From e8908f4a32bf85840fd75c347bb075ed8ada66a2 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 2 Oct 2018 21:46:16 +0200 Subject: [PATCH] Firewall/alias, extend /api/firewall/alias_util/ alias to support instant address additions and deletions, saved to config when applicable. -- /api/firewall/alias_util/add/[alias] -- /api/firewall/alias_util/delete/[alias] both accepting address as parameter, sample usage added to the pfTables diagnostic page --- .../Firewall/Api/AliasUtilController.php | 41 +++++++++++++++++ .../views/OPNsense/Firewall/alias_util.volt | 46 ++++++++++++++----- .../conf/actions.d/actions_filter.conf | 6 +++ 3 files changed, 82 insertions(+), 11 deletions(-) diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasUtilController.php b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasUtilController.php index 40e22d39d..617bde17d 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasUtilController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasUtilController.php @@ -162,6 +162,8 @@ class AliasUtilController extends ApiControllerBase $cnfAlias->content = implode("\n", $items); $this->getModel()->serializeToConfig(); Config::getInstance()->save(); + // flush to disk, + (new Backend())->configdRun('template reload OPNsense/Filter'); } } @@ -173,4 +175,43 @@ class AliasUtilController extends ApiControllerBase return array("status" => "failed"); } } + + /** + * add item to alias table + * @param string $alias name + * @return array status + */ + public function addAction($alias) + { + if ($this->request->isPost() && $this->request->hasPost("address")) { + $address = $this->request->getPost("address"); + if (preg_match("/[^0-9a-f\:\.\/_]/", $address)) { + return array("status" => "not_an_address"); + } + $cnfAlias = $this->getAlias($alias); + if ($cnfAlias !== null && in_array($cnfAlias->type, array('host', 'network'))) { + // update local administration, add address when not found for static types + $items = explode("\n", $cnfAlias->content); + if (strpos($address, "/") === false) { + // add mask + $address .= "/" . (strpos($address, ":") ? '128' : '32'); + } + if (!array_search($address, $items)) { + $items[] = $address; + $cnfAlias->content = implode("\n", $items); + $this->getModel()->serializeToConfig(); + Config::getInstance()->save(); + // flush to disk, + (new Backend())->configdRun('template reload OPNsense/Filter'); + } + } + + $this->sessionClose(); + $backend = new Backend(); + $backend->configdpRun("filter add table", array($alias, $address)); + return array("status" => "done"); + } else { + return array("status" => "failed"); + } + } } diff --git a/src/opnsense/mvc/app/views/OPNsense/Firewall/alias_util.volt b/src/opnsense/mvc/app/views/OPNsense/Firewall/alias_util.volt index 77c8ebf12..372167d22 100644 --- a/src/opnsense/mvc/app/views/OPNsense/Firewall/alias_util.volt +++ b/src/opnsense/mvc/app/views/OPNsense/Firewall/alias_util.volt @@ -69,6 +69,14 @@ }); }); + $("#btn_quick_add").click(function(){ + ajaxCall("/api/firewall/alias_util/add/"+$('#tablename').val(),{'address':$("#quick_add").val()},function(){ + $("#quick_add").val(""); + $('#tablename').change(); + }); + + }); + // update bogons $("#update_bogons").click(function(event){ event.preventDefault() @@ -90,17 +98,33 @@
- - - - +
+
+ + + +
+
+
+ + + + +
+
+
+ +
+
diff --git a/src/opnsense/service/conf/actions.d/actions_filter.conf b/src/opnsense/service/conf/actions.d/actions_filter.conf index ba0da30ad..5087b0c0b 100644 --- a/src/opnsense/service/conf/actions.d/actions_filter.conf +++ b/src/opnsense/service/conf/actions.d/actions_filter.conf @@ -65,6 +65,12 @@ parameters: %s %s type:script message:delete entry from pf table ( %s / %s ) +[add.table] +command:/sbin/pfctl +parameters: -t %s -T add %s +type:script +message:add entry to pf table ( %s / %s ) + [update.bogons] command:/usr/local/etc/rc.update_bogons parameters: