diff --git a/src/www/firewall_nat_edit.php b/src/www/firewall_nat_edit.php index f314ec1d0..ace10e12c 100644 --- a/src/www/firewall_nat_edit.php +++ b/src/www/firewall_nat_edit.php @@ -1,31 +1,31 @@ - Copyright (C) 2003-2004 Manuel Kasper - All rights reserved. + Copyright (C) 2014 Deciso B.V. + Copyright (C) 2009 Janne Enberg + Copyright (C) 2003-2004 Manuel Kasper + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); @@ -35,29 +35,29 @@ require_once("pfsense-utils.inc"); * build array with interface options for this form */ function formInterfaces() { - global $config; - $interfaces = array(); - foreach ( get_configured_interface_with_descr(false, true) as $if => $ifdesc) - $interfaces[$if] = $ifdesc; + global $config; + $interfaces = array(); + foreach ( get_configured_interface_with_descr(false, true) as $if => $ifdesc) + $interfaces[$if] = $ifdesc; - if (isset($config['l2tp']['mode']) && $config['l2tp']['mode'] == "server") - $interfaces['l2tp'] = "L2TP VPN"; + if (isset($config['l2tp']['mode']) && $config['l2tp']['mode'] == "server") + $interfaces['l2tp'] = "L2TP VPN"; - if (isset($config['pptpd']['mode']) && $config['pptpd']['mode'] == "server") - $interfaces['pptp'] = "PPTP VPN"; + if (isset($config['pptpd']['mode']) && $config['pptpd']['mode'] == "server") + $interfaces['pptp'] = "PPTP VPN"; - if (is_pppoe_server_enabled()) - $interfaces['pppoe'] = "PPPoE VPN"; + if (is_pppoe_server_enabled()) + $interfaces['pppoe'] = "PPPoE VPN"; - /* add ipsec interfaces */ - if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) - $interfaces["enc0"] = "IPsec"; + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) + $interfaces["enc0"] = "IPsec"; - /* add openvpn/tun interfaces */ - if (isset($config['openvpn']['openvpn-server']) || isset($config['openvpn']['openvpn-client'])) { - $interfaces['openvpn'] = 'OpenVPN'; - } - return $interfaces; + /* add openvpn/tun interfaces */ + if (isset($config['openvpn']['openvpn-server']) || isset($config['openvpn']['openvpn-client'])) { + $interfaces['openvpn'] = 'OpenVPN'; + } + return $interfaces; } /** @@ -65,16 +65,16 @@ function formInterfaces() { */ function formNetworks() { - $networks = array(); - $networks["any"] = gettext("any"); - $networks["pptp"] = gettext("PPTP clients"); - $networks["pppoe"] = gettext("PPPoE clients"); - $networks["l2tp"] = gettext("L2TP clients"); - foreach (get_configured_interface_with_descr() as $ifent => $ifdesc) { - $networks[$ifent] = htmlspecialchars($ifdesc) . " " . gettext("net"); - $networks[$ifent."ip"] = htmlspecialchars($ifdesc). " ". gettext("address"); - } - return $networks; + $networks = array(); + $networks["any"] = gettext("any"); + $networks["pptp"] = gettext("PPTP clients"); + $networks["pppoe"] = gettext("PPPoE clients"); + $networks["l2tp"] = gettext("L2TP clients"); + foreach (get_configured_interface_with_descr() as $ifent => $ifdesc) { + $networks[$ifent] = htmlspecialchars($ifdesc) . " " . gettext("net"); + $networks[$ifent."ip"] = htmlspecialchars($ifdesc). " ". gettext("address"); + } + return $networks; } /** @@ -84,311 +84,311 @@ function formNetworks() { $specialsrcdst = explode(" ", "any (self) pptp pppoe l2tp openvpn"); $ifdisp = get_configured_interface_with_descr(); foreach ($ifdisp as $kif => $kdescr) { - $specialsrcdst[] = "{$kif}"; - $specialsrcdst[] = "{$kif}ip"; + $specialsrcdst[] = "{$kif}"; + $specialsrcdst[] = "{$kif}ip"; } // init config and get reference if (!isset($config['nat']['rule']) || !is_array($config['nat']['rule'])) { - $config['nat']['rule'] = array(); + $config['nat']['rule'] = array(); } $a_nat = &$config['nat']['rule']; if ($_SERVER['REQUEST_METHOD'] === 'GET') { - // load form data from config - if (isset($_GET['id']) && is_numericint($_GET['id']) && isset($a_nat[$_GET['id']])) { - $id = $_GET['id']; - $configId = $id; // load form data from id - } else if (isset($_GET['dup']) && is_numericint($_GET['dup']) && isset($a_nat[$_GET['id']])){ - $after = $_GET['dup']; - $configId = $_GET['dup']; // load form data from id - } - if (isset($_GET['after']) && (is_numericint($_GET['after']) || $_GET['after'] == "-1")) { - $after = $_GET['after']; - } + // load form data from config + if (isset($_GET['id']) && is_numericint($_GET['id']) && isset($a_nat[$_GET['id']])) { + $id = $_GET['id']; + $configId = $id; // load form data from id + } else if (isset($_GET['dup']) && is_numericint($_GET['dup']) && isset($a_nat[$_GET['id']])){ + $after = $_GET['dup']; + $configId = $_GET['dup']; // load form data from id + } + if (isset($_GET['after']) && (is_numericint($_GET['after']) || $_GET['after'] == "-1")) { + $after = $_GET['after']; + } - // initialize form and set defaults - $pconfig = array(); - $pconfig['protocol'] = "tcp"; - $pconfig['srcbeginport'] = "any"; - $pconfig['srcendport'] = "any"; - $pconfig['interface'] = "wan"; - $pconfig['dstbeginport'] = 80 ; - $pconfig['dstendport'] = 80 ; - $pconfig['local-port'] = 80; - if (isset($configId)) { - // copy 1-on-1 - foreach (array('protocol','target','local-port','descr','interface','associated-rule-id','nosync' - ,'natreflection','created','updated') as $fieldname) { - if (isset($a_nat[$configId][$fieldname])) { - $pconfig[$fieldname] = $a_nat[$configId][$fieldname]; - } - } - // fields with some kind of logic. - $pconfig['disabled'] = isset($a_nat[$configId]['disabled']); - $pconfig['nordr'] = isset($a_nat[$configId]['nordr']); - address_to_pconfig($a_nat[$configId]['source'], $pconfig['src'], - $pconfig['srcmask'], $pconfig['srcnot'], - $pconfig['srcbeginport'], $pconfig['srcendport']); + // initialize form and set defaults + $pconfig = array(); + $pconfig['protocol'] = "tcp"; + $pconfig['srcbeginport'] = "any"; + $pconfig['srcendport'] = "any"; + $pconfig['interface'] = "wan"; + $pconfig['dstbeginport'] = 80 ; + $pconfig['dstendport'] = 80 ; + $pconfig['local-port'] = 80; + if (isset($configId)) { + // copy 1-on-1 + foreach (array('protocol','target','local-port','descr','interface','associated-rule-id','nosync' + ,'natreflection','created','updated') as $fieldname) { + if (isset($a_nat[$configId][$fieldname])) { + $pconfig[$fieldname] = $a_nat[$configId][$fieldname]; + } + } + // fields with some kind of logic. + $pconfig['disabled'] = isset($a_nat[$configId]['disabled']); + $pconfig['nordr'] = isset($a_nat[$configId]['nordr']); + address_to_pconfig($a_nat[$configId]['source'], $pconfig['src'], + $pconfig['srcmask'], $pconfig['srcnot'], + $pconfig['srcbeginport'], $pconfig['srcendport']); - address_to_pconfig($a_nat[$configId]['destination'], $pconfig['dst'], - $pconfig['dstmask'], $pconfig['dstnot'], - $pconfig['dstbeginport'], $pconfig['dstendport']); - } else if (isset($_GET['template']) && $_GET['template'] == 'transparant_proxy') { - // new rule for transparant proxy reflection, to use as sample - $pconfig['interface'] = "lan"; - $pconfig['src'] = "lan"; - $pconfig['dst'] = "any"; - $pconfig['dstbeginport'] = 80 ; - $pconfig['dstendport'] = 80 ; - $pconfig['target'] = '127.0.0.1'; - // try to read the proxy configuration to determine the current port - // this has some disadvantages in case of dependencies, but there isn't - // a much better solution available at the moment. - if (isset($config['OPNsense']['proxy']['forward']['port'])) { - $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port']; - } else { - $pconfig['local-port'] = 3128; - } - $pconfig['natreflection'] = 'enable'; - $pconfig['descr'] = "redirect traffic to proxy"; - } else { - $pconfig['src'] = "any"; - } - // init empty fields - foreach (array("dst","dstmask","srcmask","dstbeginport","dstendport","target","local-port","natreflection","descr","disabled","nosync") as $fieldname) { - if (!isset($pconfig[$fieldname])) { - $pconfig[$fieldname] = null; - } - } + address_to_pconfig($a_nat[$configId]['destination'], $pconfig['dst'], + $pconfig['dstmask'], $pconfig['dstnot'], + $pconfig['dstbeginport'], $pconfig['dstendport']); + } else