diff options
author | Renato Botelho <renato.botelho@bluepex.com> | 2010-04-30 08:08:38 -0300 |
---|---|---|
committer | Renato Botelho <renato.botelho@bluepex.com> | 2010-04-30 08:08:38 -0300 |
commit | 4e480d211adc9061fc2f964c760e6806d2db27eb (patch) | |
tree | d3c3ecd3711aa8d99cb824634f55df9310760758 | |
parent | c8aa6bdd949b2b7174693390d2ddfcead01e7f9b (diff) | |
parent | 05f3ffa431cf622828d311dd9b9b8ea49f9d1006 (diff) | |
download | pfsense-4e480d211adc9061fc2f964c760e6806d2db27eb.zip pfsense-4e480d211adc9061fc2f964c760e6806d2db27eb.tar.gz |
Merge remote branch 'mainline/master'
-rw-r--r-- | etc/inc/filter.inc | 130 | ||||
-rw-r--r-- | etc/inc/openvpn.inc | 8 | ||||
-rw-r--r-- | etc/inc/system.inc | 1 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkdown | 1 | ||||
-rwxr-xr-x | usr/local/www/diag_ping.php | 1 | ||||
-rwxr-xr-x | usr/local/www/interfaces.php | 2 | ||||
-rwxr-xr-x | usr/local/www/system_gateway_groups.php | 2 | ||||
-rwxr-xr-x | usr/local/www/system_routes.php | 2 | ||||
-rwxr-xr-x | usr/local/www/system_routes_edit.php | 2 |
9 files changed, 80 insertions, 69 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cba2ae2..51c88f9 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -149,7 +149,7 @@ function delete_states_for_down_gateways() { /* reload filter sync */ function filter_configure_sync() { - global $config, $g, $after_filter_configure_run, $FilterIflist, $GatewaysList, $GatewayGroupsList; + global $config, $g, $after_filter_configure_run, $FilterIflist; global $time_based_rules, $filterdns; /* Use config lock to not allow recursion and config changes during this run. */ @@ -171,24 +171,21 @@ function filter_configure_sync() { if($g['booting'] == true) echo "Configuring firewall"; - /* Lookup Gateways to be used in filter rules once */ - $GatewaysList = return_gateways_array(); - $GatewayGroupsList = return_gateway_groups_array(); - /* generate aliases */ if($g['booting'] == true) echo "."; update_filter_reload_status("Creating aliases"); $aliases = filter_generate_aliases(); - /* generate nat rules */ + $gateways = filter_generate_gateways(); if($g['booting'] == true) echo "."; update_filter_reload_status("Generating NAT rules"); + /* generate nat rules */ $natrules = filter_nat_rules_generate(); - /* generate pfctl rules */ if($g['booting'] == true) echo "."; update_filter_reload_status("Generating filter rules"); + /* generate pfctl rules */ $pfrules = filter_rules_generate(); /* generate altq, limiter */ if($g['booting'] == true) @@ -221,6 +218,7 @@ function filter_configure_sync() { $rules = ""; $rules .= "{$aliases} \n"; + $rules .= "{$gateways} \n"; update_filter_reload_status("Setting up logging information"); $rules .= filter_setup_logging_interfaces(); if($config['system']['optimization'] <> "") { @@ -532,6 +530,67 @@ function filter_generate_aliases() { return $result; } +function filter_generate_gateways() { + global $config, $g; + + $rules = "# Gateways\n"; + + update_filter_reload_status("Creating gateway group item..."); + + /* Lookup Gateways to be used in filter rules once */ + $GatewaysList = return_gateways_array(); + $GatewayGroupsList = return_gateway_groups_array(); + + if (is_array($GatewaysList)) { + foreach ($GatewaysList as $gwname => $gateway) { + $int = $gateway['interface']; + $gwip = $gateway['gateway']; + $route = ""; + if (!is_ipaddr($gwip)) + $gwip = get_interface_gateway($gateway['friendlyiface']); + if (is_ipaddr($gwip) && !empty($int)) + $route = "route-to ( {$int} {$gwip} )\n"; + $rules .