Skip to content

Commit

Permalink
firewall: add fields to model and mark todo's for opnsense#1720
Browse files Browse the repository at this point in the history
  • Loading branch information
@AdSchellevis
AdSchellevis committed Mar 10, 2020
1 parent 81f254b commit 09c84d7
Show file tree
Hide file tree
Showing 2 changed files with 185 additions and 0 deletions.
90 changes: 90 additions & 0 deletions net/firewall/src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,96 @@
<label>Sequence</label>
<type>text</type>
</field>
<field>
<id>rule.action</id>
<label>Action</label>
<type>dropdown</type>
<help>Choose what to do with packets that match the criteria specified below.
Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded.
</help>
</field>
<field>
<id>rule.quick</id>
<label>Quick</label>
<type>checkbox</type>
<help>
If a packet matches a rule specifying quick, then that rule is considered the last matching rule and the specified action is taken.
When a rule does not have quick enabled, the last matching rule wins.
</help>
</field>
<field>
<id>rule.interface</id>
<label>Interface</label>
<type>select_multiple</type>
</field>
<field>
<id>rule.direction</id>
<label>Direction</label>
<type>dropdown</type>
<help>
Direction of the traffic. The default policy is to filter inbound traffic, which sets the policy to the interface originally receiving the traffic.
</help>
</field>
<field>
<id>rule.ipprotocol</id>
<label>TCP/IP Version</label>
<type>dropdown</type>
</field>
<field>
<id>rule.protocol</id>
<label>Protocol</label>
<type>dropdown</type>
</field>
<field>
<id>rule.source_net</id>
<label>Source</label>
<type>text</type>
</field>
<field>
<id>rule.source_port</id>
<label>Source port</label>
<type>text</type>
<advanced>true</advanced>
<help>Source port number or well known name (imap, imaps, http, https, ...), for ranges use a dash</help>
</field>
<field>
<id>rule.source_not</id>
<label>Source / Invert</label>
<type>checkbox</type>
<help>Use this option to invert the sense of the match.</help>
</field>
<field>
<id>rule.destination_net</id>
<label>Destination</label>
<type>text</type>
</field>
<field>
<id>rule.destination_not</id>
<label>Destination / Invert</label>
<type>checkbox</type>
<help>Use this option to invert the sense of the match.</help>
</field>
<field>
<id>rule.destination_port</id>
<label>Destination port</label>
<type>text</type>
<help>Destination port number or well known name (imap, imaps, http, https, ...), for ranges use a dash</help>
</field>
<field>
<id>rule.gateway</id>
<label>Gateway</label>
<type>dropdown</type>
<help>
Leave as 'default' to use the system routing table. Or choose a gateway to utilize policy based routing.
</help>
</field>
<field>
<id>rule.log</id>
<label>Log</label>
<type>checkbox</type>
<help>Log packets that are handled by this rule</help>
</field>

<field>
<id>rule.description</id>
<label>Description</label>
Expand Down
95 changes: 95 additions & 0 deletions net/firewall/src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,101 @@
<Required>Y</Required>
<default>1</default>
</sequence>
<action type="OptionField">
<Required>Y</Required>
<default>pass</default>
<OptionValues>
<pass>Pass</pass>
<block>Block</block>
<reject>Reject</reject>
</OptionValues>
</action>
<quick type="BooleanField">
<default>1</default>
<Required>Y</Required>
</quick>
<interface type="InterfaceField">
<Required>Y</Required>
<multiple>Y</multiple>
<default>lan</default>
</interface>
<direction type="OptionField">
<Required>Y</Required>
<default>in</default>
<OptionValues>
<in>In</in>
<out>Out</out>
</OptionValues>
</direction>
<ipprotocol type="OptionField">
<Required>Y</Required>
<default>inet</default>
<OptionValues>
<inet>IPv4</inet>
<inet6>IPv6</inet6>
</OptionValues>
</ipprotocol>
<!--
XXX: needs new field type
-->
<protocol type="OptionField">
<Required>Y</Required>
<default>any</default>
<OptionValues>
<any>any</any>
<tcp>TCP</tcp>
<udp>UDP</udp>
</OptionValues>
</protocol>
<!--
XXX: needs a new field type to validate aliases as well
should map internally to 'source' => array('network' => $source_net, "not" => true|false),
-->
<source_net type="NetworkField">
<default>any</default>
<Required>Y</Required>
</source_net>
<source_not type="BooleanField">
<default>0</default>
<Required>Y</Required>
</source_not>
<!-- XXX: known limitation, aliases not supported by PortField -->
<source_port type="PortField">
<Required>N</Required>
<EnableWellKnown>Y</EnableWellKnown>
<EnableRanges>Y</EnableRanges>
<ValidationMessage>Please specify a valid port number, range or known service name</ValidationMessage>
</source_port>
<!--
XXX: needs a new field type to validate aliases as well
should map internally to 'source' => array('destination' => destination_net, "not" => true|false),
-->
<destination_net type="NetworkField">
<default>any</default>
<Required>Y</Required>
</destination_net>
<destination_not type="BooleanField">
<default>0</default>
<Required>Y</Required>
</destination_not>
<!-- XXX: known limitation, aliases not supported by PortField -->
<destination_port type="PortField">
<Required>N</Required>
<EnableWellKnown>Y</EnableWellKnown>
<EnableRanges>Y</EnableRanges>
<ValidationMessage>Please specify a valid port number, range or known service name</ValidationMessage>
</destination_port>
<gateway type="JsonKeyValueStoreField">
<Required>N</Required>
<ConfigdPopulateAct>interface gateways list</ConfigdPopulateAct>
<SourceFile>/tmp/gateway_list.json</SourceFile>
<ConfigdPopulateTTL>20</ConfigdPopulateTTL>
<ValidationMessage>Specify a valid gateway from the list matching the networks ip protocol.</ValidationMessage>
</gateway>
<log type="BooleanField">
<default>0</default>
<Required>Y</Required>
</log>
<description type="TextField">
<Required>N</Required>
<mask>/^([\t\n\v\f\r 0-9a-zA-Z.\-,_\x{00A0}-\x{FFFF}]){0,255}$/u</mask>
Expand Down

0 comments on commit 09c84d7

Please sign in to comment.