Project

General

Profile

Download (32.8 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / firewall_nat_out_edit.php @ a1b66bec

1
<?php
2
/* $Id$ */
3
/*
4
	firewall_nat_out_edit.php
5
	Copyright (C) 2004 Scott Ullrich
6
	All rights reserved.
7

    
8
	originally part of m0n0wall (http://m0n0.ch/wall)
9
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10
	All rights reserved.
11

    
12
	Redistribution and use in source and binary forms, with or without
13
	modification, are permitted provided that the following conditions are met:
14

    
15
	1. Redistributions of source code must retain the above copyright notice,
16
	   this list of conditions and the following disclaimer.
17

    
18
	2. Redistributions in binary form must reproduce the above copyright
19
	   notice, this list of conditions and the following disclaimer in the
20
	   documentation and/or other materials provided with the distribution.
21

    
22
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31
	POSSIBILITY OF SUCH DAMAGE.
32
*/
33
/*
34
	pfSense_MODULE:	nat
35
*/
36

    
37
##|+PRIV
38
##|*IDENT=page-firewall-nat-outbound-edit
39
##|*NAME=Firewall: NAT: Outbound: Edit page
40
##|*DESCR=Allow access to the 'Firewall: NAT: Outbound: Edit' page.
41
##|*MATCH=firewall_nat_out_edit.php*
42
##|-PRIV
43

    
44
require("guiconfig.inc");
45
require_once("filter.inc");
46
require("shaper.inc");
47

    
48
$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_nat_out.php');
49

    
50
if (!is_array($config['nat']['outbound']))
51
	$config['nat']['outbound'] = array();
52

    
53
if (!is_array($config['nat']['outbound']['rule'])) {
54
	$config['nat']['outbound']['rule'] = array();
55
}
56

    
57
$a_out = &$config['nat']['outbound']['rule'];
58

    
59
if (!is_array($config['aliases']['alias']))
60
	$config['aliases']['alias'] = array();
61
$a_aliases = &$config['aliases']['alias'];
62

    
63
if (is_numericint($_GET['id']))
64
	$id = $_GET['id'];
65
if (isset($_POST['id']) && is_numericint($_POST['id']))
66
	$id = $_POST['id'];
67

    
68
if (is_numericint($_GET['after']) || $_GET['after'] == "-1")
69
	$after = $_GET['after'];
70
if (isset($_POST['after']) && (is_numericint($_POST['after']) || $_POST['after'] == "-1"))
71
	$after = $_POST['after'];
72

    
73
if (isset($_GET['dup']) && is_numericint($_GET['dup'])) {
74
        $id = $_GET['dup'];
75
        $after = $_GET['dup'];
76
}
77

    
78
if (isset($id) && $a_out[$id]) {
79
	if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) )
80
		$pconfig['created'] = $a_out[$id]['created'];
81

    
82
	if ( isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated']) )
83
		$pconfig['updated'] = $a_out[$id]['updated'];
84

    
85
	$pconfig['protocol'] = $a_out[$id]['protocol'];
86
	list($pconfig['source'],$pconfig['source_subnet']) = explode('/', $a_out[$id]['source']['network']);
87
	if (!is_numeric($pconfig['source_subnet']))
88
		$pconfig['source_subnet'] = 32;
89
	$pconfig['sourceport'] = $a_out[$id]['sourceport'];
90
	address_to_pconfig($a_out[$id]['destination'], $pconfig['destination'],
91
		$pconfig['destination_subnet'], $pconfig['destination_not'],
92
		$none, $none);
93
	$pconfig['dstport'] = $a_out[$id]['dstport'];
94
	$pconfig['natport'] = $a_out[$id]['natport'];
95
	$pconfig['target'] = $a_out[$id]['target'];
96
	$pconfig['targetip'] = $a_out[$id]['targetip'];
97
	$pconfig['targetip_subnet'] = $a_out[$id]['targetip_subnet'];
98
	$pconfig['poolopts'] = $a_out[$id]['poolopts'];
99
	$pconfig['interface'] = $a_out[$id]['interface'];
100
	if (!$pconfig['interface']) {
101
		$pconfig['interface'] = "wan";
102
	}
103
	$pconfig['descr'] = $a_out[$id]['descr'];
104
	$pconfig['nonat'] = $a_out[$id]['nonat'];
105
	$pconfig['disabled'] = isset($a_out[$id]['disabled']);
106
	$pconfig['staticnatport'] = isset($a_out[$id]['staticnatport']);
107
	$pconfig['nosync'] = isset($a_out[$id]['nosync']);
108
} else {
109
	$pconfig['source_subnet'] = 24;
110
	$pconfig['destination'] = "any";
111
	$pconfig['destination_subnet'] = 24;
112
	$pconfig['interface'] = "wan";
113
}
114

