diff options
author | stilez <stilezy@gmail.com> | 2014-02-17 22:47:06 +0000 |
---|---|---|
committer | stilez <stilezy@gmail.com> | 2014-02-17 22:47:06 +0000 |
commit | 4b06e8adc9bc8ddd25de359b0d6d130e853483b5 (patch) | |
tree | 0dc145067bb0dc8050ef3c6a1b8347e16a4245e1 /config | |
parent | ad6e7cb89edbb0849eda4516cb0976fb877bc397 (diff) | |
download | pfsense-packages-4b06e8adc9bc8ddd25de359b0d6d130e853483b5.tar.gz pfsense-packages-4b06e8adc9bc8ddd25de359b0d6d130e853483b5.tar.bz2 pfsense-packages-4b06e8adc9bc8ddd25de359b0d6d130e853483b5.zip |
Add PERMIT BOTH option, and minor enhancements
1) Add PERMIT ALL as a list type (allows whitelisting without alias->multiple manual rules)
2) Fix typo "beggining"
3) Improve SWITCH-CASE code flows in 2 places (avoid dup. code)
4) Improve explanatory text for deny/permit
Files modified:
"pfblocker.inc"
"pfblocker_lists.xml"
Diffstat (limited to 'config')
-rwxr-xr-x | config/pf-blocker/pfblocker.inc | 36 |
1 files changed, 12 insertions, 24 deletions
diff --git a/config/pf-blocker/pfblocker.inc b/config/pf-blocker/pfblocker.inc index c40d742e..9740dce5 100755 --- a/config/pf-blocker/pfblocker.inc +++ b/config/pf-blocker/pfblocker.inc @@ -167,15 +167,6 @@ function sync_package_pfblocker($cron="") { #Create rule if action permits switch($continent_config['action']){ case "Deny_Both": - $rule = $base_rule; - $rule["type"] = $deny_action_inbound; - $rule["descr"]= "$pfb_alias auto rule"; - $rule["source"]= array("address"=> $pfb_alias); - $rule["destination"]=array("any"=>""); - if ($pfblocker_config['enable_log']){ - $rule["log"]=""; - } - $deny_inbound[]=$rule; case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; @@ -185,8 +176,9 @@ function sync_package_pfblocker($cron="") { if ($pfblocker_config['enable_log']){ $rule["log"]=""; } - $deny_outbound[]=$rule; - break; + $deny_outbound[]=$rule; + if ($continent_config['action'] != "Deny_Both") + break; case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; @@ -198,6 +190,7 @@ function sync_package_pfblocker($cron="") { } $deny_inbound[]=$rule; break; + case "Permit_Both": case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -208,7 +201,8 @@ function sync_package_pfblocker($cron="") { $rule["log"]=""; } $permit_outbound[]=$rule; - break; + if ($continent_config['action'] != "Permit_Both") + break; case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -317,15 +311,6 @@ function sync_package_pfblocker($cron="") { #Create rule if action permits switch($list['action']){ case "Deny_Both": - $rule = $base_rule; - $rule["type"] = $deny_action_inbound; - $rule["descr"]= "$alias auto rule"; - $rule["source"]= array("address"=> $alias); - $rule["destination"]=array("any"=>""); - if ($pfblocker_config['enable_log']){ - $rule["log"]=""; - } - $deny_inbound[]=$rule; case "Deny_Outbound": $rule = $base_rule; $rule["type"] = $deny_action_outbound; @@ -335,8 +320,9 @@ function sync_package_pfblocker($cron="") { if ($pfblocker_config['enable_log']){ $rule["log"]=""; } - $deny_outbound[]=$rule; - break; + $deny_outbound[]=$rule; + if ($list['action'] != "Deny_Both") + break; case "Deny_Inbound": $rule = $base_rule; $rule["type"] = $deny_action_inbound; @@ -348,6 +334,7 @@ function sync_package_pfblocker($cron="") { } $deny_inbound[]=$rule; break; + case "Permit_Both": case "Permit_Outbound": $rule = $base_rule; $rule["type"] = "pass"; @@ -358,7 +345,8 @@ function sync_package_pfblocker($cron="") { $rule["log"]=""; } $permit_outbound[]=$rule; - break; + if ($list['action'] != "Permit_Both") + break; case "Permit_Inbound": $rule = $base_rule; $rule["type"] = "pass"; |