diff options
| author | Charlie <root@testfbsd8.localdomain> | 2009-07-08 14:45:06 +0000 |
|---|---|---|
| committer | Charlie <root@testfbsd8.localdomain> | 2009-07-08 14:45:29 +0000 |
| commit | cc47995dd0b4f7a44c36a94d6f4feabddc418e12 (patch) | |
| tree | d54a022f4a72f025e16d50b6ab708b47e7fbecfe | |
| parent | dae4090094c2d03a8659d8a1c2e69763f06139bb (diff) | |
| download | pfsense-packages-cc47995dd0b4f7a44c36a94d6f4feabddc418e12.tar.gz pfsense-packages-cc47995dd0b4f7a44c36a94d6f4feabddc418e12.tar.bz2 pfsense-packages-cc47995dd0b4f7a44c36a94d6f4feabddc418e12.zip | |
Add needed code to packages to confirm to 2.0 rules for adding firewall rules. NOTE: other packages might need intervention but for now this is the neccessary minimum to remove dependency on pkg-utils.inc on filter.inc
| -rw-r--r-- | config/clamav.inc | 3 | ||||
| -rw-r--r-- | config/clamav.xml | 1 | ||||
| -rw-r--r-- | config/frickin/frickin.inc | 1 | ||||
| -rw-r--r-- | config/frickin/frickin.xml | 1 | ||||
| -rw-r--r-- | config/imspector/imspector.inc | 17 | ||||
| -rw-r--r-- | config/imspector/imspector.xml | 1 | ||||
| -rw-r--r-- | config/siproxd.inc | 3 | ||||
| -rw-r--r-- | config/siproxd.xml | 3 | ||||
| -rw-r--r-- | config/spamd.inc | 31 | ||||
| -rw-r--r-- | config/spamd.xml | 3 | ||||
| -rw-r--r-- | config/squid/squid.inc | 3 | ||||
| -rw-r--r-- | config/squid/squid.xml | 1 |
12 files changed, 62 insertions, 6 deletions
diff --git a/config/clamav.inc b/config/clamav.inc index 2e83888c..3aaaf71d 100644 --- a/config/clamav.inc +++ b/config/clamav.inc @@ -235,6 +235,7 @@ function clamav_generate_rules($type) { $rules .= "rdr on $iface proto tcp to port pop3 -> 127.0.0.1 port 8110\n"; break; case 'filter': + case 'rule': foreach ($ifaces as $iface) $rules .= "pass quick on $iface proto tcp to port pop3 flags S/SA keep state\n"; break; @@ -252,7 +253,7 @@ function clamav_generate_rules($type) { $rules .= "rdr on $iface proto tcp to ($iface) port smtp -> 127.0.0.1 port 10025\n"; } - else { + else if ($type == 'filer' || $type == 'rule') { foreach ($ifaces as $iface) $rules .= "pass quick on $iface proto tcp to ($iface) port smtp flags S/SA keep state\n"; } diff --git a/config/clamav.xml b/config/clamav.xml index 483a32a6..465c635a 100644 --- a/config/clamav.xml +++ b/config/clamav.xml @@ -127,4 +127,5 @@ <custom_php_install_command> clamav_install_command(); </custom_php_install_command> + <filter_rules_needed>clamav_generate_rules</filter_rules_needed> </packagegui> diff --git a/config/frickin/frickin.inc b/config/frickin/frickin.inc index 8b57b8ae..a79345bb 100644 --- a/config/frickin/frickin.inc +++ b/config/frickin/frickin.inc @@ -127,6 +127,7 @@ function frickin_generate_rules($type) { } break; case 'filter': + case 'rule': $ext_if = get_real_wan_interface(); $rules .= "pass out on $ext_if proto gre from any to any keep state\n"; $rules .= "pass in on $ext_if proto gre from any to any keep state\n"; diff --git a/config/frickin/frickin.xml b/config/frickin/frickin.xml index 497d4cd3..4d1d421d 100644 --- a/config/frickin/frickin.xml +++ b/config/frickin/frickin.xml @@ -86,4 +86,5 @@ <custom_php_deinstall_command> frickin_custom_php_deinstall_command(); </custom_php_deinstall_command> + <filter_rules_needed>frickin_generate_rules</filter_rules_needed> </packagegui> diff --git a/config/imspector/imspector.inc b/config/imspector/imspector.inc index 09974363..ea4458ce 100644 --- a/config/imspector/imspector.inc +++ b/config/imspector/imspector.inc @@ -104,6 +104,23 @@ //exec('pkg_delete imspector-0.4'); } + function imspector_generate_rules($type) { + + $rules = ""; + switch ($type) { + case 'rdr': + $rules = "# IMSpector rdr anchor\n"; + $rules .= "rdr-anchor \"imspector\"\n"; + break; + case 'rule': + $rules = "# IMSpector \n"; + $rules .