diff options
author | Chris Buechler <cmb@pfsense.org> | 2009-04-06 18:57:36 -0400 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2009-04-06 18:57:36 -0400 |
commit | 126a0b09ec0e1d88416a7a3cec4e2e6989f072d3 (patch) | |
tree | 3be7501e83c207dad6310a7ef187628ccb2491d3 /etc | |
parent | 732181e2a23b1dccb29de4f02e842bd906186c5c (diff) | |
download | pfsense-126a0b09ec0e1d88416a7a3cec4e2e6989f072d3.zip pfsense-126a0b09ec0e1d88416a7a3cec4e2e6989f072d3.tar.gz |
Set ipfw's state limit the same as pf's
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b89628c..5b27a7e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -53,6 +53,8 @@ $FilterIflist = array(); function filter_load_ipfw() { + global $config; + if (!is_module_loaded("ipfw.ko")) { mute_kernel_msgs(); mwexec("/sbin/kldload ipfw"); @@ -69,6 +71,15 @@ function filter_load_ipfw() */ mwexec("/sbin/sysctl net.inet.ip.pfil.outbound=\"ipfw,pf\""); } + + /* Set ipfw state limit */ + if ($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) { + /* Set ipfw states to user defined maximum states in Advanced menu. */ + mwexec("sysctl net.inet.ip.fw.dyn_max={$config['system']['maximumstates']}"); + } else { + /* Set to default 10,000 */ + mwexec("sysctl net.inet.ip.fw.dyn_max=10000"); + } } function filter_pflog_start() { @@ -1932,19 +1943,25 @@ EOD; foreach ($config['filter']['rule'] as $rule) { update_filter_reload_status("Pre-caching {$rule['descr']}..."); if (!isset ($rule['disabled'])) { - if(isset($rule['floating'])) + if(isset($rule['floating'])) { $rule_arr1[] = generate_user_filter_rule_arr($rule); - else + } else { $rule_arr2[] = generate_user_filter_rule_arr($rule); - if ($rule['sched']) + } + if ($rule['sched']) $load_ipfw_module = true; } } $rule_arr = array_merge($rule_arr1,$rule_arr2); /* * check to see if any rules reference a schedule + * or if CP is enabled * and if so load ipfw for later usage. */ + if (isset($config['captiveportal']['enable']) && isset($config['interfaces'][$config['captiveportal']['interface']]['enable'])) { + $load_ipfw_module = true; + } + if ($load_ipfw_module == true) { filter_load_ipfw(); $time_based_rules = true; |