    
115
if (isset($_GET['dup']) && is_numericint($_GET['dup']))
116
	unset($id);
117

    
118
if ($_POST) {
119
	if ($_POST['destination_type'] == "any") {
120
		$_POST['destination'] = "any";
121
		$_POST['destination_subnet'] = 24;
122
	}
123
	if ($_POST['source_type'] == "any") {
124
		$_POST['source'] = "any";
125
		$_POST['source_subnet'] = 24;
126
	} elseif ($_POST['source_type'] == "(self)") {
127
		$_POST['source'] = "(self)";
128
		$_POST['source_subnet'] = 24;
129
	}
130

    
131
	unset($input_errors);
132
	$pconfig = $_POST;
133
	/*  run through $_POST items encoding HTML entties so that the user
134
	 *  cannot think he is slick and perform a XSS attack on the unwilling
135
	 */
136
	foreach ($_POST as $key => $value) {
137
		$temp = str_replace(">", "", $value);
138
		$newpost = htmlentities($temp);
139
		if($newpost <> $temp)
140
			$input_errors[] = sprintf(gettext("Invalid characters detected (%s).  Please remove invalid characters and save again."),$temp);
141
	}
142

    
143
	/* input validation */
144
	$reqdfields = explode(" ", "interface protocol source source_subnet destination destination_subnet");
145
	$reqdfieldsn = array(gettext("Interface"),gettext("Protocol"),gettext("Source"),gettext("Source bit count"),gettext("Destination"),gettext("Destination bit count"));
146

    
147
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
148

    
149
	$protocol_uses_ports = in_array($_POST['protocol'], explode(" ", "any tcp udp tcp/udp"));
150

    
151
	if ($_POST['source'])
152
		$_POST['source'] = trim($_POST['source']);
153
	if ($_POST['destination'])
154
		$_POST['destination'] = trim($_POST['destination']);
155
	if ($_POST['targetip'])
156
		$_POST['targetip'] = trim($_POST['targetip']);
157
	if ($_POST['sourceport'])
158
		$_POST['sourceport'] = trim($_POST['sourceport']);
159
	if ($_POST['dstport'])
160
		$_POST['dstport'] = trim($_POST['dstport']);
161
	if ($_POST['natport'])
162
		$_POST['natport'] = trim($_POST['natport']);
163

    
164
	if($protocol_uses_ports && $_POST['sourceport'] <> "" && !is_portoralias($_POST['sourceport']))
165
		$input_errors[] = gettext("You must supply either a valid port or port alias for the source port entry.");
166

    
167
	if($protocol_uses_ports && $_POST['dstport'] <> "" && !is_portoralias($_POST['dstport']))
168
		$input_errors[] = gettext("You must supply either a valid port or port alias for the destination port entry.");
169

    
170
	if($protocol_uses_ports && $_POST['natport'] <> "" && !is_port($_POST['natport']) && !isset($_POST['nonat']))
171
		$input_errors[] = gettext("You must supply a valid port for the NAT port entry.");
172

    
173
	if (($_POST['source_type'] != "any") && ($_POST['source_type'] != "(self)")) {
174
		if ($_POST['source'] && !is_ipaddroralias($_POST['source']) && $_POST['source'] <> "any") {
175
			$input_errors[] = gettext("A valid source must be specified.");
176
		}
177
	}
178
	if ($_POST['source_subnet'] && !is_numericint($_POST['source_subnet'])) {
179
		$input_errors[] = gettext("A valid source bit count must be specified.");
180
	}
181
	if ($_POST['destination_type'] != "any") {
182
		if ($_POST['destination'] && !is_ipaddroralias($_POST['destination'])) {
183
			$input_errors[] = gettext("A valid destination must be specified.");
184
		}
185
	}
186
	if ($_POST['destination_subnet'] && !is_numericint($_POST['destination_subnet'])) {
187
		$input_errors[] = gettext("A valid destination bit count must be specified.");
188
	}
189
	if ($_POST['destination_type'] == "any") {
190
		if ($_POST['destination_not']) {
191
			$input_errors[] = gettext("Negating destination address of \"any\" is invalid.");
192
		}
193
	}
194

    
195
	if ($_POST['target'] && !is_ipaddr($_POST['target']) && !is_subnet($_POST['target']) && !is_alias($_POST['target']) && !isset($_POST['nonat']) && !($_POST['target'] == "other-subnet")) {
196
		$input_errors[] = gettext("A valid target IP address must be specified.");
197
	}
198

    
199
	if ($_POST['target'] == "other-subnet") {
200
		if (!is_ipaddr($_POST['targetip'])) {
201
			$input_errors[] = gettext("A valid target IP must be specified when using the 'Other Subnet' type.");
202
		}
203
		if (!is_numericint($_POST['targetip_subnet'])) {
204
			$input_errors[] = gettext("A valid target bit count must be specified when using the 'Other Subnet' type.");
205
		}
206
	}
207

    
208
	/* Verify Pool Options */
209
	$poolopts = "";
210
	if ($_POST['poolopts']) {
211
		if (is_subnet($_POST['target']) || ($_POST['target'] == "other-subnet"))
212
			$poolopts = $_POST['poolopts'];
213
		elseif (is_alias($_POST['target'])) {
214
			if (substr($_POST['poolopts'], 0, 11) == "round-robin")
215
				$poolopts = $_POST['poolopts'];
216
			else
217
				$input_errors[] = gettext("Only Round Robin pool options may be chosen when selecting an alias.");
218
		}
219
	}
220

