summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-02-17 23:47:30 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-02-17 23:47:30 +0000
commit5ccfea3374301378b131f238d6d7c9ba2daf0b34 (patch)
tree6c8a9f2eed582c86af89992aaa9d5915f39d364c
parent174861fdd94cbdbdad4071ac2db367ef956b4075 (diff)
downloadpfsense-5ccfea3374301378b131f238d6d7c9ba2daf0b34.zip
pfsense-5ccfea3374301378b131f238d6d7c9ba2daf0b34.tar.gz
Add carp_rules.php which will loop through the carp rules and if an items defined that is not on the wan interface make sure that nat rules are setup by addiing the nat rule to the natrules anchor. This utilizies the new rule framework.
-rw-r--r--etc/inc/filter.inc11
-rw-r--r--etc/inc/pfsense-utils.inc61
-rw-r--r--etc/inetd.conf2
3 files changed, 61 insertions, 13 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 34fcaf2..10385a4 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -153,17 +153,6 @@ function filter_configure() {
}
}
-function exec_command($command) {
- $counter = 0;
- $tmp = "";
- $fd = popen($command . " 2>&1 ", "r");
- while(!feof($fd)) {
- $tmp .= fread($fd,49);
- }
- fclose($fd);
- return $tmp;
-}
-
function filter_get_altq_queue_scheduler_type($associatedrule) {
global $config;
return $config['system']['schedulertype'];
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 887994e..61106ab 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -31,7 +31,7 @@
/*
* log_error: send string to syslog
- */
+ */
function log_error($error) {
syslog(LOG_WARNING, $error);
return;
@@ -92,4 +92,63 @@ function is_carp_defined() {
return true;
}
+/*
+ * exec_command($command): execute command return string of result
+ */
+function exec_command($command) {
+ $counter = 0;
+ $tmp = "";
+ $fd = popen($command . " 2>&1 ", "r");
+ while(!feof($fd)) {
+ $tmp .= fread($fd,49);
+ }
+ fclose($fd);
+ return $tmp;
+}
+
+/*
+ * convert_ip_to_network_format($ip, $subnet): converts an ip address to network form
+ */
+function convert_ip_to_network_format($ip, $subnet) {
+ $ipsplit = split('[.]', $ip);
+ $string = $ipsplit[0] . "." . $ipsplit[1] . "." . $ipsplit[2] . ".0/" . $subnet;
+ return $string;
+}
+
+/*
+ * find_ip_interface($ip): return the interface where an ip is defined
+ */
+function find_ip_interface($ip) {
+ $i = 0;
+ $ifdescrs = array('wan', 'lan');
+ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) {
+ $ifdescrs['opt' . $j] = "opt" . $j;
+ }
+ foreach ($ifdescrs as $ifdescr => $ifname) {
+ $int = filter_translate_type_to_real_interface($ifname);
+ $ifconfig = exec_command("/sbin/ifconfig {$int}");
+ if(stristr($ifconfig,$ip) <> false)
+ return $int;
+ }
+ return false;
+}
+
+/*
+ * find_carp_interface($ip): return the carp interface where an ip is defined
+ */
+function find_carp_interface($ip) {
+ for($x=0; $x<99; $x++) {
+ $ifconfig = exec_command("/sbin/ifconfig {$int}");
+ if(stristr($ifconfig,$ip) <> false)
+ return "carp" . $x;
+ }
+}
+
+/*
+ * add_rule_to_anchor($anchor, $rule): adds the specified rule to an anchor
+ */
+function add_rule_to_anchor($anchor, $rule) {
+ mwexec($rule . " | pfctl -a " . $anchor . " -f -");
+}
+
?> \ No newline at end of file
diff --git a/etc/inetd.conf b/etc/inetd.conf
index c0b2289..87cf70f 100644
--- a/etc/inetd.conf
+++ b/etc/inetd.conf
@@ -1 +1 @@
-ftp-proxy stream tcp nowait root /usr/lib/libexec/ftp-proxy ftp-proxy -n -D0 \ No newline at end of file
+ftp-proxy stream tcp nowait root /usr/lib/libexec/ftp-proxy ftp-proxy -n -D0 -m 55000 -M 57000 -t 180 \ No newline at end of file
OpenPOWER on IntegriCloud