$acl_entry = array();
$acl_entry['aclid'] = $pconfig['aclid'];
$acl_entry['aclname'] = $pconfig['aclname'];
$acl_entry['aclaction'] = $pconfig['aclaction'];
$acl_entry['description'] = $pconfig['description'];
$acl_entry['aclid'] = $pconfig['aclid'];
$acl_entry['row'] = array();
foreach ($networkacl as $acl) {
$acl_entry['row'][] = $acl;
}
if (isset($id) && $a_acls[$id]) {
$a_acls[$id] = $acl_entry;
} else {
$a_acls[] = $acl_entry;
}
mark_subsystem_dirty("unbound");
write_config();
pfSenseHeader("/services_unbound_acls.php");
exit;
}
}
}
}
}
$actionHelp = '<span class="text-success"><strong>Deny:</strong></span> Stops queries from hosts within the netblock defined below.' . '<br />' . '<span class="text-success"><strong>Refuse:</strong></span> Stops queries from hosts within the netblock defined below, but sends a DNS rcode REFUSED error message back to the client.' . '<br />' . '<span class="text-success"><strong>Allow:</strong></span> Allow queries from hosts within the netblock defined below.' . '<br />' . '<span class="text-success"><strong>Allow Snoop:</strong></span> Allow recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.';
$pgtitle = array(gettext("Services"), gettext("DNS Resolver"), gettext("Access Lists"));
$shortcut_section = "resolver";
include "head.inc";
if ($input_errors) {
print_input_errors($input_errors);
}
}
}
if ($mode == "reinstallpackages") {
header("Location: pkg_mgr_install.php?mode=reinstallall");
exit;
} else {
if ($mode == "clearpackagelock") {
clear_subsystem_dirty('packagelock');
$savemsg = "Package Lock Cleared";
} else {
if ($mode == "restore_ver") {
$input_errors[] = gettext("XXX - this feature may hose your config (do NOT backrev configs!) - billm");
if ($ver2restore != "") {
$conf_file = "{$g['cf_conf_path']}/bak/config-" . strtotime($ver2restore) . ".xml";
if (config_install($conf_file) == 0) {
mark_subsystem_dirty("restore");
} else {
$input_errors[] = gettext("The configuration could not be restored.");
}
} else {
$input_errors[] = gettext("No version selected.");
}
}
}
}
}
}
$id = rand() . '.' . time();
$mth = ini_get('upload_progress_meter.store_method');
$dir = ini_get('upload_progress_meter.file.filename_template');
function build_area_list($showall)
}
}
if ($_GET['act'] == "del") {
if ($_GET['type'] == 'host') {
if ($a_hosts[$_GET['id']]) {
unset($a_hosts[$_GET['id']]);
write_config();
mark_subsystem_dirty('unbound');
header("Location: services_unbound.php");
exit;
}
} elseif ($_GET['type'] == 'doverride') {
if ($a_domainOverrides[$_GET['id']]) {
unset($a_domainOverrides[$_GET['id']]);
write_config();
mark_subsystem_dirty('unbound');
header("Location: services_unbound.php");
exit;
}
}
}
function build_if_list($selectedifs)
{
$interface_addresses = get_possible_listen_ips(true);
$iflist = array('options' => array(), 'selected' => array());
$iflist['options']['all'] = gettext("All");
if (empty($selectedifs) || empty($selectedifs[0]) || in_array("all", $selectedifs)) {
array_push($iflist['selected'], "all");
}
foreach ($interface_addresses as $laddr => $ldescr) {
$iflist['options'][$laddr] = htmlspecialchars($ldescr);
}
$tmp = rtrim($tmp, "||");
if (!empty($tmp)) {
$a_rule[$id]['rule_sid_off'] = $tmp;
} else {
unset($a_rule[$id]['rule_sid_off']);
}
// We changed a rule state, remind user to apply the changes
mark_subsystem_dirty('suricata_rules');
write_config("Suricata pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}.");
} elseif ($_POST['resetall'] && !empty($rules_map)) {
// Remove all modified SIDs from config.xml and save the changes.
