diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index b73c4354e..2da882df2 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -169,7 +169,7 @@ function filter_delete_states_for_down_gateways() } } -function filter_configure_sync($verbose = false, $flush_states = false) +function filter_configure_sync($verbose = false, $flush_states = false, $load_aliases = true) { global $config; @@ -509,8 +509,10 @@ function filter_configure_sync($verbose = false, $flush_states = false) flush(); } - configd_run('template reload OPNsense/Filter'); - configd_run('filter refresh_aliases', true); + if ($load_aliases) { + configd_run('template reload OPNsense/Filter'); + configd_run('filter refresh_aliases', true); + } if ($verbose) { echo "done.\n"; diff --git a/src/etc/rc.filter_configure b/src/etc/rc.filter_configure index 658c1a596..7e8644d15 100755 --- a/src/etc/rc.filter_configure +++ b/src/etc/rc.filter_configure @@ -34,4 +34,8 @@ require_once("system.inc"); require_once("interfaces.inc"); require_once("services.inc"); -filter_configure_sync(true); +if (count($argv) >= 1 && $argv[1] == 'skip_alias' ) { + filter_configure_sync(true, false, false); +} else { + filter_configure_sync(true); +} diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php index 2b9f2ca86..4460159e7 100644 --- a/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php +++ b/src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php @@ -31,6 +31,7 @@ namespace OPNsense\Firewall\Api; use \OPNsense\Base\ApiMutableModelControllerBase; use \OPNsense\Core\Backend; +use \OPNsense\Base\UserException; /** * @package OPNsense\Firewall @@ -197,11 +198,12 @@ class AliasController extends ApiMutableModelControllerBase if ($this->request->isPost()) { $backend = new Backend(); $backend->configdRun('template reload OPNsense/Filter'); - $backend->configdRun("filter reload"); - $bckresult = strtolower( - trim($backend->configdRun("filter refresh_aliases")) - ); - return array("status" => $bckresult); + $backend->configdRun("filter reload skip_alias"); + $bckresult = json_decode($backend->configdRun("filter refresh_aliases"), true); + if (!empty($bckresult['messages'])) { + throw new UserException(implode("\n", $bckresult['messages']), gettext("Alias")); + } + return array("status" => "ok"); } else { return array("status" => "failed"); } diff --git a/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt b/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt index ef298f981..2a1c8d15c 100644 --- a/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt +++ b/src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt @@ -218,14 +218,6 @@ ajaxCall("/api/firewall/alias/reconfigure", {}, function(data,status) { // when done, disable progress animation. $("#reconfigureAct_progress").removeClass("fa fa-spinner fa-pulse"); - if (status != "success" || data['status'] != 'ok') { - BootstrapDialog.show({ - type: BootstrapDialog.TYPE_WARNING, - title: "{{ lang._('Error reconfiguring aliases') }}", - message: data['status'], - draggable: true - }); - } }); }); diff --git a/src/opnsense/scripts/filter/update_tables.py b/src/opnsense/scripts/filter/update_tables.py index 381477469..9a38a3edd 100755 --- a/src/opnsense/scripts/filter/update_tables.py +++ b/src/opnsense/scripts/filter/update_tables.py @@ -32,7 +32,7 @@ import os import sys import argparse -import syslog +import json import xml.etree.cElementTree as ET import syslog import tempfile @@ -98,7 +98,7 @@ class AliasParser(object): yield self._aliases[alias] if __name__ == '__main__': - status = dict() + result = {'status': 'ok'} parser = argparse.ArgumentParser() parser.add_argument('--output', help='output type [json/text]', default='json') parser.add_argument('--source_conf', help='configuration xml', default='/usr/local/etc/filter_tables.conf') @@ -155,6 +155,17 @@ if __name__ == '__main__': stdout=open(os.devnull, 'wb'), stderr=open(os.devnull, 'wb')) else: # replace table contents with collected alias - subprocess.call(['/sbin/pfctl', '-t', alias_name, '-T', 'replace', '-f', - '/var/db/aliastables/%s.txt' % alias_name], - stdout=open(os.devnull, 'wb'), stderr=open(os.devnull, 'wb')) + with tempfile.NamedTemporaryFile() as output_stream: + subprocess.call(['/sbin/pfctl', '-t', alias_name, '-T', 'replace', '-f', + '/var/db/aliastables/%s.txt' % alias_name], + stdout=open(os.devnull, 'wb'), stderr=output_stream) + output_stream.seek(0) + error_output = output_stream.read().strip() + if error_output.find('pfctl: ') > -1: + result['status'] = 'error' + if 'messages' not in result: + result['messages'] = list() + if error_output not in result['messages']: + result['messages'].append(error_output.replace('pfctl: ', '')) + + print (json.dumps(result)) diff --git a/src/opnsense/service/conf/actions.d/actions_filter.conf b/src/opnsense/service/conf/actions.d/actions_filter.conf index f66f2284e..30c1e0cf9 100644 --- a/src/opnsense/service/conf/actions.d/actions_filter.conf +++ b/src/opnsense/service/conf/actions.d/actions_filter.conf @@ -1,6 +1,6 @@ [reload] command:/usr/local/etc/rc.filter_configure -parameters: +parameters: %s type:script message:Reloading filter @@ -13,7 +13,7 @@ message:Syncing firewall %s [refresh_aliases] command:/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py parameters: -type:script +type:script_output description:Update and reload firewall aliases message:refresh url table aliases