diff options
author | Scott Ullrich <sullrich@sullrich-MacBookPro.local> | 2009-02-28 20:19:24 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@sullrich-MacBookPro.local> | 2009-02-28 20:19:24 -0500 |
commit | 5e041d5f15e34cf2f4946bb120d682a05998148e (patch) | |
tree | e6a3b69a437205f348c1328e10e3fdfbb490ee32 /etc/inc/filter.inc | |
parent | 81203d1d7454a3fb66d384153064d835c34ebb16 (diff) | |
download | pfsense-5e041d5f15e34cf2f4946bb120d682a05998148e.zip pfsense-5e041d5f15e34cf2f4946bb120d682a05998148e.tar.gz |
Revert "Merge IPv6 changes"
This reverts commit 1f9f2a95b7b42cf33e730535092e56e214fdb848.
Conflicts:
etc/inc/filter.inc
etc/inc/interfaces.inc
etc/inc/pfsense-utils.inc
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 193 |
1 files changed, 52 insertions, 141 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index fc80488..d2f02cf 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -40,8 +40,7 @@ require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("notices.inc"); -require_once("shaper.inc"); -require_once("IPv6.inc"); +require_once ("shaper.inc"); /* holds the items that will be executed *AFTER* the filter is fully loaded */ $after_filter_configure_run = array(); @@ -396,15 +395,12 @@ function generate_optcfg_array() $oic = array(); $oic['if'] = get_real_interface($if); $oic['ip'] = get_interface_ip($if); - $oic['ip6'] = get_interface_ip($if, 'ipv6'); if (!is_ipaddr($oc['ipaddr']) && !empty($oc['ipaddr'])) $oic['type'] = $oc['ipaddr']; $oic['sn'] = get_interface_subnet($if); - $oic['sn6'] = get_interface_subnet($if, 'ipv6'); $oic['mtu'] = $oc['mtu']; $oic['descr'] = $ifdetail; $oic['sa'] = gen_subnet($oic['ip'], $oic['sn']); - $oic['sa6'] = $oic['ip6'] != '' ? Net_IPv6::getNetmask($oic['ip6'], $oic['sn6']) : null; $oic['nonat'] = $oc['nonat']; $oic['ftpproxy'] = !isset($oc['disableftpproxy']); $oic['alias-address'] = $oc['alias-address']; @@ -1257,21 +1253,12 @@ function generate_user_filter_rule($rule) /* do not process reply-to for gateway'd rules */ if ($rule['gateway'] == "" && interface_has_gateway($rule['interface'])) { - if (Net_IPv6::checkIPv6($rule['source']['address']) || Net_IPv6::checkIPv6($rule['destination']['address'])) { - $rg = get_interface_gateway($rule['interface'], 'IPv6'); - - if (Net_IPv6::checkIPv6($rg)) - $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; - else - log_error("Could not find gateway for interface({$rule['interface']})."); + $rg = get_interface_gateway($rule['interface']); + if (is_ipaddr($rg)) { + $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; } else { - $rg = get_interface_gateway($rule['interface']); - - if (is_ipaddr($rg)) { - $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; - } else { - if($rule['interface'] <> "pptp") - log_error("Could not find gateway for interface({$rule['interface']})."); + if($rule['interface'] <> "pptp") { + log_error("Could not find gateway for interface({$rule['interface']})."); } } } @@ -1332,29 +1319,12 @@ function generate_user_filter_rule($rule) } if (isset($rule['protocol'])) { - switch($rule['protocol']) { - case 'tcp/udp': - $aline['prot'] = " inet proto { tcp udp } "; - break; - case 'tcp6/udp6': - $aline['prot'] = " inet6 proto { tcp udp } "; - break; - case 