From 79636d4ae92c7ef6fdd100e272447657983e6c9a Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Sun, 31 May 2015 19:16:41 +0200 Subject: [PATCH] (ipfw) move ipfw into standard rc system and move config locations --- src/etc/rc.ipfw | 31 +++++++++++++++++++ .../service/conf/actions.d/actions_ipfw.conf | 2 +- .../service/templates/OPNsense/IPFW/+TARGETS | 3 +- .../service/templates/OPNsense/IPFW/ipfw.conf | 6 ++-- .../service/templates/OPNsense/IPFW/rc.conf.d | 11 +++++++ 5 files changed, 49 insertions(+), 4 deletions(-) create mode 100755 src/etc/rc.ipfw create mode 100644 src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d diff --git a/src/etc/rc.ipfw b/src/etc/rc.ipfw new file mode 100755 index 000000000..73d72d9f2 --- /dev/null +++ b/src/etc/rc.ipfw @@ -0,0 +1,31 @@ +#!/bin/sh +# Copyright (c) 2015 Deciso B.V. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, +# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +# script to glue standard ipfw rc scripting to OPNsense ruleset +# see auto generated file /etc/rc.conf.d/ipfw for details + +# reload ipfw rules +/sbin/ipfw -f /usr/local/etc/ipfw.rules + diff --git a/src/opnsense/service/conf/actions.d/actions_ipfw.conf b/src/opnsense/service/conf/actions.d/actions_ipfw.conf index bf6c52154..147b21a0f 100644 --- a/src/opnsense/service/conf/actions.d/actions_ipfw.conf +++ b/src/opnsense/service/conf/actions.d/actions_ipfw.conf @@ -1,5 +1,5 @@ [reload] -command:/sbin/ipfw -f /tmp/ipfw.rules +command:/etc/rc.d/ipfw start parameters: type:script message:restarting ipfw diff --git a/src/opnsense/service/templates/OPNsense/IPFW/+TARGETS b/src/opnsense/service/templates/OPNsense/IPFW/+TARGETS index 052ff4b77..af36fcd5c 100644 --- a/src/opnsense/service/templates/OPNsense/IPFW/+TARGETS +++ b/src/opnsense/service/templates/OPNsense/IPFW/+TARGETS @@ -1 +1,2 @@ -ipfw.conf:/tmp/ipfw.rules +rc.conf.d:/etc/rc.conf.d/ipfw +ipfw.conf:/usr/local/etc/ipfw.rules diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf index 8bca6cbbd..d6bdb5050 100644 --- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf +++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf @@ -6,8 +6,10 @@ {% set is_cp=[] %} {% for cp_key,cp_item in captiveportal.iteritems() %} {% if intf_key == cp_item.interface and interface.ipaddr != 'dhcp' %} -{% do cp_interface_list.append({'zone':cp_key,'zoneid':cp_item.zoneid,'if':interface.if}) %} -{% do is_cp.append(1) %} +{% if cp_item.enable|default('0') == '1' %} +{% do cp_interface_list.append({'zone':cp_key,'zoneid':cp_item.zoneid,'if':interface.if}) %} +{% do is_cp.append(1) %} +{% endif %} {% endif %} {% endfor %} {% if not is_cp%} diff --git a/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d b/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d new file mode 100644 index 000000000..d113c7058 --- /dev/null +++ b/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d @@ -0,0 +1,11 @@ +{% set cp_zones = [] %} +{% if helpers.exists('captiveportal') %} +{% for cp_key,cp_item in captiveportal.iteritems() %} +{% if cp_item.enable|default("0") == '1' %} +{% do cp_zones.append(cp_key) %} +{% endif %} +{% endfor %} +{% endif %} +firewall_enable="{% if OPNsense.TrafficShaper.enabled|default("0") == "1" or cp_zones %}YES{% else %}NO{% endif %}" +firewall_script="/usr/local/etc/rc.ipfw" +dummynet_enable="YES"