Commit 229f20f6 authored by Ad Schellevis's avatar Ad Schellevis

(legacy) refactor firewall_nat_1to1_edit.php

parent 2f44495f
...@@ -30,8 +30,55 @@ require_once("guiconfig.inc"); ...@@ -30,8 +30,55 @@ require_once("guiconfig.inc");
require_once("interfaces.inc"); require_once("interfaces.inc");
require_once("pfsense-utils.inc"); require_once("pfsense-utils.inc");
$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat_1to1.php'); /**
* fetch list of selectable networks to use in form
*/
function formNetworks() {
$networks = array();
$networks["any"] = gettext("any");
$networks["pptp"] = gettext("PPTP clients");
$networks["pppoe"] = gettext("PPPoE clients");
$networks["l2tp"] = gettext("L2TP clients");
foreach (get_configured_interface_with_descr() as $ifent => $ifdesc) {
$networks[$ifent] = htmlspecialchars($ifdesc) . " " . gettext("net");
$networks[$ifent."ip"] = htmlspecialchars($ifdesc). " ". gettext("address");
}
return $networks;
}
/**
* build array with interface options for this form
*/
function formInterfaces() {
global $config;
$interfaces = array();
foreach ( get_configured_interface_with_descr(false, true) as $if => $ifdesc)
$interfaces[$if] = $ifdesc;
if (isset($config['l2tp']['mode']) && $config['l2tp']['mode'] == "server")
$interfaces['l2tp'] = "L2TP VPN";
if (isset($config['pptpd']['mode']) && $config['pptpd']['mode'] == "server")
$interfaces['pptp'] = "PPTP VPN";
if (is_pppoe_server_enabled())
$interfaces['pppoe'] = "PPPoE VPN";
/* add ipsec interfaces */
if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
$interfaces["enc0"] = "IPsec";
/* add openvpn/tun interfaces */
if (isset($config['openvpn']['openvpn-server']) || isset($config['openvpn']['openvpn-client'])) {
$interfaces['openvpn'] = 'OpenVPN';
}
return $interfaces;
}
/**
* obscured by clouds, is_specialnet uses this.. so let's hide it in here.
* let's kill this another day.
*/
$specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn"); $specialsrcdst = explode(" ", "any pptp pppoe l2tp openvpn");
$ifdisp = get_configured_interface_with_descr(); $ifdisp = get_configured_interface_with_descr();
foreach ($ifdisp as $kif => $kdescr) { foreach ($ifdisp as $kif => $kdescr) {
...@@ -39,28 +86,35 @@ foreach ($ifdisp as $kif => $kdescr) { ...@@ -39,28 +86,35 @@ foreach ($ifdisp as $kif => $kdescr) {
$specialsrcdst[] = "{$kif}ip"; $specialsrcdst[] = "{$kif}ip";
} }
if (!is_array($config['nat']['onetoone'])) if (!isset($config['nat']['onetoone'])) {
$config['nat']['onetoone'] = array(); $config['nat']['onetoone'] = array();
}
$a_1to1 = &$config['nat']['onetoone']; $a_1to1 = &$config['nat']['onetoone'];
if (is_numericint($_GET['id'])) if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// input record id, if valid
if (isset($_GET['dup']) && isset($a_1to1[$_GET['dup']])) {
$configId = $_GET['dup'];
} elseif (isset($_GET['id']) && isset($a_1to1[$_GET['id']])) {
$id = $_GET['id']; $id = $_GET['id'];
if (isset($_POST['id']) && is_numericint($_POST['id'])) $configId = $id;
$id = $_POST['id']; }
$after = $_GET['after'];
if (isset($_POST['after']))
$after = $_POST['after'];
if (isset($_GET['dup'])) {
$id = $_GET['dup'];
$after = $_GET['dup'];
}
if (isset($id) && $a_1to1[$id]) {
$pconfig['disabled'] = isset($a_1to1[$id]['disabled']);
$pconfig = array();
// set defaults
$pconfig['interface'] = "wan";
$pconfig['src'] = 'lan';
$pconfig['dst'] = 'any';
if (isset($configId)) {
// copy settings from config
foreach (array('disabled','interface','external','descr','natreflection') as $fieldname) {
if (isset($a_1to1[$id][$fieldname])) {
$pconfig[$fieldname] = $a_1to1[$id][$fieldname];
} else {
$pconfig[$fieldname] = null;
}
}
// read settings with some kind of logic
address_to_pconfig($a_1to1[$id]['source'], $pconfig['src'], address_to_pconfig($a_1to1[$id]['source'], $pconfig['src'],
$pconfig['srcmask'], $pconfig['srcnot'], $pconfig['srcmask'], $pconfig['srcnot'],
$pconfig['srcbeginport'], $pconfig['srcendport']); $pconfig['srcbeginport'], $pconfig['srcendport']);
...@@ -68,505 +122,339 @@ if (isset($id) && $a_1to1[$id]) { ...@@ -68,505 +122,339 @@ if (isset($id) && $a_1to1[$id]) {
