diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-05-29 21:45:19 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-05-29 21:49:50 +0000 |
commit | a9b2e638f864befaec2f1b4890b2ed8af665a6ee (patch) | |
tree | 412edba9e1c3fbd25584f6333c46d3f9b6fdabe5 /etc/inc/pkg-utils.inc | |
parent | 2dcf4150a82fd4f7e68f29e8cfabb2a7f0c980a7 (diff) | |
download | pfsense-a9b2e638f864befaec2f1b4890b2ed8af665a6ee.zip pfsense-a9b2e638f864befaec2f1b4890b2ed8af665a6ee.tar.gz |
Present a new package option filter_rules_needed which has a function name to be called if the package needs to create firewall rules. The function should have a switch statement one with 'nat' option wich is called for nat/rdr and one with 'rule' option which is needed for rules. This will help on removing from filter.inc all the packages hardcoded includes and rules and give some more dynamicity. The rules by this function will be included on rules.nat.packages and rules.packages on /tmp partition and called by anchors include file when filter reloads(still this has to come).
Diffstat (limited to 'etc/inc/pkg-utils.inc')
-rw-r--r-- | etc/inc/pkg-utils.inc | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc index 2f9fa72..0f0767d 100644 --- a/etc/inc/pkg-utils.inc +++ b/etc/inc/pkg-utils.inc @@ -966,4 +966,44 @@ function squash_from_bytes($size, $round = "") { return; } -?>
\ No newline at end of file +function pkg_build_filter_rules() { + global $config; + + $pkgrules = ""; + $pkgnatrules = ""; + if (is_array($config['installedpackages']['package'])) { + run_plugins("/usr/local/pkg"); + foreach($config['installedpackages']['package'] as $pkg) { + if (!isset($pkg['filter_rule_function'])) + continue; + $tmpresult = call_user_func($pkg['filter_rule_function'], 'nat'); + if (!empty($tmpresult)) + $pkgnatrules .= $tmpresult . " \n"; + $tmpresult = call_user_func($pkg['filter_rule_function'], 'rule'); + if (!empty($tmpresult)) + $pkgrules .= $tmpresult . " \n"; + + } + } + if ($pkgnatrules <> "") + file_put_contents("{$g['tmp_path']}/rules.nat.packages", $pkgnatrules); + if ($pkgrules <> "") + file_put_contents("{$g['tmp_path']}/rules.packages", $pkgrules); + $error = ""; + $status = mwexec("/sbin/pfctl -nf {$g['tmp_path']}/rules.nat.packages"); + if ($status <> 0) { + log_error("Packages nat rules have problems!"); + $ error = "Packages nat rules have problems!"; + } + $status = mwexec("/sbin/pfctl -nf {$g['tmp_path']}/rules.packages"); + if ($status <> 0) { + log_error("Packages nat rules have problems!"); + $error .= "\nPackages nat rules have problems!"; + } + if ($error <> "") + file_notice($error); + else + filter_configure(); +} + +?> |