(legacy) refactor firewall_nat_out.php

ccfa827d · Ad Schellevis · 2e76f680 · ccfa827d
Commit ccfa827d authored Aug 20, 2015 by Ad Schellevis
Show whitespace changes
Inline Side-by-side

Showing with 572 additions and 559 deletions

firewall_nat_out.php src/www/firewall_nat_out.php +572 -559

No files found.
--- a/src/www/firewall_nat_out.php
+++ b/src/www/firewall_nat_out.php
@@ -32,50 +32,47 @@ require_once("filter.inc");
 require_once("pfsense-utils.inc");
 require_once("interfaces.inc");
+/**
+ *   quite nasty, content provided by filter_generate_gateways (in filter.inc).
+ *  Not going to solve this now, because filter_generate_gateways is not a propper function
+ *  it returns both rules for the firewall and is kind of responsible for updating this global.
+ */
 global $GatewaysList;
-$FilterIflist = filter_generate_optcfg_array() ;
+if (!isset($config['nat']['outbound']))
-if (!is_array($config['nat']['outbound']))
  $config['nat']['outbound'] = array();
-if (!is_array($config['nat']['outbound']['rule']))
+if (!isset($config['nat']['outbound']['rule']))
  $config['nat']['outbound']['rule'] = array();
-$a_out = &$config['nat']['outbound']['rule'];
 if (!isset($config['nat']['outbound']['mode']))
  $config['nat']['outbound']['mode'] = "automatic";
-$mode = $config['nat']['outbound']['mode'];
+$a_out = &$config['nat']['outbound']['rule'];
-if ($_POST['apply']) {
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $pconfig = $_POST;
+    if (isset($pconfig['id']) && isset($a_out[$pconfig['id']])) {
+        // id found and valid
+        $id = $pconfig['id'];
+    }
+    if (isset($pconfig['apply'])) {
        write_config();
+        filter_configure();
-	$retval = 0;
-	$retval |= filter_configure();
-	if(stristr($retval, "error") <> true)
-	        $savemsg = get_std_save_message();
-	else
-		$savemsg = $retval;
-	if ($retval == 0) {
        clear_subsystem_dirty('natconf');
        clear_subsystem_dirty('filter');
-	}
+    } elseif (isset($pconfig['save']) && $pconfig['save'] == "Save") {
-}
+        $mode = $config['nat']['outbound']['mode'];
-if (isset($_POST['save']) && $_POST['save'] == "Save") {
        /* mutually exclusive settings - if user wants advanced NAT, we don't generate automatic rules */
-	if ($_POST['mode'] == "advanced" && ($mode == "automatic" || $mode == "hybrid")) {
+        if ($pconfig['mode'] == "advanced" && ($mode == "automatic" || $mode == "hybrid")) {
            /*
             *    user has enabled advanced outbound NAT and doesn't have rules
             *    lets automatically create entries
             *    for all of the interfaces to make life easier on the pip-o-chap
             */
-		if(empty($GatewaysList))
+            if(empty($GatewaysList)) {
                filter_generate_gateways();
+            }
            $tonathosts = filter_nat_rules_automatic_tonathosts(true);
            $automatic_rules = filter_nat_rules_outbound_automatic("");
@@ -90,6 +87,14 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
                    /* Try to detect already auto created rules and avoid duplicate them */
                    $found = false;
                    foreach ($a_out as $rule) {
+                      // initialize optional values
+                      if (!isset($rule['dstport'])) {
+                          $rule['dstport'] = "";
+                      }
+                      if (!isset($natent['dstport'])) {
+                          $natent['dstport'] = "";
+                      }
+                      //
                      if ($rule['interface'] == $natent['interface'] &&
                          $rule['source']['network'] == $natent['source']['network'] &&
                          $rule['dstport'] == $natent['dstport'] &&
@@ -100,137 +105,194 @@ if (isset($_POST['save']) && $_POST['save'] == "Save") {
                      }
                    }
-				if ($found === false)
+                    if (!$found) {
                        $a_out[] = $natent;
                    }
                }
+            }
            $savemsg = gettext("Default rules for each interface have been created.");
            unset($GatewaysList);
        }
-	$config['nat']['outbound']['mode'] = $_POST['mode'];
+        $config['nat']['outbound']['mode'] = $pconfig['mode'];
-	if (write_config())
+        if (write_config()) {
            mark_subsystem_dirty('natconf');
+        }
        header("Location: firewall_nat_out.php");
        exit;
-}
+    } elseif (isset($pconfig['act']) && $pconfig['act'] == 'del' && isset($id)) {
+        // delete single record
-if ($_GET['act'] == "del") {
+        unset($a_out[$id]);
-	if ($a_out[$_GET['id']]) {
+        if (write_config()) {
-		unset($a_out[$_GET['id']]);
