aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorrobscool <robrob2626@yahoo.com>2009-04-14 22:33:05 -0700
committerrobscool <robrob2626@yahoo.com>2009-04-14 22:33:05 -0700
commitba31b103f4a007298a5bbacd2dc601ab02ee381c (patch)
tree83aa55de5cdc513110a2983a34b8f200df0099fc /config
parent80c3b66c9c05630a8c42c12573ed84f50c5f1e07 (diff)
parentff7de863b4c1af89ff7c0a036e6a052ccadeccfb (diff)
downloadpfsense-packages-ba31b103f4a007298a5bbacd2dc601ab02ee381c.tar.gz
pfsense-packages-ba31b103f4a007298a5bbacd2dc601ab02ee381c.tar.bz2
pfsense-packages-ba31b103f4a007298a5bbacd2dc601ab02ee381c.zip
Merge commit 'mainline/master'
Diffstat (limited to 'config')
-rw-r--r--config/squid/squid.inc60
-rw-r--r--config/squid/squid_nac.xml4
-rw-r--r--config/squid3/squid_nac.xml4
-rw-r--r--config/tinydns/new_zone_wizard.xml29
-rw-r--r--config/tinydns/tinydns.inc59
-rw-r--r--config/tinydns/tinydns_domains.xml38
6 files changed, 143 insertions, 51 deletions
diff --git a/config/squid/squid.inc b/config/squid/squid.inc
index ed610205..113bc09f 100644
--- a/config/squid/squid.inc
+++ b/config/squid/squid.inc
@@ -1221,30 +1221,36 @@ function squid_generate_rules($type) {
switch($type) {
case 'nat':
$rules .= "\n# Setup Squid proxy redirect\n";
- if ($squid_conf['private_subnet_proxy_off'] == 'on') {
- foreach ($ifaces as $iface){
- $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n";
- }
- }
-
- if (!empty($squid_conf['defined_ip_proxy_off'])) {
- $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']);
- $exempt_ip = "";
- foreach ($defined_ip_proxy_off as $ip_proxy_off) {
- if(!empty($ip_proxy_off)) {
- $ip_proxy_off = trim($ip_proxy_off);
- $exempt_ip .= ", $ip_proxy_off";
- }
- }
- $exempt_ip = substr($exempt_ip,2);
- foreach ($ifaces as $iface){
- $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";
- }
- }
-
- foreach ($ifaces as $iface){
+ if ($squid_conf['private_subnet_proxy_off'] == 'on') {
+ foreach ($ifaces as $iface){
+ $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n";
+ }
+ }
+ if (!empty($squid_conf['defined_ip_proxy_off'])) {
+ $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']);
+ $exempt_ip = "";
+ foreach ($defined_ip_proxy_off as $ip_proxy_off) {
+ if(!empty($ip_proxy_off)) {
+ $ip_proxy_off = trim($ip_proxy_off);
+ $exempt_ip .= ", $ip_proxy_off";
+ }
+ }
+ $exempt_ip = substr($exempt_ip,2);
+ foreach ($ifaces as $iface) {
+ $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n";
+ }
+ }
+ foreach ($ifaces as $iface) {
$rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
- };
+ }
+ /* Handle PPPOE case */
+ if($config['pppoe']['mode'] == "off") {
+ $rules .= "rdr on \$pppoe proto tcp from any to !(\$pppoe) port 80 -> 127.0.0.1 port 80\n";
+ }
+ /* Handle PPTP case */
+ if($config['pptpd']['mode'] != "off") {
+ $rules .= "rdr on \$pptp proto tcp from any to !(\$pptp) port 80 -> 127.0.0.1 port 80\n";
+ }
$rules .= "\n";
break;
case 'filter':
@@ -1253,7 +1259,13 @@ function squid_generate_rules($type) {
$rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n";
$rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n";
$rules .= "\n";
- };
+ };
+ if($config['pppoe']['mode'] == "off") {
+ $rules .= "pass in quick on \$pppoe proto tcp from any to !(\$pppoe) port $port flags S/SA keep state\n";
+ }
+ if($config['pptpd']['mode'] != "off") {
+ $rules .= "pass in quick on \$pptp proto tcp from any to !(\$pptp) port $port flags S/SA keep state\n";
+ }
break;
default:
break;
diff --git a/config/squid/squid_nac.xml b/config/squid/squid_nac.xml
index e0489f8e..a61471ec 100644
--- a/config/squid/squid_nac.xml
+++ b/config/squid/squid_nac.xml
@@ -111,7 +111,7 @@
<field>
<fielddescr>Whitelist</fielddescr>
<fieldname>whitelist</fieldname>
- <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.</description>
+ <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. You also can use regular expressions.</description>
<type>textarea</type>
<cols>50</cols>
<rows>5</rows>
@@ -120,7 +120,7 @@
<field>
