<?php
/**
* firewall zone fwzones-edit.php
* add, edit and delete firewall zones
******************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate $_POST['id'] values
if (!preg_match('/^[0-9]+$/i', $_POST['id'])) {
$Result->show("danger", _("Invalid ID. Do not manipulate the POST values!"), true);
}
# validate $_POST['action'] values
if ($_POST['action'] != 'add' && $_POST['action'] != 'edit' && $_POST['action'] != 'delete') {
$Result->show("danger", _("Invalid action. Do not manipulate the POST values!"), true);
}
# fetch module settings
$firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true);
# fetch old zone
if ($_POST['action'] != 'add') {
$firewallZone = $Zones->get_zone($_POST['id']);
}
/**
* Script to check edited / deleted / new IP addresses
* If all is ok write to database
*************************************************/
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
$Log = new Logging($Database, $User->settings);
$Zones = new FirewallZones($Database);
$Ping = new Scan($Database);
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$User->csrf_cookie("validate", "address", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# validate action
$Tools->validate_action($_POST['action']);
$action = $_POST['action'];
//reset delete action form visual visual
if (isset($_POST['action-visual'])) {
if (@$_POST['action-visual'] == "delete") {
$action = "delete";
}
}
# save $_POST to $address
<?php
/**
* firewall zone mapping-edit.php
* add, edit and delete firewall zones mappings
**************************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate $_POST['id'] values
if (!preg_match('/^[0-9]+$/i', $_POST['id'])) {
$Result->show("danger", _("Invalid ID. Do not manipulate the POST values!"), true);
}
# validate $_POST['action'] values
if ($_POST['action'] != 'add' && $_POST['action'] != 'edit' && $_POST['action'] != 'delete') {
$Result->show("danger", _("Invalid action. Do not manipulate the POST values!"), true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "disabled" : "";
# fetch all firewall zones
$firewallZones = $Zones->get_zones();
# fetch settings
$firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true);
# IP address - mandatory
print "<th class='s_ipaddr'><a href='' data-id='ip_addr|{$sort['directionNext']}' class='sort' data-subnetId='{$subnet['id']}' rel='tooltip' data-container='body' title='" . _('Sort by IP address') . "'>" . _('IP address') . " ";
if ($sort['field'] == "ip_addr") {
print $icon;
}
print "</a></th>";
# hostname - mandatory
print "<th><a href='' data-id='dns_name|{$sort['directionNext']}' class='sort' data-subnetId='{$subnet['id']}' rel='tooltip' data-container='body' title='" . _('Sort by hostname') . "'\t\t\t\t\t>" . _('Hostname') . " ";
if ($sort['field'] == "dns_name") {
print $icon;
}
print "</a></th>";
# firewall address object - mandatory if enabled
if (in_array('firewallAddressObject', $selected_ip_fields)) {
# class
$Zones = new FirewallZones($Database);
$zone = $Zones->get_zone_subnet_info($subnet['id']);
if ($zone) {
print "<th><a href='' data-id='description|{$sort['directionNext']}' class='sort' data-subnetId='{$subnet['id']}' rel='tooltip' data-container='body' title='" . _('Sort by firewall address object') . "'>" . _('FW object') . " ";
if ($sort['field'] == "firewallAddressObject") {
print $icon;
}
print "</a></th>";
}
}
# Description - mandatory
print "<th><a href='' data-id='description|{$sort['directionNext']}' class='sort' data-subnetId='{$subnet['id']}' rel='tooltip' data-container='body' title='" . _('Sort by description') . "'\t\t\t>" . _('Description') . " ";
if ($sort['field'] == "description") {
print $icon;
}
print "</a></th>";
}
print $Addresses->address_type_index_to_type($address['state']);
print $Addresses->address_type_format_tag($address['state']);
print "\t</td>";
print "</tr>";
# hostname
$resolve1['name'] = strlen($resolve['name']) == 0 ? "<span class='text-muted'>/</span>" : $resolve['name'];
print "<tr>";
print "\t<th>" . _('Hostname') . "</th>";
print "\t<td>{$resolve1['name']}</td>";
print "</tr>";
# firewall address object
if (in_array('firewallAddressObject', $selected_ip_fields)) {
if ($User->settings->enableFirewallZones == 1) {
# class
$Zones = new FirewallZones($Database);
$zone = $Zones->get_zone_subnet_info($address['subnetId']);
