$pconfig['tunnel-remote-addr'] = $a_gifs[$id]['tunnel-remote-addr']; $pconfig['link1'] = isset($a_gifs[$id]['link1']); $pconfig['link0'] = isset($a_gifs[$id]['link0']); $pconfig['descr'] = $a_gifs[$id]['descr']; } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "if remote-addr tunnel-local-addr tunnel-remote-addr tunnel-remote-net"); $reqdfieldsn = array(gettext("Parent interface"), gettext("gif remote address"), gettext("gif tunnel local address"), gettext("gif tunnel remote address"), gettext("gif tunnel remote netmask")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (!is_ipaddr($_POST['tunnel-local-addr']) || !is_ipaddr($_POST['tunnel-remote-addr']) || !is_ipaddr($_POST['remote-addr'])) { $input_errors[] = gettext("The tunnel local and tunnel remote fields must have valid IP addresses."); } if (!is_numericint($_POST['tunnel-remote-net'])) { $input_errors[] = gettext("The gif tunnel subnet must be an integer."); } if (is_ipaddrv4($_POST['tunnel-local-addr'])) { if (!is_ipaddrv4($_POST['tunnel-remote-addr'])) { $input_errors[] = gettext("The gif tunnel remote address must be IPv4 where tunnel local address is IPv4."); } if ($_POST['tunnel-remote-net'] > 32 || $_POST['tunnel-remote-net'] < 1) { $input_errors[] = gettext("The gif tunnel subnet must be an integer between 1 and 32."); } } if (is_ipaddrv6($_POST['tunnel-local-addr'])) { if (!is_ipaddrv6($_POST['tunnel-remote-addr'])) { $input_errors[] = gettext("The gif tunnel remote address must be IPv6 where tunnel local address is IPv6."); } if ($_POST['tunnel-remote-net'] > 128 || $_POST['tunnel-remote-net'] < 1) {
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once "guiconfig.inc"; require_once "/usr/local/pkg/snort/snort.inc"; global $g; $snortdir = SNORTDIR; if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; } elseif (isset($_GET['id']) && is_numericint($_GET['id'])) { $id = htmlspecialchars($_GET['id']); } if (isset($_POST['eng_id']) && isset($_POST['eng_id'])) { $eng_id = $_POST['eng_id']; } elseif (isset($_GET['eng_id']) && is_numericint($_GET['eng_id'])) { $eng_id = htmlspecialchars($_GET['eng_id']); } if (is_null($id)) { // Clear and close out any session variable we created session_start(); unset($_SESSION['ftp_client_import']); session_write_close(); header("Location: /snort/snort_interfaces.php"); exit; } if (!is_array($config['installedpackages']['snortglobal']['rule'])) { $config['installedpackages']['snortglobal']['rule'] = array(); } if (!is_array($config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item'])) { $config['installedpackages']['snortglobal']['rule'][$id]['ftp_client_engine']['item'] = array();
$config['dhcpd'][$if]['staticmap'] = array(); } if (!is_array($config['dhcpd'][$if]['pool'])) { $config['dhcpd'][$if]['pool'] = array(); } $a_pools =& $config['dhcpd'][$if]['pool']; $static_arp_enabled = isset($config['dhcpd'][$if]['staticarp']); $netboot_enabled = isset($config['dhcpd'][$if]['netboot']); $a_maps =& $config['dhcpd'][$if]['staticmap']; $ifcfgip = get_interface_ip($if); $ifcfgsn = get_interface_subnet($if); $ifcfgdescr = convert_friendly_interface_to_friendly_descr($if); if (is_numericint($_GET['id'])) { $id = $_GET['id']; } if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; } if (isset($id) && $a_maps[$id]) { $pconfig['mac'] = $a_maps[$id]['mac']; $pconfig['cid'] = $a_maps[$id]['cid']; $pconfig['hostname'] = $a_maps[$id]['hostname']; $pconfig['ipaddr'] = $a_maps[$id]['ipaddr']; $pconfig['filename'] = $a_maps[$id]['filename']; $pconfig['rootpath'] = $a_maps[$id]['rootpath']; $pconfig['descr'] = $a_maps[$id]['descr']; $pconfig['arp_table_static_entry'] = isset($a_maps[$id]['arp_table_static_entry']); $pconfig['deftime'] = $a_maps[$id]['defaultleasetime']; $pconfig['maxtime'] = $a_maps[$id]['maxleasetime']; $pconfig['gateway'] = $a_maps[$id]['gateway']; $pconfig['domain'] = $a_maps[$id]['domain'];
$input_errors[] = gettext("Timeout needs to be an integer."); } if ($_POST['fwdelay'] && !is_numericint($_POST['fwdelay'])) { $input_errors[] = gettext("Forward Delay needs to be an integer between 4 and 30."); } if ($_POST['hellotime'] && !is_numericint($_POST['hellotime'])) { $input_errors[] = gettext("Hello time for STP needs to be an integer between 1 and 2."); } if ($_POST['priority'] && !is_numericint($_POST['priority'])) { $input_errors[] = gettext("Priority for STP needs to be an integer between 0 and 61440."); } if ($_POST['holdcnt'] && !is_numericint($_POST['holdcnt'])) { $input_errors[] = gettext("Transmit Hold Count for STP needs to be an integer between 1 and 10."); } foreach ($ifacelist as $ifn => $ifdescr) { if ($_POST[$ifn] != "" && !is_numericint($_POST[$ifn])) { $input_errors[] = sprintf(gettext("%s interface priority for STP needs to be an integer between 0 and 240."), $ifdescr); } } $i = 0; foreach ($ifacelist as $ifn => $ifdescr) { if ($_POST["{$ifn}{$i}"] != "" && !is_numeric($_POST["{$ifn}{$i}"])) { $input_errors[] = sprintf(gettext("%s interface path cost for STP needs to be an integer between 1 and 200000000."), $ifdescr); } $i++; } if (!is_array($_POST['members']) || count($_POST['members']) < 1) { $input_errors[] = gettext("At least one member interface must be selected for a bridge."); } if (is_array($_POST['static'])) { foreach ($_POST['static'] as $ifstatic) {
