function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = "inet") { /* Check for valid int, srchost, dsthost, dstport, and proto */ $protocols_with_ports = array('tcp', 'udp'); $src = trim($src, "[]"); $dst = trim($dst, "[]"); if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) { $int = easyrule_find_rule_interface($int); if ($int === false) { return gettext("Invalid interface for pass rule:") . ' ' . htmlspecialchars($int); } if (getprotobyname($proto) == -1) { return gettext("Invalid protocol for pass rule:") . ' ' . htmlspecialchars($proto); } if (!is_ipaddr($src) && !is_subnet($src) && !is_ipaddroralias($src) && !is_specialnet($src)) { return gettext("Tried to pass invalid source IP:") . ' ' . htmlspecialchars($src); } if (!is_ipaddr($dst) && !is_subnet($dst) && !is_ipaddroralias($dst) && !is_specialnet($dst)) { return gettext("Tried to pass invalid destination IP:") . ' ' . htmlspecialchars($dst); } if (in_array($proto, $protocols_with_ports)) { if (empty($dstport)) { return gettext("Missing destination port:") . ' ' . htmlspecialchars($dstport); } if (!is_port($dstport) && $dstport != "any") { return gettext("Tried to pass invalid destination port:") . ' ' . htmlspecialchars($dstport); } } else { $dstport = 0; } /* Should have valid input... */ if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport, $ipproto)) { return gettext("Successfully added pass rule!"); } else { return gettext("Failed to add pass rule."); } } else { return gettext("Missing parameters for pass rule."); } return gettext("Unknown pass error."); }
} if ($_POST['dsttype'] == "network") { if (is_alias($_POST['dst'])) { $input_errors[] = gettext("You must specify single host or alias for alias entries."); } } if (!is_specialnet($_POST['srctype'])) { if ($_POST['src'] && !is_ipaddroralias($_POST['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $_POST['src']); } if ($_POST['srcmask'] && !is_numericint($_POST['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } } if (!is_specialnet($_POST['dsttype'])) { if ($_POST['dst'] && !is_ipaddroralias($_POST['dst'])) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']); } if ($_POST['dstmask'] && !is_numericint($_POST['dstmask'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } if (is_ipaddr($_POST['src']) && is_ipaddr($_POST['dst'])) { if (!validate_address_family($_POST['src'], $_POST['dst'])) { $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $_POST['src'], $_POST['dst']); } if ((is_ipaddrv6($_POST['src']) || is_ipaddrv6($_POST['dst'])) && $_POST['ipprotocol'] == "inet") { $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules."); } if ((is_ipaddrv4($_POST['src']) || is_ipaddrv4($_POST['dst'])) && $_POST['ipprotocol'] == "inet6") { $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
if ($protocol_uses_ports && $_POST['dstport'] != "" && !(is_portoralias($_POST['dstport']) || is_portrange($_POST['dstport']))) { $input_errors[] = gettext("A valid port or port alias must be supplied for the destination port entry."); } if ($protocol_uses_ports && $_POST['natport'] != "" && !(is_portoralias($_POST['natport']) || is_portrange($_POST['natport'])) && !isset($_POST['nonat'])) { $input_errors[] = gettext("A valid port must be supplied for the NAT port entry."); } if ($_POST['source_type'] != "any" && $_POST['source_type'] != "(self)") { if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] != "any") { $input_errors[] = gettext("A valid source must be specified."); } } if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if ($_POST['destination_type'] != "any") { if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) { $input_errors[] = gettext("A valid destination must be specified."); } } if ($_POST['destination_subnet'] && !is_numericint($_POST['destination_subnet'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } if ($_POST['destination_type'] == "any") { if ($_POST['destination_not']) { $input_errors[] = gettext("Negating destination address of \"any\" is invalid."); } } if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) { $input_errors[] = gettext("A valid target IP address must be specified."); } if ($_POST['target'] == "other-subnet") {