    
221
	/* if user has selected any as source, set it here */
222
	if($_POST['source_type'] == "any") {
223
		$osn = "any";
224
	} else if($_POST['source_type'] == "(self)") {
225
		$osn = "(self)";
226
	} else if(is_alias($_POST['source'])) {
227
		$osn = $_POST['source'];
228
	} else {
229
		$osn = gen_subnet($_POST['source'], $_POST['source_subnet']) . "/" . $_POST['source_subnet'];
230
	}
231

    
232
	/* check for existing entries */
233
	if ($_POST['destination_type'] == "any") {
234
		$ext = "any";
235
	} else if(is_alias($_POST['destination'])) {
236
		$ext = $_POST['destination'];
237
	} else {
238
		$ext = gen_subnet($_POST['destination'], $_POST['destination_subnet']) . "/" . $_POST['destination_subnet'];
239
	}
240

    
241
	foreach ($a_out as $natent) {
242
		if (isset($id) && ($a_out[$id]) && ($a_out[$id] === $natent)) {
243
			continue;
244
		}
245

    
246
		if (!$natent['interface']) {
247
			$natent['interface'] == "wan";
248
		}
249
	}
250

    
251
	// Allow extending of the firewall edit page and include custom input validation 
252
	pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/input_validation");
253

    
254
	if (!$input_errors) {
255
	        $natent = array();
256
		$natent['source']['network'] = $osn;
257
		$natent['sourceport'] = ($protocol_uses_ports) ? $_POST['sourceport'] : "";
258
		$natent['descr'] = $_POST['descr'];
259
		$natent['target'] = (!isset($_POST['nonat'])) ? $_POST['target'] : "";
260
		$natent['targetip'] = (!isset($_POST['nonat'])) ? $_POST['targetip'] : "";
261
		$natent['targetip_subnet'] = (!isset($_POST['nonat'])) ? $_POST['targetip_subnet'] : "";
262
		$natent['interface'] = $_POST['interface'];
263
		$natent['poolopts'] = $poolopts;
264

    
265
		/* static-port */
266
		if(isset($_POST['staticnatport']) && $protocol_uses_ports && !isset($_POST['nonat'])) {
267
			$natent['staticnatport'] = true;
268
		} else {
269
			unset($natent['staticnatport']);
270
		}
271
		
272
		if(isset($_POST['disabled'])) {
273
			$natent['disabled'] = true;
274
		} else {
275
			unset($natent['disabled']);
276
		}
277

    
278
		/* if user has selected not nat, set it here */
279
		if(isset($_POST['nonat'])) {
280
			$natent['nonat'] = true;
281
		} else {
282
			unset($natent['nonat']);
283
		}
284

    
285
		if ($_POST['protocol'] && $_POST['protocol'] != "any")
286
			$natent['protocol'] = $_POST['protocol'];
287
		else
288
			unset($natent['protocol']);
289

    
290
	        if ($ext == "any") {
291
			$natent['destination']['any'] = true;
292
		} else {
293
			$natent['destination']['address'] = $ext;
294
		}
295
		if($_POST['natport'] != "" && $protocol_uses_ports && !isset($_POST['nonat'])) {
296
	        	$natent['natport'] = $_POST['natport'];
297
		} else {
298
			unset($natent['natport']);
299
		}
300
		if($_POST['dstport'] != "" && $protocol_uses_ports) {
301
			$natent['dstport'] = $_POST['dstport'];
302
		} else {
303
			unset($natent['dstport']);
304
		}
305

    
306
		if($_POST['nosync'] == "yes") {
307
			$natent['nosync'] = true;
308
		} else {
309
			unset($natent['nosync']);
310
		}
311

    
312
		if (isset($_POST['destination_not']) && $ext != "any") {
313
			$natent['destination']['not'] = true;
314
		}
315

    
316
		if ( isset($a_out[$id]['created']) && is_array($a_out[$id]['created']) )
317
			$natent['created'] = $a_out[$id]['created'];
318

    
319
		$natent['updated'] = make_config_revision_entry();
320

    
321
		// Allow extending of the firewall edit page and include custom input validation 
322
		pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/pre_write_config");
323

    
324
		if (isset($id) && $a_out[$id]) {
325
			$a_out[$id] = $natent;
326
		} else {
327
			$natent['created'] = make_config_revision_entry();
328
			if (is_numeric($after)) {
329
				array_splice($a_out, $after+1, 0, array($natent));
330
			} else {
331
				$a_out[] = $natent;
332
			}
333
		}
334

    
335
		if (write_config())
336
			mark_subsystem_dirty('natconf');
337
		header("Location: firewall_nat_out.php");
338
		exit;
339
	}
340
}
341

    
342
$pgtitle = array(gettext("Firewall"),gettext("NAT"),gettext("Outbound"),gettext("Edit"));
343
$closehead = false;
344
include("head.inc");
345

