From 619707a0c9af6252dd3059a2ddd00d224fb40dd4 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Fri, 24 Aug 2018 18:03:25 +0200 Subject: [PATCH] Firewall/alias, ditch legacy pages for https://github.com/opnsense/core/issues/1858 --- plist | 3 - src/www/firewall_aliases.php | 291 ------------ src/www/firewall_aliases_edit.php | 709 ---------------------------- src/www/firewall_aliases_import.php | 244 ---------- 4 files changed, 1247 deletions(-) delete mode 100644 src/www/firewall_aliases.php delete mode 100644 src/www/firewall_aliases_edit.php delete mode 100644 src/www/firewall_aliases_import.php diff --git a/plist b/plist index c1a7e1a4d..362c2469f 100644 --- a/plist +++ b/plist @@ -1583,9 +1583,6 @@ /usr/local/www/diag_testport.php /usr/local/www/diag_traceroute.php /usr/local/www/fbegin.inc -/usr/local/www/firewall_aliases.php -/usr/local/www/firewall_aliases_edit.php -/usr/local/www/firewall_aliases_import.php /usr/local/www/firewall_nat.php /usr/local/www/firewall_nat_1to1.php /usr/local/www/firewall_nat_1to1_edit.php diff --git a/src/www/firewall_aliases.php b/src/www/firewall_aliases.php deleted file mode 100644 index 3484df874..000000000 --- a/src/www/firewall_aliases.php +++ /dev/null @@ -1,291 +0,0 @@ - - Copyright (C) 2003-2004 Manuel Kasper . - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("filter.inc"); - -function find_alias_type($type) -{ - $types = array( - 'host' => gettext('Host(s)'), - 'network' => gettext('Network(s)'), - 'port' => gettext('Port(s)'), - 'url' => gettext('URL (IPs)'), - 'urltable' => gettext('URL Table (IPs)'), - ); - - if (isset($types[$type])) { - return $types[$type]; - } - - return $type; -} - -function find_alias_reference($section, $field, $origname, &$is_alias_referenced, &$referenced_by) -{ - global $config; - if (!$origname || $is_alias_referenced) { - return; - } - - $sectionref = &config_read_array(); - foreach($section as $sectionname) { - if (is_array($sectionref) && isset($sectionref[$sectionname])) { - $sectionref = &$sectionref[$sectionname]; - } else { - return; - } - } - - if (is_array($sectionref)) { - foreach($sectionref as $itemkey => $item) { - $fieldfound = true; - $fieldref = &$sectionref[$itemkey]; - foreach($field as $fieldname) { - if (is_array($fieldref) && isset($fieldref[$fieldname])) { - $fieldref = &$fieldref[$fieldname]; - } else { - $fieldfound = false; - break; - } - } - if ($fieldfound && $fieldref == $origname) { - $is_alias_referenced = true; - $referenced_by = ''; - if (is_array($item)) { - if (isset($item['descr'])) { - $referenced_by .= $item['descr']; - } else { - $referenced_by .= implode(',', $section) . ' / '. implode(',', $field); - } - } - break; - } - } - } -} - -function alias_used_recursive($origname) -{ - global $config; - if (!empty($config['aliases']['alias'])) { - foreach($config['aliases']['alias'] as $alias) { - // exclude geoips and urltypes, they don't support nesting. - if ($alias['type'] != 'geoip' && !preg_match("/urltable/i",$alias['type'])) { - if ($origname == $alias['address']) { - return empty($alias['description']) ? $alias['name'] : $alias['description']; - } - } - } - } - return null; -} - -$a_aliases = &config_read_array('aliases', 'alias'); - -if ($_SERVER['REQUEST_METHOD'] === 'POST') { - if (isset($_POST['apply'])) { - /* reload all components that use aliases */ - // strictly we should only reload if a port alias has changed - filter_configure(); - // flush alias contents to disk and update pf tables - configd_run('template reload OPNsense/Filter'); - configd_run('filter refresh_aliases', true); - $savemsg = get_std_save_message(); - clear_subsystem_dirty('aliases'); - } elseif (isset($_POST['act']) && $_POST['act'] == "del") { - if (isset($_POST['id']) && isset($a_aliases[$_POST['id']])) { - // perform validation - /* make sure rule is not being referenced by any nat or filter rules */ - $is_alias_referenced = false; - $referenced_by = false; - $alias_name = $a_aliases[$_POST['id']]['name']; - // Firewall rules - find_alias_reference(array('filter', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('filter', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('filter', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('filter', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by); - // NAT Rules - find_alias_reference(array('nat', 'rule'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'rule'), array('source', 'port'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'rule'), array('destination', 'port'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'rule'), array('local-port'), $alias_name, $is_alias_referenced, $referenced_by); - // NAT 1:1 Rules - //find_alias_reference(array('nat', 'onetoone'), array('external'), $alias_name, $is_alias_referenced, $referenced_by); - //find_alias_reference(array('nat', 'onetoone'), array('source', 'address'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'onetoone'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); - // NAT Outbound Rules - find_alias_reference(array('nat', 'outbound', 'rule'), array('source', 'network'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'outbound', 'rule'), array('sourceport'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'outbound', 'rule'), array('destination', 'address'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'outbound', 'rule'), array('dstport'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('nat', 'outbound', 'rule'), array('target'), $alias_name, $is_alias_referenced, $referenced_by); - - // Alias in an alias, only for selected types - $alias_recursive_used = alias_used_recursive($alias_name); - if ($alias_recursive_used != null) { - $is_alias_referenced = true; - $referenced_by = $alias_recursive_used; - } - // Load Balancer - find_alias_reference(array('load_balancer', 'lbpool'), array('port'), $alias_name, $is_alias_referenced, $referenced_by); - find_alias_reference(array('load_balancer', 'virtual_server'), array('port'), $alias_name, $is_alias_referenced, $referenced_by); - // Static routes - find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by); - if ($is_alias_referenced) { - $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by); - } else { - configd_run("filter kill table {$alias_name}"); - unset($a_aliases[$_POST['id']]); - write_config(); - mark_subsystem_dirty('aliases'); - header(url_safe('Location: /firewall_aliases.php')); - exit; - } - } - } -} - -legacy_html_escape_form_data($a_aliases); - -$main_buttons = array( - array('href' => 'firewall_aliases_edit.php', 'label' => gettext('Add')), -); - -include("head.inc"); - -?> - - - -
-
-
- - -" . gettext("You must apply the changes in order for them to take effect."));?> - -
-
-
- - - -
- - - - - - - - - $alias){ -?> - - - 5) { - $alias_values .= "..."; - } - } else { - $alias_values = implode(", ", array_slice(explode(" ", $alias['address']), 0, 5)); - if (count(explode(" ", $alias['address'])) > 5) { - $alias_values .= "..."; - } - } -?> - - - - - - - - - -
 
- - - - - - - - - - -
- -
- -
-
-
-
-
- diff --git a/src/www/firewall_aliases_edit.php b/src/www/firewall_aliases_edit.php deleted file mode 100644 index 3579b7ff9..000000000 --- a/src/www/firewall_aliases_edit.php +++ /dev/null @@ -1,709 +0,0 @@ - - Copyright (C) 2009 Ermal Luçi - Copyright (C) 2010 Jim Pingle - Copyright (C) 2003-2004 Manuel Kasper . - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); -require_once("filter.inc"); - -function update_alias_names_upon_change($section, $field, $new_alias_name, $origname, $field_separator=null) -{ - global $config; - if (!empty($origname) && !empty($new_alias_name)) { - // find section, return if not found - $sectionref = &config_read_array(); - foreach ($section as $sectionname) { - if (!empty($sectionref[$sectionname]) && is_array($sectionref[$sectionname])) { - $sectionref = &$sectionref[$sectionname]; - } else { - return; - } - } - // traverse all found sections - foreach($sectionref as $itemkey => $item) { - // locate field within structure - $fieldref = &$sectionref[$itemkey]; - foreach($field as $fieldname) { - if (!empty($fieldref[$fieldname])) { - $fieldref = &$fieldref[$fieldname]; - } else { - unset($fieldref); - break; - } - } - // if field is found, check and replace - if (isset($fieldref) && !is_array($fieldref)) { - if ($fieldref == $origname) { - $fieldref = $new_alias_name; - } elseif ($field_separator != null) { - // field contains more then one value - $parts = explode($field_separator, $fieldref); - foreach ($parts as &$part) { - if ($part == $origname) { - $part = $new_alias_name; - } - } - $new_field_value = implode($field_separator, $parts); - if ($new_field_value != $fieldref) { - $fieldref = $new_field_value; - } - } - } - } - } -} - -/** - * generate simple country selection list for geoip - */ -function geoip_countries() -{ - $result = array(); - foreach (explode("\n", file_get_contents('/usr/local/opnsense/contrib/tzdata/iso3166.tab')) as $line) { - $line = trim($line); - if (strlen($line) > 3 && substr($line, 0, 1) != '#') { - $code = substr($line, 0, 2); - $name = trim(substr($line, 2, 9999)); - $result[$code] = $name; - } - } - uasort($result, function($a, $b) {return strcasecmp($a, $b);}); - return $result; -} - -function geoip_regions() -{ - $result = array(); - foreach (explode("\n", file_get_contents('/usr/local/opnsense/contrib/tzdata/zone.tab')) as $line) { - if (strlen($line) > 0 && substr($line, 0, 1) == '#' ) { - continue; - } - $line = explode("\t", $line); - if (empty($line[0]) || strlen($line[0]) != 2) { - continue; - } - if (empty($line[2]) || strpos($line[2], '/') === false) { - continue; - } - if (empty($result[$line[0]])) { - $result[$line[0]] = explode('/', $line[2])[0]; - } - } - return $result; -} - -$a_aliases = &config_read_array('aliases', 'alias'); - -$pconfig = array(); -if ($_SERVER['REQUEST_METHOD'] === 'GET') { - if (isset($_GET['id']) && is_numericint($_GET['id']) && isset($a_aliases[$_GET['id']])) { - $id = $_GET['id']; - foreach (array("name", "address", "type", "descr", "updatefreq", "aliasurl", "url", "proto") as $fieldname) { - if (isset($a_aliases[$id][$fieldname])) { - $pconfig[$fieldname] = $a_aliases[$id][$fieldname]; - } else { - $pconfig[$fieldname] = null; - } - } - if (!empty($pconfig['updatefreq'])) { - // split update frequency (ttl) in days and hours - $pconfig['updatefreq_hours'] = round(((float)$pconfig['updatefreq'] - (int)$pconfig['updatefreq']) * 24, 2); - $pconfig['updatefreq'] = (int)$pconfig['updatefreq']; - } - } elseif (isset($_GET['name'])) { - // search alias by name - foreach ($a_aliases as $alias_id => $alias_data) { - if (strtolower($alias_data['name']) == strtolower(trim($_GET['name']))) { - $id = $alias_id; - break; - } - } - // initialize form fields, when not found present empty form - foreach (array("name", "address", "type", "descr", "updatefreq", "aliasurl", "url", "proto") as $fieldname) { - if (isset($id) && isset($a_aliases[$id][$fieldname])) { - $pconfig[$fieldname] = $a_aliases[$id][$fieldname]; - } else { - $pconfig[$fieldname] = null; - } - } - } else { - // init empty - $init_fields = array("name", "address", "type", "descr", "updatefreq", "url", "proto"); - foreach ($init_fields as $fieldname) { - $pconfig[$fieldname] = null; - } - } - // handle different detail input types - if (!empty($pconfig['aliasurl'])) { - $pconfig['host_url'] = is_array($pconfig['aliasurl']) ? $pconfig['aliasurl'] : array($pconfig['aliasurl']); - } elseif (!empty($pconfig['url'])) { - $pconfig['host_url'] = array($pconfig['url']); - } elseif (!empty($pconfig['address'])) { - $pconfig['host_url'] = explode(" ", $pconfig['address']); - } else { - $pconfig['host_url'] = array(); - } - $pconfig['proto'] = !empty($pconfig['proto']) ? explode(',', $pconfig['proto']) : array("IPv4"); -} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { - $pconfig = $_POST; - if (isset($_POST['id']) && is_numericint($_POST['id']) && isset($a_aliases[$_POST['id']])) { - $id = $_POST['id']; - } - - if (isset($pconfig['submit'])) { - $input_errors = array(); - // validate data - - if (empty($pconfig['host_url'])) { - $input_errors[] = gettext('At least one alias entry must be supplied.'); - } else { - $country_codes = array_keys(geoip_countries()); - foreach ($pconfig['host_url'] as &$detail_entry) { - $ipaddr_count = 0; - $domain_alias_count = 0; - foreach (explode('-', $detail_entry) as $tmpaddr) { - if (is_ipaddr($tmpaddr)) { - $ipaddr_count++; - } elseif (trim($tmpaddr) != "") { - $domain_alias_count++; - } - } - if ($pconfig['type'] == 'host') { - if ($ipaddr_count > 1) { - $input_errors[] = sprintf(gettext('Entry "%s" seems to contain a list of addresses, please use a network type alias to define ranges.'), $detail_entry); - } elseif (!is_domain($detail_entry) && !is_ipaddr($detail_entry) && !is_alias($detail_entry)) { - $input_errors[] = sprintf(gettext('Entry "%s" is not a valid hostname or IP address.'), $detail_entry); - } - } elseif ($pconfig['type'] == 'port') { - $detail_entry = str_replace("-", ":", $detail_entry); - if (!is_port($detail_entry) && !is_portrange($detail_entry) && !is_alias($detail_entry)) { - $input_errors[] = sprintf(gettext('Entry "%s" is not a valid port number.'), $detail_entry); - } - } elseif ($pconfig['type'] == 'geoip') { - if (!in_array($detail_entry, $country_codes)) { - $input_errors[] = sprintf(gettext('Entry "%s" is not a valid country code.'), $detail_entry); - } - } elseif ($pconfig['type'] == 'network') { - if (!is_alias($detail_entry) && !is_ipaddr($detail_entry) && !is_subnet($detail_entry) - && !($ipaddr_count == 2 && $domain_alias_count == 0)) { - $input_errors[] = sprintf(gettext('Entry "%s" is not a valid network or IP address.'), $detail_entry); - } - } - } - } - - /* Check for reserved keyword names */ - $reserved_keywords = array(); - - if (isset($config['load_balancer']['lbpool'])) { - foreach ($config['load_balancer']['lbpool'] as $lbpool) { - $reserved_keywords[] = $lbpool['name']; - } - } - - $reserved_ifs = get_configured_interface_list(false, true); - $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names); - - foreach ($reserved_keywords as $rk) { - if ($rk == $pconfig['name']) { - $input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk); - } - } - - /* check for name interface description conflicts */ - foreach ($config['interfaces'] as $interface) { - if ($interface['descr'] == $pconfig['name']) { - $input_errors[] = gettext("An interface description with this name already exists."); - break; - } - } - - $valid = is_validaliasname($pconfig['name']); - if ($valid === false) { - $input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _'); - } elseif ($valid === null) { - $input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']); - } - - foreach (array('updatefreq', 'updatefreq_hours') as $fieldname) { - if (!empty($pconfig[$fieldname]) && !is_numeric($pconfig[$fieldname])) { - $input_errors[] = gettext("Expiration should be a number"); - break; - } - } - - /* check for name conflicts */ - if (empty($a_aliases[$id])) { - foreach ($a_aliases as $alias) { - if ($alias['name'] == $_POST['name']) { - $input_errors[] = gettext("An alias with this name already exists."); - break; - } - } - } - - /* user may not change type */ - if (isset($id) && $pconfig['type'] != $a_aliases[$id]['type']) { - $input_errors[] = gettext("Alias type may not be changed for an existing alias."); - } - - if ($pconfig['type'] == 'urltable') { - if (empty($pconfig['host_url'][0]) || !is_URL($pconfig['host_url'][0])) { - $input_errors[] = gettext("You must provide a valid URL."); - } - } - - if (count($input_errors) == 0) { - // save