<?php /* Copyright (C) 2014 Deciso B.V. Copyright (C) 2009 Janne Enberg <janne.enberg@lietu.net> Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net> All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); /** * build array with interface options for this form */ function formInterfaces() { global $config; $interfaces = array(); foreach ( get_configured_interface_with_descr(false, true) as $if => $ifdesc) $interfaces[$if] = $ifdesc; if (isset($config['l2tp']['mode']) && $config['l2tp']['mode'] == "server") $interfaces['l2tp'] = "L2TP VPN"; if (isset($config['pptpd']['mode']) && $config['pptpd']['mode'] == "server") $interfaces['pptp'] = "PPTP VPN"; if (is_pppoe_server_enabled()) $interfaces['pppoe'] = "PPPoE VPN"; /* add ipsec interfaces */ if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) $interfaces["enc0"] = "IPsec"; /* add openvpn/tun interfaces */ if (isset($config['openvpn']['openvpn-server']) || isset($config['openvpn']['openvpn-client'])) { $interfaces['openvpn'] = 'OpenVPN'; } return $interfaces; } /** * fetch list of selectable networks to use in form */ function formNetworks() { $networks = array(); $networks["any"] = gettext("any"); $networks["pptp"] = gettext("PPTP clients"); $networks["pppoe"] = gettext("PPPoE clients"); $networks["l2tp"] = gettext("L2TP clients"); foreach (get_configured_interface_with_descr() as $ifent => $ifdesc) { $networks[$ifent] = htmlspecialchars($ifdesc) . " " . gettext("net"); $networks[$ifent."ip"] = htmlspecialchars($ifdesc). " ". gettext("address"); } return $networks; } /** * obscured by clouds, is_specialnet uses this.. so let's hide it in here. * let's kill this another day. */ $specialsrcdst = explode(" ", "any (self) pptp pppoe l2tp openvpn"); $ifdisp = get_configured_interface_with_descr(); foreach ($ifdisp as $kif => $kdescr) { $specialsrcdst[] = "{$kif}"; $specialsrcdst[] = "{$kif}ip"; } // init config and get reference if (!isset($config['nat']['rule']) || !is_array($config['nat']['rule'])) { $config['nat']['rule'] = array(); } $a_nat = &$config['nat']['rule']; if ($_SERVER['REQUEST_METHOD'] === 'GET') { // load form data from config if (isset($_GET['id']) && is_numericint($_GET['id']) && isset($a_nat[$_GET['id']])) { $id = $_GET['id']; $configId = $id; // load form data from id } else if (isset($_GET['dup']) && isset($a_nat[$_GET['dup']])){ $after = $_GET['dup']; $configId = $_GET['dup']; // load form data from id } if (isset($_GET['after']) && isset($a_nat[$_GET['after']])) { $after = $_GET['after']; } // initialize form and set defaults $pconfig = array(); $pconfig['protocol'] = "tcp"; $pconfig['srcbeginport'] = "any"; $pconfig['srcendport'] = "any"; $pconfig['interface'] = "wan"; $pconfig['dstbeginport'] = 80 ; $pconfig['dstendport'] = 80 ; $pconfig['local-port'] = 80; if (isset($configId)) { // copy 1-on-1 foreach (array('protocol','target','local-port','descr','interface','associated-rule-id','nosync' ,'natreflection','created','updated') as $fieldname) { if (isset($a_nat[$configId][$fieldname])) { $pconfig[$fieldname] = $a_nat[$configId][$fieldname]; } } // fields with some kind of logic. $pconfig['disabled'] = isset($a_nat[$configId]['disabled']); $pconfig['nordr'] = isset($a_nat[$configId]['nordr']); address_to_pconfig($a_nat[$configId]['source'], $pconfig['src'], $pconfig['srcmask'], $pconfig['srcnot'], $pconfig['srcbeginport'], $pconfig['srcendport']); address_to_pconfig($a_nat[$configId]['destination'], $pconfig['dst'], $pconfig['dstmask'], $pconfig['dstnot'], $pconfig['dstbeginport'], $pconfig['dstendport']); } else if (isset($_GET['template']) && $_GET['template'] == 'transparant_proxy') { // new rule for transparant proxy reflection, to use as sample $pconfig['interface'] = "lan"; $pconfig['src'] = "lan"; $pconfig['dst'] = "any"; $pconfig['dstbeginport'] = 80 ; $pconfig['dstendport'] = 80 ; $pconfig['target'] = '127.0.0.1'; // try to read the proxy configuration to determine the current port // this has some disadvantages in case of dependencies, but there isn't // a much better solution available at the moment. if (isset($config['OPNsense']['proxy']['forward']['port'])) { $pconfig['local-port'] = $config['OPNsense']['proxy']['forward']['port']; } else { $pconfig['local-port'] = 3128; } $pconfig['natreflection'] = 'enable'; $pconfig['descr'] = "redirect traffic to proxy"; } else { $pconfig['src'] = "any"; } // init empty fields foreach (array("dst","dstmask","srcmask","dstbeginport","dstendport","target","local-port","natreflection","descr","disabled","nosync") as $fieldname) { if (!isset($pconfig[$fieldname])) { $pconfig[$fieldname] = null; } } } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { $pconfig = $_POST; $input_errors = array(); // validate id and store if usable if (isset($pconfig['id']) && is_numericint($pconfig['id']) && isset($a_nat[$pconfig['id']])) { $id = $_POST['id']; } if (isset($pconfig['after']) && isset($a_nat[$pconfig['after']])) { // place record after provided sequence number $after = $pconfig['after']; } /* Validate input data */ foreach ($pconfig as $key => $value) { if(htmlentities($value) <> $value) { $input_errors[] = sprintf(gettext("Invalid characters detected %s. Please remove invalid characters and save again."), htmlentities($value)); } } if( $pconfig['protocol'] == "tcp" || $pconfig['protocol'] == "udp" || $pconfig['protocol'] == "tcp/udp") { $reqdfields = explode(" ", "interface protocol dstbeginport dstendport"); $reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Destination port from"),gettext("Destination port to")); } else { $reqdfields = explode(" ", "interface protocol"); $reqdfieldsn = array(gettext("Interface"),gettext("Protocol")); } $reqdfields[] = "src"; $reqdfieldsn[] = gettext("Source address"); $reqdfields[] = "dst"; $reqdfieldsn[] = gettext("Destination address"); if (!empty($pconfig['nordr'])) { $reqdfields[] = "target"; $reqdfieldsn[] = gettext("Redirect target IP"); } do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (!isset($pconfig['nordr']) && ($pconfig['target'] && !is_ipaddroralias($pconfig['target']))) { $input_errors[] = sprintf(gettext("\"%s\" is not a valid redirect target IP address or host alias."), $pconfig['target']); } if (!empty($pconfig['srcbeginport']) && $pconfig['srcbeginport'] != 'any' && !is_portoralias($pconfig['srcbeginport'])) $input_errors[] = sprintf(gettext("%s is not a valid start source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcbeginport']); if (!empty($pconfig['srcendport']) && $pconfig['srcendport'] != 'any' && !is_portoralias($pconfig['srcendport'])) $input_errors[] = sprintf(gettext("%s is not a valid end source port. It must be a port alias or integer between 1 and 65535."), $pconfig['srcendport']); if (!empty($pconfig['dstbeginport']) && $pconfig['dstbeginport'] != 'any' && !is_portoralias($pconfig['dstbeginport'])) $input_errors[] = sprintf(gettext("%s is not a valid start destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstbeginport']); if (!empty($pconfig['dstendport']) && $pconfig['dstendport'] != 'any' && !is_portoralias($pconfig['dstendport'])) $input_errors[] = sprintf(gettext("%s is not a valid end destination port. It must be a port alias or integer between 1 and 65535."), $pconfig['dstendport']); if (($pconfig['protocol'] == "tcp" || $pconfig['protocol'] == "udp" || $_POST['protocol'] == "tcp/udp") && (!isset($pconfig['nordr']) && !is_portoralias($pconfig['local-port']))) { $input_errors[] = sprintf(gettext("A valid redirect target port must be specified. It must be a port alias or integer between 1 and 65535."), $pconfig['local-port']); } if (!is_specialnet($pconfig['src']) && !is_ipaddroralias($pconfig['src'])) { $input_errors[] = sprintf(gettext("%s is not a valid source IP address or alias."), $pconfig['src']); } if (!empty($pconfig['srcmask']) && !is_numericint($pconfig['srcmask'])) { $input_errors[] = gettext("A valid source bit count must be specified."); } if (!is_specialnet($pconfig['dst']) && !is_ipaddroralias($pconfig['dst'])) { $input_errors[] = sprintf(gettext("%s is not a valid destination IP address or alias."), $pconfig['dst']); } if (!empty($pconfig['dstmask']) && !is_numericint($pconfig['dstmask'])) { $input_errors[] = gettext("A valid destination bit count must be specified."); } if (!isset($_POST['nordr']) && is_numericint($pconfig['dstbeginport']) && is_numericint($pconfig['dstendport']) && is_numericint($pconfig['local-port']) && (max($pconfig['dstendport'],$pconfig['dstbeginport']) - min($pconfig['dstendport'],$pconfig['dstbeginport']) + $pconfig['local-port']) > 65535) { $input_errors[] = gettext("The target port range must be an integer between 1 and 65535."); } // save data if valid if (count($input_errors) == 0) { $natent = array(); // 1-on-1 copy $natent['protocol'] = $pconfig['protocol']; $natent['interface'] = $pconfig['interface']; $natent['descr'] = $pconfig['descr']; if (!empty($pconfig['associated-rule-id'])) { $natent['associated-rule-id'] = $pconfig['associated-rule-id']; } else { $natent['associated-rule-id'] = null; } // form processing logic $natent['disabled'] = !empty($pconfig['disabled']) ? true:false; $natent['nordr'] = !empty($pconfig['nordr']) ? true:false; $natent['nosync'] = !empty($pconfig['nosync']) ? true:false; if ($natent['nordr']) { $natent['associated-rule-id'] = ''; } else { $natent['target'] = $pconfig['target']; $natent['local-port'] = $pconfig['local-port']; } pconfig_to_address($natent['source'], $pconfig['src'], $pconfig['srcmask'], !empty($pconfig['srcnot']), $pconfig['srcbeginport'], $pconfig['srcendport']); pconfig_to_address($natent['destination'], $pconfig['dst'], $pconfig['dstmask'], !empty($pconfig['dstnot']), $pconfig['dstbeginport'], $pconfig['dstendport']); if(!empty($pconfig['filter-rule-association']) && $pconfig['filter-rule-association'] == "pass") { $natent['associated-rule-id'] = "pass"; } if ($pconfig['natreflection'] == "enable" || $pconfig['natreflection'] == "purenat" || $pconfig['natreflection'] == "disable") { $natent['natreflection'] = $pconfig['natreflection']; } // If we used to have an associated filter rule, but no-longer should have one if (isset($id) && !empty($a_nat[$id]['associated-rule-id']) && ( empty($natent['associated-rule-id']) || $natent['associated-rule-id'] != $a_nat[$id]['associated-rule-id'] ) ) { // Delete the previous rule foreach ($config['filter']['rule'] as $key => $item){ if(isset($item['associated-rule-id']) && $item['associated-rule-id']==$a_nat[$id]['associated-rule-id'] ){ unset($config['filter']['rule'][$key]); break; } } mark_subsystem_dirty('filter'); } $need_filter_rule = false; // Updating a rule with a filter rule associated if (!empty($natent['associated-rule-id'])) $need_filter_rule = true; // Create a rule or if we want to create a new one if( $natent['associated-rule-id']=='new' ) { $need_filter_rule = true; unset($natent['associated-rule-id']); $pconfig['filter-rule-association']='add-associated'; } // If creating a new rule, where we want to add the filter rule, associated or not else if (isset($pconfig['filter-rule-association']) && ($pconfig['filter-rule-association']=='add-associated' || $pconfig['filter-rule-association']=='add-unassociated') ) $need_filter_rule = true; if ($need_filter_rule) { /* auto-generate a matching firewall rule */ $filterent = array(); // If a rule already exists, load it if (!empty($natent['associated-rule-id'])) { // search rule by associated-rule-id $filterentid = false; foreach ($config['filter']['rule'] as $key => $item){ if (isset($item['associated-rule-id']) && $item['associated-rule-id']==$natent['associated-rule-id']) { $filterentid = $key; break; } } if ($filterentid === false) { $filterent['associated-rule-id'] = $natent['associated-rule-id']; } else { $filterent =& $config['filter']['rule'][$filterentid]; } } pconfig_to_address($filterent['source'], $pconfig['src'], $pconfig['srcmask'], !empty($pconfig['srcnot']), $pconfig['srcbeginport'], $pconfig['srcendport']); // Update interface, protocol and destination $filterent['interface'] = $pconfig['interface']; $filterent['protocol'] = $pconfig['protocol']; if (!isset($filterent['destination'])) { $filterent['destination'] = array(); } $filterent['destination']['address'] = $pconfig['target']; if (is_numericint($pconfig['local-port']) && is_numericint($pconfig['dstendport']) && is_numericint($pconfig['dstbeginport'])) { $dstpfrom = $pconfig['local-port']; $dstpto = $dstpfrom + max($pconfig['dstendport'], $pconfig['dstbeginport']) - min($pconfig['dstbeginport'],$pconfig['dstendport']) ; if ($dstpfrom == $dstpto) { $filterent['destination']['port'] = $dstpfrom; } else { $filterent['destination']['port'] = $dstpfrom . "-" . $dstpto; } } else { // if any of the ports is an alias, copy contents of local-port $filterent['destination']['port'] = $pconfig['local-port']; } /* * Our firewall filter description may be no longer than * 63 characters, so don't let it be. */ $filterent['descr'] = substr("NAT " . $pconfig['descr'], 0, 62); // If this is a new rule, create an ID and add the rule if( isset($pconfig['filter-rule-association']) && $pconfig['filter-rule-association']=='add-associated' ) { $filterent['associated-rule-id'] = $natent['associated-rule-id'] = uniqid("nat_", true); $filterent['created'] = make_config_revision_entry(null, gettext("NAT Port Forward")); $config['filter']['rule'][] = $filterent; } mark_subsystem_dirty('filter'); } // Update the NAT entry now $natent['updated'] = make_config_revision_entry(); if (isset($id)) { if (isset($a_nat[$id]['created'])) { $natent['created'] = $a_nat[$id]['created']; } $a_nat[$id] = $natent; } else { $natent['created'] = make_config_revision_entry(); if (isset($after)) { array_splice($a_nat, $after+1, 0, array($natent)); } else { $a_nat[] = $natent; } } if (write_config()) { mark_subsystem_dirty('natconf'); } header("Location: firewall_nat.php"); exit; } } legacy_html_escape_form_data($pconfig); $closehead = false; $pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Port Forward"),gettext("Edit")); include("head.inc"); ?