diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 24 | ||||
| -rw-r--r-- | etc/inc/pfsense-utils.inc | 46 | ||||
| -rw-r--r-- | etc/version | 2 |
3 files changed, 47 insertions, 25 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index bd8aede..450155e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -521,8 +521,10 @@ function filter_generate_aliases() { $aliases .= "table <sshlockout> persist\n"; $aliases .= "table <webConfiguratorlockout> persist\n"; - $aliases .= "#Snort2C table\n"; + $aliases .= "#pfSnortSam tables\n"; $aliases .= "table <snort2c>\n"; + $aliases .= "table <pfSnortSamout>\n"; + $aliases .= "table <pfSnortSamin>\n"; $aliases .= "\ntable <virusprot>\n"; @@ -1125,14 +1127,22 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " if($src == "") $src = "any"; /* Match on this source port */ - if($srcport != "") - $src .= " port {$srcport}"; + if($srcport != "") { + $srcportexpand = alias_expand($srcport); + if(!$srcportexpand) + $srcportexpand = $srcport; + $src .= " port {$srcportexpand}"; + } /* sometimes this gets called with "" instead of a value */ if($dst == "") $dst = "any"; /* Match on this dest port */ - if($dstport != "") - $dst .= " port {$dstport}"; + if($dstport != "") { + $dstportexpand = alias_expand($dstport); + if(!$dstportexpand) + $dstportexpand = $dstport; + $dst .= " port {$dstportexpand}"; + } /* outgoing static-port option, hamachi, Grandstream, VOIP, etc */ $staticnatport_txt = ""; if($staticnatport) @@ -2126,9 +2136,11 @@ EOD; $ipfrules .= <<<EOD -# snort2c +# pfSnortSam block quick from <snort2c> to any label "Block snort2c hosts" block quick from any to <snort2c> label "Block snort2c hosts" +block quick from <pfSnortSamout> to any label "Block pfSnortSamOut hosts" +block quick from any to <pfSnortSamin> label "Block pfSnortSamIn hosts" EOD; diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index adc3eda..2764135 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -1444,7 +1444,7 @@ function get_freebsd_version() { return $version[0]; } -function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') { +function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body', $connect_timeout=60, $timeout=0) { global $ch, $fout, $file_size, $downloaded; $file_size = 1; $downloaded = 1; @@ -1464,10 +1464,10 @@ function download_file_with_progress_bar($url_file, $destination_file, $readbody curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '60'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $connect_timeout); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - curl_exec($ch); + @curl_exec($ch); $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if($fout) fclose($fout); @@ -1579,29 +1579,39 @@ if(!function_exists("split")) { } } -function update_alias_names_upon_change($section, $subsection, $fielda, $fieldb, $new_alias_name, $origname) { +function update_alias_names_upon_change($section, $field, $new_alias_name, $origname) { global $g, $config, $pconfig, $debug; if(!$origname) return; + $sectionref = &$config; + foreach($section as $sectionname) { + if(is_array($sectionref) && isset($sectionref[$sectionname])) + $sectionref = &$sectionref[$sectionname]; + else + return; + } + if($debug) $fd = fopen("{$g['tmp_path']}/print_r", "a"); if($debug) fwrite($fd, print_r($pconfig, true)); - if($fieldb) { - if($debug) fwrite($fd, "fieldb exists\n"); - for ($i = 0; isset($config["$section"]["$subsection"][$i]["$fielda"]); $i++) { - if($debug) fwrite($fd, "$i\n"); - if($config["$section"]["$subsection"][$i]["$fielda"]["$fieldb"] == $origname) { - if($debug) fwrite($fd, "Setting old alias value $origname to $new_alias_name\n"); - $config["$section"]["$subsection"][$i]["$fielda"]["$fieldb"] = $new_alias_name; + if(is_array($sectionref)) { + foreach($sectionref as $itemkey => $item) { + if($debug) fwrite($fd, "$itemkey\n"); + + $fieldfound = true; + $fieldref = &$sectionref[$itemkey]; + foreach($field as $fieldname) { + if(is_array($fieldref) && isset($fieldref[$fieldname])) + $fieldref = &$fieldref[$fieldname]; + else { + $fieldfound = false; + break; + } } - } - } else { - if($debug) fwrite($fd, "fieldb does not exist\n"); - for ($i = 0; isset($config["$section"]["$subsection"][$i]["$fielda"]); $i++) { - if($config["$section"]["$subsection"][$i]["$fielda"] == $origname) { - $config["$section"]["$subsection"][$i]["$fielda"] = $new_alias_name; + if($fieldfound && $fieldref == $origname) { if($debug) fwrite($fd, "Setting old alias value $origname to $new_alias_name\n"); + $fieldref = $new_alias_name; } } } diff --git a/etc/version b/etc/version index 813dcee..0bd2631 100644 --- a/etc/version +++ b/etc/version @@ -1 +1 @@ -2.0-BETA5 +2.0-BEAT5 |