    
346
?>
347

    
348
<script type="text/javascript" src="/javascript/suggestions.js"></script>
349
<script type="text/javascript" src="/javascript/autosuggest.js"></script>
350
<script type="text/javascript">
351
//<![CDATA[
352
var portsenabled = 1;
353
function staticportchange() {
354
	if(document.iform.staticnatport.checked) {
355
		document.iform.natport.value = "";
356
		document.iform.natport.disabled = 1;
357
	} else {
358
		document.iform.natport.disabled = 0;
359
	}
360
}
361
function typesel_change() {
362
	switch (document.iform.destination_type.selectedIndex) {
363
	case 1: // network
364
		document.iform.destination.disabled = 0;
365
		document.iform.destination_subnet.disabled = 0;
366
		break;
367
	default:
368
		document.iform.destination.value = "";
369
		document.iform.destination.disabled = 1;
370
		document.iform.destination_subnet.value = "24";
371
		document.iform.destination_subnet.disabled = 1;
372
		break;
373
	}
374
}
375
function sourcesel_change() {
376
	switch (document.iform.source_type.selectedIndex) {
377
	case 2: // network
378
		document.iform.source.disabled = 0;
379
		document.iform.source_subnet.disabled = 0;
380
		break;
381
	default:
382
		document.iform.source.value = "";
383
		document.iform.source.disabled = 1;
384
		document.iform.source_subnet.value = "24";
385
		document.iform.source_subnet.disabled = 1;
386
		break;
387
	}
388
}
389
function nonat_change() {
390
	if (document.iform.nonat.checked) {
391
		document.getElementById("transtable").style.display = 'none';
392
	} else {
393
		document.getElementById("transtable").style.display = '';
394
	}
395
}
396
function proto_change() {
397
	if (document.iform.protocol.selectedIndex >= 0 && document.iform.protocol.selectedIndex <= 3) {
398
		portsenabled = 1;
399
	} else {
400
		portsenabled = 0;
401
	}
402

    
403
	if (portsenabled) {
404
		document.getElementById("sport_tr").style.display = '';
405
		document.getElementById("dport_tr").style.display = '';
406
		document.getElementById("tport_tr").style.display = '';
407
		document.getElementById("tporttext_tr").style.display = '';
408
		document.getElementById("tportstatic_tr").style.display = '';
409
	} else {
410
		document.getElementById("sport_tr").style.display = 'none';
411
		document.getElementById("dport_tr").style.display = 'none';
412
		document.getElementById("tport_tr").style.display = 'none';
413
		document.getElementById("tporttext_tr").style.display = 'none';
414
		document.getElementById("tportstatic_tr").style.display = 'none';
415
	}
416
}
417
function poolopts_change() {
418
	if (jQuery('#target option:selected').text().trim().substring(0,4) == "Host") {
419
		jQuery('#poolopts_tr').css('display','');
420
		jQuery('#target_network').css('display','none');
421
	} else if (jQuery('#target option:selected').text().trim().substring(0,6) == "Subnet") {
422
		jQuery('#poolopts_tr').css('display','');
423
		jQuery('#target_network').css('display','none');
424
	} else if (jQuery('#target option:selected').text().trim().substring(0,5) == "Other") {
425
		jQuery('#poolopts_tr').css('display','');
426
		jQuery('#target_network').css('display','');
427
	} else {
428
		jQuery('#poolopts').prop('selectedIndex',0);
429
		jQuery('#poolopts_tr').css('display','none');
430
		jQuery('#target_network').css('display','none');
431
		jQuery('#targetip').val('');
432
		jQuery('#targetip_subnet').val('0');
433
	}
434
}
435
//]]>
436
</script>
437
</head>
438

    
439
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
440
<?php include("fbegin.inc"); ?>
441
<?php if ($input_errors) print_input_errors($input_errors); ?>
442
<form action="firewall_nat_out_edit.php" method="post" name="iform" id="iform">
443
	<table width="100%" border="0" cellpadding="6" cellspacing="1" summary="firewall nat outbound edit">
444
		<tr>
445
			<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Advanced Outbound NAT entry");?></td>
446
		</tr>
447
<?php
448
		// Allow extending of the firewall edit page and include custom input validation 
449
		pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/htmlphpearly");
450
?>
451
		<tr>
452
			<td width="22%" valign="top" class="vncellreq"><?=gettext("Disabled");?></td>
453
			<td width="78%" class="vtable">
454
				<input name="disabled" type="checkbox" id="disabled" value="yes" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> />
455
				<strong><?=gettext("Disable this rule");?></strong><br />
456
				<span class="vexpl"><?=gettext("Set this option to disable this rule without removing it from the list.");?></span>
457
			</td>
458
		</tr>
459
		<tr>
460
			<td width="22%" valign="top" class="vncell"><?=gettext("Do not NAT");?></td>
461
			<td width="78%" class="vtable">
462
				<input type="checkbox" name="nonat" id="nonat" onclick="nonat_change();" <?php if(isset($pconfig['nonat'])) echo " checked=\"checked\""; ?> />
463
				<span class="vexpl"><?=gettext("Enabling this option will disable NAT for traffic matching this rule and stop processing Outbound NAT rules.");?>
464
				<br /><?=gettext("Hint: in most cases, you won't use this option.");?></span>
465
			</td>
466
		</tr>
467
		<tr>
468
			<td width="22%" valign="top" class="vncellreq"><?=gettext("Interface");?></td>
469
			<td width="78%" class="vtable">
470
				<select name="interface" class="formselect">
471
<?php
472
					$iflist = get_configured_interface_with_descr(false, true);
473
					foreach ($iflist as $if => $ifdesc)
474
						if(have_ruleint_access($if))
475
							$interfaces[$if] = $ifdesc;
476