address_to_pconfig($a_1to1[$id]['destination'], $pconfig['dst'], address_to_pconfig($a_1to1[$id]['destination'], $pconfig['dst'],
$pconfig['dstmask'], $pconfig['dstnot'], $pconfig['dstmask'], $pconfig['dstnot'],
$pconfig['dstbeginport'], $pconfig['dstendport']); $pconfig['dstbeginport'], $pconfig['dstendport']);
} else {
$pconfig['interface'] = $a_1to1[$id]['interface']; // init form data on new
if (!$pconfig['interface']) foreach (array('disabled','interface','external','descr','natreflection'
$pconfig['interface'] = "wan"; ,'src','srcmask','srcnot','srcbeginport','srcendport'
,'dst','dstmask','dstnot','dstbeginport','dstendport'
$pconfig['external'] = $a_1to1[$id]['external']; ) as $fieldname) {
$pconfig['descr'] = $a_1to1[$id]['descr']; if (!isset($pconfig[$fieldname])) {
$pconfig['natreflection'] = $a_1to1[$id]['natreflection']; $pconfig[$fieldname] = null;
} else }
$pconfig['interface'] = "wan"; }
}
if (isset($_GET['dup'])) } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
unset($id); $input_errors = array();
if ($_POST) {
unset($input_errors);
$pconfig = $_POST; $pconfig = $_POST;
/* run through $_POST items encoding HTML entties so that the user // input record id, if valid
* cannot think he is slick and perform a XSS attack on the unwilling if (isset($_POST['id']) && isset($a_1to1[$_POST['id']])) {
*/ $id = $_POST['id'];
foreach ($_POST as $key => $value) {
$temp = str_replace(">", "", $value);
$newpost = htmlentities($temp);
if($newpost <> $temp)
$input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp);
} }
/* input validation */ // trim input
$reqdfields = explode(" ", "interface external"); foreach (array('external','src','dst') as $fieldname) {
$reqdfieldsn = array(gettext("Interface"), gettext("External subnet")); if (isset($pconfig[$fieldname])) {
if ($_POST['srctype'] == "single" || $_POST['srctype'] == "network") { $pconfig[$fieldname] = trim($pconfig[$fieldname]);
$reqdfields[] = "src";
$reqdfieldsn[] = gettext("Source address");
} }
if ($_POST['dsttype'] == "single" || $_POST['dsttype'] == "network") {
$reqdfields[] = "dst";
$reqdfieldsn[] = gettext("Destination address");
} }
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); // validate input
foreach ($pconfig as $key => $value) {
if($value <> htmlentities($value))
$input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp);
}
if ($_POST['external']) /* input validation */
$_POST['external'] = trim($_POST['external']); $reqdfields = explode(" ", "interface external src dst");
if ($_POST['src']) $reqdfieldsn = array(gettext("Interface"), gettext("External subnet"), gettext("Source address"), gettext("Destination address"));
$_POST['src'] = trim($_POST['src']); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if ($_POST['dst'])
$_POST['dst'] = trim($_POST['dst']);
if (is_specialnet($_POST['srctype'])) {
$_POST['src'] = $_POST['srctype'];
$_POST['srcmask'] = 0;
} else if ($_POST['srctype'] == "single") {
$_POST['srcmask'] = 32;
}
if (is_specialnet($_POST['dsttype'])) {
$_POST['dst'] = $_POST['dsttype'];
$_POST['dstmask'] = 0;
} else if ($_POST['dsttype'] == "single") {
$_POST['dstmask'] = 32;
} else if (is_ipaddr($_POST['dsttype'])) {
$_POST['dst'] = $_POST['dsttype'];
$_POST['dstmask'] = 32;
$_POST['dsttype'] = "single";
}
/* For external, user can enter only ip's */ /* For external, user can enter only ip's */
if (($_POST['external'] && !is_ipaddr($_POST['external']))) if (!empty($pconfig['external']) && !is_ipaddr($_POST['external'])) {
$input_errors[] = gettext("A valid external subnet must be specified."); $input_errors[] = gettext("A valid external subnet must be specified.");
/* For dst, if user enters an alias and selects "network" then disallow. */
if ($_POST['dsttype'] == "network" && is_alias($_POST['dst']) )
$input_errors[] = gettext("You must specify single host or alias for alias entries.");
/* For src, user can enter only ip's or networks */
if (!is_specialnet($_POST['srctype'])) {
if (($_POST['src'] && !is_ipaddr($_POST['src']))) {
$input_errors[] = sprintf(gettext("%s is not a valid internal IP address."), $_POST['src']);
