mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-14 16:44:39 +00:00
additional cleanup pf tracker feature
This commit is contained in:
Ad Schellevis
parent
e8cfc0ffaf
commit
5640547a4b
@ -447,7 +447,6 @@
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<descr><![CDATA[Default allow LAN to any rule]]></descr>
|
||||
<interface>lan</interface>
|
||||
<tracker>0100000101</tracker>
|
||||
<source>
|
||||
<network>lan</network>
|
||||
</source>
|
||||
@ -460,7 +459,6 @@
|
||||
<ipprotocol>inet6</ipprotocol>
|
||||
<descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
|
||||
<interface>lan</interface>
|
||||
<tracker>0100000102</tracker>
|
||||
<source>
|
||||
<network>lan</network>
|
||||
</source>
|
||||
|
||||
@ -144,7 +144,6 @@ function parse_filter_line($line) {
|
||||
$flent['rulenum'] = $rule_data[$field++];
|
||||
$flent['subrulenum'] = $rule_data[$field++];
|
||||
$flent['anchor'] = $rule_data[$field++];
|
||||
$flent['tracker'] = $rule_data[$field++];
|
||||
$flent['realint'] = $rule_data[$field++];
|
||||
$flent['interface'] = convert_real_interface_to_friendly_descr($flent['realint']);
|
||||
$flent['reason'] = $rule_data[$field++];
|
||||
@ -277,17 +276,14 @@ function get_port_with_service($port, $proto) {
|
||||
return ':' . $portstr;
|
||||
}
|
||||
|
||||
function find_rule_by_number($rulenum, $trackernum, $type="block") {
|
||||
function find_rule_by_number($rulenum, $type="block") {
|
||||
global $g;
|
||||
|
||||
/* Passing arbitrary input to grep could be a Very Bad Thing(tm) */
|
||||
if (!is_numeric($rulenum) || !is_numeric($trackernum) || !in_array($type, array('pass', 'block', 'match', 'rdr')))
|
||||
if (!is_numeric($rulenum) || !in_array($type, array('pass', 'block', 'match', 'rdr')))
|
||||
return;
|
||||
|
||||
if ($trackernum == "0")
|
||||
$lookup_pattern = "^@{$rulenum}\([0-9]+\)[[:space:]]{$type}[[:space:]].*[[:space:]]log[[:space:]]";
|
||||
else
|
||||
$lookup_pattern = "^@[0-9]+\({$trackernum}\)[[:space:]]{$type}[[:space:]].*[[:space:]]log[[:space:]]";
|
||||
$lookup_pattern = "^@{$rulenum}\([0-9]+\)[[:space:]]{$type}[[:space:]].*[[:space:]]log[[:space:]]";
|
||||
|
||||
/* At the moment, miniupnpd is the only thing I know of that
|
||||
generates logging rdr rules */
|
||||
@ -330,13 +326,9 @@ function buffer_rules_load() {
|
||||
if (is_array($buffer)) {
|
||||
foreach ($buffer as $line) {
|
||||
list($key, $value) = explode (" ", $line, 2);
|
||||
# pfctl rule number output with tracker number: @dd(dddddddddd)
|
||||
$matches = array();
|
||||
if (preg_match('/\@(?P<rulenum>\d+)\((?<trackernum>\d+)\)/', $key, $matches) == 1) {
|
||||
if ($matches['trackernum'] > 0)
|
||||
$key = $matches['trackernum'];
|
||||
else
|
||||
$key = "@{$matches['rulenum']}";
|
||||
if (preg_match('/\@(?P<rulenum>\d+)\)/', $key, $matches) == 1) {
|
||||
$key = "@{$matches['rulenum']}";
|
||||
}
|
||||
$buffer_rules_normal[$key] = $value;
|
||||
}
|
||||
@ -349,13 +341,10 @@ function buffer_rules_clear() {
|
||||
unset($GLOBALS['buffer_rules_rdr']);
|
||||
}
|
||||
|
||||
function find_rule_by_number_buffer($rulenum, $trackernum, $type){
|
||||
function find_rule_by_number_buffer($rulenum, $type){
|
||||
global $g, $buffer_rules_rdr, $buffer_rules_normal;
|
||||
|
||||
if ($trackernum == "0")
|
||||
$lookup_key = "@{$rulenum}";
|
||||
else
|
||||
$lookup_key = $trackernum;
|
||||
$lookup_key = "@{$rulenum}";
|
||||
|
||||
if ($type == "rdr") {
|
||||
$ruleString = $buffer_rules_rdr[$lookup_key];
|
||||
|
||||
@ -3307,27 +3307,6 @@ function upgrade_105_to_106() {
|
||||
