function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet")
{
/* Check for valid int, srchost, dsthost, dstport, and proto */
$protocols_with_ports = array('tcp', 'udp');
$src = trim($src, "[]");
$dst = trim($dst, "[]");
if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) {
$int = easyrule_find_rule_interface($int);
if ($int === false) {
return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int);
}
if (getprotobyname($proto) == -1) {
return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto);
}
if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) {
return gettext("Tried to pass invalid source IP:") . ' ' . htmlspecialchars($src);
}
if (!is_ipaddr($dst) && !is_subnet($dst) && !is_ipaddroralias($dst) && !is_specialnet($dst)) {
return gettext("Tried to pass invalid destination IP:") . ' ' . htmlspecialchars($dst);
}
if (in_array($proto, $protocols_with_ports)) {
if (empty($dstport)) {
return gettext("Missing destination port:") . ' ' . htmlspecialchars($dstport);
}
if (!is_port($dstport) && $dstport != "any") {
return gettext("Tried to pass invalid destination port:") . ' ' . htmlspecialchars($dstport);
}
} else {
$dstport = 0;
}
/* Should have valid input... */
if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) {
return gettext("Successfully added pass rule!");
} else {
return gettext("Failed to add pass rule.");
}
} else {
return gettext("Missing parameters for pass rule.");
}
return gettext("Unknown pass error.");
}
}
if ($_POST['dsttype'] == "network") {
if (is_alias($_POST['dst'])) {
$input_errors[] = gettext("You must specify single host or alias for alias entries.");
}
}
if (!is_specialnet($_POST['srctype'])) {
if ($_POST['src'] && !is_ipaddroralias($_POST['src'])) {
$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']);
}
if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
}
}
if (!is_specialnet($_POST['dsttype'])) {
if ($_POST['dst'] && !is_ipaddroralias($_POST['dst'])) {
$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
}
if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) {
$input_errors[] = gettext("A valid destination bit count must be specified.");
}
}
if (is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst'])) {
if (!validate_address_family($_POST['src'], $_POST['dst'])) {
$input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']);
}
if ((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && $_POST['ipprotocol'] == "inet") {
$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
}
if ((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && $_POST['ipprotocol'] == "inet6") {
$input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
if ($protocol_uses_ports && $_POST['dstport'] != "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) {
$input_errors[] = gettext("A valid port or port alias must be supplied for the destination port entry.");
}
if ($protocol_uses_ports && $_POST['natport'] != "" && !(is_portoralias($_POST['natport']) || is_portrange($_POST['natport'])) && !isset($_POST['nonat'])) {
$input_errors[] = gettext("A valid port must be supplied for the NAT port entry.");
}
if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") {
if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") {
$input_errors[] = gettext("A valid source must be specified.");
}
}
if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
}
if ($_POST['destination_type'] != "any") {
if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) {
$input_errors[] = gettext("A valid destination must be specified.");
}
}
if ($_POST['destination_subnet'] && !is_numericint($_POST['destination_subnet'])) {
$input_errors[] = gettext("A valid destination bit count must be specified.");
}
if ($_POST['destination_type'] == "any") {
if ($_POST['destination_not']) {
$input_errors[] = gettext("Negating destination address of \"any\" is invalid.");
}
}
if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) {
$input_errors[] = gettext("A valid target IP address must be specified.");
}
if ($_POST['target'] == "other-subnet") {
$reqdfieldsn = array(gettext("IP Address"), gettext("Name"), gettext("Relay Protocol"));
break;
