(firewall, scrub) add direction and source port

PR: https://github.com/opnsense/core/issues/1087 (cherry picked from commit fdf05de6)

(firewall, scrub) add direction and source port
PR: https://github.com/opnsense/core/issues/1087 (cherry picked from commit fdf05de6)
8c3d7e5e · Ad Schellevis · Franco Fichtner · dd80dea6 · 8c3d7e5e · 8c3d7e5e
Commit 8c3d7e5e authored Aug 07, 2016 by Ad Schellevis Committed by Franco Fichtner Aug 29, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 73 additions and 13 deletions

filter.inc src/etc/inc/filter.inc +4 -1

firewall_scrub_edit.php src/www/firewall_scrub_edit.php +69 -12

No files found.
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -592,7 +592,9 @@ function filter_generate_scrubing(&$FilterIflist)
    if (!empty($config['filter']['scrub']['rule'])) {
        foreach ($config['filter']['scrub']['rule'] as $scrub_rule) {
            if (!isset($scrub_rule['disabled'])) {
-                $scrub_rule_out = "scrub on ";
+                $scrub_rule_out = "scrub";
+                $scrub_rule_out .= !empty($scrub_rule['direction']) ? " " . $scrub_rule['direction'] : "" ;
+                $scrub_rule_out .= " on ";
                $interfaces = array();
                foreach (explode(',', $scrub_rule['interface']) as $interface) {
                    if (!empty($FilterIflist[$interface]['if'])) {
@@ -611,6 +613,7 @@ function filter_generate_scrubing(&$FilterIflist)
                } else {
                    $scrub_rule_out .= "any";
                }
+                $scrub_rule_out .= !empty($scrub_rule['srcport']) ?  " port " . $scrub_rule['srcport'] : "";
                $scrub_rule_out .= " to ";
                if (is_alias($scrub_rule['dst'])) {
                    $scrub_rule_out .= !empty($scrub_rule['dstnot']) ? "!" : "";

--- a/src/www/firewall_scrub_edit.php
+++ b/src/www/firewall_scrub_edit.php
@@ -53,7 +53,8 @@ $a_scrub = &$config['filter']['scrub']['rule'];

 // define form fields
 $config_fields = array('interface', 'proto', 'srcnot', 'src', 'srcmask', 'dstnot', 'dst', 'dstmask', 'dstport',
-                       'no-df', 'random-id', 'max-mss', 'min-ttl', 'set-tos', 'descr', 'disabled');
+                       'no-df', 'random-id', 'max-mss', 'min-ttl', 'set-tos', 'descr', 'disabled', 'direction',
+                       'srcport');

 if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    // input record id, if valid
@@ -102,6 +103,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    if (!empty($pconfig['dstport']) && $pconfig['dstport'] != 'any' && !is_portoralias($pconfig['dstport']) && !is_portrange($pconfig['dstport'])) {
        $input_errors[] = sprintf(gettext("%s doesn't appear to be a valid port number, alias or range"), $pconfig['dstport']) ;
    }
+    if (!empty($pconfig['srcport']) && $pconfig['srcport'] != 'any' && !is_portoralias($pconfig['srcport']) && !is_portrange($pconfig['srcport'])) {
+        $input_errors[] = sprintf(gettext("%s doesn't appear to be a valid port number, alias or range"), $pconfig['srcport']) ;
+    }
    if (is_ipaddrv4($pconfig['src']) && is_ipaddrv6($pconfig['dst'])) {
        $input_errors[] = gettext("You can not use IPv6 addresses in IPv4 rules.");
    }
@@ -220,15 +224,28 @@ include("head.inc");
          // lock src/dst ports on other then tcp/udp
          if ($("#proto").val() == 'tcp' || $("#proto").val() == 'udp' || $("#proto").val() == 'tcp/udp') {
              $("#dstport").prop('disabled', false);
+              $("#srcport").prop('disabled', false);
          } else {
              $("#dstport optgroup:last option:first").prop('selected', true);
              $("#dstport").prop('disabled', true);
+              $("#srcport").prop('disabled', true);
          }
          $("#dstport").selectpicker('refresh');
          $("#dstport").change();
+          $("#srcport").selectpicker('refresh');
+          $("#srcport").change();
      });
      $("#proto").change();

