summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@sullrich-MacBookPro.local>2009-02-28 20:19:24 -0500
committerScott Ullrich <sullrich@sullrich-MacBookPro.local>2009-02-28 20:19:24 -0500
commit5e041d5f15e34cf2f4946bb120d682a05998148e (patch)
treee6a3b69a437205f348c1328e10e3fdfbb490ee32 /etc/inc/filter.inc
parent81203d1d7454a3fb66d384153064d835c34ebb16 (diff)
downloadpfsense-5e041d5f15e34cf2f4946bb120d682a05998148e.zip
pfsense-5e041d5f15e34cf2f4946bb120d682a05998148e.tar.gz
Revert "Merge IPv6 changes"
This reverts commit 1f9f2a95b7b42cf33e730535092e56e214fdb848. Conflicts: etc/inc/filter.inc etc/inc/interfaces.inc etc/inc/pfsense-utils.inc
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r--etc/inc/filter.inc193
1 files changed, 52 insertions, 141 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index fc80488..d2f02cf 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -40,8 +40,7 @@
require_once("functions.inc");
require_once("pkg-utils.inc");
require_once("notices.inc");
-require_once("shaper.inc");
-require_once("IPv6.inc");
+require_once ("shaper.inc");
/* holds the items that will be executed *AFTER* the filter is fully loaded */
$after_filter_configure_run = array();
@@ -396,15 +395,12 @@ function generate_optcfg_array()
$oic = array();
$oic['if'] = get_real_interface($if);
$oic['ip'] = get_interface_ip($if);
- $oic['ip6'] = get_interface_ip($if, 'ipv6');
if (!is_ipaddr($oc['ipaddr']) && !empty($oc['ipaddr']))
$oic['type'] = $oc['ipaddr'];
$oic['sn'] = get_interface_subnet($if);
- $oic['sn6'] = get_interface_subnet($if, 'ipv6');
$oic['mtu'] = $oc['mtu'];
$oic['descr'] = $ifdetail;
$oic['sa'] = gen_subnet($oic['ip'], $oic['sn']);
- $oic['sa6'] = $oic['ip6'] != '' ? Net_IPv6::getNetmask($oic['ip6'], $oic['sn6']) : null;
$oic['nonat'] = $oc['nonat'];
$oic['ftpproxy'] = !isset($oc['disableftpproxy']);
$oic['alias-address'] = $oc['alias-address'];
@@ -1257,21 +1253,12 @@ function generate_user_filter_rule($rule)
/* do not process reply-to for gateway'd rules */
if ($rule['gateway'] == "" && interface_has_gateway($rule['interface'])) {
- if (Net_IPv6::checkIPv6($rule['source']['address']) || Net_IPv6::checkIPv6($rule['destination']['address'])) {
- $rg = get_interface_gateway($rule['interface'], 'IPv6');
-
- if (Net_IPv6::checkIPv6($rg))
- $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) ";
- else
- log_error("Could not find gateway for interface({$rule['interface']}).");
+ $rg = get_interface_gateway($rule['interface']);
+ if (is_ipaddr($rg)) {
+ $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) ";
} else {
- $rg = get_interface_gateway($rule['interface']);
-
- if (is_ipaddr($rg)) {
- $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) ";
- } else {
- if($rule['interface'] <> "pptp")
- log_error("Could not find gateway for interface({$rule['interface']}).");
+ if($rule['interface'] <> "pptp") {
+ log_error("Could not find gateway for interface({$rule['interface']}).");
}
}
}
@@ -1332,29 +1319,12 @@ function generate_user_filter_rule($rule)
}
if (isset($rule['protocol'])) {
- switch($rule['protocol']) {
- case 'tcp/udp':
- $aline['prot'] = " inet proto { tcp udp } ";
- break;
- case 'tcp6/udp6':
- $aline['prot'] = " inet6 proto { tcp udp } ";
- break;
- case 'tcp6':