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) {
if ($_POST['name'] == $config['load_balancer']['virtual_server'][$i]['name'] && $i != $id) {
$input_errors[] = gettext("This virtual server name has already been used. Virtual server names must be unique.");
}
}
if (preg_match('/[ \\/]/', $_POST['name'])) {
$input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field.");
}
if ($_POST['port'] != "" && !is_portoralias($_POST['port'])) {
$input_errors[] = gettext("The port must be an integer between 1 and 65535, a port alias, or left blank.");
}
if (!is_ipaddroralias($_POST['ipaddr']) && !is_subnetv4($_POST['ipaddr'])) {
$input_errors[] = sprintf(gettext("%s is not a valid IP address, IPv4 subnet, or alias."), $_POST['ipaddr']);
} else {
if (is_subnetv4($_POST['ipaddr']) && subnet_size($_POST['ipaddr']) > 64) {
$input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses."), $_POST['ipaddr']);
}
}
if (strtolower($_POST['relay_protocol']) == "dns" && !empty($_POST['sitedown'])) {
$input_errors[] = gettext("You cannot select a Fall Back Pool when using the DNS relay protocol.");
}
if (!$input_errors) {
$vsent = array();
if (isset($id) && $a_vs[$id]) {
$vsent = $a_vs[$id];
}
if ($vsent['name'] != "") {
$reqdfields = explode(" ", "interface external src dst");
$reqdfieldsn = array(gettext("Interface"), gettext("External subnet"), gettext("Source address"), gettext("Destination address"));
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
/* For external, user can enter only ip's */
if (!empty($pconfig['external']) && !is_ipaddr($_POST['external'])) {
$input_errors[] = gettext("A valid external subnet must be specified.");
}
/* For src, user can enter only ip's or networks */
if (!is_specialnet($pconfig['src']) && !is_ipaddroralias($pconfig['src'])) {
$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']);
}
if (!empty($pconfig['srcmask']) && !is_numericint($pconfig['srcmask'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
}
/* For dst, user can enter ip's, networks or aliases */
if (!is_specialnet($pconfig['dst']) && !is_ipaddroralias($pconfig['dst'])) {
$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']);
}
if (!empty($pconfig['dstmask']) && !is_numericint($pconfig['dstmask'])) {
$input_errors[] = gettext("A valid destination bit count must be specified.");
}
if (count($input_errors) == 0) {
$natent = array();
// 1-on-1 copy
$natent['external'] = $pconfig['external'];
$natent['descr'] = $pconfig['descr'];
$natent['interface'] = $pconfig['interface'];
// copy form data with some kind of logic in it
$natent['disabled'] = isset($_POST['disabled']) ? true : false;
pconfig_to_address($natent['source'], $pconfig['src'], $pconfig['srcmask'], !empty($pconfig['srcnot']));
pconfig_to_address($natent['destination'], $pconfig['dst'], $pconfig['dstmask'], !empty($pconfig['dstnot']));
if ((is_alias($pconfig['srcbeginport']) || is_alias($pconfig['srcendport'])) && $pconfig['srcbeginport'] != $pconfig['srcendport']) {
$input_errors[] = gettext('When selecting aliases for source ports, both from and to fields must be the same');
}
if ((is_alias($pconfig['dstbeginport']) || is_alias($pconfig['dstendport'])) && $pconfig['dstbeginport'] != $pconfig['dstendport']) {
$input_errors[] = gettext('When selecting aliases for destination ports, both from and to fields must be the same');
}
if (!is_specialnet($pconfig['src'])) {
if (!is_ipaddroralias($pconfig['src'])) {
$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']);
}
if (!is_numericint($pconfig['srcmask'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
}
}
if (!is_specialnet($pconfig['dst'])) {
if (!is_ipaddroralias($pconfig['dst'])) {
$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']);
}
if (!is_numericint($pconfig['dstmask'])) {
$input_errors[] = gettext("A valid destination bit count must be specified.");
}
}
if (is_ipaddr($pconfig['src']) && is_ipaddr($pconfig['dst'])) {
if (!validate_address_family($pconfig['src'], $pconfig['dst'])) {
$input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $pconfig['src'], $pconfig['dst']);
}
if ((is_ipaddrv6($pconfig['src']) || is_ipaddrv6($pconfig['dst'])) && $pconfig['ipprotocol'] == "inet") {
