aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordoktornotor <notordoktor@gmail.com>2015-11-15 22:46:44 +0100
committerdoktornotor <notordoktor@gmail.com>2015-11-15 22:46:44 +0100
commit12a4ff878a41e407aa1a446fb5b6a757c6207706 (patch)
tree539bbada0a3d893484a4e01375e87dffaee703da
parent89572c6d988823d5869feec700295c930d14fdbe (diff)
downloadpfsense-packages-12a4ff878a41e407aa1a446fb5b6a757c6207706.tar.gz
pfsense-packages-12a4ff878a41e407aa1a446fb5b6a757c6207706.tar.bz2
pfsense-packages-12a4ff878a41e407aa1a446fb5b6a757c6207706.zip
pfflowd - add privileges configuration, fixes and cleanups
- Add privileges configuration - Add Enable checkbox instead of using the foreach() hack - Validate Source IP as well
-rw-r--r--config/pfflowd/pfflowd.xml149
1 files changed, 69 insertions, 80 deletions
diff --git a/config/pfflowd/pfflowd.xml b/config/pfflowd/pfflowd.xml
index 44294d69..25a68a2c 100644
--- a/config/pfflowd/pfflowd.xml
+++ b/config/pfflowd/pfflowd.xml
@@ -42,138 +42,130 @@
]]>
</copyright>
<name>pfflowd</name>
- <version>1.0.3</version>
- <title>pfflowd: Settings</title>
- <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml&amp;id=0</aftersaveredirect>
+ <version>1.0.4</version>
+ <title>Services: pfflowd Settings</title>
+ <aftersaveredirect>pkg_edit.php?xml=pfflowd.xml</aftersaveredirect>
<menu>
<name>pfflowd</name>
<tooltiptext>Modify pfflowd settings.</tooltiptext>
<section>Services</section>
<configfile>pfflowd.xml</configfile>
- <url>/pkg_edit.php?xml=pfflowd.xml&amp;id=0</url>
+ <url>/pkg_edit.php?xml=pfflowd.xml</url>
</menu>
<service>
<name>pfflowd</name>
<rcfile>pfflowd.sh</rcfile>
<executable>pfflowd</executable>
+ <description>Netflow Export Daemon</description>
</service>
<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
+ <additional_files_needed>
+ <prefix>/etc/inc/priv/</prefix>
+ <item>https://packages.pfsense.org/packages/config/pfflowd/pfflowd.priv.inc</item>
+ </additional_files_needed>
<fields>
<field>
- <fielddescr>Host</fielddescr>
+ <fielddescr>Enable pfflowd</fielddescr>
+ <fieldname>enabled</fieldname>
+ <description>Check this to enable pfflowd daemon.</description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <fielddescr>Destination Host</fielddescr>
<fieldname>host</fieldname>
- <description>Specify the host that datagrams are to be sent to.</description>
+ <description>Specify the IP address of the host that datagrams are to be sent to.</description>
<type>input</type>
+ <required/>
</field>
<field>
- <fielddescr>Port</fielddescr>
+ <fielddescr>Destination Port</fielddescr>
<fieldname>port</fieldname>
<description>Enter the port that datagrams are to be sent to.</description>
<type>input</type>
+ <required/>
</field>
<field>
- <fielddescr>Source Hostname/IP</fielddescr>
+ <fielddescr>Source IP</fielddescr>
<fieldname>sourcehost</fieldname>
- <description>Specify the hostname or IP address that datagrams are to be sent from. The hostname/IP must be local to this system.</description>
+ <description>
+ <![CDATA[
+ Specify the IP address that datagrams are to be sent from. <strong>The IP must be local to this system.</strong>
+ ]]>
+ </description>
<type>input</type>
</field>
<field>
- <fielddescr>pf rule direction restriction</fielddescr>
+ <fielddescr>pf Rule Direction Restriction</fielddescr>
<fieldname>direction</fieldname>
<description>Restrict creation of flow records to states matching a certain direction (in, out, or any).</description>
<type>select</type>
<options>
- <option>
- <name>Any</name>
- <value>any</value>
- </option>
- <option>
- <name>In</name>
- <value>in</value>
- </option>
- <option>
- <name>Out</name>
- <value>out</value>
- </option>
+ <option><name>Any</name><value>any</value></option>
