diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-04-26 20:12:29 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-04-26 20:12:29 +0000 |
| commit | e74a68fa1e185838f10d7bcae63b2a3ba21faefe (patch) | |
| tree | a006b3e407f3f7b1f88fefb23738d96fd60b6d52 /etc | |
| parent | cf46ff759f2349c0f09065e2441d9558eda8f10c (diff) | |
| download | pfsense-e74a68fa1e185838f10d7bcae63b2a3ba21faefe.zip pfsense-e74a68fa1e185838f10d7bcae63b2a3ba21faefe.tar.gz | |
* Do not assign a label to a rule if its disabled
* Turn off return debugging statements
This should address Ticket #34
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 29c9d2d..65c60f7 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -973,7 +973,7 @@ function generate_user_filter_rule($rule, $optcfg) { /* don't include disabled rules */ if (isset($rule['disabled'])) { - return "# rule " . $rule['descr'] . " disabled \n"; + //return "# rule " . $rule['descr'] . " disabled \n"; return; } @@ -989,7 +989,8 @@ function generate_user_filter_rule($rule, $optcfg) { if ($rule['interface'] == "pptp") { if ($pptpdcfg['mode'] != "server") { - return "# mode != server " . $rule['descr'] . "\n"; + //return "# mode != server " . $rule['descr'] . "\n"; + return; } $nif = $g['n_pptp_units']; @@ -999,7 +1000,7 @@ function generate_user_filter_rule($rule, $optcfg) { /* Check to see if the interface is opt and in our opt list */ if (strstr($rule['interface'], "opt")) { if (!array_key_exists($rule['interface'], $optcfg)) { - return "# array key does not exist for " . $rule['descr'] . "\n"; + //return "# array key does not exist for " . $rule['descr'] . "\n"; return; } } @@ -1011,31 +1012,31 @@ function generate_user_filter_rule($rule, $optcfg) { if ($pptpdcfg['mode'] != "server") { if (($rule['source']['network'] == "pptp") || ($rule['destination']['network'] == "pptp")) { - return "# source network or destination network == pptp on " . $rule['descr'] . "\n"; + //return "# source network or destination network == pptp on " . $rule['descr'] . "\n"; return; } } if ($rule['source']['network'] && strstr($rule['source']['network'], "opt")) { if (!array_key_exists($rule['source']['network'], $optcfg)) { - return "# !array_key_exists source network " . $rule['descr'] . "\n"; + //return "# !array_key_exists source network " . $rule['descr'] . "\n"; return; } } if ($rule['destination']['network'] && strstr($rule['destination']['network'], "opt")) { if (!array_key_exists($rule['destination']['network'], $optcfg)) { - return "# !array_key_exists dest network " . $rule['descr'] . "\n"; + //return "# !array_key_exists dest network " . $rule['descr'] . "\n"; return; } } /* check for unresolvable aliases */ if ($rule['source']['address'] && !alias_expand($rule['source']['address'])) { - return "# unresolvable source aliases " . $rule['descr'] . "\n"; + //return "# unresolvable source aliases " . $rule['descr'] . "\n"; return; } if ($rule['destination']['address'] && !alias_expand($rule['destination']['address'])) { - return "# unresolvable dest aliases " . $rule['descr'] . "\n"; + //return "# unresolvable dest aliases " . $rule['descr'] . "\n"; return; } @@ -1603,16 +1604,16 @@ EOD; $line = ""; $line = generate_user_filter_rule($rule, $optcfg); - // label - if($rule['descr'] <> "" and $line <> "") { - $line .= "label \"USER_RULE: " . $rule['descr'] . "\" "; - } else { - $line .= "# could not process \"USER_RULE: " . $rule['descr'] . "\" "; + if (!isset($rule['disabled'])) { + // label + if($rule['descr'] <> "" and $line <> "") { + $line .= "label \"USER_RULE: " . $rule['descr'] . "\" "; + } else { + $line .= "# could not process \"USER_RULE: " . $rule['descr'] . "\" "; + } + $line .= "\n"; + $ipfrules .= $line; } - - $line .= "\n"; - - $ipfrules .= $line; } $ipfrules .= "\n# SSH lockout\n"; |
