Commit 2c1604b0 authored by Fabio Miguel Mello's avatar Fabio Miguel Mello

Merge branch 'master' of github.com:fabiomello/core

parents f56f7e86 beff7772
......@@ -584,7 +584,9 @@ function filter_generate_scrubing(&$FilterIflist)
if (!empty($config['filter']['scrub']['rule'])) {
foreach ($config['filter']['scrub']['rule'] as $scrub_rule) {
if (!isset($scrub_rule['disabled'])) {
$scrub_rule_out = "scrub on ";
$scrub_rule_out = "scrub";
$scrub_rule_out .= !empty($scrub_rule['direction']) ? " " . $scrub_rule['direction'] : "" ;
$scrub_rule_out .= " on ";
$interfaces = array();
foreach (explode(',', $scrub_rule['interface']) as $interface) {
if (!empty($FilterIflist[$interface]['if'])) {
......@@ -603,6 +605,7 @@ function filter_generate_scrubing(&$FilterIflist)
} else {
$scrub_rule_out .= "any";
}
$scrub_rule_out .= !empty($scrub_rule['srcport']) ? " port " . $scrub_rule['srcport'] : "";
$scrub_rule_out .= " to ";
if (is_alias($scrub_rule['dst'])) {
$scrub_rule_out .= !empty($scrub_rule['dstnot']) ? "!" : "";
......
......@@ -94,11 +94,21 @@ function plugins_syslog()
* Every <plugin>_interface should return a named array containing the interface unique identifier and properties.
*
*/
function plugins_interfaces()
function plugins_interfaces($write_allowed = true)
{
global $config;
$changed_interfaces = array();
$registered_interfaces = array();
$stale_interfaces = array();
$write_required = false;
// mark previous dynamic registrations stale
if (isset($config['interfaces'])) {
foreach ($config['interfaces'] as $intf_ref => $intf_data) {
if (isset($intf_data[0]['internal_dynamic']) || isset($intf_data['internal_dynamic'])) {
$stale_interfaces[$intf_ref] = 1;
}
}
}
// register / update interfaces
foreach (plugins_scan() as $name => $path) {
......@@ -107,8 +117,9 @@ function plugins_interfaces()
if (function_exists($func)) {
foreach ($func() as $intf_ref => $intf_data) {
if (is_array($intf_data)) {
if (!in_array($intf_ref, $registered_interfaces)) {
$registered_interfaces[] = $intf_ref;
// mark interface used
if (isset($stale_interfaces[$intf_ref])) {
unset($stale_interfaces[$intf_ref]);
}
if (empty($config['interfaces'][$intf_ref])) {
$config['interfaces'][$intf_ref] = array();
......@@ -124,9 +135,7 @@ function plugins_interfaces()
foreach ($intf_data as $prop_name => $prop_value) {
if ((empty($intf_config[$prop_name]) && !empty($prop_value)) || $intf_config[$prop_name] != $prop_value) {
$intf_config[$prop_name] = $prop_value;
if (!in_array($intf_ref, $changed_interfaces)) {
$changed_interfaces[] = $intf_ref;
}
$write_required = true;
}
}
}
......@@ -135,17 +144,15 @@ function plugins_interfaces()
}
// cleanup registrations
if (isset($config['interfaces'])) {
foreach ($config['interfaces'] as $intf => $intf_data) {
if (!empty($intf_data['internal_dynamic']) && !in_array($intf, $registered_interfaces)) {
$changed_interfaces[] = $intf;
unset($config['interfaces'][$intf]);
}
foreach ($stale_interfaces as $intf_ref => $no_data) {
if (isset($config['interfaces'][$intf_ref])) {
unset($config['interfaces'][$intf_ref]);
$write_required = true;
}
}
// configuration changed, materialize
if (count($changed_interfaces) > 0) {
if ($write_allowed && $write_required) {
write_config();
}
}
......
<?php
/**
* Copyright (C) 2016 IT-assistans Sverige AB
* Copyright (C) 2016 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Base;
/**
* Class ApiModelControllerBase, inherit this class to implement
* an API that exposes a model with a get action.
