From d44798f7a8a0fe54d4e676805c80e8ff82d5e41a Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Tue, 30 Nov 2010 18:59:43 -0500
Subject: Adding webConfiguratorlockout table and code.

---
 etc/inc/filter.inc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 0601cf2..27bbbd4 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -515,6 +515,7 @@ function filter_generate_aliases() {
 
 	$aliases .= "\n#SSH Lockout Table\n";
 	$aliases .= "table <sshlockout> persist\n";
+	$aliases .= "table <webConfiguratorlockout> persist\n";
 
 	$aliases .= "#Snort2C table\n";
 	$aliases .= "table <snort2c>\n";
@@ -2046,6 +2047,17 @@ EOD;
 		$ipfrules .= "block in log quick proto tcp from <sshlockout> to any port {$sshport} label \"sshlockout\"\n";
 	}
 
+	$ipfrules .= "\n# webConfigurator lockout\n";
+	if(!isset($config['webgui']['port'])) {
+		if($config['webgui']['protocol'] == "http") 
+			$webConfiguratorlockoutport = "80";
+		elseif($config['webgui']['protocol'] == "https") 
+			$webConfiguratorlockoutport = "443";
+	} else {
+		$webConfiguratorlockoutport = $config['webgui']['port'];
+	}
+	$ipfrules .= "block in log quick proto tcp from <webConfiguratorlockout> to any port {$webConfiguratorlockoutport} label \"webConfiguratorlockout\"\n";
+
 	/*
 	 * Support for allow limiting of TCP connections by establishment rate
 	 * Useful for protecting against sudden outburts, etc.
-- 
cgit v1.1