if ($_POST['mode'] == "advanced" && ($mode == "automatic" || $mode == "hybrid")) {
/*
* user has enabled advanced outbound NAT and doesn't have rules
* lets automatically create entries
* for all of the interfaces to make life easier on the pip-o-chap
*/
if (empty($GatewaysList)) {
filter_generate_gateways();
}
$tonathosts = filter_nat_rules_automatic_tonathosts(true);
$automatic_rules = filter_nat_rules_outbound_automatic("");
foreach ($tonathosts as $tonathost) {
foreach ($automatic_rules as $natent) {
$natent['source']['network'] = $tonathost['subnet'];
$natent['descr'] .= sprintf(gettext(' - %1$s to %2$s'), $tonathost['descr'], convert_real_interface_to_friendly_descr($natent['interface']));
$natent['created'] = make_config_revision_entry(null, gettext("Manual Outbound NAT Switch"));
/* Try to detect already auto created rules and avoid duplicate them */
$found = false;
foreach ($a_out as $rule) {
if ($rule['interface'] == $natent['interface'] && $rule['source']['network'] == $natent['source']['network'] && $rule['dstport'] == $natent['dstport'] && $rule['target'] == $natent['target'] && $rule['descr'] == $natent['descr']) {
$found = true;
break;
}
}
if ($found === false) {
$a_out[] = $natent;
}
}
}
$savemsg = gettext("Default rules for each interface have been created.");
unset($GatewaysList);
}
}
$filterent['source'] = $a_filter[$id]['source'];
$filterent['destination'] = $a_filter[$id]['destination'];
$filterent['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
}
if (isset($a_filter[$id]['created']) && is_array($a_filter[$id]['created'])) {
$filterent['created'] = $a_filter[$id]['created'];
}
$filterent['updated'] = make_config_revision_entry();
// Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
if (isset($id) && $a_filter[$id]) {
$a_filter[$id] = $filterent;
} else {
$filterent['created'] = make_config_revision_entry();
if (is_numeric($after)) {
array_splice($a_filter, $after + 1, 0, array($filterent));
} else {
$a_filter[] = $filterent;
}
}
filter_rules_sort();
if (write_config()) {
mark_subsystem_dirty('filter');
}
if (isset($_POST['floating'])) {
header("Location: firewall_rules.php?if=FloatingRules");
} else {
header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
}
function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipproto)
{
global $config;
/* No rules, start a new array */
if (!is_array($config['filter']['rule'])) {
$config['filter']['rule'] = array();
}
filter_rules_sort();
$a_filter =& $config['filter']['rule'];
/* Make up a new rule */
$filterent = array();
$filterent['type'] = 'pass';
$filterent['interface'] = $int;
$filterent['ipprotocol'] = $ipproto;
$filterent['descr'] = gettext("Easy Rule: Passed from Firewall Log View");
if ($proto != "any") {
$filterent['protocol'] = $proto;
} else {
unset($filterent['protocol']);
}
/* Default to only allow echo requests, since that's what most people want and
* it should be a safe choice. */
if ($proto == "icmp") {
$filterent['icmptype'] = 'echoreq';
}
if (strtolower($proto) == "icmp6" || strtolower($proto) == "icmpv6") {
$filterent['protocol'] = "icmp";
}
if (is_subnet($srchost)) {
list($srchost, $srcmask) = explode("/", $srchost);
} elseif (is_specialnet($srchost)) {
$srcmask = 0;
} elseif (is_ipaddrv6($srchost)) {
$srcmask = 128;
} else {
$srcmask = 32;
}
if (is_subnet($dsthost)) {
list($dsthost, $dstmask) = explode("/", $dsthost);
} elseif (is_specialnet($dsthost)) {
$dstmask = 0;
} elseif (is_ipaddrv6($dsthost)) {
$dstmask = 128;
} else {
$dstmask = 32;
}
pconfig_to_address($filterent['source'], $srchost, $srcmask);
pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport);
$filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule"));
$a_filter[] = $filterent;
write_config($filterent['descr']);
$retval = filter_configure();
return true;
}