if ($_POST['raminrtradvinterval'] < "3") { $input_errors[] = gettext("Minimum advertisement interval must be no less than 3."); } if ($_POST['ramaxrtradvinterval'] && $_POST['raminrtradvinterval'] > 0.75 * $_POST['ramaxrtradvinterval']) { $input_errors[] = gettext("Minimum advertisement interval must be no greater than 0.75 * Maximum advertisement interval"); } } if ($_POST['ramaxrtradvinterval']) { if (!is_numericint($_POST['ramaxrtradvinterval'])) { $input_errors[] = gettext("Maximum advertisement interval must be an integer."); } if ($_POST['ramaxrtradvinterval'] < "4" || $_POST['ramaxrtradvinterval'] > "1800") { $input_errors[] = gettext("Maximum advertisement interval must be no less than 4 and no greater than 1800."); } } if ($_POST['raadvdefaultlifetime'] && !is_numericint($_POST['raadvdefaultlifetime'])) { $input_errors[] = gettext("Router lifetime must be an integer between 1 and 9000."); } if (!$input_errors) { if (!is_array($config['dhcpdv6'][$if])) { $config['dhcpdv6'][$if] = array(); } $config['dhcpdv6'][$if]['ramode'] = $_POST['ramode']; $config['dhcpdv6'][$if]['rapriority'] = $_POST['rapriority']; $config['dhcpdv6'][$if]['rainterface'] = $_POST['rainterface']; $config['dhcpdv6'][$if]['ravalidlifetime'] = $_POST['ravalidlifetime']; $config['dhcpdv6'][$if]['rapreferredlifetime'] = $_POST['rapreferredlifetime']; $config['dhcpdv6'][$if]['raminrtradvinterval'] = $_POST['raminrtradvinterval']; $config['dhcpdv6'][$if]['ramaxrtradvinterval'] = $_POST['ramaxrtradvinterval']; $config['dhcpdv6'][$if]['raadvdefaultlifetime'] = $_POST['raadvdefaultlifetime']; $config['dhcpdv6'][$if]['radomainsearchlist'] = $_POST['radomainsearchlist'];
if ($_POST['udpmultipletimeout'] && !is_numericint($_POST['udpmultipletimeout'])) { $input_errors[] = gettext("The UDP multiple timeout value must be an integer."); } if ($_POST['icmpfirsttimeout'] && !is_numericint($_POST['icmpfirsttimeout'])) { $input_errors[] = gettext("The ICMP first timeout value must be an integer."); } if ($_POST['icmperrortimeout'] && !is_numericint($_POST['icmperrortimeout'])) { $input_errors[] = gettext("The ICMP error timeout value must be an integer."); } if ($_POST['otherfirsttimeout'] && !is_numericint($_POST['otherfirsttimeout'])) { $input_errors[] = gettext("The Other first timeout value must be an integer."); } if ($_POST['othersingletimeout'] && !is_numericint($_POST['othersingletimeout'])) { $input_errors[] = gettext("The Other single timeout value must be an integer."); } if ($_POST['othermultipletimeout'] && !is_numericint($_POST['othermultipletimeout'])) { $input_errors[] = gettext("The Other multiple timeout value must be an integer."); } ob_flush(); flush(); if (!$input_errors) { if ($_POST['disablefilter'] == "yes") { $config['system']['disablefilter'] = "enabled"; } else { unset($config['system']['disablefilter']); } if ($_POST['disablevpnrules'] == "yes") { $config['system']['disablevpnrules'] = true; } else { unset($config['system']['disablevpnrules']); }
if ($_POST['pppoe_resetminute'] != "" && !is_numericint($_POST['pppoe_resetminute']) && $_POST['pppoe_resetminute'] >= 0 && $_POST['pppoe_resetminute'] <= 59) { $input_errors[] = gettext("PPPoE yeniden başlatma dakikası (0-59) arasında olmalıdır."); } if ($_POST['pppoe_resetdate'] != "" && !is_numeric(str_replace("/", "", $_POST['pppoe_resetdate']))) { $input_errors[] = gettext("PPPoE yeniden başlatma tarih değeri (mm/dd/yyyy) bu şekilde tanımlanmalıdır."); } if ($_POST['pptp_local'] && !is_ipaddr($_POST['pptp_local'])) { $input_errors[] = "Geçerli bir PPTP yerel IP adresi tanımlanmalıdır."; } if ($_POST['pptp_subnet'] && !is_numeric($_POST['pptp_subnet'])) { $input_errors[] = "Geçerli bir PPTP subnet bit count tanımlanmalıdır."; } if ($_POST['pptp_remote'] && !is_ipaddr($_POST['pptp_remote'])) { $input_errors[] = "PPTP uzak IP için geçerli bir IP adresi tanımlanmaldır."; } if ($_POST['pptp_idletimeout'] != "" && !is_numericint($_POST['pptp_idletimeout'])) { $input_errors[] = "idle timeout bir tamsayı olmak zorundadır."; } if ($_POST['spoofmac'] && !is_macaddr($_POST['spoofmac'])) { $input_errors[] = "Geçerli bir MAC adresi tanımlanmalıdır."; } if ($_POST['mtu'] && ($_POST['mtu'] < 576 || $_POST['mtu'] > 1500)) { $input_errors[] = "MTU değeri 576 ile 1500 byte arasında olmalıdır."; } /* Wireless interface? */ if (isset($wancfg['wireless'])) { $wi_input_errors = wireless_config_post(); if ($wi_input_errors) { $input_errors = array_merge($input_errors, $wi_input_errors); } }