    
477
					if ($config['l2tp']['mode'] == "server")
478
						if(have_ruleint_access("l2tp"))
479
							$interfaces['l2tp'] = "L2TP VPN";
480

    
481
					if ($config['pptpd']['mode'] == "server")
482
						if(have_ruleint_access("pptp"))
483
							$interfaces['pptp'] = "PPTP VPN";
484

    
485
					if (is_pppoe_server_enabled() && have_ruleint_access("pppoe"))
486
						$interfaces['pppoe'] = "PPPoE Server";
487

    
488
					/* add ipsec interfaces */
489
					if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable']))
490
						if(have_ruleint_access("enc0"))
491
							$interfaces["enc0"] = "IPsec";
492

    
493
					/* add openvpn/tun interfaces */
494
					if  ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"])
495
						$interfaces["openvpn"] = "OpenVPN";
496

    
497
					foreach ($interfaces as $iface => $ifacename):
498
?>
499
						<option value="<?=$iface;?>" <?php if ($iface == $pconfig['interface']) echo "selected=\"selected\""; ?>>
500
							<?=htmlspecialchars($ifacename);?>
501
						</option>
502
<?php
503
					endforeach;
504
?>
505
				</select><br />
506
				<span class="vexpl"><?=gettext("Choose which interface this rule applies to.");?><br />
507
					<?=gettext("Hint: in most cases, you'll want to use WAN here.");?>
508
				</span>
509
			</td>
510
		</tr>
511
		<tr>
512
			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol");?></td>
513
			<td width="78%" class="vtable">
514
				<select name="protocol" class="formselect" onchange="proto_change();">
515
<?php
516
				$protocols = explode(" ", "any TCP UDP TCP/UDP ICMP ESP AH GRE IPV6 IGMP carp pfsync");
517
				foreach ($protocols as $proto):
518
?>
519
					<option value="<?=strtolower($proto);?>" <?php if (strtolower($proto) == $pconfig['protocol']) echo "selected=\"selected\""; ?>><?=htmlspecialchars($proto);?></option>
520
<?php
521
				endforeach;
522
?>
523
				</select><br />
524
				<span class="vexpl"><?=gettext("Choose which protocol this rule should match.");?><br />
525
<?php
526
					printf(gettext("Hint: in most cases, you should specify %s any %s here."),"<em>","</em>&nbsp;");
527
?>
528
				</span>
529
			</td>
530
		</tr>
531
		<tr>
532
			<td width="22%" valign="top" class="vncellreq"><?=gettext("Source");?></td>
533
			<td width="78%" class="vtable">
534
				<table border="0" cellspacing="1" cellpadding="1" summary="source">
535
					<tr>
536
						<td><?=gettext("Type:");?>&nbsp;&nbsp;</td>
537
						<td>
538
							<select name="source_type" class="formselect" onchange="sourcesel_change()">
539
								<option value="any" <?php if ($pconfig['source'] == "any") echo "selected=\"selected\""; ?>><?=gettext("any");?></option>
540
								<option value="(self)" <?PHP if ($pconfig['source'] == "(self)") echo "selected=\"selected\""; ?>><?=gettext("This Firewall (self)");?></option>
541
								<option value="network" <?php if (($pconfig['source'] != "any") && ($pconfig['source'] != "(self)")) echo "selected=\"selected\""; ?>><?=gettext("Network");?></option>
542
							</select>
543
						</td>
544
					</tr>
545
					<tr>
546
						<td><?=gettext("Address:");?>&nbsp;&nbsp;</td>
547
						<td>
548
							<input name="source" type="text" autocomplete="off" class="formfldalias" id="source" size="20" value="<?=htmlspecialchars($pconfig['source']);?>" />/
549
							<select name="source_subnet" class="formfld" id="source_subnet">
550
<?php
551
							for ($i = 32; $i >= 0; $i--):
552
?>
553
								<option value="<?=$i;?>"<?php if ($i == $pconfig['source_subnet']) echo " selected=\"selected\""; ?>><?=$i;?></option>
554
<?php
555
							endfor;
556
?>
557
							</select>
558
						</td>
559
					</tr>
560
					<tr>
561
						<td>&nbsp;</td>
562
						<td>
563
							<span class="vexpl"><?=gettext("Enter the source network for the outbound NAT mapping.");?></span>
564
						</td>
565
					</tr>
566
					<tr name="sport_tr" id="sport_tr">
567
						<td><?=gettext("Source port:");?>&nbsp;&nbsp;</td>
568
						<td>
569
							<input name="sourceport" type="text" autocomplete="off" class="formfldalias" id="sourceport" size="5" value="<?=htmlspecialchars($pconfig['sourceport']);?>" />
570
							<?=gettext("(leave blank for any)");?>
571
						</td>
572
					</tr>
573
				</table>
574
			</td>
575
		</tr>
576
		<tr>
577
			<td width="22%" valign="top" class="vncellreq"><?=gettext("Destination");?></td>
578
			<td width="78%" class="vtable">
579
				<input name="destination_not" type="checkbox" id="destination_not" value="yes" <?php if ($pconfig['destination_not']) echo "checked=\"checked\""; ?> />
580
				<strong><?=gettext("not");?></strong><br />
581
