diff options
author | Ermal Luçi <eri@pfsense.org> | 2008-11-11 22:43:01 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2008-11-11 22:43:01 +0000 |
commit | e4b6b97aa244ff4c3f4a651f12827ffe57754cd3 (patch) | |
tree | 2bb358b36ce4ba1898fa0da964184aa57e808244 /etc | |
parent | 7922db8a40a166c8c57bdfe13769e942056de934 (diff) | |
download | pfsense-e4b6b97aa244ff4c3f4a651f12827ffe57754cd3.zip pfsense-e4b6b97aa244ff4c3f4a651f12827ffe57754cd3.tar.gz |
Refactor ipfw loading.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 15 | ||||
-rw-r--r-- | etc/inc/filter.inc | 29 |
2 files changed, 24 insertions, 20 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 36dedd6..379835d 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -64,20 +64,7 @@ function captiveportal_configure() { $cprules = captiveportal_rules_generate(); /* make sure ipfw is loaded */ - mwexec("/sbin/kldload ipfw"); - - /* - * make sure ipfw is the first hook to make CP work correctly on - * Multi-WAN. - * Disable the ipfw outer hook it has not value to us. - */ - mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"ipfw,pf\""); - - /* - * TODO: Check if disabling ipfw hook - * does not break accounting. - */ - mwexec("/sbin/sysctl net.inet.ip.pfil.outbound=\"ipfw,pf\""); + filter_load_ipfw(); /* stop accounting on all clients */ captiveportal_radius_stop_all(); diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e465c6c..c1ec1d8 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -52,6 +52,28 @@ $used_pftpx_ports = array(); /* Used to hold the interface list that will be used on ruleset creation. */ $FilterIflist = array(); +function filter_load_ipfw() +{ + $status = intval(`kldstat | grep ipfw | grep -v "grep" | wc -l | awk '{ print $1 }'`); + if ($status == "0") { + mute_kernel_msgs(); + mwexec("/sbin/kldload ipfw"); + unmute_kernel_msgs(); + /* + * make sure ipfw is the first hook to make CP and schedules work + * correctly on Multi-WAN. + */ + mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"ipfw,pf\""); + + /* + * TODO: Check if disabling ipfw hook + * does not break accounting on CP. + * XXX Not sure if we really do outbound filtering with ipfw! + */ + mwexec("/sbin/sysctl net.inet.ip.pfil.outbound=\"ipfw,pf\""); + } +} + function filter_pflog_start() { global $config, $g; @@ -2468,12 +2490,7 @@ EOD; * and if so load ipfw for later usage. */ if ($load_ipfw_module == true) { - $status = intval(`kldstat | grep ipfw | wc -l | awk '{ print $1 }'`); - if($status == "0") { - mute_kernel_msgs(); - mwexec("/sbin/kldload ipfw"); - unmute_kernel_msgs(); - } + filter_load_ipfw(); exec("/sbin/ipfw delete set 9"); exec("/sbin/ipfw delete 2"); exec("/sbin/ipfw delete 3"); |