> </head> <body> <script type="text/javascript"> $( document ).ready(function() { // show source fields (advanced) $("#showadvancedboxsrc").click(function(){ $(".advanced_opt_src").toggleClass("hidden visible"); }); // on change event protocol change $("#proto").change(function(){ if ($("#proto").val() == "tcp" || $("#proto").val() == "udp" || $("#proto").val() == "tcp/udp") { $(".act_port_select").removeClass("hidden"); } else { $(".act_port_select").addClass("hidden"); } }); // on change event for "No RDR" checkbox $("#nordr").change(function(){ if ($("#nordr").prop('checked')) { $(".act_no_rdr").addClass("hidden"); } else { $(".act_no_rdr").removeClass("hidden"); } }); // trigger initial form change $("#nordr").change(); // no-rdr $("#proto").change(); // protocol // show source address when selected <?php if (!empty($pconfig['srcnot']) || $pconfig['src'] != "any" || $pconfig['srcbeginport'] != "any" || $pconfig['srcendport'] != "any"): ?> $(".advanced_opt_src").toggleClass("hidden visible"); <?php endif; ?> // select / input combination, link behaviour // when the data attribute "data-other" is selected, display related input item(s) // push changes from input back to selected option value $('[for!=""][for]').each(function(){ var refObj = $("#"+$(this).attr("for")); if (refObj.is("select")) { // connect on change event to select box (show/hide) refObj.change(function(){ if ($(this).find(":selected").attr("data-other") == "true") { // show related controls $('*[for="'+$(this).attr("id")+'"]').each(function(){ if ($(this).hasClass("selectpicker")) { $(this).selectpicker('show'); } else { $(this).removeClass("hidden"); } }); } else { // hide related controls $('*[for="'+$(this).attr("id")+'"]').each(function(){ if ($(this).hasClass("selectpicker")) { $(this).selectpicker('hide'); } else { $(this).addClass("hidden"); } }); } }); // update initial refObj.change(); // connect on change to input to save data to selector if ($(this).attr("name") == undefined) { $(this).change(function(){ var otherOpt = $('#'+$(this).attr('for')+' > option[data-other="true"]') ; otherOpt.attr("value",$(this).val()); }); } } }); // align dropdown source from/to port $("#srcbeginport").change(function(){ $('#srcendport').prop('selectedIndex', $("#srcbeginport").prop('selectedIndex') ); $('#srcendport').selectpicker('refresh'); $('#srcendport').change(); }); // align dropdown destination from/to port $("#dstbeginport").change(function(){ $('#dstendport').prop('selectedIndex', $("#dstbeginport").prop('selectedIndex') ); $('#dstendport').selectpicker('refresh'); $('#dstendport').change(); }); }); </script> <?php include("fbegin.inc"); ?> <section class="page-content-main"> <div class="container-fluid"> <div class="row"> <?php if (isset($input_errors) && count($input_errors) > 0) print_input_errors($input_errors); ?> <section class="col-xs-12"> <div class="content-box"> <form action="firewall_nat_edit.php" method="post" name="iform" id="iform"> <table class="table table-striped"> <tr> <td width="22%"><?=gettext("Edit Redirect entry"); ?></td> <td width="78%" align="right"> <small><?=gettext("full help"); ?> </small> <i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page" type="button"></i></a> </td> </tr> <tr> <td><a id="help_for_disabled" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Disabled"); ?></td> <td> <input name="disabled" type="checkbox" id="disabled" value="yes" <?= !empty($pconfig['disabled']) ? "checked=\"checked\"" : ""; ?> /> <div class="hidden" for="help_for_disabled"> <strong><?=gettext("Disable this rule"); ?></strong><br /> <?=gettext("Set this option to disable this rule without removing it from the list."); ?> </div> </td> </tr> <tr> <td><a id="help_for_nordr" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("No RDR (NOT)"); ?></td> <td> <input type="checkbox" name="nordr" id="nordr" <?= !empty($pconfig['nordr']) ? "checked=\"checked\"" : ""; ?> /> <div class="hidden" for="help_for_nordr"> <?=gettext("Enabling this option will disable redirection for traffic matching this rule."); ?> <br /><?=gettext("Hint: this option is rarely needed, don't use this unless you know what you're doing."); ?> </div> </td> </tr> <tr> <td><a id="help_for_interface" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Interface"); ?