diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-04-22 22:11:37 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-04-22 22:11:37 +0000 |
| commit | 103a98ad5e31890f28f9335b7cd666fd7d0fbb8b (patch) | |
| tree | a4a89f00e1eccfd0d2e40035cc3b4521b638dcfa | |
| parent | 8bbeb09d75c9f28f74869dee76c98fdc054d9f25 (diff) | |
| download | pfsense-103a98ad5e31890f28f9335b7cd666fd7d0fbb8b.zip pfsense-103a98ad5e31890f28f9335b7cd666fd7d0fbb8b.tar.gz | |
Make the ordering of the IPFW time based rules exactly the same as PF so there are no strange "gotchas" or "caveats" that the user would have to abide by.
| -rw-r--r-- | etc/inc/filter.inc | 6 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 4 |
2 files changed, 10 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 79cef73..4f5ef4f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1260,6 +1260,7 @@ function generate_user_filter_rule_arr($rule, $ngcounter) { function generate_user_filter_rule($rule, $ngcounter) { global $config, $g; global $table_cache; + global $schedule_enabled; if(isset($config['system']['developerspew'])) { $mt = microtime(); @@ -1951,6 +1952,7 @@ function generate_user_filter_rule($rule, $ngcounter) { foreach($config['schedules']['schedule'] as $sched) { if($sched['name'] == $rule['sched']) $schedule_xml_block = $sched; + $schedule_enabled = true; } } if($schedule_xml_block) @@ -1980,6 +1982,10 @@ function generate_user_filter_rule($rule, $ngcounter) { return "# $line"; } } else { + if($schedule_enabled) { + $ipfw_rule = tdr_create_ipfw_rule($rule, "noschedallow"); + tdr_install_rule($ipfw_rule); + } return $line; } } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index b8c0ea5..99c1521 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -465,6 +465,10 @@ function tdr_create_ipfw_rule($rule, $type) { $type = "skipto $next_rule"; } + if($type == "noschedallow") { + $type = "allow"; + } + /* piece together the actual user rule */ $line .= $type . " " . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['dst'] . $aline['dstport'] . " in recv " . $aline['interface']; |
