summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/captiveportal.inc40
-rw-r--r--etc/inc/filter.inc25
-rwxr-xr-xetc/rc.bootup2
3 files changed, 31 insertions, 36 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index 5112e98..dfe6bab 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -36,7 +36,7 @@
added rules which may have been created by other per-user code (index.php, etc).
These changes are (c) 2004 Keycom PLC.
- pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl /sbin/kldunload
+ pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl
pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl
pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp
pfSense_MODULE: captiveportal
@@ -204,10 +204,37 @@ EOD;
return $htmltext;
}
+function captiveportal_load_modules() {
+ global $config;
+
+ mute_kernel_msgs();
+ if (!is_module_loaded("ipfw.ko")) {
+ mwexec("/sbin/kldload ipfw");
+ /* make sure ipfw is not on pfil hooks */
+ mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"pf\" net.inet6.ip6.pfil.inbound=\"pf\"" .
+ " net.inet.ip.pfil.outbound=\"pf\" net.inet6.ip6.pfil.outbound=\"pf\"");
+ }
+ /* Always load dummynet now that even allowed ip and mac passthrough use it. */
+ if (!is_module_loaded("dummynet.ko")) {
+ mwexec("/sbin/kldload dummynet");
+ mwexec("/sbin/sysctl net.inet.ip.dummynet.io_fast=1 net.inet.ip.dummynet.hash_size=256");
+ }
+ unmute_kernel_msgs();
+
+ /* XXX: This are not used in pfSense, if needed can be tuned
+ if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) {
+ mwexec("sysctl net.inet.ip.fw.dyn_max={$config['system']['maximumstates']}");
+ } else {
+ mwexec("sysctl net.inet.ip.fw.dyn_max=10000");
+ }
+ */
+}
+
function captiveportal_configure() {
global $config, $cpzone;
if (is_array($config['captiveportal'])) {
+ captiveportal_load_modules();
mwexec("/sbin/sysctl net.link.ether.ipfw=1");
foreach ($config['captiveportal'] as $cpkey => $cp) {
$cpzone = $cpkey;
@@ -491,6 +518,8 @@ function captiveportal_init_rules($reinit = false) {
if (!isset($config['captiveportal'][$cpzone]['enable']))
return;
+ captiveportal_load_modules();
+
$cpips = array();
$ifaces = get_configured_interface_list();
$cpinterfaces = explode(",", $config['captiveportal'][$cpzone]['interface']);
@@ -530,15 +559,6 @@ function captiveportal_init_rules($reinit = false) {
/* init dummynet/ipfw rules number database */
captiveportal_init_ipfw_ruleno();
- /* make sure ipfw is loaded */
- if (!is_module_loaded("ipfw.ko"))
- filter_load_ipfw();
- /* Always load dummynet now that even allowed ip and mac passthrough use it. */
- if (!is_module_loaded("dummynet.ko")) {
- mwexec("/sbin/kldload dummynet");
- mwexec("/sbin/sysctl net.inet.ip.dummynet.io_fast=1 net.inet.ip.dummynet.hash_size=256");
- }
-
$cprules = "add 65291 set 1 allow pfsync from any to any\n";
$cprules .= "add 65292 set 1 allow carp from any to any\n";
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 09d689c..bfd5b17 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -83,31 +83,6 @@ function flowtable_configure() {
}
}
-function filter_load_ipfw() {
- global $config;
-
- if(!is_module_loaded("ipfw.ko")) {
- mute_kernel_msgs();
- mwexec("/sbin/kldload ipfw");
- unmute_kernel_msgs();
- /*
- * make sure ipfw is the first hook to make CP and schedules work
- * correctly on Multi-WAN.
- */
- mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"pf\" net.inet6.ip6.pfil.inbound=\"pf\"" .
- " net.inet.ip.pfil.outbound=\"pf\" net.inet6.ip6.pfil.outbound=\"pf\"");
- }
-
- /* XXX: This are not used in pfSense, keep?! Set ipfw state limit */
- if($config['system']['maximumstates'] <> "" && is_numeric($config['system']['maximumstates'])) {
- /* Set ipfw states to user defined maximum states in Advanced menu. */
- mwexec("sysctl net.inet.ip.fw.dyn_max={$config['system']['maximumstates']}");
- } else {
- /* Set to default 10,000 */
- mwexec("sysctl net.inet.ip.fw.dyn_max=10000");
- }
-}
-
function filter_pflog_start($kill_first = false) {
global $config, $g;
if ($g['platform'] == 'jail')
diff --git a/etc/rc.bootup b/etc/rc.bootup
index 48fe740..b8bf0e3 100755
--- a/etc/rc.bootup
+++ b/etc/rc.bootup
@@ -440,4 +440,4 @@ led_normalize();
conf_mount_ro();
-?> \ No newline at end of file
+?>
OpenPOWER on IntegriCloud