></td> <td> <div class="input-group"> <select name="interface" class="selectpicker" data-width="auto" data-live-search="true"> <?php foreach (formInterfaces() as $iface => $ifacename): ?> <option value="<?=$iface;?>" <?= $iface == $pconfig['interface'] ? "selected=\"selected\"" : ""; ?>> <?=htmlspecialchars($ifacename);?> </option> <?php endforeach; ?> </select> </div> <div class="hidden" for="help_for_interface"> <?=gettext("Choose which interface this rule applies to."); ?><br /> <?=gettext("Hint: in most cases, you'll want to use WAN here."); ?> </div> </td> </tr> <tr> <td><a id="help_for_proto" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Protocol"); ?></td> <td> <div class="input-group"> <select id="proto" name="protocol" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <?php foreach (explode(" ", "TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP PIM OSPF") as $proto): ?> <option value="<?=strtolower($proto);?>" <?= strtolower($proto) == $pconfig['protocol'] ? "selected=\"selected\"" : ""; ?>> <?=$proto;?> </option> <?php endforeach; ?> </select> </div> <div class="hidden" for="help_for_proto"> <?=gettext("Choose which IP protocol " ."this rule should match."); ?><br/> <?=gettext("Hint: in most cases, you should specify"); ?> <em><?=gettext("TCP"); ?></em> <?=gettext("here."); ?> </div> </td> </tr> <tr class="advanced_opt_src visible"> <td><?=gettext("Source"); ?></td> <td> <input type="button" class="btn btn-default" value="<?=gettext("Advanced"); ?>" id="showadvancedboxsrc" /> <div class="hidden" for="help_for_source"> <?=gettext("Show source address and port range"); ?> </div> </td> </tr> <tr class="advanced_opt_src hidden"> <td> <a id="help_for_src_invert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Source") . " / ".gettext("Invert");?> </td> <td> <input name="srcnot" type="checkbox" id="srcnot" value="yes" <?= !empty($pconfig['srcnot']) ? "checked=\"checked\"" : "";?> /> <div class="hidden" for="help_for_src_invert"> <?=gettext("Use this option to invert the sense of the match."); ?> </div> </td> </tr> <tr class="advanced_opt_src hidden"> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Source"); ?></td> <td> <table class="table table-condensed"> <tr> <td> <select name="src" id="src" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <option data-other=true value="<?=$pconfig['src'];?>" <?=!is_specialnet($pconfig['src']) ? "selected=\"selected\"" : "";?>><?=gettext("Single host or Network"); ?></option> <optgroup label="<?=gettext("Aliases");?>"> <?php foreach (legacy_list_aliases("network") as $alias): ?> <option value="<?=$alias['name'];?>" <?=$alias['name'] == $pconfig['src'] ? "selected=\"selected\"" : "";?>><?=htmlspecialchars($alias['name']);?></option> <?php endforeach; ?> </optgroup> <optgroup label="<?=gettext("Networks");?>"> <?php foreach (formNetworks() as $ifent => $ifdesc): ?> <option value="<?=$ifent;?>" <?= $pconfig['src'] == $ifent ? "selected=\"selected\"" : ""; ?>><?=$ifdesc;?></option> <?php endforeach; ?> </optgroup> </select> </td> </tr> <tr> <td> <div class="input-group"> <!-- updates to "other" option in src --> <input type="text" for="src" value="<?=$pconfig['src'];?>" aria-label="<?=gettext("Source address");?>"/> <select name="srcmask" class="selectpicker" data-size="5" id="srcmask" data-width="auto" for="src" > <?php for ($i = 32; $i > 0; $i--): ?> <option value="<?=$i;?>" <?= $i == $pconfig['srcmask'] ? "selected=\"selected\"" : ""; ?>><?=$i;?></option> <?php endfor; ?> </select> </div> </td> </tr> </table> </td> </tr> <tr class="hidden advanced_opt_src"> <td><a id="help_for_srcport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Source port range"); ?></td> <td> <table class="table table-condensed"> <thead> <tr> <th><?=gettext("from:"); ?></th> <th><?=gettext("to:"); ?></th> </tr> </thead> <tbody> <tr> <td > <select id="srcbeginport" name="srcbeginport" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <option data-other=true value="<?=$pconfig['srcbeginport'];?>">(<?=gettext("other"); ?>)</option> <optgroup label="<?=gettext("Aliases");?>"> <?php foreach (legacy_list_aliases("port") as $alias): ?> <option value="<?=$alias['name'];?>" <?= $pconfig['srcbeginport'] == $alias['name'] ? "selected=\"selected\"" : ""; ?> ><?=htmlspecialchars($alias['name']);?> </option> <?php endforeach; ?> </optgroup> <optgroup label="<?=gettext("Well-known ports");?>"> <option value="any" <?= $pconfig['srcbeginport'] == "any" ? "selected=\"selected\"" : ""; ?>><?=gettext("any"); ?></option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?= $wkport == $pconfig['srcbeginport'] ? "selected=\"selected\"" : "" ;?