mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-17 01:54:49 +00:00
firewall: remove non-standard dscp feature
FreeBSD never implemented this. OpenBSD did it differently and more consequently: the `tos' tag of pf.conf(4) was properly extended and their pf(4) can only be used to set the DSCP bit for symmetry and general usefulness. Until this comes back around to FreeBSD, we'll leave it out.
This commit is contained in:
Franco Fichtner
parent
93be8b94b6
commit
68bb3fa5c3
@ -2415,7 +2415,7 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
|
||||
$int = "";
|
||||
$aline = array();
|
||||
// initialize array with empty tags
|
||||
foreach (array('schedlabel','divert','icmp-type','icmp6-type','tag','tagged','dscp','route','os','reply','prot','log') as $tag) {
|
||||
foreach (array('schedlabel','divert','icmp-type','icmp6-type','tag','tagged','route','os','reply','prot','log') as $tag) {
|
||||
$aline[$tag] = "";
|
||||
}
|
||||
|
||||
@ -2591,19 +2591,6 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
|
||||
if (!empty($rule['tagged'])) {
|
||||
$aline['tagged'] = " tagged " .$rule['tagged'] . " ";
|
||||
}
|
||||
if (!empty($rule['dscp'])) {
|
||||
switch (strtolower($rule['dscp'])) {
|
||||
case 'va': $aline['dscp'] = " dscp 44 "; break;
|
||||
case 'cs1': $aline['dscp'] = " dscp 8 "; break;
|
||||
case 'cs2': $aline['dscp'] = " dscp 16 "; break;
|
||||
case 'cs3': $aline['dscp'] = " dscp 24 "; break;
|
||||
case 'cs4': $aline['dscp'] = " dscp 32 "; break;
|
||||
case 'cs5': $aline['dscp'] = " dscp 40 "; break;
|
||||
case 'cs6': $aline['dscp'] = " dscp 48 "; break;
|
||||
case 'cs7': $aline['dscp'] = " dscp 56 "; break;
|
||||
default: $aline['dscp'] = " dscp " . $rule['dscp'] . " "; break;
|
||||
}
|
||||
}
|
||||
$aline['allowopts'] = "";
|
||||
if ($type == "pass") {
|
||||
if (isset($rule['allowopts'])) {
|
||||
@ -2765,13 +2752,13 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
|
||||
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] .
|
||||
$aline['interface'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] .
|
||||
$negate_networks . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] .
|
||||
$aline['dscp'] . $aline['allowopts'] . $aline['flags'] . $aline['schedlabel'] .
|
||||
$aline['allowopts'] . $aline['flags'] . $aline['schedlabel'] .
|
||||
" label \"NEGATE_ROUTE: Negate policy routing for destination\"\n";
|
||||
}
|
||||
/* piece together the actual user rule */
|
||||
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] .
|
||||
$aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] .
|
||||
$aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] .
|
||||
$aline['divert'] . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['tagged'] .
|
||||
$aline['allowopts'] . $aline['flags'] . $aline['schedlabel'];
|
||||
|
||||
unset($aline);
|
||||
|
||||
@ -3274,24 +3274,6 @@ function upgrade_105_to_106() {
|
||||
}
|
||||
}
|
||||
|
||||
function upgrade_108_to_109()
|
||||
{
|
||||
global $config;
|
||||
|
||||
if (!isset($config['filter']['rule']) || !is_array($config['filter']['rule']))
|
||||
return;
|
||||
|
||||
foreach ($config['filter']['rule'] as &$rule) {
|
||||
if (!isset($rule['dscp']) || empty($rule['dscp']))
|
||||
continue;
|
||||
|
||||
$pos = strpos($rule['dscp'], ' ');
|
||||
if ($pos !== false)
|
||||
$rule['dscp'] = substr($rule['dscp'], 0, $pos);
|
||||
unset($pos);
|
||||
}
|
||||
}
|
||||
|
||||
function upgrade_109_to_110()
|
||||
{
|
||||
global $config;
|
||||
|
||||
@ -148,7 +148,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
}
|
||||
|
||||
// define form fields
|
||||
$config_fields = array('interface','type','direction','ipprotocol','protocol','icmptype','os','dscp','disabled','log'
|
||||
$config_fields = array('interface','type','direction','ipprotocol','protocol','icmptype','os','disabled','log'
|
||||
,'descr','tcpflags_any','tcpflags1','tcpflags2','tag','tagged','quick','allowopts'
|
||||
,'disablereplyto','max','max-src-nodes','max-src-conn','max-src-states','statetype'
|
||||
,'statetimeout','nopfsync','nosync','max-src-conn-rate','max-src-conn-rates','gateway','sched'
|
||||
@ -412,7 +412,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$filterent = array();
|
||||
// 1-on-1 copy of form values
|
||||
$copy_fields = array('type', 'interface', 'ipprotocol', 'tag', 'tagged', 'max', 'max-src-nodes'
|
||||
, 'max-src-conn', 'max-src-states', 'statetimeout', 'statetype', 'os', 'dscp', 'descr', 'gateway'
|
||||
, 'max-src-conn', 'max-src-states', 'statetimeout', 'statetype', 'os', 'descr', 'gateway'
|
||||
, 'sched', 'associated-rule-id', 'direction', 'quick'
|
||||
, 'max-src-conn-rate', 'max-src-conn-rates') ;
|
||||
|
||||
@ -1168,23 +1168,6 @@ include("head.inc");
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Diffserv Code Point");?></td>
|
||||
<td>
|
||||
<select name="dscp" class="selectpicker" data-live-search="true" data-size="5" data-width="auto">
|
||||
<option value=""><?=gettext("none");?></option>
|
||||
<?php
|
||||
$firewall_rules_dscp_types = array("af11","af12","af13","af21","af22","af23","af31","af32","af33","af41"
|
||||
,"af42","af43","VA","EF","cs1","cs2","cs3","cs4","cs5","cs6","cs7","0x01","0x02","0x04");
|
||||
foreach($firewall_rules_dscp_types as $frdt):?>
|
||||
<option value="<?=$frdt?>"<?= $pconfig['dscp'] == $frdt ? " selected=\"selected\"" :""; ?>>
|
||||
<?=$frdt?>
|
||||
</option>
|
||||
<?php
|
||||
endforeach; ?>
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a id="help_for_nosync" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("No XMLRPC Sync"); ?></td>
|
||||
<td>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user