unset($a_rule[$id]['rule_sid_on']);
unset($a_rule[$id]['rule_sid_off']);
// We changed a rule state, remind user to apply the changes
mark_subsystem_dirty('suricata_rules');
/* Update the config.xml file. */
write_config("Suricata pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}.");
} elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
write_config("Suricata pkg: clear all custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
conf_mount_rw();
suricata_generate_yaml($a_rule[$id]);
conf_mount_ro();
$rebuild_rules = false;
$pconfig['customrules'] = '';
// Sync to configured CARP slaves if any are enabled
suricata_sync_on_changes();
} elseif ($_POST['cancel']) {
$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
$retval = 0;
$retval |= filter_configure();
$retval |= relayd_configure();
$savemsg = get_std_save_message($retval);
/* Wipe out old relayd anchors no longer in use. */
cleanup_lb_marked();
clear_subsystem_dirty('loadbalancer');
}
}
if ($_GET['act'] == "del") {
if (array_key_exists($_GET['id'], $a_vs)) {
if (!$input_errors) {
cleanup_lb_mark_anchor($a_vs[$_GET['id']]['name']);
unset($a_vs[$_GET['id']]);
write_config();
mark_subsystem_dirty('loadbalancer');
header("Location: load_balancer_virtual_server.php");
exit;
}
}
}
/* Index lbpool array for easy hyperlinking */
$poodex = array();
for ($i = 0; isset($config['load_balancer']['lbpool'][$i]); $i++) {
$poodex[$config['load_balancer']['lbpool'][$i]['name']] = $i;
}
for ($i = 0; isset($config['load_balancer']['virtual_server'][$i]); $i++) {
if ($a_vs[$i]) {
$a_vs[$i]['mode'] = htmlspecialchars($a_vs[$i]['mode']);
$a_vs[$i]['relay_protocol'] = htmlspecialchars($a_vs[$i]['relay_protocol']);
$a_vs[$i]['poolname'] = "<a href=\"/load_balancer_pool_edit.php?id={$poodex[$a_vs[$i]['poolname']]}\">" . htmlspecialchars($a_vs[$i]['poolname']) . "</a>";
$mapent['ipaddrv6'] = $_POST['ipaddrv6'];
$mapent['hostname'] = $_POST['hostname'];
$mapent['descr'] = $_POST['descr'];
$mapent['filename'] = $_POST['filename'];
$mapent['rootpath'] = $_POST['rootpath'];
if (isset($id) && $a_maps[$id]) {
$a_maps[$id] = $mapent;
} else {
$a_maps[] = $mapent;
}
staticmaps_sort($if);
write_config();
if (isset($config['dhcpdv6'][$if]['enable'])) {
mark_subsystem_dirty('staticmaps');
if (isset($config['dnsmasq']['regdhcpstatic'])) {
mark_subsystem_dirty('hosts');
}
}
header("Location: services_dhcpv6.php?if={$if}");
exit;
}
}
$pgtitle = array(gettext("Services"), gettext("DHCPv6"), gettext("Edit static mapping"));
$statusurl = "status_dhcpv6_leases.php";
$logurl = "diag_logs_dhcp.php";
include "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
}
$address .= $_POST["address{$x}"];
$address .= "/" . $_POST["address_subnet{$x}"];
$isfirst++;
}
}
if (!$input_errors) {
$igmpentry['address'] = $address;
$igmpentry['descr'] = $_POST['descr'];
if (isset($id) && $a_igmpproxy[$id]) {
$a_igmpproxy[$id] = $igmpentry;
} else {
$a_igmpproxy[] = $igmpentry;
}
write_config();
mark_subsystem_dirty('igmpproxy');
header("Location: services_igmpproxy.php");
exit;
} else {
$pconfig['descr'] = $_POST['descr'];
$pconfig['address'] = $address;
$pconfig['type'] = $_POST['type'];
}
}
include "head.inc";
?>
<body>
<?php
include "fbegin.inc";
?>
clear_subsystem_dirty('shaper');
if ($queue) {
