diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-02-17 19:56:30 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-02-17 19:56:30 +0000 |
commit | 174861fdd94cbdbdad4071ac2db367ef956b4075 (patch) | |
tree | f6373a511550d812ec94f210c29471c67c68e899 /etc | |
parent | a8ac6c98567d94c1857b71dfec4ed8508dbf5f0f (diff) | |
download | pfsense-174861fdd94cbdbdad4071ac2db367ef956b4075.zip pfsense-174861fdd94cbdbdad4071ac2db367ef956b4075.tar.gz |
Cleanup return_dir_as_array to not return . or .. and make the new firewall plugin system active.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 17 | ||||
-rw-r--r-- | etc/inc/pfsense-utils.inc | 11 |
2 files changed, 21 insertions, 7 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3a6268d..34fcaf2 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -139,10 +139,16 @@ function filter_configure() { } else { /* process packager manager custom rules */ $files = return_dir_as_array("/usr/local/pkg/pf/"); - foreach ($files as $file) { - $text = return_filename_as_string($file); - eval($text); + if($files <> "") { + foreach ($files as $file) { + if($file <> "") { + $text = return_filename_as_string($file); + if($text != "") + eval($text); + } + } } + return 0; } } @@ -949,10 +955,12 @@ function filter_rules_generate() { $ipfrules .= <<<EOD # loopback +anchor "loopback" pass in quick on lo0 all label "pass loopback" pass out quick on lo0 all label "pass loopback" # pass traffic from firewall -> out +anchor "firewallout" pass out quick on $wanif inet proto tcp from $wanif to any keep state # enable ftp-proxy @@ -974,6 +982,7 @@ EOD; $ipfrules .= <<<EOD # allow access to DHCP server on {$on} +anchor "dhcpserver" pass in quick on {$oc['if']} proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server" pass in quick on {$oc['if']} proto udp from any port = 68 to {$oc['ip']} port = 67 label "allow access to DHCP server" pass out quick on {$oc['if']} proto udp from {$oc['ip']} port = 67 to any port = 68 label "allow access to DHCP server" @@ -1034,6 +1043,7 @@ EOD; $ipfrules .= <<<EOD # WAN spoof check +anchor "wanspoof" block in $log quick on $wanif from $lansa/$lansn to any label "WAN spoof check" EOD; @@ -1062,6 +1072,7 @@ EOD; # allow our DHCP client out to the WAN # XXX - should be more restrictive # (not possible at the moment - need 'me' like in ipfw) +anchor "wandhcp" pass out quick on $wanif proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan" block in $log quick on $wanif proto udp from any port = 67 to $lansa/$lansn port = 68 label "allow dhcp client out wan" pass in quick on $wanif proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan" diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 6ebe247..887994e 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -41,12 +41,15 @@ function log_error($error) { * return_dir_as_array($dir): returns $dir contents as an array */ function return_dir_as_array($dir) { + $dir_array = array(); if (is_dir($dir)) { - $dir_array = array(); if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { - array_push($dir_array, $file); - //echo "filename: $file : filetype: " . filetype($dir . $file) . "\n"; + $canadd = 0; + if($file == ".") $canadd = 1; + if($file == "..") $canadd = 1; + if($canadd == 0) + array_push($dir_array, $file); } closedir($dh); } @@ -59,7 +62,7 @@ function return_dir_as_array($dir) { */ function return_filename_as_string($filename) { $tmp = ""; - $fd = popen($filename, "r"); + $fd = fopen($filename, "r"); while(!feof($fd)) { $tmp .= fread($fd,49); } |