diff options
| author | Renato Botelho <renato@netgate.com> | 2016-12-30 09:53:34 -0200 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-12-30 09:53:34 -0200 |
| commit | ffc4c4a3466cd151a3086128269b9e86d2c49f47 (patch) | |
| tree | ddc2bb763dc399b2069f430ecd048850dcb746cf /src/etc/inc/filter.inc | |
| parent | 8d379f23a5f33692eb21a36fa7e69b0e15b0f44a (diff) | |
| parent | d4b2ebaeb2fa2dcc635d061891aa858f8c16d407 (diff) | |
| download | pfsense-ffc4c4a3466cd151a3086128269b9e86d2c49f47.zip pfsense-ffc4c4a3466cd151a3086128269b9e86d2c49f47.tar.gz | |
Merge pull request #3139 from stilez/patch-38
Diffstat (limited to 'src/etc/inc/filter.inc')
| -rw-r--r-- | src/etc/inc/filter.inc | 112 |
1 files changed, 49 insertions, 63 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 7f083f0..5668bec 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -43,65 +43,51 @@ $filterdns = array(); /* Used for aliases and interface macros */ $aliases = ""; -/* ICMP v4 types */ +/* ICMP v4+v6 subtypes */ $icmptypes = array( - "" => gettext("any"), - "echoreq" => gettext("Echo request"), - "echorep" => gettext("Echo reply"), - "unreach" => gettext("Destination unreachable"), - "squench" => gettext("Source quench"), - "redir" => gettext("Redirect"), - "althost" => gettext("Alternate Host"), - "routeradv" => gettext("Router advertisement"), - "routersol" => gettext("Router solicitation"), - "timex" => gettext("Time exceeded"), - "paramprob" => gettext("Invalid IP header"), - "timereq" => gettext("Timestamp"), - "timerep" => gettext("Timestamp reply"), - "inforeq" => gettext("Information request"), - "inforep" => gettext("Information reply"), - "maskreq" => gettext("Address mask request"), - "maskrep" => gettext("Address mask reply"), - "trace" => gettext("Traceroute"), - "dataconv" => gettext("Datagram conversion error"), - "mobredir" => gettext("Mobile host redirect"), - "ipv6-where" => gettext("IPv6 where-are-you"), - "ipv6-here" => gettext("IPv6 I-am-here"), - "mobregreq" => gettext("Mobile registration request"), - "mobregrep" => gettext("Mobile registration reply"), - "skip" => gettext("SKIP"), - "photuris" => gettext("Photuris") -); - -/* ICMP v6 types */ -$icmp6types = array( - "" => gettext("any"), - "unreach" => gettext("Destination unreachable"), - "toobig" => gettext("Packet too big"), - "timex" => gettext("Time exceeded"), - "paramprob" => gettext("Parameter problem"), - "echoreq" => gettext("Echo request"), - "echorep" => gettext("Echo reply"), - "groupqry" => gettext("Group membership query"), - "listqry" => gettext("Multicast listener query"), - "grouprep" => gettext("Group membership report"), - "listenrep" => gettext("Multicast listener report"), - "groupterm" => gettext("Group membership termination"), - "listendone" => gettext("Multicast listener done"), - "routersol" => gettext("Router solicitation"), - "routeradv" => gettext("Router advertisement"), - "neighbrsol" => gettext("Neighbor solicitation"), - "neighbradv" => gettext("Neighbor advertisement"), - "redir" => gettext("Redirect"), - "routrrenum" => gettext("Router renumbering"), - "wrureq" => gettext("Who are you request"), - "wrurep" => gettext("Who are you reply"), - "fqdnreq" => gettext("FQDN query"), - "fqdnrep" => gettext("FQDN reply"), - "niqry" => gettext("Node information request"), - "nirep" => gettext("Node information reply"), - "mtraceresp" => gettext("mtrace resp"), - "mtrace" => gettext("mtrace messages") + 'althost' => array('descrip' => gettext('Alternate Host'), 'valid4' => true, 'valid6' => false), + 'dataconv' => array('descrip' => gettext('Datagram conversion error'), 'valid4' => true, 'valid6' => false), + 'echorep' => array('descrip' => gettext('Echo reply'), 'valid4' => true, 'valid6' => true), + 'echoreq' => array('descrip' => gettext('Echo request'), 'valid4' => true, 'valid6' => true), + 'fqdnrep' => array('descrip' => gettext('FQDN reply'), 'valid4' => false, 'valid6' => true), + 'fqdnreq' => array('descrip' => gettext('FQDN query'), 'valid4' => false, 'valid6' => true), + 'groupqry' => array('descrip' => gettext('Group membership query'), 'valid4' => false, 'valid6' => true), + 'grouprep' => array('descrip' => gettext('Group membership report'), 'valid4' => false, 'valid6' => true), + 'groupterm' => array('descrip' => gettext('Group membership termination'), 'valid4' => false, 