unset($a_vip[$_GET['id']]); interface_proxyarp_configure($viface); } else { interface_vip_bring_down($a_vip[$_GET['id']]); unset($a_vip[$_GET['id']]); } if (count($config['virtualip']['vip']) == 0) { unset($config['virtualip']['vip']); } write_config(); header("Location: firewall_virtual_ip.php"); exit; } } } else { if ($_GET['changes'] == "mods" && is_numericint($_GET['id'])) { $id = $_GET['id']; } } $pgtitle = array(gettext("Firewall"), gettext("Virtual IP Addresses")); include "head.inc"; $main_buttons = array(array('href' => 'firewall_virtual_ip_edit.php', 'label' => 'Add')); ?> <body> <?php include "fbegin.inc"; ?> <section class="page-content-main"> <div class="container-fluid"> <div class="row">
$reqdfieldsn = array(gettext("Server address"), gettext("Remote start address")); if ($_POST['radiusenable']) { $reqdfields = array_merge($reqdfields, explode(" ", "radiusserver radiussecret")); $reqdfieldsn = array_merge($reqdfieldsn, array(gettext("RADIUS server address"), gettext("RADIUS shared secret"))); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) { $input_errors[] = gettext("A valid server address must be specified."); } if ($_POST['remoteip'] && !is_ipaddr($_POST['remoteip'])) { $input_errors[] = gettext("A valid remote start address must be specified."); } if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) { $input_errors[] = gettext("A valid RADIUS server address must be specified."); } if (!is_numericint($_POST['n_pppoe_units']) || $_POST['n_pppoe_units'] > 255) { $input_errors[] = gettext("Number of PPPoE users must be between 1 and 255"); } if (!is_numeric($_POST['pppoe_subnet']) || $_POST['pppoe_subnet'] < 0 || $_POST['pppoe_subnet'] > 32) { $input_errors[] = gettext("Subnet mask must be an interger between 0 and 32"); } $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']); $subnet_start = ip2ulong($_POST['remoteip']); $subnet_end = ip2ulong($_POST['remoteip']) + $_POST['pppoe_subnet'] - 1; if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) { $input_errors[] = gettext("The specified server address lies in the remote subnet."); } if ($_POST['localip'] == get_interface_ip($_POST['interface'])) { $input_errors[] = gettext("The specified server address is equal to an interface ip address."); } for ($x = 0; $x < 4999; $x++) {
if (!empty($_POST['adaptiveend']) && !is_numericint($_POST['adaptiveend'])) { $input_errors[] = gettext("The Firewall Adaptive End value must be an integer."); } if ($_POST['maximumstates'] && !is_numericint($_POST['maximumstates'])) { $input_errors[] = gettext("The Firewall Maximum States value must be an integer."); } if ($_POST['aliasesresolveinterval'] && !is_numericint($_POST['aliasesresolveinterval'])) { $input_errors[] = gettext("The Aliases Hostname Resolve Interval value must be an integer."); } if ($_POST['maximumtableentries'] && !is_numericint($_POST['maximumtableentries'])) { $input_errors[] = gettext("The Firewall Maximum Table Entries value must be an integer."); } if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) { $input_errors[] = gettext("The TCP idle timeout must be an integer."); } if ($_POST['reflectiontimeout'] && !is_numericint($_POST['reflectiontimeout'])) { $input_errors[] = gettext("The Reflection timeout must be an integer."); } ob_flush(); flush(); if (!$input_errors) { if ($_POST['disablefilter'] == "yes") { $config['system']['disablefilter'] = "enabled"; } else { unset($config['system']['disablefilter']); } if ($_POST['disablevpnrules'] == "yes") { $config['system']['disablevpnrules'] = true; } else { unset($config['system']['disablevpnrules']); }
* */ ##|+PRIV ##|*IDENT=page-system-usermanager ##|*NAME=System: User Manager ##|*DESCR=Allow access to the 'System: User Manager' page. ##|*MATCH=system_usermanager.php* ##|-PRIV require "certs.inc"; require "guiconfig.inc"; // start admin user code $pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users")); if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { $id = $_POST['userid']; } if (isset($_GET['userid']) && is_numericint($_GET['userid'])) { $id = $_GET['userid']; } if (!isset($config['system']['user']) || !is_array($config['system']['user'])) { $config['system']['user'] = array(); } $a_user =& $config['system']['user']; $act = $_GET['act']; if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; } else { $referer = '/system_usermanager.php'; } if (isset($id) && $a_user[$id]) { $pconfig['usernamefld'] = $a_user[$id]['name']; $pconfig['descr'] = $a_user[$id]['descr'];
