diff options
author | Ryan Wagoner <rsw686@pfsense.org> | 2006-12-09 21:13:15 +0000 |
---|---|---|
committer | Ryan Wagoner <rsw686@pfsense.org> | 2006-12-09 21:13:15 +0000 |
commit | 67f8148144eef81427977f96ab2a2902266ebd08 (patch) | |
tree | 26b3ce4d106484817102d389d856dced294a7581 /packages | |
parent | a24a4b892ab43748529285254566ad48b05aed3e (diff) | |
download | pfsense-packages-67f8148144eef81427977f96ab2a2902266ebd08.tar.gz pfsense-packages-67f8148144eef81427977f96ab2a2902266ebd08.tar.bz2 pfsense-packages-67f8148144eef81427977f96ab2a2902266ebd08.zip |
use rdr pass to simplify the rule creation process .. inform users of imspector log directory
Diffstat (limited to 'packages')
-rw-r--r-- | packages/imspector/imspector.inc | 34 | ||||
-rw-r--r-- | packages/imspector/imspector.xml | 2 |
2 files changed, 17 insertions, 19 deletions
diff --git a/packages/imspector/imspector.inc b/packages/imspector/imspector.inc index 3e7d6822..349d9976 100644 --- a/packages/imspector/imspector.inc +++ b/packages/imspector/imspector.inc @@ -26,12 +26,12 @@ } function imspector_pf_rdr($iface, $port) { - return "rdr on {$iface} inet proto tcp from any to any port = {$port} -> 127.0.0.1 port 16667\n"; + return "rdr pass on {$iface} inet proto tcp from any to any port = {$port} -> 127.0.0.1 port 16667\n"; } function imspector_pf_rule($iface, $port) { return "pass in quick on {$iface} inet proto tcp from any to any port {$port} keep state\n"; - } + } function imspector_proto_to_port ($proto) { @@ -86,22 +86,20 @@ $iface_array = explode(",",imspector_config("iface_array")); if($iface_array && $proto_array) { - for($i=1;$i<=2;$i++) { - foreach($iface_array as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - /* above function returns iface if fail */ - if($if!=$iface) { - $addr = find_interface_ip($if); - /* non enabled interfaces are displayed in list on imspector settings page */ - /* check that the interface has an ip address before adding parameters */ - if($addr) { - foreach($proto_array as $proto) { - if($i==1 && imspector_proto_to_port($proto)) - $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto)); - elseif ($i==2 && imspector_proto_to_port($proto)) - $pf_rules .= imspector_pf_rule($if,imspector_proto_to_port($proto)); - } - } + foreach($iface_array as $iface) { + $if = convert_friendly_interface_to_real_interface_name($iface); + /* above function returns iface if fail */ + if($if!=$iface) { + $addr = find_interface_ip($if); + /* non enabled interfaces are displayed in list on imspector settings page */ + /* check that the interface has an ip address before adding parameters */ + if($addr) { + foreach($proto_array as $proto) { + if(imspector_proto_to_port($proto)) { + /* we can use rdr pass to auto create the filter rule */ + $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto)); + } + } } } } diff --git a/packages/imspector/imspector.xml b/packages/imspector/imspector.xml index d9a83227..8678b08f 100644 --- a/packages/imspector/imspector.xml +++ b/packages/imspector/imspector.xml @@ -57,7 +57,7 @@ <type>checkbox</type> </field> <field> - <fielddescr>Enable file logging</fielddescr> + <fielddescr>Enable file logging (stored in /var/log/imspector)</fielddescr> <fieldname>log_file</fieldname> <type>checkbox</type> </field> |