diff options
| author | Seth Mos <seth.mos@dds.nl> | 2011-03-15 09:59:39 +0100 |
|---|---|---|
| committer | Seth Mos <seth.mos@dds.nl> | 2011-03-15 09:59:39 +0100 |
| commit | 1ae43bfa8536bfe67d62722edfe8256c34834219 (patch) | |
| tree | 03684f7aa902b476e0fc8f476347eda0ab0a6600 | |
| parent | d52a66f970d3620fcc515023235d356a0f2fffb9 (diff) | |
| parent | 96f1a57a168fcca66d7c5079ff2b22f5ea444494 (diff) | |
| download | pfsense-1ae43bfa8536bfe67d62722edfe8256c34834219.zip pfsense-1ae43bfa8536bfe67d62722edfe8256c34834219.tar.gz | |
Merge remote branch 'upstream/master'
| -rw-r--r-- | etc/inc/captiveportal.inc | 16 | ||||
| -rw-r--r-- | etc/inc/easyrule.inc | 5 | ||||
| -rw-r--r-- | etc/inc/filter.inc | 29 | ||||
| -rw-r--r-- | etc/inc/pkg-utils.inc | 1 | ||||
| -rwxr-xr-x | etc/rc | 2 | ||||
| -rwxr-xr-x | etc/rc.initial.firmware_update | 24 | ||||
| -rwxr-xr-x | etc/rc.shutdown | 2 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_out.php | 20 | ||||
| -rwxr-xr-x | usr/local/www/services_wol.php | 28 |
9 files changed, 81 insertions, 46 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1191c7f..0363f78 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -837,7 +837,8 @@ function captiveportal_prune_old() { } /* write database */ - captiveportal_write_db($cpdb, false, $unsetindexes); + if (!empty($unsetindexes)) + captiveportal_write_db($cpdb, false, $unsetindexes); } /* remove a single client according to the DB entry */ @@ -1285,16 +1286,19 @@ function captiveportal_read_db($locked = false) { } /* write captive portal DB */ -function captiveportal_write_db($cpdb, $locked = false, $remove = array()) { +function captiveportal_write_db($cpdb, $locked = false, $remove = false) { global $g; if ($locked == false) $cpdblck = lock('captiveportaldb', LOCK_EX); - if (!empty($remove)) { - $cpdb = captiveportal_read_db(true); - foreach ($remove as $key) - unset($cpdb[$key]); + if (is_array($remove)) { + if (!empty($remove)) { + $cpdb = captiveportal_read_db(true); + foreach ($remove as $key) + unset($cpdb[$key]); + } else + return; //This makes sure no record removal calls } $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w"); if ($fd) { diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 45d3f74..63be652 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -79,11 +79,12 @@ function easyrule_block_rule_exists($int = 'wan') { } /* Search through the rules for one referencing our alias */ - foreach ($config['filter']['rule'] as $rule) + foreach ($config['filter']['rule'] as $rule) { if (!is_array($rule) || !is_array($rule['source'])) continue; if ($rule['source']['address'] == $blockaliasname . strtoupper($int) && ($rule['interface'] == $int)) return true; + } return false; } @@ -114,7 +115,7 @@ function easyrule_block_rule_create($int = 'wan') { $filterent['destination']['any'] = ''; $filterent['descr'] = "Easy Rule: Blocked from Firewall Log View"; - $a_filter[] = $filterent; + array_splice($a_filter, 0, 0, array($filterent)); return true; } diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7f5775a..77e27b4 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1571,6 +1571,16 @@ function filter_nat_rules_generate() { else sigkillbypid("/var/run/inetd.pid", "HUP"); } + + if (isset($config['pptpd']['mode']) && ($config['pptpd']['mode'] != "off")) { + if ($config['pptpd']['mode'] == "redir") { + $pptpdtarget = $config['pptpd']['redir']; + $natrules .= "# PPTP\n"; + $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto gre from any to any -> {$pptpdtarget}\n"; + $natrules .= "rdr on \${$FilterIflist['wan']['descr']} proto tcp from any to any port 1723 -> {$pptpdtarget}\n"; + } + } + $natrules .