if ($_POST['destination_subnet'] && !is_numericint($_POST['destination_subnet'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } if ($_POST['destination_type'] == "any") { if ($_POST['destination_not']) { $input_errors[] = gettext("Negating destination address of \"any\" is invalid."); } } if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) { $input_errors[] = gettext("A valid target IP address must be specified."); } if ($_POST['target'] == "other-subnet") { if (!is_ipaddr($_POST['targetip'])) { $input_errors[] = gettext("A valid target IP must be specified when using the 'Other Subnet' type."); } if (!is_numericint($_POST['targetip_subnet'])) { $input_errors[] = gettext("A valid target bit count must be specified when using the 'Other Subnet' type."); } } /* Verify Pool Options */ $poolopts = ""; if ($_POST['poolopts']) { if (is_subnet($_POST['target']) || $_POST['target'] == "other-subnet") { $poolopts = $_POST['poolopts']; } elseif (is_alias($_POST['target'])) { if (substr($_POST['poolopts'], 0, 11) == "round-robin") { $poolopts = $_POST['poolopts']; } else { $input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias."); } }
if ($_POST['localip'] && !is_ipaddr($_POST['localip'])) { $input_errors[] = gettext("A valid server address must be specified."); } if ($_POST['remoteip'] && !is_ipaddr($_POST['remoteip'])) { $input_errors[] = gettext("A valid remote start address must be specified."); } if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) { $input_errors[] = gettext("A valid RADIUS server address must be specified."); } if (!is_numericint($_POST['n_pppoe_units']) || $_POST['n_pppoe_units'] > 255) { $input_errors[] = gettext("Number of PPPoE users must be between 1 and 255"); } if (!is_numericint($_POST['n_pppoe_maxlogin']) || $_POST['n_pppoe_maxlogin'] > 255) { $input_errors[] = gettext("User Max Logins must be between 1 and 255"); } if (!is_numericint($_POST['pppoe_subnet']) || $_POST['pppoe_subnet'] > 32) { $input_errors[] = gettext("Subnet mask must be an interger between 0 and 32"); } $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['pppoe_subnet']); if (is_inrange_v4($_POST['localip'], $_POST['remoteip'], ip_after($_POST['remoteip'], $_POST['pppoe_subnet'] - 1))) { $input_errors[] = gettext("The specified server address lies in the remote subnet."); } if ($_POST['localip'] == get_interface_ip($_POST['interface'])) { $input_errors[] = gettext("The specified server address is equal to an interface ip address."); } for ($x = 0; $x < 4999; $x++) { if ($_POST["username{$x}"]) { if (empty($_POST["password{$x}"])) { $input_errors[] = sprintf(gettext("No password specified for username %s"), $_POST["username{$x}"]); } if ($_POST["ip{$x}"] != "" && !is_ipaddr($_POST["ip{$x}"])) {
if (is_numericint($_GET['id'])) { $id = $_GET['id']; } if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; } if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { $id = $_GET['dup']; } if (isset($id) && $a_routes[$id]) { list($pconfig['network'], $pconfig['network_subnet']) = explode('/', $a_routes[$id]['network']); $pconfig['gateway'] = $a_routes[$id]['gateway']; $pconfig['descr'] = $a_routes[$id]['descr']; $pconfig['disabled'] = isset($a_routes[$id]['disabled']); } if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { unset($id); } if ($_POST) { global $aliastable; unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "network network_subnet gateway"); $reqdfieldsn = explode(",", gettext("Destination network") . "," . gettext("Destination network bit count") . "," . gettext("Gateway")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['network'] && !is_ipaddr($_POST['network']) && !is_alias($_POST['network'])) { $input_errors[] = gettext("A valid IPv4 or IPv6 destination network must be specified."); } if ($_POST['network_subnet'] && !is_numeric($_POST['network_subnet'])) { $input_errors[] = gettext("A valid destination network bit count must be specified.");