$reqdfieldsn = array(gettext("IP Address"), gettext("Name"), gettext("Relay Protocol")); break; } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) { if ($_POST['name'] == $config['load_balancer']['virtual_server'][$i]['name'] && $i != $id) { $input_errors[] = gettext("This virtual server name has already been used. Virtual server names must be unique."); } } if (preg_match('/[ \\/]/', $_POST['name'])) { $input_errors[] = gettext("You cannot use spaces or slashes in the 'name' field."); } if ($_POST['port'] != "" && !is_portoralias($_POST['port'])) { $input_errors[] = gettext("The port must be an integer between 1 and 65535, a port alias, or left blank."); } if (!is_ipaddroralias($_POST['ipaddr']) && !is_subnetv4($_POST['ipaddr'])) { $input_errors[] = sprintf(gettext("%s is not a valid IP address, IPv4 subnet, or alias."), $_POST['ipaddr']); } else { if (is_subnetv4($_POST['ipaddr']) && subnet_size($_POST['ipaddr']) > 64) { $input_errors[] = sprintf(gettext("%s is a subnet containing more than 64 IP addresses."), $_POST['ipaddr']); } } if (strtolower($_POST['relay_protocol']) == "dns" && !empty($_POST['sitedown'])) { $input_errors[] = gettext("You cannot select a Fall Back Pool when using the DNS relay protocol."); } if (!$input_errors) { $vsent = array(); if (isset($id) && $a_vs[$id]) { $vsent = $a_vs[$id]; } if ($vsent['name'] != "") {
$reqdfields = explode(" ", "interface external src dst"); $reqdfieldsn = array(gettext("Interface"), gettext("External subnet"), gettext("Source address"), gettext("Destination address")); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); /* For external, user can enter only ip's */ if (!empty($pconfig['external']) && !is_ipaddr($_POST['external'])) { $input_errors[] = gettext("A valid external subnet must be specified."); } /* For src, user can enter only ip's or networks */ if (!is_specialnet($pconfig['src']) && !is_ipaddroralias($pconfig['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']); } if (!empty($pconfig['srcmask']) && !is_numericint($pconfig['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } /* For dst, user can enter ip's, networks or aliases */ if (!is_specialnet($pconfig['dst']) && !is_ipaddroralias($pconfig['dst'])) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']); } if (!empty($pconfig['dstmask']) && !is_numericint($pconfig['dstmask'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } if (count($input_errors) == 0) { $natent = array(); // 1-on-1 copy $natent['external'] = $pconfig['external']; $natent['descr'] = $pconfig['descr']; $natent['interface'] = $pconfig['interface']; // copy form data with some kind of logic in it $natent['disabled'] = isset($_POST['disabled']) ? true : false; pconfig_to_address($natent['source'], $pconfig['src'], $pconfig['srcmask'], !empty($pconfig['srcnot'])); pconfig_to_address($natent['destination'], $pconfig['dst'], $pconfig['dstmask'], !empty($pconfig['dstnot']));
if ((is_alias($pconfig['srcbeginport']) || is_alias($pconfig['srcendport'])) && $pconfig['srcbeginport'] != $pconfig['srcendport']) { $input_errors[] = gettext('When selecting aliases for source ports, both from and to fields must be the same'); } if ((is_alias($pconfig['dstbeginport']) || is_alias($pconfig['dstendport'])) && $pconfig['dstbeginport'] != $pconfig['dstendport']) { $input_errors[] = gettext('When selecting aliases for destination ports, both from and to fields must be the same'); } if (!is_specialnet($pconfig['src'])) { if (!is_ipaddroralias($pconfig['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']); } if (!is_numericint($pconfig['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } } if (!is_specialnet($pconfig['dst'])) { if (!is_ipaddroralias($pconfig['dst'])) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']); } if (!is_numericint($pconfig['dstmask'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } } if (is_ipaddr($pconfig['src']) && is_ipaddr($pconfig['dst'])) { if (!validate_address_family($pconfig['src'], $pconfig['dst'])) { $input_errors[] = sprintf(gettext("The Source IP address %s Address Family differs from the destination %s."), $pconfig['src'], $pconfig['dst']); } if ((is_ipaddrv6($pconfig['src']) || is_ipaddrv6($pconfig['dst'])) && $pconfig['ipprotocol'] == "inet") { $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules."); } if ((is_ipaddrv4($pconfig['src']) || is_ipaddrv4($pconfig['dst'])) && $pconfig['ipprotocol'] == "inet6") { $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules.");