= "{$gwname} = \" {$route} \"\n"; + } + } + + if(is_array($GatewayGroupsList)) { + foreach ($GatewayGroupsList as $gateway => $members) { + if (count($members) > 0) { + $foundlb = 0; + $routeto = ""; + foreach($members as $idx => $member) { + $int = $member['int']; + $gatewayip = $member['gwip']; + if (($int <> "") && is_ipaddr($gatewayip)) { + if ($g['debug']) + log_error("Setting up route with {$gatewayip} om $int"); + if ($idx > 1) + $routeto .= ", "; + $routeto .= "( {$int} {$gatewayip} ) "; + $foundlb = 1; + } else + log_error("An error occurred while trying to find the interface got $gatewayip . The rule has not been added."); + } + $route = ""; + if ($foundlb > 0) { + $route = " route-to { {$routeto} } "; + if ($idx > 1) { + $route .= " round-robin "; + if (isset($config['system']['lb_use_sticky'])) + $route .= " sticky-address "; + } + } + $rules .= "{$gateway} = \" {$route} \"\n"; + } + } + } + + $rules .= "\n"; + + return $rules; +} + /* returns space separated list of vpn subnets */ function filter_get_vpns_list() { global $config; @@ -1347,7 +1406,7 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { } function filter_generate_user_rule($rule) { - global $config, $g, $FilterIflist, $GatewaysList, $GatewayGroupsList; + global $config, $g, $FilterIflist; global $layer7_rules_list; if(isset($config['system']['developerspew'])) { @@ -1437,59 +1496,8 @@ function filter_generate_user_rule($rule) { } /* if user has selected a custom gateway, lets work with it */ else if($rule['gateway'] <> "") { - $foundlb = 0; - $routeto = " route-to { "; - update_filter_reload_status("Creating gateway group item..."); - if(is_array($GatewayGroupsList[$rule['gateway']])) { - $gateway = $rule['gateway']; - $members = $GatewayGroupsList[$rule['gateway']]; - $member_count = count($members); - foreach($members as $member) { - $int = $member['int']; - $gatewayip = $member['gwip']; - if(($int <> "") && is_ipaddr($gatewayip)) { - if($g['debug']) - log_error("Setting up route with {$gatewayip} om $int"); - if($foundlb == 1) - $routeto .= ", "; - $routeto .= "( {$int} {$gatewayip} ) "; - $foundlb = 1; - } else { - log_error("An error occurred while trying to find the interface got $gatewayip . The rule has not been added."); - } - } - /* If we want failover just use route-to else round-robin */ - if($member_count == 1) { - $routeto .= "} "; - } else { - $routeto .= "} round-robin "; - if(isset($config['system']['lb_use_sticky'])) - $routeto .= " sticky-address "; - } - } /* Add the load balanced gateways */ - if($foundlb == 1) - $aline['route'] = $routeto; - - /* we're not using load balancing, just setup gateway */ - else if($foundlb == 0) { - $gateway = $rule['gateway']; - if(!is_ipaddr($gateway)) { - $gwip = $GatewaysList[$gateway]['gateway']; - if($GatewaysList[$gateway]['interface']) - $int = $GatewaysList[$gateway]['interface']; - else - $int = ""; - } else { - $gwip = $gateway; - $int = guess_interface_from_ip($gwip); - } - if((is_ipaddr($gwip)) && ($int <> "")) { - $aline['route'] = " route-to ( {$int} {$gwip} ) "; - } else { - log_error("Could not find gateway ({$rule['gateway']}) for rule {$rule['descr']} - {$rule['interface']}."); - } - } + $aline['route'] = " \${$rule['gateway']} "; } if(isset($rule['protocol'])) { @@ -2337,7 +2345,7 @@ function filter_process_carp_rules() { /* Generate IPSEC Filter Items */ function filter_generate_ipsec_rules() { - global $config, $g, $FilterIflist, $GatewaysList; + global $config, $g, $FilterIflist; if(isset($config['system']['developerspew'])) { $mt = microtime(); diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 6efffd0..66a81fc 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -340,8 +340,7 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "down /etc/rc.filter_configure\n"; if (!empty($iface_ip)) { - if ($mode == "server" || ($mode == "client" && !empty($settings['local_port']))) - $conf .