} ?> </select> </td> </tr> <tr> <td><?php echo gettext("Address:"); ?> </td> <td> <input <?php echo $edit_disabled; ?> autocomplete='off' name="dst" type="text" class="formfldalias ipv4v6" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) { echo htmlspecialchars($pconfig['dst']); } ?> " /> / <select <?php echo $edit_disabled; ?> name="dstmask" class="formselect ipv4v6" id="dstmask"> <?php for ($i = 127; $i > 0; $i--) { ?> <option value="<?php echo $i; ?>
function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet") { /* Check for valid int, srchost, dsthost, dstport, and proto */ $protocols_with_ports = array('tcp', 'udp'); $src = trim($src, "[]"); $dst = trim($dst, "[]"); if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) { $int = easyrule_find_rule_interface($int); if ($int === false) { return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int); } if (getprotobyname($proto) == -1) { return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto); } if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) { return gettext("Tried to pass invalid source IP:") . ' ' . htmlspecialchars($src); } if (!is_ipaddr($dst) && !is_subnet($dst) && !is_ipaddroralias($dst) && !is_specialnet($dst)) { return gettext("Tried to pass invalid destination IP:") . ' ' . htmlspecialchars($dst); } if (in_array($proto, $protocols_with_ports)) { if (empty($dstport)) { return gettext("Missing destination port:") . ' ' . htmlspecialchars($dstport); } if (!is_port($dstport) && $dstport != "any") { return gettext("Tried to pass invalid destination port:") . ' ' . htmlspecialchars($dstport); } } else { $dstport = 0; } /* Should have valid input... */ if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) { return gettext("Successfully added pass rule!"); } else { return gettext("Failed to add pass rule."); } } else { return gettext("Missing parameters for pass rule."); } return gettext("Unknown pass error."); }
if ($if == "FloatingRules" || isset($pconfig['floating'])) { $section->addInput(new Form_Select('direction', 'Direction', $pconfig['direction'], array('any' => 'any', 'in' => 'in', 'out' => 'out'))); $section->addInput(new Form_Input('floating', 'Floating', 'hidden', 'floating')); } $section->addInput(new Form_Select('ipprotocol', 'TCP/IP Version', $pconfig['ipprotocol'], array('inet' => 'IPv4', 'inet6' => 'IPv6', 'inet46' => 'IPv4+IPv6')))->setHelp('Select the Internet Protocol version this rule applies to'); $section->addInput(new Form_Select('proto', 'Protocol', $pconfig['proto'], array('tcp' => 'TCP', 'udp' => 'UDP', 'tcp/udp' => 'TCP/UDP', 'icmp' => 'ICMP', 'esp' => 'ESP', 'ah' => 'AH', 'gre' => 'GRE', 'ipv6' => 'IPV6', 'igmp' => 'IGMP', 'pim' => 'PIM', 'ospf' => 'OSPF', 'sctp' => 'SCTP', 'any' => 'any', 'carp' => 'CARP', 'pfsync' => 'PFSYNC')))->setHelp('Choose which IP protocol this rule should match.'); $section->addInput(new Form_Select('icmptype', 'ICMP type', $pconfig['icmptype'], $icmptypes))->setHelp('If you selected ICMP for the protocol above, you may specify an ICMP type here.'); $section->addInput(new Form_Select('icmp6type', 'ICMPv6 type', $pconfig['icmptype'], $icmp6types))->setHelp('If you selected ICMP for the protocol above, you may specify an ICMP type here.'); $form->add($section); // Source and destination share a lot of logic. Loop over the two foreach (['src' => 'Source', 'dst' => 'Destination'] as $type => $name) { $section = new Form_Section($name); $group = new Form_Group($name); $group->add(new Form_Checkbox($type . 'not', $name . ' not', 'Invert match.', $pconfig[$type . 'not']))->setWidth(2); $ruleType = $pconfig[$type]; if (is_specialnet($pconfig[$type])) { $ruleType = 'network'; } elseif (is_ipaddrv6($pconfig[$type]) && $pconfig[$type . 'mask'] == 128 || is_ipaddrv4($pconfig[$type]) && $pconfig[$type . 'mask'] == 32 || is_alias($pconfig[$type])) { $ruleType = 'single'; } $ruleValues = array('any' => 'any', 'single' => 'Single host or alias', 'network' => 'Network'); if (isset($a_filter[$id]['floating']) || $if == "FloatingRules") { $ruleValues['(self)'] = 'This Firewall (self)'; } if (have_ruleint_access("pppoe")) { $ruleValues['pppoe'] = 'PPPoE clients'; } if (have_ruleint_access("l2tp")) { $ruleValues['l2tp'] = 'L2TP clients'; } foreach ($ifdisp as $ifent => $ifdesc) {
echo $ifdesc; ?> </option> <?php } ?> </optgroup> </select> </td> </tr> <tr> <td> <div class="input-group"> <!-- updates to "other" option in src --> <input type="text" for="dst" value="<?php echo !is_specialnet($pconfig['dst']) ? $pconfig['dst'] : ""; ?> " aria-label="<?php echo gettext("Destination address"); ?> "/> <select name="dstmask" class="selectpicker" data-size="5" id="dstmask" data-width="auto" for="dst" > <?php for ($i = 32; $i > 0; $i--) { ?> <option value="<?php echo $i; ?> " <?php echo $i == $pconfig['dstmask'] ? "selected=\"selected\"" : ""; ?>