				<?=gettext("Use this option to invert the sense of the match.");?><br />
582
				<br />
583
				<table border="0" cellspacing="1" cellpadding="1" summary="destination">
584
					<tr>
585
						<td><?=gettext("Type:");?>&nbsp;&nbsp;</td>
586
						<td>
587
							<select name="destination_type" class="formselect" onchange="typesel_change()">
588
								<option value="any"<?php if ($pconfig['destination'] == "any") echo " selected=\"selected\""; ?>>
589
									<?=gettext("any");?>
590
								</option>
591
								<option value="network"<?php if ($pconfig['destination'] != "any") echo " selected=\"selected\""; ?>>
592
									<?=gettext("Network");?>
593
								</option>
594
							</select>
595
						</td>
596
					</tr>
597
					<tr>
598
						<td><?=gettext("Address:");?>&nbsp;&nbsp;</td>
599
						<td>
600
							<input name="destination" type="text" autocomplete="off" class="formfldalias" id="destination" size="20" value="<?=htmlspecialchars($pconfig['destination']);?>" />/
601
							<select name="destination_subnet" class="formselect" id="destination_subnet">
602
<?php
603
							for ($i = 32; $i >= 0; $i--):
604
?>
605
								<option value="<?=$i;?>"<?php if ($i == $pconfig['destination_subnet']) echo " selected=\"selected\""; ?>><?=$i;?></option>
606
<?php
607
							endfor;
608
?>
609
							</select>
610
						</td>
611
					</tr>
612
					<tr>
613
						<td>&nbsp;</td>
614
						<td>
615
							<span class="vexpl"><?=gettext("Enter the destination network for the outbound NAT mapping.");?></span>
616
						</td>
617
					</tr>
618
					<tr name="dport_tr" id="dport_tr">
619
						<td><?=gettext("Destination port:");?>&nbsp;&nbsp;</td>
620
						<td>
621
							<input name="dstport" type="text" autocomplete="off" class="formfldalias" id="dstport" size="5" value="<?=htmlspecialchars($pconfig['dstport']);?>" />
622
							<?=gettext("(leave blank for any)");?>
623
						</td>
624
					</tr>
625
				</table>
626
			</td>
627
		</tr>
628
		<tr name="transtable" id="transtable">
629
			<td width="22%" valign="top" class="vncell"><?=gettext("Translation");?></td>
630
			<td width="78%" class="vtable">
631
				<table border="0" cellspacing="1" cellpadding="1" summary="translation">
632
					<tr>
633
						<td><?=gettext("Address:");?>&nbsp;&nbsp;</td>
634
						<td>
635
							<select name="target" class="formselect" id="target" onchange="poolopts_change();">
636
								<option value=""<?php if (!$pconfig['target']) echo " selected=\"selected\""; ?>>
637
									<?=gettext("Interface address");?>
638
								</option>
639
<?php
640
								if (is_array($config['virtualip']['vip'])):
641
									foreach ($config['virtualip']['vip'] as $sn):
642
										if (isset($sn['noexpand']))
643
											continue;
644
										if ($sn['mode'] == "proxyarp" && $sn['type'] == "network"):
645
											$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
646
											$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
647
											$len = $end - $start;
648
?>
649
								<option value="<?=$sn['subnet'].'/'.$sn['subnet_bits'];?>" <?php if ($sn['subnet'].'/'.$sn['subnet_bits'] == $pconfig['target']) echo "selected=\"selected\""; ?>>
650
									<?=htmlspecialchars("Subnet: {$sn['subnet']}/{$sn['subnet_bits']} ({$sn['descr']})");?>
651
								</option>
652
<?php
653
											for ($i = 0; $i <= $len; $i++):
654
												$snip = long2ip32($start+$i);
655
?>
656
								<option value="<?=$snip;?>" <?php if ($snip == $pconfig['target']) echo "selected"; ?>>
657
									<?=htmlspecialchars("{$snip} ({$sn['descr']})");?>
658
								</option>
659
<?php
660
											endfor;
661
?>
662
<?php
663
										else:
664
?>
665
								<option value="<?=$sn['subnet'];?>" <?php if ($sn['subnet'] == $pconfig['target']) echo "selected=\"selected\""; ?>>
666
									<?=htmlspecialchars("{$sn['subnet']} ({$sn['descr']})");?>
667
								</option>
668
<?php
669
										endif;
670
									endforeach;
671
								endif;
672
								foreach ($a_aliases as $alias):
673
									if ($alias['type'] != "host")
674
										continue;
675
?>
676
								<option value="<?=$alias['name'];?>" <?php if ($alias['name'] == $pconfig['target']) echo "selected=\"selected\""; ?>>
677
									<?=htmlspecialchars("Host Alias: {$alias['name']} ({$alias['descr']})");?>
678
								</option>
679
<?php
680
								endforeach;
681
?>
682
								<option value="other-subnet"<?php if($pconfig['target'] == "other-subnet") echo " selected=\"selected\""; ?>>
683
									<?=gettext("Other Subnet (Enter Below)");?>
684
								</option>
685
							</select>
686
						</td>
687
					</tr>
688