$output_form .= $queue->build_form();
$dontshow = false;
} else {
$output_form .= $default_shaper_message;
$dontshow = true;
}
} else {
if ($queue) {
$queue->validate_input($_POST, &$input_errors);
if (!$input_errors) {
$queue->update_altq_queue_data($_POST);
$queue->wconfig();
write_config();
mark_subsystem_dirty('shaper');
$dontshow = false;
}
read_altq_config();
$output_form .= $queue->build_form();
} else {
$output_form .= "<p class=\"pgtitle\">" . $default_shaper_msg . "</p>";
$dontshow = true;
}
}
}
}
mwexec("killall qstats");
} else {
$output_form .= "<p class=\"pgtitle\">" . $default_shaper_msg . "</p>";
$dontshow = true;
if (isset($id) && $a_secret[$id]) {
$secretent = $a_secret[$id];
}
$secretent['name'] = $_POST['username'];
$secretent['ip'] = $_POST['ip'];
if ($_POST['passwordfld1']) {
$secretent['password'] = $_POST['passwordfld1'];
}
if (isset($id) && $a_secret[$id]) {
$a_secret[$id] = $secretent;
} else {
$a_secret[] = $secretent;
}
pptpd_users_sort();
write_config();
mark_subsystem_dirty('pptpusers');
header("Location: vpn_pptp_users.php");
exit;
}
}
$pgtitle = array(gettext("VPN"), gettext("VPN PPTP"), gettext("User"), gettext("Edit"));
$shortcut_section = "pptps";
include "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
if ($input_errors) {
print_input_errors($input_errors);
}
?>
if (!empty($tmp)) {
$a_rule[$id]['rule_sid_off'] = $tmp;
} else {
unset($a_rule[$id]['rule_sid_off']);
}
write_config("Snort pkg: remove enablesid/disablesid changes for category {$currentruleset} on {$a_rule[$id]['interface']}.");
// We changed a rule state, remind user to apply the changes
mark_subsystem_dirty('snort_rules');
} elseif ($_POST['resetall'] && !empty($rules_map)) {
// Remove all modified SIDs from config.xml and save the changes.
unset($a_rule[$id]['rule_sid_on']);
unset($a_rule[$id]['rule_sid_off']);
/* Update the config.xml file. */
write_config("Snort pkg: remove all enablesid/disablesid changes for {$a_rule[$id]['interface']}.");
// We changed a rule state, remind user to apply the changes
mark_subsystem_dirty('snort_rules');
} else {
if ($_POST['cancel']) {
$pconfig['customrules'] = base64_decode($a_rule[$id]['customrules']);
clear_subsystem_dirty('snort_rules');
} elseif ($_POST['clear']) {
unset($a_rule[$id]['customrules']);
write_config("Snort pkg: clear all custom rules for {$a_rule[$id]['interface']}.");
$rebuild_rules = true;
conf_mount_rw();
snort_generate_conf($a_rule[$id]);
conf_mount_ro();
$rebuild_rules = false;
$pconfig['customrules'] = '';
// Sync to configured CARP slaves if any are enabled
snort_sync_on_changes();
if (!is_subsystem_dirty('rebootreq')) {
$retval = vpn_l2tp_configure();
}
$savemsg = get_std_save_message();
if ($retval == 0) {
if (is_subsystem_dirty('l2tpusers')) {
clear_subsystem_dirty('l2tpusers');
}
}
}
}
if ($_GET['act'] == "del") {
if ($a_secret[$_GET['id']]) {
unset($a_secret[$_GET['id']]);
write_config();
mark_subsystem_dirty('l2tpusers');
header("Location: vpn_l2tp_users.php");
exit;
}
}
include "head.inc";
$main_buttons = array(array('label' => gettext("add user"), 'href' => 'vpn_l2tp_users_edit.php'));
?>
<body>
<?php
include "fbegin.inc";
?>
<section class="page-content-main">
<div class="container-fluid">
$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
}