-		if (write_config())
            mark_subsystem_dirty('natconf');
+        }
        header("Location: firewall_nat_out.php");
        exit;
-	}
+    } elseif (isset($pconfig['act']) && $pconfig['act'] == 'del_x' && isset($pconfig['rule']) && count($pconfig['rule']) > 0) {
-}
-if (isset($_POST['del_x'])) {
        /* delete selected rules */
-	if (is_array($_POST['rule']) && count($_POST['rule'])) {
+        foreach ($pconfig['rule'] as $rulei) {
-		foreach ($_POST['rule'] as $rulei) {
+            if (isset($a_out[$rulei])) {
                unset($a_out[$rulei]);
            }
-		if (write_config())
-			mark_subsystem_dirty('natconf');
-		header("Location: firewall_nat_out.php");
-		exit;
        }
+        if (write_config()) {
-} else if ($_GET['act'] == "toggle") {
-	if ($a_out[$_GET['id']]) {
-		if(isset($a_out[$_GET['id']]['disabled']))
-			unset($a_out[$_GET['id']]['disabled']);
-		else
-			$a_out[$_GET['id']]['disabled'] = true;
-		if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule"))
            mark_subsystem_dirty('natconf');
+        }
        header("Location: firewall_nat_out.php");
        exit;
+    } elseif ( isset($pconfig['act']) && $pconfig['act'] == 'move' && isset($pconfig['rule']) && count($pconfig['rule']) > 0) {
+        // if rule not set/found, move to end
+        if (!isset($id)) {
+            $id = count($a_out);
        }
-} else {
-	/* yuck - IE won't send value attributes for image buttons, while Mozilla does - so we use .x/.y to find move button clicks instead... */
-	unset($movebtn);
-	foreach ($_POST as $pn => $pd) {
-		if (preg_match("/move_(\d+)_x/", $pn, $matches)) {
-			$movebtn = $matches[1];
-			break;
-		}
-	}
-	/* move selected rules before this rule */
-	if (isset($movebtn) && is_array($_POST['rule']) && count($_POST['rule'])) {
        $a_out_new = array();
+        /* copy all rules < $id and not selected */
-		/* copy all rules < $movebtn and not selected */
+        for ($i = 0; $i < $id; $i++) {
-		for ($i = 0; $i < $movebtn; $i++) {
+            if (!in_array($i, $pconfig['rule'])) {
-			if (!in_array($i, $_POST['rule']))
                $a_out_new[] = $a_out[$i];
            }
+        }
        /* copy all selected rules */
        for ($i = 0; $i < count($a_out); $i++) {
-			if ($i == $movebtn)
+            if ($i == $id) {
                continue;
-			if (in_array($i, $_POST['rule']))
+            }
+            if (in_array($i, $pconfig['rule'])) {
                $a_out_new[] = $a_out[$i];
            }
+        }
-		/* copy $movebtn rule */
+        /* copy $id rule */
-		if ($movebtn < count($a_out))
+        if ($id < count($a_out)) {
-			$a_out_new[] = $a_out[$movebtn];
+            $a_out_new[] = $a_out[$id];
+        }
-		/* copy all rules > $movebtn and not selected */
+        /* copy all rules > $id and not selected */
-		for ($i = $movebtn+1; $i < count($a_out); $i++) {
+        for ($i = $id+1; $i < count($a_out); $i++) {
-			if (!in_array($i, $_POST['rule']))
+            if (!in_array($i, $pconfig['rule'])) {
                $a_out_new[] = $a_out[$i];
            }
-		if (count($a_out_new) > 0)
+        }
        $a_out = $a_out_new;
+        if (write_config()) {
-		if (write_config())
+            mark_subsystem_dirty('natconf');
+        }
+        header("Location: firewall_nat_out.php");
+        exit;
+    } elseif (isset($pconfig['act']) && $pconfig['act'] == 'toggle' && isset($id)) {
+        // toggle item disabled / enabled
+        if(isset($a_out[$id]['disabled'])) {
+            unset($a_out[$id]['disabled']);
+        } else {
+            $a_out[$id]['disabled'] = true;
+        }
+        if (write_config("Firewall: NAT: Outbound, enable/disable NAT rule")) {
            mark_subsystem_dirty('natconf');
+        }
        header("Location: firewall_nat_out.php");
        exit;
    }
 }
+$mode = $config['nat']['outbound']['mode'];
 $pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Outbound"));
 include("head.inc");
 ?>
 <body>
+  <script type="text/javascript">
+  $( document ).ready(function() {
+    // link delete buttons
+    $(".act_delete").click(function(){
+      var id = $(this).attr("id").split('_').pop(-1);
+      if (id != 'x') {
+        // delete single
+        BootstrapDialog.show({
+          type:BootstrapDialog.TYPE_INFO,
+          title: "<?= gettext("Nat")." ".gettext("Outbound");?>",
+          message: "<?=gettext("Do you really want to delete this rule?");?>",
+          buttons: [{
+                    label: "<?= gettext("No");?>",
+                    action: function(dialogRef) {
+                      dialogRef.close();
+                    }}, {
+                    label: "<?= gettext("Yes");?>",
+                    action: function(dialogRef) {