    
689
					<tr id="target_network">
690
						<td><?=gettext("Other Subnet:");?>&nbsp;&nbsp;</td>
691
						<td>
692
							<input name="targetip" type="text" class="formfld unknown" id="targetip" size="20" value="<?=htmlspecialchars($pconfig['targetip']);?>" />/
693
							<select name="targetip_subnet" class="formfld" id="targetip_subnet">
694
<?php
695
							for ($i = 32; $i >= 0; $i--):
696
?>
697
								<option value="<?=$i;?>"<?php if ($i == $pconfig['targetip_subnet']) echo " selected=\"selected\""; ?>><?=$i;?></option>
698
<?php
699
							endfor;
700
?>
701
							</select>
702
						</td>
703
					</tr>
704

    
705
					<tr>
706
						<td>&nbsp;</td>
707
						<td>
708
							<span class="vexpl"><?=gettext("Packets matching this rule will be mapped to the IP address given here.");?><br />
709
								<?=gettext("If you want this rule to apply to another IP address rather than the IP address of the interface chosen above, ".
710
								"select it here (you will need to define ");?>
711
								<a href="firewall_virtual_ip.php"><?=gettext("Virtual IP");?></a>
712
								<?=gettext("addresses on the interface first).");?>
713
							</span><br />
714
						</td>
715
					</tr>
716
					<tr id="poolopts_tr">
717
						<td valign="top">Pool Options</td>
718
						<td>
719
							<select name="poolopts" id="poolopts">
720
								<option value="" <?php if ($pconfig['poolopts'] == "") echo "selected=\"selected\""; ?>>
721
									<?=htmlspecialchars("Default");?>
722
								</option>
723
								<option value="round-robin" <?php if ($pconfig['poolopts'] == "round-robin") echo "selected=\"selected\""; ?>>
724
									<?=htmlspecialchars("Round Robin");?>
725
								</option>
726
								<option value="round-robin sticky-address" <?php if ($pconfig['poolopts'] == "round-robin sticky-address") echo "selected=\"selected\""; ?>>
727
									<?=htmlspecialchars("Round Robin with Sticky Address");?>
728
								</option>
729
								<option value="random" <?php if ($pconfig['poolopts'] == "random") echo "selected=\"selected\""; ?>>
730
									<?=htmlspecialchars("Random");?>
731
								</option>
732
								<option value="random sticky-address" <?php if ($pconfig['poolopts'] == "random sticky-address") echo "selected=\"selected\""; ?>>
733
									<?=htmlspecialchars("Random with Sticky Address");?>
734
								</option>
735
								<option value="source-hash" <?php if ($pconfig['poolopts'] == "source-hash") echo "selected=\"selected\""; ?>>
736
									<?=htmlspecialchars("Source Hash");?>
737
								</option>
738
								<option value="bitmask" <?php if ($pconfig['poolopts'] == "bitmask") echo "selected=\"selected\""; ?>>
739
									<?=htmlspecialchars("Bitmask");?>
740
								</option>
741
							</select>
742
							<br />
743
							<span class="vexpl">
744
								<?=gettext("Only Round Robin types work with Host Aliases. Any type can be used with a Subnet.");?><br />
745
								* <?=gettext("Round Robin: Loops through the translation addresses.");?><br />
746
								* <?=gettext("Random: Selects an address from the translation address pool at random.");?><br />
747
								* <?=gettext("Source Hash: Uses a hash of the source address to determine the translation address, ensuring that the redirection address is always the same for a given source.");?><br />
748
								* <?=gettext("Bitmask: Applies the subnet mask and keeps the last portion identical; 10.0.1.50 -&gt; x.x.x.50.");?><br />
749
								* <?=gettext("Sticky Address: The Sticky Address option can be used with the Random and Round Robin pool types to ensure that a particular source address is always mapped to the same translation address.");?><br />
750
							</span><br />
751
						</td>
752
					</tr>
753
					<tr name="tport_tr" id="tport_tr">
754
						<td><?=gettext("Port:");?>&nbsp;&nbsp;</td>
755
						<td>
756
							<input name="natport" type="text" class="formfld unknown" id="natport" size="5" value="<?=htmlspecialchars($pconfig['natport']);?>" />
757
						</td>
758
					</tr>
759
					<tr name="tporttext_tr" id="tporttext_tr">
760
						<td>&nbsp;</td>
761
						<td>
762
							<span class="vexpl"><?=gettext("Enter the source port for the outbound NAT mapping.");?></span>
763
						</td>
764
					</tr>
765
					<tr name="tportstatic_tr" id="tportstatic_tr">
766
						<td><?=gettext("Static-port:");?>&nbsp;&nbsp;</td>
767
						<td><input onchange="staticportchange();" name="staticnatport" type="checkbox" class="formfld" id="staticnatport" size="5"<?php if($pconfig['staticnatport']) echo " checked=\"checked\"";?> /></td>
768
					</tr>
769
				</table>
770
			</td>
771
		</tr>
772
		<tr>
773
			<td width="22%" valign="top" class="vncell"><?=gettext("No XMLRPC Sync");?></td>
774
			<td width="78%" class="vtable">
775
				<input value="yes" name="nosync" type="checkbox" class="formfld" id="nosync"<?php if($pconfig['nosync']) echo " checked=\"checked\""; ?> /><br />
776
				<?=gettext("Hint: This prevents the rule on Master from automatically syncing to other CARP members. This does NOT prevent the rule from being overwritten on Slave.");?>
777
			</td>
778
		</tr>
779
		<tr>
780
			<td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td>
781
			<td width="78%" class="vtable">
782
				<input name="descr" type="text" class="formfld unknown" id="descr" size="40" value="<?=htmlspecialchars($pconfig['descr']);?>" />
783
				<br />
784
				<span class="vexpl"><?=gettext("You may enter a description here for your reference (not parsed).");?></span>
785
			</td>
786
		</tr>
787
<?php
788
	$has_created_time = (isset($a_out[$id]['created']) && is_array($a_out[$id]['created']));
789
	$has_updated_time = (isset($a_out[$id]['updated']) && is_array($a_out[$id]['updated']));
790
	if ($has_created_time || $has_updated_time):
791
?>
792
		<tr>
793
			<td>&nbsp;</td>
794
		</tr>
795
		<tr>
796
			<td colspan="2" valign="top" class="listtopic"><?=gettext("Rule Information");?></td>
797
		</tr>
798
<?php
799
		if ($has_created_time):
800
?>
801
		<tr>
802
			<td width="22%" valign="top" class="vncell"><?=gettext("Created");?></td>
803
			<td width="78%" class="vtable">
804
				<?= date(gettext("n/j/y H:i:s"), $a_out[$id]['created']['time']) ?> <?= gettext("by") ?> <strong><?= $a_out[$id]['created']['username'] ?></strong>
805
			</td>
806
		</tr>
807
<?php
808
		endif;
809

