diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-02-17 23:47:30 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-02-17 23:47:30 +0000 |
| commit | 5ccfea3374301378b131f238d6d7c9ba2daf0b34 (patch) | |
| tree | 6c8a9f2eed582c86af89992aaa9d5915f39d364c /etc | |
| parent | 174861fdd94cbdbdad4071ac2db367ef956b4075 (diff) | |
| download | pfsense-5ccfea3374301378b131f238d6d7c9ba2daf0b34.zip pfsense-5ccfea3374301378b131f238d6d7c9ba2daf0b34.tar.gz | |
Add carp_rules.php which will loop through the carp rules and if an items defined that is not on the wan interface make sure that nat rules are setup by addiing the nat rule to the natrules anchor. This utilizies the new rule framework.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 11 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 61 | ||||
| -rw-r--r-- | etc/inetd.conf | 2 |
3 files changed, 61 insertions, 13 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 34fcaf2..10385a4 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -153,17 +153,6 @@ function filter_configure() { } } -function exec_command($command) { - $counter = 0; - $tmp = ""; - $fd = popen($command . " 2>&1 ", "r"); - while(!feof($fd)) { - $tmp .= fread($fd,49); - } - fclose($fd); - return $tmp; -} - function filter_get_altq_queue_scheduler_type($associatedrule) { global $config; return $config['system']['schedulertype']; diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 887994e..61106ab 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -31,7 +31,7 @@ /* * log_error: send string to syslog - */ + */ function log_error($error) { syslog(LOG_WARNING, $error); return; @@ -92,4 +92,63 @@ function is_carp_defined() { return true; } +/* + * exec_command($command): execute command return string of result + */ +function exec_command($command) { + $counter = 0; + $tmp = ""; + $fd = popen($command . " 2>&1 ", "r"); + while(!feof($fd)) { + $tmp .= fread($fd,49); + } + fclose($fd); + return $tmp; +} + +/* + * convert_ip_to_network_format($ip, $subnet): converts an ip address to network form + */ +function convert_ip_to_network_format($ip, $subnet) { + $ipsplit = split('[.]', $ip); + $string = $ipsplit[0] . "." . $ipsplit[1] . "." . $ipsplit[2] . ".0/" . $subnet; + return $string; +} + +/* + * find_ip_interface($ip): return the interface where an ip is defined + */ +function find_ip_interface($ip) { + $i = 0; + $ifdescrs = array('wan', 'lan'); + for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { + $ifdescrs['opt' . $j] = "opt" . $j; + } + foreach ($ifdescrs as $ifdescr => $ifname) { + $int = filter_translate_type_to_real_interface($ifname); + $ifconfig = exec_command("/sbin/ifconfig {$int}"); + if(stristr($ifconfig,$ip) <> false) + return $int; + } + return false; +} + +/* + * find_carp_interface($ip): return the carp interface where an ip is defined + */ +function find_carp_interface($ip) { + for($x=0; $x<99; $x++) { + $ifconfig = exec_command("/sbin/ifconfig {$int}"); + if(stristr($ifconfig,$ip) <> false) + return "carp" . $x; + } +} + +/* + * add_rule_to_anchor($anchor, $rule): adds the specified rule to an anchor + */ +function add_rule_to_anchor($anchor, $rule) { + mwexec($rule . " | pfctl -a " . $anchor . " -f -"); +} + ?>
\ No newline at end of file diff --git a/etc/inetd.conf b/etc/inetd.conf index c0b2289..87cf70f 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -1 +1 @@ -ftp-proxy stream tcp nowait root /usr/lib/libexec/ftp-proxy ftp-proxy -n -D0
\ No newline at end of file +ftp-proxy stream tcp nowait root /usr/lib/libexec/ftp-proxy ftp-proxy -n -D0 -m 55000 -M 57000 -t 180
\ No newline at end of file |