= "local {$iface_ip}\n"; + $conf .= "local {$iface_ip}\n"; } // server specific settings @@ -446,8 +445,11 @@ function openvpn_reconfigure($mode,& $settings) { $conf .= "lport {$settings['local_port']}\n"; $conf .= "management 127.0.0.1 {$settings['local_port']}\n"; } - else + + // If there is no bind option at all (ip and/or port), add "nobind" directive + if ((empty($iface_ip)) && (!$settings['local_port'])) { $conf .= "nobind\n"; + } // The remote server $conf .= "remote {$settings['server_addr']} {$settings['server_port']}\n"; diff --git a/etc/inc/system.inc b/etc/inc/system.inc index fed4598..d26b1bb 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -324,7 +324,6 @@ function system_routing_configure() { return 0; } - function system_routing_enable() { global $config, $g; if(isset($config['system']['developerspew'])) { diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 3eeae34..3734b0b 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -3,6 +3,7 @@ if [ -f /tmp/$1up ] && [ -f /conf/$1.log ]; then seconds=$((`date -j +%s` - `/usr/bin/stat -f %m /tmp/$1up`)) /usr/local/sbin/ppp-log-uptime.sh $seconds $1 & fi +/sbin/pfctl -b $3 # delete the node just in case mpd cannot do that /usr/sbin/ngctl shutdown $1: /bin/rm -f /var/etc/nameserver_$1 diff --git a/usr/local/www/diag_ping.php b/usr/local/www/diag_ping.php index 4d82e06..b5658f5 100755 --- a/usr/local/www/diag_ping.php +++ b/usr/local/www/diag_ping.php @@ -136,7 +136,6 @@ include("head.inc"); ?> <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <span class="vexpl"><strong>Note: </strong></span> Multi-wan is not supported from this utility currently. </td> </tr> </table> diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index cb6466f..8b93c1e 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -1011,7 +1011,7 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" if($gateway['interface'] == $if) { ?> <option value="<?=$gateway['name'];?>" <?php if ($gateway['name'] == $pconfig['gateway']) echo "selected"; ?>> - <?=htmlspecialchars($gateway['name']);?> + <?=htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']);?> </option> <?php } diff --git a/usr/local/www/system_gateway_groups.php b/usr/local/www/system_gateway_groups.php index 3cd39c8..e580a8b 100755 --- a/usr/local/www/system_gateway_groups.php +++ b/usr/local/www/system_gateway_groups.php @@ -61,6 +61,8 @@ if ($_POST) { $retval = system_routing_configure(); $retval |= filter_configure(); + /* reconfigure our gateway monitor */ + setup_gateways_monitor(); $savemsg = get_std_save_message($retval); if ($retval == 0) diff --git a/usr/local/www/system_routes.php b/usr/local/www/system_routes.php index 9057afc..f6c55e6 100755 --- a/usr/local/www/system_routes.php +++ b/usr/local/www/system_routes.php @@ -158,7 +158,7 @@ include("head.inc"); </td> <td class="listr" ondblclick="document.location='system_routes_edit.php?id=<?=$i;?>';"> <?php - echo $a_gateways[$route['gateway']]['name'] . " "; + echo htmlentities($a_gateways[$route['gateway']]['name']) . " - " . htmlentities($a_gateways[$route['gateway']]['gateway']); ?> </td> <td class="listr" ondblclick="document.location='system_routes_edit.php?id=<?=$i;?>';"> diff --git a/usr/local/www/system_routes_edit.php b/usr/local/www/system_routes_edit.php index c4d027e..bc05b11 100755 --- a/usr/local/www/system_routes_edit.php +++ b/usr/local/www/system_routes_edit.php @@ -179,7 +179,7 @@ include("head.inc"); if ($gateway['name'] == $pconfig['gateway']) echo "selected"; } - echo ">" . htmlspecialchars($gateway['name']) . "</option>\n"; + echo ">" . htmlspecialchars($gateway['name']) . " - " . htmlspecialchars($gateway['gateway']) . "</option>\n"; } ?> </select> <br /> |