* You need to implement a method to create new blank model
* objecs (newModelObject) as well as a method to return
* the name of the model.
* @package OPNsense\Base
*/
abstract class ApiModelControllerBase extends ApiControllerBase
{
/**
* @var string this implementations internal model name to use (in set/get output)
*/
protected $internalModelName = null;
/**
* @var string model class name to use
*/
protected $internalModelClass = null;
/**
* @var null|BaseModel model object to work on
*/
private $modelHandle = null;
/**
* validate on initialization
* @throws Exception
*/
public function initialize()
{
parent::initialize();
if (empty($this->internalModelClass)) {
throw new \Exception('cannot instantiate without internalModelClass defined.');
}
if (empty($this->internalModelName)) {
throw new \Exception('cannot instantiate without internalModelName defined.');
}
}
/**
* retrieve model settings
* @return array settings
*/
public function getAction()
{
// define list of configurable settings
$result = array();
if ($this->request->isGet()) {
$mdl = $this->getModel();
$result[$this->internalModelName] = $this->getModelNodes();
}
return $result;
}
/**
* override this to customize what part of the model gets exposed
* @return array
*/
protected function getModelNodes()
{
return $this->getModel()->getNodes();
}
/**
* override this to customize the model binding behavior
* @return null|BaseModel
*/
protected function getModel()
{
if ($this->modelHandle == null) {
$this->modelHandle = (new \ReflectionClass($this->internalModelClass))->newInstance();
}
return $this->modelHandle;
}
}
<?php
/**
* Copyright (C) 2016 IT-assistans Sverige AB
* Copyright (C) 2016 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace OPNsense\Base;
use \OPNsense\Core\Config;
/**
* Class ApiMutableModelControllerBase, inherit this class to implement
* an API that exposes a model with get and set actions.
* You need to implement a method to create new blank model
* objecs (newModelObject) as well as a method to return
* the name of the model.
* @package OPNsense\Base
*/
abstract class ApiMutableModelControllerBase extends ApiModelControllerBase
{
/**
* update model settings
* @return array status / validation errors
*/
public function setAction()
{
$result = array("result"=>"failed");
if ($this->request->isPost()) {
// load model and update with provided data
$mdl = $this->getModel();
$mdl->setNodes($this->request->getPost($this->internalModelName));
// perform validation
$valMsgs = $mdl->performValidation();
foreach ($valMsgs as $field => $msg) {
if (!array_key_exists("validations", $result)) {
$result["validations"] = array();
}
$result["validations"][$this->internalModelName.".".$msg->getField()] = $msg->getMessage();
}
// serialize model to config and save
if ($valMsgs->count() == 0) {
$mdl->serializeToConfig();
Config::getInstance()->save();
$result["result"] = "saved";
}
}
return $result;
}
}
......@@ -147,15 +147,19 @@ class SettingsController extends ApiControllerBase
/**
* get rule information
* @param $sid rule identifier
* @param string|null $sid rule identifier
* @return array|mixed
*/
public function getRuleInfoAction($sid)
public function getRuleInfoAction($sid=null)
{
// request list of installed rules
$backend = new Backend();
$response = $backend->configdpRun("ids query rules", array(1, 0,'sid/'.$sid));
$data = json_decode($response, true);
if (!empty($sid)) {
$backend = new Backend();
$response = $backend->configdpRun("ids query rules", array(1, 0,'sid/'.$sid));
$data = json_decode($response, true);
} else {
$data = null;
}
if ($data != null && array_key_exists("rows", $data) && count($data['rows'])>0) {
$row = $data['rows'][0];
......