<fielddescr>Blacklist</fielddescr>
<fieldname>blacklist</fieldname>
- <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy.</description>
+ <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description>
<type>textarea</type>
<cols>50</cols>
<rows>5</rows>
diff --git a/config/squid3/squid_nac.xml b/config/squid3/squid_nac.xml
index 73c4cae5..56e3fa8b 100644
--- a/config/squid3/squid_nac.xml
+++ b/config/squid3/squid_nac.xml
@@ -111,7 +111,7 @@
<field>
<fielddescr>Whitelist</fielddescr>
<fieldname>whitelist</fieldname>
- <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.</description>
+ <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. You also can use regular expressions.</description>
<type>textarea</type>
<cols>50</cols>
<rows>5</rows>
@@ -120,7 +120,7 @@
<field>
<fielddescr>Blacklist</fielddescr>
<fieldname>blacklist</fieldname>
- <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy.</description>
+ <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description>
<type>textarea</type>
<cols>50</cols>
<rows>5</rows>
diff --git a/config/tinydns/new_zone_wizard.xml b/config/tinydns/new_zone_wizard.xml
index 82d8d62b..0f75291f 100644
--- a/config/tinydns/new_zone_wizard.xml
+++ b/config/tinydns/new_zone_wizard.xml
@@ -92,7 +92,7 @@
<name>Mail exchanger record IP address</name>
<type>input</type>
<arraynum>1</arraynum>
- <description>Enter the IP address of your Mail exchanger (MX) - (example: 9.10.11.12)</description>
+ <description>Enter the IP address of your Mail exchanger (MX) - (not needed if hostname above is in a different domain)</description>
</field>
<field>
<name>First A record (optional)</name>
@@ -151,12 +151,14 @@
<![CDATA[
$changed = false;
-
+
if($_POST['domainname'] and $_POST['primarynameserver']) {
$tmp = array();
$tmp['hostname'] = $_POST['domainname'];
- $tmp['recordtype'] = "SOA";
+ $tmp['recordtype'] = "SOA";
$tmp['ipaddress'] = $_POST['primarynameserver'];
+ if(!preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/",$tmp['ipaddress']) && substr($tmp['ipaddress'],-1) != ".")
+ $tmp['ipaddress'] = $tmp['ipaddress'] . ".";
$config['installedpackages']['tinydnsdomains']['config'][] = $tmp;
unset($tmp);
$changed = true;
@@ -167,6 +169,8 @@
$tmp['hostname'] = $_POST['domainname'];
$tmp['recordtype'] = "SOA";
$tmp['ipaddress'] = $_POST['secondarynameserver'];
+ if(!preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/",$tmp['ipaddress']) && substr($tmp['ipaddress'],-1) != ".")
+ $tmp['ipaddress'] = $tmp['ipaddress'] . ".";
$config['installedpackages']['tinydnsdomains']['config'][] = $tmp;
unset($tmp);
$changed = true;
@@ -202,13 +206,26 @@
$changed = true;
}
- if($_POST['mailexchangerrecordipaddress'] and $_POST['mailexchangerrecordhostname']) {
+ if($_POST['mailexchangerrecordhostname']) {
$tmp = array();
- $tmp['hostname'] = $_POST['mailexchangerrecordhostname'];
+ $tmp['hostname'] = $_POST['domainname'];
$tmp['recordtype'] = "MX";
- $tmp['ipaddress'] = $_POST['secondarecordipaddress'];
+ $tmp['ipaddress'] = $_POST['mailexchangerrecordhostname'];
+ if(substr($tmp['ipaddress'],-1) != ".")
+ $tmp['ipaddress'] = $tmp['ipaddress'] . ".";
+ $config['installedpackages']['tinydnsdomains']['config'][] = $tmp;
unset($tmp);
$changed = true;
+
+ if($_POST['mailexchangerrecordipaddress']) {
+ $tmp = array();
+ $tmp['hostname'] = $_POST['mailexchangerrecordhostname'];
+ $tmp['recordtype'] = "A";
+ $tmp['ipaddress'] = $_POST['mailexchangerrecordipaddress'];
+ $config['installedpackages']['tinydnsdomains']['config'][] = $tmp;
+ unset($tmp);
+ $changed = true;
+ }
}
if($changed) {
diff --git a/config/tinydns/tinydns.inc b/config/tinydns/tinydns.inc
index 24de1cab..ead705e6 100644
--- a/config/tinydns/tinydns.inc
+++ b/config/tinydns/tinydns.inc
@@ -431,6 +431,7 @@ function tinydns_create_zone_file() {
$hostname = $domain['hostname'];
$ipaddress = $domain['ipaddress'];
$ttl = $domain['ttl'];
+ $dist = $domain['dist'];
/* check record status, if it is down request
* backup server if defined.
