diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-04-22 22:11:37 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-04-22 22:11:37 +0000 |
commit | 103a98ad5e31890f28f9335b7cd666fd7d0fbb8b (patch) | |
tree | a4a89f00e1eccfd0d2e40035cc3b4521b638dcfa /etc/inc | |
parent | 8bbeb09d75c9f28f74869dee76c98fdc054d9f25 (diff) | |
download | pfsense-103a98ad5e31890f28f9335b7cd666fd7d0fbb8b.zip pfsense-103a98ad5e31890f28f9335b7cd666fd7d0fbb8b.tar.gz |
Make the ordering of the IPFW time based rules exactly the same as PF so there are no strange "gotchas" or "caveats" that the user would have to abide by.
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 6 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 4 |
2 files changed, 10 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 79cef73..4f5ef4f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1260,6 +1260,7 @@ function generate_user_filter_rule_arr($rule, $ngcounter) { function generate_user_filter_rule($rule, $ngcounter) { global $config, $g; global $table_cache; + global $schedule_enabled; if(isset($config['system']['developerspew'])) { $mt = microtime(); @@ -1951,6 +1952,7 @@ function generate_user_filter_rule($rule, $ngcounter) { foreach($config['schedules']['schedule'] as $sched) { if($sched['name'] == $rule['sched']) $schedule_xml_block = $sched; + $schedule_enabled = true; } } if($schedule_xml_block) @@ -1980,6 +1982,10 @@ function generate_user_filter_rule($rule, $ngcounter) { return "# $line"; } } else { + if($schedule_enabled) { + $ipfw_rule = tdr_create_ipfw_rule($rule, "noschedallow"); + tdr_install_rule($ipfw_rule); + } return $line; } } diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index b8c0ea5..99c1521 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -465,6 +465,10 @@ function tdr_create_ipfw_rule($rule, $type) { $type = "skipto $next_rule"; } + if($type == "noschedallow") { + $type = "allow"; + } + /* piece together the actual user rule */ $line .= $type . " " . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['dst'] . $aline['dstport'] . " in recv " . $aline['interface']; |