if ($pconfig['localnet'] == "lan") { echo "selected"; } ?> > LAN subnet</option> </select></td> </tr> <tr> <td>Adres: </td> <td><?php echo $mandfldhtmlspc; ?> </td> <td><input name="localnet" type="text" class="formfld" id="localnet" size="20" value="<?php if (!is_specialnet($pconfig['localnet'])) { echo htmlspecialchars($pconfig['localnet']); } ?> "> / <select name="localnetmask" class="formfld" id="localnetmask"> <?php for ($i = 31; $i >= 0; $i--) { ?> <option value="<?php echo $i; ?> " <?php if ($i == $pconfig['localnetmask']) { echo "selected";
echo gettext("Destination"); ?> </td> <td> <table class="table table-condensed"> <tr> <td> <select <?php echo !empty($pconfig['associated-rule-id']) ? "disabled" : ""; ?> name="dst" id="dst" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <option data-other=true value="<?php echo $pconfig['dst']; ?> " <?php echo !is_specialnet($pconfig['dst']) ? "selected=\"selected\"" : ""; ?> ><?php echo gettext("Single host or Network"); ?> </option> <optgroup label="<?php echo gettext("Aliases"); ?> "> <?php foreach (legacy_list_aliases("network") as $alias) { ?> <option value="<?php echo $alias['name']; ?>
function dsttype_selected() { global $pconfig, $config; $selected = ""; if (is_array($config['virtualip']['vip'])) { $selected = $pconfig['dst']; } else { $sel = is_specialnet($pconfig['dst']); if (!$sel) { if ($pconfig['dstmask'] == 32) { $selected = 'single'; } else { $selected = 'network'; } } else { $selected = $pconfig['dst']; } } return $selected; }
function dsttype_selected() { global $pconfig; $sel = is_specialnet($pconfig['dst']); if (empty($pconfig['dst'] || $pconfig['dst'] == "any")) { return 'any'; } if (!$sel) { if ($pconfig['dstmask'] == 32) { return 'single'; } return 'network'; } return $pconfig['dst']; }
function srctype_selected() { global $pconfig; $sel = is_specialnet($pconfig['src']); if (!$sel) { if ($pconfig['srcmask'] == 32) { return 'single'; } return 'network'; } return $pconfig['src']; }
$portlist = array("" => gettext('Other'), 'any' => gettext('Any')); foreach ($wkports as $wkport => $wkportdesc) { $portlist[$wkport] = $wkportdesc; } $group = new Form_Group('Source port range'); $group->addClass('srcportrange'); $group->add(new Form_Select('srcbeginport', null, $pconfig['srcbeginport'], $portlist))->setHelp('From port'); $group->add(new Form_Input('srcbeginport_cust', null, 'text', $pconfig['srcbeginport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom'); $group->add(new Form_Select('srcendport', null, $pconfig['srcendport'], $portlist))->setHelp('To port'); $group->add(new Form_Input('srcendport_cust', null, 'text', $pconfig['srcendport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom'); $group->setHelp('Specify the source port or port range for this rule. This is usually random and almost never ' . 'equal to the destination port range (and should usually be \'any\'). The \'to\' field ' . 'may be left empty if only filtering a single port.'); $section->add($group); $group = new Form_Group('Destination'); $group->add(new Form_Checkbox('dstnot', 'Destination not', 'Invert match.', $pconfig['dstnot']))->setWidth(2); $group->add(new Form_Select('dsttype', null, dsttype_selected(), build_dsttype_list()))->setHelp('Type'); $group->add(new Form_IpAddress('dst', null, is_specialnet($pconfig['dst']) ? '' : $pconfig['dst']))->setPattern('[.a-zA-Z0-9_:]+')->addMask('dstmask', $pconfig['dstmask'], 31)->setHelp('Address/mask'); $section->add($group); $group = new Form_Group('Destination port range'); $group->addClass('dstportrange'); $group->add(new Form_Select('dstbeginport', null, $pconfig['dstbeginport'], $portlist))->setHelp('From port'); $group->add(new Form_Input('dstbeginport_cust', null, 'text', $pconfig['dstbeginport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom'); $group->add(new Form_Select('dstendport', null, $pconfig['dstendport'], $portlist))->setHelp('To port'); $group->add(new Form_Input('dstendport_cust', null, 'text', $pconfig['dstendport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom'); $group->setHelp('Specify the port or port range for the destination of the packet for this mapping. ' . 'The \'to\' field may be left empty if only mapping a single port. '); $section->add($group); $section->addInput(new Form_IpAddress('localip', 'Redirect target IP', $pconfig['localip']))->setPattern('[.a-zA-Z0-9_:]+')->setHelp('Enter the internal IP address of the server on which to map the ports.' . '<br />' . 'e.g.: 192.168.1.12'); $group = new Form_Group('Redirect target port'); $group->addClass('lclportrange'); $group->add(new Form_Select('localbeginport', null, $pconfig['localbeginport'], array('' => 'Other') + $wkports))->setHelp('Port'); $group->setHelp('Specify the port on the machine with the IP address entered above. In case of a port range, specify the ' . 'beginning port of the range (the end port will be calculated automatically).' . '<br />' . 'This is usually identical to the "From port" above.'); $group->add(new Form_Input('localbeginport_cust', null, 'text', $pconfig['localbeginport']))->setPattern('[a-zA-Z0-9_]+')->setHelp('Custom');