diff options
| author | Jim P <jim@pingle.org> | 2012-10-01 07:20:57 -0700 |
|---|---|---|
| committer | Jim P <jim@pingle.org> | 2012-10-01 07:20:57 -0700 |
| commit | 51271f743301453dd1688ed1876cbd68c8d6f123 (patch) | |
| tree | 52be96e6ca3a63889a0f6e54db7cceb25234353d | |
| parent | 19d61d2731c1fb0baf877632e8e482bf3ff57bdd (diff) | |
| parent | f062f033865e6003c505ff266749b6d2216a68bd (diff) | |
| download | pfsense-51271f743301453dd1688ed1876cbd68c8d6f123.zip pfsense-51271f743301453dd1688ed1876cbd68c8d6f123.tar.gz | |
Merge pull request #234 from PiBa-NL/master
OpenVPN allow changing TUN/TAP, firewall-log filter on interface. carp show vip desciption in notification
| -rw-r--r-- | etc/inc/filter_log.inc | 13 | ||||
| -rw-r--r-- | etc/inc/interfaces.inc | 13 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 7 | ||||
| -rwxr-xr-x | etc/rc.carpbackup | 3 | ||||
| -rwxr-xr-x | etc/rc.carpmaster | 3 | ||||
| -rwxr-xr-x | usr/local/www/diag_logs_filter.php | 78 | ||||
| -rwxr-xr-x | usr/local/www/firewall_virtual_ip.php | 8 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 3 |
8 files changed, 87 insertions, 41 deletions
diff --git a/etc/inc/filter_log.inc b/etc/inc/filter_log.inc index d55d332..3e06058 100644 --- a/etc/inc/filter_log.inc +++ b/etc/inc/filter_log.inc @@ -37,7 +37,7 @@ require 'config.inc'; /* format filter logs */ -function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "") { +function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "", $filterinterface = null) { global $config, $g; /* Make sure this is a number before using it in a system call */ @@ -63,15 +63,18 @@ function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "") { $counter = 0; $logarr = array_reverse(collapse_filter_lines(array_reverse($logarr))); - + $filterinterface = strtoupper($filterinterface); foreach ($logarr as $logent) { if($counter >= $nentries) break; $flent = parse_filter_line($logent); - if (($flent != "") && (match_filter_line($flent, $filtertext))) { - $counter++; - $filterlog[] = $flent; + if (!$filterinterface || ($filterinterface == $flent['interface'])) + { + if (($flent != "") && (match_filter_line($flent, $filtertext))) { + $counter++; + $filterlog[] = $flent; + } } } /* Since the lines are in reverse order, flip them around if needed based on the user's preference */ diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 3747805..551d833 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1822,10 +1822,15 @@ function interfaces_carp_setup() { /* XXX: Handle an issue with pfsync(4) and carp(4). In a cluster carp will come up before pfsync(4) has updated and so will cause issues * for existing sessions. */ - $i = 0; - while (intval(trim(`/sbin/ifconfig pfsync0 | /usr/bin/grep 'syncok: 0' | /usr/bin/grep -v grep | /usr/bin/wc -l`)) == 0 && $i < 30) { - $i++; - sleep(1); + if ($config['hasync']['pfsyncenabled'] === "on"){ + echo "waiting for pfsync..."; + $i = 0; + while (intval(trim(`/sbin/ifconfig pfsync0 | /usr/bin/grep 'syncok: 0' | /usr/bin/grep -v grep | /usr/bin/wc -l`)) == 0 && $i < 30) { + $i++; + sleep(1); + } + echo "pfsync done in $i seconds.\n"; + echo "Configuring CARP settings finalize..."; } if($config['virtualip']['vip']) diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index bddb5c8..687c7ce 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -710,7 +710,12 @@ function openvpn_delete($mode, & $settings) { $vpnid = $settings['vpnid']; $mode_id = $mode.