if (isset($_GET['template']) && $_GET['template'] == 'transparant_proxy') { + // new rule for transparant proxy reflection, to use as sample + $pconfig['interface'] = "lan"; + $pconfig['src'] = "lan"; + $pconfig['dst'] = "any"; + $pconfig['dstbeginport'] = 80 ; + $pconfig['dstendport'] = 80 ; + $pconfig['target'] = '127.0.0.1'; + // try to read the proxy configuration to determine the current port + // this has some disadvantages in case of dependencies, but there isn't + // a much better solution available at the moment. + if (isset($config['OPNsense']['proxy']['forward']['port'])) { + $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port']; + } else { + $pconfig['local-port'] = 3128; + } + $pconfig['natreflection'] = 'enable'; + $pconfig['descr'] = "redirect traffic to proxy"; + } else { + $pconfig['src'] = "any"; + } + // init empty fields + foreach (array("dst","dstmask","srcmask","dstbeginport","dstendport","target","local-port","natreflection","descr","disabled","nosync") as $fieldname) { + if (!isset($pconfig[$fieldname])) { + $pconfig[$fieldname] = null; + } + } } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { - $pconfig = $_POST; - $input_errors = array(); - // validate id and store if usable - if (isset($_POST['id']) && is_numericint($_POST['id']) && isset($a_nat[$_POST['id']])) { - $id = $_POST['id']; - } - if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { - $after = $_POST['after']; - } + $pconfig = $_POST; + $input_errors = array(); + // validate id and store if usable + if (isset($_POST['id']) && is_numericint($_POST['id']) && isset($a_nat[$_POST['id']])) { + $id = $_POST['id']; + } + if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1")) { + $after = $_POST['after']; + } - /* Validate input data */ - foreach ($pconfig as $key => $value) { - if(htmlentities($value) <> $value) { - $input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $value); - } - } + /* Validate input data */ + foreach ($pconfig as $key => $value) { + if(htmlentities($value) <> $value) { + $input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), $value); + } + } - if( $pconfig['protocol'] == "tcp" || $pconfig['protocol'] == "udp" || $pconfig['protocol'] == "tcp/udp") { - $reqdfields = explode(" ", "interface protocol dstbeginport dstendport"); - $reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to")); - } else { - $reqdfields = explode(" ", "interface protocol"); - $reqdfieldsn = array(gettext("Interface"),gettext("Protocol")); - } + if( $pconfig['protocol'] == "tcp" || $pconfig['protocol'] == "udp" || $pconfig['protocol'] == "tcp/udp") { + $reqdfields = explode(" ", "interface protocol dstbeginport dstendport"); + $reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to")); + } else { + $reqdfields = explode(" ", "interface protocol"); + $reqdfieldsn = array(gettext("Interface"),gettext("Protocol")); + } - $reqdfields[] = "src"; - $reqdfieldsn[] = gettext("Source address"); - $reqdfields[] = "dst"; - $reqdfieldsn[] = gettext("Destination address"); + $reqdfields[] = "src"; + $reqdfieldsn[] = gettext("Source address"); + $reqdfields[] = "dst"; + $reqdfieldsn[] = gettext("Destination address"); - if (!empty($pconfig['nordr'])) { - $reqdfields[] = "target"; - $reqdfieldsn[] = gettext("Redirect target IP"); - } + if (!empty($pconfig['nordr'])) { + $reqdfields[] = "target"; + $reqdfieldsn[] = gettext("Redirect target IP"); + } - do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); + do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); - if (!isset($pconfig['nordr']) && ($pconfig['target'] && !is_ipaddroralias($pconfig['target']))) { - $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $pconfig['target']); - } - if (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != 'any' && !is_portoralias($pconfig['srcbeginport'])) - $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcbeginport']); - if (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != 'any' && !is_portoralias($pconfig['srcendport'])) - $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcendport']); - if (!empty($pconfig['dstbeginport']) && $pconfig['dstbeginport'] != 'any' && !is_portoralias($pconfig['dstbeginport'])) - $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstbeginport']); - if (!empty($pconfig['dstendport']) && $pconfig['dstendport'] != 'any' && !is_portoralias($pconfig['dstendport'])) - $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstendport']); + if (!isset($pconfig['nordr']) && ($pconfig['target'] && !is_ipaddroralias($pconfig['target']))) { + $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $pconfig['target']); + } + if (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != 'any' && !is_portoralias($pconfig['srcbeginport'])) + $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcbeginport']); + if (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != 'any' && !is_portoralias($pconfig['srcendport'])) + $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcendport']); + if (!empty($pconfig['dstbeginport']) && $pconfig['dstbeginport'] != 'any' && !is_portoralias($pconfig['dstbeginport'])) + $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstbeginport']); + if (!empty($pconfig['dstendport']) && $pconfig['dstendport'] != 'any' && !is_portoralias($pconfig['dstendport'])) + $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstendport']); - if (($pconfig['protocol'] == "tcp" || $pconfig['protocol'] == "udp" || $_POST['protocol'] == "tcp/udp") && (!isset($pconfig['nordr']) && !is_portoralias($pconfig['local-port']))) { - $input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $pconfig['local-port']); - } + if (($pconfig['protocol'] == "tcp" || $pconfig['protocol'] == "udp" || $_POST['protocol'] == "tcp/udp") && (!isset($pconfig['nordr']) && !is_portoralias($pconfig['local-port']))) { + $input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $pconfig['local-port']); + } - if (!is_specialnet($pconfig['src']) && !is_ipaddroralias($pconfig['src'])) { - $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']); - } - if (!empty($pconfig['srcmask']) && !is_numericint($pconfig['srcmask'])) { - $input_errors[] = gettext("A valid source bit count must be specified."); - } + if (!is_specialnet($pconfig['src']) && !is_ipaddroralias($pconfig['src'])) { + $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']); + } + if (!empty($pconfig['srcmask']) && !is_numericint($pconfig['srcmask'])) { + $input_errors[] = gettext("A valid source bit count must be specified."); + } - if (!is_specialnet($pconfig['dst']) && !is_ipaddroralias($pconfig['dst'])) { - $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']); - } + if (!is_specialnet($pconfig['dst']) && !is_ipaddroralias($pconfig['dst'])) { + $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']); + } - if (!empty($pconfig['dstmask']) && !is_numericint($pconfig['dstmask'])) { - $input_errors[] = gettext("A valid destination bit count must be specified."); - } - if (!isset($_POST['nordr']) - && is_numericint($pconfig['dstbeginport']) && is_numericint($pconfig['dstendport']) && is_numericint($pconfig['local-port']) - && - (max($pconfig['dstendport'],$pconfig['dstbeginport']) - min($pconfig['dstendport'],$pconfig['dstbeginport']) + $pconfig['local-port']) > 65535) { - $input_errors[] = gettext("The target port range must be an integer between 1 and 65535."); - } + if (!empty($pconfig['dstmask']) && !is_numericint($pconfig['dstmask'])) { + $input_errors[] = gettext("A valid destination bit count must be specified."); + } + if (!isset($_POST['nordr']) + && is_numericint($pconfig['dstbeginport']) && is_numericint($pconfig['dstendport']) && is_numericint($pconfig['local-port']) + && + (max($pconfig['dstendport'],$pconfig['dstbeginport']) - min($pconfig['dstendport'],$pconfig['dstbeginport']) + $pconfig['local-port']) > 