......@@ -28,8 +28,7 @@
*/
namespace OPNsense\Proxy\Api;
use \OPNsense\Base\ApiControllerBase;
use \OPNsense\Proxy\Proxy;
use \OPNsense\Base\ApiMutableModelControllerBase;
use \OPNsense\Cron\Cron;
use \OPNsense\Core\Config;
use \OPNsense\Base\UIModelGrid;
......@@ -38,57 +37,10 @@ use \OPNsense\Base\UIModelGrid;
* Class SettingsController
* @package OPNsense\Proxy
*/
class SettingsController extends ApiControllerBase
class SettingsController extends ApiMutableModelControllerBase
{
/**
* retrieve proxy settings
* @return array
*/
public function getAction()
{
$result = array();
if ($this->request->isGet()) {
$mdlProxy = new Proxy();
$result['proxy'] = $mdlProxy->getNodes();
}
return $result;
}
/**
* update proxy configuration fields
* @return array
* @throws \Phalcon\Validation\Exception
*/
public function setAction()
{
$result = array("result"=>"failed");
if ($this->request->hasPost("proxy")) {
// load model and update with provided data
$mdlProxy = new Proxy();
$mdlProxy->setNodes($this->request->getPost("proxy"));
// perform validation
$valMsgs = $mdlProxy->performValidation();
foreach ($valMsgs as $field => $msg) {
if (!array_key_exists("validations", $result)) {
$result["validations"] = array();
}
$result["validations"]["proxy.".$msg->getField()] = $msg->getMessage();
}
// serialize model to config and save
if ($valMsgs->count() == 0) {
$mdlProxy->serializeToConfig();
$cnf = Config::getInstance();
$cnf->save();
$result["result"] = "saved";
}
}
return $result;
}
protected $internalModelName = 'proxy';
protected $internalModelClass = '\OPNsense\Proxy\Proxy';
/**
*
......@@ -98,7 +50,7 @@ class SettingsController extends ApiControllerBase
public function searchRemoteBlacklistsAction()
{
$this->sessionClose();
$mdlProxy = new Proxy();
$mdlProxy = $this->getModel();
$grid = new UIModelGrid($mdlProxy->forward->acl->remoteACLs->blacklists->blacklist);
return $grid->fetchBindRequest(
$this->request,
......@@ -114,7 +66,7 @@ class SettingsController extends ApiControllerBase
*/
public function getRemoteBlacklistAction($uuid = null)
{
$mdlProxy = new Proxy();
$mdlProxy = $this->getModel();
if ($uuid != null) {
$node = $mdlProxy->getNodeByReference('forward.acl.remoteACLs.blacklists.blacklist.' . $uuid);
if ($node != null) {
......@@ -139,7 +91,7 @@ class SettingsController extends ApiControllerBase
public function setRemoteBlacklistAction($uuid)
{
if ($this->request->isPost() && $this->request->hasPost("blacklist")) {
$mdlProxy = new Proxy();
$mdlProxy = $this->getModel();
if ($uuid != null) {
$node = $mdlProxy->getNodeByReference('forward.acl.remoteACLs.blacklists.blacklist.' . $uuid);
if ($node != null) {
......@@ -175,7 +127,7 @@ class SettingsController extends ApiControllerBase
$result = array("result" => "failed");
if ($this->request->isPost() && $this->request->hasPost("blacklist")) {
$result = array("result" => "failed", "validations" => array());
$mdlProxy = new Proxy();
$mdlProxy = $this->getModel();
$node = $mdlProxy->forward->acl->remoteACLs->blacklists->blacklist->Add();
$node->setNodes($this->request->getPost("blacklist"));
$valMsgs = $mdlProxy->performValidation();
......@@ -207,7 +159,7 @@ class SettingsController extends ApiControllerBase
$result = array("result" => "failed");
if ($this->request->isPost()) {
$mdlProxy = new Proxy();
$mdlProxy = $this->getModel();
if ($uuid != null) {
if ($mdlProxy->forward->acl->remoteACLs->blacklists->blacklist->del($uuid)) {
// if item is removed, serialize to config and save
......@@ -233,7 +185,7 @@ class SettingsController extends ApiControllerBase
$result = array("result" => "failed");
if ($this->request->isPost()) {
$mdlProxy = new Proxy();
$mdlProxy = $this->getModel();
if ($uuid != null) {
$node = $mdlProxy->getNodeByReference('forward.acl.remoteACLs.blacklists.blacklist.' . $uuid);
if ($node != null) {
......@@ -262,7 +214,7 @@ class SettingsController extends ApiControllerBase
$result = array("result" => "failed");
if ($this->request->isPost()) {
$mdlProxy = new Proxy();
$mdlProxy = $this->getModel();
if ((string)$mdlProxy->forward->acl->remoteACLs->UpdateCron == "") {
$mdlCron = new Cron();
// update cron relation (if this doesn't break consistency)
......