'tcp6': - $aline['prot'] = " inet6 proto tcp "; - break; - case 'udp6': - $aline['prot'] = " inet6 proto udp "; - break; - case 'icmp': + if($rule['protocol'] == "tcp/udp") + $aline['prot'] = " proto { tcp udp } "; + elseif($rule['protocol'] == "icmp") $aline['prot'] = " inet proto icmp "; - break; - case 'icmp6': - $aline['prot'] = " inet6 proto ipv6-icmp "; - break; - default: + else $aline['prot'] = " proto {$rule['protocol']} "; - break; - } } else { if($rule['source']['port'] <> "" || $rule['destination']['port'] <> "") $aline['prot'] = " proto tcp "; @@ -1376,58 +1346,30 @@ function generate_user_filter_rule($rule) } } else { switch ($rule['source']['network']) { - case 'wanip': - if (isset($FilterIflist['wan']['ip6']) && isset($FilterIflist['wan']['ip'])) { - $src = "{ {$FilterIflist['wan']['ip6']}, {$FilterIflist['wan']['ip']} }"; - } else if (isset($FilterIflist['wan']['ip6'])) { - $src = $FilterIflist['wan']['ip6']; - } else { - $src = $FilterIflist['wan']['ip']; - } - - break; - case 'lanip': - if (isset($FilterIflist['lan']['ip6']) && isset($FilterIflist['lan']['ip'])) { - $src = "{ {$FilterIflist['lan']['ip6']}, {$FilterIflist['lan']['ip']} }"; - } else if (isset($FilterIflist['lan']['ip6'])) { - $src = $FilterIflist['lan']['ip6']; - } else { - $src = $FilterIflist['lan']['ip']; - } - - break; - case 'lan': - if ($FilterIflist['lan']['sa6'] != '' && $FilterIflist['lan']['sn6'] != '' && - $FilterIflist['lan']['sa'] != '' && $FilterIflist['lan']['sn'] != '') { - $lansa = $FilterIflist['lan']['sa']; - $lansn = $FilterIflist['lan']['sn']; - $lansa6 = $FilterIflist['lan']['sa6']; - $lansn6 = $FilterIflist['lan']['sn6']; - $src = "{ $lansa/$lansn, $lansa6/$lansn6 }"; - } else if ($FilterIflist['lan']['sa6'] != '' && $FilterIflist['lan']['sn6'] != '') { - $lansa6 = $FilterIflist['lan']['sa6']; - $lansn6 = $FilterIflist['lan']['sn6']; - $src = "{ $lansa6/$lansn6 }"; - } else { - $lansa = $FilterIflist['lan']['sa']; - $lansn = $FilterIflist['lan']['sn']; - $src = "{ $lansa/$lansn }"; + case 'wanip': + $src = $FilterIflist["wan"]['ip']; + break; + case 'lanip': + $src = $FilterIflist["lan"]['ip']; + break; + case 'lan': + $lansa = $FilterIflist['lan']['sa']; + $lansn = $FilterIflist['lan']['sn']; + $src = "{$lansa}/{$lansn}"; + break; + case 'pptp': + $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']); + $pptpsn = $FilterIflist['pptp']['sn']; + $src = "{$pptpsa}/{$pptpsn}"; + break; + case 'pppoe': + $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); + $pppoesn = $FilterIflist['pppoe']['sn']; + $src = "{$pppoesa}/{$pppoesn}"; + break; } - - break; - case 'pptp': - $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']); - $pptpsn = $FilterIflist['pptp']['sn']; - $src = "{$pptpsa}/{$pptpsn}"; - break; - case 'pppoe': - $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); - $pppoesn = $FilterIflist['pppoe']['sn']; - $src = "{$pppoesa}/{$pppoesn}"; - break; - } if (isset($rule['source']['not'])) $src = "!{$src}"; - } + } } else if ($rule['source']['address']) { $expsrc = alias_expand($rule['source']['address']); if (isset($rule['source']['not'])) @@ -1503,54 +1445,27 @@ function generate_user_filter_rule($rule) if (isset($rule['destination']['not'])) $dst = " !