From 4a12e38ce38a9be29dd4c6e1ecaec4dd7cc92dbd Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 20 Aug 2015 16:33:45 +0000 Subject: [PATCH] (legacy) refactor firewall_nat_out_edit.php --- src/www/firewall_nat_out_edit.php | 1544 +++++++++++++---------------- 1 file changed, 695 insertions(+), 849 deletions(-) diff --git a/src/www/firewall_nat_out_edit.php b/src/www/firewall_nat_out_edit.php index 317051adf..465a2f0eb 100644 --- a/src/www/firewall_nat_out_edit.php +++ b/src/www/firewall_nat_out_edit.php @@ -1,879 +1,725 @@ . - All rights reserved. + Copyright (C) 2014-2015 Deciso B.V. + Copyright (C) 2004 Scott Ullrich + Copyright (C) 2003-2004 Manuel Kasper . + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); -$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat_out.php'); -if (!is_array($config['nat']['outbound'])) - $config['nat']['outbound'] = array(); +/** + * build array with interface options for this form + */ +function formInterfaces() { + global $config; + $interfaces = array(); + foreach ( get_configured_interface_with_descr(false, true) as $if => $ifdesc) + $interfaces[$if] = $ifdesc; -if (!is_array($config['nat']['outbound']['rule'])) { - $config['nat']['outbound']['rule'] = array(); + if (isset($config['l2tp']['mode']) && $config['l2tp']['mode'] == "server") + $interfaces['l2tp'] = "L2TP VPN"; + + if (isset($config['pptpd']['mode']) && $config['pptpd']['mode'] == "server") + $interfaces['pptp'] = "PPTP VPN"; + + if (is_pppoe_server_enabled()) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if (isset($config['openvpn']['openvpn-server']) || isset($config['openvpn']['openvpn-client'])) { + $interfaces['openvpn'] = 'OpenVPN'; + } + return $interfaces; } +/** + * return option array for valid translation networks + */ +function formTranslateAddresses() { + global $config; + $retval = array(); + + // add this hosts ips + foreach ($config['interfaces'] as $intf => $intfdata) { + if (isset($intfdata['ipaddr']) && $intfdata['ipaddr'] != 'dhcp') { + $retval[$intfdata['ipaddr']] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf ) . " " . gettext("address"); + } + } + + // add VIPs's + if (isset($config['virtualip']['vip'])) { + foreach ($config['virtualip']['vip'] as $sn) { + if (!isset($sn['noexpand'])) { + if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") { + $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); + $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); + $len = $end - $start; + $retval[$sn['subnet'].'/'.$sn['subnet_bits']] = htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})"); + for ($i = 0; $i <= $len; $i++) { + $snip = long2ip32($start+$i); + $retval[$snip] = htmlspecialchars("{$snip} ({$sn['descr']})"); + } + } else { + $retval[$sn['subnet']] = htmlspecialchars("{$sn['subnet']} ({$sn['descr']})"); + } + } + } + } + + // add Aliases + foreach (legacy_list_aliasses("network") as $alias) { + if ($alias['type'] == "host") { + $retval[$alias['name']] = $alias['name'];; + } + } + + return $retval; +} + +if (!isset($config['nat']['outbound']['rule'])) { + if (!isset($config['nat']['outbound'])) { + $config['nat']['outbound'] = array(); + } + $config['nat']['outbound']['rule'] = array(); +} $a_out = &$config['nat']['outbound']['rule']; -if (!is_array($config['aliases'])) { - $config['aliases'] = array(); -} -if (!is_array($config['aliases']['alias'])) { - $config['aliases']['alias'] = array(); -} -$a_aliases = &$config['aliases']['alias']; +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + // input record id, if valid + if (isset($_GET['dup']) && isset($a_out[$_GET['dup']])) { + $configId = $_GET['dup']; + $after = $configId; + } elseif (isset($_GET['id']) && isset($a_out[$_GET['id']])) { + $id = $_GET['id']; + $configId = $id; + } -if (is_numericint($_GET['id'])) - $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) - $id = $_POST['id']; + // init form data + $pconfig = array(); + // set defaults + $pconfig['source'] = 'any'; + $pconfig['source_subnet'] = 24; + $pconfig['destination'] = "any"; + $pconfig['destination_subnet'] = 24; + $pconfig['interface'] = "wan"; -if (is_numericint($_GET['after']) || $_GET['after'] == "-1") - $after = $_GET['after']; -if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) - $after = $_POST['after']; + if (isset($configId)) { + // load data from config + foreach (array('protocol','sourceport','dstport','natport','target','targetip' + ,'targetip_subnet','poolopts','interface','descr','nonat' + ,'disabled','staticnatport','nosync') as $fieldname) { + if (isset($a_out[$configId][$fieldname])) { + $pconfig[$fieldname] = $a_out[$configId][$fieldname]; + } + } -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) { - $id = $_GET['dup']; - $after = $_GET['dup']; -} - -if (isset($id) && $a_out[$id]) { - if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) ) - $pconfig['created'] = $a_out[$id]['created']; - - if ( isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated']) ) - $pconfig['updated'] = $a_out[$id]['updated']; - - $pconfig['protocol'] = $a_out[$id]['protocol']; - list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']); - if (!is_numeric($pconfig['source_subnet'])) - $pconfig['source_subnet'] = 32; - $pconfig['sourceport'] = $a_out[$id]['sourceport']; - address_to_pconfig($a_out[$id]['destination'], $pconfig['destination'], - $pconfig['destination_subnet'], $pconfig['destination_not'], - $none, $none); - $pconfig['dstport'] = $a_out[$id]['dstport']; - $pconfig['natport'] = $a_out[$id]['natport']; - $pconfig['target'] = $a_out[$id]['target']; - $pconfig['targetip'] = $a_out[$id]['targetip']; - $pconfig['targetip_subnet'] = $a_out[$id]['targetip_subnet']; - $pconfig['poolopts'] = $a_out[$id]['poolopts']; - $pconfig['interface'] = $a_out[$id]['interface']; - if (!$pconfig['interface']) { - $pconfig['interface'] = "wan"; - } - $pconfig['descr'] = $a_out[$id]['descr']; - $pconfig['nonat'] = $a_out[$id]['nonat']; - $pconfig['disabled'] = isset($a_out[$id]['disabled']); - $pconfig['staticnatport'] = isset($a_out[$id]['staticnatport']); - $pconfig['nosync'] = isset($a_out[$id]['nosync']); -} else { - $pconfig['source_subnet'] = 24; - $pconfig['destination'] = "any"; - $pconfig['destination_subnet'] = 24; - $pconfig['interface'] = "wan"; -} - -if (isset($_GET['dup']) && is_numericint($_GET['dup'])) - unset($id); - -if ($_POST) { - if ($_POST['destination_type'] == "any") { - $_POST['destination'] = "any"; - $_POST['destination_subnet'] = 24; - } - if ($_POST['source_type'] == "any") { - $_POST['source'] = "any"; - $_POST['source_subnet'] = 24; - } elseif ($_POST['source_type'] == "(self)") { - $_POST['source'] = "(self)"; - $_POST['source_subnet'] = 24; - } - - unset($input_errors); - $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling - */ - foreach ($_POST as $key => $value) { - $temp = str_replace(">", "", $value); - $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); - } - - /* input validation */ - $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); - $reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Source"),gettext("Source bit count"),gettext("Destination"),gettext("Destination bit count")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - - $protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp")); - - if ($_POST['source']) - $_POST['source'] = trim($_POST['source']); - if ($_POST['destination']) - $_POST['destination'] = trim($_POST['destination']); - if ($_POST['targetip']) - $_POST['targetip'] = trim($_POST['targetip']); - if ($_POST['sourceport']) - $_POST['sourceport'] = trim($_POST['sourceport']); - if ($_POST['dstport']) - $_POST['dstport'] = trim($_POST['dstport']); - if ($_POST['natport']) - $_POST['natport'] = trim($_POST['natport']); - - if($protocol_uses_ports && $_POST['sourceport'] <> "" && !is_portoralias($_POST['sourceport'])) - $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); - - if($protocol_uses_ports && $_POST['dstport'] <> "" && !is_portoralias($_POST['dstport'])) - $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); - - if($protocol_uses_ports && $_POST['natport'] <> "" && !is_port($_POST['natport']) && !isset($_POST['nonat'])) - $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); - - if (($_POST['source_type'] != "any") && ($_POST['source_type'] != "(self)")) { - if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] <> "any") { - $input_errors[] = gettext("A valid source must be