diff options
-rw-r--r-- | etc/inc/filter.inc | 33 | ||||
-rw-r--r-- | etc/inc/services.inc | 1 | ||||
-rw-r--r-- | etc/inc/util.inc | 28 | ||||
-rwxr-xr-x | usr/local/sbin/ppp-linkdown | 5 | ||||
-rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 2 | ||||
-rw-r--r-- | usr/local/www/wizards/setup_wizard.xml | 2 |
6 files changed, 46 insertions, 25 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0e2bf2e..2e305f0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -170,9 +170,11 @@ function filter_delete_states_for_down_gateways() { if (!is_ipaddr($gwip)) $gwip = get_interface_gateway($gateway['friendlyiface']); if (is_ipaddr($gwstatus['srcip'])) { - $cmd = "/sbin/pfctl -b {$gwstatus['srcip']} "; + $cmd = "/sbin/pfctl -b {$gwstatus['srcip']}/32 "; if (is_ipaddr($gwip)) - $cmd .= "-b {$gwip}"; + $cmd .= "-b {$gwip}/32"; + else + $cmd .= "-b 0.0.0.0/32"; mwexec($cmd); } } @@ -452,21 +454,13 @@ function filter_generate_scrubing() { return $scrubrules; } -function get_alias_type($name) { - global $config; - - foreach ($config['aliases']['alias'] as $alias) - if ($name == $alias['name']) - return $alias['type']; - return ""; -} - function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddrnesting) { global $aliastable, $filterdns; $addresses = split(" ", $alias); $finallist = ""; $builtlist = ""; + $urltable_nesting = ""; $aliasnesting[$name] = $name; foreach ($addresses as $address) { if (empty($address)) @@ -474,13 +468,18 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr $linelength = strlen($builtlist); $tmpline = ""; if(is_alias($address)) { - if (get_alias_type($address) == 'urltable'){ + if (alias_get_type($address) == 'urltable') { // Feature#1603. For this type of alias we do not need to recursively call filter_generate_nested_alias. Just load IPs from the file. - $urlfn = alias_expand_urltable($address); - if ($file_as_arr=file($urlfn)){ - foreach($file_as_arr as $line){ + $urltable_netsting = alias_expand_urltable($address); + if (!empty($urltable_nesting)) { + $urlfile_as_arr = file($urltable_nesting); + foreach($urlfile_as_arr as $line) { $address= rtrim($line); - $tmpline .= " $address"; + if ((strlen($tmpline) + $linelength) > 4036) { + $finallist .= "{$tmpline} \\\n"; + $tmpline = ""; + } + $tmpline .= " {$address}"; } } } @@ -493,7 +492,7 @@ function filter_generate_nested_alias($name, $alias, &$aliasnesting, &$aliasaddr continue; } $aliasaddrnesting[$address] = $address; - $tmpline = " $address"; + $tmpline = " {$address}"; } if ((strlen($tmpline)+ $linelength) > 4036) { $finallist .= "{$builtlist} \\\n"; diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 88c69b7..e731357 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -1734,6 +1734,7 @@ function configure_cron() { } function upnp_action ($action) { + global $g, $config; switch($action) { case "start": if (file_exists('/var/etc/miniupnpd.conf')) { diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 4fba852..2fb8d8f 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -952,6 +952,7 @@ function alias_make_table($config) { } } } + /* check if an alias exists */ function is_alias($name) { global $aliastable; @@ -959,6 +960,19 @@ function is_alias($name) { return isset($aliastable[$name]); } +function alias_get_type($name) { + global $config; + + if (is_array($config['aliases']['alias'])) { + foreach ($config['aliases']['alias'] as $alias) { + if ($name == $alias['name']) + return $alias['type']; + } + } + + return ""; +} + /* expand a host or network alias, if necessary */ function alias_expand($name) { global $aliastable; @@ -976,12 +990,14 @@ function alias_expand_urltable($name) { $urltable_prefix = "/var/db/aliastables/"; $urltable_filename = $urltable_prefix . $name . ".txt"; - foreach ($config['aliases']['alias'] as $alias) { - if (($alias['type'] == 'urltable') && ($alias['name'] == $name)) { - if (is_URL($alias["url"]) && file_exists($urltable_filename) && filesize($urltable_filename)) - return $urltable_filename; - else if (process_alias_urltable($name, $alias["url"], 0, true)) - return $urltable_filename; + if (is_array($config['aliases']['alias'])) { + foreach ($config['aliases']['alias'] as $alias) { + if (($alias['type'] == 'urltable') && ($alias['name'] == $name)) { + if (is_URL($alias["url"]) && file_exists($urltable_filename) && filesize($urltable_filename)) + return $urltable_filename; + else if (process_alias_urltable($name, $alias["url"], 0, true)) + return $urltable_filename; + } } } return null; diff --git a/usr/local/sbin/ppp-linkdown b/usr/local/sbin/ppp-linkdown index 1170d2f..a20d966 100755 --- a/usr/local/sbin/ppp-linkdown +++ b/usr/local/sbin/ppp-linkdown @@ -6,7 +6,10 @@ fi if [ -f "/tmp/${interface}_defaultgw" ]; then route delete default $4 fi -# /sbin/pfctl -b $3 -b $4 +/sbin/pfctl -k 0.0.0.0/0 -k $3 +/sbin/pfctl -k $3 +pfctl -K $3 +/sbin/pfctl -b 0.0.0.0/32 -b $4 # delete the node just in case mpd cannot do that /usr/sbin/ngctl shutdown $1: if [ -f "/var/etc/nameserver_$1" ]; then diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 916e408..3d44694 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -254,7 +254,7 @@ if ($_POST) { if (!alias_same_type($_POST["address{$x}"], $_POST['type'])) // But alias type network can include alias type urltable. Feature#1603. if (!($_POST['type'] == 'network' && - get_alias_type($_POST["address{$x}"]) == 'urltable')) + alias_get_type($_POST["address{$x}"]) == 'urltable')) $wrongaliases .= " " . $_POST["address{$x}"]; } else if ($_POST['type'] == "port") { if (!is_port($_POST["address{$x}"])) diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index 401be3e..08870e1 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -590,6 +590,8 @@ } unset($config['wizardtemp']); write_config(); + interface_reconfigure("wan"); + interface_reconfigure("lan"); reload_all(); mwexec_bg("/etc/rc.update_bogons.sh now"); ]]> |