lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 09:34:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: remove ip_change_kill_states mechanic; closes #6092

Browse Source
This commit is contained in:
Franco Fichtner 2022-10-17 13:47:40 +02:00
parent dfadc8190e
commit bb9abf86a4
2 changed files with 1 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/etc/rc.newwanip
View File

@ -167,11 +167,7 @@ if ($ip != $cacheip || (!is_ipaddr($intf_ipaddr) && $intf_ipaddr != 'dhcp')) {
system_routing_configure(false, $interface);
filter_configure_sync();
if (isset($config['system']['ip_change_kill_states'])) {
/* XXX maybe eventually ip_change_kill_states should be removed */
log_error('IP address renew, killing all previous states');
mwexec('/sbin/pfctl -Fs');
} else if (is_ipaddr($cacheip) && $ip != $cacheip) {
if (is_ipaddr($cacheip) && $ip != $cacheip) {
log_error("IP address change detected, killing states of old ip $cacheip");
mwexecf('/sbin/pfctl -k 0.0.0.0/0 -k %s', $cacheip);
mwexecf('/sbin/pfctl -k %s', $cacheip);

17
src/www/system_advanced_firewall.php
View File

@ -59,7 +59,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['enablebinatreflection'] = !empty($config['system']['enablebinatreflection']);
$pconfig['enablenatreflectionhelper'] = isset($config['system']['enablenatreflectionhelper']) ? $config['system']['enablenatreflectionhelper'] : null;
$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
$pconfig['ip_change_kill_states'] = isset($config['system']['ip_change_kill_states']);
$pconfig['syncookies'] = isset($config['system']['syncookies']) ? $config['system']['syncookies'] : null;
$pconfig['syncookies_adaptstart'] = isset($config['system']['syncookies_adaptstart']) ? $config['system']['syncookies_adaptstart'] : null;
$pconfig['syncookies_adaptend'] = isset($config['system']['syncookies_adaptend']) ? $config['system']['syncookies_adaptend'] : null;
@ -226,12 +225,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
unset($config['system']['skip_rules_gw_down']);
}
if (!empty($pconfig['ip_change_kill_states'])) {
$config['system']['ip_change_kill_states'] = true;
} elseif (isset($config['system']['ip_change_kill_states'])) {
unset($config['system']['ip_change_kill_states']);
}
if (!empty($pconfig['syncookies'])) {
$config['system']['syncookies'] = $pconfig['syncookies'];
$config['system']['syncookies_adaptstart'] = $pconfig['syncookies_adaptstart'];
@ -668,16 +661,6 @@ include("head.inc");
</div>
</td>
</tr>
<tr>
<td><a id="help_for_ip_change_kill_states" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Dynamic state reset') ?></td>
<td>
<input name="ip_change_kill_states" type="checkbox" value="yes" <?=!empty($pconfig['ip_change_kill_states']) ? 'checked="checked"' : '' ?> />
<?= gettext('Reset all states when a dynamic IP address changes.') ?>
<div class="hidden" data-for="help_for_ip_change_kill_states">
<?=gettext("This option flushes the entire state table on IPv4 address changes in dynamic setups to e.g. allow VoIP servers to re-register.");?>
</div>
</td>
</tr>
</table>
</div>
<div class="content-box tab-content table-responsive __mb">