specified."); - } - } - if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) { - $input_errors[] = gettext("A valid source bit count must be specified."); - } - if ($_POST['destination_type'] != "any") { - if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) { - $input_errors[] = gettext("A valid destination must be specified."); - } - } - if ($_POST['destination_subnet'] && !is_numericint($_POST['destination_subnet'])) { - $input_errors[] = gettext("A valid destination bit count must be specified."); - } - if ($_POST['destination_type'] == "any") { - if ($_POST['destination_not']) { - $input_errors[] = gettext("Negating destination address of \"any\" is invalid."); - } - } - - if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) { - $input_errors[] = gettext("A valid target IP address must be specified."); - } - - if ($_POST['target'] == "other-subnet") { - if (!is_ipaddr($_POST['targetip'])) { - $input_errors[] = gettext("A valid target IP must be specified when using the 'Other Subnet' type."); - } - if (!is_numericint($_POST['targetip_subnet'])) { - $input_errors[] = gettext("A valid target bit count must be specified when using the 'Other Subnet' type."); - } - } - - /* Verify Pool Options */ - $poolopts = ""; - if ($_POST['poolopts']) { - if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet")) - $poolopts = $_POST['poolopts']; - elseif (is_alias($_POST['target'])) { - if (substr($_POST['poolopts'], 0, 11) == "round-robin") - $poolopts = $_POST['poolopts']; - else - $input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias."); - } - } - - /* if user has selected any as source, set it here */ - if($_POST['source_type'] == "any") { - $osn = "any"; - } else if($_POST['source_type'] == "(self)") { - $osn = "(self)"; - } else if(is_alias($_POST['source'])) { - $osn = $_POST['source']; - } else { - $osn = gen_subnet($_POST['source'], $_POST['source_subnet']) . "/" . $_POST['source_subnet']; - } - - /* check for existing entries */ - if ($_POST['destination_type'] == "any") { - $ext = "any"; - } else if(is_alias($_POST['destination'])) { - $ext = $_POST['destination']; - } else { - $ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet']; - } - - foreach ($a_out as $natent) { - if (isset($id) && ($a_out[$id]) && ($a_out[$id] === $natent)) { - continue; - } - - if (!$natent['interface']) { - $natent['interface'] == "wan"; - } - } - - if (!$input_errors) { - $natent = array(); - $natent['source']['network'] = $osn; - $natent['sourceport'] = ($protocol_uses_ports) ? $_POST['sourceport'] : ""; - $natent['descr'] = $_POST['descr']; - $natent['target'] = (!isset($_POST['nonat'])) ? $_POST['target'] : ""; - $natent['targetip'] = (!isset($_POST['nonat'])) ? $_POST['targetip'] : ""; - $natent['targetip_subnet'] = (!isset($_POST['nonat'])) ? $_POST['targetip_subnet'] : ""; - $natent['interface'] = $_POST['interface']; - $natent['poolopts'] = $poolopts; - - /* static-port */ - if(isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) { - $natent['staticnatport'] = true; - } else { - unset($natent['staticnatport']); - } - - if(isset($_POST['disabled'])) { - $natent['disabled'] = true; - } else { - unset($natent['disabled']); - } - - /* if user has selected not nat, set it here */ - if(isset($_POST['nonat'])) { - $natent['nonat'] = true; - } else { - unset($natent['nonat']); - } - - if ($_POST['protocol'] && $_POST['protocol'] != "any") - $natent['protocol'] = $_POST['protocol']; - else - unset($natent['protocol']); - - if ($ext == "any") { - $natent['destination']['any'] = true; - } else { - $natent['destination']['address'] = $ext; - } - if($_POST['natport'] != "" && $protocol_uses_ports && !isset($_POST['nonat'])) { - $natent['natport'] = $_POST['natport']; - } else { - unset($natent['natport']); - } - if($_POST['dstport'] != "" && $protocol_uses_ports) { - $natent['dstport'] = $_POST['dstport']; - } else { - unset($natent['dstport']); - } - - if($_POST['nosync'] == "yes") { - $natent['nosync'] = true; - } else { - unset($natent['nosync']); - } - - if (isset($_POST['destination_not']) && $ext != "any") { - $natent['destination']['not'] = true; - } - - if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) ) - $natent['created'] = $a_out[$id]['created']; - - $natent['updated'] = make_config_revision_entry(); - - if (isset($id) && $a_out[$id]) { - $a_out[$id] = $natent; - } else { - $natent['created'] = make_config_revision_entry(); - if (is_numeric($after)) { - array_splice($a_out, $after+1, 0, array($natent)); - } else { - $a_out[] = $natent; - } - } - - if (write_config()) - mark_subsystem_dirty('natconf'); - header("Location: firewall_nat_out.php"); - exit; - } + if (strpos($a_out[$configId]['source']['network'], "/") !