}
?>
</select>
</td>
</tr>
<tr>
<td><?php
echo gettext("Address:");
?>
</td>
<td>
<input <?php
echo $edit_disabled;
?>
autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php
if (!is_specialnet($pconfig['dst'])) {
echo htmlspecialchars($pconfig['dst']);
}
?>
" />
/
<select <?php
echo $edit_disabled;
?>
name="dstmask" class="formselect ipv4v6" id="dstmask">
<?php
for ($i = 127; $i > 0; $i--) {
?>
<option value="<?php
echo $i;
?>
function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet")
{
/* Check for valid int, srchost, dsthost, dstport, and proto */
$protocols_with_ports = array('tcp', 'udp');
$src = trim($src, "[]");
$dst = trim($dst, "[]");
if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) {
$int = easyrule_find_rule_interface($int);
if ($int === false) {
return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int);
}
if (getprotobyname($proto) == -1) {
return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto);
}
if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) {
return gettext("Tried to pass invalid source IP:") . ' ' . htmlspecialchars($src);
}
if (!is_ipaddr($dst) && !is_subnet($dst) && !is_ipaddroralias($dst) && !is_specialnet($dst)) {
return gettext("Tried to pass invalid destination IP:") . ' ' . htmlspecialchars($dst);
}
if (in_array($proto, $protocols_with_ports)) {
if (empty($dstport)) {
return gettext("Missing destination port:") . ' ' . htmlspecialchars($dstport);
}
if (!is_port($dstport) && $dstport != "any") {
return gettext("Tried to pass invalid destination port:") . ' ' . htmlspecialchars($dstport);
}
} else {
$dstport = 0;
}
/* Should have valid input... */
if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) {
return gettext("Successfully added pass rule!");
} else {
return gettext("Failed to add pass rule.");
}
} else {
return gettext("Missing parameters for pass rule.");
}
return gettext("Unknown pass error.");
}
if ($if == "FloatingRules" || isset($pconfig['floating'])) {
$section->addInput(new Form_Select('direction', 'Direction', $pconfig['direction'], array('any' => 'any', 'in' => 'in', 'out' => 'out')));
$section->addInput(new Form_Input('floating', 'Floating', 'hidden', 'floating'));
}
$section->addInput(new Form_Select('ipprotocol', 'TCP/IP Version', $pconfig['ipprotocol'], array('inet' => 'IPv4', 'inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6')))->setHelp('Select the Internet Protocol version this rule applies to');
$section->addInput(new Form_Select('proto', 'Protocol', $pconfig['proto'], array('tcp' => 'TCP', 'udp' => 'UDP', 'tcp/udp' => 'TCP/UDP', 'icmp' => 'ICMP', 'esp' => 'ESP', 'ah' => 'AH', 'gre' => 'GRE', 'ipv6' => 'IPV6', 'igmp' => 'IGMP', 'pim' => 'PIM', 'ospf' => 'OSPF', 'sctp' => 'SCTP', 'any' => 'any', 'carp' => 'CARP', 'pfsync' => 'PFSYNC')))->setHelp('Choose which IP protocol this rule should match.');
$section->addInput(new Form_Select('icmptype', 'ICMP type', $pconfig['icmptype'], $icmptypes))->setHelp('If you selected ICMP for the protocol above, you may specify an ICMP type here.');
$section->addInput(new Form_Select('icmp6type', 'ICMPv6 type', $pconfig['icmptype'], $icmp6types))->setHelp('If you selected ICMP for the protocol above, you may specify an ICMP type here.');
$form->add($section);
// Source and destination share a lot of logic. Loop over the two
foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) {
$section = new Form_Section($name);
$group = new Form_Group($name);
$group->add(new Form_Checkbox($type . 'not', $name . ' not', 'Invert match.', $pconfig[$type . 'not']))->setWidth(2);
$ruleType = $pconfig[$type];
if (is_specialnet($pconfig[$type])) {
$ruleType = 'network';
} elseif (is_ipaddrv6($pconfig[$type]) && $pconfig[$type . 'mask'] == 128 || is_ipaddrv4($pconfig[$type]) && $pconfig[$type . 'mask'] == 32 || is_alias($pconfig[$type])) {
$ruleType = 'single';
}
$ruleValues = array('any' => 'any', 'single' => 'Single host or alias', 'network' => 'Network');
if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") {
$ruleValues['(self)'] = 'This Firewall (self)';
}
if (have_ruleint_access("pppoe")) {
$ruleValues['pppoe'] = 'PPPoE clients';
}
if (have_ruleint_access("l2tp")) {
$ruleValues['l2tp'] = 'L2TP clients';
}
foreach ($ifdisp as $ifent => $ifdesc) {
echo $ifdesc;
?>
</option>
<?php
}
?>
</optgroup>
</select>
</td>
</tr>
<tr>
<td>
<div class="input-group">
<!-- updates to "other" option in src -->
<input type="text" for="dst" value="<?php
echo !is_specialnet($pconfig['dst']) ? $pconfig['dst'] : "";
?>
" aria-label="<?php
echo gettext("Destination address");
?>
"/>
<select name="dstmask" class="selectpicker" data-size="5" id="dstmask" data-width="auto" for="dst" >
<?php
for ($i = 32; $i > 0; $i--) {
?>
<option value="<?php
echo $i;
?>
" <?php
echo $i == $pconfig['dstmask'] ? "selected=\"selected\"" : "";
?>
if ($pconfig['localnet'] == "lan") {
echo "selected";
}
?>
>
LAN subnet</option>
</select></td>
</tr>
<tr>
<td>Adres: </td>
<td><?php
echo $mandfldhtmlspc;
?>
