Add add_hostname_to_watch() function which will help operate the dns firewall rule cache

2 files changed, 18 insertions, 1 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 898ec0d..3fed103 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1080,6 +1080,11 @@ function filter_nat_rules_generate() {
 			if(alias_expand($extaddr))
 				$extaddr = alias_expand($extaddr);
 
+			if(is_hostname($target)) 
+				add_hostname_to_watch($target);
+			if(is_hostname($extaddr)) 
+				add_hostname_to_watch($extaddr);
+
 			/*
 			 *    If FTP Proxy Helper is enabled and the
 			 *    operator has requested a port forward to
@@ -1244,6 +1249,7 @@ function filter_nat_rules_generate() {
 										$toadd_array = array();
 										if(is_alias($loc_pt)) {
 											$loc_pt_translated = alias_expand_value($loc_pt);
+											add_hostname_to_watch($loc_pt_translated);
 											if(stristr($loc_pt_translated, " ")) {
 												/* XXX: we should deal with multiple ports */
 												$loc_pt_translated_split = split(" ", $loc_pt_translated);
@@ -1274,6 +1280,7 @@ function filter_nat_rules_generate() {
 										$toadd_array = array();
 										if(is_alias($loc_pt)) {
 											$loc_pt_translated = alias_expand_value($loc_pt);
+											add_hostname_to_watch($loc_pt_translated);
 											if(stristr($loc_pt_translated, " ")) {
 												/* XXX: we should deal with multiple ports */
 												$loc_pt_translated_split = split(" ", $loc_pt_translated);
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 2335d22..2b472a2 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -3685,4 +3685,14 @@ function is_wan_interface_up($interface) {
 	}
 	return false;
 }
-?>
+
+function add_hostname_to_watch($hostname) {
+	if(is_hostname($hostname)) {
+		$dnshost = gethostbyaddr($hostname);
+		if(!is_dir("/var/db/dnscache")) 
+			mkdir("/var/db/dnscache");
+		exec("echo $dnshost > /var/db/dnscache/$hostname");
+	}
+}
+
+?>
\ No newline at end of file