diff options
author | jim-p <jimp@pfsense.org> | 2016-12-28 14:43:33 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-02-10 12:42:17 -0500 |
commit | 4cdd0103a05a806c6b48f4b3c6501d487fcb6e62 (patch) | |
tree | 9ea0ca25e384b9a357f2757f54cb09f7dd29bcd7 /src | |
parent | 3093b9653527806a34bf758b03ee395ec1639692 (diff) | |
download | pfsense-4cdd0103a05a806c6b48f4b3c6501d487fcb6e62.zip pfsense-4cdd0103a05a806c6b48f4b3c6501d487fcb6e62.tar.gz |
Add playback scripts to drill into pf tables and anchors to list their contents.
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/phpshellsessions/pfanchordrill | 37 | ||||
-rw-r--r-- | src/etc/phpshellsessions/pftabledrill | 25 |
2 files changed, 62 insertions, 0 deletions
diff --git a/src/etc/phpshellsessions/pfanchordrill b/src/etc/phpshellsessions/pfanchordrill new file mode 100644 index 0000000..80e1e00 --- /dev/null +++ b/src/etc/phpshellsessions/pfanchordrill @@ -0,0 +1,37 @@ +/* + * pfanchordrill + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2016 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* Recursively check anchors for rules/nat and also for anchors inside anchors (like those used by relayd) */ +function anchor_recurse($name = '') { + $anchor_list = ""; + if ($name) { + $name = ' -a ' . escapeshellarg($name); + } + exec("/sbin/pfctl -sA{$name} 2>&1", $anchor_list); + foreach ($anchor_list as $anchor) { + $anchor = trim($anchor); + echo "\n{$anchor} rules/nat contents:\n"; + system("/sbin/pfctl -a " . escapeshellarg($anchor) . " -sn"); + system("/sbin/pfctl -a " . escapeshellarg($anchor) . " -sr"); + anchor_recurse($anchor); + } +} + +/* Start with a the root list of anchors */ +anchor_recurse();
\ No newline at end of file diff --git a/src/etc/phpshellsessions/pftabledrill b/src/etc/phpshellsessions/pftabledrill new file mode 100644 index 0000000..5b084c1 --- /dev/null +++ b/src/etc/phpshellsessions/pftabledrill @@ -0,0 +1,25 @@ +/* + * pftabledrill + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2016 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +$table_list = ""; +exec("/sbin/pfctl -sT 2>&1", $table_list); +foreach ($table_list as $table) { + echo "\n{$table} contents:\n"; + system("/sbin/pfctl -T show -t " . escapeshellarg($table)); +}
\ No newline at end of file |