diff options
author | doktornotor <notordoktor@gmail.com> | 2015-11-15 22:46:44 +0100 |
---|---|---|
committer | doktornotor <notordoktor@gmail.com> | 2015-11-15 22:46:44 +0100 |
commit | 12a4ff878a41e407aa1a446fb5b6a757c6207706 (patch) | |
tree | 539bbada0a3d893484a4e01375e87dffaee703da | |
parent | 89572c6d988823d5869feec700295c930d14fdbe (diff) | |
download | pfsense-packages-12a4ff878a41e407aa1a446fb5b6a757c6207706.tar.gz pfsense-packages-12a4ff878a41e407aa1a446fb5b6a757c6207706.tar.bz2 pfsense-packages-12a4ff878a41e407aa1a446fb5b6a757c6207706.zip |
pfflowd - add privileges configuration, fixes and cleanups
- Add privileges configuration
- Add Enable checkbox instead of using the foreach() hack
- Validate Source IP as well
-rw-r--r-- | config/pfflowd/pfflowd.xml | 149 |
1 files changed, 69 insertions, 80 deletions
diff --git a/config/pfflowd/pfflowd.xml b/config/pfflowd/pfflowd.xml index 44294d69..25a68a2c 100644 --- a/config/pfflowd/pfflowd.xml +++ b/config/pfflowd/pfflowd.xml @@ -42,138 +42,130 @@ ]]> </copyright> <name>pfflowd</name> - <version>1.0.3</version> - <title>pfflowd: Settings</title> - <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&id=0</aftersaveredirect> + <version>1.0.4</version> + <title>Services: pfflowd Settings</title> + <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml</aftersaveredirect> <menu> <name>pfflowd</name> <tooltiptext>Modify pfflowd settings.</tooltiptext> <section>Services</section> <configfile>pfflowd.xml</configfile> - <url>/pkg_edit.php?xml=pfflowd.xml&id=0</url> + <url>/pkg_edit.php?xml=pfflowd.xml</url> </menu> <service> <name>pfflowd</name> <rcfile>pfflowd.sh</rcfile> <executable>pfflowd</executable> + <description>Netflow Export Daemon</description> </service> <configpath>installedpackages->package->$packagename->configuration->settings</configpath> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/pfflowd/pfflowd.priv.inc</item> + </additional_files_needed> <fields> <field> - <fielddescr>Host</fielddescr> + <fielddescr>Enable pfflowd</fielddescr> + <fieldname>enabled</fieldname> + <description>Check this to enable pfflowd daemon.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Destination Host</fielddescr> <fieldname>host</fieldname> - <description>Specify the host that datagrams are to be sent to.</description> + <description>Specify the IP address of the host that datagrams are to be sent to.</description> <type>input</type> + <required/> </field> <field> - <fielddescr>Port</fielddescr> + <fielddescr>Destination Port</fielddescr> <fieldname>port</fieldname> <description>Enter the port that datagrams are to be sent to.</description> <type>input</type> + <required/> </field> <field> - <fielddescr>Source Hostname/IP</fielddescr> + <fielddescr>Source IP</fielddescr> <fieldname>sourcehost</fieldname> - <description>Specify the hostname or IP address that datagrams are to be sent from. The hostname/IP must be local to this system.</description> + <description> + <![CDATA[ + Specify the IP address that datagrams are to be sent from. <strong>The IP must be local to this system.</strong> + ]]> + </description> <type>input</type> </field> <field> - <fielddescr>pf rule direction restriction</fielddescr> + <fielddescr>pf Rule Direction Restriction</fielddescr> <fieldname>direction</fieldname> <description>Restrict creation of flow records to states matching a certain direction (in, out, or any).