+                      $("#id").val(id);
+                      $("#action").val("del");
+                      $("#iform").submit()
+                      event.preventDefault();
+                  }
+                }]
+        });
+      } else {
+        // delete selected
+        BootstrapDialog.show({
+          type:BootstrapDialog.TYPE_INFO,
+          title: "<?=gettext("Nat")." ".gettext("Outbound");?>",
+          message: "<?=gettext("Do you really want to delete the selected rules?");?>",
+          buttons: [{
+                    label: "<?= gettext("No");?>",
+                    action: function(dialogRef) {
+                        dialogRef.close();
+                    }}, {
+                    label: "<?= gettext("Yes");?>",
+                    action: function(dialogRef) {
+                      $("#id").val("");
+                      $("#action").val("del_x");
+                      $("#iform").submit()
+                      event.preventDefault();
+                  }
+                }]
+        });
+      }
+    });
+    // link move buttons
+    $(".act_move").click(function(){
+        var id = $(this).attr("id").split('_').pop(-1);
+        $("#id").val(id);
+        $("#action").val("move");
+        $("#iform").submit();
+        event.preventDefault();
+    });
+    // link toggle buttons
+    $(".act_toggle").click(function(){
+        var id = $(this).attr("id").split('_').pop(-1);
+        $("#id").val(id);
+        $("#action").val("toggle");
+        $("#iform").submit();
+        event.preventDefault();
+    });
+  });
+  </script>
 <?php include("fbegin.inc"); ?>
  <section class="page-content-main">
    <div class="container-fluid">
      <div class="row">
+<?php
-				<?php
        if (isset($savemsg))
            print_info_box($savemsg);
        if (is_subsystem_dirty('natconf'))
            print_info_box_np(gettext("The NAT configuration has been changed.")."<br />".gettext("You must apply the changes in order for them to take effect."));
-				?>
+?>
        <form action="firewall_nat_out.php" method="post" name="iform" id="iform">
+          <input type="hidden" id="id" name="id" value="" />
+          <input type="hidden" id="action" name="act" value="" />
          <section class="col-xs-12">
+<?php
-					<?php
              $tab_array = array();
              $tab_array[] = array(gettext("Port Forward"), false, "firewall_nat.php");
              $tab_array[] = array(gettext("1:1"), false, "firewall_nat_1to1.php");
              $tab_array[] = array(gettext("Outbound"), true, "firewall_nat_out.php");
              $tab_array[] = array(gettext("NPt"), false, "firewall_nat_npt.php");
              display_top_tabs($tab_array);
-					?>
+?>
            <div class="tab-content content-box col-xs-12">
+              <table class="table table-striped">
-		                        <table class="table table-striped table-sort">
                <thead>
                  <tr>
                    <th colspan="4"><?=gettext("Mode:"); ?></th>
@@ -239,7 +301,7 @@ include("head.inc");
                <tbody>
                  <tr>
                    <td>
-											<input name="mode" type="radio" id="automatic" value="automatic" <?php if ($mode == "automatic") echo "checked=\"checked\"";?> />
+                      <input name="mode" type="radio" value="automatic" <?= $mode == "automatic" ? "checked=\"checked\"" : "";?> />
                    </td>
                    <td>
                      <strong>
@@ -248,7 +310,7 @@ include("head.inc");
                      </strong>
                    </td>
                    <td>
-											<input name="mode" type="radio" id="hybrid" value="hybrid" <?php if ($mode == "hybrid") echo "checked=\"checked\"";?> />
+                      <input name="mode" type="radio" value="hybrid" <?= $mode == "hybrid" ? "checked=\"checked\"" : "";?> />
                    </td>
                    <td>
                      <strong>
@@ -257,10 +319,9 @@ include("head.inc");
                      </strong>
                    </td>
                  </tr>
                  <tr>
                    <td>
-											<input name="mode" type="radio" id="advanced" value="advanced" <?php if ($mode == "advanced") echo "checked=\"checked\"";?> />
+                      <input name="mode" type="radio" value="advanced" <?= $mode == "advanced" ? "checked=\"checked\"" : "";?> />
                    </td>
                    <td>
                      <strong>
@@ -269,7 +330,7 @@ include("head.inc");
                      </strong>
                    </td>
                    <td>
-											<input name="mode" type="radio" id="disabled" value="disabled" <?php if ($mode == "disabled") echo "checked=\"checked\"";?> />
