diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-05-31 19:30:42 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-05-31 19:30:42 +0000 |
| commit | 8e22c8fbd81dc9cddfd67397552e8a218ccb8781 (patch) | |
| tree | 02ceaf40f6489fc4984dae1a698449603790f6b9 | |
| parent | 7ce3fb1812eb977395b111ce70911633fc5c5025 (diff) | |
| download | pfsense-8e22c8fbd81dc9cddfd67397552e8a218ccb8781.zip pfsense-8e22c8fbd81dc9cddfd67397552e8a218ccb8781.tar.gz | |
Remove filter_generate_ipfw_altq_rules() since we're not longer in IPFWland, toto
| -rw-r--r-- | etc/inc/filter.inc | 260 |
1 files changed, 0 insertions, 260 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 87b531d..572a035 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -420,266 +420,6 @@ function generate_optcfg_array(& $optcfg) { } } - -function filter_generate_ipfw_altq_rules() { - global $config, $g; - - $wancfg = $config['interfaces']['wan']; - $lancfg = $config['interfaces']['lan']; - $pptpdcfg = $config['pptpd']; - - $lanif = $lancfg['if']; - $wanif = get_real_wan_interface(); - - $lanip = $lancfg['ipaddr']; - $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); - $lansn = $lancfg['subnet']; - - /* optional interfaces */ - $optcfg = array(); - generate_optcfg_array($optcfg); - - if ($pptpdcfg['mode'] == "server") { - $pptpip = $pptpdcfg['localip']; - $pptpsa = $pptpdcfg['remoteip']; - $pptpsn = $g['pptp_subnet']; - } - - $rulei = 50000; - - /* add a rule to pass all traffic from/to the firewall, - so the user cannot lock himself out of the webGUI */ - //$shaperrules = "add $rulei set 4 skipto 65535 ip from me to any\n"; $rulei++; - $shaperrules .= "add $rulei set 4 skipto 65535 ip from {$lansa}/{$lansn} to me\n"; $rulei++; - $shaperrules .= "add $rulei set 4 skipto 65535 carp from any to any\n"; $rulei++; - $shaperrules .= "add $rulei set 4 skipto 65535 pfsync from any to any\n"; $rulei++; - - /* generate rules */ - if (isset($config['shaper']['rule'])) - foreach ($config['shaper']['rule'] as $rule) { - - /* don't include disabled rules */ - if (isset($rule['disabled'])) { - $i++; - continue; - } - - /* does the rule deal with a PPTP interface? */ - if ($rule['interface'] == "pptp") { - - if ($pptpdcfg['mode'] != "server") { - $i++; - continue; - } - - $nif = $g['n_pptp_units']; - $ispptp = true; - } else { - - if (strstr($rule['interface'], "opt")) { - if (!array_key_exists($rule['interface'], $optcfg)) { - $i++; - continue; - } - } - - $nif = 1; - $ispptp = false; - } - - if ($pptpdcfg['mode'] != "server") { - if (($rule['source']['network'] == "pptp") || - ($rule['destination']['network'] == "pptp")) { - $i++; - continue; - } - } - - if (strstr($rule['source']['network'], "opt")) { - if (!array_key_exists($rule['source']['network'], $optcfg)) { - $i++; - continue; - } - } - if (strstr($rule['destination']['network'], "opt")) { - if (!array_key_exists($rule['destination']['network'], $optcfg)) { - $i++; - continue; - } - } - - /* check for unresolvable aliases */ - if ($rule['source']['address'] && !alias_expand($rule['source']['address'])) { - $i++; - continue; - } - if ($rule['destination']['address'] && !alias_expand($rule['destination']['address'])) { - $i++; - continue; - } - - for ($iif = 0; $iif < $nif; $iif++) { - - $queuename = filter_altq_get_queuename($rule['targetqueue']); - $line = "add $rulei set 4 pass altq " . $rule['targetqueue'] . " "; - $rulei++; - - if (isset($rule['protocol'])) { - $line .= "{$rule['protocol']} "; - } else { - $line .