= discover_pkg_rules("nat"); $natrules .= filter_process_carp_nat_rules(); @@ -2525,7 +2535,7 @@ anchor "miniupnpd" EOD; - $upnp_interfaces = explode(",", $config['installedpackages']['miniupnpd']['config']['iface_array']); + $upnp_interfaces = explode(",", $config['installedpackages']['miniupnpd'][0]['config']['iface_array']); foreach($upnp_interfaces as $upnp_if) { if(is_array($FilterIflist[$upnp_if])) { $oc = $FilterIflist[$upnp_if]; @@ -2537,7 +2547,7 @@ EOD; if($sa) { $ipfrules .= <<<EOD -pass in quick on \${$oc['descr']} proto tcp from {$sa}/{$sn} to 239.255.255.250/32 port 1900 flags any keep state label "pass multicast traffic to miniupnpd" +pass in on \${$oc['descr']} proto tcp from {$sa}/{$sn} to 239.255.255.250/32 port 1900 keep state label "pass multicast traffic to miniupnpd" EOD; } @@ -2784,16 +2794,11 @@ function filter_setup_logging_interfaces() { echo "filter_setup_logging_interfaces() being called $mt\n"; } $rules = ""; - foreach ($FilterIflist as $ifdescr => $ifcfg) { - /* - * XXX: This should be cleared out after a discussion - * between pf(4) devs is cleared out. This breaks - * compatibility with OpenBSD. - */ - if(isset($ifcfg['virtual'])) - continue; - $rules .= "set loginterface {$ifcfg['if']}\n"; - } + if (isset($FilterIflist['lan'])) + $rules .= "set loginterface {$FilterIflist['lan']['if']}\n"; + else if (isset($FilterIflist['wan'])) + $rules .= "set loginterface {$FilterIflist['wan']['if']}\n"; + return $rules; } diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 9af1c43..5c21428 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -592,7 +592,6 @@ function install_package($package, $pkg_info = "") { write_config($changedesc); $static_output .= "done.\n"; update_output_window($static_output); - $static_output .= "Starting service.\n"; update_output_window($static_output); if($pkg_info['after_install_info']) update_output_window($pkg_info['after_install_info']); @@ -403,6 +403,4 @@ echo "Bootup complete" # Reset the cache. read-only requires this. /bin/rm /tmp/config.cache -/etc/rc.conf_mount_ro - exit 0 diff --git a/etc/rc.initial.firmware_update b/etc/rc.initial.firmware_update index 70e1dbc..8d16098 100755 --- a/etc/rc.initial.firmware_update +++ b/etc/rc.initial.firmware_update @@ -15,6 +15,25 @@ echo "."; $g['booting'] = false; +if(isset($config['system']['firmware']['alturl']['enable'])) + $updater_url = "{$config['system']['firmware']['alturl']['firmwareurl']}"; +else + $updater_url = $g['update_url']; + +$nanosize = ""; +if ($g['platform'] == "nanobsd") { + if (file_exists("/etc/nano_use_vga.txt")) + $nanosize = "-nanobsd-vga-"; + else + $nanosize = "-nanobsd-"; + + $nanosize .= strtolower(trim(file_get_contents("/etc/nanosize.txt"))); + $update_filename = "latest{$nanosize}.img.gz"; +} else { + $update_filename = "latest.tgz"; +} +$autoupdateurl = "{$updater_url}/{$update_filename}"; + $fp = fopen('php://stdin', 'r'); echo ".\n\n"; @@ -37,12 +56,15 @@ switch ($command) { die; break; case "1": - echo "\nEnter the URL to the .tgz or .img.gz update file:\n> "; + echo "\nEnter the URL to the .tgz or .img.gz update file. \nType 'auto' to use {$autoupdateurl}\n> "; $url = chop(fgets($fp)); if(!$url) { fclose($fp); die; } + if($url == "auto") { + $url = $autoupdateurl; + } $status = does_url_exist($url); if($status) { conf_mount_rw(); diff --git a/etc/rc.shutdown b/etc/rc.shutdown index b122f3f..f8dd4a2 100755 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -28,7 +28,7 @@ export PATH # temporary files on shutdown from /tmp/ PLATFORM=`cat /etc/platform` if [ "$PLATFORM" = "pfSense" ]; then - find -x /tmp/ -exec rm -f {} \; + find -x /tmp/ -type f -exec rm -f {} \; else /etc/rc.backup_rrd.sh /etc/rc.backup_dhcpleases.sh diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 3e2c402..6535fe8 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -448,14 +448,18 @@ include("head.inc"); </tr> <tr> <td colspan="12"> - <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br> - </strong></span><?