if (is_ipaddr_configured($_POST['localip'])) { $input_errors[] = gettext("'Server address' parameter should NOT be set to any IP address currently in use on this firewall."); } if ($_POST['l2tp_subnet'] && !is_ipaddr($_POST['remoteip'])) { $input_errors[] = gettext("A valid remote start address must be specified."); } if ($_POST['radiusserver'] && !is_ipaddr($_POST['radiusserver'])) { $input_errors[] = gettext("A valid RADIUS server address must be specified."); } if ($_POST['secret'] != $_POST['secret_confirm']) { $input_errors[] = gettext("Secret and confirmation must match"); } if ($_POST['radiussecret'] != $_POST['radiussecret_confirm']) { $input_errors[] = gettext("Secret and confirmation must match"); } if (!is_numericint($_POST['n_l2tp_units']) || $_POST['n_l2tp_units'] > 255) { $input_errors[] = gettext("Number of L2TP users must be between 1 and 255"); } /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } if (!$input_errors) { $_POST['remoteip'] = $pconfig['remoteip'] = gen_subnet($_POST['remoteip'], $_POST['l2tp_subnet']); $subnet_start = ip2ulong($_POST['remoteip']); $subnet_end = ip2ulong($_POST['remoteip']) + $_POST['n_l2tp_units'] - 1; if (ip2ulong($_POST['localip']) >= $subnet_start && ip2ulong($_POST['localip']) <= $subnet_end) { $input_errors[] = gettext("The specified server address lies in the remote subnet."); } if ($_POST['localip'] == get_interface_ip("lan")) {
header("Location: /suricata/suricata_barnyard.php"); exit; } // Check that at least one output plugin is enabled if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' && $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on") { $input_errors[] = gettext("You must enable at least one output option when using Barnyard2."); } // Validate Sensor Name contains no spaces if ($_POST['barnyard_enable'] == 'on') { if (!empty($_POST['barnyard_sensor_name']) && strpos($_POST['barnyard_sensor_name'], " ") !== FALSE) { $input_errors[] = gettext("The value for 'Sensor Name' cannot contain spaces."); } } // Validate Sensor ID is a valid integer if ($_POST['barnyard_enable'] == 'on') { if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0) { $input_errors[] = gettext("The value for 'Sensor ID' must be a valid positive integer."); } } if (empty($_POST['barnyard_xff_header']) && $_POST['barnyard_xff_logging'] == "on") { $input_errors[] = gettext("The value for the X-Forwarded-For Header cannot be blank when X-Forwarded-For logging is enabled."); } // Validate inputs if MySQL database loggging enabled if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") { if (empty($_POST['barnyard_dbhost'])) { $input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host."); } if (empty($_POST['barnyard_dbname'])) { $input_errors[] = gettext("You must provide a DB instance name when logging to a MySQL database."); } if (empty($_POST['barnyard_dbuser'])) {
$input_errors[] = gettext("A valid PPPoE reset day of month must be specified (1-31) in the Custom PPPoE Periodic reset fields. No checks are done on valid # of days per month"); } if ($date_nums[2] < date("Y")) { $input_errors[] = gettext("A valid PPPoE reset year must be specified. Don't select a year in the past!"); } } $port_data = array(); if (is_array($_POST['interfaces'])) { foreach ($_POST['interfaces'] as $iface) { if ($_POST['localip'][$iface] && !is_ipaddr($_POST['localip'][$iface])) { $input_errors[] = sprintf(gettext("A valid local IP address must be specified for %s."), $iface); } if ($_POST['gateway'][$iface] && !is_ipaddr($_POST['gateway'][$iface]) && !is_hostname($_POST['gateway'][$iface])) { $input_errors[] = sprintf(gettext("A valid gateway IP address OR hostname must be specified for %s."), $iface); } if ($_POST['bandwidth'][$iface] && !is_numericint($_POST['bandwidth'][$iface])) { $input_errors[] = sprintf(gettext("The bandwidth value for %s must be an integer."), $iface); } if ($_POST['mtu'][$iface] && $_POST['mtu'][$iface] < 576) { $input_errors[] = sprintf(gettext("The MTU for %s must be greater than 576 bytes."), $iface); } if ($_POST['mru'][$iface] && $_POST['mru'][$iface] < 576) { $input_errors[] = sprintf(gettext("The MRU for %s must be greater than 576 bytes."), $iface); } } // Loop through fields associated with an individual link/port and make an array of the data $port_fields = array("localip", "gateway", "subnet", "bandwidth", "mtu", "mru", "mrru"); foreach ($_POST['interfaces'] as $iface) { foreach ($port_fields as $field_label) { if (isset($_POST[$field_label . $iface]) && strlen($_POST[$field_label . $iface]) > 0) { $port_data[$field_label][] = $_POST[$field_label . $iface];
function is_posnumericint($arg) { // Integer > 0? (Note that to be safe we do not allow any leading zero - "01", "007") return is_numericint($arg) && $arg[0] != '0'; }
