From b73eda208e9ebb945018fc31290babe483e0e4cd Mon Sep 17 00:00:00 2001 From: Chris Buechler Date: Mon, 24 Dec 2007 07:44:26 +0000 Subject: Revert broken OPT interface removal commit. This breaks configurations entirely, worse than just improperly shifting configuration items. Ticket #1532 --- etc/inc/filter.inc | 22 +++++++++------------- etc/inc/pfsense-utils.inc | 27 ++++++++++++++++----------- 2 files changed, 25 insertions(+), 24 deletions(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7d67a5b..6ef7870 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1337,12 +1337,10 @@ function generate_user_filter_rule_arr($rule, $ngcounter) { $line = generate_user_filter_rule($rule, $ngcounter); $ret['rule'] = $line; $ret['interface'] = $rule['interface']; - if ($line[0] != '#') { - if($rule['descr'] != "" and $line != "") - $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', $rule['descr']) . "\""; - else - $ret['descr'] = "label \"USER_RULE\""; - } + if($rule['descr'] != "" and $line != "") + $ret['descr'] = "label \"USER_RULE: " . str_replace('"', '', $rule['descr']) . "\""; + else + $ret['descr'] = "label \"USER_RULE\""; $ret['ackq'] = get_ack_queue($rule['interface']); return $ret; @@ -1395,7 +1393,7 @@ function generate_user_filter_rule($rule, $ngcounter) { /* don't include disabled rules */ if (isset($rule['disabled'])) { - return "# rule " . $rule['descr'] . " disabled "; + return "# rule " . $rule['descr'] . " disabled \n"; } $pptpdcfg = $config['pptpd']; @@ -1433,8 +1431,6 @@ function generate_user_filter_rule($rule, $ngcounter) { if($config['pppoe']['n_pppoe_units'] <> "") $nif = $config['pppoe']['n_pppoe_units']; $ispppoe = true; - } else if(!isset($rule['interface'])) { - return '# Interface empty for rule: '.$rule['descr']; } else { /* Check to see if the interface is opt and in our opt list */ @@ -2891,10 +2887,10 @@ anchor "imspector" anchor "miniupnpd" #--------------------------------------------------------------------------- -# default deny rules +# default rules (just to be sure) #--------------------------------------------------------------------------- -block in $log quick all label "Default deny rule" -block out $log quick all label "Default deny rule" +block in $log quick all label "Default block all just to be sure." +block out $log quick all label "Default block all just to be sure." EOD; @@ -3298,4 +3294,4 @@ function return_vpn_subnet($adr) { } -?> +?> \ No newline at end of file diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index bfc3808..38228bd 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -2452,15 +2452,21 @@ function cleanup_opt_interfaces_after_removal($opt_interface_num) { unlink_if_exists("{$g['tmp_path']}/config.cache"); $config_file = file_get_contents("/cf/conf/config.xml"); /* loop through and reassign deleted items */ - $orig = array('opt'.$opt_interface_num,'OPT'.$opt_interface_num); - $repl = array('optXXXX','OPTXXXX'); - for ($i = $opt_interface_num+1; isset ($config['interfaces']['opt' . $i]); $i++) { - array_push($orig,'opt'.$i); - array_push($repl,'opt'.($i -1)); - array_push($orig,'OPT'.$i); - array_push($repl,'OPT'.($i -1)); - } - $config_file = str_replace($orig, $repl, $config_file); + for ($i = 500; isset ($config['interfaces']['opt' . $i]); $i--) { + if ($i < $opt_interface_num) + break; + if ($i == $opt_interface_num) { + /* item should be deleted */ + str_replace("opt" . $i, "optXXXX", $config_file); + } + } + /* loop through and reassign optional items */ + for ($i = 500; isset ($config['interfaces']['opt' . $i]); $i--) { + if ($i < $opt_interface_num) + break; + /* replace opt$i with $i -1 */ + str_replace("opt" . $i, "opt" . ($i -1), $config_file); + } $fd = fopen("/cf/conf/config.xml", "w"); fwrite($fd, $config_file); fclose($fd); @@ -2484,7 +2490,6 @@ function cleanup_opt_interfaces_after_removal($opt_interface_num) { if($config['nat']['rule'][$x]['interface'] == "optXXXX") unset($config['nat']['rule'][$x]['interface']); } - write_config(); conf_mount_ro(); config_unlock(); return true; @@ -3617,4 +3622,4 @@ function is_wan_interface_up($interface) { return false; } -?> +?> \ No newline at end of file -- cgit v1.1