$input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); } if (!empty($pconfig['dstport']) && !is_portoralias($pconfig['dstport'])) { $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); } if (!empty($pconfig['natport']) && !is_port($pconfig['natport']) && empty($pconfig['nonat'])) { $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); } } if (!(in_array($pconfig['source'], array("any", "(self)")) || is_ipaddroralias($pconfig['source']))) { $input_errors[] = gettext("A valid source must be specified."); } if (!empty($pconfig['source_subnet']) && !is_numericint($pconfig['source_subnet'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if (!(in_array($pconfig['destination'], array("any", "(self)")) || is_ipaddroralias($pconfig['destination']))) { $input_errors[] = gettext("A valid destination must be specified."); } if (!empty($pconfig['destination_subnet']) && !is_numericint($pconfig['destination_subnet'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } if ($pconfig['destination'] == "any" && !empty($pconfig['destination_not'])) { $input_errors[] = gettext("Negating destination address of \"any\" is invalid."); } if (!empty($pconfig['targetip']) && !is_ipaddr($pconfig['targetip']) && !is_subnet($pconfig['targetip']) && !is_alias($pconfig['targetip']) && empty($pconfig['nonat'])) { $input_errors[] = gettext("A valid target IP address must be specified."); } /* Verify Pool Options */ if (!empty($pconfig['targetip']) && !is_alias($pconfig['targetip']) && substr($pconfig['poolopts'], 0, 11) == "round-robin") { $input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias."); }
} } if (!preg_match("/.{2,}/", $acl_name)) { $input_errors[] = "The field 'Name' is required with at least 2 characters."; } } foreach ($a_extaddr as $extaddr) { $ports = explode(",", $extaddr['extaddr_port']); foreach ($ports as $port) { if ($port && !is_numeric($port) && !is_portoralias($port)) { $input_errors[] = "The field 'Port' value '" . htmlspecialchars($port) . "' is not a number or alias thereof."; } } if ($extaddr['extaddr'] == 'custom') { $extaddr_custom = $extaddr['extaddr_custom']; if (empty($extaddr_custom) || !is_ipaddroralias($extaddr_custom)) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $extaddr_custom); } } } if (!$input_errors) { $backend = array(); if (isset($id) && $a_backend[$id]) { $backend = $a_backend[$id]; } if ($backend['name'] != "") { $changedesc .= " modified '{$backend['name']}' pool:"; } // update references to this primary frontend if ($backend['name'] != $_POST['name']) { foreach ($a_backend as &$frontend) {
$reqdfields = explode(" ", "interface proto localip"); $reqdfieldsn = explode(",", "Interface,Protocol,NAT IP"); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if ($_POST['localip'] && !is_ipaddroralias($_POST['localip'])) { $input_errors[] = "\"{$_POST['localip']}\" geçerli bir NAT IP adresi vey ahost alias değildir."; } /* only validate the ports if the protocol is TCP, UDP or TCP/UDP */ if (strtoupper($_POST['proto']) == "TCP" or strtoupper($_POST['proto']) == "UDP" or strtoupper($_POST['proto']) == "TCP/UDP") { if ($_POST['beginport'] && !is_ipaddroralias($_POST['beginport']) && !is_port($_POST['beginport'])) { $input_errors[] = "Başlangıç portu 1 ile 65535 arasında bir tamsayı olmalıdır."; } if ($_POST['endport'] && !is_ipaddroralias($_POST['endport']) && !is_port($_POST['endport'])) { $input_errors[] = "Bitiş portu 1 ile 65535 arasında bir değer olmalıdır."; } if ($_POST['localbeginport'] && !is_ipaddroralias($_POST['localbeginport']) && !is_port($_POST['localbeginport'])) { $input_errors[] = "Yerel port tamsayı ve 1 ile 65535 arasında bir değer olmalıdır."; } if ($_POST['beginport'] > $_POST['endport']) { /* swap */ $tmp = $_POST['endport']; $_POST['endport'] = $_POST['beginport']; $_POST['beginport'] = $tmp; } if (!$input_errors) { if ($_POST['endport'] - $_POST['beginport'] + $_POST['localbeginport'] > 65535) { $input_errors[] = "Hedef port 1 ile 65535 arasında bir değer olmalıdır."; } } } /* check for overlaps */