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </optgroup> </select> </td> <td> <select id="srcendport" name="srcendport" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <option data-other=true value="<?=$pconfig['srcendport'];?>">(<?=gettext("other"); ?>)</option> <optgroup label="<?=gettext("Aliases");?>"> <?php foreach (legacy_list_aliases("port") as $alias): ?> <option value="<?=$alias['name'];?>" <?= $pconfig['srcendport'] == $alias['name'] ? "selected=\"selected\"" : ""; ?> ><?=htmlspecialchars($alias['name']);?> </option> <?php endforeach; ?> </optgroup> <optgroup label="<?=gettext("Well-known ports");?>"> <option value="any" <?= $pconfig['srcendport'] == "any" ? "selected=\"selected\"" : ""; ?>><?=gettext("any"); ?></option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?= $wkport == $pconfig['srcendport'] ? "selected=\"selected\"" : "" ;?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </optgroup> </select> </td> </tr> <tr> <td> <input type="text" value="<?=$pconfig['srcbeginport'];?>" for="srcbeginport"> <!-- updates to "other" option in srcbeginport --> </td> <td> <input type="text" value="<?=$pconfig['srcendport'];?>" for="srcendport"> <!-- updates to "other" option in srcendport --> </td> </tr> </tbody> </table> <div class="hidden" for="help_for_srcport"> <?=gettext("Specify the source port or port range for this rule"); ?>. <b><?=gettext("This is usually"); ?> <em><?=gettext("random"); ?></em> <?=gettext("and almost never equal to the destination port range (and should usually be 'any')"); ?>. </b> </div> </td> </tr> <tr> <td> <a id="help_for_dst_invert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Destination") . " / ".gettext("Invert");?> </td> <td> <input name="dstnot" type="checkbox" id="srcnot" value="yes" <?= !empty($pconfig['dstnot']) ? "checked=\"checked\"" : "";?> /> <div class="hidden" for="help_for_dst_invert"> <?=gettext("Use this option to invert the sense of the match."); ?> </div> </td> </tr> <tr> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Destination"); ?></td> <td> <table class="table table-condensed"> <tr> <td> <select name="dst" id="dst" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <option data-other=true value="<?=$pconfig['dst'];?>" <?=!is_specialnet($pconfig['dst']) ? "selected=\"selected\"" : "";?>><?=gettext("Single host or Network"); ?></option> <optgroup label="<?=gettext("Aliases");?>"> <?php foreach (legacy_list_aliases("network") as $alias): ?> <option value="<?=$alias['name'];?>" <?=$alias['name'] == $pconfig['dst'] ? "selected=\"selected\"" : "";?>><?=htmlspecialchars($alias['name']);?></option> <?php endforeach; ?> </optgroup> <optgroup label="<?=gettext("Networks");?>"> <?php foreach (formNetworks() as $ifent => $ifdesc): ?> <option value="<?=$ifent;?>" <?= $pconfig['dst'] == $ifent ? "selected=\"selected\"" : ""; ?>><?=$ifdesc;?></option> <?php endforeach; ?> </optgroup> <optgroup label="<?=gettext("Virtual IPs");?>"> <?php if (isset($config['virtualip']['vip'])): foreach ($config['virtualip']['vip'] as $sn): if (isset($sn['noexpand'])) continue; if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"): $start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits'])); $end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits'])); $len = $end - $start; for ($i = 0; $i <= $len; $i++): $snip = long2ip32($start+$i); ?> <option value="<?=$snip;?>" <?=$snip == $pconfig['dst'] ? "selected=\"selected\"" : "";?>> <?=htmlspecialchars("{$snip} ({$sn['descr']})");?> </option> <?php endfor; else: ?> <option value="<?=$sn['subnet'];?>" <?= $sn['subnet'] == $pconfig['dst'] ? "selected=\"selected\"" : ""; ?>> <?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?> </option> <?php endif; endforeach; endif; ?> </optgroup> </select> </td> </tr> <tr> <td> <div class="input-group"> <!-- updates to "other" option in src --> <input type="text" for="dst" value="<?= !is_specialnet($pconfig['dst']) ? $pconfig['dst'] : "";?>" aria-label="<?=gettext("Destination address");?>"/> <select name="dstmask" class="selectpicker" data-size="5" id="dstmask" data-width="auto" for="dst" > <?php for ($i = 32; $i > 0; $i--): ?> <option value="<?=$i;?>" <?= $i == $pconfig['dstmask'] ? "selected=\"selected\"" : ""; ?>><?=$i;?></option> <?php endfor; ?> </select> </div> </td> </tr> </table> </td> </tr> <tr class="act_port_select"> <td><a id="help_for_dstport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Destination port range"); ?></td> <td> <table class="table table-condensed"> <thead> <tr> <th><?=gettext("from:"); ?></th> <th><?=gettext("to:"); ?