function upgrade_106_to_107() {
|
||||
global $config;
|
||||
|
||||
if (is_array($config['filter']) && is_array($config['filter']['rule'])) {
|
||||
$tracker = (int)microtime(true);
|
||||
foreach ($config['filter']['rule'] as $ridx => $rule) {
|
||||
if (empty($rule['tracker'])) {
|
||||
$config['filter']['rule'][$ridx]['tracker'] = $tracker;
|
||||
$tracker++;
|
||||
}
|
||||
}
|
||||
unset($tracker, $ridx);
|
||||
}
|
||||
if (is_array($config['nat']) && is_array($config['nat']['rule'])) {
|
||||
$tracker = (int)microtime(true);
|
||||
foreach ($config['nat']['rule'] as $ridx => $rule) {
|
||||
if (empty($rule['tracker'])) {
|
||||
$config['nat']['rule'][$ridx]['tracker'] = $tracker;
|
||||
$tracker++;
|
||||
}
|
||||
|
||||
}
|
||||
unset($tracker, $ridx);
|
||||
}
|
||||
}
|
||||
|
||||
function upgrade_107_to_108() {
|
||||
|
||||
@ -69,8 +69,8 @@ function getGETPOSTsettingvalue($settingname, $default)
|
||||
|
||||
$rulenum = getGETPOSTsettingvalue('getrulenum', null);
|
||||
if($rulenum) {
|
||||
list($rulenum, $tracker, $type) = explode(',', $rulenum);
|
||||
$rule = find_rule_by_number($rulenum, $tracker, $type);
|
||||
list($rulenum, $type) = explode(',', $rulenum);
|
||||
$rule = find_rule_by_number($rulenum, $type);
|
||||
echo gettext("The rule that triggered this action is") . ":\n\n{$rule}";
|
||||
exit;
|
||||
}
|
||||
@ -326,7 +326,7 @@ include("head.inc");
|
||||
$rowIndex++;?>
|
||||
<tr class="<?=$evenRowClass?>">
|
||||
<td class="listMRlr nowrap" align="center" sorttable_customkey="<?=$filterent['act']?>">
|
||||
<a onclick="javascript:getURL('diag_logs_filter.php?getrulenum=<?php echo "{$filterent['rulenum']},{$filterent['tracker']},{$filterent['act']}"; ?>', outputrule);" title="<?php echo $filterent['act'] .'/'. $filterent['tracker'];?>"><span class="glyphicon glyphicon-remove"></span></a></td>
|
||||
<a onclick="javascript:getURL('diag_logs_filter.php?getrulenum=<?php echo "{$filterent['rulenum']},{$filterent['act']}"; ?>', outputrule);" title="<?php echo $filterent['act'] .'/';?>"><span class="glyphicon glyphicon-remove"></span></a></td>
|
||||
<?php if ($filterent['count']) echo $filterent['count'];?></a></center></td>
|
||||
<td class="listMRr nowrap"><?php echo htmlspecialchars($filterent['time']);?></td>
|
||||
<td class="listMRr nowrap">
|
||||
@ -336,7 +336,7 @@ include("head.inc");
|
||||
<?php echo htmlspecialchars($filterent['interface']);?></td>
|
||||
<?php
|
||||
if ($config['syslog']['filterdescriptions'] === "1")
|
||||
echo("<td class=\"listMRr nowrap\">".find_rule_by_number_buffer($filterent['rulenum'],$filterent['tracker'],$filterent['act'])."</td>");
|
||||
echo("<td class=\"listMRr nowrap\">".find_rule_by_number_buffer($filterent['rulenum'],$filterent['act'])."</td>");
|
||||
|
||||
$int = strtolower($filterent['interface']);
|
||||
$proto = strtolower($filterent['proto']);
|
||||
@ -374,7 +374,7 @@ include("head.inc");
|
||||
<?php if (isset($config['syslog']['filterdescriptions']) && $config['syslog']['filterdescriptions'] === "2"):?>
|
||||
<tr class="<?=$evenRowClass?>">
|
||||
<td colspan="2" class="listMRDescriptionL listMRlr" />
|
||||
<td colspan="4" class="listMRDescriptionR listMRr nowrap"><?=find_rule_by_number_buffer($filterent['rulenum'],$filterent['tracker'],$filterent['act']);?></td>
|
||||
<td colspan="4" class="listMRDescriptionR listMRr nowrap"><?=find_rule_by_number_buffer($filterent['rulenum'],$filterent['act']);?></td>
|
||||
</tr>
|
||||
<?php endif;
|
||||
endforeach;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user