......@@ -166,25 +166,25 @@
</field>
<field>
<id>proxy.general.traffic.maxDownloadSize</id>
<label>Maximum download size (Kb)</label>
<label>Maximum download size (kB)</label>
<type>text</type>
<help><![CDATA[Enter the maxium size for downloads in kilobytes (leave empty to disable).]]></help>
</field>
<field>
<id>proxy.general.traffic.maxUploadSize</id>
<label>Maximum upload size (Kb)</label>
<label>Maximum upload size (kB)</label>
<type>text</type>
<help><![CDATA[Enter the maxium size for uploads in kilobytes (leave empty to disable).]]></help>
</field>
<field>
<id>proxy.general.traffic.OverallBandwidthTrotteling</id>
<label>Overall bandwidth throttling (Kbps)</label>
<label>Overall bandwidth throttling (kbps)</label>
<type>text</type>
<help><![CDATA[Enter the allowed overall bandtwith in kilobits per second (leave empty to disable).]]></help>
</field>
<field>
<id>proxy.general.traffic.perHostTrotteling</id>
<label>Per host bandwidth throttling (Kbps)</label>
<label>Per host bandwidth throttling (kbps)</label>
<type>text</type>
<help><![CDATA[Enter the allowed per host bandwidth in kilobits per second (leave empty to disable).]]></help>
</field>
......
......@@ -131,7 +131,7 @@ class IDS extends BaseModel
public function getRuleStatus($sid, $default)
{
$this->updateSIDlist();
if (array_key_exists($sid, $this->sid_list)) {
if (!empty($sid) && array_key_exists($sid, $this->sid_list)) {
return (string)$this->sid_list[$sid]->enabled;
} else {
return $default;
......@@ -148,7 +148,7 @@ class IDS extends BaseModel
public function getRuleAction($sid, $default, $response_plain = false)
{
$this->updateSIDlist();
if (array_key_exists($sid, $this->sid_list)) {
if (!empty($sid) && array_key_exists($sid, $this->sid_list)) {
if (!$response_plain) {
return $this->sid_list[$sid]->action->getNodeData();
} else {
......
......@@ -28,7 +28,6 @@
Aggregate flowd data for reporting
"""
import time
import datetime
import os
import sys
import signal
......@@ -37,6 +36,7 @@ import copy
import syslog
import traceback
sys.path.insert(0, "/usr/local/opnsense/site-python")
from sqlite3_helper import check_and_repair
from lib.parse import parse_flow
from lib.aggregate import AggMetadata
import lib.aggregates
......@@ -130,6 +130,9 @@ class Main(object):
""" run, endless loop, until sigterm is received
:return: None
"""
# check database consistency / repair
check_and_repair('/var/netflow/*.sqlite')
vacuum_interval = (60*60*8) # 8 hour vacuum cycle
vacuum_countdown = None
while self.running:
......
"""
Copyright (c) 2016 Ad Schellevis
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------------
SQLite3 support functions
"""
import datetime
import glob
import sqlite3
import syslog
import os
def check_and_repair(filename_mask):
""" check and repair sqlite databases
:param filename_mask: filenames (glob pattern)
:return: None
"""
for filename in glob.glob(filename_mask):
try:
conn = sqlite3.connect(filename, detect_types=sqlite3.PARSE_DECLTYPES|sqlite3.PARSE_COLNAMES)
cur = conn.cursor()
cur.execute("SELECT name FROM sqlite_master where type = 'table'")
except sqlite3.DatabaseError:
# unrecoverable, doesn't look like a database, rename to .bck
filename_tmp = '%s.%s.bck'%(filename, datetime.datetime.now().strftime("%Y%m%d%H%M%S"))
syslog.syslog(syslog.LOG_ERR, "sqlite3 %s doesn't look like a database, renamed to %s " % (filename,
filename_tmp))
cur = None
os.rename(filename, filename_tmp)
# try to vacuum all tables, triggers a "database disk image is malformed" when corrupted
# force a repair when corrupted, using a dump / import
if cur is not None:
try:
for table in cur.fetchall():
cur.execute('vacuum %s' % table[0])
except sqlite3.DatabaseError, e:
if e.message.find('malformed') > -1:
syslog.syslog(syslog.LOG_ERR, "sqlite3 repair %s" % filename)
filename_tmp = '%s.fix'%filename
if os.path.exists(filename_tmp):
os.remove(filename_tmp)
os.system('echo ".dump" | /usr/local/bin/sqlite3 %s | /usr/local/bin/sqlite3 %s' % (filename,
filename_tmp))
if os.path.exists(filename_tmp):
os.remove(filename)
os.rename(filename_tmp, filename)
......@@ -154,7 +154,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=packetcapture.cap");
header("Content-Length: ".filesize("/root/packetcapture.cap"));
readfile("/root/packetcapture.cap");
$file = fopen("/root/packetcapture.cap", "r");
while(!feof($file)) {
print(fread($file, 32 * 1024));
ob_flush();
}
fclose($file);
exit;
} elseif (!empty($_GET['view'])) {
// download capture contents
......