} }
if (($_POST['srcmask'] && !is_numericint($_POST['srcmask']))) { /* For src, user can enter only ip's or networks */
$input_errors[] = gettext("A valid internal bit count must be specified."); if (!is_specialnet($pconfig['src']) && !is_ipaddroralias($pconfig['src'])) {
$input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']);
} }
if (!empty($pconfig['srcmask']) && !is_numericint($pconfig['srcmask'])) {
$input_errors[] = gettext("A valid source bit count must be specified.");
} }
/* For dst, user can enter ip's, networks or aliases */ /* For dst, user can enter ip's, networks or aliases */
if (!is_specialnet($_POST['dsttype'])) { if (!is_specialnet($pconfig['dst']) && !is_ipaddroralias($pconfig['dst'])) {
if (($_POST['dst'] && !is_ipaddroralias($_POST['dst']))) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']);
$input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $_POST['dst']);
} }
if (($_POST['dstmask'] && !is_numericint($_POST['dstmask']))) { if (!empty($pconfig['dstmask']) && !is_numericint($pconfig['dstmask'])) {
$input_errors[] = gettext("A valid destination bit count must be specified."); $input_errors[] = gettext("A valid destination bit count must be specified.");
} }
}
/* check for overlaps with other 1:1 */
foreach ($a_1to1 as $natent) {
if (isset($id) && ($a_1to1[$id]) && ($a_1to1[$id] === $natent))
continue;
if (check_subnets_overlap($_POST['internal'], $_POST['subnet'], $natent['internal'], $natent['subnet'])) {
//$input_errors[] = "Another 1:1 rule overlaps with the specified internal subnet.";
//break;
}
}
if (!$input_errors) { if (count($input_errors) == 0) {
$natent = array(); $natent = array();
// 1-on-1 copy
$natent['external'] = $pconfig['external'];
$natent['descr'] = $pconfig['descr'];
$natent['interface'] = $pconfig['interface'];
// copy form data with some kind of logic in it
$natent['disabled'] = isset($_POST['disabled']) ? true:false; $natent['disabled'] = isset($_POST['disabled']) ? true:false;
$natent['external'] = $_POST['external']; pconfig_to_address($natent['source'], $pconfig['src'],
$natent['descr'] = $_POST['descr']; $pconfig['srcmask'], !empty($pconfig['srcnot']));
$natent['interface'] = $_POST['interface'];
pconfig_to_address($natent['source'], $_POST['src'],
$_POST['srcmask'], $_POST['srcnot']);
pconfig_to_address($natent['destination'], $_POST['dst'], pconfig_to_address($natent['destination'], $pconfig['dst'],
$_POST['dstmask'], $_POST['dstnot']); $pconfig['dstmask'], !empty($pconfig['dstnot']));
if ($_POST['natreflection'] == "enable" || $_POST['natreflection'] == "disable") if (isset($pconfig['natreflection'] ) && ($pconfig['natreflection'] == "enable" || $pconfig['natreflection'] == "disable")) {
$natent['natreflection'] = $_POST['natreflection']; $natent['natreflection'] = $pconfig['natreflection'];
else }
unset($natent['natreflection']);
if (isset($id) && $a_1to1[$id]) // save data
if (isset($id)) {
$a_1to1[$id] = $natent; $a_1to1[$id] = $natent;
else { } else {
if (is_numeric($after))
array_splice($a_1to1, $after+1, 0, array($natent));
else
$a_1to1[] = $natent; $a_1to1[] = $natent;
} }
if (write_config()) if (write_config()) {
mark_subsystem_dirty('natconf'); mark_subsystem_dirty('natconf');
}
header("Location: firewall_nat_1to1.php"); header("Location: firewall_nat_1to1.php");
exit; exit;
} }
} }
legacy_html_escape_form_data($pconfig);
$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("1:1"),gettext("Edit")); $pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("1:1"),gettext("Edit"));
include("head.inc"); include("head.inc");
?> ?>
<body> <body>
<?php include("fbegin.inc"); ?>
<script type="text/javascript" src="/javascript/suggestions.js"></script>
<script type="text/javascript" src="/javascript/autosuggest.js"></script>
<script type="text/javascript"> <script type="text/javascript">
//<![CDATA[ $( document ).ready(function() {
function typesel_change() {
switch (document.iform.srctype.selectedIndex) { // select / input combination, link behaviour
