aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCharlie <root@testfbsd8.localdomain>2009-07-08 14:45:06 +0000
committerCharlie <root@testfbsd8.localdomain>2009-07-08 14:45:29 +0000
commitcc47995dd0b4f7a44c36a94d6f4feabddc418e12 (patch)
treed54a022f4a72f025e16d50b6ab708b47e7fbecfe
parentdae4090094c2d03a8659d8a1c2e69763f06139bb (diff)
downloadpfsense-packages-cc47995dd0b4f7a44c36a94d6f4feabddc418e12.tar.gz
pfsense-packages-cc47995dd0b4f7a44c36a94d6f4feabddc418e12.tar.bz2
pfsense-packages-cc47995dd0b4f7a44c36a94d6f4feabddc418e12.zip
Add needed code to packages to confirm to 2.0 rules for adding firewall rules. NOTE: other packages might need intervention but for now this is the neccessary minimum to remove dependency on pkg-utils.inc on filter.inc
-rw-r--r--config/clamav.inc3
-rw-r--r--config/clamav.xml1
-rw-r--r--config/frickin/frickin.inc1
-rw-r--r--config/frickin/frickin.xml1
-rw-r--r--config/imspector/imspector.inc17
-rw-r--r--config/imspector/imspector.xml1
-rw-r--r--config/siproxd.inc3
-rw-r--r--config/siproxd.xml3
-rw-r--r--config/spamd.inc31
-rw-r--r--config/spamd.xml3
-rw-r--r--config/squid/squid.inc3
-rw-r--r--config/squid/squid.xml1
12 files changed, 62 insertions, 6 deletions
diff --git a/config/clamav.inc b/config/clamav.inc
index 2e83888c..3aaaf71d 100644
--- a/config/clamav.inc
+++ b/config/clamav.inc
@@ -235,6 +235,7 @@ function clamav_generate_rules($type) {
$rules .= "rdr on $iface proto tcp to port pop3 -> 127.0.0.1 port 8110\n";
break;
case 'filter':
+ case 'rule':
foreach ($ifaces as $iface)
$rules .= "pass quick on $iface proto tcp to port pop3 flags S/SA keep state\n";
break;
@@ -252,7 +253,7 @@ function clamav_generate_rules($type) {
$rules .= "rdr on $iface proto tcp to ($iface) port smtp -> 127.0.0.1 port 10025\n";
}
- else {
+ else if ($type == 'filer' || $type == 'rule') {
foreach ($ifaces as $iface)
$rules .= "pass quick on $iface proto tcp to ($iface) port smtp flags S/SA keep state\n";
}
diff --git a/config/clamav.xml b/config/clamav.xml
index 483a32a6..465c635a 100644
--- a/config/clamav.xml
+++ b/config/clamav.xml
@@ -127,4 +127,5 @@
<custom_php_install_command>
clamav_install_command();
</custom_php_install_command>
+ <filter_rules_needed>clamav_generate_rules</filter_rules_needed>
</packagegui>
diff --git a/config/frickin/frickin.inc b/config/frickin/frickin.inc
index 8b57b8ae..a79345bb 100644
--- a/config/frickin/frickin.inc
+++ b/config/frickin/frickin.inc
@@ -127,6 +127,7 @@ function frickin_generate_rules($type) {
}
break;
case 'filter':
+ case 'rule':
$ext_if = get_real_wan_interface();
$rules .= "pass out on $ext_if proto gre from any to any keep state\n";
$rules .= "pass in on $ext_if proto gre from any to any keep state\n";
diff --git a/config/frickin/frickin.xml b/config/frickin/frickin.xml
index 497d4cd3..4d1d421d 100644
--- a/config/frickin/frickin.xml
+++ b/config/frickin/frickin.xml
@@ -86,4 +86,5 @@
<custom_php_deinstall_command>
frickin_custom_php_deinstall_command();
</custom_php_deinstall_command>
+ <filter_rules_needed>frickin_generate_rules</filter_rules_needed>
</packagegui>
diff --git a/config/imspector/imspector.inc b/config/imspector/imspector.inc
index 09974363..ea4458ce 100644
--- a/config/imspector/imspector.inc
+++ b/config/imspector/imspector.inc
@@ -104,6 +104,23 @@
//exec('pkg_delete imspector-0.4');
}
+ function imspector_generate_rules($type) {
+
+ $rules = "";
+ switch ($type) {
+ case 'rdr':
+ $rules = "# IMSpector rdr anchor\n";
+ $rules .= "rdr-anchor \"imspector\"\n";
+ break;
+ case 'rule':
+ $rules = "# IMSpector \n";
+ $rules .= "anchor \"miniupnpd\"\n";
+ break;
+ }
+
+ return $rules;
+ }
+
function sync_package_imspector() {
global $config;
global $input_errors;
diff --git a/config/imspector/imspector.xml b/config/imspector/imspector.xml
index afdcdcf0..c7595b9a 100644
--- a/config/imspector/imspector.xml