+      if ($("#srcport").val() != "") {
+          $("#show_srcport").show();
+          $("#show_srcport_adv").parent().hide();
+      }
+      $("#show_srcport_adv").click(function(){
+          $("#show_srcport").show();
+          $("#show_srcport_adv").parent().hide();
+      });
+
      // IPv4/IPv6 select
      hook_ipv4v6('ipv4v6net', 'network-id');
  });
@@ -286,24 +303,22 @@ include("head.inc");
                        </div>
                    </td>
                  </tr>
-<?php
-                  if (!empty($pconfig['floating'])): ?>
                  <tr>
                    <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Direction");?></td>
                    <td>
                      <select name="direction" class="selectpicker" data-live-search="true" data-size="5" >
-<?php
-                      foreach (array('any','in','out') as $direction): ?>
-                      <option value="<?=$direction;?>" <?= $direction == $pconfig['direction'] ? "selected=\"selected\"" : "" ?>>
-                          <?=$direction;?>
-                      </option>
-<?php
-                      endforeach; ?>
+                        <option value="" <?= empty($pconfig['direction']) ? "selected=\"selected\"" : "" ?>>
+                          <?=gettext("Any");?>
+                        </option>
+                        <option value="in" <?= $pconfig['direction'] == 'in' ? "selected=\"selected\"" : "" ?>>
+                          <?=gettext("In");?>
+                        </option>
+                        <option value="out" <?= $pconfig['direction'] == 'out' ? "selected=\"selected\"" : "" ?>>
+                          <?=gettext("Out");?>
+                        </option>
                      </select>
                    </td>
                  <tr>
-<?php
-                  endif; ?>
                  <tr>
                    <td><a id="help_for_protocol" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Protocol");?></td>
                    <td>
@@ -379,6 +394,48 @@ include("head.inc");
                      </table>
                    </td>
                  </tr>
+                  <tr>
+                    <td><a id="help_for_srcport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Source port"); ?></td>
+                    <td>
+                      <div style="display:hidden;">
+                          <input type="button" class="btn btn-default" value="<?=gettext("Advanced"); ?>" id="show_srcport_adv" />
+                      </div>
+                      <div id="show_srcport" style="display:none;">
+                      <table class="table table-condensed">
+                        <tbody>
+                          <tr>
+                            <td>
+                              <select id="srcport" name="srcport" class="selectpicker" data-live-search="true" data-size="5" data-width="auto">
+                                <option data-other=true value="<?=$pconfig['srcport'];?>">(<?=gettext("other"); ?>)</option>
+                                <optgroup label="<?=gettext("Aliases");?>">
+  <?php                        foreach (legacy_list_aliases("port") as $alias):
+  ?>
+                                  <option value="<?=$alias['name'];?>" <?= $pconfig['srcport'] == $alias['name'] ? "selected=\"selected\"" : ""; ?>  ><?=htmlspecialchars($alias['name']);?> </option>
+  <?php                          endforeach; ?>
+                                </optgroup>
+                                <optgroup label="<?=gettext("Well-known ports");?>">
+                                  <option value="" <?= empty($pconfig['srcport']) ? "selected=\"selected\"" : ""; ?>><?=gettext("any"); ?></option>
+  <?php                            foreach ($wkports as $wkport => $wkportdesc): ?>
+                                  <option value="<?=$wkport;?>" <?= (string)$wkport == $pconfig['srcport'] ?  "selected=\"selected\"" : "" ;?>><?=htmlspecialchars($wkportdesc);?></option>
+  <?php                            endforeach; ?>
+                                </optgroup>
+                              </select>
+                            </td>
+                          </tr>
+                          <tr>
+                            <td>
+                              <input type="text" value="<?=$pconfig['srcport'];?>" for="srcport"> <!-- updates to "other" option in  srcport -->
+                            </td>
+                          </tr>
+                        </tbody>
+                      </table>
+                      </div>
+                      <div class="hidden" for="help_for_srcport">
+                        <?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?><br/>
+                        <?=gettext("To specify a range, use from:to (example 81:85).");?>
+                      </div>
+                    </td>
+                  </tr>
                  <tr>
                    <td> <a id="help_for_dst_invert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Destination") . " / ".gettext("Invert");?> </td>
                    <td>