- $aline['prot'] = " inet6 proto tcp ";
- break;
- case 'udp6':
- $aline['prot'] = " inet6 proto udp ";
- break;
- case 'icmp':
+ if($rule['protocol'] == "tcp/udp")
+ $aline['prot'] = " proto { tcp udp } ";
+ elseif($rule['protocol'] == "icmp")
$aline['prot'] = " inet proto icmp ";
- break;
- case 'icmp6':
- $aline['prot'] = " inet6 proto ipv6-icmp ";
- break;
- default:
+ else
$aline['prot'] = " proto {$rule['protocol']} ";
- break;
- }
} else {
if($rule['source']['port'] <> "" || $rule['destination']['port'] <> "")
$aline['prot'] = " proto tcp ";
@@ -1376,58 +1346,30 @@ function generate_user_filter_rule($rule)
}
} else {
switch ($rule['source']['network']) {
- case 'wanip':
- if (isset($FilterIflist['wan']['ip6']) && isset($FilterIflist['wan']['ip'])) {
- $src = "{ {$FilterIflist['wan']['ip6']}, {$FilterIflist['wan']['ip']} }";
- } else if (isset($FilterIflist['wan']['ip6'])) {
- $src = $FilterIflist['wan']['ip6'];
- } else {
- $src = $FilterIflist['wan']['ip'];
- }
-
- break;
- case 'lanip':
- if (isset($FilterIflist['lan']['ip6']) && isset($FilterIflist['lan']['ip'])) {
- $src = "{ {$FilterIflist['lan']['ip6']}, {$FilterIflist['lan']['ip']} }";
- } else if (isset($FilterIflist['lan']['ip6'])) {
- $src = $FilterIflist['lan']['ip6'];
- } else {
- $src = $FilterIflist['lan']['ip'];
- }
-
- break;
- case 'lan':
- if ($FilterIflist['lan']['sa6'] != '' && $FilterIflist['lan']['sn6'] != '' &&
- $FilterIflist['lan']['sa'] != '' && $FilterIflist['lan']['sn'] != '') {
- $lansa = $FilterIflist['lan']['sa'];
- $lansn = $FilterIflist['lan']['sn'];
- $lansa6 = $FilterIflist['lan']['sa6'];
- $lansn6 = $FilterIflist['lan']['sn6'];
- $src = "{ $lansa/$lansn, $lansa6/$lansn6 }";
- } else if ($FilterIflist['lan']['sa6'] != '' && $FilterIflist['lan']['sn6'] != '') {
- $lansa6 = $FilterIflist['lan']['sa6'];
- $lansn6 = $FilterIflist['lan']['sn6'];
- $src = "{ $lansa6/$lansn6 }";
- } else {
- $lansa = $FilterIflist['lan']['sa'];
- $lansn = $FilterIflist['lan']['sn'];
- $src = "{ $lansa/$lansn }";
+ case 'wanip':
+ $src = $FilterIflist["wan"]['ip'];
+ break;
+ case 'lanip':
+ $src = $FilterIflist["lan"]['ip'];
+ break;
+ case 'lan':
+ $lansa = $FilterIflist['lan']['sa'];
+ $lansn = $FilterIflist['lan']['sn'];
+ $src = "{$lansa}/{$lansn}";
+ break;
+ case 'pptp':
+ $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']);
+ $pptpsn = $FilterIflist['pptp']['sn'];
+ $src = "{$pptpsa}/{$pptpsn}";
+ break;
+ case 'pppoe':
+ $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']);
+ $pppoesn = $FilterIflist['pppoe']['sn'];
+ $src = "{$pppoesa}/{$pppoesn}";
+ break;
}
-
- break;
- case 'pptp':
- $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']);
- $pptpsn = $FilterIflist['pptp']['sn'];
- $src = "{$pptpsa}/{$pptpsn}";
- break;
- case 'pppoe':
- $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']);
- $pppoesn = $FilterIflist['pppoe']['sn'];
- $src = "{$pppoesa}/{$pppoesn}";
- break;
- }
if (isset($rule['source']['not'])) $src = "!{$src}";
- }
+ }
} else if ($rule['source']['address']) {
$expsrc = alias_expand($rule['source']['address']);
if (isset($rule['source']['not']))
@@ -1503,54 +1445,27 @@ function generate_user_filter_rule($rule)
if (isset($rule['destination']['not'])) $dst = " !{$dst}";
} else {
switch ($rule['destination']['network']) {
