diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-05-05 20:25:50 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-05-05 20:25:50 +0000 |
| commit | db97e4bba0da36cb4075685754ce3a78a3939f6d (patch) | |
| tree | dc67352b6daa38ef71865cae96bc76e75f3342a6 | |
| parent | d53c2f85736aa8d8de25b4e3821be0c68352d707 (diff) | |
| download | pfsense-db97e4bba0da36cb4075685754ce3a78a3939f6d.zip pfsense-db97e4bba0da36cb4075685754ce3a78a3939f6d.tar.gz | |
Begin process of merging carp into base
| -rw-r--r-- | etc/inc/filter.inc | 62 |
1 files changed, 60 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index c972663..3986ed7 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -73,6 +73,7 @@ function filter_configure() { $natrules = filter_nat_rules_generate(); /* generate pfctl rules */ $pfrules = filter_rules_generate(); + if(isset($config['shaper']['enable'])) { /* generate altq interface setup parms */ $altq_ints = filter_setup_altq_interfaces(); @@ -1666,7 +1667,7 @@ EOD; $line = generate_user_filter_rule($rule, 0); if (!isset($rule['disabled'])) { // label - if($rule['descr'] <> "" and $line <> "" and strpos($line, "label" > 0) { + if($rule['descr'] <> "" and $line <> "" and strpos($line, "label") > 0) { $line .= "label \"USER_RULE: " . $rule['descr'] . "\" "; } else { $line .= "# could not process \"USER_RULE: " . $rule['descr'] . "\" "; @@ -1793,4 +1794,61 @@ function create_firewall_outgoing_rules_to_itself() { return $rule; } -?> +function process_carp_nat_rules() { + global $g, $config; + $lines = ""; + if($config['installedpackages']['carp']['config'] != "") + foreach($config['installedpackages']['carp']['config'] as $carp) { + $ip = $carp['ipaddress']; + $int = find_ip_interface($ip); + $carp_int = find_carp_interface($ip); + if($int != false and $int != $wan_interface) { + $ipnet = convert_ip_to_network_format($ip, $carp['netmask']); + $lines .= "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n"; + } + } + return $lines; +} + +function process_carp_rules() { + global $g, $config; + $lines = ""; + /* return if there are no carp configured items */ + if($config['installedpackages']['carp']['config'] != "") { + /* carp records exist, lets process */ + $wan_interface = get_real_wan_interface(); + $i = 0; + $ifdescrs = array('wan', 'lan'); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + $ifdescrs['opt' . $j] = "opt" . $j; + } + foreach ($ifdescrs as $ifdescr => $ifname) { + $interface = convert_friendly_interface_to_real_interface_name($ifname); + $lines .= "pass quick on {$interface} proto carp keep state\n"; + } + if($config['installedpackages']['carp']['config'] != "") + foreach($config['installedpackages']['carp']['config'] as $carp) { + $ip = $carp['ipaddress']; + $int = find_ip_interface($ip); + $carp_int = find_carp_interface($ip); + $lines .= "pass quick on {$carp_int} proto carp from {$carp_int}:network to 224.0.0.18 keep state \(no-sync\)\n"; + $lines .= "pass out quick on {$carp_int} keep state\n"; + $lines .= "pass quick on {$carp_int} proto carp keep state\n"; + if($int != false and $int != $wan_interface) { + $ipnet = convert_ip_to_network_format($ip, $carp['netmask']); + $rule = "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n"; + add_rule_to_anchor("natrules", $rule, $ip); + } + } + add_rule_to_anchor("carp", "pass quick on pfsync0 keep state", "pfsync0" . "3"); + if($config['installedpackages']['carpsettings']['config'] != "") + foreach($config['installedpackages']['carpsettings']['config'] as $carp) + $carp_sync_int = convert_friendly_interface_to_real_interface_name($carp['pfsyncinterface']); + if($carp_sync_int != "") { + $lines .= "pass quick on {$carp_sync_int} proto pfsync"; + } + } + return $lines; +} + +?>
\ No newline at end of file |
