</table>
825			</form>
826			<script language="JavaScript">
827			<!--
828	4ce8ac00	Erik Kristensen	ext_change();
829	59ecde49	Renato Botelho	dst_change(document.iform.interface.value,'<?=$pconfig['interface']?>','<?=$pconfig['dst']?>');
830	bcbcc2f8	Erik Fonnesbeck	var iface_old = document.iform.interface.value;
831	59ecde49	Renato Botelho	typesel_change();
832			proto_change();
833	5ab8e250	Erik Fonnesbeck	<?php if ($pconfig['srcnot'] \|\| $pconfig['src'] != "any" \|\| $pconfig['srcbeginport'] != "any" \|\| $pconfig['srcendport'] != "any"): ?>
834			show_source();
835			<?php endif; ?>
836	5b237745	Scott Ullrich	//-->
837			</script>
838	9ae40f2b	Scott Ullrich	<?php
839			$isfirst = 0;
840			$aliases = "";
841			$addrisfirst = 0;
842			$aliasesaddr = "";
843	b964717d	Scott Ullrich	if($config['aliases']['alias'] <> "")
844			foreach($config['aliases']['alias'] as $alias_name) {
845	b6867d81	Ermal Lu?i	switch ($alias_name['type']) {
846			case "port":
847			if($isfirst == 1) $portaliases .= ",";
848			$portaliases .= "'" . $alias_name['name'] . "'";
849			$isfirst = 1;
850			break;
851			case "host":
852			case "network":
853			case "openvpn":
854	c7de8be4	jim-p	case "urltable":
855	b6867d81	Ermal Lu?i	if($addrisfirst == 1) $aliasesaddr .= ",";
856			$aliasesaddr .= "'" . $alias_name['name'] . "'";
857			$addrisfirst = 1;
858			break;
859			default:
860			break;
861	b964717d	Scott Ullrich	}
862	9ae40f2b	Scott Ullrich	}
863			?>
864			<script language="JavaScript">
865			<!--
866	4ce8ac00	Erik Kristensen	var addressarray=new Array(<?php echo $aliasesaddr; ?>);
867	b6867d81	Ermal Lu?i	var customarray=new Array(<?php echo $portaliases; ?>);
868	9eb60dcc	Ermal Lu?i
869			var oTextbox1 = new AutoSuggestControl(document.getElementById("localip"), new StateSuggestions(addressarray));
870	59ecde49	Renato Botelho	var oTextbox2 = new AutoSuggestControl(document.getElementById("src"), new StateSuggestions(addressarray));
871			var oTextbox3 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
872			var oTextbox4 = new AutoSuggestControl(document.getElementById("dstbeginport_cust"), new StateSuggestions(customarray));
873			var oTextbox5 = new AutoSuggestControl(document.getElementById("dstendport_cust"), new StateSuggestions(customarray));
874			var oTextbox6 = new AutoSuggestControl(document.getElementById("srcbeginport_cust"), new StateSuggestions(customarray));
875			var oTextbox7 = new AutoSuggestControl(document.getElementById("srcendport_cust"), new StateSuggestions(customarray));
876			var oTextbox8 = new AutoSuggestControl(document.getElementById("localbeginport_cust"), new StateSuggestions(customarray));
877	9ae40f2b	Scott Ullrich	//-->
878			</script>
879	5b237745	Scott Ullrich	<?php include("fend.inc"); ?>
880			</body>
881			</html>

Project

General

Profile

pfSense