summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2013-01-30 10:22:02 +0000
committerErmal <eri@pfsense.org>2013-01-30 10:26:14 +0000
commit9eb49a5152a8f3affbf85eaf1923e60eef3b1375 (patch)
treefaa432c58d691cd7a82f606fd6f8f6a0d86549a1
parent31b958d5b065a25d9b842d31d793000c93658e15 (diff)
downloadpfsense-9eb49a5152a8f3affbf85eaf1923e60eef3b1375.zip
pfsense-9eb49a5152a8f3affbf85eaf1923e60eef3b1375.tar.gz
pfctl -b is gone just use std tools of pfctl
-rw-r--r--etc/inc/filter.inc17
-rw-r--r--etc/inc/interfaces.inc2
-rwxr-xr-xsbin/dhclient-script2
-rwxr-xr-xusr/local/sbin/ovpn-linkdown2
-rwxr-xr-xusr/local/sbin/ppp-linkdown11
-rwxr-xr-xusr/local/sbin/ppp-linkup2
6 files changed, 13 insertions, 23 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index cf6fbc9..883b737 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -139,17 +139,12 @@ function filter_delete_states_for_down_gateways() {
continue;
$gwstatus =& $a_gateways[$gateway['monitor']];
if (strstr($gwstatus['status'], "down")) {
- $gwip = $gateway['gateway'];
- if (!is_ipaddr($gwip))
- $gwip = get_interface_gateway($gateway['friendlyiface']);
- if (is_ipaddr($gwstatus['srcip'])) {
- $cmd = "/sbin/pfctl -b {$gwstatus['srcip']}/32 ";
- if (is_ipaddr($gwip))
- $cmd .= "-b {$gwip}/32";
- else
- $cmd .= "-b 0.0.0.0/32";
- mwexec($cmd);
- }
+ if (!empty($gateway['interface']))
+ $gwiface = $gateway['interface'];
+ else
+ $gwiface = get_real_interface($gateway['friendlyiface']);
+ $cmd = "/sbin/pfctl -i {$gwiface} -k 0.0.0.0/0";
+ mwexec($cmd);
}
}
}
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc
index 890710e..f6a3122 100644
--- a/etc/inc/interfaces.inc
+++ b/etc/inc/interfaces.inc
@@ -1188,7 +1188,7 @@ function interface_bring_down($interface = "wan", $destroy = false, $ifacecfg =
// log_error("Checking for old router states: {$g['tmp_path']}/{$realif}_router = {$old_router}");
if (!empty($old_router)) {
log_error("Clearing states to old gateway {$old_router}.");
- mwexec("/sbin/pfctl -b 0.0.0.0/32 -b {$old_router}/32");
+ mwexec("/sbin/pfctl -i {$realif} -k 0.0.0.0/0");
}
/* remove interface up file if it exists */
diff --git a/sbin/dhclient-script b/sbin/dhclient-script
index 21bb473..dda92a9 100755
--- a/sbin/dhclient-script
+++ b/sbin/dhclient-script
@@ -82,7 +82,7 @@ delete_old_states() {
$LOGGER "Comparing Routers: Old: ${OLD_ROUTER} New: ${new_routers}"
if [ "${OLD_ROUTER}" != "${new_routers}" ]; then
$LOGGER "Removing states through old gateway '${OLD_ROUTER}' (new gateway '${new_routers}')"
- /sbin/pfctl -b 0.0.0.0/32 -b ${OLD_ROUTER}/32
+ /sbin/pfctl -i $interface -k 0.0.0.0/0 -k ${OLD_ROUTER}/32
fi
fi
}
diff --git a/usr/local/sbin/ovpn-linkdown b/usr/local/sbin/ovpn-linkdown
index b300aed..4780b4f 100755
--- a/usr/local/sbin/ovpn-linkdown
+++ b/usr/local/sbin/ovpn-linkdown
@@ -1,5 +1,5 @@
#!/bin/sh
-# /sbin/pfctl -b $4 -b $5
+/sbin/pfctl -i $1 -k 0.0.0.0/0
# delete the node just in case mpd cannot do that
/bin/rm -f /var/etc/nameserver_$1
/bin/rm -f /tmp/$1_router
diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown
index 87560f7..2ab0b6b 100755
--- a/usr/local/sbin/ppp-linkdown
+++ b/usr/local/sbin/ppp-linkdown
@@ -16,14 +16,9 @@ if [ "$3" != "" ]; then
pfctl -K ${LOCAL_IP}
fi
-OLD_ROUTER=`/bin/cat /tmp/${1}_router`
-if [ "${OLD_ROUTER}" != "" ]; then
- echo "Removing states to ${OLD_ROUTER}" | logger -t ppp-linkdown
- /sbin/pfctl -b 0.0.0.0/32 -b ${OLD_ROUTER}/32
-
- if [ -f "/tmp/${interface}_defaultgw" ]; then
- route delete default ${OLD_ROUTER}
- fi
+/sbin/pfctl -i $1 -k 0.0.0.0/0
+if [ -f "/tmp/${1}_defaultgw" ]; then
+ route delete default ${OLD_ROUTER}
fi
# delete the node just in case mpd cannot do that
/usr/sbin/ngctl shutdown $1:
diff --git a/usr/local/sbin/ppp-linkup b/usr/local/sbin/ppp-linkup
index 3a62fbb..50308b1 100755
--- a/usr/local/sbin/ppp-linkup
+++ b/usr/local/sbin/ppp-linkup
@@ -5,7 +5,7 @@ if [ "$2" == "inet" ]; then
OLD_ROUTER=`/bin/cat /tmp/${1}_router`
if [ "${OLD_ROUTER}" != "" ]; then
echo "Removing states to old router ${OLD_ROUTER}" | logger -t ppp-linkup
- /sbin/pfctl -b 0.0.0.0/32 -b ${OLD_ROUTER}/32
+ /sbin/pfctl -i $1 -k 0.0.0.0/0 -k ${OLD_ROUTER}/32
fi
# let the configuration system know that the ipv4 has changed.
OpenPOWER on IntegriCloud