<?php /** * firewall zone fwzones-edit.php * add, edit and delete firewall zones ******************************************/ # functions require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize classes $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Subnets = new Subnets($Database); $Result = new Result(); $Zones = new FirewallZones($Database); # validate session parameters $User->check_user_session(); # validate $_POST['id'] values if (!preg_match('/^[0-9]+$/i', $_POST['id'])) { $Result->show("danger", _("Invalid ID. Do not manipulate the POST values!"), true); } # validate $_POST['action'] values if ($_POST['action'] != 'add' && $_POST['action'] != 'edit' && $_POST['action'] != 'delete') { $Result->show("danger", _("Invalid action. Do not manipulate the POST values!"), true); } # fetch module settings $firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true); # fetch old zone if ($_POST['action'] != 'add') { $firewallZone = $Zones->get_zone($_POST['id']); }
/** * Script to check edited / deleted / new IP addresses * If all is ok write to database *************************************************/ # include required scripts require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize required objects $Database = new Database_PDO(); $Result = new Result(); $User = new User($Database); $Subnets = new Subnets($Database); $Tools = new Tools($Database); $Addresses = new Addresses($Database); $Log = new Logging($Database, $User->settings); $Zones = new FirewallZones($Database); $Ping = new Scan($Database); # verify that user is logged in $User->check_user_session(); # validate csrf cookie $User->csrf_cookie("validate", "address", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : ""; # validate action $Tools->validate_action($_POST['action']); $action = $_POST['action']; //reset delete action form visual visual if (isset($_POST['action-visual'])) { if (@$_POST['action-visual'] == "delete") { $action = "delete"; } } # save $_POST to $address
<?php /** * firewall zone mapping-edit.php * add, edit and delete firewall zones mappings **************************************************/ # functions require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize classes $Database = new Database_PDO(); $User = new User($Database); $Subnets = new Subnets($Database); $Tools = new Tools($Database); $Result = new Result(); $Zones = new FirewallZones($Database); # validate session parameters $User->check_user_session(); # validate $_POST['id'] values if (!preg_match('/^[0-9]+$/i', $_POST['id'])) { $Result->show("danger", _("Invalid ID. Do not manipulate the POST values!"), true); } # validate $_POST['action'] values if ($_POST['action'] != 'add' && $_POST['action'] != 'edit' && $_POST['action'] != 'delete') { $Result->show("danger", _("Invalid action. Do not manipulate the POST values!"), true); } # disable edit on delete $readonly = $_POST['action'] == "delete" ? "disabled" : ""; # fetch all firewall zones $firewallZones = $Zones->get_zones(); # fetch settings $firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true);
# IP address - mandatory print "<th class='s_ipaddr'><a href='' data-id='ip_addr|{$sort['directionNext']}' class='sort' data-subnetId='{$subnet['id']}' rel='tooltip' data-container='body' title='" . _('Sort by IP address') . "'>" . _('IP address') . " "; if ($sort['field'] == "ip_addr") { print $icon; } print "</a></th>"; # hostname - mandatory print "<th><a href='' data-id='dns_name|{$sort['directionNext']}' class='sort' data-subnetId='{$subnet['id']}' rel='tooltip' data-container='body' title='" . _('Sort by hostname') . "'\t\t\t\t\t>" . _('Hostname') . " "; if ($sort['field'] == "dns_name") { print $icon; } print "</a></th>"; # firewall address object - mandatory if enabled if (in_array('firewallAddressObject', $selected_ip_fields)) { # class $Zones = new FirewallZones($Database); $zone = $Zones->get_zone_subnet_info($subnet['id']); if ($zone) { print "<th><a href='' data-id='description|{$sort['directionNext']}' class='sort' data-subnetId='{$subnet['id']}' rel='tooltip' data-container='body' title='" . _('Sort by firewall address object') . "'>" . _('FW object') . " "; if ($sort['field'] == "firewallAddressObject") { print $icon; } print "</a></th>"; } } # Description - mandatory print "<th><a href='' data-id='description|{$sort['directionNext']}' class='sort' data-subnetId='{$subnet['id']}' rel='tooltip' data-container='body' title='" . _('Sort by description') . "'\t\t\t>" . _('Description') . " "; if ($sort['field'] == "description") { print $icon; } print "</a></th>";
} print $Addresses->address_type_index_to_type($address['state']); print $Addresses->address_type_format_tag($address['state']); print "\t</td>"; print "</tr>"; # hostname $resolve1['name'] = strlen($resolve['name']) == 0 ? "<span class='text-muted'>/</span>" : $resolve['name']; print "<tr>"; print "\t<th>" . _('Hostname') . "</th>"; print "\t<td>{$resolve1['name']}</td>"; print "</tr>"; # firewall address object if (in_array('firewallAddressObject', $selected_ip_fields)) { if ($User->settings->enableFirewallZones == 1) { # class $Zones = new FirewallZones($Database); $zone = $Zones->get_zone_subnet_info($address['subnetId']); if ($zone) { print "<tr>"; print "\t<th>" . _('Firewall address object') . "</th>"; print "\t<td>{$address['firewallAddressObject']}</td>"; print "</tr>"; } } } # mac if (in_array('owner', $selected_ip_fields)) { print "<tr>"; print "\t<th>" . _('Owner') . "</th>"; print "\t<td>{$address['owner']}</td>"; print "</tr>";