+                      <input name="mode" type="radio" value="disabled" <?= $mode == "disabled" ? "checked=\"checked\"" : "";?> />
                    </td>
                    <td>
                      <strong>
@@ -280,186 +341,138 @@ include("head.inc");
                  </tr>
                  <tr>
                    <td colspan="4">
                      <input name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save");?>" />
                    </td>
                  </tr>
                </tbody>
              </table>
          </div>
        </section>
        <section class="col-xs-12">
          <div class="table-responsive content-box ">
            <table class="table table-striped table-sort">
              <thead>
                <tr><th colspan="12"><?=gettext("Mappings:"); ?></th></tr>
+                <tr>
+                    <th>&nbsp;</th>
-									<tr id="frheader">
+                    <th>&nbsp;</th>
-										<th width="2%" class="list">&nbsp;</th>
+                    <th><?=gettext("Interface");?></th>
-										<th width="3%" class="list">&nbsp;</th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("Source");?></th>
-										<th width="10%" class="listhdrr"><?=gettext("Interface");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("Source Port");?></th>
-										<th width="10%" class="listhdrr"><?=gettext("Source");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("Destination");?></th>
-										<th width="5%" class="listhdrr"><?=gettext("Source Port");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("Destination Port");?></th>
-										<th width="10%" class="listhdrr"><?=gettext("Destination");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("NAT Address");?></th>
-										<th width="10%" class="listhdrr"><?=gettext("Destination Port");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("NAT Port");?></th>
-										<th width="10%" class="listhdrr"><?=gettext("NAT Address");?></th>
+                    <th><?=gettext("Static Port");?></th>
-										<th width="10%" class="listhdrr"><?=gettext("NAT Port");?></th>
+                    <th><?=gettext("Description");?></th>
-										<th width="10%" class="listhdrr"><?=gettext("Static Port");?></th>
+                    <th>
-										<th width="10%" class="listhdr"><?=gettext("Description");?></th>
-										<th class="list">
                      <a href="firewall_nat_out_edit.php?after=-1" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
                    </th>
                  </tr>
                </thead>
                <tbody>
-					<?php
+<?php
                $i = 0;
                foreach ($a_out as $natent):
-									$iconfn = "glyphicon glyphicon-play";
+?>
-									$textss = "text-success";
+                  <tr <?=$mode == "disabled" || $mode == "automatic" || isset($natent['disabled'])?"class=\"text-muted\"":"";?> ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
-									if ($mode == "disabled" || $mode == "automatic" || isset($natent['disabled'])) {
+                    <td>
-										$textss = "text-muted";
+                      <input type="checkbox" name="rule[]" value="<?=$i;?>"  />
-									}
-					?>
-									<tr valign="top" id="fr<?=$i;?>">
-										<td class="listt">
-											<input type="checkbox" id="frc<?=$i;?>" name="rule[]" value="<?=$i;?>"  />
                    </td>
-										<td class="listt" align="center">
+                    <td>
-					<?php
+<?php
                    if ($mode == "disabled" || $mode == "automatic"):
-					?>
+?>
+                      <span data-toggle="tooltip" title="<?=gettext("This rule is being ignored");?>" class="glyphicon glyphicon-play <?=$mode == "disabled" || $mode == "automatic" || isset($natent['disabled']) ? "text-muted" : "text-success";?>"></span>
-											<span title="<?=gettext("This rule is being ignored");?>" class="<?=$iconfn;?> <?=$textss;?>"></span>
+<?php
-					<?php
                    else:
-					?>
+?>
-											<a href="?act=toggle&amp;id=<?=$i;?>" title="<?=gettext("click to toggle enabled/disabled status");?>" class="btn btn-default btn-xs <?=$textss;?>"><span class="<?=$iconfn;?>"></span></a>
+                      <a href="#" class="act_toggle" id="toggle_<?=$i;?>" data-toggle="tooltip" title="<?=gettext("click to toggle enabled/disabled status");?>" class="btn btn-default btn-xs <?=isset($natent['disabled']) ? "text-muted" : "text-success";?>">
-					<?php
+                        <span class="glyphicon glyphicon-play <?=isset($natent['disabled']) ? "text-muted" : "text-success";?>  "></span>
+                      </a>
+<?php
                    endif;
-					?>
+?>
                    </td>