></th> </tr> </thead> <tbody> <tr> <td > <select id="dstbeginport" name="dstbeginport" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <option data-other=true value="<?=$pconfig['dstbeginport'];?>">(<?=gettext("other"); ?>)</option> <optgroup label="<?=gettext("Aliases");?>"> <?php foreach (legacy_list_aliases("port") as $alias): ?> <option value="<?=$alias['name'];?>" <?= $pconfig['dstbeginport'] == $alias['name'] ? "selected=\"selected\"" : ""; ?> ><?=htmlspecialchars($alias['name']);?> </option> <?php endforeach; ?> </optgroup> <optgroup label="<?=gettext("Well-known ports");?>"> <option value="any" <?= $pconfig['dstbeginport'] == "any" ? "selected=\"selected\"" : ""; ?>><?=gettext("any"); ?></option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?= $wkport == $pconfig['dstbeginport'] ? "selected=\"selected\"" : "" ;?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </optgroup> </select> </td> <td> <select id="dstendport" name="dstendport" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <option data-other=true value="<?=$pconfig['dstendport'];?>">(<?=gettext("other"); ?>)</option> <optgroup label="<?=gettext("Aliases");?>"> <?php foreach (legacy_list_aliases("port") as $alias): ?> <option value="<?=$alias['name'];?>" <?= $pconfig['dstendport'] == $alias['name'] ? "selected=\"selected\"" : ""; ?> ><?=htmlspecialchars($alias['name']);?> </option> <?php endforeach; ?> </optgroup> <optgroup label="<?=gettext("Well-known ports");?>"> <option value="any" <?= $pconfig['dstendport'] == "any" ? "selected=\"selected\"" : ""; ?>><?=gettext("any"); ?></option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?= $wkport == $pconfig['dstendport'] ? "selected=\"selected\"" : "" ;?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </optgroup> </select> </td> </tr> <tr> <td> <input type="text" value="<?=$pconfig['dstbeginport'];?>" for="dstbeginport"> <!-- updates to "other" option in dstbeginport --> </td> <td> <input type="text" value="<?=$pconfig['dstendport'];?>" for="dstendport"> <!-- updates to "other" option in dstendport --> </td> </tr> </tbody> </table> <div class="hidden" for="help_for_dstport"> <?=gettext("Specify the port or port range for the destination of the packet for this mapping."); ?> </div> </td> </tr> <tr> <tr class="act_no_rdr"> <td><a id="help_for_localip" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Redirect target IP"); ?></td> <td> <input name="target" type="text" class="formfldalias" size="20" value="<?=$pconfig['target'];?>" /> <div class="hidden" for="help_for_localip"> <?=gettext("Enter the internal IP address of " . "the server on which you want to map the ports."); ?><br/> <?=gettext("e.g."); ?> <em>192.168.1.12</em> </div> </tr> <tr class="act_port_select act_no_rdr"> <td><a id="help_for_localbeginport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Redirect target port"); ?></td> <td> <table class="table table-condensed"> <tbody> <tr> <td> <select id="localbeginport" name="local-port" class="selectpicker" data-live-search="true" data-size="5" data-width="auto"> <option data-other=true value="<?=$pconfig['local-port'];?>">(<?=gettext("other"); ?>)</option> <optgroup label="<?=gettext("Aliases");?>"> <?php foreach (legacy_list_aliases("port") as $alias): ?> <option value="<?=$alias['name'];?>" <?= $pconfig['local-port'] == $alias['name'] ? "selected=\"selected\"" : ""; ?> ><?=htmlspecialchars($alias['name']);?> </option> <?php endforeach; ?> </optgroup> <optgroup label="<?=gettext("Well-known ports");?>"> <option value="any" <?= $pconfig['local-port'] == "any" ? "selected=\"selected\"" : ""; ?>><?=gettext("any"); ?></option> <?php foreach ($wkports as $wkport => $wkportdesc): ?> <option value="<?=$wkport;?>" <?= $wkport == $pconfig['local-port'] ? "selected=\"selected\"" : "" ;?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </optgroup> </select> </td> </tr> <tr> <td> <input type="text" value="<?=$pconfig['local-port'];?>" for="localbeginport"> <!-- updates to "other" option in localbeginport --> </td> </tr> </tbody> </table> <div class="hidden" for="help_for_localbeginport"> <?=gettext("Specify the port on the machine with the " . "IP address entered above. In case of a port range, specify " . "the beginning port of the range (the end port will be calculated " . "automatically)."); ?><br /> <?=gettext("Hint: this is usually identical to the 'from' port above"); ?> </div> </td> </tr> <tr> <td><a id="help_for_descr" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Description"); ?></td> <td> <input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=$pconfig['descr'];?>" /> <div class="hidden" for="help_for_descr"> <?