summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2007-04-30 21:04:11 +0000
committerScott Ullrich <sullrich@pfsense.org>2007-04-30 21:04:11 +0000
commit4303fbff5e9e36e5c140a97ca9af1751b647c0b5 (patch)
treedd708893196c997c7be2aac8331aabaf3bc28133
parent27ecd06e76009db9d59de586202c0b56917d2fe7 (diff)
downloadpfsense-4303fbff5e9e36e5c140a97ca9af1751b647c0b5.zip
pfsense-4303fbff5e9e36e5c140a97ca9af1751b647c0b5.tar.gz
* add comments about scheduler logic * correct one case where the logic was not correct
-rw-r--r--etc/inc/filter.inc13
-rw-r--r--etc/inc/pfsense-utils.inc6
2 files changed, 10 insertions, 9 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index d953e58..50d0572 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2050,9 +2050,11 @@ function generate_user_filter_rule($rule, $ngcounter) {
if($g['debug'])
log_error("[TDR DEBUG] status true -- rule type '$type'");
if($type == "block") {
+ // active deny rules should deny
$ipfw_rule = tdr_create_ipfw_rule($rule, "deny");
tdr_install_rule($ipfw_rule);
} else {
+ // active allow rules should allow
$ipfw_rule = tdr_create_ipfw_rule($rule, "allow");
tdr_install_rule($ipfw_rule);
}
@@ -2062,20 +2064,23 @@ function generate_user_filter_rule($rule, $ngcounter) {
* active else allow traffic until active
*/
if($type == "pass") {
+ // inactive pass rules should deny
$ipfw_rule = tdr_create_ipfw_rule($rule, "deny");
tdr_install_rule($ipfw_rule);
} else {
- $ipfw_rule = tdr_create_ipfw_rule($rule, "allow");
+ // inactive block rules should skipto
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "skipto");
tdr_install_rule($ipfw_rule);
}
return "# $line";
}
} else {
if($schedule_enabled) {
- $ipfw_rule = tdr_create_ipfw_rule($rule, "noschedallow");
+ // no schedule allow rules should simply allow
+ $ipfw_rule = tdr_create_ipfw_rule($rule, "allow");
tdr_install_rule($ipfw_rule);
- }
- return $line;
+ }
+ return $line;
}
}
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index d75db27..c857cf0 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -486,16 +486,12 @@ function tdr_create_ipfw_rule($rule, $type) {
tdr_get_next_ipfw_rule();
/* piece together the actual user rule */
- if($type == "allow") {
+ if($type == "skipto") {
$next_rule = tdr_get_next_ipfw_rule();
$next_rule = $next_rule+1;
$type = "skipto $next_rule";
}
- if($type == "noschedallow") {
- $type = "allow";
- }
-
/* piece together the actual user rule */
$line .= $type . " " . $aline['prot'] . $aline['src'] .
$aline['srcport'] . $aline['dst'] . $aline['dstport'] . " in recv " . $aline['interface'];
OpenPOWER on IntegriCloud