<?php /** * firewall zone mapping-edit-result.php * verify and update mapping informations **********************************************/ # functions require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize classes $Database = new Database_PDO(); $User = new User($Database); $Result = new Result(); $Zones = new FirewallZones($Database); # validate session parameters $User->check_user_session(); # validate the action type if ($_POST['action'] != 'add' && $_POST['action'] != 'delete' && $_POST['action'] != 'edit') { $Result->show("danger", _("Invalid action."), true); } # check the zone alias. valid values are alphanumeric characters and special characters like ".-_ " if ($_POST['alias'] && !preg_match('/^[0-9a-zA-Z.\\/\\-_ ]+$/i', $_POST['alias'])) { $Result->show("danger", _("Invalid zone alias value."), true); } # check the interface name. valid values are alphanumeric characters and special characters like ".-_/ " if ($_POST['interface'] && !preg_match('/^[0-9a-zA-Z.\\/\\-_ ]+$/i', $_POST['interface'])) { $Result->show("danger", _("Invalid interface."), true); } if ($_POST['action'] != 'delete') { # check the zone ID. valid value: integer if (!preg_match('/^[0-9]+$/i', $_POST['zoneId'])) { $Result->show("danger", _("Invalid zone ID."), true);
<?php /** * firewall zone fwzones.php * display firewall zones *******************************/ # validate session parameters $User->check_user_session(); # initialize classes $Zones = new FirewallZones($Database); $firewallZones = $Zones->get_zones(); # Add new firewall zone print '<button class="btn btn-sm btn-default btn-success editFirewallZone" style="margin-bottom:10px;margin-top: 25px;" data-action="add" data-id="0"><i style="padding-right:5px;" class="fa fa-plus"></i>' . _('Create Firewall zone') . '</button>'; # display the zone table if there are any zones in the database if ($firewallZones) { # table print '<table id="zonesPrint" class="table table-top table-td-top table-condensed">'; # table headers print '<tr style="background:white">'; print '<th>' . _('Type') . '</th>'; print '<th>' . _('Zone') . '</th>'; print '<th>' . _('Description') . '</th>'; print '<th>' . _('Subnet') . '</th>'; print '<th>' . _('VLAN') . '</th>'; print '<th style="width:60px;"></th>'; print '</tr>'; # display all firewall zones and network information foreach ($firewallZones as $zoneObject) { # set rowspan in case if there are more than one networks bound to the zone $counter = count($zoneObject->network); if ($counter === 0) {
<?php /** * subnet-to-zone-save.php * save subnet to zone binding *********************************/ # functions require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize classes $Database = new Database_PDO(); $User = new User($Database); $Result = new Result(); $Zones = new FirewallZones($Database); # validate session parameters $User->check_user_session(); # validate $_POST['subnetId'] values if (!preg_match('/^[0-9]+$/i', $_POST['subnetId'])) { $Result->show("danger", _("Invalid subnet ID. Do not manipulate the POST values!"), true); } # validate $_POST['zoneId'] values if (!preg_match('/^[0-9]+$/i', $_POST['zoneId']) || $_POST['zoneId'] == 0) { $Result->show("danger", _("Invalid or no zone ID. "), true); } # validate $_POST['deviceId'] values if ($_POST['deviceId'] && !preg_match('/^[0-9]+$/i', $_POST['deviceId'])) { $Result->show("danger", _("Invalid device ID. Do not manipulate the POST values!"), true); } # check the zone alias. valid values are alphanumeric characters and special characters like ".-_ " if ($_POST['alias'] && !preg_match('/^[0-9a-zA-Z.\\/\\-_ ]+$/i', $_POST['alias'])) { $Result->show("danger", _("Invalid zone alias value."), true); }
<?php /** * firewall zone mapping.php * list all firewall zone mappings ***************************************/ # initialize classes $Database = new Database_PDO(); $Subnets = new Subnets($Database); $Result = new Result(); $Zones = new FirewallZones($Database); # validate session parameters $User->check_user_session(); # fetch all zone mappings $firewallZoneMapping = $Zones->get_zone_mappings(); # reorder by device if ($firewallZoneMapping !== false) { # devices $devices = array(); # add foreach ($firewallZoneMapping as $m) { $devices[$m->deviceId][] = $m; } } # display a link to the firewall zone management admin site print "<h4>" . _(' Firewall Zones') . "</h4><hr>"; // manage link for admins if ($User->is_admin(false)) { print "<a href='" . create_link('administration', 'firewall-zones') . "' class='btn btn-sm btn-default'><i class='fa fa-pencil'></i> " . _('Manage zones') . "</a>"; } print "<br><br>";