-										<td class="listlr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
+                    <td>
-											<?php echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . $textse; ?>
+                      <?=htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); ?>
-											&nbsp;
                    </td>
-										<td class="listr" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
+                    <td class="hidden-xs hidden-sm">
-											<?PHP $natent['source']['network'] = ($natent['source']['network'] == "(self)") ? "This Firewall" : $natent['source']['network']; ?>
+                      <?= $natent['source']['network'] == "(self)" ? "This Firewall" : $natent['source']['network']; ?>
-											<?php echo  $natent['source']['network'] .  $textse;?>
                    </td>
-										<td class="listr" onclick="fr_toggle(<?=$i;?>)" id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
+                    <td class="hidden-xs hidden-sm">
-					<?php
+                      <?=!empty($natent['protocol']) ? $natent['protocol'] . '/' : "" ;?>
+                      <?=!empty($natent['sourceport']) ? $natent['sourceport'] : "*"; ?>
-											echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
-											if (!$natent['sourceport'])
-												echo "*";
-											else
-												echo  $natent['sourceport'] ;
-											echo $textse;
-					?>
                    </td>
-										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
+                    <td class="hidden-xs hidden-sm">
-					<?php
+                      <?=isset($natent['destination']['not']) ? "!&nbsp;" :"";?>
+                      <?=isset($natent['destination']['any']) ? "*" : $natent['destination']['address'] ;?>
-											if (isset($natent['destination']['any']))
-												echo "*";
-											else {
-												if (isset($natent['destination']['not']))
-													echo "!&nbsp;";
-												echo $natent['destination']['address'] ;
-											}
-											echo $textse;
-					?>
-										</td>
-										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
-					<?php
-											echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
-											if (!$natent['dstport'])
-												echo "*";
-											else
-												echo $natent['dstport'] ;
-											echo $textse;
-					?>
                    </td>
-										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
+                    <td class="hidden-xs hidden-sm">
-					<?php
+                      <?=!empty($natent['protocol']) ? $natent['protocol'] . '/' : "" ;?>
+                      <?=empty($natent['dstport']) ? "*" : $natent['dstport'] ;?>
+                    </td>
+                    <td class="hidden-xs hidden-sm">
+<?php
                      if (isset($natent['nonat']))
-												echo '<I>NO NAT</I>';
+                        $nat_address = '<I>NO NAT</I>';
                      elseif (!$natent['target'])
-												echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
+                        $nat_address = htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
                      elseif ($natent['target'] == "other-subnet")
-												echo $natent['targetip'] . '/' . $natent['targetip_subnet'];
+                        $nat_address = $natent['targetip'] . '/' . $natent['targetip_subnet'];
                      else
-												echo $natent['target'];
+                        $nat_address = $natent['target'];
-											echo $textse;
+?>
-					?>
+                      <?=htmlspecialchars($nat_address);?>
                    </td>
-										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
+                    <td class="hidden-xs hidden-sm">
-					<?php
+                      <?=empty($natent['natport']) ? "*" : htmlspecialchars($natent['natport']);?>
-											if (!$natent['natport'])
-												echo "*";
-											else
-												echo $natent['natport'];
-											echo $textse;
-					?>
                    </td>
-										<td class="listr"  id="frd<?=$i;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';" align="center">
+                    <td>
-					<?php
+                      <?=isset($natent['staticnatport']) ? gettext("YES") : gettext("NO");?>
-											if(isset($natent['staticnatport']))
-												echo gettext("YES");
-											else
-												echo gettext("NO");
-											echo $textse;
-					?>
                    </td>
-										<td class="listbg"  ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$i;?>';">
+                    <td>
                      <?=htmlspecialchars($natent['descr']);?>&nbsp;
                    </td>
-										<td class="list nowrap" valign="middle">
+                    <td>