to config - $confItem = array(); - foreach (array("name", "type", "descr", "updatefreq") as $fieldname) { - if (!empty($pconfig[$fieldname])) { - $confItem[$fieldname] = $pconfig[$fieldname]; - } - } - if (!empty($pconfig['updatefreq_hours'])) { - // append hours - $confItem['updatefreq'] = !empty($confItem['updatefreq']) ? $confItem['updatefreq'] : 0; - $confItem['updatefreq'] += ((float)$pconfig['updatefreq_hours']) / 24; - } - // fix form type conversions ( list to string, as saved in config ) - // -- fill in default row description and make sure separators are removed - if (strpos($pconfig['type'],'urltable') !== false) { - $confItem['url'] = $pconfig['host_url'][0]; - } elseif (strpos($pconfig['type'],'url') !== false) { - $confItem['aliasurl'] = $pconfig['host_url']; - } else { - $confItem['address'] = implode(' ', $pconfig['host_url']); - } - - // proto is only for geoip selection - if ($pconfig['type'] == 'geoip') { - $confItem['proto'] = !empty($pconfig['proto']) ? implode(',', $pconfig['proto']) : array("IPv4"); - } - - /* Check to see if alias name needs to be - * renamed on referenced rules and such - */ - if (isset($id) && $pconfig['name'] <> $pconfig['origname']) { - // Firewall rules - $origname = $pconfig['origname']; - update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('filter', 'rule'), array('source', 'port'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'port'), $pconfig['name'], $origname); - // NAT Rules - update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('source', 'port'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'port'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('target'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'rule'), array('local-port'), $pconfig['name'], $origname); - // NAT 1:1 Rules - update_alias_names_upon_change(array('nat', 'onetoone'), array('destination', 'address'), $pconfig['name'], $origname); - // NAT Outbound Rules - update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('source', 'network'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('sourceport'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('destination', 'address'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('dstport'), $pconfig['name'], $origname); - update_alias_names_upon_change(array('nat', 'advancedoutbound', 'rule'), array('target'), $pconfig['name'], $origname); - // Alias in an alias - update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $pconfig['name'], $origname, ' '); - } - - - // save to config - if (isset($id)) { - // temporary keep data in detail field, will be removed post 18.7 - $confItem['detail'] = !empty($a_aliases[$id]['detail']) ? $a_aliases[$id]['detail'] : null; - $a_aliases[$id] = $confItem; - } else { - $a_aliases[] = $confItem; - } - // Sort list - $a_aliases = msort($a_aliases, "name"); - - write_config(); - // post save actions - mark_subsystem_dirty('aliases'); - - header(url_safe('Location: /firewall_aliases.php')); - exit; - } - } -} - - -legacy_html_escape_form_data($pconfig); - -include("head.inc"); - -?> - - - - - - -
-
-
- 0) print_input_errors($input_errors); ?> -
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- - - - - - -
- - -
- - - -
- - - - - - - - - - $aliasurl):?> - - - - - - - - - - - - - -
-
- 		- - - - - - - - - -
-
-
- - - - - - - $name): - if ($region == $where[$code]): ?> - - - - - - - - -
- - () -
- /> - -
- -
-
- -
  - " /> - " onclick="window.location.href='/firewall_aliases.php'" /> -
-
-
-
-
-
-