<?php /** * firewall zone zones-result.php * verify and update zone informations *****************************************/ # functions require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize classes $Database = new Database_PDO(); $User = new User($Database); $Result = new Result(); $Zones = new FirewallZones($Database); # validate session parameters $User->check_user_session(); # validate the action type if ($_POST['action'] != 'add' && $_POST['action'] != 'delete') { $Result->show("danger", _("Invalid action."), true); } # check the mastersubnet ID. valid value: integer if ($_POST['masterSubnetId'] && !preg_match('/^[0-9]+$/i', $_POST['masterSubnetId'])) { $Result->show("danger", _("Invalid subnet ID."), true); } elseif (!$_POST['masterSubnetId']) { $Result->show("danger", _("Please choose a appropriate network to bind to the firewall zone."), true); } # validate network ID informations if ($_POST['network']) { foreach ($_POST['network'] as $network) { if (!preg_match('/^[0-9]+$/i', $network)) { $Result->show("danger", _("Invalid network ID."), true); }
$vrfText = $vrf['name']; if (!empty($vrf['description'])) { $vrfText .= " [{$vrf['description']}]"; } print "<tr>"; print "\t<th>" . _('VRF') . "</th>"; print "\t<td>{$vrfText}</td>"; print "</tr>"; } # FW zone info if ($User->settings->enableFirewallZones == 1) { # search $zone_check = $Tools->fetch_object("firewallZones", "subnetId", $subnet['id']); if ($zone_check !== false) { # class $Zones = new FirewallZones($Database); $zone = $Zones->get_zone_mapping($zone_check->id); if ($zone !== false) { // alias fix $zone->alias = strlen($zone->alias) > 0 ? "(" . $zone->alias . ")" : ""; $zone->description = strlen($zone->description) > 0 ? " - " . $zone->description : ""; $zone->interface = strlen($zone->interface) > 0 ? "(" . $zone->interface . ")" : ""; # divider print "<tr>"; print "\t<td colspan='2'><hr></td>"; print "</tr>"; # zone details print "<tr>"; print "\t<th>" . _('Firewall Zone') . "</th>"; print "\t<td>"; print $zone->zone . " " . $zone->alias . " " . $zone->description . "<br>" . $zone->deviceName . " " . $zone->interface;
<?php /** * firewall zone ajax.php * deliver content for ajax requests **************************************/ # functions require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Subnets = new Subnets($Database); $Result = new Result(); $Zones = new FirewallZones($Database); $Tools = new Tools($Database); # verify that user is logged in $User->check_user_session(); # generate a dropdown list for all subnets within a section if ($_POST['operation'] == 'fetchSectionSubnets') { if ($_POST['sectionId']) { if (preg_match('/^[0-9]+$/i', $_POST['sectionId'])) { $sectionId = $_POST['sectionId']; print $Subnets->print_mastersubnet_dropdown_menu($sectionId); } else { $Result->show('danger', _('Invalid ID.'), true); } } } # deliver zone details if ($_POST['operation'] == 'deliverZoneDetail') {
<?php // firewall zone ajax.php // deliver content for ajax requests // functions require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize user object $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Subnets = new Subnets($Database); $Result = new Result(); $Zones = new FirewallZones($Database); # verify that user is logged in $User->check_user_session(); if ($_POST['sectionId']) { if (preg_match('/^[0-9]+$/i', $_POST['sectionId'])) { $sectionId = $_POST['sectionId']; print $Subnets->print_mastersubnet_dropdown_menu($sectionId); } else { $Result->show('danger', _('Invalid ID.'), true); } } if ($_POST['vlanDomain']) { if (preg_match('/^[0-9]+$/i', $_POST['vlanDomain'])) { $vlanDomain = $_POST['vlanDomain']; $vlans = $Admin->fetch_multiple_objects("vlans", "domainId", $vlanDomain, "number"); print '<select name="vlanId" class="form-control input-sm input-w-auto input-max-200">'; if ($vlans == false) { print '<option disabled selected>' . _('No VLAN available') . '</option>'; } else {
<?php // firewall zone zones-result.php // verify and update zone informations # functions require dirname(__FILE__) . '/../../../functions/functions.php'; # initialize classes $Database = new Database_PDO(); $User = new User($Database); $Admin = new Admin($Database); $Result = new Result(); $Zones = new FirewallZones($Database); # validate session parameters $User->check_user_session(); // fetch module settings $firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true); // validations // validate the action type if ($_POST['action'] != 'add' && $_POST['action'] != 'delete' && $_POST['action'] != 'edit') { $Result->show("danger", _("Invalid action."), true); } // check the zone name. valid values are alphanumeric characters and special characters like ".-_ " if ($_POST['zone'] && !preg_match('/^[0-9a-zA-Z.\\-_ ]+$/i', $_POST['zone'])) { $Result->show("danger", _("Invalid zone name value."), true); } if ($firewallZoneSettings['zoneGenerator'] == "2") { if (strlen(@$_POST['zone']) < 3 || strlen(@$_POST['zone']) > $firewallZoneSettings['zoneLength']) { $Result->show("danger", _("Invalid zone name length."), true); } } // check the zone indicator ID. valid values are 0 or 1.