=gettext("If advanced outbound NAT is enabled, no outbound NAT " . - "rules will be automatically generated any longer. Instead, only the mappings " . - "you specify below will be used. With advanced outbound NAT disabled, " . - "a mapping is automatically created for each interface's subnet " . - "(except WAN). If you use target addresses other than the WAN interface's " . - "IP address, then depending on the way your WAN connection is setup, you " . - "may also need a"); ?> <a href="firewall_virtual_ip.php"><?=gettext("Virtual IP."); ?></a></span><br> + <p><span class="vexpl"><span class="red"><strong><?=gettext("Note:"); ?><br> + </strong></span> + <?=gettext("With automatic outbound NAT enabled, a mapping is automatically created " . + "for each interface's subnet (except WAN-type connections) and the rules " . + "on this page are ignored.<br/><br/> " . + "If manual outbound NAT is enabled, outbound NAT rules will not be " . + "automatically generated and only the mappings you specify on this page " . + "will be used. <br/><br/> " . + "If a target address other than a WAN-type interface's IP address is used, " . + "then depending on the way the WAN connection is setup, a "); ?> + <a href="firewall_virtual_ip.php"><?=gettext("Virtual IP"); ?></a> + <?= gettext(" may also be required.") ?></span><br> </td> </tr> diff --git a/usr/local/www/services_wol.php b/usr/local/www/services_wol.php index e3c5b7d..cdc3e6a 100755 --- a/usr/local/www/services_wol.php +++ b/usr/local/www/services_wol.php @@ -54,15 +54,15 @@ if($_GET['wakeall'] <> "") { $mac = $wolent['mac']; $if = $wolent['interface']; $description = $wolent['descr']; - $bcip = gen_subnet_max(get_interface_ip($if), - get_interface_subnet($if)); + $ipaddr = get_interface_ip($if); + if (!is_ipaddr($ipaddr)) + continue; + $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")){ + if (!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) $savemsg .= sprintf(gettext('Sent magic packet to %1$s (%2$s)%3$s'),$mac, $description, ".<br>"); - } - else { + else $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s (%4$s) did not complete successfully%5$s'),'<a href="/diag_logs.php">','</a>',$description,$mac,".<br>"); - } } } @@ -89,14 +89,16 @@ if ($_POST || $_GET['mac']) { if (!$input_errors) { /* determine broadcast address */ - $bcip = gen_subnet_max(get_interface_ip($if), - get_interface_subnet($if)); - /* Execute wol command and check return code. */ - if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")){ - $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); - } + $ipaddr = get_interface_ip($if); + if (!is_ipaddr($ipaddr)) + $input_errors[] = gettext("A valid ip could not be found!"); else { - $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'<a href="/diag_logs.php">', '</a>', $mac, ".<br>"); + $bcip = gen_subnet_max($ipaddr, get_interface_subnet($if)); + /* Execute wol command and check return code. */ + if(!mwexec("/usr/local/bin/wol -i {$bcip} {$mac}")) + $savemsg .= sprintf(gettext("Sent magic packet to %s."),$mac); + else + $savemsg .= sprintf(gettext('Please check the %1$ssystem log%2$s, the wol command for %3$s did not complete successfully%4$s'),'<a href="/diag_logs.php">', '</a>', $mac, ".<br>"); } } } |