'valid6' => true), + 'inforep' => array('descrip' => gettext('Information reply'), 'valid4' => true, 'valid6' => false), + 'inforeq' => array('descrip' => gettext('Information request'), 'valid4' => true, 'valid6' => false), + 'ipv6-here' => array('descrip' => gettext('IPv6 I-am-here'), 'valid4' => true, 'valid6' => false), + 'ipv6-where' => array('descrip' => gettext('IPv6 where-are-you'), 'valid4' => true, 'valid6' => false), + 'listendone' => array('descrip' => gettext('Multicast listener done'), 'valid4' => false, 'valid6' => true), + 'listenrep' => array('descrip' => gettext('Multicast listener report'), 'valid4' => false, 'valid6' => true), + 'listqry' => array('descrip' => gettext('Multicast listener query'), 'valid4' => false, 'valid6' => true), + 'maskrep' => array('descrip' => gettext('Address mask reply'), 'valid4' => true, 'valid6' => false), + 'maskreq' => array('descrip' => gettext('Address mask request'), 'valid4' => true, 'valid6' => false), + 'mobredir' => array('descrip' => gettext('Mobile host redirect'), 'valid4' => true, 'valid6' => false), + 'mobregrep' => array('descrip' => gettext('Mobile registration reply'), 'valid4' => true, 'valid6' => false), + 'mobregreq' => array('descrip' => gettext('Mobile registration request'), 'valid4' => true, 'valid6' => false), + 'mtrace' => array('descrip' => gettext('mtrace messages'), 'valid4' => false, 'valid6' => true), + 'mtraceresp' => array('descrip' => gettext('mtrace resp'), 'valid4' => false, 'valid6' => true), + 'neighbradv' => array('descrip' => gettext('Neighbor advertisement'), 'valid4' => false, 'valid6' => true), + 'neighbrsol' => array('descrip' => gettext('Neighbor solicitation'), 'valid4' => false, 'valid6' => true), + 'niqry' => array('descrip' => gettext('Node information request'), 'valid4' => false, 'valid6' => true), + 'nirep' => array('descrip' => gettext('Node information reply'), 'valid4' => false, 'valid6' => true), + 'paramprob' => array('descrip' => gettext('Parameter problem (invalid IP header)'), 'valid4' => true, 'valid6' => true), + 'photuris' => array('descrip' => gettext('Photuris'), 'valid4' => true, 'valid6' => false), + 'redir' => array('descrip' => gettext('Redirect'), 'valid4' => true, 'valid6' => true), + 'routeradv' => array('descrip' => gettext('Router advertisement'), 'valid4' => true, 'valid6' => true), + 'routersol' => array('descrip' => gettext('Router solicitation'), 'valid4' => true, 'valid6' => true), + 'routrrenum' => array('descrip' => gettext('Router renumbering'), 'valid4' => false, 'valid6' => true), + 'skip' => array('descrip' => gettext('SKIP'), 'valid4' => true, 'valid6' => false), + 'squench' => array('descrip' => gettext('Source quench'), 'valid4' => true, 'valid6' => false), + 'timerep' => array('descrip' => gettext('Timestamp reply'), 'valid4' => true, 'valid6' => false), + 'timereq' => array('descrip' => gettext('Timestamp'), 'valid4' => true, 'valid6' => false), + 'timex' => array('descrip' => gettext('Time exceeded'), 'valid4' => true, 'valid6' => true), + 'toobig' => array('descrip' => gettext('Packet too big'), 'valid4' => false, 'valid6' => true), + 'trace' => array('descrip' => gettext('Traceroute'), 'valid4' => true, 'valid6' => false), + 'unreach' => array('descrip' => gettext('Destination unreachable'), 'valid4' => true, 'valid6' => true), + 'wrurep' => array('descrip' => gettext('Who are you reply'), 'valid4' => false, 'valid6' => true), + 'wrureq' => array('descrip' => gettext('Who are you request'), 'valid4' => false, 'valid6' => true) ); /* @@ -2798,12 +2784,12 @@ function filter_generate_user_rule($rule) { } $aline['dst'] = "to $dst "; - if (($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet")) { - $aline['icmp-type'] = "icmp-type {$rule['icmptype']} "; - } - if (($rule['protocol'] == "icmp") && $rule['icmptype'] && ($rule['ipprotocol'] == "inet6")) { - $aline['icmp6-type'] = "icmp6-type {$rule['icmptype']} "; + if ($rule['protocol'] == "icmp" && $rule['icmptype']) { + $icmptype_key = ($rule['ipprotocol'] == 'inet' ? 'icmp-type' : 'icmp6-type'); + $icmptype_text = (strpos($rule['icmptype'], ",") === false ? $rule['icmptype'] : '{ ' . $rule['icmptype'] . ' }'); + $aline[$icmptype_key] = "{$icmptype_key} {$icmptype_text} "; } + if (!empty($rule['tag'])) { $aline['tag'] = " tag \"" .$rule['tag']. "\" "; } |
