aboutsummaryrefslogtreecommitdiffstats
path: root/packages/freenas/pkg
diff options
context:
space:
mode:
authorDaniel Stefan Haischt <dsh@pfsense.org>2007-01-21 00:06:40 +0000
committerDaniel Stefan Haischt <dsh@pfsense.org>2007-01-21 00:06:40 +0000
commita4f7ab6ec229d15aa6b7606516090b73ba50ff2a (patch)
treeff18ccf1b6390df0a0c18048a0b20605d822ae66 /packages/freenas/pkg
parent7dc2b787ba8f5380774a00d10a0c75a4005f01be (diff)
downloadpfsense-packages-a4f7ab6ec229d15aa6b7606516090b73ba50ff2a.tar.gz
pfsense-packages-a4f7ab6ec229d15aa6b7606516090b73ba50ff2a.tar.bz2
pfsense-packages-a4f7ab6ec229d15aa6b7606516090b73ba50ff2a.zip
* results of a coding binge ...
Diffstat (limited to 'packages/freenas/pkg')
-rw-r--r--packages/freenas/pkg/freenas_services.inc90
-rw-r--r--packages/freenas/pkg/freenas_utils.inc1
2 files changed, 81 insertions, 10 deletions
diff --git a/packages/freenas/pkg/freenas_services.inc b/packages/freenas/pkg/freenas_services.inc
index 5c206413..1bd9b980 100644
--- a/packages/freenas/pkg/freenas_services.inc
+++ b/packages/freenas/pkg/freenas_services.inc
@@ -40,8 +40,9 @@
*/
/* ========================================================================== */
-define (FTP_BACKEND_PAM, "pam");
-define (FTP_BACKEND_PLAINTEXT, "plaintext");
+define ("FTP_BACKEND_PAM", "pam");
+define ("FTP_BACKEND_PLAINTEXT", "plaintext");
+define ("NFS_SERVICE_PORTS", "111 2049");
$freenas_config =& $config['installedpackages']['freenas']['config'][0];
@@ -410,12 +411,26 @@ function services_nfs_configure() {
return 1;
}
- list($network,$subnet) =
- explode('/', $freenas_config['nfs']['nfsnetwork']);
-
- $subnet = gen_subnet_mask($subnet);
$a_mount = &$freenas_config['mounts']['mount'];
+ /* TODO: ATM network authorization does not work on a per mount basis */
+ if (is_array($freenas_config['nfs']['nfsnetwork'])) {
+ $a_nfsnetworks = array();
+ $pfnetworks = array();
+
+ foreach ($freenas_config['nfs']['nfsnetwork'] as $netel) {
+ list($network,$subnet) =
+ explode('/', $netel);
+
+ $subnet = gen_subnet_mask($subnet);
+ $a_nfsnetworks[] = "-network {$network} -mask {$subnet}";
+ $pfnetworks[] = $network;
+ }
+
+ $nfsnetworks_str = implode(' ', $a_nfsnetworks);
+ services_setup_transparency_for("nfs", implode(" ", $pfnetworks));
+ }
+
foreach ($a_mount as $mount) {
/* -mapall and -maproot mutually exclusive */
$mapping = $freenas_config['nfs']['mapall'] == "yes" ? "-mapall=root" : "-maproot=root";
@@ -425,28 +440,83 @@ function services_nfs_configure() {
EOD;
$nfsconf .= <<<EOD
--network {$network} -mask $subnet
+{$nfsnetworks_str}
EOD;
} // end foreach
+
fwrite($fd, $nfsconf);
fclose($fd);
/* run rpcbind, nfsd and mountd */
- mwexec("/usr/sbin/rpcbind");
- mwexec("/usr/sbin/nfsd -u -t -n 4");
+ mwexec("/usr/sbin/rpcbind -h {$freenas_config['nfs']['bindto']}");
+ mwexec("/usr/sbin/nfsd -h {$freenas_config['nfs']['bindto']} -u -t -n 4");
mwexec("/usr/sbin/mountd -r {$g['varetc_path']}/exports");
mwexec("/usr/sbin/rpc.lockd");
mwexec("/usr/sbin/rpc.statd");
if ($g['booting']) { echo "done\n"; }
- } // end if
+ } else {
+ services_remove_transparency_for("nfs");
+ }// end if
return 0;
}
+function services_remove_transparency_for($whom) {
+ $service_result = mwexec ("pfctl -a \"passin-package-freenas-{$whom}\" -F rules");
+ if($service_result <> 0) {
+ file_notice("FREENAS", "There were error(s) flushing the exclude table", "FREENAS", "");
+ }
+}
+
+function services_setup_transparency_for($whom, $networks) {
+ global $config, $freenas_config;
+
+ if ($whom == "" || $networks == "") { return; }
+
+ $generatedLANSubnet = gen_subnet($config['interfaces']['lan']['ipaddr'],
+ $config['interfaces']['lan']['subnet']);
+ $aliases = "";
+
+ /* stolen from filter.inc */
+ $real_wanif = get_real_wan_interface();
+ $wanip = find_interface_ip($real_wanif);
+
+ $wan_aliases = " " . link_ip_to_carp_interface($wanip);
+
+ if (link_int_to_bridge_interface("wan"))
+ $wan_aliases .= " " . link_int_to_bridge_interface("wan");
+
+ if ($config['interfaces']['wan']['ipaddr'] == "pppoe" or $config['interfaces']['wan']['ipaddr'] == "pptp") {
+ $aliases .= "ng0 = \"{ {$config['interfaces']['wan']['if']} {$real_wanif} }\" \n";
+ $aliases .= "wan = \"{ {$config['interfaces']['wan']['if']} {$wan_aliases} ng0 }\"\n";
+ } else {
+ $aliases .= "wan = \"{ {$real_wanif} {$wan_aliases} }\"\n";
+ }
+
+ $trans_file = fopen("/tmp/freenas-{$whom}.rules","w");
+ fwrite($trans_file, "{$aliases}\n");
+
+ switch ($whom) {
+ case "nfs":
+ $nfs_ports = explode(" ", NFS_SERVICE_PORTS);
+
+ foreach ($nfs_ports as $port) {
+ fwrite($trans_file, "pass in quick on \$wan proto { tcp udp } from { {$networks} } to {$freenas_config['nfs']['bindto']} port = {$port} keep state label \"FreeNAS related rule for {$whom}-{$port}\"\n");
+ }
+ break;
+ }
+ fclose($trans_file);
+ $service_result = mwexec ("pfctl -a \"passin-package-freenas-{$whom}\" -f /tmp/freenas-{$whom}.rules");
+ if($service_result <> 0) {
+ file_notice("FREENAS", "There were error(s) loading the transparency rules", "FREENAS", "");
+ }
+ //add_trans_table($whom);
+}
+
function services_ftpd_configure() {
global $freenas_config, $g;
// services_vsftpd_configure();
diff --git a/packages/freenas/pkg/freenas_utils.inc b/packages/freenas/pkg/freenas_utils.inc
index 1e812412..6e5d8872 100644
--- a/packages/freenas/pkg/freenas_utils.inc
+++ b/packages/freenas/pkg/freenas_utils.inc
@@ -585,6 +585,7 @@ function get_ata_disks_list() {
if ($dmesgtab[0]!="" && (strcasecmp($dmesgtab[0],$diskname) == 0) &&
strcmp($dmesgtab[1],"DMA") !=0) {
$disklist[$diskname]['size'] = $dmesgtab[1];
+ }
} // end if
} // end foreach
} // end if