case 1: /* single */ // when the data attribute "data-other" is selected, display related input item(s)
document.iform.src.disabled = 0; // push changes from input back to selected option value
//document.iform.srcmask.value = ""; $('[for!=""][for]').each(function(){
//document.iform.srcmask.disabled = 1; var refObj = $("#"+$(this).attr("for"));
jQuery('#srcmask').selectpicker('val',''); if (refObj.is("select")) {
jQuery('#srcmask').prop('disabled',true); // connect on change event to select box (show/hide)
jQuery('#srcmask').selectpicker('refresh'); refObj.change(function(){
break; if ($(this).find(":selected").attr("data-other") == "true") {
case 2: /* network */ // show related controls
document.iform.src.disabled = 0; $('*[for="'+$(this).attr("id")+'"]').each(function(){
//document.iform.srcmask.disabled = 0; if ($(this).hasClass("selectpicker")) {
jQuery('#srcmask').prop('disabled',false); $(this).selectpicker('show');
jQuery('#srcmask').selectpicker('refresh'); } else {
break; $(this).removeClass("hidden");
default: }
document.iform.src.value = ""; });
document.iform.src.disabled = 1; } else {
//document.iform.srcmask.value = ""; // hide related controls
//document.iform.srcmask.disabled = 1; $('*[for="'+$(this).attr("id")+'"]').each(function(){
jQuery('#srcmask').selectpicker('val',''); if ($(this).hasClass("selectpicker")) {
jQuery('#srcmask').prop('disabled',true); $(this).selectpicker('hide');
jQuery('#srcmask').selectpicker('refresh'); } else {
break; $(this).addClass("hidden");
} }
switch (document.iform.dsttype.selectedIndex) { });
case 1: /* single */
document.iform.dst.disabled = 0;
//document.iform.dstmask.value = "";
//document.iform.dstmask.disabled = 1;
jQuery('#dstmask').selectpicker('val','');
jQuery('#dstmask').prop('disabled',true);
jQuery('#dstmask').selectpicker('refresh');
break;
case 2: /* network */
document.iform.dst.disabled = 0;
//document.iform.dstmask.disabled = 0;
jQuery('#dstmask').prop('disabled',false);
jQuery('#dstmask').selectpicker('refresh');
break;
default:
document.iform.dst.value = "";
document.iform.dst.disabled = 1;
//document.iform.dstmask.value = "";
//document.iform.dstmask.disabled = 1;
jQuery('#dstmask').selectpicker('val','');
jQuery('#dstmask').prop('disabled',true);
jQuery('#dstmask').selectpicker('refresh');
break;
} }
});
// update initial
refObj.change();
// connect on change to input to save data to selector
if ($(this).attr("name") == undefined) {
$(this).change(function(){
var otherOpt = $('#'+$(this).attr('for')+' > option[data-other="true"]') ;
otherOpt.attr("value",$(this).val());
});
} }
//]]> }
});
});
</script> </script>
<?php include("fbegin.inc"); ?>
<section class="page-content-main"> <section class="page-content-main">
<div class="container-fluid"> <div class="container-fluid">
<div class="row"> <div class="row">
<?php
<?php
if (isset($input_errors) && count($input_errors) > 0) if (isset($input_errors) && count($input_errors) > 0)
print_input_errors($input_errors); print_input_errors($input_errors);
?> ?>
<section class="col-xs-12"> <section class="col-xs-12">
<div class="content-box"> <div class="content-box">
<form action="firewall_nat_1to1_edit.php" method="post" name="iform" id="iform"> <form action="firewall_nat_1to1_edit.php" method="post" name="iform" id="iform">
<div class="table-responsive"> <div class="table-responsive">
<table class="table table-striped table-sort"> <table class="table table-striped">
<tr> <tr>
<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit NAT 1:1 entry"); ?></td> <td valign="top"><?=gettext("Edit NAT 1:1 entry"); ?></td>
<td align="right">
<small><?=gettext("full help"); ?> </small>
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_opnvpn_server" type="button"></i></a>
</td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled"); ?></td> <td><a id="help_for_disabled" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Disabled"); ?></td>
<td width="78%" class="vtable"> <td>
<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> /> <input name="disabled" type="checkbox" id="disabled" value="yes" <?= !empty($pconfig['disabled']) ? "checked=\"checked\"" : ""; ?> />