65535) { + $input_errors[] = gettext("The target port range must be an integer between 1 and 65535."); + } - // save data if valid - if (count($input_errors) == 0) { - $natent = array(); + // save data if valid + if (count($input_errors) == 0) { + $natent = array(); - // 1-on-1 copy - $natent['protocol'] = $pconfig['protocol']; - $natent['interface'] = $pconfig['interface']; - $natent['descr'] = $pconfig['descr']; - if (!empty($pconfig['associated-rule-id'])) { - $natent['associated-rule-id'] = $pconfig['associated-rule-id']; - } else { - $natent['associated-rule-id'] = null; - } + // 1-on-1 copy + $natent['protocol'] = $pconfig['protocol']; + $natent['interface'] = $pconfig['interface']; + $natent['descr'] = $pconfig['descr']; + if (!empty($pconfig['associated-rule-id'])) { + $natent['associated-rule-id'] = $pconfig['associated-rule-id']; + } else { + $natent['associated-rule-id'] = null; + } - // form processing logic - $natent['disabled'] = !empty($pconfig['disabled']) ? true:false; - $natent['nordr'] = !empty($pconfig['nordr']) ? true:false; - $natent['nosync'] = !empty($pconfig['nosync']) ? true:false; + // form processing logic + $natent['disabled'] = !empty($pconfig['disabled']) ? true:false; + $natent['nordr'] = !empty($pconfig['nordr']) ? true:false; + $natent['nosync'] = !empty($pconfig['nosync']) ? true:false; - if ($natent['nordr']) { - $natent['associated-rule-id'] = ''; - } else { - $natent['target'] = $pconfig['target']; - $natent['local-port'] = $pconfig['local-port']; - } - pconfig_to_address($natent['source'], $pconfig['src'], - $pconfig['srcmask'], !empty($pconfig['srcnot']), - $pconfig['srcbeginport'], $pconfig['srcendport']); + if ($natent['nordr']) { + $natent['associated-rule-id'] = ''; + } else { + $natent['target'] = $pconfig['target']; + $natent['local-port'] = $pconfig['local-port']; + } + pconfig_to_address($natent['source'], $pconfig['src'], + $pconfig['srcmask'], !empty($pconfig['srcnot']), + $pconfig['srcbeginport'], $pconfig['srcendport']); - pconfig_to_address($natent['destination'], $pconfig['dst'], - $pconfig['dstmask'], !empty($pconfig['dstnot']), - $pconfig['dstbeginport'], $pconfig['dstendport']); + pconfig_to_address($natent['destination'], $pconfig['dst'], + $pconfig['dstmask'], !empty($pconfig['dstnot']), + $pconfig['dstbeginport'], $pconfig['dstendport']); - if(!empty($pconfig['filter-rule-association']) && $pconfig['filter-rule-association'] == "pass") { - $natent['associated-rule-id'] = "pass"; - } + if(!empty($pconfig['filter-rule-association']) && $pconfig['filter-rule-association'] == "pass") { + $natent['associated-rule-id'] = "pass"; + } - if ($pconfig['natreflection'] == "enable" || $pconfig['natreflection'] == "purenat" || $pconfig['natreflection'] == "disable") { - $natent['natreflection'] = $pconfig['natreflection']; - } + if ($pconfig['natreflection'] == "enable" || $pconfig['natreflection'] == "purenat" || $pconfig['natreflection'] == "disable") { + $natent['natreflection'] = $pconfig['natreflection']; + } - // If we used to have an associated filter rule, but no-longer should have one - if (isset($id) && !empty($a_nat[$id]['associated-rule-id']) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { - // Delete the previous rule - foreach ($config['filter']['rule'] as $key => $item){ - if(isset($item['associated-rule-id']) && $item['associated-rule-id']==$a_nat[$id]['associated-rule-id'] ){ - unset($config['filter']['rule'][$key]); - break; - } - } - mark_subsystem_dirty('filter'); - } + // If we used to have an associated filter rule, but no-longer should have one + if (isset($id) && !empty($a_nat[$id]['associated-rule-id']) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { + // Delete the previous rule + foreach ($config['filter']['rule'] as $key => $item){ + if(isset($item['associated-rule-id']) && $item['associated-rule-id']==$a_nat[$id]['associated-rule-id'] ){ + unset($config['filter']['rule'][$key]); + break; + } + } + mark_subsystem_dirty('filter'); + } - $need_filter_rule = false; - // Updating a rule with a filter rule associated - if (!empty($natent['associated-rule-id'])) - $need_filter_rule = true; - // Create a rule or if we want to create a new one - if( $natent['associated-rule-id']=='new' ) { - $need_filter_rule = true; - unset( $natent['associated-rule-id'] ); - $pconfig['filter-rule-association']='add-associated'; - } - // If creating a new rule, where we want to add the filter rule, associated or not - else if( isset($pconfig['filter-rule-association']) && - ($pconfig['filter-rule-association']=='add-associated' || - $pconfig['filter-rule-association']=='add-unassociated') ) - $need_filter_rule = true; + $need_filter_rule = false; + // Updating a rule with a filter rule associated + if (!empty($natent['associated-rule-id'])) + $need_filter_rule = true; + // Create a rule or if we want to create a new one + if( $natent['associated-rule-id']=='new' ) { + $need_filter_rule = true; + unset( $natent['associated-rule-id'] ); + $pconfig['filter-rule-association']='add-associated'; + } + // If creating a new rule, where we want to add the filter rule, associated or not + else if( isset($pconfig['filter-rule-association']) && + ($pconfig['filter-rule-association']=='add-associated' || + $pconfig['filter-rule-association']=='add-unassociated') ) + $need_filter_rule = true; - if ($need_filter_rule) { - /* auto-generate a matching firewall rule */ - $filterent = array(); - // If a rule already exists, load it - if (!empty($natent['associated-rule-id'])) { - // search rule by associated-rule-id - $filterentid = false; - foreach ($config['filter']['rule'] as $key => $item){ - if (isset($item['associated-rule-id']) && $item['associated-rule-id']==$natent['associated-rule-id']) { - $filterentid = $key; - break; - } - } - if ($filterentid === false) { - $filterent['associated-rule-id'] = $natent['associated-rule-id']; - } else { - $filterent =& $config['filter']['rule'][$filterentid]; - } - } - pconfig_to_address($filterent['source'], $pconfig['src'], - $pconfig['srcmask'], !empty($pconfig['srcnot']), - $pconfig['srcbeginport'], $pconfig['srcendport']); + if ($need_filter_rule) { + /* auto-generate a matching firewall rule */ + $filterent = array(); + // If a rule already exists, load it + if (!empty($natent['associated-rule-id'])) { + // search rule by associated-rule-id + $filterentid = false; + foreach ($config['filter']['rule'] as $key => $item){ + if (isset($item['associated-rule-id']) && $item['associated-rule-id']==$natent['associated-rule-id']) { + $filterentid = $key; + break; + } + } + if ($filterentid === false) { + $filterent['associated-rule-id'] = $natent['associated-rule-id']; + } else { + $filterent =& $config['filter']['rule'][$filterentid]; + } + } + pconfig_to_address($filterent['source'], $pconfig['src'], + $pconfig['srcmask'], !empty($pconfig['srcnot']), + $pconfig['srcbeginport'], $pconfig['srcendport']); - // Update interface, protocol and destination - $filterent['interface'] = $pconfig['interface']; - $filterent['protocol'] = $pconfig['protocol']; - if (!isset($filterent['destination'])) { - $filterent['destination'] = array(); - } - $filterent['destination']['address'] = $pconfig['target']; + // Update interface, protocol and destination + $filterent['interface'] = $pconfig['interface']; + $filterent['protocol'] = $pconfig['protocol']; + if (!isset($filterent['destination'])) { + $filterent['destination'] = array(); + } + $filterent['destination']['address'] = $pconfig['target']; - if (is_numericint($pconfig['local-port']) && is_numericint($pconfig['dstendport']) && is_numericint($pconfig['dstbeginport'])) { - $dstpfrom = $pconfig['local-port']; - $dstpto = $dstpfrom + max($pconfig['dstendport'], $pconfig['dstbeginport']) - min($pconfig['dstbeginport'],$pconfig['dstendport']) ; - if ($dstpfrom == $dstpto) { - $filterent['destination']['port'] = $dstpfrom; - } else { - $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto; - } - } else { - // if any of the ports is an alias, copy contents of local-port - $filterent['destination']['port'] = $pconfig['local-port']; - } + if (is_numericint($pconfig['local-port']) && is_numericint($pconfig['dstendport']) && is_numericint($pconfig['dstbeginport'])) { + $dstpfrom = $pconfig['local-port']; + $dstpto = $dstpfrom + max($pconfig['dstendport'], $pconfig['dstbeginport']) - min($pconfig['dstbeginport'],$pconfig['dstendport']) ; + if ($dstpfrom == $dstpto) { + $filterent['destination']['port'] = $dstpfrom; + } else { + $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto; + } + } else { + // if any of the ports is an alias, copy contents of local-port + $filterent['destination']['port'] = $pconfig['local-port']; + } - /* - * Our firewall filter description may be no longer than - * 63 characters, so don't let it be. - */ - $filterent['descr'] = substr("NAT " . $pconfig['descr'], 0, 62); + /* + * Our firewall filter description may be no longer than + * 63 characters, so don't let it be. + */ + $filterent['descr'] = substr("NAT " . $pconfig['descr'], 0, 62); - // If this is a new rule, create an ID and add the rule - if( isset($pconfig['filter-rule-association']) && $pconfig['filter-rule-association']=='add-associated' ) { - $filterent['associated-rule-id'] = $natent['associated-rule-id'] = uniqid("nat_", true); - $filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward")); - $config['filter']['rule'][] = $filterent; - } - mark_subsystem_dirty('filter'); - } + // If this is a new rule, create an ID and add the rule + if( isset($pconfig['filter-rule-association']) && $pconfig['filter-rule-association']=='add-associated' ) { + $filterent['associated-rule-id'] = $natent['associated-rule-id'] = uniqid("nat_", true); + $filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward")); + $config['filter']['rule'][] = $filterent; + } + mark_subsystem_dirty('filter'); + } - // Update the NAT entry now - $natent['updated'] = make_config_revision_entry(); - if (isset($id)) { - if (isset($a_nat[$id]['created'])) { - $natent['created'] = $a_nat[$id]['created']; - } - $a_nat[$id] = $natent; - } else { - $natent['created'] = make_config_revision_entry(); - if (is_numeric($after)) { - array_splice($a_nat, $after+1, 0, array($natent)); - } else { - $a_nat[] = $natent; - } - } + // Update the NAT entry now + $natent['updated'] = make_config_revision_entry(); + if (isset($id)) { + if (isset($a_nat[$id]['created'])) { + $natent['created'] = $a_nat[$id]['created']; + } + $a_nat[$id] = $natent; + } else { + $natent['created'] = make_config_revision_entry(); + if (is_numeric($after)) { + array_splice($a_nat, $after+1, 0, array($natent)); + } else { + $a_nat[] = $natent; + } + } - if (write_config()) { - mark_subsystem_dirty('natconf'); - } + if (write_config()) { + mark_subsystem_dirty('natconf'); + } - header("Location: firewall_nat.php"); - exit; - } + header("Location: firewall_nat.php"); + exit; + } } legacy_html_escape_form_data($pconfig); @@ -402,583 +402,583 @@ include("head.inc"); -
-
-
+
+
+
0) print_input_errors($input_errors); ?> -
-
-
- - - - - - - - - - - - - - - - + + + + + + + +
- - -
- /> - -
- /> - -
-
- + + + + + + + + + + + + + + + - - - - + + + + - - - - - - - - - - - - + + + + + + + + + + + + + + + + - - +
+ + + + - - - - - + + + + - - - - - - - - - - - - + + + + + + + + + + + - - - - - + + + + - - - - - - - - -
+ + +
+ /> + +
+ /> + +
+
+ -
- -
-
- +
+ +
+
+ -
- -
- " id="showadvancedboxsrc" /> - -
+ + +
+ /> + +
+ +
+ -
- -
- - -
+ + +
 
- -
 
+ +
- -
+ +
  
  - " /> - " onclick="window.location.href=''" /> - - - - - - -
- -
- - - - +
  
  + " /> + " onclick="window.location.href=''" /> + + + + + + +
+ +
+
+
+
+