</td>
<td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php
if (!is_specialnet($pconfig['localnet'])) {
echo htmlspecialchars($pconfig['localnet']);
}
?>
">
/
<select name="localnetmask" class="formfld" id="localnetmask">
<?php
for ($i = 31; $i >= 0; $i--) {
?>
<option value="<?php
echo $i;
?>
" <?php
if ($i == $pconfig['localnetmask']) {
echo "selected";
echo gettext("Destination");
?>
</td>
<td>
<table class="table table-condensed">
<tr>
<td>
<select <?php
echo !empty($pconfig['associated-rule-id']) ? "disabled" : "";
?>
name="dst" id="dst" class="selectpicker" data-live-search="true" data-size="5" data-width="auto">
<option data-other=true value="<?php
echo $pconfig['dst'];
?>
" <?php
echo !is_specialnet($pconfig['dst']) ? "selected=\"selected\"" : "";
?>
><?php
echo gettext("Single host or Network");
?>
</option>
<optgroup label="<?php
echo gettext("Aliases");
?>
">
<?php
foreach (legacy_list_aliases("network") as $alias) {
?>
<option value="<?php
echo $alias['name'];
?>
function dsttype_selected()
{
global $pconfig, $config;
$selected = "";
if (is_array($config['virtualip']['vip'])) {
$selected = $pconfig['dst'];
} else {
$sel = is_specialnet($pconfig['dst']);
if (!$sel) {
if ($pconfig['dstmask'] == 32) {
$selected = 'single';
} else {
$selected = 'network';
}
} else {
$selected = $pconfig['dst'];
}
}
return $selected;
}
function dsttype_selected()
{
global $pconfig;
$sel = is_specialnet($pconfig['dst']);
if (empty($pconfig['dst'] || $pconfig['dst'] == "any")) {
return 'any';
}
if (!$sel) {
if ($pconfig['dstmask'] == 32) {
return 'single';
}
return 'network';
}
return $pconfig['dst'];
}
function srctype_selected()
{
global $pconfig;
$sel = is_specialnet($pconfig['src']);
if (!$sel) {
if ($pconfig['srcmask'] == 32) {
return 'single';
}
return 'network';
}
return $pconfig['src'];
}
$portlist = array("" => gettext('Other'), 'any' => gettext('Any'));
foreach ($wkports as $wkport => $wkportdesc) {
$portlist[$wkport] = $wkportdesc;
}
$group = new Form_Group('Source port range');
$group->addClass('srcportrange');
$group->add(new Form_Select('srcbeginport', null, $pconfig['srcbeginport'], $portlist))->setHelp('From port');
$group->add(new Form_Input('srcbeginport_cust', null, 'text', $pconfig['srcbeginport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom');
$group->add(new Form_Select('srcendport', null, $pconfig['srcendport'], $portlist))->setHelp('To port');
$group->add(new Form_Input('srcendport_cust', null, 'text', $pconfig['srcendport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom');
$group->setHelp('Specify the source port or port range for this rule. This is usually random and almost never ' . 'equal to the destination port range (and should usually be \'any\'). The \'to\' field ' . 'may be left empty if only filtering a single port.');
$section->add($group);
$group = new Form_Group('Destination');
$group->add(new Form_Checkbox('dstnot', 'Destination not', 'Invert match.', $pconfig['dstnot']))->setWidth(2);
$group->add(new Form_Select('dsttype', null, dsttype_selected(), build_dsttype_list()))->setHelp('Type');
$group->add(new Form_IpAddress('dst', null, is_specialnet($pconfig['dst']) ? '' : $pconfig['dst']))->setPattern('[.a-zA-Z0-9_:]+')->addMask('dstmask', $pconfig['dstmask'], 31)->setHelp('Address/mask');
$section->add($group);
$group = new Form_Group('Destination port range');
$group->addClass('dstportrange');
$group->add(new Form_Select('dstbeginport', null, $pconfig['dstbeginport'], $portlist))->setHelp('From port');
$group->add(new Form_Input('dstbeginport_cust', null, 'text', $pconfig['dstbeginport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom');
$group->add(new Form_Select('dstendport', null, $pconfig['dstendport'], $portlist))->setHelp('To port');
$group->add(new Form_Input('dstendport_cust', null, 'text', $pconfig['dstendport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom');
$group->setHelp('Specify the port or port range for the destination of the packet for this mapping. ' . 'The \'to\' field may be left empty if only mapping a single port. ');
$section->add($group);
$section->addInput(new Form_IpAddress('localip', 'Redirect target IP', $pconfig['localip']))->setPattern('[.a-zA-Z0-9_:]+')->setHelp('Enter the internal IP address of the server on which to map the ports.' . '<br />' . 'e.g.: 192.168.1.12');
$group = new Form_Group('Redirect target port');
$group->addClass('lclportrange');
$group->add(new Form_Select('localbeginport', null, $pconfig['localbeginport'], array('' => 'Other') + $wkports))->setHelp('Port');
$group->setHelp('Specify the port on the machine with the IP address entered above. In case of a port range, specify the ' . 'beginning port of the range (the end port will be calculated automatically).' . '<br />' . 'This is usually identical to the "From port" above.');
$group->add(new Form_Input('localbeginport_cust', null, 'text', $pconfig['localbeginport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom');