*/
@@ -446,7 +447,7 @@ function tinydns_create_zone_file() {
log_error("tinydns_get_backup_record returned $ipaddress ");
}
}
- $record_data = tinydns_get_rowline_data($ipaddress, $domain['recordtype'], $ttl, $hostname, $domain['rdns']);
+ $record_data = tinydns_get_rowline_data($ipaddress, $domain['recordtype'], $ttl, $hostname, $domain['rdns'], $dist);
if($record_data)
fwrite($fd, $record_data . "\n");
/* process load balanced items */
@@ -588,12 +589,15 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) {
/* formats data as a tinydns data row item */
/* A full description of the data format is available at 'man tinydns-data' */
-function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns) {
+function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns, $dist) {
if($ttl)
$ttl_string = ":{$ttl}";
else
$ttl_string = "";
+
switch ($recordtype) {
+
+ /* Note that some of these are simplistic versions of TinyDNS record handling. Uber-users can always do "raw" entries... */
case "SOA":
$record_data = ".{$hostname}::{$recordip}{$ttl_string}";
break;
@@ -601,7 +605,7 @@ function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns
$record_data = "&{$hostname}:{$recordip}{$ttl_string}";
break;
case "MX":
- $record_data = "@{$hostname}:{$recordip}::{$ttl_string}";
+ $record_data = "@{$hostname}::{$recordip}:{$dist}{$ttl_string}";
break;
case "PTR":
/* "^" creates "PTR" record only to allow reverse DNS */
@@ -619,9 +623,36 @@ function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns
$record_data = "C{$hostname}:{$recordip}{$ttl_string}";
break;
case "TXT":
- /* "'" creates "TXT" record that can be used for SPF */
- $record_data = "'{$hostname}:{$recordip}{$ttl_string}";
+ /* "'" creates "TXT" record */
+ /* ":" creates a generic record entry, (and record code 16 below makes it a TXT record) */
+ /* Q: Why bother with generic? */
+ /* A: TinyDNS TXT records get split up every 127 chars and some clients have trouble re-assembling them. */
+ /* TinyDNS generic records allow up to the maximum DNS record size of 255 chars but it is a hard limit, no splitting of larger strings */
+ /* ...so try to always create the best record for the need */
+
+ /* Initial cleanup required for TXT records in TinyDNS where we substitute Octal escape codes for certain chars*/
+ $saferecordip = str_replace(":", "\\072", $recordip);
+ $saferecordip = str_replace(" ", "\\040", $saferecordip);
+ $saferecordip = str_replace("\r", "\\015", $saferecordip);
+ $saferecordip = str_replace("\n", "\\012", $saferecordip);
+
+ /* Logically this should be comparing against 127 and 255 but PHP has a boundary error? */
+ /* Boundary errors or not, 128 and 256 at least evaluate properly!!! */
+ /* Also note that reclen checks against the original string and not the "safe" one we generated above. */
+ $reclen = mb_strlen($recordip, '8bit');
+ if($reclen > 128 && $reclen <= 256) {
+ /* TinyDNS generic records require an escaped Octal string length padded to three chars before the actual string! */
+ /* The logic here shouldn't ever require padding but including it anyway in case somebody changes code down the road */
+ $reclen = str_pad(decoct($reclen),3,"0",STR_PAD_LEFT);
+ $record_data = ":{$hostname}:16:\\{$reclen}{$saferecordip}{$ttl_string}";
+ } else {
+ $record_data = "'{$hostname}:{$saferecordip}{$ttl_string}";
+ }
break;
+ case "raw":
+ /* We don't know or care what is in a raw entry, just pass it along as-is */
+ $record_data = "{$recordip}";
+ break;
}
return $record_data;
}
@@ -961,4 +992,22 @@ EOD;
fclose($fr);
}
+function tinydns_cleanup_addedit_form_record() {
+ /* Clean some things up and simplify per limited subset of TinyDNS record syntax before saving. */
+ if((($_POST['recordtype'] == "SOA") || ($_POST['recordtype'] == "NS") || ($_POST['recordtype'] == "MX")) && substr($_POST['ipaddress'],-1) != ".")
