$ifdesc) { // $networks[$ifent] = htmlspecialchars($ifdesc) . " " . gettext("net"); // $networks[$ifent."ip"] = htmlspecialchars($ifdesc). " ". gettext("address"); // } return $networks; } $a_scrub = &config_read_array('filter', 'scrub', 'rule'); // define form fields $config_fields = array('interface', 'proto', 'srcnot', 'src', 'srcmask', 'dstnot', 'dst', 'dstmask', 'dstport', 'no-df', 'random-id', 'max-mss', 'min-ttl', 'set-tos', 'descr', 'disabled', 'direction', 'srcport', 'noscrub'); if ($_SERVER['REQUEST_METHOD'] === 'GET') { // input record id, if valid if (isset($_GET['dup']) && isset($a_scrub[$_GET['dup']])) { $configId = $_GET['dup']; $after = $configId; } elseif (isset($_GET['id']) && isset($a_scrub[$_GET['id']])) { $id = $_GET['id']; $configId = $id; } $pconfig = array(); if (isset($configId)) { // 1-on-1 copy of config data foreach ($config_fields as $fieldname) { if (isset($a_scrub[$configId][$fieldname])) { $pconfig[$fieldname] = $a_scrub[$configId][$fieldname]; } } } else { /* defaults */ $pconfig['src'] = 'any'; $pconfig['dst'] = 'any'; } // initialize empty fields foreach ($config_fields as $fieldname) { if (!isset($pconfig[$fieldname])) { $pconfig[$fieldname] = null; } } } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { $input_errors = array(); $pconfig = $_POST; // input record id, if valid if (isset($pconfig['id']) && isset($a_scrub[$pconfig['id']])) { $id = $pconfig['id']; } if (isset($pconfig['after']) && isset($a_scrub[$pconfig['after']])) { $after = $pconfig['after']; } // validate form input if (!empty($pconfig['dstport']) && $pconfig['dstport'] != 'any' && !is_portoralias($pconfig['dstport']) && !is_portrange($pconfig['dstport'])) { $input_errors[] = sprintf(gettext("%s doesn't appear to be a valid port number, alias or range"), $pconfig['dstport']) ; } if (!empty($pconfig['srcport']) && $pconfig['srcport'] != 'any' && !is_portoralias($pconfig['srcport']) && !is_portrange($pconfig['srcport'])) { $input_errors[] = sprintf(gettext("%s doesn't appear to be a valid port number, alias or range"), $pconfig['srcport']) ; } if (is_ipaddrv4($pconfig['src']) && is_ipaddrv6($pconfig['dst'])) { $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules."); } if (is_ipaddrv6($pconfig['src']) && is_ipaddrv4($pconfig['dst'])) { $input_errors[] = gettext("You can not use IPv4 addresses in IPv6 rules."); } if (is_ipaddrv4($pconfig['src']) && $pconfig['srcmask'] > 32) { $input_errors[] = gettext("Invalid subnet mask on IPv4 source"); } if (is_ipaddrv4($pconfig['dst']) && $pconfig['dstmask'] > 32) { $input_errors[] = gettext("Invalid subnet mask on IPv4 destination"); } if (empty($pconfig['interface'])) { $input_errors[] = gettext("No interface(s) selected."); } if (!empty($pconfig['max-mss']) && filter_var($pconfig['max-mss'], FILTER_SANITIZE_NUMBER_INT) != $pconfig['max-mss']) { $input_errors[] = gettext("Please specify a valid number for max mss."); } if (!empty($pconfig['min-ttl']) && (filter_var($pconfig['min-ttl'], FILTER_SANITIZE_NUMBER_INT) != $pconfig['min-ttl'] || $pconfig['min-ttl'] < 0 || $pconfig['min-ttl'] > 255 )) { $input_errors[] = gettext("Please specify a valid number for min ttl (0-255)."); } if (count($input_errors) == 0) { $scrubent = array(); foreach ($config_fields as $fieldname) { if (!empty($pconfig[$fieldname])) { if (is_array($pconfig[$fieldname])) { $scrubent[$fieldname] = implode(',', $pconfig[$fieldname]); } else { $scrubent[$fieldname] = trim($pconfig[$fieldname]); } } } $scrubent['noscrub'] = !empty($pconfig['noscrub']); $scrubent['updated'] = make_config_revision_entry(); // update or insert item if (isset($id)) { if ( isset($a_scrub[$id]['created']) && is_array($a_scrub[$id]['created']) ) { $scrubent['created'] = $a_scrub[$id]['created']; } $a_scrub[$id] = $scrubent; } else { $scrubent['created'] = make_config_revision_entry(); if (isset($after)) { array_splice($a_scrub, $after+1, 0, array($scrubent)); } else { $a_scrub[] = $scrubent; } } // write to config write_config(); mark_subsystem_dirty('filter'); header(url_safe('Location: /firewall_scrub.php')); exit; } } legacy_html_escape_form_data($pconfig); include("head.inc"); ?>
0) print_input_errors($input_errors); ?>
/>
/>
"/>
/>
"/>
/>
/>
/>
()
()