+++ b/config/imspector/imspector.xml
@@ -218,4 +218,5 @@
<custom_php_deinstall_command>
deinstall_package_imspector();
</custom_php_deinstall_command>
+ <filter_rules_needed>imspector_generate_rules</filter_rules_needed>
</packagegui>
diff --git a/config/siproxd.inc b/config/siproxd.inc
index be1ac196..147eee31 100644
--- a/config/siproxd.inc
+++ b/config/siproxd.inc
@@ -73,6 +73,7 @@ function siproxd_generate_rules($type) {
}
break;
case 'filter':
+ case 'rule':
foreach ($ifaces as $iface) {
$rules .= "# allow SIP signaling and RTP traffic\n";
$rules .= "pass in quick on {$iface} proto udp from any to any port = {$port}\n";
@@ -193,4 +194,4 @@ function sync_package_siproxd() {
conf_mount_ro();
}
-?> \ No newline at end of file
+?>
diff --git a/config/siproxd.xml b/config/siproxd.xml
index c79c722f..f4e1bd0b 100644
--- a/config/siproxd.xml
+++ b/config/siproxd.xml
@@ -170,4 +170,5 @@
</custom_add_php_command>
<custom_php_resync_config_command>
</custom_php_resync_config_command>
-</packagegui> \ No newline at end of file
+ <filter_rules_needed>siproxd_generate_rules</filter_rules_needed>
+</packagegui>
diff --git a/config/spamd.inc b/config/spamd.inc
index 3088d037..6ee72ad7 100644
--- a/config/spamd.inc
+++ b/config/spamd.inc
@@ -160,6 +160,35 @@ function sync_package_spamd() {
log_error("SpamD setup completed");
}
+function spamd_generate_rules($type) {
+ global $config;
+
+ $natrules = "";
+ switch($type) {
+ case 'rdr':
+ $natrules .= "\n# spam table \n";
+ $wanif = $FilterIflist["wan"]['if'];
+ $natrules .= "table <whitelist> persist\n";
+ $natrules .= "table <blacklist> persist\n";
+ $natrules .= "table <spamd> persist\n";
+ if(file_exists("/var/db/whitelist.txt"))
+ $natrules .= "table <spamd-white> persist file \"/var/db/whitelist.txt\"\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from <blacklist> to port smtp -> 127.0.0.1 port spamd\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from <spamd> to port smtp -> 127.0.0.1 port spamd\n";
+ $natrules .= "rdr pass on {$wanif} proto tcp from !<spamd-white> to port smtp -> 127.0.0.1 port spamd\n";
+ if($config['installedpackages']['spamdsettings']['config'])
+ foreach($config['installedpackages']['spamdsettings']['config'] as $ss)
+ $nextmta = $ss['nextmta'];
+ if($nextmta <> "") {
+ $natrules .= "rdr pass on {$wanif} proto tcp from <spamd-white> to port smtp -> {$nextmta} port smtp\n";
+ }
+
+ break;
+ }
+
+ return $natrules;
+}
+
function remove_spaces($string) {
$string = str_replace(" ", "", $string);
return $string;
@@ -286,4 +315,4 @@ function spamd_validate_input($post, $input_errors) {
}
}
-?> \ No newline at end of file
+?>
diff --git a/config/spamd.xml b/config/spamd.xml
index a065c0a8..5bbc5d71 100644
--- a/config/spamd.xml
+++ b/config/spamd.xml
@@ -207,4 +207,5 @@
<custom_php_deinstall_command>
custom_php_deinstall_command();
</custom_php_deinstall_command>
-</packagegui> \ No newline at end of file
+ <filter_rules_needed>spamd_generate_rules</filter_rules_needed>
+</packagegui>
diff --git a/config/squid/squid.inc b/config/squid/squid.inc
index dbd8267f..4200f02e 100644
--- a/config/squid/squid.inc
+++ b/config/squid/squid.inc
@@ -1268,6 +1268,7 @@ function squid_generate_rules($type) {
$rules .= "\n";
break;
case 'filter':
+ case 'rule':
foreach ($ifaces as $iface) {
$rules .= "# Setup squid pass rules for proxy\n";
$rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
@@ -1288,4 +1289,4 @@ function squid_generate_rules($type) {
return $rules;
}
-?> \ No newline at end of file
+?>
diff --git a/config/squid/squid.xml b/config/squid/squid.xml
index a119e647..7f2c1627 100644
--- a/config/squid/squid.xml
+++ b/config/squid/squid.xml
@@ -330,4 +330,5 @@
squid_deinstall_command();
exec("/bin/rm -f /usr/local/etc/rc.d/squid*");
</custom_php_deinstall_command>
+ <filter_rules_needed>squid_generate_rules</filter_rules_needed>
</packagegui>