......@@ -53,7 +53,8 @@ $a_scrub = &$config['filter']['scrub']['rule'];
// define form fields
$config_fields = array('interface', 'proto', 'srcnot', 'src', 'srcmask', 'dstnot', 'dst', 'dstmask', 'dstport',
'no-df', 'random-id', 'max-mss', 'min-ttl', 'set-tos', 'descr', 'disabled');
'no-df', 'random-id', 'max-mss', 'min-ttl', 'set-tos', 'descr', 'disabled', 'direction',
'srcport');
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// input record id, if valid
......@@ -102,6 +103,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!empty($pconfig['dstport']) && $pconfig['dstport'] != 'any' && !is_portoralias($pconfig['dstport']) && !is_portrange($pconfig['dstport'])) {
$input_errors[] = sprintf(gettext("%s doesn't appear to be a valid port number, alias or range"), $pconfig['dstport']) ;
}
if (!empty($pconfig['srcport']) && $pconfig['srcport'] != 'any' && !is_portoralias($pconfig['srcport']) && !is_portrange($pconfig['srcport'])) {
$input_errors[] = sprintf(gettext("%s doesn't appear to be a valid port number, alias or range"), $pconfig['srcport']) ;
}
if (is_ipaddrv4($pconfig['src']) && is_ipaddrv6($pconfig['dst'])) {
$input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
}
......@@ -220,15 +224,28 @@ include("head.inc");
// lock src/dst ports on other then tcp/udp
if ($("#proto").val() == 'tcp' || $("#proto").val() == 'udp' || $("#proto").val() == 'tcp/udp') {
$("#dstport").prop('disabled', false);
$("#srcport").prop('disabled', false);
} else {
$("#dstport optgroup:last option:first").prop('selected', true);
$("#dstport").prop('disabled', true);
$("#srcport").prop('disabled', true);
}
$("#dstport").selectpicker('refresh');
$("#dstport").change();
$("#srcport").selectpicker('refresh');
$("#srcport").change();
});
$("#proto").change();
if ($("#srcport").val() != "") {
$("#show_srcport").show();
$("#show_srcport_adv").parent().hide();
}
$("#show_srcport_adv").click(function(){
$("#show_srcport").show();
$("#show_srcport_adv").parent().hide();
});
// IPv4/IPv6 select
hook_ipv4v6('ipv4v6net', 'network-id');
});
......@@ -286,24 +303,22 @@ include("head.inc");
</div>
</td>
</tr>
<?php
if (!empty($pconfig['floating'])): ?>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Direction");?></td>
<td>
<select name="direction" class="selectpicker" data-live-search="true" data-size="5" >
<?php
foreach (array('any','in','out') as $direction): ?>
<option value="<?=$direction;?>" <?= $direction == $pconfig['direction'] ? "selected=\"selected\"" : "" ?>>
<?=$direction;?>
</option>
<?php
endforeach; ?>
<option value="" <?= empty($pconfig['direction']) ? "selected=\"selected\"" : "" ?>>
<?=gettext("Any");?>
</option>
<option value="in" <?= $pconfig['direction'] == 'in' ? "selected=\"selected\"" : "" ?>>
<?=gettext("In");?>
</option>
<option value="out" <?= $pconfig['direction'] == 'out' ? "selected=\"selected\"" : "" ?>>
<?=gettext("Out");?>
</option>
</select>
</td>
<tr>
<?php
endif; ?>
<tr>