$vpnid; - $tunname = "tun{$vpnid}"; + if (isset($settings['dev_mode'])) + $tunname = "{$settings['dev_mode']}{$vpnid}"; + else { /* defaults to tun */ + $tunname = "tun{$vpnid}"; + } + if ($mode == "server") $devname = "ovpns{$vpnid}"; else diff --git a/etc/rc.carpbackup b/etc/rc.carpbackup index 76cdfac..d463d45 100755 --- a/etc/rc.carpbackup +++ b/etc/rc.carpbackup @@ -33,8 +33,9 @@ require_once("functions.inc"); require_once("config.inc"); require_once("notices.inc"); require_once("openvpn.inc"); +require_once("interfaces.inc"); -$notificationmsg = "A carp cluster member has resumed the state 'BACKUP'"; +$notificationmsg = sprintf('Carp cluster member "%2$s (%1$s)" has resumed the state "BACKUP"',$argv[1],convert_friendly_interface_to_friendly_descr($argv[1])); notify_via_smtp($notificationmsg); notify_via_growl($notificationmsg); diff --git a/etc/rc.carpmaster b/etc/rc.carpmaster index cb5395e..f57d150 100755 --- a/etc/rc.carpmaster +++ b/etc/rc.carpmaster @@ -33,8 +33,9 @@ require_once("functions.inc"); require_once("config.inc"); require_once("notices.inc"); require_once("openvpn.inc"); +require_once("interfaces.inc"); -$notificationmsg = "A carp cluster member has resumed the state 'MASTER'"; +$notificationmsg = sprintf('Carp cluster member "%2$s (%1$s)" has resumed the state "MASTER"',$argv[1],convert_friendly_interface_to_friendly_descr($argv[1])); notify_via_smtp($notificationmsg); notify_via_growl($notificationmsg); diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php index 193585a..7e0a82e 100755 --- a/usr/local/www/diag_logs_filter.php +++ b/usr/local/www/diag_logs_filter.php @@ -46,37 +46,26 @@ require("guiconfig.inc"); require_once("filter_log.inc"); -if($_GET['getrulenum'] or $_POST['getrulenum']) { - if($_GET['getrulenum']) - $rulenum = $_GET['getrulenum']; - if($_POST['getrulenum']) - $rulenum = $_POST['getrulenum']; +function getGETPOSTsettingvalue($settingname, $default) +{ + $settingvalue = $default; + if($_GET[$settingname]) + $settingvalue = $_GET[$settingname]; + if($_POST[$settingname]) + $settingvalue = $_POST[$settingname]; + return $settingvalue; +} + +$rulenum = getGETPOSTsettingvalue('getrulenum', null); +if($rulenum) { list($rulenum, $type) = explode(',', $rulenum); $rule = find_rule_by_number($rulenum, $type); echo gettext("The rule that triggered this action is") . ":\n\n{$rule}"; exit; } -if($_GET['dnsip'] or $_POST['dnsip']) { - if($_GET['dnsip']) - $dnsip = $_GET['dnsip']; - if($_POST['dnsip']) - $dnsip = $_POST['dnsip']; - $host = get_reverse_dns($dnsip); - if ($host == $ip) { - $host = "No PTR Record"; - } - echo "IP: {$dnsip}\nHost: {$host}"; - exit; -} - -$filtertext = ""; -if($_GET['filtertext'] or $_POST['filtertext']) { - if($_GET['filtertext']) - $filtertext = htmlspecialchars($_GET['filtertext']); - if($_POST['filtertext']) - $filtertext = htmlspecialchars($_POST['filtertext']); -} +$interfacefilter = getGETPOSTsettingvalue('interface', null); +$filtertext = htmlspecialchars(getGETPOSTsettingvalue('filtertext', "")); $filter_logfile = "{$g['varlog_path']}/filter.log"; @@ -122,6 +111,38 @@ include("head.inc"); <td colspan="<?=(!isset($config['syslog']['rawfilter']))?7:2?>" align="left" valign="middle"> <div style="float: right; vertical-align:middle"> <form id="filterform" name="filterform" action="diag_logs_filter.php" method="post"> + <select name="interface" onChange="dst_change(this.value,iface_old,document.iform.dsttype.value);iface_old = document.iform.interface.value;typesel_change();"> + <option value="" <?=$interfacefilter?"":"selected"?>>*Any interface</option> + <?php + $iflist = get_configured_interface_with_descr(false, true); + //$iflist = get_interface_list(); + // Allow extending of the firewall edit interfaces + pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/pre_interfaces_edit"); + foreach ($iflist as $if => $ifdesc) + $interfaces[$if] = $ifdesc; + + if ($config['l2tp']['mode'] == "server") + $interfaces['l2tp'] = "L2TP VPN"; + + if ($config['pptpd']['mode'] == "server") + $interfaces['pptp'] = "PPTP VPN"; + + if (is_pppoe_server_enabled() && have_ruleint_access("pppoe")) + $interfaces['pppoe'] = "PPPoE VPN"; + + /* add ipsec interfaces */ + if (isset($config['ipsec']['enable']) || isset($config['ipsec']['client']['enable'])) + $interfaces["enc0"] = "IPsec"; + + /* add openvpn/tun interfaces */ + if ($config['openvpn']["openvpn-server"] || $config['openvpn']["openvpn-client"]) + $interfaces["openvpn"] = "OpenVPN"; + + foreach ($interfaces as $iface => $ifacename): ?> + <option value="<?=$iface;?>" <?