diff options
author | Ermal Luçi <eri@pfsense.org> | 2008-01-17 23:52:58 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2008-01-17 23:52:58 +0000 |
commit | b1cd9f9c362319c0f7b6bc2dc033f3a5fd925527 (patch) | |
tree | e65b39114adf4b96c6f7c046c20873ce496b54ba /etc | |
parent | 6dd5512fa1fa5b89bd86853a3fd26cf77828c999 (diff) | |
download | pfsense-b1cd9f9c362319c0f7b6bc2dc033f3a5fd925527.zip pfsense-b1cd9f9c362319c0f7b6bc2dc033f3a5fd925527.tar.gz |
Forgotten filter.inc support for Floating tab on the Rules section.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index abe780c..a52f7ba 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1587,12 +1587,22 @@ function generate_user_filter_rule($rule, $ngcounter) { $aline['log'] = "log "; if (!isset($rule['floating']) || isset($rule['quick'])) - $aline['quick'] = "quick "; + $aline['quick'] = " quick "; if ($ispptp) { $aline['interface'] = "on \$pptp "; } else if ($ispppoe) { $aline['interface'] = "on \$pppoe "; + } else if (isset($rule['floating'])) { + if (isset($rule['interface']) && $rule['interface'] <> "") { + $interfaces = explode(",", $rule['interface']); + $aline['interface'] = " on { "; + foreach ($interfaces as $iface) { + $aline['interface'] .= " " .convert_friendly_interface_to_real_interface_name($iface) . " "; + + } + $aline['interface'] .= " }"; + } } else { // translate wan, man, lan, opt to real interface. $interface = $rule['interface']; @@ -2012,10 +2022,10 @@ function generate_user_filter_rule($rule, $ngcounter) { if ($type == "pass") { if (isset($rule['floating'])) { - if (isset($rule['tag'])) - $aline['tag'] = $rule['tag']; - if (isset($rule['tagged'])) - $aline['tagged'] = $rule['tagged']; + if (isset($rule['tag']) && $rule['tag'] <> "") + $aline['tag'] = " tag " .$rule['tag']. " "; + if (isset($rule['tagged']) && $rule['tagged'] <> "") + $aline['tagged'] = " tagged " .$rule['tagged'] . " "; } if( isset($rule['source-track']) or isset($rule['max-src-nodes']) or isset($rule['max-src-states']) ) @@ -2770,7 +2780,7 @@ EOD; } $ipfrules .= "\n# SSH lockout\n"; - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port 22 label \"sshlockout\"\n\n"; + $ipfrules .= "block in log proto tcp from <sshlockout> to any port 22 label \"sshlockout\"\n\n"; $ipfrules .= "anchor \"ftp-proxy/*\"\n"; @@ -2778,7 +2788,7 @@ EOD; $ipfrules .= "\n\n# ftp-proxy specific\n"; foreach($used_pftpx_ports as $pftpx) - $ipfrules .= "pass in on {$pftpx['interface']} inet proto tcp from any to 127.0.0.1 port {$pftpx['port']} keep state label \"FTP PROXY: Allow traffic to localhost\"\n"; + $ipfrules .= "pass in quick on {$pftpx['interface']} inet proto tcp from any to 127.0.0.1 port {$pftpx['port']} keep state label \"FTP PROXY: Allow traffic to localhost\"\n"; $ipfrules .= "\n"; @@ -3048,8 +3058,8 @@ function create_firewall_outgoing_rules_to_itself() { if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe") { $int = " { " . filter_translate_type_to_real_interface($ifname) . " ng0 } "; /* first add a rule for the real interface, then for ng0 */ + $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; } - $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; } update_filter_reload_status("Setting up bridging items"); |