<td><a id="help_for_protocol" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Protocol");?></td>
<td>
......@@ -379,6 +394,48 @@ include("head.inc");
</table>
</td>
</tr>
<tr>
<td><a id="help_for_srcport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Source port"); ?></td>
<td>
<div style="display:hidden;">
<input type="button" class="btn btn-default" value="<?=gettext("Advanced"); ?>" id="show_srcport_adv" />
</div>
<div id="show_srcport" style="display:none;">
<table class="table table-condensed">
<tbody>
<tr>
<td>
<select id="srcport" name="srcport" class="selectpicker" data-live-search="true" data-size="5" data-width="auto">
<option data-other=true value="<?=$pconfig['srcport'];?>">(<?=gettext("other"); ?>)</option>
<optgroup label="<?=gettext("Aliases");?>">
<?php foreach (legacy_list_aliases("port") as $alias):
?>
<option value="<?=$alias['name'];?>" <?= $pconfig['srcport'] == $alias['name'] ? "selected=\"selected\"" : ""; ?> ><?=htmlspecialchars($alias['name']);?> </option>
<?php endforeach; ?>
</optgroup>
<optgroup label="<?=gettext("Well-known ports");?>">
<option value="" <?= empty($pconfig['srcport']) ? "selected=\"selected\"" : ""; ?>><?=gettext("any"); ?></option>
<?php foreach ($wkports as $wkport => $wkportdesc): ?>
<option value="<?=$wkport;?>" <?= (string)$wkport == $pconfig['srcport'] ? "selected=\"selected\"" : "" ;?>><?=htmlspecialchars($wkportdesc);?></option>
<?php endforeach; ?>
</optgroup>
</select>
</td>
</tr>
<tr>
<td>
<input type="text" value="<?=$pconfig['srcport'];?>" for="srcport"> <!-- updates to "other" option in srcport -->
</td>
</tr>
</tbody>
</table>
</div>
<div class="hidden" for="help_for_srcport">
<?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?><br/>
<?=gettext("To specify a range, use from:to (example 81:85).");?>
</div>
</td>
</tr>
<tr>
<td> <a id="help_for_dst_invert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Destination") . " / ".gettext("Invert");?> </td>
<td>
......
......@@ -53,8 +53,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
unset($a_ifgroups[$id]);
plugins_interfaces(false);
write_config();
plugins_interfaces();
header("Location: interfaces_groups.php");
exit;
}
......
......@@ -125,9 +125,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// add new item
$a_ifgroups[] = $ifgroupentry;
}
plugins_interfaces(false);
write_config();
interface_group_setup($ifgroupentry);
plugins_interfaces();
header("Location: interfaces_groups.php");
exit;
}
......
......@@ -352,10 +352,12 @@ include("head.inc");
<td>
<select id="servers" name="servers[]" multiple="multiple">
<?php
foreach ($pconfig['servers'] as $svrent):?>
if (is_array($pconfig['servers'])):
foreach ($pconfig['servers'] as $svrent):?>
<option value="<?=$svrent;?>"><?=$svrent;?> </option>
<?php
endforeach;?>
endforeach;
endif;?>
</select>
<hr/>
<button id="btn_del_servers" class="btn btn-default btn-xs" data-toggle="tooltip"><span class="fa fa-trash text-muted"></span></button>
......
