$filterent['created'] = $a_filter[$id]['created'];
        }
        $filterent['updated'] = make_config_revision_entry();
        // Allow extending of the firewall edit page and include custom input validation
        pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
        if (isset($id) && $a_filter[$id]) {
            $a_filter[$id] = $filterent;
        } else {
            $filterent['created'] = make_config_revision_entry();
            if (is_numeric($after)) {
                array_splice($a_filter, $after + 1, 0, array($filterent));
            } else {
                $a_filter[] = $filterent;
            }
        }
        filter_rules_sort();
        if (write_config()) {
            mark_subsystem_dirty('filter');
        }
        if (isset($_POST['floating'])) {
            header("Location: firewall_rules.php?if=FloatingRules");
        } else {
            header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
        }
        exit;
    }
}
$pgtitle = array(gettext("Firewall"), gettext("Rules"), gettext("Edit"));
$shortcut_section = "firewall";
$closehead = false;
$page_filename = "firewall_rules_edit.php";
예제 #2
0
function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipproto)
{
    global $config;
    /* No rules, start a new array */
    if (!is_array($config['filter']['rule'])) {
        $config['filter']['rule'] = array();
    }
    filter_rules_sort();
    $a_filter =& $config['filter']['rule'];
    /* Make up a new rule */
    $filterent = array();
    $filterent['type'] = 'pass';
    $filterent['interface'] = $int;
    $filterent['ipprotocol'] = $ipproto;
    $filterent['descr'] = gettext("Easy Rule: Passed from Firewall Log View");
    if ($proto != "any") {
        $filterent['protocol'] = $proto;
    } else {
        unset($filterent['protocol']);
    }
    /* Default to only allow echo requests, since that's what most people want and
     *  it should be a safe choice. */
    if ($proto == "icmp") {
        $filterent['icmptype'] = 'echoreq';
    }
    if (strtolower($proto) == "icmp6" || strtolower($proto) == "icmpv6") {
        $filterent['protocol'] = "icmp";
    }
    if (is_subnet($srchost)) {
        list($srchost, $srcmask) = explode("/", $srchost);
    } elseif (is_specialnet($srchost)) {
        $srcmask = 0;
    } elseif (is_ipaddrv6($srchost)) {
        $srcmask = 128;
    } else {
        $srcmask = 32;
    }
    if (is_subnet($dsthost)) {
        list($dsthost, $dstmask) = explode("/", $dsthost);
    } elseif (is_specialnet($dsthost)) {
        $dstmask = 0;
    } elseif (is_ipaddrv6($dsthost)) {
        $dstmask = 128;
    } else {
        $dstmask = 32;
    }
    pconfig_to_address($filterent['source'], $srchost, $srcmask);
    pconfig_to_address($filterent['destination'], $dsthost, $dstmask, '', $dstport, $dstport);
    $filterent['created'] = make_config_revision_entry(null, gettext("Easy Rule"));
    $a_filter[] = $filterent;
    write_config($filterent['descr']);
    $retval = filter_configure();
    return true;
}