== false) { + list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$configId]['source']['network']); + } else { + $pconfig['source_subnet'] = $a_out[$configId]['source']['network']; + } + + if (!is_numeric($pconfig['source_subnet'])) + $pconfig['source_subnet'] = 32; + address_to_pconfig($a_out[$configId]['destination'], $pconfig['destination'], + $pconfig['destination_subnet'], $pconfig['destination_not'], + $none, $none); + } + + // initialize unused elements + foreach (array('protocol','sourceport','dstport','natport','target','targetip' + ,'targetip_subnet','poolopts','interface','descr','nonat' + ,'disabled','staticnatport','nosync','source','source_subnet') as $fieldname) { + if (!isset($pconfig[$fieldname])) { + $pconfig[$fieldname] = null; + } + } + + +} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { + $input_errors = array(); + $pconfig = $_POST; + // input record id, if valid + if (isset($pconfig['id']) && isset($a_out[$pconfig['id']])) { + $id = $pconfig['id']; + } + if (isset($pconfig['after']) && isset($a_out[$pconfig['after']])) { + $after = $pconfig['after']; + } + + /* input validation */ + foreach ($pconfig as $key => $value) { + if(htmlentities($value) <> $value) { + $input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), htmlentities($value)); + } + } + $reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet"); + $reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Source"),gettext("Source bit count"),gettext("Destination"),gettext("Destination bit count")); + + do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); + + if (in_array($pconfig['protocol'], explode(" ", "any tcp udp tcp/udp"))) { + if(!empty($pconfig['sourceport']) && !is_portoralias($pconfig['sourceport'])) + $input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry."); + + if(!empty($pconfig['dstport']) && !is_portoralias($pconfig['dstport'])) + $input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry."); + + if(!empty($pconfig['natport']) && !is_port($pconfig['natport']) && empty($pconfig['nonat'])) + $input_errors[] = gettext("You must supply a valid port for the NAT port entry."); + } + + if (!(in_array($pconfig['source'], array("any","self")) || is_ipaddroralias($pconfig['source']))) { + $input_errors[] = gettext("A valid source must be specified."); + } + if (!empty($pconfig['source_subnet']) && !is_numericint($pconfig['source_subnet'])) { + $input_errors[] = gettext("A valid source bit count must be specified."); + } + if (!(in_array($pconfig['destination'], array("any","self")) || is_ipaddroralias($pconfig['destination']))) { + $input_errors[] = gettext("A valid destination must be specified."); + } + if (!empty($pconfig['destination_subnet']) && !is_numericint($pconfig['destination_subnet'])) { + $input_errors[] = gettext("A valid destination bit count must be specified."); + } + if ($pconfig['destination'] == "any" && !empty($pconfig['destination_not'])) { + $input_errors[] = gettext("Negating destination address of \"any\" is invalid."); + } + + if (!is_ipaddr($pconfig['targetip']) && !is_subnet($pconfig['targetip']) && !is_alias($pconfig['targetip']) && empty($pconfig['nonat'])) { + $input_errors[] = gettext("A valid target IP address must be specified."); + } + /* Verify Pool Options */ + if (!is_alias($pconfig['targetip']) && substr($pconfig['poolopts'], 0, 11) == "round-robin") { + $input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias."); + } + + if (count($input_errors) == 0) { + $natent = array(); + $natent['source'] = array(); + $natent['destination'] = array(); + $natent['descr'] = $pconfig['descr']; + $natent['interface'] = $pconfig['interface']; + $natent['poolopts'] = $pconfig['poolopts']; + + if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) ){ + $natent['created'] = $a_out[$id]['created']; + } + + // target ip/net + if (!array_key_exists($pconfig['targetip'], formTranslateAddresses())) { + // a bit vague behaviour in "target" and "targetip", if a custom net is given + // the backend code wants target to be filled with "other-subnet". + // if any other known net is given, target is used to provide the actual address.... + // -- can't remove this behaviour now without breaking old confid, so let's reimplement + $natent['target'] = 'other-subnet'; + $natent['targetip'] = trim($pconfig['targetip']) ; + $natent['targetip_subnet'] = $pconfig['targetip_subnet'] ; + } else { + $natent['target'] = $pconfig['targetip'] ; + } + + + // handle fields containing portnumbers + if (in_array($pconfig['protocol'], explode(" ", "any tcp udp tcp/udp"))) { + if (isset($pconfig['staticnatport']) && !empty($pconfig['nonat'])) { + $natent['staticnatport'] = true; + } + $natent['sourceport'] = trim($pconfig['sourceport']); + if (!empty($pconfig['natport']) && empty($pconfig['nonat'])) { + $natent['natport'] = trim($pconfig['natport']); + } + if (!empty($pconfig['dstport'])) { + $natent['dstport'] = trim($pconfig['dstport']); + } + } else { + $natent['sourceport'] = ""; + } + + if (!empty($pconfig['protocol']) && $pconfig['protocol'] != "any") { + $natent['protocol'] = $pconfig['protocol']; + } + + /* parse source entry */ + if($pconfig['source'] == "any") { + $natent['source']['network'] = "any"; + } else if($pconfig['source'] == "(self)") { + $natent['source']['network'] = "(self)"; + } else if(is_alias($pconfig['source'])) { + $natent['source']['network'] = trim($pconfig['source']); + } else { + $natent['source']['network'] = gen_subnet(trim($pconfig['source']), $pconfig['source_subnet']) . "/" . $pconfig['source_subnet']; + } + + // destination address + if ($pconfig['destination'] == "any") { + $natent['destination']['any'] = true; + } elseif (is_alias($pconfig['destination'])){ + $natent['destination']['address'] = trim($pconfig['destination']) ; + } else { + $natent['destination']['address'] = gen_subnet(trim($pconfig['destination']), $pconfig['destination_subnet']) . "/" . $pconfig['destination_subnet'];; + } + + // boolean fields + if(!empty($pconfig['disabled'])) { + $natent['disabled'] = true; + } + if(!empty($pconfig['nonat'])) { + $natent['nonat'] = true; + } + + if(isset($pconfig['nosync'] ) && $pconfig['nosync'] == "yes") { + $natent['nosync'] = true; + } + if (isset($pconfig['destination_not']) && $pconfig['destination'] != "any") { + $natent['destination']['not'] = true; + } + + $natent['updated'] = make_config_revision_entry(); + if (isset($id)) { + $a_out[$id] = $natent; + } else { + $natent['created'] = make_config_revision_entry(); + if (isset($after)) { + array_splice($a_out, $after+1, 0, array($natent)); + } else { + $a_out[] = $natent; + } + } + if (write_config()) { + mark_subsystem_dirty('natconf'); + } + header("Location: firewall_nat_out.php"); + exit; + } } +legacy_html_escape_form_data($pconfig); $pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Outbound"),gettext("Edit")); $closehead = false; include("head.inc"); - ?> - - - - - - + + - -
- -
- -
- 0) print_input_errors($input_errors); ?> - -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- /> -
- -
- /> - -
-
-
-
- - -
-
-
- "," "); - ?> - -
- - - - - - - - - - - - - - - - - -
   - -
   - - - - - -
- - - -
-
  - -
   - - -
-
- /> -
-
-
- - - - - - - - - - - - - - - - - -
   - -
   - - - - - -
- - - -
-
  - -
   - - -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   - -
   - / - -
  -
- - - -
-
Pool Options - -
- -
- *
- *
- *
- *
- *
-
-
   - -
  - -
   />
-
- />
- -
- -
- -
 
- -
- -
  - " /> - " onclick="window.location.href=''" /> - - - - -
-
-
-
-
-
-
- - - - +
+
+
+ 0) print_input_errors($input_errors); ?> +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+ + +
+
+ /> + +
+ /> + +
+
+ +
+ +
+
+ +
+ +
+ + + + + + + +
+ +
+
+ + "/> + +
+
+ +
+ + +
+ /> + +
+ + + + + + + +
+ +
+
+ + "/> + +
+
+ +
+ + +
+ + + + + + + +
+ +
+
+ + "/> + +
+
+ +
+ + +
+ + +
+ > +
+ /> + +
+ + +
 
+ +
+ +
  + " /> + " onclick="window.location.href=''" /> + + + + " /> +
+
+
+
+
+
+