diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-03-19 15:31:46 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-03-19 15:36:53 -0300 |
commit | 46e27ea790e6f68fa648404a7159de1fa6746fe8 (patch) | |
tree | a14c2e8e2497f4754750b3ed825839e032aaafc1 /etc/rc.kill_states | |
parent | 9cc119c259bd1d3130d1d16ae0490d5363170cc2 (diff) | |
download | pfsense-46e27ea790e6f68fa648404a7159de1fa6746fe8.zip pfsense-46e27ea790e6f68fa648404a7159de1fa6746fe8.tar.gz |
Respect 'States' option from Advanced/Misc
- Respect this option and do not clean states when it's configured
- Create /etc/rc.kill_states to be easier to check $config
It helps ticket #2887
Diffstat (limited to 'etc/rc.kill_states')
-rwxr-xr-x | etc/rc.kill_states | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/etc/rc.kill_states b/etc/rc.kill_states new file mode 100755 index 0000000..d7e92d6 --- /dev/null +++ b/etc/rc.kill_states @@ -0,0 +1,72 @@ +#!/usr/local/bin/php -f +<?php +/* + rc.newwanip + Copyright (C) 2013 Renato Botelho (garga@pfsense.org) + part of pfSense (http://www.pfsense.com) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* parse the configuration and include all functions used below */ +require_once("globals.inc"); +require_once("config.inc"); +require_once("interfaces.inc"); +require_once("util.inc"); + +// Do not process while booting +if($g['booting']) + exit; + +/* Interface address to cleanup states */ +$interface = str_replace("\n", "", $argv[1]); + +/* IP address to cleanup states */ +$local_ip = str_replace("\n", "", $argv[2]); + +if (empty($interface) || !does_interface_exist($interface)) { + log_error("rc.kill_states: Invalid interface '{$interface}'"); + exit; +} + +if (!empty($local_ip)) { + list($local_ip, $subnet_bits) = explode("/", $local_ip); + + if (empty($subnet_bits)) + $subnet_bits = "32"; + + if (!is_ipaddr($local_ip)) { + log_error("rc.kill_states: Invalid IP address '{$local_ip}'"); + exit; + } +} + +if (!isset($config['system']['kill_states'])) { + if (!empty($local_ip)) { + log_error("rc.kill_states: Removing states for IP {$local_ip}/{$subnet_bits}"); + mwexec("/sbin/pfctl -k 0.0.0.0/0 -k {$local_ip}/{$subnet_bits}", true); + mwexec("/sbin/pfctl -k {$local_ip}/{$subnet_bits}", true); + mwexec("/sbin/pfctl -K {$local_ip}/{$subnet_bits}", true); + } + log_error("rc.kill_states: Removing states for interface {$interface}"); + mwexec("/sbin/pfctl -i {$interface} -Fs", true); +} |