diff options
| author | marcelloc <marcellocoutinho@gmail.com> | 2012-02-19 23:16:36 -0300 |
|---|---|---|
| committer | marcelloc <marcellocoutinho@gmail.com> | 2012-02-19 23:16:36 -0300 |
| commit | 3f62692c31084b72ab32b431c3fb96c902451b4f (patch) | |
| tree | 41f8d87c9403802355b0c0eedb39a62858427051 /config/pf-blocker/pfblocker.inc | |
| parent | a7cc8da3e24bc81d0c724dfd39f8e33047ef9614 (diff) | |
| download | pfsense-packages-3f62692c31084b72ab32b431c3fb96c902451b4f.tar.gz pfsense-packages-3f62692c31084b72ab32b431c3fb96c902451b4f.tar.bz2 pfsense-packages-3f62692c31084b72ab32b431c3fb96c902451b4f.zip | |
pfBlocker - fix alias array check before loop, fix duplicates on autmatic rules and update country lists
Diffstat (limited to 'config/pf-blocker/pfblocker.inc')
| -rwxr-xr-x | config/pf-blocker/pfblocker.inc | 74 |
1 files changed, 38 insertions, 36 deletions
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index 3472aea8..a5e6d880 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -364,7 +364,8 @@ function sync_package_pfblocker() { } } #update pfsense alias table - $aliases=$config['aliases']['alias']; + if (is_array($config['aliases']['alias'])) + $aliases=$config['aliases']['alias']; foreach($aliases as $cbalias){ if (preg_match("/pfBlocker/",$cbalias['name'])){ #mark pfctl aliastable for cleaning @@ -398,22 +399,21 @@ function sync_package_pfblocker() { #var_dump($deny_outbound); #var_dump($pfblocker_config['inbound_interface']); #print count($deny_inbound) .count($deny_inbound); - # Inbound filter options - $inbound_interface = $pfblocker_config['inbound_interface']; + $inbound_interfaces = explode(",",$pfblocker_config['inbound_interface']); if (count($deny_inbound) > 0 || count($permit_inbound) > 0){ - if($inbound_interface == "") + if($pfblocker_config['inbound_interface'] == "") $message="Unable to apply rules.Inbound Interface option not configured."; - if ($inbound_interface == "lo0") + if (in_array("lo0",$inbound_interfaces)) $message="Floating rules are not implemented in pfBlocker yet, choose Inbound Interface other than loopback or change action to Alias only."; } # Outbound filter options - $outbound_interface = $pfblocker_config['outbound_interface']; + $outbound_interfaces = explode(",",$pfblocker_config['outbound_interface']); if (count($deny_outbound) > 0 || count($permit_outbound) > 0){ - if($outbound_interface == "") + if($pfblocker_config['outbound_interface'] == "") $message="Unable to apply rules.Outbound Interface option not configured."; - if ($outbound_interface == "lo0") + if (in_array("lo0",$outbound_interfaces)) $message="Floating rules are not implemented in pfBlocker yet, choose Outbound Interface other than loopback or change action to Alias only."; } @@ -428,35 +428,37 @@ function sync_package_pfblocker() { #apply pfblocker rules if enabled #Inbound - if (preg_match("/$last_iface/",$inbound_interface)){ - #permit rules - if (is_array($permit_inbound)) - foreach ($permit_inbound as $cb_rules){ - $cb_rules['interface']=$rule['interface']; - $new_rules[]=$cb_rules; - } - #deny rules - if (is_array($deny_inbound)) - foreach ($deny_inbound as $cb_rules){ - $cb_rules['interface']=$rule['interface']; - $new_rules[]=$cb_rules; - } - } + foreach ($inbound_interfaces as $inbound_interface) + if ($inbound_interface==$last_iface){ + #permit rules + if (is_array($permit_inbound)) + foreach ($permit_inbound as $cb_rules){ + $cb_rules['interface']=$rule['interface']; + $new_rules[]=$cb_rules; + } + #deny rules + if (is_array($deny_inbound)) + foreach ($deny_inbound as $cb_rules){ + $cb_rules['interface']=$rule['interface']; + $new_rules[]=$cb_rules; + } + } #Outbound - if (preg_match("/$last_iface/",$outbound_interface)){ - #permit rules - if (is_array($permit_outbound)) - foreach ($permit_outbound as $cb_rules){ - $cb_rules['interface']=$rule['interface']; - $new_rules[]=$cb_rules; - } - #deny rules - if (is_array($deny_outbound)) - foreach ($deny_outbound as $cb_rules){ - $cb_rules['interface']=$rule['interface']; - $new_rules[]=$cb_rules; - } - } + foreach ($outbound_interfaces as $outbound_interface) + if ($outbound_interface==$last_iface){ + #permit rules + if (is_array($permit_outbound)) + foreach ($permit_outbound as $cb_rules){ + $cb_rules['interface']=$rule['interface']; + $new_rules[]=$cb_rules; + } + #deny rules + if (is_array($deny_outbound)) + foreach ($deny_outbound as $cb_rules){ + $cb_rules['interface']=$rule['interface']; + $new_rules[]=$cb_rules; + } + } } #include all rules that is not from pfBlocker if (!preg_match("/pfBlocker.*rule/",$rule['descr']) && ($rule['interface'] != "" || $rule['floating']=="yes")) |