diff --git a/src/www/firewall_rules.php b/src/www/firewall_rules.php index 5acd4898a..50062a1c0 100644 --- a/src/www/firewall_rules.php +++ b/src/www/firewall_rules.php @@ -32,6 +32,117 @@ require_once("guiconfig.inc"); require_once("filter.inc"); require_once("system.inc"); +/*********************************************************************************************************** + * format functions for this page + ***********************************************************************************************************/ +function firewall_rule_item_proto($filterent) +{ + // construct line ipprotocol + if (isset($filterent['ipprotocol'])) { + switch($filterent['ipprotocol']) { + case "inet": + $record_ipprotocol = "IPv4 "; + break; + case "inet6": + $record_ipprotocol = "IPv6 "; + break; + case "inet46": + $record_ipprotocol = "IPv4+6 "; + break; + } + } else { + $record_ipprotocol = "IPv4 "; + } + $icmptypes = array( + "" => gettext("any"), + "echoreq" => gettext("Echo Request"), + "echorep" => gettext("Echo Reply"), + "unreach" => gettext("Destination Unreachable"), + "squench" => gettext("Source Quench (Deprecated)"), + "redir" => gettext("Redirect"), + "althost" => gettext("Alternate Host Address (Deprecated)"), + "routeradv" => gettext("Router Advertisement"), + "routersol" => gettext("Router Solicitation"), + "timex" => gettext("Time Exceeded"), + "paramprob" => gettext("Parameter Problem"), + "timereq" => gettext("Timestamp"), + "timerep" => gettext("Timestamp Reply"), + "inforeq" => gettext("Information Request (Deprecated)"), + "inforep" => gettext("Information Reply (Deprecated)"), + "maskreq" => gettext("Address Mask Request (Deprecated)"), + "maskrep" => gettext("Address Mask Reply (Deprecated)") + ); + if (isset($filterent['protocol']) && $filterent['protocol'] == "icmp" && !empty($filterent['icmptype'])) { + $result = $record_ipprotocol; + $result .= sprintf( + " %s ", + html_safe($icmptypes[$filterent['icmptype']]), + isset($filterent['protocol']) ? strtoupper($filterent['protocol']) : "*" + ); + return $result; + } else { + return $record_ipprotocol . (isset($filterent['protocol']) ? strtoupper($filterent['protocol']) : "*"); + } +} + + +function firewall_rule_item_icons($filterent) +{ + $result = ""; + if (!empty($filterent['direction']) && $filterent['direction'] == "in") { + $result .= sprintf( + "", + gettext("in") + ); + } elseif (!empty($filterent['direction']) && $filterent['direction'] == "out") { + $result .= sprintf( + "", + gettext("out") + ); + } + if (!empty($filterent['floating'])) { + if (isset($filterent['quick']) && $filterent['quick'] === 'yes') { + $result .= sprintf( + "", + gettext('first match') + ); + } else { + $result .= sprintf( + "", + gettext('last match') + ); + } + } + if (isset($filterent['log'])) { + $result .= sprintf( + "", + !empty($filterent['disabled']) ? 'text-muted' : 'text-info' + ); + } + + return $result; +} + +function firewall_rule_item_action($filterent) +{ + if ($filterent['type'] == "block" && empty($filterent['disabled'])) { + return "fa fa-times text-danger"; + } elseif ($filterent['type'] == "block" && !empty($filterent['disabled'])) { + return "fa fa-times text-muted"; + } elseif ($filterent['type'] == "reject" && empty($filterent['disabled'])) { + return "fa fa-times-circle text-danger"; + } elseif ($filterent['type'] == "reject" && !empty($filterent['disabled'])) { + return "fa fa-times-circle text-muted"; + } elseif (empty($filterent['disabled'])) { + return "fa fa-play text-success"; + } else { + return "fa fa-play text-muted"; + } +} +/*********************************************************************************************************** + * + ***********************************************************************************************************/ + $a_filter = &config_read_array('filter', 'rule'); if ($_SERVER['REQUEST_METHOD'] === 'POST') { @@ -530,100 +641,20 @@ $( document ).ready(function() { // automatically provide us with a uuid, this is a workaround to provide some help with tracking issues. $rule_hash = OPNsense\Firewall\Util::calcRuleHash($filterent); $interface_has_rules = true; - - // select icon - if ($filterent['type'] == "block" && empty($filterent['disabled'])) { - $iconfn = "fa fa-times text-danger"; - } elseif ($filterent['type'] == "block" && !empty($filterent['disabled'])) { - $iconfn = "fa fa-times text-muted"; - } elseif ($filterent['type'] == "reject" && empty($filterent['disabled'])) { - $iconfn = "fa fa-times-circle text-danger"; - } elseif ($filterent['type'] == "reject" && !empty($filterent['disabled'])) { - $iconfn = "fa fa-times-circle text-muted"; - } elseif (empty($filterent['disabled'])) { - $iconfn = "fa fa-play text-success"; - } else { - $iconfn = "fa fa-play text-muted"; - } - - // construct line ipprotocol - if (isset($filterent['ipprotocol'])) { - switch($filterent['ipprotocol']) { - case "inet": - $record_ipprotocol = "IPv4 "; - break; - case "inet6": - $record_ipprotocol = "IPv6 "; - break; - case "inet46": - $record_ipprotocol = "IPv4+6 "; - break; - } - } else { - $record_ipprotocol = "IPv4 "; - } - - ?> " data-category=""> - "> - - "> - - "> - - - - - - - - - + "> + + + - - - gettext("any"), - "echoreq" => gettext("Echo Request"), - "echorep" => gettext("Echo Reply"), - "unreach" => gettext("Destination Unreachable"), - "squench" => gettext("Source Quench (Deprecated)"), - "redir" => gettext("Redirect"), - "althost" => gettext("Alternate Host Address (Deprecated)"), - "routeradv" => gettext("Router Advertisement"), - "routersol" => gettext("Router Solicitation"), - "timex" => gettext("Time Exceeded"), - "paramprob" => gettext("Parameter Problem"), - "timereq" => gettext("Timestamp"), - "timerep" => gettext("Timestamp Reply"), - "inforeq" => gettext("Information Request (Deprecated)"), - "inforep" => gettext("Information Reply (Deprecated)"), - "maskreq" => gettext("Address Mask Request (Deprecated)"), - "maskrep" => gettext("Address Mask Reply (Deprecated)") - ); - if (isset($filterent['protocol']) && $filterent['protocol'] == "icmp" && !empty($filterent['icmptype'])): -?> - - - - - - + -