diff options
author | jim-p <jimp@pfsense.org> | 2016-12-28 14:43:33 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-12-28 14:43:33 -0500 |
commit | b7b2cb7f5a80e0e806fbe0258c58ac85d273a742 (patch) | |
tree | 497decc3f6284e17be33655e76e9b778e0fc3211 /src/etc/phpshellsessions | |
parent | 524b631fe62c86304faccd8498775d8eb0f6741d (diff) | |
download | pfsense-b7b2cb7f5a80e0e806fbe0258c58ac85d273a742.zip pfsense-b7b2cb7f5a80e0e806fbe0258c58ac85d273a742.tar.gz |
Add playback scripts to drill into pf tables and anchors to list their contents.
Diffstat (limited to 'src/etc/phpshellsessions')
-rw-r--r-- | src/etc/phpshellsessions/pfanchordrill | 37 | ||||
-rw-r--r-- | src/etc/phpshellsessions/pftabledrill | 25 |
2 files changed, 62 insertions, 0 deletions
diff --git a/src/etc/phpshellsessions/pfanchordrill b/src/etc/phpshellsessions/pfanchordrill new file mode 100644 index 0000000..80e1e00 --- /dev/null +++ b/src/etc/phpshellsessions/pfanchordrill @@ -0,0 +1,37 @@ +/* + * pfanchordrill + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2016 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* Recursively check anchors for rules/nat and also for anchors inside anchors (like those used by relayd) */ +function anchor_recurse($name = '') { + $anchor_list = ""; + if ($name) { + $name = ' -a ' . escapeshellarg($name); + } + exec("/sbin/pfctl -sA{$name} 2>&1", $anchor_list); + foreach ($anchor_list as $anchor) { + $anchor = trim($anchor); + echo "\n{$anchor} rules/nat contents:\n"; + system("/sbin/pfctl -a " . escapeshellarg($anchor) . " -sn"); + system("/sbin/pfctl -a " . escapeshellarg($anchor) . " -sr"); + anchor_recurse($anchor); + } +} + +/* Start with a the root list of anchors */ +anchor_recurse();
\ No newline at end of file diff --git a/src/etc/phpshellsessions/pftabledrill b/src/etc/phpshellsessions/pftabledrill new file mode 100644 index 0000000..5b084c1 --- /dev/null +++ b/src/etc/phpshellsessions/pftabledrill @@ -0,0 +1,25 @@ +/* + * pftabledrill + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2016 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +$table_list = ""; +exec("/sbin/pfctl -sT 2>&1", $table_list); +foreach ($table_list as $table) { + echo "\n{$table} contents:\n"; + system("/sbin/pfctl -T show -t " . escapeshellarg($table)); +}
\ No newline at end of file |