if ($_POST['blist_del'] && is_numericint($_POST['list_id'])) {
$pconfig = $_POST;
unset($a_nat[$id]['blist_files']['item'][$_POST['list_id']]);
write_config("Snort pkg: deleted blacklist file for IP REPUTATION preprocessor.");
mark_subsystem_dirty('snort_iprep');
$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
}
if ($_POST['wlist_del'] && is_numericint($_POST['list_id'])) {
$pconfig = $_POST;
unset($a_nat[$id]['wlist_files']['item'][$_POST['list_id']]);
write_config("Snort pkg: deleted whitelist file for IP REPUTATION preprocessor.");
mark_subsystem_dirty('snort_iprep');
$pconfig['wlist_files'] = $a_nat[$id]['wlist_files'];
$pconfig['blist_files'] = $a_nat[$id]['blist_files'];
}
if ($_POST['save'] || $_POST['apply']) {
$natent = array();
$natent = $pconfig;
if (!is_numericint($_POST['iprep_memcap']) || strval($_POST['iprep_memcap']) < 1 || strval($_POST['iprep_memcap']) > 4095) {
$input_errors[] = gettext("The value for Memory Cap must be an integer between 1 and 4095.");
}
// if no errors write to conf
if (!$input_errors) {
$natent['reputation_preproc'] = $_POST['reputation_preproc'] ? 'on' : 'off';
$natent['iprep_scan_local'] = $_POST['iprep_scan_local'] ? 'on' : 'off';
$natent['iprep_memcap'] = $_POST['iprep_memcap'];
$natent['iprep_priority'] = $_POST['iprep_priority'];
}
}
}
if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) {
$input_errors[] = gettext("The image file is corrupt.");
unlink("{$g['upload_path']}/firmware.tgz");
}
}
}
}
run_plugins("/usr/local/pkg/firmware_upgrade");
/* Check for input errors, firmware locks, warnings, then check for firmware if sig_override is set */
if (!$input_errors && !is_subsystem_dirty('firmwarelock') && (!$sig_warning || $_POST['sig_override'])) {
if (file_exists("{$g['upload_path']}/firmware.tgz")) {
/* fire up the update script in the background */
mark_subsystem_dirty('firmwarelock');
$savemsg = gettext("The firmware is now being updated. The firewall will reboot automatically.");
if (stristr($_FILES['ulfile']['name'], "nanobsd") or $_POST['isnano'] == "yes") {
mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade {$g['upload_path']}/firmware.tgz");
} else {
if ($g['platform'] == "nanobsd") {
$whichone = "pfSenseNanoBSDupgrade";
} else {
$whichone = "pfSenseupgrade";
}
mwexec_bg("/etc/rc.firmware {$whichone} {$g['upload_path']}/firmware.tgz");
unset($whichone);
}
} else {
$savemsg = sprintf(gettext("Firmware image missing or other error, please try again %s."), $errortext);
}
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply"));
} else {
$toapplylist = array();
}
$toapplylist[$id] = $a_vip[$id];
if (!empty($a_vip[$id])) {
/* modify all virtual IP rules with this address */
for ($i = 0; isset($config['nat']['rule'][$i]); $i++) {
if ($config['nat']['rule'][$i]['destination']['address'] == $a_vip[$id]['subnet']) {
$config['nat']['rule'][$i]['destination']['address'] = $vipent['subnet'];
}
}
}
$a_vip[$id] = $vipent;
if (write_config()) {
mark_subsystem_dirty('vip');
file_put_contents("{$g['tmp_path']}/.firewall_virtual_ip.apply", serialize($toapplylist));
}
header("Location: firewall_virtual_ip.php");
exit;
}
}
$ipaliashelp = gettext('The mask must be the network\'s subnet mask. It does not specify a CIDR range.');
$proxyarphelp = gettext('Enter a CIDR block of proxy ARP addresses.');