if ($zone) {
print "<tr>";
print "\t<th>" . _('Firewall address object') . "</th>";
print "\t<td>{$address['firewallAddressObject']}</td>";
print "</tr>";
}
}
}
# mac
if (in_array('owner', $selected_ip_fields)) {
print "<tr>";
print "\t<th>" . _('Owner') . "</th>";
print "\t<td>{$address['owner']}</td>";
print "</tr>";
<?php
/**
* firewall zone mapping-edit-result.php
* verify and update mapping informations
**********************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate the action type
if ($_POST['action'] != 'add' && $_POST['action'] != 'delete' && $_POST['action'] != 'edit') {
$Result->show("danger", _("Invalid action."), true);
}
# check the zone alias. valid values are alphanumeric characters and special characters like ".-_ "
if ($_POST['alias'] && !preg_match('/^[0-9a-zA-Z.\\/\\-_ ]+$/i', $_POST['alias'])) {
$Result->show("danger", _("Invalid zone alias value."), true);
}
# check the interface name. valid values are alphanumeric characters and special characters like ".-_/ "
if ($_POST['interface'] && !preg_match('/^[0-9a-zA-Z.\\/\\-_ ]+$/i', $_POST['interface'])) {
$Result->show("danger", _("Invalid interface."), true);
}
if ($_POST['action'] != 'delete') {
# check the zone ID. valid value: integer
if (!preg_match('/^[0-9]+$/i', $_POST['zoneId'])) {
$Result->show("danger", _("Invalid zone ID."), true);
<?php
/**
* firewall zone fwzones.php
* display firewall zones
*******************************/
# validate session parameters
$User->check_user_session();
# initialize classes
$Zones = new FirewallZones($Database);
$firewallZones = $Zones->get_zones();
# Add new firewall zone
print '<button class="btn btn-sm btn-default btn-success editFirewallZone" style="margin-bottom:10px;margin-top: 25px;" data-action="add" data-id="0"><i style="padding-right:5px;" class="fa fa-plus"></i>' . _('Create Firewall zone') . '</button>';
# display the zone table if there are any zones in the database
if ($firewallZones) {
# table
print '<table id="zonesPrint" class="table table-top table-td-top table-condensed">';
# table headers
print '<tr style="background:white">';
print '<th>' . _('Type') . '</th>';
print '<th>' . _('Zone') . '</th>';
print '<th>' . _('Description') . '</th>';
print '<th>' . _('Subnet') . '</th>';
print '<th>' . _('VLAN') . '</th>';
print '<th style="width:60px;"></th>';
print '</tr>';
# display all firewall zones and network information
foreach ($firewallZones as $zoneObject) {
# set rowspan in case if there are more than one networks bound to the zone
$counter = count($zoneObject->network);
if ($counter === 0) {
<?php
/**
* subnet-to-zone-save.php
* save subnet to zone binding
*********************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate $_POST['subnetId'] values
if (!preg_match('/^[0-9]+$/i', $_POST['subnetId'])) {
$Result->show("danger", _("Invalid subnet ID. Do not manipulate the POST values!"), true);
}
# validate $_POST['zoneId'] values
if (!preg_match('/^[0-9]+$/i', $_POST['zoneId']) || $_POST['zoneId'] == 0) {
$Result->show("danger", _("Invalid or no zone ID. "), true);
}
# validate $_POST['deviceId'] values
if ($_POST['deviceId'] && !preg_match('/^[0-9]+$/i', $_POST['deviceId'])) {
$Result->show("danger", _("Invalid device ID. Do not manipulate the POST values!"), true);
}
# check the zone alias. valid values are alphanumeric characters and special characters like ".-_ "
if ($_POST['alias'] && !preg_match('/^[0-9a-zA-Z.\\/\\-_ ]+$/i', $_POST['alias'])) {
$Result->show("danger", _("Invalid zone alias value."), true);
}
<?php
/**
* firewall zone mapping.php
* list all firewall zone mappings
***************************************/
# initialize classes
$Database = new Database_PDO();
$Subnets = new Subnets($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# fetch all zone mappings
$firewallZoneMapping = $Zones->get_zone_mappings();
# reorder by device
if ($firewallZoneMapping !== false) {
# devices
$devices = array();
# add
foreach ($firewallZoneMapping as $m) {
$devices[$m->deviceId][] = $m;
}
}
# display a link to the firewall zone management admin site
print "<h4>" . _(' Firewall Zones') . "</h4><hr>";
// manage link for admins
if ($User->is_admin(false)) {
print "<a href='" . create_link('administration', 'firewall-zones') . "' class='btn btn-sm btn-default'><i class='fa fa-pencil'></i> " . _('Manage zones') . "</a>";