<div class="hidden" for="help_for_disabled">
<strong><?=gettext("Disable this rule"); ?></strong><br /> <strong><?=gettext("Disable this rule"); ?></strong><br />
<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list."); ?></span> <?=gettext("Set this option to disable this rule without removing it from the list."); ?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface"); ?></td> <td><a id="help_for_interface" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Interface"); ?></td>
<td width="78%" class="vtable"> <td>
<select name="interface" class="selectpicker" data-live-search="true"> <div class="input-group">
<select name="interface" class="selectpicker" data-width="auto" data-live-search="true" onchange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();">
<?php <?php
foreach ($ifdisp as $if => $ifdesc) foreach (formInterfaces() as $iface => $ifacename): ?>
if(have_ruleint_access($if)) <option value="<?=$iface;?>" <?= $iface == $pconfig['interface'] ? "selected=\"selected\"" : ""; ?>>
$interfaces[$if] = $ifdesc;
if ($config['l2tp']['mode'] == "server")
if(have_ruleint_access("l2tp"))
$interfaces['l2tp'] = "L2TP VPN";
if ($config['pptpd']['mode'] == "server")
if(have_ruleint_access("pptp"))
$interfaces['pptp'] = "PPTP VPN";
if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
$interfaces['pppoe'] = "PPPoE VPN";
/* add ipsec interfaces */
if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
if(have_ruleint_access("enc0"))
$interfaces["enc0"] = "IPsec";
/* add openvpn/tun interfaces */
if (isset($config['openvpn']['openvpn-server']) || isset($config['openvpn']['openvpn-client'])) {
$interfaces['openvpn'] = 'OpenVPN';
}
foreach ($interfaces as $iface => $ifacename):
?>
<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
<?=htmlspecialchars($ifacename);?> <?=htmlspecialchars($ifacename);?>
</option> </option>
<?php <?php endforeach; ?>
endforeach; </select>
?> </div>
</select><br /> <div class="hidden" for="help_for_interface">
<span class="vexpl"><?=gettext("Choose which interface this rule applies to"); ?>.<br /> <?=gettext("Choose which interface this rule applies to"); ?>.<br />
<?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>.</span></td> <?=gettext("Hint: in most cases, you'll want to use WAN here"); ?>
</div>
</td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("External subnet IP"); ?></td> <td><a id="help_for_external" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("External subnet IP"); ?></td>
<td width="78%" class="vtable"> <td>
<input name="external" type="text" class="formfld" id="external" size="20" value="<?=htmlspecialchars($pconfig['external']);?>" /> <input name="external" type="text" value="<?=$pconfig['external'];?>" />
<br /> <br />
<span class="vexpl"> <div class="hidden" for="help_for_external">
<?=gettext("Enter the external (usually on a WAN) subnet's starting address for the 1:1 mapping. " . <?=gettext("Enter the external (usually on a WAN) subnet's starting address for the 1:1 mapping. ");?><br />
"The subnet mask from the internal address below will be applied to this IP address."); ?><br /> <?=gettext("The subnet mask from the internal address below will be applied to this IP address."); ?><br />
<?=gettext("Hint: this is generally an address owned by the router itself on the selected interface."); ?> <?=gettext("Hint: this is generally an address owned by the router itself on the selected interface."); ?>
</span> </div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Internal IP"); ?></td> <td><a id="help_for_src_invert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Internal IP") . " / ".gettext("Invert");?> </td>
<td width="78%" class="vtable">
<input name="srcnot" type="checkbox" id="srcnot" value="yes" <?php if ($pconfig['srcnot']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("not"); ?></strong>
<br />
<?=gettext("Use this option to invert the sense of the match."); ?>
<br />
<br />
<table border="0" cellspacing="0" cellpadding="0" summary="source">
<tr>
<td><?=gettext("Type:"); ?>&nbsp;&nbsp;</td>
<td> <td>