</description> <type>select</type> <options> - <option> - <name>Any</name> - <value>any</value> - </option> - <option> - <name>In</name> - <value>in</value> - </option> - <option> - <name>Out</name> - <value>out</value> - </option> + <option><name>Any</name><value>any</value></option> + <option><name>In</name><value>in</value></option> + <option><name>Out</name><value>out</value></option> </options> </field> <field> - <fielddescr>Netflow version</fielddescr> + <fielddescr>Netflow Version</fielddescr> <fieldname>version</fieldname> <description>Select which version of the NetFlow protocol to use.</description> <type>select</type> <options> - <option> - <name>9</name> - <value>9</value> - </option> - <option> - <name>5</name> - <value>5</value> - </option> - <option> - <name>1</name> - <value>1</value> - </option> + <option><name>9</name><value>9</value></option> + <option><name>5</name><value>5</value></option> + <option><name>1</name><value>1</value></option> </options> </field> </fields> <custom_php_global_functions> <![CDATA[ function sync_package_pfflowd() { - conf_mount_rw(); global $config; - foreach ($config['installedpackages']['pfflowd']['config'] as $cf) { - if ($cf['host'] != "") { - $start = "\n/sbin/ifconfig pfsync0 up\n"; - $start .= "/usr/local/sbin/pfflowd "; - $start .= " -n {$cf['host']}"; - if ($cf['port'] != "") { - $start .= ":{$cf['port']}"; - } - if (!empty($cf['sourcehost'])) { - $start .= " -s {$cf['sourcehost']} "; - } - if ($cf['direction'] != "") { - $start .= " -S {$cf['direction']}"; - } - if ($cf['version'] != "") { - $start .= " -v {$cf['version']}"; - } - write_rcfile(array( - "file" => "pfflowd.sh", - "start" => $start, - "stop" => "/usr/bin/killall pfflowd" - ) - ); + conf_mount_rw(); + if (is_array($config['installedpackages']['pfflowd']['config'])) { + $cf = $config['installedpackages']['pfflowd']['config'][0]; + } else { + $cf = array(); + } + if ($cf['enabled'] == "on") { + $start = "\n/sbin/ifconfig pfsync0 up\n"; + $start .= "/usr/local/sbin/pfflowd "; + $start .= " -n {$cf['host']}"; + $start .= ":{$cf['port']}"; + if (!empty($cf['sourcehost'])) { + $start .= " -s {$cf['sourcehost']} "; + } + if ($cf['direction'] != "") { + $start .= " -S {$cf['direction']}"; + } + if ($cf['version'] != "") { + $start .= " -v {$cf['version']}"; + } + write_rcfile(array("file" => "pfflowd.sh", "start" => $start, "stop" => "/usr/bin/killall pfflowd")); + if (is_service_running("pfflowd")) { restart_service("pfflowd"); - break; + } else { + start_service("pfflowd"); + } + } else { + if (is_service_running("pfflowd")) { + stop_service("pfflowd"); } + unlink_if_exists("/usr/local/etc/rc.d/pfflowd.sh"); } conf_mount_ro(); } function validate_form_pfflowd($post, &$input_errors) { - if (($post['host'] == "") || !is_ipaddr($post['host'])) { - $input_errors[] = 'You must specify a valid ip address in the \'Host\' field'; + if ($post['host'] != "" && !is_ipaddr($post['host'])) { + $input_errors[] = 'You must specify a valid IP address in the \'Destination Host\' field'; } - if (($post['port'] == "") || !is_port($post['port'])) { - $input_errors[] = 'You must specify a valid port number in the \'Port\' field'; + if ($post['port'] != "" && !is_port($post['port'])) { + $input_errors[] = 'You must specify a valid port number in the \'Destination Port\' field'; } - } - - function cleanup_config_pfflowd() { - global $a_pkg; - $pffconf = array(); - if (is_array($a_pkg)) { - foreach($a_pkg as $cf) { - if ($cf['host'] != "") { - $pffconf = $cf; - } - } + if ($post['sourcehost'] != "" && !is_ipaddr($post['sourcehost'])) { + $input_errors[] = 'You must specify a valid IP address in the \'Source IP\' field'; } - $a_pkg = array(); - $a_pkg[0] = $pffconf; } ]]> </custom_php_global_functions> @@ -183,7 +175,4 @@ <custom_php_validation_command> validate_form_pfflowd($_POST, $input_errors); </custom_php_validation_command> - <custom_php_command_before_form> - cleanup_config_pfflowd(); - </custom_php_command_before_form> </packagegui> |