From d03994109f46f2b664b0dc6d933b7dadf27b9e60 Mon Sep 17 00:00:00 2001 From: smos Date: Fri, 11 Feb 2011 08:22:11 +0100 Subject: Do not resolve the dyndns hostnames during boot. With many tunnels that have a hostname this can cause huge boot issues if the DNS server is slow or not responding at all. By skipping those but adding them to the DNS watchlist it should reload these later. This should allow the box to start up and forward packets. --- etc/inc/vpn.inc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc index caf8006..8fb2a99 100644 --- a/etc/inc/vpn.inc +++ b/etc/inc/vpn.inc @@ -1677,8 +1677,12 @@ function reload_tunnel_spd_policy($phase1, $phase2, $old_phase1, $old_phase2) { /* see if this tunnel has a hostname for the remote-gateway, and if so, * try to resolve it now and add it to the list for filterdns */ if (!is_ipaddr($phase1['remote-gateway'])) { - $rgip = resolve_retry($phase1['remote-gateway']); - add_hostname_to_watch($phase1['remote-gateway']); + if(! $g['booting']) { + $rgip = resolve_retry($phase1['remote-gateway']); + add_hostname_to_watch($phase1['remote-gateway']); + } else { + add_hostname_to_watch($phase1['remote-gateway']); + } if (!$rgip) { log_error("Could not determine VPN endpoint for '{$phase1['descr']}'"); return false; -- cgit v1.1 From a39c7dae5c762a77680634e821005d8fdf68b0c1 Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 11 Feb 2011 17:18:36 +0000 Subject: Allow action match to be passed down to pf. --- etc/inc/filter.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 6cb9f1f..092060f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1706,7 +1706,7 @@ function filter_generate_user_rule($rule) { } update_filter_reload_status("Setting up pass/block rules"); $type = $rule['type']; - if($type != "pass" && $type != "block" && $type != "reject") { + if($type != "pass" && $type != "block" && $type != "reject" && $type != "match") { /* default (for older rules) is pass */ $type = "pass "; } -- cgit v1.1 From a391d0ab1255b11f6f2d1778423fe54e8fc9258b Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 11 Feb 2011 17:26:38 +0000 Subject: Allow match action on Floating rules and exposed it with name Queue. More validation is needed. --- usr/local/www/firewall_rules_edit.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 89d4ac8..d869ae6 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -196,6 +196,9 @@ if ($_POST) { if ($_POST['type'] == "reject" && $_POST['proto'] <> "tcp") $input_errors[] = gettext("Reject type rules only works when the protocol is set to TCP."); + if ($_POST['type'] == "match" && $_POST['defaultqueue'] == "none") + $input_errors[] = gettext("Queue type rules only work with queues."); + if (($_POST['proto'] != "tcp") && ($_POST['proto'] != "udp") && ($_POST['proto'] != "tcp/udp")) { $_POST['srcbeginport'] = 0; $_POST['srcendport'] = 0; @@ -602,6 +605,9 @@ include("head.inc"); + + +
-- cgit v1.1 From b3205cc39e7b418eebbe5e97dc85261c1c2caf09 Mon Sep 17 00:00:00 2001 From: Ermal Date: Fri, 11 Feb 2011 17:32:10 +0000 Subject: Convert the shapers to the match action so the generated rules do not impact the filtering policy implemented. --- usr/local/www/wizards/traffic_shaper_wizard.inc | 7 +++++++ usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc | 7 +++++++ usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc | 7 +++++++ usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc | 7 +++++++ 4 files changed, 28 insertions(+) diff --git a/usr/local/www/wizards/traffic_shaper_wizard.inc b/usr/local/www/wizards/traffic_shaper_wizard.inc index b684fb6..7869309 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard.inc @@ -949,6 +949,7 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -968,6 +969,7 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); $rule['direction'] = "out"; $rule['protocol'] = "udp"; @@ -982,6 +984,7 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; $rule['direction'] = "out"; $rule['protocol'] = "udp"; @@ -998,6 +1001,7 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule = array(); $rule['defaultqueue'] = 'qVoIP'; $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1021,6 +1025,7 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule = array(); $rule['defaultqueue'] = 'qP2P'; $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1043,6 +1048,7 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule = array(); $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; @@ -1068,6 +1074,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule = array(); switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ diff --git a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc index b59c5a7..88a6296 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_dedicated.inc @@ -1006,6 +1006,7 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1025,6 +1026,7 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); $rule['direction'] = "out"; $rule['protocol'] = "udp"; @@ -1039,6 +1041,7 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; $rule['direction'] = "out"; $rule['protocol'] = "udp"; @@ -1055,6 +1058,7 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1078,6 +1082,7 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1100,6 +1105,7 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; @@ -1125,6 +1131,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc index c6347da..f33283a 100755 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_all.inc @@ -1039,6 +1039,7 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1058,6 +1059,7 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); $rule['direction'] = "out"; $rule['protocol'] = "udp"; @@ -1072,6 +1074,7 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; $rule['direction'] = "out"; $rule['protocol'] = "udp"; @@ -1088,6 +1091,7 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1111,6 +1115,7 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1133,6 +1138,7 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; @@ -1158,6 +1164,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ diff --git a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc index a5de47e..ab22b93 100644 --- a/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc +++ b/usr/local/www/wizards/traffic_shaper_wizard_multi_lan.inc @@ -1178,6 +1178,7 @@ function apply_all_choosen_items() { if ($penalty) { if( is_ipaddr($config['ezshaper']['step4']['address']) || is_alias($config['ezshaper']['step4']['address'])) { $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("Penalty Box"); $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1197,6 +1198,7 @@ function apply_all_choosen_items() { if( is_ipaddr($config['ezshaper']['step3']['address']) || is_alias($config['ezshaper']['step3']['address'])) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = gettext("VOIP Adapter"); $rule['direction'] = "out"; $rule['protocol'] = "udp"; @@ -1211,6 +1213,7 @@ function apply_all_choosen_items() { } elseif( $config['ezshaper']['step3']['provider'] == "Generic" ) { /* create VOIP rules */ $rule = array(); + $rule['type'] = "match"; $rule['descr'] = "DiffServ/Lowdelay/Upload"; $rule['direction'] = "out"; $rule['protocol'] = "udp"; @@ -1227,6 +1230,7 @@ function apply_all_choosen_items() { /* loop through voiplist[] */ foreach ($voiplist[$config['ezshaper']['step3']['provider']] as $voip) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qVoIP'; $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1250,6 +1254,7 @@ function apply_all_choosen_items() { continue; foreach ($p2plist[$key] as $p2pclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qP2P'; $rule['direction'] = "out"; $rule['source']['any'] = TRUE; @@ -1272,6 +1277,7 @@ function apply_all_choosen_items() { continue; foreach ($gamesplist[$key] as $Gameclient) { $rule = array(); + $rule['type'] = "match"; $rule['defaultqueue'] = 'qGames'; if ($Gameclient[1] == "tcp") $rule['ackqueue'] = 'qACK'; @@ -1297,6 +1303,7 @@ function apply_all_choosen_items() { continue; foreach ($othersplist[$key] as $otherclient) { $rule = array(); + $rule['type'] = "match"; switch ($val) { case "H": $rule['defaultqueue'] = 'qOthersHigh'; /* posted value H or L */ -- cgit v1.1