diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-04-30 21:04:11 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-04-30 21:04:11 +0000 |
| commit | 4303fbff5e9e36e5c140a97ca9af1751b647c0b5 (patch) | |
| tree | dd708893196c997c7be2aac8331aabaf3bc28133 | |
| parent | 27ecd06e76009db9d59de586202c0b56917d2fe7 (diff) | |
| download | pfsense-4303fbff5e9e36e5c140a97ca9af1751b647c0b5.zip pfsense-4303fbff5e9e36e5c140a97ca9af1751b647c0b5.tar.gz | |
* add comments about scheduler logic
* correct one case where the logic was not correct
| -rw-r--r-- | etc/inc/filter.inc | 13 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 6 |
2 files changed, 10 insertions, 9 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d953e58..50d0572 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2050,9 +2050,11 @@ function generate_user_filter_rule($rule, $ngcounter) { if($g['debug']) log_error("[TDR DEBUG] status true -- rule type '$type'"); if($type == "block") { + // active deny rules should deny $ipfw_rule = tdr_create_ipfw_rule($rule, "deny"); tdr_install_rule($ipfw_rule); } else { + // active allow rules should allow $ipfw_rule = tdr_create_ipfw_rule($rule, "allow"); tdr_install_rule($ipfw_rule); } @@ -2062,20 +2064,23 @@ function generate_user_filter_rule($rule, $ngcounter) { * active else allow traffic until active */ if($type == "pass") { + // inactive pass rules should deny $ipfw_rule = tdr_create_ipfw_rule($rule, "deny"); tdr_install_rule($ipfw_rule); } else { - $ipfw_rule = tdr_create_ipfw_rule($rule, "allow"); + // inactive block rules should skipto + $ipfw_rule = tdr_create_ipfw_rule($rule, "skipto"); tdr_install_rule($ipfw_rule); } return "# $line"; } } else { if($schedule_enabled) { - $ipfw_rule = tdr_create_ipfw_rule($rule, "noschedallow"); + // no schedule allow rules should simply allow + $ipfw_rule = tdr_create_ipfw_rule($rule, "allow"); tdr_install_rule($ipfw_rule); - } - return $line; + } + return $line; } } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index d75db27..c857cf0 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -486,16 +486,12 @@ function tdr_create_ipfw_rule($rule, $type) { tdr_get_next_ipfw_rule(); /* piece together the actual user rule */ - if($type == "allow") { + if($type == "skipto") { $next_rule = tdr_get_next_ipfw_rule(); $next_rule = $next_rule+1; $type = "skipto $next_rule"; } - if($type == "noschedallow") { - $type = "allow"; - } - /* piece together the actual user rule */ $line .= $type . " " . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['dst'] . $aline['dstport'] . " in recv " . $aline['interface']; |
