diff options
author | Evgeny Yurchenko <ey@tm-k.com> | 2011-07-03 03:18:23 -0400 |
---|---|---|
committer | Evgeny Yurchenko <ey@tm-k.com> | 2011-07-03 03:18:23 -0400 |
commit | ae660b3ce7d7e2b1f34cb9f1b52eb4ce21e17c42 (patch) | |
tree | d22bc2d9ad34581762523f0f4aaeef28c46b4b0e | |
parent | 2ba6c4ab463a6e42dd9b72b6c8905e6e3b5237c2 (diff) | |
download | pfsense-ae660b3ce7d7e2b1f34cb9f1b52eb4ce21e17c42.zip pfsense-ae660b3ce7d7e2b1f34cb9f1b52eb4ce21e17c42.tar.gz |
Feature#1603. URL table aliases should be usable within network type aliases.
-rw-r--r-- | etc/inc/filter.inc | 21 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 5 |
2 files changed, 24 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 81b3080..d4a1391 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -452,6 +452,15 @@ function filter_generate_scrubing() { return $scrubrules; } +function get_alias_type($name) { + global $config; + + foreach ($config['aliases']['alias'] as $alias) + if ($name == $alias['name']) + return $alias['type']; + return ""; +} + function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting) { global $aliastable, $filterdns; @@ -465,8 +474,18 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $linelength = strlen($builtlist); $tmpline = ""; if(is_alias($address)) { + if (get_alias_type($address) == 'urltable'){ + // Feature#1603. For this type of alias we do not need to recursively call filter_generate_nested_alias. Just load IPs from the file. + $urlfn = alias_expand_urltable($address); + if ($file_as_arr=file($urlfn)){ + foreach($file_as_arr as $line){ + $address= rtrim($line); + $tmpline .= " $address"; + } + } + } /* We already expanded this alias so there is no neccessity to do it again. */ - if(!isset($aliasnesting[$address])) + else if(!isset($aliasnesting[$address])) $tmpline = filter_generate_nested_alias($address, $aliastable[$address], $aliasnesting, $aliasaddrnesting); } else if(!isset($aliasaddrnesting[$address])) { if(!is_ipaddr($address) && !is_subnet($address) && !is_port($address)) { diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 8602740..9d0f120 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -252,7 +252,10 @@ if ($_POST) { if($_POST["address{$x}"] <> "") { if (is_alias($_POST["address{$x}"])) { if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) - $wrongaliases .= " " . $_POST["address{$x}"]; + // But alias type network can include alias type urltable. Feature#1603. + if (!($_POST['type'] == 'network' && + get_alias_type($_POST["address{$x}"]) == 'urltable')) + $wrongaliases .= " " . $_POST["address{$x}"]; } else if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"])) $input_errors[] = $_POST["address{$x}"] . " " . gettext("is not a valid port or alias."); |