$pgtitle = array(gettext("Firewall"), gettext("Virtual IP Address"), gettext("Edit"));
include "head.inc";
function build_if_list()
{
$list = array();
$interfaces = get_configured_interface_with_descr(false, true);
$carplist = get_configured_carp_interface_list();
if (count($pconfig['item']) == 0) {
$input_errors[] = gettext("No gateway(s) have been selected to be used in this group");
}
if (!$input_errors) {
$gateway_group = array();
$gateway_group['name'] = $_POST['name'];
$gateway_group['item'] = $pconfig['item'];
$gateway_group['trigger'] = $_POST['trigger'];
$gateway_group['descr'] = $_POST['descr'];
if (isset($id) && $a_gateway_groups[$id]) {
$a_gateway_groups[$id] = $gateway_group;
} else {
$a_gateway_groups[] = $gateway_group;
}
mark_subsystem_dirty('staticroutes');
mark_subsystem_dirty('gwgroup.' . $gateway_group['name']);
write_config();
header("Location: system_gateway_groups.php");
exit;
}
}
$pgtitle = array(gettext("System"), gettext("Routing"), gettext("Gateway Groups"), gettext("Edit"));
$shortcut_section = "gateway-groups";
function build_gateway_protocol_map(&$a_gateways)
{
$result = array();
foreach ($a_gateways as $gwname => $gateway) {
$result[$gwname] = $gateway['ipprotocol'];
}
return $result;
}
if (write_config()) {
mark_subsystem_dirty('natconf');
}
header("Location: firewall_nat_1to1.php");
exit;
}
} else {
if ($_GET['act'] == "toggle") {
if ($a_1to1[$_GET['id']]) {
if (isset($a_1to1[$_GET['id']]['disabled'])) {
unset($a_1to1[$_GET['id']]['disabled']);
} else {
$a_1to1[$_GET['id']]['disabled'] = true;
}
if (write_config(gettext("Firewall: NAT: 1:1, enable/disable NAT rule"))) {
mark_subsystem_dirty('natconf');
}
header("Location: firewall_nat_1to1.php");
exit;
}
}
}
$pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("1:1"));
include "head.inc";
if ($savemsg) {
print_info_box($savemsg, 'success');
}
if (is_subsystem_dirty('natconf')) {
print_apply_box(gettext('The NAT configuration has been changed.') . '<br />' . gettext('You must apply the changes in order for them to take effect.'));
}
$tab_array = array();
break;
}
}
/* Only relocate the entry if we */
/* found it, and it's not already */
/* at the end. */
if ($i > -1 && $i < count($a_nat) - 1) {
$tmp = $a_nat[$i];
unset($a_nat[$i]);
$a_nat[] = $tmp;
}
}
/* Now write the new engine array to conf */
write_config("Snort pkg: modified ftp_telnet_server engine settings.");
// We have saved a preproc config change, so set "dirty" flag
mark_subsystem_dirty('snort_preprocessors');
header("Location: /snort/snort_preprocessors.php?id={$id}#ftp_telnet_row_ftp_proto_opts");
exit;
}
}
$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['snortglobal']['rule'][$id]['interface']);
$pgtitle = gettext("Snort: Interface {$if_friendly} - FTP Preprocessor Server Engine");
include_once "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
<?php
include "fbegin.inc";
if ($input_errors) {
print_input_errors($input_errors);
if (!empty($pconfig[$fieldname])) {
$client[$fieldname] = $pconfig[$fieldname];
}
}
if (!empty($pconfig['enable'])) {
$client['enable'] = true;
}
if (!empty($pconfig['net_list'])) {
$client['net_list'] = true;
}
if (!empty($pconfig['save_passwd'])) {
$client['save_passwd'] = true;
}
$config['ipsec']['client'] = $client;