=($iface==$interfacefilter)?"selected":"";?>><?=htmlspecialchars($ifacename);?></option> + <?php endforeach; ?> + </select> + <input id="filtertext" name="filtertext" class="formfld search" style="vertical-align:top;" value="<?=gettext($filtertext);?>" /> <input id="filtersubmit" name="filtersubmit" type="submit" class="formbtn" style="vertical-align:top;" value="<?=gettext("Filter");?>" /> </form> @@ -138,7 +159,10 @@ include("head.inc"); </td> </tr> <?php if (!isset($config['syslog']['rawfilter'])): - $filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100, $filtertext); + $iflist = get_configured_interface_with_descr(false, true); + if ($iflist[$interfacefilter]) + $interfacefilter = $iflist[$interfacefilter]; + $filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100, $filtertext, $interfacefilter); ?> <tr> <td colspan="<?=$config['syslog']['filterdescriptions']==="1"?7:6?>" class="listtopic"> @@ -178,7 +202,7 @@ include("head.inc"); <td class="listMRr" nowrap="nowrap"><?php echo htmlspecialchars($filterent['interface']);?></td> <?php if ($config['syslog']['filterdescriptions'] === "1") - echo("<td class=\"listrg\" nowrap=\"nowrap\">".find_rule_by_number_buffer($filterent['rulenum'],$filterent['act'])."</td>"); + echo("<td class=\"listMRr\" nowrap=\"nowrap\">".find_rule_by_number_buffer($filterent['rulenum'],$filterent['act'])."</td>"); $int = strtolower($filterent['interface']); $proto = strtolower($filterent['proto']); diff --git a/usr/local/www/firewall_virtual_ip.php b/usr/local/www/firewall_virtual_ip.php index 36e48ab..547ce4b 100755 --- a/usr/local/www/firewall_virtual_ip.php +++ b/usr/local/www/firewall_virtual_ip.php @@ -180,6 +180,7 @@ include("head.inc"); <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="30%" class="listhdrr"><?=gettext("Virtual IP address");?></td> + <td width="10%" class="listhdrr"><?=gettext("Interface");?></td> <td width="10%" class="listhdrr"><?=gettext("Type");?></td> <td width="40%" class="listhdr"><?=gettext("Description");?></td> <td width="10%" class="list"> @@ -204,6 +205,9 @@ include("head.inc"); ?> <?php if($vipent['mode'] == "carp") echo " (vhid {$vipent['vhid']})"; ?> </td> + <td class="listr" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';"> + <?=htmlspecialchars(strtoupper($config['interfaces'][$vipent['interface']]['descr']));?> + </td> <td class="listr" align="center" ondblclick="document.location='firewall_virtual_ip_edit.php?id=<?=$i;?>';"> <? if($vipent['mode'] == "proxyarp") echo "<img src='./themes/".$g['theme']."/images/icons/icon_parp.gif' title='Proxy ARP'>"; elseif($vipent['mode'] == "carp") echo "<img src='./themes/".$g['theme']."/images/icons/icon_carp.gif' title='CARP'>"; elseif($vipent['mode'] == "other") echo "<img src='./themes/".$g['theme']."/images/icons/icon_other.gif' title='Other'>"; elseif($vipent['mode'] == "ipalias") echo "<img src='./themes/".$g['theme']."/images/icons/icon_ifalias.gif' title='IP Alias'>";?> </td> @@ -222,7 +226,7 @@ include("head.inc"); <?php endif; ?> <?php $i++; endforeach; ?> <tr> - <td class="list" colspan="3"></td> + <td class="list" colspan="4"></td> <td class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> @@ -233,7 +237,7 @@ include("head.inc"); </td> </tr> <tr> - <td colspan="4"> + <td colspan="5"> <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:");?><br> </strong></span><?=gettext("The virtual IP addresses defined on this page may be used in");?><a href="firewall_nat.php"> <?=gettext("NAT"); ?> </a><?=gettext("mappings.");?><br> <?=gettext("You can check the status of your CARP Virtual IPs and interfaces ");?><a href="carp_status.php"><?=gettext("here");?></a>.</span></p> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index c187878..7971478 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -314,6 +314,9 @@ if ($_POST) { $server = array(); + if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) + openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created. + if ($vpnid) $server['vpnid'] = $vpnid; else |