= "anchor \"miniupnpd\"\n"; + break; + } + + return $rules; + } + function sync_package_imspector() { global $config; global $input_errors; diff --git a/config/imspector/imspector.xml b/config/imspector/imspector.xml index afdcdcf0..c7595b9a 100644 --- a/config/imspector/imspector.xml +++ b/config/imspector/imspector.xml @@ -218,4 +218,5 @@ <custom_php_deinstall_command> deinstall_package_imspector(); </custom_php_deinstall_command> + <filter_rules_needed>imspector_generate_rules</filter_rules_needed> </packagegui> diff --git a/config/siproxd.inc b/config/siproxd.inc index be1ac196..147eee31 100644 --- a/config/siproxd.inc +++ b/config/siproxd.inc @@ -73,6 +73,7 @@ function siproxd_generate_rules($type) { } break; case 'filter': + case 'rule': foreach ($ifaces as $iface) { $rules .= "# allow SIP signaling and RTP traffic\n"; $rules .= "pass in quick on {$iface} proto udp from any to any port = {$port}\n"; @@ -193,4 +194,4 @@ function sync_package_siproxd() { conf_mount_ro(); } -?>
\ No newline at end of file +?> diff --git a/config/siproxd.xml b/config/siproxd.xml index c79c722f..f4e1bd0b 100644 --- a/config/siproxd.xml +++ b/config/siproxd.xml @@ -170,4 +170,5 @@ </custom_add_php_command> <custom_php_resync_config_command> </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file + <filter_rules_needed>siproxd_generate_rules</filter_rules_needed> +</packagegui> diff --git a/config/spamd.inc b/config/spamd.inc index 3088d037..6ee72ad7 100644 --- a/config/spamd.inc +++ b/config/spamd.inc @@ -160,6 +160,35 @@ function sync_package_spamd() { log_error("SpamD setup completed"); } +function spamd_generate_rules($type) { + global $config; + + $natrules = ""; + switch($type) { + case 'rdr': + $natrules .= "\n# spam table \n"; + $wanif = $FilterIflist["wan"]['if']; + $natrules .= "table <whitelist> persist\n"; + $natrules .= "table <blacklist> persist\n"; + $natrules .= "table <spamd> persist\n"; + if(file_exists("/var/db/whitelist.txt")) + $natrules .= "table <spamd-white> persist file \"/var/db/whitelist.txt\"\n"; + $natrules .= "rdr pass on {$wanif} proto tcp from <blacklist> to port smtp -> 127.0.0.1 port spamd\n"; + $natrules .= "rdr pass on {$wanif} proto tcp from <spamd> to port smtp -> 127.0.0.1 port spamd\n"; + $natrules .= "rdr pass on {$wanif} proto tcp from !<spamd-white> to port smtp -> 127.0.0.1 port spamd\n"; + if($config['installedpackages']['spamdsettings']['config']) + foreach($config['installedpackages']['spamdsettings']['config'] as $ss) + $nextmta = $ss['nextmta']; + if($nextmta <> "") { + $natrules .= "rdr pass on {$wanif} proto tcp from <spamd-white> to port smtp -> {$nextmta} port smtp\n"; + } + + break; + } + + return $natrules; +} + function remove_spaces($string) { $string = str_replace(" ", "", $string); return $string; @@ -286,4 +315,4 @@ function spamd_validate_input($post, $input_errors) { } } -?>
\ No newline at end of file +?> diff --git a/config/spamd.xml b/config/spamd.xml index a065c0a8..5bbc5d71 100644 --- a/config/spamd.xml +++ b/config/spamd.xml @@ -207,4 +207,5 @@ <custom_php_deinstall_command> custom_php_deinstall_command(); </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file + <filter_rules_needed>spamd_generate_rules</filter_rules_needed> +</packagegui> diff --git a/config/squid/squid.inc b/config/squid/squid.inc index dbd8267f..4200f02e 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -1268,6 +1268,7 @@ function squid_generate_rules($type) { $rules .= "\n"; break; case 'filter': + case 'rule': foreach ($ifaces as $iface) { $rules .= "# Setup squid pass rules for proxy\n"; $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n"; @@ -1288,4 +1289,4 @@ function squid_generate_rules($type) { return $rules; } -?>
\ No newline at end of file +?> diff --git a/config/squid/squid.xml b/config/squid/squid.xml index a119e647..7f2c1627 100644 --- a/config/squid/squid.xml +++ b/config/squid/squid.xml @@ -330,4 +330,5 @@ squid_deinstall_command(); exec("/bin/rm -f /usr/local/etc/rc.d/squid*"); </custom_php_deinstall_command> + <filter_rules_needed>squid_generate_rules</filter_rules_needed> </packagegui> |