diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-02-19 23:49:42 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-02-19 23:49:42 +0000 |
commit | faa2290d2bda2ed47ff96996f4827df6b629b0c5 (patch) | |
tree | 97e5a992d3d6c2d6a783b351311f5d7f03f4da85 /etc/inc | |
parent | 528cad397867e1ced7927d971ccfdb118313115a (diff) | |
download | pfsense-faa2290d2bda2ed47ff96996f4827df6b629b0c5.zip pfsense-faa2290d2bda2ed47ff96996f4827df6b629b0c5.tar.gz |
* Ensure user rules are marked as a direction of IN
* Make sure rule has keep state if its selected
* Make sure logging is setup on ALL interfaces
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b2f00f1..cb15360 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -88,7 +88,9 @@ function filter_configure() { $fd = fopen("/tmp/rules.debug", "w"); $rules = $aliases . " \n"; - $rules.= "set loginterface $wanif \n"; + + $rules .= setup_logging_interfaces(); + $optimization = "normal"; if($config['system']['optimization'] <> "") $optimization = $config['system']['optimization']; $rules.= "set optimization " . $optimization . "\n"; @@ -1257,11 +1259,8 @@ EOD; $line = $type; } - if(isset($rule['direction']) && $rule['direction'] <> "") { - $line .= "in "; - } else { - $line .= $rule['direction'] . " "; - } + /* ensure the direction is in */ + $line .= " in "; if (isset($rule['log'])) $line .= "log "; @@ -1441,7 +1440,7 @@ EOD; do not use state mechanisms to keep track. this is only useful if your doing advanced queueing in certain situations. please check the faq. */ - if( !isset($rule['statetype'] ) ) { + if(!isset($rule['statetype']) && $rule['statetype'] != "") { $line .= "keep state "; } else { if($rule['statetype'] == "modulate state" or $rule['statetype'] == "synproxy state") { @@ -1553,4 +1552,19 @@ function filter_rules_spoofcheck_generate($ifname, $if, $sa, $sn, $log) { } +function setup_logging_interfaces() { + global $config; + $rules = ""; + $i = 0; + $ifdescrs = array('wan', 'lan'); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + $ifdescrs['opt' . $j] = "opt" . $j; + } + foreach ($ifdescrs as $ifdescr => $ifname) { + $int = filter_translate_type_to_real_interface($ifname); + $rules.= "set loginterface {$int} \n"; + } + return $rules; +} + ?>
\ No newline at end of file |