    
810
		if ($has_updated_time):
811
?>
812
		<tr>
813
			<td width="22%" valign="top" class="vncell"><?=gettext("Updated");?></td>
814
			<td width="78%" class="vtable">
815
				<?= date(gettext("n/j/y H:i:s"), $a_out[$id]['updated']['time']) ?> <?= gettext("by") ?> <strong><?= $a_out[$id]['updated']['username'] ?></strong>
816
			</td>
817
		</tr>
818
<?php
819
		endif;
820
	endif;
821
	// Allow extending of the firewall edit page and include custom input validation 
822
	pfSense_handle_custom_code("/usr/local/pkg/firewall_aon/htmlphplate");
823
?>
824
		<tr>
825
			<td width="22%" valign="top">&nbsp;</td>
826
			<td width="78%">
827
				<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
828
				<input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
829
<?php
830
			if (isset($id) && $a_out[$id]):
831
?>
832
				<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
833
<?php
834
			endif;
835
?>
836
				<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" />
837
			</td>
838
		</tr>
839
	</table>
840
</form>
841
<script type="text/javascript">
842
//<![CDATA[
843
	sourcesel_change();
844
	typesel_change();
845
	staticportchange();
846
	nonat_change();
847
	proto_change();
848
	poolopts_change();
849

    
850
	var addressarray = <?= json_encode(get_alias_list(array("host", "network", "openvpn", "urltable"))) ?>;
851
	var customarray  = <?= json_encode(get_alias_list(array("port", "url_ports", "urltable_ports"))) ?>;
852

    
853
	var oTextbox1 = new AutoSuggestControl(document.getElementById("source"), new StateSuggestions(addressarray));
854
	var oTextbox2 = new AutoSuggestControl(document.getElementById("sourceport"), new StateSuggestions(customarray));
855
	var oTextbox3 = new AutoSuggestControl(document.getElementById("destination"), new StateSuggestions(addressarray));
856
	var oTextbox4 = new AutoSuggestControl(document.getElementById("dstport"), new StateSuggestions(customarray));
857
//]]>
858
</script>
859
<?php include("fend.inc"); ?>
860
</body>
861
</html>
(70-70/256)