if ($_POST['mode'] == "advanced" && ($mode == "automatic" || $mode == "hybrid")) { /* * user has enabled advanced outbound NAT and doesn't have rules * lets automatically create entries * for all of the interfaces to make life easier on the pip-o-chap */ if (empty($GatewaysList)) { filter_generate_gateways(); } $tonathosts = filter_nat_rules_automatic_tonathosts(true); $automatic_rules = filter_nat_rules_outbound_automatic(""); foreach ($tonathosts as $tonathost) { foreach ($automatic_rules as $natent) { $natent['source']['network'] = $tonathost['subnet']; $natent['descr'] .= sprintf(gettext(' - %1$s to %2$s'), $tonathost['descr'], convert_real_interface_to_friendly_descr($natent['interface'])); $natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch")); /* Try to detect already auto created rules and avoid duplicate them */ $found = false; foreach ($a_out as $rule) { if ($rule['interface'] == $natent['interface'] && $rule['source']['network'] == $natent['source']['network'] && $rule['dstport'] == $natent['dstport'] && $rule['target'] == $natent['target'] && $rule['descr'] == $natent['descr']) { $found = true; break; } } if ($found === false) { $a_out[] = $natent; } } } $savemsg = gettext("Default rules for each interface have been created."); unset($GatewaysList);
} } $filterent['source'] = $a_filter[$id]['source']; $filterent['destination'] = $a_filter[$id]['destination']; $filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id']; } if (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])) { $filterent['created'] = $a_filter[$id]['created']; } $filterent['updated'] = make_config_revision_entry(); // Allow extending of the firewall edit page and include custom input validation pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config"); if (isset($id) && $a_filter[$id]) { $a_filter[$id] = $filterent; } else { $filterent['created'] = make_config_revision_entry(); if (is_numeric($after)) { array_splice($a_filter, $after + 1, 0, array($filterent)); } else { $a_filter[] = $filterent; } } filter_rules_sort(); if (write_config()) { mark_subsystem_dirty('filter'); } if (isset($_POST['floating'])) { header("Location: firewall_rules.php?if=FloatingRules"); } else { header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface'])); }
function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipproto) { global $config; /* No rules, start a new array */ if (!is_array($config['filter']['rule'])) { $config['filter']['rule'] = array(); } filter_rules_sort(); $a_filter =& $config['filter']['rule']; /* Make up a new rule */ $filterent = array(); $filterent['type'] = 'pass'; $filterent['interface'] = $int; $filterent['ipprotocol'] = $ipproto; $filterent['descr'] = gettext("Easy Rule: Passed from Firewall Log View"); if ($proto != "any") { $filterent['protocol'] = $proto; } else { unset($filterent['protocol']); } /* Default to only allow echo requests, since that's what most people want and * it should be a safe choice. */ if ($proto == "icmp") { $filterent['icmptype'] = 'echoreq'; } if (strtolower($proto) == "icmp6" || strtolower($proto) == "icmpv6") { $filterent['protocol'] = "icmp"; } if (is_subnet($srchost)) { list($srchost, $srcmask) = explode("/", $srchost); } elseif (is_specialnet($srchost)) { $srcmask = 0; } elseif (is_ipaddrv6($srchost)) { $srcmask = 128; } else { $srcmask = 32; } if (is_subnet($dsthost)) { list($dsthost, $dstmask) = explode("/", $dsthost); } elseif (is_specialnet($dsthost)) { $dstmask = 0; } elseif (is_ipaddrv6($dsthost)) { $dstmask = 128; } else { $dstmask = 32; } pconfig_to_address($filterent['source'], $srchost, $srcmask); pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport); $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule")); $a_filter[] = $filterent; write_config($filterent['descr']); $retval = filter_configure(); return true; }