diff options
| author | Renato Botelho <renato.botelho@bluepex.com> | 2010-04-22 09:18:11 -0300 |
|---|---|---|
| committer | Renato Botelho <renato.botelho@bluepex.com> | 2010-04-22 09:18:11 -0300 |
| commit | 0f9b6beb28428b73a0268d40999d2f0c5279b060 (patch) | |
| tree | a85166aa54cd3188d25aaa80ebc70f015db59d6a /etc/inc | |
| parent | 667b538045460a253c69c992c1e4be354ab6adc5 (diff) | |
| parent | e3e5160cfa5a79d625b1b698930c11b139a86519 (diff) | |
| download | pfsense-0f9b6beb28428b73a0268d40999d2f0c5279b060.zip pfsense-0f9b6beb28428b73a0268d40999d2f0c5279b060.tar.gz | |
Merge remote branch 'mainline/master'
Conflicts:
etc/inc/filter.inc
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/filter.inc | 12 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 37 | ||||
| -rw-r--r-- | etc/inc/shaper.inc | 2 | ||||
| -rw-r--r-- | etc/inc/util.inc | 16 |
4 files changed, 63 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 81a2aa4..928c32c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -489,7 +489,7 @@ function filter_generate_aliases() { $aliasnesting = array(); $aliasaddrnesting = array(); $addrlist = filter_generate_nested_alias($aliased['name'], $aliased['address'], $aliasnesting, $aliasaddrnesting); - if($aliased['type'] == "host" || $aliased['type'] == "network") { + if($aliased['type'] == "host" || $aliased['type'] == "network" || $aliased['type'] == "url") { $tableaddrs = "{$addrlist}{$extralias}"; if(empty($tableaddrs)) $aliases .= "table <{$aliased['name']}> persist\n"; @@ -517,7 +517,13 @@ function filter_generate_aliases() { } $aliases .= "table <{$aliased['name']}> { {$newaddress}{$extralias} } \n"; $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; - } else + } elseif($aliased['type'] == "urltable") { + $urlfn = alias_expand_urltable($aliased['name']); + if ($urlfn) { + $aliases .= "table <{$aliased['name']}> persist file \"{$urlfn}\"\n"; + $aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n"; + } + } else $aliases .= "{$aliased['name']} = \"{ {$aliased['address']}{$extralias} }\"\n"; } } @@ -1889,7 +1895,7 @@ EOD; continue; $gw = get_interface_gateway($ifdescr); if (is_ipaddr($gw) && is_ipaddr($ifcfg['ip'])) - $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to any keep state allow-opts label \"let out anything from firewall host itself\"\n"; + $ipfrules .= "pass out route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n"; } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 0145446..30f33f9 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1879,5 +1879,42 @@ function pfs_version_compare($cur_time, $cur_text, $remote) { } return $v; } +function process_alias_urltable($name, $url, $freq, $forceupdate=false) { + $urltable_prefix = "/var/db/aliastables/"; + $urltable_filename = $urltable_prefix . $name . ".txt"; + + // Make the aliases directory if it doesn't exist + if (!file_exists($urltable_prefix)) { + mkdir($urltable_prefix); + } elseif (!is_dir($urltable_prefix)) { + unlink($urltable_prefix); + mkdir($urltable_prefix); + } + + // If the file doesn't exist or is older than update_freq days, fetch a new copy. + if (!file_exists($urltable_filename) + || ((time() - filemtime($urltable_filename)) > ($freq * 86400)) + || $forceupdate) { + + // Try to fetch the URL supplied + conf_mount_rw(); + unlink_if_exists($urltable_filename . ".tmp"); + // Use fetch to grab data since these may be large files, we don't want to process them through PHP if we can help it. + mwexec("/usr/bin/fetch -q -o " . escapeshellarg($urltable_filename . ".tmp") . " " . escapeshellarg($url)); + // Remove comments. Might need some grep-fu to only allow lines that look like IPs/subnets + mwexec("/usr/bin/grep -v '^#' " . escapeshellarg($urltable_filename . ".tmp") . " > " . escapeshellarg($urltable_filename)); + unlink_if_exists($urltable_filename . ".tmp"); + conf_mount_ro(); + if (filesize($urltable_filename)) { + return true; + } else { + // If it's unfetchable or an empty file, bail + return false; + } + } else { + // File exists, and it doesn't need updated. + return -1; + } +} ?> diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index b24355a..d366180 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -3902,7 +3902,7 @@ function filter_generate_dummynet_rules() { foreach ($dummynet_pipe_list as $dn) $dn_rules .= $dn->build_rules(); - if (!empty($dnrules)) { + if (!empty($dn_rules)) { file_put_contents("{$g['tmp_path']}/rules.limiter", $dn_rules); mwexec("/sbin/ipfw {$g['tmp_path']}/rules.limiter"); } diff --git a/etc/inc/util.inc b/etc/inc/util.inc index ea18345..d71c512 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -851,6 +851,22 @@ function alias_expand($name) { return null; } +function alias_expand_urltable($name) { + global $config; + $urltable_prefix = "/var/db/aliastables/"; + $urltable_filename = $urltable_prefix . $name . ".txt"; + + foreach ($config['aliases']['alias'] as $alias) { + if (($alias['type'] == 'urltable') && ($alias['name'] == $name)) { + if (is_URL($alias["url"]) && file_exists($urltable_filename)) + return $urltable_filename; + else if (process_alias_urltable($name, $alias["url"], 0, true)) + return $urltable_filename; + } + } + return null; +} + /* find out whether two subnets overlap */ function check_subnets_overlap($subnet1, $bits1, $subnet2, $bits2) { |
