From cbc09e7c5af4e051c76ba2b420a2d8beaa2a4a19 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 4 Feb 2026 17:58:07 +0100
Subject: [PATCH] firewall: well known ports added to filter rule selection;
 closes #9692

---
 .../Firewall/Api/FilterBaseController.php     | 30 +++++++++++++++----
 .../OPNsense/Base/FieldTypes/PortField.php    | 13 ++++++--
 2 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
index 53ddb9da38..01bbfd46f3 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
- * Copyright (C) 2020 Deciso B.V.
+ * Copyright (C) 2020-2026 Deciso B.V.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,9 +25,11 @@
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
+
 namespace OPNsense\Firewall\Api;
 
 use OPNsense\Base\ApiMutableModelControllerBase;
+use OPNsense\Base\FieldTypes\PortField;
 use OPNsense\Base\UserException;
 use OPNsense\Core\Backend;
 use OPNsense\Core\Config;
@@ -210,21 +212,37 @@ abstract class FilterBaseController extends ApiMutableModelControllerBase
     {
         $result = [
             'single' => [
-                'label' => gettext("Single port or range"),
+                'label' => gettext('Single port or range'),
             ],
             'aliases' => [
-                'label' => gettext("Aliases"),
+                'label' => gettext('Aliases'),
                 'items' => [],
             ],
-            // XXX: Well known ports could be gathered from /etc/services but there is a lot of noise
             'ports' => [
-                'label' => gettext("Ports"),
+                'label' => gettext('Ports'),
                 'items' => [
-                    "" => gettext("any"),
+                    '' => gettext('any'),
                 ],
             ],
         ];
 
+        /*
+         * XXX Eventually it might make more sense to instantate the
+         * actual protocol fields of the rules in order to get the full
+         * list of options in one go (modifying the model XML to
+         * automatically get the correct values).
+         *
+         * This works using e.g.
+         *   (new Filter())->rules->rule->getTemplateNode()->source_port
+         * but loads all rules as a side effect if they exist which we
+         * want to avoid and raises the question how we're going to deal
+         * with every field's own setup as we can't simply derive one
+         * field's accepted values for another.
+         */
+        foreach (PortField::getWellKnown() as $port) {
+            $result['ports']['items'][$port] = strtoupper($port);
+        }
+
         foreach ((new Alias())->aliases->alias->iterateItems() as $alias) {
             if ($alias->type == 'internal') {
                 /* currently only used for legacy bindings, align with legacy_list_aliases() usage */
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/PortField.php b/src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/PortField.php
index 2a1098aa82..89dfe6b30b 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/PortField.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/PortField.php
@@ -1,7 +1,7 @@
 <?php
 
 /*
- * Copyright (C) 2015-2020 Deciso B.V.
+ * Copyright (C) 2015-2026 Deciso B.V.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -39,7 +39,7 @@ class PortField extends BaseListField
     /**
      * @var array list of well known services
      */
-    private static $wellknownservices = [
+    protected static $wellknownservices = [
         'cvsup',
         'domain',
         'ftp',
@@ -107,6 +107,15 @@ class PortField extends BaseListField
      */
     private $enableAlias = false;
 
+    /**
+     * get the list of well known services
+     * @return array service names
+     */
+    public static function getWellKnown()
+    {
+        return self::$wellknownservices;
+    }
+
     /**
      * generate validation data (list of port numbers and well know ports)
      */