From ffd64bcfd5dfc3bd0a016739702e65511b74e4be Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 20 Sep 2022 13:08:47 +0200 Subject: [PATCH] Firewall/Rules - simplify firewall_rule_lookup.php by reusing filter_core_rules_user(), add reference and rule sequence to filter_core_rules_user(). ``` $fw = filter_core_get_initialized_plugin_system(); filter_core_bootstrap($fw); plugins_firewall($fw); filter_core_rules_user($fw); ``` Above block should offer a complete view on the firewall rules now, which we may use in the gui as well. There's still an idea to offer a full view on all firewall rules that apply to an interface (including floating and groups), a bit inspired by this request https://github.com/opnsense/core/issues/6024. In order to do this, we should likely be able to offer a single rule provider first so we can just query the object. --- src/etc/inc/filter.lib.inc | 6 +++++- src/www/firewall_rule_lookup.php | 18 ++++++------------ 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/src/etc/inc/filter.lib.inc b/src/etc/inc/filter.lib.inc index e0e70e981..1c0935344 100644 --- a/src/etc/inc/filter.lib.inc +++ b/src/etc/inc/filter.lib.inc @@ -615,10 +615,14 @@ function filter_core_rules_user($fw) if (isset($config['filter']['rule'])) { // register user rules - foreach ($config['filter']['rule'] as $rule) { + foreach ($config['filter']['rule'] as $idx => $rule) { // calculate a hash for this area so we can track this rule, we should replace this // with uuid's on the rules like the new style models do eventually. $rule['label'] = OPNsense\Firewall\Util::calcRuleHash($rule); + + $intf = !empty($rule['floating']) ? 'FloatingRules' : $rule['interface']; + $rule['#ref'] = sprintf('firewall_rules_edit.php?if=%s&id=%s', $intf, $idx); + $rule['seq'] = $idx; // current rule sequence (used as id in firewall pages) $sched = ''; $descr = ''; diff --git a/src/www/firewall_rule_lookup.php b/src/www/firewall_rule_lookup.php index beaea8441..3e7f676a1 100644 --- a/src/www/firewall_rule_lookup.php +++ b/src/www/firewall_rule_lookup.php @@ -35,6 +35,7 @@ $a_filter = &config_read_array('filter', 'rule'); $fw = filter_core_get_initialized_plugin_system(); filter_core_bootstrap($fw); plugins_firewall($fw); +filter_core_rules_user($fw); if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (!empty($_GET['rid'])) { @@ -44,10 +45,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (!empty($rule->getRef()) && $rid == $rule->getLabel()) { if (strpos($rule->getRef(), '?if=') !== false) { $parts = parse_url($rule->getRef()); + parse_str($parts['query'], $query); if (!empty($parts['fragment'])) { - parse_str($parts['query'], $query); - $params = [$parts['path'], $query['if'], $parts['fragment']]; - header(url_safe('Location: /%s?if=%s#%s', $params)); + header(url_safe('Location: /%s?if=%s#%s', [$parts['path'], $query['if'], $parts['fragment']])); + } elseif (!empty($query['if']) && !empty($query['id'])) { + // firewall index reference + header(url_safe('Location: /%s?if=%s&id=%s', [$parts['path'], $query['if'], $query['id']])); } } else { header(sprintf('Location: /%s', $rule->getRef())); @@ -55,15 +58,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { exit; } } - // search user defined rules - foreach ($a_filter as $idx => $rule) { - $rule_hash = OPNsense\Firewall\Util::calcRuleHash($rule); - if ($rule_hash === $rid) { - $intf = !empty($rule['floating']) ? 'FloatingRules' : $rule['interface']; - header(url_safe('Location: /firewall_rules_edit.php?if=%s&id=%s', array($intf, $idx))); - exit; - } - } } } ?>