diff options
| author | jim-p <jim@pingle.org> | 2010-03-14 17:13:22 -0400 |
|---|---|---|
| committer | jim-p <jim@pingle.org> | 2010-03-14 17:16:32 -0400 |
| commit | 865ff9b4640ffe622d551b6bbb5d39cd1acd3ced (patch) | |
| tree | 3775dfd187aa6e9e54095c6ae1e7f6639784f05e /etc/inc | |
| parent | ec5c695d2361564b35266f9105442402e4aa8a0f (diff) | |
| download | pfsense-865ff9b4640ffe622d551b6bbb5d39cd1acd3ced.zip pfsense-865ff9b4640ffe622d551b6bbb5d39cd1acd3ced.tar.gz | |
Refactor the Easy Rule code a bit. Add a CLI version.
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/easyrule.inc | 79 |
1 files changed, 75 insertions, 4 deletions
diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 2aa4357..c23cf6c 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -33,6 +33,10 @@ */ $blockaliasname = 'EasyRuleBlockHosts'; +$protocols_with_ports = array('tcp', 'udp'); +require_once("functions.inc"); +require_once("util.inc"); +require_once("config.inc"); function easyrule_find_rule_interface($int) { global $config; @@ -212,8 +216,12 @@ function easyrule_block_host_add($host, $int = 'wan') { if ($dirty) { write_config(); $retval = filter_configure(); - header("Location: firewall_aliases.php"); - exit; + if (!empty($_SERVER['DOCUMENT_ROOT'])) { + header("Location: firewall_aliases.php"); + exit; + } else { + return true; + } } else { return false; } @@ -253,7 +261,70 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport) { write_config($filterent['descr']); $retval = filter_configure(); - header("Location: firewall_rules.php?if={$int}"); - exit; + if (!empty($_SERVER['DOCUMENT_ROOT'])) { + header("Location: firewall_rules.php?if={$int}"); + exit; + } else { + return true; + } +} + +function easyrule_parse_block($int, $src) { + if (!empty($src) && !empty($int)) { + if (!is_ipaddr($src)) { + return "Tried to block invalid IP: " . htmlspecialchars($src); + } + $int = easyrule_find_rule_interface($int); + if ($int === false) { + return "Invalid interface for block rule: " . htmlspecialchars($int); + } + if (easyrule_block_host_add($src, $int)) { + return "Host added successfully"; + } else { + return "Failed to create block rule, alias, or add host."; + } + } else { + return "Tried to block but had no host IP or interface"; + } + return "Unknown block error."; +} +function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0) { + /* Check for valid int, srchost, dsthost, dstport, and proto */ + global $protocols_with_ports; + + if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) { + $int = easyrule_find_rule_interface($int); + if ($int === false) { + return "Invalid interface for pass rule: " . htmlspecialchars($int); + } + if (getprotobyname($proto) == -1) { + return "Invalid protocol for pass rule: " . htmlspecialchars($proto); + } + if (!is_ipaddr($src)) { + return "Tried to pass invalid source IP: " . htmlspecialchars($src); + } + if (!is_ipaddr($dst)) { + return "Tried to pass invalid destination IP: " . htmlspecialchars($dst); + } + if (in_array($proto, $protocols_with_ports)) { + if (empty($dstport)) { + return "Missing destination port: " . htmlspecialchars($dstport); + } + if (!is_port($dstport)) { + return "Tried to pass invalid destination port: " . htmlspecialchars($dstport); + } + } else { + $dstport = 0; + } + /* Should have valid input... */ + if (easyrule_pass_rule_add($int, $proto, $src, $dst, $dstport)) { + return "Successfully added pass rule!"; + } else { + return "Failed to add pass rule."; + } + } else { + return "Missing parameters for pass rule."; + } + return "Unknown pass error."; } ?> |