$a_config["shown"]["item"][] = $ifname; } } write_config(gettext("Updated traffic graph settings via dashboard.")); header("Location: /"); exit(0); } $shown = array(); foreach ($a_config["shown"]["item"] as $if) { $shown[$if] = true; } if ($first_time) { $keys = array_keys($ifdescrs); $shown[$keys[0]] = true; } if (isset($a_config["refreshinterval"]) && is_numericint($a_config["refreshinterval"])) { $refreshinterval = $a_config["refreshinterval"]; } else { $refreshinterval = 10; } if (isset($a_config["scale_type"])) { $scale_type = $a_config["scale_type"]; } else { $scale_type = "up"; } $graphcounter = 0; foreach ($ifdescrs as $ifname => $ifdescr) { $ifinfo = get_interface_info($ifname); if ($shown[$ifname]) { $mingraphbutton = "inline"; $showgraphbutton = "none";
$pconfig['compression'] = isset($config['ipsec']['compression']); $pconfig['enableinterfacesuse'] = isset($config['ipsec']['enableinterfacesuse']); $pconfig['acceptunencryptedmainmode'] = isset($config['ipsec']['acceptunencryptedmainmode']); $pconfig['maxmss_enable'] = isset($config['system']['maxmss_enable']); $pconfig['maxmss'] = $config['system']['maxmss']; $pconfig['uniqueids'] = $config['ipsec']['uniqueids']; if ($_POST) { unset($input_errors); $pconfig = $_POST; foreach ($ipsec_log_cats as $cat => $desc) { if (!in_array(intval($pconfig[$cat]), array_keys($ipsec_log_sevs), true)) { $input_errors[] = "A valid value must be specified for {$desc} debug."; } } if (isset($pconfig['maxmss'])) { if (!is_numericint($pconfig['maxmss']) && $pconfig['maxmss'] != '') { $input_errors[] = "An integer must be specified for Maximum MSS."; } if ($pconfig['maxmss'] != '' && $pconfig['maxmss'] < 576 || $pconfig['maxmss'] > 65535) { $input_errors[] = "An integer between 576 and 65535 must be specified for Maximum MSS"; } } if (!$input_errors) { /* log levels aren't set initially and use default. They all * get set when we save, even if it's to the default level. */ foreach (array_keys($ipsec_log_cats) as $cat) { if (!isset($pconfig[$cat])) { continue; } if ($pconfig[$cat] != $config['ipsec']['logging'][$cat]) {
} $pconfig['descr'] = $a_rfc2136[$id]['descr']; } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = array(); $reqdfieldsn = array(); $reqdfields = array_merge($reqdfields, explode(" ", "host ttl keyname keydata")); $reqdfieldsn = array_merge($reqdfieldsn, array(gettext("Hostname"), gettext("TTL"), gettext("Key name"), gettext("Key"))); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($_POST['host'] && !is_domain($_POST['host'])) { $input_errors[] = gettext("The DNS update host name contains invalid characters."); } if ($_POST['ttl'] && !is_numericint($_POST['ttl'])) { $input_errors[] = gettext("The DNS update TTL must be an integer."); } if ($_POST['keyname'] && !is_domain($_POST['keyname'])) { $input_errors[] = gettext("The DNS update key name contains invalid characters."); } if (!$input_errors) { $rfc2136 = array(); $rfc2136['enable'] = $_POST['enable'] ? true : false; $rfc2136['host'] = $_POST['host']; $rfc2136['ttl'] = $_POST['ttl']; $rfc2136['keyname'] = $_POST['keyname']; $rfc2136['keytype'] = $_POST['keytype']; $rfc2136['keydata'] = $_POST['keydata']; $rfc2136['server'] = $_POST['server']; $rfc2136['usetcp'] = $_POST['usetcp'] ? true : false;
} /* For src, user can enter only ip's or networks */ if (!is_specialnet($_POST['srctype'])) { if ($_POST['src'] && !is_ipaddr($_POST['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid internal IP address."), $_POST['src']); } if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) { $input_errors[] = gettext("A valid internal bit count must be specified."); } } /* For dst, user can enter ip's, networks or aliases */ if (!is_specialnet($_POST['dsttype'])) { if ($_POST['dst'] && !is_ipaddroralias($_POST['dst'])) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']); } if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } /* check for overlaps with other 1:1 */ foreach ($a_1to1 as $natent) { if (isset($id) && $a_1to1[$id] && $a_1to1[$id] === $natent) { continue; } if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) { //$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet."; //break; } } if (!$input_errors) { $natent = array();
