diff --git a/src/etc/config.xml.sample b/src/etc/config.xml.sample
index 26d2e2606..619150ab1 100644
--- a/src/etc/config.xml.sample
+++ b/src/etc/config.xml.sample
@@ -256,7 +256,6 @@
aesni
1
1
- 1
admins
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 3daea58c3..e043946cf 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -123,29 +123,6 @@ function filter_configure()
}
}
-function filter_should_trigger_kill_states()
-{
- global $config;
- if (empty($config['system']['kill_states'])) {
- $a_gateways = return_gateways_status();
- $ifdetails = legacy_interfaces_details();
- $any_gateway_down = false;
- foreach ((new \OPNsense\Routing\Gateways($ifdetails))->gatewaysIndexedByName(false, true) as $gateway) {
- if (empty($gateway['monitor']) || empty($a_gateways[$gateway['name']])) {
- continue;
- } elseif (!is_ipaddr($gateway['monitor']) || strstr($gateway['monitor'], '127.0.0.')) {
- continue;
- }
- if (stristr($a_gateways[$gateway['name']]['status'], 'down')) {
- $any_gateway_down = true;
- break;
- }
- }
- return $any_gateway_down;
- }
- return false;
-}
-
/**
* sync interface groups, but leave the ones not managed by us intact.
*/
@@ -207,7 +184,7 @@ function is_interface_group($if)
return false;
}
-function filter_configure_sync($verbose = false, $flush_states = false, $load_aliases = true)
+function filter_configure_sync($verbose = false, $load_aliases = true)
{
global $config;
$sched_kill_states = array(); // kill states for schedules
@@ -562,15 +539,6 @@ function filter_configure_sync($verbose = false, $flush_states = false, $load_al
flush();
}
- if ($flush_states) {
- mwexec('/sbin/pfctl -Fs');
- }
-
- if ($verbose) {
- echo '.';
- flush();
- }
-
if ($load_aliases) {
configd_run('template reload OPNsense/Filter');
configd_run('filter refresh_aliases', true);
diff --git a/src/etc/rc.filter_configure b/src/etc/rc.filter_configure
index 009e16daa..8dcc3df83 100755
--- a/src/etc/rc.filter_configure
+++ b/src/etc/rc.filter_configure
@@ -33,20 +33,6 @@ require_once("filter.inc");
require_once("system.inc");
require_once("interfaces.inc");
-$event_arg = count($argv) >= 1 ? $argv[1] : "";
+$event_arg = count($argv) >= 1 ? $argv[1] : '';
-if ($event_arg == 'skip_alias' ) {
- filter_configure_sync(true, false, false);
-} else {
- if ($event_arg == 'gateway' && filter_should_trigger_kill_states()) {
- /**
- * XXX: When "Kill states" on gateway monitoring is used, we should reset states after this event.
- * Originally filter_configure_sync() reset states after each event. Although the feature isn't great
- * in terms of what it does (not really fine grained, just kill all), for historic reasons we probably should
- * leave it in.
- */
- filter_configure_sync(true, true);
- } else {
- filter_configure_sync(true);
- }
-}
+filter_configure_sync(true, $event_arg != 'skip_alias');
diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip
index 56f405e95..08080837d 100755
--- a/src/etc/rc.newwanip
+++ b/src/etc/rc.newwanip
@@ -152,10 +152,13 @@ if (!is_ipaddr($cacheip) || $ip != $cacheip || !is_ipaddr($configip)) {
system_routing_configure(false, $interface);
plugins_configure('monitor');
- filter_configure_sync(false, isset($config['system']['ip_change_kill_states']));
- if (is_ipaddr($cacheip) && $ip != $cacheip && !isset($config['system']['ip_change_kill_states'])) {
+ filter_configure_sync();
+ if (isset($config['system']['ip_change_kill_states'])) {
+ log_error('IP address renew, killing all previous states');
+ mwexec('/sbin/pfctl -Fs');
+ } else if (is_ipaddr($cacheip) && $ip != $cacheip) {
log_error("IP address change detected, killing states of old ip $cacheip");
- mwexec('/sbin/pfctl -k ' . $cacheip);
+ mwexecf('/sbin/pfctl -k %s', $cacheip);
}
if (is_ipaddr($ip)) {
diff --git a/src/www/system_advanced_firewall.php b/src/www/system_advanced_firewall.php
index f6fe41fb1..cfac87fb3 100644
--- a/src/www/system_advanced_firewall.php
+++ b/src/www/system_advanced_firewall.php
@@ -51,7 +51,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']);
$pconfig['bogonsinterval'] = !empty($config['system']['bogons']['interval']) ? $config['system']['bogons']['interval'] : null;
$pconfig['schedule_states'] = isset($config['system']['schedule_states']);
- $pconfig['kill_states'] = !empty($config['system']['kill_states']);
$pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']);
$pconfig['lb_use_sticky'] = isset($config['system']['lb_use_sticky']);
$pconfig['pf_share_forward'] = isset($config['system']['pf_share_forward']);
@@ -202,12 +201,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['schedule_states']);
}
- if (!empty($pconfig['kill_states'])) {
- $config['system']['kill_states'] = true;
- } elseif (isset($config['system']['kill_states'])) {
- unset($config['system']['kill_states']);
- }
-
if (!empty($pconfig['skip_rules_gw_down'])) {
$config['system']['skip_rules_gw_down'] = true;
} elseif (isset($config['system']['skip_rules_gw_down'])) {
@@ -348,16 +341,6 @@ include("head.inc");
|
|
-
- | |
-
- />
-
-
-
-
- |
-
| |
|