<select name="srctype" class="selectpicker" onchange="typesel_change()"> <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?= !empty($pconfig['srcnot']) ? "checked=\"checked\"" : "";?> />
<?php <div class="hidden" for="help_for_src_invert">
$sel = is_specialnet($pconfig['src']); <?=gettext("Use this option to invert the sense of the match."); ?>
?> </div>
<option value="any" <?php if ($pconfig['src'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option>
<option value="single" <?php if ((($pconfig['srcmask'] == 32) || !isset($pconfig['srcmask'])) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>>
<?=gettext("Single host"); ?>
</option>
<option value="network" <?php if (!$sel) echo "selected=\"selected\""; ?>><?=gettext("Network"); ?></option>
<?php
if(have_ruleint_access("pptp")):
?>
<option value="pptp" <?php if ($pconfig['src'] == "pptp") { echo "selected=\"selected\""; } ?>><?=gettext("PPTP clients"); ?></option>
<?php
endif;
if(have_ruleint_access("pppoe")):
?>
<option value="pppoe" <?php if ($pconfig['src'] == "pppoe") { echo "selected=\"selected\""; } ?>><?=gettext("PPPoE clients"); ?></option>
<?php
endif;
if(have_ruleint_access("l2tp")):
?>
<option value="l2tp" <?php if ($pconfig['src'] == "l2tp") { echo "selected=\"selected\""; } ?>><?=gettext("L2TP clients"); ?></option>
<?php
endif;
foreach ($ifdisp as $ifent => $ifdesc):
if(have_ruleint_access($ifent)):
?>
<option value="<?=$ifent;?>" <?php if ($pconfig['src'] == $ifent) { echo "selected=\"selected\""; } ?>>
<?=htmlspecialchars($ifdesc);?> <?=gettext("net"); ?>
</option>
<option value="<?=$ifent;?>ip"<?php if ($pconfig['src'] == $ifent . "ip") { echo "selected=\"selected\""; } ?>>
<?=$ifdesc?> <?=gettext("address");?>
</option>
<?php
endif;
endforeach;
?>
</select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td><?=gettext("Address:"); ?>&nbsp;&nbsp;</td> <td><a id="help_for_src" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Internal IP"); ?></td>
<td> <td>
<table> <table class="table table-condensed">
<tr> <tr>
<td width="348px">
<input name="src" type="text" class="formfld" id="src" size="20" value="<?php if (!is_specialnet($pconfig['src'])) echo htmlspecialchars($pconfig['src']);?>" />
</td>
<td> <td>
<select name="srcmask" class="selectpicker" id="srcmask" data-width="auto"> <select name="src" id="src" class="selectpicker" data-live-search="true" data-size="5" data-width="auto">
<?php <option data-other=true value="<?=$pconfig['src'];?>" <?=!is_specialnet($pconfig['src']) ? "selected=\"selected\"" : "";?>><?=gettext("Single host or Network"); ?></option>
for ($i = 31; $i > 0; $i--): <optgroup label="<?=gettext("aliasses");?>">
<?php foreach (legacy_list_aliasses("network") as $alias):
?> ?>
<option value="<?=$i;?>" <?php if ($i == $pconfig['srcmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> <option value="<?=$alias['name'];?>" <?=$alias['name'] == $pconfig['src'] ? "selected=\"selected\"" : "";?>><?=htmlspecialchars($alias['name']);?></option>
<?php <?php endforeach; ?>
endfor; </optgroup>
<optgroup label="<?=gettext("net");?>">
<?php foreach (formNetworks() as $ifent => $ifdesc):
?> ?>
<option value="<?=$ifent;?>" <?= $pconfig['src'] == $ifent ? "selected=\"selected\"" : ""; ?>><?=$ifdesc;?></option>
<?php endforeach; ?>
</optgroup>
</select> </select>
</td> </td>
</tr> </tr>
</table> <tr>
<td>
<div class="input-group">
<!-- updates to "other" option in src -->
<input type="text" for="src" value="<?=$pconfig['src'];?>" aria-label="<?=gettext("Source address");?>"/>
<select name="srcmask" class="selectpicker" data-size="5" id="srcmask" data-width="auto" for="src" >
<?php for ($i = 32; $i > 0; $i--): ?>
<option value="<?=$i;?>" <?= $i == $pconfig['srcmask'] ? "selected=\"selected\"" : ""; ?>><?=$i;?></option>
<?php endfor; ?>
</select>
</div>
</td> </td>
</tr> </tr>
</table> </table>
<br /> <div class="hidden" for="help_for_src">