=gettext("You may enter a description here " ."for your reference (not parsed)."); ?> </div> </tr> <tr> <td><a id="help_for_nosync" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("No XMLRPC Sync"); ?></td> <td> <input type="checkbox" value="yes" name="nosync" <?=!empty($pconfig['nosync']) ? "checked=\"checked\"" :"";?> /> <div class="hidden" for="help_for_nosync"> <?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?> </div> </td> </tr> <tr> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("NAT reflection"); ?></td> <td> <select name="natreflection" class="selectpicker"> <option value="default" <?=$pconfig['natreflection'] != "enable" && $pconfig['natreflection'] != "purenat" && $pconfig['natreflection'] != "disable" ? "selected=\"selected\"" : ""; ?>><?=gettext("Use system default"); ?></option> <option value="enable" <?=$pconfig['natreflection'] == "enable" ? "selected=\"selected\"" : ""; ?>><?=gettext("Enable (NAT + Proxy)"); ?></option> <option value="purenat" <?=$pconfig['natreflection'] == "purenat" ? "selected=\"selected\"" : ""; ?>><?=gettext("Enable (Pure NAT)"); ?></option> <option value="disable" <?=$pconfig['natreflection'] == "disable" ? "selected=\"selected\"" : ""; ?>><?=gettext("Disable"); ?></option> </select> </td> </tr> <?php if (isset($id) && (!isset($_GET['dup']) || !is_numericint($_GET['dup']))): ?> <tr class="act_no_rdr"> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Filter rule association"); ?></td> <td> <select name="associated-rule-id" class="selectpicker" > <option value=""><?=gettext("None"); ?></option> <!-- maybe we should remove this in the future, multi purpose id field might not be the best thing in the world --> <option value="pass" <?= $pconfig['associated-rule-id'] == "pass" ? " selected=\"selected\"" : ""; ?>><?=gettext("Pass"); ?></option> <?php $linkedrule = ""; if (isset($config['filter']['rule'])): filter_rules_sort(); foreach ($config['filter']['rule'] as $filter_id => $filter_rule): if (isset($filter_rule['associated-rule-id'])): $is_selected = $filter_rule['associated-rule-id']==$pconfig['associated-rule-id']; if ($is_selected) $linkedrule = $filter_id; ?> <option value="<?=$filter_rule['associated-rule-id']?>" <?= $is_selected ? " selected=\"selected\"" : "";?> > <?=htmlspecialchars('Rule ' . $filter_rule['descr']);?> </option> <?php endif; endforeach; endif; ?> </select> <br/> <a href="firewall_rules_edit.php?id=<?=$linkedrule;?>"> <?=gettext("View the filter rule");?></a> </td> </tr> <?php elseif (!isset($id) || (isset($_GET['dup']) && is_numericint($_GET['dup']))) : ?> <tr class="act_no_rdr"> <td><a id="help_for_fra" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Filter rule association"); ?></td> <td> <select name="filter-rule-association"> <option value=""><?=gettext("None"); ?></option> <option value="add-associated" selected="selected"><?=gettext("Add associated filter rule"); ?></option> <option value="add-unassociated"><?=gettext("Add unassociated filter rule"); ?></option> <option value="pass"><?=gettext("Pass"); ?></option> </select> <div class="hidden" for="help_for_fra"> <?=gettext("NOTE: The \"pass\" selection does not work properly with Multi-WAN. It will only work on an interface containing the default gateway.")?> </div> </td> </tr> <?php endif; $has_created_time = (isset($pconfig['created']) && is_array($pconfig['created'])); $has_updated_time = (isset($pconfig['updated']) && is_array($pconfig['updated'])); if ($has_created_time || $has_updated_time): ?> <tr> <td colspan="2"> </td> </tr> <tr> <td colspan="2"><?=gettext("Rule Information");?></td> </tr> <?php if ($has_created_time): ?> <tr> <td><?=gettext("Created");?></td> <td> <?= date(gettext("n/j/y H:i:s"), $pconfig['created']['time']) ?> <?= gettext("by") ?> <strong><?=$pconfig['created']['username'];?></strong> </td> </tr> <?php endif; if ($has_updated_time): ?> <tr> <td><?=gettext("Updated");?></td> <td> <?= date(gettext("n/j/y H:i:s"), $pconfig['updated']['time']) ?> <?= gettext("by") ?> <strong><?=$pconfig['updated']['username'];?></strong> </td> </tr> <?php endif; endif; ?> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td> <input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" /> <input type="button" class="btn btn-default" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat.php';?>'" /> <?php if (isset($id)): ?> <input name="id" type="hidden" value="<?=$id;?>" /> <?php endif; ?> <?php if (isset($after)) : ?> <input name="after" type="hidden" value="<?=$after;?>" /> <?php endif; ?> </td> </tr> </table> </form> </div> </div> </section> </div> </div> </section> <?php include("foot.inc"); ?>