-												<button onmouseover="fr_insline(<?=$i;?>, true)" onmouseout="fr_insline(<?=$i;?>, false)" name="move_<?=$i;?>_x" title="<?=gettext("move selected rules before this rule");?>" type="submit" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-arrow-left"></span></button>
+                      <a type="submit" id="move_<?=$i;?>" name="move_<?=$i;?>_x" data-toggle="tooltip" data-placement="left" title="<?=gettext("move selected rules before this rule");?>" class="act_move btn btn-default btn-xs">
+                        <span class="glyphicon glyphicon-arrow-left"></span>
-												<a href="firewall_nat_out_edit.php?id=<?=$i;?>" title="<?=gettext("edit mapping");?>" alt="edit"  class="btn btn-default btn-xs"><span class="glyphicon glyphicon-pencil"></span></a>
+                      </a>
-												<a href="firewall_nat_out.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this rule?");?>')"  title="<?=gettext("delete rule");?>" alt="delete"  class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></a>
+                      <a href="firewall_nat_out_edit.php?id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("edit mapping");?>" class="btn btn-default btn-xs">
-												<a href="firewall_nat_out_edit.php?dup=<?=$i;?>" title="<?=gettext("add a new NAT based on this one");?>"  class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
+                        <span class="glyphicon glyphicon-pencil"></span>
+                      </a>
+                      <a id="del_<?=$i;?>" title="<?=gettext("delete this rule"); ?>" data-toggle="tooltip"  class="act_delete btn btn-default btn-xs">
+                        <span class="glyphicon glyphicon-remove"></span>
+                      </a>
+                      <a href="firewall_nat_out_edit.php?dup=<?=$i;?>" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("add a new NAT based on this one");?>">
+                        <span class="glyphicon glyphicon-plus"></span>
+                      </a>
                    </td>
                  </tr>
-					<?php
+<?php
                  $i++;
                endforeach;
-					?>
+?>
-				<tr valign="top" id="fr<?=$i;?>">
+        <tr>
-					<td class="list" colspan="11"></td>
+          <td colspan="6" class="hidden-xs hidden-sm"></td>
-					<td class="list nowrap" valign="middle">
+          <td colspan="5"></td>
+          <td>
 <?php
                if ($i == 0):
 ?>
                  <span class="btn btn-default btn-xs"><span class="glyphicon glyphicon-arrow-left"></span></span>
 <?php
                else:
 ?>
-									<button onmouseover="fr_insline(<?=$i;?>, true)" onmouseout="fr_insline(<?=$i;?>, false)" name="move_<?=$i;?>_x" type="submit"  title="<?=gettext("move selected mappings to end");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-arrow-left"></span></button>
+                  <a type="submit" id="move_<?=$i;?>" name="move_<?=$i;?>_x" data-toggle="tooltip" data-placement="left" title="<?=gettext("move selected rules to end");?>" class="act_move btn btn-default btn-xs">
+                    <span class="glyphicon glyphicon-arrow-left"></span>
+                  </a>
 <?php
                endif;
 ?>
                  <a href="firewall_nat_out_edit.php" title="<?=gettext("add new mapping");?>" alt="add"  class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
 <?php
                if ($i == 0):
 ?>
@@ -467,125 +480,128 @@ include("head.inc");
 <?php
                else:
 ?>
-									<button name="del_x" type="submit" title="<?=gettext("delete selected mappings");?>" onclick="return confirm('<?=gettext("Do you really want to delete the selected mappings?");?>')" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></button>
+                  <a id="del_x" title="<?=gettext("delete selected rules"); ?>" data-toggle="tooltip"  class="act_delete btn btn-default btn-xs">
+                    <span class="glyphicon glyphicon-remove"></span>
+                  </a>
 <?php
                endif;
 ?>
                  </td>
                </tr>
              </tbody>
+              <tfoot>
+                <tr>
+                  <td colspan="12">&nbsp;</td>
+                </tr>
+                <tr>
+                  <td width="16"><span class="glyphicon glyphicon-play text-success"></span></td>
+                  <td colspan="11"><?=gettext("Enabled rule"); ?></td>
+                </tr>
+                <tr>
+                  <td><span class="glyphicon glyphicon-play text-muted"></span></td>
+                  <td colspan="11"><?=gettext("Disabled rule"); ?></td>
+                </tr>
+              </tfoot>
+            </table>
+          </div>
+        </section>
 <?php
+      // when automatic or hybrid, display "auto" table.
      if ($mode == "automatic" || $mode == "hybrid"):
        if(empty($GatewaysList))
          filter_generate_gateways();
        $automatic_rules = filter_nat_rules_outbound_automatic(implode(" ", filter_nat_rules_automatic_tonathosts()));
        unset($GatewaysList);
 ?>
+        <section class="col-xs-12">
+          <div class="table-responsive content-box ">
+            <table class="table table-striped table-sort">
              <thead>
-				<tr><th colspan="12"><?=gettext("Automatic rules:"); ?></th></tr>
+                  <tr>
-				<tr id="frheader">
+                    <th colspan="11"><?=gettext("Automatic rules:"); ?></th>
-					<th width="3%" class="list">&nbsp;</th>
+                  </tr>
-					<th width="3%" class="list">&nbsp;</th>
+                  <tr>
-					<th width="10%" class="listhdrr"><?=gettext("Interface");?></th>
+                    <th>&nbsp;</th>
-					<th width="10%" class="listhdrr"><?=gettext("Source");?></th>
+                    <th>&nbsp;</th>
-					<th width="10%" class="listhdrr"><?=gettext("Source Port");?></th>
+                    <th><?=gettext("Interface");?></th>
-					<th width="15%" class="listhdrr"><?=gettext("Destination");?></th>
+                    <th><?=gettext("Source");?></th>
-					<th width="10%" class="listhdrr"><?=gettext("Destination Port");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("Source Port");?></th>
-					<th width="15%" class="listhdrr"><?=gettext("NAT Address");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("Destination");?></th>
-					<th width="10%" class="listhdrr"><?=gettext("NAT Port");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("Destination Port");?></th>
-					<th width="10%" class="listhdrr"><?=gettext("Static Port");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("NAT Address");?></th>
-					<th width="25%" class="listhdr"><?=gettext("Description");?></th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("NAT Port");?></th>
-					<th class="list">&nbsp;</th>
+                    <th class="hidden-xs hidden-sm"><?=gettext("Static Port");?></th>
+                    <th><?=gettext("Description");?></th>
                  </tr>
              </thead>
              <tbody>
 <?php
              foreach ($automatic_rules as $natent):
 ?>
-					<tr valign="top">
+                <tr>
-						<td class="list">&nbsp;</td>
+                  <td>&nbsp;</td>
-						<td class="listt" align="center">
+                  <td>
-							<span class="glyphicon glyphicon-play text-success" title="<?=gettext("automatic outbound nat");?>"></span>
+                    <span class="glyphicon glyphicon-play text-success" data-toggle="tooltip" title="<?=gettext("automatic outbound nat");?>"></span>
                  </td>
-						<td class="listlr">
+                  <td>
-							<?php echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); ?>
+                    <?= htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); ?>
-							&nbsp;
                  </td>
-						<td class="listr">
+                  <td>
                    <?=$natent['source']['network'];?>
                  </td>
-						<td class="listr">
+                  <td class="hidden-xs hidden-sm">
-<?php
+                    <?=(!empty($natent['protocol'])) ? $natent['protocol'] . '/' : "" ;?>
-							echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
+                    <?=empty($natent['sourceport']) ? "*" : $natent['sourceport'] ;?>
-							if (!$natent['sourceport'])
-								echo "*";
-							else
-								echo $natent['sourceport'];
-?>
                  </td>
-						<td class="listr">
+                  <td class="hidden-xs hidden-sm">
-<?php
+                    <?=isset($natent['destination']['not']) ? "!&nbsp;" : "";?>
-							if (isset($natent['destination']['any']))
+                    <?=isset($natent['destination']['any']) ? "*" : $natent['destination']['address'] ;?>