- diff --git a/src/www/firewall_aliases_import.php b/src/www/firewall_aliases_import.php deleted file mode 100644 index e6dedaf28..000000000 --- a/src/www/firewall_aliases_import.php +++ /dev/null @@ -1,244 +0,0 @@ - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require_once("guiconfig.inc"); - -config_read_array('aliases', 'alias'); - -if ($_SERVER['REQUEST_METHOD'] === 'GET') { - // initialize form vars - $pconfig = array("name" => null, "descr" => null, "aliasimport" => null, "type" => "network"); -} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { - // save form data - $input_errors = array(); - $pconfig = $_POST; - // input validation - $reqdfields = explode(" ", "name aliasimport"); - $reqdfieldsn = array(gettext("Name"),gettext("Aliases")); - - do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); - - $valid = is_validaliasname($pconfig['name']); - if ($valid === false) { - $input_errors[] = sprintf(gettext('The name must be less than 32 characters long and may only consist of the following characters: %s'), 'a-z, A-Z, 0-9, _'); - } elseif ($valid === null) { - $input_errors[] = sprintf(gettext('The name cannot be the internally reserved keyword "%s".'), $pconfig['name']); - } - - /* check for name duplicates */ - if (is_alias($pconfig['name'])) { - $input_errors[] = gettext("An alias with this name already exists."); - } - - // Keywords not allowed in names - $reserved_keywords = array(); - - // Add all Load balance names to reserved_keywords - if (isset($config['load_balancer']['lbpool'])) { - foreach ($config['load_balancer']['lbpool'] as $lbpool) { - $reserved_keywords[] = $lbpool['name']; - } - } - - $reserved_ifs = get_configured_interface_list(false, true); - $reserved_keywords = array_merge($reserved_keywords, $reserved_ifs, $reserved_table_names); - - /* Check for reserved keyword names */ - foreach($reserved_keywords as $rk) { - if ($rk == $pconfig['name']) { - $input_errors[] = sprintf(gettext("Cannot use a reserved keyword as alias name %s"), $rk); - } - } - - /* check for name interface description conflicts */ - foreach($config['interfaces'] as $interface) { - if($interface['descr'] == $pconfig['name']) { - $input_errors[] = gettext("An interface description with this name already exists."); - break; - } - } - - $imported_ips = array(); - foreach (explode("\n", $pconfig['aliasimport']) as $impline) { - $implinea = explode(" ",trim($impline),2); - $impip = trim($implinea[0]); - if (empty($impip)) { - // skip empty lines - continue; - } elseif ($pconfig['type'] == "network") { - // import networks - if (strpos($impip,'-') !== false) { - // ip range provided - $ipaddr1 = explode('-', $impip)[0]; - $ipaddr2 = explode('-', $impip)[1]; - if (!is_ipaddr($ipaddr1)) { - $input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $ipaddr1); - } elseif (!is_ipaddr($ipaddr2)) { - $input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $ipaddr2); - } else { - foreach (ip_range_to_subnet_array($ipaddr1, $ipaddr2) as $network) { - $imported_ips[] = $network; - } - } - } else { - // single ip or network - if (!is_ipaddr($impip) && !is_subnet($impip)) { - $input_errors[] = sprintf(gettext("%s is not an IP address. Please correct the error to continue"), $impip); - } else { - $imported_ips[] = $impip; - } - } - } else { - // import hosts - if (!is_hostname($impip)) { - $input_errors[] = sprintf(gettext("%s is not an IP address or hostname. Please correct the error to continue"), $impip); - } else { - $imported_ips[] = $impip; - } - } - } - if (count($input_errors) == 0) { - // create output structure and serialize to config - $alias = array(); - $alias['address'] = implode(" ", $imported_ips); - $alias['name'] = $pconfig['name']; - $alias['type'] = $pconfig['type']; - $alias['descr'] = $pconfig['descr']; - $config['aliases']['alias'][] = $alias; - - // Sort list - $config['aliases']['alias'] = msort($config['aliases']['alias'], "name"); - - write_config(); - mark_subsystem_dirty('aliases'); - header(url_safe('Location: /firewall_aliases.php')); - exit; - } -} - -legacy_html_escape_form_data($pconfig); - -include("head.inc"); - -?> - - -
-
-
- 0) print_input_errors($input_errors); ?> -
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- - -
- - -
- - -
- - -
  - " /> - " - onclick="window.location.href=''" /> -
-
-
-
-
-
-
-