<span class="vexpl"><?=gettext("Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the internal subnet will be applied to the external subnet."); ?></span> <?=gettext("Enter the internal (LAN) subnet for the 1:1 mapping. The subnet size specified for the internal subnet will be applied to the external subnet."); ?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination"); ?></td> <td> <a id="help_for_dst_invert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Destination") . " / ".gettext("Invert");?> </td>
<td width="78%" class="vtable">
<input name="dstnot" type="checkbox" id="dstnot" value="yes" <?php if ($pconfig['dstnot']) echo "checked=\"checked\""; ?> />
<strong><?=gettext("not"); ?></strong>
<br />
<?=gettext("Use this option to invert the sense of the match."); ?>
<br />
<br />
<table border="0" cellspacing="0" cellpadding="0" summary="destination">
<tr>
<td><?=gettext("Type:"); ?>&nbsp;&nbsp;</td>
<td> <td>
<select name="dsttype" class="selectpicker" onchange="typesel_change()"> <input name="dstnot" type="checkbox" id="srcnot" value="yes" <?= !empty($pconfig['dstnot']) ? "checked=\"checked\"" : "";?> />
<?php <div class="hidden" for="help_for_dst_invert">
$sel = is_specialnet($pconfig['dst']); ?> <?=gettext("Use this option to invert the sense of the match."); ?>
<option value="any" <?php if (empty($pconfig['dst']) || $pconfig['dst'] == "any") { echo "selected=\"selected\""; } ?>><?=gettext("any"); ?></option> </div>
<option value="single" <?php if (($pconfig['dstmask'] == 32) && !$sel) { echo "selected=\"selected\""; $sel = 1; } ?>>
<?=gettext("Single host or alias"); ?>
</option>
<option value="network" <?php if (!$sel && !empty($pconfig['dst'])) echo "selected=\"selected\""; ?>>
<?=gettext("Network"); ?>
</option>
<?php
if(have_ruleint_access("pptp")):
?>
<option value="pptp" <?php if ($pconfig['dst'] == "pptp") { echo "selected=\"selected\""; } ?>>
<?=gettext("PPTP clients"); ?>
</option>
<?php
endif;
if(have_ruleint_access("pppoe")):
?>
<option value="pppoe" <?php if ($pconfig['dst'] == "pppoe") { echo "selected=\"selected\""; } ?>>
<?=gettext("PPPoE clients"); ?>
</option>
<?php
endif;
if(have_ruleint_access("l2tp")):
?>
<option value="l2tp" <?php if ($pconfig['dst'] == "l2tp") { echo "selected=\"selected\""; } ?>>
<?=gettext("L2TP clients"); ?>
</option>
<?php
endif;
foreach ($ifdisp as $if => $ifdesc):
if(have_ruleint_access($if)):
?>
<option value="<?=$if;?>" <?php if ($pconfig['dst'] == $if) { echo "selected=\"selected\""; } ?>><?=htmlspecialchars($ifdesc);?>
<?=gettext("net"); ?>
</option>
<option value="<?=$if;?>ip"<?php if ($pconfig['dst'] == $if . "ip") { echo "selected=\"selected\""; } ?>>
<?=$ifdesc;?> <?=gettext("address");?>
</option>
<?php
endif;
endforeach;
?>
</select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td><?=gettext("Address:"); ?>&nbsp;&nbsp;</td> <td><a id="help_for_dst" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Destination"); ?></td>
<td> <td>
<table> <table class="table table-condensed">
<tr> <tr>
<td width="348px">
<input name="dst" type="text" autocomplete="off" class="formfldalias" id="dst" size="20" value="<?php if (!is_specialnet($pconfig['dst'])) echo htmlspecialchars($pconfig['dst']);?>" />
</td>
<td> <td>
<select name="dstmask" class="selectpicker" id="dstmask" data-width="auto"> <select name="dst" id="dst" class="selectpicker" data-live-search="true" data-size="5" data-width="auto">
<?php <option data-other=true value="<?=$pconfig['dst'];?>" <?=!is_specialnet($pconfig['dst']) ? "selected=\"selected\"" : "";?>><?=gettext("Single host or Network"); ?></option>
for ($i = 31; $i > 0; $i--): <optgroup label="<?=gettext("aliasses");?>">
<?php foreach (legacy_list_aliasses("network") as $alias):
?> ?>
<option value="<?=$i;?>" <?php if ($i == $pconfig['dstmask']) echo "selected=\"selected\""; ?>><?=$i;?></option> <option value="<?=$alias['name'];?>" <?=$alias['name'] == $pconfig['dst'] ? "selected=\"selected\"" : "";?>><?=htmlspecialchars($alias['name']);?></option>
<?php <?php endforeach; ?>
endfor; </optgroup>
<optgroup label="<?=gettext("net");?>">
<?php foreach (formNetworks() as $ifent => $ifdesc):
?> ?>
<option value="<?=$ifent;?>" <?= $pconfig['dst'] == $ifent ? "selected=\"selected\"" : ""; ?>><?=$ifdesc;?></option>