-								echo "*";
-							else {
-								if (isset($natent['destination']['not']))
-									echo "!&nbsp;";
-								echo $natent['destination']['address'];
-							}
-?>
                  </td>
-						<td class="listr">
+                  <td class="hidden-xs hidden-sm">
-<?php
+                    <?=!empty($natent['protocol']) ? $natent['protocol'] . '/' : "" ;?>
-							echo ($natent['protocol']) ? $natent['protocol'] . '/' : "" ;
+                    <?=empty($natent['dstport']) ? "*" : $natent['dstport'] ;?>
-							if (!$natent['dstport'])
-								echo "*";
-							else
-								echo $natent['dstport'];
-?>
                  </td>
-						<td class="listr">
+                  <td class="hidden-xs hidden-sm">
 <?php
-							if (isset($natent['nonat']))
+                    if (isset($natent['nonat'])) {
-								echo '<I>NO NAT</I>';
+                        $nat_address = '<I>NO NAT</I>';
-							elseif (!$natent['target'])
+                    } elseif (empty($natent['target'])) {
-								echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
+                        $nat_address = htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])) . " address";
-							elseif ($natent['target'] == "other-subnet")
+                    } elseif ($natent['target'] == "other-subnet") {
-								echo $natent['targetip'] . '/' . $natent['targetip_subnet'];
+                        $nat_address = $natent['targetip'] . '/' . $natent['targetip_subnet'];
-							else
+                    } else  {
-								echo $natent['target'];
+                        $nat_address = $natent['target'];
+                    }
 ?>
+                    <?=$nat_address;?>
                  </td>
-						<td class="listr">
+                  <td class="hidden-xs hidden-sm">
-<?php
+                    <?= empty($natent['natport']) ? "*" : $natent['natport'];?>
-							if (!$natent['natport'])
-								echo "*";
-							else
-								echo $natent['natport'];
-?>
                  </td>
-						<td class="listr">
+                  <td class="hidden-xs hidden-sm">
-<?php
+                    <?= isset($natent['staticnatport']) ? gettext("YES") : gettext("NO") ;?>
-							if(isset($natent['staticnatport']))
-								echo gettext("YES");
-							else
-								echo gettext("NO");
-?>
                  </td>
-						<td class="listbg">
+                  <td>
-							<?=htmlspecialchars($natent['descr']);?>&nbsp;
+                    <?=htmlspecialchars($natent['descr']);?>
                  </td>
-						<td class="list">&nbsp;</td>
                </tr>
 <?php
        endforeach;
+?>
+              </table>
+            </div>
+          </section>
+<?php
      endif;
 ?>
+          <section class="col-xs-12">
+            <div class="table-responsive content-box ">
+              <table class="table table-striped table-sort">
                <tr>
-					<td colspan="12">
+                  <td>
-						<p><span class="vexpl">
+                    <span class="text-danger">
-							<span class="red"><strong><?=gettext("Note:"); ?><br /></strong></span>
+                      <strong><?=gettext("Note:"); ?><br /></strong>
+                    </span>
                    <?=gettext("If automatic outbound NAT selected, a mapping is automatically created " .
                      "for each interface's subnet (except WAN-type connections) and the rules " .
                      "on \"Mappings\" section of this page are ignored.<br /><br /> " .
@@ -599,12 +615,9 @@ include("head.inc");
                      "then depending on the way the WAN connection is setup, a "); ?>
                      <a href="firewall_virtual_ip.php"><?=gettext("Virtual IP"); ?></a>
                      <?= gettext(" may also be required.") ?>
-						</span></p>
                    </td>
                  </tr>
-            </tbody>
                </table>
            </div>
          </section>
        </form>