lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 08:34:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall, plugin. register user rules into framework.

Browse Source
This commit is contained in:
Ad Schellevis 2017-06-11 18:07:35 +02:00 committed by Franco Fichtner
parent 063a883bb0
commit ddc623ccd6
1 changed files with 26 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/etc/inc/filter.inc
View File

@ -372,6 +372,9 @@ function filter_configure_sync($verbose = false)
{
global $config;
/* Use filter lock to not allow concurrent filter reloads during this run. */
$filterlck = lock('filter', LOCK_EX);
$FilterIflist = filter_generate_optcfg_array();
// initialize fw plugin object
@ -390,9 +393,29 @@ function filter_configure_sync($verbose = false)
filter_core_bootstrap($fw);
plugins_firewall($fw);
// register user rules
update_filter_reload_status(gettext("Generating filter rules"));
foreach ($config['filter']['rule'] as $rule) {
$sched = '';
$descr = '';
/* Use filter lock to not allow concurrent filter reloads during this run. */
$filterlck = lock('filter', LOCK_EX);
if (!empty($rule['sched'])) {
$sched = "({$rule['sched']})";
}
if (!empty($rule['descr'])) {
$descr = ": {$rule['descr']}";
}
$rule['label'] = fix_rule_label("USER_RULE{$sched}{$descr}") ;
if (isset($rule['floating'])) {
$prio = 200000;
} elseif (is_interface_group($rule['interface']) || in_array($rule['interface'], array("l2tp", "pptp", "pppoe", "enc0", "openvpn"))) {
$prio = 300000;
} else {
$prio = 400000;
}
$fw->registerFilterRule($prio, $rule);
}
filter_pflog_start();
update_filter_reload_status(gettext("Initializing"), true);
@ -428,10 +451,6 @@ function filter_configure_sync($verbose = false)
flush();
}
/* generate pfctl rules */
update_filter_reload_status(gettext("Generating filter rules"));
$pfrules = filter_rules_generate($FilterIflist);
if ($verbose) {
echo '.';
flush();
@ -518,12 +537,11 @@ function filter_configure_sync($verbose = false)
$rules .= $fw->anchorToText('fw', 'head');
$rules .= filter_rules_legacy($FilterIflist);
$rules .= $fw->outputFilterRules();
$rules .= "{$pfrules}\n";
update_filter_reload_status(gettext("Creating IPsec rules..."));
$rules .= filter_generate_ipsec_rules($FilterIflist);
$rules .= $fw->anchorToText('fw', 'tail');
unset($aliases, $gateways, $natrules, $pfrules);
unset($aliases, $gateways, $natrules);
update_filter_reload_status(gettext("Executing packet filter reload"));