......@@ -464,6 +464,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
'organizationName' => $pconfig['csr_dn_organization'],
'emailAddress' => $pconfig['csr_dn_email'],
'commonName' => $pconfig['csr_dn_commonname']);
if (!empty($pconfig['csr_dn_organizationalunit'])) {
$dn['organizationalUnitName'] = $pconfig['csr_dn_organizationalunit'];
}
if (count($altnames)) {
$altnames_tmp = "";
foreach ($altnames as $altname) {
......@@ -1056,6 +1059,17 @@ $( document ).ready(function() {
</div>
</td>
</tr>
<tr>
<td><a id="help_for_digest_csr_dn_organizationalunit" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Organizational Unit");?> : &nbsp;</td>
<td>
<input name="csr_dn_organizationalunit" type="text" size="40" value="<?=$pconfig['csr_dn_organizationalunit'];?>"/>
<div class="hidden" for="help_for_digest_csr_dn_organizationalunit">
<em><?=gettext("ex:");?></em>
&nbsp;
<?=gettext("IT department");?>
</div>
</td>
</tr>
<tr>
<td><a id="help_for_digest_csr_dn_email" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Email Address");?> : &nbsp;</td>
<td>
......
......@@ -559,9 +559,6 @@ if (isset($savemsg)) {
</div>
</td>
</tr>
<tr>
<td colspan="2" class="list" height="12">&nbsp;</td>
</tr>
<tr class="mode_server">
<td valign="top"><a id="help_for_advancedoptions" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Additional configuration options");?></td>
<td >
......@@ -701,18 +698,21 @@ if (isset($savemsg)) {
</table>
<div class="hidden" for="help_for_clientpkg">
<br/><br/>
<strong><?= gettext("Links to OpenVPN clients for various platforms:") ?></strong><br/>
<a href="http://www.sparklabs.com/viscosity/"><?= gettext("Viscosity") ?></a> - <?= gettext("Recommended client for Mac OSX and Windows") ?><br/>
<a href="http://openvpn.net/index.php/open-source/downloads.html"><?= gettext("OpenVPN Community Client") ?></a> - <?=gettext("Binaries for Windows, Source for other platforms.")?><br/>
<a href="https://play.google.com/store/apps/details?id=de.blinkt.openvpn"><?= gettext("OpenVPN For Android") ?></a> - <?=gettext("Recommended client for Android")?><br/>
<a href="http://www.featvpn.com/"><?= gettext("FEAT VPN For Android") ?></a> - <?=gettext("For older versions of Android")?><br/>
<?= gettext("OpenVPN Connect") ?>: <a href="https://play.google.com/store/apps/details?id=net.openvpn.openvpn"><?=gettext("Android (Google Play)")?></a> or <a href="https://itunes.apple.com/us/app/openvpn-connect/id590379981"><?=gettext("iOS (App Store)")?></a> - <?= gettext("Recommended client for iOS") ?>
<br/><a href="http://code.google.com/p/tunnelblick/"><?= gettext("Tunnelblick") ?></a> - <?= gettext("Free client for OSX") ?>
<br/><br/>
<?= gettext("If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.") ?><br/>
<?= gettext("If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.") ?>
</div>
</td>
</tr>
<tr>
<td valign="top"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Links to OpenVPN clients");?></td>
<td>
<a href="http://www.sparklabs.com/viscosity/"><?= gettext("Viscosity") ?></a> - <?= gettext("Recommended client for Mac OSX and Windows") ?><br/>
<a href="http://openvpn.net/index.php/open-source/downloads.html"><?= gettext("OpenVPN Community Client") ?></a> - <?=gettext("Binaries for Windows, Source for other platforms.")?><br/>
<a href="https://play.google.com/store/apps/details?id=de.blinkt.openvpn"><?= gettext("OpenVPN For Android") ?></a> - <?=gettext("Recommended client for Android")?><br/>
<a href="http://www.featvpn.com/"><?= gettext("FEAT VPN For Android") ?></a> - <?=gettext("For older versions of Android")?><br/>
<?= gettext("OpenVPN Connect") ?>: <a href="https://play.google.com/store/apps/details?id=net.openvpn.openvpn"><?=gettext("Android (Google Play)")?></a> or <a href="https://itunes.apple.com/us/app/openvpn-connect/id590379981"><?=gettext("iOS (App Store)")?></a> - <?= gettext("Recommended client for iOS") ?><br/>
<a href="http://code.google.com/p/tunnelblick/"><?= gettext("Tunnelblick") ?></a> - <?= gettext("Free client for OSX") ?>
</td>
</tr>
</table>
</div>
</div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment