aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorstilez <stilezy@gmail.com>2014-02-17 22:47:06 +0000
committerstilez <stilezy@gmail.com>2014-02-17 22:47:06 +0000
commit4b06e8adc9bc8ddd25de359b0d6d130e853483b5 (patch)
tree0dc145067bb0dc8050ef3c6a1b8347e16a4245e1
parentad6e7cb89edbb0849eda4516cb0976fb877bc397 (diff)
downloadpfsense-packages-4b06e8adc9bc8ddd25de359b0d6d130e853483b5.tar.gz
pfsense-packages-4b06e8adc9bc8ddd25de359b0d6d130e853483b5.tar.bz2
pfsense-packages-4b06e8adc9bc8ddd25de359b0d6d130e853483b5.zip
Add PERMIT BOTH option, and minor enhancements
1) Add PERMIT ALL as a list type (allows whitelisting without alias->multiple manual rules) 2) Fix typo "beggining" 3) Improve SWITCH-CASE code flows in 2 places (avoid dup. code) 4) Improve explanatory text for deny/permit Files modified: "pfblocker.inc" "pfblocker_lists.xml"
-rwxr-xr-xconfig/pf-blocker/pfblocker.inc36
1 files changed, 12 insertions, 24 deletions
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc
index c40d742e..9740dce5 100755
--- a/config/pf-blocker/pfblocker.inc
+++ b/config/pf-blocker/pfblocker.inc
@@ -167,15 +167,6 @@ function sync_package_pfblocker($cron="") {
#Create rule if action permits
switch($continent_config['action']){
case "Deny_Both":
- $rule = $base_rule;
- $rule["type"] = $deny_action_inbound;
- $rule["descr"]= "$pfb_alias auto rule";
- $rule["source"]= array("address"=> $pfb_alias);
- $rule["destination"]=array("any"=>"");
- if ($pfblocker_config['enable_log']){
- $rule["log"]="";
- }
- $deny_inbound[]=$rule;
case "Deny_Outbound":
$rule = $base_rule;
$rule["type"] = $deny_action_outbound;
@@ -185,8 +176,9 @@ function sync_package_pfblocker($cron="") {
if ($pfblocker_config['enable_log']){
$rule["log"]="";
}
- $deny_outbound[]=$rule;
- break;
+ $deny_outbound[]=$rule;
+ if ($continent_config['action'] != "Deny_Both")
+ break;
case "Deny_Inbound":
$rule = $base_rule;
$rule["type"] = $deny_action_inbound;
@@ -198,6 +190,7 @@ function sync_package_pfblocker($cron="") {
}
$deny_inbound[]=$rule;
break;
+ case "Permit_Both":
case "Permit_Outbound":
$rule = $base_rule;
$rule["type"] = "pass";
@@ -208,7 +201,8 @@ function sync_package_pfblocker($cron="") {
$rule["log"]="";
}
$permit_outbound[]=$rule;
- break;
+ if ($continent_config['action'] != "Permit_Both")
+ break;
case "Permit_Inbound":
$rule = $base_rule;
$rule["type"] = "pass";
@@ -317,15 +311,6 @@ function sync_package_pfblocker($cron="") {
#Create rule if action permits
switch($list['action']){
case "Deny_Both":
- $rule = $base_rule;
- $rule["type"] = $deny_action_inbound;
- $rule["descr"]= "$alias auto rule";
- $rule["source"]= array("address"=> $alias);
- $rule["destination"]=array("any"=>"");
- if ($pfblocker_config['enable_log']){
- $rule["log"]="";
- }
- $deny_inbound[]=$rule;
case "Deny_Outbound":
$rule = $base_rule;
$rule["type"] = $deny_action_outbound;
@@ -335,8 +320,9 @@ function sync_package_pfblocker($cron="") {
if ($pfblocker_config['enable_log']){
$rule["log"]="";
}
- $deny_outbound[]=$rule;
- break;
+ $deny_outbound[]=$rule;
+ if ($list['action'] != "Deny_Both")
+ break;
case "Deny_Inbound":
$rule = $base_rule;
$rule["type"] = $deny_action_inbound;
@@ -348,6 +334,7 @@ function sync_package_pfblocker($cron="") {
}
$deny_inbound[]=$rule;
break;
+ case "Permit_Both":
case "Permit_Outbound":
$rule = $base_rule;
$rule["type"] = "pass";
@@ -358,7 +345,8 @@ function sync_package_pfblocker($cron="") {
$rule["log"]="";
}
$permit_outbound[]=$rule;
- break;
+ if ($list['action'] != "Permit_Both")
+ break;
case "Permit_Inbound":
$rule = $base_rule;
$rule["type"] = "pass";