diff options
author | Ermal <eri@pfsense.org> | 2012-11-22 16:43:47 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-11-22 16:43:47 +0000 |
commit | 3a4b01476620d33b6d6200849231398f82e593c7 (patch) | |
tree | d4369e73df57bf65a21063de86af694fee376f43 /etc/inc/captiveportal.inc | |
parent | af13aad69fd8127bc505f36b7debc00aadc9320c (diff) | |
download | pfsense-3a4b01476620d33b6d6200849231398f82e593c7.zip pfsense-3a4b01476620d33b6d6200849231398f82e593c7.tar.gz |
Resolves #2529. Load the ipfw module before any commands are executed on CP. Also move the filter_load_ipfw() to captiveportal.inc:captiveportal_load_modules() since no other place uses ipfw(4)
Diffstat (limited to 'etc/inc/captiveportal.inc')
-rw-r--r-- | etc/inc/captiveportal.inc | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 5112e98..dfe6bab 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -36,7 +36,7 @@ added rules which may have been created by other per-user code (index.php, etc). These changes are (c) 2004 Keycom PLC. - pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl /sbin/kldunload + pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp pfSense_MODULE: captiveportal @@ -204,10 +204,37 @@ EOD; return $htmltext; } +function captiveportal_load_modules() { + global $config; + + mute_kernel_msgs(); + if (!is_module_loaded("ipfw.ko")) { + mwexec("/sbin/kldload ipfw"); + /* make sure ipfw is not on pfil hooks */ + mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"pf\" net.inet6.ip6.pfil.inbound=\"pf\"" . + " net.inet.ip.pfil.outbound=\"pf\" net.inet6.ip6.pfil.outbound=\"pf\""); + } + /* Always load dummynet now that even allowed ip and mac passthrough use it. */ + if (!is_module_loaded("dummynet.ko")) { + mwexec("/sbin/kldload dummynet"); + mwexec("/sbin/sysctl net.inet.ip.dummynet.io_fast=1 net.inet.ip.dummynet.hash_size=256"); + } + unmute_kernel_msgs(); + + /* XXX: This are not used in pfSense, if needed can be tuned + if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) { + mwexec("sysctl net.inet.ip.fw.dyn_max={$config['system']['maximumstates']}"); + } else { + mwexec("sysctl net.inet.ip.fw.dyn_max=10000"); + } + */ +} + function captiveportal_configure() { global $config, $cpzone; if (is_array($config['captiveportal'])) { + captiveportal_load_modules(); mwexec("/sbin/sysctl net.link.ether.ipfw=1"); foreach ($config['captiveportal'] as $cpkey => $cp) { $cpzone = $cpkey; @@ -491,6 +518,8 @@ function captiveportal_init_rules($reinit = false) { if (!isset($config['captiveportal'][$cpzone]['enable'])) return; + captiveportal_load_modules(); + $cpips = array(); $ifaces = get_configured_interface_list(); $cpinterfaces = explode(",", $config['captiveportal'][$cpzone]['interface']); @@ -530,15 +559,6 @@ function captiveportal_init_rules($reinit = false) { /* init dummynet/ipfw rules number database */ captiveportal_init_ipfw_ruleno(); - /* make sure ipfw is loaded */ - if (!is_module_loaded("ipfw.ko")) - filter_load_ipfw(); - /* Always load dummynet now that even allowed ip and mac passthrough use it. */ - if (!is_module_loaded("dummynet.ko")) { - mwexec("/sbin/kldload dummynet"); - mwexec("/sbin/sysctl net.inet.ip.dummynet.io_fast=1 net.inet.ip.dummynet.hash_size=256"); - } - $cprules = "add 65291 set 1 allow pfsync from any to any\n"; $cprules .= "add 65292 set 1 allow carp from any to any\n"; |