From ffecf891209570563d982554fca069b0e2a4be1a Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Sat, 21 Apr 2007 23:22:34 +0000 Subject: Use skipto type ipfw rules so that the pass type rules will not bail out of the ipfw ruleset and keep processing at the next rule. --- etc/inc/pfsense-utils.inc | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) (limited to 'etc/inc/pfsense-utils.inc') diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 1184e3a..2a72de5 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -102,7 +102,7 @@ function tdr_install_cron($should_install) { * text string with ipfw rule already formatted ******/ function tdr_create_ipfw_rule($rule, $type) { - global $config, $g; + global $config, $g, $tdr_get_next_ipfw_rule; $wancfg = $config['interfaces']['wan']; $lancfg = $config['interfaces']['lan']; @@ -455,7 +455,15 @@ function tdr_create_ipfw_rule($rule, $type) { if($aline['prot'] == "") $aline['prot'] = "ip "; - + + tdr_get_next_ipfw_rule(); + + /* piece together the actual user rule */ + if($type == "allow") { + $next_rule = tdr_get_next_ipfw_rule+2; + $type = "skipto $next_rule"; + } + /* piece together the actual user rule */ $line .= $type . " " . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['dst'] . $aline['dstport'] . " in recv " . $aline['interface']; @@ -473,9 +481,26 @@ function tdr_create_ipfw_rule($rule, $type) { * none ******/ function tdr_install_rule($rule) { - mwexec("/sbin/ipfw -f add 2 set 9 $rule"); + global $tdr_next_ipfw_rule; + mwexec("/sbin/ipfw -f add $tdr_next_ipfw_rule set 9 $rule"); + $tdr_next_ipfw_rule++; } +/****f* pfsense-utils/tdr_get_next_ipfw_rule + * NAME + * tdr_get_next_ipfw_rule + * INPUTS + * none + * RESULT + * returns the next available ipfw rule number + ******/ +function tdr_get_next_ipfw_rule() { + global $tdr_next_ipfw_rule; + if(!$tdr_next_ipfw_rule) + $tdr_next_ipfw_rule = 2; + return $tdr_next_ipfw_rule; + } + /****f* pfsense-utils/tdr_install_set * NAME * tdr_install_set @@ -594,6 +619,7 @@ function tdr_day($schedule) { $weekday = 7; $date = date("d"); $defined_days = split(",", $schedule); + log_error("[TDR DEBUG] tdr_day($schedule)"); foreach($defined_days as $dd) { if($date == $dd) { return true; @@ -609,6 +635,7 @@ function tdr_hour($schedule) { $starting_time = strtotime($tmp[0]); $ending_time = strtotime($tmp[1]); $now = strtotime("now"); + log_error("[TDR DEBUG] S: $starting_time E: $ending_time N: $now"); if($now >= $starting_time and $now <= $ending_time) { return true; } @@ -625,6 +652,7 @@ function tdr_position($schedule) { */ global $debug; $weekday = date("w"); + log_error("[TDR DEBUG] tdr_position($schedule) $weekday"); if ($weekday == 0) $weekday = 7; $schedule_days = split(",", $schedule); @@ -643,6 +671,7 @@ function tdr_month($schedule) { global $debug; $todays_month = date("n"); $months = split(",", $schedule); + log_error("[TDR DEBUG] tdr_month($schedule)"); foreach($months as $month) { if($month == $todays_month) { return true; -- cgit v1.1