{$dst}"; } else { switch ($rule['destination']['network']) { - case 'wanip': - if (isset($FilterIflist['wan']['ip6']) && isset($FilterIflist['wan']['ip'])) { - $dst = "{ {$FilterIflist['wan']['ip6']}, {$FilterIflist['wan']['ip']} }"; - } else if (isset($FilterIflist['wan']['ip6'])) { - $dst = $FilterIflist['wan']['ip6']; - } else { - $dst = $FilterIflist['wan']['ip']; - } - - break; - case 'lanip': - if (isset($FilterIflist['lan']['ip6']) && isset($FilterIflist['lan']['ip'])) { - $dst = "{ {$FilterIflist['lan']['ip6']}, {$FilterIflist['lan']['ip']} }"; - } else if (isset($FilterIflist['lan']['ip6'])) { - $dst = $FilterIflist['lan']['ip6']; - } else { - $dst = $FilterIflist['lan']['ip']; - } - - break; - case 'lan': - if (isset($FilterIflist['lan']['sa6']) && isset($FilterIflist['lan']['sn6']) && - isset($FilterIflist['lan']['sa']) && isset($FilterIflist['lan']['sn'])) { - $lansa = $FilterIflist['lan']['sa']; - $lansn = $FilterIflist['lan']['sn']; - $lansa6 = $FilterIflist['lan']['sa6']; - $lansn6 = $FilterIflist['lan']['sn6']; - $dst = "{ $lansa/$lansn, $lansa6/$lansn6 }"; - } else if (isset($FilterIflist['lan']['sa6']) && isset($FilterIflist['lan']['sn6'])) { - $lansa6 = $FilterIflist['lan']['sa6']; - $lansn6 = $FilterIflist['lan']['sn6']; - $dst = "{ $lansa6/$lansn6 }"; - } else { + case 'wanip': + $dst = $FilterIflist["wan"]['ip']; + break; + case 'lanip': + $dst = $FilterIflist["lan"]['ip']; + break; + case 'lan': $lansa = $FilterIflist['lan']['sa']; $lansn = $FilterIflist['lan']['sn']; - $dst = "{ $lansa/$lansn }"; - } - break; - case 'pptp': - $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']); - $pptpsn = $FilterIflist['pptp']['sn']; - $dst = "{$pptpsa}/{$pptpsn}"; - break; - case 'pppoe': - $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); - $pppoesn = $FilterIflist['pppoe']['sn']; - $dst = "{$pppoesa}/{$pppoesn}"; - break; + $dst = "{$lansa}/{$lansn}"; + break; + case 'pptp': + $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']); + $pptpsn = $FilterIflist['pptp']['sn']; + $dst = "{$pptpsa}/{$pptpsn}"; + break; + case 'pppoe': + $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']); + $pppoesn = $FilterIflist['pppoe']['sn']; + $dst = "{$pppoesa}/{$pppoesn}"; + break; } if (isset($rule['destination']['not'])) $dst = " !{$dst}"; } @@ -1623,9 +1538,6 @@ function generate_user_filter_rule($rule) if (($rule['protocol'] == "icmp") && $rule['icmptype']) { $aline['icmp-type'] = "icmp-type {$rule['icmptype']} "; } - if (($rule['protocol'] == "icmp6") && $rule['icmp6type']) { - $aline['icmp-type'] = "icmp6-type {$rule['icmp6type']} "; - } if ($type == "pass") { if (!empty($rule['tag'])) $aline['tag'] = " tag " .$rule['tag']. " "; @@ -2532,7 +2444,7 @@ function generate_ipsec_filter_rules() { $interface = $FilterIflist[$parentinterface]['if']; /* Just in case */ - if ((!is_ipaddr($gateway) && !Net_IPv6::checkIPv6($gateway)) || empty($interface)) { + if (!is_ipaddr($gateway) || empty($interface)) { $route_to = " "; $reply_to = " "; } else { @@ -2540,7 +2452,6 @@ function generate_ipsec_filter_rules() { $reply_to = " reply-to ( $interface $gateway ) "; } - /* TODO: Put IPv6 here */ /* Add rules to allow IKE to pass */ $shorttunneldescr = substr($descr, 0, 36); $ipfrules .= <<<EOD |