+ <option><name>In</name><value>in</value></option>
+ <option><name>Out</name><value>out</value></option>
</options>
</field>
<field>
- <fielddescr>Netflow version</fielddescr>
+ <fielddescr>Netflow Version</fielddescr>
<fieldname>version</fieldname>
<description>Select which version of the NetFlow protocol to use.</description>
<type>select</type>
<options>
- <option>
- <name>9</name>
- <value>9</value>
- </option>
- <option>
- <name>5</name>
- <value>5</value>
- </option>
- <option>
- <name>1</name>
- <value>1</value>
- </option>
+ <option><name>9</name><value>9</value></option>
+ <option><name>5</name><value>5</value></option>
+ <option><name>1</name><value>1</value></option>
</options>
</field>
</fields>
<custom_php_global_functions>
<![CDATA[
function sync_package_pfflowd() {
- conf_mount_rw();
global $config;
- foreach ($config['installedpackages']['pfflowd']['config'] as $cf) {
- if ($cf['host'] != "") {
- $start = "\n/sbin/ifconfig pfsync0 up\n";
- $start .= "/usr/local/sbin/pfflowd ";
- $start .= " -n {$cf['host']}";
- if ($cf['port'] != "") {
- $start .= ":{$cf['port']}";
- }
- if (!empty($cf['sourcehost'])) {
- $start .= " -s {$cf['sourcehost']} ";
- }
- if ($cf['direction'] != "") {
- $start .= " -S {$cf['direction']}";
- }
- if ($cf['version'] != "") {
- $start .= " -v {$cf['version']}";
- }
- write_rcfile(array(
- "file" => "pfflowd.sh",
- "start" => $start,
- "stop" => "/usr/bin/killall pfflowd"
- )
- );
+ conf_mount_rw();
+ if (is_array($config['installedpackages']['pfflowd']['config'])) {
+ $cf = $config['installedpackages']['pfflowd']['config'][0];
+ } else {
+ $cf = array();
+ }
+ if ($cf['enabled'] == "on") {
+ $start = "\n/sbin/ifconfig pfsync0 up\n";
+ $start .= "/usr/local/sbin/pfflowd ";
+ $start .= " -n {$cf['host']}";
+ $start .= ":{$cf['port']}";
+ if (!empty($cf['sourcehost'])) {
+ $start .= " -s {$cf['sourcehost']} ";
+ }
+ if ($cf['direction'] != "") {
+ $start .= " -S {$cf['direction']}";
+ }
+ if ($cf['version'] != "") {
+ $start .= " -v {$cf['version']}";
+ }
+ write_rcfile(array("file" => "pfflowd.sh", "start" => $start, "stop" => "/usr/bin/killall pfflowd"));
+ if (is_service_running("pfflowd")) {
restart_service("pfflowd");
- break;
+ } else {
+ start_service("pfflowd");
+ }
+ } else {
+ if (is_service_running("pfflowd")) {
+ stop_service("pfflowd");
}
+ unlink_if_exists("/usr/local/etc/rc.d/pfflowd.sh");
}
conf_mount_ro();
}
function validate_form_pfflowd($post, &$input_errors) {
- if (($post['host'] == "") || !is_ipaddr($post['host'])) {
- $input_errors[] = 'You must specify a valid ip address in the \'Host\' field';
+ if ($post['host'] != "" && !is_ipaddr($post['host'])) {
+ $input_errors[] = 'You must specify a valid IP address in the \'Destination Host\' field';
}
- if (($post['port'] == "") || !is_port($post['port'])) {
- $input_errors[] = 'You must specify a valid port number in the \'Port\' field';
+ if ($post['port'] != "" && !is_port($post['port'])) {
+ $input_errors[] = 'You must specify a valid port number in the \'Destination Port\' field';
}
- }
-
- function cleanup_config_pfflowd() {
- global $a_pkg;
- $pffconf = array();
- if (is_array($a_pkg)) {
- foreach($a_pkg as $cf) {
- if ($cf['host'] != "") {
- $pffconf = $cf;
- }
- }
+ if ($post['sourcehost'] != "" && !is_ipaddr($post['sourcehost'])) {
+ $input_errors[] = 'You must specify a valid IP address in the \'Source IP\' field';
}
- $a_pkg = array();
- $a_pkg[0] = $pffconf;
}
]]>
</custom_php_global_functions>
@@ -183,7 +175,4 @@
<custom_php_validation_command>
validate_form_pfflowd($_POST, $input_errors);
</custom_php_validation_command>
- <custom_php_command_before_form>
- cleanup_config_pfflowd();
- </custom_php_command_before_form>
</packagegui>