write_config();
mark_subsystem_dirty('ipsec');
header("Location: vpn_ipsec_mobile.php");
exit;
}
}
// initialize missing post attributes
foreach (explode(",", $form_fields) as $fieldname) {
$fieldname = trim($fieldname);
if (!isset($pconfig[$fieldname])) {
$pconfig[$fieldname] = null;
}
}
}
legacy_html_escape_form_data($pconfig);
$pgtitle = array(gettext("VPN"), gettext("IPsec"), gettext("Mobile"));
$shortcut_section = "ipsec";
}
/* copy $movebtn route */
if ($movebtn < count($a_routes)) {
$a_routes_new[] = $a_routes[$movebtn];
}
/* copy all routes > $movebtn and not selected */
for ($i = $movebtn + 1; $i < count($a_routes); $i++) {
if (!in_array($i, $_POST['route'])) {
$a_routes_new[] = $a_routes[$i];
}
}
if (count($a_routes_new) > 0) {
$a_routes = $a_routes_new;
}
if (write_config()) {
mark_subsystem_dirty('staticroutes');
}
header("Location: system_routes.php");
exit;
}
}
}
$pgtitle = array(gettext("System"), gettext("Static Routes"));
$shortcut_section = "routing";
include "head.inc";
?>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php
include "fbegin.inc";
?>
}
if (count($users) > 0) {
$pppoecfg['username'] = implode(" ", $users);
}
if (!isset($id)) {
$id = count($a_pppoes);
}
if (file_exists('/tmp/.vpn_pppoe.apply')) {
$toapplylist = unserialize(file_get_contents('/tmp/.vpn_pppoe.apply'));
} else {
$toapplylist = array();
}
$toapplylist[] = $pppoecfg['pppoeid'];
$a_pppoes[$id] = $pppoecfg;
write_config();
mark_subsystem_dirty('vpnpppoe');
file_put_contents('/tmp/.vpn_pppoe.apply', serialize($toapplylist));
header("Location: vpn_pppoe.php");
exit;
}
}
$shortcut_section = "pppoes";
include "head.inc";
?>
<body>
<?php
include "fbegin.inc";
?>
<script type="text/javascript" src="/javascript/row_helper.js"></script>
if (!empty($pconfig['apply'])) {
system_setup_sysctl();
clear_subsystem_dirty('sysctl');
header("Location: system_advanced_sysctl.php");
exit;
} elseif (!empty($pconfig['Submit'])) {
$tunableent = array();
$tunableent['tunable'] = $pconfig['tunable'];
$tunableent['value'] = $pconfig['value'];
$tunableent['descr'] = $pconfig['descr'];
if (isset($id)) {
$a_tunable[$id] = $tunableent;
} else {
$a_tunable[] = $tunableent;
}
mark_subsystem_dirty('sysctl');
write_config();
header("Location: system_advanced_sysctl.php");
exit;
}
}
}
legacy_html_escape_form_data($a_tunable);
if ($act != 'edit') {
$main_buttons = array(array('href' => 'system_advanced_sysctl.php?act=edit', 'label' => gettext('Add a new tunable')));
}
include "head.inc";
?>
<body>
<script type="text/javascript">
}
}
if (isset($wancfg['wireless'])) {
handle_wireless_post();
}
conf_mount_ro();
write_config();
if (file_exists("{$g['tmp_path']}/.interfaces.apply")) {
$toapplylist = unserialize(file_get_contents("{$g['tmp_path']}/.interfaces.apply"));
} else {
$toapplylist = array();
}
$toapplylist[$if]['ifcfg'] = $old_wancfg;
$toapplylist[$if]['ppps'] = $old_ppps;
file_put_contents("{$g['tmp_path']}/.interfaces.apply", serialize($toapplylist));
mark_subsystem_dirty('interfaces');
/* regenerate cron settings/crontab file */
configure_cron();
header("Location: interfaces.php?if={$if}");
exit;
}
}
}
}
// end if ($_POST)
function handle_wireless_post()
{
global $_POST, $config, $g, $wancfg, $if, $wl_countries_attr, $wlanbaseif;