+ $_POST['ipaddress'] = $_POST['ipaddress'] . ".";
+
+ if($_POST['recordtype'] == "TXT") {
+ /* TinyDNS provides surrounding quotes for TXT records automatically so we check & remove them here */
+ if(substr($_POST['ipaddress'],-1) == "\"")
+ $_POST['ipaddress'] = substr($_POST['ipaddress'],0,-1);
+ if(substr($_POST['ipaddress'],0,1) == "\"")
+ $_POST['ipaddress'] = substr($_POST['ipaddress'],1);
+ if(substr($_POST['ipaddress'],0,5) == "v=spf") {
+ /* more cleanup specific to SPF records - strip newlines and carriage returns) */
+ $_POST['ipaddress'] = str_replace("\r", "", $_POST['ipaddress']);
+ $_POST['ipaddress'] = str_replace("\n", "", $_POST['ipaddress']);
+ }
+ }
+}
?> \ No newline at end of file
diff --git a/config/tinydns/tinydns_domains.xml b/config/tinydns/tinydns_domains.xml
index 3e313511..19468213 100644
--- a/config/tinydns/tinydns_domains.xml
+++ b/config/tinydns/tinydns_domains.xml
@@ -37,7 +37,7 @@
*/
/* ========================================================================== */
]]>
- </copyright>
+ </copyright>
<description>Describe your package here</description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
@@ -75,11 +75,11 @@
<configpath>installedpackages->package->tinydnsdomains</configpath>
<adddeleteeditpagefields>
<columnitem>
- <fielddescr>Fully Qualified Domain Name (Hostname)</fielddescr>
+ <fielddescr>Record Name</fielddescr>
<fieldname>hostname</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Record type</fielddescr>
+ <fielddescr>Record Type</fielddescr>
<fieldname>recordtype</fieldname>
</columnitem>
<columnitem>
@@ -87,9 +87,13 @@
<fieldname>rdns</fieldname>
</columnitem>
<columnitem>
- <fielddescr>IP Address</fielddescr>
+ <fielddescr>Record Data</fielddescr>
<fieldname>ipaddress</fieldname>
</columnitem>
+ <columnitem>
+ <fielddescr>TTL</fielddescr>
+ <fieldname>ttl</fieldname>
+ </columnitem>
</adddeleteeditpagefields>
<fields>
<field>
@@ -98,7 +102,7 @@
<fieldname>temp</fieldname>
</field>
<field>
- <fielddescr>Hostname or FQDN www.exampledomain.com</fielddescr>
+ <fielddescr>Record Name (Hostname or FQDN. E.g. www.exampledomain.com)</fielddescr>
<fieldname>hostname</fieldname>
<description>The DNS server will supply Records for the Fully Qualified Domain Name that is entered</description>
<type>input</type>
@@ -106,9 +110,9 @@
<required/>
</field>
<field>
- <fielddescr>Record type</fielddescr>
+ <fielddescr>Record Type</fielddescr>
<fieldname>recordtype</fieldname>
- <description>DNS Record types. A, PTR, MX, NS, SOA, TXT, CNAME</description>
+ <description>Supported Record types: A, PTR, MX, NS, SOA, TXT, CNAME, raw ("raw" allows direct entry of a complete TinyDNS record in the FQDN field below)</description>
<type>select</type>
<size>1</size>
<required/>
@@ -121,18 +125,25 @@
<option><name>PTR</name><value>PTR</value></option>
<option><name>CNAME</name><value>CNAME</value></option>
<option><name>TXT</name><value>TXT</value></option>
+ <option><name>raw</name><value>raw</value></option>
</options>
</field>
<field>
- <fielddescr> FQDN or IP Address</fielddescr>
+ <fielddescr>Record Data (FQDN, IP Address, or "raw" TinyDNS record)</fielddescr>
<fieldname>ipaddress</fieldname>
- <description>IP Address for A Records. FQDN or Hostname for SOA, PTR, CNAME Records. For NS Records an IP:FQDN</description>
+ <description>Use IP Address for A Records - FQDN or Hostname for SOA, PTR, CNAME Records - NS Records use colon-separated IP and FQDN, e.g. 1.2.3.4:mydomain.com</description>
<type>input</type>
- <size>40</size>
+ <size>80</size>
<required/>
</field>
<field>
- <fielddescr>DNS record time to live</fielddescr>
+ <fielddescr>MX priority (only used for MX records)</fielddescr>
+ <fieldname>dist</fieldname>
+ <type>input</type>
+ <size>4</size>
+ </field>
+ <field>
+ <fielddescr>DNS record time to live (in seconds)</fielddescr>
<fieldname>ttl</fieldname>
<type>input</type>
<size>35</size>
@@ -212,8 +223,11 @@
tinydns_setup_ping_items();
tinydns_sync_on_changes();
</custom_delete_php_command>
+ <custom_php_validation_command>
+ tinydns_cleanup_addedit_form_record();
+ </custom_php_validation_command>
<custom_add_php_command>
- log_error("Begin tinydns add");
+ log_error("Begin tinydns add");
tinydns_create_zone_file();
log_error("Zone file done.");
tinydns_setup_ping_items();