lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-18 10:35:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

(filter) move antispoof out of the way

Browse Source
This commit is contained in:
Ad Schellevis 2016-11-03 15:08:25 +01:00
parent 15a1895124
commit 0b4131752a
1 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/etc/inc/filter.inc
View File

@ -411,7 +411,8 @@ function filter_configure_sync()
}
update_filter_reload_status(gettext("Generating filter rules"));
/* generate pfctl rules */
$pfrules = filter_rules_generate($FilterIflist);
$pfrules = filter_rules_legacy($FilterIflist);
$pfrules .= filter_rules_generate($FilterIflist);
if (file_exists("/var/run/booting")) {
echo ".";
}
@ -2484,6 +2485,30 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
return $line;
}
function filter_rules_legacy(&$FilterIflist)
{
global $config;
$log = array();
$log['block'] = !isset($config['syslog']['nologdefaultblock']) ? "log" : "";
$ipfrules = "";
$isbridged = false;
if (isset($config['bridges']['bridged'])) {
foreach ($config['bridges']['bridged'] as $oc2) {
if (stristr($oc2['members'], $on)) {
$isbridged = true;
break;
}
}
}
foreach ($FilterIflist as $on => $oc) {
if ($oc['ip'] && !($isbridged) && !isset($oc['internal_dynamic'])) {
$ipfrules .= "antispoof {$log['block']} for {$oc['if']} \n";
}
}
return $ipfrules;
}
function filter_rules_generate(&$FilterIflist)
{
global $config, $GatewaysList;
@ -2517,19 +2542,6 @@ EOD;
}
$isbridged = false;
if (isset($config['bridges']['bridged'])) {
foreach ($config['bridges']['bridged'] as $oc2) {
if (stristr($oc2['members'], $on)) {
$isbridged = true;
break;
}
}
}
if ($oc['ip'] && !($isbridged) && !isset($oc['internal_dynamic'])) {
$ipfrules .= "antispoof {$log['block']} for \${$oc['descr']} \n";
}
switch (isset($oc['type']) ? $oc['type'] : null) {