= "all "; - } - - /* source address */ - if (isset($rule['source']['any'])) { - $src = "any"; - } else if ($rule['source']['network']) { - if (strstr($rule['source']['network'], "opt")) { - $src = $optcfg[$rule['source']['network']]['sa'] . "/" . - $optcfg[$rule['source']['network']]['sn']; - } else { - switch ($rule['source']['network']) { - case 'lan': - $src = "$lansa/$lansn"; - break; - case 'pptp': - $src = "$pptpsa/$pptpsn"; - break; - } - } - } else if ($rule['source']['address']) { - $src = $rule['source']['address']; - } - - if (!$src) { - printf("No source address found in rule $i\n"); - break; - } - - if (isset($rule['source']['not'])) { - $line .= "from not $src "; - } else { - $line .= "from $src "; - } - - if (!isset($rule['protocol']) || in_array($rule['protocol'], array("tcp","udp"))) { - if ($rule['source']['port']) { - /* - * Check to see if port is a alias. If so grab it and - * enclose it in { } to pass to pf. - * - * Otherwise combine the portrange into one if its only - * one item. - */ - $src = alias_expand($rule['source']['port']); - if($src <> "") { - $line .= $rule['destination']['port']; - } else { - $srcport = explode("-", $rule['source']['port']); - if ((!$srcport[1]) || ($srcport[0] == $srcport[1])) { - $line .= "{$srcport[0]} "; - } else { - $line .= "{$srcport[0]}-{$srcport[1]} "; - } - } - } - } - - /* destination address */ - if (isset($rule['destination']['any'])) { - $dst = "any"; - } else if ($rule['destination']['network']) { - - if (strstr($rule['destination']['network'], "opt")) { - $dst = $optcfg[$rule['destination']['network']]['sa'] . "/" . - $optcfg[$rule['destination']['network']]['sn']; - } else { - switch ($rule['destination']['network']) { - case 'lan': - $dst = "$lansa/$lansn"; - break; - case 'pptp': - $dst = "$pptpsa/$pptpsn"; - break; - } - } - } else if ($rule['destination']['address']) { - $dst = $rule['destination']['address']; - } - - if (!$dst) { - printf("No destination address found in rule $i\n"); - break; - } - - if (isset($rule['destination']['not'])) { - $line .= "to not $dst "; - } else { - $line .= "to $dst "; - } - - if (!isset($rule['protocol']) || in_array($rule['protocol'], array("tcp","udp"))) { - if ($rule['destination']['port']) { - $dst = alias_expand($rule['destination']['port']); - /* - * Check to see if port is a alias. If so grab it and - * enclose it in { } to pass to pf. - * - * Otherwise combine the portrange into one if its only - * one item. - */ - if($dst <> "") { - $line .= $rule['destination']['port']; - } else { - $dstport = explode("-", $rule['destination']['port']); - if ((!$dstport[1]) || ($dstport[0] == $dstport[1])) { - $line .= "{$dstport[0]} "; - } else { - $line .= "{$dstport[0]}-{$dstport[1]} "; - } - } - } - } - - if ($rule['iplen']) - $line .= "iplen {$rule['iplen']} "; - - if ($rule['iptos']) - $line .= "iptos {$rule['iptos']} "; - - if ($rule['tcpflags']) - $line .= "tcpflags {$rule['tcpflags']} "; - - if ($rule['direction'] == "in") - $line .= "in recv "; - else if ($rule['direction'] == "out") - $line .= "out xmit "; - - if ($ispptp) { - $line .= " ng" . ($iif+1); - } else { - $if = $config['interfaces'][$rule['interface']]['if']; - - if ($rule['interface'] == "wan") - $if = $wanif; - else if($rule['interface'] == "lan") - $if = $lanif; - - $line .= " {$if}"; - } - - $line .= "\n"; - $shaperrules .= $line; - } - - $i++; - } - - $rulei++; - - return $shaperrules; -} - function filter_generate_pf_altq_rules() { /* I don't think we're in IPFW anymore Toto */ |