}
print "<br><br>";
<?php
/**
* firewall zone zones-result.php
* verify and update zone informations
*****************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate the action type
if ($_POST['action'] != 'add' && $_POST['action'] != 'delete') {
$Result->show("danger", _("Invalid action."), true);
}
# check the mastersubnet ID. valid value: integer
if ($_POST['masterSubnetId'] && !preg_match('/^[0-9]+$/i', $_POST['masterSubnetId'])) {
$Result->show("danger", _("Invalid subnet ID."), true);
} elseif (!$_POST['masterSubnetId']) {
$Result->show("danger", _("Please choose a appropriate network to bind to the firewall zone."), true);
}
# validate network ID informations
if ($_POST['network']) {
foreach ($_POST['network'] as $network) {
if (!preg_match('/^[0-9]+$/i', $network)) {
$Result->show("danger", _("Invalid network ID."), true);
}
$vrfText = $vrf['name'];
if (!empty($vrf['description'])) {
$vrfText .= " [{$vrf['description']}]";
}
print "<tr>";
print "\t<th>" . _('VRF') . "</th>";
print "\t<td>{$vrfText}</td>";
print "</tr>";
}
# FW zone info
if ($User->settings->enableFirewallZones == 1) {
# search
$zone_check = $Tools->fetch_object("firewallZones", "subnetId", $subnet['id']);
if ($zone_check !== false) {
# class
$Zones = new FirewallZones($Database);
$zone = $Zones->get_zone_mapping($zone_check->id);
if ($zone !== false) {
// alias fix
$zone->alias = strlen($zone->alias) > 0 ? "(" . $zone->alias . ")" : "";
$zone->description = strlen($zone->description) > 0 ? " - " . $zone->description : "";
$zone->interface = strlen($zone->interface) > 0 ? "(" . $zone->interface . ")" : "";
# divider
print "<tr>";
print "\t<td colspan='2'><hr></td>";
print "</tr>";
# zone details
print "<tr>";
print "\t<th>" . _('Firewall Zone') . "</th>";
print "\t<td>";
print $zone->zone . " " . $zone->alias . " " . $zone->description . "<br>" . $zone->deviceName . " " . $zone->interface;
<?php
/**
* firewall zone ajax.php
* deliver content for ajax requests
**************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
$Tools = new Tools($Database);
# verify that user is logged in
$User->check_user_session();
# generate a dropdown list for all subnets within a section
if ($_POST['operation'] == 'fetchSectionSubnets') {
if ($_POST['sectionId']) {
if (preg_match('/^[0-9]+$/i', $_POST['sectionId'])) {
$sectionId = $_POST['sectionId'];
print $Subnets->print_mastersubnet_dropdown_menu($sectionId);
} else {
$Result->show('danger', _('Invalid ID.'), true);
}
}
}
# deliver zone details
if ($_POST['operation'] == 'deliverZoneDetail') {
<?php
// firewall zone ajax.php
// deliver content for ajax requests
// functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# verify that user is logged in
$User->check_user_session();
if ($_POST['sectionId']) {
if (preg_match('/^[0-9]+$/i', $_POST['sectionId'])) {
$sectionId = $_POST['sectionId'];
print $Subnets->print_mastersubnet_dropdown_menu($sectionId);
} else {
$Result->show('danger', _('Invalid ID.'), true);
}
}
if ($_POST['vlanDomain']) {
if (preg_match('/^[0-9]+$/i', $_POST['vlanDomain'])) {
$vlanDomain = $_POST['vlanDomain'];
$vlans = $Admin->fetch_multiple_objects("vlans", "domainId", $vlanDomain, "number");
print '<select name="vlanId" class="form-control input-sm input-w-auto input-max-200">';
if ($vlans == false) {
print '<option disabled selected>' . _('No VLAN available') . '</option>';
} else {
<?php
// firewall zone zones-result.php
// verify and update zone informations
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
// fetch module settings
$firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true);
// validations
// validate the action type
if ($_POST['action'] != 'add' && $_POST['action'] != 'delete' && $_POST['action'] != 'edit') {
$Result->show("danger", _("Invalid action."), true);
}
// check the zone name. valid values are alphanumeric characters and special characters like ".-_ "
if ($_POST['zone'] && !preg_match('/^[0-9a-zA-Z.\\-_ ]+$/i', $_POST['zone'])) {
$Result->show("danger", _("Invalid zone name value."), true);
}
if ($firewallZoneSettings['zoneGenerator'] == "2") {
if (strlen(@$_POST['zone']) < 3 || strlen(@$_POST['zone']) > $firewallZoneSettings['zoneLength']) {
$Result->show("danger", _("Invalid zone name length."), true);
}
}
// check the zone indicator ID. valid values are 0 or 1.