$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
}
if ((is_ipaddrv4($pconfig['src']) || is_ipaddrv4($pconfig['dst'])) && $pconfig['ipprotocol'] == "inet6") {
$input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
$input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry.");
}
if (!empty($pconfig['dstport']) && !is_portoralias($pconfig['dstport'])) {
$input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry.");
}
if (!empty($pconfig['natport']) && !is_port($pconfig['natport']) && empty($pconfig['nonat'])) {
$input_errors[] = gettext("You must supply a valid port for the NAT port entry.");
}
}
if (!(in_array($pconfig['source'], array("any", "(self)")) || is_ipaddroralias($pconfig['source']))) {
$input_errors[] = gettext("A valid source must be specified.");
}
if (!empty($pconfig['source_subnet']) && !is_numericint($pconfig['source_subnet'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
}
if (!(in_array($pconfig['destination'], array("any", "(self)")) || is_ipaddroralias($pconfig['destination']))) {
$input_errors[] = gettext("A valid destination must be specified.");
}
if (!empty($pconfig['destination_subnet']) && !is_numericint($pconfig['destination_subnet'])) {
$input_errors[] = gettext("A valid destination bit count must be specified.");
}
if ($pconfig['destination'] == "any" && !empty($pconfig['destination_not'])) {
$input_errors[] = gettext("Negating destination address of \"any\" is invalid.");
}
if (!empty($pconfig['targetip']) && !is_ipaddr($pconfig['targetip']) && !is_subnet($pconfig['targetip']) && !is_alias($pconfig['targetip']) && empty($pconfig['nonat'])) {
$input_errors[] = gettext("A valid target IP address must be specified.");
}
/* Verify Pool Options */
if (!empty($pconfig['targetip']) && !is_alias($pconfig['targetip']) && substr($pconfig['poolopts'], 0, 11) == "round-robin") {
$input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias.");
}
}
}
if (!preg_match("/.{2,}/", $acl_name)) {
$input_errors[] = "The field 'Name' is required with at least 2 characters.";
}
}
foreach ($a_extaddr as $extaddr) {
$ports = explode(",", $extaddr['extaddr_port']);
foreach ($ports as $port) {
if ($port && !is_numeric($port) && !is_portoralias($port)) {
$input_errors[] = "The field 'Port' value '" . htmlspecialchars($port) . "' is not a number or alias thereof.";
}
}
if ($extaddr['extaddr'] == 'custom') {
$extaddr_custom = $extaddr['extaddr_custom'];
if (empty($extaddr_custom) || !is_ipaddroralias($extaddr_custom)) {
$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $extaddr_custom);
}
}
}
if (!$input_errors) {
$backend = array();
if (isset($id) && $a_backend[$id]) {
$backend = $a_backend[$id];
}
if ($backend['name'] != "") {
$changedesc .= " modified '{$backend['name']}' pool:";
}
// update references to this primary frontend
if ($backend['name'] != $_POST['name']) {
foreach ($a_backend as &$frontend) {
$reqdfields = explode(" ", "interface proto localip");
$reqdfieldsn = explode(",", "Interface,Protocol,NAT IP");
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
if ($_POST['localip'] && !is_ipaddroralias($_POST['localip'])) {
$input_errors[] = "\"{$_POST['localip']}\" geçerli bir NAT IP adresi vey ahost alias değildir.";
}
/* only validate the ports if the protocol is TCP, UDP or TCP/UDP */
if (strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") {
if ($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport'])) {
$input_errors[] = "Başlangıç portu 1 ile 65535 arasında bir tamsayı olmalıdır.";
}
if ($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport'])) {
$input_errors[] = "Bitiş portu 1 ile 65535 arasında bir değer olmalıdır.";
}
if ($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport'])) {
$input_errors[] = "Yerel port tamsayı ve 1 ile 65535 arasında bir değer olmalıdır.";
}
if ($_POST['beginport'] > $_POST['endport']) {
/* swap */
$tmp = $_POST['endport'];
$_POST['endport'] = $_POST['beginport'];
$_POST['beginport'] = $tmp;
}
if (!$input_errors) {
if ($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport'] > 65535) {
$input_errors[] = "Hedef port 1 ile 65535 arasında bir değer olmalıdır.";
}
}
}
/* check for overlaps */