- case 'wanip':
- if (isset($FilterIflist['wan']['ip6']) && isset($FilterIflist['wan']['ip'])) {
- $dst = "{ {$FilterIflist['wan']['ip6']}, {$FilterIflist['wan']['ip']} }";
- } else if (isset($FilterIflist['wan']['ip6'])) {
- $dst = $FilterIflist['wan']['ip6'];
- } else {
- $dst = $FilterIflist['wan']['ip'];
- }
-
- break;
- case 'lanip':
- if (isset($FilterIflist['lan']['ip6']) && isset($FilterIflist['lan']['ip'])) {
- $dst = "{ {$FilterIflist['lan']['ip6']}, {$FilterIflist['lan']['ip']} }";
- } else if (isset($FilterIflist['lan']['ip6'])) {
- $dst = $FilterIflist['lan']['ip6'];
- } else {
- $dst = $FilterIflist['lan']['ip'];
- }
-
- break;
- case 'lan':
- if (isset($FilterIflist['lan']['sa6']) && isset($FilterIflist['lan']['sn6']) &&
- isset($FilterIflist['lan']['sa']) && isset($FilterIflist['lan']['sn'])) {
- $lansa = $FilterIflist['lan']['sa'];
- $lansn = $FilterIflist['lan']['sn'];
- $lansa6 = $FilterIflist['lan']['sa6'];
- $lansn6 = $FilterIflist['lan']['sn6'];
- $dst = "{ $lansa/$lansn, $lansa6/$lansn6 }";
- } else if (isset($FilterIflist['lan']['sa6']) && isset($FilterIflist['lan']['sn6'])) {
- $lansa6 = $FilterIflist['lan']['sa6'];
- $lansn6 = $FilterIflist['lan']['sn6'];
- $dst = "{ $lansa6/$lansn6 }";
- } else {
+ case 'wanip':
+ $dst = $FilterIflist["wan"]['ip'];
+ break;
+ case 'lanip':
+ $dst = $FilterIflist["lan"]['ip'];
+ break;
+ case 'lan':
$lansa = $FilterIflist['lan']['sa'];
$lansn = $FilterIflist['lan']['sn'];
- $dst = "{ $lansa/$lansn }";
- }
- break;
- case 'pptp':
- $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']);
- $pptpsn = $FilterIflist['pptp']['sn'];
- $dst = "{$pptpsa}/{$pptpsn}";
- break;
- case 'pppoe':
- $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']);
- $pppoesn = $FilterIflist['pppoe']['sn'];
- $dst = "{$pppoesa}/{$pppoesn}";
- break;
+ $dst = "{$lansa}/{$lansn}";
+ break;
+ case 'pptp':
+ $pptpsa = gen_subnet($FilterIflist['pptp']['ip'], $FilterIflist['pptp']['sn']);
+ $pptpsn = $FilterIflist['pptp']['sn'];
+ $dst = "{$pptpsa}/{$pptpsn}";
+ break;
+ case 'pppoe':
+ $pppoesa = gen_subnet($FilterIflist['pppoe']['ip'], $FilterIflist['pppoe']['sn']);
+ $pppoesn = $FilterIflist['pppoe']['sn'];
+ $dst = "{$pppoesa}/{$pppoesn}";
+ break;
}
if (isset($rule['destination']['not'])) $dst = " !{$dst}";
}
@@ -1623,9 +1538,6 @@ function generate_user_filter_rule($rule)
if (($rule['protocol'] == "icmp") && $rule['icmptype']) {
$aline['icmp-type'] = "icmp-type {$rule['icmptype']} ";
}
- if (($rule['protocol'] == "icmp6") && $rule['icmp6type']) {
- $aline['icmp-type'] = "icmp6-type {$rule['icmp6type']} ";
- }
if ($type == "pass") {
if (!empty($rule['tag']))
$aline['tag'] = " tag " .$rule['tag']. " ";
@@ -2532,7 +2444,7 @@ function generate_ipsec_filter_rules() {
$interface = $FilterIflist[$parentinterface]['if'];
/* Just in case */
- if ((!is_ipaddr($gateway) && !Net_IPv6::checkIPv6($gateway)) || empty($interface)) {
+ if (!is_ipaddr($gateway) || empty($interface)) {
$route_to = " ";
$reply_to = " ";
} else {
@@ -2540,7 +2452,6 @@ function generate_ipsec_filter_rules() {
$reply_to = " reply-to ( $interface $gateway ) ";
}
- /* TODO: Put IPv6 here */
/* Add rules to allow IKE to pass */
$shorttunneldescr = substr($descr, 0, 36);
$ipfrules .= <<<EOD
OpenPOWER on IntegriCloud