<?php endforeach; ?>
</optgroup>
</select>
</td> </td>
</tr> </tr>
</table> <tr>
<td>
<div class="input-group">
<!-- updates to "other" option in src -->
<input type="text" for="dst" value="<?= !is_specialnet($pconfig['dst']) ? $pconfig['dst'] : "";?>" aria-label="<?=gettext("Destination address");?>"/>
<select name="dstmask" class="selectpicker" data-size="5" id="dstmask" data-width="auto" for="dst" >
<?php for ($i = 32; $i > 0; $i--): ?>
<option value="<?=$i;?>" <?= $i == $pconfig['dstmask'] ? "selected=\"selected\"" : ""; ?>><?=$i;?></option>
<?php endfor; ?>
</select> </select>
</div>
</td> </td>
</tr> </tr>
</table> </table>
<br /> <div class="hidden" for="help_for_dst">
<span class="vexpl">
<?=gettext("The 1:1 mapping will only be used for connections to or from the specified destination."); ?><br /> <?=gettext("The 1:1 mapping will only be used for connections to or from the specified destination."); ?><br />
<?=gettext("Hint: this is usually 'any'."); ?> <?=gettext("Hint: this is usually 'any'."); ?>
</span> </div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> <td><a id="help_for_descr" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Description"); ?></td>
<td width="78%" class="vtable"> <td>
<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" /> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=$pconfig['descr'];?>" />
<br /> <div class="hidden" for="help_for_descr">
<span class="vexpl"> <?=gettext("You may enter a description here " ."for your reference (not parsed)."); ?>
<?=gettext("You may enter a description here for your reference (not parsed)."); ?> </div>
</span>
</td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncell"><?=gettext("NAT reflection"); ?></td> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("NAT reflection"); ?></td>
<td width="78%" class="vtable"> <td>
<select name="natreflection" class="selectpicker"> <select name="natreflection" class="selectpicker">
<option value="default" <?php if ($pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable") echo "selected=\"selected\""; ?>> <option value="default" <?=$pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "disable" ? "selected=\"selected\"" : ""; ?>><?=gettext("Use system default"); ?></option>
<?=gettext("use system default"); ?> <option value="enable" <?=$pconfig['natreflection'] == "enable" ? "selected=\"selected\"" : ""; ?>><?=gettext("Enable"); ?></option>
</option> <option value="disable" <?=$pconfig['natreflection'] == "disable" ? "selected=\"selected\"" : ""; ?>><?=gettext("Disable"); ?></option>
<option value="enable" <?php if ($pconfig['natreflection'] == "enable") echo "selected=\"selected\""; ?>>
<?=gettext("enable"); ?>
</option>
<option value="disable" <?php if ($pconfig['natreflection'] == "disable") echo "selected=\"selected\""; ?>>
<?=gettext("disable"); ?>
</option>
</select> </select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top">&nbsp;</td> <td>&nbsp;</td>
<td width="78%"> <td>
<input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" /> <input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
<input type="button" class="btn btn-default" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> <input type="button" class="btn btn-default" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat_1to1.php');?>'" />
<?php if (isset($id) && $a_1to1[$id]): ?> <?php if (isset($id)): ?>
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="id" type="hidden" value="<?=$id;?>" />
<?php endif; ?> <?php endif; ?>
</td> </td>
</tr> </tr>
...@@ -578,16 +466,4 @@ include("head.inc"); ...@@ -578,16 +466,4 @@ include("head.inc");
</div> </div>
</div> </div>
</section> </section>
<script type="text/javascript">
//<![CDATA[
typesel_change();
//]]>
</script>
<script type="text/javascript">
//<![CDATA[
var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
var oTextbox1 = new AutoSuggestControl(document.getElementById("dst"), new StateSuggestions(addressarray));
//]]>
</script>
<?php include("foot.inc"); ?> <?php include("foot.inc"); ?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment