aboutsummaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorRyan Wagoner <rsw686@pfsense.org>2006-12-09 21:13:15 +0000
committerRyan Wagoner <rsw686@pfsense.org>2006-12-09 21:13:15 +0000
commit67f8148144eef81427977f96ab2a2902266ebd08 (patch)
tree26b3ce4d106484817102d389d856dced294a7581 /packages
parenta24a4b892ab43748529285254566ad48b05aed3e (diff)
downloadpfsense-packages-67f8148144eef81427977f96ab2a2902266ebd08.tar.gz
pfsense-packages-67f8148144eef81427977f96ab2a2902266ebd08.tar.bz2
pfsense-packages-67f8148144eef81427977f96ab2a2902266ebd08.zip
use rdr pass to simplify the rule creation process .. inform users of imspector log directory
Diffstat (limited to 'packages')
-rw-r--r--packages/imspector/imspector.inc34
-rw-r--r--packages/imspector/imspector.xml2
2 files changed, 17 insertions, 19 deletions
diff --git a/packages/imspector/imspector.inc b/packages/imspector/imspector.inc
index 3e7d6822..349d9976 100644
--- a/packages/imspector/imspector.inc
+++ b/packages/imspector/imspector.inc
@@ -26,12 +26,12 @@
}
function imspector_pf_rdr($iface, $port) {
- return "rdr on {$iface} inet proto tcp from any to any port = {$port} -> 127.0.0.1 port 16667\n";
+ return "rdr pass on {$iface} inet proto tcp from any to any port = {$port} -> 127.0.0.1 port 16667\n";
}
function imspector_pf_rule($iface, $port) {
return "pass in quick on {$iface} inet proto tcp from any to any port {$port} keep state\n";
- }
+ }
function imspector_proto_to_port ($proto)
{
@@ -86,22 +86,20 @@
$iface_array = explode(",",imspector_config("iface_array"));
if($iface_array && $proto_array) {
- for($i=1;$i<=2;$i++) {
- foreach($iface_array as $iface) {
- $if = convert_friendly_interface_to_real_interface_name($iface);
- /* above function returns iface if fail */
- if($if!=$iface) {
- $addr = find_interface_ip($if);
- /* non enabled interfaces are displayed in list on imspector settings page */
- /* check that the interface has an ip address before adding parameters */
- if($addr) {
- foreach($proto_array as $proto) {
- if($i==1 && imspector_proto_to_port($proto))
- $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto));
- elseif ($i==2 && imspector_proto_to_port($proto))
- $pf_rules .= imspector_pf_rule($if,imspector_proto_to_port($proto));
- }
- }
+ foreach($iface_array as $iface) {
+ $if = convert_friendly_interface_to_real_interface_name($iface);
+ /* above function returns iface if fail */
+ if($if!=$iface) {
+ $addr = find_interface_ip($if);
+ /* non enabled interfaces are displayed in list on imspector settings page */
+ /* check that the interface has an ip address before adding parameters */
+ if($addr) {
+ foreach($proto_array as $proto) {
+ if(imspector_proto_to_port($proto)) {
+ /* we can use rdr pass to auto create the filter rule */
+ $pf_rules .= imspector_pf_rdr($if,imspector_proto_to_port($proto));
+ }
+ }
}
}
}
diff --git a/packages/imspector/imspector.xml b/packages/imspector/imspector.xml
index d9a83227..8678b08f 100644
--- a/packages/imspector/imspector.xml
+++ b/packages/imspector/imspector.xml
@@ -57,7 +57,7 @@
<type>checkbox</type>
</field>
<field>
- <fielddescr>Enable file logging</fielddescr>
+ <fielddescr>Enable file logging (stored in /var/log/imspector)</fielddescr>
<fieldname>log_file</fieldname>
<type>checkbox</type>
</field>