if (!is_array($wancfg['wireless'])) {
$wancfg['wireless'] = array();
}
}
}
if ($tmpdirty == true) {
$a_aliases[$aliasid]['address'] = implode(" ", $tmpaddr);
}
}
}
}
$a_aliases[$id] = $alias;
} else {
$a_aliases[] = $alias;
}
// Sort list
$a_aliases = msort($a_aliases, "name");
if (write_config()) {
mark_subsystem_dirty('aliases');
}
if (!empty($tab)) {
header("Location: firewall_aliases.php?tab=" . htmlspecialchars($tab));
} else {
header("Location: firewall_aliases.php");
}
exit;
} else {
//we received input errors, copy data to prevent retype
$pconfig['name'] = $_POST['name'];
$pconfig['descr'] = $_POST['descr'];
if ($_POST['type'] == 'url' || $_POST['type'] == 'url_ports') {
$pconfig['address'] = implode(" ", $alias['aliasurl']);
} else {
$pconfig['address'] = implode(" ", $address);
$filterent['updated'] = make_config_revision_entry();
// Allow extending of the firewall edit page and include custom input validation
pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/pre_write_config");
if (isset($id) && $a_filter[$id]) {
$a_filter[$id] = $filterent;
} else {
$filterent['created'] = make_config_revision_entry();
if (is_numeric($after)) {
array_splice($a_filter, $after + 1, 0, array($filterent));
} else {
$a_filter[] = $filterent;
}
}
filter_rules_sort();
if (write_config()) {
mark_subsystem_dirty('filter');
}
if (isset($_POST['floating'])) {
header("Location: firewall_rules.php?if=FloatingRules");
} else {
header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
}
exit;
}
}
$pgtitle = array(gettext("Firewall"), gettext("Rules"), gettext("Edit"));
$shortcut_section = "firewall";
$closehead = false;
$page_filename = "firewall_rules_edit.php";
include "head.inc";
?>
$pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
$pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
}
if ($_POST['iprep_catlist_del']) {
$pconfig = $_POST;
unset($a_nat[$id]['iprep_catlist']);
write_config("Suricata pkg: deleted blacklist file for IP REPUTATION preprocessor.");
mark_subsystem_dirty('suricata_iprep');
$pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
$pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
}
if ($_POST['iplist_del'] && is_numericint($_POST['list_id'])) {
$pconfig = $_POST;
unset($a_nat[$id]['iplist_files']['item'][$_POST['list_id']]);
write_config("Suricata pkg: deleted whitelist file for IP REPUTATION preprocessor.");
mark_subsystem_dirty('suricata_iprep');
$pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
$pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
}
if ($_POST['save'] || $_POST['apply']) {
$pconfig['iprep_catlist'] = $a_nat[$id]['iprep_catlist'];
$pconfig['iplist_files'] = $a_nat[$id]['iplist_files'];
// Validate HOST TABLE values
if ($_POST['host_memcap'] < 1000000 || !is_numericint($_POST['host_memcap'])) {
$input_errors[] = gettext("The value for 'Host Memcap' must be a numeric integer greater than 1MB (1,048,576!");
}
if ($_POST['host_hash_size'] < 1024 || !is_numericint($_POST['host_hash_size'])) {
$input_errors[] = gettext("The value for 'Host Hash Size' must be a numeric integer greater than 1024!");
}
if ($_POST['host_prealloc'] < 10 || !is_numericint($_POST['host_prealloc'])) {
$input_errors[] = gettext("The value for 'Host Preallocations' must be a numeric integer greater than 10!");
