diff options
author | Bill Marquette <billm@pfsense.org> | 2005-05-31 01:26:03 +0000 |
---|---|---|
committer | Bill Marquette <billm@pfsense.org> | 2005-05-31 01:26:03 +0000 |
commit | fbdc712e28459cce7d30d34b02bc590a051e3ae9 (patch) | |
tree | cd810411ae1a7cc2f80ca1f7e87719df05769e3d /etc | |
parent | 34591684be46a603b90e57a67718b811e14c0f05 (diff) | |
download | pfsense-fbdc712e28459cce7d30d34b02bc590a051e3ae9.zip pfsense-fbdc712e28459cce7d30d34b02bc590a051e3ae9.tar.gz |
Something tells me we aren't using IPFW anymore Toto
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 92 |
1 files changed, 70 insertions, 22 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a47fc46..5467ab7 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -76,10 +76,9 @@ function filter_configure() { /* generate altq queues */ $altq_queues = filter_generate_altq_queues($altq_ints); /* generate altq rules */ - /* Generate ipfw rules until billm finishes pf/altq */ - $ipfw_altq_rules = filter_generate_ipfw_altq_rules(); + // $ipfw_altq_rules = filter_generate_ipfw_altq_rules(); /* pf/altq rules */ - //$pf_altq_rules = filter_generate_pf_altq_rules(); + $pf_altq_rules = filter_generate_pf_altq_rules(); } /* enable pf if we need to, otherwise disable */ @@ -131,7 +130,13 @@ function filter_configure() { fclose($fd); $rules_loading = mwexec("/sbin/pfctl -f {$g['tmp_path']}/rules.debug"); + if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue'])) { + foreach ($config['shaper']['queue'] as $queue) { + $rules_loading .= mwexec("/sbin/pfctl -a {$queue['name']} -f {$g['tmp_path']}/{$queue['name']}.rules"); + } + } +/* XXX - billm /* load ipfw+altq module */ if (isset($config['shaper']['enable'])) { mute_kernel_msgs(); @@ -158,6 +163,7 @@ function filter_configure() { mwexec("/sbin/ipfw -f flush"); mwexec("/sbin/kldunload ipfw.ko"); } +*/ /* check for a error while loading the rules file. if an error has occured then output the contents of the error to the caller */ @@ -1931,34 +1937,76 @@ EOD; $ipfrules .= "\n# User-defined rules follow\n"; + /* This is ugly, but we generate one anchor per queue */ + if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue'])) { + foreach ($config['shaper']['queue'] as $queue) { + /* Add anchor to rules */ + $ipfrules .= "anchor {$queue['name']} tagged {$queue['name']}\n"; + + /* Create rules for anchors */ + $fd = fopen("{$g['tmp_path']}/{$queue['name']}.rules", "w"); + /* aliases don't recurse to anchors */ + $line = filter_generate_aliases(); + fwrite($fd, $line); + if (isset($config['filter']['rule'])) { + foreach ($config['filter']['rule'] as $rule) { + $line = ""; + if (!isset($rule['disabled'])) { + if ($rule['interface'] == "pptp") { + for($xxx=0; $xxx < $g['n_pptp_units']; $xxx++) { + /* + * now that PPTP server are user rules, detect + * that user is setting the pptp server rule + * and setup for all netgraph interfaces + */ + $line = generate_user_filter_rule($rule, $xxx); + $line .= " queue {$queue['name']} "; + if($line <> "") + $ipfrules .= $line . "\n"; + } + } else { + $line = generate_user_filter_rule($rule, 0); + $line .= " queue {$queue['name']} "; + // label + if($rule['descr'] <> "" and $line <> "") + $line .= " label \"USER_RULE: " . $rule['descr'] . "\" "; + else + $line .= " label \"USER_RULE\" "; + } + } + $line .= "\n"; + fwrite($fd, $line); + } + } + fclose($fd); + } + } if (isset($config['filter']['rule'])) { foreach ($config['filter']['rule'] as $rule) { $line = ""; - if ($rule['interface'] == "pptp") { - for($xxx=0; $xxx < $g['n_pptp_units']; $xxx++) { - /* - * now that PPTP server are user rules, detect - * that user is setting the pptp server rule - * and setup for all netgraph interfaces - */ - $line = generate_user_filter_rule($rule, $xxx); - if($line <> "") { - $ipfrules .= $line . "\n"; + if (!isset($rule['disabled'])) { + if ($rule['interface'] == "pptp") { + for($xxx=0; $xxx < $g['n_pptp_units']; $xxx++) { + /* + * now that PPTP server are user rules, detect + * that user is setting the pptp server rule + * and setup for all netgraph interfaces + */ + $line = generate_user_filter_rule($rule, $xxx); + if($line <> "") + $ipfrules .= $line . "\n"; } - } - } else { - $line = generate_user_filter_rule($rule, 0); - if (!isset($rule['disabled'])) { + } else { + $line = generate_user_filter_rule($rule, 0); // label - if($rule['descr'] <> "" and $line <> "") { + if($rule['descr'] <> "" and $line <> "") $line .= " label \"USER_RULE: " . $rule['descr'] . "\" "; - } else { + else $line .= " label \"USER_RULE\" "; - } - $line .= "\n"; - $ipfrules .= $line; } } + $line .= "\n"; + $ipfrules .= $line; } } |