if (isset($config['ipsec']["ipsec_{$lkey}"])) { unset($config['ipsec']["ipsec_{$lkey}"]); } } else { $config['ipsec']["ipsec_{$lkey}"] = $_POST["ipsec_{$lkey}"]; } } } if (isset($pconfig['failoverforcereload']) && $pconfig['failoverforcereload'] == "yes") { $config['ipsec']['failoverforcereload'] = true; } elseif (isset($config['ipsec']['failoverforcereload'])) { unset($config['ipsec']['failoverforcereload']); } if (isset($pconfig['maxmss_enable']) && $pconfig['maxmss_enable'] == "yes") { $config['system']['maxmss_enable'] = true; if (!empty($pconfig['maxmss']) && is_numericint($pconfig['maxmss'])) { $config['system']['maxmss'] = $pconfig['maxmss']; } } else { if (isset($config['system']['maxmss_enable'])) { unset($config['system']['maxmss_enable']); } if (isset($config['system']['maxmss'])) { unset($config['system']['maxmss']); } } write_config(); $savemsg = get_std_save_message(); filter_configure(); vpn_ipsec_configure(); }
$id = $_POST['id']; } if (isset($id) && $a_vlans[$id]) { $pconfig['if'] = $a_vlans[$id]['if']; $pconfig['vlanif'] = $a_vlans[$id]['vlanif']; $pconfig['tag'] = $a_vlans[$id]['tag']; $pconfig['descr'] = $a_vlans[$id]['descr']; } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "if tag"); $reqdfieldsn = array(gettext("Parent interface"), gettext("VLAN tag")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['tag'] && (!is_numericint($_POST['tag']) || $_POST['tag'] < '1' || $_POST['tag'] > '4094')) { $input_errors[] = gettext("The VLAN tag must be an integer between 1 and 4094."); } foreach ($a_vlans as $vlan) { if (isset($id) && $a_vlans[$id] && $a_vlans[$id] === $vlan) { continue; } if ($vlan['if'] == $_POST['if'] && $vlan['tag'] == $_POST['tag']) { $input_errors[] = sprintf(gettext("A VLAN with the tag %s is already defined on this interface."), $vlan['tag']); break; } } if (is_array($config['qinqs']['qinqentry'])) { foreach ($config['qinqs']['qinqentry'] as $qinq) { if ($qinq['tag'] == $_POST['tag'] && $qinq['if'] == $_POST['if']) { $input_errors[] = gettext("A QinQ VLAN exists with this tag please remove it to use this tag with.");
if ($_POST['disableconsolemenu'] == "yes") { $config['system']['disableconsolemenu'] = true; } else { unset($config['system']['disableconsolemenu']); } if ($_POST['noantilockout'] == "yes") { $config['system']['webgui']['noantilockout'] = true; } else { unset($config['system']['webgui']['noantilockout']); } if ($_POST['enableserial'] == "yes" || $g['enableserial_force']) { $config['system']['enableserial'] = true; } else { unset($config['system']['enableserial']); } if (is_numericint($_POST['serialspeed'])) { $config['system']['serialspeed'] = $_POST['serialspeed']; } else { unset($config['system']['serialspeed']); } if ($_POST['primaryconsole']) { $config['system']['primaryconsole'] = $_POST['primaryconsole']; } else { unset($config['system']['primaryconsole']); } if ($_POST['nodnsrebindcheck'] == "yes") { $config['system']['webgui']['nodnsrebindcheck'] = true; } else { unset($config['system']['webgui']['nodnsrebindcheck']); } if ($_POST['nohttpreferercheck'] == "yes") {
##|+PRIV ##|*IDENT=page-system-groupmanager ##|*NAME=System: Group manager ##|*DESCR=Allow access to the 'System: Group manager' page. ##|*MATCH=system_groupmanager.php* ##|-PRIV require "guiconfig.inc"; if (!is_array($config['system']['group'])) { $config['system']['group'] = array(); } $a_group =& $config['system']['group']; unset($id); if (isset($_POST['groupid']) && is_numericint($_POST['groupid'])) { $id = $_POST['groupid']; } if (isset($_GET['groupid']) && is_numericint($_GET['groupid'])) { $id = $_GET['groupid']; } $act = isset($_GET['act']) ? $_GET['act'] : ''; if ($act == "delgroup") { if (!isset($id) || !isset($_GET['groupname']) || !isset($a_group[$id]) || $_GET['groupname'] != $a_group[$id]['name']) { pfSenseHeader("system_groupmanager.php"); exit; } conf_mount_rw(); local_group_del($a_group[$id]); conf_mount_ro(); $groupdeleted = $a_group[$id]['name']; unset($a_group[$id]); write_config(); $savemsg = sprintf(gettext("Group %s successfully deleted."), $groupdeleted);
if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix'])) { $wancfg['adv_dhcp6_id_assoc_statement_prefix'] = $_POST['adv_dhcp6_id_assoc_statement_prefix']; } if (is_numericint($_POST['adv_dhcp6_id_assoc_statement_prefix_id'])) { $wancfg['adv_dhcp6_id_assoc_statement_prefix_id'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_id']; } if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix_pltime'])) { $wancfg['adv_dhcp6_id_assoc_statement_prefix_pltime'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_pltime']; } if (!empty($_POST['adv_dhcp6_id_assoc_statement_prefix_vltime'])) { $wancfg['adv_dhcp6_id_assoc_statement_prefix_vltime'] = $_POST['adv_dhcp6_id_assoc_statement_prefix_vltime']; } if (is_numericint($_POST['adv_dhcp6_prefix_interface_statement_sla_id'])) { $wancfg['adv_dhcp6_prefix_interface_statement_sla_id'] = $_POST['adv_dhcp6_prefix_interface_statement_sla_id']; } if (is_numericint($_POST['adv_dhcp6_prefix_interface_statement_sla_len'])) { $wancfg['adv_dhcp6_prefix_interface_statement_sla_len'] = $_POST['adv_dhcp6_prefix_interface_statement_sla_len']; } if (!empty($_POST['adv_dhcp6_authentication_statement_authname'])) { $wancfg['adv_dhcp6_authentication_statement_authname'] = $_POST['adv_dhcp6_authentication_statement_authname']; } if (!empty($_POST['adv_dhcp6_authentication_statement_protocol'])) { $wancfg['adv_dhcp6_authentication_statement_protocol'] = $_POST['adv_dhcp6_authentication_statement_protocol']; } if (!empty($_POST['adv_dhcp6_authentication_statement_algorithm'])) { $wancfg['adv_dhcp6_authentication_statement_algorithm'] = $_POST['adv_dhcp6_authentication_statement_algorithm']; } if (!empty($_POST['adv_dhcp6_authentication_statement_rdm'])) { $wancfg['adv_dhcp6_authentication_statement_rdm'] = $_POST['adv_dhcp6_authentication_statement_rdm']; } if (!empty($_POST['adv_dhcp6_key_info_statement_keyname'])) {
$snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']]; $if_real = get_real_interface($snortcfg['interface']); $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); if (!snort_is_running($snortcfg['uuid'], $if_real, 'barnyard2')) { log_error("Toggle (barnyard starting) for {$if_friendly}({$snortcfg['descr']})..."); sync_snort_package_config(); snort_barnyard_start($snortcfg, $if_real); } else { log_error("Toggle (barnyard stopping) for {$if_friendly}({$snortcfg['descr']})..."); snort_barnyard_stop($snortcfg, $if_real); } sleep(3); // So the GUI reports correctly } /* start/stop snort */ if ($_POST['toggle'] && is_numericint($_POST['id'])) { $snortcfg = $config['installedpackages']['snortglobal']['rule'][$_POST['id']]; $if_real = get_real_interface($snortcfg['interface']); $if_friendly = convert_friendly_interface_to_friendly_descr($snortcfg['interface']); if (snort_is_running($snortcfg['uuid'], $if_real)) { log_error("Toggle (snort stopping) for {$if_friendly}({$snortcfg['descr']})..."); snort_stop($snortcfg, $if_real); } else { log_error("Toggle (snort starting) for {$if_friendly}({$snortcfg['descr']})..."); /* set flag to rebuild interface rules before starting Snort */ $rebuild_rules = true; sync_snort_package_config(); $rebuild_rules = false; snort_start($snortcfg, $if_real); } sleep(3);
function is_posnumericint($arg) { // Note that to be safe we do not allow any leading zero - "01", "007" return is_numericint($arg) && $arg[0] != '0' && $arg > 0; }
if (isset($_POST['incoming_num_tcp']) && !in_array($_POST['incoming_num_tcp'], array('0', '10', '20', '30', '40', '50'), true)) { $input_errors[] = "A valid value must be specified for Incoming TCP Buffers."; } if (isset($_POST['edns_buffer_size']) && !in_array($_POST['edns_buffer_size'], array('512', '1480', '4096'), true)) { $input_errors[] = "A valid value must be specified for EDNS Buffer Size."; } if (isset($_POST['num_queries_per_thread']) && !in_array($_POST['num_queries_per_thread'], array('512', '1024', '2048'), true)) { $input_errors[] = "A valid value must be specified for Number of queries per thread."; } if (isset($_POST['jostle_timeout']) && !in_array($_POST['jostle_timeout'], array('100', '200', '500', '1000'), true)) { $input_errors[] = "A valid value must be specified for Jostle Timeout."; } if (isset($_POST['cache_max_ttl']) && (!is_numericint($_POST['cache_max_ttl']) || $_POST['cache_max_ttl'] < 0)) { $input_errors[] = "'Maximum TTL for RRsets and messages' must be a positive integer."; } if (isset($_POST['cache_min_ttl']) && (!is_numericint($_POST['cache_min_ttl']) || $_POST['cache_min_ttl'] < 0)) { $input_errors[] = "'Minimum TTL for RRsets and messages' must be a positive integer."; } if (isset($_POST['infra_host_ttl']) && !in_array($_POST['infra_host_ttl'], array('60', '120', '300', '600', '900'), true)) { $input_errors[] = "A valid value must be specified for TTL for Host cache entries."; } if (isset($_POST['infra_cache_numhosts']) && !in_array($_POST['infra_cache_numhosts'], array('1000', '5000', '10000', '20000', '50000'), true)) { $input_errors[] = "A valid value must be specified for Number of Hosts to cache."; } if (isset($_POST['unwanted_reply_threshold']) && !in_array($_POST['unwanted_reply_threshold'], array('disabled', '5000000', '10000000', '20000000', '40000000', '50000000'), true)) { $input_errors[] = "A valid value must be specified for Unwanted Reply Threshold."; } if (isset($_POST['log_verbosity']) && !in_array($_POST['log_verbosity'], array('0', '1', '2', '3', '4', '5'), true)) { $input_errors[] = "A valid value must be specified for Log level verbosity."; } if (isset($_POST['dnssecstripped']) && !isset($config['unbound']['dnssec'])) {