From d64260cb6b4523186e7999fcd62e19157ab00cf7 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Mon, 1 Jun 2015 19:39:52 +0200 Subject: [PATCH] (trafficshaper) move enabled option to pipe/queue tag --- .../OPNsense/TrafficShaper/forms/dialogPipe.xml | 6 ++++++ .../TrafficShaper/forms/dialogQueue.xml | 6 ++++++ .../OPNsense/TrafficShaper/TrafficShaper.xml | 12 ++++++++---- .../service/templates/OPNsense/IPFW/ipfw.conf | 17 +++++++++++------ .../service/templates/OPNsense/IPFW/rc.conf.d | 13 ++++++++++++- 5 files changed, 43 insertions(+), 11 deletions(-) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogPipe.xml b/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogPipe.xml index 986c2293c..f28512e4f 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogPipe.xml +++ b/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogPipe.xml @@ -1,4 +1,10 @@
+ + pipe.enabled + + checkbox + enable this pipe and it's related queues and rules + pipe.bandwidth diff --git a/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogQueue.xml b/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogQueue.xml index fc1f577f3..ef9b60127 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogQueue.xml +++ b/src/opnsense/mvc/app/controllers/OPNsense/TrafficShaper/forms/dialogQueue.xml @@ -1,4 +1,10 @@ + + pipe.enabled + + checkbox + enable this queue and it's related rules + queue.pipe diff --git a/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml b/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml index b0da93f20..453fca19a 100644 --- a/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml +++ b/src/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml @@ -4,10 +4,6 @@ OPNsense traffic shaper - - 0 - Y - @@ -16,6 +12,10 @@ Pipe number must be between 1...65535 Y + + 1 + Y + Y 1 @@ -67,6 +67,10 @@ Queue number must be between 1...65535 Y + + 1 + Y + diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf index 9104f29f2..8921a5a33 100644 --- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf +++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf @@ -70,11 +70,11 @@ add 150 deny layer2 not mac-type ip,ipv6 #====================================================================================== {% for intf_key,interface in interfaces.iteritems() %} {% if intf_key != "wan" and interface.ipaddr != "dhcp" and interface.ipaddr != "" %} -add {{loop.index + 1000}} allow udp from any to {{ interface.ipaddr }} dst-port 53 keep-state -add {{loop.index + 1000}} allow ip from any to { 255.255.255.255 or {{interface.ipaddr}} } in -add {{loop.index + 1000}} allow ip from { 255.255.255.255 or {{interface.ipaddr}} } to any out -add {{loop.index + 1000}} allow icmp from { 255.255.255.255 or {{interface.ipaddr}} } to any out icmptypes 0 -add {{loop.index + 1000}} allow icmp from any to { 255.255.255.255 or {{interface.ipaddr}} } in icmptypes 8 +add {{loop.index + 1000}} skipto 60000 udp from any to {{ interface.ipaddr }} dst-port 53 keep-state +add {{loop.index + 1000}} skipto 60000 ip from any to { 255.255.255.255 or {{interface.ipaddr}} } in +add {{loop.index + 1000}} skipto 60000 ip from { 255.255.255.255 or {{interface.ipaddr}} } to any out +add {{loop.index + 1000}} skipto 60000 icmp from { 255.255.255.255 or {{interface.ipaddr}} } to any out icmptypes 0 +add {{loop.index + 1000}} skipto 60000 icmp from any to { 255.255.255.255 or {{interface.ipaddr}} } in icmptypes 8 {% endif %} {% endfor %} @@ -141,17 +141,22 @@ add 60000 return via any {% for rule in helpers.toList('OPNsense.TrafficShaper.rules.rule', 'sequence') %} {% if helpers.getUUIDtag(rule.target) in ['pipe','queue'] %} {% if helpers.getNodeByTag('interfaces.'+rule.interface) %} +{% if helpers.getUUID(rule.target).enabled|default('0') == '1' %} +{% if helpers.getUUIDtag(rule.target) == 'pipe' or + helpers.getUUID(helpers.getUUID(rule.target).pipe).enabled|default('0') == '1' +%} add {{loop.index + 60000}} {{ helpers.getUUIDtag(rule.target) }} {{ helpers.getUUID(rule.target).number }} {{ rule.proto }} from {{ rule.source }} to {{rule.destination }} src-port {{ rule.src_port }} dst-port {{ rule.dst_port }} {{rule.direction}} via {{ helpers.getNodeByTag('interfaces.'+rule.interface).if }} +{% endif %} +{% endif %} {% endif %} {% endif %} {% endfor %} {% endif %} - # pass authorized add 65533 pass ip from any to any diff --git a/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d b/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d index d113c7058..eb3e775cf 100644 --- a/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d +++ b/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d @@ -6,6 +6,17 @@ {% endif %} {% endfor %} {% endif %} -firewall_enable="{% if OPNsense.TrafficShaper.enabled|default("0") == "1" or cp_zones %}YES{% else %}NO{% endif %}" +{# collect enabled #} +{% set shapers = [] %} +{% if helpers.exists('OPNsense.TrafficShaper') %} +{% if helpers.exists('OPNsense.TrafficShaper.pipes.pipe') %} +{% for pipe in helpers.toList('OPNsense.TrafficShaper.pipes.pipe') %} +{% if pipe.enabled|default('0') == '1' %} +{% do shapers.append(cp_key) %} +{% endif%} +{% endfor%} +{% endif %} +{% endif %} +firewall_enable="{% if shapers or cp_zones %}YES{% else %}NO{% endif %}" firewall_script="/usr/local/etc/rc.ipfw" dummynet_enable="YES"